Jose Quaresma [Thu, 25 Jul 2024 13:23:12 +0000 (14:23 +0100)]
openssh: upgrade 9.7p1 -> 9.8p1
- drop the CVE-2024-6387 [backported patch]
- drop systemd notify [backported patch]
- fix musl build [backported patch]
- fix ptest regression [submited patch]
- sshd now had the sshd-session
Release notes at https://www.openssh.com/txt/release-9.8
Security
========
This release contains fixes for two security problems, one critical
and one minor.
1) Race condition in sshd(8)
A critical vulnerability in sshd(8) was present in Portable OpenSSH
versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary
code execution with root privileges.
Successful exploitation has been demonstrated on 32-bit Linux/glibc
systems with ASLR. Under lab conditions, the attack requires on
average 6-8 hours of continuous connections up to the maximum the
server will accept. Exploitation on 64-bit systems is believed to be
possible but has not been demonstrated at this time. It's likely that
these attacks will be improved upon.
Exploitation on non-glibc systems is conceivable but has not been
examined. Systems that lack ASLR or users of downstream Linux
distributions that have modified OpenSSH to disable per-connection
ASLR re-randomisation (yes - this is a thing, no - we don't
understand why) may potentially have an easier path to exploitation.
OpenBSD is not vulnerable.
We thank the Qualys Security Advisory Team for discovering, reporting
and demonstrating exploitability of this problem, and for providing
detailed feedback on additional mitigation measures.
2) Logic error in ssh(1) ObscureKeystrokeTiming
In OpenSSH version 9.5 through 9.7 (inclusive), when connected to an
OpenSSH server version 9.5 or later, a logic error in the ssh(1)
ObscureKeystrokeTiming feature (on by default) rendered this feature
ineffective - a passive observer could still detect which network
packets contained real keystrokes when the countermeasure was active
because both fake and real keystroke packets were being sent
unconditionally.
This bug was found by Philippos Giavridis and also independently by
Jacky Wei En Kung, Daniel Hugenroth and Alastair Beresford of the
University of Cambridge Computer Lab.
Worse, the unconditional sending of both fake and real keystroke
packets broke another long-standing timing attack mitigation. Since
OpenSSH 2.9.9 sshd(8) has sent fake keystoke echo packets for
traffic received on TTYs in echo-off mode, such as when entering a
password into su(8) or sudo(8). This bug rendered these fake
keystroke echoes ineffective and could allow a passive observer of
a SSH session to once again detect when echo was off and obtain
fairly limited timing information about keystrokes in this situation
(20ms granularity by default).
This additional implication of the bug was identified by Jacky Wei
En Kung, Daniel Hugenroth and Alastair Beresford and we thank them
for their detailed analysis.
This bug does not affect connections when ObscureKeystrokeTiming
was disabled or sessions where no TTY was requested.
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025. This release disables DSA by default at compile time.
DSA, as specified in the SSHv2 protocol, is inherently weak - being
limited to a 160 bit private key and use of the SHA1 digest. Its
estimated security level is only 80 bits symmetric equivalent.
OpenSSH has disabled DSA keys by default since 2015 but has retained
run-time optional support for them. DSA was the only mandatory-to-
implement algorithm in the SSHv2 RFCs, mostly because alternative
algorithms were encumbered by patents when the SSHv2 protocol was
specified.
This has not been the case for decades at this point and better
algorithms are well supported by all actively-maintained SSH
implementations. We do not consider the costs of maintaining DSA
in OpenSSH to be justified and hope that removing it from OpenSSH
can accelerate its wider deprecation in supporting cryptography
libraries.
This release, and its deactivation of DSA by default at compile-time,
marks the second step in our timeline to finally deprecate DSA. The
final step of removing DSA support entirely is planned for the first
OpenSSH release of 2025.
DSA support may be re-enabled in OpenBSD by setting "DSAKEY=yes"
in Makefile.inc. To enable DSA support in portable OpenSSH, pass
the "--enable-dsa-keys" option to configure.
* all: as mentioned above, the DSA signature algorithm is now
disabled at compile time.
* sshd(8): the server will now block client addresses that
repeatedly fail authentication, repeatedly connect without ever
completing authentication or that crash the server. See the
discussion of PerSourcePenalties below for more information.
Operators of servers that accept connections from many users, or
servers that accept connections from addresses behind NAT or
proxies may need to consider these settings.
* sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.
* sshd(8): several log messages have changed. In particular, some
log messages will be tagged with as originating from a process
named "sshd-session" rather than "sshd".
* ssh-keyscan(1): this tool previously emitted comment lines
containing the hostname and SSH protocol banner to standard error.
This release now emits them to standard output, but adds a new
"-q" flag to silence them altogether.
* sshd(8): (portable OpenSSH only) sshd will no longer use argv[0]
as the PAM service name. A new "PAMServiceName" sshd_config(5)
directive allows selecting the service name at runtime. This
defaults to "sshd". bz2101
* (portable OpenSSH only) Automatically-generated files, such as
configure, config.h.in, etc will now be checked in to the portable
OpenSSH git release branch (e.g. V_9_8). This should ensure that
the contents of the signed release branch exactly match the
contents of the signed release tarball.
Changes since OpenSSH 9.7
=========================
This release contains mostly bugfixes.
New features
------------
* sshd(8): as described above, sshd(8) will now penalise client
addresses that, for various reasons, do not successfully complete
authentication. This feature is controlled by a new sshd_config(5)
PerSourcePenalties option and is on by default.
sshd(8) will now identify situations where the session did not
authenticate as expected. These conditions include when the client
repeatedly attempted authentication unsucessfully (possibly
indicating an attack against one or more accounts, e.g. password
guessing), or when client behaviour caused sshd to crash (possibly
indicating attempts to exploit bugs in sshd).
When such a condition is observed, sshd will record a penalty of
some duration (e.g. 30 seconds) against the client's address. If
this time is above a minimum configurable threshold, then all
connections from the client address will be refused (along with any
others in the same PerSourceNetBlockSize CIDR range) until the
penalty expire.
Repeated offenses by the same client address will accrue greater
penalties, up to a configurable maximum. Address ranges may be
fully exempted from penalties, e.g. to guarantee access from a set
of trusted management addresses, using the new sshd_config(5)
PerSourcePenaltyExemptList option.
We hope these options will make it significantly more difficult for
attackers to find accounts with weak/guessable passwords or exploit
bugs in sshd(8) itself. This option is enabled by default.
* ssh(8): allow the HostkeyAlgorithms directive to disable the
implicit fallback from certificate host key to plain host keys.
Bugfixes
--------
* misc: fix a number of inaccuracies in the PROTOCOL.*
documentation files. GHPR430 GHPR487
* all: switch to strtonum(3) for more robust integer parsing in most
places.
* ssh(1), sshd(8): correctly restore sigprocmask around ppoll()
* ssh-keysign(8): stricter validation of messaging socket fd GHPR492
* sftp(1): flush stdout after writing "sftp>" prompt when not using
editline. GHPR480
* sftp-server(8): fix home-directory extension implementation, it
previously always returned the current user's home directory
contrary to the spec. GHPR477
* ssh-keyscan(1): do not close stdin to prevent error messages when
stdin is read multiple times. E.g.
echo localhost | ssh-keyscan -f - -f -
* regression tests: fix rekey test that was testing the same KEX
algorithm repeatedly instead of testing all of them. bz3692
* ssh_config(5), sshd_config(5): clarify the KEXAlgorithms directive
documentation, especially around what is supported vs available.
bz3701.
Portability
-----------
* sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
unconditionally. The previous behaviour was to expose it only when
particular authentication methods were in use.
* build: fix OpenSSL ED25519 support detection. An incorrect function
signature in configure.ac previously prevented enabling the recently
added support for ED25519 private keys in PEM PKCS8 format.
* ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
environment variable to enable SSH_ASKPASS, similarly to the X11
DISPLAY environment variable. GHPR479
* build: improve detection of the -fzero-call-used-regs compiler
flag. bz3673.
* build: relax OpenSSL version check to accept all OpenSSL 3.x
versions.
* sshd(8): add support for notifying systemd on server listen and
reload, using a standalone implementation that doesn't depend on
libsystemd. bz2641
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Hochstein [Thu, 25 Jul 2024 11:59:32 +0000 (06:59 -0500)]
time64.inc: Simplify GLIBC_64BIT_TIME_FLAGS usage
The implementation uses the append operator to include
GLIBC_64BIT_TIME_FLAGS in TARGET_CC_ARCH, but it places the space in
the GLIBC_64BIT_TIME_FLAGS assignment in order to avoid a 'spurious
space' when the value is empty.
68b50d3 time64: Remove leading whitespace from GLIBC_64BIT_TIME_FLAGS
The problem with this is it requires anyone wishing to assign a value
to GLIBC_64BIT_TIME_FLAGS to add the leading space, otherwise this is
the error:
cc1: error: '-Werror=format-security-D_TIME_BITS=64': no option '-Wformat-security-D_TIME_BITS=64'
Add a new constant variable to capture the value needed for the 32-bit
special case, including the space.
Signed-off-by: Tom Hochstein <tom.hochstein@oss.nxp.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Wed, 24 Jul 2024 23:39:18 +0000 (18:39 -0500)]
create-spdx-*: Support multilibs via SPDX_MULTILIB_SSTATE_ARCHS
When a create-spdx-* classes is processing documents, it needs to
find the document in a path that is related to the SSTATE_ARCH
when a packge is generated. The SSTATE_ARCH can be affected by
multilib configurations, resulting is something like armv8a-mlib.
When the image (or SDK) is being generated and the components are
collected, the system has no knowledge of the multilib arch and
will fail to find it, such as:
ERROR: meta-toolchain-1.0-r0 do_populate_sdk: No SPDX file found
for package libilp32-libgcc-dbg,
False sstate:libilp32-libgcc:armv8a-ilp32-mllibilp32-elf:14.1.0:r0:armv8a-ilp32:12:
sstate:libilp32-libgcc::14.1.0:r0::12:
Adding in the new SPDX_MULTILIB_SSTATE_ARCHS will provide a full
set of SSTATE_ARCHS including ones that contain the multilib
extension which will allow create-spdx-* to correctly find the
document it is looking for. This would also be valuable to any
other function doing a similar search through SSTATE_ARCH that may
have been extended with multilib configurations.
Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Wed, 24 Jul 2024 23:39:17 +0000 (18:39 -0500)]
spdx30_tasks.py: switch from exists to isfile checking debugsrc
Same change as previously made to the create-spdx-2.2.bbclass,
while debugsrc is almost always a file (or link), there are apparently
cases where a directory could be returned from the dwarfsrcfiles
processing. When this happens, the hashing fails and an error results
when building the SPDX documents.
Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tclibc-picolibc: Adds a new TCLIBC variant to build with picolibc as C library
Enables usage of TCLIBC=picolibc extending OE functionality to build and use
picolibc based toolchains to build baremetal applications.
Picolibc is a set of standard C libraries, both libc and libm, designed for
smaller embedded systems with limited ROM and RAM. Picolibc includes code
from Newlib and AVR Libc, but adresses some of newlibs concerns, it retains
newlibs directory structure, math, string and locale implementations, but
removed the GPL bits used to build the library, swiches old C style code for
C18 and replaces autotools with meson.
This patch adds a picolibc recipe for the C library, a picolibc-helloworld
recipe that contains an example application and a testcase that builds it.
Picolibc can be built for ARM and RISCV architectures, its been tested both
for 32 and 64 bits, the provided example recipe produces the following output:
hello, world
Runqemu does not automatically show any output since it hides QEMU stderr which
is where the QEMU monitors output is directed to when using semihosting, but,
manually running the same QEMU command does work properly.
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandro@enedino.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The 20240203 version is the same as used in Ubuntu >= 24.04 and Debian
Trixie (testing).
Signed-off-by: Theodore A. Roth <troth@openavr.org> Signed-off-by: Theodore A. Roth <theodore_roth@trimble.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adrian Freihofer [Mon, 15 Jul 2024 14:10:39 +0000 (16:10 +0200)]
kernel-fitimage: fix external dtb check
If EXTERNAL_KERNEL_DEVICETREE and dtb_image_sect are empty variables
dtb_path ends up as "/" which is available on most Unix systems but
probably not the dtb_path which is needed here. Checking for a file
makes more sense and also solves the issue with the "/".
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
iptables: fix memory corruption when parsing nft rules
This commit fixes a memory corruption issue when iptables (with
enabled PACKAGECONFIG libnftnl) is used to access rules created by
nft.
To reproduce the issue:
nft add chain ip filter TESTCHAIN { meta mark set 123 \;}
iptables -t filter -n -L TESTCHAIN
This produced the following output:
Chain TESTCHAIN (0 references)
target prot opt source destination
MARK 0 -- 0.0.0.0/0 0.0.0.0/0 MARK set 0x7b
malloc(): corrupted top size
Aborted (core dumped)
This commit fixes this issue.
Signed-off-by: Christian Taedcke <christian.taedcke@weidmueller.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update:
-Add 3-clause BSD license for poly1305-amd64-avx512.S.
-cipher/Makefile.am: Add 'poly1305-amd64-avx512.S'.
-cipher/poly1305-amd64-avx512.S: New.
-cipher/poly1305-internal.h (POLY1305_USE_AVX512): New.
-Add 'cipher/keccak-amd64-avx512.S'.
-Update license docs for FSF new address and update gcrypt.texi.
Apart from upgrade also refreshed the patches like
0001-libgcrypt-fix-m4-file-for-oe-core.patch
0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
no-bench-slope.patch
In 0002-libgcrypt-fix-building-error-with-O2-in-sysroot-path.patch
reverted back the change in cipher/Makefile.am related to o_flag_munging
Signed-off-by: simit.ghane <simit.ghane@lge.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 23 Jul 2024 22:12:59 +0000 (23:12 +0100)]
glib-networking: upgrade 2.78.1 -> 2.80.0
2.80.0 - March 14, 2024
=======================
- Mark plugin functions as exports on Windows (!250, Amyspark)
- Updated translations
2.80.rc - February 29, 2024
===========================
- GnuTLS: fix improper use of IP address in SNI extension (!247, MARTINSONS Frederic)
- GnuTLS: major performance improvement: reduce unnecessary trust list creation (!249)
- OpenSSL: properly handle BIO_CTRL_EOF (!248)
- Updated translations
2.80.alpha - January 5, 2024
============================
- GnuTLS: Add warning when system has no trusted certificates (!243)
- OpenSSL: Fix bug when populating trust store (!244, Alessandro Bono)
- Fix license on dtls-connection.c test (!245, David King)
- Updated translations
As exposed by the warning when there are no trusted certificates, we should
RDEPEND on ca-certificates if either of the crypto backends are enabled
so that cryptography is usable.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 23 Jul 2024 16:03:46 +0000 (17:03 +0100)]
libcap-ng: clean up recipe
This package is split into two recipes, one of the actual C library and
one for the Python bindings.
- Move common inherits into the common .inc.
- Clean up install in the python recipe
- Remove obsolete setuptools dependency
- Remove obsolete explicit .debug packaging
- Update homepage as freecode.com redirects to the top of SourceForge
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 23 Jul 2024 14:51:01 +0000 (15:51 +0100)]
python3: add dependency on -compression to -core
importlib.metadata is part of -core, but that will import zipfile which
is part of -compression.
Obviously this shows that our packaging of the Python modules is not
optimal. I plan to follow up with a redesign of the splitting which
focuses on simply pulling out the larger or esoteric modules and
having a more featureful core.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 23 Jul 2024 14:22:40 +0000 (15:22 +0100)]
pseudo: Fix to work with glibc 2.40
glibc 2.40 renames some internal header variables. Update our hack to
work with the new version. These kinds of problems illustrate we need to
address the issue properly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rootfs: Ensure run-postinsts is not uninstalled for read-only-rootfs-delayed-postinsts
This patch ensures that pkg_postinst_ontarget task is executed for read only rootfs when
read-only-rootfs-delayed-postinsts is set as IMAGE_FEATURES. The issue was that run-postinsts
could be uninstalled at the end of rootfs construction and that shouldn't happen for
the delayed usecase.
In addition to the fix, a test in meta/lib/oeqa/selftest/cases/overlayfs.py testing
the fix has been implemented.
Niko Mauno [Thu, 4 Jul 2024 07:15:18 +0000 (07:15 +0000)]
systemd: Mitigate /var/tmp type mismatch issue
The base-files recipe provides /var/tmp -> /var/volatile/tmp symlink
which is in conflict with systemd upstream tmpfiles.d/tmp.conf which
defines it as a directory (or subvolume on btrfs).
This generates following error in journal:
Jul 03 15:37:21 qemux86-64 systemd-tmpfiles[158]: "/var/tmp" already exists and is not a directory.
Mitigate the issue by defining /var/tmp as symlink corresponding to
the one created by base-files.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Jose Quaresma [Wed, 17 Jul 2024 12:34:22 +0000 (13:34 +0100)]
oeqa/runtime/scp: requires openssh-sftp-server
The SCP protocol was deprecated in favor of the SFTP.
For the legacy SCP protocol scp should be run with "-O".
Instead of adding "-O" on the scp_options ssh oeqa we can
require the openssh-sftp-server to be instaled on the target.
This way the test will work more deterministic regardless of
the host machine client used.
For the old fashion clients still using legacy SCP protocol
the openssh-sshd server will be used, for the new ones using
the SFTP the openssh-sftp-server will be picked.
Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Richard Purdie [Mon, 22 Jul 2024 14:27:50 +0000 (15:27 +0100)]
time64.inc: Add warnings exclusion for known toolchain problems for now
Fixing our infrastructure to show warnings for nativesdk packages resulted
in some issues with 32 bit toolchains and 32 bit time becoming clear.
For now, add INSANE_SKIP entries for these which effectively documents
the issue and allows us to at least start running the tests in the
infrastructure.
Over time we will need to try and fix these if upstream doesn't.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd started to warn about used but unset environment variables.
Let us set watchdog_module=none which is used by the watchdog.service to get
rid of the following warning:
watchdog.service: Referenced but unset environment variable evaluates to an empty string: watchdog_module
Signed-off-by: Wadim Egorov <w.egorov@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Mon, 22 Jul 2024 08:15:11 +0000 (10:15 +0200)]
kernel.bbclass: add original package name to RPROVIDES for -image and -base
* -image and -base change PKG to:
PKG:${KERNEL_PACKAGE_NAME}-image = "${KERNEL_PACKAGE_NAME}-image-${@legitimize_package_name(d.getVar(KERNEL_VERSION))}"
PKG:${KERNEL_PACKAGE_NAME}-base = "${KERNEL_PACKAGE_NAME}-${@legitimize_package_name(d.getVar(KERNEL_VERSION))}"
* but only when debian.bbclass is inheritted they add the original package name into RPROVIDES by:
https://git.openembedded.org/openembedded-core/commit/?id=3409c4379559afbb1d1d29045582995147a33bbc
* fixes the build if some packagegroup or something RDEPENDS on kernel-image or kernel-base
and the DISTRO doesn't inherit debian.bbclass
* as shown in pkgdata:
linux-raspberrypi $ egrep "^(PKG:)|(RPRO)" 6.6.36+git-*/pkgdata/runtime/kernel-image
6.6.36+git-debian/pkgdata/runtime/kernel-image:RPROVIDES:kernel-image: kernel-image (=6.6.36+git@PRSERV_PV_AUTOINC@+733366844f_769634f344)
6.6.36+git-debian/pkgdata/runtime/kernel-image:PKG:kernel-image: kernel-image-6.6.36-v8
6.6.36+git-without-debian/pkgdata/runtime/kernel-image:PKG:kernel-image: kernel-image-6.6.36-v8
Below commits on binutils-2.42 stable branch are updated. 29ae8b8ea71 x86-64: Skip -z mark-plt tests on MUSL 92cc764e58f hppa: Fix handling of relocations that apply to data c439c1e1f56 elf: Add glibc version dependency only if needed 68ae8e2a849 ld: pass -g for ld-elf tests a1e3cb45c67 aarch64: Enable +cssc for armv8.9-a
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gobject-introspection: split tools and giscanner into a separate package
The tools and giscanner require python3-setuptools at runtime. This increases
the image size quite a bit (on my end ~1.7MB compressed). Most users don't need
these tools in the final image so make them optional.
This commit introduces a new packcage gobject-introspection-tools
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* The <stdbit.h> header type-generic macros have been changed when using
GCC 14.1 or later to use __builtin_stdc_bit_ceil etc. built-in functions
in order to support unsigned __int128 and/or unsigned _BitInt(N) operands
with arbitrary precisions when supported by the target.
* The GNU C Library now supports a feature test macro _ISOC23_SOURCE to
enable features from the ISO C23 standard. Only some features from
this standard are supported by the GNU C Library. The older name
_ISOC2X_SOURCE is still supported. Features from C23 are also enabled
by _GNU_SOURCE, or by compiling with the GCC options -std=c23,
-std=gnu23, -std=c2x or -std=gnu2x.
* The following ISO C23 function families (introduced in TS
18661-4:2015) are now supported in <math.h>. Each family includes
functions for float, double, long double, _FloatN and _FloatNx, and a
type-generic macro in <tgmath.h>.
- Exponential functions: exp2m1, exp10m1.
- Logarithmic functions: log2p1, log10p1, logp1.
* A new tunable, glibc.rtld.enable_secure, can be used to run a program
as if it were a setuid process. This is currently a testing tool to allow
more extensive verification tests for AT_SECURE programs and not meant to
be a security feature.
* On Linux, the epoll header was updated to include epoll ioctl definitions
and the related structure added in Linux kernel 6.9.
* The fortify functionality has been significantly enhanced for building
programs with clang against the GNU C Library.
* Many functions have been added to the vector library for aarch64:
acosh, asinh, atanh, cbrt, cosh, erf, erfc, hypot, pow, sinh, tanh
* On x86, memset can now use non-temporal stores to improve the performance
of large writes. This behaviour is controlled by a new tunable
x86_memset_non_temporal_threshold.
Deprecated and removed features, and other changes affecting compatibility:
* Architectures which use a 32-bit seconds-since-epoch field in struct
lastlog, struct utmp, struct utmpx (such as i386, powerpc64le, rv32,
rv64, x86-64) switched from a signed to an unsigned type for that
field. This allows these fields to store timestamps beyond the year
2038, until the year 2106. Please note that applications are still
expected to migrate off the interfaces declared in <utmp.h> and
<utmpx.h> (except for login_tty) due to locking and session management
problems.
* __rseq_size now denotes the size of the active rseq area (20 bytes
initially), not the size of struct rseq (32 bytes initially).
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Fri, 19 Jul 2024 18:58:18 +0000 (13:58 -0500)]
selftest-hardlink: Add additional test cases
Additional test cases for debug symlink generation both binaries
and static libraries.
This also has the side effect of testing for race conditions in the
hardlink debug generation and stripping.
Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Fri, 19 Jul 2024 18:58:17 +0000 (13:58 -0500)]
package.py: Fix static library processing
When PACKAGE_STRIP_STATIC is enabled the system did not pay attention to
hardlinks. This could trigger a race condition during stripping of static
libraries where multiple strips (through hardlinks) could run at the same
time triggering a truncated or modified file error.
The hardlink breaking code is based on the existing code for elf files, but
due to the nature of the symlinks needed to be done in a separate block of
code.
Add support for static-library debugfs hardlinking through the existing
inode processing code.
Print a note to the logs if the link target can't be found. This isn't
strictly an error, but may be useful for debugging an issue where a file
isn't present.
Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
recipeutils/get_recipe_upgrade_status: group recipes when they need to be upgraded together
This will allow 'lockstep upgrades' of such recipes, improving success
rates in automated version updating process.
devtool check-upgrade-status now prints:
These recipes need to be upgraded together {
glib-2.0 2.80.2 2.80.4 Anuj Mittal <anuj.mittal@intel.com>
glib-2.0-initial 2.80.2 2.80.4 Anuj Mittal <anuj.mittal@intel.com>
}
These recipes need to be upgraded together {
util-linux 2.39.3 2.40.2 Chen Qi <Qi.Chen@windriver.com>
util-linux-libuuid 2.39.3 2.40.2 Chen Qi <Qi.Chen@windriver.com>
}
These recipes need to be upgraded together {
cmake 3.29.3 3.30.0 Unassigned <unassigned@yoctoproject.org>
cmake-native 3.29.3 3.30.0 Unassigned <unassigned@yoctoproject.org>
}
etc.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lib/recipeutils: add a function to determine recipes with shared include files
This functionality is needed for 'lockstep version upgrades' where several
recipes need to be upgraded at the same time to produce a buildable
outcome.
The function itself obtains BBINCLUDED for each recipe and then massages
the data until it takes the form of a list of sets:
There's also a selftest that checks for the above.
Unfortunately this won't detect mutually exclusive recipes like mesa and mesa-gl
as they're chosen with PREFERRED_PROVIDER and can't be enabled in the same build
at the same time. ('devtool upgrade' will also accept just one of them but not the other)
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lib/oe/recipeutils: return a dict in get_recipe_upgrade_status() instead of a tuple
Putting various things in a tuple is an anti-pattern of sorts, as the consumers
have to unpack it into local variables for readability, or access items directly
with indexes, which makes code pretty much unreadable.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Fri, 19 Jul 2024 18:58:16 +0000 (13:58 -0500)]
package.py: Fix static debuginfo split
Fix:
NameError: name 'shutil' is not defined
Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
** libgnutls: PBMAC1 is now supported as a MAC mechanism for PKCS#12
To be compliant with FIPS 140-3, PKCS#12 files with MAC based on
PBKDF2 (PBMAC1) is now supported, according to the specification
proposed in draft-ietf-lamps-pkcs12-pbmac1.
** libgnutls: SHA3 extendable output functions (XOF) are now supported
SHA3 XOF, SHAKE128 and SHAKE256, are now usable through a new
public API gnutls_hash_squeeze.
** API and ABI modifications:
gnutls_pkcs12_generate_mac3: New function
gnutls_pkcs12_flags_t: New enum
gnutls_hash_squeeze: New function
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Improve 'unknown status' error message by including the CVE id and by
quoting status field. Otherwise it might be troublesome to understand
messages like 'do_create_spdx: Unknown CVE status ' (the status was
empty).
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Below commits on glibc-2.39 stable branch are updated. e8f5217097 Linux: Make __rseq_size useful for feature detection (bug 31965) 143a7a0623 elf: Make dl-rseq-symbols Linux only 1062ebbd19 nptl: fix potential merge of __rseq_* relro symbols 5c46e6b666 s390x: Fix segfault in wcsncmp [BZ #31934] a036311246 stdlib: fix arc4random fallback to /dev/urandom (BZ 31612) d2cbfcf1d9 math: Provide missing math symbols on libc.a (BZ 31781) d473c9bb3b math: Fix isnanf128 static build (BZ 31774) 3950cbd7a1 math: Fix i386 and m68k exp10 on static build (BZ 31775) 6cb25aff85 math: Fix i386 and m68k fmod/fmodf on static build (BZ 31488) 74630b1bb7 posix: Fix pidfd_spawn/pidfd_spawnp leak if execve fails (BZ 31695) 7f9f25f255 Linux: Include <dl-symbol-redir-ifunc.h> in dl-sysdep.c 198632a05f NEWS: update list of fixed CVEs in 2.39 77bb3c7154 NEWS: update list of fixed bugs in 2.39 f05638731e x86: Properly set x86 minimum ISA level [BZ #31883] b7f5b0a711 x86: Properly set MINIMUM_X86_ISA_LEVEL for i386 [BZ #31867] e1d0040a6d localedata: ssy_ER: Fix syntax error 9de9cd17e7 malloc: New test to check malloc alternate path using memory obstruction a2da98aa2a malloc: Improve aligned_alloc and calloc test coverage. 305ee48826 malloc/Makefile: Split and sort tests 00899eba26 x86/cet: fix shadow stack test scripts 6ade91c211 elf: Avoid some free (NULL) calls in _dl_update_slotinfo 70f560fc22 misc: Add support for Linux uio.h RWF_NOAPPEND flag c9d8534406 i386: Disable Intel Xeon Phi tests for GCC 15 and above (BZ 31782) aee37de299 Reinstate generic features-time64.h dd535f4f19 Always define __USE_TIME_BITS64 when 64 bit time_t is used 26e7005728 socket: Use may_alias on sockaddr structs (bug 19622) 9f2b100d67 parse_fdinfo: Don't advance pointer twice [BZ #31798]
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 19 Jul 2024 13:25:20 +0000 (14:25 +0100)]
ruby: upgrade 3.3.0 -> 3.3.4
3.3.4:
This release fixes a regression in Ruby 3.3.3 that dependencies are missing in
the gemspec of some bundled gems: net-pop, net-ftp, net-imap, and prime [Bug
like Heroku. If your bundle install runs correctly now, you may not have this
issue.
3.3.3:
This release includes:
RubyGems 3.5.11
Bundler 2.5.11
REXML 3.2.8
strscan 3.0.9
--dump=prism_parsetree is replaced by --parser=prism --dump=parsetree
Invalid encoding symbols raise SyntaxError instead of EncodingError
Memory leak fix in Ripper parsing
Bugfixes for YJIT, **{}, Ripper.tokenize, RubyVM::InstructionSequence#to_binary,
--with-gmp, and some build environments
3.3.2:
This release includes many bug-fixes. See the GitHub releases for further details.
3.3.1:
This release includes security fixes. Please check the topics below for details.
CVE-2024-27282: Arbitrary memory address read vulnerability with Regex search
CVE-2024-27281: RCE vulnerability with .rdoc_options in RDoc
CVE-2024-27280: Buffer overread vulnerability in StringIO
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa/selftest/reproducibile: rename of reproducible directories
We do see a few reproducible issues are depending on the path length of the build directory.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15554
The current implementation of reproducible tests having different names for directories but with same length.
The build directory names are changed to have different length.
Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 18 Jul 2024 14:48:28 +0000 (15:48 +0100)]
openssl: strip the test suite
The test suite is huge because every test binary is statically linked to
libssl and/or libcrypto. This bloats the size of the -dbg package hugely,
so strip the test suite before packaging.
This reduces the size of openssl-dbg by 90% from ~1.2GB to ~120MB, and
reduces the size of the build tree from ~1.9GB to ~800MB.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 17 Jul 2024 21:27:00 +0000 (22:27 +0100)]
qemu: Drop mips workaround
In local testing this appears to not be needed any more. Since the bash dependency
is painful in many different ways, particularly being injected at do_package time,
drop it all.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To fulfill OverlayFS workdir requirements, the mount-copybind script
creates a workdir. But if the mount operation fails for any reason,
the workdir is left there.
Then, subsequent runs of mount-copybind will again try to
create the directory and pollute system logs with failed mkdir error
messages.
This commit mitigates the problem by unconditionally removing workdir
if the OverlayFS is not used or fails to run.
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com> Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
volatile-binds: Do not create workdir if OverlayFS is disabled
When the mountpoint parameter is a directory, the mount-copybind will
first try to use OverlayFS. Because of that, it needs to create the
OverlayFS workdir (determined by the overlay_workdir).
But if the environment variable MOUNT_COPYBIND_AVOID_OVERLAYFS is set
to "1", the script uses bind mount. In that case, the overlay_workdir
is useless, leaving the spec parent directory in a dirty state.
This commit changes mount-copybind so that the overlay_workdir is only
created when MOUNT_COPYBIND_AVOID_OVERLAYFS is not set to 1.
Signed-off-by: Ricardo Simoes <ricardo.simoes@pt.bosch.com> Signed-off-by: Mark Jonas <mark.jonas@de.bosch.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
projects / thirdparty / openembedded / openembedded-core.git / log
