Removes CVE-2022-46456 from reports.
(From OE-Core rev: 4a5b6e8dd315b2281afb232410db585d431be00f)
(From OE-Core rev: 5b330f3dfe7a37eff5251d2c29d324e90677b33c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This CVE is fixed in v8.2.2 with v8.2.1-55-g480a6adc83
480a6adc83
(From OE-Core rev: 422fc84ddbe46580dc6d647eff62c4dbc8551e63)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There is a need to enable some extra tools from the rust for the build
and so this new variable will help for that
This varaible then we can use during do_configure task to add overall
values as per json format in build -> tools
(From OE-Core rev: 136a25567499191b23a4d000a06bf83a473224ca)
Signed-off-by: Ranjitsinh Rathod <ranjitsinh.rathod@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Update to a new revision which includes "Bugfix for Linux open(O_CREAT|O_EXCL)"
(From OE-Core rev: 97410e90f7233e5c9ce38eea0fa99b76160ffce9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 92a9710ec88c8729fa3d83baa2e63dd74d95cdf8)
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
glibc 2.40 renames some internal header variables. Update our hack to
work with the new version. These kinds of problems illustrate we need to
address the issue properly.
(From OE-Core rev: 1d5903bf749436d9b26df858041337b723614963)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 35021d650de3eecc3f42000181b39a5db5a8eaa0)
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This includes fix for: CVE-2024-26327, CVE-2024-26328 and CVE-2024-3447
General changelog for 8.2: https://wiki.qemu.org/ChangeLog/8.2
Droped 0001-linux-user-x86_64-Handle-the-vsyscall-page-in-open_s.patch,
CVE-2024-3446 and CVE-2024-3567 since already contained the fix.
(From OE-Core rev: 1a6d502c04fad0d190bb665e9d454b85c0853fcc)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These recipes come from rust sources and CVEs are reported for them
under rust-lang:rust vendor:product touple.
Especially libstd-rs needs correct CVE_PRODUCT as is it installed on
target devices (being statically linked to rust compiled binaries).
before:
cargo: CVE_PRODUCT="cargo"
cargo-c-native: CVE_PRODUCT="cargo-c"
libstd-rs: CVE_PRODUCT="libstd-rs"
rust: CVE_PRODUCT="rust"
rust-cross-canadian: CVE_PRODUCT="rust-cross-canadian-<arch>"
rust-llvm: CVE_PRODUCT="rust-llvm"
after:
cargo: CVE_PRODUCT="cargo"
cargo-c-native: CVE_PRODUCT="cargo-c"
libstd-rs: CVE_PRODUCT="rust"
rust: CVE_PRODUCT="rust"
rust-cross-canadian-x86-64: CVE_PRODUCT="rust"
rust-llvm: CVE_PRODUCT="rust-llvm"
Product for rust-llvm is uncertain and, should be handled in another
commit if it is desired to align it, too.
sqlite> select vendor, product, count(product) from products where vendor="rust-lang" group by product;
rust-lang|async-h1|2
rust-lang|cargo|5
rust-lang|future-utils|2
rust-lang|futures-task|2
rust-lang|mdbook|1
rust-lang|regex|2
rust-lang|rsa|2
rust-lang|rust|45
rust-lang|socket2|1
(From OE-Core rev: 91bfe1f64ee3e2b8534baa8a3eb2fb7fa3521657)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e8cf1df16a6ec2785cacaf608bec5cd8496103af)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
python3-ctypes was dropped as a dependency in v19.2.0
(From OE-Core rev: 48c43d2ff467c067d1518dc55d8d6da39bea159a)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d06116caf2382ad4782b9b2da50534d076a736d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The patch is specific to how oe-core runs autotools-generated tests:
by cherry-picking needed bits from builddir and srcdir, then hacking
Makefile with sed until it runs.
As GNU is not interested in installable tests, they wouldn't be
interested in this patch either; and if they become interested,
it's probably going to be done in a whole different way.
(From OE-Core rev: c7a8632469913638070878022bffac5588201006)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd13c29bee330d381e1e574351348e526500e396)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This test is causing problems on the Autobuilder, so disable it for now.
(From OE-Core rev: 9eafd0c56b279a7c3025b0dcd00745baead15bb6)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ac000b00ec615b3e51dda8d819015d5e7110ed88)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
These tests are causing hangs on the Autobuilder, so disable them for
now.
(From OE-Core rev: 141c348ce83552beae88e115d9c4db5802c6e0f4)
Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 291f37808f1a2b2fdc8190696867f974994457c0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
License-Update: Updated copyright year
Changelog:
==========
* Fix issue where specially crafted inputs to encode() could take exceptionally
long amount of time to process. [CVE-2024-3651]
(From OE-Core rev: b6f8938c8048d08e29233fa29f5104b044353cf7)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The current mmc-utils git URL still (for now?) redirects to the URL in
this patch, but the homepage doesn't, so let's just migrate both to the
new URL.
(From OE-Core rev: 03b1b0798e6eda991f78ada80d4c2846034ea0ff)
Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 59870f6d87bb516d74081fde1c670e4838e6e134)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Below commits on binutils-2.42 stable branch are updated.
29ae8b8ea71 x86-64: Skip -z mark-plt tests on MUSL
92cc764e58f hppa: Fix handling of relocations that apply to data
c439c1e1f56 elf: Add glibc version dependency only if needed
68ae8e2a849 ld: pass -g for ld-elf tests
a1e3cb45c67 aarch64: Enable +cssc for armv8.9-a
(From OE-Core rev: f5a56716b40bb8911e5bb31d5dc49b434e733a9a)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
- refresh patches with devtool
Upgrade to latest 1.22.x release [1]:
$ git --no-pager log --oneline go1.22.4..go1.22.5
8e1fdea831 (tag: go1.22.5, origin/release-branch.go1.22) [release-branch.go1.22] go1.22.5
c2d4f852ce [release-branch.go1.22] cmd/link: handle dynamic import variables on Darwin in plugin mode
3222951439 [release-branch.go1.22] net/http: send body or close connection on expect-100-continue requests
ceaf26ecce [release-branch.go1.22] cmd/compile: mark pointer to noalg type as noalg
dfe4dbf8c0 [release-branch.go1.22] os/exec: on Windows look for extensions in Run if not already done
3560cf0afb [release-branch.go1.22] runtime: always update stack bounds on cgocallback
5159a7193a [release-branch.go1.22] cmd/compile: put constants before variables in initialization order
11b861e459 [release-branch.go1.22] go/types, types2: report error for floating-point iteration variable
81fc616267 [release-branch.go1.22] crypto/tls: don't call tlsrsakex.IncNonDefault with FIPS
14f0251867 [release-branch.go1.22] cmd/cgo/internal/swig: force use of lld for LTO tests on the builders
ab60a7bc18 [release-branch.go1.22] cmd/cgo/internal/testsanitizers: make the libfuzzer tests all short
4c97e883b5 [release-branch.go1.22] cmd/link: put runtime.end in the last section of data segment
179ccb7042 [release-branch.go1.22] cmd/go: fix go list -u -m all with too new retractions dependency
fe9b3c3399 [release-branch.go1.22] net: add GODEBUG=netedns0=0 to disable sending EDNS0 header
b515c5208b [release-branch.go1.22] go/internal/gccgoimporter: recognize "any" as a builtin type
[1] https://github.com/golang/go/compare/go1.22.4...go1.22.5
(From OE-Core rev: 8786cb9cdda93545315f79927f933a261ed3cb31)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0a1d4a42282bd9f0bdc8dd53c7865aa81d4a5821)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Mitigate occurrences where ':append' operator is used and leading
whitespace character is obviously missing, risking inadvertent
string concatenation.
(From OE-Core rev: 314041fd126a4800a5a5d9fcd84c525319479256)
(From OE-Core rev: eb06788f3abef4af727da7399e7e97830b2f7c8c)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0b6ca9beef)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
As with a previous change to the class[1], the "pkgconfig" entry is now
deprecated and "pkg-config" should be used instead.
[1] oe-core d64b307891422e290bbe821d4303b3af526bbe17
(From OE-Core rev: 14ee7a2310b5d3da5e7af442454f7957c6c090b7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3e441544f1aa7258718a1cadd6836d9cd9dc65ab)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changelog:
==========
- Fixes issues where LLVM is either generating the incorrect thunk for a
function with aligned parameters or didn't correctly pass through the
return value when StructRet was used.
- -Xclang -target-feature -Xclang +unaligned-scalar-mem can be used to enable
unaligned scalar memory accesses for CPUs that do not support unaligned
vector accesses. -mno-strict-align will enable unaligned scalar and vector
memory accesses.
- Don't replace an aliasee with an alias that has weak linkage. This avoids
incorrect linkage that can lead to using the wrong symbols during linking time.
- This patch fixes build failures when compiling AVX512 code using
-march=native on machines without AVX512.
- Fixes crash in AArch64 backend when having true or false as operand for a
fcmp instruction on IR level.
- Fixes compiler crash when user specifies -mno-evex512 with AVX512 features
but no AVX512VL.
- Fixes a bug that tries to do VBROADCAST_LOAD for f16 without AVX2.
(From OE-Core rev: 941474ed77f6f5397ff4f83a4e4dae1c3b9103d3)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3cd5c40f5736506b2cfc23b180fa915b01d8220c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
With --force-overwrite (implied by --force-all), dpkg will not abort
when a package overwrites files from different packages. As this can
also lead to "The following package disappeared from your system as
all files have been overwritten by other packages: <package>" and
subsequently broken dependencies, this makes the simple case of
conflicting files hard to debug.
Instead of finding all possibly required force options, only disable
overwrite for now.
(From OE-Core rev: 30cc69f094729e3d11dc6021daf77f5038c4de61)
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Take back from https://git.openembedded.org/openembedded-core/commit/?id=4292387ef6c4e80428bad6a07c844a288b27d9a1
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This was a bugfix release, this version fixed several important fixes
according to upstream.
Dropped CVE-2023-6683.patch since already contained the fix.
(From OE-Core rev: f548a3a24f3fc26b09e2fcc8544065beb5293f91)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Python 2.7 support was dropped in version 22.0.0
python3-six was dropped as a dependency in 22.0.0
(From OE-Core rev: d7ad0495c543ec952817860595c047e5e4263978)
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6eab37a0cdcc6071f79aa5c8198df0b2ba23dd7a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Python 2.7 support was dropped in version 3.2.0 and
python3-six dependency was subsequently dropped in version 3.2.1
(From OE-Core rev: 214d41b73d235176123fd78143747845aa9c951e)
Signed-off-by: Guðni Már Gilbert <gudnimar@noxmedical.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 50757cc95b3062f11a7455af33e7a7e74ea1d0f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2to3 module was dropped as a dependency in setuptools 58.0
(From OE-Core rev: 0d5cd1d867a826cf83fcaee3e8390b9defec47d1)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Drop the following dependencies from RDEPENDS:
- python3-ndg-httpsclient
- python3-pyasn1
- python3-pyopenssl
Add a missing dependency into RDEPENDS:
- python3-certifi
Additional fix HOMEPAGE, the old link doesn't work
(From OE-Core rev: 3d9072c346bf7bdeecd6197df8b14e39399bdabd)
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Switch to use flit core since upstream changed.
They also changed the capitalisation under pypi.
The license didn't change but the file was renamed, probably as it wasn't
rst.
(From OE-Core rev: ac35432687624ad58ff6586446e5e73710658a68)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e352680528b18c3cdae26233bef7cddc2771d42d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
The configure script has many fragments that fail to compile with GCC 14,
take a patch submitted upstream to fix these issues.
(From OE-Core rev: 5c6630e61ad85a4bf9eecd94005e14f0e34df463)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5c21ca789c288662aa3d307b30813cd03cc8c158)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bootstrap [1]
As mentioned in the Go 1.20 release notes, Go 1.22 now requires the final point release of Go 1.20 or later for bootstrap.
We expect that Go 1.24 will require the final point release of Go 1.22 or later for bootstrap.
The default recipe for bootstrap is the go-binary-native as can be seen in:
meta/conf/distro/include/tcmode-default.inc:68:PREFERRED_PROVIDER_go-native ?= "go-binary-native"
Currently if we change it to use the old go-native and compile the go1.4-bootstrap-20170531
it fails:
| Building Go cmd/dist using /build/workdir/tmp-glibc/work/x86_64-linux/go-native/1.22.3-r0/go1.4/go. (go1.4-bootstrap-20170531 linux/amd64)
| can't load package: package ./cmd/dist: found packages build.go (main) and notgo120.go (building_Go_requires_Go_1_20_6_or_later) in /build/workdir/tmp-glibc/work/x86_64-linux/go-native/1.22.3-r0/go/src/cmd/dist
This has been broken for some time but as we used go-binary-native by default it went unnoticed.
[1] https://go.dev/doc/go1.22#bootstrap
(From OE-Core rev: f350f5b6302fc226e477d5283e4a9722a11d4170)
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 876d344d2ec3d6ce283d01974146392d76685824)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Fixes:
http://errors.yoctoproject.org/Errors/Details/770525/
| checking whether the C compiler (gcc -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe ) works... no
| configure: error: installation or configuration problem: C compiler cannot create executables.
| RULES/rules.cnf:70: incs/amd-ryzen-threadripper-3970x-32-core-processor-linux-cc/rules.cnf: No such file or directory
| make: *** [RULES/rules.cnf:59: incs/amd-ryzen-threadripper-3970x-32-core-processor-linux-cc/rules.cnf] Error 1
| make: *** Waiting for unfinished jobs....
where config.log show it's caused by gcc-14:
configure:1189: checking whether the C compiler (gcc -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe ) works
configure:1211: gcc -o conftest -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe -D_GNU_SOURCE conftest.c 1>&5
configure:1208:1: error: return type defaults to 'int' [-Wimplicit-int]
configure: failed program was:
main(){return(0);}
(From OE-Core rev: 2297334257e102f33a6ef8c116896e159d35e1b6)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 094273bd7d1768e14fbdcd2f239bee14c630a625)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Add a patch to fix do_configure with GCC 14.
Disable building cdda2wav because it doesn't build with GCC 14.
(From OE-Core rev: 748d5f637f5aff3bc110b156cc3cb8e008f284c9)
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0fbe1766abb00edeb8ec9a0c8bdb4e723be4f352)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
ERROR: gcc-runtime-14.1.0-r0 do_package: QA Issue: gcc-runtime: Files/directories were installed but not shipped in any package:
/usr/share/info
/usr/share/info/libgomp.info-2
/usr/share/info/libgomp.info-1
(From OE-Core rev: 276ca15f21321dd406b30acd87d64237f707d615)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4f73ddd6c276dcd579d2113db1974d446dbf7751)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
There's every indication that this is an ex-expect:
last release in 2018, stale tickets, cvs server gone.
(From OE-Core rev: 84a8ed08e474427bf4a6b3a0026807a1bcabd417)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0fcfd2cb51428a3f35c0f78634bff0a16ae654e9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Code backported from binutils development tree.
aarch64: Remove asserts from operand qualifier decoders [PR31595]
Given that the disassembler should never abort when decoding
(potentially random) data, assertion statements in the
`get_*reg_qualifier_from_value' function family prove problematic.
...
(From OE-Core rev: 3b070fc3963d04ce8c13b5b78c3b7ae95e26c435)
Signed-off-by: Mark Hatle <mark.hatle@amd.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00f3d8495a1d8fe44336b53c5a9d9a5f8a8d5664)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This warning is because after systemd has been upgraded to 255, reloading units operation is needed even when "enable/disable" units by systemctl.
(From OE-Core rev: 28a7064403f2433ef3cb4d52b03dd73437f2d665)
(From OE-Core rev: bdad9d3df6e9e4834803a60af24c072b39d5cbf8)
Signed-off-by: Lei Maohui <leimaohui@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
