Date   

Re: [meta-security][dunfell][PATCH] tpm2-tools: backport fix for CVE-2021-3565

Armin Kuster
 

On 3/14/22 12:44, Ralph Siemsen wrote:
tpm2_import: fix fixed AES key CVE-2021-3565

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@...>
---
Discussion items:

1) Perhaps dunfell should update 4.1.1 -> 4.1.3 ?
There appear to be only two small fixes
https://github.com/tpm2-software/tpm2-tools/blob/4.1.X/CHANGELOG.md
https://github.com/tpm2-software/tpm2-tools/commits/4.1.X
We still need this backport regardless.
I would take an update to 4.1.3.


2) hardknott and honister are on 5.0
According to CVE configuration data, this version is not affected.
But looking at the branch history suggests otherwise.
The patch applies cleanly on top of 5.0.
Should we backport? Or never mind as these branches are almost EOL?

3) master/kirkstone is on 5.2 which includes the fix already,
no action needed for this one.
Thanks for the analysis, much appreciated.


...port-fix-fixed-AES-key-CVE-2021-3565.patch | 43 +++++++++++++++++++
.../tpm2-tools/tpm2-tools_4.1.1.bb | 3 ++
2 files changed, 46 insertions(+)
create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
new file mode 100644
index 0000000..4fceb2e
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
@@ -0,0 +1,43 @@
+From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Fri, 21 May 2021 12:22:31 -0500
+Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
+
+tpm2_import used a fixed AES key for the inner wrapper, which means that
+a MITM attack would be able to unwrap the imported key. Even the
+use of an encrypted session will not prevent this. The TPM only
+encrypts the first parameter which is the fixed symmetric key.
+
+To fix this, ensure the key size is 16 bytes or bigger and use
+OpenSSL to generate a secure random AES key.
+
+Fixes: #2738
+
+Signed-off-by: William Roberts <william.c.roberts@...>



+---
+ tools/tpm2_import.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@...>
Missing the Standard OE patch format. The patch itself needs this additional meta data.
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines

Needs these too:

Upstream-Status:
CVE:

-armin
+
+diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
+index 6404cac..acd8ac8 100644
+--- a/tools/tpm2_import.c
++++ b/tools/tpm2_import.c
+@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
+ TPM2B_DATA enc_sensitive_key = {
+ .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
+ };
+- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
++
++ if(enc_sensitive_key.size < 16) {
++ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
++ return tool_rc_general_error;
++ }
++
++ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
++ if (ossl_rc != 1) {
++ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
++ return tool_rc_general_error;
++ }
+
+ /*
+ * Calculate the object name.
diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
index e90dcfe..f013fa1 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
@@ -6,7 +6,10 @@ SECTION = "tpm"
DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"
+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"
SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"


Yocto Project Status WW11`22

Stephen Jolley
 

Current Dev Position: YP 3.5 M4

Next Deadline: 4th April. 2022 YP 3.5 M4 build

 

Next Team Meetings:

 

Key Status/Updates:

  • YP 3.5 M3 has been released.
  • YP 3.1.15 is now in QA
  • There are patches proposed to move python3-cryptography to OE-Core from meta-oe/meta-python. It is late in the cycle but the current location is causing issues for several layers and it appears to be the right thing to do before kirkstone is released.
  • There is a proposal to switch from pip to installer to handle installation of python modules. With some development, the path becomes clear in hindsight and this is another change where it seems to make sense to do it now.
  • Other than the above, we should be seeing the recent python changes settling down.
  • There were some tweaks to the tasks display in knotty merged.
  • We took an upgrade to mesa 22 which drops dri1 support on the basis it stands the release in a better long term position.
  • We have continued to take other minimal impact upgrades and this is having a positive impact on CVE numbers.
  • Toaster has seen a number of fixes recently and should be in a stronger position for release with a move to an LTS django version, thanks Tim and David.
  • Help in completing the migration documentation would be much appreciated.
  • If people see intermittent issues in their own builds, particularly if they’re the same as intermittent issues seen on the autobuilder, please do comment in the bugs mentioning when they happen as the frequency information does help us prioritize fixing the most common issues.
  • Intermittent issues continue to be at record high levels and help is very much welcome in trying to resolve them. You can see the list of failures we’re continuing to see by searching for the “AB-INT” tag in bugzilla: https://bugzilla.yoctoproject.org/buglist.cgi?quicksearch=AB-INT

 

Ways to contribute:

 

YP 3.5 Milestone Dates:

  • YP 3.5 M3 is released
  • YP 3.5 M4 build date 2022/04/04
  • YP 3.5 M4 Release date 2022/04/29

 

Upcoming dot releases:

  • YP 3.1.15  is in QA
  • YP 3.1.15 Release date 2022/03/25
  • YP 3.4.3 build date 2022/03/21
  • YP 3.4.3 Release date 2022/04/01
  • YP 3.3.6 build date 2022/03/28
  • YP 3.3.6 Release date 2022/04/08
  • YP 3.1.16 build date 2022/04/25
  • YP 3.1.16 Release date 2022/05/06

 

Tracking Metrics:

 

The Yocto Project’s technical governance is through its Technical Steering Committee, more information is available at:

https://wiki.yoctoproject.org/wiki/TSC

 

The Status reports are now stored on the wiki at: https://wiki.yoctoproject.org/wiki/Weekly_Status

 

[If anyone has suggestions for other information you’d like to see on this weekly status update, let us know!]

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


[meta-gplv2] [PATCH] sed: mark as providing /bin/sed when usrmerge is enabled

Anthony Bagwell
 

Otherwise recipies that need sed like strace fail with
"requires /bin/sed, but no providers found in RDEPENDS"
when building.
---
recipes-extended/sed/sed_4.1.2.bb | 2 ++
1 file changed, 2 insertions(+)

diff --git a/recipes-extended/sed/sed_4.1.2.bb b/recipes-extended/sed/sed_4.1.2.bb
index dc061ca..cd7993c 100644
--- a/recipes-extended/sed/sed_4.1.2.bb
+++ b/recipes-extended/sed/sed_4.1.2.bb
@@ -35,3 +35,5 @@ ALTERNATIVE:${PN} = "sed"
ALTERNATIVE_LINK_NAME[sed] = "${base_bindir}/sed"
ALTERNATIVE_PRIORITY = "100"

+RPROVIDES:${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'usrmerge', '/bin/sed', '', d)}"
+
--
2.32.0 (Apple Git-132)


Re: configuration fragments

Monsees, Steven C (US)
 

When you say:

" you might have to look into this kernel recipe and ensure that it has enabled merging configs feature from kernel"

Are you talking about inheriting from "kernel-yocto" in order to work with configuration fragments ?

Thanks,
Steve

-----Original Message-----
From: Khem Raj <raj.khem@...>
Sent: Monday, March 14, 2022 4:13 PM
To: Monsees, Steven C (US) <steven.monsees@...>
Cc: yocto@...
Subject: Re: [yocto] configuration fragments

External Email Alert

This email has been sent from an account outside of the BAE Systems network.

Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros. For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar.


On Mon, Mar 14, 2022 at 12:57 PM Monsees, Steven C (US) via lists.yoctoproject.org <steven.monsees=baesystems.com@...> wrote:



Under my aarm64 platform ../recipes-core/images I have a file “aiox-swdebugfs.inc”



Which basically contains:



EXTRAPATHS_prepend := "$(THISDIR}/files:"

LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"

SRC_URI += file://aiox-swdebugfs.cfg



I include this in my aiox-swdebugfs.bb like so: “require aiox-swdebugfs.inc”



It does not appear to apply my configuration fragments…

(CONFIG_SCHED_TRACER, CONFIG_TRACER, etc. for additional perf support)

these are some config files for doing what ? from what it looks like, this inc file is adding a kernel config fragment if so then it should be appended too kernel recipe so if aiox-swdebugfs.bb is kernel recipe then you are doing it right, but then you might have to look into this kernel recipe and ensure that it has enabled merging configs feature from kernel. Otherwise these cfgs wont be processed.


I have the exact same implementation working under my intel platform.



Can someone tell me what I might be doing wrong, or how I can get my configuration fragments to be applied properly ?

Any ideas why it might work properly under one architecture and not on the other ?



Thanks,

Steve




Query regarding yocto build

nupur100299@...
 

Hi,

Please find the below error snapshot.

I am trying to integrate OMADM (Open mobile alliance device management) on the top of yocto 3.4.2 (honister) poky. And facing the following issue with bitbake log-wrapper ( one of the APIs I'm trying to integrate).

Please provide assistance to resolve the error.

Thanks and regards,
Nupur


Re: [PATCH v2] bitbake/fetch2: Add a new variable 'BB_FETCH_ENV' to export Fetcher env

Jérôme Carretero
 

Hi Mingrui, Richard,


On Sat, 11 Sep 2021 11:42:44 +0800
"Mingrui Ren" <jiladahe1997@...> wrote:

On 06/09/2021 17:41, Richard Purdie wrote:
[...]
Why is this a problem? You need to state what the problem is
[...]
I think it's a good a feature if we could add custom variables into
fetcher. For example,
we could fetch private code by adding username or password, or we could
adding custom
proxy tools.
I have found myself using a sed one-liner to alter that variable list
in the fetcher code in order to pass through to git the
GIT_CONFIG_GLOBAL environment variable, the goal being to do git URL
rewrites via the git configuration (to pass HTTP credentials, or to use
a local repo because I didn't want to bother keeping obscure VPNs
online); it was the shortest way I could think of to achieve this.
Alternatively I could have used a PATH modification with a host tool
wrapper.
Ideally I would prefer adding a KEY += value line to a site.conf.


Best regards,

--
Jérôme


Re: QA notification for completed autobuilder build (yocto-3.1.15.rc1)

Teoh, Jay Shen
 

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.1.15.rc1. We are planning to execute following tests for this cycle:

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion this Friday, March 18.

Thanks,
Jay

-----Original Message-----
From: yocto@... <yocto@...> On Behalf
Of Richard Purdie
Sent: Tuesday, 15 March, 2022 6:27 AM
To: <yocto@...> <yocto@...>
Cc: qa-build-notification <qa-build-notification@...>
Subject: [yocto] QA notification for completed autobuilder build (yocto-
3.1.15.rc1)

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder
and is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


M+ & H bugs with Milestone Movements WW11

Stephen Jolley
 

All,

YP M+ or high bugs which moved to a new milestone in WW11 are listed below:

Priority

Bug ID

Short Description

Changer

Owner

Was

Became

Medium+

5876

Add a test for the kernel -c menuconfig option

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

6428

Improve the ability to isolate changes that have caused a rebuild

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

11704

Add other resource monitoring options to conf/local.conf STOPTASKS/ABORT

randy.macleod@...

randy.macleod@...

3.5 M3

3.6 M1

 

12368

persistent bitbake server does not re-parse if previous build was ctrl+C'd

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

12723

mysql requires unicode and char length filtering

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

13004

Automate yocto-check-layer -m option

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

13025

WIC image install support

kexin.hao@...

kexin.hao@...

3.5 M3

3.6 M1

 

13103

[Bug][QA 2.7 M1 rc1][Toaster] "Recipes" tableá and á"machines" table are not getting populated after clickingáon imported layer as well as after clicking Machines Tab on project page

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

13123

package.PackageTests.test_gdb_hardlink_debug failed

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

13233

fetch2: try_premirror(): improve on updating repo from mirror

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

13278

If git protocol doesn't work, you get a tar.gz clone from PREMIRROR which has git protocol origin

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

13424

devupstream doesn't work with mutilib

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

13520

many valgrind tests fail for arm64

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

13599

Enhancement: Detect variables that shouldn't be defined in image scope, but in global (distro) scope

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

13669

Move Toaster testsuite-2 away from Testopia

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

13888

Toaster is not starting for Django-3

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

13975

cve-checker: save to alternate file format like JSON

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

14045

git fetcher deadlock with self-referencing sub-modules

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

14085

Toaster UI should know when bitbake crashed

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

14125

busybox wget ssl is exposed to MitM attack due to CVE-2018-1000500

randy.macleod@...

shachar@...

3.5 M3

3.6 M1

 

14156

fetch/gitsm: submodules are fetched as mirrored and not working as expected

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

14196

Add integration to send data to KCIDB

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

14201

Bitbake server intermittent timeout

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14236

npmsw does not support github URLs in the npm-shrinkwrap.json file

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

14263

AB-INT PTEST: lttng-tools ptest intermittent failure

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14290

golang test_go_dep_build accessing network during testing

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14311

AB-INT PTEST: valgrind drd/tests ptest intermittent failure

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14385

mode of sstate files created under pseudo

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

14388

AB-INT PTEST: valgrind failed  helgrind/tests/hg05_race2

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14449

AB-INT PTEST ARM: quilt patch-wrapper ptest intermittent failure

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14464

AB-INT PTEST ARM: glib-2.0 glib/timeout.test failure

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14467

curl timeout while dnf is downloading package

randy.macleod@...

sakib.sajal@...

3.5 M3

3.5 M4

 

14486

qemu rootfs copy is taking too much time

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14522

qemuppc doesn't shutdown within timeout (serial console issues)

randy.macleod@...

sakib.sajal@...

3.5 M3

3.5 M4

 

14538

Recipes shouldn't use "virtual/" in RPROVIDES and RDEPENDS

randy.macleod@...

randy.macleod@...

3.5 M3

3.6 M1

 

14564

parselogs.ParseLogsTest.test_parselogs udev failure

randy.macleod@...

trevor.gamblin@...

3.5 M3

3.5 M4

 

14585

oe-selftest: tinfoil.TinfoilTests.test_wait_event failure

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14596

AB-INT PTEST ARM: strace ptest intermittent failure in strace-T.test

randy.macleod@...

ross@...

3.5 M3

3.5 M4

 

14620

QA error not seen when reusing SSTATE

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

14644

Please add per-toolchain CMake toolchain file which does not rely on setting up environment variables

randy.macleod@...

jaskij@...

3.5 M3

3.5 M4

 

14655

AB-INT: SDK preparation failure: SState: cannot test file://[...]

randy.macleod@...

mhalstead@...

3.5 M3

3.5 M4

 

14665

AB-INT: prservice.BitbakePrTests.test_import_export_replace_db failure

randy.macleod@...

richard.purdie@...

3.5 M3

3.5 M4

 

14672

ThreadSanitizer (-fsanitize=thread) segfault before reaching main()

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14677

systemd.SystemdServiceTests.test_systemd_disable_enable intermittent failure: no filesystem space on target

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14678

AB intermittent network connectivity issue while fetching

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14680

intermittent setscene tasks failures

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14688

parselogs.ParseLogsTest.test_parselogs failure because of closed SSH connection

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14694

logrotate.LogrotateTest.test_logrotate_wtmp failure: /var/lib/logrotate.status is already locked

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14706

AB-INT-NET: network failure when fetching repositories

randy.macleod@...

mhalstead@...

3.5 M3

3.5 M4

 

14710

Improve cargo fetcher test cases

randy.macleod@...

randy.macleod@...

3.5 M3

3.6 M1

 

14713

AB-INT-NET: TLS Handshake failure during gotoolchain

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14716

Add additional resolvers to autobuilder workers

randy.macleod@...

mhalstead@...

3.5 M3

3.5 M4

 

14712

build hangs: host make is not collecting its own children, turning them into zombies

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14721

Intermittent runqueue issue re-running populate_sysroot_setscene after populate_sysroot

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Enhancements/Bugs closed WW11!

Stephen Jolley
 

All,

The below were the owners of enhancements or bugs closed during the last week!

Who

Count

pgowda.cve@...

1

richard.purdie@...

1

tim.orling@...

1

alexandre.belloni@...

1

michael.opdenacker@...

1

Grand Total

5

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Current high bug count owners for Yocto Project 3.5

Stephen Jolley
 

All,

Below is the list as of top 44 bug owners as of the end of WW11 of who have open medium or higher bugs and enhancements against YP 3.5.   There are 33 possible work days left until the final release candidates for YP 3.5 needs to be released.

Who

Count

michael.opdenacker@...

35

ross@...

33

david.reyna@...

22

randy.macleod@...

20

sakib.sajal@...

13

tim.orling@...

13

bruce.ashfield@...

11

mhalstead@...

10

richard.purdie@...

10

saul.wold@...

7

trevor.gamblin@...

7

kai.kang@...

6

bluelightning@...

6

hongxu.jia@...

4

JPEWhacker@...

4

chee.yang.lee@...

4

jon.mason@...

3

Qi.Chen@...

3

pokylinux@...

2

mshah@...

2

alejandro@...

2

akuster808@...

2

pgowda.cve@...

1

andrei@...

1

pavel@...

1

open.source@...

1

thomas.perrot@...

1

yi.zhao@...

1

nicolas.dechesne@...

1

raj.khem@...

1

sundeep.kokkonda@...

1

Martin.Jansa@...

1

mostthingsweb@...

1

aehs29@...

1

jay.shen.teoh@...

1

matthewzmd@...

1

TicoTimo@...

1

mingli.yu@...

1

jaskij@...

1

mark.hatle@...

1

martin.beeger@...

1

john.kaldas.enpj@...

1

liezhi.yang@...

1

alexandre.belloni@...

1

Grand Total

241

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 399 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now,  “3.5, “3.6”, "3.99" and "Future", the more pressing/urgent issues being in "3.5" and then “3.6”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


QA notification for completed autobuilder build (yocto-3.1.15.rc1)

Pokybuild User <pokybuild@...>
 

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder and is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


QA notification for completed autobuilder build (yocto-3.1.15.rc1)

Richard Purdie
 

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder and
is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


Re: configuration fragments

Khem Raj
 

On Mon, Mar 14, 2022 at 12:57 PM Monsees, Steven C (US) via
lists.yoctoproject.org
<steven.monsees=baesystems.com@...> wrote:



Under my aarm64 platform ../recipes-core/images I have a file “aiox-swdebugfs.inc”



Which basically contains:



EXTRAPATHS_prepend := "$(THISDIR}/files:"

LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"

SRC_URI += file://aiox-swdebugfs.cfg



I include this in my aiox-swdebugfs.bb like so: “require aiox-swdebugfs.inc”



It does not appear to apply my configuration fragments…

(CONFIG_SCHED_TRACER, CONFIG_TRACER, etc. for additional perf support)

these are some config files for doing what ? from what it looks like,
this inc file is adding a kernel config fragment
if so then it should be appended too kernel recipe so if
aiox-swdebugfs.bb is kernel recipe then you are doing it
right, but then you might have to look into this kernel recipe and
ensure that it has enabled merging configs feature
from kernel. Otherwise these cfgs wont be processed.


I have the exact same implementation working under my intel platform.



Can someone tell me what I might be doing wrong, or how I can get my configuration fragments to be applied properly ?

Any ideas why it might work properly under one architecture and not on the other ?



Thanks,

Steve




configuration fragments

Monsees, Steven C (US)
 

 

Under my aarm64 platform ../recipes-core/images I have a file “aiox-swdebugfs.inc”

 

Which basically contains:

 

EXTRAPATHS_prepend := "$(THISDIR}/files:"

LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"

SRC_URI += file://aiox-swdebugfs.cfg

 

I include this in my aiox-swdebugfs.bb like so: “require aiox-swdebugfs.inc”

 

It does not appear to apply my configuration fragments…

(CONFIG_SCHED_TRACER, CONFIG_TRACER, etc. for additional perf support)

 

I have the exact same implementation working under my intel platform.

 

Can someone tell me what I might be doing wrong, or how I can get my configuration fragments to be applied properly ?

Any ideas why it might work properly under one architecture and not on the other ?

 

Thanks,

Steve


[meta-security][dunfell][PATCH] tpm2-tools: backport fix for CVE-2021-3565

Ralph Siemsen
 

tpm2_import: fix fixed AES key CVE-2021-3565

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@...>
---
Discussion items:

1) Perhaps dunfell should update 4.1.1 -> 4.1.3 ?
There appear to be only two small fixes
https://github.com/tpm2-software/tpm2-tools/blob/4.1.X/CHANGELOG.md
https://github.com/tpm2-software/tpm2-tools/commits/4.1.X
We still need this backport regardless.

2) hardknott and honister are on 5.0
According to CVE configuration data, this version is not affected.
But looking at the branch history suggests otherwise.
The patch applies cleanly on top of 5.0.
Should we backport? Or never mind as these branches are almost EOL?

3) master/kirkstone is on 5.2 which includes the fix already,
no action needed for this one.

...port-fix-fixed-AES-key-CVE-2021-3565.patch | 43 +++++++++++++++++++
.../tpm2-tools/tpm2-tools_4.1.1.bb | 3 ++
2 files changed, 46 insertions(+)
create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
new file mode 100644
index 0000000..4fceb2e
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
@@ -0,0 +1,43 @@
+From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Fri, 21 May 2021 12:22:31 -0500
+Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
+
+tpm2_import used a fixed AES key for the inner wrapper, which means that
+a MITM attack would be able to unwrap the imported key. Even the
+use of an encrypted session will not prevent this. The TPM only
+encrypts the first parameter which is the fixed symmetric key.
+
+To fix this, ensure the key size is 16 bytes or bigger and use
+OpenSSL to generate a secure random AES key.
+
+Fixes: #2738
+
+Signed-off-by: William Roberts <william.c.roberts@...>
+---
+ tools/tpm2_import.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
+index 6404cac..acd8ac8 100644
+--- a/tools/tpm2_import.c
++++ b/tools/tpm2_import.c
+@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
+ TPM2B_DATA enc_sensitive_key = {
+ .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
+ };
+- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
++
++ if(enc_sensitive_key.size < 16) {
++ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
++ return tool_rc_general_error;
++ }
++
++ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
++ if (ossl_rc != 1) {
++ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
++ return tool_rc_general_error;
++ }
+
+ /*
+ * Calculate the object name.
diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
index e90dcfe..f013fa1 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
@@ -6,7 +6,10 @@ SECTION = "tpm"

DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"

+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"

SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"
--
2.25.1


[meta-zephyr][PATCH 1/1] python3-pyelftools: Drop recipe in favour of oe-core

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@...>

All the LAYERSERIES_COMPAT versions provide this recipe in oe-core.
Also, west seems to only depend on 0,26 which is provided even in
dunfell.

Signed-off-by: Andrei Gherzan <andrei.gherzan@...>
---
.../python/python3-pyelftools_0.27.bb | 14 --------------
1 file changed, 14 deletions(-)
delete mode 100644 meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb

diff --git a/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb b/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb
deleted file mode 100644
index 1405fc5..0000000
--- a/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-# SPDX-FileCopyrightText: Huawei Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-SUMMARY = "Python pyelftools"
-HOMEPAGE = "https://pypi.org/project/pyelftools"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5ce2a2b07fca326bc7c146d10105ccfc"
-
-inherit pypi setuptools3
-
-PYPI_PACKAGE = "pyelftools"
-SRC_URI[md5sum] = "061d67c669a9b1f8d07f28c47fb6a65f"
-SRC_URI[sha256sum] = "cde854e662774c5457d688ca41615f6594187ba7067af101232df889a6b7a66b"
-BBCLASSEXTEND = "native nativesdk"
--
2.25.1


Re: [meta-security][PATCH] Subject: [PATCH] Subject: python3-fail2ban: switch to legacy setuptools3

Armin Kuster
 

On 3/9/22 23:58, Ashish Sharma wrote:
raise InvalidWheelFilename(f"{filename} is not a valid wheel filename.")
pip._internal.exceptions.InvalidWheelFilename: fail2ban-*-*.whl is not a valid wheel filename.
Removed build tracker: '/tmp/pip-req-tracker-qnepnk46'

ERROR: Failed to pip install wheel. Check the logs.
Thanks. I took this over the two odd ones I had in master-next.

merged.

-armin



Signed-off-by: Ashish Sharma <asharma@...>
---
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index f6394cc..29a4ad2 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -15,7 +15,7 @@ SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://run-ptest \
"
-inherit update-rc.d ptest setuptools3
+inherit update-rc.d ptest setuptools3_legacy
S = "${WORKDIR}/git"


Re: suricata: enable lua support

Armin Kuster
 

On 3/8/22 11:15, Gary Huband wrote:
The problems is that the configure.ac file is hard coded for lua5.1.  See

https://forum.suricata.io/t/lua-5-4-3-and-suricata-undefined-reference-error/1906/5

I created a patch to change configure.ac to use lua5.3 (I'm using Zeus).
Did you save that patch in the suricata/files dir and then append SRC_URI with "file://{patch name}" ?

But when I "bitbake suricata" I'm getting the same error because it's not updating the configure file.  Do I also have to fix the configure file or is there some way I can force a autoreconf?
When I try building this on master, I have to use luajit as it provides shared libraries and lua does not. The symbol 'rs_dns_lua_get_rrname' and others are not found. i don't see them in the latest lua nor luajit repos so I don't know why they are being referenced.

The version I am building is 6.0.4 which uses Rust so I don't know what would take to fix zeus.

- armin

Thanks

Gary
------------------------------------------------------------------------
*From:* Khem Raj <raj.khem@...>
*Sent:* Saturday, March 5, 2022 2:55 AM
*To:* Gary Huband <Gary@...>
*Cc:* akuster808 <akuster808@...>; yocto@... <yocto@...>
*Subject:* Re: [yocto] suricata: enable lua support


On Fri, Mar 4, 2022 at 6:23 PM Gary Huband via lists.yoctoproject.org <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.yoctoproject.org%2F&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637801952624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Flf1GviaQggt7vNDuC46swBvjTl1%2FJoaw4sVQ6RRDW4%3D&reserved=0> <gary=missionsecure.com@...> wrote:

The Suricata install site also says to install

liblua5.1-dev

Does this mean that Suricata needs lua 5.1 (which is very old)??
For Zeus the lua recipe is 5.3.5.

Do I need to create a recipe for lua 5.1?


seems so, lua5.1 is not ABI compatible with newer Lua, so if an app needs this version then
you will have to add it, perhaps see if you can just use internal version or something like that


Gary
------------------------------------------------------------------------
*From:* akuster808 <akuster808@...>
*Sent:* Friday, March 4, 2022 7:52 PM
*To:* Gary Huband <Gary@...>;
yocto@... <yocto@...>
*Subject:* Re: [yocto] suricata: enable lua support


On 3/4/22 15:02, Gary Huband via lists.yoctoproject.org
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.yoctoproject.org%2F&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637801952624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Flf1GviaQggt7vNDuC46swBvjTl1%2FJoaw4sVQ6RRDW4%3D&reserved=0>
wrote:
>
> Adding DEPENDS += "lua"  fixed that error. I'm assuming that allows
> the configure to find lua.
>
> Now I'm getting a compile error
>

I added this to the recipe and it appears the liblua it  is
looking for
does not exist.

PACKAGECONFIG[lua] = "--enable-lua
--with-liblua-includes=${STAGING_INCDIR}
--with-liblua-libraries==${STAGING_LIBDIR}, --disable-lua,lua, lua"

Error:

checking for luaL_openlibs in -llua5.1... no
|
|    ERROR!  liblua library not found, go get it
|    from
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flua.org%2Findex.html&;data=04%7C01%7Cgary%40missionsecure.com%7C7f9815dcc0c142b6d92d08d9fe4262cb%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820383359878260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=FdB7jyQwXX%2BVjjhLSDhKNSt41GUOgdg%2FG3ajSKIElo0%3D&amp;reserved=0
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flua.org%2Findex.html&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=IIiVAzlCWInZxopdvMsLgkyuDmB5YSRF%2Fa%2FCsQAl7r0%3D&reserved=0>
or your distribution:
|
|    Ubuntu: apt-get install liblua5.1-dev


It may be  the lua recipe.  I only see the static lib 'liblua.a'

-armin

> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetTxid':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:80:

> undefined reference to `rs_dns_lua_get_tx_id'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetAnswerTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:125:

> undefined reference to `rs_dns_lua_get_answer_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetAuthorityTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:133:

> undefined reference to `rs_dns_lua_get_authority_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetQueryTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:117:

> undefined reference to `rs_dns_lua_get_query_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetDnsRrname':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:69:

> undefined reference to `rs_dns_lua_get_rrname'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetRcode':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:92:

> undefined reference to `rs_dns_lua_get_rcode'
> | collect2: error: ld returned 1 exit status
> | Makefile:2118: recipe for target 'suricata' failed
> | make[2]: *** [suricata] Error 1
>
>
>
>


*Gary Huband*
/Sr. Software and Systems Engineer/

Office: 434.284.8071 x720
Direct: 434.260.4995
Gary@...

*Follow Us!*
LinkedIn
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmission-secure-inc-&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OG%2F50BtrZR9AjIfTtJTuropOzChcINERZyhRWyWyLGA%3D&reserved=0>  |
Blog
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.missionsecure.com%2Fblog%3Futm_source%3Demail-signature%26utm_medium%3Demail%26utm_campaign%3Dblog-email-sig&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pv1FQe%2F9E0oVWISZeGtO3DCs9jWOOyXFsH1kDtruQh4%3D&reserved=0>  |
Website
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.missionsecure.com%2F%3Futm_source%3Demail-signature%26utm_medium%3Demail%26utm_campaign%3Dweb-email-sig&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9wovY4656fj9McZWqGJH3ZOerurcU2Mvsgdsfd%2FNU7M%3D&reserved=0>


: : : : : : : : : : : : : : : : : : : : : : : : : : :

MSi

This email and any files transmitted with it are confidential and
proprietary and intended solely for the use of the individual or
entity to whom they are addressed. Any dissemination, distribution
or copying of this communication is strictly prohibited without
our prior permission. If you received this in error, please
contact the sender and delete the material from any computer.




*Gary Huband*
/Sr. Software and Systems Engineer/

Office: 434.284.8071 x720
Direct: 434.260.4995
Gary@...

*Follow Us!*
LinkedIn <https://www.linkedin.com/company/mission-secure-inc->  | Blog <https://www.missionsecure.com/blog?utm_source=email-signature&utm_medium=email&utm_campaign=blog-email-sig>  | Website <https://www.missionsecure.com/?utm_source=email-signature&utm_medium=email&utm_campaign=web-email-sig>

: : : : : : : : : : : : : : : : : : : : : : : : : : :

MSi

This email and any files transmitted with it are confidential and proprietary and intended solely for the use of the individual or entity to whom they are addressed. Any dissemination, distribution or copying of this communication is strictly prohibited without our prior permission. If you received this in error, please contact the sender and delete the material from any computer.


[meta-security][PATCH] python3-privacyidea: drop old package ref.

Armin Kuster
 

meta-python dropped package via commit:

620689d4efba28bc8dd60e2d82908bfb3531fbd0
python3-backports-functional-lru-cache: remove, not needed for Python 3

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/mfa/python3-privacyidea_3.6.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/mfa/python3-privacyidea_3.6.2.bb b/recipes-security/mfa/python3-privacyidea_3.6.2.bb
index ecfeca6..40f6d15 100644
--- a/recipes-security/mfa/python3-privacyidea_3.6.2.bb
+++ b/recipes-security/mfa/python3-privacyidea_3.6.2.bb
@@ -23,7 +23,7 @@ FILES:${PN} += " ${prefix}/etc/privacyidea/* ${datadir}/lib/privacyidea/*"

RDEPENDS:${PN} += " bash perl freeradius-mysql freeradius-utils"

-RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-backports-functools-lru-cache python3-bcrypt"
+RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-bcrypt"
RDEPENDS:${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet"
RDEPENDS:${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml"
RDEPENDS:${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate"
--
2.25.1

1021 - 1040 of 57417