recent change create a blank scope of DEPENDS for class-target,
basically leaving out all general dependencies, leading to the effect
that ruby will be shipped without the runtime dependencies of zlib,
openssl and libffi, making the corresponding gems unusable at runtime.
As the class-target scope should be appended only the correct override
is append:class-target
(From OE-Core rev: 81fab225daf798792c139f669f5bfd96d9fd25a8)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8f92444d388d2406be7d317578908975784d3f22)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In particular libffi was missing from native, which
led to linking with host libffi instead.
(From OE-Core rev: 61e38b71566183e329d980e26fe8ffe8d331c3a1)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 293c9f879252a814107579542e8fca9af9dde599)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake
file to configure the toolchain correctly in cross-compile build for recipes
using cmake. The variable CMAKE_LDFLAGS_FLAGS is spelled incorrectly, cmake expects
CMAKE_SHARED_LINKER_FLAGS, CMAKE_STATIC_LINKER_FLAGS, CMAKE_EXE_LINKER_FLAGS and
CMAKE_MODULE_LINKER_FLAGS to be set instead. As cmake already correctly initializes
these from environment there is no need to specify the linker flags in the toolchain
file at all. So this just removes the variable, as its value was also set wrong.
(From OE-Core rev: cf17fc284bcffe1d5b0797c733bcc2eb293a5d8f)
Signed-off-by: Martin Beeger <martin.beeger@online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 52e59a5b37f55905ee693a99f9ffc34ed41b4283)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rpmbuild can start processing random memory when processing the value
provided by XZ_THREADS, and unintentionally disable encoding for a
file descriptor that in fact requires encoding to be enabled in order
for lzwrite() to actually create an rpm.
*** Fdopen(0x7f2030002b30,w6T16.xzdio) | fdio 23 fp (nil)
==> lzopen_internal("w6T16", 23, 1)
==> lzopen_internal set encoding
==> lzopen_internal clear encoding
==> Fdopen(0x7f2030002b30,"w6T16.xzdio") returns fd 0x7f2030002b30 | xzdio 0x7f2030004e30 fp 23 | fdio -1 fp (nil)
==> lzwrite(0x7f2030004e30, 0x7f20789d8070, 6) encoding 0
==> Fwrite(0x7f2030002b30,0x7f20789d8070,6) rc -1 | xzdio 0x7f2030004e30 fp 23 | fdio -1 fp (nil)
error: create archive failed: cpio: write
When the encoding bit gets cleared on the LZFILE* struct, lzwrite() then
rightfully complains when it detects !lzfile->encoding, which then gets
bubbled up as a write failure when we go to create the archive.
This fix is available in the rpm 4.17-release.
(From OE-Core rev: b093005d31467d89b00af621f86eb5cac7f845af)
Signed-off-by: Kyle Russell <bkylerussell@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make the license more accurate by specifying the specific variant of BSD
license instead of the generic one. This helps with SPDX license
attribution as "BSD" is not a valid SPDX license.
(From OE-Core rev: 966fb77981e4fed0ab7998439940b1e05dd0ee43)
(From OE-Core rev: a7fe869c49bdc2e9a2b69b763779a642dc0c6e35)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Nisha Parrakat <nisha.m.parrakat@bmw.de>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
`googlemock` has been absorbed into the
[googletest](https://github.com/google/googletest) project and is built
and installed from the same source tree.
`googletest` has provided a CMake Config-file Package starting with
GTest 1.8.1. `find_package(GTest ...)` by default dispatches first to
CMake Find Module. Starting with CMake commit
2327b4330cce157d616ff8b611b3e77568d00351 in CMake v3.20.0 the module
dispatches onward to the Config-file Package so that the same targets
are available. In pre v3.20.0 versions of CMake however the Find Module
masks the targets provided by the upstream `GTest` package.
Update `Modules/FindGTest.cmake` to provide the same targets as the
CMake Config-file Package and backwards compatible targets and result
variables.
(From OE-Core rev: 3b05fb01ec0e51c85d8ed62618467e57be91b928)
Signed-off-by: Eero Aaltonen <eero.aaltonen@vaisala.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Keep installed packages in upgrade job
This prevents duplicate identical packages from being reinstalled
with each upgrade
(From OE-Core rev: 87c413d2a9554412d02dee4534febfafdbe4a4c1)
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark goal.upgrade with sltr as targeted
This allows a bugfix in dnf to work
(From OE-Core rev: f17edb6854985ffb1a43b8288253f9618334fc3f)
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
git_connect_git in connect.c in Git before 2.30.1 allows a repository path to contain a newline character,
which may result in unexpected cross-protocol requests,
as demonstrated by the git://localhost:1234/%0d%0a%0d%0aGET%20/%20HTTP/1.1 substring.
Upstream-Status: Backport [a02ea57717]
CVE: CVE-2021-40330
(From OE-Core rev: ea0d7ef4a8c9bba94bd603ebd19e502faa86293b)
Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Release Date: Aug. 30, 2021
This is a security release of Python 3.8
Note: The release you're looking at is Python 3.8.12, a security bugfix release
for the legacy 3.8 series. Python 3.10 is now the latest feature release series
of Python 3. Get the latest release of 3.10.x here.
Security content in this release contains four fixes. There are also four
additional fixes for bugs that might have lead to denial-of-service attacks.
Finally, while we're not providing binary installers anymore, for those users
who produce installers, we upgraded the OpenSSL version used to 1.1.1l.
Take a look at the change log for details.
According to the release calendar specified in PEP 569, Python 3.8 is now in the
"security fixes only" stage of its life cycle: 3.8 branch only accepts security
fixes and releases of those are made irregularly in source-only form until
October 2024. Python 3.8 isn't receiving regular bug fixes anymore, and binary
installers are no longer provided for it. Python 3.8.10 was the last full bugfix
release of Python 3.8 with binary installers.
This release includes a fix for CVE-2021-29921.
References:
https://docs.python.org/release/3.8.12/whatsnew/changelog.html#changelog
(From OE-Core rev: ff52cf448c5e26246f8637d0b8957c5c479fa389)
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add fcntl64 wrapper which hopefully fixes issues seen in findutils and the find
command in the libtool removal code when built with LFS compile flags on Gentoo.
(From OE-Core rev: c87d2dd8ec10d8164b0bff4307ea66f41b3360d4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f26867fe4daec7299f59a82ae4a0d70cceb3e082)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pulls in:
pseudo_db: Flush DB if there is a shutdown request
fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ (test fix)
(From OE-Core rev: 649333a0d1bd5be4d5fb8a494e06686e08d291be)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0882095d608ce3abbcc9814517434c21ea549063)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since file-native is ASSUME_PROVIDED magic.mgc is not being staged. As
a result diffoscope-native is failing with:
magic.MagicException: b'could not find any valid magic files!
Fix this by adding dependency on file-replacement-native
(From OE-Core rev: dcd8294f826f6e061cdd01c6c3594789ed46732e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the missing rdepends to fix below error:
# python3
[snip]
>>> import magic
[snip]
ModuleNotFoundError: No module named 'ctypes'
ModuleNotFoundError: No module named 'tempfile'
(From OE-Core rev: ba5562d34653fa6b5819dbc8ca80a42167c38c96)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 115791844124bdddfbaec9d75bb887ef35c41f20)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This update was made with the convert-scruri.py script in scripts/contrib
This script handles two emerging issues:
1. There is uncertainty about the default branch name in git going forward.
To try and cover the different possible outcomes, add branch names to all
git:// and gitsm:// SRC_URI entries.
2. Github are dropping support for git:// protocol fetching, so remap github
urls as needed. For more details see:
https://github.blog/2021-09-01-improving-git-protocol-security-github/
(From OE-Core rev: 827a805349f9732b2a5fa9184dc7922af36de327)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On an aarch64 build host, vendor is found to be "unknown", on x86 systems
it is "pc". This filters through to the PLATFORM tag in target rpms.
We saw reproducibility test failures where the PLATFORM tags in noarch
rpms were changing depending upon which host built them. Forcing the
vendor value to a consistent one makes things deterministic.
(From OE-Core rev: b7dfe230b9b40145f43fa0bd42be82ae41a3ef3e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f6434075b2bdfc23c683d22281b674b1e6abde77)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a fix for reproducibility issues where pyc files for python-config.py
may not always be generated.
(From OE-Core rev: 917f800368c6d452670d3ccf74057afae98013b0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d1c3a87c48b598b6e5624d0affe8bd89320631bf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The hostname removal from the script is useful to make libtool-cross
reproduce. Apply the patch everywhere as it doesn't cause any issues.
(From OE-Core rev: f1cc4b8d7503331f04d3f217ae67d0fd4cc483c5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3c61c6f20187154d677085fc9ccdcd762d4cdf3a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If lto is enabled, we need the prefix-map variables to be passed to the linker.
Add these to the list of options libtool passes through.
(From OE-Core rev: 3dcc84e37ce7e94e746304ee2a4437251af0ae41)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c26d2c00b47df856fb2d9c35486b135094d46ac)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since commit [df313aa810 pseudo: Fix to work with glibc 2.34
systems] applied, it fixed native only. And nativesdk has
the similar issue
Tweak library search order, make prebuilt lib ahead of recipe lib,
after apply the fix:
...
$ readelf -a lib/pseudo/lib64/libpseudo.so | grep 'Shared library'
0x0000000000000001 (NEEDED) Shared library: [libdl.so.2]
0x0000000000000001 (NEEDED) Shared library:[libpthread.so.0]
0x0000000000000001 (NEEDED) Shared library: [libc.so.6]
...
(From OE-Core rev: b7d269c84838f646b2915e7ff66d81db0bc16b9e)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d6d116b5db78645958ea30be3d0572e0f6d7bd92)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pull in the following changes:
* ports/linux/guts: Add closefrom support for glibc 2.34
* pseudo_client: Make msg static in pseudo_op_client
* ports/linux/guts: Add close_range wrapper for glibc 2.34
* pseudo_client: Do not pass null argument to pseudo_diag()
* test-openat: Consider device as well as inode number
* test: Add missing test-statx test case
* fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ
(From OE-Core rev: 63afcafef78f3d3b95c0d0c9746f9d627b6291c3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 71b549924a7fa7973a8e03e11f3db45fdc29889d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The merge of libdl into libc in glibc 2.34 causes problems for pseudo. Add a fix
that works around this issue.
(From OE-Core rev: 449bb53b3ebfc838ba674c1c3a39407620103c8d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd3e46a043c81cd4d81731a0f691868d3c059742)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Building GCC with multiple make jobs appears to trigger a race condition. The build fails with:
/bin/bash: TOPDIR/tmp/work/x86_64-linux/gcc-cross-i686/9.3.0-r0/gcc-9.3.0/build.x86_64-linux.i686-poky-linux/./gcc/xgcc: No such file or directory
(From OE-Core rev: 5690d18bb6a9a61a81ccd0bc28d1ace4181d1921)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-fix-up-check-for-hardlinks-always-false-if-inode-0xF.patch
removed since it is included in 1.45.7
(From OE-Core rev: d4ec2802306b901d00bc88ea1452c21c00d0914f)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f51835e022731d1c0e8e18209e48f1a718048977)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop backports, and also 0001-misc-create_inode.c-set-dir-s-mode-correctly.patch
as upstream code has been refactored.
(From OE-Core rev: 53947537ed5ab5f9fd213a6fb4295740b5a2ca6b)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit da9fec8592db913d13af3a936ab518e93496be3e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-rpm-rpmio.c-restrict-virtual-memory-usage-if-limit-s.patch changed
to avoid critical issues
Handled return values of getrlimit() and lzma_cputhreads() functions
to avoid unexpected behaviours like devide by zero and potential read
of uninitialized variable 'virtual_memory'
Upstream-Status: Pending [merge of multithreading patches to upstream]
(From OE-Core rev: ad080aadbc409c99511d602e0531952b96c06bbf)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5aae9c2cb464350bc443a0f60fd6602942e61f46)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE is effectively disputed - yes there is stack exhaustion but no bug and it
is building the parser, not running it, effectively similar to a compiler ICE.
Upstream no plans to address and there is no security issue.
https://github.com/westes/flex/issues/414
(From OE-Core rev: b939b005b06be58a276d565f755ee2d8f3e5dfc1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adding fix for CVE-2021-20266
Upstream-Status: Backport [9646711891]
Note: Hunk#2 and Hunk#3 refreshed to apply patch and match value of
dl_max variable to make it with current version
All Hunks are refreshed to solve patch-fuzz
(From OE-Core rev: 6c16aad7167eb98bc9995486f967431c39f9df15)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
