mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-04-21 12:32:15 +02:00

Author	SHA1	Message	Date
Richard Purdie	f706d3a2cb	rpm: Deterministically set vendor macro entry On an aarch64 build host, vendor is found to be "unknown", on x86 systems it is "pc". This filters through to the PLATFORM tag in target rpms. We saw reproducibility test failures where the PLATFORM tags in noarch rpms were changing depending upon which host built them. Forcing the vendor value to a consistent one makes things deterministic. (From OE-Core rev: b7dfe230b9b40145f43fa0bd42be82ae41a3ef3e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f6434075b2bdfc23c683d22281b674b1e6abde77) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-29 14:28:33 +01:00
Richard Purdie	6307f19fc4	python3: Add a fix for a make install race Add a fix for reproducibility issues where pyc files for python-config.py may not always be generated. (From OE-Core rev: 917f800368c6d452670d3ccf74057afae98013b0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d1c3a87c48b598b6e5624d0affe8bd89320631bf) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:17 +01:00
Richard Purdie	97b5653585	libtool: Allow libtool-cross to reproduce The hostname removal from the script is useful to make libtool-cross reproduce. Apply the patch everywhere as it doesn't cause any issues. (From OE-Core rev: f1cc4b8d7503331f04d3f217ae67d0fd4cc483c5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3c61c6f20187154d677085fc9ccdcd762d4cdf3a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:17 +01:00
Richard Purdie	4aa06e8622	libtool: Fix lto option passing for reproducible builds If lto is enabled, we need the prefix-map variables to be passed to the linker. Add these to the list of options libtool passes through. (From OE-Core rev: 3dcc84e37ce7e94e746304ee2a4437251af0ae41) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2c26d2c00b47df856fb2d9c35486b135094d46ac) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:17 +01:00
Hongxu Jia	54053aa472	nativesdk-pseudo: Fix to work with glibc 2.34 systems Since commit [df313aa810 pseudo: Fix to work with glibc 2.34 systems] applied, it fixed native only. And nativesdk has the similar issue Tweak library search order, make prebuilt lib ahead of recipe lib, after apply the fix: ... $ readelf -a lib/pseudo/lib64/libpseudo.so \| grep 'Shared library' 0x0000000000000001 (NEEDED) Shared library: [libdl.so.2] 0x0000000000000001 (NEEDED) Shared library:[libpthread.so.0] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] ... (From OE-Core rev: b7d269c84838f646b2915e7ff66d81db0bc16b9e) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d6d116b5db78645958ea30be3d0572e0f6d7bd92) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:17 +01:00
Richard Purdie	304b637670	pseudo: Update with fcntl and glibc 2.34 fixes Pull in the following changes: * ports/linux/guts: Add closefrom support for glibc 2.34 * pseudo_client: Make msg static in pseudo_op_client * ports/linux/guts: Add close_range wrapper for glibc 2.34 * pseudo_client: Do not pass null argument to pseudo_diag() * test-openat: Consider device as well as inode number * test: Add missing test-statx test case * fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ (From OE-Core rev: 63afcafef78f3d3b95c0d0c9746f9d627b6291c3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 71b549924a7fa7973a8e03e11f3db45fdc29889d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:17 +01:00
Richard Purdie	847395f46d	pseudo: Fix to work with glibc 2.34 systems The merge of libdl into libc in glibc 2.34 causes problems for pseudo. Add a fix that works around this issue. (From OE-Core rev: 449bb53b3ebfc838ba674c1c3a39407620103c8d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dd3e46a043c81cd4d81731a0f691868d3c059742) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:17 +01:00
Khem Raj	5e2c22d7ee	m4: Do not use SIGSTKSZ Fixes ../../m4-1.4.18/lib/c-stack.c:55:26: error: missing binary operator before token "(" 55 \| #elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384 \| ^~~~~~~~ (From OE-Core rev: 6417148072640000b119a59aeb70e904ffa5e5d7) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 44ca8edd622782733d507e20a3d5ee9e44eb8be4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:17 +01:00
Steve Sakoman	e2c46b23d3	gcc: fix missing dependencies for selftests Building GCC with multiple make jobs appears to trigger a race condition. The build fails with: /bin/bash: TOPDIR/tmp/work/x86_64-linux/gcc-cross-i686/9.3.0-r0/gcc-9.3.0/build.x86_64-linux.i686-poky-linux/./gcc/xgcc: No such file or directory (From OE-Core rev: 5690d18bb6a9a61a81ccd0bc28d1ace4181d1921) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:17 +01:00
Christian Eggers	ac19191a46	binutils: Fix a missing break in case statement This was missed during patch forward porting its only effective when printing options (From OE-Core rev: a4983b98782122e097c3597248f69db3e858c0d2) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:16 +01:00
Wang Mingyu	f21c479c3a	e2fsprogs: upgrade 1.45.6 -> 1.45.7 0001-fix-up-check-for-hardlinks-always-false-if-inode-0xF.patch removed since it is included in 1.45.7 (From OE-Core rev: d4ec2802306b901d00bc88ea1452c21c00d0914f) Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f51835e022731d1c0e8e18209e48f1a718048977) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:16 +01:00
Alexander Kanavin	7e71b01851	e2fsprogs: update to 1.45.6 Drop backports, and also 0001-misc-create_inode.c-set-dir-s-mode-correctly.patch as upstream code has been refactored. (From OE-Core rev: 53947537ed5ab5f9fd213a6fb4295740b5a2ca6b) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit da9fec8592db913d13af3a936ab518e93496be3e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-23 23:14:16 +01:00
Stefano Babic	3d5a3e009a	mtd-utils: upgrade 2.1.2 -> 2.1.3 Drop also --enable-install-tests from configuration options because this was removed in 2.1.3. (cherry picked from commit c95c852b84f02f5e2ad5c575ab683bba0471f221) (From OE-Core rev: 809b3a22a56d794c3ae5f82d4a4a6a5c889ed42e) Signed-off-by: Stefano Babic <sbabic@denx.de> CC: David Oberhollenzer <david.oberhollenzer@sigma-star.at> CC: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-07 15:10:33 +01:00
Richard Purdie	81dc02cb74	mtd-utils: upgrade 2.1.1 -> 2.1.2 Drop backported patch. (cherry picked from commit e38fd1ac331d824b2db94a7ae46026b111257e83) (From OE-Core rev: 721a0e475d4ce5054a74e2a7408d49470264bd29) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-10-07 15:10:33 +01:00
Ranjitsinh Rathod	09ac522995	rpm: Handle proper return value to avoid major issues 0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch changed to avoid critical issues Handled return values of getrlimit() and lzma_cputhreads() functions to avoid unexpected behaviours like devide by zero and potential read of uninitialized variable 'virtual_memory' Upstream-Status: Pending [merge of multithreading patches to upstream] (From OE-Core rev: ad080aadbc409c99511d602e0531952b96c06bbf) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5aae9c2cb464350bc443a0f60fd6602942e61f46) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-30 00:02:22 +01:00
Kai Kang	5d5ec38952	squashfs-tools: fix CVE-2021-40153 Source: http://git.yoctoproject.org/poky.git MR: 113126 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=hardknott&id=cfc17a7ab5d3b0d6354a7194b8c8746c501959d9 ChangeID: `cfc17a7ab5` Description: Backport patch to fix CVE-2021-40153, and remove version update in unsquashfs.c for compatible. CVE: CVE-2021-40153 Ref: * https://security-tracker.debian.org/tracker/CVE-2021-40153 (From OE-Core rev: 09de4ef3f33540069a37e9fe6e13081984b77511) (From OE-Core rev: 48303d1c93cfcadf80830d07597805cc41d5f7e9) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-30 00:02:22 +01:00
Sakib Sajal	acf57727fc	qemu: fix CVE-2021-3682 Source: https://git.yoctoproject.org/git/poky MR: 112369 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?id=48960ce56265e9ec7ec352c0d0fcde6ed44569be ChangeID: 799afc7adf3f2c915751744b618e38cccb01d854 Description: (From OE-Core rev: e16cd155c5ef7cfe8b4d3a94485cb7b13fd95036) (From OE-Core rev: f515c00c995b90a6d583f0e6162aa8fba8005a67) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit `48960ce562`) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-30 00:02:22 +01:00
Armin Kuster	830f96a9c3	qemu: Security fix for CVE-2020-28916 Source: qemu.org MR: 107262 Type: Security Fix Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a ChangeID: 3024b894ab045c1a74ab2276359d5e599ec9e822 Description: Affects qemu < 5.0.0 (From OE-Core rev: 55aa94e9185ecd93612c64cdd982a89d633284e2) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-30 00:02:22 +01:00
Armin Kuster	5b85cb6b51	qemu: Security fix for CVE-2020-27617 Source: qemu.org MR: 106462 Type: Security Fix Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=7564bf7701f00214cdc8a678a9f7df765244def1 ChangeID: b9dc1b656c07d6a0aecaf7680ed33801bd5f6352 Description: Affects qemu < 5.2.0 (From OE-Core rev: be31eb87299b883306c1823ad632d6ada237dc05) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-30 00:02:22 +01:00
Armin Kuster	81bb24c0f7	qemu: Security fix CVE-2020-12829 Source: qemu.org MR: 105490 Type: Security Fix Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4 ChangeID: 6e222b766fc67c76cdc311d02cc47801992d0e66 Description: Affect qemu < 5.0.0 (From OE-Core rev: 7cd5c38b6d078c22519ad6b6e89caa9c1aa5ecd4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-30 00:02:22 +01:00
Armin Kuster	9bae357b12	go: Several Security fixes Source: golang.org MR: 111958, 112390, 112393 Type: Security Fix Disposition: Backport from https://github.com/golang/go.git ChangeID: 662d021814f025b3d768a04864498486f94819a7 Description: Affects < 1.16.5 Fixes: CVE-2021-33196 CVE-2021-33197 CVE-2021-34558 (From OE-Core rev: 1eaac89b0384cc39ea489a3b7ea58eab6b23240b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-14 17:27:42 +01:00
Richard Purdie	7f73831fde	go: Exclude CVE-2021-29923 from report list Upstream don't believe it is a signifiant real world issue and will only fix in 1.17 onwards. Therefore exclude it from our reports. https://github.com/golang/go/issues/30999#issuecomment-910470358 (From OE-Core rev: 9dfc6abbb83f8792fbfa1acb9c0fe4ab23872d8f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-14 17:27:42 +01:00
Richard Purdie	6aa55dd279	flex: Add CVE-2019-6293 to exclusions for checks CVE is effectively disputed - yes there is stack exhaustion but no bug and it is building the parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address and there is no security issue. https://github.com/westes/flex/issues/414 (From OE-Core rev: b939b005b06be58a276d565f755ee2d8f3e5dfc1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-14 17:27:42 +01:00
Andrej Valek	660de76134	mklibs-native: drop deprecated cpp17 exceptions gcc11 has -std=gnu++17 as default. Remove deprecated C++17 exceptions based on http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html. (From OE-Core rev: ef8b7946b4793db653ef7dd716e1d3f919a84725) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Alexander Kanavin	3e75c5d0b4	tcf-agent: fetching over git:// no longer works (From OE-Core rev: 419503134b76abeb57727259f846a2394dc73ea5) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 44a6cd03721b51cbb4e05870375fa347527b0db5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Armin Kuster	b06370cc2d	binutils: Security fix for CVE-2020-16593 Source: https://sourceware.org/git/binutils-gdb.git MR: 112801 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729 ChangeID: 470b309f4859eecdcc837add2bf756484ad94ee5 Description: Fixed up for 2.34 context (From OE-Core rev: bcaa13d8888416b01f0f590d9dab2bd736d1e8a8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Armin Kuster	50204d091b	binutils: Security fix for CVE-2021-3549 Source: git://sourceware.org/binutils-gdb.git MR: 111523 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1cfcf3004e1830f8fe9112cfcd15285508d2c2b7 ChangeID: 2d3161f601852eb8f9a9ca982c6b0cd44e036bc6 Description: Affects <= 2.36 Fixup Changelog to apply to dunfel context. (From OE-Core rev: 3cb2e144f8b74f9d78d93ba15e2d66e432462860) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Ranjitsinh Rathod	420d5551b2	rpm: Add fix for CVE-2021-20266 Adding fix for CVE-2021-20266 Upstream-Status: Backport [`9646711891`] Note: Hunk#2 and Hunk#3 refreshed to apply patch and match value of dl_max variable to make it with current version All Hunks are refreshed to solve patch-fuzz (From OE-Core rev: 6c16aad7167eb98bc9995486f967431c39f9df15) Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Sakib Sajal	6bcc4029d4	qemu: fix CVE-2021-3608 Source: http://git.yoctoproject.org/cgit/poky.git MR: 112749 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=f5e77d70e2eb35751f5bad5572b6eb8a3ab14422 ChangeID: 4496341da3af9126c9c67170e1a2cce929c29828 Description: (From OE-Core rev: 5e05ee8ff363eac84edec568039b86bcd716c6ce) (From OE-Core rev: f8d34ef74dafcf14e07f9322254465d03490bd60) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit `f5e77d70e2`) [Refreshed patch] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Sakib Sajal	4d8b5c4d70	qemu: fix CVE-2021-3607 Source: http://git.yoctoproject.org/cgit/poky.git MR: 112749 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=460485d774480cd89cadf3b068f5197f44d86f25 ChangeID: 4e40dee2e6ce0b5b4de971f2c2b336929e7f22c3 Description: (From OE-Core rev: 764bca67650da9df439527796879dda767c8c008) (From OE-Core rev: cc541da4d67a9afa86a6ac37d5470d4dc77ea922) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit `460485d774`) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Sakib Sajal	f63635a30d	qemu: fix CVE-2021-3582 Source: http://git.yoctoproject.org/cgit/poky.git MR: 112743 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=e11384737ed489ea02800d545432b9ded82bf1bb ChangeID: a2ff7112354349e8cf8960f30499f61e545d7f8e Description: (From OE-Core rev: fb2634922db91e5b877dd10021dafec7b5c6e565) (From OE-Core rev: 942d936524d3948d74c7240038ce81d859f68cab) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit `e11384737e`) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Lee Chee Yang	d56b8f6f76	qemu: fix CVE-2021-3527 Source: http://git.yoctoproject.org/cgit/poky.git MR: 111827 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=45e06a2e02cb01540d3970bd8ab5771014a031f9 ChangeID: 33bb20f503888abc346ae1a6f590f57ebdd0f1f9 Description: (cherry picked from commit 6774efd1e3d0bd5c8c34f84dcf4f698d7eafb36a) (From OE-Core rev: fcbcd27a1c97668af9634143376f75ab32fffd68) (From OE-Core rev: 1c7e9099b5f417a7e7664ce3572b2098e2ebbbf7) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit `45e06a2e02`) [Fixup for Dunfell context] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Armin Kuster	189108ac74	qemu: Security fixes CVE-2021-3545/6 Source: qemu.org MR: 111845, 111839 Type: Security Fix Disposition: Backport from https://gitlab.com/qemu-project/qemu/-/commit/9f22893a & 121841b2 ChangeID: 111b168e0fe4d2a722158c6bfdaceb06a8789e69 Description: Fixes: CVE-2021-3545 and CVE-2021-3546 (From OE-Core rev: e066967a306292cd0ce5ef2cd5aa0ee80fde1041) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Armin Kuster	0d253da720	qemu: Security fix CVE-2021-3544 Source: qemu.org MR: 111833 Type: Security Fix Disposition: Backport from `86dd8fac..63736af5` ChangeID: 7f301e939cf9d1fdb826ac47d1fc96430086a68e Description: https://gitlab.com/qemu-project/qemu/-/commit/86dd8fac https://gitlab.com/qemu-project/qemu/-/commit/b9f79858 https://gitlab.com/qemu-project/qemu/-/commit/b7afebcf Tweeked the above patches as vhost-user-gpu.c does not exist. https://gitlab.com/qemu-project/qemu/-/commit/f6091d86 https://gitlab.com/qemu-project/qemu/-/commit/63736af5 (From OE-Core rev: eca0abf120709fab20da1a2c190d04191733f5ed) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Sakib Sajal	4ed9972582	qemu: fix CVE-2021-20257 Source: https://git.yoctoproject.org/git/poky MR: 110290 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=5c1a29e6deec8f92ac43363bd72439aec7e27721 ChangeID: 7f301e939cf9d1fdb826ac47d1fc96430086a68e Description: (From OE-Core rev: 5b66ff7972951db973d12f3dae6ccecf3bc29e56) (From OE-Core rev: 1317053b23e1a4c1e5c7331a97f248e042415bea) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 547ac986a74cfcae39b691ebb92aadc8436443ea) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit `5c1a29e6de`) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Sakib Sajal	4bd52d64c9	qemu: fix CVE-2021-3416 Source: poky.org MR: 109686 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=381aebe82f1f6fcc26b47966bc8520dbb1476961 ChangeID: 50b1589249cc3c595d224e3a8347da2b54339ef8 Description: Drop CVE-2021-3416_4.patch as hw/net/msf2-emac.c does not exist in 4.2.0 (From OE-Core rev: 7a3ce8a79a6c682e1b38f757eb68534e0ce5589d) (From OE-Core rev: 44bb99fdd1a7eee78078f7d48b9b8aad729f84ec) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e2b5bc11d1b26b73b62e1a63cb75572793282dcb) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit `381aebe82f`) [Drop CVE-2021-3416_4.patch, affected file does not exist in 4.2.0] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Sakib Sajal	474c37c17e	qemu: fix CVE-2021-20181 Source: Poky.org MR: 111631 Type: Security Fix Disposition: Backport from http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-devtools/qemu?h=hardknott&id=53390d2261d2d35cdd637cf12a0fb4dc63f0f88c ChangeID: 0c660a9ef3637d847c0880283df05d8696221308 Description: (From OE-Core rev: a993a379bb490efbbf507f5dccda5ab358e8afea) (From OE-Core rev: 743fc49c98361baaa9ca9414bfe21220b63dbdca) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c2f79065ef0684f2c0bdb92f1b03e690ab730b8c) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit `53390d2261`) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Armin Kuster	f721d78703	qemu: Security fix CVE-2021-20221 Source: Qemu.org MR: 111643 Type: Security Fix Disposition: Backport from `edfe2eb436` ChangeID: b3ca1aa4b772a5f27f327250c5b0b988375c86a9 Description: (From OE-Core rev: 4adf675e3d4ccdcee055a3c4b539f4ddc15b033d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Armin Kuster	b3bf5ccd83	qemu: Security fix for CVE-2020-29443 Source: Qemu.org MR: 109315 Type: Security Fix Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6 ChangeID: c0296e285169cc937cc9758c9d84ac690297ee54 Description: (From OE-Core rev: 1765005f73303d9857f9fde93efb1cc8534964f1) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:09 +01:00
Armin Kuster	c00a882bd6	Qemu: Security fix for CVE-2020-25625/2021-3409/2020-17380 Source: Qemu.org MR: 105781, 109964, 108621 Type: Security Fix Disposition: Backport from https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html ChangeID: 0acf082885e7ab3ac2fb41d6e503449869dd46a8 Description: This address: CVE-2020-25625 and its two fixes address an incomplete fix for CVE-2020-25625 CVE-2021-3409 CVE-2020-17380 (From OE-Core rev: 721a14f13005dc0b5bddaac131c444b97be700a8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:08 +01:00
Armin Kuster	ea562eaec5	qemu: Security fix CVE-2020-25624 Source: qemu.org MR: 106958 Type: Security Fix Disposition: Backport from qemu.org ChangeID: 9d0c21c4ff5dc12ba623685cd7ae4d4bc294f519 Description: (From OE-Core rev: 853f4a4755d053cc4defa65cda5e317e3e28bc3f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:08 +01:00
Armin Kuster	e142f4ebfb	qemu: Security fix CVE-2020-25085 Source: qemu.org MR: 105773 Type: Security Fix Disposition: Backport from https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html ChangeID: 77c8a9e75b94da3c03c64c95d9e6ab9d45037572 Description: (From OE-Core rev: 6b4c58a31ec11e557d40c31f2532985dd53e61eb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-01 16:27:08 +01:00
Purushottam Choudhary	9716a47c53	python3: Remove unused python3 recipe Currently in dunfell branch python3 version is 3.8.11. so, python3_3.8.10.bb is not needed. Hence, removed. (From OE-Core rev: 2b44de6e7b3e02b78e2b09294ac37799ad4cfadb) Signed-off-by: Purushottam Choudhary <purushottamchoudhary29@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-26 08:32:18 +01:00
Ross Burton	0ca4b99162	e2fsprogs: ensure small images have 256-byte inodes e2fsprogs calls filesystems larger than 3MB but smaller than 512MB "small", which has some implications: - blocksize 1024 instead of 4096 - inode_ratio 4096 instead of 16384 - inode_size 128 instead of 256 The outcome of the inode size dropping to 128 bytes is that they cannot store 64-bit timestamps, so are not Y2038-safe. A previous attempt to solve this problem[1] changed some of the canned wic files to pass -T default to mkfs.ext4, but this only covered wic images and not traditional images. Also, actually small filesystems, for example a core-image-minimal, will happily be tens of megabytes and with the "default" options will result in an image which runs out of blocks before it runs out of space: mkfs.ext4: Could not allocate block in ext2 filesystem while populating file system Considering that many OpenEmbedded images are in fact "small", being 2038-safe is worth the marginal increase is disk usage. This patch alters the small configuration in native builds so that it also has 256-byte inodes. Target is unchanged so that standard behaviour is maintained outside of the build. This is actually the same underlying patch that Mathieu Dubois-Briand sent in April, but the wic change in [1] was accepted instead. I believe that is the wrong approach and this approach covers more cases. [ YOCTO #14478 ] [1] openembedded-core eecbe62 [2] https://lists.openembedded.org/g/openembedded-core/message/150298 (From OE-Core rev: 98fbb9452aa762e61032a0836e5d732f206e3836) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9ab0ae83a24ee99e69f8ac54256b253a122aef8a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-18 18:00:19 +01:00
Minjae Kim	3de8ba0b1c	ruby: 2.7.3 -> 2.7.4 This release includes security fixes. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc https://www.ruby-lang.org/en/news/2021/07/07/ruby-2-7-4-released/ (From OE-Core rev: 9b1a0d63186a64d78de379494fe256087f62770a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-18 18:00:19 +01:00
Armin Kuster	6a4ccf65e8	qemu: Enable seccomp if FEATURE is set (From OE-Core rev: 10aace6034e4ca3d09d97c4e2046d8eef3078164) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ruslan Babayev <fib@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-10 11:14:11 +01:00
Nathan Rossi	a92e5ec215	qemu.inc: Add seccomp PACKAGECONFIG option Add the seccomp PACKAGECONFIG option to allow building seccomp features in QEMU. The libseccomp library is available in additional layers (e.g. meta-security). Additionally this serves as a way to disable seccomp by default to avoid the configure of QEMU automatically finding it (via pkg-config) on the build host when building qemu-system-native and auto enabling the feature. (From OE-Core rev: 80d79ca651b03a3a7d65d25065af3fa5d85925b3) Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ruslan Babayev <fib@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-08-10 11:14:11 +01:00
Richard Purdie	65dc011c8c	pseudo: Update to latest version including statx fix This updates to the latest pseudo version which includes: Revert "client: Fix some compiler warnings" ports/linux: Always build statx support makewrappers: Handle parameters marked as nonnull client: Fix some compiler warnings wrappers: Avoid -Wcast-function-type warning In particular, this pseudo version always has statx enabled which means we can then remove the need to make pseudo-native host distro specific which fixes an eSDK issue. (From OE-Core rev: c78d82c60acd8cf1eabc728d614bf4631a96c2ad) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 58cc70940ff998be49a9b89e1ad0538242cb7998) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-07-20 19:05:39 +01:00
Richard Purdie	09ccbd14b1	pseudo: Add uninative configuration sanity check When building pseudo-native to work with uninative, we need to ensure the configuration will work on all supported target systems. This means "new clone" semantics, xattr and statvfs support in particular. It is extremely unlikely we'd run on a system without any of these but add a check just to be sure when uninative is enabled. (From OE-Core rev: 262b70f94c34762f5879f637dc918e2d5928f2d0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ea5b208ee25752bea6037cd0f3b28da7d2c9905e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-07-20 19:05:39 +01:00
Richard Purdie	9a4acc8ff3	dwarfsrcfiles: Avoid races over debug-link files We use dwarfsrcfiles in package.bbclass to list the source files used by a binary. This is done before they're stripped and linked to debug symbols in separate files. It is possible a binary may already have a link to separate debug symbols, e.g. some of the test binaries in lttng-tools ptest. In those cases, the linked binary may be changed by package.bbclass code whilst dwarfsrcfiles is reading it. That would result in a rare SIGBUS race causing the binary to fail. To avoid this, break the debug file search path so no other binaries are found. Also fix a segfault if no binary is specified while here. [YOCTO #14400] (From OE-Core rev: 317e334518c6394ecba4a3fdd4ba18b185822d22) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit efef732859e265533acf16f2f4da3b29d50e0df4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2021-07-15 15:27:49 +01:00

1 2 3 4 5 ...

6128 Commits