summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* librsvg: Exclude CVE-2018-1000041 from cve-checkRichard Purdie2021-05-131-0/+3
| | | | | | | | Issue only affects windows. (From OE-Core rev: a90d3b056992346003d96765fc8639f5235cca55) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* coreutils: Exclude CVE-2016-2781 from cve-checkRichard Purdie2021-05-131-0/+4
| | | | | | | | | | | http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842 "Given runcon is not really a sandbox command, the advice is to use `runcon ... setsid ...` to avoid this particular issue. (From OE-Core rev: 2d273b5aed4a5bd509ec9c68a6f451c17ec17d0c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: Exclude CVE-2021-20271 from cve-checkRichard Purdie2021-05-131-0/+4
| | | | | | | | | This is included in the release we have, it was the reason for the last rpm point release. (From OE-Core rev: 117feb358c81b6b852dee24268eac0a1a47c1701) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kern-tools: Kconfiglib: add support for bare 'modules' keywordBruce Ashfield2021-05-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Bumping the SRCREV to pickup the following for the kern-tools: commit 6dd85ff178cd76851e2184b13e545f5a88d1be30 [kconfig: change "modules" from sub-option to first-level attribute] broke parsing in 5.13+ trees. We add the new location to the parser so we can support both types of module specifications. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Without this, the kernel configuration audit for 5.13+ errors immediately. The older "option modules" parsing has been left in the code, so that older kernels continue to work as well. (From OE-Core rev: ba39e42681e7e3c6fe82686a42a9ee4b519003f9) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ovmf: Fix other reproducibility issuesRichard Purdie2021-05-132-0/+166
| | | | | | | | | When building in longer paths, the ovmf build changes in many ways. This adds a patch addressing various causes of problems. Full details are in the patch header. (From OE-Core rev: 9113a5815f3c682ef99fd777e35e892b2e08237f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ovmf: Disable lto to aid reproducibilityRichard Purdie2021-05-131-1/+8
| | | | | | | | | | lto tends to break reproducibility and makes ovmf near impossible to debug reproducibility issues in. Disable it and supress the warnings that then generates from Werror. (From OE-Core rev: 627b6ed763eca90192203932784872b60a65fcaa) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* manuals: reduce verbosity related to "the following" expressionMichael Opdenacker2021-05-1313-41/+36
| | | | | | | (From yocto-docs rev: da9d1cfb5c084d172eff3cb10ec3631dd8266260) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* manuals: reduce verbosity with "worry about" expressionMichael Opdenacker2021-05-135-10/+9
| | | | | | | | (From yocto-docs rev: 6c65f5f350cdc79a435deb20c48d861d9f4c5c14) Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reviewed-by: Quentin Schulz <foss@0leil.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-dev: document KCONFIG_MODEDaniel Wagenknecht2021-05-132-0/+47
| | | | | | | | | (From yocto-docs rev: 12aa6f9c6af68ea03fbb056677213b00d693cf5f) Signed-off-by: Daniel Wagenknecht <dwagenknecht@emlix.com> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Reviewed-by: Quentin Schulz <foss@0leil.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: delete extraneous back quoteRobert P. J. Day2021-05-131-1/+1
| | | | | | | | (From yocto-docs rev: 784d39fe28436302b4df7e1ea08582d4d2f664c6) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: delete references to dead LSB complianceRobert P. J. Day2021-05-131-9/+1
| | | | | | | | | | | Since LSB does not seem to be relevant these days, delete mentions of it. (From yocto-docs rev: 5b4354e0611253b40ad58613b910b6591493a1b4) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* manuals: fix a few incorrect option specifications.Drew Moseley2021-05-132-4/+4
| | | | | | | | (From yocto-docs rev: b6b218de3629d1f8fb61137e8bdcf84739cfaf67) Signed-off-by: Drew Moseley <drew@moseleynet.net> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sdk-manual: various cleanups to intro.rstRobert P. J. Day2021-05-131-25/+23
| | | | | | | | | | | | Minutiae including grammar fixes, increased brevity and adding a proper link to another SDK manual section. (From yocto-docs rev: 21d6c6fcbae938c256da6e72d6ac8d2ca72d5bc0) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Quentin Schulz <foss@0leil.net> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sdk-manual: couple minor fixes in using.rstRobert P. J. Day2021-05-131-7/+6
| | | | | | | | | | One grammar fix, and adding two proper links to other sections. (From yocto-docs rev: 969d4737da992e1fbca14cfbeb35bd5401698cba) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Reviewed-by: Michael Opdenacker <michael.opdenacker@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: Fix build on mipsKhem Raj2021-05-121-7/+15
| | | | | | | | | | | | | | | | | configure is not able to decode, right options to compiler, it needs to be set according to default tune manually. Fixes build issue on mips e.g. {standard input}: Assembler messages: | {standard input}:2162: Error: opcode not supported on this processor: mips32r2 (mips32r2) `dmult $22,$22' | {standard input}:2164: Error: opcode not supported on this processor: mips32r2 (mips32r2) `dsrl $5,$5,32' | make: *** [/mnt/b/yoe/master/build/tmp/work/mips32r2-yoe-linux/ffmpeg/4.4-r0/ffmpeg-4.4/ffbuild/common.mak:67: libavcodec/aptxenc.o] Error 1 (From OE-Core rev: b254db634fc888ae75e843c8a9108e71ffff3f77) Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: update 4.3.2 -> 4.4Alexander Kanavin2021-05-122-34/+1
| | | | | | | | | | | | | Drop mips64_cpu_detection.patch as upstream has changed the code in a way that's difficult to rebase. I have confirmed that builds on qemumip64 still work, and the patch does not say clearly what was the way to reproduce the failure it's aiming to address. (From OE-Core rev: 7db3aed539044bed1c7d3cf7b91f55caed974fe2) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Exclude CVE-2015-7313 from cve-checkRichard Purdie2021-05-121-0/+4
| | | | | | | | | Some fix upstream addresses the issue, it isn't clear which change this was. Our current version doesn't have issues with the test image though so we can exclude. (From OE-Core rev: 3874da694ae1d9de06dd003bd80705205e2b033b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez: Exclude CVE-2020-12352 CVE-2020-24490 from cve-checkRichard Purdie2021-05-121-0/+3
| | | | | | | | These CVEs are fixed with kernel changes and don't affect the bluez recipe. (From OE-Core rev: 658902477840ea34d414083c4c79616bf5e999a2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: Exclude CVE-2013-6629 from cve-checkRichard Purdie2021-05-121-0/+4
| | | | | | | | | The CVE is in the jpeg sources included with ghostscript. We use our own external jpeg library so this doesn't affect us. (From OE-Core rev: 8556d6a6722f21af5e6f97589bec3cbd31da206c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xinetd: Exclude CVE-2013-4342 from cve-checkRichard Purdie2021-05-121-0/+3
| | | | | | | | | We use the SUSE mirror of xinetd. The CVE fix was added to the main repo after the latest release but is included in the version from the SUSE repo. (From OE-Core rev: 6f587d1e1fdf8141d240160d57c9a05ff97ea510) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: Exclude CVE-2010-4226 from cve-checkRichard Purdie2021-05-121-0/+3
| | | | | | | | Issue applies to use of cpio in SUSE/OBS, doesn't apply to us. (From OE-Core rev: 915b38c54a7932744a9f56713d1c6bd00a789331) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: Exclude CVE-2008-0888 from cve-checkRichard Purdie2021-05-121-0/+3
| | | | | | | | | The patch mentioned as the fix for the CVE is applied to the 6.0 source code. Zip versioning makes CPE entry changes hard. (From OE-Core rev: 8917e5ae2bb44d017fc0155f16632c5decadb0bd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Exclude CVE-2008-3844 from cve-checkRichard Purdie2021-05-121-0/+3
| | | | | | | | CVE only applies to some distributed RHEL binaries so irrelavent to us. (From OE-Core rev: 5d8b3ddf91050f6745a99a8abb1c3b03c35247af) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Exclude CVE-2019-6470 from cve-checkRichard Purdie2021-05-121-0/+4
| | | | | | | | | Issue only affects dhcpd with recent bind versions. We don't ship dhcpd anymore so the issue doesn't affect us. (From OE-Core rev: 30106ae676124ba3c0e496a4f19c919c8418b59b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* epiphany: Update to 40.1Robert Joslyn2021-05-122-7/+8
| | | | | | | | | | Refresh patch and adjust version directory for new version numbering scheme. Add new dependency on libarchive. (From OE-Core rev: 02bce05698d905771250ab12b48d8b0e19d218cb) Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* baremetal-helloworld: Enable RISC-V 64 portAlejandro Hernandez Samaniego2021-05-122-3/+16
| | | | | | | | | | | | | | | | | | | Add support for MACHINE=qemuriscv64. $ runqemu nographic KERNEL: [tmp/deploy/images/qemuriscv64/baremetal-helloworld-image-qemuriscv64.bin] MACHINE: [qemuriscv64] FSTYPE: [bin] runqemu - INFO - Running tmp/work/x86_64-linux/qemu-helper-native/1.0-r1/recipe-sysroot-native/usr/bin/qemu-system-riscv64 Hello OpenEmbedded on RISC-V 64! (From OE-Core rev: 31fde82640bf0d185eab55d2cbaf663c9faae801) Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandro@enedino.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mesa: add lmsensors PACKAGECONFIGAlexander Kanavin2021-05-121-0/+2
| | | | | | | (From OE-Core rev: 1b470a5fe7c74938cac7c83cd104ca25182af6cc) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* powertop: update 2.13 -> 2.14Alexander Kanavin2021-05-121-11/+3
| | | | | | | | | | | | | Drop configure() tweaks, none of them are needed anymore, and particularly the ncurses tweak was changing the build in a way that is not clear (and no one remembers why it was there in the first place). Adjust LDFLAGS as somehow -pthread isn't there --> link failures. (From OE-Core rev: c4982ddd71ac652f9d3b879bf31bb087500fb611) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "go: Use dl.google.com for SRC_URI"Alexander Kanavin2021-05-121-1/+1
| | | | | | | | | | | This reverts commit 4118415d4bc6243c98a1440195826be7cbad24f1. This was found to be unnecessary, and broke upstream version checks. (From OE-Core rev: cee436d1eb94663f3604c80b6ad87292f6901498) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ovmf: Improve reproducibility by enabling prefix mappingRichard Purdie2021-05-112-0/+101
| | | | | | | | | | | | | | | | | | | We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in --debug-prefix-map to nasm (we carry a patch to nasm for this). The tools definitions are built by ovmf-native so we need to pass this in at target build time when we know the right values. By using determininistc file paths in the ovmf build, it removes the opportunitity for gcc/ld to change the output binaries due to path lengths overflowing section sizes and causing small changes in the binary output. This also means that if builds have reproducibility issues in future, it becomes much easier to compare intermediate build artefacts. (From OE-Core rev: 51f51310d6d5cced2b55bf27dbb9a5717740a206) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Exclude CVE-2007-2768 from cve-checkRichard Purdie2021-05-111-0/+3
| | | | | | | | We don't build/use the OPIE PAM module, exclude the CVE from this recipe. (From OE-Core rev: 3670be602f2ace24dc49e196407efec577164050) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* logrotate: Exclude CVE-2011-1548,1549,1550 from cve-checkRichard Purdie2021-05-111-0/+3
| | | | | | | | | These CVEs apply to the way logrotate was installed on Gentoo, Debian and SUSE, exclude from cve-check as they don't apply to OE. (From OE-Core rev: 23643016f3b8794db772e333ff0b8f598571b628) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* jquery: Exclude CVE-2007-2379 from cve-checkRichard Purdie2021-05-111-0/+5
| | | | | | | | | | The CVE is non-specific and depends on the users of jquery, doesn't make sense to have this flagged against jquery as there is nothing we can do about it. (From OE-Core rev: 1f82843584f6d2843c5bbd2fe5dcbc654a0fbcfb) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Exclude CVE-2018-18438 from cve-checkRichard Purdie2021-05-111-0/+4
| | | | | | | | | The issues were investigated and found not to be an issue therefore exclude from checks. (From OE-Core rev: ee6ee9bd489c126b99d15c1011560df2f840a6e9) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Exclude CVE-2007-0998 from cve-checkRichard Purdie2021-05-111-0/+4
| | | | | | | | The CVE applies to the built-in VNC server but we don't enable this by default. (From OE-Core rev: d62b9974a5f3a0f462434ce2763c28a4b4bbcfc6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Exclude CVE-2017-5957 from cve-checkRichard Purdie2021-05-111-0/+3
| | | | | | | | The CVE applies to virglrender before 0.6.0 which we don't have. (From OE-Core rev: 9b5355375d028577de0b98e05992de6a088cb972) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* builder: whitelist CVE-2008-4178 (a different builder)Ross Burton2021-05-111-0/+2
| | | | | | | (From OE-Core rev: 107987b342a834badfad286474b03543b4764d23) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libnotify: whitelist CVE-2013-7381 (specific to the NodeJS bindings)Ross Burton2021-05-111-0/+3
| | | | | | | (From OE-Core rev: be04484f99a5b29cc9066e350b526fc4420ad6d4) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cairo: backport patch for CVE-2020-35492Ross Burton2021-05-112-0/+61
| | | | | | (From OE-Core rev: 0c4e6f99332ae253855708845a41fdfeb72d4c30) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Document and whitelist CVE-2019-1010022-25Richard Purdie2021-05-111-0/+13
| | | | | | | | | | | These CVEs are disputed by upstream and there is no plan to fix/address them. No other distros are carrying patches for them. There is a patch for 1010025 however it isn't merged upstream and probably carries more risk of other bugs than not having it. (From OE-Core rev: b238db678083cc15313b98d2e33f83cccab03fc6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub2: Add CVE whitelist entries for issues fixed in 2.06Richard Purdie2021-05-111-0/+7
| | | | | | | | | | | | We're using a pre-release version of 2.06 so these issues are fixed but continue to show up in the checks since it is pre-2.06 and the CPE entries are "before but excluding 2.06". Adding these will clean up CVE reports until the 2.06 release comes out. (From OE-Core rev: 2467ab1554bee3a431636046735e8e369e865bc6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ccache: version bump 4.2.1 -> 4.3Bastian Krause2021-05-112-166/+3
| | | | | | | | | | | | | | Instead of [1] a very similar PR [2] was merged that allows enabling/disabling documentation builds. So drop the patch here and use the upstream cmake option ENABLE_DOCUMENTATION instead. [1] https://github.com/ccache/ccache/pull/844 [2] https://github.com/ccache/ccache/pull/842 (From OE-Core rev: 1eedc5f822933928ed7861350ad47ff9c096552a) Signed-off-by: Bastian Krause <bst@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* liberation-fonts: fix upstream version checkAlexander Kanavin2021-05-111-0/+1
| | | | | | | (From OE-Core rev: dbb283b838007744e6bb1641e844ca7719fc4742) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* swig: fix upstream version checkAlexander Kanavin2021-05-111-0/+2
| | | | | | | (From OE-Core rev: 4e9f4dca48e853a794331a75200fd7450176eeb2) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-sanitizers: Package up static hwasan files as wellMartin Jansa2021-05-111-1/+3
| | | | | | | | | | | * introduced with gcc-11, other hwasan files were already packaged in: 3df4a25465 gcc-sanitizers: Package up hwasan files but static library was still triggering installed-vs-shipped (From OE-Core rev: 49aec04aa8ac98545b48c41382ebf1a1c3be1118) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-firmware: include all relevant files in -bcm4356Yann Dirson2021-05-111-2/+2
| | | | | | | | | | This currently catches the .clb_blob and .vamrs,rock960.txt, and other .txt files may come in future upstream releases. (From OE-Core rev: e332738a8aae0914c58b40faae8b9d7a82fd6a95) Signed-off-by: Yann Dirson <yann@blade-group.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: upgrade 1.33.0 -> 1.33.1zhengruoqin2021-05-112-60/+1
| | | | | | | | | | 0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch removed since it is included in 1.33.1 (From OE-Core rev: 544236b12a72ee5be5ef0147249ead112082b871) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kexec-tools: upgrade 2.0.21 -> 2.0.22wangmy2021-05-111-1/+1
| | | | | | | (From OE-Core rev: 2c7868ef9e85a3cdd56b11cd5e876e633307a21d) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ell: upgrade 0.39 -> 0.40wangmy2021-05-111-1/+1
| | | | | | | (From OE-Core rev: db1f0f28a0651a648cd9fd238f5e2809110ff577) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* at-spi2-core: upgrade 2.40.0 -> 2.40.1wangmy2021-05-111-1/+1
| | | | | | | (From OE-Core rev: 7944928f86348562e4b4440e53f4201b186a3ca6) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-11 01:43:32 +0000