summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* e2fsprogs: backport to fix one regressionChangqing Li2022-03-022-1/+68
| | | | | | | | | | | | | | | Backport a patch in 1.46.3 which fix one regression: This is what the changelog says: Fix e2fsck so that the if the s_interval is zero, and the last mount or write time is in the future, it will fix invalid last mount/write timestamps in the superblock. (This was a regression introduced in v1.45.5.) (From OE-Core rev: 9fe70a643a2d8723001421a18b5736e70a1eaa34) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2021-20196Sakib Sajal2022-02-103-0/+123
| | | | | | | | (From OE-Core rev: 3014cb660e7128f65ee2aec004ede39e80cd891d) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2021-3930Sakib Sajal2022-02-102-0/+54
| | | | | | | | (From OE-Core rev: f0504578174f77ba231c72801fb5a295869a40d1) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2021-3748Sakib Sajal2022-02-102-0/+128
| | | | | | | | (From OE-Core rev: 6fe3b1002a273808fe4caf6f2e1ecd54729b954d) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2021-3713Sakib Sajal2022-02-102-0/+69
| | | | | | | | (From OE-Core rev: 7879ba4406eb9633079275c57abeee9e738b1c99) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: upgrade to gcc-10.3 versionPgowda2022-01-3121-1707/+19
| | | | | | | | | | | | gcc-10.2 in Hardknott branch has been upgraded to gcc-10.3 version that includes many bug fixes. Regression tested on X86-64, Arm and Aarch64 without issues. (From OE-Core rev: 87fbe11fbe04a6f2d3e798d282935b26fbc43e77) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: upgrade binutils-2.36 to latest versionPgowda2022-01-315-548/+3
| | | | | | | | | | | | binutils-2.36 in Hardknott branch has been upgraded to latest version that includes many bug fixes. Regression tested on X86-64, Arm and Aarch64 without any new issues. (From OE-Core rev: ea7fed669193a20587adfe7b0bcb5b1f7594cc0a) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: upgrade 1.16.10 -> 1.16.13Sakib Sajal2022-01-258-4/+4
| | | | | | | | | | Release 1.16.13 includes fixes for CVE-2021-44716 and CVE-2021-44717. (From OE-Core rev: c5bf7094c707f536389f9bf0f477440bd4aff12b) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-pyelftools: fix the override syntaxAnuj Mittal2022-01-141-1/+1
| | | | | | | | | | An earlier patch cherry-picked from master used : for override. Change it to use _ for hardknott. (From OE-Core rev: 7e569186820163d731cbb14f8c25ce6a2cc45dc9) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: add support for Neoverse N2 CPUPgowda2022-01-142-0/+89
| | | | | | | | | | | | | This patch backports the AArch32 support for Arm's Neoverse N2 CPU. Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=d7e8411f6a333d4054894ad3b23f23415a525230] (From OE-Core rev: 2f5f021dc576b2fcf38c8203992ee86d25f53f30) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Fix CVE-2021-42574pgowda2022-01-146-0/+7618
| | | | | | | | | | | | | | Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=004bb936d6d5f177af26ad4905595e843d5665a5] Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=bd5e882cf6e0def3dd1bc106075d59a303fe0d1e] Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=51c500269bf53749b107807d84271385fad35628] Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=1a7f2c0774129750fdf73e9f1b78f0ce983c9ab3] Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=bef32d4a28595e933f24fef378cf052a30b674a7] (From OE-Core rev: d0f4614e2c6e9090a0c45052c36d0c7f3215de10) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: add aarch64 support for Arm's Neoverse N2 CPUpgowda2022-01-142-0/+61
| | | | | | | | | | | The patch backports the AArch64 support for Arm's Neoverse N2 CPU Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=9428e9267435a62f672e2ba42df46432c021a9cf] (From OE-Core rev: ae9b3b5a57682d9de93f3171cdb448a8f5cbc536) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Fix CVE-2021-45078Sundeep KOKKONDA2022-01-072-0/+256
| | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=161e87d12167b1e36193385485c1f6ce92f74f02] (From OE-Core rev: be665a2279795c522cb3e3e700ea747efd885f95) Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-pyelftools: Depend on debugger, pprintChaitanya Vadrevu2022-01-071-0/+2
| | | | | | | | | | | | | python3-pyelftools uses python3-debugger, python3-pprint. So add dependencies on these packages. (From OE-Core rev: 66211faf4724b2c88eb4595e41fe98f5da96c3ee) Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 22e84cdd05870f1a19c6389b66c4dfd5e9b418f7) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: CVE-2021-42574pgowda2022-01-072-0/+2007
| | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5] (From OE-Core rev: 944a60cd74ea90dcced7684492a808fbfd6710af) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patchelf: fix PT_PHDR program header corruptionChen Qi2021-12-152-0/+48
| | | | | | | | | | Backport patch and tweak it to fix PT_PHDR program header corruption. (From OE-Core rev: a980aa5696a98c5b97f9a117df4c82ea525f6e4f) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Add CVE-2021-37322 to the list of CVEs to ignoreRichard Purdie2021-12-151-0/+3
| | | | | | | | | | | The CVE applies to binutils 2.26 and not to gcc so ignore there. (From OE-Core rev: 86e9e812f4ec61a4430658b7c06852a32ca8abb1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fea2726663a3db03170c49fceaffc632c509aeea) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: upgrade 3.9.7 -> 3.9.9Anuj Mittal2021-12-152-12/+10
| | | | | | | (From OE-Core rev: 75510b97d965c72c77f5b4b6ad9fe55bf26b4cdb) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: update to 3.9.7Oleksandr Kravchuk2021-12-051-1/+1
| | | | | | | | | | (From OE-Core rev: a61a9cf73baf4020a6dce90acb0edb08364aaded) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 9612bb0639c13571e661f208aa7b28789953d9ec) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: upgrade 3.9.5 -> 3.9.6zhengruoqin2021-12-052-36/+1
| | | | | | | | | | | | | | 0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch removed since it is included in 3.9.6 (From OE-Core rev: 3b721c28543df9e4d899ea1efdf445319c88ae92) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1a12d978f2046fc5d3abc96db3753e378f29ecae) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: upgrade 1.16.8 -> 1.16.10Pavel Zhukov2021-12-058-5/+5
| | | | | | | | | | | | | | | | | | | The release includes fixes for CVE-2021-41771 and CVE-2021-41772 (From OE-Core rev: 0df36f324a2dc17f18066efc5c130231158b5d24) Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> This release also contains a fix for CVE-2021-38297 and the changes are minor, so backport the uprev rather than manually backporting individual commits. CVE: CVE-2021-38297 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* squashfs-tools: fix CVE-2021-41072Kai Kang2021-11-245-0/+894
| | | | | | | | | | | | | | | | Backport patches to fix CVE-2021-41072. And update context for verison 4.4 at same time. CVE: CVE-2021-41072 Ref: * https://nvd.nist.gov/vuln/detail/CVE-2021-41072 (From OE-Core rev: e95ccf6f7fe5a42fffcfa5e43087ff964622e26c) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: fix CVE-2021-3521Changqing Li2021-11-244-0/+454
| | | | | | | | (From OE-Core rev: 68c20b12fca2c20439b18c5fd9757c2c1f1746a1) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Fix CVE-2021-35465Pgowda2021-11-245-0/+589
| | | | | | | | | | | | | | | source : https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102035 Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=3929bca9ca95de9d35e82ae8828b188029e3eb70] Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=574e7950bd6b34e9e2cacce18c802b45505d1d0a] Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=30461cf8dba3d3adb15a125e4da48800eb2b9b8f] Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=809330ab8450261e05919b472783bf15e4b000f7] (From OE-Core rev: 2dae3da5dbb0c8293927f0676fff08437f75d0d2) Signed-off-by: Pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mklibs-native: drop deprecated cpp17 exceptionsAndrej Valek2021-11-242-0/+432
| | | | | | | | | | | | | gcc11 has -std=gnu++17 as default. Remove deprecated C++17 exceptions based on http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html. (From OE-Core rev: 5f310b5ba647196ad42c3c54b9459db0e22d5b41) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit ef8b7946b4793db653ef7dd716e1d3f919a84725) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* llvm: bump HASHEQUIV_HASH_VERSIONAnuj Mittal2021-11-211-0/+4
| | | | | | | | | | | | | | llvm embeds the repository location in a header file. We just changed the SRC_URI to fetch using https instead of git. This has started giving errors in reproducibility testing when one of the RPMs to be compared is fetched from sstate. Bump HASHEQUIV_HASH_VERSION and PR so its rebuilt. (From OE-Core rev: 2fd327ae5b3da8841ebed00bfc60b7bb8d6a64c5) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: add explicit branch and protocol to SRC_URIAnuj Mittal2021-11-2121-21/+21
| | | | | | | | | | | | Add branch name explicitly to SRC_URI where it's not defined and switch to using https protocol for Github projects. The change was made using convert-srcuri script in scripts/contrib. (From OE-Core rev: ab781d4e3fa7425d96ea770ddfd0f01f62018c5b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pseudo: Add fcntl64 wrapperRichard Purdie2021-11-211-1/+1
| | | | | | | | | | | | Add fcntl64 wrapper which hopefully fixes issues seen in findutils and the find command in the libtool removal code when built with LFS compile flags on Gentoo. (From OE-Core rev: 64b68a7e2ebc1a7775f5fda64d7024879181aa7f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f26867fe4daec7299f59a82ae4a0d70cceb3e082) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pseudo: Add in ability to flush database with shutdown requestRichard Purdie2021-11-211-1/+1
| | | | | | | | | | | | | Pulls in: pseudo_db: Flush DB if there is a shutdown request fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ (test fix) (From OE-Core rev: 7b9123cac297275245c2fef78c286c17ca3690cf) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0882095d608ce3abbcc9814517434c21ea549063) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bootchart2: Don't compile python modulesRichard Purdie2021-11-031-1/+5
| | | | | | | | | | | | | "make install" may attempt to compile the python modules but it uses the host python and host paths which means the binaries are not reproducbile. Make things consistent. If anyone needs compiling, it will beed to be fixed to be cross compile compatible. (From OE-Core rev: b06105ec1a33bb37d42a10222e07b7f8eb69baff) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1189f95e05c80286e009e1ab46a603ee5b7ca239) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* strace: show test suite log on failureRoss Burton2021-11-031-0/+9
| | | | | | | | | | | | | If the tests fail, dump the log so we can see the failures. (From OE-Core rev: f59a20574046a2027746010311129342442857f0) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3154a65039831b1e041217707fdd6ca042f588fb) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Fix CVE-2021-3530Pgowda2021-11-033-0/+168
| | | | | | | | | | | Upstream-Status: Backport[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=25162c795b1a2becf936bb3581d86a307ea491eb] Upstream-Status: Backport[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=999566402e3] (From OE-Core rev: b9c13f5bc6be0fa63640caeef4947c4c2ca1d290) Signed-off-by: Pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: Deterministically set vendor macro entryRichard Purdie2021-10-291-1/+2
| | | | | | | | | | | | | | | | On an aarch64 build host, vendor is found to be "unknown", on x86 systems it is "pc". This filters through to the PLATFORM tag in target rpms. We saw reproducibility test failures where the PLATFORM tags in noarch rpms were changing depending upon which host built them. Forcing the vendor value to a consistent one makes things deterministic. (From OE-Core rev: ef37fca2f434eba22918e5eab4f2d5e2d499fc14) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f6434075b2bdfc23c683d22281b674b1e6abde77) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: upgrade 1.16.7 -> 1.16.8Sakib Sajal2021-10-298-4/+4
| | | | | | | | | | (From OE-Core rev: 5b6c68759f28fd684be316b3a5e33f41e4107f7b) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 97a2f406635f51bad1ab070f018a6466209f257b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: fix the reproducibility issueThomas Perrot2021-10-295-0/+162
| | | | | | | | | | | | | | | | | | Apply some changes on the Ruby makefiles in order to fix the reproducibility: - use a fixed timestamp, - sort linked objects, - doesn't use the current date, - and use UTC date. [YOCTO #14268] (From OE-Core rev: eea2f854fdd0f036dae2671ae52ba4695a83df68) Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 59b07ab51ff932a4632a31675445ba4192bae36b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pseudo: Update with fcntl and glibc 2.34 fixesRichard Purdie2021-10-291-1/+1
| | | | | | | | | | | | | | | | | | | Pull in the following changes: * ports/linux/guts: Add closefrom support for glibc 2.34 * pseudo_client: Make msg static in pseudo_op_client * ports/linux/guts: Add close_range wrapper for glibc 2.34 * pseudo_client: Do not pass null argument to pseudo_diag() * test-openat: Consider device as well as inode number * test: Add missing test-statx test case * fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ (From OE-Core rev: 190ed5d766b6a3922c3f841eb5fd04cf603cf76f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 71b549924a7fa7973a8e03e11f3db45fdc29889d) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nativesdk-pseudo: Fix to work with glibc 2.34 systemsHongxu Jia2021-10-292-15/+26
| | | | | | | | | | | | | | | | | | | | | | | Since commit [df313aa810 pseudo: Fix to work with glibc 2.34 systems] applied, it fixed native only. And nativesdk has the similar issue Tweak library search order, make prebuilt lib ahead of recipe lib, after apply the fix: ... $ readelf -a lib/pseudo/lib64/libpseudo.so | grep 'Shared library' 0x0000000000000001 (NEEDED) Shared library: [libdl.so.2] 0x0000000000000001 (NEEDED) Shared library:[libpthread.so.0] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] ... (From OE-Core rev: 1cbf45e39e6a9d043691fb236946c6717dd666b7) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d6d116b5db78645958ea30be3d0572e0f6d7bd92) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pseudo: Fix to work with glibc 2.34 systemsRichard Purdie2021-10-293-0/+73
| | | | | | | | | | | | The merge of libdl into libc in glibc 2.34 causes problems for pseudo. Add a fix that works around this issue. (From OE-Core rev: c9203671d638edb6a063d7522b29b8a8e776c2f3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dd3e46a043c81cd4d81731a0f691868d3c059742) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* m4: Do not use SIGSTKSZKhem Raj2021-10-292-0/+85
| | | | | | | | | | | | | | | Fixes ../../m4-1.4.18/lib/c-stack.c:55:26: error: missing binary operator before token "(" 55 | #elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384 | ^~~~~~~~ (From OE-Core rev: 4d350d458fa4ec75bf6f40da9c3a7c43403f3dbd) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 44ca8edd622782733d507e20a3d5ee9e44eb8be4) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: Add a fix for a make install raceRichard Purdie2021-10-292-0/+24
| | | | | | | | | | | | Add a fix for reproducibility issues where pyc files for python-config.py may not always be generated. (From OE-Core rev: 94aedf7d2b43ecdf0da1cf6b848f6e95ee253abf) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d1c3a87c48b598b6e5624d0affe8bd89320631bf) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: Ensure compression parallelism isn't coded into rpmsRichard Purdie2021-10-292-0/+29
| | | | | | | | | | | | | | We don't want the compression thread numbers to be encoded into the rpm since this results in the rpm not being deterministic. Add a patch from Alex Kanavin which addresses this issue (was queued for rpm 4.17 but we need to fix this with 4.16 too). (From OE-Core rev: 16d6f01eced9e6de5068056aea07a08ec9dfb659) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1ba0bf50c72f2506dfa507559c49a70e16cd5124) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2021-3682Sakib Sajal2021-10-072-0/+42
| | | | | | | | | | (From OE-Core rev: 14783d10fb43d10a91d5e61ad9811ad469a0fb46) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e16cd155c5ef7cfe8b4d3a94485cb7b13fd95036) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: Exclude CVE-2021-29923 from report listRichard Purdie2021-09-171-0/+5
| | | | | | | | | | | | | | Upstream don't believe it is a signifiant real world issue and will only fix in 1.17 onwards. Therefore exclude it from our reports. https://github.com/golang/go/issues/30999#issuecomment-910470358 (From OE-Core rev: 573337b8432677fa3a7643e74045ae7d7b331b3f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* flex: Add CVE-2019-6293 to exclusions for checksRichard Purdie2021-09-171-0/+5
| | | | | | | | | | | | | | | CVE is effectively disputed - yes there is stack exhaustion but no bug and it is building the parser, not running it, effectively similar to a compiler ICE. Upstream no plans to address and there is no security issue. https://github.com/westes/flex/issues/414 (From OE-Core rev: e2de2e5e977d84dab6cb1461800d4c29436da5c9) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0cae5d7a24bedf6784781b62cbb3795a44bab4d1) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tcl: Exclude CVE-2021-35331 from checksRichard Purdie2021-09-171-0/+3
| | | | | | | | | | | Upstream don't believe this is an issue. (From OE-Core rev: d0ff86bccdbcd91e8760001037168043725ef8f4) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit adf7bafee3f8884e525b5639ba092a1cd8e3beb9) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* squashfs-tools: fix CVE-2021-40153Kai Kang2021-09-172-0/+254
| | | | | | | | | | | | | | | | Backport patch to fix CVE-2021-40153, and remove version update in unsquashfs.c for compatible. CVE: CVE-2021-40153 Ref: * https://security-tracker.debian.org/tracker/CVE-2021-40153 (From OE-Core rev: 09de4ef3f33540069a37e9fe6e13081984b77511) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: fix CVE-2021-31799Mingli Yu2021-09-172-0/+58
| | | | | | | | | | Backport a patch to fix CVE-2021-31799. (From OE-Core rev: 97d0237e254a0d90b58fe35a1b40d549991b3779) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: Security fixes for CVE-2021-31810/CVE-2021-32066Yi Zhao2021-09-173-0/+362
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2021-31810: A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes Net::FTP extract information about services that are otherwise private and not disclosed (e.g., the attacker can conduct port scans and service banner extractions). CVE-2021-32066: Net::IMAP does not raise an exception when StartTLS fails with an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.” References: https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/ https://www.ruby-lang.org/en/news/2021/07/07/starttls-stripping-in-net-imap/ Patches from: https://github.com/ruby/ruby/commit/bf4d05173c7cf04d8892e4b64508ecf7902717cd https://github.com/ruby/ruby/commit/e2ac25d0eb66de99f098d6669cf4f06796aa6256 (From OE-Core rev: e14761916290c01683d72eb8e3de530f944fdfab) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tcf-agent: fetching over git:// no longer worksAlexander Kanavin2021-09-011-1/+1
| | | | | | | | | | (From OE-Core rev: 04caef3d9c0318c9169883650615af37aab30678) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 44a6cd03721b51cbb4e05870375fa347527b0db5) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* file: fix close_on_exec for multithreaded decompressionChangqing Li2021-09-012-1/+222
| | | | | | | | | | | | | | It is not safe to call the 'file' command from multiple threads. When a file is checked with multiple threads in parallel, the file descriptors might get shared which makes the pipe handling lock up, leading to lock up in rpmbuild. And may lead to rarely deadlock on random recipes's do_package task. (From OE-Core rev: 167814b81ddac3934077b0ee91c0c6015fc02bfe) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-07-03 22:52:37 +0000