Changelog:
==========
* Fix operation of --no-absolute-filenames --make-directories
* Restore access and modification times of symlinks in copy-in
and copy-pass modes.
0001-configure-Include-needed-header-for-major-minor-macr.patch
revmoed since it's included in 2.15
(From OE-Core rev: e912a11c5fa6709708428f2d0fe3a29a344cd43a)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c4fb7512a5b1c13234e3733cba1c4bf246c77861)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pull in fixes for CVE-2023-6246, CVE-2023-6779 and CVE-2023-6780.
(From OE-Core rev: 07847f5945ff67340803149242a629741d619bf5)
Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The CPE vendor is "gnome" and the CPE product is "gtk" for both gtk+3
and gtk4 recipes. Set CVE_PRODUCT so we properly match the NVD database.
(From OE-Core rev: e1bab7d2f5a885f2e4fd0332599edb8bfa55be45)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 253f5f745d66acefcc739f1c9ad2dd46be630e47)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Primarily list the number of patches found, useful when debugging.
Also clean up some bad escaping that caused warnings and use
re.IGNORECASE instead of manually doing case-insenstive rang matches.
(From OE-Core rev: 55d7393eda71fa37a93c1a0f5c8f7f18640cf079)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 10acc75b7f3387b968bacd51aade6a8dc11a463f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Handle CVE_STATUS[...] being set to an empty string just as if it was
not set at all.
This is needed for evaluated CVE_STATUS values to work, i.e. when
setting not-applicable-config if a PACKAGECONFIG is disabled.
(From OE-Core rev: a8ccf2abdc89cf4ae3dce1fed4163e3c1399e528)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c9f20f746251505d9d09262600199ffa87731a2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This is fixed via a patch added in gcc-13.2.inc already, but still
reported e.g. for libgcc as it is not defining an own source but use the
shared gcc-source.
(From OE-Core rev: cc78945cf8372eea743ecddfca47cbc084641678)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 301d45eacfd4ae6bddfb13207e2af9e8b4662bc8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Backport the upstream fix for CVE-2023-48795.
(From OE-Core rev: c2894768c270e2698de23884f59e823f185820a0)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 314fa19c5e07fa632ff0434a6adbb97de1319a02)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
(From OE-Core rev: 7523c7b3609220b4dfc2bb0a83c552db60e1dc7e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9f953a1cd832f03f0b3666168addf45fd4fc8d14)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This fixes an ugly formatting issue in the HTML output
(From yocto-docs rev: dde4b815db82196af086847f68ee27d7902b4ffa)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add the hint to the test setup that runqemu-gen-tapdevs will need the
iptables package installed.
(From yocto-docs rev: 368bacc10a18100ef721c477b5d0abc5184eef91)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This ensures that string is prepended properly and eclosed in ''
Fixes the ptest runs on musl
(From OE-Core rev: 5f49d4c3f528c1e9a2884cc9cc8026b5d43517f9)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7bb45591f9caa7ff6b065220927a26e8261e2866)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The execution result of depmodwrapper is not checked which makes depmod
generation failed sliently and hard to detect.
So check exection result and stop building if depmodwrapper failed.
(From OE-Core rev: 2d8e913e2bfbb4ccbdf3eb747aab46fc38cf23e7)
Signed-off-by: Yang Xu <yang.xu@mediatek.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2f88e7d331390c6aaecc4522253e24791aec299e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit includes the 'cyfmac4373-sdio.clm_blob' file in
the list of files for the linux-firmware-bcm4373 package.
Without this file, the linux-firmware package adds all
firmware packages to the image.
(From OE-Core rev: 205b3990fe23dc05689ef619a4607e8903ebbec6)
Signed-off-by: Rodrigo M. Duarte <rodrigo.duarte@ossystems.com.br>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7886d3b77200e4488393fa11c8198658fcf386cd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Upstream website has disappeared; the tarball can still be downloaded
but this is probably not for long.
(From OE-Core rev: 12cb5cce1cad02125fbf695e0d94010535cf228a)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit af59c518467d1174d1d63594fdd3279a2fdbd8f8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
QEMU_OPTIONS can be empty which will trigger a exception TypeError:
| can only concatenate str (not "NoneType") to str. Fix it by setting a
empty string.
ALso removed two useless blanks.
(From OE-Core rev: 3ccc642bb36373e81d80d41b4f213328c7bfb9cb)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b619197bd52a4a99a9989e7ea6fb7032415b1e42)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update license information for overall package, package libraries, and
package utilities in the recipe to match the license information as
described on the upstream website [1]:
"License. The libraries and backends are dual GPLv2+/LGPLv3+. The
utilities are GPLv3+."
[1] https://sourceware.org/elfutils
(From OE-Core rev: d0e082b8303ad9591983c95d19a199c8d22942da)
Signed-off-by: William Lyu <William.Lyu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c0728805f24cbd6a788871ae54af4ec8307e40d4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
A issue was found when I run "runqemu genericx86-64 ovmf", grub failed
to boot, it's a known issue has been fixed in grub upstream, backport
the fix.
(From OE-Core rev: 10f783721decaec06e87dd7a140ea16f12b97539)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51eab4bb0cae46c9c32d28986eb97badf47594b7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
I'm not sure why this was included and enabled to begin with: the tests
predictably mass-fail if system time is set to after y2038.
(From OE-Core rev: 3d04849c741baeddd0677a18a468603b7112139d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c9c7ebd6e447bce19803253afd881854f686b5f6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When invoking runqemu with Python 3.12, the following warning is
encountered:
|SyntaxWarning: invalid escape sequence '\.'
This is because the interpreter scans the string before it is processed
by the regex module, and it interprets the backslash as part of an
escape sequence, but not a standard one. This will be registered as an
error rather than a warning in future Python versions. To avoid the it,
simply add an extra backslash so that Python doesn't misinterpret the
string, while the regex parser still sees an escaped '.' character.
(From OE-Core rev: 145672043d6d75a9e5a03afb4c205e8008218a3b)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0e8a4142bb90a92d175df6b2537d24a372356f98)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Disable another test that intermittently fails on the autobuilder.
(From OE-Core rev: 7c183e7470565db3085b4f18044567fc51c842ab)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d169e13f7e2eb6511f0ac98da63b060c6c0d53a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2023-36191 is now rejected in NVD DB so it won't shoup up in
cve-check report anymore.
(From OE-Core rev: 362a77ea331124ae4c84553c0dceb06b05150804)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This fixes CVE-2024-0232
(From OE-Core rev: 748c18468cc7de0173ab4796805704b9376cd391)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2019-25051.patch
removed since it's included in 0.60.8.1
Changelog:
============
-Fix memory leak in suggestion code introduced in 0.60.8.
-Various documentation fixes.
-Fix various warnings when compiling with -Wall.
-Fix two buffer overflows found by Google's OSS-Fuzz.
-Other minor updates.
(From OE-Core rev: 1d7ab8b0bc129efadd9144b87fa5208b4a8fcd6c)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ec3c8642f71b470936b6dd29331afa467ab865c7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
From release notes:
1.22 bug-fix release (1.22.8) was released on 18 December 2023.
This release only contains bugfixes and security fixes and it should be safe to update from 1.22.x.
(From OE-Core rev: 7d43da3f6f83d9a58a3bc54e55fefd591274afca)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 132d8b7e0188aae8849ae43cfffabce4389a55df)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Set `CVE_STATUS`for those CVEs, they have already been fixed with the latest
pull for stable branch fixes done in rev
e444d2bed0. Hence the issues are fixed
already.
(From OE-Core rev: a7b92c9c675c2c111e0b41121c1232b2e79de4ea)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e6fe23c95f1d0a8a0503cb71557cf3272bf9945)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FIXES [YOCTO #12342]
When testing a Multilib image, the package manifest list contains
the fully qualified package name which includes the Multilib Prefix.
This patch adds the MLPREFIX to the package names that are passed
into the @OEHasPackage() decorator to ensure the set isdisjoint()
matches correctly.
(From OE-Core rev: a27983e0b6bde730fe501c9931119bf18b2c376b)
Signed-off-by: Saul Wold <sgw@bigsur.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ab87e4f92305b2a664cc473869e1615cf56e0936)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The tests were not cleaning up after themselves and making assumptions about
memory resident bitbake being stopped by the scripts.
Add cleanup logic to ensure the tests don't break other things and
clean up created files.
(From OE-Core rev: 81d7011a793de2548c573ebb84f60fb80a357bed)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 692dd762a0c817797c28381c6169205fbaeb2705)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It is possible we could crash holding a lock whilst parsing in this code.
Switch to use utils.fileslocked() in the with expression to avoid this.
This may be causing some of our strange intermittent failures in PRServ
tests.
(From OE-Core rev: 4e3c9526c2389fd08d86d986014313e1d404f1fb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e59db15e5df2cc3d0ae042454812a2d54cef77b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The vardepsexclude was subtly wrong in that it referenced STATE_MANMACH
when the actual variable name is SSTATE_MANMACH.
(From OE-Core rev: a681f90caec27d4076bdae3b5b19df2d7f5978cd)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ec5054396f7fafea2a071d2695ae111fc585d6e6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Use oe.utils.get_bb_number_threads to get max_process
(From OE-Core rev: 162607e3f7fd490c4b01775a9516a1bcf643eae6)
Signed-off-by: Clay Chang <clayc@hpe.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f0056dca0a44c374f1f0c5fccbf66ae88e0b1850)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These two tests seem to fail semi-regularly so just stop running them.
(From OE-Core rev: aa52e8fe6f53c5e3e5466385b683ea209d833845)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1bfa564f1aa8b865f6c3ae3501e6d5f6cc0542eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Since switch from Makefile to meson based build,
the version is no longer hardcoded but queried from git tag.
This works only if git history is available.
When shallow tarballs are used, tag is not available.
Example error for trusted-firmware-a from meta-arm:
dtc version too old (039a994), you need at least version 1.4.4
Backport also patch to fix version in meson file.
(From OE-Core rev: a77defdac80d4cc660d6b6677bc166a1d1d338b5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 319f5d8a32d1f4a71ac997ce4522249b08f84945)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update Upstream-Status for 0001-reexport.h-Include-unistd.h-to-compile-with-musl.patch.
(From OE-Core rev: 2323086931f2abd9b85fc1ec94b6b0d3efd6364a)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7189d1ea5c066b9ffc52103160bb34945fd779d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Updating linux-yocto/6.1 to the latest korg -stable release that comprises
the following commits:
fec3b1451d5f Linux 6.1.73
f9ee31dc7fcd cifs: fix flushing folio regression for 6.1 backport
0f22c8a6efe6 ipv6: remove max_size check inline with ipv4
b2c545c39877 Revert "nfsd: separate nfsd_last_thread() from nfsd_put()"
db5f2f4db8b7 Revert "nfsd: call nfsd_last_thread() before final nfsd_put()"
(From OE-Core rev: 84a86b91de33a048b8a4aafacb051c9dbc3abbca)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 27004956fb5ce3d4c2a48e64681b743763641f04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Xiangyu Chen
Email: xiangyu.chen@windriver.com
Subject: feature/security: add configs to harden protection
Date: Tue, 16 Jan 2024 18:22:31 +0800
Add some configs to harden protection:
CONFIG_HW_RANDOM_TPM=y Exposing the TPM's Random Number Generator as a hwrng device.
CONFIG_DEBUG_WX=y Warn on W+X mappings at boot.
CONFIG_SECURITY_DMESG_RESTRICT=y Restrict unprivileged access to the kernel syslog.
CONFIG_LDISC_AUTOLOAD=n Disable automatically load TTY Line Disciplines.
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: 6ee7b17677a39302bd14acbc2a4bfe5cb247f32e)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 33d3dd8f5469cb0b2999d7f935378899d447b3ce)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
