summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* git: upgrade 2.35.4 -> 2.35.5Tim Orling2022-10-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This release addresses the security issues CVE-2022-39253 and CVE-2022-39260. * CVE-2022-39253: When relying on the `--local` clone optimization, Git dereferences symbolic links in the source repository before creating hardlinks (or copies) of the dereferenced link in the destination repository. This can lead to surprising behavior where arbitrary files are present in a repository's `$GIT_DIR` when cloning from a malicious repository. Git will no longer dereference symbolic links via the `--local` clone mechanism, and will instead refuse to clone repositories that have symbolic links present in the `$GIT_DIR/objects` directory. Additionally, the value of `protocol.file.allow` is changed to be "user" by default. * CVE-2022-39260: An overly-long command string given to `git shell` can result in overflow in `split_cmdline()`, leading to arbitrary heap writes and remote code execution when `git shell` is exposed and the directory `$HOME/git-shell-commands` exists. `git shell` is taught to refuse interactive commands that are longer than 4MiB in size. `split_cmdline()` is hardened to reject inputs larger than 2GiB. Credit for finding CVE-2022-39253 goes to Cory Snider of Mirantis. The fix was authored by Taylor Blau, with help from Johannes Schindelin. Credit for finding CVE-2022-39260 goes to Kevin Backhouse of GitHub. The fix was authored by Kevin Backhouse, Jeff King, and Taylor Blau. (From OE-Core rev: 43badfadb92a1d6684801f81fa2ed9c8b5652bb6) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: stable 2.38 branch updatesYash Shinde2022-10-291-1/+1
| | | | | | | | | | | | | Below commits on binutils-2.38 stable branch are updated. dc2474e7d20 (HEAD -> binutils-2_38-branch, origin/binutils-2_38-branch) elf: Reset alignment for each PT_LOAD segment f184ba116ed Re: PowerPC64 pcrel got relocs against local symbols 737e29d05eb PowerPC64 pcrel got relocs against local symbols (From OE-Core rev: 3ea33ca1a83d8621f1feee78f2c63850c1bc73e3) Signed-off-by: Yash Shinde <yashinde145@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: upgrade 3.10.4 -> 3.10.7Tim Orling2022-10-203-59/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | Security and bug fixes. Drop patch for gh-92036 which was merged in 3.10.5 Refresh 0017-setup.py-do-not-report-missing-dependencies-for-disa.pathc Fixes: * CVE-2020-10735 https://nvd.nist.gov/vuln/detail/CVE-2020-10735 * CVE-2021-28861 https://nvd.nist.gov/vuln/detail/CVE-2021-28861 * CVE-2018-25032 https://nvd.nist.gov/vuln/detail/CVE-2018-25032 For a list of changes see: https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-7-final https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-6-final https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-6-final (From OE-Core rev: 3efae85283b19fa1b30af7fed7fa89d7a50337db) Signed-off-by: Tim Orling <tim.orling@konsulko.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Backport patches from upstream to support float128 on qemu-ppc64Xiangyu Chen2022-10-2022-0/+2400
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Background: Due to current qemu 6.2 doesn't support float128, this cause some POSIX APIs(e.g. double difftime()..) return a wrong value, this issue can be reproduced by open_posix_testsuit difftime case[1]. The qemu upstream has already supported ppc64 float128, but need to update to qemu 7.0 or later. We backport the commits[2] from upstream to support that in qemu-ppc64 6.2.0. [1] difftime test case: https://github.com/linux-test-project/ltp/tree/master/testcases/open_posix_testsuite/conformance/interfaces/difftime [2] commits link: LINK: https://git.qemu.org/?p=qemu.git;a=commit;h=149a48f6e6ccedfa01307d45884aa480f5bf77c5 https://git.qemu.org/?p=qemu.git;a=commit;h=ba11446c40903b9d97fb75a078d43fee6444d3b6 https://git.qemu.org/?p=qemu.git;a=commit;h=bead3c9b0ff8efd652afb27923d8ab4458b3bbd9 https://git.qemu.org/?p=qemu.git;a=commit;h=10cc964030fca459591d9353571f3b1b4e1b5aec https://git.qemu.org/?p=qemu.git;a=commit;h=e706d4455b8d54252b11fc504c56df060151cb89 https://git.qemu.org/?p=qemu.git;a=commit;h=941298ecd7e3103d3789d2dd87dd0f119e81c69e https://git.qemu.org/?p=qemu.git;a=commit;h=4edf55698fc2ea30903657c63ed95db0d5548943 https://git.qemu.org/?p=qemu.git;a=commit;h=c07f82416cb7973c64d1e21c09957182b4b033dc https://git.qemu.org/?p=qemu.git;a=commit;h=e4052bb773cc829a27786d68caa22f28cff19d39 https://git.qemu.org/?p=qemu.git;a=commit;h=ffdaff8e9c698061f57a6b1827570562c5a1c909 https://git.qemu.org/?p=qemu.git;a=commit;h=201fc774e0e1cc76ec23b595968004a7b14fb6e8 https://git.qemu.org/?p=qemu.git;a=commit;h=c5df1898a147c232f0502cda5dac8df6074070fc https://git.qemu.org/?p=qemu.git;a=commit;h=38d4914c5065e14f0969161274793ded448f067f https://git.qemu.org/?p=qemu.git;a=commit;h=caf6f9b568479bea6f6d97798be670f21641a006 https://git.qemu.org/?p=qemu.git;a=commit;h=25ee608d79c1890c0f4e8c495ec8629d5712de45 https://git.qemu.org/?p=qemu.git;a=commit;h=19f0862dd8fa6510b2f5b3aff4859363602cd0cf https://git.qemu.org/?p=qemu.git;a=commit;h=5f1470b091007f24035d6d33149df49a6dd61682 https://git.qemu.org/?p=qemu.git;a=commit;h=17868d81e0074905b2c1e414af6618570e8059eb https://git.qemu.org/?p=qemu.git;a=commit;h=9193eaa901c54dbff4a91ea0b12a99e0135dbca1 https://git.qemu.org/?p=qemu.git;a=commit;h=e4318ab2e423c4caf9a88a4e99b5e234096b81a9 https://git.qemu.org/?p=qemu.git;a=commit;h=3bb1aed246d7b59ceee625a82628f7369d492a8f (From OE-Core rev: 5ed94b1d155a7d5597358a93c65dfe98ac07ea15) Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2022-2962Ross Burton2022-10-202-0/+65
| | | | | | | | | | | | | | | | | Backport the fix for CVE-2022-2962. (From OE-Core rev: 943d28a3395455fd475cb6c84247d106adf5fca3) (From OE-Core rev: 8ad129d079ea53ca66a91ec9fe36bb95f2648112) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ddc4258012e0d3fa946c319b601b0e73db7ac5e6) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Fix CVE-2021-3611Bhabu Bindu2022-10-2025-0/+4532
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As per the ubuntu community [https://ubuntu.com/security/CVE-2021-3611] To fix CVE-2021-3611 we need to backport the below support patches as well Link: https://git.qemu.org/?p=qemu.git;a=commit;h=41d5e8da3d5e0a143a9fb397c9f34707ec544997 https://git.qemu.org/?p=qemu.git;a=commit;h=7ccb391ccd594b3f33de8deb293ff8d47bb4e219 https://git.qemu.org/?p=qemu.git;a=commit;h=7a36e42d9114474278ce30ba36945cc62292eb60 https://git.qemu.org/?p=qemu.git;a=commit;h=4afd0f2f220ec3dc8518b8de0d66cbf8d2fd1be7 https://git.qemu.org/?p=qemu.git;a=commit;h=23faf5694ff8054b847e9733297727be4a641132 https://git.qemu.org/?p=qemu.git;a=commit;h=ba06fe8add5b788956a7317246c6280dfc157040 https://git.qemu.org/?p=qemu.git;a=commit;h=a1d4b0a3051b3079c8db607f519bc0fcb30e17ec https://git.qemu.org/?p=qemu.git;a=commit;h=c0ee1527358474c75067993d1bb233ad3a4ee081 https://git.qemu.org/?p=qemu.git;a=commit;h=5e468a36dcdd8fd5eb04282842b72967a29875e4 https://git.qemu.org/?p=qemu.git;a=commit;h=e2d784b67dc724a9b0854b49255ba0ee8ca46543 https://git.qemu.org/?p=qemu.git;a=commit;h=959384e74e1b508acc3af6e806b3d7b87335fc2a https://git.qemu.org/?p=qemu.git;a=commit;h=392e48af3468d7f8e49db33fdc9e28b5f99276ce https://git.qemu.org/?p=qemu.git;a=commit;h=1e5a3f8b2a976054da96cbbb9de6cbac7c2efb79 https://git.qemu.org/?p=qemu.git;a=commit;h=292e13142d277c15bdd68331abc607e46628b7e1 https://git.qemu.org/?p=qemu.git;a=commit;h=2280c27afc65bb2af95dd44a88e3b7117bfe240a https://git.qemu.org/?p=qemu.git;a=commit;h=34cdea1db600540a5261dc474e986f28b637c8e6 https://git.qemu.org/?p=qemu.git;a=commit;h=24aed6bcb6b6d266149591f955c2460c28759eb4 https://git.qemu.org/?p=qemu.git;a=commit;h=cd1db8df7431edd2210ed0123e2e09b9b6d1e621 https://git.qemu.org/?p=qemu.git;a=commit;h=a423a1b523296f8798a5851aaaba64dd166c0a74 https://git.qemu.org/?p=qemu.git;a=commit;h=398f9a84ac7132e38caf7b066273734b3bf619ff https://git.qemu.org/?p=qemu.git;a=commit;h=6bebb270731758fae3114b7d24c2b12b7c325cc5 https://git.qemu.org/?p=qemu.git;a=commit;h=4a63054bce23982b99f4d3c65528e47e614086b2 Add patches to fix CVE-2021-3611 Link: https://git.qemu.org/?p=qemu.git;a=patch;h=be5a8cf347d0c47ee3e933dde075526fd8bd5c40 https://git.qemu.org/?p=qemu.git;a=patch;h=79fa99831debc9782087e834382c577215f2f511 (From OE-Core rev: 388ce95cdf17b829663764061e686bcb3a56d096) Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com> Signed-off-by: virendra thakur <thakur.virendra1810@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Fix CVE-2021-3750 for qemuVirendra Thakur2022-10-204-0/+283
| | | | | | | | | | Add patch to fix CVE-2021-3750 (From OE-Core rev: e9e945a1d22b06d10ac07345b7cebcf232a809bb) Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils : Fix CVE-2022-38128pgowda2022-10-204-0/+884
| | | | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f07c08e115e27cddf5a0030dc6332bbee1bd9c6a] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=175b91507b83ad42607d2f6dadaf55b7b511bdbe] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=695c6dfe7e85006b98c8b746f3fd5f913c94ebff] (From OE-Core rev: 21fb0b441096ec8b5cfa1d5b645f9a3a2ace1e09) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: Remove -Wimplicit-function-declaration warningsKhem Raj2022-10-111-7/+11
| | | | | | | | | | | (From OE-Core rev: 9f2dbfc51ef2faf1b6154856adb69ca9f764573b) (From OE-Core rev: b2be1f5e7e858056cd5bf3273dca312a5ea8cf92) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: update 4.17.0 -> 4.17.1Alexander Kanavin2022-10-116-461/+40
| | | | | | | | | | | | (From OE-Core rev: 826eb17fe741d38be24d31f3bba35074e404a414) (From OE-Core rev: 49a875322110e5c9d90d99473a0e3f874e42739c) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rsync: update 3.2.4 -> 3.2.5Florin Diaconescu2022-10-111-1/+1
| | | | | | | | | | Changelog: https://download.samba.org/pub/rsync/NEWS#3.2.5 (From OE-Core rev: 9431be33d8107e7c861b5b41411aae1532fb2c8c) Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rsync: update 3.2.3 -> 3.2.4Florin Diaconescu2022-10-113-41/+19
| | | | | | | | | | | | | | Drop configure options that have been removed upstream. License-Update: formatting Changelog: https://download.samba.org/pub/rsync/NEWS#3.2.4 (From OE-Core rev: 4a4097ed1db8ecedbcf12388207c546d4d106e17) Signed-off-by: Florin Diaconescu <florin.diaconescu009@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils : Fix CVE-2022-38127pgowda2022-10-115-0/+1670
| | | | | | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=19c26da69d68d5d863f37c06ad73ab6292d02ffa] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=ec41dd75c866599fc03c390c6afb5736c159c0ff] Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=f18acc9c4e5d18f4783f3a7d59e3ec95d7af0199] Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e98e7d9a70dcc987bff0e925f20b78cd4a2979ed] (From OE-Core rev: e384b754eb0223928c239db42ece93c06dce6daa) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: add arm-v9 supportRuiqiang Hao2022-09-285-0/+468
| | | | | | | | | | Backport some patches from GCC 12 to support arm-v9. (From OE-Core rev: 450639bf4b46b963480b2ab4efe72e443d0524b3) Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-cross-canadian: add default plugin linkerSamuli Piippo2022-09-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix multilib sdk issue where gcc is unable to find linker. Previous fix was in cdd86896c8d29135f937968e9aa07f919cf543d3 using real-ld symlink, but that prevented switching between bfd and gold linkers. Running compiler with debug arguments shows that collect2 tries and fails to find linker using the multilib triples: $ $CC -v -Wl,-debug ... Looking for 'real-ld' Looking for 'collect-ld' Looking for 'mips-oemllib32-linux-ld' Looking for 'mips-oe-linux-mips-oemllib32-linux-ld' ... collect2 version 12.2.0 ld_file_name = not found ... collect2: fatal error: cannot find ‘ld’ Using --with-plugin-ld=ld in gcc-cross-canadian builds to set default linker name for collect2, lets it find the linker correctly: Looking for 'real-ld' Looking for 'collect-ld' Looking for 'ld' ... collect2 version 12.2.0 ld_file_name = /usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/libexec/mips-oe-linux/gcc/mips-oe-linux/12.2.0/ld Swith between bfd and gold linker works as expected now: $ $CC -v -Wl,-debug -fuse-ld=gold ... Looking for 'real-ld' Looking for 'collect-ld' Looking for 'ld.gold' ... collect2 version 12.2.0 ld_file_name = /usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/libexec/i686-oe-linux/gcc/i686-oe-linux/12.2.0/ld.gold (From OE-Core rev: f4174b3bde5ec91293619fac3258f35153363c51) Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit cf1bb16b7f9f81514feaf1e4ecffd9039387bb89) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "gcc-cross-canadian: Add symlink to real-ld alongside other symlinks"Samuli Piippo2022-09-281-2/+0
| | | | | | | | | | | | | | | This reverts commit cdd86896c8d29135f937968e9aa07f919cf543d3. real-ld is always used if that is found, which means you cannot switch between bfd and gold linkers using -fuse-ld gcc option. (From OE-Core rev: 3d13ef9e457ad3854c5e9bc37f8ea9a6b0e6c54f) Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 53ae417c63a4a7ff4a729d3653a31cf1c0758f10) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-rfc3986-validator: switch from SRC_URI:append to SRC_URI +=Mikko Rapeli2022-09-281-1/+1
| | | | | | | | | | | | | | | The :append can not be removed via bbappends if needed. Thus it's better for open source layers to use += append if possible. (From OE-Core rev: 1e09be9455fb054b3f74f088b355116828cb4626) (From OE-Core rev: 15ac2f4f2873a3c7b9f5bd0385d570e7b64fc643) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 4546b5186e5aa2808be6c1616eca15219c4fcb5d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go-native: switch from SRC_URI:append to SRC_URI +=Mikko Rapeli2022-09-281-1/+1
| | | | | | | | | | | | | | The :append can not be removed if needed in other layers. (From OE-Core rev: e129d2f7e3ba312ab5383397eeabf7273d23a529) (From OE-Core rev: 905062ef53c016091c36690b36ed9ed5203175e5) Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 09ed655c2a8a0a246e7dcc745ec89f7a1d13813d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: fix CVE-2022-38126pgowda2022-09-282-0/+35
| | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e3e5ae049371a27fd1737aba946fe26d06e029b5] (From OE-Core rev: 1c3eaf29fc21579a8e4aa8ab6c356d773f8a38f5) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: fix CVE-2022-27664Teoh Jay Shen2022-09-282-0/+103
| | | | | | | | | Upstream-Status: Backport [https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479] (From OE-Core rev: fecad1b8e0f006c0186941706219d39c6c8ba5eb) Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* autoconf: Update K & R stype functionsKhem Raj2022-09-163-65/+139
| | | | | | | | | | | | | This replaces the proposed patch with a backport of what got accepted upstream (From OE-Core rev: 0edeb22a8d4f77ece938b1f0e4cc8f06c6265e6c) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f3e92b7cb5833f61ff13a66f03be513d97a69894) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* autoconf: Fix strict prototype errors in generated testsKhem Raj2022-09-162-0/+65
| | | | | | | | | | | | | | This will fix issues with autoconf tests which fail due to lacking prototypes (From OE-Core rev: 7863774e4f436a5aefa86f7fe0d4dec6c336e8db) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit eb477854ba230d8a8370f24880bd421607399e5a) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-multilib-config: Fix i686 toolchain relocation issuesRichard Purdie2022-09-161-1/+1
| | | | | | | | | | | | | | | | This code wasn't changing the linux.h on i686. Make the entry match that for i586 which was correct. This fixes problems where the wrong dynamic loader path was used by nativesdk-gcc on i686 SDK targets by ensuring SYSTEMLIBS_DIR is replaced by %r in the correct header files. (From OE-Core rev: 47f6d0da703a9d25fa7dd36793ba332ae8d7ee9e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d30eb681f41bf9e921f7f0d42747fff7a4be9229) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby: drop capstone supportAlexandre Belloni2022-09-162-1/+37
| | | | | | | | | | | | Upstream dropped capstone support and this also causing us reproducibility issues. (From OE-Core rev: fe8e54576e97ef7c4845889f3e8bb53f524c0611) Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit d2496a904a7099ef0de818180820ad7b40843a08) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vala: upgrade 0.56.2 -> 0.56.3wangmy2022-09-162-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Changelog: ========== * Various improvements and bug fixes: - vala: Don't unconditionally expect ObjectType of Class [#1341] - vala: Make try-statement parsing more resilient [#1304] - vala: Avoid problems with '\' in #line directives on Windows [#1353] - gidlparser: Set source reference of parameters * Bindings: - atspi-2: Fix a few binding errors - glib-2.0: Use g_abort for GLib.Process.abort() beginning with 2.50 [#1350] - gtk+-3.0: Correctly unhide BindingSet.by_class to avoid Version attribute (From OE-Core rev: 90b0762aff8b11e781f2d492fd7af7707bc623a1) Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 29d2f8241312a7f0bda39805d41cd6789d369ce9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pseudo: Update to include recent upstream minor fixesRichard Purdie2022-09-121-1/+1
| | | | | | | | | | | | | | | | Pull in some minor fixes: pseudo_util: Silence symlink errors and fix resolution bug ports/linux: Remove build dependency on libattr Minor build fixes pseudo_util: Fix resolving relative paths from "/" (From OE-Core rev: fa5e99a57093877cb2332826ac8e9dae21d30b74) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c57d0c57d00cdef622dab3bf783a10d52f8d9ffb) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils : CVE-2022-38533pgowda2022-09-122-0/+37
| | | | | | | | | | | Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ef186fe54aa6d281a3ff8a9528417e5cc614c797] (From OE-Core rev: 9644d9a38dac8d2c0263f4e8a67624da7a8bc55b) Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* apt: fix nativesdk-apt build failure during the second time buildChangqing Li2022-08-281-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Run following commands: bitbake nativesdk-apt bitbake nativesdk-apt -c install -f The second command's do_install will fail with following error: | /build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0/recipe-sysroot-native/usr/bin/x86_64-wrlinuxsdk-linux/x86_64-wrlinuxsdk-linux-g++ -D_WITH_GETLINE=1 -Dapt_pkg_EXPORTS -I/build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0/build/include -I/build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0/build/include/apt-pkg --sysroot=/build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0/recipe-sysroot -O2 -pipe -fmacro-prefix-map=/build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0=/usr/src/debug/nativesdk-apt/2.4.5-r0 -fdebug-prefix-map=/build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0=/usr/src/debug/nativesdk-apt/2.4.5-r0 -fdebug-prefix-map=/build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0/recipe-sysroot= -fdebug-prefix-map=/build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0/recipe-sysroot-native= -fPIC -fvisibility=hidden -fvisibility-inlines-hidden -Wall -Wextra -Wcast-align -Wlogical-op -Wredundant-decls -Wmissing-declarations -Wunsafe-loop-optimizations -Wctor-dtor-privacy -Wdisabled-optimization -Winit-self -Wmissing-include-dirs -Wnoexcept -Wsign-promo -Wundef -Wdouble-promotion -Wsuggest-override -Werror=suggest-override -Werror=return-type -std=gnu++17 -MD -MT apt-pkg/CMakeFiles/apt-pkg.dir/tagfile-keys.cc.o -MF apt-pkg/CMakeFiles/apt-pkg.dir/tagfile-keys.cc.o.d -o apt-pkg/CMakeFiles/apt-pkg.dir/tagfile-keys.cc.o -c /build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0/build/apt-pkg/tagfile-keys.cc | /build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0/build/apt-pkg/tagfile-keys.cc:1:10: fatal error: /include/apt-pkg/tagfile-keys.h: No such file or directory | 1 | #include "/include/apt-pkg/tagfile-keys.h" 0/build/tmp-glibc/work/x86_64-nativesdk-wrlinuxsdk-linux/nativesdk-apt/2.4.5-r0/build/apt-pkg/tagfile-keys.cc During the first command, do_install task changed tagfile-keys.cc, this will make tagfile-keys.cc is newer than the built tagfile-keys.cc.o. So the second do_install will rebuild tagfile-keys.cc.o. But the header path is replaced wrongly, so fix the header path (From OE-Core rev: 00337a5426aaece57ecbdc2f601b0c8272e2c5b9) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 3e18bd4dbddacfd878317ebcf0a039b46d6d6342) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-pip: Fix RDEPENDS after the updateDaiane Angolini2022-08-281-0/+2
| | | | | | | | | | | | | | | | | | Fix the following error messages: ModuleNotFoundError: No module named 'distutils' ModuleNotFoundError: No module named 'colorsys' (From OE-Core rev: 3e1c254f71a4d22ebde063e23242cd838fb917f9) Signed-off-by: Daiane Angolini <daiane.angolini@foundries.io> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8beef93e6e341566eba8a125f75ad836ac6a3d69) Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: update v1.17.12 -> v1.17.13Sakib Sajal2022-08-288-3/+3
| | | | | | | | | | | | | | | | | | | | Update to latest v1.17.x release. Contains fix for CVE-2022-32189. go.git$ git log --oneline go1.17.12^..go1.17.13 15da892a49 (tag: go1.17.13, origin/release-branch.go1.17) [release-branch.go1.17] go1.17.13 703c8ab7e5 [release-branch.go1.17] math/big: check buffer lengths in GobDecode d9242f7a8c [release-branch.go1.17] cmd/compile: do not use special literal assignment if LHS is address-taken 489c148578 [release-branch.go1.17] cmd/compile: fix prove pass when upper condition is <= maxint 66c60f076c [release-branch.go1.17] runtime: clear timerModifiedEarliest when last timer is deleted c25b12fb81 [release-branch.go1.17] runtime: use saved LR when unwinding through morestack 1ed3c127da (tag: go1.17.12) [release-branch.go1.17] go1.17.12 (From OE-Core rev: 5acea6ee55d36987609bfa38b579ba86ca1879d1) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cmake: remove CMAKE_ASM_FLAGS variable in toolchain fileMartin Beeger2022-08-231-1/+0
| | | | | | | | | | | | | | | | | As discussied in [YOCTO #14717] cmake contains a OEToolchainConfig.cmake file to configure the toolchain correctly in cross-compile build for recipes using cmake. The CMAKE_ASM_FLAGS are the configuration are meant for assembly, but the spelling is incorrect and the Flag is ASFLAGS for gcc and other compilers. So this variable might neever have worked and it is better for recipes to specify their own. (From OE-Core rev: aeec7cc3081a7b21dc0e38b404547463796bfa0e) Signed-off-by: Martin Beeger <martin.beeger@online.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> (cherry picked from commit 72729ffbab53f95ee9dd1bc22913d9b864495930) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2022-0216Sakib Sajal2022-08-233-0/+96
| | | | | | | | | | Backport relevant patches to fix CVE-2022-0216. (From OE-Core rev: f2ebd772edd9508af9b557b184d7716a7004f46d) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2022-0358Sakib Sajal2022-08-232-0/+107
| | | | | | | | | | Backport patch to fix CVE-2022-0358. (From OE-Core rev: 99c4b60bc0266d131307e689ad3651497b3bca29) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2021-4158Sakib Sajal2022-08-232-0/+47
| | | | | | | | | | Backport patch to fix CVE-2021-4158. (From OE-Core rev: a171d1fa795ea41ef073f1ed34894d0c43989e6a) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2021-3929Sakib Sajal2022-08-232-0/+71
| | | | | | | | | | Backport patch to fix CVE-2021-3929. (From OE-Core rev: 3be3101ab1be2be58b6f27a28ca8e1ade3aff853) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2021-3507Sakib Sajal2022-08-233-0/+209
| | | | | | | | | | Backport relevant patches to fix CVE-2021-3507. (From OE-Core rev: 8ad9e87ac78d5dab816e489c3e5581bbdc0d297c) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* strace: set COMPATIBLE_HOST for riscv32Mingli Yu2022-08-081-0/+3
| | | | | | | | | | | | | | Disable the build on riscv32 as it's not supported on riscv32 [1]. [1] https://github.com/strace/strace/commit/69ff62ea5087506ad36a27599db088096db215da (From OE-Core rev: 4d6b260bd356dab6d74cf771e52649e0a41cb7ce) Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5276a9a845d0277936e9321ada296818f7bfd84b) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcc: Fix standalone target builds with usrmerge distro featureKhem Raj2022-08-081-2/+6
| | | | | | | | | | | | | | Ignore the rmdir cmd if using usrmerge distro feature since the intention is to delete /lib or /lib64 but not libdir under /usr and base_libdir = libdir when usrmerge is enabled in distro (From OE-Core rev: 38fb876253e28577b8fcf4dd47fbb1d0673c6220) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3b7f6b0e0f1f16f89cd924aac001b4f661c145ca) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: stable 2.38 branch updatesSundeep KOKKONDA2022-08-081-1/+1
| | | | | | | | | | | | | | | Below commits on Binutils-2.38 development branch are updated. 5c0b4ee4060 i386: Don't allow GOTOFF relocation against IFUNC symbol for PIC 19892fedb7b x86: Properly check invalid relocation against protected symbol b8a2baa80b1 libctf: tests: prune warnings from compiler output 7f9a495a167 libctf: fix linking together multiple objects derived from the same source 97dd8079feb PowerPC64: fix assertion in ppc_build_one_stub with -Os code (From OE-Core rev: 4eb53b33bc46a8131653354bd077229ee7ee42ed) Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vala: upgrade 0.56.1 -> 0.56.2Alexander Kanavin2022-08-042-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Changes in 0.56.2 LTS release: - codegen: Correctly set array-length for NoAccessorMethods properties [#1316] - codegen: Detect usage of static type-parameter in runtime context [#1326] - vala: Avoid critical in SourceFile.get_mapped_length() [#1330] - codegen: Make sure to initialize static collections - codegen: Split reserved identifiers for C and Vala - codegen: Check cname of fields and methods against reserved identfiers [#1329] - glib2.0: Add abs() to int8/int16/int32/ssize_t [#1328] - Add initial wayland-client binding - Add geocode-glib-2.0 binding - Add rest-1.0 bindings (From OE-Core rev: b29546561f8e518cd59043a563f8783ada6f3053) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 21913b732953a1b85ae89721f8337eb9f75d1798) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vala: upgrade 0.56.0 -> 0.56.1Alexander Kanavin2022-08-042-3/+3
| | | | | | | | | | | | | | | | | | | | | | Changes in 0.56.1 LTS relase: - vala: Improve accessibility check inside member initializer [#1300] - vala: Don't allow nullable enum value as real GObject property [#1074] - valadoc: Include path to doclet in error message - manual: Update from wiki.gnome.org - gtk4: Fix GLib.Value parameter in ContentProvider.get_value() - gtk4: Split out gtk4-wayland and gtk4-x11 into separate bindings [#1308] - gstreamer: Update from 1.21+ git main - vapi: Update GIR-based bindings (From OE-Core rev: b19e2022184c567b53858981c77ebf3b1d283a8b) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0d78d6d6122b776f9abac27e3a71a3196999bebd) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* log4cplus: upgrade 2.0.7 -> 2.0.8Alexander Kanavin2022-08-041-1/+1
| | | | | | | | | | | | | | | | | | | | Changes: Add CMake alias libraries Add an option to disable tests to configure script Fix C++11 compatibility: C++11 does not have basic_string_view. Look for Android's log library Fix handling of ,aux extension for FileAppender filename should not be empty for TimeBasedRollingFileAppender (From OE-Core rev: 1dae5b5482b0d8c1c7832fc69d9e2998e5311dca) Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e09ffe4ec692329502165282ac80cf552113a4d5) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail ↵Hitendra Prajapati2022-08-042-0/+54
| | | | | | | | | | | | | | | | | | path, leading to an io_readx or io_writex crash Source: https://github.com/qemu/qemu MR: 119830 Type: Security Fix Disposition: Backport from https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c ChangeID: 41d6646e06319e629da574b9b2e8a3a197a73441 Description: CVE-2022-35414 qemu: can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. (From OE-Core rev: 5f236e744b5b528bdf8d95c9580c273f63c04452) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-runtime: Pass -nostartfiles when building dummy libstdc++.soKhem Raj2022-08-011-2/+1
| | | | | | | | | | | | | | This is a dummy shared object therefore reduce dependencies further by not requiring the C startup files, we wont use this shared library for anything useful anyway (From OE-Core rev: 2bc86c029fb82ae572f6a89407ccfe332972568c) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Backport a fix for gcc bug 105039Naveen2022-08-012-1/+93
| | | | | | | | | | | | | Backport a fix from: https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=9234cdca6ee88badfc00297e72f13dac4e540c79 which fixes rust recursion issues in the demangler. (From OE-Core rev: 943760dfb8036bd2f5e075bf0696f820fd6dc79d) Signed-off-by: Naveen <naveen.gowda@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: upgrade v2.35.3 -> v2.35.4Sakib Sajal2022-08-011-1/+1
| | | | | | | | | | Minor upgrade which includes fix for CVE-2022-29187. (From OE-Core rev: 11943acaacd9b81b09ca378f40b17c393d33cb4b) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: update v1.17.10 -> v1.17.12Sakib Sajal2022-08-018-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | go.git$ git log --oneline go1.17.10..go1.17.12 1ed3c127da (tag: go1.17.12) [release-branch.go1.17] go1.17.12 cd54600b86 [release-branch.go1.17] encoding/gob: add a depth limit for ignored fields 76f8b7304d [release-branch.go1.17] path/filepath: fix stack exhaustion in Glob 8c1d8c8362 [release-branch.go1.17] io/fs: fix stack exhaustion in Glob 0117dee7dc [release-branch.go1.17] compress/gzip: fix stack exhaustion bug in Reader.Read ba8788ebce [release-branch.go1.17] go/parser: limit recursion depth 2678d0c957 [release-branch.go1.17] encoding/xml: limit depth of nesting in unmarshal 58facfbe7d [release-branch.go1.17] encoding/xml: use iterative Skip, rather than recursive ed2f33e1a7 [release-branch.go1.17] net/http: preserve nil values in Header.Clone d13431c37a [release-branch.go1.17] net/http: don't strip whitespace from Transfer-Encoding headers ae2dfcc1c8 [release-branch.go1.17] runtime: add race annotations to cbs.lock fc07039e23 [release-branch.go1.17] runtime: add race annotations to metricsSema 9ef614f5aa [release-branch.go1.17] cmd/compile: allow 128-bit values to be spilled b1be664d64 [release-branch.go1.17] runtime: store consistent total allocation stats as uint64 77cc1c0def [release-branch.go1.17] cmd/go: pass --no-decorate when listing git tags for a commit 8d2935ab7c [release-branch.go1.17] cmd/dist: test cgo internal linking on darwin-arm64 651a8d81ba [release-branch.go1.17] cmd/dist: skip internal linking tests on arm64 26cdea3acc (tag: go1.17.11) [release-branch.go1.17] go1.17.11 4c69fd51a9 [release-branch.go1.17] path/filepath: do not remove prefix "." when following path contains ":". 909881db03 [release-branch.go1.17] misc/cgo/testsanitizers: buffer the signal channel in TestTSAN/tsan11 03c2e56f68 [release-branch.go1.17] crypto/tls: avoid extra allocations in steady-state Handshake calls c15a8e2dbb [release-branch.go1.17] crypto/tls: randomly generate ticket_age_add 590b53fac9 [release-branch.go1.17] os/exec: return clear error for missing cmd.Path 2be03d789d [release-branch.go1.17] crypto/rand: properly handle large Read on windows 65701ad2b4 [release-branch.go1.17] misc/cgo/testsanitizers: use buffered channel in tsan12.go e846f3f2d6 [release-branch.go1.17] runtime: skip TestGdbBacktrace flakes matching a known GDB internal error a9003376d5 [release-branch.go1.17] cmd/dist: consistently set PWD when executing a command in a different directory 0e7138a102 [release-branch.go1.17] runtime: mark TestGcSys as flaky (From OE-Core rev: 4c3591cd31b61c4008af80701dfc1bcd6339e0e8) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dpkg: fix CVE-2022-1664Sakib Sajal2022-08-012-0/+329
| | | | | | | | | | Backport patch to fix CVE-2022-1664. (From OE-Core rev: e22b7b2a30c4c688b9c4414824c93ae8a884496c) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lua: Backport fix for CVE-2022-33099Khem Raj2022-08-012-0/+62
| | | | | | | | | | | | Fixes stack overflow while handling recurring errors in Lua-stack (From OE-Core rev: 16be6e3b750c66aab3ef68eaa805b71abd50319a) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit caad9d5f7184f0fa60fa7770e5d3da3f533647cb) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-runtime: Fix missing MLPREFIX in debug mappingsRichard Purdie2022-07-251-1/+1
| | | | | | | | | | | | This fixes reproducibility issues with multilibs were a different recipe specific sysroot is used which was leaking into debug symbols in libraries. (From OE-Core rev: 3bb7abe545be6c92b2bd4f184536b0b0e871aac6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f442edf51e256bd315bd8e4ac4d9fa12b8e9e092) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-04-21 22:57:54 +0000