avoid-host-contamination.patch
refreshed for 10.04.0
Changelog:
===========
- addresses CVEs: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955, CVE-2024-46956
- add protection for device selection from PostScript input.
- efforts in code hygiene and maintainability continue.
- The usual round of bug fixes, compatibility changes, and incremental improvements.
- add the capability to build with the Tesseract OCR engine.
(From OE-Core rev: a0c802e9b1d8400589aede20e52f40d10a344314)
(From OE-Core rev: 067e769ada6c8cd5783c6d32f24cea9f0e4ed666)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Builder is a common word and there are many other builder components
which makes us to ignore CVEs for all of them.
There is already 1 ignored and currently 3 new ones.
Instead, set product to yocto to filter them.
(From OE-Core rev: fd4ec5a5318b36af0a9a0a097a5b1f1de44a8edf)
(From OE-Core rev: 18773170492fc01ce7123ba0fac88e58750a3b93)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The previous bin_package description was confusing: it would instruct to
use the git fetcher to extract the content of an RPM package using the
`subpath` option - but that's not possible as the git fetcher can be
used to clone a repository but not to do the extraction.
Update the description by telling what it really does and what it
doesn't do, and by giving an HTTPS+RPM example.
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 1c60116c666a742838129f0b83007d81f3c0e05d)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 305f024bf99ba02b153eed0cebe3d36594868497)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The second description was added due to confusion over the variable rename in oe-core.
(From yocto-docs rev: ff33f7c374c6079af4dc2609e9fb63d705598bc7)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit b64fb34643343b364705df9c3bd64af91ed9d687)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We try to limit our usage of these admonitions to `note` and `warning`,
as the Sphinx documentation warns that most themes only style these two
admonitions. So add a section on that.
Suggested-by: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: 845983eed77f9914994375eff11ea5c9bb690593)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit a37bb6cbb67f923206c5c168b5239527530fbce5)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Having all oe-selftest results on top of each other results in a large 640MB
json file which is hard to use. Split the results out per machine and test type.
This also stops the toolchain raw logs from overwriting each other meaning more
than one MACHINE is preserved.
(From OE-Core rev: 8717a2e2161378bab4e27d515a71396b2a6bcf00)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4b890f04bc7d147b4a11b824a84f3d2abd75ac54)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The duration values have pointless amounts of precision. Removing some of the
least significant digits reduces result size and makes the results easier to read.
(From OE-Core rev: 7a95226404e41e878858afcc383d26fb534ccf16)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a789a2e6d97bb8efd663226a17db8d1ca6c1e40f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We've improved the data stored for reproduicible builds. Teach resulttool how
to apply those cleanups when reprocessing data so we can reduce results file
sizes and make the data easier to process.
(From OE-Core rev: 316535d421be32d773a4f98beea5bf2aabfccefb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b799c57ae6d61c1b1c7035c8a2c4ba6ee08d1a81)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Improve the rawlogs handling to include ltp logs as well as the ptest ones to
reduce the size of the results git repos.
(From OE-Core rev: 8a34083bf097bf6a8362ce7f9b86fba5662a27bd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a0a1954d559609c2c1ca16936d0d68eb3c4c6b45)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Storing the log files inside the testresults git repo isn't scaling and isn't
really appropriate use of a git repository. Allow these to be optionally stored
in a separate filesystem location so the git repo can remain managable.
(From OE-Core rev: 174e86868178f817f2bb6b3d9c7224a4352144ed)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1afc0f3d7e93fa8496be241e9622d3b9a6904bd5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When using store mode, --all was broken as not all files were being preserved.
Fix this by limiting the scope of the git rm command.
(From OE-Core rev: ad850837d3a45fa7cc094e3eb9c059120664c8e2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9604561d2022b6c76b1cb4186d40800d1affdd2b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Tweak the gitarchive exclude handling not to error if excluded files
don't match.
Also return the tagname created so that other code can then use it.
(From OE-Core rev: bde2cf92e1a968e7272a194b887c331742f94d5b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1adba3430faffdf6217b6a00533a3b48a9388abc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Using 4 space indentation in resulted in hundreds of megabytes of extra file size
in general use. Reduce this to make filesizes more managable and reduce the processing
cost. Some level of indentation and spacing does make the files more readable and allows
use of git diff so we need to retain some of it.
(From OE-Core rev: b8be3ac506bb39665390c770f72de2ca359670b1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a274cdcaf852cca9497f0358f44dda99c06aacbe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We have a challenge on the autobuilder where test results from both OE-Core
and poky are being mixed together during result storage which is confusing the
data. Add a way to filter to specific revisions as the least worst way to fix
the various issues this is causing.
(From OE-Core rev: 42a21e6f942208da75ae1121468379044ece77dc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3f276a0dc65341668788853be2cf27ab6aa12b13)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There are several problems with these paths. Firstly they contain full
system paths which depend upon where the test was run. These are pretty
pointless and just take up a lot of space making the results files large.
Secondly, they contain the same path twice. The reference and target path
will always be the same thing in two different locations.
Strip off the prefix and remove the duplication. This does change the output
data but that can't really be avoided. It does shrink the results data and makes
it more readable.
(From OE-Core rev: 40b422edd954eeb917464e6baa0e952d2ed4184c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81a44de36e864b08687451fd85aeba7c529fd7f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The "rawlogs" data consists of a long string of results data which is
already in a structured data format. I can't see this is adding much
value in duplciating the data but it does create a huge string with a
lot of long problematic pathnames and inflates the results data size.
I suggest we drop this data as obsolete and not necessary.
(From OE-Core rev: d35e96785a07bba29a76c96f91751be12497f50c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5b2c70fab2ffa409b861d83f048b65d458d03a90)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The code was changing the timestamps of the files in the do_package output,
particularly the files added for debug sources. This was to do two things:
a) make do_package sstate more reproducible
b) ensure better hash equivalence matching
Unfortuately the debug source files are hardlinks into the source tree for
efficiency so touching these, touches a lot of files in ${B} and ${S}. This
causes unpredictable effects if compile is run again for example, or could
cause compiling in the install task.
The hash equivalence matching is of key importance but we can mimic that
using clamping of the file timestamps in the depsig output used to generate
the hashes.
This patch drops the global timestamp clamping, instead allowing the files
to retain their creation timestamps into sstate. This makes do_package sstate
slightly less reproducibile. We could clamp the sstate timestamps but that
would lead to two different sets of timestamps depending on whether the
data came from sstate or not. I'd prefer to have consistent code behaviour,
rather than differing behavhour depending on whether data came from sstate
or not.
If we wanted to have reproducibiliy and fix the "corruption" of S/B and have
consistent codepaths, the only other option would be two copies of the
sources, which could end up huge and seems the least desireable option.
This patch therefore drops the timestamp clamping in the sstate files
and tweaks the depsig data generation to clamp the timestamps for do_package
instead since this seems the best compromise.
I validated that rpm/deb/ipk files still generate correctly as before.
(From OE-Core rev: 0e6b2c761f6d727fe21a0ce2803a0f0aef236f59)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 475759fdab7200488b2a568b2ba1aa31a456d113)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Without this change, TIC is the native tic in recipe-sysroot-native.
By default, native tic has set its default terminfo path to native path:
${datadir}/terminfo; $HOME/.terminfo
When sstate cache is used, the cached native tic's terminfo path could
be a path not exist on current host, then native tic will try to install
terminfo to HOME dir, cause host contamination.
Disable the terminfo installation by setting TIC to :
(From OE-Core rev: 571e50db36d2b4bac075d4025efbdfdb8548468b)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe35ead2c3135a18c346e7baa31d34b15c3e2d95)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Below commits on glibc-2.40 stable branch are updated.
626c048f32 elf: handle addition overflow in _dl_find_object_update_1 [BZ #32245]
efb710034e linux: sparc: Fix clone for LEON/sparcv8 (BZ 31394)
2344580243 Mitigation for "clone on sparc might fail with -EFAULT for no valid reason" (bz 31394)
3a34851103 elf: Change ldconfig auxcache magic number (bug 32231)
85e5850f2f Make tst-strtod-underflow type-generic
5c06c6e0b5 libio: Set _vtable_offset before calling _IO_link_in [BZ #32148]
cc256952ec Add tests of more strtod special cases
8f40dfbe2a Add more tests of strtod end pointer
4a9b6cdc88 Make tst-strtod2 and tst-strtod5 type-generic
5a10d05c39 powerpc64le: Build new strtod tests with long double ABI flags (bug 32145)
c4cc72d2ef Do not set errno for overflowing NaN payload in strtod/nan (bug 32045)
ad93c2047d Improve NaN payload testing
cac10d88c6 Make __strtod_internal tests type-generic
d0c1792ad2 Fix strtod subnormal rounding (bug 30220)
e06153665f More thoroughly test underflow / errno in tst-strtod-round
9bc76c7ca4 Test errno setting on strtod overflow in tst-strtod-round
61b6464f8d Add tests of fread
77018fd9f9 stdio-common: Add new test for fdopen
Testresults:
After update |Before update |Difference
PASS: 4947 |PASS: 4945 |PASS: +2
FAIL: 224 |FAIL: 224 |FAIL: 0
XPASS: 4 |XPASS: 4 |XPASS: 0
XFAIL: 16 |XFAIL: 16 |XFAIL: 0
UNSUPPORTED: 229|UNSUPPORTED: 229|UNSUPPORTED: 0
(From OE-Core rev: e773465484dbcae693b75ea1a61006a0cedb79cc)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Analysis shows that "bitbake core-image-ptest-all" spends a lot of
time in scenequeue_updatecounters and much of it is rebuilding a set
which doens't change. Reorder the code to avoid that performance
glitch.
(Bitbake rev: 1452e74cc4ddfaadc6537a049877a66cec253c8d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 923c19b9713e398d8e66e6d4422dfd4c18a03486)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Rather than looping through things we looped through on the previous execution,
start looping where we left off for setscene processing. This gives speed
improvements depending on the kind of build being executed.
(Bitbake rev: 5465f9b6e3b4748e563efc53657af96f02a41c7a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00f4d932e3af0eeb333339cbe942010fc76dee0f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There have been complaints about the performance of large multiconfig builds
for a while. The key missing data point was that the builds needed to have large
overlaps in sstate objects. This can be simulated by building the same things with
just different TMPDIRs. In runqueue/bitbake terms this equates to large numbers of
deferred tasks.
The issue is that the expensive checks in the setscene loop were hit every time
through runqueue's execute function before the check on deferred tasks. This leads
to task execution starvation as that only happens once per iteration.
Move the skip check earlier in the function which speeds things up enormously
and should improve performance of such builds for users.
(Bitbake rev: 5392a2bf6d82626e11eec5578eb4de53ba09f1fe)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9c6c506757f2b3e28c8b20513b45da6b4659c95f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
TL;DR version:
with this, and the previous compression level changes
I am seeing drastic speedups in package_write_rpm completion times:
webkitgtk goes from 78 seconds to 37 seconds
glibc-locale goes from 399 seconds to 58 seconds (!)
The long version:
rpm uses multithreading for two purposes:
- spawning compressors (which are nowadays themselves
multi-threaded, so the feature is not as useful as it once
was)
- parallel file classification
While the former behaves well on massively parallel CPUs
(it was written and verified here :), the latter was then added
by upstream and only benchmarked on their very old, slow laptop,
apparently:
41f0e214f2
On anything more capable it starts showing pathologic behavior,
presumably from spawning massive amount of very short-lived threads,
and then having to synchronize them. For example classifying glibc-locale
takes
5m20s with 256 threads (default on my machine!)
1m49s with 64 threads
59s with 16 threads
48s with 8 threads
Even a more typical recipe like webkitgtk is affected:
47s with 256 threads
32s with 64 threads
27s with 16 or 8 threads
I have found that the optimal amount is actually four: this also
means that only four compressors are running at a time, but
as they're themselves using threads, and typical recipes are dominated
by just two or three large packages, this does not affect overall
completion time.
(From OE-Core rev: ac480775440fba812fd5aa9da73e0e5bc60d46d6)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
zstd uses 3 by default, while 19 is the highest and slowest.
It's not clear why 19 was picked to begin with, possibly
I copy-pasted it from rpm's examples without thinking:
https://git.yoctoproject.org/poky/commit/?h=master-next&id=4a4d5f78a6962dda5f63e9891825c80a8a87bf66
This brings significant speedups in rpm's compression step:
for example compressing webkitgtk takes 11s instead of 36s.
The rpm size increases from 175648k to 234860k. I think it's
a worthy default tradeoff.
(From OE-Core rev: 9ec8b99470ed744c8eca0b23f99ba54210984080)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There is an issue in the std::chrono::tzdb parser that causes problems
since the tzdata-2024b release started using %z in the main format.
As a real world problem I encounter an issue with the waybar clock module,
which ignores the timezone setting and only shows system time.
(From OE-Core rev: 08dfd3849bd804f4760ebeca226645e65709a65a)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 39018429f05511053ab12e23e7f4487ea25ee529)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
makedumpfile is not compatible with mipsarcho32 and riscv32, so set for
kexec-tools accordingly.
And update packagegroup-core-tools-testapps too.
(From OE-Core rev: 6922821ab9a0e72e666e57e4b941e5821503509e)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9107d9c09c7dab385c6034778cefadca3613be9c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The first no-fail check was an attempt to work around the old
CDN's instability (and it didn't really help); it should not be necessary
with the new CDN, and only delays a-full completion.
(From OE-Core rev: 6ffde2643e6ee8a2a0eddca173a254dbdc4a79bb)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7f75c42b7fcf60a9ca58d3ded9047df675d76dc2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This patch fixes the following error at do_rootfs:
update-alternatives: Error: not linking /PATH/TO/rootfs/usr/share
/man/man1/groups.1 to /usr/share/man/man1/groups.1.coreutils since
/PATH/TO/rootfs/usr/share/man/man1/groups.1 exists and is not a link
The problem can be reproduced by adding the following lines to local.conf
and then building an image:
EXTRA_IMAGE_FEATURES:append = " doc-pkgs"
IMAGE_INSTALL:append = " shadow coreutils"
groups.1 is handled by update-alternatives in coreutils recipe, so
do it in shadow recipe too.
(From OE-Core rev: 822d70b7ccc2e5922de99a7703ec7eb3f814e29f)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 78c8eb60097df2e16c699464c39ff9142fc1ae69)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* I've noticed that ffmpeg package isn't created in my builds, due
to --disable-programs in EXTRA_OECONF added by our .bbappend, but
was surprised that lib32-ffmpeg is created.
* lib32-ffmpeg was created only because it contained the examples
which are installed in /usr/share/ffmpeg even when PN is lib32-ffmpeg
as we pass --datadir=${datadir}/ffmpeg in EXTRA_OECONF here
* --disable-programs controls ${bindir}/ffprobe ${bindir}/ffmpeg and
${datadir}/ffmpeg/ffprobe.xsd ${datadir}/ffmpeg/libvpx-*.ffpreset
(From OE-Core rev: 24bf3ad245fa2dba14a59477279c6db3c8bcd088)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d7bf828b6431a254201675e41047f53da47912f5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Since commit[1], PACKAGECONFIG[sysvinit] is not enabled by default when
sysvinit is not in DISTRO_FEATURES, which causes the following
sysvinit-compatible commands/services to not be built and installed:
runlevel
telinit
rc-local.service
systemd-initctl
systemd-initctl.service
systemd-rc-local-generator
systemd-sysv-generator
systemd-update-utmp-runlevel.service
Therefore, links to these commands/services should only be created when
PACKAGECONFIG[sysvinit] is enabled.
[1] https://git.openembedded.org/openembedded-core/commit/?id=3668235fd60a9027608f37251c4b453ed21b3687
(From OE-Core rev: 681e3d20c2ac16778e302b468ec278aed9562639)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a20b698f1acdee972cf1ff570b09a2e2c36bef1a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update to the 5.1 release of the 5.1 series for buildtools.
(From OE-Core rev: 4f58037a49ef538d89d9c6df81b1b2d8a2eab4d7)
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Ross Burton
Email: ross.burton@arm.com
Subject: bsp/genericarm64: disable ARM64_SME
Date: Thu, 21 Nov 2024 15:53:35 +0000
From upstream:
arm64: Kconfig: Make SME depend on BROKEN for now
commit 81235ae0c846e1fb46a2c6fe9283fe2b2b24f7dc upstream.
Although support for SME was merged in v5.19, we've since uncovered a
number of issues with the implementation, including issues which might
corrupt the FPSIMD/SVE/SME state of arbitrary tasks. While there are
patches to address some of these issues, ongoing review has highlighted
additional functional problems, and more time is necessary to analyse
and fix these.
For now, mark SME as BROKEN in the hope that we can fix things properly
in the near future. As SME is an OPTIONAL part of ARMv9.2+, and there is
very little extant hardware, this should not adversely affect the vast
majority of users.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: 3a6e6639b0dc4a49adfba15e720bb884d9859aa7)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 022f9814cb9d6d420e9d89a746f4c67b452c498f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Bartosz Golaszewski
Email: bartosz.golaszewski@linaro.org
Subject: gpio: allow to re-enable the deprecated GPIO sysfs interface
Date: Mon, 11 Nov 2024 14:08:23 +0100
The GPIO sysfs interface is disabled in standard linux config and in
general users should use the character device instead but there are still
programs out there that depend on it so for the time being add a kernel
feature allowing to enable it.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: b286e3dd8624cab0c57fe85c457b617e402ff6b9)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ae19861bfc336d869a7a84b13ab3e7b318e1b560)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Mikko Rapeli
Email: mikko.rapeli@linaro.org
Subject: genericarm64.cfg: enable CONFIG_DMA_CMA
Date: Thu, 24 Oct 2024 08:49:29 +0300
It's needed for graphics on AMD KV260.
Cc: Bill Mills <bill.mills@linaro.org>
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: 0b5476e41714ba1290bad711d9adfe894c3a70e3)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7d1572bce914ff67c3e08f95dfd8504b00b9a8e0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When CPE is not provided and character ":" is in cve status description,
current code takes only last part of split function.
This works only if there is no ":" in description, otherwise it drops
the other split parts.
Do a new split of the original string to take the whole description unchanged.
This fixes following entries from world build of poky+meta-oe+meta-python:
tiff-4.6.0-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2015-7313
CVE_STATUS: fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue
description: //security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue
corrected: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue
gnupg-2.5.0-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2022-3219
CVE_STATUS: upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993
description: //dev.gnupg.org/T5993
corrected: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993
libyaml-0.2.5-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2024-35325
CVE_STATUS: upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303
description: //github.com/yaml/libyaml/issues/303
corrected: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303
libyaml-0.2.5-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2024-35326
CVE_STATUS: upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
description: //github.com/yaml/libyaml/issues/302
corrected: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
libyaml-0.2.5-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2024-35328
CVE_STATUS: upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
description: //github.com/yaml/libyaml/issues/302
corrected: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
cpio-2.15-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2023-7216
CVE_STATUS: disputed: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
description: //lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
corrected: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
openssh-9.9p1-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2023-51767
CVE_STATUS: upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1.
description: //bugzilla.mindrot.org/show_bug.cgi?id=3656#c1.
corrected: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1.
cups-2.4.10-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2021-25317
CVE_STATUS: not-applicable-config: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply.
description: root, so this doesn't apply.
corrected: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply.
unzip-1_6.0-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2008-0888
CVE_STATUS: fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
description: //bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
corrected: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
syslog-ng-4.7.0-r0 do_cve_check: CVE_STATUS with 6 parts for CVE-2022-38725
CVE_STATUS: cpe-incorrect: cve-check wrongly matches cpe:2.3🅰️oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32
description: syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32
corrected: cve-check wrongly matches cpe:2.3🅰️oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32
(From OE-Core rev: 5cd34a34879ad424f3b1637b48892d6fa037861d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc33dd9176726cb4b2d2f142ed1bc655da8e0a9f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Correct maxsplit parameter from 5 to 4 to not drop text if
description contains ":".
Example:
>>> "detail: cpe:vendor:product:description:cont".split(':', 5)
['detail', ' cpe', 'vendor', 'product', 'description', 'xxx']
>>> "detail: cpe:vendor:product:description:cont".split(':', 4)
['detail', ' cpe', 'vendor', 'product', 'description:xxx']
(From OE-Core rev: 4921605aab4c9588e5c96de3afe08e9d35f51145)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3c4d8ca41ac0b429af92bf0ea84f1dfd0cda9e1f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
