* [OE-core][dunfell 00/10] Patch review
@ 2021-12-13 15:36 Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 01/10] cve-extra-exclusions: add db CVEs to exclusion list Steve Sakoman
` (9 more replies)
0 siblings, 10 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
Please review this set of patches for dunfell and have comments back by end
of day Wednesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3026
with the exception of a known autobuilder intermittent issue which passed
on subsequent retest:
https://autobuilder.yoctoproject.org/typhoon/#/builders/86/builds/2924
The following changes since commit f788765e1b9832d0da8ec4ce49aa811115864b0e:
README.OE-Core.md: update URLs (2021-12-06 04:48:48 -1000)
are available in the Git repository at:
git://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Andrey Zhizhikin (1):
lttng-modules: do not search in non-existing folder during install
Markus Volk (1):
wic:direct.py: ignore invalid mountpoints during fstab update
Marta Rybczynska (1):
libgcrypt: solve CVE-2021-33560 and CVE-2021-40528
Richard Purdie (1):
gcc: Add CVE-2021-37322 to the list of CVEs to ignore
Ross Burton (1):
runqemu: check the qemu PID has been set before kill()ing it
Sana Kazi (1):
busybox: Fix multiple security issues in awk
Stefan Herbrechtsmeier (2):
recipetool: Set master branch only as fallback
selftest/devtool: Check branch in git fetch
Steve Sakoman (2):
cve-extra-exclusions: add db CVEs to exclusion list
selftest: skip virgl test on centos 8 entirely
.../distro/include/cve-extra-exclusions.inc | 9 +-
meta/lib/oeqa/selftest/cases/devtool.py | 5 +-
meta/lib/oeqa/selftest/cases/runtime_test.py | 2 +
meta/recipes-core/busybox/busybox_1.31.1.bb | 1 +
.../busybox/files/CVE-2021-423xx-awk.patch | 215 ++++++++++++++++++
meta/recipes-devtools/gcc/gcc-9.3.inc | 3 +
.../lttng/lttng-modules_2.11.6.bb | 4 +-
.../libgcrypt/files/CVE-2021-33560.patch | 138 +++++------
.../libgcrypt/files/CVE-2021-40528.patch | 109 +++++++++
.../libgcrypt/libgcrypt_1.8.5.bb | 1 +
scripts/lib/recipetool/create.py | 15 +-
scripts/lib/wic/plugins/imager/direct.py | 2 +-
scripts/runqemu | 3 +-
13 files changed, 408 insertions(+), 99 deletions(-)
create mode 100644 meta/recipes-core/busybox/files/CVE-2021-423xx-awk.patch
create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-40528.patch
--
2.25.1
^ permalink raw reply [flat|nested] 11+ messages in thread
* [OE-core][dunfell 01/10] cve-extra-exclusions: add db CVEs to exclusion list
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 02/10] libgcrypt: solve CVE-2021-33560 and CVE-2021-40528 Steve Sakoman
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with
supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 679fc70f907fb221f4541ebf30c1610e937209b7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
| 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
--git a/meta/conf/distro/include/cve-extra-exclusions.inc b/meta/conf/distro/include/cve-extra-exclusions.inc
index a6f52b5de7..e02a4d1fde 100644
--- a/meta/conf/distro/include/cve-extra-exclusions.inc
+++ b/meta/conf/distro/include/cve-extra-exclusions.inc
@@ -44,7 +44,14 @@ CVE_CHECK_WHITELIST += "CVE-2010-4756"
# exposing this interface in an exploitable way
CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511"
-
+# db
+# Since Oracle relicensed bdb, the open source community is slowly but surely replacing bdb with
+# supported and open source friendly alternatives. As a result these CVEs are unlikely to ever be fixed.
+CVE_CHECK_WHITELIST += "CVE-2015-2583 CVE-2015-2624 CVE-2015-2626 CVE-2015-2640 CVE-2015-2654 \
+CVE-2015-2656 CVE-2015-4754 CVE-2015-4764 CVE-2015-4774 CVE-2015-4775 CVE-2015-4776 CVE-2015-4777 \
+CVE-2015-4778 CVE-2015-4779 CVE-2015-4780 CVE-2015-4781 CVE-2015-4782 CVE-2015-4783 CVE-2015-4784 \
+CVE-2015-4785 CVE-2015-4786 CVE-2015-4787 CVE-2015-4788 CVE-2015-4789 CVE-2015-4790 CVE-2016-0682 \
+CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2020-2981"
#### CPE update pending ####
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 02/10] libgcrypt: solve CVE-2021-33560 and CVE-2021-40528
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 01/10] cve-extra-exclusions: add db CVEs to exclusion list Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 03/10] gcc: Add CVE-2021-37322 to the list of CVEs to ignore Steve Sakoman
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
From: Marta Rybczynska <rybczynska@gmail.com>
This change fixes patches for two issues reported in a research
paper [1]: a side channel attack (*) and a cross-configuration
attack (**).
In this commit we add a fix for (*) that wasn't marked as a CVE
initially upstream. A fix of (**) previosly available in OE
backports is in fact fixing CVE-2021-40528, not CVE-2021-33560
as marked in the commit message.
We commit the accual fix for CVE-2021-33560 and rename the
existing fix with the correct CVE-2021-40528.
For details of the mismatch and the timeline see [2] (fix of the
documentation) and [3] (the related ticket upstream).
[1] https://eprint.iacr.org/2021/923.pdf
[2] https://dev.gnupg.org/rCb118681ebc4c9ea4b9da79b0f9541405a64f4c13
[3] https://dev.gnupg.org/T5328#149606
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../libgcrypt/files/CVE-2021-33560.patch | 138 +++++++-----------
.../libgcrypt/files/CVE-2021-40528.patch | 109 ++++++++++++++
.../libgcrypt/libgcrypt_1.8.5.bb | 1 +
3 files changed, 163 insertions(+), 85 deletions(-)
create mode 100644 meta/recipes-support/libgcrypt/files/CVE-2021-40528.patch
diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
index c0d00485e6..bf26486d8b 100644
--- a/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
+++ b/meta/recipes-support/libgcrypt/files/CVE-2021-33560.patch
@@ -1,109 +1,77 @@
-From 707c3c5c511ee70ad0e39ec613471f665305fbea Mon Sep 17 00:00:00 2001
+From e8b7f10be275bcedb5fc05ed4837a89bfd605c61 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Fri, 21 May 2021 11:15:07 +0900
-Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
+Date: Tue, 13 Apr 2021 10:00:00 +0900
+Subject: [PATCH] cipher: Hardening ElGamal by introducing exponent blinding
+ too.
-* cipher/elgamal.c (gen_k): Remove support of smaller K.
-(do_encrypt): Never use smaller K.
-(sign): Folllow the change of gen_k.
+* cipher/elgamal.c (do_encrypt): Also do exponent blinding.
--
-Cherry-pick master commit of:
- 632d80ef30e13de6926d503aa697f92b5dbfbc5e
+Base blinding had been introduced with USE_BLINDING. This patch add
+exponent blinding as well to mitigate side-channel attack on mpi_powm.
-This change basically reverts encryption changes in two commits:
-
- 74386120dad6b3da62db37f7044267c8ef34689b
- 78531373a342aeb847950f404343a05e36022065
-
-Use of smaller K for ephemeral key in ElGamal encryption is only good,
-when we can guarantee that recipient's key is generated by our
-implementation (or compatible).
-
-For detail, please see:
-
- Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
- "On the (in)security of ElGamal in OpenPGP";
- in the proceedings of CCS'2021.
-
-CVE-id: CVE-2021-33560
GnuPG-bug-id: 5328
-Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
Upstream-Status: Backport
CVE: CVE-2021-33560
-Signed-off-by: Armin Kuster <akuster@mvista.com>
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
---
- cipher/elgamal.c | 24 ++++++------------------
- 1 file changed, 6 insertions(+), 18 deletions(-)
+ cipher/elgamal.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
diff --git a/cipher/elgamal.c b/cipher/elgamal.c
-index 4eb52d62..ae7a631e 100644
+index 4eb52d62..9835122f 100644
--- a/cipher/elgamal.c
+++ b/cipher/elgamal.c
-@@ -66,7 +66,7 @@ static const char *elg_names[] =
-
+@@ -522,8 +522,9 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+ static void
+ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
+ {
+- gcry_mpi_t t1, t2, r;
++ gcry_mpi_t t1, t2, r, r1, h;
+ unsigned int nbits = mpi_get_nbits (skey->p);
++ gcry_mpi_t x_blind;
- static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
--static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
-+static gcry_mpi_t gen_k (gcry_mpi_t p);
- static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
- gcry_mpi_t **factors);
- static int check_secret_key (ELG_secret_key *sk);
-@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
+ mpi_normalize (a);
+ mpi_normalize (b);
+@@ -534,20 +535,33 @@ decrypt (gcry_mpi_t output, gcry_mpi_t a, gcry_mpi_t b, ELG_secret_key *skey )
- /****************
- * Generate a random secret exponent k from prime p, so that k is
-- * relatively prime to p-1. With SMALL_K set, k will be selected for
-- * better encryption performance - this must never be used signing!
-+ * relatively prime to p-1.
- */
- static gcry_mpi_t
--gen_k( gcry_mpi_t p, int small_k )
-+gen_k( gcry_mpi_t p )
- {
- gcry_mpi_t k = mpi_alloc_secure( 0 );
- gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
-@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
- unsigned int nbits, nbytes;
- char *rndbuf = NULL;
+ t2 = mpi_snew (nbits);
+ r = mpi_new (nbits);
++ r1 = mpi_new (nbits);
++ h = mpi_new (nbits);
++ x_blind = mpi_snew (nbits);
-- if (small_k)
-- {
-- /* Using a k much lesser than p is sufficient for encryption and
-- * it greatly improves the encryption performance. We use
-- * Wiener's table and add a large safety margin. */
-- nbits = wiener_map( orig_nbits ) * 3 / 2;
-- if( nbits >= orig_nbits )
-- BUG();
-- }
-- else
-- nbits = orig_nbits;
--
-+ nbits = orig_nbits;
+ /* We need a random number of about the prime size. The random
+ number merely needs to be unpredictable; thus we use level 0. */
+ _gcry_mpi_randomize (r, nbits, GCRY_WEAK_RANDOM);
- nbytes = (nbits+7)/8;
- if( DBG_CIPHER )
-@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
- * error code.
- */
++ /* Also, exponent blinding: x_blind = x + (p-1)*r1 */
++ _gcry_mpi_randomize (r1, nbits, GCRY_WEAK_RANDOM);
++ mpi_set_highbit (r1, nbits - 1);
++ mpi_sub_ui (h, skey->p, 1);
++ mpi_mul (x_blind, h, r1);
++ mpi_add (x_blind, skey->x, x_blind);
++
+ /* t1 = r^x mod p */
+- mpi_powm (t1, r, skey->x, skey->p);
++ mpi_powm (t1, r, x_blind, skey->p);
+ /* t2 = (a * r)^-x mod p */
+ mpi_mulm (t2, a, r, skey->p);
+- mpi_powm (t2, t2, skey->x, skey->p);
++ mpi_powm (t2, t2, x_blind, skey->p);
+ mpi_invm (t2, t2, skey->p);
+ /* t1 = (t1 * t2) mod p*/
+ mpi_mulm (t1, t1, t2, skey->p);
-- k = gen_k( pkey->p, 1 );
-+ k = gen_k( pkey->p );
- mpi_powm (a, pkey->g, k, pkey->p);
++ mpi_free (x_blind);
++ mpi_free (h);
++ mpi_free (r1);
+ mpi_free (r);
+ mpi_free (t2);
- /* b = (y^k * input) mod p
-@@ -594,7 +582,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
- *
- */
- mpi_sub_ui(p_1, p_1, 1);
-- k = gen_k( skey->p, 0 /* no small K ! */ );
-+ k = gen_k( skey->p );
- mpi_powm( a, skey->g, k, skey->p );
- mpi_mul(t, skey->x, a );
- mpi_subm(t, input, t, p_1 );
--
-2.30.2
+2.11.0
diff --git a/meta/recipes-support/libgcrypt/files/CVE-2021-40528.patch b/meta/recipes-support/libgcrypt/files/CVE-2021-40528.patch
new file mode 100644
index 0000000000..b3a18bc5aa
--- /dev/null
+++ b/meta/recipes-support/libgcrypt/files/CVE-2021-40528.patch
@@ -0,0 +1,109 @@
+From 707c3c5c511ee70ad0e39ec613471f665305fbea Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Fri, 21 May 2021 11:15:07 +0900
+Subject: [PATCH] cipher: Fix ElGamal encryption for other implementations.
+
+* cipher/elgamal.c (gen_k): Remove support of smaller K.
+(do_encrypt): Never use smaller K.
+(sign): Folllow the change of gen_k.
+
+--
+
+Cherry-pick master commit of:
+ 632d80ef30e13de6926d503aa697f92b5dbfbc5e
+
+This change basically reverts encryption changes in two commits:
+
+ 74386120dad6b3da62db37f7044267c8ef34689b
+ 78531373a342aeb847950f404343a05e36022065
+
+Use of smaller K for ephemeral key in ElGamal encryption is only good,
+when we can guarantee that recipient's key is generated by our
+implementation (or compatible).
+
+For detail, please see:
+
+ Luca De Feo, Bertram Poettering, Alessandro Sorniotti,
+ "On the (in)security of ElGamal in OpenPGP";
+ in the proceedings of CCS'2021.
+
+CVE-id: CVE-2021-33560
+GnuPG-bug-id: 5328
+Suggested-by: Luca De Feo, Bertram Poettering, Alessandro Sorniotti
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+
+Upstream-Status: Backport
+CVE: CVE-2021-40528
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+---
+ cipher/elgamal.c | 24 ++++++------------------
+ 1 file changed, 6 insertions(+), 18 deletions(-)
+
+diff --git a/cipher/elgamal.c b/cipher/elgamal.c
+index 4eb52d62..ae7a631e 100644
+--- a/cipher/elgamal.c
++++ b/cipher/elgamal.c
+@@ -66,7 +66,7 @@ static const char *elg_names[] =
+
+
+ static int test_keys (ELG_secret_key *sk, unsigned int nbits, int nodie);
+-static gcry_mpi_t gen_k (gcry_mpi_t p, int small_k);
++static gcry_mpi_t gen_k (gcry_mpi_t p);
+ static gcry_err_code_t generate (ELG_secret_key *sk, unsigned nbits,
+ gcry_mpi_t **factors);
+ static int check_secret_key (ELG_secret_key *sk);
+@@ -189,11 +189,10 @@ test_keys ( ELG_secret_key *sk, unsigned int nbits, int nodie )
+
+ /****************
+ * Generate a random secret exponent k from prime p, so that k is
+- * relatively prime to p-1. With SMALL_K set, k will be selected for
+- * better encryption performance - this must never be used signing!
++ * relatively prime to p-1.
+ */
+ static gcry_mpi_t
+-gen_k( gcry_mpi_t p, int small_k )
++gen_k( gcry_mpi_t p )
+ {
+ gcry_mpi_t k = mpi_alloc_secure( 0 );
+ gcry_mpi_t temp = mpi_alloc( mpi_get_nlimbs(p) );
+@@ -202,18 +201,7 @@ gen_k( gcry_mpi_t p, int small_k )
+ unsigned int nbits, nbytes;
+ char *rndbuf = NULL;
+
+- if (small_k)
+- {
+- /* Using a k much lesser than p is sufficient for encryption and
+- * it greatly improves the encryption performance. We use
+- * Wiener's table and add a large safety margin. */
+- nbits = wiener_map( orig_nbits ) * 3 / 2;
+- if( nbits >= orig_nbits )
+- BUG();
+- }
+- else
+- nbits = orig_nbits;
+-
++ nbits = orig_nbits;
+
+ nbytes = (nbits+7)/8;
+ if( DBG_CIPHER )
+@@ -492,7 +480,7 @@ do_encrypt(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_public_key *pkey )
+ * error code.
+ */
+
+- k = gen_k( pkey->p, 1 );
++ k = gen_k( pkey->p );
+ mpi_powm (a, pkey->g, k, pkey->p);
+
+ /* b = (y^k * input) mod p
+@@ -594,7 +582,7 @@ sign(gcry_mpi_t a, gcry_mpi_t b, gcry_mpi_t input, ELG_secret_key *skey )
+ *
+ */
+ mpi_sub_ui(p_1, p_1, 1);
+- k = gen_k( skey->p, 0 /* no small K ! */ );
++ k = gen_k( skey->p );
+ mpi_powm( a, skey->g, k, skey->p );
+ mpi_mul(t, skey->x, a );
+ mpi_subm(t, input, t, p_1 );
+--
+2.30.2
+
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
index 174b087b24..8045bab9ed 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.8.5.bb
@@ -29,6 +29,7 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \
file://0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch \
file://determinism.patch \
file://CVE-2021-33560.patch \
+ file://CVE-2021-40528.patch \
"
SRC_URI[md5sum] = "348cc4601ca34307fc6cd6c945467743"
SRC_URI[sha256sum] = "3b4a2a94cb637eff5bdebbcaf46f4d95c4f25206f459809339cdada0eb577ac3"
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 03/10] gcc: Add CVE-2021-37322 to the list of CVEs to ignore
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 01/10] cve-extra-exclusions: add db CVEs to exclusion list Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 02/10] libgcrypt: solve CVE-2021-33560 and CVE-2021-40528 Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 04/10] busybox: Fix multiple security issues in awk Steve Sakoman
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE applies to binutils 2.26 and not to gcc so ignore there.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-devtools/gcc/gcc-9.3.inc | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/gcc/gcc-9.3.inc b/meta/recipes-devtools/gcc/gcc-9.3.inc
index 235576e627..c171f673e9 100644
--- a/meta/recipes-devtools/gcc/gcc-9.3.inc
+++ b/meta/recipes-devtools/gcc/gcc-9.3.inc
@@ -124,3 +124,6 @@ EXTRA_OECONF_PATHS = "\
--with-sysroot=/not/exist \
--with-build-sysroot=${STAGING_DIR_TARGET} \
"
+
+# Is a binutils 2.26 issue, not gcc
+CVE_CHECK_WHITELIST += "CVE-2021-37322"
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 04/10] busybox: Fix multiple security issues in awk
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (2 preceding siblings ...)
2021-12-13 15:36 ` [OE-core][dunfell 03/10] gcc: Add CVE-2021-37322 to the list of CVEs to ignore Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 05/10] wic:direct.py: ignore invalid mountpoints during fstab update Steve Sakoman
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
From: Sana Kazi <Sana.Kazi@partner.bmw.de>
CVE-2021-423xx-awk.patch fixes below listed CVEs for busybox:
CVE-2021-42378, CVE-2021-42379, CVE-2021-42380, CVE-2021-42381,
CVE-2021-42382, CVE-2021-42384, CVE-2021-42385, CVE-2021-42386
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Ranjitsinh Rathod <ranjitsinhrathod1991@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/busybox/busybox_1.31.1.bb | 1 +
.../busybox/files/CVE-2021-423xx-awk.patch | 215 ++++++++++++++++++
2 files changed, 216 insertions(+)
create mode 100644 meta/recipes-core/busybox/files/CVE-2021-423xx-awk.patch
diff --git a/meta/recipes-core/busybox/busybox_1.31.1.bb b/meta/recipes-core/busybox/busybox_1.31.1.bb
index 14ac710f3b..38b448b3e1 100644
--- a/meta/recipes-core/busybox/busybox_1.31.1.bb
+++ b/meta/recipes-core/busybox/busybox_1.31.1.bb
@@ -54,6 +54,7 @@ SRC_URI = "https://busybox.net/downloads/busybox-${PV}.tar.bz2;name=tarball \
file://0001-mktemp-add-tmpdir-option.patch \
file://CVE-2021-42374.patch \
file://CVE-2021-42376.patch \
+ file://CVE-2021-423xx-awk.patch \
"
SRC_URI_append_libc-musl = " file://musl.cfg "
diff --git a/meta/recipes-core/busybox/files/CVE-2021-423xx-awk.patch b/meta/recipes-core/busybox/files/CVE-2021-423xx-awk.patch
new file mode 100644
index 0000000000..7e3d47b88c
--- /dev/null
+++ b/meta/recipes-core/busybox/files/CVE-2021-423xx-awk.patch
@@ -0,0 +1,215 @@
+From a21708eb8d07b4a6dbc1d3e4ace4c5721515a84c Mon Sep 17 00:00:00 2001
+From: Sana Kazi <Sana.Kazi@kpit.com>
+Date: Wed, 8 Dec 2021 12:25:34 +0530
+Subject: [PATCH] busybox: Fix multiple security issues in awk
+
+Description: fix multiple security issues in awk
+Origin: backported awk.c from busybox 1.34.1
+
+CVE: CVE-2021-42378
+CVE: CVE-2021-42379
+CVE: CVE-2021-42380
+CVE: CVE-2021-42381
+CVE: CVE-2021-42382
+CVE: CVE-2021-42384
+CVE: CVE-2021-42385
+CVE: CVE-2021-42386
+
+Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/busybox/1:1.30.1-6ubuntu3.1/busybox_1.30.1-6ubuntu3.1.debian.tar.xz]
+
+Comment: Refreshed first hunk and removed few hunks as they are already present in source.
+
+Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
+Signed-off-by: Ranjitsinh Rathod <Ranjitsinh.Rathod@kpit.com>
+
+---
+ editors/awk.c | 80 ++++++++++++++++++++++++++++++++++++++-------------
+ 1 file changed, 60 insertions(+), 20 deletions(-)
+
+diff --git a/editors/awk.c b/editors/awk.c
+index d25508e..4e4f282 100644
+--- a/editors/awk.c
++++ b/editors/awk.c
+@@ -272,7 +272,8 @@ typedef struct tsplitter_s {
+ /* if previous token class is CONCAT1 and next is CONCAT2, concatenation */
+ /* operator is inserted between them */
+ #define TC_CONCAT1 (TC_VARIABLE | TC_ARRTERM | TC_SEQTERM \
+- | TC_STRING | TC_NUMBER | TC_UOPPOST)
++ | TC_STRING | TC_NUMBER | TC_UOPPOST \
++ | TC_LENGTH)
+ #define TC_CONCAT2 (TC_OPERAND | TC_UOPPRE)
+
+ #define OF_RES1 0x010000
+@@ -404,7 +405,7 @@ static const char tokenlist[] ALIGN1 =
+
+ #define OC_B OC_BUILTIN
+
+-static const uint32_t tokeninfo[] = {
++static const uint32_t tokeninfo[] ALIGN4 = {
+ 0,
+ 0,
+ OC_REGEXP,
+@@ -1070,8 +1071,10 @@ static uint32_t next_token(uint32_t expected)
+ const uint32_t *ti;
+
+ if (t_rollback) {
++ debug_printf_parse("%s: using rolled-back token\n", __func__);
+ t_rollback = FALSE;
+ } else if (concat_inserted) {
++ debug_printf_parse("%s: using concat-inserted token\n", __func__);
+ concat_inserted = FALSE;
+ t_tclass = save_tclass;
+ t_info = save_info;
+@@ -1200,7 +1203,11 @@ static uint32_t next_token(uint32_t expected)
+ goto readnext;
+
+ /* insert concatenation operator when needed */
+- if ((ltclass & TC_CONCAT1) && (tc & TC_CONCAT2) && (expected & TC_BINOP)) {
++ debug_printf_parse("%s: %x %x %x concat_inserted?\n", __func__,
++ (ltclass & TC_CONCAT1), (tc & TC_CONCAT2), (expected & TC_BINOP));
++ if ((ltclass & TC_CONCAT1) && (tc & TC_CONCAT2) && (expected & TC_BINOP)
++ && !(ltclass == TC_LENGTH && tc == TC_SEQSTART) /* but not for "length(..." */
++ ) {
+ concat_inserted = TRUE;
+ save_tclass = tc;
+ save_info = t_info;
+@@ -1208,6 +1215,7 @@ static uint32_t next_token(uint32_t expected)
+ t_info = OC_CONCAT | SS | P(35);
+ }
+
++ debug_printf_parse("%s: t_tclass=tc=%x\n", __func__, t_tclass);
+ t_tclass = tc;
+ }
+ ltclass = t_tclass;
+@@ -1218,6 +1226,7 @@ static uint32_t next_token(uint32_t expected)
+ EMSG_UNEXP_EOS : EMSG_UNEXP_TOKEN);
+ }
+
++ debug_printf_parse("%s: returning, ltclass:%x t_double:%f\n", __func__, ltclass, t_double);
+ return ltclass;
+ #undef concat_inserted
+ #undef save_tclass
+@@ -1282,7 +1291,7 @@ static node *parse_expr(uint32_t iexp)
+ glptr = NULL;
+
+ } else if (tc & (TC_BINOP | TC_UOPPOST)) {
+- debug_printf_parse("%s: TC_BINOP | TC_UOPPOST\n", __func__);
++ debug_printf_parse("%s: TC_BINOP | TC_UOPPOST tc:%x\n", __func__, tc);
+ /* for binary and postfix-unary operators, jump back over
+ * previous operators with higher priority */
+ vn = cn;
+@@ -1350,8 +1359,10 @@ static node *parse_expr(uint32_t iexp)
+ v = cn->l.v = xzalloc(sizeof(var));
+ if (tc & TC_NUMBER)
+ setvar_i(v, t_double);
+- else
++ else {
+ setvar_s(v, t_string);
++ xtc &= ~TC_UOPPOST; /* "str"++ is not allowed */
++ }
+ break;
+
+ case TC_REGEXP:
+@@ -1387,7 +1398,12 @@ static node *parse_expr(uint32_t iexp)
+
+ case TC_LENGTH:
+ debug_printf_parse("%s: TC_LENGTH\n", __func__);
+- next_token(TC_SEQSTART | TC_OPTERM | TC_GRPTERM);
++ next_token(TC_SEQSTART /* length(...) */
++ | TC_OPTERM /* length; (or newline)*/
++ | TC_GRPTERM /* length } */
++ | TC_BINOPX /* length <op> NUM */
++ | TC_COMMA /* print length, 1 */
++ );
+ rollback_token();
+ if (t_tclass & TC_SEQSTART) {
+ /* It was a "(" token. Handle just like TC_BUILTIN */
+@@ -1747,12 +1763,34 @@ static void fsrealloc(int size)
+ nfields = size;
+ }
+
++static int regexec1_nonempty(const regex_t *preg, const char *s, regmatch_t pmatch[])
++{
++ int r = regexec(preg, s, 1, pmatch, 0);
++ if (r == 0 && pmatch[0].rm_eo == 0) {
++ /* For example, happens when FS can match
++ * an empty string (awk -F ' *'). Logically,
++ * this should split into one-char fields.
++ * However, gawk 5.0.1 searches for first
++ * _non-empty_ separator string match:
++ */
++ size_t ofs = 0;
++ do {
++ ofs++;
++ if (!s[ofs])
++ return REG_NOMATCH;
++ regexec(preg, s + ofs, 1, pmatch, 0);
++ } while (pmatch[0].rm_eo == 0);
++ pmatch[0].rm_so += ofs;
++ pmatch[0].rm_eo += ofs;
++ }
++ return r;
++}
++
+ static int awk_split(const char *s, node *spl, char **slist)
+ {
+- int l, n;
++ int n;
+ char c[4];
+ char *s1;
+- regmatch_t pmatch[2]; // TODO: why [2]? [1] is enough...
+
+ /* in worst case, each char would be a separate field */
+ *slist = s1 = xzalloc(strlen(s) * 2 + 3);
+@@ -1769,29 +1807,31 @@ static int awk_split(const char *s, node *spl, char **slist)
+ return n; /* "": zero fields */
+ n++; /* at least one field will be there */
+ do {
++ int l;
++ regmatch_t pmatch[2]; // TODO: why [2]? [1] is enough...
++
+ l = strcspn(s, c+2); /* len till next NUL or \n */
+- if (regexec(icase ? spl->r.ire : spl->l.re, s, 1, pmatch, 0) == 0
++ if (regexec1_nonempty(icase ? spl->r.ire : spl->l.re, s, pmatch) == 0
+ && pmatch[0].rm_so <= l
+ ) {
++ /* if (pmatch[0].rm_eo == 0) ... - impossible */
+ l = pmatch[0].rm_so;
+- if (pmatch[0].rm_eo == 0) {
+- l++;
+- pmatch[0].rm_eo++;
+- }
+ n++; /* we saw yet another delimiter */
+ } else {
+ pmatch[0].rm_eo = l;
+ if (s[l])
+ pmatch[0].rm_eo++;
+ }
+- memcpy(s1, s, l);
+- /* make sure we remove *all* of the separator chars */
+- do {
+- s1[l] = '\0';
+- } while (++l < pmatch[0].rm_eo);
+- nextword(&s1);
++ s1 = mempcpy(s1, s, l);
++ *s1++ = '\0';
+ s += pmatch[0].rm_eo;
+ } while (*s);
++
++ /* echo a-- | awk -F-- '{ print NF, length($NF), $NF }'
++ * should print "2 0 ":
++ */
++ *s1 = '\0';
++
+ return n;
+ }
+ if (c[0] == '\0') { /* null split */
+@@ -1995,7 +2035,7 @@ static int ptest(node *pattern)
+ static int awk_getline(rstream *rsm, var *v)
+ {
+ char *b;
+- regmatch_t pmatch[2];
++ regmatch_t pmatch[2]; // TODO: why [2]? [1] is enough...
+ int size, a, p, pp = 0;
+ int fd, so, eo, r, rp;
+ char c, *m, *s;
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 05/10] wic:direct.py: ignore invalid mountpoints during fstab update
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (3 preceding siblings ...)
2021-12-13 15:36 ` [OE-core][dunfell 04/10] busybox: Fix multiple security issues in awk Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 06/10] lttng-modules: do not search in non-existing folder during install Steve Sakoman
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
From: Markus Volk <f_l_k@t-online.de>
wic fstab-update creates invalid entries for partitons that are not supposed to
be mounted from userspace eg u-boot partitions.
The following lines were added to fstab on a rock-pi-4:
/dev/mmcblk1p1 loader1 vfat defaults 0 0
/dev/mmcblk1p2 reserved1 vfat defaults 0 0
/dev/mmcblk1p3 reserved2 vfat defaults 0 0
/dev/mmcblk1p4 loader2 vfat defaults 0 0
/dev/mmcblk1p5 atf vfat defaults 0 0
/dev/mmcblk1p6 /boot vfat defaults 0 0
With this patch only valid entries should be added
/dev/mmcblk1p6 /boot vfat defaults 0 0
Signed-off-by: MarkusVolk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7aa678ce804c21dc1dc51b9be442671bc33c4041)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/wic/plugins/imager/direct.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/lib/wic/plugins/imager/direct.py b/scripts/lib/wic/plugins/imager/direct.py
index 7e1c1c03ab..2505c13fce 100644
--- a/scripts/lib/wic/plugins/imager/direct.py
+++ b/scripts/lib/wic/plugins/imager/direct.py
@@ -115,7 +115,7 @@ class DirectPlugin(ImagerPlugin):
updated = False
for part in self.parts:
if not part.realnum or not part.mountpoint \
- or part.mountpoint == "/":
+ or part.mountpoint == "/" or not part.mountpoint.startswith('/'):
continue
if part.use_uuid:
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 06/10] lttng-modules: do not search in non-existing folder during install
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (4 preceding siblings ...)
2021-12-13 15:36 ` [OE-core][dunfell 05/10] wic:direct.py: ignore invalid mountpoints during fstab update Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 07/10] runqemu: check the qemu PID has been set before kill()ing it Steve Sakoman
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
From: Andrey Zhizhikin <andrey.z@gmail.com>
When CONFIG_TRACEPOINTS is not enabled in kernel config - module
compilation is skipped, which causes the ${D}/${nonarch_base_libdir} not
to be created.
This fails later in do_install:append() due to the fact that find
command in executed for non-existing folder.
Check for folder existence before find command in executed.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit de0aa1700ed4e6f04b0a233eb1f6d2ac598e7ed8)
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb b/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb
index 3fdc8094e9..3145f0298c 100644
--- a/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb
+++ b/meta/recipes-kernel/lttng/lttng-modules_2.11.6.bb
@@ -39,7 +39,9 @@ EXTRA_OEMAKE += "KERNELDIR='${STAGING_KERNEL_DIR}'"
do_install_append() {
# Delete empty directories to avoid QA failures if no modules were built
- find ${D}/${nonarch_base_libdir} -depth -type d -empty -exec rmdir {} \;
+ if [ -d ${D}/${nonarch_base_libdir} ]; then
+ find ${D}/${nonarch_base_libdir} -depth -type d -empty -exec rmdir {} \;
+ fi
}
python do_package_prepend() {
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 07/10] runqemu: check the qemu PID has been set before kill()ing it
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (5 preceding siblings ...)
2021-12-13 15:36 ` [OE-core][dunfell 06/10] lttng-modules: do not search in non-existing folder during install Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 08/10] recipetool: Set master branch only as fallback Steve Sakoman
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
If runqemu is killed, check that we have a valid PID for the qemu before
sending a kill() to it.
[ YOCTO #14651 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0f3afbd3a6a6bef668612f818517df7543c0a683)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/runqemu | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/scripts/runqemu b/scripts/runqemu
index 10880ba6bb..51607f10e5 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -1516,7 +1516,8 @@ def main():
def sigterm_handler(signum, frame):
logger.info("SIGTERM received")
- os.kill(config.qemupid, signal.SIGTERM)
+ if config.qemupid:
+ os.kill(config.qemupid, signal.SIGTERM)
config.cleanup()
# Deliberately ignore the return code of 'tput smam'.
subprocess.call(["tput", "smam"])
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 08/10] recipetool: Set master branch only as fallback
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (6 preceding siblings ...)
2021-12-13 15:36 ` [OE-core][dunfell 07/10] runqemu: check the qemu PID has been set before kill()ing it Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 09/10] selftest/devtool: Check branch in git fetch Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 10/10] selftest: skip virgl test on centos 8 entirely Steve Sakoman
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
From: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
The commit 'meta/scripts: Manual git url branch additions (dc53fe75cc)'
sets the branch= parameter too early to master and thereby breaks the
-B/--srcbranch option.
ERROR: branch= parameter and -B/--srcbranch option cannot both be specified - use one or the other
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 34ece8030e7a6a100b5e3e7b94e6c786c0e199a6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/recipetool/create.py | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/scripts/lib/recipetool/create.py b/scripts/lib/recipetool/create.py
index 116bdfd697..5b6ac12a92 100644
--- a/scripts/lib/recipetool/create.py
+++ b/scripts/lib/recipetool/create.py
@@ -389,9 +389,6 @@ def reformat_git_uri(uri):
parms.update({('protocol', 'ssh')})
elif (scheme == "http" or scheme == 'https' or scheme == 'ssh') and not ('protocol' in parms):
parms.update({('protocol', scheme)})
- # We assume 'master' branch if not set
- if not 'branch' in parms:
- parms.update({('branch', 'master')})
# Always append 'git://'
fUrl = bb.fetch2.encodeurl(('git', host, path, user, pswd, parms))
return fUrl
@@ -481,6 +478,9 @@ def create_recipe(args):
storeTagName = params['tag']
params['nobranch'] = '1'
del params['tag']
+ # Assume 'master' branch if not set
+ if scheme in ['git', 'gitsm'] and 'branch' not in params and 'nobranch' not in params:
+ params['branch'] = 'master'
fetchuri = bb.fetch2.encodeurl((scheme, network, path, user, passwd, params))
tmpparent = tinfoil.config_data.getVar('BASE_WORKDIR')
@@ -530,10 +530,9 @@ def create_recipe(args):
# Remove HEAD reference point and drop remote prefix
get_branch = [x.split('/', 1)[1] for x in get_branch if not x.startswith('origin/HEAD')]
if 'master' in get_branch:
- # If it is master, we do not need to append 'branch=master' as this is default.
# Even with the case where get_branch has multiple objects, if 'master' is one
# of them, we should default take from 'master'
- srcbranch = ''
+ srcbranch = 'master'
elif len(get_branch) == 1:
# If 'master' isn't in get_branch and get_branch contains only ONE object, then store result into 'srcbranch'
srcbranch = get_branch[0]
@@ -546,8 +545,8 @@ def create_recipe(args):
# Since we might have a value in srcbranch, we need to
# recontruct the srcuri to include 'branch' in params.
scheme, network, path, user, passwd, params = bb.fetch2.decodeurl(srcuri)
- if srcbranch:
- params['branch'] = srcbranch
+ if scheme in ['git', 'gitsm']:
+ params['branch'] = srcbranch or 'master'
if storeTagName and scheme in ['git', 'gitsm']:
# Check srcrev using tag and check validity of the tag
@@ -606,7 +605,7 @@ def create_recipe(args):
splitline = line.split()
if len(splitline) > 1:
if splitline[0] == 'origin' and scriptutils.is_src_url(splitline[1]):
- srcuri = reformat_git_uri(splitline[1])
+ srcuri = reformat_git_uri(splitline[1]) + ';branch=master'
srcsubdir = 'git'
break
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 09/10] selftest/devtool: Check branch in git fetch
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (7 preceding siblings ...)
2021-12-13 15:36 ` [OE-core][dunfell 08/10] recipetool: Set master branch only as fallback Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 10/10] selftest: skip virgl test on centos 8 entirely Steve Sakoman
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
From: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
The commit 'meta/scripts: Manual git url branch additions (dc53fe75cc)'
forget the url branch= parameter in the devtool git fetch test.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1419168a58a5caf99e24ada08c9ab639344a78b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/devtool.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index 713efd71bd..87e71632ab 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -442,6 +442,7 @@ class DevtoolAddTests(DevtoolBase):
tempdir = tempfile.mkdtemp(prefix='devtoolqa')
self.track_for_cleanup(tempdir)
url = 'gitsm://git.yoctoproject.org/mraa'
+ url_branch = '%s;branch=master' % url
checkrev = 'ae127b19a50aa54255e4330ccfdd9a5d058e581d'
testrecipe = 'mraa'
srcdir = os.path.join(tempdir, testrecipe)
@@ -462,7 +463,7 @@ class DevtoolAddTests(DevtoolBase):
checkvars = {}
checkvars['S'] = '${WORKDIR}/git'
checkvars['PV'] = '1.0+git${SRCPV}'
- checkvars['SRC_URI'] = url
+ checkvars['SRC_URI'] = url_branch
checkvars['SRCREV'] = '${AUTOREV}'
self._test_recipe_contents(recipefile, checkvars, [])
# Try with revision and version specified
@@ -481,7 +482,7 @@ class DevtoolAddTests(DevtoolBase):
checkvars = {}
checkvars['S'] = '${WORKDIR}/git'
checkvars['PV'] = '1.5+git${SRCPV}'
- checkvars['SRC_URI'] = url
+ checkvars['SRC_URI'] = url_branch
checkvars['SRCREV'] = checkrev
self._test_recipe_contents(recipefile, checkvars, [])
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [OE-core][dunfell 10/10] selftest: skip virgl test on centos 8 entirely
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
` (8 preceding siblings ...)
2021-12-13 15:36 ` [OE-core][dunfell 09/10] selftest/devtool: Check branch in git fetch Steve Sakoman
@ 2021-12-13 15:36 ` Steve Sakoman
9 siblings, 0 replies; 11+ messages in thread
From: Steve Sakoman @ 2021-12-13 15:36 UTC (permalink / raw)
To: openembedded-core
With the sdl frontend, qemu isn't able to even boot fully,
so let's skip the test early.
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/runtime_test.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py
index 1c935da919..9e5c3f2878 100644
--- a/meta/lib/oeqa/selftest/cases/runtime_test.py
+++ b/meta/lib/oeqa/selftest/cases/runtime_test.py
@@ -179,6 +179,8 @@ class TestImage(OESelftestTestCase):
self.skipTest('virgl isn\'t working with Debian 8')
if distro and distro == 'centos-7':
self.skipTest('virgl isn\'t working with Centos 7')
+ if distro and distro == 'centos-8':
+ self.skipTest('virgl isn\'t working with Centos 8')
if distro and distro == 'opensuseleap-15.0':
self.skipTest('virgl isn\'t working with Opensuse 15.0')
--
2.25.1
^ permalink raw reply related [flat|nested] 11+ messages in thread
end of thread, other threads:[~2021-12-13 15:37 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-12-13 15:36 [OE-core][dunfell 00/10] Patch review Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 01/10] cve-extra-exclusions: add db CVEs to exclusion list Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 02/10] libgcrypt: solve CVE-2021-33560 and CVE-2021-40528 Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 03/10] gcc: Add CVE-2021-37322 to the list of CVEs to ignore Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 04/10] busybox: Fix multiple security issues in awk Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 05/10] wic:direct.py: ignore invalid mountpoints during fstab update Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 06/10] lttng-modules: do not search in non-existing folder during install Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 07/10] runqemu: check the qemu PID has been set before kill()ing it Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 08/10] recipetool: Set master branch only as fallback Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 09/10] selftest/devtool: Check branch in git fetch Steve Sakoman
2021-12-13 15:36 ` [OE-core][dunfell 10/10] selftest: skip virgl test on centos 8 entirely Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.