| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]
(From OE-Core rev: d46891efa23932a048f7cc4d82c6387e03262f76)
Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]
(From OE-Core rev: 033db4876844b17de7673970860eb155d15c56e7)
Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44]
(From OE-Core rev: 27278ebd5d102ce5a9d45f94a93932065025657b)
Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
html/template: disallow actions in JS template literals
Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
(From OE-Core rev: 835462d697a5f294900843b8bcd628709c256605)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A parsed MIME header is a map[string][]string. In the common case,
a header contains many one-element []string slices. To avoid
allocating a separate slice for each key, ReadMIMEHeader looks
ahead in the input to predict the number of keys that will be
parsed, and allocates a single []string of that length.
The individual slices are then allocated out of the larger one.
The prediction of the number of header keys was done by counting
newlines in the input buffer, which does not take into account
header continuation lines (where a header key/value spans multiple
lines) or the end of the header block and the start of the body.
This could lead to a substantial amount of overallocation, for
example when the body consists of nothing but a large block of
newlines.
Fix header key count prediction to take into account the end of
the headers (indicated by a blank line) and continuation lines
(starting with whitespace).
Thanks to Jakob Ackermann (@das7pad) for reporting this issue.
Fixes CVE-2023-24534
For #58975
Fixes #59267
(From OE-Core rev: 28bfa033ce965d7316a8b4296d10f3ad74d711db)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This CVE is related to Windows.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664
(From OE-Core rev: c812189760292ae39f7c10cfbde8f11130cce085)
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NASM v2.16 was discovered to contain a heap buffer overflow in the
component quote_for_pmake() asm/nasm.c:856
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-44370
Upstream patches:
https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
(From OE-Core rev: 1568df72136f46f0767bba56c10c48bf2a1ec259)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport patch [1] to fix CVE-2023-28755.
[1] https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300
(From OE-Core rev: 605634cf1adef2d9cf6dc6fdf17aa4032385497f)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting a large line or column number using a //line directive can cause
integer overflow even in small source files.
Limit line and column numbers in //line directives to 2^30-1, which
is small enough to avoid int32 overflow on all reasonbly-sized files.
Fixes CVE-2023-24537
Fixes #59273
For #59180
(From OE-Core rev: 15c07dff384ce4fb0e90f4f32c182a82101a1c82)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is specific to Microsoft Windows, ignore it.
Patch fixing it (https://go-review.googlesource.com/c/go/+/446916)
also adds a redundant check to generic os/exec which
could be backported but it should not be necessary as
backport always takes a small risk to break old code.
(From OE-Core rev: ae8167754ff1c02f2d92af03de804754ea77a3e5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
path/filepath: do not Clean("a/../c:/b") into c:\b on Windows
Backport from https://github.com/golang/go/commit/bdf07c2e168baf736e4c057279ca12a4d674f18c
(From OE-Core rev: f60637b3c9045656047d6ffcfaadbef5ad1d3d06)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e
(From OE-Core rev: 0f8eb0505e19ccd27e1b91f27285a9fc87f2aa93)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backport from go-1.19. The godebug package is needed by
the fix to CVE-2022-41725.
Mostly a cherry-pick but exceptions are noted in comments
marked "backport".
(From OE-Core rev: e5cf04f55b4849ae6db1253b39ad8b037cf01af4)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3e307d538c351aa9327cbad672c884059ecc20dd]
(From OE-Core rev: d478e7ea0bb897e13d86c476966924ef9927f11a)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was the original reason to add the patch:
https://git.openembedded.org/openembedded-core/commit/?id=18efcbcb896239c64fedd009ce57f3f0c668cbc0
and this is the upstream discussion which suggests handling
read-only files explicitly outside of patchelf:
https://github.com/NixOS/patchelf/pull/89
(From OE-Core rev: 163e2d5defebab262a5ec6fa9885deedace538f2)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adapt json-c recipe to compile and deploy a ptest for json-c.
Also add a small script for executing the tests.
All tests were successful on a trial and took around 20 seconds.
(From OE-Core rev: 7d588d0727d49dcf04d7c3d8a4ec23ca2f6cc56d)
Signed-off-by: Simone Weiß <simone.weiss@elektrobit.com>
Signed-off-by: Kai Tomerius <kai.tomerius@elektrobit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 757a5fbdeed58573c40d6e21475cc516aa49fd1c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.
Backport from https://github.com/golang/go/commit/5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3
(From OE-Core rev: 7440ebac50813e5df73da2d660a50fa97de650de)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This helps in building rsync without autoconf patch, since it will be a
while that the round trip is made, better to apply this patch here until
next release of autoconf.
(From OE-Core rev: 11522b98697befcf13076a90cec4f8ade1fa0645)
(From OE-Core rev: 3eeab90fd45a1e8de6d9d16dfdec79c72639614b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d6b8fb0863d81f60f8a8b53c3b5b4676d508965)
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: c53d465865d4a9c109322074c2653a3a8b665238)
(From OE-Core rev: 4ddd3559a3b6fbca3d4959be8762f44e4e948f7c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51d8e0e20e2965517a64e954d51a23be52e5f4f3)
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function is referencing '${S}/..'.
It uses ${S} only as good known directory path to start
traversing from, and it does not need it to exist or be populated.
If ${S} does not exist yet, the function will fail because
it cannot evaluate path .. from non-existing directory.
Reproducer (verified in master and kirkstone):
bitbake gcc -c deploy_source_date_epoch
bitbake gcc -c cleansstate
rm -rf build/tmp
bitbake gcc -c deploy_source_date_epoch
(From OE-Core rev: 728018bbfe1de53661881a05e0359083ad544f97)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 42661a59cda164b2d236ffc35b4d8cf43312b677)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport appropriate patches to fix CVE-2022-2879 and CVE-2022-41720.
Modified the original fix for CVE-2022-2879 to remove a testdata tarball
and any references to it since git binary diffs are not supported in
quilt.
(From OE-Core rev: a896cebe1ce2363b501723475154350acf0e0783)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 66575e31b76894e217350350307b30d3684ba4fa.
Revert CVE-2021-3507 for qemu as it is not applicable for qemu6.2
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-3507
Conflicts:
meta/recipes-devtools/qemu/qemu.inc
(From OE-Core rev: b7d96c1e94f79044f86de5cdf4a0eaa61d4ee0b8)
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 8a8a86076f9eed36b7f4c831ad8882d07de62e8e)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 70adf86b515934168a6185dcff4a8edb39a40017)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It fails to import anything from git/remote.py:
File "/path_to/python3-git-native/3.1.27-r0/GitPython-3.1.27/git/remote.py", line 700
url = Git.polish_url(url)
^
IndentationError: unexpected indent
(From OE-Core rev: 48633d8920210e55e0b9ee3004f0502f9f0eec48)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Backport fix from cpython 3.11 branch.
(From OE-Core rev: 37defd828cc6a8267139928730d766167905d21a)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Backport from https://gitea.treehouse.systems/ariadne/pkgconf/commit/628b2b2bafa5d3a2017193ddf375093e70666059
(From OE-Core rev: 5c156d8c06267b7a733aca11c53c2905e03e4a58)
Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error: Transaction test error:
file /usr/bin/vala-gen-introspect-0.56 conflicts between attempted installs of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
file /usr/bin/vapigen-wrapper conflicts between attempted installs
of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
The differences of vala-gen-introspect-0.56 are as follows:
@@ -2,7 +2,7 @@
prefix=/usr
exec_prefix=/usr
-libdir=/usr/lib64
+libdir=/usr/lib
pkglibdir=${libdir}/vala-0.56
if [ $# -ne 2 ]
The wrapper isn't used on target so we can simply delete it.
(From OE-Core rev: 8b41b5d2e423636942e34723ad940f6f143640c9)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3cf894b8a9c4fa14fcc7c7445e85e9ae3192b398)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error: Transaction test error:
file /usr/include/luaconf.h conflicts between attempted installs of lua-dev-5.4.4-r0.aarch64 and lib32-lua-dev-5.4.4-r0.armv7ahf_neon
The differences between the two files are as follows:
@@ -219,7 +219,7 @@
#define LUA_ROOT "/usr/"
#define LUA_LDIR LUA_ROOT "share/lua/" LUA_VDIR "/"
-#define LUA_CDIR LUA_ROOT "lib64/lua/" LUA_VDIR "/"
+#define LUA_CDIR LUA_ROOT "lib/lua/" LUA_VDIR "/"
#if !defined(LUA_PATH_DEFAULT)
#define LUA_PATH_DEFAULT \
(From OE-Core rev: b2892b3b6fa1d396f845539c0256ca0f71378b94)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b58d86f9902a7eb7a821a3e36ba298c082c0f1f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From an SDK, running a meson setup build without an explicit setup
command can result in a native build when a cross build is expected.
The problem is in meson-wrapper where it tries to detect whether a
setup command is being used. The logic looks through all arguments for
a command, and the first argument it finds that doesn't start with a -
is treated as the command. This doesn't work for an implicit setup
command if any option with a space-separated argument exists. In this
case, the argument is incorrectly selected as the command, causing the
setup command options for the cross build to be excluded from the
command line, and thus a native build.
Improve the logic by just looking at the first argument. If it is
a known comand, then record it. Otherwise just assume it is the
implicit setup command.
Note that this fix does not address the possibility of a new meson
command. Two new echo statements are included to help the user in case
of trouble:
```
~/git/weston-imx$ meson --warnlevel 3 --prefix=/usr -Ddoc=false -Dbackend-drm-screencast-vaapi=false -Dcolor-management-lcms=false -Dpipewire=false -Dbackend-x11=false -Dxwayland=true -Dsimple-clients=all -Dbackend-wayland=false -Dbackend-default=drm -Dbackend-rdp=false -Dtest-junit-xml=false -Dlauncher-libseat=false -Dimage-jpeg=false -Dimage-webp=false -Drenderer-g2d=true build
meson-wrapper: Implicit setup command assumed
meson-wrapper: Running meson with setup options: " --cross-file=/opt/fsl-imx-internal-xwayland/6.1-langdale/sysroots/x86_64-pokysdk-linux/usr/share/meson/aarch64-poky-linux-meson.cross --native-file=/opt/fsl-imx-internal-xwayland/6.1-langdale/sysroots/x86_64-pokysdk-linux/usr/share/meson/meson.native "
The Meson build system
Version: 0.63.3
```
(From OE-Core rev: 1f30dedee80669475557d9de5f130b7a23eaa7ec)
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9338bd66a3c9ab5cb781f2ee588306c5b31a3cb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add direct dependency of below native python3 modules
to fix the compile issue
python3-semantic-version-native
python3-setuptools-native
python3-setuptools-scm-native
python3-toml-native
python3-typing-extensions-native
python3-wheel-native
This issue is not seen in the upstream yocto but in the project,
where the python modules are not built by any other dependency.
They have to be explicitly pulled.
This fixes below error:
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/setuptools/config.py", line 422, in _parse_attr
module = importlib.import_module(module_name)
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/recipe-sysroot-native/usr/lib/python3.10/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1050, in _gcd_import
File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 883, in exec_module
File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/setuptools-rust-1.1.2/setuptools_rust/__init__.py", line 1, in <module>
from .build import build_rust
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/setuptools-rust-1.1.2/setuptools_rust/build.py", line 23, in <module>
from typing_extensions import Literal
ModuleNotFoundError: No module named 'typing_extensions'
(From OE-Core rev: 0ae1ed426e97d9d53fb31a9751de5a3f1898b16b)
Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com>
Signed-off-by: Poonam Jadhav <ppjadhav456@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently binutils in buildtools is searching for /etc/etc/ld.so.conf
which makes no sense. ld_sysconfdir already contains /etc so we need to
drop the /etc from the fixed string.
(From OE-Core rev: 47528fa2aa590b3e04e4cc2b66704143419a92d1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ccd28c418ab8390118d738fbe914395b5c2a1f75)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09]
(From OE-Core rev: 3dd27bbe8c19aa358916de940453de81d3831510)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport 2 patches and rebase
0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch to fix
compile error:
../qemu-6.2.0/hw/display/qxl.c: In function 'qxl_phys2virt':
../qemu-6.2.0/hw/display/qxl.c:1477:67: error: 'size' undeclared (first use in this function); did you mean 'gsize'?
1477 | if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
| ^~~~
| gsize
../qemu-6.2.0/hw/display/qxl.c:1477:67: note: each undeclared identifier is reported only once for each function it appears in
(From OE-Core rev: b3f42317c1932253e7e6b2fd7a263bdbd6c2f69a)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade git to latest 2.37.x release to address
security issues CVE-2022-23521 and CVE-2022-41903.
(From OE-Core rev: 0e7de5066491bc9b860ad4d65965d6f848898aff)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bootchart2 introduced a variable EARLY_PREFIX for supporting systems
with usrmerge [1]. Right now, the recipe here is sidestepping this
feature and trying to replicate it by overwriting other variables and
even patching the sources. This wasn't enough, however, as there are
still problems: For example, some setup code in the bootchart-collector
fails because it expects EARLY_PREFIX to be used [2].
Cleanup the recipe to set EARLY_PREFIX and remove the other workarounds.
[1]: https://github.com/xrmx/bootchart/commit/56a638ace1d172163b6d636c89892446b8add4b6
[2]: https://github.com/xrmx/bootchart/blob/3d2136d0335718fbe1a8e2370ccbc30123a6e593/collector/collector.c#L670-L672
Fixes: 4157600d3122 ("bootchart2: switch to add patch from change source in do_install")
(From OE-Core rev: 5d2e5abd098ae0b4f904cd7270daa1eb61708fa6)
Signed-off-by: Harald Seiler <hws@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7031bc65b10040877392ed774a0cdddef85c12e0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bitbake nativesdk-apt failed with error:
ERROR: nativesdk-apt-2.4.5-r0 do_package_qa: QA Issue: nativesdk-apt installs files in /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/var/volatile, but it is expected to be empty [empty-dirs]
an empty dir apt is installed under /var/log/, fix the failure
by removing the empty dir apt as what we have done for target.
apt will create it when it does not exist.
(From OE-Core rev: a7b4578296d584b53ae156cb23dbe5d2e0591569)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5b035a59d7915da784f1e6678ee130f30d7ceb8a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* True is default since 2016 and most layers were already updated
not to pass this parameter where not necessary, e.g. oe-core was
updated couple times, first in:
https://git.openembedded.org/openembedded-core/commit/?id=7c552996597faaee2fbee185b250c0ee30ea3b5f
Updated with the same regexp as later oe-core update:
https://git.openembedded.org/openembedded-core/commit/?id=9f551d588693328e4d99d33be94f26684eafcaba
with small modification to replace not only d.getVar, but also data.getVar as in e.g.:
e.data.getVar('ERR_REPORT_USERNAME', True)
and for getVarFlag:
sed -e 's|\(d\.getVarFlag \?\)( \?\([^,()]*, \?[^,()]*\), \?True)|\1(\2)|g' \
-i $(git grep -E 'getVarFlag ?\( ?([^,()]*), ?([^,()]*), ?True\)' \
| cut -d':' -f1 \
| sort -u)
(From OE-Core rev: de7bf6689a19dc614ce4b39c84ffd825bee1b962)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 26c74fd10614582e177437608908eb43688ab510)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 24a86d0c55ee89ae0dc77975e1d0ee02898d2289)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is specific to Git-for-Windows.
(From OE-Core rev: 72438f0a54296a12cfd770c5c67b1e038f019dee)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8849af809e0213d43e18e5d01067eeeb61b330d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
upgrade include fix for CVE-2022-23521 and CVE-2022-41903
(From OE-Core rev: d21b033c2f8890989729bc1468254c9298f9a518)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since version 7.0.0 [1], pytest switched from the toml package to the
tomli package for parsing pyproject.toml configuration files [2].
This change is not immediately noticable during tests, because the
toml/tomli module is only important if a pyproject.toml is actually
present in a project.
[1] https://docs.pytest.org/en/latest/changelog.html#pytest-7-0-0rc1-2021-12-06
[2] https://github.com/pytest-dev/pytest/issues/8789
(From OE-Core rev: e5e590ed9e118283ad67bcfb059b3375cf847b33)
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certifi is a curated collection of Root Certificates for validating the
trustworthiness of SSL certificates while verifying the identity of TLS
hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from
the root store. These are in the process of being removed from Mozilla's
trust store. TrustCor's root certificates are being removed pursuant to
an investigation prompted by media reporting that TrustCor's ownership
also operated a business that produced spyware. Conclusions of Mozilla's
investigation can be found in the linked google group discussion.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-23491
(From OE-Core rev: 8ee4adb8675c690962e5820669098a95f74c07c7)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 135a9094fc9e2a525b568960a909cb55ec1d25c5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 50b81a263187af4452d3b99967bffd01c6ddb476)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This test assumes that if a child process writes one line to stderr and
then another line to stdout, and stderr is redirected to stdout, that
the order the lines will be read is stable.
This isn't the case and occasionally the lines will be read in a
different order. Change the test to ignore line ordering.
[ YOCTO #14469 ]
(From OE-Core rev: 9f72693736a3a7a06a83022d98b389f1218532f1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1ddbe4d2bd8d8da10dac8a054f130fcd1d242219)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport fix from master to allow gcc to use proper linker path for
musl [Yocto #14977].
Fixes:
| qemu-arm: Could not open '/lib/ld-musl-armhf.so.1': No such file or directory
(From OE-Core rev: d821a602c56a8d0c8171ee0d2ce31613121be3a6)
Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27
(From OE-Core rev: f4d179aab7c8f55669ac652a0668644859ec2eb7)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All versions of package gitpython are vulnerable to Remote Code Execution
(RCE) due to improper user input validation, which makes it possible to
inject a maliciously crafted remote URL into the clone command. Exploiting
this vulnerability is possible because the library makes external calls to
git without sufficient sanitization of input arguments.
CVE: CVE-2022-24439
Upstream-Status: Backport
Reference:
https://github.com/gitpython-developers/GitPython/discussions/1529
https://github.com/gitpython-developers/GitPython/pull/1518
https://github.com/gitpython-developers/GitPython/pull/1521
(From OE-Core rev: 55f93e3786290dfa5ac72b5969bb2793f6a98bde)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1
and earlier allows remote attackers to cause a denial of service via
attacker controlled input to wheel cli.
CVE: CVE-2022-40898
Upstream-Status: Backport [https://github.com/pypa/wheel/commit/88f02bc335d5404991e532e7f3b0fc80437bf4e0]
(From OE-Core rev: 0974291e545aec68755dfb634c75dca37cca1ea9)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers
to cause a denial of service via HTML in a crafted package or custom PackageIndex
page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py.
CVE: CVE-2022-40897
Upstream-Status: Backport [https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be]
(From OE-Core rev: f574d8d57ff3fbc38e350e7a90913993081c4fdf)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add patch to fix CVE-2022-4144
Link: https://security-tracker.debian.org/tracker/CVE-2022-4144
(From OE-Core rev: 4cb3874abf4fdeb04337a48a14c765ba9b2269d4)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This test is failing on the arm workers only so skip there until the issue
can be worked on and resolved. The bug #14311 will remain open for tracking.
(From OE-Core rev: c35db8b7ac2eaeff36afb43a0c3f54b5866c8305)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d98deec9e4aed9e05343d2758f3a3892e2044616)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
