summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2021-11-03bitbake: fetch/git: Handle github dropping git:// supportzeusRichard Purdie
github is dropping support for git protocol in Git urls. Add code to remap this to https in a way that could be used in older bitbake versions. (Bitbake rev: 7150c8286fba6c4b5ab03d3a74f06e068c9c28c8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10selftest/signing: Ensure build path relocation is safeRichard Purdie
Similarly to 04ee0e8b95cd8ed890374e0007f976684206b630, ensure only full build paths are replaced in the environment to avoid breaking buildtools. (From OE-Core rev: db8ceed8f2eca92a4cffe8295481d8041281fdd0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10uninative: Upgrade to 2.9Khem Raj
This supports glibc upto 2.32 which is now rolling into distributions (From OE-Core rev: 8523e55cc70ef5972da63a666aabacfe2a258e8f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10gnutls: CVE-2020-24659Zhixiong Chi
Backport the CVE patch from the usptream: https://gitlab.com/gnutls/gnutls.git commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a (From OE-Core rev: 7a9969fe8cb8b039976bcd482d7b815922ae54ea) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10go: Security Advisory - go - CVE-2020-24553Li Zhou
Backport the patch from <https://github.com/golang/go/commit/ eb07103a083237414145a45f029c873d57037e06> to solve CVE-2020-24553. (From OE-Core rev: 794dfa173adbce781c9fe609d58d3ed9b8cbd501) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10qemu: CVE-2020-14364Li Wang
Backport patch from: https://git.qemu.org/?p=qemu.git;a=patch;h=b946434f2659a182afc17e155be6791ebfb302eb (From OE-Core rev: 8b4163c4e60f5e96790522e129f84102831feb8e) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10bind: Security Advisory - bind - CVE-2020-8624Li Zhou
Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/e4cccf9668c7adee4724a7649ec64685f82c8677> to solve CVE-2020-8624. (From OE-Core rev: 660d170b6889b5e644da9fbef22220f63169aeb5) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10bind: Security Advisory - bind - CVE-2020-8623Li Zhou
Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab> to solve CVE-2020-8623. (From OE-Core rev: cfbd144e94452bc4a197b284b5ec47cfff5b0047) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10bind: Security Advisory - bind - CVE-2020-8622Li Zhou
Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/6ed167ad0a647dff20c8cb08c944a7967df2d415> to solve CVE-2020-8622. (From OE-Core rev: 64a2b62c41574bf4d45dd8ed447ee3b6c05fbd84) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10qemu : fix CVE-2020-15863Li Wang
(From OE-Core rev: 30b0784e2eef9c4d45296857b0792a4374020fab) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Li Wang <Li.Wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10qemu: CVE-2020-10756Stefan Ghinea
An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. References: https://nvd.nist.gov/vuln/detail/CVE-2020-10756 https://bugzilla.redhat.com/show_bug.cgi?id=1835986 Upstream patches: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c7ede54cbd2e2b25385325600958ba0124e31cc0 (From OE-Core rev: b6d73f9f8c055928051dc57943baf5833568d04f) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10go: CVE-2020-16845Zhixiong Chi
Backport CVE patch from the upstream: https://github.com/golang/go.git commit 027d7241ce050d197e7fabea3d541ffbe3487258 (From OE-Core rev: 4fa2a6c171e62855ad9a2bd7a2d8507067f62988) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10qemu: CVE-2020-16092Li Wang
Backport CVE patch from the upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 (From OE-Core rev: ffb65dd34fce4c75b9aa00dc0197bf83198a9980) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10xserver-xorg: Security Advisory - xserver-xorg - CVE-2020-14347Li Zhou
Backport patch from <https://gitlab.freedesktop.org/xorg/xserver/-/ commit/aac28e162e5108510065ad4c323affd6deffd816> to solve CVE-2020-14347. (From OE-Core rev: 850b454c090523f7f7503d4472fda77a4b2fc7a0) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10oeqa/runtime_test: Disable test_testimage_virgl_gtkRichard Purdie
This test keeps failing on the autobuilder and is proving extremely annoying. It works much better in later releases but for zeus and earlier, lets just stop running it as it doesn't really tell us anything useful at this point, nobody has any plans to improve the distro exclusions or otherwise fix it in the older releases. (From OE-Core rev: 290b9083b539a938fe8e12d5b17bb1348644a4e8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10python3-testtools: Avoid traceback2 module requirementRichard Purdie
traceback2 adds traceback for python2. Rather than depend on traceback2, we're python3 only so just use traceback. This caused breakage in oe-selftest -j which uses testtools on the autobuilder using buildtools-tarball. [YOCTO #13652] (From OE-Core rev: ee80a06c107375e3cf0d246ea17c09dda4536dab) (From OE-Core rev: 9f51e83ab407c3dff6624b6ae1b03ca6c326d382) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10acl: Disable parallel make installRichard Purdie
Similiarly to attr, do_install fails on newer versions of make with interesting and hard to debug errors. Disablle parallle make install as a workaround. Later verisons of acl in newer releases don't have the issue. (From OE-Core rev: 036a4b425f88a237c2c7c1b9575bd2d372a8e130) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10attr: Disable parallel make installRichard Purdie
do_install fails on newer versions of make with interesting and hard to debug errors. Disablle parallle make install as a workaround. Later verisons of attr in newer releases don't have the issue. (From OE-Core rev: 3bea0931087698b9913f56bb93df3ef279ab4930) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10oeqa/selftest: Ensure buildtools in environment variables isn't replacedRichard Purdie
This avoids the seeing broken replacements like: oe-selftest-centos/build/build-st-926tools/sysroots/x86_64-pokysdk-linux/etc/ssl/certs/ca-certificates.crt which understandably break builds. (From OE-Core rev: 04ee0e8b95cd8ed890374e0007f976684206b630) (Cherry-picked from f930e2cadb9ee69759720b6c49aeeb6dd43a7edd but adjusted for thud) (From OE-Core rev: 3841b0e2a2e1c1ebd296c6057831b3e463fcba69) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10oeqa/testsdk: Use original PATHRichard Purdie
We want to test the SDK with PATH from the original host, not with our own tools injected via HOSTTOOLS. It even uses some tools which aren't in HOSTTOOLS. This is necessary after changing the SDK to not reset PATH to the system default which is bad for other reasons and brings the testing into sync with that change. (From OE-Core rev: 87c9602fd0dedc7bcf75b822aaf5f6ebfc17737c) (From OE-Core rev: e58bc5ea7d4da2e50e1820e80a5f906ce38d2372) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10buildtools-extended-tarball: add nativesdk-libxcrypt-devJeremy Puhlman
virtual/crypt-native is assume provided in bitbake.conf, so buildtools-extended-tarball shoud provide crypt since it doesn't use the host's headers/libraries. [YOCTO #13714] (From OE-Core rev: da948b25d5ef452fb35275d108e18d2a2829f4fb) (From OE-Core rev: bc42406d83310398bc4d4db4244252411eff117d) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10glibc: Update nativesdk locale relocation patchRichard Purdie
The locale binary reported incorrect locale lists in relocated toolchains as some path references were not relocated by this patch. Fix this missing relocations so the locale binary correctly reports the locales. (From OE-Core rev: f7a6a72880009380ae81bc7fc863921a26811c8c) (From OE-Core rev: e4c4337e642f565e9988a4a2c50a995090d1f49e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10buildtools-tarball: add nativesdk-pythonJeremy Puhlman
(From OE-Core rev: 6467eb4461f3cab16cab2ba63154c92fc2adacef) Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10buildtools-tarball: export OPENSSL_CONF in environment setupSteve Sakoman
The autobuilder has been experiencing SSL: CERTIFICATE_VERIFY_FAILED errors during error report uploads when using buildtools due to looking for certs in /opt/poky (From OE-Core rev: 197f1d5d14b8e57295f5a81c03c86abba5328614) (From OE-Core rev: 35c6ab2501672083cf8b974d8b9c3daa3202de36) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10buildtools-tarball: export OPENSSL_CONF for opensslLiwei Song
export OPENSSL_CONF to aviod SDK openssl can not find openssl.cnf. (From OE-Core rev: 0aaf3dd17dcde959e9c0d62543cb91c9b33551b4) (From OE-Core rev: 63d8569b2c9f66e8123e2672a7f8fb8e7cc1f0b4) Signed-off-by: Liwei Song <liwei.song@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10buildtools-extended-tarball: Add libstc++.aJeremy Puhlman
Builds like native-openjdk, really wants a to link some tools against the static version. Since when using the extended tarball, its the only place to get it, add the library. (From OE-Core rev: 59c4a3fdbbfd5a6aaba7e0a1675dcd5866a7f3a4) (From OE-Core rev: 152709dec03bbac582ca63b65f2efb835e0b33fb) Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10nativesdk-buildtools-perl-dummy: add dependencies for autoconf and automakeTim Orling
* For buildtools-extended-tarball, where we are adding all of build-essentials to the nativesdk, we need additional perl modules for autoconf and automake. (From OE-Core rev: f0f766160663407ea7683d31bbf5f011accc9ba2) (From OE-Core rev: e7ade58a7da52ebb40120020dd86dd3ae9b2148e) Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10buildtools-extended-tarball: Add locale commandRichard Purdie
The eSDK installation code checks installed locales with the locale command which is from glibc-utils. Add this so that we find the correct locales from the buildtools. (From OE-Core rev: 7d35e4bc6ff94a2d03c48827d7d60a6855c9029d) (From OE-Core rev: d99b6432decec0964ac0e08698abc782c9b114f5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10files/toolchain-shar-extract.sh: Rework PATH cleaningRichard Purdie
Trying to create a clean PATH breaks cases where we install a buildtools tarball on hosts to provide newer versions of gcc. Rework the fix for #8698 to clean up directories in PATH which don't exist isntead. Do it with python as the shell version was too fraught with corner cases. (From OE-Core rev: 7674b63819aa7ca95ca5ca5477a5cce32e9691eb) (From OE-Core rev: 9825236deacf6eb311121d233435a46288c02cdb) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10binutils: Install non-alternatives links for nativesdkRichard Purdie
In the SDK we need the plain symlinks and don't use alternative providers. When these are missing the toolchain can work incorrectly so fix this. (From OE-Core rev: 0c06cfaa016d06cc56d80dc1c244a938f3d38a3c) (From OE-Core rev: 0d299c5dc04407d2d54574157f4014f50f2d0468) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10binutils: Fix relocation of ld.so.conf in nativesdk buildsRichard Purdie
We need binutils to look at our ld.so.conf file within the SDK to ensure we search the SDK's libdirs as well as those from the host system. There add a patch which passes in the directory to the code using a define, then add it to a section we relocate in a similar way to the way we relocate the gcc internal paths. This ensures that ld works correctly in our buildtools tarball. Standard sysroot relocation doesn't work since we're not in a sysroot, we want to use both the host system and SDK libs. (From OE-Core rev: f6c1089642934ad93056ef19a0888965486ee030) (From OE-Core rev: 09a2b16ac2bd1e3e415131e46315c851373aa7e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10buildtools-tarball: Add an ld.so.conf for nativesdk-binutilsRichard Purdie
We need to search our own libdirs, then fall back to the system ones as our customised dynamic loader will. Have ld.so.conf reflect that. This ensures that binutils finds libraries here when linking too. (From OE-Core rev: ab729c362684474a8346e5256d636200826feb47) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-10buildtools-extended-tarball: add recipe with build-essentialsTim Orling
* For some aging distros, such as CentOS 7, the native version of gcc is simply too ancient and is a constant source of headaches for moving forward. * Add an extended version of buildtools-tarball which adds all of build-essential, so that the host is now modernized and capable of compiling the latest versions of components. Fixes [YOCTO #13714] (From OE-Core rev: f0377af2325613b63716b0bb4db1ab253d79f388) (From OE-Core rev: bb4979f0e8367b475cc9a5274933a61bb0eb64b3) Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-09bitbake: tests/fetch: Allow wget upgrade tests to run against a local serverRichard Purdie
Currently these tests rely upon multiple uptream webservers which may change or be unavailable. Add local copies of the test data, copy the httpserver from OE-Core (used for testing there) and run these tests against a local server instead. (Bitbake rev: 1d4f3a5cb64273508357cddc32cc5367e7807191) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-08bitbake: fetch2: Change git fetcher not to destroy old referencesRichard Purdie
It looks like we're about to see a lot of changes in branch names in repos. If we have the prune option here, those old names are lost, the changes propagate to our source mirrors and our old releases break. We have the force option so any replaced references should be replaced, its only orphaned branches which will now be preserved. I believe this behaviour will cause us fewer problems given the changes that look likely to happen. (Bitbake rev: e2fc4147bbe436ac79de187d92d3bc80a8a95349) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-16Documentation: Prepared for 3.0.4 releaseakuster
(From yocto-docs rev: 9f51be3a11b7422aba3617a90a98336c3c75f71e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-14build-appliance-image: Update to zeus head revisionzeus-22.0.4yocto-3.0.4Richard Purdie
(From OE-Core rev: 9cad716656b427e625a470a820b8b29b1ec9f976) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-14poky.conf: Bump version for 3.0.4 zeus releaseRichard Purdie
(From meta-yocto rev: 6cd2fc85bd6a40474b21b83408c0a57bb819649f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-12libpcre: Add fix for CVE-2020-14155Rahul Taya
Added below patch in libpcre CVE-2020-14155.patch This patch fixes below error: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre via a large number after (?C substring. By sending a request with a large number, an attacker can execute arbitrary code on the system or cause the application to crash. Tested-by: Rahul Taya <Rahul.Taya@kpit.com> (From OE-Core rev: 3f536edfa56ce3f93223c23ed48427a0c24ede1a) Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-12go: Security Advisory - go - CVE-2020-15586Li Zhou
Backport patch from <https://github.com/golang/go/commit/ fa98f46741f818913a8c11b877520a548715131f> to solve CVE-2020-15586. (From OE-Core rev: 0e8526ce8694ebd6988c3804e4d2ccf39cda90c7) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-12pypi.bbclass: use new pypi UPSTREAM_CHECK_URITim Orling
Upstream https://pypi.python.org/pypi/${PYPI_PACKAGE}/ redirects to https://pypi.org/project/${PYPI_PACKAGE}/ (From OE-Core rev: b535360f0bd2fb6a057b678f35da1803a31eeba6) Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit e5f3f961242d888f3f786af8f793bf1d247fdff0) [Yocto # 13990] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-12pypi.bbclass: mind package suffix on version checkKonrad Weihmann
Some pypi packages do have suffixes like dev, or a0 or b1. When doing a version check on these, the version will get falsely identified as major release versions. Add a terminating slash to rule out those false positives (From OE-Core rev: 13b145b9551884534f1dd2446eccfc55abc25f38) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 0603f6d9f2abfa67b99b1bc39228f6aa16a0370d) [Yocto bug #13990] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-04gstreamer1.0: fix builds with make 4.3Anuj Mittal
Depend on make-native instead of using host make to avoid errors like: | controller-enumtypes.c:10:1: error: stray '\' in program | 10 | \#include "gstinterpolationcontrolsource.h" | | ^ | controller-enumtypes.c:10:2: error: stray '#' in program | 10 | \#include "gstinterpolationcontrolsource.h" | | ^ | controller-enumtypes.c:10:11: error: expected '=', ',', ';', 'asm' or '__attribute__' before string constant | 10 | \#include "gstinterpolationcontrolsource.h" | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | controller-enumtypes.c:11:1: error: stray '\' in program | 11 | \#include "gstlfocontrolsource.h" | | ^ | controller-enumtypes.c:11:2: error: stray '#' in program | 11 | \#include "gstlfocontrolsource.h" This helps building on autobuilder where some workers have buildtools with make 4.3 installed. Building using meson works fine so later branches are not affected and upstream has rejected patches to fix this: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/515 (From OE-Core rev: 74e22d0d2b61d0014f408972725469bb7a024622) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-04core: glib-2.0: fix requested libmount/mkostemp/selinux not being linked inAhmad Fatoum
Since 010202076760 ("meson.bbclass: avoid unexpected operating-system names"), meson is no longer used with a cross file that appends the used libc to the operating system name, e.g. linux-gnueabi. Prior to that commit, the host_system == 'linux' checks in glib's meson failed, which led to glib being compiled without libmount, mkostemp and selinux even if explicitly requested. As the aforementioned commit affects all recipes built by glib, it might not be a candidate for backporting to current stable branches. To fix just the glib issue, instances of host_system == 'linux' are patched locally. The patch is marked as Upstream-Status: Inappropriate as it is rendered unnecessary for OE releases newer than Dunfell. (From OE-Core rev: 2adcc5ade62fe10715a6c943565f71efe7627229) Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-04glibc: CVE-2020-6096Zhixiong Chi
Backport the CVE patch from the upstream: git://sourceware.org/git/glibc.git commit 79a4fa341b8a89cb03f84564fd72abaa1a2db394 commit beea361050728138b82c57dda0c4810402d342b9 (From OE-Core rev: 9059f720f00f7b8dfac89d842ad19876eae201d5) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-04nss: Fix CVE-2020-12399Ovidiu Panait
Master (nss version 3.54) is not affected by this issue. This is a backport from nss version 3.54. NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Upstream patch: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e (From OE-Core rev: c447b32c1ec0c117748a4be68dda02d375c81b85) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-04cve-update: handle baseMetricV2 as optionalKonrad Weihmann
Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: e1c507da9fa5fd12dd42037d0476d94fe3aac730) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fdcbf3f28289188c5a97664d1421d4a5c4991eda) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-04python3-numpy: Stop shipping manual config filesAdrian Bunk
Automatic generation seems to work fine, and does not become outdated. (From OE-Core rev: 49a9b38bb8355aa6b3413335851b7b609356e33b) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8993270f8bc65e152418d84fde03f8ead83c054b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-04selftest/context: Avoid tracebacks from tests using multiprocessingRichard Purdie
We can see tracebacks where the SIGTERM handler catches things it shouldn't. Avoid exit(1) unless we're the process that it was intended for. [YOCTO #13664] (From OE-Core rev: d9c62ffac611310efd47ed6397d31dccb72fe868) (From OE-Core rev: 45b4bd7b4d30d81bdff0d471e8d97c2322ed2f75) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dba8c1d5ef0b574b7772d59e5992bfad8b7cca13) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-08-04sqlite: backport CVE fixSakib Sajal
Fixes CVE-2020-11655 (From OE-Core rev: 3b06a6c73f4e49c6d00f758423c2e8865ec2de00) (From OE-Core rev: 36edee3e489e7bd94d6fa555f87d94c5ec0f3ad8) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [ without the CVE-2020-11656 fix that did not apply cleanly ] Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>