* [OE-core][dunfell 01/11] git: fix CVE-2023-29007
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
@ 2023-05-20 16:04 ` Steve Sakoman
2023-05-20 16:04 ` [OE-core][dunfell 02/11] git: fix CVE-2023-25652 Steve Sakoman
` (9 subsequent siblings)
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:04 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8,
2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted
`.gitmodules` file with submodule URLs that are longer than 1024 characters can used
to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug
can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when
attempting to remove the configuration section associated with that submodule. When the
attacker injects configuration values which specify executables to run (such as
`core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code
execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8,
2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running
`git submodule deinit` on untrusted repositories or without prior inspection of any
submodule sections in `$GIT_DIR/config`.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-29007
Upstream patches:
https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8
https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a
https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d
https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../git/files/CVE-2023-29007.patch | 159 ++++++++++++++++++
meta/recipes-devtools/git/git.inc | 1 +
2 files changed, 160 insertions(+)
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-29007.patch
diff --git a/meta/recipes-devtools/git/files/CVE-2023-29007.patch b/meta/recipes-devtools/git/files/CVE-2023-29007.patch
new file mode 100644
index 0000000000..e166c01412
--- /dev/null
+++ b/meta/recipes-devtools/git/files/CVE-2023-29007.patch
@@ -0,0 +1,159 @@
+From 057c07a7b1fae22fdeef26c243f4cfbe3afc90ce Mon Sep 17 00:00:00 2001
+From: Taylor Blau <me@ttaylorr.com>
+Date: Fri, 14 Apr 2023 11:46:59 -0400
+Subject: [PATCH] Merge branch 'tb/config-copy-or-rename-in-file-injection'
+
+Avoids issues with renaming or deleting sections with long lines, where
+configuration values may be interpreted as sections, leading to
+configuration injection. Addresses CVE-2023-29007.
+
+* tb/config-copy-or-rename-in-file-injection:
+ config.c: disallow overly-long lines in `copy_or_rename_section_in_file()`
+ config.c: avoid integer truncation in `copy_or_rename_section_in_file()`
+ config: avoid fixed-sized buffer when renaming/deleting a section
+ t1300: demonstrate failure when renaming sections with long lines
+
+Signed-off-by: Taylor Blau <me@ttaylorr.com>
+
+Upstream-Status: Backport [https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4]
+CVE: CVE-2023-29007
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ config.c | 36 +++++++++++++++++++++++++-----------
+ t/t1300-config.sh | 30 ++++++++++++++++++++++++++++++
+ 2 files changed, 55 insertions(+), 11 deletions(-)
+
+diff --git a/config.c b/config.c
+index e7052b3..676b687 100644
+--- a/config.c
++++ b/config.c
+@@ -2987,9 +2987,10 @@ void git_config_set_multivar(const char *key, const char *value,
+ multi_replace);
+ }
+
+-static int section_name_match (const char *buf, const char *name)
++static size_t section_name_match (const char *buf, const char *name)
+ {
+- int i = 0, j = 0, dot = 0;
++ size_t i = 0, j = 0;
++ int dot = 0;
+ if (buf[i] != '[')
+ return 0;
+ for (i = 1; buf[i] && buf[i] != ']'; i++) {
+@@ -3042,6 +3043,8 @@ static int section_name_is_ok(const char *name)
+ return 1;
+ }
+
++#define GIT_CONFIG_MAX_LINE_LEN (512 * 1024)
++
+ /* if new_name == NULL, the section is removed instead */
+ static int git_config_copy_or_rename_section_in_file(const char *config_filename,
+ const char *old_name,
+@@ -3051,11 +3054,12 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ char *filename_buf = NULL;
+ struct lock_file lock = LOCK_INIT;
+ int out_fd;
+- char buf[1024];
++ struct strbuf buf = STRBUF_INIT;
+ FILE *config_file = NULL;
+ struct stat st;
+ struct strbuf copystr = STRBUF_INIT;
+ struct config_store_data store;
++ uint32_t line_nr = 0;
+
+ memset(&store, 0, sizeof(store));
+
+@@ -3092,16 +3096,25 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ goto out;
+ }
+
+- while (fgets(buf, sizeof(buf), config_file)) {
+- int i;
+- int length;
++ while (!strbuf_getwholeline(&buf, config_file, '\n')) {
++ size_t i, length;
+ int is_section = 0;
+- char *output = buf;
+- for (i = 0; buf[i] && isspace(buf[i]); i++)
++ char *output = buf.buf;
++
++ line_nr++;
++
++ if (buf.len >= GIT_CONFIG_MAX_LINE_LEN) {
++ ret = error(_("refusing to work with overly long line "
++ "in '%s' on line %"PRIuMAX),
++ config_filename, (uintmax_t)line_nr);
++ goto out;
++ }
++
++ for (i = 0; buf.buf[i] && isspace(buf.buf[i]); i++)
+ ; /* do nothing */
+- if (buf[i] == '[') {
++ if (buf.buf[i] == '[') {
+ /* it's a section */
+- int offset;
++ size_t offset;
+ is_section = 1;
+
+ /*
+@@ -3118,7 +3131,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ strbuf_reset(©str);
+ }
+
+- offset = section_name_match(&buf[i], old_name);
++ offset = section_name_match(&buf.buf[i], old_name);
+ if (offset > 0) {
+ ret++;
+ if (new_name == NULL) {
+@@ -3193,6 +3206,7 @@ static int git_config_copy_or_rename_section_in_file(const char *config_filename
+ out_no_rollback:
+ free(filename_buf);
+ config_store_data_clear(&store);
++ strbuf_release(&buf);
+ return ret;
+ }
+
+diff --git a/t/t1300-config.sh b/t/t1300-config.sh
+index 983a0a1..9b67f6b 100755
+--- a/t/t1300-config.sh
++++ b/t/t1300-config.sh
+@@ -616,6 +616,36 @@ test_expect_success 'renaming to bogus section is rejected' '
+ test_must_fail git config --rename-section branch.zwei "bogus name"
+ '
+
++test_expect_success 'renaming a section with a long line' '
++ {
++ printf "[b]\\n" &&
++ printf " c = d %1024s [a] e = f\\n" " " &&
++ printf "[a] g = h\\n"
++ } >y &&
++ git config -f y --rename-section a xyz &&
++ test_must_fail git config -f y b.e
++'
++
++test_expect_success 'renaming an embedded section with a long line' '
++ {
++ printf "[b]\\n" &&
++ printf " c = d %1024s [a] [foo] e = f\\n" " " &&
++ printf "[a] g = h\\n"
++ } >y &&
++ git config -f y --rename-section a xyz &&
++ test_must_fail git config -f y foo.e
++'
++
++test_expect_success 'renaming a section with an overly-long line' '
++ {
++ printf "[b]\\n" &&
++ printf " c = d %525000s e" " " &&
++ printf "[a] g = h\\n"
++ } >y &&
++ test_must_fail git config -f y --rename-section a xyz 2>err &&
++ test_i18ngrep "refusing to work with overly long line in .y. on line 2" err
++'
++
+ cat >> .git/config << EOF
+ [branch "zwei"] a = 1 [branch "vier"]
+ EOF
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc
index 36318eed20..8b864053eb 100644
--- a/meta/recipes-devtools/git/git.inc
+++ b/meta/recipes-devtools/git/git.inc
@@ -28,6 +28,7 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
file://CVE-2023-22490-2.patch \
file://CVE-2023-22490-3.patch \
file://CVE-2023-23946.patch \
+ file://CVE-2023-29007.patch \
"
S = "${WORKDIR}/git-${PV}"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 02/11] git: fix CVE-2023-25652
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
2023-05-20 16:04 ` [OE-core][dunfell 01/11] git: fix CVE-2023-29007 Steve Sakoman
@ 2023-05-20 16:04 ` Steve Sakoman
2023-05-20 16:04 ` [OE-core][dunfell 03/11] curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled Steve Sakoman
` (8 subsequent siblings)
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:04 UTC (permalink / raw)
To: openembedded-core
From: Hitendra Prajapati <hprajapati@mvista.com>
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7,
2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding
specially crafted input to `git apply --reject`, a path outside the working
tree can be overwritten with partially controlled contents (corresponding to
the rejected hunk(s) from the given patch). A fix is available in versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,
and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying
patches from an untrusted source. Use `git apply --stat` to inspect a patch before
applying; avoid applying one that create a conflict where a link corresponding to
the `*.rej` file exists.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-25652
Upstream-Status: Backport from https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../git/files/CVE-2023-25652.patch | 94 +++++++++++++++++++
meta/recipes-devtools/git/git.inc | 1 +
2 files changed, 95 insertions(+)
create mode 100644 meta/recipes-devtools/git/files/CVE-2023-25652.patch
diff --git a/meta/recipes-devtools/git/files/CVE-2023-25652.patch b/meta/recipes-devtools/git/files/CVE-2023-25652.patch
new file mode 100644
index 0000000000..d6b17a2b8a
--- /dev/null
+++ b/meta/recipes-devtools/git/files/CVE-2023-25652.patch
@@ -0,0 +1,94 @@
+From 9db05711c98efc14f414d4c87135a34c13586e0b Mon Sep 17 00:00:00 2001
+From: Johannes Schindelin <johannes.schindelin@gmx.de>
+Date: Thu, 9 Mar 2023 16:02:54 +0100
+Subject: [PATCH] apply --reject: overwrite existing `.rej` symlink if it
+ exists
+
+The `git apply --reject` is expected to write out `.rej` files in case
+one or more hunks fail to apply cleanly. Historically, the command
+overwrites any existing `.rej` files. The idea being that
+apply/reject/edit cycles are relatively common, and the generated `.rej`
+files are not considered precious.
+
+But the command does not overwrite existing `.rej` symbolic links, and
+instead follows them. This is unsafe because the same patch could
+potentially create such a symbolic link and point at arbitrary paths
+outside the current worktree, and `git apply` would write the contents
+of the `.rej` file into that location.
+
+Therefore, let's make sure that any existing `.rej` file or symbolic
+link is removed before writing it.
+
+Reported-by: RyotaK <ryotak.mail@gmail.com>
+Helped-by: Taylor Blau <me@ttaylorr.com>
+Helped-by: Junio C Hamano <gitster@pobox.com>
+Helped-by: Linus Torvalds <torvalds@linuxfoundation.org>
+Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
+
+Upstream-Status: Backport [https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b]
+CVE: CVE-2023-25652
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ apply.c | 14 ++++++++++++--
+ t/t4115-apply-symlink.sh | 15 +++++++++++++++
+ 2 files changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/apply.c b/apply.c
+index 4f303bf..aa7111d 100644
+--- a/apply.c
++++ b/apply.c
+@@ -4531,7 +4531,7 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+ FILE *rej;
+ char namebuf[PATH_MAX];
+ struct fragment *frag;
+- int cnt = 0;
++ int fd, cnt = 0;
+ struct strbuf sb = STRBUF_INIT;
+
+ for (cnt = 0, frag = patch->fragments; frag; frag = frag->next) {
+@@ -4571,7 +4571,17 @@ static int write_out_one_reject(struct apply_state *state, struct patch *patch)
+ memcpy(namebuf, patch->new_name, cnt);
+ memcpy(namebuf + cnt, ".rej", 5);
+
+- rej = fopen(namebuf, "w");
++ fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++ if (fd < 0) {
++ if (errno != EEXIST)
++ return error_errno(_("cannot open %s"), namebuf);
++ if (unlink(namebuf))
++ return error_errno(_("cannot unlink '%s'"), namebuf);
++ fd = open(namebuf, O_CREAT | O_EXCL | O_WRONLY, 0666);
++ if (fd < 0)
++ return error_errno(_("cannot open %s"), namebuf);
++ }
++ rej = fdopen(fd, "w");
+ if (!rej)
+ return error_errno(_("cannot open %s"), namebuf);
+
+diff --git a/t/t4115-apply-symlink.sh b/t/t4115-apply-symlink.sh
+index 1acb7b2..2b034ff 100755
+--- a/t/t4115-apply-symlink.sh
++++ b/t/t4115-apply-symlink.sh
+@@ -125,4 +125,19 @@ test_expect_success SYMLINKS 'symlink escape when deleting file' '
+ test_path_is_file .git/delete-me
+ '
+
++test_expect_success SYMLINKS '--reject removes .rej symlink if it exists' '
++ test_when_finished "git reset --hard && git clean -dfx" &&
++
++ test_commit file &&
++ echo modified >file.t &&
++ git diff -- file.t >patch &&
++ echo modified-again >file.t &&
++
++ ln -s foo file.t.rej &&
++ test_must_fail git apply patch --reject 2>err &&
++ test_i18ngrep "Rejected hunk" err &&
++ test_path_is_missing foo &&
++ test_path_is_file file.t.rej
++'
++
+ test_done
+--
+2.25.1
+
diff --git a/meta/recipes-devtools/git/git.inc b/meta/recipes-devtools/git/git.inc
index 8b864053eb..e64472ea28 100644
--- a/meta/recipes-devtools/git/git.inc
+++ b/meta/recipes-devtools/git/git.inc
@@ -29,6 +29,7 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \
file://CVE-2023-22490-3.patch \
file://CVE-2023-23946.patch \
file://CVE-2023-29007.patch \
+ file://CVE-2023-25652.patch \
"
S = "${WORKDIR}/git-${PV}"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 03/11] curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
2023-05-20 16:04 ` [OE-core][dunfell 01/11] git: fix CVE-2023-29007 Steve Sakoman
2023-05-20 16:04 ` [OE-core][dunfell 02/11] git: fix CVE-2023-25652 Steve Sakoman
@ 2023-05-20 16:04 ` Steve Sakoman
2023-05-20 16:05 ` [OE-core][dunfell 04/11] pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE Steve Sakoman
` (7 subsequent siblings)
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:04 UTC (permalink / raw)
To: openembedded-core
From: Siddharth <sdoshi@mvista.com>
The upstream patch for CVE-2023-27534 does three things:
1) creates new path with dynbuf(dynamic buffer)
2) solves the tilde error which causes CVE-2023-27534
3) modifies the below added functionality to not add a trailing "/" to the user home dir if it already ends with one with dynbuf.
dynbuf functionalities are added in curl in later versions and are not essential to fix the vulnerability but does add extra feature in later versions.
This patch completes the 3rd task of the patch which was implemented without using dynbuf
Upstream-Status: Backport from [https://github.com/curl/curl/commit/6c51adeb71da076c5c40a45e339e06bb4394a86b]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../curl/curl/CVE-2023-27534-pre1.patch | 51 ++++++++
.../curl/curl/CVE-2023-27534.patch | 122 +++---------------
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
3 files changed, 68 insertions(+), 106 deletions(-)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch b/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch
new file mode 100644
index 0000000000..46c57afb73
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2023-27534-pre1.patch
@@ -0,0 +1,51 @@
+From 6c51adeb71da076c5c40a45e339e06bb4394a86b Mon Sep 17 00:00:00 2001
+From: Eric Vigeant <evigeant@gmail.com>
+Date: Wed, 2 Nov 2022 11:47:09 -0400
+Subject: [PATCH] cur_path: do not add '/' if homedir ends with one
+
+When using SFTP and a path relative to the user home, do not add a
+trailing '/' to the user home dir if it already ends with one.
+
+Closes #9844
+
+CVE: CVE-2023-27534
+Note:
+- The upstream patch for CVE-2023-27534 does three things:
+1) creates new path with dynbuf(dynamic buffer)
+2) solves the tilde error which causes CVE-2023-27534
+3) modifies the below added functionality to not add a trailing "/" to the user home dir if it already ends with one with dynbuf.
+- dynbuf functionalities are added in curl in later versions and are not essential to fix the vulnerability but does add extra feature in later versions.
+- This patch completes the 3rd task of the patch which was implemented without using dynbuf
+Upstream-Status: Backport from [https://github.com/curl/curl/commit/6c51adeb71da076c5c40a45e339e06bb4394a86b]
+
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
+---
+ lib/curl_path.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/lib/curl_path.c b/lib/curl_path.c
+index f429634..40b92ee 100644
+--- a/lib/curl_path.c
++++ b/lib/curl_path.c
+@@ -70,10 +70,14 @@ CURLcode Curl_getworkingpath(struct connectdata *conn,
+ /* It is referenced to the home directory, so strip the
+ leading '/' */
+ memcpy(real_path, homedir, homelen);
+- real_path[homelen] = '/';
+- real_path[homelen + 1] = '\0';
++ /* Only add a trailing '/' if homedir does not end with one */
++ if(homelen == 0 || real_path[homelen - 1] != '/') {
++ real_path[homelen] = '/';
++ homelen++;
++ real_path[homelen] = '\0';
++ }
+ if(working_path_len > 3) {
+- memcpy(real_path + homelen + 1, working_path + 3,
++ memcpy(real_path + homelen, working_path + 3,
+ 1 + working_path_len -3);
+ }
+ }
+--
+2.24.4
+
diff --git a/meta/recipes-support/curl/curl/CVE-2023-27534.patch b/meta/recipes-support/curl/curl/CVE-2023-27534.patch
index aeeffd5fea..3ecd181290 100644
--- a/meta/recipes-support/curl/curl/CVE-2023-27534.patch
+++ b/meta/recipes-support/curl/curl/CVE-2023-27534.patch
@@ -3,121 +3,31 @@ From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 9 Mar 2023 16:22:11 +0100
Subject: [PATCH] curl_path: create the new path with dynbuf
+Closes #10729
+
CVE: CVE-2023-27534
-Upstream-Status: Backport [https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6]
+Note: This patch is needed to backport CVE-2023-27534
+Upstream-Status: Backport from [https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6]
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
- lib/curl_path.c | 71 ++++++++++++++++++++++++-------------------------
- 1 file changed, 35 insertions(+), 36 deletions(-)
+ lib/curl_path.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/curl_path.c b/lib/curl_path.c
-index f429634..e17db4b 100644
+index 40b92ee..598c5dd 100644
--- a/lib/curl_path.c
+++ b/lib/curl_path.c
-@@ -30,6 +30,8 @@
- #include "escape.h"
- #include "memdebug.h"
-
-+#define MAX_SSHPATH_LEN 100000 /* arbitrary */
-+
- /* figure out the path to work with in this particular request */
- CURLcode Curl_getworkingpath(struct connectdata *conn,
- char *homedir, /* when SFTP is used */
-@@ -37,60 +39,57 @@ CURLcode Curl_getworkingpath(struct connectdata *conn,
- real path to work with */
- {
- struct Curl_easy *data = conn->data;
-- char *real_path = NULL;
- char *working_path;
- size_t working_path_len;
-+ struct dynbuf npath;
- CURLcode result =
- Curl_urldecode(data, data->state.up.path, 0, &working_path,
- &working_path_len, FALSE);
- if(result)
- return result;
-
-+ /* new path to switch to in case we need to */
-+ Curl_dyn_init(&npath, MAX_SSHPATH_LEN);
-+
- /* Check for /~/, indicating relative to the user's home directory */
-- if(conn->handler->protocol & CURLPROTO_SCP) {
-- real_path = malloc(working_path_len + 1);
-- if(real_path == NULL) {
-+ if((data->conn->handler->protocol & CURLPROTO_SCP) &&
-+ (working_path_len > 3) && (!memcmp(working_path, "/~/", 3))) {
-+ /* It is referenced to the home directory, so strip the leading '/~/' */
-+ if(Curl_dyn_addn(&npath, &working_path[3], working_path_len - 3)) {
- free(working_path);
- return CURLE_OUT_OF_MEMORY;
- }
-- if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
-- /* It is referenced to the home directory, so strip the leading '/~/' */
-- memcpy(real_path, working_path + 3, working_path_len - 2);
-- else
-- memcpy(real_path, working_path, 1 + working_path_len);
+@@ -60,7 +60,7 @@ CURLcode Curl_getworkingpath(struct connectdata *conn,
+ memcpy(real_path, working_path, 1 + working_path_len);
}
-- else if(conn->handler->protocol & CURLPROTO_SFTP) {
+ else if(conn->handler->protocol & CURLPROTO_SFTP) {
- if((working_path_len > 1) && (working_path[1] == '~')) {
-- size_t homelen = strlen(homedir);
-- real_path = malloc(homelen + working_path_len + 1);
-- if(real_path == NULL) {
-- free(working_path);
-- return CURLE_OUT_OF_MEMORY;
-- }
-- /* It is referenced to the home directory, so strip the
-- leading '/' */
-- memcpy(real_path, homedir, homelen);
-- real_path[homelen] = '/';
-- real_path[homelen + 1] = '\0';
-- if(working_path_len > 3) {
-- memcpy(real_path + homelen + 1, working_path + 3,
-- 1 + working_path_len -3);
-- }
-+ else if((data->conn->handler->protocol & CURLPROTO_SFTP) &&
-+ (working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
-+ size_t len;
-+ const char *p;
-+ int copyfrom = 3;
-+ if(Curl_dyn_add(&npath, homedir)) {
-+ free(working_path);
-+ return CURLE_OUT_OF_MEMORY;
- }
-- else {
-- real_path = malloc(working_path_len + 1);
-- if(real_path == NULL) {
-- free(working_path);
-- return CURLE_OUT_OF_MEMORY;
-- }
-- memcpy(real_path, working_path, 1 + working_path_len);
-+ /* Copy a separating '/' if homedir does not end with one */
-+ len = Curl_dyn_len(&npath);
-+ p = Curl_dyn_ptr(&npath);
-+ if(len && (p[len-1] != '/'))
-+ copyfrom = 2;
-+
-+ if(Curl_dyn_addn(&npath,
-+ &working_path[copyfrom], working_path_len - copyfrom)) {
-+ free(working_path);
-+ return CURLE_OUT_OF_MEMORY;
- }
- }
-
-- free(working_path);
-+ if(Curl_dyn_len(&npath)) {
-+ free(working_path);
-
-- /* store the pointer for the caller to receive */
-- *path = real_path;
-+ /* store the pointer for the caller to receive */
-+ *path = Curl_dyn_ptr(&npath);
-+ }
-+ else
-+ *path = working_path;
-
- return CURLE_OK;
- }
++ if((working_path_len > 2) && !memcmp(working_path, "/~/", 3)) {
+ size_t homelen = strlen(homedir);
+ real_path = malloc(homelen + working_path_len + 1);
+ if(real_path == NULL) {
--
-2.25.1
+2.24.4
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index 32d18ddb3a..13ec117099 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -43,6 +43,7 @@ SRC_URI = "https://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://CVE-2022-35260.patch \
file://CVE-2022-43552.patch \
file://CVE-2023-23916.patch \
+ file://CVE-2023-27534-pre1.patch \
file://CVE-2023-27534.patch \
file://CVE-2023-27538.patch \
file://CVE-2023-27533.patch \
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 04/11] pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
` (2 preceding siblings ...)
2023-05-20 16:04 ` [OE-core][dunfell 03/11] curl: ammend fix for CVE-2023-27534 to fix error when ssh is enabled Steve Sakoman
@ 2023-05-20 16:05 ` Steve Sakoman
2023-05-20 16:05 ` [OE-core][dunfell 05/11] linux-firmware: upgrade 20230210 -> 20230404 Steve Sakoman
` (6 subsequent siblings)
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:05 UTC (permalink / raw)
To: openembedded-core
From: Alex Kiernan <alex.kiernan@gmail.com>
The CVE product name for PyPI packages is (usually) the same as the PyPI
package name (and not our recipe name), so use that as the default.
Signed-off-by: Alex Kiernan <alexk@zuma.ai>
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61f6b0ad09bf87cdc2d3f08770b7c44cad1d0e58)
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/pypi.bbclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/classes/pypi.bbclass b/meta/classes/pypi.bbclass
index 87b4c85fc0..c68367449a 100644
--- a/meta/classes/pypi.bbclass
+++ b/meta/classes/pypi.bbclass
@@ -24,3 +24,5 @@ S = "${WORKDIR}/${PYPI_PACKAGE}-${PV}"
UPSTREAM_CHECK_URI ?= "https://pypi.org/project/${PYPI_PACKAGE}/"
UPSTREAM_CHECK_REGEX ?= "/${PYPI_PACKAGE}/(?P<pver>(\d+[\.\-_]*)+)/"
+
+CVE_PRODUCT ?= "python:${PYPI_PACKAGE}"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 05/11] linux-firmware: upgrade 20230210 -> 20230404
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
` (3 preceding siblings ...)
2023-05-20 16:05 ` [OE-core][dunfell 04/11] pypi.bbclass: Set CVE_PRODUCT to PYPI_PACKAGE Steve Sakoman
@ 2023-05-20 16:05 ` Steve Sakoman
2023-05-20 16:05 ` [OE-core][dunfell 06/11] cpio: Fix wrong CRC with ASCII CRC for large files Steve Sakoman
` (5 subsequent siblings)
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:05 UTC (permalink / raw)
To: openembedded-core
From: Dmitry Baryshkov <dbaryshkov@gmail.com>
The LICENCE.qat_firmware license file was updated to reflect Intel
licensing (it removed a term regarding patent licenses).
License-Update: additional files
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit fd43b59ab32e2115fcda7ad63d3a5ccc2683c7d5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...inux-firmware_20230210.bb => linux-firmware_20230404.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230210.bb => linux-firmware_20230404.bb} (99%)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
index fb1ea61906..9ac70b2a3a 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230210.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20230404.bb
@@ -108,7 +108,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.OLPC;md5=5b917f9d8c061991be4f6f5f108719cd \
file://LICENCE.open-ath9k-htc-firmware;md5=1b33c9f4d17bc4d457bdb23727046837 \
file://LICENCE.phanfw;md5=954dcec0e051f9409812b561ea743bfa \
- file://LICENCE.qat_firmware;md5=9e7d8bea77612d7cc7d9e9b54b623062 \
+ file://LICENCE.qat_firmware;md5=72de83dfd9b87be7685ed099a39fbea4 \
file://LICENSE.qcom;md5=164e3362a538eb11d3ac51e8e134294b \
file://LICENSE.qcom_yamato;md5=d0de0eeccaf1843a850bf7a6777eec5c \
file://LICENCE.qla1280;md5=d6895732e622d950609093223a2c4f5d \
@@ -134,7 +134,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
"
# WHENCE checksum is defined separately to ease overriding it if
# class-devupstream is selected.
-WHENCE_CHKSUM = "aadb3cccbde1e53fc244a409e9bd5a22"
+WHENCE_CHKSUM = "0782deea054d4b1b7f10c92c3a245da4"
# These are not common licenses, set NO_GENERIC_LICENSE for them
# so that the license files will be copied from fetched source
@@ -212,7 +212,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
# Pin this to the 20220509 release, override this in local.conf
SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
-SRC_URI[sha256sum] = "6e3d9e8d52cffc4ec0dbe8533a8445328e0524a20f159a5b61c2706f983ce38a"
+SRC_URI[sha256sum] = "c3f9ad2bb5311cce2490f37a8052f836703d6936aabd840246b6576f1f71f607"
inherit allarch
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 06/11] cpio: Fix wrong CRC with ASCII CRC for large files
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
` (4 preceding siblings ...)
2023-05-20 16:05 ` [OE-core][dunfell 05/11] linux-firmware: upgrade 20230210 -> 20230404 Steve Sakoman
@ 2023-05-20 16:05 ` Steve Sakoman
2023-05-20 16:05 ` [OE-core][dunfell 07/11] perf: Depend on native setuptools3 Steve Sakoman
` (4 subsequent siblings)
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:05 UTC (permalink / raw)
To: openembedded-core
From: Marek Vasut <marex@denx.de>
Due to signedness, the checksum is not computed when filesize is bigger
a 2GB. Pick a fix for this problem from CPIO ML, where the fix has been
posted for 5 years. Since CPIO upstream is effectively unresponsive and
any and all attempts to communicate with the maintainer and get the fix
applied upstream failed, add the fix here instead.
(From OE-Core rev: bfff138af4bdd356ac66571e6ad91c1a5599b935)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...g-CRC-with-ASCII-CRC-for-large-files.patch | 39 +++++++++++++++++++
meta/recipes-extended/cpio/cpio_2.13.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
diff --git a/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch b/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
new file mode 100644
index 0000000000..4b96e4316c
--- /dev/null
+++ b/meta/recipes-extended/cpio/cpio-2.13/0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch
@@ -0,0 +1,39 @@
+From 77ff5f1be394eb2c786df561ff37dde7f982ec76 Mon Sep 17 00:00:00 2001
+From: Stefano Babic <sbabic@denx.de>
+Date: Fri, 28 Jul 2017 13:20:52 +0200
+Subject: [PATCH] Wrong CRC with ASCII CRC for large files
+
+Due to signedness, the checksum is not computed when filesize is bigger
+a 2GB.
+
+Upstream-Status: Submitted [https://lists.gnu.org/archive/html/bug-cpio/2017-07/msg00004.html]
+Signed-off-by: Stefano Babic <sbabic@denx.de>
+---
+ src/copyout.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/copyout.c b/src/copyout.c
+index 1f0987a..727aeca 100644
+--- a/src/copyout.c
++++ b/src/copyout.c
+@@ -34,13 +34,13 @@
+ compute and return a checksum for them. */
+
+ static uint32_t
+-read_for_checksum (int in_file_des, int file_size, char *file_name)
++read_for_checksum (int in_file_des, unsigned int file_size, char *file_name)
+ {
+ uint32_t crc;
+ char buf[BUFSIZ];
+- int bytes_left;
+- int bytes_read;
+- int i;
++ unsigned int bytes_left;
++ unsigned int bytes_read;
++ unsigned int i;
+
+ crc = 0;
+
+--
+2.7.4
+
diff --git a/meta/recipes-extended/cpio/cpio_2.13.bb b/meta/recipes-extended/cpio/cpio_2.13.bb
index 7c8a465cd0..86527da744 100644
--- a/meta/recipes-extended/cpio/cpio_2.13.bb
+++ b/meta/recipes-extended/cpio/cpio_2.13.bb
@@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/cpio/cpio-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
file://0002-src-global.c-Remove-superfluous-declaration-of-progr.patch \
file://CVE-2021-38185.patch \
+ file://0001-Wrong-CRC-with-ASCII-CRC-for-large-files.patch \
"
SRC_URI[md5sum] = "389c5452d667c23b5eceb206f5000810"
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 07/11] perf: Depend on native setuptools3
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
` (5 preceding siblings ...)
2023-05-20 16:05 ` [OE-core][dunfell 06/11] cpio: Fix wrong CRC with ASCII CRC for large files Steve Sakoman
@ 2023-05-20 16:05 ` Steve Sakoman
2023-05-20 16:05 ` [OE-core][dunfell 08/11] wic/bootimg-efi: if fixed-size is set then use that for mkdosfs Steve Sakoman
` (3 subsequent siblings)
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:05 UTC (permalink / raw)
To: openembedded-core
From: Khem Raj <raj.khem@gmail.com>
perf has need for python setuptools when scripting is enabled
from 6.0.0 onwards it seems to throw an explicit error
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit da3d00178809bbf7cc453401e0c5937796ebc2c1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/perf/perf.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb
index 9c9bf1647f..91bf648caa 100644
--- a/meta/recipes-kernel/perf/perf.bb
+++ b/meta/recipes-kernel/perf/perf.bb
@@ -13,7 +13,7 @@ PR = "r9"
PACKAGECONFIG ??= "scripting tui libunwind"
PACKAGECONFIG[dwarf] = ",NO_DWARF=1"
-PACKAGECONFIG[scripting] = ",NO_LIBPERL=1 NO_LIBPYTHON=1,perl python3"
+PACKAGECONFIG[scripting] = ",NO_LIBPERL=1 NO_LIBPYTHON=1,perl python3 python3-setuptools-native"
# gui support was added with kernel 3.6.35
# since 3.10 libnewt was replaced by slang
# to cover a wide range of kernel we add both dependencies
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 08/11] wic/bootimg-efi: if fixed-size is set then use that for mkdosfs
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
` (6 preceding siblings ...)
2023-05-20 16:05 ` [OE-core][dunfell 07/11] perf: Depend on native setuptools3 Steve Sakoman
@ 2023-05-20 16:05 ` Steve Sakoman
2023-05-20 16:05 ` [OE-core][dunfell 09/11] populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override Steve Sakoman
` (2 subsequent siblings)
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:05 UTC (permalink / raw)
To: openembedded-core
From: Randolph Sapp <rs@ti.com>
This is a bit of a compatibility issue more than anything. Some devices
get upset if the FAT file system contains less blocks than the
partition.
The fixed-size argument is currently respected by the partition creation
step but not by the file system creation step. Let's make it so the file
system respects this value as well.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit d16301ccdfb97bf126738262eec594008c282df1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/wic/plugins/source/bootimg-efi.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/scripts/lib/wic/plugins/source/bootimg-efi.py b/scripts/lib/wic/plugins/source/bootimg-efi.py
index 2cfdc10ecd..05e8471116 100644
--- a/scripts/lib/wic/plugins/source/bootimg-efi.py
+++ b/scripts/lib/wic/plugins/source/bootimg-efi.py
@@ -277,6 +277,13 @@ class BootimgEFIPlugin(SourcePlugin):
logger.debug("Added %d extra blocks to %s to get to %d total blocks",
extra_blocks, part.mountpoint, blocks)
+ # required for compatibility with certain devices expecting file system
+ # block count to be equal to partition block count
+ if blocks < part.fixed_size:
+ blocks = part.fixed_size
+ logger.debug("Overriding %s to %d total blocks for compatibility",
+ part.mountpoint, blocks)
+
# dosfs image, created by mkdosfs
bootimg = "%s/boot.img" % cr_workdir
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 09/11] populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
` (7 preceding siblings ...)
2023-05-20 16:05 ` [OE-core][dunfell 08/11] wic/bootimg-efi: if fixed-size is set then use that for mkdosfs Steve Sakoman
@ 2023-05-20 16:05 ` Steve Sakoman
2023-05-20 16:05 ` [OE-core][dunfell 10/11] oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set Steve Sakoman
2023-05-20 16:05 ` [OE-core][dunfell 11/11] selftest: skip virgl test on ubuntu 22.10, fedora 37, and all rocky Steve Sakoman
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:05 UTC (permalink / raw)
To: openembedded-core
From: Martin Jansa <Martin.Jansa@gmail.com>
* otherwise it ends '<unknown>' inside esdk, because of parsing order:
# $METADATA_REVISION [3 operations]
# set /OE/build/test-D/conf/local.conf:43
# "f2da54ef432eac89b0f18eaad68e602b6990b5de"
# immediate /OE/build/test-D/layers/poky/meta/classes/metadata_scm.bbclass:9
# "${@oe.buildcfg.detect_revision(d)}"
# set /OE/build/test-D/layers/poky/meta/classes/metadata_scm.bbclass:10
# [vardepvalue] "${METADATA_REVISION}"
# pre-expansion value:
# "<unknown>"
METADATA_REVISION="<unknown>"
* This causes base-files.do_install and following tasks to have different
signatures between esdk and the build directory where this esdk was created:
bitbake-diffsigs {test-D,poky/build-uninative-disabled}/tmp/stamps/qemux86_64-poky-linux/base-files/*do_install*sigdata*
NOTE: Starting bitbake server...
basehash changed from 5b6981cf58bfd57d416b0e31611b73a26baae635dd1ac31c08d46f95064c3ffc to dbdce042da4d7813d632b6d1cc87a16f728ad20e55fecbc392830e6acf72babd
Variable METADATA_REVISION value changed from '<unknown>' to 'f2da54ef432eac89b0f18eaad68e602b6990b5de'
and an warning from "python3 /OE/build/test-D/ext-sdk-prepare.py" when eSDK is being prepared for use:
WARNING: The base-files:do_install sig is computed to be 83b9c9a6ef1145baac5a1e0d08814b9156af239c58fc42df95c25a9cd8a7f201,
but the sig is locked to 3dc22233059075978e5503691e98e79e7cc60db94259dfcd886bca2291c0add7 in SIGGEN_LOCKEDSIGS_t-qemux86-64
[RP: Add commit about why we need the override for future reference]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 675ea7281c17f77bf5dea17cfd4d9da0928382a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/populate_sdk_ext.bbclass | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index a43ff3fb32..1bdfd92847 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -363,7 +363,8 @@ python copy_buildsystem () {
f.write('BUILDCFG_HEADER = ""\n\n')
# Write METADATA_REVISION
- f.write('METADATA_REVISION = "%s"\n\n' % d.getVar('METADATA_REVISION'))
+ # Needs distro override so it can override the value set in the bbclass code (later than local.conf)
+ f.write('METADATA_REVISION:%s = "%s"\n\n' % (d.getVar('DISTRO'), d.getVar('METADATA_REVISION')))
f.write('# Provide a flag to indicate we are in the EXT_SDK Context\n')
f.write('WITHIN_EXT_SDK = "1"\n\n')
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 10/11] oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
` (8 preceding siblings ...)
2023-05-20 16:05 ` [OE-core][dunfell 09/11] populate_sdk_ext.bbclass: set METADATA_REVISION with an DISTRO override Steve Sakoman
@ 2023-05-20 16:05 ` Steve Sakoman
2023-05-20 16:05 ` [OE-core][dunfell 11/11] selftest: skip virgl test on ubuntu 22.10, fedora 37, and all rocky Steve Sakoman
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:05 UTC (permalink / raw)
To: openembedded-core
From: Thomas Roos <throos@amazon.de>
This will use default values when no distribution is set.
[YOCTO #15086]
Signed-off-by: Thomas Roos <throos@amazon.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 888fe63b46efceeff08dbe8c4f66fec33d06cb7a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/utils/metadata.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta/lib/oeqa/utils/metadata.py b/meta/lib/oeqa/utils/metadata.py
index 8013aa684d..15ec190c4a 100644
--- a/meta/lib/oeqa/utils/metadata.py
+++ b/meta/lib/oeqa/utils/metadata.py
@@ -27,9 +27,9 @@ def metadata_from_bb():
data_dict = get_bb_vars()
# Distro information
- info_dict['distro'] = {'id': data_dict['DISTRO'],
- 'version_id': data_dict['DISTRO_VERSION'],
- 'pretty_name': '%s %s' % (data_dict['DISTRO'], data_dict['DISTRO_VERSION'])}
+ info_dict['distro'] = {'id': data_dict.get('DISTRO', 'NODISTRO'),
+ 'version_id': data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'),
+ 'pretty_name': '%s %s' % (data_dict.get('DISTRO', 'NODISTRO'), data_dict.get('DISTRO_VERSION', 'NO_DISTRO_VERSION'))}
# Host distro information
os_release = get_os_release()
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread* [OE-core][dunfell 11/11] selftest: skip virgl test on ubuntu 22.10, fedora 37, and all rocky
2023-05-20 16:04 [OE-core][dunfell 00/11] Patch review Steve Sakoman
` (9 preceding siblings ...)
2023-05-20 16:05 ` [OE-core][dunfell 10/11] oeqa/utils/metadata.py: Fix running oe-selftest running with no distro set Steve Sakoman
@ 2023-05-20 16:05 ` Steve Sakoman
10 siblings, 0 replies; 23+ messages in thread
From: Steve Sakoman @ 2023-05-20 16:05 UTC (permalink / raw)
To: openembedded-core
This test will fail any time the host has libdrm > 2.4.107
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/runtime_test.py | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
index 5439bd426b..d80f85dba2 100644
--- a/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -177,6 +177,8 @@ class TestImage(OESelftestTestCase):
distro = oe.lsb.distro_identifier()
if distro and distro.startswith('almalinux'):
self.skipTest('virgl isn\'t working with Alma Linux')
+ if distro and distro.startswith('rocky'):
+ self.skipTest('virgl isn\'t working with Rocky Linux')
if distro and distro == 'debian-8':
self.skipTest('virgl isn\'t working with Debian 8')
if distro and distro == 'centos-7':
@@ -189,10 +191,14 @@ class TestImage(OESelftestTestCase):
self.skipTest('virgl isn\'t working with Fedora 35')
if distro and distro == 'fedora-36':
self.skipTest('virgl isn\'t working with Fedora 36')
+ if distro and distro == 'fedora-37':
+ self.skipTest('virgl isn\'t working with Fedora 37')
if distro and distro == 'opensuseleap-15.0':
self.skipTest('virgl isn\'t working with Opensuse 15.0')
if distro and distro == 'ubuntu-22.04':
self.skipTest('virgl isn\'t working with Ubuntu 22.04')
+ if distro and distro == 'ubuntu-22.10':
+ self.skipTest('virgl isn\'t working with Ubuntu 22.10')
qemu_packageconfig = get_bb_var('PACKAGECONFIG', 'qemu-system-native')
sdl_packageconfig = get_bb_var('PACKAGECONFIG', 'libsdl2-native')
--
2.34.1
^ permalink raw reply related [flat|nested] 23+ messages in thread