When building with CONFIG_MODVERSIONS=y and CONFIG_RANDSTRUCT=y we need
to copy the build assets generated for the randstrutc seed to
STAGING_KERNEL_BUILDDIR, otherwise the out-of-tree modules build will
generate those assets which will result in a different
RANDSTRUCT_HASHED_SEED.
(From OE-Core rev: 69db1b345725af88088b57b0c696eddca5ca2d96)
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b36303158b2e0273ff415bdedefb379f680b30fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since RRECOMMENDS declaration implictly induces building the recipes
that provide the runtime recommended packages, conditionalize adding
such values according to associated PACKAGECONFIG settings in order
to avoid redundant building.
(From OE-Core rev: 1859eaba8638549b2dc5d6ab3ae3c0b3793eac67)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit a1989add927f7805378fe4d5afbde780b747ba77)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the trailing '.git' to git repo uri in SRC_URI then it could share
source code repo on premirror with grpc which uses libuv as a git
submodule with fixed revision.
(From OE-Core rev: 40e8a444b4ae379812a0862dc0a51474380f0777)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit cecdf616e7cf192cdc723a446be1d14c197c980d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Whilst SDE definitely needs to be exported, the fallback does not as
it is only used in our python code via the datastore.
It was introduced as an export in 9a1dde74e794362399193dc3f81c9685a83d0776
but even then it doesn't look like it needed to be, likely just a copy and
paste mistake.
Drop the export.
(From OE-Core rev: 5ae95506b7818f142e2cd8adf46bfd2d5282983d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 74fb6539dd06acb0dd6a9af4809152975e8473e6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Check if the module object has attribute '__file__' to fix and
avoid errors like:
AttributeError: module '_abc' has no attribute '__file__'. Did you mean: '__name__'?
(From OE-Core rev: ede7452e6dcb202952b85b76eecbd2e1760b11e9)
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 8acce12c1a4cf37ac312c92d62a6ae93a349dddf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently the hciattach bcm43xx firmware loader looks up the firmware
blob in /etc/firmware . Change this to /lib/firmware instead, so that
the path is consistent with Linux kernel which also looks up firmware
for the WiFi part in /lib/firmware .
(From OE-Core rev: 7f742e0f7a401d6762b12b479d05e83be4dff92a)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 72b3b79ad8b980e8dd9470d16b72c2c70072bbc0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
STAGING_KERNEL_DIR uses the MACHINE name so it breaks the multiconfig
and in this cases it will run the shared recipes twice, one for each
machine.
STAGING_KERNEL_DIR it's been introduced in commit 5487dee2e1
(From OE-Core rev: a71a5343838571e094ead68a42c757f0c43a41b1)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6050d1f74c02495490d982ead2993b6b3c9cc04a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This test doesn't get exercised on the autobuilder and so it was broken:
specifically some of the ln commands silently fail and the chroot isn't
usable.
Rewrite the test case to correctly construct a chroot so the test can
pass.
(From OE-Core rev: 6f5e10d682be54a70456c4cea9abbde4add1fead)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb6ebb9956a42df3ed8681aec9aedf340b12f934)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A recent change in libuuid made warning when running
sgdisk. Backport patch from upstream to silent warning.
The warning:
"Warning! Unable to generate a proper UUID! Creating an improper one as a last
resort! Windows 7 may crash if you save this partition table!"
(From OE-Core rev: 3ab83b07ba46e184bd49362f226f737caa4868d7)
Signed-off-by: Peter Bergin <peter@berginkonsult.se>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ce6491b900e509a776eddaf6bd57251628393fa3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Prepare for version bump
This reverts commit a41a5f310246dcd9dbdb4537d59bc0579c3b1052.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* configure: Restore ucontext api functionality check.
In c3f01c72b303cbbb0cc8983120677edee2f3fa4b the use of the ucontext api
in the main program was removed, and with it the configure check for it.
However, the ucontext api is still used in the "explicit_bzero" test and
thus this test still needs to be in place.
See also: https://bugs.gentoo.org/838172
* configure: Restore the functionality of the '--disable-symvers' switch.
Without this fix the build was simply broken, if symbol versioning was
disabled for any reason, e.g. whether the compiler nor the linker
supporting it, or if disabled on purpose by the user (issue #142).
* Fix variable name in crypt(3) for a datamember of 'struct crypt_data'
(issue #153).
* Add glibc-on-loongarch-lp64 (Loongson LA464 / LA664) entry to
libcrypt.minver. This was added in GNU libc 2.36.
(From OE-Core rev: 9f78a2b3fd16c8aee398ad95a0fdbb412ac031fd)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7da5dd3b43718b876645602b1a23c739cbe8016d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1.7.4.4 is a bug fix release
0001-configure.ac-check-getprotobynumber_r-with-AC_TRY_LI.patch
removed since it's included in 1.7.4.4
(From OE-Core rev: d7570afa4163f6e94388763143f68752c9f1c1f4)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit c00e9d66f0b8449ff1bf24546f232345eb6feebd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_18_8/CHANGES
--- 9.18.7 released ---
5962. [security] Fix memory leak in EdDSA verify processing.
(CVE-2022-38178) [GL #3487]
5960. [security] Fix serve-stale crash that could happen when
stale-answer-client-timeout was set to 0 and there was
a stale CNAME in the cache for an incoming query.
(CVE-2022-3080) [GL #3517]
5959. [security] Fix memory leaks in the DH code when using OpenSSL 3.0.0
and later versions. The openssldh_compare(),
openssldh_paramcompare(), and openssldh_todns()
functions were affected. (CVE-2022-2906) [GL #3491]
5958. [security] When an HTTP connection was reused to get
statistics from the stats channel, and zlib
compression was in use, each successive
response sent larger and larger blocks of memory,
potentially reading past the end of the allocated
buffer. (CVE-2022-2881) [GL #3493]
5957. [security] Prevent excessive resource use while processing large
delegations. (CVE-2022-2795) [GL #3394]
5956. [func] Make RRL code treat all QNAMEs that are subject to
wildcard processing within a given zone as the same
name. [GL #3459]
5955. [port] The libxml2 library has deprecated the usage of
xmlInitThreads() and xmlCleanupThreads() functions. Use
xmlInitParser() and xmlCleanupParser() instead.
[GL #3518]
5954. [func] Fallback to IDNA2003 processing in dig when IDNA2008
conversion fails. [GL #3485]
5953. [bug] Fix a crash on shutdown in delete_trace_entry(). Add
mctx attach/detach pair to make sure that the memory
context used by a memory pool is not destroyed before
the memory pool itself. [GL #3515]
5952. [bug] Use quotes around address strings in YAML output.
[GL #3511]
5951. [bug] In some cases, the dnstap query_message field was
erroneously set when logging response messages.
[GL #3501]
5948. [bug] Fix nsec3.c:dns_nsec3_activex() function, add a missing
dns_db_detachnode() call. [GL #3500]
5947. [func] Change dnssec-policy to allow graceful transition from
an NSEC only zone to NSEC3. [GL #3486]
5946. [bug] Fix statistics channel's handling of multiple HTTP
requests in a single connection which have non-empty
request bodies. [GL #3463]
5945. [bug] If parsing /etc/bind.key failed, delv could assert
when trying to parse the built in trust anchors as
the parser hadn't been reset. [GL !6468]
5944. [bug] Fix +http-plain-get and +http-plain-post options
support in dig. Thanks to Marco Davids at SIDN for
reporting the problem. [GL !6672]
5942. [bug] Fix tkey.c:buildquery() function's error handling by
adding the missing cleanup code. [GL #3492]
5941. [func] Zones with dnssec-policy now require dynamic DNS or
inline-siging to be configured explicitly. [GL #3381]
5938. [bug] An integer type overflow could cause an assertion
failure when freeing memory. [GL #3483]
5936. [bug] Don't enable serve-stale for lookups that error because
it is a duplicate query or a query that would be
dropped. [GL #2982]
5935. [bug] Fix DiG lookup reference counting bug, which could
be observed in NSSEARCH mode. [GL #3478]
(From OE-Core rev: 14b6bcb46a5e81027ec823aa7315c0e519cfece6)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 1d87d2652f7f6640dda85e037c580c83f99a8ba8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Released: Thu Sep 22 2022
* bug
- [bug] [lexer]
* Fixed issue in lexer in the same category as that of #366 where the regexp
used to match an end tag didn’t correctly organize for matching characters
surrounded by whitespace, leading to high memory / interpreter hang if a
closing tag incorrectly had a large amount of unterminated space in it.
Credit to Sebastian Chnelik for locating the issue.
As Mako templates inherently render and directly invoke arbitrary Python
code from the template source, it is never appropriate to create templates
that contain untrusted input.
References: #367
[1] https://docs.makotemplates.org/en/latest/changelog.html#change-1.2.3
[2] https://github.com/sqlalchemy/mako/issues/366
[3] https://github.com/sqlalchemy/mako/issues/367
(From OE-Core rev: ce8d8fb1052eb45c0a4a860cb59c53c93430d6bf)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 49ad6f031458e1f48f24547dc88e41abc4ec41a6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
go1.19.3 (released 2022-11-01) includes security fixes to the os/exec and syscall
packages, as well as bug fixes to the compiler and the runtime.
(From OE-Core rev: ff2436215efda27cc380840a4f97910d3263e245)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit fd33d169a5febb37eac03312c4014e35d29d06df)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
go1.19.2 (released 2022-10-04) includes security fixes to the archive/tar,
net/http/httputil, and regexp packages, as well as bug fixes to the compiler,
the linker, the runtime, and the go/types package.
Drop stack-protector.patch as issue fixed upstream.
(From OE-Core rev: a5cfa272ee1aa1a836ddf5face54fd6072e789c0)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1b79d63a0703deb341f7693bd7b7c080a553b876)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Release 2.5.0 Tue October 25 2022
Security fixes:
#616#649#650 CVE-2022-43680 -- Fix heap use-after-free after overeager
destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations.
Expected impact is denial of service or potentially
arbitrary code execution.
Bug fixes:
#612#645 Fix curruption from undefined entities
#613#654 Fix case when parsing was suspended while processing nested
entities
#616#652#653 Stop leaking opening tag bindings after a closing tag
mismatch error where a parser is reset through
XML_ParserReset and then reused to parse
#656 CMake: Fix generation of pkg-config file
#658 MinGW|CMake: Fix static library name
Other changes:
#663 Protect header expat_config.h from multiple inclusion
#666 examples: Make use of XML_GetBuffer and be more
consistent across examples
#648 Address compiler warnings
#667#668 Version info bumped from 9:9:8 to 9:10:8;
see https://verbump.de/ for what these numbers do
Includes a fix for CVE-2022-43680.
(From OE-Core rev: 5544b66484502a6353dcf4c220645a58bbec3af8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a257a674272dc638f09167e9b9202adfb477ef1e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We identified a use case where a native recipe (autoconf-native) was
rebuilt with no change in output yet the sstate for do_package tasks
wasn't being used.
The issue is that do_package tasks have a hard dependency on
pseudo-native:do_populate_sysroot. That task was one of the many
tasks being rehashed when autoconf-native's hash was changed.
If update_tasks processed a recipe before it had processed pseudo-native,
that recipe would be marked as not possible from sstate and would
run the full tasks.
The fix is to split the processing into two passes, first to handle
the existing covered/notcovered updates, then in the second pass,
check whether there are "harddep" issues.
This defers the do_package tasks until after pseudo-native is installed
from sstate as expected and everything works well again.
(Bitbake rev: 3b2d1331487a74863e74cc0c5564004cbb1b5a4a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e479d1e418a7d34f0a4663b4a0e22bb11503c8ab)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We need the system tar to be GNU tar, as we reply on --xattrs. Some
distributions may be using libarchive's tar binary, which is definitely
not as featureful, so check for this and abort early with a clear
message instead of later with mysterious errors.
(From OE-Core rev: fd92cdc6d2b9b3b808503b3274860a7c301587cb)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7dd2b1cd1bb10e67485dab8600c0787df6c2eee7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[v2 hopefully fixes the From: mangling by the ML, no functional changes]
Trying to build cmake-native on a host system where curl was built with cmake
(resulting in CURLConfig.cmake and friends, which do not use the same naming
schemes expected by cmake-native's build process, being installed to a system
wide cmake directory like /usr/lib64/cmake/CURL) results in undefined
references to all libcurl symbols.
The problem is that cmake-native sees and uses the system wide
/usr/lib64/cmake/CURL/CURLConfig.cmake, which defines CURL::libcurl and
CURL::curl as opposed to setting ${CURL_LIBRARIES} as expected by
cmake-native.
find_package(CURL) (cmake-native's CMakeLists.txt, line 478) succeeds, but
incorrectly uses the system wide CURLConfig.cmake, resulting
CMAKE_CURL_LIBRARIES to be set to an empty string (cmake-native's
CMakeLists.txt, line 484), causing the cmake-native build to miss -lcurl.
The simplest fix is to let cmake know the right value for
CURL_LIBRARIES. Making it -lcurl should always work with libcurl-native
in recipe-sysroot-native.
[YOCTO #14951]
(From OE-Core rev: 62b117c382ffd65f6c5d808699b664f70ba6f2d8)
Signed-off-by: Bernhard Rosenkränzer <bero@baylibre.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2659c735a464c956b4fca0894a5aed27a0fe7e37)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
4.12.2 changes
* Address CVE-2013-4235
* Fix uk manpages
4.12.3 changes
* Revert the removal of subid_init as pointed out by Balint.
* Address CVE-2013-4235 (TOCTTOU when copying directories)
(From OE-Core rev: 30fe8df131a3ef5efa5c35e69fce7b2d1bdc2f7d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5b9fc88d06f79e8dbd2375172689f2fbf3e2a8a3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[YOCTO #7852]
Fixes 'bitbake-layers layerindex-fetch --branch kirkstone meta-arm'
not checking out the branch if the repo is already cloned and on a
different branch.
If a clone of a layer being added already exists check what branch it
is on and if necessary attempt to switch to the given branch. If the
switch fails to happen the git error will be reported. We also warn if
there are uncommitted changes as the changes might go unnoticed and
result in unexpected behaviors.
(Bitbake rev: 138dd7883ee2c521900b29985b6d24a23d96563c)
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d2cb388f58a37db2149fad34e4572d954e6e5441)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the client socket is closed, asyncio.StreamReader.readline() will
return an empty bytes object, not None.
This prevents multiple tracebacks being logged by bitbake-hashserv each
time bitbake is started and performs a connection check.
(Bitbake rev: 4bdd9ba43f34a1473db31a6a3b10bd33e358fe3a)
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2d07f252704dff7747fa1f9adf223a452806717f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This git configuration variable is deprecated in 2.36.0 onwards, so git
warns in the logs for every git call.
Luckily the default value has always been false[1], so we can just remove
this.
[ YOCTO #14939 ]
[1] aafe9fbaf4
(Bitbake rev: 13f86aeb53cd73c03bfb2f00fe923b51ec8d1c73)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8ad310633e0c5d5593631c1196cbdde30147efce)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have a specific variable for the path to the boot directory. Use it
instead of open-coding this path.
(From OE-Core rev: dda8017274e71daa7aa4d8a3a15e128df213b0de)
Signed-off-by: Sean Anderson <sean.anderson@seco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 725b75e83bc2b2111f2ab5103b7e7f60d6d3f34e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
