Our python3-protobuf is installed in standard site-packages location,
there's no need for an extra .pth file. So this .pth is useless.
What's worse, this .pth file is problematic for python 3.12 ptest. It will
cause the following test case to hang forever:
test.test__xxsubinterpreters.CreateTests.test_in_thread
I've filed an issue[1] for cpython. Until the problem is resolved there,
we should avoid packaging this .pth file.
In fact, Debian also removes this file in the rules file, though their reason
for removal is likely that the file is useless.
rules: find $(CURDIR)/debian/python3-protobuf -name 'protobuf-*-nspkg.pth' -delete
Some more information below, just for better tracking:
1. That .pth file is way too complicated according to .pth design[2].
2. The subinterpreter is not offically part of python, at least for 3.12. The PEP[3][4]
has not been accepted. The test__xxsubinterpreter is a preparation for it.
[1] https://github.com/python/cpython/issues/122220
[2] https://docs.python.org/3/library/site.html
[3] https://peps.python.org/pep-0554/
[4] https://peps.python.org/pep-0554/
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This change adds a simple format for the skip results.
The format selected is the automake "simple test" format:
"result: testname"
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ${libdir}/systemd doesn't work on multilib builds, where libdir might be something
else than ${nonarch_base_libdir}
fixes:
ERROR: QA Issue: lib32-bolt: Files/directories were installed but not shipped in any package:
/usr/lib/systemd
/usr/lib/systemd/system
/usr/lib/systemd/system/bolt.service
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit addresses the shebang size issue encountered in the
do_populate_sysroot task of the rrdtool-native recipe. The issue
was caused by the shebang line in the cgi-demo.cgi file exceeding
the maximum allowed length of 128 characters.
The following error was observed:
ERROR: rrdtool-native-1.8.0-r0 do_populate_sysroot: QA Issue: : /work/x86_64-linux/rrdtool-native/1.8.0/sysroot-destdir/work/x86_64-linux/rrdtool-native/1.8.0/recipe-sysroot-native/usr/share/rrdtool/examples/cgi-demo.cgi maximum shebang size exceeded, the maximum size is 128. [shebang-size]
ERROR: rrdtool-native-1.8.0-r0 do_populate_sysroot: do_populate_sysroot for this recipe installed files with QA issues
The solution implemented involves modifying the shebang line in the
cgi-demo.cgi file to use '/usr/bin/env rrdcgi', ensuring it adheres
to the length limit.
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 05c17b63fe)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a header only package. It may be useful to the native machine
but it is definitely useful for the nativesdk machine.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The following vulnerabilities have been fixed:
wnpa-sec-2024-07 MONGO and ZigBee TLV dissector infinite loops. Issue 19726. CVE-2024-4854.
wnpa-sec-2024-08 The editcap command line utility could crash when chopping bytes from the beginning of a packet. Issue 19724. CVE-2024-4853.
wnpa-sec-2024-09 The editcap command line utility could crash when injecting secrets while writing multiple files. Issue 19782. CVE-2024-4855.
Release Notes: https://www.wireshark.org/docs/relnotes/wireshark-4.2.5.html
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The assert_lib from perl package will execute the generated binary.
This is not suitable for cross compilation environment such as OE.
In OE, if the libs are not available, the following do_compile task
will just fail.
So we should avoid invoking assert_lib at do_configure stage to avoid
error message like below in log.do_configure:
/usr/lib64/ld-linux-aarch64.so.1: No such file or directory
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Flatbuffers contains a library and a schema compiler. The package
contains cmake files to discover the libraries and the compiler tool.
Currently, all of these cmake files are installed into the target
sysroot. However, the compiler utility isn't installed into the sysroot
(as it is not runnable on the build machine).
When an application that depends on flatbuffers gets built, it uses
flatbuffers' exported cmake targets to configure the project. One of the
exported targets is FlatcTarget.cmake which expects to see flatc binary
in /usr/bin of the sysroot. Since binaries for target don't end up in
target sysroot, cmake configuration fails.
This patch addresses this problem of flatbuffers' build infrastructure
in cross-compiling environments. By removing FlatcTarget.cmake for
target builds from the sysroot we essentially skip this step of
flatbuffers' configuration.
Signed-off-by: Ivan Stepic <Ivan.Stepic@bmw.de>
Signed-off-by: Bhabu Bindu <bindudaniel1996@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit b97dbaac66)
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
CVE's Fixed by upgrade:
CVE-2024-36387 apache2/httpd: DoS by null pointer in websocket over HTTP/2
CVE-2024-38472 apache2/httpd: UNC SSRF on WIndows
CVE-2024-38473 apache2/httpd: Encoding problem in mod_proxy
CVE-2024-38474 apache2/httpd: Substitution encoding issue in mod_rewrite
CVE-2024-38475 apache2/httpd: Improper escaping of output in mod_rewrite
CVE-2024-38476 apache2/httpd: Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect
CVE-2024-38477 apache2/httpd: null pointer dereference in mod_proxy
CVE-2024-39573 apache2/httpd: Potential SSRF in mod_rewrite
Other Changes between 2.4.59 -> 2.4.60
======================================
https://github.com/apache/httpd/blob/2.4.60/CHANGES
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Remove the CXX flag "-O2" for GCC 13 and 14. There's a bug with ARM GCC
that breaks the iteration of "types" in the createMeshShaderMiscTestsEXT
function. This issue is not present for clang or x86_64 GCC 14.
It seems that the array is not initialized before the first iteration.
In testing this can result in a random value being used. This can
manifest in LINES type being processed twice, resulting in the following
error:
FATAL ERROR: Failed to initialize dEQP: Test case with non-unique name
'no_lines' added to group 'misc'.
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Following warning occurs when building with ptests enabled:
WARNING: cjson-1.7.17-r0 do_package_qa: QA Issue: File /usr/lib/cjson/ptest/CTestTestfile.cmake in package cjson-ptest contains reference to TMPDIR
File /usr/lib/cjson/ptest/tests/CTestTestfile.cmake in package cjson-ptest contains reference to TMPDIR
File /usr/lib/cjson/ptest/fuzzing/CTestTestfile.cmake in package cjson-ptest contains reference to TMPDIR [buildpaths]
The cmake files also contain full paths to original CMakeLists.txt file
in _BACKTRACE_TRIPLES property;
These are not needed for successful ptests as we don't install the
CMakeLists.txt files anyway.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fix incompatible pointer type error for daq:
| ../../daq-2.0.7/os-daq-modules/daq_nfq.c: In function 'SetPktHdr':
| ../../daq-2.0.7/os-daq-modules/daq_nfq.c:394:37: error: passing argument 2
of 'nfq_get_payload' from incompatible pointer type [-Wincompatible-pointer-types]
| 394 | int len = nfq_get_payload(nfad, (char**)pkt);
| | ^~~~~~~~~~~
| | |
| | char **
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This change consolidates the output format of the ptest command
into a single common format.
The format selected is the automake "simple test" format:
"result: testname"
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is cleaner way how to package unversioned libraries
which was suggested during review of the last commit.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
It's a bad idea to add dev dependencies to main package.
It's pulling build dependencies including toolchain items.
The dependencies "were needed" because main package contains
packageconfig file.
This can be fixed by correct packaging.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
* after buildpath warnings fix from:
https://git.openembedded.org/meta-openembedded/commit/?id=eeef1fddd9052bed4b1a91565260518eb042fed2
the LibwebsocketsTargets.cmake ends with:
INTERFACE_LINK_LIBRARIES "ssl;crypto;ssl;crypto;/libcap.so;-lpthread"
instead of:
INTERFACE_LINK_LIBRARIES "ssl;crypto;ssl;crypto;/OE/build/.../libwebsockets/4.3.3/lib32-recipe-sysroot/usr/lib/libcap.so;-lpthread"
which causes e.g. mosquitto to fail in do_compile with:
ninja: error: '/libcap.so', needed by 'src/mosquitto', missing and no known rule to make it
* this happens only when libwebsocket is built with libcap enabled
(by libcap in DEPENDS)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
In order to remove absolute paths from the cmake artifacts, paths from
the `$lib` folder should also be stripped off, otherwise internally
linked libraries (e.g. libz) may appear.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Changelog:
===========
* Protect against integer overflow in ComposeQueryEngine
* Protect against integer overflow in ComposeQueryMallocExMm
* Require CMake >=3.5.0
* CMake option URIPARSER_SHARED_LIBS=(ON|OFF) to control, whether to produce a
shared or static library for uriparser and that alone, falls back to standard
BUILD_SHARED_LIBS if available, else defaults to "ON"
* Document that scheme-based normalization a la section 6.2.3 of RFC 3986 is a
responsibility of the application using uriparser
* Document supported code points for functions uriEscape(Ex)W
* Update Clang from 15 to 18
* Adapt to breaking changes in Clang packaging
* Get sanitizer CFLAGS and LDFLAGS back in sync
* Pin GitHub Actions to specific commits for security
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This is a small bugfix release that fixes a build issue with slibtool
(not relevant to meta-oe ATM), makes the licensing of C++ bindings less
restrictive and preemptively fixes an issue that will be triggered with
linux v6.9 when running gpio-tools ptest suite.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libfido2 depends on udev and libcbor which do not exist for native and
nativesdk targets.
Remove native & nativesdk from BBCLASSEXTEND to avoid hitting these in
world/universe builds.
Fixes these warnings (as seen on AB[0]):
WARNING: Nothing PROVIDES 'nativesdk-udev' (but virtual:nativesdk:[...]/libfido2_1.14.0.bb DEPENDS on or otherwise requires it). Close matches:
WARNING: Nothing PROVIDES 'nativesdk-libcbor' (but virtual:nativesdk:[...]/libfido2_1.14.0.bb DEPENDS on or otherwise requires it). Close matches:
WARNING: Nothing PROVIDES 'libcbor-native' (but virtual:native:[...]/libfido2_1.14.0.bb DEPENDS on or otherwise requires it). Close matches:
WARNING: Nothing PROVIDES 'udev-native' (but virtual:native:[...]/libfido2_1.14.0.bb DEPENDS on or otherwise requires it). Close matches:
WARNING: Nothing RPROVIDES 'nativesdk-libfido2-dev' (but virtual:nativesdk:[...]/libfido2_1.14.0.bb RDEPENDS on or otherwise requires it)
WARNING: Nothing RPROVIDES 'nativesdk-libfido2' (but virtual:nativesdk:[...]/libfido2_1.14.0.bb RDEPENDS on or otherwise requires it)
[0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/156/builds/367/steps/12/logs/warnings
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Cc: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a3d194eb3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
An out-of-bounds stack write flaw was found in unixODBC on 64-bit
architectures where the caller has 4 bytes and callee writes 8 bytes.
This issue may go unnoticed on little-endian architectures, while
big-endian architectures can be broken.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-1013
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
The flow module was removed in Twisted 9.0.0 a long time
and currently does not install anything. Let's remove it
to cleanup the recipe.
This commit also removes python3-twisted-news package because
the source files were removed in Twisted 21.2.0. All other
files which no longer exist in the source are also removed from FILES.
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Fixes an issue where split packages were no populated since all the files
were picked up by FILES:${PN}
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
----
v2]
Scarthgap has the same error as master: initialize timespec variable.
pcapplusplus/23.09/git/Packet++/src/RawPacket.cpp:23:18: error: 'nsec_time.timespec::<anonymous>' is used uninitialized [-Werror=uninitialized]
| 23 | timespec nsec_time;
| | ^~~~~~~~~
| cc1plus: all warnings being treated as errors
- remove included patches
- set path for fusermount3 to avoid requirement for fuse3-native. This is needed since:
2cb17b4eb8
Changes in 1.15.8
~~~~~~~~~~~~~~~~~
Security fixes:
* Don't allow an executable name to be misinterpreted as a command-line
option for bwrap(1). This prevents a sandbox escape where a malicious
or compromised app could ask xdg-desktop-portal to generate a .desktop
file with access to files outside the sandbox. (CVE-2024-32462)
Other bug fixes:
* Pass the -export-dynamic linker option as -Wl,-export-dynamic,
fixing build failures with clang 18 and lld 18 (#5760)
* Fix a double-free when installation is cancelled (#5763)
* Fix installed-tests failure with "FUSERMOUNT: unbound variable"
(#5751)
* Translation updates: pt_BR (#5762), tr (#5761)
Changes in 1.15.7
~~~~~~~~~~~~~~~~~
Released: 2024-03-27
Dependencies:
* The Meson build system is now required.
Compiling with Autotools is no longer possible.
* In distributions that compile Flatpak to use a separate bubblewrap (bwrap)
executable, version 0.9.0 is recommended. Several of the bug fixes listed
below will not be active if an older version is used.
* In distributions that compile Flatpak to use a separate xdg-dbus-proxy
executable, version 0.1.5 is recommended.
* If libmalcontent (parental controls) is enabled, it must be version 0.5.0
or later.
New features:
* Automatically remove obsolete driver versions and other autopruned refs
(#5632)
* `--socket=inherit-wayland-socket` (#5614)
* Automatically reload D-Bus session bus configuration after installing
or upgrading apps, to pick up any exported D-Bus services (#3342)
Bug fixes:
* Update included copy of bubblewrap to version 0.9.0:
* `--symlink` is now idempotent, meaning it succeeds if the
symlink already exists and already has the desired target
(#2387, #3477, #5255)
* Report a better error message if `mount(2)` fails with `ENOSPC`
* Fix a double-close on error reading from `--args`, `--seccomp` or
`--add-seccomp-fd` argument
* Improve memory allocation behaviour
* Silence various compiler warnings
* Update included copy of bubblewrap to version 0.1.5:
* Fix handling of long object paths
* Don't parse `<developer><name/></developer>` as the application name
(#5700)
* Don't refuse to start apps when there is no D-Bus system bus available
(#5076)
* Don't try to repeat migration of apps whose data was migrated to a new
name and then deleted (#5668)
* Improve handling of mixed locales on systems with systemd-localed (#5497)
* Improve display of ellipsized columns in wide terminals (#5722)
* Make `flatpak info -e` look for extensions in all installations (#5670)
* Fix warnings from newer GLib versions (#5660, #5737)
* Always set the `container` environment variable (#5610)
* Always let the app inherit redirected file descriptors (#5626)
* In `flatpak ps`, add xdg-desktop-portal-gnome to the list of backends
we'll use to learn which apps are running in the background (#5729)
* Don't use `WAYLAND_SOCKET` unless given `--socket=inherit-wayland-socket`
(#5614)
* Use `fusermount3` if compiled with FUSE 3, overridable with
`-Dsystem_fusermount` compile-time option (#5104)
* Avoid leaking a temporary variable from /etc/profile.d/flatpak.sh into
the shell environment (#5574)
* Improve async-signal safety (#5687)
* Fix various memory leaks (#5683, #5690, #5691)
* Avoid undefined behaviour of signed left-shift when storing object IDs
in a hash table (#5738)
* Detect the correct gtk-doc when cross-compiling (#5650)
* Detect the correct wayland-scanner when cross-compiling (#5596)
* Documentation improvements (#5659, #5677, #5682, #5664, #5719)
* Skip more tests when FUSE isn't available (#5611)
* Translation updates (#5602, #5707)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
