summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ghostscript: backport fix for CVE-2023-38559Vijay Anusuri2023-08-162-0/+32
| | | | | | | | | Upstream-Status: Backport from https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f (From OE-Core rev: f70113d1d5b5359c8b668ba43aac362457927d9e) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* qemu:fix CVE-2023-3354 VNC: improper I/O watch removal in TLS handshake can ↵Vivek Kumbhar2023-08-162-0/+88
| | | | | | | | | lead to remote unauthenticated denial of service (From OE-Core rev: 447bab76f9ac465ad36540e3bfb9a2a3cdbfa6b6) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* qemu: CVE-ID correction for CVE-2020-35505Emily Vekariya2023-08-161-4/+7
| | | | | | | | | | | | | - The commit [https://github.com/qemu/qemu/commit/995457517340] ("esp: ensure cmdfifo is not empty and current_dev is non-NULL") fixes CVE-2020-35505 instead of CVE-2020-35504. - Hence, corrected the CVE-ID in CVE-2020-35505.patch. - Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1909769 (From OE-Core rev: 9d54930a0c37e2878bbbe221341ebbd2bdd78a22) Signed-off-by: Emily Vekariya <emily.vekariya@einfochips.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* dmidecode 3.2: Fix CVE-2023-30630Dhairya Nagodra2023-08-164-0/+499
| | | | | | | | | | | | | | | Upstream Repository: https://git.savannah.gnu.org/git/dmidecode.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2023-30630 Type: Security Fix CVE: CVE-2023-30630 Score: 7.8 Patch: https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c (From OE-Core rev: f3def5af120355a2454c088724e147bbce785d1b) Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* tiff: fix multiple CVEsHitendra Prajapati2023-08-165-0/+177
| | | | | | | | | | | | Backport fixes for: * CVE-2023-2908 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9bd48f0dbd64fb94dc2b5b05238fde0bfdd4ff3f * CVE-2023-3316 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/d63de61b1ec3385f6383ef9a1f453e4b8b11d536 * CVE-2023-3618 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37 && https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e03333ac16b5cfb11acaaeaa493334f8 (From OE-Core rev: 4929d08cefac9ae2ebbdf94ccdc51a0f67f28164) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* tiff: fix multiple CVEsHitendra Prajapati2023-08-165-0/+396
| | | | | | | | | | | | | Backport fixes for: * CVE-2023-25433 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/9c22495e5eeeae9e00a1596720c969656bb8d678 && https://gitlab.com/libtiff/libtiff/-/commit/688012dca2c39033aa2dc7bcea9796787cfd1b44 * CVE-2023-25434 & CVE-2023-25435 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 * CVE-2023-26965 & CVE-2023-26966 - Upstream-Status: Backport from import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz] (From OE-Core rev: 3d322227477f9e82fc22de6e896174d04513d72b) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libpcre2: patch CVE-2022-41409Peter Marko2023-08-162-0/+75
| | | | | | | | | | Backport commit mentioned in NVD DB links. https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35 (From OE-Core rev: c25b88fc321b7c050108b29c75c0a159e0754f84) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libarchive: ignore CVE-2023-30571Peter Marko2023-08-161-0/+3
| | | | | | | | | | | | | | | | | | | | | This issue was reported and discusses under [1] which is linked in NVD CVE report. It was already documented that some parts or libarchive are thread safe and some not. [2] was now merged to document that also reported function is not thread safe. So this CVE *now* reports thread race condition for non-thread-safe function. And as such the CVE report is now invalid. The issue is still not closed for 2 reasons: * better document what is and what is not thread safe * request to public if someone could make these functions thread safe This should however not invalidate above statment about ignoring this CVE. [1] https://github.com/libarchive/libarchive/issues/1876 [2] https://github.com/libarchive/libarchive/pull/1875 (From OE-Core rev: 9374e680ae2376589a9bfe4565dfcf4dc9791aa8) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: fix CVE-2023-29406 net/http: insufficient sanitization of Host headerVivek Kumbhar2023-08-162-0/+213
| | | | | | | (From OE-Core rev: 07e03175de91739064ae5530b3df093b4d05510b) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libjpeg-turbo: patch CVE-2023-2804Peter Marko2023-08-163-0/+174
| | | | | | | | | | | | | | Relevant links: * linked fronm NVD: * https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1492586118 * follow-up analysis: * https://github.com/libjpeg-turbo/libjpeg-turbo/issues/668#issuecomment-1496473989 * picked commits fix all issues mentioned in this analysis (From OE-Core rev: cb3c7efd313f758e9bade93b72527bc5dc470085) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: ignore CVE-2023-36632Peter Marko2023-08-161-0/+2
| | | | | | | | | | | | | | This CVE shouldn't have been filed as the "exploit" is described in the documentation as how the library behaves. (From OE-Core rev: b66a677b76c7f15eb5c426f8dc7ac42e1e2e3f40) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c652f094d86c4efb7ff99accba63b8169493ab18) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGIHitendra Prajapati2023-08-162-0/+140
| | | | | | | | | Upstream-Status: Backport from https://github.com/ruby/cgi/commit/64c5045c0a6b84fdb938a8465a0890e5f7162708 (From OE-Core rev: dfe4a2b601e094e2922b671f6cf73ff6a91f061f) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to dunfell head revisionyocto-3.1.27dunfell-23.0.27Steve Sakoman2023-08-041-1/+1
| | | | | | (From OE-Core rev: 6dd64ca2d726d0b222a7608c65eb0a20454c3f99) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* gcc: fix runpath errors in cc1 binarySteve Sakoman2023-08-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The runpath in the cc1 binary is: Library runpath: [$ORIGIN/../../../recipe-sysroot-native/usr/lib:$ORIGIN/../../../recipe-sysroot-native/lib] This does not match the actual location of the libraries, which would require: Library runpath: [$ORIGIN/../../recipe-sysroot-native/usr/lib:$ORIGIN/../../recipe-sysroot-native/lib] Prior to gcc 9.1 the recipe set B explicity with: B = "${WORKDIR}/gcc-${PV}/build.${HOST_SYS}.${TARGET_SYS}" and this build directory structure matches the runpath in cc1, so there is no issue. This line was commented out in versions 9.1 through 11.3. The upgrade to 12.1 once again uncommented this line. As a result the runpath is incorrect in version 9.1 through 11.3 and cc1 defaults to using host libraries. This patch restores setting B as done in master and versions prior to 9.1 (From OE-Core rev: 43d5ebde6d609898064ea70c89a7eba002e5fd74) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* ref-manual: document image-specific variant of INCOMPATIBLE_LICENSEMichael Opdenacker2023-08-022-9/+19
| | | | | | | | | | | This has been around without being properly documented since 2019 (!!!), and is nowadays the preferred method for enforcing license restrictions. (From yocto-docs rev: 7a67426330decf108b8f152c3cb6cd6d167c98e4) Signed-off-by: Alexander Kanavin <alex@linutronix.de Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* build-appliance-image: Update to dunfell head revisionSteve Sakoman2023-07-221-1/+1
| | | | | | (From OE-Core rev: ab6a0d053d910c3d50fcb06e9c2ca98430b673a4) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* poky.conf: bump version for 3.1.27Steve Sakoman2023-07-221-1/+1
| | | | | | (From meta-yocto rev: e7886680c9436f78ba74f7882eb26999590229f4) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* documentation: update for 3.1.27Steve Sakoman2023-07-221-5/+5
| | | | | | | | (From yocto-docs rev: 957952fb61427d8549e3bc902b38b4a5acd2c618) Signed-off-by: Steve Sakoman <steve@sakoman.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* openssl: fix intermittent openssl-ptest reproducibility issueSteve Sakoman2023-07-222-0/+39
| | | | | | | | | | | | Adds two missing key sorts in generation of unified_info Backported from a similar (but more invasive) patch in the 3.x source code: https://github.com/openssl/openssl/commit/764cf5b26306a8712e8b3d41599c44dc5ed07a25] (From OE-Core rev: 6c505ef6c9950eb6d09bcec683fefe6edc7b2e6b) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cmake: Fix CMAKE_SYSTEM_PROCESSOR setting for SDKTom Hochstein2023-07-221-4/+1
| | | | | | | | | | | | | | | | When building using an SDK, cmake complains that the target architecture 'cortexa53-crypto' is unknown. The same build in bitbake uses the target architecture 'aarch64'. Set CMAKE_SYSTEM_PROCESSOR the same as for bitbake. (From OE-Core rev: 7a7ef9d73affc23fa14712d56f1a40d0c46569cb) Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d32a6225eefce2073a1cd401034b5b4c68351bfe) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libpng: Add ptest for libpngNikhil R2023-07-223-2/+43
| | | | | | | | | | | | | | | | | | | | | | | libpng is a platform-independent library which supports all PNG features. This ptest executes the below binaries, parses the png image and prints the image features. 1. pngfix - provides information about PNG image copyrights details. 2. pngtest - tests, optimizes and optionally fixes the zlib header in PNG files. 3. pngstest - verifies the integrity of PNG image by dumping chunk level information. 4. timepng - provides details about PNG image chunks. (From OE-Core rev: 843803bcc248b18cdefb29d610a1371e32e815ce) Signed-off-by: Nikhil R <nikhil.r@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* kernel-fitimage: fix dtbo support for fit imagesAnthony Bagwell2023-07-221-1/+1
| | | | | | | | | | | 8a2f4e143 added support for u-boot boot script but missed adding the extra parameter to fitimage_emit_section_config on the dtbo branch (From OE-Core rev: d1b6c34d33704f05374154e4ea7d8acdea7b8018) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 22bac8aea0d5d28cc5a3bf20edf638225cce2f88) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* vim: upgrade 9.0.1527 -> 9.0.1592Trevor Gamblin2023-07-221-2/+2
| | | | | | | | | | | | | | | | | Fixes: https://nvd.nist.gov/vuln/detail/CVE-2023-2609 d1ae836 patch 9.0.1531: crash when register contents ends up being invalid https://nvd.nist.gov/vuln/detail/CVE-2023-2610 ab9a2d8 patch 9.0.1532: crash when expanding "~" in substitute causes very long text (From OE-Core rev: 8a481b1dfeeee8d8d3430f527da1f3f5b7d96999) Signed-off-by: Trevor Gamblin <tgamblin@baylibre.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1e4b4dfb4145bc00eb6937b5f54a41170e9a5b4c) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* wireless-regdb: upgrade 2023.02.13 -> 2023.05.03Alexander Kanavin2023-07-221-1/+1
| | | | | | | | | (From OE-Core rev: 67adfd6cbcdbb765460e6f97d8957c872d8f5c81) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 47438402fa430499864a4b1f1a13eaac66aa21c0) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* linux-firmware: upgrade 20230404 -> 20230515Alexander Kanavin2023-07-221-2/+2
| | | | | | | | | | | License-Update: additional firmwares (From OE-Core rev: 17988a2cebcccb7ddacb3d085deeab0f0b8f646a) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 64603f602d00999220fe5bafeed996ddcb56d36b) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* glibc: stable 2.31 branch updates.Deepthi Hemraj2023-07-221-1/+1
| | | | | | | | | | Below commits on glibc-2.31 stable branch are updated. 2d4f26e5cf x86: Fix wcsnlen-avx2 page cross length comparison (From OE-Core rev: d89f5692514c68050349f37315e1dea14cbcfa24) Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* tzdata: upgrade to 2023cPriyal Doshi2023-07-221-3/+3
| | | | | | | (From OE-Core rev: 62c42d4a1029de4fe9b19631cbd34722f6535edf) Signed-off-by: Priyal Doshi <pdoshi@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* qemu: backport Debian patch to fix CVE-2023-0330Vijay Anusuri2023-07-222-0/+78
| | | | | | | | | | | | | | import patch from ubuntu to fix CVE-2023-0330 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/qemu/tree/debian/patches?h=ubuntu/focal-security Upstream commit https://gitlab.com/qemu-project/qemu/-/commit/b987718bbb1d0eabf95499b976212dd5f0120d75] (From OE-Core rev: 559327579bcee685c6dc22b7ad5595960aa896c0) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* python3: fix CVE-2023-24329 urllib.parse url blocklisting bypassVivek Kumbhar2023-07-222-0/+81
| | | | | | | (From OE-Core rev: 307f23e066e06793ec60f0cddf8ff1c64c02d834) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* curl: fix CVE-2023-28320 siglongjmp race condition may lead to crashVivek Kumbhar2023-07-223-0/+285
| | | | | | | | | | | | Introduced by: https://github.com/curl/curl/commit/3c49b405de4fbf1fd7127f91908261268640e54f (curl-7_9_8) Fixed by: https://github.com/curl/curl/commit/13718030ad4b3209a7583b4f27f683cd3a6fa5f2 (curl-8_1_0) Follow-up: https://github.com/curl/curl/commit/f446258f0269a62289cca0210157cb8558d0edc3 (curl-8_1_0) https://curl.se/docs/CVE-2023-28320.html (From OE-Core rev: a6b2b550690c2ffdce1aef9da1595a42d1bc6348) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go: Fix CVE-2023-29400Ashish Sharma2023-07-222-0/+95
| | | | | | | | | | emit filterFailsafe for empty unquoted attr value (From OE-Core rev: 02a0e76e04ddbbbb381202d61cbb084333336f38) Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* libx11: Fix CVE-2023-3138 for dunfell branchPoonam Jadhav2023-07-222-0/+112
| | | | | | | | | | | Add patch to fix CVE-2023-3138 for dunfell branch Link: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/304a654a0d57bf0f00d8998185f0360332cfa36c.patch (From OE-Core rev: aed61452f5c9fc377ce3336b765eb1cb195482a8) Signed-off-by: Poonam Jadhav <poonam.jadhav@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: actually use API keysRoss Burton2023-07-131-11/+12
| | | | | | | | | | | | | | | There were vestigal remains of API key support which could be removed, but as using an API key - in theory - gives the user larger rate limits it's probably wise to expose it. If the user has an API key, then set NVDCVE_API_KEY. (From OE-Core rev: b3fc8ef9aba822b3d485242c8ebd0e0bff0ebfc8) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a542de684282bfec79f24ae2f1a2027ffde319d8) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: log a little moreRoss Burton2023-07-131-5/+7
| | | | | | | | | | | | | Add a note of what range we're fetching, and use bb.note() instead of debug() as messages about retrying shouldn't really be considered debug logging. (From OE-Core rev: f6c3ee35ae9950aec4b3dc15062b1c1fb5610011) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b64a869b9c5e1d504f1011da16b5c5ff721afbf0) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: increase retry countPeter Marko2023-07-131-1/+1
| | | | | | | | | | | | | | | | | Current 503 errors seem to last several seconds. In most cases there are two errors and third request succeeds. However sometimes the outage takes more than time needed for two retries and third one also fails. Extend retry count from 3 to 5 to improve the probablity that the fetcher succeeds. (From OE-Core rev: 46286a641f1113e22d39a427a5dc0a11321d434e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f4d118af2360cff7f234102fd5e4b65a6f4146a6) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: retry all errors and sleep between retriesPeter Marko2023-07-131-7/+4
| | | | | | | | | | | | | | | | | | | | Last couple days it is not possible to update NVD DB as servers are returning lot of errors. Mostly "HTTP Error 503: Service Unavailable" is observed but sporadially also some others. Retrying helps in most cases, so extend retries to all errors. Additionally add sleep which is recommended by NVD between requests. These retries are already implemented between successful requests, but giving servers time between failed ones is important, too. (From OE-Core rev: 8bba9342f641e9aa51ccaebc02bc5d51354e1c72) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 88dad8f198baa80af5ab576498f4df6ed639d551) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: fix cvssV3 metricsPeter Marko2023-07-131-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | After upgrade to soon-to-be-released kirkstone 4.0.11 CVE annotations got broken. Anything which has only cvssV3 does not resolve properly. Fix the API fields used to extract it. i0.0 score is now at level of NVD DB 1.1. All CVEs with UNKNOWN vector are not present in NVD DB 1.1. NVD API 1.1: sqlite> select vector, count(vector) from nvd group by vector; ADJACENT_NETWORK|4776 LOCAL|32146 NETWORK|167746 PHYSICAL|185 sqlite> select scorev3, count(scorev3) from nvd group by scorev3; 0.0|73331 1.8|7 1.9|3 ... NVD API 2.0 (broken): sqlite> select vector, count(vector) from nvd group by vector; ADJACENT_NETWORK|4587 LOCAL|26273 NETWORK|150421 UNKNOWN|24644 sqlite> select scorev3, count(scorev3) from nvd group by scorev3; 0.0|205925 NVD API 2.0 (fixed): sqlite> select vector, count(vector) from nvd group by vector; ADJACENT_NETWORK|5090 LOCAL|32322 NETWORK|168004 PHYSICAL|213 UNKNOWN|511 sqlite> select scorev3, count(scorev3) from nvd group by scorev3; 0.0|73841 1.8|7 1.9|3 ... (From OE-Core rev: 2233a187dc0da833401297667c1e2ed6bf5627fd) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 61a5857efdcc0f49c69c0deb24fce99007aeef19) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: use exact times, don't truncateRoss Burton2023-07-131-2/+2
| | | | | | | | | | | | | | | When requesting updates in a specific range, use the actual current time and database mtime instead of truncating to midnight, and explicitly set the timezone to UTC so that NIST don't treat the timestamps as _their_ local time when they're _our_ local time. (From OE-Core rev: e12b81ede54c92e372f0d80373bb91254d0a889f) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9aa0ec37f5f74252588d2494a71c71a7d8e68df9) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* cve-update-nvd2-native: handle all configuration nodes, not just firstRoss Burton2023-07-131-4/+5
| | | | | | | | | | | | | | | | | Some CVEs, such as CVE-2013-6629, list multiple configurations which are vulnerable. The current JSON parser only considers the first configuration. Instead, consider every configuration. We don't yet handle the AND/OR logical operators, but this is a step in the right direction. (From OE-Core rev: e521d6ce48d3b04eb2d53c710bba18593a908fe3) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e1bf4f6dd686055fe9a8bdcc3f739eac2807bae0) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* grub: submit determinism.patch upstreamAlexander Kanavin2023-07-121-1/+1
| | | | | | | | | (From OE-Core rev: 1fe434d42a3365f232b07864638128b7ac70f627) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 61947762e410c685f667e0af6440fb8a33cd6777) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* useradd-staticids.bbclass: improve error messageMikko Rapeli2023-07-121-1/+1
| | | | | | | | | | | | | | | | | | | | | Current error message is difficult to read: ERROR: Nothing PROVIDES 'image' trs-image was skipped: image - image: normal username test does not have a static ID defined. Add test to one of these files It's not clear that first "image" is recipe name, second "image" is binary package name and that "test" is the user account which does not have a static ID defined. Improve the error message so that these are more explicit. Now the error message looks like: image was skipped: Recipe image, package image: normal username "test" does not have a static ID defined. (From OE-Core rev: ea997ec788a5397598e24301e40d1c30ffa68c04) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 07898218f3908a83e07178b6530dfa48d55d4ec2) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* oeqa/selftest/bbtests: add non-existent prefile/postfile testsFabien Mahot2023-07-121-0/+8
| | | | | | | | | | | | Fixes [YOCTO #10725] (From OE-Core rev: 74fed908b807056cbb10c20d62d494f3089f52ee) Signed-off-by: Fabien Mahot <fabien.mahot@smile.fr> Reviewed-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit b0c33655fad5b2e7d96a45b6210527dfb766797b) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* scripts/runqemu: allocate unfsd ports in a way that doesn't race or clash ↵Alexander Kanavin2023-07-121-11/+8
| | | | | | | | | | | | | | | | | | | | with unrelated processes There is already a neat check_free_port() function for finding an available port atomically, so use that and make two additional tweaks: - no need to allocate two separate ports; per unfsd documentation they can be the same - move lockfile release until after unfsd has been shut down and the port(s) used has been freed [YOCTO #15077] (From OE-Core rev: 816d12f125974fc064d17c735b7769f7a9744597) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dee96e82fb04ea99ecd6c25513c7bd368df3bd37) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* scripts/runqemu: split lock dir creation into a reusable functionAlexander Kanavin2023-07-121-16/+13
| | | | | | | | | (From OE-Core rev: d296853f1c5bcc6ccd800a4fbcbba18021f98518) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 004d6bcb067ecf1d796801fa43a98820c4efd3c7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* pm-utils: fix multilib conflictionsKai Kang2023-07-121-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | It fails to instal pm-utils and lib32-pm-utils at same time: Error: Transaction test error: file /usr/bin/pm-is-supported conflicts between attempted installs of lib32-pm-utils-1.4.1-r1.corei7_32 and pm-utils-1.4.1-r1.corei7_64 file /usr/sbin/pm-hibernate conflicts between attempted installs of lib32-pm-utils-1.4.1-r1.corei7_32 and pm-utils-1.4.1-r1.corei7_64 file /usr/sbin/pm-powersave conflicts between attempted installs of lib32-pm-utils-1.4.1-r1.corei7_32 and pm-utils-1.4.1-r1.corei7_64 file /usr/sbin/pm-suspend conflicts between attempted installs of lib32-pm-utils-1.4.1-r1.corei7_32 and pm-utils-1.4.1-r1.corei7_64 file /usr/sbin/pm-suspend-hybrid conflicts between attempted installs of lib32-pm-utils-1.4.1-r1.corei7_32 and pm-utils-1.4.1-r1.corei7_64 All of the conflicted files either is script which source a file in ${libdir}, or a link file to some file in ${libdir}. Compare the content of installed files in ${libdir} exclude binaries, only the paths of ${libdir} diff. So re-define libdir with ${nonarch_libdir} to fix the conflicts. (From OE-Core rev: 292ff56250d2f916370c508fd7a94f3ab769a356) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f836541bcfdbf033a37537530b4e3b87b0a7f003) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* kmod: remove unused ptest.patchMartin Jansa2023-07-121-25/+0
| | | | | | | | | | | | * it was removed from SRC_URI in 2015: https://git.openembedded.org/openembedded-core/commit/?id=f80d136bdd578468035a88125fa1b84973fd912b (From OE-Core rev: 4342d2a60e2ba8a7aeb683b78f1eef94eb2c2edc) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit cfc4586b4bf080a3a4aa419dffc76c5da2a95b74) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* lib/terminal.py: Add urxvt terminalPavel Zhukov2023-07-121-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes failure [1] of menuconfig task in rxvt-unicode terminal in case if xterm/Konsole/Gnome is not installed. Tested with rxvt-unicode-256color [1] WARNING: Terminal screen is supported but did not start ERROR: No valid terminal found, unable to open devshell. Tried the following commands: tmux split-window -c "{cwd}" "do_terminal" tmux new-window -c "{cwd}" -n "zephyr-helloworld Configuration" "do_terminal" xfce4-terminal -T "zephyr-helloworld Configuration" -e "do_terminal" terminology -T="zephyr-helloworld Configuration" -e do_terminal mate-terminal --disable-factory -t "zephyr-helloworld Configuration" -x do_terminal konsole --separate --workdir . -p tabtitle="zephyr-helloworld Configuration" -e do_terminal gnome-terminal -t "zephyr-helloworld Configuration" -- do_terminal xterm -T "zephyr-helloworld Configuration" -e do_terminal rxvt -T "zephyr-helloworld Configuration" -e do_terminal tmux new -c "{cwd}" -d -s devshell -n devshell "do_terminal" screen -D -m -t "zephyr-helloworld Configuration" -S devshell do_terminal DEBUG: Python function do_menuconfig finished (From OE-Core rev: 9dad23306348af9f54c5fcdfacdbc1e775bf5742) Signed-off-by: Pavel Zhukov <pazhukov@suse.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8d2fe4df8ae33e033caf4119a76715f085be1d15) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* oeqa/selftest/cases/devtool.py: skip all tests require folder a git repoThomas Roos2023-07-121-0/+8
| | | | | | | | | | | | | | | Devtool selftests require poky dir a git repo, when downloading poky as a tar, this is not the case. Those tests will now skipped. [YOCTO #12389] (From OE-Core rev: 5f3128e3a85e3a5d67d5dc1f2585fe6c236e443c) Signed-off-by: Thomas Roos <throos@amazon.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 95a5bc130dc51ea9de95c64dbf0e9c7892415d50) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* conf: add nice level to the hash config ignred variablesLorenzo Arena2023-07-121-1/+1
| | | | | | | | | | | | This is needed as each user could be setting different nice levels while building, however this should not make the shared cache unusable. (From OE-Core rev: b77850f613bdc103e5d529b6c62ae90e134106ae) Signed-off-by: Lorenzo Arena <arena.lor@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 42784f9360345da1c01d988070253e7ffd5ac4ac) Signed-off-by: Steve Sakoman <steve@sakoman.com>
* go.bbclass: don't use test to check output from lsMartin Jansa2023-07-121-1/+1
| | | | | | | | | | | | * avoids possibly confusing error message in log.do_install like: ls: cannot access 'etcd/3.5.7-r0/build/bin/linux_arm64/': No such file or directory (From OE-Core rev: 236a3e0bf753669b4fddbd91be5fdb10c2e6093f) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 2f1777e6ac5269a71203b6a2c562a43503be95ae) Signed-off-by: Steve Sakoman <steve@sakoman.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-14 01:19:42 +0000