| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
Includes fixes for CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.
https://blog.hartwork.org/posts/expat-2-6-3-released/
(From OE-Core rev: 5cf92f8164d6d03756997e6b9cfb6d37ef5a273a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc96903d915db0dfde382a26bb7ec57d0d37e62e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes CVE-fix for CVE-2024-43790 and CVE-2024-43802
Changes between 9.1.0682 -> 9.1.0698
====================================
https://github.com/vim/vim/compare/v9.1.0682...v9.1.0698
(From OE-Core rev: 829e474534777b2154f1b1246c5792b3159dacb1)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e530265415d93e3f49ec7874cf720aad18ab2e22)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 0a8ba360f111d379af436de86e0a990be02910bb)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b29bfd333dffe635ab67475dcd8d22ad8b114c84)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
new URL for sources: http://ftp.midnight-commander.org/
(From OE-Core rev: 7e11701698a9f38a5e3e0499c0c2edd98d32a85d)
Signed-off-by: Benjamin Szőke <egyszeregy@freemail.hu>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 03c4052718a9b8392b25e1770630317b8cf29fbe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport upstream patch to add a missing header. The patch says it is
for systemd, but I am seeing build issues when building openssh with
clang and musl. The issue being seen is:
#warning usage of non-standard #include <sys/cdefs.h> is deprecated
And similar deprecated warnings. This patch resolves the issue.
Original patch can be found at
https://github.com/openssh/openssh-portable/commit/88351eca17dcc55189991ba60e50819b6d4193c1
This issue was introduced with OE-Core 1c9d3c22718bf49ae85c2d06e0ee60ebdc2fd0c1
https://github.com/openembedded/openembedded-core/commit/1c9d3c22718bf49ae85c2d06e0ee60ebdc2fd0c1
Patch suggested by Khem Raj.
(From OE-Core rev: ae4064a8a60b60bee8a32a454e8784fcf1ecd318)
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Under high load, the ssh test is hitting the amount of retries.
Increase it to 20 to avoid this issue. This would increase the maximum
failure time from 50 seconds (5 * 10) to 100 seconds.
(From OE-Core rev: 4581b5793f310d2f1f0c80bfe1a5f8743416c4fc)
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c796438eec5dd6b4671b798f85506bc89ff402ab)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: d2b83ae234668bccd81ae4b53ca06196d398573b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b460d2d55a35450564ea04255153b0a3bf715530)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- context: use rpmtsAddReinstallElement() when doing a reinstall
- MergedTransaction: Fix invalid memory access when dropping items
- ConfigParser: fix use-out-of-scope leaks
- Since we use rpmtsAddReinstallElement rpm also uninstalls the package
- Fix countme bucket calculation
(From OE-Core rev: 20b67ad71cfa3eac35b2514067f87d79d9c3da2e)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9cf8330068503a5721640763309c4c74f293a94d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- AdwAlertDialog
- Fix unmatched va_start()
- Fix setting default widget when removing a response
- AdwBreakpointCondition
- Fix leaks when parsing
- AdwBreakpointBin
- Fix a leak
- AdwDialog
- Fix toggling presentation mode
- Fix close button ignoring :can-close
- Fix ::close-attempt not emitting in some cases
- Fix swipe area for bottom sheets
- Leak fixes
- AdwHeaderBar
- Fix initial focus for the back button
- Fix split view links in docs
- AdwMessageDialog
- Fix unmatched va_start()
- AdwSpinRow
- Fix ::input handling
- AdwTabButton
- Fix needs-attention badge on RTL
- AdwTabView
- Accessibility fixes
- AdwViewStack
- Accessibility fixes
- Translation updates
- Nepali
(From OE-Core rev: 5cc094b5ba1a6e685b01ff35130c4e69fdc7e0ec)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 25b8f5059061bf52257117ba7d54031a31388fb1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update:
===============
- README: Change in copyright years as per https://w1.fi/cgit/hostap/commit/README?id=d945ddd368085f255e68328f2d3b020ceea359af
- wpa_supplicant/wpa_supplicant.c: Change in copyright years as per https://w1.fi/cgit/hostap/commit/wpa_supplicant/wpa_supplicant.c?id=d945ddd368085f255e68328f2d3b020ceea359af
CVE's Fixed:
===========
- CVE-2024-5290 wpa_supplicant: wpa_supplicant loading arbitrary shared objects allowing privilege escalation
- CVE-2023-52160 wpa_supplicant: potential authorization bypass
Changes between 2.10 -> 2.11:
============================
https://w1.fi/cgit/hostap/commit/wpa_supplicant/ChangeLog?id=d945ddd368085f255e68328f2d3b020ceea359af
Note:
=====
Patches
0001-build-Re-enable-options-for-libwpa_client.so-and-wpa.patch,
0002-Fix-removal-of-wpa_passphrase-on-make-clean.patch,
0001-Install-wpa_passphrase-when-not-disabled.patch,
0001-PEAP-client-Update-Phase-2-authentication-requiremen.patch (CVE-2023-52160)
are already fixed and hence removing them.
(From OE-Core rev: 35c2b5f56bca789b9723a144fda0a130a67a860c)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 824eb0641dc6001a5e9ad7a685e60c472c9fdce8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Fixed error handling when reading a mixed "1setOf" attribute.
- Fixed scheduler start if there is only domain socket to listen on
0001-use-echo-only-in-init.patch
0002-don-t-try-to-run-generated-binaries.patch
0004-cups-fix-multilib-install-file-conflicts.patch
refreshed for 2.4.10.
(From OE-Core rev: 01039c35a89de4bbd1410b3ee08a99cf325adf2b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd7a978d2d7feb11f6c265ba812c8ca29912ebc6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refreshed patch 0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
Includes security fix
CVE-2023-49582
changelog:
https://downloads.apache.org/apr/CHANGES-APR-1.7
(From OE-Core rev: e650030ec8fe37b84e6ae37a2305453cc59fda31)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c5d9498466526451910fa02862f8860b2bb81df8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
At some point this became unnecessary, as tested by building apr
with DISTRO_FEATURES:append = " ld-is-gold"
The logs do confirm that (previously) problematic binary links without errors.
(From OE-Core rev: c04d1ca0d4f1c7236a5093e7be5ef51633c503fd)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c041932f14cf552b0446732ce0cca6537f3286ab)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If XvFB is enabled, the CVE_STATUS for CVE-2023-5574 should be
'unpatched' rather than the empty string. Otherwise SDPX checker
complains:
xserver-xorg-2_21.1.13-r0 do_create_spdx: Unknown CVE status
(From OE-Core rev: 9965028d74b3c480f7556d299d616999822b79bf)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0ec5dcbdd7c922df25ce90b04902d9c7c749a8c0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module. When iterating over names of entries in a zip archive (for example,
methodsof "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()",
etc) the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-8088
Upstream-Patch:
https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec
(From OE-Core rev: 2d98276ba70ed6c44afecd42a7352f1b3030438f)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module. When parsing cookies that contained
backslashes for quoted characters in the cookie value, the parser would use
an algorithm with quadratic complexity, resulting in excess CPU resources
being used while parsing the value.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-7592
Upstream-Patch:
https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1
(From OE-Core rev: 3bb9684eef5227e7b1280ee9051884310b0d0b7f)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for
remote code execution via its download functions. These functions, which are used to download
packages from URLs provided by users or retrieved from package index servers, are susceptible
to code injection. If these functions are exposed to user-controlled inputs, such as package
URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6345
Upstream-patch:
https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
(From OE-Core rev: 468c5a4e12b9d38768b00151c55fd27b2b504f3b)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add the firmware package for the ATH12K module.
(From OE-Core rev: 553f31396a5d966ab827f1c4b807ef46649080d0)
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
[DB: added rdepends from PN to PN-ath12k]
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Refer [1], people.redhat.com has certificate issue, so update SRC_URI
to fix do_fetch warning
[1] https://github.com/stevegrubb/libcap-ng/issues/56
(From OE-Core rev: ba5d05337c97ec14d00939f02ecdd6aeab126822)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
In native.bbclass, CFLAGS is overrided by 'CFLAGS = "${BUILD_CFLAGS}"',
this make "CFLAGS +=" not work for expect-native, use append to make it
also work for native.
(From OE-Core rev: 6974c6548cae62529d96d4ceb3a296707d4adae5)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When xwayland PACKAGECONFIG option is set, xwayland is enabled in
weston.ini. However, if the xwayland module isn't installed, weston will
refuse to start with the following error message:
Failed to load module: /usr/lib/libweston-13/xwayland.so: cannot open shared object file: No such file or directory
Therefore, whenever the xwayland PACKAGECONFIG is set, weston-init
should depend on weston-xwayland to bring this module in.
Fixes: fdbe559c66c9 ("weston.init: enabled xwayland")
(From OE-Core rev: ba66fa75e57f94d35bfd703075ea6706879c63cb)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fa2314125318634108452af4e40c9eeee260767c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 2.39 version of util-linux took new file descriptors based mount
kernel API into use. In relation to this change, the upstream release
notes in
https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21
mention that
This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior.
After observing following failure when booting a board using a bit
older 6.1 series kernel together with initramfs rootfs based boot flow
[FAILED] Failed to start Remount Root and Kernel File Systems.
See 'systemctl status systemd-remount-fs.service' for details.
closer inspection revealed:
demoboard ~ # systemctl status -l systemd-remount-fs.service
x systemd-remount-fs.service - Remount Root and Kernel File Systems
Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled)
Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago
Docs: man:systemd-remount-fs.service(8)
https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE)
Main PID: 76 (code=exited, status=1/FAILURE)
Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32.
Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option.
Aug 14 14:53:48 demoboard systemd-remount-fs[81]: dmesg(1) may have more information after failed mount system call.
Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE
Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'.
Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems.
also consequentially, 'systemctl status' reported:
State: degraded
When issuing 'strace -ff mount -o remount /' the failure occurred at
mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument)
After further investigation, The issue was pinpointed to lack of Linux
kernel commit
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210
("fs: relax mount_setattr() permission checks") in the kernel version
that was being used. Above mitigation was discussed in email related to
then-rejected CVE-2024-26821:
https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/
After testing with qemuarm64 machine different linux-yocto versions,
it was observed that the issue impacts following versions of currently
supported LTS kernels:
- 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0)
- 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0)
- 5.15.164 which is currently the newest of 5.15.y series (i.e. no
known working version)
Taking the above findings into consideration, add a new PACKAGECONFIG
option removing which enables users to opt-out from using the feature
which can cause issues with a bit older kernels. The option is enabled
only for class-target here, since it otherwise causes following error
during util-linux-native's do_configure task on Debian 11 build host
(mountfd_api requirement fails):
| configure: error: libmount_mountfd_support selected, but required mount FDs based API not available
Versions 5.10.223, 5.4.279 and 4.10.317 were also tested with qemuarm64
but the issue was not reproduced with those versions - using strace
showed that the mount_setattr call associated with the new mount API
problem was not issued with these LTS kernel versions, which seemed to
be confirmed also by following libmount debug message in these cases:
415: libmount: HOOK: [0x7fa115e818]: failed to init new API
Note: In addition to the aforementioned, this change was tested also
briefly using the current latest kernel versions 6.1.104, 6.6.45 and
6.10.3 that using the old mount API with newest kernels did not
introduce any observable regression to the boot flow.
(From OE-Core rev: dc086d9a8613143607af3583c72ed892e20b4d66)
(From OE-Core rev: c0487c8141ae2b9242447b53b71052769db6338f)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes CVE-fix for CVE-2024-41957, CVE-2024-41965 and CVE-2024-43374
Changes between 9.1.0114 -> 9.1.0682
====================================
https://github.com/vim/vim/compare/v9.1.0114...v9.1.0682
Note:
====
Removed patch "vim-add-knob-whether-elf.h-are-checked.patch" as libelf checks are removed from configure.ac as per
commit https://github.com/vim/vim/commit/1acc67ac4412aa9a75d1c58ebf93f2b29585a960
(From OE-Core rev: ad71057a09ec6304cee3771122224af011ee9087)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6d2938e53cad5d9bf2e78a5403e9f9fab1db77b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack
via improper synchronization during socket closure when a client keeps a socket open as the server
is taken offline.
(From OE-Core rev: 334f70c408ce5c95f145aa4657f343b023f7e1b4)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param bug at
libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
(From OE-Core rev: b78fd9322b80734ec54440a01a36323a9b1b83f1)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This CVE affects google cloud services that utilize libcurl wrongly.
(From OE-Core rev: d8aeaaf2d2ac3308af1ec442795e9714f0e6fc8c)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 27ac7879711e7119b4ec8b190b0a9da5b3ede269)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Pick commits per https://curl.se/docs/CVE-2024-7264.html
(From OE-Core rev: 0f1c4b8ae80dc90ee4ed89c4b99da2dca75dd247)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is similar CVE as the previous ones from the same author.
https://github.com/yaml/libyaml/issues/303 explain why this is misuse
(or wrong use) of libyaml.
(From OE-Core rev: f233c1b7d55fbc8c1968c105905462eed5c793e6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the QEMU disk image utility (qemu-img) 'info'
command. A specially crafted image file containing a `json:{}`
value describing block devices in QMP could cause the qemu-img
process on the host to consume large amounts of memory or CPU time,
leading to denial of service or read/write to an existing external file
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-4467
Upstream Patches:
https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1
https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5
https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6
https://gitlab.com/qemu-project/qemu/-/commit/6bc30f19498547fac9cef98316a65cf6c1f14205
https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613
(From OE-Core rev: 0e309919b8807950cebc8924fc1e15763548b1f1)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: fd4654df2d9eb36cae872dca4d23341ed5f9be91)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
| |
(From yocto-docs rev: 9b822bab8d351a120ebcdbc0d43d709921b88dca)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
1. Changed one letter (s/B/A), so the sentence is correct again.
2. Moved example from SYSROOT_DIRS_IGNORE into SYSROOT_DIRS section.
(From yocto-docs rev: 74cdaccd4cbe208de037b3b35c2cf0b8aa334748)
Signed-off-by: Matthias Pritschet <matthias@pritschet.eu>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
individual copies
Fixes [YOCTO 15536]
The postactions retrieval actions currently rely on scp executed
individually on any file or directory expanded from
TESTIMAGE_FAILED_QA_ARTIFACTS. Unfortunately, symlinks are not preserved
with this mechanism, which lead to big storage space consumption. Things
may go even worse if those symlinks create some circular chains. This
mechanism then needs to be updated to preserve symlinks instead of
following them during copy. There are multiple ways to do it:
- create a local archive on the target and execute scp on this file
- use rsync instead of scp for all files
- create an archive and pipe it to ssh instead of storing it onto the
target
The first solution may create pressure on targets storage space, while the
second assumes that rsync is installed on the target, which may not be
true. So the third one is a compromise: tar is very likely present, at
least through busybox, and no disk space is used on the target.
Replace the current per-file scp call by a single call to tar run on the
target. Retrieve the generated compressed archive directly from SSH output,
and feed it to another tar process but on host, to uncompress and extract
it at the same place as before.
(From OE-Core rev: 8b5c66c91d94f4c8521fe9443e65d86063dba5e5)
Signed-off-by: Alexis Lothoré <alexis.lothore@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4aeb10aa38efc6768928fbb74985e36e972b8e46)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're seeing reproducibility failures where some packages don't appear
in the "from sstate" builds. The common factor is these are all recipes
with PROVIDES = "virtual/XXX".
In a full build from scratch, these are build but in a build from sstate,
there are situations where they aren't. For now, to try and keep builds
working, work around the problem until we can better look into the problem.
It is likely recent taskhash imrovements have caused this to occur more
regularly.
(From OE-Core rev: 9f0eba6aba5e9b37975f86556c1234b145a0859e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 68086a333acc54390e4e589ef928dc90da3edb48)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the retry for the -SIGTERM, it is possible to still see that error
after the 5th attempt and mark the run a success. Check for any
non-zero status in the final check and error out to close the gap.
While there, make the error print match the one above and be a little
more verbose. Also, I'm seeing it take roughly 6 attempts on my local
(very slow) system to pass. So, increasing the number of attempts to
10.
(From OE-Core rev: 52a67132d4d7e656a39d87c03b1c6162018e8908)
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3c3ebe591eef6e0479d623ec2237cfea16db5c80)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure we show the failing exit code in case of failures.
We're seeing autobuilder failures with -15 (SIGTERM) which is probably from
slow boot/init. Retry in these cases for now.
(From OE-Core rev: 1bd6b0e29650c34652c1027b6975eb8620a73c55)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 127d3bd8d5509ae17e359c1365859fd362ffc74f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On exceptionally slow systems, the ssh test can intermittently fail due
to a race between when ping works and the networking applications being
brought up. To work around this issue, add some retry logic when ssh
fails to connect. According to the man page of ssh, "ssh exits
with the exit status of the remote command or with 255 if an error
occurred." So, only retry if the return code is 255, and limit the
number of retries to prevent it looping forever.
(From OE-Core rev: f6eacc39dc44c6b3dea9c44836addce5d03f20ef)
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f0fe0b490d309cdf1c97754f85a61b5b948b7f28)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The qemuboot.conf file contains the realpath of the kernel image
referenced by QB_DEFAULT_KERNEL. So, it must be recreated in case the
realpath of the referenced kernel image changes.
The variables KERNEL_IMAGE_NAME and KERNEL_IMAGE_BIN_EXT determine the
realpath of the kernel image relative to DEPLOY_DIR_IMAGE. Adding both of
them to the vardeps of the write_qemuboot_conf task triggers the
write_qemuboot_conf task in case the realpath of the kernel image
referenced by QB_DEFAULT_KERNEL changes.
Fixes: [YOCTO 15525]
(From OE-Core rev: fd21b5fa159e4c612475152e998ae85526fd60d9)
Signed-off-by: "Weisser, Pascal" <pascal.weisser.ext@karlstorz.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f8b3975a9ce36ea7af5fd76243a823da2842415b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes bug 15464.
OECORE_NATIVE_SYSROOT is correctly set up and exported in the SDK's
environment file. But it's then unset in buildtools/environment-setup-*.
The value is restored in the SDK's environment file but is not exported
again.
(From OE-Core rev: bdf07c1eb23dbb53ad1df415b665c8f459320420)
Signed-off-by: Gauthier HADERER <ghaderer@wyplay.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 825c996b7995d3ad510933b1a88229831ca5ea29)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The rsvg-loader test binary isn't installed but building it causes a mix
of build host and target code to be executed. As we don't install the
test, don't build it.
(From OE-Core rev: 310e9387a7a89b8a2a01ecc9fe889ede16622d66)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 78667e67a77df39c2af417e56ebf480962ff2e42)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are three baseparser tests which are causing trouble on the AB,
so disable them as we've filed an upstream bug.
Also fix a typo when we were attempting to disable parser_pull_short_read
where a colon was used instead of a comma.
(From OE-Core rev: 90a510acd11fe342d01c62e3b247425836711c50)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91dbe8d6c57805f38bd287f1b392759df066589b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a file conflict for arm when multilib enabled:
| Error: Transaction test error:
| file /usr/include/finclude/math-vector-fortran.h conflicts between attempted installs of
lib32-libc6-dev-2.39+git0+312e159626-r0.armv7at2hf_neon and libc6-dev-2.39+git0+312e159626-r0.cortexa72
Install math-vector-fortran.h to the gfortran default search directory
which is arch specific to avoid the conflict.
(From OE-Core rev: 58a5ddeff446bf459a719f10b07abd731c6c5634)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d2165543e796d4558c632af24eb7b115bca45969)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* use virtual/* variables as INHIBIT_DEFAULT_DEPS does to avoid dependency on gcc-cross-
from nativesdk-libgfortran
* the dependency was added in:
https://git.openembedded.org/openembedded-core/commit/?id=00fba52c8a6f6383137cf89fc7aa34cc3e2ff45f
causing:
build/oe-core $ bitbake -g nativesdk-libgfortran
NOTE: Resolving any missing task queue dependencies
ERROR: Nothing PROVIDES 'gcc-cross-x86_64' (but virtual:nativesdk:/OE/build/oe-core/openembedded-core/meta/recipes-devtools/gcc/libgfortran_14.1.bb DEPENDS on or otherwise requires it). Close matches:
gcc-cross-aarch64
...
with:
MACHINE=qemuarm64
FORTRAN:forcevariable = ",fortran"
* after:
https://git.openembedded.org/openembedded-core/commit/?id=44fc7aa1468ff042739cc5a91c84ef5c2a09e0a3
nativesdk-libgfortran is pulled as dependency of nativesdk-gcc so this affects
more people who didn't explicitly use nativesdk-libgfortran before
* the INHIBIT_DEFAULT_DEPS and gcc-runtime was there since gcc-4.8:
https://git.openembedded.org/openembedded-core/commit/?id=a5e7ee5770b9e0cf719c573efffd874440f74289
(From OE-Core rev: 63ecb048f8238f67e21f77512b5276021b060d64)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5ce2e9c66cd2c08e141913ec65386f940353a8c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If DISTRO_CODENAME was not set, VERSION_CODENAME field was populated
with unparsed string. This resulted in the following line in os-release
file:
VERSION_CODENAME="${DISTRO_CODENAME}"
According to systemd documentation, this field is optional.
Fix the problem by setting VERSION_CODENAME conditionally, only if
DISTRO_CODENAME was set.
(From OE-Core rev: d53b627a68701393ac0a1acb591817f4b5dde59d)
Signed-off-by: Daniel Semkowicz <dse@thaumatec.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 70a0b8bc1d846c857be90ce2e97e60c5ee32558e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix typos in debugging and error messages.
(From OE-Core rev: 29b33a9329d69806fda9ef6ce65423df6c19e787)
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 4995e222ebdc9b5508c2f03a11868f184e4629a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add myself as maintainer for the following:
- python3-setuptools
- python3-smmap
- python3-subunit
- python3-testtools
With that, every Python recipe in oe-core has a maintainer assigned.
(From OE-Core rev: 97c2cf74e556511b3827362f6b3439daa26091e9)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f7c4ab54d3ff1895d9fcb9aa20dece5e0661579d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bpftrace recipe under meta-clang[1] needs llvm-objcopy [2] during
do_confgure phase otherwise there comes below error:
| CMake Error at tests/data/CMakeLists.txt:6 (find_program):
| Could not find LLVM_OBJCOPY using the following names: llvm-objcopy,
| llvm-objcopy-18, llvm18-objcopy
The commit ec22bfa67f llvm: allow building libllvm in native builds, subject to PACKAGECONFIG [3]
introduces libllvm to manage the llvm function for native build
maybe because there is only mesa-native to use llvm-native.
Considering there are other recipes such as bpftrace needs llvm-native,
so enable libllvm for native build.
[1] https://github.com/kraj/meta-clang
[2] https://github.com/bpftrace/bpftrace/blob/master/tests/data/CMakeLists.txt
[3] https://git.openembedded.org/openembedded-core/commit/?id=ec22bfa67f6f1766102501d4593ce29aafe8c166
(From OE-Core rev: bd451b9cd951778cc6cdb0fe13f87c723c153d27)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to latest 1.22.x release [1]:
$ git --no-pager log --oneline go1.22.5..go1.22.6
cb4eee693c (tag: go1.22.6, origin/release-branch.go1.22) [release-branch.go1.22] go1.22.6
8c8adffd53 [release-branch.go1.22] cmd/compile: add 0-sized-value simplification to copyelim
70a1aae67f [release-branch.go1.22] cmd/trace/v2: make the -pprof actually useful
2c88c1d599 [release-branch.go1.22] cmd/trace/v2: handle the -pprof flag
4c50f9162c [release-branch.go1.22] cmd/internal/cov: close counter data files eagerly
9e148a4150 [release-branch.go1.22] internal/bytealg: extend memchr result correctly on wasm
4b27560db9 [release-branch.go1.22] go/types: fix assertion failure when range over int is not permitted
4e548f2c8e [release-branch.go1.22] cmd/link: don't let dsymutil delete our temp directory
45f9ded1df [release-branch.go1.22] cmd/compile: don't elide zero extension on top of signed values
49906f9575 [release-branch.go1.22] cmd/go: fix build config before creating actions for 'go list -cover'
ea96074191 [release-branch.go1.22] os/exec: only use cachedLookExtensions if Cmd.Path is unmodified
[1] https://github.com/golang/go/compare/go1.22.5...go1.22.6
(From OE-Core rev: bd62a437ddd8470ff5a3a3d543885908901b7bce)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edaedfce685f13decad7608aefa36dece02665b0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e]
CVE's Fixed:
CVE-2024-7006 libtiff: NULL pointer dereference in tif_dirinfo.c
(From OE-Core rev: 7fd3c7e9742a4efa0fbebc1d0ed1da8f6d960175)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5313b4b233a486e8a1483757ad9c9aed3a213aae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
(From OE-Core rev: 1103182ac9ae5139a5c3d7381007f61c1f7d91a6)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
