OpenPrinting CUPS is an open source printing system. In versions 2.4.2
and prior, a heap buffer overflow vulnerability would allow a remote
attacker to launch a denial of service (DoS) attack. A buffer overflow
vulnerability in the function `format_log_line` could allow remote
attackers to cause a DoS on the affected system. Exploitation of the
vulnerability can be triggered when the configuration file `cupsd.conf`
sets the value of `loglevel `to `DEBUG`. No known patches or
workarounds exist at time of publication.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-32324https://security-tracker.debian.org/tracker/CVE-2023-32324
Upstream Patch:
https://github.com/OpenPrinting/cups/commit/fd8bc2d32589
(From OE-Core rev: a4bdbc82f7e5cc9a5cb603cb720f09b0216b0a0e)
Signed-off-by: Sanjay Chitroda <schitrod@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libgcc is linked with GNU BFD linker make sure it does not assume
default ld to be BFD linker rather demand it explicitly
(From OE-Core rev: 856b4ec58fd5391069eaf43ab1b7426d49d9b7de)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
glibc configury tries to detect ld version and assumes BFD or gold
linker but when system ld is pointing to lld or mold it might fail the
linker check, therefore pass LD variable to explicitly point at ld.bfd
we are using BFD linker only to link glibc after all.
Second problem in such a case is that some partial objects are linked
with CC -r which will fail if we do not inform the compiler to use BFD
linker thusly pass it via appending to CC variable
(From OE-Core rev: 63248d2cbd7a15aec5b864d0058fe919eb17c46c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This makes the image easier to modify.
People may not realize they can pass a .png image
to SPLASH_IMAGES, and producing a .h file is more
complicated.
Also provide the source SVG file (though the recipe doesn´t
use it, for easier modification) and support for higher resolutions
than the initial 640x480 image. This SVG file was reconstituted manually
to reproduce what was shown on the qemu86-64 image.
(From OE-Core rev: 46bc280f86f77eb10c810eef55111c0e8246d834)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the weston user to the wayland group so all users accessing the
global weston socket in /run all share a group.
(From OE-Core rev: 30198b36b00a1967d1f8f8f556a0ba2415954f4e)
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The weston user must be in the render group in order to access render
device nodes for standard user-space graphics.
(From OE-Core rev: 1cba8aa3c5e0635d7b89222d9ccaf889954fe0c9)
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the render group explicitly here to make sure it exists for the
useradd command.
(From OE-Core rev: 3134fca12c6f74d2b99f79fb751bc5513c5b937a)
Signed-off-by: Randolph Sapp <rs@ti.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit f72fd51e0d (binutils: package static libs from gprofng) added
corresponding FILES:${PN}-staticdev entry to the main .bb recipe.
But binutils-cross-canadian fails with exactly the same QA issue,
hence move FILES:${PN}-staticdev to the common shared .inc file.
(From OE-Core rev: 75beddd33e132333c36ad067e2cf90edffeb5bf5)
Signed-off-by: Denys Dmytriyenko <denys@konsulko.com>
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to the latest SRCREV to bring fixes using the proper entry
addresses for ARM architectures [1], as well as fixing a race condition
in the Makefile during assembly [2].
Fix url in case automatic redirects stop working.
[1] 602e82aee7
[2] ea7f59b024
(From OE-Core rev: 8910e9665d67576149efef064d098f0645deea4a)
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandro@enedino.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The changes are mostly about early exit which causes indentation changes;
check with `git diff -w`. Another change is the check for ip by simply
calling it and deciding upon the exit code, if it's fine or not.
(From OE-Core rev: 351577761d0712a005eda9dde9215558ca9a1fe9)
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mtd-utils has internal libraries (libmtd and libubi) that simplify the
usage and access, and they can be used by applications to access MTD
devices without reinventing the code.
(From OE-Core rev: bc85c9a94d0cec4991b4e0491ca973620fe71201)
Signed-off-by: Stefano Babic <sbabic@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
NPM registry cache should support caracaters like '(' and ')'
Explanation: NPM packages can contains these caracters like : @(._.)/execute
(From OE-Core rev: 6110d9e24e43e286781afd1b3634a4ad1a2050d0)
Signed-off-by: BELOUARGA Mohamed <m.belouarga@technologyandstrategy.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently all files as below packaged into one package such as
qemu-7.2.0-*.rpm. After the qemu package installed on the target,
it will take up about 464M which includes not only the one matches
the arch of the target but aslo all available built qemu targets
which set by QEMU_TARGETS.
# ls tmp-glibc/work/core2-64-wrs-linux/qemu/7.2.0-r0/image/usr/bin/
qemu-aarch64 qemu-img qemu-mips64el qemu-ppc64
qemu-sh4 qemu-system-loongarch64 qemu-system-ppc qemu-system-x86_64
qemu-arm qemu-io qemu-mipsel qemu-ppc64le
qemu-storage-daemon qemu-system-mips qemu-system-ppc64
qemu-x86_64 qemu-edid qemu-loongarch64 qemu-mips.real
qemu-pr-helper qemu-system-aarch64 qemu-system-mips64
qemu-system-riscv32 qemu-ga qemu-mips qemu-nbd
qemu-riscv32 qemu-system-arm qemu-system-mips64el
qemu-system-riscv64 qemu-i386 qemu-mips64 qemu-ppc
qemu-riscv64 qemu-system-i386 qemu-system-mipsel qemu-system-sh4
Split the qemu package into qemu-7.2.0-*.rpm, qemu-system-*.rpm,
qemu-user-*.rpm and etc. And let user can only choose the corresponding
qemu arch package they want to install should ease the concerns who
cares much about the size in embedded device as it decreases the qemu rpm
(qemu-7.2.0*.rpm) size from about 65M to about 19M and the size of the
extracted qemu RPM decreased from about 464M to about 248M.
For the users who want to install all arch packages, they can install
qemu-system-all and qemu-user-all to meet their need.
(From OE-Core rev: 893846ead7ee54d53e9076150cd655e0c8bca5db)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, uboot do_menuconfig task is breaking when UBOOT_CONFIG is
chosen rather than UBOOT_MACHINE, it simply fails with the following
errors:
| make: *** No rule to make target 'menuconfig'. Stio.
| Command failed.
| Press any key to continue...
this is due to the work directory of do_menuconfig is set to ${B} but
not ${B}/$config.
We should distinguish two situations:
1) When there is only one config item in UBOOT_CONFIG, do_menuconfig
should work just like how it works for UBOOT_MACHINE.
2) When there are multiple config items in UBOOT_CONFIG, do_menuconfig
should print out some information saying it's not supported other
than just failing.
This patch mainly aims to fix that by introducing a extra variable
KCONFIG_CONFIG_ENABLE_MENUCONFIG, it would be set to 'false' for
situation 2), and when it's set to 'true', then set
KCONFIG_CONFIG_ROOTDIR correctly in uboot-config.bbclass to let
do_menuconfig task work.
DEVTOOL_DISABLE_MENUCONFIG could be replaced by this new variable
KCONFIG_CONFIG_ENABLE_MENUCONFIG.
(From OE-Core rev: f9e834e317880cf47dbb4f8285bc36d743beae5e)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some BSPs dont support xwayland in weston, this is easier for them to
control that.
(From OE-Core rev: b2b40d3470a4a75a18d1cc7a948eec73d84a883b)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade to latest 1.20.x release:
go.git$ git log --oneline go1.20.4..go1.20.5
e827d41c0a (tag: go1.20.5) [release-branch.go1.20] go1.20.5
c0ed873cd8 [release-branch.go1.20] cmd/go: disallow package directories containing newlines
356a419e2f [release-branch.go1.20] cmd/go: enforce flags with non-optional arguments
fa60c381ed [release-branch.go1.20] cmd/go,cmd/cgo: in _cgo_flags use one line per flag
36144ba429 [release-branch.go1.20] runtime: implement SUID/SGID protections
5036ba77eb [release-branch.go1.20] net: skip TestFileFdBlocks if the "unix" network is not supported
b249ec5655 [release-branch.go1.20] cmd/go/internal: update documentation of go test and go generate
4b95fc1e6c [release-branch.go1.20] cmd/go: save checksums for go.mod files needed for go version lines
31a1e19a59 [release-branch.go1.20] net, os: net.Conn.File.Fd should return a blocking descriptor
450c8021a5 [release-branch.go1.20] runtime: change fcntl to return two values
22741120ee [release-branch.go1.20] runtime: consistently define fcntl
9270e3be8f [release-branch.go1.20] os: if descriptor is non-blocking, retain that in Fd method
600636e931 [release-branch.go1.20] crypto/rsa: use BoringCrypto for 4096 bit keys
afbe101950 [release-branch.go1.20] cmd/compile: fix bswap/load rewrite rules
(From OE-Core rev: 3ea1e9e9d7385c78bdd513e44cea5c36444529b2)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a recipe to build the Khronos official Vulkan validation
layers that can assist developers in verifying that their
applications correctly use the Vulkan APIs.
(From OE-Core rev: 35662be85affca2b4d19112d79dfcd9223f573b2)
Signed-off-by: Vincent Davis Jr <vince@underview.tech>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The output of spirv-tools specifically SPIRV-ToolsTarget.cmake is
utilized in other recipes. If other recipe utilize cmake and include
SPIRV-Tools in target_link_libraries. I leads to errors such as
error: '../recipe-sysroot/usr/lib',
needed by 'layers/libVkLayer_khronos_validation.so',
missing and no known rule to make it
This is due to cmake pulling in the properties set in
SPIRV-ToolsTarget.cmake. Key property being
INTERFACE_LINK_LIBRARIES.
With the current setup do_install:append:class-target updates
SPIRV-ToolsTarget.cmake package installed file to bellow
set_target_properties(SPIRV-Tools PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
INTERFACE_LINK_LIBRARIES "${_IMPORT_PREFIX}/lib"
)
set_target_properties(SPIRV-Tools-shared PROPERTIES
INTERFACE_COMPILE_DEFINITIONS "SPIRV_TOOLS_SHAREDLIB"
INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
INTERFACE_LINK_LIBRARIES "${_IMPORT_PREFIX}/lib"
)
If base_libdir isn't lib, but lib64 you get the error
described at the being of commit message as lib directory
doesn't exists.
Solution replace hardcoded "lib" with "${base_libdir}".
(From OE-Core rev: 2f959497efbba89a34ac1e15ceff32ab75e16c4a)
Signed-off-by: Vincent Davis Jr <vince@underview.tech>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Nettle is primarily a library that ships some tools, so inherit the
lib_package class to package the tools in nettle-bin, and add a
dependency on it to nettle-ptest.
(From OE-Core rev: eacfc88e0efe534290205ca8e399629623d882aa)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Instead of patching a relative path to an unversioned libnettle.so to be
a bare filename which then needs nettle-dev to be installed, create a
symlink in the expected place which points to the actual library. This
means nettle-ptest no longer needs to depend on nettle-dev.
Explicitly skip symbols-test, it has been silently failing as nm isn't
available and also needs a static libnettle.a to run.
Install two rsa-* example binaries that are needed for pkcs1-conv-test
to pass.
(From OE-Core rev: dc5cd169e8b9a0f9d9881f116a8d83706460bb7c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lighttpd 1.4.70 omits building separate (unused) modules for:
mod_access mod_alias mod_evhost mod_expire mod_fastcgi mod_indexfile
mod_redirect mod_rewrite mod_scgi mod_setenv mod_simple_vhost mod_staticfile
https://www.lighttpd.net/2023/5/10/1.4.70/
Therefore, the lighttpd-module-indexfile, lighttpd-module-staticfile and
lighttpd-module-access no longer exist and must be removed from
RDEPENDS and RRECOMMENDS.
lighttpd 1.4.71 split out the http/2 support into optional separate
module (mod_h2). By default the mod_h2 is not enabled.
https://www.lighttpd.net/2023/5/27/1.4.71/
(From OE-Core rev: ae40fb21a0f85ce02fc137c6e3cce2a90778d75f)
Signed-off-by: Petr Gotthard <petr.gotthard@advantech.cz>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We don't compare reproducibility of the native/cross components, only the
target ones. With the long build times of rust-native, the test now takes
crazy lengths of time so this tweak should allow us to reuse native/cross
artefacts from sstate whilst still testing the target output is
reproducible.
(From OE-Core rev: b494d83c639a877cefeb7cbab6d37195e492f059)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replaced the inherit of setuptools3 with python_setuptools_build_meta to
make the new version build.
Changelog (see https://webcolors.readthedocs.io/en/latest/changelog.html):
- Supported Python versions are now 3.7, 3.8, 3.9, 3.10, and 3.11
- The codebase was significantly reorganized and modernized. Public API
is unchanged. Imports should continue to be directly from the
top-level webcolors module; attempting to import from submodules is not
supported.
- Now packaging declaratively via pyproject.toml with PEP 517 support
from setuptools.
(From OE-Core rev: 434aaf5e02332a54a17a2812969165f6f6b3674b)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Below upstream commit removed BSD-4-Clause from the LICENSE variable,
Link: https://git.yoctoproject.org/poky/commit/?id=2c86f586d55d0f6b99053e3e4d14c9ee36fa8aa8
But actually if we check from the source code of the openssh for this
version (8.9p1), there are some files (openbsd-compat/libressl-api-compat.c)
still affected.
As upstream removed this BSD-4-clause license, there are still some files
has this license. Below file is affected by this BSD-4-clause contents when
the below command is executed
grep -rl "All advertising materials mentioning features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort
openbsd-compat/libressl-api-compat.c
All advertising materials mentioning features or use of this software
Reason for backporting is some of the product restrict the BSD-4-Clause usage and the purpose of this commit is
to completely remove the BSD-4-Clause license from the openssh.
When checked in the master branch, openssh upstream removes the bsd-4 license compeletely from this commit
7280401bdd
Hence Backport this commit completely to remove license of BSD-4-clause contents from code. Hunks are refreshed.
(From OE-Core rev: d9045a7bc6d9acc137c292b60a8ce4d24f359a19)
Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We're now in a position to enable SPDX manifests by default, do this
for poky.
(From meta-yocto rev: 511f2f60cc2637ebc06049f58acb4f68562b2fce)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I've encountered issues reproducing initramfs and UKI image builds,
which will be fixed with this patch.
1. initramfs
There's a symbolic link to /sbin/init, which is appended to the cpio archive after creation.
The links timestamp needs to be static and the cpio append command needs the '--reproducible' flag to produce deterministic outcomes.
2. Unified Kernel Image
'--preserve-dates' is required for a static 'Time/Date' entry.
I've added '--enable-deterministic-archives' although in my case this
didn't change anything.
(From OE-Core rev: fd027729bafb4e085ba0949e38e724f3a8cad102)
Signed-off-by: Frieder Paape <frieder@konvera.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Packagegroups have "special" sstate signature behaviour in that they don't rebuild
when their dependencies do. This causes problems for SPDX task signatures. Since
packagegroups don't actually have any code in them, we don't need the standard
dependencies anyway so cancel out and allow the sstate signatures to function
correctly.
(From OE-Core rev: 5c4ed243c144e261eae5f2ccf5626371d87a8a43)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Other changes in create-spdx code mean we shouldn't need to do this now. We
need the various exclusions to allow the task hashes to behave correctly
for the SPDX tasks too.
(From OE-Core rev: 5e645ff3d02decba4ed7d082a0e41a2655862039)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On riscv32 configurations OpenSSL fails to build with "undefined
reference to `__atomic_foo'" kind of errors. Change OpenSSL recipe to
use linux-latomic configuration instead of linux-generic32.
(From OE-Core rev: e8ce80fc6d6579554bca2eba057e65d4b12c0793)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These CVEs have all been fixed <6.1.30, which is the default linux-yocto
kernel version.
(From OE-Core rev: 73f03970f0aadfb053666a1e93f6f6d5b5156ca6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
SystemTap 4.9 release went out with a little hick up: release date was not
set correctly and fix for it was added as ebb424eee5599fcc131901c0d82d0bfc0d2f57ab
commit and tagged as 'release-4.9'. Unfortunately by that time 'master'
branch already has moved on, and it turns out that now 'release-4.9' tag does
not belong to any branch. On other hand OE SRC_URI does complain about git
uri without branch. To deal with it we will use SRCREV set to
418f0a45ca4473491385b5c7eef777607bbdb3b7, commit one that precedes
ebb424eee5599fcc131901c0d82d0bfc0d2f57ab, and add separate patch for
ebb424eee5599fcc131901c0d82d0bfc0d2f57ab as 0001-release-date-fix.patch.
Note for any future version move: please remove 0001-release-date-fix.patch
(From OE-Core rev: 2a10dc2a80a42368b222a7a832dd342a9c2d9d0a)
Signed-off-by: Victor Kamensky <victor.kamensky7@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Working with enabling SPDX, an issue was observerd where v86d wasn't rebuilding
when the kernel was changed from linux-yocto to linux-yocto-rt.
This is due to the code in sstatesig.py which was seeing the RRECOMMENDS on a
kernel module and ignoring the DEPENDS. The v86d is technically a kernel module
since it uses kernel header files.
There are two ways to address this, we could inherit the module-base class and
the dependency code does the correct thing. It appears the code doesn't look into
STAGING_KERNEL_DIR though and doesn't use the kernel sources. We can therefore drop
the DEPENDS and the code will the do the correct thing.
(From OE-Core rev: 37ccd11cb0b89416b8e23160445186269b6c0c8a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The error message is a little misleading as the qmp module is a
directory with __init__.py file, not qmp.py file. Also, put the
path where we try to import it from in the error message to make
the message more indicative.
(From OE-Core rev: 08bacbf797f6a50ae8abe8fc3455b3a15a0a94b3)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a patch from upstream to fix CVE-2023-1972.
(From OE-Core rev: 10d63933e3a30bfac2f6cec896460c22e04baadd)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
