Richard Purdie [Mon, 22 Aug 2022 14:31:25 +0000 (15:31 +0100)]
libtirpc: Mark CVE-2021-46828 as resolved
This CVE only applied to pre 1.3.3rc1 and we're on 1.3.3 so we're sorted
but the rc versions make the automated matching fail. Therefore handle
manually.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 22 Aug 2022 14:09:49 +0000 (15:09 +0100)]
icu: Drop binconfig support (icu-config)
Upstream have indicated icu-config is deprecated and they don't intend
people to use it any more. Drop our code for it to flush out users and
clean up our recipe a bit. pkg-config is a much better alternative.
(https://github.com/unicode-org/icu/pull/2150)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Shubham Kulkarni [Thu, 18 Aug 2022 07:52:38 +0000 (13:22 +0530)]
sanity: add a comment to ensure CONNECTIVITY_CHECK_URIS is correct
In sanity.bbclass, in function check_connectivity :
Connectivity is tested by fetching URIs in variable CONNECTIVITY_CHECK_URIS.
If none is accessible, the status error is ambiguous.
It says to ensure the host's network is correctly configured but
never if the remote is available.
Pavel Zhukov [Fri, 19 Aug 2022 13:15:38 +0000 (15:15 +0200)]
selftest: Add regression test for rpm filesnames
Escaping globs and quoting in rpm spec files is tricky and requires a
bit of dancing. In addition to that it changes from time to time.
Adding (simple) regression test for different types of filename
patterns. Cover brackets and parentheses in first iteration
[Yocto #13746]
Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pavel Zhukov [Fri, 19 Aug 2022 13:15:36 +0000 (15:15 +0200)]
package_rpm: Do not replace square brackets in %files
This reverts commit f95adb749619e70920c6cc6cd01c6d02cd348fd8.
At some point RPM stopped treating "[]?" characters in quoted text as a glob
This causes rpmbuild error [1] in oe-core if package contains filenames
with such characters [Yocto #13746]. Reverting commit which replaces "[]" with "?"
fixes the issue.
It should be safe now becuase rpm tries to use filename directly if not
found by glob [2].
devtool: do not leave behind source trees in workspace/sources
These are typically auto-extracted with modify/upgrade from recipes
and can be easily recreated. On the rare occasions where they need
to be reused, they are still available under workspace/attic (which
is already used for old recipes and appends), so nothing gets lost.
This avoids the annoyance of devtool refusing to proceed because
there is a previous source tree in workspace/sources.
For independent source trees behave as before: do nothing.
Adjust the test that previously deleted those trees by hand.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jan Luebbe [Thu, 18 Aug 2022 11:17:03 +0000 (13:17 +0200)]
openssh: add support for config snippet includes to ssh and sshd
This makes it simpler to set specific ssh/sshd config options by adding
snippet files to /etc/ssh/ssh_config.d/ or /etc/ssh/sshd_config.d/
instead of modifying a copy of the full configuration file. As new
snippets can be added from separate recipes, targeted changes can be
done in multiple layers.
These specific directories are also used in Debian's default
configuration.
Signed-off-by: Jan Luebbe <jlu@pengutronix.de> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Thu, 18 Aug 2022 18:58:07 +0000 (11:58 -0700)]
musl: Update to tip
brings in these fixes
* 37e18b7b freopen: reset stream orientation (byte/wide) and encoding rule
* bf992585 ldso: process RELR only for non-FDPIC archs
* d32dadd6 ldso: support DT_RELR relative relocation format
* 2404d9d6 use syscall_arg_t and __scc macro for arguments to __alt_socketcall
Yongxin Liu [Fri, 5 Aug 2022 02:42:19 +0000 (10:42 +0800)]
grub2: fix several CVEs
Backport CVE patches from upstream to fix:
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
Backport the following 5 patches to make CVE patches be applied smoothly.
video-Remove-trailing-whitespaces.patch
video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jon Mason [Wed, 17 Aug 2022 16:00:31 +0000 (12:00 -0400)]
oeqa/parselogs: add qemuarmv5 arm-charlcd masking
On qemuarmv5, arm-charlcd is logging an error because the device isn't
present on the virtual machine. Mask it off, as that device could be
present on the physical hardware (and we want to use the same kernel
config as the real hardware).
Signed-off-by: Jon Mason <jdmason@kudzu.us> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Wed, 17 Aug 2022 07:04:37 +0000 (00:04 -0700)]
binutils: Disable gprofng when using clang
It does not yet compile with clang it comes with __ builtin___snprintf_chk Not Supported
formatted output of built-in functions check is failing with clang
somehow it seems to be compiler limitation. Therefore disable building
this component with clang for now
Awais Belal [Tue, 16 Aug 2022 13:58:55 +0000 (18:58 +0500)]
kernel-fitimage.bbclass: only package unique DTBs
The KERNEL_DEVICETREE and related variables could potentially have a device
tree listed multiple times and this works okay for most scenarios. However,
when we create FIT entries for these we get duplicate nodes and uboot-mkimage
fails with
fit-image-initramfs-image.its:219.58-229.19: ERROR (duplicate_node_names): /images/fdt-freescale_imx8mp-evk-ecspi-slave.dtb: Duplicate node name
fit-image-initramfs-image.its:307.50-317.19: ERROR (duplicate_node_names): /images/fdt-freescale_imx8mp-evk-ndm.dtb: Duplicate node name
fit-image-initramfs-image.its:362.54-372.19: ERROR (duplicate_node_names): /images/fdt-freescale_imx8mp-evk-rm67199.dtb: Duplicate node name
fit-image-initramfs-image.its:417.56-427.19: ERROR (duplicate_node_names): /images/fdt-freescale_imx8mp-evk-usdhc1-m2.dtb: Duplicate node name
fit-image-initramfs-image.its:648.59-658.19: ERROR (duplicate_node_names): /configurations/conf-freescale_imx8mp-evk-ecspi-slave.dtb: Duplicate node name
fit-image-initramfs-image.its:744.51-754.19: ERROR (duplicate_node_names): /configurations/conf-freescale_imx8mp-evk-ndm.dtb: Duplicate node name
fit-image-initramfs-image.its:804.55-814.19: ERROR (duplicate_node_names): /configurations/conf-freescale_imx8mp-evk-rm67199.dtb: Duplicate node name
fit-image-initramfs-image.its:864.57-874.19: ERROR (duplicate_node_names): /configurations/conf-freescale_imx8mp-evk-usdhc1-m2.dtb: Duplicate node name
ERROR: Input tree has errors, aborting (use -f to force output)
uboot-mkimage: Can't open arch/arm64/boot/fitImage.tmp: No such file or directory
We fix this by tracking the DTBs we're compiling in the FIT and only picking
up unique ones.
Bertrand Marquis [Thu, 11 Aug 2022 09:47:21 +0000 (10:47 +0100)]
sysvinit-inittab/start_getty: Fix respawn too fast
When an entry in /dev does not exist, start_getty is returning directly.
As it is started from init in a respawn mode, it will loop infinitely.
In this case add a sleep inside start_getty to prevent the "Respawning
too fast" message popping up every 5 minutes.
This case is happening quite often when the system is started as an
hypervisor guest as the standard serial line is usually taken by it and
removed from the configuration.
This was triggered quite often running linux as dom0 on top of Xen on
arm as the serial line is taken by Xen and removed from the device tree.
Use the opportunity to replace one tab with spaces as the rest of the
file is using spaces.
wangmy [Tue, 16 Aug 2022 00:05:39 +0000 (08:05 +0800)]
msmtp: upgrade 1.8.20 -> 1.8.22
Changelog:
==========
- The msmtpq script was updated.
- Added a new configuration command 'eval' to replace the current configuration
file line with the output of a command (similar to passwordeval, but more
general).
- Added a new configuration command 'set_msgid_header' with the default setting
'auto'. This adds a Message-ID header to the mail if none is present.
- msmtpd now adds a Received header
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 16 Aug 2022 09:30:25 +0000 (10:30 +0100)]
skeleton/service: Ensure debug path handling works as intended
DEBUG_PREFIX_MAP uses ${S} but that wasn't set correctly for this
recipe meaning cwd during the build (WORKDIR) was encoded into the
binary leading to buildpath warnings in debug symbols. Set S correctly
to avoid this issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 17 Aug 2022 17:17:39 +0000 (18:17 +0100)]
valgrind: Disable drd/tests/std_thread2 ptest
After improvements to debug sources handling I suspect that extra debug
information became available and is confusing this test. Disable it
for now until someone with more knowledge can resolve the issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 12 Aug 2022 16:17:20 +0000 (17:17 +0100)]
gcc: Resolve relative prefix-map filenames
Add a patch to gcc so that relative paths are handled by -fdebug-prefix-map
and friends. In OE we use relative paths in autotools and removing that
creates a lot of issues we'd have to fix. This alternative allows us to
fix the paths within gcc and improve our debug file coverage (and SPDX
manifests) accordingly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 21 Jul 2022 14:27:10 +0000 (15:27 +0100)]
gcc-cross: Fix relative links
Now that we're using absolute paths to run configure, there are absolute
path symlinks within gcc's output. Use our script that fixes these so
that the sstate objects work correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 20 Jul 2022 12:28:03 +0000 (13:28 +0100)]
bitbake.conf: Handle S and B separately for debug mapping
We don't really need to keep S and B separate for debug source purposes
and there shouldn't be source references in WORKDIR that isn't S and B
either.
Separating these out simplifies the shared-work directory handling for
gcc and should also help fix external source usage. Therefore handle
S and B in DEBUG_PREFIX_MAP separately and clean up other code.
Indentation is reduced here as it is introduced on every compiler
commandline so minimising it is helpful.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This code was some of the earliest reproducible build work we did. To
correctly handle the encoding of file paths, we used relative build
paths to run configure which resulted in relative build paths in the
binaries.
We now have more modern approaches used elsewhere with the prefix remapping
options. These work best with absolute paths, not relative ones. As such,
drop the relative path mangling and switch to using prefix mapping
exclusively on absolute paths.
This makes the code matc the rest of the system and triggers the correct
code to be added in /usr/src/debug.
We have to include both file-prefix and debug-prefix since the assembler
only looks at debug-prefix.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 19 Jul 2022 16:32:32 +0000 (17:32 +0100)]
package: Switch debug source handling to use prefix map
Reproducible builds are no longer a configuration option but are required.
We also rely on the prefix mapping capability of the compilers now.
As such, rewrite the source locating code to use the prefix maps instead
of taking a guess about WORKDIR which isn't correct for kernels, gcc,
externalsrc and probably more.
Instead, iterate the maps to locate any matching source code, keeping
in mind that multiple maps may map to one target location.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Sun, 14 Aug 2022 22:20:37 +0000 (15:20 -0700)]
libtirpc: Upgrade to 1.3.3
In this release a large number of deadlocks in the
in the multi-thread code were fix. A number of
memory leaks were plugged and a DoS was eliminated.
As well as a large number of bug fixes.
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
