https://nvd.nist.gov/general/news/cvss-v4-0-official-support
CVSS v4.0 was released in November 2023
NVD announced support for it in June 2024
Current stats are:
* cvss v4 provided, but also v3, so cve-check showed a value
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0;
2069
* only cvss v4 provided, so cve-check did not show any
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0;
260
(From OE-Core rev: 7ce34ce58f83bc02fa2c04bec54e358e8614157e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 358dbfcd80ae1fa414d294c865dd293670c287f0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport the fix for glibc bug 32214.
The missing randomness in early boot may cause some systemd services
to fail when they occasionally try to create tempdirs like
/run/systemd/namespace-aaaaaa at the same time.
The error messages can contain things like
"Failed to set up mount namespacing".
(From OE-Core rev: 92cc48d51c763249b2eb8b4181bc20056fc72264)
Signed-off-by: Ola x Nilsson <olani@axis.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Below commits on glibc-2.40 stable branch are updated.
7073164add libio: Attempt wide backup free only for non-legacy code
adfb14e71f debug: Fix read error handling in pcprofiledump
f4a9b6e97b elf: Fix tst-dlopen-tlsreinit1.out test dependency
f496b750f1 elf: Avoid re-initializing already allocated TLS in dlopen (bug 31717)
b7edcfa0f4 elf: Clarify and invert second argument of _dl_allocate_tls_init
3414b17e9d nptl: Use <support/check.h> facilities in tst-setuid3
3b3350d7ba posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64
e24902f409 ungetc: Fix backup buffer leak on program exit [BZ #27821]
dac7a0694b ungetc: Fix uninitialized read when putting into unused streams [BZ #27821]
2f749d2b15 Make tst-ungetc use libsupport
27fb563bfe stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]
bc240ba7c8 support: Add FAIL test failure helper
709319f9de string: strerror, strsignal cannot use buffer after dlmopen (bug 32026)
586e4cd8c6 Define __libc_initial for the static libc
c0af0c2ba0 x86: Fix bug in strchrnul-evex512 [BZ #32078]
898f25e0b1 x32/cet: Support shadow stack during startup for Linux 6.10
e3556937c2 x86-64: Remove sysdeps/x86_64/x32/dl-machine.h
39ee60a719 support: Add options list terminator to the test driver
5641780762 manual/stdio: Further clarify putc, putwc, getc, and getwc
6a97e2ba14 Fix name space violation in fortify wrappers (bug 32052)
aa533d58ff x86: Tunables may incorrectly set Prefer_PMINUB_for_stringop (bug 32047)
928769737c resolv: Fix tst-resolv-short-response for older GCC (bug 32042)
ca53bc68ab Add mremap tests
2eb2d78ca7 mremap: Update manual entry
3433a35842 linux: Update the mremap C implementation [BZ #31968]
46f19b2342 Enhanced test coverage for strncmp, wcsncmp
509166c9a5 Enhance test coverage for strnlen, wcsnlen
132a72f93c manual: make setrlimit() description less ambiguous
65fbcfe589 manual/stdio: Clarify putc and putwc
5d2a931a81 malloc: add multi-threaded tests for aligned_alloc/calloc/malloc
2aebac5e15 malloc: avoid global locks in tst-aligned_alloc-lib.c
145b588637 Fix version number in NEWS file
b6aeba2de1 manual: Do not mention STATIC_TLS in dynamic linker hardening recommendations
ef14142663 resolv: Do not wait for non-existing second DNS response after error (bug 30081)
8bbb8d7b16 resolv: Allow short error responses to match any query (bug 31890)
(From OE-Core rev: 08d6477a47ff7819af2c24693c5dfbd0c59ac2ff)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5335a7b2852ce891a98eda18d59fc32e60f1c722)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As of systemd 256, libsystemd-shared.so doesn't directly link to a number
of libraries but instead dlopen()'s them as needed to reduce the size of
the attack surface.
Instead the .so has a .note.dlopen segment that lists the libraries that
may be opened, with the intention that these are transformed into package
recommendation fields.
We don't yet have support for these (see #15595) so explicit dependencies
have been added to the systemd package itself. However, in an initramfs
with udev but without systemd and no recommendations you end up without
libkmod, so module loading is impossible.
Add an explicit hard dependency on libkmod to udev, because modules are
critical functionality.
(From OE-Core rev: 12fadefe11ed9f09171087608c3c4b83c7302b3f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The sysvinit PACKAGECONFIG knob enables various legacy/compatibility
code that may not be needed or even desired. If DISTRO_FEATURES
includes systemd (as it must for this recipe to build) but not
sysvinit, there is no point building and installing that legacy
support.
As most other changes, this can cause breakage, but given that
sysvinit not being in DISTRO_FEATURES requires explicit opt-out (due
to backfill), I think the risk is low. Moreover, it is generally
easier to add to than to remove from PACKAGECONFIG.
(From OE-Core rev: 3668235fd60a9027608f37251c4b453ed21b3687)
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta-ide-support:do_write_test_data dumps the bitbake data dictionary to
a file using export2json(). As this obviously includes the value of
MACHINE, and other MACHINE-specific variables, the recipe needs to be
marked as MACHINE-specific.
RP: Note that this patch does change the name of the environment script
since it is no longer package arch specific but machine arch specific.
[RP: Fix selftest to reference new environment file]
(From OE-Core rev: 3be2bc8a9b0c9d6a178329c8b451a6bedf255d6c)
Signed-off-by: Paul Barker <paul.barker.ct@bp.renesas.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This fixes and issue that allows blank lines to be incorrectly output
when the "-s" flag is included. This issue propogates into the
populate-volatile.sh script in initscripts. If a volatiles drop file
contains blank lines, a blank line will be included in combined users,
which will incorrectly result in a difference in the number of combined
users versus defined users. If this happens, the volatiles file will not
be executed.
(From OE-Core rev: dfbcf0581ab3dd47037726a7b8aa06f777792473)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adds extra "--collect" flag to the mount command within
automount_systemd. This is intended to fix an observed deadlock after
rapidly inserting and removing external media. This is because if the
mount command fails, the transient mount will enter a failed state. The
next time the media is inserted, automount_systemd bails because the
first consition finds that the file path for the failed transient mount
still exists. This leaves the external media unmounted and cannot be
mounted until the mount is fixed via systemctl or the device is
rebooted.
Adding "--collect" ensures that the transient mount is cleaned up after
entering a failed state, which ensures that the media can still be
mounted when it's re-inserted.
(From OE-Core rev: f0cda74d73eb8c14cd6f695f514108f1e94984a6)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In 924453c225
ProtectHome was set to true for systemd-coredump in order to reduce risk, since an attacker could craft a malicious binary in order to compromise systemd-coredump.
At that point the object analysis was done in the main systemd-coredump process.
Because of this systemd-coredump is unable to product symbolicated call-stacks for binaries running under /home ("n/a" is shown instead of function names).
However, later in 61aea456c1 systemd-coredump was changed to do the object analysis in a forked process,
covering those security concerns.
Let's set ProtectHome to read-only so that systemd-coredump produces symbolicated call-stacks for processes running under /home.
Note: it still does not work in /tmp (because of PrivateTmp=yes) and in /root (for unknown reasons).
Before the change (with minidebuginfo enabled):
root@qemux86-64:~# /home/sleep 1000 &
[1] 426
root@qemux86-64:~# kill -11 $(pidof sleep)
root@qemux86-64:~# coredumpctl info
PID: 426 (sleep)
UID: 0 (root)
GID: 0 (root)
Signal: 11 (SEGV)
Timestamp: Fri 2024-09-06 17:25:18 UTC (3s ago)
Command Line: /home/sleep 1000
Executable: /home/sleep
Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service
Unit: serial-getty@ttyS0.service
Slice: system-serial\x2dgetty.slice
Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5
Machine ID: fb279f18f2c849c59768754c7a274ee3
Hostname: qemux86-64
Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.426.1725643518000000.zst (present)
Size on Disk: 16.5K
Message: Process 426 (sleep) of user 0 dumped core.
Stack trace of thread 426:
#0 0x00007f365f3849a7 clock_nanosleep (libc.so.6 + 0xd49a7)
#1 0x00007f365f38f667 __nanosleep (libc.so.6 + 0xdf667)
#2 0x0000561fee703737 n/a (/home/sleep + 0x7737)
#3 0x000000003a6227c5 n/a (n/a + 0x0)
ELF object binary architecture: AMD x86-64
[1]+ Segmentation fault (core dumped) /home/sleep 1000
After the change (with minidebuginfo enabled):
root@qemux86-64:~# /home/sleep 1000 &
[1] 450
root@qemux86-64:~# kill -11 $(pidof sleep)
root@qemux86-64:~# coredumpctl info
PID: 450 (sleep)
UID: 0 (root)
GID: 0 (root)
Signal: 11 (SEGV)
Timestamp: Fri 2024-09-06 17:30:12 UTC (4s ago)
Command Line: /home/sleep 1000
Executable: /home/sleep
Control Group: /system.slice/system-serial\x2dgetty.slice/serial-getty@ttyS0.service
Unit: serial-getty@ttyS0.service
Slice: system-serial\x2dgetty.slice
Boot ID: 44ef4ddfaad249ceaa29d1e9f330d3b5
Machine ID: fb279f18f2c849c59768754c7a274ee3
Hostname: qemux86-64
Storage: /var/lib/systemd/coredump/core.sleep.0.44ef4ddfaad249ceaa29d1e9f330d3b5.450.1725643812000000.zst (present)
Size on Disk: 16.5K
Message: Process 450 (sleep) of user 0 dumped core.
Stack trace of thread 450:
#0 0x00007f795dd689a7 clock_nanosleep (libc.so.6 + 0xd49a7)
#1 0x00007f795dd73667 __nanosleep (libc.so.6 + 0xdf667)
#2 0x0000561965c9d737 rpl_nanosleep (sleep + 0x7737)
#3 0x0000561965c9d0c1 xnanosleep (sleep + 0x70c1)
#4 0x0000561965c985c8 main (sleep + 0x25c8)
#5 0x00007f795dcba01b __libc_start_call_main (libc.so.6 + 0x2601b)
#6 0x00007f795dcba0d9 __libc_start_main (libc.so.6 + 0x260d9)
#7 0x0000561965c98685 _start (sleep + 0x2685)
ELF object binary architecture: AMD x86-64
[1]+ Segmentation fault (core dumped) /home/sleep 1000
(From OE-Core rev: b8c1f999038b7cd6fc2e80ed215541c8a4d9e19f)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
${MIMEDIR} (aka ${datadir}/mime) is packaged in ${PN}-mime and the
reference to ${datadir}/mime/packages/io.systemd.xml for FILES:${PN}
should have been removed in commit
5560243137f772683e53b614f134dd632b62be8b.
(From OE-Core rev: 3dba1443ef123714a4b1c77ade1ea3b2d0ad3f21)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The PTEST_ENABLED conditional is no longer needed since the task is deleted
if ptest isn't enabled.
(From OE-Core rev: 6037ad74d88ff23821120422f2f0d0366daa8ec7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The Valgrind recipe has had support for aarch64 for 9 years but the
packagegroup-core-tools-profile recipe still excludes valgrind on
aarch64 builds. This patch adds Valgrind when building the
package-group-core-tools-profile for aarch64 systems.
(From OE-Core rev: 2f8f6d722b39d2d1080367bf780dead4ed4ed781)
Signed-off-by: John Ripple <john.ripple@keysight.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The zlib crate in rust uses libz.a which comes from the zlib-native build.
Some distros like alma9, fedora etc. do not have PIE enabled by default for system compiler.
This leads to target-rust-ccld linking error for cargo-native as (line no 22936):
error: linking with `/home/pokybuild/yocto-worker/qemuarm64/build/build/tmp/work/x86_64-linux/cargo-native/1.79.0/wrapper/target-rust-ccld` failed: exit status: 1
https://autobuilder.yoctoproject.org/typhoon/#/builders/42/builds/9385/steps/13/logs/stdio
Hence, enable PIE option to CFLAGS for native builds.
(From OE-Core rev: 7146d260f655fa924461333c8c2944ebb93b2b3c)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bring following changes on top of 1.2.5
* dd1e63c3 syslog: revert LOG_FAC/LOG_FACMASK changes
* 008f737d siglongjmp: document why this function just calls longjmp
* 947b4574 inet_ntop: fix the IPv6 leading zero sequence compression
* 50ab8306 dynlink: avoid copying to temp buffer in get_lfs64
* 1b97d006 sys/epoll.h: add epoll ioctls
* ab31e9d6 getusershell: skip blank lines and comments
* 53ac44ff dynlink: fix get_lfs64() with posix_fallocate64
* 895736d4 syslog: fix incorrect LOG_MAKEPRI and LOG_FAC[MASK] macros
* 05ce67fe add renameat2 linux syscall wrapper
* 00799729 fix mismatched type in posix_getdents definition
* cbf59dd6 aarch64 crti.o: fix alignment of _init/_fini
* 84015cee fix typo that broke sys/reg.h and sys/user.h
* 1b0d4851 implement posix_getdents adopted for next issue of POSIX
* 2c124e13 stdint.h: derive limits from __LONG_MAX, use common fast16 types
* 7019fbe1 sys/user.h: derive __WORDSIZE from __LONG_MAX
* e709a6f0 sys/reg.h: derive __WORDSIZE from __LONG_MAX
* 29b216b2 unistd.h: derive ILP32/LP64 macros from __LONG_MAX instead of arch bits
* 0dfa1d8c unify bits/stat.h for all archs sharing a common definition
* ef600888 align aarch64, riscv64, loongarch64 stat structure padding type
* 6f666231 ldso: fix non-functional fix to early dynamic PAGE_SIZE access
* fced99e9 strptime: implement conversion specifiers adopted for next POSIX issue
* 3f9d4224 printf decimal integer formatting: shave off one division
* a23cf8f9 riscv mcontext_t/sigcontext: use __aligned__ instead of aligned
* cbf1c7b6 add missing STATX_ATTR_* macros omitted when statx was added
* 3f49203c initgroups: do not artificially limit number of supplementary groups
* 24ebbbde printf: fix edge case where hex float precision was not honored
* e3b0ace5 complex: fix comment in cacosh
* 9683bd62 math: fix fma(x,y,0) when x*y rounds to -0
* 5370070f fix pwrite/pwritev handling of O_APPEND files
* bdc9a9ff uio.h: add RWF_NOAPPEND flag for pwritev2
* 7ada6dde iconv: fix missing bounds checking for shift_jis decoding
* fd7d0185 add missing inline keyword on default a_barrier definition
* b5121e2e iconv: add aliases for GBK
* ca6f46af iconv: add euro symbol to GBK as single byte 0x80
(From OE-Core rev: 70179bc94c90ba1f33a3fff8f3019cb96fcdbaef)
(From OE-Core rev: bcfaa9542fac82e90fbb8bdf67e3ade2697fbca4)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This release adds extension functions statx and preadv2/pwritev2, with
fallback implementations for older kernels, and adds two new ports:
loongarch64 and riscv32. Minor changes to the printf family of
functions have been made for conformance to new standards
interpretations/requirements. TLSDESC support for riscv64 has also
been added.
Bugs fixed include some DNS issues related to new TCP fallback
functionality, several rare race conditions, potentially incorrect
return value when glob aborts, and several signifiant arch-specific
bugs affecting TLSDESC on arm, riscv64 icache flushing, and sh
sigsetjmp and dlsym RTLD_NEXT. [1]
Do not use https protocol for fetching
Musl author confirms that https protocol is not well supported yet on
musl git host, currently we experience this problem intermittently on
some build hosts where the fetching fails.
fatal: protocol error: bad line length character: erro
WARNING: Failed to fetch URL git://git.etalabs.net/git/musl;branch=master;protocol=https
[1] https://www.openwall.com/lists/musl/2024/03/01/2
(From OE-Core rev: c6c79477209f5e7e1a0206942de9603a7accec67)
(From OE-Core rev: 0d0a2d62810bfa7ea51d536c4e43c2edae823a6b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Do not force CFLAGS (no longer necessary).
(From OE-Core rev: 092ac58c7914142db397544b1a8e18f61423deba)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop backport 0001-girepository-introspection-correctly-install-.gir-fi.patch
(From OE-Core rev: 68ac84d6f4aa4f9342b53814b08a4a888f006a2c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Drop VOLATILE_TMP_DIR, use FILESYSTEM_PERMS_TABLES instead. By default,
FILESYSTEM_PERMS_TABLES ?= "files/fs-perms.txt \
files/fs-perms-volatile-log.txt \
files/fs-perms-volatile-tmp.txt"
it contains 'files/fs-perms-volatile-tmp.txt', which means volatile tmp
is enabled. User can disable volatile tmp by remove
'files/fs-perms-volatile-tmp.txt' from FILESYSTEM_PERMS_TABLES.
* If volatile tmp is disabled, both /tmp and /var/tmp are persistent
(From OE-Core rev: 8d1ae67b89c45f78162e070228086c7ef88c3264)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop VOLATILE_LOG_DIR, use FILESYSTEM_PERMS_TABLES instead. By default,
it contains 'files/fs-perms-volatile-log.txt', which means volatile log
is enabled. User can disable volatile log by remove
'files/fs-perms-volatile-log.txt' from FILESYSTEM_PERMS_TABLES.
(From OE-Core rev: 91128c6517066715f2afe6b46aa3206c7cf3653e)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upgrade util-linux from 2.40.1 to 2.40.2.
0001-Revert-autotools-make-pam-install-path-configurable.patch
is added to solve a problem of lastlog2 pam module not installed
in the expected location.
(From OE-Core rev: 2303f28de507ceb88a012647f70b74e0fad6ec4b)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The 2.39 version of util-linux took new file descriptors based mount
kernel API into use. In relation to this change, the upstream release
notes in
https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21
mention that
This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior.
After observing following failure when booting a board using a bit
older 6.1 series kernel together with initramfs rootfs based boot flow
[FAILED] Failed to start Remount Root and Kernel File Systems.
See 'systemctl status systemd-remount-fs.service' for details.
closer inspection revealed:
demoboard ~ # systemctl status -l systemd-remount-fs.service
x systemd-remount-fs.service - Remount Root and Kernel File Systems
Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled)
Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago
Docs: man:systemd-remount-fs.service(8)
https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE)
Main PID: 76 (code=exited, status=1/FAILURE)
Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32.
Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option.
Aug 14 14:53:48 demoboard systemd-remount-fs[81]: dmesg(1) may have more information after failed mount system call.
Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE
Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'.
Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems.
also consequentially, 'systemctl status' reported:
State: degraded
When issuing 'strace -ff mount -o remount /' the failure occurred at
mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument)
After further investigation, The issue was pinpointed to lack of Linux
kernel commit
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210
("fs: relax mount_setattr() permission checks") in the kernel version
that was being used. Above mitigation was discussed in email related to
then-rejected CVE-2024-26821:
https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/
After testing with qemuarm64 machine different linux-yocto versions,
it was observed that the issue impacts following versions of currently
supported LTS kernels:
- 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0)
- 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0)
- 5.15.164 which is currently the newest of 5.15.y series (i.e. no
known working version)
Taking the above findings into consideration, add a new PACKAGECONFIG
option removing which enables users to opt-out from using the feature
which can cause issues with a bit older kernels. The option is enabled
only for class-target here, since it otherwise causes following error
during util-linux-native's do_configure task on Debian 11 build host
(mountfd_api requirement fails):
| configure: error: libmount_mountfd_support selected, but required mount FDs based API not available
Versions 5.10.223, 5.4.279 and 4.10.317 were also tested with qemuarm64
but the issue was not reproduced with those versions - using strace
showed that the mount_setattr call associated with the new mount API
problem was not issued with these LTS kernel versions, which seemed to
be confirmed also by following libmount debug message in these cases:
415: libmount: HOOK: [0x7fa115e818]: failed to init new API
Note: In addition to the aforementioned, this change was tested also
briefly using the current latest kernel versions 6.1.104, 6.6.45 and
6.10.3 that using the old mount API with newest kernels did not
introduce any observable regression to the boot flow.
(From OE-Core rev: dc086d9a8613143607af3583c72ed892e20b4d66)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes of existing tools:
- ap_tools/ap-check: Add support for vfio-ap dynamic configuration
- dbginfo.sh: Update/Add additional DASD data collection
- dumpconf: Add new parameter 'SCP_DATA' for SCSI/NVMe/ECKD dump
devices
- libutil: Make formatted meta-data configurable
- s390-tools: Replace 'which' with built-in 'command -v'
- zdump/dfi_elf: Support core dumps of vr-kernels
Bug Fixes:
- chzdev: Fix warning about failed ATTR writes by udev
- rust/pv: Try again if first CRL-URI is invalid
- rust/pvattest: Add short option for --arpk
- zdump: Fix 'zgetdump -i' ioctl error on s390 formatted dump file
(From OE-Core rev: c0f57f1210396278a30efa757252c841e86b6ff4)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since this is a recipe with PACKAGES = "", inherit the nopackages
class to skip the various packaging functions which wouldn't do anything anyway.
This fixes errors from buildhistory changes where packages-split would be empty.
(From OE-Core rev: c94b18885fc4a684d5b403f864c7da2cb8b0d188)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes:
566210c272 meson: Bump version to 256.4
16de138427 mkosi: update debian commit reference
b731debea9 hwdb: update to main@{2024-07-24}
a78a524652 add udev rules for trezor hw wallet devices
b825a8be0b core: reliably check if varlink socket has been deserialized
83c9043727 mkosi: Bump device timeout even more
e60d01bdbf man/systemd-repart: extend description and reword some sentences
766af3f782 Document that MemorySwapMax supports % configuration
1922d49fd6 Make vcs-tag do something useful for non-developer mode as well
5b9ad0bbb8 tools/fetch-distro: switch to the target branch
8334be48a3 tools/fetch-distro: only fetch the configured branch
92890d56e8 tools/update-distro-hash: rename, fetch the repository if appropriate
1f079607f8 Merge pull request #33803 from bluca/v256-stable
e05f93b5c4 mkosi: update arch commit reference
c9d39eea98 mkosi: update fedora commit reference
dbeed95d76 mkosi: Use the Fedora Rawhide spec for CentOS
6108f13fc0 mkosi: Switch back to PKG_SUBDIR instead of symlinks
fd2a6ea0a8 zsh/_networkctl: remove duplicated argument for completion (#31926)
995c702a34 import-creds: when we hit ENOENT on SMBIOS 11 do not even debug log
6a3cb4cd11 core/unit: ignore dropins for masked units completely when checking need_reload
f81659f5f3 test: add a reproducer for #33672
7fcfb73d71 shared: log error when execve fail
7da84cc154 test-execute: ExecStop= and friends should not get credentials
8f58652f5e test: override blocking localed policy in TEST-73-LOCALE
d6f8575f1e meson: fix missing failure if bpf-framework was enabled
e274de4b74 zsh: add varlinkctl completions
cae58967a5 docs: Document how to do stable releases
468b064634 man: Mention Type=oneshot timeout directive
d870f2335b l10n: fix credits for the French translation
8aa9e60f89 sd-device: remove debug log message when dirs are missing
86ec58a55c id128: refuse --app-specific= if we're listing GPT types
b60d5bc1b7 gpt: add more architecture aliases
b786185406 kernel-install: Remove existing loader entries and UKIs
e63ae80a89 bootspec: correct log level for fatal errors
3736e21341 bootspec: implement sorting by tries left/done, to match what sd-boot does
18143edf3e boot: compare filename suffixes without case
78fcf31f08 man: some fixes
bcda6d4637 man: fix typo in unit options section
1747350ffd fsck: do not pull down mount units on soft-reboot
a68188e985 man: fix typo in the alias symlink name
15c236806c vmspawn: define default machines for mips targets
fa2b2da146 path: drop IN_ATTRIB from parent directory watches
35e2f62967 Remove extra period at the end of systemd-bsod's unit description. (#33632)
a40eb432cb test: Set priority for TEST-73-LOCALE
172ffeb813 TEST-06-SELINUX: Disable RuntimeBuildSources=
2fd3514456 test: Add missing --no-rebuild to doc
69c9044525 meson: Bump version to 256.3
16b12506a6 core/cgroup: check root cgroup earlier for unit_get_memory_accounting
06c2ee3979 core/cgroup: make unit_has_host_root_cgroup take const Unit*
15732ee31f core: unify reset_accounting handling
50a0a55066 core: do not drop CGroupRuntime when unit stops, but only on GC
b08b5996d3 core/cgroup: use > 0 comparison rather than == 1
ffd90200b2 core/cgroup: actually make use of the cached accounting values
7684f52839 test-install-root: introduce test case for #33411
a42db16a1c shared/install: correctly report changes in install_info_symlink_alias()
bb83650f96 shared/install: propagate all errors in install_info_apply()
908edce5b6 shared/install: drop unneeded initialization
f414ca0ee3 systemctl: do not try to acquire triggering units for template units
67e0d09368 systemctl: skip triggering unit warning if unit vanished
bb71d5dfb4 man/systemctl: --no-reload is honored by mask/unmask/preset too
7122e226c3 logind-dbus: set gc_mode to USER_GC_BY_PIN when disable linger
5d6bf58cf2 logind-user: take gc_mode into account when reporting user state
bcb13a3fa2 test_ukify: do not use files from /boot
88264411b6 test_ukify: use sha384 in the signing tests
8b3bedd821 test_ukify: add instructions
168b788104 terminal-util: don't issue "ESC c" sequence on reset, but only when erasing the screen
5e4464bb64 mkosi: Bump default device timeout a little
0009ed8ee1 meson: Drop version from 256.3 to v256.2
1354f6194c meson: Drop ~devel suffix from systemd-stable version
fe37213c55 Merge pull request #33774 from DaanDeMeyer/mkosi-backport
677126d300 mkosi: Fix indentation
4c25e572a9 mkosi: Fix typo
400222fa1c mkosi: Drop util-linux from centos/fedora packages
dc3543a391 mkosi: Drop udev from Packages= list
82e2a5f47f mkosi: Fix formatting
11f065d3ee mkosi: Build CentOS Stream 10 images by default
c54eab5dd0 mkosi: Streamline running the integration tests without building systemd
3bde2db7a4 meson: Drop genkey target
baad1c0d0e mkosi: Skip sync script if NO_BUILD is enabled
102ed56c61 mkosi: Remove enforcing=0 from default kernel command line
611e82e660 mkosi: Stop setting apparmor=0
fa7892a690 docs: update mkosi version mentioned in HACKING.md (#33723)
ad444842e0 Merge pull request #33735 from DaanDeMeyer/backport-mkosi
a63e82ca4a repart: Allow overriding fstype per partition designator
9d05f2d559 mkosi: List library packages explicitly in VolatilePackages=
4a55046779 mkosi: Build initrd as a subimage
81bafc8dd9 mkosi: Drop CacheOnly=always from two subimages
1be0b1f54b TEST-13-NSPAWN: make sure we don't load libnss_systemd
0b9df91ce2 mkosi: Disable unique debug source names
89904fc10c systemd-networkd-tests: Skip tests requiring dhcpd if it is not available
c3342c3dc7 TEST-55-OOMD: Remove the opensuse user@ dropin
127f8362c1 mkosi: Install binutils
1a995b9d66 TEST-64-UDEV-STORAGE: Use max_ioqpairs instead of num_queues
367ad876a6 mkosi: Use clang --print-runtime-dir
8b859fa29d mkosi: Extend arch build script comment about symlinks
a8a7a6716e test: do not attempt to set xattr on tmpfs
3fc259ae25 mkosi: Add CI for CentOS Stream 10
945013a092 mkosi: Use squashfs for sysext if mkfs.erofs is not available
480f8fa839 mkosi: Make epel repositories optional for CentOS Stream 9
76e14148f6 mkosi: Introduce build image
abc3a61e59 mkosi: update fedora commit reference
748cd5a703 mkosi: Update to latest
6d07d59237 Merge pull request #33691 from DaanDeMeyer/backport-mkosi
180814f22f mkosi: Switch back to code.opensuse.org for opensuse
976a0d998e test: install split-out sshd-session binary if present
ca97b9a7e6 mkosi: update opensuse commit reference
fef4746218 tools/update-distro-hash: Fix path
54eb9b9301 TEST-06-SELINUX: Various fixes
de6c473b40 mkosi: Don't fail if /var/log/journal does not exist
74475a5169 test: Switch to ncat instead of nc
0c51e28088 TEST-55-OOMD: Switch to stress-ng
0c7d634157 docs: Simplify update commands in HACKING.md
5685a59371 mkosi: Update to latest
370bf11ec4 mkosi: Build a sysext if SYSEXT=1 is specified
0bdb879b3c mkosi: Check for configured build directory if WIPE=1
880c32b7e3 mkosi: Install erofs-utils
cd357eb029 Merge pull request #33674 from DaanDeMeyer/backport-mkosi
c350e02631 mkosi: Fix git commit
00bcc619db mkosi: Adapt configuration to take into account configuration rework
3cf12f4f9a mkosi: use apt pinning for locally built debian/ubuntu packages
7ab51fef1f mkosi: Make .autorelabel file empty
0123dbee1b mkosi: Update to latest
32981c454c build(deps): bump actions/checkout from 4.1.6 to 4.1.7
ab11d7e177 mkosi: policykit-1 was renamed to polkitd
8dd54e5adc mkosi: Use the "default" root filesystem for each distribution
d28aa922fd meson: add option to build systemd-executor "statically"
c3b4032fc3 meson: build libsystemd-core via an intermediate static library
9be2fe707e meson: rename libbasic to libbasic_static
fcbafc3ffe Bump meson version to 256.3~devel
c7e144eb4a Finalize v256.2
709655ea0d mkosi: switch debian to ci/v256-stable branch
e8bbe635cd workflows/labeler: do not set labels on stable backport PRs
aa1eb0b066 labeler: match all mkosi files
32f2b9bba6 labeler: remove matches for dropped files (Makefile)
9a2f16e4ed vmm: make sure we can handle smbios objects without variable part
c32f71aa14 README: update requirements for signed dm-verity
abba1e6bc2 sysusers: handle NSS errors gracefully
df1ed3fbe2 man: fully adopt ~/.local/state/
9d40e5c9c6 man: mention that distinction between /usr/lib/ and /usr/share/ is really about shared *ownership*
8dbb7e2a72 man: drop version info from file hiearchy man page
160b539a9d os-util: avoid matching on the wrong extension-release file
0ff6d2cf47 load-fragment: allow MountImages= with paths starting with /dev
cc4472c31e zsh: add run0 completions
d0a9cf084d docs: Update HACKING
a50e6c5709 README: add missing CONFIG_MEMCG kernel config option for oomd
71de25f2df boot: cover for hardware keys on phones/tablets
243276f008 core/manager: invoke special targets on signal only for system manager
efc44e0c3e core/dbus-manager: refuse SoftReboot() for user managers
399e788553 meson: Define __TARGET_ARCH macros required by bpf
a946258e9d coredump: correctly take tmpfs size into account for compression
05dcd242dc docs: update RELEASE.md to use same repository for stable branches
0a97db8789 docs: Add section to HACKING.md on distribution packages
3c91ea49d2 docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type
ea92f16422 test: fix TEST-74-AUX-UTILS.ssh.sh on SUSE
f52475dcf3 test: preserve symlink in inst_recursive()
10b7e0a0af test: fix TEST-24-CRYPTSETUP on SUSE
4f7d6885a1 test: install /etc/hosts
e94e33b566 test: split the resolved test suite into separate test cases
4d561a0e08 mkosi: update debian commit reference
05c9bc547b units: add dep on systemd-logind.service by user@.service
d1cd66ca97 repart: add sections to --help text
c2f74defaa Conditional PSI check to reflect changes done in 5.13
df990be913 core: try again bind mounting if the destination was already created
24987eb3cc mkfs-util: Set sector size for btrfs as well
e34f436433 repart: Don't set filesystem sector size to 512
3c88c94432 repart: Log more about filesystem sector size
86d47d63b0 core/unit: follow merged units before updating SourcePath= timestamp too
9dec66fc5f meson: use less verbose quoting
6c8e99dedd TEST-54-CREDS: Use UEFI firmware if available
78631dcafd TEST-18-FAILUREACTION: Set auto firmware
71fb49d02c TEST-09-REBOOT: Set auto firmware
938f7b6f29 TEST-06-SELINUX: Explicitly pull in autorelabel.service
37412c952d TEST-70-TPM2: Use UEFI firmware if available
7ee60a8614 resolved: correct parsing of OPT extended RCODEs
711f843e3a TEST-45-TIMEDATE: Use syslog identifier journalctl match
6ead24fcac resolved: allow the full TTL to be used by OPT records
dc0167b674 TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic
fb747bd8cd LICENSES/README: expand text to summarize state for binaries and libs
ffc8126cc6 test: pull in multi-user.target explicitly
b908f492bc TEST-64-UDEV-STORAGE: Fix python 3.9 compatibility
1c4f25c296 TEST-64-UDEV-STORAGE: Use bus pci slot 1 instead of 0
9663bb7410 TEST-58-REPART: reverse order of diff args
2f455914f7 man/tmpfiles: remove outdated behavior regarding symlink ownership
24dd273402 test-mountpoint-util: add a test for bind mounted symlinks
99cb4bdbbb mountpoint-util: do not assume symlinks are not mountpoints
4437967cab hostnamed: if polkit authentication fails for Varlink Describe() call, don't reply to client with an error
fb7ec285c9 core/exec-invoke: use sched_setattr instead of sched_setscheduler
5911f1ec25 cryptsetup: improve TPM2 blob display
57661f4ea9 util: make file_read() 64bit offset safe
e2fb3dda24 man/capsule@.service: the capsule user is prefixed with "c-" rather than "p_"
2547de4629 man/capsule@.service.xml: fix typo
98928cf0a7 nspawn, vmspawn: honor the new window title switch
9cbb3aadd5 run: add environment variable to prevent the setting of terminal title
81acc5b39a test-execute: add a test case for issue #33299
d008b3fb26 core: do not filter out write() if required in the very late stage
d580b1f850 core: use write() to send handoff timestamp
52eeeb7d3d seccomp-util: split out seccomp_filter_set_add_by_name()
8e775590f1 Fix typo in CAP_BPF description (#33464)
54910267ba test-network: check if static routes not overridden by NDisc routes
4fda6e8f34 network/ndisc: do not remove static routes when received RA with zero lifetime
34bef8dfac network/ndisc: do not override conflicting static routes
0b909bf685 core/exec-invoke: reopen OpenFile= fds with O_NOCTTY
52371fe526 core: verify WorkingDirectory= is outside of API VFS only under mount namespacing
ec5ac3ea53 terminal-util: use colon as separator for specifying color
421ccd7094 man: fix double is typo in systemd-tmpfiles
778034f42e test: skip test-cgroup-id on ENOSYS from cg_cgroupid_open
3174fae67b meson: bpf: propagate 'sysroot' for cross compilation
a6906475be kernel-install: correct the place where it works in man and help text
3e435e970d man/systemd.exec: list inaccessible files for ProtectKernelTunables
90b5cb35e9 Use consistent spelling of systemd.condition_first_boot argument
b6316b8fac login/user-runtime-dir: free ignored sd_bus_error, avoid triggering assertion
71546deef5 login/user-runtime-dir: use STRLEN where appropriate
fbfc88af5e pretty-print: take console glyph width into account when drawing progress bar
058fca7e6c mkosi: add support for TEST_SAVE_JOURNAL to integration test wrapper
50ae476efd semaphore: pin packaging to ci/v256/stable branch
771bb489bf test: skip TEST-69-SHUTDOWN on Debian
69c51768ef meson: Bump version to 256.2~devel
273b5622ac meson: Fix various versions
9150ffc98a src/boot/efi/meson.build: ensure VERSION_TAG exists in case of cross build
1eb122033f mkosi: Build a disk image by default again
84d6fec8f9 meson: Deal with potential stable versions
851f991b1c mkosi: bump to latest commit
3d3bc1d999 mkosi: Switch back to btrfs
ce41fdbfdc mkosi: Install btrfs-progs on CentOS as well
1566c15fe4 mkosi: Enable hyperscale-packages-experimental for CentOS
33ad0ea834 mkosi: Drop leftover systemd-coredump-debuginfo package for opensuse
2286ae91f4 mkosi: Drop s390x console patch from opensuse spec
7404ba69cf mkosi: use new standalone-shutdown package for debian's exitrd
3f0763b5a6 mkosi: update debian commit reference
9d0259e5bc mkosi: bump Debian Salsa commit to latest
87fc64db36 mkosi: install new split-out systemd packages
245d17d8dd mkosi: update arch commit reference
8717dc0dd4 mkosi: switch opensuse to devel branch
6f720b609a mkosi: update fedora commit reference
a09800cd16 mkosi: update fedora commit reference
e3703f4327 mkosi: Install zypper in opensuse images
a7da351f39 mkosi: Fix sync script git command
a39473aac7 mkosi: Clean up old packages from the build directory
2e0af5f6fe mkosi: remove conflicting deb packages from builddir
6a898c35da mkosi: Copy packages to the build directory as well
16ea64e2be mkosi: Make sure we don't hide errors from git merge-base
3f42d88faa mkosi: Install perf
f2c782c043 mkosi: Install pciutils
054fc83a23 mkosi: move variable to the right scope
8abb2e0f55 mkosi: Don't touch the packaging checkout if work is being done
59ab01d32f vmspawn: define QEMU_MACHINE_TYPE for loongarch64
ba28889c65 vmspawn: define QEMU_MACHINE_TYPE for riscv
715d146a3a docs: fix dead link to GNOME documentation
34ba18b012 logs-show: do not use _SOURCE_MONOTONIC_TIMESTAMP field
f8f669fd69 repart: fix memory leak
7b18adadde mkosi: restrict noble-backports to noble builds
08b8237303 tmpfiles: move --purge to command section in --help text where it belongs
e760157389 tmpfiles: insist on at least one configuration file being specified on --purge
90ec026570 tmpfiles: honour --dry-run when removing directories
c26e56d08f install: allow removing symlinks even for units that are gone
a776dcf7af NEWS: fix typo
d89c99c7ad mkosi: bump to latest
b455006ae1 CI: disable secure boot in mkosi GHA runs
4cc6da9a5d test-network: mention that the captive portal option is supported since v2.20
f7d55cc801 core/service: fix accept-socket deserialization
7d65709901 test: use 'auto' instead of 'uefi' for automated fallback
6178aa4bbc test: support TEST_NO_QEMU in mkosi integration wrapper
a36cb5660e test: support TEST_NO_KVM
df1e7d9572 test: drop obsolete comment
51a2e7be5e test: drop unneeded firmware: uefi setting
50b53b8221 test: check the skip condition before installing additional files
9802a28b36 mkosi: install EFI packages only on EFI architectures
21feae324e mkosi: use ports.ubuntu.com for non-x86 backports
9f5f3c2f8b mkosi: enable unprivileged user ns for integration tests
1a0e6961cf man,units: drop "temporary" from description of systemd-tmpfiles
aedeaf7450 man: add a bit of a warning to systemd-tmpfiles --purge
3706b5e8e9 fundamental: declare flex array updated for gcc15 and clang 19
51390a1f41 analyze: show pcrs also in sha384 bank
a61a83a22b CODING_STYLE: document "reterr_" return parameters
2034de6157 shell-completion: only offer devices for completion
4ebcdcb136 NEWS: note that new stable releases will be in the main repo
d316aed5d8 repart: Use CRYPT_ACTIVATE_PRIVATE
4a468387ac test: dump a simple summary at the end of TEST-02-UNITTEST
70f5fb2f7a repart: Use crypt_reencrypt_run() if available
ba031f1fe8 resolved: permit dnssec rrtype questions when we aren't validating
30df42a927 tpm2-setup: Don't fail if we can't access the TPM due to authorization failure
514ef0f93b strbuf: use GREEDY_REALLOC to grow the buffer
a3d94332a2 rules: Limit the number of device units generated for serial ttys
0d573787ea sd-dhcp-server: clear buffer before receive
f2b5c1ff51 hostnamed: don't allow hostnamed to exit on idle if varlink connections are still ongoing
d918804408 man/systemd: reorder content a bit
1c27c902ad Create CNAME
Dropped merged patches:
0001-src-boot-efi-meson.build-ensure-VERSION_TAG-exists-i.patch
0003-meson-bpf-propagate-sysroot-for-cross-compilation.patch
Changed git repo back to systemd main one since that is going to
be used for v256-stable branch and newer releases instead of the
systemd-stable git repo.
(From OE-Core rev: ab6c94006c1e902d63cdd04d978ea3b74fe811b2)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To avoid false positives (such as CVE-2023-6992, cloudflare:zlib), add a
CVE_PRODUCT to identify the vendors that have been used.
Removing the present existing CVE_STATUS for CVE-2023-6992.
(From OE-Core rev: 119b775b36dfd51286493763cffb6e965893b8fd)
Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The test writes to the disk and means the space used changes. If this
crosses a number boundary, the heading spacing can change causing a test
failure. This was triggered by a recent gcc upgrade.
Add a fix for this which has been shared with upstream.
(From OE-Core rev: ca6f0d81fc7d5e53d216e5131724e826369fd4ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since this is a bootstrap recipe with PACKAGES = "", inherit the nopackages
class to skip the various packaging functions which wouldn't do anything anyway.
This fixes errors from buildhistory changes where packages-split would be empty.
(From OE-Core rev: 731c3d6f16fdf7f9eb862a477a5363c82cac237c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
How debugging is laid out is for the distro to decide, not the recipe. If the user
wants this, they can set this. This recipe isn't special.
(From OE-Core rev: 3250bdf1d9da2908b80326f4d3a61b0131fe6e2b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Create the separate dbg package and then drop and the INSANE_SKIP values
as none of them appear to be needed once debug splitting is fixed.
(From OE-Core rev: 922b5e7272c9b63c39d0c5ee0a67f08664994ab9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In my local testing there are now no QA issues from this recipe so we can drop
the ptest INSANE_SKIPs.
(From OE-Core rev: 0a6821ca4a1c8aa26d3bf6ec1e8b2f86597a1699)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As discussed in the bugzilla entry, musl doesn't work with multilibs.
I originally sent this patch in 2020 but was told that support was being
added. I recently revisited the bug and retested a basic config which still
fails the way it did in 2019. Since clearly nobody is using this, make it clear
we don't support it. If anyone does add support, we can remove this error very
easily.
[YOCTO #13122]
(From OE-Core rev: 4da308d37aa51231b617fedb401076c13cafd89a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rtaher than trying to use a sqlite database over NFS from DL_DIR, work from
a local copy in STAGING DIR after fetching.
(From OE-Core rev: 03596904392d257572a905a182b92c780d636744)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, "tarball" sdk based recipes don't generate SPDX manifests as they
don't include the rootfs generation classes. Split the SPDX 3.0 image class into
two so the SDK components can be included where needed.
To do this, introduce an SDK_CLASSES variable similar to IMAGE_CLASSES which
the SDK code can use.
Migrate testsdk usage to this.
Also move the image/sdk spdx classes to classes-recipe rather than the general classes
directory since they'd never be included on a global level.
For buildtools-tarball, it has its own testsdk functions so disable the class there as
a deferred inherit would overwrite it.
(From OE-Core rev: 662396533177b72cc1d83e95841b27f7e42dcb20)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This CVE status should have been removed on version update.
CPE says >=2.34 and <2.39 while our version is already 2.40.
(From OE-Core rev: b568a8f428e76f75bb8c374983f62822325ebe8a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Enables usage of TCLIBC=picolibc extending OE functionality to build and use
picolibc based toolchains to build baremetal applications.
Picolibc is a set of standard C libraries, both libc and libm, designed for
smaller embedded systems with limited ROM and RAM. Picolibc includes code
from Newlib and AVR Libc, but adresses some of newlibs concerns, it retains
newlibs directory structure, math, string and locale implementations, but
removed the GPL bits used to build the library, swiches old C style code for
C18 and replaces autotools with meson.
This patch adds a picolibc recipe for the C library, a picolibc-helloworld
recipe that contains an example application and a testcase that builds it.
Picolibc can be built for ARM and RISCV architectures, its been tested both
for 32 and 64 bits, the provided example recipe produces the following output:
hello, world
Runqemu does not automatically show any output since it hides QEMU stderr which
is where the QEMU monitors output is directed to when using semihosting, but,
manually running the same QEMU command does work properly.
(From OE-Core rev: c7535ecaccb72ef21a61f9aec5c68e61fb4f6fb6)
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandro@enedino.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2.80.0 - March 14, 2024
=======================
- Mark plugin functions as exports on Windows (!250, Amyspark)
- Updated translations
2.80.rc - February 29, 2024
===========================
- GnuTLS: fix improper use of IP address in SNI extension (!247, MARTINSONS Frederic)
- GnuTLS: major performance improvement: reduce unnecessary trust list creation (!249)
- OpenSSL: properly handle BIO_CTRL_EOF (!248)
- Updated translations
2.80.alpha - January 5, 2024
============================
- GnuTLS: Add warning when system has no trusted certificates (!243)
- OpenSSL: Fix bug when populating trust store (!244, Alessandro Bono)
- Fix license on dtls-connection.c test (!245, David King)
- Updated translations
As exposed by the warning when there are no trusted certificates, we should
RDEPEND on ca-certificates if either of the crypto backends are enabled
so that cryptography is usable.
(From OE-Core rev: 0e52a74bcf08cfdd879c74bff9b241a5007c7ef5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The base-files recipe provides /var/tmp -> /var/volatile/tmp symlink
which is in conflict with systemd upstream tmpfiles.d/tmp.conf which
defines it as a directory (or subvolume on btrfs).
This generates following error in journal:
Jul 03 15:37:21 qemux86-64 systemd-tmpfiles[158]: "/var/tmp" already exists and is not a directory.
Mitigate the issue by defining /var/tmp as symlink corresponding to
the one created by base-files.
(From OE-Core rev: 1f1f6f45e3cfe24dfee8a09d01a5d32f3080e381)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is applied unconditionally few lines above
(From OE-Core rev: e9c6dcbe0e93f943ee622ee88d30ce0eb3dd3329)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
