This code appears to be dangerous, it swallows exceptions, turning them into
"handled" versions which then show no errors to the user. This is a pretty
poor user experience and I can't see why this code should be swallowing
such things. Drop the worst bits of code.
(Bitbake rev: a29ffcc12df24737e702e198aeb8f6892884932b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa reported that if you put a syntax error into an imported
module such as qa.py in OE, no error is shown.
Part of the issue appears to be that the catch_parse_error() decorator only
catches certain exceptions and SyntaxError isn't one of them. As far as I can
tell we should remove all the special cases and use the more advanced code
in all cases, not just expansion errors.
I confirmed this now prints a proper error message for a qa.py syntax error.
(Bitbake rev: e66012bfda60ffe1658473e25879aa67909ae65f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Calling SystemExit doesn't work well with server/client usage since the string
isn't printed to the right place. Use bb.fatal() instead which prints the right
log output and raises and handled exception which then shows correctly on the
UI.
(Bitbake rev: b9ae7164d9e744e8eb9aaff79218f57233a449b7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some variables may be set as:
X = 1
as well the more usual
X = "1"
so add support to to_boolean to handle this case.
(Bitbake rev: e7df13a61911b7431802af2b4d7472b2aaf346fa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemu doesn't always behave well and can hang too.
kill it with force if it was still alive. Move clean up
commands into cleanup() function.
(From OE-Core rev: 929e7679c1d9b21ac5130a9cbc83c415fb9f63f5)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 079c2935d2f585ce49e1c7daab2155fcf0094c48)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When qemu machine hangs, the ssh commands done by tests
are not timing out. do_testimage() task has last logs like this:
DEBUG: time: 1673531086.3155053, endtime: 1673531686.315502
The test process is stuck for hours, or for ever if the
executing command or test case did not set a timeout correctly.
The default 300 second timeout is not working when target hangs.
Note that timeout is really a "inactive timeout" since data returned
by the process will reset the timeout.
Make the process stdout non-blocking so read() will always return
right away using os.set_blocking() available in python 3.5 and later.
Then change from python codec reader to plain read() and make
the ssh subprocess stdout non-blocking. Even with select()
making sure the file had input to be read, the codec reader was
trying to find more stuff and blocking for ever when process hangs.
While at it, add a small timeout to read data in larger chunks if
possible. This avoids reading data one or few characters at a time
and makes the debug logs more readable.
close() the stdout file in all cases after read loop is complete.
Then make sure to wait or kill the ssh subprocess in all cases.
Just reading the output stream and receiving EOF there does not mean
that the process exited, and wait() needs a timeout if the process
is hanging. In the end kill the process and return the return value
and captured output utf-8 encoded, just like before these changes.
This fixes ssh run() related deadlocks when a qemu target hangs
completely.
(From OE-Core rev: 04f080802b4a28709a105e4f0ead56a7a2da42b4)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9c63970fce3a3d6029745252a6ec2bf9b9da862d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a task is aborted the buildstats file isn't complete, so calculate
when the build finished and use that as a end time.
(From OE-Core rev: ffce2744f5833d1c30db7f50443503b3c1a1d119)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 23ebaec476dc46aebe5997f025661137f3e341bd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa spotted patchreview.py reports Malformed Upstream-Status in a
patch in this recipe. The patch is not being applied since there is no ptest
override.
The test in question was also disabled due to an issue with new versions of
openssh.
Add a workaround for the broken test, enable it, drop the broken patch.
(From OE-Core rev: 2c05ee17d58774fc628b8a5b55a14551590fadaa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e9f2cc084638ce9cb5339df611e473c30f0e40b1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backporting a patching from the 2.13.x stable branch of lttng
to fix the build against kernel 6.2+.
(From OE-Core rev: d04dcd155fb8ce420c66b53ae61360680513ccf8)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3aed7dfe5ff6f52497dcffa58bc2f06cf709ea18)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Symbolic links to the files are included during the output hash
calculation but symlinks to the directories are missed.
So if the new symlink to a directory was the only change made,
then the output hash won't change,
and the Hash Equivalence server may change unihash.
In the next run bitbake may use an older package from sstate-cache.
To fix this followlinks=True flag could be set for os.walk
but it can lead to infinite recursion if link points
to a parent directory of itself.
Also, all files from a directory to which symlink points
would be included in depsig file.
Therefore another solution was applied, I added code that will loop
through directories and process those that are symlinks.
(From OE-Core rev: 477a4e816494e256b309fd7e84b2c3796708e6e8)
Signed-off-by: Mateusz Marciniec <mateuszmar2@gmail.com>
Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ee729163f31f26b1462a47e1e53f7a0f9de9b464)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The original patch was actually allowing .debug modules
though which was in-correct. This change blocks the
parsing of .debug modules (which is correct). As noted in
[YOCTO #15022] this should address the empty modules.dep
when using the BusyBox depmod.
(From OE-Core rev: 49bddef864768bbf339513414b42a820f861bdb7)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 339c3c3abe8d405cfe7b3f34db9b3547bcaaf878)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This allows to specify partition with fstype=none in the wks file
to have partition created but without following mkfs. The none fstype
is in the list already but the usage is not documented.
Example;
part /data --ondisk mmcblk0 --fstype=none --align 4096 --fixed-size 512
will create a partition, filesystem may be created manualy on the host
or target and data will be preserved if the device is reflashed using
same wks. Works with bmaptool and probably does not work with dd.
Use case is persistent filesystem/data between reflashing of the image.
(From OE-Core rev: 9af61442c8bc2e0b447706734cb90b3f4bcb2d6b)
Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 351cb64da37aa43113e5192605d04436652aa3b8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openldap is added as a dependency so the build will not fail,
as otherwise ldap headers are not found during configure phase
Note: due to upstream bug (now fixed) building LDAP/LDAPS support
with minimal configurations can sometimes not work, see details at:
https://github.com/curl/curl/pull/10445
(From OE-Core rev: e6a001c22ec1b0d5487027148dda099847474272)
Signed-off-by: Federico Pellegrin <fede@evolware.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a999f62f5692687a5557f7a50c7c768c50f3d7d3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Newest linux-firmware release got firmware for Adreno A200. Add these
two files to the ${PN}-qcom-adreno-a2xx package. As these files are
licensed under a separate BSD-3-Clause license, add separate license
package too.
(From OE-Core rev: 97e0687455c91acbe57dbaf3cbfaed5d962e4ee6)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 56e1b2b06ef7f22d4ac5899046f650ae8ec0d547)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is not enough to depend on the ${PN}-qcom-license package. Set
LICENSE variable for all the qcom packages to point to the proper
license.
(From OE-Core rev: bc41970a9a1f1e9227b24679aae935326cd4bf94)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9dc41e18dc138a7cce920f8e4c85eb3130c0d553)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Denial of service fixes:
• Fix an incorrect assertion that could be used to crash dbus-daemon or
other users of DBusServer prior to authentication, if libdbus was compiled
with assertions enabled.
We recommend that production builds of dbus, for example in OS distributions,
should be compiled with checks but without assertions.
(dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
Other fixes:
• When connected to a dbus-broker, stop dbus-monitor from incorrectly
replying to Peer method calls that were sent to the dbus-broker with
a NULL destination (dbus#301, Kai A. Hiller)
• Fix out-of-bounds varargs read in the dbus-daemon's config-parser.
This is not attacker-triggerable and appears to be harmless in practice,
but is technically undefined behaviour and is detected as such by
AddressSanitizer. (dbus!357, Evgeny Vereshchagin)
• Avoid a data race in multi-threaded use of DBusCounter
(dbus#426, Ralf Habacker)
• Fix a crash with some glibc versions when non-auditable SELinux events
are logged (dbus!386, Jeremi Piotrowski)
• If dbus_message_demarshal() runs out of memory while validating a message,
report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)
• Use C11 _Alignof if available, for better standards-compliance
(dbus!389, Khem Raj)
• Stop including an outdated copy of pkg.m4 in the git tree
(dbus!365, Simon McVittie)
• Documentation:
· Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)
• Tests fixes:
· Fix the test-apparmor-activation test after dbus#416
(dbus!380, Dave Jones)
Internal changes:
• Fix CI builds with recent git versions (dbus#447, Simon McVittie)
(From OE-Core rev: be5d5919242d6d26bdb1e70b83aab88949ffe0eb)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 31245df3061c1a913bffe5e11ad6ac7fa9c83915)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 83e9bd1507fd5f79c680dde30b0f66df84cde6b0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
1. The SIMD dispatchers in libjpeg-turbo 2.1.4 and prior stored the list of
supported SIMD instruction sets in a global variable, which caused an innocuous
race condition whereby the variable could have been initialized multiple times
if 'jpeg_start_*compress()' was called simultaneously in multiple threads.
libjpeg-turbo 2.1.5 included an undocumented attempt to fix this race condition
by making the SIMD support variable thread-local. However, that caused another
issue whereby, if 'jpeg_start_*compress()' was called in one thread and
'jpeg_read_*()' or 'jpeg_write_*()' was called in a second thread, the SIMD
support variable was never initialized in the second thread. On x86 systems,
this led the second thread to incorrectly assume that AVX2 instructions were
always available, and when it attempted to use those instructions on older x86
CPUs that do not support them, an illegal instruction error occurred. The SIMD
dispatchers now ensure that the SIMD support variable is initialized before
dispatching based on its value.
(From OE-Core rev: 195aae4fcb14c818629b04fc371910125a4b3277)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 009a1b0390d791d614b8d4a1407e7479c261f60d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit d57de2a7169de369105ed9bce19a43dad68f350a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is needed when the SDK or eSDK is installed in a /build top level
directory as it conflicts with the build directory within the existing
/usr/src/debug/build (which is really a link). Rename it and then do the
copy, this is not an issue with master currently due to some other
changes that occurred in master.
Fixes: [YOCTO #15026]
(From OE-Core rev: 80839835ec9fcb63069289225a3c1af257ffdef7)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Read from serial console with a small delay to bundle data to e.g.
full lines. Reading one character at a time is not needed and causes
busy looping.
(From OE-Core rev: e91a09702680b713293bcfcc851b27a73e884a8b)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 0049f6757f6f956fb4cc77b3df6a672c20b53cf4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When a qemu machine hangs, the QMP calls can hang for ever
too, and when this happens any failing test commands from ssh
runner may be followed by dump_monitor() calls which
then also hang. Hangs followed by hangs.
Use runqemutime at setup and run_monitor() specific timeout
for later calls.
(From OE-Core rev: 3b99d0ce6445084038f89dfa98605a7aec49107b)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 3a07bdf77dc6ecbf4c620b051dd032abaaf1e4ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use a short sleep to bundle serial console reads so that
we are not reading one character at a time which reduces busy
looping.
(From OE-Core rev: 3699e5bf2f9259266c49aaf69127183988b9d052)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit cafe65d8cf7544edbd387f7f5f6d77c64c6b18fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If test target qemu machine hangs completely, dump_target() calls
over serial console are taking a long time to time out, possibly
for every failing ssh command execution and a lot of test cases,
and same with dump_monitor().
Instead of trying for ever, count errors and after 5 stop trying
to dump_target() and dump_monitor() completely.
These help to end testing earlier when a test target is completely
deadlocked and all ssh, serial and QMP communication with it are
failing.
(From OE-Core rev: 91bc1e03bc990c527d8aadbdcd7bf97217db124e)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit d9ad0a055abba983c6cee1dca4d2f0a8a3c48782)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Configure ssh client to test that connection with server is up.
If the server does not respond within a minute then the connection,
target machine or sshd daemon are stuck and it's better to exit
the command execution with errors.
Some tests can execute a long time without returning stdout/stderror
data and it's difficult to adjust timers for those cases if
connection to target machine or the target machine itself hangs
and output is not expected in minutes or even hours.
(From OE-Core rev: 94021c8571242dd491ee3c7c40144c5a12ca8e42)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit ba68ff04c5786eca7cd8dd44056705867dea8ac4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The output from is garbled otherwise and it's not
easy to remove debug output form real command output on target.
(From OE-Core rev: 36b572fbc5c88b9aaf4e146ecdb00c8d4ea6ff70)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 917a70cbc43ac1c70c477b220c4115735457ef04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The use of scripts/git-intercept was introduced in commit 3266c327df
(install/devshell: Introduce git intercept script due to fakeroot
issues) and later reverted in commit af27c81eaf (scripts: Make git
intercept global).
(From OE-Core rev: 70ee5f9d50bec6e708cd2006c11ef3d0bd7cab42)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f6c260c8e2a33e282a35afc99de4ef8cc1791b08)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For the QA checks in `image.bbclass`, all exceptions
other than `oe.utils.ImageQAFailed` always print the
following generic message:
"Image QA function func_name failed"
This can be very misleading, as it may hide
python syntax errors and other kind of issues that are
hard to detect without more explicit error messages.
This change makes sure that the error message of all
exceptions are displayed.
Before this change:
"Image QA function func_name failed"
After this change:
"Image QA function func_name failed: f-string: empty expression not allowed (<string>, line 13)"
(From OE-Core rev: 6c53d8d8c88fb06b19fbf5bdd754960b21531074)
Signed-off-by: Mauro Queiros <maurofrqueiros@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d85b30d8704d38b86f5b006748cebc74bd2a4fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport 2 patches and rebase
0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch to fix
compile error:
../qemu-6.2.0/hw/display/qxl.c: In function 'qxl_phys2virt':
../qemu-6.2.0/hw/display/qxl.c:1477:67: error: 'size' undeclared (first use in this function); did you mean 'gsize'?
1477 | if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
| ^~~~
| gsize
../qemu-6.2.0/hw/display/qxl.c:1477:67: note: each undeclared identifier is reported only once for each function it appears in
(From OE-Core rev: b3f42317c1932253e7e6b2fd7a263bdbd6c2f69a)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes:
libgit2, when compiled using the optional, included libssh2 backend, fails to verify SSH keys by default.
Description
When using an SSH remote with the optional, included libssh2 backend, libgit2 does not perform certificate checking by default. Prior versions of libgit2 require the caller to set the certificate_check field of libgit2's git_remote_callbacks structure - if a certificate check callback is not set, libgit2 does not perform any certificate checking. This means that by default - without configuring a certificate check callback, clients will not perform validation on the server SSH keys and may be subject to a man-in-the-middle attack.
Beginning in libgit2 v1.4.5 and v1.5.1, libgit2 will now perform host key checking by default. Users can still override the default behavior using the certificate_check function.
The libgit2 security team would like to thank the Julia and Rust security teams for responsibly disclosing this vulnerability and assisting with fixing the vulnerability.
(From OE-Core rev: 6c64dc88b5dac910f3760e9cd1003cc83df3ffad)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a security release with multiple changes.
This provides compatibility with git's changes to address CVE 2022-29187. As a follow up to CVE 2022-24765, now not only is the working directory of a non-bare repository examined for its ownership, but the .git directory and the .git file (if present) are also examined for their ownership.
A fix for compatibility with git's (new) behavior for CVE 2022-24765 allows users on POSIX systems to access a git repository that is owned by them when they are running in sudo.
A fix for further compatibility with git's (existing) behavior for CVE 2022-24765 allows users on Windows to access a git repository that is owned by the Administrator when running with escalated privileges (using runas Administrator).
The bundled zlib is updated to v1.2.12, as prior versions had memory corruption bugs. It is not known that there is a security vulnerability in libgit2 based on these bugs, but we are updating to be cautious.
(From OE-Core rev: 4bc31ac89eb0562bae37e2246e8001b4286f61da)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes:
Fixed a compilation error on Linux/aarch64. GitHub issue #197.
Fixed a potential crash introduced in the fix GitHub issue #134. If a user’s sudoers entry did not have any RunAs user’s set, running sudo -U otheruser -l would dereference a NULL pointer.
Fixed a bug introduced in sudo 1.9.12 that could prevent sudo from creating a I/O files when the iolog_file sudoers setting contains six or more Xs.
Fixed a compilation issue on AIX with the native compiler. GitHub issue #231.
Fixed CVE-2023-22809, a flaw in sudo’s -e option (aka sudoedit) that could allow a malicious user with sudoedit privileges to edit arbitrary files
(From OE-Core rev: fce9cdb15789778fe2525b99c968bbf9a84102ac)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5a3f5f4f607f5e06af772287109b68579154fb2f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit cd1b6167242003c79b39d8761ea0f36db41f0671)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
