mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-11 19:23:03 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,465 Commits 38 Branches 617 Tags
0d6ebaf8ff3232248ebf0e859cd09aefaee54a8a
Commit Graph

6134 Commits

Author SHA1 Message Date
Richard Purdie
fca4b3b106 pseudo: Add fcntl64 wrapper 
Add fcntl64 wrapper which hopefully fixes issues seen in findutils and the find
command in the libtool removal code when built with LFS compile flags on Gentoo.

(From OE-Core rev: c87d2dd8ec10d8164b0bff4307ea66f41b3360d4)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f26867fe4daec7299f59a82ae4a0d70cceb3e082)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-11-15 11:53:55 +00:00
Richard Purdie
a88380a4e2 pseudo: Add in ability to flush database with shutdown request 
Pulls in:
  pseudo_db: Flush DB if there is a shutdown request
  fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ (test fix)

(From OE-Core rev: 649333a0d1bd5be4d5fb8a494e06686e08d291be)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0882095d608ce3abbcc9814517434c21ea549063)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-11-15 11:53:55 +00:00
Steve Sakoman
e3fd874a5b python3-magic: add missing DEPENDS 
Since file-native is ASSUME_PROVIDED magic.mgc is not being staged.  As
a result diffoscope-native is failing with:

magic.MagicException: b'could not find any valid magic files!

Fix this by adding dependency on file-replacement-native

(From OE-Core rev: dcd8294f826f6e061cdd01c6c3594789ed46732e)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-11-15 11:53:55 +00:00
Mingli Yu
fe02ef170d python3-magic: add the missing rdepends 
Add the missing rdepends to fix below error:
 # python3
 [snip]
 >>> import magic
 [snip]
 ModuleNotFoundError: No module named 'ctypes'
 ModuleNotFoundError: No module named 'tempfile'

(From OE-Core rev: ba5562d34653fa6b5819dbc8ca80a42167c38c96)

Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 115791844124bdddfbaec9d75bb887ef35c41f20)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-11-15 11:53:55 +00:00
Steve Sakoman
07be05c698 meta: Add explict branch to git SRC_URIs, handle github url changes 
This update was made with the convert-scruri.py script in scripts/contrib

This script handles two emerging issues:

    1. There is uncertainty about the default branch name in git going forward.
    To try and cover the different possible outcomes, add branch names to all
    git:// and gitsm:// SRC_URI entries.

    2. Github are dropping support for git:// protocol fetching, so remap github
     urls as needed. For more details see:

    https://github.blog/2021-09-01-improving-git-protocol-security-github/

(From OE-Core rev: 827a805349f9732b2a5fa9184dc7922af36de327)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-11-11 10:54:32 +00:00
Richard Purdie
2ff0494ae9 git: Fix determinism issue 
(From OE-Core rev: 3b517d9e05d95c4a2ceb50f4bc07205f1b8f1e14)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9ae740939f8315c64fe7571f912404127a29dc89)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-11-03 11:18:56 +00:00
Richard Purdie
f706d3a2cb rpm: Deterministically set vendor macro entry 
On an aarch64 build host, vendor is found to be "unknown", on x86 systems
it is "pc". This filters through to the PLATFORM tag in target rpms.

We saw reproducibility test failures where the PLATFORM tags in noarch
rpms were changing depending upon which host built them. Forcing the
vendor value to a consistent one makes things deterministic.

(From OE-Core rev: b7dfe230b9b40145f43fa0bd42be82ae41a3ef3e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f6434075b2bdfc23c683d22281b674b1e6abde77)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-29 14:28:33 +01:00
Richard Purdie
6307f19fc4 python3: Add a fix for a make install race 
Add a fix for reproducibility issues where pyc files for python-config.py
may not always be generated.

(From OE-Core rev: 917f800368c6d452670d3ccf74057afae98013b0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d1c3a87c48b598b6e5624d0affe8bd89320631bf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:17 +01:00
Richard Purdie
97b5653585 libtool: Allow libtool-cross to reproduce 
The hostname removal from the script is useful to make libtool-cross
reproduce. Apply the patch everywhere as it doesn't cause any issues.

(From OE-Core rev: f1cc4b8d7503331f04d3f217ae67d0fd4cc483c5)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3c61c6f20187154d677085fc9ccdcd762d4cdf3a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:17 +01:00
Richard Purdie
4aa06e8622 libtool: Fix lto option passing for reproducible builds 
If lto is enabled, we need the prefix-map variables to be passed to the linker.
Add these to the list of options libtool passes through.

(From OE-Core rev: 3dcc84e37ce7e94e746304ee2a4437251af0ae41)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c26d2c00b47df856fb2d9c35486b135094d46ac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:17 +01:00
Hongxu Jia
54053aa472 nativesdk-pseudo: Fix to work with glibc 2.34 systems 
Since commit [df313aa810 pseudo: Fix to work with glibc 2.34
systems] applied, it fixed native only. And nativesdk has
the similar issue

Tweak library search order, make prebuilt lib ahead of recipe lib,
after apply the fix:
...
$ readelf -a lib/pseudo/lib64/libpseudo.so | grep 'Shared library'
 0x0000000000000001 (NEEDED)             Shared library: [libdl.so.2]
 0x0000000000000001 (NEEDED)             Shared library:[libpthread.so.0]
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
...

(From OE-Core rev: b7d269c84838f646b2915e7ff66d81db0bc16b9e)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d6d116b5db78645958ea30be3d0572e0f6d7bd92)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:17 +01:00
Richard Purdie
304b637670 pseudo: Update with fcntl and glibc 2.34 fixes 
Pull in the following changes:

* ports/linux/guts: Add closefrom support for glibc 2.34
* pseudo_client: Make msg static in pseudo_op_client
* ports/linux/guts: Add close_range wrapper for glibc 2.34
* pseudo_client: Do not pass null argument to pseudo_diag()
* test-openat: Consider device as well as inode number
* test: Add missing test-statx test case
* fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ

(From OE-Core rev: 63afcafef78f3d3b95c0d0c9746f9d627b6291c3)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 71b549924a7fa7973a8e03e11f3db45fdc29889d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:17 +01:00
Richard Purdie
847395f46d pseudo: Fix to work with glibc 2.34 systems 
The merge of libdl into libc in glibc 2.34 causes problems for pseudo. Add a fix
that works around this issue.

(From OE-Core rev: 449bb53b3ebfc838ba674c1c3a39407620103c8d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd3e46a043c81cd4d81731a0f691868d3c059742)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:17 +01:00
Khem Raj
5e2c22d7ee m4: Do not use SIGSTKSZ 
Fixes
../../m4-1.4.18/lib/c-stack.c:55:26: error: missing binary operator before token "("
   55 | #elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384
      |                          ^~~~~~~~

(From OE-Core rev: 6417148072640000b119a59aeb70e904ffa5e5d7)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 44ca8edd622782733d507e20a3d5ee9e44eb8be4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:17 +01:00
Steve Sakoman
e2c46b23d3 gcc: fix missing dependencies for selftests 
Building GCC with multiple make jobs appears to trigger a race condition.  The build fails with:

/bin/bash: TOPDIR/tmp/work/x86_64-linux/gcc-cross-i686/9.3.0-r0/gcc-9.3.0/build.x86_64-linux.i686-poky-linux/./gcc/xgcc: No such file or directory

(From OE-Core rev: 5690d18bb6a9a61a81ccd0bc28d1ace4181d1921)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:17 +01:00
Christian Eggers
ac19191a46 binutils: Fix a missing break in case statement 
This was missed during patch forward porting
its only effective when printing options

(From OE-Core rev: a4983b98782122e097c3597248f69db3e858c0d2)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:16 +01:00
Wang Mingyu
f21c479c3a e2fsprogs: upgrade 1.45.6 -> 1.45.7 
0001-fix-up-check-for-hardlinks-always-false-if-inode-0xF.patch
removed since it is included in 1.45.7

(From OE-Core rev: d4ec2802306b901d00bc88ea1452c21c00d0914f)

Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f51835e022731d1c0e8e18209e48f1a718048977)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:16 +01:00
Alexander Kanavin
7e71b01851 e2fsprogs: update to 1.45.6 
Drop backports, and also 0001-misc-create_inode.c-set-dir-s-mode-correctly.patch
as upstream code has been refactored.

(From OE-Core rev: 53947537ed5ab5f9fd213a6fb4295740b5a2ca6b)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit da9fec8592db913d13af3a936ab518e93496be3e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 23:14:16 +01:00
Stefano Babic
3d5a3e009a mtd-utils: upgrade 2.1.2 -> 2.1.3 
Drop also --enable-install-tests from configuration options because this
was removed in 2.1.3.

(cherry picked from commit c95c852b84f02f5e2ad5c575ab683bba0471f221)
(From OE-Core rev: 809b3a22a56d794c3ae5f82d4a4a6a5c889ed42e)

Signed-off-by: Stefano Babic <sbabic@denx.de>
CC: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
CC: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-07 15:10:33 +01:00
Richard Purdie
81dc02cb74 mtd-utils: upgrade 2.1.1 -> 2.1.2 
Drop backported patch.

(cherry picked from commit e38fd1ac331d824b2db94a7ae46026b111257e83)
(From OE-Core rev: 721a0e475d4ce5054a74e2a7408d49470264bd29)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-07 15:10:33 +01:00
Ranjitsinh Rathod
09ac522995 rpm: Handle proper return value to avoid major issues 
0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch changed
to avoid critical issues
Handled return values of getrlimit() and lzma_cputhreads() functions
to avoid unexpected behaviours like devide by zero and potential read
of uninitialized variable 'virtual_memory'
Upstream-Status: Pending [merge of multithreading patches to upstream]

(From OE-Core rev: ad080aadbc409c99511d602e0531952b96c06bbf)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5aae9c2cb464350bc443a0f60fd6602942e61f46)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-30 00:02:22 +01:00
Kai Kang
5d5ec38952 squashfs-tools: fix CVE-2021-40153 
Source: http://git.yoctoproject.org/poky.git
MR: 113126
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=hardknott&id=cfc17a7ab5d3b0d6354a7194b8c8746c501959d9
ChangeID: cfc17a7ab5
Description:

Backport patch to fix CVE-2021-40153, and remove version update in
unsquashfs.c for compatible.

CVE: CVE-2021-40153

Ref:
* https://security-tracker.debian.org/tracker/CVE-2021-40153

(From OE-Core rev: 09de4ef3f33540069a37e9fe6e13081984b77511)

(From OE-Core rev: 48303d1c93cfcadf80830d07597805cc41d5f7e9)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-30 00:02:22 +01:00
Sakib Sajal
acf57727fc qemu: fix CVE-2021-3682 
Source: https://git.yoctoproject.org/git/poky
MR: 112369
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?id=48960ce56265e9ec7ec352c0d0fcde6ed44569be
ChangeID: 799afc7adf3f2c915751744b618e38cccb01d854
Description:

(From OE-Core rev: e16cd155c5ef7cfe8b4d3a94485cb7b13fd95036)

(From OE-Core rev: f515c00c995b90a6d583f0e6162aa8fba8005a67)

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 48960ce562)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-30 00:02:22 +01:00
Armin Kuster
830f96a9c3 qemu: Security fix for CVE-2020-28916 
Source: qemu.org
MR: 107262
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a
ChangeID: 3024b894ab045c1a74ab2276359d5e599ec9e822
Description:

Affects qemu < 5.0.0

(From OE-Core rev: 55aa94e9185ecd93612c64cdd982a89d633284e2)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-30 00:02:22 +01:00
Armin Kuster
5b85cb6b51 qemu: Security fix for CVE-2020-27617 
Source: qemu.org
MR: 106462
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=7564bf7701f00214cdc8a678a9f7df765244def1
ChangeID: b9dc1b656c07d6a0aecaf7680ed33801bd5f6352
Description:

Affects qemu < 5.2.0

(From OE-Core rev: be31eb87299b883306c1823ad632d6ada237dc05)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-30 00:02:22 +01:00
Armin Kuster
81bb24c0f7 qemu: Security fix CVE-2020-12829 
Source: qemu.org
MR: 105490
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4
ChangeID: 6e222b766fc67c76cdc311d02cc47801992d0e66
Description:

Affect qemu < 5.0.0

(From OE-Core rev: 7cd5c38b6d078c22519ad6b6e89caa9c1aa5ecd4)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-30 00:02:22 +01:00
Armin Kuster
9bae357b12 go: Several Security fixes 
Source: golang.org
MR: 111958, 112390, 112393
Type: Security Fix
Disposition: Backport from https://github.com/golang/go.git
ChangeID: 662d021814f025b3d768a04864498486f94819a7
Description:

Affects < 1.16.5

Fixes:
CVE-2021-33196
CVE-2021-33197
CVE-2021-34558

(From OE-Core rev: 1eaac89b0384cc39ea489a3b7ea58eab6b23240b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-14 17:27:42 +01:00
Richard Purdie
7f73831fde go: Exclude CVE-2021-29923 from report list 
Upstream don't believe it is a signifiant real world issue and will only
fix in 1.17 onwards. Therefore exclude it from our reports.

https://github.com/golang/go/issues/30999#issuecomment-910470358

(From OE-Core rev: 9dfc6abbb83f8792fbfa1acb9c0fe4ab23872d8f)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-14 17:27:42 +01:00
Richard Purdie
6aa55dd279 flex: Add CVE-2019-6293 to exclusions for checks 
CVE is effectively disputed - yes there is stack exhaustion but no bug and it
is building the parser, not running it, effectively similar to a compiler ICE.
Upstream no plans to address and there is no security issue.

https://github.com/westes/flex/issues/414

(From OE-Core rev: b939b005b06be58a276d565f755ee2d8f3e5dfc1)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-14 17:27:42 +01:00
Andrej Valek
660de76134 mklibs-native: drop deprecated cpp17 exceptions 
gcc11 has -std=gnu++17 as default. Remove deprecated C++17 exceptions based
on http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html.

(From OE-Core rev: ef8b7946b4793db653ef7dd716e1d3f919a84725)

Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Alexander Kanavin
3e75c5d0b4 tcf-agent: fetching over git:// no longer works 
(From OE-Core rev: 419503134b76abeb57727259f846a2394dc73ea5)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 44a6cd03721b51cbb4e05870375fa347527b0db5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Armin Kuster
b06370cc2d binutils: Security fix for CVE-2020-16593 
Source:  https://sourceware.org/git/binutils-gdb.git
MR: 112801
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729
ChangeID: 470b309f4859eecdcc837add2bf756484ad94ee5
Description:

Fixed up for 2.34 context

(From OE-Core rev: bcaa13d8888416b01f0f590d9dab2bd736d1e8a8)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Armin Kuster
50204d091b binutils: Security fix for CVE-2021-3549 
Source: git://sourceware.org/binutils-gdb.git
MR: 111523
Type: Security Fix
Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7
ChangeID: 2d3161f601852eb8f9a9ca982c6b0cd44e036bc6
Description:

Affects <= 2.36

Fixup Changelog to apply to dunfel context.

(From OE-Core rev: 3cb2e144f8b74f9d78d93ba15e2d66e432462860)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Ranjitsinh Rathod
420d5551b2 rpm: Add fix for CVE-2021-20266 
Adding fix for CVE-2021-20266
Upstream-Status: Backport [9646711891]

Note: Hunk#2 and Hunk#3 refreshed to apply patch and match value of
dl_max variable to make it with current version
All Hunks are refreshed to solve patch-fuzz

(From OE-Core rev: 6c16aad7167eb98bc9995486f967431c39f9df15)

Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Sakib Sajal
6bcc4029d4 qemu: fix CVE-2021-3608 
Source: http://git.yoctoproject.org/cgit/poky.git
MR: 112749
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=f5e77d70e2eb35751f5bad5572b6eb8a3ab14422
ChangeID: 4496341da3af9126c9c67170e1a2cce929c29828
Description:

(From OE-Core rev: 5e05ee8ff363eac84edec568039b86bcd716c6ce)

(From OE-Core rev: f8d34ef74dafcf14e07f9322254465d03490bd60)

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f5e77d70e2)
[Refreshed patch]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Sakib Sajal
4d8b5c4d70 qemu: fix CVE-2021-3607 
Source: http://git.yoctoproject.org/cgit/poky.git
MR: 112749
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=460485d774480cd89cadf3b068f5197f44d86f25
ChangeID: 4e40dee2e6ce0b5b4de971f2c2b336929e7f22c3
Description:

(From OE-Core rev: 764bca67650da9df439527796879dda767c8c008)

(From OE-Core rev: cc541da4d67a9afa86a6ac37d5470d4dc77ea922)

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 460485d774)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Sakib Sajal
f63635a30d qemu: fix CVE-2021-3582 
Source: http://git.yoctoproject.org/cgit/poky.git
MR: 112743
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=e11384737ed489ea02800d545432b9ded82bf1bb
ChangeID: a2ff7112354349e8cf8960f30499f61e545d7f8e
Description:

(From OE-Core rev: fb2634922db91e5b877dd10021dafec7b5c6e565)

(From OE-Core rev: 942d936524d3948d74c7240038ce81d859f68cab)

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e11384737e)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Lee Chee Yang
d56b8f6f76 qemu: fix CVE-2021-3527 
Source: http://git.yoctoproject.org/cgit/poky.git
MR: 111827
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=45e06a2e02cb01540d3970bd8ab5771014a031f9
ChangeID: 33bb20f503888abc346ae1a6f590f57ebdd0f1f9
Description:

(cherry picked from commit 6774efd1e3d0bd5c8c34f84dcf4f698d7eafb36a)
(From OE-Core rev: fcbcd27a1c97668af9634143376f75ab32fffd68)

(From OE-Core rev: 1c7e9099b5f417a7e7664ce3572b2098e2ebbbf7)

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 45e06a2e02)
[Fixup for Dunfell context]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Armin Kuster
189108ac74 qemu: Security fixes CVE-2021-3545/6 
Source: qemu.org
MR: 111845, 111839
Type: Security Fix
Disposition: Backport from https://gitlab.com/qemu-project/qemu/-/commit/9f22893a & 121841b2
ChangeID: 111b168e0fe4d2a722158c6bfdaceb06a8789e69
Description:

Fixes: CVE-2021-3545 and CVE-2021-3546

(From OE-Core rev: e066967a306292cd0ce5ef2cd5aa0ee80fde1041)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Armin Kuster
0d253da720 qemu: Security fix CVE-2021-3544 
Source: qemu.org
MR: 111833
Type: Security Fix
Disposition: Backport from 86dd8fac..63736af5
ChangeID: 7f301e939cf9d1fdb826ac47d1fc96430086a68e
Description:

https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac
https://gitlab.com/qemu-project/qemu/-/commit/b9f79858
https://gitlab.com/qemu-project/qemu/-/commit/b7afebcf
Tweeked the above patches as vhost-user-gpu.c does not exist.

https://gitlab.com/qemu-project/qemu/-/commit/f6091d86
https://gitlab.com/qemu-project/qemu/-/commit/63736af5

(From OE-Core rev: eca0abf120709fab20da1a2c190d04191733f5ed)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Sakib Sajal
4ed9972582 qemu: fix CVE-2021-20257 
Source: https://git.yoctoproject.org/git/poky
MR: 110290
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=5c1a29e6deec8f92ac43363bd72439aec7e27721
ChangeID: 7f301e939cf9d1fdb826ac47d1fc96430086a68e
Description:

(From OE-Core rev: 5b66ff7972951db973d12f3dae6ccecf3bc29e56)

(From OE-Core rev: 1317053b23e1a4c1e5c7331a97f248e042415bea)

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 547ac986a74cfcae39b691ebb92aadc8436443ea)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5c1a29e6de)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Sakib Sajal
4bd52d64c9 qemu: fix CVE-2021-3416 
Source: poky.org
MR: 109686
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=381aebe82f1f6fcc26b47966bc8520dbb1476961
ChangeID: 50b1589249cc3c595d224e3a8347da2b54339ef8
Description:

Drop CVE-2021-3416_4.patch as hw/net/msf2-emac.c does not exist in 4.2.0

(From OE-Core rev: 7a3ce8a79a6c682e1b38f757eb68534e0ce5589d)

(From OE-Core rev: 44bb99fdd1a7eee78078f7d48b9b8aad729f84ec)

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e2b5bc11d1b26b73b62e1a63cb75572793282dcb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 381aebe82f)
[Drop CVE-2021-3416_4.patch, affected file does not exist in 4.2.0]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Sakib Sajal
474c37c17e qemu: fix CVE-2021-20181 
Source: Poky.org
MR: 111631
Type: Security Fix
Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=53390d2261d2d35cdd637cf12a0fb4dc63f0f88c
ChangeID: 0c660a9ef3637d847c0880283df05d8696221308
Description:

(From OE-Core rev: a993a379bb490efbbf507f5dccda5ab358e8afea)

(From OE-Core rev: 743fc49c98361baaa9ca9414bfe21220b63dbdca)

Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c2f79065ef0684f2c0bdb92f1b03e690ab730b8c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 53390d2261)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Armin Kuster
f721d78703 qemu: Security fix CVE-2021-20221 
Source: Qemu.org
MR: 111643
Type: Security Fix
Disposition: Backport from edfe2eb436
ChangeID: b3ca1aa4b772a5f27f327250c5b0b988375c86a9
Description:

(From OE-Core rev: 4adf675e3d4ccdcee055a3c4b539f4ddc15b033d)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Armin Kuster
b3bf5ccd83 qemu: Security fix for CVE-2020-29443 
Source: Qemu.org
MR: 109315
Type: Security Fix
Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6
ChangeID: c0296e285169cc937cc9758c9d84ac690297ee54
Description:

(From OE-Core rev: 1765005f73303d9857f9fde93efb1cc8534964f1)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:09 +01:00
Armin Kuster
c00a882bd6 Qemu: Security fix for CVE-2020-25625/2021-3409/2020-17380 
Source: Qemu.org
MR: 105781, 109964, 108621
Type: Security Fix
Disposition: Backport from https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
ChangeID: 0acf082885e7ab3ac2fb41d6e503449869dd46a8
Description:

This address:
CVE-2020-25625
and its two fixes address an incomplete fix for CVE-2020-25625
CVE-2021-3409
CVE-2020-17380

(From OE-Core rev: 721a14f13005dc0b5bddaac131c444b97be700a8)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:08 +01:00
Armin Kuster
ea562eaec5 qemu: Security fix CVE-2020-25624 
Source: qemu.org
MR: 106958
Type: Security Fix
Disposition: Backport from qemu.org
ChangeID: 9d0c21c4ff5dc12ba623685cd7ae4d4bc294f519
Description:

(From OE-Core rev: 853f4a4755d053cc4defa65cda5e317e3e28bc3f)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:08 +01:00
Armin Kuster
e142f4ebfb qemu: Security fix CVE-2020-25085 
Source: qemu.org
MR: 105773
Type: Security Fix
Disposition: Backport from https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
ChangeID: 77c8a9e75b94da3c03c64c95d9e6ab9d45037572
Description:

(From OE-Core rev: 6b4c58a31ec11e557d40c31f2532985dd53e61eb)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-09-01 16:27:08 +01:00
Purushottam Choudhary
9716a47c53 python3: Remove unused python3 recipe 
Currently in dunfell branch python3 version is 3.8.11.
so, python3_3.8.10.bb is not needed.
Hence, removed.

(From OE-Core rev: 2b44de6e7b3e02b78e2b09294ac37799ad4cfadb)

Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-08-26 08:32:18 +01:00
Ross Burton
0ca4b99162 e2fsprogs: ensure small images have 256-byte inodes 
e2fsprogs calls filesystems larger than 3MB but smaller than 512MB
"small", which has some implications:

- blocksize 1024 instead of 4096
- inode_ratio 4096 instead of 16384
- inode_size 128 instead of 256

The outcome of the inode size dropping to 128 bytes is that they cannot
store 64-bit timestamps, so are not Y2038-safe.

A previous attempt to solve this problem[1] changed some of the canned
wic files to pass -T default to mkfs.ext4, but this only covered wic
images and not traditional images.  Also, actually small filesystems,
for example a core-image-minimal, will happily be tens of megabytes and
with the "default" options will result in an image which runs out of
blocks before it runs out of space:

mkfs.ext4: Could not allocate block in ext2 filesystem while populating file system

Considering that many OpenEmbedded images are in fact "small", being
2038-safe is worth the marginal increase is disk usage.  This patch
alters the small configuration in native builds so that it also has
256-byte inodes.  Target is unchanged so that standard behaviour is
maintained outside of the build.

This is actually the same underlying patch that Mathieu Dubois-Briand
sent in April, but the wic change in [1] was accepted instead. I believe
that is the wrong approach and this approach covers more cases.

[ YOCTO #14478 ]

[1] openembedded-core eecbe62
[2] https://lists.openembedded.org/g/openembedded-core/message/150298

(From OE-Core rev: 98fbb9452aa762e61032a0836e5d732f206e3836)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9ab0ae83a24ee99e69f8ac54256b253a122aef8a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-08-18 18:00:19 +01:00