To avoid working with undeterministic config files, remove all the
temporary files to start from scratch.
(From OE-Core rev: 30cf3640bf18c8ec48d69c566938b38d8561d368)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74cd440c4e3df0ed3b81cf5c60a3f92e0dd3fe6c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When compiling busybox a second time (e.g. with `compile -f`), busybox
can use an altered autoconf.h file for compiling, which can ultimately
produces different and unwanted binaries.
This can produce errors like this one:
ERROR: busybox-1.35.0-r0 do_package: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:ptest_update_alternatives(d)
0003:
File: '…/poky/meta/classes/ptest.bbclass', lineno: 100, function: ptest_update_alternatives
0096: for alt_name, alt_link, alt_target, _ in alternatives:
0097: # Some alternatives are for man pages,
0098: # check if the alternative is in PATH
0099: if os.path.dirname(alt_link) in bin_paths:
*** 0100: os.symlink(alt_target, os.path.join(ptest_bindir, alt_name))
0101:}
0102:
0103:do_configure_ptest_base[dirs] = "${B}"
0104:do_compile_ptest_base[dirs] = "${B}"
Exception: FileExistsError: [Errno 17] File exists: '/bin/busybox.suid' -> '…/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'
This happens because ALTERNATIVE:busybox contains `/bin/login` twice,
initially that's because `/bin/login` is present in both
busybox.links.suid and busybox.links.nosuid. The reason for that is
because of the altered autoconf.h.
Steps to reproduce above error:
<add ptest to distro configs>
bitbake busybox -c clean
bitbake busybox -c package -f
bitbake busybox -c compile -f
bitbake busybox -c package -f
This patch guards against potential bugs by:
- making a backup of .config and autoconf.h that have matching
timestamps.
- make sure do_compile always starts with these files.
- restore .config and autoconf.h at the end of do_compile.
(From OE-Core rev: 6b38515e148cfd6657d8e10ffb6dc49abfea0c9f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6b4a0f063edcfe0a5a4f418842e86ac0c46d9cad)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We get random SSL failures when fetching the CVE database, and it's
notable that the NVD server is behind a DNS round-robin or geographically
diverse servers.
On a hunch that there is one misconfigured server, dump the IP that we
connected to.
(From OE-Core rev: 60e06c9666a2b254c50b2f51932d395f88dd550c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 91f46d431dc8f40e8c6475c800bb61cb08b82b0a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The database update has been done on the original file. In case of
network connection issues, temporary outage of the NVD server or
a similar situation, the function could exit with incomplete data
in the database. This patch solves the issue by performing the update
on a copy of the database. It replaces the main one only if the whole
update was successful.
See https://bugzilla.yoctoproject.org/show_bug.cgi?id=14929
Reported-by: Alberto Pianon <alberto@pianon.eu>
(From OE-Core rev: 66aa05be4c237d24295d5e02de6e2dbef43af6dc)
Signed-off-by: Marta Rybczynska <marta.rybczynska@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8efe99214d8b005f0ecac690ce5ba17b31758f92)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
dbus 1.14.4 (2022-10-05)
========================
This is a security update for the dbus 1.14.x stable branch, fixing
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
security hardening (dbus#416).
Behaviour changes:
• On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
Denial of service fixes:
Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote attacker.
• An invalid array of fixed-length elements where the length of the array
is not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
• A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (dbus#418, CVE-2022-42010; Simon McVittie)
• A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. This was a regression in
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
dbus 1.14.2 (2022-09-26)
========================
Fixes:
• Fix build failure on FreeBSD (dbus!277, Alex Richardson)
• Fix build failure on macOS with launchd enabled
(dbus!287, Dawid Wróbel)
• Preserve errno on failure to open /proc/self/oom_score_adj
(dbus!285, Gentoo#834725; Mike Gilbert)
• On Linux, don't log warnings if oom_score_adj is read-only but does not
need to be changed (dbus!291, Simon McVittie)
• Slightly improve error-handling for inotify
(dbus!235, Simon McVittie)
• Don't crash if dbus-daemon is asked to watch more than 128 directories
for changes (dbus!302, Jan Tojnar)
• Autotools build system fixes:
· Don't treat --with-x or --with-x=yes as a request to disable X11,
fixing a regression in 1.13.20. Instead, require X11 libraries and
fail if they cannot be detected. (dbus!263, Lars Wendler)
· When a CMake project uses an Autotools-built libdbus in a
non-standard prefix, find dbus-arch-deps.h successfully
(dbus#314, Simon McVittie)
· Don't include generated XML catalog in source releases
(dbus!317, Jan Tojnar)
· Improve robustness of detecting gcc __sync atomic builtins
(dbus!320, Alex Richardson)
• CMake build system fixes:
· Detect endianness correctly, fixing interoperability with other D-Bus
implementations on big-endian systems (dbus#375, Ralf Habacker)
· When building for Unix, install session and system bus setup
in the intended locations
(dbus!267, dbus!297; Ralf Habacker, Alex Richardson)
· Detect setresuid() and getresuid() (dbus!319, Alex Richardson)
· Detect backtrace() on FreeBSD (dbus!281, Alex Richardson)
· Don't include headers from parent directory (dbus!282, Alex Richardson)
· Distinguish between host and target TMPDIR when cross-compiling
(dbus!279, Alex Richardson)
· Fix detection of atomic operations (dbus!306, Alex Richardson)
Tests and CI enhancements:
• On Unix, skip tests that switch uid if run in a container that is
unable to do so, instead of failing (dbus#407, Simon McVittie)
• Use the latest MSYS2 packages for CI
(Ralf Habacker, Simon McVittie)
License-Update: D-Bus changed to dbus.
(From OE-Core rev: fbf8ea03aeb04e1efdc9693a66d618275bddc172)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 8c2ab4c014807e2d8ad0fded4188578aa05e8c55)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* switch from tar.gz to tar, because the tar.gz archives upstream are regular tar as well now
https://www.w3.org/XML/Test/ still has 3 separate URLs for .zip, .tar
and .tar.gz, but both tar links return the same file:
xmlts20080827.tar: POSIX tar archive (GNU)
xmlts20080827.tar.gz: POSIX tar archive (GNU)
-rw-r--r-- 1 martin martin 5.7M Sep 1 2008 xmlts20080827.tar
-rw-r--r-- 1 martin martin 5.7M Sep 1 2008 xmlts20080827.tar.gz
9b2c865aba66c6429ca301a7ef048d7eca2cdb7a9106184416710853c7b37d0d xmlts20080827.tar
9b2c865aba66c6429ca301a7ef048d7eca2cdb7a9106184416710853c7b37d0d xmlts20080827.tar.gz
96151685cec997e1f9f3387e3626d61e6284d4d6e66e0e440c209286c03e9cc7 /OE/build/downloads/xmlts20080827.tar.gz
(From OE-Core rev: 21dc18f24d7124796555372fcb4aca7280690ef0)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It seems importd still requires glib-2.0, add the missing dependency.
(From OE-Core rev: c54595fc7ee52ca2e5cd63ad30d397bbf64d7df9)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 224cd8ca540a2c9d7d407a44dccd63f808c1ea15)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In current psplash framework, the psplash might not exist at all.
For example, in case DSITRO is set to nodistro, the psplash does
not exist.
In our psplash recipe, we have:
SPLASH_IMAGES = "file://psplash-poky-img.h;outsuffix=default"
This variable is parsed to if psplash-poky-img.h exists, a package
named psplash-default is created and is added to RDEPENDS:${PN}.
We can see that the psplash-poky-img.h resides in meta-poky,
and in psplash_git.bbappend file in meta-poky, we have:
FILESEXTRAPATHS:prepend:poky := "${THISDIR}/files:"
So this file is only available in case poky distro is used.
To fix this issue, add condition check in the corresponding systemd
services.
(From OE-Core rev: 91c69c875a2d22898f5d643ad416b7df69cb2f7b)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7a62ff9ed39c179d2b9b0c40f4f8423ced413063)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The tests are packaged into the main glibc-tests package which is fine,
but then glibc-tests-ptest package needs to depend on that.
Which is what this commit addresses.
(From OE-Core rev: 6731e8ff3a0c036ebf3680bf86038e88d3450caa)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d37c2d428b09b9d0cbb875f083c6a1e9883a7fed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add --disable-tests to EXTRA_OECONF as the tests are not usable in
ptest - they can only run in-situ - and fails to build when building
with -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64.
(From OE-Core rev: 96dcd95cb04c28e19afbfaefa61b15497e499cff)
Signed-off-by: Ola x Nilsson <olani@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ec63f507362faacf49edb22b3c472e54e3cc62c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c.
With commit 894aee75433b4dc8d9724b126da6e79fa5f6814b we introduced some
changes to huge page handling, that show this error when building with
GCC v12.2.1, and thus need a small fix.
(From OE-Core rev: 760626c0409c4f735a0e00b73161d239c44e9645)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6918477ad121f9c7335c661433a909e948f66d51)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
From NEWS for v236:
* The "uaccess" udev tag has been dropped from /dev/kvm and
/dev/dri/renderD*. These devices now have the 0666 permissions by
default (but this may be changed at build-time). /dev/dri/renderD*
will now be owned by the "render" group along with /dev/kfd.
Without the group systemd-udevd startup logs:
/lib/udev/rules.d/50-udev-default.rules:39 Unknown group 'render', ignoring
/lib/udev/rules.d/50-udev-default.rules:40 Unknown group 'render', ignoring
(From OE-Core rev: f8e78f3f655b513280675fb353b21be6fb5e88c4)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 84efd72d48616405dbe4d73ec95917077144ed09)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to latest stable release
Changes:
ae8b249af4 (HEAD -> v251-stable, tag: v251.8) test: fstab-generator: adjust PATH for fsck
03514a9f64 man: add note that network-generator is not a generator
8c8a423821 condition: Check that subsystem is enabled in ConditionSecurity=tpm2
9243b88b55 test: wait for loop device to be removed
f5c2be99bc test: wait for the lodev to get properly initialized
8cfe979030 test: disable LSan in the ASan env wrapper
db00a62be8 test: introduce a simple environment file for test service
fd082f335e test: lower the # of mpath devices to 16
d17a45340b test: make TEST-64 a bit more ASan friendly
a51cc9e578 test: don't wrap binaries built with ASan
e176dca593 test: drop all LD_PRELOAD-related ASan workarounds
9fba4cdf61 test: set $ASAN_RT_PATH along with $LD_PRELOAD to the ASan runtime DSO
4fbf69fd1b semaphore: remove the Semaphore repositories recursively
6258394c1e test: wrap `ls` and `stat` to make it work w/ sanitizers in specific cases
db14b371df test: create an ASan wrapper for `getent` and `su`
1027d3d633 test: always wrap useradd/userdel when running w/ ASan
65ab7b0950 Revert "Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object_size."
f994276068 test: make TEST-63 more reliable on slower machines
68b4f10f82 test: use PBKDF2 with capped iterations instead of Argon2
1f32ec761c hashmap: use assert_se() to make clang happy
94a25aa6d5 coredump: drop an unused variable
5f09fa4d5e network: drop an unused variable
a29ddb989b machine: drop an unused variable
9a71cd3bf6 sd-journal: drop an unused variable
ae0537f18f ci: reenable validation of GH Actions files
6e92f64ca4 ci: temporarily disable validation of GH Action files
6cd1b11d02 cryptsetup: fix build with -Db_ndebug=true
0ab5e9fe98 test: wrap binaries using systemd DSOs when running w/ ASan
6d4ae5a7cd test: make the virt detection quiet
024ee3def9 test: check for other hypervisors as well
520be40734 test-mountpoint-util: support running on a mount namespace with another mount on /proc
2cd4aed358 test-mountpoint-util: use log_info()
c7b66dbe2a test-mountpoint-util: fix NULL arg to %s
4e49c726ad test: drop redundant log message
b57ef0c672 build(deps): bump meson from 0.63.2 to 0.63.3 in /.github/workflows
8c80564405 build(deps): bump ninja from 1.10.2.3 to 1.10.2.4 in /.github/workflows
70e90da84b build(deps): bump meson from 0.63.1 to 0.63.2 in /.github/workflows
489c00dee5 build(deps): bump meson from 0.63.0 to 0.63.1 in /.github/workflows
08e85ad43d build(deps): bump meson from 0.62.2 to 0.63.0 in /.github/workflows
b0619c9c55 build(deps): bump meson from 0.62.0 to 0.62.2 in /.github/workflows
d982169592 build(deps): bump systemd/mkosi
9d4af5fea1 mkosi: libbpf0 -> libbpf1
3abf9f08f1 mkosi: Switch to Fedora 37
18f9fbab08 mkosi: update to latest commit
5403b727a7 mkosi: Use SourceFileTransfer=mount
9744c04ffd mkosi: Drop kernel-modules-extra from Fedora config
ab2f7a9b9e mkosi: install fdisk for test-loop-block
17acdca99d mkosi: Set ExtraSearchPaths=build/ by default
420e782904 mkosi: update to latest commit
43ef15c752 mkosi: add back packages removed from OpenSUSE build
9a94aa1d88 mkosi: disable isc-dhcp-server again
d1785c462f mkosi: Ensure we build all features/components in mkosi
6712396da3 meson: Downgrade efi-ld warning
66309ee674 ci: Add mold to build tests
86c25ca937 ci: build with clang-15; drop clang-12
28457b030e mkosi: Drop workarounds
abecb21561 mkosi: Update to latest commit
d9eaf39930 mkosi: Update to latest commit
619b36b22c mkosi: Don't use InstallDirectory by default
cdf3fd312a mkosi: Use mkosi.output/ as output directory by default
b8a746e89b mkosi: Add package libfdisk to Ubuntu dependencies (#24211)
0e518f3639 ci: set a timeout for each mkosi stage
5e79cf977c mkosi: Update to latest
edef8edf0b mkosi: Update to latest commit
a0402d3ab6 mkosi: Update to latest commit
081168fa19 mkosi: Build against Fedora rawhide as well
a38a0504ec mkosi: Remove usage of deprecated option names/sections
47404f1802 mkosi: Changes to allow booting with sanitizers in mkosi
db1281e12e mkosi: Update Ubuntu config to 22.04
ca8dc691fe mkosi: Install xxd in images
f12a6945c6 ci: limit which env variables we pass through `sudo`
7e24ac6d77 mkosi: update to latest main
a46ba01e79 mkosi: Update to latest release
7ef1d71895 mkosi: Pull in fix that solves action mirror issue
d3d90ae66b mkosi: Update CI to mkosi 13
9bf797be2c ci: build systemd with clang with -Dmode=release --optimization=2
9e88b3a5e1 ci: bump gcc in the "build test" workflow
dcbc64db61 ci: prefer the distro llvm version if available
ccd81889d4 ci: bump GH Actions to Ubuntu Jammy where applicable
b8fbf21526 kernel-install/90-loaderentry: do not add multiple systemd.machine_id options
fe5e692bfc tests: minor simplification in test-execute
a94fe70bbe tests: make test-execute pass on openSUSE
4a65c1674b firstboot: fix segfault when --locale-messages= is passed without --locale=
c3b22515b9 test: introduce sanity coverage for auxiliary utils
c61e4377d7 udev: add safe guard for setting by-id symlink
2f4fdaaecc udev: drop redundant call of usb_id and assignment of ID_USB_INTERFACE_NUM
491924940f udev: first set properties based on usb subsystem
293c006789 test: further extend systemctl's sanity coverage
f48e6576a2 test: add a couple of sanity tests for systemctl
3d5e379808 test: rename TEST-26-SETENV to TEST-26-SYSTEMCTL
a34afc4197 namespace: Add hidepid/subset support check
2ac138a5b6 coverage: Mark _coverage__exit as noreturn
9952c228a9 parse_hwdb: allow negative value for EVDEV_ABS_ properties
7b6fa1d3e6 test: add a couple of sanity tests for journalctl
cf21555d6d sd-device-monitor: dynamically allocate receive buffer
ee42e84968 man: use the correct 'Markers' property name for marking units
45090f3418 core: fix memleak in GetUnitFileLinks method
7eefd2fbb7 network: forcibly reconfigure all interfaces after sleep
66fa6110ba resolved: fix typo in feature level table
2f8f1d9e4a network: skip to reassign master ifindex if already set
d94f197818 resolved: fix copypasta in resolved varlink API
b61fcaca1b udev: always create device symlinks for USB disks
6fc2f387af man: Add documentation for AssertCredential= (#25178)
c339e8d71b man: document reboot --poweroff exception
91b8491e97 network: allow 0 for table number
3f94f03389 network: Table= also accepts table name
bdd84e82e5 analyze: add --image= + --root= to --help text
23d66a03de meson: Fix build with --optimization=plain
98a45608c4 manager: allow transient units to have drop-ins
228cd82d2c manager: reformat boolean expression in unit_is_pristine()
06dc900efa (tag: v251.7) network/bridge: fix UseBPDU= and AllowPortToBeRoot=
b0972e4df0 homed: properly initialize all return params
d61ccd0252 meson: always use libatomic if found
833ad5f950 Revert "Fix issue with system time set back (#24131)"
73d1dc665b bash-completion: add systemd-dissect support
d89e9993d2 dissect: add missing --umount to the help output
087cbfd936 coredump: avoid deadlock when passing processed backtrace data
ab587aaf8e shared/json: use different return code for empty input
219272f7b2 shared/json: allow json_variant_dump() to return an error
d1066f33b5 man: document restrictions on naming interfaces
e2a07cdac6 qrcode-util: Add support for libqrencode 3.0
8be601f7ef seccomp: add riscv_flush_icache to allow list
3028e05955 (tag: v251.6) logind: fix getting property OnExternalPower via D-Bus
5da595db39 shared/condition: avoid nss lookup in PID1
40053e60f5 test: add more tests for StateDirectory= with DynamicUser=
0ba2e4bb69 core: do not create symlink to private directory if parent already exists
1de3cb97ee core: make exec_directory_add() extends existing symlinks
d7b83b9986 sd-ndisc: ignore failure in sending solicitation
e0ba044985 analyze: add forgotten return statement
40742ac74f basic/log: include the log syntax callback in the errno protection block
3e38c39600 logind: do not emit beep in wall messages
bf13ffec59 udev: drop assertion which is always false
78a8e938e4 man/shutdown: document how to switch to single-user mode
9de8a5d5d0 libbpf: add compat helpers for libbpf down to 0.1.0
9d5d267ab3 Try to load libbpf.so.1 as well
8cc2387b03 libbpf: Remove use of deprecated APIs
4abc5b2cfe repart: always honour `--discard=no`
b3d5724bfc ata_id: Fixed getting Response Code from SCSI Sense Data (#24921)
e91ea65aba resolve: unsupported DNSSEC algorithms are considered INSECURE; not BOGUS
73db7d9932 generator: skip fsck if fsck command is missing
80dc4425db udevadm: do not try to find device unit when a path like string is provided
7add2f21f1 resolved: don't access sshfp fields from tlsa printer
9d9a970ad7 resolved: fix parameter reuse in DNS_ANSWER_FOREACH_ITEM() iterator macro
913d22cf8d kernel-install: do not fail if $layout is not "bls"
25facc6e7f units: udev: partially emulate ProtectClock=
2e6e0498aa nspawn: fix two error strings
5befffa69a xdg-autostart-service: expand tilde in Exec lines
4cb75191c4 fix typo in log
738eca5e05 meson: add libatomic dependency
c40fa78968 xdg-autostart-service: Use common boolean parser
654ae8c1e4 (tag: v251.5) base-filesystem.c: add trailing zero byte for s390x entry
e4a19eef33 basic/missing_loop.h: fix missing lo_flags LO_FLAGS_DIRECT_IO
24238be484 mount-util: fix error code
1b1ad8c79f udev: certainly restart event for previously locked device
7dacfb3fb4 stub: Use EfiLoaderCode for kernel memory
eaeaf4f6ef network: do not silently stop to process configuration on activation failure
bb803856bc bus: use inline trace argument for ANONYMOUS auth
6349062326 Fix ObjectManager interface emitted for non-manager objects
c90ab07fa0 test-bus-objects: Test interfaces added/removed signal interfaces
e32fe1b457 Fix GetManagedObjects returning ObjectManager interface for non-manager objects
efd8e39f4a test-bus-objects: Test GetManagedObjects interfaces are correct
344efd022a coredump: when parsing json, optionally copy the string first
de08edca17 systemctl: color ignored exit status in yellow, not red
1531a496e3 manager: make clear internal Dump() logic is debugging only.
c4fd38f7d2 man: document the Dump() calls of the PID 1 D-Bus interface, and what they are
140fee4627 resolve: do not cache mDNS goodbye packet
1a2d93a770 kbd-model-map: correct variants for cz-qwerty to include comma
9d1ebb2247 resolve: persist DNSOverTLS configuration in state file
3137ac6ef5 udev: support by-path devlink for multipath nvme block devices
c948091cc5 run: make --working-directory= work for --scope too
7bb204620d kbd-model-map: add a mapping for switched czech qwerty/us
e5157050d1 test: add more test cases for mkdir_p_safe() and mkdir_p_root()
b3a9f7b5cb mkdir: chase_symlinks_and_stat() does not return 0
0bfdc91807 units: make sure that initrd-switch-root.service pulls in .target
45fb64c54b units: add dependency ordering for emergency.service conflicts
6535813084 units: add ordering dependencies on initrd-switch-root.target
09c90224f1 units/systemd-network-generator.service: add forgotten ordering for shutdown
1dd723a3b8 units: reorder/split unit dependency blocks
054cad0097 man: explicitly document that "reboot -f" is different from "systemctl reboot -f"
c5b0ae86b1 watchdog: use /dev/watchdog0 only if it exists
ac805eac15 journalctl: respect --quiet flag during file concistency verification
c1d729795d xdg-autostart-service: expand tilde in Exec lines
35c5f5d688 unit: drop ProtectClock=yes from systemd-udevd.service
175ba30cf6 busctl: Fix warning about invaild introspection data
6c7b91372d udev/rules,hwdb: filter out mostly meaningless default strings
8b89e677e9 units: prolong the stop timeout for homed
202a79e7c5 homed: don't wait indefinitely for workers on exit
44660d2e12 man: fix static bridge example
e0dde8a14f log: don't attempt to duplicate closed fd
254b77e73c condition: fix device-tree firmware path
96da39ddb1 udev-util: minor cleanups for on_ac_power()
3345520512 docs: fix incorrect env var name for credentials directory
49f9fa87b2 shell-completion: drop unused $mode
1e29d934de oomd: fix off-by-one when dumping kill candidates
b00cb050c8 on-ac-power: ignore devices with scope==Device
9886011356 on-ac-power: rework logic
1fc74d251e sd-device: add helper to read a unsigned int attribute
6d4c138534 shared/udev-util: say "ignoring device", not "ignoring"
cd2fad2300 virt: Support detection of Apple Virtualization.framework guests
6e47e75c86 virt: align tables
951e99231e check-os-release.py compatible with Python < 3.8
d572a74163 core/mount: adjust deserialized state based on /proc/self/mountinfo
2e372afc35 Allow uneven length BootXXXX variables
8ad143e684 gpt: fix native uuids for s390x
2bb9a0a29b udev: fix inversed inequality for timeout of retrying event
cf67d5ed1b bash-completion: add systemd-sysext support
ada437cfb1 sysext: add missing COMMAND to the help output and man synopsis
58bc1e8e04 hostname: make chassis type actually obtained from ACPI when nothing from DMI
4ffde70981 booctl: do not say uuids differ if one of the uuids is unset
5219a99ccb bash-completion: autocomplete cgroup names in systemd-cgtop
9f2f391153 sysusers: add fsync for passwd (#24324)
c966377c51 dhcp6: do not append ORO option when no option requested
97474b03e7 dhcp6: gracefully handle NoBinding error
c67a388aef udev/cdrom_id: check last track info
52c631b02e firstboot: fix can't overwrite timezone
f279a6f4d1 cryptenroll: fix memory leak
66b060225d sd-device-enumerator: drop noisy log messages
6e1acfe818 sd-device-monitor: actually refuse to send invalid devices
81339c45e8 sd-device-monitor: fix inversed condition
1760559918 resolvctl: only remove protocol after last dot when mangling ifname for resolvconf
a3348ba748 oom: drop invalid %m in the log message
b3dd66f32b meson: Test correct efi linker for supported args
f9d936b865 sysusers: properly process user entries with an explicit GID
ec5a46ca34 sysusers: only check whether the requested GID is available
037b1a8acc dhcp: fix potential buffer overflow
ed2955f8fe udev-util: assume system is running on AC power when no battery found
37b54927d3 Fix issue with system time set back (#24131)
4fdca1ab9e shared/generator: Ensure growfs unit runs after repart
32f9d70f8b manager: optionally, do a full preset on first boot
This resolves systemd-boot fails with latest meson,
while systemd -> 252 is being prepared.
(From OE-Core rev: 52d8f9211586156f2bb7534087dea79f1ebff542)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 1d96287906f66ad28e50c9686eaffc2fb7b874fe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since RRECOMMENDS declaration implictly induces building the recipes
that provide the runtime recommended packages, conditionalize adding
such values according to associated PACKAGECONFIG settings in order
to avoid redundant building.
(From OE-Core rev: 1859eaba8638549b2dc5d6ab3ae3c0b3793eac67)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit a1989add927f7805378fe4d5afbde780b747ba77)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* configure: Restore ucontext api functionality check.
In c3f01c72b303cbbb0cc8983120677edee2f3fa4b the use of the ucontext api
in the main program was removed, and with it the configure check for it.
However, the ucontext api is still used in the "explicit_bzero" test and
thus this test still needs to be in place.
See also: https://bugs.gentoo.org/838172
* configure: Restore the functionality of the '--disable-symvers' switch.
Without this fix the build was simply broken, if symbol versioning was
disabled for any reason, e.g. whether the compiler nor the linker
supporting it, or if disabled on purpose by the user (issue #142).
* Fix variable name in crypt(3) for a datamember of 'struct crypt_data'
(issue #153).
* Add glibc-on-loongarch-lp64 (Loongson LA464 / LA664) entry to
libcrypt.minver. This was added in GNU libc 2.36.
(From OE-Core rev: 9f78a2b3fd16c8aee398ad95a0fdbb412ac031fd)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7da5dd3b43718b876645602b1a23c739cbe8016d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Release 2.5.0 Tue October 25 2022
Security fixes:
#616#649#650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially
arbitrary code execution.
Bug fixes:
#612#645 Fix curruption from undefined entities
#613#654 Fix case when parsing was suspended while processing nested
entities
#616#652#653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
#656 CMake: Fix generation of pkg-config file
#658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
#667#668 Version info bumped from 9:9:8 to 9:10:8;
see https://verbump.de/ for what these numbers do
Includes a fix for CVE-2022-43680.
(From OE-Core rev: 5544b66484502a6353dcf4c220645a58bbec3af8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a257a674272dc638f09167e9b9202adfb477ef1e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes in 1.2.13 (13 Oct 2022)
- Fix configure issue that discarded provided CC definition
- Correct incorrect inputs provided to the CRC functions
- Repair prototypes and exporting of new CRC functions
- Fix inflateBack to detect invalid input with distances too far
- Have infback() deliver all of the available output up to any error
- Fix a bug when getting a gzip header extra field with inflate()
- Fix bug in block type selection when Z_FIXED used
- Tighten deflateBound bounds
- Remove deleted assembler code references
- Various portability and appearance improvements
Drop a number of patches whicih have been merged upstream.
(From OE-Core rev: b7805c7daef0690e27d44aa18cf3946e3108abbf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 115eb5326dc7f9256d58147b3655cd13d5994cfc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The custom path of the ca-certificates.crt within the buildtools-tarball requires more
environment variables to be exported. Namely REQUESTS_CA_BUNDLE for the python requests library
and CURL_CA_BUNDLE for curl.
(From OE-Core rev: facafa0f76af9cbf80f862497b66c18b3fbfa60b)
Signed-off-by: Jan-Simon Moeller <jsmoeller@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 5c249db9de8ad8cfe0996ff4fee4c575a5ff1e34)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The urlopen() call can block indefinitely under some circumstances.
This can result in the bitbake process to run endlessly because of
the 'do_fetch' task of cve-update-bb-native to remain active.
This adds a default timeout of 60 seconds to avoid this hang, while
being large enough to minimize the risk of unwanted timeouts.
(From OE-Core rev: e5f6652854f544106b40d860de2946954de642f3)
Signed-off-by: Frank de Brabander <debrabander@gmail.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a access or creation timestamp has 0 microseconds, then the test
fails as it doesn't expect this to be a valid value. Expand a previous
fix for modification times to cover these timestamps too.
[ YOCTO #14373 ]
(From OE-Core rev: 15715e6ad81c97cd50e288f3745615eb19be90d1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When a new zlib release is made, the top-level URL is no longer available
and it is only available as a .gz under the /fossils/ directory.
When this happens the source fetch fails and bitbake noisily warns that
it is using the mirrors. Avoid this by using the .gz tarball and add
the /fossils/ directory to PREMIRRORS so fetches will check there too.
(From OE-Core rev: c67f71abc61afec701c50e4e7941128eb701fb0a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otherwise when the installation of recommended packages is prevented
(NO_RECOMMENDATIONS = "1"), then splash screen will not be cast.
(From OE-Core rev: 2a0928532b8303858980d6df6271669dbb69e224)
Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com>
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
coreutils-native will pick up openssl on the host if it's GPL
compatible (version >= 3), which causes uninative failures with hosts
that don't have openssl3.
Add a PACKAGECONFIG entry for openssl so it can be enabled, but isn't
by default.
(From OE-Core rev: 9859a8124a0c09ac38d476445e7df7097f41d153)
Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
glibc-locale defaults to ENABLE_BINARY_LOCALE_GENERATION ?= "0", but gets
changed to "1" in the default-distrovars.inc
When it is explicitly set back to "0", it fails with this error:
ERROR: glibc-locale-2.36-r0 do_package: QA Issue: glibc-locale: Files/directories were installed but not shipped in any package:
/usr/lib/locale
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
glibc-locale: 1 installed and not shipped files. [installed-vs-shipped]
ERROR: glibc-locale-2.36-r0 do_package: Fatal QA errors were found, failing task.
There's a code to remove empty dirs in ${libdir}, but it's keyed off of
PACKAGE_NO_GCONV to clean up $[libdir]/gconv, just extend it to also cover
other empty dirs, including ${libdir}/locale.
(From OE-Core rev: b2565de1d9fb513c61f80a4f02be39ee9c31e7dd)
Signed-off-by: Denys Dmytriyenko <denis@denix.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the option to enable X11 forwarding in dropbear with a new
PACKAGECONFIG option ('enable-x11-forwarding'). Method uses
localoption.h file for dropbear feature selection.
Add backport patch to fix X11 forwarding in the current 2022.82
version.
(From OE-Core rev: f09d94979fd98f160ef7157b517489a43086333f)
Signed-off-by: Daniel Gomez <daniel@qtec.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An empty string assignment to WantedBy should clear all prior WantedBy
settings. This matches behavior of the current systemd implementation.
(From OE-Core rev: 8ede0083c28fadf1e83c9256618190b931edd306)
Signed-off-by: Bob Henz <robert_henz@jabil.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update SRCREV to bring in few bug fixes
Install a .so symlink which could be used during linking
install libdir to create if not existing
(From OE-Core rev: bac2c95f6331deafd3e07c927ba00a202db9a12b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The fix for this CVE has been merged into the 2.36 branch and fixed in
oe-core as of 055ce284.
(From OE-Core rev: ebb0220bf211ec1318a0a7f6a9ab80cf7775a848)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License change is due to copyright year changes only.
Changelog:
=========
Security fixes:
#629#640 CVE-2022-40674 -- Heap use-after-free vulnerability in
function doContent. Expected impact is denial of service
or potentially arbitrary code execution.
Bug fixes:
#634 MinGW: Fix mis-compilation for -D__USE_MINGW_ANSI_STDIO=0
#614 docs: Fix documentation on effect of switch XML_DTD on
symbol visibility in doc/reference.html
Other changes:
#638 MinGW: Make fix-xmltest-log.sh drop more Wine bug output
#596#625 Autotools: Sync CMake templates with CMake 3.22
#608 CMake: Migrate from use of CMAKE_*_POSTFIX to
dedicated variables EXPAT_*_POSTFIX to stop affecting
other projects
#597#599 Windows|CMake: Add missing -DXML_STATIC to test runners
and fuzzers
#512#621 Windows|CMake: Render .def file from a template to fix
linking with -DEXPAT_DTD=OFF and/or -DEXPAT_ATTR_INFO=ON
#611#621 MinGW|CMake: Apply MSVC .def file when linking
#622#624 MinGW|CMake: Sync library name with GNU Autotools,
i.e. produce libexpat-1.dll rather than libexpat.dll
by default. Filename libexpat.dll.a is unaffected.
#632 MinGW|CMake: Set missing variable CMAKE_RC_COMPILER in
toolchain file "cmake/mingw-toolchain.cmake" to avoid
error "windres: Command not found" on e.g. Ubuntu 20.04
#597#627 CMake: Unify inconsistent use of set() and option() in
context of public build time options to take need for
set(.. FORCE) in projects using Expat by means of
add_subdirectory(..) off Expat's users' shoulders
#626#641 Stop exporting API symbols when building a static library
#644 Resolve use of deprecated "fgrep" by "grep -F"
#620 CMake: Make documentation on variables a bit more consistent
#636 CMake: Drop leading whitespace from a #cmakedefine line in
file expat_config.h.cmake
#594 xmlwf: Fix harmless variable mix-up in function nsattcmp
#592#593#610 Address Cppcheck warnings
#643 Address Clang 15 compiler warnings
#642#644 Version info bumped from 9:8:8 to 9:9:8;
see https://verbump.de/ for what these numbers do
Infrastructure:
#597#598 CI: Windows: Start covering MSVC 2022
#619 CI: macOS: Migrate off deprecated macOS 10.15
#632 CI: Linux: Make migration off deprecated Ubuntu 18.04 work
#643 CI: Upgrade Clang from 14 to 15
#637 apply-clang-format.sh: Add support for BSD find
#633 coverage.sh: Exclude MinGW headers
#635 coverage.sh: Fix name collision for -funsigned-char
Special thanks to:
David Faure
Felix Wilhelm
Frank Bergmann
Rhodri James
Rosen Penev
Thijs Schreijer
Vincent Torri
and
Google Project Zero
(From OE-Core rev: 93c3f0e8dca180fd2dddf88bd0cfd68c0a70ec4c)
Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adresses CVE-2022-39046
Brings in following changeset
* c399271c10 nscd: Fix netlink cache invalidation if epoll is used [BZ #29415]
* b46412fb17 Add NEWS entry for CVE-2022-39046
* 645d94808a syslog: Remove extra whitespace between timestamp and message (BZ#29544)
* b3736d1a3c elf: Restore how vDSO dependency is printed with LD_TRACE_LOADED_OBJECTS (BZ #29539)
* 3c791f2031 Apply asm redirections in wchar.h before first use
* 924e4f3eaa elf: Call __libc_early_init for reused namespaces (bug 29528)
* b0e7888d1f syslog: Fix large messages (BZ#29536)
(From OE-Core rev: 055ce284cb4770026c6b0de34d4444568e03d47f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
:append can not be modified in bbappends and thus += is
better in re-usable, generic layers and recipes.
(From OE-Core rev: da88406ba592504a718f516b985adc0d4553080d)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The KDE build uses custom catalogs by setting XML_CATALOG_FILES, so this
wrapper should not override that value if it has already been set.
[RP: Add vardepsexclude since bitbake stores the expanded version of the variable
name in the siginfo data which would expand to a full build path in the native
case]
(From OE-Core rev: a6be6d307fbe69248b4905214712d67bfddf6b92)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit 8089cefed8 ("systemd: Add
PACKAGECONFIG for sysvinit") decoupled enabling of systemd's sysvinit
handling behavior behind a distinct PACKAGECONFIG feature.
This new option affects among other things the installing of
tmpfiles.d/legacy.conf, which is responsible for creating /run/lock
directory, which is pointed to by /var/lock symlink provided by
base-files package.
In case the option is not enabled, then base-files provided /var/lock
is a dangling symlink on resulting rootfs, causing problems with
certain Linux userspace components that rely on existence of writable
/var/lock directory. As an example:
# fw_printenv
Error opening lock file /var/lock/fw_printenv.lock
Since Filesystem Hierarchy Standard Version 3.0 states in
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s09.html that
Lock files should be stored within the /var/lock directory structure.
Ensure the /run/lock directory is always created, so that lock files
can be stored under /var/lock also when 'sysvinit' handling is
disabled.
(From OE-Core rev: 85e5ee2c35cf5778c3aefda45f526e8f6a511131)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd defines a default set of fallback DNS servers in
https://github.com/systemd/systemd/blob/v251/meson_options.txt#L328-L330
By adding a PACKAGECONFIG knob providing a convenient way to opt out,
and then adding that value to systemd's PACKAGECONFIG, the output from
runtime 'resolvectl status' command no longer contains the following
line:
Fallback DNS Servers: 1.1.1.1#cloudflare-dns.com 8.8.8.8#dns.google 1.0.0.1#cloudflare-dns.com 8.8.4.4#dns.google 2606:4700:4700::1111#cloudflare-dns.com 2001:4860:4860::8888#dns.google 2606:4700:4700::1001#cloudflare-dns.com 2001:4860:4860::8844#dns.google
(From OE-Core rev: 2b300d6b9ec6288a99d9dacb24a86949caf99e55)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* but it still won't work well on hosts without libxml2, make
sure to use pre-generated testapi.c in do_compile_ptest
* this is reproducible with SOURCE_DATE_EPOCH set to 0 which
e.g. meta-updater still sets by default for DISTROs which
use it :(, see https://github.com/uptane/meta-updater/pull/35
(From OE-Core rev: 178cea1593dc6e9a7eb74842615356d90d79f78f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
