From patchwork Tue Aug 19 20:07:44 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68801 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 523ACCA0EF5 for ; Tue, 19 Aug 2025 20:08:05 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web11.3384.1755634084202207759 for ; Tue, 19 Aug 2025 13:08:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=m+4Tccl3; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id d2e1a72fcca58-76e4f2e4c40so3136985b3a.2 for ; Tue, 19 Aug 2025 13:08:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634083; x=1756238883; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=p7DQA5fjG4ajUiFqPLhO/xs1fmiVkJ8jdJSNFzELioA=; b=m+4Tccl3JUG2jl2Z1bRXFaz//P9LrieUxxiAsKeZ2F20YqsVGvkNFKQYceu3ouPZaM kX5I6be2CJV39HYTgfbTNoCj/9xks47x93BLzbeGXeQwcJ0cHjIVFyCn+3/3djEG0n2V 9fdZNa11KU/Euecc597lX/38s/LFbmrirDwe80l10igmCSNPUGDF08I52NjN7pSbnpkI WqCAX85r8maNZ5Ts0hwX/P+LqGauBYbEEz7XKA2FmpQvea/4picTqi+jTp5Ed3jHc07P gaPx3G065qmeREJJy71+0YRy7553fJOr3vYXwnFOtwsyj/5//nofDQdotMMZLATLWbk+ xBHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634083; x=1756238883; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=p7DQA5fjG4ajUiFqPLhO/xs1fmiVkJ8jdJSNFzELioA=; b=MOaRPkqUuNxZo3+dLXJfdnfFAhUSWzyIhy4fhYLikoHPK2ra++rOVlt0+y0VSlPwjA 6lWJfEGL8ZOG1Hmguxm0tr8QiWJ3v00RHkxqIyCGIxOhQsoUZ717/StvXRWlGYaOSWnK 90SSyC0wUdTz5jXHGhGKDQqGfG4CeGyqGLWz33focGwegR6lSMGuuVlGzwtKORvZ63D5 pnC+KVNe8Lg2/WcmbBL3OKzVGzvjQOQ3hXqB0bTV9O1mOS7BM/0XUCLMcAVwhLH3/VAl 4/Ref1DftCzczGms2wZnsbtUcSvwu24uZErxIqbEgAJe8+wfZuCmAQqqIah2LYsBIJrX 6JHg== X-Gm-Message-State: AOJu0YwbFbCBOY4qZ20Q2r3dZbnG8aqBLQ8GC2iFrAWbaASbcd7zuhJV nh6OIBuoXuUkXbPL8jCxMJT2ENy6OlyKv/v09cHBYepGlBXbJJjTnhyxf8rKx2d5Ibok7WSYk3l V6sOP X-Gm-Gg: ASbGncvR2aChRyzDP0J+RKZph+sm3PbhVovFnBQLEmYDPM0TTZ+8fZDFD1+/HUqnBIe T54bvUNAfzo4lNP4ruRVx3S2sy+/0JtLCWBSI23Zf2uCbzl6wHKeYrEGPLtf31wTinfMueUfcOx ynzfL+4iq1bbcE4npWn90pvYdvkDcrUZSrukrQ1WMvoiWeqpH3qg5UH/ppXnulzwcG1a+DAhqvV M/qqQ+0fGJ58M1b8dUROrtJVP6rPyX4tqt53TBgsF3tMDRLj0yozWxHzKJbVdg+Gfx/nb8c3V+t 7/15K5YresM1taY5GuUeCXemUemckcLqV+2M8KPuITDqHvzsiu1YUsRWBcymMLRH+lgAmZEJ9co MR1s/h9QlLnrA7A== X-Google-Smtp-Source: AGHT+IHkUMH+cfIMVnDcfuWFLRdbtO85VJzJnWmnNeixO+EZX/8d/i9WpkL9ZAX98RTFLU+snPx67g== X-Received: by 2002:a05:6a00:1a8f:b0:76b:a439:be4a with SMTP id d2e1a72fcca58-76e8dc24dccmr525375b3a.12.1755634083343; Tue, 19 Aug 2025 13:08:03 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:02 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/10] cve-check: Add missing call to exit_if_errors Date: Tue, 19 Aug 2025 13:07:44 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:05 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222128 From: Philip Lorenz check_cves may raise the cve_status_not_in_db QA check. Call exit_if_errors to make sure that the task is marked as failed when the check is categorized as an error. cve_status_not_in_db was in the meantime dropped in OE-Core 452e605b55ad61c08f4af7089a5a9c576ca28f7d so this change is only required on scarthgap. Signed-off-by: Philip Lorenz Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 6b8376bf17..d08c6ac670 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -196,6 +196,7 @@ python do_cve_check () { else: bb.note("No CVE database found, skipping CVE check") + oe.qa.exit_if_errors(d) } addtask cve_check before do_build From patchwork Tue Aug 19 20:07:45 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68804 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36784CA0EF5 for ; Tue, 19 Aug 2025 20:08:15 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web11.3386.1755634086358259809 for ; Tue, 19 Aug 2025 13:08:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=OiShb33p; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-76e39ec6e05so3769069b3a.2 for ; Tue, 19 Aug 2025 13:08:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634086; x=1756238886; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=hOiDQ3rnYZ1G8MooTuTCI3cbJd5pvfCkr8ke7GaZ3fI=; b=OiShb33pgUg9T0K5NJdORizS56oQyEaHk2s8RhiWV5U/I5RZKLvZZHA3Q+PD1N56gC 1TocX5LO64/2xEJxQqMQ2/iALd84p6p/BSQgRNOviNV9yxNlqgY+2N7CJ9+n+sXLkJNx G8E3XsTwXuWCJ/RA3zLaceOgySDJ4DwCAB9Q5Hl4uSJt+KAgG8VaPQo1XV3T9G5J16tu OtWWEUeSWczd59Vz0Ev0sn0oOSqhkrMPMSnAbGssgUZpjqWcAWUl1oZ/liJMWB7HjKRf nvk8tcxY3D8KjaZet6s8moZmrVj9Jj1ugYw1JbAZO1yWAEcAcVYddl13ttlmwobIKihk C89Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634086; x=1756238886; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hOiDQ3rnYZ1G8MooTuTCI3cbJd5pvfCkr8ke7GaZ3fI=; b=fUSVBChK0i0URkKlMnWOfRgOaErq/kdum0m8S+n1GYebvYM+lRNBqW1LJA+wcH0Nqi epB1wxvhwaIQ1Qmk9MWVGFDGLrBUYlVKg0PZFdNJ6K5z6T161RzW+mh4ZhTF/cUKOWJa MgnpvPQG61wmwVCXxYgMCU/wRCRH8d4G/BaTj02Uui1Bt7cKnIwrCNhF7OfUmNJ1LPqR BmEsByU9wjtaWGJBkRaJ7nZT7/tMiZ4CTN8/oNKp6zTDuzGJAR4i8Dl5Q5VlisNUundU XBxjeTyWshj1a9E6MGtdZGz2EZEdeGVO38Uekjtoq2zNgylwv0PPfFNNcFbo9u9BWozd humA== X-Gm-Message-State: AOJu0YzL3Htb2+1Qxk9oPIooPeg9DDCyd4kVaiA7G7SwuLNfvqgnuBFa k7nuii0UtBeOYCgGDhzFZrZEUUsZ1uUcQMLqvnBZkKDhU6jxbvyg+qkBL+1SwoYqsdPTprRXhX5 K5mlS X-Gm-Gg: ASbGncv4cJgbE7NJRBbxVr7YEjddIl1EOATZ/93GXTE/a45BzkPOGEEpz5r1MpZXrjt 1k/oy3teGksvG9oY45n10vYU8ZIRva+r7oFOLvGo4CjIOQQvHw+JiyyvEDmQcPu/j0xPBY/xd1m G/toHBkOw0SYePqQb+TaGhHSYyMvFN1Qn9BxPM96gXfXmFYmkKfNAmbxhq2t+/NO6qye6bAu1c2 d57o0xahBAWte0LNRWUSkMYudRx8D/1aAiV+q08f7nIOGRpnjhYmqkN/aw0B7czFY6x5ij8MTRp BTqjM3t/u3ofY9cPsRlUUQpRLmSuFMi4PqY0VtSyoZ4h1hJWpUHI+3odEbmJ/FuSSmH8UfH1XXW MfADZ9ikzvNmbgw== X-Google-Smtp-Source: AGHT+IHfqJdKPu+Gpe1Dz8ymAllGSG9PmM3u36+ORWZAk/6lrpdKeVXvFi0bPkQVQNq7mVA1kmpTMw== X-Received: by 2002:aa7:88c8:0:b0:74c:efae:fd8f with SMTP id d2e1a72fcca58-76e8dd44ae3mr507722b3a.15.1755634085080; Tue, 19 Aug 2025 13:08:05 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:04 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/10] dropbear: patch CVE-2025-47203 Date: Tue, 19 Aug 2025 13:07:45 -0700 Message-ID: <6d287785611c344aa0c97048c3bfc280b1787ff5.1755633925.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222129 From: Peter Marko Based on Debian patch for this CVE, pick the same commits as mentioned in kirkstone for this CVE except those already included in 2022.83. https://salsa.debian.org/debian/dropbear/-/commit/7f48e75892c40cfc6336137d62581d2c4ca7d84c Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- ...iable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch | 27 ++ ...-length-paths-and-commands-in-multih.patch | 63 +++ ...and-also-forward-this-when-multihop-.patch | 81 ++++ ...add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch | 29 ++ .../dropbear/dropbear/CVE-2025-47203.patch | 367 ++++++++++++++++++ .../recipes-core/dropbear/dropbear_2022.83.bb | 5 + 6 files changed, 572 insertions(+) create mode 100644 meta/recipes-core/dropbear/dropbear/0001-Avoid-unused-variable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0001-add-o-BatchMode-and-also-forward-this-when-multihop-.patch create mode 100644 meta/recipes-core/dropbear/dropbear/0001-cli-runopts.c-add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch create mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch diff --git a/meta/recipes-core/dropbear/dropbear/0001-Avoid-unused-variable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch b/meta/recipes-core/dropbear/dropbear/0001-Avoid-unused-variable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch new file mode 100644 index 0000000000..fbe200151e --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0001-Avoid-unused-variable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch @@ -0,0 +1,27 @@ +From d59436a4d56de58b856142a5d489a4a8fc7382ed Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Mon, 8 Apr 2024 22:01:21 +0800 +Subject: [PATCH] Avoid unused variable with DROPBEAR_CLI_PUBKEY_AUTH 0 + +Fixes PR #291 + +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/d59436a4d56de58b856142a5d489a4a8fc7382ed] +Signed-off-by: Peter Marko +--- + cli-runopts.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/cli-runopts.c b/cli-runopts.c +index b853a13..6668aee 100644 +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -533,7 +533,9 @@ static void loadidentityfile(const char* filename, int warnfail) { + static char* multihop_passthrough_args(void) { + char *args = NULL; + unsigned int len, total; ++#if DROPBEAR_CLI_PUBKEY_AUTH + m_list_elem *iter; ++#endif + /* Sufficient space for non-string args */ + len = 100; + diff --git a/meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch b/meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch new file mode 100644 index 0000000000..062f215398 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch @@ -0,0 +1,63 @@ +From 697b1f86c0b2b0caf12e9e32bab29161093ab5d4 Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Mon, 1 Apr 2024 11:50:26 +0800 +Subject: [PATCH] Handle arbitrary length paths and commands in + multihop_passthrough_args() + +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/697b1f86c0b2b0caf12e9e32bab29161093ab5d4] +Signed-off-by: Peter Marko +--- + cli-runopts.c | 30 +++++++++++++++++++++--------- + 1 file changed, 21 insertions(+), 9 deletions(-) + +diff --git a/cli-runopts.c b/cli-runopts.c +index 37ea61d..219fc53 100644 +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -528,15 +528,29 @@ static void loadidentityfile(const char* filename, int warnfail) { + + #if DROPBEAR_CLI_MULTIHOP + +-static char* +-multihop_passthrough_args() { +- char *ret, args[256]; ++/* Fill out -i, -y, -W options that make sense for all ++ * the intermediate processes */ ++static char* multihop_passthrough_args(void) { ++ char *args = NULL; + unsigned int len, total; + m_list_elem *iter; +- /* Fill out -i, -y, -W options that make sense for all +- * the intermediate processes */ ++ /* Sufficient space for non-string args */ ++ len = 100; ++ ++ /* String arguments have arbitrary length, so determine space required */ ++ if (cli_opts.proxycmd) { ++ len += strlen(cli_opts.proxycmd); ++ } ++ for (iter = cli_opts.privkeys->first; iter; iter = iter->next) ++ { ++ sign_key * key = (sign_key*)iter->item; ++ len += 4 + strlen(key->filename); ++ } ++ ++ args = m_malloc(len); + total = 0; +- len = 255; ++ ++ /* Create new argument string */ + + if (cli_opts.quiet) { + total += m_snprintf(args+total, len-total, "-q "); +@@ -564,9 +578,7 @@ multihop_passthrough_args() { + } + #endif /* DROPBEAR_CLI_PUBKEY_AUTH */ + +- ret = m_malloc(total + 1); +- strcpy(ret,args); +- return ret; ++ return args; + } + + /* Sets up 'onion-forwarding' connections. This will spawn diff --git a/meta/recipes-core/dropbear/dropbear/0001-add-o-BatchMode-and-also-forward-this-when-multihop-.patch b/meta/recipes-core/dropbear/dropbear/0001-add-o-BatchMode-and-also-forward-this-when-multihop-.patch new file mode 100644 index 0000000000..c15da6e099 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0001-add-o-BatchMode-and-also-forward-this-when-multihop-.patch @@ -0,0 +1,81 @@ +From 2f1177e55f33afd676e08c9449ab7ab517fc3b30 Mon Sep 17 00:00:00 2001 +From: HansH111 +Date: Sat, 24 Feb 2024 08:29:30 +0000 +Subject: [PATCH] add -o BatchMode and also forward this when multihop + destination is used + +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/2f1177e55f33afd676e08c9449ab7ab517fc3b30] +Signed-off-by: Peter Marko +--- + cli-runopts.c | 33 +++++++++++---------------------- + 1 file changed, 11 insertions(+), 22 deletions(-) + +diff --git a/cli-runopts.c b/cli-runopts.c +index 38a73f7..37ea61d 100644 +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -530,53 +530,42 @@ static void loadidentityfile(const char* filename, int warnfail) { + + static char* + multihop_passthrough_args() { +- char *ret; ++ char *ret, args[256]; + unsigned int len, total; + m_list_elem *iter; + /* Fill out -i, -y, -W options that make sense for all +- * the intermediate processes */ +- len = 30; /* space for "-q -y -y -W \0" */ +-#if DROPBEAR_CLI_PUBKEY_AUTH +- for (iter = cli_opts.privkeys->first; iter; iter = iter->next) +- { +- sign_key * key = (sign_key*)iter->item; +- len += 3 + strlen(key->filename); +- } +-#endif /* DROPBEAR_CLI_PUBKEY_AUTH */ +- if (cli_opts.proxycmd) { +- /* "-J 'cmd'" */ +- len += 6 + strlen(cli_opts.proxycmd); +- } +- +- ret = m_malloc(len); ++ * the intermediate processes */ + total = 0; ++ len = 255; + + if (cli_opts.quiet) { +- total += m_snprintf(ret+total, len-total, "-q "); ++ total += m_snprintf(args+total, len-total, "-q "); + } + + if (cli_opts.no_hostkey_check) { +- total += m_snprintf(ret+total, len-total, "-y -y "); ++ total += m_snprintf(args+total, len-total, "-y -y "); + } else if (cli_opts.always_accept_key) { +- total += m_snprintf(ret+total, len-total, "-y "); ++ total += m_snprintf(args+total, len-total, "-y "); + } + + if (cli_opts.proxycmd) { +- total += m_snprintf(ret+total, len-total, "-J '%s' ", cli_opts.proxycmd); ++ total += m_snprintf(args+total, len-total, "-J '%s' ", cli_opts.proxycmd); + } + + if (opts.recv_window != DEFAULT_RECV_WINDOW) { +- total += m_snprintf(ret+total, len-total, "-W %u ", opts.recv_window); ++ total += m_snprintf(args+total, len-total, "-W %u ", opts.recv_window); + } + + #if DROPBEAR_CLI_PUBKEY_AUTH + for (iter = cli_opts.privkeys->first; iter; iter = iter->next) + { + sign_key * key = (sign_key*)iter->item; +- total += m_snprintf(ret+total, len-total, "-i %s ", key->filename); ++ total += m_snprintf(args+total, len-total, "-i %s ", key->filename); + } + #endif /* DROPBEAR_CLI_PUBKEY_AUTH */ + ++ ret = m_malloc(total + 1); ++ strcpy(ret,args); + return ret; + } + diff --git a/meta/recipes-core/dropbear/dropbear/0001-cli-runopts.c-add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch b/meta/recipes-core/dropbear/dropbear/0001-cli-runopts.c-add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch new file mode 100644 index 0000000000..da7de00389 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0001-cli-runopts.c-add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch @@ -0,0 +1,29 @@ +From dd03da772bfad6174425066ff9752b60e25ed183 Mon Sep 17 00:00:00 2001 +From: Sergey Ponomarev +Date: Sun, 7 Apr 2024 21:16:50 +0300 +Subject: [PATCH] cli-runopts.c add missing DROPBEAR_CLI_PUBKEY_AUTH + +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/dd03da772bfad6174425066ff9752b60e25ed183] +Signed-off-by: Peter Marko +--- + cli-runopts.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/cli-runopts.c b/cli-runopts.c +index 219fc53..b853a13 100644 +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -541,11 +541,13 @@ static char* multihop_passthrough_args(void) { + if (cli_opts.proxycmd) { + len += strlen(cli_opts.proxycmd); + } ++#if DROPBEAR_CLI_PUBKEY_AUTH + for (iter = cli_opts.privkeys->first; iter; iter = iter->next) + { + sign_key * key = (sign_key*)iter->item; + len += 4 + strlen(key->filename); + } ++#endif + + args = m_malloc(len); + total = 0; diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch b/meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch new file mode 100644 index 0000000000..513fbafce0 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2025-47203.patch @@ -0,0 +1,367 @@ +From e5a0ef27c227f7ae69d9a9fec98a056494409b9b Mon Sep 17 00:00:00 2001 +From: Matt Johnston +Date: Mon, 5 May 2025 23:14:19 +0800 +Subject: [PATCH] Execute multihop commands directly, no shell + +This avoids problems with shell escaping if arguments contain special +characters. + +CVE: CVE-2025-47203 +Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/e5a0ef27c227f7ae69d9a9fec98a056494409b9b] +Signed-off-by: Peter Marko +--- + cli-main.c | 59 +++++++++++++++++++---------- + cli-runopts.c | 100 +++++++++++++++++++++++++++++--------------------- + dbutil.c | 9 ++++- + dbutil.h | 1 + + runopts.h | 5 +++ + 5 files changed, 112 insertions(+), 62 deletions(-) + +diff --git a/cli-main.c b/cli-main.c +index 065fd76..2fafa88 100644 +--- a/cli-main.c ++++ b/cli-main.c +@@ -77,9 +77,8 @@ int main(int argc, char ** argv) { + } + + #if DROPBEAR_CLI_PROXYCMD +- if (cli_opts.proxycmd) { ++ if (cli_opts.proxycmd || cli_opts.proxyexec) { + cli_proxy_cmd(&sock_in, &sock_out, &proxy_cmd_pid); +- m_free(cli_opts.proxycmd); + if (signal(SIGINT, kill_proxy_sighandler) == SIG_ERR || + signal(SIGTERM, kill_proxy_sighandler) == SIG_ERR || + signal(SIGHUP, kill_proxy_sighandler) == SIG_ERR) { +@@ -101,7 +100,8 @@ int main(int argc, char ** argv) { + } + #endif /* DBMULTI stuff */ + +-static void exec_proxy_cmd(const void *user_data_cmd) { ++#if DROPBEAR_CLI_PROXYCMD ++static void shell_proxy_cmd(const void *user_data_cmd) { + const char *cmd = user_data_cmd; + char *usershell; + +@@ -110,41 +110,62 @@ static void exec_proxy_cmd(const void *user_data_cmd) { + dropbear_exit("Failed to run '%s'\n", cmd); + } + +-#if DROPBEAR_CLI_PROXYCMD ++static void exec_proxy_cmd(const void *unused) { ++ (void)unused; ++ run_command(cli_opts.proxyexec[0], cli_opts.proxyexec, ses.maxfd); ++ dropbear_exit("Failed to run '%s'\n", cli_opts.proxyexec[0]); ++} ++ + static void cli_proxy_cmd(int *sock_in, int *sock_out, pid_t *pid_out) { +- char * ex_cmd = NULL; +- size_t ex_cmdlen; ++ char * cmd_arg = NULL; ++ void (*exec_fn)(const void *user_data) = NULL; + int ret; + ++ /* exactly one of cli_opts.proxycmd or cli_opts.proxyexec should be set */ ++ + /* File descriptor "-j &3" */ +- if (*cli_opts.proxycmd == '&') { ++ if (cli_opts.proxycmd && *cli_opts.proxycmd == '&') { + char *p = cli_opts.proxycmd + 1; + int sock = strtoul(p, &p, 10); + /* must be a single number, and not stdin/stdout/stderr */ + if (sock > 2 && sock < 1024 && *p == '\0') { + *sock_in = sock; + *sock_out = sock; +- return; ++ goto cleanup; + } + } + +- /* Normal proxycommand */ ++ if (cli_opts.proxycmd) { ++ /* Normal proxycommand */ ++ size_t shell_cmdlen; ++ /* So that spawn_command knows which shell to run */ ++ fill_passwd(cli_opts.own_user); + +- /* So that spawn_command knows which shell to run */ +- fill_passwd(cli_opts.own_user); ++ shell_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */ ++ cmd_arg = m_malloc(shell_cmdlen); ++ snprintf(cmd_arg, shell_cmdlen, "exec %s", cli_opts.proxycmd); ++ exec_fn = shell_proxy_cmd; ++ } else { ++ /* No shell */ ++ exec_fn = exec_proxy_cmd; ++ } + +- ex_cmdlen = strlen(cli_opts.proxycmd) + 6; /* "exec " + command + '\0' */ +- ex_cmd = m_malloc(ex_cmdlen); +- snprintf(ex_cmd, ex_cmdlen, "exec %s", cli_opts.proxycmd); +- +- ret = spawn_command(exec_proxy_cmd, ex_cmd, +- sock_out, sock_in, NULL, pid_out); +- DEBUG1(("cmd: %s pid=%d", ex_cmd,*pid_out)) +- m_free(ex_cmd); ++ ret = spawn_command(exec_fn, cmd_arg, sock_out, sock_in, NULL, pid_out); + if (ret == DROPBEAR_FAILURE) { + dropbear_exit("Failed running proxy command"); + *sock_in = *sock_out = -1; + } ++ ++cleanup: ++ m_free(cli_opts.proxycmd); ++ m_free(cmd_arg); ++ if (cli_opts.proxyexec) { ++ char **a = NULL; ++ for (a = cli_opts.proxyexec; *a; a++) { ++ m_free_direct(*a); ++ } ++ m_free(cli_opts.proxyexec); ++ } + } + + static void kill_proxy_sighandler(int UNUSED(signo)) { +diff --git a/cli-runopts.c b/cli-runopts.c +index 6668aee..b9add84 100644 +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -530,58 +530,81 @@ static void loadidentityfile(const char* filename, int warnfail) { + + /* Fill out -i, -y, -W options that make sense for all + * the intermediate processes */ +-static char* multihop_passthrough_args(void) { +- char *args = NULL; +- unsigned int len, total; ++static char** multihop_args(const char* argv0, const char* prior_hops) { ++ /* null terminated array */ ++ char **args = NULL; ++ size_t max_args = 14, pos = 0, len; + #if DROPBEAR_CLI_PUBKEY_AUTH + m_list_elem *iter; + #endif +- /* Sufficient space for non-string args */ +- len = 100; + +- /* String arguments have arbitrary length, so determine space required */ +- if (cli_opts.proxycmd) { +- len += strlen(cli_opts.proxycmd); +- } + #if DROPBEAR_CLI_PUBKEY_AUTH + for (iter = cli_opts.privkeys->first; iter; iter = iter->next) + { +- sign_key * key = (sign_key*)iter->item; +- len += 4 + strlen(key->filename); ++ /* "-i file" for each */ ++ max_args += 2; + } + #endif + +- args = m_malloc(len); +- total = 0; ++ args = m_malloc(sizeof(char*) * max_args); ++ pos = 0; + +- /* Create new argument string */ ++ args[pos] = m_strdup(argv0); ++ pos++; + + if (cli_opts.quiet) { +- total += m_snprintf(args+total, len-total, "-q "); ++ args[pos] = m_strdup("-q"); ++ pos++; + } + + if (cli_opts.no_hostkey_check) { +- total += m_snprintf(args+total, len-total, "-y -y "); ++ args[pos] = m_strdup("-y"); ++ pos++; ++ args[pos] = m_strdup("-y"); ++ pos++; + } else if (cli_opts.always_accept_key) { +- total += m_snprintf(args+total, len-total, "-y "); ++ args[pos] = m_strdup("-y"); ++ pos++; + } + + if (cli_opts.proxycmd) { +- total += m_snprintf(args+total, len-total, "-J '%s' ", cli_opts.proxycmd); ++ args[pos] = m_strdup("-J"); ++ pos++; ++ args[pos] = m_strdup(cli_opts.proxycmd); ++ pos++; + } + + if (opts.recv_window != DEFAULT_RECV_WINDOW) { +- total += m_snprintf(args+total, len-total, "-W %u ", opts.recv_window); ++ args[pos] = m_strdup("-W"); ++ pos++; ++ args[pos] = m_malloc(11); ++ m_snprintf(args[pos], 11, "%u", opts.recv_window); ++ pos++; + } + + #if DROPBEAR_CLI_PUBKEY_AUTH + for (iter = cli_opts.privkeys->first; iter; iter = iter->next) + { + sign_key * key = (sign_key*)iter->item; +- total += m_snprintf(args+total, len-total, "-i %s ", key->filename); ++ args[pos] = m_strdup("-i"); ++ pos++; ++ args[pos] = m_strdup(key->filename); ++ pos++; + } + #endif /* DROPBEAR_CLI_PUBKEY_AUTH */ + ++ /* last hop */ ++ args[pos] = m_strdup("-B"); ++ pos++; ++ len = strlen(cli_opts.remotehost) + strlen(cli_opts.remoteport) + 2; ++ args[pos] = m_malloc(len); ++ snprintf(args[pos], len, "%s:%s", cli_opts.remotehost, cli_opts.remoteport); ++ pos++; ++ ++ /* hostnames of prior hops */ ++ args[pos] = m_strdup(prior_hops); ++ pos++; ++ + return args; + } + +@@ -596,7 +619,7 @@ static char* multihop_passthrough_args(void) { + * etc for as many hosts as we want. + * + * Note that "-J" arguments aren't actually used, instead +- * below sets cli_opts.proxycmd directly. ++ * below sets cli_opts.proxyexec directly. + * + * Ports for hosts can be specified as host/port. + */ +@@ -604,7 +627,7 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0) + char *userhostarg = NULL; + char *hostbuf = NULL; + char *last_hop = NULL; +- char *remainder = NULL; ++ char *prior_hops = NULL; + + /* both scp and rsync parse a user@host argument + * and turn it into "-l user host". This breaks +@@ -622,6 +645,8 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0) + } + userhostarg = hostbuf; + ++ /* Split off any last hostname and use that as remotehost/remoteport. ++ * That is used for authorized_keys checking etc */ + last_hop = strrchr(userhostarg, ','); + if (last_hop) { + if (last_hop == userhostarg) { +@@ -629,35 +654,28 @@ static void parse_multihop_hostname(const char* orighostarg, const char* argv0) + } + *last_hop = '\0'; + last_hop++; +- remainder = userhostarg; ++ prior_hops = userhostarg; + userhostarg = last_hop; + } + ++ /* Update cli_opts.remotehost and cli_opts.remoteport */ + parse_hostname(userhostarg); + +- if (last_hop) { +- /* Set up the proxycmd */ +- unsigned int cmd_len = 0; +- char *passthrough_args = multihop_passthrough_args(); +- if (cli_opts.remoteport == NULL) { +- cli_opts.remoteport = "22"; ++ /* Construct any multihop proxy command. Use proxyexec to ++ * avoid worrying about shell escaping. */ ++ if (prior_hops) { ++ cli_opts.proxyexec = multihop_args(argv0, prior_hops); ++ /* Any -J argument has been copied to proxyexec */ ++ if (cli_opts.proxycmd) { ++ m_free(cli_opts.proxycmd); + } +- cmd_len = strlen(argv0) + strlen(remainder) +- + strlen(cli_opts.remotehost) + strlen(cli_opts.remoteport) +- + strlen(passthrough_args) +- + 30; +- /* replace proxycmd. old -J arguments have been copied +- to passthrough_args */ +- cli_opts.proxycmd = m_realloc(cli_opts.proxycmd, cmd_len); +- m_snprintf(cli_opts.proxycmd, cmd_len, "%s -B %s:%s %s %s", +- argv0, cli_opts.remotehost, cli_opts.remoteport, +- passthrough_args, remainder); ++ + #ifndef DISABLE_ZLIB +- /* The stream will be incompressible since it's encrypted. */ ++ /* This outer stream will be incompressible since it's encrypted. */ + opts.compress_mode = DROPBEAR_COMPRESS_OFF; + #endif +- m_free(passthrough_args); + } ++ + m_free(hostbuf); + } + #endif /* !DROPBEAR_CLI_MULTIHOP */ +diff --git a/dbutil.c b/dbutil.c +index bd66454..910fa27 100644 +--- a/dbutil.c ++++ b/dbutil.c +@@ -371,7 +371,6 @@ int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data, + void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) { + char * argv[4]; + char * baseshell = NULL; +- unsigned int i; + + baseshell = basename(usershell); + +@@ -393,6 +392,12 @@ void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) { + argv[1] = NULL; + } + ++ run_command(usershell, argv, maxfd); ++} ++ ++void run_command(const char* argv0, char** args, unsigned int maxfd) { ++ unsigned int i; ++ + /* Re-enable SIGPIPE for the executed process */ + if (signal(SIGPIPE, SIG_DFL) == SIG_ERR) { + dropbear_exit("signal() error"); +@@ -404,7 +409,7 @@ void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell) { + m_close(i); + } + +- execv(usershell, argv); ++ execv(argv0, args); + } + + #if DEBUG_TRACE +diff --git a/dbutil.h b/dbutil.h +index 64af170..bfc1f1f 100644 +--- a/dbutil.h ++++ b/dbutil.h +@@ -63,6 +63,7 @@ char * stripcontrol(const char * text); + int spawn_command(void(*exec_fn)(const void *user_data), const void *exec_data, + int *writefd, int *readfd, int *errfd, pid_t *pid); + void run_shell_command(const char* cmd, unsigned int maxfd, char* usershell); ++void run_command(const char* argv0, char** args, unsigned int maxfd); + #if ENABLE_CONNECT_UNIX + int connect_unix(const char* addr); + #endif +diff --git a/runopts.h b/runopts.h +index 1675836..11c3ef2 100644 +--- a/runopts.h ++++ b/runopts.h +@@ -188,7 +188,12 @@ typedef struct cli_runopts { + unsigned int netcat_port; + #endif + #if DROPBEAR_CLI_PROXYCMD ++ /* A proxy command to run via the user's shell */ + char *proxycmd; ++#endif ++#if DROPBEAR_CLI_MULTIHOP ++ /* Similar to proxycmd, but is arguments for execve(), not shell */ ++ char **proxyexec; + #endif + char *bind_address; + char *bind_port; diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2022.83.bb index 772e08eaed..2ed8d2c2a1 100644 --- a/meta/recipes-core/dropbear/dropbear_2022.83.bb +++ b/meta/recipes-core/dropbear/dropbear_2022.83.bb @@ -24,6 +24,11 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ file://CVE-2023-36328.patch \ file://CVE-2023-48795.patch \ + file://0001-add-o-BatchMode-and-also-forward-this-when-multihop-.patch \ + file://0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch \ + file://0001-cli-runopts.c-add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch \ + file://0001-Avoid-unused-variable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch \ + file://CVE-2025-47203.patch \ " SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b" From patchwork Tue Aug 19 20:07:46 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68805 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 36748CA0EEB for ; Tue, 19 Aug 2025 20:08:15 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web11.3387.1755634087799922534 for ; Tue, 19 Aug 2025 13:08:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pw/5mlwn; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-76e2ea94c7dso6323776b3a.2 for ; Tue, 19 Aug 2025 13:08:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634087; x=1756238887; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=89j2EQOqpL4YmxeOw19daWNZtK52ZUV1s2Iv6gozWoU=; b=pw/5mlwnVljEbz1APv3cm/rcmxiSQgxF/JefethaSaLltZazJxfk39pXTbR4Is+I5l ES64MiUt1Lu+GBzllopCpe3e5clNP7gcuSsyTYZDRDOj1WzEnRXbVHc0Vmttbg0McWJp JgLJkg39hiePRNORIEZaBv6+A4WKvOPkGdXC4MIbiyKwtcesldtIwf7oriF0pucBrcPj h02M1vKUUGxLr5lL/XMTxUQJEld7dgB7lXsdLjuk2QEqbAAGI9FjZgKjwa2djlCGLj5N LG+ykH/P54jt2BjNuxFo9dy1eobmryicZhtZpinqb3j4G2yODv5sovR3UAK2Df+ngCJe c3iQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634087; x=1756238887; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=89j2EQOqpL4YmxeOw19daWNZtK52ZUV1s2Iv6gozWoU=; b=jfQhaEaiAGVVJYeNjYWRJ2456MzwC4ISdku8aJKH+WJFzhrTgBJ1SKVqLynWN0wGVq I2lKy1ktm65pa5+98LXplhu/QFFtDkFR6I/iFOIQ7CnN7t7hu0Hd1Mwb2sMkyjn/gfZC dhjWZXmbVeOgAvV1eRNKhCLP7Zu/vSrUoLlLjyjxCifPImIO869SsbjMxlOChu8jnDKr CUSbDVlfXUswugZAGvd9h6Ywk1HxtqQuiY3ClXKFKDY2+BSMZGGef0bYNOOjS6EYIldo JwiUF1Q0Zl6q/YGFfT399vCXerqQcnOnbXvRLYjMMrlBF4JHx9uE6GkhWSIyv8DN/1JF LqDA== X-Gm-Message-State: AOJu0YwecuJgedfqqkRqT6NaLhRtmtB1agifGNad9IiiPOrMaDvl+Jxo AMSzT2Pe0dv79lKe2zcMA76rvMi6CPWIswQCphluRy5dH1/vIJkO6CmuGkFmuRwL+RHrJ1gc70d bICfE X-Gm-Gg: ASbGncsQxbDVugDwPXS07nhtIvHo3dWmwbq72XHiVm1/zvX8sqP0hG6NLtqJ/Bnv5ex gYjVbDZ44mfyePeCHv77EilfpRTrFdjHot8g8E9tUaopPmoIB3iTM6hqKRG40FVEA+wg12C38Yc kXU81WaI+tswdAkeGQjgFmA0z28fXw6a0YOxn53P+vTgePoTKjXKOTDPH1mTb33fQ8npJUNGpeI 4lGB6w9/1bHKE5wZuUC+PQmtCQfCg3rofFKWGtW0H/fsOvMx2nGcdCBcBibEAM2+PXaVdlx75ih Ys+EmO8wWlKmFLzLZP3m6O1oRSrvTkRanMw5T6urlkgxxqehkxIlgHscdak5rGpR77O55i4h2Z7 eOcENd+NM34gUUQ== X-Google-Smtp-Source: AGHT+IEtOrYSRSLoGrru8T3LGIyoY5yuNGbsr65L9Oe4KYRmYd6QjCaQ1iKi/enqdjLyGclGuPh3zA== X-Received: by 2002:a05:6a00:2288:b0:736:6043:69f9 with SMTP id d2e1a72fcca58-76e8dd85f6fmr500611b3a.19.1755634086841; Tue, 19 Aug 2025 13:08:06 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:06 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/10] xz: ignore CVE-2024-47611 Date: Tue, 19 Aug 2025 13:07:46 -0700 Message-ID: <04ce4704e603cd66f30ffc001541c6497d84050e.1755633925.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222130 From: Daniel Turull According to the NVD entry, it is only applicable when built for native Windows (MinGW-w64 or MSVC). Signed-off-by: Daniel Turull Signed-off-by: Steve Sakoman --- meta/recipes-extended/xz/xz_5.4.7.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-extended/xz/xz_5.4.7.bb b/meta/recipes-extended/xz/xz_5.4.7.bb index 563643d4d9..30a4c8e88c 100644 --- a/meta/recipes-extended/xz/xz_5.4.7.bb +++ b/meta/recipes-extended/xz/xz_5.4.7.bb @@ -35,6 +35,8 @@ SRC_URI[sha256sum] = "8db6664c48ca07908b92baedcfe7f3ba23f49ef2476864518ab5db6723 UPSTREAM_CHECK_REGEX = "releases/tag/v(?P\d+(\.\d+)+)" UPSTREAM_CHECK_URI = "https://github.com/tukaani-project/xz/releases/" +CVE_STATUS[CVE-2024-47611] = "not-applicable-platform: Issue only applies on Windows" + CACHED_CONFIGUREVARS += "gl_cv_posix_shell=/bin/sh" inherit autotools gettext ptest From patchwork Tue Aug 19 20:07:47 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68806 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42F8ECA0EFB for ; Tue, 19 Aug 2025 20:08:15 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web10.3354.1755634089291997053 for ; Tue, 19 Aug 2025 13:08:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=kZXA3hEp; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-76e2e6038cfso6829846b3a.0 for ; Tue, 19 Aug 2025 13:08:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634088; x=1756238888; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DDXK0fLJTvs+qOOsQDixN/zkvD/NuCj0HOODMZBoQJ8=; b=kZXA3hEpwUTcqXnMIHgTG6cmJG2bfs82N0zwedqpUTYzPB8NSoQ5E9Fd7HqUEGRmtm WrzINnsrR0tgKMXmZOADvMWELtZq+4QXDJdFelvo9hP+AawPktGQW7RF/NTf+eVeeRJD URMqLB/5/oRjOcmE94+BtA37sSfnD5iwXNB8ZEW5lfwXT2Oq1ZsbxjFL/ilEjOexpEqK NQRHhdC57WBDHjlzYW26JiwxP+Kz+1bRXk5CDi04TUm5oJFi4RWdNwdc7YYtjNhJ1zYz 89To7wO1DFszKnKSZFnD3tzbJX4cBlJucf3Lpl4YpdzYnwEkKaFNrvcNwjeZQ9xdyGx4 y8jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634088; x=1756238888; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DDXK0fLJTvs+qOOsQDixN/zkvD/NuCj0HOODMZBoQJ8=; b=BAsnZNxa4jVtCPPXioc130ZNVxLeouwWsLUg9gddb1zziWRu7HgmsHKU5LiUW3N/1O q3korv9fM3FnETW1YWvpxVbeuGEIz2JlqNK/oiqyyg3/kM3xYuDdrj8nMrGII1lvHbCH rZaEb5FiAPXbdN7isccoDvkAwHkg0tX4h1kLM/yX4NXlAHZwRBTsefRKHg/l6hLawQkW McJeJnAgKjIMtFB5vP0vd+P44QHaDC7E5UgEI0PlWKkzXoISJ1vVpo/2REd6NMeUKnxK OjrDj/QCWLvsbFkyUNUIxfMPTt3EjzY+ECz9DQoK6AdZSwvHVC7oUc3HNRHHM9sfsVna eBJg== X-Gm-Message-State: AOJu0YxrbDEeEOp+KH7Rfo97jS/4envfj9oxTTFzGKrR+Nv7GHOvYoLL RMi7FW4/jGC+XTqyB7VWSbNgCXpH1VGlziIDXTzEM7dP9EZ3KlrsUxN5P8lbX2zGPiUWA+1bCBD iPgks X-Gm-Gg: ASbGnctLdgmCPUyf/fhQ7PZjjR+6HhIfiUGN36V4KOizQnIO9jfedySUdw7Qm//0x6R h65dB8IgS5atPFseubFBRCfvTqA4VsQGsjGUOy8FfeGwVeJByvR1B235M20ZXB/Sr6S4K9Qt4N4 NrXunOoUkopChG5L8Q6+1B2ajC5ZCrQW+YyXOntr6FaYOFEcRYfUQYZTCkeFOrXAvgK7GmfwkDP QbgFsnMvEmwQlzlbn3Qdhd4IClFwHmJFfXJtSTbBPpOkwf+rinxMrcBte/V9/4sMlASQHRDiOwn Fe+GOcWasAtm5iwCmFr+qVv8Z9MqFj0EW4jpVpn/MuD9moyMOtFRZ5/qhIobfBbM6r8Sg31Jrw4 /y7dlkXmPjvM9Ao9h+MMF8mFY X-Google-Smtp-Source: AGHT+IFU43q0SiFwqjWwoWyxV9T559Ar94/UFBbUgXyyYT+fwVVhC/dFHjsoHp6UrF6d4GFg6uJYkw== X-Received: by 2002:a05:6a00:992:b0:76b:e0d7:c3cf with SMTP id d2e1a72fcca58-76e8dc4354dmr642256b3a.4.1755634088332; Tue, 19 Aug 2025 13:08:08 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:07 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/10] glib-2.0: ignore CVE-2025-4056 Date: Tue, 19 Aug 2025 13:07:47 -0700 Message-ID: <5858567a9222d9fff6f0a282cf7c7bda4e19af57.1755633925.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222131 From: Peter Marko NVD report [1] says: A flaw was found in GLib. A denial of service on **Windows platforms** may occur if an application attempts to spawn a program using long command lines. The fix [3] (linked from [2]) also changes only files glib/gspawn-win32-helper.c glib/gspawn-win32.c [1] https://nvd.nist.gov/vuln/detail/CVE-2025-4056 [2] https://gitlab.gnome.org/GNOME/glib/-/issues/3668 [3] https://gitlab.gnome.org/GNOME/glib/-/merge_requests/4570 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb index e1a3b57270..53e0543045 100644 --- a/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb +++ b/meta/recipes-core/glib-2.0/glib-2.0_2.78.6.bb @@ -66,3 +66,5 @@ def find_meson_cross_files(d): python () { find_meson_cross_files(d) } + +CVE_STATUS[CVE-2025-4056] = "not-applicable-platform: Issue only applies on Windows" From patchwork Tue Aug 19 20:07:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68811 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57FA0CA0EFB for ; Tue, 19 Aug 2025 20:08:25 +0000 (UTC) Received: from mail-pf1-f175.google.com (mail-pf1-f175.google.com [209.85.210.175]) by mx.groups.io with SMTP id smtpd.web10.3355.1755634090522690769 for ; Tue, 19 Aug 2025 13:08:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=T7DM/6XJ; spf=softfail (domain: sakoman.com, ip: 209.85.210.175, mailfrom: steve@sakoman.com) Received: by mail-pf1-f175.google.com with SMTP id d2e1a72fcca58-76e2e6038cfso6829865b3a.0 for ; Tue, 19 Aug 2025 13:08:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634090; x=1756238890; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WRwt1anOj95EnmnJlJzuA4807O6a38ZlqkJZLhUNHgI=; b=T7DM/6XJ4hSULzDMWaJ5iHVZSCrq5uxOKVw781iWwSDV9eEByjfcgF/Od/3tqB/5hw LcEsoTr0FKvbq3wHjOLeK94EooBQWJZORmyAOZK8YduJyGb1o5LC4zF4ojt3gO4lEiXb bWrznar3i9J/AHH+T7UADhijzGvAhY2fN1cWjt8vNKRc/gkKF2t7wG15+aqBiuBNkiz+ clP7TvpBxS6K++JJCJTQfVKKrEdnVFgYYoxLqAwbI08zlIk6RGtoE32oFbeBo/7FYAM2 6NoMsfApjSB5o3lhPksLivdXVCUTLOQDCou5b04Wp8QPB1YTPPwqbgmK3DVHEfo53MxB KmXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634090; x=1756238890; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WRwt1anOj95EnmnJlJzuA4807O6a38ZlqkJZLhUNHgI=; b=niIp/Mr5uraXv/hZ0PLP0AKs/34VrHgdD2XIAdv1RCPEfHU9fqofuJ23kRaE8bTHB+ xtmM/HzYUohpDIZlwp6oqssOarrxHrabRlWNxpGhELBxn3ISD5SPBSbpPxkneC5AhVmh EEpN2NdeV3vV4DVLsdrZs8Zn2At8zS9n3XFkKeKYT6W+/1w/DqcxvviBgebuMeGNj39L SuouQZ1pw6mbmRcmC4ob5Z9XQSmk9v1BUR+JUEgcBPzt7CgoYHPkTW+TlWIPi9dr6u65 +kqxpJfOnKpAzU82hF0lWHOE08kOfDA4nCBaTM11u254MinA0v2kIMkwzYXjjv1H4rnY kdQw== X-Gm-Message-State: AOJu0YwglInhMjlG714Dw03IvHlXdB8ohzjihKXW5/CI+gG+WlnL5zoh 3w5T+600jvs6TfebnKs3fTb8tjdSZh8v4kPOI1j+fL/YPZNhKG2SPK0+jOt7/vdRMYqkTAdWr3+ JVSg4 X-Gm-Gg: ASbGncv4nMXI1v1kAd5JWIkheh47WzVpjFXQjmaUi0izaXpJihuVj6RmYrTmeQvPtt7 jLPE7XZhMKPQ2kAnT22SiasapMDhdl7Kwxr/z+wjhiWD6yyc7rnGLKRbI3pm0uOpDfcqJOlm2VL q+jbJ5rKP/avhDAbS6sG8up3SOufBt13QYfnl878y0Dm5yJELsdsPp795Eh+skwIGCE34y/vTkZ BcKU/S4OJemdMHVYPE5myOIXjSNHdbtEAbNAXTR1fi0vSXmyXVpqRgW/lj32IVr78yaAV4ChQAP 8wI96vKGjacjKWztdwEheUsu/9LiSiet/kpFQ7OFTmm70UOlFs4DU0D66EmJ55nbjw5pHgvZ0uB cZlBhNpqDGlfNbQ== X-Google-Smtp-Source: AGHT+IEj9GtidmFC+x1eLT6U5lQ1DArkapfwB7iYX6ueBKGjLo5H0Dt3tQboQEw4YZVzxcOEBfdOJQ== X-Received: by 2002:a05:6a20:6a04:b0:231:a5f3:4d0c with SMTP id adf61e73a8af0-2431b816096mr869900637.26.1755634089744; Tue, 19 Aug 2025 13:08:09 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:09 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/10] libxml2: ignore CVE-2025-8732 Date: Tue, 19 Aug 2025 13:07:48 -0700 Message-ID: <348ce728af1cea4f909de5c3597801b5612719e4.1755633925.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222132 From: Daniel Turull The code maintainer disputes the CVE as the issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. The issue triggers a crash if an invalid file is provided. Source: https://gitlab.gnome.org/GNOME/libxml2/-/issues/958" Signed-off-by: Daniel Turull Signed-off-by: Steve Sakoman --- meta/recipes-core/libxml/libxml2_2.12.10.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-core/libxml/libxml2_2.12.10.bb b/meta/recipes-core/libxml/libxml2_2.12.10.bb index 078988286a..a155c3708e 100644 --- a/meta/recipes-core/libxml/libxml2_2.12.10.bb +++ b/meta/recipes-core/libxml/libxml2_2.12.10.bb @@ -32,6 +32,10 @@ SRC_URI[testtar.sha256sum] = "c6b2d42ee50b8b236e711a97d68e6c4b5c8d83e69a2be47223 # Disputed as a security issue, but fixed in d39f780 CVE_STATUS[CVE-2023-45322] = "disputed: issue requires memory allocation to fail" +# Disputed as a security issue, if attempts to process an invalid file, it fails +# https://gitlab.gnome.org/GNOME/libxml2/-/issues/958 +CVE_STATUS[CVE-2025-8732] = "disputed: the code maintainer explains, that the issue can only be triggered with untrusted SGML catalogs and it makes absolutely no sense to use untrusted catalogs. The issue triggers a crash if an invalid file is provided. https://gitlab.gnome.org/GNOME/libxml2/-/issues/958" + BINCONFIG = "${bindir}/xml2-config" PACKAGECONFIG ??= "python \ From patchwork Tue Aug 19 20:07:49 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68803 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42CFCCA0EE6 for ; Tue, 19 Aug 2025 20:08:15 +0000 (UTC) Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by mx.groups.io with SMTP id smtpd.web10.3356.1755634092157162093 for ; Tue, 19 Aug 2025 13:08:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=i6/Xd57b; spf=softfail (domain: sakoman.com, ip: 209.85.210.169, mailfrom: steve@sakoman.com) Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-76e2ea933b7so293945b3a.1 for ; Tue, 19 Aug 2025 13:08:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634091; x=1756238891; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=UYJ2etamn+7y10WEnhuEcIRgovN0e/9EEzsVg4BXyO4=; b=i6/Xd57b2DdILLWQXcSDBEX9lbzYhR5tNuKK6UUZ/FWb/PiC+JS8ls5/swTwu8xqQy qdCllaRGs/ThC1J7vLSOf9oZPb6RG4PfkGajBTEXcB5YPb8327yXR9KG8SezRLMVYbEO gOt1KAAfMkmXN1j97spPL0ccIpYVwvFE+xZzkZczfxF1JHPa30YpbtCzpqiB3ItiCH54 fqWWQ7i6XD/PLyesnOx/2nSzYzfDiCS7HYJjpPRvQNgReDsslxc89tWRShv5eNoInbfC q+U+lPCwkssyiPBzjWPX66RshP4oQQ02GMT/ZmvLwq9bcd1OdqbzLLA2TEBdCsymPRPW wT8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634091; x=1756238891; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=UYJ2etamn+7y10WEnhuEcIRgovN0e/9EEzsVg4BXyO4=; b=j8MyapFQmCVQZhaFdyLTrkHx5o7N0dHO5mnolORL3Cr+vGe50APawRZPfGUyFt6uTh /v02rhwyi9kuR1FH0ZYlIx63MmNGywL5d0s2M2F0R+b4G4MgD49Fws2P1+GEYEDV1Saz Al2UqK08X8kLCF4zo0QSivG+FJVDjj2fahpM3xdq8zopk5GYNDsHCKksNGPXFgI/7HAP w/IJ4y/ztMD94KcRlJB227TJdnJRf8JXWOiKdlRpBjoqdx6nlsE+L+0Xz4o3Vi21y+Rz 0KN58z54q4/otum8haRbhvkeh4jbqA39IAhTnTMd9SR+hrXDLDLemk3l4cPDAeA7C7S2 BK7Q== X-Gm-Message-State: AOJu0YzT+UpuQlZGm7dTKPy6yQwD/NTSgIUNNGxgUi6NrRYWo735MBJ6 4dUuu1Zt/7UZ3CPtlMEy/iLonR1WUdhMvRBntsz0ak0Und31cqKsw1kkVQdZWvMTmuao3V66Gc6 Hb6uH X-Gm-Gg: ASbGncu4SzLXvlAmn7WfV9rXlWgO5X/cHrLmjF+ZIhjOu50mL4zcnxocvkDR3JTI6+C iZvk19vXx7kdtqXKHH2LBmSQn11YcqO6dLQAI7iie5BP0f4voHXmXSN093T8B6esVObSCvtkvI/ seCkv1b/HxyGvL68uUf/5WpM0dknuo9nvjkSJnLBjIhajALjGmM9Fk4mSRMobWgZ1/K0MKzhrPk WLI+HgCJy7jqb7uxrrRZLFWv2fOUBgaVUXX0HOdWX4rStdFFtJ8QH3vTpbb+DkUxox7zHH/th5w 5AJDTzgth6CC1QpJviK3zugS8tvnoLoRFtlIyFwa6G/3uOx7DHyNj+RZoKPZsLFQo5uy7kDP4Kg 3O6844jE2KsWCmQ== X-Google-Smtp-Source: AGHT+IHIRwFGm9kt0wr2AhuT5YR2OSrqferFjhxBj+grTJXiq+ef1qL3jwW2lZkZvc9mw1Yj8yAlNQ== X-Received: by 2002:a05:6a00:81c6:b0:76e:352a:a640 with SMTP id d2e1a72fcca58-76e81432d93mr2976421b3a.6.1755634091394; Tue, 19 Aug 2025 13:08:11 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:10 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/10] e2fsprogs: Fix build failure with gcc 15 Date: Tue, 19 Aug 2025 13:07:49 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222133 From: Khem Raj Backport a needed fix Signed-off-by: Khem Raj Signed-off-by: Richard Purdie Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...-libext2fs-fix-std-c23-build-failure.patch | 42 +++++++++++++++++++ .../e2fsprogs/e2fsprogs_1.47.0.bb | 1 + 2 files changed, 43 insertions(+) create mode 100644 meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-std-c23-build-failure.patch diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-std-c23-build-failure.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-std-c23-build-failure.patch new file mode 100644 index 0000000000..01ab9d5afb --- /dev/null +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-std-c23-build-failure.patch @@ -0,0 +1,42 @@ +From 72dcef02bee9924c4d5b3dc6e7ef4d07becebcc6 Mon Sep 17 00:00:00 2001 +From: Rudi Heitbaum +Date: Fri, 22 Nov 2024 12:36:32 +0000 +Subject: [PATCH] libext2fs: fix -std=c23 build failure + +gcc-15 switched to -std=c23 by default: + + https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=55e3bd376b2214e200fa76d12b67ff259b06c212 + +As a result `e2fsprogs` fails the build so only typedef int bool +for __STDC_VERSION__ <= 201710L (C17) + + ../../../lib/ext2fs/tdb.c:113:13: error: two or more data types in declaration specifiers + ../../../lib/ext2fs/tdb.c:113:1: warning: useless type name in empty declaration + 113 | typedef int bool; + | ^~~~~~~ + +https://github.com/tytso/e2fsprogs/issues/202 + +Upstream-Status: Backport [https://github.com/tytso/e2fsprogs/commit/49fd04d77b3244c6c6990be41142168eef373aef] +Signed-off-by: Rudi Heitbaum +Link: https://lore.kernel.org/r/Z0B60JhdvT9bpSQ6@6f91903e89da +Signed-off-by: Theodore Ts'o +Signed-off-by: Khem Raj +--- + lib/ext2fs/tdb.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/ext2fs/tdb.c b/lib/ext2fs/tdb.c +index b07b2917..98dc95d8 100644 +--- a/lib/ext2fs/tdb.c ++++ b/lib/ext2fs/tdb.c +@@ -110,7 +110,9 @@ static char *rep_strdup(const char *s) + #endif + #endif + ++#if defined __STDC__ && defined __STDC_VERSION__ && __STDC_VERSION__ <= 201710L + typedef int bool; ++#endif + + #include "tdb.h" + diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.47.0.bb b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.47.0.bb index 940b47c155..0288854527 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.47.0.bb +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs_1.47.0.bb @@ -4,6 +4,7 @@ SRC_URI += "file://remove.ldconfig.call.patch \ file://run-ptest \ file://ptest.patch \ file://mkdir_p.patch \ + file://0001-libext2fs-fix-std-c23-build-failure.patch \ " SRC_URI:append:class-native = " \ file://e2fsprogs-fix-missing-check-for-permission-denied.patch \ From patchwork Tue Aug 19 20:07:50 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68807 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4EF77CA0EF7 for ; Tue, 19 Aug 2025 20:08:15 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web11.3390.1755634093682565485 for ; Tue, 19 Aug 2025 13:08:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=UfRrjUHx; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-76e2e89bebaso4236462b3a.1 for ; Tue, 19 Aug 2025 13:08:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634093; x=1756238893; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Wu41jHdngVGrEQ/A3ozZxDsVQu+zcIoXlNIMQlFns+U=; b=UfRrjUHxZO3LwHr2tPWq1TX3SWj42336uxpUEtT54AuXitTwSnj1Wuk2DEV90QLmEL AOqvfR1rS1CyAC0YHCazfFXwmnW/NbE44mMW2wgcb3U6GXyMT63FoaXH+CckDlIfSzP6 jIiuqd+ZIRlCZSRd2aWt+EH4UrlEyJBimsy5D2FJNk7mlojFKxmektZOarkl0cT9txsS lcC5Fo06vDvJqjB9CyCM7qblPtIyEEsI65VjhTSdKwCU/bhwllKIIaVfs9/jMkTsr5tn F9NRoEkxITlOkJ8j1s5zwUYagkGXYrm+lyfTkcotr2IOPhYe8oWdkU/phGU1PkNwonNA ZmbA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634093; x=1756238893; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Wu41jHdngVGrEQ/A3ozZxDsVQu+zcIoXlNIMQlFns+U=; b=u8TU8MzFbhNSLqW9ltV4Cr35OCgbp+1p9pQ/RG+0IsD8a1DY1db0H0GT1Mled04f+O 5a914CLR+07e5jgNwSlgnmmYeGB9HD9i3+dfermsVw3jNGGdLvjVEl3Ozuy9h6YEYcb9 wY4kH1hF920O8K/e21SJqTn+xju/rU10P3eHazEZsif9MGpZSSwy/+Rc/7oAHtcXzkPW efsZTVdknEoGl7NANbN7848cbgyHSAVCNbDsc6bRo6xQ/hBOF1ZFBx5JpTCvSvYFIwRD 64+4ulGQl58/qO/IcEJkfvWjDfLkXpN3u7zXViuMgUNtxYc8t3UVg4UXYmNievUcUGHc KHeQ== X-Gm-Message-State: AOJu0Yw0ooXzRbea7a4+My877XNgIPYnTi1Ss447pFPeDAwclM/IwBLF OlIMQAUOIh9eGIZZ4oXEVrGa/X6XRCklwzxwyt9s1x2D9GmfTvQwKWIG8dKVbZu6ODuR5mkpdUN AuAup X-Gm-Gg: ASbGnctKz5zKK0bE5BpNkm4XWB8NvWdsKPsOaIFlfJjqhLIkDC24LYDkVwqy6u+40va rzjA9C59nHQ26SUgje68Oe7+suDQQYY02WUhgOH+D9Znv7jaQzqgZIkoZSA3VG5EOKdAk7VVm2J vNBCtHVq625Hwlsq1jz83kVsT9JLKJucIeC+ju4qZllvHKasxupO/dFS5QeRaMjKoXy3KFV3XYr sCC/0Scp6igg4m621K4q7iaA/RAg8jvi9vmRbAuZNcN+nyrrJ8aubo5PvvG8DQ615VQSTVDQN/6 S05NrqSyIICSmxtzg+uMIdrf1k0gtP9L+zO6DnpfoKU9N/R1ojLGuOtPwuGuk8kaXAAmwLjPm3C JESWSIC7DNuty2m7vF6whjcvE X-Google-Smtp-Source: AGHT+IHSGaYnb33UdCnG1xkVRzonfsE83miLbNM8DgX5gczu1JM6BlUfJuyFKRMPlX615Nn0mjn0CA== X-Received: by 2002:a05:6a20:72a3:b0:243:78a:82a6 with SMTP id adf61e73a8af0-2431ba7886fmr767578637.60.1755634092860; Tue, 19 Aug 2025 13:08:12 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:12 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/10] parted: Fix build with GCC 15 Date: Tue, 19 Aug 2025 13:07:50 -0700 Message-ID: <67c47f0ed5ba852930e0815691ee7ec06dec1d0e.1755633925.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:15 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222134 From: Khem Raj Signed-off-by: Khem Raj Signed-off-by: Richard Purdie Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- ...CH-parted-fix-do_version-declaration.patch | 40 +++++++++++++++++++ meta/recipes-extended/parted/parted_3.6.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-extended/parted/files/0001-bug-74444-PATCH-parted-fix-do_version-declaration.patch diff --git a/meta/recipes-extended/parted/files/0001-bug-74444-PATCH-parted-fix-do_version-declaration.patch b/meta/recipes-extended/parted/files/0001-bug-74444-PATCH-parted-fix-do_version-declaration.patch new file mode 100644 index 0000000000..a8ea7ec4f7 --- /dev/null +++ b/meta/recipes-extended/parted/files/0001-bug-74444-PATCH-parted-fix-do_version-declaration.patch @@ -0,0 +1,40 @@ +From eb6bb2e8dfc78ca1a187d07ea29b23a805c61794 Mon Sep 17 00:00:00 2001 +From: Rudi Heitbaum +Date: Wed, 20 Nov 2024 12:22:22 +0000 +Subject: [PATCH] bug#74444: [PATCH] parted: fix do_version declaration + +With gcc 15-20241117 compile fails with the below error, update the +do_version declaration to match the header in command.h + +../../parted/parted.c: In function '_init_commands': +../../parted/parted.c:2469:9: error: passing argument 2 of 'command_create' from incompatible pointer type [-Wincompatible-pointer-types] + 2469 | do_version, + | ^~~~~~~~~~ + | | + | int (*)(void) +In file included from ../../parted/parted.c:28: +../../parted/command.h:35:39: note: expected 'int (*)(PedDevice **, PedDisk **)' {aka 'int (*)(struct _PedDevice **, struct _PedDisk **)'} but argument is of type 'int (*)(void)' + 35 | int (*method) (PedDevice** dev, PedDisk** diskp), + | ~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/parted.git/commit/?id=16343bda6ce0d41edf43f8dac368db3bbb63d271] +Signed-off-by: Rudi Heitbaum +Signed-off-by: Brian C. Lane +Signed-off-by: Khem Raj +--- + parted/parted.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/parted/parted.c b/parted/parted.c +index 3abb52f..fc2aeba 100644 +--- a/parted/parted.c ++++ b/parted/parted.c +@@ -2172,7 +2172,7 @@ do_unit (PedDevice** dev, PedDisk** diskp) + } + + static int +-do_version () ++do_version (PedDevice** dev, PedDisk** diskp) + { + printf ("\n%s\n%s", + prog_name, diff --git a/meta/recipes-extended/parted/parted_3.6.bb b/meta/recipes-extended/parted/parted_3.6.bb index a537ef74db..0e79a2e837 100644 --- a/meta/recipes-extended/parted/parted_3.6.bb +++ b/meta/recipes-extended/parted/parted_3.6.bb @@ -10,6 +10,7 @@ SRC_URI = "${GNU_MIRROR}/parted/parted-${PV}.tar.xz \ file://fix-doc-mandir.patch \ file://0001-fs-Add-libuuid-to-linker-flags-for-libparted-fs-resi.patch \ file://autoconf-2.73.patch \ + file://0001-bug-74444-PATCH-parted-fix-do_version-declaration.patch \ file://run-ptest \ " From patchwork Tue Aug 19 20:07:51 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68809 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4AFCFCA0EE6 for ; Tue, 19 Aug 2025 20:08:25 +0000 (UTC) Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com [209.85.210.174]) by mx.groups.io with SMTP id smtpd.web11.3392.1755634095190538160 for ; Tue, 19 Aug 2025 13:08:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=itbC/Ctk; spf=softfail (domain: sakoman.com, ip: 209.85.210.174, mailfrom: steve@sakoman.com) Received: by mail-pf1-f174.google.com with SMTP id d2e1a72fcca58-76e6cbb991aso2089855b3a.1 for ; Tue, 19 Aug 2025 13:08:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634094; x=1756238894; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=q/M7WBgJLtQHaH71am0m0zHGTMoQC5u3TVtJBlXrOSE=; b=itbC/CtkpIJl4GZOhjlDyZedtUtxOGA0lyOHT1LVT1Nx/zjbQW6FWBDWkNP/mCdx0x hCuyRFRe2IMV+Cfmn/lWxoy8jPDgOj0vO6PGrbq59PzZZA+4ENeafTyaoOEB/hi+o/YY 31XyQht9Fj1eJ+B3WuKXxq4qC70iJ/hSOhwFDV4+bMWaYeiHxudS3885Jbb9hzCJETZR BW3ntzHS+auzMZhgSBPLBLV8FbIxYd5rY80PH9PnX4GyTQ0xYx+DI3Rjkyc0X/530gUy BZ2eTF/URON6b1Mw+yHgUwU42yMmxO/8ibDRVX1GIoq+JTBazjbAAlwjpEcVlFivS/6O qnnw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634094; x=1756238894; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=q/M7WBgJLtQHaH71am0m0zHGTMoQC5u3TVtJBlXrOSE=; b=vqYCTiJCJTwxMyvF/i5I5zjaqi6TbA+AIs5n46mmuDTUN2atRw/Pz7LK3amBbVFXxU DSOPNQcMkKohxsJzOM2Pv30nbaUuQ6v6FcuOnHUxOv2MeprxsGzSrtMt0WJ7e4xn9dOd f/jxnYDJd5FX3D9Pr20dTr8kgXwPCiarVfxvW9x8aB/mJraCf57Xx2QkkhvPd+66zdCi ZWXayUN5Yd2sXoOomMnl8ju4kgMq8LIPYI/y6Zeym/CWkiVbQAHojRUHVCwiaf41iI8l 3p9A16XBPsnuBbN0+4gB2cwg4e1GdbQoo9qKy937kbqRvyKt+V14oIlzgUOWNJmsbyfg WaCQ== X-Gm-Message-State: AOJu0Yw+5C6ns06WneUFAaLFcOLb5hebs6FCsf/BxzldeAthGel4sPx5 nAK0jzer1rtpSlPqUApMtp1en9lv3lULX3QUx72H3WQ53Mb8TZDmm4Cn32XJDkDPW7/saR0ew18 HQynO X-Gm-Gg: ASbGncvdv6omPH/H4fAwvzQPOyukv8AgMd00cte7VfglMmnYSK2G0egheqpkHQbaGRc 2vmqLxB3xl1lNLIFH6qIyhGaTmw1QQjxepMfocCYmrUFMviuxvAzwXlG2wiJg3l4Aptg7ka03tD +Wu1ng/RPZFpUlqlsTVs9DN0rEHeyh7MtytIxHTD62u+xULElT8AYpGK+YNwDghAs/kGD5RjhJo e1u5AAdcZ4MfV6Jp3lUUAXBkOJhVKie1qRYopXQ/40SfUXsg07Y9Gb+SlzjQt+SkBGAYZvp1P3l BvJB7AC7tvGGkIppMy3vC3c+UNRxXUQbPj6lyBBysuNzWUxqODSmnY13mFYLvjo09UpKIUwu7RK iVsalXvGmaooSmQ== X-Google-Smtp-Source: AGHT+IEKSZqMrEiw/OJ/AqCe9pYFwXcbTfZ/JYUMMJG9dis+AAJ0EyKG1OlCaaNTcaa+ZcNkEbXFOg== X-Received: by 2002:a05:6a00:464f:b0:748:e9e4:d970 with SMTP id d2e1a72fcca58-76e8db9d13cmr580105b3a.1.1755634094374; Tue, 19 Aug 2025 13:08:14 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:13 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/10] cairo: fix build with gcc-15 on host Date: Tue, 19 Aug 2025 13:07:51 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222135 From: Martin Jansa * backports from 1.18.2 used since: https://git.openembedded.org/openembedded-core/commit/?id=070d79c8adec7e0a8862019cf61910a59b18613a * fixes build on hosts with gcc-15 (e.g. ubuntu-25.10) ../cairo-1.18.0/test/pdiff/pdiff.h:22:13: error: ‘bool’ cannot be defined via ‘typedef’ 22 | typedef int bool; | ^~~~ ../cairo-1.18.0/test/pdiff/pdiff.h:22:13: note: ‘bool’ is a keyword with ‘-std=c23’ onwards ../cairo-1.18.0/test/pdiff/pdiff.h:22:1: warning: useless type name in empty declaration 22 | typedef int bool; | ^~~~~~~ Signed-off-by: Martin Jansa Signed-off-by: Steve Sakoman --- .../cairo/cairo/0001-Require-C11.patch | 25 +++++++++++++++++++ .../cairo/cairo/0002-Meson-Require-C-11.patch | 22 ++++++++++++++++ meta/recipes-graphics/cairo/cairo_1.18.0.bb | 2 ++ 3 files changed, 49 insertions(+) create mode 100644 meta/recipes-graphics/cairo/cairo/0001-Require-C11.patch create mode 100644 meta/recipes-graphics/cairo/cairo/0002-Meson-Require-C-11.patch diff --git a/meta/recipes-graphics/cairo/cairo/0001-Require-C11.patch b/meta/recipes-graphics/cairo/cairo/0001-Require-C11.patch new file mode 100644 index 0000000000..a2e888e46b --- /dev/null +++ b/meta/recipes-graphics/cairo/cairo/0001-Require-C11.patch @@ -0,0 +1,25 @@ +From de2452228814e804b103dfa7c2d37b3a216c6155 Mon Sep 17 00:00:00 2001 +From: Adrian Johnson +Date: Sun, 28 Apr 2024 21:31:41 +0930 +Subject: [PATCH] Require C11 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/cairo/cairo/-/commit/b60f47dfd5bbe98aec43f6c356ba3be9a1b7989e] +--- + meson.build | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/meson.build b/meson.build +index 9100152..f8432fd 100644 +--- a/meson.build ++++ b/meson.build +@@ -1,7 +1,8 @@ + project('cairo', 'c', 'cpp', +- meson_version: '>= 0.59.0', ++ meson_version: '>= 1.3.0', + version: run_command(find_program('version.py'), check: true).stdout().strip(), +- default_options: ['warning_level=2'], ++ default_options: ['c_std=gnu11,c11', ++ 'warning_level=2'], + ) + + freetype_required_version = '>= 9.7.3' diff --git a/meta/recipes-graphics/cairo/cairo/0002-Meson-Require-C-11.patch b/meta/recipes-graphics/cairo/cairo/0002-Meson-Require-C-11.patch new file mode 100644 index 0000000000..b395fbbc8b --- /dev/null +++ b/meta/recipes-graphics/cairo/cairo/0002-Meson-Require-C-11.patch @@ -0,0 +1,22 @@ +From d9cc95b94b2bb1e67f2095cda484d4a8a63aba10 Mon Sep 17 00:00:00 2001 +From: Luca Bacci +Date: Thu, 16 Jan 2025 16:48:12 +0100 +Subject: [PATCH] Meson: Require C++11 + +Upstream-Status: Backport [https://gitlab.freedesktop.org/cairo/cairo/-/commit/dfd06ab3884d79de3b5bac782d1e8b2a0bd791ab] +--- + meson.build | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/meson.build b/meson.build +index f8432fd..85434d2 100644 +--- a/meson.build ++++ b/meson.build +@@ -2,6 +2,7 @@ project('cairo', 'c', 'cpp', + meson_version: '>= 1.3.0', + version: run_command(find_program('version.py'), check: true).stdout().strip(), + default_options: ['c_std=gnu11,c11', ++ 'cpp_std=gnu++11,c++11', + 'warning_level=2'], + ) + diff --git a/meta/recipes-graphics/cairo/cairo_1.18.0.bb b/meta/recipes-graphics/cairo/cairo_1.18.0.bb index 4c97e973d0..f1a87ccb3f 100644 --- a/meta/recipes-graphics/cairo/cairo_1.18.0.bb +++ b/meta/recipes-graphics/cairo/cairo_1.18.0.bb @@ -30,6 +30,8 @@ DEPENDS = "fontconfig freetype glib-2.0 libpng pixman zlib" SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \ file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \ + file://0001-Require-C11.patch \ + file://0002-Meson-Require-C-11.patch \ " SRC_URI[sha256sum] = "243a0736b978a33dee29f9cca7521733b78a65b5418206fef7bd1c3d4cf10b64" From patchwork Tue Aug 19 20:07:52 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68808 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4B016CA0EF5 for ; Tue, 19 Aug 2025 20:08:25 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web10.3361.1755634096723025319 for ; Tue, 19 Aug 2025 13:08:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pDzg8q7j; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-76e2eb9ae80so4573078b3a.3 for ; Tue, 19 Aug 2025 13:08:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634096; x=1756238896; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=rScRuODhysXonsofZVeKgL0phQzzdZFgTtWdbiYBgfI=; b=pDzg8q7jHdMCxkcMWuNOcT2fod6GqqARMwiAeTJgEEtsCK7ACKQ14P0AbTvVi0103V 0osFH2SH4h3CT+ihelxil1l5eWgizcMY7G+tLYKFvBBqOBckQpPZdPY1BQPDvUrMPyU8 lrVcjxcUU5khi61Vwn+NJQYkMK56EMwB1cCMbCtV7MOd++YQvkwlz+XUN+Mq5OefX76O 5e/9jXGvlczp/k0XM+M9e9kkg6L1htm7YRdTx6sdmpv4YMr4k1xU8D6iNMtQapwwCS0x 0C9AamIWBSm8wAV5+a1Tme1ZmSspvvNUBjh9akOw4Bi6A0b9IW8IzpK/UCtsSazBOpU3 Juvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634096; x=1756238896; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rScRuODhysXonsofZVeKgL0phQzzdZFgTtWdbiYBgfI=; b=TcurjNI/1wucsx1AjueojDTVlZA8JM5XpaNTXB0ixX0i2d6EM2eslC7TO/gqpEZMr4 M9Dw8x6WSbEiWmiWY7XOcbQfAPH5SSu/uvrO7gTbolUUOVBECpxqD31kGdo/g5hFsJje Y6XD0M9NtGOLC2veMGlVN63Ibd/AZ/8+rqSwRWydqwHeila9OSWo0fpVWzSxGu3JlG9e q5wk6wtYCnDy0fJ0+FCZPAs8PWHPDDSITitHyrjrgct3Haj9IcIRSiZrYzHFYm21Cq/b m8iFxF4ERkCagjC8r+uTN5jgMTcKawwd9adoej/kJxGhZBlY8Arqei/PMSslO0pJue7N wh/Q== X-Gm-Message-State: AOJu0Ywvhd3jhaO4CKHl3QupYw7P4gNMgDULDV0lLl6IDZLnIYx3YRe+ kCKN0zxPn6sGIHxQvsj9mk2if63Xi+ocsaCq26s9My6LjXDaiWv3NoYLFw2b7jba8EW4ck7UQop tpyDy X-Gm-Gg: ASbGnctzxhqFTafLC9rbQ4Zeycq/e6tRo63Px4PiwW8R3ZBxarddORgv+yUn76+1eBk NNQQrFK8ccDpLEasyNa7ivAkdqrzMAstHbAKyonAhFpZjwJM85VEOcVwRmp+GNhDJvoAUYjgxOX xc2uIasaWFO1tScoI5T9sffBpFeuvBbw83PdTKPZOmCSrYX+vicW87+f+uq805T81SgdAn52yf0 L3Adn6L9GgT8SxNpTmy+DFVWK6kAvVxrHoZLPdV3/kiIokn13o9zch+J4ZYATz5z8ag1Vln+Ne4 9fmI+LMtEpBE1l1FCR+l0H+7jme3UZvyS3ML8c3kKnD1ejaexO5o4p7xiAlVCV+DXV//6Yrwyve RvH6Vstyi1ncEPQP9T79phT77 X-Google-Smtp-Source: AGHT+IEvlPuqx+qwQ8TWbRiRVZkCVawn0ZYsFquD7JYmmFc/i59aOwk0y4Qsn78MC8bwz7HTptHTbg== X-Received: by 2002:a05:6a00:2185:b0:76b:fd26:162f with SMTP id d2e1a72fcca58-76e8dd44897mr501637b3a.20.1755634095948; Tue, 19 Aug 2025 13:08:15 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:15 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/10] bash: Stick to C17 std Date: Tue, 19 Aug 2025 13:07:52 -0700 Message-ID: <5f966ed3680c32fd7331bc417858ea48f50b24ee.1755633925.git.steve@sakoman.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222136 From: Khem Raj GCC 15 defaults to C23 and bash is not yet ready for that so keep using C17 like GCC 14 for now Signed-off-by: Khem Raj Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-extended/bash/bash_5.2.21.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-extended/bash/bash_5.2.21.bb b/meta/recipes-extended/bash/bash_5.2.21.bb index ccfe5c47a7..42ab02c440 100644 --- a/meta/recipes-extended/bash/bash_5.2.21.bb +++ b/meta/recipes-extended/bash/bash_5.2.21.bb @@ -22,4 +22,6 @@ SRC_URI[tarball.sha256sum] = "c8e31bdc59b69aaffc5b36509905ba3e5cbb12747091d27b4b DEBUG_OPTIMIZATION:append:armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" DEBUG_OPTIMIZATION:append:armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" +CFLAGS += "-std=gnu17" + BBCLASSEXTEND = "nativesdk" From patchwork Tue Aug 19 20:07:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 68810 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57F65CA0EEB for ; Tue, 19 Aug 2025 20:08:25 +0000 (UTC) Received: from mail-pf1-f171.google.com (mail-pf1-f171.google.com [209.85.210.171]) by mx.groups.io with SMTP id smtpd.web10.3362.1755634098176821585 for ; Tue, 19 Aug 2025 13:08:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=zHLs3RTA; spf=softfail (domain: sakoman.com, ip: 209.85.210.171, mailfrom: steve@sakoman.com) Received: by mail-pf1-f171.google.com with SMTP id d2e1a72fcca58-76e4fc419a9so3401564b3a.0 for ; Tue, 19 Aug 2025 13:08:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1755634097; x=1756238897; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=otpgGpB7BHyr64GSZSIs9SvxKe/BXauIg9Glpc2qHMY=; b=zHLs3RTANGosZ9uTeAbYyBU+YqEvPHuWeobbLoOb5Mk8HgkcrE4w7fq0/ZCOR6DUOd sDPMsoJzSJsrWJoyxGHIs9V2o/RZdxrzuXwuUfWzCHRHJ1NG3YbGwF9cxPXREbJllaVw IKxaZpcp/O+I2ArwwzStGZmc97uudLf9TkJQ9WBEWoUk2etL2ucvHjzLKGGem87RIv4I Ds1Vz8OAbPWfeWntrA/kzNtymsDdn1uU+P6I6SfAIAQ/EGrID/o+7Inl5RtWNJxScwD7 zGWscxKVYO0Pt57ITnkzO7LPCyextUMh5FklrUJ9sKigccM3C3wn+LcpI697v9YlQ4Jt 99xw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755634097; x=1756238897; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=otpgGpB7BHyr64GSZSIs9SvxKe/BXauIg9Glpc2qHMY=; b=cVoKA7jKFewZUibTwS+1L84o8JVTXGI23r+qM8Il4vGijoqU+OmeiGBeU/qOZuLEww AJ9q0ZVjooBtfSKLQn989OXtdXA8jP5JCdDMkw58Zj21J609pRL5jPqv340+xhCBofDl k48ed5ZxVXqP9uDnGDpf0lNu/MNsFtx9Jqu2TDI5WGVvUzzKP6VmdtE53P+tUnAxPLJH lGvNCn6Ejy8T6COde9mhS49ZT6SHJIV2LfUOVHL2R8ZOBczUpVmPj3/9SUQDBZZmXs6H I/my9v+spW+C9ilXredYqh5lJEQAZEOh7Q9mtYaNIPnTqtg7Mo08aheKuYfLEhrT2Qy+ gUbA== X-Gm-Message-State: AOJu0Yy6Co2hb3DxLWl3i4l8ny4wFS7JD8bL7ZlnVG8UmVZp6sao5Crf DjbOhzdE5KBxear7quHAZVDiKeaRU3QY0UJFQBHgEYz4jb296Hu/8+YZ8+TpCMEwKsLMUs+0vvI rl7pF X-Gm-Gg: ASbGncuJkt5JkdVkZaG4CXfpOpg4xb7dUmp3Rk96XrZjCmrPt9p2VP8Pa1FjjX6TEU3 9thekU7SwPqfTiGTdg6ovQvTa9hojjKEvz/RTdvR7fdn9yU6O7NVw5WjgkTMi1hE5LA1WE5JHS2 FM6S2Ksprobg2QXqhO021/K4Rz0KA4VhbGyvR1mmiN4gKZgZ2GrL7ODNTEKlGPxZ/dSPzOP05BE eBwaBqs/YpdfHTto/5S5eLBE14oI5z8o4+3cD48/J1CNuHvSOMdYeMRzDU+PiwL9IT/fazqOk41 pFGz8DkHMeAQfSV1NQQcLyYw2sBK/6E3m6nnFEzVLENAGEwSbnzCpw0mRu9FMnTGiPvo5Dvf+jW iG1USF8i8K8HOFw== X-Google-Smtp-Source: AGHT+IFzyS4bmTEclZipDVKUTOuP5Mcd0QcYdAoaYDxVpgWlOBnK9c4tk/DfXcx8ZpxiWMJPQ5hKPQ== X-Received: by 2002:a05:6a00:1acf:b0:76b:f3da:f91f with SMTP id d2e1a72fcca58-76e8ddc22e2mr605277b3a.16.1755634097432; Tue, 19 Aug 2025 13:08:17 -0700 (PDT) Received: from hexa.. ([2602:feb4:3b:2100:f07e:6fcf:4f52:4db2]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-76e7d10fdd6sm3348855b3a.29.2025.08.19.13.08.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Aug 2025 13:08:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/10] bash: use -std=gnu17 also for native CFLAGS Date: Tue, 19 Aug 2025 13:07:53 -0700 Message-ID: X-Mailer: git-send-email 2.43.0 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 19 Aug 2025 20:08:25 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/222137 From: Martin Jansa * fixes builds on host with gcc-15: http://errors.yoctoproject.org/Errors/Details/853016/ ../../bash-5.2.37/builtins/mkbuiltins.c:268:29: error: too many arguments to function ‘xmalloc’; expected 0, have 1 268 | error_directory = xmalloc (2 + strlen (argv[arg_index])); | ^~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Martin Jansa Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/recipes-extended/bash/bash_5.2.21.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-extended/bash/bash_5.2.21.bb b/meta/recipes-extended/bash/bash_5.2.21.bb index 42ab02c440..7652e7d87a 100644 --- a/meta/recipes-extended/bash/bash_5.2.21.bb +++ b/meta/recipes-extended/bash/bash_5.2.21.bb @@ -23,5 +23,8 @@ DEBUG_OPTIMIZATION:append:armv4 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb DEBUG_OPTIMIZATION:append:armv5 = " ${@bb.utils.contains('TUNE_CCARGS', '-mthumb', '-fomit-frame-pointer', '', d)}" CFLAGS += "-std=gnu17" +# mkbuiltins.c is built with native toolchain and needs gnu17 as well: +# http://errors.yoctoproject.org/Errors/Details/853016/ +BUILD_CFLAGS += "-std=gnu17" BBCLASSEXTEND = "nativesdk"