CVE-2014-8271 has an unusual versioning, svn_16280, which breaks
the version comparison and gives us warning like below:
Failed to compare 202308 < svn_16280 for CVE-2014-8271
The fix has been there since 2014, our current version has included
the fix.
(From OE-Core rev: fdd74b3f3e3a8a07a6107e6ef07198ebe63d2bc8)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
qemumips and qemuppc were leaving stale processes behind after
running glibc oe-selftest. During analysis, it was found that
it was due to "tst-scm_rights" and "tst-scm_rights-time64" tests.
Disable them so that there are no stale processes left behind.
[YOCTO #15423]
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15423
(From OE-Core rev: b3f7b19b6d21368bac00a33ea208cc0379ce4543)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This avoids problems if BSD-4-Clause is in INCOMPATIBLE_LICENSE since
util-linux-fcntl-lock is now a dependency of run-postinsts.
(From OE-Core rev: c2c7e1624e8080fb8fa1f14d252f20e85b232eb7)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
DISTRO_FEATURE zeroconf installs avahi. If additionally resolved mdns
implementation is running they will fight each other:
Mar 29 13:31:51 intel-corei7-64 avahi-daemon[752]: *** WARNING: Detected another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
Mar 29 13:31:51 intel-corei7-64 avahi-daemon[752]: *** WARNING: Detected another IPv6 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
(From OE-Core rev: 8509edeafea8e62e1b9ffe76b33999447f739b20)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These patches are submitted/backported to 8.2 release
and address issues reported by different distros.
(From OE-Core rev: c74048f5ff2e90b06c7a6d5866db4b94a6f1539d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a version of flock that uses the fnctl based lockf locking instead of
flock based locks. This allows us to take the same lock that opkg would
use from a shell script. The two different locking mechanisms operate
independently of each other.
Inserting this C file into the util-linux build seems like the easiest/best
place to insert the code. At this point it hasn't been discussed with upstream.
(From OE-Core rev: d2b784110e2c3df8a0a41e4819cf2de9003f9fa3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The MIT license was missing from the license list for util-linux. Add
a patch, submitted to upstream which adds the missing license mentions.
(From OE-Core rev: 24078c0542626f74c93203d17ab4b2bb2f9b5630)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The /timeout/rounding test is sensitive to system load, as it expects
timeouts to trigger in windows that on an idle system are realistic but
not when running inside a qemu-system on a loaded system.
[ YOCTO #14464 ]
(From OE-Core rev: 684ac8005aef8ab26e61e6e7535e19c9974972d3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The upstream maintainer for Error has deprecated it for quite some time [1].
There is no dependency in current coreutils tests for it.
[YOCTO #15461]
[1] https://metacpan.org/pod/Error#WARNING
Using the "Error" module is no longer recommended due to the black-magical
nature of its syntactic sugar, which often tends to break. Its maintainers
have stopped actively writing code that uses it, and discourage people from
doing so.
(From OE-Core rev: 16c8c8de3303805695f58e241245aafa61b3c772)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
despite it being an issue in gcc and still being open
glibc has fixed this problem upstream regardless, therefore
apply the backport instead.
(From OE-Core rev: a6200d18c6a1438e39d44b391f8d0e343f8fdc1a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some BSPs only provide information to construct a
predictable network interface named based on a mac
address, so we enable that NamePolicy option.
This policy has been adopted for sysvinit as of
commit 4a7b42fcf6981d3120c08091a7ed3d4d7bcd41f0.
(From OE-Core rev: 37bd8e8dddce9d0b5bfbcf9244225c3b853d7077)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Brings
* 1b9c1a0047 Use gcc __builtin_stdc_* builtins in stdbit.h if possible
* e0910f1d32 S390: Do not clobber r7 in clone [BZ #31402]
* d0724994de math: Update mips64 ulps
(From OE-Core rev: b2274aa08fda1734af840aca05c7c7ce464d8775)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes a fix for CVE-2024-28757.
(From OE-Core rev: e3d26fe076499c8a01e02c9951696c3a9ea05fa3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
(From OE-Core rev: f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When a CVE is created, it often has no precise version information and
this is stored as "-" (matching any version). After an update, version
information is added. The previous "-" must be removed, otherwise, the
CVE is still "Unpatched" for cve-check.
(From OE-Core rev: 641ae3f36e09af9932dc33043a0a5fbfce62122e)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a URL to the doc of the API used in the function.
... and fix a small typo dabase -> database
(From OE-Core rev: e0157b3b81333a24abd31dbb23a6abebca3e7ba7)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE_CHECK_DB_FILE is already defined in cve-check.bbclass which is
always inherited in cve-update-nvd2-native (There is a check line 40).
Remove it to avoid confusion. Otherwise, this should not change
anything.
(From OE-Core rev: e5f3f223885c17b7007c310273fc7c80b90a4105)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to
specify the maximum age of the database for doing an incremental update
For older databases, a full re-download is done.
With a value of "0", this forces a full-redownload.
(From OE-Core rev: 74c1765111b6610348eae4b7e41d7045ce58ef86)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
da9db878a1 systemd: fix dead link /var/log/README
add -Dcreate-log-dirs=false which means journal dir
will not be generated regardless of VOLATILE_LOG_DIR value
if a distro decided to set VOLATILE_LOG_DIR=no this
code path will be executes and the directory being operated
upon wont exist ending in do_install errors
chown: cannot access '/mnt/b/yoe/master/build/tmp/work/riscv64-yoe-linux/systemd/255.4/image/var/log/journal': No such file or directory
(From OE-Core rev: e017f405bf6ae6c269a8c9c981878fd1ad8666b6)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd-bus-proxy was removed since v230.
>From the NEWS file:
"""
* systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
merged into the kernel in its current form.
"""
(From OE-Core rev: e99003b244507d8586b1f878765aa4a546a767ef)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With NO_RECOMMENDATIONS set to "1", systemd-vonsole-setup.service
will fail because it invokes /usr/bin/loadkeys, which is from kbd.
The RRECOMMENDATION should be changed to RDEPENDS, because it's not
a recommenation, instead it's necessary.
(From OE-Core rev: 6126d2dfab3f6bafe23d4dce805110784d23acb1)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are 2 issues here:
First, in package systemd, there is a file /usr/lib/tmpfile.d/legacy.conf,
which will create a symlink to /usr/share/doc/systemd/README.logs during
boot time. But for oe, /usr/share/doc/systemd/README.logs is packaged in
systemd-doc, which will make /var/log/README is dead link.
Second, the symlink /var/log/README in legacy.conf use relative path:
"L /var/log/README - - - - ../../usr/share/doc/systemd/README.logs"
But for oe, when VOLATILE_LOG_DIR is true, /var/log is a link to
/var/volatile/log, so /var/log/README need link to
../../../usr/share/doc/systemd/README.logs, while VOLATILE_LOG_DIR is
false, /var/log is a dir, so /var/log/README need link to
../../usr/share/doc/systemd/README.logs. So current symlink in
legacy.conf will also make it a dead link when VOLATILE_LOG_DIR is true.
Turn off CREATE_LOG_DIRS to avoid these issues.
(From OE-Core rev: 18d46e11d85da1f6feaba5a135931e43060024d6)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: hash.c is rewritten and no longer carries a special copyright notice, but dict.c still does
(Copyright file updated to reflect that)
(From OE-Core rev: a14769d40bee751ac1dcd536789e8e346046e141)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: copyright years
(From OE-Core rev: 6a0cb6e129d5602808f34fd2a9460fc05d9520d6)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bmaptool (previously: bmap-tools, bmap-tool, bmaptool) has been moved
to be under the Yocto Project umbrella and is now hosted at:
github.com/yoctoproject/bmaptool
[RP: Added a couple of missing renames]
(From OE-Core rev: 7a036b1a1ec7dcd27dbe18d4c2e703bd2a8af182)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ChangeLog:
(https://github.com/libexpat/libexpat/blob/R_2_6_1/expat/Changes)
Bug fixes:
#817 Make tests independent of CPU speed, and thus more robust
#828#836 Expose billion laughs API with XML_DTD defined and
XML_GE undefined, regression from 2.6.0
Other changes:
#829 Hide test-only code behind new internal macro
#833 Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P
#819 Address compiler warnings
#832#834 Version info bumped from 10:0:9 (libexpat*.so.1.9.0)
to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/
for what these numbers do
Infrastructure:
#818 CI: Adapt to breaking changes in clang-format
(From OE-Core rev: 1808a9e60d587c705218a3328716cd24a5228dc6)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* to fix build on hosts with python-3.12, now it fails with:
Traceback (most recent call last):
File "recipe-sysroot-native/usr/bin/gdbus-codegen", line 53, in <module>
from codegen import codegen_main
File "recipe-sysroot-native/usr/share/glib-2.0/codegen/codegen_main.py", line 29, in <module>
from . import dbustypes
File "recipe-sysroot-native/usr/share/glib-2.0/codegen/dbustypes.py", line 22, in <module>
from . import utils
File "recipe-sysroot-native/usr/share/glib-2.0/codegen/utils.py", line 22, in <module>
import distutils.version
ModuleNotFoundError: No module named 'distutils'
CMake Error at CMakeLists.txt:90 (message):
Error in generating code for connman interface using gdbus-codegen
(From OE-Core rev: 258cb46f93af3249fb554a679af6222174bd2e95)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Until now, ${datadir}/locale/locale.alias file were automatically added
to a weird glibc-locale-locale.alias package by split_locales() during
do_package task.
Create an explicit package name in recipe for this file.
(From OE-Core rev: 405c5b6f04b531c968d0f8348c2dafe363011898)
Signed-off-by: Jonathan GUILLOT <jonathan@joggee.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libvirt has added a feature that all sockets for a service being enabled when a single
one of them is enabled since 9.9.x[1], it likes serviceA enable serviceB, serviceB enable
serviceA, that cause our systemctl script trap into a dead loop in postinstall stage,
the error message as below:
Traceback (most recent call last):
File "/usr/lib/python3.8/pathlib.py", line 722, in __str__
return self._str
AttributeError: _str
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "recipe-sysroot-native/usr/bin/systemctl", line 255, in enable
SystemdUnit(self.root, also).enable(unit)
File "recipe-sysroot-native/usr/bin/systemctl", line 255, in enable
SystemdUnit(self.root, also).enable(unit)
File "recipe-sysroot-native/usr/bin/systemctl", line 255, in enable
SystemdUnit(self.root, also).enable(unit)
[Previous line repeated 988 more times]
......
RecursionError: maximum recursion depth exceeded while calling a Python object
Here using an array to record the services which has been enabled to filter the duplicates.
Ref:
[1] 826931e95a
(From OE-Core rev: 4c45f975310184a773b25b8e7d7ef50fba2f7bd6)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
So far it was assumed that it was detected ok for target recipe but
actually it ends up with warnings and build moves on, however with
gcc-14 these warnings are treated as errors and we see the problem even
with target recipes.
(From OE-Core rev: da381fb3d9dcd0e66bc3b48bdfde95cd29f0c654)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was a report that enabling assertions and all tests results in
notices in log.do_configure:
NOTE: building with unit tests increases the size of the installed library and renders it insecure.
NOTE: building with assertions increases library size and decreases performance.
This was overlooked when dbus and dbus-tests recipes were merged;
enabling all tests and assertions still requires a special, separate
build of dbus. If those tests are useful this could be revisited.
Until then, we should use productions settings for the main recipe.
Buildhistory-diff:
packages/core2-64-poky-linux/dbus/dbus-dbg: PKGSIZE changed from 9958176 to 8627824 (-13%)
packages/core2-64-poky-linux/dbus/dbus-lib: PKGSIZE changed from 544347 to 346339 (-36%)
packages/core2-64-poky-linux/dbus/dbus-ptest: PKGSIZE changed from 3524983 to 3116951 (-12%)
packages/core2-64-poky-linux/dbus/dbus-ptest: FILELIST: removed "/usr/share/installed-tests/dbus/test-dbus-launch-eval.sh_with_config.test /usr/share/installed-tests/dbus/test-counter_with_config.test /usr/libexec/installed-tests/dbus/test-dbus-launch-eval.sh /usr/libexec/installed-tests/dbus/test-dbus-launch-x11.sh /usr/share/installed-tests/dbus/test-counter.test /usr/libexec/installed-tests/dbus/test-counter /usr/share/installed-tests/dbus/test-dbus-launch-x11.sh.test /usr/share/installed-tests/dbus/test-dbus-launch-x11.sh_with_config.test /usr/share/installed-tests/dbus/test-dbus-launch-eval.sh.test"
packages/core2-64-poky-linux/dbus/dbus: PKGSIZE changed from 510939 to 350331 (-31%)
(From OE-Core rev: 054ce01ae84eb10e055a41ec8dd85ebce9ea23c8)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ver 0.62:
Add support for cleanup functions and macros.
Add support for setting DHCP max attempts.
(From OE-Core rev: ae84d13b6c4f33a56cc36715a118a9f938ceb2c4)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Renaming the 'rootrw' kernel commandline parameter to
'overlayrootrwdev' to both align better with this modules name, and
point out the usage of the variable.
This patch also includes an if block to migrate the old 'rootrw'
block, should it be already used by someone.
(From OE-Core rev: a52b7f5c8ff3e50707b55843d9996983ab8efae2)
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The initramfs-framwork takes kernel commandline options and converts
them for internal use to variables following the 'bootparam_name'
pattern. The overlayroot module uses 'bootparam_rootfstype' and
'bootparam_rootfsflags' which both collide with linux kernel
parameters 'rootfstype' and 'rootfsflags'. This collision is solved
by putting the variables in the namespace of the initramfs-framework
module.
(From OE-Core rev: ef20ef719c699b94fc52b81c520faa0b3714efeb)
Signed-off-by: Johannes Schneider <johannes.schneider@leica-geosystems.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Description: In case of two or more consoles are in inittab,
and not specified tty device for first one, some keys works improperly,
ex: arrows, backspace, pgup/pgdown; The patch is fixes this issue.
(From OE-Core rev: 7eea4ef84d74e618fb00fa73c773acdf775d052a)
Signed-off-by: Aleksey Smirnov <aleksey.smirnov@yadro.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>