Changelog:
=========
drop world-readable permission on state file even when ACLs are enabled (#446)
fix potential DoS from unprivileged users via the state file (CVE-2022-1348)
fix a misleading debug message with copytruncate and rotate 0 (#443)
add support for unsigned time_t (#438)
do not lock state file /dev/null (#433)
(From OE-Core rev: 391fdcf742c4669c1c4654f9b022b3d277aa0038)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Fixed certificate strings comparison for Local authorization (CVE-2022-26691)
- The cupsFileOpen function no longer opens files for append in read-write
mode (Issue #291)
- The cupsd daemon removed processing temporary queue (Issue #364)
- Fixed delay in IPP backend if GNUTLS is used and endpoint doesn't confirm
closing the connection (Issue #365)
- Fixed conditional jump based on uninitialized value in cups/ppd.c (Issue #329)
- Fixed CSS related issues in CUPS Web UI (Issue #344)
- Fixed copyright in CUPS Web UI trailer template (Issue #346)
- mDNS hostname in device uri is not resolved when installaling a permanent
- IPP Everywhere queue (Issues #340, #343)
- The lpstat command now reports when the scheduler is not running
(Issue #352)
- Updated the man pages concerning the -h option (Issue #357)
- Re-added LibreSSL/OpenSSL support (Issue #362)
- Updated the Solaris smf service file (Issue #368)
- Fixed a regression in lpoptions option support (Issue #370)
- The scheduler now regenerates the PPD cache information after changing the
"cupsd.conf" file (Issue #371)
- Updated the scheduler to set "auth-info-required" to "username,password" if a
backend reports it needs authentication info but doesn't set a method for
authentication (Issue #373)
- Updated the configure script to look for the OpenSSL library the old way if
pkg-config is not available (Issue #375)
- Fixed the prototype for the httpWriteResponse function (Issue #380)
- Brought back minimal AIX support (Issue #389)
cupsGetResponse did not always set the last error.
- Fixed a number of old references to the Apple CUPS web page.
- Restored the default/generic printer icon file for the web interface.
- Removed old stylesheet classes that are no longer used by the web
interface.
(From OE-Core rev: 6f4131e73553f47709e19871c23a411275ab3857)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
Fix verbose output not working when using a2x or asciidoc entry points
(From OE-Core rev: 2e205c32eca591181df02e11d69e9b553638ea34)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
Now passing subtests are shown in the test run summary at the end
(for example: 10 failed, 1 passed, 10 subtests passed in 0.10s)
(From OE-Core rev: c271e8e831e91f9d29bf4c6ac62b950860941379)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add dependence python3-pkg-resources
Changelog:
==========
Ensure sorting a collection of versions is always stable, even with build metadata.
(From OE-Core rev: 70d68ca81fd92140367a832d7fb30963a2cac5c1)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The systemd-shutdown sets watchdog timeout to 10m (600 seconds) which is too
large, and caused errors when reboot on boars such as rpi4:
systemd-shutdown[1]: Failed to set timeout to 10min: Invalid argument
The watchog's default value is 60s, so set RebootWatchdogSec to 60s to fix the
errors. And <machin.conf> can set WATCHDOG_TIMEOUT when needed, for example,
the max timeout of rpi4 is 15 seconds.
(From OE-Core rev: 20a7ab9ff6ed777c6617a338d049ebe03fcc588c)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When running CVE checks in CI we're usually not interested in warnings on the
console for any CVEs present. Add a configuration option CVE_CHECK_SHOW_WARNINGS
to allow this to be disabled (it is left enabled by default).
(From OE-Core rev: 1054d3366ba528f2ad52585cf951e508958c5c68)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Also build with gtk+3 dependency if building for wayland without DISTRO_FEATURE "x11".
This fixes an error of missing gcr dependency for gnome-keyring
(From OE-Core rev: 040bfefb4390e67e0746fb6bdda0e4f383122d01)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are no users of lzop in oe-core, and there hasn't been a release of
lzop since 2017.
(From OE-Core rev: dea5e8863792dc7bb3324b543e04da4c94a060aa)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We may remove lzo so switch the test case to zstd.
(From OE-Core rev: f749a8b462b915713912342444f981125938a990)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
LZO is a fairly obsolete compression format these days, so disable it by
default.
(From OE-Core rev: 374756be0e332f625ebf8267a7d2216d9189a4d8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
LZO is a fairly obsolete compression format these days, so disable it by
default.
(From OE-Core rev: d5a484a01caebc71ddc98d04954199c3f4642c77)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have libxml2 2.9.14 and we don't link statically against libxml2 anyway
so the CVE doesn't apply to libxslt.
(From OE-Core rev: c6315d8a2a1429a0fb7563b1d6352ceee7bc222c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We never depended upon libjbig so this was never present. Add the
PACKAGECONFIG to make this explict.
CVE-2022-1210 is an issue in libjbig so we don't have a problem there,
mark as such.
(From OE-Core rev: 34e6a19f2430ee2fd0fec4bec1891e898a0d9766)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Building native Go tools results in the tool pointing to the wrong
location of dynamic linker (see below). The linker is looked up in the
temporary dir, which can be removed if rm_work is inherited. This
results in being unable to execute the program with the 'No such file or
directory' error. Override linker specificiation for native recipes (and
let Go build environment to pick up a correct one on it's own).
The error is observed in case the distro doesn't use uninative.bbclass.
If uninative.bbclass is used, the binary will be patched automatically
to use the uninative loader instead of the system one.
Without this patch:
$ ldd tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man
linux-vdso.so.1 (0x00007ffe945ec000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f3a7490e000)
/home/lumag/Projects/RPB/build-rpb/tmp-rpb-glibc/work/x86_64-linux/go-md2man-native/1.0.10+gitAUTOINC+f79a8a8ca6-r0/recipe-sysroot-native/usr/lib/ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2 (0x00007f3a74d13000)
$ tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man --help
-bash: tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man: No such file or directory
With the patch
$ ldd tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man
linux-vdso.so.1 (0x00007ffd19dbf000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f2d44181000)
/lib64/ld-linux-x86-64.so.2 (0x00007f2d44586000)
$ tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man --help
Usage of tmp-rpb-glibc/sysroots-components/x86_64/go-md2man-native/usr/bin/go-md2man:
-in string
Path to file to be processed (default: stdin)
-out string
Path to output processed file (default: stdout)
(From OE-Core rev: 44b397daa68b4d0a461225fe9ff7db8b5fcfdb7b)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* this doesn't fix any issue (at least AFAIK),
just keeps the log files more deterministic to avoid unnecessary churn like in:
--- /OE/build/oe-core/tmp-glibc/work/qemux86_64-oe-linux/keymaps/1.0-r31/temp/log.do_patch.2213051 2022-05-26 11:35:44.110063749 +0200
+++ /OE/build/oe-core/tmp-glibc/work/qemux86_64-oe-linux/keymaps/1.0-r31/temp/log.do_patch.2213372 2022-05-26 11:35:54.553062630 +0200
@@ -1,7 +1,7 @@
DEBUG: Executing python function extend_recipe_sysroot
-NOTE: Direct dependencies are ['virtual:native:/OE/build/oe-core/openembedded-core/meta/recipes-devtools/patch/patch_2.7.6.bb:do_populate_sysroot', '/OE/build/oe-core/openembedded-core/meta/recipes-devtools/quilt/quilt-native_0.67.bb:do_populate_sysroot']
+NOTE: Direct dependencies are ['/OE/build/oe-core/openembedded-core/meta/recipes-devtools/quilt/quilt-native_0.67.bb:do_populate_sysroot', 'virtual:native:/OE/build/oe-core/openembedded-core/meta/recipes-devtools/patch/patch_2.7.6.bb:do_populate_sysroot']
NOTE: Installed into sysroot: []
-NOTE: Skipping as already exists in sysroot: ['patch-native', 'quilt-native', 'attr-native', 'libtool-native', 'gettext-minimal-native', 'texinfo-dummy-native']
+NOTE: Skipping as already exists in sysroot: ['quilt-native', 'patch-native', 'attr-native', 'libtool-native', 'gettext-minimal-native', 'texinfo-dummy-native']
DEBUG: Python function extend_recipe_sysroot finished
DEBUG: Executing python function do_patch
DEBUG: Executing python function patch_do_patch
(From OE-Core rev: d3ebb37b97da15166d452bf51f5f7e0c312ae42e)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lzo isn't needed to build, so it doesn't need to be in the self-hosted
packagegroup.
(From OE-Core rev: 28beab2c5c90b66269bda89b2c0bed21018a0a61)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit 47d9d90b4ec7d04d6f3f1a9b97c0ab7f1264a88e.
This is no longer needed with a patch to fix importlib in python.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit 9d05227e910d3f374ba7a9763ff2584b9e40db61.
This is no longer needed with a patch to importlib in python.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are two issues inside importlib. Firstly, the modules are accessed in
on disk order. This means behaviour seen on one system might not reproduce
on another and is a real headache.
Secondly, empty directories left behind by previous modules might be looked
at. This has caused a long string of different issues for us.
As a result, patch this to a behaviour which works for us. Upstream discussion
can follow later, this is breaking builds for too many people to leave unpatched.
[YOCTO #14816]
(From OE-Core rev: e5944a38db513e033c3a3e9313267055f7254be7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In the native sysroot we should never have paths to the python3-native
build directory. These may or may not exist at the time some dependency
is building and nothing should rely upon them.
I suspect nothing is relying on this at the moment but clean up
just to be sure.
The various config copies are adjusted to be modified consistently as some
copies were and some were not. The Makefile has the "bad" ${B} paths
replaced with a dummy placeholder too.
(From OE-Core rev: ae9e6249ded8fc063d6333231c391cfa2d594567)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Without adding bitbake/bin to the PATH, some tests will fail when
they cannot find the main bitbake script.
(From yocto-docs rev: 1bbeb83bbff71a670ced81146732f04a947473b5)
Signed-off-by: Zachary T Welch <zach@aquabyte.ai>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Reviewed-by: Quentin Schulz <foss+yocto@0leil.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These issues only affect libtiff post-4.3.0 but before 4.4.0, caused by
3079627e and fixed by b4e79bfa.
(From OE-Core rev: 49e93892a37d1a2af2b0a155117441e978385e4c)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add some further info to the patch based on upstream changes. Given the last release
in 2017 and glaring issues on at least armv5, it does raise the question on whether
we should drop this. There are probably better compression tools now.
(From OE-Core rev: 241309c6dec364445093fa5973cc8998431cbed9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Allow wic to also manipulate the rootfs entry in fstab, which it
currently refuses to write. Reasons one might want to do that include
using systemd-growfs via --fsoptions on /
With this change / is now handled exactly the same as other
mountpoints, the former exception seemingly was not even documented.
(From OE-Core rev: 20d43a2599d7622b96e2fb0da87a886da1a3794a)
Signed-off-by: Tobias Schmidl <tobiasschmidl@siemens.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The grep is too wide, so it falsely fits additional lines that have
a UUID (i.e, `/`).
(From OE-Core rev: f72fdea1c890ddd793aa63bb9c1c0857962161cc)
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
LZO is a fairly obsolete compression format these days, so add an option
to enable/disable LZO to btrfs-progs and disable it by default.
(From OE-Core rev: 26ffb0300cfa365627299a7af2efcb230f5951f0)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For OE-Core our policy is to stay as close to the kernel stable releases
as we can. This should ensure the bulk of the major kernel CVEs are fixed
and we don't dive into each individual issue as the stable maintainers are
much more able to do that.
Rather than just ignore all kernel CVEs which is what we have been doing,
list the ones we ignore on this basis here, allowing new issues to be
visible. If anyone wishes to clean up CPE entries with NIST for these, we'd
welcome than and then entries can likely be removed from here.
(From OE-Core rev: 319d465d44328b5f062d2da0526c0e8b189b4239)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
pfc files are used e.g. in 38-basic-pfc_coverage.sh
valgrind_test.supp is required, when valgrind is installed, otherwise
all valgrind tests fail
(From OE-Core rev: 32ba67bc37b5ca73f7d29cb6c7de281ab8f824bd)
Signed-off-by: Joerg Vehlow <joerg.vehlow@aox.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The .dot file created by `bitbake -g` changed formats a while ago, which
broke oe-depends-dot.
Also add some useful examples to the --help output.
(From OE-Core rev: 7751bc4909f3834e43db020ebb91665a5d7960a9)
Signed-off-by: Rusty Howell <rustyhowell@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
Misc
-----
#3328: Include a first line summary to some of the existing multi-line warnings.
(From OE-Core rev: a7881dfcd5cb9de175799bb3eadba9ca9864aa4d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes to 0.4.26:
- Use tox for all multi-version testing
- Fix use of pytest, use it via tox
(From OE-Core rev: 4f4483a5e9df585d74071d30a52fd5839d320828)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
