From patchwork Wed Apr 30 02:59:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62142 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 788AEC369DC for ; Wed, 30 Apr 2025 03:00:17 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.8286.1745982015965080456 for ; Tue, 29 Apr 2025 20:00:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=FR2oYaaG; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-224341bbc1dso73118385ad.3 for ; Tue, 29 Apr 2025 20:00:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982015; x=1746586815; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/NboXSzfMy1GcYp6hXejCZvNztLrTwmin7Og8LOuEQw=; b=FR2oYaaGtvsS36A2XRZhaql1yxgBVSqglIyQUTq6oLkwB6sFDkrAWEtqArh2t3iHSe O0Eu9LYyYP7o+sW2D6Ti7wqx1ocEUT8hKojbCi6mz3JkwfvJ69HCKZPN1w6+bvC/7fmr gWNOo7IGMuhg5hYFb2xvrlTPtwVxqFfAKfz9gXTv7EwuJW3+jMxf+FQbzu8zUimnc8mi 1FZXRd0E1jRDSigWS03dJ7a1895oSvEo6C5FmvC8MbWxFjRYOsfbfniGgou6ReRCgl6s AUM5hzJGVfwRcKLTSJ+1WIwXMuIVdQeG2eVps66obJyE60n1IA9MCpq6FN4qIlyKVWvf RHpw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982015; x=1746586815; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/NboXSzfMy1GcYp6hXejCZvNztLrTwmin7Og8LOuEQw=; b=GrMq9um4KjFzFE/gj+GfmvKSuk94iUUwLI8w9t5XYuk7mNyDlh/u9gG3+EKpriEwtj 7XoGU9QKpY1r2dEy6pY9VYOcKSqZ/lwZYS6woPRw8eRXGjhp4r+6z969aoGE9f8cdaz/ 7JJkcO3fbIwLuX59ETI3rWOFWybhogMtzlSHNRA/UgRe0XPApA+QsHqM5eWfyHaBsohP /8pNflP5MJN+5UcD3mnYplAqq3hZOzam/3QZ3GN0l6QZ2iYwd2dIpRUf49Vbflbun5gK hFtCoqH8gAiMnFl9TjLCwYh9uFo0+MkiAit4QHy2gW9wWP+zydwz6zNHeLfcL5YcFSvc ztLg== X-Gm-Message-State: AOJu0YweoBHZuM8UxSd+VB5PopREGwOjYDhJo7k8mBFe/e/8GebjovUS JC72W7DIf1k4ioM9Mnn4u5eeQ/e6ZRZJU9oH0am3ev0MvOXZt5Vn7Vn2eXsXBizVIiZlcLbKFiR I X-Gm-Gg: ASbGncs8Zs4eEdZq9BM2v+UQIvGR31EzUw76/+vMfGiUwr9NbbirflrAl+YmmmQvbsF 4n8MPafUdvhU2GFkZflYe5WpNC1joKuQztNnNsG9orfWamZPy3pAAyjD6zC1c/ii6kmTEiBNT5+ 6vckfxYBIckoLSNfBwNyPsQ5cpoW59zW8tWAMSSo21w2PumLcrhXCHabm0Qyuritcd4eBk7ggop Zr+0rt9TELGss8F9/X39XkKx6L0WN8YkSsD5Xl18LHr6I5W/Hg0z8jkb2f+tNBCzQZO1oUkCt4W bhD0gy8opgJMADe+nWkQfCvWyAklBg4= X-Google-Smtp-Source: AGHT+IEftvjWKMRyMzChTY6GI/8mVQP3XCcaI2XQym9+aun8KYOMLJOJgTrXy6NGnd99rFeMTfKQKQ== X-Received: by 2002:a17:902:e785:b0:220:c63b:d93c with SMTP id d9443c01a7336-22df35bb0fcmr27405975ad.44.1745982015094; Tue, 29 Apr 2025 20:00:15 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:14 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/15] libpam: Update fix for CVE-2024-10041 Date: Tue, 29 Apr 2025 19:59:49 -0700 Message-ID: <78a04ce17e7d828c0cf8cae2164882683d46275e.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215707 From: Shubham Kulkarni Initially, PAM community fixed CVE-2024-10041 in the version v1.6.0 via commit b3020da. But not all cases were covered with this fix and issues were reported after the release. In the v1.6.1 release, PAM community fixed these issues via commit b7b9636. Backport this commit b7b9636, which Fixes: b3020da ("pam_unix/passverify: always run the helper to obtain shadow password file entries") Backport from https://github.com/linux-pam/linux-pam/commit/b7b96362087414e52524d3d9d9b3faa21e1db620 Signed-off-by: Shubham Kulkarni Signed-off-by: Steve Sakoman --- ...024-10041.patch => CVE-2024-10041-1.patch} | 0 .../pam/libpam/CVE-2024-10041-2.patch | 77 +++++++++++++++++++ meta/recipes-extended/pam/libpam_1.5.3.bb | 3 +- 3 files changed, 79 insertions(+), 1 deletion(-) rename meta/recipes-extended/pam/libpam/{CVE-2024-10041.patch => CVE-2024-10041-1.patch} (100%) create mode 100644 meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch diff --git a/meta/recipes-extended/pam/libpam/CVE-2024-10041.patch b/meta/recipes-extended/pam/libpam/CVE-2024-10041-1.patch similarity index 100% rename from meta/recipes-extended/pam/libpam/CVE-2024-10041.patch rename to meta/recipes-extended/pam/libpam/CVE-2024-10041-1.patch diff --git a/meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch b/meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch new file mode 100644 index 0000000000..6070a26266 --- /dev/null +++ b/meta/recipes-extended/pam/libpam/CVE-2024-10041-2.patch @@ -0,0 +1,77 @@ +From b7b96362087414e52524d3d9d9b3faa21e1db620 Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Wed, 24 Jan 2024 18:57:42 +0100 +Subject: [PATCH] pam_unix: try to set uid to 0 for unix_chkpwd + +The geteuid check does not cover all cases. If a program runs with +elevated capabilities like CAP_SETUID then we can still check +credentials of other users. + +Keep logging for future analysis though. + +Resolves: https://github.com/linux-pam/linux-pam/issues/747 +Fixes: b3020da7da38 ("pam_unix/passverify: always run the helper to obtain shadow password file entries") + +Signed-off-by: Tobias Stoeckmann + +Upstream-Status: Backport [https://github.com/linux-pam/linux-pam/commit/b7b96362087414e52524d3d9d9b3faa21e1db620] +CVE: CVE-2024-10041 +Signed-off-by: Shubham Kulkarni +--- + modules/pam_unix/pam_unix_acct.c | 17 +++++++++-------- + modules/pam_unix/support.c | 14 +++++++------- + 2 files changed, 16 insertions(+), 15 deletions(-) + +diff --git a/modules/pam_unix/pam_unix_acct.c b/modules/pam_unix/pam_unix_acct.c +index 8f5ed3e0df..7ffcb9e3f2 100644 +--- a/modules/pam_unix/pam_unix_acct.c ++++ b/modules/pam_unix/pam_unix_acct.c +@@ -110,14 +110,15 @@ int _unix_run_verify_binary(pam_handle_t *pamh, unsigned long long ctrl, + _exit(PAM_AUTHINFO_UNAVAIL); + } + +- if (geteuid() == 0) { +- /* must set the real uid to 0 so the helper will not error +- out if pam is called from setuid binary (su, sudo...) */ +- if (setuid(0) == -1) { +- pam_syslog(pamh, LOG_ERR, "setuid failed: %m"); +- printf("-1\n"); +- fflush(stdout); +- _exit(PAM_AUTHINFO_UNAVAIL); ++ /* must set the real uid to 0 so the helper will not error ++ out if pam is called from setuid binary (su, sudo...) */ ++ if (setuid(0) == -1) { ++ uid_t euid = geteuid(); ++ pam_syslog(pamh, euid == 0 ? LOG_ERR : LOG_DEBUG, "setuid failed: %m"); ++ if (euid == 0) { ++ printf("-1\n"); ++ fflush(stdout); ++ _exit(PAM_AUTHINFO_UNAVAIL); + } + } + +diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c +index d391973f95..69811048e6 100644 +--- a/modules/pam_unix/support.c ++++ b/modules/pam_unix/support.c +@@ -562,13 +562,13 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, + _exit(PAM_AUTHINFO_UNAVAIL); + } + +- if (geteuid() == 0) { +- /* must set the real uid to 0 so the helper will not error +- out if pam is called from setuid binary (su, sudo...) */ +- if (setuid(0) == -1) { +- D(("setuid failed")); +- _exit(PAM_AUTHINFO_UNAVAIL); +- } ++ /* must set the real uid to 0 so the helper will not error ++ out if pam is called from setuid binary (su, sudo...) */ ++ if (setuid(0) == -1) { ++ D(("setuid failed")); ++ if (geteuid() == 0) { ++ _exit(PAM_AUTHINFO_UNAVAIL); ++ } + } + + /* exec binary helper */ diff --git a/meta/recipes-extended/pam/libpam_1.5.3.bb b/meta/recipes-extended/pam/libpam_1.5.3.bb index 55b4dd7ee1..714cdb6552 100644 --- a/meta/recipes-extended/pam/libpam_1.5.3.bb +++ b/meta/recipes-extended/pam/libpam_1.5.3.bb @@ -27,7 +27,8 @@ SRC_URI = "${GITHUB_BASE_URI}/download/v${PV}/Linux-PAM-${PV}.tar.xz \ file://0001-pam_namespace-include-stdint-h.patch \ file://0001-pam_pwhistory-fix-passing-NULL-filename-argument-to-.patch \ file://CVE-2024-22365.patch \ - file://CVE-2024-10041.patch \ + file://CVE-2024-10041-1.patch \ + file://CVE-2024-10041-2.patch \ " SRC_URI[sha256sum] = "7ac4b50feee004a9fa88f1dfd2d2fa738a82896763050cd773b3c54b0a818283" From patchwork Wed Apr 30 02:59:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62145 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 612F4C369DC for ; Wed, 30 Apr 2025 03:00:27 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web10.8385.1745982017776801529 for ; Tue, 29 Apr 2025 20:00:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=TlDAbmCu; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-227d6b530d8so75007975ad.3 for ; Tue, 29 Apr 2025 20:00:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982017; x=1746586817; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yeupJoeCIuJlbxsUY9cNjOu6ai2LP/Se9UchHTx0yLE=; b=TlDAbmCuOnsT6pqzfuRLwenJwLjO8vyTj0bVJTvc6yoNAlckD/c/nyWBTC+Yjbd1ag 1Wpq9BVU/siBI4JXiHeUicwrv8r17BHwK29ILnBTOVZQdOc7zTK1A8LCLKeJ+yMAYklj PLDXQS9OAL7Ef5d6ias8wdjHNqZeOHR9zf5VHBA4PErm9ed2DljMexk6uarClDkJYQ/i 3N66HDlrry3UNKCXKkc/1dFzZ+EbIVkvxG0iTpdCLR99EWvaKYvYu9T0e0xEzJpCkPp4 xzLkuZa1Vg88eT+zQt4ffv2aUCSrCFnPtBK4ptecPVf+cIjGf8UEhQpvrxInGb4KMp2V 973Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982017; x=1746586817; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yeupJoeCIuJlbxsUY9cNjOu6ai2LP/Se9UchHTx0yLE=; b=XLb7fGiy5GIZuU1+R3/bWeLHJTSymeVAkxq0VQ0++NzcVMRT+4UoBarWJsixEGM0Z7 DjOrtOffyqqGpVZmPxUQCgzNYoJVS1r6Qyn1oL/DKj4+j9zVSIWyZfwZWZb574azBDgc xiAc+PHj1Q20shKTMpXSM9ApCyAQzfTKMzZjyIQSOPtGcHQxTI1+ur/jLduVbX2FcXpV 58BIUwXLxKGuR/tr0ub3Q1zvjbSSXychi04EprwUqsON+eowHFA81XUqlyK2mgWLsat7 +Hg/n2IOkFzCTNS2h76N56WigMjBSgEC7VGH3MUqvOdTe8onMLYAG6i720L3sPY8kZEd g/EA== X-Gm-Message-State: AOJu0Yy6kN30nBD33n1/7o0uw8Sq+B3vnzAdLfr/lD1mzn+7yeLtWXF8 voSA62gf+xb3dA2E6qSY6C0G/o0AndGQ46fKWI+za9FLF5iZHPrUu7OfSVlDXshakvIuZai1sUa 0 X-Gm-Gg: ASbGncuY88ZuO2YGsFovQNILEZ+8pdm29yzIcJ2VUWkkhb9xkzJJtJBaIk21zhP/WVi fCj9UfgwZXohGr17fr0+34x7SjeTGr87r5Mu5clmBrdzS+XHo39LQ3w/WJb1WgFYgPz2QJcKG5U XqEii83trNAKlADlq3xBnd4ULY0WN5tSpmB9EBD/BGdgJi9+G5/OpFYIJSunqr8sb+6emotjMs1 CcEre9f8bNuwQiM8E3uX89t1flM/jNrpNn1Kly+PU5aPy2Pd2uEMl5ZmYEUynrv7oElLXucWN1x LZ5tNPn0jIBsau/wxbksDBUVD0DuS24dunGd+NjHqg== X-Google-Smtp-Source: AGHT+IFyXLnEFGOV/h7Vn1jbpgz/WvLvklLol1MdI0iQw4WHTEyZX60TBI6eKYuVEDw+UuObvedX4w== X-Received: by 2002:a17:903:2ec6:b0:22c:35c5:e30d with SMTP id d9443c01a7336-22df34dd0b9mr21951535ad.13.1745982016913; Tue, 29 Apr 2025 20:00:16 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:16 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/15] ppp: patch CVE-2024-58250 Date: Tue, 29 Apr 2025 19:59:50 -0700 Message-ID: <5350ef531ded14f0b4c32c211aaf993354be1ec9.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215708 From: Peter Marko Backport patch to remove vulnerable component. This is a breaking change, but there will be no other fix for this CVE as upstream did the deletion without providing a fix first. If someone really needs this feature, which the commit message describes as deprecated, bbappend with patch removal is possible. License-Update: passprompt plugin removed Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../ppp/ppp/CVE-2024-58250.patch | 194 ++++++++++++++++++ meta/recipes-connectivity/ppp/ppp_2.5.0.bb | 2 +- 2 files changed, 195 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/ppp/ppp/CVE-2024-58250.patch diff --git a/meta/recipes-connectivity/ppp/ppp/CVE-2024-58250.patch b/meta/recipes-connectivity/ppp/ppp/CVE-2024-58250.patch new file mode 100644 index 0000000000..55d36c5baa --- /dev/null +++ b/meta/recipes-connectivity/ppp/ppp/CVE-2024-58250.patch @@ -0,0 +1,194 @@ +From 0a66ad22e54c72690ec2a29a019767c55c5281fc Mon Sep 17 00:00:00 2001 +From: Paul Mackerras +Date: Fri, 18 Oct 2024 20:22:57 +1100 +Subject: [PATCH] pppd: Remove passprompt plugin + +This is prompted by a number of factors: + +* It was more useful back in the dial-up days, but no-one uses dial-up + any more + +* In many cases there will be no terminal accessible to the prompter + program at the point where the prompter is run + +* The passwordfd plugin does much the same thing but does it more + cleanly and securely + +* The handling of privileges and file descriptors needs to be audited + thoroughly. + +Signed-off-by: Paul Mackerras + +CVE: CVE-2024-58250 +Upstream-Status: Backport [https://github.com/ppp-project/ppp/commit/0a66ad22e54c72690ec2a29a019767c55c5281fc] +Signed-off-by: Peter Marko +--- + pppd/plugins/Makefile.am | 6 +- + pppd/plugins/passprompt.c | 137 -------------------------------------- + 2 files changed, 1 insertion(+), 142 deletions(-) + delete mode 100644 pppd/plugins/passprompt.c + +diff --git a/pppd/plugins/Makefile.am b/pppd/plugins/Makefile.am +index 2826148..9480d51 100644 +--- a/pppd/plugins/Makefile.am ++++ b/pppd/plugins/Makefile.am +@@ -1,4 +1,4 @@ +-pppd_plugin_LTLIBRARIES = minconn.la passprompt.la passwordfd.la winbind.la ++pppd_plugin_LTLIBRARIES = minconn.la passwordfd.la winbind.la + pppd_plugindir = $(PPPD_PLUGIN_DIR) + + PLUGIN_CPPFLAGS = -I${top_srcdir} +@@ -8,10 +8,6 @@ minconn_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) + minconn_la_LDFLAGS = $(PLUGIN_LDFLAGS) + minconn_la_SOURCES = minconn.c + +-passprompt_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) +-passprompt_la_LDFLAGS = $(PLUGIN_LDFLAGS) +-passprompt_la_SOURCES = passprompt.c +- + passwordfd_la_CPPFLAGS = $(PLUGIN_CPPFLAGS) + passwordfd_la_LDFLAGS = $(PLUGIN_LDFLAGS) + passwordfd_la_SOURCES = passwordfd.c +diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c +deleted file mode 100644 +index 7779d51..0000000 +--- a/pppd/plugins/passprompt.c ++++ /dev/null +@@ -1,137 +0,0 @@ +-/* +- * passprompt.c - pppd plugin to invoke an external PAP password prompter +- * +- * Copyright 1999 Paul Mackerras, Alan Curry. +- * +- * This program is free software; you can redistribute it and/or +- * modify it under the terms of the GNU General Public License +- * as published by the Free Software Foundation; either version +- * 2 of the License, or (at your option) any later version. +- */ +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include +-#include +-#include +-#include +- +-char pppd_version[] = PPPD_VERSION; +- +-static char promptprog[PATH_MAX+1]; +-static int promptprog_refused = 0; +- +-static struct option options[] = { +- { "promptprog", o_string, promptprog, +- "External PAP password prompting program", +- OPT_STATIC, NULL, PATH_MAX }, +- { NULL } +-}; +- +-static int promptpass(char *user, char *passwd) +-{ +- int p[2]; +- pid_t kid; +- int readgood, wstat, ret; +- ssize_t red; +- +- if (promptprog_refused || promptprog[0] == 0 || access(promptprog, X_OK) < 0) +- return -1; /* sorry, can't help */ +- +- if (!passwd) +- return 1; +- +- if (pipe(p)) { +- warn("Can't make a pipe for %s", promptprog); +- return 0; +- } +- if ((kid = fork()) == (pid_t) -1) { +- warn("Can't fork to run %s", promptprog); +- close(p[0]); +- close(p[1]); +- return 0; +- } +- if (!kid) { +- /* we are the child, exec the program */ +- char *argv[5], fdstr[32]; +- ppp_sys_close(); +- closelog(); +- close(p[0]); +- ret = seteuid(getuid()); +- if (ret != 0) { +- warn("Couldn't set effective user id"); +- } +- ret = setegid(getgid()); +- if (ret != 0) { +- warn("Couldn't set effective user id"); +- } +- sprintf(fdstr, "%d", p[1]); +- argv[0] = promptprog; +- argv[1] = strdup(user); +- argv[2] = strdup(ppp_remote_name()); +- argv[3] = fdstr; +- argv[4] = 0; +- execv(*argv, argv); +- _exit(127); +- } +- +- /* we are the parent, read the password from the pipe */ +- close(p[1]); +- readgood = 0; +- do { +- red = read(p[0], passwd + readgood, MAXSECRETLEN-1 - readgood); +- if (red == 0) +- break; +- if (red < 0) { +- if (errno == EINTR && !ppp_signaled(SIGTERM)) +- continue; +- error("Can't read secret from %s: %m", promptprog); +- readgood = -1; +- break; +- } +- readgood += red; +- } while (readgood < MAXSECRETLEN - 1); +- close(p[0]); +- +- /* now wait for child to exit */ +- while (waitpid(kid, &wstat, 0) < 0) { +- if (errno != EINTR || ppp_signaled(SIGTERM)) { +- warn("error waiting for %s: %m", promptprog); +- break; +- } +- } +- +- if (readgood < 0) +- return 0; +- passwd[readgood] = 0; +- if (!WIFEXITED(wstat)) +- warn("%s terminated abnormally", promptprog); +- if (WEXITSTATUS(wstat)) { +- warn("%s exited with code %d", promptprog, WEXITSTATUS(wstat)); +- /* code when cancel was hit in the prompt prog */ +- if (WEXITSTATUS(wstat) == 128) { +- promptprog_refused = 1; +- } +- return -1; +- } +- return 1; +-} +- +-void plugin_init(void) +-{ +- ppp_add_options(options); +- pap_passwd_hook = promptpass; +-#ifdef PPP_WITH_EAPTLS +- eaptls_passwd_hook = promptpass; +-#endif +-} diff --git a/meta/recipes-connectivity/ppp/ppp_2.5.0.bb b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb index badf22db97..b50795109f 100644 --- a/meta/recipes-connectivity/ppp/ppp_2.5.0.bb +++ b/meta/recipes-connectivity/ppp/ppp_2.5.0.bb @@ -7,7 +7,6 @@ BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs" DEPENDS = "libpcap openssl virtual/crypt" LICENSE = "BSD-3-Clause & BSD-3-Clause-Attribution & GPL-2.0-or-later & LGPL-2.0-or-later & PD & RSA-MD" LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \ - file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \ file://pppd/tdb.c;beginline=1;endline=27;md5=4ca3a9991b011038d085d6675ae7c4e6 \ file://chat/chat.c;beginline=1;endline=15;md5=0d374b8545ee5c62d7aff1acbd38add2" @@ -24,6 +23,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \ file://provider \ file://ppp@.service \ file://0001-Revert-lock-path-to-var-lock-435.patch \ + file://CVE-2024-58250.patch \ " SRC_URI[sha256sum] = "5cae0e8075f8a1755f16ca290eb44e6b3545d3f292af4da65ecffe897de636ff" From patchwork Wed Apr 30 02:59:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62150 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76213C3ABAF for ; Wed, 30 Apr 2025 03:00:27 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.8386.1745982019224670167 for ; Tue, 29 Apr 2025 20:00:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=vM9SjPTI; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-2255003f4c6so75634185ad.0 for ; Tue, 29 Apr 2025 20:00:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982018; x=1746586818; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hMFxKUxcQhJj3uz+zv0lEKjo6e18FnU4xtxq+HdqfV4=; b=vM9SjPTISY82S4xFUfdFCBpT0aUU6YFKZuSrvy9gwNoE9BP8kSYMwmDgY7gBUiz65e s51BheppiTGHehxx/F2b/UIiMlxrtC4ZF8JH16Em1ady4Mkto1DRjDf5pt1I2cBU9n1v KMTwZyWuGbRd1tKG3boHezvk7YAs2ks3yIMiv38iORpzeCA5POJdeokvA1jYpp2QCLWq onPENcuMySF5GpfdgN3cDI6KTxPDFBmLoeBU/a7OU3bQy0iu9GRowR1ABjrtMSpKS/91 Qk78KcLgaNXpfJb9VgR2Ow/a4TRp4/wmIoWATm7xIRFFdj+aBWZNBSoPT6Hp8IzurKyw rS1w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982018; x=1746586818; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hMFxKUxcQhJj3uz+zv0lEKjo6e18FnU4xtxq+HdqfV4=; b=SF57JQFDcD7CPhodrEuUbj8m0sayoIbnAF4KwviRVd+spW6CRMz/a25uEUgyG8rAwy cwSwX8NUrZcxqIKF0X55k2NCnNMQkox4F/u6EAEfs4fvSzw2WR/qYU/w1sAo8FFxKg1R jq6CX7TS22YPRTIAeQtzLskSLD+AB0BXoXGWF3IWhxV6Ikz8IKLd0qAAynVaOPHiVQ3m 6YY0R6jdjv7D4CP9Sj5RjmWjZgPSMGFZvUEUPe667Yi1pCQO9onBDEfObr6vvjbIxQIl fWj4ui4GKO8+qyLviGtQPdazM2iL4pd5SvK8h2Bmw1QUA5AUQgnq7KvKlj2QxNKI3G6+ twDg== X-Gm-Message-State: AOJu0YyQlFMh+U5Kx+u9RyeGhFDOKCjh1dXVmuFGfQkFKQqeexmha/il o9BCuTzp/S/sXPczySrw0Sa54hjCEduSH0ifUymxWjANIGHsA75yTWVtlQ9ZQTUxCKMvapveiVE q X-Gm-Gg: ASbGncsZLywltK78KiwRhJG56RCI/FAWH1PPJ+EWg3yJUeFlnNd8shDhwsGlchXq4Tv VPAanMSWFf+FIzKcbQLr8nQtbqIGmr+aXtpUp3EfE/v+30YSN/B5b8/+xbFo6ncoas50uY1AHES 3d17Ac0TknEtq0mQ6YC2X4N6SZIIioxjw8Urqo86og2PFe032gK9g1icuznM/uSjRkuZFTwT6Oz 9RvsMCqdBk41lZM+LWTzUBlT4GpNK5/MN3IouIP9pbJqd8kpEjG2a920U6ZcCZRxk8767bW9fkr iJo8jUZngxYz+InPcCUroSF1hN+YA00= X-Google-Smtp-Source: AGHT+IF68rVK6BCmZKUJn17f3yoBNuax8G0UN2k9JJepRBpxiCowO+5SOf8RYndGh0vGj+u4RagoCg== X-Received: by 2002:a17:903:947:b0:223:66bb:8995 with SMTP id d9443c01a7336-22df34ddb5dmr23093595ad.20.1745982018439; Tue, 29 Apr 2025 20:00:18 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:18 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/15] libxml2: patch CVE-2025-32414 Date: Tue, 29 Apr 2025 19:59:51 -0700 Message-ID: <187052ce4ddd43b46b8335cc955a63ca19ee6994.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215709 From: Peter Marko Pick commit which has been backported to 2.12 release branch. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2025-32414.patch | 74 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.12.10.bb | 1 + 2 files changed, 75 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-32414.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-32414.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-32414.patch new file mode 100644 index 0000000000..97bf75f059 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-32414.patch @@ -0,0 +1,74 @@ +From d7657811964eac1cb9743bb98649278ad948f0d2 Mon Sep 17 00:00:00 2001 +From: Maks Verver +Date: Tue, 8 Apr 2025 13:13:55 +0200 +Subject: [PATCH] [CVE-2025-32414] python: Read at most len/4 characters. + +Fixes #889 by reserving space in the buffer for UTF-8 encoding of text. + +CVE: CVE-2025-32414 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/d7657811964eac1cb9743bb98649278ad948f0d2] +Signed-off-by: Peter Marko +--- + python/libxml.c | 28 ++++++++++++++++++---------- + 1 file changed, 18 insertions(+), 10 deletions(-) + +diff --git a/python/libxml.c b/python/libxml.c +index 1fe8d685..2bf14078 100644 +--- a/python/libxml.c ++++ b/python/libxml.c +@@ -248,7 +248,9 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) { + + file = (PyObject *) context; + if (file == NULL) return(-1); +- ret = PyObject_CallMethod(file, (char *) "read", (char *) "(i)", len); ++ /* When read() returns a string, the length is in characters not bytes, so ++ request at most len / 4 characters to leave space for UTF-8 encoding. */ ++ ret = PyObject_CallMethod(file, (char *) "read", (char *) "(i)", len / 4); + if (ret == NULL) { + printf("xmlPythonFileReadRaw: result is NULL\n"); + return(-1); +@@ -283,10 +285,12 @@ xmlPythonFileReadRaw (void * context, char * buffer, int len) { + Py_DECREF(ret); + return(-1); + } +- if (lenread > len) +- memcpy(buffer, data, len); +- else +- memcpy(buffer, data, lenread); ++ if (lenread < 0 || lenread > len) { ++ printf("xmlPythonFileReadRaw: invalid lenread\n"); ++ Py_DECREF(ret); ++ return(-1); ++ } ++ memcpy(buffer, data, lenread); + Py_DECREF(ret); + return(lenread); + } +@@ -310,7 +314,9 @@ xmlPythonFileRead (void * context, char * buffer, int len) { + + file = (PyObject *) context; + if (file == NULL) return(-1); +- ret = PyObject_CallMethod(file, (char *) "io_read", (char *) "(i)", len); ++ /* When io_read() returns a string, the length is in characters not bytes, so ++ request at most len / 4 characters to leave space for UTF-8 encoding. */ ++ ret = PyObject_CallMethod(file, (char *) "io_read", (char *) "(i)", len / 4); + if (ret == NULL) { + printf("xmlPythonFileRead: result is NULL\n"); + return(-1); +@@ -345,10 +351,12 @@ xmlPythonFileRead (void * context, char * buffer, int len) { + Py_DECREF(ret); + return(-1); + } +- if (lenread > len) +- memcpy(buffer, data, len); +- else +- memcpy(buffer, data, lenread); ++ if (lenread < 0 || lenread > len) { ++ printf("xmlPythonFileRead: invalid lenread\n"); ++ Py_DECREF(ret); ++ return(-1); ++ } ++ memcpy(buffer, data, lenread); + Py_DECREF(ret); + return(lenread); + } diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb index c4f76c281d..42672e35bd 100644 --- a/meta/recipes-core/libxml/libxml2_2.12.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb @@ -18,6 +18,7 @@ inherit gnomebase SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testtar \ file://run-ptest \ file://install-tests.patch \ + file://CVE-2025-32414.patch \ " SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995" From patchwork Wed Apr 30 02:59:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62146 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76065C3ABAD for ; Wed, 30 Apr 2025 03:00:27 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web10.8387.1745982020717708014 for ; Tue, 29 Apr 2025 20:00:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=oggoOm2X; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-225df540edcso5361315ad.0 for ; Tue, 29 Apr 2025 20:00:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982020; x=1746586820; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UST1Mi40G/ZR+YlagOrkkhzk8x+c2G+x5uHDSWseps4=; b=oggoOm2XgRS3oxXpe0D/QgSDvhfbAPp+UZCGU2nHh7Ilb+SH8bSCzcWWdOh4GRZUZb 40mcasNWmnRhXIYKDi0OM4P9RpBfk2qb45y0o4eGKxdS6dbnWZOR8zjXxK4odZ7dsVx3 TULwY6mAXNl39ZC7Fg1LyghQEWFwAh1zUYobtS065hQWXp+zStAAnnAQohjrEqK8KXlA 4z9gVXF+O85CJ4J5UkqF/cqtYRHjruWO8ox8LWveVbOV9z5Zn9hZpk7gd62VuqZoBSau doD/OmQjkemrHb3738cwsPjOGi4TQMJQ/8WLSO3traD66rcmkbe1wNh3SWEFk4b4HMlm 5obQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982020; x=1746586820; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UST1Mi40G/ZR+YlagOrkkhzk8x+c2G+x5uHDSWseps4=; b=cpYx4wPxeD4ObsdfG42K/kJtcr+MQq5YNHD6pkDC6n0J0hk+e72fefGR2HsL67VLmN owgUNQ5NBzaZWuVGj0J2gKMeKvn/JFjpd1yXociF0Cf5Povm0wH11w94iT9ZJHRlZjFT WzoSZz6Qi6bLgyiZxDozRkSrJkXCUGsSk8g1opctKVtCfAnJwpL9Mu4FfEWQ3n8AvaRh pEWaKzHlndxrcjdzITrBDkaKxkUvpTTbWoaMezhI6ZZoOkPXiGczAAFgI2pNJkv001E8 sjAnH4UBa4lcidFlIAoOh1qwySmo2FqFjdsaO6Fx8fQdtkH1A5AKzcZ0A2617NnGFrX8 1KKw== X-Gm-Message-State: AOJu0Ywb4BzAxKc7w/NTNYTrjML9LTNQr/N6ObkvP3/+m5Qs4TozWFTP c9nRF2jKr0SIK9cd8R/A8WbxBUCbYr31B2vWtAazN0m5J/BUJpI2e6NLFP+oPGvCGQ37phw3Dcj M X-Gm-Gg: ASbGncvjqBWL7TvEhRwlgLYvhndgck9kgGAYBQPX0rkvXWnreqsvbIJBDhPKebCchOO TvRdC+6aBJLNWZICOdOGQd5DXZQMu2jWORQzWQ5wkF5FQjUrg5qH0P0pIg13uNpWNTworMTYtLa tIQiAgsRKYEFOkvkFals5B5I++z77uar1vylMMwVPKWskPvQpGSAhwwVboLfsAwfct1K1CYL2g4 ulr1EcoScSeHzPp6qm4ojBqITGyk+EDzYtPOjSbGUN6zs+OvSt2HAKx4h7Tx0TRi5bvQjpu3oAp LhKfrPWJTEHH+vK6UBFbU7i+lJZnqHY= X-Google-Smtp-Source: AGHT+IELobHQLNJOHMN/7pQEUZNDpb7ki99UxGAcM9TB39Y5V7na3bhO1Q/GilYdVe9gleevTeYilA== X-Received: by 2002:a17:903:1a05:b0:225:abd2:5e5a with SMTP id d9443c01a7336-22df474794fmr17115415ad.4.1745982019868; Tue, 29 Apr 2025 20:00:19 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/15] libxml2: patch CVE-2025-32415 Date: Tue, 29 Apr 2025 19:59:52 -0700 Message-ID: <2335d4f0d1826647eaee224c469331980fc84ed2.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215710 From: Peter Marko Pick commit from 2.13 branch as 2.12 branch is unmaintained now. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../libxml/libxml2/CVE-2025-32415.patch | 39 +++++++++++++++++++ meta/recipes-core/libxml/libxml2_2.12.10.bb | 1 + 2 files changed, 40 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch diff --git a/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch new file mode 100644 index 0000000000..d8ff654a23 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2025-32415.patch @@ -0,0 +1,39 @@ +From 384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Sun, 6 Apr 2025 12:41:11 +0200 +Subject: [PATCH] [CVE-2025-32415] schemas: Fix heap buffer overflow in + xmlSchemaIDCFillNodeTables + +Don't use local variable which could contain a stale value. + +Fixes #890. + +CVE: CVE-2025-32415 +Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/384cc7c182fc00c6d5e2ab4b5e3671b2e3f93c84] +Signed-off-by: Peter Marko +--- + xmlschemas.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/xmlschemas.c b/xmlschemas.c +index 28b14bd4..428e3c82 100644 +--- a/xmlschemas.c ++++ b/xmlschemas.c +@@ -23324,7 +23324,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt, + j++; + } while (j < nbDupls); + } +- if (nbNodeTable) { ++ if (bind->nbNodes) { + j = 0; + do { + if (nbFields == 1) { +@@ -23375,7 +23375,7 @@ xmlSchemaIDCFillNodeTables(xmlSchemaValidCtxtPtr vctxt, + + next_node_table_entry: + j++; +- } while (j < nbNodeTable); ++ } while (j < bind->nbNodes); + } + /* + * If everything is fine, then add the IDC target-node to diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb index 42672e35bd..2eea65732b 100644 --- a/meta/recipes-core/libxml/libxml2_2.12.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb @@ -19,6 +19,7 @@ SRC_URI += "http://www.w3.org/XML/Test/xmlts20130923.tar;subdir=${BP};name=testt file://run-ptest \ file://install-tests.patch \ file://CVE-2025-32414.patch \ + file://CVE-2025-32415.patch \ " SRC_URI[archive.sha256sum] = "c3d8c0c34aa39098f66576fe51969db12a5100b956233dc56506f7a8679be995" From patchwork Wed Apr 30 02:59:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62149 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67E3CC3ABAA for ; Wed, 30 Apr 2025 03:00:27 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web10.8388.1745982022502011960 for ; Tue, 29 Apr 2025 20:00:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=G7dGwLp6; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-2241053582dso101634425ad.1 for ; Tue, 29 Apr 2025 20:00:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982022; x=1746586822; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=P7pV6s+bqgmeK0frhz5UuanzC5Y19wb8hTbz1Zmutt0=; b=G7dGwLp6P8QtN4SqV2p7Qn2iln8/bNBsyqvb9XtwxmIw+sHyllJs8C7rcsAMrpTjhB 3QNXMtNAvfui7S6+Dfibz+vcIPLTNpQ4uoHXntc/TqSl3sKfGkdGzQ4n6M2s7CEAYYH+ pMIKCrAqTFUF52QBEPO7DWflSXTpti8GBKg4knjG5n30TI/FJoIqbO1ju1rQH6vhnA01 3lgrv38m5f/vqBVqIiptrLKTdmNbcARmixuLAmZARGtfe1q4z9A0OYjZ49CF8Dm/I+SB 6CLuG0AagCCLHoSx6CN0igWHxLjd3zCYyWCGg3OSPFvvBae72p8Nwp9TI83F7KVFuo6F 4Q8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982022; x=1746586822; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=P7pV6s+bqgmeK0frhz5UuanzC5Y19wb8hTbz1Zmutt0=; b=OM3nilMgaLWccV5/RZ/IMFBAnHERxnKkBYU797s7PZROMbix5G/U1wLo0n/bThhvbK taM/ISFVra2XDIzJVKtxnIPTxoXOwHLaDpjKoI/saWvvKvTFOInxfwhYxwLT4RV7Dp8d WuF8w8exPUN6d9msxW1bfspsLcSLiazmERkALg9lpBuuT5URRRhiDfwYYVCBFQbt+A8z obsdIh00C6zbo7n7YNHIJ7TQwK6gOAIk+TvNEGa5GXN6RFmnwHe8wTSJRpEfBTAYjmv8 dht8BIRldaPF6ryGEIk8ljsjXQK7I4IdR4UQ9iN3Py8BeL1wUGKjA8zU9nDL4qT3A8IL K9Kw== X-Gm-Message-State: AOJu0YzLVvFKlBZc1T9oqWOZ/v7UHEjSIDlJSJX20ajwSsxK5cT0vRHz KNTmXjxOecv1XMCkRTW0UGrOH1NvO7QKDAjF55zPYhB+9jL15UHU8RKNhPGkn9jC+xYTo9XHYMP A X-Gm-Gg: ASbGncuz+MtMfJdeggB536ngPGBLq87Ib/cpY/yJybGeSq3jYcsBNzkuoZtZPhLblMg utWNCY/SR/vqg85xSKvZVYS0Ql6Or6SkDWr6+FoZq6FnaQY6K23WVhhHs+B2e5wA6530YDYCjTq elABFJgJS5pbvn+CxYeCdz1hqCzyS6BI+4hNKA8HqQxCvTKgeFG6cE3V+3cLAus/bVck/rergYU ZzTzxi/OppRH0fRXAsBZU3WbWeTJ8lyGtvnhOuBkMKKII80Ufy5HVSVf8+8LvpInHmFYj1TTK1V ftszqtdCg+POtTw2sG9W2M9EtdEo7F4= X-Google-Smtp-Source: AGHT+IGNEzutf0KcsbCGCW2S2nFj72M2EkZ9mZlmr0XAdioYLdv6FEv7/6KEzrjn6drIue0IRMBKEg== X-Received: by 2002:a17:902:f689:b0:21f:564:80a4 with SMTP id d9443c01a7336-22df5821f58mr13304565ad.33.1745982021602; Tue, 29 Apr 2025 20:00:21 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:21 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/15] glib-2.0: patch CVE-2025-3360 Date: Tue, 29 Apr 2025 19:59:53 -0700 Message-ID: <2047764e0126ee6273d9c340235ddc2e3cdfea2f.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215711 From: Peter Marko Backport commits from [1] fixing [2] for 2.82.x. [1] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4499 [2] https://gitlab.gnome.org/GNOME/glib/-/issues/3647 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- .../glib-2.0/glib-2.0/CVE-2025-3360-01.patch | 57 ++++++++++++++ .../glib-2.0/glib-2.0/CVE-2025-3360-02.patch | 53 +++++++++++++ .../glib-2.0/glib-2.0/CVE-2025-3360-03.patch | 36 +++++++++ .../glib-2.0/glib-2.0/CVE-2025-3360-04.patch | 76 +++++++++++++++++++ .../glib-2.0/glib-2.0/CVE-2025-3360-05.patch | 57 ++++++++++++++ .../glib-2.0/glib-2.0/CVE-2025-3360-06.patch | 50 ++++++++++++ meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 8 +- 7 files changed, 336 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-01.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-02.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-03.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-04.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-05.patch create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-06.patch diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-01.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-01.patch new file mode 100644 index 0000000000..b7b05b6595 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-01.patch @@ -0,0 +1,57 @@ +From fe6af80931c35fafc6a2cd0651b6de052d1bffae Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 18 Feb 2025 16:44:58 +0000 +Subject: [PATCH 1/6] gdatetime: Fix integer overflow when parsing very long + ISO8601 inputs + +This will only happen with invalid (or maliciously invalid) potential +ISO8601 strings, but `g_date_time_new_from_iso8601()` needs to be robust +against that. + +Prevent `length` overflowing by correctly defining it as a `size_t`. +Similarly for `date_length`, but additionally track its validity in a +boolean rather than as its sign. + +Spotted by chamalsl as #YWH-PGM9867-43. + +Signed-off-by: Philip Withnall + +CVE: CVE-2025-3360 +Upstream-Status: Backport [https://github.com/GNOME/glib/commit/fe6af80931c35fafc6a2cd0651b6de052d1bffae] +Signed-off-by: Peter Marko +--- + glib/gdatetime.c | 12 ++++++++---- + 1 file changed, 8 insertions(+), 4 deletions(-) + +diff --git a/glib/gdatetime.c b/glib/gdatetime.c +index ad9c190b6..b33db2c20 100644 +--- a/glib/gdatetime.c ++++ b/glib/gdatetime.c +@@ -1497,7 +1497,8 @@ parse_iso8601_time (const gchar *text, gsize length, + GDateTime * + g_date_time_new_from_iso8601 (const gchar *text, GTimeZone *default_tz) + { +- gint length, date_length = -1; ++ size_t length, date_length = 0; ++ gboolean date_length_set = FALSE; + gint hour = 0, minute = 0; + gdouble seconds = 0.0; + GTimeZone *tz = NULL; +@@ -1508,11 +1509,14 @@ g_date_time_new_from_iso8601 (const gchar *text, GTimeZone *default_tz) + /* Count length of string and find date / time separator ('T', 't', or ' ') */ + for (length = 0; text[length] != '\0'; length++) + { +- if (date_length < 0 && (text[length] == 'T' || text[length] == 't' || text[length] == ' ')) +- date_length = length; ++ if (!date_length_set && (text[length] == 'T' || text[length] == 't' || text[length] == ' ')) ++ { ++ date_length = length; ++ date_length_set = TRUE; ++ } + } + +- if (date_length < 0) ++ if (!date_length_set) + return NULL; + + if (!parse_iso8601_time (text + date_length + 1, length - (date_length + 1), diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-02.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-02.patch new file mode 100644 index 0000000000..55f3ab126e --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-02.patch @@ -0,0 +1,53 @@ +From 495c85278f9638fdf3ebf002c759e1bdccebaf2f Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 18 Feb 2025 16:51:36 +0000 +Subject: [PATCH 2/6] gdatetime: Fix potential integer overflow in timezone + offset handling + +This one is much harder to trigger than the one in the previous commit, +but mixing `gssize` and `gsize` always runs the risk of the former +overflowing for very (very very) long input strings. + +Avoid that possibility by not using the sign of the `tz_offset` to +indicate its validity, and instead using the return value of the +function. + +Signed-off-by: Philip Withnall + +CVE: CVE-2025-3360 +Upstream-Status: Backport [https://github.com/GNOME/glib/commit/495c85278f9638fdf3ebf002c759e1bdccebaf2f] +Signed-off-by: Peter Marko +--- + glib/gdatetime.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/glib/gdatetime.c b/glib/gdatetime.c +index b33db2c20..792c2ed15 100644 +--- a/glib/gdatetime.c ++++ b/glib/gdatetime.c +@@ -1346,8 +1346,10 @@ parse_iso8601_date (const gchar *text, gsize length, + return FALSE; + } + ++/* Value returned in tz_offset is valid if and only if the function return value ++ * is non-NULL. */ + static GTimeZone * +-parse_iso8601_timezone (const gchar *text, gsize length, gssize *tz_offset) ++parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) + { + gint i, tz_length, offset_hours, offset_minutes; + gint offset_sign = 1; +@@ -1415,11 +1417,11 @@ static gboolean + parse_iso8601_time (const gchar *text, gsize length, + gint *hour, gint *minute, gdouble *seconds, GTimeZone **tz) + { +- gssize tz_offset = -1; ++ size_t tz_offset = 0; + + /* Check for timezone suffix */ + *tz = parse_iso8601_timezone (text, length, &tz_offset); +- if (tz_offset >= 0) ++ if (*tz != NULL) + length = tz_offset; + + /* hh:mm:ss(.sss) */ diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-03.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-03.patch new file mode 100644 index 0000000000..fbefc262d4 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-03.patch @@ -0,0 +1,36 @@ +From 5e8a3c19fcad2936dc5e070cf0767a5c5af907c5 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 18 Feb 2025 16:55:18 +0000 +Subject: [PATCH 3/6] gdatetime: Track timezone length as an unsigned size_t +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It’s guaranteed to be in (0, length] by the calculations above. + +This avoids the possibility of integer overflow through `gssize` not +being as big as `size_t`. + +Signed-off-by: Philip Withnall + +CVE: CVE-2025-3360 +Upstream-Status: Backport [https://github.com/GNOME/glib/commit/5e8a3c19fcad2936dc5e070cf0767a5c5af907c5] +Signed-off-by: Peter Marko +--- + glib/gdatetime.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/glib/gdatetime.c b/glib/gdatetime.c +index 792c2ed15..6335bcbe2 100644 +--- a/glib/gdatetime.c ++++ b/glib/gdatetime.c +@@ -1351,7 +1351,8 @@ parse_iso8601_date (const gchar *text, gsize length, + static GTimeZone * + parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) + { +- gint i, tz_length, offset_hours, offset_minutes; ++ size_t tz_length; ++ gint i, offset_hours, offset_minutes; + gint offset_sign = 1; + GTimeZone *tz; + diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-04.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-04.patch new file mode 100644 index 0000000000..ce4fa53f26 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-04.patch @@ -0,0 +1,76 @@ +From 804a3957720449dcfac601da96bd5f5db2b71ef1 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 18 Feb 2025 17:07:24 +0000 +Subject: [PATCH 4/6] gdatetime: Factor out some string pointer arithmetic +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Makes the following code a little clearer, but doesn’t introduce any +functional changes. + +Signed-off-by: Philip Withnall + +CVE: CVE-2025-3360 +Upstream-Status: Backport [https://github.com/GNOME/glib/commit/804a3957720449dcfac601da96bd5f5db2b71ef1] +Signed-off-by: Peter Marko +--- + glib/gdatetime.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/glib/gdatetime.c b/glib/gdatetime.c +index 6335bcbe2..de5dd7af0 100644 +--- a/glib/gdatetime.c ++++ b/glib/gdatetime.c +@@ -1355,6 +1355,7 @@ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) + gint i, offset_hours, offset_minutes; + gint offset_sign = 1; + GTimeZone *tz; ++ const char *tz_start; + + /* UTC uses Z suffix */ + if (length > 0 && text[length - 1] == 'Z') +@@ -1372,34 +1373,35 @@ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) + } + if (i < 0) + return NULL; ++ tz_start = text + i; + tz_length = length - i; + + /* +hh:mm or -hh:mm */ +- if (tz_length == 6 && text[i+3] == ':') ++ if (tz_length == 6 && tz_start[3] == ':') + { +- if (!get_iso8601_int (text + i + 1, 2, &offset_hours) || +- !get_iso8601_int (text + i + 4, 2, &offset_minutes)) ++ if (!get_iso8601_int (tz_start + 1, 2, &offset_hours) || ++ !get_iso8601_int (tz_start + 4, 2, &offset_minutes)) + return NULL; + } + /* +hhmm or -hhmm */ + else if (tz_length == 5) + { +- if (!get_iso8601_int (text + i + 1, 2, &offset_hours) || +- !get_iso8601_int (text + i + 3, 2, &offset_minutes)) ++ if (!get_iso8601_int (tz_start + 1, 2, &offset_hours) || ++ !get_iso8601_int (tz_start + 3, 2, &offset_minutes)) + return NULL; + } + /* +hh or -hh */ + else if (tz_length == 3) + { +- if (!get_iso8601_int (text + i + 1, 2, &offset_hours)) ++ if (!get_iso8601_int (tz_start + 1, 2, &offset_hours)) + return NULL; + offset_minutes = 0; + } + else + return NULL; + +- *tz_offset = i; +- tz = g_time_zone_new_identifier (text + i); ++ *tz_offset = tz_start - text; ++ tz = g_time_zone_new_identifier (tz_start); + + /* Double-check that the GTimeZone matches our interpretation of the timezone. + * This can fail because our interpretation is less strict than (for example) diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-05.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-05.patch new file mode 100644 index 0000000000..22415cc6a3 --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-05.patch @@ -0,0 +1,57 @@ +From 4c56ff80344e0d8796eb2307091f7b24ec198aa9 Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 18 Feb 2025 17:28:33 +0000 +Subject: [PATCH 5/6] gdatetime: Factor out an undersized variable + +For long input strings, it would have been possible for `i` to overflow. +Avoid that problem by using the `tz_length` instead, so that we count up +rather than down. + +This commit introduces no functional changes (outside of changing +undefined behaviour), and can be verified using the identity +`i === length - tz_length`. + +Signed-off-by: Philip Withnall + +CVE: CVE-2025-3360 +Upstream-Status: Backport [https://github.com/GNOME/glib/commit/4c56ff80344e0d8796eb2307091f7b24ec198aa9] +Signed-off-by: Peter Marko +--- + glib/gdatetime.c | 13 ++++++------- + 1 file changed, 6 insertions(+), 7 deletions(-) + +diff --git a/glib/gdatetime.c b/glib/gdatetime.c +index de5dd7af0..2f8c864a1 100644 +--- a/glib/gdatetime.c ++++ b/glib/gdatetime.c +@@ -1352,7 +1352,7 @@ static GTimeZone * + parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) + { + size_t tz_length; +- gint i, offset_hours, offset_minutes; ++ gint offset_hours, offset_minutes; + gint offset_sign = 1; + GTimeZone *tz; + const char *tz_start; +@@ -1365,16 +1365,15 @@ parse_iso8601_timezone (const gchar *text, gsize length, size_t *tz_offset) + } + + /* Look for '+' or '-' of offset */ +- for (i = length - 1; i >= 0; i--) +- if (text[i] == '+' || text[i] == '-') ++ for (tz_length = 1; tz_length <= length; tz_length++) ++ if (text[length - tz_length] == '+' || text[length - tz_length] == '-') + { +- offset_sign = text[i] == '-' ? -1 : 1; ++ offset_sign = text[length - tz_length] == '-' ? -1 : 1; + break; + } +- if (i < 0) ++ if (tz_length > length) + return NULL; +- tz_start = text + i; +- tz_length = length - i; ++ tz_start = text + length - tz_length; + + /* +hh:mm or -hh:mm */ + if (tz_length == 6 && tz_start[3] == ':') diff --git a/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-06.patch b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-06.patch new file mode 100644 index 0000000000..249e09f0bc --- /dev/null +++ b/meta/recipes-core/glib-2.0/glib-2.0/CVE-2025-3360-06.patch @@ -0,0 +1,50 @@ +From 7f6d81130ec05406a8820bc753ed03859e88daea Mon Sep 17 00:00:00 2001 +From: Philip Withnall +Date: Tue, 18 Feb 2025 18:20:56 +0000 +Subject: [PATCH 6/6] tests: Add some missing GDateTime ISO8601 parsing tests +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This improves test coverage, adding coverage for some lines which I +spotted were not covered while testing the preceding commits. + +It doesn’t directly test the preceding commits, though. + +Signed-off-by: Philip Withnall + +CVE: CVE-2025-3360 +Upstream-Status: Backport [https://github.com/GNOME/glib/commit/7f6d81130ec05406a8820bc753ed03859e88daea] +Signed-off-by: Peter Marko +--- + glib/tests/gdatetime.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/glib/tests/gdatetime.c b/glib/tests/gdatetime.c +index 9e1acd097..94dd028a3 100644 +--- a/glib/tests/gdatetime.c ++++ b/glib/tests/gdatetime.c +@@ -859,6 +859,23 @@ test_GDateTime_new_from_iso8601 (void) + * NaN */ + dt = g_date_time_new_from_iso8601 ("0005306 000001,666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666600080000-00", NULL); + g_assert_null (dt); ++ ++ /* Various invalid timezone offsets which look like they could be in ++ * `+hh:mm`, `-hh:mm`, `+hhmm`, `-hhmm`, `+hh` or `-hh` format */ ++ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+01:xx", NULL); ++ g_assert_null (dt); ++ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx:00", NULL); ++ g_assert_null (dt); ++ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx:xx", NULL); ++ g_assert_null (dt); ++ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+01xx", NULL); ++ g_assert_null (dt); ++ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx00", NULL); ++ g_assert_null (dt); ++ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xxxx", NULL); ++ g_assert_null (dt); ++ dt = g_date_time_new_from_iso8601 ("2025-02-18T18:14:00+xx", NULL); ++ g_assert_null (dt); + } + + typedef struct { diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index ce7c57df9a..1a65f48399 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb @@ -21,8 +21,14 @@ SRC_URI = "${GNOME_MIRROR}/glib/${SHRT_VER}/glib-${PV}.tar.xz \ file://gdatetime-test-fail-0001.patch \ file://gdatetime-test-fail-0002.patch \ file://gdatetime-test-fail-0003.patch \ + file://CVE-2025-3360-01.patch \ + file://CVE-2025-3360-02.patch \ + file://CVE-2025-3360-03.patch \ + file://CVE-2025-3360-04.patch \ + file://CVE-2025-3360-05.patch \ + file://CVE-2025-3360-06.patch \ " -SRC_URI:append:class-native = " file://relocate-modules.patch \ +SRC_URI:append:class-native = " file://relocate-modules.patch \ file://0001-meson.build-do-not-enable-pidfd-features-on-native-g.patch \ " From patchwork Wed Apr 30 02:59:54 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62144 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 67FFDC3DA4A for ; Wed, 30 Apr 2025 03:00:27 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.8287.1745982023972184900 for ; Tue, 29 Apr 2025 20:00:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=PGRBbzCT; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-224191d92e4so73551335ad.3 for ; Tue, 29 Apr 2025 20:00:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982023; x=1746586823; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=28pFSEWpCQpL2uBbw11bZNP2e8PZs0fOvGTJAOXdlBw=; b=PGRBbzCTyvIZQmx/Bs9gchohms53JHxeBoBLoiHW9D8frONWbbdPdlmex30SAj/U/K Er6hmGPi8NFivRZz4aDDDRok4azbUHkcNrFhIjaXbjdxZy86JOAMHOEJxhwN5YU6w/02 nN8unHKP+7VzdE8bLX7v1cPzXo08xh4iwXiKHiLQiYCh+tn581JrhdNKC+pCbdbyeGLv L1pW+vK6YO/6B4SBJG6mkzL4K5EZPkX+nbsqrkRzqx2bffs1OhXr2rzahyja/6WjYf3r EwAtKzmNWfE3i9r4gKPGFwpKKeoAO/zD4BWIlYKJdt/rb0/4UAOJO+fYXMEk+yyeJCy9 kHtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982023; x=1746586823; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=28pFSEWpCQpL2uBbw11bZNP2e8PZs0fOvGTJAOXdlBw=; b=rvN83m9BIT8SKXdxiWbte30rNzwkgkA4NXdHmueEsKR5YziZ/vEu0tp+Tr7OJGwLyV k5ZfdJ6PBdJRdhteI/yEO8KrMpTAOoP3Iv5fDDdmzUc1EqpZF3GXMqAdKT10VJCvmD2D Xmjf+Je9MjjOsIwzXKk9kDQqCnm2DfTzAcnWUFwCbWQkN2dWSXH7RhPZ3eBgfB+Tq+46 9bUFjwZatXNKYmanOvFATLriQdzWE1VCG4oIIlOKXRf5WVhTchso4t8BQdzQjOQvB8UD ZDZxOXfXZKcM/GCcRqYQ+u9KUH3MFGuEd2lPuFOZl8L/uGVLQ+pm0ByRpbPbjWTitecq 54tw== X-Gm-Message-State: AOJu0YxNEVZHT5fVCdwwUMq6i+wEx8yvMXUCOCK4bOre2wTibaqBM6PP G5Au+Q7GRyQOS1VJOtw+Pq4jdC755f5J87T73j1Z1smynBIEBm8zLkiBduHPwG6/DfvyB5MfOED i X-Gm-Gg: ASbGncs30zor4i0jh7iKQE0Zu4u9dK2TT8N4PQ8y+4eHm+7d+9NjypuQTuKP/VqTe3E tpPkaWs7exdH2kowWaCng79+q3LIuAZNsWs6h7m9nxKFQ0pNri3lgxnlZowU/J2huAFJfwAtGUZ 8TkZDYvJBJ7enrvlZNkojNxNoLJJTq/haAL/v5agvZgxxnAuTeVSLRsYfTRqk6Lb3BtgXQ0Nnv0 OgbA8swWGbrWtcyh5189RmdHwUfQ/sRThA8NgLDVl6nZvUyxXY+ozot6FcFsJQh1GX+M4OnSbTO 0R6I7kr0xM2UTYAKz7ZMjGdEQb6HMJI= X-Google-Smtp-Source: AGHT+IHuKnYRoiD/571ISHSE9GQH7oe5IY9BwpHaSkAo0r+uD+GNhLjOALL2zgMpREkJ6lLFJguY8A== X-Received: by 2002:a17:902:e88c:b0:224:18bb:44c2 with SMTP id d9443c01a7336-22df576487bmr11594335ad.6.1745982023126; Tue, 29 Apr 2025 20:00:23 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:22 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/15] git: Upgrade 2.44.1 -> 2.44.3 Date: Tue, 29 Apr 2025 19:59:54 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215712 From: Soumya Sambu Addresses the security issues - CVE-2024-50349 and CVE-2024-52006 Release Notes: https://github.com/git/git/blob/v2.44.3/Documentation/RelNotes/2.44.3.txt Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- meta/recipes-devtools/git/{git_2.44.1.bb => git_2.44.3.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/git/{git_2.44.1.bb => git_2.44.3.bb} (98%) diff --git a/meta/recipes-devtools/git/git_2.44.1.bb b/meta/recipes-devtools/git/git_2.44.3.bb similarity index 98% rename from meta/recipes-devtools/git/git_2.44.1.bb rename to meta/recipes-devtools/git/git_2.44.3.bb index 53d67eb40a..a5afd36168 100644 --- a/meta/recipes-devtools/git/git_2.44.1.bb +++ b/meta/recipes-devtools/git/git_2.44.3.bb @@ -164,4 +164,4 @@ EXTRA_OECONF += "ac_cv_snprintf_returns_bogus=no \ " EXTRA_OEMAKE += "NO_GETTEXT=1" -SRC_URI[tarball.sha256sum] = "118214bb8d7ba971a62741416e757562b8f5451cefc087a407e91857897c92cc" +SRC_URI[tarball.sha256sum] = "4237c37cdf7b3d38102117b22993b2f761a4c02758dfbe33f7b7423c0b096ca9" From patchwork Wed Apr 30 02:59:55 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62148 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71B6EC3ABAC for ; Wed, 30 Apr 2025 03:00:27 +0000 (UTC) Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com [209.85.214.179]) by mx.groups.io with SMTP id smtpd.web11.8288.1745982025917448165 for ; Tue, 29 Apr 2025 20:00:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=MY7VfuiN; spf=softfail (domain: sakoman.com, ip: 209.85.214.179, mailfrom: steve@sakoman.com) Received: by mail-pl1-f179.google.com with SMTP id d9443c01a7336-225df540edcso5361955ad.0 for ; Tue, 29 Apr 2025 20:00:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982025; x=1746586825; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=rz+Jo7cJuq9tDUikZlbExDQQxCtv8ojActzBzMTdgUs=; b=MY7VfuiNfnEG9EeoCm8gZwW2r/YZTyMaledAet8X/f4Mm18OtCLO94aPMYATv8tjL4 XuQmuTTaPqORl1eLCCyM6CzGGTZexTOK1O2kL9RJBi74Uw5xNqktMqbqNYSB2r9Uq1Ll 8VJnxfcqA9kLtiQso2HdGWYcyhDpgsUZdFrZTU+/gQLBtHtLulZwfbwG9ov6o4BmyUaP LThMzPU4+xMnb3S4hQVMwqRahi32EvmKzr9cB09XlvzMnk+QQCbBwm9MhpfWM78uSJ9L f6TL8nfwoaEaxukbNUzusl60v31dk2Upgg7W7hywhAhynBRKTqSwTzHIPXUpxBuLdt2d KURw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982025; x=1746586825; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rz+Jo7cJuq9tDUikZlbExDQQxCtv8ojActzBzMTdgUs=; b=xC+Y7HG0DEKIF+k/uXh+xL4VONbT0/HHMCr7FGr3t+CNYOBKuHjvEfZmDpPDyvidUZ kwyZMsRqD3liXSiqpRISiZmnUVry2/4avUrwQSKmi3HHQimuWPediaEfTAc2zVNCTagt SIjm6btwspVWFiDouZhGtWxBxY8Rcoqe+OJSMhwAg8Geey73URdZ0p9ZDLu/wdst4Zg2 CGr236CjPspM862Z5dZ1XY29F9Npqzz3XSloTjo0SFobfOYAThzHiZvDASocR6T0BTn5 G4tkl/Yx3fBoSHxwPhtVGrxrDttIGFGWSzVX38KHHKpcz4qhrmX4sdBcCQO50W6/WZfO sH9w== X-Gm-Message-State: AOJu0Yy5CFqYwSbL30jKkFrfc1BL5536O2BE3DOgTDDNPk+TZEalzhib wnNz4YmmM5lpYuLgxPJTZwBfOoU5vp0CUswgEuU63uk7tP/LxIAPd30jFs7Fz3TemQyPf8fuc5F / X-Gm-Gg: ASbGncs1u5buUS6MIqAngNaJDWgocC0s/XEHVxEsBlqA4RsD3G4G6iyW3KxLddMCXz2 rkOEXQLAy93yL8RXjgKmd19d6JcO/m0ZDFEmRP9XrkpAC+rKjZytnMyGqWJ4NkQB0dSmbBqgLOD txf7qeSTkPiyn/UgpPgU/L0ptNH0O3yY/+jVo6KL3NzVx+6yEAlqdE7V0jjwfQ8oEmYOWqVj5Df 0tx1TiP5TB19PmNRnZgdYZPQDJodQxjqlpJ2tAV5wFSxWwGUBOQCfmluIhrT9IMV71MjgZayAQg SdDDpeBThByBJAZiSwMG5jzTsXMReDM= X-Google-Smtp-Source: AGHT+IE2i0/9AyQyTys1AS1plxhHaLChkS7GFT2aZkCY+rC7z2HcwuzQdn6KHJoi4oS97DjIAv500w== X-Received: by 2002:a17:902:e809:b0:223:fb95:b019 with SMTP id d9443c01a7336-22df481ab3dmr15915075ad.24.1745982025082; Tue, 29 Apr 2025 20:00:25 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:24 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/15] perlcross: update 1.5.2 -> 1.6 Date: Tue, 29 Apr 2025 19:59:55 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215713 From: Alexander Kanavin (From OE-Core rev: dee97a3d3127eeba77bc6be05dea25f89aa734e5) Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- ...ile-check-the-file-if-patched-or-not.patch | 3 +- ...oss-add-LDFLAGS-when-linking-libperl.patch | 9 ++-- .../perl-cross/files/determinism.patch | 41 +++++++++++-------- .../{perlcross_1.5.2.bb => perlcross_1.6.bb} | 2 +- 4 files changed, 29 insertions(+), 26 deletions(-) rename meta/recipes-devtools/perl-cross/{perlcross_1.5.2.bb => perlcross_1.6.bb} (92%) diff --git a/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch b/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch index 4e9153ebf1..7efee733c6 100644 --- a/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch +++ b/meta/recipes-devtools/perl-cross/files/0001-Makefile-check-the-file-if-patched-or-not.patch @@ -1,4 +1,4 @@ -From 3eb33dce6e3c93e1b3efcc9649f871100adada30 Mon Sep 17 00:00:00 2001 +From d0292a4f91ca22f8919a0f13d8961f98743bdbf1 Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Fri, 2 Jul 2021 09:08:21 +0000 Subject: [PATCH] Makefile: check the file if patched or not @@ -9,7 +9,6 @@ one time. Upstream-Status: Inappropriate (OE-specific) Signed-off-by: Mingli Yu - --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/perl-cross/files/0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch b/meta/recipes-devtools/perl-cross/files/0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch index 6c3f08c432..6d387fe66a 100644 --- a/meta/recipes-devtools/perl-cross/files/0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch +++ b/meta/recipes-devtools/perl-cross/files/0001-perl-cross-add-LDFLAGS-when-linking-libperl.patch @@ -1,4 +1,4 @@ -From f824cbec9ac8f113a4ae35d57bd18625d415a71b Mon Sep 17 00:00:00 2001 +From c4ebb6d11d690185f66a3f0a591f193fd6611122 Mon Sep 17 00:00:00 2001 From: Alexander Kanavin Date: Tue, 27 Nov 2018 15:37:40 +0100 Subject: [PATCH] perl-cross: add LDFLAGS when linking libperl @@ -10,10 +10,10 @@ Signed-off-by: Alexander Kanavin 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 01644cd..be811a7 100644 +index 4b80079..c6d6042 100644 --- a/Makefile +++ b/Makefile -@@ -180,7 +180,7 @@ endif +@@ -191,7 +191,7 @@ endif ifeq ($(useshrplib),true) $(LIBPERL): @@ -22,6 +22,3 @@ index 01644cd..be811a7 100644 else $(LIBPERL): $(AR) cru $@ $(filter %$o,$^) --- -2.17.1 - diff --git a/meta/recipes-devtools/perl-cross/files/determinism.patch b/meta/recipes-devtools/perl-cross/files/determinism.patch index e9bf752bcb..ef11b12a35 100644 --- a/meta/recipes-devtools/perl-cross/files/determinism.patch +++ b/meta/recipes-devtools/perl-cross/files/determinism.patch @@ -1,4 +1,7 @@ -Fixes to make the perl build reproducible: +From 8fd84d6d760b21bad2c499b572951cc3f2235953 Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Wed, 5 Feb 2020 23:54:02 +0000 +Subject: [PATCH] Fixes to make the perl build reproducible: a) Remove the \n from configure_attr.sh since it gets quoted differently depending on whether the shell is bash or dash which can cause the test result to be incorrect. @@ -8,7 +11,7 @@ b) Sort the order of the module lists from configure_mods.sh since otherwise the result isn't the same leading to makefile differences. Reported upstream: https://github.com/arsv/perl-cross/issues/88 -c) Sort the Encode::Byte byte_t.fnm file output (and the makefile depends whilst +c) Sort the Encode::Byte byte_t.fnm file output (and the makefile depends whilst there for good measure) This needs to go to upstream perl (not done) @@ -20,12 +23,26 @@ RP 2020/2/7 Upstream-Status: Pending [75% submitted] Signed-off-by: Richard Purdie X-Patchwork-Id: 62147 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 83D88C3ABA5 for ; Wed, 30 Apr 2025 03:00:27 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web10.8389.1745982027266313376 for ; Tue, 29 Apr 2025 20:00:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=CyDfi+uH; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-22d95f0dda4so97598695ad.2 for ; Tue, 29 Apr 2025 20:00:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982026; x=1746586826; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=1LKFgFrlyxF4M8dCEIQYQSCXVpc9kD3+bl6H8Udeh2I=; b=CyDfi+uHeLzFPrRr5aB+jGgoUOjcJmkofBqjvyxqcp636COSpJF+WiNThIbLZ2S7Fw /TQsHIdq0k15eLXMjItH1lZvDksl/vIIAHPSSPtlXf3M2OLWuqpl9AzhF2rRy4sIGiIk k7z6BCVW6c28tAdBqI+2r2hl0YpKX2cQY+JukBckzcihAslWJEsoZdjPc06ikvu9tuO6 V3h8KIqPSyIUkLbw/Gqy49bklomUTTq42xZaWa9nStaTJO1Vv5UGfGgjw0pkMSItqX/w ACGyas45+IMDc98vL3ACiyKFSqs+Jf+GOUBrUwPxizP6YPCTe8+2bhfojVzcKP5AoYpe jnrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982026; x=1746586826; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1LKFgFrlyxF4M8dCEIQYQSCXVpc9kD3+bl6H8Udeh2I=; b=WMLebZaGh3HIWuWS9Ws0ASpjQQcy4vWg7h1OzDaTk4xBNG3WIavFpp/bYqj5voCQgk qDx2YjVuUekja2r3WykZwmX6RCdiaBvGZOsGAlx8o9FZ/pXo73Kv1DYHXH8Bhd0Jasxv DifuN/yYsLZTG/9Dua0qShjhNd23IE09GuBRX5N1xiy+1pyytUBBKTWUC1EHT9mqKSlE 6L+Bkl82Hycra2mPsVOb2bRqKIGpi8CKr6BVUbELak63OnpvvioNUicH2Bwwr0s7hqtM pIEnBOMvP+yw9oZDlETbAnmqiqLHVi/HHcJXCpogC08yPuOHfdLZKrGUMLn3EiK7m9pP wSzA== X-Gm-Message-State: AOJu0Yz6r7/9bjfuZTJhYTckiNk3WmMeUiG+NnD60F9TjGsCR2/tC7e7 D37AmGHby86BossTbm9U6O1UM4/uSoY90BtyUjIpOS5nKzlXYSXlEaPR35nyjnnmyfi/Kn94AzI 8 X-Gm-Gg: ASbGncuX74/2dUF/jrH+7GwJhpF+gGHvURz+sPdoy35DYG4daqko8Vna1tqccHI76w7 FpRGfPABRJzfTsLpg8xRJxx7F0sUU1Qwvj6qv6UfLMJt0fTDCRskUpdFeLorYLhNicS/VmLRH2y bbCCaYRqOPkPJvXA4JxfeWCEPL+igX3z/VrhTJn0rvf4Pysc1wSX0MRCEHm+X9e6NFllCo6TJQg 9yO51eTKpYdQeKapmTdKKEq1pBak5nE+SQavUWP9AA8Kfm0qMR1yJz/pJpTobE1co9PvFZ+AxlF DazGBfSR+kg3e7psMnPN4sKeQCputLw= X-Google-Smtp-Source: AGHT+IE6NBpJ9Pz0ic/GExp2CucGvVZw8AeaT4cfWoJbaUY+glkHsprMnS4X+Nj+/rUncunJfosmbQ== X-Received: by 2002:a17:903:1984:b0:224:ff0:4360 with SMTP id d9443c01a7336-22df35ffbabmr27118695ad.53.1745982026383; Tue, 29 Apr 2025 20:00:26 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:26 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/15] perlcross: 1.6 -> 1.6.2 Date: Tue, 29 Apr 2025 19:59:56 -0700 Message-ID: <53dc46381ee3c8b04e507707d96f048b8a31e709.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:27 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215714 From: Archana Polampalli https://github.com/arsv/perl-cross/releases/tag/1.6.2 Provide support for Perl 5.38.4 Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- .../perl-cross/{perlcross_1.6.bb => perlcross_1.6.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/perl-cross/{perlcross_1.6.bb => perlcross_1.6.2.bb} (92%) diff --git a/meta/recipes-devtools/perl-cross/perlcross_1.6.bb b/meta/recipes-devtools/perl-cross/perlcross_1.6.2.bb similarity index 92% rename from meta/recipes-devtools/perl-cross/perlcross_1.6.bb rename to meta/recipes-devtools/perl-cross/perlcross_1.6.2.bb index 295dd0cfc1..e4bd90c572 100644 --- a/meta/recipes-devtools/perl-cross/perlcross_1.6.bb +++ b/meta/recipes-devtools/perl-cross/perlcross_1.6.2.bb @@ -18,7 +18,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/perl-cross-${PV}.tar.gz;name=perl-c " GITHUB_BASE_URI = "https://github.com/arsv/perl-cross/releases/" -SRC_URI[perl-cross.sha256sum] = "5abf198ee50ce9e69eb68fede68c87f65241caa744e4203e97490fa59b45ed69" +SRC_URI[perl-cross.sha256sum] = "131f7496152ee32067dbac2bc9b44b2f582fc778140e545701b3b2faee782f1d" S = "${WORKDIR}/perl-cross-${PV}" From patchwork Wed Apr 30 02:59:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62151 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EAC6C369DC for ; Wed, 30 Apr 2025 03:00:37 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.8290.1745982028734820121 for ; Tue, 29 Apr 2025 20:00:28 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=DDuGIxmt; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-22438c356c8so74107255ad.1 for ; Tue, 29 Apr 2025 20:00:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982028; x=1746586828; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=/AwPGRFU2tOkWQV+jZ0BCoPeVGS/6z98Ky4fwu5O/FI=; b=DDuGIxmt89dl8LMBZ/92NBz3LwHXLmxd9iboxfzftZp0Y150Kp42ULweCm4IPRLc44 umQSNp7lype/hMtcKk3nxqSNIbmnUI9hhI8w9XlsH43qrnJ+BqfxrA9OXL4jwWmgUAnc 5txSF05qZSjsuL0G37hZ6tnQUwEkd5aX4dwNR77Wpa3D43tN5cZvop0gWqCQHR+BizJW uJ9ia32biwm47Pq6GVKt1U7PmlRfiWwbeiRVAO59cFNlLkza3a0ozvN9ZaOtrQqQEyU7 KwNFFDCox2fPVUt2c8Fk9nBGo7qxyRJVxE/WAAbIL0+lTbs4G7dzt8PoYc6Ub1WSWnA0 skJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982028; x=1746586828; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=/AwPGRFU2tOkWQV+jZ0BCoPeVGS/6z98Ky4fwu5O/FI=; b=MhTqZpDNnNTN2msLPB2R5nmsf9kqUljsnpYpRBLXIIUKxUrhnXq7+RRUBpwCndEoZA joMcWCNB/QBxoucL5NcqldNa3mcksOZg4eMEUblWydcQMnpEzJuEAKhCgCzvzH334gTt 2OFNMXB8RgMJS4q3iilGqi+JzS+r3tmmGYBrxl8mG43PzkwVl6SPrY+D8iIAsW4ZY5zq llZBE2hfbiP8fTW6UxZ9r7qrdig5Pit8VB3/eKiBDdsUEfhpdPuvpNGZDMcF3kK3Ogmz isYgd7x2IyXFoduDgb+JdbQG4wJn5ANVT/JLkH0pQ/ZzTB0uw/3+LHEYDKofgA02a9eA HeTA== X-Gm-Message-State: AOJu0YxrlsVIuZ3a+iT8cQNokAKk2aKkIRrs8JBFXASiTDntVZ4CkgKf Xsp9atewqfrAisLBp5QEIbPJ3jLm9EktNv6iTRI2Ton9iEWmmXnVvPz9tCAxsrhqTifiYJeW0pm q X-Gm-Gg: ASbGncvgwrxkLp5m08sOnEVu5n+rnvRCf4R2w9KA//g022Im7zvVrOibkKFY+1xetfk sqLzklihpnRvVGiWCWCJL9JpwgjffRNUIHmIkI9OdToQSoB+HTVSKOU9EenG1M4szAMKYIATN2r HTqHMEbQU+2OJFV+REBykQm0ljPbpyU6mTfSGvpq0QBweKDdLfcmOvYZDQR9sjGCkJzMa32C+U0 MvJsDwb/6k/4F27MplP9T+9qmJjCEUqSXdFHOUAMTs4KTNk8XwV0htShG8UwbXpA2iF/PRSxeg9 /ht+Tws1as6y3icFKpTcsZZptnTOYh5RQquIZ/IQLw== X-Google-Smtp-Source: AGHT+IG9wqyc7OrXI1m3gyNC3WV3KmfNBdpW+h+kkzUrUNEYTWZkM8xQh4NCMIQxUkulows0egjeUw== X-Received: by 2002:a17:903:2acc:b0:224:10a2:cae1 with SMTP id d9443c01a7336-22df356f9d7mr22449215ad.37.1745982027898; Tue, 29 Apr 2025 20:00:27 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/15] perl: upgrade 5.38.2 -> 5.38.4 Date: Tue, 29 Apr 2025 19:59:57 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215715 From: Archana Polampalli update include fix for CVE-2024-56406 https://perldoc.perl.org/5.38.4/perl5384delta Signed-off-by: Archana Polampalli Signed-off-by: Steve Sakoman --- meta/recipes-devtools/perl/{perl_5.38.2.bb => perl_5.38.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/perl/{perl_5.38.2.bb => perl_5.38.4.bb} (99%) diff --git a/meta/recipes-devtools/perl/perl_5.38.2.bb b/meta/recipes-devtools/perl/perl_5.38.4.bb similarity index 99% rename from meta/recipes-devtools/perl/perl_5.38.2.bb rename to meta/recipes-devtools/perl/perl_5.38.4.bb index b6c9cda7ae..e59022e2bd 100644 --- a/meta/recipes-devtools/perl/perl_5.38.2.bb +++ b/meta/recipes-devtools/perl/perl_5.38.4.bb @@ -26,7 +26,7 @@ SRC_URI:append:class-target = " \ file://encodefix.patch \ " -SRC_URI[perl.sha256sum] = "a0a31534451eb7b83c7d6594a497543a54d488bc90ca00f5e34762577f40655e" +SRC_URI[perl.sha256sum] = "fb888accf8b50b5180e91166e5153608be294c57c19878e95f7659c1f1f12758" B = "${WORKDIR}/perl-${PV}-build" From patchwork Wed Apr 30 02:59:58 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62154 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E05AC3ABA5 for ; Wed, 30 Apr 2025 03:00:37 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.8293.1745982030271788981 for ; Tue, 29 Apr 2025 20:00:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=KWt4tP2Z; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-227c7e57da2so57702015ad.0 for ; Tue, 29 Apr 2025 20:00:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982029; x=1746586829; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Epg38ZHRYL973+/SDMaIahcwz9V4S4EfNyDJXAf+754=; b=KWt4tP2Zbd7JIv8PgF1JMsW50CmsOACD6G9jb1xEVw1xrkSDiCdmhqt2V1OG95umCf 3vTwPUsm0JLoilvASDBhaljDVqCRT1JSB2gugi2S2cOJ7/iDL0n0VoIrf5G0/4rGfhs+ L0clCx85S9DepnDDYr1jpy054P1U7Kz1BByDoeMHSItS54Y6bsAyezSGRTR43rE2yiQk bvB3uWcD4Y3HTDuJIo0ZSQPPTUoXYie1WCrPtZrLfY4vA20o6Ft4ZutQOQ6g5W2SurxH Ybc9VcKzHqG7Fm3WPohM7+jaJwnmB82o/ato2oQi0rk2Xdn3MqV0ZFkIlwcEWTtKR7cA sHOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982029; x=1746586829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Epg38ZHRYL973+/SDMaIahcwz9V4S4EfNyDJXAf+754=; b=A8ZEVxwQzrKk/TqfhL4HUtjWRkJYk0liyusCAosYOea6ZyO+eH4GBOKbqIHahwajtT qbbXB2gogljQdJWRb3DcFZ49veZ0e7DtvvVQBQgk8nMJRZyjhSuJxeIdqIpfqEKwZxAp dfx78br+1W7Ng30tBpDQeXDbdxa6vE/Ie5fXkLZgc+IrxQSBTMppf1om68u/I6ZufvtP iW9dFxgUlCFCbPLWVxAMiKZmZxwgVyixSatuDH0jak4MhgYPhh+xgnblMiur/RrBTdfu apPJvvV6z/lstsGBoAORvL4cFzikyXY0ENcgqsr/Qkzy6dqkD5ZK9BgFd+lpYM3IJrww 0qng== X-Gm-Message-State: AOJu0Yydfla5AUOROPbE8GEzuNoZXTWhudL/+qXPmkAdoKJsOqlr3zKs izH8A3+9k+VuRcqe//KUlDAASQMoxUVHaUgtd1vzuq3kIOeEhhxbl58pLRcsB+qRB0ubzdDboiy s X-Gm-Gg: ASbGnctj26zcwkmHqOnrt/mqIFh3iIBbe2EyHhzCvJsvzK0/kIKePr8cCzZO1zeaLZP hwMV5xFaYzDsVpEgRsWmBWRpRujZZyazNH2o3bzswIcTRv4IUomAZ6dsygjKWqCjCCsEL/+foFe jLjlFBdJhKJ681VC02yiYZv9rzLuGhP+jFvhGk8YnGh4c/qRkfpz9HQsHNMneXfp1sIbCMbGPkU 8YR/rcoUskgDIrYkACP4M6pOwcaQPq9W4Jtiuh/AjGg97Tbu46RqtPk8Bj+YsKeGfncL2YgSm7K znXG5s4/M3+nNuOX/zFigu4nO62Aqa4= X-Google-Smtp-Source: AGHT+IHb1zeLZ7TNWmLByDyZJ7fJf2mli+fcB65opGJ/FgCx+Gi7HMS3yJjdZrvnSocnklKbec/vBg== X-Received: by 2002:a17:902:cecb:b0:229:1619:ab58 with SMTP id d9443c01a7336-22df5838736mr13013655ad.43.1745982029498; Tue, 29 Apr 2025 20:00:29 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.28 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/15] tzdata/tzcode-native: upgrade 2025a -> 2025b Date: Tue, 29 Apr 2025 19:59:58 -0700 Message-ID: <0d93972dc2d67853b7ddb0d9e55522930fb51df2.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215716 From: Priyal Doshi Signed-off-by: Priyal Doshi Signed-off-by: Richard Purdie (cherry picked from commit b1ff8b45da27b533477cf6d9ace7a47f7f3a28b1) Signed-off-by: Steve Sakoman --- meta/recipes-extended/timezone/timezone.inc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index f1dbd7ba81..f21bedf4fc 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -6,7 +6,7 @@ SECTION = "base" LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" -PV = "2025a" +PV = "2025b" SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode;subdir=tz \ http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;subdir=tz \ @@ -16,5 +16,5 @@ S = "${WORKDIR}/tz" UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones" -SRC_URI[tzcode.sha256sum] = "119679d59f76481eb5e03d3d2a47d7870d592f3999549af189dbd31f2ebf5061" -SRC_URI[tzdata.sha256sum] = "4d5fcbc72c7c450ebfe0b659bd0f1c02fbf52fd7f517a9ea13fe71c21eb5f0d0" +SRC_URI[tzcode.sha256sum] = "05f8fedb3525ee70d49c87d3fae78a8a0dbae4fe87aa565c65cda9948ae135ec" +SRC_URI[tzdata.sha256sum] = "11810413345fc7805017e27ea9fa4885fd74cd61b2911711ad038f5d28d71474" From patchwork Wed Apr 30 02:59:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62153 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96C36C3ABAD for ; Wed, 30 Apr 2025 03:00:37 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.8294.1745982031734389805 for ; Tue, 29 Apr 2025 20:00:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=NlSoRalK; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-2243803b776so113425695ad.0 for ; Tue, 29 Apr 2025 20:00:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982031; x=1746586831; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+KgKBtXHWrXSCQpmn4KnDl/q3VsWgKLjZ2Oa1uLH90Y=; b=NlSoRalKjrAi9lHPgOzt/vkXG4XW7QmV0lzrE+g8GWPNijxvOESsEu7XF1QwOf2YEV Yksj3SuZwq1kRjI7jU8pzO0JbRMwwGCKlJaehcW9iD/7DYI1iY/GMwwNpq6L+XR37xX0 j/VTvBjAe5WFK1CMQQou+9J2hPtu6ZF05ijwXv02J5kk2VB/rgSyyw9S4btdYmGSfN4s L34Uo5/4Mvcy2qZPlH1Mq48ExAUW5D0obhSklb9zDEcBDZkD0dr2K3P/q0HH1zPZ8xHt IdV0SqVsfsHUjBlR/nhlWgTqxIkH8Tm8e/B8QrnAaibzBv2QAZ4NJBAbJ6uBzv92pa/f LfZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982031; x=1746586831; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+KgKBtXHWrXSCQpmn4KnDl/q3VsWgKLjZ2Oa1uLH90Y=; b=vJhObzsyCxSXe0D98gj5kfOGzKaqOLaD85UqHupo+mBmlKvLNOOLA5GGr/OqqdSW7O /AbIrQ5UvAv3C3PjqDAwVyLCUpgYRNyZqh046Q697HWU7OPuCHpn0MY/2PC4eThEKH8Y Q2y/J+Fwqee/kL0P8JbgBr62OfwyQQrQesTHdPzUPdHcSJajBhCWSzWg9VuzmAb/eP5N k7GlF75aq8ekhojzFG+I5xLMzhnuqoC441SFCczICWowd6onwg70eB8xv9Z3t+1iunDH XyJbuCLaue3OIkHH/x2s1tM/Uko+aJa/puKoAc5p0jhVATFJVrleQbC/6RJAq7tdNzWF sJMg== X-Gm-Message-State: AOJu0YwxfVfbJ/0zsD3I/F7ZNRucn/aoQIcEEpR5PaNey/afqJXqgjU6 eLuSDXXXDJXSqihY6Lu4KwTIo593fFzBwUUo9KBtXDCiefC3YFw+ktZKSjYRrM9616wtDmXBv8g A X-Gm-Gg: ASbGncu9NdaO5FjHUnckQi+suvK9JXPZX9Jhe2ESFgJQdXyr2pJ+nmMTa8w6qDUArbt hzz20IbEKSfaEYg5W10DCi178VnHgYdLpj95YxKFEmA9goHvAuSob9cBwAhvmwOARqAyZ0+rHHJ zgQbQd06g5CrYYgRKGWma8jR9qnnnUQ2TkFATr3JbX3ru68He0hmh7x0Zdq5o4ZRhATOAMGQZML TU25dConqtrgZj6bI4D/cCjZCq9srGlTtVUNwC6fKCTnn9IRTiscZhgB1R7fEb0k2FJm90gsSi4 hpGad21PaoE++bZ74Dr0NuyKZgDhlkE= X-Google-Smtp-Source: AGHT+IERsT4HxaUulUwgbZzSvIgCU7q6JAULLrATexglRmifb3HOlnnBdVDWebGroGPlyRzAP8pamw== X-Received: by 2002:a17:903:1984:b0:224:ff0:4360 with SMTP id d9443c01a7336-22df35ffbabmr27122705ad.53.1745982030909; Tue, 29 Apr 2025 20:00:30 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:30 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 11/15] initscripts: add function log_success_msg/log_failure_msg/log_warning_msg Date: Tue, 29 Apr 2025 19:59:59 -0700 Message-ID: <90cf409ba74c4bb398199667ea2819759a720373.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215717 From: Changqing Li * add function log_success_msg/log_failure_msg/log_warning_msg, some packages still use these functions, like mariadb, refer [1], without these function, with sysV init manager, mariadb will report error: root@qemux86-64:~# /etc/init.d/mysqld status /etc/init.d/mysqld: line 383: log_success_msg: command not found * remove RCONFLICTS with lsbinitscripts, LSB support already remove in [2] [1] https://github.com/MariaDB/server/blob/main/support-files/mysql.server.sh#L104 [2] https://git.openembedded.org/openembedded-core/commit/?id=fb064356af615d67d85b65942103bf943d84d290 [3] https://refspecs.linuxbase.org/LSB_4.0.0/LSB-Core-generic/LSB-Core-generic/iniscrptfunc.html Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../initscripts/initscripts-1.0/functions | 21 +++++++++++++++++++ .../initscripts/initscripts_1.0.bb | 1 - 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/initscripts/initscripts-1.0/functions b/meta/recipes-core/initscripts/initscripts-1.0/functions index 35aebd4a55..7fc19c808b 100755 --- a/meta/recipes-core/initscripts/initscripts-1.0/functions +++ b/meta/recipes-core/initscripts/initscripts-1.0/functions @@ -92,3 +92,24 @@ passed() { echo -n -e "${BRACKET}[${SUCCESS} PASS ${BRACKET}]${NORMAL}" return $rc } + +log_success_msg() +{ + echo -n $@ + success + echo +} + +log_failure_msg() +{ + echo -n $@ + failure + echo +} + +log_warning_msg() +{ + echo -n $@ + warning + echo +} diff --git a/meta/recipes-core/initscripts/initscripts_1.0.bb b/meta/recipes-core/initscripts/initscripts_1.0.bb index e61ac554f3..56ee65ac5b 100644 --- a/meta/recipes-core/initscripts/initscripts_1.0.bb +++ b/meta/recipes-core/initscripts/initscripts_1.0.bb @@ -53,7 +53,6 @@ RDEPENDS:${PN} = "initd-functions \ # Recommend pn-functions so that it will be a preferred default provider for initd-functions RRECOMMENDS:${PN} = "${PN}-functions" RPROVIDES:${PN}-functions = "initd-functions" -RCONFLICTS:${PN}-functions = "lsbinitscripts" FILES:${PN}-functions = "${sysconfdir}/init.d/functions*" FILES:${PN}-sushell = "${base_sbindir}/sushell" From patchwork Wed Apr 30 03:00:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62152 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7EAFBC3ABAA for ; Wed, 30 Apr 2025 03:00:37 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web11.8295.1745982033320117414 for ; Tue, 29 Apr 2025 20:00:33 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=A0kTStSn; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-2264aefc45dso101174405ad.0 for ; Tue, 29 Apr 2025 20:00:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982032; x=1746586832; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fhKohCH7L77Go4zY2y+9uWz1biEt0hBm50Ba+Ja0t5Y=; b=A0kTStSnyuSfOKCt88j7dahZuoBejWmeNwSNefcX57Takfw7ZKNNKm3Rp6ha7E3SXr 72UObemlmi8NTKVm9vTGw43psRAF2xrUdtSuKaXu5JQpfGbxoxSa8CjVbnAuKZHVVilC IgXQSvvGaQlY/khhUKpjwIloXZQsX8tUMqAQS9QG2vTgddGXx2xUJjbO+fwuyXTalqq5 78RtpHTfx6Ww4z1vbWH6E/RPHNoQIyfPPdB8b5sh4wcUNefJhoz1jAYbyFMbPzAVhJc4 DPvx5yixEMnTOSBR4ZvPDNsJNCoJdNVgV5e8iqZh1O7g6xqtTmBSjKgVPydNIURT7HXK 5uvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982032; x=1746586832; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fhKohCH7L77Go4zY2y+9uWz1biEt0hBm50Ba+Ja0t5Y=; b=AXmG9XpiMAFNmksbktMViAacmInelmlevplP5Y+lf0y6B+AJlvO43fYrOgh1VSc+fZ X94Q5SmkxV1iLEkVNMiso/RmiBiOIDuMrNNIx1bI5a/u4X/HSMHX0kqdTfSB94ZkOkuR hVZyGJsrwNAtBaa4yyOYpe41OMzOGiBh7PR35mNEUO0G6gZQ/I3JB+e8LU7woS9a52Ca TxWxcw6wg1a4SQ8gKg/qlZOeaXNcA9+rm4IDi5v9EWvS/Zfp9RdqLC6Ac4ps/ps71hlR 5LjvcynQ4rP27kkkpKY+5+FlYReFJ+dfpRmn/s1GEhRP/URz3dK8V1pYpyKF5eeMJoPv qxdg== X-Gm-Message-State: AOJu0Yx1Jnxy8eQ7hPISJozDfIiIrrcNU2V0PVxp8ajbudgv6aPfIOvZ IdnQr++W8yZjOcihLJSzFm38aQwS4asE6+0qjm1pM29Et0rKjx1SmlzCYm2IKVL2DAinHIYqqL1 P X-Gm-Gg: ASbGncvbqKZdgKIr+LYKIGstHXPIjpMfnCgLmLmbf0ZThfbUiqDfBltog9HYgmDRNrK ZpVjhoBdATp8N3X+Kezu3AlJv5VLBb7ptEJPwOiQtakpMjeTKk2ZiF0zguwkZC99fM+lPO2hPax z4EY3gmrM+TOvUwQeYRKMz9d8lk0O/Tg/VT3XhECQl+NPLKVW+yrVGizeMmSjbgEhWT9rZqbG0w 4LjshHf5hkq5ZzTSCDKg6zCThyScQQQEwTM1wO74+2AULjKK7MlW5dQ2WomksZQjF/Ff2AQnlGZ 4hh2FfJ2OFjX+uE4eQ5CVRX6N08ue1o= X-Google-Smtp-Source: AGHT+IErs1/ThYTowi1jCvEWbQxAK8FLd6LjG58brosLBikG4+5XEk+XohWk93OPAaXsms+TYn50kw== X-Received: by 2002:a17:902:f68f:b0:220:e9ef:ec98 with SMTP id d9443c01a7336-22df34d8324mr24795395ad.19.1745982032431; Tue, 29 Apr 2025 20:00:32 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:32 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/15] buildtools-tarball: move setting of envvars to respective envfile Date: Tue, 29 Apr 2025 20:00:00 -0700 Message-ID: <5f4fd544d3df7365224599c9efdce4e545f51d5e.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215718 From: Changqing Li * make git,curl,python3-requests align with openssl, move the setting of envvars into respective envfile * for environment.d-openssl.sh, also check if ca-certificates.crt exist before export envvars Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../openssl/files/environment.d-openssl.sh | 7 +++++-- meta/recipes-core/meta/buildtools-tarball.bb | 6 ------ meta/recipes-devtools/git/git/environment.d-git.sh | 3 +++ meta/recipes-devtools/git/git_2.44.3.bb | 8 ++++++++ .../environment.d-python3-requests.sh | 3 +++ .../python/python3-requests_2.32.3.bb | 11 +++++++++++ meta/recipes-support/curl/curl/environment.d-curl.sh | 3 +++ meta/recipes-support/curl/curl_8.7.1.bb | 9 +++++++++ 8 files changed, 42 insertions(+), 8 deletions(-) create mode 100644 meta/recipes-devtools/git/git/environment.d-git.sh create mode 100644 meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh create mode 100644 meta/recipes-support/curl/curl/environment.d-curl.sh diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index 6f23490c87..6cb82d7386 100644 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh @@ -1,5 +1,8 @@ export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" -export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs" -export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt" +if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs" + export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt" + export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE" +fi export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index e2ce5b3ecf..414c266663 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -73,12 +73,6 @@ create_sdk_files:append () { touch $script echo 'export PATH="${SDKPATHNATIVE}${bindir_nativesdk}:${SDKPATHNATIVE}${sbindir_nativesdk}:${SDKPATHNATIVE}${base_bindir_nativesdk}:${SDKPATHNATIVE}${base_sbindir_nativesdk}:$PATH"' >> $script echo 'export OECORE_NATIVE_SYSROOT="${SDKPATHNATIVE}"' >> $script - if [ -e "${SDK_OUTPUT}${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt" ]; then - echo 'export GIT_SSL_CAINFO="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script - echo 'export SSL_CERT_FILE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script - echo 'export REQUESTS_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script - echo 'export CURL_CA_BUNDLE="${SDKPATHNATIVE}${sysconfdir}/ssl/certs/ca-certificates.crt"' >>$script - fi echo 'HOST_PKG_PATH=$(command -p pkg-config --variable=pc_path pkg-config 2>/dev/null)' >>$script echo 'export PKG_CONFIG_LIBDIR=${SDKPATHNATIVE}/${libdir}/pkgconfig:${SDKPATHNATIVE}/${datadir}/pkgconfig:${HOST_PKG_PATH:-/usr/lib/pkgconfig:/usr/share/pkgconfig}' >>$script echo 'unset HOST_PKG_PATH' diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh new file mode 100644 index 0000000000..18104f0528 --- /dev/null +++ b/meta/recipes-devtools/git/git/environment.d-git.sh @@ -0,0 +1,3 @@ +if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" +fi diff --git a/meta/recipes-devtools/git/git_2.44.3.bb b/meta/recipes-devtools/git/git_2.44.3.bb index a5afd36168..7b33d6071e 100644 --- a/meta/recipes-devtools/git/git_2.44.3.bb +++ b/meta/recipes-devtools/git/git_2.44.3.bb @@ -13,6 +13,10 @@ SRC_URI = "${KERNELORG_MIRROR}/software/scm/git/git-${PV}.tar.gz;name=tarball \ file://0001-config.mak.uname-do-not-force-RHEL-7-specific-build-.patch \ " +SRC_URI:append:class-nativesdk = " \ + file://environment.d-git.sh \ + " + S = "${WORKDIR}/git-${PV}" LIC_FILES_CHKSUM = "\ @@ -115,6 +119,9 @@ do_install:append:class-nativesdk() { GIT_EXEC_PATH='`dirname $''realpath`'/${REL_GIT_EXEC_PATH} \ GIT_TEMPLATE_DIR='`dirname $''realpath`'/${REL_GIT_TEMPLATE_DIR} perl_native_fixup + + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-git.sh ${D}${SDKPATHNATIVE}/environment-setup.d/git.sh } FILES:${PN} += "${datadir}/git-core ${libexecdir}/git-core/" @@ -155,6 +162,7 @@ FILES:${PN}-tk = " \ PACKAGES =+ "gitweb" FILES:gitweb = "${datadir}/gitweb/" +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/git.sh" RDEPENDS:gitweb = "perl" BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh new file mode 100644 index 0000000000..f2eee203ca --- /dev/null +++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh @@ -0,0 +1,3 @@ +if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" +fi diff --git a/meta/recipes-devtools/python/python3-requests_2.32.3.bb b/meta/recipes-devtools/python/python3-requests_2.32.3.bb index 4f0638b50c..36ff75f87d 100644 --- a/meta/recipes-devtools/python/python3-requests_2.32.3.bb +++ b/meta/recipes-devtools/python/python3-requests_2.32.3.bb @@ -3,10 +3,19 @@ HOMEPAGE = "https://requests.readthedocs.io" LICENSE = "Apache-2.0" LIC_FILES_CHKSUM = "file://LICENSE;md5=34400b68072d710fecd0a2940a0d1658" +SRC_URI:append:class-nativesdk = " \ + file://environment.d-python3-requests.sh \ +" + SRC_URI[sha256sum] = "55365417734eb18255590a9ff9eb97e9e1da868d4ccd6402399eaf68af20a760" inherit pypi python_setuptools_build_meta +do_install:append:class-nativesdk() { + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-python3-requests.sh ${D}${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh +} + RDEPENDS:${PN} += " \ python3-certifi \ python3-email \ @@ -19,6 +28,8 @@ RDEPENDS:${PN} += " \ python3-compression \ " +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/python3-requests.sh" + CVE_PRODUCT = "requests" BBCLASSEXTEND = "native nativesdk" diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh new file mode 100644 index 0000000000..0d53aabb8e --- /dev/null +++ b/meta/recipes-support/curl/curl/environment.d-curl.sh @@ -0,0 +1,3 @@ +if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" +fi diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb index 8ce8caadf0..2f5bf8c8fd 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.7.1.bb @@ -25,6 +25,11 @@ SRC_URI = " \ file://CVE-2024-11053-0003.patch \ file://CVE-2025-0167.patch \ " + +SRC_URI:append:class-nativesdk = " \ + file://environment.d-curl.sh \ +" + SRC_URI[sha256sum] = "6fea2aac6a4610fbd0400afb0bcddbe7258a64c63f1f68e5855ebc0c659710cd" # Curl has used many names over the years... @@ -108,6 +113,8 @@ do_install:append:class-target() { do_install:append:class-nativesdk() { fix_absolute_paths + mkdir -p ${D}${SDKPATHNATIVE}/environment-setup.d + install -m 644 ${WORKDIR}/environment.d-curl.sh ${D}${SDKPATHNATIVE}/environment-setup.d/curl.sh } do_compile_ptest() { @@ -156,6 +163,8 @@ RRECOMMENDS:lib${BPN} += "ca-certificates" FILES:${PN} += "${datadir}/zsh" +FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/curl.sh" + inherit multilib_script MULTILIB_SCRIPTS = "${PN}-dev:${bindir}/curl-config" From patchwork Wed Apr 30 03:00:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62155 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 84B43C3DA4A for ; Wed, 30 Apr 2025 03:00:37 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.8297.1745982034724892705 for ; Tue, 29 Apr 2025 20:00:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=FsNIJlPc; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-223f4c06e9fso4832325ad.1 for ; Tue, 29 Apr 2025 20:00:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982034; x=1746586834; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=OpNh2vAwV3ninlNCjdDlcBraQy9dE9QqK3gXWhBlaA0=; b=FsNIJlPccDOqTbYjvK3jL49QL+0VoTrxSIWG+5/I9C1wP9XCI1foB8TBwb1Dm+v+Yz OQQiQ3zINI3SMH931sdYiK9QoWX8mXGsiY1M42yucSeCE8TF8xPjuJM9QILIW60kgwvY hcxNdv0RElY/EfFtXXf/4CoAoyv+3bnMirsOMcSX561t4tfmCMtj3ZZYGK+Nnx1IhTmh Wdu/4VtZZIAlv64/Mk3nVyVuFA1PUqEQGZ9aaKKW9kejnpNR2f7qekBW/i1fD1UfxfBf swLcKCeFMAyztAcDUtOxagU6wOs6U4TWVWXEiV8kztuGrvgCzv6mwVglN4NEGFyiaH7l +w0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982034; x=1746586834; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=OpNh2vAwV3ninlNCjdDlcBraQy9dE9QqK3gXWhBlaA0=; b=CYZzoYvEi0XV5riMZAGiB7qE2yD9ER2ZesiAtGnZ7Wd+AU3KLnhOYbqUvisSNBipFo I90L2L2ikbo24lSWNy7NbSurtc9YrBdYWJQImYUrTRdFjn7C8fyaf4257QQrD5FUpH4F QovvhxrPdqaeGv0Z6adRbhXFdJH9W1VVKhgY0uCXV+b71i40Fuan6j552ugKDegMH6p2 NYogncsse+P5GRSnbNLFjDrZBCNdeWINxkT7kczLf58jDU9W++FSgDszHpxnf7VWKdwW tzqQf+9rWtDL8PY03GncjAltTxhd24XYnN3A/VE4MgBgeXSe6ogohun/6b50O3NWGaFl WOLQ== X-Gm-Message-State: AOJu0YwPfSpyDYZxL8976npxC6JHHnIvPPtrgtAScwuaFklgRZmpwUu+ E/dVaJWBbdup5eymMcSUZMngiRHsBTEqy4JSLnG/xU5LjTC75Z0jcGBWMA+HgLpNB2/qei3ypBj A X-Gm-Gg: ASbGnctyguLkMhYDSJka9+YmTzvT/Hcw8J5clmvOhQOZX0mI+gqOtuV3Hd4RUslo3UP /7Xdq9A6kAj4r7qLT9FJLbnowtFKvjrQtaAEFp/XnwlvVXzzOvWpiwP/uBzvCa/jMX1eYJdnPJR ZRWnD06zCwcT+SibcGBZkT/jP2SRGKDxOyWqrGkU84CINAbbe4yVFVvL3pNnChGzu+2x8p2dINf RxmMZTpCOUDAoscy/FIQQssoTYm5lALMB3Y7+Ugx47Yp/eznL6/X92ORuqD48Uh1hLRq6beIsGU 7olTwxHo5acTTqUUzT7m1w4GHbCYXwc= X-Google-Smtp-Source: AGHT+IHiYH6deB5fE/yCL8Bjecn9iXTZYn53tZDxvHsgJBkiQveRNDLXBhK4vPOco1v9G5+W/4VGSw== X-Received: by 2002:a17:902:db0a:b0:224:3d:2ffd with SMTP id d9443c01a7336-22df47e5fb1mr17158205ad.17.1745982033947; Tue, 29 Apr 2025 20:00:33 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:33 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 13/15] buildtools-tarball: add envvars into BB_ENV_PASSTHROUGH_ADDITIONS Date: Tue, 29 Apr 2025 20:00:01 -0700 Message-ID: <27f018d8e8ace97d0b1cdfb8782a2a7a0a319816.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215719 From: Changqing Li Here is one testcase: For recipe tensorflow-lite-host-tools_2.18.0.bb, refer [1], do_configure[network] = "1" and it will git clone some repos in CMakeLists.txt When buildtools is used and nativesdk-git is installed into sdk, do_configure failed with error: [1/9] Performing download step (git clone) for 'protobuf-populate' Cloning into 'protobuf'... fatal: unable to access 'https://github.com/protocolbuffers/protobuf/': error setting certificate file: /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-wrlinuxsdk-linux/etc/ssl/certs/ca-certificates.crt Fix by adding GIT_SSL_CAINFO in BB_ENV_PASSTHROUGH_ADDITIONS, so that user can export GIT_SSL_CAINFO=${GIT_SSL_CAINFO} in their do_configure:prepend() to fix above do_configure failure CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE is similar envvars, so all add into BB_ENV_PASSTHROUGH_ADDITIONS [1] https://github.com/nxp-imx/meta-imx/blob/styhead-6.12.3-1.0.0/meta-imx-ml/recipes-libraries/tensorflow-lite/tensorflow-lite-host-tools_2.18.0.bb Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- meta/recipes-devtools/git/git/environment.d-git.sh | 1 + .../python/python3-requests/environment.d-python3-requests.sh | 1 + meta/recipes-support/curl/curl/environment.d-curl.sh | 1 + 3 files changed, 3 insertions(+) diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh index 18104f0528..f8e3221510 100644 --- a/meta/recipes-devtools/git/git/environment.d-git.sh +++ b/meta/recipes-devtools/git/git/environment.d-git.sh @@ -1,3 +1,4 @@ if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO" fi diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh index f2eee203ca..c7faec127d 100644 --- a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh +++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh @@ -1,3 +1,4 @@ if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} REQUESTS_CA_BUNDLE" fi diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh index 0d53aabb8e..0ab83a267d 100644 --- a/meta/recipes-support/curl/curl/environment.d-curl.sh +++ b/meta/recipes-support/curl/curl/environment.d-curl.sh @@ -1,3 +1,4 @@ if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} CURL_CA_BUNDLE" fi From patchwork Wed Apr 30 03:00:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62156 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91098C3ABAC for ; Wed, 30 Apr 2025 03:00:37 +0000 (UTC) Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) by mx.groups.io with SMTP id smtpd.web10.8392.1745982036475910469 for ; Tue, 29 Apr 2025 20:00:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Rhx3PKRg; spf=softfail (domain: sakoman.com, ip: 209.85.214.176, mailfrom: steve@sakoman.com) Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-22c33677183so71087945ad.2 for ; Tue, 29 Apr 2025 20:00:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982036; x=1746586836; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=LbpCf/2/Rjsl5Z+cH5IiyciA7Bp3/0cQqfZHwGPa0vg=; b=Rhx3PKRgr1F6tGRu64xnykRf95uNrQBfWXUqkt/ndag1XwMDMmcFnpUI7/kAaHpBZF n8uKrXuKI4YfAoyKBT3QwoO8NHHqc5FX4qd+qMnS5fR5k/7WQZHjtQjJffrHTQuDlA70 M30s7Q/7qZPWm8BXgwjOIWk8yIa+fF2LKD6+48yURD0Q+rdujeQlVtQS0DNwcUTX0KLT KlSz5CTXndb4OXSdTYE90o2FpARHCZpNGBmLR1SHCM0ULpxtFJwWwzLS+V7EtjFKFZt+ N3+sWYInEQ8Ra7aqratZD2TW54X3i8MLKv7mqitbzY/EiJcLr5CfPwkfi+5UQNTlXQ1r medQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982036; x=1746586836; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LbpCf/2/Rjsl5Z+cH5IiyciA7Bp3/0cQqfZHwGPa0vg=; b=Ve5+4evBxBSgmTZh+VZ+lq05W2Y1C5/3t/PtnhKMDjB2Ab2LaMV38jrDFo9/eUTScy Zpfxq7AojxBW2V6qZtu124ltwoIjClyXQIl+VbMSd359DEDfF8LHLwywrmsPhvsSp6bt LJjDsUiSIjmeJVynmiV2Gidaetgx5HgK/g8/DN1ttJmx2VkWECTNltQpQ/IshxDg1nPU D/FtqAmKAFUUUvbNxws/AZlmXHpHZxnFjn8dpM7ZhDp/jTw4XoFEkl4O1EUWldR1tp/q pkqgb0XodgGtvIvTcAYed8nMRV0YKtWMDnP9mqvfJefLHtKucIhi3ljgRhjlIyhB1rJB 4NlQ== X-Gm-Message-State: AOJu0YxABxFjQgjnRbojiGRFtcLTED3nt+TrkdwqyWOQId0CqqTbsjqT Tb58Pttbz4ufb/2K2Q08Btl3HMWDPD/rz8yOjfh6b+JQR3eYTqX6eP2EtWB5QmjM1T1BAp77Xtv o X-Gm-Gg: ASbGnctk4s79VUgQWuSpmTdwDiYr+wza6w3GHQkEiOvYJYO2Mu2VQJnXf/lpMOm2wRT N3JD1Ewr8vFmGjkuv1AYnJWsp5kTLrr3gz5kuFJ9HvFdc7BTyFP/rPqBfFzm/iJsMm1y1sqeipG KF9enWaiXC8g9CNx+OVnGScqCBE89rY5LuY7kvmw2ao+ol1Masn7OJVCnaFh8rsl7jrQ8LX7SHw GZxPBKBlNyglN3RNyUCZWtRbvXsWHL2JHWJf3/f5QSUWH+Gw6G7iNB40NCUva92Wdmlr+YPvPc4 Ifm8a570RsyHM/QPTCXWdUfeRo4sJW8= X-Google-Smtp-Source: AGHT+IHyoRB9m4/Y/KVMLDZ3dJi0AR6KR74OU/G+DXyTT/xAJdY8h6Cxs+6SdK+vw19hOGZOSPJijg== X-Received: by 2002:a17:903:3bc4:b0:224:194c:694c with SMTP id d9443c01a7336-22df57ca640mr15791905ad.28.1745982035580; Tue, 29 Apr 2025 20:00:35 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:35 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 14/15] buildtools-tarball: Make buildtools respects host CA certificates Date: Tue, 29 Apr 2025 20:00:02 -0700 Message-ID: <0653b96bac6d0800dc5154557706a323418808be.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215720 From: Changqing Li To adapt user network enviroment, buildtools should first try to use the user configured envs like SSL_CERT_FILE/CURL_CA_BUNDLE/..., if these envs is not set, then use the auto-detected ca file and ca path, and finally use the CA certificates in buildtools. nativesdk-openssl set OPENSSLDIR as "/not/builtin", need set SSL_CERT_FILE/SSL_CERT_DIR to work nativesdk-curl don't set default ca file, need SSL_CERT_FILE/SSL_CERT_DIR or CURL_CA_BUNDLE/CURL_CA_PATH to work nativesdk-git actually use libcurl, and GIT_SSL_CAPATH/GIT_SSL_CAINFO also works nativesdk-python3-requests will use cacert.pem under python module certifi by default, need to set REQUESTS_CA_BUNDLE Signed-off-by: Changqing Li Signed-off-by: Steve Sakoman --- .../openssl/files/environment.d-openssl.sh | 25 +++++++++++++++---- meta/recipes-core/meta/buildtools-tarball.bb | 23 ++++++++++++++++- .../git/git/environment.d-git.sh | 21 +++++++++++++--- .../environment.d-python3-requests.sh | 13 +++++++--- .../curl/curl/environment.d-curl.sh | 21 +++++++++++++--- 5 files changed, 88 insertions(+), 15 deletions(-) diff --git a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh index 6cb82d7386..c635be8aca 100644 --- a/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh +++ b/meta/recipes-connectivity/openssl/files/environment.d-openssl.sh @@ -1,8 +1,23 @@ export OPENSSL_CONF="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/openssl.cnf" -if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs" - export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt" - export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE" -fi export OPENSSL_MODULES="$OECORE_NATIVE_SYSROOT/usr/lib/ossl-modules/" export OPENSSL_ENGINES="$OECORE_NATIVE_SYSROOT/usr/lib/engines-3" + +# Respect host env SSL_CERT_FILE/SSL_CERT_DIR first, then auto-detected host cert, then cert in buildtools +# CAFILE/CAPATH is auto-deteced when source buildtools +if [ -z "$SSL_CERT_FILE" ]; then + if [ -n "$CAFILE" ];then + export SSL_CERT_FILE="$CAFILE" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export SSL_CERT_FILE="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs/ca-certificates.crt" + fi +fi + +if [ -z "$SSL_CERT_DIR" ]; then + if [ -n "$CAPATH" ];then + export SSL_CERT_DIR="$CAPATH" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export SSL_CERT_DIR="$OECORE_NATIVE_SYSROOT/usr/lib/ssl/certs" + fi +fi + +export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} SSL_CERT_DIR SSL_CERT_FILE" diff --git a/meta/recipes-core/meta/buildtools-tarball.bb b/meta/recipes-core/meta/buildtools-tarball.bb index 414c266663..8e78169e23 100644 --- a/meta/recipes-core/meta/buildtools-tarball.bb +++ b/meta/recipes-core/meta/buildtools-tarball.bb @@ -80,14 +80,35 @@ create_sdk_files:append () { toolchain_create_sdk_version ${SDK_OUTPUT}/${SDKPATH}/version-${SDK_SYS} cat >> $script </dev/null 2>/dev/null; then + CAPATH="\$a" +fi + if [ -d "\$OECORE_NATIVE_SYSROOT/environment-setup.d" ]; then for envfile in \$OECORE_NATIVE_SYSROOT/environment-setup.d/*.sh; do . \$envfile done fi + # We have to unset this else it can confuse oe-selftest and other tools # which may also use the overlapping namespace. -unset OECORE_NATIVE_SYSROOT +unset OECORE_NATIVE_SYSROOT CAFILE CAPATH EOF if [ "${SDKMACHINE}" = "i686" ]; then diff --git a/meta/recipes-devtools/git/git/environment.d-git.sh b/meta/recipes-devtools/git/git/environment.d-git.sh index f8e3221510..9c7b5a9251 100644 --- a/meta/recipes-devtools/git/git/environment.d-git.sh +++ b/meta/recipes-devtools/git/git/environment.d-git.sh @@ -1,4 +1,19 @@ -if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" - export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO" +# Respect host env GIT_SSL_CAINFO/GIT_SSL_CAPATH first, then auto-detected host cert, then cert in buildtools +# CAFILE/CAPATH is auto-deteced when source buildtools +if [ -z "$GIT_SSL_CAINFO" ]; then + if [ -n "$CAFILE" ];then + export GIT_SSL_CAINFO="$CAFILE" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export GIT_SSL_CAINFO="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + fi fi + +if [ -z "$GIT_SSL_CAPATH" ]; then + if [ -n "$CAPATH" ];then + export GIT_SSL_CAPATH="$CAPATH" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export GIT_SSL_CAPATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs" + fi +fi + +export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} GIT_SSL_CAINFO GIT_SSL_CAPATH" diff --git a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh index c7faec127d..492177a9c3 100644 --- a/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh +++ b/meta/recipes-devtools/python/python3-requests/environment.d-python3-requests.sh @@ -1,4 +1,11 @@ -if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" - export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} REQUESTS_CA_BUNDLE" +# Respect host env REQUESTS_CA_BUNDLE first, then auto-detected host cert, then cert in buildtools +# CAFILE/CAPATH is auto-deteced when source buildtools +if [ -z "$REQUESTS_CA_BUNDLE" ]; then + if [ -n "$CAFILE" ];then + export REQUESTS_CA_BUNDLE="$CAFILE" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export REQUESTS_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + fi fi + +export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} REQUESTS_CA_BUNDLE" diff --git a/meta/recipes-support/curl/curl/environment.d-curl.sh b/meta/recipes-support/curl/curl/environment.d-curl.sh index 0ab83a267d..7c2971b3da 100644 --- a/meta/recipes-support/curl/curl/environment.d-curl.sh +++ b/meta/recipes-support/curl/curl/environment.d-curl.sh @@ -1,4 +1,19 @@ -if [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then - export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" - export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} CURL_CA_BUNDLE" +# Respect host env CURL_CA_BUNDLE/CURL_CA_PATH first, then auto-detected host cert, then cert in buildtools +# CAFILE/CAPATH is auto-deteced when source buildtools +if [ -z "$CURL_CA_PATH" ]; then + if [ -n "$CAFILE" ];then + export CURL_CA_BUNDLE="$CAFILE" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export CURL_CA_BUNDLE="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" + fi fi + +if [ -z "$CURL_CA_PATH" ]; then + if [ -n "$CAPATH" ];then + export CURL_CA_PATH="$CAPATH" + elif [ -e "${OECORE_NATIVE_SYSROOT}/etc/ssl/certs/ca-certificates.crt" ];then + export CURL_CA_PATH="${OECORE_NATIVE_SYSROOT}/etc/ssl/certs" + fi +fi + +export BB_ENV_PASSTHROUGH_ADDITIONS="${BB_ENV_PASSTHROUGH_ADDITIONS:-} CURL_CA_BUNDLE CURL_CA_PATH" From patchwork Wed Apr 30 03:00:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 62157 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E51BC369DC for ; Wed, 30 Apr 2025 03:00:47 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.8300.1745982037837887828 for ; Tue, 29 Apr 2025 20:00:37 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=afVLr8um; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-225477548e1so71191125ad.0 for ; Tue, 29 Apr 2025 20:00:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1745982037; x=1746586837; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=bfgAOC9ZJwuGD6vI4Seto0HF5ffogu45Seb3Rjtfjnk=; b=afVLr8umEIY3FSxhu3UB+XgC6OshNzh1PlCgJtm7exwV71u12+X1/CFeP9xflbhWsY axJ9OuUuKt2Rh5Z2WlN+6C2DRVhSk3+RxAN0njO0aR9t2glQM/r12sagk1akfGTGhTML Uz8mwX/gd2a7BbMIaXuXmJsRfmaVczGzF5jOqB7yMyhCtF94I6KqELYHBV3ZO7i4DNAz 6MZy3/6Yw64NtbOIuF2cAEV6cwdRQp0ADLA66JRw9v3rF19S1yhAmq8jGSrLhS4HcBPi mpNCLw/0X49TKG9JiJvpQFM/nT1XQ9gXPC3pNCWRa5HL3/6jBPy+3sZTUkoPSkkLxvRK i+EA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1745982037; x=1746586837; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bfgAOC9ZJwuGD6vI4Seto0HF5ffogu45Seb3Rjtfjnk=; b=SvUEhmmGJy8fhQuK6tTisV2ZZ23AruQQu2i2b6sLkApaSraDSk5nck4wwF4375EZ3N q6D8S1T33dxkwgb3DR2QjzBFCTrJYJXo6Sn+ngGM9q8jrg0KC0LsvnQteB3tNrp58t8Q FdvZPOZjqNOAYbX4vFjxxx8rfYWWakg83w90vPvtOp0paUR6paxcy1dJEsVOkIDrVzww lpnUIgjPcIHkr/sNrQIzb41vn5KYU8kXlTF72VH4jUS9OtMiscZFKj07n394TwIyfER8 5+n00LvXgBP4iLHTErK9Hs2Pu+9z0b9aUo0PbKW/leSiL20YB6urytfPiaP56IVbXmYj qAwQ== X-Gm-Message-State: AOJu0YxsI/RZLIOuwY/VDVDi7MaenyFssT4XHOqKSujdDxEmwNcRuwiz QVgI7s1RnlqwK+Q4X/QXql1/wDakfylVkfskwQmXAbaZVJFJ0nEirYNAwR/BotxbTQNpjB1PNFk z X-Gm-Gg: ASbGncsy6ReoidJl8uxWJcsw/X8cK1XYWjAM0lgU7MEd1IP9nUGNoq2idJ8nNWN/JWB a5cRXiGdVN1Yz6MXWh4Hrlcb7uOZl6BZRuDvTbeXaWjxsZg3KGVzoTCVawX+W7ifi6E2fV8zVsC 0fZduLQiTjb4IpM8pIXi5OZtGFC26PzLMyAKC+2BtnC6urLAkQOOjZocdUUdhyQuRCYFEKu3Ww5 btKtrycfsFDEe/osjSafpy2ZVY0xPUD3dpb0BzNZ9/SvtWwX9dvMe3YnzTbH71bTXvGnzi5C3jD SYfBBXW2nbdGrEhfSU8FI2RNZwVsP6Zzo42dneN0Lg== X-Google-Smtp-Source: AGHT+IGVSONefCEdOeXxhcd+LARLrh9vxBD2tvFwhS5Drhylx+vQswL7NPeDKm1M2vEUub+VEnRCyw== X-Received: by 2002:a17:903:910:b0:223:432b:593d with SMTP id d9443c01a7336-22df3576684mr23267885ad.42.1745982037050; Tue, 29 Apr 2025 20:00:37 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34b:e5e0:c38a:7e03]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-22de49dccd3sm30461175ad.123.2025.04.29.20.00.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 29 Apr 2025 20:00:36 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 15/15] Revert "cve-update-nvd2-native: Tweak to work better with NFS DL_DIR" Date: Tue, 29 Apr 2025 20:00:03 -0700 Message-ID: <00dd4901e364d16d96cfab864823a9cfdd336eeb.1745981742.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 30 Apr 2025 03:00:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/215721 From: Peter Marko This reverts commit 7adaec468d3a61d88c990b1b319b34850bee7e44. It does not seem to fix the issue it was supposed to fix. Additionally it breaks code which decides in full/partial update, because it manipulates timestamp that code is relying on. Signed-off-by: Richard Purdie (cherry picked from commit ebc65fdddd7ce51f0f1008baa30d0ae7918ae0bb) Signed-off-by: Steve Sakoman --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 2 -- 1 file changed, 2 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 74c780493d..945bd1d927 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -90,8 +90,6 @@ python do_fetch() { if update_db_file(db_tmp_file, d, database_time) == True: # Update downloaded correctly, can swap files shutil.move(db_tmp_file, db_file) - # Need to 'touch' the file to ensure NFS sees the data - os.utime(db_file) else: # Update failed, do not modify the database bb.warn("CVE database update failed")