Changelog:
==========
DHCP: re-enter DISCOVER phase if server doesn't reply to our REQUEST
privsep: Allow __NR_dup3 syscall as some libc's use that instead of the dup2 dhcpcd uses
dev: Fix an issue where not opening the dev plugin folder if configured returned the wrong fd
privsep: Harden the launcher process detecting daemonisation.
compat: arc4random uses explicit_bzero if available
(From OE-Core rev: 4d2adb1112e24f8d3b22433d08d6ed4664bb8e8d)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The sshd keeps on terminating and restarting in servel minutes, we can observe
log from journalctl that the sshd was killed by systemd with signal 15:
systemd[1]: sshd.service start operation timed out. Terminating.
sshd[374]: Received signal 15; terminating.
When the sshd as a systemd service, it need to tell systemd with a "READY" status,
and when it is restarted, it need to tell systemd with a "RELOADING" status, otherwise,
systemd would treat it as failing service and restart it again.
Taken a patch from openssh upstream PR[1], that after using a signal to tell systemd
it is ready or reload now.
Ref:
[1] be18743591
(From OE-Core rev: 4090dca8e44ec79ccb9a674db31e835d20b51888)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Brings following changes
* 98bfdac5ce82 [BranchFolding] Remove dubious assert from operator< (#71639)
* 12c6ee8fd204 [GlobalOpt] Cache whether CC is changeable (#71381)
* 0a1274224ef8 [libc++] Fix UB in <expected> related to "has value" flag (#68552) (#68733)
* 42f8800b720f [clang] fix test PR69717.cpp (#72134)
* e666be92b44b [clang] Run test on x86 only
* aebee698ef16 [clang] Do not clear FP pragma stack when instantiating functions (#70646)
* 529aa6eadb27 [SLP]Fix PR70004: Do not change insert point for reduction gather nodes.
* 69b3baf9b87e [DAG] WidenVectorOperand - add basic handling for *_EXTEND_VECTOR_INREG nodes
* e7dc53b94212 [Mips] In LowerShift*Parts, xor with bits-1 instead of -1. (#71149)
* a6cbdae98272 [clang-format] Correctly annotate keyword operator function name (#66904)
* 094cfd14c813 Bump version to 17.0.5
* 05422e1dcf94 [Driver] Fix linking with -lm on Solaris (#65632)
* 910748f4ec5a [clang-repl] Fix BUILD_SHARED_LIBS symbols from libclangInterpreter on MinGW (#71393)
* 582f0469dae1 [CGExprConstant] stop calling into ConstExprEmitter for Reference type destinations (#70366)
(From OE-Core rev: d61add65014617c1e3c183fb1cf333b4b226d318)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If /etc/passwd is a symlink, sed -i on same file will replace the
symlink with a new file. Prevent that by adding --follow-symlinks
option to sed
(From OE-Core rev: 6ec004b2e7b4342465af8e5e6cc66041834821a0)
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- enable tls by default to fix:
| hash.c:16:12: fatal error: gnutls/crypto.h: No such file or directory
| 16 | # include <gnutls/crypto.h>
Changes in CUPS v2.4.7 (2023-09-20)
-----------------------------------
- CVE-2023-4504 - Fixed Heap-based buffer overflow when reading Postscript
in PPD files
- Added OpenSSL support for cupsHashData (Issue #762)
- Fixed delays in lpd backend (Issue #741)
- Fixed extensive logging in scheduler (Issue #604)
- Fixed hanging of `lpstat` on IBM AIX (Issue #773)
- Fixed hanging of `lpstat` on Solaris (Issue #156)
- Fixed printing to stderr if we can't open cups-files.conf (Issue #777)
- Fixed purging job files via `cancel -x` (Issue #742)
- Fixed RFC 1179 port reserving behavior in LPD backend (Issue #743)
- Fixed a bug in the PPD command interpretation code (Issue #768)
(From OE-Core rev: 0e33d6fc646e76390e5bf8a0f7b38bd15c83729c)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* similarly as direct dependencies before
* this doesn't fix any issue (at least AFAIK),
just keeps the log files more deterministic to avoid unnecessary churn like in:
perl-native.log.do_configure:
-NOTE: Installed into sysroot: ['zlib-native', 'make-native', 'perlcross-native', 'gdbm-native', 'xz-native', 'gettext-minimal-native', 'texinfo-dummy-native', 'libtool-native']
+NOTE: Installed into sysroot: ['zlib-native', 'make-native', 'perlcross-native', 'gdbm-native', 'libtool-native', 'gettext-minimal-native', 'texinfo-dummy-native', 'xz-native']
and similarly in "Note: Skipping as already exists in sysroot:
(From OE-Core rev: cedee02e1acaffd8932809ceb5b6f9bd4f861283)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- nanbield is now released
- update the start and end dates
(From yocto-docs rev: 81afa3c95276f9e3fbd1f282ad5954d591fbbb95)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After the following meta-yocto commits, MIRRORS & PREMIRRORS are no
longer set in the poky distro config file:
67b79df4fbff ("poky.conf: remove redundant MIRRORS")
1b71a3b9418f ("poky: Drop PREMIRRORS entries for scms")
(From yocto-docs rev: bc84dd0b6cdb1b2432ae60c036df9ee15cd53f34)
Signed-off-by: Paul Barker <paul.barker.ct@bp.renesas.com>
Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some of the autobuilder workers have python 3.11 or in the future 3.12.
Add these to allow toaster tests to work on those platforms.
(Bitbake rev: 04d5edd81f5e924370090d68fd4a254abaacbfe4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The event at the end of the function doesn't really belong there,
move it out so the function becomes cleaner. It also avoids having
to pass a number of parameters around, another sign this is the correct
thing to do. This continues refactoring started a while ago to improve
and modularise the code.
(Bitbake rev: f712b927a84e8b8deaa8c907e8f9bcdec681f2aa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conceptually, this belongs in sqdata so this is the next step in refactoring
this code, continuing what was started a while ago.
(Bitbake rev: 2cf267cb657cd1864db43955cc010abba7a64093)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES can be used to prevent known
not-reproducible packages to make the reproducible test fail.
For example, in local.conf:
OEQA_REPRODUCIBLE_EXCLUDED_PACKAGES = "example-not-reproducible"
To quote the original exclusion commit (4864764667)
> selftest/reproducible: add an exclusion list for items that are not yet reproducible
> [...]
> Non-reproducible excluded packages are not given to diffoscope and do not cause a
> failure, but still saved side-by-side with non-reproducible failing ones to make
> investigation easier.
NB: Patch was written by Richard with small fixes and a commit message
from Yoann.
(From OE-Core rev: bea0e3f5b8b383ae8590b874a5878f67832d6929)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
No other change.
Just cosmetic to avoid tripping the maximum line length of patchtest
when the next element will be added to the list.
(From OE-Core rev: 7c401fe421c2085f2e7fc14589ca44ec1791db03)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When making checkouts from git, the timestamps can vary and occasionally two files
can end up with the same stamp. This triggers make to regenerate ru.cp1251.po from
ru.po for example. If it isn't regenerated, the output isn't quite the same leading
to reproducibility issues (CP1251 vs cp1251).
Since we added all locales to buildtools tarball now, we can drop the locale
restrictions too. We need to generate a native binary for the sjis conversion
tool so also tweak that.
(From OE-Core rev: 042c1a501b1dae5ddb31307b461be02c3591c589)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Cleanup an extraneous # at the end of the hash bang line.
* Cleanup some trailing whitespace errors.
* Fix typo inf dunfull -> dunfell.
(Bitbake rev: 3938b53f40960ff4a96a55fe5ef35b69737538a3)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When running an asyncrpc server as a subprocess, it is often desired to
run it with a lower logging level since the normal logging of clients
connecting and disconnecting is not desired.
As such, add an option to set the logging level of the server when
running as a subprocess and set the level to WARNING when starting a
local hashserver or PRserver
(Bitbake rev: 61dac7b99ad6d2a858f85d8ed1b5524d558be6c8)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This adds support for the Nanbield (4.3) release and update the
current dev branch to Scarthgap.
(From yocto-docs rev: cfbb2cda2c3d221f944ae610c05039c9d12093bc)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libgs is eg. needed to build ghostscript support for gimp
also install the data target
(From OE-Core rev: cedd211d8b73076d1ef6f32af1c59e87a436d637)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The vast majority of gnome recipes uses meson. Set it as default
and override the few recipes that still use autotools.
This way we can remove a lot of lines in meta-oe and more important
it would not be needed to explicitly set GNOMEBASEBUILDCLASS = "meson" for newly
created gnome recipe anymore.
(From OE-Core rev: 8b061ea36f8b94b482c5867fe2ba7213288a5aa3)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
1.9.15p2:
- Fixed a bug on BSD systems where sudo would not restore the
terminal settings on exit if the terminal had parity enabled.
1.9.15p1:
- Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based
sudoers from being able to read the ldap.conf file.
1.9.15:
- Fixed an undefined symbol problem on older versions of macOS
when "intercept" or "log_subcmds" are enabled in sudoers.
- Fixed "make check" failure related to getpwent(3) wrapping
on NetBSD.
- Fixed the warning message for "sudo -l command" when the command
is not permitted. There was a missing space between "list" and
the actual command due to changes in sudo 1.9.14.
- Fixed a bug where output could go to the wrong terminal if
"use_pty" is enabled (the default) and the standard input, output
or error is redirected to a different terminal. Bug #1056.
- The visudo utility will no longer create an empty file when the
specified sudoers file does not exist and the user exits the
editor without making any changes. GitHub issue #294.
- The AIX and Solaris sudo packages on www.sudo.ws now support
"log_subcmds" and "intercept" with both 32-bit and 64-bit
binaries. Previously, they only worked when running binaries
with the same word size as the sudo binary. GitHub issue #289.
- The sudoers source is now logged in the JSON event log. This
makes it possible to tell which rule resulted in a match.
Running "sudo -ll command" now produces verbose output that
includes matching rule as well as the path to the sudoers file
the matching rule came from. For LDAP sudoers, the name of the
matching sudoRole is printed instead.
- The embedded copy of zlib has been updated to version 1.3.
- The sudoers plugin has been modified to make it more resilient
to ROWHAMMER attacks on authentication and policy matching.
This addresses CVE-2023-42465.
- The sudoers plugin now constructs the user time stamp file path
name using the user-ID instead of the user name. This avoids a
potential problem with user names that contain a path separator
('/') being interpreted as part of the path name. A similar
issue in sudo-rs has been assigned CVE-2023-42456.
- A path separator ('/') in a user, group or host name is now
replaced with an underbar character ('_') when expanding escapes
in @include and @includedir directives as well as the "iolog_file"
and "iolog_dir" sudoers Default settings.
- The "intercept_verify" sudoers option is now only applied when
the "intercept" option is set in sudoers. Previously, it was
also applied when "log_subcmds" was enabled. Sudo 1.9.14
contained an incorrect fix for this. Bug #1058.
- Changes to terminal settings are now performed atomically, where
possible. If the command is being run in a pseudo-terminal and
the user's terminal is already in raw mode, sudo will not change
the user's terminal settings. This prevents concurrent sudo
processes from restoring the terminal settings to the wrong values.
GitHub issue #312.
- Reverted a change from sudo 1.9.4 that resulted in PAM session
modules being called with the environment of the command to be
run instead of the environment of the invoking user.
GitHub issue #318.
- New Indonesian translation from translationproject.org.
- The sudo_logsrvd server will now raise its open file descriptor
limit to the maximum allowed value when it starts up. Each
connection can require up to nine open file descriptors so the
default soft limit may be too low.
- Better log message when rejecting a command if the "intercept"
option is enabled and the "intercept_allow_setid" option is
disabled. Previously, "command not allowed" would be logged and
the user had no way of knowing what the actual problem was.
- Sudo will now log the invoking user's environment as "submitenv"
in the JSON logs. The command's environment ("runenv") is no
longer logged for commands rejected by the sudoers file or an
approval plugin.
(From OE-Core rev: 5ea298680a8f17d3b808a2c43b0182e9c391f663)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The current code in ssh.py is terminating the ssh process that
does not finish its computation in a given timeout (when timeout
is passed), the SSHCall function is returning the process error
code.
The Openssl ssh before version 8.6_p1 is returning 0 when it is
terminated, from commit 8a9520836e71830f4fccca066dba73fea3d16bda
onwards (version >= 8.6_p1) ssh is returning 255 instead.
So for version of ssh older than 8.6_p1 when the SSHCall time out,
the return code will be 0, meaning success, which is wrong.
Fix this issue checking if the process has timeout (hence it's been
terminated) and checking if the returned code is 0, in that case
set it to 255 to advertise that an error occurred.
Add a test case excercising the timeout in the SSHTest, test_ssh
test function.
(From OE-Core rev: 948fecca1db4c7a30fcca5fcf5eef95cd12efb00)
Signed-off-by: Luca Fancellu <luca.fancellu@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
automatic detection could result in inconsistent host dependencies
since it will be enabled for libarchive-native if the build host has
libb2 installed and this can then fail on hosts which do not have
this library installed
Fixes errors like
recipe-sysroot-native/usr/bin/opkg: error while loading shared libraries: libb2.so.1: cannot open shared object file: No such file or directory
(From OE-Core rev: 5356afef9f0ee70fb804ff9fc8746bcaa47c02ba)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Check if the filesystem is supported by the kernel before trying to
mount it. Systemd-mount will mount the directories asynchronously
resulting in stale directories if the devices filesystem is not
supported.
(From OE-Core rev: 695e0a41e3c1cb47484605934a57e7df591bd19f)
Signed-off-by: Lukas Funke <lukas.funke@weidmueller.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
