| Age | Commit message (Collapse) | Author |
|---|
|
Fixes use-after-free in xmlEncodeEntitiesInternal() in entities.c
CVE: CVE-2021-3516
Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/1358d157d0bd83be1dfe356a69213df9fac0b539]
(From OE-Core rev: 490cddd7baf1aacb814128b611aabf82fda3e77b)
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c
CVE: CVE-2021-3517
Upstream-status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/bf22713507fe1fc3a2c4b525cf0a88c2dc87a3a2]
(From OE-Core rev: 16ad173ba0e8f88b23c62aa8357b8afca36c2161)
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We've noticed that:
MACHINE=qemuarm oe-selftest -r glibc.GlibcSelfTest.test_glibc
ends up with one process growing to about the size of system memory
and triggering the OOM killer. This has been taking out other builds
running on the system on the autobuilders and is one cause of our
intermittent failures.
This was tracked down to:
WORKDIR=XXX/tmp/work/armv7vet2hf-neon-poky-linux-gnueabi/glibc-testsuite/2.33-r0
BUILDDIR=$WORKDIR/build-arm-poky-linux-gnueabi QEMU_SYSROOT=$WORKDIR/recipe-sysroot
QEMU_OPTIONS="$WORKDIR/recipe-sysroot-native/usr/bin/qemu-arm -r 3.2.0" \
$WORKDIR/check-test-wrapper user env GCONV_PATH=$BUILDDIR/iconvdata LOCPATH=$BUILDDIR/localedata LC_ALL=C $BUILDDIR/elf/ld-linux-armhf.so.3 \
--library-path $BUILDDIR:$BUILDDIR/math:$BUILDDIR/elf:$BUILDDIR/dlfcn:$BUILDDIR/nss:$BUILDDIR/nis:$BUILDDIR/rt:$BUILDDIR/resolv:$BUILDDIR/mathvec:$BUILDDIR/support:$BUILDDIR/nptl \
$BUILDDIR/nptl/tst-pthread-timedlock-lockloop
although other glibc tests appear to use 16GB of memory before failing
anyway. By capping the VM size to 8GB, we see the same number of failures
but no OOM situations. There may be some issue in qemu or the test which
could be improved to avoid this entirely but this provides a necessary
and useful safeguard to other builds and doensn't appear to make the
situation worse.
On a loaded system OOM may not occur as the test timeout may be triggered
first. An experiment with a 5GB limit showed an additional 7 failures.
(From OE-Core rev: 0dfbc94bb61095138c3d3ff026b2981f0061c1ca)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
"Given runcon is not really a sandbox command, the advice is to use
`runcon ... setsid ...` to avoid this particular issue.
(From OE-Core rev: c5d07dcba0762ccc000f8466b710a8ed8b7aa356)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These CVEs are disputed by upstream and there is no plan to fix/address them. No
other distros are carrying patches for them. There is a patch for 1010025
however it isn't merged upstream and probably carries more risk of other bugs
than not having it.
(From OE-Core rev: e764a689844f19230cbf5f9741635f42f677e333)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: efce6334bf122a64f63d46c1c04e3dbffe298c51)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The ensures that globbing results in same order irrespective of shell in
use
(From OE-Core rev: b5bb7b5499b7a1ece9ef6592166709fecd5e6935)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fdeee94fa78f91613850500b209b75a6608241d0)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches to fix CVE-2021-28153.
(From OE-Core rev: 8a0aae46bc87c00fb4d32f6ce5567cc44cae6d34)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Recently an entry in the NVD DB appeared that looks like that
{'vulnerable': True, 'cpe_name': []}.
As besides all the vulnerable flag no data is present we would get
a KeyError exception on acccess.
Use get method on dictionary and return if no meta data is present
Also quit if the length of the array after splitting is less than 6
(From OE-Core rev: 650eaa56b83b5698ad7b95337607959e018ff6c0)
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 00ce2796d97de2bc376b038d0ea7969088791d34)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
kexec is not yet ported to riscv32.
(From OE-Core rev: 77f2d0be675f7cbb539ef65507bb946ad9b295c7)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f1e7da7737b3d6df27cc5af002fd1eb0c202d0b4)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
valgrind is not yet ported to riscv32.
(From OE-Core rev: aeb9a929ef34e61820916227358061e9b0ef9724)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit df70bc4c60838af1dd7e7f31aba43e8d190def77)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit ed69ef20167da0986bc9363d1a91e62001995af4.
The console entry has already been added into /etc/inittab based
on the SERIAL_CONSOLES. So drop this redundant entry.
(From OE-Core rev: 5dbe969f4fdcf3005c0a69e97e8753819ab066a4)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 633f0c6b74e3caa2bae52ca60c61b811b7b2215d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The hvc tty driver doesn't populate a file like /proc/tty/driver/serial,
so the current implementation of start_getty doesn't work for the hvc
console. By checking the /sys/class/tty/ for the tty device existence,
it should support more console types and also make the codes more simple.
(From OE-Core rev: ab7a1f14191e882439715e82f1636d7713e1da03)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 670ceef0f6584ece5ce4176610255226a6148570)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 7580c864a4afdf72b34c94c694e590f087bf5298)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 63fbf39b8aa3d94ca2db719d1a53190045dbb86d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 84f452be1f6a4d1de276553815899c79a1f2cf63)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b4a0d8799af0a3d1b685dd7200b545fdb2c79d64)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix CVE-2021-28831.
(From OE-Core rev: 4d32f16caa3d1ca280af06b892803373e2ab4b7e)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e579dbd9a6b2472ca90f411c0b594da9e38c9aca)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 14241ed09f9ed317045cf75a6d08416d3579bb8d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With this small patch, it's possible to overrule the public
URL with a local mirror for those without Internet access.
(From OE-Core rev: 2d903126e8bbece3a5171c3488c3deae1f0aa3ee)
Signed-off-by: Jan Vermaete <jan.vermaete@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is apparently no functional value to "PROVIDES" lines anymore in
packagegroup recipe files, so remove the lonely couple of examples
left.
(From OE-Core rev: 6f2c9602bc5fc6794b852ec20f40ea62a55ada1e)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rename the recipe from util-linux-uuid to util-linux-libuuid which means
we can drop the custom PACKAGES and FILES defintions which simplifies
things. Also move the LICENSE setting to the libuuid recipe so that
it is correctly applied to the right packages.
This means the standard definitions from bitbake.conf are used, avoiding
errors from situations where users have customised settings causing
failures.
(From OE-Core rev: 65efd76198ad805060fe28714765cd423fa748dc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop a duplicated check for "PARTLABEL=", also change to use elif to
avoid go through all the checks for root parameter.
(From OE-Core rev: 29e1e2ad0b6fd0db0e099831ba331b4ffa2b094b)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 7ae12e4278e98c5b916a1067ae0b48c2da6e82cd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: ee1dca4ad342455c800b4ff38f375f5c40cfbdf6)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
refresh the following patches:
systemd/0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch
systemd/0006-Include-netinet-if_ether.h.patch
(From OE-Core rev: 5db15aec00517e5b6f6585b534a2314c226841bf)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
some record from NVD can merge or split suffix from version, for
example:
CVE-2017-15906
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:5.0:p1:*:*:*:*:*:*"
"cpe23Uri" : "cpe:2.3:a:openbsd:openssh:4.7p1:*:*:*:*:*:*:*"
in such case include the suffix into version when update local CVE db.
(From OE-Core rev: 13cc68197f81bb7c76fa1abecc5dd720b8bdb8d5)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
OVMF is mostly reproducible, but the final .efi binaries have a 'NM10'
segment in that references the original input file, and this input file
has the build path in.
This can be solved by passing --zero to GenFw so that this segment is
zero'd out in release builds.
[ YOCTO #14264 ]
(From OE-Core rev: 8b4e5a3b8c3eabfbb94ab577529240b2e270efa7)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
util-linux-uuid does not need libtcolors.a and libcommon.a but
they get build regardless. Backport a patch from upstream to
skip them and save some compilation time.
https://github.com/karelzak/util-linux/commit/c65953d72bbc7412f32e566d9fa6e780d84f0696
(From OE-Core rev: 9353c4338acd51e1bc4172554fca018c4044829f)
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: fa1e1fbc082e82e41ccfeae58af97fe048c9aac7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: aeacc675fcf0cf02ad0bc8e247285638fd72023d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes
glib/gatomic.h:112:5: error: argument 2 of '__atomic_load' discards 'volatile' qualifier [-Werror=incompatible-pointer-types]
(From OE-Core rev: 06ac55a06f2300fa5442ec73a28c3f52022cc640)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0003-ovmf-enable-long-path-file.patch
removed since it is not available in 202102.
(From OE-Core rev: c364d64adcb8c7fdfe196186efa868381f8630e7)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 03dec80604ae363c31a5f2b68eb3efdba7c35f1a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This bug can cause pthread_cond_destroy hang with process-shared
mutex. And it is since glibc-2.32, will be fixed in glibc-2.34.
(From OE-Core rev: 7d9c50a12d1b47474536c214f44dc4ff72c54402)
Signed-off-by: Yanfei Xu <yanfei.xu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE:
CVE-2021-27645
(From OE-Core rev: 0d6b266c469a35628a3602590611d05ebbf4d562)
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This adds the debug symbols for the binaries included in the uninative
tar ball. These are needed if one wants to run valgrind on a native
binary when uninative is used. Or get complete backtraces using gdb.
(From OE-Core rev: 13775feac21f0df50d4b3db19f6c79f10cf397f5)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 0c22fbc91655873f29cbedad6d55a7981482d257)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 4335cd240c30db677fdd1849eefe9ed3277681a8)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Recently util-linux gained an (optional) build dependency on libcryptsetup.
But libcryptsetup build-depends on util-linux for blkid (optional, can be disabled)
and uuid (mandatory).
Split out util-linux-uuid in a different recipe to break the cycle.
https://github.com/karelzak/util-linux/pull/898
(From OE-Core rev: 5f204796e73f37ee67d0a86512ce3ab6f19f9ed0)
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: be3a6b97913cd9e17cd434a2abec1aa3445a3c05)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 89b38e4e7be9e136c71d5860ddca5369f9628393)
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
kernel-devsrc is a dependency of the image so we no longer need the symlink
creation code or the module-base inherit/dependency as it is included in
that recipe. The KERNEL_VERSION usage was broken anyway as the module
usage would have needed a:
do_image[depends] += "build-appliance-image:do_configure"
which wasn't present so it was indeterminate if KERNEL_VERSION was set
correctly.
(From OE-Core rev: a46b43bb67b2f87ec370480e50a2e2d111555b75)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In cases where we configure the IP address and more on the kernel
command line with ip= we should not ask for DHCP with systemd-networkd
later on. We have such a setup with our runqemu script.
With this match in place we can also deploy this unit on qemu systems.
(From OE-Core rev: 8c4981e740c0e630200dbc77c9e3dfd3e43b790b)
Signed-off-by: Stefan Schmidt <stefan.schmidt@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6bd44129a76bdae1320f76035b23568a9c2b4e57)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* some build environments have relative paths in THISDIR, e.g. from OEROOT set in:
https://github.com/96boards/oe-rpb-manifest/blob/1e3345c26c56f77f3a15a3978f412a25955d2606/conf/bblayers.conf#L4
and then the paths in filename normalized in:
filename = os.path.normpath(os.path.join(path, meson.cross.d, element))
don't match.
* COREBASE used here before didn't have this issue because the value is already
normalized when set in:
meta/conf/layer.conf:COREBASE = '${@os.path.normpath("${LAYERDIR}/../")}'
(From OE-Core rev: 7977ff07d181d269bd52f98852d1076b268db614)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The systemd-nspawn@.service file uses the following line to try
loading the tun, loop and dm-mod kernel modules, in a non fatal way:
ExecStartPre=-/sbin/modprobe -abq tun loop dm-mod
A non-zero return code from modprobe will not stop the service from
starting, but it would be convenient to inform the user about this
optional support, so add these modules to RRECOMMENDS.
(From OE-Core rev: 9644285dc8a7e7c52b5f7554ef06d9ff53167832)
Signed-off-by: Vivien Didelot <vdidelot@pbsc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If systemd is configured with importd, "machinectl import-*" can be
used to add container trees under /var/lib/machines.
But "machinectl import-tar" makes use of "tar --numeric-owner" which
is not supported by the busybox binary, as shown below:
# machinectl import-tar /tmp/container.tar.xz
Enqueued transfer job 1. Press C-c to continue download in background.
Importing '/tmp/container.tar.xz', saving as 'container'.
Imported 0%.
tar: unrecognized option '--numeric-owner'
BusyBox v1.31.1 () multi-call binary.
Usage: tar c|x|t [-ZzJjahmvokO] [-f TARFILE] [-C DIR] [-T FILE] [-X FILE] [FILE]...
Failed to decode and write: Broken pipe
Exiting.
To fix this, recommend the standard tar package.
Cc: Chen Qi <Qi.Chen@windriver.com>
(From OE-Core rev: 801658f0161270c76829a123a4f531ca5a1f73db)
Signed-off-by: Vivien Didelot <vdidelot@pbsc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Sort packages in RRECOMMENDS_${PN}-container alphabetically to avoid
subjective sorting and ease future additions.
(From OE-Core rev: 636c048b9d49b0f0bf083add688b4de80f3e37cd)
Signed-off-by: Vivien Didelot <vdidelot@pbsc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: d096fa4c412e6e562846282a9160dd5c38731aed)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When the libxcrypt version is updated, libxcrypt-compat is omitted.
(From OE-Core rev: a353882899da414b109acbb3b7882239265fe248)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* busybox 1.33.0 added base32 applet and now do_rootfs for read-only images is failing with:
do_rootfs: busybox.postinst returned 1, marking as unpacked only, configuration required on target.
ERROR: image-devel-1.0-r2 do_rootfs: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget_${PN} ().
Deferring to first boot via 'exit 1' is no longer supported.
Details of the failure are in image-devel/1.0-r2/temp/log.do_rootfs.
and log.do_rootfs shows:
update-alternatives: Error: not linking image-devel/1.0-r2/rootfs/usr/bin/base32 to /usr/bin/busybox.nosuid since image-devel/1.0-r2/rootfs/usr/bin/base32 exists and is not a link
(From OE-Core rev: d2365442568c206a13165f8c71a7b7a5d0c6ff4e)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Tony Tascioglu
Richard Purdie
Khem Raj
Chen Qi
Konrad Weihmann
Mingli Yu
Kevin Hao
Anthony Bagwell
jan
Robert P. J. Day
Ming Liu
Alexander Kanavin
wangmy@fujitsu.com
Lee Chee Yang
Ross Burton
Luca Boccassi
Wang Mingyu
Yanfei Xu
Khairul Rohaizzat Jamaluddin
Peter Kjellerstedt
Martin Jansa
Andrei Gherzan
Stefan Schmidt
Vivien Didelot
zhengruoqin