| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
(From OE-Core rev: d0e68072d138ccc1fb5957fdc46a91871eb6a3e1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: 84a70edd2ce791dcd9b8b7a2f436f1d59cb2ea95)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Autobuilder sees and intermittent failure on strace tests and it occurs
quite often therefore bump the size of image as the space requirement is
more now with parallel execution enabled.
[YOCTO #15370]
(From OE-Core rev: 719a155b7f85d4ee623f78c3e85ba987f9142290)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 02d31355b20f8f3e7bd1b71c9412988eca9ec4b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
(From OE-Core rev: 5b17b563908206667a7d14f390bd9b2de897774c)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a CVE is created, it often has no precise version information and
this is stored as "-" (matching any version). After an update, version
information is added. The previous "-" must be removed, otherwise, the
CVE is still "Unpatched" for cve-check.
(From OE-Core rev: 67c4d9d27f06a07eac46c0f2cba8cfa1691b0737)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 641ae3f36e09af9932dc33043a0a5fbfce62122e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add a URL to the doc of the API used in the function.
... and fix a small typo dabase -> database
(From OE-Core rev: c8ae1765e81f9dd8e95a251cfda9e4d820bb5630)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e0157b3b81333a24abd31dbb23a6abebca3e7ba7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE_CHECK_DB_FILE is already defined in cve-check.bbclass which is
always inherited in cve-update-nvd2-native (There is a check line 40).
Remove it to avoid confusion. Otherwise, this should not change
anything.
(From OE-Core rev: 572ee5512a3d8941c6842af451ca6c9bb75773d3)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e5f3f223885c17b7007c310273fc7c80b90a4105)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to
specify the maximum age of the database for doing an incremental update
For older databases, a full re-download is done.
With a value of "0", this forces a full-redownload.
(From OE-Core rev: 665c880ff8be1b18c2abe8fa878643dfa64b7d3d)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74c1765111b6610348eae4b7e41d7045ce58ef86)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
attmepts -> attempts
(From OE-Core rev: 0c2e186e1ed8a904945066672e8e2af8b2ea284c)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc18aaeda8e810f9082a0ceac08e5e4275bbd0f7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libxml2 2.11.7
Security
[CVE-2024-25062] xmlreader: Don't expand XIncludes when backtracking
libxml2 2.11.6
Regressions
threads: Fix --with-thread-alloc
xinclude: Fix 'last' pointer in xmlXIncludeCopyNode
Bug fixes
parser: Fix potential use-after-free in xmlParseCharDataInternal
(From OE-Core rev: a0d164d7705034b2c351c518cebad8811ed5026f)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: d58b1a3a08fbef97455124d9be3eba297d33f036)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
USB devices are auto-mounted in a directory named like theirs labels.
Special characters like whitespace are octal-escaped in /proc/mounts
output. Using directly this output file as an argument for umount failed
and the mount directory can't be removed as still busy.
Using printf allows these special characters to be unescaped.
(From OE-Core rev: c3c31248233356a04db1d5ed375b647656d80fa0)
Signed-off-by: Jonathan GUILLOT <jonathan@joggee.fr>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 37f17625d931a06888388682dc2b1f5a2d298125)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Pull in fixes for CVE-2023-6246, CVE-2023-6779 and CVE-2023-6780.
(From OE-Core rev: 07847f5945ff67340803149242a629741d619bf5)
Signed-off-by: Benjamin Bara <benjamin.bara@skidata.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is for iCPE cloudflare:zlib.
Alternative to ignoring would be to limit CVE_PRODUCT, but
historic CVEs already have two - gnu:zlib and zlib:zlib.
So limiting it could miss future CVEs.
(From OE-Core rev: 7523c7b3609220b4dfc2bb0a83c552db60e1dc7e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9f953a1cd832f03f0b3666168addf45fd4fc8d14)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: 0584d01f623e1f9b0fef4dfa95dd66de6cbfb7b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
I'm not sure why this was included and enabled to begin with: the tests
predictably mass-fail if system time is set to after y2038.
(From OE-Core rev: 3d04849c741baeddd0677a18a468603b7112139d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c9c7ebd6e447bce19803253afd881854f686b5f6)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set `CVE_STATUS`for those CVEs, they have already been fixed with the latest
pull for stable branch fixes done in rev
e444d2bed0ea140a574414fcd5a689867e8ba312. Hence the issues are fixed
already.
(From OE-Core rev: a7b92c9c675c2c111e0b41121c1232b2e79de4ea)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6e6fe23c95f1d0a8a0503cb71557cf3272bf9945)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Serial tty is hung after reset command -
$echo "test " >> /dev/ttyS0
test
$stty -a < /dev/ttyS0
speed 115200 baud; rows 34; columns 153; line = 0;
intr = ^C; quit = ^\; erase = ^?; kill = ^U; eof = ^D; eol = <undef>; eol2 = <undef>; swtch = <undef>;
start = ^Q; stop = ^S; susp = ^Z; rprnt = ^R;
werase = ^W; lnext = ^V; discard = ^O; min = 1; time = 0;
-parenb -parodd -cmspar cs8 hupcl -cstopb cread clocal -crtscts
-ignbrk -brkint -ignpar -parmrk -inpck -istrip -inlcr -igncr icrnl ixon ixoff -iuclc -ixany -imaxbel iutf8
opost -olcuc -ocrnl onlcr -onocr -onlret -ofill -ofdel nl0 cr0 tab0 bs0 vt0 ff0
isig icanon -iexten echo echoe echok -echonl -noflsh -xcase -tostop -echoprt echoctl echoke -flusho -extproc
$reset
$echo "test " >> /dev/ttyS0
^C
$stty -a < /dev/ttyS0
^C
Updating reset_tty_settings API with latest code which fixes tty hung issue
(From OE-Core rev: 53939c1f4bcf8c32ed648ddf5150aee11ca3215b)
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2419afd8024f903efff862f3f7f7772aedea7613)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 71696c0b89751c1a975025086da0c6f52de00cd8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 419503d3d3402b683979696f248cd42f05c282b7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: a13fd3a4182a97ee0c8a2b49519e897b92f3a987)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 74d165f5baacd0cd94eb90396b0a3119281df91d)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: ff595b937d37d2315386aebf315cea719e2362ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport a fix to address the build failure on armv7a introduced
in systemd v254-rc1.
see
https://github.com/systemd/systemd/issues/29381
(From OE-Core rev: 9fbb9b974cc8a92eb77a080c89410fb2c8b311c1)
Signed-off-by: Viswanath Kraleti <quic_vkraleti@quicinc.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 782790dc6423fe3ae1ce4cd674ab492bfc881230)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes an issue running "opkg upgrade" on a system with systemd
(and when there is an update to "systemd-compat-units",
for example between yocto 4.2.2 and 4.2.3):
//var/lib/opkg/info/systemd-compat-units.postinst: cd: line 3: can't cd to /etc/init.d: No such file or directory
The existence of /etc/init.d is now tested
without causing an error if doesn't exist.
Fixes [YOCTO #15292]
(From OE-Core rev: d114814fa2628cfea2769d65a26514b76e61a0fa)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0330331a1386fd2a34b410a7f62b29bfc8dc23c4)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As stated in the LICENSES/README.md "Unless otherwise noted, the systemd
project sources are licensed under the terms and conditions of the GNU
Lesser General Public License v2.1 or later", so replace LGPL-2.1-only
with LGPL-2.1-or-later.
With the exception of some udev sources that are licensed under
GPL-2.0-or-later (but are packaged separately), the project is licensed
under LGPL, and all the components are LGPL or under LGPL compatible
licenses. The package libsystemd is currently under the main package
license, which can cause problems when scanning for GPL software linked
to CLOSED one. Add more granularity by setting a license for libsystemd
to LGPL-2.1-or-later.
(From OE-Core rev: 2c65ec32ce3c4a74b7117588151a94a4c6e506a6)
Signed-off-by: Massimiliano Minella <massimiliano.minella@se.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 54975f4b2184fe12c4995c289eba8358958e6c21)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
-Fix issue with missing NETLINK_EXT_ACK definition.
-Fix issue with incorrect derivation of ECC compressed points.
-Add support for ECC usage from SPAKE2+ key exchange protocol.
(From OE-Core rev: 2b799f27bb005a314ac87117ab2e9fc34be90fa3)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9b13c1ffadda0893561e804d2ab789bf1c401d3a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes NVD servers are unstable and return too many errors.
There is an option to have higher fetch attempts to increase the chances
of successfully fetching the CVE data.
Additionally, it also makes sense to progressively increase the delay
after a failed request to an already unstable or busy server.
The increase in delay is reset after every successful request and
the maximum delay is limited to 30 seconds.
Also, the logs are improved to give more clarity.
(From OE-Core rev: d24b1ce8485615b9359c0d319c64eb7756492cf8)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7101d654635b707e56b0dbae8c2146b312d211ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per NVD, the public rate limit is 5 requests in 30s (6s delay).
Using an API key increases the limit to 50 requests in 30s (0.6s delay).
However, NVD still recommends sleeping for several seconds so that the
other legitimate requests are serviced without denial or interruption.
Keeping the default sleep at 6 seconds and 2 seconds with an API key.
For failures, the wait time is unchanged (6 seconds).
Reference: https://nvd.nist.gov/developers/start-here#RateLimits
(From OE-Core rev: 6998b433a0b0609bbcfb99e7c8e96e5d6b534921)
Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5c32e2941d1dc3d04a799a1b7cbd275c1ccc9e79)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Sometimes NVD servers are unstable and return too many errors.
Last time we increased number of attempts from 3 to 5, but
further increasing is not reasonable as in normal case
too many retries is just abusive.
Keep retries low as default and allow to increase as needed.
(From OE-Core rev: 3573b0ab09359f7eca37fd86400dc3945f5fa7c1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6b6fd8043d83b99000054ab6ad2c745d07c6bcc1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This variable is not referenced in oe-core anymore.
(From OE-Core rev: 5e545e1226dbec48e7c60735ec5969ec0e356f21)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 905b45a814cb33327503b793741c19b44c8550b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Below commits on glibc-2.38 stable branch are updated.
44f757a636 LoongArch: Delete excessively allocated memory.
bf5aa419cb elf: Fix wrong break removal from 8ee878592c
63dbbc5c52 sysdeps: sem_open: Clear O_CREAT when semaphore file is expected to exist [BZ #30789]
1e04dcec49 Revert "elf: Move l_init_called_next to old place of l_text_end in link map"
719866ab2f Revert "elf: Always call destructors in reverse constructor order (bug 30785)"
e0b6c9706c Revert "elf: Remove unused l_text_end field from struct link_map"
(From OE-Core rev: 88e95c24c4b7b440e4ab4653fb93bddcb7524a58)
Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
* Fix truncating files when "g_file_set_contents_full()" is called without
"G_FILE_SET_CONTENTS_CONSISTENT"
* Fix "-Dlibelf=disabled" on Linux
* Bugs fixed:
- #3105 NetworkManager 1.44.0 crashes repeatedly with glib 2.78.0
- #3111 gsubprocess-testprog.c: build error with cygwin (sys/ptrace.h: No such
file or directory)
- #3116 gio clears modification time in microseconds when setting with
"set_modification_date_time"
- #3120 Build of glib 2.78.0 ignores -Dlibelf=disabled
- #3128 glib-2.78.0 fails at gio/tests/gsubprocess.p/gsubprocess.c.o
- #3130 Segfault when creating GIO GPropertyAction without properties
- #3144 "g_file_set_contents_full()" doesn't truncate the file (without
"G_FILE_SET_CONTENTS_CONSISTENT")
- !3576 guniprop.c: Avoid creating (temporarily) out-of-bounds pointers
- !3579 Fixes for integer cast warnings when targeting CHERI
- !3580 Fix test_find_program on FreeBSD
- !3589 gconstructor.h: Ensure [c|d]tor prototypes are present for MSVC
- !3594 Fix gutils-user-database test on macOS
- !3596 Add value annotation to G_TYPE_FUNDAMENTAL_MAX
- !3601 meson: Fix Windows build with PCRE2 as sibling subproject
- !3604 Backport !3589 "gconstructor.h: Ensure [c|d]tor prototypes are present
for MSVC" to glib-2-78
- !3608 Backport !3587 "glocalfileinfo: Preserve microseconds for
access/modify times" to glib-2-78
- !3609 Backport !3607 "Make sure the "GTask" is freed on a graceful
disconnect" to glib-2-78
- !3614 Backport !3582 "Buffer needs to be aligned correctly to receive
linux_dirent64." to glib-2-78
- !3616 Backport !3590 "gtestutils.h: Fix warning with -Wsign-conversion
caused by g_assert_cmpint" to glib-2-78
- !3619 Backport !3617 "tests: Drop unnecessary include from gsubprocess-
testprog.c" to glib-2-78
- !3622 Backport !3621 "wakeup: do single read when using eventfd()" to
glib-2-78
- !3625 Backport !3624 "wakeup: Fix g_wakeup_acknowledge if signal comes in"
to glib-2-78
- !3644 Backport !3633 "Use g_task_return in task threads" to glib-2-78
- !3649 Backport !3648 "build: Fix -Dlibelf=disabled on Linux" to glib-2-78
- !3659 Backport !3650 "gfileutils: Add a missing ftruncate() call when
writing files" to glib-2-78
(From OE-Core rev: ca5ec3ed5c528f36204b0f6b95bef896f8858176)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2a2df44ef1b413f1ae268a69e36ca796fc8c9d0b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The DynamicUser needs libnss-systemd to be installed to function
well. The tweaks to nsswitch.conf should be conditional on PACKAGECONFIG
values.
(From OE-Core rev: 5420215a3415f08c1d961fca2e3d8258f82fb7f1)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ba3a78c08cb0ce08afde049610d3172b9e3b0695)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
base-passwd (3.6.2)
[ Peter Kjellerstedt ]
* Make it possible to configure whether to use SELinux or not.
[ Gioele Barabucci ]
* d/postinst: Remove code for upgrades from outdated version 3.2.2.
* d/control: Remove unused w3m build dependency (closes: #1051810).
* Support <nodoc> build profile (closes: #1051809).
[ Colin Watson ]
* Debconf translations:
- Romanian (thanks, Remus-Gabriel Chelu; closes: #1031149).
- Swedish (thanks, Peter Kvillegård; closes: #1050440).
* Explicitly build-depend on docbook, since otherwise the build fails if
docbook-xml happens to be installed before installing build-dependencies
(closes: #1033422).
[ Samuel Thibault ]
* Fix non-Linux builds (closes: #1054098).
0006-Make-it-possible-to-configure-whether-to-use-SELinux.patch
removed since it's included in 3.6.2
(From OE-Core rev: 9dc8a4b219cd8763299ca465e82bd4a5b495ea14)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f318a13e8b6ce3ded313fa17ab80b35b936205fb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
| |
(From OE-Core rev: cce77e8e79c860f4ef0ac4a86b9375bf87507360)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
FILES:${PN}-utils is += extended and than replaced completely later,
remove the first extension.
(From OE-Core rev: da90f904c47250fbb71f03a3ce961a23dba47a80)
Signed-off-by: Rouven Czerwinski <r.czerwinski@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d9d61c5217938749e3edc5f8a5c987f46bbab3d7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
Fix issue with symbol visibility.
(From OE-Core rev: daebf66af566e56bb9f4cb6c0e23330221e3ebbc)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 14eba663b56f8f3b9c3aff5661cbe2aa7befe86e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
This CVE relates to a bug in the minizip tool, but we don't build that.
(From OE-Core rev: 5b06913e5883c35390c87f6660a0578c73ff4ddd)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is a use-after-free which theoretically can be an exploit
vector, but this UAF only occurs when malloc() fails. As it's
unlikely that the user can orchestrate malloc() failures at just the
place to break on _this_ malloc and not others it is disputed that this
is actually a security issue.
The underlying bug has been fixed, and will be incorporated into the
next release.
(From OE-Core rev: 8c70e7cecb1beb30a5be4ea9bbc89c2f2e11853b)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 4c261f8cbdf0c7196a74daad041d04eb093015f3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 6ecb3dac0b0033ae92a2727a0ae8803d52edaa64)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 12fa669ea2372e759139430b23edc041e86fb543)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 4f84537670020a8d902248479efa9f062089c0d3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: Updated copyright years and contibutors [1]
Brings following changes
* b7bfe0b Update documentation for 1.1 release
* f0de9c6 CHANGELOG: Add pthread section
* 36f21a6 pthread: add pthread_mutexattr_[get|set]kind_np
* f23fb58 stdio: Hook fopen(3) to intercept /proc/self/exe
* 158f2b5 Update CHANGELOG for 1.1
* 4a4c840 fix path-searching for execvp
* 9dbbddc sysctl: Add __getauxval alias
* fbdd06c misc: add __libc_single_threaded
* f727ab7 locale: also override __newlocale/__duplocale
* 244110e random_r: fix null dereference when passed uninitialized buf
[1] https://git.adelielinux.org/adelie/gcompat/-/commit/b7bfe0b08c52fdc72e0c1d9d4dcb2129f1642bd6#0398ccd0f49298b10a3d76a47800d2ebecd49859
(From OE-Core rev: 6f123655c71992d75746e662a6b757de4a57cce7)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Needed by pvr mesa drivers
(From OE-Core rev: e6efe08c5aa419db5c865a14116d137ff37db221)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A testing failure meant that the inittab changes made in 6c65544 didn't
actually work.
A copy-paste problems meant that start_getty was being invoked instead
of getty, but start_getty is sysvinit-inittab-specific. Revert this
inittab to calling getty directly.
Remove the terminal type, this wasn't specified in the original inittab.
Busybox's init has non-standard behaviour for the inittab's ID field.
With SysV this is a four-character identifier and nothing more, but with
busybox init this is the controlling terminal (minus /dev). If the
terminal doesn't exist then busybox doesn't gracefully handle the
failure but instead repeatedly fails to spawn.
As getty will immediately issue a setsid() this isn't needed for getty
entries, so the ID can be empty and ttyrun does the terminal detection.
(From OE-Core rev: 71202782a06ed1f0a17e00072b74b21195f2f5f9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wrap calls to start_getty with ttyrun, so that getty isn't started if
the device doesn't exist. As we know start_getty is only called when
the device exists we can remove the partial workaround for this problem
in that scripts too.
This neatly obsoletes SERIAL_CONSOLES_CHECK, whose sole purpose was to
check what terminals are present at boot and rewrite inittab. Notably,
this meant that SERIAL_CONSOLES_CHECK made using a read-only rootfs
impossible.
(From OE-Core rev: 950ecaabc04836efc346be0ac7e0331e2378872b)
(From OE-Core rev: 6c655441ff5cd0d8877891ff37f8cfa983363a2a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Wrap calls to start_getty with ttyrun, so that getty isn't started if
the device doesn't exist. As we know start_getty is only called when
the device exists we can remove the partial workaround for this problem
in that scripts too.
This neatly obsoletes SERIAL_CONSOLES_CHECK, whose sole purpose was to
check what terminals are present at boot and rewrite inittab. Notably,
this meant that SERIAL_CONSOLES_CHECK made using a read-only rootfs
impossible.
(From OE-Core rev: f4fd17d5a5e4eaa31995d3ca52c871cfbdc0df68)
(From OE-Core rev: 8e48297621311116d3edd7e3aa0de1b8ef2431b1)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ttyrun is a small tool from IBM's s390-tools package to run a command
if the specified TTY is present, and hang if not.
This is useful so that you can list all of the potential terminals in
inittab and not have getty quiting instantly when a device isn't
present, resulting in the "respawning too fast" errors.
Note that DISTRELEASE has to be set as otherwise "build$(DATE)" is used,
which is non-reproducible.
(From OE-Core rev: 41a8a2e0817c7f73d3a4514fd158141ee5627ad8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of one-letter variables and arcane sed expressions, use English
words and 'cut'.
(From OE-Core rev: de9833792dd0cfac6f17d5c733c263b976e89cf6)
(From OE-Core rev: c79f6e66283e506453d1643259d18e2d13eb10ea)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This script is not always called with /sbin and /usr/sbin in the PATH
already, for example when called via ssh. Explicitly set PATH to make
sure it includes /sbin and /usr/sbin since that's where start-stop-daemon
is located.
(From OE-Core rev: fa53f898eaba15dff030f9eadf86e5bca7d954fa)
Signed-off-by: Martijn de Gouw <martijn.de.gouw@prodrive-technologies.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
