rpm 4.19 now builds with LFS64 support enabled by default,
so it calls statvfs64() to get the space available on the
filesystem it is installing packages into. This is not
getting caught by pseudo, so rpm is checking the host's
root filesystem, rather than the filesystem where the
build is happening.
Merge in that fix and a gcc14 fix.
(From OE-Core rev: f7ef390b70709c0b6a607fcfe1da4c85144840e5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f6d021c860b2b99f46c604149317b326f493022d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
USB devices are auto-mounted in a directory named like theirs labels.
Special characters like whitespace are octal-escaped in /proc/mounts
output. Using directly this output file as an argument for umount failed
and the mount directory can't be removed as still busy.
Using printf allows these special characters to be unescaped.
(From OE-Core rev: c3c31248233356a04db1d5ed375b647656d80fa0)
Signed-off-by: Jonathan GUILLOT <jonathan@joggee.fr>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 37f17625d931a06888388682dc2b1f5a2d298125)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
do_populate_lic dependencies are defined inside license.bbclass such as:
addtask populate_lic after do_patch before do_build
but externalsrc deletes the do_patch task, so the only dependency left for
do_populate_lic is "before do_build"
On a devtool context, when doing devtool modify, sources are extracted inside
build/workspace/sources/${BPN}/ and local files inside
build/workspace/sources/${BPN}/oe-local-files
When building the recipe after a devtool modify, do_unpack is called again to
unpack (possibly modified) local files from
build/workspace/sources/${BPN}/oe-local-files into ${WORKDIR}.
Since the only left dependency for do_populate_lic is do_build, the
do_populate_lic can be called BEFORE do_unpack. Most of the time this is not a
problem, because license files are generally located inside ${S}, which
corresponds to build/workspace/sources/${BPN} (and is already unpacked),
but this can lead to an issue if recipe sets LIC_FILES_CHKSUM to look for
files in ${WORKDIR} (example from init-ifupdown_1.0.bb):
LIC_FILES_CHKSUM = "file://${WORKDIR}/copyright;md5=3dd6192d306f582dee7687da3d8748ab"
So devtool modify init-ifupdown && bitbake init-ifupdown gives the following
error:
WARNING: init-ifupdown-1.0-r0 do_populate_lic: Could not copy license file <...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/copyright to <...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/license-destdir/qemux86_64/init-ifupdown/copyright: [Errno 2] No such file or directory: '<...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/copyright'
ERROR: init-ifupdown-1.0-r0 do_populate_lic: QA Issue: init-ifupdown: LIC_FILES_CHKSUM points to an invalid file: <...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/copyright [license-checksum]
ERROR: init-ifupdown-1.0-r0 do_populate_lic: Fatal QA errors were found, failing task.
ERROR: Logfile of failure stored in: <...>/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0/temp/log.do_populate_lic.838584
ERROR: Task (<...>/poky/meta/recipes-core/init-ifupdown/init-ifupdown_1.0.bb:do_populate_lic) failed with exit code '1'
Fix this by forcing the do_populate_lic task to run after do_unpack
(From OE-Core rev: bc02b59ca6506d727450512ac2490b8861de59ca)
Signed-off-by: Julien Stephan <jstephan@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ea6a0cccdd274534809df62a0a196bf83489a1e5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
We occasionally see races over the lockfile used by externalsrc/devtool
when walking files for the source_date_epock calculation. Skip this file
if present to avoid the issues and fix a real issue where SDE could be
contaminated too.
[YOCTO #14921]
(From OE-Core rev: 6bb824019fd7335a10fdcebf7d301c101d60ad61)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4bc0eb4bd90e6e6e46581a8ed367212bdd910a26)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Most of the allarch code is conditional and only set if the recipe remains marked
as allarch. The qemu wrapper handling is not handled in the same way however and
is unconditional.
Move the code to some slightly uglier inline python to allow it to be conditional
and match the way the rest of the code works.
(From OE-Core rev: 2e206eb9b43c267e939ccb3cdfa62d9666ff5efa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dfd704f1741dccd9a85338c5d45dee4be079064d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
==========
* Fix operation of --no-absolute-filenames --make-directories
* Restore access and modification times of symlinks in copy-in
and copy-pass modes.
0001-configure-Include-needed-header-for-major-minor-macr.patch
revmoed since it's included in 2.15
(From OE-Core rev: e912a11c5fa6709708428f2d0fe3a29a344cd43a)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c4fb7512a5b1c13234e3733cba1c4bf246c77861)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pull in fixes for CVE-2023-6246, CVE-2023-6779 and CVE-2023-6780.
(From OE-Core rev: 07847f5945ff67340803149242a629741d619bf5)
Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The CPE vendor is "gnome" and the CPE product is "gtk" for both gtk+3
and gtk4 recipes. Set CVE_PRODUCT so we properly match the NVD database.
(From OE-Core rev: e1bab7d2f5a885f2e4fd0332599edb8bfa55be45)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 253f5f745d66acefcc739f1c9ad2dd46be630e47)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Primarily list the number of patches found, useful when debugging.
Also clean up some bad escaping that caused warnings and use
re.IGNORECASE instead of manually doing case-insenstive rang matches.
(From OE-Core rev: 55d7393eda71fa37a93c1a0f5c8f7f18640cf079)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 10acc75b7f3387b968bacd51aade6a8dc11a463f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Handle CVE_STATUS[...] being set to an empty string just as if it was
not set at all.
This is needed for evaluated CVE_STATUS values to work, i.e. when
setting not-applicable-config if a PACKAGECONFIG is disabled.
(From OE-Core rev: a8ccf2abdc89cf4ae3dce1fed4163e3c1399e528)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c9f20f746251505d9d09262600199ffa87731a2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This is fixed via a patch added in gcc-13.2.inc already, but still
reported e.g. for libgcc as it is not defining an own source but use the
shared gcc-source.
(From OE-Core rev: cc78945cf8372eea743ecddfca47cbc084641678)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 301d45eacfd4ae6bddfb13207e2af9e8b4662bc8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport the upstream fix for CVE-2023-48795.
(From OE-Core rev: c2894768c270e2698de23884f59e823f185820a0)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 314fa19c5e07fa632ff0434a6adbb97de1319a02)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
(From OE-Core rev: 7523c7b3609220b4dfc2bb0a83c552db60e1dc7e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9f953a1cd832f03f0b3666168addf45fd4fc8d14)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This fixes an ugly formatting issue in the HTML output
(From yocto-docs rev: dde4b815db82196af086847f68ee27d7902b4ffa)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add the hint to the test setup that runqemu-gen-tapdevs will need the
iptables package installed.
(From yocto-docs rev: 368bacc10a18100ef721c477b5d0abc5184eef91)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This ensures that string is prepended properly and eclosed in ''
Fixes the ptest runs on musl
(From OE-Core rev: 5f49d4c3f528c1e9a2884cc9cc8026b5d43517f9)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7bb45591f9caa7ff6b065220927a26e8261e2866)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The execution result of depmodwrapper is not checked which makes depmod
generation failed sliently and hard to detect.
So check exection result and stop building if depmodwrapper failed.
(From OE-Core rev: 2d8e913e2bfbb4ccbdf3eb747aab46fc38cf23e7)
Signed-off-by: Yang Xu <yang.xu@mediatek.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2f88e7d331390c6aaecc4522253e24791aec299e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit includes the 'cyfmac4373-sdio.clm_blob' file in
the list of files for the linux-firmware-bcm4373 package.
Without this file, the linux-firmware package adds all
firmware packages to the image.
(From OE-Core rev: 205b3990fe23dc05689ef619a4607e8903ebbec6)
Signed-off-by: Rodrigo M. Duarte <rodrigo.duarte@ossystems.com.br>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7886d3b77200e4488393fa11c8198658fcf386cd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Upstream website has disappeared; the tarball can still be downloaded
but this is probably not for long.
(From OE-Core rev: 12cb5cce1cad02125fbf695e0d94010535cf228a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit af59c518467d1174d1d63594fdd3279a2fdbd8f8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
QEMU_OPTIONS can be empty which will trigger a exception TypeError:
| can only concatenate str (not "NoneType") to str. Fix it by setting a
empty string.
ALso removed two useless blanks.
(From OE-Core rev: 3ccc642bb36373e81d80d41b4f213328c7bfb9cb)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b619197bd52a4a99a9989e7ea6fb7032415b1e42)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update license information for overall package, package libraries, and
package utilities in the recipe to match the license information as
described on the upstream website [1]:
"License. The libraries and backends are dual GPLv2+/LGPLv3+. The
utilities are GPLv3+."
[1] https://sourceware.org/elfutils
(From OE-Core rev: d0e082b8303ad9591983c95d19a199c8d22942da)
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c0728805f24cbd6a788871ae54af4ec8307e40d4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A issue was found when I run "runqemu genericx86-64 ovmf", grub failed
to boot, it's a known issue has been fixed in grub upstream, backport
the fix.
(From OE-Core rev: 10f783721decaec06e87dd7a140ea16f12b97539)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51eab4bb0cae46c9c32d28986eb97badf47594b7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
I'm not sure why this was included and enabled to begin with: the tests
predictably mass-fail if system time is set to after y2038.
(From OE-Core rev: 3d04849c741baeddd0677a18a468603b7112139d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c9c7ebd6e447bce19803253afd881854f686b5f6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When invoking runqemu with Python 3.12, the following warning is
encountered:
|SyntaxWarning: invalid escape sequence '\.'
This is because the interpreter scans the string before it is processed
by the regex module, and it interprets the backslash as part of an
escape sequence, but not a standard one. This will be registered as an
error rather than a warning in future Python versions. To avoid the it,
simply add an extra backslash so that Python doesn't misinterpret the
string, while the regex parser still sees an escaped '.' character.
(From OE-Core rev: 145672043d6d75a9e5a03afb4c205e8008218a3b)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0e8a4142bb90a92d175df6b2537d24a372356f98)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Disable another test that intermittently fails on the autobuilder.
(From OE-Core rev: 7c183e7470565db3085b4f18044567fc51c842ab)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d169e13f7e2eb6511f0ac98da63b060c6c0d53a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2023-36191 is now rejected in NVD DB so it won't shoup up in
cve-check report anymore.
(From OE-Core rev: 362a77ea331124ae4c84553c0dceb06b05150804)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This fixes CVE-2024-0232
(From OE-Core rev: 748c18468cc7de0173ab4796805704b9376cd391)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2019-25051.patch
removed since it's included in 0.60.8.1
Changelog:
============
-Fix memory leak in suggestion code introduced in 0.60.8.
-Various documentation fixes.
-Fix various warnings when compiling with -Wall.
-Fix two buffer overflows found by Google's OSS-Fuzz.
-Other minor updates.
(From OE-Core rev: 1d7ab8b0bc129efadd9144b87fa5208b4a8fcd6c)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ec3c8642f71b470936b6dd29331afa467ab865c7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
From release notes:
1.22 bug-fix release (1.22.8) was released on 18 December 2023.
This release only contains bugfixes and security fixes and it should be safe to update from 1.22.x.
(From OE-Core rev: 7d43da3f6f83d9a58a3bc54e55fefd591274afca)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 132d8b7e0188aae8849ae43cfffabce4389a55df)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Set `CVE_STATUS`for those CVEs, they have already been fixed with the latest
pull for stable branch fixes done in rev
e444d2bed0. Hence the issues are fixed
already.
(From OE-Core rev: a7b92c9c675c2c111e0b41121c1232b2e79de4ea)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e6fe23c95f1d0a8a0503cb71557cf3272bf9945)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FIXES [YOCTO #12342]
When testing a Multilib image, the package manifest list contains
the fully qualified package name which includes the Multilib Prefix.
This patch adds the MLPREFIX to the package names that are passed
into the @OEHasPackage() decorator to ensure the set isdisjoint()
matches correctly.
(From OE-Core rev: a27983e0b6bde730fe501c9931119bf18b2c376b)
Signed-off-by: Saul Wold <sgw@bigsur.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ab87e4f92305b2a664cc473869e1615cf56e0936)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The tests were not cleaning up after themselves and making assumptions about
memory resident bitbake being stopped by the scripts.
Add cleanup logic to ensure the tests don't break other things and
clean up created files.
(From OE-Core rev: 81d7011a793de2548c573ebb84f60fb80a357bed)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 692dd762a0c817797c28381c6169205fbaeb2705)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It is possible we could crash holding a lock whilst parsing in this code.
Switch to use utils.fileslocked() in the with expression to avoid this.
This may be causing some of our strange intermittent failures in PRServ
tests.
(From OE-Core rev: 4e3c9526c2389fd08d86d986014313e1d404f1fb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e59db15e5df2cc3d0ae042454812a2d54cef77b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The vardepsexclude was subtly wrong in that it referenced STATE_MANMACH
when the actual variable name is SSTATE_MANMACH.
(From OE-Core rev: a681f90caec27d4076bdae3b5b19df2d7f5978cd)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ec5054396f7fafea2a071d2695ae111fc585d6e6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Use oe.utils.get_bb_number_threads to get max_process
(From OE-Core rev: 162607e3f7fd490c4b01775a9516a1bcf643eae6)
Signed-off-by: Clay Chang <clayc@hpe.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f0056dca0a44c374f1f0c5fccbf66ae88e0b1850)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These two tests seem to fail semi-regularly so just stop running them.
(From OE-Core rev: aa52e8fe6f53c5e3e5466385b683ea209d833845)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1bfa564f1aa8b865f6c3ae3501e6d5f6cc0542eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Since switch from Makefile to meson based build,
the version is no longer hardcoded but queried from git tag.
This works only if git history is available.
When shallow tarballs are used, tag is not available.
Example error for trusted-firmware-a from meta-arm:
dtc version too old (039a994), you need at least version 1.4.4
Backport also patch to fix version in meson file.
(From OE-Core rev: a77defdac80d4cc660d6b6677bc166a1d1d338b5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 319f5d8a32d1f4a71ac997ce4522249b08f84945)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
