| Age | Commit message (Collapse) | Author |
|---|
|
An XML parser (either libxml2, or expat) is only needed by libarchive to
read/write XAR archives. However, these also need OpenSSL enabled which
by default it is not, so XAR files were disabled and libxml2 was a build
dependency for no reason.
As XAR archives are mainly used on macOS, we can remove libxml2.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The CVE is in the jpeg sources included with ghostscript. We use our own
external jpeg library so this doesn't affect us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We use the SUSE mirror of xinetd. The CVE fix was added to the main repo
after the latest release but is included in the version from the SUSE repo.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Issue applies to use of cpio in SUSE/OBS, doesn't apply to us.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch mentioned as the fix for the CVE is applied to the 6.0 source
code. Zip versioning makes CPE entry changes hard.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These CVEs apply to the way logrotate was installed on Gentoo, Debian
and SUSE, exclude from cve-check as they don't apply to OE.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make sure help2man output is reproducible. Fixes:
| .\"·DO·NOT·MODIFY·THIS·FILE!··It·was·generated·by·help2man·1.022. .\"·DO·NOT·MODIFY·THIS·FILE!··It·was·generated·by·help2man·1.022.
| .TH·FSG·"1"·"April·2021"·"FSG·lsb_release·v1.4"·FSG .TH·FSG·"1"·"May·2021"·"FSG·lsb_release·v1.4"·FSG
| .SH·NAME 3 .SH·NAME
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
tst-pam_start_confdir needs a file called confdir and it should reside
in directory pointed by srcdir env variable, therefore copy confdir into
ptest package and export srcdir before running the ptests
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These files are used by this ptest case
103,108d102
< cat: ../y.tab.c: No such file or directory
< cmp: ../y.tab.c: No such file or directory
< cat: /usr/lib/bash/ptest/config.h: No such file or directory
< cmp: /usr/lib/bash/ptest/config.h: No such file or directory
< cat: /usr/lib/bash/ptest/version.h: No such file or directory
< cmp: /usr/lib/bash/ptest/version.h: No such file or directory
FAIL: run-heredoc
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ffile-prefix-map is also needed for reproduble builds and when
introduced can be handled
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
MUSL related build fixes are not going to be upstreamed. They just not
compile broken files, thus replace them with upstream solution for CI:
just deleting files for musl (easier to maintain).
Signed-off-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Build with bitbake default optimizations, e.g. O2,
instead of custom O3. Reduces unzip binary package
size from 304401 to 283921 bytes, and enables building
with Os to even further reduce binary size if needed
and configured for the whole system.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Disable it by default
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
grap2graph which converts a GRAP diagram into a cropped image fails
to run as below:
$ grap2graph
/usr/bin/grap2graph: line 89: convert: command not found
/usr/bin/grap2graph: warning: falling back to old '-crop 0x0' trim method
/usr/bin/grap2graph: line 104: convert: command not found
/usr/bin/grap2graph: line 103: grap: command not found
Considering we don't often need to convert a GRAP diagram into
a cropped image and the recipe ImageMagick which provides convert
command is in meta-oe layer, so don't ship the related files to
avoid the confusion about the above run time error.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently the headers are not installed and the ltp-dev package is
empty.
This patch adds an include-install make target in the do_install step to
install them in sysroot which ends up as a working ltp-dev package.
Signed-off-by: Jonas Höppner <jonas.hoeppner@garz-fricke.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
>From go 1.16, module-aware mode is enabled by default, regardless of
whether a go.mod file is present in the current working directory or a
parent directory.
Above change makes go-helloworld build fail when doing offline build or
proxy.golang.org is not accessible.
This fix is kind of workaround, as from go1.17, GOPATH mode will be
dropped, and GO111MODULE is ignored.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dropped patch supserseded by https://github.com/asciidoc-py/asciidoc-py/pull/172
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE_VERSION_SUFFIX in "patch" to treat version string with suffix "pX"
or "patchX" as patched release.
also update testcases to cover this changes and set CVE_VERSION_SUFFIX
for sudo.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Shave fuzz off the Makefile-sort-all-wildcard-file-list-expansions patch
CHANGELOG:
v1.4.9 (Mar 1, 2021)
bug: Use `umask()` to Constrain Created File Permissions (#2495, @felixhandte)
bug: Make Simple Single-Pass Functions Ignore Advanced Parameters (#2498, @terrelln)
api: Add (De)Compression Tracing Functionality (#2482, @terrelln)
api: Support References to Multiple DDicts (#2446, @senhuang42)
api: Add Function to Generate Skippable Frame (#2439, @senhuang42)
perf: New Algorithms for the Long Distance Matcher (#2483, @mpu)
perf: Performance Improvements for Long Distance Matcher (#2464, @mpu)
perf: Don't Shrink Window Log when Streaming with a Dictionary (#2451, @terrelln)
cli: Fix `--output-dir-mirror`'s Rejection of `..`-Containing Paths (#2512, @felixhandte)
cli: Allow Input From Console When `-f`/`--force` is Passed (#2466, @felixhandte)
cli: Improve Help Message (#2500, @senhuang42)
tests: Remove Flaky Tests (#2455, #2486, #2445, @Cyan4973)
tests: Correctly Invoke md5 Utility on NetBSD (#2492, @niacat)
tests: Avoid Using `stat -c` on NetBSD (#2513, @felixhandte)
build: Zstd CLI Can Now be Linked to Dynamic `libzstd` (#2457, #2454 @Cyan4973)
build: Hide and Avoid Using Static-Only Symbols (#2501, #2504, @skitt)
build: CMake: Enable Only C for lib/ and programs/ Projects (#2498, @concatime)
build: CMake: Use `configure_file()` to Create the `.pc` File (#2462, @lazka)
build: Fix Fuzzer Compiler Detection & Update UBSAN Flags (#2503, @terrelln)
build: Add Guards for `_LARGEFILE_SOURCE` and `_LARGEFILE64_SOURCE` (#2444, @indygreg)
build: Improve `zlibwrapper` Makefile (#2437, @Cyan4973)
contrib: Add `recover_directory` Program (#2473, @terrelln)
doc: Change License Year to 2021 (#2452 & #2465, @terrelln & @senhuang42)
doc: Fix Typos (#2459, @ThomasWaldmann)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Replace the libswapon reproducibility workaround with the solution
preferred by upstream.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There was still a remaining issue with reporoducibility based upon the
make version from the host system. Some versions added whitespace for
XXX+=<tab> (e.g. 4.1) and some versions do not (e.g. 4.3).
Replace the determinism patches with those submitted upstream both
for this issue and the previous one.
The LC_ALL setting for sort is dropped as it didn't fix an issue as hoped.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Further issues were highlighted by autobuilder testing, extend the second patch
to cover them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This CVE is about TOCTOU (time-of-check time-of-use)
race condition when copying and removing directory trees
which had very low severity problem and marked as closed
and won't fix. Therefore whitelisted CVE-2013-4235.
Master, gatesgarth and dunfell all have shadow version 4.81.
Hence, this is applicable for master, gatesgarth and dunfell.
Link: https://bugzilla.redhat.com/show_bug.cgi?id=884658
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After the other fixes there remained occasional problems. Fix another makefile
sorting problem affecting the disktest binary.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a patch adding sorting to a couple of points in the Makefiles
which removes most of the determinism issues in ltp.
Build swapon before the main build to ensure libswapon.o is built
deterministically as it races with swapoff.
All issues reported on the upstream mailing list.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add libcap-native to libcap PACKAGECONFIG making native setcap available
during the build. This assures its availability during install and prevents
meson from searching absolute paths and the resulting possible host
contamination.
Move -DNO_SETCAP_OR_SUID=true to the libcap PACKAGECONFIG negative case
This will prevent possible non-determinism for the setuid case.
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We don't use tbe BUILDINFO line of host information in the Makefile
so remove it for reproducibility.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The default in sysklogd 2.x is to open listening network sockets,
unlike sysklogd 1.5 where the default was the opposite.
This is contrary to a "secure by default" design, so set up the
init script to pass the -ss option to prevent syslogd from opening
any network sockets. It can be overridden in /etc/default/syslogd.
Signed-off-by: Diego Santa Cruz <Diego.SantaCruz@spinetix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A buffer (read) overflow in the ippReadIO function.
References:
https://nvd.nist.gov/vuln/detail/CVE-2020-10001
Upstream patches:
https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
configure inspects the host's /etc/group for these configuration
options, fix this to the correct values by using configure options.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream has renamed the "master" branch to "main".
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Ross Burton
Richard Purdie
Alexander Kanavin
Anuj Mittal
Khem Raj
wangmy
Petr Vorel
Mikko Rapeli
zhengruoqin
Changqing Li
Mingli Yu
Jonas Höppner
zhengruoqin
Lee Chee Yang
Wang Mingyu
Randy MacLeod
Dorinda
Purushottam Choudhary
Jate Sujjavanich
Diego Santa Cruz
Stefan Ghinea
Peter Kjellerstedt