summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
...
* go-crosssdk: avoid host contamination by GOCACHERobert Andersson2023-01-061-0/+2
| | | | | | | | | | | | | | | | | | By default GOCACHE is set to $HOME/.cache. Same issue for all other go recipes had been fixed by commit 9a6d208b: [ go: avoid host contamination by GOCACHE ] but that commit missed go-crosssdk recipe. (From OE-Core rev: 803b754c64c8ee923cc02c17cf80798c93e3811c) Signed-off-by: Robert Andersson <robert.m.andersson@atlascopco.com> Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit e5fd10c647ac4baad65f9efa964c3380aad7dd10) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: update 3.1.2 -> 3.1.3Alexander Kanavin2023-01-062-38/+1
| | | | | | | | | | (From OE-Core rev: 3e43f3925bce640999a25ceb855a77d8cd0afd26) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 402254a5f841520b132508c21465111d33b6eb1a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: merge .inc into .bbAlexander Kanavin2023-01-062-44/+40
| | | | | | | | | | (From OE-Core rev: 22d6559bc30897a82f4519ac463f12f01fea18bc) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit d88ff809b2e78ee49d5da42bb08ff5244e6101af) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils : Fix CVE-2022-4285Yash.Shinde@windriver.com2023-01-062-0/+38
| | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70] (From OE-Core rev: 1f269e532a8fd463de2869be2768feb79ad36bd7) Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: upgrade 3.10.8 -> 3.10.9Florin Diaconescu2022-12-233-180/+1
| | | | | | | | | | | | | | | | | | | Security and bug fixes. Drop patch for CVE-2022-42919 and CVE-2022-37454 which were merged in 3.10.9 Fixes: * CVE-2022-45061 (gh-98433) https://nvd.nist.gov/vuln/detail/CVE-2022-45061 List of changes: https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-9-final (From OE-Core rev: f98b9c71686eb5ce5115ee73155a7d0389831ef0) Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* golang: CVE-2022-41715 regexp/syntax: limit memory used by parsing regexpsHitendra Prajapati2022-12-232-0/+271
| | | | | | | | | | Upstream-Status: Backport from https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 (From OE-Core rev: d5a533b86ce68b4c3cd2d3c3dd198c2897d37587) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* valgrind: remove most hidden tests for arm64Qiu, Zheng2022-12-131-224/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | An earlier version of valgrind fixed the defunct processes bug, so those tests that were skipped specifically for arm can pass now in master, kirkstone, honister, hardknott, and dunfell. Detailed test result with remove-for-aarch64 skipped on qemuarm64: Commit Pass Fail Skip master 624 9 21 kirkstone 618 10 20 honister 616 10 19 hardknott 609 13 18 dunfell 598 16 17 zeus Out of memory: Killed (with many defunct processes) There are now only 12 skipped by remove-for-aarch64 because 9 fail on qemuarm64 and 3 more fail on raspberry pi. These are tracked by: https://bugzilla.yoctoproject.org/show_bug.cgi?id=14960 (From OE-Core rev: 1101e877d818144ac64bab3d50364a1343c09d16) Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Randy MacLeod <randy.macleod@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit cbeb9418c43ec834868aa65b774dc09e983d26d9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg: Set correct info_dir and status_file in opkg.confHarald Seiler2022-12-131-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Distros can customize the location of OPKG data using OPKGLIBDIR. In OE-Core commit 11f1956cf5d7 ("package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default"), a fix was applied to correctly set the info_dir and status_file options relative to OPKGLIBDIR. However, as the commit message notes, the opkg.conf file deployed as part of the opkg package must also be adjusted to correctly reflect the changed location. Otherwise, opkg running inside the image cannot find its data. Fix this by also setting the info_dir and status_file options in opkg.conf to the correct location relative to OPKGLIBDIR. Fixes: 11f1956cf5d7 ("package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default") (From OE-Core rev: 658c9901be38a322770f3445ba2bc2fa01dc0aab) Signed-off-by: Harald Seiler <hws@denx.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit adb939ae3635de6e02208859fbf29cf0ed39f565) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: advance to version 3.10.8Joe Slater2022-12-132-2/+110
| | | | | | | | | | Fixes CVE-2022-37460. Also add patch to fix CVE-2022-37454. (From OE-Core rev: b446dd69b79783ea232514e1c5212595ec28e553) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vala: install vapigen-wrapper into /usr/bin/crosscripts and stage only thatAlexander Kanavin2022-12-011-5/+5
| | | | | | | | | | | | | | Staging the whole /usr/bin is not correct, as it pulls in also all the vala's cross binaries, which may be discovered by other recipes and things will go wrong then. (From OE-Core rev: 66bdef9f5cae941c5067d88b1d26b2d6236ec56d) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 52629d9db0344146ff4734632b17bd731e247fd5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu-helper-native: Correctly pass program name as argv[0]Joshua Watt2022-12-011-11/+4
| | | | | | | | | | | | | | | The previous version of this wasn't correctly passing the program name as argv[0], and was also over-complicated anyway because argv[] is guaranteed to be terminated with a NULL pointer, so it can be passed directly to the execv'd process without needing to be copied. (From OE-Core rev: c8b7a0570903fc7916530c2fcffaee3b61f27301) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 6edf38add3c20c44efe0588e2815bb280d22e0c4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu-helper-native: Re-write bridge helper as C programJoshua Watt2022-12-013-28/+44
| | | | | | | | | | | | | | | | | | | | | | | The bridge helper program is invoked directly from QEMU when it needs to attach to a network bridge. As such, it is subject to the environment of QEMU itself. Specifically, if bridging is enabled with direct rendering acceleration, QEMU is run with an LD_PRELOAD that attempts to preload several uninative libraries; however /bin/sh doesn't use the uninative loader which means it can fail to start with an error like: /bin/sh: symbol lookup error: sysroots-uninative/x86_64-linux/lib/librt.so.1: undefined symbol: __libc_unwind_link_get, version GLIBC_PRIVATE Converting the helper program to a C program resolves this problem because it will now use the uninative loader so the preload doesn't cause errors. (From OE-Core rev: 428a0be91eafb961f0fe92d2abccde5352c54c54) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit f698e98f2f09952b34488b8cf9e73e82bd7aea07) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mtd-utils: upgrade 2.1.4 -> 2.1.5Alexander Kanavin2022-12-011-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Raw short log since the 2.1.4 release: Alex Henrie (1): mkfs.jffs2: fix spelling of --compression-mode parameter in help text Andrew Mellor (1): ubinfo: Fix --vol_id return code for absent volume id Christophe Kerello (1): nandflipbits: fix corrupted oob David Oberhollenzer (1): Release mtd-utils-2.1.5 Enrico Jorns (1): libmtd: do not ignore non-zero eraseblock size when MTD_NO_ERASE is set Frederic Germain (2): .gitignore: add new ubiscan utility Fix warning about unaligned pointer in jffs2reader Khem Raj (1): tests: Remove unused linux/fs.h header from includes Michael Walle (1): mtd-utils: flash_otp_dump make offset optional Mike Frysinger (1): fix test bashism Rafał Miłecki (1): nandwrite: warn about writing 0xff blocks Sascha Hauer (1): mtd-utils: nanddump: fix writing big images on 32bit machines liaohua (1): nor-utils: fix memory leak (From OE-Core rev: 7f2503ef132634431b28207c51b3fd18de076eb9) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit a3289c988764e5b864873b4adc7656c101a5b9c0) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: fix CVE-2022-2880Sakib Sajal2022-12-012-0/+179
| | | | | | | | | | Backport patch to fix CVE-2022-2880. (From OE-Core rev: a38f8316fdd0c9fc6fc7af195973028370935ba3) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: fix CVE-2022-42919 local privilege escalation via the ↵Vivek Kumbhar2022-12-012-0/+71
| | | | | | | | | | | | multiprocessing forkserver start method Upstream-Status: Backport from https://github.com/python/cpython/commit/eae692eed18892309bcc25a2c0f8980038305ea2 (From OE-Core rev: 9ed7184930707c98afabca8c6b712df874ad659f) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-source: Ensure deploy_source_date_epoch sstate hash doesn't changeRichard Purdie2022-11-241-0/+7
| | | | | | | | | | | | | | | | | | Currently if you switch machines, gcc-source do_deploy_source_date_epoch would re-run as the stamps are tune specific. This hasn't caused much of an issue until now, however if we fix the gcc recipes to reuse the timestamp from this task, it does then create problems. Copy code from allarch to ensure this task hash doesn't change between machines/tunes. (From OE-Core rev: 1511cb3bae2d6e2dad48269108e68967ae302efc) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 7e052d03464ba5e880a6c5a0e45ff2f467ef97e8) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-source: Drop gengtype manipulationRichard Purdie2022-11-241-2/+0
| | | | | | | | | | | | | | | | Whilst we patch gengtype.cc, we don't patch gengtype-lex.cc which would be the file which would trigger regeneration of files. The real bug that was likely the cause for this fix is probably SDE issues with gcc shared workdir so this code can now be dropped. (From OE-Core rev: 8a49626bb32b40a2cf97fd8b80564b494ae38698) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 7ab82b5db2a737c2a0266280b15d343a27c0e1d5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-source: Fix gengtypes raceRichard Purdie2022-11-241-1/+1
| | | | | | | | | | | | | | | | | | | | gcc renamed .c files to .cc files: https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=5c69acb32329d49e58c26fa41ae74229a52b9106 but we didn't fix this reference which meant we re-introduced a race around gengtypes-lex.c. This lead to the race reappearing on the autobuilder. Fix the naming to avoid the problem again. [YOCTO #14953] (From OE-Core rev: ac7d5ea832c880002fd466360294ffb357e9c56c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit dbca40ed399405b663dbc3894e35596a2615f47d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-shared-source: Fix source date epoch handlingRichard Purdie2022-11-241-0/+10
| | | | | | | | | | | | | | | | | | | | | | | The source date epoch for gcc isn't being transferred from the shared workdir to the current WORKDIR for the specific recipe. This results in the clamping code within sstate.bbclass using a value from 2011 which changes the timestamps of many files. Since this happens part way through the build, if pieces of gcc haven't built, or build/rebuild later, we see things rebuilding when they should not and for generated files, races are possible. Fix this by copying the SDE from the shared workdir into the recipe workdir. [YOCTO #14953] (From OE-Core rev: 0511f24264bcc27d6b61edd2e16f899c985eb8ad) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit b996293b4c8ab7ff3ed852045d17290df29205df) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* get_module_deps3.py: Check attribute '__file__'Leon Anavi2022-11-241-1/+1
| | | | | | | | | | | | | | | Check if the module object has attribute '__file__' to fix and avoid errors like: AttributeError: module '_abc' has no attribute '__file__'. Did you mean: '__name__'? (From OE-Core rev: 1684457df9fb7029a276df4438c8fc4a17e3e1e9) Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 8acce12c1a4cf37ac312c92d62a6ae93a349dddf) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tcl: correct patch statusAlexander Kanavin2022-11-241-1/+1
| | | | | | | | | | | (From OE-Core rev: ccb7df0d61792bbc6fd5ef62848035207a63cf5d) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9f37e5b83db662bba92605c8741516108aad3c5e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: add io_uring PACKAGECONFIGRoss Burton2022-11-201-0/+1
| | | | | | | | | | | | | io_uring is enabled or disabled depending on whether liburing is available, so add a PACKAGECONFIG to make this explicit, disabled by default. (From OE-Core rev: 3243b069db7629d15e4b8c25b4133f824d18520c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit daee79639c39ac6278855b35e0ddf71e52dd13f8) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* quilt: backport a patch to address grep 3.8 failuresAlexander Kanavin2022-11-202-0/+145
| | | | | | | | | | (From OE-Core rev: 97e522c83965777eb5faa1098ddee921e1c7fe79) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit b5001af5c711a373bd2f1ea108c8b597dd40faca) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-mako: backport fix for CVE-2022-40023Narpat Mali2022-11-202-0/+121
| | | | | | | | | | | | | | | | | Sqlalchemy mako before 1.2.2 is vulnerable to Regular expression Denial of Service when using the Lexer class to parse. This also affects babelplugin and linguaplugin. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-40023 Reference to Upstream Patch: https://github.com/sqlalchemy/mako/commit/925760291d6efec64fda6e9dd1fd9cfbd5be068c (From OE-Core rev: 34727812b54fd52f85806f4f95702286d551b5fd) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* QEMU: CVE-2022-3165 VNC: integer underflow in vnc_client_cut_text_ext leads ↵Hitendra Prajapati2022-11-202-1/+62
| | | | | | | | | | | | to CPU exhaustion Upstream-Status: Backport from https://gitlab.com/qemu-project/qemu/-/commit/d307040b18 (From OE-Core rev: c7eb6da6fa68caf2fb0becbbebeea5e8ea2c9c56) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cmake-native: Fix host tool contamination (Bug: 14951)Bernhard Rosenkränzer2022-11-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Trying to build cmake-native on a host system where curl was built with cmake (resulting in CURLConfig.cmake and friends, which do not use the same naming schemes expected by cmake-native's build process, being installed to a system wide cmake directory like /usr/lib64/cmake/CURL) results in undefined references to all libcurl symbols. The problem is that cmake-native sees and uses the system wide /usr/lib64/cmake/CURL/CURLConfig.cmake, which defines CURL::libcurl and CURL::curl as opposed to setting ${CURL_LIBRARIES} as expected by cmake-native. find_package(CURL) (cmake-native's CMakeLists.txt, line 478) succeeds, but incorrectly uses the system wide CURLConfig.cmake, resulting CMAKE_CURL_LIBRARIES to be set to an empty string (cmake-native's CMakeLists.txt, line 484), causing the cmake-native build to miss -lcurl. The simplest fix is to let cmake know the right value for CURL_LIBRARIES. Making it -lcurl should always work with libcurl-native in recipe-sysroot-native. (From OE-Core rev: 0896d76a167dc9a64d69717ba66f12e7e1c41a77) Signed-off-by: Bernhard Rosenkränzer <bero@baylibre.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu-native: Add PACKAGECONFIG option for jackJeremy Puhlman2022-11-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | With libjack-devel or jack-audio-connection-kit-devel, qemu-native detects the library/header and tries to build with it. Since its missing from the sysroot, it fails to build. -O2 -fPIE -D_REENTRANT -Wno-undef -MD -MQ libcommon.fa.p/audio_jackaudio.c.o -MF libcommon.fa.p/audio_jackaudio.c.o.d -o libcommon.fa.p/audio_jackaudio.c.o -c ../qemu-6.2.0/audio/jackaudio.c | ../qemu-6.2.0/audio/jackaudio.c:34:10: fatal error: jack/jack.h: No such file or directory | 34 | #include <jack/jack.h> | | ^~~~~~~~~~~~~ | compilation terminated. (From OE-Core rev: 05eb77bd1e9e1ba59032cbb49953cab8015e37a3) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 27260be388f7f9f324ff405e7d8e254925b4ae90) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meson: make wrapper options sub-command specificLiam Beguin2022-11-091-4/+17
| | | | | | | | | | | | | | | | The meson-wrapper adds setup options to facilitate cross-compilation. The current options are exclusive to the setup sub-command and might cause issues with other sub-commands. Update the wrapper to make options sub-command specific. (From OE-Core rev: 6f4764ae2ef06c54dbbf77bcbf07af9390a565c9) Signed-off-by: Liam Beguin <liambeguin@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 7bcda141f2019862b4fb5d8dec7956cd8344b420) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg-utils: use a git clone, not a dynamic snapshotRoss Burton2022-11-091-3/+3
| | | | | | | | | | | | | | | | | opkg-utils fetches using a cgit snapshot of a tag, which is not reproducible as the tag could move, not reliable as a future dynamic snapshot could have a different checksum, and a waste of CPU load as these tarballs are built on demand. Switch opkg-utils to use a proper git clone of the relevant SHA. (From OE-Core rev: 6ff0464d2fb21dea438e44538195dd9ff464a67c) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dafd2631a20ffd94e6f21c46938a010e92b57da4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: upgrade 2.35.4 -> 2.35.5Tim Orling2022-10-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This release addresses the security issues CVE-2022-39253 and CVE-2022-39260. * CVE-2022-39253: When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories that have symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default. * CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The fix was authored by Taylor Blau, with help from Johannes Schindelin. Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau. (From OE-Core rev: 43badfadb92a1d6684801f81fa2ed9c8b5652bb6) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: stable 2.38 branch updatesYash Shinde2022-10-291-1/+1
| | | | | | | | | | | | | Below commits on binutils-2.38 stable branch are updated. dc2474e7d20 (HEAD -> binutils-2_38-branch, origin/binutils-2_38-branch) elf: Reset alignment for each PT_LOAD segment f184ba116ed Re: PowerPC64 pcrel got relocs against local symbols 737e29d05eb PowerPC64 pcrel got relocs against local symbols (From OE-Core rev: 3ea33ca1a83d8621f1feee78f2c63850c1bc73e3) Signed-off-by: Yash Shinde <yashinde145@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: upgrade 3.10.4 -> 3.10.7Tim Orling2022-10-203-59/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Security and bug fixes. Drop patch for gh-92036 which was merged in 3.10.5 Refresh 0017-setup.py-do-not-report-missing-dependencies-for-disa.pathc Fixes: * CVE-2020-10735 https://nvd.nist.gov/vuln/detail/CVE-2020-10735 * CVE-2021-28861 https://nvd.nist.gov/vuln/detail/CVE-2021-28861 * CVE-2018-25032 https://nvd.nist.gov/vuln/detail/CVE-2018-25032 For a list of changes see: https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-7-final https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-6-final https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-6-final (From OE-Core rev: 3efae85283b19fa1b30af7fed7fa89d7a50337db) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Backport patches from upstream to support float128 on qemu-ppc64Xiangyu Chen2022-10-2022-0/+2400
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Background: Due to current qemu 6.2 doesn't support float128, this cause some POSIX APIs(e.g. double difftime()..) return a wrong value, this issue can be reproduced by open_posix_testsuit difftime case[1]. The qemu upstream has already supported ppc64 float128, but need to update to qemu 7.0 or later. We backport the commits[2] from upstream to support that in qemu-ppc64 6.2.0. [1] difftime test case: https://github.com/linux-test-project/ltp/tree/master/testcases/open_posix_testsuite/conformance/interfaces/difftime [2] commits link: LINK: https://git.qemu.org/?p=qemu.git;a=commit;h=149a48f6e6ccedfa01307d45884aa480f5bf77c5 https://git.qemu.org/?p=qemu.git;a=commit;h=ba11446c40903b9d97fb75a078d43fee6444d3b6 https://git.qemu.org/?p=qemu.git;a=commit;h=bead3c9b0ff8efd652afb27923d8ab4458b3bbd9 https://git.qemu.org/?p=qemu.git;a=commit;h=10cc964030fca459591d9353571f3b1b4e1b5aec https://git.qemu.org/?p=qemu.git;a=commit;h=e706d4455b8d54252b11fc504c56df060151cb89 https://git.qemu.org/?p=qemu.git;a=commit;h=941298ecd7e3103d3789d2dd87dd0f119e81c69e https://git.qemu.org/?p=qemu.git;a=commit;h=4edf55698fc2ea30903657c63ed95db0d5548943 https://git.qemu.org/?p=qemu.git;a=commit;h=c07f82416cb7973c64d1e21c09957182b4b033dc https://git.qemu.org/?p=qemu.git;a=commit;h=e4052bb773cc829a27786d68caa22f28cff19d39 https://git.qemu.org/?p=qemu.git;a=commit;h=ffdaff8e9c698061f57a6b1827570562c5a1c909 https://git.qemu.org/?p=qemu.git;a=commit;h=201fc774e0e1cc76ec23b595968004a7b14fb6e8 https://git.qemu.org/?p=qemu.git;a=commit;h=c5df1898a147c232f0502cda5dac8df6074070fc https://git.qemu.org/?p=qemu.git;a=commit;h=38d4914c5065e14f0969161274793ded448f067f https://git.qemu.org/?p=qemu.git;a=commit;h=caf6f9b568479bea6f6d97798be670f21641a006 https://git.qemu.org/?p=qemu.git;a=commit;h=25ee608d79c1890c0f4e8c495ec8629d5712de45 https://git.qemu.org/?p=qemu.git;a=commit;h=19f0862dd8fa6510b2f5b3aff4859363602cd0cf https://git.qemu.org/?p=qemu.git;a=commit;h=5f1470b091007f24035d6d33149df49a6dd61682 https://git.qemu.org/?p=qemu.git;a=commit;h=17868d81e0074905b2c1e414af6618570e8059eb https://git.qemu.org/?p=qemu.git;a=commit;h=9193eaa901c54dbff4a91ea0b12a99e0135dbca1 https://git.qemu.org/?p=qemu.git;a=commit;h=e4318ab2e423c4caf9a88a4e99b5e234096b81a9 https://git.qemu.org/?p=qemu.git;a=commit;h=3bb1aed246d7b59ceee625a82628f7369d492a8f (From OE-Core rev: 5ed94b1d155a7d5597358a93c65dfe98ac07ea15) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2022-2962Ross Burton2022-10-202-0/+65
| | | | | | | | | | | | | | | | | Backport the fix for CVE-2022-2962. (From OE-Core rev: 943d28a3395455fd475cb6c84247d106adf5fca3) (From OE-Core rev: 8ad129d079ea53ca66a91ec9fe36bb95f2648112) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ddc4258012e0d3fa946c319b601b0e73db7ac5e6) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Fix CVE-2021-3611Bhabu Bindu2022-10-2025-0/+4532
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As per the ubuntu community [https://ubuntu.com/security/CVE-2021-3611] To fix CVE-2021-3611 we need to backport the below support patches as well Link: https://git.qemu.org/?p=qemu.git;a=commit;h=41d5e8da3d5e0a143a9fb397c9f34707ec544997 https://git.qemu.org/?p=qemu.git;a=commit;h=7ccb391ccd594b3f33de8deb293ff8d47bb4e219 https://git.qemu.org/?p=qemu.git;a=commit;h=7a36e42d9114474278ce30ba36945cc62292eb60 https://git.qemu.org/?p=qemu.git;a=commit;h=4afd0f2f220ec3dc8518b8de0d66cbf8d2fd1be7 https://git.qemu.org/?p=qemu.git;a=commit;h=23faf5694ff8054b847e9733297727be4a641132 https://git.qemu.org/?p=qemu.git;a=commit;h=ba06fe8add5b788956a7317246c6280dfc157040 https://git.qemu.org/?p=qemu.git;a=commit;h=a1d4b0a3051b3079c8db607f519bc0fcb30e17ec https://git.qemu.org/?p=qemu.git;a=commit;h=c0ee1527358474c75067993d1bb233ad3a4ee081 https://git.qemu.org/?p=qemu.git;a=commit;h=5e468a36dcdd8fd5eb04282842b72967a29875e4 https://git.qemu.org/?p=qemu.git;a=commit;h=e2d784b67dc724a9b0854b49255ba0ee8ca46543 https://git.qemu.org/?p=qemu.git;a=commit;h=959384e74e1b508acc3af6e806b3d7b87335fc2a https://git.qemu.org/?p=qemu.git;a=commit;h=392e48af3468d7f8e49db33fdc9e28b5f99276ce https://git.qemu.org/?p=qemu.git;a=commit;h=1e5a3f8b2a976054da96cbbb9de6cbac7c2efb79 https://git.qemu.org/?p=qemu.git;a=commit;h=292e13142d277c15bdd68331abc607e46628b7e1 https://git.qemu.org/?p=qemu.git;a=commit;h=2280c27afc65bb2af95dd44a88e3b7117bfe240a https://git.qemu.org/?p=qemu.git;a=commit;h=34cdea1db600540a5261dc474e986f28b637c8e6 https://git.qemu.org/?p=qemu.git;a=commit;h=24aed6bcb6b6d266149591f955c2460c28759eb4 https://git.qemu.org/?p=qemu.git;a=commit;h=cd1db8df7431edd2210ed0123e2e09b9b6d1e621 https://git.qemu.org/?p=qemu.git;a=commit;h=a423a1b523296f8798a5851aaaba64dd166c0a74 https://git.qemu.org/?p=qemu.git;a=commit;h=398f9a84ac7132e38caf7b066273734b3bf619ff https://git.qemu.org/?p=qemu.git;a=commit;h=6bebb270731758fae3114b7d24c2b12b7c325cc5 https://git.qemu.org/?p=qemu.git;a=commit;h=4a63054bce23982b99f4d3c65528e47e614086b2 Add patches to fix CVE-2021-3611 Link: https://git.qemu.org/?p=qemu.git;a=patch;h=be5a8cf347d0c47ee3e933dde075526fd8bd5c40 https://git.qemu.org/?p=qemu.git;a=patch;h=79fa99831debc9782087e834382c577215f2f511 (From OE-Core rev: 388ce95cdf17b829663764061e686bcb3a56d096) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Fix CVE-2021-3750 for qemuVirendra Thakur2022-10-204-0/+283
| | | | | | | | | | Add patch to fix CVE-2021-3750 (From OE-Core rev: e9e945a1d22b06d10ac07345b7cebcf232a809bb) Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils : Fix CVE-2022-38128pgowda2022-10-204-0/+884
| | | | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f07c08e115e27cddf5a0030dc6332bbee1bd9c6a] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=175b91507b83ad42607d2f6dadaf55b7b511bdbe] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=695c6dfe7e85006b98c8b746f3fd5f913c94ebff] (From OE-Core rev: 21fb0b441096ec8b5cfa1d5b645f9a3a2ace1e09) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: Remove -Wimplicit-function-declaration warningsKhem Raj2022-10-111-7/+11
| | | | | | | | | | | (From OE-Core rev: 9f2dbfc51ef2faf1b6154856adb69ca9f764573b) (From OE-Core rev: b2be1f5e7e858056cd5bf3273dca312a5ea8cf92) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: update 4.17.0 -> 4.17.1Alexander Kanavin2022-10-116-461/+40
| | | | | | | | | | | | (From OE-Core rev: 826eb17fe741d38be24d31f3bba35074e404a414) (From OE-Core rev: 49a875322110e5c9d90d99473a0e3f874e42739c) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rsync: update 3.2.4 -> 3.2.5Florin Diaconescu2022-10-111-1/+1
| | | | | | | | | | Changelog: https://download.samba.org/pub/rsync/NEWS#3.2.5 (From OE-Core rev: 9431be33d8107e7c861b5b41411aae1532fb2c8c) Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rsync: update 3.2.3 -> 3.2.4Florin Diaconescu2022-10-113-41/+19
| | | | | | | | | | | | | | Drop configure options that have been removed upstream. License-Update: formatting Changelog: https://download.samba.org/pub/rsync/NEWS#3.2.4 (From OE-Core rev: 4a4097ed1db8ecedbcf12388207c546d4d106e17) Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils : Fix CVE-2022-38127pgowda2022-10-115-0/+1670
| | | | | | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19c26da69d68d5d863f37c06ad73ab6292d02ffa] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ec41dd75c866599fc03c390c6afb5736c159c0ff] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199] Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed] (From OE-Core rev: e384b754eb0223928c239db42ece93c06dce6daa) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: add arm-v9 supportRuiqiang Hao2022-09-285-0/+468
| | | | | | | | | | Backport some patches from GCC 12 to support arm-v9. (From OE-Core rev: 450639bf4b46b963480b2ab4efe72e443d0524b3) Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-cross-canadian: add default plugin linkerSamuli Piippo2022-09-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix multilib sdk issue where gcc is unable to find linker. Previous fix was in cdd86896c8d29135f937968e9aa07f919cf543d3 using real-ld symlink, but that prevented switching between bfd and gold linkers. Running compiler with debug arguments shows that collect2 tries and fails to find linker using the multilib triples: $ $CC -v -Wl,-debug ... Looking for 'real-ld' Looking for 'collect-ld' Looking for 'mips-oemllib32-linux-ld' Looking for 'mips-oe-linux-mips-oemllib32-linux-ld' ... collect2 version 12.2.0 ld_file_name = not found ... collect2: fatal error: cannot find ‘ld’ Using --with-plugin-ld=ld in gcc-cross-canadian builds to set default linker name for collect2, lets it find the linker correctly: Looking for 'real-ld' Looking for 'collect-ld' Looking for 'ld' ... collect2 version 12.2.0 ld_file_name = /usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/libexec/mips-oe-linux/gcc/mips-oe-linux/12.2.0/ld Swith between bfd and gold linker works as expected now: $ $CC -v -Wl,-debug -fuse-ld=gold ... Looking for 'real-ld' Looking for 'collect-ld' Looking for 'ld.gold' ... collect2 version 12.2.0 ld_file_name = /usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/libexec/i686-oe-linux/gcc/i686-oe-linux/12.2.0/ld.gold (From OE-Core rev: f4174b3bde5ec91293619fac3258f35153363c51) Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit cf1bb16b7f9f81514feaf1e4ecffd9039387bb89) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks"Samuli Piippo2022-09-281-2/+0
| | | | | | | | | | | | | | | This reverts commit cdd86896c8d29135f937968e9aa07f919cf543d3. real-ld is always used if that is found, which means you cannot switch between bfd and gold linkers using -fuse-ld gcc option. (From OE-Core rev: 3d13ef9e457ad3854c5e9bc37f8ea9a6b0e6c54f) Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 53ae417c63a4a7ff4a729d3653a31cf1c0758f10) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI +=Mikko Rapeli2022-09-281-1/+1
| | | | | | | | | | | | | | | The :append can not be removed via bbappends if needed. Thus it's better for open source layers to use += append if possible. (From OE-Core rev: 1e09be9455fb054b3f74f088b355116828cb4626) (From OE-Core rev: 15ac2f4f2873a3c7b9f5bd0385d570e7b64fc643) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 4546b5186e5aa2808be6c1616eca15219c4fcb5d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go-native: switch from SRC_URI:append to SRC_URI +=Mikko Rapeli2022-09-281-1/+1
| | | | | | | | | | | | | | The :append can not be removed if needed in other layers. (From OE-Core rev: e129d2f7e3ba312ab5383397eeabf7273d23a529) (From OE-Core rev: 905062ef53c016091c36690b36ed9ed5203175e5) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 09ed655c2a8a0a246e7dcc745ec89f7a1d13813d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: fix CVE-2022-38126pgowda2022-09-282-0/+35
| | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5] (From OE-Core rev: 1c3eaf29fc21579a8e4aa8ab6c356d773f8a38f5) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: fix CVE-2022-27664Teoh Jay Shen2022-09-282-0/+103
| | | | | | | | | Upstream-Status: Backport [https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479] (From OE-Core rev: fecad1b8e0f006c0186941706219d39c6c8ba5eb) Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* autoconf: Update K & R stype functionsKhem Raj2022-09-163-65/+139
| | | | | | | | | | | | | This replaces the proposed patch with a backport of what got accepted upstream (From OE-Core rev: 0edeb22a8d4f77ece938b1f0e4cc8f06c6265e6c) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f3e92b7cb5833f61ff13a66f03be513d97a69894) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>