Ross Burton [Sun, 15 Dec 2024 14:32:47 +0000 (14:32 +0000)]
python3: add dependency on -compression to -core
importlib.metadata is part of -core, but that will import zipfile which
is part of -compression.
Obviously this shows that our packaging of the Python modules is not
optimal. I plan to follow up with a redesign of the splitting which
focuses on simply pulling out the larger or esoteric modules and
having a more featureful core.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sunil Dora [Wed, 11 Dec 2024 18:00:36 +0000 (10:00 -0800)]
gcc: Fix c++: tweak for Wrange-loop-construct
This commit updates the warning to use a check for "trivially constructible" instead of
"trivially copyable." The original check was incorrect, as "trivially copyable" only applies
to types that can be copied trivially, whereas "trivially constructible" is the correct check
for types that can be trivially default-constructed.
This change ensures the warning is more accurate and aligns with the proper type traits.
LLVM accepted a similar fix:
https://github.com/llvm/llvm-project/issues/47355
Signed-off-by: Marek Polacek <polacek@redhat.com> Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options
function of sbgdec.c within the libavformat module. When parsing certain options,
the software does not adequately validate the input. This allows for negative
duration values to be accepted without proper bounds checking.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Jiaying Song [Fri, 13 Dec 2024 07:20:37 +0000 (15:20 +0800)]
subversion: fix CVE-2024-46901
Insufficient validation of filenames against control characters in
Apache Subversion repositories served via mod_dav_svn allows
authenticated users with commit access to commit a corrupted revision,
leading to disruption for users of the repository. All versions of
Subversion up to and including Subversion 1.14.4 are affected if serving
repositories via mod_dav_svn. Users are recommended to upgrade to
version 1.14.5, which fixes this issue. Repositories served via other
access methods are not affected.
Yash Shinde [Thu, 12 Dec 2024 14:37:15 +0000 (06:37 -0800)]
binutils: Fix CVE-2024-53589
A buffer overflow vulnerability exists in GNU Binutils’ objdump utility
when processing tekhex format files. The vulnerability occurs in the
Binary File Descriptor (BFD) library’s tekhex parser during format identification.
Specifically, the issue manifests when attempting to read 8 bytes at an address
that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read.
Backport a patch from upstream to fix CVE-2024-53589.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Wed, 18 Dec 2024 11:56:34 +0000 (11:56 +0000)]
cve-update-nvd2-native: Tweak to work better with NFS DL_DIR
After much debugging, the corruption issues on the autobuilder appear to
be due to the way sqlite accesses database files. It doesn't change the
file timestamp after making changes, which for reasons unknown, confuses
NFS. As soon as the file is touched, NFS becomes fine again accross the
whole cluster, as if by magic.
We could try and debug further but putting a "touch" call into the code
is easy and harmless. Lets hope this removes this annoying source of
errors.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Thu, 12 Sep 2024 16:57:36 +0000 (17:57 +0100)]
sanity: check for working user namespaces
If user namespaces are not available (typically because AppArmor is
blocking them), alert the user.
We consider network isolation sufficiently important that this is a fatal
error, and the user will need to configure AppArmor to allow bitbake to
create a user namespace.
[ YOCTO #15592 ]
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b6af956fe6e876957a49d4abf425e8c789bf0459) Signed-off-by: Steve Sakoman <steve@sakoman.com>
dnf: drop python3-iniparse from DEPENDS and RDEPENDS
python3-iniparse dependency was dropped 2019, see the
following commit as reference:
https://github.com/rpm-software-management/dnf/pull/1329/commits/d7d0e0e2f9d8c7d021c794821ad0b56a39ebc01f
When looking at the Git history, this happened around tag 4.2.1
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
intltool was dropped as a dependency in v236
See commit for reference:
https://github.com/systemd/systemd/pull/7313/commits/c81217920effddc93fb780cf8f9eb699d6fe1319
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
intltool was dropped as a dependency in v236
See commit for reference:
https://github.com/systemd/systemd/pull/7313/commits/c81217920effddc93fb780cf8f9eb699d6fe1319
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Divya Chellam [Mon, 9 Dec 2024 13:18:26 +0000 (13:18 +0000)]
libpam: fix CVE-2024-10041
A vulnerability was found in PAM. The secret information is
stored in memory, where the attacker can trigger the victim
program to execute by sending characters to its standard
input (stdin). As this occurs, the attacker can train the
branch predictor to execute an ROP chain speculatively.
This flaw could result in leaked passwords, such as those
found in /etc/shadow while performing authentications.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
A vulnerability was found in FFmpeg up to 7.0.1. It has been classified as critical.
This affects the function pnm_decode_frame in the library /libavcodec/pnmdec.c.
The manipulation leads to heap-based buffer overflow. It is possible to initiate
the attack remotely. The exploit has been disclosed to the public and may be used.
Upgrading to version 7.0.2 is able to address this issue. It is recommended to
upgrade the affected component. The associated identifier of this vulnerability is VDB-273651.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in FFmpeg version n6.1-3-g466799d4f5, allows a
local attacker to execute arbitrary code and cause a denial of service (DoS)
via the af_dialoguenhance.c:261:5 in the de_stereo component.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local
attacker to execute arbitrary code via theav_samples_set_silence function
in the libavutil/samplefmt.c:260:9 component.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a
local attacker to execute arbitrary code via the config_eq_output function
in the libavfilter/asrc_afirsrc.c:495:30 component.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:18:51 +0000 (16:18 +0000)]
resulttool: Improve repo layout for oeselftest results
Having all oe-selftest results on top of each other results in a large 640MB
json file which is hard to use. Split the results out per machine and test type.
This also stops the toolchain raw logs from overwriting each other meaning more
than one MACHINE is preserved.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4b890f04bc7d147b4a11b824a84f3d2abd75ac54) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:17:19 +0000 (16:17 +0000)]
resulttool: Trim the precision of duration information
The duration values have pointless amounts of precision. Removing some of the
least significant digits reduces result size and makes the results easier to read.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a789a2e6d97bb8efd663226a17db8d1ca6c1e40f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:15:46 +0000 (16:15 +0000)]
resulttool: Clean up repoducible build logs
We've improved the data stored for reproduicible builds. Teach resulttool how
to apply those cleanups when reprocessing data so we can reduce results file
sizes and make the data easier to process.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b799c57ae6d61c1b1c7035c8a2c4ba6ee08d1a81) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:14:37 +0000 (16:14 +0000)]
resulttool: Handle ltp rawlogs as well as ptest
Improve the rawlogs handling to include ltp logs as well as the ptest ones to
reduce the size of the results git repos.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a0a1954d559609c2c1ca16936d0d68eb3c4c6b45) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:11:43 +0000 (16:11 +0000)]
resulttool: Add --logfile-archive option to store mode
Storing the log files inside the testresults git repo isn't scaling and isn't
really appropriate use of a git repository. Allow these to be optionally stored
in a separate filesystem location so the git repo can remain managable.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1afc0f3d7e93fa8496be241e9622d3b9a6904bd5) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:09:41 +0000 (16:09 +0000)]
resulttool: Fix passthrough of --all files in store mode
When using store mode, --all was broken as not all files were being preserved.
Fix this by limiting the scope of the git rm command.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9604561d2022b6c76b1cb4186d40800d1affdd2b) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:06:23 +0000 (16:06 +0000)]
oeqa/utils/gitarchive: Return tag name and improve exclude handling
Tweak the gitarchive exclude handling not to error if excluded files
don't match.
Also return the tagname created so that other code can then use it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1adba3430faffdf6217b6a00533a3b48a9388abc) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 21 Nov 2024 11:46:08 +0000 (11:46 +0000)]
resulttool: Use single space indentation in json output
Using 4 space indentation in resulted in hundreds of megabytes of extra file size
in general use. Reduce this to make filesizes more managable and reduce the processing
cost. Some level of indentation and spacing does make the files more readable and allows
use of git diff so we need to retain some of it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a274cdcaf852cca9497f0358f44dda99c06aacbe) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Wed, 13 Nov 2024 21:36:57 +0000 (21:36 +0000)]
resulttool: Allow store to filter to specific revisions
We have a challenge on the autobuilder where test results from both OE-Core
and poky are being mixed together during result storage which is confusing the
data. Add a way to filter to specific revisions as the least worst way to fix
the various issues this is causing.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3f276a0dc65341668788853be2cf27ab6aa12b13) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 21 Nov 2024 14:55:59 +0000 (14:55 +0000)]
selftest/reproducible: Clean up pathnames
There are several problems with these paths. Firstly they contain full
system paths which depend upon where the test was run. These are pretty
pointless and just take up a lot of space making the results files large.
Secondly, they contain the same path twice. The reference and target path
will always be the same thing in two different locations.
Strip off the prefix and remove the duplication. This does change the output
data but that can't really be avoided. It does shrink the results data and makes
it more readable.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81a44de36e864b08687451fd85aeba7c529fd7f7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 21 Nov 2024 14:55:44 +0000 (14:55 +0000)]
selftest/reproducible: Drop rawlogs
The "rawlogs" data consists of a long string of results data which is
already in a structured data format. I can't see this is adding much
value in duplciating the data but it does create a huge string with a
lot of long problematic pathnames and inflates the results data size.
I suggest we drop this data as obsolete and not necessary.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5b2c70fab2ffa409b861d83f048b65d458d03a90) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changqing Li [Thu, 21 Nov 2024 06:02:56 +0000 (14:02 +0800)]
rxvt-unicode.inc: disable the terminfo installation by setting TIC to :
Without this change, TIC is the native tic in recipe-sysroot-native.
By default, native tic has set its default terminfo path to native path:
${datadir}/terminfo; $HOME/.terminfo
When sstate cache is used, the cached native tic's terminfo path could
be a path not exist on current host, then native tic will try to install
terminfo to HOME dir, cause host contamination.
Disable the terminfo installation by setting TIC to :
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe35ead2c3135a18c346e7baa31d34b15c3e2d95) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 25 Oct 2024 13:31:52 +0000 (14:31 +0100)]
do_package/sstate/sstatesig: Change timestamp clamping to hash output only
The code was changing the timestamps of the files in the do_package output,
particularly the files added for debug sources. This was to do two things:
a) make do_package sstate more reproducible
b) ensure better hash equivalence matching
Unfortuately the debug source files are hardlinks into the source tree for
efficiency so touching these, touches a lot of files in ${B} and ${S}. This
causes unpredictable effects if compile is run again for example, or could
cause compiling in the install task.
The hash equivalence matching is of key importance but we can mimic that
using clamping of the file timestamps in the depsig output used to generate
the hashes.
This patch drops the global timestamp clamping, instead allowing the files
to retain their creation timestamps into sstate. This makes do_package sstate
slightly less reproducibile. We could clamp the sstate timestamps but that
would lead to two different sets of timestamps depending on whether the
data came from sstate or not. I'd prefer to have consistent code behaviour,
rather than differing behavhour depending on whether data came from sstate
or not.
If we wanted to have reproducibiliy and fix the "corruption" of S/B and have
consistent codepaths, the only other option would be two copies of the
sources, which could end up huge and seems the least desireable option.
This patch therefore drops the timestamp clamping in the sstate files
and tweaks the depsig data generation to clamp the timestamps for do_package
instead since this seems the best compromise.
I validated that rpm/deb/ipk files still generate correctly as before.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 475759fdab7200488b2a568b2ba1aa31a456d113) Signed-off-by: Steve Sakoman <steve@sakoman.com>
rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-postinsts
This patch ensures that pkg_postinst_ontarget task is executed for read only rootfs when
read-only-rootfs-delayed-postinsts is set as IMAGE_FEATURES. The issue was that run-postinsts
could be uninstalled at the end of rootfs construction and that shouldn't happen for
the delayed usecase.
In addition to the fix, a test in meta/lib/oeqa/selftest/cases/overlayfs.py testing
the fix has been implemented.
Signed-off-by: Gassner, Tobias.ext <tobias.gassner.ext@karlstorz.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 60f587475dda99eaa07848880058b69286b8900e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Yogita Urade [Fri, 29 Nov 2024 08:17:08 +0000 (08:17 +0000)]
qemu: upgrade 8.2.3 -> 8.2.7
This includes fix for: CVE-2024-4693, CVE-2024-6505 and CVE-2024-7730
General changelog for 8.2: https://wiki.qemu.org/ChangeLog/8.2
Droped:
0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch
0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch
0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch
CVE-2024-4467 and CVE-2024-7409 since already contained the fix.
Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Deepthi Hemraj [Mon, 25 Nov 2024 08:01:35 +0000 (00:01 -0800)]
glibc: stable 2.39 branch updates
Below commits on glibc-2.39 stable branch are updated. dcaf51b41e elf: Change ldconfig auxcache magic number (bug 32231) b3c51635ef Make tst-strtod-underflow type-generic b74be22f65 Add crt1-2.0.o for glibc 2.0 compatibility tests fcdf98f38c Add tests of more strtod special cases 3edc0f22a6 Add more tests of strtod end pointer 988de94538 Make tst-strtod2 and tst-strtod5 type-generic a2f7087237 powerpc64le: Build new strtod tests with long double ABI flags (bug 32145) 6624318c89 Do not set errno for overflowing NaN payload in strtod/nan (bug 32045) 63bcc01744 Improve NaN payload testing 86369c9ee4 Make __strtod_internal tests type-generic a7be595c67 Fix strtod subnormal rounding (bug 30220) 9cfeccf65a More thoroughly test underflow / errno in tst-strtod-round 293e4e3c90 Test errno setting on strtod overflow in tst-strtod-round d8b4fc3653 Add tests of fread 373aab3e52 stdio-common: Add new test for fdopen
2.32.2 (2024-05-21)
* Deprecations - To provide a more stable migration for custom HTTPAdapters
impacted by the CVE changes in 2.32.0, we’ve renamed _get_connection to a
new public API, get_connection_with_tls_context. Existing custom
HTTPAdapters will need to migrate their code to use this new API.
get_connection is considered deprecated in all versions of
Requests>=2.32.0.
* A minimal (2-line) example has been provided in the linked PR to ease
migration, but we strongly urge users to evaluate if their custom adapter
is subject to the same issue described in CVE-2024-35195. (#6710)
Jinfeng Wang [Mon, 18 Nov 2024 07:07:22 +0000 (15:07 +0800)]
tzdata&tzcode-native: upgrade 2024a -> 2024b
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit c8d3edb2562ea4d980186e78b4abb5a94b1d7b22) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changqing Li [Thu, 28 Nov 2024 04:56:03 +0000 (12:56 +0800)]
libsoup: fix CVE-2024-52530, CVE-2024-52531
CVE-2024-52531:
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
perform conversion to UTF-8 in soup_header_parse_param_list_strict.
Input received over the network cannot trigger this.
CVE-2024-52530:
GNOME libsoup before 3.6.0 allows HTTP request smuggling in some
configurations because '\0' characters at the end of header names are
ignored, i.e., a "Transfer-Encoding\0: chunked" header is treated the
same as a "Transfer-Encoding: chunked" header.
Peter Marko [Sun, 24 Nov 2024 12:38:45 +0000 (13:38 +0100)]
builder: set CVE_PRODUCT
Builder is a common word and there are many other builder components
which makes us to ignore CVEs for all of them.
There is already 1 ignored and currently 3 new ones.
Instead, set product to yocto to filter them.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changqing Li [Mon, 25 Nov 2024 04:55:45 +0000 (12:55 +0800)]
acpica: fix CVE-2024-24856
The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a
successful allocation, but the subsequent code directly dereferences the
pointer that receives it, which may lead to null pointer dereference. To
fix this issue, a null pointer check should be added. If it is null,
return exception code AE_NO_MEMORY.
Jiaying Song [Fri, 22 Nov 2024 09:21:49 +0000 (17:21 +0800)]
python3-zipp: fix CVE-2024-5569
A Denial of Service (DoS) vulnerability exists in the jaraco/zipp
library, affecting all versions prior to 3.19.1. The vulnerability is
triggered when processing a specially crafted zip file that leads to an
infinite loop. This issue also impacts the zipfile module of CPython, as
features from the third-party zipp library are later merged into
CPython, and the affected code is identical in both projects. The
infinite loop can be initiated through the use of functions affecting
the `Path` module in both zipp and zipfile, such as `joinpath`, the
overloaded division operator, and `iterdir`. Although the infinite loop
is not resource exhaustive, it prevents the application from responding.
The vulnerability was addressed in version 3.19.1 of jaraco/zipp.
Steve Sakoman [Thu, 21 Nov 2024 16:55:14 +0000 (08:55 -0800)]
llvm: reduce size of -dbg package
Unless DEBUG_BUILD is enabled, pass -g1 to massively reduce the size of
the debug symbols
Level 1 produces minimal information, enough for making backtraces in
parts of the program that you don't plan to debug. This includes
descriptions of functions and external variables, and line number
tables, but no information about local variables.
This makes the sstate objects a lot more manageable, and packaging
faster.
Regis Dargent [Fri, 18 Oct 2024 13:32:38 +0000 (15:32 +0200)]
udev-extraconf: fix network.sh script did not configure hotplugged interfaces
Udev script network.sh is called when a new ethernet interface is plugged (eg. USB).
Due to some (old) missing files, this script does nothing, instead of configuring the
interfaces with ifup.
I just commented the corresponding lines to allow the script to reach the part where
it calls ifup.
Signed-off-by: Regis Dargent <regis.dargent@gmail.com>
Fixes [YOCTO 15616]
network.sh relies on (long) missing files (eg. /etc/network/options,
/etc/init.d/network) to decide if it should configure the new network
interface (ifup) or put its name in /etc/udev_network_queue for future
initialization by /etc/init.d/network service.
The actual result was that the new hotplugged interface was never
automatically configured.
Removing the obsolete tests allows the script to do its intended job.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 160f7139172ffdf510a0d7d4e85f7fbaac7fd000) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Mon, 14 Oct 2024 12:24:48 +0000 (13:24 +0100)]
groff: fix rare build race in hdtbl
It's possible to build the hdtbl examples before grn has been build:
groff: error: couldn't exec grn: No such file or directory
Backport a dependency fix from upstream.
[ YOCTO #15610 ]
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d590a32423d05cefc4e7282f971f633b3fa0b941) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Mon, 14 Oct 2024 12:24:47 +0000 (13:24 +0100)]
tcl: skip io-13.6 test case
---- Result was:
{abcdefghj
01234} 0
---- Result should have been (exact matching):
{abcdefghj
} 1 01234 0
==== io-13.6 FAILED
This test is documented as failing on slow machines, so just skip it.
[ YOCTO #15407 ]
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f69183586655294c9aed6687cebe57767c2f3eb8) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Sun, 13 Oct 2024 07:37:07 +0000 (08:37 +0100)]
qemurunner: Clean up serial_lock handling
Avoid "RuntimeError: release unlocked lock" since the lock shouldn't
be locked even in the error path. Add a try/finally path to ensure
this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b0732ee009ca47580d1d2ad75334f4aa50e6efd5) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pavel Zhukov [Thu, 10 Oct 2024 17:45:45 +0000 (19:45 +0200)]
package_rpm: Check if file exists before open()
Exception handler tries to read() /etc/passwd file in sysroot
and if file doesn't exist for any reason then it raises FileNotFoundError
exception which mask the original source of the problem and makes
debugging of the issue more difficult.
Fixes:
Exception: FileNotFoundError: [Errno 2] No such file or directory:
'/codebuild/output/src1899304708/src/build/tmp-container/work/core2-64-oe-linux/emqx-bin/4.3.12/recipe-sysroot/etc/passwd'
Signed-off-by: Pavel Zhukov <pavel@zhukoff.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4ad9a0e0b11eb7bc5a3dd45fc8945e094ea949e9) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Robert Yang [Tue, 8 Oct 2024 15:47:27 +0000 (08:47 -0700)]
cml1.bbclass: do_diffconfig: Don't override .config with .config.orig
Fixed:
1) $ bitbake virtual/kernel -cmenuconfig
Do some changes and save the new config to default .config.
2) $ bitbake virtual/kernel -cdiffconfig
The config fragment is dumped into ${WORKDIR}/fragment.cfg.
But the .config which was saved by step #1 is overridden by .config.orig, so
the changes will be lost if run 'bitbake virtual/kernel'
And the following comment is for subprocess.call(), not for shutil.copy(),
so move subprocess.call() to the correct location.
# No need to check the exit code as we know it's going to be
# non-zero, but that's what we expect.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6cccf6b02f92dad514e65fd779ff659b19eb6be7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Sun, 13 Oct 2024 22:02:16 +0000 (23:02 +0100)]
oeqa/runtime/ssh: Fix incorrect timeout fix
I'd meant to change the command timeout in the previous change, fix
the correct one.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb991988cb23be2c8947171726ada321f27e6eed) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 10 Oct 2024 09:32:06 +0000 (10:32 +0100)]
oeqa/runtime/ssh: Rework ssh timeout
After the changes to improve this test, we keep seeing image testing ssh
failures, particularly on mips.
It looks like part of the problem is that on a loaded system, 5s is too short
for mips to reliably establish an ssh connection. I've seen logs where it keeps
timing out and fails to work, then the debug code successfully uses ssh later after
everything else fails.
Change the timings/retries to give slow platforms enough time to respond.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ba64ccf3ad6e40461219b72d60eb0fe5cb38fddd) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Chen Qi [Wed, 9 Oct 2024 08:56:47 +0000 (01:56 -0700)]
toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails
When LD_LIBRARY_PATH is set, post-relocate-setup.sh will fail and
exit properly. But such failure is ignored and the SDK installation
will continue and tell user that things succeed. This is misleading.
So exit immediately if post-relocate-setup.sh fails.
Fixes [Yocto #15586]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8e2dcc1f71aa33cc6e56dfdebebbe7ef010c944) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Thu, 3 Oct 2024 19:50:05 +0000 (20:50 +0100)]
strace: download release tarballs from GitHub
Switch to downloading the release tarballs from GitHub. Their CDN is
rock solid, and strace.io is hosted inside Russia which some networks
are blocking.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bbdbd6d943a64e5b0dae4c2ee705d017fb7ef80e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
with this, and the previous compression level changes
I am seeing drastic speedups in package_write_rpm completion times:
webkitgtk goes from 78 seconds to 37 seconds
glibc-locale goes from 399 seconds to 58 seconds (!)
The long version:
rpm uses multithreading for two purposes:
- spawning compressors (which are nowadays themselves
multi-threaded, so the feature is not as useful as it once
was)
- parallel file classification
While the former behaves well on massively parallel CPUs
(it was written and verified here :), the latter was then added
by upstream and only benchmarked on their very old, slow laptop,
apparently:
https://github.com/rpm-software-management/rpm/commit/41f0e214f2266f02d6185ba11f797716de8125d4
On anything more capable it starts showing pathologic behavior,
presumably from spawning massive amount of very short-lived threads,
and then having to synchronize them. For example classifying glibc-locale
takes
5m20s with 256 threads (default on my machine!)
1m49s with 64 threads
59s with 16 threads
48s with 8 threads
Even a more typical recipe like webkitgtk is affected:
47s with 256 threads
32s with 64 threads
27s with 16 or 8 threads
I have found that the optimal amount is actually four: this also
means that only four compressors are running at a time, but
as they're themselves using threads, and typical recipes are dominated
by just two or three large packages, this does not affect overall
completion time.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
zstd uses 3 by default, while 19 is the highest and slowest.
It's not clear why 19 was picked to begin with, possibly
I copy-pasted it from rpm's examples without thinking:
https://git.yoctoproject.org/poky/commit/?h=master-next&id=4a4d5f78a6962dda5f63e9891825c80a8a87bf66
This brings significant speedups in rpm's compression step:
for example compressing webkitgtk takes 11s instead of 36s.
The rpm size increases from 175648k to 234860k. I think it's
a worthy default tradeoff.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changqing Li [Wed, 20 Nov 2024 04:36:58 +0000 (12:36 +0800)]
sysvinit: backport patch for fixing one issue of pidof
When a program is a link to an executable, and this executable is
handled by update-alternatives, renamed to a different name, cmd
`pidof full_path_of_program` will not work.
Eg:
/usr/sbin/httpd -> /usr/sbin/httpd.apache2
`pidof /usr/sbin/httpd` cannot get pid of the process httpd
Backport the patch to fix above issue.
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
cracklib was dropped as a dependency in libpam v1.5.0
See the following commit as reference:
https://github.com/linux-pam/linux-pam/commit/d702ff714c309069111899fd07c09e31c414c166
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bin Lan [Sat, 9 Nov 2024 08:09:45 +0000 (16:09 +0800)]
lttng-ust: backport patch to fix cmake-multiple-shared-libraries build error
There are the following error when building doc/examples/cmake-multiple-shared-libraries:
ld: warning: liblttng-ust-common.so.1, needed by lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so, not found (try using -rpath or -rpath-link)
ld: warning: liblttng-ust-tracepoint.so.1, needed by lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so, not found (try using -rpath or -rpath-link)
ld: warning: liblttng-ust-common.so.1, needed by lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so, not found (try using -rpath or -rpath-link)
ld: warning: liblttng-ust-tracepoint.so.1, needed by lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so, not found (try using -rpath or -rpath-link)
ld: lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_common_alloc_tls'
ld: lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_after_fork_parent'
ld: lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_after_fork_child'
ld: lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_urcu_after_fork_parent'
ld: lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_tp_probe_unregister_queue_release'
ld: lttng-ust/2.13.8/build/src/lib/lttng-ust/.libs/liblttng-ust.so: undefined reference to `lttng_ust_cancelstate_disable_pop'
collect2: error: ld returned 1 exit status
This change set removes the old patch file 0001-Makefile.am-update-rpath-link.patch,
adds a new patch file 0001-Fix-Build-examples-when-rpath-is-stripped-from-in-bu.patch.
Signed-off-by: Bin Lan <bin.lan.cn@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 89394da1cbe98652e1d0bd59c762ff7da2d6a113) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Wang Mingyu [Wed, 9 Oct 2024 05:49:12 +0000 (13:49 +0800)]
wireless-regdb: upgrade 2024.07.04 -> 2024.10.07
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f124bb09a798d94eca5e93387bc361b147ce53f9) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Deepthi Hemraj [Mon, 18 Nov 2024 07:59:44 +0000 (23:59 -0800)]
binutils: stable 2.42 branch update
Below commits on binutils-2.42 stable branch are updated. 09ba78f0513 LoongArch: ld:Report an error when seeing an unrecognized relocation 00abcf39930 s390: Add arch15 instructions caf72067a77 s390: Relax risbg[n]z, risb{h|l}gz, {rns|ros|rxs}bgt operand constraints 543a22c7ee3 s390: Simplify (dis)assembly of insn operands with const bits 7c94c87d463 s390: Align opcodes to lower-case fffb4fae823 s390: Flag conditional branch relative insns as condjump 2d238ecbe50 s390: Use proper string lengths when parsing opcode table flags 10d0dd2ba2b s390: Whitespace fixes in conditional branch flavor descriptions 10a143e273c LoongArch: Add elfNN_loongarch_mkobject to initialize LoongArch tdata 9055fbe5ffb LoongArch: The symbol got type can only be obtained after initialization
Tested on qemux86_64.
There were no additional PASS or FAIL after the update
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
avoid-host-contamination.patch
refreshed for 10.04.0
Changelog:
===========
- addresses CVEs: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955, CVE-2024-46956
- add protection for device selection from PostScript input.
- efforts in code hygiene and maintainability continue.
- The usual round of bug fixes, compatibility changes, and incremental improvements.
- add the capability to build with the Tesseract OCR engine.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Jiaying Song [Mon, 11 Nov 2024 10:28:22 +0000 (18:28 +0800)]
libxml-parser-perl: fix do_fetch error
Change the SRC_URI to the correct value due to the following error:
WARNING: libxml-parser-perl-native-2.47-r0 do_fetch: Failed to fetch URL https://search.cpan.org/CPAN/modules/by-module/XML/XML-Parser-2.47.tar.gz, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Jiaying Song [Mon, 11 Nov 2024 09:55:19 +0000 (17:55 +0800)]
enchant2: fix do_fetch error
Change the SRC_URI to the correct value due to the following error:
WARNING: enchant2-2.6.7-r0 do_fetch: Failed to fetch URL https://github.com/AbiWord/enchant/releases/download/v2.6.7/enchant-2.6.7.tar.gz, attempting MIRRORS if available
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Harish Sadineni [Fri, 8 Nov 2024 16:24:56 +0000 (08:24 -0800)]
binutils: Add missing perl modules to RDEPENDS for nativesdk variant
In SDK, missing perl modules causes 'x86_64-pokysdk-linux-gp-display-html --help' to abort with below errors..
- Can't locate bignum.pm in @INC (you may need to install the feature module).
- Can't locate Math/BigInt.pm in @INC (you may need to install the Math::BigInt module)
By adding the following perl modules to RDEPENDS fixes the above errors:
nativesdk-perl-module-bignum
nativesdk-perl-module-bigint
nativesdk-perl-module-math-bigint
Richard Purdie [Wed, 2 Oct 2024 23:12:52 +0000 (00:12 +0100)]
pseudo: Fix envp bug and add posix_spawn wrapper
Fix pseudo with python 3.13 by adding a wrapper for posix_spawn and
fixing a NULL pointer dereference in envp handling it uncovered. This
fixes issues on Fedora 41.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d80e20d70d170397f9827c5a5fc75ad1f2e8cd94) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Philip Lorenz [Thu, 7 Nov 2024 07:58:01 +0000 (08:58 +0100)]
cmake: Fix sporadic issues when determining compiler internals
When `-pipe` is enabled, GCC passes data between its different
executables using pipes instead of temporary files. This leads to issues
when cmake attempts to infer compiler internals via the `-v` parameter
as each executable will print to `stderr` in parallel.
In turn this may lead to compilation issues down the line as for example
the system include directories could not be determined properly which
may then propagate to issues such as:
recipe-sysroot/usr/include/c++/11.3.0/cstdlib:75:15: fatal error:
stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
Fix this stripping `-pipe` from the command line used to determine
compiler internals.
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Hiago De Franco [Tue, 5 Nov 2024 17:59:08 +0000 (14:59 -0300)]
weston: backport patch to allow neatvnc < v0.9.0
Currently weston 13.0.3 with neatvnc 0.8.1 does not compile when using
VNC:
| Dependency neatvnc found: NO found 0.8.1 but need: '< 0.8.0' ;
matched: '>= 0.7.0'
However weston upstream already increased the allowed version to 0.9.0,
since neatvnc 0.8.0 does not introduce any changes that breaks API used
by the VNC backend. Therefore, backport this patch.
Signed-off-by: Hiago De Franco <hiago.franco@toradex.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8516496018a3ee9e81a67d4682bf9784d0eab2bd) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Aditya Tayade [Mon, 21 Oct 2024 11:50:26 +0000 (17:20 +0530)]
e2fsprogs: removed 'sed -u' option
In embedded box, sed might be provided another providers like Busybox,
hence use generic options whenever possible.
/bin/sed -> /etc/alternatives/sed
/etc/alternatives/sed -> /bin/busybox.nosuid
Here used 'sed -u' option is not necessary, hence removed it.
Fixes below error:
sed: invalid option -- 'u'
Also added 'set -eux' option which halts execution of the script
on any failures.
Signed-off-by: Aditya Tayade <Aditya.Tayade@kpit.com> Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 07caee1829d2a61bc018fe0e37ecd482922179ee) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Martin Jansa [Sun, 27 Oct 2024 10:33:55 +0000 (11:33 +0100)]
python3-lxml=v5.0.2
* minor upgrade to fix building with gcc-14 on host
* contains 31 commits:
https://github.com/lxml/lxml/compare/lxml-5.0.0...lxml-5.0.2
the important one for gcc-14 is:
https://github.com/lxml/lxml/commit/663041a56a075a8fa1e6ca13ba4c6d1de7043ac2
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Wang Mingyu [Wed, 25 Sep 2024 06:48:56 +0000 (14:48 +0800)]
orc: upgrade 0.4.39 -> 0.4.40
Changelog:
===========
- Security: Minor follow-up fixes for CVE-2024-40897
- powerpc: fix div255w which still used the inexact substitution
- x86: work around old GCC versions (pre 9.0) having broken xgetbv
implementations
- x86: consider MSYS2/Cygwin as Windows for ABI purposes only
- x86: handle unnatural and misaligned array pointers
- orccodemem: Assorted memory mapping fixes
- Fix include header use from C++
- Some compatibility fixes for Musl
- ppc: Disable VSX and ISA 2.07 for Apple targets
- ppc: Allow detection of ppc64 in Mac OS
- x86: Fix non-C11 typedefs
- meson: Fix detecting XSAVE on older AppleClang
- x86: try fixing AVX detection again by adding check for XSAVE
- Check return values of malloc() and realloc()
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed7e4eb12491968c5f962b7e89d557c2c6d86a33) Signed-off-by: Steve Sakoman <steve@sakoman.com>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
