| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Artifex Ghostscript through 10.01.2 mishandles permission validation for
pipe devices (with the %pipe% prefix or the | pipe character prefix).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36664
Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099
(From OE-Core rev: cd3921215cb782ecc9aeda5bb3b76863911bcb61)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
import patch from ubuntu to fix
CVE-2023-0330
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit https://gitlab.com/qemu-project/qemu/-/commit/b987718bbb1d0eabf95499b976212dd5f0120d75]
(From OE-Core rev: aae5bf06ad3c67386544f9da55aa21fbf32c3418)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From yocto-docs rev: 145488ac9ee4ad5efb0966f07ff5e7ff804f6562)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From yocto-docs rev: f9ce60e2a035f3921901d2c6633df6e302cad1c7)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 96575a0c06d206400a5efde2ec2ddcda54a43105)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes: 2c53ac40e99a ("ref-manual: terms.rst: add SBOM and SPDX terms")
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From yocto-docs rev: aaa554381a46c66d7708967c65893992760aa5fe)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building using an SDK, cmake complains that the target
architecture 'cortexa53-crypto' is unknown. The same build in bitbake
uses the target architecture 'aarch64'.
Set CMAKE_SYSTEM_PROCESSOR the same as for bitbake.
(From OE-Core rev: d877d5f07772ec4a05332068ddc03cf387313036)
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d32a6225eefce2073a1cd401034b5b4c68351bfe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
In order to build erofs filesystems, wic must have the erofs-utils package installed into its sysroot.
(From OE-Core rev: c349c7fcb299b123824da9a13ee58222a6cbf9ec)
Signed-off-by: Heiko Thole <heiko.thole@entwicklung.eq-3.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Debian does the same:
https://packages.debian.org/source/sid/sysfsutils
(From OE-Core rev: 9f35ca9d9ed4be4d27318230f4ae42c4885d1f0c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 504b2f590cb94b217c5f48090cfb71a749bd5ac8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The original configure runs a generated binary to determine
features. This is not correct for cross compilation. So change
the runtime tests into compile-time tests to fix the issue.
(From OE-Core rev: 7d99f3a9a2a74fe2e8753b00553f07f305d14c87)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b9aca339b59238988c48b90ea5019bfc939ba4b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's incorrect to run a cross-compiled program on build machine
to check if some feature is available or not. As these two checks
in zip are basically just checking the size, we can use _Static_assert
and sizeof to do such check at compile time.
(From OE-Core rev: 6f5986fb520ab89b0950d3e0fa8492de4de7798f)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dda778d855b1838ae3004a9af310724b913490b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The dnf contents should be moved to <host_sysroot>/etc/dnf/xxx
instead of just <host_sysroot>/etc.
(From OE-Core rev: 006ff31ddad4c53c63adf1dacecbf2783404a546)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74b78d160a985e98f869c777847ab798e419dd2d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of printing an error message and continuing, we should just
error out when moving file fails.
(From OE-Core rev: 4ed94fef70df05c874cf0c68dcc95c5636687825)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 12aecd9da94b5f27041982c661e8bab316d365d4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpm2cpio.sh can make calls to unzstd to uncompress the RPM payload that
conform the cpio file.
zstd is already part of HOSTTOOLS, as a link to the system installed
zstd.
This patch add unzstd in HOSTOOLS list as a non-optional binary, so is
available to rpm2cpio.sh when it is required.
(From OE-Core rev: 5cee002e34d16e9d82045d3e8e3931ba046403d2)
Signed-off-by: Alberto Planas <aplanas@suse.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bff58d337890e804d33d7decbaa46065a4d3bba4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
* needed for rust-llvm-native on hosts with gcc-13
Based on commit 3382759cb6c5 ("llvm: backport a fix for build with gcc-13")
(From OE-Core rev: d6684a9c9f713ad30442a2a036ff86b534585400)
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mounts we prepare for the container payload
Backport fix for systemd nspawn uidmap handling from systemd v253 .
Without this, attempt to start mkosi generated debian stable 12
container would ultimately fail (per "$ strace -ff") with:
"
symlinkat("usr/lib/aarch64-linux-gnu", 8, "lib64") = -1 EOVERFLOW (Value too large for defined data type)
"
Command to generate test container:
"
mkosi --distribution debian --release stable --architecture arm64 \
--cache-dir /home/oe/cache/ --format tar --compress-output xz \
--output-dir /home/oe/output/ --checksum 1 --root-password root \
--package systemd --package udev --package dbus
"
Command to import test container and start it, which triggers the failure:
"
$ machinectl pull-tar http://192.168.1.300/image.tar.xz default
$ machinectl read-only default false
$ rm -f /var/lib/machines/default/etc/machine-id
$ dbus-uuidgen --ensure=/var/lib/machines/default/etc/machine-id
$ machinectl start default
"
Minimal command to trigger the failure once container is imported:
"
$ strace -ff systemd-nspawn --keep-unit --boot --link-journal=try-guest --network-veth -U --settings=override --machine=default
"
Extracted from systemd MR:
https://github.com/systemd/systemd/pull/22774
Further explanation by Christian Brauner at second half of:
https://github.com/systemd/systemd/issues/20989
(From OE-Core rev: 6d190eb0caadcb95c5325ede32164a645abb61f3)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, finding the elapsed time of each task in buildtimes.svg
is a manual effort of checking the top axis and finding and subtracting
the end and start time of the task.
This change adds the elapsed time for each task, so that
manual effort of comparing start/end time is avoided.
(From OE-Core rev: b2678422b411ccbd19a7b198c872b92077567391)
Signed-off-by: Mauro Queiros <Mauro.Queiros@criticaltechworks.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3efebd3404de548f0757863da237f2d18ce60013)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The first time logrotate runs it reports an error:
error: state file /var/lib/logrotate.status is
world-readable and thus can be locked from other
unprivileged users. Skipping lock acquisition...
This check was added with
https://github.com/logrotate/logrotate/commit/1f76a381e2caa0603ae3dbc51ed0f1aa0d6658b9
This error is only reported once as logrotate removes
the world-readable permissions if this happens.
Since logrotate creates this file if it does not exist,
there should be no need to install it in the first place.
(From OE-Core rev: fbfd62ac655cf00b8f7c8fc832ce7434ad4966a3)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8169cd2d18f1569e4357f082adbef492710e8c36)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpng is a platform-independent library which
supports all PNG features.
This ptest executes the below binaries, parses
the png image and prints the image features.
1. pngfix - provides information about PNG image
copyrights details.
2. pngtest - tests, optimizes and optionally fixes
the zlib header in PNG files.
3. pngstest - verifies the integrity of PNG image by
dumping chunk level information.
4. timepng - provides details about PNG image chunks.
(From OE-Core rev: 2d58b38185ca7eed5d885b8d00ca549b57138554)
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is a follow-up of 76e5fcb2 that also allow users to chose
the package manager using OEQA_REPRODUCIBLE_TEST_PACKAGE
(From OE-Core rev: 4402b746f49611abe71719dd1d174de79bb030bb)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d414d85b44077bac57aba36707b0fc699a73e97)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow users to set different build reproducibility targets than
the defaults using OEQA_REPRODUCIBLE_TEST_TARGET and
OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS variables in local.conf.
Fixing all issues from "world" builds is not possible in some
complex build environments with lots of layers. Limiting the focus to
a smaller subset allows using this test to detect and fix build
reproduction issues incrementally.
(From OE-Core rev: 3b82a7d74995c0670a6914c58b3d7c42327b8ee9)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit c66bebbce5995e386a1a4d055a914a39b6ee518d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
https://nvd.nist.gov/vuln/detail/CVE-2023-2609
d1ae836 patch 9.0.1531: crash when register contents ends up being invalid
https://nvd.nist.gov/vuln/detail/CVE-2023-2610
ab9a2d8 patch 9.0.1532: crash when expanding "~" in substitute causes very long text
(From OE-Core rev: a71153cb0a509456dd36466ac15a603f953eb6b8)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1e4b4dfb4145bc00eb6937b5f54a41170e9a5b4c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 1eebdfba70ceaa8d73ab46c3131d022e53245eaa)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 47438402fa430499864a4b1f1a13eaac66aa21c0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
License-Update: additional firmwares
(From OE-Core rev: 8ac5ebfa83c3e1f5effca5154b771b2f2bed607d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64603f602d00999220fe5bafeed996ddcb56d36b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stable version release
Noteworthy changes in release 1.21.4 (2023-05-11)
** Document --retry-on-host-error in help text
** Increase read buffer size to 64k. This should speed up downloads on gigabit
and faster connections
** Update deprecated option '--html-extension' to '--adjust-extension' in
documentation
** Update gnulib compatibility layer.
Fixes HSTS test failures on i686. (Thanks to Andreas Enge for ponting it out)
License-Update: copyright years
(From OE-Core rev: 024feac4827dc847ba83a64de82cef524156a9ea)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 67ec2d5bab891cb92af9ca32304a4927daf51ed0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 4e7ec4bef86c79b4221a800ace700c58ce033de1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apache Serf 1.3.10 [2023-05-31, from tags/1.3.10, r1910048]
Support for OpenSSL 3 (r1901937, ...)
Fix issue #171: Win32: Running tests fails with "no OPENSSL_Applink" error
Fix issue #194: Win32: Linking error when building against OpenSSL 1.1+
Fix issue #198: OpenSSL BIO control method incorrectly handles unknown requests
Fix issue #202: SSL tests are not passing with OpenSSL 3
Fix error handling when reading the outgoing request body (r1804534, ...)
Fix handling of invalid chunk lengths in the dechunk bucket (r1804005, ...)
Fix an endless loop in the deflate bucket with truncated input (r1805301)
Fix BIO control handlers to support BIO_CTRL_EOF (r1902208)
Fix a CRT mismatch issue caused by using certain OpenSSL functions (r1909252)
Build changes to support VS2017, VS2019 and VS2022 (r1712131, ...)
Build changes to support Python 3 (r1875933)
As serf is undead, we need to reassess all the remaining patches.
(From OE-Core rev: 275c6b7ac72330e14ba55907e8494314b63a9adf)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 775cbcc876edcb6c339f342a3253f5afcf6ef163)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 17a46eee905f0ecfdbebb014533848dc7e906ec7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Drop a backport patch as it is now integrated.
(From OE-Core rev: 134bac52904722cd63fde07f5784c0cca3fbcb05)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 80d26d1da47dcd9213a7083d9493a7bce0897a57)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There exists a use after free/double free in libwebp. An attacker can
use the ApplyFiltersAndEncode() function and loop through to free
best.bw and assign best = trial pointer. The second loop will then
return 0 because of an Out of memory error in VP8 encoder, the pointer
is still assigned to trial and the AddressSanitizer will attempt a double free.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-1999
Upstream patch:
https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129
(From OE-Core rev: a5d0f8734ca643c25f0952387b38edf8ffd70525)
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Introduced by: https://github.com/curl/curl/commit/3c49b405de4fbf1fd7127f91908261268640e54f (curl-7_9_8)
Fixed by: https://github.com/curl/curl/commit/13718030ad4b3209a7583b4f27f683cd3a6fa5f2 (curl-8_1_0)
Follow-up: https://github.com/curl/curl/commit/f446258f0269a62289cca0210157cb8558d0edc3 (curl-8_1_0)
(From OE-Core rev: f19c20c429395c1b4c62a6e0388ef51b830871c5)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add patch to fix CVE-2023-3138 for kirkstone branch
Link: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c.patch
(From OE-Core rev: 5491531d4681d3df5a34ebc180e29a8bf4e09e67)
Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport fixes for:
* CVE-2023-2828 - Upstream-Status: Backport from https://gitlab.isc.org/isc-projects/bind9/-/commit/e9d5219fca9f6b819d953990b369d6acfb4e952b
* CVE-2023-2911 - Upstream-Status: Backport from https://gitlab.isc.org/isc-projects/bind9/-/commit/240caa32b9cab90a38ab863fd64e6becf5d1393c && https://gitlab.isc.org/isc-projects/bind9/-/commit/ff5bacf17c2451e9d48c78a5ef96ec0c376ff33d
(From OE-Core rev: 08810d3fe6988ea821805eca16105b4632335654)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sqlite.org/src/info/cd24178bbaad4a1d]
(From OE-Core rev: 663713b2f95dee1e70f8921ece23b21d84d93805)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available
standalone on CPAN, has an insecure default TLS configuration where
users must opt in to verify certificates.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31486
Upstream patches:
https://github.com/chansen/p5-http-tiny/commit/77f557ef84698efeb6eed04e4a9704eaf85b741d
https://github.com/chansen/p5-http-tiny/commit/a22785783b17cbaa28afaee4a024d81a1903701d
(From OE-Core rev: 5819c839e1de92ab7669a0d4997886d0306c4cc1)
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were vestigal remains of API key support which could be removed,
but as using an API key - in theory - gives the user larger rate limits
it's probably wise to expose it.
If the user has an API key, then set NVDCVE_API_KEY.
(From OE-Core rev: 200c2783b3f8546f561382fff6bd5268680d403a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a542de684282bfec79f24ae2f1a2027ffde319d8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a note of what range we're fetching, and use bb.note() instead of
debug() as messages about retrying shouldn't really be considered debug
logging.
(From OE-Core rev: be409f17e64dac2c6fa2cafba73c2084c68c59bf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b64a869b9c5e1d504f1011da16b5c5ff721afbf0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current 503 errors seem to last several seconds.
In most cases there are two errors and third request succeeds.
However sometimes the outage takes more than time needed
for two retries and third one also fails.
Extend retry count from 3 to 5 to improve the probablity
that the fetcher succeeds.
(From OE-Core rev: eceeba61b5da6d81f0677365f956464f1e5f1d84)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f4d118af2360cff7f234102fd5e4b65a6f4146a6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Last couple days it is not possible to update NVD DB as servers
are returning lot of errors.
Mostly "HTTP Error 503: Service Unavailable" is observed but
sporadially also some others.
Retrying helps in most cases, so extend retries to all errors.
Additionally add sleep which is recommended by NVD between requests.
These retries are already implemented between successful requests,
but giving servers time between failed ones is important, too.
(From OE-Core rev: c061bcd54fc8b62ea9a005f422a17ca46eac68c2)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 88dad8f198baa80af5ab576498f4df6ed639d551)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After upgrade to soon-to-be-released kirkstone 4.0.11 CVE annotations got broken.
Anything which has only cvssV3 does not resolve properly.
Fix the API fields used to extract it.
i0.0 score is now at level of NVD DB 1.1.
All CVEs with UNKNOWN vector are not present in NVD DB 1.1.
NVD API 1.1:
sqlite> select vector, count(vector) from nvd group by vector;
ADJACENT_NETWORK|4776
LOCAL|32146
NETWORK|167746
PHYSICAL|185
sqlite> select scorev3, count(scorev3) from nvd group by scorev3;
0.0|73331
1.8|7
1.9|3
...
NVD API 2.0 (broken):
sqlite> select vector, count(vector) from nvd group by vector;
ADJACENT_NETWORK|4587
LOCAL|26273
NETWORK|150421
UNKNOWN|24644
sqlite> select scorev3, count(scorev3) from nvd group by scorev3;
0.0|205925
NVD API 2.0 (fixed):
sqlite> select vector, count(vector) from nvd group by vector;
ADJACENT_NETWORK|5090
LOCAL|32322
NETWORK|168004
PHYSICAL|213
UNKNOWN|511
sqlite> select scorev3, count(scorev3) from nvd group by scorev3;
0.0|73841
1.8|7
1.9|3
...
(From OE-Core rev: c00b89c2a5de8ce59b759ed8bf482942458421ff)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61a5857efdcc0f49c69c0deb24fce99007aeef19)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When requesting updates in a specific range, use the actual current time
and database mtime instead of truncating to midnight, and explicitly set
the timezone to UTC so that NIST don't treat the timestamps as _their_ local
time when they're _our_ local time.
(From OE-Core rev: 91243ad474be00e55aa99355edef44f2fe2311f1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9aa0ec37f5f74252588d2494a71c71a7d8e68df9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some CVEs, such as CVE-2013-6629, list multiple configurations which are
vulnerable. The current JSON parser only considers the first
configuration.
Instead, consider every configuration. We don't yet handle the AND/OR
logical operators, but this is a step in the right direction.
(From OE-Core rev: 7614e00b9491e5d4d6df5492f72613a56ab390d7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e1bf4f6dd686055fe9a8bdcc3f739eac2807bae0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Replace the sockopt disable patch with a fix from upstream
(From OE-Core rev: cef730284b8616ba07c1b062c992c36af730580e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ac921989991c319ecad01bec37c4ccaa15a7b58f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit c1beb73526e3ade75bd6dae5f9310107c50f1226)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Both patches change the same paths to gawk, merge them together
as we only need one patch for this.
(From OE-Core rev: 81af8c6fdc6f0b6617b7258c9b3e2e26a76db5c8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 79c0b18e29cad337640860f57683f0a170f6daab)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 6080138fd0c27db7029b5a76e69b8dc241ad8dc3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This test is failing for uncertain reasons. We have reported upstream, disable
it until we can work out why this happened. The point it started failing is
unclear due to other test framework issues.
(From OE-Core rev: fc32e725a0c73772a2ad4e31e1aa1d61f72f9da1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2e9165a854c7b83f163479e9dbd3cb183a9d71f5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 846d8097fed9498fab7120ed61a962ff2c15746a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61947762e410c685f667e0af6440fb8a33cd6777)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
devtool crashes when running "update-recipe" and append changes on the recipe.
"$ devtool update-recipe -a <layer> <recipe>"
Traceback (most recent call last):
...
File "/ovss/ovss_quanta/poky/scripts/lib/devtool/standard.py", line 1636, in srcuri_entry
return 'file://%s%s' % (basepath, paramstr)
^^^^^^^^
NameError: cannot access free variable 'basepath' where it is not associated with a value in enclosing scope
The input variable 'fname' should have the same meaning as the variable 'basepath'.
Modify the 'fname' to 'basepath' and solve the issue.
(From OE-Core rev: 1487bdda6b443480e9ce45d8b8527ad61c2a50a4)
Signed-off-by: Charlie Wu <chiachiwu@google.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit c3231756bbc2cb5641204414ad3670d7f8607ed3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Current error message is difficult to read:
ERROR: Nothing PROVIDES 'image'
trs-image was skipped: image - image: normal username test does not have a static ID defined. Add test to one of these files
It's not clear that first "image" is recipe name, second "image" is
binary package name and that "test" is the user account which does not
have a static ID defined. Improve the error message so that these are
more explicit. Now the error message looks like:
image was skipped: Recipe image, package image: normal username "test" does not have a static ID defined.
(From OE-Core rev: 572c507736b2fcc31f7f13cb3da0d5be361838f5)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 07898218f3908a83e07178b6530dfa48d55d4ec2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
feature
lld results in textrels in some .so used in tests, fixes
babeltrace2-ptest: ELF binary /usr/lib/babeltrace2/ptest/tests/lib/test-plugin-plugins/plugin-minimal.so has relocations in .text
babeltrace2-ptest: ELF binary /usr/lib/babeltrace2/ptest/tests/lib/test-plugin-plugins/plugin-sfs.so has relocations in .text [textrel]
ERROR: babeltrace2-2.0.5-r0 do_package_qa: QA Issue: babeltrace2: ELF binary /usr/lib/babeltrace2/plugins/babeltrace-plugin-ctf.so has relocations in .text
babeltrace2: ELF binary /usr/lib/babeltrace2/plugins/babeltrace-plugin-utils.so has relocations in .text
babeltrace2: ELF binary /usr/lib/babeltrace2/plugins/babeltrace-plugin-text.so has relocations in .text [textrel]
(From OE-Core rev: 1c02416041498c649c517a9933ab736fca2ceae8)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 18d443b53a0d76102fbbc1088fbcb3f8087a2b1b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We were not able to get a response about availability over email, and so the recipe
has to be unassigned.
(From OE-Core rev: 8d2e96c3a611aba63aa9a51f6b350ea8c9654e06)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 56f1af6d5b3019dccbc27bb0a9692a5f1a32f87b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We were not able to get a response about availability over email, and so the recipe
has to be unassigned.
(From OE-Core rev: 61e64e7af709dd03dd4018c69a752f2eadc5372e)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 60eda3dcbf96b5982a0e282fd0c3c13b0b4d7787)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We were not able to get a response about availability over email, and so the recipe
has to be unassigned.
(From OE-Core rev: 191ab08c035f1811af932775a767b5e83a95e35b)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3beb88060be9484cfe75dfa60f041b0b32214978)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
