When newlib and libgloss were updated to 4.3.0, SRC_URI was updated to
append a fix-rs6000-cflags.patch file when building on PowerPC, but this
file was not added to the repo.
Remove appending the missing patch.
(From OE-Core rev: 71231580e9e5d0060a0ea41d29152d43846a00f1)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64561d8b81233a19df5f51d26dfbcd15835bec1f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
wall in util-linux through 2.40, often installed with setgid
tty permissions, allows escape sequences to be sent to other
users' terminals through argv. (Specifically, escape sequences
received from stdin are blocked, but escape sequences received
from argv are not blocked.) There may be plausible scenarios
where this leads to account takeover.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-28085
(From OE-Core rev: b40a77416f73955833faeddf6091a99ff9837199)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Single executable ttyrun is taken ouf of s390-tools repository
containing ton of other helper tools.
CVEs are not assigned to executables, but to whole components.
Historically there also already exists one CVE for s390-tools.
Most of the CVEs will not be for ttyrun, but this is the way
how to get notified even if most we get will have to be ignored.
(From oe-core rev: df28547387c2c122aef3e5326b216ec3f4d3caa7)
(From OE-Core rev: 9e07ff39c1b2794d6de7f8d14cdf47707db50f5a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
backport upstream commit 592dcdcf243576bd2517d3da9bc18990de08e37e
to fix packaging when building with --enable-systemd=no
(From OE-Core rev: c0708adce620bcce5e503851fa6598bd941276eb)
Signed-off-by: Adriaan Schmidt <adriaan.schmidt@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Adresses CVE-2024-2961
Remove backported patch included in hash update.
Changes:
31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
04df8652eb Apply the Makefile sorting fix
edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if
9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above
9d92452c70 AArch64: Check kernel version for SVE ifuncs
395a89f61e aarch64: fix check for SVE support in assembler
b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
31c7d69af5 i386: Use generic memrchr in libc (bug 31316)
5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset
6484a92698 x86: Do not prefer ERMS for memset on Zen3+
aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-extras
aded2fc004 elf: Enable TLS descriptor tests on aarch64
a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372)
15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2
354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX
853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
7fc8242bf8 x86-64: Save APX registers in ld.so trampoline
983f34a125 LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf
aad45c8ac3 powerpc: Placeholder and infrastructure/build support to add Power11 related changes.
ee7f4c54e1 powerpc: Add HWCAP3/HWCAP4 data to TCB for Power Architecture.
71fcdba577 linux: Use rseq area unconditionally in sched_getcpu (bug 31479)
(From OE-Core rev: 7f3e6019a902eb3dcee3798e9ea0f94865d51c7f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8b0124782510389bdc376fab645a0920b3fb94c8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Handle regression of CVE-2024-34397 fix.
News (d40f72e98e):
Overview of changes in GLib 2.78.6, 2024-05-08
==============================================
* Fix a regression with IBus caused by the fix for CVE-2024-34397 (#3353,
work by Simon McVittie)
* Bugs fixed:
- #3353 Fixing CVE-2024-34397 caused regressions for ibus (Simon McVittie)
- !4056 Backport !4053 “gdbusconnection: Allow name owners to have the syntax
of a well-known name” to glib-2-78
(From OE-Core rev: 51da20dc574a7f2a9759a4368d7668e3421e379f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Handle CVE-2024-34397
Remove backported patch included in this release.
News (d18807b5ff):
Overview of changes in GLib 2.78.5, 2024-05-07
==============================================
* Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing (#3268, work by Simon McVittie, reported by
Alicia Boya García)
* Bugs fixed:
- #3168 gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree()
due to filename with bad encoding (Ondrej Holy)
- #3268 CVE-2024-34397: GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing (Simon McVittie)
- !3825 glib-2-78: ci: Drop FreeBSD 12 CI runner as it’s EOL
- !3960 gcontenttype: Make filename valid utf-8 string before processing
- !4040 Backport !4038 “gdbusconnection: Don't deliver signals if the sender
doesn't match” to glib-2-78
- !4043 CI: Ignore MSYS2 CI failures for this older stable-branch
* Translation updates:
- English (United Kingdom) (Andi Chandler)
- Georgian (Ekaterine Papava)
- Portuguese (Brazil) (Juliano de Souza Camargo)
(From OE-Core rev: 14de0c10f6b65eac758220d95e6d31066649a214)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixes a bug introducted in ebafe46379 systemd: upgrade to 255.1.
Besides updating systemd, that commit also made other changes. One of them
being when to perform the replacement in order to fix ROOT_HOME.
Previously, that happened on a configure prefunc and on
${S}/sysusers.d/basic.conf.in.
Now it happens in install and on image/usr/lib/sysusers.d/basic.conf.
However, that file is not present if sysusers is not in PACKAGECONFIG,
since that file in that case is not installed hence resulting in:
sed: can't read <redactedpath>/image/usr/lib/sysusers.d/basic.conf: No such file or directory
Previously, in the case of sysusers not being in PACKAGECONFIG, that was a
"silent error" since the replacement was done but the file was not really
used since the file was not installed.
(From OE-Core rev: 6954cd4bb60762f86981621e8b37dbe5e8236640)
Signed-off-by: Christian Bräuner Sørensen <yocto@bsorensen.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
==========
-Fix issue with casting in C++ environment.
-Fix issue with ASCII string upper and lower helpers.
(From OE-Core rev: 29e3e0eb9b69f966a319810270fb668e4fce9389)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a28405da8dad7e6222d7badaa3eda175e3df32c9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Many of the common use cases for buildtools need pip to allow python to be
extended. Add it.
(From OE-Core rev: 0a1714533ed2b02a98b8456e1193fc079273fbbd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After the dependency on setuptools was dropped from python3-testtools, this
exposed eSDK dependencies in devtool and recipetool on python3-setuptools. Add
this to buildtools to fix build failures after the testtools fixes.
(From OE-Core rev: c4431b4dd27d290024472f315858a63aea2a733c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GPL-3 is used for keymaps-pine
LGPL2 is used in all C source files under src/libkfont/
which generate binaries included in main kbd package.
This is seen in their SPDX headers.
(From OE-Core rev: 29f6d4be31164bf5cba9ff4706f219b3d91a8f1f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Its license makes it impossible to distribute kbd in any commercial products.
Backport commit which removes it.
[RP/Khem Raj: Switched binary diff to just delete the files in do_configure]
(From OE-Core rev: 457fc8247f083d89432543337207de0b8c44bf6d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pine keymap was added with GPL-3 license.
1589e9e101
Split this GPL-3 keymap and install it via recommendation
so it is easy to remove it by excluding recommendations.
(From OE-Core rev: b81145b61cfc21940fe7204fcaf8b5e84a5a938a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Even the patch says it's inappropriate for upstream,
and it's also inappropriate for some downstream projects, too.
So make it possible to opt-out on it by replacing
the patch by sed and depend on distro feature pni-names.
(From OE-Core rev: 858eb2bac132adbde851f6594eac4f2efc9c2f35)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For the newer hash equivlance servers we need websockets. Add it
to buildtools tarball.
(From OE-Core rev: 3f2b5f6c3af04c8ec245aca35224c52230645bf0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the distro features sysvinit and pni-names are
enabled, RRECOMMENDS ifupdown because busybox ifupdown
will not initialize the renamed interfaces.
(From OE-Core rev: ad739fb930814bced49aafe778dac1da4bfa4b0e)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Busybox ifupdown does not recognize /xxx names, so we
use eth0 instead of /eth0. If we want to find "predictable name"
interfaces starting with en..., we will have to use the
real ifupdown.
(From OE-Core rev: 091b4410c88b0fdefee3490bca6479881c0da293)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2014-8271 has an unusual versioning, svn_16280, which breaks
the version comparison and gives us warning like below:
Failed to compare 202308 < svn_16280 for CVE-2014-8271
The fix has been there since 2014, our current version has included
the fix.
(From OE-Core rev: fdd74b3f3e3a8a07a6107e6ef07198ebe63d2bc8)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemumips and qemuppc were leaving stale processes behind after
running glibc oe-selftest. During analysis, it was found that
it was due to "tst-scm_rights" and "tst-scm_rights-time64" tests.
Disable them so that there are no stale processes left behind.
[YOCTO #15423]
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15423
(From OE-Core rev: b3f7b19b6d21368bac00a33ea208cc0379ce4543)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This avoids problems if BSD-4-Clause is in INCOMPATIBLE_LICENSE since
util-linux-fcntl-lock is now a dependency of run-postinsts.
(From OE-Core rev: c2c7e1624e8080fb8fa1f14d252f20e85b232eb7)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
DISTRO_FEATURE zeroconf installs avahi. If additionally resolved mdns
implementation is running they will fight each other:
Mar 29 13:31:51 intel-corei7-64 avahi-daemon[752]: *** WARNING: Detected another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
Mar 29 13:31:51 intel-corei7-64 avahi-daemon[752]: *** WARNING: Detected another IPv6 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
(From OE-Core rev: 8509edeafea8e62e1b9ffe76b33999447f739b20)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These patches are submitted/backported to 8.2 release
and address issues reported by different distros.
(From OE-Core rev: c74048f5ff2e90b06c7a6d5866db4b94a6f1539d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a version of flock that uses the fnctl based lockf locking instead of
flock based locks. This allows us to take the same lock that opkg would
use from a shell script. The two different locking mechanisms operate
independently of each other.
Inserting this C file into the util-linux build seems like the easiest/best
place to insert the code. At this point it hasn't been discussed with upstream.
(From OE-Core rev: d2b784110e2c3df8a0a41e4819cf2de9003f9fa3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The MIT license was missing from the license list for util-linux. Add
a patch, submitted to upstream which adds the missing license mentions.
(From OE-Core rev: 24078c0542626f74c93203d17ab4b2bb2f9b5630)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The /timeout/rounding test is sensitive to system load, as it expects
timeouts to trigger in windows that on an idle system are realistic but
not when running inside a qemu-system on a loaded system.
[ YOCTO #14464 ]
(From OE-Core rev: 684ac8005aef8ab26e61e6e7535e19c9974972d3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The upstream maintainer for Error has deprecated it for quite some time [1].
There is no dependency in current coreutils tests for it.
[YOCTO #15461]
[1] https://metacpan.org/pod/Error#WARNING
Using the "Error" module is no longer recommended due to the black-magical
nature of its syntactic sugar, which often tends to break. Its maintainers
have stopped actively writing code that uses it, and discourage people from
doing so.
(From OE-Core rev: 16c8c8de3303805695f58e241245aafa61b3c772)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
despite it being an issue in gcc and still being open
glibc has fixed this problem upstream regardless, therefore
apply the backport instead.
(From OE-Core rev: a6200d18c6a1438e39d44b391f8d0e343f8fdc1a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some BSPs only provide information to construct a
predictable network interface named based on a mac
address, so we enable that NamePolicy option.
This policy has been adopted for sysvinit as of
commit 4a7b42fcf6981d3120c08091a7ed3d4d7bcd41f0.
(From OE-Core rev: 37bd8e8dddce9d0b5bfbcf9244225c3b853d7077)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Brings
* 1b9c1a0047 Use gcc __builtin_stdc_* builtins in stdbit.h if possible
* e0910f1d32 S390: Do not clobber r7 in clone [BZ #31402]
* d0724994de math: Update mips64 ulps
(From OE-Core rev: b2274aa08fda1734af840aca05c7c7ce464d8775)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes a fix for CVE-2024-28757.
(From OE-Core rev: e3d26fe076499c8a01e02c9951696c3a9ea05fa3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
(From OE-Core rev: f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When a CVE is created, it often has no precise version information and
this is stored as "-" (matching any version). After an update, version
information is added. The previous "-" must be removed, otherwise, the
CVE is still "Unpatched" for cve-check.
(From OE-Core rev: 641ae3f36e09af9932dc33043a0a5fbfce62122e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
