Date   

[meta-oe][PATCH] toybox-inittab: Use 0BSD for LIC_FILES_CHKSUM

Khem Raj
 

BSD-0-Clause has been deleted from common licenses

Signed-off-by: Khem Raj <raj.khem@...>
Cc: Peter Kjellerstedt <peter.kjellerstedt@...>
---
meta-oe/recipes-core/toybox/toybox-inittab_0.8.2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-core/toybox/toybox-inittab_0.8.2.bb b/meta-oe/recipes-core/toybox/toybox-inittab_0.8.2.bb
index b91a1d864e..21d4dcc19f 100644
--- a/meta-oe/recipes-core/toybox/toybox-inittab_0.8.2.bb
+++ b/meta-oe/recipes-core/toybox/toybox-inittab_0.8.2.bb
@@ -1,6 +1,6 @@
SUMMARY = "Toybox Inittab Configuration"
LICENSE = "BSD-0-Clause"
-LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/BSD-0-Clause;md5=81eeb0083e31f11ab1e33ded846d521c"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/files/common-licenses/0BSD;md5=f667a3c3830a55a17ec3067709f4526c"

# Unpack to ${S}/orig
#
--
2.33.0


Re: Regarding Python 3.9 to yocto .2.2

Khem Raj
 

On Sat, Sep 4, 2021 at 3:42 AM manjunatha srinivasan
<manjunathan.n@...> wrote:

Hi
I want to back port python 3.9.5 (python3_3.9.5.bb) from hardknott yocto 3.3 to my build environment morty (yocto 2.2). I don’t have any other option for upgrading my yocto version from morty (yocto 2.2) to the latest. Please let me know, how big is my porting effort?
What are key points/steps I need to look for while porting?
The yocto versions are quite far so it wont be a trivial port. I would
suggest to take hardknott version so you can avoid override changes
and then do the needed to get it going on 2.2


Thanks
Manjunatha Srinivasan N





Re: [meta-python][PATCH 2/3] python3-kivy: Check for x11 and opengl before enabling the recipe

Khem Raj
 

On Sat, Sep 4, 2021 at 10:45 AM Khem Raj <raj.khem@...> wrote:

Fixes

ERROR: Nothing PROVIDES 'libsdl2-ttf' (but meta-openembedded/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb DEPENDS on or otherwise requires it)
libsdl2-ttf was skipped: missing required distro feature 'opengl' (not in DISTRO_FEATURES)
ERROR: Nothing RPROVIDES 'python3-kivy-dev' (but meta-openembedded/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'python3-kivy-dev'
NOTE: Runtime target 'python3-kivy-dev' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['python3-kivy-dev']
ERROR: Nothing RPROVIDES 'python3-kivy' (but meta-openembedded/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'python3-kivy'
NOTE: Runtime target 'python3-kivy' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['python3-kivy']

Signed-off-by: Khem Raj <raj.khem@...>
Cc: Martin Jansa <Martin.Jansa@...>
Cc: William Huang <whuang8933@...>
---
meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb b/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
index 63c2ae7334..29a050a891 100644
--- a/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
+++ b/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://kivy.org/"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=f0c851d60495c7e27225a819e179208a"

-inherit setuptools3
+inherit setuptools3 pkgconfig distro_features_check
this should be using features_check I have fixed it before staging
into master-next


SRC_URI = "\
git://github.com/kivy/kivy.git;protocol=git;\
@@ -42,6 +42,8 @@ export KIVY_GRAPHICS
KIVY_CROSS_SYSROOT="${RECIPE_SYSROOT}"
export KIVY_CROSS_SYSROOT

+REQUIRED_DISTRO_FEATURES += "x11 opengl"
+
DEPENDS += " \
gstreamer1.0 \
gstreamer1.0-python \
--
2.33.0


[meta-python][PATCH 3/3] packagegroup-meta-python: Add python3-kivy

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@...>
---
.../recipes-core/packagegroups/packagegroup-meta-python.bb | 1 +
1 file changed, 1 insertion(+)

diff --git a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb
index b5a2f5d7d9..2d51b4e1a3 100644
--- a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb
+++ b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb
@@ -210,6 +210,7 @@ RDEPENDS:packagegroup-meta-python3 = "\
python3-kconfiglib \
python3-keras-applications \
python3-keras-preprocessing \
+ ${@bb.utils.contains("DISTRO_FEATURES", "x11 opengl", "python3-kivy", "", d)} \
python3-kiwisolver \
python3-langtable \
python3-lazy-object-proxy \
--
2.33.0


[meta-python][PATCH 2/3] python3-kivy: Check for x11 and opengl before enabling the recipe

Khem Raj
 

Fixes

ERROR: Nothing PROVIDES 'libsdl2-ttf' (but meta-openembedded/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb DEPENDS on or otherwise requires it)
libsdl2-ttf was skipped: missing required distro feature 'opengl' (not in DISTRO_FEATURES)
ERROR: Nothing RPROVIDES 'python3-kivy-dev' (but meta-openembedded/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'python3-kivy-dev'
NOTE: Runtime target 'python3-kivy-dev' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['python3-kivy-dev']
ERROR: Nothing RPROVIDES 'python3-kivy' (but meta-openembedded/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'python3-kivy'
NOTE: Runtime target 'python3-kivy' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['python3-kivy']

Signed-off-by: Khem Raj <raj.khem@...>
Cc: Martin Jansa <Martin.Jansa@...>
Cc: William Huang <whuang8933@...>
---
meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb b/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
index 63c2ae7334..29a050a891 100644
--- a/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
+++ b/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
@@ -4,7 +4,7 @@ HOMEPAGE = "https://kivy.org/"
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=f0c851d60495c7e27225a819e179208a"

-inherit setuptools3
+inherit setuptools3 pkgconfig distro_features_check

SRC_URI = "\
git://github.com/kivy/kivy.git;protocol=git;\
@@ -42,6 +42,8 @@ export KIVY_GRAPHICS
KIVY_CROSS_SYSROOT="${RECIPE_SYSROOT}"
export KIVY_CROSS_SYSROOT

+REQUIRED_DISTRO_FEATURES += "x11 opengl"
+
DEPENDS += " \
gstreamer1.0 \
gstreamer1.0-python \
--
2.33.0


[meta-python][PATCH 1/3] python3-kivy: Remove hardcoded include paths

Khem Raj
 

Use RECIPE_SYSROOT instead of synthesizing the sysroot

Signed-off-by: Khem Raj <raj.khem@...>
Cc: William Huang <whuang8933@...>
---
.../0001-add-support-for-glesv2.patch | 20 ++++++++++++++++---
.../python/python3-kivy_2.0.0.bb | 2 +-
2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/meta-python/recipes-devtools/python/python3-kivy/0001-add-support-for-glesv2.patch b/meta-python/recipes-devtools/python/python3-kivy/0001-add-support-for-glesv2.patch
index e50c7e7e24..bb236b4195 100644
--- a/meta-python/recipes-devtools/python/python3-kivy/0001-add-support-for-glesv2.patch
+++ b/meta-python/recipes-devtools/python/python3-kivy/0001-add-support-for-glesv2.patch
@@ -1,8 +1,6 @@
-diff --git a/setup.py b/setup.py
-index 9a507c6c4..3f5b70866 100644
--- a/setup.py
+++ b/setup.py
-@@ -680,7 +680,18 @@ def determine_gl_flags():
+@@ -695,7 +695,18 @@ def determine_gl_flags():
c_options['use_x11'] = True
c_options['use_egl'] = True
else:
@@ -22,3 +20,19 @@ index 9a507c6c4..3f5b70866 100644
return flags, base_flags


+@@ -723,14 +734,13 @@ def determine_sdl2():
+ sdl_inc = join(include, 'SDL2')
+ if isdir(sdl_inc):
+ sdl2_paths.append(sdl_inc)
+- sdl2_paths.extend(['/usr/local/include/SDL2', '/usr/include/SDL2'])
+
+ flags['include_dirs'] = sdl2_paths
+ flags['extra_link_args'] = []
+ flags['extra_compile_args'] = []
+ flags['library_dirs'] = (
+ sdl2_paths if sdl2_paths else
+- ['/usr/local/lib/'])
++ [''])
+
+ if sdl2_flags:
+ flags = merge(flags, sdl2_flags)
diff --git a/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb b/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
index 3f6bafda81..63c2ae7334 100644
--- a/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
+++ b/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
@@ -39,7 +39,7 @@ export USE_X11
KIVY_GRAPHICS = "gles"
export KIVY_GRAPHICS

-KIVY_CROSS_SYSROOT="${WORKDIR}/recipe-sysroot"
+KIVY_CROSS_SYSROOT="${RECIPE_SYSROOT}"
export KIVY_CROSS_SYSROOT

DEPENDS += " \
--
2.33.0


[meta-oe][hardknott][PATCH

Armin Kuster
 

From: Gianfranco <costamagna.gianfranco@...>

- add an upstream proposed patch 317.patch to fix a build failure with enab=
led systemd binding

Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@...>
Signed-off-by: Gianfranco Costamagna <locutusofborg@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit 01fa60898c2fe65f327bea2f84aaca00aef3f371)
[Stable version, bug fix only]
Signed-off-by: Scott Murray <scott.murray@...>
Signed-off-by: Armin Kuster <akuster808@...>
---
.../dlt-daemon/dlt-daemon/317.patch | 43 +++++++++++++++++++
...-daemon_2.18.6.bb =3D> dlt-daemon_2.18.7.bb} | 7 +--
2 files changed, 47 insertions(+), 3 deletions(-)
create mode 100644 meta-oe/recipes-extended/dlt-daemon/dlt-daemon/317.patch
rename meta-oe/recipes-extended/dlt-daemon/{dlt-daemon_2.18.6.bb =3D> dlt-=
daemon_2.18.7.bb} (93%)

diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/317.patch b/met=
a-oe/recipes-extended/dlt-daemon/dlt-daemon/317.patch
new file mode 100644
index 0000000000..fe40334b65
--- /dev/null
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon/317.patch
@@ -0,0 +1,43 @@
+Origin: https://github.com/GENIVI/dlt-daemon/pull/317
+From 55d31216823841a1547fe261cdf8e3b1002d5f94 Mon Sep 17 00:00:00 2001
+From: Gianfranco Costamagna <costamagnagianfranco@...>
+Date: Thu, 1 Jul 2021 12:58:20 +0200
+Subject: [PATCH] dlt-control-common.c: Fix build failure due to out-of-bou=
nd
+ write -Werror=3Dstringop-truncation
+
+cd /build/dlt-daemon-2.18.7/obj-x86_64-linux-gnu/src/console/logstorage &&=
/usr/bin/cc -DCONFIGURATION_FILES_DIR=3D\"/etc\" -DDLT_DAEMON_USE_FIFO_IPC=
-DDLT_LIB_USE_FIFO_IPC -DDLT_NETWORK_TRACE_ENABLE -DDLT_SYSTEMD_ENABLE -DD=
LT_SYSTEMD_JOURNAL_ENABLE -DDLT_UNIT_TESTS -DDLT_USER_IPC_PATH=3D\"/tmp\" -=
DDLT_USE_IPv6 -DEXTENDED_FILTERING -D_GNU_SOURCE -I/build/dlt-daemon-2.18.7=
-I/build/dlt-daemon-2.18.7/obj-x86_64-linux-gnu/include/dlt -I/build/dlt-d=
aemon-2.18.7/include/dlt -I/build/dlt-daemon-2.18.7/src/shared -I/build/dlt=
-daemon-2.18.7/src/core_dump_handler -I/build/dlt-daemon-2.18.7/src/offline=
logstorage -I/build/dlt-daemon-2.18.7/src/lib -I/build/dlt-daemon-2.18.7/sr=
c/daemon -I/build/dlt-daemon-2.18.7/src/console -I/build/dlt-daemon-2.18.7/=
src/gateway -I/build/dlt-daemon-2.18.7/systemd/3rdparty -g -O2 -ffile-prefi=
x-map=3D/build/dlt-daemon-2.18.7=3D. -fstack-protector-strong -Wformat -Wer=
ror=3Dformat-security -Wdate-time -D_FORTIFY_SOURCE=3D2 -Werror -std=3Dgn=
u99 -Wall -Wextra -Wno-variadic-macros -Wno-strict-aliasing -o CMakeFiles/d=
lt-logstorage-ctrl.dir/__/dlt-control-common.c.o -c /build/dlt-daemon-2.18.=
7/src/console/dlt-control-common.c
+make[3]: Leaving directory '/build/dlt-daemon-2.18.7/obj-x86_64-linux-gnu'
+In file included from /usr/include/string.h:495,
+ from /build/dlt-daemon-2.18.7/src/console/dlt-control-com=
mon.c:56:
+In function 'strncpy',
+ inlined from 'dlt_json_filter_load' at /build/dlt-daemon-2.18.7/src/co=
nsole/dlt-control-common.c:716:13:
+/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: '__bu=
iltin_strncpy' specified bound 4 equals destination size [-Werror=3Dstringo=
p-truncation]
+ 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__d=
est));
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=
~~~~~
+In function 'strncpy',
+ inlined from 'dlt_json_filter_load' at /build/dlt-daemon-2.18.7/src/co=
nsole/dlt-control-common.c:721:13:
+/usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error: '__bu=
iltin_strncpy' specified bound 4 equals destination size [-Werror=3Dstringo=
p-truncation]
+ 106 | return __builtin___strncpy_chk (__dest, __src, __len, __bos (__d=
est));
+ | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=
~~~~~
+
+Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@...>
+Signed-off-by: Gianfranco Costamagna <locutusofborg@...>
+---
+ src/console/dlt-control-common.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/console/dlt-control-common.c b/src/console/dlt-control-co=
mmon.c
+index 8a9d29f0..f58d8268 100644
+--- a/src/console/dlt-control-common.c
++++ b/src/console/dlt-control-common.c
+@@ -671,8 +671,8 @@ DltReturnValue dlt_json_filter_load(DltFilter *filter,=
const char *filename, int
+ struct json_object *j_payload_max;
+ enum json_tokener_error jerr;
+=20
+- char app_id[DLT_ID_SIZE] =3D "";
+- char context_id[DLT_ID_SIZE] =3D "";
++ char app_id[DLT_ID_SIZE + 1] =3D "";
++ char context_id[DLT_ID_SIZE + 1] =3D "";
+ int32_t log_level =3D 0;
+ int32_t payload_max =3D INT32_MAX;
+ int32_t payload_min =3D 0;
diff --git a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.6.bb b/met=
a-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb
similarity index 93%
rename from meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.6.bb
rename to meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb
index b3cfb4709f..a16e810be6 100644
--- a/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.6.bb
+++ b/meta-oe/recipes-extended/dlt-daemon/dlt-daemon_2.18.7.bb
@@ -12,13 +12,14 @@ SECTION =3D "console/utils"
LICENSE =3D "MPLv2"
LIC_FILES_CHKSUM =3D "file://LICENSE;md5=3D8184208060df880fe3137b93eb88aee=
a"
=20
-DEPENDS =3D "zlib gzip-native"
+DEPENDS =3D "zlib gzip-native json-c"
=20
SRC_URI =3D "git://github.com/GENIVI/${BPN}.git;protocol=3Dhttps \
file://0002-Don-t-execute-processes-as-a-specific-user.patch \
file://0004-Modify-systemd-config-directory.patch \
+ file://317.patch \
"
-SRCREV =3D "22715aeceaa81ace2c832312529bde3a42d0814f"
+SRCREV =3D "24d197214bfdcec7430d31b42e5c87df27287aaf"
=20
S =3D "${WORKDIR}/git"
=20
@@ -44,7 +45,7 @@ PACKAGECONFIG[dlt-console] =3D "-DWITH_DLT_CONSOLE=3DON,-=
DWITH_DLT_CONSOLE=3DOFF,,dlt-
=20
inherit autotools gettext cmake systemd
=20
-EXTRA_OECMAKE +=3D "-DSYSTEMD_UNITDIR=3D${systemd_system_unitdir}"
+EXTRA_OECMAKE +=3D "-DWITH_EXTENDED_FILTERING=3DON -DSYSTEMD_UNITDIR=3D${s=
ystemd_system_unitdir}"
=20
PACKAGES +=3D "${PN}-systemd"
SYSTEMD_PACKAGES =3D "${PN} ${PN}-systemd"
--=20
2.25.1


Regarding Python 3.9 to yocto .2.2

manjunatha srinivasan <manjunathan.n@...>
 

Hi
I want to back port python 3.9.5 (python3_3.9.5.bb) from hardknott yocto 3.3 to my build environment morty (yocto 2.2). I don’t have any other option for upgrading my yocto version from morty (yocto 2.2) to the latest. Please let me know, how big is my porting effort?
What are key points/steps I need to look for while porting?

Thanks
Manjunatha Srinivasan N



Re: [meta-python][RFC] python3-kivy

Martin Jansa
 

The recipe should have x11 and opengl in REQUIRED_DISTRO_FEATURES as it depends on libsdl2-ttf with such restriction:
https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=c9a07b63e3268e4b8d04c6917d8cd131e019e65c

Now world builds without opengl fail with:
ERROR: Nothing PROVIDES 'libsdl2-ttf' (but meta-openembedded/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb DEPENDS on or otherwise requires it)
libsdl2-ttf was skipped: missing required distro feature 'opengl' (not in DISTRO_FEATURES)
ERROR: Nothing RPROVIDES 'python3-kivy-dev' (but meta-openembedded/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'python3-kivy-dev'
NOTE: Runtime target 'python3-kivy-dev' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['python3-kivy-dev']
ERROR: Nothing RPROVIDES 'python3-kivy' (but meta-openembedded/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb RDEPENDS on or otherwise requires it)
No eligible RPROVIDERs exist for 'python3-kivy'
NOTE: Runtime target 'python3-kivy' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['python3-kivy']

I can send a patch for this (and similar restriction in packagegroup in master-next https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=55a8f21bb495c3f7ec726faade6bf61baea7dff0) on Monday unless someone else beats me to it.


On Thu, Aug 26, 2021 at 7:17 PM Khem Raj <raj.khem@...> wrote:


On 8/25/21 8:04 PM, William Huang wrote:
> Hello,
> I would like to request for comments on a Kivy recipe. Not sure how I
> should include the recipe but I added it as an attachment for now. I've
> also included a recipe that installs example programs into
> /usr/share/kivy-examples/examples.
>
> I managed to get it running on a Rockchip rk3399 in a X environment, as
> well as on a imx8 in a Wayland environment, although I did need to
> reconfigure libsdl2 to use GLES libraries and remove X11 package in the
> case of the imx8.
>
> Any feedback would be great! Not sure if the recipe would be good enough
> to be included in the meta-python layer as well.
>

These looks ok on quick look. You could perhaps merge them into a single
recipe and use PACKAGES to separate out examples into its own output
package.

Please format it into a patch and email the patch if you want to
consider it to include into meta-python

> Thanks,
> William Huang
>
>
>
>




[meta-python][PATCH] packagegroup-meta-python: Add python3-kivy

Khem Raj
 

Signed-off-by: Khem Raj <raj.khem@...>
---
.../recipes-core/packagegroups/packagegroup-meta-python.bb | 1 +
1 file changed, 1 insertion(+)

diff --git a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb
index b5a2f5d7d9..7a19ea92e3 100644
--- a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb
+++ b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb
@@ -210,6 +210,7 @@ RDEPENDS:packagegroup-meta-python3 = "\
python3-kconfiglib \
python3-keras-applications \
python3-keras-preprocessing \
+ python3-kivy \
python3-kiwisolver \
python3-langtable \
python3-lazy-object-proxy \
--
2.33.0


[meta-webserver][dunfell]] apache2: upgrade 2.4.46 -> 2.4.48

Armin Kuster
 

From: Changqing Li <changqing.li@...>

Source: https://git.openembedded.org/meta-openembedded
https://git.openembedded.org/meta-openembedded
MR: 112869, 112835, 105131, 112702, 112829
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=ba016d73b5233a43ec6e398b45445d13ddaad745
ChangeID: f3ac0bc1005c94a694573b823c8f3f7d4a15360c
Description:

Apache2 2.4.x is an LTS version with bug and CVE fixes.
https://downloads.apache.org/httpd/CHANGES_2.4.48

Includes these CVE fixes:

2.4.48
CVE-2021-31618

2.4.47
CVE-2020-13938
CVE-2020-11985
CVE-2021-33193
CVE-2019-17567

Drop these patches included in update:
CVE-2020-13950.patch
CVE-2020-35452.patch
CVE-2021-26690.patch
CVE-2021-26691.patch
CVE-2021-30641.patch

Signed-off-by: Changqing Li <changqing.li@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit ba016d73b5233a43ec6e398b45445d13ddaad745)
Signed-off-by: Armin Kuster <akuster@...>
---
.../apache2/apache2/CVE-2020-13950.patch | 45 -------------
.../apache2/apache2/CVE-2020-35452.patch | 49 --------------
.../apache2/apache2/CVE-2021-26690.patch | 39 -----------
.../apache2/apache2/CVE-2021-26691.patch | 35 ----------
.../apache2/apache2/CVE-2021-30641.patch | 66 -------------------
.../{apache2_2.4.46.bb => apache2_2.4.48.bb} | 9 +--
6 files changed, 2 insertions(+), 241 deletions(-)
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch
rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.46.bb => apache2_2.4.48.bb} (96%)

diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch
deleted file mode 100644
index 4eb6b85b1a..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 8c162db8b65b2193e622b780e8c6516d4265f68b Mon Sep 17 00:00:00 2001
-From: Yann Ylavic <ylavic@...>
-Date: Mon, 11 May 2015 15:48:58 +0000
-Subject: [PATCH] mod_proxy_http: follow up to r1656259. The proxy connection
- may be NULL during prefetch, don't try to dereference it! Still
- origin->keepalive will be set according to p_conn->close by the caller
- (proxy_http_handler).
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1678771 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2020-35504
-
-Reference to upstream patch:
-https://bugzilla.redhat.com/show_bug.cgi?id=1966738
-https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b
-
-Signed-off-by: Li Wang <li.wang@...>
----
- modules/proxy/mod_proxy_http.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
-index ec1e042..5f507d5 100644
---- a/modules/proxy/mod_proxy_http.c
-+++ b/modules/proxy/mod_proxy_http.c
-@@ -570,7 +570,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
- apr_off_t bytes;
- int force10, rv;
- apr_read_type_e block;
-- conn_rec *origin = p_conn->connection;
-
- if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) {
- if (req->expecting_100) {
-@@ -630,7 +629,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
- "chunked body with Content-Length (C-L ignored)",
- c->client_ip, c->remote_host ? c->remote_host: "");
- req->old_cl_val = NULL;
-- origin->keepalive = AP_CONN_CLOSE;
- p_conn->close = 1;
- }
-
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch
deleted file mode 100644
index 001ca9252d..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 3b6431eb9c9dba603385f70a2131ab4a01bf0d3b Mon Sep 17 00:00:00 2001
-From: Yann Ylavic <ylavic@...>
-Date: Mon, 18 Jan 2021 17:39:12 +0000
-Subject: [PATCH] Merge r1885659 from trunk:
-
-mod_auth_digest: Fast validation of the nonce's base64 to fail early if
- the format can't match anyway.
-
-Submitted by: ylavic
-Reviewed by: ylavic, covener, jailletc36
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885666 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2020-35452
-
-Reference to upstream patch:
-https://security-tracker.debian.org/tracker/CVE-2020-35452
-https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b
-
-Signed-off-by: Li Wang <li.wang@...>
----
- modules/aaa/mod_auth_digest.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
-index b760941..0825b1b 100644
---- a/modules/aaa/mod_auth_digest.c
-+++ b/modules/aaa/mod_auth_digest.c
-@@ -1422,9 +1422,14 @@ static int check_nonce(request_rec *r, digest_header_rec *resp,
- time_rec nonce_time;
- char tmp, hash[NONCE_HASH_LEN+1];
-
-- if (strlen(resp->nonce) != NONCE_LEN) {
-+ /* Since the time part of the nonce is a base64 encoding of an
-+ * apr_time_t (8 bytes), it should end with a '=', fail early otherwise.
-+ */
-+ if (strlen(resp->nonce) != NONCE_LEN
-+ || resp->nonce[NONCE_TIME_LEN - 1] != '=') {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775)
-- "invalid nonce %s received - length is not %d",
-+ "invalid nonce '%s' received - length is not %d "
-+ "or time encoding is incorrect",
- resp->nonce, NONCE_LEN);
- note_digest_auth_failure(r, conf, resp, 1);
- return HTTP_UNAUTHORIZED;
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch
deleted file mode 100644
index d3aea9e122..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 67bd9bfe6c38831e14fe7122f1d84391472498f8 Mon Sep 17 00:00:00 2001
-From: Yann Ylavic <ylavic@...>
-Date: Mon, 1 Mar 2021 20:07:08 +0000
-Subject: [PATCH] mod_session: save one apr_strtok() in
- session_identity_decode().
-
-When the encoding is invalid (missing '='), no need to parse further.
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2021-26690
-
-Reference to upstream patch:
-https://security-tracker.debian.org/tracker/CVE-2021-26690
-https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8
-
-Signed-off-by: Li Wang <li.wang@...>
----
- modules/session/mod_session.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
-index ebd05b0..af70f6b 100644
---- a/modules/session/mod_session.c
-+++ b/modules/session/mod_session.c
-@@ -404,8 +404,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z)
- char *plast = NULL;
- const char *psep = "=";
- char *key = apr_strtok(pair, psep, &plast);
-- char *val = apr_strtok(NULL, psep, &plast);
- if (key && *key) {
-+ char *val = apr_strtok(NULL, sep, &plast);
- if (!val || !*val) {
- apr_table_unset(z->entries, key);
- }
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch
deleted file mode 100644
index f9cf868d01..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 7e09dd714fc62c08c5b0319ed7b9702594faf49b Mon Sep 17 00:00:00 2001
-From: Yann Ylavic <ylavic@...>
-Date: Mon, 1 Mar 2021 20:13:54 +0000
-Subject: [PATCH] mod_session: account for the '&' in identity_concat().
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887052 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2021-26691
-
-Reference to upstream patch:
-https://bugzilla.redhat.com/show_bug.cgi?id=1966732
-https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
-
-Signed-off-by: Li Wang <li.wang@...>
----
- modules/session/mod_session.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
-index 7ee477c..ebd05b0 100644
---- a/modules/session/mod_session.c
-+++ b/modules/session/mod_session.c
-@@ -317,7 +317,7 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
- static int identity_count(void *v, const char *key, const char *val)
- {
- int *count = v;
-- *count += strlen(key) * 3 + strlen(val) * 3 + 1;
-+ *count += strlen(key) * 3 + strlen(val) * 3 + 2;
- return 1;
- }
-
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch
deleted file mode 100644
index 7f74c85e33..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3 Mon Sep 17 00:00:00 2001
-From: Eric Covener <covener@...>
-Date: Wed, 21 Apr 2021 01:02:11 +0000
-Subject: [PATCH] legacy default slash-matching behavior w/ 'MergeSlashes OFF'
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1889036 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2021-30641
-
-Reference to upstream patch:
-https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
-https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3
-
-Signed-off-by: Li Wang <li.wang@...>
----
- server/request.c | 19 ++++++++++++++++---
- 1 file changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/server/request.c b/server/request.c
-index d5c558a..18625af 100644
---- a/server/request.c
-+++ b/server/request.c
-@@ -1419,7 +1419,20 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
-
- cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
- cached = (cache->cached != NULL);
-- entry_uri = r->uri;
-+
-+ /*
-+ * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri
-+ * have not been merged. But for Location walks we always go with merged
-+ * slashes no matter what merge_slashes is set to.
-+ */
-+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
-+ entry_uri = r->uri;
-+ }
-+ else {
-+ char *uri = apr_pstrdup(r->pool, r->uri);
-+ ap_no2slash(uri);
-+ entry_uri = uri;
-+ }
-
- /* If we have an cache->cached location that matches r->uri,
- * and the vhost's list of locations hasn't changed, we can skip
-@@ -1486,7 +1499,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
- pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
- }
-
-- if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
-+ if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
- continue;
- }
-
-@@ -1496,7 +1509,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
- apr_table_setn(r->subprocess_env,
- ((const char **)entry_core->refs->elts)[i],
- apr_pstrndup(r->pool,
-- entry_uri + pmatch[i].rm_so,
-+ r->uri + pmatch[i].rm_so,
- pmatch[i].rm_eo - pmatch[i].rm_so));
- }
- }
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.48.bb
similarity index 96%
rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb
rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.48.bb
index 4fc1f16317..7af824dd16 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.48.bb
@@ -15,11 +15,6 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
file://0007-apache2-allow-to-disable-selinux-support.patch \
file://apache-configure_perlbin.patch \
file://0001-support-apxs.in-force-destdir-to-be-empty-string.patch \
- file://CVE-2020-13950.patch \
- file://CVE-2020-35452.patch \
- file://CVE-2021-26690.patch \
- file://CVE-2021-26691.patch \
- file://CVE-2021-30641.patch \
"

SRC_URI_append_class-target = " \
@@ -31,8 +26,8 @@ SRC_URI_append_class-target = " \
"

LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[md5sum] = "7d661ea5e736dac5e2761d9f49fe8361"
-SRC_URI[sha256sum] = "740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea"
+SRC_URI[md5sum] = "a7088cec171b0d00bf43394ce64d3909"
+SRC_URI[sha256sum] = "1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c"

S = "${WORKDIR}/httpd-${PV}"

--
2.25.1


[meta-webserver][hardknott]] apache2: upgrade 2.4.46 -> 2.4.48

Armin Kuster
 

From: Changqing Li <changqing.li@...>

Source: https://git.openembedded.org/meta-openembedded
https://git.openembedded.org/meta-openembedded
MR: 112869, 112835, 105131, 112702, 112829
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/meta-openembedded/commit/meta-webserver/recipes-httpd/apache2?id=ba016d73b5233a43ec6e398b45445d13ddaad745
ChangeID: f3ac0bc1005c94a694573b823c8f3f7d4a15360c
Description:

Apache2 2.4.x is an LTS version with bug and CVE fixes.
https://downloads.apache.org/httpd/CHANGES_2.4.48

Includes these CVE fixes:

2.4.48
CVE-2021-31618

2.4.47
CVE-2020-13938
CVE-2020-11985
CVE-2021-33193
CVE-2019-17567

Drop these patches included in update:
CVE-2020-13950.patch
CVE-2020-35452.patch
CVE-2021-26690.patch
CVE-2021-26691.patch
CVE-2021-30641.patch

Signed-off-by: Changqing Li <changqing.li@...>
Signed-off-by: Khem Raj <raj.khem@...>
(cherry picked from commit ba016d73b5233a43ec6e398b45445d13ddaad745)
Signed-off-by: Armin Kuster <akuster@...>
---
.../apache2/apache2/CVE-2020-13950.patch | 45 -------------
.../apache2/apache2/CVE-2020-35452.patch | 49 --------------
.../apache2/apache2/CVE-2021-26690.patch | 39 -----------
.../apache2/apache2/CVE-2021-26691.patch | 35 ----------
.../apache2/apache2/CVE-2021-30641.patch | 66 -------------------
.../{apache2_2.4.46.bb => apache2_2.4.48.bb} | 9 +--
6 files changed, 2 insertions(+), 241 deletions(-)
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch
delete mode 100644 meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch
rename meta-webserver/recipes-httpd/apache2/{apache2_2.4.46.bb => apache2_2.4.48.bb} (96%)

diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch
deleted file mode 100644
index 4eb6b85b1a..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-13950.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 8c162db8b65b2193e622b780e8c6516d4265f68b Mon Sep 17 00:00:00 2001
-From: Yann Ylavic <ylavic@...>
-Date: Mon, 11 May 2015 15:48:58 +0000
-Subject: [PATCH] mod_proxy_http: follow up to r1656259. The proxy connection
- may be NULL during prefetch, don't try to dereference it! Still
- origin->keepalive will be set according to p_conn->close by the caller
- (proxy_http_handler).
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1678771 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2020-35504
-
-Reference to upstream patch:
-https://bugzilla.redhat.com/show_bug.cgi?id=1966738
-https://github.com/apache/httpd/commit/8c162db8b65b2193e622b780e8c6516d4265f68b
-
-Signed-off-by: Li Wang <li.wang@...>
----
- modules/proxy/mod_proxy_http.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
-index ec1e042..5f507d5 100644
---- a/modules/proxy/mod_proxy_http.c
-+++ b/modules/proxy/mod_proxy_http.c
-@@ -570,7 +570,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
- apr_off_t bytes;
- int force10, rv;
- apr_read_type_e block;
-- conn_rec *origin = p_conn->connection;
-
- if (apr_table_get(r->subprocess_env, "force-proxy-request-1.0")) {
- if (req->expecting_100) {
-@@ -630,7 +629,6 @@ static int ap_proxy_http_prefetch(proxy_http_req_t *req,
- "chunked body with Content-Length (C-L ignored)",
- c->client_ip, c->remote_host ? c->remote_host: "");
- req->old_cl_val = NULL;
-- origin->keepalive = AP_CONN_CLOSE;
- p_conn->close = 1;
- }
-
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch
deleted file mode 100644
index 001ca9252d..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2020-35452.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 3b6431eb9c9dba603385f70a2131ab4a01bf0d3b Mon Sep 17 00:00:00 2001
-From: Yann Ylavic <ylavic@...>
-Date: Mon, 18 Jan 2021 17:39:12 +0000
-Subject: [PATCH] Merge r1885659 from trunk:
-
-mod_auth_digest: Fast validation of the nonce's base64 to fail early if
- the format can't match anyway.
-
-Submitted by: ylavic
-Reviewed by: ylavic, covener, jailletc36
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885666 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2020-35452
-
-Reference to upstream patch:
-https://security-tracker.debian.org/tracker/CVE-2020-35452
-https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b
-
-Signed-off-by: Li Wang <li.wang@...>
----
- modules/aaa/mod_auth_digest.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/modules/aaa/mod_auth_digest.c b/modules/aaa/mod_auth_digest.c
-index b760941..0825b1b 100644
---- a/modules/aaa/mod_auth_digest.c
-+++ b/modules/aaa/mod_auth_digest.c
-@@ -1422,9 +1422,14 @@ static int check_nonce(request_rec *r, digest_header_rec *resp,
- time_rec nonce_time;
- char tmp, hash[NONCE_HASH_LEN+1];
-
-- if (strlen(resp->nonce) != NONCE_LEN) {
-+ /* Since the time part of the nonce is a base64 encoding of an
-+ * apr_time_t (8 bytes), it should end with a '=', fail early otherwise.
-+ */
-+ if (strlen(resp->nonce) != NONCE_LEN
-+ || resp->nonce[NONCE_TIME_LEN - 1] != '=') {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01775)
-- "invalid nonce %s received - length is not %d",
-+ "invalid nonce '%s' received - length is not %d "
-+ "or time encoding is incorrect",
- resp->nonce, NONCE_LEN);
- note_digest_auth_failure(r, conf, resp, 1);
- return HTTP_UNAUTHORIZED;
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch
deleted file mode 100644
index d3aea9e122..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26690.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 67bd9bfe6c38831e14fe7122f1d84391472498f8 Mon Sep 17 00:00:00 2001
-From: Yann Ylavic <ylavic@...>
-Date: Mon, 1 Mar 2021 20:07:08 +0000
-Subject: [PATCH] mod_session: save one apr_strtok() in
- session_identity_decode().
-
-When the encoding is invalid (missing '='), no need to parse further.
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887050 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2021-26690
-
-Reference to upstream patch:
-https://security-tracker.debian.org/tracker/CVE-2021-26690
-https://github.com/apache/httpd/commit/67bd9bfe6c38831e14fe7122f1d84391472498f8
-
-Signed-off-by: Li Wang <li.wang@...>
----
- modules/session/mod_session.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
-index ebd05b0..af70f6b 100644
---- a/modules/session/mod_session.c
-+++ b/modules/session/mod_session.c
-@@ -404,8 +404,8 @@ static apr_status_t session_identity_decode(request_rec * r, session_rec * z)
- char *plast = NULL;
- const char *psep = "=";
- char *key = apr_strtok(pair, psep, &plast);
-- char *val = apr_strtok(NULL, psep, &plast);
- if (key && *key) {
-+ char *val = apr_strtok(NULL, sep, &plast);
- if (!val || !*val) {
- apr_table_unset(z->entries, key);
- }
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch
deleted file mode 100644
index f9cf868d01..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-26691.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 7e09dd714fc62c08c5b0319ed7b9702594faf49b Mon Sep 17 00:00:00 2001
-From: Yann Ylavic <ylavic@...>
-Date: Mon, 1 Mar 2021 20:13:54 +0000
-Subject: [PATCH] mod_session: account for the '&' in identity_concat().
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887052 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2021-26691
-
-Reference to upstream patch:
-https://bugzilla.redhat.com/show_bug.cgi?id=1966732
-https://github.com/apache/httpd/commit/7e09dd714fc62c08c5b0319ed7b9702594faf49b
-
-Signed-off-by: Li Wang <li.wang@...>
----
- modules/session/mod_session.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/modules/session/mod_session.c b/modules/session/mod_session.c
-index 7ee477c..ebd05b0 100644
---- a/modules/session/mod_session.c
-+++ b/modules/session/mod_session.c
-@@ -317,7 +317,7 @@ static apr_status_t ap_session_set(request_rec * r, session_rec * z,
- static int identity_count(void *v, const char *key, const char *val)
- {
- int *count = v;
-- *count += strlen(key) * 3 + strlen(val) * 3 + 1;
-+ *count += strlen(key) * 3 + strlen(val) * 3 + 2;
- return 1;
- }
-
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch b/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch
deleted file mode 100644
index 7f74c85e33..0000000000
--- a/meta-webserver/recipes-httpd/apache2/apache2/CVE-2021-30641.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3 Mon Sep 17 00:00:00 2001
-From: Eric Covener <covener@...>
-Date: Wed, 21 Apr 2021 01:02:11 +0000
-Subject: [PATCH] legacy default slash-matching behavior w/ 'MergeSlashes OFF'
-
-git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1889036 13f79535-47bb-0310-9956-ffa450edef68
-
-Upstream-Status: Backport
-CVE: CVE-2021-30641
-
-Reference to upstream patch:
-https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-30641
-https://github.com/apache/httpd/commit/6141d5aa3f5cf8f1b89472e7fdb66578810d0ae3
-
-Signed-off-by: Li Wang <li.wang@...>
----
- server/request.c | 19 ++++++++++++++++---
- 1 file changed, 16 insertions(+), 3 deletions(-)
-
-diff --git a/server/request.c b/server/request.c
-index d5c558a..18625af 100644
---- a/server/request.c
-+++ b/server/request.c
-@@ -1419,7 +1419,20 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
-
- cache = prep_walk_cache(AP_NOTE_LOCATION_WALK, r);
- cached = (cache->cached != NULL);
-- entry_uri = r->uri;
-+
-+ /*
-+ * When merge_slashes is set to AP_CORE_CONFIG_OFF the slashes in r->uri
-+ * have not been merged. But for Location walks we always go with merged
-+ * slashes no matter what merge_slashes is set to.
-+ */
-+ if (sconf->merge_slashes != AP_CORE_CONFIG_OFF) {
-+ entry_uri = r->uri;
-+ }
-+ else {
-+ char *uri = apr_pstrdup(r->pool, r->uri);
-+ ap_no2slash(uri);
-+ entry_uri = uri;
-+ }
-
- /* If we have an cache->cached location that matches r->uri,
- * and the vhost's list of locations hasn't changed, we can skip
-@@ -1486,7 +1499,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
- pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
- }
-
-- if (ap_regexec(entry_core->r, entry_uri, nmatch, pmatch, 0)) {
-+ if (ap_regexec(entry_core->r, r->uri, nmatch, pmatch, 0)) {
- continue;
- }
-
-@@ -1496,7 +1509,7 @@ AP_DECLARE(int) ap_location_walk(request_rec *r)
- apr_table_setn(r->subprocess_env,
- ((const char **)entry_core->refs->elts)[i],
- apr_pstrndup(r->pool,
-- entry_uri + pmatch[i].rm_so,
-+ r->uri + pmatch[i].rm_so,
- pmatch[i].rm_eo - pmatch[i].rm_so));
- }
- }
---
-2.7.4
-
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.48.bb
similarity index 96%
rename from meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb
rename to meta-webserver/recipes-httpd/apache2/apache2_2.4.48.bb
index 4fc1f16317..7af824dd16 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.46.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.48.bb
@@ -15,11 +15,6 @@ SRC_URI = "${APACHE_MIRROR}/httpd/httpd-${PV}.tar.bz2 \
file://0007-apache2-allow-to-disable-selinux-support.patch \
file://apache-configure_perlbin.patch \
file://0001-support-apxs.in-force-destdir-to-be-empty-string.patch \
- file://CVE-2020-13950.patch \
- file://CVE-2020-35452.patch \
- file://CVE-2021-26690.patch \
- file://CVE-2021-26691.patch \
- file://CVE-2021-30641.patch \
"

SRC_URI_append_class-target = " \
@@ -31,8 +26,8 @@ SRC_URI_append_class-target = " \
"

LIC_FILES_CHKSUM = "file://LICENSE;md5=bddeddfac80b2c9a882241d008bb41c3"
-SRC_URI[md5sum] = "7d661ea5e736dac5e2761d9f49fe8361"
-SRC_URI[sha256sum] = "740eddf6e1c641992b22359cabc66e6325868c3c5e2e3f98faf349b61ecf41ea"
+SRC_URI[md5sum] = "a7088cec171b0d00bf43394ce64d3909"
+SRC_URI[sha256sum] = "1bc826e7b2e88108c7e4bf43c026636f77a41d849cfb667aa7b5c0b86dbf966c"

S = "${WORKDIR}/httpd-${PV}"

--
2.25.1


[meta-web][hardknott][PATCH 1/1] nginx: fix CVE-2021-3618

Joe Slater
 

Apply patch made to version 1.20.1 to version 1.18.0.

Signed-off-by: Joe Slater <joe.slater@...>
---
.../nginx/files/CVE-2021-3618.patch | 107 ++++++++++++++++++
.../recipes-httpd/nginx/nginx_1.18.0.bb | 2 +
2 files changed, 109 insertions(+)
create mode 100644 meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch

diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch
new file mode 100644
index 000000000..be42a1ed5
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-3618.patch
@@ -0,0 +1,107 @@
+From 6dafcdebde58577f4fcb190be46a0eb910cf1b96 Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@...>
+Date: Wed, 19 May 2021 03:13:31 +0300
+Subject: [PATCH 1/1] Mail: max_errors directive.
+
+Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands
+in Exim, specifies the number of errors after which the connection is closed.
+--- end of original header ---
+
+CVE: CVE-2021-3618
+
+Upstream-Status: Backport
+ https://github.com/nginx/nginx.git
+ commit 173f16f736c10eae46cd15dd861b04b82d91a37a
+
+Signed-off-by: Joe Slater <joe.slater@...>
+---
+ src/mail/ngx_mail.h | 3 +++
+ src/mail/ngx_mail_core_module.c | 10 ++++++++++
+ src/mail/ngx_mail_handler.c | 15 ++++++++++++++-
+ 3 files changed, 27 insertions(+), 1 deletion(-)
+
+diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
+index b865a3b9..76cae37a 100644
+--- a/src/mail/ngx_mail.h
++++ b/src/mail/ngx_mail.h
+@@ -115,6 +115,8 @@ typedef struct {
+ ngx_msec_t timeout;
+ ngx_msec_t resolver_timeout;
+
++ ngx_uint_t max_errors;
++
+ ngx_str_t server_name;
+
+ u_char *file_name;
+@@ -231,6 +233,7 @@ typedef struct {
+ ngx_uint_t command;
+ ngx_array_t args;
+
++ ngx_uint_t errors;
+ ngx_uint_t login_attempt;
+
+ /* used to parse POP3/IMAP/SMTP command */
+diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c
+index 40831242..115671ca 100644
+--- a/src/mail/ngx_mail_core_module.c
++++ b/src/mail/ngx_mail_core_module.c
+@@ -85,6 +85,13 @@ static ngx_command_t ngx_mail_core_commands[] = {
+ offsetof(ngx_mail_core_srv_conf_t, resolver_timeout),
+ NULL },
+
++ { ngx_string("max_errors"),
++ NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
++ ngx_conf_set_num_slot,
++ NGX_MAIL_SRV_CONF_OFFSET,
++ offsetof(ngx_mail_core_srv_conf_t, max_errors),
++ NULL },
++
+ ngx_null_command
+ };
+
+@@ -163,6 +170,8 @@ ngx_mail_core_create_srv_conf(ngx_conf_t *cf)
+ cscf->timeout = NGX_CONF_UNSET_MSEC;
+ cscf->resolver_timeout = NGX_CONF_UNSET_MSEC;
+
++ cscf->max_errors = NGX_CONF_UNSET_UINT;
++
+ cscf->resolver = NGX_CONF_UNSET_PTR;
+
+ cscf->file_name = cf->conf_file->file.name.data;
+@@ -182,6 +191,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
+ ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout,
+ 30000);
+
++ ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5);
+
+ ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");
+
+diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
+index 0aaa0e78..71b81512 100644
+--- a/src/mail/ngx_mail_handler.c
++++ b/src/mail/ngx_mail_handler.c
+@@ -871,7 +871,20 @@ ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
+ return NGX_MAIL_PARSE_INVALID_COMMAND;
+ }
+
+- if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
++ if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
++
++ s->errors++;
++
++ if (s->errors >= cscf->max_errors) {
++ ngx_log_error(NGX_LOG_INFO, c->log, 0,
++ "client sent too many invalid commands");
++ s->quit = 1;
++ }
++
++ return rc;
++ }
++
++ if (rc == NGX_IMAP_NEXT) {
+ return rc;
+ }
+
+--
+2.25.1
+
diff --git a/meta-webserver/recipes-httpd/nginx/nginx_1.18.0.bb b/meta-webserver/recipes-httpd/nginx/nginx_1.18.0.bb
index ac303e47d..c20ca6f40 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx_1.18.0.bb
+++ b/meta-webserver/recipes-httpd/nginx/nginx_1.18.0.bb
@@ -1,5 +1,7 @@
require nginx.inc

+SRC_URI += "file://CVE-2021-3618.patch"
+
LIC_FILES_CHKSUM = "file://LICENSE;md5=52e384aaac868b755b93ad5535e2d075"

SRC_URI[md5sum] = "b2d33d24d89b8b1f87ff5d251aa27eb8"
--
2.31.1


[meta-python][PATCH v3] python3-pytest-subtests: add recipe

Trevor Gamblin
 

Newer versions of python3-cryptography will rely on the subtests fixture
for their ptests. Add this recipe so that cryptography can be given the
necessary RDEPENDS when it is upgraded.

Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
---
.../packagegroups/packagegroup-meta-python.bb | 1 +
.../python/python3-pytest-subtests_0.5.0.bb | 16 ++++++++++++++++
2 files changed, 17 insertions(+)
create mode 100644 meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb

diff --git a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb
index ea5683ce6..b5a2f5d7d 100644
--- a/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb
+++ b/meta-python/recipes-core/packagegroups/packagegroup-meta-python.bb
@@ -348,6 +348,7 @@ RDEPENDS:packagegroup-meta-python3 = "\
python3-pytest-html \
python3-pytest-metadata \
python3-pytest-runner \
+ python3-pytest-subtests \
python3-pytest-tempdir \
python3-pytest-timeout \
python3-pythonping \
diff --git a/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb
new file mode 100644
index 000000000..2e03512bd
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb
@@ -0,0 +1,16 @@
+DESCRIPTION = "unittest subTest() support and subtests fixture."
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1"
+
+SRC_URI[sha256sum] = "5bd1e4bf0eda4c89a6cd42b0ee28e1d2ca0848de3fd67ad8cdd6d559ed00f120"
+
+inherit pypi setuptools3
+
+DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
+
+RDEPENDS:${PN} += " \
+ ${PYTHON_PN}-pytest \
+"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.31.1


[meta-python][PATCH] python3-regex: upgrade to 2021.8.28

Martin Jansa
 

* 2021.8.27 causes python3 to segfault in various cases:
https://bitbucket.org/mrabarnett/mrab-regex/issues/421/2021827-results-in-fatal-python-error
and was already yanked from pypi:
https://pypi.org/project/regex/2021.8.27/

Signed-off-by: Martin Jansa <Martin.Jansa@...>
---
.../{python3-regex_2021.8.27.bb => python3-regex_2021.8.28.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta-python/recipes-devtools/python/{python3-regex_2021.8.27.bb => python3-regex_2021.8.28.bb} (80%)

diff --git a/meta-python/recipes-devtools/python/python3-regex_2021.8.27.bb b/meta-python/recipes-devtools/python/python3-regex_2021.8.28.bb
similarity index 80%
rename from meta-python/recipes-devtools/python/python3-regex_2021.8.27.bb
rename to meta-python/recipes-devtools/python/python3-regex_2021.8.28.bb
index c869003c9f..e375b5b28f 100644
--- a/meta-python/recipes-devtools/python/python3-regex_2021.8.27.bb
+++ b/meta-python/recipes-devtools/python/python3-regex_2021.8.28.bb
@@ -5,7 +5,7 @@ LIC_FILES_CHKSUM = "file://PKG-INFO;beginline=8;endline=8;md5=f0a3e4a2554ebb89c0

inherit pypi setuptools3

-SRC_URI[sha256sum] = "e9700c52749cb3e90c98efd72b730c97b7e4962992fca5fbcaf1363be8e3b849"
+SRC_URI[sha256sum] = "f585cbbeecb35f35609edccb95efd95a3e35824cd7752b586503f7e6087303f1"

RDEPENDS:${PN} += " \
python3-stringold \
--
2.32.0


[meta-python][PATCH v2] python3-pytest-subtests: add recipe

Trevor Gamblin
 

Newer versions of python3-cryptography will rely on the subtests fixture
for their ptests. Add this recipe so that cryptography can be given the
necessary RDEPENDS when it is upgraded.

Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
---
.../python/python3-pytest-subtests_0.5.0.bb | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
create mode 100644 meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb

diff --git a/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb
new file mode 100644
index 000000000..2e03512bd
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb
@@ -0,0 +1,16 @@
+DESCRIPTION = "unittest subTest() support and subtests fixture."
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1"
+
+SRC_URI[sha256sum] = "5bd1e4bf0eda4c89a6cd42b0ee28e1d2ca0848de3fd67ad8cdd6d559ed00f120"
+
+inherit pypi setuptools3
+
+DEPENDS += "${PYTHON_PN}-setuptools-scm-native"
+
+RDEPENDS:${PN} += " \
+ ${PYTHON_PN}-pytest \
+"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.31.1


Re: [meta-python][PATCH] python3-pytest-subtests: add recipe

Trevor Gamblin
 

On 2021-09-02 3:39 a.m., Khem Raj wrote:
[Please note: This e-mail is from an EXTERNAL e-mail address]

it failed with sha256 checksums errors in fetcher which I fixed and
then it failed again in compile with

https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1499

also you forgot to add it to test package group.
Right, my pipeline caught this too. Fixing...


On Wed, Sep 1, 2021 at 5:00 AM Trevor Gamblin
<trevor.gamblin@...> wrote:
Newer versions of python3-cryptography will rely on the subtests fixture
for their ptests. Add this recipe so that cryptography can be given the
necessary RDEPENDS when it is upgraded.

Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
---
.../python/python3-pytest-subtests_0.5.0.bb | 14 ++++++++++++++
1 file changed, 14 insertions(+)
create mode 100644 meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb

diff --git a/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb
new file mode 100644
index 000000000..c2bf47203
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb
@@ -0,0 +1,14 @@
+DESCRIPTION = "unittest subTest() support and subtests fixture."
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1"
+
+SRC_URI[sha256sum] = "c62d68a84f94f8bc49bbb01b39392953e26a52570ad380581a3b2cc8d7eaa037"
+
+inherit pypi setuptools3
+
+RDEPENDS:${PN} += " \
+ ${PYTHON_PN}-pytest \
+"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.31.1



[meta-python][PATCH] recipes-devtools: python: add support for Kivy

William Huang
 

---
.../0001-add-support-for-glesv2.patch | 24 +++++++
.../python/python3-kivy_2.0.0.bb | 71 +++++++++++++++++++
2 files changed, 95 insertions(+)
create mode 100644 meta-python/recipes-devtools/python/python3-kivy/0001-add-support-for-glesv2.patch
create mode 100644 meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb

diff --git a/meta-python/recipes-devtools/python/python3-kivy/0001-add-support-for-glesv2.patch b/meta-python/recipes-devtools/python/python3-kivy/0001-add-support-for-glesv2.patch
new file mode 100644
index 000000000..e50c7e7e2
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-kivy/0001-add-support-for-glesv2.patch
@@ -0,0 +1,24 @@
+diff --git a/setup.py b/setup.py
+index 9a507c6c4..3f5b70866 100644
+--- a/setup.py
++++ b/setup.py
+@@ -680,7 +680,18 @@ def determine_gl_flags():
+ c_options['use_x11'] = True
+ c_options['use_egl'] = True
+ else:
+- flags['libraries'] = ['GL']
++ if cross_sysroot:
++ flags['include_dirs'] = [cross_sysroot + '/usr/include']
++ flags['library_dirs'] = [cross_sysroot + '/usr/lib']
++
++ if c_options['use_opengl_es2']:
++ print("using GLESv2 libraries")
++ flags['libraries'] = ['GLESv2']
++ else:
++ flags['libraries'] = ['GL']
++
++
++ print("cross_sysroot: " + str(cross_sysroot))
+ return flags, base_flags
+
+
diff --git a/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb b/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
new file mode 100644
index 000000000..3f6bafda8
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-kivy_2.0.0.bb
@@ -0,0 +1,71 @@
+SUMMARY = "Open source Python library for rapid development of applications \
+ that make use of innovative user interfaces, such as multi-touch apps."
+HOMEPAGE = "https://kivy.org/"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f0c851d60495c7e27225a819e179208a"
+
+inherit setuptools3
+
+SRC_URI = "\
+ git://github.com/kivy/kivy.git;protocol=git;\
+"
+
+# Kivy's setup files only look for GLES libraries for Android, iOS, RPi,
+# and mali-based OS's. We need to patch the setup file to tell Kivy setup
+# that our machine has GLES libaries installed as well
+# Also, if using SDL2 as backend, SDL2 needs to be configured wth gles
+SRC_URI += " \
+ file://0001-add-support-for-glesv2.patch \
+"
+SRCREV = "dedcb6bcabe3d8d6758dcee607e8c33b174d782b"
+
+S = "${WORKDIR}/git"
+
+PACKAGES += "${PN}-examples"
+FILES:${PN}-examples = "/usr/share/kivy-examples"
+
+USE_WAYLAND = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', '1', '0', d)}"
+export USE_WAYLAND
+
+# if using Wayland, let's use pure Wayland (and not XWayland)
+# so do not build using X11 flag when we detect Wayland
+USE_X11 = " \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'wayland', '0', \
+ bb.utils.contains('DISTRO_FEATURES', 'x11', '1', \
+ '0', d), d)}"
+export USE_X11
+
+# Use OpenGL ES 2.0 library
+KIVY_GRAPHICS = "gles"
+export KIVY_GRAPHICS
+
+KIVY_CROSS_SYSROOT="${WORKDIR}/recipe-sysroot"
+export KIVY_CROSS_SYSROOT
+
+DEPENDS += " \
+ gstreamer1.0 \
+ gstreamer1.0-python \
+ libsdl2 \
+ libsdl2-ttf \
+ libsdl2-image \
+ libsdl2-mixer \
+ pango \
+ python3 \
+ python3-cython-native \
+"
+
+RDEPENDS_${PN} = " \
+ gstreamer1.0 \
+ gstreamer1.0-python \
+ libsdl2 \
+ libsdl2-ttf \
+ libsdl2-image \
+ libsdl2-mixer \
+ pango \
+ python3 \
+ python3-docutils \
+ python3-fcntl \
+ python3-image \
+ python3-pillow \
+ python3-pygments \
+"
--
2.25.1


Re: [meta-python][PATCH] python3-pytest-subtests: add recipe

Khem Raj
 

it failed with sha256 checksums errors in fetcher which I fixed and
then it failed again in compile with

https://autobuilder.yoctoproject.org/typhoon/#/builders/88/builds/1499

also you forgot to add it to test package group.


On Wed, Sep 1, 2021 at 5:00 AM Trevor Gamblin
<trevor.gamblin@...> wrote:

Newer versions of python3-cryptography will rely on the subtests fixture
for their ptests. Add this recipe so that cryptography can be given the
necessary RDEPENDS when it is upgraded.

Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
---
.../python/python3-pytest-subtests_0.5.0.bb | 14 ++++++++++++++
1 file changed, 14 insertions(+)
create mode 100644 meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb

diff --git a/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb
new file mode 100644
index 000000000..c2bf47203
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pytest-subtests_0.5.0.bb
@@ -0,0 +1,14 @@
+DESCRIPTION = "unittest subTest() support and subtests fixture."
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=242b4e17fa287dcf7aef372f6bc3dcb1"
+
+SRC_URI[sha256sum] = "c62d68a84f94f8bc49bbb01b39392953e26a52570ad380581a3b2cc8d7eaa037"
+
+inherit pypi setuptools3
+
+RDEPENDS:${PN} += " \
+ ${PYTHON_PN}-pytest \
+"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.31.1




[meta-networking][PATCH] ndisc6: fix typo in DESCRIPTION variable name

Patrick Williams <patrick@...>
 

Signed-off-by: Patrick Williams <patrick@...>
---
meta-networking/recipes-support/ndisc6/ndisc6_git.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb b/meta-networking/recipes-support/ndisc6/ndisc6_git.bb
index e9af2c43f..d1e006c08 100644
--- a/meta-networking/recipes-support/ndisc6/ndisc6_git.bb
+++ b/meta-networking/recipes-support/ndisc6/ndisc6_git.bb
@@ -60,11 +60,11 @@ IPv4 world."
DESCRIPTION:${PN}-rdisc6 = "ICMPv6 Router Discovery tool. \
Queries IPv6 routers on the network for advertised prefixes. Can be used \
to detect rogue IPv6 routers, monitor legitimate IPv6 routers."
-DESCRITPION_${PN}-tcpspray6 = "Performs bandwidth measurements of TCP \
+DESCRIPTION:${PN}-tcpspray6 = "Performs bandwidth measurements of TCP \
sessions between the local system and a remote echo server in either IPv6 \
or IPv4."

-DESCRITPION_${PN}-rdnssd = "Daemon to autoconfigure the list of DNS \
+DESCRIPTION:${PN}-rdnssd = "Daemon to autoconfigure the list of DNS \
servers through slateless IPv6 autoconfiguration."

# The tcptraceroute6 and tracert6 commands depend on rltraceroute6 to
--
2.31.1

7061 - 7080 of 99908