| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the changes are already present in recipe version
Ref:
https://github.com/FFmpeg/FFmpeg/commit/148ada5577262c6c18ae97604df8fe1c18b096e2
https://ffmpeg.org/security.html
(From OE-Core rev: 4ca1544e95e327c7060efa845aa69c2a1eb1d782)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a
local attacker to execute arbitrary code via the config_eq_output function
in the libavfilter/asrc_afirsrc.c:495:30 component.
(From OE-Core rev: 873025145d42ffe75d421884160ec299d85d21ef)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having all oe-selftest results on top of each other results in a large 640MB
json file which is hard to use. Split the results out per machine and test type.
This also stops the toolchain raw logs from overwriting each other meaning more
than one MACHINE is preserved.
(From OE-Core rev: 92cb4641ff4ec8c1f681bca21cfeaf2ba6923ab7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4b890f04bc7d147b4a11b824a84f3d2abd75ac54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The duration values have pointless amounts of precision. Removing some of the
least significant digits reduces result size and makes the results easier to read.
(From OE-Core rev: 7460a4bb50c696c39add79c2b299b5e636532b8c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a789a2e6d97bb8efd663226a17db8d1ca6c1e40f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We've improved the data stored for reproduicible builds. Teach resulttool how
to apply those cleanups when reprocessing data so we can reduce results file
sizes and make the data easier to process.
(From OE-Core rev: 82acc3b1e410afd40fe8a67c77bfe69add95066e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b799c57ae6d61c1b1c7035c8a2c4ba6ee08d1a81)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Improve the rawlogs handling to include ltp logs as well as the ptest ones to
reduce the size of the results git repos.
(From OE-Core rev: 6b164f7fe556824c85873ce2ca4257b3a4956cdf)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a0a1954d559609c2c1ca16936d0d68eb3c4c6b45)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Storing the log files inside the testresults git repo isn't scaling and isn't
really appropriate use of a git repository. Allow these to be optionally stored
in a separate filesystem location so the git repo can remain managable.
(From OE-Core rev: 3472833b50b5ec97ec19f510ba926ab6aa5429b3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1afc0f3d7e93fa8496be241e9622d3b9a6904bd5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
When using store mode, --all was broken as not all files were being preserved.
Fix this by limiting the scope of the git rm command.
(From OE-Core rev: 461140bede110b561f0bae46255d6a9435329e97)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9604561d2022b6c76b1cb4186d40800d1affdd2b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Tweak the gitarchive exclude handling not to error if excluded files
don't match.
Also return the tagname created so that other code can then use it.
(From OE-Core rev: 0a5b4fabf8bf9b559295bb4d2583809ca11522f4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1adba3430faffdf6217b6a00533a3b48a9388abc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Using 4 space indentation in resulted in hundreds of megabytes of extra file size
in general use. Reduce this to make filesizes more managable and reduce the processing
cost. Some level of indentation and spacing does make the files more readable and allows
use of git diff so we need to retain some of it.
(From OE-Core rev: 03fef3a99186863a0c460bd89bad40f2360a6930)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a274cdcaf852cca9497f0358f44dda99c06aacbe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We have a challenge on the autobuilder where test results from both OE-Core
and poky are being mixed together during result storage which is confusing the
data. Add a way to filter to specific revisions as the least worst way to fix
the various issues this is causing.
(From OE-Core rev: 974a6d5ebebc279df7c6994df7bd8c5d462e4447)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3f276a0dc65341668788853be2cf27ab6aa12b13)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are several problems with these paths. Firstly they contain full
system paths which depend upon where the test was run. These are pretty
pointless and just take up a lot of space making the results files large.
Secondly, they contain the same path twice. The reference and target path
will always be the same thing in two different locations.
Strip off the prefix and remove the duplication. This does change the output
data but that can't really be avoided. It does shrink the results data and makes
it more readable.
(From OE-Core rev: 44ee8f69db5e008b5ac5e0dbf390bb4fcf704f07)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81a44de36e864b08687451fd85aeba7c529fd7f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "rawlogs" data consists of a long string of results data which is
already in a structured data format. I can't see this is adding much
value in duplciating the data but it does create a huge string with a
lot of long problematic pathnames and inflates the results data size.
I suggest we drop this data as obsolete and not necessary.
(From OE-Core rev: 296f64cbf83c40759b368526335502a6b130aa14)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5b2c70fab2ffa409b861d83f048b65d458d03a90)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this change, TIC is the native tic in recipe-sysroot-native.
By default, native tic has set its default terminfo path to native path:
${datadir}/terminfo; $HOME/.terminfo
When sstate cache is used, the cached native tic's terminfo path could
be a path not exist on current host, then native tic will try to install
terminfo to HOME dir, cause host contamination.
Disable the terminfo installation by setting TIC to :
(From OE-Core rev: 846071ec89d3dc5f392e9203c4e7e1e3ea27892c)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe35ead2c3135a18c346e7baa31d34b15c3e2d95)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code was changing the timestamps of the files in the do_package output,
particularly the files added for debug sources. This was to do two things:
a) make do_package sstate more reproducible
b) ensure better hash equivalence matching
Unfortuately the debug source files are hardlinks into the source tree for
efficiency so touching these, touches a lot of files in ${B} and ${S}. This
causes unpredictable effects if compile is run again for example, or could
cause compiling in the install task.
The hash equivalence matching is of key importance but we can mimic that
using clamping of the file timestamps in the depsig output used to generate
the hashes.
This patch drops the global timestamp clamping, instead allowing the files
to retain their creation timestamps into sstate. This makes do_package sstate
slightly less reproducibile. We could clamp the sstate timestamps but that
would lead to two different sets of timestamps depending on whether the
data came from sstate or not. I'd prefer to have consistent code behaviour,
rather than differing behavhour depending on whether data came from sstate
or not.
If we wanted to have reproducibiliy and fix the "corruption" of S/B and have
consistent codepaths, the only other option would be two copies of the
sources, which could end up huge and seems the least desireable option.
This patch therefore drops the timestamp clamping in the sstate files
and tweaks the depsig data generation to clamp the timestamps for do_package
instead since this seems the best compromise.
I validated that rpm/deb/ipk files still generate correctly as before.
(From OE-Core rev: 9df0bf5775ec96773e77c489ba6a443037d65ab6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 475759fdab7200488b2a568b2ba1aa31a456d113)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport fix from upstream to resolve CVE-2024-1298
https://github.com/tianocore/edk2/commit/284dbac43da752ee34825c8b3f6f9e8281cb5a19
(From OE-Core rev: 2a6825a8ad6e5a600e458614ff7bb676ec9c5fac)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport fix from upstream to resolve CVE-2024-38796
https://github.com/tianocore/edk2/commit/c95233b8525ca6828921affd1496146cff262e65
(From OE-Core rev: 01743182b7a4bcbd47157a49da7af7b41546434c)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Analysis shows that "bitbake core-image-ptest-all" spends a lot of
time in scenequeue_updatecounters and much of it is rebuilding a set
which doens't change. Reorder the code to avoid that performance
glitch.
(Bitbake rev: f40a3a477d5241b697bf2fb030dd804c1ff5839f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 923c19b9713e398d8e66e6d4422dfd4c18a03486)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Rather than looping through things we looped through on the previous execution,
start looping where we left off for setscene processing. This gives speed
improvements depending on the kind of build being executed.
(Bitbake rev: 28569e9796d4b34d7b77b4f79074ab7854850386)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00f4d932e3af0eeb333339cbe942010fc76dee0f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There have been complaints about the performance of large multiconfig builds
for a while. The key missing data point was that the builds needed to have large
overlaps in sstate objects. This can be simulated by building the same things with
just different TMPDIRs. In runqueue/bitbake terms this equates to large numbers of
deferred tasks.
The issue is that the expensive checks in the setscene loop were hit every time
through runqueue's execute function before the check on deferred tasks. This leads
to task execution starvation as that only happens once per iteration.
Move the skip check earlier in the function which speeds things up enormously
and should improve performance of such builds for users.
(Bitbake rev: db083cfe9e33c9fd7ffeead7b8c6023a5d581976)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c6c506757f2b3e28c8b20513b45da6b4659c95f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 12d0ba4f496b2b28a188d34fc36e36895f397079)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 5835cb574881d57785f099c768467177d077e867)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous bin_package description was confusing: it would instruct to
use the git fetcher to extract the content of an RPM package using the
`subpath` option - but that's not possible as the git fetcher can be
used to clone a repository but not to do the extraction.
Update the description by telling what it really does and what it
doesn't do, and by giving an HTTPS+RPM example.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 13c9f861547490a734a7e6396ac0b8f416863f70)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 305f024bf99ba02b153eed0cebe3d36594868497)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 0a3a2dceb265112c97359f4366f66bd4b48f4310)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 4175839e718db49bf6971e900c1cf176d03458d7)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We try to limit our usage of these admonitions to `note` and `warning`,
as the Sphinx documentation warns that most themes only style these two
admonitions. So add a section on that.
Suggested-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 2c28575c9aa0ca77d9c21f0833bacb19d44a7931)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit f86ffa1b1dcf0665c17424eee87b6bead09960f6)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
read-only-rootfs-delayed-postinsts
This patch ensures that pkg_postinst_ontarget task is executed for read only rootfs when
read-only-rootfs-delayed-postinsts is set as IMAGE_FEATURES. The issue was that run-postinsts
could be uninstalled at the end of rootfs construction and that shouldn't happen for
the delayed usecase.
In addition to the fix, a test in meta/lib/oeqa/selftest/cases/overlayfs.py testing
the fix has been implemented.
(From OE-Core rev: e0c4f2f69723f64a29ba35c4de5fb1a7c79ef718)
Signed-off-by: Gassner, Tobias.ext <tobias.gassner.ext@karlstorz.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 60f587475dda99eaa07848880058b69286b8900e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevents sporadic crashes of dropbear server when multiple channels are
active at the same time.
Upstream discussion:
https://github.com/mkj/dropbear/pull/326/commits
https://github.com/mkj/dropbear/issues/321
Issue was introduced in dropbear-2022.83 and fixed in v2024.86.
(From OE-Core rev: 808972c0418a64fbed2134b55f25fb90e5d498e9)
Signed-off-by: Florian Kreutzer <florian.kreutzer.oss@rohde-schwarz.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Backport a patch to fix:
$ . oe-init-build-env build-O2
$ bitbake libgcrypt
random/rndjent.c:40:10: fatal error: stdio.h: No such file or directory
* Remove 0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch which
is fixed by the backported patch.
Note, master branch's libgcrypt_1.11.0.bb has already fixed this problem.
(From OE-Core rev: c091ae2c6d45a95f0707b649bbe556275420e5e9)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
python 3.13 removed the pipes module. Thus build fails for host machines that run python 3.13
This commit adds a backport patch to use subprocess module instead
(From OE-Core rev: f357486da3374f7b49d6956260b5b3200f562e02)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There is an issue in the std::chrono::tzdb parser that causes problems
since the tzdata-2024b release started using %z in the main format.
As a real world problem I encounter an issue with the waybar clock module,
which ignores the timezone setting and only shows system time.
(From OE-Core rev: 05d05d9c199de6ec81d2ee9b06f0bff84a9144be)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes fix for: CVE-2024-4693, CVE-2024-6505 and CVE-2024-7730
General changelog for 8.2: https://wiki.qemu.org/ChangeLog/8.2
Droped:
0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
CVE-2024-4467 and CVE-2024-7409 since already contained the fix.
(From OE-Core rev: 7983ad282c37f8c1125da5bab96489e5d0039948)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Below commits on glibc-2.39 stable branch are updated.
dcaf51b41e elf: Change ldconfig auxcache magic number (bug 32231)
b3c51635ef Make tst-strtod-underflow type-generic
b74be22f65 Add crt1-2.0.o for glibc 2.0 compatibility tests
fcdf98f38c Add tests of more strtod special cases
3edc0f22a6 Add more tests of strtod end pointer
988de94538 Make tst-strtod2 and tst-strtod5 type-generic
a2f7087237 powerpc64le: Build new strtod tests with long double ABI flags (bug 32145)
6624318c89 Do not set errno for overflowing NaN payload in strtod/nan (bug 32045)
63bcc01744 Improve NaN payload testing
86369c9ee4 Make __strtod_internal tests type-generic
a7be595c67 Fix strtod subnormal rounding (bug 30220)
9cfeccf65a More thoroughly test underflow / errno in tst-strtod-round
293e4e3c90 Test errno setting on strtod overflow in tst-strtod-round
d8b4fc3653 Add tests of fread
373aab3e52 stdio-common: Add new test for fdopen
Testresults:
After update |Before update |Difference
PASS: 4889 |PASS: 4885 |PASS: +4
FAIL: 229 |FAIL: 229 |FAIL: 0
XPASS: 4 |XPASS: 4 |XPASS: 0
XFAIL: 16 |XFAIL: 16 |XFAIL: 0
UNSUPPORTED: 227|UNSUPPORTED: 227|UNSUPPORTED: 0
(From OE-Core rev: c658dfd63f2e92cdb4aa59e7deb3771619844b8c)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Update to the 5.0.5 release of the 5.0 series for buildtools.
(From OE-Core rev: 97841ea6f6d3d8225b4865e389815090f153ee55)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://requests.readthedocs.io/en/latest/community/updates/#id2
2.32.2 (2024-05-21)
* Deprecations - To provide a more stable migration for custom HTTPAdapters
impacted by the CVE changes in 2.32.0, we’ve renamed _get_connection to a
new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of
Requests>=2.32.0.
* A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
https://github.com/psf/requests/compare/v2.32.1...v2.32.2
(From OE-Core rev: 5b420f3526729809f11b187f48469a7a86d6a93a)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 32fdd5673c25084af4ba295b271455cd92ca09d5)
(From OE-Core rev: ee42ec7146a7c3ceb25c1e0f5afee93849cf9143)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 76fcb907f4db9ec64669d81e5e9c6baffac71973)
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit c8d3edb2562ea4d980186e78b4abb5a94b1d7b22)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-52531:
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
perform conversion to UTF-8 in soup_header_parse_param_list_strict.
Input received over the network cannot trigger this.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52531
CVE-2024-52530:
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
configurations because '\0' characters at the end of header names are
ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the
same as a "Transfer-Encoding: chunked" header.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52530
(From OE-Core rev: 0af9ac076cdbab70f526520acbbb0c38d237c407)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba
(From OE-Core rev: c427c0e22775a615e442d76b45bb3ec5dae067e2)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Builder is a common word and there are many other builder components
which makes us to ignore CVEs for all of them.
There is already 1 ignored and currently 3 new ones.
Instead, set product to yocto to filter them.
(From OE-Core rev: 408c987e9134180616f27ae5df3f59166eeaa6d9)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a
successful allocation, but the subsequent code directly dereferences the
pointer that receives it, which may lead to null pointer dereference. To
fix this issue, a null pointer check should be added. If it is null,
return exception code AE_NO_MEMORY.
Refer: https://nvd.nist.gov/vuln/detail/CVE-2024-24856
(From OE-Core rev: 5c590ccd1973d343f47e7b7171691400490dfc1a)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp
library, affecting all versions prior to 3.19.1. The vulnerability is
triggered when processing a specially crafted zip file that leads to an
infinite loop. This issue also impacts the zipfile module of CPython, as
features from the third-party zipp library are later merged into
CPython, and the affected code is identical in both projects. The
infinite loop can be initiated through the use of functions affecting
the `Path` module in both zipp and zipfile, such as `joinpath`, the
overloaded division operator, and `iterdir`. Although the infinite loop
is not resource exhaustive, it prevents the application from responding.
The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-5569
Upstream patches:
https://github.com/jaraco/zipp/pull/120/commits/79a309fe54dc6b7934fb72e9f31bcb58f2e9f547
https://github.com/jaraco/zipp/pull/120/commits/564fcc10cdbfdaecdb33688e149827465931c9e0
https://github.com/jaraco/zipp/pull/120/commits/58115d2be968644ce71ce6bcc9b79826c82a1806
https://github.com/jaraco/zipp/pull/120/commits/c18417ed2953e181728a7dac07bff88a2190abf7
(From OE-Core rev: ec77cfe12f0790c7e3cf2d9bf00e47b4c653997c)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python 3.13 emits a ResourceWarning for unclosed sqlite3 `Connection`s.
See https://docs.python.org/3/whatsnew/3.13.html#sqlite3
The previous commit fixed persist_data's context manager to close the
connection, but we were never actually using `with` in the first place.
This change is not necessary on 'master' because persist_data was
removed.
(Bitbake rev: 6c2641f7a9e92c1b82e306f59ddd3c1249c52cbf)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
A Connection's __exit__ does not close the connection, but rather deals
with transactions. See https://docs.python.org/3/library/sqlite3.html#how-to-use-the-connection-context-manager
This change is not necessary on 'master' because persist_data was
removed.
(Bitbake rev: c9ea354c2df3d94b9ebe7810e83df9efb6007013)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Testing shows the worst case CDN response time can be up to 100s. The wget fetcher
is used for accessing sstate from the CDN so increase our timeouts there to match
our worst case repsonse times.
(Bitbake rev: c7f282cd27edfd78830b61db586ed669808893a5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Removes the code in bitbake to show custom backtrace formatting for
exceptions. In particular, the bitbake exception code prints function
arguments, which while helpful is a security problem when passwords and
other secrets can be passed as function arguments.
As it turns out, the handling of the custom serialized exception stack
frames was pretty much made obsolete by d7db75020ed ("event/msg: Pass
formatted exceptions"), which changed the events to pass a preformatted
stacktrack list of strings, but the passing of the serialized data was
never removed.
Change all the code to use the python traceback API to format exceptions
instead of the custom code; conveniently traceback.format_exception()
also returns a list of stack trace strings, so it can be used as a drop
in replacement for bb.exception.format_exception()
(Bitbake rev: c25e7ed128b9fd5b53d28d678238e2f3af52ef8b)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The pipes module is removed in python 3.13. It was already using the
quote function from shlex so use that directly instead.
The module already imports shlex too so it is an easy substitution.
(Bitbake rev: 70bd343fb273ad174e56d08c8b80c5594501e030)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of
the debug symbols
Level 1 produces minimal information, enough for making backtraces in
parts of the program that you don't plan to debug. This includes
descriptions of functions and external variables, and line number
tables, but no information about local variables.
This makes the sstate objects a lot more manageable, and packaging
faster.
(From OE-Core rev: dac630ab5ee7aa6c5c7c294093adbd11b116c765)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The version bump to 2.44.3 mistakenly changed the recipe to use
DEBUG_LEVELFLAG, which is unsupported in scarthgap.
Restore the original use of DEBUG_FLAGS
(From OE-Core rev: ba0d06f3004bb59368f796e4501a574b4575cad4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Udev script network.sh is called when a new ethernet interface is plugged (eg. USB).
Due to some (old) missing files, this script does nothing, instead of configuring the
interfaces with ifup.
I just commented the corresponding lines to allow the script to reach the part where
it calls ifup.
(From OE-Core rev: cf881c1b96bf93a8a36b7d6ac83aa053ee059ba6)
Signed-off-by: Regis Dargent <regis.dargent@gmail.com>
Fixes [YOCTO 15616]
network.sh relies on (long) missing files (eg. /etc/network/options,
/etc/init.d/network) to decide if it should configure the new network
interface (ifup) or put its name in /etc/udev_network_queue for future
initialization by /etc/init.d/network service.
The actual result was that the new hotplugged interface was never
automatically configured.
Removing the obsolete tests allows the script to do its intended job.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 160f7139172ffdf510a0d7d4e85f7fbaac7fd000)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cortexa32 is a 32-bit armv8a architecture processor, so set the tune feature
as armv8a instead of aarch64 which is 64-bit armv8a architecture.
It solves the following build error while compiling libgcc-initial
and libssp-nonshared.
-- snip --
aarch64-poky-linux-musl-gcc: error: unrecognized command-line option '-mfpu=neon'
aarch64-poky-linux-musl-gcc: error: unrecognized command-line option '-mfloat-abi=hard'
-- snip --
(From OE-Core rev: a83ead146c15772970c7ca649e81929302349033)
Signed-off-by: Jagadeesh Krishnanjanappa <workjagadeesh@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3b898270aca62559dfa42ed71d296fe8a8b46a41)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible to build the hdtbl examples before grn has been build:
groff: error: couldn't exec grn: No such file or directory
Backport a dependency fix from upstream.
[ YOCTO #15610 ]
(From OE-Core rev: 40003e1f1444f6202b068dcde632571be208594e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d590a32423d05cefc4e7282f971f633b3fa0b941)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
