From patchwork Tue Jul 1 13:37:59 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65917 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB708C7EE30 for ; Tue, 1 Jul 2025 13:38:23 +0000 (UTC) Received: from mail-pj1-f53.google.com (mail-pj1-f53.google.com [209.85.216.53]) by mx.groups.io with SMTP id smtpd.web10.10922.1751377099063489485 for ; Tue, 01 Jul 2025 06:38:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=0YuwYTUq; spf=softfail (domain: sakoman.com, ip: 209.85.216.53, mailfrom: steve@sakoman.com) Received: by mail-pj1-f53.google.com with SMTP id 98e67ed59e1d1-311e46d38ddso4738059a91.0 for ; Tue, 01 Jul 2025 06:38:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377098; x=1751981898; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=zvGtmwQmLsBQXj+t9m9mMnglLO8sQ2taEy3HBceBgt4=; b=0YuwYTUq85y3DTgC5w415NhQbafNXdOqpFM5WwuP8nrMldzNwzFPCthCSH3J40f635 W6R127ChHBzsAMFT1DwvTkjdojNhGHT41Zp2xhtCGQhXYLhfeSgJJRZ8ayNPmvxTYlJF TfahQb32TQh6ySwksJma5LXWRdBgNxEPqqdBZLDLN6cHWEHRqdSBB/6eX8OLySTTCQYD 8VPmCfSQcvY8/o4W6bP02BhEbaWJpscIjFuD5SpTR1dE5+6rkA2PbBswBE5vIncL0tJJ Yv3hi/X7J1dPoEKRDDk2nX3PjGmDON6z7H5w/PACIutw4WznlyAeIBbwg0IdH0wTtfvD Gedw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377098; x=1751981898; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=zvGtmwQmLsBQXj+t9m9mMnglLO8sQ2taEy3HBceBgt4=; b=aDzLrbUIBvJQXivwZXe6fY0BoECsxHvQNHYfosyCAoB+qXW2LJHxy3XGGapvvBtKzw UAiVlX5XWgRPNq757C49RtTMsaTw/GH5ZPnutygJxVfPlZTqDZ3BdpLFy7WCJ4JWgJp1 NcqRrM3j3OmJnkMOEZKAdqw8ivbuqUBPIDgwWtDVfJuggLZqB5l0S3Myh8usm8FFxS4x okuNoXH5yf7x7qxkSGW/eE9BZRpMYOn08yFPsY0pFJbfQa/ZFpQADkzUiiQ+A3fOhiWw F/tJdVbWKYojJA0vkSv1R2dGrD5sSUTXUEo7ZedJBpnYGIfaX6X2Ndy1RrrbEQyQAI4/ 4hug== X-Gm-Message-State: AOJu0YyQyvMO5ADJGJxUIS2siREJnsdkwGfqcbw5D/7icYiSvMXbU5VE QfhUeaUFrNecE3dGaRkvIEIeu97BDbOMPOADK8SqUbhOf+2gv1WSe3meiVs1JJT8Ltub9dI918M fVLPb X-Gm-Gg: ASbGnct2Q8UGkCcFi0pNlno2WUzwa+Iforh9O+UpWRXpwMA5fP+SUnar+oVeRQbOFgo 4OkUQ4D3F5moDx/Dwkdo9HrNyC7nb5nBKmcOFzuCIrSrMgdvkS2nBMqNGKV+WMxi3G66JYxftvN FyARwbEs3dkuDJyYhK4vbsPR3nqwfgmFxG584r74op6Iao5MSoH7fbfnZhJkGyfHhNd3p8zg8e+ vkK6atPG/IVL21TXLevufln0H8xLFJ1BywGOjfc+T/fBdIucPCLZPSLojiFTgSq56cUElrVGVSs k9a/ED/pGhiHXSx5NLb+Uic8gakrLJtuaBumdzAFHN9c++cyqAlopA== X-Google-Smtp-Source: AGHT+IES1whkIZitP3idr6RFaP7TaQUZWetjuuUWp6A9g/aG06HAXWsZEIfSxW5/4/oCY1vXR9a+3g== X-Received: by 2002:a17:90b:2785:b0:312:e90b:419e with SMTP id 98e67ed59e1d1-318c8ed8542mr31418179a91.12.1751377097755; Tue, 01 Jul 2025 06:38:17 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 01/11] python3-urllib3: fix CVE-2025-50181 Date: Tue, 1 Jul 2025 06:37:59 -0700 Message-ID: <819273b5b8b9279c01035cb72377fd8cbb51a198.1751376952.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219572 From: Yogita Urade urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-50181 Upstream patch: https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- .../python3-urllib3/CVE-2025-50181.patch | 283 ++++++++++++++++++ .../python/python3-urllib3_2.3.0.bb | 4 + 2 files changed, 287 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch diff --git a/meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch b/meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch new file mode 100644 index 0000000000..a8cea0a020 --- /dev/null +++ b/meta/recipes-devtools/python/python3-urllib3/CVE-2025-50181.patch @@ -0,0 +1,283 @@ +From f05b1329126d5be6de501f9d1e3e36738bc08857 Mon Sep 17 00:00:00 2001 +From: Illia Volochii +Date: Wed, 18 Jun 2025 16:25:01 +0300 +Subject: [PATCH] Merge commit from fork + +* Apply Quentin's suggestion + +Co-authored-by: Quentin Pradet + +* Add tests for disabled redirects in the pool manager + +* Add a possible fix for the issue with not raised `MaxRetryError` + +* Make urllib3 handle redirects instead of JS when JSPI is used + +* Fix info in the new comment + +* State that redirects with XHR are not controlled by urllib3 + +* Remove excessive params from new test requests + +* Add tests reaching max non-0 redirects + +* Test redirects with Emscripten + +* Fix `test_merge_pool_kwargs` + +* Add a changelog entry + +* Parametrize tests + +* Drop a fix for Emscripten + +* Apply Seth's suggestion to docs + +Co-authored-by: Seth Michael Larson + +* Use a minor release instead of the patch one + +--------- + +Co-authored-by: Quentin Pradet +Co-authored-by: Seth Michael Larson + +CVE: CVE-2025-50181 +Upstream-Status: Backport [https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857] + +Signed-off-by: Yogita Urade +--- + docs/reference/contrib/emscripten.rst | 2 +- + dummyserver/app.py | 1 + + src/urllib3/poolmanager.py | 18 +++- + test/contrib/emscripten/test_emscripten.py | 16 ++++ + test/test_poolmanager.py | 5 +- + test/with_dummyserver/test_poolmanager.py | 101 +++++++++++++++++++++ + 6 files changed, 139 insertions(+), 4 deletions(-) + +diff --git a/docs/reference/contrib/emscripten.rst b/docs/reference/contrib/emscripten.rst +index 99fb20f..a8f1cda 100644 +--- a/docs/reference/contrib/emscripten.rst ++++ b/docs/reference/contrib/emscripten.rst +@@ -65,7 +65,7 @@ Features which are usable with Emscripten support are: + * Timeouts + * Retries + * Streaming (with Web Workers and Cross-Origin Isolation) +-* Redirects ++* Redirects (determined by browser/runtime, not restrictable with urllib3) + * Decompressing response bodies + + Features which don't work with Emscripten: +diff --git a/dummyserver/app.py b/dummyserver/app.py +index 97b1b23..0eeb93f 100644 +--- a/dummyserver/app.py ++++ b/dummyserver/app.py +@@ -227,6 +227,7 @@ async def encodingrequest() -> ResponseReturnValue: + + + @hypercorn_app.route("/redirect", methods=["GET", "POST", "PUT"]) ++@pyodide_testing_app.route("/redirect", methods=["GET", "POST", "PUT"]) + async def redirect() -> ResponseReturnValue: + "Perform a redirect to ``target``" + values = await request.values +diff --git a/src/urllib3/poolmanager.py b/src/urllib3/poolmanager.py +index 085d1db..5763fea 100644 +--- a/src/urllib3/poolmanager.py ++++ b/src/urllib3/poolmanager.py +@@ -203,6 +203,22 @@ class PoolManager(RequestMethods): + **connection_pool_kw: typing.Any, + ) -> None: + super().__init__(headers) ++ if "retries" in connection_pool_kw: ++ retries = connection_pool_kw["retries"] ++ if not isinstance(retries, Retry): ++ # When Retry is initialized, raise_on_redirect is based ++ # on a redirect boolean value. ++ # But requests made via a pool manager always set ++ # redirect to False, and raise_on_redirect always ends ++ # up being False consequently. ++ # Here we fix the issue by setting raise_on_redirect to ++ # a value needed by the pool manager without considering ++ # the redirect boolean. ++ raise_on_redirect = retries is not False ++ retries = Retry.from_int(retries, redirect=False) ++ retries.raise_on_redirect = raise_on_redirect ++ connection_pool_kw = connection_pool_kw.copy() ++ connection_pool_kw["retries"] = retries + self.connection_pool_kw = connection_pool_kw + + self.pools: RecentlyUsedContainer[PoolKey, HTTPConnectionPool] +@@ -456,7 +472,7 @@ class PoolManager(RequestMethods): + kw["body"] = None + kw["headers"] = HTTPHeaderDict(kw["headers"])._prepare_for_method_change() + +- retries = kw.get("retries") ++ retries = kw.get("retries", response.retries) + if not isinstance(retries, Retry): + retries = Retry.from_int(retries, redirect=redirect) + +diff --git a/test/contrib/emscripten/test_emscripten.py b/test/contrib/emscripten/test_emscripten.py +index 9317a09..5eaa674 100644 +--- a/test/contrib/emscripten/test_emscripten.py ++++ b/test/contrib/emscripten/test_emscripten.py +@@ -944,6 +944,22 @@ def test_retries( + pyodide_test(selenium_coverage, testserver_http.http_host, find_unused_port()) + + ++def test_redirects( ++ selenium_coverage: typing.Any, testserver_http: PyodideServerInfo ++) -> None: ++ @run_in_pyodide # type: ignore[misc] ++ def pyodide_test(selenium_coverage: typing.Any, host: str, port: int) -> None: ++ from urllib3 import request ++ ++ redirect_url = f"http://{host}:{port}/redirect" ++ response = request("GET", redirect_url) ++ assert response.status == 200 ++ ++ pyodide_test( ++ selenium_coverage, testserver_http.http_host, testserver_http.http_port ++ ) ++ ++ + def test_insecure_requests_warning( + selenium_coverage: typing.Any, testserver_http: PyodideServerInfo + ) -> None: +diff --git a/test/test_poolmanager.py b/test/test_poolmanager.py +index ab5f203..b481a19 100644 +--- a/test/test_poolmanager.py ++++ b/test/test_poolmanager.py +@@ -379,9 +379,10 @@ class TestPoolManager: + + def test_merge_pool_kwargs(self) -> None: + """Assert _merge_pool_kwargs works in the happy case""" +- p = PoolManager(retries=100) ++ retries = retry.Retry(total=100) ++ p = PoolManager(retries=retries) + merged = p._merge_pool_kwargs({"new_key": "value"}) +- assert {"retries": 100, "new_key": "value"} == merged ++ assert {"retries": retries, "new_key": "value"} == merged + + def test_merge_pool_kwargs_none(self) -> None: + """Assert false-y values to _merge_pool_kwargs result in defaults""" +diff --git a/test/with_dummyserver/test_poolmanager.py b/test/with_dummyserver/test_poolmanager.py +index af77241..7f163ab 100644 +--- a/test/with_dummyserver/test_poolmanager.py ++++ b/test/with_dummyserver/test_poolmanager.py +@@ -84,6 +84,89 @@ class TestPoolManager(HypercornDummyServerTestCase): + assert r.status == 200 + assert r.data == b"Dummy server!" + ++ @pytest.mark.parametrize( ++ "retries", ++ (0, Retry(total=0), Retry(redirect=0), Retry(total=0, redirect=0)), ++ ) ++ def test_redirects_disabled_for_pool_manager_with_0( ++ self, retries: typing.Literal[0] | Retry ++ ) -> None: ++ """ ++ Check handling redirects when retries is set to 0 on the pool ++ manager. ++ """ ++ with PoolManager(retries=retries) as http: ++ with pytest.raises(MaxRetryError): ++ http.request("GET", f"{self.base_url}/redirect") ++ ++ # Setting redirect=True should not change the behavior. ++ with pytest.raises(MaxRetryError): ++ http.request("GET", f"{self.base_url}/redirect", redirect=True) ++ ++ # Setting redirect=False should not make it follow the redirect, ++ # but MaxRetryError should not be raised. ++ response = http.request("GET", f"{self.base_url}/redirect", redirect=False) ++ assert response.status == 303 ++ ++ @pytest.mark.parametrize( ++ "retries", ++ ( ++ False, ++ Retry(total=False), ++ Retry(redirect=False), ++ Retry(total=False, redirect=False), ++ ), ++ ) ++ def test_redirects_disabled_for_pool_manager_with_false( ++ self, retries: typing.Literal[False] | Retry ++ ) -> None: ++ """ ++ Check that setting retries set to False on the pool manager disables ++ raising MaxRetryError and redirect=True does not change the ++ behavior. ++ """ ++ with PoolManager(retries=retries) as http: ++ response = http.request("GET", f"{self.base_url}/redirect") ++ assert response.status == 303 ++ ++ response = http.request("GET", f"{self.base_url}/redirect", redirect=True) ++ assert response.status == 303 ++ ++ response = http.request("GET", f"{self.base_url}/redirect", redirect=False) ++ assert response.status == 303 ++ ++ def test_redirects_disabled_for_individual_request(self) -> None: ++ """ ++ Check handling redirects when they are meant to be disabled ++ on the request level. ++ """ ++ with PoolManager() as http: ++ # Check when redirect is not passed. ++ with pytest.raises(MaxRetryError): ++ http.request("GET", f"{self.base_url}/redirect", retries=0) ++ response = http.request("GET", f"{self.base_url}/redirect", retries=False) ++ assert response.status == 303 ++ ++ # Check when redirect=True. ++ with pytest.raises(MaxRetryError): ++ http.request( ++ "GET", f"{self.base_url}/redirect", retries=0, redirect=True ++ ) ++ response = http.request( ++ "GET", f"{self.base_url}/redirect", retries=False, redirect=True ++ ) ++ assert response.status == 303 ++ ++ # Check when redirect=False. ++ response = http.request( ++ "GET", f"{self.base_url}/redirect", retries=0, redirect=False ++ ) ++ assert response.status == 303 ++ response = http.request( ++ "GET", f"{self.base_url}/redirect", retries=False, redirect=False ++ ) ++ assert response.status == 303 ++ + def test_cross_host_redirect(self) -> None: + with PoolManager() as http: + cross_host_location = f"{self.base_url_alt}/echo?a=b" +@@ -138,6 +221,24 @@ class TestPoolManager(HypercornDummyServerTestCase): + pool = http.connection_from_host(self.host, self.port) + assert pool.num_connections == 1 + ++ # Check when retries are configured for the pool manager. ++ with PoolManager(retries=1) as http: ++ with pytest.raises(MaxRetryError): ++ http.request( ++ "GET", ++ f"{self.base_url}/redirect", ++ fields={"target": f"/redirect?target={self.base_url}/"}, ++ ) ++ ++ # Here we allow more retries for the request. ++ response = http.request( ++ "GET", ++ f"{self.base_url}/redirect", ++ fields={"target": f"/redirect?target={self.base_url}/"}, ++ retries=2, ++ ) ++ assert response.status == 200 ++ + def test_redirect_cross_host_remove_headers(self) -> None: + with PoolManager() as http: + r = http.request( +-- +2.40.0 diff --git a/meta/recipes-devtools/python/python3-urllib3_2.3.0.bb b/meta/recipes-devtools/python/python3-urllib3_2.3.0.bb index fe913e6b73..218a226431 100644 --- a/meta/recipes-devtools/python/python3-urllib3_2.3.0.bb +++ b/meta/recipes-devtools/python/python3-urllib3_2.3.0.bb @@ -7,6 +7,10 @@ SRC_URI[sha256sum] = "f8c5449b3cf0861679ce7e0503c7b44b5ec981bec0d1d3795a07f1ba96 inherit pypi python_hatchling +SRC_URI += " \ + file://CVE-2025-50181.patch \ +" + DEPENDS += " \ python3-hatch-vcs-native \ " From patchwork Tue Jul 1 13:38:00 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65919 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA000C8303D for ; Tue, 1 Jul 2025 13:38:23 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web11.11119.1751377100361207329 for ; Tue, 01 Jul 2025 06:38:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=xtLgR+Oh; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-315f6b20cf9so3450877a91.2 for ; Tue, 01 Jul 2025 06:38:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377099; x=1751981899; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=6M8mkYde9xAcbPrPHiRDOjxMbbMFVmpLN0OmQ7utEE0=; b=xtLgR+OhFJtF7AEylidDAq1zMUmlc8P7I3ZxVo15ETfNLmLGjsl+oAddpizGR9l4b8 BYhP1UjNeyPSRTu01MK+rpP0q6OqEELyZDEwVXqFh6WB69GaZlGVUBUaQwS4IfOlpC7E 054HWWM0B+aMENXd5cNEYExaEzAAXudwhQufmZO7PxP5HrXs4aQFkM3ncoVY9QrFTGF7 Yhloe1yRDiL4ObB/erU1d+CD+OtkhtA0G+pID+uBb1KrFrb5GDdBTujfyC6fqfwtbHSQ JVEtqHXjHReyK6meTiCJgZBQVLy8YMNVDbRe6RJfyTv1W9Ze0T3mMsuvc3iH72+bq1eK u8ww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377099; x=1751981899; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6M8mkYde9xAcbPrPHiRDOjxMbbMFVmpLN0OmQ7utEE0=; b=STmAoGNPvWLthlzBXLTOrxASbCSRS+ewwtnITYlDfhQIlbNkAy40nJE/yd/pqHSwgE 5Bf+lrDprsWWNn9RJE//+eRzgYHa865L7/Mn5zJkfh+B7LHifXkSOTqUGd8axGZ1j49l 3Ndl7T5txxGEeNcrrTzYHGa+uaVjYhLAfKBUEGS2Tomb733ls6vmNdD91it9zmNPFhb6 8gpYCK+HY7Hk/yJoZWyQD1xChbCr/RaPfbtzlVouqNKqKpgxrBWKDEpgXqktNSbY/goi hm9Wqw1iFxgVoytIm7yoDSMwwW5p9BTq5eTvrmYUWYodIl9pxgGIvuX2Orgdd62l77SI +Y/g== X-Gm-Message-State: AOJu0YwDJ81IwLhZ/ZojkT+OgL+PBQZ/2qLijTLW6ffhAI/4JHZjEkU6 PQTI8xOf+nMBl08cod7zXe13lbxbIAPds5eZCefsLc/JxE8IB2YDj/0e3LgQM5Eh/TipXICnch+ J6Odr X-Gm-Gg: ASbGncs5TSbr12oU7NbtQteMZDe704+Z5uHFjAmUW8VnH+/LC3yuLqKk6q0t46OwHo2 +Mqs8uRj8rgPOslcRBkniWSDmhXABrnzQPru9bJbk9tdUN4zyNOwovP7B74Aticja9+Ki1kfzZP gmVL1EWC5WXhScHTsQ0croY1JN2uSoaAYpdTqzdUdaJxxFATy+aMPbTCyrHgKDSfVRzUaPF2H3+ EnB8SLmpD3oVEFuibW9MgSvT84Y/TcztkhcdWajCDB4tzhitxY8/sQee78Y38bIfV94SFO2NcIO jPvDkNsR2HBBp8L9cvcv1UvhSf13nF38q9Fd6ZQUQjsTgRW9hA1cwPsjZIOFrI8A X-Google-Smtp-Source: AGHT+IHmbmRmk0TqESR7i+in8Eh/xnedTr3W+Sq0+RFZNzI0Fhm7xQNYVkRJoTK/fUkL+F1jLyIe8g== X-Received: by 2002:a17:90a:ec86:b0:311:a314:c2ca with SMTP id 98e67ed59e1d1-318c8ff301cmr21786332a91.6.1751377099445; Tue, 01 Jul 2025 06:38:19 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:19 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 02/11] python3-urllib3: fix CVE-2025-50182 Date: Tue, 1 Jul 2025 06:38:00 -0700 Message-ID: <082b865d9814e7e7aca4466551a035199aa8b563.1751376952.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219573 From: Yogita Urade urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-50182 Upstream patch: https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f Signed-off-by: Yogita Urade Signed-off-by: Steve Sakoman --- .../python3-urllib3/CVE-2025-50182.patch | 125 ++++++++++++++++++ .../python/python3-urllib3_2.3.0.bb | 1 + 2 files changed, 126 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-urllib3/CVE-2025-50182.patch diff --git a/meta/recipes-devtools/python/python3-urllib3/CVE-2025-50182.patch b/meta/recipes-devtools/python/python3-urllib3/CVE-2025-50182.patch new file mode 100644 index 0000000000..2f6ba478d5 --- /dev/null +++ b/meta/recipes-devtools/python/python3-urllib3/CVE-2025-50182.patch @@ -0,0 +1,125 @@ +From 7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f Mon Sep 17 00:00:00 2001 +From: Illia Volochii +Date: Wed, 18 Jun 2025 16:30:35 +0300 +Subject: [PATCH] Merge commit from fork + +CVE: CVE-2025-50182 +Upstream-Status: Backport [https://github.com/urllib3/urllib3/commit/7eb4a2aafe49a279c29b6d1f0ed0f42e9736194f] + +Signed-off-by: Yogita Urade +--- + docs/reference/contrib/emscripten.rst | 2 +- + src/urllib3/contrib/emscripten/fetch.py | 20 ++++++++++ + test/contrib/emscripten/test_emscripten.py | 46 ++++++++++++++++++++++ + 3 files changed, 67 insertions(+), 1 deletion(-) + +diff --git a/docs/reference/contrib/emscripten.rst b/docs/reference/contrib/emscripten.rst +index a8f1cda..4670757 100644 +--- a/docs/reference/contrib/emscripten.rst ++++ b/docs/reference/contrib/emscripten.rst +@@ -65,7 +65,7 @@ Features which are usable with Emscripten support are: + * Timeouts + * Retries + * Streaming (with Web Workers and Cross-Origin Isolation) +-* Redirects (determined by browser/runtime, not restrictable with urllib3) ++* Redirects (urllib3 controls redirects in Node.js but not in browsers where behavior is determined by runtime) + * Decompressing response bodies + + Features which don't work with Emscripten: +diff --git a/src/urllib3/contrib/emscripten/fetch.py b/src/urllib3/contrib/emscripten/fetch.py +index a514306..6695821 100644 +--- a/src/urllib3/contrib/emscripten/fetch.py ++++ b/src/urllib3/contrib/emscripten/fetch.py +@@ -573,6 +573,11 @@ def send_jspi_request( + "method": request.method, + "signal": js_abort_controller.signal, + } ++ # Node.js returns the whole response (unlike opaqueredirect in browsers), ++ # so urllib3 can set `redirect: manual` to control redirects itself. ++ # https://stackoverflow.com/a/78524615 ++ if _is_node_js(): ++ fetch_data["redirect"] = "manual" + # Call JavaScript fetch (async api, returns a promise) + fetcher_promise_js = js.fetch(request.url, _obj_from_dict(fetch_data)) + # Now suspend WebAssembly until we resolve that promise +@@ -693,6 +698,21 @@ def has_jspi() -> bool: + return False + + ++def _is_node_js() -> bool: ++ """ ++ Check if we are in Node.js. ++ ++ :return: True if we are in Node.js. ++ :rtype: bool ++ """ ++ return ( ++ hasattr(js, "process") ++ and hasattr(js.process, "release") ++ # According to the Node.js documentation, the release name is always "node". ++ and js.process.release.name == "node" ++ ) ++ ++ + def streaming_ready() -> bool | None: + if _fetcher: + return _fetcher.streaming_ready +diff --git a/test/contrib/emscripten/test_emscripten.py b/test/contrib/emscripten/test_emscripten.py +index 5eaa674..fbf89fc 100644 +--- a/test/contrib/emscripten/test_emscripten.py ++++ b/test/contrib/emscripten/test_emscripten.py +@@ -960,6 +960,52 @@ def test_redirects( + ) + + ++@pytest.mark.with_jspi ++def test_disabled_redirects( ++ selenium_coverage: typing.Any, testserver_http: PyodideServerInfo ++) -> None: ++ """ ++ Test that urllib3 can control redirects in Node.js. ++ """ ++ ++ @run_in_pyodide # type: ignore[misc] ++ def pyodide_test(selenium_coverage: typing.Any, host: str, port: int) -> None: ++ import pytest ++ ++ from urllib3 import PoolManager, request ++ from urllib3.contrib.emscripten.fetch import _is_node_js ++ from urllib3.exceptions import MaxRetryError ++ ++ if not _is_node_js(): ++ pytest.skip("urllib3 does not control redirects in browsers.") ++ ++ redirect_url = f"http://{host}:{port}/redirect" ++ ++ with PoolManager(retries=0) as http: ++ with pytest.raises(MaxRetryError): ++ http.request("GET", redirect_url) ++ ++ response = http.request("GET", redirect_url, redirect=False) ++ assert response.status == 303 ++ ++ with PoolManager(retries=False) as http: ++ response = http.request("GET", redirect_url) ++ assert response.status == 303 ++ ++ with pytest.raises(MaxRetryError): ++ request("GET", redirect_url, retries=0) ++ ++ response = request("GET", redirect_url, redirect=False) ++ assert response.status == 303 ++ ++ response = request("GET", redirect_url, retries=0, redirect=False) ++ assert response.status == 303 ++ ++ pyodide_test( ++ selenium_coverage, testserver_http.http_host, testserver_http.http_port ++ ) ++ ++ + def test_insecure_requests_warning( + selenium_coverage: typing.Any, testserver_http: PyodideServerInfo + ) -> None: +-- +2.40.0 diff --git a/meta/recipes-devtools/python/python3-urllib3_2.3.0.bb b/meta/recipes-devtools/python/python3-urllib3_2.3.0.bb index 218a226431..c5e3751255 100644 --- a/meta/recipes-devtools/python/python3-urllib3_2.3.0.bb +++ b/meta/recipes-devtools/python/python3-urllib3_2.3.0.bb @@ -9,6 +9,7 @@ inherit pypi python_hatchling SRC_URI += " \ file://CVE-2025-50181.patch \ + file://CVE-2025-50182.patch \ " DEPENDS += " \ From patchwork Tue Jul 1 13:38:01 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65920 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C9E82C8303A for ; Tue, 1 Jul 2025 13:38:23 +0000 (UTC) Received: from mail-pj1-f52.google.com (mail-pj1-f52.google.com [209.85.216.52]) by mx.groups.io with SMTP id smtpd.web11.11121.1751377102258442814 for ; Tue, 01 Jul 2025 06:38:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=YFOOv0xH; spf=softfail (domain: sakoman.com, ip: 209.85.216.52, mailfrom: steve@sakoman.com) Received: by mail-pj1-f52.google.com with SMTP id 98e67ed59e1d1-311e46d38ddso4738117a91.0 for ; Tue, 01 Jul 2025 06:38:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377101; x=1751981901; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CLhB8Scz9Iyhxj3ucDuGbyeYx7CnhhjiJ+vvlHmMRc0=; b=YFOOv0xH54R9+5okM1UqGwLr2oPr23YytDG3lzgt8Ok5oRHGr6IRNKPuW/npW4if4m hjfgsHu+MmA1Su2OT/k0IUBNU4tHjfB20LTxra5PpuNXbeklBZFNpfsQIvfmU3QApZ8M IoW/lguBu9XUwP4XZ4JKWmnGCs20bG4nAkSnjjqAwhBD8gwPTdGnvWjr4qv7nN+Rt7iY 4+uGz6xIBwkphNuRSO5jzdlsp4DIYlDBaZ5ewUoIW4QZt6gU1niFXXkP5TSB8yypupHq IteykMgbv6IGNVf6nVzcoz7JQCr8G86lJBv005rLS+rUz7s52j0LW489Tb3EB2sN0Uue EgMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377101; x=1751981901; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CLhB8Scz9Iyhxj3ucDuGbyeYx7CnhhjiJ+vvlHmMRc0=; b=pFnkIR6oGy30V/IkeUS8Vi1dVX4LqusmRhgpY4fUbGXQoON2WgFOBcOKZ8DPO/LPY1 AYA0pw2CrdvMF5+csSCacT/welacsCRcYaeQvrnOUslCrQ9hfipa5fbvh1+6yiGY60FI m88Ah/me1RZXc1y+sISKS99PyMsyHU67LjIiQUvFNVE6fW74S5Wg6EN5vaOlsbYJxr2a Lmq4W2N2QAevHPplgR/JcwsBqydSWBjiZi6u01Kcb8zs8+1Y5eT01eDd/OmMc06m4eV0 oOKlZyGLE/9Ah+c+HyXMBhCGTU0nt6RWecRnGVW1pzt3HvyeFijUx3rBosmhfDshI+4Q eVZQ== X-Gm-Message-State: AOJu0YzpmMcwka2T+syv/bDxkrhALACYRHMwOHCv15fFkmtXb7rW8gWU OxIP4VKP9rhIWna4ErWrkf+7JazLSV8MxlKznb/j9/sj/SUlzKpZy/TDAHPKAwc0vpDFogK1DSk EOIR7 X-Gm-Gg: ASbGncs+Abc3pn9PsDxBXlZs2f6wI9Mbj3qyBigH8wH4DQpiJw6QY9vwF+wJPWRLn6R 6zlZcrAH2Y9VZtmff1feTXgF1BSbGz2mRGfHEEtu9VqeAziTGUuNgdjv/s+6s+dpEF/5x4TE9Kn JuiAfjf2yKfKyANQYfTsBzKtc3NIi6KcttWtOmQlTwRmrKtYePyYcaEpVGpjsuWrOIa1IMAMDYh oIQlI7iE5SaE7FBiQ7e/coKExwYwzpQ4V1YK2e3Sbu5w5tt88aGUbbBAvaC3G004od8M1pcI3/l H4nFpfRaNXJgkfiICfhHbH78E4Z+DI3k/PDdOmj/KEsUR//egAVs4Q== X-Google-Smtp-Source: AGHT+IHawW0pggPy6YW2gWh9k/AQztN7GslQjJh2p/R7DfoNaNdDyyqD8wqYTJgWSzcdN3/zoKz9Wg== X-Received: by 2002:a17:90b:5386:b0:2fe:85f0:e115 with SMTP id 98e67ed59e1d1-318c925242bmr21702614a91.26.1751377101137; Tue, 01 Jul 2025 06:38:21 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:20 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 03/11] python3-setuptools: fix CVE-2025-47273 Date: Tue, 1 Jul 2025 06:38:01 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219574 From: Praveen Kumar setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files to arbitrary locations on the filesystem with the permissions of the process running the Python code, which could escalate to remote code execution depending on the context. Version 78.1.1 fixes the issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-47273 Upstream-patch: https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b Signed-off-by: Praveen Kumar Signed-off-by: Steve Sakoman --- .../CVE-2025-47273-pre1.patch | 55 +++++++++++++++++ .../python3-setuptools/CVE-2025-47273.patch | 60 +++++++++++++++++++ .../python/python3-setuptools_76.0.0.bb | 5 +- 3 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch create mode 100644 meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch new file mode 100644 index 0000000000..d75f05fc68 --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273-pre1.patch @@ -0,0 +1,55 @@ +From d8390feaa99091d1ba9626bec0e4ba7072fc507a Mon Sep 17 00:00:00 2001 +From: "Jason R. Coombs" +Date: Sat, 19 Apr 2025 12:49:55 -0400 +Subject: [PATCH] Extract _resolve_download_filename with test. + +CVE: CVE-2025-47273 #Dependency Patch + +Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/d8390feaa99091d1ba9626bec0e4ba7072fc507a] + +Signed-off-by: Praveen Kumar +--- + setuptools/package_index.py | 20 ++++++++++++++++---- + 1 file changed, 16 insertions(+), 4 deletions(-) + +diff --git a/setuptools/package_index.py b/setuptools/package_index.py +index 1a6abeb..b317735 100644 +--- a/setuptools/package_index.py ++++ b/setuptools/package_index.py +@@ -807,9 +807,16 @@ class PackageIndex(Environment): + else: + raise DistutilsError(f"Download error for {url}: {v}") from v + +- def _download_url(self, url, tmpdir): +- # Determine download filename +- # ++ @staticmethod ++ def _resolve_download_filename(url, tmpdir): ++ """ ++ >>> du = PackageIndex._resolve_download_filename ++ >>> root = getfixture('tmp_path') ++ >>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz' ++ >>> import pathlib ++ >>> str(pathlib.Path(du(url, root)).relative_to(root)) ++ 'setuptools-78.1.0.tar.gz' ++ """ + name, _fragment = egg_info_for_url(url) + if name: + while '..' in name: +@@ -820,8 +827,13 @@ class PackageIndex(Environment): + if name.endswith('.egg.zip'): + name = name[:-4] # strip the extra .zip before download + +- filename = os.path.join(tmpdir, name) ++ return os.path.join(tmpdir, name) + ++ def _download_url(self, url, tmpdir): ++ """ ++ Determine the download filename. ++ """ ++ filename = self._resolve_download_filename(url, tmpdir) + return self._download_vcs(url, filename) or self._download_other(url, filename) + + @staticmethod +-- +2.40.0 diff --git a/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch new file mode 100644 index 0000000000..3c44a2a321 --- /dev/null +++ b/meta/recipes-devtools/python/python3-setuptools/CVE-2025-47273.patch @@ -0,0 +1,60 @@ +From 250a6d17978f9f6ac3ac887091f2d32886fbbb0b Mon Sep 17 00:00:00 2001 +From: "Jason R. Coombs" +Date: Sat, 19 Apr 2025 13:03:47 -0400 +Subject: [PATCH] Add a check to ensure the name resolves relative to the + tmpdir. + +Closes #4946 + +CVE: CVE-2025-47273 + +Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/250a6d17978f9f6ac3ac887091f2d32886fbbb0b] + +Signed-off-by: Praveen Kumar +--- + setuptools/package_index.py | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/setuptools/package_index.py b/setuptools/package_index.py +index b317735..a8f868e 100644 +--- a/setuptools/package_index.py ++++ b/setuptools/package_index.py +@@ -810,12 +810,20 @@ class PackageIndex(Environment): + @staticmethod + def _resolve_download_filename(url, tmpdir): + """ ++ >>> import pathlib + >>> du = PackageIndex._resolve_download_filename + >>> root = getfixture('tmp_path') + >>> url = 'https://files.pythonhosted.org/packages/a9/5a/0db.../setuptools-78.1.0.tar.gz' +- >>> import pathlib + >>> str(pathlib.Path(du(url, root)).relative_to(root)) + 'setuptools-78.1.0.tar.gz' ++ ++ Ensures the target is always in tmpdir. ++ ++ >>> url = 'https://anyhost/%2fhome%2fuser%2f.ssh%2fauthorized_keys' ++ >>> du(url, root) ++ Traceback (most recent call last): ++ ... ++ ValueError: Invalid filename... + """ + name, _fragment = egg_info_for_url(url) + if name: +@@ -827,7 +835,13 @@ class PackageIndex(Environment): + if name.endswith('.egg.zip'): + name = name[:-4] # strip the extra .zip before download + +- return os.path.join(tmpdir, name) ++ filename = os.path.join(tmpdir, name) ++ ++ # ensure path resolves within the tmpdir ++ if not filename.startswith(str(tmpdir)): ++ raise ValueError(f"Invalid filename {filename}") ++ ++ return filename + + def _download_url(self, url, tmpdir): + """ +-- +2.40.0 diff --git a/meta/recipes-devtools/python/python3-setuptools_76.0.0.bb b/meta/recipes-devtools/python/python3-setuptools_76.0.0.bb index 71c8eb1a1f..91d8fdd73b 100644 --- a/meta/recipes-devtools/python/python3-setuptools_76.0.0.bb +++ b/meta/recipes-devtools/python/python3-setuptools_76.0.0.bb @@ -11,7 +11,10 @@ CVE_PRODUCT = "python3-setuptools python:setuptools" SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch" SRC_URI += " \ - file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch" + file://0001-_distutils-sysconfig.py-make-it-possible-to-substite.patch \ + file://CVE-2025-47273-pre1.patch \ + file://CVE-2025-47273.patch \ +" SRC_URI[sha256sum] = "43b4ee60e10b0d0ee98ad11918e114c70701bc6051662a9a675a0496c1a158f4" From patchwork Tue Jul 1 13:38:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65918 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DDED8C83F01 for ; Tue, 1 Jul 2025 13:38:23 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web10.10923.1751377103556048501 for ; Tue, 01 Jul 2025 06:38:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ppMOU/xc; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-b34a78bb6e7so2429311a12.3 for ; Tue, 01 Jul 2025 06:38:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377103; x=1751981903; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Bf+x2YPb4YXcAurZu008kl64X7Aqcay96jjor1UwcJM=; b=ppMOU/xc1dTmv2V1KcnR0VPTLt4SEcIaeIAklMH4TnmFdeaXiLGKLd7AQ275s+7iSK bwCzCOHKObRaNh1dS98RrukOzAzYr/WXbQpDz3DthhgCJ6bPxjY5jpilQwyfP/wGbEXP YN6syUCJPWLkba6e5sRIWlnjsjMS420TeMB8xQQaaWNpgsbaCgsP0YKQiJ2IKOSe1E42 lKd3DG+EOdZ6g7ab+pScHHcB4y16Zb6JrDbh3LQSJqsHZ/etkZZ50v0Mb1yqkcFFkgqJ gSegxAuWrxcwL5fYaN4QSptirm8VUOGievvEY/7vFl8pI0R4eNLoWXpdHsXhJm39hATv asUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377103; x=1751981903; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Bf+x2YPb4YXcAurZu008kl64X7Aqcay96jjor1UwcJM=; b=jCTKoWFgjDuoy2MlaIgfTVPOgxkDaF+BVWVuDZk4AE/oHe8FYgiaMT8s2slBsUUm3D /iBjfTQOMUs64SFmGqvrRVaGfQD7iAb3ZSNY4Egk9SHLUlH8/Mb2L0Uz+r3kyYBq0Q4/ CPJQlXYzfxgI3dptE4yNIyV9D0GRTzy7tKZOY//DZ7/Ohgh/fvVJD2k3Th11rr4UWfEB 0O8rgwaH8MGjCXQlFqTZxlBcf02UVQa4AZ2k6JDscDMZeLHHTKk4+M4FCaGikzC9IX4v 5zRIgG40ddLzf9aixxKTNp7e5CMJRT7Qe9+aPLcbuAnK+aMlDMTSj3RUZP7YWGDq7hVg 7wbQ== X-Gm-Message-State: AOJu0YzLm7SS7DlFdaJwP66FB+/xc+UjsPkrmHapcLHR0/GghAp2Rdtn 80uvoVr/vlNcHJCS9XCZ5xOdhmEaWztMRPr7jWAaVp9BsxDQ1TUfluIdMTLqPqEt1/rlYH3KM4S dnze0 X-Gm-Gg: ASbGncvhSfkHxwZ2IJ1u4EFsmzCW74uGQXli13G2J0zXCP1BLWwhZLi31OOBzcLj2t/ oEdgJIZakXzt9SLlzje72jPElYbibe1Q60YCG/KB1OTUyKXQ0ybZd6oN4jMC8k5RdYG5GIx4ymu bgGuDvlvNcsDu5KYQjDbugIiIEBjejDRyzjIhNpB5wRIRCVG0zBvKs5SquNBRdl4OAmp80zg6hX clNTPpbjFBybJg7jYnqQAn6HCYFkkj568xY0gheGMk7LhNxVLARbY8RqrkkFT9oPIReNW5Qimj1 eNs14V8nG/H59NGhuSqycPYhhRguCEukxV6mLRM9QMNk380J/aCa1g== X-Google-Smtp-Source: AGHT+IFNDIloP/Uh1Pe9TdsVxg4k8FfC42ZsOSvBQVAbWJS5gFGLFLaE112NvD1dA3RlJJRxOLIUyg== X-Received: by 2002:a17:90b:2c84:b0:311:e8cc:424c with SMTP id 98e67ed59e1d1-318c92fa800mr23547242a91.25.1751377102571; Tue, 01 Jul 2025 06:38:22 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:22 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 04/11] libarchive: fix CVE-2025-5914 Date: Tue, 1 Jul 2025 06:38:02 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:23 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219575 From: Colin Pinnell McAllister Adds patch to backport fix for CVE-2025-5914. Signed-off-by: Colin Pinnell McAllister Signed-off-by: Steve Sakoman --- .../libarchive/libarchive/CVE-2025-5914.patch | 46 +++++++++++++++++++ .../libarchive/libarchive_3.7.9.bb | 4 +- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/libarchive/libarchive/CVE-2025-5914.patch diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2025-5914.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5914.patch new file mode 100644 index 0000000000..4d95dba209 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/CVE-2025-5914.patch @@ -0,0 +1,46 @@ +From 72a83b2885c31254687702e3a8429e3e0523221c Mon Sep 17 00:00:00 2001 +From: Tobias Stoeckmann +Date: Sun, 11 May 2025 02:17:19 +0200 +Subject: [PATCH] rar: Fix double free with over 4 billion nodes (#2598) + +If a system is capable of handling 4 billion nodes in memory, a double +free could occur because of an unsigned integer overflow leading to a +realloc call with size argument of 0. Eventually, the client will +release that memory again, triggering a double free. + +Signed-off-by: Tobias Stoeckmann + +CVE: CVE-2025-5914 +Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/09685126fcec664e2b8ca595e1fc371bd494d209] +Signed-off-by: Colin Pinnell McAllister +--- + libarchive/archive_read_support_format_rar.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index 9d155c66..9eb3c848 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -335,8 +335,8 @@ struct rar + int found_first_header; + char has_endarc_header; + struct data_block_offsets *dbo; +- unsigned int cursor; +- unsigned int nodes; ++ size_t cursor; ++ size_t nodes; + char filename_must_match; + + /* LZSS members */ +@@ -1186,7 +1186,7 @@ archive_read_format_rar_seek_data(struct archive_read *a, int64_t offset, + int whence) + { + int64_t client_offset, ret; +- unsigned int i; ++ size_t i; + struct rar *rar = (struct rar *)(a->format->data); + + if (rar->compression_method == COMPRESS_METHOD_STORE) +-- +2.49.0 + diff --git a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb b/meta/recipes-extended/libarchive/libarchive_3.7.9.bb index 9d134f7d38..1fa61c3218 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.7.9.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.7.9.bb @@ -29,7 +29,9 @@ PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd," EXTRA_OECONF += "--enable-largefile --without-iconv" -SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz" +SRC_URI = "https://libarchive.org/downloads/libarchive-${PV}.tar.gz \ + file://CVE-2025-5914.patch \ + " UPSTREAM_CHECK_URI = "http://libarchive.org/" From patchwork Tue Jul 1 13:38:03 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65921 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DF2CDC7EE30 for ; Tue, 1 Jul 2025 13:38:33 +0000 (UTC) Received: from mail-pj1-f51.google.com (mail-pj1-f51.google.com [209.85.216.51]) by mx.groups.io with SMTP id smtpd.web11.11122.1751377104798382728 for ; Tue, 01 Jul 2025 06:38:24 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=n+9cY5Ek; spf=softfail (domain: sakoman.com, ip: 209.85.216.51, mailfrom: steve@sakoman.com) Received: by mail-pj1-f51.google.com with SMTP id 98e67ed59e1d1-3141b84bf65so5473589a91.1 for ; Tue, 01 Jul 2025 06:38:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377104; x=1751981904; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=m2jkSQsusCSIuqw1LWPNPFwA+NrZLTPmuwSgy8AZosQ=; b=n+9cY5EkbiwZhKxguTsazPHp+AcGJ+ov39fq6Vdyf5EiOsuL3lbuBeN29X0L+AgbYf g0TMzyO6/U5vJLs3dX7yunlHbnBu35zWBwpMFJFS9SytlE0IOXTw/2owDMhK0meGpDYB 4ROrD3LFI3v11ssmnkd0cqE/Megh/HRtyDyGeUAaBrMWEWTUyTuOfGAl5lR7d6/KZ2lz EtO85tvkpqWrTx/CyaCEHGSvb3HtqKSS1jeaDQ+1HGq+oGTWmran6CG8zkw/DgiyO8cN YtvL2wtSkv+LSjuojmbmETUUO9dOx0GPO4iWk1+IWw4lhVV0tPTqhqiZ7bKdDTm3TCyD uLAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377104; x=1751981904; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=m2jkSQsusCSIuqw1LWPNPFwA+NrZLTPmuwSgy8AZosQ=; b=Kzz/uPLUGsHl6yTCmoFTc/tgLt6q6qFveY6EDCIlOSFnflHT10OhOeaiXEAY6olld9 3LAzvdkF28kbLsbrpFeMtkq79hQoiacKZYAAB+fX0egISDWKS090MZuaHUKHaaxWvbF0 DxmdP9c2gMteRYfQsGXcEUVB2IX65Gf3yD6GUp+ZP0oMlKs42xgLz1sAyh8kym4vK4VX gqMBFY+YppYYoWRyWTDzNgFGrUnLgpXWxCQ3w4wWxms74hRzFLeaRkUIA/fkZktGuH/I uQGnq0YcElthCqlnm+Hpw2RYR1J1dQBU9T6SDgXP2Hc9iDhEIeB9sELqjOqDAtvBLN+f cObQ== X-Gm-Message-State: AOJu0YwOuwbssqaDLP4Y7/VRMeiVrTciHfdMKXjkpXNJSbJpkMNyXdUm H+8RH/fiGiqKwuuqWxGxDO2gnipjMoyS3nVjN86l/JhGXLqGB8PWwqEcd60dAI94YDoZZgP1sfl ztRJt X-Gm-Gg: ASbGncuVxqB6Yri+4sLffHJ2ltN1M9a2zaP8a2OZGIhROYY7m9Ww83G9ZIt+Klcluqi pbAwUNxruMOVurinD4Z0EHrth2pJDG128nLVwr8x+efpEThbFbb3A1PDC4aR4WhEFo7kS/a+P0d wAp3ngg9tblX0MCZovnwYUEF7JHxvyggqDCLq4WY7d0MuFeW/Rj7u9EZC/u6aJ2izI2FmOA9tol 9Gkg55jJBhKn0fZ0kYX7lyWYvVOvG5UvvkRP1aulvR4XAp0LL56C0G/JaVihfvxYNvBX+mbXY92 WowSKNk/MslQM8liwYSqCzKcutJLOIHyldUDpTTtZ8Y0bI3eaNzofw== X-Google-Smtp-Source: AGHT+IGYSgigoYh8zTx3HvtR4JTObpDx1Szgw47++i7bIrsVPd1vldS1GRPIp5fVQ/QrZV75LHtH+A== X-Received: by 2002:a17:90b:3c03:b0:311:c970:c9ce with SMTP id 98e67ed59e1d1-318c930ff71mr24128616a91.28.1751377103980; Tue, 01 Jul 2025 06:38:23 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:23 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 05/11] python3: drop old nis module dependencies Date: Tue, 1 Jul 2025 06:38:03 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219576 From: Guðni Már Gilbert libnsl2 and libtirpc were build dependencies for the nis module. The nis module was deprecated in Python 3.11 and removed in Python 3.13 Signed-off-by: Guðni Már Gilbert Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-devtools/python/python3_3.13.4.bb | 2 -- 1 file changed, 2 deletions(-) diff --git a/meta/recipes-devtools/python/python3_3.13.4.bb b/meta/recipes-devtools/python/python3_3.13.4.bb index 5d904d6207..5b49fee3bf 100644 --- a/meta/recipes-devtools/python/python3_3.13.4.bb +++ b/meta/recipes-devtools/python/python3_3.13.4.bb @@ -72,8 +72,6 @@ DEPENDS = "\ bzip2-replacement-native \ expat \ libffi \ - libnsl2 \ - libtirpc \ ncurses \ openssl \ sqlite3 \ From patchwork Tue Jul 1 13:38:04 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65924 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04799C83F02 for ; Tue, 1 Jul 2025 13:38:34 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web11.11123.1751377106301583479 for ; Tue, 01 Jul 2025 06:38:26 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=V8Xjq4T+; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-b31d578e774so6221609a12.1 for ; Tue, 01 Jul 2025 06:38:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377105; x=1751981905; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=vcrFSlrD45i8aAvYxuvHx5fP46sqnU5nqAGmEZ4tiN8=; b=V8Xjq4T+YdToJlF+lLzfGxRHPS6CJ3NB5ZK1dmOCNNGwREzZl2fGSlEjEaZa52/imw nICrjQjHbcre+lk2AbXhteUaJt6eqgD9EB6QE1loAIHEqlZ8l9j1igxTgm2ukM+51NX8 59k8vZzkcInwsICv62B4YID+3JVcQyKIfnIvm9wGFBkSb3a6GgLPH3SsWjQd/LlcPcd9 76HdKYycCJ0iDU0fjaEL8KkX9cv12Po2VpFSm9+shnr+gRTD5lRhC17fmM6sv26MbEp7 J1h/rrmNXIrT0lJfcBnkWHeUlOWqJKb/+c135qm9skaYxntBoqhYzNOsWrDNEDrE9G9U ufPw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377105; x=1751981905; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=vcrFSlrD45i8aAvYxuvHx5fP46sqnU5nqAGmEZ4tiN8=; b=Nr1bnq+h5hQNAXH9E9KcTfZ81OvtLhWUeNB4wHre/1U8AE4kVkykAkAqZcpixBsSar npLtpLBzE0yBRGWUKJ31XfmgnfMYFaup3SK/YBcAIN6VyQSRhi2tk976FET/ZYYpKQYO afwEGl9Bc86Zo5Skdc2GQLUitF1Fp5MaXjGaixEGrGznpoRtXp2C6PCnZR9nIkYPJs0a dvyxaXCaZzKPS2GF5afOqnsBVsj22wCHBfpmC9F136vdPREvOl4pVLInJcT4kjRlvwxK 5osYyh7NyVJW3oI7AZlNCN8Y/pUor9s7IEpJsF7jA3qvlRtTWsDrw0HaXfjjuc8jG4s1 YElA== X-Gm-Message-State: AOJu0Ywj7mX1Z919yWMHVZk0PyWBfEtVdyMOy/6hh4zI07my0NupA0Pe z5DLSJMQGqg42xUgU8osLyySUobzt4fjONVnvboB7RlKaJ96JjhhO4dv40k7XSQZwdhb7iNmsfC Q9aKI X-Gm-Gg: ASbGncut6pypvNgYoSi9+uFzFYJ+62sMo1ju40L609rF0tQxhxchyBHBRDCtoUFuL8r pCG0eIagnL2SAyiRdEGVlxCRLzFuOxct/HGkmMcAjd9Mxp2dlBK++D1FqyXL82Wq7Bwz9IMegS6 1f/CvtKVmIdGdEuKAYgHhGxulgbvstrZFpWcFY1YCrE9SZj2gfsDVfdf6RV8CKLU6ezijJwSYBe FsL44WmEI3uumwlE2CtAU900PrmHnkrxBywguE6DkfUmLAupXrzhnDvMifGC7NStDU1VBQlD/in kXOsEj+ftx7RdtFk8RkphMb2DYE4Ot9ddGbkByT7kidkHd2MdOehnw== X-Google-Smtp-Source: AGHT+IF75Lpw01Ni9srCLknz/wR5+Ly88BIZ8xIQg/M4oF4Bwk7dmED1JYtqjoz9GTa8NNm2WNZDjw== X-Received: by 2002:a17:90b:184e:b0:315:aa6d:f20e with SMTP id 98e67ed59e1d1-31939adb3d9mr4901106a91.4.1751377105414; Tue, 01 Jul 2025 06:38:25 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:25 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 06/11] package_rpm.bbclass: Remove empty build directory Date: Tue, 1 Jul 2025 06:38:04 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219577 From: Robert Yang Fixed: $ bitbake acl $ ls tmp/work/core2-64-poky-linux/acl/2.3.2/build/acl-2.3.2-build/ This empty directory is created by rpmbuild, just remove it like others above. Note, master branch doesn't have this problem after upgrade to rpm 4.20.1, but it's not easy to find which patch(es) fixed the problem, and the issues haven't been fixed completely, there is still an empty SRPMS directory, so just remove the build directory as others above. If we don't fix this, there might be warnings when a recipe uses: install -m 0644 ${B}/* ${DEPLOYDIR}/boot.bin-extracted/ install: omitting directory '${B}/xilinx-bootbin-1.0-build' Signed-off-by: Robert Yang Signed-off-by: Steve Sakoman --- meta/classes-global/package_rpm.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes-global/package_rpm.bbclass b/meta/classes-global/package_rpm.bbclass index f383ed140e..c6541d141b 100644 --- a/meta/classes-global/package_rpm.bbclass +++ b/meta/classes-global/package_rpm.bbclass @@ -728,6 +728,7 @@ python do_package_rpm () { # rpm 4 creates various empty directories in _topdir, let's clean them up cleanupcmd = "rm -rf %s/BUILDROOT %s/SOURCES %s/SPECS %s/SRPMS" % (workdir, workdir, workdir, workdir) + cleanupcmd += " %s/%s-build" % (d.getVar('B'), d.getVar('P')) # Build the rpm package! d.setVar('BUILDSPEC', cmd + "\n" + cleanupcmd + "\n") From patchwork Tue Jul 1 13:38:05 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65926 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 12459C83F01 for ; Tue, 1 Jul 2025 13:38:34 +0000 (UTC) Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web11.11124.1751377107661706440 for ; Tue, 01 Jul 2025 06:38:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=bj3cIbQQ; spf=softfail (domain: sakoman.com, ip: 209.85.215.180, mailfrom: steve@sakoman.com) Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-b31e0ead80eso4875692a12.0 for ; Tue, 01 Jul 2025 06:38:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377107; x=1751981907; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NNo8mG56HC1PqZA7wxAt5Ip3D9KcaPcuT83sFaR0XiA=; b=bj3cIbQQV1XPzKOM6RL4XDf7oHlRj0Mx7wMX8LbPvaistYxUxsGsXHhGulHsyyQUHT HYvuGrlKkxCu9MrxcGbfCTdgARfgAu5QR9g4Y7VlKmvit4iQZ+glBYsuXKQ/ohSssJkx dxzCjR4LXc/cXctdCzPt1PJMH3U3WIPhoPHJ429IATby+3+AP6SRVsSZ/S9/6LYL6PoY rz7OKjakRdzNxoqqvPRlNdjMl5K3Fj2ECRIOXA0bb31qyeugdu/dc6QNukq8uspC9Omb M5PUCNtTESoqjfwKNI3sFMJ88FGqW8lwvCT9Jjvq+Qziz6yiAzAr3loJ0gUURtVzlaVD 6lEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377107; x=1751981907; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NNo8mG56HC1PqZA7wxAt5Ip3D9KcaPcuT83sFaR0XiA=; b=XDDax9BJWwMRciN4HWx06hgDLTwZDijz9UL0npyzZ9SExkExDuBhGFZ/7n0E2R+D4x /9eO3oZSUKyucRaec5PEK00tmIj6vC1N+oG0ZBqfx5w5F+9nxHM6lNchAfeww2EQlX43 uLS2ezevldEqQQt8Mj9GRlLITWFgh4qpJ1kt0aMzvQmTizKHwS/6EqA6oY2OseAfKBAN Syx0qVihSrwJs6kBup0KwAkoiRRuvszpBixonduYPx+3xnSh2LI6JS/Fq1ayNyCMwKsf EY6VGlpg72xZlQY+XOmAJM7hfhRcNhoRlcdO/nKvsLxVflzlpOXqetnycQ0ViFeLtHNy uyXQ== X-Gm-Message-State: AOJu0YxZjBsidw64Fit/RtUThNxe80TZ1Ke0bkZAjNP2JPbX+lsDHPg2 OKdBFNP8euv1wt5Lxw1rkOLUv3r8J2MjKBDHWyAYQD06vSpJcPdV7y/xcLpRbFm5pMy0sDygOfi /oDfV X-Gm-Gg: ASbGncsRd6S1bdOMZTwlUWpATuakJ3kaA7Seh3qgRusm5+xJsqIj+CrFGzRrPb05w5v uG9efjoCrgx1ulbyuo7kr6LUMIjTZVeAd7jU+E9UR09yKpXu54E/0vS+MtdWrVhAAwtd833PAno r5Czl0sNYtSvzdaet3KqOvC/oFmk7oYFr7V+A2/LakRB/vPPa1lwbc+0lXkMZxP/SMfof+58HXh e8jf4xuJYXWAF8wQM+BlkID6ijgi310RsKkhBsz/cUZaixI/PfKD4z6YHp7NvYsz4O/Laplgytk agJ0wdHxr3hkmOtBiBrVvlBQJsGmDiQ2rgG7nuEXHoUmfZbaF2NNCw== X-Google-Smtp-Source: AGHT+IFgJElc9Wz4zm2x4slxe6X7ojCbxS9AzQUeFTlFcExBvfE6iRtqnDN0TcaNA/6Ea5frB4UOAA== X-Received: by 2002:a17:90b:2f8f:b0:311:a54d:8492 with SMTP id 98e67ed59e1d1-318c910de41mr24920581a91.6.1751377106700; Tue, 01 Jul 2025 06:38:26 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:26 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 07/11] xwayland: Add missing libtirpc dependency Date: Tue, 1 Jul 2025 06:38:05 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219578 From: Richard Purdie This was being pulled in through python by accident. It no longer needs it but exposes this missing dependency. Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-graphics/xwayland/xwayland_24.1.6.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-graphics/xwayland/xwayland_24.1.6.bb b/meta/recipes-graphics/xwayland/xwayland_24.1.6.bb index 0774c1bbf5..c0b5dee4c0 100644 --- a/meta/recipes-graphics/xwayland/xwayland_24.1.6.bb +++ b/meta/recipes-graphics/xwayland/xwayland_24.1.6.bb @@ -17,7 +17,7 @@ UPSTREAM_CHECK_REGEX = "xwayland-(?P\d+(\.(?!90\d)\d+)+)\.tar" inherit meson features_check pkgconfig REQUIRED_DISTRO_FEATURES = "x11 opengl" -DEPENDS += "xorgproto xtrans pixman libxkbfile libxfont2 wayland wayland-native wayland-protocols libdrm libepoxy libxcvt" +DEPENDS += "xorgproto xtrans pixman libxkbfile libxfont2 wayland wayland-native wayland-protocols libdrm libepoxy libxcvt libtirpc" OPENGL_PKGCONFIGS = "glx glamor dri3" PACKAGECONFIG ??= "${XORG_CRYPTO} ${XWAYLAND_EI} \ From patchwork Tue Jul 1 13:38:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65923 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 046B1C8303F for ; Tue, 1 Jul 2025 13:38:34 +0000 (UTC) Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by mx.groups.io with SMTP id smtpd.web11.11125.1751377109278028759 for ; Tue, 01 Jul 2025 06:38:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=BuZ7aDYC; spf=softfail (domain: sakoman.com, ip: 209.85.210.181, mailfrom: steve@sakoman.com) Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-742c7a52e97so5632737b3a.3 for ; Tue, 01 Jul 2025 06:38:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377108; x=1751981908; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cLpFczgN2jYS8ZQSS7XhA+YuHRw8pUKb66dc7ZdivyQ=; b=BuZ7aDYCIwazwH4XSdWsgaS9UrJYUxWYKezUXFGr9tnJo5XWsl1lDHRram77zis9FE m+qghouabDh0Q9iaxg419K3qHTCEzkPmndH70uLpEyYJTdZphuLwKq8RyKgZ4RlGupAL Fil1jp0G2gQfOR+Ma9yd8Wu5pNzAYWPKPWUA6RrEy3c30QTsbKzpIDQ4sXz5D6t8kYge 8eIv/YozeB5u2YFC4QnJ8b4GSZqUZeWpNvvArAgmC3i0oGLvVXKHIg4WYUu9oheDZ2sh V7Z+adcKMDYgWTezTu/fWbvMGffGqITZrBwlSorppiiP0RNYRzcRu+pbwZ+5XcbNlLr9 IaLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377108; x=1751981908; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cLpFczgN2jYS8ZQSS7XhA+YuHRw8pUKb66dc7ZdivyQ=; b=XwjzNxZZzcJ1izGLPlGE1wabDhcxX4aI+LqPcR6SZ7h9Fhc4HfNc8AIVQ+1eoWaZYd C6S+o3xw6hE4Tf2dyQtkHnCYJtb/dP4ERR7m/nkf2RCs+qqETRrQkDxIw/DrzvGUdVJT mHQy4TaGAbLd3ai4onsfGrq7TjOAqkLw37ZRYFjTxILQXQCCTwQwS9hOtQwaA9pZ1Ffv asWkUxvHdq0kJyrCVadgmvicx3V//zyE7Uugnq9XNWDXML5VbBkilm/OY4RLgJgWdL+u LFQouejIYd/v3/LajXKeRs1/WbKsL9lTz/QabSBwIt7UL8Tpe4+7oWz1hdu15YOis53/ poQQ== X-Gm-Message-State: AOJu0Yw/Iy5u0bZ7JW5XFNjBCMYfCmspcA2R4zbkxSDHGN1lYxrjxbyL 4YL2V/dHMc1Ymoz1Em6l1LoadKKJlItBva7v+Oh5gzysWqJ99RSNNav4fOrSWzQE2/WatA95215 CVTEw X-Gm-Gg: ASbGncstpNN/qSVpDsdzGtVmmcqu9rT0kRZhe5l76mYV3iNupMgSXrQwceQRFd9SM8o 52jqMOtUCekRutBo4O++wgJ2dQX8aUdmGZq1DEjaw/W8Ojedohlf4sRxfnzMMCUvvLxJsBmnTUv j2O8rzUrNZn/EYbubXcLlji5uO33U1P2TjUg73ervy81MA8WK3CNRl0bu6AJy3eIyfJx5Z0Ep71 PTV0kxUr8r8LbnSyYGpv1/wuK6v45LMQj3HlOpPSQ7V8ntCtKViS9y6VmYbrzHlT/oG5Sk3HnM/ zjn2MQT1Y+2L41IiHyoaJtbw3Wm1wFLXqlMaeix7JK2b4BVq7JDLDA== X-Google-Smtp-Source: AGHT+IEHyMlZSA/+1iftBrV+w9BuZFNk9LocwdLpnPaWhMdIv/RAVlfXYZTG4Kk/cTDyNuQ6wMemSQ== X-Received: by 2002:a17:90b:2585:b0:313:d346:f347 with SMTP id 98e67ed59e1d1-318c9307ea0mr24699343a91.35.1751377108159; Tue, 01 Jul 2025 06:38:28 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 08/11] sstate: apply proper umask when fetching from SSTATE_MIRROR Date: Tue, 1 Jul 2025 06:38:06 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219579 From: Rasmus Villemoes Currently, files and directories created under ${SSTATE_DIR} when fetching from an sstate mirror are not created with group write, unlike when the sstate artifacts are generated locally. That's inconsistent, and problematic when the local sstate dir is shared among multiple users. Wrap the fetching in a bb.utils.umask() context manager, and for simplicity move the mkdir of SSTATE_DIR inside that. Signed-off-by: Rasmus Villemoes Signed-off-by: Richard Purdie (cherry picked from commit a6038553aaef3b88b834a09018c524c4fa41e625) Signed-off-by: Steve Sakoman --- meta/classes-global/sstate.bbclass | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/meta/classes-global/sstate.bbclass b/meta/classes-global/sstate.bbclass index 2c259a6657..b98fbba982 100644 --- a/meta/classes-global/sstate.bbclass +++ b/meta/classes-global/sstate.bbclass @@ -726,7 +726,6 @@ def pstaging_fetch(sstatefetch, d): localdata = bb.data.createCopy(d) dldir = localdata.expand("${SSTATE_DIR}") - bb.utils.mkdirhier(dldir) localdata.delVar('MIRRORS') localdata.setVar('FILESPATH', dldir) @@ -746,16 +745,19 @@ def pstaging_fetch(sstatefetch, d): if bb.utils.to_boolean(d.getVar("SSTATE_VERIFY_SIG"), False): uris += ['file://{0}.sig;downloadfilename={0}.sig'.format(sstatefetch)] - for srcuri in uris: - localdata.delVar('SRC_URI') - localdata.setVar('SRC_URI', srcuri) - try: - fetcher = bb.fetch2.Fetch([srcuri], localdata, cache=False) - fetcher.checkstatus() - fetcher.download() + with bb.utils.umask(0o002): + bb.utils.mkdirhier(dldir) - except bb.fetch2.BBFetchException: - pass + for srcuri in uris: + localdata.delVar('SRC_URI') + localdata.setVar('SRC_URI', srcuri) + try: + fetcher = bb.fetch2.Fetch([srcuri], localdata, cache=False) + fetcher.checkstatus() + fetcher.download() + + except bb.fetch2.BBFetchException: + pass def sstate_setscene(d): shared_state = sstate_state_fromvars(d) From patchwork Tue Jul 1 13:38:07 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65922 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id EBD66C8303A for ; Tue, 1 Jul 2025 13:38:33 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web10.10925.1751377110822847032 for ; Tue, 01 Jul 2025 06:38:30 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=k7Kwl6A/; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id 41be03b00d2f7-b3507b63c6fso2611703a12.2 for ; Tue, 01 Jul 2025 06:38:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377110; x=1751981910; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=g+G6vkRc9ceN5QEcRBAQAc/LkoUaGMW4zE8X9Tnku6I=; b=k7Kwl6A/KmlWFI2f89yF4U99segW0UvAZPoxFQ2xXQ3Dd4wUyHRDbxhueJTyWzbBWE MQjga7bq2EqPkTPGuyhfFdIW8Wq+dTvS0Googj/CNSToJFAKylHDmK40ylz/9ML1v8YA BOBr1EfqbrJ7wXjWh7d4eJ24eBAUx4bd4ZNjuAaBfhuIhOHsaKjqIB6CNzTWxO92rTNg 1fPAosTIUQYn7MaKgWTYeGUkUFDZgbnKR7F3x7ExH8jJ1rtbXfTPrVP5rdHXqp6ztK4c exCFtGd+/rh2doYg3yzoTG/SNHagHFvPeui7jykUbR6S+CoZoSezAkofSnzY9ihfs398 T37w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377110; x=1751981910; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g+G6vkRc9ceN5QEcRBAQAc/LkoUaGMW4zE8X9Tnku6I=; b=J0ADjKJ/wXBuxZ4IsLHJTvsbm+MMbV7BM+59O7y4FbcrgknqEyDMWcd2sMVEJGu0O9 O7RMmLcXv6Z3yrQP6b/CWecXUL8Afy25xHt4B1pjzrAQhnfA5+YghyWAOn5aieF7hGBb XQgSOdjlTEcvOHG+p94ZmMOzPWTLg6EDtH7jmGzNEG+Dxuc2VPDS6Du0DbEHUwYkp8Yd it0PYST2seMjSNAUWVlMtOL9s1sJ1BhLiIYXXm3I0nWlYpiy7Ut6FWwTJ1GAZ84yKyUF dbfyeLnDKvkNoV6q99KwHjqXM0ZmsWRi7g+pAn/DwkdUmAmF26NN96bQJwlV9IFZD6rj dKGQ== X-Gm-Message-State: AOJu0YxTPJoBS2S5Y6Wd+Zc7RJvG4sFK7cL4wV4k6Ok+EWAj7lKreBPP R4EZ8SSmYprou3PIkHl5vQdpZ4dIMlIHAtBdgXAyz5oeylOGhyUre0S92c7ulS745JQSI26OtTv 1YGsu X-Gm-Gg: ASbGncuG9W/xOVR8fcjGchUvJOo1NyLeApSCf2eCXY433/OG69Ucy/p+D+zD6uEJTE1 e/nXpJTu5128Ake8Gm0g8UayhyCPuZRvxUSELPQp6I3tHr3R46zdJiIfW5hCfG0nVmRAZgguCUN gwfH9wEEu1ZeFG9/92mbuqzkhFWYSwjcy4cyD1BZB/NMQkWTEUrqUBxN7F3CmqmhtFvxck0qpDB AGlqWgxOjbM+RyHgRUS/sjZaSopFqI1WpEdK6w4EgeoFLTmQtrpNhH5cwKBBdRq387AKtGHI+bR /RCJ9h31/EyVR4r9y+XQju3YOS/9YqD/Ho5JbaxB4GwUkWNKLrYzu6yqrAHABElp X-Google-Smtp-Source: AGHT+IFv7z0Bc2zXOk2Obf9SkwXGYsLCBJCyj6t6mRJpbTso1midHRp5idfoz9nXX1NkF7ITLFLXAQ== X-Received: by 2002:a17:90b:3cc7:b0:311:cc4e:516f with SMTP id 98e67ed59e1d1-318c92ffe75mr23886879a91.31.1751377109926; Tue, 01 Jul 2025 06:38:29 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 09/11] oeqa/sstatetests: Fix NATIVELSBSTRING handling Date: Tue, 1 Jul 2025 06:38:07 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219580 From: Richard Purdie The NATIVELSBSTRING variable changes value once a BuildStarted event occurs in a build directory. This meant running some of the tests directly in a fresh build directory would fail but they'd pass when run as a group of tests. This is clearly suboptimal. Move the NATIVELSBSTRING handling to a location where the value is consistent and a comment about the interesting behaviour of the variable so it hopefully doesn't catch out others in future. Signed-off-by: Richard Purdie (cherry picked from commit e1c46fdb44fed18909d9ff4b43b4e445c5a22d33) Signed-off-by: Rasmus Villemoes Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/sstatetests.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py b/meta/lib/oeqa/selftest/cases/sstatetests.py index 487995acc3..7231115a6b 100644 --- a/meta/lib/oeqa/selftest/cases/sstatetests.py +++ b/meta/lib/oeqa/selftest/cases/sstatetests.py @@ -27,17 +27,15 @@ class SStateBase(OESelftestTestCase): def setUpLocal(self): super(SStateBase, self).setUpLocal() self.temp_sstate_location = None - needed_vars = ['SSTATE_DIR', 'NATIVELSBSTRING', 'TCLIBC', 'TUNE_ARCH', + needed_vars = ['SSTATE_DIR', 'TCLIBC', 'TUNE_ARCH', 'TOPDIR', 'TARGET_VENDOR', 'TARGET_OS'] bb_vars = get_bb_vars(needed_vars) self.sstate_path = bb_vars['SSTATE_DIR'] - self.hostdistro = bb_vars['NATIVELSBSTRING'] self.tclibc = bb_vars['TCLIBC'] self.tune_arch = bb_vars['TUNE_ARCH'] self.topdir = bb_vars['TOPDIR'] self.target_vendor = bb_vars['TARGET_VENDOR'] self.target_os = bb_vars['TARGET_OS'] - self.distro_specific_sstate = os.path.join(self.sstate_path, self.hostdistro) def track_for_cleanup(self, path): if not keep_temp_files: @@ -52,10 +50,7 @@ class SStateBase(OESelftestTestCase): config_temp_sstate = "SSTATE_DIR = \"%s\"" % temp_sstate_path self.append_config(config_temp_sstate) self.track_for_cleanup(temp_sstate_path) - bb_vars = get_bb_vars(['SSTATE_DIR', 'NATIVELSBSTRING']) - self.sstate_path = bb_vars['SSTATE_DIR'] - self.hostdistro = bb_vars['NATIVELSBSTRING'] - self.distro_specific_sstate = os.path.join(self.sstate_path, self.hostdistro) + self.sstate_path = get_bb_var('SSTATE_DIR') if add_local_mirrors: config_set_sstate_if_not_set = 'SSTATE_MIRRORS ?= ""' @@ -65,8 +60,16 @@ class SStateBase(OESelftestTestCase): config_sstate_mirror = "SSTATE_MIRRORS += \"file://.* file:///%s/PATH\"" % local_mirror self.append_config(config_sstate_mirror) + def set_hostdistro(self): + # This needs to be read after a BuildStarted event in case it gets changed by event + # handling in uninative.bbclass + self.hostdistro = get_bb_var('NATIVELSBSTRING') + self.distro_specific_sstate = os.path.join(self.sstate_path, self.hostdistro) + # Returns a list containing sstate files def search_sstate(self, filename_regex, distro_specific=True, distro_nonspecific=True): + self.set_hostdistro() + result = [] for root, dirs, files in os.walk(self.sstate_path): if distro_specific and re.search(r"%s/%s/[a-z0-9]{2}/[a-z0-9]{2}$" % (self.sstate_path, self.hostdistro), root): @@ -153,6 +156,8 @@ class SStateBase(OESelftestTestCase): bitbake(['-ccleansstate'] + targets) + self.set_hostdistro() + bitbake(targets) results = self.search_sstate('|'.join(map(str, [s + r'.*?\.tar.zst$' for s in targets])), distro_specific=False, distro_nonspecific=True) filtered_results = [] From patchwork Tue Jul 1 13:38:08 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65925 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E002FC8303D for ; Tue, 1 Jul 2025 13:38:33 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web11.11126.1751377112323370167 for ; Tue, 01 Jul 2025 06:38:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=bKv1DPoT; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-b3226307787so2466052a12.1 for ; Tue, 01 Jul 2025 06:38:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377111; x=1751981911; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Vx5SrB+YC6BWP/OG1dATpsjWF69gjMjgAuXB+DKCdMI=; b=bKv1DPoT7TxgVTwr/RzBH0iy4rgnyBBlqKwkxzDnK+2zA8O0Xw8EFvKyoJecvhffSl V+eTtzM15MUTgQf4GdZGM/ud23KQIGuQyX5yDsmA4duCM2hOaYExUgvTC3XF0zfhqtii NXBqBZ7LZS9vYh3+qIMwpIVAJCVVaL2frxYE9nkegj6XexerX1xtIF5rmD/fpWFXr1S2 et4Nj7mLevnuYso2edTZPUABXfs4lgzeM9pgN8xF9MiSWjzOKmfkkcD8C+mKWAg4hqc2 uMMDwaVVSHo0xGEL9s2FYBeisgN/0v/haRd7/GN0QekwnGnnpK0SHbEr7PsnAFANPmI/ RMCg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377111; x=1751981911; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Vx5SrB+YC6BWP/OG1dATpsjWF69gjMjgAuXB+DKCdMI=; b=k1/VqQqfzF8JRGg8YOUvPwq6YzT4xWJLMgOsPZNAh8GQHJ8uQIjURTOXStKthmhOg6 ZN+hXORaQLbvQwK6WA1KZJkYhcAoQmtqBakbFxk9tV9LF4ICJVx/SNmpzAgWMFhvhN7l 3Z0jR4CsYQShBs68omCDBSahR8JuRb/5oQUUaZFuWE98oFapTiVA53iTqb5g2gPgPMwt g9uoqwr++loK5uXBpR1E3A17s0eMI4Gu1C8M41PeJ0wqFU3rmSh2+bTv8+TLBvLiL/ls HxVfyxrOnn1FxgQpbazJ3qd2QGGi+P+sKQmLyxmXpCH1OR98v5cnN6eID13n65CDXNjf AdJQ== X-Gm-Message-State: AOJu0YwwtRk+S2PLOagHJzBfs+2hdh+wP7AU53q70UwySpQAaHeP1F8M vME9lfKaG6L9GhMsc4y+yfGBjgTNv5J9ajbOZ3cKiT0gFeO2W0jF4T+kvDzZ9/M4sw/Xi0unA9u Lf0Ib X-Gm-Gg: ASbGncu7vQIxgV85lSgYrO94JQU8N61vA7NJcc/feLR/eENjrsW216H0U7sRiJGzXKm +e8eNfA+evgaytW8oyM4B9oZxakLqBUgCWmMHqqu0Suormklo0QRyxP9nXup0V7u3ncWGSo7rW6 WmQXwljUSztTmX5Bqg4ypf0BhEZZXtdKO7EkUxT7ftTFWMqWaGDaJCCPI7mk3bBp7wRJKe2N9Tp Gh7WCsOHQDLjYQ9jdrMiIMMInNRGShTRntTMy2G6ex0qKoK0738ZAfwWNsP75hOb3bZ+sP++8+/ mUF5o0DBlw9P/+5b8QFkfESH/yuRJq9Z1VOfNJDYgE0RP4aoaLqlNg== X-Google-Smtp-Source: AGHT+IFjxx3e3hvKL9/Wlj+wy3fBHXkm3hNUstmDri9BA6ld06LRvpxJbCVFkekn+sbkg3V4EBwW7w== X-Received: by 2002:a17:90b:3e87:b0:311:c1ec:7cfb with SMTP id 98e67ed59e1d1-318c92b793emr22557654a91.21.1751377111428; Tue, 01 Jul 2025 06:38:31 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:31 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 10/11] oeqa/sstatetests: Improve/fix sstate creation tests Date: Tue, 1 Jul 2025 06:38:08 -0700 Message-ID: <4951d08046f66e905e6ab4bdd7af347c7ed14c64.1751376952.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219581 From: Richard Purdie There are multiple problems with the sstate creation tests. They currently both execute twice, once to check one set of files, then another. We can do this together in one test which makes the code easier to follow. The common test function also has parameters which were always the same value, so those can be simplified. We can use the umask context manager from bb.utils to simplfy the umask code. The badperms test was actually broken, it was detecting bad permissions, then ignoring them. This patch fixes that regression too and allows the check to operate (relying on a separate fix to sstate umask handling). The result should be an easier to understand couple of test cases which should also function correctly and be more reliable. Signed-off-by: Richard Purdie (cherry picked from commit 5b9263040013199c5cb480125d5ca349f5d6dc55) Signed-off-by: Rasmus Villemoes Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/sstatetests.py | 78 ++++++++------------- 1 file changed, 30 insertions(+), 48 deletions(-) diff --git a/meta/lib/oeqa/selftest/cases/sstatetests.py b/meta/lib/oeqa/selftest/cases/sstatetests.py index 7231115a6b..08f94b168a 100644 --- a/meta/lib/oeqa/selftest/cases/sstatetests.py +++ b/meta/lib/oeqa/selftest/cases/sstatetests.py @@ -83,55 +83,43 @@ class SStateBase(OESelftestTestCase): return result # Test sstate files creation and their location and directory perms - def run_test_sstate_creation(self, targets, distro_specific=True, distro_nonspecific=True, temp_sstate_location=True, should_pass=True): - self.config_sstate(temp_sstate_location, [self.sstate_path]) + def run_test_sstate_creation(self, targets, hostdistro_specific): + self.config_sstate(True, [self.sstate_path]) + + bitbake(['-cclean'] + targets) - if self.temp_sstate_location: - bitbake(['-cclean'] + targets) - else: - bitbake(['-ccleansstate'] + targets) - - # We need to test that the env umask have does not effect sstate directory creation - # So, first, we'll get the current umask and set it to something we know incorrect - # See: sstate_task_postfunc for correct umask of os.umask(0o002) - import os - def current_umask(): - current_umask = os.umask(0) - os.umask(current_umask) - return current_umask - - orig_umask = current_umask() # Set it to a umask we know will be 'wrong' - os.umask(0o022) + with bb.utils.umask(0o022): + bitbake(targets) - bitbake(targets) - file_tracker = [] - results = self.search_sstate('|'.join(map(str, targets)), distro_specific, distro_nonspecific) - if distro_nonspecific: - for r in results: - if r.endswith(("_populate_lic.tar.zst", "_populate_lic.tar.zst.siginfo", "_fetch.tar.zst.siginfo", "_unpack.tar.zst.siginfo", "_patch.tar.zst.siginfo")): - continue - file_tracker.append(r) - else: - file_tracker = results + # Distro specific files + distro_specific_files = self.search_sstate('|'.join(map(str, targets)), True, False) - if should_pass: - self.assertTrue(file_tracker , msg="Could not find sstate files for: %s" % ', '.join(map(str, targets))) + # Distro non-specific + distro_non_specific_files = [] + results = self.search_sstate('|'.join(map(str, targets)), False, True) + for r in results: + if r.endswith(("_populate_lic.tar.zst", "_populate_lic.tar.zst.siginfo", "_fetch.tar.zst.siginfo", "_unpack.tar.zst.siginfo", "_patch.tar.zst.siginfo")): + continue + distro_non_specific_files.append(r) + + if hostdistro_specific: + self.assertTrue(distro_specific_files , msg="Could not find sstate files for: %s" % ', '.join(map(str, targets))) + self.assertFalse(distro_non_specific_files, msg="Found sstate files in the wrong place for: %s (found %s)" % (', '.join(map(str, targets)), str(distro_non_specific_files))) else: - self.assertTrue(not file_tracker , msg="Found sstate files in the wrong place for: %s (found %s)" % (', '.join(map(str, targets)), str(file_tracker))) + self.assertTrue(distro_non_specific_files , msg="Could not find sstate files for: %s" % ', '.join(map(str, targets))) + self.assertFalse(distro_specific_files, msg="Found sstate files in the wrong place for: %s (found %s)" % (', '.join(map(str, targets)), str(distro_specific_files))) # Now we'll walk the tree to check the mode and see if things are incorrect. badperms = [] for root, dirs, files in os.walk(self.sstate_path): for directory in dirs: - if (os.stat(os.path.join(root, directory)).st_mode & 0o777) != 0o775: - badperms.append(os.path.join(root, directory)) + mode = os.stat(os.path.join(root, directory)).st_mode & 0o777 + if mode != 0o775: + badperms.append("%s: %s vs %s" % (os.path.join(root, directory), mode, 0o775)) - # Return to original umask - os.umask(orig_umask) - - if should_pass: - self.assertTrue(badperms , msg="Found sstate directories with the wrong permissions: %s (found %s)" % (', '.join(map(str, targets)), str(badperms))) + # Check badperms is empty + self.assertFalse(badperms , msg="Found sstate directories with the wrong permissions: %s (found %s)" % (', '.join(map(str, targets)), str(badperms))) # Test the sstate files deletion part of the do_cleansstate task def run_test_cleansstate_task(self, targets, distro_specific=True, distro_nonspecific=True, temp_sstate_location=True): @@ -256,17 +244,11 @@ class SStateTests(SStateBase): bitbake("dbus-wait-test -c unpack") class SStateCreation(SStateBase): - def test_sstate_creation_distro_specific_pass(self): - self.run_test_sstate_creation(['binutils-cross-'+ self.tune_arch, 'binutils-native'], distro_specific=True, distro_nonspecific=False, temp_sstate_location=True) - - def test_sstate_creation_distro_specific_fail(self): - self.run_test_sstate_creation(['binutils-cross-'+ self.tune_arch, 'binutils-native'], distro_specific=False, distro_nonspecific=True, temp_sstate_location=True, should_pass=False) - - def test_sstate_creation_distro_nonspecific_pass(self): - self.run_test_sstate_creation(['linux-libc-headers'], distro_specific=False, distro_nonspecific=True, temp_sstate_location=True) + def test_sstate_creation_distro_specific(self): + self.run_test_sstate_creation(['binutils-cross-'+ self.tune_arch, 'binutils-native'], hostdistro_specific=True) - def test_sstate_creation_distro_nonspecific_fail(self): - self.run_test_sstate_creation(['linux-libc-headers'], distro_specific=True, distro_nonspecific=False, temp_sstate_location=True, should_pass=False) + def test_sstate_creation_distro_nonspecific(self): + self.run_test_sstate_creation(['linux-libc-headers'], hostdistro_specific=False) class SStateCleanup(SStateBase): def test_cleansstate_task_distro_specific_nonspecific(self): From patchwork Tue Jul 1 13:38:09 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 65927 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F090C7EE30 for ; Tue, 1 Jul 2025 13:38:44 +0000 (UTC) Received: from mail-pg1-f179.google.com (mail-pg1-f179.google.com [209.85.215.179]) by mx.groups.io with SMTP id smtpd.web11.11127.1751377114034275183 for ; Tue, 01 Jul 2025 06:38:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=SfivIVwC; spf=softfail (domain: sakoman.com, ip: 209.85.215.179, mailfrom: steve@sakoman.com) Received: by mail-pg1-f179.google.com with SMTP id 41be03b00d2f7-b34a6d0c9a3so3461425a12.3 for ; Tue, 01 Jul 2025 06:38:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1751377113; x=1751981913; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Mupj3C9bC19b0P2nW2FLaFSUtBy0dQSnQyakieAEsWY=; b=SfivIVwCeYXlj3fpTuFr1w3cNIgcDb5UH6zrqAfeXIVMOeEJPda7WVNpkHsJMyP4Th kghIqtxWH99CT8zbYbLgA34ew6pOcBd3Xvu1KDJ2bl5Dh39Wfak4huZiT8jlCxCDQwAf aAbq/wSRqvg7MsTRv4t6mFh9ti/jziyO94G93l3T17wXLTcAJ8cptiuCCvXlyMOQUN0B NGZHV8fqWPqvuucxB1nlnQfZwu5dQCMmUxJ+zw7/uNcjYvbEc5U/HBp39Q3KUyDZDwAY iar0G6xgGdmx3b7fdG0UfhMZNI0XDsz31zz03y1Q5+k8456szv/AFP/+o2DwXZvOFNOk rulg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751377113; x=1751981913; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Mupj3C9bC19b0P2nW2FLaFSUtBy0dQSnQyakieAEsWY=; b=VQX80ef+c4Xfg/3Ifcvnq0F910oUoJjbAhE1gYSh2kcXmJ3pZCFizIL9M0RwbRj7+q JDNvCwtdPOkc+s4UgoHbTAOMKyuKGJTqoSxO1+KDINad50A2Wces9HN5b64px8yWm6+x 4et7qxdHssgurJEs47Qw9aRy+t/lGjlevzZ4Ggyyfir8PMZktAXKjxSCR8yycWs3yjb1 N5GNVw2FMdFYtqhx3cLkp2SX+bggtEQNIWxBr7URD+YZCs5mc6R7+lVLh6m3wX7gZk4u Q38A/TOz1ABUsufu4UqbiYSowx8s67VthDMZw9k7CDDUkbY0lhu4ZdssmTVwXa8WRzyQ P0GQ== X-Gm-Message-State: AOJu0YxHMKJI8jPVTD9f9Bgnx6g1ZP0agVDr/ZO6sB14hqDDsxMc6XNe zJbh2P0K/Hnq0QBNg5wlBlA5deUprGPoygMuXsL+VHyvtXQ/6+Dr7CC+OBXPuV/QZr+dUncagVR nUbpP X-Gm-Gg: ASbGncug9GlMIv/tkVIq8Y/DPMdR0yevyWyVfKPR8lgXhdCfRoXWWJL6CbuM8hm9yeD NOjO/tjyobTXg/9Z5h9yUFskilX3b9qN5sFZlRibVS0EOlSbYf66ywSDSIsa06WzvzA1LucqVJV PZc24p/bPTu39c+lPSKOQf7kuONvaLJR8nsxlgc15WEME3ZZ6nTuVwJs6II051HgKVKq8RmnaAx 7bOqK7ibKy5FELJcibxhx/+E4Fj7QpYB5Uaw+I6Hw/WTMOHTm120TGIjFHcK/JZPgHOqxAD/2NA /hm1nZL71tisA/ULhtDJ4MIGCn3ryXiqUZER80rlBRVfQxfFGHkpCA== X-Google-Smtp-Source: AGHT+IHtyKpe/4sAw7ZFXzuNmpq53flQdtDAs9+pDXYNop24F2fdXnNJCN/FsPaxcMsLkWUglH9iVw== X-Received: by 2002:a17:90b:2ccf:b0:312:ea46:3e66 with SMTP id 98e67ed59e1d1-318c9243c60mr22967167a91.21.1751377113116; Tue, 01 Jul 2025 06:38:33 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:34f8:320a:2e39:118e]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-318c152331fsm11466117a91.44.2025.07.01.06.38.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 01 Jul 2025 06:38:32 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 11/11] tcf-agent: correct the SRC_URI Date: Tue, 1 Jul 2025 06:38:09 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 01 Jul 2025 13:38:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/219582 From: Guocai He The SRC_URI is changed to git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git Signed-off-by: Guocai He Signed-off-by: Steve Sakoman --- meta/recipes-devtools/tcf-agent/tcf-agent_git.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb index e1ac0a29a7..cd5a00fcbc 100644 --- a/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb +++ b/meta/recipes-devtools/tcf-agent/tcf-agent_git.bb @@ -1,5 +1,5 @@ SUMMARY = "Target Communication Framework for the Eclipse IDE" -HOMEPAGE = "http://wiki.eclipse.org/TCF" +HOMEPAGE = "https://gitlab.eclipse.org/eclipse/tcf/" DESCRIPTION = "TCF is a vendor-neutral, lightweight, extensible network protocol mainly for communicating with embedded systems (targets)." BUGTRACKER = "https://bugs.eclipse.org/bugs/" @@ -10,7 +10,7 @@ SRCREV = "1f11747e83ebf4f53e8d17f430136f92ec378709" PV = "1.8.0+git" UPSTREAM_CHECK_GITTAGREGEX = "(?P(\d+(\.\d+)+))" -SRC_URI = "git://git.eclipse.org/r/tcf/org.eclipse.tcf.agent.git;protocol=https;branch=master \ +SRC_URI = "git://gitlab.eclipse.org/eclipse/tcf/tcf.agent.git;protocol=https;branch=master \ file://ldflags.patch \ file://tcf-agent.init \ file://tcf-agent.service \