A vulnerability, which was classified as problematic, has been found in GNU elfutils
0.192. This issue affects the function gelf_getsymshndx of the file strip.c of the
component eu-strip. The manipulation leads to denial of service. The attack needs to
be approached locally. The exploit has been disclosed to the public and may be used.
The identifier of the patch is fbf1df9ca286de3323ae541973b08449f8d03aba. It is
recommended to apply a patch to fix this issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-1377
Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=fbf1df9ca286de3323ae541973b08449f8d03aba
(From OE-Core rev: ae89d0c2ca49c40429f787577d280b5886f42cc1)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability classified as problematic was found in GNU elfutils 0.192. This
vulnerability affects the function elf_strptr in the library /libelf/elf_strptr.c
of the component eu-strip. The manipulation leads to denial of service. It is
possible to launch the attack on the local host. The complexity of an attack is
rather high. The exploitation appears to be difficult. The exploit has been
disclosed to the public and may be used. The name of the patch is
b16f441cca0a4841050e3215a9f120a6d8aea918. It is recommended to apply a patch to
fix this issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-1376
Upstream patch:
https://sourceware.org/git/?p=elfutils.git;a=commit;h=b16f441cca0a4841050e3215a9f120a6d8aea918
(From OE-Core rev: 06e3cd0891f553b0ed036d9247dfa7c5ed814d78)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixes a build issue seen with latest gcc trunk.
Fixes
| ../../elfutils-0.189/tests/elfstrmerge.c: In function 'main':
| ../../elfutils-0.189/tests/elfstrmerge.c:450:32: error: 'calloc' sizes specified with 'sizeof' in the earlier argument and not in the later argument [-Werror=calloc-transposed-args]
| 450 | newscnbufs = calloc (sizeof (void *), newshnums);
| | ^~~~
| ../../elfutils-0.189/tests/elfstrmerge.c:450:32: note: earlier argument should specify number of elements, later size of each element
| cc1: all warnings being treated as errors
(From OE-Core rev: 3817ac3130e8858b3445872ff74b39c21969822a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update license information for overall package, package libraries, and
package utilities in the recipe to match the license information as
described on the upstream website [1]:
"License. The libraries and backends are dual GPLv2+/LGPLv3+. The
utilities are GPLv3+."
[1] https://sourceware.org/elfutils
(From OE-Core rev: c0728805f24cbd6a788871ae54af4ec8307e40d4)
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enabling minidebuginfo is not useful if gdb and systemd-coredump
are unable to parse it.
In order to parse it, gdb needs xz support. Systemd needs coredump enabled, as
well as elfutil enabled as well (systemd-coredump loads libdw which is part of elfutils using dlopen).
(From OE-Core rev: 0d2df803bebfd7e832ab7da54c4dacaaeeb424a9)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
this ensures a gnu compatible error APIs are made available, the patch
to workaround this is no longer needed.
(From OE-Core rev: 07b17f387dd70f25adb2f3159c64707bfa3291f5)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bunzip2 is only detected/needed for "make check" tests however if left floating,
the generated makefiles used in the ptests are not deterministic. Force a value
to avoid this.
[YOCTO #15209]
(From OE-Core rev: d614359556529b9d226a8636b467d00425c42c87)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Refresh the following patch.
0015-config-eu.am-do-not-use-Werror.patch
Remove the following patches as they have been fixed in the new version.
0001-PR29926-debuginfod-Fix-usage-of-deprecated-CURLINFO_.patch
0002-debuginfod-client-Use-CURLOPT_PROTOCOLS_STR-for-libc.patch
changelog:
Version 0.189 "Don't deflate!"
configure: eu-nm, eu-addr2line and eu-stack can provide demangled symbols
when linked with libstdc++. Use --disable-demangler to disable.
A new option --enable-sanitize-memory has been added for msan
sanitizer support.
libelf: elf_compress now supports ELFCOMPRESS_ZSTD when build against
libzstd
libdwfl: dwfl_module_return_value_location now returns 0 (no return type)
for DIEs that point to a DW_TAG_unspecified_type.
elfcompress: -t, --type= now support zstd if libelf has been build with
ELFCOMPRESS_ZSTD support.
backends: Add support for LoongArch and Synopsys ARCv2 processors.
(From OE-Core rev: 918cff06ac52f265428e97307fff9d2b381b1302)
Signed-off-by: Zang Ruochen <zangruochen@loongson.cn>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The curl-related deprecation errors affect all builds not just native,
so set CFLAGS instead of BUILD_CFLAGS.
(From OE-Core rev: 64ddce0cdbda4efe65f59a04ecb999e9fd3f82a4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The recent change enabling parallel make for ptest compile/install caused
autobuilder failures in these two recipes. Disable parallel make here
for now until someone can debug the race and get it fixed (preferably
upstream).
(From OE-Core rev: 12755e3e771eb2f1628e2b3dd7138c8766973d82)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some distributions shipping gcc12 end up with stringop-overflow warnings
e.g.
/usr/include/bits/unistd.h:74:10: error: ‘__pread_alias’ specified size between 9223372036854775813 and 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Werror=stringop-overflow=]
74 | return __glibc_fortify (pread, __nbytes, sizeof (char),
| ^~~~~~~~~~~~~~~
Until fixed, lets not treat this warning as hard error
(From OE-Core rev: bb76fe2baf00b0874d221445c9fba4481740024f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In commit ceda3238 (meta/meta-selftest/meta-skeleton: Update LICENSE
variable to use SPDX license identifiers) all LICENSE variables were
updated to only use SPDX license identifiers.
This does the same for comments and other variables where it is
appropriate to use the official SPDX license identifiers. There are
still references to, e.g., "GPLv3", but they are then typically in
descriptive text where they refer to the license in a generic sense.
(From OE-Core rev: 165759dced7fbe73b1db2ede67047896071dc6d0)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As that's what upstream prefers.
(From OE-Core rev: 5a6cd9cc1b9d8fd3607f3df311accb483d2989a3)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop glibc-2.34-fix.patch merged upstream.
Rework support for error() on non-glibc targets:
upstream now provides its own implementation, so we can drop
the patch that adds ours; said implementation isn't
build-tested with tests, so ptest has to be disabled on musl.
This, in turns, allows dropping 0004-Fix-error-on-musl.patch.
License-Update: copyright years
(From OE-Core rev: 9c51ae20c0e4c0d3e7161fc6b51fca078dbf014a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
At this point the hash equivalence and sstate is 'junk' on the autobuilder
unforuntately due to the volume of fixes and also the volume of slighly
not quite right patches tested during the development of the fixes.
In order to try and help any remaining sanity I might have, bump the
version numbers to start with a clean slate so we're working from a known
good baseline rather than risk chasing phantom issues. For those
upgrading, there wouldn't be much reuse anyway after the changes.
(From OE-Core rev: be32692c627a14509de5eb3834e7321c3c5faf25)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The elfutils ptests require debug symbols for the libc to be available, else
we see failures such as those on the autobuilder for the fast ptest image
on arm (the dbg symbols are pulled in by other recipes in other images).
Also fix various test skips/error messages due to missing gcc/ld and
development headers.
(From OE-Core rev: 41ecc76c7fab8f9805d3271255bcd027d87298bb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ensure builds as deterministic by covering all compression configuration
options.
(From OE-Core rev: c78224b8546aa8d6bd238c2516c445b80de4c205)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a patch being discussed upstream to fix a ptest issue with glibc 2.34.
(From OE-Core rev: 8921f2acfd566d2c03cea7bdb9f0b1883994148b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Obtaining debug information by having it served automatically via http
is far more pleasant than messing about with debugfs and gdbserver or
transferring and installing -dbg packages by hand.
I believe we should follow the desktop distros and have it enabled
out of the box. Please see the following commit for the description
of how it works.
(From OE-Core rev: 024c88c82791a113b614abf61ffd82e097bf21d1)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Apply it always since more than x32 needs it
(From OE-Core rev: faf5034876c319aa51d6b3e21265d0984566bb9e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The standard macros from gettext for iconv include problematic tests which
we've been patching out adhoc. Stop doing this and set results in the site
files instead which is simpler, more maintainable and peforms better too
as an added bonus.
(From OE-Core rev: 5a3bfdc4af18302cf0e3ea5802fdfefaa7235657)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop 0001-ppc_initreg.c-Incliude-asm-ptrace.h-for-pt_regs-defi.patch
Drop 0001-musl-obstack-fts.patch
(upstream has fixed the issues).
Drop a few other chunks where upstream has fixed the issues
or removed the code being patched.
Adjust ptests to pass again.
(From OE-Core rev: d358212bb557c99b266a0022ce973782c8c4d260)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
(From OE-Core rev: bb05814335e7101bfd8df0a11dc18a044e867bed)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
debuginfod scanner 0.182 could only support/scan RPM and .debs, add
support to scan .ipk as well (they're effectively debs).
[YOCTO #13807]
(From OE-Core rev: d9913c3d7da01d5bbe84728e9cb7701669362e2b)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removed the config option that disabled debuginfod and
changed it to a PACKAGECONFIG.
[YOCTO #13807]
(From OE-Core rev: a970ba050db606ee646ca155031d47bcd9a9ab8c)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
