| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
(From OE-Core rev: f888dd911529a828820799a7a1b75dfd3a44847c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: 4785c5d9f256aa82570d2534e3f82aab3386d280)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes and issue that allows blank lines to be incorrectly output
when the "-s" flag is included. This issue propogates into the
populate-volatile.sh script in initscripts. If a volatiles drop file
contains blank lines, a blank line will be included in combined users,
which will incorrectly result in a difference in the number of combined
users versus defined users. If this happens, the volatiles file will not
be executed.
(From OE-Core rev: dfbcf0581ab3dd47037726a7b8aa06f777792473)
(From OE-Core rev: 5f75aaf0489f40bd35cdd27322e4d1189e30a9e4)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds extra "--collect" flag to the mount command within
automount_systemd. This is intended to fix an observed deadlock after
rapidly inserting and removing external media. This is because if the
mount command fails, the transient mount will enter a failed state. The
next time the media is inserted, automount_systemd bails because the
first consition finds that the file path for the failed transient mount
still exists. This leaves the external media unmounted and cannot be
mounted until the mount is fixed via systemctl or the device is
rebooted.
Adding "--collect" ensures that the transient mount is cleaned up after
entering a failed state, which ensures that the media can still be
mounted when it's re-inserted.
(From OE-Core rev: f0cda74d73eb8c14cd6f695f514108f1e94984a6)
(From OE-Core rev: 33de458b758c2fe430b515ff419dd200ea97ca0b)
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Includes fixes for CVE-2024-45490, CVE-2024-45491 and CVE-2024-45492.
https://blog.hartwork.org/posts/expat-2-6-3-released/
(From OE-Core rev: 5cf92f8164d6d03756997e6b9cfb6d37ef5a273a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc96903d915db0dfde382a26bb7ec57d0d37e62e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 2.39 version of util-linux took new file descriptors based mount
kernel API into use. In relation to this change, the upstream release
notes in
https://github.com/util-linux/util-linux/blob/v2.39/Documentation/releases/v2.39-ReleaseNotes#L14-L21
mention that
This change is very aggressive to libmount code, but hopefully, it does not introduce regressions in traditional mount(8) behavior.
After observing following failure when booting a board using a bit
older 6.1 series kernel together with initramfs rootfs based boot flow
[FAILED] Failed to start Remount Root and Kernel File Systems.
See 'systemctl status systemd-remount-fs.service' for details.
closer inspection revealed:
demoboard ~ # systemctl status -l systemd-remount-fs.service
x systemd-remount-fs.service - Remount Root and Kernel File Systems
Loaded: loaded (/usr/lib/systemd/system/systemd-remount-fs.service; enabled-runtime; preset: disabled)
Active: failed (Result: exit-code) since Wed 2024-08-14 14:53:48 UTC; 1min 22s ago
Docs: man:systemd-remount-fs.service(8)
https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
Process: 76 ExecStart=/usr/lib/systemd/systemd-remount-fs (code=exited, status=1/FAILURE)
Main PID: 76 (code=exited, status=1/FAILURE)
Aug 14 14:53:48 demoboard systemd-remount-fs[76]: /usr/bin/mount for / exited with exit status 32.
Aug 14 14:53:48 demoboard systemd-remount-fs[81]: mount: /: mount point not mounted or bad option.
Aug 14 14:53:48 demoboard systemd-remount-fs[81]: dmesg(1) may have more information after failed mount system call.
Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE
Aug 14 14:53:48 demoboard systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'.
Aug 14 14:53:48 demoboard systemd[1]: Failed to start Remount Root and Kernel File Systems.
also consequentially, 'systemctl status' reported:
State: degraded
When issuing 'strace -ff mount -o remount /' the failure occurred at
mount_setattr(3, "", AT_EMPTY_PATH, {attr_set=MOUNT_ATTR_RDONLY|MOUNT_ATTR_NOATIME|MOUNT_ATTR_NODIRATIME, attr_clr=MOUNT_ATTR_NOSUID|MOUNT_ATTR_NODEV|MOUNT_ATTR_NOEXEC|MOUNT_ATTR_NOATIME|MOUNT_ATTR_STRICTATIME|MOUNT_ATTR_NOSYMFOLLOW|0x40, propagation=0 /* MS_??? */, userns_fd=0}, 32) = -1 EINVAL (Invalid argument)
After further investigation, The issue was pinpointed to lack of Linux
kernel commit
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=95de4ad173ca0e61034f3145d66917970961c210
("fs: relax mount_setattr() permission checks") in the kernel version
that was being used. Above mitigation was discussed in email related to
then-rejected CVE-2024-26821:
https://lore.kernel.org/linux-cve-announce/2024051606-imaging-entrench-b327@gregkh/T/
After testing with qemuarm64 machine different linux-yocto versions,
it was observed that the issue impacts following versions of currently
supported LTS kernels:
- 6.6.17 (fixed since 6.6.18 i.e. mount_setattr() returns 0)
- 6.1.78 (fixed since 6.1.79 i.e. mount_setattr() returns 0)
- 5.15.164 which is currently the newest of 5.15.y series (i.e. no
known working version)
Taking the above findings into consideration, add a new PACKAGECONFIG
option removing which enables users to opt-out from using the feature
which can cause issues with a bit older kernels. The option is enabled
only for class-target here, since it otherwise causes following error
during util-linux-native's do_configure task on Debian 11 build host
(mountfd_api requirement fails):
| configure: error: libmount_mountfd_support selected, but required mount FDs based API not available
Versions 5.10.223, 5.4.279 and 4.10.317 were also tested with qemuarm64
but the issue was not reproduced with those versions - using strace
showed that the mount_setattr call associated with the new mount API
problem was not issued with these LTS kernel versions, which seemed to
be confirmed also by following libmount debug message in these cases:
415: libmount: HOOK: [0x7fa115e818]: failed to init new API
Note: In addition to the aforementioned, this change was tested also
briefly using the current latest kernel versions 6.1.104, 6.6.45 and
6.10.3 that using the old mount API with newest kernels did not
introduce any observable regression to the boot flow.
(From OE-Core rev: dc086d9a8613143607af3583c72ed892e20b4d66)
(From OE-Core rev: c0487c8141ae2b9242447b53b71052769db6338f)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a file conflict for arm when multilib enabled:
| Error: Transaction test error:
| file /usr/include/finclude/math-vector-fortran.h conflicts between attempted installs of
lib32-libc6-dev-2.39+git0+312e159626-r0.armv7at2hf_neon and libc6-dev-2.39+git0+312e159626-r0.cortexa72
Install math-vector-fortran.h to the gfortran default search directory
which is arch specific to avoid the conflict.
(From OE-Core rev: 58a5ddeff446bf459a719f10b07abd731c6c5634)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d2165543e796d4558c632af24eb7b115bca45969)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If DISTRO_CODENAME was not set, VERSION_CODENAME field was populated
with unparsed string. This resulted in the following line in os-release
file:
VERSION_CODENAME="${DISTRO_CODENAME}"
According to systemd documentation, this field is optional.
Fix the problem by setting VERSION_CODENAME conditionally, only if
DISTRO_CODENAME was set.
(From OE-Core rev: d53b627a68701393ac0a1acb591817f4b5dde59d)
Signed-off-by: Daniel Semkowicz <dse@thaumatec.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 70a0b8bc1d846c857be90ce2e97e60c5ee32558e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix typos in debugging and error messages.
(From OE-Core rev: 29b33a9329d69806fda9ef6ce65423df6c19e787)
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 4995e222ebdc9b5508c2f03a11868f184e4629a0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The base-files recipe provides /var/tmp -> /var/volatile/tmp symlink
which is in conflict with systemd upstream tmpfiles.d/tmp.conf which
defines it as a directory (or subvolume on btrfs).
This generates following error in journal:
Jul 03 15:37:21 qemux86-64 systemd-tmpfiles[158]: "/var/tmp" already exists and is not a directory.
Mitigate the issue by defining /var/tmp as symlink corresponding to
the one created by base-files.
(From OE-Core rev: 1f1f6f45e3cfe24dfee8a09d01a5d32f3080e381)
(From OE-Core rev: 5e0e1fca220df8d2488770fc90ea5e4fab426a3c)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When VOLATILE_LOG_DIR evaluates as True, the base-files recipe provides
/var/log -> /var/volatile/log symlink which is in conflict with systemd
upstream tmpfiles.d/var.conf.in which defines it as a directory.
This generates following error in journal:
Jul 03 14:28:00 qemux86-64 systemd-tmpfiles[165]: "/var/log" already exists and is not a directory.
Mitigate the issue by defining /var/log as symlink corresponding to
the one created by base-files, when appropriate.
(From OE-Core rev: 711ee36e88c8968e3c45ea787b3adcf64352adf9)
(From OE-Core rev: b837d588de1ad76cbf8db3297dc51b0591a4df23)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: 236ac1b43308df722a78d3aa20aef065dfae5b2b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE status should have been removed on version update.
CPE says >=2.34 and <2.39 while our version is already 2.39.
(From OE-Core rev: b568a8f428e76f75bb8c374983f62822325ebe8a)
(From OE-Core rev: 35d55934cb6ec24098e4e8679b87066bf3bae6a9)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tarball SPDX manifests
Currently, "tarball" sdk based recipes don't generate SPDX manifests as they
don't include the rootfs generation classes. Split the SPDX 3.0 image class into
two so the SDK components can be included where needed.
To do this, introduce an SDK_CLASSES variable similar to IMAGE_CLASSES which
the SDK code can use.
Migrate testsdk usage to this.
Also move the image/sdk spdx classes to classes-recipe rather than the general classes
directory since they'd never be included on a global level.
For buildtools-tarball, it has its own testsdk functions so disable the class there as
a deferred inherit would overwrite it.
(From OE-Core rev: 95660951a09e2a3fe63eb1017ad8f1d7fc9cd503)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 662396533177b72cc1d83e95841b27f7e42dcb20)
Eliminate spdx-3.0 items, not applicable to Scarthgap.
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 25554f0a542894416ad17e1334c8a05feb56b12e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
backport upstream fix for CVEs and fix the regression that introduced [1]
[1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html
(From OE-Core rev: 7fa82243e587563172c0c2c4ab005a873583d26e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: a46e784fa315ffc545ad36ff865ce033c3da0b67)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit eb3958bab8e1a7307f4de7615ddac8222aaae5b0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Below commits on glibc-2.39 stable branch are updated.
e8f5217097 Linux: Make __rseq_size useful for feature detection (bug 31965)
143a7a0623 elf: Make dl-rseq-symbols Linux only
1062ebbd19 nptl: fix potential merge of __rseq_* relro symbols
5c46e6b666 s390x: Fix segfault in wcsncmp [BZ #31934]
a036311246 stdlib: fix arc4random fallback to /dev/urandom (BZ 31612)
d2cbfcf1d9 math: Provide missing math symbols on libc.a (BZ 31781)
d473c9bb3b math: Fix isnanf128 static build (BZ 31774)
3950cbd7a1 math: Fix i386 and m68k exp10 on static build (BZ 31775)
6cb25aff85 math: Fix i386 and m68k fmod/fmodf on static build (BZ 31488)
74630b1bb7 posix: Fix pidfd_spawn/pidfd_spawnp leak if execve fails (BZ 31695)
7f9f25f255 Linux: Include <dl-symbol-redir-ifunc.h> in dl-sysdep.c
198632a05f NEWS: update list of fixed CVEs in 2.39
77bb3c7154 NEWS: update list of fixed bugs in 2.39
f05638731e x86: Properly set x86 minimum ISA level [BZ #31883]
b7f5b0a711 x86: Properly set MINIMUM_X86_ISA_LEVEL for i386 [BZ #31867]
e1d0040a6d localedata: ssy_ER: Fix syntax error
9de9cd17e7 malloc: New test to check malloc alternate path using memory obstruction
a2da98aa2a malloc: Improve aligned_alloc and calloc test coverage.
305ee48826 malloc/Makefile: Split and sort tests
00899eba26 x86/cet: fix shadow stack test scripts
6ade91c211 elf: Avoid some free (NULL) calls in _dl_update_slotinfo
70f560fc22 misc: Add support for Linux uio.h RWF_NOAPPEND flag
c9d8534406 i386: Disable Intel Xeon Phi tests for GCC 15 and above (BZ 31782)
aee37de299 Reinstate generic features-time64.h
dd535f4f19 Always define __USE_TIME_BITS64 when 64 bit time_t is used
26e7005728 socket: Use may_alias on sockaddr structs (bug 19622)
9f2b100d67 parse_fdinfo: Don't advance pointer twice [BZ #31798]
c7c3f5bf80 LoongArch: Fix undefined `__memset_aligned` reference in ld.so linking.
32969a2b36 socket: Add new test for connect
2db79c96ba libsupport: Add xgetpeername
ab4ef4421f x86_64: Fix missing wcsncat function definition without multiarch (x86-64-v4)
97bb89668d Force DT_RPATH for --enable-hardcoded-path-in-tests
71149c2a2e elf: Only process multiple tunable once (BZ 31686)
f8e4623421 Add a test to check for duplicate definitions in the static library
8b005d7869 i686: Fix multiple definitions of __memmove_chk and __memset_chk
8323a83abd i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk
5141d4d83c Revert "i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk"
c16871e662 Revert "i686: Fix multiple definitions of __memmove_chk and __memset_chk"
fa616ea373 Revert "Add a test to check for duplicate definitions in the static library"
ff110b2591 Add a test to check for duplicate definitions in the static library
ad92c483a4 i686: Fix multiple definitions of __memmove_chk and __memset_chk
3148714ab6 i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk
(From OE-Core rev: b1fd313c75f08ad34cce5716d18abebc30982ec7)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Occasionally, gettext will build failed with error:
In file included from ../../../gettext-0.22.5/gettext-runtime/intl/gettextP.h:71,
from ../../../gettext-0.22.5/gettext-runtime/intl/log.c:24:
./libgnuintl.h:98:1: error: unterminated comment
98 | /* The user can define _INTL_RE
| ^
./libgnuintl.h:17: error: unterminated #ifndef
17 | #ifndef _LIBINTL_H
In file included from ../../../gettext-0.22.5/gettext-runtime/intl/gettextP.h:71,
from ../../../gettext-0.22.5/gettext-runtime/intl/langprefs.c:25:
./libgnuintl.h:98:1: error: unterminated comment
98 | /* The user can define _INTL_RE
| ^
./libgnuintl.h:17: error: unterminated #ifndef
17 | #ifndef _LIBINTL_H
It is a parallel build issue caused by missing dependencies, backport
patch to fix it.
(From OE-Core rev: d6dfb80961762c2971172cb29fa6911d6a93e42f)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e18fc96f9d4c0a0525c21371d3f36e8dfe008b35)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport patch for CVE-2023-42363.
(From OE-Core rev: 9c52dadd06fd9132c6efc1d06b6fc4a4517be6c3)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 814f97922e1d6c24a36b03ee0e865f2210ff6d7c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Backport patch for CVE-2021-42380.
Additionally backport clang regression fix caused by this patch.
(From OE-Core rev: 9f5c683b6cadae6228096deb36d7d6fb6de94ad1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 66543769ff79d81508bb703bd2fc34871a16e2c7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
github.com/mirror/ncurses is not updated for over a year.
Switch to new mirror from Thomas Dickey (ncurses maintainer).
Sources are identical.
Updated upstream check regex by:
* changed dot to underscore as this repo is tagged like this
* added v prefix to not propose updates to some old tags
* removed third part to not propose updates to development snapshots
(From OE-Core rev: 506673555fb4dcf06606e2b49c2268ece33a71d5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ea801be31d051b558fde52f7d6dccf2cd416afb9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
There were two different interpreter lengths in use, make them match.
(From OE-Core rev: 98119e3f452ebf6cb5f17049aef3a9a3ef7116c8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b175f9cdc3d87bef5c89cc337c2a7e2674732b29)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The test fails with GCC 14.1 due to an incompatible pointer assignment,
take a patch submitted upstream to fix this.
(From OE-Core rev: 367730034a65b5063092f5859f0164331f386f32)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 054304ecb3a8a8ed523bd149f70ed468cf613178)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE's Fixed by upgrade:
CVE-2024-34459 libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
Other Changes between 2.12.6 -> 2.12.8
======================================
https://gitlab.gnome.org/GNOME/libxml2/-/blob/2.12/NEWS?ref_type=heads
(From OE-Core rev: 0dc695fe1f6deffc65d61257009bbfed4f2c53e9)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: 803cc32e72b4fc2fc28d92090e61f5dd288a10cb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: f3e6d0dc315dc915d8029a0d84a12f74ca5d62f5)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64c026024b1c86797de338760b9f29d7e949926c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Handle errors when SHLVL isn't set.
(From OE-Core rev: 7ef2c9ab669785e5e073d6f925f1a3f447fc31d9)
Signed-off-by: Felix Nilsson <felixn@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5df53fcfe3b70a5312fced3fcc1ba6290f2ee794)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When newlib and libgloss were updated to 4.3.0, SRC_URI was updated to
append a fix-rs6000-cflags.patch file when building on PowerPC, but this
file was not added to the repo.
Remove appending the missing patch.
(From OE-Core rev: 71231580e9e5d0060a0ea41d29152d43846a00f1)
Signed-off-by: Robert Joslyn <robert.joslyn@redrectangle.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 64561d8b81233a19df5f51d26dfbcd15835bec1f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wall in util-linux through 2.40, often installed with setgid
tty permissions, allows escape sequences to be sent to other
users' terminals through argv. (Specifically, escape sequences
received from stdin are blocked, but escape sequences received
from argv are not blocked.) There may be plausible scenarios
where this leads to account takeover.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-28085
(From OE-Core rev: b40a77416f73955833faeddf6091a99ff9837199)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This hash is ahead of the tag, so adapt PV accordingly.
(From OE-Core rev: c94e46019a7d443ccc4763ba16d87e7e97abe977)
(From OE-Core rev: 54cbf43e55ec3373f8c2612b787166da35028fd3)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-45918
(From OE-Core rev: 6573995adf4cfd48b036f8463b39f3864fcfd85b)
(From OE-Core rev: 5385b15345dddc958fc961246e56b962db735276)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Single executable ttyrun is taken ouf of s390-tools repository
containing ton of other helper tools.
CVEs are not assigned to executables, but to whole components.
Historically there also already exists one CVE for s390-tools.
Most of the CVEs will not be for ttyrun, but this is the way
how to get notified even if most we get will have to be ignored.
(From oe-core rev: df28547387c2c122aef3e5326b216ec3f4d3caa7)
(From OE-Core rev: 9e07ff39c1b2794d6de7f8d14cdf47707db50f5a)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
backport upstream commit 592dcdcf243576bd2517d3da9bc18990de08e37e
to fix packaging when building with --enable-systemd=no
(From OE-Core rev: c0708adce620bcce5e503851fa6598bd941276eb)
Signed-off-by: Adriaan Schmidt <adriaan.schmidt@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The license per [1] is LGPL-2.1-or-later and
[2] converted last LGPL-2.1-only references.
License-Update: corrected from LGPL-2.1-only to LGPL-2.1-or-later based on [1] and [2]
[1] https://www.gnu.org/software/libc/
[2] https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=273a835fe7c685cc54266bb8b502787bad5e9bae
(From OE-Core rev: 939140fa7201ae0e7d365648c2ff5629e4c25ff9)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b7ad15a59d048ca7561a03cb0fc8e2c24680ce5c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adresses CVEs: CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
Changes:
273a835fe7 time: Allow later version licensing.
acc56074b0 nscd: Use time_t for return type of addgetnetgrentX
836d43b989 login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701)
9831f98c26 login: Check default sizes of structs utmp, utmpx, lastlog
fd658f026f elf: Also compile dl-misc.os with $(rtld-early-cflags)
a9a8d3eebb CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680)
c99f886de5 CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678)
5a508e0b50 CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678)
1263d583d2 CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677)
2f8f157eb0 x86: Define MINIMUM_X86_ISA_LEVEL in config.h [BZ #31676]
e701c7d761 i386: ulp update for SSE2 --disable-multi-arch configurations
e828914cf9 nptl: Fix tst-cancel30 on kernels without ppoll_time64 support
Since glibc introduced file sysdeps/arm/bits/wordsize.h
our multilib patch needed to be updated.
(From OE-Core rev: a8b1034d978e745951d5f690c89b9fca4e01e72e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adresses CVE-2024-2961
Remove backported patch included in hash update.
Changes:
31da30f23c iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961)
423099a032 x86_64: Exclude SSE, AVX and FMA4 variants in libm multiarch
04df8652eb Apply the Makefile sorting fix
edb9a76e30 powerpc: Fix ld.so address determination for PCREL mode (bug 31640)
7b92f46f04 x86-64: Simplify minimum ISA check ifdef conditional with if
9883f4304c x86-64: Don't use SSE resolvers for ISA level 3 or above
9d92452c70 AArch64: Check kernel version for SVE ifuncs
395a89f61e aarch64: fix check for SVE support in assembler
b0e0a07018 aarch64/fpu: Sync libmvec routines from 2.39 and before with AOR
31c7d69af5 i386: Use generic memrchr in libc (bug 31316)
5d070d12b3 x86: Expand the comment on when REP STOSB is used on memset
6484a92698 x86: Do not prefer ERMS for memset on Zen3+
aa4249266e x86: Fix Zen3/Zen4 ERMS selection (BZ 30994)
5a461f2949 Add tst-gnu2-tls2mod1 to test-internal-extras
aded2fc004 elf: Enable TLS descriptor tests on aarch64
a8ba52bde5 arm: Update _dl_tlsdesc_dynamic to preserve caller-saved registers (BZ 31372)
15aebdbada Ignore undefined symbols for -mtls-dialect=gnu2
354cabcb26 x86-64: Allocate state buffer space for RDI, RSI and RBX
853e915fdd x86-64: Update _dl_tlsdesc_dynamic to preserve AMX registers
a364304718 x86: Update _dl_tlsdesc_dynamic to preserve caller-saved registers
7fc8242bf8 x86-64: Save APX registers in ld.so trampoline
983f34a125 LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf
aad45c8ac3 powerpc: Placeholder and infrastructure/build support to add Power11 related changes.
ee7f4c54e1 powerpc: Add HWCAP3/HWCAP4 data to TCB for Power Architecture.
71fcdba577 linux: Use rseq area unconditionally in sched_getcpu (bug 31479)
(From OE-Core rev: 7f3e6019a902eb3dcee3798e9ea0f94865d51c7f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8b0124782510389bdc376fab645a0920b3fb94c8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle regression of CVE-2024-34397 fix.
News (https://gitlab.gnome.org/GNOME/glib/-/commit/d40f72e98e4734ba826ba9a278814530720ba760):
Overview of changes in GLib 2.78.6, 2024-05-08
==============================================
* Fix a regression with IBus caused by the fix for CVE-2024-34397 (#3353,
work by Simon McVittie)
* Bugs fixed:
- #3353 Fixing CVE-2024-34397 caused regressions for ibus (Simon McVittie)
- !4056 Backport !4053 “gdbusconnection: Allow name owners to have the syntax
of a well-known name” to glib-2-78
(From OE-Core rev: 51da20dc574a7f2a9759a4368d7668e3421e379f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Handle CVE-2024-34397
Remove backported patch included in this release.
News (https://gitlab.gnome.org/GNOME/glib/-/commit/d18807b5ffc6dedc2db5225b044063f65720bf56):
Overview of changes in GLib 2.78.5, 2024-05-07
==============================================
* Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing (#3268, work by Simon McVittie, reported by
Alicia Boya García)
* Bugs fixed:
- #3168 gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree()
due to filename with bad encoding (Ondrej Holy)
- #3268 CVE-2024-34397: GDBus signal subscriptions for well-known names are
vulnerable to unicast spoofing (Simon McVittie)
- !3825 glib-2-78: ci: Drop FreeBSD 12 CI runner as it’s EOL
- !3960 gcontenttype: Make filename valid utf-8 string before processing
- !4040 Backport !4038 “gdbusconnection: Don't deliver signals if the sender
doesn't match” to glib-2-78
- !4043 CI: Ignore MSYS2 CI failures for this older stable-branch
* Translation updates:
- English (United Kingdom) (Andi Chandler)
- Georgian (Ekaterine Papava)
- Portuguese (Brazil) (Juliano de Souza Camargo)
(From OE-Core rev: 14de0c10f6b65eac758220d95e6d31066649a214)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a patch [1] to fix CVE-2023-50495.
[1] http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=7723dd6799ab10b32047ec73b14df9f107bafe99
(From OE-Core rev: 55cca070799a236b06f5cba6f53487fca458f25d)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit bdf7b7460a4816e3d447264730a2814209667fb0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: 294a7dbe44f6b7c8d3a1de8c2cc182af37c4f916)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: 704d3695092148cfbf5d67c81af81665949847b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a bug introducted in ebafe46379 systemd: upgrade to 255.1.
Besides updating systemd, that commit also made other changes. One of them
being when to perform the replacement in order to fix ROOT_HOME.
Previously, that happened on a configure prefunc and on
${S}/sysusers.d/basic.conf.in.
Now it happens in install and on image/usr/lib/sysusers.d/basic.conf.
However, that file is not present if sysusers is not in PACKAGECONFIG,
since that file in that case is not installed hence resulting in:
sed: can't read <redactedpath>/image/usr/lib/sysusers.d/basic.conf: No such file or directory
Previously, in the case of sysusers not being in PACKAGECONFIG, that was a
"silent error" since the replacement was done but the file was not really
used since the file was not installed.
(From OE-Core rev: 6954cd4bb60762f86981621e8b37dbe5e8236640)
Signed-off-by: Christian Bräuner Sørensen <yocto@bsorensen.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
-Fix issue with casting in C++ environment.
-Fix issue with ASCII string upper and lower helpers.
(From OE-Core rev: 29e3e0eb9b69f966a319810270fb668e4fce9389)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a28405da8dad7e6222d7badaa3eda175e3df32c9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- parser: Fix detection of duplicate attributes in XML namespace
- xmlreader: Fix xmlTextReaderConstEncoding
- html: Fix htmlCreatePushParserCtxt with encoding
- xmllint: Return error code if XPath returns empty nodeset
(From OE-Core rev: 006bd4dacc0568f04cbcd704f4908386d3540774)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0bc673b0de08e02ff01ec9ad3daf0bb41662da40)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: b65b4e5a8e4473d8ca43835ba17bc8bd4bdca277)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 09ccab7d0b4d815b812e49a5861a13a4ec0189b9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Many of the common use cases for buildtools need pip to allow python to be
extended. Add it.
(From OE-Core rev: 0a1714533ed2b02a98b8456e1193fc079273fbbd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: eb3adf58d5111a0d894b581d935528b14f40b146)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
After the dependency on setuptools was dropped from python3-testtools, this
exposed eSDK dependencies in devtool and recipetool on python3-setuptools. Add
this to buildtools to fix build failures after the testtools fixes.
(From OE-Core rev: c4431b4dd27d290024472f315858a63aea2a733c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
