| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in disable_priv_mode in shell.c in GNU Bash
through 5.0 patch 11. By default, if Bash is run with its effective UID
not equal to its real UID, it will drop privileges by setting its
effective UID to its real UID. However, it does so incorrectly. On Linux
and other systems that support "saved UID" functionality, the saved UID
is not dropped. An attacker with command execution in the shell can use
"enable -f" for runtime loading of a new builtin, which can be a shared
object that calls setuid() and therefore regains privileges. However,
binaries running with an effective UID of 0 are unaffected.
Get the patch from [1] to fix the issue.
[1] https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaa
(From OE-Core rev: aee0f56a9b3b510649672d0b4427a0e94a001ec4)
Signed-off-by: De Huo <De.Huo@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6f01acae9c279e0a580f46d1ba4c015caa3f8c2c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Host keys are getting bigger and taking an ever increasing amount of time
to generate. Whilst we do need to test that works, we don't need to test
it in every image. Add a recipe which can be added to images with
pre-generated keys, allowing us to speed up tests on the autobuilder
where it makes sense to.
(From OE-Core rev: 130695364281f62b9e00d311c21f7acb5a1204a1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c6c7d16437cbd5ccbee1b99a2154c33fdbac9299)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Assumptions in the test mean it doesn't work with ssh-pregen-hostkeys.
It also doesn't work with systemd. Update the configuration to make
sure neither of these effect the test.
(From OE-Core rev: 7dc649ba9abef2f9f2f863f568f8f808adbbff38)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e2f277657f1db6a0f805ac07d318a3850535d695)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
It's pure luck this has worked so far, add a missing space to the append.
(From OE-Core rev: 0c9437beb64aa294a1863de10a6c4b44612fa9e4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 793e0575b1cebb953276b5f93ff31e48c19779c8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Increase the serial login timeout from 60 to 120s. This seems like a
long time, however for a qemumips image with systemd+PAM and openssh,
(e.g. core-image-sato-sdk + DISTRO=poky-altcfg), the getty connects
to systemd's pam module which waits on logind and 45s for all this
to happen at the same time as things like ssh key generation happens
is not unknown.
Increase the timeout to match the longer times we know these things
can take in the worst case scenarios since we're tired of intermittent
issues related to the serial login affecting the autobuilder.
(From OE-Core rev: 1c5f304ad8d7d5deb85b3a5135556f9e38a9326b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8b4292db741de660f756dfb766210814d587b7a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OECORE_NATIVE_SYSROOT is used by tools like oe-run-native and hence
we were seeing selftest failures when newer buildtools-tarballs that
use this were run on the autobuilder.
Unset the variable after use to avoid these issues.
(From OE-Core rev: d00bab16aefb3f200b01ad6baee15bc9cca7b6ce)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ea5128fde10eb9be7fefbbb87ae6181edd2bcdff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently buildtools has its own hacked environment setup. We added
capability for generic script fragements but this code was never updated
to use it even if several components it contains needs it.
Remove a hardcoded variable in favour of the generic scripts to
avoid bugs in this area in future. The others should probably be
migrated to environment files in future too but there isn't such
a file for those at present.
(From OE-Core rev: b62ced32772d21c689998c5995f31550db51466d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit eb210cee4bd71614dd108027e6d5aa8f8d451b27)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 4dbae5c7c28a2cd6ebb601f984a54ca33d19afaf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 630ce8130598e2bca7231ac28a7cc18b5b942544)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The official links on:
https://curl.haxx.se/download.html
use https now and we're seeing this warning:
WARNING: curl-native-7.72.0-r0 do_fetch: Failed to fetch URL http://curl.haxx.se/download/curl-7.72.0.tar.bz2, attempting MIRRORS if available
(From OE-Core rev: 9f39e53b0e1bf74b233b3e33a9996934a198f533)
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0aa24abf6c4d68efa63026d2496b6adc16734d35)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
These tools are not yet ported to rv32/musl
(From OE-Core rev: d5173d1fb27d9ed050aa278ed83b28a757248f0d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cf963ef65d524256c2d00e0588cd3b8b7ef56ff4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
as otherwise when using it in combination with archiver.bbclass we would
have 2 methods of the same name but with different signatures
leading to various hard to understand exceptions
(From OE-Core rev: fa240a4d8ede066980cec70f479548d5df502ded)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ce0c1cb2fc67881d2edcbe269ea934917ccfb48a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Where we have images with PAM+systemd, serial login can be extremely
slow. The load generated by key generation does slow down the rest
of the boot process.
Lower the priority level of these systemd services, since we'd
prefer to have the rest of the system boot more effectively.
This doesn't "solve" the slow systemd boot issues but does help.
(From OE-Core rev: c5394e65972ac21b1c7f68db100754939ecaef8c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 087700665284c08ba846e52b6b86276629f5f1cd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since "conf: Use xf86-input-libinput by default" [1] there are
reports [2] of xinput-calibrator failing because it expects
xf86-input-evdev and with the above patch xf86-input-libinput
takes precedence.
Fix this issue by using a branch of xinput calibrator which supports
xf86-input-libinput.
[1] https://git.openembedded.org/openembedded-core/commit/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc?id=2d005faff6341a81a2afae28860101ba9db51ae8
[2] https://www.yoctoproject.org/pipermail/yocto/2018-December/043487.html
(From OE-Core rev: 9ef52d226a783557cdeb995df423a9ed932f3e44)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d3b2302bcc1594e663183134793cf4aca8f4df41)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a package QA check to test if the recipe sets ALTERNATIVE variable
for any of its packages, and does not inherit update-alternatives class.
This causes the do_rootfs to fail since a proper alternative cannot be
created.
(From OE-Core rev: 0845f6b09716d927c586be5be878d08fa53b31d1)
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 24b5ccc76d5660fac38ac5346666380a0ecce359)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add a package QA check for wether any of the variables used by
features_check.bbclass is set while not inheriting the class itself.
(From OE-Core rev: 02fa8637195447f38b4ce96086197490ce814987)
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c06489d102682504afe33f9fee3facd9628b3f57)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Don't assume that the .la files are installed, because some libtool
alternatives don't install these.
(From OE-Core rev: 07910054c75a084dcfb10c86c1bf69b68989f587)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e545ae3a7961111ceb4e2a468e9ec53cebfed721)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Don't assume that the .la files are installed, because some libtool
alternatives don't install these.
(From OE-Core rev: d888a11a372be5886c6894e5b38514e44498934d)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e92b24368b71e4b178f81097b2a8d141c3b65481)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: e9d24bae963aae93a1ace55c681b2d7de4ea935d)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 790f8a5bfbd1851226fa5fc5b09e79f6396e747d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was always questionable to do this in an anonymous function, but now
with multiconfig it is a critical mistake and leads to more strange
"Exception: sqlite3.OperationalError: disk I/O error" errors.
(From OE-Core rev: 0e11c37e49272b967010df7dcebbe73a76f70edb)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fcbc9d0e8421a3a559db05005ba042337cd5d864)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
class is enabled
(From OE-Core rev: ec2a17001a2a0180ecdb0b946ff8f7673e14ba24)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cbc717350b21fb417fa6f83621022ac633a26124)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 5919afe43083d9d0b818c26ca4d6c175efa0f7b5)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fix :
CVE-2020-14346
https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff
CVE-2020-14361
https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787
CVE-2020-14362
https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc
(From OE-Core rev: d485870543fbc111832735ae713b2ec405ce78fa)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: bf8f33c62f6fe98777248fb05ce3105e9f63d03a)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 6007398a0ff468c0b15c4982d7f04e6186d6d700)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
glibc 2.32 has deprecated sys_siglist [1]
since no is default for musl as well, therefore elevate it to common
site file for all
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=b1ccfc061feee9ce616444ded8e1cd5acf9fa97f
(From OE-Core rev: 766e1565f3d33d9222323076cd57c22994bc25bf)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7c19f30849e9a73a7497d8e6c4719a2e57017086)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is used by various pieces of the result handling code, particularly the
performance testing and we're seeing autobuilder failures that are
easiest resolved using this.
Acked-by: Tim Orling <ticotimo@gmail.com>
(From OE-Core rev: 5dc390658f0839911d85fe7f3f3ce8bf006e69eb)
Signed-off-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc6d4d438b71365f5c6f54b8482d4f01f1d0dc8e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is used by some of the results handling code and needed as part of
buildtools tarball on various autobuilder worker for testing.
ptest is disabled for OE-Core, at least for now since it depends on
python3-pytest which in turn has may other dependencies.
Acked-by: Tim Orling <ticotimo@gmail.com>
(From OE-Core rev: cc0f56a788c33ad3fd2bb5402dee497234fb06bb)
Signed-off-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b5156e95e9e80e3e0f7eea181cd12f85e03a111d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Needed as a dependency of python3-jinja2. ptest is disabled for OE-Core, at
least for now since it depends on python3-pytest which in turn has may other
dependencies.
Acked-by: Tim Orling <ticotimo@gmail.com>
(From OE-Core rev: ec222f6af5f8629453ac8e71a1dd6c44ec9a88c8)
Signed-off-by: Tim Orling <ticotimo@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6f2727fd309b8b46a7ac1b8d99ae1d77a6ee74c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: b39bda4cc62db12c0edfbe489d5a7f5988ede6a9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: d652b2aaa02a8aa9ff8f0ad84ca7762a6f950640)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 914d8a00e34a8edf75a349da6f5978e4ed60e6d5.
Due to bug introduced for externalsrc
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14044
(From OE-Core rev: a6a9913575aab96f4347bdf979e26115aa0fd716)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some distros may not have local.conf, and use auto.conf or site.conf
alone to describe distro config metadata, therefore make code robust
to not fail eSDK builds for such setups
(From OE-Core rev: 554dba802108c91b79acf81c046e6a47815404fb)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6379f951ba92b2b86a55de5fc267bacf8c6095d2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The VERSION variable is not set unless the
top level Makefile is used as the version is
derived from the Changelog.
If VERSION is not set, none of the binaries built
in the sysvinit recipe will have a valid version
output.
Before:
INIT: version booting
After:
INIT: version 2.96 booting
Using the top level Makefile does not cause any
additional builds to occur.
(From OE-Core rev: c8ad554db100b9fd16097fc8616b2af5390772e7)
Signed-off-by: Michael Gloff <mgloff@emacinc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 10992ad4f343d0f92d9d6246cc2e58effd3f3eeb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a bugfix release which includes the following changes:
824551a Prepare 0.3.1
ca6aaa1 Fix file reading/writing when the environment is in EEPROM
a031dea Fix regression in UBI volume support
c91c150 Define SOVERSION to indicate API version
(From OE-Core rev: 2e646f0aca9a0af7e308590117c220c940996d86)
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 447eb941ef43cd5af19aed650fb7da718cedda61)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It avoids init to crash when kernel cmdline contains a string with
spaces inside, like that:
dyndbg="file drivers/usb/core/hub.c +pltf"
(From OE-Core rev: 16bad6260a6a25b2ec25c7eb0dfe526db56f166e)
Signed-off-by: Christophe Guibout <christophe.guibout@st.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 88b8b94bd2d052bca29d27bd5cd00eddb0f5999d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A recent commit added single quotes around the sed regex's. This prevented the
expansion of $default_baudrate in do_install(), and ended up with systemd's'
serial-getty@.service file having a literal $default_baudrate.
This broke the serial console getty service.
serial-getty@.service was getting a line which looked like this:
ExecStart=-/sbin/agetty -8 -L %I $default_baudrate $TERM
Rather than:
ExecStart=-/sbin/agetty -8 -L %I 115200 $TERM
Fixed by repacing the single quotes with double quotes in the sed expressions.
(From OE-Core rev: 1cc94a6b9b6a9d12f782471053448ad9795944bb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 80b721bfa4fe300a2f52f233f44fa2835426d304)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix sed: -e expression #1, char 13: unterminated `s' command
Error Message:
| NOTE: Installed into sysroot: []
| NOTE: Skipping as already exists in sysroot: ['pseudo-native', 'glibc', 'patch-native', 'quilt-native', 'gcc-cross-arm', 'gcc-runtime', 'linux-libc-headers', 'libgcc', 'flex-native', 'xz-native', 'libtool-native', 'automake-native', 'binutils-cross-arm', 'zlib-native', 'mpfr-native', 'texinfo-dummy-native', 'autoconf-native', 'libmpc-native', 'gnu-config-native', 'gmp-native', 'attr-native', 'm4-native', 'gettext-minimal-native']
| DEBUG: Python function extend_recipe_sysroot finished
| DEBUG: Executing shell function do_install
| sed: -e expression #1, char 13: unterminated `s' command
| WARNING: exit code 1 from a shell command.
| ERROR: Execution of '/opt/Projects/poky/build/tmp/work/qemux86_64-poky-linux/systemd-serialgetty/1.0-r5/temp/run.do_install.11228' failed with exit code 1:
| sed: -e expression #1, char 13: unterminated `s' command
| WARNING: exit code 1 from a shell command.
|
To Fix this Issue using the strong (single quote) character in sed command.
It is recommend to use quotes. If we have meta-characters in the command, quotes are necessary.
(From OE-Core rev: edaecac74210ae201dc5eea5758bcf4e85cb14cb)
Signed-off-by: Rahul Kumar <rahulk@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e2fea05e150dcfec4b7dfbd8edddb53897026bf9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For example, if you just run 'bitbake cve-update-db-native' in a clean
build system, |cve_tmp_file| won't exist yet.
(From OE-Core rev: b98e50f08b2bcf61fbc75ea1b0ad83a17c0a736a)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dd4473f3d8e1c1a587b6de660775e4b46ddc5fad)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: c8c307c4b28d93938887ecb1d87f6024e916c0f9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ff422652e1b5db62205fafc75ce56bb5951d478d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously CVE_CHECK_DB_FILE / CVE_CHECK_DB_DIR was the same across
multiconfigs which led to a race condition wherein multiple
cve-update-db-native:do_populate_cve_db tasks could attempt to write to
the same sqlite database. This led to the following task failure:
Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_populate_cve_db(d)
0003:
File: '/mnt/data/agent/work/74f119cccb44f133/yocto/sources/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 103, function: do_populate_cve_db
0099: if year == date.today().year:
0100: cve_f.write('CVE database update : %s\n\n' % date.today())
0101:
0102: cve_f.close()
*** 0103: conn.commit()
0104: conn.close()
0105:}
0106:
0107:def initialize_db(c):
Exception: sqlite3.OperationalError: disk I/O error
Use a lockfile to ensure multiple tasks don't step over each other.
(From OE-Core rev: f08604d27ecacfd37bd37bfaf4c76f17b8f65604)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 24e9380643a2ae3fcae193519cb64aedaf682153)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 694f5107388c5301b82581007ff5fe96dfa8769d)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 79ae2e82b8ec11578177f428060b568d6c7d44ca)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cve-check file should be saved always, it has good info.
Put a copy in the log dir as cve-summary with symlinks to latest run.
[Yocto #13974]
(From OE-Core rev: 4dab2610a35a998ee0bf5309a0b399ee0d54b4a8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 859849c7b594d844819ad8c3f7d8325388d94b93)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has
been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).
Reference:
https://gitlab.gnome.org/GNOME/libxml2/-/issues/178
Upstream patch:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2
(From OE-Core rev: d5406b389fcae8fb0f5fc9cc7dbf7ee819c04bc8)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 92dc02b8f03f3586de0a2ec1463b189a3918e303)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is specific to the npm package that can install cmake, so isn't
relevant to our cmake recipe.
(From OE-Core rev: ad11e4a9afea5a4c9dd34a7fa37b82efd61952a4)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8e74ed809ec4c1f61264ecf5be4bc319e5e07766)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand
the CVE_PRODUCT list to include all the vendors that have been used.
(From OE-Core rev: 3c0029c9cf22b6983020edf9ce2aeb7b326d8c12)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb265122cccea9466405fdd924ad10ce8cda0dec)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog
- Fix issue with uintset and number of bytes copied.
- Fix issue with overflow in DHCP lease T2 computation.
- Fix issue with side channel leak in l_ecc_scalar_new.
- Fix issue with missing MSG_MORE in l_cipher_set_iv.
- Add support for DHCP v6 client implementation.
(From OE-Core rev: deb77c59b9c11738a93fc80c1b256b3df8e14827)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ad8ca257d40f5041b3ec167e4117c687da448a9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport the CVE patch from the usptream:
https://gitlab.com/gnutls/gnutls.git
commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a
(From OE-Core rev: fe3eebd129409fd8ed3ad1705a87eced5a61b33e)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 84b1bc500e318657cb7a8a189b59cc63bc91dca3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Its possible some patterns may cause problems with the current path
manipulations, make a small tweak to try and avoid potential pathname
overlap issues.
(From OE-Core rev: b90c8e041a9a2daa9472ed37630d8e0fdec18d36)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 889005dc17d3e3b8eadee907ee2c05b8ff613285)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Similarly to 04ee0e8b95cd8ed890374e0007f976684206b630, ensure only full
build paths are replaced in the environment to avoid breaking buildtools.
(From OE-Core rev: 3be3740d0239f2eb198ccd2b75597cdccbdd1efc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fcd0a9683af1a9155eabbd9056e3b46d4a931b2e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 97b439469a45a089431ca9c31893288c855045f4 added a fallback
mechanism for getting the rootfs timestamp. However, it uses curly
braces around the variable name, which causes bitbake resolve the
variable reference, rather than the shell, so the git timestamp
never gets used. Fix the reference to restore the intent of
making it a fallback for when there is no git timestamp to
retrieve.
(From OE-Core rev: 21d7ab8ce10f6d6a56875244c09dcfebae457b22)
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fbcf2c1c255b0c61a795c032cf7b67f5db41baa8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
