| Age | Commit message (Collapse) | Author |
|---|
|
Drop CVE patches which are fixed by the new upstream version.
Modify conflicting patches to apply to the new versions:
libxml2/libxml-m4-use-pkgconfig.patch
libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
Drop fix-python39, which is merged upstream.
Removed hunk for tstLastError.py from
libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
since it has been fixed upstream by:
8c3e52e: Updated python/tests/tstLastError.py
libxml2.registerErrorHandler(None,None):
None is not acceptable as first argument
failUnlessEqual replaced by assertEqual
The checksums for the licence file changed because a typo was fixed
across the files. The licence remains the same.
The obsolete MD5 checksums for the tar files have been dropped in
favor of SHA256.
The new release also adds fuzz tests, which are removed from the
makefile to allow the ptests to run. Fuzz testing is done upstream
and there is no need to run them as part of ptests which are
intended for functionality testing.
(From OE-Core rev: c7c429d05ca51b0404f09981f6c9bcad7dc33222)
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport to dunfell
Fixes CVE-2021-3541
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3541
https://bugzilla.redhat.com/show_bug.cgi?id=1950515
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
|
|
This pulls in non-bash shell fix for enable/disable command, upstream
commit 8636cf4 ("update-rc.d: Fix enable/disable command"). This way
update-rc.d works with e.g. dash shell again.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Changqing Li <changqing.li@windriver.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f697332a3a753898183d7c5d2965dd75db9b0a24)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Backport patch to fix CVE-2021-28831.
(From OE-Core rev: e579dbd9a6b2472ca90f411c0b594da9e38c9aca)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Akash Hadke <akash.hadke@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Includes the following fixes:
4f0a61f753 wordexp: handle overflow in positional parameter number (bug 28011)
8e88c0d888 Fix SXID_ERASE behavior in setuid programs (BZ #27471)
74a4425fae Enhance setuid-tunables test
bb5bb87959 tst-env-setuid: Use support_capture_subprogram_self_sgid
700264179c support: Add capability to fork an sgid child
7fa6d30eea support: Typo and formatting fixes
0de2b69c31 support: Pass environ to child process
0c92f409a7 S390: Also check vector support in memmove ifunc-selector [BZ #27511]
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
There's a flaw in libxml2 in versions before 2.9.11. An attacker who is able to submit a crafted file to be processed by an application linked with libxml2 could trigger a use-after-free. The greatest impact from this flaw is to confidentiality, integrity, and availability.
Upstream-Status: Backport [from fedora:
https://bugzilla.redhat.com/show_bug.cgi?id=1954243]
Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
expat < 4.0 is vulnerable to billion laughs attacks (see
[https://github.com/libexpat/libexpat/issues/34]). This patch backports
the commits b1d039607d3d8a042bf0466bfcc1c0f104e353c8
and 60959f2b491876199879d97c8ed956eabb0c2e73 from upstream.
Additionally, the SRC_URI had to be adjusted due to renaming of the
source archive
Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
VIRTUAL-RUNTIME_base-utils-syslog"
This reverts commit e990a9ec5d6eaf2c328d61c4de73ea6c270cfa15.
Patch not in master, erroneously applied
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cd4d76f43c6ead9f32dece1faa9c9c5da895d9cd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
We've noticed that:
MACHINE=qemuarm oe-selftest -r glibc.GlibcSelfTest.test_glibc
ends up with one process growing to about the size of system memory
and triggering the OOM killer. This has been taking out other builds
running on the system on the autobuilders and is one cause of our
intermittent failures.
This was tracked down to:
WORKDIR=XXX/tmp/work/armv7vet2hf-neon-poky-linux-gnueabi/glibc-testsuite/2.33-r0
BUILDDIR=$WORKDIR/build-arm-poky-linux-gnueabi QEMU_SYSROOT=$WORKDIR/recipe-sysroot
QEMU_OPTIONS="$WORKDIR/recipe-sysroot-native/usr/bin/qemu-arm -r 3.2.0" \
$WORKDIR/check-test-wrapper user env GCONV_PATH=$BUILDDIR/iconvdata LOCPATH=$BUILDDIR/localedata LC_ALL=C $BUILDDIR/elf/ld-linux-armhf.so.3 \
--library-path $BUILDDIR:$BUILDDIR/math:$BUILDDIR/elf:$BUILDDIR/dlfcn:$BUILDDIR/nss:$BUILDDIR/nis:$BUILDDIR/rt:$BUILDDIR/resolv:$BUILDDIR/mathvec:$BUILDDIR/support:$BUILDDIR/nptl \
$BUILDDIR/nptl/tst-pthread-timedlock-lockloop
although other glibc tests appear to use 16GB of memory before failing
anyway. By capping the VM size to 8GB, we see the same number of failures
but no OOM situations. There may be some issue in qemu or the test which
could be improved to avoid this entirely but this provides a necessary
and useful safeguard to other builds and doensn't appear to make the
situation worse.
On a loaded system OOM may not occur as the test timeout may be triggered
first. An experiment with a 5GB limit showed an additional 7 failures.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 58d4f669bd46805669daf87626350fe9359feca5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Before, running ptests on core-image-minimal would result in
an error due to missing /bin/bash:
[ -d test ] || ln -s ../libxml2-2.9.10/test .
make: /bin/bash: No such file or directory
make: *** [Makefile:2105: runtests] Error 127
Changing the Makefile to use /bin/sh results in some of the
tests failing, so I have added the missing dependancy on bash.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d2e81298c446aec8d7fcf61fd5023ac30350f205)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Reformatted runtest.patch to allow it to be applied using git am.
This makes it easier to apply the series of patches to the original git repo.
There are no changes to the code of the patch other than the reformat.
Previously, the patch claimed to be a backport, but I have not found an
upstream commit so I've changed the Upstream-Status to pending.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0361d625e1573e846a2f03ed90a8b897bc405160)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
syslog.cfg is added to the list of sources for busybox
independent of the VIRTUAL-RUNTIME_base-utils-syslog variable. So even
if VIRTUAL-RUNTIME_base-utils-syslog being set e.g. to empty, syslogd will
be enabled. So only include syslog.cfg in SRC_URI if
VIRTUAL-RUNTIME_base-utils-syslog is set to busybox-syslog.
Signed-off-by: Volker Vogelhuber <v.vogelhuber@digitalendoscopy.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream database uses both "expat" and "libexpat" to report CVEs
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 706bdcaec5fd7c59d7877bbefa5ed4ce5b4f3da1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
"Given runcon is not really a sandbox command, the advice is to use
`runcon ... setsid ...` to avoid this particular issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2d273b5aed4a5bd509ec9c68a6f451c17ec17d0c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
These CVEs are disputed by upstream and there is no plan to fix/address them. No
other distros are carrying patches for them. There is a patch for 1010025
however it isn't merged upstream and probably carries more risk of other bugs
than not having it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b238db678083cc15313b98d2e33f83cccab03fc6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61cc9acb54be09a12aac7c79f4b14e7e525d5596)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f8bf6b5f9aedcc4490008000250e69f74529db75)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c4301758f5a1560965ca5fb69eb1492adf351ed0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Recently an entry in the NVD DB appeared that looks like that
{'vulnerable': True, 'cpe_name': []}.
As besides all the vulnerable flag no data is present we would get
a KeyError exception on acccess.
Use get method on dictionary and return if no meta data is present
Also quit if the length of the array after splitting is less than 6
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00ce2796d97de2bc376b038d0ea7969088791d34)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
some record from NVD can merge or split suffix from version, for
example:
CVE-2017-15906
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*"
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*"
in such case include the suffix into version when update local CVE db.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 13cc68197f81bb7c76fa1abecc5dd720b8bdb8d5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Currently the install script copy only few hard coded item while
setting up target ESP, kernel artifacts, all .efi in EFI/BOOT,
grub & boot cfg and loader.conf.
While ESP can be much complex, eg: contain multiple initrd.
Add a ESP folder to carry any other files to setup onto ESP.
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6eaca9cf20c42501fba27dea3a6446bad948e859)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The relevant commit log:
$ git log --format="%h %s" df31c7ca927242d5d4eee97f93a01e23ff47e332..f84949f1c4bbf20e6a1d9a5859cf012cde060ede
f84949f1c4 powerpc64: Workaround sigtramp vdso return call
5e43566f0f nscd: Fix double free in netgroupcache [BZ #27462]
d0c84d22b6 gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256)
af316e4627 x86: Check IFUNC definition in unrelocated executable [BZ #20019]
36eb01dd85 x86: Set header.feature_1 in TCB for always-on CET [BZ #27177]
8b7be87aa2 x86-64: Avoid rep movsb with short distance [BZ #27130]
c4f5e32aae Fix buffer overrun in EUC-KR conversion module (bz #24973)
0858f46440 Add NEWS entry for CVE-2020-29562 (BZ #26923)
1e40391de2 iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923)
568c86274a tests-mcheck: New variable to run tests with MALLOC_CHECK_=3
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
In cases where we configure the IP address and more on the kernel
command line with ip= we should not ask for DHCP with systemd-networkd
later on. We have such a setup with our runqemu script.
With this match in place we can also deploy this unit on qemu systems.
Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8c4981e740c0e630200dbc77c9e3dfd3e43b790b)
|
|
kernel-devsrc is a dependency of the image so we no longer need the symlink
creation code or the module-base inherit/dependency as it is included in
that recipe. The KERNEL_VERSION usage was broken anyway as the module
usage would have needed a:
do_image[depends] += "build-appliance-image:do_configure"
which wasn't present so it was indeterminate if KERNEL_VERSION was set
correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a46b43bb67b2f87ec370480e50a2e2d111555b75)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be8d3d0fa6bbc2924ffbdbaa66e9ffaef2b96de6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
When building vim it tries to rebuild files using iconv. If this fails
the build continues anyway but the output is not determnistic as builds
using a hosttools tarball are different from builds where there isn't a
hosttools tarball. Add the needed gconvs to the tarball when iconv is
present to become determistic and generate vim locales consistently.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b945652a088f430a2adec6b968cd00c5928d4272)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d3a81dd0e72a3495bfc7cc969c2bb806b666023d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The naming convention needs to be help so the CVE is recognized as
fixed by the tooling.
Signed-off-by: Anatol Belski <anbelski@linux.microsoft.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This recudes the file count from ~2850 to ~100 which is a huge win
for reducing build directory clutter, its unlikely anything uses the
terminfo data or man pages in the sysroot. This is especially helpful
as we usually end up with two copies of these sets of files.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 443633dfc20177ef88a388d96745675817510c99)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This image is only buildable for x86-64, so add a COMPATIBLE assignment
to ensure it isn't attempted on others.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bdd8208675c8a0c0232c678804a8b62cd74f1d48)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Source: openembedded.org
MR: 107928
Type: Security Fix
Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-core/glibc?id=53d149df4d8832e34ace2470c31ddc688176faf7
ChangeID: 462441a4a91cb481401e170876c25dcdbd00f1e0
Description:
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2019-25013
* upstream tracking: https://sourceware.org/bugzilla/show_bug.cgi?id=24973
* patch from upstream:
https://sourceware.org/git/?p=glibc.git;a=patch;
h=ee7a3144c9922808181009b7b3e50e852fb4999b
(From OE-Core rev: 53d149df4d8832e34ace2470c31ddc688176faf7)
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 164b3e63612b40e984aec19c5a54c8ae408725ec)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Source: glibc.org
MR: 107580
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/?p=glibc.git;a=commit;h=681900d29683722b1cb0a8e565a0585846ec5a61
ChangeID: 7bc5edb2e1947ac0774a453000a1568bbe3bb7d2
Description:
Fixedup to match 2.31 context. ldbl2mpn.c is in i386 for this version
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Brings in a number of fixes from upstream stable tree:
$ git log --format="%h %s" v244.3..v244.5
3ceaa81c61 kernel-install/90-loaderentry: fix when /boot is not mountpoint
ecbb5a4f67 nspawn: fix fd leak on failure path
a09947ddd4 nspawn: check return of setsid()
334f8e2e8f dissect: is_loop_device() returns negative on error, don't mistake that is true
b6efbbfb00 dissect: always invalidate secondary arch partitions if we found primary arch
dc5c5cd5c8 util: wireguard is merged into upstream kernel
6349956dda fstab-generator: add 'nofail' when NFS 'bg' option is used
f4777883f9 busctl: add missing shortopt -l
9f6249eb7f bootctl: handle if LoaderSystemToken is invalid for some reason
bda316cc0a hashmap: make sure to initialize shared hash key atomically
b80ea9e3da backlight: do not claim that ID_BACKLIGHT_CLAMP= property is not set
c829f6e7ca coredump: don't convert s → µs twice
bb9d872398 firstboot: fill empty color if ansi_color unavailable from os-release
156570cc77 resolved: make sure we initialize t->answer_errno before completing the transaction
02bba02fa6 src/shared/dissect-image.c: fix build without blkdid (#16901)
13cb598631 analyze: fix error handling in one case
6ab20e9f3b units: add missing usb-gadget.target
9ef259dd4d login/logind: Include sys/stat.h for struct stat usage
7762e59fd4 partition/makefs: Include missing sys/file.h header
3528ace8fb networkctl: label command does not take any argument
34b4dc64c6 missing: Add new Linux capability
ba28e6fc45 tty-ask-pw-agent: properly propagate error
7b6e0f74f2 tty-ask-pw-agent: the message string might not be set
0bfe4bd39b tty-ask-pw-agent: make sure "--list" works correctly
0783b4f8ce path: Improve $PATH search directory case
d0735d81d4 path: Skip directories when finalising $PATH search
436872f995 rules: don't install 80-drivers.rules when kmod is disabled
342dc4c15f zsh: correct journalctl command completion parsing
fec0bb6df4 basic/missing_syscall: fix syscall numbers for arm64 :(
bea900bb31 shared/install: fix preset operations for non-service instantiated units
677fb2b663 user-runtime-dir: deal gracefully with missing logind properties
11a97bc230 shared/seccomp: do not use ifdef guards around textual syscall names
d411a4d6a6 machine-id-setup: don't use KVM or container manager supplied uuid if in chroot env
9b078df0ba analyze-security: do not assign badness to filtered-out syscalls
da0cc77b52 load-fragment: fix grammar in error messages
74d7c53e5f test: accept that char device 0/0 can now be created witout privileges
5c35bcf329 tools/make-man-index: fix purpose text that contains tags
da1eb548fb Newer Glibc use faccessat2 to implement faccessat
b44e86ef76 bless-boot: add missing verb to --help
88b6379bcd fix typo in systemctl help
d091e19bbd _sd-common.h: avoid parsing errors with Coverity
d56055f47f nspawn: Fix incorrect usage of putenv
674a2beff0 udev: fix codesonar warnings
16477684d2 sd-boot: fix -Wpointer-sign warning
cc8aeb9916 network: fix static assertion on IPPROTO_MAX range
f047b0706c sd-boot: fix menu ordering with boot counting
896de33984 tests: add a testcase for https://github.com/systemd/systemd/issues/15885
bbc6ff960a network: Fix crash when SendOption= is invalid
1599741b55 kernel-install: strip BOOT_IMAGE= from kernel options
1d1f5006cb basic/user-util: always use base 10 for user/group numbers
b07d782047 parse-util: backport safe_atou32_full()
7bc54463ce Fix build with µhttpd 0.9.71
b074499894 random-seed: add missing header for GRND_NONBLOCK (#14988)
ec9fd71358 makefs: strdup arguments to mkfs
efd5b1d443 network-generator: allow empty hostname
c188248371 network: DHCP lease load SIP copy paste error
cd7d8bb962 davfs is a network file system
6aae7f596a logind: log a more accurate error when we failed at session creation
f4d5928122 docs: Add syntax for templated units to systemd.preset man page
148f7b147a man: add a tiny bit of markup
dbe16df9cd test: wait a bit after starting the test service
a713f52ddb fix journalctl regression (#15099)
49e7c3b617 core: transition to FINAL_SIGTERM state after ExecStopPost=
d25598854d journalctl: show duplicate entries if they are from the same file (#14898)
037a0fa5d0 udev: fix SECLABEL{selinux} issue (#15064)
9de06cd65a dissect-image: avoid scanning partitions
fa65938017 test: ignore IAB capabilities in `test-execute`
16cac70094 Support compiling with clang and gnu11 standard
1ea52d91c8 Typo fix
869614a551 boot: Ensure ARM UEFI binary does not contain FP/SIMD instructions
Patches CVE-2020-13776.patch and systemd-udev-seclabel-options-crash-fix.patch
can be dropped as they are already applied in 244.5 upstream release.
Not needed on master branch or gatesgarth as they run newer systemd version 246.
Tested on an ARM64 target with automatic tests which are passing on our side.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Upstream has disputed CVE-2020-35457 claiming it's not exploitable but
the patch is simple to add.
https://security-tracker.debian.org/tracker/CVE-2020-35457
"https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d
https://gitlab.gnome.org/GNOME/glib/-/issues/2197
Upstream position is that it is not realistically a security issue."
For master branch this CVE is not reported by CVE checker:
NOTE: glib-2.0-2.66.4 is not vulnerable to CVE-2020-35457
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Includes fixes:
$ git log --format="%h %s" 6fdf971c9dbf7dac9bea552113fe4694015bbc4d..df31c7ca927242d5d4eee97f93a01e23ff47e332
df31c7ca92 iconv: Accept redundant shift sequences in IBM1364 [BZ #26224]
7df507808c sh: Add sh4 fpu Implies folder
8dc7605665 aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798]
48cf525f4b x86: Optimizing memcpy for AMD Zen architecture.
8d730cb25a Reversing calculation of __x86_shared_non_temporal_threshold
4bc9918c99 AArch64: Use __memcpy_simd on Neoverse N2/V1
4722d1fb9d [AArch64] Improve integer memcpy
bea507a3f5 AArch64: Rename IS_ARES to IS_NEOVERSE_N1
d0a5b76902 AArch64: Improve backwards memmove performance
24a30c5959 AArch64: Add optimized Q-register memcpy
88db98fa6e AArch64: Align ENTRY to a cacheline
32965a46ce intl: Handle translation output codesets with suffixes [BZ #26383]
Tested on aarch64 target with CI and long running tests.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Helps to execute it with busybox shell
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 45ba0ca0352bca46f974d28781ac935d8e9ec3ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
When using coreutils nativesdk (e.g. with buildtools-tarball) for
running oe-core builds, a number of recipes/classes/etc. expect xattr
support. This requirement is also expressed by the existing
PACKAGECONFIG_class-native default including xattrs.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 80d7debffdeed165006b26dcb89cffafaaecca06)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
By default ncurses includes the values of LDFLAGS in its output
pkgconfig .pc files. This causes issues because OE includes options that
are specific to either the build host, or build configuration. These
options are not expected to be embedded in the pkgconfig output that is
installed.
Specifically this change resolves issues with uninative, where uninative
includes '-Wl,--dynamic-linker=' in LDFLAGS in order to force the
building and execution of native binaries against the dynamic linker
provided by uninative. This path is specific to TMPDIR at the time of
build, such that the installed files (and the associated sstate) have
this path. This prevents the sstate from being portable across build
directories/hosts.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ef960d14bd9cecb9a3b50994636fbd455f06104a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Instead of having a config.cache that overrides the system site files,
simply set the values in CACHED_CONFIGUREVARS. We can also drop the
mkstemp check as the configure.ac assumes it works, leaving just
nanosleep.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c30c90e3adfa91407c37838c971e251f8482e2b8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Fixed when ncurses-terminfo-base is not installed:
$ infocmp
infocmp: couldn't open terminfo file linux.
The required file is in ncurses-terminfo-base
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f3e0a6bf1b7d9009c253e3f97df8736ecf3aa79b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
It only added ${SDKPATHNATIVE}/usr/bin to PATH which didn't work when files
were installed to other bin dirs such as /bin or /sbin, for example,
nativesdk-pigz installs the files to /bin, now fix it to keep align with sdk's
PATH.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 67cac575a5696af5bad1aab888b65ea2686adff7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
fix below error:
wic ls ./core-image-minimal-intel-x86-64.wic
ERROR: Can't find executable parted
wic depend on some tools like parted/mtools/..., and we have those
tools in native_sysroot. so above problem can be avoided by
run command like wic ls imagename.wic --native-sysroot <path>
but this cannot cover condition that usr don't have build the
image, the image just copy from somewhere.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c0eda6ec09395f3a04cb80107a3ca33a063b21f8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
nativesdk support
In order to make wic tool work in sdk which is out of an
existed Yocto build, it needs to port wic tool as a nativesdk
recipe.
First, make these runtime depends recipes to support nativesdk
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cb4f7f078e1d3b1afbf93ca4dc5e690f60c59412)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
CVE-2013-0221 through -223 are all SUSE-specific, so add them to the
whitelist.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 59f2120de3b6d53bbfb9db858ffb8b7b20c8d1ce)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
If a CPE version field is just *:*:*:* it should be handled the same as
-:*:*:*, that is 'all versions'. To ease handling, transform this case
to use -.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 04a9bc4ca5294fe6834513669c7746a824d12b04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
Tony Tascioglu
Marek Vasut
Chen Qi
Steve Sakoman
Jasper Orschulko
Lee Chee Yang
Ming Liu
Richard Purdie
Volker Vogelhuber
Alexander Kanavin
Konrad Weihmann
Anatol Belski
Stefan Schmidt
Dorinda
Ross Burton
Scott Murray
Armin Kuster
Mikko Rapeli
Khem Raj
Nathan Rossi
Ross Burton
Robert Yang
Changqing Li
Hongxu Jia