* [honister][PATCH 00/10] Patch review
@ 2022-01-10 4:09 Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 01/10] linux-yocto: add libmpc-native to DEPENDS Anuj Mittal
` (9 more replies)
0 siblings, 10 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
Next set of changes for honister. No problems seen while testing on
autobuilder.
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/3092
Thanks,
Anuj
The following changes since commit 4e732ef0d3c90952f14804f5fc41ea16304810af:
xserver-xorg: upgrade 1.20.13 -> 1.20.14 (2021-12-29 09:21:24 +0800)
are available in the Git repository at:
git://push.openembedded.org/openembedded-core-contrib anujm/honister
Anuj Mittal (1):
xserver-xorg: update CVE_PRODUCT
Markus Volk (1):
vulkan-loader: inherit pkgconfig
Oleksiy Obitotskyy (1):
package_manager: ipk: Fix host manifest generation
Richard Purdie (3):
openssl: Add reproducibility fix
webkitgtk: Add reproducibility fix
scripts: Update to use exec_module() instead of load_module()
Ross Burton (1):
linux-yocto: add libmpc-native to DEPENDS
Samuli Piippo (1):
rpm: remove tmp folder created during install
Tim Orling (1):
scripts/buildhistory-diff: drop use of distutils
Yongxin Liu (1):
grub2: fix CVE-2021-3981
meta/lib/oe/sdk.py | 4 ++
...onfig-Restore-umask-for-the-grub.cfg.patch | 49 +++++++++++++++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
.../openssl/openssl/reproducibility.patch | 22 +++++++++
.../openssl/openssl_1.1.1l.bb | 1 +
meta/recipes-devtools/rpm/rpm_4.16.1.3.bb | 3 ++
.../vulkan/vulkan-loader_1.2.182.0.bb | 2 +-
.../xorg-xserver/xserver-xorg.inc | 2 +-
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 2 +-
.../webkit/webkitgtk/reproducibility.patch | 22 +++++++++
meta/recipes-sato/webkit/webkitgtk_2.32.3.bb | 1 +
scripts/buildhistory-diff | 5 --
scripts/lib/scriptutils.py | 7 ++-
scripts/lib/wic/pluginbase.py | 8 ++-
14 files changed, 117 insertions(+), 12 deletions(-)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducibility.patch
create mode 100644 meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
--
2.33.1
^ permalink raw reply [flat|nested] 13+ messages in thread
* [honister][PATCH 01/10] linux-yocto: add libmpc-native to DEPENDS
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 02/10] xserver-xorg: update CVE_PRODUCT Anuj Mittal
` (8 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
From: Ross Burton <ross@burtonini.com>
5.10.85 changed how the GCC plugins are built, which means they now
depend on both GMP and MPC to be built. We already depend on gmp-native,
so add libmpc-native aswell.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-kernel/linux/linux-yocto_5.10.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto_5.10.bb b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
index c62157d850..bbb25f7393 100644
--- a/meta/recipes-kernel/linux/linux-yocto_5.10.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_5.10.bb
@@ -36,7 +36,7 @@ LINUX_VERSION ?= "5.10.87"
DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
DEPENDS += "openssl-native util-linux-native"
-DEPENDS += "gmp-native"
+DEPENDS += "gmp-native libmpc-native"
PV = "${LINUX_VERSION}+git${SRCPV}"
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [honister][PATCH 02/10] xserver-xorg: update CVE_PRODUCT
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 01/10] linux-yocto: add libmpc-native to DEPENDS Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 03/10] package_manager: ipk: Fix host manifest generation Anuj Mittal
` (7 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
Some of the CVEs have x_server as the product name.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d5d63cf8605515bb659b6b732683d7fe6540728)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
index e1fc0a06dc..85d0788eaf 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc
@@ -19,7 +19,7 @@ SRC_URI = "${XORG_MIRROR}/individual/xserver/${XORG_PN}-${PV}.tar.xz"
UPSTREAM_CHECK_REGEX = "xorg-server-(?P<pver>\d+(\.(?!99)\d+)+)\.tar"
-CVE_PRODUCT = "xorg-server"
+CVE_PRODUCT = "xorg-server x_server"
S = "${WORKDIR}/${XORG_PN}-${PV}"
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [honister][PATCH 03/10] package_manager: ipk: Fix host manifest generation
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 01/10] linux-yocto: add libmpc-native to DEPENDS Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 02/10] xserver-xorg: update CVE_PRODUCT Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 04/10] grub2: fix CVE-2021-3981 Anuj Mittal
` (6 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
From: Oleksiy Obitotskyy <oobitots@cisco.com>
Since honister host manifest stopped to generate, i.e.
manifest file is empty but all ipks/files into sdk is
ok.
Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 79a2392f5d2a4cb6509a83afb40bca01bac59914)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/lib/oe/sdk.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/lib/oe/sdk.py b/meta/lib/oe/sdk.py
index 37b59afd1a..27347667e8 100644
--- a/meta/lib/oe/sdk.py
+++ b/meta/lib/oe/sdk.py
@@ -115,6 +115,10 @@ def sdk_list_installed_packages(d, target, rootfs_dir=None):
rootfs_dir = [sdk_output, os.path.join(sdk_output, target_path)][target is True]
+ if target is False:
+ ipkgconf_sdk_target = d.getVar("IPKGCONF_SDK")
+ d.setVar("IPKGCONF_TARGET", ipkgconf_sdk_target)
+
img_type = d.getVar('IMAGE_PKGTYPE')
import importlib
cls = importlib.import_module('oe.package_manager.' + img_type)
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [honister][PATCH 04/10] grub2: fix CVE-2021-3981
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
` (2 preceding siblings ...)
2022-01-10 4:09 ` [honister][PATCH 03/10] package_manager: ipk: Fix host manifest generation Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
2022-01-10 9:00 ` [OE-core] " Marta Rybczynska
[not found] ` <16C8DD2C638E8912.22838@lists.openembedded.org>
2022-01-10 4:09 ` [honister][PATCH 05/10] rpm: remove tmp folder created during install Anuj Mittal
` (5 subsequent siblings)
9 siblings, 2 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
From: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb554d14142f93c39fd1516a31757006531c348f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...onfig-Restore-umask-for-the-grub.cfg.patch | 49 +++++++++++++++++++
meta/recipes-bsp/grub/grub2.inc | 1 +
2 files changed, 50 insertions(+)
create mode 100644 meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
diff --git a/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
new file mode 100644
index 0000000000..dae26fd8bb
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch
@@ -0,0 +1,49 @@
+From 0adec29674561034771c13e446069b41ef41e4d4 Mon Sep 17 00:00:00 2001
+From: Michael Chang <mchang@suse.com>
+Date: Fri, 3 Dec 2021 16:13:28 +0800
+Subject: [PATCH] grub-mkconfig: Restore umask for the grub.cfg
+
+The commit ab2e53c8a (grub-mkconfig: Honor a symlink when generating
+configuration by grub-mkconfig) has inadvertently discarded umask for
+creating grub.cfg in the process of running grub-mkconfig. The resulting
+wrong permission (0644) would allow unprivileged users to read GRUB
+configuration file content. This presents a low confidentiality risk
+as grub.cfg may contain non-secured plain-text passwords.
+
+This patch restores the missing umask and sets the creation file mode
+to 0600 preventing unprivileged access.
+
+Fixes: CVE-2021-3981
+
+Signed-off-by: Michael Chang <mchang@suse.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport
+CVE: CVE-2021-3981
+
+Reference to upstream patch:
+https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0adec29674561034771c13e446069b41ef41e4d4
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ util/grub-mkconfig.in | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
+index c3ea7612e..62335d027 100644
+--- a/util/grub-mkconfig.in
++++ b/util/grub-mkconfig.in
+@@ -301,7 +301,10 @@ and /etc/grub.d/* files or please file a bug report with
+ exit 1
+ else
+ # none of the children aborted with error, install the new grub.cfg
++ oldumask=$(umask)
++ umask 077
+ cat ${grub_cfg}.new > ${grub_cfg}
++ umask $oldumask
+ rm -f ${grub_cfg}.new
+ fi
+ fi
+--
+2.31.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index bb791347dc..a72a562c5a 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
file://determinism.patch \
file://0001-RISC-V-Restore-the-typcast-to-long.patch \
+ file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
"
SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [honister][PATCH 05/10] rpm: remove tmp folder created during install
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
` (3 preceding siblings ...)
2022-01-10 4:09 ` [honister][PATCH 04/10] grub2: fix CVE-2021-3981 Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 06/10] openssl: Add reproducibility fix Anuj Mittal
` (4 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
From: Samuli Piippo <samuli.piippo@gmail.com>
nativesdk-rpm build is also affected by the stray /var/tmp
created during the rpm install. Remove it to fix QA Issue:
nativesdk-rpm installs files in /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/var/volatile, but it is expected to be empty [empty-dirs]
Signed-off-by: Samuli Piippo <samuli.piippo@qt.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 28dd1e1a0965646c5736e3de91aad830311a797b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-devtools/rpm/rpm_4.16.1.3.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
index cb15415d7f..48cd79f9cb 100644
--- a/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
+++ b/meta/recipes-devtools/rpm/rpm_4.16.1.3.bb
@@ -133,6 +133,9 @@ do_install:append:class-nativesdk() {
do_install:append:class-target() {
rm -rf ${D}/var
}
+do_install:append:class-nativesdk() {
+ rm -rf ${D}${SDKPATHNATIVE}/var
+}
do_install:append () {
sed -i -e 's:${HOSTTOOLS_DIR}/::g' \
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [honister][PATCH 06/10] openssl: Add reproducibility fix
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
` (4 preceding siblings ...)
2022-01-10 4:09 ` [honister][PATCH 05/10] rpm: remove tmp folder created during install Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 07/10] webkitgtk: " Anuj Mittal
` (3 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
When the date rolled from one year to another, it highlighted a reproducibility
issue in openssl. Patch a workaround for this to avoid autobuilder failures. Help
submitting upstream welcome.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f8281e290737dba16a46d7ae937c66b3266e0fe8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../openssl/openssl/reproducibility.patch | 22 +++++++++++++++++++
.../openssl/openssl_1.1.1l.bb | 1 +
2 files changed, 23 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl/reproducibility.patch
diff --git a/meta/recipes-connectivity/openssl/openssl/reproducibility.patch b/meta/recipes-connectivity/openssl/openssl/reproducibility.patch
new file mode 100644
index 0000000000..8accbc9df2
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/reproducibility.patch
@@ -0,0 +1,22 @@
+Using localtime() means the output can depend on the timezone of the build machine.
+Using gmtime() is safer. For complete reproducibility use SOURCE_DATE_EPOCH if set.
+
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+Upstream-Status: Pending [should be suitable]
+
+Index: openssl-3.0.1/apps/progs.pl
+===================================================================
+--- openssl-3.0.1.orig/apps/progs.pl
++++ openssl-3.0.1/apps/progs.pl
+@@ -21,7 +21,10 @@ die "Unrecognised option, must be -C or
+ my %commands = ();
+ my $cmdre = qr/^\s*int\s+([a-z_][a-z0-9_]*)_main\(\s*int\s+argc\s*,/;
+ my $apps_openssl = shift @ARGV;
+-my $YEAR = [localtime()]->[5] + 1900;
++my $YEAR = [gmtime()]->[5] + 1900;
++if (defined($ENV{SOURCE_DATE_EPOCH}) && $ENV{SOURCE_DATE_EPOCH} !~ /\D/) {
++ $YEAR = [gmtime($ENV{SOURCE_DATE_EPOCH})]->[5] + 1900;
++}
+
+ # because the program apps/openssl has object files as sources, and
+ # they then have the corresponding C files as source, we need to chain
diff --git a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb b/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
index b241ba78bc..17c769bb56 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.1.1l.bb
@@ -17,6 +17,7 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \
file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \
file://afalg.patch \
file://reproducible.patch \
+ file://reproducibility.patch \
"
SRC_URI:append:class-nativesdk = " \
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [honister][PATCH 07/10] webkitgtk: Add reproducibility fix
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
` (5 preceding siblings ...)
2022-01-10 4:09 ` [honister][PATCH 06/10] openssl: Add reproducibility fix Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 08/10] vulkan-loader: inherit pkgconfig Anuj Mittal
` (2 subsequent siblings)
9 siblings, 0 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
When the date rolled from one year to another this highlighted a reproducibility
issue. This could be better fixed by using SOURCE_DATE_EPOCH from the environment
but I'm not sure how you do that in ruby. Help from someone with that knowledge
to submit that upstream very welcome.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d561c98f4d2e68d595aae4b03df1420cb01c3f7)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
.../webkit/webkitgtk/reproducibility.patch | 22 +++++++++++++++++++
meta/recipes-sato/webkit/webkitgtk_2.32.3.bb | 1 +
2 files changed, 23 insertions(+)
create mode 100644 meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
diff --git a/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
new file mode 100644
index 0000000000..e866a1a193
--- /dev/null
+++ b/meta/recipes-sato/webkit/webkitgtk/reproducibility.patch
@@ -0,0 +1,22 @@
+Injection a year based on the current date isn't reproducible. Hack this
+to a specific year for now for reproducibilty and to avoid autobuilder failures.
+
+The correct fix would be to use SOURCE_DATE_EPOCH from the environment and
+then this could be submitted upstream, sadly my ruby isn't up to that.
+
+Upstream-Status: Pending [could be reworked]
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+Index: webkitgtk-2.34.2/Source/JavaScriptCore/generator/GeneratedFile.rb
+===================================================================
+--- webkitgtk-2.34.2.orig/Source/JavaScriptCore/generator/GeneratedFile.rb
++++ webkitgtk-2.34.2/Source/JavaScriptCore/generator/GeneratedFile.rb
+@@ -25,7 +25,7 @@ require 'date'
+ require 'digest'
+
+ $LICENSE = <<-EOF
+-Copyright (C) #{Date.today.year} Apple Inc. All rights reserved.
++Copyright (C) 2021 Apple Inc. All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
diff --git a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb b/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
index 1f3f7a9c00..bab1c17902 100644
--- a/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
+++ b/meta/recipes-sato/webkit/webkitgtk_2.32.3.bb
@@ -19,6 +19,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \
file://reduce-memory-overheads.patch \
file://musl-lower-stack-usage.patch \
file://0001-MiniBrowser-Fix-reproduciblity.patch \
+ file://reproducibility.patch \
"
SRC_URI[sha256sum] = "c1f496f5ac654efe4cef62fbd4f2fbeeef265a07c5e7419e5d2900bfeea52cbc"
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [honister][PATCH 08/10] vulkan-loader: inherit pkgconfig
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
` (6 preceding siblings ...)
2022-01-10 4:09 ` [honister][PATCH 07/10] webkitgtk: " Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 09/10] scripts: Update to use exec_module() instead of load_module() Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 10/10] scripts/buildhistory-diff: drop use of distutils Anuj Mittal
9 siblings, 0 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
From: Markus Volk <f_l_k@t-online.de>
this is needed to get the vulkan.pc file created
Signed-off-by: MarkusVolk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1eaf810efca0dd8be5d561bab46c1998b96061c1)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb b/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb
index 41632f25ce..984dc1253f 100644
--- a/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb
+++ b/meta/recipes-graphics/vulkan/vulkan-loader_1.2.182.0.bb
@@ -17,7 +17,7 @@ S = "${WORKDIR}/git"
REQUIRED_DISTRO_FEATURES = "vulkan"
-inherit cmake features_check
+inherit cmake features_check pkgconfig
ANY_OF_DISTRO_FEATURES = "x11 wayland"
DEPENDS += "vulkan-headers"
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [honister][PATCH 09/10] scripts: Update to use exec_module() instead of load_module()
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
` (7 preceding siblings ...)
2022-01-10 4:09 ` [honister][PATCH 08/10] vulkan-loader: inherit pkgconfig Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 10/10] scripts/buildhistory-diff: drop use of distutils Anuj Mittal
9 siblings, 0 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
From: Richard Purdie <richard.purdie@linuxfoundation.org>
This is deprecated in python 3.12 and Fedora 35 is throwing warnings so
move to the new functions.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 655cd3f614d736416eab0d708b7c49674bf5c977)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
scripts/lib/scriptutils.py | 7 +++++--
scripts/lib/wic/pluginbase.py | 8 ++++++--
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/scripts/lib/scriptutils.py b/scripts/lib/scriptutils.py
index 3164171eb2..47a08194d0 100644
--- a/scripts/lib/scriptutils.py
+++ b/scripts/lib/scriptutils.py
@@ -18,7 +18,8 @@ import sys
import tempfile
import threading
import importlib
-from importlib import machinery
+import importlib.machinery
+import importlib.util
class KeepAliveStreamHandler(logging.StreamHandler):
def __init__(self, keepalive=True, **kwargs):
@@ -82,7 +83,9 @@ def load_plugins(logger, plugins, pluginpath):
logger.debug('Loading plugin %s' % name)
spec = importlib.machinery.PathFinder.find_spec(name, path=[pluginpath] )
if spec:
- return spec.loader.load_module()
+ mod = importlib.util.module_from_spec(spec)
+ spec.loader.exec_module(mod)
+ return mod
def plugin_name(filename):
return os.path.splitext(os.path.basename(filename))[0]
diff --git a/scripts/lib/wic/pluginbase.py b/scripts/lib/wic/pluginbase.py
index d9b4e57747..b64568339b 100644
--- a/scripts/lib/wic/pluginbase.py
+++ b/scripts/lib/wic/pluginbase.py
@@ -9,9 +9,11 @@ __all__ = ['ImagerPlugin', 'SourcePlugin']
import os
import logging
+import types
from collections import defaultdict
-from importlib.machinery import SourceFileLoader
+import importlib
+import importlib.util
from wic import WicError
from wic.misc import get_bitbake_var
@@ -54,7 +56,9 @@ class PluginMgr:
mname = fname[:-3]
mpath = os.path.join(ppath, fname)
logger.debug("loading plugin module %s", mpath)
- SourceFileLoader(mname, mpath).load_module()
+ spec = importlib.util.spec_from_file_location(mname, mpath)
+ module = importlib.util.module_from_spec(spec)
+ spec.loader.exec_module(module)
return PLUGINS.get(ptype)
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* [honister][PATCH 10/10] scripts/buildhistory-diff: drop use of distutils
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
` (8 preceding siblings ...)
2022-01-10 4:09 ` [honister][PATCH 09/10] scripts: Update to use exec_module() instead of load_module() Anuj Mittal
@ 2022-01-10 4:09 ` Anuj Mittal
9 siblings, 0 replies; 13+ messages in thread
From: Anuj Mittal @ 2022-01-10 4:09 UTC (permalink / raw)
To: openembedded-core
From: Tim Orling <timothy.t.orling@intel.com>
The use of distutils.version.LooseVersion to check for GitPython > 0.3.1
is not really needed anymore since any supported distribution has at least
1.0.0 (centos-7 via epel7, debian-9, ubuntu-16.04)
If we want to reinstate this check, alternatives would be to require
python3-packaging on all hosts and use packaging.version.Version or
use an imported LooseVersion in bb.version.
[YOCTO #14610]
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bc90dcae9f53ddc246942f4d9b8ae8943e3b9754)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
scripts/buildhistory-diff | 5 -----
1 file changed, 5 deletions(-)
diff --git a/scripts/buildhistory-diff b/scripts/buildhistory-diff
index 3bd40a2a1e..a6e785aa23 100755
--- a/scripts/buildhistory-diff
+++ b/scripts/buildhistory-diff
@@ -11,7 +11,6 @@
import sys
import os
import argparse
-from distutils.version import LooseVersion
# Ensure PythonGit is installed (buildhistory_analysis needs it)
try:
@@ -73,10 +72,6 @@ def main():
parser = get_args_parser()
args = parser.parse_args()
- if LooseVersion(git.__version__) < '0.3.1':
- sys.stderr.write("Version of GitPython is too old, please install GitPython (python-git) 0.3.1 or later in order to use this script\n")
- sys.exit(1)
-
if len(args.revisions) > 2:
sys.stderr.write('Invalid argument(s) specified: %s\n\n' % ' '.join(args.revisions[2:]))
parser.print_help()
--
2.33.1
^ permalink raw reply related [flat|nested] 13+ messages in thread
* Re: [OE-core] [honister][PATCH 04/10] grub2: fix CVE-2021-3981
2022-01-10 4:09 ` [honister][PATCH 04/10] grub2: fix CVE-2021-3981 Anuj Mittal
@ 2022-01-10 9:00 ` Marta Rybczynska
[not found] ` <16C8DD2C638E8912.22838@lists.openembedded.org>
1 sibling, 0 replies; 13+ messages in thread
From: Marta Rybczynska @ 2022-01-10 9:00 UTC (permalink / raw)
To: Anuj Mittal; +Cc: OE-core
[-- Attachment #1: Type: text/plain, Size: 791 bytes --]
> diff --git a/meta/recipes-bsp/grub/grub2.inc
> b/meta/recipes-bsp/grub/grub2.inc
> index bb791347dc..a72a562c5a 100644
> --- a/meta/recipes-bsp/grub/grub2.inc
> +++ b/meta/recipes-bsp/grub/grub2.inc
> @@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
> file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
> file://determinism.patch \
> file://0001-RISC-V-Restore-the-typcast-to-long.patch \
> +
> file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
> "
>
> SRC_URI[sha256sum] =
> "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
>
>
This one should go to dunfell too. If the original poster would like to
backport,
that would be nice, otherwise it is on my list.
Kind regards,
Marta
[-- Attachment #2: Type: text/html, Size: 1153 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [OE-core] [honister][PATCH 04/10] grub2: fix CVE-2021-3981
[not found] ` <16C8DD2C638E8912.22838@lists.openembedded.org>
@ 2022-01-17 19:06 ` Marta Rybczynska
0 siblings, 0 replies; 13+ messages in thread
From: Marta Rybczynska @ 2022-01-17 19:06 UTC (permalink / raw)
To: Marta Rybczynska; +Cc: Anuj Mittal, OE-core
[-- Attachment #1: Type: text/plain, Size: 1046 bytes --]
On Mon, Jan 10, 2022 at 10:01 AM Marta Rybczynska via lists.openembedded.org
<rybczynska=gmail.com@lists.openembedded.org> wrote:
>
> diff --git a/meta/recipes-bsp/grub/grub2.inc
>> b/meta/recipes-bsp/grub/grub2.inc
>> index bb791347dc..a72a562c5a 100644
>> --- a/meta/recipes-bsp/grub/grub2.inc
>> +++ b/meta/recipes-bsp/grub/grub2.inc
>> @@ -20,6 +20,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
>> file://0001-grub.d-10_linux.in-add-oe-s-kernel-name.patch \
>> file://determinism.patch \
>> file://0001-RISC-V-Restore-the-typcast-to-long.patch \
>> +
>> file://CVE-2021-3981-grub-mkconfig-Restore-umask-for-the-grub.cfg.patch \
>> "
>>
>> SRC_URI[sha256sum] =
>> "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
>>
>>
> This one should go to dunfell too. If the original poster would like to
> backport,
> that would be nice, otherwise it is on my list.
>
This issue does not apply in dunfell, as the change introducing the problem
is post-2.04.
No need to backport.
Marta
[-- Attachment #2: Type: text/html, Size: 1769 bytes --]
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2022-01-17 19:06 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-01-10 4:09 [honister][PATCH 00/10] Patch review Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 01/10] linux-yocto: add libmpc-native to DEPENDS Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 02/10] xserver-xorg: update CVE_PRODUCT Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 03/10] package_manager: ipk: Fix host manifest generation Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 04/10] grub2: fix CVE-2021-3981 Anuj Mittal
2022-01-10 9:00 ` [OE-core] " Marta Rybczynska
[not found] ` <16C8DD2C638E8912.22838@lists.openembedded.org>
2022-01-17 19:06 ` Marta Rybczynska
2022-01-10 4:09 ` [honister][PATCH 05/10] rpm: remove tmp folder created during install Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 06/10] openssl: Add reproducibility fix Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 07/10] webkitgtk: " Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 08/10] vulkan-loader: inherit pkgconfig Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 09/10] scripts: Update to use exec_module() instead of load_module() Anuj Mittal
2022-01-10 4:09 ` [honister][PATCH 10/10] scripts/buildhistory-diff: drop use of distutils Anuj Mittal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).