Mark Hatle [Tue, 12 Nov 2024 21:23:11 +0000 (15:23 -0600)]
cve-update-nvd2-native: Handle BB_NO_NETWORK and missing db
The custom do_fetch routine is ignoring BB_NO_NETWORK, add a check for this
as the correct behavior for the user is to set:
CVE_DB_UPDATE_INTERVAL = "-1"
If CVE_DB_UPDATE_INTERNAL is set to -1, check that a DB file exists, if not
we need to error so the user can deal with this.
Note, MIRRORs are NOT handled by this code.
Signed-off-by: Mark Hatle <mark.hatle@amd.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 337c0806d2784d74bee8d6420fb8b4d48795d5fa) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Exception: NameError: name 'shutil' is not defined, Did you forget to import 'shutil'
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b64263a43b4d82f1ebba13815bccb8a8cd3127f9) Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Sat, 28 Dec 2024 20:49:06 +0000 (21:49 +0100)]
gstreamer1.0: run ptests in parallel
Run the ptests in four parallel jobs (reduces runtime from ~80s to ~20s
on my machine), and also pass any arguments in the scripts to make it
easier to run individual tests.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Yash Shinde [Thu, 12 Dec 2024 14:35:05 +0000 (06:35 -0800)]
binutils: Fix CVE-2024-53589
A buffer overflow vulnerability exists in GNU Binutils’ objdump utility
when processing tekhex format files. The vulnerability occurs in the
Binary File Descriptor (BFD) library’s tekhex parser during format identification.
Specifically, the issue manifests when attempting to read 8 bytes at an address
that precedes the global variable ‘_bfd_std_section’, resulting in an out-of-bounds read.
Backport a patch from upstream to fix CVE-2024-53589.
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=e0323071916878e0634a6e24d8250e4faff67e88]
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sunil Dora [Wed, 11 Dec 2024 18:15:12 +0000 (10:15 -0800)]
gcc: Fix c++: tweak for Wrange-loop-construct
This commit updates the warning to use a check for "trivially constructible" instead of
"trivially copyable." The original check was incorrect, as "trivially copyable" only applies
to types that can be copied trivially, whereas "trivially constructible" is the correct check
for types that can be trivially default-constructed.
This change ensures the warning is more accurate and aligns with the proper type traits.
LLVM accepted a similar fix:
https://github.com/llvm/llvm-project/issues/47355
Signed-off-by: Marek Polacek <polacek@redhat.com> Signed-off-by: Sunil Dora <sunilkumar.dora@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Wed, 18 Dec 2024 11:56:34 +0000 (11:56 +0000)]
cve-update-nvd2-native: Tweak to work better with NFS DL_DIR
After much debugging, the corruption issues on the autobuilder appear to
be due to the way sqlite accesses database files. It doesn't change the
file timestamp after making changes, which for reasons unknown, confuses
NFS. As soon as the file is touched, NFS becomes fine again accross the
whole cluster, as if by magic.
We could try and debug further but putting a "touch" call into the code
is easy and harmless. Lets hope this removes this annoying source of
errors.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sid-Ali [Fri, 6 Dec 2024 07:47:33 +0000 (08:47 +0100)]
shadow: use update-alternatives to handle su.1 and nologin.8
This patch fixes the following error at do_rootfs:
update-alternatives: Error: not linking
/PATH/TO/rootfs/usr/share/man/man1/su.1
to /usr/share/man/man1/su.1.util-linux since
/PATH/TO/rootfs/usr/share/man/man1/su.1
exists and is not a link
update-alternatives: Error: not linking
/PATH/TO/rootfs/usr/share/man/man8/nologin.8
to /usr/share/man/man8/nologin.8.util-linux since
/PATH/TO/rootfs/usr/share/man/man8/nologin.8
exists and is not a link
The problem can be reproduced by adding the following lines to local.conf
and then building an image:
dnf: drop python3-iniparse from DEPENDS and RDEPENDS
python3-iniparse dependency was dropped 2019, see the
following commit as reference:
https://github.com/rpm-software-management/dnf/pull/1329/commits/d7d0e0e2f9d8c7d021c794821ad0b56a39ebc01f
When looking at the Git history, this happened around tag 4.2.1
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
intltool was dropped as a dependency in v236
See commit for reference:
https://github.com/systemd/systemd/pull/7313/commits/c81217920effddc93fb780cf8f9eb699d6fe1319
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
intltool was dropped as a dependency in v236
See commit for reference:
https://github.com/systemd/systemd/pull/7313/commits/c81217920effddc93fb780cf8f9eb699d6fe1319
Signed-off-by: Guðni Már Gilbert <gudni.m.g@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
avoid-host-contamination.patch
refreshed for 10.04.0
Changelog:
===========
- addresses CVEs: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955, CVE-2024-46956
- add protection for device selection from PostScript input.
- efforts in code hygiene and maintainability continue.
- The usual round of bug fixes, compatibility changes, and incremental improvements.
- add the capability to build with the Tesseract OCR engine.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Peter Marko [Thu, 5 Dec 2024 23:41:39 +0000 (00:41 +0100)]
builder: set CVE_PRODUCT
Builder is a common word and there are many other builder components
which makes us to ignore CVEs for all of them.
There is already 1 ignored and currently 3 new ones.
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:18:51 +0000 (16:18 +0000)]
resulttool: Improve repo layout for oeselftest results
Having all oe-selftest results on top of each other results in a large 640MB
json file which is hard to use. Split the results out per machine and test type.
This also stops the toolchain raw logs from overwriting each other meaning more
than one MACHINE is preserved.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4b890f04bc7d147b4a11b824a84f3d2abd75ac54) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:17:19 +0000 (16:17 +0000)]
resulttool: Trim the precision of duration information
The duration values have pointless amounts of precision. Removing some of the
least significant digits reduces result size and makes the results easier to read.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a789a2e6d97bb8efd663226a17db8d1ca6c1e40f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:15:46 +0000 (16:15 +0000)]
resulttool: Clean up repoducible build logs
We've improved the data stored for reproduicible builds. Teach resulttool how
to apply those cleanups when reprocessing data so we can reduce results file
sizes and make the data easier to process.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b799c57ae6d61c1b1c7035c8a2c4ba6ee08d1a81) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:14:37 +0000 (16:14 +0000)]
resulttool: Handle ltp rawlogs as well as ptest
Improve the rawlogs handling to include ltp logs as well as the ptest ones to
reduce the size of the results git repos.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a0a1954d559609c2c1ca16936d0d68eb3c4c6b45) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:11:43 +0000 (16:11 +0000)]
resulttool: Add --logfile-archive option to store mode
Storing the log files inside the testresults git repo isn't scaling and isn't
really appropriate use of a git repository. Allow these to be optionally stored
in a separate filesystem location so the git repo can remain managable.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1afc0f3d7e93fa8496be241e9622d3b9a6904bd5) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:09:41 +0000 (16:09 +0000)]
resulttool: Fix passthrough of --all files in store mode
When using store mode, --all was broken as not all files were being preserved.
Fix this by limiting the scope of the git rm command.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9604561d2022b6c76b1cb4186d40800d1affdd2b) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 22 Nov 2024 16:06:23 +0000 (16:06 +0000)]
oeqa/utils/gitarchive: Return tag name and improve exclude handling
Tweak the gitarchive exclude handling not to error if excluded files
don't match.
Also return the tagname created so that other code can then use it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1adba3430faffdf6217b6a00533a3b48a9388abc) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 21 Nov 2024 11:46:08 +0000 (11:46 +0000)]
resulttool: Use single space indentation in json output
Using 4 space indentation in resulted in hundreds of megabytes of extra file size
in general use. Reduce this to make filesizes more managable and reduce the processing
cost. Some level of indentation and spacing does make the files more readable and allows
use of git diff so we need to retain some of it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a274cdcaf852cca9497f0358f44dda99c06aacbe) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Wed, 13 Nov 2024 21:36:57 +0000 (21:36 +0000)]
resulttool: Allow store to filter to specific revisions
We have a challenge on the autobuilder where test results from both OE-Core
and poky are being mixed together during result storage which is confusing the
data. Add a way to filter to specific revisions as the least worst way to fix
the various issues this is causing.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3f276a0dc65341668788853be2cf27ab6aa12b13) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 21 Nov 2024 14:55:59 +0000 (14:55 +0000)]
selftest/reproducible: Clean up pathnames
There are several problems with these paths. Firstly they contain full
system paths which depend upon where the test was run. These are pretty
pointless and just take up a lot of space making the results files large.
Secondly, they contain the same path twice. The reference and target path
will always be the same thing in two different locations.
Strip off the prefix and remove the duplication. This does change the output
data but that can't really be avoided. It does shrink the results data and makes
it more readable.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81a44de36e864b08687451fd85aeba7c529fd7f7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 21 Nov 2024 14:55:44 +0000 (14:55 +0000)]
selftest/reproducible: Drop rawlogs
The "rawlogs" data consists of a long string of results data which is
already in a structured data format. I can't see this is adding much
value in duplciating the data but it does create a huge string with a
lot of long problematic pathnames and inflates the results data size.
I suggest we drop this data as obsolete and not necessary.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5b2c70fab2ffa409b861d83f048b65d458d03a90) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Fri, 25 Oct 2024 13:31:52 +0000 (14:31 +0100)]
do_package/sstate/sstatesig: Change timestamp clamping to hash output only
The code was changing the timestamps of the files in the do_package output,
particularly the files added for debug sources. This was to do two things:
a) make do_package sstate more reproducible
b) ensure better hash equivalence matching
Unfortuately the debug source files are hardlinks into the source tree for
efficiency so touching these, touches a lot of files in ${B} and ${S}. This
causes unpredictable effects if compile is run again for example, or could
cause compiling in the install task.
The hash equivalence matching is of key importance but we can mimic that
using clamping of the file timestamps in the depsig output used to generate
the hashes.
This patch drops the global timestamp clamping, instead allowing the files
to retain their creation timestamps into sstate. This makes do_package sstate
slightly less reproducibile. We could clamp the sstate timestamps but that
would lead to two different sets of timestamps depending on whether the
data came from sstate or not. I'd prefer to have consistent code behaviour,
rather than differing behavhour depending on whether data came from sstate
or not.
If we wanted to have reproducibiliy and fix the "corruption" of S/B and have
consistent codepaths, the only other option would be two copies of the
sources, which could end up huge and seems the least desireable option.
This patch therefore drops the timestamp clamping in the sstate files
and tweaks the depsig data generation to clamp the timestamps for do_package
instead since this seems the best compromise.
I validated that rpm/deb/ipk files still generate correctly as before.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 475759fdab7200488b2a568b2ba1aa31a456d113) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Changqing Li [Thu, 21 Nov 2024 06:02:56 +0000 (14:02 +0800)]
rxvt-unicode.inc: disable the terminfo installation by setting TIC to :
Without this change, TIC is the native tic in recipe-sysroot-native.
By default, native tic has set its default terminfo path to native path:
${datadir}/terminfo; $HOME/.terminfo
When sstate cache is used, the cached native tic's terminfo path could
be a path not exist on current host, then native tic will try to install
terminfo to HOME dir, cause host contamination.
Disable the terminfo installation by setting TIC to :
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fe35ead2c3135a18c346e7baa31d34b15c3e2d95) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Deepthi Hemraj [Tue, 3 Dec 2024 05:30:10 +0000 (21:30 -0800)]
glibc: stable 2.40 branch updates.
Below commits on glibc-2.40 stable branch are updated. 626c048f32 elf: handle addition overflow in _dl_find_object_update_1 [BZ #32245] efb710034e linux: sparc: Fix clone for LEON/sparcv8 (BZ 31394) 2344580243 Mitigation for "clone on sparc might fail with -EFAULT for no valid reason" (bz 31394) 3a34851103 elf: Change ldconfig auxcache magic number (bug 32231) 85e5850f2f Make tst-strtod-underflow type-generic 5c06c6e0b5 libio: Set _vtable_offset before calling _IO_link_in [BZ #32148] cc256952ec Add tests of more strtod special cases 8f40dfbe2a Add more tests of strtod end pointer 4a9b6cdc88 Make tst-strtod2 and tst-strtod5 type-generic 5a10d05c39 powerpc64le: Build new strtod tests with long double ABI flags (bug 32145) c4cc72d2ef Do not set errno for overflowing NaN payload in strtod/nan (bug 32045) ad93c2047d Improve NaN payload testing cac10d88c6 Make __strtod_internal tests type-generic d0c1792ad2 Fix strtod subnormal rounding (bug 30220) e06153665f More thoroughly test underflow / errno in tst-strtod-round 9bc76c7ca4 Test errno setting on strtod overflow in tst-strtod-round 61b6464f8d Add tests of fread 77018fd9f9 stdio-common: Add new test for fdopen
with this, and the previous compression level changes
I am seeing drastic speedups in package_write_rpm completion times:
webkitgtk goes from 78 seconds to 37 seconds
glibc-locale goes from 399 seconds to 58 seconds (!)
The long version:
rpm uses multithreading for two purposes:
- spawning compressors (which are nowadays themselves
multi-threaded, so the feature is not as useful as it once
was)
- parallel file classification
While the former behaves well on massively parallel CPUs
(it was written and verified here :), the latter was then added
by upstream and only benchmarked on their very old, slow laptop,
apparently:
https://github.com/rpm-software-management/rpm/commit/41f0e214f2266f02d6185ba11f797716de8125d4
On anything more capable it starts showing pathologic behavior,
presumably from spawning massive amount of very short-lived threads,
and then having to synchronize them. For example classifying glibc-locale
takes
5m20s with 256 threads (default on my machine!)
1m49s with 64 threads
59s with 16 threads
48s with 8 threads
Even a more typical recipe like webkitgtk is affected:
47s with 256 threads
32s with 64 threads
27s with 16 or 8 threads
I have found that the optimal amount is actually four: this also
means that only four compressors are running at a time, but
as they're themselves using threads, and typical recipes are dominated
by just two or three large packages, this does not affect overall
completion time.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
zstd uses 3 by default, while 19 is the highest and slowest.
It's not clear why 19 was picked to begin with, possibly
I copy-pasted it from rpm's examples without thinking:
https://git.yoctoproject.org/poky/commit/?h=master-next&id=4a4d5f78a6962dda5f63e9891825c80a8a87bf66
This brings significant speedups in rpm's compression step:
for example compressing webkitgtk takes 11s instead of 36s.
The rpm size increases from 175648k to 234860k. I think it's
a worthy default tradeoff.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Markus Volk [Fri, 22 Nov 2024 12:27:05 +0000 (13:27 +0100)]
gcc: add a backport patch to fix an issue with tzdata 2024b
There is an issue in the std::chrono::tzdb parser that causes problems
since the tzdata-2024b release started using %z in the main format.
As a real world problem I encounter an issue with the waybar clock module,
which ignores the timezone setting and only shows system time.
Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 39018429f05511053ab12e23e7f4487ea25ee529) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Kai Kang [Fri, 1 Nov 2024 08:29:43 +0000 (16:29 +0800)]
kexec-tools: update COMPATIBLE_HOST because of makedumpfile
makedumpfile is not compatible with mipsarcho32 and riscv32, so set for
kexec-tools accordingly.
And update packagegroup-core-tools-testapps too.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9107d9c09c7dab385c6034778cefadca3613be9c) Signed-off-by: Steve Sakoman <steve@sakoman.com>
selftest/sstatetests: run CDN mirror check only once
The first no-fail check was an attempt to work around the old
CDN's instability (and it didn't really help); it should not be necessary
with the new CDN, and only delays a-full completion.
Signed-off-by: Alexander Kanavin <alex@linutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7f75c42b7fcf60a9ca58d3ded9047df675d76dc2) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 31 Oct 2024 07:52:17 +0000 (07:52 +0000)]
openssl: Fix SDK environment script to avoid unbound variable
Avoid errors like:
buildtools/sysroots/x86_64-pokysdk-linux/environment-setup.d/openssl.sh: line 6: BB_ENV_PASSTHROUGH_ADDITIONS: unbound variable
by setting an explicit empty default value.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5a2a4910a22668f25679a47deaa9e2ed28665efa) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Chen Qi [Fri, 25 Oct 2024 06:44:37 +0000 (23:44 -0700)]
shadow: use update-alternatives to handle groups.1
This patch fixes the following error at do_rootfs:
update-alternatives: Error: not linking /PATH/TO/rootfs/usr/share
/man/man1/groups.1 to /usr/share/man/man1/groups.1.coreutils since
/PATH/TO/rootfs/usr/share/man/man1/groups.1 exists and is not a link
The problem can be reproduced by adding the following lines to local.conf
and then building an image:
Martin Jansa [Sun, 27 Oct 2024 17:13:52 +0000 (18:13 +0100)]
ffmpeg: fix packaging examples
* I've noticed that ffmpeg package isn't created in my builds, due
to --disable-programs in EXTRA_OECONF added by our .bbappend, but
was surprised that lib32-ffmpeg is created.
* lib32-ffmpeg was created only because it contained the examples
which are installed in /usr/share/ffmpeg even when PN is lib32-ffmpeg
as we pass --datadir=${datadir}/ffmpeg in EXTRA_OECONF here
* --disable-programs controls ${bindir}/ffprobe ${bindir}/ffmpeg and
${datadir}/ffmpeg/ffprobe.xsd ${datadir}/ffmpeg/libvpx-*.ffpreset
Signed-off-by: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d7bf828b6431a254201675e41047f53da47912f5) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Yi Zhao [Sat, 26 Oct 2024 05:49:46 +0000 (13:49 +0800)]
systemd: fix broken links for sysvinit-compatible commands
Since commit[1], PACKAGECONFIG[sysvinit] is not enabled by default when
sysvinit is not in DISTRO_FEATURES, which causes the following
sysvinit-compatible commands/services to not be built and installed:
Although support for SME was merged in v5.19, we've since uncovered a
number of issues with the implementation, including issues which might
corrupt the FPSIMD/SVE/SME state of arbitrary tasks. While there are
patches to address some of these issues, ongoing review has highlighted
additional functional problems, and more time is necessary to analyse
and fix these.
For now, mark SME as BROKEN in the hope that we can fix things properly
in the near future. As SME is an OPTIONAL part of ARMv9.2+, and there is
very little extant hardware, this should not adversely affect the vast
majority of users.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 022f9814cb9d6d420e9d89a746f4c67b452c498f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Bruce Ashfield [Thu, 21 Nov 2024 04:13:18 +0000 (23:13 -0500)]
linux-yocto/6.10: cfg: gpio: allow to re-enable the deprecated GPIO sysfs interface
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Bartosz Golaszewski
Email: bartosz.golaszewski@linaro.org
Subject: gpio: allow to re-enable the deprecated GPIO sysfs interface
Date: Mon, 11 Nov 2024 14:08:23 +0100
The GPIO sysfs interface is disabled in standard linux config and in
general users should use the character device instead but there are still
programs out there that depend on it so for the time being add a kernel
feature allowing to enable it.
Signed-off-by: Bartosz Golaszewski <bartosz.golaszewski@linaro.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ae19861bfc336d869a7a84b13ab3e7b318e1b560) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Integrating the following commit(s) to linux-yocto/.:
1/1 [
Author: Mikko Rapeli
Email: mikko.rapeli@linaro.org
Subject: genericarm64.cfg: enable CONFIG_DMA_CMA
Date: Thu, 24 Oct 2024 08:49:29 +0300
It's needed for graphics on AMD KV260.
Cc: Bill Mills <bill.mills@linaro.org> Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7d1572bce914ff67c3e08f95dfd8504b00b9a8e0) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Wang Mingyu [Wed, 9 Oct 2024 05:49:14 +0000 (13:49 +0800)]
xwayland: upgrade 24.1.2 -> 24.1.3
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b42744482d5b883c04e81b4be56ef19bc27caa3f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Jinfeng Wang [Mon, 4 Nov 2024 07:35:22 +0000 (15:35 +0800)]
tzdata/tzcode-native: upgrade 2024a -> 2024b
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b84b29b1827624270cc1698feda2ee87d55c01e4) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Peter Marko [Wed, 30 Oct 2024 18:49:51 +0000 (19:49 +0100)]
cve-check: fix malformed cve status description with : characters
When CPE is not provided and character ":" is in cve status description,
current code takes only last part of split function.
This works only if there is no ":" in description, otherwise it drops
the other split parts.
Do a new split of the original string to take the whole description unchanged.
This fixes following entries from world build of poky+meta-oe+meta-python:
tiff-4.6.0-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2015-7313
CVE_STATUS: fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue
description: //security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue
corrected: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue
gnupg-2.5.0-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2022-3219
CVE_STATUS: upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993
description: //dev.gnupg.org/T5993
corrected: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993
libyaml-0.2.5-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2024-35325
CVE_STATUS: upstream-wontfix: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303
description: //github.com/yaml/libyaml/issues/303
corrected: Upstream thinks this is a misuse (or wrong use) of the libyaml API - https://github.com/yaml/libyaml/issues/303
libyaml-0.2.5-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2024-35326
CVE_STATUS: upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
description: //github.com/yaml/libyaml/issues/302
corrected: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
libyaml-0.2.5-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2024-35328
CVE_STATUS: upstream-wontfix: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
description: //github.com/yaml/libyaml/issues/302
corrected: Upstream thinks there is no working code that is exploitable - https://github.com/yaml/libyaml/issues/302
cpio-2.15-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2023-7216
CVE_STATUS: disputed: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
description: //lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
corrected: intended behaviour, see https://lists.gnu.org/archive/html/bug-cpio/2024-03/msg00000.html
openssh-9.9p1-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2023-51767
CVE_STATUS: upstream-wontfix: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1.
description: //bugzilla.mindrot.org/show_bug.cgi?id=3656#c1.
corrected: It was demonstrated on modified sshd and does not exist in upstream openssh https://bugzilla.mindrot.org/show_bug.cgi?id=3656#c1.
cups-2.4.10-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2021-25317
CVE_STATUS: not-applicable-config: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply.
description: root, so this doesn't apply.
corrected: This concerns /var/log/cups having lp ownership, our /var/log/cups is root:root, so this doesn't apply.
unzip-1_6.0-r0 do_cve_check: CVE_STATUS with 3 parts for CVE-2008-0888
CVE_STATUS: fixed-version: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
description: //bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
corrected: Patch from https://bugzilla.redhat.com/attachment.cgi?id=293893&action=diff applied to 6.0 source
syslog-ng-4.7.0-r0 do_cve_check: CVE_STATUS with 6 parts for CVE-2022-38725
CVE_STATUS: cpe-incorrect: cve-check wrongly matches cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32
description: syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32
corrected: cve-check wrongly matches cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cc33dd9176726cb4b2d2f142ed1bc655da8e0a9f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3c4d8ca41ac0b429af92bf0ea84f1dfd0cda9e1f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Aditya Tayade [Mon, 21 Oct 2024 11:50:26 +0000 (17:20 +0530)]
e2fsprogs: removed 'sed -u' option
In embedded box, sed might be provided another providers like Busybox,
hence use generic options whenever possible.
/bin/sed -> /etc/alternatives/sed
/etc/alternatives/sed -> /bin/busybox.nosuid
Here used 'sed -u' option is not necessary, hence removed it.
Fixes below error:
sed: invalid option -- 'u'
Also added 'set -eux' option which halts execution of the script
on any failures.
Signed-off-by: Aditya Tayade <Aditya.Tayade@kpit.com> Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 07caee1829d2a61bc018fe0e37ecd482922179ee) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0c8f87d5d4ec9f286b1e85d114cb9a728c1ff64b) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Tom Hochstein [Fri, 18 Oct 2024 19:34:27 +0000 (14:34 -0500)]
weston: Add missing runtime dependency on freerdp
With rdp enabled, nothing from freerdp is installed in the rootfs, and
rdp is not usable. It seems there is no actual build time dependency
other than the meson check itself, so add an explicit runtime
dependency.
Signed-off-by: Tom Hochstein <tom.hochstein@oss.nxp.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 23271a1f908a223b4eb56d6034cbb1ac23da14fe) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Regis Dargent [Fri, 18 Oct 2024 13:32:38 +0000 (15:32 +0200)]
udev-extraconf: fix network.sh script did not configure hotplugged interfaces
Udev script network.sh is called when a new ethernet interface is plugged (eg. USB).
Due to some (old) missing files, this script does nothing, instead of configuring the
interfaces with ifup.
I just commented the corresponding lines to allow the script to reach the part where
it calls ifup.
Signed-off-by: Regis Dargent <regis.dargent@gmail.com>
Fixes [YOCTO 15616]
network.sh relies on (long) missing files (eg. /etc/network/options,
/etc/init.d/network) to decide if it should configure the new network
interface (ifup) or put its name in /etc/udev_network_queue for future
initialization by /etc/init.d/network service.
The actual result was that the new hotplugged interface was never
automatically configured.
Removing the obsolete tests allows the script to do its intended job.
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 160f7139172ffdf510a0d7d4e85f7fbaac7fd000) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Chen Qi [Fri, 18 Oct 2024 08:31:34 +0000 (01:31 -0700)]
libgfortran: fix buildpath QA issue
The '-fdebug-prefix-map' options are used to map source files locations,
otherwise, DW_AT_comp_dir will contain buildpath.
The '-gno-record-gcc-switches' option is used to fix the buildpath introduced
by '-fintrinsic-modules-path' option, which is automatically added by fortran.
Here's some output from 'readelf --debug-dump libgfortran.so.5.0.0' when this
option is not added:
"""
<0><1a37d3>: Abbrev Number: 4 (DW_TAG_compile_unit)
<1a37d4> DW_AT_producer : (indirect string, offset: 0xd653): GNU Fortran2008 14.2.0 -m64
-march=core2 -mtune=core2 -msse3
-mfpmath=sse -mshstk -g -O2 -O2 -fstack-protector-strong -fimplicit-none
-fno-repack-arrays -fno-underscoring -fcf-protection=full
-fallow-leading-underscore -fbuilding-libgfortran -fPIC
-fintrinsic-modules-path /ala-lpggp72/qichen/Yocto/builds/build-poky/tmp/work/
core2-64-poky-linux/libgfortran/14.2.0/recipe-sysroot-native/usr/bin/x86_64-poky-linux
/../../lib/x86_64-poky-linux/gcc/x86_64-poky-linux/14.2.0/finclude
-fpre-include=../../../../recipe-sysroot/usr/include/finclude/math-vector-fortran.h
"""
See https://gcc.gnu.org/pipermail/fortran/2024-October/061204.html for more
detailed information.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1eb084956bcba83782bc2b24cf8cc89459a57e34) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Mon, 14 Oct 2024 12:24:48 +0000 (13:24 +0100)]
groff: fix rare build race in hdtbl
It's possible to build the hdtbl examples before grn has been build:
groff: error: couldn't exec grn: No such file or directory
Backport a dependency fix from upstream.
[ YOCTO #15610 ]
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d590a32423d05cefc4e7282f971f633b3fa0b941) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Mon, 14 Oct 2024 12:24:47 +0000 (13:24 +0100)]
tcl: skip io-13.6 test case
---- Result was:
{abcdefghj
01234} 0
---- Result should have been (exact matching):
{abcdefghj
} 1 01234 0
==== io-13.6 FAILED
This test is documented as failing on slow machines, so just skip it.
[ YOCTO #15407 ]
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f69183586655294c9aed6687cebe57767c2f3eb8) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Mikko Rapeli [Mon, 14 Oct 2024 10:28:16 +0000 (13:28 +0300)]
ovmf-native: remove .pyc files from install
They break builds which share sstate files on different
machines and paths:
ERROR: ovmf-edk2-stable202408-r0 do_prepare_recipe_sysroot: Error executing a python function in exec_func_python() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_func_python() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:extend_recipe_sysroot(d)
0003:
File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 624, function: extend_recipe_sysroot
0620:
0621: # Handle deferred binfiles
0622: for l in binfiles:
0623: (targetdir, dest) = binfiles[l]
*** 0624: staging_copyfile(l, targetdir, dest, postinsts, seendirs)
0625:
0626: bb.note("Installed into sysroot: %s" % str(msg_adding))
0627: bb.note("Skipping as already exists in sysroot: %s" % str(msg_exists))
0628:
File: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/meta/classes-global/staging.bbclass', lineno: 165, function: staging_copyfile
0161: os.symlink(linkto, dest)
0162: #bb.warn(c)
0163: else:
0164: try:
*** 0165: os.link(c, dest)
0166: except OSError as err:
0167: if err.errno == errno.EXDEV:
0168: bb.utils.copyfile(c, dest)
0169: else:
Exception: FileExistsError: [Errno 17] File exists: '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/sysroots-components/x86_64/ovmf-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc' -> '/srv/pokybuild/yocto-worker/oe-selftest-fedora/build/build-st-667282/tmp/work/core2-64-poky-linux/ovmf/edk2-stable202408/recipe-sysroot-native/usr/bin/edk2_basetools/BaseTools/Source/Python/AutoGen/__pycache__/WorkspaceAutoGen.cpython-312.pyc'
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit facd9e17fa53e2fb3a828b3f179cfb659be75d37) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Sun, 13 Oct 2024 07:37:07 +0000 (08:37 +0100)]
qemurunner: Clean up serial_lock handling
Avoid "RuntimeError: release unlocked lock" since the lock shouldn't
be locked even in the error path. Add a try/finally path to ensure
this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b0732ee009ca47580d1d2ad75334f4aa50e6efd5) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Claus Stovgaard [Mon, 7 Oct 2024 20:39:46 +0000 (22:39 +0200)]
lib/oe/package-manager: skip processing installed-pkgs with empty globs
We can skip processing the installed-pkgs file if globs is empty.
This is the case if self.d.getVar for IMAGE_INSTALL_COMPLEMENTARY
returns an empty string. If globs is an empty string the result from
processing with empty glob in oe-pkgdata-util will always be 0 packages
to install.
Instead of return early on this we just skip and still generate the
locale archive if needed.
Signed-off-by: Claus Stovgaard <claus.stovgaard@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 160c45c83d5addf01e4834cf896af871bd6fca7f) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Pavel Zhukov [Thu, 10 Oct 2024 17:45:45 +0000 (19:45 +0200)]
package_rpm: Check if file exists before open()
Exception handler tries to read() /etc/passwd file in sysroot
and if file doesn't exist for any reason then it raises FileNotFoundError
exception which mask the original source of the problem and makes
debugging of the issue more difficult.
Fixes:
Exception: FileNotFoundError: [Errno 2] No such file or directory:
'/codebuild/output/src1899304708/src/build/tmp-container/work/core2-64-oe-linux/emqx-bin/4.3.12/recipe-sysroot/etc/passwd'
Signed-off-by: Pavel Zhukov <pavel@zhukoff.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4ad9a0e0b11eb7bc5a3dd45fc8945e094ea949e9) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Robert Yang [Tue, 8 Oct 2024 15:47:27 +0000 (08:47 -0700)]
cml1.bbclass: do_diffconfig: Don't override .config with .config.orig
Fixed:
1) $ bitbake virtual/kernel -cmenuconfig
Do some changes and save the new config to default .config.
2) $ bitbake virtual/kernel -cdiffconfig
The config fragment is dumped into ${WORKDIR}/fragment.cfg.
But the .config which was saved by step #1 is overridden by .config.orig, so
the changes will be lost if run 'bitbake virtual/kernel'
And the following comment is for subprocess.call(), not for shutil.copy(),
so move subprocess.call() to the correct location.
# No need to check the exit code as we know it's going to be
# non-zero, but that's what we expect.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6cccf6b02f92dad514e65fd779ff659b19eb6be7) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Sun, 13 Oct 2024 22:02:16 +0000 (23:02 +0100)]
oeqa/runtime/ssh: Fix incorrect timeout fix
I'd meant to change the command timeout in the previous change, fix
the correct one.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bb991988cb23be2c8947171726ada321f27e6eed) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Thu, 10 Oct 2024 09:32:06 +0000 (10:32 +0100)]
oeqa/runtime/ssh: Rework ssh timeout
After the changes to improve this test, we keep seeing image testing ssh
failures, particularly on mips.
It looks like part of the problem is that on a loaded system, 5s is too short
for mips to reliably establish an ssh connection. I've seen logs where it keeps
timing out and fails to work, then the debug code successfully uses ssh later after
everything else fails.
Change the timings/retries to give slow platforms enough time to respond.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ba64ccf3ad6e40461219b72d60eb0fe5cb38fddd) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Chen Qi [Wed, 9 Oct 2024 08:56:47 +0000 (01:56 -0700)]
toolchain-shar-extract.sh: exit when post-relocate-setup.sh fails
When LD_LIBRARY_PATH is set, post-relocate-setup.sh will fail and
exit properly. But such failure is ignored and the SDK installation
will continue and tell user that things succeed. This is misleading.
So exit immediately if post-relocate-setup.sh fails.
Fixes [Yocto #15586]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8e2dcc1f71aa33cc6e56dfdebebbe7ef010c944) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Thu, 3 Oct 2024 19:50:05 +0000 (20:50 +0100)]
strace: download release tarballs from GitHub
Switch to downloading the release tarballs from GitHub. Their CDN is
rock solid, and strace.io is hosted inside Russia which some networks
are blocking.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bbdbd6d943a64e5b0dae4c2ee705d017fb7ef80e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Richard Purdie [Wed, 2 Oct 2024 23:12:52 +0000 (00:12 +0100)]
pseudo: Fix envp bug and add posix_spawn wrapper
Fix pseudo with python 3.13 by adding a wrapper for posix_spawn and
fixing a NULL pointer dereference in envp handling it uncovered. This
fixes issues on Fedora 41.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d80e20d70d170397f9827c5a5fc75ad1f2e8cd94) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Hiago De Franco [Tue, 5 Nov 2024 17:55:13 +0000 (14:55 -0300)]
weston: backport patch to allow neatvnc < v0.9.0
Currently weston 13.0.3 with neatvnc 0.8.1 does not compile when using
VNC:
| Dependency neatvnc found: NO found 0.8.1 but need: '< 0.8.0' ;
matched: '>= 0.7.0'
However weston upstream already increased the allowed version to 0.9.0,
since neatvnc 0.8.0 does not introduce any changes that breaks API used
by the VNC backend. Therefore, backport this patch.
Signed-off-by: Hiago De Franco <hiago.franco@toradex.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8516496018a3ee9e81a67d4682bf9784d0eab2bd) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 552b9913b25107d7a34611b499b7811896b5f098) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 92d609c49c0870ca10fcc39d52a801109d65a98b) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Wang Mingyu [Wed, 9 Oct 2024 05:49:12 +0000 (13:49 +0800)]
wireless-regdb: upgrade 2024.07.04 -> 2024.10.07
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f124bb09a798d94eca5e93387bc361b147ce53f9) Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVSS v4.0 was released in November 2023
NVD announced support for it in June 2024
Current stats are:
* cvss v4 provided, but also v3, so cve-check showed a value
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 != 0.0;
2069
* only cvss v4 provided, so cve-check did not show any
sqlite> select count(*) from nvd where scorev4 != 0.0 and scorev3 = 0.0;
260
Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 358dbfcd80ae1fa414d294c865dd293670c287f0) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Added the "modified" field to the JSON export in the
cve-check.class. This field captures the last modification date of each
CVE, providing more detailed information on changes and updates within
the exported data.
Signed-off-by: Katawann <quent_55@hotmail.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 740b8a0b23c4021d07c3714420e3ea8b46e61454) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ola x Nilsson [Wed, 23 Oct 2024 08:49:04 +0000 (10:49 +0200)]
glibc: Fix missing randomness in __gen_tempname
Backport the fix for glibc bug 32214.
The missing randomness in early boot may cause some systemd services
to fail when they occasionally try to create tempdirs like
/run/systemd/namespace-aaaaaa at the same time.
The error messages can contain things like
"Failed to set up mount namespacing".
Signed-off-by: Ola x Nilsson <olani@axis.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
aszh07 [Thu, 17 Oct 2024 05:31:42 +0000 (11:01 +0530)]
ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT
Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg".
However, there are also vulnerabilities where the product is "libswresample",
and "libavcodec" as shown below.
https://app.opencve.io/vendors/?vendor=ffmpeg
Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities
where the product is "libswresample libavcodec" as well.
Signed-off-by: aszh07 <mail2szahir@gmail.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9684eba5c543de229108008e29afd1dd021a9799) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Tue, 8 Oct 2024 19:30:55 +0000 (20:30 +0100)]
ffmpeg: no need for textrel INSANE_SKIP
It appears in testing that modern ffmpeg no longer needs to disable PIC,
so there's no need to ignore textrel warnings.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98d577fef75d54a59eeacaabb4a45e44b2f6832e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Ross Burton [Tue, 8 Oct 2024 19:30:54 +0000 (20:30 +0100)]
ffmpeg: nasm is x86 only, so only DEPEND if x86
No need to depend on nasm if we're not going to use it.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b99ea7f130c3f945af9a09a6ecf85b6ff8f4b710) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Wang Mingyu [Wed, 25 Sep 2024 06:48:56 +0000 (14:48 +0800)]
orc: upgrade 0.4.39 -> 0.4.40
Changelog:
===========
- Security: Minor follow-up fixes for CVE-2024-40897
- powerpc: fix div255w which still used the inexact substitution
- x86: work around old GCC versions (pre 9.0) having broken xgetbv
implementations
- x86: consider MSYS2/Cygwin as Windows for ABI purposes only
- x86: handle unnatural and misaligned array pointers
- orccodemem: Assorted memory mapping fixes
- Fix include header use from C++
- Some compatibility fixes for Musl
- ppc: Disable VSX and ISA 2.07 for Apple targets
- ppc: Allow detection of ppc64 in Mac OS
- x86: Fix non-C11 typedefs
- meson: Fix detecting XSAVE on older AppleClang
- x86: try fixing AVX detection again by adding check for XSAVE
- Check return values of malloc() and realloc()
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ed7e4eb12491968c5f962b7e89d557c2c6d86a33) Signed-off-by: Steve Sakoman <steve@sakoman.com>
image.bbclass: Drop support for ImageQAFailed exceptions in image_qa
After commit 905e224849fbbed1719e0add231b00e2d570b3b4 (image_qa: fix
error handling), any unexpected exceptions in do_image_qa() would result
in a variable being set, but never used, effectively hiding the error.
Since image_qa now calls oe.qa.exit_if_errors(), remove the support for
oe.utils.ImageQAFailed and instead rely on the called functions to call
oe.qa.handle_error() themselves. This matches what do_package_qa() does.
Also update the description of do_image_qa() to explain that the called
functions are expected to call oe.qa.handle_error() themselves.
[ YOCTO #15601 ]
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0c3e111c965af2bc56533633c376b70b7fa5e1de) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Niko Mauno [Tue, 22 Oct 2024 08:16:55 +0000 (08:16 +0000)]
bitbake.conf: Mark VOLATILE_TMP_DIR as obsolete
This variable was removed in
https://git.yoctoproject.org/poky/commit/?id=2f46b6f27dfa3a9d5ad177900fcecfe64c3536f1
("bitbake.conf: drop VOLATILE_TMP_DIR, use FILESYSTEM_PERMS_TABLES instead")
so ensure that distributions become aware that it no longer has any
effect.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Niko Mauno [Tue, 22 Oct 2024 08:16:54 +0000 (08:16 +0000)]
bitbake.conf: Mark VOLATILE_LOG_DIR as obsolete
This variable was removed in
https://git.yoctoproject.org/poky/commit/?id=2f8806deb7655b37d6f8d12ff54680d6acf7a298
("bitbake.conf: drop VOLATILE_LOG_DIR, use FILESYSTEM_PERMS_TABLES instead")
so ensure that distributions become aware that it no longer has any
effect.
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Sergei Zhmylev [Fri, 27 Sep 2024 15:31:20 +0000 (18:31 +0300)]
lsb-release: fix Distro Codename shell escaping
Signed-off-by: Sergei Zhmylev <s.zhmylev@yadro.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7b5824c547b1348713e992a8bebd40577a0c5709) Signed-off-by: Steve Sakoman <steve@sakoman.com>
Jonas Gorski [Thu, 26 Sep 2024 15:41:35 +0000 (17:41 +0200)]
rootfs-postcommands.bbclass: make opkg status reproducible
opkg stores the current time as Installed-Time in its status file when
installing packages to the rootfs. Make this reproducible by replacing
Installed-Time with ${REPRODUCIBLE_TIMESTAMP_ROOTFS}, which then also
matches the files' datestamps.
Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 61a9b1b1cb618ce90ba7886036f41263075c07df) Signed-off-by: Steve Sakoman <steve@sakoman.com>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
