Testing IMAGE_FEATURES from component recipes cannot possibly work;
adjusting the test to soft-fail if needed items are not available
is not trivial, so let's just skip unconditionally for now.
(From OE-Core rev: 68b816cb90badddd0aafa2a5c6633e000cb21a21)
(From OE-Core rev: 0bb221206c55564fd5cfe1d2452a6abe5e86d2c3)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 01b41f7deed48b33b35c84e32ef55de3e63b9bc1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Making ptest images based on core-image-minimal uncovered quite a
few missing depenendcies from various recipes, here they are.
(From OE-Core rev: 2cda6242f2f0f6f9c6bdef72bbb271eab7e5e1f5)
(From OE-Core rev: 9423ad8f0f42d249c2fcb1b86ec9abb75854f011)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport to Python 3.8.10 (only python3 portion of patch)
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Causes build failures on autobuilder
This reverts commit 8a59c47ce4c101b2470a06ecf101ca5ab7d1f82e.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before
3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable
to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by
using a vector called parameter cloaking. When the attacker can separate query
parameters using a semicolon (;), they can cause a difference in the
interpretation of the request between the proxy (running with default
configuration) and the server. This can result in malicious requests being
cached as completely safe ones, as the proxy would usually not see the
semicolon as a separator, and therefore would not include it in a cache key of
an unkeyed parameter.
References:
https://nvd.nist.gov/vuln/detail/CVE-2021-23336https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23336
(From OE-Core rev: 8a59c47ce4c101b2470a06ecf101ca5ab7d1f82e)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Tim Orling <timothy.t.orling@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The git repo for pkg-config was changed, so update the
SRC_URI accordingly with the new link.
(From OE-Core rev: 9f67246e62aa9e8b0c4a790605c5417336fef70c)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9fd1b9b8282d68213b187ab42fae27e6a3c95b2e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On some new distro like ubuntu21.04, unfs3-native compile failed with
error: undefined reference to `xdr_uint32', since new distro has new
glibc.
>From glibc 2.27 rpc support is dropped, so unfs3 need to link to
libtirpc.
Here is defination of ac_link:
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
Depended library should be added into LIBS, not LDFLAGS, otherwise,
gcc may not load the lib since it is before conftest.$ac_ext during
configure. Finally, it results in compile failed.
(From OE-Core rev: 09b9027a9da8b5cf34e1f1c016d9d6bbbe904dcf)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 27867862c1fee6c0e649286500fa1ab015d57faf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
runtest return an error due to missing expect on the target.
Add expect as runtime dependency.
(From OE-Core rev: 381a5f3e409504b2a31710d971eef58346339ae4)
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d9a3a08edc1efcbe7b02e80be98370792d3c6cc2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE is non-specific and depends on the users of jquery, doesn't
make sense to have this flagged against jquery as there is nothing we can
do about it.
(From OE-Core rev: d18ba3735ff3438ebd60b680e6bae5227c85bccb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1f82843584f6d2843c5bbd2fe5dcbc654a0fbcfb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The issues were investigated and found not to be an issue therefore
exclude from checks.
(From OE-Core rev: 05f39301ab19a968916163b2d8f65beda7c09852)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ee6ee9bd489c126b99d15c1011560df2f840a6e9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE applies to the built-in VNC server but we don't enable this by default.
(From OE-Core rev: f0e0787265d9d8bd01629f2b56a0eb57d950c037)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d62b9974a5f3a0f462434ce2763c28a4b4bbcfc6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE applies to virglrender before 0.6.0 which we don't have.
(From OE-Core rev: 559ed3e62e542b7a4456a9a4eef8742ce8521dfb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9b5355375d028577de0b98e05992de6a088cb972)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
drop changes to changelog file in the patch so it can be backport.
(From OE-Core rev: c955d1fc332b8c0a931ffa4a068844981406ae8a)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When use automake to generate Makefile.in from Makefile.am, there
comes below race:
| configure.ac:45: error: required file 'config-h.in' not found
It is because the file config-h.in in updating process by autoheader,
so make automake run after autoheader to avoid the above race.
(From OE-Core rev: 0d5dd68a07707f8b8428fe564414e2f5b7433ed5)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1fc0a4a98e65db7efba8bb5cb835101ea5dd865b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
go 1.14 for windows targets does not support -buildmode=pie, disable it and use
the default buildmode instead. Support for -buildmode=pie for windows targets
is added with go 1.15 (https://golang.org/doc/go1.15) which is added to poky in
gatesgarth.
(From OE-Core rev: a1b0631c4723d2a98eb9e80ec85a00bc46276783)
Signed-off-by: Peter Morrow <pemorrow@linux.microsoft.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
autoheader will update ../libtool-2.4.6/libltdl/config-h.in which
autoconf needs, so there comes a race sometimes as below:
| configure.ac:45: error: required file 'config-h.in' not found
| touch '../libtool-2.4.6/libltdl/config-h.in'
So make sure autoheader run before autoconf to avoid this race.
(From OE-Core rev: ac63b30ac7dce558c9de5be985c153e4617157d5)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8451cbef5906b67756582fdfc44eb01ed3512fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When running on the systems having read-only rootfs backed by overlayfs,
removing the whole directory lead to create a special char device file
on the upperdir to reflect directory's removal. Once it is required to
upgrade the whole read-only image that might contain new postinsts scripts,
it will be impossible to run such scripts with a "deletion mark" file
on the overlayfs -- the whole directory will be marked as deleted regardless
new files in it.
(From OE-Core rev: d913d2fbd431ccc10a6197c4dc8858dfd9a91426)
Signed-off-by: Anton D. Kachalov <gmouse@google.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a27b62b225ffeecec47c249a0b86cc54d775add)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
checkout: fix bug that makes checkout follow symlinks in leading path
Upstream-Status: Acepted [684dd4c2b4]
CVE: CVE-2021-21300
(From OE-Core rev: 8293d5d1529629bd13028bdde1fa99da30313bac)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Attempt to fix intermittent failure of `drd/tests/std_list`
Locally tested to take around 45 s on qemuarm64
[YOCTO #14228]
(From OE-Core rev: ab87c49321a5511060fea6ebff2ffee847f014c0)
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit aac00b1c8042e41cd6bb1aea8e3033a1c6dd2b05)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove hardcoding the build configuration into the help/version output
from swig to make the binaries reproducible.
(From OE-Core rev: 6187dd2b21a9f42877e782810ef96738dbc668c1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7ed28ae9717ea9dad4e131012186d5f08e8f0bec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add sorting to wildcard expansion in the makefile to make builds
reproducible.
(From OE-Core rev: 7529d0a5fff17e35238c0f005163360f7f903898)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5541ba76ccc0c416f315bc0dc14a20a33059bd5f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added missing HOMEPAGE and DESCRIPTION found using the test command
`oe-selftest -r distrodata.Distrodata.test_missing_homepg`
[YOCTO #13471]
(From OE-Core rev: a6f1da03c9534c3ea1607d479e08d1037688a59f)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7290b773486da3888f848abf0dba747f2d9f42e1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added HOMEPAGE and DESCRIPTION for recipes with missing decriptions or homepage
[YOCTO #13471]
(From OE-Core rev: bd3352880322598b0ba6dc439ff08c2e4c592e36)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb05814335e7101bfd8df0a11dc18a044e867bed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
librepo: missing path validation in repomd.xml may lead to directory traversal
Upstream-Status: Acepted [7daea2a242]
CVE: CVE-2020-14352
(From OE-Core rev: f0df1ff1de6ca9a239d7eafd335b753d6a6e6471)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Due to a bug in glibc 2.33, the value of the icache line size is now
reported as unsupported option. This breaks qemu at runtime with:
cacheinfo.c:182: init_cache_info: Assertion `(isize & (isize - 1)) == 0'
failed.
Aborted (core dumped)
We haven't caught this one yet because we were already on qemu 5.2.0
when we started to play with glibc 2.33 so it was only reproducible on
dunfell.
(From OE-Core rev: fdb3ff363c6f8408058f362f3bfdeee4e18150fa)
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The two duplicate lines are not needed. The existence is confusing.
(From OE-Core rev: 24afa7308cea30ed1b4f40ea8c1c95e485560237)
Signed-off-by: Thomas Viehweger <patchesThomas.Vie@web.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 36bdb4faa90dc18bc020481eba82ee570b968c39)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Don't hardcode the host's grep path into xmlto.
(From OE-Core rev: 987562f2ebfa9252a51106bc0198a1604c4e3df0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a7d78971df193c321c309481749fc30cae77788c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I've seen local differences in the quilt output depending on whether the column
binary was available in the sysroot. Fix determinism issues by being specific
about configuration.
(From OE-Core rev: a90e10d66bbfb07a8ce11daa1c52c8b8afe17f61)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0cd5fba8634bcc679518f98cc25be66a51081372)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pull in the changes:
makewrappers: Fix glibc 2.33 fstatat usage issues
ports/linux: Add wrapper for fstatat/fstatat64 in glibc 2.33
(From OE-Core rev: b09b9a28f8ab26b5ce5a21e1f3f1d05eb3540d61)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dfcb1c5eb2690046f96c2bb6724e091028ddc3ec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pull in:
ports/rename/renameat: Avoid race when renaming files
ports/unix: Add faccessat and faccessat2
ports/access.c: Use EACCES, not EPERM
which includes a fix for rename race issues causing pseudo aborts.
(From OE-Core rev: 8a21081add7b2a2698f8eafcc9df472188e9a9c2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 330c232e4f756296331f9026e91ac26fd45f0315)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
