* [OE-core][kirkstone 00/23] Patch review
@ 2022-07-18 0:30 Steve Sakoman
0 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2022-07-18 0:30 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3924
The following changes since commit a4bfb5ceb5cf8c0c6d27225b27ef10c0b9dceccb:
libsoup: upgrade 3.0.6 -> 3.0.7 (2022-07-13 11:54:16 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bruce Ashfield (19):
linux-yocto/5.10: update to v5.10.121
linux-yocto/5.10: update to v5.10.123
linux-yocto/5.10: update to v5.10.128
linux-yocto/5.10: fix build_OID_registry/conmakehash buildpaths
warning
linux-yocto/5.10: fix buildpaths issue with gen-mach-types
linux-yocto/5.10: update to v5.10.130
linux-yocto/5.10: fix buildpaths issue with pnmtologo
linux-yocto/5.15: update to v5.15.46
linux-yocto/5.15: update to v5.15.48
linux-yocto/5.15: drop obselete GPIO sysfs ABI
linux-yocto/5.15: update to v5.15.52
linux-yocto/5.15: fix qemuppc buildpaths warning
linux-yocto/5.15: fix build_OID_registry buildpaths warning
linux-yocto/5.15: fix buildpaths issue with gen-mach-types
linux-yocto/5.15: update to v5.15.54
linux-yocto/5.15: fix buildpaths issue with pnmtologo
kernel-devsrc: fix reproducibility and buildpaths QA warning
kernel-devsrc: ppc32: fix reproducibility
perf: fix reproducibility in 5.19+
Richard Purdie (4):
qemu: Fix slirp determinism issue
qemu: Add PACKAGECONFIG for brlapi
gperf: Add a patch to work around reproducibility issues
gperf: Switch to upstream patch
.../qemu/qemu-system-native_6.2.0.bb | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 2 +
meta/recipes-devtools/qemu/qemu_6.2.0.bb | 4 +-
...c6e57a308a05889c80c048dbc58bdc378dcb.patch | 181 ++++++++++++++++++
meta/recipes-extended/gperf/gperf_3.1.bb | 2 +
meta/recipes-kernel/linux/kernel-devsrc.bb | 8 +-
.../linux/linux-yocto-rt_5.10.bb | 6 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.10.bb | 8 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 24 +--
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +--
meta/recipes-kernel/perf/perf.bb | 6 +
13 files changed, 238 insertions(+), 43 deletions(-)
create mode 100644 meta/recipes-extended/gperf/gperf/1862c6e57a308a05889c80c048dbc58bdc378dcb.patch
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 00/23] Patch review
@ 2022-12-01 14:26 Steve Sakoman
0 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2022-12-01 14:26 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Monday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4562
The following changes since commit 5b2ee67e3a5587b4c7d97d2a9bc00022d1eedae3:
create-spdx: default share_src for shared sources (2022-11-25 08:08:10 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Bhabu Bindu (3):
curl: Fix CVE-2022-32221
curl: Fix CVE-2022-42916
curl: Fix CVE-2022-42915
Bruce Ashfield (5):
linux-yocto/5.15: update to v5.15.74
linux-yocto/5.15: update to v5.15.76
linux-yocto/5.15: update to v5.15.78
linux-yocto/5.15: fix CONFIG_CRYPTO_CCM mismatch warnings
kern-tools: integrate ZFS speedup patch
Chee Yang Lee (1):
dropbear: fix CVE-2021-36369
Chen Qi (3):
kernel.bbclass: make KERNEL_DEBUG_TIMESTAMPS work at rebuild
resolvconf: make it work
dhcpcd: fix to work with systemd
Dmitry Baryshkov (2):
linux-firmware: upgrade 20221012 -> 20221109
linux-firmware: add new fw file to ${PN}-qcom-adreno-a530
Enrico Jörns (1):
sstatesig: emit more helpful error message when not finding sstate
manifest
Martin Jansa (2):
tiff: refresh with devtool
tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
Polampalli, Archana (1):
libpam: fix CVE-2022-28321
Qiu, Zheng (1):
tiff: Security fix for CVE-2022-3970
Ross Burton (1):
tiff: fix a number of CVEs
Tim Orling (1):
mirrors.bbclass: update CPAN_MIRROR
Xiangyu Chen (2):
grub2: backport patch to fix CVE-2022-2601 CVE-2022-3775
dbus: upgrade 1.14.0 -> 1.14.4
meta/classes/kernel.bbclass | 8 +
meta/classes/mirrors.bbclass | 3 +-
meta/lib/oe/sstatesig.py | 6 +-
...erflow-in-grub_font_get_glyph_intern.patch | 115 ++++
.../grub/files/CVE-2022-2601.patch | 85 +++
.../grub/files/CVE-2022-3775.patch | 95 +++
meta/recipes-bsp/grub/grub2.inc | 3 +
.../dhcpcd/dhcpcd_9.4.1.bb | 1 +
...mprove-the-sitation-of-working-with-.patch | 82 +++
...01-avoid-using-m-option-for-readlink.patch | 37 +
.../resolvconf/resolvconf_1.91.bb | 9 +-
...eswap-Byte-swap-Unix-fd-indexes-if-n.patch | 76 ---
...idate-Check-brackets-in-signature-ne.patch | 119 ----
...idate-Validate-length-of-arrays-of-f.patch | 61 --
.../dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} | 10 +-
meta/recipes-core/dropbear/dropbear.inc | 4 +-
.../dropbear/dropbear/CVE-2021-36369.patch | 145 ++++
.../pam/libpam/CVE-2022-28321-0002.patch | 205 ++++++
meta/recipes-extended/pam/libpam_1.5.2.bb | 1 +
.../kern-tools/kern-tools-native_git.bb | 2 +-
...20221012.bb => linux-firmware_20221109.bb} | 6 +-
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
...-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 266 ++++++++
...-the-FPE-in-tiffcrop-415-427-and-428.patch | 2 +-
...rash-when-reading-a-file-with-multip.patch | 14 +-
...ue-330-and-some-more-from-320-to-349.patch | 86 ++-
...fcrop-S-option-Make-decision-simpler.patch | 36 +
...-incompatibility-of-Z-X-Y-z-options-.patch | 59 ++
...ines-require-a-larger-buffer-fixes-2.patch | 640 ++++++++++++++++++
...al-buffer-overflow-for-ASCII-tags-wh.patch | 13 +-
...ue-380-and-382-heap-buffer-overflow-.patch | 14 +-
...-for-return-value-of-limitMalloc-392.patch | 15 +-
...ag-avoid-calling-memcpy-with-a-null-.patch | 16 +-
.../0005-fix-the-FPE-in-tiffcrop-393.patch | 15 +-
...x-heap-buffer-overflow-in-tiffcp-278.patch | 15 +-
...99c99f987dc32ae110370cfdd7df7975586b.patch | 9 +-
.../libtiff/tiff/CVE-2022-1354.patch | 8 +-
.../libtiff/tiff/CVE-2022-1355.patch | 8 +-
.../libtiff/tiff/CVE-2022-2867.patch | 2 +-
.../libtiff/tiff/CVE-2022-2869.patch | 2 +-
.../libtiff/tiff/CVE-2022-2953.patch | 30 +-
.../libtiff/tiff/CVE-2022-34526.patch | 6 +-
.../libtiff/tiff/CVE-2022-3970.patch | 38 ++
...ed69a485a9cfb299d9f060eb2a46c54e5903.patch | 7 +-
...0712f4c3a5b449f70c57988260a667ddbdef.patch | 9 +-
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 6 +-
.../curl/curl/CVE-2022-32221.patch | 28 +
.../curl/curl/CVE-2022-42915.patch | 53 ++
.../curl/curl/CVE-2022-42916.patch | 136 ++++
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
52 files changed, 2203 insertions(+), 444 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/0001-font-Fix-size-overflow-in-grub_font_get_glyph_intern.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-2601.patch
create mode 100644 meta/recipes-bsp/grub/files/CVE-2022-3775.patch
create mode 100644 meta/recipes-connectivity/dhcpcd/files/0001-20-resolv.conf-improve-the-sitation-of-working-with-.patch
create mode 100644 meta/recipes-connectivity/resolvconf/resolvconf/0001-avoid-using-m-option-for-readlink.patch
delete mode 100644 meta/recipes-core/dbus/dbus/0001-dbus-marshal-byteswap-Byte-swap-Unix-fd-indexes-if-n.patch
delete mode 100644 meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Check-brackets-in-signature-ne.patch
delete mode 100644 meta/recipes-core/dbus/dbus/0001-dbus-marshal-validate-Validate-length-of-arrays-of-f.patch
rename meta/recipes-core/dbus/{dbus_1.14.0.bb => dbus_1.14.4.bb} (93%)
create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2021-36369.patch
create mode 100644 meta/recipes-extended/pam/libpam/CVE-2022-28321-0002.patch
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221012.bb => linux-firmware_20221109.bb} (99%)
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-S-option-Make-decision-simpler.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-disable-incompatibility-of-Z-X-Y-z-options-.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/0001-tiffcrop-subroutines-require-a-larger-buffer-fixes-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-3970.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-32221.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-42915.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2022-42916.patch
--
2.25.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 00/23] Patch review
@ 2023-02-21 14:40 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 01/23] tar: CVE-2022-48303 Steve Sakoman
` (22 more replies)
0 siblings, 23 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for kirkstone and have comments back by
end of day Thursday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/4951
The following changes since commit 54c30e509074073b99a7a8890482ba1af2abbab9:
oeqa context.py: fix --target-ip comment to include ssh port number (2023-02-11 04:06:51 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Alexander Kanavin (8):
diffutils: update 3.8 -> 3.9
lttng-tools: update 2.13.8 -> 2.13.9
apr: update 1.7.0 -> 1.7.2
apr-util: update 1.6.1 -> 1.6.3
bind: upgrade 9.18.10 -> 9.18.11
libjpeg-turbo: upgrade 2.1.4 -> 2.1.5
linux-firmware: upgrade 20221214 -> 20230117
sudo: upgrade 1.9.12p1 -> 1.9.12p2
Alexandre Belloni (1):
oeqa/selftest/bbtests: Update message lookup for
test_git_unpack_nonetwork_fail
Kai Kang (1):
qemu: fix compile error
Mauro Queiros (1):
image.bbclass: print all QA functions exceptions
Mikko Rapeli (6):
oeqa ssh.py: move output prints to new line
oeqa ssh.py: add connection keep alive options to ssh client
oeqa dump.py: add error counter and stop after 5 failures
oeqa qemurunner: read more data at a time from serial
oeqa qemurunner.py: add timeout to QMP calls
oeqa qemurunner.py: try to avoid reading one character at a time
Peter Kjellerstedt (1):
devshell: Do not add scripts/git-intercept to PATH
Rodolfo Quesada Zumbado (1):
tar: CVE-2022-48303
Sakib Sajal (1):
git: upgrade 2.35.6 -> 2.35.7
Steve Sakoman (2):
libgit2: uprade 1.4.3 -> 1.4.4
libgit2: upgrade 1.4.4 -> 1.4.5
Ulrich Ölmann (1):
update-alternatives: fix typos
meta/classes/devshell.bbclass | 2 -
meta/classes/image.bbclass | 2 +-
meta/classes/update-alternatives.bbclass | 6 +-
meta/lib/oeqa/core/target/ssh.py | 8 +-
meta/lib/oeqa/selftest/cases/bbtests.py | 2 +-
meta/lib/oeqa/utils/dump.py | 23 +-
meta/lib/oeqa/utils/qemurunner.py | 9 +-
...1-avoid-start-failure-with-bind-user.patch | 0
...d-V-and-start-log-hide-build-options.patch | 0
...ching-for-json-headers-searches-sysr.patch | 0
.../bind/{bind-9.18.10 => bind-9.18.11}/bind9 | 0
.../{bind-9.18.10 => bind-9.18.11}/conf.patch | 0
.../generate-rndc-key.sh | 0
...t.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../named.service | 0
.../bind/{bind_9.18.10.bb => bind_9.18.11.bb} | 4 +-
.../git/{git_2.35.6.bb => git_2.35.7.bb} | 2 +-
meta/recipes-devtools/qemu/qemu.inc | 2 +
...ave-qxl_log_command-Return-early-if-.patch | 57 +++++
...ass-requested-buffer-size-to-qxl_phy.patch | 217 ++++++++++++++++++
...001-Skip-strip-trailing-cr-test-case.patch | 11 +-
...a-standard-layout-so-glibc-and-musl-.patch | 33 ---
.../{diffutils_3.8.bb => diffutils_3.9.bb} | 3 +-
.../{sudo_1.9.12p1.bb => sudo_1.9.12p2.bb} | 2 +-
.../tar/tar/CVE-2022-48303.patch | 43 ++++
meta/recipes-extended/tar/tar_1.34.bb | 4 +-
...-turbo_2.1.4.bb => libjpeg-turbo_2.1.5.bb} | 2 +-
...20221214.bb => linux-firmware_20230117.bb} | 6 +-
.../lttng/lttng-tools/determinism.patch | 64 ------
...-tools_2.13.8.bb => lttng-tools_2.13.9.bb} | 3 +-
.../0001-Fix-error-handling-in-gdbm.patch | 134 -----------
.../{apr-util_1.6.1.bb => apr-util_1.6.3.bb} | 6 +-
...ion-to-disable-timed-dependant-tests.patch | 20 +-
...CHE_CHECK-for-strerror_r-return-type.patch | 52 -----
...-runtime-test-for-mmap-that-can-map-.patch | 26 +--
...ir-path-references-from-installed-ap.patch | 25 +-
...configure.in-support-cross-compiling.patch | 63 -----
...ze-doesn-t-match-in-glibc-when-cross.patch | 76 ------
.../apr/apr/CVE-2021-35940.patch | 58 -----
.../recipes-support/apr/apr/autoconf270.patch | 22 --
.../apr/apr/libtoolize_check.patch | 21 +-
.../apr/{apr_1.7.0.bb => apr_1.7.2.bb} | 8 +-
.../{libgit2_1.4.3.bb => libgit2_1.4.5.bb} | 2 +-
44 files changed, 430 insertions(+), 588 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.10.bb => bind_9.18.11.bb} (96%)
rename meta/recipes-devtools/git/{git_2.35.6.bb => git_2.35.7.bb} (98%)
create mode 100644 meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Have-qxl_log_command-Return-early-if-.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch
delete mode 100644 meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch
rename meta/recipes-extended/diffutils/{diffutils_3.8.bb => diffutils_3.9.bb} (88%)
rename meta/recipes-extended/sudo/{sudo_1.9.12p1.bb => sudo_1.9.12p2.bb} (96%)
create mode 100644 meta/recipes-extended/tar/tar/CVE-2022-48303.patch
rename meta/recipes-graphics/jpeg/{libjpeg-turbo_2.1.4.bb => libjpeg-turbo_2.1.5.bb} (97%)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221214.bb => linux-firmware_20230117.bb} (99%)
delete mode 100644 meta/recipes-kernel/lttng/lttng-tools/determinism.patch
rename meta/recipes-kernel/lttng/{lttng-tools_2.13.8.bb => lttng-tools_2.13.9.bb} (98%)
delete mode 100644 meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch
rename meta/recipes-support/apr/{apr-util_1.6.1.bb => apr-util_1.6.3.bb} (94%)
delete mode 100644 meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
delete mode 100644 meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch
delete mode 100644 meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
delete mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch
delete mode 100644 meta/recipes-support/apr/apr/autoconf270.patch
rename meta/recipes-support/apr/{apr_1.7.0.bb => apr_1.7.2.bb} (91%)
rename meta/recipes-support/libgit2/{libgit2_1.4.3.bb => libgit2_1.4.5.bb} (91%)
--
2.34.1
^ permalink raw reply [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 01/23] tar: CVE-2022-48303
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 02/23] diffutils: update 3.8 -> 3.9 Steve Sakoman
` (21 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303
Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../tar/tar/CVE-2022-48303.patch | 43 +++++++++++++++++++
meta/recipes-extended/tar/tar_1.34.bb | 4 +-
2 files changed, 46 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-extended/tar/tar/CVE-2022-48303.patch
diff --git a/meta/recipes-extended/tar/tar/CVE-2022-48303.patch b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
new file mode 100644
index 0000000000..b2f40f3e64
--- /dev/null
+++ b/meta/recipes-extended/tar/tar/CVE-2022-48303.patch
@@ -0,0 +1,43 @@
+From 3da78400eafcccb97e2f2fd4b227ea40d794ede8 Mon Sep 17 00:00:00 2001
+From: Sergey Poznyakoff <gray@gnu.org>
+Date: Sat, 11 Feb 2023 11:57:39 +0200
+Subject: Fix boundary checking in base-256 decoder
+
+* src/list.c (from_header): Base-256 encoding is at least 2 bytes
+long.
+
+Upstream-Status: Backport [see reference below]
+CVE: CVE-2022-48303
+
+Reference to upstream patch:
+https://savannah.gnu.org/bugs/?62387
+https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
+
+Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+---
+ src/list.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
+
+
+(limited to 'src/list.c')
+
+diff --git a/src/list.c b/src/list.c
+index 9fafc42..86bcfdd 100644
+--- a/src/list.c
++++ b/src/list.c
+@@ -881,8 +881,9 @@ from_header (char const *where0, size_t digs, char const *type,
+ where++;
+ }
+ }
+- else if (*where == '\200' /* positive base-256 */
+- || *where == '\377' /* negative base-256 */)
++ else if (where <= lim - 2
++ && (*where == '\200' /* positive base-256 */
++ || *where == '\377' /* negative base-256 */))
+ {
+ /* Parse base-256 output. A nonnegative number N is
+ represented as (256**DIGS)/2 + N; a negative number -N is
+--
+cgit v1.1
+
diff --git a/meta/recipes-extended/tar/tar_1.34.bb b/meta/recipes-extended/tar/tar_1.34.bb
index 7307cd57a2..1ef5fe221e 100644
--- a/meta/recipes-extended/tar/tar_1.34.bb
+++ b/meta/recipes-extended/tar/tar_1.34.bb
@@ -6,7 +6,9 @@ SECTION = "base"
LICENSE = "GPL-3.0-only"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2"
+SRC_URI = "${GNU_MIRROR}/tar/tar-${PV}.tar.bz2 \
+ file://CVE-2022-48303.patch \
+"
SRC_URI[sha256sum] = "b44cc67f8a1f6b0250b7c860e952b37e8ed932a90bd9b1862a511079255646ff"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 02/23] diffutils: update 3.8 -> 3.9
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 01/23] tar: CVE-2022-48303 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 03/23] lttng-tools: update 2.13.8 -> 2.13.9 Steve Sakoman
` (20 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
NEWS
* Noteworthy changes in release 3.9 (2023-01-15) [stable]
** Bug fixes
diff -c and -u no longer output incorrect timezones in headers
on platforms like Solaris where struct tm lacks tm_gmtoff.
[bug#51228 introduced in 3.4]
Drop patch as issue fixed upstream.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5ec5de7217de28bccf3243496df6b41ca8a1d0b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 6bf52987a82370a1353399a480271a76237e7619)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...001-Skip-strip-trailing-cr-test-case.patch | 11 +++----
...a-standard-layout-so-glibc-and-musl-.patch | 33 -------------------
.../{diffutils_3.8.bb => diffutils_3.9.bb} | 3 +-
3 files changed, 6 insertions(+), 41 deletions(-)
delete mode 100644 meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch
rename meta/recipes-extended/diffutils/{diffutils_3.8.bb => diffutils_3.9.bb} (88%)
diff --git a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
index aac1c43465..8b88c308f2 100644
--- a/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
+++ b/meta/recipes-extended/diffutils/diffutils/0001-Skip-strip-trailing-cr-test-case.patch
@@ -1,4 +1,4 @@
-From bd7fb8be2ae2d75347cf7733302d5093046ffa85 Mon Sep 17 00:00:00 2001
+From 027229d25392b22d7280c0abbc3efde4f467d167 Mon Sep 17 00:00:00 2001
From: Peiran Hong <peiran.hong@windriver.com>
Date: Thu, 5 Sep 2019 15:42:22 -0400
Subject: [PATCH] Skip strip-trailing-cr test case
@@ -10,19 +10,21 @@ package.
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
+
---
tests/Makefile.am | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
-index 83a7c9d..04d51b5 100644
+index d98df82..757ea52 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
-@@ -21,8 +21,10 @@ TESTS = \
+@@ -21,9 +21,11 @@ TESTS = \
stdin \
strcoll-0-names \
filename-quoting \
- strip-trailing-cr \
+ timezone \
colors
+# Skipping this test since it requires valgrind
+# and thus is too heavy for diffutils package
@@ -30,6 +32,3 @@ index 83a7c9d..04d51b5 100644
XFAIL_TESTS = large-subopt
---
-2.21.0
-
diff --git a/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch b/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch
deleted file mode 100644
index 4928e1eaff..0000000000
--- a/meta/recipes-extended/diffutils/diffutils/0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From f385ad6639380eb6dfa8b8eb4a5ba65dd12db744 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Fri, 25 Mar 2022 13:43:19 -0700
-Subject: [PATCH] mcontext is not a standard layout so glibc and musl differ
-
-This is already applied to libsigsegv upstream, hopefully next version
-of grep will update its internal copy and we can drop this patch
-
-Upstream-Status: Backport [https://git.savannah.gnu.org/gitweb/?p=libsigsegv.git;a=commitdiff;h=a6ff69873110c0a8ba6f7fd90532dbc11224828c]
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- lib/sigsegv.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/sigsegv.c b/lib/sigsegv.c
-index 998c827..b6f4841 100644
---- a/lib/sigsegv.c
-+++ b/lib/sigsegv.c
-@@ -219,8 +219,8 @@ int libsigsegv_version = LIBSIGSEGV_VERSION;
- # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.gp_regs[1]
- # else /* 32-bit */
- /* both should be equivalent */
--# if 0
--# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.regs->gpr[1]
-+# if ! defined __GLIBC__
-+# define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_regs->gregs[1]
- # else
- # define SIGSEGV_FAULT_STACKPOINTER ((ucontext_t *) ucp)->uc_mcontext.uc_regs->gregs[1]
- # endif
---
-2.35.1
-
diff --git a/meta/recipes-extended/diffutils/diffutils_3.8.bb b/meta/recipes-extended/diffutils/diffutils_3.9.bb
similarity index 88%
rename from meta/recipes-extended/diffutils/diffutils_3.8.bb
rename to meta/recipes-extended/diffutils/diffutils_3.9.bb
index 8889c83ee2..2bb9e6f32d 100644
--- a/meta/recipes-extended/diffutils/diffutils_3.8.bb
+++ b/meta/recipes-extended/diffutils/diffutils_3.9.bb
@@ -6,10 +6,9 @@ require diffutils.inc
SRC_URI = "${GNU_MIRROR}/diffutils/diffutils-${PV}.tar.xz \
file://run-ptest \
file://0001-Skip-strip-trailing-cr-test-case.patch \
- file://0001-mcontext-is-not-a-standard-layout-so-glibc-and-musl-.patch \
"
-SRC_URI[sha256sum] = "a6bdd7d1b31266d11c4f4de6c1b748d4607ab0231af5188fc2533d0ae2438fec"
+SRC_URI[sha256sum] = "d80d3be90a201868de83d78dad3413ad88160cc53bcc36eb9eaf7c20dbf023f1"
EXTRA_OECONF += "ac_cv_path_PR_PROGRAM=${bindir}/pr --without-libsigsegv-prefix"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 03/23] lttng-tools: update 2.13.8 -> 2.13.9
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 01/23] tar: CVE-2022-48303 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 02/23] diffutils: update 3.8 -> 3.9 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 04/23] apr: update 1.7.0 -> 1.7.2 Steve Sakoman
` (19 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
2023-01-13 (National Sticker Day) LTTng modules 2.13.8
* fix: jbd2: use the correct print format
* Fix: in_x32_syscall was introduced in v4.7.0
* Explicitly skip tracing x32 system calls
* fix: kallsyms wrapper on ppc64el
* fix: Adjust ranges for RHEL 8.6 kernels
* fix: kvm-x86 requires CONFIG_KALLSYMS_ALL
* fix: mm/slab_common: drop kmem_alloc & avoid dereferencing fields when not using (v6.1)
Drop determinism.patch as issue resolved upstream via linked ticket.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cd9e72a390efb778a6278e2e6c9604ab29d6feb9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 812fb8f02b25bfd30f6d9640cf3b50131d68e0b1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../lttng/lttng-tools/determinism.patch | 64 -------------------
...-tools_2.13.8.bb => lttng-tools_2.13.9.bb} | 3 +-
2 files changed, 1 insertion(+), 66 deletions(-)
delete mode 100644 meta/recipes-kernel/lttng/lttng-tools/determinism.patch
rename meta/recipes-kernel/lttng/{lttng-tools_2.13.8.bb => lttng-tools_2.13.9.bb} (98%)
diff --git a/meta/recipes-kernel/lttng/lttng-tools/determinism.patch b/meta/recipes-kernel/lttng/lttng-tools/determinism.patch
deleted file mode 100644
index 0a897a8e13..0000000000
--- a/meta/recipes-kernel/lttng/lttng-tools/determinism.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-This is a bit ugly. Specifing abs_builddir as an RPATH is plain wrong when
-cross compiling. Sadly, removing the rpath makes libtool/automake do
-weird things and breaks the build as shared libs are no longer generated.
-
-We already try and delete the RPATH at do_install with chrpath however
-that does leave the path in the string table so it doesn't help us
-with reproducibility.
-
-Instead, hack in a bogus but harmless path, then delete it later in
-our do_install. Ultimately we may want to pass a specific path to use
-to configure if we really do need to set an RPATH at all. It is unclear
-to me whether the tests need that or not.
-
-Fixes reproducibility issues for lttng-tools.
-
-Upstream-Status: Submitted [https://bugs.lttng.org/issues/1361 - needs discussion with upstream about the correct solution]
-RP 2021/3/1
-
-Index: lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am
-===================================================================
---- lttng-tools-2.12.2.orig/tests/regression/ust/ust-dl/Makefile.am
-+++ lttng-tools-2.12.2/tests/regression/ust/ust-dl/Makefile.am
-@@ -27,16 +27,16 @@ noinst_LTLIBRARIES = libzzz.la libbar.la
-
- libzzz_la_SOURCES = libzzz.c libzzz.h
- libzzz_la_LDFLAGS = -module -shared -avoid-version \
-- -rpath $(abs_builddir)
-+ -rpath /usr/lib
-
- libbar_la_SOURCES = libbar.c libbar.h
- libbar_la_LDFLAGS = -module -shared -avoid-version \
-- -rpath $(abs_builddir)
-+ -rpath /usr/lib
- libbar_la_LIBADD = libzzz.la
-
- libfoo_la_SOURCES = libfoo.c libfoo.h
- libfoo_la_LDFLAGS = -module -shared -avoid-version \
-- -rpath $(abs_builddir)
-+ -rpath /usr/lib
- libfoo_la_LIBADD = libbar.la
-
- CLEANFILES = libfoo.so libfoo.so.debug libbar.so libbar.so.debug \
-@@ -44,7 +44,7 @@ CLEANFILES = libfoo.so libfoo.so.debug l
-
- libtp_la_SOURCES = libbar-tp.h libbar-tp.c libfoo-tp.h libfoo-tp.c \
- libzzz-tp.h libzzz-tp.c
--libtp_la_LDFLAGS = -module -shared -rpath $(abs_builddir)
-+libtp_la_LDFLAGS = -module -shared -rpath /usr/lib
-
- # Extract debug symbols
- libfoo.so.debug: libfoo.la
-Index: lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am
-===================================================================
---- lttng-tools-2.12.2.orig/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am
-+++ lttng-tools-2.12.2/tests/utils/testapp/userspace-probe-elf-binary/Makefile.am
-@@ -5,7 +5,7 @@ AM_CFLAGS += -O0
- noinst_LTLIBRARIES = libfoo.la
-
- libfoo_la_SOURCES = foo.c foo.h
--libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath $(abs_builddir)/.libs/
-+libfoo_la_LDFLAGS = -shared -module -avoid-version -rpath /usr/lib
-
- noinst_PROGRAMS = userspace-probe-elf-binary
- userspace_probe_elf_binary_SOURCES = userspace-probe-elf-binary.c
diff --git a/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb b/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
similarity index 98%
rename from meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb
rename to meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
index a814eb79f9..1f6929e307 100644
--- a/meta/recipes-kernel/lttng/lttng-tools_2.13.8.bb
+++ b/meta/recipes-kernel/lttng/lttng-tools_2.13.9.bb
@@ -35,11 +35,10 @@ SRC_URI = "https://lttng.org/files/lttng-tools/lttng-tools-${PV}.tar.bz2 \
file://0001-tests-do-not-strip-a-helper-library.patch \
file://run-ptest \
file://lttng-sessiond.service \
- file://determinism.patch \
file://disable-tests.patch \
"
-SRC_URI[sha256sum] = "b1e959579b260790930b20f3c7aa7cefb8a40e0de80d4a777c2bf78c6b353dc1"
+SRC_URI[sha256sum] = "8d94dc95b608cf70216b01203a3f8242b97a232db2e23421a2f43708da08f337"
inherit autotools ptest pkgconfig useradd python3-dir manpages systemd
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 04/23] apr: update 1.7.0 -> 1.7.2
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 03/23] lttng-tools: update 2.13.8 -> 2.13.9 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 05/23] apr-util: update 1.6.1 -> 1.6.3 Steve Sakoman
` (18 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Changes for APR 1.7.2
*) Correct a packaging issue in 1.7.1. The contents of the release were
correct, but the top level directory was misnamed.
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Dropped patches have all been merged, addressed separately or are backports.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ffae93f24bb1e3954b232099153fd059cfd7daf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit e5326ea0ac7e55b2d671a27c1e035c43b8bbc70d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...ion-to-disable-timed-dependant-tests.patch | 20 ++---
...CHE_CHECK-for-strerror_r-return-type.patch | 52 -------------
...-runtime-test-for-mmap-that-can-map-.patch | 26 +++----
...ir-path-references-from-installed-ap.patch | 25 +++---
...configure.in-support-cross-compiling.patch | 63 ---------------
...ze-doesn-t-match-in-glibc-when-cross.patch | 76 -------------------
.../apr/apr/CVE-2021-35940.patch | 58 --------------
.../recipes-support/apr/apr/autoconf270.patch | 22 ------
.../apr/apr/libtoolize_check.patch | 21 +++--
.../apr/{apr_1.7.0.bb => apr_1.7.2.bb} | 8 +-
10 files changed, 51 insertions(+), 320 deletions(-)
delete mode 100644 meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
delete mode 100644 meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch
delete mode 100644 meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
delete mode 100644 meta/recipes-support/apr/apr/CVE-2021-35940.patch
delete mode 100644 meta/recipes-support/apr/apr/autoconf270.patch
rename meta/recipes-support/apr/{apr_1.7.0.bb => apr_1.7.2.bb} (91%)
diff --git a/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch b/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch
index abff4e9331..a274f3a16e 100644
--- a/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch
+++ b/meta/recipes-support/apr/apr/0001-Add-option-to-disable-timed-dependant-tests.patch
@@ -1,14 +1,15 @@
-From 2bbe20b4f69e84e7a18bc79d382486953f479328 Mon Sep 17 00:00:00 2001
+From 225abf37cd0b49960664b59f08e515a4c4ea5ad0 Mon Sep 17 00:00:00 2001
From: Jeremy Puhlman <jpuhlman@mvista.com>
Date: Thu, 26 Mar 2020 18:30:36 +0000
Subject: [PATCH] Add option to disable timed dependant tests
-The disabled tests rely on timing to pass correctly. On a virtualized
+The disabled tests rely on timing to pass correctly. On a virtualized
system under heavy load, these tests randomly fail because they miss
a timer or other timing related issues.
Upstream-Status: Pending
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
+
---
configure.in | 6 ++++++
include/apr.h.in | 1 +
@@ -16,10 +17,10 @@ Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/configure.in b/configure.in
-index d9f32d6..f0c5661 100644
+index bfd488b..3663220 100644
--- a/configure.in
+++ b/configure.in
-@@ -2886,6 +2886,12 @@ AC_ARG_ENABLE(timedlocks,
+@@ -3023,6 +3023,12 @@ AC_ARG_ENABLE(timedlocks,
)
AC_SUBST(apr_has_timedlocks)
@@ -45,10 +46,10 @@ index ee99def..c46a5f4 100644
#define APR_PROCATTR_USER_SET_REQUIRES_PASSWORD @apr_procattr_user_set_requires_password@
diff --git a/test/testlock.c b/test/testlock.c
-index a43f477..6233d0b 100644
+index e3437c1..04e01b9 100644
--- a/test/testlock.c
+++ b/test/testlock.c
-@@ -396,13 +396,13 @@ abts_suite *testlock(abts_suite *suite)
+@@ -535,7 +535,7 @@ abts_suite *testlock(abts_suite *suite)
abts_run_test(suite, threads_not_impl, NULL);
#else
abts_run_test(suite, test_thread_mutex, NULL);
@@ -56,6 +57,8 @@ index a43f477..6233d0b 100644
+#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS
abts_run_test(suite, test_thread_timedmutex, NULL);
#endif
+ abts_run_test(suite, test_thread_nestedmutex, NULL);
+@@ -543,7 +543,7 @@ abts_suite *testlock(abts_suite *suite)
abts_run_test(suite, test_thread_rwlock, NULL);
abts_run_test(suite, test_cond, NULL);
abts_run_test(suite, test_timeoutcond, NULL);
@@ -63,7 +66,4 @@ index a43f477..6233d0b 100644
+#if APR_HAS_TIMEDLOCKS && APR_HAVE_TIME_DEPENDANT_TESTS
abts_run_test(suite, test_timeoutmutex, NULL);
#endif
- #endif
---
-2.23.0
-
+ #ifdef WIN32
diff --git a/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch b/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
deleted file mode 100644
index d0a9bd9129..0000000000
--- a/meta/recipes-support/apr/apr/0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 8ca3c3306f1a149e51a3be6a4b1e47e9aee88262 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 23 Aug 2022 22:42:03 -0700
-Subject: [PATCH] add AC_CACHE_CHECK for strerror_r return type
-
-APR's configure script uses AC_TRY_RUN to detect whether the return type
-of strerror_r is int. When cross-compiling this defaults to no.
-
-This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
-influence the outcome with a configure variable.
-
-Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1875065]
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- build/apr_common.m4 | 11 ++++-------
- 1 file changed, 4 insertions(+), 7 deletions(-)
-
-diff --git a/build/apr_common.m4 b/build/apr_common.m4
-index cbf2a4c..42e75cf 100644
---- a/build/apr_common.m4
-+++ b/build/apr_common.m4
-@@ -525,8 +525,9 @@ dnl string.
- dnl
- dnl
- AC_DEFUN([APR_CHECK_STRERROR_R_RC], [
--AC_MSG_CHECKING(for type of return code from strerror_r)
--AC_TRY_RUN([
-+AC_CACHE_CHECK([whether return code from strerror_r has type int],
-+[ac_cv_strerror_r_rc_int],
-+[AC_TRY_RUN([
- #include <errno.h>
- #include <string.h>
- #include <stdio.h>
-@@ -542,14 +543,10 @@ main()
- }], [
- ac_cv_strerror_r_rc_int=yes ], [
- ac_cv_strerror_r_rc_int=no ], [
-- ac_cv_strerror_r_rc_int=no ] )
-+ ac_cv_strerror_r_rc_int=no ] ) ] )
- if test "x$ac_cv_strerror_r_rc_int" = xyes; then
- AC_DEFINE(STRERROR_R_RC_INT, 1, [Define if strerror returns int])
-- msg="int"
--else
-- msg="pointer"
- fi
--AC_MSG_RESULT([$msg])
- ] )
-
- dnl
---
-2.37.2
-
diff --git a/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
index fa6202da79..a78b16284f 100644
--- a/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
+++ b/meta/recipes-support/apr/apr/0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
@@ -1,4 +1,4 @@
-From ee728971fd9d2da39356f1574d58d5daa3b24520 Mon Sep 17 00:00:00 2001
+From 316b81c462f065927d7fec56aadd5c8cb94d1cf0 Mon Sep 17 00:00:00 2001
From: Khem Raj <raj.khem@gmail.com>
Date: Fri, 26 Aug 2022 00:28:08 -0700
Subject: [PATCH] configure: Remove runtime test for mmap that can map
@@ -10,24 +10,25 @@ mutexes
Upstream-Status: Inappropriate [Cross-compile specific]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
---
- configure.in | 32 --------------------------------
- 1 file changed, 32 deletions(-)
+ configure.in | 30 ------------------------------
+ 1 file changed, 30 deletions(-)
diff --git a/configure.in b/configure.in
-index a99049d..f1f55c7 100644
+index 3663220..dce9789 100644
--- a/configure.in
+++ b/configure.in
-@@ -1182,38 +1182,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \
+@@ -1303,36 +1303,6 @@ AC_CHECK_FUNCS([mmap munmap shm_open shm_unlink shmget shmat shmdt shmctl \
APR_CHECK_DEFINE(MAP_ANON, sys/mman.h)
AC_CHECK_FILE(/dev/zero)
-# Not all systems can mmap /dev/zero (such as HP-UX). Check for that.
-if test "$ac_cv_func_mmap" = "yes" &&
-- test "$ac_cv_file__dev_zero" = "yes"; then
-- AC_MSG_CHECKING(for mmap that can map /dev/zero)
-- AC_TRY_RUN([
--#include <sys/types.h>
+- test "$ac_cv_file__dev_zero" = "yes"; then
+- AC_CACHE_CHECK([for mmap that can map /dev/zero],
+- [ac_cv_mmap__dev_zero],
+- [AC_TRY_RUN([#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#ifdef HAVE_SYS_MMAN_H
@@ -49,14 +50,9 @@ index a99049d..f1f55c7 100644
- return 3;
- }
- return 0;
-- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])
--
-- AC_MSG_RESULT($ac_cv_file__dev_zero)
+- }], [], [ac_cv_file__dev_zero=no], [ac_cv_file__dev_zero=no])])
-fi
-
# Now we determine which one is our anonymous shmem preference.
haveshmgetanon="0"
havemmapzero="0"
---
-2.37.2
-
diff --git a/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch b/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch
index 72e706f966..d63423f3a1 100644
--- a/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch
+++ b/meta/recipes-support/apr/apr/0002-apr-Remove-workdir-path-references-from-installed-ap.patch
@@ -1,8 +1,7 @@
-From 5925b20da8bbc34d9bf5a5dca123ef38864d43c6 Mon Sep 17 00:00:00 2001
+From 689a8db96a6d1e1cae9cbfb35d05ac82140a6555 Mon Sep 17 00:00:00 2001
From: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue, 30 Jan 2018 09:39:06 +0800
-Subject: [PATCH 2/7] apr: Remove workdir path references from installed apr
- files
+Subject: [PATCH] apr: Remove workdir path references from installed apr files
Upstream-Status: Inappropriate [configuration]
@@ -14,20 +13,23 @@ packages at target run time, the workdir path caused confusion.
Rebase to 1.6.3
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+
---
- apr-config.in | 26 ++------------------------
- 1 file changed, 2 insertions(+), 24 deletions(-)
+ apr-config.in | 32 ++------------------------------
+ 1 file changed, 2 insertions(+), 30 deletions(-)
diff --git a/apr-config.in b/apr-config.in
-index 84b4073..bbbf651 100644
+index bed47ca..47874e5 100644
--- a/apr-config.in
+++ b/apr-config.in
-@@ -152,14 +152,7 @@ while test $# -gt 0; do
+@@ -164,16 +164,7 @@ while test $# -gt 0; do
flags="$flags $LDFLAGS"
;;
--includes)
- if test "$location" = "installed"; then
flags="$flags -I$includedir $EXTRA_INCLUDES"
+- elif test "$location" = "crosscompile"; then
+- flags="$flags -I$APR_TARGET_DIR/$includedir $EXTRA_INCLUDES"
- elif test "$location" = "source"; then
- flags="$flags -I$APR_SOURCE_DIR/include $EXTRA_INCLUDES"
- else
@@ -37,13 +39,15 @@ index 84b4073..bbbf651 100644
;;
--srcdir)
echo $APR_SOURCE_DIR
-@@ -181,29 +174,14 @@ while test $# -gt 0; do
+@@ -197,33 +188,14 @@ while test $# -gt 0; do
exit 0
;;
--link-ld)
- if test "$location" = "installed"; then
- ### avoid using -L if libdir is a "standard" location like /usr/lib
- flags="$flags -L$libdir -l${APR_LIBNAME}"
+- elif test "$location" = "crosscompile"; then
+- flags="$flags -L$APR_TARGET_DIR/$libdir -l${APR_LIBNAME}"
- else
- ### this surely can't work since the library is in .libs?
- flags="$flags -L$APR_BUILD_DIR -l${APR_LIBNAME}"
@@ -62,6 +66,8 @@ index 84b4073..bbbf651 100644
- # Since the user is specifying they are linking with libtool, we
- # *know* that -R will be recognized by libtool.
- flags="$flags -L$libdir -R$libdir -l${APR_LIBNAME}"
+- elif test "$location" = "crosscompile"; then
+- flags="$flags -L${APR_TARGET_DIR}/$libdir -l${APR_LIBNAME}"
- else
- flags="$flags $LA_FILE"
- fi
@@ -69,6 +75,3 @@ index 84b4073..bbbf651 100644
;;
--shlib-path-var)
echo "$SHLIBPATH_VAR"
---
-1.8.3.1
-
diff --git a/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch b/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch
deleted file mode 100644
index 4dd53bd8eb..0000000000
--- a/meta/recipes-support/apr/apr/0003-Makefile.in-configure.in-support-cross-compiling.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From d5028c10f156c224475b340cfb1ba025d6797243 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Fri, 2 Feb 2018 15:51:42 +0800
-Subject: [PATCH 3/7] Makefile.in/configure.in: support cross compiling
-
-While cross compiling, the tools/gen_test_char could not
-be executed at build time, use AX_PROG_CC_FOR_BUILD to
-build native tools/gen_test_char
-
-Upstream-Status: Submitted [https://github.com/apache/apr/pull/8]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- Makefile.in | 10 +++-------
- configure.in | 3 +++
- 2 files changed, 6 insertions(+), 7 deletions(-)
-
-diff --git a/Makefile.in b/Makefile.in
-index 5fb760e..8675f90 100644
---- a/Makefile.in
-+++ b/Makefile.in
-@@ -46,7 +46,7 @@ LT_VERSION = @LT_VERSION@
-
- CLEAN_TARGETS = apr-config.out apr.exp exports.c export_vars.c .make.dirs \
- build/apr_rules.out tools/gen_test_char@EXEEXT@ \
-- tools/gen_test_char.o tools/gen_test_char.lo \
-+ tools/gen_test_char.o \
- include/private/apr_escape_test_char.h
- DISTCLEAN_TARGETS = config.cache config.log config.status \
- include/apr.h include/arch/unix/apr_private.h \
-@@ -131,13 +131,9 @@ check: $(TARGET_LIB)
- etags:
- etags `find . -name '*.[ch]'`
-
--OBJECTS_gen_test_char = tools/gen_test_char.lo $(LOCAL_LIBS)
--tools/gen_test_char.lo: tools/gen_test_char.c
-+tools/gen_test_char@EXEEXT@: tools/gen_test_char.c
- $(APR_MKDIR) tools
-- $(LT_COMPILE)
--
--tools/gen_test_char@EXEEXT@: $(OBJECTS_gen_test_char)
-- $(LINK_PROG) $(OBJECTS_gen_test_char) $(ALL_LIBS)
-+ $(CC_FOR_BUILD) $(CFLAGS_FOR_BUILD) $< -o $@
-
- include/private/apr_escape_test_char.h: tools/gen_test_char@EXEEXT@
- $(APR_MKDIR) include/private
-diff --git a/configure.in b/configure.in
-index 719f331..361120f 100644
---- a/configure.in
-+++ b/configure.in
-@@ -183,6 +183,9 @@ dnl can only be used once within a configure script, so this prevents a
- dnl preload section from invoking the macro to get compiler info.
- AC_PROG_CC
-
-+dnl Check build CC for gen_test_char compiling which is executed at build time.
-+AX_PROG_CC_FOR_BUILD
-+
- dnl AC_PROG_SED is only avaliable in recent autoconf versions.
- dnl Use AC_CHECK_PROG instead if AC_PROG_SED is not present.
- ifdef([AC_PROG_SED],
---
-1.8.3.1
-
diff --git a/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch b/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
deleted file mode 100644
index d1a2ebe881..0000000000
--- a/meta/recipes-support/apr/apr/0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 49661ea3858cf8494926cccf57d3e8c6dcb47117 Mon Sep 17 00:00:00 2001
-From: Dengke Du <dengke.du@windriver.com>
-Date: Wed, 14 Dec 2016 18:13:08 +0800
-Subject: [PATCH] apr: fix off_t size doesn't match in glibc when cross
- compiling
-
-In configure.in, it contains the following:
-
- APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8)
-
-the macro "APR_CHECK_SIZEOF_EXTENDED" was defined in build/apr_common.m4,
-it use the "AC_TRY_RUN" macro, this macro let the off_t to 8, when cross
-compiling enable.
-
-So it was hardcoded for cross compiling, we should detect it dynamic based on
-the sysroot's glibc. We change it to the following:
-
- AC_CHECK_SIZEOF(off_t)
-
-The same for the following hardcoded types for cross compiling:
-
- pid_t 8
- ssize_t 8
- size_t 8
- off_t 8
-
-Change the above correspondingly.
-
-Signed-off-by: Dengke Du <dengke.du@windriver.com>
-
-Upstream-Status: Pending
-
----
- configure.in | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/configure.in b/configure.in
-index 27b8539..fb408d1 100644
---- a/configure.in
-+++ b/configure.in
-@@ -1801,7 +1801,7 @@ else
- socklen_t_value="int"
- fi
-
--APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], pid_t, 8)
-+AC_CHECK_SIZEOF(pid_t)
-
- if test "$ac_cv_sizeof_pid_t" = "$ac_cv_sizeof_short"; then
- pid_t_fmt='#define APR_PID_T_FMT "hd"'
-@@ -1873,7 +1873,7 @@ APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned long, lu, [size_t_fmt="lu"], [
- APR_CHECK_TYPES_FMT_COMPATIBLE(size_t, unsigned int, u, [size_t_fmt="u"])
- ])
-
--APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], ssize_t, 8)
-+AC_CHECK_SIZEOF(ssize_t)
-
- dnl the else cases below should no longer occur;
- AC_MSG_CHECKING([which format to use for apr_ssize_t])
-@@ -1891,7 +1891,7 @@ fi
-
- ssize_t_fmt="#define APR_SSIZE_T_FMT \"$ssize_t_fmt\""
-
--APR_CHECK_SIZEOF_EXTENDED([#include <stddef.h>], size_t, 8)
-+AC_CHECK_SIZEOF(size_t)
-
- # else cases below should no longer occur;
- AC_MSG_CHECKING([which format to use for apr_size_t])
-@@ -1909,7 +1909,7 @@ fi
-
- size_t_fmt="#define APR_SIZE_T_FMT \"$size_t_fmt\""
-
--APR_CHECK_SIZEOF_EXTENDED([#include <sys/types.h>], off_t, 8)
-+AC_CHECK_SIZEOF(off_t)
-
- if test "${ac_cv_sizeof_off_t}${apr_cv_use_lfs64}" = "4yes"; then
- # Enable LFS
diff --git a/meta/recipes-support/apr/apr/CVE-2021-35940.patch b/meta/recipes-support/apr/apr/CVE-2021-35940.patch
deleted file mode 100644
index 00befdacee..0000000000
--- a/meta/recipes-support/apr/apr/CVE-2021-35940.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-
-SECURITY: CVE-2021-35940 (cve.mitre.org)
-
-Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
-was addressed in 1.6.x in 1.6.3 and later via r1807976.
-
-The fix was merged back to 1.7.x in r1891198.
-
-Since this was a regression in 1.7.0, a new CVE name has been assigned
-to track this, CVE-2021-35940.
-
-Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.
-
-https://svn.apache.org/viewvc?view=revision&revision=1891198
-
-Upstream-Status: Backport
-CVE: CVE-2021-35940
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
-
-Index: time/unix/time.c
-===================================================================
---- a/time/unix/time.c (revision 1891197)
-+++ b/time/unix/time.c (revision 1891198)
-@@ -142,6 +142,9 @@
- static const int dayoffset[12] =
- {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
-
-+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
-+ return APR_EBADDATE;
-+
- /* shift new year to 1st March in order to make leap year calc easy */
-
- if (xt->tm_mon < 2)
-Index: time/win32/time.c
-===================================================================
---- a/time/win32/time.c (revision 1891197)
-+++ b/time/win32/time.c (revision 1891198)
-@@ -54,6 +54,9 @@
- static const int dayoffset[12] =
- {0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
-
-+ if (tm->wMonth < 1 || tm->wMonth > 12)
-+ return APR_EBADDATE;
-+
- /* Note; the caller is responsible for filling in detailed tm_usec,
- * tm_gmtoff and tm_isdst data when applicable.
- */
-@@ -228,6 +231,9 @@
- static const int dayoffset[12] =
- {306, 337, 0, 31, 61, 92, 122, 153, 184, 214, 245, 275};
-
-+ if (xt->tm_mon < 0 || xt->tm_mon >= 12)
-+ return APR_EBADDATE;
-+
- /* shift new year to 1st March in order to make leap year calc easy */
-
- if (xt->tm_mon < 2)
diff --git a/meta/recipes-support/apr/apr/autoconf270.patch b/meta/recipes-support/apr/apr/autoconf270.patch
deleted file mode 100644
index 9f7b5c624c..0000000000
--- a/meta/recipes-support/apr/apr/autoconf270.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-With autoconf 2.70 confdefs.h is already included. Including it twice generates
-compiler warnings and since this macros is to error on warnings, it breaks.
-
-Fix by not including the file.
-
-Upstream-Status: Pending
-RP - 2021/1/28
-
-Index: apr-1.7.0/build/apr_common.m4
-===================================================================
---- apr-1.7.0.orig/build/apr_common.m4
-+++ apr-1.7.0/build/apr_common.m4
-@@ -505,8 +505,7 @@ AC_DEFUN([APR_TRY_COMPILE_NO_WARNING],
- fi
- AC_COMPILE_IFELSE(
- [AC_LANG_SOURCE(
-- [#include "confdefs.h"
-- ]
-+ []
- [[$1]]
- [int main(int argc, const char *const *argv) {]
- [[$2]]
diff --git a/meta/recipes-support/apr/apr/libtoolize_check.patch b/meta/recipes-support/apr/apr/libtoolize_check.patch
index 740792e6b0..80ce43caa4 100644
--- a/meta/recipes-support/apr/apr/libtoolize_check.patch
+++ b/meta/recipes-support/apr/apr/libtoolize_check.patch
@@ -1,6 +1,7 @@
+From 17835709bc55657b7af1f7c99b3f572b819cf97e Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
-Subject: check for libtoolize rather than libtool
-Last-Update: 2014-09-19
+Date: Tue, 7 Feb 2023 07:04:00 +0000
+Subject: [PATCH] check for libtoolize rather than libtool
libtool is now in package libtool-bin, but apr only needs libtoolize.
@@ -8,14 +9,22 @@ Upstream-Status: Pending [ from debian: https://sources.debian.org/data/main/a/a
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---- apr.orig/build/buildcheck.sh
-+++ apr/build/buildcheck.sh
-@@ -39,11 +39,11 @@ fi
+---
+ build/buildcheck.sh | 10 ++++------
+ 1 file changed, 4 insertions(+), 6 deletions(-)
+
+diff --git a/build/buildcheck.sh b/build/buildcheck.sh
+index 44921b5..08bc8a8 100755
+--- a/build/buildcheck.sh
++++ b/build/buildcheck.sh
+@@ -39,13 +39,11 @@ fi
# ltmain.sh (GNU libtool 1.1361 2004/01/02 23:10:52) 1.5a
# output is multiline from 1.5 onwards
-# Require libtool 1.4 or newer
--libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14`
+-if test -z "$libtool"; then
+- libtool=`build/PrintPath glibtool1 glibtool libtool libtool15 libtool14`
+-fi
-lt_pversion=`$libtool --version 2>/dev/null|sed -e 's/([^)]*)//g;s/^[^0-9]*//;s/[- ].*//g;q'`
+# Require libtoolize 1.4 or newer
+libtoolize=`build/PrintPath glibtoolize1 glibtoolize libtoolize libtoolize15 libtoolize14`
diff --git a/meta/recipes-support/apr/apr_1.7.0.bb b/meta/recipes-support/apr/apr_1.7.2.bb
similarity index 91%
rename from meta/recipes-support/apr/apr_1.7.0.bb
rename to meta/recipes-support/apr/apr_1.7.2.bb
index cb4bb936d7..c9059c9921 100644
--- a/meta/recipes-support/apr/apr_1.7.0.bb
+++ b/meta/recipes-support/apr/apr_1.7.2.bb
@@ -16,21 +16,15 @@ BBCLASSEXTEND = "native nativesdk"
SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://run-ptest \
file://0002-apr-Remove-workdir-path-references-from-installed-ap.patch \
- file://0003-Makefile.in-configure.in-support-cross-compiling.patch \
file://0004-Fix-packet-discards-HTTP-redirect.patch \
file://0005-configure.in-fix-LTFLAGS-to-make-it-work-with-ccache.patch \
- file://0006-apr-fix-off_t-size-doesn-t-match-in-glibc-when-cross.patch \
file://0007-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
file://libtoolize_check.patch \
file://0001-Add-option-to-disable-timed-dependant-tests.patch \
- file://autoconf270.patch \
- file://0001-add-AC_CACHE_CHECK-for-strerror_r-return-type.patch \
file://0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch \
- file://CVE-2021-35940.patch \
"
-SRC_URI[md5sum] = "7a14a83d664e87599ea25ff4432e48a7"
-SRC_URI[sha256sum] = "e2e148f0b2e99b8e5c6caa09f6d4fb4dd3e83f744aa72a952f94f5a14436f7ea"
+SRC_URI[sha256sum] = "75e77cc86776c030c0a5c408dfbd0bf2a0b75eed5351e52d5439fa1e5509a43e"
inherit autotools-brokensep lib_package binconfig multilib_header ptest multilib_script
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 05/23] apr-util: update 1.6.1 -> 1.6.3
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 04/23] apr: update 1.7.0 -> 1.7.2 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 06/23] bind: upgrade 9.18.10 -> 9.18.11 Steve Sakoman
` (17 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Changes with APR-util 1.6.3
*) Correct a packaging issue in 1.6.2. The contents of the release were
correct, but the top level directory was misnamed.
Changes with APR-util 1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
*) Teach configure how to find and build against MariaDB 10.2. PR 61517
[Kris Karas <bugs-a17 moonlit-rail.com>]
*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
prevented commoncrypto being enabled. [Graham Leggett]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
apr_dbm_gdbm will now also return error codes starting with
APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always
returning APR_EGENERAL. [Stefan Fritsch]
Drop backport.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dca707f9fecc805503e17f6db3e4c88069ac0125)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 43cd36b178ebb602edd5919c26f8b8642736a3a8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../0001-Fix-error-handling-in-gdbm.patch | 134 ------------------
.../{apr-util_1.6.1.bb => apr-util_1.6.3.bb} | 6 +-
2 files changed, 2 insertions(+), 138 deletions(-)
delete mode 100644 meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch
rename meta/recipes-support/apr/{apr-util_1.6.1.bb => apr-util_1.6.3.bb} (94%)
diff --git a/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch b/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch
deleted file mode 100644
index 6f27876a7f..0000000000
--- a/meta/recipes-support/apr/apr-util/0001-Fix-error-handling-in-gdbm.patch
+++ /dev/null
@@ -1,134 +0,0 @@
-From 6b638fa9afbeb54dfa19378e391465a5284ce1ad Mon Sep 17 00:00:00 2001
-From: Changqing Li <changqing.li@windriver.com>
-Date: Wed, 12 Sep 2018 17:16:36 +0800
-Subject: [PATCH] Fix error handling in gdbm
-
-Only check for gdbm_errno if the return value of the called gdbm_*
-function says so. This fixes apr-util with gdbm 1.14, which does not
-seem to always reset gdbm_errno.
-
-Also make the gdbm driver return error codes starting with
-APR_OS_START_USEERR instead of always returning APR_EGENERAL. This is
-what the berkleydb driver already does.
-
-Also ensure that dsize is 0 if dptr == NULL.
-
-Upstream-Status: Backport [https://svn.apache.org/viewvc?view=revision&revision=1825311]
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
----
- dbm/apr_dbm_gdbm.c | 47 +++++++++++++++++++++++++++++------------------
- 1 file changed, 29 insertions(+), 18 deletions(-)
-
-diff --git a/dbm/apr_dbm_gdbm.c b/dbm/apr_dbm_gdbm.c
-index 749447a..1c86327 100644
---- a/dbm/apr_dbm_gdbm.c
-+++ b/dbm/apr_dbm_gdbm.c
-@@ -36,13 +36,25 @@
- static apr_status_t g2s(int gerr)
- {
- if (gerr == -1) {
-- /* ### need to fix this */
-- return APR_EGENERAL;
-+ if (gdbm_errno == GDBM_NO_ERROR)
-+ return APR_SUCCESS;
-+ return APR_OS_START_USEERR + gdbm_errno;
- }
-
- return APR_SUCCESS;
- }
-
-+static apr_status_t gdat2s(datum d)
-+{
-+ if (d.dptr == NULL) {
-+ if (gdbm_errno == GDBM_NO_ERROR || gdbm_errno == GDBM_ITEM_NOT_FOUND)
-+ return APR_SUCCESS;
-+ return APR_OS_START_USEERR + gdbm_errno;
-+ }
-+
-+ return APR_SUCCESS;
-+}
-+
- static apr_status_t datum_cleanup(void *dptr)
- {
- if (dptr)
-@@ -53,22 +65,15 @@ static apr_status_t datum_cleanup(void *dptr)
-
- static apr_status_t set_error(apr_dbm_t *dbm, apr_status_t dbm_said)
- {
-- apr_status_t rv = APR_SUCCESS;
-
-- /* ### ignore whatever the DBM said (dbm_said); ask it explicitly */
-+ dbm->errcode = dbm_said;
-
-- if ((dbm->errcode = gdbm_errno) == GDBM_NO_ERROR) {
-+ if (dbm_said == APR_SUCCESS)
- dbm->errmsg = NULL;
-- }
-- else {
-- dbm->errmsg = gdbm_strerror(gdbm_errno);
-- rv = APR_EGENERAL; /* ### need something better */
-- }
--
-- /* captured it. clear it now. */
-- gdbm_errno = GDBM_NO_ERROR;
-+ else
-+ dbm->errmsg = gdbm_strerror(dbm_said - APR_OS_START_USEERR);
-
-- return rv;
-+ return dbm_said;
- }
-
- /* --------------------------------------------------------------------------
-@@ -107,7 +112,7 @@ static apr_status_t vt_gdbm_open(apr_dbm_t **pdb, const char *pathname,
- NULL);
-
- if (file == NULL)
-- return APR_EGENERAL; /* ### need a better error */
-+ return APR_OS_START_USEERR + gdbm_errno; /* ### need a better error */
-
- /* we have an open database... return it */
- *pdb = apr_pcalloc(pool, sizeof(**pdb));
-@@ -141,10 +146,12 @@ static apr_status_t vt_gdbm_fetch(apr_dbm_t *dbm, apr_datum_t key,
- if (pvalue->dptr)
- apr_pool_cleanup_register(dbm->pool, pvalue->dptr, datum_cleanup,
- apr_pool_cleanup_null);
-+ else
-+ pvalue->dsize = 0;
-
- /* store the error info into DBM, and return a status code. Also, note
- that *pvalue should have been cleared on error. */
-- return set_error(dbm, APR_SUCCESS);
-+ return set_error(dbm, gdat2s(rd));
- }
-
- static apr_status_t vt_gdbm_store(apr_dbm_t *dbm, apr_datum_t key,
-@@ -201,9 +208,11 @@ static apr_status_t vt_gdbm_firstkey(apr_dbm_t *dbm, apr_datum_t *pkey)
- if (pkey->dptr)
- apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup,
- apr_pool_cleanup_null);
-+ else
-+ pkey->dsize = 0;
-
- /* store any error info into DBM, and return a status code. */
-- return set_error(dbm, APR_SUCCESS);
-+ return set_error(dbm, gdat2s(rd));
- }
-
- static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey)
-@@ -221,9 +230,11 @@ static apr_status_t vt_gdbm_nextkey(apr_dbm_t *dbm, apr_datum_t *pkey)
- if (pkey->dptr)
- apr_pool_cleanup_register(dbm->pool, pkey->dptr, datum_cleanup,
- apr_pool_cleanup_null);
-+ else
-+ pkey->dsize = 0;
-
- /* store any error info into DBM, and return a status code. */
-- return set_error(dbm, APR_SUCCESS);
-+ return set_error(dbm, gdat2s(rd));
- }
-
- static void vt_gdbm_freedatum(apr_dbm_t *dbm, apr_datum_t data)
---
-2.7.4
-
diff --git a/meta/recipes-support/apr/apr-util_1.6.1.bb b/meta/recipes-support/apr/apr-util_1.6.3.bb
similarity index 94%
rename from meta/recipes-support/apr/apr-util_1.6.1.bb
rename to meta/recipes-support/apr/apr-util_1.6.3.bb
index b851d46351..7c6fcc699b 100644
--- a/meta/recipes-support/apr/apr-util_1.6.1.bb
+++ b/meta/recipes-support/apr/apr-util_1.6.3.bb
@@ -13,11 +13,9 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \
file://configfix.patch \
file://configure_fixes.patch \
file://run-ptest \
- file://0001-Fix-error-handling-in-gdbm.patch \
-"
+ "
-SRC_URI[md5sum] = "bd502b9a8670a8012c4d90c31a84955f"
-SRC_URI[sha256sum] = "b65e40713da57d004123b6319828be7f1273fbc6490e145874ee1177e112c459"
+SRC_URI[sha256sum] = "2b74d8932703826862ca305b094eef2983c27b39d5c9414442e9976a9acf1983"
EXTRA_OECONF = "--with-apr=${STAGING_BINDIR_CROSS}/apr-1-config \
--without-odbc \
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 06/23] bind: upgrade 9.18.10 -> 9.18.11
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 05/23] apr-util: update 1.6.1 -> 1.6.3 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 07/23] libjpeg-turbo: upgrade 2.1.4 -> 2.1.5 Steve Sakoman
` (16 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Stable branch update
License-update: copyright years
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63e8a8952c3d1b3b5c481be6bba52a3f4d65648e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 54e2de8a589766c9a305c9bd0782afb5353fd109)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../0001-avoid-start-failure-with-bind-user.patch | 0
...0001-named-lwresd-V-and-start-log-hide-build-options.patch | 0
| 0
.../bind/{bind-9.18.10 => bind-9.18.11}/bind9 | 0
.../bind/{bind-9.18.10 => bind-9.18.11}/conf.patch | 0
.../bind/{bind-9.18.10 => bind-9.18.11}/generate-rndc-key.sh | 0
.../init.d-add-support-for-read-only-rootfs.patch | 0
.../make-etc-initd-bind-stop-work.patch | 0
.../bind/{bind-9.18.10 => bind-9.18.11}/named.service | 0
.../bind/{bind_9.18.10.bb => bind_9.18.11.bb} | 4 ++--
10 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/0001-avoid-start-failure-with-bind-user.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/0001-named-lwresd-V-and-start-log-hide-build-options.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/bind-ensure-searching-for-json-headers-searches-sysr.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/bind9 (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/conf.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/generate-rndc-key.sh (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/init.d-add-support-for-read-only-rootfs.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/make-etc-initd-bind-stop-work.patch (100%)
rename meta/recipes-connectivity/bind/{bind-9.18.10 => bind-9.18.11}/named.service (100%)
rename meta/recipes-connectivity/bind/{bind_9.18.10.bb => bind_9.18.11.bb} (96%)
diff --git a/meta/recipes-connectivity/bind/bind-9.18.10/0001-avoid-start-failure-with-bind-user.patch b/meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.10/0001-avoid-start-failure-with-bind-user.patch
rename to meta/recipes-connectivity/bind/bind-9.18.11/0001-avoid-start-failure-with-bind-user.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.10/0001-named-lwresd-V-and-start-log-hide-build-options.patch b/meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.10/0001-named-lwresd-V-and-start-log-hide-build-options.patch
rename to meta/recipes-connectivity/bind/bind-9.18.11/0001-named-lwresd-V-and-start-log-hide-build-options.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.10/bind-ensure-searching-for-json-headers-searches-sysr.patch b/meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.10/bind-ensure-searching-for-json-headers-searches-sysr.patch
rename to meta/recipes-connectivity/bind/bind-9.18.11/bind-ensure-searching-for-json-headers-searches-sysr.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.10/bind9 b/meta/recipes-connectivity/bind/bind-9.18.11/bind9
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.10/bind9
rename to meta/recipes-connectivity/bind/bind-9.18.11/bind9
diff --git a/meta/recipes-connectivity/bind/bind-9.18.10/conf.patch b/meta/recipes-connectivity/bind/bind-9.18.11/conf.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.10/conf.patch
rename to meta/recipes-connectivity/bind/bind-9.18.11/conf.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.10/generate-rndc-key.sh b/meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.10/generate-rndc-key.sh
rename to meta/recipes-connectivity/bind/bind-9.18.11/generate-rndc-key.sh
diff --git a/meta/recipes-connectivity/bind/bind-9.18.10/init.d-add-support-for-read-only-rootfs.patch b/meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.10/init.d-add-support-for-read-only-rootfs.patch
rename to meta/recipes-connectivity/bind/bind-9.18.11/init.d-add-support-for-read-only-rootfs.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.10/make-etc-initd-bind-stop-work.patch b/meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.10/make-etc-initd-bind-stop-work.patch
rename to meta/recipes-connectivity/bind/bind-9.18.11/make-etc-initd-bind-stop-work.patch
diff --git a/meta/recipes-connectivity/bind/bind-9.18.10/named.service b/meta/recipes-connectivity/bind/bind-9.18.11/named.service
similarity index 100%
rename from meta/recipes-connectivity/bind/bind-9.18.10/named.service
rename to meta/recipes-connectivity/bind/bind-9.18.11/named.service
diff --git a/meta/recipes-connectivity/bind/bind_9.18.10.bb b/meta/recipes-connectivity/bind/bind_9.18.11.bb
similarity index 96%
rename from meta/recipes-connectivity/bind/bind_9.18.10.bb
rename to meta/recipes-connectivity/bind/bind_9.18.11.bb
index 2432131f5c..0618129318 100644
--- a/meta/recipes-connectivity/bind/bind_9.18.10.bb
+++ b/meta/recipes-connectivity/bind/bind_9.18.11.bb
@@ -4,7 +4,7 @@ DESCRIPTION = "BIND 9 provides a full-featured Domain Name Server system"
SECTION = "console/network"
LICENSE = "MPL-2.0"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=9a4a897f202c0710e07f2f2836bc2b62"
+LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=d8cf7bd9c4fd5471a588e7e66e672408"
DEPENDS = "openssl libcap zlib libuv"
@@ -20,7 +20,7 @@ SRC_URI = "https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.xz \
file://0001-avoid-start-failure-with-bind-user.patch \
"
-SRC_URI[sha256sum] = "f415a92feb62568b50854a063cb231e257351f8672186d0ab031a49b3de2cac6"
+SRC_URI[sha256sum] = "8ff3352812230cbcbda42df87cad961f94163d3da457c5e4bef8057fd5df2158"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# follow the ESV versions divisible by 2
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 07/23] libjpeg-turbo: upgrade 2.1.4 -> 2.1.5
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 06/23] bind: upgrade 9.18.10 -> 9.18.11 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 08/23] linux-firmware: upgrade 20221214 -> 20230117 Steve Sakoman
` (15 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Significant changes relative to 2.1.4
Fixed issues in the build system whereby, when using the Ninja Multi-Config CMake generator, a static build of libjpeg-turbo (a build in which ENABLE_SHARED is 0) could not be installed, a Windows installer could not be built, and the Java regression tests failed.
Fixed a regression introduced by 2.0 beta1[15] that caused a buffer overrun in the progressive Huffman encoder when attempting to transform a specially-crafted malformed 12-bit-per-component JPEG image into a progressive 12-bit-per-component JPEG image using a 12-bit-per-component build of libjpeg-turbo (-DWITH_12BIT=1.) Given that the buffer overrun was fully contained within the progressive Huffman encoder structure and did not cause a segfault or other user-visible errant behavior, given that the lossless transformer (unlike the decompressor) is not generally exposed to arbitrary data exploits, and given that 12-bit-per-component builds of libjpeg-turbo are uncommon, this issue did not likely pose a security risk.
Fixed an issue whereby, when using a 12-bit-per-component build of libjpeg-turbo (-DWITH_12BIT=1), passing samples with values greater than 4095 or less than 0 to jpeg_write_scanlines() caused a buffer overrun or underrun in the RGB-to-YCbCr color converter.
Fixed a floating point exception that occurred when attempting to use the jpegtran -drop and -trim options to losslessly transform a specially-crafted malformed JPEG image.
Fixed an issue in tjBufSizeYUV2() whereby it returned a bogus result, rather than throwing an error, if the align parameter was not a power of 2. Fixed a similar issue in tjCompressFromYUV() whereby it generated a corrupt JPEG image in certain cases, rather than throwing an error, if the align parameter was not a power of 2.
Fixed an issue whereby tjDecompressToYUV2(), which is a wrapper for tjDecompressToYUVPlanes(), used the desired YUV image dimensions rather than the actual scaled image dimensions when computing the plane pointers and strides to pass to tjDecompressToYUVPlanes(). This caused a buffer overrun and subsequent segfault if the desired image dimensions exceeded the scaled image dimensions.
Fixed an issue whereby, when decompressing a 12-bit-per-component JPEG image (-DWITH_12BIT=1) using an alpha-enabled output color space such as JCS_EXT_RGBA, the alpha channel was set to 255 rather than 4095.
Fixed an issue whereby the Java version of TJBench did not accept a range of quality values.
Fixed an issue whereby, when -progressive was passed to TJBench, the JPEG input image was not transformed into a progressive JPEG image prior to decompression.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f779689c2c766b609be31222d71110c1a15145a8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit a5d15ae9f4671790d3c5fb3606ec0861c17ed6dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../jpeg/{libjpeg-turbo_2.1.4.bb => libjpeg-turbo_2.1.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-graphics/jpeg/{libjpeg-turbo_2.1.4.bb => libjpeg-turbo_2.1.5.bb} (97%)
diff --git a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.bb
similarity index 97%
rename from meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb
rename to meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.bb
index 1708fa97f0..4d21ca1e1d 100644
--- a/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.4.bb
+++ b/meta/recipes-graphics/jpeg/libjpeg-turbo_2.1.5.bb
@@ -14,7 +14,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${BPN}/${BPN}-${PV}.tar.gz \
file://0001-libjpeg-turbo-fix-package_qa-error.patch \
"
-SRC_URI[sha256sum] = "d3ed26a1131a13686dfca4935e520eb7c90ae76fbc45d98bb50a8dc86230342b"
+SRC_URI[sha256sum] = "bc12bc9dce55300c6bf4342bc233bcc26bd38bf289eedf147360d731c668ddaf"
UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/libjpeg-turbo/files/"
UPSTREAM_CHECK_REGEX = "/libjpeg-turbo/files/(?P<pver>(\d+[\.\-_]*)+)/"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 08/23] linux-firmware: upgrade 20221214 -> 20230117
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 07/23] libjpeg-turbo: upgrade 2.1.4 -> 2.1.5 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 09/23] git: upgrade 2.35.6 -> 2.35.7 Steve Sakoman
` (14 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
License-Update: additional firmwares, copyright years
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fdb8c12fc71b4a985372f5d02ce59a1402c14c4a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...inux-firmware_20221214.bb => linux-firmware_20230117.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20221214.bb => linux-firmware_20230117.bb} (99%)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb
index c2354e627f..1dce06c8f5 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20221214.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230117.bb
@@ -70,7 +70,7 @@ LICENSE = "\
LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.adsp_sst;md5=615c45b91a5a4a9fe046d6ab9a2df728 \
file://LICENCE.agere;md5=af0133de6b4a9b2522defd5f188afd31 \
- file://LICENSE.amdgpu;md5=44c1166d052226cb2d6c8d7400090203 \
+ file://LICENSE.amdgpu;md5=a2589a05ea5b6bd2b7f4f623c7e7a649 \
file://LICENSE.amd-ucode;md5=6ca90c57f7b248de1e25c7f68ffc4698 \
file://LICENSE.amlogic_vdec;md5=dc44f59bf64a81643e500ad3f39a468a \
file://LICENCE.atheros_firmware;md5=30a14c7823beedac9fa39c64fdd01a13 \
@@ -132,7 +132,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
"
# WHENCE checksum is defined separately to ease overriding it if
# class-devupstream is selected.
-WHENCE_CHKSUM = "bf7c716d16e48fe118c6209f99b13253"
+WHENCE_CHKSUM = "05f1d941972cedadbf667c05f6010378"
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -209,7 +209,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] = "e793783e92acbde549965521462d1d1327827360664cf242dbda08f075654331"
+SRC_URI[sha256sum] = "df11e25ba2fb4d5343473757e17a3b4cef599250a26b1f7e0f038850f0cb3d64"
inherit allarch
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 09/23] git: upgrade 2.35.6 -> 2.35.7
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (7 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 08/23] linux-firmware: upgrade 20221214 -> 20230117 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 10/23] sudo: upgrade 1.9.12p1 -> 1.9.12p2 Steve Sakoman
` (13 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Sakib Sajal <sakib.sajal@windriver.com>
Upgrade git to latest 2.37.x release to address
security issues CVE-2022-23521 and CVE-2022-41903.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/git/{git_2.35.6.bb => git_2.35.7.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/git/{git_2.35.6.bb => git_2.35.7.bb} (98%)
diff --git a/meta/recipes-devtools/git/git_2.35.6.bb b/meta/recipes-devtools/git/git_2.35.7.bb
similarity index 98%
rename from meta/recipes-devtools/git/git_2.35.6.bb
rename to meta/recipes-devtools/git/git_2.35.7.bb
index 0bb4a6a021..7cc8e5722b 100644
--- a/meta/recipes-devtools/git/git_2.35.6.bb
+++ b/meta/recipes-devtools/git/git_2.35.7.bb
@@ -167,4 +167,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \
"
EXTRA_OEMAKE += "NO_GETTEXT=1"
-SRC_URI[tarball.sha256sum] = "6bd51e0487028543ba40fe3d5b33bd124526a7f7109824aa7f022e79edf93bd1"
+SRC_URI[tarball.sha256sum] = "fc849272a95cc7457091221a645fcd753b3b1984767ee3323fb6a0aa944bbcb4"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 10/23] sudo: upgrade 1.9.12p1 -> 1.9.12p2
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (8 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 09/23] git: upgrade 2.35.6 -> 2.35.7 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 11/23] libgit2: uprade 1.4.3 -> 1.4.4 Steve Sakoman
` (12 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
Changes:
Fixed a compilation error on Linux/aarch64. GitHub issue #197.
Fixed a potential crash introduced in the fix GitHub issue #134. If a user’s sudoers entry did not have any RunAs user’s set, running sudo -U otheruser -l would dereference a NULL pointer.
Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the iolog_file sudoers setting contains six or more Xs.
Fixed a compilation issue on AIX with the native compiler. GitHub issue #231.
Fixed CVE-2023-22809, a flaw in sudo’s -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5a3f5f4f607f5e06af772287109b68579154fb2f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit cd1b6167242003c79b39d8761ea0f36db41f0671)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../sudo/{sudo_1.9.12p1.bb => sudo_1.9.12p2.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-extended/sudo/{sudo_1.9.12p1.bb => sudo_1.9.12p2.bb} (96%)
diff --git a/meta/recipes-extended/sudo/sudo_1.9.12p1.bb b/meta/recipes-extended/sudo/sudo_1.9.12p2.bb
similarity index 96%
rename from meta/recipes-extended/sudo/sudo_1.9.12p1.bb
rename to meta/recipes-extended/sudo/sudo_1.9.12p2.bb
index 1495b67b8b..ae7207c081 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.12p1.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.12p2.bb
@@ -8,7 +8,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[sha256sum] = "475a18a8eb3da8b2917ceab063a6baf51ea09128c3c47e3e0e33ab7497bab7d8"
+SRC_URI[sha256sum] = "b9a0b1ae0f1ddd9be7f3eafe70be05ee81f572f6f536632c44cd4101bb2a8539"
DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 11/23] libgit2: uprade 1.4.3 -> 1.4.4
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (9 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 10/23] sudo: upgrade 1.9.12p1 -> 1.9.12p2 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 12/23] libgit2: upgrade 1.4.4 -> 1.4.5 Steve Sakoman
` (11 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
This is a security release with multiple changes.
This provides compatibility with git's changes to address CVE 2022-29187. As a follow up to CVE 2022-24765, now not only is the working directory of a non-bare repository examined for its ownership, but the .git directory and the .git file (if present) are also examined for their ownership.
A fix for compatibility with git's (new) behavior for CVE 2022-24765 allows users on POSIX systems to access a git repository that is owned by them when they are running in sudo.
A fix for further compatibility with git's (existing) behavior for CVE 2022-24765 allows users on Windows to access a git repository that is owned by the Administrator when running with escalated privileges (using runas Administrator).
The bundled zlib is updated to v1.2.12, as prior versions had memory corruption bugs. It is not known that there is a security vulnerability in libgit2 based on these bugs, but we are updating to be cautious.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libgit2/{libgit2_1.4.3.bb => libgit2_1.4.4.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libgit2/{libgit2_1.4.3.bb => libgit2_1.4.4.bb} (91%)
diff --git a/meta/recipes-support/libgit2/libgit2_1.4.3.bb b/meta/recipes-support/libgit2/libgit2_1.4.4.bb
similarity index 91%
rename from meta/recipes-support/libgit2/libgit2_1.4.3.bb
rename to meta/recipes-support/libgit2/libgit2_1.4.4.bb
index 7e27b5b018..a6f4d8d7f2 100644
--- a/meta/recipes-support/libgit2/libgit2_1.4.3.bb
+++ b/meta/recipes-support/libgit2/libgit2_1.4.4.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e5a9227de4cb6afb5d35ed7b0fdf480d"
DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.4;protocol=https"
-SRCREV = "465bbf88ea939a965fbcbade72870c61f815e457"
+SRCREV = "3b7d756ccfaf9ec2922d2db22e6cc98f8ab6580c"
S = "${WORKDIR}/git"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 12/23] libgit2: upgrade 1.4.4 -> 1.4.5
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (10 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 11/23] libgit2: uprade 1.4.3 -> 1.4.4 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 13/23] qemu: fix compile error Steve Sakoman
` (10 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
Fixes:
libgit2, when compiled using the optional, included libssh2 backend, fails to verify SSH keys by default.
Description
When using an SSH remote with the optional, included libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificate_check field of libgit2's git_remote_callbacks structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack.
Beginning in libgit2 v1.4.5 and v1.5.1, libgit2 will now perform host key checking by default. Users can still override the default behavior using the certificate_check function.
The libgit2 security team would like to thank the Julia and Rust security teams for responsibly disclosing this vulnerability and assisting with fixing the vulnerability.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libgit2/{libgit2_1.4.4.bb => libgit2_1.4.5.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/libgit2/{libgit2_1.4.4.bb => libgit2_1.4.5.bb} (91%)
diff --git a/meta/recipes-support/libgit2/libgit2_1.4.4.bb b/meta/recipes-support/libgit2/libgit2_1.4.5.bb
similarity index 91%
rename from meta/recipes-support/libgit2/libgit2_1.4.4.bb
rename to meta/recipes-support/libgit2/libgit2_1.4.5.bb
index a6f4d8d7f2..aadfe4ad02 100644
--- a/meta/recipes-support/libgit2/libgit2_1.4.4.bb
+++ b/meta/recipes-support/libgit2/libgit2_1.4.5.bb
@@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=e5a9227de4cb6afb5d35ed7b0fdf480d"
DEPENDS = "curl openssl zlib libssh2 libgcrypt libpcre2"
SRC_URI = "git://github.com/libgit2/libgit2.git;branch=maint/v1.4;protocol=https"
-SRCREV = "3b7d756ccfaf9ec2922d2db22e6cc98f8ab6580c"
+SRCREV = "cd6f679af401eda1f172402006ef8265f8bd58ea"
S = "${WORKDIR}/git"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 13/23] qemu: fix compile error
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (11 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 12/23] libgit2: upgrade 1.4.4 -> 1.4.5 Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 14/23] update-alternatives: fix typos Steve Sakoman
` (9 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Kai Kang <kai.kang@windriver.com>
Backport 2 patches and rebase
0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch to fix
compile error:
../qemu-6.2.0/hw/display/qxl.c: In function 'qxl_phys2virt':
../qemu-6.2.0/hw/display/qxl.c:1477:67: error: 'size' undeclared (first use in this function); did you mean 'gsize'?
1477 | if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
| ^~~~
| gsize
../qemu-6.2.0/hw/display/qxl.c:1477:67: note: each undeclared identifier is reported only once for each function it appears in
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/qemu/qemu.inc | 2 +
...ave-qxl_log_command-Return-early-if-.patch | 57 +++++
...ass-requested-buffer-size-to-qxl_phy.patch | 217 ++++++++++++++++++
3 files changed, 276 insertions(+)
create mode 100644 meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Have-qxl_log_command-Return-early-if-.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch
diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc
index b68be447f1..5430718f75 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -93,6 +93,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://0021-target-ppc-implement-xs-n-maddqp-o-xs-n-msubqp-o.patch \
file://CVE-2022-3165.patch \
file://CVE-2022-4144.patch \
+ file://0001-hw-display-qxl-Have-qxl_log_command-Return-early-if-.patch \
+ file://0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
diff --git a/meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Have-qxl_log_command-Return-early-if-.patch b/meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Have-qxl_log_command-Return-early-if-.patch
new file mode 100644
index 0000000000..cd846222c9
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Have-qxl_log_command-Return-early-if-.patch
@@ -0,0 +1,57 @@
+Upstream-Status: Backport [https://github.com/qemu/qemu/commit/61c34fc]
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 61c34fc194b776ecadc39fb26b061331107e5599 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Mon, 28 Nov 2022 21:27:37 +0100
+Subject: [PATCH] hw/display/qxl: Have qxl_log_command Return early if no
+ log_cmd handler
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Only 3 command types are logged: no need to call qxl_phys2virt()
+for the other types. Using different cases will help to pass
+different structure sizes to qxl_phys2virt() in a pair of commits.
+
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20221128202741.4945-2-philmd@linaro.org>
+---
+ hw/display/qxl-logger.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/hw/display/qxl-logger.c b/hw/display/qxl-logger.c
+index 68bfa47568..1bcf803db6 100644
+--- a/hw/display/qxl-logger.c
++++ b/hw/display/qxl-logger.c
+@@ -247,6 +247,16 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
+ qxl_name(qxl_type, ext->cmd.type),
+ compat ? "(compat)" : "");
+
++ switch (ext->cmd.type) {
++ case QXL_CMD_DRAW:
++ break;
++ case QXL_CMD_SURFACE:
++ break;
++ case QXL_CMD_CURSOR:
++ break;
++ default:
++ goto out;
++ }
+ data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
+ if (!data) {
+ return 1;
+@@ -269,6 +279,7 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
+ qxl_log_cmd_cursor(qxl, data, ext->group_id);
+ break;
+ }
++out:
+ fprintf(stderr, "\n");
+ return 0;
+ }
+--
+2.34.1
+
diff --git a/meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch b/meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch
new file mode 100644
index 0000000000..ac51cf567a
--- /dev/null
+++ b/meta/recipes-devtools/qemu/qemu/0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch
@@ -0,0 +1,217 @@
+Upstream-Status: Backport [https://github.com/qemu/qemu/commit/8efec0e]
+
+Backport and rebase patch to fix compile error which imported by CVE-2022-4144.patch:
+
+../qemu-6.2.0/hw/display/qxl.c: In function 'qxl_phys2virt':
+../qemu-6.2.0/hw/display/qxl.c:1477:67: error: 'size' undeclared (first use in this function); did you mean 'gsize'?
+ 1477 | if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
+ | ^~~~
+ | gsize
+../qemu-6.2.0/hw/display/qxl.c:1477:67: note: each undeclared identifier is reported only once for each function it appears in
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From 8efec0ef8bbc1e75a7ebf6e325a35806ece9b39f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>
+Date: Mon, 28 Nov 2022 21:27:39 +0100
+Subject: [PATCH] hw/display/qxl: Pass requested buffer size to qxl_phys2virt()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Currently qxl_phys2virt() doesn't check for buffer overrun.
+In order to do so in the next commit, pass the buffer size
+as argument.
+
+For QXLCursor in qxl_render_cursor() -> qxl_cursor() we
+verify the size of the chunked data ahead, checking we can
+access 'sizeof(QXLCursor) + chunk->data_size' bytes.
+Since in the SPICE_CURSOR_TYPE_MONO case the cursor is
+assumed to fit in one chunk, no change are required.
+In SPICE_CURSOR_TYPE_ALPHA the ahead read is handled in
+qxl_unpack_chunks().
+
+Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
+Message-Id: <20221128202741.4945-4-philmd@linaro.org>
+---
+ hw/display/qxl-logger.c | 11 ++++++++---
+ hw/display/qxl-render.c | 20 ++++++++++++++++----
+ hw/display/qxl.c | 14 +++++++++-----
+ hw/display/qxl.h | 3 ++-
+ 4 files changed, 35 insertions(+), 13 deletions(-)
+
+diff --git a/hw/display/qxl-logger.c b/hw/display/qxl-logger.c
+index 1bcf803..35c38f6 100644
+--- a/hw/display/qxl-logger.c
++++ b/hw/display/qxl-logger.c
+@@ -106,7 +106,7 @@ static int qxl_log_image(PCIQXLDevice *qxl, QXLPHYSICAL addr, int group_id)
+ QXLImage *image;
+ QXLImageDescriptor *desc;
+
+- image = qxl_phys2virt(qxl, addr, group_id);
++ image = qxl_phys2virt(qxl, addr, group_id, sizeof(QXLImage));
+ if (!image) {
+ return 1;
+ }
+@@ -214,7 +214,8 @@ int qxl_log_cmd_cursor(PCIQXLDevice *qxl, QXLCursorCmd *cmd, int group_id)
+ cmd->u.set.position.y,
+ cmd->u.set.visible ? "yes" : "no",
+ cmd->u.set.shape);
+- cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id);
++ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, group_id,
++ sizeof(QXLCursor));
+ if (!cursor) {
+ return 1;
+ }
+@@ -236,6 +237,7 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
+ {
+ bool compat = ext->flags & QXL_COMMAND_FLAG_COMPAT;
+ void *data;
++ size_t datasz;
+ int ret;
+
+ if (!qxl->cmdlog) {
+@@ -249,15 +251,18 @@ int qxl_log_command(PCIQXLDevice *qxl, const char *ring, QXLCommandExt *ext)
+
+ switch (ext->cmd.type) {
+ case QXL_CMD_DRAW:
++ datasz = compat ? sizeof(QXLCompatDrawable) : sizeof(QXLDrawable);
+ break;
+ case QXL_CMD_SURFACE:
++ datasz = sizeof(QXLSurfaceCmd);
+ break;
+ case QXL_CMD_CURSOR:
++ datasz = sizeof(QXLCursorCmd);
+ break;
+ default:
+ goto out;
+ }
+- data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
++ data = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id, datasz);
+ if (!data) {
+ return 1;
+ }
+diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c
+index ca21700..fcfd40c 100644
+--- a/hw/display/qxl-render.c
++++ b/hw/display/qxl-render.c
+@@ -107,7 +107,9 @@ static void qxl_render_update_area_unlocked(PCIQXLDevice *qxl)
+ qxl->guest_primary.resized = 0;
+ qxl->guest_primary.data = qxl_phys2virt(qxl,
+ qxl->guest_primary.surface.mem,
+- MEMSLOT_GROUP_GUEST);
++ MEMSLOT_GROUP_GUEST,
++ qxl->guest_primary.abs_stride
++ * height);
+ if (!qxl->guest_primary.data) {
+ goto end;
+ }
+@@ -228,7 +230,8 @@ static void qxl_unpack_chunks(void *dest, size_t size, PCIQXLDevice *qxl,
+ if (offset == size) {
+ return;
+ }
+- chunk = qxl_phys2virt(qxl, chunk->next_chunk, group_id);
++ chunk = qxl_phys2virt(qxl, chunk->next_chunk, group_id,
++ sizeof(QXLDataChunk) + chunk->data_size);
+ if (!chunk) {
+ return;
+ }
+@@ -295,7 +298,8 @@ fail:
+ /* called from spice server thread context only */
+ int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
+ {
+- QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
++ QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
++ sizeof(QXLCursorCmd));
+ QXLCursor *cursor;
+ QEMUCursor *c;
+
+@@ -314,7 +318,15 @@ int qxl_render_cursor(PCIQXLDevice *qxl, QXLCommandExt *ext)
+ }
+ switch (cmd->type) {
+ case QXL_CURSOR_SET:
+- cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id);
++ /* First read the QXLCursor to get QXLDataChunk::data_size ... */
++ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id,
++ sizeof(QXLCursor));
++ if (!cursor) {
++ return 1;
++ }
++ /* Then read including the chunked data following QXLCursor. */
++ cursor = qxl_phys2virt(qxl, cmd->u.set.shape, ext->group_id,
++ sizeof(QXLCursor) + cursor->chunk.data_size);
+ if (!cursor) {
+ return 1;
+ }
+diff --git a/hw/display/qxl.c b/hw/display/qxl.c
+index ae8aa07..2a4b2d4 100644
+--- a/hw/display/qxl.c
++++ b/hw/display/qxl.c
+@@ -274,7 +274,8 @@ static void qxl_spice_monitors_config_async(PCIQXLDevice *qxl, int replay)
+ QXL_IO_MONITORS_CONFIG_ASYNC));
+ }
+
+- cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST);
++ cfg = qxl_phys2virt(qxl, qxl->guest_monitors_config, MEMSLOT_GROUP_GUEST,
++ sizeof(QXLMonitorsConfig));
+ if (cfg != NULL && cfg->count == 1) {
+ qxl->guest_primary.resized = 1;
+ qxl->guest_head0_width = cfg->heads[0].width;
+@@ -459,7 +460,8 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext)
+ switch (le32_to_cpu(ext->cmd.type)) {
+ case QXL_CMD_SURFACE:
+ {
+- QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
++ QXLSurfaceCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
++ sizeof(QXLSurfaceCmd));
+
+ if (!cmd) {
+ return 1;
+@@ -494,7 +496,8 @@ static int qxl_track_command(PCIQXLDevice *qxl, struct QXLCommandExt *ext)
+ }
+ case QXL_CMD_CURSOR:
+ {
+- QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id);
++ QXLCursorCmd *cmd = qxl_phys2virt(qxl, ext->cmd.data, ext->group_id,
++ sizeof(QXLCursorCmd));
+
+ if (!cmd) {
+ return 1;
+@@ -1463,7 +1466,8 @@ static bool qxl_get_check_slot_offset(PCIQXLDevice *qxl, QXLPHYSICAL pqxl,
+ }
+
+ /* can be also called from spice server thread context */
+-void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id)
++void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL pqxl, int group_id,
++ size_t size)
+ {
+ uint64_t offset;
+ uint32_t slot;
+@@ -1971,7 +1975,7 @@ static void qxl_dirty_surfaces(PCIQXLDevice *qxl)
+ }
+
+ cmd = qxl_phys2virt(qxl, qxl->guest_surfaces.cmds[i],
+- MEMSLOT_GROUP_GUEST);
++ MEMSLOT_GROUP_GUEST, sizeof(QXLSurfaceCmd));
+ assert(cmd);
+ assert(cmd->type == QXL_SURFACE_CMD_CREATE);
+ qxl_dirty_one_surface(qxl, cmd->u.surface_create.data,
+diff --git a/hw/display/qxl.h b/hw/display/qxl.h
+index 30d21f4..4551c23 100644
+--- a/hw/display/qxl.h
++++ b/hw/display/qxl.h
+@@ -147,7 +147,8 @@ OBJECT_DECLARE_SIMPLE_TYPE(PCIQXLDevice, PCI_QXL)
+ #define QXL_DEFAULT_REVISION (QXL_REVISION_STABLE_V12 + 1)
+
+ /* qxl.c */
+-void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id);
++void *qxl_phys2virt(PCIQXLDevice *qxl, QXLPHYSICAL phys, int group_id,
++ size_t size);
+ void qxl_set_guest_bug(PCIQXLDevice *qxl, const char *msg, ...)
+ GCC_FMT_ATTR(2, 3);
+
+--
+2.34.1
+
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 14/23] update-alternatives: fix typos
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (12 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 13/23] qemu: fix compile error Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 15/23] image.bbclass: print all QA functions exceptions Steve Sakoman
` (8 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d3ca05b072c152b76a86edaaddebabdef312ea95)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/update-alternatives.bbclass | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/classes/update-alternatives.bbclass b/meta/classes/update-alternatives.bbclass
index fc1ffd828c..7581a70439 100644
--- a/meta/classes/update-alternatives.bbclass
+++ b/meta/classes/update-alternatives.bbclass
@@ -1,5 +1,5 @@
# This class is used to help the alternatives system which is useful when
-# multiple sources provide same command. You can use update-alternatives
+# multiple sources provide the same command. You can use update-alternatives
# command directly in your recipe, but in most cases this class simplifies
# that job.
#
@@ -29,7 +29,7 @@
# A non-default link to create for a target
# ALTERNATIVE_TARGET[name] = "target"
#
-# This is the name of the binary as it's been install by do_install
+# This is the name of the binary as it's been installed by do_install
# i.e. ALTERNATIVE_TARGET[sh] = "/bin/bash"
#
# A package specific link for a target
@@ -62,7 +62,7 @@ ALTERNATIVE_PRIORITY = "10"
# We need special processing for vardeps because it can not work on
# modified flag values. So we aggregate the flags into a new variable
-# and include that vairable in the set.
+# and include that variable in the set.
UPDALTVARS = "ALTERNATIVE ALTERNATIVE_LINK_NAME ALTERNATIVE_TARGET ALTERNATIVE_PRIORITY"
PACKAGE_WRITE_DEPS += "virtual/update-alternatives-native"
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 15/23] image.bbclass: print all QA functions exceptions
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (13 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 14/23] update-alternatives: fix typos Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 16/23] devshell: Do not add scripts/git-intercept to PATH Steve Sakoman
` (7 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Mauro Queiros <maurofrqueiros@gmail.com>
For the QA checks in `image.bbclass`, all exceptions
other than `oe.utils.ImageQAFailed` always print the
following generic message:
"Image QA function func_name failed"
This can be very misleading, as it may hide
python syntax errors and other kind of issues that are
hard to detect without more explicit error messages.
This change makes sure that the error message of all
exceptions are displayed.
Before this change:
"Image QA function func_name failed"
After this change:
"Image QA function func_name failed: f-string: empty expression not allowed (<string>, line 13)"
Signed-off-by: Mauro Queiros <maurofrqueiros@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d85b30d8704d38b86f5b006748cebc74bd2a4fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/image.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index aa14ea2316..00413d56d1 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -313,7 +313,7 @@ fakeroot python do_image_qa () {
except oe.utils.ImageQAFailed as e:
qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (e.name, e.description)
except Exception as e:
- qamsg = qamsg + '\tImage QA function %s failed\n' % cmd
+ qamsg = qamsg + '\tImage QA function %s failed: %s\n' % (cmd, e)
if qamsg:
imgname = d.getVar('IMAGE_NAME')
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 16/23] devshell: Do not add scripts/git-intercept to PATH
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (14 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 15/23] image.bbclass: print all QA functions exceptions Steve Sakoman
@ 2023-02-21 14:40 ` Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 17/23] oeqa ssh.py: move output prints to new line Steve Sakoman
` (6 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:40 UTC (permalink / raw)
To: openembedded-core
From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
The use of scripts/git-intercept was introduced in commit 3266c327df
(install/devshell: Introduce git intercept script due to fakeroot
issues) and later reverted in commit af27c81eaf (scripts: Make git
intercept global).
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f6c260c8e2a33e282a35afc99de4ef8cc1791b08)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/devshell.bbclass | 2 --
1 file changed, 2 deletions(-)
diff --git a/meta/classes/devshell.bbclass b/meta/classes/devshell.bbclass
index 247d04478c..26c01c080a 100644
--- a/meta/classes/devshell.bbclass
+++ b/meta/classes/devshell.bbclass
@@ -2,8 +2,6 @@ inherit terminal
DEVSHELL = "${SHELL}"
-PATH:prepend:task-devshell = "${COREBASE}/scripts/git-intercept:"
-
python do_devshell () {
if d.getVarFlag("do_devshell", "manualfakeroot"):
d.prependVar("DEVSHELL", "pseudo ")
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 17/23] oeqa ssh.py: move output prints to new line
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (15 preceding siblings ...)
2023-02-21 14:40 ` [OE-core][kirkstone 16/23] devshell: Do not add scripts/git-intercept to PATH Steve Sakoman
@ 2023-02-21 14:41 ` Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 18/23] oeqa ssh.py: add connection keep alive options to ssh client Steve Sakoman
` (5 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:41 UTC (permalink / raw)
To: openembedded-core
From: Mikko Rapeli <mikko.rapeli@linaro.org>
The output from is garbled otherwise and it's not
easy to remove debug output form real command output on target.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 917a70cbc43ac1c70c477b220c4115735457ef04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/core/target/ssh.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index f956a7744f..f1b9090bbf 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -240,7 +240,7 @@ def SSHCall(command, logger, timeout=None, **opts):
eof = True
else:
output += data
- logger.debug('Partial data from SSH call: %s' % data)
+ logger.debug('Partial data from SSH call:\n%s' % data)
endtime = time.time() + timeout
except InterruptedError:
continue
@@ -256,12 +256,12 @@ def SSHCall(command, logger, timeout=None, **opts):
endtime = time.time() - starttime
lastline = ("\nProcess killed - no output for %d seconds. Total"
" running time: %d seconds." % (timeout, endtime))
- logger.debug('Received data from SSH call %s ' % lastline)
+ logger.debug('Received data from SSH call:\n%s ' % lastline)
output += lastline
else:
output = process.communicate()[0].decode('utf-8', errors='ignore')
- logger.debug('Data from SSH call: %s' % output.rstrip())
+ logger.debug('Data from SSH call:\n%s' % output.rstrip())
options = {
"stdout": subprocess.PIPE,
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 18/23] oeqa ssh.py: add connection keep alive options to ssh client
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (16 preceding siblings ...)
2023-02-21 14:41 ` [OE-core][kirkstone 17/23] oeqa ssh.py: move output prints to new line Steve Sakoman
@ 2023-02-21 14:41 ` Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 19/23] oeqa dump.py: add error counter and stop after 5 failures Steve Sakoman
` (4 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:41 UTC (permalink / raw)
To: openembedded-core
From: Mikko Rapeli <mikko.rapeli@linaro.org>
Configure ssh client to test that connection with server is up.
If the server does not respond within a minute then the connection,
target machine or sshd daemon are stuck and it's better to exit
the command execution with errors.
Some tests can execute a long time without returning stdout/stderror
data and it's difficult to adjust timers for those cases if
connection to target machine or the target machine itself hangs
and output is not expected in minutes or even hours.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit ba68ff04c5786eca7cd8dd44056705867dea8ac4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/core/target/ssh.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/lib/oeqa/core/target/ssh.py b/meta/lib/oeqa/core/target/ssh.py
index f1b9090bbf..48a463861d 100644
--- a/meta/lib/oeqa/core/target/ssh.py
+++ b/meta/lib/oeqa/core/target/ssh.py
@@ -34,6 +34,8 @@ class OESSHTarget(OETarget):
self.timeout = timeout
self.user = user
ssh_options = [
+ '-o', 'ServerAliveCountMax=2',
+ '-o', 'ServerAliveInterval=30',
'-o', 'UserKnownHostsFile=/dev/null',
'-o', 'StrictHostKeyChecking=no',
'-o', 'LogLevel=ERROR'
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 19/23] oeqa dump.py: add error counter and stop after 5 failures
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (17 preceding siblings ...)
2023-02-21 14:41 ` [OE-core][kirkstone 18/23] oeqa ssh.py: add connection keep alive options to ssh client Steve Sakoman
@ 2023-02-21 14:41 ` Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 20/23] oeqa qemurunner: read more data at a time from serial Steve Sakoman
` (3 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:41 UTC (permalink / raw)
To: openembedded-core
From: Mikko Rapeli <mikko.rapeli@linaro.org>
If test target qemu machine hangs completely, dump_target() calls
over serial console are taking a long time to time out, possibly
for every failing ssh command execution and a lot of test cases,
and same with dump_monitor().
Instead of trying for ever, count errors and after 5 stop trying
to dump_target() and dump_monitor() completely.
These help to end testing earlier when a test target is completely
deadlocked and all ssh, serial and QMP communication with it are
failing.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit d9ad0a055abba983c6cee1dca4d2f0a8a3c48782)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/utils/dump.py | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oeqa/utils/dump.py b/meta/lib/oeqa/utils/dump.py
index 95a79a571c..6fd5832051 100644
--- a/meta/lib/oeqa/utils/dump.py
+++ b/meta/lib/oeqa/utils/dump.py
@@ -91,37 +91,55 @@ class HostDumper(BaseDumper):
self._write_dump(cmd.split()[0], result.output)
class TargetDumper(BaseDumper):
- """ Class to get dumps from target, it only works with QemuRunner """
+ """ Class to get dumps from target, it only works with QemuRunner.
+ Will give up permanently after 5 errors from running commands over
+ serial console. This helps to end testing when target is really dead, hanging
+ or unresponsive.
+ """
def __init__(self, cmds, parent_dir, runner):
super(TargetDumper, self).__init__(cmds, parent_dir)
self.runner = runner
+ self.errors = 0
def dump_target(self, dump_dir=""):
+ if self.errors >= 5:
+ print("Too many errors when dumping data from target, assuming it is dead! Will not dump data anymore!")
+ return
if dump_dir:
self.dump_dir = dump_dir
for cmd in self.cmds:
# We can continue with the testing if serial commands fail
try:
(status, output) = self.runner.run_serial(cmd)
+ if status == 0:
+ self.errors = self.errors + 1
self._write_dump(cmd.split()[0], output)
except:
+ self.errors = self.errors + 1
print("Tried to dump info from target but "
"serial console failed")
print("Failed CMD: %s" % (cmd))
class MonitorDumper(BaseDumper):
- """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner """
+ """ Class to get dumps via the Qemu Monitor, it only works with QemuRunner
+ Will stop completely if there are more than 5 errors when dumping monitor data.
+ This helps to end testing when target is really dead, hanging or unresponsive.
+ """
def __init__(self, cmds, parent_dir, runner):
super(MonitorDumper, self).__init__(cmds, parent_dir)
self.runner = runner
+ self.errors = 0
def dump_monitor(self, dump_dir=""):
if self.runner is None:
return
if dump_dir:
self.dump_dir = dump_dir
+ if self.errors >= 5:
+ print("Too many errors when dumping data from qemu monitor, assuming it is dead! Will not dump data anymore!")
+ return
for cmd in self.cmds:
cmd_name = cmd.split()[0]
try:
@@ -135,4 +153,5 @@ class MonitorDumper(BaseDumper):
output = self.runner.run_monitor(cmd_name)
self._write_dump(cmd_name, output)
except Exception as e:
+ self.errors = self.errors + 1
print("Failed to dump QMP CMD: %s with\nException: %s" % (cmd_name, e))
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 20/23] oeqa qemurunner: read more data at a time from serial
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (18 preceding siblings ...)
2023-02-21 14:41 ` [OE-core][kirkstone 19/23] oeqa dump.py: add error counter and stop after 5 failures Steve Sakoman
@ 2023-02-21 14:41 ` Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 21/23] oeqa qemurunner.py: add timeout to QMP calls Steve Sakoman
` (2 subsequent siblings)
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:41 UTC (permalink / raw)
To: openembedded-core
From: Mikko Rapeli <mikko.rapeli@linaro.org>
Use a short sleep to bundle serial console reads so that
we are not reading one character at a time which reduces busy
looping.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit cafe65d8cf7544edbd387f7f5f6d77c64c6b18fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/utils/qemurunner.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py
index 9a99859388..fedabb189a 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -195,7 +195,7 @@ class QemuRunner:
qmp_file = "." + next(tempfile._get_candidate_names())
qmp_param = ' -S -qmp unix:./%s,server,wait' % (qmp_file)
qmp_port = self.tmpdir + "/" + qmp_file
- # Create a second socket connection for debugging use,
+ # Create a second socket connection for debugging use,
# note this will NOT cause qemu to block waiting for the connection
qmp_file2 = "." + next(tempfile._get_candidate_names())
qmp_param += ' -qmp unix:./%s,server,nowait' % (qmp_file2)
@@ -459,6 +459,8 @@ class QemuRunner:
socklist.remove(self.server_socket)
self.logger.debug("Connection from %s:%s" % addr)
else:
+ # try to avoid reading only a single character at a time
+ time.sleep(0.1)
data = data + sock.recv(1024)
if data:
bootlog += data
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 21/23] oeqa qemurunner.py: add timeout to QMP calls
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (19 preceding siblings ...)
2023-02-21 14:41 ` [OE-core][kirkstone 20/23] oeqa qemurunner: read more data at a time from serial Steve Sakoman
@ 2023-02-21 14:41 ` Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 22/23] oeqa qemurunner.py: try to avoid reading one character at a time Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 23/23] oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail Steve Sakoman
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:41 UTC (permalink / raw)
To: openembedded-core
From: Mikko Rapeli <mikko.rapeli@linaro.org>
When a qemu machine hangs, the QMP calls can hang for ever
too, and when this happens any failing test commands from ssh
runner may be followed by dump_monitor() calls which
then also hang. Hangs followed by hangs.
Use runqemutime at setup and run_monitor() specific timeout
for later calls.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 3a07bdf77dc6ecbf4c620b051dd032abaaf1e4ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/utils/qemurunner.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py
index fedabb189a..aa9e530f1b 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -342,6 +342,8 @@ class QemuRunner:
return False
try:
+ # set timeout value for all QMP calls
+ self.qmp.settimeout(self.runqemutime)
self.qmp.connect()
connect_time = time.time()
self.logger.info("QMP connected to QEMU at %s and took %s seconds" %
@@ -617,6 +619,7 @@ class QemuRunner:
def run_monitor(self, command, args=None, timeout=60):
if hasattr(self, 'qmp') and self.qmp:
+ self.qmp.settimeout(timeout)
if args is not None:
return self.qmp.cmd(command, args)
else:
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 22/23] oeqa qemurunner.py: try to avoid reading one character at a time
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (20 preceding siblings ...)
2023-02-21 14:41 ` [OE-core][kirkstone 21/23] oeqa qemurunner.py: add timeout to QMP calls Steve Sakoman
@ 2023-02-21 14:41 ` Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 23/23] oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail Steve Sakoman
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:41 UTC (permalink / raw)
To: openembedded-core
From: Mikko Rapeli <mikko.rapeli@linaro.org>
Read from serial console with a small delay to bundle data to e.g.
full lines. Reading one character at a time is not needed and causes
busy looping.
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 0049f6757f6f956fb4cc77b3df6a672c20b53cf4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/utils/qemurunner.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py
index aa9e530f1b..925d05a339 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -647,6 +647,8 @@ class QemuRunner:
except InterruptedError:
continue
if sread:
+ # try to avoid reading single character at a time
+ time.sleep(0.1)
answer = self.server_socket.recv(1024)
if answer:
data += answer.decode('utf-8')
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 23/23] oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
` (21 preceding siblings ...)
2023-02-21 14:41 ` [OE-core][kirkstone 22/23] oeqa qemurunner.py: try to avoid reading one character at a time Steve Sakoman
@ 2023-02-21 14:41 ` Steve Sakoman
22 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2023-02-21 14:41 UTC (permalink / raw)
To: openembedded-core
From: Alexandre Belloni <alexandre.belloni@bootlin.com>
bitbake's output changed, update the test
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7e64b63f96dd1d71e263e7bbbe6591e51e98395a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/bbtests.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/selftest/cases/bbtests.py b/meta/lib/oeqa/selftest/cases/bbtests.py
index cfac7afcf4..b42bbb651d 100644
--- a/meta/lib/oeqa/selftest/cases/bbtests.py
+++ b/meta/lib/oeqa/selftest/cases/bbtests.py
@@ -350,4 +350,4 @@ INHERIT:remove = \"report-error\"
self.write_config("DISTROOVERRIDES .= \":gitunpack-enable-recipe\"")
result = bitbake('gitunpackoffline-fail -c fetch', ignore_status=True)
- self.assertTrue("Recipe uses a floating tag/branch without a fixed SRCREV" in result.output, msg = "Recipe without PV set to SRCPV should have failed: %s" % result.output)
+ self.assertTrue(re.search("Recipe uses a floating tag/branch .* for repo .* without a fixed SRCREV yet doesn't call bb.fetch2.get_srcrev()", result.output), msg = "Recipe without PV set to SRCPV should have failed: %s" % result.output)
--
2.34.1
^ permalink raw reply related [flat|nested] 27+ messages in thread
* [OE-core][kirkstone 00/23] Patch review
@ 2024-05-09 12:04 Steve Sakoman
0 siblings, 0 replies; 27+ messages in thread
From: Steve Sakoman @ 2024-05-09 12:04 UTC (permalink / raw)
To: openembedded-core
Please review this set of changes for kirkstone and have comments back by
end of day Monday, May 13
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/6889
The following changes since commit 8a502301209ef144932ef5071c1a9b738db23270:
rootfs-postcommands.bbclass: Only set DROPBEAR_RSAKEY_DIR once (2024-04-26 06:15:55 -0700)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Archana Polampalli (4):
ofono: fix CVE-2023-4234
ofono: fix CVE-2023-4233
gstreamer1.0-plugins-bad: fix CVE-2024-0444
gstreamer1.0-plugins-bad: fix CVE-2023-44446
Bruce Ashfield (13):
linux-yocto/5.15: update to v5.15.151
linux-yocto/5.15: update CVE exclusions (5.15.151)
linux-yocto/5.15: update to v5.15.152
linux-yocto/5.15: update CVE exclusions (5.15.152)
linux-yocto/5.15: update to v5.15.153
linux-yocto/5.15: update CVE exclusions (5.15.153)
linux-yocto/5.15: update to v5.15.155
linux-yocto/5.15: update CVE exclusions (5.15.155)
linux-yocto/5.15: update to v5.15.156
linux-yocto/5.15: update CVE exclusions (5.15.156)
linux-yocto/5.15: update to v5.15.157
linux-yocto/5.15: update CVE exclusions (5.15.157)
linux-yocto/5.15: cfg: remove obselete CONFIG_NFSD_V3 option
Heiko (1):
kernel.bbclass: check, if directory exists before removing empty
module directory
Peter Marko (2):
python3: Upgrade 3.10.13 -> 3.10.14
libarchive: fix multiple security vulnerabilities in pax writer
Poonam Jadhav (1):
ppp: Add RSA-MD in LICENSE
Soumya Sambu (1):
ncurses: Fix CVE-2023-45918
Vijay Anusuri (1):
less: backport Debian patch for CVE-2024-32487
meta/classes/kernel.bbclass | 2 +-
.../ofono/ofono/CVE-2023-4233.patch | 32 +
.../ofono/ofono/CVE-2023-4234.patch | 39 +
meta/recipes-connectivity/ofono/ofono_1.34.bb | 2 +
meta/recipes-connectivity/ppp/ppp_2.4.9.bb | 2 +-
.../ncurses/files/CVE-2023-45918.patch | 180 +
.../ncurses/ncurses_6.3+20220423.bb | 1 +
...{python3_3.10.13.bb => python3_3.10.14.bb} | 2 +-
.../less/less/CVE-2024-32487.patch | 69 +
meta/recipes-extended/less/less_600.bb | 1 +
...ix-multiple-security-vulnerabilities.patch | 107 +
.../libarchive/libarchive_3.6.2.bb | 4 +-
.../linux/cve-exclusion_5.15.inc | 4508 ++++++++++++-----
.../linux/linux-yocto-rt_5.15.bb | 6 +-
.../linux/linux-yocto-tiny_5.15.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_5.15.bb | 26 +-
.../CVE-2023-44446.patch | 329 ++
.../CVE-2024-0444.patch | 42 +
.../gstreamer1.0-plugins-bad_1.20.7.bb | 2 +
19 files changed, 4007 insertions(+), 1353 deletions(-)
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4233.patch
create mode 100644 meta/recipes-connectivity/ofono/ofono/CVE-2023-4234.patch
create mode 100644 meta/recipes-core/ncurses/files/CVE-2023-45918.patch
rename meta/recipes-devtools/python/{python3_3.10.13.bb => python3_3.10.14.bb} (99%)
create mode 100644 meta/recipes-extended/less/less/CVE-2024-32487.patch
create mode 100644 meta/recipes-extended/libarchive/libarchive/0001-pax-writer-fix-multiple-security-vulnerabilities.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2023-44446.patch
create mode 100644 meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-bad/CVE-2024-0444.patch
--
2.34.1
^ permalink raw reply [flat|nested] 27+ messages in thread
end of thread, other threads:[~2024-05-09 12:05 UTC | newest]
Thread overview: 27+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-02-21 14:40 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 01/23] tar: CVE-2022-48303 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 02/23] diffutils: update 3.8 -> 3.9 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 03/23] lttng-tools: update 2.13.8 -> 2.13.9 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 04/23] apr: update 1.7.0 -> 1.7.2 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 05/23] apr-util: update 1.6.1 -> 1.6.3 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 06/23] bind: upgrade 9.18.10 -> 9.18.11 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 07/23] libjpeg-turbo: upgrade 2.1.4 -> 2.1.5 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 08/23] linux-firmware: upgrade 20221214 -> 20230117 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 09/23] git: upgrade 2.35.6 -> 2.35.7 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 10/23] sudo: upgrade 1.9.12p1 -> 1.9.12p2 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 11/23] libgit2: uprade 1.4.3 -> 1.4.4 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 12/23] libgit2: upgrade 1.4.4 -> 1.4.5 Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 13/23] qemu: fix compile error Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 14/23] update-alternatives: fix typos Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 15/23] image.bbclass: print all QA functions exceptions Steve Sakoman
2023-02-21 14:40 ` [OE-core][kirkstone 16/23] devshell: Do not add scripts/git-intercept to PATH Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 17/23] oeqa ssh.py: move output prints to new line Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 18/23] oeqa ssh.py: add connection keep alive options to ssh client Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 19/23] oeqa dump.py: add error counter and stop after 5 failures Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 20/23] oeqa qemurunner: read more data at a time from serial Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 21/23] oeqa qemurunner.py: add timeout to QMP calls Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 22/23] oeqa qemurunner.py: try to avoid reading one character at a time Steve Sakoman
2023-02-21 14:41 ` [OE-core][kirkstone 23/23] oeqa/selftest/bbtests: Update message lookup for test_git_unpack_nonetwork_fail Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2024-05-09 12:04 [OE-core][kirkstone 00/23] Patch review Steve Sakoman
2022-12-01 14:26 Steve Sakoman
2022-07-18 0:30 Steve Sakoman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox