Age | Commit message (Collapse) | Author |
|
Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9259d684415e3e7923de74359a4ed3487e0e9da7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This also plugs a memory leak in pseudo_client_ignore_path_chroot().
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8dddd5054a1c4e20a3e32fa9ab31f5859d6fbb6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
It failed as below when rerun do_install for tcl:
$ bitbake tcl
$ bitbake tcl -f -cinstall
[snip]
| NOTE: make -j 72 DESTDIR=/build/tmp/work/core2-64-wrs-linux/tcl/8.6.10-r0/image install
| abort()ing pseudo client by server request. See https://wiki.yoctoproject.org/wiki/Pseudo_Abort for more details on this.
| /build/tmp/work/core2-64-wrs-linux/tcl/8.6.10-r0/temp/run.do_install.3490694: line 184: 3499214 Aborted (core dumped) make -j 72 "$@"
By default the S is ${WORKDIR}/${BPN}-${PV}, but after unpack,
the tcl source [1] unpacked to ${WORKDIR}/${BPN}${PV} and all the
files under ${WORKDIR}/${BPN}${PV} are acutally the source files.
But the the main Makefile.in is under ${WORKDIR}/${BPN}${PV}/unix
for tcl, so there is below logic in tcl recipe:
S = "${WORKDIR}/${BPN}${PV}/unix"
To adapt the potential pseudo changes, there is a general logic to
exclude ${S} from pseudo database in base.bbclass in [2]. That's to
say, just the dir ${WORKDIR}/${BPN}${PV}/unix is excluded from the
pseudo database.
But it's not enough for tcl, we need to exclude the actual source dir
${WORKDIR}/${BPN}${PV} from pseudo database specifically to fix the
above do_install failure.
[1] https://downloads.sourceforge.net/tcl/tcl8.6.0-src.tar.gz
[2] https://git.openembedded.org/openembedded-core/tree/meta/classes/base.bbclass#n396
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0d835f8069a336fd6bab1058d4e605a81c844212)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Newer systems are using this currently unwrapped glibc function,
add it.
[YOCTO #14080]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cba4f51f0166e2c20e854ee0344be0c58769eaca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ea22fb3aa1c5dd3edcd1d8b415a0843a9ee4677c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
There is magic in the posts where specific variable names have specific
magic. For that magic to work, "path" needs to be used not "pathname" as
is currently there. Fix this, which fixes path issues on systems using
statx (Ubuntu 20.04 in particular).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f9ae80aee98a7bb59c83ac9ebf9d317302507cec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add a path to fix up handling of dirfd being passed as a full file
and with path="".
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3006bbe7768e4efe33d3d2d3f5786a561ecbe96f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Mark files which are unlinked (nlink == 0) but open with fd's as
"may-unlink" to avoid problematic database entries.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e1e481f3608c05ab14c61bf45cd0837d7287b6a5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Fix a NULL pointer dereference exposed by the path ignore code in
xattr handling.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 929a27bf6cbca94d1141d2094ae0c915d93bd3f4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Where files are link()'d and one is unlink()'d, pseudo's fd mappings
can become confused. Add a patch to try and improve this for the common
usecases we see.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9ce621fa2099608ca0ccbb8420b31d71cdd7b00e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Rather than doing what turns out to be a rather dangerous "fixup" if
we see a file with a different path but the same inode as another file
we've previously seen, throw and abort. Direct the user to a wiki page
where we can maintain information about what this error means.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2db491d97da08d44ebd257f98489550a82a7935c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add PSEUDO_IGNORE_PATHS, a comma separated list of path prefixes, where
any files underneath are not handled by pseudo. This allows files to
be left out of the pseudo datanase where we know we don't need the
fake root emulation. This is particularly useful if we know these files
can be deleted outside of pseudo context.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8defb687a2c0ffac232c4d0d63a590871c453a2e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Currently, where pseudo finds a database entry for an inode but the path
doesn't match, it reuses that database entry metadata. This is causing
real world "corruption" of file attributes.
See [YOCTO #14057] for an example of this.
This can happen when files are deleted outside of pseudo context and the
inode is reused by a new file which pseduo then "sees".
Its possible the opposite could happen, it needs to reuse attributes
but this change would prevent it. As far as I can tell, we don't want
pseuo to reuse these attributes though so this code should be safer
and avoid bugs like the above.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1c13149b81e03a1ac48b27a208a139d5493c3ce7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Pseudo tests for an item being renamed to itself only after
information about it has been deleted. Move the test to before
we change the database.
Note that pseudo does not support renameat2(), but neither does
glibc.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6b3d109f42385ad1cf1f297a6c06ea7eb6509f26)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This adds in support for the OFC fcntl ioctl lock flags, removing
warnings on some more recent linux kernels.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 234168f803bee2e5b0955aabaddb1d967349fb82)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
[YOCTO #13959]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 18fbd28c9aa0276d110839c4282a9ab75fc9f28e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
We have a significant number of outstanding patches to pseudo. Rather than
queue these up as patches, create a branch in the upstream repo and use that
until such times as we have someone with the time/skills to properly review
these for master in the pseudo repo.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f09088eaa803ce396726368626a35dee70168d91)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The integrated Tcl/Tk module was removed in Ruby 2.4[1] back in 2016, so this
build dependency can be removed.
[1] https://github.com/ruby/ruby/commit/303dc3c591e324b6bbc691326d8bea76fe3b8fda
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9f4e181924a83d7b26b11de765c202a9bd036f64)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
To quote Zhuang <qiuguang.zqg@alibaba-inc.com>:
"""
A few days ago, I tried to compile a gcc plugin with the toolchain from poky sdk.
It failed with errors about missing header files such as backend.h etc.
After investigation, I found that the problem was brought by a gcc patch:
0012-gcc-Fix-argument-list-too-long-error.patch (which is considered derived from the original patch)
- headers=`echo $(PLUGIN_HEADERS) $$(cd $(srcdir); echo *.h *.def) | tr ' ' '\012' | sort -u`; \
+ headers="$(sort $(PLUGIN_HEADERS) $$(cd $(srcdir); echo *.h *.def))"; \
It changes the commands of install-plugin, making the sorting taken effect before the shell globs.
Thus results in the header files under gcc $(srcdir) being not installed.
By checking log.do_install, we can find that the `headers=' statement to run is incorrect and will not work as expected:
headers="$(cd *.def) *.h ../../../../../../../work-shared/gcc-10.1.0-r0/gcc-10.1.0/gcc/../include/ansidecl.h ...
As the patch says,
"The PLUGIN_HEADERS is too long before sort, so the "echo" can't handle it, ..."
my suggestion is that we can simply take care of PLUGIN_HEADERS
using the original proposed sort.
"""
This fixes the gcc patch as proposed as it does appear its been
broken over time.
(From OE-Core rev: dce28d8ac7fbae487cb6674b91fe2b574036b26d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 94eb5724b111cf3409219be3b169af79858eab7b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Previously install-sh was used, which is installed by autoconf so isn't
a relevant license.
Also remove S assignment, as that's the default.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 23cb39a5fa2a55681e7bc2605f435135cec9173b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2019-20633
* upstream tracking: https://savannah.gnu.org/bugs/index.php?56683
* Fixes potential for double free after incomplete fix for CVE-2018-6952
- src/pch.c (another_hunk): Avoid invalid memory access in context format
diffs.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be71dd2cc16a4c0d244a76a748f08ca0d9bfeba0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The tests' output is non-deterministic and sometimes
doesn't match the sample output. This has been reported at
https://bugs.kde.org/show_bug.cgi?id=430321
(see also an earlier related bug https://bugs.kde.org/show_bug.cgi?id=358213)
Until upstream figures out how to fix this, let's not run the tests.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7f7d2fa18267090891754d976cbc3e628324d3dd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
On one of my buildservers I noticed perl do_install failing with the
following message:
| rm: cannot remove '<OEROOT>/tmp-rpb-glibc/work/armv8-2a-linaro-linux/perl/5.32.0-r0/image//usr/lib/perl5/5.32.0/*/CORE/libperl.so': No such file or directory
I tracked this down to shell being dash rather than bash not being able
to expand this glob in the middle of the filename. So replace the glob
expansion with the simpler one which works in all cases.
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d1ea1b5c12120abdd085dc4eb69120af9258a99b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
fix CVE-2020-16592 & CVE-2020-16598
removed changes to Changelog in patch file
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
- move fixing patch for CVE-2020-8492 to the right location
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
nativesdk support
In order to make wic tool work in sdk which is out of an
existed Yocto build, it needs to port wic tool as a nativesdk
recipe.
First, make these runtime depends recipes to support nativesdk
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cb4f7f078e1d3b1afbf93ca4dc5e690f60c59412)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e2e230bd7ad73a57bfb6808a3c537f74f35e2378)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 07c26e3292dbaf71873f71bec2a631f880b2e76d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a467c0a03d077861c37e317dcb2905b6388cb64c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
update minor version to 1.14.12
go1.14.8 includes security fixes to the net/http/cgi and net/http/fcgi packages.
go1.14.9 includes fixes to the compiler, linker, runtime, documentation, and the net/http and testing packages.
go1.14.10 includes fixes to the compiler, runtime, and the plugin and testing packages.
go1.14.11 includes fixes to the runtime, and the net/http and time packages.
go1.14.12 includes security fixes to the cmd/go and math/big packages.
Release notes:
https://golang.org/doc/devel/release.html#go1.14.minor
updates include fix for
CVE-2020-24553
CVE-2020-28362
CVE-2020-28366
CVE-2020-28367
Also backport patch to fix below CGO_LDFLAGS error
| Building std for target, linux/amd64.
| go build runtime/cgo: invalid flag in go:cgo_ldflag: -Wl,-O1
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
When comparing builds built with different host umasks, this file jumped out.
The umask from do_compile was influencing ${D} and as cp was used to add the
file it wasn't deterministic. Fix the file mode to ensure determinism.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 37f37f4a52de3711973b372160f23672b61ff6ad)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This issue describes expected behaviour, do not use tarfile with
untrusted data.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f4c22e83f2e68ff157da5ea1303acc2931d63f5f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This CVE is issue on _Py_CheckPython3 uses uninitialized dllpath when embedder sets module path with Py_SetPath.
Since it is .dll issue (on windows only), hence whitelist it.
https://bugs.python.org/issue29778
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Release notes:
https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The ctypes module needs to use "ldconfig -p" to find the
library path and it simply has below logic if no ldconfig
installed.
except OSError:
pass
Before the patch:
>>> from ctypes.util import find_library
>>> lib_path = find_library('archive')
>>> print(lib_path)
None
After the patch:
>>> from ctypes.util import find_library
>>> lib_path = find_library('archive')
>>> print(lib_path)
libarchive.so.13
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ddb96902a124a6e1f035f0fd868b0139989bc1bc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
powerpc 32bit Linux Kernel widely uses .stabs pseudo-op to
produce debugging information in stabs format. Faced an issue
that during Linux Kernel build with Yocto build system for 32bit
powerpc platform resulting vmlinux contains absolute path in
.stabstr section that cannot be remapped with -fdebug-prefix-map
option.
Yocto uses scripts/mkmakefile Linux Kernel build approach that
allows to store all generated files outside of kernel source
tree. With this approach each compilier invocation is performed
with an absolute path to a file that will be compiled and this
absolute path is recorded in init stab. There is no way to remap
this path.
Reuse remap_debug_filename api to make -fdebug-prefix-map flag
aplicable for init stab.
Signed-off-by: Denys Zagorui <dzagorui@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The diffstat tool is part of HOSTTOOLS. To support hosts that do not
have it installed with buildtools-tarball it must be enabled for
nativesdk.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0ed002422bc46539f1d71ed19ee17358b6691bf0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dfc2b114e9d62f0eee04129009a24a8edb2a8dd1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The license headers are clear that the code is "or later", fix LICENSE
to match.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e565e0b908c71ad5106d1c6c73d269b819787e55)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The mkfs.vfat tool can also be provided by busybox via the CONFIG_MKFS_VFAT
configuration (not enabled by default in OE but can be enabled on
systems avoiding components based on GPLv3).
Signed-off-by: Ricardo Salveti <ricardo@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1227a29974671fd52014deaca7ac859a037cdeb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
remove some extra whitespaces
Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 32ce3716761165b9df12306249418645724122cc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Version 3.5.0 is a security release
Reference:
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
The primary purpose of the jquery recipe is to make the diffoscope
output from the autobuilder easier to navigate.
Master branch has been using 3.5.X for some time now so this should
be a safe upgrade.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d0f883c4cbdcf722767b437a69002244be4cf8d9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Fixes:
CVE-2018-16517: nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16517
CVE-2019-20334: nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20334
CVE-2019-6290: nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6290
CVE-2019-6291: nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6291
CVE-2019-8343: nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8343
Remove backported patches, rebase the rest.
Switch to using (mostly) standard autotools build.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4d13e2713efd5f6cbdc6cf1f86edd0b336ba3ba2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
CVE: CVE-2019-20175
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Straight-line Speculation is a SPECTRE-like attack on Armv8-A, further
details can be found in the white paper here:
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation
Backport the GCC patches to mitigate the attack.
CVE: CVE-2020-13844
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Replace OE private qemu patch with one that got upstreamed
and solves the same problem: increase qemumips CI performance
by increasing number of TLBs in CPU model and reduce need to
run software TLB refill code.
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a99dace7463d310688f4098a51316dc0743651e2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|