Add a new variable CVE_DB_UPDATE_INTERVAL allowing the user to set
the database update interval.
- a positive value sets an interval (in seconds)
- a zero ("0") forces the database update
(From OE-Core rev: 0007dd0edb39123201a46886a4e71d001c118ddf)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe7bc6f16184d5ebdb1dd914b6dcb75c9e5e0c9c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The update of the NVD database was expected to happen once per hour.
However, the database file date changes only if the content was actually
updated. In practice, the check worked for the first hour after the
new download.
As the NVD database changes usually only once a day, we can just
update it less frequently.
(From OE-Core rev: 27b1cb83ec666cc91930f2a7b5a6282fde77c730)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 35bccdedadeaba820d58b69fe74ce5e4c1f577e3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The systemd-unit parameter DefaultDependencies changed from true/false
to yes/no. This changed in systemd in v242.
(From OE-Core rev: 371a8e2b0b0a3a2febe1d8d6ce65f258a15f6b1f)
Signed-off-by: Portia Stephens <stephensportia@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit add4dcb03dc7b034253db05f0023cb97cab8b26d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
busybox also installs findfs but into base_sbindir which works out to be
ok when sbindir != base_sbindir but with usrmerge distro feature enabled
this starts to cause trouble because busybox's postinst is trying to
create a symlink for findfs applet in base_sbindir which is same as
sbindir now and there already is binary from util-linux and image fails
to build
do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget:${PN} ().
The real reason is burried in do_rootfs logs
update-alternatives: Error: not linking /mnt/b/yoe/master/build/tmp/work/beaglebone-yoe-linux-gnueabi/yoe-sdk-image/1.0-r0/rootfs/usr/sbin/findfs to /usr/bin/busybox.suid since /mnt/b/yoe/master/build/tmp/work/beaglebone-yoe-linux-gnueabi/yoe-sdk-image/1.0-r0/rootfs/usr/sbin/findfs exists and is not a link
Creating proper u-a for findfs in util-linux fixes the issue
(From OE-Core rev: 04e03fa3acde7a23825fb9a17de98f1cecaae097)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 211ae2db1ab8fec1ed678170f9d8cbca2cc27ef3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This symlink is not valid when using usrmerge and ptest packaging would fail
Exception: FileExistsError: [Errno 17] File exists: '/usr/bin/busybox.suid' -> '/mnt/b/yoe/master/build/tmp/work/ppc64p9le-yoe-linux-musl/busybox/1.35.0-r0/package/usr/lib/busybox/ptest/bin/login'
(From OE-Core rev: 592464cb64a8eedf2ee1537934ba714059c2e0ce)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 238fd30689054c7b44176dce7180fb6dac4e1b6f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bug fix release
Overview of changes in GLib 2.72.1
Fix building projects which use g_warning_once() with clang++ (#2625)
Fix g_file_trash() not deleting directories via the portals backend (work by Matthias Clasen) (#2629)
A number more compiler warnings fixed for MSVC (work by Loïc Le Page) (!2495)
Fix detection of broken poll() function on macOS (work by Haruka Ma) (!2571)
Fix spawning subprocesses from GUI programs on Windows (work by Marc-André Lureau) (!2582)
Bugs fixed:
2312 gdbus-test-codegen tests leak GWeakRef objects
2625 g_warning_once fails to build with clang++
2629 g_file_trash() does not work on directories inside a sandbox
2495 Cleanup warnings split 6
2499 Various contenttype-related test fixes on win32
2534 gpowerprofilemonitor: Tweak wording of documentation to make more sense
2540 Various win32 tests skip & fixes
2541 meson: simplify lookup of python command
2543 ci: Update the Fedora CI image to Fedora 34
2556 gdbusconnection: Use g_strv_contains() rather than a home-grown version
2557 gdbusmethodinvocation: Fix a leak on an early return path
2558 Move unit test on g_basename() function to glib/tests/fileutils.c
2559 Move tests/relation-test.c to glib/tests/relation.c
2560 ci: Update Coverity, mingw and Android CI images to Fedora 34
2563 glib: Format GDateTime ISO8601 years as %C%y
2564 Move test files on slices from tests/ to glib/tests/
2566 tests: Add more tests for GResolver response parsing
2573 Backport translation fixes and !2571 “meson: Set BROKEN_POLL in macOS builds” to glib-2-72
2574 Backport !2565 “Revert "meson: simplify lookup of python command"” to glib-2-72
2587 Backport !2583 “Fix trashing sandboxed directories” to glib-2-72
2588 Backport !2582 “glib/win32: fix spawn from GUI regression” to glib-2-72
2590 Backport !2589 “tests: Don’t exit gdbus-method-invocation test early on connection close” to glib-2-72
2593 Backport !2578 “gatomic: Add a C++ variant of g_atomic_int_compare_and_exchange()” to glib-2-72
Translation updates:
Bulgarian
Catalan
Indonesian
Italian
Lithuanian
Polish
Portuguese
Russian
Slovenian
Swedish
Turkish
Ukrainian
(From OE-Core rev: d8222529a1caa2703ed296d8a8274983e738cefc)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e167060bfb105799e0931c06a6aa1275163bf261)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It duplicates udevadm in systemd recipe to make it could run
update_udev_hwdb with multilib enabled. Since systemd last update,
it deploys a shared library libsystemd-shared-250.so in /lib/systemd/.
The library will be overwritten when multilib enabled. Then if both
udev-hwdb and lib32-udev-hwdb are installed, it fails to run the
multilib version postinstall intercept update_udev_hwdb:
| /path/to/build/tmp-glibc/work/intel_x86_64-wrs-linux/wrlinux-image-small/1.0-r1/rootfs/usr/libexec/lib32-udevadm:
error while loading shared libraries: libsystemd-shared-250.so: wrong ELF class: ELFCLASS64
`udevadm hwdb --update` just concatenates .hwdb files in dirs
/etc/udev/hwdb.d and /lib/udev/hwdb.d. The output file hwdb.bin is
identical with the one created by lib32-udevadm. So do NOT duplicate
lib32-udevadm in systemd and eudev. And update intercept script
update_udev_hwdb that re-run udevadm with same arch qemuwrapper if run
${binprefix}qemuwrapper failed.
(From OE-Core rev: 74fe1b5af064f644a7d555b61527bb7d02cc30b8)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3dba872a42c2be7d0865a30118984ab013850292)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Users may or may not include the certificates in buildtools. Only set the
appropriate variables if they're present.
(From OE-Core rev: f3b1699afcd35494e972e7b5b575c318a196909f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0945a2a5d7c41af22e222a116aafacb4beee54d2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
BusyBox through 1.35.0 allows remote attackers to execute arbitrary code
if netstat is used to print a DNS PTR record's value to a VT compatible
terminal. Alternatively, the attacker could choose to change the terminal's colors.
https://nvd.nist.gov/vuln/detail/CVE-2022-28391
(From OE-Core rev: 3e17df4cd17c132dc7732ebd3d1c80c81c85bcc4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
depending on the actual PACKAGECONFIG some
internal vendor copies of libxml, libcroco and glib will
be used.
In the case of libxml this adds MIT to the license.
Reference the license statements based on the actual choosen
PACKAGECONFIG
(From OE-Core rev: faa513a5270b376508fe8d3553020d58460d0d05)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This actually are just 2 patches on top of what we have thus far
* 7a43f6fe release 1.2.3
* 01b14242 accept null pointer as message argument to gettext functions
(From OE-Core rev: bb0d9815a8e47b28836ab0eb13ebe236d745b253)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When systemd is used inside an initramfs, it uses the presence of
`/etc/initrd-release` to detect when the system is in the initrd phase.
Otherwise `/etc/initrd-release` has the same format as
`/etc/os-release`.
Add `os-release-initrd` package to provide `/etc/initrd-release` as a
symlink to the os-release file. To avoid adding this file to the
`os-release` package, explicitly only add `/etc/os-release` to the
`os-release` package.
(From OE-Core rev: 6311fb6f412ef923cc0b34a821e875990fc043f5)
Signed-off-by: Claudius Heine <ch@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As with the kmod version of depmod, exclude .debug from being
searched. Since busybox does not use the depmod.d and any
configuration file option is ignored we just hardcode it.
(From OE-Core rev: c082752c06d5723433886cbf7ce2d88a51fb64f1)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
BitBake can optionally 'import yaml' if BB_LOGCONFIG specifies a yaml
file. This is a 3rd party module, so that this works out of the box
when buildtools is used -- either explicitly via buildtools-tarball or
implicitly via eSDK -- we can add pyyaml to the buildtools.
(From OE-Core rev: 6be90f884bb3fc87d9aa21cb882a835d6bc583a9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use the new MOUNT_COPYBIND_AVOID_OVERLAYFS flag provided by mount-copybind.
When SELinux is enabled, processes accessing OverlayFS mounts will get a denial
if the process setting up the mount doesn't have all the permissions that
the accessor has.
(From OE-Core rev: 6002bdc77643c363a8326bf163baecba8b36e3e0)
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The system-pcre PACKAGECONFIG was removed in commit e359ee75 (glib-2.0:
update 2.68.4 -> 2.70.0), but a comment was left behind.
(From OE-Core rev: a08655f3d97d947fb29c4b669790f68d661aae96)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
$ shellcheck meta/recipes-core/volatile-binds/files/mount-copybind
In meta/recipes-core/volatile-binds/files/mount-copybind line 54:
mountcontext=",rootcontext=$(matchpathcon -n $mountpoint)"
^---------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
mountcontext=",rootcontext=$(matchpathcon -n "$mountpoint")"
For more information:
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
(From OE-Core rev: 56c7962a6c31acfe0e118f713954aeafd7e2d9c0)
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- 0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch:
dropped (integrated upstream)
News
====
* Bugs fixed:
- #2620 g_time_zone_new_offset() assertion failure if offset >= 25 hours
- #2538 Various unit test fixes
- #2542 fuzzing: Fix test failure with G_DISABLE_ASSERT
- #2547 gprintf: Fix a memory leak with an invalid format in g_vasprintf()
- #2548 tests: Various fixes to gdbus-auth, gdbus-non-socket, gdbus-connection-flush, spawn-multithreaded tests
- #2551 tests: More flaky test fixes to converter-stream and test-printf
- #2552 gtlsconnection: fix typo in docs
* Translation updates:
- Czech
- French
- Friulian
- Hebrew
- Hungarian
- Italian
- Kazakh
- Polish
- Romanian
- Serbian
- Swedish
(From OE-Core rev: bf088d1e9d13eca5b0fb1a4ab1cb689daaf1ff80)
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
brings following fixes
* 6d8a5157 fix invalid free of duplocale object when malloc has been replaced
* 760f5d7e fix __WORDSIZE on x32 sys/user.h
* bdb54540 sys/ptrace.h: add PTRACE_GET_RSEQ_CONFIGURATION from linux v5.13
* aa3bab6c sys/prctl.h: add PR_PAC_{SET,GET}_ENABLED_KEYS from linux v5.13
* a8300f5d elf.h: add NT_ARM_PAC_ENABLED_KEYS from linux v5.13
* dda21f10 netinet/in.h: add INADDR_DUMMY from linux v5.13
* ee05b11b bits/syscall.h: add landlock syscalls from linux v5.13
* 1ee8109e netinet/tcp.h: add tcp_zerocopy_receive fields from linux v5.12
* bc89c311 netinet/tcp.h: add TCP_NLA_* values up to linux v5.12
* 9ffd1454 s390x: add ptrace requests from linux v5.12
* f7d3db5b bits/syscall.h: add mount_setattr from linux v5.12
* e99c4258 signal.h: add new sa_flags from linux v5.11
* 993cccce signal.h: add SYS_USER_DISPATCH si_code value from linux v5.11
* 3dcbd896 signal.h: add si_code values for SIGSYS
* 30c8a145 netinet/tcp.h: add tcp zerocopy related changes from linux v5.11
* b54f481f netinet/if_ether.h: add ETH_P_CFM from linux v5.11
* c5ecaca7 sys/socket.h: add new SO_ socket options from linux v5.11
* f35b99b3 sys/prctl.h: add PR_SET_SYSCALL_USER_DISPATCH from linux v5.11
* b21f3ded bits/syscall.h: add epoll_pwait2 from linux v5.11
* 3aba2150 nice: return EPERM instead of EACCES
* 74a28a8a protect stack canary from leak via read-as-string by zeroing second byte
* 7c0c7a75 math: avoid runtime conversions of floating-point constants
(From OE-Core rev: 56c0629caebd7f22a09925333c2dc800901d7794)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The fix for the CVE in 2.9.13 caused a regression which
was addressed after 2.9.13. We import that patch here.
(From OE-Core rev: f7fd194feb4f7993518388160acd5199fcfc3b26)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The following security and bug-fix patches are included as part of the 250.4
update:
c6603da3ad boot: Properly check status code of console_key_read
2198c08d07 core: really skip automatic restart when a JOB_STOP job is pending
367041af81 pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon
160eeab224 virt: Fix Xen Dom0 detection logic to no longer report as VM
514a4c051c network: bridge: fix endian of vlan protocol
4dbc210124 resolve: fix possible memleak
d82bd80cf4 resolve: fix potential memleak and use-after-free
dcba78244e util: another set of CVE-2021-4034 assert()s
74dfb51f70 sd-dhcp6-client: fix sending prefix delegation request during rebind
df59c65a23 mkdir: allow to create directory whose path contains symlink
ae95ca27be sd-dhcp-lease: fix memleak
2b04d3b3fc sd-dhcp-lease: fix reading unaligned memory
1ef56ad928 network: xfrm: refuse zero interface ID
7dc0f80588 sd-dhcp-lease: fix a memory leak in dhcp_lease_parse_search_domains
426807c54b sd-dhcp-lease: fix an infinite loop found by the fuzzer
0456e3aaaa oomd: fix race with path unavailability when killing cgroups
As the following two patches:
0001-mkdir-allow-to-create-directory-whose-path-contains-.patch
0001-src-fundamental-list-fundamental_source_paths-using-.patch
have been merged in 250.4 or replaced, remove them.
(From OE-Core rev: ccf7b8948f0c02e28e8a0151c48bf169d3fc36c8)
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
module.patch
musl-decls-compat.patch
removed since they're included in 2.0.1
Changelog:
==========
- Allow reading/writing from cgroup.* files in cgroup v2
- Add support for cgroup v2's cgroup.threads file
- Fix issue where libcgroup/pam wasn't working properly when
cgrulesengd is disabled
- Fix a bug where the cgroup version wasn't initialized in a
named cgroup v1 hierarchy
- Various automake bug fixes
- Build PAM module as unversioned DSO
- Fix build issues with musl libc
- Fix potential TOCTOU race in cgroup_get_procs()
(From OE-Core rev: 36d43237192aed532b37a52784fb91da64f54c1a)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It fails currently with binutils 2.38
powerpc-yoe-linux-musl-ld: read-only segment has dynamic relocations
(From OE-Core rev: 6a8c1e04e2bf37fa4128b1742ef4184380e3321d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The reason it was separate is that there is a peculiar circular
dependency: dbus tests require glib, while some of glib's gdbus tests
require dbus. So dbus was built with tests disabled and without glib
dependency, then glib was built with dbus dependency, then dbus was
built again with glib dependency and tests enabled, only for the purpose
of installing those tests. I find that brittle and hacky, so this
removes dbus dependecy from glib (the fallout is that some gdbus tests
are no longer being executed), and dbus and its tests are built once,
after glib. Conversely, dbus is now dependent on glib for the purpose
of building the tests.
Also, dbus ptest installation is no longer using custom code, and dbus
run-ptest simply uses standard installed tests execution mechanism from
gnome.
(From OE-Core rev: cfecef4e6925865961858d0fe5ffc7794c71cd3b)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- new version includes fix for CVE-2022-23308
- drop patche which was upstream
- refresh patch
(From OE-Core rev: d687f1ac2017a1cc94ac4733cd46755d5aabd120)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The project has migrated from www.xmlsoft.org to gitlab.gnome.org.
Update the homepage accordingly, and use gnomebase to construct the
download URL, rather than including it in SRC_URI explicitly.
Note that the download is now in .xz format rather than .gz, so the
sha256sum is updated accordingly. Post-decompression tarballs are
identical, so there is no change to the libxml2 code.
(From OE-Core rev: 8bc17ceb997f8f31a03e5f5efc41c03ef1df3add)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>