* [OE-core][kirkstone 00/15] Patch review
@ 2022-06-19 19:30 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-06-19 19:30 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3799
The following changes since commit 0f7a8359ba370c7f5d5153453ed699e9566f5b1d:
rootfs.py: close kernel_abi_ver_file (2022-06-10 05:13:53 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Jack Mitchell (1):
meson.bbclass: add cython binary to cross/native toolchain config
Jose Quaresma (2):
archiver: use bb.note instead of echo
archiver: don't use machine variables in shared recipes
Kai Kang (1):
xxhash: fix build with gcc 12
Mingli Yu (1):
oescripts: change compare logic in OEListPackageconfigTests
Pavel Zhukov (1):
systemd: update 0008-add-missing-FTW_-macros-for-musl.patch
Rasmus Villemoes (1):
e2fsprogs: add alternatives handling of lsattr as well
Richard Purdie (5):
vim: Upgrade 8.2.5034 -> 8.2.5083
uboot-sign: Fix potential index error issues
selftest/multiconfig: Test that multiconfigs in separate layers works
gcc-source: Fix incorrect task dependencies from ${B}
liberror-perl: Update sstate/equiv versions to clean cache
Xiaobing Luo (1):
devtool: Fix _copy_file() TypeError
Yi Zhao (2):
popt: fix override syntax in RDEPENDS
git: fix override syntax in RDEPENDS
meta-selftest/conf/multiconfig/muslmc.conf | 2 ++
meta/classes/archiver.bbclass | 11 ++++++++---
meta/classes/meson.bbclass | 2 ++
meta/classes/uboot-sign.bbclass | 2 ++
meta/lib/oeqa/selftest/cases/multiconfig.py | 13 +++++++++++++
meta/lib/oeqa/selftest/cases/oescripts.py | 3 ++-
.../0008-add-missing-FTW_-macros-for-musl.patch | 8 ++++----
meta/recipes-devtools/e2fsprogs/e2fsprogs_1.46.5.bb | 5 ++++-
meta/recipes-devtools/gcc/gcc-common.inc | 2 +-
meta/recipes-devtools/gcc/gcc-source.inc | 1 +
meta/recipes-devtools/git/git_2.35.3.bb | 2 +-
meta/recipes-devtools/perl/liberror-perl_0.17029.bb | 4 ++++
meta/recipes-support/popt/popt_1.18.bb | 2 +-
meta/recipes-support/vim/vim.inc | 4 ++--
meta/recipes-support/xxhash/xxhash_0.8.1.bb | 2 ++
scripts/lib/devtool/standard.py | 2 +-
16 files changed, 50 insertions(+), 15 deletions(-)
create mode 100644 meta-selftest/conf/multiconfig/muslmc.conf
--
2.25.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2022-07-27 0:40 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 01/15] lua: Backport fix for CVE-2022-33099 Steve Sakoman
` (14 more replies)
0 siblings, 15 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3979
The following changes since commit f1c2e21a28f8ad5dc6ff7b0db877aa22e01a9e00:
pulseaudio: add m4-native to DEPENDS (2022-07-17 16:59:57 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (1):
gnupg: update 2.3.4 -> 2.3.6
Joshua Watt (1):
sstatesig: Include all dependencies in SPDX task signatures
Khem Raj (2):
lua: Backport fix for CVE-2022-33099
gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so
Ming Liu (1):
rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}
Naveen (1):
gcc: Backport a fix for gcc bug 105039
Richard Purdie (1):
vim: Upgrade 9.0.0021 -> 9.0.0063
Sakib Sajal (3):
dpkg: fix CVE-2022-1664
go: update v1.17.10 -> v1.17.12
git: upgrade v2.35.3 -> v2.35.4
Tom Hochstein (1):
gobject-introspection-data: Disable cache for g-ir-scanner
Yi Zhao (1):
tiff: Security fixes CVE-2022-1354 and CVE-2022-1355
Yue Tao (1):
gnupg: upgrade to 2.3.7 to fix CVE-2022-34903
wangmy (2):
bind: upgrade 9.18.2 -> 9.18.3
bind: upgrade 9.18.3 -> 9.18.4
.../gobject-introspection-data.bbclass | 5 +
meta/classes/rootfs-postcommands.bbclass | 2 +-
meta/lib/oe/sstatesig.py | 9 +
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.2 => bind-9.18.4}/bind9 | 0
.../{bind-9.18.2 => bind-9.18.4}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.2.bb => bind_9.18.4.bb} | 2 +-
...ive-Prevent-directory-traversal-for-.patch | 328 ++++++++++++++++++
meta/recipes-devtools/dpkg/dpkg_1.21.4.bb | 1 +
meta/recipes-devtools/gcc/gcc-11.3.inc | 2 +-
meta/recipes-devtools/gcc/gcc-runtime.inc | 3 +-
.../gcc/gcc/0030-rust-recursion-limit.patch | 92 +++++
.../git/{git_2.35.3.bb => git_2.35.4.bb} | 2 +-
.../go/{go-1.17.10.inc => go-1.17.12.inc} | 2 +-
...1.17.10.bb => go-binary-native_1.17.12.bb} | 4 +-
....17.10.bb => go-cross-canadian_1.17.12.bb} | 0
...o-cross_1.17.10.bb => go-cross_1.17.12.bb} | 0
...ssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} | 0
...native_1.17.10.bb => go-native_1.17.12.bb} | 0
...ntime_1.17.10.bb => go-runtime_1.17.12.bb} | 0
.../go/{go_1.17.10.bb => go_1.17.12.bb} | 0
.../lua/lua/CVE-2022-33099.patch | 61 ++++
meta/recipes-devtools/lua/lua_5.4.4.bb | 1 +
.../gobject-introspection_1.72.0.bb | 3 -
.../libtiff/tiff/CVE-2022-1354.patch | 212 +++++++++++
.../libtiff/tiff/CVE-2022-1355.patch | 62 ++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
...-a-custom-value-for-the-location-of-.patch | 6 +-
.../0003-dirmngr-uses-libgpg-error.patch | 29 --
.../gnupg/gnupg/relocate.patch | 18 +-
.../gnupg/{gnupg_2.3.4.bb => gnupg_2.3.7.bb} | 3 +-
.../vim/files/crosscompile.patch | 51 +++
meta/recipes-support/vim/files/racefix.patch | 12 +-
meta/recipes-support/vim/vim.inc | 9 +-
40 files changed, 860 insertions(+), 61 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.4}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.2.bb => bind_9.18.4.bb} (98%)
create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch
create mode 100644 meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch
rename meta/recipes-devtools/git/{git_2.35.3.bb => git_2.35.4.bb} (98%)
rename meta/recipes-devtools/go/{go-1.17.10.inc => go-1.17.12.inc} (92%)
rename meta/recipes-devtools/go/{go-binary-native_1.17.10.bb => go-binary-native_1.17.12.bb} (83%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.17.10.bb => go-cross-canadian_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.17.10.bb => go-cross_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-native_1.17.10.bb => go-native_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.17.10.bb => go-runtime_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go_1.17.10.bb => go_1.17.12.bb} (100%)
create mode 100644 meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
delete mode 100644 meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
rename meta/recipes-support/gnupg/{gnupg_2.3.4.bb => gnupg_2.3.7.bb} (95%)
create mode 100644 meta/recipes-support/vim/files/crosscompile.patch
--
2.25.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 01/15] lua: Backport fix for CVE-2022-33099
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 02/15] tiff: Security fixes CVE-2022-1354 and CVE-2022-1355 Steve Sakoman
` (13 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
Fixes stack overflow while handling recurring errors in Lua-stack
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit caad9d5f7184f0fa60fa7770e5d3da3f533647cb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../lua/lua/CVE-2022-33099.patch | 61 +++++++++++++++++++
meta/recipes-devtools/lua/lua_5.4.4.bb | 1 +
2 files changed, 62 insertions(+)
create mode 100644 meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
diff --git a/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch b/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
new file mode 100644
index 0000000000..fe7b6065c2
--- /dev/null
+++ b/meta/recipes-devtools/lua/lua/CVE-2022-33099.patch
@@ -0,0 +1,61 @@
+From 42d40581dd919fb134c07027ca1ce0844c670daf Mon Sep 17 00:00:00 2001
+From: Roberto Ierusalimschy <roberto@inf.puc-rio.br>
+Date: Fri, 20 May 2022 13:14:33 -0300
+Subject: [PATCH] Save stack space while handling errors
+
+Because error handling (luaG_errormsg) uses slots from EXTRA_STACK,
+and some errors can recur (e.g., string overflow while creating an
+error message in 'luaG_runerror', or a C-stack overflow before calling
+the message handler), the code should use stack slots with parsimony.
+
+This commit fixes the bug "Lua-stack overflow when C stack overflows
+while handling an error".
+
+CVE: CVE-2022-33099
+
+Upstream-Status: Backport [https://github.com/lua/lua/commit/42d40581dd919fb134c07027ca1ce0844c670daf]
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ ldebug.c | 5 ++++-
+ lvm.c | 6 ++++--
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+--- a/src/ldebug.c
++++ b/src/ldebug.c
+@@ -824,8 +824,11 @@ l_noret luaG_runerror (lua_State *L, con
+ va_start(argp, fmt);
+ msg = luaO_pushvfstring(L, fmt, argp); /* format message */
+ va_end(argp);
+- if (isLua(ci)) /* if Lua function, add source:line information */
++ if (isLua(ci)) { /* if Lua function, add source:line information */
+ luaG_addinfo(L, msg, ci_func(ci)->p->source, getcurrentline(ci));
++ setobjs2s(L, L->top - 2, L->top - 1); /* remove 'msg' from the stack */
++ L->top--;
++ }
+ luaG_errormsg(L);
+ }
+
+--- a/src/lvm.c
++++ b/src/lvm.c
+@@ -656,8 +656,10 @@ void luaV_concat (lua_State *L, int tota
+ /* collect total length and number of strings */
+ for (n = 1; n < total && tostring(L, s2v(top - n - 1)); n++) {
+ size_t l = vslen(s2v(top - n - 1));
+- if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl))
++ if (l_unlikely(l >= (MAX_SIZE/sizeof(char)) - tl)) {
++ L->top = top - total; /* pop strings to avoid wasting stack */
+ luaG_runerror(L, "string length overflow");
++ }
+ tl += l;
+ }
+ if (tl <= LUAI_MAXSHORTLEN) { /* is result a short string? */
+@@ -672,7 +674,7 @@ void luaV_concat (lua_State *L, int tota
+ setsvalue2s(L, top - n, ts); /* create result */
+ }
+ total -= n-1; /* got 'n' strings to create 1 new */
+- L->top -= n-1; /* popped 'n' strings and pushed one */
++ L->top = top - (n - 1); /* popped 'n' strings and pushed one */
+ } while (total > 1); /* repeat until only 1 result left */
+ }
+
diff --git a/meta/recipes-devtools/lua/lua_5.4.4.bb b/meta/recipes-devtools/lua/lua_5.4.4.bb
index 6f2cea5314..0b2e754b31 100644
--- a/meta/recipes-devtools/lua/lua_5.4.4.bb
+++ b/meta/recipes-devtools/lua/lua_5.4.4.bb
@@ -7,6 +7,7 @@ HOMEPAGE = "http://www.lua.org/"
SRC_URI = "http://www.lua.org/ftp/lua-${PV}.tar.gz;name=tarballsrc \
file://lua.pc.in \
file://CVE-2022-28805.patch \
+ file://CVE-2022-33099.patch \
${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'http://www.lua.org/tests/lua-${PV_testsuites}-tests.tar.gz;name=tarballtest file://run-ptest ', '', d)} \
"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 02/15] tiff: Security fixes CVE-2022-1354 and CVE-2022-1355
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 01/15] lua: Backport fix for CVE-2022-33099 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 03/15] dpkg: fix CVE-2022-1664 Steve Sakoman
` (12 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Yi Zhao <yi.zhao@windriver.com>
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-1354
https://security-tracker.debian.org/tracker/CVE-2022-1354
https://nvd.nist.gov/vuln/detail/CVE-2022-1355
https://security-tracker.debian.org/tracker/CVE-2022-1355
Patches from:
CVE-2022-1354:
https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798
CVE-2022-1355:
https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libtiff/tiff/CVE-2022-1354.patch | 212 ++++++++++++++++++
.../libtiff/tiff/CVE-2022-1355.patch | 62 +++++
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 2 +
3 files changed, 276 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
new file mode 100644
index 0000000000..71b85cac10
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1354.patch
@@ -0,0 +1,212 @@
+From 87881e093691a35c60b91cafed058ba2dd5d9807 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 5 Dec 2021 14:37:46 +0100
+Subject: [PATCH] TIFFReadDirectory: fix OJPEG hack (fixes #319)
+
+to avoid having the size of the strip arrays inconsistent with the
+number of strips returned by TIFFNumberOfStrips(), which may cause
+out-ouf-bounds array read afterwards.
+
+One of the OJPEG hack that alters SamplesPerPixel may influence the
+number of strips. Hence compute tif_dir.td_nstrips only afterwards.
+
+CVE: CVE-2022-1354
+
+Upstream-Status: Backport
+[https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ libtiff/tif_dirread.c | 162 ++++++++++++++++++++++--------------------
+ 1 file changed, 83 insertions(+), 79 deletions(-)
+
+diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c
+index 8f434ef5..14c031d1 100644
+--- a/libtiff/tif_dirread.c
++++ b/libtiff/tif_dirread.c
+@@ -3794,50 +3794,7 @@ TIFFReadDirectory(TIFF* tif)
+ MissingRequired(tif,"ImageLength");
+ goto bad;
+ }
+- /*
+- * Setup appropriate structures (by strip or by tile)
+- */
+- if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
+- tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif);
+- tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth;
+- tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip;
+- tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth;
+- tif->tif_flags &= ~TIFF_ISTILED;
+- } else {
+- tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif);
+- tif->tif_flags |= TIFF_ISTILED;
+- }
+- if (!tif->tif_dir.td_nstrips) {
+- TIFFErrorExt(tif->tif_clientdata, module,
+- "Cannot handle zero number of %s",
+- isTiled(tif) ? "tiles" : "strips");
+- goto bad;
+- }
+- tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips;
+- if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)
+- tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel;
+- if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) {
+-#ifdef OJPEG_SUPPORT
+- if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) &&
+- (isTiled(tif)==0) &&
+- (tif->tif_dir.td_nstrips==1)) {
+- /*
+- * XXX: OJPEG hack.
+- * If a) compression is OJPEG, b) it's not a tiled TIFF,
+- * and c) the number of strips is 1,
+- * then we tolerate the absence of stripoffsets tag,
+- * because, presumably, all required data is in the
+- * JpegInterchangeFormat stream.
+- */
+- TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS);
+- } else
+-#endif
+- {
+- MissingRequired(tif,
+- isTiled(tif) ? "TileOffsets" : "StripOffsets");
+- goto bad;
+- }
+- }
++
+ /*
+ * Second pass: extract other information.
+ */
+@@ -4042,41 +3999,6 @@ TIFFReadDirectory(TIFF* tif)
+ } /* -- if (!dp->tdir_ignore) */
+ } /* -- for-loop -- */
+
+- if( tif->tif_mode == O_RDWR &&
+- tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 &&
+- tif->tif_dir.td_stripoffset_entry.tdir_count == 0 &&
+- tif->tif_dir.td_stripoffset_entry.tdir_type == 0 &&
+- tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 &&
+- tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 &&
+- tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 &&
+- tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 &&
+- tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0 )
+- {
+- /* Directory typically created with TIFFDeferStrileArrayWriting() */
+- TIFFSetupStrips(tif);
+- }
+- else if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) )
+- {
+- if( tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 )
+- {
+- if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripoffset_entry),
+- tif->tif_dir.td_nstrips,
+- &tif->tif_dir.td_stripoffset_p))
+- {
+- goto bad;
+- }
+- }
+- if( tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 )
+- {
+- if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripbytecount_entry),
+- tif->tif_dir.td_nstrips,
+- &tif->tif_dir.td_stripbytecount_p))
+- {
+- goto bad;
+- }
+- }
+- }
+-
+ /*
+ * OJPEG hack:
+ * - If a) compression is OJPEG, and b) photometric tag is missing,
+@@ -4147,6 +4069,88 @@ TIFFReadDirectory(TIFF* tif)
+ }
+ }
+
++ /*
++ * Setup appropriate structures (by strip or by tile)
++ * We do that only after the above OJPEG hack which alters SamplesPerPixel
++ * and thus influences the number of strips in the separate planarconfig.
++ */
++ if (!TIFFFieldSet(tif, FIELD_TILEDIMENSIONS)) {
++ tif->tif_dir.td_nstrips = TIFFNumberOfStrips(tif);
++ tif->tif_dir.td_tilewidth = tif->tif_dir.td_imagewidth;
++ tif->tif_dir.td_tilelength = tif->tif_dir.td_rowsperstrip;
++ tif->tif_dir.td_tiledepth = tif->tif_dir.td_imagedepth;
++ tif->tif_flags &= ~TIFF_ISTILED;
++ } else {
++ tif->tif_dir.td_nstrips = TIFFNumberOfTiles(tif);
++ tif->tif_flags |= TIFF_ISTILED;
++ }
++ if (!tif->tif_dir.td_nstrips) {
++ TIFFErrorExt(tif->tif_clientdata, module,
++ "Cannot handle zero number of %s",
++ isTiled(tif) ? "tiles" : "strips");
++ goto bad;
++ }
++ tif->tif_dir.td_stripsperimage = tif->tif_dir.td_nstrips;
++ if (tif->tif_dir.td_planarconfig == PLANARCONFIG_SEPARATE)
++ tif->tif_dir.td_stripsperimage /= tif->tif_dir.td_samplesperpixel;
++ if (!TIFFFieldSet(tif, FIELD_STRIPOFFSETS)) {
++#ifdef OJPEG_SUPPORT
++ if ((tif->tif_dir.td_compression==COMPRESSION_OJPEG) &&
++ (isTiled(tif)==0) &&
++ (tif->tif_dir.td_nstrips==1)) {
++ /*
++ * XXX: OJPEG hack.
++ * If a) compression is OJPEG, b) it's not a tiled TIFF,
++ * and c) the number of strips is 1,
++ * then we tolerate the absence of stripoffsets tag,
++ * because, presumably, all required data is in the
++ * JpegInterchangeFormat stream.
++ */
++ TIFFSetFieldBit(tif, FIELD_STRIPOFFSETS);
++ } else
++#endif
++ {
++ MissingRequired(tif,
++ isTiled(tif) ? "TileOffsets" : "StripOffsets");
++ goto bad;
++ }
++ }
++
++ if( tif->tif_mode == O_RDWR &&
++ tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 &&
++ tif->tif_dir.td_stripoffset_entry.tdir_count == 0 &&
++ tif->tif_dir.td_stripoffset_entry.tdir_type == 0 &&
++ tif->tif_dir.td_stripoffset_entry.tdir_offset.toff_long8 == 0 &&
++ tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 &&
++ tif->tif_dir.td_stripbytecount_entry.tdir_count == 0 &&
++ tif->tif_dir.td_stripbytecount_entry.tdir_type == 0 &&
++ tif->tif_dir.td_stripbytecount_entry.tdir_offset.toff_long8 == 0 )
++ {
++ /* Directory typically created with TIFFDeferStrileArrayWriting() */
++ TIFFSetupStrips(tif);
++ }
++ else if( !(tif->tif_flags&TIFF_DEFERSTRILELOAD) )
++ {
++ if( tif->tif_dir.td_stripoffset_entry.tdir_tag != 0 )
++ {
++ if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripoffset_entry),
++ tif->tif_dir.td_nstrips,
++ &tif->tif_dir.td_stripoffset_p))
++ {
++ goto bad;
++ }
++ }
++ if( tif->tif_dir.td_stripbytecount_entry.tdir_tag != 0 )
++ {
++ if (!TIFFFetchStripThing(tif,&(tif->tif_dir.td_stripbytecount_entry),
++ tif->tif_dir.td_nstrips,
++ &tif->tif_dir.td_stripbytecount_p))
++ {
++ goto bad;
++ }
++ }
++ }
++
+ /*
+ * Make sure all non-color channels are extrasamples.
+ * If it's not the case, define them as such.
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
new file mode 100644
index 0000000000..e59f5aad55
--- /dev/null
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-1355.patch
@@ -0,0 +1,62 @@
+From fb1db384959698edd6caeea84e28253d272a0f96 Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 2 Apr 2022 22:33:31 +0200
+Subject: [PATCH] tiffcp: avoid buffer overflow in "mode" string (fixes #400)
+
+CVE: CVE-2022-1355
+
+Upstream-Status: Backport
+[https://gitlab.com/libtiff/libtiff/-/commit/c1ae29f9ebacd29b7c3e0c7db671af7db3584bc2]
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ tools/tiffcp.c | 25 ++++++++++++++++++++-----
+ 1 file changed, 20 insertions(+), 5 deletions(-)
+
+diff --git a/tools/tiffcp.c b/tools/tiffcp.c
+index fd129bb7..8d944ff6 100644
+--- a/tools/tiffcp.c
++++ b/tools/tiffcp.c
+@@ -274,19 +274,34 @@ main(int argc, char* argv[])
+ deftilewidth = atoi(optarg);
+ break;
+ case 'B':
+- *mp++ = 'b'; *mp = '\0';
++ if (strlen(mode) < (sizeof(mode) - 1))
++ {
++ *mp++ = 'b'; *mp = '\0';
++ }
+ break;
+ case 'L':
+- *mp++ = 'l'; *mp = '\0';
++ if (strlen(mode) < (sizeof(mode) - 1))
++ {
++ *mp++ = 'l'; *mp = '\0';
++ }
+ break;
+ case 'M':
+- *mp++ = 'm'; *mp = '\0';
++ if (strlen(mode) < (sizeof(mode) - 1))
++ {
++ *mp++ = 'm'; *mp = '\0';
++ }
+ break;
+ case 'C':
+- *mp++ = 'c'; *mp = '\0';
++ if (strlen(mode) < (sizeof(mode) - 1))
++ {
++ *mp++ = 'c'; *mp = '\0';
++ }
+ break;
+ case '8':
+- *mp++ = '8'; *mp = '\0';
++ if (strlen(mode) < (sizeof(mode)-1))
++ {
++ *mp++ = '8'; *mp = '\0';
++ }
+ break;
+ case 'x':
+ pageInSeq = 1;
+--
+2.25.1
+
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index c2d4b35d49..149516508f 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -19,6 +19,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://0005-fix-the-FPE-in-tiffcrop-393.patch \
file://0006-fix-heap-buffer-overflow-in-tiffcp-278.patch \
file://0001-fix-the-FPE-in-tiffcrop-415-427-and-428.patch \
+ file://CVE-2022-1354.patch \
+ file://CVE-2022-1355.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 03/15] dpkg: fix CVE-2022-1664
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 01/15] lua: Backport fix for CVE-2022-33099 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 02/15] tiff: Security fixes CVE-2022-1354 and CVE-2022-1355 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 04/15] bind: upgrade 9.18.2 -> 9.18.3 Steve Sakoman
` (11 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Sakib Sajal <sakib.sajal@windriver.com>
Backport patch to fix CVE-2022-1664.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ive-Prevent-directory-traversal-for-.patch | 328 ++++++++++++++++++
meta/recipes-devtools/dpkg/dpkg_1.21.4.bb | 1 +
2 files changed, 329 insertions(+)
create mode 100644 meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch
diff --git a/meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch b/meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch
new file mode 100644
index 0000000000..d249d854fb
--- /dev/null
+++ b/meta/recipes-devtools/dpkg/dpkg/0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch
@@ -0,0 +1,328 @@
+From 6d8a6799639f8853a2af1f9036bc70fddbfdd2a2 Mon Sep 17 00:00:00 2001
+From: Guillem Jover <guillem@debian.org>
+Date: Tue, 3 May 2022 02:09:32 +0200
+Subject: [PATCH] Dpkg::Source::Archive: Prevent directory traversal for
+ in-place extracts
+
+For untrusted v2 and v3 source package formats that include a debian.tar
+archive, when we are extracting it, we do that as an in-place extraction,
+which can lead to directory traversal situations on specially crafted
+orig.tar and debian.tar tarballs.
+
+GNU tar replaces entries on the filesystem by the entries present on
+the tarball, but it will follow symlinks when the symlink pathname
+itself is not present as an actual directory on the tarball.
+
+This means we can create an orig.tar where there's a symlink pointing
+out of the source tree root directory, and then a debian.tar that
+contains an entry within that symlink as if it was a directory, without
+a directory entry for the symlink pathname itself, which will be
+extracted following the symlink outside the source tree root.
+
+This is currently noted as expected in GNU tar documentation. But even
+if there was a new extraction mode avoiding this problem we'd need such
+new version. Using perl's Archive::Tar would solve the problem, but
+switching to such different pure perl implementation, could cause
+compatibility or performance issues.
+
+What we do is when we are requested to perform an in-place extract, we
+instead still use a temporary directory, then walk that directory and
+remove any matching entry in the destination directory, replicating what
+GNU tar would do, but in addition avoiding the directory traversal issue
+for symlinks. Which should work with any tar implementation and be safe.
+
+Reported-by: Max Justicz <max@justi.cz>
+Stable-Candidates: 1.18.x 1.19.x 1.20.x
+Fixes: commit 0c0057a27fecccab77d2b3cffa9a7d172846f0b4 (1.14.17)
+Fixes: CVE-2022-1664
+
+CVE: CVE-2022-1664
+Upstream-Status: Backport [7a6c03cb34d4a09f35df2f10779cbf1b70a5200b]
+
+Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
+---
+ scripts/Dpkg/Source/Archive.pm | 122 +++++++++++++++++++++++++-------
+ scripts/t/Dpkg_Source_Archive.t | 110 +++++++++++++++++++++++++++-
+ 2 files changed, 204 insertions(+), 28 deletions(-)
+
+diff --git a/scripts/Dpkg/Source/Archive.pm b/scripts/Dpkg/Source/Archive.pm
+index 33c181b20..2ddd04af8 100644
+--- a/scripts/Dpkg/Source/Archive.pm
++++ b/scripts/Dpkg/Source/Archive.pm
+@@ -21,9 +21,11 @@ use warnings;
+ our $VERSION = '0.01';
+
+ use Carp;
++use Errno qw(ENOENT);
+ use File::Temp qw(tempdir);
+ use File::Basename qw(basename);
+ use File::Spec;
++use File::Find;
+ use Cwd;
+
+ use Dpkg ();
+@@ -110,19 +112,13 @@ sub extract {
+ my %spawn_opts = (wait_child => 1);
+
+ # Prepare destination
+- my $tmp;
+- if ($opts{in_place}) {
+- $spawn_opts{chdir} = $dest;
+- $tmp = $dest; # So that fixperms call works
+- } else {
+- my $template = basename($self->get_filename()) . '.tmp-extract.XXXXX';
+- unless (-e $dest) {
+- # Kludge so that realpath works
+- mkdir($dest) or syserr(g_('cannot create directory %s'), $dest);
+- }
+- $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP => 1);
+- $spawn_opts{chdir} = $tmp;
++ my $template = basename($self->get_filename()) . '.tmp-extract.XXXXX';
++ unless (-e $dest) {
++ # Kludge so that realpath works
++ mkdir($dest) or syserr(g_('cannot create directory %s'), $dest);
+ }
++ my $tmp = tempdir($template, DIR => Cwd::realpath("$dest/.."), CLEANUP => 1);
++ $spawn_opts{chdir} = $tmp;
+
+ # Prepare stuff that handles the input of tar
+ $self->ensure_open('r', delete_sig => [ 'PIPE' ]);
+@@ -145,22 +141,94 @@ sub extract {
+ # have to be calculated using mount options and other madness.
+ fixperms($tmp) unless $opts{no_fixperms};
+
+- # Stop here if we extracted in-place as there's nothing to move around
+- return if $opts{in_place};
+-
+- # Rename extracted directory
+- opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp);
+- my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh);
+- closedir($dir_dh);
+- my $done = 0;
+- erasedir($dest);
+- if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) {
+- rename("$tmp/$entries[0]", $dest)
+- or syserr(g_('unable to rename %s to %s'),
+- "$tmp/$entries[0]", $dest);
++ # If we are extracting "in-place" do not remove the destination directory.
++ if ($opts{in_place}) {
++ my $canon_basedir = Cwd::realpath($dest);
++ # On Solaris /dev/null points to /devices/pseudo/mm@0:null.
++ my $canon_devnull = Cwd::realpath('/dev/null');
++ my $check_symlink = sub {
++ my $pathname = shift;
++ my $canon_pathname = Cwd::realpath($pathname);
++ if (not defined $canon_pathname) {
++ return if $! == ENOENT;
++
++ syserr(g_("pathname '%s' cannot be canonicalized"), $pathname);
++ }
++ return if $canon_pathname eq $canon_devnull;
++ return if $canon_pathname eq $canon_basedir;
++ return if $canon_pathname =~ m{^\Q$canon_basedir/\E};
++ warning(g_("pathname '%s' points outside source root (to '%s')"),
++ $pathname, $canon_pathname);
++ };
++
++ my $move_in_place = sub {
++ my $relpath = File::Spec->abs2rel($File::Find::name, $tmp);
++ my $destpath = File::Spec->catfile($dest, $relpath);
++
++ my ($mode, $atime, $mtime);
++ lstat $File::Find::name
++ or syserr(g_('cannot get source pathname %s metadata'), $File::Find::name);
++ ((undef) x 2, $mode, (undef) x 5, $atime, $mtime) = lstat _;
++ my $src_is_dir = -d _;
++
++ my $dest_exists = 1;
++ if (not lstat $destpath) {
++ if ($! == ENOENT) {
++ $dest_exists = 0;
++ } else {
++ syserr(g_('cannot get target pathname %s metadata'), $destpath);
++ }
++ }
++ my $dest_is_dir = -d _;
++ if ($dest_exists) {
++ if ($dest_is_dir && $src_is_dir) {
++ # Refresh the destination directory attributes with the
++ # ones from the tarball.
++ chmod $mode, $destpath
++ or syserr(g_('cannot change directory %s mode'), $File::Find::name);
++ utime $atime, $mtime, $destpath
++ or syserr(g_('cannot change directory %s times'), $File::Find::name);
++
++ # We should do nothing, and just walk further tree.
++ return;
++ } elsif ($dest_is_dir) {
++ rmdir $destpath
++ or syserr(g_('cannot remove destination directory %s'), $destpath);
++ } else {
++ $check_symlink->($destpath);
++ unlink $destpath
++ or syserr(g_('cannot remove destination file %s'), $destpath);
++ }
++ }
++ # If we are moving a directory, we do not need to walk it.
++ if ($src_is_dir) {
++ $File::Find::prune = 1;
++ }
++ rename $File::Find::name, $destpath
++ or syserr(g_('cannot move %s to %s'), $File::Find::name, $destpath);
++ };
++
++ find({
++ wanted => $move_in_place,
++ no_chdir => 1,
++ dangling_symlinks => 0,
++ }, $tmp);
+ } else {
+- rename($tmp, $dest)
+- or syserr(g_('unable to rename %s to %s'), $tmp, $dest);
++ # Rename extracted directory
++ opendir(my $dir_dh, $tmp) or syserr(g_('cannot opendir %s'), $tmp);
++ my @entries = grep { $_ ne '.' && $_ ne '..' } readdir($dir_dh);
++ closedir($dir_dh);
++
++ erasedir($dest);
++
++ if (scalar(@entries) == 1 && ! -l "$tmp/$entries[0]" && -d _) {
++ rename("$tmp/$entries[0]", $dest)
++ or syserr(g_('unable to rename %s to %s'),
++ "$tmp/$entries[0]", $dest);
++ } else {
++ rename($tmp, $dest)
++ or syserr(g_('unable to rename %s to %s'), $tmp, $dest);
++ }
+ }
+ erasedir($tmp);
+ }
+diff --git a/scripts/t/Dpkg_Source_Archive.t b/scripts/t/Dpkg_Source_Archive.t
+index 7b70da68e..504fbe1d4 100644
+--- a/scripts/t/Dpkg_Source_Archive.t
++++ b/scripts/t/Dpkg_Source_Archive.t
+@@ -16,12 +16,120 @@
+ use strict;
+ use warnings;
+
+-use Test::More tests => 1;
++use Test::More tests => 4;
++use Test::Dpkg qw(:paths);
++
++use File::Spec;
++use File::Path qw(make_path rmtree);
+
+ BEGIN {
+ use_ok('Dpkg::Source::Archive');
+ }
+
++use Dpkg;
++
++my $tmpdir = test_get_temp_path();
++
++rmtree($tmpdir);
++
++sub test_touch
++{
++ my ($name, $data) = @_;
++
++ open my $fh, '>', $name
++ or die "cannot touch file $name\n";
++ print { $fh } $data if $data;
++ close $fh;
++}
++
++sub test_path_escape
++{
++ my $name = shift;
++
++ my $treedir = File::Spec->rel2abs("$tmpdir/$name-tree");
++ my $overdir = File::Spec->rel2abs("$tmpdir/$name-overlay");
++ my $outdir = "$tmpdir/$name-out";
++ my $expdir = "$tmpdir/$name-exp";
++
++ # This is the base directory, where we are going to be extracting stuff
++ # into, which include traps.
++ make_path("$treedir/subdir-a");
++ test_touch("$treedir/subdir-a/file-a");
++ test_touch("$treedir/subdir-a/file-pre-a");
++ make_path("$treedir/subdir-b");
++ test_touch("$treedir/subdir-b/file-b");
++ test_touch("$treedir/subdir-b/file-pre-b");
++ symlink File::Spec->abs2rel($outdir, $treedir), "$treedir/symlink-escape";
++ symlink File::Spec->abs2rel("$outdir/nonexistent", $treedir), "$treedir/symlink-nonexistent";
++ symlink "$treedir/file", "$treedir/symlink-within";
++ test_touch("$treedir/supposed-dir");
++
++ # This is the overlay directory, which we'll pack and extract over the
++ # base directory.
++ make_path($overdir);
++ make_path("$overdir/subdir-a/aa");
++ test_touch("$overdir/subdir-a/aa/file-aa", 'aa');
++ test_touch("$overdir/subdir-a/file-a", 'a');
++ make_path("$overdir/subdir-b/bb");
++ test_touch("$overdir/subdir-b/bb/file-bb", 'bb');
++ test_touch("$overdir/subdir-b/file-b", 'b');
++ make_path("$overdir/symlink-escape");
++ test_touch("$overdir/symlink-escape/escaped-file", 'escaped');
++ test_touch("$overdir/symlink-nonexistent", 'nonexistent');
++ make_path("$overdir/symlink-within");
++ make_path("$overdir/supposed-dir");
++ test_touch("$overdir/supposed-dir/supposed-file", 'something');
++
++ # Generate overlay tar.
++ system($Dpkg::PROGTAR, '-cf', "$overdir.tar", '-C', $overdir, qw(
++ subdir-a subdir-b
++ symlink-escape/escaped-file symlink-nonexistent symlink-within
++ supposed-dir
++ )) == 0
++ or die "cannot create overlay tar archive\n";
++
++ # This is the expected directory, which we'll be comparing against.
++ make_path($expdir);
++ system('cp', '-a', $overdir, $expdir) == 0
++ or die "cannot copy overlay hierarchy into expected directory\n";
++
++ # Store the expected and out reference directories into a tar to compare
++ # its structure against the result reference.
++ system($Dpkg::PROGTAR, '-cf', "$expdir.tar", '-C', $overdir, qw(
++ subdir-a subdir-b
++ symlink-escape/escaped-file symlink-nonexistent symlink-within
++ supposed-dir
++ ), '-C', $treedir, qw(
++ subdir-a/file-pre-a
++ subdir-b/file-pre-b
++ )) == 0
++ or die "cannot create expected tar archive\n";
++
++ # This directory is supposed to remain empty, anything inside implies a
++ # directory traversal.
++ make_path($outdir);
++
++ my $warnseen;
++ local $SIG{__WARN__} = sub { $warnseen = $_[0] };
++
++ # Perform the extraction.
++ my $tar = Dpkg::Source::Archive->new(filename => "$overdir.tar");
++ $tar->extract($treedir, in_place => 1);
++
++ # Store the result into a tar to compare its structure against a reference.
++ system($Dpkg::PROGTAR, '-cf', "$treedir.tar", '-C', $treedir, '.');
++
++ # Check results
++ ok(length $warnseen && $warnseen =~ m/points outside source root/,
++ 'expected warning seen');
++ ok(system($Dpkg::PROGTAR, '--compare', '-f', "$expdir.tar", '-C', $treedir) == 0,
++ 'expected directory matches');
++ ok(! -e "$outdir/escaped-file",
++ 'expected output directory is empty, directory traversal');
++}
++
++test_path_escape('in-place');
++
+ # TODO: Add actual test cases.
+
+ 1;
+--
+2.33.0
+
diff --git a/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb b/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb
index 681909f0bf..7ef6233ee4 100644
--- a/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb
+++ b/meta/recipes-devtools/dpkg/dpkg_1.21.4.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://salsa.debian.org/dpkg-team/dpkg.git;protocol=https;branch=main
file://0001-dpkg-Support-muslx32-build.patch \
file://pager.patch \
file://0001-Add-support-for-riscv32-CPU.patch \
+ file://0001-Dpkg-Source-Archive-Prevent-directory-traversal-for-.patch \
"
SRC_URI:append:class-native = " file://0001-build.c-ignore-return-of-1-from-tar-cf.patch"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 04/15] bind: upgrade 9.18.2 -> 9.18.3
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (2 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 03/15] dpkg: fix CVE-2022-1664 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 05/15] bind: upgrade 9.18.3 -> 9.18.4 Steve Sakoman
` (10 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: wangmy <wangmy@fujitsu.com>
Changelog:
==========
[security]
Fix a crash in DNS-over-HTTPS (DoH) code caused by
premature TLS stream socket object deletion.
(CVE-2022-1183) [GL #3216]
[bug]
RPZ NSIP and NSDNAME rule processing didn't handle stub
and static-stub zones at or above the query name. This
has now been addressed. [GL #3232]
Fixed a deadlock that could occur if an rndc
connection arrived during the shutdown of network
interfaces. [GL #3272]
Refactor the fctx_done() function to set fctx to
NULL after detaching, so that reference counting
errors will be easier to avoid. [GL #2969]
udp_recv() in dispatch could trigger an INSIST when the
callback's result indicated success but the response
was canceled in the meantime. [GL #3300]
Work around a jemalloc quirk which could trigger an
out-of-memory condition in named over time. [GL #3287]
If there was a pending negative cache DS entry,
validations depending upon it could fail. [GL #3279]
dig returned a 0 exit status on UDP connection failure.
[GL #3235]
Fix an assertion failure when using dig with +nssearch
and +tcp options by starting the next query in the
send_done() callback (like in the UDP mode) instead
of doing that recursively in start_tcp(). Also
ensure that queries interrupted while connecting
are detached properly. [GL #3144]
Don't remove CDS/CDNSKEY DELETE records on zone sign
when using 'auto-dnssec maintain;'. [GL #2931]
[contrib]
Avoid name space collision in dlz modules by prefixing
functions with 'dlz_'. [GL !5778]
dlz: Add FALLTHROUGH and UNREACHABLE macros. [GL #3306]
[func]
Add new named command-line option -C to print built-in
defaults. [GL #1326]
Introduce the concept of broken catalog zones described
in the DNS catalog zones draft version 5 document.
[GL #3224]
Add DNS Extended Errors when stale answers are returned
from cache. [GL #2267]
Implement support for catalog zones change of ownership
(coo) mechanism described in the DNS catalog zones draft
version 5 document. [GL #3223]
Implement support for catalog zones options new syntax
based on catalog zones custom properties with "ext"
suffix described in the DNS catalog zones draft version
5 document. [GL #3222]
Implement reference counting for TLS contexts and
allow reloading of TLS certificates on reconfiguration
without destroying the underlying TCP listener sockets
for TLS-based DNS transports. [GL #3122]
Add support for remote TLS certificates
verification, both to BIND and dig, making it possible
to implement Strict and Mutual TLS authentication,
as described in RFC 9103, Section 9.3. [GL #3163]
[cleanup]
Remove use of exclusive mode in ns_interfacemgr in
favor of rwlocked access to localhost and localnets
members of dns_aclenv_t structure. [GL #3229]
Remove the task exclusive mode use in ns_clientmgr.
[GL #3230]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d2ae8b85c71be2e9e332b1ef0a2d3083b30c63e6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../0001-avoid-start-failure-with-bind-user.patch | 0
.../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0
| 0
.../bind/{bind-9.18.2 => bind-9.18.3}/bind9 | 0
.../bind/{bind-9.18.2 => bind-9.18.3}/conf.patch | 0
.../bind/{bind-9.18.2 => bind-9.18.3}/generate-rndc-key.sh | 0
.../init.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../bind/{bind-9.18.2 => bind-9.18.3}/named.service | 0
.../bind/{bind_9.18.2.bb => bind_9.18.3.bb} | 2 +-
10 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.2 => bind-9.18.3}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.2.bb => bind_9.18.3.bb} (98%)
diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.3/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.2/0001-avoid-start-failure-with-bind-user.patch
rename to meta/recipes-connectivity/bind/bind-9.18.3/0001-avoid-start-failure-with-bind-user.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.3/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.2/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to meta/recipes-connectivity/bind/bind-9.18.3/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.3/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.2/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to meta/recipes-connectivity/bind/bind-9.18.3/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/bind9 b/meta/recipes-connectivity/bind/bind-9.18.3/bind9
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.2/bind9
rename to meta/recipes-connectivity/bind/bind-9.18.3/bind9
diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.3/conf.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.2/conf.patch
rename to meta/recipes-connectivity/bind/bind-9.18.3/conf.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.3/generate-rndc-key.sh
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.2/generate-rndc-key.sh
rename to meta/recipes-connectivity/bind/bind-9.18.3/generate-rndc-key.sh
diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.3/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.2/init.d-add-support-for-read-only-rootfs.patch
rename to meta/recipes-connectivity/bind/bind-9.18.3/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.3/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.2/make-etc-initd-bind-stop-work.patch
rename to meta/recipes-connectivity/bind/bind-9.18.3/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.2/named.service b/meta/recipes-connectivity/bind/bind-9.18.3/named.service
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.2/named.service
rename to meta/recipes-connectivity/bind/bind-9.18.3/named.service
diff --git a/meta/recipes-connectivity/bind/bind_9.18.2.bb b/meta/recipes-connectivity/bind/bind_9.18.3.bb
similarity index 98%
rename from meta/recipes-connectivity/bind/bind_9.18.2.bb
rename to meta/recipes-connectivity/bind/bind_9.18.3.bb
index 1c77aceb9f..b511b77f2e 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.2.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.3.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "2e4b38779bba0a23ee634fdf7c525fd9794c41d692bfd83cda25823a2a3ed969"
+SRC_URI[sha256sum] = "0ad8da773bd93cba0ef66cc81999698ebdf9c3e51faed5e5c8c1eb75cad2ae6f"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 05/15] bind: upgrade 9.18.3 -> 9.18.4
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (3 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 04/15] bind: upgrade 9.18.2 -> 9.18.3 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 06/15] gnupg: update 2.3.4 -> 2.3.6 Steve Sakoman
` (9 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: wangmy <wangmy@fujitsu.com>
Changelog:
==========
[func] Don't try to process DNSSEC-related and ZONEMD records
in catz. [GL #3380]
[func] Add some more dnssec-policy checks to detect weird
policies. [GL #1611]
[test] Add new set of unit test macros and move the unit
tests under single namespace in /tests/. [GL !6243]
[func] Key timing options for 'dnssec-settime' and related
utilities now accept "UNSET" times as printed by
'dnssec-settime -p'. [GL #3361]
[bug] When the fetches-per-server quota was adjusted
because of an authoritative server timing out more
or less frequently, it was incorrectly set to 1
rather than the intended value. This has been
fixed. [GL #3327]
[bug] Only write key files if the dnssec-policy keymgr has
changed the metadata. [GL #3302]
[func] Key timing options for 'dnssec-keygen' and
'dnssec-settime' now accept times as printed by
'dnssec-settime -p'. [GL !2947]
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d5a12d549209f01324d03963db96449ee43452eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../0001-avoid-start-failure-with-bind-user.patch | 0
.../0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0
| 0
.../bind/{bind-9.18.3 => bind-9.18.4}/bind9 | 0
.../bind/{bind-9.18.3 => bind-9.18.4}/conf.patch | 0
.../bind/{bind-9.18.3 => bind-9.18.4}/generate-rndc-key.sh | 0
.../init.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../bind/{bind-9.18.3 => bind-9.18.4}/named.service | 0
.../bind/{bind_9.18.3.bb => bind_9.18.4.bb} | 2 +-
10 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.3 => bind-9.18.4}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.3.bb => bind_9.18.4.bb} (98%)
diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.3/0001-avoid-start-failure-with-bind-user.patch
rename to meta/recipes-connectivity/bind/bind-9.18.4/0001-avoid-start-failure-with-bind-user.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.3/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to meta/recipes-connectivity/bind/bind-9.18.4/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.3/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to meta/recipes-connectivity/bind/bind-9.18.4/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/bind9 b/meta/recipes-connectivity/bind/bind-9.18.4/bind9
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.3/bind9
rename to meta/recipes-connectivity/bind/bind-9.18.4/bind9
diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.4/conf.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.3/conf.patch
rename to meta/recipes-connectivity/bind/bind-9.18.4/conf.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.3/generate-rndc-key.sh
rename to meta/recipes-connectivity/bind/bind-9.18.4/generate-rndc-key.sh
diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.3/init.d-add-support-for-read-only-rootfs.patch
rename to meta/recipes-connectivity/bind/bind-9.18.4/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.3/make-etc-initd-bind-stop-work.patch
rename to meta/recipes-connectivity/bind/bind-9.18.4/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.3/named.service b/meta/recipes-connectivity/bind/bind-9.18.4/named.service
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.3/named.service
rename to meta/recipes-connectivity/bind/bind-9.18.4/named.service
diff --git a/meta/recipes-connectivity/bind/bind_9.18.3.bb b/meta/recipes-connectivity/bind/bind_9.18.4.bb
similarity index 98%
rename from meta/recipes-connectivity/bind/bind_9.18.3.bb
rename to meta/recipes-connectivity/bind/bind_9.18.4.bb
index b511b77f2e..5af2022129 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.3.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.4.bb
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "0ad8da773bd93cba0ef66cc81999698ebdf9c3e51faed5e5c8c1eb75cad2ae6f"
+SRC_URI[sha256sum] = "f277ae50159a00c300eb926a9c5d51953038a936bd8242d6913dfb6eac42761d"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 06/15] gnupg: update 2.3.4 -> 2.3.6
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (4 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 05/15] bind: upgrade 9.18.3 -> 9.18.4 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 07/15] gnupg: upgrade to 2.3.7 to fix CVE-2022-34903 Steve Sakoman
` (8 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Remove 0003-dirmngr-uses-libgpg-error.patch
(upstream addressed the issue).
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...-a-custom-value-for-the-location-of-.patch | 6 ++--
.../0003-dirmngr-uses-libgpg-error.patch | 29 -------------------
.../gnupg/gnupg/relocate.patch | 18 ++++++------
.../gnupg/{gnupg_2.3.4.bb => gnupg_2.3.6.bb} | 3 +-
4 files changed, 13 insertions(+), 43 deletions(-)
delete mode 100644 meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
rename meta/recipes-support/gnupg/{gnupg_2.3.4.bb => gnupg_2.3.6.bb} (95%)
diff --git a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index b58fbfe6f5..c4ede9ea5e 100644
--- a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,4 +1,4 @@
-From bdde1faa774753e29d582d79186e08a38597de9e Mon Sep 17 00:00:00 2001
+From 89b98553084fbefe1ef2c7cbff9e72cf43144c49 Mon Sep 17 00:00:00 2001
From: Alexander Kanavin <alex.kanavin@gmail.com>
Date: Mon, 22 Jan 2018 18:00:21 +0200
Subject: [PATCH] configure.ac: use a custom value for the location of
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/configure.ac b/configure.ac
-index 5cdd316..e5f2d6a 100644
+index d86c60e..65c22b2 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -1962,7 +1962,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
+@@ -1955,7 +1955,7 @@ AC_DEFINE_UNQUOTED(GPGCONF_DISP_NAME, "GPGConf",
AC_DEFINE_UNQUOTED(GPGTAR_NAME, "gpgtar", [The name of the gpgtar tool])
diff --git a/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch b/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
deleted file mode 100644
index b4106d3620..0000000000
--- a/meta/recipes-support/gnupg/gnupg/0003-dirmngr-uses-libgpg-error.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 9ace8f1b68ab708c44dce4c0152b975fbceb0398 Mon Sep 17 00:00:00 2001
-From: Saul Wold <sgw@linux.intel.com>
-Date: Wed, 16 Aug 2017 11:18:01 +0800
-Subject: [PATCH] dirmngr uses libgpg error
-
-Upstream-Status: Pending
-Signed-off-by: Saul Wold <sgw@linux.intel.com>
-
-Rebase to 2.1.23
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-
----
- dirmngr/Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/dirmngr/Makefile.am b/dirmngr/Makefile.am
-index 77ca3f5..1446775 100644
---- a/dirmngr/Makefile.am
-+++ b/dirmngr/Makefile.am
-@@ -86,7 +86,7 @@ endif
- dirmngr_LDADD = $(libcommonpth) \
- $(DNSLIBS) $(LIBASSUAN_LIBS) \
- $(LIBGCRYPT_LIBS) $(KSBA_LIBS) $(NPTH_LIBS) \
-- $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS)
-+ $(NTBTLS_LIBS) $(LIBGNUTLS_LIBS) $(LIBINTL) $(LIBICONV) $(NETLIBS) $(GPG_ERROR_LIBS)
- if USE_LDAP
- dirmngr_LDADD += $(ldaplibs)
- endif
diff --git a/meta/recipes-support/gnupg/gnupg/relocate.patch b/meta/recipes-support/gnupg/gnupg/relocate.patch
index 74f48e9582..43999b8a6d 100644
--- a/meta/recipes-support/gnupg/gnupg/relocate.patch
+++ b/meta/recipes-support/gnupg/gnupg/relocate.patch
@@ -1,4 +1,4 @@
-From 1e34e1d477f843c0ee2f1a3fddc20201f0233e81 Mon Sep 17 00:00:00 2001
+From 89ae4f03307104689e1857d9857d452af6b35ac4 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 19 Sep 2018 14:44:40 +0100
Subject: [PATCH] Allow the environment to override where gnupg looks for its
@@ -14,10 +14,10 @@ Signed-off-by: Alexander Kanavin <alex@linutronix.de>
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/common/homedir.c b/common/homedir.c
-index 174d961..f4c25fb 100644
+index 260aeb2..1aeb08d 100644
--- a/common/homedir.c
+++ b/common/homedir.c
-@@ -1161,7 +1161,7 @@ gnupg_socketdir (void)
+@@ -1143,7 +1143,7 @@ gnupg_socketdir (void)
if (!name)
{
unsigned int dummy;
@@ -26,7 +26,7 @@ index 174d961..f4c25fb 100644
gpgrt_annotate_leaked_object (name);
}
-@@ -1193,7 +1193,7 @@ gnupg_sysconfdir (void)
+@@ -1175,7 +1175,7 @@ gnupg_sysconfdir (void)
if (dir)
return dir;
else
@@ -35,7 +35,7 @@ index 174d961..f4c25fb 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1229,7 +1229,7 @@ gnupg_bindir (void)
+@@ -1211,7 +1211,7 @@ gnupg_bindir (void)
return name;
}
else
@@ -44,7 +44,7 @@ index 174d961..f4c25fb 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1256,7 +1256,7 @@ gnupg_libexecdir (void)
+@@ -1238,7 +1238,7 @@ gnupg_libexecdir (void)
return name;
}
else
@@ -53,7 +53,7 @@ index 174d961..f4c25fb 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1286,7 +1286,7 @@ gnupg_libdir (void)
+@@ -1268,7 +1268,7 @@ gnupg_libdir (void)
return name;
}
else
@@ -62,7 +62,7 @@ index 174d961..f4c25fb 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1317,7 +1317,7 @@ gnupg_datadir (void)
+@@ -1299,7 +1299,7 @@ gnupg_datadir (void)
return name;
}
else
@@ -71,7 +71,7 @@ index 174d961..f4c25fb 100644
#endif /*!HAVE_W32_SYSTEM*/
}
-@@ -1349,7 +1349,7 @@ gnupg_localedir (void)
+@@ -1331,7 +1331,7 @@ gnupg_localedir (void)
return name;
}
else
diff --git a/meta/recipes-support/gnupg/gnupg_2.3.4.bb b/meta/recipes-support/gnupg/gnupg_2.3.6.bb
similarity index 95%
rename from meta/recipes-support/gnupg/gnupg_2.3.4.bb
rename to meta/recipes-support/gnupg/gnupg_2.3.6.bb
index d27bddb8bd..f35eb8c75a 100644
--- a/meta/recipes-support/gnupg/gnupg_2.3.4.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.3.6.bb
@@ -16,7 +16,6 @@ inherit autotools gettext texinfo pkgconfig
UPSTREAM_CHECK_URI = "https://gnupg.org/download/index.html"
SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://0002-use-pkgconfig-instead-of-npth-config.patch \
- file://0003-dirmngr-uses-libgpg-error.patch \
file://0004-autogen.sh-fix-find-version-for-beta-checking.patch \
file://0001-Woverride-init-is-not-needed-with-gcc-9.patch \
"
@@ -24,7 +23,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-
file://relocate.patch"
SRC_URI:append:class-nativesdk = " file://relocate.patch"
-SRC_URI[sha256sum] = "f3468ecafb1d7f9ad7b51fd1db7aebf17ceb89d2efa8a05cf2f39b4d405402ae"
+SRC_URI[sha256sum] = "21f7fe2fc5c2f214184ab050977ec7a8e304e58bfae2ab098fec69f8fabda9c1"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 07/15] gnupg: upgrade to 2.3.7 to fix CVE-2022-34903
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (5 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 06/15] gnupg: update 2.3.4 -> 2.3.6 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 08/15] vim: Upgrade 9.0.0021 -> 9.0.0063 Steve Sakoman
` (7 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Yue Tao <yue.tao@windriver.com>
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-support/gnupg/{gnupg_2.3.6.bb => gnupg_2.3.7.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/gnupg/{gnupg_2.3.6.bb => gnupg_2.3.7.bb} (97%)
diff --git a/meta/recipes-support/gnupg/gnupg_2.3.6.bb b/meta/recipes-support/gnupg/gnupg_2.3.7.bb
similarity index 97%
rename from meta/recipes-support/gnupg/gnupg_2.3.6.bb
rename to meta/recipes-support/gnupg/gnupg_2.3.7.bb
index f35eb8c75a..da2b1c4deb 100644
--- a/meta/recipes-support/gnupg/gnupg_2.3.6.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.3.7.bb
@@ -23,7 +23,7 @@ SRC_URI:append:class-native = " file://0001-configure.ac-use-a-custom-value-for-
file://relocate.patch"
SRC_URI:append:class-nativesdk = " file://relocate.patch"
-SRC_URI[sha256sum] = "21f7fe2fc5c2f214184ab050977ec7a8e304e58bfae2ab098fec69f8fabda9c1"
+SRC_URI[sha256sum] = "ee163a5fb9ec99ffc1b18e65faef8d086800c5713d15a672ab57d3799da83669"
EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 08/15] vim: Upgrade 9.0.0021 -> 9.0.0063
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (6 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 07/15] gnupg: upgrade to 2.3.7 to fix CVE-2022-34903 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 09/15] go: update v1.17.10 -> v1.17.12 Steve Sakoman
` (6 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Pulls in several CVE fixes.
Added a patch to avoid timer_create cross compile issue (and submitted upstream).
Also submit the race fix upstream.
We disable timer_create in the native case since some systems have it
and some don't so this makes us consistent.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d0c1de084c7ce030d47a428e4bbfbc4ce2996057)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../vim/files/crosscompile.patch | 51 +++++++++++++++++++
meta/recipes-support/vim/files/racefix.patch | 12 +++--
meta/recipes-support/vim/vim.inc | 9 +++-
3 files changed, 66 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-support/vim/files/crosscompile.patch
diff --git a/meta/recipes-support/vim/files/crosscompile.patch b/meta/recipes-support/vim/files/crosscompile.patch
new file mode 100644
index 0000000000..583d3fc7b0
--- /dev/null
+++ b/meta/recipes-support/vim/files/crosscompile.patch
@@ -0,0 +1,51 @@
+configure.ac: Fix create_timer solaris test for cross compiling
+
+A runtime test was added for create_timer however this meant cross compiling
+would no longer work. Allow a cache value to be specified to allow cross
+compiling again.
+
+Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org
+
+Upstream-Status: Submitted [https://github.com/vim/vim/pull/10777]
+
+Index: git/src/configure.ac
+===================================================================
+--- git.orig/src/configure.ac
++++ git/src/configure.ac
+@@ -3814,7 +3814,7 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
+ dnl Check for timer_create. It probably requires the 'rt' library.
+ dnl Run the program to find out if timer_create(CLOCK_MONOTONIC) actually
+ dnl works, on Solaris timer_create() exists but fails at runtime.
+-AC_MSG_CHECKING([for timer_create])
++AC_CACHE_CHECK([for timer_create], [vim_cv_timer_create],
+ save_LIBS="$LIBS"
+ LIBS="$LIBS -lrt"
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([
+@@ -3831,7 +3831,7 @@ static void set_flag(union sigval sv) {}
+ if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0)
+ exit(1); // cannot create a monotonic timer
+ ])],
+- AC_MSG_RESULT(yes; with -lrt); AC_DEFINE(HAVE_TIMER_CREATE),
++ AC_MSG_NOTICE(timer_create with -lrt); vim_cv_timer_create=yes,
+ LIBS="$save_LIBS"
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([
+ #include<signal.h>
+@@ -3847,8 +3847,16 @@ static void set_flag(union sigval sv) {}
+ if (timer_create(CLOCK_MONOTONIC, &action, &timer_id) < 0)
+ exit(1); // cannot create a monotonic timer
+ ])],
+- AC_MSG_RESULT(yes); AC_DEFINE(HAVE_TIMER_CREATE),
+- AC_MSG_RESULT(no)))
++ vim_cv_timer_create=yes,
++ vim_cv_timer_create=no),
++ AC_MSG_ERROR(cross-compiling: please set 'vim_cv_timer_create')
++ )
++)
++
++if test "x$vim_cv_timer_create" = "xyes" ; then
++ AC_DEFINE(HAVE_TIMER_CREATE)
++fi
++
+
+ AC_CACHE_CHECK([whether stat() ignores a trailing slash], [vim_cv_stat_ignores_slash],
+ [
diff --git a/meta/recipes-support/vim/files/racefix.patch b/meta/recipes-support/vim/files/racefix.patch
index 1cb8fb442f..34bd37d650 100644
--- a/meta/recipes-support/vim/files/racefix.patch
+++ b/meta/recipes-support/vim/files/racefix.patch
@@ -1,9 +1,13 @@
+po/Makefile: Avoid race over LINGUAS file
+
The creation of the LINGUAS file is duplicated for each desktop file
-which can lead the commands to race against each other. Rework
-the makefile to avoid this as the expense of leaving the file on disk.
+which can lead the commands to race against each other. One target might
+remove it before another has been able to use it. Rework the makefile to
+avoid this as the expense of leaving the file on disk.
+
+Signed-off-by: Richard Purdie richard.purdie@linuxfoundation.org
-Upstream-Status: Pending
-RP 2021/2/15
+Upstream-Status: Submitted [https://github.com/vim/vim/pull/10776]
Index: git/src/po/Makefile
===================================================================
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 7e2c624bc1..31229534e4 100644
--- a/meta/recipes-support/vim/vim.inc
+++ b/meta/recipes-support/vim/vim.inc
@@ -19,10 +19,11 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \
file://0001-src-Makefile-improve-reproducibility.patch \
file://no-path-adjust.patch \
file://racefix.patch \
+ file://crosscompile.patch \
"
-PV .= ".0021"
-SRCREV = "5e59ea54c0c37c2f84770f068d95280069828774"
+PV .= ".0063"
+SRCREV = "d61efa50f8f5b9d9dcbc136705cc33874f0fdcb3"
# Remove when 8.3 is out
UPSTREAM_VERSION_UNKNOWN = "1"
@@ -95,6 +96,10 @@ EXTRA_OECONF = " \
STRIP=/bin/true \
"
+# Some host distros don't have it, disable consistently
+EXTRA_OECONF:append:class-native = " vim_cv_timer_create=no"
+EXTRA_OECONF:append:class-target = " vim_cv_timer_create=yes"
+
do_install() {
autotools_do_install
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 09/15] go: update v1.17.10 -> v1.17.12
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (7 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 08/15] vim: Upgrade 9.0.0021 -> 9.0.0063 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 10/15] git: upgrade v2.35.3 -> v2.35.4 Steve Sakoman
` (5 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Sakib Sajal <sakib.sajal@windriver.com>
go.git$ git log --oneline go1.17.10..go1.17.12
1ed3c127da (tag: go1.17.12) [release-branch.go1.17] go1.17.12
cd54600b86 [release-branch.go1.17] encoding/gob: add a depth limit for ignored fields
76f8b7304d [release-branch.go1.17] path/filepath: fix stack exhaustion in Glob
8c1d8c8362 [release-branch.go1.17] io/fs: fix stack exhaustion in Glob
0117dee7dc [release-branch.go1.17] compress/gzip: fix stack exhaustion bug in Reader.Read
ba8788ebce [release-branch.go1.17] go/parser: limit recursion depth
2678d0c957 [release-branch.go1.17] encoding/xml: limit depth of nesting in unmarshal
58facfbe7d [release-branch.go1.17] encoding/xml: use iterative Skip, rather than recursive
ed2f33e1a7 [release-branch.go1.17] net/http: preserve nil values in Header.Clone
d13431c37a [release-branch.go1.17] net/http: don't strip whitespace from Transfer-Encoding headers
ae2dfcc1c8 [release-branch.go1.17] runtime: add race annotations to cbs.lock
fc07039e23 [release-branch.go1.17] runtime: add race annotations to metricsSema
9ef614f5aa [release-branch.go1.17] cmd/compile: allow 128-bit values to be spilled
b1be664d64 [release-branch.go1.17] runtime: store consistent total allocation stats as uint64
77cc1c0def [release-branch.go1.17] cmd/go: pass --no-decorate when listing git tags for a commit
8d2935ab7c [release-branch.go1.17] cmd/dist: test cgo internal linking on darwin-arm64
651a8d81ba [release-branch.go1.17] cmd/dist: skip internal linking tests on arm64
26cdea3acc (tag: go1.17.11) [release-branch.go1.17] go1.17.11
4c69fd51a9 [release-branch.go1.17] path/filepath: do not remove prefix "." when following path contains ":".
909881db03 [release-branch.go1.17] misc/cgo/testsanitizers: buffer the signal channel in TestTSAN/tsan11
03c2e56f68 [release-branch.go1.17] crypto/tls: avoid extra allocations in steady-state Handshake calls
c15a8e2dbb [release-branch.go1.17] crypto/tls: randomly generate ticket_age_add
590b53fac9 [release-branch.go1.17] os/exec: return clear error for missing cmd.Path
2be03d789d [release-branch.go1.17] crypto/rand: properly handle large Read on windows
65701ad2b4 [release-branch.go1.17] misc/cgo/testsanitizers: use buffered channel in tsan12.go
e846f3f2d6 [release-branch.go1.17] runtime: skip TestGdbBacktrace flakes matching a known GDB internal error
a9003376d5 [release-branch.go1.17] cmd/dist: consistently set PWD when executing a command in a different directory
0e7138a102 [release-branch.go1.17] runtime: mark TestGcSys as flaky
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/go/{go-1.17.10.inc => go-1.17.12.inc} | 2 +-
...o-binary-native_1.17.10.bb => go-binary-native_1.17.12.bb} | 4 ++--
...cross-canadian_1.17.10.bb => go-cross-canadian_1.17.12.bb} | 0
.../go/{go-cross_1.17.10.bb => go-cross_1.17.12.bb} | 0
.../go/{go-crosssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} | 0
.../go/{go-native_1.17.10.bb => go-native_1.17.12.bb} | 0
.../go/{go-runtime_1.17.10.bb => go-runtime_1.17.12.bb} | 0
meta/recipes-devtools/go/{go_1.17.10.bb => go_1.17.12.bb} | 0
8 files changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-devtools/go/{go-1.17.10.inc => go-1.17.12.inc} (92%)
rename meta/recipes-devtools/go/{go-binary-native_1.17.10.bb => go-binary-native_1.17.12.bb} (83%)
rename meta/recipes-devtools/go/{go-cross-canadian_1.17.10.bb => go-cross-canadian_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-cross_1.17.10.bb => go-cross_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-crosssdk_1.17.10.bb => go-crosssdk_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-native_1.17.10.bb => go-native_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go-runtime_1.17.10.bb => go-runtime_1.17.12.bb} (100%)
rename meta/recipes-devtools/go/{go_1.17.10.bb => go_1.17.12.bb} (100%)
diff --git a/meta/recipes-devtools/go/go-1.17.10.inc b/meta/recipes-devtools/go/go-1.17.12.inc
similarity index 92%
rename from meta/recipes-devtools/go/go-1.17.10.inc
rename to meta/recipes-devtools/go/go-1.17.12.inc
index e71feb5d02..77a983f9d0 100644
--- a/meta/recipes-devtools/go/go-1.17.10.inc
+++ b/meta/recipes-devtools/go/go-1.17.12.inc
@@ -17,7 +17,7 @@ SRC_URI += "\
file://0001-exec.go-do-not-write-linker-flags-into-buildids.patch \
file://0001-src-cmd-dist-buildgo.go-do-not-hardcode-host-compile.patch \
"
-SRC_URI[main.sha256sum] = "299e55af30f15691b015d8dcf8ecae72412412569e5b2ece20361753a456f2f9"
+SRC_URI[main.sha256sum] = "0d51b5b3f280c0f01f534598c0219db5878f337da6137a9ee698777413607209"
# Upstream don't believe it is a signifiant real world issue and will only
# fix in 1.17 onwards where we can drop this.
diff --git a/meta/recipes-devtools/go/go-binary-native_1.17.10.bb b/meta/recipes-devtools/go/go-binary-native_1.17.12.bb
similarity index 83%
rename from meta/recipes-devtools/go/go-binary-native_1.17.10.bb
rename to meta/recipes-devtools/go/go-binary-native_1.17.12.bb
index 0f49cebcb7..b034950721 100644
--- a/meta/recipes-devtools/go/go-binary-native_1.17.10.bb
+++ b/meta/recipes-devtools/go/go-binary-native_1.17.12.bb
@@ -8,8 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=5d4950ecb7b26d2c5e4e7b4e0dd74707"
PROVIDES = "go-native"
SRC_URI = "https://dl.google.com/go/go${PV}.${BUILD_GOOS}-${BUILD_GOARCH}.tar.gz;name=go_${BUILD_GOTUPLE}"
-SRC_URI[go_linux_amd64.sha256sum] = "87fc728c9c731e2f74e4a999ef53cf07302d7ed3504b0839027bd9c10edaa3fd"
-SRC_URI[go_linux_arm64.sha256sum] = "649141201efa7195403eb1301b95dc79c5b3e65968986a391da1370521701b0c"
+SRC_URI[go_linux_amd64.sha256sum] = "6e5203fbdcade4aa4331e441fd2e1db8444681a6a6c72886a37ddd11caa415d4"
+SRC_URI[go_linux_arm64.sha256sum] = "74a4832d0f150a2d768a6781553494ba84152e854ebef743c4092cd9d1f66a9f"
UPSTREAM_CHECK_URI = "https://golang.org/dl/"
UPSTREAM_CHECK_REGEX = "go(?P<pver>\d+(\.\d+)+)\.linux"
diff --git a/meta/recipes-devtools/go/go-cross-canadian_1.17.10.bb b/meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross-canadian_1.17.10.bb
rename to meta/recipes-devtools/go/go-cross-canadian_1.17.12.bb
diff --git a/meta/recipes-devtools/go/go-cross_1.17.10.bb b/meta/recipes-devtools/go/go-cross_1.17.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-cross_1.17.10.bb
rename to meta/recipes-devtools/go/go-cross_1.17.12.bb
diff --git a/meta/recipes-devtools/go/go-crosssdk_1.17.10.bb b/meta/recipes-devtools/go/go-crosssdk_1.17.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-crosssdk_1.17.10.bb
rename to meta/recipes-devtools/go/go-crosssdk_1.17.12.bb
diff --git a/meta/recipes-devtools/go/go-native_1.17.10.bb b/meta/recipes-devtools/go/go-native_1.17.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-native_1.17.10.bb
rename to meta/recipes-devtools/go/go-native_1.17.12.bb
diff --git a/meta/recipes-devtools/go/go-runtime_1.17.10.bb b/meta/recipes-devtools/go/go-runtime_1.17.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go-runtime_1.17.10.bb
rename to meta/recipes-devtools/go/go-runtime_1.17.12.bb
diff --git a/meta/recipes-devtools/go/go_1.17.10.bb b/meta/recipes-devtools/go/go_1.17.12.bb
similarity index 100%
rename from meta/recipes-devtools/go/go_1.17.10.bb
rename to meta/recipes-devtools/go/go_1.17.12.bb
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 10/15] git: upgrade v2.35.3 -> v2.35.4
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (8 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 09/15] go: update v1.17.10 -> v1.17.12 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 11/15] sstatesig: Include all dependencies in SPDX task signatures Steve Sakoman
` (4 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Sakib Sajal <sakib.sajal@windriver.com>
Minor upgrade which includes fix for CVE-2022-29187.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/git/{git_2.35.3.bb => git_2.35.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/git/{git_2.35.3.bb => git_2.35.4.bb} (98%)
diff --git a/meta/recipes-devtools/git/git_2.35.3.bb b/meta/recipes-devtools/git/git_2.35.4.bb
similarity index 98%
rename from meta/recipes-devtools/git/git_2.35.3.bb
rename to meta/recipes-devtools/git/git_2.35.4.bb
index 794045c8b7..18f39875db 100644
--- a/meta/recipes-devtools/git/git_2.35.3.bb
+++ b/meta/recipes-devtools/git/git_2.35.4.bb
@@ -165,4 +165,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
"
EXTRA_OEMAKE += "NO_GETTEXT=1"
-SRC_URI[tarball.sha256sum] = "cad708072d5c0b390c71651f5edb44143f00b357766973470bf9adebc0944c03"
+SRC_URI[tarball.sha256sum] = "4970108bdc227e2c3687899f8fc7501c54c839dcc42f4d999ac9e3e3f52df583"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 11/15] sstatesig: Include all dependencies in SPDX task signatures
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (9 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 10/15] git: upgrade v2.35.3 -> v2.35.4 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 12/15] rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} Steve Sakoman
` (3 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Joshua Watt <JPEWhacker@gmail.com>
SDPX generation involves looking through BB_TASKDEPDATA for
dependencies, then linking to the generated documents for those
dependencies. These document links use a checksum to validate the
document, which means that if a upstream document changes, all
downstream documents must be regenerated to get the new checksum,
otherwise the compendium of documents produced by the build will have
broken links; therefore all dependent task should be included in the
signature (even from "ABI safe" recipes).
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5fe543b9ceec971cf0297ff0ae3b0ccc4703cece)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oe/sstatesig.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py
index 7150bd0929..de65244932 100644
--- a/meta/lib/oe/sstatesig.py
+++ b/meta/lib/oe/sstatesig.py
@@ -24,10 +24,19 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCaches):
return "/allarch.bbclass" in inherits
def isImage(mc, fn):
return "/image.bbclass" in " ".join(dataCaches[mc].inherits[fn])
+ def isSPDXTask(task):
+ return task in ("do_create_spdx", "do_create_runtime_spdx")
depmc, _, deptaskname, depmcfn = bb.runqueue.split_tid_mcfn(dep)
mc, _ = bb.runqueue.split_mc(fn)
+ # Keep all dependencies between SPDX tasks in the signature. SPDX documents
+ # are linked together by hashes, which means if a dependent document changes,
+ # all downstream documents must be re-written (even if they are "safe"
+ # dependencies).
+ if isSPDXTask(task) and isSPDXTask(deptaskname):
+ return True
+
# (Almost) always include our own inter-task dependencies (unless it comes
# from a mcdepends). The exception is the special
# do_kernel_configme->do_unpack_and_patch dependency from archiver.bbclass.
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 12/15] rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S}
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (10 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 11/15] sstatesig: Include all dependencies in SPDX task signatures Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 13/15] gobject-introspection-data: Disable cache for g-ir-scanner Steve Sakoman
` (2 subsequent siblings)
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Ming Liu <liu.ming50@gmail.com>
This is to ensure host-user-contaminated.txt would be removed before
do_rootfs runs, since ${S} is in cleandirs of do_rootfs, otherwise, a
host-user-contaminated.txt file that generated from previous builds
could be used which is wrong.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 54a3fd63e684d070fad962be97e549f3af7ac111)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/rootfs-postcommands.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/rootfs-postcommands.bbclass b/meta/classes/rootfs-postcommands.bbclass
index fc179613fb..a59d9b5878 100644
--- a/meta/classes/rootfs-postcommands.bbclass
+++ b/meta/classes/rootfs-postcommands.bbclass
@@ -305,7 +305,7 @@ rootfs_trim_schemas () {
}
rootfs_check_host_user_contaminated () {
- contaminated="${WORKDIR}/host-user-contaminated.txt"
+ contaminated="${S}/host-user-contaminated.txt"
HOST_USER_UID="$(PSEUDO_UNLOAD=1 id -u)"
HOST_USER_GID="$(PSEUDO_UNLOAD=1 id -g)"
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 13/15] gobject-introspection-data: Disable cache for g-ir-scanner
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (11 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 12/15] rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-28 17:55 ` Chuck Wolber
2022-07-27 0:40 ` [OE-core][kirkstone 14/15] gcc: Backport a fix for gcc bug 105039 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 15/15] gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so Steve Sakoman
14 siblings, 1 reply; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Tom Hochstein <tom.hochstein@nxp.com>
An intermittent failure occurs in libical-native do_compile:
| Traceback (most recent call last):
| File "/.../build/tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 813, in move
| os.rename(src, real_dst)
| OSError: [Errno 18] Invalid cross-device link: '/tmp/g-ir-scanner-cache-adxo_2bq' -> '/home/bamboo/.cache/g-ir-scanner/bab9a83d2cd93e62ed005a2c1d4f89ae75c67251'
|
| During handling of the above exception, another exception occurred:
|
| Traceback (most recent call last):
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/bin/g-ir-scanner", line 99, in <module>
| sys.exit(scanner_main(sys.argv))
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/scannermain.py", line 590, in scanner_main
| transformer = create_transformer(namespace, options)
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/scannermain.py", line 409, in create_transformer
| transformer.register_include(include_obj)
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py", line 140, in register_include
| self._parse_include(filename)
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py", line 230, in _parse_include
| self._parse_include(dep_filename)
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py", line 225, in _parse_include
| self._cachestore.store(filename, parser)
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/cachestore.py", line 153, in store
| shutil.move(tmp_filename, store_filename)
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 833, in move
| copy_function(src, real_dst)
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 435, in copy2
| copystat(src, dst, follow_symlinks=follow_symlinks)
| File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 374, in copystat
| lookup("utime")(dst, ns=(st.st_atime_ns, st.st_mtime_ns),
| FileNotFoundError: [Errno 2] No such file or directory
A similar issue is described in a fix for gobject-introspection-native.
https://github.com/openembedded/openembedded-core/commit/d3c48ff7d19e86b2338b1778f9563969bba3d336
The problem was fixed there by setting the environment variable
GI_SCANNER_DISABLE_CACHE to disable the use of $HOME/.cache.
Extend the fix to users of gobject-instropection by promoting the fix
to the bbclass.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 35d5f707f6bb2ce5e9ab908e66e1ea9eeac754b1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/gobject-introspection-data.bbclass | 5 +++++
.../gobject-introspection/gobject-introspection_1.72.0.bb | 3 ---
2 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/meta/classes/gobject-introspection-data.bbclass b/meta/classes/gobject-introspection-data.bbclass
index 2ef684626a..d90cdb4839 100644
--- a/meta/classes/gobject-introspection-data.bbclass
+++ b/meta/classes/gobject-introspection-data.bbclass
@@ -5,3 +5,8 @@
# so that qemu use can be avoided when necessary.
GI_DATA_ENABLED ?= "${@bb.utils.contains('DISTRO_FEATURES', 'gobject-introspection-data', \
bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'True', 'False', d), 'False', d)}"
+
+do_compile:prepend() {
+ # This prevents g-ir-scanner from writing cache data to $HOME
+ export GI_SCANNER_DISABLE_CACHE=1
+}
diff --git a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb
index 355e77d107..9a47e908b7 100644
--- a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb
+++ b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb
@@ -113,9 +113,6 @@ EOF
}
do_compile:prepend() {
- # This prevents g-ir-scanner from writing cache data to $HOME
- export GI_SCANNER_DISABLE_CACHE=1
-
# Needed to run g-ir unit tests, which won't be able to find the built libraries otherwise
export GIR_EXTRA_LIBS_PATH=$B/.libs
}
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 14/15] gcc: Backport a fix for gcc bug 105039
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (12 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 13/15] gobject-introspection-data: Disable cache for g-ir-scanner Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 15/15] gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so Steve Sakoman
14 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Naveen <naveen.gowda@windriver.com>
Backport a fix from:
https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79
which fixes rust recursion issues in the demangler.
Signed-off-by: Naveen <naveen.gowda@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-11.3.inc | 2 +-
.../gcc/gcc/0030-rust-recursion-limit.patch | 92 +++++++++++++++++++
2 files changed, 93 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch
diff --git a/meta/recipes-devtools/gcc/gcc-11.3.inc b/meta/recipes-devtools/gcc/gcc-11.3.inc
index acbb43a25f..2cebeb2bc8 100644
--- a/meta/recipes-devtools/gcc/gcc-11.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-11.3.inc
@@ -59,7 +59,7 @@ SRC_URI = "\
file://0027-libatomic-Do-not-enforce-march-on-aarch64.patch \
file://0028-debug-101473-apply-debug-prefix-maps-before-checksum.patch \
file://0029-Fix-install-path-of-linux64.h.patch \
- \
+ file://0030-rust-recursion-limit.patch \
file://0001-CVE-2021-42574.patch \
file://0002-CVE-2021-42574.patch \
file://0003-CVE-2021-42574.patch \
diff --git a/meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch b/meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch
new file mode 100644
index 0000000000..bbe2f18f6f
--- /dev/null
+++ b/meta/recipes-devtools/gcc/gcc/0030-rust-recursion-limit.patch
@@ -0,0 +1,92 @@
+From 9234cdca6ee88badfc00297e72f13dac4e540c79 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Fri, 1 Jul 2022 15:58:52 +0100
+Subject: [PATCH] Add a recursion limit to the demangle_const function in the
+ Rust demangler.
+
+libiberty/
+ PR demangler/105039
+ * rust-demangle.c (demangle_const): Add recursion limit.
+
+Upstream-Status: Backport [https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79]
+---
+ libiberty/rust-demangle.c | 29 ++++++++++++++++++++---------
+ 1 file changed, 20 insertions(+), 9 deletions(-)
+
+diff --git a/libiberty/rust-demangle.c b/libiberty/rust-demangle.c
+index bb58d900e27..36afcfae278 100644
+--- a/libiberty/rust-demangle.c
++++ b/libiberty/rust-demangle.c
+@@ -126,7 +126,7 @@ parse_integer_62 (struct rust_demangler *rdm)
+ return 0;
+
+ x = 0;
+- while (!eat (rdm, '_'))
++ while (!eat (rdm, '_') && !rdm->errored)
+ {
+ c = next (rdm);
+ x *= 62;
+@@ -1148,6 +1148,15 @@ demangle_const (struct rust_demangler *rdm)
+ if (rdm->errored)
+ return;
+
++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++ {
++ ++ rdm->recursion;
++ if (rdm->recursion > RUST_MAX_RECURSION_COUNT)
++ /* FIXME: There ought to be a way to report
++ that the recursion limit has been reached. */
++ goto fail_return;
++ }
++
+ if (eat (rdm, 'B'))
+ {
+ backref = parse_integer_62 (rdm);
+@@ -1158,7 +1167,7 @@ demangle_const (struct rust_demangler *rdm)
+ demangle_const (rdm);
+ rdm->next = old_next;
+ }
+- return;
++ goto pass_return;
+ }
+
+ ty_tag = next (rdm);
+@@ -1167,7 +1176,7 @@ demangle_const (struct rust_demangler *rdm)
+ /* Placeholder. */
+ case 'p':
+ PRINT ("_");
+- return;
++ goto pass_return;
+
+ /* Unsigned integer types. */
+ case 'h':
+@@ -1200,18 +1209,20 @@ demangle_const (struct rust_demangler *rdm)
+ break;
+
+ default:
+- rdm->errored = 1;
+- return;
++ goto fail_return;
+ }
+
+- if (rdm->errored)
+- return;
+-
+- if (rdm->verbose)
++ if (!rdm->errored && rdm->verbose)
+ {
+ PRINT (": ");
+ PRINT (basic_type (ty_tag));
+ }
++
++ fail_return:
++ rdm->errored = 1;
++ pass_return:
++ if (rdm->recursion != RUST_NO_RECURSION_LIMIT)
++ -- rdm->recursion;
+ }
+
+ static void
+--
+2.31.1
+
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 15/15] gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
` (13 preceding siblings ...)
2022-07-27 0:40 ` [OE-core][kirkstone 14/15] gcc: Backport a fix for gcc bug 105039 Steve Sakoman
@ 2022-07-27 0:40 ` Steve Sakoman
2022-08-01 14:31 ` Jon Mason
14 siblings, 1 reply; 30+ messages in thread
From: Steve Sakoman @ 2022-07-27 0:40 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
This is a dummy shared object therefore reduce dependencies further by
not requiring the C startup files, we wont use this shared library for
anything useful anyway
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-runtime.inc | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc
index c85b5888d4..8074bf1025 100644
--- a/meta/recipes-devtools/gcc/gcc-runtime.inc
+++ b/meta/recipes-devtools/gcc/gcc-runtime.inc
@@ -68,8 +68,7 @@ do_configure () {
# libstdc++ isn't built yet so CXX would error not able to find it which breaks stdc++'s configure
# tests. Create a dummy empty lib for the purposes of configure.
mkdir -p ${WORKDIR}/dummylib
- touch ${WORKDIR}/dummylib/dummylib.c
- ${CC} ${WORKDIR}/dummylib/dummylib.c -shared -o ${WORKDIR}/dummylib/libstdc++.so
+ ${CC} -x c /dev/null -nostartfiles -shared -o ${WORKDIR}/dummylib/libstdc++.so
for d in libgcc ${RUNTIMETARGET}; do
echo "Configuring $d"
rm -rf ${B}/${TARGET_SYS}/$d/
--
2.25.1
^ permalink raw reply related [flat|nested] 30+ messages in thread
* Re: [OE-core][kirkstone 13/15] gobject-introspection-data: Disable cache for g-ir-scanner
2022-07-27 0:40 ` [OE-core][kirkstone 13/15] gobject-introspection-data: Disable cache for g-ir-scanner Steve Sakoman
@ 2022-07-28 17:55 ` Chuck Wolber
2022-07-28 18:37 ` Steve Sakoman
0 siblings, 1 reply; 30+ messages in thread
From: Chuck Wolber @ 2022-07-28 17:55 UTC (permalink / raw)
To: Steve Sakoman; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 6667 bytes --]
FWIW, the gobject-introspection-native recipe was one of the "canaries in
the mine" that reliably caused an image build to die while I was actively
encountering this GCC10 compiler issue in Hardknott:
https://www.mail-archive.com/yocto@lists.yoctoproject.org/msg06163.html
https://lists.yoctoproject.org/g/yocto/message/53971
Upon re-reading my post, I regret that I did not mention this fact. The
production image recipe I was working on at the time did not happen to
involve gobject-introspection-native, so I overlooked it. Our other image
recipes *DID* invoke gobject-introspection-native, but those were not as
immediately important at the time, and I was trying to keep the problem
description as focused as possible.
I do not expect this reply to result in anything materially relevant to the
problem (it still exists, but we use buildtools to get around it) other
than to add more data that may be relevant to someone googling something
similar in the future.
..Ch:W..
On Tue, Jul 26, 2022 at 5:41 PM Steve Sakoman <steve@sakoman.com> wrote:
> From: Tom Hochstein <tom.hochstein@nxp.com>
>
> An intermittent failure occurs in libical-native do_compile:
>
> | Traceback (most recent call last):
> | File
> "/.../build/tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py",
> line 813, in move
> | os.rename(src, real_dst)
> | OSError: [Errno 18] Invalid cross-device link:
> '/tmp/g-ir-scanner-cache-adxo_2bq' ->
> '/home/bamboo/.cache/g-ir-scanner/bab9a83d2cd93e62ed005a2c1d4f89ae75c67251'
> |
> | During handling of the above exception, another exception occurred:
> |
> | Traceback (most recent call last):
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/bin/g-ir-scanner",
> line 99, in <module>
> | sys.exit(scanner_main(sys.argv))
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/scannermain.py",
> line 590, in scanner_main
> | transformer = create_transformer(namespace, options)
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/scannermain.py",
> line 409, in create_transformer
> | transformer.register_include(include_obj)
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py",
> line 140, in register_include
> | self._parse_include(filename)
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py",
> line 230, in _parse_include
> | self._parse_include(dep_filename)
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py",
> line 225, in _parse_include
> | self._cachestore.store(filename, parser)
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/cachestore.py",
> line 153, in store
> | shutil.move(tmp_filename, store_filename)
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py",
> line 833, in move
> | copy_function(src, real_dst)
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py",
> line 435, in copy2
> | copystat(src, dst, follow_symlinks=follow_symlinks)
> | File
> "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py",
> line 374, in copystat
> | lookup("utime")(dst, ns=(st.st_atime_ns, st.st_mtime_ns),
> | FileNotFoundError: [Errno 2] No such file or directory
>
> A similar issue is described in a fix for gobject-introspection-native.
>
>
> https://github.com/openembedded/openembedded-core/commit/d3c48ff7d19e86b2338b1778f9563969bba3d336
>
> The problem was fixed there by setting the environment variable
> GI_SCANNER_DISABLE_CACHE to disable the use of $HOME/.cache.
>
> Extend the fix to users of gobject-instropection by promoting the fix
> to the bbclass.
>
> Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
> (cherry picked from commit 35d5f707f6bb2ce5e9ab908e66e1ea9eeac754b1)
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> meta/classes/gobject-introspection-data.bbclass | 5 +++++
> .../gobject-introspection/gobject-introspection_1.72.0.bb | 3 ---
> 2 files changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/meta/classes/gobject-introspection-data.bbclass
> b/meta/classes/gobject-introspection-data.bbclass
> index 2ef684626a..d90cdb4839 100644
> --- a/meta/classes/gobject-introspection-data.bbclass
> +++ b/meta/classes/gobject-introspection-data.bbclass
> @@ -5,3 +5,8 @@
> # so that qemu use can be avoided when necessary.
> GI_DATA_ENABLED ?= "${@bb.utils.contains('DISTRO_FEATURES',
> 'gobject-introspection-data', \
> bb.utils.contains('MACHINE_FEATURES',
> 'qemu-usermode', 'True', 'False', d), 'False', d)}"
> +
> +do_compile:prepend() {
> + # This prevents g-ir-scanner from writing cache data to $HOME
> + export GI_SCANNER_DISABLE_CACHE=1
> +}
> diff --git a/meta/recipes-gnome/gobject-introspection/
> gobject-introspection_1.72.0.bb
> b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb
> index 355e77d107..9a47e908b7 100644
> --- a/meta/recipes-gnome/gobject-introspection/
> gobject-introspection_1.72.0.bb
> +++ b/meta/recipes-gnome/gobject-introspection/
> gobject-introspection_1.72.0.bb
> @@ -113,9 +113,6 @@ EOF
> }
>
> do_compile:prepend() {
> - # This prevents g-ir-scanner from writing cache data to $HOME
> - export GI_SCANNER_DISABLE_CACHE=1
> -
> # Needed to run g-ir unit tests, which won't be able to find the
> built libraries otherwise
> export GIR_EXTRA_LIBS_PATH=$B/.libs
> }
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#168536):
> https://lists.openembedded.org/g/openembedded-core/message/168536
> Mute This Topic: https://lists.openembedded.org/mt/92640670/894569
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> chuckwolber@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
--
*"Perfection must be reached by degrees; she requires the slow hand of
time." - Voltaire*
[-- Attachment #2: Type: text/html, Size: 9235 bytes --]
^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [OE-core][kirkstone 13/15] gobject-introspection-data: Disable cache for g-ir-scanner
2022-07-28 17:55 ` Chuck Wolber
@ 2022-07-28 18:37 ` Steve Sakoman
2022-07-28 18:52 ` Chuck Wolber
0 siblings, 1 reply; 30+ messages in thread
From: Steve Sakoman @ 2022-07-28 18:37 UTC (permalink / raw)
To: Chuck Wolber; +Cc: OE-core
On Thu, Jul 28, 2022 at 7:55 AM Chuck Wolber <chuckwolber@gmail.com> wrote:
>
> FWIW, the gobject-introspection-native recipe was one of the "canaries in the mine" that reliably caused an image build to die while I was actively encountering this GCC10 compiler issue in Hardknott:
Have you encountered this issue with Kirkstone?
Steve
>
> https://www.mail-archive.com/yocto@lists.yoctoproject.org/msg06163.html
> https://lists.yoctoproject.org/g/yocto/message/53971
>
> Upon re-reading my post, I regret that I did not mention this fact. The production image recipe I was working on at the time did not happen to involve gobject-introspection-native, so I overlooked it. Our other image recipes *DID* invoke gobject-introspection-native, but those were not as immediately important at the time, and I was trying to keep the problem description as focused as possible.
>
> I do not expect this reply to result in anything materially relevant to the problem (it still exists, but we use buildtools to get around it) other than to add more data that may be relevant to someone googling something similar in the future.
>
> ..Ch:W..
>
> On Tue, Jul 26, 2022 at 5:41 PM Steve Sakoman <steve@sakoman.com> wrote:
>>
>> From: Tom Hochstein <tom.hochstein@nxp.com>
>>
>> An intermittent failure occurs in libical-native do_compile:
>>
>> | Traceback (most recent call last):
>> | File "/.../build/tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 813, in move
>> | os.rename(src, real_dst)
>> | OSError: [Errno 18] Invalid cross-device link: '/tmp/g-ir-scanner-cache-adxo_2bq' -> '/home/bamboo/.cache/g-ir-scanner/bab9a83d2cd93e62ed005a2c1d4f89ae75c67251'
>> |
>> | During handling of the above exception, another exception occurred:
>> |
>> | Traceback (most recent call last):
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/pkgconfig/../../../usr/bin/g-ir-scanner", line 99, in <module>
>> | sys.exit(scanner_main(sys.argv))
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/scannermain.py", line 590, in scanner_main
>> | transformer = create_transformer(namespace, options)
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/scannermain.py", line 409, in create_transformer
>> | transformer.register_include(include_obj)
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py", line 140, in register_include
>> | self._parse_include(filename)
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py", line 230, in _parse_include
>> | self._parse_include(dep_filename)
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/transformer.py", line 225, in _parse_include
>> | self._cachestore.store(filename, parser)
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/gobject-introspection/giscanner/cachestore.py", line 153, in store
>> | shutil.move(tmp_filename, store_filename)
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 833, in move
>> | copy_function(src, real_dst)
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 435, in copy2
>> | copystat(src, dst, follow_symlinks=follow_symlinks)
>> | File "/.../tmp/work/x86_64-linux/libical-native/3.0.14-r0/recipe-sysroot-native/usr/lib/python3.10/shutil.py", line 374, in copystat
>> | lookup("utime")(dst, ns=(st.st_atime_ns, st.st_mtime_ns),
>> | FileNotFoundError: [Errno 2] No such file or directory
>>
>> A similar issue is described in a fix for gobject-introspection-native.
>>
>> https://github.com/openembedded/openembedded-core/commit/d3c48ff7d19e86b2338b1778f9563969bba3d336
>>
>> The problem was fixed there by setting the environment variable
>> GI_SCANNER_DISABLE_CACHE to disable the use of $HOME/.cache.
>>
>> Extend the fix to users of gobject-instropection by promoting the fix
>> to the bbclass.
>>
>> Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
>> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
>> (cherry picked from commit 35d5f707f6bb2ce5e9ab908e66e1ea9eeac754b1)
>> Signed-off-by: Steve Sakoman <steve@sakoman.com>
>> ---
>> meta/classes/gobject-introspection-data.bbclass | 5 +++++
>> .../gobject-introspection/gobject-introspection_1.72.0.bb | 3 ---
>> 2 files changed, 5 insertions(+), 3 deletions(-)
>>
>> diff --git a/meta/classes/gobject-introspection-data.bbclass b/meta/classes/gobject-introspection-data.bbclass
>> index 2ef684626a..d90cdb4839 100644
>> --- a/meta/classes/gobject-introspection-data.bbclass
>> +++ b/meta/classes/gobject-introspection-data.bbclass
>> @@ -5,3 +5,8 @@
>> # so that qemu use can be avoided when necessary.
>> GI_DATA_ENABLED ?= "${@bb.utils.contains('DISTRO_FEATURES', 'gobject-introspection-data', \
>> bb.utils.contains('MACHINE_FEATURES', 'qemu-usermode', 'True', 'False', d), 'False', d)}"
>> +
>> +do_compile:prepend() {
>> + # This prevents g-ir-scanner from writing cache data to $HOME
>> + export GI_SCANNER_DISABLE_CACHE=1
>> +}
>> diff --git a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb
>> index 355e77d107..9a47e908b7 100644
>> --- a/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb
>> +++ b/meta/recipes-gnome/gobject-introspection/gobject-introspection_1.72.0.bb
>> @@ -113,9 +113,6 @@ EOF
>> }
>>
>> do_compile:prepend() {
>> - # This prevents g-ir-scanner from writing cache data to $HOME
>> - export GI_SCANNER_DISABLE_CACHE=1
>> -
>> # Needed to run g-ir unit tests, which won't be able to find the built libraries otherwise
>> export GIR_EXTRA_LIBS_PATH=$B/.libs
>> }
>> --
>> 2.25.1
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#168536): https://lists.openembedded.org/g/openembedded-core/message/168536
>> Mute This Topic: https://lists.openembedded.org/mt/92640670/894569
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [chuckwolber@gmail.com]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
>
>
> --
> "Perfection must be reached by degrees; she requires the slow hand of time." - Voltaire
^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [OE-core][kirkstone 13/15] gobject-introspection-data: Disable cache for g-ir-scanner
2022-07-28 18:37 ` Steve Sakoman
@ 2022-07-28 18:52 ` Chuck Wolber
0 siblings, 0 replies; 30+ messages in thread
From: Chuck Wolber @ 2022-07-28 18:52 UTC (permalink / raw)
To: Steve Sakoman; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 1044 bytes --]
On Thu, Jul 28, 2022 at 11:37 AM Steve Sakoman <steve@sakoman.com> wrote:
> On Thu, Jul 28, 2022 at 7:55 AM Chuck Wolber <chuckwolber@gmail.com>
> wrote:
> >
> > FWIW, the gobject-introspection-native recipe was one of the "canaries
> in the mine" that reliably caused an image build to die while I was
> actively encountering this GCC10 compiler issue in Hardknott:
>
> Have you encountered this issue with Kirkstone?
>
We have not tried yet. We are debating the Hardknott to Kirkstone upgrade
question right now.
Our build is complex and 2.6 (Thud) -> 3.3 (Hardknott) took two months of
very intensive work and then six months of stabilization. Granted python2
-> python3 was part of that, so a big chunk of the stabilization damage was
self-inflicted. I do not expect anything as major for Hardknott ->
Kirkstone, but I am also not naïve either - all blockpoint upgrades are
painful in their own way...
..Ch:W..
--
*"Perfection must be reached by degrees; she requires the slow hand of
time." - Voltaire*
[-- Attachment #2: Type: text/html, Size: 1651 bytes --]
^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [OE-core][kirkstone 15/15] gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so
2022-07-27 0:40 ` [OE-core][kirkstone 15/15] gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so Steve Sakoman
@ 2022-08-01 14:31 ` Jon Mason
2022-08-01 14:38 ` Steve Sakoman
0 siblings, 1 reply; 30+ messages in thread
From: Jon Mason @ 2022-08-01 14:31 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core
Can we get this patch in ASAP? meta-zephyr (and layers that use it)
have been broken for weeks now in kirkstone, and I can confirm that
this patch fixes the issue.
Thanks,
Jon
On Tue, Jul 26, 2022 at 8:41 PM Steve Sakoman <steve@sakoman.com> wrote:
>
> From: Khem Raj <raj.khem@gmail.com>
>
> This is a dummy shared object therefore reduce dependencies further by
> not requiring the C startup files, we wont use this shared library for
> anything useful anyway
>
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
> Signed-off-by: Steve Sakoman <steve@sakoman.com>
> ---
> meta/recipes-devtools/gcc/gcc-runtime.inc | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc
> index c85b5888d4..8074bf1025 100644
> --- a/meta/recipes-devtools/gcc/gcc-runtime.inc
> +++ b/meta/recipes-devtools/gcc/gcc-runtime.inc
> @@ -68,8 +68,7 @@ do_configure () {
> # libstdc++ isn't built yet so CXX would error not able to find it which breaks stdc++'s configure
> # tests. Create a dummy empty lib for the purposes of configure.
> mkdir -p ${WORKDIR}/dummylib
> - touch ${WORKDIR}/dummylib/dummylib.c
> - ${CC} ${WORKDIR}/dummylib/dummylib.c -shared -o ${WORKDIR}/dummylib/libstdc++.so
> + ${CC} -x c /dev/null -nostartfiles -shared -o ${WORKDIR}/dummylib/libstdc++.so
> for d in libgcc ${RUNTIMETARGET}; do
> echo "Configuring $d"
> rm -rf ${B}/${TARGET_SYS}/$d/
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#168538): https://lists.openembedded.org/g/openembedded-core/message/168538
> Mute This Topic: https://lists.openembedded.org/mt/92640672/3616920
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [jdmason@kudzu.us]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 30+ messages in thread
* Re: [OE-core][kirkstone 15/15] gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so
2022-08-01 14:31 ` Jon Mason
@ 2022-08-01 14:38 ` Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2022-08-01 14:38 UTC (permalink / raw)
To: Jon Mason; +Cc: openembedded-core, Richard Purdie
On Mon, Aug 1, 2022 at 4:31 AM Jon Mason <jdmason@kudzu.us> wrote:
>
> Can we get this patch in ASAP? meta-zephyr (and layers that use it)
> have been broken for weeks now in kirkstone, and I can confirm that
> this patch fixes the issue.
Pull request for this series was sent last Thursday. IIRC Richard was
out of the office over the extended weekend, so perhaps he will get to
it today.
Steve
> On Tue, Jul 26, 2022 at 8:41 PM Steve Sakoman <steve@sakoman.com> wrote:
> >
> > From: Khem Raj <raj.khem@gmail.com>
> >
> > This is a dummy shared object therefore reduce dependencies further by
> > not requiring the C startup files, we wont use this shared library for
> > anything useful anyway
> >
> > Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
> > Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
> > Signed-off-by: Steve Sakoman <steve@sakoman.com>
> > ---
> > meta/recipes-devtools/gcc/gcc-runtime.inc | 3 +--
> > 1 file changed, 1 insertion(+), 2 deletions(-)
> >
> > diff --git a/meta/recipes-devtools/gcc/gcc-runtime.inc b/meta/recipes-devtools/gcc/gcc-runtime.inc
> > index c85b5888d4..8074bf1025 100644
> > --- a/meta/recipes-devtools/gcc/gcc-runtime.inc
> > +++ b/meta/recipes-devtools/gcc/gcc-runtime.inc
> > @@ -68,8 +68,7 @@ do_configure () {
> > # libstdc++ isn't built yet so CXX would error not able to find it which breaks stdc++'s configure
> > # tests. Create a dummy empty lib for the purposes of configure.
> > mkdir -p ${WORKDIR}/dummylib
> > - touch ${WORKDIR}/dummylib/dummylib.c
> > - ${CC} ${WORKDIR}/dummylib/dummylib.c -shared -o ${WORKDIR}/dummylib/libstdc++.so
> > + ${CC} -x c /dev/null -nostartfiles -shared -o ${WORKDIR}/dummylib/libstdc++.so
> > for d in libgcc ${RUNTIMETARGET}; do
> > echo "Configuring $d"
> > rm -rf ${B}/${TARGET_SYS}/$d/
> > --
> > 2.25.1
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#168538): https://lists.openembedded.org/g/openembedded-core/message/168538
> > Mute This Topic: https://lists.openembedded.org/mt/92640672/3616920
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [jdmason@kudzu.us]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2023-05-06 15:24 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2023-05-06 15:24 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5269
The following changes since commit 2d67702bdfc64358d364dd6484ae41842ee7c52f:
glibc: stable 2.35 branch updates. (2023-04-28 03:55:33 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Arturo Buzarra (1):
run-postinsts: Set dependency for ldconfig to avoid boot issues
Deepthi Hemraj (4):
binutils : Fix CVE-2023-25584
binutils : Fix CVE-2023-25585
binutils : Fix CVE-2023-1972
binutils : Fix CVE-2023-25588
Hitendra Prajapati (1):
connman: fix CVE-2023-28488 DoS in client.c
Kai Kang (1):
webkitgtk: fix CVE-2022-32888 & CVE-2022-32923
Narpat Mali (2):
ffmpeg: fix for CVE-2022-48434
python3-cryptography: fix for CVE-2023-23931
Randolph Sapp (2):
wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
kernel-devicetree: allow specification of dtb directory
Ranjitsinh Rathod (1):
libbsd: Add correct license for all packages
Shubham Kulkarni (1):
go: Security fix for CVE-2023-24538
Vivek Kumbhar (2):
freetype: fix CVE-2023-2004 integer overflowin in
tt_hvadvance_adjust() in src/truetype/ttgxvar.c
go: fix CVE-2023-24534 denial of service from excessive memory
allocation
meta/classes/kernel-devicetree.bbclass | 22 +-
meta/classes/kernel.bbclass | 2 +
.../connman/connman/CVE-2023-28488.patch | 60 ++
.../connman/connman_1.41.bb | 1 +
.../binutils/binutils-2.38.inc | 6 +
.../binutils/0022-CVE-2023-25584-1.patch | 56 ++
.../binutils/0022-CVE-2023-25584-2.patch | 38 ++
.../binutils/0022-CVE-2023-25584-3.patch | 534 ++++++++++++++++++
.../binutils/0023-CVE-2023-25585.patch | 54 ++
.../binutils/0025-CVE-2023-25588.patch | 147 +++++
.../binutils/0026-CVE-2023-1972.patch | 41 ++
meta/recipes-devtools/go/go-1.17.13.inc | 2 +
.../go/go-1.18/CVE-2023-24534.patch | 200 +++++++
.../go/go-1.18/CVE-2023-24538.patch | 208 +++++++
.../python3-cryptography/CVE-2023-23931.patch | 49 ++
.../python/python3-cryptography_36.0.2.bb | 1 +
.../run-postinsts/run-postinsts.service | 2 +-
.../freetype/freetype/CVE-2023-2004.patch | 41 ++
.../freetype/freetype_2.11.1.bb | 1 +
.../ffmpeg/ffmpeg/CVE-2022-48434.patch | 130 +++++
.../recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 3 +-
.../webkit/webkitgtk/CVE-2022-32888.patch | 41 ++
.../webkit/webkitgtk/CVE-2022-32923.patch | 435 ++++++++++++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 2 +
meta/recipes-support/libbsd/libbsd_0.11.5.bb | 7 +
scripts/lib/wic/plugins/source/bootimg-efi.py | 7 +
26 files changed, 2083 insertions(+), 7 deletions(-)
create mode 100644 meta/recipes-connectivity/connman/connman/CVE-2023-28488.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-1.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-2.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0022-CVE-2023-25584-3.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0023-CVE-2023-25585.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0025-CVE-2023-25588.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0026-CVE-2023-1972.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24534.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24538.patch
create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2023-23931.patch
create mode 100644 meta/recipes-graphics/freetype/freetype/CVE-2023-2004.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2022-48434.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32888.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-32923.patch
--
2.34.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2023-05-09 22:32 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2023-05-09 22:32 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5285
The following changes since commit 5fca673d8fe0ee97dc37ed2c9941696842cd667a:
run-postinsts: Set dependency for ldconfig to avoid boot issues (2023-05-08 04:15:11 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (2):
git: fix CVE-2023-29007
git: fix CVE-2023-25652
Bruce Ashfield (1):
kernel: improve initramfs bundle processing time
Dmitry Baryshkov (1):
linux-firmware: upgrade 20230210 -> 20230404
Martin Jansa (1):
populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO
override
Peter Bergin (1):
update-alternatives.bbclass: fix old override syntax
Peter Marko (1):
libxml2: patch CVE-2023-28484 and CVE-2023-29469
Piotr Łobacz (1):
libarchive: Enable acls, xattr for native as well as target
Steve Sakoman (1):
Revert "xserver-xorg: backport fix for CVE-2023-1393"
Thomas Roos (1):
oeqa/utils/metadata.py: Fix running oe-selftest running with no distro
set
Wang Mingyu (2):
wpebackend-fdo: upgrade 1.14.0 -> 1.14.2
xserver-xorg: upgrade 21.1.7 -> 21.1.8
Yoann Congal (1):
linux-yocto: Exclude 121 CVEs already fixed upstream
Zhixiong Chi (1):
libpam: Fix the xtests/tst-pam_motd[1|3] failures
bkylerussell@gmail.com (1):
kernel-devsrc: depend on python3-core instead of python3
meta/classes/kernel.bbclass | 2 +-
meta/classes/populate_sdk_ext.bbclass | 3 +-
meta/classes/update-alternatives.bbclass | 4 +-
meta/lib/oeqa/utils/metadata.py | 6 +-
.../libxml/libxml2/CVE-2023-28484.patch | 79 ++
.../libxml/libxml2/CVE-2023-29469.patch | 42 +
meta/recipes-core/libxml/libxml2_2.9.14.bb | 2 +
.../git/git/CVE-2023-25652.patch | 94 ++
.../git/git/CVE-2023-29007.patch | 162 ++++
meta/recipes-devtools/git/git_2.35.7.bb | 2 +
.../libarchive/libarchive_3.6.2.bb | 6 +-
...rely-on-all-filesystems-providing-a-.patch | 108 +++
meta/recipes-extended/pam/libpam_1.5.2.bb | 1 +
...posite-Fix-use-after-free-of-the-COW.patch | 46 -
...-xorg_21.1.7.bb => xserver-xorg_21.1.8.bb} | 5 +-
...20230210.bb => linux-firmware_20230404.bb} | 6 +-
meta/recipes-kernel/linux/cve-exclusion.inc | 875 ++++++++++++++++++
meta/recipes-kernel/linux/kernel-devsrc.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto.inc | 3 +
...fdo_1.14.0.bb => wpebackend-fdo_1.14.2.bb} | 2 +-
20 files changed, 1384 insertions(+), 66 deletions(-)
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-28484.patch
create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2023-29469.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2023-25652.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2023-29007.patch
create mode 100644 meta/recipes-extended/pam/libpam/0001-pam_motd-do-not-rely-on-all-filesystems-providing-a-.patch
delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-composite-Fix-use-after-free-of-the-COW.patch
rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.7.bb => xserver-xorg_21.1.8.bb} (80%)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230210.bb => linux-firmware_20230404.bb} (99%)
create mode 100644 meta/recipes-kernel/linux/cve-exclusion.inc
rename meta/recipes-sato/webkit/{wpebackend-fdo_1.14.0.bb => wpebackend-fdo_1.14.2.bb} (90%)
--
2.34.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2023-12-08 2:33 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2023-12-08 2:33 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Monday, December 11
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6300
The following changes since commit 11da43b58e19583a9bc16044309610cfb2e86469:
systemtap_git: fix used uninitialized error (2023-11-28 05:11:52 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (3):
linux-yocto/5.10: update to v5.10.198
linux-yocto/5.10: update to v5.10.200
linux-yocto/5.10: update to v5.10.202
Lee Chee Yang (1):
xwayland: fix CVE-2023-5367
Narpat Mali (1):
python3-cryptography: fix CVE-2023-49083
Niko Mauno (1):
rust-llvm: Allow overriding LLVM target archs
Richard Purdie (5):
rust-common: Set llvm-target correctly for cross SDK targets
rust-cross-canadian: Fix ordering of target json config generation
rust-cross/rust-common: Merge arm target handling code to fix
cross-canadian
rust-cross: Simplfy the rust_gen_target calls
native: Clear TUNE_FEATURES/ABIEXTENSION
Steve Sakoman (1):
cve-exclusion_5.10.inc: update for 5.10.202
Tim Orling (1):
vim: upgrade 9.0.2068 -> 9.0.2130
Vivek Kumbhar (1):
libsndfile: fix CVE-2022-33065 Signed integer overflow in src/mat4.c
Wenlin Kang (1):
bash: changes to SIGINT handler while waiting for a child
meta/classes/native.bbclass | 2 +
.../python3-cryptography/CVE-2023-49083.patch | 53 ++++
.../python/python3-cryptography_36.0.2.bb | 1 +
meta/recipes-devtools/rust/rust-common.inc | 24 +-
.../rust/rust-cross-canadian-common.inc | 5 +-
meta/recipes-devtools/rust/rust-cross.inc | 21 +-
meta/recipes-devtools/rust/rust-llvm.inc | 4 +-
...T-handler-while-waiting-for-a-child-.patch | 229 ++++++++++++++++++
meta/recipes-extended/bash/bash_5.1.16.bb | 1 +
.../xwayland/xwayland/CVE-2023-5367.patch | 85 +++++++
.../xwayland/xwayland_22.1.8.bb | 4 +-
.../linux/cve-exclusion_5.10.inc | 92 +++++--
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +-
.../libsndfile1/CVE-2022-33065.patch | 46 ++++
.../libsndfile/libsndfile1_1.0.31.bb | 1 +
meta/recipes-support/vim/vim.inc | 4 +-
18 files changed, 542 insertions(+), 68 deletions(-)
create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2023-49083.patch
create mode 100644 meta/recipes-extended/bash/bash/0001-changes-to-SIGINT-handler-while-waiting-for-a-child-.patch
create mode 100644 meta/recipes-graphics/xwayland/xwayland/CVE-2023-5367.patch
create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2022-33065.patch
--
2.34.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2024-03-20 16:09 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2024-03-20 16:09 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Friday, March 22
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6699
The following changes since commit 2501534c9581c6c3439f525d630be11554a57d24:
build-appliance-image: Update to kirkstone head revision (2024-03-13 07:39:46 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alex Kiernan (1):
wireless-regdb: Upgrade 2023.09.01 -> 2024.01.23
Alexander Kanavin (1):
linux-firmware: upgrade 20231211 -> 20240220
Haitao Liu (1):
glibc: Fix subscript typos for get_nscd_addresses
Martin Jansa (1):
stress-ng: avoid calling sync during do_compile
Meenali Gupta (1):
expat: fix CVE-2023-52426
Michael Halstead (1):
yocto-uninative: Update to 4.4 for glibc 2.39
Peter Marko (1):
expat: patch CVE-2024-28757
Vijay Anusuri (1):
python3-cryptography: Backport fix for CVE-2024-26130
Wang Mingyu (1):
wireless-regdb: upgrade 2023.05.03 -> 2023.09.01
Yoann Congal (6):
cve-update-nvd2-native: Fix typo in comment
cve-update-nvd2-native: Add an age threshold for incremental update
cve-update-nvd2-native: Remove duplicated CVE_CHECK_DB_FILE definition
cve-update-nvd2-native: nvd_request_next: Improve comment
cve-update-nvd2-native: Fix CVE configuration update
cve-update-nvd2-native: Remove rejected CVE from database
meta/conf/distro/include/yocto-uninative.inc | 10 +-
.../expat/expat/CVE-2023-52426-001.patch | 35 ++
.../expat/expat/CVE-2023-52426-002.patch | 72 +++
.../expat/expat/CVE-2023-52426-003.patch | 28 ++
.../expat/expat/CVE-2023-52426-004.patch | 429 ++++++++++++++++++
.../expat/expat/CVE-2023-52426-005.patch | 34 ++
.../expat/expat/CVE-2023-52426-006.patch | 174 +++++++
.../expat/expat/CVE-2023-52426-007.patch | 53 +++
.../expat/expat/CVE-2023-52426-008.patch | 37 ++
.../expat/expat/CVE-2023-52426-009.patch | 354 +++++++++++++++
.../expat/expat/CVE-2023-52426-010.patch | 50 ++
.../expat/expat/CVE-2023-52426-011.patch | 45 ++
.../expat/expat/CVE-2024-28757.patch | 58 +++
meta/recipes-core/expat/expat_2.5.0.bb | 12 +
...dresses-Fix-subscript-typos-BZ-29605.patch | 40 ++
meta/recipes-core/glibc/glibc_2.35.bb | 1 +
.../meta/cve-update-nvd2-native.bb | 35 +-
.../python3-cryptography/CVE-2024-26130.patch | 66 +++
.../python/python3-cryptography_36.0.2.bb | 1 +
.../0001-Makefile-avoid-calling-sync.patch | 35 ++
.../stress-ng/stress-ng_0.13.12.bb | 1 +
...20231211.bb => linux-firmware_20240220.bb} | 6 +-
....05.03.bb => wireless-regdb_2024.01.23.bb} | 4 +-
23 files changed, 1562 insertions(+), 18 deletions(-)
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-001.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-002.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-003.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-004.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-005.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-006.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-007.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-008.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-009.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-010.patch
create mode 100644 meta/recipes-core/expat/expat/CVE-2023-52426-011.patch
create mode 100755 meta/recipes-core/expat/expat/CVE-2024-28757.patch
create mode 100644 meta/recipes-core/glibc/glibc/0002-get_nscd_addresses-Fix-subscript-typos-BZ-29605.patch
create mode 100644 meta/recipes-devtools/python/python3-cryptography/CVE-2024-26130.patch
create mode 100644 meta/recipes-extended/stress-ng/stress-ng-0.13.12/0001-Makefile-avoid-calling-sync.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20231211.bb => linux-firmware_20240220.bb} (99%)
rename meta/recipes-kernel/wireless-regdb/{wireless-regdb_2023.05.03.bb => wireless-regdb_2024.01.23.bb} (88%)
--
2.34.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2024-09-23 13:13 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2024-09-23 13:13 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Tuesday, September 24
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/7353
The following changes since commit 88630352d6d1cfee06787fa84b73ca8ad335cb08:
libedit: Make docs generation deterministic (2024-09-11 05:03:48 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Colin McAllister (2):
busybox: Fix cut with "-s" flag
udev-extraconf: Add collect flag to mount
Divya Chellam (1):
python3: Upgrade 3.10.14 -> 3.10.15
Konrad Weihmann (3):
runqemu: keep generating tap devices
testimage: fallback for empty IMAGE_LINK_NAME
testexport: fallback for empty IMAGE_LINK_NAME
Michael Halstead (2):
yocto-uninative: Update to 4.5 for gcc 14
yocto-uninative: Update to 4.6 for glibc 2.40
Pedro Ferreira (2):
buildhistory: Fix intermittent package file list creation
buildhistory: Restoring files from preserve list
Richard Purdie (1):
buildhistory: Simplify intercept call sites and drop
SSTATEPOSTINSTFUNC usage
Rohini Sangam (1):
cups: Security fix for CVE-2024-35235
Ross Burton (1):
lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex
Vijay Anusuri (1):
libpcap: Security fix for CVE-2023-7256 & CVE-2024-8006
Vivek Kumbhar (1):
webkitgtk: Security fix CVE-2024-40779
meta/classes/buildhistory.bbclass | 71 ++-
meta/classes/sstate.bbclass | 5 +-
meta/classes/testexport.bbclass | 2 +-
meta/classes/testimage.bbclass | 4 +-
meta/conf/distro/include/yocto-uninative.inc | 10 +-
meta/lib/oeqa/selftest/cases/runcmd.py | 4 +-
.../libpcap/libpcap/CVE-2023-7256-pre1.patch | 99 ++++
.../libpcap/libpcap/CVE-2023-7256-pre2.patch | 131 +++++
.../libpcap/libpcap/CVE-2023-7256-pre3.patch | 67 +++
.../libpcap/libpcap/CVE-2023-7256-pre4.patch | 37 ++
.../libpcap/libpcap/CVE-2023-7256.patch | 368 +++++++++++++
.../libpcap/libpcap/CVE-2024-8006.patch | 42 ++
.../libpcap/libpcap_1.10.1.bb | 10 +-
...1-cut-Fix-s-flag-to-omit-blank-lines.patch | 66 +++
meta/recipes-core/busybox/busybox_1.35.0.bb | 1 +
.../recipes-core/udev/udev-extraconf/mount.sh | 2 +-
.../python/python3/CVE-2023-27043.patch | 510 ------------------
.../python/python3/CVE-2024-6232.patch | 251 ---------
.../python/python3/CVE-2024-7592.patch | 140 -----
.../python/python3/CVE-2024-8088.patch | 124 -----
...{python3_3.10.14.bb => python3_3.10.15.bb} | 6 +-
meta/recipes-extended/cups/cups.inc | 1 +
.../cups/cups/CVE-2024-35235.patch | 121 +++++
.../webkit/webkitgtk/CVE-2024-40779.patch | 91 ++++
meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 +
scripts/runqemu | 24 +-
26 files changed, 1109 insertions(+), 1079 deletions(-)
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre1.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre2.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre3.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256-pre4.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2023-7256.patch
create mode 100644 meta/recipes-connectivity/libpcap/libpcap/CVE-2024-8006.patch
create mode 100644 meta/recipes-core/busybox/busybox/0001-cut-Fix-s-flag-to-omit-blank-lines.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2023-27043.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-6232.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-7592.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2024-8088.patch
rename meta/recipes-devtools/python/{python3_3.10.14.bb => python3_3.10.15.bb} (98%)
create mode 100644 meta/recipes-extended/cups/cups/CVE-2024-35235.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2024-40779.patch
--
2.34.1
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2025-02-27 17:39 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2025-02-27 17:39 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Monday, March 3
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1094
The following changes since commit 73b5570a16708d1e749b1ec525299d10557cbf56:
vim: Upgrade 9.1.0764 -> 9.1.1043 (2025-02-24 06:54:05 -0800)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Guocai He (2):
tzcode: Update SRC_URI
xz: Update SRC_URI
Jiaying Song (1):
boost: fix do_fetch error
Libo Chen (1):
virglrenderer: fix do_fetch error
Moritz Haase (1):
meta: Enable '-o pipefail' for the SDK installer
Narpat Mali (1):
systemd: upgrade 250.5 -> 250.14
Vijay Anusuri (9):
xserver-xorg: Fix for CVE-2025-26594
xserver-xorg: Fix for CVE-2025-26595
xserver-xorg: Fix for CVE-2025-26596
xserver-xorg: Fix for CVE-2025-26597
xserver-xorg: Fix for CVE-2025-26598
xserver-xorg: Fix for CVE-2025-26599
xserver-xorg: Fix for CVE-2025-26600
xserver-xorg: Fix for CVE-2025-26601
bind: Upgrade 9.18.28 -> 9.18.33
meta/files/toolchain-shar-extract.sh | 5 +
.../bind/{bind_9.18.28.bb => bind_9.18.33.bb} | 2 +-
...d-boot_250.5.bb => systemd-boot_250.14.bb} | 0
meta/recipes-core/systemd/systemd.inc | 2 +-
.../0001-Adjust-for-musl-headers.patch | 20 +-
...sysctl.d-binfmt.d-modules-load.d-to-.patch | 18 +-
...1-core-fix-build-when-seccomp-is-off.patch | 41 ++
...ass-correct-parameters-to-getdents64.patch | 49 ++-
...w-json_variant_dump-to-return-an-err.patch | 60 ---
.../0002-Add-sys-stat.h-for-S_IFDIR.patch | 6 +-
...3-missing_type.h-add-comparison_fn_t.patch | 6 +-
...k-parse_printf_format-implementation.patch | 6 +-
...missing.h-check-for-missing-strndupa.patch | 62 ++-
...OB_BRACE-and-GLOB_ALTDIRFUNC-is-not-.patch | 8 +-
...008-add-missing-FTW_-macros-for-musl.patch | 4 +-
..._register_atfork-for-non-glibc-build.patch | 6 +-
...10-Use-uintmax_t-for-handling-rlim_t.patch | 6 +-
...sable-tests-for-missing-typedefs-in-.patch | 2 +-
...T_SYMLINK_NOFOLLOW-flag-to-faccessat.patch | 4 +-
...patible-basename-for-non-glibc-syste.patch | 2 +-
...uffering-when-writing-to-oom_score_a.patch | 6 +-
...compliant-strerror_r-from-GNU-specif.patch | 2 +-
...definition-of-prctl_mm_map-structure.patch | 2 +-
.../0021-test-json.c-define-M_PIl.patch | 4 +-
...-not-disable-buffer-in-writing-files.patch | 38 +-
.../0025-Handle-__cpu_mask-usage.patch | 2 +-
.../systemd/0026-Handle-missing-gshadow.patch | 4 +-
...l.h-Define-MIPS-ABI-defines-for-musl.patch | 4 +-
.../systemd/systemd/CVE-2022-3821.patch | 45 --
.../systemd/systemd/CVE-2022-4415-1.patch | 109 -----
.../systemd/systemd/CVE-2022-4415-2.patch | 391 ------------------
.../systemd/systemd/CVE-2022-45873.patch | 124 ------
.../systemd/systemd/CVE-2023-7008.patch | 40 --
.../{systemd_250.5.bb => systemd_250.14.bb} | 7 +-
meta/recipes-extended/timezone/timezone.inc | 8 +-
meta/recipes-extended/xz/xz_5.2.6.bb | 2 +-
.../virglrenderer/virglrenderer_0.9.1.bb | 2 +-
.../xserver-xorg/CVE-2025-26594-1.patch | 54 +++
.../xserver-xorg/CVE-2025-26594-2.patch | 51 +++
.../xserver-xorg/CVE-2025-26595.patch | 65 +++
.../xserver-xorg/CVE-2025-26596.patch | 49 +++
.../xserver-xorg/CVE-2025-26597.patch | 46 +++
.../xserver-xorg/CVE-2025-26598.patch | 120 ++++++
.../xserver-xorg/CVE-2025-26599-1.patch | 66 +++
.../xserver-xorg/CVE-2025-26599-2.patch | 129 ++++++
.../xserver-xorg/CVE-2025-26600.patch | 68 +++
.../xserver-xorg/CVE-2025-26601-1.patch | 71 ++++
.../xserver-xorg/CVE-2025-26601-2.patch | 85 ++++
.../xserver-xorg/CVE-2025-26601-3.patch | 52 +++
.../xserver-xorg/CVE-2025-26601-4.patch | 132 ++++++
.../xorg-xserver/xserver-xorg_21.1.8.bb | 13 +
meta/recipes-support/boost/boost-1.78.0.inc | 2 +-
52 files changed, 1201 insertions(+), 901 deletions(-)
rename meta/recipes-connectivity/bind/{bind_9.18.28.bb => bind_9.18.33.bb} (97%)
rename meta/recipes-core/systemd/{systemd-boot_250.5.bb => systemd-boot_250.14.bb} (100%)
create mode 100644 meta/recipes-core/systemd/systemd/0001-core-fix-build-when-seccomp-is-off.patch
delete mode 100644 meta/recipes-core/systemd/systemd/0001-shared-json-allow-json_variant_dump-to-return-an-err.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-3821.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-4415-1.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-4415-2.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
delete mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-7008.patch
rename meta/recipes-core/systemd/{systemd_250.5.bb => systemd_250.14.bb} (99%)
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26594-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26595.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26596.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26597.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26598.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26599-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26600.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-1.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-2.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-3.patch
create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2025-26601-4.patch
--
2.43.0
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2025-05-13 19:07 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2025-05-13 19:07 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Thursday, May 15
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1582
The following changes since commit 00f7a2f60dd6de95a1a47fa642978613ce76dc56:
glibc: Add single-threaded fast path to rand() (2025-05-09 09:01:16 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Aleksandar Nikolic (1):
scripts/install-buildtools: Update to 4.0.26
Alexander Kanavin (1):
perl: enable _GNU_SOURCE define via d_gnulibc
Alon Bar-Lev (1):
module.bbclass: add KBUILD_EXTRA_SYMBOLS to install
Deepesh Varatharajan (1):
glibc: stable 2.35 branch updates
Peter Marko (1):
perl: patch CVE-2024-56406
Vijay Anusuri (10):
libsoup-2.4: Update fix CVE-2024-52532
libsoup-2.4: Fix CVE-2025-32906
libsoup-2.4: Fix CVE-2025-32909
libsoup: update fix CVE-2024-52532
libsoup: Fix CVE-2025-32906
libsoup: Fix CVE-2025-32909
libsoup: Fix CVE-2025-32910
libsoup: Fix CVE-2025-32911 & CVE-2025-32913
libsoup: Fix CVE-2025-32912
libsoup: Fix CVE-2025-32914
meta/classes/module.bbclass | 1 +
meta/recipes-core/glibc/glibc-version.inc | 2 +-
...4-56406-Heap-buffer-overflow-with-tr.patch | 30 ++++
meta/recipes-devtools/perl/perl_5.34.3.bb | 2 +
.../libsoup-2.4/CVE-2024-52532-3.patch | 46 ++++++
.../libsoup-2.4/CVE-2025-32906-1.patch | 61 +++++++
.../libsoup-2.4/CVE-2025-32906-2.patch | 83 ++++++++++
.../libsoup/libsoup-2.4/CVE-2025-32909.patch | 36 +++++
.../libsoup/libsoup-2.4_2.74.2.bb | 4 +
.../libsoup/libsoup/CVE-2024-52532-3.patch | 46 ++++++
.../libsoup/libsoup/CVE-2025-32906-1.patch | 61 +++++++
.../libsoup/libsoup/CVE-2025-32906-2.patch | 83 ++++++++++
.../libsoup/libsoup/CVE-2025-32909.patch | 36 +++++
.../libsoup/libsoup/CVE-2025-32910-1.patch | 98 ++++++++++++
.../libsoup/libsoup/CVE-2025-32910-2.patch | 149 ++++++++++++++++++
.../libsoup/libsoup/CVE-2025-32910-3.patch | 27 ++++
.../CVE-2025-32911_CVE-2025-32913-1.patch | 72 +++++++++
.../CVE-2025-32911_CVE-2025-32913-2.patch | 44 ++++++
.../libsoup/libsoup/CVE-2025-32912-1.patch | 41 +++++
.../libsoup/libsoup/CVE-2025-32912-2.patch | 30 ++++
.../libsoup/libsoup/CVE-2025-32914.patch | 111 +++++++++++++
meta/recipes-support/libsoup/libsoup_3.0.7.bb | 12 ++
scripts/install-buildtools | 4 +-
23 files changed, 1076 insertions(+), 3 deletions(-)
create mode 100644 meta/recipes-devtools/perl/files/0001-CVE-2024-56406-Heap-buffer-overflow-with-tr.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2024-52532-3.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32906-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/CVE-2025-32909.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2024-52532-3.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32906-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32906-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32909.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32910-3.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32911_CVE-2025-32913-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32912-1.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32912-2.patch
create mode 100644 meta/recipes-support/libsoup/libsoup/CVE-2025-32914.patch
--
2.43.0
^ permalink raw reply [flat|nested] 30+ messages in thread
* [OE-core][kirkstone 00/15] Patch review
@ 2025-06-10 19:38 Steve Sakoman
0 siblings, 0 replies; 30+ messages in thread
From: Steve Sakoman @ 2025-06-10 19:38 UTC (permalink / raw)
To: openembedded-core
Please review this set of hcanges for kirkstone and have comments back by
end of day Thursday, June 12
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/valkyrie/#/builders/29/builds/1770
The following changes since commit 415e73d53e5342f3f6ff6acd521ded2df3fbca1f:
nfs-utils: don't use signals to shut down nfs server. (2025-05-29 08:22:59 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (4):
ghostscript: fix CVE-2025-48708
ffmpeg: upgrade 5.0.1 -> 5.0.3
ffmpeg: fix CVE-2025-22919
ffmpeg: fix CVE-2025-22921
Deepesh Varatharajan (1):
binutils: Fix CVE-2025-5244 & CVE-2025-5245
Divya Chellam (2):
screen: fix CVE-2025-46802
screen: fix CVE-2025-46804
Harish Sadineni (1):
binutils: add CVE-2025-1182 patch file to SRC_URI
Hitendra Prajapati (1):
icu: fix CVE-2025-5222
Jiaying Song (1):
taglib: fix CVE-2023-47466
Martin Jansa (1):
kernel.bbclass: add original package name to RPROVIDES for -image and
-base
Peter Marko (1):
python3: upgrade 3.10.16 -> 3.10.18
Vijay Anusuri (3):
libsoup-2.4: Backport auth tests for CVE-2025-32910
python3-setuptools: Fix CVE-2025-47273
git: Fix CVE-2024-50349 and CVE-2024-52006
meta/classes/kernel.bbclass | 3 +-
.../binutils/binutils-2.38.inc | 3 +
.../binutils/0040-CVE-2025-1182.patch | 18 +-
.../binutils/0041-CVE-2025-5244.patch | 25 ++
.../binutils/0042-CVE-2025-5245.patch | 38 +++
.../git/git/CVE-2024-50349-0001.patch | 100 ++++++
.../git/git/CVE-2024-50349-0002.patch | 321 ++++++++++++++++++
.../git/git/CVE-2024-52006.patch | 165 +++++++++
meta/recipes-devtools/git/git_2.35.7.bb | 3 +
.../CVE-2025-47273-pre1.patch | 54 +++
.../python3-setuptools/CVE-2025-47273.patch | 59 ++++
.../python/python3-setuptools_59.5.0.bb | 2 +
...ib-termcap-to-linker-flags-to-avoid-.patch | 2 +-
...hell-version-of-python-config-that-w.patch | 2 +-
...file-do-not-compile-.pyc-in-parallel.patch | 2 +-
...sts-due-to-load-variability-on-YP-AB.patch | 6 +-
...e-treat-overflow-in-UID-GID-as-failu.patch | 2 +-
...asename-to-replace-CC-for-checking-c.patch | 16 +-
...detect-multiarch-paths-when-cross-co.patch | 2 +-
...orlines-skip-due-to-load-variability.patch | 2 +-
...report-missing-dependencies-for-disa.patch | 2 +-
...up.py-do-not-add-a-curses-include-pa.patch | 4 +-
.../python/python3/CVE-2025-0938.patch | 131 -------
.../python3/avoid_warning_about_tkinter.patch | 2 +-
.../python/python3/makerace.patch | 2 +-
...{python3_3.10.16.bb => python3_3.10.18.bb} | 3 +-
.../ghostscript/CVE-2025-48708.patch | 46 +++
.../ghostscript/ghostscript_9.55.0.bb | 1 +
.../screen/screen/CVE-2025-46802.patch | 146 ++++++++
.../screen/screen/CVE-2025-46804.patch | 131 +++++++
meta/recipes-extended/screen/screen_4.9.0.bb | 2 +
.../ffmpeg/ffmpeg/CVE-2024-36613.patch | 18 +-
.../ffmpeg/ffmpeg/CVE-2025-22919.patch | 41 +++
.../ffmpeg/ffmpeg/CVE-2025-22921.patch | 34 ++
.../{ffmpeg_5.0.1.bb => ffmpeg_5.0.3.bb} | 9 +-
.../icu/icu/CVE-2025-5222.patch | 164 +++++++++
meta/recipes-support/icu/icu_70.1.bb | 1 +
...ckport-auth-tests-for-CVE-2025-32910.patch | 76 +++++
.../libsoup/libsoup-2.4_2.74.2.bb | 1 +
.../taglib/files/CVE-2023-47466.patch | 38 +++
meta/recipes-support/taglib/taglib_1.12.bb | 4 +-
41 files changed, 1500 insertions(+), 181 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/0041-CVE-2025-5244.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/0042-CVE-2025-5245.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-50349-0001.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-50349-0002.patch
create mode 100644 meta/recipes-devtools/git/git/CVE-2024-52006.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch
create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch
delete mode 100644 meta/recipes-devtools/python/python3/CVE-2025-0938.patch
rename meta/recipes-devtools/python/{python3_3.10.16.bb => python3_3.10.18.bb} (99%)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2025-48708.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46802.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2025-46804.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22919.patch
create mode 100644 meta/recipes-multimedia/ffmpeg/ffmpeg/CVE-2025-22921.patch
rename meta/recipes-multimedia/ffmpeg/{ffmpeg_5.0.1.bb => ffmpeg_5.0.3.bb} (96%)
create mode 100644 meta/recipes-support/icu/icu/CVE-2025-5222.patch
create mode 100644 meta/recipes-support/libsoup/libsoup-2.4/Backport-auth-tests-for-CVE-2025-32910.patch
create mode 100644 meta/recipes-support/taglib/files/CVE-2023-47466.patch
--
2.43.0
^ permalink raw reply [flat|nested] 30+ messages in thread
end of thread, other threads:[~2025-06-10 19:38 UTC | newest]
Thread overview: 30+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-27 0:40 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 01/15] lua: Backport fix for CVE-2022-33099 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 02/15] tiff: Security fixes CVE-2022-1354 and CVE-2022-1355 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 03/15] dpkg: fix CVE-2022-1664 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 04/15] bind: upgrade 9.18.2 -> 9.18.3 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 05/15] bind: upgrade 9.18.3 -> 9.18.4 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 06/15] gnupg: update 2.3.4 -> 2.3.6 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 07/15] gnupg: upgrade to 2.3.7 to fix CVE-2022-34903 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 08/15] vim: Upgrade 9.0.0021 -> 9.0.0063 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 09/15] go: update v1.17.10 -> v1.17.12 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 10/15] git: upgrade v2.35.3 -> v2.35.4 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 11/15] sstatesig: Include all dependencies in SPDX task signatures Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 12/15] rootfs-postcommands.bbclass: move host-user-contaminated.txt to ${S} Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 13/15] gobject-introspection-data: Disable cache for g-ir-scanner Steve Sakoman
2022-07-28 17:55 ` Chuck Wolber
2022-07-28 18:37 ` Steve Sakoman
2022-07-28 18:52 ` Chuck Wolber
2022-07-27 0:40 ` [OE-core][kirkstone 14/15] gcc: Backport a fix for gcc bug 105039 Steve Sakoman
2022-07-27 0:40 ` [OE-core][kirkstone 15/15] gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so Steve Sakoman
2022-08-01 14:31 ` Jon Mason
2022-08-01 14:38 ` Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-06-10 19:38 [OE-core][kirkstone 00/15] Patch review Steve Sakoman
2025-05-13 19:07 Steve Sakoman
2025-02-27 17:39 Steve Sakoman
2024-09-23 13:13 Steve Sakoman
2024-03-20 16:09 Steve Sakoman
2023-12-08 2:33 Steve Sakoman
2023-05-09 22:32 Steve Sakoman
2023-05-06 15:24 Steve Sakoman
2022-06-19 19:30 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox