| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NASM v2.16 was discovered to contain a segmentation violation
in the component ieee_write_file at /output/outieee.c.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46457
Upstream patches:
https://github.com/netwide-assembler/nasm/commit/c8af73112027fad0ecbb277e9cba257678c405af
(From OE-Core rev: 6b82d998184112c42b4298aef6a0b9e314fc8ee4)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
At second running, there are four new failed case:
d_loaddump f_bigalloc_badinode f_bigalloc_orphan_list f_dup_resize
The test_data.tmp is necessary, but it is deleted by run-ptest.
So it should be restored after testing.
(From OE-Core rev: 3a5ce6f8090f912bb9744e8cc8f3f2510f351a33)
Signed-off-by: Qiu Tingting <qiutt@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d0d08dd9a8a179e25b9cfcbac696c1d212a1910c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking
Proxy-Authorization headers to destination servers when redirected to an HTTPS
endpoint. This is a product of how we use `rebuild_proxies` to reattach the
`Proxy-Authorization` header to requests. For HTTP connections sent through the
tunnel, the proxy will identify the header in the request itself and remove it
prior to forwarding to the destination server. However when sent over HTTPS,
the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy
has no visibility into the tunneled request. This results in Requests forwarding
proxy credentials to the destination server unintentionally, allowing a malicious
actor to potentially exfiltrate sensitive information. This issue has been patched
in version 2.31.0.
Reference: https://github.com/advisories/GHSA-j8r2-6x86-q33q
(From OE-Core rev: e806c625d9a7eb08079a3268d2d8b20b582d0b6c)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
| |
CPAN.pm before 2.35 does not verify TLS certificates when downloading
distributions over HTTPS.
(From OE-Core rev: b093db144b35e7c140ac830dbe67cabfaac69f73)
Signed-off-by: Soumya <soumya.sambu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Angle brackets should not appear in CSS contexts, as they may affect
token boundaries (such as closing a <style> tag, resulting in
injection). Instead emit filterFailsafe, matching the behavior for other
dangerous characters.
Thanks to Juho Nurminen of Mattermost for reporting this issue.
For #59720
Fixes #59811
Fixes CVE-2023-24539
(From OE-Core rev: 0a09194f3d4ad98d0cf0d070ec0c99e7a6c8a158)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This is consistently seen with musl and grep from busybox
Therefore backport a patch from upstream to fix it
(From OE-Core rev: 769290794fc23894211c56b1878a73634fd20283)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 511bcd965af658e6bb0c61d9f2adb1af75af773b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
* needed for llvm-native on hosts with gcc-13
(From OE-Core rev: 3382759cb6c5cee42151e72fd94e99a3060317f5)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
some standalone targets e.g. riscv64-elf disable shared linking for
baremetal ELF ABI in ld, therefore lets make it a static library
(From OE-Core rev: 3c6219dfcbcbde314648ba8cc54a90b32ea1c952)
(From OE-Core rev: 4ee9d5839669560ec10f23445fa8bbc03a4c5406)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-24540
Upstream patch:
https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go 1.19.9)
(From OE-Core rev: 5defed7d5dc8bc6f68f021d19c4f42832d33472b)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
This is specific to Git-for-Windows.
(From OE-Core rev: 472a3e05270deace2862973dee2e65e60f9c0c19)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7,
2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding
specially crafted input to `git apply --reject`, a path outside the working
tree can be overwritten with partially controlled contents (corresponding to
the rejected hunk(s) from the given patch). A fix is available in versions
2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3,
and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying
patches from an untrusted source. Use `git apply --stat` to inspect a patch before
applying; avoid applying one that create a conflict where a link corresponding to
the `*.rej` file exists.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-25652
Upstream patches:
https://github.com/git/git/commit/9db05711c98efc14f414d4c87135a34c13586e0b
(From OE-Core rev: 335ad8a6d795cd94b872370e44a033ce3fbf4890)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8,
2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted
`.gitmodules` file with submodule URLs that are longer than 1024 characters can used
to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug
can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when
attempting to remove the configuration section associated with that submodule. When the
attacker injects configuration values which specify executables to run (such as
`core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code
execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8,
2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running
`git submodule deinit` on untrusted repositories or without prior inspection of any
submodule sections in `$GIT_DIR/config`.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-29007
Upstream patches:
https://github.com/git/git/commit/528290f8c61222433a8cf02fb7cfffa8438432b4
https://github.com/git/git/commit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8
https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a
https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d
https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a
(From OE-Core rev: 1b55343b6346437b80b8a8180ae1bc9f480d92ef)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a package with a postsints script requires ldconfig, the package class adds
a ldconfig postinst fragment to initialize it before. Systemd has its own
ldconfig.service to initialize it and sometimes if both services are running
at the same time in the first boot, the first one will work, but the second
one will fail with the following error:
ldconfig[141]: /sbin/ldconfig: Renaming of /etc/ld.so.cache~ to /etc/ld.so.cache failed: No such file or directory
This commit adds a ordering dependency between them to make sure that only one
service is running at the same time.
(From OE-Core rev: 5fca673d8fe0ee97dc37ed2c9941696842cd667a)
Signed-off-by: Arturo Buzarra <arturo.buzarra@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e9d812e127dc6743f52f4881e509e8e2e833afe)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cryptography is a package designed to expose cryptographic primitives
and recipes to Python developers. In affected versions `Cipher.update_into`
would accept Python objects which implement the buffer protocol, but
provide only immutable buffers. This would allow immutable objects
(such as `bytes`) to be mutated, thus violating fundamental rules of
Python and resulting in corrupted output. This now correctly raises
an exception. This issue has been present since `update_into` was
originally introduced in cryptography 1.8.
(From OE-Core rev: 368e450c2d800790a05924519f34c579e28e9cbb)
Signed-off-by: Narpat Mali <narpat.mali@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
(From OE-Core rev: fd0d01aca6f2aea51e9704e0ba48dc35dfd87b81)
Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57]
(From OE-Core rev: d46891efa23932a048f7cc4d82c6387e03262f76)
Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7]
(From OE-Core rev: 033db4876844b17de7673970860eb155d15c56e7)
Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=77c225bdeb410cf60da804879ad41622f5f1aa44]
(From OE-Core rev: 27278ebd5d102ce5a9d45f94a93932065025657b)
Signed-off-by: Deepthi Hemraj <deepadeepthi98@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
html/template: disallow actions in JS template literals
Backport from https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b
(From OE-Core rev: 835462d697a5f294900843b8bcd628709c256605)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A parsed MIME header is a map[string][]string. In the common case,
a header contains many one-element []string slices. To avoid
allocating a separate slice for each key, ReadMIMEHeader looks
ahead in the input to predict the number of keys that will be
parsed, and allocates a single []string of that length.
The individual slices are then allocated out of the larger one.
The prediction of the number of header keys was done by counting
newlines in the input buffer, which does not take into account
header continuation lines (where a header key/value spans multiple
lines) or the end of the header block and the start of the body.
This could lead to a substantial amount of overallocation, for
example when the body consists of nothing but a large block of
newlines.
Fix header key count prediction to take into account the end of
the headers (indicated by a blank line) and continuation lines
(starting with whitespace).
Thanks to Jakob Ackermann (@das7pad) for reporting this issue.
Fixes CVE-2023-24534
For #58975
Fixes #59267
(From OE-Core rev: 28bfa033ce965d7316a8b4296d10f3ad74d711db)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This CVE is related to Windows.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664
(From OE-Core rev: c812189760292ae39f7c10cfbde8f11130cce085)
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NASM v2.16 was discovered to contain a heap buffer overflow in the
component quote_for_pmake() asm/nasm.c:856
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-44370
Upstream patches:
https://github.com/netwide-assembler/nasm/commit/2d4e6952417ec6f08b6f135d2b5d0e19b7dae30d
(From OE-Core rev: 1568df72136f46f0767bba56c10c48bf2a1ec259)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport patch [1] to fix CVE-2023-28755.
[1] https://github.com/ruby/ruby/commit/8ce4ab146498879b65e22f1be951b25eebb79300
(From OE-Core rev: 605634cf1adef2d9cf6dc6fdf17aa4032385497f)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting a large line or column number using a //line directive can cause
integer overflow even in small source files.
Limit line and column numbers in //line directives to 2^30-1, which
is small enough to avoid int32 overflow on all reasonbly-sized files.
Fixes CVE-2023-24537
Fixes #59273
For #59180
(From OE-Core rev: 15c07dff384ce4fb0e90f4f32c182a82101a1c82)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is specific to Microsoft Windows, ignore it.
Patch fixing it (https://go-review.googlesource.com/c/go/+/446916)
also adds a redundant check to generic os/exec which
could be backported but it should not be necessary as
backport always takes a small risk to break old code.
(From OE-Core rev: ae8167754ff1c02f2d92af03de804754ea77a3e5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
path/filepath: do not Clean("a/../c:/b") into c:\b on Windows
Backport from https://github.com/golang/go/commit/bdf07c2e168baf736e4c057279ca12a4d674f18c
(From OE-Core rev: f60637b3c9045656047d6ffcfaadbef5ad1d3d06)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport from https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e
(From OE-Core rev: 0f8eb0505e19ccd27e1b91f27285a9fc87f2aa93)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Backport from go-1.19. The godebug package is needed by
the fix to CVE-2022-41725.
Mostly a cherry-pick but exceptions are noted in comments
marked "backport".
(From OE-Core rev: e5cf04f55b4849ae6db1253b39ad8b037cf01af4)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3e307d538c351aa9327cbad672c884059ecc20dd]
(From OE-Core rev: d478e7ea0bb897e13d86c476966924ef9927f11a)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was the original reason to add the patch:
https://git.openembedded.org/openembedded-core/commit/?id=18efcbcb896239c64fedd009ce57f3f0c668cbc0
and this is the upstream discussion which suggests handling
read-only files explicitly outside of patchelf:
https://github.com/NixOS/patchelf/pull/89
(From OE-Core rev: 163e2d5defebab262a5ec6fa9885deedace538f2)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adapt json-c recipe to compile and deploy a ptest for json-c.
Also add a small script for executing the tests.
All tests were successful on a trial and took around 20 seconds.
(From OE-Core rev: 7d588d0727d49dcf04d7c3d8a4ec23ca2f6cc56d)
Signed-off-by: Simone Weiß <simone.weiss@elektrobit.com>
Signed-off-by: Kai Tomerius <kai.tomerius@elektrobit.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 757a5fbdeed58573c40d6e21475cc516aa49fd1c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Disable cmd/internal/moddeps test, since this update includes PRIVATE
track fixes.
Backport from https://github.com/golang/go/commit/5c3e11bd0b5c0a86e5beffcd4339b86a902b21c3
(From OE-Core rev: 7440ebac50813e5df73da2d660a50fa97de650de)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This helps in building rsync without autoconf patch, since it will be a
while that the round trip is made, better to apply this patch here until
next release of autoconf.
(From OE-Core rev: 11522b98697befcf13076a90cec4f8ade1fa0645)
(From OE-Core rev: 3eeab90fd45a1e8de6d9d16dfdec79c72639614b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8d6b8fb0863d81f60f8a8b53c3b5b4676d508965)
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: c53d465865d4a9c109322074c2653a3a8b665238)
(From OE-Core rev: 4ddd3559a3b6fbca3d4959be8762f44e4e948f7c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 51d8e0e20e2965517a64e954d51a23be52e5f4f3)
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function is referencing '${S}/..'.
It uses ${S} only as good known directory path to start
traversing from, and it does not need it to exist or be populated.
If ${S} does not exist yet, the function will fail because
it cannot evaluate path .. from non-existing directory.
Reproducer (verified in master and kirkstone):
bitbake gcc -c deploy_source_date_epoch
bitbake gcc -c cleansstate
rm -rf build/tmp
bitbake gcc -c deploy_source_date_epoch
(From OE-Core rev: 728018bbfe1de53661881a05e0359083ad544f97)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 42661a59cda164b2d236ffc35b4d8cf43312b677)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport appropriate patches to fix CVE-2022-2879 and CVE-2022-41720.
Modified the original fix for CVE-2022-2879 to remove a testdata tarball
and any references to it since git binary diffs are not supported in
quilt.
(From OE-Core rev: a896cebe1ce2363b501723475154350acf0e0783)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 66575e31b76894e217350350307b30d3684ba4fa.
Revert CVE-2021-3507 for qemu as it is not applicable for qemu6.2
Link: https://nvd.nist.gov/vuln/detail/CVE-2021-3507
Conflicts:
meta/recipes-devtools/qemu/qemu.inc
(From OE-Core rev: b7d96c1e94f79044f86de5cdf4a0eaa61d4ee0b8)
Signed-off-by: pawan <badganchipv@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 8a8a86076f9eed36b7f4c831ad8882d07de62e8e)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 70adf86b515934168a6185dcff4a8edb39a40017)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It fails to import anything from git/remote.py:
File "/path_to/python3-git-native/3.1.27-r0/GitPython-3.1.27/git/remote.py", line 700
url = Git.polish_url(url)
^
IndentationError: unexpected indent
(From OE-Core rev: 48633d8920210e55e0b9ee3004f0502f9f0eec48)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Backport fix from cpython 3.11 branch.
(From OE-Core rev: 37defd828cc6a8267139928730d766167905d21a)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Backport from https://gitea.treehouse.systems/ariadne/pkgconf/commit/628b2b2bafa5d3a2017193ddf375093e70666059
(From OE-Core rev: 5c156d8c06267b7a733aca11c53c2905e03e4a58)
Signed-off-by: Hongxu Jia <hongxu.jia@eng.windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error: Transaction test error:
file /usr/bin/vala-gen-introspect-0.56 conflicts between attempted installs of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
file /usr/bin/vapigen-wrapper conflicts between attempted installs
of lib32-vala-0.56.3-r0.armv7ahf_neon and vala-0.56.3-r0.aarch64
The differences of vala-gen-introspect-0.56 are as follows:
@@ -2,7 +2,7 @@
prefix=/usr
exec_prefix=/usr
-libdir=/usr/lib64
+libdir=/usr/lib
pkglibdir=${libdir}/vala-0.56
if [ $# -ne 2 ]
The wrapper isn't used on target so we can simply delete it.
(From OE-Core rev: 8b41b5d2e423636942e34723ad940f6f143640c9)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3cf894b8a9c4fa14fcc7c7445e85e9ae3192b398)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Error: Transaction test error:
file /usr/include/luaconf.h conflicts between attempted installs of lua-dev-5.4.4-r0.aarch64 and lib32-lua-dev-5.4.4-r0.armv7ahf_neon
The differences between the two files are as follows:
@@ -219,7 +219,7 @@
#define LUA_ROOT "/usr/"
#define LUA_LDIR LUA_ROOT "share/lua/" LUA_VDIR "/"
-#define LUA_CDIR LUA_ROOT "lib64/lua/" LUA_VDIR "/"
+#define LUA_CDIR LUA_ROOT "lib/lua/" LUA_VDIR "/"
#if !defined(LUA_PATH_DEFAULT)
#define LUA_PATH_DEFAULT \
(From OE-Core rev: b2892b3b6fa1d396f845539c0256ca0f71378b94)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b58d86f9902a7eb7a821a3e36ba298c082c0f1f1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From an SDK, running a meson setup build without an explicit setup
command can result in a native build when a cross build is expected.
The problem is in meson-wrapper where it tries to detect whether a
setup command is being used. The logic looks through all arguments for
a command, and the first argument it finds that doesn't start with a -
is treated as the command. This doesn't work for an implicit setup
command if any option with a space-separated argument exists. In this
case, the argument is incorrectly selected as the command, causing the
setup command options for the cross build to be excluded from the
command line, and thus a native build.
Improve the logic by just looking at the first argument. If it is
a known comand, then record it. Otherwise just assume it is the
implicit setup command.
Note that this fix does not address the possibility of a new meson
command. Two new echo statements are included to help the user in case
of trouble:
```
~/git/weston-imx$ meson --warnlevel 3 --prefix=/usr -Ddoc=false -Dbackend-drm-screencast-vaapi=false -Dcolor-management-lcms=false -Dpipewire=false -Dbackend-x11=false -Dxwayland=true -Dsimple-clients=all -Dbackend-wayland=false -Dbackend-default=drm -Dbackend-rdp=false -Dtest-junit-xml=false -Dlauncher-libseat=false -Dimage-jpeg=false -Dimage-webp=false -Drenderer-g2d=true build
meson-wrapper: Implicit setup command assumed
meson-wrapper: Running meson with setup options: " --cross-file=/opt/fsl-imx-internal-xwayland/6.1-langdale/sysroots/x86_64-pokysdk-linux/usr/share/meson/aarch64-poky-linux-meson.cross --native-file=/opt/fsl-imx-internal-xwayland/6.1-langdale/sysroots/x86_64-pokysdk-linux/usr/share/meson/meson.native "
The Meson build system
Version: 0.63.3
```
(From OE-Core rev: 1f30dedee80669475557d9de5f130b7a23eaa7ec)
Signed-off-by: Tom Hochstein <tom.hochstein@nxp.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9338bd66a3c9ab5cb781f2ee588306c5b31a3cb5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add direct dependency of below native python3 modules
to fix the compile issue
python3-semantic-version-native
python3-setuptools-native
python3-setuptools-scm-native
python3-toml-native
python3-typing-extensions-native
python3-wheel-native
This issue is not seen in the upstream yocto but in the project,
where the python modules are not built by any other dependency.
They have to be explicitly pulled.
This fixes below error:
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/setuptools/config.py", line 422, in _parse_attr
module = importlib.import_module(module_name)
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/recipe-sysroot-native/usr/lib/python3.10/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1050, in _gcd_import
File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 883, in exec_module
File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/setuptools-rust-1.1.2/setuptools_rust/__init__.py", line 1, in <module>
from .build import build_rust
File "<path to file>/python3-setuptools-rust-native/1.1.2-r0/setuptools-rust-1.1.2/setuptools_rust/build.py", line 23, in <module>
from typing_extensions import Literal
ModuleNotFoundError: No module named 'typing_extensions'
(From OE-Core rev: 0ae1ed426e97d9d53fb31a9751de5a3f1898b16b)
Signed-off-by: Poonam Jadhav <Poonam.Jadhav@kpit.com>
Signed-off-by: Poonam Jadhav <ppjadhav456@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently binutils in buildtools is searching for /etc/etc/ld.so.conf
which makes no sense. ld_sysconfdir already contains /etc so we need to
drop the /etc from the fixed string.
(From OE-Core rev: 47528fa2aa590b3e04e4cc2b66704143419a92d1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ccd28c418ab8390118d738fbe914395b5c2a1f75)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=8af23b30edbaedf009bc9b243cd4dfa10ae1ac09]
(From OE-Core rev: 3dd27bbe8c19aa358916de940453de81d3831510)
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport 2 patches and rebase
0001-hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch to fix
compile error:
../qemu-6.2.0/hw/display/qxl.c: In function 'qxl_phys2virt':
../qemu-6.2.0/hw/display/qxl.c:1477:67: error: 'size' undeclared (first use in this function); did you mean 'gsize'?
1477 | if (!qxl_get_check_slot_offset(qxl, pqxl, &slot, &offset, size)) {
| ^~~~
| gsize
../qemu-6.2.0/hw/display/qxl.c:1477:67: note: each undeclared identifier is reported only once for each function it appears in
(From OE-Core rev: b3f42317c1932253e7e6b2fd7a263bdbd6c2f69a)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade git to latest 2.37.x release to address
security issues CVE-2022-23521 and CVE-2022-41903.
(From OE-Core rev: 0e7de5066491bc9b860ad4d65965d6f848898aff)
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
bootchart2 introduced a variable EARLY_PREFIX for supporting systems
with usrmerge [1]. Right now, the recipe here is sidestepping this
feature and trying to replicate it by overwriting other variables and
even patching the sources. This wasn't enough, however, as there are
still problems: For example, some setup code in the bootchart-collector
fails because it expects EARLY_PREFIX to be used [2].
Cleanup the recipe to set EARLY_PREFIX and remove the other workarounds.
[1]: https://github.com/xrmx/bootchart/commit/56a638ace1d172163b6d636c89892446b8add4b6
[2]: https://github.com/xrmx/bootchart/blob/3d2136d0335718fbe1a8e2370ccbc30123a6e593/collector/collector.c#L670-L672
Fixes: 4157600d3122 ("bootchart2: switch to add patch from change source in do_install")
(From OE-Core rev: 5d2e5abd098ae0b4f904cd7270daa1eb61708fa6)
Signed-off-by: Harald Seiler <hws@denx.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7031bc65b10040877392ed774a0cdddef85c12e0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
