Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=dunfell 2024-04-16T02:13:22+00:00 2024-04-16T02:13:22+00:00 Steve Sakoman steve@sakoman.com 2024-04-14T11:58:06+00:00 urn:sha1:77442211926cbe93d60108f6df4abda3bc06b735 Intermittent failures on autobuilder: AssertionError: Failed ptests: {'valgrind': ['memcheck/tests/linux/timerfd-syscall']} (From OE-Core rev: 189628c2e3aa973ab9127924c1cf017013c7c113) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-04-13T11:51:47+00:00 Ashish Sharma asharma@mvista.com 2024-04-06T17:53:57+00:00 urn:sha1:2e04c8f59a1fba0f07e09f6764d0d6b1d0114ea2 Upstream-Status: Backport [https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c] (From OE-Core rev: b58dae3401bcf6747a36e87106285d4bc944d25d) Signed-off-by: Ashish Sharma <asharma@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-04-05T13:34:42+00:00 Vijay Anusuri vanusuri@mvista.com 2024-03-27T03:19:54+00:00 urn:sha1:869db167b1c71e036a70565dc73cef6b002d6d22 Upstream-Status: Backport [https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 & https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 & https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e] (From OE-Core rev: 2bc50dccff15b9c4ad815092ef20caa3ef06864c) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-02-27T15:42:54+00:00 Peter Marko peter.marko@siemens.com 2024-02-13T07:38:09+00:00 urn:sha1:6c31f05df4408cca5e81f34c8ff24d5d58c9413c Concept of gcc-source prevents cve-check to detect existing CVE patch file. So whitelist this CVE in all recipes using gcc-source via this include file. (From OE-Core rev: 04511734c6dc8c7dda3a943b385cd273d012d8c7) (From OE-Core rev: 037f640b9272ba055ee41eeb1e6e9b002faefe36) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit d803ca653139aa2d6acb4f99469c76a9d232b307) Signed-off-by: Dnyandev Padalkar <padalkards17082001@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-02-16T13:35:51+00:00 Zahir Hussain zahir.basha@kpit.com 2023-12-01T12:16:17+00:00 urn:sha1:aa02dc871fd0cc799e85d1730be9039975f3b822 As discussion in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake file to configure the toolchain correctly in cross-compile build for recipes using cmake. The variable CMAKE_CXX_IMPLICIT_INCLUDE_DIRECTORIES value updates incorrectly during do_compile the code. Due to this getting sporadic error like below, fatal error: stdlib.h: No such file or directory | 75 | #include_next <stdlib.h> | | ^~~~~~~~~~ | compilation terminated. | ninja: build stopped: subcommand failed. | WARNING: exit code 1 from a shell command. As cmake already correctly initializes the variable from environment, So we have to unset it in the toolchain file to avoid overwriting the variable definition again. (From OE-Core rev: 7ab6087536bc67c63094f08f863dcd3d5e35b8e7) Signed-off-by: aszh07 <mail2szahir@gmail.com> Signed-off-by: Zahir Hussain <zahir.basha@kpit.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5aeada5793af53e8c93940952d4f314474dca4c2) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-02-16T13:35:51+00:00 Matthias Schmitz matthias.schmitz@port4949.net 2024-02-05T19:02:23+00:00 urn:sha1:c846f0d89c71ed31b8fc486fd1350bd83d1ea071 Fixes [YOCTO #15383] This bug was introduced into upstream when fixing CVE-2022-29154. It was later discovered and fixed upstream but this fix didn't make it into poky yet. The added patch is taken from upstreams git repository: https://github.com/WayneD/rsync/commit/fabef23bea6e9963c06e218586fda1a823e3c6bf (From OE-Core rev: fb448f87c0b3906b91d453451083dc003ac94ebe) Signed-off-by: Matthias Schmitz <matthias.schmitz@port4949.net> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-02-16T13:35:51+00:00 Ming Liu liu.ming50@gmail.com 2024-02-12T12:15:11+00:00 urn:sha1:eb0915c699fbe86488de172d529f073a30d05b6a The original CVE-2023-29406.patch is not complete, causing docker failures at runtime, backport a complementary fix from golang upstream. (From OE-Core rev: bff621d5399e5ff2930d21f403bb2f274febd2e4) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-02-16T13:35:51+00:00 virendra thakur thakur.virendra1810@gmail.com 2024-02-06T10:01:58+00:00 urn:sha1:1c77446c9611e000f71c9aab1a5c041fa6b81502 This CVE is related to Windows. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-47039 (From OE-Core rev: 970a0a64ce147970c7743411584c9bd1dc1ce414) Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-01-31T13:51:10+00:00 virendra thakur thakur.virendra1810@gmail.com 2024-01-23T05:28:20+00:00 urn:sha1:a528dc22aafff4e91f01a48525ab19cf5eef395b In the case of a zero length string being returned by fgets(), the condition checking for a trailing new line would perform a bad memory access outside of `buf`. This might happen when line with a leading null byte is read. Avoid this case by checking that the string has a length of at least one byte. Link: https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba (From OE-Core rev: 32e3618891295cec1ee5d4195998aa97f93b2207) Signed-off-by: virendra thakur <virendrak@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2024-01-21T18:33:19+00:00 Vijay Anusuri vanusuri@mvista.com 2024-01-16T02:05:36+00:00 urn:sha1:854aafaea449e5808c0cc2ddf02088511cd3defb Updated 0012-fix-libcap-header-issue-on-some-distro.patch to resolve patch fuzz caused by the CVE-2023-2861 patch Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/a5804fcf7b22fc7d1f9ec794dd284c7d504bd16b & https://gitlab.com/qemu-project/qemu/-/commit/f6b0de53fb87ddefed348a39284c8e2f28dc4eda] (From OE-Core rev: cede843cdd1d1a83b2d616086aa69a2b584f9442) Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>