Commit Graph

5766 Commits

Author SHA1 Message Date
Yi Zhao
b520496b96 systemd: fix broken links for sysvinit-compatible commands
Since commit[1], PACKAGECONFIG[sysvinit] is not enabled by default when
sysvinit is not in DISTRO_FEATURES, which causes the following
sysvinit-compatible commands/services to not be built and installed:

  runlevel
  telinit
  rc-local.service
  systemd-initctl
  systemd-initctl.service
  systemd-rc-local-generator
  systemd-sysv-generator
  systemd-update-utmp-runlevel.service

Therefore, links to these commands/services should only be created when
PACKAGECONFIG[sysvinit] is enabled.

[1] https://git.openembedded.org/openembedded-core/commit/?id=3668235fd60a9027608f37251c4b453ed21b3687

(From OE-Core rev: a20b698f1acdee972cf1ff570b09a2e2c36bef1a)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-29 11:19:57 +00:00
Wang Mingyu
c71cbbdd3d systemd: upgrade 256.6 -> 256.7
(From OE-Core rev: e54b11c36cd140674ad4eca4eacd34b863706518)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-29 11:19:57 +00:00
Peter Marko
3b551fc466 cve-check: add support for cvss v4.0
https://nvd.nist.gov/general/news/cvss-v4-0-official-support

CVSS v4.0 was released in November 2023
NVD announced support for it in June 2024

Current stats are:
* cvss v4 provided, but also v3, so cve-check showed a value
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0;
2069
* only cvss v4 provided, so cve-check did not show any
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0;
260

(From OE-Core rev: 358dbfcd80ae1fa414d294c865dd293670c287f0)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-25 15:25:33 +01:00
Andrej Valek
4ea5360922 busybox: 1.36.1 -> 1.37.0
- update to next stable version 1.37.0
 - refresh defconfig
   - disable new applets (ip_link_can)
   - enable new applets (time64, find_exec_ok, getfattr, udhcpd_bootp)
 - disable sha acceleration by default
  - enable it just for x86-64, other possible option (x86) is broken
 - submitted to mailing list
  - fix problem with syslogd when nothing was logged
  - fix problem with start-stop-daemon tests
 - remove and refresh already merged patches

(From OE-Core rev: 21753f16a364e32050cf8d79bfa7e0f89be52ce7)

Signed-off-by: Andrej Valek <andrej.v@skyrain.eu>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-24 15:18:54 +01:00
Regis Dargent
a6c1af1af5 udev-extraconf: fix network.sh script did not configure hotplugged interfaces
Udev script network.sh is called when a new ethernet interface is plugged (eg. USB).
Due to some (old) missing files, this script does nothing, instead of configuring the
interfaces with ifup.
I just commented the corresponding lines to allow the script to reach the part where
it calls ifup.

(From OE-Core rev: 160f7139172ffdf510a0d7d4e85f7fbaac7fd000)

Signed-off-by: Regis Dargent <regis.dargent@gmail.com>

Fixes [YOCTO 15616]

network.sh relies on (long) missing files (eg. /etc/network/options,
/etc/init.d/network) to decide if it should configure the new network
interface (ifup) or put its name in /etc/udev_network_queue for future
initialization by /etc/init.d/network service.
The actual result was that the new hotplugged interface was never
automatically configured.
Removing the obsolete tests allows the script to do its intended job.

Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-22 12:28:18 +01:00
Vince Chang
bada336904 util-linux: sfdisk sector size improvements
Refer to https://github.com/util-linux/util-linux/pull/3237.

(From OE-Core rev: 7e37e0addeae3ade4d1634697cde5c8cc619c46a)

Signed-off-by: Vince Chang <vince_chang@aspeedtech.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-22 12:28:18 +01:00
Khem Raj
120400663a musl: Update to tip of trunk
- License-Update: One of COPYRIGHT holders name changed [1]

- Brings these changes

* 047a1639 sys/stat.h: fix typo in statx member name stx_dio_offset_align
* 5be920e9 s390x: don't allow br r0 in CRTJMP asm
* 2fc56aaa update contributor name in authorship notices
* 43664364 fix compile regression in exit on archs without SYS_pause
* 6d8000d3 abstract missing SYS_pause syscall with macros
* 23ab04a8 statx: add new struct statx fields and corresponding mask macros
* 4ca8c267 statx: fix uninitialized attributes/mask in fallback path
* 251cbb63 statx: fix ENOSYS emulation not setting stx_rdev_*
* 8c43c562 sysconf: fix _SC_MINSIGSTKSZ computation to match kernel interpretation
* 300a1f53 sigaltstack: enforce dynamic MINSIGSTKSZ limit
* 572a2e2e printf: drastically reduce stack usage without [long] double args
* c94a0c16 isatty: don't collapse all non-EBADF errors to ENOTTY
* ee18e584 printf core: replace if(0) blocks around switch cases with explicit gotos
* 06a96470 iconv: add cp858
* e1b57ede catan: remove no-op reduction mod pi and unused code
* ca4e632d remove incorrect comment regarding powl exceptional cases
* c851b268 strerror: add error strings for EUCLEAN and ENAVAIL
* 9c78557a use hidden visibility for C entry point function _start_c
* 882aedf6 fix lost or delayed wakes in sem_post under certain race conditions
* b09e3174 m68k: fix POLLWRNORM and POLLWRBAND
* 2de6b426 fix missing make dependency for Scrt1.o due to typo
* cde213f9 timer_create: replace pthread barrier with semaphores for thread start
* 9ee6f104 atexit: fail rather than deadlocking after last handler is called
* 8cca79a7 exit: add back lock to make concurrent calls to exit safe
* ef7d0ae2 move __utc string object to its own translation unit

[1] https://git.musl-libc.org/cgit/musl/commit/?id=2fc56aaa9f660ebd735d1595c3501b792af42eb8

(From OE-Core rev: 13381184a262f6cc69240a34985646fd0ad44655)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-22 12:28:18 +01:00
Alban Bedel
c68ef7b4b7 util-linux: Add findmnt to the bash completion RDEPENDS
The bash completion scripts for `umount`, `fstrim` and `fsfreeze` make
use of `findmnt` so add it to the bash completion RDEPENDS.

(From OE-Core rev: f8703b486a6ccf39225815362acadafb890ca56e)

Signed-off-by: Alban Bedel <alban.bedel@aerq.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-18 15:01:04 +01:00
J. S
582887daac libxml2: upgrade 2.13.3 -> 2.13.4
Changelog: https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.4

(From OE-Core rev: b8e00689bf3ceaa27c015df32a88ada27b1810a7)

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-18 15:01:04 +01:00
Ola x Nilsson
01d0ef0bcc glibc: Fix missing randomness in __gen_tempname
Backport the fix for glibc bug 32214.

The missing randomness in early boot may cause some systemd services
to fail when they occasionally try to create tempdirs like
/run/systemd/namespace-aaaaaa at the same time.
The error messages can contain things like
"Failed to set up mount namespacing".

(From OE-Core rev: 0bb6aa06db5bf2e89d1c499e84a0a8cedbd8f0a7)

Signed-off-by: Ola x Nilsson <olani@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-15 11:47:24 +01:00
Richard Purdie
5b7f1f29b5 cve-check-update-nvd2-native: Incremement DL_DIR database location
We're seeing a lot of sqlite database corruption issues in our automated
testing. It is unclear why this is happening. There were process
imrpovements implemented in master and it is unclear if older releases
are somehow making those changes ineffective or if the problem is
elsewhere.

By changing the location in DL_DIR, we split the two sets of accesses
to be separate and can isolate whether the master changes really did
improve things or not. If successful, we may consider backporting those
changes to the stable releases.

(From OE-Core rev: bcc624012d676192a722a7694614f3c49c6bc4d2)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-14 21:42:17 +01:00
Mikko Rapeli
a375e2d35d ovmf-native: remove .pyc files from install
They break builds which share sstate files on different
machines and paths:

ERROR: ovmf-edk2-stable202408-r0 do_prepare_recipe_sysroot: Error executing a python function in exec_func_python() autogenerated:

The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
     0001:
 *** 0002:extend_recipe_sysroot(d)
     0003:
File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 624, function: extend_recipe_sysroot
     0620:
     0621:    # Handle deferred binfiles
     0622:    for l in binfiles:
     0623:        (targetdir, dest) = binfiles[l]
 *** 0624:        staging_copyfile(l, targetdir, dest, postinsts, seendirs)
     0625:
     0626:    bb.note("Installed into sysroot: %s" % str(msg_adding))
     0627:    bb.note("Skipping as already exists in sysroot: %s" % str(msg_exists))
     0628:
File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 165, function: staging_copyfile
     0161:        os.symlink(linkto, dest)
     0162:        #bb.warn(c)
     0163:    else:
     0164:        try:
 *** 0165:            os.link(c, dest)
     0166:        except OSError as err:
     0167:            if err.errno == errno.EXDEV:
     0168:                bb.utils.copyfile(c, dest)
     0169:            else:
Exception: FileExistsError: [Errno 17] File exists: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/sysroots-components/x86_64/ovmf-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc' -> '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/work/core2-64-poky-linux/ovmf/edk2-stable202408/recipe-sysroot-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc'

(From OE-Core rev: facd9e17fa53e2fb3a828b3f179cfb659be75d37)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-14 21:42:17 +01:00
Ulrich Ölmann
5f78d78beb volatile-binds: mount-copybind: fix typo
Amend a small typing error.

(From OE-Core rev: 6d3c24cfc269fbcd49acd8be220395500fc7120c)

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-11 12:17:03 +01:00
Wang Mingyu
25d3fe2410 ttyrun: upgrade 2.34.0 -> 2.35.0
Changelog:
=============
  Changes of existing tools:
  - cpacfstats: Add support for FULL XTS (MSA 10) and HMAC (MSA 11) PAI counter
  - cpuplugd: Make cpuplugd compatible with hiperdispatch
  - dbginfo.sh: Add network sockstat info
  - pvapconfig: s390x exclusive build
  - zdev: Add option to select IPL device
  - zdump/dfo_s390: Support s390 DFO for vr-kernel dumps
  - zipl: Add support of mirror devices

  Bug Fixes:
  - (genprotimg|zipl)/boot: discard .note.package ELF section to save memory
  - netboot/mk-s390image: Fix size when argument is a symlink
  - ziorep_config: Fix warning message when multipath device is not there.
  - zipl: Fix problems when target parameters are specified by user
  - zipl: Fix segfault when creating device-based dumps with '--dry-run'

(From OE-Core rev: ade8b2028b0fe4e56a1f05cdfec90a1ba32eab13)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-11 12:17:03 +01:00
Mikko Rapeli
ba0e556e07 systemd-boot-native: add runtime dependency to python3-pefile-native
It's needed to run the ukify script.

(From OE-Core rev: 67a248f911626330c20b55de1cd52f83f00a0df1)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-10-01 12:40:48 +01:00
Wang Mingyu
586df77d26 systemd: upgrade 256.5 -> 256.6
(From OE-Core rev: 5761748a0c98bb05849df71b43609f82f4235e51)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-30 17:07:18 +01:00
Ulrich Ölmann
2f09eddfeb initramfs-framework: init: fix typo
Amend a small typing error.

(From OE-Core rev: c4ca9161d9de1a522a34c9088dedf6c346afbbed)

Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-30 17:00:51 +01:00
Wang Mingyu
e7abf0c665 init-system-helpers: upgrade 1.66 -> 1.67
(From OE-Core rev: 39453acfb61ed698d03a2472ff1dcc7df5a4bfeb)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-30 17:00:50 +01:00
Wang Mingyu
41dc961f26 ifupdown: upgrade 0.8.43 -> 0.8.44
(From OE-Core rev: 89f5d20bd66c075be646b7fc6d5678041ded488a)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-30 17:00:50 +01:00
Wang Mingyu
478070c80b ell: upgrade 0.68 -> 0.69
Changelog:
==========
- Add support for getting remaining microseconds left on a timer.
- Add support for setting link MTU on a network interface.

(From OE-Core rev: 15e775769abd8d3123bba10a46526b94009328a5)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-30 17:00:50 +01:00
Khem Raj
8d5ab60943 systemd-boot: Enable on RISCV
(From OE-Core rev: 68246e1f80a17b12774e2eb77adc9301dbe6385d)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-30 17:00:50 +01:00
Deepthi Hemraj
1d4e41062a glibc: stable 2.40 branch updates
Below commits on glibc-2.40 stable branch are updated.
7073164add libio: Attempt wide backup free only for non-legacy code
adfb14e71f debug: Fix read error handling in pcprofiledump
f4a9b6e97b elf: Fix tst-dlopen-tlsreinit1.out test dependency
f496b750f1 elf: Avoid re-initializing already allocated TLS in dlopen (bug 31717)
b7edcfa0f4 elf: Clarify and invert second argument of _dl_allocate_tls_init
3414b17e9d nptl: Use <support/check.h> facilities in tst-setuid3
3b3350d7ba posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64
e24902f409 ungetc: Fix backup buffer leak on program exit [BZ #27821]
dac7a0694b ungetc: Fix uninitialized read when putting into unused streams [BZ #27821]
2f749d2b15 Make tst-ungetc use libsupport
27fb563bfe stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]
bc240ba7c8 support: Add FAIL test failure helper
709319f9de string: strerror, strsignal cannot use buffer after dlmopen (bug 32026)
586e4cd8c6 Define __libc_initial for the static libc
c0af0c2ba0 x86: Fix bug in strchrnul-evex512 [BZ #32078]
898f25e0b1 x32/cet: Support shadow stack during startup for Linux 6.10
e3556937c2 x86-64: Remove sysdeps/x86_64/x32/dl-machine.h
39ee60a719 support: Add options list terminator to the test driver
5641780762 manual/stdio: Further clarify putc, putwc, getc, and getwc
6a97e2ba14 Fix name space violation in fortify wrappers (bug 32052)
aa533d58ff x86: Tunables may incorrectly set Prefer_PMINUB_for_stringop (bug 32047)
928769737c resolv: Fix tst-resolv-short-response for older GCC (bug 32042)
ca53bc68ab Add mremap tests
2eb2d78ca7 mremap: Update manual entry
3433a35842 linux: Update the mremap C implementation [BZ #31968]
46f19b2342 Enhanced test coverage for strncmp, wcsncmp
509166c9a5 Enhance test coverage for strnlen, wcsnlen
132a72f93c manual: make setrlimit() description less ambiguous
65fbcfe589 manual/stdio: Clarify putc and putwc
5d2a931a81 malloc: add multi-threaded tests for aligned_alloc/calloc/malloc
2aebac5e15 malloc: avoid global locks in tst-aligned_alloc-lib.c
145b588637 Fix version number in NEWS file
b6aeba2de1 manual: Do not mention STATIC_TLS in dynamic linker hardening recommendations
ef14142663 resolv: Do not wait for non-existing second DNS response after error (bug 30081)
8bbb8d7b16 resolv: Allow short error responses to match any query (bug 31890)

(From OE-Core rev: 5335a7b2852ce891a98eda18d59fc32e60f1c722)

Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-30 17:00:50 +01:00
Markus Volk
9639dc7d87 glib-2.0: update 2.80.4 -> 2.82.1
- adjust 0010-Do-not-hardcode-python-path-into-various-tools.patch

(From OE-Core rev: de2d07df6efb6c4d01f31d3f6d902b630f747400)

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-20 15:59:03 +01:00
Mikko Rapeli
5eacd34f89 omvf: update from edk2-stable202402 to edk2-stable202408
Includes patches for CVE-2023-45236, CVE-2023-45237 and
CVE-2024-25742. Refreshed patches with devtool.

Changes:

https://github.com/tianocore/edk2/releases

edk2-stable202408
Release Date 2024-08-23
New Features & Bug Fixes

    CryptoPkg:Add more crypto APIs (AESGCM/PEM/X509/RSA/PKCS5/PKCS7/Authenticode) based on Mbedtls
    CryptoPkg: Enable Openssl native instruction support for AARCH64
    CryptoPkg: Add support for aes128-sha256 and aes256-sha256 cipher
    UefiCpuPkg: S3 cleanup
    MdePkg/BaseLib: Add CRC16 CCITT False Implementation
    DynamicTablesPkg: ACPI TPM2 generator
    DynamicTablesPkg: Prepare for supporting other archs
    BaseTools: Add VS2022 support
    OvmfPkg: Add LoongArchVirt instance to OvmfPkg and enable it

edk2-stable202405

Release Date 2024-05-24
New Features & Bug Fixes

    SecurityPkg:Add EFI Device Authentication Signature Database and SPDM
    CryptoPkg:add additional RSAES-OAEP crypto functions
    OvmfPkg:Add 5-level paging support
    OvmfPkg:SEV-SNP Support for running under an SVSM
    OvmfPkg:RBP register shall be cleared in TDVMCALL
    OvmfPkg:Harden #VC instruction emulation (CVE-2024-25742)
    Add SPI bus driver stack
    NetworkPkg: Predictable TCP ISNs
    NetworkPkg: Use of a Weak PseudoRandom Number Generator
    UefiCpuPkg: Add new SmmRelocationLib library

Bugzilla List
Update Notes

    NetworkPkg SECURITY PATCH CVE-2023-45237 requires the platform to provide the right implementation of the EFI_RNG_PROTOCOL
    (i.e., using a GUID that appears in the allowlist) and EFI_HASH2_PROTOCOL. If it is not implemented, the platform will lose the ability to do network boot.

(From OE-Core rev: 50ae1d4afe436498b157f19e085532a6f0525d85)

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-20 14:01:02 +01:00
Richard Purdie
8f01ae5c7c build-appliance-image: Update to master head revision
(From OE-Core rev: 161c5b311f1aeb8f254dca96331b31d5b67fc92d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-17 12:31:46 +01:00
Richard Purdie
3fe0accdd1 build-appliance-image: Update to master head revision
(From OE-Core rev: 4d27344f0cd414dee71bded529536616cef277c1)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-17 12:26:17 +01:00
Ross Burton
64a1a07f03 systemd: add missing dependency on libkmod to udev
As of systemd 256, libsystemd-shared.so doesn't directly link to a number
of libraries but instead dlopen()'s them as needed to reduce the size of
the attack surface.

Instead the .so has a .note.dlopen segment that lists the libraries that
may be opened, with the intention that these are transformed into package
recommendation fields.

We don't yet have support for these (see #15595) so explicit dependencies
have been added to the systemd package itself. However, in an initramfs
with udev but without systemd and no recommendations you end up without
libkmod, so module loading is impossible.

Add an explicit hard dependency on libkmod to udev, because modules are
critical functionality.

(From OE-Core rev: 12fadefe11ed9f09171087608c3c4b83c7302b3f)

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-13 07:15:49 +01:00
Rasmus Villemoes
462b0c114a systemd: include sysvinit in default PACKAGECONFIG only if in DISTRO_FEATURES
The sysvinit PACKAGECONFIG knob enables various legacy/compatibility
code that may not be needed or even desired. If DISTRO_FEATURES
includes systemd (as it must for this recipe to build) but not
sysvinit, there is no point building and installing that legacy
support.

As most other changes, this can cause breakage, but given that
sysvinit not being in DISTRO_FEATURES requires explicit opt-out (due
to backfill), I think the risk is low. Moreover, it is generally
easier to add to than to remove from PACKAGECONFIG.

(From OE-Core rev: 3668235fd60a9027608f37251c4b453ed21b3687)

Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-13 07:15:49 +01:00
Paul Barker
313afc99ed meta-ide-support: Mark recipe as MACHINE-specific
meta-ide-support:do_write_test_data dumps the bitbake data dictionary to
a file using export2json(). As this obviously includes the value of
MACHINE, and other MACHINE-specific variables, the recipe needs to be
marked as MACHINE-specific.

RP: Note that this patch does change the name of the environment script
since it is no longer package arch specific but machine arch specific.

[RP: Fix selftest to reference new environment file]
(From OE-Core rev: 3be2bc8a9b0c9d6a178329c8b451a6bedf255d6c)

Signed-off-by: Paul Barker <paul.barker.ct@bp.renesas.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-12 16:15:09 +01:00
Colin McAllister
e164749139 busybox: Fix cut with "-s" flag
This fixes and issue that allows blank lines to be incorrectly output
when the "-s" flag is included. This issue propogates into the
populate-volatile.sh script in initscripts. If a volatiles drop file
contains blank lines, a blank line will be included in combined users,
which will incorrectly result in a difference in the number of combined
users versus defined users. If this happens, the volatiles file will not
be executed.

(From OE-Core rev: dfbcf0581ab3dd47037726a7b8aa06f777792473)

Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-10 13:05:00 +01:00
Colin McAllister
8c820896b8 udev-extraconf: Add collect flag to mount
Adds extra "--collect" flag to the mount command within
automount_systemd. This is intended to fix an observed deadlock after
rapidly inserting and removing external media. This is because if the
mount command fails, the transient mount will enter a failed state. The
next time the media is inserted, automount_systemd bails because the
first consition finds that the file path for the failed transient mount
still exists. This leaves the external media unmounted and cannot be
mounted until the mount is fixed via systemctl or the device is
rebooted.

Adding "--collect" ensures that the transient mount is cleaned up after
entering a failed state, which ensures that the media can still be
mounted when it's re-inserted.

(From OE-Core rev: f0cda74d73eb8c14cd6f695f514108f1e94984a6)

Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-10 13:05:00 +01:00
Etienne Cordonnier
4fc8427a6c systemd: make home directory readable by systemd-coredump
In 924453c225
ProtectHome was set to true for systemd-coredump in order to reduce risk, since an attacker could craft a malicious binary in order to compromise systemd-coredump.
At that point the object analysis was done in the main systemd-coredump process.
Because of this systemd-coredump is unable to product symbolicated call-stacks for binaries running under /home ("n/a" is shown instead of function names).

However, later in 61aea456c1 systemd-coredump was changed to do the object analysis in a forked process,
covering those security concerns.

Let's set ProtectHome to read-only so that systemd-coredump produces symbolicated call-stacks for processes running under /home.

Note: it still does not work in /tmp (because of PrivateTmp=yes) and in /root (for unknown reasons).

Before the change (with minidebuginfo enabled):

    root@qemux86-64:~# /home/sleep 1000 &
    [1] 426
    root@qemux86-64:~# kill -11 $(pidof sleep)
    root@qemux86-64:~# coredumpctl info
               PID: 426 (sleep)
               UID: 0 (root)
               GID: 0 (root)
            Signal: 11 (SEGV)
         Timestamp: Fri 2024-09-06 17:25:18 UTC (3s ago)
      Command Line: /home/sleep 1000
        Executable: /home/sleep
     Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service
              Unit: serial-getty@ttyS0.service
             Slice: system-serial\x2dgetty.slice
           Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5
        Machine ID: fb279f18f2c849c59768754c7a274ee3
          Hostname: qemux86-64
           Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.426.1725643518000000.zst (present)
      Size on Disk: 16.5K
           Message: Process 426 (sleep) of user 0 dumped core.

                    Stack trace of thread 426:
                    #0  0x00007f365f3849a7 clock_nanosleep (libc.so.6 + 0xd49a7)
                    #1  0x00007f365f38f667 __nanosleep (libc.so.6 + 0xdf667)
                    #2  0x0000561fee703737 n/a (/home/sleep + 0x7737)
                    #3  0x000000003a6227c5 n/a (n/a + 0x0)
                    ELF object binary architecture: AMD x86-64
    [1]+  Segmentation fault      (core dumped) /home/sleep 1000

After the change (with minidebuginfo enabled):

    root@qemux86-64:~# /home/sleep 1000 &
    [1] 450
    root@qemux86-64:~# kill -11 $(pidof sleep)
    root@qemux86-64:~# coredumpctl info
               PID: 450 (sleep)
               UID: 0 (root)
               GID: 0 (root)
            Signal: 11 (SEGV)
         Timestamp: Fri 2024-09-06 17:30:12 UTC (4s ago)
      Command Line: /home/sleep 1000
        Executable: /home/sleep
     Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service
              Unit: serial-getty@ttyS0.service
             Slice: system-serial\x2dgetty.slice
           Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5
        Machine ID: fb279f18f2c849c59768754c7a274ee3
          Hostname: qemux86-64
           Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.450.1725643812000000.zst (present)
      Size on Disk: 16.5K
           Message: Process 450 (sleep) of user 0 dumped core.

                    Stack trace of thread 450:
                    #0  0x00007f795dd689a7 clock_nanosleep (libc.so.6 + 0xd49a7)
                    #1  0x00007f795dd73667 __nanosleep (libc.so.6 + 0xdf667)
                    #2  0x0000561965c9d737 rpl_nanosleep (sleep + 0x7737)
                    #3  0x0000561965c9d0c1 xnanosleep (sleep + 0x70c1)
                    #4  0x0000561965c985c8 main (sleep + 0x25c8)
                    #5  0x00007f795dcba01b __libc_start_call_main (libc.so.6 + 0x2601b)
                    #6  0x00007f795dcba0d9 __libc_start_main (libc.so.6 + 0x260d9)
                    #7  0x0000561965c98685 _start (sleep + 0x2685)
                    ELF object binary architecture: AMD x86-64
    [1]+  Segmentation fault      (core dumped) /home/sleep 1000

(From OE-Core rev: b8c1f999038b7cd6fc2e80ed215541c8a4d9e19f)

Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-09 17:04:15 +01:00
Peter Kjellerstedt
4e2aa7e4a1 systemd: Remove a leftover reference to ${datadir}/mime
${MIMEDIR} (aka ${datadir}/mime) is packaged in ${PN}-mime and the
reference to ${datadir}/mime/packages/io.systemd.xml for FILES:${PN}
should have been removed in commit
5560243137f772683e53b614f134dd632b62be8b.

(From OE-Core rev: 3dba1443ef123714a4b1c77ade1ea3b2d0ad3f21)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-05 21:48:47 +01:00
Richard Purdie
1231f5d34f expat: 2.6.2 -> 2.6.3
Includes fixes for CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.

https://blog.hartwork.org/posts/expat-2-6-3-released/

(From OE-Core rev: cc96903d915db0dfde382a26bb7ec57d0d37e62e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-05 21:48:47 +01:00
Khem Raj
b897daf8b7 glibc: Fix the arm/arm64 worsize.h uniificationb patch
The symlink got mangled during the 2.40 upgrade

(From OE-Core rev: f4d9a708e8c61d147e8b06d94f13ae57b6f879e7)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Maohui Lei <leimaohui@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-05 21:48:47 +01:00
Richard Purdie
a57341d6ea gettext: Drop obsolete ptest conditional in do_install
The PTEST_ENABLED conditional is no longer needed since the task is deleted
if ptest isn't enabled.

(From OE-Core rev: 6037ad74d88ff23821120422f2f0d0366daa8ec7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-04 12:38:44 +01:00
Wang Mingyu
deddcc0ee7 ell: upgrade 0.67 -> 0.68
Changelog:
==========
- Fix issue with string allocation growth strategy.
- Add support for netlink helper functions.

(From OE-Core rev: 5a60e56785e30aba43741daea19e1f742a294c4d)

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-04 12:38:44 +01:00
John Ripple
84df90c05f packagegroup-core-tools-profile.bb: Enable aarch64 valgrind
The Valgrind recipe has had support for aarch64 for 9 years but the
packagegroup-core-tools-profile recipe still excludes valgrind on
aarch64 builds. This patch adds Valgrind when building the
package-group-core-tools-profile for aarch64 systems.

(From OE-Core rev: 2f8f6d722b39d2d1080367bf780dead4ed4ed781)

Signed-off-by: John Ripple <john.ripple@keysight.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-01 12:28:10 +01:00
Markus Volk
ef9a927a3a systemd: dont set polkit permissions manually
According to this commit polkit rules should go to ${datadir} instead of ${sysconfdir}:
https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=d5e90541f8e35916abc930b2da6de037b23d51a1
Theres no need to adjust the permissions for ${datadir} anymore:
https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=6da0fd21c900e32a0693a6b27d38182f19c8c76c

Dont set polkit permissions manually. This allows to drop the manually
set polkit permissions for all files in meta-openembedded and also for
libvirt in meta-virtualization.

In addition, manually setting the permissions would not be needed for
new recipes anymore.

(From OE-Core rev: d27961962d2c8456d9a90148943d4282494146c2)

Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-09-01 12:28:10 +01:00
Yash Shinde
9da30a8753 zlib: Enable PIE for native builds
The zlib crate in rust uses libz.a which comes from the zlib-native build.
Some distros like alma9, fedora etc. do not have PIE enabled by default for system compiler.

This leads to target-rust-ccld linking error for cargo-native as (line no 22936):
error: linking with `/home/pokybuild/yocto-worker/qemuarm64/build/build/tmp/work/x86_64-linux/cargo-native/1.79.0/wrapper/target-rust-ccld` failed: exit status: 1

https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/9385/steps/13/logs/stdio

Hence, enable PIE option to CFLAGS for native builds.

(From OE-Core rev: 7146d260f655fa924461333c8c2944ebb93b2b3c)

Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-29 21:58:19 +01:00
Khem Raj
79253a5668 musl: Upgrade to latest tip of trunk
Bring following changes on top of 1.2.5

* dd1e63c3 syslog: revert LOG_FAC/LOG_FACMASK changes
* 008f737d siglongjmp: document why this function just calls longjmp
* 947b4574 inet_ntop: fix the IPv6 leading zero sequence compression
* 50ab8306 dynlink: avoid copying to temp buffer in get_lfs64
* 1b97d006 sys/epoll.h: add epoll ioctls
* ab31e9d6 getusershell: skip blank lines and comments
* 53ac44ff dynlink: fix get_lfs64() with posix_fallocate64
* 895736d4 syslog: fix incorrect LOG_MAKEPRI and LOG_FAC[MASK] macros
* 05ce67fe add renameat2 linux syscall wrapper
* 00799729 fix mismatched type in posix_getdents definition
* cbf59dd6 aarch64 crti.o: fix alignment of _init/_fini
* 84015cee fix typo that broke sys/reg.h and sys/user.h
* 1b0d4851 implement posix_getdents adopted for next issue of POSIX
* 2c124e13 stdint.h: derive limits from __LONG_MAX, use common fast16 types
* 7019fbe1 sys/user.h: derive __WORDSIZE from __LONG_MAX
* e709a6f0 sys/reg.h: derive __WORDSIZE from __LONG_MAX
* 29b216b2 unistd.h: derive ILP32/LP64 macros from __LONG_MAX instead of arch bits
* 0dfa1d8c unify bits/stat.h for all archs sharing a common definition
* ef600888 align aarch64, riscv64, loongarch64 stat structure padding type
* 6f666231 ldso: fix non-functional fix to early dynamic PAGE_SIZE access
* fced99e9 strptime: implement conversion specifiers adopted for next POSIX issue
* 3f9d4224 printf decimal integer formatting: shave off one division
* a23cf8f9 riscv mcontext_t/sigcontext: use __aligned__ instead of aligned
* cbf1c7b6 add missing STATX_ATTR_* macros omitted when statx was added
* 3f49203c initgroups: do not artificially limit number of supplementary groups
* 24ebbbde printf: fix edge case where hex float precision was not honored
* e3b0ace5 complex: fix comment in cacosh
* 9683bd62 math: fix fma(x,y,0) when x*y rounds to -0
* 5370070f fix pwrite/pwritev handling of O_APPEND files
* bdc9a9ff uio.h: add RWF_NOAPPEND flag for pwritev2
* 7ada6dde iconv: fix missing bounds checking for shift_jis decoding
* fd7d0185 add missing inline keyword on default a_barrier definition
* b5121e2e iconv: add aliases for GBK
* ca6f46af iconv: add euro symbol to GBK as single byte 0x80

(From OE-Core rev: 70179bc94c90ba1f33a3fff8f3019cb96fcdbaef)

(From OE-Core rev: bcfaa9542fac82e90fbb8bdf67e3ade2697fbca4)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-29 21:58:19 +01:00
Khem Raj
41aa8568dd musl: Update to 1.2.5 release
This release adds extension functions statx and preadv2/pwritev2, with
fallback implementations for older kernels, and adds two new ports:
loongarch64 and riscv32. Minor changes to the printf family of
functions have been made for conformance to new standards
interpretations/requirements. TLSDESC support for riscv64 has also
been added.

Bugs fixed include some DNS issues related to new TCP fallback
functionality, several rare race conditions, potentially incorrect
return value when glob aborts, and several signifiant arch-specific
bugs affecting TLSDESC on arm, riscv64 icache flushing, and sh
sigsetjmp and dlsym RTLD_NEXT. [1]

Do not use https protocol for fetching

Musl author confirms that https protocol is not well supported yet on
musl git host, currently we experience this problem intermittently on
some build hosts where the fetching fails.

fatal: protocol error: bad line length character: erro
WARNING: Failed to fetch URL git://git.etalabs.net/git/musl;branch=master;protocol=https

[1] https://www.openwall.com/lists/musl/2024/03/01/2

(From OE-Core rev: c6c79477209f5e7e1a0206942de9603a7accec67)

(From OE-Core rev: 0d0a2d62810bfa7ea51d536c4e43c2edae823a6b)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-29 21:58:19 +01:00
Alexander Kanavin
b5dbb24070 ifupdown: upgrade 0.8.41 -> 0.8.43
Do not force CFLAGS (no longer necessary).

(From OE-Core rev: 092ac58c7914142db397544b1a8e18f61423deba)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-28 09:14:27 +01:00
Alexander Kanavin
67e388f31f glib-2.0: update 2.80.2 -> 2.80.4
Drop backport 0001-girepository-introspection-correctly-install-.gir-fi.patch

(From OE-Core rev: 68ac84d6f4aa4f9342b53814b08a4a888f006a2c)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-28 09:14:26 +01:00
Changqing Li
2f46b6f27d bitbake.conf: drop VOLATILE_TMP_DIR, use FILESYSTEM_PERMS_TABLES instead
* Drop VOLATILE_TMP_DIR, use FILESYSTEM_PERMS_TABLES instead. By default,
FILESYSTEM_PERMS_TABLES ?=  "files/fs-perms.txt \
                             files/fs-perms-volatile-log.txt \
                             files/fs-perms-volatile-tmp.txt"
it contains 'files/fs-perms-volatile-tmp.txt', which means volatile tmp
is enabled. User can disable volatile tmp by remove
'files/fs-perms-volatile-tmp.txt' from FILESYSTEM_PERMS_TABLES.
* If volatile tmp is disabled, both /tmp and /var/tmp are persistent

(From OE-Core rev: 8d1ae67b89c45f78162e070228086c7ef88c3264)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-28 09:14:26 +01:00
Changqing Li
2f8806deb7 bitbake.conf: drop VOLATILE_LOG_DIR, use FILESYSTEM_PERMS_TABLES instead
Drop VOLATILE_LOG_DIR, use FILESYSTEM_PERMS_TABLES instead. By default,
it contains 'files/fs-perms-volatile-log.txt', which means volatile log
is enabled. User can disable volatile log by remove
'files/fs-perms-volatile-log.txt' from FILESYSTEM_PERMS_TABLES.

(From OE-Core rev: 91128c6517066715f2afe6b46aa3206c7cf3653e)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-28 09:14:26 +01:00
Khem Raj
56bc6ce8c6 systemd: Refresh patch to remove patch-fuzz
Fixes
ERROR: systemd-1_256.5-r0 do_patch: QA Issue: Fuzz detected:

Applying patch 0017-missing_syscall.h-Define-MIPS-ABI-defines-for-musl.patch
patching file src/basic/missing_syscall.h
Hunk #1 succeeded at 20 with fuzz 1.

The issue surfaces when building with musl

(From OE-Core rev: 4fc73793e0a053211b29d016a09afc430a48e81b)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-25 15:37:39 +01:00
hongxu
c1ee5dce8f readline: 8.2 -> 8.2.13
Drop backport patches:
- readline82-001.patch ~ readline82-010.patch

Rebase norpath.patch to 8.2.13

(From OE-Core rev: 14bdb5ee0bf2a8c0aaac6fd625aa6a7d0ea02548)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-23 22:43:27 +01:00
hongxu
1d813b15a6 libxml2: 2.12.8 -> 2.13.3
* Remove Trio and updated Copyright to remove Trio [1]
* Remove --with-fexceptions configuration option [2]

[1] 7d6969d955
[2] e349709ae7

(From OE-Core rev: 786a24228ee0793f43258133c7e5df6acb3e9de2)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-23 22:43:27 +01:00
Chen Qi
768acd2df8 util-linux/util-linux-libuuid: upgrade from 2.40.1 to 2.40.2
Upgrade util-linux from 2.40.1 to 2.40.2.

0001-Revert-autotools-make-pam-install-path-configurable.patch
is added to solve a problem of lastlog2 pam module not installed
in the expected location.

(From OE-Core rev: 2303f28de507ceb88a012647f70b74e0fad6ec4b)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-08-23 09:12:38 +01:00