Date   

Query regarding yocto build

nupur100299@...
 

Hi,

Please find the below error snapshot.

I am trying to integrate OMADM (Open mobile alliance device management) on the top of yocto 3.4.2 (honister) poky. And facing the following issue with bitbake log-wrapper ( one of the APIs I'm trying to integrate).

Please provide assistance to resolve the error.

Thanks and regards,
Nupur


Re: [PATCH v2] bitbake/fetch2: Add a new variable 'BB_FETCH_ENV' to export Fetcher env

Jérôme Carretero
 

Hi Mingrui, Richard,


On Sat, 11 Sep 2021 11:42:44 +0800
"Mingrui Ren" <jiladahe1997@...> wrote:

On 06/09/2021 17:41, Richard Purdie wrote:
[...]
Why is this a problem? You need to state what the problem is
[...]
I think it's a good a feature if we could add custom variables into
fetcher. For example,
we could fetch private code by adding username or password, or we could
adding custom
proxy tools.
I have found myself using a sed one-liner to alter that variable list
in the fetcher code in order to pass through to git the
GIT_CONFIG_GLOBAL environment variable, the goal being to do git URL
rewrites via the git configuration (to pass HTTP credentials, or to use
a local repo because I didn't want to bother keeping obscure VPNs
online); it was the shortest way I could think of to achieve this.
Alternatively I could have used a PATH modification with a host tool
wrapper.
Ideally I would prefer adding a KEY += value line to a site.conf.


Best regards,

--
Jérôme


Re: QA notification for completed autobuilder build (yocto-3.1.15.rc1)

Teoh, Jay Shen
 

Hi all,

Intel and WR YP QA is planning for QA execution for YP build yocto-3.1.15.rc1. We are planning to execute following tests for this cycle:

OEQA-manual tests for following module:
1. OE-Core
2. BSP-hw

Runtime auto test for following platforms:
1. MinnowTurbot 32-bit
2. Coffee Lake
3. NUC 7
4. NUC 6
5. Edgerouter
6. Beaglebone

ETA for completion this Friday, March 18.

Thanks,
Jay

-----Original Message-----
From: yocto@... <yocto@...> On Behalf
Of Richard Purdie
Sent: Tuesday, 15 March, 2022 6:27 AM
To: <yocto@...> <yocto@...>
Cc: qa-build-notification <qa-build-notification@...>
Subject: [yocto] QA notification for completed autobuilder build (yocto-
3.1.15.rc1)

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder
and is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


M+ & H bugs with Milestone Movements WW11

Stephen Jolley
 

All,

YP M+ or high bugs which moved to a new milestone in WW11 are listed below:

Priority

Bug ID

Short Description

Changer

Owner

Was

Became

Medium+

5876

Add a test for the kernel -c menuconfig option

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

6428

Improve the ability to isolate changes that have caused a rebuild

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

11704

Add other resource monitoring options to conf/local.conf STOPTASKS/ABORT

randy.macleod@...

randy.macleod@...

3.5 M3

3.6 M1

 

12368

persistent bitbake server does not re-parse if previous build was ctrl+C'd

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

12723

mysql requires unicode and char length filtering

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

13004

Automate yocto-check-layer -m option

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

13025

WIC image install support

kexin.hao@...

kexin.hao@...

3.5 M3

3.6 M1

 

13103

[Bug][QA 2.7 M1 rc1][Toaster] "Recipes" tableá and á"machines" table are not getting populated after clickingáon imported layer as well as after clicking Machines Tab on project page

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

13123

package.PackageTests.test_gdb_hardlink_debug failed

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

13233

fetch2: try_premirror(): improve on updating repo from mirror

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

13278

If git protocol doesn't work, you get a tar.gz clone from PREMIRROR which has git protocol origin

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

13424

devupstream doesn't work with mutilib

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

13520

many valgrind tests fail for arm64

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

13599

Enhancement: Detect variables that shouldn't be defined in image scope, but in global (distro) scope

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

13669

Move Toaster testsuite-2 away from Testopia

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

13888

Toaster is not starting for Django-3

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

13975

cve-checker: save to alternate file format like JSON

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

14045

git fetcher deadlock with self-referencing sub-modules

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

14085

Toaster UI should know when bitbake crashed

david.reyna@...

david.reyna@...

3.5 M3

3.5 M4

 

14125

busybox wget ssl is exposed to MitM attack due to CVE-2018-1000500

randy.macleod@...

shachar@...

3.5 M3

3.6 M1

 

14156

fetch/gitsm: submodules are fetched as mirrored and not working as expected

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

14196

Add integration to send data to KCIDB

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

14201

Bitbake server intermittent timeout

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14236

npmsw does not support github URLs in the npm-shrinkwrap.json file

randy.macleod@...

unassigned@...

3.5 M3

3.6 M1

 

14263

AB-INT PTEST: lttng-tools ptest intermittent failure

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14290

golang test_go_dep_build accessing network during testing

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14311

AB-INT PTEST: valgrind drd/tests ptest intermittent failure

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14385

mode of sstate files created under pseudo

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

14388

AB-INT PTEST: valgrind failed  helgrind/tests/hg05_race2

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14449

AB-INT PTEST ARM: quilt patch-wrapper ptest intermittent failure

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14464

AB-INT PTEST ARM: glib-2.0 glib/timeout.test failure

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14467

curl timeout while dnf is downloading package

randy.macleod@...

sakib.sajal@...

3.5 M3

3.5 M4

 

14486

qemu rootfs copy is taking too much time

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14522

qemuppc doesn't shutdown within timeout (serial console issues)

randy.macleod@...

sakib.sajal@...

3.5 M3

3.5 M4

 

14538

Recipes shouldn't use "virtual/" in RPROVIDES and RDEPENDS

randy.macleod@...

randy.macleod@...

3.5 M3

3.6 M1

 

14564

parselogs.ParseLogsTest.test_parselogs udev failure

randy.macleod@...

trevor.gamblin@...

3.5 M3

3.5 M4

 

14585

oe-selftest: tinfoil.TinfoilTests.test_wait_event failure

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14596

AB-INT PTEST ARM: strace ptest intermittent failure in strace-T.test

randy.macleod@...

ross@...

3.5 M3

3.5 M4

 

14620

QA error not seen when reusing SSTATE

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

 

14644

Please add per-toolchain CMake toolchain file which does not rely on setting up environment variables

randy.macleod@...

jaskij@...

3.5 M3

3.5 M4

 

14655

AB-INT: SDK preparation failure: SState: cannot test file://[...]

randy.macleod@...

mhalstead@...

3.5 M3

3.5 M4

 

14665

AB-INT: prservice.BitbakePrTests.test_import_export_replace_db failure

randy.macleod@...

richard.purdie@...

3.5 M3

3.5 M4

 

14672

ThreadSanitizer (-fsanitize=thread) segfault before reaching main()

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14677

systemd.SystemdServiceTests.test_systemd_disable_enable intermittent failure: no filesystem space on target

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14678

AB intermittent network connectivity issue while fetching

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14680

intermittent setscene tasks failures

randy.macleod@...

randy.macleod@...

3.5 M3

3.5 M4

 

14688

parselogs.ParseLogsTest.test_parselogs failure because of closed SSH connection

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14694

logrotate.LogrotateTest.test_logrotate_wtmp failure: /var/lib/logrotate.status is already locked

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14706

AB-INT-NET: network failure when fetching repositories

randy.macleod@...

mhalstead@...

3.5 M3

3.5 M4

 

14710

Improve cargo fetcher test cases

randy.macleod@...

randy.macleod@...

3.5 M3

3.6 M1

 

14713

AB-INT-NET: TLS Handshake failure during gotoolchain

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14716

Add additional resolvers to autobuilder workers

randy.macleod@...

mhalstead@...

3.5 M3

3.5 M4

 

14712

build hangs: host make is not collecting its own children, turning them into zombies

randy.macleod@...

unassigned@...

3.5 M3

3.5 M4

 

14721

Intermittent runqueue issue re-running populate_sysroot_setscene after populate_sysroot

richard.purdie@...

richard.purdie@...

3.5 M3

3.5 M4

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Enhancements/Bugs closed WW11!

Stephen Jolley
 

All,

The below were the owners of enhancements or bugs closed during the last week!

Who

Count

pgowda.cve@...

1

richard.purdie@...

1

tim.orling@...

1

alexandre.belloni@...

1

michael.opdenacker@...

1

Grand Total

5

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Current high bug count owners for Yocto Project 3.5

Stephen Jolley
 

All,

Below is the list as of top 44 bug owners as of the end of WW11 of who have open medium or higher bugs and enhancements against YP 3.5.   There are 33 possible work days left until the final release candidates for YP 3.5 needs to be released.

Who

Count

michael.opdenacker@...

35

ross@...

33

david.reyna@...

22

randy.macleod@...

20

sakib.sajal@...

13

tim.orling@...

13

bruce.ashfield@...

11

mhalstead@...

10

richard.purdie@...

10

saul.wold@...

7

trevor.gamblin@...

7

kai.kang@...

6

bluelightning@...

6

hongxu.jia@...

4

JPEWhacker@...

4

chee.yang.lee@...

4

jon.mason@...

3

Qi.Chen@...

3

pokylinux@...

2

mshah@...

2

alejandro@...

2

akuster808@...

2

pgowda.cve@...

1

andrei@...

1

pavel@...

1

open.source@...

1

thomas.perrot@...

1

yi.zhao@...

1

nicolas.dechesne@...

1

raj.khem@...

1

sundeep.kokkonda@...

1

Martin.Jansa@...

1

mostthingsweb@...

1

aehs29@...

1

jay.shen.teoh@...

1

matthewzmd@...

1

TicoTimo@...

1

mingli.yu@...

1

jaskij@...

1

mark.hatle@...

1

martin.beeger@...

1

john.kaldas.enpj@...

1

liezhi.yang@...

1

alexandre.belloni@...

1

Grand Total

241

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


Yocto Project Newcomer & Unassigned Bugs - Help Needed

Stephen Jolley
 

All,

 

The triage team is starting to try and collect up and classify bugs which a newcomer to the project would be able to work on in a way which means people can find them. They're being listed on the triage page under the appropriate heading:

https://wiki.yoctoproject.org/wiki/Bug_Triage#Newcomer_Bugs  Also please review: https://www.openembedded.org/wiki/How_to_submit_a_patch_to_OpenEmbedded and how to create a bugzilla account at: https://bugzilla.yoctoproject.org/createaccount.cgi

The idea is these bugs should be straight forward for a person to help work on who doesn't have deep experience with the project.  If anyone can help, please take ownership of the bug and send patches!  If anyone needs help/advice there are people on irc who can likely do so, or some of the more experienced contributors will likely be happy to help too.

 

Also, the triage team meets weekly and does its best to handle the bugs reported into the Bugzilla. The number of people attending that meeting has fallen, as have the number of people available to help fix bugs. One of the things we hear users report is they don't know how to help. We (the triage team) are therefore going to start reporting out the currently 399 unassigned or newcomer bugs.

 

We're hoping people may be able to spare some time now and again to help out with these.  Bugs are split into two types, "true bugs" where things don't work as they should and "enhancements" which are features we'd want to add to the system.  There are also roughly four different "priority" classes right now,  “3.5, “3.6”, "3.99" and "Future", the more pressing/urgent issues being in "3.5" and then “3.6”.

 

Please review this link and if a bug is something you would be able to help with either take ownership of the bug, or send me (sjolley.yp.pm@...) an e-mail with the bug number you would like and I will assign it to you (please make sure you have a Bugzilla account).  The list is at: https://wiki.yoctoproject.org/wiki/Bug_Triage_Archive#Unassigned_or_Newcomer_Bugs

 

Thanks,

 

Stephen K. Jolley

Yocto Project Program Manager

(    Cell:                (208) 244-4460

* Email:              sjolley.yp.pm@...

 


QA notification for completed autobuilder build (yocto-3.1.15.rc1)

Pokybuild User <pokybuild@...>
 

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder and is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


QA notification for completed autobuilder build (yocto-3.1.15.rc1)

Richard Purdie
 

A build flagged for QA (yocto-3.1.15.rc1) was completed on the autobuilder and
is available at:


/srv/autobuilder/autobuilder.yocto.io/pub/releases/yocto-3.1.15.rc1


Build hash information:

bitbake: d22cc1e587c650fd5f90cda32f5720f8a3105aac
meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c
meta-arm: d21ded082c27959c8d617fd18da60b236d2ec62b
meta-aws: 9979cfa676105cb68cfadfdaeabf044d7c919319
meta-gplv2: 60b251c25ba87e946a0ca4cdc8d17b1cb09292ac
meta-intel: 8781f8352e67814db7a26708437fd0820524d3d8
meta-mingw: 524de686205b5d6736661d4532f5f98fee8589b7
meta-openembedded: 0722ff6f021df91542b5efa1ff5b5f6269f66add
oecore: 8906aa9ec0a80b0f8998fb793f4e9491b3179179
poky: b41d4e46d30ed32e11d68466721a0f4056bad700



This is an automated message from the Yocto Project Autobuilder
Git: git://git.yoctoproject.org/yocto-autobuilder2
Email: richard.purdie@...


Re: configuration fragments

Khem Raj
 

On Mon, Mar 14, 2022 at 12:57 PM Monsees, Steven C (US) via
lists.yoctoproject.org
<steven.monsees=baesystems.com@...> wrote:



Under my aarm64 platform ../recipes-core/images I have a file “aiox-swdebugfs.inc”



Which basically contains:



EXTRAPATHS_prepend := "$(THISDIR}/files:"

LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"

SRC_URI += file://aiox-swdebugfs.cfg



I include this in my aiox-swdebugfs.bb like so: “require aiox-swdebugfs.inc”



It does not appear to apply my configuration fragments…

(CONFIG_SCHED_TRACER, CONFIG_TRACER, etc. for additional perf support)

these are some config files for doing what ? from what it looks like,
this inc file is adding a kernel config fragment
if so then it should be appended too kernel recipe so if
aiox-swdebugfs.bb is kernel recipe then you are doing it
right, but then you might have to look into this kernel recipe and
ensure that it has enabled merging configs feature
from kernel. Otherwise these cfgs wont be processed.


I have the exact same implementation working under my intel platform.



Can someone tell me what I might be doing wrong, or how I can get my configuration fragments to be applied properly ?

Any ideas why it might work properly under one architecture and not on the other ?



Thanks,

Steve




configuration fragments

Monsees, Steven C (US)
 

 

Under my aarm64 platform ../recipes-core/images I have a file “aiox-swdebugfs.inc”

 

Which basically contains:

 

EXTRAPATHS_prepend := "$(THISDIR}/files:"

LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302"

SRC_URI += file://aiox-swdebugfs.cfg

 

I include this in my aiox-swdebugfs.bb like so: “require aiox-swdebugfs.inc”

 

It does not appear to apply my configuration fragments…

(CONFIG_SCHED_TRACER, CONFIG_TRACER, etc. for additional perf support)

 

I have the exact same implementation working under my intel platform.

 

Can someone tell me what I might be doing wrong, or how I can get my configuration fragments to be applied properly ?

Any ideas why it might work properly under one architecture and not on the other ?

 

Thanks,

Steve


[meta-security][dunfell][PATCH] tpm2-tools: backport fix for CVE-2021-3565

Ralph Siemsen
 

tpm2_import: fix fixed AES key CVE-2021-3565

Upstream commit (with offset adjusted)
https://github.com/tpm2-software/tpm2-tools/commit/c069e4f179d5e6653a84fb236816c375dca82515

Signed-off-by: Ralph Siemsen <ralph.siemsen@...>
---
Discussion items:

1) Perhaps dunfell should update 4.1.1 -> 4.1.3 ?
There appear to be only two small fixes
https://github.com/tpm2-software/tpm2-tools/blob/4.1.X/CHANGELOG.md
https://github.com/tpm2-software/tpm2-tools/commits/4.1.X
We still need this backport regardless.

2) hardknott and honister are on 5.0
According to CVE configuration data, this version is not affected.
But looking at the branch history suggests otherwise.
The patch applies cleanly on top of 5.0.
Should we backport? Or never mind as these branches are almost EOL?

3) master/kirkstone is on 5.2 which includes the fix already,
no action needed for this one.

...port-fix-fixed-AES-key-CVE-2021-3565.patch | 43 +++++++++++++++++++
.../tpm2-tools/tpm2-tools_4.1.1.bb | 3 ++
2 files changed, 46 insertions(+)
create mode 100644 meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch

diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
new file mode 100644
index 0000000..4fceb2e
--- /dev/null
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools/0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch
@@ -0,0 +1,43 @@
+From 784be35c52a7083b9535bad2fcca416ff9cfd26b Mon Sep 17 00:00:00 2001
+From: William Roberts <william.c.roberts@...>
+Date: Fri, 21 May 2021 12:22:31 -0500
+Subject: [PATCH] tpm2_import: fix fixed AES key CVE-2021-3565
+
+tpm2_import used a fixed AES key for the inner wrapper, which means that
+a MITM attack would be able to unwrap the imported key. Even the
+use of an encrypted session will not prevent this. The TPM only
+encrypts the first parameter which is the fixed symmetric key.
+
+To fix this, ensure the key size is 16 bytes or bigger and use
+OpenSSL to generate a secure random AES key.
+
+Fixes: #2738
+
+Signed-off-by: William Roberts <william.c.roberts@...>
+---
+ tools/tpm2_import.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/tools/tpm2_import.c b/tools/tpm2_import.c
+index 6404cac..acd8ac8 100644
+--- a/tools/tpm2_import.c
++++ b/tools/tpm2_import.c
+@@ -146,7 +146,17 @@ static tool_rc key_import(ESYS_CONTEXT *ectx, TPM2B_PUBLIC *parent_pub,
+ TPM2B_DATA enc_sensitive_key = {
+ .size = parent_pub->publicArea.parameters.rsaDetail.symmetric.keyBits.sym / 8
+ };
+- memset(enc_sensitive_key.buffer, 0xFF, enc_sensitive_key.size);
++
++ if(enc_sensitive_key.size < 16) {
++ LOG_ERR("Calculated wrapping keysize is less than 16 bytes, got: %u", enc_sensitive_key.size);
++ return tool_rc_general_error;
++ }
++
++ int ossl_rc = RAND_bytes(enc_sensitive_key.buffer, enc_sensitive_key.size);
++ if (ossl_rc != 1) {
++ LOG_ERR("RAND_bytes failed: %s", ERR_error_string(ERR_get_error(), NULL));
++ return tool_rc_general_error;
++ }
+
+ /*
+ * Calculate the object name.
diff --git a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
index e90dcfe..f013fa1 100644
--- a/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
+++ b/meta-tpm/recipes-tpm2/tpm2-tools/tpm2-tools_4.1.1.bb
@@ -6,7 +6,10 @@ SECTION = "tpm"

DEPENDS = "tpm2-abrmd tpm2-tss openssl curl autoconf-archive"

+FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
+
SRC_URI = "https://github.com/tpm2-software/${BPN}/releases/download/${PV}/${BPN}-${PV}.tar.gz"
+SRC_URI += "file://0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565.patch"

SRC_URI[md5sum] = "701ae9e8c8cbdd37d89c8ad774f55395"
SRC_URI[sha256sum] = "40b9263d8b949bd2bc03a3cd60fa242e27116727467f9bbdd0b5f2539a25a7b1"
--
2.25.1


[meta-zephyr][PATCH 1/1] python3-pyelftools: Drop recipe in favour of oe-core

Andrei Gherzan
 

From: Andrei Gherzan <andrei.gherzan@...>

All the LAYERSERIES_COMPAT versions provide this recipe in oe-core.
Also, west seems to only depend on 0,26 which is provided even in
dunfell.

Signed-off-by: Andrei Gherzan <andrei.gherzan@...>
---
.../python/python3-pyelftools_0.27.bb | 14 --------------
1 file changed, 14 deletions(-)
delete mode 100644 meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb

diff --git a/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb b/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb
deleted file mode 100644
index 1405fc5..0000000
--- a/meta-zephyr-core/recipes-devtools/python/python3-pyelftools_0.27.bb
+++ /dev/null
@@ -1,14 +0,0 @@
-# SPDX-FileCopyrightText: Huawei Inc.
-# SPDX-License-Identifier: Apache-2.0
-
-SUMMARY = "Python pyelftools"
-HOMEPAGE = "https://pypi.org/project/pyelftools"
-LICENSE = "MIT"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=5ce2a2b07fca326bc7c146d10105ccfc"
-
-inherit pypi setuptools3
-
-PYPI_PACKAGE = "pyelftools"
-SRC_URI[md5sum] = "061d67c669a9b1f8d07f28c47fb6a65f"
-SRC_URI[sha256sum] = "cde854e662774c5457d688ca41615f6594187ba7067af101232df889a6b7a66b"
-BBCLASSEXTEND = "native nativesdk"
--
2.25.1


Re: [meta-security][PATCH] Subject: [PATCH] Subject: python3-fail2ban: switch to legacy setuptools3

Armin Kuster
 

On 3/9/22 23:58, Ashish Sharma wrote:
raise InvalidWheelFilename(f"{filename} is not a valid wheel filename.")
pip._internal.exceptions.InvalidWheelFilename: fail2ban-*-*.whl is not a valid wheel filename.
Removed build tracker: '/tmp/pip-req-tracker-qnepnk46'

ERROR: Failed to pip install wheel. Check the logs.
Thanks. I took this over the two odd ones I had in master-next.

merged.

-armin



Signed-off-by: Ashish Sharma <asharma@...>
---
recipes-security/fail2ban/python3-fail2ban_0.11.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
index f6394cc..29a4ad2 100644
--- a/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
+++ b/recipes-security/fail2ban/python3-fail2ban_0.11.2.bb
@@ -15,7 +15,7 @@ SRC_URI = " git://github.com/fail2ban/fail2ban.git;branch=0.11;protocol=https \
file://run-ptest \
"
-inherit update-rc.d ptest setuptools3
+inherit update-rc.d ptest setuptools3_legacy
S = "${WORKDIR}/git"


Re: suricata: enable lua support

Armin Kuster
 

On 3/8/22 11:15, Gary Huband wrote:
The problems is that the configure.ac file is hard coded for lua5.1.  See

https://forum.suricata.io/t/lua-5-4-3-and-suricata-undefined-reference-error/1906/5

I created a patch to change configure.ac to use lua5.3 (I'm using Zeus).
Did you save that patch in the suricata/files dir and then append SRC_URI with "file://{patch name}" ?

But when I "bitbake suricata" I'm getting the same error because it's not updating the configure file.  Do I also have to fix the configure file or is there some way I can force a autoreconf?
When I try building this on master, I have to use luajit as it provides shared libraries and lua does not. The symbol 'rs_dns_lua_get_rrname' and others are not found. i don't see them in the latest lua nor luajit repos so I don't know why they are being referenced.

The version I am building is 6.0.4 which uses Rust so I don't know what would take to fix zeus.

- armin

Thanks

Gary
------------------------------------------------------------------------
*From:* Khem Raj <raj.khem@...>
*Sent:* Saturday, March 5, 2022 2:55 AM
*To:* Gary Huband <Gary@...>
*Cc:* akuster808 <akuster808@...>; yocto@... <yocto@...>
*Subject:* Re: [yocto] suricata: enable lua support


On Fri, Mar 4, 2022 at 6:23 PM Gary Huband via lists.yoctoproject.org <https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.yoctoproject.org%2F&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637801952624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Flf1GviaQggt7vNDuC46swBvjTl1%2FJoaw4sVQ6RRDW4%3D&reserved=0> <gary=missionsecure.com@...> wrote:

The Suricata install site also says to install

liblua5.1-dev

Does this mean that Suricata needs lua 5.1 (which is very old)??
For Zeus the lua recipe is 5.3.5.

Do I need to create a recipe for lua 5.1?


seems so, lua5.1 is not ABI compatible with newer Lua, so if an app needs this version then
you will have to add it, perhaps see if you can just use internal version or something like that


Gary
------------------------------------------------------------------------
*From:* akuster808 <akuster808@...>
*Sent:* Friday, March 4, 2022 7:52 PM
*To:* Gary Huband <Gary@...>;
yocto@... <yocto@...>
*Subject:* Re: [yocto] suricata: enable lua support


On 3/4/22 15:02, Gary Huband via lists.yoctoproject.org
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.yoctoproject.org%2F&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637801952624%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=Flf1GviaQggt7vNDuC46swBvjTl1%2FJoaw4sVQ6RRDW4%3D&reserved=0>
wrote:
>
> Adding DEPENDS += "lua"  fixed that error. I'm assuming that allows
> the configure to find lua.
>
> Now I'm getting a compile error
>

I added this to the recipe and it appears the liblua it  is
looking for
does not exist.

PACKAGECONFIG[lua] = "--enable-lua
--with-liblua-includes=${STAGING_INCDIR}
--with-liblua-libraries==${STAGING_LIBDIR}, --disable-lua,lua, lua"

Error:

checking for luaL_openlibs in -llua5.1... no
|
|    ERROR!  liblua library not found, go get it
|    from
https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flua.org%2Findex.html&;data=04%7C01%7Cgary%40missionsecure.com%7C7f9815dcc0c142b6d92d08d9fe4262cb%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820383359878260%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=FdB7jyQwXX%2BVjjhLSDhKNSt41GUOgdg%2FG3ajSKIElo0%3D&amp;reserved=0
<https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Flua.org%2Findex.html&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=IIiVAzlCWInZxopdvMsLgkyuDmB5YSRF%2Fa%2FCsQAl7r0%3D&reserved=0>
or your distribution:
|
|    Ubuntu: apt-get install liblua5.1-dev


It may be  the lua recipe.  I only see the static lib 'liblua.a'

-armin

> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetTxid':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:80:

> undefined reference to `rs_dns_lua_get_tx_id'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetAnswerTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:125:

> undefined reference to `rs_dns_lua_get_answer_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetAuthorityTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:133:

> undefined reference to `rs_dns_lua_get_authority_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetQueryTable':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:117:

> undefined reference to `rs_dns_lua_get_query_table'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetDnsRrname':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:69:

> undefined reference to `rs_dns_lua_get_rrname'
> |
>
/tmp/work/cortexa7t2hf-neon-poky-linux-gnueabi/suricata/6.0.3-r0/recipe-sysroot-native/usr/bin/arm-poky-linux-gnueabi/../../libexec/arm-poky-linux-gnueabi/gcc/arm-poky-linux-gnueabi/9.2.0/ld:
> util-lua-dns.o: in function `DnsGetRcode':
> |
>
/usr/src/debug/suricata/6.0.3-r0/suricata-6.0.3/src/util-lua-dns.c:92:

> undefined reference to `rs_dns_lua_get_rcode'
> | collect2: error: ld returned 1 exit status
> | Makefile:2118: recipe for target 'suricata' failed
> | make[2]: *** [suricata] Error 1
>
>
>
>


*Gary Huband*
/Sr. Software and Systems Engineer/

Office: 434.284.8071 x720
Direct: 434.260.4995
Gary@...

*Follow Us!*
LinkedIn
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.linkedin.com%2Fcompany%2Fmission-secure-inc-&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=OG%2F50BtrZR9AjIfTtJTuropOzChcINERZyhRWyWyLGA%3D&reserved=0>  |
Blog
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.missionsecure.com%2Fblog%3Futm_source%3Demail-signature%26utm_medium%3Demail%26utm_campaign%3Dblog-email-sig&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pv1FQe%2F9E0oVWISZeGtO3DCs9jWOOyXFsH1kDtruQh4%3D&reserved=0>  |
Website
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.missionsecure.com%2F%3Futm_source%3Demail-signature%26utm_medium%3Demail%26utm_campaign%3Dweb-email-sig&data=04%7C01%7Cgary%40missionsecure.com%7Cfdd7bb729dab4632afa508d9fe7da05d%7Cf0ca9611f13f4dc98e1b119172b8ec5d%7C0%7C1%7C637820637802108939%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9wovY4656fj9McZWqGJH3ZOerurcU2Mvsgdsfd%2FNU7M%3D&reserved=0>


: : : : : : : : : : : : : : : : : : : : : : : : : : :

MSi

This email and any files transmitted with it are confidential and
proprietary and intended solely for the use of the individual or
entity to whom they are addressed. Any dissemination, distribution
or copying of this communication is strictly prohibited without
our prior permission. If you received this in error, please
contact the sender and delete the material from any computer.




*Gary Huband*
/Sr. Software and Systems Engineer/

Office: 434.284.8071 x720
Direct: 434.260.4995
Gary@...

*Follow Us!*
LinkedIn <https://www.linkedin.com/company/mission-secure-inc->  | Blog <https://www.missionsecure.com/blog?utm_source=email-signature&utm_medium=email&utm_campaign=blog-email-sig>  | Website <https://www.missionsecure.com/?utm_source=email-signature&utm_medium=email&utm_campaign=web-email-sig>

: : : : : : : : : : : : : : : : : : : : : : : : : : :

MSi

This email and any files transmitted with it are confidential and proprietary and intended solely for the use of the individual or entity to whom they are addressed. Any dissemination, distribution or copying of this communication is strictly prohibited without our prior permission. If you received this in error, please contact the sender and delete the material from any computer.


[meta-security][PATCH] python3-privacyidea: drop old package ref.

Armin Kuster
 

meta-python dropped package via commit:

620689d4efba28bc8dd60e2d82908bfb3531fbd0
python3-backports-functional-lru-cache: remove, not needed for Python 3

Signed-off-by: Armin Kuster <akuster808@...>
---
recipes-security/mfa/python3-privacyidea_3.6.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/recipes-security/mfa/python3-privacyidea_3.6.2.bb b/recipes-security/mfa/python3-privacyidea_3.6.2.bb
index ecfeca6..40f6d15 100644
--- a/recipes-security/mfa/python3-privacyidea_3.6.2.bb
+++ b/recipes-security/mfa/python3-privacyidea_3.6.2.bb
@@ -23,7 +23,7 @@ FILES:${PN} += " ${prefix}/etc/privacyidea/* ${datadir}/lib/privacyidea/*"

RDEPENDS:${PN} += " bash perl freeradius-mysql freeradius-utils"

-RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-backports-functools-lru-cache python3-bcrypt"
+RDEPENDS:${PN} += "python3 python3-alembic python3-babel python3-bcrypt"
RDEPENDS:${PN} += "python3-beautifulsoup4 python3-cbor2 python3-certifi python3-cffi python3-chardet"
RDEPENDS:${PN} += "python3-click python3-configobj python3-croniter python3-cryptography python3-defusedxml"
RDEPENDS:${PN} += "python3-ecdsa python3-flask python3-flask-babel python3-flask-migrate"
--
2.25.1


[ANNOUNCEMENT] Milestone 3 for Yocto Project 3.5 (yocto-3.5_M3) Now Available

Lee Chee Yang
 

Hello,

We are pleased to announce the third milestone release for Yocto Project 3.5 (yocto-3.5_M3) is now available for download.

 

Download:

 

http://downloads.yoctoproject.org/releases/yocto/milestones/yocto-3.5_M3

 

bitbake: 8055ec360507e6a678ee5c4018ec1ab7f5a9cce5

meta-agl: 9df7a40dd0b5e3ee1ed72e460dc99193eeb4bd6c

meta-arm: 643cf58a6988505dbd9243142496a3bc649efb1c

meta-aws: 214a5867b3b0d9ba54818aabb1711eadf4ba9eb3

meta-gplv2: 5c9f033892ae56c178616859a1245efd375e64bd

meta-intel: 6fba58adb3823cd7578062b0afa4938dd7206adb

meta-mingw: d49e803e4b8b62dc148c182af499e582e7684de4

meta-openembedded: a75b9a549563e09fca9a8c280f5731152913b651

oecore: 4caea2d32f177fbbe3887f37b6700b2b4996b2be

poky: afbdba9b12bc12638d82813d1cd31ec479971c4b

 

Full Test Report:

 

http://downloads.yoctoproject.org/releases/yocto/milestones/yocto-3.5_M3/testreport.txt

 

Thank you.

 

Lee Chee Yang

chee.yang.lee@...

Yocto Project Build and Release


Re: Honister on Ubuntu 14.04

jussi.vanska@...
 

Building anything recent is probably not going to work as there are lots of breaking changes in Python. You need at least python 3.6 to build Honister. It took me about a month to get Hardknott to build on top of Rocko host. I would say it is more or less a no-go to cross the 3.0 Yocto boundary. Rocko is roughly equivalent to 16.04LTS distro.


Re: nspr-native does not build on Debian bullseye for x86_64 target?

Matthias Klein
 

Yes, with maste-next the problem is gone.

Thanks!


-----Ursprüngliche Nachricht-----
Von: Khem Raj <raj.khem@...>
Gesendet: Freitag, 11. März 2022 08:28
An: Matthias Klein <matthias.klein@...>
Cc: yocto@...
Betreff: Re: [yocto] nspr-native does not build on Debian bullseye for x86_64 target?

Thanks Matthias

There is a patch staged in master-next to fix this. Can you try master-next meanwhile

On Thu, Mar 10, 2022 at 10:51 PM Matthias Klein <matthias.klein@...> wrote:

Hello,

Has anyone had the same problem with the master branch since today?

For me the build aborts as follows:

/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlopen'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlclose'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlerror'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlsym'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dladdr'

Best regards,
Matthias




Re: nspr-native does not build on Debian bullseye for x86_64 target?

Khem Raj
 

Thanks Matthias

There is a patch staged in master-next to fix this. Can you try
master-next meanwhile

On Thu, Mar 10, 2022 at 10:51 PM Matthias Klein
<matthias.klein@...> wrote:

Hello,

Has anyone had the same problem with the master branch since today?

For me the build aborts as follows:

/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlopen'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlclose'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlerror'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dlsym'
/home/mak/yocto-ocean/build/tmp/hosttools/ld: ../../dist/lib/libnspr4.so: undefined reference to `dladdr'

Best regards,
Matthias



1421 - 1440 of 57813