Add a patch to disable a failing test that is proving difficult
to investigate.
(From OE-Core rev: 0dc2dfcacaa99bdb306215d2a5e135038f72d895)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
history.3 manpage is no longer installed.
(From OE-Core rev: 93a2a1bc48562645ede4ec61f5fd2eb05f54e648)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Disable manpages, as they require scdoc, which is not currently
available in core (and adjust a related selftest).
Drop 0001-Use-portable-implementation-for-basename-API.patch
as upstream fixed the issue differently.
(From OE-Core rev: f868b75ab22cd528d9add744042f13d475715ef4)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When xwayland PACKAGECONFIG option is set, xwayland is enabled in
weston.ini. However, if the xwayland module isn't installed, weston will
refuse to start with the following error message:
Failed to load module: /usr/lib/libweston-13/xwayland.so: cannot open shared object file: No such file or directory
Therefore, whenever the xwayland PACKAGECONFIG is set, weston-init
should depend on weston-xwayland to bring this module in.
Fixes: fdbe559c66c9 ("weston.init: enabled xwayland")
(From OE-Core rev: fa2314125318634108452af4e40c9eeee260767c)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As of mesa version 24.1.0, the etnaviv gallium driver requires the Python
pycparser module when building.
Without it, build fails with something like:
../mesa-24.1.4/src/etnaviv/hwdb/meson.build:17:2: ERROR: Problem encountered: Python (3.x) pycparser module >= 2.20 required to build mesa.
(From OE-Core rev: bfc6ccd171b1cf5544ef79839fbc94e2c682bfda)
Signed-off-by: Esben Haabendal <esben@geanix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
aea9f42 ptest_list_remove: Fix pointer adjustment of prev and next
(From OE-Core rev: f70ec9bcd379b5fc4c85d7479d42789c2e22f4a9)
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The 2.39 version of util-linux took new file descriptors based mount
kernel API into use. In relation to this change, the upstream release
notes in
https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21
mention that
This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior.
After observing following failure when booting a board using a bit
older 6.1 series kernel together with initramfs rootfs based boot flow
[FAILED] Failed to start Remount Root and Kernel File Systems.
See 'systemctl status systemd-remount-fs.service' for details.
closer inspection revealed:
demoboard ~ # systemctl status -l systemd-remount-fs.service
x systemd-remount-fs.service - Remount Root and Kernel File Systems
Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled)
Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago
Docs: man:systemd-remount-fs.service(8)
https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE)
Main PID: 76 (code=exited, status=1/FAILURE)
Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32.
Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option.
Aug 14 14:53:48 demoboard systemd-remount-fs[81]: dmesg(1) may have more information after failed mount system call.
Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE
Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'.
Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems.
also consequentially, 'systemctl status' reported:
State: degraded
When issuing 'strace -ff mount -o remount /' the failure occurred at
mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument)
After further investigation, The issue was pinpointed to lack of Linux
kernel commit
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210
("fs: relax mount_setattr() permission checks") in the kernel version
that was being used. Above mitigation was discussed in email related to
then-rejected CVE-2024-26821:
https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/
After testing with qemuarm64 machine different linux-yocto versions,
it was observed that the issue impacts following versions of currently
supported LTS kernels:
- 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0)
- 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0)
- 5.15.164 which is currently the newest of 5.15.y series (i.e. no
known working version)
Taking the above findings into consideration, add a new PACKAGECONFIG
option removing which enables users to opt-out from using the feature
which can cause issues with a bit older kernels. The option is enabled
only for class-target here, since it otherwise causes following error
during util-linux-native's do_configure task on Debian 11 build host
(mountfd_api requirement fails):
| configure: error: libmount_mountfd_support selected, but required mount FDs based API not available
Versions 5.10.223, 5.4.279 and 4.10.317 were also tested with qemuarm64
but the issue was not reproduced with those versions - using strace
showed that the mount_setattr call associated with the new mount API
problem was not issued with these LTS kernel versions, which seemed to
be confirmed also by following libmount debug message in these cases:
415: libmount: HOOK: [0x7fa115e818]: failed to init new API
Note: In addition to the aforementioned, this change was tested also
briefly using the current latest kernel versions 6.1.104, 6.6.45 and
6.10.3 that using the old mount API with newest kernels did not
introduce any observable regression to the boot flow.
(From OE-Core rev: dc086d9a8613143607af3583c72ed892e20b4d66)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Under high load, the ssh test is hitting the amount of retries.
Increase it to 20 to avoid this issue. This would increase the maximum
failure time from 50 seconds (5 * 10) to 100 seconds.
(From OE-Core rev: c796438eec5dd6b4671b798f85506bc89ff402ab)
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This includes CVE-fix for CVE-2024-41957, CVE-2024-41965 and CVE-2024-43374
Changes between 9.1.0114 -> 9.1.0682
====================================
https://github.com/vim/vim/compare/v9.1.0114...v9.1.0682
Note:
====
Removed patch "vim-add-knob-whether-elf.h-are-checked.patch" as libelf checks are removed from configure.ac as per
commit 1acc67ac44
(From OE-Core rev: 6d2938e53cad5d9bf2e78a5403e9f9fab1db77b4)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes of existing tools:
- ap_tools/ap-check: Add support for vfio-ap dynamic configuration
- dbginfo.sh: Update/Add additional DASD data collection
- dumpconf: Add new parameter 'SCP_DATA' for SCSI/NVMe/ECKD dump
devices
- libutil: Make formatted meta-data configurable
- s390-tools: Replace 'which' with built-in 'command -v'
- zdump/dfi_elf: Support core dumps of vr-kernels
Bug Fixes:
- chzdev: Fix warning about failed ATTR writes by udev
- rust/pv: Try again if first CRL-URI is invalid
- rust/pvattest: Add short option for --arpk
- zdump: Fix 'zgetdump -i' ioctl error on s390 formatted dump file
(From OE-Core rev: c0f57f1210396278a30efa757252c841e86b6ff4)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
- Read '.conf' files from include directories sorted alphabetically
- Add extra linefeed to wall messages to ensure they are seen
- Issue #87: segfault on 'SIGTERM', regression from v2.6.0
(From OE-Core rev: b3157769234d686c583d193578527a4938f6d316)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
- Support for Pathlike objects in data files and extensions
- native support for C++ compilers
- removed unused get_msvcr()
(From OE-Core rev: 8fccef7a731f44e5d27653e06becb54cf770e5e5)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
* GH#421: Nested "CDATA" sections are no longer rejected but split on
output to represent "]]>" correctly.
* LP#2060160: Attribute values serialised differently in "xmlfile.element()"
and "xmlfile.write()".
* LP#2058177: The ISO-Schematron implementation could fail on unknown prefixes.
* LP#2067707: The "strip_cdata" option in "HTMLParser()" turned out
to be useless and is now deprecated.
* Binary wheels use the library versions libxml2 2.12.9 and libxslt 1.1.42.
* Windows binary wheels use the library versions libxml2 2.11.8 and libxslt 1.1.39.
* Built with Cython 3.0.11.
(From OE-Core rev: 850831bc33ff6cd50f17c8c45f1e9de6a0cddebb)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
-improves shrinking in cases involving 'slips' from one strategy to another.
-reduces the range of :class:'python:datetime.datetime' generated by :
func:'~hypothesis.extra.django.from_model' in order to avoid
https://code.djangoproject.com/ticket/35683.
(From OE-Core rev: d92f2fc4a2ee242d12bee37764fdac07446b851d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
- CLDR: Upgrade to CLDR 45
- Lists: Support list format fallbacks
- Messages: Initial support for reading mapping configuration as TOML
- CLDR: Do not allow substituting alternates or drafts in derived locales
- Core: Allow falling back to modifier-less locale data
- Core: Allow use of importlib.metadata for finding entrypoints
- Dates: Avoid crashing on importing localtime when TZ is malformed
- Messages: Allow parsing .po files that have an extant but empty Language
header
- Messages: Fix --ignore-dirs being incorrectly read
- Messages: Make pgettext search plurals when translation is not found
- Replace deprecated ast.Str with ast.Constant
- Test on Python 3.13 beta releases
- Normalize package name to lower-case in setup.py
- Add a mention to the docs that format_skeleton(..., fuzzy=True) may
raise
- Two hyperlinks (to CLDR) and some typos
(From OE-Core rev: 84a3c529fd41af3c5967ee56b4cbb37e626c8c15)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* Fix compile with Meson on Solaris by defining __EXTENSIONS__.
* Add support for the PKG_CONFIG_RELOCATE_PATHS environmental variable.
When set, the program will act as if --define-prefix is always
enabled.
* Color solution nodes that were part of the original query, and use
that coloring to skip over dependencies when generating DocumentNames
in bomtool.
* Enhance --env option to support variables with both --variable=varname
and --print-variables.
* Add --exists-cflags option which creates synthetic preprocessor
definition flags for every queried dependency when found.
* Document that Requires.private is always used for header paths.
* Fix minor documentation typos.
* Ensure string comparisons using <ctype.h> functions are done with
unsigned bytes to avoid undefined behavior.
* Fix parsing edge-case bugs with dependency versions.
* Change PKG_PROG_PKG_CONFIG autoconf macro to add a customizable
failure handler if pkg-config is not found.
(From OE-Core rev: 7c2bc70bd62d05b0d39759a3b67f2f61ad6851c0)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: Copyright year updated to 2019.
(From OE-Core rev: 9476c459e361a9aada0f8d86d423817a9a661fb6)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Some fields in the 'FT_Outline' structure have been changed
from signed to unsigned type, which better reflects the actual
usage.
- Rare double-free crashes in the cache subsystem have been fixed.
- Excessive stack allocation in the autohinter has been fixed.
- The B/W rasterizer has received a major upkeep that results in
large performance improvements.
- If the new configuration option 'TT_CONFIG_OPTION_GPOS_KERNING' is
defined, 'FT_Get_Kerning' understands rudimentary GPOS kerning
(for TrueType fonts only).
- The internal structures 'PS_DesignMap' and 'PS_Blend' related to
parsing of old Multiple Masters fonts have been removed from the
public header file 't1tables.h'.
(From OE-Core rev: 5cedfc50b45a07ee4170997877d1532bfeaf41cb)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
avoid_parallel_tests.patch
refreshed for 6.10
Changelog:
==========
* Feature: suport for PoE in PSE (--show-pse and --set-pse)
* Feature: add statistics support to tsinfo (-T)
* Feature: add JSON output to base command (no option)
* Feature: add JSON output to EEE info (--show-eee)
* Fix: qsfp: better handling on page 03h read failure (-m)
* Fix: handle zero arguments for module eeprom dump (-m)
* Fix: check for missing arguments in do_srxfh() (-X)
* Misc: compiler warnings in "make check"
* Misc: more descriptive error when JSON output is not available
(From OE-Core rev: ffcffccfec29c18c1b97394d7d707f4b8dd5362e)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- fix unexpected data truncation of large uncompressed files;
- fix decompression errors when using libdeflate compressor;
- fix an out-of-bound memory read issue with kite-deflate.
(From OE-Core rev: 1e5d364947780c83de4ae23b2fcb0871ad2e9774)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
- fixes a crash when using Hspell to check Hebrew, when the
application passes characters that cannot be mapped to ISO-8859-8.
(From OE-Core rev: 10327c62e8d630a7cfd023f81e8e2af0d009d840)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0005-Do-not-prepend-installroot-to-logdir.patch
refreshed for 4.21.1
Changelog:
==========
- doc: minor formatting and consistency fixes
- Allow local downloads to same downloaddir
- Fix "console" width on non real terminals (pipe)
- Adds checks for container and bootc hosts
- Update bootc hosts message to point to bootc --help
- tests: Use PGP keys without SHA-
(From OE-Core rev: 94b880c0c612cdc588c88f93774619fa86670852)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
* Also catch RuntimeError when importing PyPDF so that PyPDF or,
crucially, its transitive dependencies do not cause diffoscope to traceback at
runtime and build time.
* Factor out a method for stripping ANSI escapes.
* Strip ANSI escapes from the output of Procyon.
(From OE-Core rev: 4f111892b3ba5b030697a1192dac59e89ea0f393)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-Add-a-possibility-to-specify-where-python-modules-ar.patch
refreshed for 6.10.1
Changelog:
==========
* mkfs: rework --rootdir traversal, skip hardlinks and create new
inodes instead, also warn about them, this did not work as expected and will be
fixed in the future
* receive: search in older trees for UUIDs when detecting clone sources
* libbtrfsutil: bindings available at https://pypi.org/project/btrfsutil
* libbtrfs:
* patchlevel version update 0.1.4
* cleanup in headers, removed unused definitions, no functional changes
* don't ship list.h and rbtree.h
* other:
* documentation updates
(From OE-Core rev: abfe3c3f257836e92907efcf252c165703c3a89d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is currently both an incompatible-license and a
license-incompatible QA message. This is very confusing.
However, license-incompatible is only used to output a message when a
package is included in an image despite it having a license that is
normally incompatible (by using the INCOMPATIBLE_LICENSE_EXCEPTIONS
variable). To better match how it is used and to distinguish it from
incompatible-license, rename it to license-exception.
(From OE-Core rev: d309eed66f5a4a4bce082536e51207fe65725fab)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add 'fix-file-included', 'version-not-in-range' and 'version-in-range' generated
by the cve-check.
'fix-file-included' means that a fix file for the CVE has been located.
'version-not-in-range' means that the product version has been found outside of
the vulnerable range.
'version-in-range' means that the product version has been found inside of the
vulnerable range.
(From OE-Core rev: d25f1817752bc8a84c40dcbef75f7559801ce15e)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Samantha Jalabert <samantha.jalabert@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The "vex" class generates the minimum information that is necessary
for VEX generation by an external CVE checking tool. It is a drop-in
replacement of "cve-check". It uses the same variables from recipes
to make the migration and backporting easier.
The goal of this class is to allow generation of the CVE list of
an image or distribution on-demand, including the latest information
from vulnerability databases. Vulnerability data changes every day,
so a status generated at build becomes out-of-date very soon.
Research done for this work shows that the current VEX formats (CSAF
and OpenVEX) do not provide enough information to generate such
rolling information. Instead, we extract the needed data from recipe
annotations (package names, CPEs, versions, CVE patches applied...)
and store for later use in the format that is an extension of the
CVE-check JSON output format.
This output can be then used (separately or with SPDX of the same
build) by an external tool to generate the vulnerability annotation
and VEX statements in standard formats.
(From OE-Core rev: 6352ad93a72e67d6dfa82e870222518a97c426fa)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Samantha Jalabert <samantha.jalabert@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add status information for each CVE under analysis.
Previously the information passed between different function of the
cve-check class included only tables of patched, unpatched, ignored
vulnerabilities and the general status of the recipe.
The VEX work requires more information, and we need to pass them
between different functions, so that it can be enriched as the
analysis progresses. Instead of multiple tables, use a single one
with annotations for each CVE encountered. For example, a patched
CVE will have:
{"abbrev-status": "Patched", "status": "version-not-in-range"}
abbrev-status contains the general status (Patched, Unpatched,
Ignored and Unknown that will be added in the VEX code)
status contains more detailed information that can come from
CVE_STATUS and the analysis.
Additional fields of the annotation include for example the name
of the patch file fixing a given CVE.
We also use the annotation in CVE_STATUS to filter out entries
that do not apply to the given recipe
(From OE-Core rev: 452e605b55ad61c08f4af7089a5a9c576ca28f7d)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Samantha Jalabert <samantha.jalabert@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the new cpe:vendor:product tagging to entries in cve-extra-inclusions, using
product/vendor combinations that are already present in OE-core (usually there
is no specific vendor).
(From OE-Core rev: e1bf43561093b3b9215cde9e9f7d80b4ffcdc64e)
Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
