Ovidiu Panait [Thu, 14 Nov 2024 08:58:24 +0000 (16:58 +0800)]
webkitgtk: fix perl-native dependency
Currently, perl-native is missing from DEPENDS for webkitgtk even though
perlnative bbclass is inherited. This happens because the DEPENDS variable is
reassigned right after perlnative class is inherited:
Wang Mingyu [Wed, 9 Oct 2024 05:49:12 +0000 (13:49 +0800)]
wireless-regdb: upgrade 2024.07.04 -> 2024.10.07
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f124bb09a798d94eca5e93387bc361b147ce53f9) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a
local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg version n6.1 was discovered to contain a heap buffer overflow vulnerability
in the draw_block_rectangle function of libavfilter/vf_codecview.c. This vulnerability
allows attackers to cause undefined behavior or a Denial of Service (DoS) via crafted input.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.n6.1-3-g466799d4f5 allows a local attacker
to execute arbitrary code via the av_malloc function in libavutil/mem.c:105:9 component.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local
attacker to execute arbitrary code via the libavutil/imgutils.c:353:9 in image_copy_plane.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
FFmpeg 7.0 is vulnerable to Buffer Overflow. There is a negative-size-param
bug at libavcodec/mpegvideo_enc.c:1216:21 in load_input_picture in FFmpeg7.0
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 8 Nov 2024 14:53:36 +0000 (15:53 +0100)]
pseudo: Fix envp bug and add posix_spawn wrapper
Fix pseudo with python 3.13 by adding a wrapper for posix_spawn and
fixing a NULL pointer dereference in envp handling it uncovered. This
fixes issues on Fedora 41.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 8 Nov 2024 14:53:34 +0000 (15:53 +0100)]
pseudo: Fix to work with glibc 2.40
glibc 2.40 renames some internal header variables. Update our hack to
work with the new version. These kinds of problems illustrate we need to
address the issue properly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 8 Nov 2024 14:53:31 +0000 (15:53 +0100)]
pseudo: Update to pull in gcc14 fix and missing statvfs64 intercept
rpm 4.19 now builds with LFS64 support enabled by default,
so it calls statvfs64() to get the space available on the
filesystem it is installing packages into. This is not
getting caught by pseudo, so rpm is checking the host's
root filesystem, rather than the filesystem where the
build is happening.
Merge in that fix and a gcc14 fix.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 8 Nov 2024 14:53:27 +0000 (15:53 +0100)]
pseudo: Switch back to the master branch
OE is the main user of pseudo and we've had the changes in the oe-core branch
around long enough that we're going to run with them. Swicth back to directly
using the master branch.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Luca: re-add 'branch' parameter to fix "does not set any branch parameter" warning] Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Wed, 6 Nov 2024 18:12:42 +0000 (18:12 +0000)]
pseudo: Update to pull in linux-libc-headers race fix
Update to pull in:
pseudo.c: Avoid patch mismatch errors for NAMELESS file entries
In rare cases we see failures, often in linux-libc-headers for things like:
| INSTALL /XXX/linux-libc-headers/6.1-r0/image/usr/include
| abort()ing pseudo client by server request. See https://wiki.yoctoproject.org/wiki/Pseudo_Abort for more details on this.
Pseudo log:
path mismatch [2 links]: ino 46662476 db 'NAMELESS FILE' req '/XXX/linux-libc-headers/6.1-r0/image/usr'.
Setup complete, sending SIGUSR1 to pid 3630890.
Whilst this doesn't easily reproduce, the issue is that multiple different processes are
likely working on the directory and the creation in pseudo might not match accesses
made by other processes.
Ultimately, the "NAMELESS FILE" is harmless and pseudo will reconcile things
so rather than error out, we should ignore this case.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4f30a1a74828e105cbe69677b3fbe5623f371543) Signed-off-by: Fabio Berton <fabio.berton@criticaltechworks.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Philip Lorenz [Thu, 7 Nov 2024 07:58:41 +0000 (08:58 +0100)]
cmake: Fix sporadic issues when determining compiler internals
When `-pipe` is enabled, GCC passes data between its different
executables using pipes instead of temporary files. This leads to issues
when cmake attempts to infer compiler internals via the `-v` parameter
as each executable will print to `stderr` in parallel.
In turn this may lead to compilation issues down the line as for example
the system include directories could not be determined properly which
may then propagate to issues such as:
recipe-sysroot/usr/include/c++/11.3.0/cstdlib:75:15: fatal error:
stdlib.h: No such file or directory
| 75 | #include_next <stdlib.h>
| | ^~~~~~~~~~
| compilation terminated.
| ninja: build stopped: subcommand failed.
| WARNING: exit code 1 from a shell command.
Fix this stripping `-pipe` from the command line used to determine
compiler internals.
Signed-off-by: Philip Lorenz <philip.lorenz@bmw.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ola x Nilsson [Thu, 13 Apr 2023 06:46:31 +0000 (08:46 +0200)]
patch.py: Use shlex instead of deprecated pipe
The pipe library is deprecated in Python 3.11 and will be removed in
Python 3.13. pipe.quote is just an import of shlex.quote anyway.
Clean up imports while we're at it.
Signed-off-by: Ola x Nilsson <olani@axis.com> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 5f33c7b99a991c380d1813da8248ba5470ca4d4e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Peter Marko [Tue, 12 Nov 2024 17:43:14 +0000 (18:43 +0100)]
expat: patch CVE-2024-50602
Pick commits from https://github.com/libexpat/libexpat/pull/915
Not picking test is suboptimal, but test structure was changed meanwhile
so we'd have to invent new code.
Skipping tests was already done in previous expat/kirkstone CVE patches.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Martin Jansa [Mon, 4 Nov 2024 14:59:21 +0000 (15:59 +0100)]
xmlto: backport a patch to fix build with gcc-14 on host
* need to add dependency on flex-native because now when the
.l file is modified by the .patch file it will try to regenerate
the c code and fail:
| make[1]: Entering directory 'work/x86_64-linux/xmlto-native/0.0.28-r0/build'
| /bin/bash ../xmlto-0.0.28/ylwrap ../xmlto-0.0.28/xmlif/xmlif.l .c xmlif/xmlif.c -- /bin/bash 'work/x86_64-linux/xmlto-native/0.0.28-r0/xmlto-0.0.28/missing' flex
| work/x86_64-linux/xmlto-native/0.0.28-r0/xmlto-0.0.28/missing: line 81: flex: command not found
| WARNING: 'flex' is missing on your system.
| You should only need it if you modified a '.l' file.
| You may want to install the Fast Lexical Analyzer package:
| <https://github.com/westes/flex>
* backport
https://pagure.io/xmlto/c/32376c053733c6c0ebaca3c25c0725509342fdf3?branch=master
as well, so that patched xmlif/xmlif.c is newer than xmlif/xmlif.l and the build
won't try to regenerate it with flex as that leads to random build failures reported
in:
https://lists.openembedded.org/g/openembedded-core/message/206412
https://errors.yoctoproject.org/Errors/Details/810853/
https://lists.openembedded.org/g/openembedded-core/message/206496
https://valkyrie.yoctoproject.org/#/builders/29/builds/355
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Tue, 19 Jul 2022 16:32:32 +0000 (17:32 +0100)]
package: Switch debug source handling to use prefix map
Reproducible builds are no longer a configuration option but are required.
We also rely on the prefix mapping capability of the compilers now.
As such, rewrite the source locating code to use the prefix maps instead
of taking a guess about WORKDIR which isn't correct for kernels, gcc,
externalsrc and probably more.
Instead, iterate the maps to locate any matching source code, keeping
in mind that multiple maps may map to one target location.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cbd6144a9769d21371ae0fe04db2adc05f6eed02) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ruiqiang Hao [Fri, 1 Nov 2024 07:15:33 +0000 (15:15 +0800)]
gcc: restore a patch for Neoverse N2 core
Commit 7806e21e7d47 ("gcc: upgrade to v11.5") removed one patch named
0001-aarch64-Update-Neoverse-N2-core-defini.patch by mistake, this will
cause the Neoverse N2 core to be identified as the armv8.5 architecture,
restore this patch to avoid related compilation issues.
Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Tue, 13 Aug 2024 12:16:38 +0000 (05:16 -0700)]
cve_check: Use a local copy of the database during builds
Rtaher than trying to use a sqlite database over NFS from DL_DIR, work from
a local copy in STAGING DIR after fetching.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 03596904392d257572a905a182b92c780d636744) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Martin Jansa [Sun, 27 Oct 2024 14:12:11 +0000 (15:12 +0100)]
vala: add -Wno-error=incompatible-pointer-types work around
* to allow building vala-native on hosts with gcc-14
* we could backport:
https://gitlab.gnome.org/GNOME/vala/-/commit/23ec71b1a5c4cead3d1bdac82e184d0a63fa7b79
which is already included in scarthgap, but that's big patch doing almost the same
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Khem Raj [Fri, 25 Oct 2024 19:51:54 +0000 (21:51 +0200)]
zip: Fix build with gcc-14
zip's configure fails to link this piece of test code:
int main() { return closedir(opendir(".")); }
with GCC-14 because it now treats implicit declaration of function
as error, unline older GCC version where it was just a warning
and this test would build fine.
Remove 0002-unix.c-Do-not-redefine-DIR-as-FILE.patch which
is now unnecessary (MJ: this part wasn't applicable for kirkstone).
Signed-off-by: Zoltán Böszörményi <zboszor@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3422411eb750c7e960b81676637cfb321dbadefb) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Khem Raj [Fri, 25 Oct 2024 19:51:53 +0000 (21:51 +0200)]
zip: Make configure checks to be more robust
Newer compilers are strict and have turned some warnings into hard
errors which results in subtle configure check failures. Therefore fix
these tests and also enable largefile support via cflags when its
desired
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
nativesdk-intercept: Fix bad intercept chgrp/chown logic
Running either of these ends up corrupting the os.execv args.
If we run:
./scripts/nativesdk-intercept/chown -R foo:foo bar
The loop here ends up missing the conversion of foo:foo to root:root because
it sees sys.argv[0] and assumes that it's the user:group argument and that we
should convert that. We end up a os.execv(path, args) that have the following
args:
['root:root', '-R', 'foo:foo', 'bar']
As os.execv ignores args[0], we can just populate it with sys.argv[0] and then
loop through sys.argv[1:]. As both chgrp and chown would have either flags and
USER[:GROUP] next, this fixes the issue.
Signed-off-by: Eilís 'pidge' Ní Fhlannagáin <pidge@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
overlayfs-etc: add option to skip creation of mount dirs
The 'preinit' script can't create mount directories when rootfs is
read-only. Add an option to skip this step. The user must make sure that
all required directories are already in the rootfs directory layout.
Wang Mingyu [Wed, 25 Sep 2024 06:48:56 +0000 (14:48 +0800)]
orc: upgrade 0.4.39 -> 0.4.40
Changelog:
===========
- Security: Minor follow-up fixes for CVE-2024-40897
- powerpc: fix div255w which still used the inexact substitution
- x86: work around old GCC versions (pre 9.0) having broken xgetbv
implementations
- x86: consider MSYS2/Cygwin as Windows for ABI purposes only
- x86: handle unnatural and misaligned array pointers
- orccodemem: Assorted memory mapping fixes
- Fix include header use from C++
- Some compatibility fixes for Musl
- ppc: Disable VSX and ISA 2.07 for Apple targets
- ppc: Allow detection of ppc64 in Mac OS
- x86: Fix non-C11 typedefs
- meson: Fix detecting XSAVE on older AppleClang
- x86: try fixing AVX detection again by adding check for XSAVE
- Check return values of malloc() and realloc()
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed7e4eb12491968c5f962b7e89d557c2c6d86a33) Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVSS v4.0 was released in November 2023
NVD announced support for it in June 2024
Current stats are:
* cvss v4 provided, but also v3, so cve-check showed a value
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0;
2069
* only cvss v4 provided, so cve-check did not show any
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0;
260
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Antoine Lubineau <antoine.lubineau@easymile.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Yogita Urade [Thu, 24 Oct 2024 08:02:35 +0000 (08:02 +0000)]
qemu: fix CVE-2023-3019
A DMA reentrancy issue leading to a use-after-free error
was found in the e1000e NIC emulation code in QEMU. This
issue could allow a privileged guest user to crash the
QEMU process on the host, resulting in a denial of service.
CVE-2023-3019-0002 is the CVE fix and CVE-2023-3019-0001
is dependent CVE fix.
fix indent issue in qemu.inc file.
CVE-2023-3019 patch required Mem ReenttranceyGuard structure
definition, it's defined in commit:
https://github.com/qemu/qemu/commit/a2e1753b8054344f32cf94f31c6399a58794a380
but the patch is causing errors:
Failed: qemux86 does not shutdown within timeout(120)
so backported only required structure definition.
Khem Raj [Fri, 2 Feb 2024 08:19:08 +0000 (00:19 -0800)]
syslinux: Disable error on implicit-function-declaration
syslinux has vendored copy of ext2fs/ext2_fs.h but uses ext2fs/ext2fs.h
from e2fsprogs package, however, ext2fs/ext2fs.h has dependencies on
ext2fs/ext2_fs.h coming from e2fsprogs package as these both headers
come from same package, here syslinux uses ext2fs.h from e2fsprogs but
supplies its own copy of ext2_fs.h which maybe out of sync and that
results in warnings about implicit implicit-function-declarations
e.g.
recipe-sysroot/usr/include/ext2fs/ext2fs.h:727:16: error: implicit declaration of function 'ext2fs_has_feature_gdt_csum' [-Wimplicit-function-declaration]
| 727 | ext2fs_has_feature_gdt_csum(fs->super);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~
ext2fs_has_feature_gdt_csum here comes from newer version of
ext2fs/ext2_fs.h but missing from vendored copy, hence the warning.
With gcc-14 this warning is treated as error by default, which breaks
the build, so lets treat it as warning only.
All these functions are never used in syslinux, so functionality-wise we
are fine.
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a2b30108055e68b62fdad7319d7d569bc38a07b4) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Peter Marko [Sun, 13 Oct 2024 12:56:42 +0000 (14:56 +0200)]
gcc: ignore CVE-2023-4039
Last version bump removed patch for this CVE because it was integrated
in new release. This has caused the CVE to reappear in reports because
2023-09-12 is "higher" than 11.5...
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Steve Sakoman [Thu, 10 Oct 2024 13:29:36 +0000 (06:29 -0700)]
valgrind: disable avx_estimate_insn.vgtest
This test fails consistently on the new valkyrie autobuilder cluster
The estimate instructions (rcpss, rcpps, rsqrtps, rsqrtss) are, as the
name suggests, not expected to give a fully accurate result. They may
produce slighly different results on different CPU families because
their results are not defined by the IEEE standard.
zstd is dual-licensed under BSD _OR_ GPLv2 which was updated in the README for v1.5.6.
License wording in the README for v1.5.2 is misleading, but license headers in the code
clearly state that there is a choice between the two licenses.
Martin Jansa [Tue, 21 May 2024 06:35:57 +0000 (08:35 +0200)]
cdrtools-native: fix build with gcc-14
Fixes:
http://errors.yoctoproject.org/Errors/Details/770525/
| checking whether the C compiler (gcc -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe ) works... no
| configure: error: installation or configuration problem: C compiler cannot create executables.
| RULES/rules.cnf:70: incs/amd-ryzen-threadripper-3970x-32-core-processor-linux-cc/rules.cnf: No such file or directory
| make: *** [RULES/rules.cnf:59: incs/amd-ryzen-threadripper-3970x-32-core-processor-linux-cc/rules.cnf] Error 1
| make: *** Waiting for unfinished jobs....
where config.log show it's caused by gcc-14:
configure:1189: checking whether the C compiler (gcc -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe ) works
configure:1211: gcc -o conftest -isystem/OE/build/oe-core/tmp-glibc/work/x86_64-linux/cdrtools-native/3.01/recipe-sysroot-native/usr/include -O2 -pipe -D_GNU_SOURCE conftest.c 1>&5
configure:1208:1: error: return type defaults to 'int' [-Wimplicit-int]
configure: failed program was:
main(){return(0);}
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 094273bd7d1768e14fbdcd2f239bee14c630a625) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Martin Jansa [Sun, 6 Oct 2024 06:57:46 +0000 (08:57 +0200)]
meta-world-pkgdata: Inherit nopackages
Since this is a recipe with PACKAGES = "", inherit the nopackages
class to skip the various packaging functions which wouldn't do anything anyway.
This fixes errors from buildhistory changes where packages-split would be empty.
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Martin Jansa [Mon, 30 Sep 2024 16:37:29 +0000 (11:37 -0500)]
populate_sdk_base: inherit nopackages
Since this bbclass sets PACKAGES = "", inherit the nopackages
class to skip the various packaging functions which wouldn't
do anything anyway.
This fixes errors from buildhistory changes where packages-split would be empty.
e.g. meta-toolchain build now fails with:
| DEBUG: Executing shell function buildhistory_list_pkg_files
| find: ".../meta-toolchain/1.0/packages-split/*": No such file or directory
| WARNING: exit code 1 from a shell command.
| DEBUG: Python function buildhistory_emit_pkghistory finished
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.com> Signed-off-by: Atharva Nandanwar <atharvanandanwar@outlook.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
kmscube: Add patch to fix -int-conversion build error
On some platforms, `EGLNativeDisplayType` is an int instead of
a pointer, in which case the void pointer will raise
a `-Wint-conversion`.
Add change as a patch instead of updating SRCREV .
if we update SRCREV might will get compatiblity issue
with current gstreamer 1.20.7 version because SRCREV brings changes
which resolves negotiation issues encountered with V4L2 stateless
hardware video decoders when using kmscube video playback option
which has gstreamer dependency requirement to 1.22.0
Signed-off-by: Purushottam Choudhary <purushottam27.kumar@lge.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
The "Test installation" step fails with some harmless error messages
(see [1]). This can however make a user think that the buildtools
have not been installed correctly.
Two reasons for the error messages:
- some envvars in the environment-setup-<arch>-pokysdk-linux file
start and end with double quotes (e.g., PATH) and are as such
written into python os.environ. This leads that their usage is
not valid later when testing the installation. This patch removes
the double quotes before writing, if they are present.
- if installation directory (install_dir), given through the option
--directory, is given as a relative path, checking if the path to
a tool (e.g., gcc) in buildtools starts it will always fail. This
patch converts the install_dir variable to an absolute path.
[1]
ERROR: Something went wrong: tar not found in ./build-tools
ERROR: Something went wrong: installation failed
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e4eb0b14ecf9bd2fba13260441c9d86eb348f41e) Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
No need to validate with the md5 checksum, as the file is not even
uploaded to the Yocto release webpage (the download never failed due
to a wrong indentation of an else statement). For validation purposes,
use the sha256 checksum only.
Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b740d2f9d40aef1e18c022d1e82b4fb2c5c1fc22) Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Paul Eggleton [Tue, 24 Sep 2024 23:05:14 +0000 (01:05 +0200)]
install-buildtools: support buildtools-make-tarball and update to 4.1
Support installing buildtools-make-tarball that is built in version 4.1
and later for build hosts with a broken make version. Also update the
default version values to 4.1.
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5d539268d0c7b8fad1ba9352c7f2d4b81e78b75c) Signed-off-by: Aleksandar Nikolic <aleksandar.nikolic@zeiss.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Below commits on glibc-2.35 stable branch are updated. 37214df5f1 libio: Attempt wide backup free only for non-legacy code 09fb06d3d6 nptl: Use <support/check.h> facilities in tst-setuid3 507983797e posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64 bcd0e854ea ungetc: Fix backup buffer leak on program exit [BZ #27821] e930b89df7 ungetc: Fix uninitialized read when putting into unused streams [BZ #27821] a3db6ce751 Make tst-ungetc use libsupport ed9762fdbf stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650] cf71d2189c support: Add FAIL test failure helper 5b4e90230b stdio-common: Reformat Makefile. 3c64e961ff Fix name space violation in fortify wrappers (bug 32052) ba003ee5de resolv: Fix tst-resolv-short-response for older GCC (bug 32042) 5a1d0633be Add mremap tests 0ff91d3961 mremap: Update manual entry 7459b6fe47 linux: Update the mremap C implementation [BZ #31968] 461d0cac38 tests: replace system by xsystem 041ac9dffe resolv: Track single-request fallback via _res._flags (bug 31476) 820a750bed resolv: Do not wait for non-existing second DNS response after error (bug 30081) 4f5aa1d2fb resolv: Allow short error responses to match any query (bug 31890) a180e82837 Linux: Make __rseq_size useful for feature detection (bug 31965) f8a52d39c0 elf: Make dl-rseq-symbols Linux only d36daa4c01 nptl: fix potential merge of __rseq_* relro symbols 602fff4efa Add AT_RSEQ_* from Linux 6.3 to elf.h c7cd626538 s390x: Fix segfault in wcsncmp [BZ #31934]
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Deepthi Hemraj [Tue, 1 Oct 2024 11:48:55 +0000 (04:48 -0700)]
gcc: upgrade to v11.5
gcc stable version upgraded from v11.4 to v11.5
Dropped CVE-2023-4039.patch and 0001-aarch64-Update-Neoverse-N2-core-defini.patch
because its been taken to gcc-11.5 with below commits 75c37e0314 and 50d9db203bc
For changes in v11.5 see: https://gcc.gnu.org/gcc-11/changes.html
Below is the bug fix list for v11.5:
https://gcc.gnu.org/bugzilla/buglist.cgi?bug_status=RESOLVED&list_id=444046&resolution=FIXED&target_milestone=11.5
There are a total 164 bugs are fixed in this release, below is the list of bugs fixed excluding the regression fixes.
ID Product Comp Assignee▲ Summary
112672 gcc target ubizjak [14 Regression] wrong code with __builtin_parityl() at -O and above on x86_64
111736 gcc sanitize unassigned Address sanitizer is not compatible with named address spaces
80899 gcc ipa hubicka [11/12/13/14 Regression] Devirtualization causes incorrect code generation with placement new in some cases
105301 gcc c++ iains [11 Regression] ICE: tree check: expected tree that contains 'decl minimal' structure, have 'overload' in coro_promise_type_found_p, at cp/coroutines.cc:516
110027 gcc middle-e jakub [11 regression] Stack objects with extended alignments (vectors etc) misaligned on detect_stack_use_after_return
110079 gcc rtl-opti jakub [11 Regression] ICE with -freorder-blocks-and-partition and inline-asm goto
110731 gcc tree-opt jakub [11/12 Regression] Wrong-code because of wide-int division since r5-424
111015 gcc tree-opt jakub [11/12/13/14 Regression] __int128 bitfields optimized incorrectly to the 64 bit operations
112727 gcc sanitize jakub [11/12/13 Regression] UBSAN creates GIMPLE path with uninitialized variable
113674 gcc c++ jakub [11 Regression] [[____attr____]] causes internal compiler error: in decl_attributes, at attribs.cc:776
114310 gcc target jakub [11 Regression] [aarch64] __sync_val_compare_and_swap fails on __int128_t with newval = 0
114493 gcc c jakub [11 Regression] internal compiler error: in fld_incomplete_type_of with may_alias
114566 gcc tree-opt jakub [11 Regression] Misaligned vmovaps when compiling with stack-protector-strong for znver4
114634 gcc c++ jakub [11 Regression] Crash Issue Encountered in GCC Compilation of Template Code with Aligned Attribute since r9-1745
114691 gcc c++ jakub [11 Regression] Bogus ignoring loop annotation warning
114825 gcc fortran Jakub [11 Regression] Compiler error using gfortran and OpenMP since r5-1190
114876 gcc tree-opt jakub [11 Regression] -fprintf-return-value mishandles %lc with a '\0' argument.
114956 gcc sanitize jakub [11 Regression] Segmentation fault with -fsanitize=address -fsanitize=null -O2 when attribute no_sanitize_address is enabled since r9-5742
106890 gcc c++ jason [11 Regression] virtual inheritance triggers compiler error when instatiating derived class with in-class initialization since r8-2709-g12659e10c7820071
111529 gcc c++ jason [11/12/13 Regression] ICE on bool conversion in an unrolled loop condition inside template lambda nested in another template scope
113598 gcc c++ jason [11/12/13 Regression] GCC internal compiler error since r0-124275
114561 gcc c++ jason [11/12 Regression] Comma operator with forwarding reference to pointer raises invalid lvalue required error since r10-7410
114562 gcc c++ jason [11/12 Regression] ICE when trying to bind rvalue reference to lvalue with comma operator and forwarding reference to pointer since r10-7410
115565 gcc rtl-opti macro [11/12/13/14/15 Regression] CSE: Comparison incorrectly evaluated as constant causing optimization to produce wrong code
109876 gcc c++ mpolacek [11/12 Regression] initializer_list not usable in constant expressions in a template
110106 gcc c++ mpolacek [11/12 Regression] ICE on noexcept(noexcept(...)) with optional
89224 gcc c++ pinskia [11/12/13/14/15 Regression] subscript of const vector has the wrong type
110386 gcc tree-opt pinskia [11/12 Regression] ICE with ABSU in backprop
111331 gcc tree-opt pinskia [11/12 Regression] Wrong code at -O1 on x86_64-linux-gnu since
108120 gcc target rearnsha [11/12 Regression] ICE: in extract_insn, at recog.cc:2791 (on ARM with -mfpu=neon -freciprocal-math -O3)
95048 gcc libstdc+ redi [11 Regression] wstring-constructor of std::filesystem::path throws for non-ASCII characters
104606 gcc libstdc+ redi [11 Regression] comparison operator resolution with std::optional and -std=c++20
90348 gcc middle-e rguenth [11 Regression] Partition of char arrays is incorrect in some cases
96881 gcc tree-opt rguenth [11 Regression] Clobbers on NULL vs. DCE since r8-1519
97990 gcc c++ rguenth [11 Regression] ICE: ‘verify_type’ failed with vector types and non-PODs since r6-5222-gba6a6a1d44c17f25
103006 gcc middle-e rguenth [12/13/14/15 Regression] wrong code at -O1 or -O2 on x86_64-linux-gnu by r7-7101
110176 gcc tree-opt rguenth [11 Regression] wrong code at -Os and above on x86_64-linux-gnu since r11-2446
110295 gcc c++ rguenth [11 Regression] ICE in dwarf2out_finish with local class with inherited operator delete in a templated function and -g
110298 gcc tree-opt rguenth [11 Regression] ICE at -Os on x86_64-linux-gnu since r10-840
111039 gcc tree-opt rguenth [11 Regression] Unable to coalesce ssa_names
111080 gcc debug rguenth [11 Regression] restrict qualifier causes extra debug info to happen
111472 gcc tree-opt rguenth [11 Regression] Wrong code at -Os on x86_64-linux-gnu since r11-4563-gd0d8b5d836
111614 gcc tree-opt rguenth [11 Regression] ICE at -O2: verify_gimple failed since r14-2282-gf703d2fd3f0
111764 gcc tree-opt rguenth [11 Regression] Wrong code at -O3 on x86_64-linux-gnu
111818 gcc middle-e rguenth [11 Regression] ICE with __builtin_memcpy with volatile and constants
111917 gcc tree-opt rguenth [11 Regression] ICE in as_a, at is-a.h:255 since GCC-7
112495 gcc tree-opt rguenth [11 Regression] ICE: verify_gimple failed (after vectorizer) with named address space (__seg_gs )
112505 gcc tree-opt rguenth [11 Regression] internal compiler error: in build_vector_from_val, at tree.cc:2104 since r10-4076
112718 gcc debug rguenth [11 Regression] ICE: in add_dwarf_attr, at dwarf2out.cc:4501 with -g -fdebug-types-section -flto -ffat-lto-objects
112793 gcc tree-opt rguenth [11 regression] ICE when building stellarium (internal compiler error: in vect_schedule_slp_node, at tree-vect-slp.cc:9062)
114027 gcc tree-opt rguenth [11 Regression] miscompile at `-O3 -fno-vect-cost-model -msse4.2`
114734 gcc target rguenth [11 regression] RISC-V rv64gcv_zvl256b miscompile with -flto -O3 -mrvv-vector-bits=zvl since r8-6047-g65dd1346027bb5
108086 gcc rtl-opti rsandifo [11 Regression] internal compiler error: in set_accesses, at rtl-ssa/internals.inl:449
113281 gcc tree-opt rsandifo [11 Regression] Latent wrong code due to vectorization of shift reduction and missing promotions since r9-1590
113552 gcc tree-opt tnfchris [11/12/13 Regression] vectorizer generates calls to vector math routines with 1 simd lane.
29256 gcc target unassigned [11/12/13/14 regression] loop performance regression
82446 gcc tree-opt unassigned [11/12/13/14 Regression] Missed equalities in dr_group_sort_cmp
93631 gcc c unassigned [11/12/13/14 Regression] ICE on an invalid strcmp call in gimple_call_arg, at gimple.h:3258
93930 gcc target unassigned [11/12/13/14 Regression] Unnecessary broadcast instructions for AVX512
94335 gcc tree-opt unassigned [11/12/13/14 Regression] False positive -Wstringop-overflow warning with -O2
97140 gcc target unassigned [11/12/13/14 Regression] ICE in error: unable to generate reloads for since r10-400-gecfdb16c54ad06ac
100623 gcc target unassigned [11 Regression] wrong code with -Os -fno-dce -fno-defer-pop -fno-forward-propagate -flive-range-shrinkage -fno-rerun-cse-after-loop -mno-push-args since r10-7515-g2c0fa3ecf70d199a
100667 gcc libstdc+ unassigned [11/12 Regression] std::tuple<A&&> cannot be constructed from A&&, if A not defined (only forward declared)
103497 gcc c++ unassigned [11/12/13/14 Regression] ICE when decltype(auto)... as parameters
105034 gcc target unassigned [11/12/13/14 regression]Suboptimal codegen for min/max with -Os
107057 gcc rtl-opti unassigned [11/12 Regression] ICE in extract_constrain_insn, at recog.cc:2692
109800 gcc target acoplan [11 Regression] arm: ICE (segfault) loading double with -mpure-code -mbig-endian
110288 gcc fortran anlauf [11/12/13/14] Regression: segfault in findloc with allocatable array of allocatable characters
110585 gcc fortran anlauf ICE in gfc_compare_expr for findloc with complex literal array
110658 gcc fortran anlauf MINVAL/MAXVAL and deferred-length character arrays
115611 gcc target avieira mve: vsetq_lane for 64-bits has wrong codegen when setting lane 1
113893 gcc ada ebotcazou finalization of object allocated by anonymous access type designating local type
111050 gcc libstdc+ fdumont [11/12/13/14 Regression] ABI break in _Hash_node_value_base since GCC 11
110624 gcc target iains Xcode 15 ld warns about -macosx_version_min
114171 gcc d ibuclaw [13/14 Regression] gdc -O2 -mavx generates misaligned vmovdqa instruction
108789 gcc middle-e jakub __builtin_(add|mul|sub)_overflow methods generate duplicate operations if both operands are const which in turn causes wrong code due to overlapping arguments
110115 gcc middle-e jakub [11 Regression] Wrong code at -O1 on x86_64-linux-gnu
110914 gcc tree-opt jakub [11/12/13/14 Regression] Optimization eliminating necessary assignment before 0-byte memcpy since r10-5451
111422 gcc middle-e jakub Wrong code at -O3 on x86_64-linux-gnu
112816 gcc target jakub [11/12 Regression] ICE unrecognizable_insn with __builtin_signbit and returning struct with int[4]
113122 gcc target jakub Assembler messages: Error: operand type mismatch for `movabs' / bad expression / invalid use of register with -fprofile -mcmodel=large -masm=intel
113192 gcc libgomp jakub [11 Regression] ERROR: couldn't execute "../../../gcc/libgomp/testsuite/flock": no such file or directory
113262 gcc c jakub [11 Regression] ICE when using [[gnu::copy("")]] attribute
114533 gcc libquadm jakub libquadmath: printf: fix misaligned access on args
114537 gcc c++ jakub bit_cast does not work NSDMI of bitfields
114572 gcc c++ jakub [OpenMP] "internal compiler error: in assign_temp" with assignment operator and lastprivate clause
115172 gcc sanitize jakub Invalid -fsanitize=bool sanitization of variable from named address space
115440 gcc driver jakub unrecognized command-line option '--c++17'; did you mean '--stdc++17'?
110422 gcc tree-opt jamborm asm goto vs SRA
92145 gcc c++ jason -Wdeprecated-copy false-positive when inheriting base assignment operators
92407 gcc c++ jason Destruction of objects returned from functions skipped by goto
103185 gcc c++ jason [11/12/13 Regression] ind[arr] is rejected when arr is an array prvalue
106310 gcc c++ jason [11 Regression] lookup after this-> seems wrong for dependent lookup since r12-6754-g30f2c22def739211
111357 gcc c++ jason [11/12/13/14 Regression] __integer_pack fails to work with values of dependent type convertible to integers in noexcept context
114130 gcc target kito [11 Regression] RISC-V: `__atomic_compare_exchange` does not use sign-extended value for RV64
113250 gcc libstdc+ kmatsui std::filesystem::equivalent("", "/") should throw
115457 gcc target ktkachov AArch64 should define __ARM_FEATURE_BF16
115475 gcc target ktkachov AArch64 should define __ARM_FEATURE_SVE_BF16 when appropriate
88309 gcc target linkw [11/12/13/14 Regression] ICE: Floating point exception (in is_miss_rate_acceptable), target assigning alignent of 4 bits(!) to vector
104259 gcc libstdc+ marxin libstdc++ fails for epiphany-elf
109822 gcc libstdc+ mkretz Converting std::experimental::simd masks yields an error
59465 gcc c++ mpolacek [11/12/13 Regression] g++ allows direct-initialization of an array of class type from another array in a mem-initializer
100557 gcc c++ mpolacek [11/12/13/14 Regression] Internal compiler error: Error reporting routines re-entered.
115642 gcc c mpolacek [11/12/13/14/15 Regression] internal compiler error: tree check: expected class 'type', have 'exceptional' (error_mark) in c_expr_sizeof_expr
95351 gcc middle-e pinskia [11/12 Regression] Comparison with NAN optimizes incorrectly with -ffast-math disabled
111699 gcc middle-e pinskia [11/12/13 Regression] ICE: SIGSEGV: infinite recursion in fold_build3_loc/fold_ternary_loc/generic_simplify_VEC_COND_EXPR
109761 gcc c++ ppalka [11/12 Regression] Nested class destructor's noexcept specification incorrectly considered as too loose compared to the outer class
111485 gcc c++ ppalka [11/12 Regression] Constraint mismatch on template template parameter
113175 gcc testsuit ppalka [11/12/13/14 Regression] testsuite/std/ranges/iota/max_size_type.cc 5x times slower
111407 gcc tree-opt qinzhao [11/12/13 Regression] ICE: SSA corruption due to widening_mul opt on conflict across an abnormal edge
99327 gcc libstdc+ redi ENOTSUP macro does not exist on djgpp crt
104161 gcc libstdc+ red Potential Security Vulnerability: remove_all and symbolic link
105178 gcc libstdc+ redi [11 Regression] g++ incorrectly reports invalid use of incomplete type
108178 gcc libstdc+ redi Filesystem::copy_file can't copy from /proc on Linux machines
112491 gcc libstdc+ redi std::deque<T,Allocator>::size xmethod output is wrong
114147 gcc libstdc+ redi [11 Regression] tuple allocator-extended constructor requires non-explicit default constructor
114401 gcc libstdc+ redi libstdc++ allocator destructor omitted when reinserting node_handle into tree- and hashtable-based containers
96109 gcc testsuit rguenth [11 Regression] gcc.dg/vect/slp-47.c etc. FAIL
110182 gcc tree-opt rguenth [11 Regression] Vector(2) cast from double to float and back and subtraction seems to produce incorrect results
110200 gcc middle-e rguenth genmatch generating questionable code with convert and !
98237 gcc ipa ro gcc-dg-lto-modref-3-01.exe etc. FAIL when LTO plugin is not enabled
97696 gcc sanitize rsandifo ICE since ASAN_MARK does not handle poly_int sized varibales
100303 gcc debug rsandifo [11 Regression] -fcompare-debug failure (length) with -O -fno-dce -ftracer
111340 gcc target ubizjak gcc.dg/bitint-12.c fails on x86_64-apple-darwin or fails on x86_64-linux-gnu with -fPIE
115297 gcc rtl-opti ubizjak [14/15 regression] alpha: ICE in simplify_subreg, at simplify-rtx.cc:7554 with -O1
115836 gcc middle-e ubizjak ICE when building Firefox with-march=pentium-mmx -mtune=pentium-m
91085 gcc other unassigned [11 only] fixincludes breaks <bits/statx.h>
103183 gcc c++ unassigned [11/12/13/14 Regression] ind[arr] produces an lvalue when arr is an array xvalue
105417 gcc libstdc+ unassigned [11 Regression] powerpc64le-linux abilist changes based on --with-long-double-format=
110309 gcc target unassigned Wrong code for masked load expansion
111922 gcc ipa unassigned [11/12/13/14 Regression] ICE in cp with -O2 -fno-tree-fre
112823 gcc other unassigned [11 only] -Wincompatible-pointer-types errors in libiberty/simple-object-mach-o.c (missing backport for gcc-11)
112891 gcc target unassigned [11/12/13/14 Regression] Missing vzeroupper insert
114049 gcc target unassigned gcc.dg/framework-1.c FAILs with Xcode 15.3 beta 3
114098 gcc target unassigned _tile_loadconfig doesn't work
114521 gcc target unassigned [11 only] aarch64: wrong code with Neon ld1/st1x4 intrinsics gcc-11 and earlier
115261 gcc rtl-opti unassigned [11/12/13/14/15 regression] FAIL: gcc.target/s390/vector/vec-abi-vararg-1.c
115269 gcc libstdc+ unassigned Hardcoded links in 14.1 docs to pages from release 4.3.2
115870 gcc tree-opt unassigned Inlining of different template instances wrongly produces infinite loop
103715 gcc fortran anlauf [11/12/13/14 Regression] ICE in gfc_find_gsymbol, at fortran/symbol.c:4301 since r9-3803-ga5fbc2f36a291cbe
111837 gcc fortran anlauf [11/12/13/14 Regression] Out of bounds access with optimization inside io-implied-do-control
114474 gcc fortran anlauf [11/12/13/14 Regression] DATA statement with derived type, pointer component rejected
113979 gcc ada ebotcazou [11/12/13/14 regression] bogus error on allocator for array type with Dynamic_Predicate
103506 gcc fortran jvdelisle [11 Regression] ICE in gfc_free_namespace, at fortran/symbol.c:4039 since r10-2798-ge68a35ae4a65d2b3
107397 gcc fortran jvdelisle [11/12 Regression] ICE in gfc_arith_plus, at fortran/arith.cc:654
91035 gcc target krebbel [11/12/13/14 Regression] gotools fails to build on s390x-linux-gnu
84006 gcc fortran pault [11/12 Regression] ICE in storage_size() with CLASS entity
89462 gcc fortran pault [11/12/13 Regression] gfortran loops in code generation
93678 gcc fortran pault [11/12/13 Regression] ICE with TRANSFER and typebound procedures
103312 gcc fortran pault [11/12 Regression] ICE in gfc_find_component since r9-1098-g3cf89a7b992d483e
103368 gcc fortran pault [11/12/13 Regression] ICE in gimplify_expr, at gimplify.c:15668 since r12-4464-g017665f63047ce47
103716 gcc fortran pault [11/12/13 Regression] ICE in gimplify_expr, at gimplify.c:15964 since r9-3803-ga5fbc2f36a291cbe
106999 gcc fortran pault [11/12/13 Regression] ICE tree check: expected record_type or union_type or qual_union_type, have function_type in gfc_class_data_get, at fortran/trans-expr.cc:233
71703 gcc fortran unassigned [11 Regression] [OOP] ICE in wide_int_to_tree, at tree.c:1488
89925 gcc fortran unassigned [11 Regression] Wrong array bounds from ALLOCATE with SOURCE or MOLD
99183 gcc fortran unassigned [11 Regression] Incompatible Runtime types
99757 gcc c++ unassigned [11/12/13/14 Regression] ICE: in cp_finish_decl, at cp/decl.c:7736
104391 gcc fortran unassigned [11 Regression] bind(C) and allocatable or pointer attribute don't work
104908 gcc fortran unassigned [11/12/13/14 Regression] incorrect Fortran out-of-bound runtime error.
113179 gcc middle-e unassigned [11/12/13/14/15 Regression] MIPS: INS is used for long long, before SLL
80774 gcc fortran vehre [11/12/13/14/15 Regression][Coarray] ICE in gfc_conv_descriptor_data_get, at fortran/trans-array.c
82904 gcc fortran vehre [11/12/13/14/15 Regression][Coarray] ICE in make_ssa_name_fn, at tree-ssanames.c:261
111880 gcc fortran anlauf [11/12/13/14] False positive warning of obsolescent COMMON block with Fortran submodule
61527 gcc fortran unassigned [11/12/13/14 Regression] [OOP] class/extends, multiple generic assignment, accept invalid
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Peter Marko [Sun, 29 Sep 2024 12:57:10 +0000 (14:57 +0200)]
wpa-supplicant: Patch security advisory 2024-2
Pick patches according to
http://w1.fi/security/2024-2/sae-h2h-and-incomplete-downgrade-protection-for-group-negotiation.txt
SAE H2E and incomplete downgrade protection for group negotiation
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Peter Marko [Sun, 29 Sep 2024 12:57:09 +0000 (14:57 +0200)]
wpa-supplicant: Patch CVE-2024-3596
Picked patches according to
http://w1.fi/security/2024-1/hostapd-and-radius-protocol-forgery-attacks.txt
First patch is style commit picked to have a clean cherry-pick of all
mentioned commits without any conflict.
Patch CVE-2024-3596_07.patch has hostapd code removed as it is not
present in wpa-supplicant download tarball.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Peter Marko [Sat, 28 Sep 2024 17:57:41 +0000 (19:57 +0200)]
wpa-supplicant: Ignore CVE-2024-5290
NVD CVE report [1] links Ubuntu bug [2] which has a very good
description/discussion about this issue.
It applies only to distros patching wpa-supplicant to allow non-root
users (e.g. via netdev group) to load modules.
This is not the case of Yocto.
Quote:
So upstream isn't vulnerable as they only expose the dbus interface to
root. Downstreams like Ubuntu and Chromium added a patch that grants
access to the netdev group. The patch is the problem, not the upstream
code IMHO.
There is also a commit [3] associated with this CVE, however that only
provides build-time configuration to limit paths which can be accessed
but it acts only as a mitigation for distros which allow non-root users
to load crafted modules.
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Wed, 7 Feb 2024 16:40:22 +0000 (16:40 +0000)]
lib/oeqa: rename assertRaisesRegexp to assertRaisesRegex
TestCase.assertRaisesRegexp was renamed to assertRaisesRegex in Python
3.2, so rename to fix a warning during test execution.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6df44a4b29487bf8ef51bb5ba6467a4056b749cc) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Konrad Weihmann [Sat, 21 Sep 2024 10:04:44 +0000 (10:04 +0000)]
testexport: fallback for empty IMAGE_LINK_NAME
if IMAGE_LINK_NAME is set empty to disable the symlinking
for image artifacts in deploy, testexport fails, as the path assembly
is incorrect.
In that case fallback to IMAGE_NAME
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Konrad Weihmann [Sat, 21 Sep 2024 10:04:43 +0000 (10:04 +0000)]
testimage: fallback for empty IMAGE_LINK_NAME
if IMAGE_LINK_NAME is set empty to disable the symlinking
for image artifacts in deploy, testimage fails, as the path assembly
is incorrect.
In that case fallback to IMAGE_NAME
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Konrad Weihmann [Sat, 21 Sep 2024 10:04:42 +0000 (10:04 +0000)]
runqemu: keep generating tap devices
in case there is no tap device the script tries to
generate a new one.
The new device is then unguarded for a moment, so
the newly generated device could be acquired
by a different instance or user, before it is locked to
the instance with acquire_taplock.
To fix that keep generating new tap devices in case
the lock can't be acquired up to 5 times.
If no tap device can be locked it fails in the existing
error handling
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 19 Sep 2024 10:01:27 +0000 (11:01 +0100)]
buildhistory: Simplify intercept call sites and drop SSTATEPOSTINSTFUNC usage
We planned to drop SSTATEPOSTINSTFUNC some time ago with the introduction of
postfuncs. Finally get around to doing that which should make the buildhistory
code a little more readable.
Unfortunately ordering the buildhistory function calls after the sstate ones is
difficult without coding that into the sstate class. This patch does that to
ensure everything functions as expected until we can find a better way. This is
still likely preferable than the generic sstate postfuncs support since the function
flow is much more readable.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c9e2a8fa2f0305ef1247ec405555612326f798f8) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pedro Ferreira [Thu, 19 Sep 2024 10:01:26 +0000 (11:01 +0100)]
buildhistory: Restoring files from preserve list
This fix will ensure that, when we activate feature
`BUILDHISTORY_RESET`, files marked to keep on feature
`BUILDHISTORY_PRESERVE` will indeed exist is buildhistory
final path since they are moved to buildhistory/old but
not restored at any point.
Signed-off-by: Pedro Ferreira <Pedro.Silva.Ferreira@criticaltechworks.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9f68a45aa238ae5fcdfaca71ba0e7015e9cb720e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pedro Ferreira [Thu, 19 Sep 2024 10:01:25 +0000 (11:01 +0100)]
buildhistory: Fix intermittent package file list creation
The directory that buildhistory_list_pkg_files writes to during do_package
is created by do_packagedata so a clean buildhistory doesn't have
files-in-package written during the first build since packagedata happens
after do_package.
Ensure the output package folder is created to avoid missing
files-in-package.txt files.
Also it ensures that in case of `find` fails we leave with
a hard error instead of hiding the error on the for loop.
Signed-off-by: Pedro Silva Ferreira <Pedro.Silva.Ferreira@criticaltechworks.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8de9b8c1e199896b9a7bc5ed64967c6bfbf84bea) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Colin McAllister [Sat, 14 Sep 2024 14:05:15 +0000 (09:05 -0500)]
udev-extraconf: Add collect flag to mount
Adds extra "--collect" flag to the mount command within
automount_systemd. This is intended to fix an observed deadlock after
rapidly inserting and removing external media. This is because if the
mount command fails, the transient mount will enter a failed state. The
next time the media is inserted, automount_systemd bails because the
first consition finds that the file path for the failed transient mount
still exists. This leaves the external media unmounted and cannot be
mounted until the mount is fixed via systemctl or the device is
rebooted.
Adding "--collect" ensures that the transient mount is cleaned up after
entering a failed state, which ensures that the media can still be
mounted when it's re-inserted.
Signed-off-by: Colin McAllister <colinmca242@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Colin McAllister [Sat, 14 Sep 2024 14:05:16 +0000 (09:05 -0500)]
busybox: Fix cut with "-s" flag
This fixes and issue that allows blank lines to be incorrectly output
when the "-s" flag is included. This issue propogates into the
populate-volatile.sh script in initscripts. If a volatiles drop file
contains blank lines, a blank line will be included in combined users,
which will incorrectly result in a difference in the number of combined
users versus defined users. If this happens, the volatiles file will not
be executed.
Signed-off-by: Colin McAllister <colinmca242@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Includes security fixes for CVE-2024-4030, CVE-2024-7592, CVE-2024-4032, CVE-2024-8088
CVE-2024-6232, CVE-2024-6923, CVE-2023-27043 and other bug fixes.
Removed below patches, as the fixes included in 3.10.15 upgrade:
1. CVE-2023-27043.patch
2. CVE-2024-6232.patch
3. CVE-2024-7592.patch
4. CVE-2024-8088.patch
Michael Halstead [Mon, 22 Jul 2024 18:10:04 +0000 (11:10 -0700)]
yocto-uninative: Update to 4.6 for glibc 2.40
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b29bfd333dffe635ab67475dcd8d22ad8b114c84) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Michael Halstead [Wed, 22 May 2024 04:39:30 +0000 (21:39 -0700)]
yocto-uninative: Update to 4.5 for gcc 14
Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f5638681cef7e250ac64832dbe791418d97f05ba) Signed-off-by: Steve Sakoman <steve@sakoman.com>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
