summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* oeqa/selftest/tinfoil: Improve tinfoil event test debuggingRichard Purdie2022-03-231-2/+2
| | | | | | | | | | | | | | | | | | We still see occasional test failures for unknown reasons. Add some debugging to show whether the matching files event was received even if the command complete wasn't. Also ensure any commandfailed/commandexit event is shown. This will hopefully aid debugging the next time the issue occurs. (From OE-Core rev: 71015408c60ddf2e9af00cc8574815971e1b689d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2f7a788bb51ef09ee23c94176285437ea760fab7) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/runtime/ping: Improve failure message to include more detailRichard Purdie2022-03-232-9/+13
| | | | | | | | | | | | | When the ping test fails due to a timeout we only get limited debug information. Tweak the code to improve that in case it sheds any light on intermittent failures. (From OE-Core rev: df98e96c7a1601798caf7f4882b09406a4fdacd6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d81704057950e1970ef7f673fa771834fd2b3f1e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3targetconfig: Use for nativesdk tooRichard Purdie2022-03-231-0/+12
| | | | | | | | | | | | nativesdk is a cross compiled target and therefore should use the target config, not the native one. Copy the target entries accordingly. (From OE-Core rev: e997487c0068bfe4017fc98c4fa5b51f660a1b4e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b1b5fec350b390fa7f2d26966df1411b032faf87) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mobile-broadband-provider-info: upgrade 20210805 -> 20220315Changhyeok Bae2022-03-231-3/+4
| | | | | | | | | | (From OE-Core rev: 9e3758114cbc74d820c5904b81b011e5c4a1715b) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ed02ee8f20094f598448d58875cb7be8a24a019f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mobile-broadband-provider-info: upgrade 20201225 -> 20210805Alexander Kanavin2022-03-231-2/+2
| | | | | | | | | | (From OE-Core rev: b60558f44d0145c0d68a78b3eabe483cb016700f) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 93a335993ce592a8ee34fc9a490e327f2775e03f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-firmware: upgrade 20220209 -> 20220310wangmy2022-03-231-3/+3
| | | | | | | | | | | | | | | License-Update: year updated to 2022 Version of some driver files updated Added files for some drivers (From OE-Core rev: ca8fa031e79b6893b4b2a9f906134e6ef4fe2b0e) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit be1b1d204c89035c54a626db46c5054e553b82c2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: upgrade 3.8.12 -> 3.8.13Tim Orling2022-03-232-22/+26
| | | | | | | | | | | | | | | | | | | | Security and bug fixes (including upgrades for security and bug fixes to bundled components). For changes see: https://docs.python.org/release/3.8.13/whatsnew/changelog.html#python-3-8-13-final CVE: CVE-2022-26488 License-Update: Add 2022 to copyright years * Update bpo-36852 patch to apply after change in 3.8.13 (From OE-Core rev: bcad36b6d34b3176dc313ed6af99897cc442bf2b) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade 1.1.1l -> 1.1.1nOvidiu Panait2022-03-232-147/+2
| | | | | | | | | | | | | | | | | | | | | | | | Upgrade openssl 1.1.1l -> 1.1.1n to fix CVE-2022-0778: https://nvd.nist.gov/vuln/detail/CVE-2022-0778 https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=3118eb64934499d93db3230748a452351d1d9a65 This also fixes an evp_extra_test ptest failure introduced by openssl-1.1.1m: """ not ok 19 - test_signatures_with_engine ERROR: (ptr) 'e = ENGINE_by_id(engine_id) != NULL' failed @ ../openssl-1.1.1m/test/evp_extra_test.c:1890 0x0 not ok 20 - test_cipher_with_engine <snip> """ The ptest change is already present in Yocto master since oe-core commit 5cd40648b0ba ("openssl: upgrade to 3.0.1"). (From OE-Core rev: 4d33b7ce0c50af81a01014a7d7d37c93a041a28d) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: fix CVE-2021-3658Minjae Kim2022-03-232-0/+96
| | | | | | | | | | | | adapter incorrectly restores Discoverable state after powered down Upstream-Status: Backport [https://github.com/bluez/bluez/commit/b497b5942a8beb8f89ca1c359c54ad67ec843055] CVE: CVE-2021-3658 (From OE-Core rev: 12669ab256a3ffbcb4bcbaba1bc9c690920d32b1) Signed-off-by:Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: backport fix for CVE-2020-13253Davide Gardenal2022-03-236-0/+446
| | | | | | | | | | | | | | | | Backport commits from the following MR: https://git.qemu.org/?p=qemu.git;a=commit;h=3a9163af4e3dd61795a35d47b702e302f98f81d6 Two other commits have been backported in order to be able to correctly apply the patches. CVE: CVE-2020-13253 (From OE-Core rev: b258b0deccde2d8fd2c4372dd0f376c7b95945f5) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* re2c: backport fix for CVE-2018-21232Davide Gardenal2022-03-235-1/+917
| | | | | | | | | | | | | Backport commits from the following issue: https://github.com/skvadrik/re2c/issues/219 CVE: CVE-2018-21232 (From OE-Core rev: 8c5ee47d446b36d6832acc8452687f50101f3e65) Signed-off-by: Davide Gardenal <davide.gardenal@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: move to gitlab.gnome.orgRalph Siemsen2022-03-231-5/+5
| | | | | | | | | | | | | | | | | | The project has migrated from www.xmlsoft.org to gitlab.gnome.org. Update the homepage accordingly, and use gnomebase to construct the download URL, rather than including it in SRC_URI explicitly. Note that the download is now in .xz format rather than .gz, so the sha256sum is updated accordingly. Post-decompression tarballs are identical, so there is no change to the libxml2 code. (From OE-Core rev: 38681a213a3b5f57b37257f7d96c4e970032ffe4) Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8bc17ceb997f8f31a03e5f5efc41c03ef1df3add) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: backport fix for CVE-2022-23308Ralph Siemsen2022-03-232-0/+205
| | | | | | | | | | | | | | Use-after-free of ID and IDREF attributes, which could result in denial of service. https://nvd.nist.gov/vuln/detail/CVE-2022-23308 CVE: CVE-2022-23308 (From OE-Core rev: 6c2f91ce93921c9bfe52c62c0347b992df98d62d) Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* documentation: update for 3.1.15 releaseSteve Sakoman2022-03-222-5/+5
| | | | | | | | (From yocto-docs rev: 14e7f0c3d8b482e11e9df18364b39019779a619c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to dunfell head revisionRichard Purdie2022-03-141-1/+1
| | | | | | (From OE-Core rev: ff90d0e91aec252d3f5986df9ce02293cddadbca) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to 9.11.36yocto-3.1.15dunfell-23.0.15Ralph Siemsen2022-03-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Security Fixes The lame-ttl option controls how long named caches certain types of broken responses from authoritative servers (see the security advisory for details). This caching mechanism could be abused by an attacker to significantly degrade resolver performance. The vulnerability has been mitigated by changing the default value of lame-ttl to 0 and overriding any explicitly set value with 0, effectively disabling this mechanism altogether. ISC's testing has determined that doing that has a negligible impact on resolver performance while also preventing abuse. Administrators may observe more traffic towards servers issuing certain types of broken responses than in previous BIND 9 releases, depending on client query patterns. (CVE-2021-25219) ISC would like to thank Kishore Kumar Kothapalli of Infoblox for bringing this vulnerability to our attention. [GL #2899] (From OE-Core rev: 8906aa9ec0a80b0f8998fb793f4e9491b3179179) Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perf-tests: add bash into RDEPENDS (v5.12-rc5+)Bruce Ashfield2022-03-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Upstream commit: commit 1dc481c0b0cf18d3952d93a73c4ece90dec277f0 Author: Leo Yan <leo.yan@linaro.org> Date: Sat Mar 20 18:45:54 2021 +0800 perf test: Change to use bash for daemon test When executing the daemon test on Arm64 and x86 with Debian (Buster) distro, both skip the test case with the log: Changes tools/perf/tests/shell/daemon.sh to be explicitly bash (it was already required, but was just skipped on various distros). We add it into our RDEPENDS for perf-tests to fixup 5.12+ builds. We already have relatively heavy RDEPENDS for perf tests (python3), so adding bash into the RDEPENDS isn't signifcant even for older perf builds that use the same recipe. (cherry picked from commit 159cdb159ad0e9d3ed73cfc07f9acd5c0b608e7b) (From OE-Core rev: 0cfc604b48155ed4129bcc056610f32caf1a93b4) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Add backports for two CVEs from upstreamsana kazi2022-03-113-0/+60
| | | | | | | | | | | | | Based on commit from master (From OE-Core rev: a5bb7cc568d5da3633f3854295b0ebe46a2dd863) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 6ae14b4ff7a655b48c6d99ac565d12bf8825414f) Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> Signed-off-by: Sana Kazi <sanakazisk19@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vim: Update to 8.2.4524 for further CVE fixesRichard Purdie2022-03-111-2/+2
| | | | | | | | | | | Includes CVE-2022-0696, CVE-2022-0714, CVE-2022-0729. (From OE-Core rev: b7fa41cda88bffa5345d5b9768774cdf28f62b7b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0d29988958e48534a0076307bb2393a3c1309e03) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate: inside the threadedpool don't write to the shared localdataJose Quaresma2022-03-111-1/+1
| | | | | | | | | | | | | | When inside the threadedpool we make a copy of the localdata to avoid some race condition, so we need to use this new localdata2 and stop write the shared localdata. (From OE-Core rev: 604146a242c3d5f5a9872bb756910f4bd1b58406) Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 90fe6948a9df0b43c58120a9358adb3da1ceb5b9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: Ensure uid/gid ranges are set deterministicallyRichard Purdie2022-03-111-0/+2
| | | | | | | | | | | | | | meson.build will fall back to greping /etc/login.defs for values of these if they're not set. Different distros set them (Centos 7/8 does, Ubuntu does not) so output was not deterministic. Avoid this by setting to the default values. We now match the vaules from login.defs from shadow. (From OE-Core rev: 56f57c70fb87beb9a7181df8cb5e7a4a0b5a184a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 77a6ac0ac266d71e4fe67fd332662081f30cd7bf) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* asciidoc: update git repositoryRoss Burton2022-03-111-1/+1
| | | | | | | | | The asciidoc-py3 repository has been renamed to asciidoc-py. (From OE-Core rev: 6b899f694ec57bb3c6254d59ac5c51378579c014) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky.conf: Bump version for 3.1.15 releaseSteve Sakoman2022-03-101-1/+1
| | | | | | | (From meta-yocto rev: b835745e548e81255b78650a433ea14858efe603) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky.conf: update tested distrosLee Chee Yang2022-03-101-0/+3
| | | | | | | | | add fedora-35, opensuseleap-15.3 and almalinux-8.5 (From meta-yocto rev: 70ef17e11efa774e8b756b4bf3b428f3e010c1c5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: update genericx86* to v5.4.178Steve Sakoman2022-03-101-4/+4
| | | | | | | (From meta-yocto rev: 72167ca6e94601773e708741a5914c639317a267) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* docs: fix hardcoded link warning messagesMichael Opdenacker2022-03-097-13/+13
| | | | | | | | | | | | | Sphinx complains about hardcoded links which can be replaced by an extlink. So let's apply its recommendations. (From yocto-docs rev: f550001f32157c7c30cf5506f3da783c0fd96396) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reported-by: Quentin Schulz <foss+yocto@0leil.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-system-requirements.rst: update list of supported distrosSteve Sakoman2022-03-091-0/+5
| | | | | | | | | | Add AlmaLinux 8.5, Fedora 35, and OpenSUSE Leap 15.3 (From yocto-docs rev: 0a5d6189eed86a9fafdae906187d693a50831f1c) Signed-off-by: Steve Sakoman <steve@sakoman.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uninative: Upgrade to 3.5Michael Halstead2022-03-091-5/+5
| | | | | | | | | | | | Add support for glibc 2.35. (From OE-Core rev: 51844f2d60d77fb8cb46ffe460402f76ae216ca5) Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 347b8c87fb4e2c398644f900728cf6e22ba4516d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uninative: Add version to uninative tarball nameRichard Purdie2022-03-092-2/+3
| | | | | | | | | | | | | | | | | uninative works via hashes and doesn't need the version in the tarball name but it does make things easier to inspect in DL_DIR. There were reasons such as ease of publication of the build tarballs but we can handle those differently now and the signature issues from the early code aren't an issue now. From 3.4 onwards we can use a version'd name. [YOCTO #12970] (From OE-Core rev: 0ec0e49d0d2a7478efbf20bc3554f0ffba40afa0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dadba70d6a24d8ebb5576598efffa973151c7218) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildhistory.bbclass: create the buildhistory directory when neededJose Quaresma2022-03-091-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the BUILDHISTORY_RESET is enabled we need to move the content from BUILDHISTORY_DIR to BUILDHISTORY_OLD_DIR but when we start a clean build in the first run we don't have the BUILDHISTORY_DIR so the move of files will fail. | ERROR: Command execution failed: Traceback (most recent call last): | File "/xxx/poky/bitbake/lib/bb/command.py", line 110, in runAsyncCommand | commandmethod(self.cmds_async, self, options) | File "/xxx/poky/bitbake/lib/bb/command.py", line 564, in buildTargets | command.cooker.buildTargets(pkgs_to_build, task) | File "/xxx/poky/bitbake/lib/bb/cooker.py", line 1481, in buildTargets | bb.event.fire(bb.event.BuildStarted(buildname, ntargets), self.databuilder.mcdata[mc]) | File "/xxx/home/builder/src/base/poky/bitbake/lib/bb/event.py", line 214, in fire | fire_class_handlers(event, d) | File "/xxx/poky/bitbake/lib/bb/event.py", line 121, in fire_class_handlers | execute_handler(name, handler, event, d) | File "/xxx/poky/bitbake/lib/bb/event.py", line 93, in execute_handler | ret = handler(event) | File "/xxx/poky/meta/classes/buildhistory.bbclass", line 919, in buildhistory_eventhandler | entries = [ x for x in os.listdir(rootdir) if not x.startswith('.') ] | FileNotFoundError: [Errno 2] No such file or directory: '/xxx/buildhistory' (From OE-Core rev: de89dc125758f828a7886012bd9b1c8a1017ef48) Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 97bc2168da7dbacdfbf79cd70db674363ab84f6b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml-parser-perl: Add missing RDEPENDSRichard Purdie2022-03-091-0/+1
| | | | | | | | | | | | Running the ptest package in an image alone highlighted missing module dependencies. Add them to fix those errors. (From OE-Core rev: 6e98fdf7832fed3d93645ed69f62c8df5e89b96b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3859f49db2d694c7b63fdbe25be0018afba5c738) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cml1.bbclass: Handle ncurses-native being available via pkg-configNathan Rossi2022-03-091-0/+8
| | | | | | | | | | | | | | | | | | | | The linux kernel will by default use pkg-config to get ncurses(w) paths, falling back to absolute path checks otherwise. If the build host does not have ncurses installed this will fail as pkg-config will not search the native sysroot for ncurses. To more all kernel/kconfig sources, inject the equivalent native pkg-config variables similar to what is done by the pkg-config-native script. This only affects the menuconfig python task itself and the oe_terminal call inside it. (cherry picked from commit abb95c421bb67d452691819e3f63dabd02e2ba37) (From OE-Core rev: dc6b20475a69c9fbab9a97a93119aeedf54deb23) Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bootchart2: Add missing python3-math dependencyMarek Vasut2022-03-091-1/+1
| | | | | | | | | | | | | | | | Without this dependency, generating the bootchart may fail with: " ModuleNotFoundError: No module named 'random' " (cherry picked from commit 487e9f16a00f895159b79f1865fe8b626b47ddc2) (From OE-Core rev: 123d4a673dadfee14d5ad8bbc503405da9602bb0) Signed-off-by: Marek Vasut <marex@denx.de> Cc: Mingli Yu <mingli.yu@windriver.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wireless-regdb: upgrade 2021.08.28 -> 2022.02.18wangmy2022-03-091-1/+1
| | | | | | | | | | (From OE-Core rev: fd64364f16c822960a00e8a28b87b0ec590eed74) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e5c06ddfd3c0db0d0762c0241c019f59ad310e53) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "cve-check: add lockfile to task"Ross Burton2022-03-091-1/+0
| | | | | | | | | | | | | | | | | | Now that all of the functions in cve-check open the database read-only, we can remove this lockfile. This means cve-check can run in parallal again, improving runtimes massively. This reverts commit d55fbf4779483d2cfd71df78d0f733b599fef739. (From OE-Core rev: 1a30a8513ca47890470ee9d19a5ea36437e664bf) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e60d149b41d14d177df20dbecaef943696df1586) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: get_cve_info should open the database read-onlyRoss Burton2022-03-091-1/+2
| | | | | | | | | | | | | | | All of the function in cve-check should open the database read-only, as the only writer is the fetch task in cve-update-db. However, get_cve_info() was failing to do this, which might be causing locking issues with sqlite. (From OE-Core rev: 2b3d13a451e99db669977d4d1172653b736ae6e1) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8de517238f1f418d9af1ce312d99de04ce2e26fc) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* coreutils: remove obsolete ignored CVE listRoss Burton2022-03-091-3/+0
| | | | | | | | | | | | | | | | Three CVEs were meant to be ignored via CVE_WHITELIST, but that wasn't the correct variable name. The CPEs for those CVEs mean that they don't get picked up in our report, so just remove the assignment. (From OE-Core rev: c50688e1d0839d71e05a0d15dd948113d2ef83f6) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dea00faf30ec7c19b6b5ed4651b430ba3faf69ff) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* expat: fix CVE-2022-25315Steve Sakoman2022-03-092-0/+146
| | | | | | | | | | | | | | | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames. Backport patch from: https://github.com/libexpat/libexpat/pull/559/commits/eb0362808b4f9f1e2345a0cf203b8cc196d776d9 CVE: CVE-2022-25315 (From OE-Core rev: 9cb21fd89de99abeeef1dd962e6019943de546a4) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* expat: fix CVE-2022-25314Steve Sakoman2022-03-092-0/+33
| | | | | | | | | | | | | | | In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. Backport patch from: https://github.com/libexpat/libexpat/pull/560/commits/efcb347440ade24b9f1054671e6bd05e60b4cafd CVE: CVE-2022-25314 (From OE-Core rev: b92c33285c5f886c95a3734e61007b522b62a71f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* expat: fix CVE-2022-25313Steve Sakoman2022-03-093-0/+363
| | | | | | | | | | | | | | | | | | In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. Backport patch from: https://github.com/libexpat/libexpat/pull/558/commits/9b4ce651b26557f16103c3a366c91934ecd439ab Also add patch which fixes a regression introduced in the above fix: https://github.com/libexpat/libexpat/pull/566 CVE: CVE-2022-25313 (From OE-Core rev: 8105700b1d6d23c87332f453bdc7379999bb4b03) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* expat: fix CVE-2022-25236Steve Sakoman2022-03-092-0/+130
| | | | | | | | | | | | | | | | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. Backport patches from: https://github.com/libexpat/libexpat/pull/561/commits CVE: CVE-2022-25236 (From OE-Core rev: 72ab213c128ef75669447eadcae8219a9f87f941) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* expat: fix CVE-2022-25235Steve Sakoman2022-03-092-0/+284
| | | | | | | | | | | | | | | | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. Backport patches from: https://github.com/libexpat/libexpat/pull/562/commits CVE: CVE-2022-25235 (From OE-Core rev: 27ab07b1e8caa5c85526eee4a7a3ad0d73326866) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: fix CVE-2022-23772Minjae Kim2022-03-092-0/+51
| | | | | | | | | | | | | | | math/big: prevent large memory consumption in Rat.SetString An attacker can cause unbounded memory growth in a program using (*Rat).SetString due to an unhandled overflow. Upstream-Status: Backport [https://go.dev/issue/50699] CVE: CVE-2022-23772 (From OE-Core rev: e4d15040f62744265b9236ad7276f3371a9172da) Signed-off-by:Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: fix CVE-2022-23806Minjae Kim2022-03-092-0/+143
| | | | | | | | | | | | | | | | | crypto/elliptic: fix IsOnCurve for big.Int values that are not valid coordinates Some big.Int values that are not valid field elements (negative or overflowing) might cause Curve.IsOnCurve to incorrectly return true. Operating on those values may cause a panic or an invalid curve operation. Note that Unmarshal will never return such values. Upstream-Status: Backport [https://go.dev/issue/50974] CVE: CVE-2022-23806 (From OE-Core rev: eb7aa0929ecd712aeeec0ff37dfb77c3da33b375) Signed-off-by:Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: Fix for CVE-2021-36976Virendra Thakur2022-03-094-1/+540
| | | | | | | | | | | | | | | | Add patch to fix CVE-2021-36976 CVE-2021-36976 fix are provided by below mentioned pull request. 1) https://github.com/libarchive/libarchive/pull/1491 2) https://github.com/libarchive/libarchive/pull/1492 3) https://github.com/libarchive/libarchive/pull/1493 (From OE-Core rev: 6c356aec8dabc08bd98da3106780896dc7b52501) Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a crash in scriptsMarta Rybczynska2022-03-022-0/+38
| | | | | | | | | | | | | This patch adds a fix for a crash in grub's script handling. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 79ce9059f716546a7d6f4562ba194aedd90c22cd) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: avoid a NULL pointer dereferenceMarta Rybczynska2022-03-022-0/+34
| | | | | | | | | | | | | This patch adds a fix for a NULL pointer dereference in grub's commands/ls. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 6666dccd33178445f3c4fe277354393efb70285a) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for a NULL pointer dereferenceMarta Rybczynska2022-03-022-0/+29
| | | | | | | | | | | | | This patch adds a fix for a NULL pointer dereference in grub's script/execute. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: ddf62ae472c3c26af7a4c91e4216c8d5ba4604ac) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: fix incorrect use of a negative valueMarta Rybczynska2022-03-022-0/+51
| | | | | | | | | | | | | This patch adds a fix for an incorrect use of a negative value in grub's util/glue-efi. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: de1fe600212ff6d460bdc672d7ca0e13afbe7514) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: add a fix for an incorrect castMarta Rybczynska2022-03-022-0/+47
| | | | | | | | | | | | | This patch adds a fix for incorrect casting from signed to unsigned in grub's util/grub-editenv. It is a part of a security series [1]. [1] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html (From OE-Core rev: 906ecdc9efbc1b4025c2c7a9797ebd374f8508af) Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-07-01 20:59:13 +0000