| Age | Commit message (Collapse) | Author |
|---|
|
The two duplicate lines are not needed. The existence is confusing.
Signed-off-by: Thomas Viehweger <patchesThomas.Vie@web.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 36bdb4faa90dc18bc020481eba82ee570b968c39)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The commercial license flag on libomxil is set because it may include
the Adaptive Multi-Rate audio codec (AMR) using FFmepg, which is patent
encumbered.
It turns out this component is disabled by default in the recipe; add a
PACKAGECONFIG to enable it and trigger the "commercial" LICENSE_FLAGS on
it. This make the default build configuration clean unless a user
specifically asks for AMR support, and prevents them from marking the
recipe with the "commerical" flag unnecessarily which could hide
potential problems later on.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5f61e20002c2af93e2d6810574e23606925526ee)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The current recipe unconditionally RDEPENDS on nodejs (the target one).
When building on the "-native recipe" of "BBCLASSEXTEND native" recipe,
the target nodejs is unnecessarily built.
This patch fixes this by only RDEPENDS on nodejs when building for the target.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 92a9a86df9e3bcffb13d2f8b5dcbe7822170f734)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Since the INIT_MANAGER variable has been introduced, there is no need
to append the distro features and set the init manager manually.
Replace the busybox/mdev and systemd examples with the 4 values
currently supported for the INIT_MANAGER variable.
Signed-off-by: Vivien Didelot <vdidelot@pbsc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 514454651522f97590d1403c50effd9c79df827a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Remove the redundant 'of' word in the INITRAMFS_IMAGE comment.
Signed-off-by: Vivien Didelot <vdidelot@pbsc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit de9544f4654510ac33821b7f170de3074205a221)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Sometimes bison would regenerate source files and sometimes it would not
This is likely related to the patching of generated files by on of the
patches.
Drop those changes and force the files to regenerate in all cases since
we depend on bison-native anyway. This ensures the results are always
consistent.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4449fa226e94f7124215c5ead43aadda7967f3af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Don't hardcode the host's grep path into xmlto.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a7d78971df193c321c309481749fc30cae77788c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
My previous fix wasn't correct as the file timestamps do vary by git checkout
or modification time and aren't correct here. Instead use a specific
date/time for the files to be deterministic.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 725a30a30052540a4b7fc2933396fe9eb946eeac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
When installing the font files, preserve their timestamp rather than using
the current time which fixes reproducibility issues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a0c4f4b0182a995f0eb2709cc9b3c852527ab936)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add some temporary bumps to versions to change the output hash so
the fix applies correctly. Can be dropped next time we update the
recipe and the output changes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 69205edcdff865048e55a6b7feaf82064ebc10c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The build was injecting the path of the host's sendmail binary. Set
this deterministically to match OE's path for it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 476328b91ea4417160580d28df4fcc1147d85ae2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The LINGUAS file can be written by two different Makefile targets
and if they race, the desktop file contents isn't deterministic.
Fix the makfile to avoid this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 416bc7b697764075fbf73683cd8bddf36d839244)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Add a couple of configure options to avoid determism issues in the vim build.
This can happen due to the addition of glib-2.0 to the native sysroot through
later task additions to the sysroot through indirect dependencies.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 914f86054f5ea0a115767c1b3d9cdb4c4ef9545b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The makefile injects the current date into the version file. Do this
deterministically with SOURCE_DATE_EPOCH.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 31f2ad739ea776a1e11b5cef5434df188007c7bf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
This test mimic the boot_from_runlevel_3 and boot_from_runlevel_5 test cases from oeqa/manual/bsp-hw.json.
The boot_from_runlevel_3 and boot_from_runlevel_5 manual test cases should be remove from oeqa/manual/bsp-hw.json if this patch get merged.
Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6effd30f0e3726bc1f2eb7768c57c6b95eddb079)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The reproducible build tests can take a long time, so having more
logging messages at various points in the build can help debug where the
build is taking a long time.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6b792afe8759d62af8e713b86dad8f6721961a05)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The SSTATE_MIRRORS variable was misspelled, which allowed the "clean"
test build to pull from the mirror.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e42497bd84d0bb370a9f7b0448bff29f01fd1b0c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
When building vim it tries to rebuild files using iconv. If this fails
the build continues anyway but the output is not determnistic as builds
using a hosttools tarball are different from builds where there isn't a
hosttools tarball. Add the needed gconvs to the tarball when iconv is
present to become determistic and generate vim locales consistently.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b945652a088f430a2adec6b968cd00c5928d4272)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
I've seen local differences in the quilt output depending on whether the column
binary was available in the sysroot. Fix determinism issues by being specific
about configuration.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0cd5fba8634bcc679518f98cc25be66a51081372)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
5b9a4104c902 Linux 5.4.98
3654a0ed0bdc squashfs: add more sanity checks in xattr id lookup
d78a70667738 squashfs: add more sanity checks in inode lookup
a814355e7057 squashfs: add more sanity checks in id lookup
848bcb0a1d96 Fix unsynchronized access to sev members through svm_register_enc_region
78e2f71b89b2 bpf: Fix 32 bit src register truncation on div/mod
8589eda99cb1 regulator: Fix lockdep warning resolving supplies
513fee2aee13 blk-cgroup: Use cond_resched() when destroy blkgs
d1eb41833408 i2c: mediatek: Move suspend and resume handling to NOIRQ phase
618b65dbde7a SUNRPC: Handle 0 length opaque XDR object data properly
19b56e8433e7 SUNRPC: Move simple_get_bytes and simple_get_netobj into private header
fa758032a546 iwlwifi: mvm: guard against device removal in reprobe
2fa76f19dc15 iwlwifi: mvm: invalidate IDs of internal stations at mvm start
c82793ef4f3b iwlwifi: pcie: fix context info memory leak
b301eaf27f86 iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap
01742ade9286 iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time()
8f630ed7e98e iwlwifi: mvm: skip power command when unbinding vif during CSA
589cf152fe47 ASoC: ak4458: correct reset polarity
e96d10250227 pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process()
a5c70e57c4c1 chtls: Fix potential resource leak
8b6d5013cd70 ASoC: Intel: Skylake: Zero snd_ctl_elem_value
db272cd2bc9e mac80211: 160MHz with extended NSS BW in CSA
26548561cb92 regulator: core: avoid regulator_resolve_supply() race condition
03d76df5f164 af_key: relax availability checks for skb size calculation
968b1b034136 tracing/kprobe: Fix to support kretprobe events on unloaded modules
5e1942063dc3 Linux 5.4.97
40af962eb1d4 usb: host: xhci: mvebu: make USB 3.0 PHY optional for Armada 3720
76ab33055fbc net: sched: replaced invalid qdisc tree flush helper in qdisc_replace
e65d331755de net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add
5d3007b6cc7b net: ip_tunnel: fix mtu calculation
90d7459d24b8 neighbour: Prevent a dead entry from updating gc_list
271ea7072901 igc: Report speed and duplex as unknown when device is runtime suspended
7018edb19a92 md: Set prev_flush_start and flush_bio in an atomic way
e857e21eb200 iommu/vt-d: Do not use flush-queue when caching-mode is on
5fdf672759e9 Input: xpad - sync supported devices with fork on GitHub
03d56dab56ae iwlwifi: mvm: don't send RFH_QUEUE_CONFIG_CMD with no queues
2d5705150707 x86/apic: Add extra serialization for non-serializing MSRs
bc1a3aeeff0f x86/build: Disable CET instrumentation in the kernel
40d0fff29761 mm: thp: fix MADV_REMOVE deadlock on shmem THP
56d61cd652dd mm, compaction: move high_pfn to the for loop scope
90ef21e5806f mm: hugetlb: remove VM_BUG_ON_PAGE from page_huge_active
af5508b1e862 mm: hugetlb: fix a race between isolating and freeing page
3264a763174f mm: hugetlb: fix a race between freeing and dissolving the page
108f56ed354f mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page
75be4852490f ARM: footbridge: fix dc21285 PCI configuration accessors
b2640b08c43c KVM: x86: Update emulator context mode if SYSENTER xfers to 64-bit mode
6d3201c77be5 KVM: SVM: Treat SVM as unsupported when running as an SEV guest
f9be9445e494 nvme-pci: avoid the deepest sleep state on Kingston A2000 SSDs
f9034fcb27c0 drm/amd/display: Revert "Fix EDID parsing after resume from suspend"
6844143e2198 mmc: core: Limit retries when analyse of SDIO tuples fails
68c825bd2726 smb3: fix crediting for compounding when only one request in flight
eaf2f835b52c smb3: Fix out-of-bounds bug in SMB2_negotiate()
00f581964b66 cifs: report error instead of invalid when revalidating a dentry fails
fd6dc98f66ef xhci: fix bounce buffer usage for non-sg list case
f6a47f2ce090 genirq/msi: Activate Multi-MSI early when MSI_FLAG_ACTIVATE_EARLY is set
c9654bbe52b5 libnvdimm/dimm: Avoid race between probe and available_slots_show()
d0f36951ead4 kretprobe: Avoid re-registration of the same kretprobe earlier
e80f9021d5be fgraph: Initialize tracing_graph_pause at task creation
efa17285b338 mac80211: fix station rate table updates on assoc
ecdd962c4b9b ovl: fix dentry leak in ovl_get_redirect
6b9a2e5c0c42 usb: host: xhci-plat: add priv quirk for skip PHY initialization
ddc682d33024 usb: xhci-mtk: break loop when find the endpoint to drop
32410786279f usb: xhci-mtk: skip dropping bandwidth of unchecked endpoints
f4e4f067f94c usb: xhci-mtk: fix unreleased bandwidth data
1f9e9c1048b8 usb: dwc3: fix clock issue during resume in OTG mode
9d058a06149b usb: dwc2: Fix endpoint direction check in ep_from_windex
2a968ab0d2dd usb: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop()
4d1d959348c1 USB: usblp: don't call usb_set_interface if there's a single alt
522567fe540d USB: gadget: legacy: fix an error code in eth_bind()
e57d70c59bb7 memblock: do not start bottom-up allocations with kernel_end
7e6dcaeadc0e nvmet-tcp: fix out-of-bounds access when receiving multiple h2cdata PDUs
f1c87b4b2c7b ARM: dts: sun7i: a20: bananapro: Fix ethernet phy-mode
d97a821b2e9c r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set
c545879e8080 net: mvpp2: TCAM entry enable should be written after SRAM data
bf0507fb2073 net: lapb: Copy the skb before sending a packet
1cef1d46add8 net/mlx5: Fix leak upon failure of rule creation
67b7f73bbe3f i40e: Revert "i40e: don't report link up for a VF who hasn't enabled queues"
6380ef64b9eb igc: check return value of ret_val in igc_config_fc_after_link_up
ec68581f7479 igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr
5ce999efcaa7 arm64: dts: ls1046a: fix dcfg address range
68e798fa3c0e rxrpc: Fix deadlock around release of dst cached on udp tunnel
98650c3d0e33 um: virtio: free vu_dev only with the contained struct device
02531b5549eb bpf, cgroup: Fix problematic bounds check
9146fffc5d2a bpf, cgroup: Fix optlen WARN_ON_ONCE toctou
4921f81ce65a arm64: dts: rockchip: fix vopl iommu irq on px30
831132b13f0d arm64: dts: amlogic: meson-g12: Set FL-adj property value
829bf438cb39 Input: i8042 - unbreak Pegatron C15B
0d6e0a192e2e arm64: dts: qcom: c630: keep both touchpad devices enabled
96dcfabef504 USB: serial: option: Adding support for Cinterion MV31
5ad95c521fd5 USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000
dfa820563c67 USB: serial: cp210x: add pid/vid for WSDA-200-USB
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98bb6a3cb528abe02b6edc291d05e240985ca80e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Updating linux-yocto/5.4 to the latest korg -stable release that comprises
the following commits:
d4716ee8751b Linux 5.4.96
b1a1c262e4b0 workqueue: Restrict affinity change to rescuer
5b1e4fc2984e kthread: Extract KTHREAD_IS_PER_CPU
2d7ca4a84b58 objtool: Don't fail on missing symbol table
88240f7ac221 drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping
53c10bbf9186 drm/amd/display: Update dram_clock_change_latency for DCN2.1
c6eb3dfdac44 selftests/powerpc: Only test lwm/stmw on big endian
805e9cdb5793 nvme: check the PRINFO bit before deciding the host buffer length
8e59209d53c9 udf: fix the problem that the disc content is not displayed
2d1593543418 ALSA: hda: Add Cometlake-R PCI ID
c03ecc192c8e scsi: ibmvfc: Set default timeout to avoid crash during migration
02cc1ee3e8d1 mac80211: fix fast-rx encryption check
efd061fc77f3 ASoC: SOF: Intel: hda: Resume codec to do jack detection
e0f1ba38f788 scsi: fnic: Fix memleak in vnic_dev_init_devcmd2
935fa0d5a5c5 scsi: libfc: Avoid invoking response handler twice if ep is already completed
335bbffdd90c scsi: scsi_transport_srp: Don't block target in failfast state
b1f680ffc25b x86: __always_inline __{rd,wr}msr()
d1aed452c05f platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352
c99ac7213638 platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet
6f705e80fb87 phy: cpcap-usb: Fix warning for missing regulator_disable
fd4c12f31209 net_sched: gen_estimator: support large ewma log
27afc7128345 btrfs: backref, use correct count to resolve normal data refs
66bcf5f6f989 btrfs: backref, only search backref entries from leaves of the same root
c3089b06d6fe btrfs: backref, don't add refs from shared block when resolving normal backref
21a0c97fb27c btrfs: backref, only collect file extent items matching backref offset
1960c3d40b69 tcp: make TCP_USER_TIMEOUT accurate for zero window probes
55cb8e232f9a arm64: Do not pass tagged addresses to __is_lm_address()
b28387cf8f1c arm64: Fix kernel address detection of __is_lm_address()
11084836e5fb ACPI: thermal: Do not call acpi_thermal_check() directly
1410d2b68207 Revert "Revert "block: end bio with BLK_STS_AGAIN in case of non-mq devs and REQ_NOWAIT""
5e8776df14fa ibmvnic: Ensure that CRQ entry read are correctly ordered
bc4e7277cc93 net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP
9edebe46010c net: dsa: bcm_sf2: put device node before return
e89428970c23 Linux 5.4.95
e7aeca61cb9b tcp: fix TLP timer not set when CA_STATE changes from DISORDER to OPEN
3e93b9efc3bb team: protect features update by RCU to avoid deadlock
489e35c6829a ASoC: topology: Fix memory corruption in soc_tplg_denum_create_values()
9a4d367b2783 NFC: fix possible resource leak
c929c76e98b0 NFC: fix resource leak when target index is invalid
b2f4a59a2216 rxrpc: Fix memory leak in rxrpc_lookup_local
6d25d788efa4 iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built
66f4f98ee363 iommu/vt-d: Gracefully handle DMAR units with no supported address widths
0551a2fd456c selftests: forwarding: Specify interface when invoking mausezahn
e4405451dd6e nvme-multipath: Early exit if no path is available
64a4ec1850f7 can: dev: prevent potential information leak in can_fill_info()
4dc2395d8f14 net/mlx5e: Reduce tc unsupported key print level
a66705277baf net/mlx5e: E-switch, Fix rate calculation for overflow
dbc13deeec6a net/mlx5: Fix memory leak on flow table creation error flow
02ef126a002d igc: fix link speed advertising
873d1a4740d6 i40e: acquire VSI pointer only after VF is initialized
cf9276211563 mac80211: pause TX while changing interface type
46c67a4c1a76 iwlwifi: pcie: reschedule in long-running memory reads
563daf7c0f4a iwlwifi: pcie: use jiffies for memory read spin time limit
f39fce916a7b pNFS/NFSv4: Fix a layout segment leak in pnfs_layout_process()
a3c5fec1e09f ASoC: Intel: Skylake: skl-topology: Fix OOPs ib skl_tplg_complete
748c2cd57615 RDMA/cxgb4: Fix the reported max_recv_sge value
72797bfc5f77 firmware: imx: select SOC_BUS to fix firmware build
347feca03881 ARM: dts: imx6qdl-kontron-samx6i: fix i2c_lcd/cam default status
f7c6e6c9b62c arm64: dts: ls1028a: fix the offset of the reset register
78fc9ef35d18 xfrm: Fix wraparound in xfrm_policy_addr_delta()
f5e7db4fcd38 selftests: xfrm: fix test return value override issue in xfrm_policy.sh
dac256de1fe2 xfrm: fix disable_xfrm sysctl when used on xfrm interfaces
a7edea0fe85a xfrm: Fix oops in xfrm_replay_advance_bmp
deb8d5dfeb63 netfilter: nft_dynset: add timeout extension to template
347a1a20b195 ARM: imx: build suspend-imx6.S with arm instruction set
61bdab3d770b xen-blkfront: allow discard-* nodes to be optional
65543408f257 tee: optee: replace might_sleep with cond_resched
ad3d896ef55c drm/i915: Check for all subplatform bits
59546420c51b drm/nouveau/svm: fail NOUVEAU_SVM_INIT ioctl on unsupported devices
37ef9b59f479 mt7601u: fix rx buffer refcounting
77771158182f mt7601u: fix kernel crash unplugging the device
2c4f52b9cddf arm64: dts: broadcom: Fix USB DMA address translation for Stingray
6aceac245059 leds: trigger: fix potential deadlock with libata
2c7b4b25293a xen: Fix XenStore initialisation for XS_LOCAL
632a7728da9b KVM: Forbid the use of tagged userspace addresses for memslots
ba668a507788 KVM: x86: get smi pending status correctly
ff5f6de29faf KVM: nVMX: Sync unsync'd vmcs02 state to vmcs12 on migration
2fc14cafefb3 KVM: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh()
c547d39feb65 KVM: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[]
e1ae9aab8029 btrfs: fix possible free space tree corruption with online conversion
d30cb3d348b8 drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[]
082dc611fdc8 drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs
53fd4e4003a6 PM: hibernate: flush swap writer after marking
7f9a267c67af s390/vfio-ap: No need to disable IRQ after queue reset
9077bc37d2d1 net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family
8aba60ebcfc3 wext: fix NULL-ptr-dereference with cfg80211's lack of commit()
720032d3dc84 ARM: dts: imx6qdl-gw52xx: fix duplicate regulator naming
b24dc0aa7e9b media: rc: ensure that uevent can be read directly after rc device register
5d6fd0357057 ALSA: hda/via: Apply the workaround generically for Clevo machines
f78803928481 ALSA: hda/realtek: Enable headset of ASUS B1400CEPE with ALC256
8de2109f4670 kernel: kexec: remove the lock operation of system_transition_mutex
93603a27fc31 ACPI: sysfs: Prefer "compatible" modalias
587c6b75d7fd nbd: freeze the queue while we're adding connections
b8fcb8f53995 IPv6: reply ICMP error if the first fragment don't include all headers
1f58e378a17e ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b39a6de2c1175e4554c688a44c905c24367fa57a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
updates include fixes for
CVE-2021-3114
CVE-2021-3115
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
release notes:
https://www.sudo.ws/legacy.html#1.8.32
updates include fixes for
CVE-2021-23239
CVE-2021-23240
CVE-2021-3156
Also backport patch to fix build error with musl
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Backport fixes for CVE-2020-8432 and CVE-2020-10648 from upstream.
Signed-off-by: Scott Murray <scott.murray@konsulko.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Lets include whcih layer a package belongs to and
add it to the cve logs
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00d965bb42dc427749a4c3985af56ceffff80457)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
patched CVEs
Default behavior is not changed. To suppress patched CVEs, set:
CVE_CHECK_REPORT_PATCHED = ""
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 05bd9f1f006cf94cf5324f96df29cd5862abaf45)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
per-recipe check file
The addition of this variable also makes it possible to change the
output suffix of the check files, e.g. in local.conf:
CVE_CHECK_MANIFEST_append = ".txt"
CVE_CHECK_RECIPE_FILE_append = ".txt"
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0d40f1482c6d87785ae47c46c2305e1df46f459a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Pull in the changes:
makewrappers: Fix glibc 2.33 fstatat usage issues
ports/linux: Add wrapper for fstatat/fstatat64 in glibc 2.33
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dfcb1c5eb2690046f96c2bb6724e091028ddc3ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Pull in:
ports/rename/renameat: Avoid race when renaming files
ports/unix: Add faccessat and faccessat2
ports/access.c: Use EACCES, not EPERM
which includes a fix for rename race issues causing pseudo aborts.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 330c232e4f756296331f9026e91ac26fd45f0315)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Update to a pseudo version which contains some heqader fixes for
glibc 2.33.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c897ac317926b132547578b1f6bd347fe5677dfc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
python3targetconfig append target python3 to dependencies
unconditionally, and here its inherited unconditionally too but
distutils3-base is inherited in BBCLASSEXTEND'ed recipes and other not-target
recipes as well. Hence the change added via 9c8f666097802cb594a759989edcf01603a22df3
is now bridging the native dependencies with target python3 and thats
resulting all sorts of rebuilds for multimachine builds e.g.
MACHINE=qemuarm bitbake python3-scons-native
MACHINE=qemumips bitbake python3-scons-native
results in rebuilds for python3-scons-native
bitbake-diffsigs shows
Hash for dependent task python/python3-scons-native_3.1.2.bb:do_populate_sysroot changed from 1cdb93193b416477df6faa137e83a967b433c7aa29033146b405153f73f36933 to 3cea1e7cbedd121ecb768fbc291cc4e4d7d3b5c0442897
0e3b97bd058d162065
Hash for dependent task python/python3-scons-native_3.1.2.bb:do_install changed from 8d6018fd03ffc6060a04532dc39a5b7ccca1be026a69d069cb4fb11aef86dd89 to c5f1d173596a8e910f45a2b6e0b4dab96cd0102be4d62bd3156
229cb0f5ebb11
Hash for dependent task python/python3-scons-native_3.1.2.bb:do_compile changed from e3ee4b52a15267e6ae7853ec19a666b2fb62608a597608793336382d1c45f8a0 to 1e582043dfe6b3e00aaa532f363ce6afb37652abe837dac
7cc9769194c43eae1
Hash for dependent task python/python3-scons-native_3.1.2.bb:do_configure changed from 770a4d5a77a96ebd9e1e7368f710bca3f88e3b1266dffa3b2d0360b1e3a81e27 to a366982778b03eee5165c3117ee778f848acdfaa2
b346650fbdf114ac70ab57b
Hash for dependent task python/python3-scons-native_3.1.2.bb:do_prepare_recipe_sysroot changed from 958910037856ff5d5eb2b5162b3cdd02a3a710fc543b933cfeba771ee095cb72 to 474333fb565f908992fd3716
4935aaecf31a79e867826fe634cde4f44171d8e7
Hash for dependent task python/python3_3.9.0.bb:do_populate_sysroot changed from 7ac1c4fcbb2eacf98d2c32d991751bd2f3c7d55e2e32f2c9e485e7f5975fecf8 to 25dcfe74a95af19cce8df7c29311cc5edbbf6ad
08777e46a6fa6e417c0445018
...
Therefore limit effects of this class only for target recipes.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Alexander Kanavin <alex.kanavin@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Cc: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c99bb79087e74a967286469e1d8888a546ebec83)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 38ecb83c444406b5157712d87aef3bbb320b45ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d3a81dd0e72a3495bfc7cc969c2bb806b666023d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c8f666097802cb594a759989edcf01603a22df3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dadf001c85938b831def8da5851a40dc0977e3d0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Setting _PYTHON_SYSCONFIGDATA_NAME in python3native class globally was
problematic as it was leaking into host python environment, which
was causing tracebacks depending on host distro and action
(typically anything involving importing sysconfig module).
The new class sets the variable only in specific tasks where it is needed,
and should be inherited explicitly:
- use python3native to run scripts with native python
- use python3targetconfig to run scripts with native python
if those scripts need to access target config data (such
as correct installation directories). This also adds a dependency
on target python, so should be used carefully to avoid lengthening builds.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5a118d4e7985fa88f04c3611f8db813f0dafce75)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
GCCv9 tree vectorization code is faulty and can cause random crashes at
runtime (when using -O3). Add the backported patch to address this
issue.
Signed-off-by: Jon Mason <jon.mason@arm.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
https://github.com/p11-glue/p11-kit/releases/tag/0.23.22
Release notes:
Fix memory-safety issues that affect the RPC protocol (CVE-2020-29361, CVE-2020-29362, and CVE-2020-29363), discovered and fixed by David Cook
anchor: Prefer persistent format when storing anchor [#329]
common: Fix infloop in p11_path_build [#326, #327]
proxy: C_CloseAllSessions: Make sure that calloc args are non-zero [#325]
common: Check for a NULL locale before freeing it [#321]
Build and test fixes [#313, #315, #317, #318, #319, #323, #330, #333, #334, #335, #338, #339]
https://github.com/p11-glue/p11-kit/commit/c4e75e10021ce86ab42682ea4936dce94ced2f77
patch to fix trailing newline using custom_target() caused error
with DISTRO_FEATURES api-documentation due to meson bugs, enable
manpages PACKAGECONFIG should prevent this error.
| warning: failed to load external entity "../version.xml"
| ../p11-kit-docs.xml:11: parser error : Failure to process entity version
| <releaseinfo>for p11-kit &version;</releaseinfo>
| ^
| ../p11-kit-docs.xml:11: parser error : Entity 'version' not defined
| <releaseinfo>for p11-kit &version;</releaseinfo>
| ^
| unable to parse ../p11-kit-docs.xml
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b112ba291835061640123c13784e2b33cc73f17d)
[0.23.x is an lts release, bug fix only update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e811db2f614500f16415fc09801f229968428e7)
[0.23.x is an lts release, bug fix only update]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Added below CVE:
CVE-2020-12825
Link: CVE-2020-12825 [https://gitlab.gnome.org/Archive/libcroco/-/commit/6eb257e5c731c691eb137fca94e916ca73941a5a]
Link: https://gitlab.gnome.org/Archive/libcroco/-/issues/8
Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f8cee7386c556e1c5adb07a0aee385642b7a5568)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Whitelisted below CVEs:
1. CVE-2018-12433
Link: https://security-tracker.debian.org/tracker/CVE-2018-12433
Link: https://nvd.nist.gov/vuln/detail/CVE-2018-12433
CVE-2018-12433 is marked disputed and ignored by NVD as it does
not impact crypt libraries for any distros and hence, can be safely
marked whitelisted.
2. CVE-2018-12438
Link: https://security-tracker.debian.org/tracker/CVE-2018-12438
Link: https://ubuntu.com/security/CVE-2018-12438
CVE-2018-12438 was reported for affecting openjdk crypt libraries
but there are no details available on which openjdk versions are
affected and does not directly affect libgcrypt or any specific
yocto distributions, hence, can be whitelisted.
Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2943efe3f56d394308f9364b439c25f6a7613288)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The original patch contained some text which shouldn't have been there
and used brackets in configure which isn't a great idea. Tweak the patch
to resolve this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63cbf187fe189c99645fe3afee8a6361a9a32cdc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
A build date was leaking into the generated docs and makefile used for
ptests leading to reproducibility issues each time the month changed.
Add a patch to use SOURCE_DATE_EPOCH to derive it if available.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6a9ca7aec4991eabd425e32fdf85f51bb1686b8b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
* gnu isn't compatible with --xattrs used e.g. here:
https://github.com/advancedtelematic/meta-updater/blob/d3a832f66e8802cb45536ff278d5c77f946d341d/classes/image_types_ostree.bbclass#L16
causing do_image_tar failing with:
| tar: --xattrs can be used only on POSIX archives
| Try 'tar --help' or 'tar --usage' for more information.
* https://www.gnu.org/software/tar/manual/html_chapter/tar_8.html
says about posix format:
This is the most flexible and feature-rich format.
It does not impose any restrictions on file sizes or file name lengths.
This format is quite recent, so not all tar implementations are able to handle it properly.
However, this format is designed in such a way that any tar implementation able to read `ustar'
archives will be able to read most `posix' archives as well, with the only exception that any
additional information (such as long file names etc.) will in such case be extracted as plain
text files along with the files it refers to.
This archive format will be the default format for future versions of GNU tar.
and:
The default format for GNU tar is defined at compilation time.
You may check it by running tar --help, and examining the last lines of its output.
Usually, GNU tar is configured to create archives in `gnu' format, however, future version will switch to `posix'.
* I've compared tar on centos7 and ubuntu-18.04:
bash-4.2$ cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)
bash-4.2$ tar --version
tar (GNU tar) 1.26
...
bash-4.2$ tar --help | tail -n 5
*This* tar defaults to:
--format=gnu -f- -b20 --quoting-style=escape --rmt-command=/etc/rmt
--rsh-command=/usr/bin/ssh
...
bitbake@e0ee76f81c2f:/$ grep VERSION /etc/os-release
VERSION="18.04.5 LTS (Bionic Beaver)"
VERSION_ID="18.04"
VERSION_CODENAME=bionic
bitbake@e0ee76f81c2f:/$ tar --version
tar (GNU tar) 1.29
...
bitbake@e0ee76f81c2f:/$ tar --help | tail -n 5
...
*This* tar defaults to:
--format=gnu -f- -b20 --quoting-style=escape --rmt-command=/usr/lib/tar/rmt
--rsh-command=/usr/bin/rsh
Both support posix format (as pax POSIX 1003.1-2001). But centos7 version is
already too old anyway, because it doesn't support --sort=name used since:
https://git.openembedded.org/openembedded-core/commit/?id=4fa68626bbcfd9795577e1426c27d00f4d9d1c17
and
https://git.openembedded.org/openembedded-core/commit/?id=f19e43dec63a86c200e04ba14393583588550380
says that 1.28 is the minium version now and
https://git.openembedded.org/openembedded-core/commit/?id=7a66434cf11b7f051699b774e4fccd6738351368
recommends to use install-buildtools for hosts with tar < 1.28
On the other side latest tumbleweed from:
https://hub.docker.com/r/opensuse/tumbleweed
with tar-1.33 alredy defaults to posix format:
b99dbb3d86dd:/ # head -n 3 /etc/os-release
NAME="openSUSE Tumbleweed"
ID="opensuse-tumbleweed"
b99dbb3d86dd:/ # tar --version
tar (GNU tar) 1.33
...
b99dbb3d86dd:/ # tar --help | tail -n 3
*This* tar defaults to:
--format=posix -f- -b20 --quoting-style=escape --rmt-command=/usr/bin/rmt
--rsh-command=/usr/bin/ssh
I've packaged some sample rootfs directory with both tars and the result is
identical (with --format=gnu as well as --format=posix).
with ubuntu:
tar --sort=name --format=gnu --numeric-owner -cf rootfs.ubuntu.gnu.tar -C rootfs .
tar --xattrs --xattrs-include=* --sort=name --format=posix --numeric-owner -cf rootfs.ubuntu.posix.tar -C rootfs .
tumbleweed:
tar --sort=name --format=gnu --numeric-owner -cf rootfs.tumbleweed.gnu.tar -C rootfs .
tar --xattrs --xattrs-include=* --sort=name --format=posix --numeric-owner -cf rootfs.tumbleweed.posix.tar -C rootfs .
centos7 (without --sort=name):
tar --format=gnu --numeric-owner -cf rootfs.centos7.gnu.tar -C rootfs .
tar --xattrs --xattrs-include=* --format=posix --numeric-owner -cf rootfs.centos7.posix.tar -C rootfs .
size is identical:
-rw-r--r-- 1 mjansa mjansa 2487480320 Feb 5 09:19 rootfs.ubuntu.gnu.tar
-rw-r--r-- 1 mjansa mjansa 2487480320 Feb 5 10:17 rootfs.centos7.gnu.tar
-rw-r--r-- 1 mjansa mjansa 2487480320 Feb 5 10:26 rootfs.tumbleweed.gnu.tar
-rw-r--r-- 1 mjansa mjansa 2579875840 Feb 5 10:15 rootfs.ubuntu.posix.tar
-rw-r--r-- 1 mjansa mjansa 2579875840 Feb 5 10:16 rootfs.centos7.posix.tar
-rw-r--r-- 1 mjansa mjansa 2579875840 Feb 5 10:26 rootfs.tumbleweed.posix.tar
but md5s aren't:
5e3880283379dd773ac054e20562fdea rootfs.centos7.gnu.tar
abeaf992c780aa780a27be01365d26f5 rootfs.centos7.posix.tar
0c6ee59d87ab56583293262de110bca4 rootfs.tumbleweed.gnu.tar
1555bc7276eaba924bf82a13a010fd6d rootfs.tumbleweed.posix.tar
553d802bba351e273191bd5b2a621b66 rootfs.ubuntu.gnu.tar
b6d7b43b30174686f6625ba3c7aefdc6 rootfs.ubuntu.posix.tar
diffoscope shows some differences when using gnu format:
$ diffoscope rootfs.tumbleweed.gnu.tar rootfs.ubuntu.gnu.tar
...
-00239890: 3030 3000 3030 3737 3637 0020 4b00 0000 000.007767. K...
+00239890: 3030 3000 3031 3135 3737 0020 4b00 0000 000.011577. K...
...
-00239900: 0075 7374 6172 2020 0000 0000 0000 0000 .ustar ........
+00239900: 0075 7374 6172 2020 0072 6f6f 7400 0000 .ustar .root...
...
-00239920: 0000 0000 0000 0000 0000 0000 0000 0000 ................
+00239920: 0000 0000 0000 0000 0072 6f6f 7400 0000 .........root...
with posix format there are also some differences shown by diffoscope:
$ diffoscope rootfs.tumbleweed.posix.tar rootfs.ubuntu.posix.tar
016a4c00: 2e2f 7573 722f 6269 6e2f 5061 7848 6561 ./usr/bin/PaxHea
-016a4c10: 6465 7273 2f63 6861 7474 722e 6532 6673 ders/chattr.e2fs
-016a4c20: 7072 6f67 7300 0000 0000 0000 0000 0000 progs...........
+016a4c10: 6465 7273 2e32 322f 6368 6174 7472 2e65 ders.22/chattr.e
+016a4c20: 3266 7370 726f 6773 0000 0000 0000 0000 2fsprogs........
...
03937000: 2e2f 7573 722f 6269 6e2f 5061 7848 6561 ./usr/bin/PaxHea
-03937010: 6465 7273 2f63 6f6e 7461 696e 6572 642d ders/containerd-
-03937020: 6374 7200 0000 0000 0000 0000 0000 0000 ctr.............
+03937010: 6465 7273 2e32 322f 636f 6e74 6169 6e65 ders.22/containe
+03937020: 7264 2d63 7472 0000 0000 0000 0000 0000 rd-ctr..........
so cannot really say which format is better for reproducible tar
archives from different distros, but posix at least supports xattrs
and it's the format for future.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ecea58f2a3382d9f4b410d6ad7089111334cb6f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
The tar output seems to vary depending on the version of tar used and distro
configuration. Be explict about the output format to avoid this and be
determinstic.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c56f3c9febc1732aa1302524c6c4da36f16bd1f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Final glibc 2.32 based uninative.
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8b5d932a42ce9e3e801837bea9cf319c455d9ae5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
existing test case test_permissions use Wic command as standalone
tools to create wic image and check that wic image for permissions.
add extra steps to the test case to also check against image build
using bitbake do_image_wic.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 551ce73a90757ba43501fe5cf9ac84a7b77de549)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Make sure that the permissions and username are respected when using all
the rootfs modifiers.
Add tests for change-directory command
Cc: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4aad9531df44d1b0637bd559161702ad86861b46)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
When IMAGE_FSTYPES contains more types than wic, it can happen than the
pseudo database is not flushed properly.
This can be solved by changing the order of when do_flush_pseudodb is
launched.
Yocto Bug: https://bugzilla.yoctoproject.org/show_bug.cgi?id=13898
Fixes: dde90a5dd2b2 ("wic: Fix multi images .wks with bitbake")
Signed-off-by: Ricardo Ribalda <ricardo@ribalda.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 445b0a9544b55735496bbb23dbff3399b3b9e9a4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
Thomas Viehweger
Joshua Watt
Yoann Congal
Vivien Didelot
Vivien Didelot
Richard Purdie
Teoh Jay Shen
Bruce Ashfield
Lee Chee Yang
Scott Murray
akuster
Chris Laplante
Khem Raj
Alexander Kanavin
Jon Mason
saloni
Martin Jansa
Michael Halstead
Ricardo Ribalda Delgado