These CVEs have all been fixed <6.1.30, which is the default linux-yocto
kernel version.
(From OE-Core rev: 73f03970f0aadfb053666a1e93f6f6d5b5156ca6)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a dependency which should have been in this list but wasn't, found
when debugging create-spdx hash issues.
(From OE-Core rev: 1075b9fc5d562dada45b3187cb737511ff8c7376)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Also add SRCPV to the list of BB_HASH_CODEPARSER_VALS for code parser
cache handling. Otherwise an empty SRC_URI in the list triggers this
exception:
bb.data_smart.ExpansionError: Failure expanding variable SRCPV, expression was ${@bb.fetch2.get_srcrev(d)} which triggered exception
FetchError: Fetcher failure: SRCREV was used yet no valid SCM was found in SRC_URI
The variable dependency chain for the failure is: SRCPV -> UBOOT_LOCALVERSION -> do_compile
(From OE-Core rev: d17f9da69f430337ee1ef9c09b731c27393eba83)
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Just like UBOOT_LOCALVERSION, an end user can set KERNEL_LOCALVERSION
to append a string to the name of the local version of the kernel
image.
(From OE-Core rev: 229435a52f36ddec5f85fb6d5ccd42044b688397)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was confirmed via private email.
(From OE-Core rev: c30e9f1972a3e1d4099f39fd6d0dfb37acb73ce1)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was confirmed via private email.
(From OE-Core rev: cc8bb0da24419424989548ced27b2e76030340d9)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This was confirmed via private email.
(From OE-Core rev: 834519933fcd6e4ff54f24d0cf671ea9ce24398a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some distros e.g. gentoo have latest on gcc-13 branch and we have a
situation where libstdc++ ABI is changed between 13.1 and 13.2 so
official 13.1 release based uninative will no longer work on these
distros, therefore switch to a snapshot that includes [1] which fixes
it
[1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108969
Reported-by: Martin Jansa <Martin.Jansa@gmail.com>
(From OE-Core rev: d554c404166f6ba1aa247c377fa9d3316e53aa40)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is part of the same project as GitPython, but hasn't been used by
gitdb (the sole user) since 2014.
(From OE-Core rev: 22a4aba5c2799cb09e1cdff075f9fe92426ea438)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is needed as each user could be setting different nice levels
while building, however this should not make the shared cache unusable.
(From OE-Core rev: 42784f9360345da1c01d988070253e7ffd5ac4ac)
Signed-off-by: Lorenzo Arena <arena.lor@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Import from meta-openembedded at commit d250a0dc0 ("libtraceevent:
upgrade 1.7.1 -> 1.7.2").
Starting with kernel 6.4 libtraceevent is a dependency of perf. While
one can still build perf without it by opting out one would loose its
functionality compared with building perf from kernels before 6.4
(From OE-Core rev: 45dddecd1eebc76a9835844c9bd36ac865a792c9)
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
calver is "a setuptools extension for automatically defining your Python
package version as a calendar version." It is required for
python3-trove-classifiers (another new recipe), which in turn is
required for the upgrade of python3-hatchling from 1.13.0 to work.
(From OE-Core rev: 79ed4fcad6bd49c269ada3ab99ca4548aaf34e99)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
python3-trove-classifiers is "Canonical source for classifiers on
PyPI.". It is required to update python3-hatchling from the current
version (1.13.0) in oe-core, and depends on python3-calver (another new
recipe). Also add ptests.
(From OE-Core rev: 1b417898c296b5732eac14465ba459411ebe4902)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Existing implementation required to list both specific problematic apis, and files that
use them: neither is necessary as both are seen in package_qa error messages, and
can cause excessive amount of exception lines, if there are too many files, or
they are installed in arch-specific locations. Also, the value of INSANE_SKIP
should be the test that needs to be skipped, and in this case it wasn't.
Also, all problematic recipes are now correctly listed.
(From OE-Core rev: e6ebd0c556dfc576a59f5755d97089a2a241f698)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In particular this enables a number of useful features in glibc
(which utilize newer kernel APIs), such as actually using 64 bit
time_t versions of kernel syscalls:
https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/kernel-features.h;h=07b440f4eea364b05fa49bf71ceebf78f80efe13;hb=HEAD#l164
In general, OLDEST_KERNEL setting is used in these two places:
- kernel.bbclass compares it with the target kernel version being built.
If a vendor BSP still offers an older kernel, OLDEST_KERNEL should be set to match.
- glibc recipe passes it as a parameter to the build so that additional features
and optimized paths that kernels older than OLDEST_KERNEL are enabled.
Note that there is a related setting, SDK_OLDEST_KERNEL, which remains as
it was (at 3.2.0) to ensure maximum compatibility with kernels on SDK host
machines; that setting is used to build nativesdk-glibc and verify the kernel
version when the SDK is being installed.
Build host kernel versions are not checked directly; compatible distros
are listed instead.
(From OE-Core rev: feb8e3fb71131a414a2a9271832b4e16860301ea)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It builds glibc source like other glibc recipes do,
and so the same problems occur.
(From OE-Core rev: 68b50d362ec61f27be818e40fcbb281d9bacf756)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Specifically:
- add missing maintainer.inc entries for initramfs-module-*, systemd-machine-units and
target-sdk-provides-dummy and drop them from exception list.
- remove rust from exception list for unbuildable-by-default recipes as it is now buildable.
- add missing maintainer.inc entry for libx11-compose-data and cve-update-nvd2-native;
as they are also unbuildable by default, they needs to be in exception list as well.
(From OE-Core rev: e9158b191c1cfc16f97abed6c05891aa84fe9463)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop backported/merged patches:
Revert-linux-user-add-more-compat-ioctl-definitions.patch
configure-Fix-check-tcg-not-executing-any-tests.patch
contrib-vhost-user-blk-Replace-lseek64-with-lseek.patch
Revert-linux-user-fix-compat-with-glibc-2.36-sys-mou.patch
Drop socket chardev patch with conflicts:
chardev-connect-socket-to-a-spawned-command.patch
This last patch was added in support of swtpm however it isn't clear if anyone
is still using that workflow. The patch uses API calls such as as qemu_fork()
which were removed in 8.0.0 and replaced with gspawn calls. If anyone needs the
patch, it will be better for them to forward port it, test it and reinstate it,
preferably with a discussion with upstream about it too.
(From OE-Core rev: fe8125565af07b73f9b29db2188ecb6e884bcc70)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Found two places missed with droping from this list a few years back.
(From OE-Core rev: 7db8c52dd31c495c35c239d317bc5a098662cc53)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a ptest for lz4.
- It is taking around 9 min to execute with kvm, so added it to PTEST_SLOW.
- It contains one case: test_frame.
- Below is the run log:
START: ptest-runner
2023-04-06T00:36
BEGIN: /usr/lib/lz4/ptest
Starting lz4frame tester (64-bits, 1.9.4)
Seed = 7314
Basic tests completed
All tests completed
PASS: lz4/test_frame
DURATION: 573
END: /usr/lib/lz4/ptest
2023-04-06T00:45
STOP: ptest-runner
TOTAL: 1 FAIL: 0
(From OE-Core rev: 2ee144a0bfb88823bfa788697bb7afc9a572c413)
Signed-off-by: Qiu Tingting <qiutt@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is little point in having "crosssdk" suffex added to the virtual provider within
binutils since the TARGET_PREFIX or SDK_PREFIX already encapsulates this. Remove it
allowing some of the special case overriding to be removed.
(From OE-Core rev: 6856fc5c848cc2564bebe03a007ef109f46d0adb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2023-1652 & CVE-2023-1829 are fixed by all version used by
linux-yocto.
Fixing commits are not referenced by NVD but are referenced by:
* https://www.linuxkernelcves.com
* Debian kernel-sec team
... this should be trust worthy enough.
(From OE-Core rev: 8f9d6c5b0238641313387c139442566752a1d25d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In 5c6064 the qemuarm* machines gained vmalloc=256, because in testing
Bruce was seeing problems when the vmalloc area was too big for the
memory size of the machine (eg 256MB).
The intention was for the area to be very small, but 256 bytes is too
small and the kernel sets a minimal vmalloc area of 16MiB:
[ 0.000000] vmalloc area is too small, limiting to 16MiB
However, a 16MiB area is too small and results in pages of messages when
you try and use the system:
[ 242.822481] vmap allocation for size 4100096 failed: use vmalloc=<size> to increase size
There have been a number of changes since this commit, remove the
explicit vmalloc argument and use the default. I've tested that the
system still boots locally.
[1] early_vmalloc(), https://elixir.bootlin.com/linux/latest/source/arch/arm/mm/mmu.c#L1170
(From OE-Core rev: 816dd95320ba2e4a0f6b816e4f58999c0f235ae2)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add some information about some further kernel CVEs which don't apply for
either linux-yocto or don't apply for linux-yocto 6.1.
(From OE-Core rev: 85c1713bf0c01c68558bfba38edcc005c1ebb1c9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVEs CVE-2023-0179, CVE-2023-1079 and CVE-2023-1513 are patched in our
kernels but appear as active because the NVD database is not up to date.
(From OE-Core rev: ae1e7999a06c56c6f752413296b8f6b505475f8b)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Reviewed-by: Frank WOLFF <frank.wolff@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Multiple CVEs are patched in kernel but appear as active because the NVD
database is not up to date.
In common file cve-extra-exclusion.inc, CVEs are ignored if and only if
all versions of kernel used are patched.
In cve-exclusion_6.1.inc, only ignore CVEs that are patched in v6.1,
and not patched in v5.15.
Recipes of version 6.1 should include this file.
Reviewed-by: Yoann Congal <yoann.congal@smile.fr>
(From OE-Core rev: 5feb065f1b1aaf218f71cc9d31a9251b139b9442)
Signed-off-by: Geoffrey GIRY <geoffrey.giry@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rebase patches; one of the vendored crossbeam versions
has been removed upstream, and so crossbeam_atomic.patch
is adjusted accordingly.
Replace getrandom-open64.patch with a backport.
(From OE-Core rev: f5accb4fae49342cbec21718ae7a427615bfcedd)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This recipe provides find-debuginfo which is used by rpm, more
specifically rpmbuild.
RPM upstream removed find-debuginfo and switched to use debugedit
in the following commit.
04b0805a75
Without debugedit, rpmbuild fails to generate debuginfo package when
%debug_package is added to spec file.
(From OE-Core rev: f7ada8b4d003473abce5b589cc38aec1e5e5f18a)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A recent package.py change has highlighted some corruption issues with -dev
pkgconfig package dependencies. Bump the output versions to trigger a rebuild
and ensure everything is consistent.
Take the opportunity to also drop all HASHEQUIV_HASH_VERSION entries since the
main version is changing.
(From OE-Core rev: f45ddfbf007de858327eef0ffefd5840ef4c69b8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This package contains modules for both unittest and pytest that alter
the output to look like automake's 'make check' output, for better
integration with ptest.
(From OE-Core rev: 961e4f3fc786715fc136fa446686972a4a95a3d5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
