[OE-core] Fedora 34, shadow-native/icedtea7-native, umask problems ?

Hi, I'm using Fedora 34 and OE-Core/Bitbake/layers from git master as of today, with reproducible builds. Sometimes when rebuilding my image I see sudden changes in file permissions (jumping back and forth) in the buildhistory output for two native recipes: shadow-native: (OE-Core) -drwxr-x

[OE-core][PATCH] classes/reproducible_build: Use atomic rename for SDE file

If an existing source date epoch file was found during do_unpack, it was deleted and a new one would be written in its place. This causes a race with check-before-use code in get_source_date_epoch_value. Resolve the problem by making do_unpack write the new source date epoch to a temporary file, th

Re: [OE-core] [RFC PATCH 1/1] image-live.bbclass: order do_bootimg after do_rootfs

Hi Op 26-05-2021 om 20:32 schreef Guillaume Champagne: do_bootimg expects IMGDEPLOYDIR to exist, since it stores its artifacts there. Therefore, do_bootimg should run after do_rootfs because IMGDEPLOYDIR is created before do_rootfs runs since IMGDEPLOYDIR is contained in do_rootfs' [cleandirs] v

Re: [OE-core] [PATCH] Fix corrupted magic number in ipk on populate_sdk task

Where I found the issue it was Krogoth. You're right, this "create_packages_dir" is also fixing the issue. It was really hard to reproduce the error so when creating this patch I just compared the code - it was almost the same, doing the same with the same variables, but in fact in the latest poky

[OE-core] [PATCH 2/4] oeqa: remove Clutter usage

Remove the use of core-image-clutter in selftest and manual Toaster QA. Signed-off-by: Ross Burton --- meta/lib/oeqa/manual/toaster-managed-mode.json | 6 +++--- meta/lib/oeqa/selftest/cases/imagefeatures.py | 12 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/met

[OE-core] [PATCH 3/4] core-image-weston: remove Clutter examples

The Clutter examples are pretty, but Clutter is dead so we should stop using it. Signed-off-by: Ross Burton --- meta/recipes-graphics/images/core-image-weston.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-graphics/images/core-image-weston.bb b/meta/recipes-

[OE-core] [PATCH 1/4] mx: remove from Openembedded Core

MX is obsolete (last release 2012) and isn't used by anything in any known layer. Signed-off-by: Ross Burton --- .../mx/mx-1.0/fix-test-includes.patch | 20 -- meta/recipes-graphics/mx/mx-1.0_1.4.7.bb | 16 --- meta/recipes-graphics/mx/mx.inc | 27 -

[OE-core] [PATCH 4/4] Remove Clutter and Cogl

Clutter and Cogl are not used by anything in oe-core, and in Gnome are legacy components so are only used by a few applications. The recipes have already been moved to meta-gnome so they can now be removed from oe-core. Signed-off-by: Ross Burton --- meta/classes/clutter.bbclass

Re: [OE-core] [PATCH] Fix corrupted magic number in ipk on populate_sdk task

On Tue, 2021-06-01 at 17:21 +0200, Tomasz Dziendzielski wrote: > If any do_package_write_ipk runs parallel with populate_sdk task it can > happen that opkg script arfile.py tries to get magic number of all > packages in DEPLOY_DIR_IPK while some package is being copied there at > the same time. Thi

[OE-core] [PATCH] Fix corrupted magic number in ipk on populate_sdk task

If any do_package_write_ipk runs parallel with populate_sdk task it can happen that opkg script arfile.py tries to get magic number of all packages in DEPLOY_DIR_IPK while some package is being copied there at the same time. This results with: | AssertionError: Old ipk format (non-deb) is unsupport

[OE-core][hardknott][PATCH 2/2] curl: fix CVE-2021-22876

Backport and modify the patch for CVE-2021-22876 from curl 7.76 to make it apply cleanly on 7.75. CVE: CVE-2021-22876 Signed-off-by: Trevor Gamblin --- ...redentials-from-the-auto-referer-hea.patch | 152 ++ meta/recipes-support/curl/curl_7.75.0.bb | 1 + 2 files changed,

[OE-core][hardknott][PATCH 1/2] curl: fix CVE-2021-22890

Backport and modify the patch for CVE-2021-22890 from curl 7.76 to make it apply cleanly on 7.75. CVE: CVE-2021-22890 Signed-off-by: Trevor Gamblin --- ...-argument-to-Curl_ssl_get-addsession.patch | 517 ++ meta/recipes-support/curl/curl_7.75.0.bb | 1 + 2 files changed,

[OE-core] Yocto Project Status WW22`21

Current Dev Position: YP 3.4 M1 Next Deadline: 7th June 2021 YP 3.4 M1 build Next Team Meetings: * Bug Triage meeting Thursday June 3rd at 7:30am PDT ( https://zoom.us/j/454367603?pwd=ZGxoa2ZXL3FkM3Y0bFd5aVpHVVZ6dz09) *

[OE-core][dunfell 25/26] pkgconfig: update SRC_URI

From: Changqing Li The git repo for pkg-config was changed, so update the SRC_URI accordingly with the new link. Signed-off-by: Changqing Li Signed-off-by: Richard Purdie (cherry picked from commit 9fd1b9b8282d68213b187ab42fae27e6a3c95b2e) Signed-off-by: Steve Sakoman --- meta/recipes-devtoo

[OE-core][dunfell 24/26] oeqa/runtime/rpm: Drop log message counting test component

From: Richard Purdie This test is flawed since multiple parts of the system can write to the log and we obtain different numbers of log messages depending on factors we can't control. Drop the log testing component of the test. [YOCTO #12465] Signed-off-by: Richard Purdie (cherry picked from

[OE-core][dunfell 26/26] linux-firmware: upgrade 20210315 -> 20210511

From: Richard Purdie There were additional links and new firmware versions added but these were not under any additional licenses. Signed-off-by: Richard Purdie (cherry picked from commit b0562c526817501a494a3674fed006ba40c8f164) Signed-off-by: Steve Sakoman --- ...{linux-firmware_20210315.bb

[OE-core][dunfell 23/26] image-live.bbclass: order do_bootimg after do_rootfs

From: Guillaume Champagne do_bootimg expects IMGDEPLOYDIR to exist, since it stores its artifacts there. Therefore, do_bootimg should run after do_rootfs because IMGDEPLOYDIR is created before do_rootfs runs since IMGDEPLOYDIR is contained in do_rootfs' [cleandirs] varflag. When do_bootimg depen

[OE-core][dunfell 19/26] kernel-fitimage.bbclass: fix a wrong conditional check

From: Ming Liu It should check if "${UBOOT_SIGN_ENABLE}" equals to "1" instead of checking if "${UBOOT_SIGN_ENABLE}" is not empty since it could be "0". Signed-off-by: Ming Liu Signed-off-by: Richard Purdie (cherry picked from commit 900949af7fe357ee66065ba150b0b1914e8ca581) Signed-off-by: Ste

[OE-core][dunfell 22/26] package_rpm: pass XZ_THREADS to rpm

From: Ross Burton By default RPM uses the number of cores as the number of threads to use, which can result in quite antisocial memory usage. As we control the macros for compression anyway, we can pass XZ_THREADS to limit the number of threads if needed. Signed-off-by: Ross Burton Signed-off-

[OE-core][dunfell 21/26] unfs3: correct configure option

From: Changqing Li On some new distro like ubuntu21.04, unfs3-native compile failed with error: undefined reference to `xdr_uint32', since new distro has new glibc. >From glibc 2.27 rpc support is dropped, so unfs3 need to link to libtirpc. Here is defination of ac_link: ac_link='$CC -o conftes

[OE-core][dunfell 18/26] lib/oe/gpg_sign.py: Fix gpg verification

From: Daniel McGregor A stray space made it into the command for verifying gpg signatures. This caused verification to fail, at least on my host. Removing the space makes it work as expected. Signed-off-by: Daniel McGregor Signed-off-by: Richard Purdie (cherry picked from commit af1d948822cbe6

[OE-core][dunfell 20/26] initramfs-framework:rootfs: fix wrong indentions

From: Ming Liu Signed-off-by: Ming Liu Signed-off-by: Richard Purdie (cherry picked from commit cd4d76f43c6ead9f32dece1faa9c9c5da895d9cd) Signed-off-by: Steve Sakoman --- meta/recipes-core/initrdscripts/initramfs-framework/rootfs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --g

[OE-core][dunfell 17/26] sstate: Ignore sstate signing key

From: Daniel McGregor What key is used to sign sstate artefacts should not affect the hash of the object, otherwise everyone would need to use the same signing key. Signed-off-by: Daniel McGregor Signed-off-by: Richard Purdie (cherry picked from commit 57cc9429dba4f9bd23127633dbc1f57dc2d5dd16)

[OE-core][dunfell 16/26] grub: Exclude CVE-2019-14865 from cve-check

From: Richard Purdie The CVE only applies to RHEL. Signed-off-by: Richard Purdie (cherry picked from commit 8cfc3ebe50facb7e34e778f3e264b26cfae20a04) Signed-off-by: Steve Sakoman --- meta/recipes-bsp/grub/grub2.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-bsp/grub/g

[OE-core][dunfell 15/26] glibc: Add 8GB VM usage cap for usermode test suite

From: Richard Purdie We've noticed that: MACHINE=qemuarm oe-selftest -r glibc.GlibcSelfTest.test_glibc ends up with one process growing to about the size of system memory and triggering the OOM killer. This has been taking out other builds running on the system on the autobuilders and is one ca

[OE-core][dunfell 13/26] libxml2: Reformat runtest.patch

From: Tony Tascioglu Reformatted runtest.patch to allow it to be applied using git am. This makes it easier to apply the series of patches to the original git repo. There are no changes to the code of the patch other than the reformat. Previously, the patch claimed to be a backport, but I have

[OE-core][dunfell 12/26] linux-yocto/5.4: update to v5.4.119

From: Bruce Ashfield Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: b82e5721a173 Linux 5.4.119 6b183fbf18b9 Revert "fdt: Properly handle "no-map" field in the memory region" 66b8853dfa3c Revert "of/fdt: Make sure no-map does not rem

[OE-core][dunfell 14/26] libxml2: Add bash dependency for ptests.

From: Tony Tascioglu Before, running ptests on core-image-minimal would result in an error due to missing /bin/bash: [ -d test ] || ln -s ../libxml2-2.9.10/test . make: /bin/bash: No such file or directory make: *** [Makefile:2105: runtests] Error 127 Changing the Makefile to use /

[OE-core][dunfell 11/26] linux-yocto/5.4: update to v5.4.118

From: Bruce Ashfield Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: 16022114de98 Linux 5.4.118 a992a283c0b7 dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails 569bae00ebbe dm integrity: fix missing goto in

[OE-core][dunfell 10/26] linux-yocto/5.4: update to v5.4.117

From: Bruce Ashfield Updating linux-yocto/5.4 to the latest korg -stable release that comprises the following commits: b5dbcd05792a Linux 5.4.117 0ee3bfc2c31e vfio: Depend on MMU b246759284d6 perf/core: Fix unconditional security_locked_down() call a1e6a0d1e6cf ovl: allow upperdi

[OE-core][dunfell 07/26] cve-extra-exclusions.inc: Clean up merged CPE updates

From: Richard Purdie Signed-off-by: Richard Purdie (cherry picked from commit d2ba6d58e77430cceeca9db61fdb06882a92e1e7) Signed-off-by: Steve Sakoman --- meta/conf/distro/include/cve-extra-exclusions.inc | 15 --- 1 file changed, 15 deletions(-) diff --git a/meta/conf/distro/includ

[OE-core][dunfell 09/26] kernel-yocto: provide debug / summary information for metadata

From: Bruce Ashfield It was mentioned that when developing a BSP, the information about what definition was used, or what fragments have been applied is not obvious and requires looking at the code. With this change, we can trigger a full summary of the meta data gathering phase when KCONF_AUDIT

[OE-core][dunfell 06/26] cve-extra-exclusions: Fix typos

From: Richard Purdie Signed-off-by: Richard Purdie (cherry picked from commit d4d4644e7c127e8b88b180635124e8afc905c69e) Signed-off-by: Steve Sakoman --- meta/conf/distro/include/cve-extra-exclusions.inc | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/meta/conf/distr

[OE-core][dunfell 08/26] busybox: make busybox's syslog.cfg depend on VIRTUAL-RUNTIME_base-utils-syslog

From: Volker Vogelhuber syslog.cfg is added to the list of sources for busybox independent of the VIRTUAL-RUNTIME_base-utils-syslog variable. So even if VIRTUAL-RUNTIME_base-utils-syslog being set e.g. to empty, syslogd will be enabled. So only include syslog.cfg in SRC_URI if VIRTUAL-RUNTIME_bas

[OE-core][dunfell 05/26] cve-extra-exclusions.inc: add exclusion list for intractable CVE's

From: Richard Purdie The preferred methods for CVE resolution are: 1. Version upgrades where possible 2. Patches where not possible 3. Database updates where version info is incorrect 4. Exclusion from checking where it is determined that the CVE does not apply to our environment In some cas

[OE-core][dunfell 01/26] cups: whitelist CVE-2021-25317

From: Ross Burton This CVE relates to bad ownership of /var/log/cups, which we don't have. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 0792312f3637ec160d2ef90781a8cb1f75b84940) Signed-off-by: Steve Sakoman --- meta/recipes-extended/cups/cups.inc | 4 ++

[OE-core][dunfell 04/26] expat: set CVE_PRODUCT

Upstream database uses both "expat" and "libexpat" to report CVEs Signed-off-by: Steve Sakoman Signed-off-by: Richard Purdie (cherry picked from commit 706bdcaec5fd7c59d7877bbefa5ed4ce5b4f3da1) Signed-off-by: Steve Sakoman --- meta/recipes-core/expat/expat_2.2.9.bb | 2 ++ 1 file changed, 2 in

[OE-core][dunfell 03/26] openssh: Add fixes for CVEs reported for openssh

From: Sana Kazi Applied patch for CVE-2020-14145 Link: https://anongit.mindrot.org/openssh.git/patch/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d Also, whitelisted below CVEs: 1.CVE-2020-15778: As per upstream, because of the way scp is based on a historical protocol called rcp which relies on

[OE-core][dunfell 00/26] Patch review

Please review this next set of patches for dunfell and have comments back by end of day Thursday. Passed a-full on autobuilder: https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/2205 The following changes since commit ecd636154e7cfc1349a7cfd8026a85eafa219535: build-appliance-i

[OE-core][dunfell 02/26] tiff: Add fix for CVE-2020-35521 and CVE-2020-35522

From: akash hadke Added fix for CVE-2020-35521 and CVE-2020-35522 Link: https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef.patch Added below support patches for CVE-2020-35521 and CVE-2020-35522 1. 001_support_patch_for_CVE-2020-35521_and_CVE-2020-35522.patch

[OE-core] Reminder: Yocto Project Technical Team Meeting @ Monthly from 8am on the first Tuesday (PDT)

All, Just a reminder we will hold the monthly Yocto Project Technical Meeting at 8am PST tomorrow. (6/1) Yocto Project Technical Team Meeting: We encourage people attending the meeting to logon and announce themselves on the Yocto Project IRC chancel during the meeting (optional): Yocto

[OE-core] [dunfell][PATCH][RESEND] kernel-fitimage: Don't use unit addresses on FIT

From: Klaus Heinrich Kiwi Das U-Boot 2021.4-rc1 has the following commit: commit 3f04db891a353f4b127ed57279279f851c6b4917 Author: Simon Glass Date: Mon Feb 15 17:08:12 2021 -0700 image: Check for unit addresses in FITs Using unit addresses in a FIT is a security

Re: [OE-core] [PATCH v2] kernel-fitimage: Don't use unit addresses on FIT

On 31.05.21 17:59, Steve Sakoman wrote: > On Mon, May 31, 2021 at 4:59 AM Frieder Schrempf > wrote: >> >> Hi Steve, >> >> On 22.02.21 19:38, Klaus Heinrich Kiwi via lists.openembedded.org wrote: >>> Das U-Boot 2021.4-rc1 has the following commit: >>> >>> commit 3f04db891a353f4b127ed57279279f85