Age | Commit message (Collapse) | Author |
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The fix for the CVE in 2.9.13 caused a regression which
was addressed after 2.9.13. We import that patch here.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f7fd194feb4f7993518388160acd5199fcfc3b26)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
- new version includes fix for CVE-2022-23308
- drop patche which was upstream
- refresh patch
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d687f1ac2017a1cc94ac4733cd46755d5aabd120)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The project has migrated from www.xmlsoft.org to gitlab.gnome.org.
Update the homepage accordingly, and use gnomebase to construct the
download URL, rather than including it in SRC_URI explicitly.
Note that the download is now in .xz format rather than .gz, so the
sha256sum is updated accordingly. Post-decompression tarballs are
identical, so there is no change to the libxml2 code.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8bc17ceb997f8f31a03e5f5efc41c03ef1df3add)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6a3289c4786c4d278e2bf0ec1a5e04363772d8bc)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e543d4407fdc91559a77d6c5cd41bcb75bc8c73c)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 62a797b863c443f35a5ae9483c12108fcf24b606)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Three CVEs were meant to be ignored via CVE_WHITELIST, but that wasn't
the correct variable name.
The CPEs for those CVEs mean that they don't get picked up in our report,
so just remove the assignment.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dea00faf30ec7c19b6b5ed4651b430ba3faf69ff)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91aa5e3f94a7f82be7949ecfde2764d51384ad42)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This is a security fix release containing fixes for CVE-2022-25235, CVE-2022-25236,
CVE-2022-25313, CVE-2022-25314 and CVE-2022-25315.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b71344dacb71cfc452b335a6f2fb9cb74e2e1ff8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
If mounts are left lingering, then after we switch_root, attempts to
modify the block devices will result in an EBUSY with no way to unmount
them. As we're about to switch_root anyways, there isn't much use to
keep anything mounted unless it has the new rootfs.
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4dc7af6d25597ea10ea43e76c7c3d7251462c0e5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a workaround for the following issue that affects python3-lxml:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/255
Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2f52be7c42ea37243f9aea1898ef7052904f9290)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Fixes CVE-2022-23852 and CVE-2022-23990.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4ed96683893e7433804ccf7a4000a2dd18318ef5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=8c8a71c85f2ed5cc90d08d82ce645513fc907cb6]
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=472e799a5f2102bc0c3206dbd5a801765fceb39c]
Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9532134b86211801206ff540c4c284f43006f7b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=062ff490c1467059f6cd64bb9c3d85f6cc6cf97a]
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=f7a79879c0b2bef0dadd6caaaeeb0d26423e04e5]
Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 20cc83dd8d323d7ea86b3625f4e8da94c160def9)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=226b46770c82899b555986583294b049c6ec9b40]
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=ef972a4c50014a16132b5c75571cfb6b30bef136]
Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6ad7240c732dd63e74ac32588b92241030c194ae)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Upstream-Status: Backport [https://sourceware.org/git/?p=glibc.git;a=commit;h=e368b12f6c16b6888dda99ba641e999b9c9643c8]
Upstream-Status: Backport
[https://sourceware.org/git/?p=glibc.git;a=commit;h=f545ad4928fa1f27a3075265182b38a4f939a5f7]
Signed-off-by: pgowda <pgowda.cve@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 83fa93b5fdb10a589bad2a9fc83552df8f1dbf28)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Primarily a security fix release which includes:
CVE-2021-45960
CVE-2021-46143
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-22825
CVE-2022-22826
CVE-2022-22827
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9dbd9540f3e19d92ef38c8537792bd028ed174ad)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Changelog:
=========
#509 #510 Link againgst libm for function "isnan"
#513 #514 Include expat_config.h as early as possible
#498 Autotools: Include files with release archives:
- buildconf.sh
- fuzz/*.c
#507 #519 Autotools: Sync CMake templates
#495 #524 CMake: MinGW: Fix pkg-config section "Libs" for
- non-release build types (e.g. -DCMAKE_BUILD_TYPE=Debug)
- multi-config CMake generators (e.g. Ninja Multi-Config)
#502 #503 docs: Document that function XML_GetBuffer may return NULL
when asking for a buffer of 0 (zero) bytes size
#522 #523 docs: Fix return value docs for both
XML_SetBillionLaughsAttackProtection* functions
#525 #526 Version info bumped from 9:1:8 to 9:2:8;
see https://verbump.de/ for what these numbers do
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98a87bcfa50fc46ea86a085d330f5cbc41ddaaa5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The systemd-journal-gateway user and group are never added to an image
since the package name added to USERADD_PACKES is wrong.
Signed-off-by: Florian Amstutz <florian.amstutz@scs.ch>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 495dc879b1eff4f70da6f783341b9a3085180a22)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport patch [1] to fix CVE-2021-39537 [2].
[1] https://github.com/mirror/ncurses/commit/790a85dbd4a81d5f5d8dd02a44d84f01512ef443
[2] http://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/devel/ncurses/patches/patch-ncurses_tinfo_captoinfo.c?rev=1.1&content-type=text/x-cvsweb-markup
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
(cherry picked from commit 8fceb122a1c0240106342738de7d2484b48d9a6a)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5671ef44cf85df00406b391f7786ffaefd05a701)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4744336d854b56cdd81a19f60f6d1c659bae7147)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d5d3704acf4d2e70ee41eb5e6fe852a4c1bc3595)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 14c6e5a4b72d0e4665279158a0740dd1dc21f72f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
CET can't be enabled on i586 or c3 for x86, adjust the configuration accordingly
to fix those builds.
[YOCTO #14632]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 26e4fed594daefb6923c50171360f925c4822683)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport the fix for CVE-2021-43396. It is disputed that this is a security issue
however the fix applies easily so we may as well.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e8de9b01c6b305b2498c5f942397a49ae2af0cde)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
GLIBC_GIT_URI is used along with branch=${SRCBRANCH} so no need to add
it here.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c9cfe326913d28f82e6a91d1eeae55a6651f0f7)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Github has announced there will be no more git:// fetching from their servers:
https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git
and they're about to start having brownout periods to encourage people
to update. This runs the conversion script over OE-Core to update our
urls to use https instead of git.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b37b61e9a1e448a34957db9ae39285d21352552e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
This update was made with the script added to contrib in this patch which
aims to help others convert other layers.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b51c405faf6f8c0365f7533bfaf470d79152a463)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The wayland-scanner host tool required to build weston is moved to the
wayland-tools package, so update the SDK host tools list accordingly.
Also, the weston build requires wayland-scanner.pc to find wayland-scanner,
so add wayland-dev.
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 31ed91bdbb0ec05730fb98d7cc523bb46aca50e3)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Fixes "error: ‘FTW_ACTIONRETVAL’ undeclared (first use in this
function)" in src/shared/mount-setup.c.
Signed-off-by: Yureka <yuka@yuka.dev>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7707d08bb10db5eb782a2476be58ebe4b8bba154)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9e5d15aba7515952614f69e06d3d9b9316a77204)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
We're seeing pthread being linked sometimes and not others leading to
non-reproducible target binaries. The reason is mixing the native python
config with the target one. We should use the target one.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1bc5378db760963e2ad46542f2907dd6a592eb66)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
- update to next stable version 1.34.1
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 84c9bb0796aa4382cc08075ec2908aea81892f64)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libcidn has been dropped since glibc 2.28
Signed-off-by: Fred Liu <yclw3d2y@live.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Sort the list of files to ensure the pkgdata output is deterministic.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By enabling TPM support the boot will be measured into the TPM's
Platform Configuration Registers (PCRs).
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The recipe can't be built for riscv32 so exclude it alongside riscv64.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The class adds an emtpy PACKAGES setting but most code now uses the
nopackages class which is much clearer. It also adds recursive do_build
dependencies which don't really serve any useful purpose any more.
Simplify the code and drop the class use.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently, if you change the site files, nothing rebuilds since they are
not accounted for in task checksums. They could/should be through the
file-checksums task flag. We need to cache all the files looked for,
whether the exist or not so that if they do exist and didn't,
the checksum also changes.
This gets complicated by the need to clean out hardcoded build
paths from the variable and that other layers can have site files.
This patch adds this functionality. A new variable, SITEINFO_PATHVARS
is added which controls which substitutions to make on the file-checksum
values to remove the hardcoded paths. Layers adding site files will need
to set this to a variable that has the layer path in it and is excluded
from task hashes (COREBASE is the one the core layer uses).
This patch will cause yocto-check-layer to fail for some layers
where site files are added yet the layer isn't a machine specific layer.
This is arguable correct since these additional site files apply to
all recipes and things from a layer like core could be changed by such
changes so it is right they should rebuild. There is a determinism issue
potentially there if not. meta-openembedded does have some such references
but looking at them they should move to core or likely just be removed as
most look obsolete anyway.
[YOCTO #13729]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
sometimes we can find release tarballs from sourceforge are not fully
distributed along all download mirrors leading to fetching faiilures,
depending on what download mirror will be chosen by sourceforge
servers.
As the project moved to github anyway, it's better to pull the tarballs
directly from github releases - serving the very same static artifacts.
Add an override UPSTREAM_CHECK_URI to enable devtool upgrade checks
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The TPM2 support is used, among other things, for unlocking encrypted
volumes.
Signed-off-by: Kristian Klausen <kristian@klausen.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|