* [OE-core][dunfell 01/22] dbus: fix CVE-2020-12049
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
@ 2020-06-30 3:02 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 02/22] perl: fix CVE-2020-10543 & CVE-2020-10878 Steve Sakoman
` (20 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:02 UTC (permalink / raw)
To: openembedded-core
From: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../dbus/dbus/CVE-2020-12049.patch | 78 +++++++++++++++++++
meta/recipes-core/dbus/dbus_1.12.16.bb | 1 +
2 files changed, 79 insertions(+)
create mode 100644 meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
diff --git a/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
new file mode 100644
index 0000000000..ac7a4b7a71
--- /dev/null
+++ b/meta/recipes-core/dbus/dbus/CVE-2020-12049.patch
@@ -0,0 +1,78 @@
+From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
+From: Simon McVittie <smcv@collabora.com>
+Date: Thu, 16 Apr 2020 14:45:11 +0100
+Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
+
+MSG_CTRUNC indicates that we have received fewer fds that we should
+have done because the buffer was too small, but we were treating it
+as though it indicated that we received *no* fds. If we received any,
+we still have to make sure we close them, otherwise they will be leaked.
+
+On the system bus, if an attacker can induce us to leak fds in this
+way, that's a local denial of service via resource exhaustion.
+
+Reported-by: Kevin Backhouse, GitHub Security Lab
+Fixes: dbus#294
+Fixes: CVE-2020-12049
+Fixes: GHSL-2020-057
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/dbus/dbus/-/commit/872b085f12f56da25a2dbd9bd0b2dff31d5aea63]
+CVE: CVE-2020-12049
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
+ 1 file changed, 20 insertions(+), 12 deletions(-)
+
+diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
+index b5fc2466..b176dae1 100644
+--- a/dbus/dbus-sysdeps-unix.c
++++ b/dbus/dbus-sysdeps-unix.c
+@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
+ struct cmsghdr *cm;
+ dbus_bool_t found = FALSE;
+
+- if (m.msg_flags & MSG_CTRUNC)
+- {
+- /* Hmm, apparently the control data was truncated. The bad
+- thing is that we might have completely lost a couple of fds
+- without chance to recover them. Hence let's treat this as a
+- serious error. */
+-
+- errno = ENOSPC;
+- _dbus_string_set_length (buffer, start);
+- return -1;
+- }
+-
+ for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
+ if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
+ {
+@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
+ if (!found)
+ *n_fds = 0;
+
++ if (m.msg_flags & MSG_CTRUNC)
++ {
++ unsigned int i;
++
++ /* Hmm, apparently the control data was truncated. The bad
++ thing is that we might have completely lost a couple of fds
++ without chance to recover them. Hence let's treat this as a
++ serious error. */
++
++ /* We still need to close whatever fds we *did* receive,
++ * otherwise they'll never get closed. (CVE-2020-12049) */
++ for (i = 0; i < *n_fds; i++)
++ close (fds[i]);
++
++ *n_fds = 0;
++ errno = ENOSPC;
++ _dbus_string_set_length (buffer, start);
++ return -1;
++ }
++
+ /* put length back (doesn't actually realloc) */
+ _dbus_string_set_length (buffer, start + bytes_read);
+
+--
+2.25.1
+
diff --git a/meta/recipes-core/dbus/dbus_1.12.16.bb b/meta/recipes-core/dbus/dbus_1.12.16.bb
index 82bb753731..10d1b34448 100644
--- a/meta/recipes-core/dbus/dbus_1.12.16.bb
+++ b/meta/recipes-core/dbus/dbus_1.12.16.bb
@@ -16,6 +16,7 @@ SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
file://tmpdir.patch \
file://dbus-1.init \
file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
+ file://CVE-2020-12049.patch \
"
SRC_URI[md5sum] = "2dbeae80dfc9e3632320c6a53d5e8890"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 02/22] perl: fix CVE-2020-10543 & CVE-2020-10878
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
2020-06-30 3:02 ` [OE-core][dunfell 01/22] dbus: fix CVE-2020-12049 Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 03/22] curl: Security fixes for CVE-2020-{8169/8177} Steve Sakoman
` (19 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../perl/files/CVE-2020-10543.patch | 36 +++++
.../perl/files/CVE-2020-10878_1.patch | 152 ++++++++++++++++++
.../perl/files/CVE-2020-10878_2.patch | 36 +++++
meta/recipes-devtools/perl/perl_5.30.1.bb | 3 +
4 files changed, 227 insertions(+)
create mode 100644 meta/recipes-devtools/perl/files/CVE-2020-10543.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch
create mode 100644 meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-10543.patch b/meta/recipes-devtools/perl/files/CVE-2020-10543.patch
new file mode 100644
index 0000000000..36dff0aac9
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2020-10543.patch
@@ -0,0 +1,36 @@
+From 897d1f7fd515b828e4b198d8b8bef76c6faf03ed Mon Sep 17 00:00:00 2001
+From: John Lightsey <jd@cpanel.net>
+Date: Wed, 20 Nov 2019 20:02:45 -0600
+Subject: [PATCH] regcomp.c: Prevent integer overflow from nested regex
+ quantifiers.
+
+(CVE-2020-10543) On 32bit systems the size calculations for nested regular
+expression quantifiers could overflow causing heap memory corruption.
+
+Fixes: Perl/perl5-security#125
+(cherry picked from commit bfd31397db5dc1a5c5d3e0a1f753a4f89a736e71)
+
+Upstream-Status: Backport [https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed]
+CVE: CVE-2020-10543
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ regcomp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 93c8d98fbb0..5f86be8086d 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -5489,6 +5489,12 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ RExC_precomp)));
+ }
+
++ if ( ( minnext > 0 && mincount >= SSize_t_MAX / minnext )
++ || min >= SSize_t_MAX - minnext * mincount )
++ {
++ FAIL("Regexp out of space");
++ }
++
+ min += minnext * mincount;
+ is_inf_internal |= deltanext == SSize_t_MAX
+ || (maxcount == REG_INFTY && minnext + deltanext > 0);
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch b/meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch
new file mode 100644
index 0000000000..b86085a551
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2020-10878_1.patch
@@ -0,0 +1,152 @@
+From 0a320d753fe7fca03df259a4dfd8e641e51edaa8 Mon Sep 17 00:00:00 2001
+From: Hugo van der Sanden <hv@crypt.org>
+Date: Tue, 18 Feb 2020 13:51:16 +0000
+Subject: [PATCH] study_chunk: extract rck_elide_nothing
+
+(CVE-2020-10878)
+
+(cherry picked from commit 93dee06613d4e1428fb10905ce1c3c96f53113dc)
+
+Upstream-Status: Backport [https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8]
+CVE: CVE-2020-10878
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ embed.fnc | 1 +
+ embed.h | 1 +
+ proto.h | 3 +++
+ regcomp.c | 70 ++++++++++++++++++++++++++++++++++---------------------
+ 4 files changed, 48 insertions(+), 27 deletions(-)
+
+diff --git a/embed.fnc b/embed.fnc
+index aedb4baef19..d7cd04d3fc3 100644
+--- a/embed.fnc
++++ b/embed.fnc
+@@ -2481,6 +2481,7 @@ Es |SSize_t|study_chunk |NN RExC_state_t *pRExC_state \
+ |I32 stopparen|U32 recursed_depth \
+ |NULLOK regnode_ssc *and_withp \
+ |U32 flags|U32 depth
++Es |void |rck_elide_nothing|NN regnode *node
+ EsR |SV * |get_ANYOFM_contents|NN const regnode * n
+ EsRn |U32 |add_data |NN RExC_state_t* const pRExC_state \
+ |NN const char* const s|const U32 n
+diff --git a/embed.h b/embed.h
+index 75c91f77f45..356a8b98d96 100644
+--- a/embed.h
++++ b/embed.h
+@@ -1208,6 +1208,7 @@
+ #define parse_lparen_question_flags(a) S_parse_lparen_question_flags(aTHX_ a)
+ #define parse_uniprop_string(a,b,c,d,e,f,g,h,i) Perl_parse_uniprop_string(aTHX_ a,b,c,d,e,f,g,h,i)
+ #define populate_ANYOF_from_invlist(a,b) S_populate_ANYOF_from_invlist(aTHX_ a,b)
++#define rck_elide_nothing(a) S_rck_elide_nothing(aTHX_ a)
+ #define reg(a,b,c,d) S_reg(aTHX_ a,b,c,d)
+ #define reg2Lanode(a,b,c,d) S_reg2Lanode(aTHX_ a,b,c,d)
+ #define reg_node(a,b) S_reg_node(aTHX_ a,b)
+diff --git a/proto.h b/proto.h
+index 141ddbaee6d..f316fe134e1 100644
+--- a/proto.h
++++ b/proto.h
+@@ -5543,6 +5543,9 @@ PERL_CALLCONV SV * Perl_parse_uniprop_string(pTHX_ const char * const name, cons
+ STATIC void S_populate_ANYOF_from_invlist(pTHX_ regnode *node, SV** invlist_ptr);
+ #define PERL_ARGS_ASSERT_POPULATE_ANYOF_FROM_INVLIST \
+ assert(node); assert(invlist_ptr)
++STATIC void S_rck_elide_nothing(pTHX_ regnode *node);
++#define PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING \
++ assert(node)
+ PERL_STATIC_NO_RET void S_re_croak2(pTHX_ bool utf8, const char* pat1, const char* pat2, ...)
+ __attribute__noreturn__;
+ #define PERL_ARGS_ASSERT_RE_CROAK2 \
+diff --git a/regcomp.c b/regcomp.c
+index 5f86be8086d..4ba2980db66 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -4450,6 +4450,44 @@ S_unwind_scan_frames(pTHX_ const void *p)
+ } while (f);
+ }
+
++/* Follow the next-chain of the current node and optimize away
++ all the NOTHINGs from it.
++ */
++STATIC void
++S_rck_elide_nothing(pTHX_ regnode *node)
++{
++ dVAR;
++
++ PERL_ARGS_ASSERT_RCK_ELIDE_NOTHING;
++
++ if (OP(node) != CURLYX) {
++ const int max = (reg_off_by_arg[OP(node)]
++ ? I32_MAX
++ /* I32 may be smaller than U16 on CRAYs! */
++ : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX));
++ int off = (reg_off_by_arg[OP(node)] ? ARG(node) : NEXT_OFF(node));
++ int noff;
++ regnode *n = node;
++
++ /* Skip NOTHING and LONGJMP. */
++ while (
++ (n = regnext(n))
++ && (
++ (PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n)))
++ || ((OP(n) == LONGJMP) && (noff = ARG(n)))
++ )
++ && off + noff < max
++ ) {
++ off += noff;
++ }
++ if (reg_off_by_arg[OP(node)])
++ ARG(node) = off;
++ else
++ NEXT_OFF(node) = off;
++ }
++ return;
++}
++
+ /* the return from this sub is the minimum length that could possibly match */
+ STATIC SSize_t
+ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+@@ -4550,28 +4588,10 @@ S_study_chunk(pTHX_ RExC_state_t *pRExC_state, regnode **scanp,
+ */
+ JOIN_EXACT(scan,&min_subtract, &unfolded_multi_char, 0);
+
+- /* Follow the next-chain of the current node and optimize
+- away all the NOTHINGs from it. */
+- if (OP(scan) != CURLYX) {
+- const int max = (reg_off_by_arg[OP(scan)]
+- ? I32_MAX
+- /* I32 may be smaller than U16 on CRAYs! */
+- : (I32_MAX < U16_MAX ? I32_MAX : U16_MAX));
+- int off = (reg_off_by_arg[OP(scan)] ? ARG(scan) : NEXT_OFF(scan));
+- int noff;
+- regnode *n = scan;
+-
+- /* Skip NOTHING and LONGJMP. */
+- while ((n = regnext(n))
+- && ((PL_regkind[OP(n)] == NOTHING && (noff = NEXT_OFF(n)))
+- || ((OP(n) == LONGJMP) && (noff = ARG(n))))
+- && off + noff < max)
+- off += noff;
+- if (reg_off_by_arg[OP(scan)])
+- ARG(scan) = off;
+- else
+- NEXT_OFF(scan) = off;
+- }
++ /* Follow the next-chain of the current node and optimize
++ away all the NOTHINGs from it.
++ */
++ rck_elide_nothing(scan);
+
+ /* The principal pseudo-switch. Cannot be a switch, since we
+ look into several different things. */
+@@ -5745,11 +5765,7 @@ Perl_re_printf( aTHX_ "LHS=%" UVuf " RHS=%" UVuf "\n",
+ if (data && (fl & SF_HAS_EVAL))
+ data->flags |= SF_HAS_EVAL;
+ optimize_curly_tail:
+- if (OP(oscan) != CURLYX) {
+- while (PL_regkind[OP(next = regnext(oscan))] == NOTHING
+- && NEXT_OFF(next))
+- NEXT_OFF(oscan) += NEXT_OFF(next);
+- }
++ rck_elide_nothing(oscan);
+ continue;
+
+ default:
diff --git a/meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch b/meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch
new file mode 100644
index 0000000000..0bacd6b192
--- /dev/null
+++ b/meta/recipes-devtools/perl/files/CVE-2020-10878_2.patch
@@ -0,0 +1,36 @@
+From 3295b48defa0f8570114877b063fe546dd348b3c Mon Sep 17 00:00:00 2001
+From: Karl Williamson <khw@cpan.org>
+Date: Thu, 20 Feb 2020 17:49:36 +0000
+Subject: [PATCH] regcomp: use long jumps if there is any possibility of
+ overflow
+
+(CVE-2020-10878) Be conservative for backporting, we'll aim to do
+something more aggressive for bleadperl.
+
+(cherry picked from commit 9d7759db46f3b31b1d3f79c44266b6ba42a47fc6)
+
+Upstream-Status: Backport [https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c]
+CVE: CVE-2020-10878
+Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
+---
+ regcomp.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/regcomp.c b/regcomp.c
+index 4ba2980db66..73c35a67020 100644
+--- a/regcomp.c
++++ b/regcomp.c
+@@ -7762,6 +7762,13 @@ Perl_re_op_compile(pTHX_ SV ** const patternp, int pat_count,
+
+ /* We have that number in RExC_npar */
+ RExC_total_parens = RExC_npar;
++
++ /* XXX For backporting, use long jumps if there is any possibility of
++ * overflow */
++ if (RExC_size > U16_MAX && ! RExC_use_BRANCHJ) {
++ RExC_use_BRANCHJ = TRUE;
++ flags |= RESTART_PARSE;
++ }
+ }
+ else if (! MUST_RESTART(flags)) {
+ ReREFCNT_dec(Rx);
diff --git a/meta/recipes-devtools/perl/perl_5.30.1.bb b/meta/recipes-devtools/perl/perl_5.30.1.bb
index 5f3a9eeeb3..47b2f9ca65 100644
--- a/meta/recipes-devtools/perl/perl_5.30.1.bb
+++ b/meta/recipes-devtools/perl/perl_5.30.1.bb
@@ -24,6 +24,9 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \
file://0001-PATCH-perl-134117-Close-DATA-in-loc_tools.pl.patch \
file://determinism.patch \
file://racefix.patch \
+ file://CVE-2020-10543.patch \
+ file://CVE-2020-10878_1.patch \
+ file://CVE-2020-10878_2.patch \
"
SRC_URI_append_class-native = " \
file://perl-configpm-switch.patch \
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 03/22] curl: Security fixes for CVE-2020-{8169/8177}
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
2020-06-30 3:02 ` [OE-core][dunfell 01/22] dbus: fix CVE-2020-12049 Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 02/22] perl: fix CVE-2020-10543 & CVE-2020-10878 Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 04/22] u-boot: introduce UBOOT_INITIAL_ENV Steve Sakoman
` (18 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Armin Kuster <akuster@mvista.com>
Source: https://curl.haxx.se/
MR: 104472, 104458
Type: Security Fix
Disposition: Backport from https://github.com/curl/curl/commit/{600a8cded447cd/8236aba58542c5f}
ChangeID: 1300924f7a64b22375b4326daeef0b686481e30c
Description:
- Affected versions: curl 7.20.0 to and including 7.70.0
- Not affected versions: curl < 7.20.0 and curl >= 7.71.0
Fixes both CVE-2020-8169 and CVE-2020-8177
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../curl/curl/CVE-2020-8169.patch | 140 ++++++++++++++++++
.../curl/curl/CVE-2020-8177.patch | 67 +++++++++
meta/recipes-support/curl/curl_7.69.1.bb | 2 +
3 files changed, 209 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8169.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2020-8177.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8169.patch b/meta/recipes-support/curl/curl/CVE-2020-8169.patch
new file mode 100644
index 0000000000..7d1be24a0a
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8169.patch
@@ -0,0 +1,140 @@
+From 600a8cded447cd7118ed50142c576567c0cf5158 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Thu, 14 May 2020 14:37:12 +0200
+Subject: [PATCH] url: make the updated credentials URL-encoded in the URL
+
+Found-by: Gregory Jefferis
+Reported-by: Jeroen Ooms
+Added test 1168 to verify. Bug spotted when doing a redirect.
+Bug: https://github.com/jeroen/curl/issues/224
+Closes #5400
+
+Upstream-Status: Backport
+https://github.com/curl/curl/commit/600a8cded447cd
+
+CVE: CVE-2020-8169
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ lib/url.c | 6 ++--
+ tests/data/Makefile.inc | 1 +
+ tests/data/test1168 | 78 +++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 83 insertions(+), 2 deletions(-)
+ create mode 100644 tests/data/test1168
+
+Index: curl-7.69.1/lib/url.c
+===================================================================
+--- curl-7.69.1.orig/lib/url.c
++++ curl-7.69.1/lib/url.c
+@@ -2776,12 +2776,14 @@ static CURLcode override_login(struct Cu
+
+ /* for updated strings, we update them in the URL */
+ if(user_changed) {
+- uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp, 0);
++ uc = curl_url_set(data->state.uh, CURLUPART_USER, *userp,
++ CURLU_URLENCODE);
+ if(uc)
+ return Curl_uc_to_curlcode(uc);
+ }
+ if(passwd_changed) {
+- uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp, 0);
++ uc = curl_url_set(data->state.uh, CURLUPART_PASSWORD, *passwdp,
++ CURLU_URLENCODE);
+ if(uc)
+ return Curl_uc_to_curlcode(uc);
+ }
+Index: curl-7.69.1/tests/data/Makefile.inc
+===================================================================
+--- curl-7.69.1.orig/tests/data/Makefile.inc
++++ curl-7.69.1/tests/data/Makefile.inc
+@@ -133,6 +133,7 @@ test1136 test1137 test1138 test1139 test
+ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \
+ test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \
+ test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 \
++test1168 \
+ \
+ test1170 test1171 test1172 test1173 test1174 test1175 test1176 \
+ \
+Index: curl-7.69.1/tests/data/test1168
+===================================================================
+--- /dev/null
++++ curl-7.69.1/tests/data/test1168
+@@ -0,0 +1,78 @@
++<testcase>
++<info>
++<keywords>
++HTTP
++HTTP GET
++followlocation
++</keywords>
++</info>
++# Server-side
++<reply>
++<data>
++HTTP/1.1 301 This is a weirdo text message swsclose
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Location: /data/11680002.txt
++Connection: close
++
++This server reply is for testing a simple Location: following
++
++</data>
++<data2>
++HTTP/1.1 200 Followed here fine swsclose
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 52
++
++If this is received, the location following worked
++
++</data2>
++<datacheck>
++HTTP/1.1 301 This is a weirdo text message swsclose
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Location: /data/11680002.txt
++Connection: close
++
++HTTP/1.1 200 Followed here fine swsclose
++Date: Thu, 09 Nov 2010 14:49:00 GMT
++Server: test-server/fake
++Content-Length: 52
++
++If this is received, the location following worked
++
++</datacheck>
++</reply>
++
++# Client-side
++<client>
++<server>
++http
++</server>
++ <name>
++HTTP redirect with credentials using # in user and password
++ </name>
++ <command>
++http://%HOSTIP:%HTTPPORT/want/1168 -L -u "catmai#d:#DZaRJYrixKE*gFY"
++</command>
++</client>
++
++# Verify data after the test has been "shot"
++<verify>
++<strip>
++^User-Agent:.*
++</strip>
++<protocol>
++GET /want/1168 HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
++Accept: */*
++
++GET /data/11680002.txt HTTP/1.1
++Host: %HOSTIP:%HTTPPORT
++Authorization: Basic Y2F0bWFpI2Q6I0RaYVJKWXJpeEtFKmdGWQ==
++Accept: */*
++
++</protocol>
++</verify>
++</testcase>
diff --git a/meta/recipes-support/curl/curl/CVE-2020-8177.patch b/meta/recipes-support/curl/curl/CVE-2020-8177.patch
new file mode 100644
index 0000000000..4f14fa2306
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2020-8177.patch
@@ -0,0 +1,67 @@
+From 8236aba58542c5f89f1d41ca09d84579efb05e22 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Sun, 31 May 2020 23:09:59 +0200
+Subject: [PATCH] tool_getparam: -i is not OK if -J is used
+
+Reported-by: sn on hackerone
+Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
+
+Upstream-Status: Backport
+CVE:CVE-2020-8177
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/tool_cb_hdr.c | 22 ++++------------------
+ src/tool_getparam.c | 5 +++++
+ 2 files changed, 9 insertions(+), 18 deletions(-)
+
+Index: curl-7.69.1/src/tool_cb_hdr.c
+===================================================================
+--- curl-7.69.1.orig/src/tool_cb_hdr.c
++++ curl-7.69.1/src/tool_cb_hdr.c
+@@ -186,25 +186,11 @@ size_t tool_header_cb(char *ptr, size_t
+ filename = parse_filename(p, len);
+ if(filename) {
+ if(outs->stream) {
+- int rc;
+- /* already opened and possibly written to */
+- if(outs->fopened)
+- fclose(outs->stream);
+- outs->stream = NULL;
+-
+- /* rename the initial file name to the new file name */
+- rc = rename(outs->filename, filename);
+- if(rc != 0) {
+- warnf(per->config->global, "Failed to rename %s -> %s: %s\n",
+- outs->filename, filename, strerror(errno));
+- }
+- if(outs->alloc_filename)
+- Curl_safefree(outs->filename);
+- if(rc != 0) {
+- free(filename);
+- return failure;
+- }
++ /* indication of problem, get out! */
++ free(filename);
++ return failure;
+ }
++
+ outs->is_cd_filename = TRUE;
+ outs->s_isreg = TRUE;
+ outs->fopened = FALSE;
+Index: curl-7.69.1/src/tool_getparam.c
+===================================================================
+--- curl-7.69.1.orig/src/tool_getparam.c
++++ curl-7.69.1/src/tool_getparam.c
+@@ -1807,6 +1807,11 @@ ParameterError getparameter(const char *
+ }
+ break;
+ case 'i':
++ if(config->content_disposition) {
++ warnf(global,
++ "--include and --remote-header-name cannot be combined.\n");
++ return PARAM_BAD_USE;
++ }
+ config->show_headers = toggle; /* show the headers as well in the
+ general output stream */
+ break;
diff --git a/meta/recipes-support/curl/curl_7.69.1.bb b/meta/recipes-support/curl/curl_7.69.1.bb
index e854e8d4bd..8b5170f021 100644
--- a/meta/recipes-support/curl/curl_7.69.1.bb
+++ b/meta/recipes-support/curl/curl_7.69.1.bb
@@ -7,6 +7,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=2e9fb35867314fe31c6a4977ef7dd531"
SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
+ file://CVE-2020-8169.patch \
+ file://CVE-2020-8177.patch \
"
SRC_URI[md5sum] = "ec5fc263f898a3dfef08e805f1ecca42"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 04/22] u-boot: introduce UBOOT_INITIAL_ENV
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (2 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 03/22] curl: Security fixes for CVE-2020-{8169/8177} Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 05/22] ell: upgrade 0.31 -> 0.32 Steve Sakoman
` (17 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Ming Liu <ming.liu@toradex.com>
It defaults to ${PN}-initial-env, no functional changes with current
implementation, but this allows it to be changed in individual u-boot
recipes.
If UBOOT_INITIAL_ENV is empty, then no initial env would be compiled/
installed/deployed, set ALLOW_EMPTY_${PN}-env = "1".
The major purpose for introducing this, is that the users might have
some scripts on targets like:
```
/sbin/fw_setenv -f /etc/u-boot-initial-env
```
and it should be able to run against a identical path generated by
different u-boot recipes.
Signed-off-by: Ming Liu <ming.liu@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fb7e8b6b88855f3f523b2176ea2c85a330bfe00b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-bsp/u-boot/u-boot.inc | 55 +++++++++++++++++++-----------
1 file changed, 36 insertions(+), 19 deletions(-)
diff --git a/meta/recipes-bsp/u-boot/u-boot.inc b/meta/recipes-bsp/u-boot/u-boot.inc
index 80f828df52..cbe15cb3c8 100644
--- a/meta/recipes-bsp/u-boot/u-boot.inc
+++ b/meta/recipes-bsp/u-boot/u-boot.inc
@@ -60,6 +60,10 @@ UBOOT_ENV_BINARY ?= "${UBOOT_ENV}.${UBOOT_ENV_SUFFIX}"
UBOOT_ENV_IMAGE ?= "${UBOOT_ENV}-${MACHINE}-${PV}-${PR}.${UBOOT_ENV_SUFFIX}"
UBOOT_ENV_SYMLINK ?= "${UBOOT_ENV}-${MACHINE}.${UBOOT_ENV_SUFFIX}"
+# Default name of u-boot initial env, but enable individual recipes to change
+# this value.
+UBOOT_INITIAL_ENV ?= "${PN}-initial-env"
+
# U-Boot EXTLINUX variables. U-Boot searches for /boot/extlinux/extlinux.conf
# to find EXTLINUX conf file.
UBOOT_EXTLINUX_INSTALL_DIR ?= "/boot/extlinux"
@@ -124,8 +128,10 @@ do_compile () {
done
# Generate the uboot-initial-env
- oe_runmake -C ${S} O=${B}/${config} u-boot-initial-env
- cp ${B}/${config}/u-boot-initial-env ${B}/${config}/u-boot-initial-env-${type}
+ if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+ oe_runmake -C ${S} O=${B}/${config} u-boot-initial-env
+ cp ${B}/${config}/u-boot-initial-env ${B}/${config}/u-boot-initial-env-${type}
+ fi
unset k
fi
@@ -137,7 +143,9 @@ do_compile () {
oe_runmake -C ${S} O=${B} ${UBOOT_MAKE_TARGET}
# Generate the uboot-initial-env
- oe_runmake -C ${S} O=${B} u-boot-initial-env
+ if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+ oe_runmake -C ${S} O=${B} u-boot-initial-env
+ fi
fi
}
@@ -156,10 +164,12 @@ do_install () {
ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${D}/boot/${UBOOT_BINARY}
# Install the uboot-initial-env
- install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${D}/${sysconfdir}/${PN}-initial-env-${MACHINE}-${type}-${PV}-${PR}
- ln -sf ${PN}-initial-env-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${PN}-initial-env-${MACHINE}-${type}
- ln -sf ${PN}-initial-env-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${PN}-initial-env-${type}
- ln -sf ${PN}-initial-env-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${PN}-initial-env
+ if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+ install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR}
+ ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}
+ ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${type}
+ ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}
+ fi
fi
done
unset j
@@ -170,9 +180,11 @@ do_install () {
ln -sf ${UBOOT_IMAGE} ${D}/boot/${UBOOT_BINARY}
# Install the uboot-initial-env
- install -D -m 644 ${B}/u-boot-initial-env ${D}/${sysconfdir}/${PN}-initial-env-${MACHINE}-${PV}-${PR}
- ln -sf ${PN}-initial-env-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${PN}-initial-env-${MACHINE}
- ln -sf ${PN}-initial-env-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${PN}-initial-env
+ if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+ install -D -m 644 ${B}/u-boot-initial-env ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR}
+ ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}-${MACHINE}
+ ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${D}/${sysconfdir}/${UBOOT_INITIAL_ENV}
+ fi
fi
if [ -n "${UBOOT_ELF}" ]
@@ -244,8 +256,9 @@ do_install () {
PACKAGE_BEFORE_PN += "${PN}-env"
RPROVIDES_${PN}-env += "u-boot-default-env"
+ALLOW_EMPTY_${PN}-env = "1"
FILES_${PN}-env = " \
- ${sysconfdir}/${PN}-initial-env* \
+ ${@ '${sysconfdir}/${UBOOT_INITIAL_ENV}*' if d.getVar('UBOOT_INITIAL_ENV') else ''} \
${sysconfdir}/fw_env.config \
"
@@ -269,10 +282,12 @@ do_deploy () {
ln -sf u-boot-${type}-${PV}-${PR}.${UBOOT_SUFFIX} ${UBOOT_BINARY}
# Deploy the uboot-initial-env
- install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${DEPLOYDIR}/${PN}-initial-env-${MACHINE}-${type}-${PV}-${PR}
- cd ${DEPLOYDIR}
- ln -sf ${PN}-initial-env-${MACHINE}-${type}-${PV}-${PR} ${PN}-initial-env-${MACHINE}-${type}
- ln -sf ${PN}-initial-env-${MACHINE}-${type}-${PV}-${PR} ${PN}-initial-env-${type}
+ if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+ install -D -m 644 ${B}/${config}/u-boot-initial-env-${type} ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR}
+ cd ${DEPLOYDIR}
+ ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}
+ ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${type}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${type}
+ fi
fi
done
unset j
@@ -287,10 +302,12 @@ do_deploy () {
ln -sf ${UBOOT_IMAGE} ${UBOOT_BINARY}
# Deploy the uboot-initial-env
- install -D -m 644 ${B}/u-boot-initial-env ${DEPLOYDIR}/${PN}-initial-env-${MACHINE}-${PV}-${PR}
- cd ${DEPLOYDIR}
- ln -sf ${PN}-initial-env-${MACHINE}-${PV}-${PR} ${PN}-initial-env-${MACHINE}
- ln -sf ${PN}-initial-env-${MACHINE}-${PV}-${PR} ${PN}-initial-env
+ if [ -n "${UBOOT_INITIAL_ENV}" ]; then
+ install -D -m 644 ${B}/u-boot-initial-env ${DEPLOYDIR}/${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR}
+ cd ${DEPLOYDIR}
+ ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${UBOOT_INITIAL_ENV}-${MACHINE}
+ ln -sf ${UBOOT_INITIAL_ENV}-${MACHINE}-${PV}-${PR} ${UBOOT_INITIAL_ENV}
+ fi
fi
if [ -e ${WORKDIR}/fw_env.config ] ; then
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 05/22] ell: upgrade 0.31 -> 0.32
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (3 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 04/22] u-boot: introduce UBOOT_INITIAL_ENV Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 06/22] systemd-serialgetty: do not use BindsTo Steve Sakoman
` (16 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Pierre-Jean Texier <pjtexier@koncepto.io>
This is a bugfix release:
ver 0.32:
Fix issue with handling D-Bus watch removal.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98d97384167a8d297650e49f9cabf4fae823b4a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/recipes-core/ell/{ell_0.31.bb => ell_0.32.bb} | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
rename meta/recipes-core/ell/{ell_0.31.bb => ell_0.32.bb} (83%)
diff --git a/meta/recipes-core/ell/ell_0.31.bb b/meta/recipes-core/ell/ell_0.32.bb
similarity index 83%
rename from meta/recipes-core/ell/ell_0.31.bb
rename to meta/recipes-core/ell/ell_0.32.bb
index 1db7131ab0..07dc4d4cbb 100644
--- a/meta/recipes-core/ell/ell_0.31.bb
+++ b/meta/recipes-core/ell/ell_0.32.bb
@@ -14,8 +14,7 @@ DEPENDS = "dbus"
inherit autotools pkgconfig
SRC_URI = "https://mirrors.edge.kernel.org/pub/linux/libs/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[md5sum] = "3f670230be4d89d621b0508c70b1d36b"
-SRC_URI[sha256sum] = "ae88617275452f9f5840b2365e33e6c7fb6fa3405d42cbf9367de642ee8b6701"
+SRC_URI[sha256sum] = "42fdb9e24ff561a101389d51445cab1ff7d55f5385dc22a05b0493088cf99e30"
do_configure_prepend () {
mkdir -p ${S}/build-aux
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 06/22] systemd-serialgetty: do not use BindsTo
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (4 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 05/22] ell: upgrade 0.31 -> 0.32 Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 07/22] mime.bbclass: fix post install scriptlet error Steve Sakoman
` (15 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
This unit was changed from 'BindsTo' in the following commit.
"""
commit f0f359ec9210759f6b4dbfb35d3fba8af208c43a
Author: Jason Wessel <jason.wessel@windriver.com>
Date: Thu Aug 29 07:00:31 2019 -0700
serial-getty@.service: Allow device to fast fail if it does not exist
"""
It was changed back to 'BindTo' in the following commit.
"""
commit 63bbff61b78c651339c4b18d8376187379ec3b3c
Author: Otavio Salvador <otavio.salvador@gmail.com>
Date: Fri Jun 12 14:30:44 2020 -0300
systemd: Sync systemd-serialgetty@.service with upstream
"""
This is now causing runtime problem for qemuarm64. The default.target
is not reached until a timeout. Output is like below.
"""
root@qemuarm64:~# systemd-analyze
Bootup is not yet finished (org.freedesktop.systemd1.Manager.FinishTimestampMonotonic=0).
Please try again later.
Hint: Use 'systemctl list-jobs' to see active jobs
root@qemuarm64:~# systemctl list-jobs
JOB UNIT TYPE STATE
102 getty.target start waiting
1 multi-user.target start waiting
95 systemd-update-utmp-runlevel.service start waiting
110 serial-getty@hvc0.service start waiting
111 dev-hvc0.device start running
"""
We can see that we are waiting for /dev/hvc0, while in fact there's no /dev/hvc0.
Jason's commit actually solves such problem.
So restore to use Jason's method. Do not use 'BindsTo'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 43b989c1231d3d867303ccebceda72364a9519ee)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../systemd/systemd-serialgetty/serial-getty@.service | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service b/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service
index 542b905795..549d566009 100644
--- a/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service
+++ b/meta/recipes-core/systemd/systemd-serialgetty/serial-getty@.service
@@ -11,7 +11,8 @@
Description=Serial Getty on %I
Documentation=man:agetty(8) man:systemd-getty-generator(8)
Documentation=http://0pointer.de/blog/projects/serial-console.html
-BindsTo=dev-%i.device
+PartOf=dev-%i.device
+ConditionPathExists=/dev/%i
After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service getty-pre.target
After=rc-local.service
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 07/22] mime.bbclass: fix post install scriptlet error
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (5 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 06/22] systemd-serialgetty: do not use BindsTo Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 08/22] pseudo: Fix attr errors due to incorrect library resolution issues Steve Sakoman
` (14 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
fix error during post uninstall:
%postun(shared-mime-info-data-2.0-r0.4.corei7_64): execv(/bin/sh) pid 78
+ '[' 0 = 0 ']'
+ set -e
+ '[' x '!=' x ']'
+ echo 'Updating MIME database... this may take a while.'
Updating MIME database... this may take a while.
+ update-mime-database /usr/share/mime
Directory '/usr/share/mime/packages' does not exist!
%postun(shared-mime-info-data-2.0-r0.4.corei7_64): waitpid(78) rc 78 status 100
warning: %postun(shared-mime-info-data-2.0-r0.4.corei7_64) scriptlet failed, exit status 1
when run post uninstall scriptlet, /usr/share/mime/packages has been
removed during unintall, while update-mime-database will check xml under
/usr/share/mime/packages.
workaround by create this dir before update, then remove it
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6f262a316d6c32ff9ce96ab4bd95726772b5f20f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/mime.bbclass | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/meta/classes/mime.bbclass b/meta/classes/mime.bbclass
index c9072adf3b..bb99bc35cb 100644
--- a/meta/classes/mime.bbclass
+++ b/meta/classes/mime.bbclass
@@ -24,7 +24,18 @@ if [ "x$D" != "x" ]; then
mimedir=${MIMEDIR}
else
echo "Updating MIME database... this may take a while."
- update-mime-database $D${MIMEDIR}
+ # $D${MIMEDIR}/packages belong to package shared-mime-info-data,
+ # packages like libfm-mime depend on shared-mime-info-data.
+ # after shared-mime-info-data uninstalled, $D${MIMEDIR}/packages
+ # is removed, but update-mime-database need this dir to update
+ # database, workaround to create one and remove it later
+ if [ ! -d $D${MIMEDIR}/packages ]; then
+ mkdir -p $D${MIMEDIR}/packages
+ update-mime-database $D${MIMEDIR}
+ rmdir --ignore-fail-on-non-empty $D${MIMEDIR}/packages
+ else
+ update-mime-database $D${MIMEDIR}
+fi
fi
}
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 08/22] pseudo: Fix attr errors due to incorrect library resolution issues
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (6 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 07/22] mime.bbclass: fix post install scriptlet error Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 09/22] oeqa/selftest/runcmd: Add better debug for thread count mismatch failures Steve Sakoman
` (13 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
On a tumbleweed system, "install X Y" was showing the error:
pseudo: ENOSYS for 'fsetxattr'.
which was being caused by dlsym() for that function returning NULL. This
appears to be due to it finding an unresolved symbol in libacl for this
symbol in libattr. It hasn't been resolved so its NULL. dlerror() returns
nothing since this is a valid symbol entry, its just not the one we want.
We can add the glibc version string for the symbol we actually want so we get
that version rather than the libattr/libacl one. The calls in libattr are just
wrappers around the libc version so our attaching to the libc versions should
intercept any accesses via these too.
[YOCTO #13952]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 82655cb26ad01de9587ef41eaef155c61c361f67)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../pseudo/files/xattr_version.patch | 54 +++++++++++++++++++
meta/recipes-devtools/pseudo/pseudo_git.bb | 1 +
2 files changed, 55 insertions(+)
create mode 100644 meta/recipes-devtools/pseudo/files/xattr_version.patch
diff --git a/meta/recipes-devtools/pseudo/files/xattr_version.patch b/meta/recipes-devtools/pseudo/files/xattr_version.patch
new file mode 100644
index 0000000000..a8b14bdd69
--- /dev/null
+++ b/meta/recipes-devtools/pseudo/files/xattr_version.patch
@@ -0,0 +1,54 @@
+On a tumbleweed system, "install X Y" was showing the error:
+
+pseudo: ENOSYS for 'fsetxattr'.
+
+which was being caused by dlsym() for that function returning NULL. This
+appears to be due to it finding an unresolved symbol in libacl for this
+symbol in libattr. It hasn't been resolved so its NULL. dlerror() returns
+nothing since this is a valid symbol entry, its just not the one we want.
+
+We can add the glibc version string for the symbol we actually want so we get
+that version rather than the libattr/libacl one.
+
+To quote libattr:
+"""
+ These dumb wrappers are for backwards compatibility only.
+ Actual syscall wrappers are long gone to libc.
+"""
+and they are simply wrappers around the libc version so our attaching
+to the libc versions should intercept any accesses via these too.
+
+RP 2020/06/22
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org
+Upstream-Status: Pending [discussed with seebs on irc and appears the correct fix]
+
+
+Index: git/ports/linux/xattr/wrapfuncs.in
+===================================================================
+--- git.orig/ports/linux/xattr/wrapfuncs.in
++++ git/ports/linux/xattr/wrapfuncs.in
+@@ -1,12 +1,12 @@
+-ssize_t getxattr(const char *path, const char *name, void *value, size_t size); /* flags=0 */
+-ssize_t lgetxattr(const char *path, const char *name, void *value, size_t size); /* flags=AT_SYMLINK_NOFOLLOW */
+-ssize_t fgetxattr(int filedes, const char *name, void *value, size_t size);
+-int setxattr(const char *path, const char *name, const void *value, size_t size, int xflags); /* flags=0 */
+-int lsetxattr(const char *path, const char *name, const void *value, size_t size, int xflags); /* flags=AT_SYMLINK_NOFOLLOW */
+-int fsetxattr(int filedes, const char *name, const void *value, size_t size, int xflags);
+-ssize_t listxattr(const char *path, char *list, size_t size); /* flags=0 */
+-ssize_t llistxattr(const char *path, char *list, size_t size); /* flags=AT_SYMLINK_NOFOLLOW */
+-ssize_t flistxattr(int filedes, char *list, size_t size);
+-int removexattr(const char *path, const char *name); /* flags=0 */
+-int lremovexattr(const char *path, const char *name); /* flags=AT_SYMLINK_NOFOLLOW */
+-int fremovexattr(int filedes, const char *name);
++ssize_t getxattr(const char *path, const char *name, void *value, size_t size); /* flags=0, version="GLIBC_2.3" */
++ssize_t lgetxattr(const char *path, const char *name, void *value, size_t size); /* flags=AT_SYMLINK_NOFOLLOW, version="GLIBC_2.3" */
++ssize_t fgetxattr(int filedes, const char *name, void *value, size_t size); /* version="GLIBC_2.3" */
++int setxattr(const char *path, const char *name, const void *value, size_t size, int xflags); /* flags=0, version="GLIBC_2.3" */
++int lsetxattr(const char *path, const char *name, const void *value, size_t size, int xflags); /* flags=AT_SYMLINK_NOFOLLOW, version="GLIBC_2.3" */
++int fsetxattr(int filedes, const char *name, const void *value, size_t size, int xflags); /* version="GLIBC_2.3" */
++ssize_t listxattr(const char *path, char *list, size_t size); /* flags=0, version="GLIBC_2.3" */
++ssize_t llistxattr(const char *path, char *list, size_t size); /* flags=AT_SYMLINK_NOFOLLOW, version="GLIBC_2.3" */
++ssize_t flistxattr(int filedes, char *list, size_t size); /* version="GLIBC_2.3" */
++int removexattr(const char *path, const char *name); /* flags=0, version="GLIBC_2.3" */
++int lremovexattr(const char *path, const char *name); /* flags=AT_SYMLINK_NOFOLLOW, version="GLIBC_2.3" */
++int fremovexattr(int filedes, const char *name); /* version="GLIBC_2.3" */
diff --git a/meta/recipes-devtools/pseudo/pseudo_git.bb b/meta/recipes-devtools/pseudo/pseudo_git.bb
index 324ae9071f..419bac19fe 100644
--- a/meta/recipes-devtools/pseudo/pseudo_git.bb
+++ b/meta/recipes-devtools/pseudo/pseudo_git.bb
@@ -13,6 +13,7 @@ SRC_URI = "git://git.yoctoproject.org/pseudo \
file://seccomp.patch \
file://0001-pseudo-On-a-DB-fixup-remove-files-that-do-not-exist-.patch \
file://0001-pseudo_ipc.h-Fix-enum-typedef.patch \
+ file://xattr_version.patch \
"
SRCREV = "060058bb29f70b244e685b3c704eb0641b736f73"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 09/22] oeqa/selftest/runcmd: Add better debug for thread count mismatch failures
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (7 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 08/22] pseudo: Fix attr errors due to incorrect library resolution issues Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 10/22] oeqa/utils/command: Improve stdin handling in runCmd Steve Sakoman
` (12 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d15d0177d328fa3a126b9942bda177f6fae68505)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/selftest/cases/runcmd.py | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/meta/lib/oeqa/selftest/cases/runcmd.py b/meta/lib/oeqa/selftest/cases/runcmd.py
index 3755764ee7..a5ef1ea95f 100644
--- a/meta/lib/oeqa/selftest/cases/runcmd.py
+++ b/meta/lib/oeqa/selftest/cases/runcmd.py
@@ -81,7 +81,7 @@ class RunCmdTests(OESelftestTestCase):
self.assertEqual(result.status, -signal.SIGTERM)
end = time.time()
self.assertLess(end - start, self.TIMEOUT + self.DELTA)
- self.assertEqual(numthreads, threading.active_count())
+ self.assertEqual(numthreads, threading.active_count(), msg="Thread counts were not equal before (%s) and after (%s), active threads: %s" % (numthreads, threading.active_count(), threading.enumerate()))
def test_timeout_split(self):
numthreads = threading.active_count()
@@ -91,13 +91,14 @@ class RunCmdTests(OESelftestTestCase):
self.assertEqual(result.status, -signal.SIGTERM)
end = time.time()
self.assertLess(end - start, self.TIMEOUT + self.DELTA)
- self.assertEqual(numthreads, threading.active_count())
+ self.assertEqual(numthreads, threading.active_count(), msg="Thread counts were not equal before (%s) and after (%s), active threads: %s" % (numthreads, threading.active_count(), threading.enumerate()))
def test_stdin(self):
numthreads = threading.active_count()
result = runCmd("cat", data=b"hello world", timeout=self.TIMEOUT)
self.assertEqual("hello world", result.output)
- self.assertEqual(numthreads, threading.active_count())
+ self.assertEqual(numthreads, threading.active_count(), msg="Thread counts were not equal before (%s) and after (%s), active threads: %s" % (numthreads, threading.active_count(), threading.enumerate()))
+ self.assertEqual(numthreads, 1)
def test_stdin_timeout(self):
numthreads = threading.active_count()
@@ -106,7 +107,7 @@ class RunCmdTests(OESelftestTestCase):
self.assertEqual(result.status, -signal.SIGTERM)
end = time.time()
self.assertLess(end - start, self.TIMEOUT + self.DELTA)
- self.assertEqual(numthreads, threading.active_count())
+ self.assertEqual(numthreads, threading.active_count(), msg="Thread counts were not equal before (%s) and after (%s), active threads: %s" % (numthreads, threading.active_count(), threading.enumerate()))
def test_log(self):
log = MemLogger()
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 10/22] oeqa/utils/command: Improve stdin handling in runCmd
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (8 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 09/22] oeqa/selftest/runcmd: Add better debug for thread count mismatch failures Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 11/22] oeqa/runtime/cases/ptest: Make output content path absolute Steve Sakoman
` (11 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Occasionally we've been seeing leftover threads from runCmd. The stdin test
assumes we clean up all threads but the code assumes that the daemonic thread
can be left behind.
The issue can be reproduced by adding a time.sleep(10) to the end of
writeThread() which will mean it stays resident past the end of the command.
We may as well add it to the threads list and clean it up properly,
hopefully removing the race in the tests from the autobuilder.
[YOCTO #13055]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9b251dcaffe52d32c1faf41ab57ab414fbc29722)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/utils/commands.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/utils/commands.py b/meta/lib/oeqa/utils/commands.py
index df373c4169..f7f8c16bf0 100644
--- a/meta/lib/oeqa/utils/commands.py
+++ b/meta/lib/oeqa/utils/commands.py
@@ -95,7 +95,9 @@ class Command(object):
# reason, the main process will still exit, which will then
# kill the write thread.
if self.data:
- threading.Thread(target=writeThread, daemon=True).start()
+ thread = threading.Thread(target=writeThread, daemon=True)
+ thread.start()
+ self.threads.append(thread)
if self.process.stderr:
thread = threading.Thread(target=readStderrThread)
thread.start()
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 11/22] oeqa/runtime/cases/ptest: Make output content path absolute
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (9 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 10/22] oeqa/utils/command: Improve stdin handling in runCmd Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 12/22] runqemu: add QB_ROOTFS_EXTRA_OPT parameter Steve Sakoman
` (10 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Andrej Valek <andrej.valek@siemens.com>
The output content is created in current directory, because json content
has no defined absolute path to WORKDIR as in bitbake.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 14203b2cb9aa62f55cb12230ac8012b3cd995be7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/runtime/cases/ptest.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/lib/oeqa/runtime/cases/ptest.py b/meta/lib/oeqa/runtime/cases/ptest.py
index 99a44f0767..ef0470da7e 100644
--- a/meta/lib/oeqa/runtime/cases/ptest.py
+++ b/meta/lib/oeqa/runtime/cases/ptest.py
@@ -42,6 +42,10 @@ class PtestRunnerTest(OERuntimeTestCase):
# testdata.json is generated.
if not test_log_dir:
test_log_dir = os.path.join(self.td.get('WORKDIR', ''), 'testimage')
+ # Make the test output path absolute, otherwise the output content will be
+ # created relative to current directory
+ if not os.path.isabs(test_log_dir):
+ test_log_dir = os.path.join(self.td.get('TOPDIR', ''), test_log_dir)
# Don't use self.td.get('DATETIME'), it's from testdata.json, not
# up-to-date, and may cause "File exists" when re-reun.
timestamp = datetime.datetime.now().strftime('%Y%m%d%H%M%S')
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 12/22] runqemu: add QB_ROOTFS_EXTRA_OPT parameter
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (10 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 11/22] oeqa/runtime/cases/ptest: Make output content path absolute Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 13/22] testimage: enable ovmf support Steve Sakoman
` (9 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Konrad Weihmann <kweihmann@outlook.com>
Content of the optional parameter will be appended to the rootfs-device
in the qemu configuration, in case QB_ROOTFS_OPT is not specified.
By default this is empty.
Example use cases are:
Defining 'readonly' when using squashfs, so multiple instances of qemu
can share the same base image, something that cannot be done by just
specifying 'snapshot'.
Defining 'bootindex=0' which helps to get past the EFI shell in
ovmf-binary. This also enables the use case of running WIC images with
EFI bootloader through the testimage.bbclass.
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9b8c194636cb5505774a2a71bf54450580dd5b8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/qemuboot.bbclass | 5 +++++
scripts/runqemu | 11 ++++++++---
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/meta/classes/qemuboot.bbclass b/meta/classes/qemuboot.bbclass
index 54044c38da..99da543f9a 100644
--- a/meta/classes/qemuboot.bbclass
+++ b/meta/classes/qemuboot.bbclass
@@ -65,6 +65,10 @@
# " -device virtio-serial-device -chardev socket,id=virtcon,port=@PORT@,host=127.0.0.1 -device virtconsole,chardev=virtcon"
# Note, runqemu will replace "@PORT@" with the port number which is used.
#
+# QB_ROOTFS_EXTRA_OPT: extra options to be appended to the rootfs device in case there is none specified by QB_ROOTFS_OPT.
+# Can be used to automatically determine the image from the other variables
+# but define things link 'bootindex' when booting from EFI or 'readonly' when using squashfs
+# without the need to specify a dedicated qemu configuration
# Usage:
# IMAGE_CLASSES += "qemuboot"
# See "runqemu help" for more info
@@ -77,6 +81,7 @@ QB_OPT_APPEND ?= "-show-cursor"
QB_NETWORK_DEVICE ?= "-device virtio-net-pci,netdev=net0,mac=@MAC@"
QB_CMDLINE_IP_SLIRP ?= "ip=dhcp"
QB_CMDLINE_IP_TAP ?= "ip=192.168.7.@CLIENT@::192.168.7.@GATEWAY@:255.255.255.0"
+QB_ROOTFS_EXTRA_OPT ?= ""
# This should be kept align with ROOT_VM
QB_DRIVE_TYPE ?= "/dev/sd"
diff --git a/scripts/runqemu b/scripts/runqemu
index 6a77e3db9a..310d79fdc5 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -1196,6 +1196,10 @@ class BaseConfig(object):
else:
self.rootfs_options = '-drive file=%s,if=virtio,format=%s' % (self.rootfs, rootfs_format)
+ qb_rootfs_extra_opt = self.get("QB_ROOTFS_EXTRA_OPT")
+ if qb_rootfs_extra_opt and not qb_rootfs_extra_opt.startswith(","):
+ qb_rootfs_extra_opt = "," + qb_rootfs_extra_opt
+
if self.fstype in ('cpio.gz', 'cpio'):
self.kernel_cmdline = 'root=/dev/ram0 rw debugshell'
self.rootfs_options = '-initrd %s' % self.rootfs
@@ -1208,14 +1212,15 @@ class BaseConfig(object):
drive_type = self.get('QB_DRIVE_TYPE')
if drive_type.startswith("/dev/sd"):
logger.info('Using scsi drive')
- vm_drive = '-drive if=none,id=hd,file=%s,format=%s -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=hd' \
- % (self.rootfs, rootfs_format)
+ vm_drive = '-drive if=none,id=hd,file=%s,format=%s -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=hd%s' \
+ % (self.rootfs, rootfs_format, qb_rootfs_extra_opt)
elif drive_type.startswith("/dev/hd"):
logger.info('Using ide drive')
vm_drive = "-drive file=%s,format=%s" % (self.rootfs, rootfs_format)
elif drive_type.startswith("/dev/vdb"):
logger.info('Using block virtio drive');
- vm_drive = '-drive id=disk0,file=%s,if=none,format=%s -device virtio-blk-device,drive=disk0' % (self.rootfs, rootfs_format)
+ vm_drive = '-drive id=disk0,file=%s,if=none,format=%s -device virtio-blk-device,drive=disk0%s' \
+ % (self.rootfs, rootfs_format,qb_rootfs_extra_opt)
else:
# virtio might have been selected explicitly (just use it), or
# is used as fallback (then warn about that).
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 13/22] testimage: enable ovmf support
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (11 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 12/22] runqemu: add QB_ROOTFS_EXTRA_OPT parameter Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 14/22] scripts/install-buildtools: Update to 3.2 M1 buildtools Steve Sakoman
` (8 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Konrad Weihmann <kweihmann@outlook.com>
Add support for running wic images with EFI as testimage.
Introduces a variable called QEMU_USE_OVMF for configuration.
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3af8aaff68ed332d812ea7dc184d392700ad7882)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/testimage.bbclass | 6 +++++-
meta/lib/oeqa/core/target/qemu.py | 6 ++++--
meta/lib/oeqa/utils/qemurunner.py | 5 ++++-
3 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/meta/classes/testimage.bbclass b/meta/classes/testimage.bbclass
index deb81bc256..53945478af 100644
--- a/meta/classes/testimage.bbclass
+++ b/meta/classes/testimage.bbclass
@@ -275,11 +275,14 @@ def testimage_main(d):
# Get use_kvm
kvm = oe.types.qemu_use_kvm(d.getVar('QEMU_USE_KVM'), d.getVar('TARGET_ARCH'))
+ # Get OVMF
+ ovmf = d.getVar("QEMU_USE_OVMF")
+
slirp = False
if d.getVar("QEMU_USE_SLIRP"):
slirp = True
- # TODO: We use the current implementatin of qemu runner because of
+ # TODO: We use the current implementation of qemu runner because of
# time constrains, qemu runner really needs a refactor too.
target_kwargs = { 'machine' : machine,
'rootfs' : rootfs,
@@ -293,6 +296,7 @@ def testimage_main(d):
'slirp' : slirp,
'dump_dir' : d.getVar("TESTIMAGE_DUMP_DIR"),
'serial_ports': len(d.getVar("SERIAL_CONSOLES").split()),
+ 'ovmf' : ovmf,
}
if d.getVar("TESTIMAGE_BOOT_PATTERNS"):
diff --git a/meta/lib/oeqa/core/target/qemu.py b/meta/lib/oeqa/core/target/qemu.py
index 059106e915..295e8765e9 100644
--- a/meta/lib/oeqa/core/target/qemu.py
+++ b/meta/lib/oeqa/core/target/qemu.py
@@ -20,7 +20,7 @@ class OEQemuTarget(OESSHTarget):
port=None, machine='', rootfs='', kernel='', kvm=False, slirp=False,
dump_dir='', dump_host_cmds='', display='', bootlog='',
tmpdir='', dir_image='', boottime=60, serial_ports=2,
- boot_patterns = defaultdict(str), **kwargs):
+ boot_patterns = defaultdict(str), ovmf=False, **kwargs):
super(OEQemuTarget, self).__init__(logger, None, server_ip, timeout,
user, port)
@@ -31,6 +31,7 @@ class OEQemuTarget(OESSHTarget):
self.rootfs = rootfs
self.kernel = kernel
self.kvm = kvm
+ self.ovmf = ovmf
self.use_slirp = slirp
self.boot_patterns = boot_patterns
@@ -39,7 +40,8 @@ class OEQemuTarget(OESSHTarget):
logfile=bootlog, boottime=boottime,
use_kvm=kvm, use_slirp=slirp, dump_dir=dump_dir,
dump_host_cmds=dump_host_cmds, logger=logger,
- serial_ports=serial_ports, boot_patterns = boot_patterns)
+ serial_ports=serial_ports, boot_patterns = boot_patterns,
+ use_ovmf=ovmf)
def start(self, params=None, extra_bootparams=None, runqemuparams=''):
if self.use_slirp and not self.server_ip:
diff --git a/meta/lib/oeqa/utils/qemurunner.py b/meta/lib/oeqa/utils/qemurunner.py
index 77ae08ebeb..992fff9370 100644
--- a/meta/lib/oeqa/utils/qemurunner.py
+++ b/meta/lib/oeqa/utils/qemurunner.py
@@ -32,7 +32,7 @@ re_control_char = re.compile('[%s]' % re.escape("".join(control_chars)))
class QemuRunner:
def __init__(self, machine, rootfs, display, tmpdir, deploy_dir_image, logfile, boottime, dump_dir, dump_host_cmds,
- use_kvm, logger, use_slirp=False, serial_ports=2, boot_patterns = defaultdict(str)):
+ use_kvm, logger, use_slirp=False, serial_ports=2, boot_patterns = defaultdict(str), use_ovmf=False):
# Popen object for runqemu
self.runqemu = None
@@ -56,6 +56,7 @@ class QemuRunner:
self.logged = False
self.thread = None
self.use_kvm = use_kvm
+ self.use_ovmf = use_ovmf
self.use_slirp = use_slirp
self.serial_ports = serial_ports
self.msg = ''
@@ -158,6 +159,8 @@ class QemuRunner:
launch_cmd += ' nographic'
if self.use_slirp:
launch_cmd += ' slirp'
+ if self.use_ovmf:
+ launch_cmd += ' ovmf'
launch_cmd += ' %s %s %s' % (runqemuparams, self.machine, self.rootfs)
return self.launch(launch_cmd, qemuparams=qemuparams, get_ip=get_ip, extra_bootparams=extra_bootparams, env=env)
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 14/22] scripts/install-buildtools: Update to 3.2 M1 buildtools
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (12 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 13/22] testimage: enable ovmf support Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 15/22] scripts/install-buildtools: Handle new format checksum files Steve Sakoman
` (7 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
This fixes issues with openssl certs not working properly which meant error
reporting to an error report server was failing.
Also, all our downloads are now standarised on "sha256sum" so adjust for that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bc8b44e19a05f499f5cef049eedbed1fede2e765)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/install-buildtools | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index a9173fa096..1a458a2cc7 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -57,9 +57,9 @@ logger = scriptutils.logger_create(PROGNAME, stream=sys.stdout)
DEFAULT_INSTALL_DIR = os.path.join(os.path.split(scripts_path)[0],'buildtools')
DEFAULT_BASE_URL = 'http://downloads.yoctoproject.org/releases/yocto'
-DEFAULT_RELEASE = 'yocto-3.1'
-DEFAULT_INSTALLER_VERSION = '3.1'
-DEFAULT_BUILDDATE = ''
+DEFAULT_RELEASE = 'yocto-3.2_M1'
+DEFAULT_INSTALLER_VERSION = '3.1+snapshot'
+DEFAULT_BUILDDATE = '20200617'
# Python version sanity check
if not (sys.version_info.major == 3 and sys.version_info.minor >= 4):
@@ -227,7 +227,7 @@ def main():
if args.check:
logger.info("Fetching buildtools installer checksum")
checksum_type = ""
- for checksum_type in ["md5sum", "sha256"]:
+ for checksum_type in ["md5sum", "sha256sum"]:
check_url = "{}.{}".format(buildtools_url, checksum_type)
checksum_filename = "{}.{}".format(filename, checksum_type)
tmpbuildtools_checksum = os.path.join(tmpsdk_dir, checksum_filename)
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 15/22] scripts/install-buildtools: Handle new format checksum files
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (13 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 14/22] scripts/install-buildtools: Update to 3.2 M1 buildtools Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 16/22] wpa-supplicant: Security fix CVE-2020-12695 Steve Sakoman
` (6 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
Autobuilder generated checksum files only have a single space between the sum and the
filename, tweak it to account for this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d1e71bf5b399372166eb40bb0d99c8fb52231600)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/install-buildtools | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/install-buildtools b/scripts/install-buildtools
index 1a458a2cc7..fbf6a4bc38 100755
--- a/scripts/install-buildtools
+++ b/scripts/install-buildtools
@@ -239,7 +239,7 @@ def main():
if ret != 0:
logger.error("Could not download file from %s" % check_url)
return ret
- regex = re.compile(r"^(?P<checksum>[0-9a-f]+)\s\s(?P<path>.*/)?(?P<filename>.*)$")
+ regex = re.compile(r"^(?P<checksum>[0-9a-f]+)\s+(?P<path>.*/)?(?P<filename>.*)$")
with open(tmpbuildtools_checksum, 'rb') as f:
original = f.read()
m = re.search(regex, original.decode("utf-8"))
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 16/22] wpa-supplicant: Security fix CVE-2020-12695
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (14 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 15/22] scripts/install-buildtools: Handle new format checksum files Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 17/22] kernel.bbclass: Fix Module.symvers support Steve Sakoman
` (5 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Armin Kuster <akuster@mvista.com>
Source: http://w1.fi/security/
Disposition: Backport from http://w1.fi/security/2020-1/
Affects <= 2.9 wpa-supplicant
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9c696397ae1b4344b8329a13076f265980ee74d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...allow-event-subscriptions-with-URLs-.patch | 151 ++++++++++++++++++
...nt-message-generation-using-a-long-U.patch | 62 +++++++
...HTTP-initiation-failures-for-events-.patch | 50 ++++++
.../wpa-supplicant/wpa-supplicant_2.9.bb | 5 +-
4 files changed, 267 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
new file mode 100644
index 0000000000..53ad5d028a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
@@ -0,0 +1,151 @@
+From 5b78c8f961f25f4dc22d6f2b77ddd06d712cec63 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Wed, 3 Jun 2020 23:17:35 +0300
+Subject: [PATCH 1/3] WPS UPnP: Do not allow event subscriptions with URLs to
+ other networks
+
+The UPnP Device Architecture 2.0 specification errata ("UDA errata
+16-04-2020.docx") addresses a problem with notifications being allowed
+to go out to other domains by disallowing such cases. Do such filtering
+for the notification callback URLs to avoid undesired connections to
+external networks based on subscriptions that any device in the local
+network could request when WPS support for external registrars is
+enabled (the upnp_iface parameter in hostapd configuration).
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #1
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/wps/wps_er.c | 2 +-
+ src/wps/wps_upnp.c | 38 ++++++++++++++++++++++++++++++++++++--
+ src/wps/wps_upnp_i.h | 3 ++-
+ 3 files changed, 39 insertions(+), 4 deletions(-)
+
+Index: wpa_supplicant-2.9/src/wps/wps_er.c
+===================================================================
+--- wpa_supplicant-2.9.orig/src/wps/wps_er.c
++++ wpa_supplicant-2.9/src/wps/wps_er.c
+@@ -1298,7 +1298,7 @@ wps_er_init(struct wps_context *wps, con
+ "with %s", filter);
+ }
+ if (get_netif_info(er->ifname, &er->ip_addr, &er->ip_addr_text,
+- er->mac_addr)) {
++ NULL, er->mac_addr)) {
+ wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
+ "for %s. Does it have IP address?", er->ifname);
+ wps_er_deinit(er, NULL, NULL);
+Index: wpa_supplicant-2.9/src/wps/wps_upnp.c
+===================================================================
+--- wpa_supplicant-2.9.orig/src/wps/wps_upnp.c
++++ wpa_supplicant-2.9/src/wps/wps_upnp.c
+@@ -303,6 +303,14 @@ static void subscr_addr_free_all(struct
+ }
+
+
++static int local_network_addr(struct upnp_wps_device_sm *sm,
++ struct sockaddr_in *addr)
++{
++ return (addr->sin_addr.s_addr & sm->netmask.s_addr) ==
++ (sm->ip_addr & sm->netmask.s_addr);
++}
++
++
+ /* subscr_addr_add_url -- add address(es) for one url to subscription */
+ static void subscr_addr_add_url(struct subscription *s, const char *url,
+ size_t url_len)
+@@ -381,6 +389,7 @@ static void subscr_addr_add_url(struct s
+
+ for (rp = result; rp; rp = rp->ai_next) {
+ struct subscr_addr *a;
++ struct sockaddr_in *addr = (struct sockaddr_in *) rp->ai_addr;
+
+ /* Limit no. of address to avoid denial of service attack */
+ if (dl_list_len(&s->addr_list) >= MAX_ADDR_PER_SUBSCRIPTION) {
+@@ -389,6 +398,13 @@ static void subscr_addr_add_url(struct s
+ break;
+ }
+
++ if (!local_network_addr(s->sm, addr)) {
++ wpa_printf(MSG_INFO,
++ "WPS UPnP: Ignore a delivery URL that points to another network %s",
++ inet_ntoa(addr->sin_addr));
++ continue;
++ }
++
+ a = os_zalloc(sizeof(*a) + alloc_len);
+ if (a == NULL)
+ break;
+@@ -889,11 +905,12 @@ static int eth_get(const char *device, u
+ * @net_if: Selected network interface name
+ * @ip_addr: Buffer for returning IP address in network byte order
+ * @ip_addr_text: Buffer for returning a pointer to allocated IP address text
++ * @netmask: Buffer for returning netmask or %NULL if not needed
+ * @mac: Buffer for returning MAC address
+ * Returns: 0 on success, -1 on failure
+ */
+ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
+- u8 mac[ETH_ALEN])
++ struct in_addr *netmask, u8 mac[ETH_ALEN])
+ {
+ struct ifreq req;
+ int sock = -1;
+@@ -919,6 +936,19 @@ int get_netif_info(const char *net_if, u
+ in_addr.s_addr = *ip_addr;
+ os_snprintf(*ip_addr_text, 16, "%s", inet_ntoa(in_addr));
+
++ if (netmask) {
++ os_memset(&req, 0, sizeof(req));
++ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
++ if (ioctl(sock, SIOCGIFNETMASK, &req) < 0) {
++ wpa_printf(MSG_ERROR,
++ "WPS UPnP: SIOCGIFNETMASK failed: %d (%s)",
++ errno, strerror(errno));
++ goto fail;
++ }
++ addr = (struct sockaddr_in *) &req.ifr_netmask;
++ netmask->s_addr = addr->sin_addr.s_addr;
++ }
++
+ #ifdef __linux__
+ os_strlcpy(req.ifr_name, net_if, sizeof(req.ifr_name));
+ if (ioctl(sock, SIOCGIFHWADDR, &req) < 0) {
+@@ -1025,11 +1055,15 @@ static int upnp_wps_device_start(struct
+
+ /* Determine which IP and mac address we're using */
+ if (get_netif_info(net_if, &sm->ip_addr, &sm->ip_addr_text,
+- sm->mac_addr)) {
++ &sm->netmask, sm->mac_addr)) {
+ wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
+ "for %s. Does it have IP address?", net_if);
+ goto fail;
+ }
++ wpa_printf(MSG_DEBUG, "WPS UPnP: Local IP address %s netmask %s hwaddr "
++ MACSTR,
++ sm->ip_addr_text, inet_ntoa(sm->netmask),
++ MAC2STR(sm->mac_addr));
+
+ /* Listen for incoming TCP connections so that others
+ * can fetch our "xml files" from us.
+Index: wpa_supplicant-2.9/src/wps/wps_upnp_i.h
+===================================================================
+--- wpa_supplicant-2.9.orig/src/wps/wps_upnp_i.h
++++ wpa_supplicant-2.9/src/wps/wps_upnp_i.h
+@@ -128,6 +128,7 @@ struct upnp_wps_device_sm {
+ u8 mac_addr[ETH_ALEN]; /* mac addr of network i.f. we use */
+ char *ip_addr_text; /* IP address of network i.f. we use */
+ unsigned ip_addr; /* IP address of network i.f. we use (host order) */
++ struct in_addr netmask;
+ int multicast_sd; /* send multicast messages over this socket */
+ int ssdp_sd; /* receive discovery UPD packets on socket */
+ int ssdp_sd_registered; /* nonzero if we must unregister */
+@@ -158,7 +159,7 @@ struct subscription * subscription_find(
+ const u8 uuid[UUID_LEN]);
+ void subscr_addr_delete(struct subscr_addr *a);
+ int get_netif_info(const char *net_if, unsigned *ip_addr, char **ip_addr_text,
+- u8 mac[ETH_ALEN]);
++ struct in_addr *netmask, u8 mac[ETH_ALEN]);
+
+ /* wps_upnp_ssdp.c */
+ void msearchreply_state_machine_stop(struct advertisement_state_machine *a);
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
new file mode 100644
index 0000000000..59640859dd
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
@@ -0,0 +1,62 @@
+From f7d268864a2660b7239b9a8ff5ad37faeeb751ba Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Wed, 3 Jun 2020 22:41:02 +0300
+Subject: [PATCH 2/3] WPS UPnP: Fix event message generation using a long URL
+ path
+
+More than about 700 character URL ended up overflowing the wpabuf used
+for building the event notification and this resulted in the wpabuf
+buffer overflow checks terminating the hostapd process. Fix this by
+allocating the buffer to be large enough to contain the full URL path.
+However, since that around 700 character limit has been the practical
+limit for more than ten years, start explicitly enforcing that as the
+limit or the callback URLs since any longer ones had not worked before
+and there is no need to enable them now either.
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #2
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/wps/wps_upnp.c | 9 +++++++--
+ src/wps/wps_upnp_event.c | 3 ++-
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/wps/wps_upnp.c b/src/wps/wps_upnp.c
+index 7d4b7439940e..ab685d52ecab 100644
+--- a/src/wps/wps_upnp.c
++++ b/src/wps/wps_upnp.c
+@@ -328,9 +328,14 @@ static void subscr_addr_add_url(struct subscription *s, const char *url,
+ int rerr;
+ size_t host_len, path_len;
+
+- /* url MUST begin with http: */
+- if (url_len < 7 || os_strncasecmp(url, "http://", 7))
++ /* URL MUST begin with HTTP scheme. In addition, limit the length of
++ * the URL to 700 characters which is around the limit that was
++ * implicitly enforced for more than 10 years due to a bug in
++ * generating the event messages. */
++ if (url_len < 7 || os_strncasecmp(url, "http://", 7) || url_len > 700) {
++ wpa_printf(MSG_DEBUG, "WPS UPnP: Reject an unacceptable URL");
+ goto fail;
++ }
+ url += 7;
+ url_len -= 7;
+
+diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
+index d7e6edcc6503..08a23612f338 100644
+--- a/src/wps/wps_upnp_event.c
++++ b/src/wps/wps_upnp_event.c
+@@ -147,7 +147,8 @@ static struct wpabuf * event_build_message(struct wps_event_ *e)
+ struct wpabuf *buf;
+ char *b;
+
+- buf = wpabuf_alloc(1000 + wpabuf_len(e->data));
++ buf = wpabuf_alloc(1000 + os_strlen(e->addr->path) +
++ wpabuf_len(e->data));
+ if (buf == NULL)
+ return NULL;
+ wpabuf_printf(buf, "NOTIFY %s HTTP/1.1\r\n", e->addr->path);
+--
+2.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
new file mode 100644
index 0000000000..8a014ef28a
--- /dev/null
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch
@@ -0,0 +1,50 @@
+From 85aac526af8612c21b3117dadc8ef5944985b476 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen <jouni@codeaurora.org>
+Date: Thu, 4 Jun 2020 21:24:04 +0300
+Subject: [PATCH 3/3] WPS UPnP: Handle HTTP initiation failures for events more
+ properly
+
+While it is appropriate to try to retransmit the event to another
+callback URL on a failure to initiate the HTTP client connection, there
+is no point in trying the exact same operation multiple times in a row.
+Replve the event_retry() calls with event_addr_failure() for these cases
+to avoid busy loops trying to repeat the same failing operation.
+
+These potential busy loops would go through eloop callbacks, so the
+process is not completely stuck on handling them, but unnecessary CPU
+would be used to process the continues retries that will keep failing
+for the same reason.
+
+Upstream-Status: Backport
+CVE: CVE-2020-12695 patch #2
+Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ src/wps/wps_upnp_event.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/wps/wps_upnp_event.c b/src/wps/wps_upnp_event.c
+index 08a23612f338..c0d9e41d9a38 100644
+--- a/src/wps/wps_upnp_event.c
++++ b/src/wps/wps_upnp_event.c
+@@ -294,7 +294,7 @@ static int event_send_start(struct subscription *s)
+
+ buf = event_build_message(e);
+ if (buf == NULL) {
+- event_retry(e, 0);
++ event_addr_failure(e);
+ return -1;
+ }
+
+@@ -302,7 +302,7 @@ static int event_send_start(struct subscription *s)
+ event_http_cb, e);
+ if (e->http_event == NULL) {
+ wpabuf_free(buf);
+- event_retry(e, 0);
++ event_addr_failure(e);
+ return -1;
+ }
+
+--
+2.20.1
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
index 2936e89eed..7cc03fef7d 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.9.bb
@@ -25,7 +25,10 @@ SRC_URI = "http://w1.fi/releases/wpa_supplicant-${PV}.tar.gz \
file://wpa_supplicant.conf-sane \
file://99_wpa_supplicant \
file://0001-replace-systemd-install-Alias-with-WantedBy.patch \
- file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \
+ file://0001-AP-Silently-ignore-management-frame-from-unexpected-.patch \
+ file://0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch \
+ file://0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch \
+ file://0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch \
"
SRC_URI[md5sum] = "2d2958c782576dc9901092fbfecb4190"
SRC_URI[sha256sum] = "fcbdee7b4a64bea8177973299c8c824419c413ec2e3a95db63dd6a5dc3541f17"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 17/22] kernel.bbclass: Fix Module.symvers support
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (15 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 16/22] wpa-supplicant: Security fix CVE-2020-12695 Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 18/22] linux-firmware: upgrade 20200519 -> 20200619 Steve Sakoman
` (4 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Lili Li <lili.li@intel.com>
Starting from v5.8-rc1 commit 269a535ca931 (modpost: generate
vmlinux.symvers and reuse it for the second modpost"), kernel will
generate new vmlinux.symvers instead of dumping all the vmlinux symbols
into Module.symvers in the first pass.
Error log:
'run.do_shared_workdir.16614' failed with exit code 1:
DEBUG: cp: cannot stat 'Module.symvers': No such file or directory
This change will check the file Module.symvers existence before copying it.
Signed-off-by: Lili Li <lili.li@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cd2d62a08a1dfcd890a03ee55132b6d6c65f5ab7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/kernel.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index a3990aaf59..6d07b29e2d 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -463,7 +463,7 @@ do_shared_workdir () {
# Copy files required for module builds
cp System.map $kerneldir/System.map-${KERNEL_VERSION}
- cp Module.symvers $kerneldir/
+ [ -e Module.symvers ] && cp Module.symvers $kerneldir/
cp .config $kerneldir/
mkdir -p $kerneldir/include/config
cp include/config/kernel.release $kerneldir/include/config/kernel.release
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 18/22] linux-firmware: upgrade 20200519 -> 20200619
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (16 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 17/22] kernel.bbclass: Fix Module.symvers support Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 19/22] checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2() Steve Sakoman
` (3 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Alexander Kanavin <alex.kanavin@gmail.com>
License-Update: new firmwares, all redistributable
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ae9585efdf5bcef7224c8e752ea76064922ee99)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
...{linux-firmware_20200519.bb => linux-firmware_20200619.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-kernel/linux-firmware/{linux-firmware_20200519.bb => linux-firmware_20200619.bb} (99%)
diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20200519.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20200619.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20200519.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20200619.bb
index 18f44bccae..392e03a10a 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20200519.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20200619.bb
@@ -126,7 +126,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
file://LICENCE.xc4000;md5=0ff51d2dc49fce04814c9155081092f0 \
file://LICENCE.xc5000;md5=1e170c13175323c32c7f4d0998d53f66 \
file://LICENCE.xc5000c;md5=12b02efa3049db65d524aeb418dd87ca \
- file://WHENCE;md5=c15cee50b1a59d27106a37c2929d5291 \
+ file://WHENCE;md5=d373d30188c38dabffec0d3cc87abbfd \
"
# These are not common licenses, set NO_GENERIC_LICENSE for them
@@ -198,7 +198,7 @@ PE = "1"
SRC_URI = "${KERNELORG_MIRROR}/linux/kernel/firmware/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "584c49c58291136b966ceffb0a456a672c23d4d759bab8bf86cbbe28061e415e"
+SRC_URI[sha256sum] = "962d3ae197d226c8259f9cc7746f7ef12a9d23787cd56bd27302021ba6339722"
inherit allarch
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 19/22] checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2()
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (17 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 18/22] linux-firmware: upgrade 20200519 -> 20200619 Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 20/22] oeqa/selftest: Clean up separate builddir in success case when non-threaded Steve Sakoman
` (2 subsequent siblings)
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Nicolas Dechesne <nicolas.dechesne@linaro.org>
LAYERDEPENDS is a string of this format:
"DEPEND1 (optional version) DEPEND2 (optional version) ..."
However when we parse LAYERDEPENDS in _get_layer_collections() we
parse it as a simple string, and if any optional versions are there the
'depends' field is wrong. For example, running yocto-check-layer
might result in such errors:
ERROR: Layer meta-python depends on (>= and isn't found.
ERROR: Layer meta-python depends on 12) and isn't found.
Let's use bb.utils.explode_dep_versions2() to parse LAYERDEPENDS, and
create a string that contains all dependencies, effectively
skipping/ignoring any optional versions.
[YOCTO #13957]
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f81f07afc200fe06c5c06ea81a4f8a3a43436faf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
scripts/lib/checklayer/__init__.py | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/scripts/lib/checklayer/__init__.py b/scripts/lib/checklayer/__init__.py
index 1138000275..f625d59896 100644
--- a/scripts/lib/checklayer/__init__.py
+++ b/scripts/lib/checklayer/__init__.py
@@ -59,9 +59,14 @@ def _get_layer_collections(layer_path, lconf=None, data=None):
pattern = ldata.getVar('BBFILE_PATTERN_%s' % name)
depends = ldata.getVar('LAYERDEPENDS_%s' % name)
compat = ldata.getVar('LAYERSERIES_COMPAT_%s' % name)
+ try:
+ depDict = bb.utils.explode_dep_versions2(depends or "")
+ except bb.utils.VersionStringException as vse:
+ bb.fatal('Error parsing LAYERDEPENDS_%s: %s' % (name, str(vse)))
+
collections[name]['priority'] = priority
collections[name]['pattern'] = pattern
- collections[name]['depends'] = depends
+ collections[name]['depends'] = ' '.join(depDict.keys())
collections[name]['compat'] = compat
return collections
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 20/22] oeqa/selftest: Clean up separate builddir in success case when non-threaded
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (18 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 19/22] checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2() Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 21/22] populate_sdk_ext: Fix to use python3, not python Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 22/22] u-boot: move redundant-yyloc-global patch to u-boot-common.inc Steve Sakoman
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
If oe-selftest is run without -j, the separate build directory "build-st"
isn't cleaned up afterwards. Mirror the behaviour of the -j option to
handle this the same way, only preserve upon failure.
To do this, the remove function needs to be moved to the selftest
context module so that it can be accessed without requiring the
testtools and subunit modules the -j option requires.
A dummy wrapper class is used to wrap the tests and clean up afterwards.
[YOCTO #13953]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b376ade430d40d3cfe9c18f200c764d622710e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/lib/oeqa/core/utils/concurrencytest.py | 23 +++----------
meta/lib/oeqa/selftest/context.py | 36 +++++++++++++++++++--
2 files changed, 37 insertions(+), 22 deletions(-)
diff --git a/meta/lib/oeqa/core/utils/concurrencytest.py b/meta/lib/oeqa/core/utils/concurrencytest.py
index 01c39830f9..b2eb68fb02 100644
--- a/meta/lib/oeqa/core/utils/concurrencytest.py
+++ b/meta/lib/oeqa/core/utils/concurrencytest.py
@@ -183,10 +183,11 @@ class dummybuf(object):
#
class ConcurrentTestSuite(unittest.TestSuite):
- def __init__(self, suite, processes, setupfunc):
+ def __init__(self, suite, processes, setupfunc, removefunc):
super(ConcurrentTestSuite, self).__init__([suite])
self.processes = processes
self.setupfunc = setupfunc
+ self.removefunc = removefunc
def run(self, result):
tests, totaltests = fork_for_tests(self.processes, self)
@@ -237,22 +238,6 @@ class ConcurrentTestSuite(unittest.TestSuite):
finally:
queue.put(test)
-def removebuilddir(d):
- delay = 5
- while delay and os.path.exists(d + "/bitbake.lock"):
- time.sleep(1)
- delay = delay - 1
- # Deleting these directories takes a lot of time, use autobuilder
- # clobberdir if its available
- clobberdir = os.path.expanduser("~/yocto-autobuilder-helper/janitor/clobberdir")
- if os.path.exists(clobberdir):
- try:
- subprocess.check_call([clobberdir, d])
- return
- except subprocess.CalledProcessError:
- pass
- bb.utils.prunedir(d, ionice=True)
-
def fork_for_tests(concurrency_num, suite):
result = []
if 'BUILDDIR' in os.environ:
@@ -297,7 +282,7 @@ def fork_for_tests(concurrency_num, suite):
if ourpid != os.getpid():
os._exit(0)
if newbuilddir and unittest_result.wasSuccessful():
- removebuilddir(newbuilddir)
+ suite.removefunc(newbuilddir)
except:
# Don't do anything with process children
if ourpid != os.getpid():
@@ -313,7 +298,7 @@ def fork_for_tests(concurrency_num, suite):
sys.stderr.write(traceback.format_exc())
finally:
if newbuilddir:
- removebuilddir(newbuilddir)
+ suite.removefunc(newbuilddir)
stream.flush()
os._exit(1)
stream.flush()
diff --git a/meta/lib/oeqa/selftest/context.py b/meta/lib/oeqa/selftest/context.py
index ba13732253..9baad58321 100644
--- a/meta/lib/oeqa/selftest/context.py
+++ b/meta/lib/oeqa/selftest/context.py
@@ -22,6 +22,37 @@ from oeqa.core.exception import OEQAPreRun, OEQATestNotFound
from oeqa.utils.commands import runCmd, get_bb_vars, get_test_layer
+class NonConcurrentTestSuite(unittest.TestSuite):
+ def __init__(self, suite, processes, setupfunc, removefunc):
+ super().__init__([suite])
+ self.processes = processes
+ self.suite = suite
+ self.setupfunc = setupfunc
+ self.removefunc = removefunc
+
+ def run(self, result):
+ (builddir, newbuilddir) = self.setupfunc("-st", None, self.suite)
+ ret = super().run(result)
+ os.chdir(builddir)
+ if newbuilddir and ret.wasSuccessful():
+ self.removefunc(newbuilddir)
+
+def removebuilddir(d):
+ delay = 5
+ while delay and os.path.exists(d + "/bitbake.lock"):
+ time.sleep(1)
+ delay = delay - 1
+ # Deleting these directories takes a lot of time, use autobuilder
+ # clobberdir if its available
+ clobberdir = os.path.expanduser("~/yocto-autobuilder-helper/janitor/clobberdir")
+ if os.path.exists(clobberdir):
+ try:
+ subprocess.check_call([clobberdir, d])
+ return
+ except subprocess.CalledProcessError:
+ pass
+ bb.utils.prunedir(d, ionice=True)
+
class OESelftestTestContext(OETestContext):
def __init__(self, td=None, logger=None, machines=None, config_paths=None, newbuilddir=None):
super(OESelftestTestContext, self).__init__(td, logger)
@@ -86,10 +117,9 @@ class OESelftestTestContext(OETestContext):
if processes:
from oeqa.core.utils.concurrencytest import ConcurrentTestSuite
- return ConcurrentTestSuite(suites, processes, self.setup_builddir)
+ return ConcurrentTestSuite(suites, processes, self.setup_builddir, removebuilddir)
else:
- self.setup_builddir("-st", None, suites)
- return suites
+ return NonConcurrentTestSuite(suites, processes, self.setup_builddir, removebuilddir)
def runTests(self, processes=None, machine=None, skips=[]):
if machine:
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 21/22] populate_sdk_ext: Fix to use python3, not python
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (19 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 20/22] oeqa/selftest: Clean up separate builddir in success case when non-threaded Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
2020-06-30 3:03 ` [OE-core][dunfell 22/22] u-boot: move redundant-yyloc-global patch to u-boot-common.inc Steve Sakoman
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
We should be using python3 here, it was missed in the conversion. Spotted on
autobuilder tests failing on systems with python missing.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit db07b09196022078346aadd565760240b7da6a71)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
meta/classes/populate_sdk_ext.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass
index 9f26cfc131..fd0da16e7e 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -676,7 +676,7 @@ sdk_ext_postinst() {
# current working directory when first ran, nor will it set $1 when
# sourcing a script. That is why this has to look so ugly.
LOGFILE="$target_sdk_dir/preparing_build_system.log"
- sh -c ". buildtools/environment-setup* > $LOGFILE && cd $target_sdk_dir/`dirname ${oe_init_build_env_path}` && set $target_sdk_dir && . $target_sdk_dir/${oe_init_build_env_path} $target_sdk_dir >> $LOGFILE && python $target_sdk_dir/ext-sdk-prepare.py $LOGFILE '${SDK_INSTALL_TARGETS}'" || { echo "printf 'ERROR: this SDK was not fully installed and needs reinstalling\n'" >> $env_setup_script ; exit 1 ; }
+ sh -c ". buildtools/environment-setup* > $LOGFILE && cd $target_sdk_dir/`dirname ${oe_init_build_env_path}` && set $target_sdk_dir && . $target_sdk_dir/${oe_init_build_env_path} $target_sdk_dir >> $LOGFILE && python3 $target_sdk_dir/ext-sdk-prepare.py $LOGFILE '${SDK_INSTALL_TARGETS}'" || { echo "printf 'ERROR: this SDK was not fully installed and needs reinstalling\n'" >> $env_setup_script ; exit 1 ; }
fi
if [ -e $target_sdk_dir/ext-sdk-prepare.py ]; then
rm $target_sdk_dir/ext-sdk-prepare.py
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread
* [OE-core][dunfell 22/22] u-boot: move redundant-yyloc-global patch to u-boot-common.inc
2020-06-30 3:02 [OE-core][dunfell 00/22] Patch review Steve Sakoman
` (20 preceding siblings ...)
2020-06-30 3:03 ` [OE-core][dunfell 21/22] populate_sdk_ext: Fix to use python3, not python Steve Sakoman
@ 2020-06-30 3:03 ` Steve Sakoman
21 siblings, 0 replies; 25+ messages in thread
From: Steve Sakoman @ 2020-06-30 3:03 UTC (permalink / raw)
To: openembedded-core
gcc10 build issue occurs in both u-boot and u-boot-tools
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../{u-boot-tools => files}/remove-redundant-yyloc-global.patch | 0
meta/recipes-bsp/u-boot/u-boot-common.inc | 1 +
meta/recipes-bsp/u-boot/u-boot-tools_2020.01.bb | 2 --
3 files changed, 1 insertion(+), 2 deletions(-)
rename meta/recipes-bsp/u-boot/{u-boot-tools => files}/remove-redundant-yyloc-global.patch (100%)
diff --git a/meta/recipes-bsp/u-boot/u-boot-tools/remove-redundant-yyloc-global.patch b/meta/recipes-bsp/u-boot/files/remove-redundant-yyloc-global.patch
similarity index 100%
rename from meta/recipes-bsp/u-boot/u-boot-tools/remove-redundant-yyloc-global.patch
rename to meta/recipes-bsp/u-boot/files/remove-redundant-yyloc-global.patch
diff --git a/meta/recipes-bsp/u-boot/u-boot-common.inc b/meta/recipes-bsp/u-boot/u-boot-common.inc
index edd0004792..4a17894c49 100644
--- a/meta/recipes-bsp/u-boot/u-boot-common.inc
+++ b/meta/recipes-bsp/u-boot/u-boot-common.inc
@@ -15,6 +15,7 @@ PE = "1"
SRCREV = "303f8fed261020c1cb7da32dad63b610bf6873dd"
SRC_URI = "git://git.denx.de/u-boot.git \
+ file://remove-redundant-yyloc-global.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-bsp/u-boot/u-boot-tools_2020.01.bb b/meta/recipes-bsp/u-boot/u-boot-tools_2020.01.bb
index ca8876ff98..7eaf721ca8 100644
--- a/meta/recipes-bsp/u-boot/u-boot-tools_2020.01.bb
+++ b/meta/recipes-bsp/u-boot/u-boot-tools_2020.01.bb
@@ -1,4 +1,2 @@
require u-boot-common.inc
require u-boot-tools.inc
-
-SRC_URI += "file://remove-redundant-yyloc-global.patch"
--
2.17.1
^ permalink raw reply related [flat|nested] 25+ messages in thread