Additional test cases for debug symlink generation both binaries
and static libraries.
This also has the side effect of testing for race conditions in the
hardlink debug generation and stripping.
(From OE-Core rev: 39823d3211411e661320e1164ba4c50370804425)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7171f41c07a39a7543bb64f075d38b8e74563089)
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When PACKAGE_STRIP_STATIC is enabled the system did not pay attention to
hardlinks. This could trigger a race condition during stripping of static
libraries where multiple strips (through hardlinks) could run at the same
time triggering a truncated or modified file error.
The hardlink breaking code is based on the existing code for elf files, but
due to the nature of the symlinks needed to be done in a separate block of
code.
Add support for static-library debugfs hardlinking through the existing
inode processing code.
Print a note to the logs if the link target can't be found. This isn't
strictly an error, but may be useful for debugging an issue where a file
isn't present.
(From OE-Core rev: c2809691992dab48a360c9516d205ec031378cda)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ff371d69f60a1529ed456acb7d8e9305242e74bd)
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This includes fix for: CVE-2024-26327, CVE-2024-26328 and CVE-2024-3447
General changelog for 8.2: https://wiki.qemu.org/ChangeLog/8.2
Droped 0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch,
CVE-2024-3446 and CVE-2024-3567 since already contained the fix.
(From OE-Core rev: 1a6d502c04fad0d190bb665e9d454b85c0853fcc)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit incorporates changes in following master branch commits:
f3479f74c9 libyaml: Amend CVE status as 'upstream-wontfix'
3ebb2ca832 libyaml: Change CVE status to wontfix
56b6b35626 libyaml: Update status of CVE-2024-35328
which mitigate the following warning with cve-check.bbclass:
WARNING: libyaml-native-0.2.5-r0 do_cve_check: Found unpatched CVE (CVE-2024-35328), for more information check .../tmp/work/x86_64-linux/libyaml-native/0.2.5/temp/cve.log
(From OE-Core rev: a88c83ba93346b62c2a360ab71bacc57585fec60)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These recipes come from rust sources and CVEs are reported for them
under rust-lang:rust vendor:product touple.
Especially libstd-rs needs correct CVE_PRODUCT as is it installed on
target devices (being statically linked to rust compiled binaries).
before:
cargo: CVE_PRODUCT="cargo"
cargo-c-native: CVE_PRODUCT="cargo-c"
libstd-rs: CVE_PRODUCT="libstd-rs"
rust: CVE_PRODUCT="rust"
rust-cross-canadian: CVE_PRODUCT="rust-cross-canadian-<arch>"
rust-llvm: CVE_PRODUCT="rust-llvm"
after:
cargo: CVE_PRODUCT="cargo"
cargo-c-native: CVE_PRODUCT="cargo-c"
libstd-rs: CVE_PRODUCT="rust"
rust: CVE_PRODUCT="rust"
rust-cross-canadian-x86-64: CVE_PRODUCT="rust"
rust-llvm: CVE_PRODUCT="rust-llvm"
Product for rust-llvm is uncertain and, should be handled in another
commit if it is desired to align it, too.
sqlite> select vendor, product, count(product) from products where vendor="rust-lang" group by product;
rust-lang|async-h1|2
rust-lang|cargo|5
rust-lang|future-utils|2
rust-lang|futures-task|2
rust-lang|mdbook|1
rust-lang|regex|2
rust-lang|rsa|2
rust-lang|rust|45
rust-lang|socket2|1
(From OE-Core rev: 91bfe1f64ee3e2b8534baa8a3eb2fb7fa3521657)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e8cf1df16a6ec2785cacaf608bec5cd8496103af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Drop our sd-notify patch and switch to the upstream standalone
implementation that does not depend on libsystemd.
(From OE-Core rev: 1c9d3c22718bf49ae85c2d06e0ee60ebdc2fd0c1)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 07522f85a987b673b0a3c98690c3c17ab0c4b608)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Still side effects of the XZ backdoor.
Racional [1]:
License incompatibility and library bloatedness were the reasons.
Given recent events we're never going to take a dependency on libsystemd,
though we might implement the notification protocol ourselves if it isn't too much work.
[1] https://github.com/openssh/openssh-portable/pull/375#issuecomment-2027749729
(From OE-Core rev: 29faae166366dd022598b95fb1595bd9473d2a17)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c3403bb6254d027356b25ce3f00786e2c4545207)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The rationale [1] is that C11 6.5.6.9 says:
"""
When two pointers are subtracted, both shall point to elements of the
same array object, or one past the last element of the array object; the
result is the difference of the subscripts of the two array elements.
"""
In these cases the objects are arrays of char so the result is defined,
and we believe that the compiler incorrectly trapping on defined behaviour.
I also found https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63303
("Pointer subtraction is broken when using -fsanitize=undefined") which seems to support this position.
[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2608
(From OE-Core rev: ea9b6812e2e547767d430a05f4f9282f6988468a)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cf193ea67ca852e76b19a7997b62f043b1bca8a1)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The SCP protocol was deprecated in favor of the SFTP.
For the legacy SCP protocol scp should be run with "-O".
Instead of adding "-O" on the scp_options ssh oeqa we can
require the openssh-sftp-server to be instaled on the target.
This way the test will work more deterministic regardless of
the host machine client used.
For the old fashion clients still using legacy SCP protocol
the openssh-sshd server will be used, for the new ones using
the SFTP the openssh-sftp-server will be picked.
(From OE-Core rev: 7629a47d6cac36c78184788010f754175853bb03)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2f43da91ba20d18bc419bca7651bb383a51f20af)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3-ctypes was dropped as a dependency in v19.2.0
(From OE-Core rev: 48c43d2ff467c067d1518dc55d8d6da39bea159a)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d06116caf2382ad4782b9b2da50534d076a736d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The patch is specific to how oe-core runs autotools-generated tests:
by cherry-picking needed bits from builddir and srcdir, then hacking
Makefile with sed until it runs.
As GNU is not interested in installable tests, they wouldn't be
interested in this patch either; and if they become interested,
it's probably going to be done in a whole different way.
(From OE-Core rev: c7a8632469913638070878022bffac5588201006)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd13c29bee330d381e1e574351348e526500e396)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fix this error where 'coredumpctl info' warns that the coredump is still being
processed:
```
AssertionError: 1 != 0 : MiniDebugInfo Test failed: No match found.
-- Notice: 1 systemd-coredump@.service unit is running, output may be incomplete.
```
(From OE-Core rev: ad1ce64f5c1f22a7b10025d8cba20dc74354ac81)
(From OE-Core rev: f7e824477ef75fcea8e0b777278413304def631c)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed562345d5a5f2edb649028553199f3f7966e19e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The commit “Use a copy of image for kernel*.rpm if fs doesn't support
symlinks” [1] added postinst and postrm scripts to the kernel package which
create a symlink after package installation. This should not happen if
`KERNEL_IMAGETYPE_SYMLINK` is not `1`.
Background: The u-boot implementation of jffs2 does not support symlinks.
Using a hardlink or removing `${KERNEL_VERSION}` from the file name fails,
because the current postinst script replaces the file with the symlink.
[1] 8b6b95106a
Cc: Bruce Ashfield <bruce.ashfield@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Yanfei Xu <yanfei.xu@windriver.com>
(From OE-Core rev: 6916c19c8a09d8d0334c957ae541aafcbbcf92df)
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6a763401862d9ee96749ad18378b6344778c2c66)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Source dir can be a symbolic link in some BSP's linux kernel recipe
which points to work-shared path (like linux-fslc in meta-freescale).
Change to use os.path.realpath() in order to get real path of
source dir.
(From OE-Core rev: 340dc094df5eda4a3834a90578b331d9edcffa94)
Signed-off-by: Benjamin Szőke <egyszeregy@freemail.hu>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9191aa685418af32f003e067ef7c5737a271e3a5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Where we're using DL_DIR in sdk archive to try and cache testing artefacts,
copy into the cache so that it gets populated and this doesn't have to be done
manually. Currently we're making a lot of repeat requests to github as this
wasn't being populated.
(From OE-Core rev: 048467673ceb075277c5a4fbbb40b9c3e41864e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a3284958a2cc6c90a5fac26976bddc23f821c972)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This test is causing problems on the Autobuilder, so disable it for now.
(From OE-Core rev: 9eafd0c56b279a7c3025b0dcd00745baead15bb6)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ac000b00ec615b3e51dda8d819015d5e7110ed88)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These tests are causing hangs on the Autobuilder, so disable them for
now.
(From OE-Core rev: 141c348ce83552beae88e115d9c4db5802c6e0f4)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 291f37808f1a2b2fdc8190696867f974994457c0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This option fails with clang compiler when testing for soft-float because
OE enforces this option via CCARGS however, gtub's
makefile/configure does disable all sse options when checking for
soft-float support, but it can not disable -mfpmath=sse as its inserted
by OE, therefore remove it in recipe
Fixes build errors seen with clang/musl like on x86
error: the 'sse' unit is not supported with this instruction set
(From OE-Core rev: 17273366f23702077fe7a270afc7b5d26a650bf7)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad76da4ff6d7110747b620621ae3728de9905465)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
When the libnftnl PACKAGECONFIG is enabled, the "iptables" symlink is correctly
points to xtables-nft-multi, however the "iptables-save" and
"iptables-restore" are still point to the xtables-legacy-multi.
So, when the "iptables" command is used it's using the nftables backend
where is the "iptables-save/restore" are using the legacy backend.
This is not consistent with other distros (e.g. Ubuntu).
The issue was identified when testing the UFW firewall with nftables backend.
(From OE-Core rev: 2c0d03ed7bb9c17b1c3ccefd00bf3a4ede9e291f)
Signed-off-by: Kirill Yatsenko <kiriyatsenko@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6579e4333b74232d8b576c399eab88e37da881ac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It always executes the scripts whether 'qemu-usermode' in
'MACHINE_FEATURES' or not. Fix the criterion to make it work.
(From OE-Core rev: 6f73c5df726eef7db32ab0fd1aa2ea4e45b3493c)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9e163246dcbbd2187c9ba28432c613b0d6c850c6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Replace deprecated e.data with d in multilib.bbclass and
multilib_global.bbclass.
Remove event check in function multilib_virtclass_handler_vendor in
multilib_global.bbclass. The function flag 'eventmask' has been set
with 'bb.event.ConfigParsed', so no need to check the event any more.
(From OE-Core rev: 01a84c3db74e8cc4923016c312a484a252fcfee0)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d87662d676a2b9ef921cb49ea6edc07b37410e2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
If we check for empty variables, it does not make sense to print their
content in case they are empty.
Additionally, the error message in the 'kernel' check attempted to print
the wrong variable ('target') which was not even defined, yet.
Also, raising WicError doesn't require an extra newline.
(From OE-Core rev: a1cbf4d5ea5f852144d0cc70be99d6338c618fcd)
Signed-off-by: Enrico Jörns <ejo@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f31cf475d0235f42d73aeec07694f79b9937fd76)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The test was failing with core-image-full-cmdline which uses sleep from coreutils instead of sleep from busybox.
(From OE-Core rev: 2b71641b9c1b8f7e67527d2242a6a65b1e849ded)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8497edf0c56da34ea7b7509b8fcd46fcba2fd0e3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
License-Update: Updated copyright year
Changelog:
==========
* Fix issue where specially crafted inputs to encode() could take exceptionally
long amount of time to process. [CVE-2024-3651]
(From OE-Core rev: b6f8938c8048d08e29233fa29f5104b044353cf7)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The variable contains the suffix of the CVE JSON manifest file.
By default, this variable is set to 'json', so the current behavior
is not changed, but enables developers to use some other suffix,
e.g., cve.json (similar to spdx.json).
(From OE-Core rev: 0cb103430d0505a3cd135e727379489bc3fe6e46)
Signed-off-by: Aleksandar Nikolic <an010@live.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d99eee76923659c0b95bf9ef415ae5d44f736d01)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg version n6.1.1 was discovered to contain a heap use-after-free via the av_hwframe_ctx_init function.
(From OE-Core rev: bd9fe64c40f7f4e1d18b5d33a9a366e95c2ddd2d)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker
to execute arbitrary code via the ff_bwdif_filter_intra_c function in the
libavfilter/bwdifdsp.c:125:5 component.
(From OE-Core rev: 814a688d1dc3f22cf7d1b88bde6842b032c13d12)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The code that used these variable and the comment was introduced in
commit b44d32ef41 ("insane.bbclass: Portions of code were not running,
fix this and sync with OE.dev. Also add tests for bad sysroot rpaths in
binaries"). Later, in commit 17dae13fabe2 ("insane.bbclass: Fix ELF
bitsize comparison"), some of that code was removed again, but not the
variables and the comment.
(From OE-Core rev: c00a9a8f25b0042b0723a5d20b88e92d473d22bf)
Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 730d00b0d1d1d617b62900be12fa034bb41fc48b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Commit cd25e5544ca3 ("insane: use HOST_ variables, not TARGET_ to
determine the cross system") updated the variables themselves, but not
their names. To prevent confusion, match the Python variable name to the
BitBake variable name.
(From OE-Core rev: 7fd25eaa8fd5533d03d5f10792e2e6c30c64cc3c)
Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f5bebc96580ec74d10bc96b4265357ebc9bcd6ad)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
After commit cd25e5544ca3 ("insane: use HOST_ variables, not TARGET_ to
determine the cross system"), this check is no longer necessary. The
introduction of HOST_ variables ensures architecture compatibility is
correctly checked.
(From OE-Core rev: dd29c810970038e9ee427cc1b75f61e708fcd0d5)
Signed-off-by: Emil Kronborg <emil.kronborg@protonmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6e1ddeb05dcd5ff77e0f5526a6e56a484daa4864)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
In sanity.bbclass the tar version is checked as tar needs to be recent enough
for reproducible builds. Tar could also be provided by other means then gnutar,
but we mean the version of gnutar in the check. Hence we also should ensure
that the installed tar is gnutar.
[YOCTO #14205]
(From OE-Core rev: 49edd9e5d48abe66135391617c6b901a5f454dab)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bdef30bd887cd208d7822dd7853d33e24a6b7a4c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The builtin command "sleep" was getting executed instead of the busybox binary.
Hence "pidof sleep" was empty and the test was failing.
(From OE-Core rev: dfde05c64a7d9f01f09a34e76509ef80501f0db7)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3188f3f0718b8a59bc9e3cae4cdf74e82bdb86c3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
