Signed-off-by: Markus Volk <f_l_k@...>
---
meta-gnome/recipes-connectivity/folks/folks_0.15.4.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta-gnome/recipes-connectivity/folks/folks_0.15.4.bb b/meta=
-gnome/recipes-connectivity/folks/folks_0.15.4.bb
index d331dfdb5..c3c30ca46 100644
--- a/meta-gnome/recipes-connectivity/folks/folks_0.15.4.bb
+++ b/meta-gnome/recipes-connectivity/folks/folks_0.15.4.bb
@@ -8,6 +8,7 @@ DEPENDS =3D " \
"
=20
GNOMEBASEBUILDCLASS =3D "meson"
+EXTRA_OEMESON +=3D "-Dtests=3Dfalse"
=20
# gobject-introspection is mandatory and cannot be configured
REQUIRED_DISTRO_FEATURES =3D "gobject-introspection-data"
@@ -19,9 +20,8 @@ PACKAGECONFIG[ofono] =3D "-Deds_backend=3Dtrue -Dofono_=
backend=3Dtrue,-Dofono_backend=3D
PACKAGECONFIG[telepathy] =3D "-Dtelepathy_backend=3Dtrue,-Dtelepathy_bac=
kend=3Dfalse,telepathy-glib dbus-glib"
PACKAGECONFIG[import_tool] =3D "-Dimport_tool=3Dtrue,-Dimport_tool=3Dfal=
se,libxml2"
PACKAGECONFIG[inspect_tool] =3D "-Dinspect_tool=3Dtrue,-Dinspect_tool=3D=
false"
-PACKAGECONFIG[tests] =3D "-Dtests=3Dtrue,-Dtests=3Dfalse,python3-dbusmoc=
k-native"
=20
-PACKAGECONFIG ??=3D "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 't=
ests','', d)}"
+PACKAGECONFIG ??=3D ""
=20
inherit pkgconfig gnomebase gettext gobject-introspection vala features_=
check
=20
--=20
2.25.1

inspect_tool has a dependency on readline. That is pulled in automatically but should we also add it like this to make clear it is needed here?

PACKAGECONFIG[inspect_tool] = "-Dinspect_tool=true,-Dinspect_tool=false,readline"

Am 28.01.22 um 18:43 schrieb Khem Raj:

On Fri, Jan 28, 2022 at 9:42 AM Markus Volk <f_l_k@...> wrote:

Like this ?

PACKAGECONFIG:append:class-native =
"${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'tests','', d)}"

or just with

EXTRA_OEMESON = "-Dtests=false" ?

you cant control ptest distro feature here so its better to remove
that packageconfig and just set

EXTRA_OEMESON += "-Dtests=false"

Am 28.01.22 um 18:38 schrieb Khem Raj:

On Fri, Jan 28, 2022 at 9:35 AM Markus Volk <f_l_k@...> wrote:

https://github.com/openembedded/meta-openembedded/blob/aa22894fa352986a62c4530ad8facd8868b2e535/meta-gnome/recipes-connectivity/folks/folks_0.15.4.bb#L24

Doesn't this line explicitly disable tests until DISTRO_FEATURE ptests
is set ?

yes but it means we think that tests do work when ptest feature is
enabled which is not true. So it should be disabled even for distros
enabling ptest feature.

Am 28.01.22 um 18:15 schrieb Ross Burton:

+PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,python3-dbusmock-native"

You don't install the tests, so this serves no purpose.

Just set -Dtests=false explicitly, unless you install the tests and do the ptest integration.

Also the dbusmock test in folks is broken, it should be cross-aware. As you can't check for target python modules it should avoid the check in cross builds.

Ross

On Fri, 28 Jan 2022 at 17:35, Markus Volk <f_l_k@...> wrote:

https://github.com/openembedded/meta-openembedded/blob/aa22894fa352986a62c4530ad8facd8868b2e535/meta-gnome/recipes-connectivity/folks/folks_0.15.4.bb#L24

Doesn't this line explicitly disable tests until DISTRO_FEATURE ptests
is set ?

Yes, but if the tests are enabled they're still not installed, so
there's no point in building them at all.

Ross

Like this ?

PACKAGECONFIG:append:class-native = "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', 'tests','', d)}"

or just with

EXTRA_OEMESON = "-Dtests=false" ?


Am 28.01.22 um 18:38 schrieb Khem Raj:

On Fri, Jan 28, 2022 at 9:35 AM Markus Volk <f_l_k@...> wrote:

https://github.com/openembedded/meta-openembedded/blob/aa22894fa352986a62c4530ad8facd8868b2e535/meta-gnome/recipes-connectivity/folks/folks_0.15.4.bb#L24

Doesn't this line explicitly disable tests until DISTRO_FEATURE ptests
is set ?

yes but it means we think that tests do work when ptest feature is
enabled which is not true. So it should be disabled even for distros
enabling ptest feature.

Am 28.01.22 um 18:15 schrieb Ross Burton:

+PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,python3-dbusmock-native"

You don't install the tests, so this serves no purpose.

Just set -Dtests=false explicitly, unless you install the tests and do the ptest integration.

Also the dbusmock test in folks is broken, it should be cross-aware. As you can't check for target python modules it should avoid the check in cross builds.

Ross

https://github.com/openembedded/meta-openembedded/blob/aa22894fa352986a62c4530ad8facd8868b2e535/meta-gnome/recipes-connectivity/folks/folks_0.15.4.bb#L24

Doesn't this line explicitly disable tests until DISTRO_FEATURE ptests is set ?

Am 28.01.22 um 18:15 schrieb Ross Burton:

On Fri, Jan 28, 2022 at 9:15 AM Ross Burton <ross@...> wrote:

+PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,python3-dbusmock-native"

You don't install the tests, so this serves no purpose.

Just set -Dtests=false explicitly, unless you install the tests and do the ptest integration.

Also the dbusmock test in folks is broken, it should be cross-aware. As you can't check for target python modules it should avoid the check in cross builds.

yeah if the tests are not cross building then it might make sense to
disable them atleast for target recipe.

Ross

+PACKAGECONFIG[tests] = "-Dtests=true,-Dtests=false,python3-dbusmock-native"

You don't install the tests, so this serves no purpose.

Just set -Dtests=false explicitly, unless you install the tests and do the ptest integration.

Also the dbusmock test in folks is broken, it should be cross-aware. As you can't check for target python modules it should avoid the check in cross builds.

Ross

Backport three patches from 9.0.0 upstream to fix CVES.

Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
---
...Handle-case-where-path-count-is-zero.patch | 75 +++++++++++++++++++
.../0001-Initialize-coordinates-to-zero.patch | 45 +++++++++++
...Restrict-builtins-for-ImageMath.eval.patch | 60 +++++++++++++++
.../python/python3-pillow_8.2.0.bb | 3 +
4 files changed, 183 insertions(+)
create mode 100644 meta-python/recipes-devtools/python/python3-pillow/0001-Handle-case-where-path-count-is-zero.patch
create mode 100644 meta-python/recipes-devtools/python/python3-pillow/0001-Initialize-coordinates-to-zero.patch
create mode 100644 meta-python/recipes-devtools/python/python3-pillow/0001-Restrict-builtins-for-ImageMath.eval.patch

diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-Handle-case-where-path-count-is-zero.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-Handle-case-where-path-count-is-zero.patch
new file mode 100644
index 000000000..26b741f9c
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/0001-Handle-case-where-path-count-is-zero.patch
@@ -0,0 +1,75 @@
+From c48271ab354db49cdbd740bc45e13be4f0f7993c Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@...>
+Date: Mon, 6 Dec 2021 22:25:14 +1100
+Subject: [PATCH] Handle case where path count is zero
+
+CVE: CVE-2022-22816
+
+Upstream-Status: Backport
+(https://github.com/python-pillow/Pillow/pull/5920/commits/c48271ab354db49cdbd740bc45e13be4f0f7993c)
+
+---
+ Tests/test_imagepath.py | 1 +
+ src/path.c | 33 +++++++++++++++++++--------------
+ 2 files changed, 20 insertions(+), 14 deletions(-)
+
+diff --git a/Tests/test_imagepath.py b/Tests/test_imagepath.py
+index cd850bb1..b18271cc 100644
+--- a/Tests/test_imagepath.py
++++ b/Tests/test_imagepath.py
+@@ -90,6 +90,7 @@ def test_path_odd_number_of_coordinates():
+ [
+ ([0, 1, 2, 3], (0.0, 1.0, 2.0, 3.0)),
+ ([3, 2, 1, 0], (1.0, 0.0, 3.0, 2.0)),
++ (0, (0.0, 0.0, 0.0, 0.0)),
+ (1, (0.0, 0.0, 0.0, 0.0)),
+ ],
+ )
+diff --git a/src/path.c b/src/path.c
+index 64c767cb..dea274ee 100644
+--- a/src/path.c
++++ b/src/path.c
+@@ -327,21 +327,26 @@ path_getbbox(PyPathObject *self, PyObject *args) {
+
+ xy = self->xy;
+
+- x0 = x1 = xy[0];
+- y0 = y1 = xy[1];
++ if (self->count == 0) {
++ x0 = x1 = 0;
++ y0 = y1 = 0;
++ } else {
++ x0 = x1 = xy[0];
++ y0 = y1 = xy[1];
+
+- for (i = 1; i < self->count; i++) {
+- if (xy[i + i] < x0) {
+- x0 = xy[i + i];
+- }
+- if (xy[i + i] > x1) {
+- x1 = xy[i + i];
+- }
+- if (xy[i + i + 1] < y0) {
+- y0 = xy[i + i + 1];
+- }
+- if (xy[i + i + 1] > y1) {
+- y1 = xy[i + i + 1];
++ for (i = 1; i < self->count; i++) {
++ if (xy[i + i] < x0) {
++ x0 = xy[i + i];
++ }
++ if (xy[i + i] > x1) {
++ x1 = xy[i + i];
++ }
++ if (xy[i + i + 1] < y0) {
++ y0 = xy[i + i + 1];
++ }
++ if (xy[i + i + 1] > y1) {
++ y1 = xy[i + i + 1];
++ }
+ }
+ }
+
+--
+2.33.0
+
diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-Initialize-coordinates-to-zero.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-Initialize-coordinates-to-zero.patch
new file mode 100644
index 000000000..758531f67
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/0001-Initialize-coordinates-to-zero.patch
@@ -0,0 +1,45 @@
+From 1e092419b6806495c683043ab3feb6ce264f3b9c Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@...>
+Date: Mon, 6 Dec 2021 22:24:19 +1100
+Subject: [PATCH] Initialize coordinates to zero
+
+CVE: CVE-2022-22815
+
+Upstream-Status: Backport
+(https://github.com/python-pillow/Pillow/pull/5920/commits/1e092419b6806495c683043ab3feb6ce264f3b9c)
+
+Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
+
+---
+ Tests/test_imagepath.py | 1 +
+ src/path.c | 2 +-
+ 2 files changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/Tests/test_imagepath.py b/Tests/test_imagepath.py
+index 0835fdb4..cd850bb1 100644
+--- a/Tests/test_imagepath.py
++++ b/Tests/test_imagepath.py
+@@ -90,6 +90,7 @@ def test_path_odd_number_of_coordinates():
+ [
+ ([0, 1, 2, 3], (0.0, 1.0, 2.0, 3.0)),
+ ([3, 2, 1, 0], (1.0, 0.0, 3.0, 2.0)),
++ (1, (0.0, 0.0, 0.0, 0.0)),
+ ],
+ )
+ def test_getbbox(coords, expected):
+diff --git a/src/path.c b/src/path.c
+index 4764c58a..64c767cb 100644
+--- a/src/path.c
++++ b/src/path.c
+@@ -57,7 +57,7 @@ alloc_array(Py_ssize_t count) {
+ if ((unsigned long long)count > (SIZE_MAX / (2 * sizeof(double))) - 1) {
+ return ImagingError_MemoryError();
+ }
+- xy = malloc(2 * count * sizeof(double) + 1);
++ xy = calloc(2 * count * sizeof(double) + 1, sizeof(double));
+ if (!xy) {
+ ImagingError_MemoryError();
+ }
+--
+2.33.0
+
diff --git a/meta-python/recipes-devtools/python/python3-pillow/0001-Restrict-builtins-for-ImageMath.eval.patch b/meta-python/recipes-devtools/python/python3-pillow/0001-Restrict-builtins-for-ImageMath.eval.patch
new file mode 100644
index 000000000..4c266cc41
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-pillow/0001-Restrict-builtins-for-ImageMath.eval.patch
@@ -0,0 +1,60 @@
+From 8531b01d6cdf0b70f256f93092caa2a5d91afc11 Mon Sep 17 00:00:00 2001
+From: Andrew Murray <radarhere@...>
+Date: Sun, 2 Jan 2022 17:23:49 +1100
+Subject: [PATCH] Restrict builtins for ImageMath.eval
+
+CVE: CVE-2022-22817
+
+Upstream-Status: Backport
+(https://github.com/python-pillow/Pillow/pull/5923/commits/8531b01d6cdf0b70f256f93092caa2a5d91afc11)
+
+Signed-off-by: Trevor Gamblin <trevor.gamblin@...>
+
+---
+ Tests/test_imagemath.py | 7 +++++++
+ src/PIL/ImageMath.py | 7 ++++++-
+ 2 files changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/Tests/test_imagemath.py b/Tests/test_imagemath.py
+index e7afd1ab..25811aa8 100644
+--- a/Tests/test_imagemath.py
++++ b/Tests/test_imagemath.py
+@@ -1,3 +1,5 @@
++import pytest
++
+ from PIL import Image, ImageMath
+
+
+@@ -50,6 +52,11 @@ def test_ops():
+ assert pixel(ImageMath.eval("float(B)**33", images)) == "F 8589934592.0"
+
+
++def test_prevent_exec():
++ with pytest.raises(ValueError):
++ ImageMath.eval("exec('pass')")
++
++
+ def test_logical():
+ assert pixel(ImageMath.eval("not A", images)) == 0
+ assert pixel(ImageMath.eval("A and B", images)) == "L 2"
+diff --git a/src/PIL/ImageMath.py b/src/PIL/ImageMath.py
+index 7f9c88e1..06bea800 100644
+--- a/src/PIL/ImageMath.py
++++ b/src/PIL/ImageMath.py
+@@ -246,7 +246,12 @@ def eval(expression, _dict={}, **kw):
+ if hasattr(v, "im"):
+ args[k] = _Operand(v)
+
+- out = builtins.eval(expression, args)
++ code = compile(expression, "<string>", "eval")
++ for name in code.co_names:
++ if name not in args and name != "abs":
++ raise ValueError(f"'{name}' not allowed")
++
++ out = builtins.eval(expression, {"__builtins": {"abs": abs}}, args)
+ try:
+ return out.im
+ except AttributeError:
+--
+2.33.0
+
diff --git a/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb b/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
index 8279544a8..4393d9356 100644
--- a/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
+++ b/meta-python/recipes-devtools/python/python3-pillow_8.2.0.bb
@@ -11,6 +11,9 @@ SRC_URI = "git://github.com/python-pillow/Pillow.git;branch=8.2.x;protocol=https
file://0001-Limit-sprintf-modes-to-10-characters.patch \
file://0001-Use-snprintf-instead-of-sprintf.patch \
file://0001-Raise-ValueError-if-color-specifier-is-too-long.patch \
+ file://0001-Initialize-coordinates-to-zero.patch \
+ file://0001-Handle-case-where-path-count-is-zero.patch \
+ file://0001-Restrict-builtins-for-ImageMath.eval.patch \
"
SRCREV ?= "e0e353c0ef7516979a9aedce3792596649ce4433"

--
2.33.0

Hi Peter,

On Fri, Jan 28, 2022 at 1:48 AM Peter Kjellerstedt
<peter.kjellerstedt@...> wrote:

+TARGET_CC_ARCH += "${LDFLAGS}"

You forgot to remove the TAGET_CC_ARCH line.

If I remove this line, the following error happens:

ERROR: rtc-tools-1.0.0-r0 do_package_qa: QA Issue: File
/usr/bin/rtc-sync in package rtc-tools doesn't have GNU_HASH (didn't
pass LDFLAGS?)
File /usr/bin/rtc in package rtc-tools doesn't have GNU_HASH (didn't
pass LDFLAGS?)
File /usr/bin/rtc-range in package rtc-tools doesn't have GNU_HASH
(didn't pass LDFLAGS?) [ldflags]
ERROR: rtc-tools-1.0.0-r0 do_package_qa: QA run found fatal errors.
Please consider fixing them.

Any suggestions as to how this should be fixed?

Thanks

From: Virendra Thakur <virendrak@...>

Add patch to fix CVE-2021-3802

Signed-off-by: Virendra Thakur <virendra.thakur@...>
---
.../udisks/udisks2/CVE-2021-3802.patch | 63 +++++++++++++++++++
meta-oe/recipes-support/udisks/udisks2_git.bb | 1 +
2 files changed, 64 insertions(+)
create mode 100644 meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch

diff --git a/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch b/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch
new file mode 100644
index 000000000..0189833b4
--- /dev/null
+++ b/meta-oe/recipes-support/udisks/udisks2/CVE-2021-3802.patch
@@ -0,0 +1,63 @@
+From 2517b8feb13919c382e53ab5f9b63c5b5ee5b063 Mon Sep 17 00:00:00 2001
+From: Emilio Pozuelo Monfort <pochu@...>
+Date: Fri, 5 Nov 2021 09:29:13 +0100
+Subject: [PATCH] udisks2 security update
+
+mount options: Always use errors=remount-ro for ext filesystems
+
+Stefan Walter found that udisks2, a service to access and manipulate
+storage devices, could cause denial of service via system crash if a
+corrupted or specially crafted ext2/3/4 device or image was mounted,
+which could happen automatically on certain environments.
+
+For Debian 9 stretch, this problem has been fixed in version
+2.1.8-1+deb9u1.
+
+Default mount options are focused primarily on data safety, mounting
+damaged ext2/3/4 filesystem as readonly would indicate something's wrong.
+
+Upstream-Status: Backport [http://security.debian.org/debian-security/pool/updates/main/u/udisks2/udisks2_2.1.8-1+deb9u1.debian.tar.xz]
+CVE: CVE-2021-3802
+
+Signed-off-by: Virendra Thakur <virendra.thakur@...>
+
+---
+ src/udiskslinuxfilesystem.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/src/udiskslinuxfilesystem.c b/src/udiskslinuxfilesystem.c
+index a5a3898c..eac8cab3 100644
+--- a/src/udiskslinuxfilesystem.c
++++ b/src/udiskslinuxfilesystem.c
+@@ -421,6 +421,21 @@ static const gchar *hfsplus_allow[] = { "creator", "type", "umask", "session", "
+ static const gchar *hfsplus_allow_uid_self[] = { "uid", NULL };
+ static const gchar *hfsplus_allow_gid_self[] = { "gid", NULL };
+
++/* ---------------------- ext2 -------------------- */
++
++static const gchar *ext2_defaults[] = { "errors=remount-ro", NULL };
++static const gchar *ext2_allow[] = { "errors=remount-ro", NULL };
++
++/* ---------------------- ext3 -------------------- */
++
++static const gchar *ext3_defaults[] = { "errors=remount-ro", NULL };
++static const gchar *ext3_allow[] = { "errors=remount-ro", NULL };
++
++/* ---------------------- ext4 -------------------- */
++
++static const gchar *ext4_defaults[] = { "errors=remount-ro", NULL };
++static const gchar *ext4_allow[] = { "errors=remount-ro", NULL };
++
+ /* ------------------------------------------------ */
+ /* TODO: support context= */
+
+@@ -434,6 +449,9 @@ static const FSMountOptions fs_mount_options[] =
+ { "udf", udf_defaults, udf_allow, udf_allow_uid_self, udf_allow_gid_self },
+ { "exfat", exfat_defaults, exfat_allow, exfat_allow_uid_self, exfat_allow_gid_self },
+ { "hfsplus", hfsplus_defaults, hfsplus_allow, hfsplus_allow_uid_self, hfsplus_allow_gid_self },
++ { "ext2", ext2_defaults, ext2_allow, NULL, NULL },
++ { "ext3", ext3_defaults, ext3_allow, NULL, NULL },
++ { "ext4", ext4_defaults, ext4_allow, NULL, NULL },
+ };
+
+ /* ------------------------------------------------ */
diff --git a/meta-oe/recipes-support/udisks/udisks2_git.bb b/meta-oe/recipes-support/udisks/udisks2_git.bb
index c4d0fa75e..58c8a9899 100644
--- a/meta-oe/recipes-support/udisks/udisks2_git.bb
+++ b/meta-oe/recipes-support/udisks/udisks2_git.bb
@@ -18,6 +18,7 @@ RDEPENDS_${PN} = "acl"

SRC_URI = " \
git://github.com/storaged-project/udisks.git;branch=master;protocol=https \
+ file://CVE-2021-3802.patch \
"
PV = "2.8.4+git${SRCREV}"
SRCREV = "db5f487345da2eaa87976450ea51c2c465d9b82e"
--
2.17.1

Signed-off-by: Khem Raj <raj.khem@...>
---
...t-use-NULL-where-boolean-is-expected.patch | 33 +++++++++++++++++++
.../recipes-extended/gparted/gparted_1.3.1.bb | 1 +
2 files changed, 34 insertions(+)
create mode 100644 meta-gnome/recipes-extended/gparted/files/0001-Do-not-use-NULL-where-boolean-is-expected.patch

diff --git a/meta-gnome/recipes-extended/gparted/files/0001-Do-not-use-NULL-where-boolean-is-expected.patch b/meta-gnome/recipes-extended/gparted/files/0001-Do-not-use-NULL-where-boolean-is-expected.patch
new file mode 100644
index 0000000000..1b0d24024b
--- /dev/null
+++ b/meta-gnome/recipes-extended/gparted/files/0001-Do-not-use-NULL-where-boolean-is-expected.patch
@@ -0,0 +1,33 @@
+From 9af84e1c08a2159c10baf13244e2c8a7d7e837e9 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Thu, 27 Jan 2022 23:02:20 -0800
+Subject: [PATCH] Do not use NULL where boolean is expected
+
+Fixes
+src/GParted_Core.cc:73:57: error: static_cast from 'nullptr_t' to 'PedPartitionFlag' (aka '_PedPartitionFlag') is not allowed
+| for ( PedPartitionFlag flag = ped_partition_flag_next( static_cast<PedPartitionFlag>( NULL ) ) ;
+| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+| 1 error generated.
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@...>
+---
+ src/GParted_Core.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/GParted_Core.cc b/src/GParted_Core.cc
+index f7ac970..3290c66 100644
+--- a/src/GParted_Core.cc
++++ b/src/GParted_Core.cc
+@@ -70,7 +70,7 @@ GParted_Core::GParted_Core()
+ ped_exception_set_handler( ped_exception_handler ) ;
+
+ //get valid flags ...
+- for ( PedPartitionFlag flag = ped_partition_flag_next( static_cast<PedPartitionFlag>( NULL ) ) ;
++ for ( PedPartitionFlag flag = ped_partition_flag_next( static_cast<PedPartitionFlag>( false ) ) ;
+ flag ;
+ flag = ped_partition_flag_next( flag ) )
+ flags .push_back( flag ) ;
+--
+2.35.0
+
diff --git a/meta-gnome/recipes-extended/gparted/gparted_1.3.1.bb b/meta-gnome/recipes-extended/gparted/gparted_1.3.1.bb
index 1c8dd69686..355bcce9b6 100644
--- a/meta-gnome/recipes-extended/gparted/gparted_1.3.1.bb
+++ b/meta-gnome/recipes-extended/gparted/gparted_1.3.1.bb
@@ -10,6 +10,7 @@ REQUIRED_DISTRO_FEATURES = "x11"
SRC_URI = " \
${SOURCEFORGE_MIRROR}/project/${BPN}/${BPN}/${BPN}-${PV}/${BPN}-${PV}.tar.gz \
file://0001-Install-polkit-action-unconditionally-executable-pke.patch \
+ file://0001-Do-not-use-NULL-where-boolean-is-expected.patch \
"
SRC_URI[sha256sum] = "5eee2e6d74b15ef96b13b3a2310c868ed2298e03341021e7d12a5a98a1d1e109"

--
2.35.0

Signed-off-by: Khem Raj <raj.khem@...>
---
...return-type-of-function-LibCecBootlo.patch | 41 +++++++++++++++++++
.../recipes-extended/libcec/libcec_6.0.2.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644 meta-oe/recipes-extended/libcec/libcec/0001-cecloader-Match-return-type-of-function-LibCecBootlo.patch

diff --git a/meta-oe/recipes-extended/libcec/libcec/0001-cecloader-Match-return-type-of-function-LibCecBootlo.patch b/meta-oe/recipes-extended/libcec/libcec/0001-cecloader-Match-return-type-of-function-LibCecBootlo.patch
new file mode 100644
index 0000000000..ab1ab5b8eb
--- /dev/null
+++ b/meta-oe/recipes-extended/libcec/libcec/0001-cecloader-Match-return-type-of-function-LibCecBootlo.patch
@@ -0,0 +1,41 @@
+From 2241edc8b70c2a54d109ac9c0e821889ac138d40 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@...>
+Date: Thu, 27 Jan 2022 22:49:52 -0800
+Subject: [PATCH] cecloader: Match return type of function LibCecBootloader
+
+Fixes
+include/cecloader.h:175:14: error: cannot initialize return object of type 'bool' with an rvalue of type 'nullptr_t'
+ return NULL;
+ ^~~~
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@...>
+---
+ include/cecloader.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/include/cecloader.h b/include/cecloader.h
+index be76468f..550f598e 100644
+--- a/include/cecloader.h
++++ b/include/cecloader.h
+@@ -172,7 +172,7 @@ bool LibCecBootloader(const char *strLib = NULL)
+ if (!g_libCEC)
+ {
+ std::cout << dlerror() << std::endl;
+- return NULL;
++ return false;
+ }
+ }
+
+@@ -181,7 +181,7 @@ bool LibCecBootloader(const char *strLib = NULL)
+ if (!LibCecBootloader)
+ {
+ std::cout << "cannot find CECStartBootloader" << std::endl;
+- return NULL;
++ return false;
+ }
+
+ bool bReturn = LibCecBootloader();
+--
+2.35.0
+
diff --git a/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb b/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb
index eabe1d476a..2036c53eff 100644
--- a/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb
+++ b/meta-oe/recipes-extended/libcec/libcec_6.0.2.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://github.com/Pulse-Eight/libcec.git;branch=release;protocol=https
file://0001-CheckPlatformSupport.cmake-Do-not-hardcode-lib-path.patch \
file://0001-Enhance-reproducibility.patch \
file://0001-Remove-buggy-test-confusing-host-and-target.patch \
+ file://0001-cecloader-Match-return-type-of-function-LibCecBootlo.patch \
"

S = "${WORKDIR}/git"
--
2.35.0

The unattended-upgrades is a set of scripts that allows to execute
unattended upgrades in debian based systems in this case when
enable package_deb and add package management into the image.

At this moment installs all the required script and files into the image
leaving the configuration and execution to be implemented by distro.

Signed-off-by: Aníbal Limón <limon.anibal@...>
Signed-off-by: Aníbal Limón <anibal@...>
---
...de-Remove-distro_info-usage-to-check.patch | 78 +++++++++++++++++++
.../unattended-upgrades_2.6.bb | 31 ++++++++
2 files changed, 109 insertions(+)
create mode 100644 meta-oe/recipes-devtools/unattended-upgrades/files/0001-unattended-upgrade-Remove-distro_info-usage-to-check.patch
create mode 100644 meta-oe/recipes-devtools/unattended-upgrades/unattended-upgrades_2.6.bb

diff --git a/meta-oe/recipes-devtools/unattended-upgrades/files/0001-unattended-upgrade-Remove-distro_info-usage-to-check.patch b/meta-oe/recipes-devtools/unattended-upgrades/files/0001-unattended-upgrade-Remove-distro_info-usage-to-check.patch
new file mode 100644
index 000000000..d39427e9f
--- /dev/null
+++ b/meta-oe/recipes-devtools/unattended-upgrades/files/0001-unattended-upgrade-Remove-distro_info-usage-to-check.patch
@@ -0,0 +1,78 @@
+From a52d763559d1017ca73d2a2933aba1c78ad354c6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?An=C3=ADbal=20Lim=C3=B3n?= <anibal@...>
+Date: Thu, 27 Jan 2022 16:32:25 -0600
+Subject: [PATCH] unattended-upgrade: Remove distro_info usage to check devel
+ releases
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The distro-info python3 package is used to check if the release is a
+devel release and choice if continue with unattended-upgrade for now
+remove it because needs support into python3-distro-info [1].
+
+[1] https://salsa.debian.org/debian/distro-info
+
+Signed-off-by: Aníbal Limón <anibal@...>
+
+Upstream-Status: Inappropriate
+---
+ unattended-upgrade | 38 --------------------------------------
+ 1 file changed, 38 deletions(-)
+
+diff --git a/unattended-upgrade b/unattended-upgrade
+index 802d4d5..3b4e83e 100755
+--- a/unattended-upgrade
++++ b/unattended-upgrade
+@@ -83,9 +83,6 @@ import apt
+ import apt_inst
+ import apt_pkg
+
+-import distro_info
+-
+-
+ # the reboot required flag file used by packages
+ REBOOT_REQUIRED_FILE = "/var/run/reboot-required"
+ KEPT_PACKAGES_FILE = "var/lib/unattended-upgrades/kept-back"
+@@ -2061,41 +2058,6 @@ def run(options, # type: Options
+ if should_stop():
+ return UnattendedUpgradesResult(False)
+
+- # check to see if want to auto-upgrade the devel release
+- if apt_pkg.config.find("Unattended-Upgrade::DevRelease") == "auto":
+- try:
+- if DISTRO_ID.lower() == 'ubuntu':
+- devel = (distro_info.UbuntuDistroInfo() .
+- devel(result="object"))
+- elif DISTRO_ID.lower() == 'debian':
+- devel = (distro_info.DebianDistroInfo() .
+- devel(result="object"))
+- else:
+- devel = (distro_info.DistroInfo(DISTRO_ID) .
+- devel(result="object"))
+- except Exception as e:
+- logging.warning("Could not figure out development release: %s" % e)
+- else:
+- if ((devel.series == DISTRO_CODENAME
+- and devel.release is not None
+- and devel.release - date.today() > DEVEL_UNTIL_RELEASE)):
+- syslog.syslog((_("Not running on this development "
+- "release before %s") %
+- (devel.release - DEVEL_UNTIL_RELEASE
+- - datetime.timedelta(days=1))))
+- logging.warning(_("Not running on this development "
+- "release before %s") %
+- (devel.release - DEVEL_UNTIL_RELEASE
+- - datetime.timedelta(days=1)))
+- return UnattendedUpgradesResult(True)
+-
+- logging.debug("Running on the development release")
+- elif "(development branch)" in DISTRO_DESC and not\
+- apt_pkg.config.find_b("Unattended-Upgrade::DevRelease", True):
+- syslog.syslog(_("Not running on the development release."))
+- logging.info(_("Not running on the development release."))
+- return UnattendedUpgradesResult(True)
+-
+ logging.info(_("Starting unattended upgrades script"))
+
+ # check and get lock
diff --git a/meta-oe/recipes-devtools/unattended-upgrades/unattended-upgrades_2.6.bb b/meta-oe/recipes-devtools/unattended-upgrades/unattended-upgrades_2.6.bb
new file mode 100644
index 000000000..629d2b43d
--- /dev/null
+++ b/meta-oe/recipes-devtools/unattended-upgrades/unattended-upgrades_2.6.bb
@@ -0,0 +1,31 @@
+SUMMARY = "This script upgrades packages automatically and unattended."
+DESCRIPTION = "The purpose of unattended-upgrades is to keep the computer current with the latest security (and other) updates automatically."
+HOMEPAGE = "https://wiki.debian.org/UnattendedUpgrades"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe \
+ file://debian/copyright;md5=62b5f2ac0ede901fb245eefbe54c181f"
+
+SRC_URI = "git://github.com/mvo5/unattended-upgrades.git;protocol=https;branch=master \
+ file://0001-unattended-upgrade-Remove-distro_info-usage-to-check.patch \
+ "
+
+SRCREV = "c6db6fad26a2b83ba301b52ff5dee98cef7558ca"
+
+S = "${WORKDIR}/git"
+
+inherit setuptools3
+
+DEPENDS += "apt intltool-native python3-distutils-extra-native"
+RDEPENDS:${PN} += "apt lsb-release python3-apt python3-core python3-datetime python3-email python3-fcntl python3-io python3-logging python3-stringold python3-syslog"
+
+do_install:prepend () {
+ cp -v ${S}/data/50unattended-upgrades.Debian ${S}/data/50unattended-upgrades
+}
+
+do_install:append () {
+ # fix bad installation path's
+ mv -v ${D}/usr/usr/share/* ${D}/usr/share/
+ rm -r ${D}/usr/usr
+}
+
+FILES:${PN} = "${bindir} ${exec_prefix}/etc ${libdir} ${datadir}"
--
2.34.1

This recipe enables python3-apt wrapper to use apt in easy way
from python3.

Signed-off-by: Aníbal Limón <limon.anibal@...>
Signed-off-by: Aníbal Limón <anibal@...>
---
.../python/python3-apt_2.3.0.bb | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100644 meta-oe/recipes-devtools/python/python3-apt_2.3.0.bb

diff --git a/meta-oe/recipes-devtools/python/python3-apt_2.3.0.bb b/meta-oe/recipes-devtools/python/python3-apt_2.3.0.bb
new file mode 100644
index 000000000..6463f49bb
--- /dev/null
+++ b/meta-oe/recipes-devtools/python/python3-apt_2.3.0.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Python-apt is a wrapper to use features of apt from python."
+LICENSE = "GPLv2 & FSFAP"
+LIC_FILES_CHKSUM = "file://COPYING.GPL;md5=0636e73ff0215e8d672dc4c32c317bb3 \
+ file://debian/copyright;md5=4ed7b6862ca422678b17e7d4ed592285"
+
+SRC_URI = "git://salsa.debian.org/apt-team/python-apt.git;protocol=https;branch=main"
+
+SRCREV = "6145b6484d220685edfd922d364afbf065127efe"
+
+S = "${WORKDIR}/git"
+
+inherit setuptools3
+
+DEPENDS += "apt"
+RDEPENDS:${PN} += "apt python3-core"
+
+FILES:${PN} = "${libdir} ${datadir}/python-apt"
--
2.34.1

On Thu, Jan 27, 2022 at 6:29 PM Anibal Limón <limon.anibal@...> wrote:

On Thu, Jan 27, 2022 at 8:27 PM Khem Raj <raj.khem@...> wrote:

On Thu, Jan 27, 2022 at 5:35 PM An?bal Lim?n <limon.anibal@...> wrote:

Signed-off-by: Aníbal Limón <limon.anibal@...>
Signed-off-by: Aníbal Limón <anibal@...>
---
.../python/python3-apt_2.3.0.bb | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
create mode 100644 meta-oe/recipes-devtools/python/python3-apt_2.3.0.bb

diff --git a/meta-oe/recipes-devtools/python/python3-apt_2.3.0.bb b/meta-oe/recipes-devtools/python/python3-apt_2.3.0.bb
new file mode 100644
index 000000000..4e7138b33
--- /dev/null
+++ b/meta-oe/recipes-devtools/python/python3-apt_2.3.0.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Python-apt is a wrapper to use features of apt from python."
+LICENSE = "GPLv2 & Permissive"

Permissive is not a standard SPDX license. So please explain it better.

Yep, this is a topic, comes from debian/copyright file in the repo, next,

https://salsa.debian.org/apt-team/python-apt/-/blob/main/debian/copyright#L10

Any idea how to handle this?.

I think this is
https://spdx.org/licenses/FSFAP.html

Regards,
Anibal

+LIC_FILES_CHKSUM = "file://COPYING.GPL;md5=0636e73ff0215e8d672dc4c32c317bb3 \
+ file://debian/copyright;md5=4ed7b6862ca422678b17e7d4ed592285"
+
+SRC_URI = "git://salsa.debian.org/apt-team/python-apt.git;protocol=https;branch=main"
+
+SRCREV = "6145b6484d220685edfd922d364afbf065127efe"
+
+S = "${WORKDIR}/git"
+
+inherit setuptools3
+
+DEPENDS += "apt"
+RDEPENDS:${PN} += "apt python3-core"
+
+FILES:${PN} = "/usr/lib /usr/share/python-apt"
--
2.34.1