| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Below commits on binutils-2.42 stable branch are updated.
09ba78f0513 LoongArch: ld:Report an error when seeing an unrecognized relocation
00abcf39930 s390: Add arch15 instructions
caf72067a77 s390: Relax risbg[n]z, risb{h|l}gz, {rns|ros|rxs}bgt operand constraints
543a22c7ee3 s390: Simplify (dis)assembly of insn operands with const bits
7c94c87d463 s390: Align opcodes to lower-case
fffb4fae823 s390: Flag conditional branch relative insns as condjump
2d238ecbe50 s390: Use proper string lengths when parsing opcode table flags
10d0dd2ba2b s390: Whitespace fixes in conditional branch flavor descriptions
10a143e273c LoongArch: Add elfNN_loongarch_mkobject to initialize LoongArch tdata
9055fbe5ffb LoongArch: The symbol got type can only be obtained after initialization
Tested on qemux86_64.
There were no additional PASS or FAIL after the update
(From OE-Core rev: 312c522787e72fffb9eb1b49e97aeaf24db27d2d)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
Change the SRC_URI to the correct value due to the following error:
WARNING: libxml-parser-perl-native-2.47-r0 do_fetch: Failed to fetch URL https://search.cpan.org/CPAN/modules/by-module/XML/XML-Parser-2.47.tar.gz, attempting MIRRORS if available
(From OE-Core rev: c9d5a6c480c377399a7dc998f3755e42072e19a6)
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In SDK, missing perl modules causes 'x86_64-pokysdk-linux-gp-display-html --help' to abort with below errors..
- Can't locate bignum.pm in @INC (you may need to install the feature module).
- Can't locate Math/BigInt.pm in @INC (you may need to install the Math::BigInt module)
By adding the following perl modules to RDEPENDS fixes the above errors:
nativesdk-perl-module-bignum
nativesdk-perl-module-bigint
nativesdk-perl-module-math-bigint
(patch taken to master branch with following commit id: 05f1099acbbb10b6ce33ea117d313749f7dc4a47)
(From OE-Core rev: a1317e52260eed9961291d461e48a4915ffc36bc)
Signed-off-by: Harish Sadineni <Harish.Sadineni@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix pseudo with python 3.13 by adding a wrapper for posix_spawn and
fixing a NULL pointer dereference in envp handling it uncovered. This
fixes issues on Fedora 41.
(From OE-Core rev: 782fc8c12deaf713a60c62c34914b585ff150ddf)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d80e20d70d170397f9827c5a5fc75ad1f2e8cd94)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `-pipe` is enabled, GCC passes data between its different
executables using pipes instead of temporary files. This leads to issues
when cmake attempts to infer compiler internals via the `-v` parameter
as each executable will print to `stderr` in parallel.
In turn this may lead to compilation issues down the line as for example
the system include directories could not be determined properly which
may then propagate to issues such as:
recipe-sysroot/usr/include/c++/11.3.0/cstdlib:75:15: fatal error:
stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
Fix this stripping `-pipe` from the command line used to determine
compiler internals.
(From OE-Core rev: ef5c060a939416b4034be1b8b81f9035b23534b7)
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In embedded box, sed might be provided another providers like Busybox,
hence use generic options whenever possible.
/bin/sed -> /etc/alternatives/sed
/etc/alternatives/sed -> /bin/busybox.nosuid
Here used 'sed -u' option is not necessary, hence removed it.
Fixes below error:
sed: invalid option -- 'u'
Also added 'set -eux' option which halts execution of the script
on any failures.
(From OE-Core rev: 5b3b290baa0a83f493b7ca25d5ffa5ff279bcc69)
Signed-off-by: Aditya Tayade <Aditya.Tayade@kpit.com>
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 07caee1829d2a61bc018fe0e37ecd482922179ee)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* minor upgrade to fix building with gcc-14 on host
* contains 31 commits:
https://github.com/lxml/lxml/compare/lxml-5.0.0...lxml-5.0.2
the important one for gcc-14 is:
https://github.com/lxml/lxml/commit/663041a56a075a8fa1e6ca13ba4c6d1de7043ac2
* https://bugs.launchpad.net/lxml/+bug/2045435
* https://bugs.gentoo.org/917562
(From OE-Core rev: baa0ba7084533907c0735dcb58b4432e0b3072df)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to latest 1.22.x release [1]:
$ git --no-pager log --oneline go1.22.7..go1.22.8
aeccd613c8 (tag: go1.22.8) [release-branch.go1.22] go1.22.8
b4086b7c16 [release-branch.go1.22] syscall: skip TestAmbientCapsUserns when restricted, document
6fab4b9a9e [release-branch.go1.22] runtime: size maps.Clone destination bucket array safely
71655f14ce [release-branch.go1.22] cmd/cgo: correct padding required by alignment
[1] https://github.com/golang/go/compare/go1.22.7...go1.22.8
(From OE-Core rev: 552b9913b25107d7a34611b499b7811896b5f098)
(From OE-Core rev: f3bc0483519fcf08f5e3ccbbbb29de0ec4fc927e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to latest 1.22.x release [1]:
$ git --no-pager log --oneline go1.22.6..go1.22.7
7529d09a11 (tag: go1.22.7) [release-branch.go1.22] go1.22.7
d4c53812e6 [release-branch.go1.22] go/build/constraint: add parsing limits
2092294f2b [release-branch.go1.22] encoding/gob: cover missed cases when checking ignore depth
b232596139 [release-branch.go1.22] go/parser: track depth in nested element lists
e87be9833e [release-branch.go1.22] runtime: on AIX, fix call to _cgo_sys_thread_create in _rt0_ppc64_aix_lib
676d6100d8 [release-branch.go1.22] cmd/fix: support go versions with patch release
0a525a3ed0 [release-branch.go1.22] os: fix Chtimes test flakes
Fixes CVE-2024-34155, CVE-2024-34156 and CVE-2024-34158
[1] https://github.com/golang/go/compare/go1.22.6...go1.22.7
(From OE-Core rev: 92d609c49c0870ca10fcc39d52a801109d65a98b)
(From OE-Core rev: 4a0ccebab099b3654097ca6ba591eefce58a410e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Security: Minor follow-up fixes for CVE-2024-40897
- powerpc: fix div255w which still used the inexact substitution
- x86: work around old GCC versions (pre 9.0) having broken xgetbv
implementations
- x86: consider MSYS2/Cygwin as Windows for ABI purposes only
- x86: handle unnatural and misaligned array pointers
- orccodemem: Assorted memory mapping fixes
- Fix include header use from C++
- Some compatibility fixes for Musl
- ppc: Disable VSX and ISA 2.07 for Apple targets
- ppc: Allow detection of ppc64 in Mac OS
- x86: Fix non-C11 typedefs
- meson: Fix detecting XSAVE on older AppleClang
- x86: try fixing AVX detection again by adding check for XSAVE
- Check return values of malloc() and realloc()
(From OE-Core rev: a11152a65f27521ec9a546b4dd3c16d04bbd9db4)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed7e4eb12491968c5f962b7e89d557c2c6d86a33)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 175e22f2df542b0e1eb638c43c11eeefe794b0b7)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since there are vulnerabilities that cannot be detected by the existing
CVE_PRODUCT, add "python:setuptools" to CVE_PRODUCT.
https://nvd.nist.gov/vuln/detail/CVE-2013-1633
https://nvd.nist.gov/vuln/detail/CVE-2022-40897
(From OE-Core rev: 85b61bf9cefc024faefa083c37ce88ba9c7355e1)
Signed-off-by: Shunsuke Tokumoto <s-tokumoto@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aa1c8d97efc6640a1cffa2459d9b20ad1f7309b0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Correct the length to compare in convert2guid() to fix an issue where it
ends up with returning a wrong id that matches partially. Also fix the
length of usr_buf and grp_buf in interpret_table_entry() which are used
as arguments of convert2guid().
(From OE-Core rev: 865b7149da5dd6301c1d9805a1e7bac8dcac82a9)
Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ca9d193a21e6b8669c4da1a68cd5e0791bb80a4b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-41123 & CVE-2024-41946
Release notes:
https://github.com/ruby/ruby/releases/tag/v3_3_5
Rebase:
0005-Mark-Gemspec-reproducible-change-fixing-784225-too.patch
0006-Make-gemspecs-reproducible.patch
Drop:
0001-fiddle-Use-C11-_Alignof-to-define-ALIGN_OF-when-poss.patch
0002-Obey-LDFLAGS-for-the-link-of-libruby.patch
CVE-2023-36617_1.patch
CVE-2023-36617_2.patch
CVE-2024-27281.patch
CVE-2024-27282.patch
(merged upstream)
0001-template-Makefile.in-do-not-write-host-cross-cc-item.patch
0002-template-Makefile.in-filter-out-f-prefix-map.patch
remove_has_include_macros.patch
(code rewritten upstream)
License-Update: Updated LEGAL section
(From OE-Core rev: 69ffe5bc09260918fb32bfcb29586dcaa1958a5c)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This CVE was created because fix for CVE-2024-24576 was incomplete.
Ignore the new CVE in the same way as the old one.
See https://nvd.nist.gov/vuln/detail/CVE-2024-43402
(From OE-Core rev: 6ed9968bf3e35aca316227ee23294c683f77055d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Treating rootdir "/" as "" leads an error in parse_devtable(). Preserve
it as it is given and use a separate variable for path name prepending.
Another minor fix is to add a return statement at the end of
convert2guid() to avoid an error with -Werror=return-type.
(From OE-Core rev: 3d894863f442188bad446095bd7fdd82665bb54b)
Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d52e6276c687a8950bde21850072ddf14893fb2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a patch in oe-core[1] to avoid hardcoded paths in macros. It
tries to use libdir to expand %_libdir in macros.in. However, in
upstream commit[2], libdir for macros in CMakeLists.txt is set to
${prefix}/=LIB=, which causes %_libdir to expand to ${prefix}/=LIB=
instead of the correct path in the final macros.
On target:
$ rpm --showrc | grep _libdir
[snip]
-13: _libdir ${prefix}/=LIB=
[snip]
This also causes %__pkgconfig_path in fileattrs/pkgconfig.attr to become
an invalid regular expression when building rpm packages. This results a
warning in log.do_package_write_rpm in all packages:
Warning: Ignoring invalid regular expression ^((${prefix}/=LIB=|usr/share)/pkgconfig/.*.pc|usr/bin/pkg-config)$
Set libdir to ${CMAKE_INSTALL_FULL_LIBDIR} instead of ${prefix}/=LIB= to
make sure it is expanded to the correct path in macros.
After the patch:
On target:
$ rpm --showrc | grep _libdir
[snip]
-13: _libdir /usr/lib
[snip]
[1] https://git.openembedded.org/openembedded-core/tree/meta/recipes-devtools/rpm/files/0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
[2] https://github.com/rpm-software-management/rpm/commit/d2abb7a48760418aacd7f17c8b64e39c25ca50c9
(From OE-Core rev: 7c7f95668d270a825c7d3d235ec2b8d4e7eb0b9f)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ae0e217145f45d065124aeb0a7d72a0c25f621ef)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
www.freedesktop.org SRC_URI
Server's https certificate isn't valid for freedesktop.org without www prefix.
(From OE-Core rev: 60f411d19a9ea5297911eed64902e1cb65358e35)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d7ce9da33498869384b26a6fda05c37e7b2c3565)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Below commits on binutils-2.42 stable branch are updated.
8a6764d35e5 libctf: fix ref leak of names of newly-inserted non-root-visible types
d9ddfab9be2 ld: Move foo before delete in dl5.cc
3e92ae5088c ld: Avoid folding new and delete pairs
Results before updates as below:
No. of expected passes 302
No. of unexpected failures 2
No. of untested testcases 1
No. of unsupported tests 7
Results after updates as below:
No. of expected passes 302
No. of unexpected failures 2
No. of untested testcases 1
No. of unsupported tests 7
(From OE-Core rev: cfa318fd4a0a6bfa9899a366189ef6a75f000770)
Signed-off-by: Deepesh Varatharajan <Deepesh.Varatharajan@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: d143981f78a85a4c5e057528f4bad7acefd46465)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport from master OE-Core rev: f0eac82b9a1e4549b7d918df768c369ed7ab5183
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Backport patches to fix riscv64 build failure.
(From OE-Core rev: ab7d0dcb49606651505bf167fd919bc969d97eed)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes security fixes for CVE-2024-7592, CVE-2024-8088, CVE-2024-6232,
CVE-2023-27043 and other bug fixes.
Removed below patches, as the fix is included in 3.12.6 upgrade:
1. CVE-2024-7592.patch
2. CVE-2024-8088.patch
Release Notes:
https://www.python.org/downloads/release/python-3126/
(From OE-Core rev: aa492b1fd5973c37b8fa2cd17d28199eba46afcc)
(From OE-Core rev: 6688a8ff2e1cbf6ad8ebd1b89ec6c929caf6a161)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Python 3.12.5 is failing a newer ptest for reading/writing limited
history when editline (default) is set in PACKAGECONFIG. Skip it for now
until a proper fix (if any) is determined.
A bug has been opened upstream: https://github.com/python/cpython/issues/123018
(From OE-Core rev: de569ddffd5ea36b70c56df21dec9c892e5dee7d)
(From OE-Core rev: 98b3a3e3f79a3edaa4cf2cfbf58eb84553d65e1e)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog: https://docs.python.org/release/3.12.5/whatsnew/changelog.html
(From OE-Core rev: d9e2ebd6b24b802d1d4cd38b3b910e068c308809)
(From OE-Core rev: ae0e8f6932359959535e901e64bdb47189de14cd)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The presence or lack of nroff on the host was changing the doc type. Stop
the code from looking at host paths outside HOSTTOOLS and hence cause the
doc type to be deterministic and reproducible.
(From OE-Core rev: 343f40b0bc8ef65cc1e2abd6c9c33bb2e08bad3d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 918e2b266eba6779f19f65349f85caa880ba45e7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The presence or lack of nroff on the host was changing the doc type. Set it
explicitly to be deterministic and reproducible.
(From OE-Core rev: 9ed723d1972b4e1bd1ae799661194ccbd4c6c759)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f5053abb8957acf358b518ee3c76146dc5f4eb6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When bitbaking python3-rpds-py it built extension module as:
site-packages/rpds/rpds.cpython-312-armv7l-linux-gnueabihf.so
Which caused error on target:
root@qemuarm:~# python3 -c "from rpds import HashTrieMap, HashTrieSet, List"
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python3.12/site-packages/rpds/__init__.py", line 1, in <module>
from .rpds import *
ModuleNotFoundError: No module named 'rpds.rpds'
Where as it should have been:
site-packages/rpds/rpds.cpython-312-arm-linux-gnueabihf.so
Associated upstream bug report:
https://github.com/PyO3/maturin/issues/2203
Associated upstream pull request:
https://github.com/PyO3/maturin/pull/2204
Note - mitigation has not been tested with musl:
https://github.com/PyO3/maturin/pull/2204#issuecomment-2323952320
(From OE-Core rev: 32a8a7379008cc6e367b7664c5b10b29f0bb8136)
(From OE-Core rev: d2f73e3840c21997b918d1f1cfae965c618c1076)
Signed-off-by: Vesa Jääskeläinen <vesa.jaaskelainen@vaisala.com>
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The contents of the COPYING file included in the current source code
package match those of GPL-3.0-only license, which seems to have been
the case since 2008 commit
http://git.savannah.gnu.org/gitweb/?p=dejagnu.git;a=commitdiff;h=9bebe7b9bfb9b02e5e4d86ad74e8ce3eb32a36b9;hp=50fbdd118dba066e201c73a8b0155381cd65a32d
("* COPYING: Update to GPL version 3.")
(From OE-Core rev: 26b71cfb7815a096c5962629801cc3bc85147284)
(From OE-Core rev: 718f6cb5ecf33529efb126f9eda67041f42bd7bf)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- context: use rpmtsAddReinstallElement() when doing a reinstall
- MergedTransaction: Fix invalid memory access when dropping items
- ConfigParser: fix use-out-of-scope leaks
- Since we use rpmtsAddReinstallElement rpm also uninstalls the package
- Fix countme bucket calculation
(From OE-Core rev: 20b67ad71cfa3eac35b2514067f87d79d9c3da2e)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9cf8330068503a5721640763309c4c74f293a94d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a HIGH severity vulnerability affecting the CPython "zipfile"
module. When iterating over names of entries in a zip archive (for example,
methodsof "zipfile.ZipFile" like "namelist()", "iterdir()", "extractall()",
etc) the process can be put into an infinite loop with a maliciously crafted
zip archive. This defect applies when reading only metadata or extracting
the contents of the zip archive. Programs that are not handling
user-controlled zip archives are not affected.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-8088
Upstream-Patch:
https://github.com/corydolphin/flask-cors/commit/7ae310c56ac30e0b94fb42129aa377bf633256ec
(From OE-Core rev: 2d98276ba70ed6c44afecd42a7352f1b3030438f)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a LOW severity vulnerability affecting CPython, specifically the
'http.cookies' standard library module. When parsing cookies that contained
backslashes for quoted characters in the cookie value, the parser would use
an algorithm with quadratic complexity, resulting in excess CPU resources
being used while parsing the value.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-7592
Upstream-Patch:
https://github.com/python/cpython/commit/dcc3eaef98cd94d6cb6cb0f44bd1c903d04f33b1
(From OE-Core rev: 3bb9684eef5227e7b1280ee9051884310b0d0b7f)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for
remote code execution via its download functions. These functions, which are used to download
packages from URLs provided by users or retrieved from package index servers, are susceptible
to code injection. If these functions are exposed to user-controlled inputs, such as package
URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-6345
Upstream-patch:
https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0
(From OE-Core rev: 468c5a4e12b9d38768b00151c55fd27b2b504f3b)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
In native.bbclass, CFLAGS is overrided by 'CFLAGS = "${BUILD_CFLAGS}"',
this make "CFLAGS +=" not work for expect-native, use append to make it
also work for native.
(From OE-Core rev: 6974c6548cae62529d96d4ceb3a296707d4adae5)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack
via improper synchronization during socket closure when a client keeps a socket open as the server
is taken offline.
(From OE-Core rev: 334f70c408ce5c95f145aa4657f343b023f7e1b4)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the QEMU disk image utility (qemu-img) 'info'
command. A specially crafted image file containing a `json:{}`
value describing block devices in QMP could cause the qemu-img
process on the host to consume large amounts of memory or CPU time,
leading to denial of service or read/write to an existing external file
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-4467
Upstream Patches:
https://gitlab.com/qemu-project/qemu/-/commit/bd385a5298d7062668e804d73944d52aec9549f1
https://gitlab.com/qemu-project/qemu/-/commit/2eb42a728d27a43fdcad5f37d3f65706ce6deba5
https://gitlab.com/qemu-project/qemu/-/commit/7e1110664ecbc4826f3c978ccb06b6c1bce823e6
https://gitlab.com/qemu-project/qemu/-/commit/6bc30f19498547fac9cef98316a65cf6c1f14205
https://gitlab.com/qemu-project/qemu/-/commit/7ead946998610657d38d1a505d5f25300d4ca613
(From OE-Core rev: 0e309919b8807950cebc8924fc1e15763548b1f1)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* use virtual/* variables as INHIBIT_DEFAULT_DEPS does to avoid dependency on gcc-cross-
from nativesdk-libgfortran
* the dependency was added in:
https://git.openembedded.org/openembedded-core/commit/?id=00fba52c8a6f6383137cf89fc7aa34cc3e2ff45f
causing:
build/oe-core $ bitbake -g nativesdk-libgfortran
NOTE: Resolving any missing task queue dependencies
ERROR: Nothing PROVIDES 'gcc-cross-x86_64' (but virtual:nativesdk:/OE/build/oe-core/openembedded-core/meta/recipes-devtools/gcc/libgfortran_14.1.bb DEPENDS on or otherwise requires it). Close matches:
gcc-cross-aarch64
...
with:
MACHINE=qemuarm64
FORTRAN:forcevariable = ",fortran"
* after:
https://git.openembedded.org/openembedded-core/commit/?id=44fc7aa1468ff042739cc5a91c84ef5c2a09e0a3
nativesdk-libgfortran is pulled as dependency of nativesdk-gcc so this affects
more people who didn't explicitly use nativesdk-libgfortran before
* the INHIBIT_DEFAULT_DEPS and gcc-runtime was there since gcc-4.8:
https://git.openembedded.org/openembedded-core/commit/?id=a5e7ee5770b9e0cf719c573efffd874440f74289
(From OE-Core rev: 63ecb048f8238f67e21f77512b5276021b060d64)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5ce2e9c66cd2c08e141913ec65386f940353a8c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The bpftrace recipe under meta-clang[1] needs llvm-objcopy [2] during
do_confgure phase otherwise there comes below error:
| CMake Error at tests/data/CMakeLists.txt:6 (find_program):
| Could not find LLVM_OBJCOPY using the following names: llvm-objcopy,
| llvm-objcopy-18, llvm18-objcopy
The commit ec22bfa67f llvm: allow building libllvm in native builds, subject to PACKAGECONFIG [3]
introduces libllvm to manage the llvm function for native build
maybe because there is only mesa-native to use llvm-native.
Considering there are other recipes such as bpftrace needs llvm-native,
so enable libllvm for native build.
[1] https://github.com/kraj/meta-clang
[2] https://github.com/bpftrace/bpftrace/blob/master/tests/data/CMakeLists.txt
[3] https://git.openembedded.org/openembedded-core/commit/?id=ec22bfa67f6f1766102501d4593ce29aafe8c166
(From OE-Core rev: bd451b9cd951778cc6cdb0fe13f87c723c153d27)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to latest 1.22.x release [1]:
$ git --no-pager log --oneline go1.22.5..go1.22.6
cb4eee693c (tag: go1.22.6, origin/release-branch.go1.22) [release-branch.go1.22] go1.22.6
8c8adffd53 [release-branch.go1.22] cmd/compile: add 0-sized-value simplification to copyelim
70a1aae67f [release-branch.go1.22] cmd/trace/v2: make the -pprof actually useful
2c88c1d599 [release-branch.go1.22] cmd/trace/v2: handle the -pprof flag
4c50f9162c [release-branch.go1.22] cmd/internal/cov: close counter data files eagerly
9e148a4150 [release-branch.go1.22] internal/bytealg: extend memchr result correctly on wasm
4b27560db9 [release-branch.go1.22] go/types: fix assertion failure when range over int is not permitted
4e548f2c8e [release-branch.go1.22] cmd/link: don't let dsymutil delete our temp directory
45f9ded1df [release-branch.go1.22] cmd/compile: don't elide zero extension on top of signed values
49906f9575 [release-branch.go1.22] cmd/go: fix build config before creating actions for 'go list -cover'
ea96074191 [release-branch.go1.22] os/exec: only use cachedLookExtensions if Cmd.Path is unmodified
[1] https://github.com/golang/go/compare/go1.22.5...go1.22.6
(From OE-Core rev: bd62a437ddd8470ff5a3a3d543885908901b7bce)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit edaedfce685f13decad7608aefa36dece02665b0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
(From OE-Core rev: 1103182ac9ae5139a5c3d7381007f61c1f7d91a6)
Signed-off-by: Ashish Sharma <asharma@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This package can be built using pep517 classes now.
(From OE-Core rev: a9ac262d9dbc57be6ac5c8905c803009e5c4ef4e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a32fa3e64d1daf5846c29403e9f258aea42212d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certifi is a curated collection of Root Certificates for validating the
trustworthiness of SSL certificates while verifying the identity of TLS
hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized
root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root
certificates from `GLOBALTRUST` from the root store. These are in the
process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root
certificates are being removed pursuant to an investigation which
identified "long-running and unresolved compliance issues."Certifi is a
curated collection of Root Certificates for validating the trustworthiness
of SSL certificates while verifying the identity of TLS hosts. Certifi
starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates
from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from
`GLOBALTRUST` from the root store. These are in the process of being removed
from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being
removed pursuant to an investigation which identified "long-running and
unresolved compliance issues."
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-39689
Upstream-patch:
https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463
(From OE-Core rev: 2ec1ba32a23611484e5d3819008bbab85336ae20)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 9be9260985e751f90f9432aa68a789bf0a26fb43)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bcbaaa9f7d88686915c354fb66682cbe9b1d0536)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Removes CVE-2022-46456 from reports.
(From OE-Core rev: 4a5b6e8dd315b2281afb232410db585d431be00f)
(From OE-Core rev: 5b330f3dfe7a37eff5251d2c29d324e90677b33c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This CVE is fixed in v8.2.2 with v8.2.1-55-g480a6adc83
https://github.com/qemu/qemu/commit/480a6adc83a7bbc84bfe67229e084603dc061824
(From OE-Core rev: 422fc84ddbe46580dc6d647eff62c4dbc8551e63)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There is a need to enable some extra tools from the rust for the build
and so this new variable will help for that
This varaible then we can use during do_configure task to add overall
values as per json format in build -> tools
(From OE-Core rev: 136a25567499191b23a4d000a06bf83a473224ca)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Update to a new revision which includes "Bugfix for Linux open(O_CREAT|O_EXCL)"
(From OE-Core rev: 97410e90f7233e5c9ce38eea0fa99b76160ffce9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 92a9710ec88c8729fa3d83baa2e63dd74d95cdf8)
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
glibc 2.40 renames some internal header variables. Update our hack to
work with the new version. These kinds of problems illustrate we need to
address the issue properly.
(From OE-Core rev: 1d5903bf749436d9b26df858041337b723614963)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 35021d650de3eecc3f42000181b39a5db5a8eaa0)
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes fix for: CVE-2024-26327, CVE-2024-26328 and CVE-2024-3447
General changelog for 8.2: https://wiki.qemu.org/ChangeLog/8.2
Droped 0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch,
CVE-2024-3446 and CVE-2024-3567 since already contained the fix.
(From OE-Core rev: 1a6d502c04fad0d190bb665e9d454b85c0853fcc)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These recipes come from rust sources and CVEs are reported for them
under rust-lang:rust vendor:product touple.
Especially libstd-rs needs correct CVE_PRODUCT as is it installed on
target devices (being statically linked to rust compiled binaries).
before:
cargo: CVE_PRODUCT="cargo"
cargo-c-native: CVE_PRODUCT="cargo-c"
libstd-rs: CVE_PRODUCT="libstd-rs"
rust: CVE_PRODUCT="rust"
rust-cross-canadian: CVE_PRODUCT="rust-cross-canadian-<arch>"
rust-llvm: CVE_PRODUCT="rust-llvm"
after:
cargo: CVE_PRODUCT="cargo"
cargo-c-native: CVE_PRODUCT="cargo-c"
libstd-rs: CVE_PRODUCT="rust"
rust: CVE_PRODUCT="rust"
rust-cross-canadian-x86-64: CVE_PRODUCT="rust"
rust-llvm: CVE_PRODUCT="rust-llvm"
Product for rust-llvm is uncertain and, should be handled in another
commit if it is desired to align it, too.
sqlite> select vendor, product, count(product) from products where vendor="rust-lang" group by product;
rust-lang|async-h1|2
rust-lang|cargo|5
rust-lang|future-utils|2
rust-lang|futures-task|2
rust-lang|mdbook|1
rust-lang|regex|2
rust-lang|rsa|2
rust-lang|rust|45
rust-lang|socket2|1
(From OE-Core rev: 91bfe1f64ee3e2b8534baa8a3eb2fb7fa3521657)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e8cf1df16a6ec2785cacaf608bec5cd8496103af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
python3-ctypes was dropped as a dependency in v19.2.0
(From OE-Core rev: 48c43d2ff467c067d1518dc55d8d6da39bea159a)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d06116caf2382ad4782b9b2da50534d076a736d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
