Enable branch protection (PAC/BTI) for all aarch64 builds. This was
previously enabled at a global level in the GCC build, but that breaks
the gcc test suite.
(From OE-Core rev: a1119750e9b3b9fae4fa9698d2ea3710a5a73768)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8905639d1cdc5ce809cc5ecd9672f5e86bf8a579)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
By changing the default code generation of GCC we're inadvertently
breaking the GCC test suite, which has ~120K+ more failures when run for
aarch64 compared to x86-64.
This was because the generated code fragments included the BTI
instructions, which the test case wasn't expecting. We can't tell the
tests globally to run without branch protection, as that will break the
tests which also turn it on.
Remove the enabling of branch protection by standard in GCC, we'll
enable it in the tune files instead.
(From OE-Core rev: 759327cf6bd79118bae0c68e63742ae4721471d8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb4b9017db6a893ed054a2d2ad4cc671dec09c42)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Updating to the latest korg -stable release that comprises
the following commits:
d54cfc420586 Linux 5.15.120
c06edf13f4cf nubus: Partially revert proc_create_single_data() conversion
6e65fa33edf5 parisc: Delete redundant register definitions in <asm/assembly.h>
b4d8f8900021 drm/amdgpu: Validate VM ioctl flags.
26eb191bf5a0 scripts/tags.sh: Resolve gtags empty index generation
989b4a753c7e perf symbols: Symbol lookup with kcore can fail if multiple segments match stext
87f51cf60e3e Revert "thermal/drivers/mediatek: Use devm_of_iomap to avoid resource leak in mtk_thermal_probe"
6a28f3490d3d HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651.
67ce7724637c HID: wacom: Use ktime_t rather than int when dealing with timestamps
347732317749 bpf: ensure main program has an extable
d874cf9799a9 can: isotp: isotp_sendmsg(): fix return error fix on TX path
27d03d15bb8b x86/smp: Use dedicated cache-line for mwait_play_dead()
d6c745ca4fc5 x86/microcode/AMD: Load late on both threads too
9052349685e9 drm/amdgpu: Set vmbo destroy after pt bo is created
796481bedc3e mm, hwpoison: when copy-on-write hits poison, take page offline
6713b8f11aa0 mm, hwpoison: try to recover from copy-on write faults
b46021ab8304 mptcp: consolidate fallback and non fallback state machine
42ff95b4bd11 mptcp: fix possible divide by zero in recvmsg()
(From OE-Core rev: ab60a67c3effda6364fadcf78edf7792c75bff19)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 51c474534c27ac0739a6373595a49ebbc52c3715)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When building using an SDK, cmake complains that the target
architecture 'cortexa53-crypto' is unknown. The same build in bitbake
uses the target architecture 'aarch64'.
Set CMAKE_SYSTEM_PROCESSOR the same as for bitbake.
(From OE-Core rev: d877d5f07772ec4a05332068ddc03cf387313036)
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d32a6225eefce2073a1cd401034b5b4c68351bfe)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In order to build erofs filesystems, wic must have the erofs-utils package installed into its sysroot.
(From OE-Core rev: c349c7fcb299b123824da9a13ee58222a6cbf9ec)
Signed-off-by: Heiko Thole <heiko.thole@entwicklung.eq-3.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The original configure runs a generated binary to determine
features. This is not correct for cross compilation. So change
the runtime tests into compile-time tests to fix the issue.
(From OE-Core rev: 7d99f3a9a2a74fe2e8753b00553f07f305d14c87)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b9aca339b59238988c48b90ea5019bfc939ba4b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It's incorrect to run a cross-compiled program on build machine
to check if some feature is available or not. As these two checks
in zip are basically just checking the size, we can use _Static_assert
and sizeof to do such check at compile time.
(From OE-Core rev: 6f5986fb520ab89b0950d3e0fa8492de4de7798f)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dda778d855b1838ae3004a9af310724b913490b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The dnf contents should be moved to <host_sysroot>/etc/dnf/xxx
instead of just <host_sysroot>/etc.
(From OE-Core rev: 006ff31ddad4c53c63adf1dacecbf2783404a546)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74b78d160a985e98f869c777847ab798e419dd2d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Instead of printing an error message and continuing, we should just
error out when moving file fails.
(From OE-Core rev: 4ed94fef70df05c874cf0c68dcc95c5636687825)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 12aecd9da94b5f27041982c661e8bab316d365d4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
rpm2cpio.sh can make calls to unzstd to uncompress the RPM payload that
conform the cpio file.
zstd is already part of HOSTTOOLS, as a link to the system installed
zstd.
This patch add unzstd in HOSTOOLS list as a non-optional binary, so is
available to rpm2cpio.sh when it is required.
(From OE-Core rev: 5cee002e34d16e9d82045d3e8e3931ba046403d2)
Signed-off-by: Alberto Planas <aplanas@suse.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bff58d337890e804d33d7decbaa46065a4d3bba4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
* needed for rust-llvm-native on hosts with gcc-13
Based on commit 3382759cb6c5 ("llvm: backport a fix for build with gcc-13")
(From OE-Core rev: d6684a9c9f713ad30442a2a036ff86b534585400)
Signed-off-by: Alexander Sverdlin <alexander.sverdlin@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Currently, finding the elapsed time of each task in buildtimes.svg
is a manual effort of checking the top axis and finding and subtracting
the end and start time of the task.
This change adds the elapsed time for each task, so that
manual effort of comparing start/end time is avoided.
(From OE-Core rev: b2678422b411ccbd19a7b198c872b92077567391)
Signed-off-by: Mauro Queiros <Mauro.Queiros@criticaltechworks.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3efebd3404de548f0757863da237f2d18ce60013)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The first time logrotate runs it reports an error:
error: state file /var/lib/logrotate.status is
world-readable and thus can be locked from other
unprivileged users. Skipping lock acquisition...
This check was added with
1f76a381e2
This error is only reported once as logrotate removes
the world-readable permissions if this happens.
Since logrotate creates this file if it does not exist,
there should be no need to install it in the first place.
(From OE-Core rev: fbfd62ac655cf00b8f7c8fc832ce7434ad4966a3)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8169cd2d18f1569e4357f082adbef492710e8c36)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
libpng is a platform-independent library which
supports all PNG features.
This ptest executes the below binaries, parses
the png image and prints the image features.
1. pngfix - provides information about PNG image
copyrights details.
2. pngtest - tests, optimizes and optionally fixes
the zlib header in PNG files.
3. pngstest - verifies the integrity of PNG image by
dumping chunk level information.
4. timepng - provides details about PNG image chunks.
(From OE-Core rev: 2d58b38185ca7eed5d885b8d00ca549b57138554)
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This is a follow-up of 76e5fcb2 that also allow users to chose
the package manager using OEQA_REPRODUCIBLE_TEST_PACKAGE
(From OE-Core rev: 4402b746f49611abe71719dd1d174de79bb030bb)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d414d85b44077bac57aba36707b0fc699a73e97)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Allow users to set different build reproducibility targets than
the defaults using OEQA_REPRODUCIBLE_TEST_TARGET and
OEQA_REPRODUCIBLE_TEST_SSTATE_TARGETS variables in local.conf.
Fixing all issues from "world" builds is not possible in some
complex build environments with lots of layers. Limiting the focus to
a smaller subset allows using this test to detect and fix build
reproduction issues incrementally.
(From OE-Core rev: 3b82a7d74995c0670a6914c58b3d7c42327b8ee9)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit c66bebbce5995e386a1a4d055a914a39b6ee518d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Stable version release
Noteworthy changes in release 1.21.4 (2023-05-11)
** Document --retry-on-host-error in help text
** Increase read buffer size to 64k. This should speed up downloads on gigabit
and faster connections
** Update deprecated option '--html-extension' to '--adjust-extension' in
documentation
** Update gnulib compatibility layer.
Fixes HSTS test failures on i686. (Thanks to Andreas Enge for ponting it out)
License-Update: copyright years
(From OE-Core rev: 024feac4827dc847ba83a64de82cef524156a9ea)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 67ec2d5bab891cb92af9ca32304a4927daf51ed0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 4e7ec4bef86c79b4221a800ace700c58ce033de1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Apache Serf 1.3.10 [2023-05-31, from tags/1.3.10, r1910048]
Support for OpenSSL 3 (r1901937, ...)
Fix issue #171: Win32: Running tests fails with "no OPENSSL_Applink" error
Fix issue #194: Win32: Linking error when building against OpenSSL 1.1+
Fix issue #198: OpenSSL BIO control method incorrectly handles unknown requests
Fix issue #202: SSL tests are not passing with OpenSSL 3
Fix error handling when reading the outgoing request body (r1804534, ...)
Fix handling of invalid chunk lengths in the dechunk bucket (r1804005, ...)
Fix an endless loop in the deflate bucket with truncated input (r1805301)
Fix BIO control handlers to support BIO_CTRL_EOF (r1902208)
Fix a CRT mismatch issue caused by using certain OpenSSL functions (r1909252)
Build changes to support VS2017, VS2019 and VS2022 (r1712131, ...)
Build changes to support Python 3 (r1875933)
As serf is undead, we need to reassess all the remaining patches.
(From OE-Core rev: 275c6b7ac72330e14ba55907e8494314b63a9adf)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 775cbcc876edcb6c339f342a3253f5afcf6ef163)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 17a46eee905f0ecfdbebb014533848dc7e906ec7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Drop a backport patch as it is now integrated.
(From OE-Core rev: 134bac52904722cd63fde07f5784c0cca3fbcb05)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 80d26d1da47dcd9213a7083d9493a7bce0897a57)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There exists a use after free/double free in libwebp. An attacker can
use the ApplyFiltersAndEncode() function and loop through to free
best.bw and assign best = trial pointer. The second loop will then
return 0 because of an Out of memory error in VP8 encoder, the pointer
is still assigned to trial and the AddressSanitizer will attempt a double free.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-1999
Upstream patch:
a486d800b6
(From OE-Core rev: a5d0f8734ca643c25f0952387b38edf8ffd70525)
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available
standalone on CPAN, has an insecure default TLS configuration where
users must opt in to verify certificates.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-31486
Upstream patches:
77f557ef84a22785783b
(From OE-Core rev: 5819c839e1de92ab7669a0d4997886d0306c4cc1)
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There were vestigal remains of API key support which could be removed,
but as using an API key - in theory - gives the user larger rate limits
it's probably wise to expose it.
If the user has an API key, then set NVDCVE_API_KEY.
(From OE-Core rev: 200c2783b3f8546f561382fff6bd5268680d403a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a542de684282bfec79f24ae2f1a2027ffde319d8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add a note of what range we're fetching, and use bb.note() instead of
debug() as messages about retrying shouldn't really be considered debug
logging.
(From OE-Core rev: be409f17e64dac2c6fa2cafba73c2084c68c59bf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b64a869b9c5e1d504f1011da16b5c5ff721afbf0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Current 503 errors seem to last several seconds.
In most cases there are two errors and third request succeeds.
However sometimes the outage takes more than time needed
for two retries and third one also fails.
Extend retry count from 3 to 5 to improve the probablity
that the fetcher succeeds.
(From OE-Core rev: eceeba61b5da6d81f0677365f956464f1e5f1d84)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f4d118af2360cff7f234102fd5e4b65a6f4146a6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Last couple days it is not possible to update NVD DB as servers
are returning lot of errors.
Mostly "HTTP Error 503: Service Unavailable" is observed but
sporadially also some others.
Retrying helps in most cases, so extend retries to all errors.
Additionally add sleep which is recommended by NVD between requests.
These retries are already implemented between successful requests,
but giving servers time between failed ones is important, too.
(From OE-Core rev: c061bcd54fc8b62ea9a005f422a17ca46eac68c2)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 88dad8f198baa80af5ab576498f4df6ed639d551)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
After upgrade to soon-to-be-released kirkstone 4.0.11 CVE annotations got broken.
Anything which has only cvssV3 does not resolve properly.
Fix the API fields used to extract it.
i0.0 score is now at level of NVD DB 1.1.
All CVEs with UNKNOWN vector are not present in NVD DB 1.1.
NVD API 1.1:
sqlite> select vector, count(vector) from nvd group by vector;
ADJACENT_NETWORK|4776
LOCAL|32146
NETWORK|167746
PHYSICAL|185
sqlite> select scorev3, count(scorev3) from nvd group by scorev3;
0.0|73331
1.8|7
1.9|3
...
NVD API 2.0 (broken):
sqlite> select vector, count(vector) from nvd group by vector;
ADJACENT_NETWORK|4587
LOCAL|26273
NETWORK|150421
UNKNOWN|24644
sqlite> select scorev3, count(scorev3) from nvd group by scorev3;
0.0|205925
NVD API 2.0 (fixed):
sqlite> select vector, count(vector) from nvd group by vector;
ADJACENT_NETWORK|5090
LOCAL|32322
NETWORK|168004
PHYSICAL|213
UNKNOWN|511
sqlite> select scorev3, count(scorev3) from nvd group by scorev3;
0.0|73841
1.8|7
1.9|3
...
(From OE-Core rev: c00b89c2a5de8ce59b759ed8bf482942458421ff)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61a5857efdcc0f49c69c0deb24fce99007aeef19)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When requesting updates in a specific range, use the actual current time
and database mtime instead of truncating to midnight, and explicitly set
the timezone to UTC so that NIST don't treat the timestamps as _their_ local
time when they're _our_ local time.
(From OE-Core rev: 91243ad474be00e55aa99355edef44f2fe2311f1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9aa0ec37f5f74252588d2494a71c71a7d8e68df9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Some CVEs, such as CVE-2013-6629, list multiple configurations which are
vulnerable. The current JSON parser only considers the first
configuration.
Instead, consider every configuration. We don't yet handle the AND/OR
logical operators, but this is a step in the right direction.
(From OE-Core rev: 7614e00b9491e5d4d6df5492f72613a56ab390d7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e1bf4f6dd686055fe9a8bdcc3f739eac2807bae0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Replace the sockopt disable patch with a fix from upstream
(From OE-Core rev: cef730284b8616ba07c1b062c992c36af730580e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ac921989991c319ecad01bec37c4ccaa15a7b58f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit c1beb73526e3ade75bd6dae5f9310107c50f1226)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Both patches change the same paths to gawk, merge them together
as we only need one patch for this.
(From OE-Core rev: 81af8c6fdc6f0b6617b7258c9b3e2e26a76db5c8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 79c0b18e29cad337640860f57683f0a170f6daab)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 6080138fd0c27db7029b5a76e69b8dc241ad8dc3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This test is failing for uncertain reasons. We have reported upstream, disable
it until we can work out why this happened. The point it started failing is
unclear due to other test framework issues.
(From OE-Core rev: fc32e725a0c73772a2ad4e31e1aa1d61f72f9da1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2e9165a854c7b83f163479e9dbd3cb183a9d71f5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
devtool crashes when running "update-recipe" and append changes on the recipe.
"$ devtool update-recipe -a <layer> <recipe>"
Traceback (most recent call last):
...
File "/ovss/ovss_quanta/poky/scripts/lib/devtool/standard.py", line 1636, in srcuri_entry
return 'file://%s%s' % (basepath, paramstr)
^^^^^^^^
NameError: cannot access free variable 'basepath' where it is not associated with a value in enclosing scope
The input variable 'fname' should have the same meaning as the variable 'basepath'.
Modify the 'fname' to 'basepath' and solve the issue.
(From OE-Core rev: 1487bdda6b443480e9ce45d8b8527ad61c2a50a4)
Signed-off-by: Charlie Wu <chiachiwu@google.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit c3231756bbc2cb5641204414ad3670d7f8607ed3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Current error message is difficult to read:
ERROR: Nothing PROVIDES 'image'
trs-image was skipped: image - image: normal username test does not have a static ID defined. Add test to one of these files
It's not clear that first "image" is recipe name, second "image" is
binary package name and that "test" is the user account which does not
have a static ID defined. Improve the error message so that these are
more explicit. Now the error message looks like:
image was skipped: Recipe image, package image: normal username "test" does not have a static ID defined.
(From OE-Core rev: 572c507736b2fcc31f7f13cb3da0d5be361838f5)
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 07898218f3908a83e07178b6530dfa48d55d4ec2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
