Kernel commit:
commit 3d4b396a616d0d67bf95d6823ad1197f6247292e
Author: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon Oct 11 15:37:04 2021 +0200
landlock: Use square brackets around "landlock-ruleset"
commit aea0b9f2486da8497f35c7114b764bf55e17c7ea upstream.
Make the name of the anon inode fd "[landlock-ruleset]" instead of
"landlock-ruleset". This is minor but most anon inode fds already
carry square brackets around their name:
[eventfd]
[eventpoll]
[fanotify]
[fscontext]
[io_uring]
[pidfd]
[signalfd]
[timerfd]
[userfaultfd]
For the sake of consistency lets do the same for the landlock-ruleset anon
inode fd that comes with landlock. We did the same in
1cdc415f1083 ("uapi, fsopen: use square brackets around "fscontext" [ver #2]")
for the new mount api.
Cc: linux-security-module@vger.kernel.org
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Link: https://lore.kernel.org/r/20211011133704.1704369-1-brauner@kernel.org
Cc: stable@vger.kernel.org
Signed-off-by: Mickaël Salaün <mic@linux.microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Changed the format of the landlock tracing. We need to update the strace
expected string to match.
Upstream-Status: Submitted [https://lists.strace.io/pipermail/strace-devel/2022-April/011064.html]
(From OE-Core rev: bf7d885aef06f6208533dd5fab45ee8e92d6d6d7)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
its in auto mode, which is troublesome particularly on native recipe
where it pokes at build host to find this library if its not in native
sysroot and when build host has libbpf installed it enables it silently
otherwise disables the support. so lets make it deterministic, and if
one needs to enable this feature then enable the packageconfig
intentionally, It was found when trying to solve this QA warning
Skipping RPATH /usr/lib64 as is a standard search path for /mnt/b/yoe/master/build/tmp/work/x86_64-linux/qemu-system-native/6.2.0-
r0/sysroot-destdir/mnt/b/yoe/master/build/tmp/work/x86_64-linux/qemu-system-native/6.2.0-r0/recipe-sysroot-native/usr/bin/qemu-system-x86_64
This is becasue qemu's build system adds the needed flags to -rpath for
the libraries it needs and in this case it has found libbpf.so in
/usr/lib64 on build host.
(From OE-Core rev: 3d493928b7c98ab11b5d8c50924b1a2c464bf7f5)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
strace ptests can run successfully with root user, there is no need to
run as "nobody". The ptest results are the same.
(From OE-Core rev: 5ab213178c011152e29dfb0a80251c5e5ab79900)
Signed-off-by: Jiaqing Zhao <jiaqing.zhao@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dropped patches are either backports, were merged upstream,
or upstream fixed the issue differently.
(From OE-Core rev: 4c9b619eb7cd91e7ffc8db0f5571a4dbe6966ccc)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Rebase 0001-python-module-do-not-manipulate-the-environment-when.patch
(From OE-Core rev: 65411c5d632adeac5eab322ae1a54ec8b6d3e5af)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Do not version patch directories; we carry only one version of go.
(From OE-Core rev: f7a9f330f92d85612196d7a8d77893a1b0a870aa)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream has transitioned to flit from setuptools.
(From OE-Core rev: 2087d8faa48879277111ab3eff9e01d099a5bb6b)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream has transitioned to flit from setuptools.
(From OE-Core rev: 2199a1274bf2801fee5e1818f4a57266bfe3025c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2015-20107 describes an arbitrary command execution in the mailcap
module, but this is by design in mailcap and needs to be worked around
by the calling application.
Upstream Python will be documenting this flaw in the library reference,
and it is likely that the mailcap module will be deprecated and removed
in the future.
(From OE-Core rev: 85fac8408baf92d8b71946f5bfea92952b7eab01)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This release is primarily to fix two CVEs:
- CVE-2021-28544
- CVE-2022-24070
It also rewrites the macOS autoconf macros to be cross-compile friendly,
so we don't need to delete them anymore.
(From OE-Core rev: ecfbc2ef45a76ab96d215954ca0a109545e6ff02)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a patch from upstream (will be in qemu 7.0) to add an option to
disable the legacy i8042 support (AT keyboard, PS/2 mouse). These
devices are very historical and modern Linux environments use USB anyway.
(From OE-Core rev: d73e4fcfc9ca4aab25f7751ba17974a839d6340f)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-gptcurses-correct-ncurses-6.3-errors.patch
removed since it's included in 1.0.9.
Changelog:
===========
- Added support for aligning partitions' end points. This feature affects the
default partition size when using n in gdisk; it affects the default
partition size in cgdisk; and it's activated by the new -I option in sgdisk.
See the programs' respective man pages for details. This feature is intended
to help with LUKS2 encryption, which reacts badly to partitions that are not
sized as exact multiples of the encryption block size.
- Added several new partition type codes:
FreeBSD nandfs (0xa506)
Apple APFS Pre-Boot (0xaf0b)
Apple APFS Recovery (0xaf0c)
ChromeOS firmware (0x7f03)
ChromeOS mini-OS (0x7f04)
ChromeOS hibernate (0x7f05)
U-Boot boot loader (0xb000)
27 (!) codes for Fuchsia (0xf100 to 0xf11a)
- Added the ability to build sgdisk and cgdisk for Windows.
- Added a check for too-small disks (most likely to be an issue when trying to
use a too-small disk image); program now aborts if this happens.
- Removed stray debugging code that caused partNum is x to be printed when
changing a partition's name with sgdisk.
- Fixed build problems with recent versions of ncurses.
- Fixed bug that caused cgdisk to report incorrect partition attributes.
(From OE-Core rev: a0e6ee2b34ae21764f8a5a649916488902016395)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is for improving reproducibility to trim absolute paths as these
recipes do not inherit go bbclass where it would be set automatically
(From OE-Core rev: 365dae4e47b956b39fb62d9c6dcb917a11b37cba)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This overcomes the linking errors e.g.
| /usr/lib/go/src/cmd/go/internal/base/base.go:110:(.text+0x60fef8): relocation R_MIPS_26 against `a local symbol' cannot be used when making a shared object; recompile with -fPIC | /usr/lib/go/src/cmd/go/internal/base/base.go:110:(.text+0x60ff0c): relocation R_MIPS_HI16 against `a local symbol' cannot be used when making a shared object; recompile with -fPIC
(From OE-Core rev: 4b379e94ea6d5b96245c8724689209b44cace562)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is local invention which is no longer needed, pie-mode works good
now a days to build go for target
(From OE-Core rev: 118411a565fb39df4bbae2a0ef2b25f03607a3a5)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1.18 is a major release brings in long awaited new features e.g.
generics, fuzzing
Detailed list is here [1]
Drop patches to manipulate multiword CC/CXX as go has fixed it
differently [2]
Drop cgo portion of patch to hack hash generation logic
either we should find a way to not use it or redo it,
in current form its not upstreamable and its
altering core features of go compiler, it can not be maintained as is
Do not emit linkinfo into the actionID
Drop ignoring CVE-2021-29923 its already addressed in go >= 1.17
[1] https://go.dev/doc/go1.18
[2] https://groups.google.com/g/golang-codereviews/c/fUhCbpYG7HE
(From OE-Core rev: 1a99cc2eed34434d75b2f53af1616ad79eef0906)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
Rename strtoi to strosi (string to signed int). The strtoi function
on BSD does something else (returns an intmax, not an int)
(From OE-Core rev: abfd393eb659dcd12d1eee34c62f157336e9fb07)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
Deprecated and removed features:
--------------------------------
* JSON_C_OBJECT_KEY_IS_CONSTANT is deprecated in favor of
JSON_C_OBJECT_ADD_CONSTANT_KEY
* Direct access to lh_table and lh_entry structure members is deprecated.
Use access functions instead, lh_table_head(), lh_entry_next(), etc...
* Drop REFCOUNT_DEBUG code.
New features
------------
* The 0.16 release introduces no new features
Build changes
-------------
* Add a DISABLE_EXTRA_LIBS option to skip using libbsd
* Add a DISABLE_JSON_POINTER option to skip compiling in json_pointer support.
Significant changes and bug fixes
---------------------------------
* Cap string length at INT_MAX to avoid various issues with very long strings.
* json_object_deep_copy: fix deep copy of strings containing '\0'
* Fix read past end of buffer in the "json_parse" command
* Avoid out of memory accesses in the locally provided vasprintf() function
(for those platforms that use it)
* Handle allocation failure in json_tokener_new_ex
* Fix use-after-free in json_tokener_new_ex() in the event of printbuf_new() returning NULL
* printbuf_memset(): set gaps to zero - areas within the print buffer which
have not been initialized by using printbuf_memset
* printbuf: return -1 on invalid arguments (len < 0 or total buffer > INT_MAX)
* sprintbuf(): propagate printbuf_memappend errors back to the caller
Optimizations
--------------
* Speed up parsing by replacing ctype functions with simplified, faster
non-locale-sensitive ones in json_tokener and json_object_to_json_string.
* Neither vertical tab nor formfeed are considered whitespace per the JSON spec
* json_object: speed up creation of objects, calloc() -> malloc() + set fields
* Avoid needless extra strlen() call in json_c_shallow_copy_default() and
json_object_equal() when the object is known to be a json_type_string.
Other changes
-------------
* Validate size arguments in arraylist functions.
* Use getrandom() if available; with GRND_NONBLOCK to allow use of json-c
very early during boot, such as part of cryptsetup.
* Use arc4random() if it's available.
* random_seed: on error, continue to next method instead of exiting the process
* Close file when unable to read from /dev/urandom in get_dev_random_seed()
(From OE-Core rev: 536251685e6de9d120d79e37ddf9fabd8cbf1c17)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
