| Message ID | 20250507081717.287535-1-peter.marko@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v2] sqlite3: upgrade 3.48.0 -> 3.49.1 | expand |
On Wed May 7, 2025 at 10:17 AM CEST, Peter Marko via lists.openembedded.org wrote: > From: Peter Marko <peter.marko@siemens.com> > > Handle CVE-2025-3277, CVE-2025-29087 and CVE-2025-29088. > > This update includes major change in how it is built. > Instead of autotools, autosetup is used. > > Autosetup (https://msteveb.github.io/autosetup/) claims to be > * Replacement for autoconf in many situations > However it also claims NOT to > * Intended to replace all possible uses of autoconf > This means that some autoconf features are not available. > > Recipe changes: > * stop inheriting autotools and define B, do_configure and do_install > * depend on zlib unconditionally, autoconf cannot be preconfigured in > similar way as autotools > * update packageconfig options to match new syntax > * libedit is detected with ncurses linking options (as seen in > do_configure log) > * backport rpaths fix > * define soname to avoid file-rdeps QA error due to wrong library name > * clean B for do_configure as the new Makefiles do not seem to properly > retrigger build if configuration changes > * use unstripped binaries for native (non-cross-compile) case > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- Hi Peter, Thanks for the v2. I believe we still have some issues with this version. Not fully confident, as it seems a bit intermittent and I cannot see a direct link between your change and the error. I will try to drop it from my branch and see if it does fix the build. 2025-05-09 06:27:17,644 - oe-selftest - INFO - buildoptions.ArchiverTest.test_arch_work_dir_and_export_source (subunit.RemotedTestCase) 2025-05-09 06:27:17,644 - oe-selftest - INFO - ... FAIL ... AssertionError: 1 != 0 : Couldn't build xcursortransparenttheme. ... BrokenPipeError: [Errno 32] Broken pipe https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/1518 https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/1468 https://autobuilder.yoctoproject.org/valkyrie/#/builders/8/builds/1585 Can you have a look at this please?
On Fri May 9, 2025 at 10:56 AM CEST, Mathieu Dubois-Briand wrote: > On Wed May 7, 2025 at 10:17 AM CEST, Peter Marko via lists.openembedded.org wrote: >> From: Peter Marko <peter.marko@siemens.com> >> >> Handle CVE-2025-3277, CVE-2025-29087 and CVE-2025-29088. >> >> This update includes major change in how it is built. >> Instead of autotools, autosetup is used. >> >> Autosetup (https://msteveb.github.io/autosetup/) claims to be >> * Replacement for autoconf in many situations >> However it also claims NOT to >> * Intended to replace all possible uses of autoconf >> This means that some autoconf features are not available. >> >> Recipe changes: >> * stop inheriting autotools and define B, do_configure and do_install >> * depend on zlib unconditionally, autoconf cannot be preconfigured in >> similar way as autotools >> * update packageconfig options to match new syntax >> * libedit is detected with ncurses linking options (as seen in >> do_configure log) >> * backport rpaths fix >> * define soname to avoid file-rdeps QA error due to wrong library name >> * clean B for do_configure as the new Makefiles do not seem to properly >> retrigger build if configuration changes >> * use unstripped binaries for native (non-cross-compile) case >> >> Signed-off-by: Peter Marko <peter.marko@siemens.com> >> --- > > Hi Peter, > > Thanks for the v2. > > I believe we still have some issues with this version. Not fully > confident, as it seems a bit intermittent and I cannot see a direct link > between your change and the error. I will try to drop it from my branch > and see if it does fix the build. > > 2025-05-09 06:27:17,644 - oe-selftest - INFO - buildoptions.ArchiverTest.test_arch_work_dir_and_export_source (subunit.RemotedTestCase) > 2025-05-09 06:27:17,644 - oe-selftest - INFO - ... FAIL > ... > AssertionError: 1 != 0 : > Couldn't build xcursortransparenttheme. > ... > BrokenPipeError: [Errno 32] Broken pipe > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/1518 > https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/1468 > https://autobuilder.yoctoproject.org/valkyrie/#/builders/8/builds/1585 > > Can you have a look at this please? Just a quick update: I confirm dropping the patch fixed the build. Best regards, Mathieu
> -----Original Message----- > From: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> > Sent: Friday, May 9, 2025 10:56 > To: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com>; > openembedded-core@lists.openembedded.org > Subject: Re: [OE-core][PATCH v2] sqlite3: upgrade 3.48.0 -> 3.49.1 > > On Wed May 7, 2025 at 10:17 AM CEST, Peter Marko via lists.openembedded.org > wrote: > > From: Peter Marko <peter.marko@siemens.com> > > > > Handle CVE-2025-3277, CVE-2025-29087 and CVE-2025-29088. > > > > This update includes major change in how it is built. > > Instead of autotools, autosetup is used. > > > > Autosetup (https://msteveb.github.io/autosetup/) claims to be > > * Replacement for autoconf in many situations > > However it also claims NOT to > > * Intended to replace all possible uses of autoconf > > This means that some autoconf features are not available. > > > > Recipe changes: > > * stop inheriting autotools and define B, do_configure and do_install > > * depend on zlib unconditionally, autoconf cannot be preconfigured in > > similar way as autotools > > * update packageconfig options to match new syntax > > * libedit is detected with ncurses linking options (as seen in > > do_configure log) > > * backport rpaths fix > > * define soname to avoid file-rdeps QA error due to wrong library name > > * clean B for do_configure as the new Makefiles do not seem to properly > > retrigger build if configuration changes > > * use unstripped binaries for native (non-cross-compile) case > > > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > > --- > > Hi Peter, > > Thanks for the v2. > > I believe we still have some issues with this version. Not fully > confident, as it seems a bit intermittent and I cannot see a direct link > between your change and the error. I will try to drop it from my branch > and see if it does fix the build. > > 2025-05-09 06:27:17,644 - oe-selftest - INFO - > buildoptions.ArchiverTest.test_arch_work_dir_and_export_source > (subunit.RemotedTestCase) > 2025-05-09 06:27:17,644 - oe-selftest - INFO - ... FAIL > ... > AssertionError: 1 != 0 : > Couldn't build xcursortransparenttheme. > ... > BrokenPipeError: [Errno 32] Broken pipe > > https://autobuilder.yoctoproject.org/valkyrie/#/builders/35/builds/1518 > https://autobuilder.yoctoproject.org/valkyrie/#/builders/48/builds/1468 > https://autobuilder.yoctoproject.org/valkyrie/#/builders/8/builds/1585 > > Can you have a look at this please? OK, so back to v0 which is ugly but should work. V3 patch is out. Peter > > -- > Mathieu Dubois-Briand, Bootlin > Embedded Linux and Kernel engineering > https://bootlin.com
diff --git a/meta/recipes-support/sqlite/sqlite3.inc b/meta/recipes-support/sqlite/sqlite3.inc index d093ec5859..60e9c4f2c3 100644 --- a/meta/recipes-support/sqlite/sqlite3.inc +++ b/meta/recipes-support/sqlite/sqlite3.inc @@ -14,34 +14,37 @@ def sqlite_download_version(d): SQLITE_PV = "${@sqlite_download_version(d)}" S = "${WORKDIR}/sqlite-autoconf-${SQLITE_PV}" +B = "${WORKDIR}/build" UPSTREAM_CHECK_URI = "http://www.sqlite.org/" UPSTREAM_CHECK_REGEX = "releaselog/(?P<pver>(\d+[\.\-_]*)+)\.html" CVE_PRODUCT = "sqlite" -inherit autotools pkgconfig siteinfo +inherit pkgconfig siteinfo + +# zlib is autodetected and gets to sysroots as transitive dependency, make this deterministic +DEPENDS = "zlib" # enable those which are enabled by default in configure PACKAGECONFIG ?= "fts4 fts5 rtree dyn_ext" PACKAGECONFIG:class-native ?= "fts4 fts5 rtree dyn_ext" -PACKAGECONFIG[editline] = "--enable-editline,--disable-editline,libedit" -PACKAGECONFIG[readline] = "--enable-readline,--disable-readline,readline ncurses" +PACKAGECONFIG[editline] = "--enable-editline --with-readline-header=${includedir}/editline/readline.h,--disable-editline,libedit ncurses" +PACKAGECONFIG[readline] = "--enable-readline --with-readline-header=${includedir}/readline/readline.h,--disable-readline,readline ncurses" PACKAGECONFIG[fts3] = "--enable-fts3,--disable-fts3" PACKAGECONFIG[fts4] = "--enable-fts4,--disable-fts4" PACKAGECONFIG[fts5] = "--enable-fts5,--disable-fts5" PACKAGECONFIG[rtree] = "--enable-rtree,--disable-rtree" PACKAGECONFIG[session] = "--enable-session,--disable-session" -PACKAGECONFIG[dyn_ext] = "--enable-dynamic-extensions,--disable-dynamic-extensions" -PACKAGECONFIG[zlib] = ",,zlib" - -CACHED_CONFIGUREVARS += "${@bb.utils.contains('PACKAGECONFIG', 'zlib', '', 'ac_cv_search_deflate=no',d)}" +PACKAGECONFIG[dyn_ext] = "--enable-load-extension,--disable-load-extension" EXTRA_OECONF = " \ --enable-shared \ --enable-threadsafe \ --disable-static-shell \ + --disable-rpath \ + --soname=${PV} \ " # pread() is in POSIX.1-2001 so any reasonable system must surely support it @@ -65,4 +68,28 @@ FILES:lib${BPN}-staticdev = "${libdir}/lib*.a" AUTO_LIBNAME_PKGS = "${MLPREFIX}lib${BPN}" +do_configure() { + ${S}/configure \ + --build=${BUILD_SYS} \ + --host=${TARGET_SYS} \ + --prefix=${prefix} \ + --bindir=${bindir} \ + --libdir=${libdir} \ + --includedir=${includedir} \ + --mandir=${mandir} \ + ${EXTRA_OECONF} \ + ${PACKAGECONFIG_CONFARGS} +} +do_configure[cleandirs] = "${B}" + +do_install() { + oe_runmake DESTDIR=${D} install + + # binaries are stripped during installation when not cross-compiling, take the unstripped ones instead + if [ "${BUILD_SYS}" = "${TARGET_SYS}" ]; then + install -m 0644 ${B}/sqlite3 ${D}${bindir} + install -m 0644 ${B}/libsqlite3.so ${D}${libdir}/libsqlite3.so.${PV} + fi +} + BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/sqlite/sqlite3/0001-configure-automatically-fail-the-check-for-rpath-on-.patch b/meta/recipes-support/sqlite/sqlite3/0001-configure-automatically-fail-the-check-for-rpath-on-.patch new file mode 100644 index 0000000000..0eaa06d908 --- /dev/null +++ b/meta/recipes-support/sqlite/sqlite3/0001-configure-automatically-fail-the-check-for-rpath-on-.patch @@ -0,0 +1,102 @@ +From f9f6410c31de9f6b377c7d8cd6d56548d3f20551 Mon Sep 17 00:00:00 2001 +From: stephan <stephan@noemail.net> +Date: Thu, 20 Feb 2025 17:15:37 +0000 +Subject: [PATCH] configure: automatically fail the check for rpath on AIX + systems and provide a --disable-rpath flag as a fallback for use on platforms + which pass the configure-time rpath check but then fail at link-time. Based + on discussion in [forum:ae5bd8a84b|forum thread ae5bd8a84b]. + +FossilOrigin-Name: b6603986e621918525312130996c298135ad27af293df9bb9f99e1fc87844379 + +Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/f9f6410c31de9f6b377c7d8cd6d56548d3f20551] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + auto.def | 2 +- + autosetup/proj.tcl | 18 ++++++++++++++---- + autosetup/sqlite-config.tcl | 14 ++++++++++++++ + 3 files changed, 29 insertions(+), 5 deletions(-) + +diff --git a/auto.def b/auto.def +index 9df87f579a..84dfa824c2 100644 +--- a/auto.def ++++ b/auto.def +@@ -11,7 +11,7 @@ use sqlite-config + sqlite-config-bootstrap autoconf + sqlite-check-common-bins + sqlite-check-common-system-deps +-proj-check-rpath ++sqlite-handle-rpath + sqlite-handle-soname + sqlite-setup-default-cflags + sqlite-handle-debug +diff --git a/autosetup/proj.tcl b/autosetup/proj.tcl +index 6a1960f603..6b49dcdae0 100644 +--- a/autosetup/proj.tcl ++++ b/autosetup/proj.tcl +@@ -921,9 +921,20 @@ proc proj-check-emsdk {} { + # + # Achtung: we have seen platforms which report that a given option + # checked here will work but then fails at build-time, and the current +-# order of checks reflects that. ++# order of checks reflects that. Similarly, platforms which are known ++# to report success here but fail to handle this flag at link-time are ++# special-cased here to behave as if the check failed. + proc proj-check-rpath {} { +- set rc 1 ++ switch -glob -- [get-define host] { ++ *-*-aix* { ++ # Skip this check on platform(s) where we know it to pass at ++ # this step but fail at build-time, as a workaround for ++ # https://sqlite.org/forum/forumpost/ae5bd8a84b until we can ++ # find a more reliable approach. ++ define LDFLAGS_RPATH "" ++ return 0 ++ } ++ } + if {[proj-opt-was-provided libdir] + || [proj-opt-was-provided exec-prefix]} { + set lp "[get-define libdir]" +@@ -945,10 +956,9 @@ proc proj-check-rpath {} { + define LDFLAGS_RPATH "-Wl,-R$lp" + } else { + define LDFLAGS_RPATH "" +- set rc 0 + } + } +- return $rc ++ expr {"" ne [get-define LDFLAGS_RPATH]} + } + + ######################################################################## +diff --git a/autosetup/sqlite-config.tcl b/autosetup/sqlite-config.tcl +index 7d9a9ea84b..be2522fb12 100644 +--- a/autosetup/sqlite-config.tcl ++++ b/autosetup/sqlite-config.tcl +@@ -244,6 +244,9 @@ proc sqlite-config-bootstrap {buildMode} { + static-shell=1 => {Link the sqlite3 shell app against the DLL instead of embedding sqlite3.c} + } + {*} { ++ # rpath: https://sqlite.org/forum/forumpost/fa3a6ed858 ++ rpath=1 ++ => {Disable checking for rpath support} + # soname: https://sqlite.org/src/forumpost/5a3b44f510df8ded + soname:=legacy + => {SONAME for libsqlite3.so. "none", or not using this flag, sets no +@@ -644,6 +647,17 @@ proc sqlite-handle-debug {} { + } + } + ++######################################################################## ++# If the --disable-rpath flag is used, this [define]s LDFLAGS_RPATH to ++# an empty string, else it invokes [proj-check-rpath]. ++proc sqlite-handle-rpath {} { ++ proj-if-opt-truthy rpath { ++ proj-check-rpath ++ } { ++ define LDFLAGS_RPATH "" ++ } ++} ++ + ######################################################################## + # "soname" for libsqlite3.so. See discussion at: + # https://sqlite.org/src/forumpost/5a3b44f510df8ded diff --git a/meta/recipes-support/sqlite/sqlite3_3.48.0.bb b/meta/recipes-support/sqlite/sqlite3_3.49.1.bb similarity index 53% rename from meta/recipes-support/sqlite/sqlite3_3.48.0.bb rename to meta/recipes-support/sqlite/sqlite3_3.49.1.bb index bd2ac6614d..c3c0670884 100644 --- a/meta/recipes-support/sqlite/sqlite3_3.48.0.bb +++ b/meta/recipes-support/sqlite/sqlite3_3.49.1.bb @@ -4,5 +4,6 @@ LICENSE = "PD" LIC_FILES_CHKSUM = "file://sqlite3.h;endline=11;md5=786d3dc581eff03f4fd9e4a77ed00c66" SRC_URI = "http://www.sqlite.org/2025/sqlite-autoconf-${SQLITE_PV}.tar.gz" -SRC_URI[sha256sum] = "ac992f7fca3989de7ed1fe99c16363f848794c8c32a158dafd4eb927a2e02fd5" +SRC_URI[sha256sum] = "106642d8ccb36c5f7323b64e4152e9b719f7c0215acf5bfeac3d5e7f97b59254" +SRC_URI += "file://0001-configure-automatically-fail-the-check-for-rpath-on-.patch"