Date   

Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 399 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now,  “3.5, “3.6”, "3.99" and "Future", the more pressing/urgent issues being in "3.5" and then “3.6”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


QA notification for completed autobuilder build (yocto-3.1.15.rc1)

Pokybuild User <pokybuild@...>
 

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder and is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


QA notification for completed autobuilder build (yocto-3.1.15.rc1)

Richard Purdie
 

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder and
is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


Re: configuration fragments

Khem Raj
 

On Mon, Mar 14, 2022 at 12:57 PM Monsees, Steven C (US) via
lists.yoctoproject.org
<steven.monsees=baesystems.com@...> wrote:



Under my aarm64 platform ../recipes-core/images I have a file “aiox-swdebugfs.inc”



Which basically contains:



EXTRAPATHS_prepend := "$(THISDIR}/files:"

LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"

SRC_URI += file://aiox-swdebugfs.cfg



I include this in my aiox-swdebugfs.bb like so: “require aiox-swdebugfs.inc”



It does not appear to apply my configuration fragments…

(CONFIG_SCHED_TRACER, CONFIG_TRACER, etc. for additional perf support)

these are some config files for doing what ? from what it looks like,
this inc file is adding a kernel config fragment
if so then it should be appended too kernel recipe so if
aiox-swdebugfs.bb is kernel recipe then you are doing it
right, but then you might have to look into this kernel recipe and
ensure that it has enabled merging configs feature
from kernel. Otherwise these cfgs wont be processed.


I have the exact same implementation working under my intel platform.



Can someone tell me what I might be doing wrong, or how I can get my configuration fragments to be applied properly ?

Any ideas why it might work properly under one architecture and not on the other ?



Thanks,

Steve




configuration fragments

Monsees, Steven C (US)
 

 

Under my aarm64 platform ../recipes-core/images I have a file “aiox-swdebugfs.inc”

 

Which basically contains:

 

EXTRAPATHS_prepend := "$(THISDIR}/files:"

LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"

SRC_URI += file://aiox-swdebugfs.cfg

 

I include this in my aiox-swdebugfs.bb like so: “require aiox-swdebugfs.inc”

 

It does not appear to apply my configuration fragments…

(CONFIG_SCHED_TRACER, CONFIG_TRACER, etc. for additional perf support)

 

I have the exact same implementation working under my intel platform.

 

Can someone tell me what I might be doing wrong, or how I can get my configuration fragments to be applied properly ?

Any ideas why it might work properly under one architecture and not on the other ?

 

Thanks,

Steve


[meta-security][dunfell][PATCH] tpm2-tools: backport fix for CVE-2021-3565

Ralph Siemsen
 

tpm2_import: fix fixed AES key CVE-2021-3565

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@...>
---
Discussion items:

1) Perhaps dunfell should update 4.1.1 -> 4.1.3 ?
There appear to be only two small fixes
https://github.com/tpm2-software/tpm2-tools/blob/4.1.X/CHANGELOG.md
https://github.com/tpm2-software/tpm2-tools/commits/4.1.X
We still need this backport regardless.

2) hardknott and honister are on 5.0
According to CVE configuration data, this version is not affected.
But looking at the branch history suggests otherwise.
The patch applies cleanly on top of 5.0.
Should we backport? Or never mind as these branches are almost EOL?

3) master/kirkstone is on 5.2 which includes the fix already,
no action needed for this one.

...port-fix-fixed-AES-key-CVE-2021-3565.patch | 43 +++++++++++++++++++
.../tpm2-tools/tpm2-tools_4.1.1.bb | 3 ++
2 files changed, 46 insertions(+)
create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
new file mode 100644
index 0000000..4fceb2e
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
@@ -0,0 +1,43 @@
+From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Fri, 21 May 2021 12:22:31 -0500
+Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
+
+tpm2_import used a fixed AES key for the inner wrapper, which means that
+a MITM attack would be able to unwrap the imported key. Even the
+use of an encrypted session will not prevent this. The TPM only
+encrypts the first parameter which is the fixed symmetric key.
+
+To fix this, ensure the key size is 16 bytes or bigger and use
+OpenSSL to generate a secure random AES key.
+
+Fixes: #2738
+
+Signed-off-by: William Roberts <william.c.roberts@...>
+---
+ tools/tpm2_import.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
+index 6404cac..acd8ac8 100644
+--- a/tools/tpm2_import.c
++++ b/tools/tpm2_import.c
+@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
+ TPM2B_DATA enc_sensitive_key = {
+ .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
+ };
+- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
++
++ if(enc_sensitive_key.size < 16) {
++ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
++ return tool_rc_general_error;
++ }
++
++ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
++ if (ossl_rc != 1) {
++ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
++ return tool_rc_general_error;
++ }
+
+ /*
+ * Calculate the object name.
diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
index e90dcfe..f013fa1 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
@@ -6,7 +6,10 @@ SECTION = "tpm"

DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"

+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"

SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"
--
2.25.1


[meta-zephyr][PATCH 1/1] python3-pyelftools: Drop recipe in favour of oe-core

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@...>

All the LAYERSERIES_COMPAT versions provide this recipe in oe-core.
Also, west seems to only depend on 0,26 which is provided even in
dunfell.

Signed-off-by: Andrei Gherzan <andrei.gherzan@...>
---
.../python/python3-pyelftools_0.27.bb | 14 --------------
1 file changed, 14 deletions(-)
delete mode 100644 meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb

diff --git a/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb b/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb
deleted file mode 100644
index 1405fc5..0000000
--- a/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-# SPDX-FileCopyrightText: Huawei Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-SUMMARY = "Python pyelftools"
-HOMEPAGE = "https://pypi.org/project/pyelftools"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5ce2a2b07fca326bc7c146d10105ccfc"
-
-inherit pypi setuptools3
-
-PYPI_PACKAGE = "pyelftools"
-SRC_URI[md5sum] = "061d67c669a9b1f8d07f28c47fb6a65f"
-SRC_URI[sha256sum] = "cde854e662774c5457d688ca41615f6594187ba7067af101232df889a6b7a66b"
-BBCLASSEXTEND = "native nativesdk"
--
2.25.1


Re: [meta-security][PATCH] Subject: [PATCH] Subject: python3-fail2ban: switch to legacy setuptools3

Armin Kuster
 

On 3/9/22 23:58, Ashish Sharma wrote:
raise InvalidWheelFilename(f"{filename} is not a valid wheel filename.")
pip._internal.exceptions.InvalidWheelFilename: fail2ban-*-*.whl is not a valid wheel filename.
Removed build tracker: '/tmp/pip-req-tracker-qnepnk46'

ERROR: Failed to pip install wheel. Check the logs.
Thanks. I took this over the two odd ones I had in master-next.

merged.

-armin



Signed-off-by: Ashish Sharma <asharma@...>
---
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index f6394cc..29a4ad2 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -15,7 +15,7 @@ SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://run-ptest \
"
-inherit update-rc.d ptest setuptools3
+inherit update-rc.d ptest setuptools3_legacy
S = "${WORKDIR}/git"


Re: suricata: enable lua support

Armin Kuster
 

On 3/8/22 11:15, Gary Huband wrote:
The problems is that the configure.ac file is hard coded for lua5.1.  See

https://forum.suricata.io/t/lua-5-4-3-and-suricata-undefined-reference-error/1906/5

I created a patch to change configure.ac to use lua5.3 (I'm using Zeus).
Did you save that patch in the suricata/files dir and then append SRC_URI with "file://{patch name}" ?

But when I "bitbake suricata" I'm getting the same error because it's not updating the configure file.  Do I also have to fix the configure file or is there some way I can force a autoreconf?
When I try building this on master, I have to use luajit as it provides shared libraries and lua does not. The symbol 'rs_dns_lua_get_rrname' and others are not found. i don't see them in the latest lua nor luajit repos so I don't know why they are being referenced.

The version I am building is 6.0.4 which uses Rust so I don't know what would take to fix zeus.

- armin

Thanks

Gary
------------------------------------------------------------------------
*From:* Khem Raj <raj.khem@...>
*Sent:* Saturday, March 5, 2022 2:55 AM
*To:* Gary Huband <Gary@...>
*Cc:* akuster808 <akuster808@...>; yocto@... <yocto@...>
*Subject:* Re: [yocto] suricata: enable lua support


On Fri, Mar 4, 2022 at 6:23 PM Gary Huband via lists.yoctoproject.org <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.yoctoproject.org%2F&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637801952624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Flf1GviaQggt7vNDuC46swBvjTl1%2FJoaw4sVQ6RRDW4%3D&reserved=0> <gary=missionsecure.com@...> wrote:

The Suricata install site also says to install

liblua5.1-dev

Does this mean that Suricata needs lua 5.1 (which is very old)??
For Zeus the lua recipe is 5.3.5.

Do I need to create a recipe for lua 5.1?


seems so, lua5.1 is not ABI compatible with newer Lua, so if an app needs this version then
you will have to add it, perhaps see if you can just use internal version or something like that


Gary
------------------------------------------------------------------------
*From:* akuster808 <akuster808@...>
*Sent:* Friday, March 4, 2022 7:52 PM
*To:* Gary Huband <Gary@...>;
yocto@... <yocto@...>
*Subject:* Re: [yocto] suricata: enable lua support


On 3/4/22 15:02, Gary Huband via lists.yoctoproject.org
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.yoctoproject.org%2F&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637801952624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Flf1GviaQggt7vNDuC46swBvjTl1%2FJoaw4sVQ6RRDW4%3D&reserved=0>
wrote:
>
> Adding DEPENDS += "lua"  fixed that error. I'm assuming that allows
> the configure to find lua.
>
> Now I'm getting a compile error
>

I added this to the recipe and it appears the liblua it  is
looking for
does not exist.

PACKAGECONFIG[lua] = "--enable-lua
--with-liblua-includes=${STAGING_INCDIR}
--with-liblua-libraries==${STAGING_LIBDIR}, --disable-lua,lua, lua"

Error:

checking for luaL_openlibs in -llua5.1... no
|
|    ERROR!  liblua library not found, go get it
|    from
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flua.org%2Findex.html&;data=04%7C01%7Cgary%40missionsecure.com%7C7f9815dcc0c142b6d92d08d9fe4262cb%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820383359878260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=FdB7jyQwXX%2BVjjhLSDhKNSt41GUOgdg%2FG3ajSKIElo0%3D&amp;reserved=0
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flua.org%2Findex.html&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=IIiVAzlCWInZxopdvMsLgkyuDmB5YSRF%2Fa%2FCsQAl7r0%3D&reserved=0>
or your distribution:
|
|    Ubuntu: apt-get install liblua5.1-dev


It may be  the lua recipe.  I only see the static lib 'liblua.a'

-armin

> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetTxid':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:80:

> undefined reference to `rs_dns_lua_get_tx_id'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetAnswerTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:125:

> undefined reference to `rs_dns_lua_get_answer_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetAuthorityTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:133:

> undefined reference to `rs_dns_lua_get_authority_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetQueryTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:117:

> undefined reference to `rs_dns_lua_get_query_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetDnsRrname':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:69:

> undefined reference to `rs_dns_lua_get_rrname'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetRcode':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:92:

> undefined reference to `rs_dns_lua_get_rcode'
> | collect2: error: ld returned 1 exit status
> | Makefile:2118: recipe for target 'suricata' failed
> | make[2]: *** [suricata] Error 1
>
>
>
>


*Gary Huband*
/Sr. Software and Systems Engineer/

Office: 434.284.8071 x720
Direct: 434.260.4995
Gary@...

*Follow Us!*
LinkedIn
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmission-secure-inc-&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OG%2F50BtrZR9AjIfTtJTuropOzChcINERZyhRWyWyLGA%3D&reserved=0>  |
Blog
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.missionsecure.com%2Fblog%3Futm_source%3Demail-signature%26utm_medium%3Demail%26utm_campaign%3Dblog-email-sig&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pv1FQe%2F9E0oVWISZeGtO3DCs9jWOOyXFsH1kDtruQh4%3D&reserved=0>  |
Website
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.missionsecure.com%2F%3Futm_source%3Demail-signature%26utm_medium%3Demail%26utm_campaign%3Dweb-email-sig&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9wovY4656fj9McZWqGJH3ZOerurcU2Mvsgdsfd%2FNU7M%3D&reserved=0>


: : : : : : : : : : : : : : : : : : : : : : : : : : :

MSi

This email and any files transmitted with it are confidential and
proprietary and intended solely for the use of the individual or
entity to whom they are addressed. Any dissemination, distribution
or copying of this communication is strictly prohibited without
our prior permission. If you received this in error, please
contact the sender and delete the material from any computer.




*Gary Huband*
/Sr. Software and Systems Engineer/

Office: 434.284.8071 x720
Direct: 434.260.4995
Gary@...

*Follow Us!*
LinkedIn <https://www.linkedin.com/company/mission-secure-inc->  | Blog <https://www.missionsecure.com/blog?utm_source=email-signature&utm_medium=email&utm_campaign=blog-email-sig>  | Website <https://www.missionsecure.com/?utm_source=email-signature&utm_medium=email&utm_campaign=web-email-sig>

: : : : : : : : : : : : : : : : : : : : : : : : : : :

MSi

This email and any files transmitted with it are confidential and proprietary and intended solely for the use of the individual or entity to whom they are addressed. Any dissemination, distribution or copying of this communication is strictly prohibited without our prior permission. If you received this in error, please contact the sender and delete the material from any computer.


[meta-security][PATCH] python3-privacyidea: drop old package ref.

Armin Kuster
 

meta-python dropped package via commit:

620689d4efba28bc8dd60e2d82908bfb3531fbd0
python3-backports-functional-lru-cache: remove, not needed for Python 3

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/mfa/python3-privacyidea_3.6.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/mfa/python3-privacyidea_3.6.2.bb b/recipes-security/mfa/python3-privacyidea_3.6.2.bb
index ecfeca6..40f6d15 100644
--- a/recipes-security/mfa/python3-privacyidea_3.6.2.bb
+++ b/recipes-security/mfa/python3-privacyidea_3.6.2.bb
@@ -23,7 +23,7 @@ FILES:${PN} += " ${prefix}/etc/privacyidea/* ${datadir}/lib/privacyidea/*"

RDEPENDS:${PN} += " bash perl freeradius-mysql freeradius-utils"

-RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-backports-functools-lru-cache python3-bcrypt"
+RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-bcrypt"
RDEPENDS:${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet"
RDEPENDS:${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml"
RDEPENDS:${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate"
--
2.25.1


[ANNOUNCEMENT] Milestone 3 for Yocto Project 3.5 (yocto-3.5_M3) Now Available

Lee Chee Yang
 

Hello,

We are pleased to announce the third milestone release for Yocto Project 3.5 (yocto-3.5_M3) is now available for download.

 

Download:

 

http://downloads.yoctoproject.org/releases/yocto/milestones/yocto-3.5_M3

 

bitbake: 8055ec360507e6a678ee5c4018ec1ab7f5a9cce5

meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c

meta-arm: 643cf58a6988505dbd9243142496a3bc649efb1c

meta-aws: 214a5867b3b0d9ba54818aabb1711eadf4ba9eb3

meta-gplv2: 5c9f033892ae56c178616859a1245efd375e64bd

meta-intel: 6fba58adb3823cd7578062b0afa4938dd7206adb

meta-mingw: d49e803e4b8b62dc148c182af499e582e7684de4

meta-openembedded: a75b9a549563e09fca9a8c280f5731152913b651

oecore: 4caea2d32f177fbbe3887f37b6700b2b4996b2be

poky: afbdba9b12bc12638d82813d1cd31ec479971c4b

 

Full Test Report:

 

http://downloads.yoctoproject.org/releases/yocto/milestones/yocto-3.5_M3/testreport.txt

 

Thank you.

 

Lee Chee Yang

chee.yang.lee@...

Yocto Project Build and Release


Re: Honister on Ubuntu 14.04

jussi.vanska@...
 

Building anything recent is probably not going to work as there are lots of breaking changes in Python. You need at least python 3.6 to build Honister. It took me about a month to get Hardknott to build on top of Rocko host. I would say it is more or less a no-go to cross the 3.0 Yocto boundary. Rocko is roughly equivalent to 16.04LTS distro.


Re: nspr-native does not build on Debian bullseye for x86_64 target?

Matthias Klein
 

Yes, with maste-next the problem is gone.

Thanks!


-----Ursprüngliche Nachricht-----
Von: Khem Raj <raj.khem@...>
Gesendet: Freitag, 11. März 2022 08:28
An: Matthias Klein <matthias.klein@...>
Cc: yocto@...
Betreff: Re: [yocto] nspr-native does not build on Debian bullseye for x86_64 target?

Thanks Matthias

There is a patch staged in master-next to fix this. Can you try master-next meanwhile

On Thu, Mar 10, 2022 at 10:51 PM Matthias Klein <matthias.klein@...> wrote:

Hello,

Has anyone had the same problem with the master branch since today?

For me the build aborts as follows:

/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlopen'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlclose'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlerror'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlsym'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dladdr'

Best regards,
Matthias




Re: nspr-native does not build on Debian bullseye for x86_64 target?

Khem Raj
 

Thanks Matthias

There is a patch staged in master-next to fix this. Can you try
master-next meanwhile

On Thu, Mar 10, 2022 at 10:51 PM Matthias Klein
<matthias.klein@...> wrote:

Hello,

Has anyone had the same problem with the master branch since today?

For me the build aborts as follows:

/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlopen'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlclose'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlerror'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlsym'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dladdr'

Best regards,
Matthias




nspr-native does not build on Debian bullseye for x86_64 target?

Matthias Klein
 

Hello,

Has anyone had the same problem with the master branch since today?

For me the build aborts as follows:

/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlopen'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlclose'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlerror'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlsym'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dladdr'

Best regards,
Matthias


[meta-security][PATCH] python3-fail2ban: addjust compile to setuptools_build_meta changes

Armin Kuster
 

Tweak compile do to this commit:
bcd7e29a3b setuptools_build_meta: clean up configure/compile

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index 2fe407e..e653d9d 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -25,7 +25,8 @@ S = "${WORKDIR}/git"
do_compile () {
cd ${S}
./fail2ban-2to3
- nativepython3 ${S}/build-it.py
+ mkdir -p ${S}/dist
+ nativepython3 -c "from setuptools import build_meta; build_meta.build_wheel('./dist')"
}

do_install:append () {
--
2.25.1


Minutes: Yocto Project Weekly Triage Meeting 3/10/2022

Trevor Gamblin
 

Wiki: https://wiki.yoctoproject.org/wiki/Bug_Triage

Attendees: Alexandre, Joshua, Luca, Michael, Randy, Richard, Ross, Saul, Stephen, Steve, Tim, Trevor

ARs:

- Randy to move AB, 3.5 Enhancement M3 bugs to M4 or later

- All to review Old Milestone bugs and move to M4 or later

Notes:

- ~43% of AB workers have been switched to SSDs. Failure rate appears lower, but still TBD. More coming soon!

Medium+ 3.5 Unassigned Enhancements/Bugs: 73 (Last week 77)

Medium+ 3.6 Unassigned Enhancements/Bugs: 2

Medium+ 3.99 Unassigned Enhancements/Bugs: 38 (Last week 38)

AB Bugs: 71 (Last week 75)


Minutes: Yocto Project Weekly Triage Meeting 3/10/2022

Trevor Gamblin
 

Wiki: https://wiki.yoctoproject.org/wiki/Bug_Triage

Attendees: Alexandre, Joshua, Luca, Michael, Randy, Richard, Ross, Saul, Stephen, Steve, Tim, Trevor

ARs:

- Randy to move AB, 3.5 Enhancement M3 bugs to M4 or later

- All to review Old Milestone bugs and move to M4 or later

Notes:

- ~43% of AB workers have been switched to SSDs. Failure rate appears lower, but still TBD. More coming soon!

Medium+ 3.5 Unassigned Enhancements/Bugs: 73 (Last week 77)

Medium+ 3.6 Unassigned Enhancements/Bugs: 2 (new)

Medium+ 3.99 Unassigned Enhancements/Bugs: 38 (Last week 38)

AB Bugs: 71 (Last week 75)


Re: [meta-security][PATCH] isafw.bbclass: update task dependency on cve-update-db-native

Darcy Watkins
 

Hi,

 

I am resending this from my regular email client because I think that my original submission using git sendmail was messed up in my GIT config so it didn’t make it to the list.  (I did send an email using git sendmail to Armin).

 

We need this change to meta-security to be compatible with the referenced change made in poky / OE-core.  Otherwise there is an error as I reported weeks back.  I believe that this patch fixes it.  I have used it in both master branch and in dunfell.

 

We also need this to be back ported to all the same branches of meta-security to correspond to all the branches on poky to which the 33efd9351702e08a53e6512e235f947e4f9e914f commit was back ported.  This includes dunfell.

 

It is easy to find in a poky branch by grepping for do_populate_cve_db.

 

From a different perspective, there could also be a case to revert the original changes as I notice that populating the CVE database is not necessarily something that we would want to be part of someone running a fetch all operation for a target image, because the fetch for the CVE database would likely be run again later at the time of building the image.  This could be a matter of discussion (if not already discussed).  But I can work with it either way.

 

Thanks!

 

 

Regards,

 

Darcy

 

Darcy Watkins ::  Senior Staff Engineer, Firmware

 

SIERRA WIRELESS

Direct  +1 604 233 7989   ::  Fax  +1 604 231 1109  ::  Main  +1 604 231 1100

13811 Wireless Way  :: Richmond, BC Canada V6V 3A4

[M4]

dwatkins@... :: www.sierrawireless.com

 

From: Darcy Watkins <dwatkins@...>
Date: Wednesday, March 9, 2022 at 6:19 PM
To: yocto@... <yocto@...>
Cc: Darcy Watkins <darcy@...>, Darcy Watkins <dwatkins@...>
Subject: [meta-security][PATCH] isafw.bbclass: update task dependency on cve-update-db-native

From: Darcy Watkins <darcy@...>

poky commit: 33efd9351702e08a53e6512e235f947e4f9e914f
(or OE-Core commit: f5f97d33a1703d75b9fd9760f2c7767081538e00)
had renamed the do_populate_cve_db task in cve-update-db-native
to do_fetch.

Need to update the do_build task dependency accordingly.

Signed-off-by: Darcy Watkins <dwatkins@...>
---
 meta-security-isafw/classes/isafw.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-security-isafw/classes/isafw.bbclass b/meta-security-isafw/classes/isafw.bbclass
index da6bf76..4d39fc7 100644
--- a/meta-security-isafw/classes/isafw.bbclass
+++ b/meta-security-isafw/classes/isafw.bbclass
@@ -105,7 +105,7 @@ python process_reports_handler() {
     os.environ["PATH"] = savedenv["PATH"]
 }
 
-do_build[depends] += "cve-update-db-native:do_populate_cve_db ca-certificates-native:do_populate_sysroot"
+do_build[depends] += "cve-update-db-native:do_fetch ca-certificates-native:do_populate_sysroot"
 do_build[depends] += "python3-lxml-native:do_populate_sysroot"
 
 # These tasks are intended to be called directly by the user (e.g. bitbake -c)
--
2.16.6


[meta-security][PATCH] Subject: [PATCH] Subject: python3-fail2ban: switch to legacy setuptools3

Ashish Sharma
 

raise InvalidWheelFilename(f"{filename} is not a valid wheel filename.")
pip._internal.exceptions.InvalidWheelFilename: fail2ban-*-*.whl is not a valid wheel filename.
Removed build tracker: '/tmp/pip-req-tracker-qnepnk46'

ERROR: Failed to pip install wheel. Check the logs.

Signed-off-by: Ashish Sharma <asharma@...>
---
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index f6394cc..29a4ad2 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -15,7 +15,7 @@ SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://run-ptest \
"

-inherit update-rc.d ptest setuptools3
+inherit update-rc.d ptest setuptools3_legacy

S = "${WORKDIR}/git"

--
2.33.0

1001 - 1020 of 57387