| Age | Commit message (Collapse) | Author |
|---|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The link back to uboot's env is causing a ton of pain since it is making
this recipe machine specific. Some machines may use uboot, some may
not but you really want an architecture/machine neutral library.
Revert this part of the 0.3 upgrade (OE-Core rev:
02d55cd35aac15095fc44f0cf8f9e7a71638f485) so that we don't need some
of the horrible workarounds being seen in other layers. If a given
machine uses u-boot, the env can be pulled in by the machine directly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(Changes of v2021.07)
Processed 1730 csets from 187 developers
29 employers found
A total of 402449 lines added, 82710 removed (delta 319739)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
This reverts commit 10aa1291979fb90bed1beb49be4d406ed0e1e4d5.
As there is no build dependency between libubootenv and the configuration
of u-boot there is no reason to check for UBOOT_CONFIG or UBOOT_MACHINE
by adding the class uboot-config. Revert this in order to remove useless
workaround in bsp layer (meta-freescale).
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A following error was observed:
| Can't write signature for 'signature@1' signature node in 'conf@imx6ull-colibri-wifi-eval-v3.dtb' conf node: <unknown error>
| uboot-mkimage Can't add hashes to FIT blob: -1
This is caused by a wrong return value being used in uboot source.
The return value '-ENOSPC' of fit_set_timestamp function does not match
the caller fit_image_write_sig's expection which is '-FDT_ERR_NOSPACE'.
Fix it by not calling fit_set_timestamp, but call fdt_setprop instead.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use ??= assignment for UBOOT_DTB_BINARY because it is set using ?= in
fitImage bbclass as well, using ?= will preempt that
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Disable FW_PIC to fix the error message:
opensbi-0.9-r0 do_package_qa: QA Issue: File /share/opensbi/lp64/generic/firmware/fw_jump.elf in package opensbi doesn't have GNU_HASH (didn't pass LDFLAGS?)
This is seen in newer versions of OpenSBI that enable FW_PIC by default.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The CVE only applies to RHEL.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We're using a pre-release version of 2.06 so these issues are fixed but
continue to show up in the checks since it is pre-2.06 and the CPE
entries are "before but excluding 2.06".
Adding these will clean up CVE reports until the 2.06 release comes out.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It fails to boot grub after upgrade grub to 2.06. According to
description in
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14367
it is introduced by a commit to fix CVE. So remove option '-O2' from
CFLAGS rather than revert the commit to avoid the failure.
[YOCTO #14367]
CC: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a bugfix release which includes the following changes:
f4ab25d shared library: Link against zlib
e663439 Always fsync file writes
80b7f31 Treat '=' as an illegal character in variable names
950f541 libuboot_env: fix calculation of usable envsize
fb88032 Correct initialisations in libuboot_configure
20d1ec7 Force writing of environment if default is used
5ca11bd libuboot_env: correct length to usable env size length
cd4a8f1 libuboot_env_store: fix env double-null termination
9510164 uboot_env: fix infinite loop on short read (EOF)
Signed-off-by: Stefano Babic <sbabic@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Move some definitions from u-boot.inc into uboot-config.bbclass and
similarly from kernel-fitimage.bbclass into uboot-sign.bbclass, so that
they can be useful when signing the U-boot proper fitimage, for a
verified-boot SPL.
Signed-off-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update the patch as submitted upstream to grub2
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This cast was accidentally dropped in
https://git.savannah.gnu.org/cgit/grub.git/commit/?id=2bf40e9e5be9808b17852e688eead87acff14420
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A full working port is not available yet, until such time disable it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport fixes for CVE-2021-27097 and CVE-2021-27138 as well as
a precursor fdt validation fix that allows using the upstream
patches for the CVEs without significant rebasing. Note that
the additional upstream changes to add new U-Boot fit image tests
have been left out to keep the patch count down. Those tests are
currently not used for ptest or oe-selftest, so it is believed
their absence should not be problematic.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
2.06 RC1 release have a number of CVEs fixed:
CVE-2020-15705
CVE-2021-3418
CVE-2020-27749
CVE-2021-20233
CVE-2021-20225
CVE-2020-25647
CVE-2020-25632
CVE-2020-27779
CVE-2020-14372
CVE-2020-15707
CVE-2020-15706
CVE-2020-14309
CVE-2020-14310
CVE-2020-14311
CVE-2020-14308
CVE-2020-10713
CVE-2014-4607
Dropped backported patches.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add sorting to the globbing within the Makefile to make the output
reproducible.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Even in grub-efi platforms we need to build grub for the the common
tools. On x86 this isn't a problem because grub builds legacy boot and
grub-efi builds EFI, but on aarch64 there is no legacy boot supported by
grub.
To ensure that the common tools are built the grub recipe also builds
EFI binaries, but this now means that grub and grub-efi ship the same
binaries.
oe-core 933286 fixed this conflict by deleting the binaries from
grub-efi and putting the aarch64 modules into grub-common (relying on
dependencies to pull grub-common in). This seems backwards: grub-efi no
longer contains the binaries and they're in different packages on arm or
x86. Also, SDK generation is broken as the grub package itself is now
empty as the binaries are in grub-common.
Resolve all of these issues by reversing the logic: grub-efi is the
package which holds the EFI binaries on all platforms. grub only builds
for EFI on aarch64 as a way to build the common binaries, so delete them
in that recipe to avoid conflicts. And finally as the grub recipe is
empty on aarch64 but needed by dependencies, set ALLOW_EMPTY.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
tools/binman/binman needs python3-setuptools now.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This change was only needed with 2.70, it is not needed with 2.71.
This reverts commit 36aef08dcd5e45c4138ccd72e8de01157f7213c4.
Signed-off-by: Ross Burton <ross.burton@arm.com>
|
|
New versions of binutils caused object files to be 128MB in size,
backporting this fix reduced them back to a sensible size, e.g.
1024 bytes. This avoids initramfix size issues!
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add the missing gettext version needed for autoconf 2.70.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix the ordering in the generated unidata.c file to aid reproducibility.
[YOCTO #14167]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The "CVE:" line in the patch for CVEs 2020-14309, CVE-2020-14310, and
CVE-2020-14311 had commas between the CVE numbers, which resulted in
CVE-2020-14310 not being picked up as patched by cve-check.bbclass's
parsing. Remove the commas to match cve-check.bbclass's expectations.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is a second list sorting problem in a generator script within grub,
add a sort() of a list to resolve this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If you build on a system with git < 2.14 from scratch (e.g. debian9), the
tree will be marked as "dirty" and the version will include "-dirty", leading
to a reproducibility problem. The issue is the inode count for Licnses/README
changing due to do_populate_lic hardlinking a copy of the file. We avoid
this by ensuring the index is updated with a "git diff" before the
u-boot machinery tries to determine the version.
build$ ../git/scripts/setlocalversion ../git
""
build$ ln ../git/
build$ ln ../git/README ../foo
build$ ../git/scripts/setlocalversion ../git
""-dirty
(i.e. creating a hardlink dirties the index)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We're seeing reproducibility issue on the autobuilder due to changing
module dependency ordering. Add some sorting to an awk script to fix this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch adds RISC-V to the COMPATIBLE_HOST. Since GRUB 2.04,
the source code supports the RISC-V, thanks to Alexander Graf.
Adding the GRUBPLATFORM for RISC-V prevents autoconf problems.
Also, the patch appends the __anonymous method with RISC-V architecture.
Signed-off-by: Norbert Kaminski <norbert.kaminski@3mdeb.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Current code hardcodes archiver to be 'ar' from build host
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Clean up several patches introduced in commit 6732918498 ("grub:fix
several CVEs in grub 2.04").
1) Add CVE tags to individual patches.
2) Rename upstream patches and prefix them with CVE tags.
3) Add description of reference to upstream patch.
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: added MIT license to README; overall license remains as it was
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add nativesdk support to make grub-mkimage tool part of Host tools
in the generated SDK.
The conf file should have "TOOLCHAIN_HOST_TASK_append = " nativesdk-grub"
for the grub-mkimage to show up.
Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
remove some extra whitespaces
Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches from https://git.savannah.gnu.org/git/grub.git
to fix some CVEs. Here is the list.
CVE-2020-14308:
0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
0002-lvm-Add-LVM-cache-logical-volume-handling.patch
0003-calloc-Use-calloc-at-most-places.patch
CVE-2020-14309, CVE-2020-14310, CVE-2020-14311:
0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
CVE-2020-15706:
0006-script-Remove-unused-fields-from-grub_script_functio.patch
0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
CVE-2020-15707:
0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a bugfix release which includes the following changes:
824551a Prepare 0.3.1
ca6aaa1 Fix file reading/writing when the environment is in EEPROM
a031dea Fix regression in UBI volume support
c91c150 Define SOVERSION to indicate API version
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This mainly aims to involve in the sanity check of UBOOT_CONFIG and
UBOOT_MACHINE, it will throw a error message at recipe parsing time if
neither of them is set, and libubootenv would be skipped.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update libubootenv to the latest 0.3 release, which comprises the
following commits:
```
1efed83 Increase max length for device name
6f4fc1c uboot_env: Use canonicalized pathname when reading device
23b3086 Fix bug introduced by commit 52a70114
ed1a53e Dont store to device if no value changes
4a0a466 Merge pull request #7 from TomzBench/cmake-fix
6117831 Added Coverity badge
49372a1 Fix coverity #293496
69a6819 Fix coverity #293503 and #293507
258bf52 Fix coverity #293501
aa52e61 Fix coverity #293505
52a7011 Fix coverity #293504 and #293506
e822218 Fix coverity #293495 and #293497
23b305f Fix coverity #293499
25ef1f6 Add coverity setup for Travis
41b5188 fixed install for static target, fixed BUILD_DOC acknowledgement
86bd30a Restore ability to feed script file via stdin, using `-s -`.
c91dcca ubi, write: fix invalid envsize ptr to UBI_IOCVOLUP
f4b9cde Allow negative offsets
45bf92a Detect sector size if not found in config
9f59db6 uboot_env: remove unused variables
65d243e README: libubootenv is now in oe-core
ba952d0 BUG: variable lists not released in close()
690f868 Variables are not removed when loading from file
9e3586a Make sure there's no file descriptor leakage in case of error
03647c4 Check config file defines a non-zero Sector size
3b2d4f1 Check environment size from fw_env.config
879c073 Do not hardcode path for install
d9c639b libubootenv: add pkg-config support
cc628ee libuboot: wrap libuboot in extern "C" for C++
```
Also add u-boot-default-env to RRECOMMENDS since
/etc/u-boot-initial-env is being referred in libubootenv source, and
turns libubootenv's PACKAGE_ARCH to be MACHINE_ARCH since
u-boot-default-env is a machine-arch package.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
grub and grub-efi recipes' CVE_PRODUCT should be grub2.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Richard Purdie
wangmy
Peter Bergin
Ming Liu
Alexander Kanavin
Alistair Francis
Kai Kang
Stefano Babic
Klaus Heinrich Kiwi
Khem Raj
Scott Murray
Naveen Saini
Dorinda
Ross Burton
Ross Burton
Norbert Kaminski
Yongxin Liu
Khasim Mohammed
Maxime Roussin-Bélanger
Lee Chee Yang
Pierre-Jean Texier
Chen Qi