The zlib crate in rust uses libz.a which comes from the zlib-native build.
Some distros like alma9, fedora etc. do not have PIE enabled by default for system compiler.
This leads to target-rust-ccld linking error for cargo-native as (line no 22936):
error: linking with `/home/pokybuild/yocto-worker/qemuarm64/build/build/tmp/work/x86_64-linux/cargo-native/1.79.0/wrapper/target-rust-ccld` failed: exit status: 1
https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/9385/steps/13/logs/stdio
Hence, enable PIE option to CFLAGS for native builds.
(From OE-Core rev: 7146d260f655fa924461333c8c2944ebb93b2b3c)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To avoid false positives (such as CVE-2023-6992, cloudflare:zlib), add a
CVE_PRODUCT to identify the vendors that have been used.
Removing the present existing CVE_STATUS for CVE-2023-6992.
(From OE-Core rev: 119b775b36dfd51286493763cffb6e965893b8fd)
Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The siteconfig code was only used for 5 cache values. The complexity added to sstate
to support this code was considerable and the runtime much more significant than
any benefit the cache files would have added. Drop the support for this which
was only used minimally for ncurses and zlib.
(From OE-Core rev: f3766dc038f7ba9780ddaf5eb8d27385ea31d7d0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
(From OE-Core rev: 9f953a1cd832f03f0b3666168addf45fd4fc8d14)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This CVE relates to a bug in the minizip tool, but we don't build that.
(From OE-Core rev: a32f285501b459cfe18e3135a3c531b63f58034c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
============
- Remove K&R function definitions and zlib2ansi
- Fix bug in deflateBound() for level 0 and memLevel 9
- Fix bug when gzungetc() is used immediately after gzopen()
- Fix bug when using gzflush() with a very small buffer
- Fix crash when gzsetparams() attempted for transparent write
- Fix test/example.c to work with FORCE_STORED
- Rewrite of zran in examples (see zran.c version history)
- Fix minizip to allow it to open an empty zip file
- Fix reading disk number start on zip64 files in minizip
- Fix logic error in minizip argument processing
- Add minizip testing to Makefile
- Read multiple bytes instead of byte-by-byte in minizip unzip.c
- Add memory sanitizer to configure (--memory)
- Various portability improvements
- Various documentation improvements
- Various spelling and typo corrections
(From OE-Core rev: 369780c635cb99a3d93c38dc4e3944eba5a2c2cd)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When a new zlib release is made, the top-level URL is no longer available
and it is only available as a .gz under the /fossils/ directory.
When this happens the source fetch fails and bitbake noisily warns that
it is using the mirrors. Avoid this by using the .gz tarball and add
the /fossils/ directory to PREMIRRORS so fetches will check there too.
(From OE-Core rev: c67f71abc61afec701c50e4e7941128eb701fb0a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Historically there's been a split between /lib for early boot and
/usr/lib for everything else, but with modern systems this split is
meaningless and incomplete. If a minimal system for early boot is
needed, it should be a full minimal system in a initramfs.
[RP: Fixed up selftest to match]
(From OE-Core rev: 990073dfc167354b4af41db83ac46c18b1aa99d5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
First upstream release since 2017!
- Fix a deflate bug when using the Z_FIXED strategy that can result in out-of-bound accesses.
- Fix a deflate bug when the window is full in deflate_stored().
- Speed up CRC-32 computations by a factor of 1.5 to 3.
- Use the hardware CRC-32 instruction on ARMv8 processors.
- Speed up crc32_combine() with powers of x tables.
- Add crc32_combine_gen() and crc32_combine_op() for fast combines.
Drop CVE-2018-25032 as this is in the .12 release.
Rebase 0001-configure-Pass-LDFLAGS-to-link-tests.patch to apply cleanly.
Backport cc.patch to fix compilation with our CC.
(From OE-Core rev: 4055d9fc81661d375c1721ffd502536c1ba74e02)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of patching and sedding the makefile, just install test/example and
execute it in run-ptest. example is the bulk of the test suite, as minimal as
it is.
(From OE-Core rev: ea86bdb8935668d41e142676815af38911ee0faa)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop remove.ldconfig.call.patch, as it's easier to just set LDCONFIG=true.
Pass uname=GNU via the documented configure option instead of undocumented
environment variable.
Rename zlib-1.2.11/ to just zlib/ as we don't ship multiple versions.
Send ldflags-tests.patch upstream and update Upstream-Status.
(From OE-Core rev: 344090a549284d0a1af065ff4cc3038bff8ecfea)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 10ae328607511e7092a9e6f75c8f382b7e3dd27b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Licence updated by removing its first line which was containing
copyright notice including year, which could change quite often.
Additional empty line was deleted, too.
(From OE-Core rev: 8b15b7bd10db83b3390827231b54aeb3452bcb6f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream have removed the file from zlib.net as a new version has
been released, switch to fetching from the official sourceforge
mirror.
[YOCTO #10879]
(From OE-Core rev: bb99e4a620efd59556539c156cd98ea23aae74c8)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix a variety of problems such as typos, bad punctuations, or incorrect
Upstream-Status values.
(From OE-Core rev: bd220fe6ce8c3a0805f13a14706d3130ea872604)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libz.so symbolic link created in ${libdir} is
../../${base_libdir}/libz.so.1.2.8. This doesn't work if base_libdir or libdir
is changed, so use oe.path.relative to construct the correct path at build time.
(From OE-Core rev: ada8972ec40441b06e50d3e9ccbc07241a48e30a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Install zlib tests and run them as ptest
(From OE-Core rev: 2988cef2f0ad857b5bbf6a0189ffb0fb88795f8c)
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove all PR = "r0" from all .bb files in oe-core. This was done
with the command sed -e '/^PR.*=.*r0\"/d' recipes*/*/*.bb -i
We've switching to the PR server, PR bumps are no longer needed and
this saves people either accidentally bumping them or forgetting to
remove the lines (r0 is the default anyway).
(From OE-Core rev: 58ae94f1b06d0e6234413dbf9869bde85f154c85)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Only version number and release year changed in license text.
(From OE-Core rev: 776fa3e49db312bcfd71c6b0637c989ad36fc84b)
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Only version number and release year changed in license text.
(From OE-Core rev: 4688c905776b9d995b2510224da269ac85bc8253)
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We put the shared libraries in base_libdir because at least
one library under base_libdir, pam_cracklib.so, needs them
and will cause a qa warning when it is built.
(From OE-Core rev: ebb8382af892bef8e11fb590292506e1124276c5)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* it's called from install-libs target and when /etc/ld.so.cache is writeable by user running bitbake
then it creates invalid cache (in my case libstdc++.so cannot be found after building zlib(-native)
and I have to call touch */libstdc++.so && /sbin/ldconfig to fix it
(From OE-Core rev: b5c8add7f3ed58451cb460a242b4edd671ba618e)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dont use autotools, it really not so autoconf like.
the configure script gets updated with every release of zlib
and we overwrite that. Instead use the upstream provided
configure
copyright year was changed in zlib.h which caused change in
LIC_FILE_CHECKSUM
fix.inverted.LFS.logic.patch is already applied upstream so drop it
Drop the configure.ac and Makefile.am scripts since we do not
autoreconf anymore and do not inherit autotools anymore
Bump PR for depending recipes so a rebuild it ensues so that
they dont depend on .la anymore
and add missing dependencies discovered during incremental
build
(From OE-Core rev: 50ad5230ea9e0982cdfda23fb9fcfccf89d28f29)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream has grown cmake support which would allow us to dump the OE autotools hack, but the cmakefile doesn't install the .pc file either and breaks with zlib-native
(From OE-Core rev: e1312eef88cb0f3f1557d431f0b31520b2a9968e)
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As discussed on the mailing list, this variable isn't useful and if wanted
would be better implemented by distros using pn-X overrides.
This patch executes:
find . -regex ".*\.\(bb\|inc\)$" | xargs sed -i '/^PRIORITY = ".*"$/d'
against the tree removing the referenced. Thanks to Phil Blundell for
the command.
(From OE-Core rev: d122343362669c683acc4af295971a62cbc823fc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I've cleaned up some odd license fields, fixed some license
names and corrected some incorrect licenses. LICENSE really needs
a pass through by the maintainers as some of the licensing is
incorrect.
Also, every license with Artistic should be gone through and noted as
which version of Artistic.
(From OE-Core rev: 4786ecdf7cd427089464dcb62579110d494e7cd7)
Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[BUGID #281]
Evaluate and update each package in recipes-core to ensure they have a
consistent summary and description.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Having one monolithic packages directory makes it hard to find things
and is generally overwhelming. This commit splits it into several
logical sections roughly based on function, recipes.txt gives more
information about the classifications used.
The opportunity is also used to switch from "packages" to "recipes"
as used in OpenEmbedded as the term "packages" can be confusing to
people and has many different meanings.
Not all recipes have been classified yet, this is just a first pass
at separating things out. Some packages are moved to meta-extras as
they're no longer actively used or maintained.
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
