| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043
(From OE-Core rev: 7b1943c6b00d5e94f72bcce0eefdfdb7f091af5d)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041
(From OE-Core rev: ffabed7c5cbfa1109e43390a4d36b38323cb7425)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032
(From OE-Core rev: 4c138c3c04f856b100ce2c8e8e96025edde4c841)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes for below CVEs:
CVE-2024-47540
CVE-2024-47601
CVE-2024-47602
CVE-2024-47603
CVE-2024-47834
Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057
(From OE-Core rev: 867db6984551f5026034fddd11421e76a844ebc5)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040
(From OE-Core rev: 2fe3b2846bd65a44e4823f04693a4579a71a862a)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes for below CVEs:
CVE-2024-47537
CVE-2024-47539
CVE-2024-47543
CVE-2024-47544
CVE-2024-47545
CVE-2024-47546
CVE-2024-47596
CVE-2024-47597
CVE-2024-47598
Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059
(From OE-Core rev: ca47d7609a831d4e1919f44c2808f6d99db35ea6)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72af11b248b4cb60d3dfe4e9459eec0d20052c9b]
(From OE-Core rev: de94acd8f8be37fbc6e0b16693dae8a7efb5910c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport fixes for below CVE:
CVE-2024-47538
CVE-2024-47541
CVE-2024-47542
CVE-2024-47600
CVE-2024-47607
CVE-2024-47615
CVE-2024-47835
(From OE-Core rev: a26f77ae6d98e0bf22a682fad5f4353ae257b360)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They break builds which share sstate files on different
machines and paths:
ERROR: ovmf-edk2-stable202408-r0 do_prepare_recipe_sysroot: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:extend_recipe_sysroot(d)
0003:
File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 624, function: extend_recipe_sysroot
0620:
0621: # Handle deferred binfiles
0622: for l in binfiles:
0623: (targetdir, dest) = binfiles[l]
*** 0624: staging_copyfile(l, targetdir, dest, postinsts, seendirs)
0625:
0626: bb.note("Installed into sysroot: %s" % str(msg_adding))
0627: bb.note("Skipping as already exists in sysroot: %s" % str(msg_exists))
0628:
File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 165, function: staging_copyfile
0161: os.symlink(linkto, dest)
0162: #bb.warn(c)
0163: else:
0164: try:
*** 0165: os.link(c, dest)
0166: except OSError as err:
0167: if err.errno == errno.EXDEV:
0168: bb.utils.copyfile(c, dest)
0169: else:
Exception: FileExistsError: [Errno 17] File exists: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/sysroots-components/x86_64/ovmf-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc' -> '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/work/core2-64-poky-linux/ovmf/edk2-stable202408/recipe-sysroot-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc'
(From OE-Core rev: fb9ebc811800eb8880e3687243d75bafab77a700)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit facd9e17fa53e2fb3a828b3f179cfb659be75d37)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Handles CVE-2024-50602, CVE-2024-11168 and CVE-2024-9287.
(From OE-Core rev: 5a611fbbdb3e373d379f922ffc5606ff70279831)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame
function within libavcodec/rkmppdec.c.
(From OE-Core rev: bc73c3ef68826ffbb6de960b7bfa4b784e289ea8)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c,
static const vec_s8 h_subpel_filters_outer
(From OE-Core rev: 623dd997856903be54d75e819f93d313b04edd8e)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options
function of sbgdec.c within the libavformat module. When parsing certain options,
the software does not adequately validate the input. This allows for negative
duration values to be accepted without proper bounds checking.
(From OE-Core rev: 9acfc54b2707bf04922f153d06ae27ff552fbe23)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE fixed:
- CVE-2024-40776 webkitgtk: Use after free may lead to Remote Code Execution
- CVE-2024-40780 webkitgtk: Out-of-bounds read was addressed with improved bounds checking
Upstream-Status: Backport from https://github.com/WebKit/WebKit/commit/b951404ea74ae432312a83138f5c8945a0d09e1b and https://github.com/WebKit/WebKit/commit/e83e4c7460972898dc06a5f5ab36eed7c6b101b5
(From OE-Core rev: e4c82db8a7c3273fe30bc99880fcdcd7ab061924)
Signed-off-by: Rohini Sangam <rsangam@mvista.com>
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add Patch file to fix CVE-2024-20696
CVE: CVE-2024-20696
(From OE-Core rev: 8885aa23d77fcec288a416d199e08c6eee27e027)
Signed-off-by: Nitin Wankhade <nitin.wankhade@kpit.com>
Signed-off-by: Nikhil R <nikhilr5@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
The patches are copied from xserver-xorg recipe.
The CVES are reported for both and patched apply on both.
(From OE-Core rev: cdcb9957a6fe1629dc3230fcdfd09322877d4038)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
These CVEs are patched in gstreamer1.0-plugins-bad.
CPE for gstreamer-plugins-bad mostly hits original gstreamer recipe.
(From OE-Core rev: a2339d124c2561bf157f3e14af0b3152d257d937)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport fix from upstream.
There was style refactoring done in the code meanwhile, so the patch mas
assembled manually by applying each change on 4.3.0 sources.
(From OE-Core rev: fda622289ef26fac38e7dc41e6f0c9d7c866f06e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This further tweaks fix for CVE-2022-1622/CVE-2022-1623 by adding it to
one additional goto label.
Previous fix:
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a
Additional fix:
https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b
(From OE-Core rev: c7632c5a3853290292fa695a0a7b15eb06159036)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.
[1] points to [2] as patch, while file base/gp_utf8.c is not part of
ghostscript source tarball.
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-46954
[2] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934
(From OE-Core rev: 7f1b174b8f12fcf377c45c27022bac99b6652823)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Added missing commits for complete CVE fix
Ref: https://github.com/libsndfile/libsndfile/issues/833
https://ubuntu.com/security/CVE-2022-33065
(From OE-Core rev: fc34dde58e8be19d703479c8e025e27294cdb579)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
These are currently tested on the autobuilder for Kirkstone.
(From meta-yocto rev: f9d0be9bb3c447cad6292434b803c317c9efac53)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To avoid errors from eudev/udev we need an sgx group, but if we add it
via groupadd that causes shadow login to be brought into an image, which
causes images which have CONFIG_MULTIUSER unset to fail with `setgid:
Function not implemented` as shadow's login doesn't implement the
heuristics which busybox has to handle this kernel configuration.
(From OE-Core rev: a20b02fdfe64c005f7587a1d9077bdc282f7b6b1)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a1c81ac4a869cc57394071ace2ca086eb8ac47a4)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix:
Malformed Upstream-Status 'Upstream status' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch)
Unknown Upstream-Status value 'says' (meta/recipes-core/base-passwd/base-passwd/0007-Add-wheel-group.patch)
(From OE-Core rev: 2e251b4ebefe825e7ccf7e3110e8b7fce2296032)
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7b62b32fe154ca40a3bf731eaa5994ec351cf507)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The wheel group is not declared while it can be used to access the systemd
journal and to configure printers in CUPS. It can also be used for su and sudo
permissions.
So far it was created later in the rootfs postcommand systemd_create_users.
(From OE-Core rev: 4cafad1a0ef5506151656fd644dcdf3193245173)
Signed-off-by: Louis Rannou <lrannou@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bebe52ae9576393ebb9d7405fc77fba21e84ba5b)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The two patches to disable use of debconf and generation of
documentation have been merged upstream.
(From OE-Core rev: f68617115d3518368db16bc16bcf4578619999fe)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aca8844d7c05b4ba937625e59275d3f7953d3da7)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add a patch to allow the use of debconf to be disabled.
* Replace 0007-Disable-generation-of-the-documentation.patch with a new
patch to disable the generation of the documentation using a
configuration option.
* Replace 0006-Disable-shell-for-default-users.patch with a sed
expression that uses a variable, NOLOGIN, to specify what command to
use for users that are not expected to login. This allows to use some
other command than "nologin", e.g., "false". Also, by using
${base_sbindir}, it adheres to usrmerge being configured.
(From OE-Core rev: 65f01b1e94d956c5591850deb6abc469e05138eb)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e7abf63cc8bdc61c8d978b3c21a38e17716fc292)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1742f47e1388fcbe9681f8d74b9476d213b4eb0a)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6515d96c12b080b9e7f344799e26dba3b98e17e2)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
The pipes library is deprecated in Python 3.11 and will be removed in
Python 3.13. pipes.quote is just an import of shlex.quote anyway.
(From OE-Core rev: d167661bceebebafb04dca3bf6a888003f46e6c9)
Signed-off-by: Ernst Persson <ernst.persson@non.se.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Insufficient validation of filenames against control characters in
Apache Subversion repositories served via mod_dav_svn allows
authenticated users with commit access to commit a corrupted revision,
leading to disruption for users of the repository. All versions of
Subversion up to and including Subversion 1.14.4 are affected if serving
repositories via mod_dav_svn. Users are recommended to upgrade to
version 1.14.5, which fixes this issue. Repositories served via other
access methods are not affected.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-46901
Upstream patches:
https://subversion.apache.org/security/CVE-2024-46901-advisory.txt
(From OE-Core rev: 2082038de00090e4b10a151068876f83c83f94c7)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the X.org server. Due to improperly
tracked allocation size in _XkbSetCompatMap, a local
attacker may be able to trigger a buffer overflow condition
via a specially crafted payload, leading to denial of service
or local privilege escalation in distributions where the
X.org server is run with root privileges.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-9632
Upstream patch:
https://gitlab.freedesktop.org/xorg/xserver/-/commit/ba1d14f8eff2a123bd7ff4d48c02e1d5131358e0
(From OE-Core rev: 95027410dba7a2a7e9b93f76279272f22445399b)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After much debugging, the corruption issues on the autobuilder appear to
be due to the way sqlite accesses database files. It doesn't change the
file timestamp after making changes, which for reasons unknown, confuses
NFS. As soon as the file is touched, NFS becomes fine again accross the
whole cluster, as if by magic.
We could try and debug further but putting a "touch" call into the code
is easy and harmless. Lets hope this removes this annoying source of
errors.
(From OE-Core rev: c73af2d77f4c3eb474237fa8d5e340be4aefeb67)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
To match the list in meta-poky/conf/distro/poky.conf.
(From yocto-docs rev: 802677ea3ef7b6c1ed43c71f7f33489288c0735a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a requirement for building the documentation, otherwise we get
(on Ubuntu 24.04):
File "/usr/lib/python3.12/locale.py", line 615, in setlocale
return _setlocale(category, locale)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
locale.Error: unsupported locale setting
(From yocto-docs rev: cecf8bc678756790e9164000769e798be30d9d46)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 0943a7b67ef0012b5d9badc15e0c579dbb9014ae)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to have packages here and there in system-requirements.rst for
each distro. Instead, gather all the dependencies in poky.yaml.in so we
have an overview of what we provide for each distro.
Use yaml ">" to list the dependencies in alphabetical order, one entry
per line, which makes them easier to read and compare among distros.
Rename UBUNTU_… variables to UBUNTU_DEBIAN_…, since these are used for
both distros.
(From yocto-docs rev: 580b410c535f3b24f901cdbf011bf817038ba4c3)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 1ed6118b7cf1b5dcbfca753c83fa30fb97bf44ad)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
locale install
Modify locale installation method to be standard accross all debian-based distributions.
Pre-existing method is available only on Ubuntu, locale-gen tool has no parameter in Debian.
(From yocto-docs rev: 057f2fbce22fc020bef7d432275e28227895e022)
Signed-off-by: Guénaël Muller <guenael.muller@smile.fr>
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Antonin Godard <antonin.godard@bootlin.com>
Tested-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 30002019198a168e48537407bb928facb26af82a)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a report that enabling assertions and all tests results in
notices in log.do_configure:
NOTE: building with unit tests increases the size of the installed library and renders it insecure.
NOTE: building with assertions increases library size and decreases performance.
This was overlooked when dbus and dbus-tests recipes were merged;
enabling all tests and assertions still requires a special, separate
build of dbus. If those tests are useful this could be revisited.
Until then, we should use productions settings for the main recipe.
Buildhistory-diff:
packages/core2-64-poky-linux/dbus/dbus-dbg: PKGSIZE changed from 9958176 to 8627824 (-13%)
packages/core2-64-poky-linux/dbus/dbus-lib: PKGSIZE changed from 544347 to 346339 (-36%)
packages/core2-64-poky-linux/dbus/dbus-ptest: PKGSIZE changed from 3524983 to 3116951 (-12%)
packages/core2-64-poky-linux/dbus/dbus-ptest: FILELIST: removed "/usr/share/installed-tests/dbus/test-dbus-launch-eval.sh_with_config.test /usr/share/installed-tests/dbus/test-counter_with_config.test /usr/libexec/installed-tests/dbus/test-dbus-launch-eval.sh /usr/libexec/installed-tests/dbus/test-dbus-launch-x11.sh /usr/share/installed-tests/dbus/test-counter.test /usr/libexec/installed-tests/dbus/test-counter /usr/share/installed-tests/dbus/test-dbus-launch-x11.sh.test /usr/share/installed-tests/dbus/test-dbus-launch-x11.sh_with_config.test /usr/share/installed-tests/dbus/test-dbus-launch-eval.sh.test"
packages/core2-64-poky-linux/dbus/dbus: PKGSIZE changed from 510939 to 350331 (-31%)
(From OE-Core rev: 054ce01ae84eb10e055a41ec8dd85ebce9ea23c8)
(From OE-Core rev: b132b817f5931b290e5348dd4a17fbfdc5c6e2c4)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Newer compilers end up with errors while compiling these test snippets
and build results in failures.
(From OE-Core rev: 61bd7eccd8e305e2dd95f0b0b86b09d72e99fc1a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If user namespaces are not available (typically because AppArmor is
blocking them), alert the user.
We consider network isolation sufficiently important that this is a fatal
error, and the user will need to configure AppArmor to allow bitbake to
create a user namespace.
[ YOCTO #15592 ]
(From OE-Core rev: a069b9f9ee6708022e12970d53262d966ee806ba)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b6af956fe6e876957a49d4abf425e8c789bf0459)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
opkg stores the current time as Installed-Time in its status file when
installing packages to the rootfs. Make this reproducible by replacing
Installed-Time with ${REPRODUCIBLE_TIMESTAMP_ROOTFS}, which then also
matches the files' datestamps.
Based on OpenWrt's approach for the issue [1].
[1] https://github.com/openwrt/openwrt/blob/main/include/rootfs.mk#L103
(From OE-Core rev: 61a9b1b1cb618ce90ba7886036f41263075c07df)
(From OE-Core rev: bfa9c2f15ac275fceccf22084bed9a064304eb6e)
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Requests is a HTTP library. Prior to 2.32.0, when making requests
through a Requests `Session`, if the first request is made with
`verify=False` to disable cert verification, all subsequent requests to
the same host will continue to ignore cert verification regardless of
changes to the value of `verify`. This behavior will continue for the
lifecycle of the connection in the connection pool. This vulnerability
is fixed in 2.32.0.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-35195
Upstream patches:
https://github.com/psf/requests/commit/a58d7f2ffb4d00b46dca2d70a3932a0b37e22fac
(From OE-Core rev: 8bc8d316a6e8ac08b4eb2b9e2ec30b1f2309c31c)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability was found in PAM. The secret information is
stored in memory, where the attacker can trigger the victim
program to execute by sending characters to its standard
input (stdin). As this occurs, the attacker can train the
branch predictor to execute an ROP chain speculatively.
This flaw could result in leaked passwords, such as those
found in /etc/shadow while performing authentications.
References:
https://security-tracker.debian.org/tracker/CVE-2024-10041
Upstream patches:
https://github.com/linux-pam/linux-pam/commit/b3020da7da384d769f27a8713257fbe1001878be
(From OE-Core rev: 3422c2533caaa2664944315580c52a2272815305)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was fixed in 2.0.14, but NVD DB lists > 2.0.20 causing
false positives in CVE metrics.
NVD entries [1] and [2] list commit [3] which redirects to commit [4].
Also Debian 10 uses this commit, while Debian 11 with 2.0.14 does not
patch it and claims it's fixed.
Trying to apply the patch shows it's already applied.
Following shows git history of this commit wrt tags.
SDL$ git describe a7ff6e96155f550a5597621ebeddd03c98aa9294 --tags
release-2.0.12-305-ga7ff6e961
SDL$ git describe release-2.0.14 --tags --match=release-2.0.12
release-2.0.12-873-g4cd981609
SDL$ git describe release-2.0.20 --tags --match=release-2.0.12
release-2.0.12-3126-gb424665e0
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-14409
[2] https://nvd.nist.gov/vuln/detail/CVE-2020-14410
[3] https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9
[4] https://github.com/libsdl-org/SDL/commit/a7ff6e96155f550a5597621ebeddd03c98aa9294
(From OE-Core rev: 3079d562b4df69ab0ac20ec8d13a4240ce0a3514)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 5b6e502c7640724471b791c521b7e976c03ad8e2)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 5835cb574881d57785f099c768467177d077e867)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous bin_package description was confusing: it would instruct to
use the git fetcher to extract the content of an RPM package using the
`subpath` option - but that's not possible as the git fetcher can be
used to clone a repository but not to do the extraction.
Update the description by telling what it really does and what it
doesn't do, and by giving an HTTPS+RPM example.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: e201ee883c152555ef4c9bd3fa31c3eb96f6dc2f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 305f024bf99ba02b153eed0cebe3d36594868497)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We try to limit our usage of these admonitions to `note` and `warning`,
as the Sphinx documentation warns that most themes only style these two
admonitions. So add a section on that.
Suggested-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 41788e6d230cfb49fadae58ab9651d57cc26f857)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f86ffa1b1dcf0665c17424eee87b6bead09960f6)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having all oe-selftest results on top of each other results in a large 640MB
json file which is hard to use. Split the results out per machine and test type.
This also stops the toolchain raw logs from overwriting each other meaning more
than one MACHINE is preserved.
(From OE-Core rev: e42b6a40a3a01e328966bb5ee1bb3e0993975b15)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4b890f04bc7d147b4a11b824a84f3d2abd75ac54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The duration values have pointless amounts of precision. Removing some of the
least significant digits reduces result size and makes the results easier to read.
(From OE-Core rev: 4ec9bb7e1a02de8223fb7485fc47cb43ad19093c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a789a2e6d97bb8efd663226a17db8d1ca6c1e40f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We've improved the data stored for reproduicible builds. Teach resulttool how
to apply those cleanups when reprocessing data so we can reduce results file
sizes and make the data easier to process.
(From OE-Core rev: cf1b4eb85ca3cb62c9746c6dc8f6dc9c4802c142)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b799c57ae6d61c1b1c7035c8a2c4ba6ee08d1a81)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Improve the rawlogs handling to include ltp logs as well as the ptest ones to
reduce the size of the results git repos.
(From OE-Core rev: 0309366b04dd2d0819c4af409269995c08c7abb3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a0a1954d559609c2c1ca16936d0d68eb3c4c6b45)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
