[OE-core][kirkstone 00/29] Pull request (cover letter only)

[OE-core][kirkstone 00/29] Pull request (cover letter only)

[Steve Sakoman]

The following changes since commit 2bc86c029fb82ae572f6a89407ccfe332972568c:

  gcc-runtime: Pass -nostartfiles when building dummy libstdc++.so (2022-07-26 05:34:59 -1000)

are available in the Git repository at:

  git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-next
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next

Alex Kiernan (1):
  bind: Remove legacy python3 PACKAGECONFIG code

Alexander Kanavin (14):
  xev: update 1.2.4 -> 1.2.5
  xmodmap: update 1.0.10 -> 1.0.11
  xf86-input-synaptics: update 1.9.1 -> 1.9.2
  encodings: update 1.0.5 -> 1.0.6
  font-util: update 1.3.2 -> 1.3.3
  xserver-xorg: update 21.1.3 -> 21.1.4
  linux-firmware: update 20220610 -> 20220708
  libuv: upgrade 1.44.1 -> 1.44.2
  log4cplus: upgrade 2.0.7 -> 2.0.8
  vala: upgrade 0.56.0 -> 0.56.1
  vala: upgrade 0.56.1 -> 0.56.2
  webkitgtk: upgrade 2.36.3 -> 2.36.4
  xwayland: upgrade 22.1.2 -> 22.1.3
  epiphany: upgrade 42.2 -> 42.3

Hitendra Prajapati (2):
  qemu: CVE-2022-35414 can perform an uninitialized read on the
    translate_fail path, leading to an io_readx or io_writex crash
  libtirpc: CVE-2021-46828 DoS vulnerability with lots of connections

Mihai Lindner (1):
  wic/plugins/rootfs: Fix NameError for 'orig_path'

Ming Liu (1):
  udev-extraconf:mount.sh: fix a umount issue

Richard Purdie (3):
  xorg-app: Tweak handling of compression changes in SRC_URI
  xwayland: upgrade 22.1.1 -> 22.1.2
  base/reproducible: Change Source Date Epoch generation methods

Ross Burton (2):
  oeqa/runtime: add test that the kernel has CONFIG_PREEMPT_RT enabled
  perf: fix reproduciblity in older releases of Linux

Shruthi Ravichandran (1):
  initscripts: run umountnfs as a KILL script

gr embeter (1):
  efivar: fix import functionality

leimaohui (1):
  systemd: Added base_bindir into pkg_postinst:udev-hwdb.

wangmy (2):
  mkfontscale: upgrade 1.2.1 -> 1.2.2
  xdpyinfo: upgrade 1.3.2 -> 1.3.3

 meta/classes/base.bbclass                     |   1 +
 meta/lib/oe/reproducible.py                   |   1 -
 meta/lib/oeqa/runtime/cases/rt.py             |  17 ++
 .../0001-Fix-invalid-free-in-main.patch       |  30 ++++
 meta/recipes-bsp/efivar/efivar_38.bb          |   1 +
 meta/recipes-connectivity/bind/bind_9.18.4.bb |  13 --
 .../{libuv_1.44.1.bb => libuv_1.44.2.bb}      |   2 +-
 .../initscripts/initscripts_1.0.bb            |   2 +-
 meta/recipes-core/systemd/systemd_250.5.bb    |   2 +-
 .../recipes-core/udev/udev-extraconf/mount.sh |   2 +-
 ...{log4cplus_2.0.7.bb => log4cplus_2.0.8.bb} |   2 +-
 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2022-35414.patch            |  53 ++++++
 meta/recipes-devtools/vala/vala_0.56.0.bb     |   3 -
 meta/recipes-devtools/vala/vala_0.56.2.bb     |   3 +
 .../libtirpc/libtirpc/CVE-2021-46828.patch    | 155 ++++++++++++++++++
 .../libtirpc/libtirpc_1.3.2.bb                |   4 +-
 .../{epiphany_42.2.bb => epiphany_42.3.bb}    |   2 +-
 ...ontscale_1.2.1.bb => mkfontscale_1.2.2.bb} |   4 +-
 .../{xdpyinfo_1.3.2.bb => xdpyinfo_1.3.3.bb}  |   4 +-
 .../xorg-app/{xev_1.2.4.bb => xev_1.2.5.bb}   |   4 +-
 .../{xmodmap_1.0.10.bb => xmodmap_1.0.11.bb}  |   5 +-
 .../xorg-app/xorg-app-common.inc              |   3 +-
 .../recipes-graphics/xorg-app/xrandr_1.5.1.bb |   3 +-
 .../64bit_time_t_support.patch                |  51 ------
 ...1.9.1.bb => xf86-input-synaptics_1.9.2.bb} |   7 +-
 .../xorg-font/encodings/nocompiler.patch      |   8 +-
 ...{encodings_1.0.5.bb => encodings_1.0.6.bb} |   6 +-
 ...{font-util_1.3.2.bb => font-util_1.3.3.bb} |   5 +-
 .../xorg-font/xorg-font-common.inc            |   3 +-
 .../0001-render-Fix-build-with-gcc-12.patch   |  90 ----------
 ...-xorg_21.1.3.bb => xserver-xorg_21.1.4.bb} |   7 +-
 ...{xwayland_22.1.1.bb => xwayland_22.1.3.bb} |   2 +-
 ...20220610.bb => linux-firmware_20220708.bb} |  13 +-
 meta/recipes-kernel/perf/perf.bb              |   3 +
 ...ebkitgtk_2.36.3.bb => webkitgtk_2.36.4.bb} |   2 +-
 scripts/lib/wic/plugins/source/rootfs.py      |   2 +-
 37 files changed, 309 insertions(+), 207 deletions(-)
 create mode 100644 meta/lib/oeqa/runtime/cases/rt.py
 create mode 100644 meta/recipes-bsp/efivar/efivar/0001-Fix-invalid-free-in-main.patch
 rename meta/recipes-connectivity/libuv/{libuv_1.44.1.bb => libuv_1.44.2.bb} (93%)
 rename meta/recipes-devtools/log4cplus/{log4cplus_2.0.7.bb => log4cplus_2.0.8.bb} (90%)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2022-35414.patch
 delete mode 100644 meta/recipes-devtools/vala/vala_0.56.0.bb
 create mode 100644 meta/recipes-devtools/vala/vala_0.56.2.bb
 create mode 100644 meta/recipes-extended/libtirpc/libtirpc/CVE-2021-46828.patch
 rename meta/recipes-gnome/epiphany/{epiphany_42.2.bb => epiphany_42.3.bb} (94%)
 rename meta/recipes-graphics/xorg-app/{mkfontscale_1.2.1.bb => mkfontscale_1.2.2.bb} (82%)
 rename meta/recipes-graphics/xorg-app/{xdpyinfo_1.3.2.bb => xdpyinfo_1.3.3.bb} (81%)
 rename meta/recipes-graphics/xorg-app/{xev_1.2.4.bb => xev_1.2.5.bb} (81%)
 rename meta/recipes-graphics/xorg-app/{xmodmap_1.0.10.bb => xmodmap_1.0.11.bb} (78%)
 delete mode 100644 meta/recipes-graphics/xorg-driver/xf86-input-synaptics/64bit_time_t_support.patch
 rename meta/recipes-graphics/xorg-driver/{xf86-input-synaptics_1.9.1.bb => xf86-input-synaptics_1.9.2.bb} (74%)
 rename meta/recipes-graphics/xorg-font/{encodings_1.0.5.bb => encodings_1.0.6.bb} (78%)
 rename meta/recipes-graphics/xorg-font/{font-util_1.3.2.bb => font-util_1.3.3.bb} (84%)
 delete mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/0001-render-Fix-build-with-gcc-12.patch
 rename meta/recipes-graphics/xorg-xserver/{xserver-xorg_21.1.3.bb => xserver-xorg_21.1.4.bb} (79%)
 rename meta/recipes-graphics/xwayland/{xwayland_22.1.1.bb => xwayland_22.1.3.bb} (95%)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20220610.bb => linux-firmware_20220708.bb} (98%)
 rename meta/recipes-sato/webkit/{webkitgtk_2.36.3.bb => webkitgtk_2.36.4.bb} (98%)

-- 
2.25.1

[OE-core][kirkstone 00/29] Pull request (cover letter only)

[Steve Sakoman]

The following changes since commit ada5e64a97d5f269886772540e0bb0c324088b21:

  efibootmgr: update compilation with musl (2022-12-17 04:10:41 -1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-next
  http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next

Alejandro Hernandez Samaniego (1):
  baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES

Alexander Kanavin (5):
  libnewt: update 0.52.21 -> 0.52.23
  ruby: merge .inc into .bb
  ruby: update 3.1.2 -> 3.1.3
  tzdata: update 2022d -> 2022g
  devtool/upgrade: correctly handle recipes where S is a subdir of
    upstream tree

Bruce Ashfield (3):
  linux-yocto/5.10: update to v5.10.152
  linux-yocto/5.10: update to v5.10.154
  linux-yocto/5.10: update to v5.10.160

Hitendra Prajapati (2):
  systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with
    a long backtrace
  libX11: CVE-2022-3554 & CVE-2022-3555 Fix memory leak

Jagadeesh Krishnanjanappa (1):
  qemuboot.bbclass: make sure runqemu boots bundled initramfs kernel
    image

Joshua Watt (1):
  classes/create-spdx: Add SPDX_PRETTY option

Kai Kang (1):
  webkitgtk: 2.36.7 -> 2.36.8

Martin Jansa (1):
  libxml2: fix test data checksums

Ovidiu Panait (1):
  kernel.bbclass: remove empty module directories to prevent QA issues

Quentin Schulz (1):
  cairo: update patch for CVE-2019-6461 with upstream solution

Randy MacLeod (1):
  valgrind: skip the boost_thread test on arm

Ranjitsinh Rathod (3):
  curl: Correct LICENSE from MIT-open-group to curl
  curl: Add patch to fix CVE-2022-43551
  curl: Add patch to fix CVE-2022-43552

Richard Purdie (1):
  oeqa/concurrencytest: Add number of failures to summary output

Robert Andersson (1):
  go-crosssdk: avoid host contamination by GOCACHE

Ross Burton (1):
  libepoxy: remove upstreamed patch

Vivek Kumbhar (1):
  sqlite: fix CVE-2022-46908 safe mode authorizer callback allows
    disallowed UDFs.

Wang Mingyu (2):
  libpng: upgrade 1.6.38 -> 1.6.39
  gstreamer1.0: upgrade 1.20.4 -> 1.20.5

Xiangyu Chen (1):
  openssh: remove RRECOMMENDS to rng-tools for sshd package

Yash.Shinde@windriver.com (1):
  binutils : Fix CVE-2022-4285

 meta/classes/baremetal-image.bbclass          |  11 ++
 meta/classes/create-spdx.bbclass              |  22 +++-
 meta/classes/kernel.bbclass                   |   4 +-
 meta/classes/qemuboot.bbclass                 |   3 +-
 meta/lib/oe/sbom.py                           |   4 +-
 meta/lib/oeqa/core/utils/concurrencytest.py   |   4 +-
 .../openssh/openssh_8.9p1.bb                  |  10 +-
 meta/recipes-core/libxml/libxml2_2.9.14.bb    |   4 +-
 .../systemd/systemd/CVE-2022-45873.patch      | 124 ++++++++++++++++++
 meta/recipes-core/systemd/systemd_250.5.bb    |   1 +
 .../binutils/binutils-2.38.inc                |   1 +
 .../binutils/0019-CVE-2022-4285.patch         |  37 ++++++
 meta/recipes-devtools/go/go-crosssdk.inc      |   2 +
 meta/recipes-devtools/ruby/ruby.inc           |  39 ------
 ...001-Remove-dependency-on-libcapstone.patch |  36 -----
 .../ruby/{ruby_3.1.2.bb => ruby_3.1.3.bb}     |  48 ++++++-
 .../valgrind/valgrind/remove-for-aarch64      |   1 +
 .../0001-detect-gold-as-GNU-linker-too.patch  |  14 +-
 ...-t-ignore-CFLAGS-when-building-snack.patch |  29 ----
 ...{libnewt_0.52.21.bb => libnewt_0.52.23.bb} |   4 +-
 meta/recipes-extended/timezone/timezone.inc   |   7 +-
 .../cairo/cairo/CVE-2019-6461.patch           |  35 ++++-
 ...atch_common.h-define-also-EGL_NO_X11.patch |  27 ----
 .../libepoxy/libepoxy_1.5.10.bb               |   4 +-
 .../xorg-lib/libx11/CVE-2022-3554.patch       |  58 ++++++++
 .../xorg-lib/libx11/CVE-2022-3555.patch       |  40 ++++++
 .../xorg-lib/libx11_1.7.3.1.bb                |   2 +
 .../linux/linux-yocto-rt_5.10.bb              |   6 +-
 .../linux/linux-yocto-tiny_5.10.bb            |   8 +-
 meta/recipes-kernel/linux/linux-yocto_5.10.bb |  24 ++--
 ...tools_1.20.4.bb => gst-devtools_1.20.5.bb} |   2 +-
 ...1.20.4.bb => gstreamer1.0-libav_1.20.5.bb} |   2 +-
 ...x_1.20.4.bb => gstreamer1.0-omx_1.20.5.bb} |   2 +-
 ....bb => gstreamer1.0-plugins-bad_1.20.5.bb} |   2 +-
 ...bb => gstreamer1.0-plugins-base_1.20.5.bb} |   2 +-
 ...bb => gstreamer1.0-plugins-good_1.20.5.bb} |   2 +-
 ...bb => gstreamer1.0-plugins-ugly_1.20.5.bb} |   2 +-
 ....20.4.bb => gstreamer1.0-python_1.20.5.bb} |   2 +-
 ....bb => gstreamer1.0-rtsp-server_1.20.5.bb} |   2 +-
 ...1.20.4.bb => gstreamer1.0-vaapi_1.20.5.bb} |   2 +-
 ...er1.0_1.20.4.bb => gstreamer1.0_1.20.5.bb} |   2 +-
 .../{libpng_1.6.38.bb => libpng_1.6.39.bb}    |   2 +-
 ...ebkitgtk_2.36.7.bb => webkitgtk_2.36.8.bb} |   4 +-
 .../curl/curl/CVE-2022-43551.patch            |  35 +++++
 .../curl/curl/CVE-2022-43552.patch            |  80 +++++++++++
 meta/recipes-support/curl/curl_7.82.0.bb      |   4 +-
 .../sqlite/files/CVE-2022-46908.patch         |  39 ++++++
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb |   1 +
 scripts/lib/devtool/standard.py               |  19 +--
 scripts/lib/devtool/upgrade.py                |  18 ++-
 50 files changed, 595 insertions(+), 238 deletions(-)
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2022-45873.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/0019-CVE-2022-4285.patch
 delete mode 100644 meta/recipes-devtools/ruby/ruby.inc
 delete mode 100644 meta/recipes-devtools/ruby/ruby/0001-Remove-dependency-on-libcapstone.patch
 rename meta/recipes-devtools/ruby/{ruby_3.1.2.bb => ruby_3.1.3.bb} (68%)
 delete mode 100644 meta/recipes-extended/newt/files/0002-don-t-ignore-CFLAGS-when-building-snack.patch
 rename meta/recipes-extended/newt/{libnewt_0.52.21.bb => libnewt_0.52.23.bb} (87%)
 delete mode 100644 meta/recipes-graphics/libepoxy/files/0001-dispatch_common.h-define-also-EGL_NO_X11.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3554.patch
 create mode 100644 meta/recipes-graphics/xorg-lib/libx11/CVE-2022-3555.patch
 rename meta/recipes-multimedia/gstreamer/{gst-devtools_1.20.4.bb => gst-devtools_1.20.5.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-libav_1.20.4.bb => gstreamer1.0-libav_1.20.5.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-omx_1.20.4.bb => gstreamer1.0-omx_1.20.5.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-bad_1.20.4.bb => gstreamer1.0-plugins-bad_1.20.5.bb} (98%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-base_1.20.4.bb => gstreamer1.0-plugins-base_1.20.5.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-good_1.20.4.bb => gstreamer1.0-plugins-good_1.20.5.bb} (97%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-plugins-ugly_1.20.4.bb => gstreamer1.0-plugins-ugly_1.20.5.bb} (94%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-python_1.20.4.bb => gstreamer1.0-python_1.20.5.bb} (91%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-rtsp-server_1.20.4.bb => gstreamer1.0-rtsp-server_1.20.5.bb} (90%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0-vaapi_1.20.4.bb => gstreamer1.0-vaapi_1.20.5.bb} (95%)
 rename meta/recipes-multimedia/gstreamer/{gstreamer1.0_1.20.4.bb => gstreamer1.0_1.20.5.bb} (97%)
 rename meta/recipes-multimedia/libpng/{libpng_1.6.38.bb => libpng_1.6.39.bb} (93%)
 rename meta/recipes-sato/webkit/{webkitgtk_2.36.7.bb => webkitgtk_2.36.8.bb} (97%)
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-43551.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2022-43552.patch
 create mode 100644 meta/recipes-support/sqlite/files/CVE-2022-46908.patch

-- 
2.25.1

Re: [OE-core][kirkstone 00/29] Pull request (cover letter only)

[Martin Jansa]

[-- Attachment #1: Type: text/plain, Size: 1609 bytes --]

On Wed, Jan 4, 2023 at 3:36 PM Steve Sakoman <steve@sakoman.com> wrote:

> The following changes since commit
> ada5e64a97d5f269886772540e0bb0c324088b21:
>
>   efibootmgr: update compilation with musl (2022-12-17 04:10:41 -1000)
>
> are available in the Git repository at:
>
>   https://git.openembedded.org/openembedded-core-contrib
> stable/kirkstone-next
>
> http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next
>
> Alejandro Hernandez Samaniego (1):
>   baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
>
> Alexander Kanavin (5):
>   libnewt: update 0.52.21 -> 0.52.23
>   ruby: merge .inc into .bb
>   ruby: update 3.1.2 -> 3.1.3
>   tzdata: update 2022d -> 2022g
>   devtool/upgrade: correctly handle recipes where S is a subdir of
>     upstream tree
>
> Bruce Ashfield (3):
>   linux-yocto/5.10: update to v5.10.152
>   linux-yocto/5.10: update to v5.10.154
>   linux-yocto/5.10: update to v5.10.160
>
> Hitendra Prajapati (2):
>   systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with
>     a long backtrace
>

I'm a bit late, but this change seems to cause:

| ../git/src/shared/elf-util.c: In function 'parse_elf_object':
| ../git/src/shared/elf-util.c:792:27: error: void value not ignored as it
ought to be
|   792 |                         r = json_variant_dump(package_metadata,
JSON_FORMAT_FLUSH, json_out, NULL);
|       |                           ^

I'm trying to find out why this isn't failing for you, it might be
triggered with just some PACKAGECONFIG combination we have (we enable
coredump, elfutils, oomd, cgroupv2).

[-- Attachment #2: Type: text/html, Size: 2377 bytes --]

Re: [OE-core][kirkstone 00/29] Pull request (cover letter only)

[Steve Sakoman]

On Wed, Jan 4, 2023 at 4:55 AM Martin Jansa <martin.jansa@gmail.com> wrote:
>
> On Wed, Jan 4, 2023 at 3:36 PM Steve Sakoman <steve@sakoman.com> wrote:
>>
>> The following changes since commit ada5e64a97d5f269886772540e0bb0c324088b21:
>>
>>   efibootmgr: update compilation with musl (2022-12-17 04:10:41 -1000)
>>
>> are available in the Git repository at:
>>
>>   https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-next
>>   http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-next
>>
>> Alejandro Hernandez Samaniego (1):
>>   baremetal-image: Avoid overriding qemu variables from IMAGE_CLASSES
>>
>> Alexander Kanavin (5):
>>   libnewt: update 0.52.21 -> 0.52.23
>>   ruby: merge .inc into .bb
>>   ruby: update 3.1.2 -> 3.1.3
>>   tzdata: update 2022d -> 2022g
>>   devtool/upgrade: correctly handle recipes where S is a subdir of
>>     upstream tree
>>
>> Bruce Ashfield (3):
>>   linux-yocto/5.10: update to v5.10.152
>>   linux-yocto/5.10: update to v5.10.154
>>   linux-yocto/5.10: update to v5.10.160
>>
>> Hitendra Prajapati (2):
>>   systemd: CVE-2022-45873 deadlock in systemd-coredump via a crash with
>>     a long backtrace
>
>
> I'm a bit late, but this change seems to cause:
>
> | ../git/src/shared/elf-util.c: In function 'parse_elf_object':
> | ../git/src/shared/elf-util.c:792:27: error: void value not ignored as it ought to be
> |   792 |                         r = json_variant_dump(package_metadata, JSON_FORMAT_FLUSH, json_out, NULL);
> |       |                           ^
>
> I'm trying to find out why this isn't failing for you, it might be triggered with just some PACKAGECONFIG combination we have (we enable coredump, elfutils, oomd, cgroupv2).

Just to be safe I will remove this from the pull request in
stable/kirkstone-next but keep it in stable/kirkstone nut until you
finish your investigation.

Thanks for the review!

Steve