We were not able to get a response about availability over email, and so the recipe
has to be unassigned.
(From OE-Core rev: 56f1af6d5b3019dccbc27bb0a9692a5f1a32f87b)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We were not able to get a response about availability over email, and so the recipes
have to be unassigned.
(From OE-Core rev: 2d2c75530fe336eda72e8ce72f994725b3a77ea0)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We were not able to get a response about availability over email, and so the recipe
has to be unassigned.
(From OE-Core rev: 5be575577d74a3cb81594392b88df74226be9192)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We were not able to get a response about availability over email, and so the recipe
has to be unassigned.
(From OE-Core rev: 60eda3dcbf96b5982a0e282fd0c3c13b0b4d7787)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We were not able to get a response about availability over email, and so the recipe
has to be unassigned.
(From OE-Core rev: 3beb88060be9484cfe75dfa60f041b0b32214978)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
APM has been obsolete for a very long time, and debian no longer
packages it or carries the source tarball.
(From OE-Core rev: d987b79725eb0da2704091d22e3d16b8026fac7d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove the blanket ignore and handle the CVEs individually.
CVE-2019-14899 is related to network interface configuration across
multiple operating systems, so leave this as unresolved.
-3016, -3819 and -3887 are pending CPE updates, so ignore them.
The others have accurate CPE information now so are handled correctly.
(From OE-Core rev: e46bd62a278ec0bb9da995cab9350f1c363131d1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
All of these CVEs have been fixed in the kernel point release that we
currently ship, so ignore them.
(From OE-Core rev: 86aee302673146dca10f313d0c70b69d6c4bdc7d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a recipe to build the Khronos official Vulkan validation
layers that can assist developers in verifying that their
applications correctly use the Vulkan APIs.
(From OE-Core rev: 35662be85affca2b4d19112d79dfcd9223f573b2)
Signed-off-by: Vincent Davis Jr <vince@underview.tech>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These CVEs have all been fixed <6.1.30, which is the default linux-yocto
kernel version.
(From OE-Core rev: 73f03970f0aadfb053666a1e93f6f6d5b5156ca6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was confirmed via private email.
(From OE-Core rev: c30e9f1972a3e1d4099f39fd6d0dfb37acb73ce1)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was confirmed via private email.
(From OE-Core rev: cc8bb0da24419424989548ced27b2e76030340d9)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was confirmed via private email.
(From OE-Core rev: 834519933fcd6e4ff54f24d0cf671ea9ce24398a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some distros e.g. gentoo have latest on gcc-13 branch and we have a
situation where libstdc++ ABI is changed between 13.1 and 13.2 so
official 13.1 release based uninative will no longer work on these
distros, therefore switch to a snapshot that includes [1] which fixes
it
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108969
Reported-by: Martin Jansa <Martin.Jansa@gmail.com>
(From OE-Core rev: d554c404166f6ba1aa247c377fa9d3316e53aa40)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is part of the same project as GitPython, but hasn't been used by
gitdb (the sole user) since 2014.
(From OE-Core rev: 22a4aba5c2799cb09e1cdff075f9fe92426ea438)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Import from meta-openembedded at commit d250a0dc0 ("libtraceevent:
upgrade 1.7.1 -> 1.7.2").
Starting with kernel 6.4 libtraceevent is a dependency of perf. While
one can still build perf without it by opting out one would loose its
functionality compared with building perf from kernels before 6.4
(From OE-Core rev: 45dddecd1eebc76a9835844c9bd36ac865a792c9)
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
calver is "a setuptools extension for automatically defining your Python
package version as a calendar version." It is required for
python3-trove-classifiers (another new recipe), which in turn is
required for the upgrade of python3-hatchling from 1.13.0 to work.
(From OE-Core rev: 79ed4fcad6bd49c269ada3ab99ca4548aaf34e99)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python3-trove-classifiers is "Canonical source for classifiers on
PyPI.". It is required to update python3-hatchling from the current
version (1.13.0) in oe-core, and depends on python3-calver (another new
recipe). Also add ptests.
(From OE-Core rev: 1b417898c296b5732eac14465ba459411ebe4902)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Existing implementation required to list both specific problematic apis, and files that
use them: neither is necessary as both are seen in package_qa error messages, and
can cause excessive amount of exception lines, if there are too many files, or
they are installed in arch-specific locations. Also, the value of INSANE_SKIP
should be the test that needs to be skipped, and in this case it wasn't.
Also, all problematic recipes are now correctly listed.
(From OE-Core rev: e6ebd0c556dfc576a59f5755d97089a2a241f698)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It builds glibc source like other glibc recipes do,
and so the same problems occur.
(From OE-Core rev: 68b50d362ec61f27be818e40fcbb281d9bacf756)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Specifically:
- add missing maintainer.inc entries for initramfs-module-*, systemd-machine-units and
target-sdk-provides-dummy and drop them from exception list.
- remove rust from exception list for unbuildable-by-default recipes as it is now buildable.
- add missing maintainer.inc entry for libx11-compose-data and cve-update-nvd2-native;
as they are also unbuildable by default, they needs to be in exception list as well.
(From OE-Core rev: e9158b191c1cfc16f97abed6c05891aa84fe9463)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop backported/merged patches:
Revert-linux-user-add-more-compat-ioctl-definitions.patch
configure-Fix-check-tcg-not-executing-any-tests.patch
contrib-vhost-user-blk-Replace-lseek64-with-lseek.patch
Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch
Drop socket chardev patch with conflicts:
chardev-connect-socket-to-a-spawned-command.patch
This last patch was added in support of swtpm however it isn't clear if anyone
is still using that workflow. The patch uses API calls such as as qemu_fork()
which were removed in 8.0.0 and replaced with gspawn calls. If anyone needs the
patch, it will be better for them to forward port it, test it and reinstate it,
preferably with a discussion with upstream about it too.
(From OE-Core rev: fe8125565af07b73f9b29db2188ecb6e884bcc70)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Found two places missed with droping from this list a few years back.
(From OE-Core rev: 7db8c52dd31c495c35c239d317bc5a098662cc53)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a ptest for lz4.
- It is taking around 9 min to execute with kvm, so added it to PTEST_SLOW.
- It contains one case: test_frame.
- Below is the run log:
START: ptest-runner
2023-04-06T00:36
BEGIN: /usr/lib/lz4/ptest
Starting lz4frame tester (64-bits, 1.9.4)
Seed = 7314
Basic tests completed
All tests completed
PASS: lz4/test_frame
DURATION: 573
END: /usr/lib/lz4/ptest
2023-04-06T00:45
STOP: ptest-runner
TOTAL: 1 FAIL: 0
(From OE-Core rev: 2ee144a0bfb88823bfa788697bb7afc9a572c413)
Signed-off-by: Qiu Tingting <qiutt@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is little point in having "crosssdk" suffex added to the virtual provider within
binutils since the TARGET_PREFIX or SDK_PREFIX already encapsulates this. Remove it
allowing some of the special case overriding to be removed.
(From OE-Core rev: 6856fc5c848cc2564bebe03a007ef109f46d0adb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2023-1652 & CVE-2023-1829 are fixed by all version used by
linux-yocto.
Fixing commits are not referenced by NVD but are referenced by:
* https://www.linuxkernelcves.com
* Debian kernel-sec team
... this should be trust worthy enough.
(From OE-Core rev: 8f9d6c5b0238641313387c139442566752a1d25d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add some information about some further kernel CVEs which don't apply for
either linux-yocto or don't apply for linux-yocto 6.1.
(From OE-Core rev: 85c1713bf0c01c68558bfba38edcc005c1ebb1c9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVEs CVE-2023-0179, CVE-2023-1079 and CVE-2023-1513 are patched in our
kernels but appear as active because the NVD database is not up to date.
(From OE-Core rev: ae1e7999a06c56c6f752413296b8f6b505475f8b)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Frank WOLFF <frank.wolff@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Multiple CVEs are patched in kernel but appear as active because the NVD
database is not up to date.
In common file cve-extra-exclusion.inc, CVEs are ignored if and only if
all versions of kernel used are patched.
In cve-exclusion_6.1.inc, only ignore CVEs that are patched in v6.1,
and not patched in v5.15.
Recipes of version 6.1 should include this file.
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
(From OE-Core rev: 5feb065f1b1aaf218f71cc9d31a9251b139b9442)
Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rebase patches; one of the vendored crossbeam versions
has been removed upstream, and so crossbeam_atomic.patch
is adjusted accordingly.
Replace getrandom-open64.patch with a backport.
(From OE-Core rev: f5accb4fae49342cbec21718ae7a427615bfcedd)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This recipe provides find-debuginfo which is used by rpm, more
specifically rpmbuild.
RPM upstream removed find-debuginfo and switched to use debugedit
in the following commit.
04b0805a75
Without debugedit, rpmbuild fails to generate debuginfo package when
%debug_package is added to spec file.
(From OE-Core rev: f7ada8b4d003473abce5b589cc38aec1e5e5f18a)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This package contains modules for both unittest and pytest that alter
the output to look like automake's 'make check' output, for better
integration with ptest.
(From OE-Core rev: 961e4f3fc786715fc136fa446686972a4a95a3d5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
