| Age | Commit message (Collapse) | Author |
|---|
|
This helps avoid these errors:
ERROR: lockdev-1_1.0.3-r0 do_cve_check: File Not found: /home/build/builds/master/tmp/work/core2-64-poky-linux/lockdev/1_1.0.3-r0/lockdev_1.0.3-1.6.diff
We should continuing to scan other applied patches for CVE info.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
I don't see the point in logging native, nativesdk etc.
The bottom line is the BPN has the issue.
Allow folks to filter out those other package name variations via
CVE_CHECK_MANIFEST_FILTER
Signed-off-by: Armin Kuster <akuster808@gmail.com>
--
[V2]
rename varible to CVE_CHECK_FILTER_BUILD_TOOLS
|
|
Let archive package cve.logs too
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Provide a method to clone and push to a git repo
Provide a method to pre-populate buildhistory
Maybe remove the need for external scripts to do the same
Three new variables:
BUILDHISTORY_BRANCH - branch used for checkout and pushing
BUILDHISTORY_CLONE - git repo uri
example:
BUILDHISTORY_BRANCH="${DISTRO}/gatesgarth/${MACHINE}"
BUILDHISTORY_CLONE = "git@gitlab.com:akuster/oe-buildhistory"
BUILDHISTORY_PUSH_REPO = "origin ${BUILDHISTORY_BRANCH}"
Signed-off-by: Armin Kuster <akuster808@gmail.com>
----
[V2]
Use BUILDHISTORY_CLONE instead of BUILDHISTORY_REPO_URI
Simplified initial clone to one step
|
|
Pull in the changes:
makewrappers: Fix glibc 2.33 fstatat usage issues
ports/linux: Add wrapper for fstatat/fstatat64 in glibc 2.33
(From OE-Core rev: dfcb1c5eb2690046f96c2bb6724e091028ddc3ec)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 317f8bf320383e81085f5740e202a7edb12932c7)
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[Yocto #14226]
[RP: Small patch filename fixup to allow to build]
(From OE-Core rev: 1de7a3fe68080759c5fc52c8bfe7dcf4a860a2ac)
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: bbd158a123e070f1b1cc92436da64bc64e87b298)
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- it will be useful for shaderc
(From OE-Core rev: 49972f91d434303e4744a608b2e8c00fcbcc5397)
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 817197e69a6b3945ffa5ba52ba5577b45e497fb3)
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 3341601d6ef7e16f2e296a58d3b6b28d099aa1a3)
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: fc4a42442a31f094ef20d9d2f97b4e2e1a9bbead)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Move ffmpeg configuration options to Yocto PACKAGECONFIG options.
(From OE-Core rev: 30b68fa0386fa525df92ebce4d63e501598e65fe)
Signed-off-by: Suji Velupillai <suji.velupillai@broadcom.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It appears these exclusions are no longer needed with master, drop
them and improve our reproducibilty metrics.
(From OE-Core rev: c71c984a9cd6d130ece08153d7d92bb33c7ec444)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This makes comparisions between lists easier.
(From OE-Core rev: d2c52125d1cdc06c7e08d507ca68f3e4612a4314)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This helps with trimming down the list, and towards 100% reproducibility :)
(From OE-Core rev: da7a173d7a01524229c8515326465968a845e96f)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The remoting backend of weston requires the GStreamer base plugins, so
add them to the PACAKGECONFIG depends list.
(From OE-Core rev: 0b45994656fee7c4b7bdb5bd8571f0c61217a182)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The commercial license flag on libomxil is set because it may include
the Adaptive Multi-Rate audio codec (AMR) using FFmepg, which is patent
encumbered.
It turns out this component is disabled by default in the recipe; add a
PACKAGECONFIG to enable it and trigger the "commercial" LICENSE_FLAGS on
it. This make the default build configuration clean unless a user
specifically asks for AMR support, and prevents them from marking the
recipe with the "commerical" flag unnecessarily which could hide
potential problems later on.
(From OE-Core rev: 5f61e20002c2af93e2d6810574e23606925526ee)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When used in SDKs we need to provide the perl modules used by autoconf.
Add new ones needed by recent changes.
(From OE-Core rev: b548c2f4d1d88f80d713551a408064d4f5ff3d7f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Calling autoreconf with on-device sdk fails due to missing perl modules
which are required for it to work with autoconf 2.71+
Fixes
Can't locate File/Temp.pm in @INC (you may need to install the File::Temp module) (@INC contains: /usr/share/autoconf /usr/lib/perl5/site_perl/5.32.0/riscv32-linux /usr/lib/perl5/site_perl/5.32.0 /usr/lib/per
l5/vendor_perl/5.32.0/riscv32-linux /usr/lib/perl5/vendor_perl/5.32.0 /usr/lib/perl5/5.32.0/riscv32-linux /usr/lib/perl5/5.32.0 .) at /usr/bin/autoreconf line 50.
BEGIN failed--compilation aborted at /usr/bin/autoreconf line 50.
(From OE-Core rev: fa047cc649ceaa5f65569179b3c372d246d4ba0c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Older seccomp-based filters used in container frameworks will block faccessat2
calls as it's a relatively new syscall. This isn't a big problem with
glibc <2.33 but 2.33 will call faccessat2 itself, get EPERM, and thenn be confused
about what to do as EPERM isn't an expected error code.
(From OE-Core rev: 4d6ad6d611834c2648d6bf9791cb8140967e2529)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The current recipe unconditionally RDEPENDS on nodejs (the target one).
When building on the "-native recipe" of "BBCLASSEXTEND native" recipe,
the target nodejs is unnecessarily built.
This patch fixes this by only RDEPENDS on nodejs when building for the target.
(From OE-Core rev: 92a9a86df9e3bcffb13d2f8b5dcbe7822170f734)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adding -O can be troublesome in some packages where it may override the
O<n> specified by CFLAGS, this can be due to configure processing of
CFLAGS and munging them into new values in Makefiles, which is
contructed from CC and CFLAGS passed by bitbake environment. Problem
arises if the sequence is altered, which seems to be the case in some
packages e.g. ncurses, where the value from CC variable is added last
and thus overrides -O<n> coming from CFLAGS,
Therefore grok the value from SELECTED_OPTIMIZATION and append the
appropriate -O<level> flag to lcl_maybe_fortify so the level does not
change inaderdantly.
Since we do not use -O0 anymore there is no point of checking for
DEBUG_BUILD since it uses -Og now which works fine with
-D_FORTIFY_SOURCE=2, so check for optlevel O0 instead
(From OE-Core rev: 9571a18f7d15b3bffafc2e277ab90a21d6763697)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LCL_STOP_SERVICES needs tcf/cpudefs-mdep.h ported
(From OE-Core rev: ed5e0de938469a7fa4e6cd725d9e0c8325d890d3)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bug fix only and includes two security fixes:
CVE-2021-26675
CVE-2021-26676
Changelog:
- Fix issue with scanning state synchronization and iwd.
- Fix issue with invalid key with 4-way handshake offloading.
- Fix issue with DNS proxy length checks to prevent buffer overflow.
- Fix issue with DHCP leaking stack data via uninitialized variable.
[Yocto #14231]
(From OE-Core rev: eb20fd47d738f469f7bbeb4b8d85040f9163722b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Pull in:
ports/rename/renameat: Avoid race when renaming files
ports/unix: Add faccessat and faccessat2
ports/access.c: Use EACCES, not EPERM
which includes a fix for rename race issues causing pseudo aborts.
(From OE-Core rev: 330c232e4f756296331f9026e91ac26fd45f0315)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Tinfoil doesn't behave well if environment is not initialized, this check ensures a proper error log if environment is not initialized.
[YOCTO #12096]
(From OE-Core rev: e88073e16f1b4cfd0f97c81a988640a84adad674)
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Support added to configure mpg123 for FPU-less targets. Building for
fixed-point arithmetic increases performance on such devices.
(From OE-Core rev: 55a65571d19407befd3c2d152680573d7318c279)
Signed-off-by: Robert Rosengren <robert.rosengren@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The original patch contained some text which shouldn't have been there
and used brackets in configure which isn't a great idea. Tweak the patch
to resolve this.
(From OE-Core rev: 63cbf187fe189c99645fe3afee8a6361a9a32cdc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0001-Move-python-helper-scripts-used-only-in-tests-to-Pyt.patch
0001-libparted-fs-add-sourcedir-lib-to-include-paths.patch
0002-tests-use-skip_-rather-than-skip_test_-which-is-unde.patch
removed since they are included in 3.4
Add python3-core to RDEPENDS_parted-ptest
since /usr/lib/parted/ptest/tests/msdos-overlap contained in package parted-ptest requires /usr/bin/python3
(From OE-Core rev: c7d7e5f8177cdebd580ca7ff8f4412596567aff1)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: cac7f890f6b223006c1c290e76b9d575b729d87d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bitbake changed the debug() logging call to make it compatible with
standard python logging by no longer including a debug level as the
first argument. Fix up the few places this was being used.
Tweaked version of a patch from Joshua Watt.
(From OE-Core rev: 5aecb6df67b876aa12eec54998f209d084579599)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 8ddfab7b185dbba171afce80260e5638eb06a769)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(Bitbake rev: 9f23fa605c542a705d00c6c263491899d55bb0d9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The bitbake logger overrode the definition of the debug() logging call
to include a debug level, but this causes problems with code that may
be using standard python logging, since the extra argument is
interpreted differently.
Instead, change the bitbake loggers debug() call to match the python
logger call and add a debug2() and debug3() API to replace calls that
were logging to a different debug level.
[RP: Small fix to ensure bb.debug calls bbdebug()]
(Bitbake rev: f68682a79d83e6399eb403f30a1f113516575f51)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When adding a layer, parse error can occur, raising BBHandledException.
Catch this and error, aborting the layer add to meet user expectations.
[YOCTO #14054]
(Bitbake rev: ceddb5b3d229b83c172656053cd29aeb521fcce0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
From tinfoil, if you edit bblayers.conf and break it, then call
parseConfiguration (e.g. by adding a bad layer with bitbake-layers),
the system doens't show any parse error yet it should.
Add in a call to the updateCache function so that things really
are reparsed when requested.
Partially fixes [YOCTO #14054]
(Bitbake rev: e655f9361b9c3b77906b8e06b5cc76bc5180640e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"python*" as python function
If shell function name starts with 'python' or 'fakeroot' parser wrongly
assumes it's python/fakeroot function.
[YOCTO #14204]
Use regex lookahead assertions to check if 'python' expression is
followed by whitespace or '(' and if 'fakeroot' is followed by
whitespace.
(Bitbake rev: b07b226d5d1b3acd3f76d8365bc8002293365999)
Signed-off-by: Tomasz Dziendzielski <tomasz.dziendzielski@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The get-outhash message can be sent via the get_outhash client method.
This works in a similar way to the get message but looks up a db entry
by outhash rather than by taskhash. It is intended to be used as a
read-only form of the report message.
As both handle_get_outhash and handle_report use the same query string
we can factor this out.
(Bitbake rev: dc19606ada29a4d8afde4fcecd8ec986b47b867e)
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use the new get-outhash message to perform a read-only query against an
upstream server (if present) when a reported taskhash/outhash
combination is not found in the current database. If a matching entry is
found upstream it is copied into the current database so it can be found
by future queries.
(Bitbake rev: 2be4f7f0d2ccb09917398289e8140e1467e84bb2)
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Short form arguments are added for convenience.
(Bitbake rev: 921199a4923ce383b27e23c9b7e34eb785c8bae3)
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The hashserv server already implements support for pulling hash data
from another "upstream" server. Add the -u/--upstream argument to the
bitbake-hashserv app to expose this functionality to users.
(Bitbake rev: 8de510f1de35e581bcd5858edf23619c6a4cf923)
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The -r/--readonly argument is added to the bitbake-hashserv app. If this
argument is given then clients may only perform read operations against
the server. The read-only mode is implemented by simply not installing
handlers for write operations, this keeps the permission model simple
and reduces the risk of accidentally allowing write operations.
As a sqlite database can be safely opened by multiple processes in
parallel, it's possible to start two hashserv instances against a single
database if you wish to export both a read-only port and a read-write
port.
(Bitbake rev: 492bb02eb0e071c792407ac3113f92492da1a9cc)
Signed-off-by: Paul Barker <pbarker@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
tools/binman/binman needs python3-setuptools now.
(From OE-Core rev: cb896051a7e7b25c02fb40aa8a422d3e5580dd34)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
files in wic tmp directory can be usefull for debugging, so do not remove
tmp directory when wic create run with debugging mode (-D or --debug).
also update wic.Wic.test_debug_short and wic.Wic.test_debug_long to
check for tmp directory.
[YOCTO#14216]
(From OE-Core rev: a122e2418b67d38f691edcf8dd846c167d6b4fa9)
Signed-off-by: Lee Chee Yang <Chee.Yang.Lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: c64b06296b378e99cde489583c97b7d7edba4f88)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently the install script copy only few hard coded item while
setting up target ESP, kernel artifacts, all .efi in EFI/BOOT,
grub & boot cfg and loader.conf.
While ESP can be much complex, eg: contain multiple initrd.
Add a ESP folder to carry any other files to setup onto ESP.
(From OE-Core rev: 6eaca9cf20c42501fba27dea3a6446bad948e859)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are times when exluding or including a layer
may be desired. This provide the framwork for that via
two variables. The default is all layers in bblayers.
CVE_CHECK_LAYER_INCLUDELIST
CVE_CHECK_LAYER_EXCLUDELIST
(From OE-Core rev: 5fdde65ef58b4c1048839e4f9462b34bab36fc22)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Lets include whcih layer a package belongs to and
add it to the cve logs
(From OE-Core rev: 00d965bb42dc427749a4c3985af56ceffff80457)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
20.9 - 2021-01-29
~~~~~~~~~~~~~~~~~
* Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
* Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
* Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
(:issue:`387` and :issue:`389`)
(From OE-Core rev: 6199c71030d527c57a1cb8496a377afb503d7670)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Armin Kuster
Richard Purdie
Michael Halstead
Jose Quaresma
Oleksandr Kravchuk
Suji Velupillai
Alexander Kanavin
Joshua Watt
Khem Raj
Ross Burton
Yoann Congal
Dorinda
Robert Rosengren
Wang Mingyu
Tomasz Dziendzielski
Paul Barker
Lee Chee Yang
zhengruoqin