Age | Commit message (Collapse) | Author |
|
The following security and bug-fix patches are included as part of the 250.4
update:
c6603da3ad boot: Properly check status code of console_key_read
2198c08d07 core: really skip automatic restart when a JOB_STOP job is pending
367041af81 pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon
160eeab224 virt: Fix Xen Dom0 detection logic to no longer report as VM
514a4c051c network: bridge: fix endian of vlan protocol
4dbc210124 resolve: fix possible memleak
d82bd80cf4 resolve: fix potential memleak and use-after-free
dcba78244e util: another set of CVE-2021-4034 assert()s
74dfb51f70 sd-dhcp6-client: fix sending prefix delegation request during rebind
df59c65a23 mkdir: allow to create directory whose path contains symlink
ae95ca27be sd-dhcp-lease: fix memleak
2b04d3b3fc sd-dhcp-lease: fix reading unaligned memory
1ef56ad928 network: xfrm: refuse zero interface ID
7dc0f80588 sd-dhcp-lease: fix a memory leak in dhcp_lease_parse_search_domains
426807c54b sd-dhcp-lease: fix an infinite loop found by the fuzzer
0456e3aaaa oomd: fix race with path unavailability when killing cgroups
As the following two patches:
0001-mkdir-allow-to-create-directory-whose-path-contains-.patch
0001-src-fundamental-list-fundamental_source_paths-using-.patch
have been merged in 250.4 or replaced, remove them.
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: Copyright years changed [1]
aarch64 implements simd register save/restore
loongarch64 supported added
[1] https://github.com/kaniini/libucontext/commit/9943d4f5fc31a23a591e74caf24ce4effd887501
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
module.patch
musl-decls-compat.patch
removed since they're included in 2.0.1
Changelog:
==========
- Allow reading/writing from cgroup.* files in cgroup v2
- Add support for cgroup v2's cgroup.threads file
- Fix issue where libcgroup/pam wasn't working properly when
cgrulesengd is disabled
- Fix a bug where the cgroup version wasn't initialized in a
named cgroup v1 hierarchy
- Various automake bug fixes
- Build PAM module as unversioned DSO
- Fix build issues with musl libc
- Fix potential TOCTOU race in cgroup_get_procs()
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It fails currently with binutils 2.38
powerpc-yoe-linux-musl-ld: read-only segment has dynamic relocations
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop patches:
clear-guid_from_server-if-send_negotiate_unix_f.patch
stop_using_selinux_set_mapping.patch
(both merged upstream)
python-config.patch
(patched code removed upstream)
License-Update: whitespace fixes
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The content is unchanged.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The reason it was separate is that there is a peculiar circular
dependency: dbus tests require glib, while some of glib's gdbus tests
require dbus. So dbus was built with tests disabled and without glib
dependency, then glib was built with dbus dependency, then dbus was
built again with glib dependency and tests enabled, only for the purpose
of installing those tests. I find that brittle and hacky, so this
removes dbus dependecy from glib (the fallout is that some gdbus tests
are no longer being executed), and dbus and its tests are built once,
after glib. Conversely, dbus is now dependent on glib for the purpose
of building the tests.
Also, dbus ptest installation is no longer using custom code, and dbus
run-ptest simply uses standard installed tests execution mechanism from
gnome.
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- new version includes fix for CVE-2022-23308
- drop patche which was upstream
- refresh patch
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The project has migrated from www.xmlsoft.org to gitlab.gnome.org.
Update the homepage accordingly, and use gnomebase to construct the
download URL, rather than including it in SRC_URI explicitly.
Note that the download is now in .xz format rather than .gz, so the
sha256sum is updated accordingly. Post-decompression tarballs are
identical, so there is no change to the libxml2 code.
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Brings in these fixes
* 391b270 unistd: add __close
* 8af2ff2 random_r: set `x` before calling savestate_r
* cca99e8 wchar: add __mbrlen
* 59e99e9 random_r: Add reentrant random functions from LSB
* 6461276 gnulib: Add __fdelt_warn alias
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to set nobranch=1 as the 0.6.4 tag isn't on any branches at
present.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The statx requires glibc >= 2.28 and linux kernel >= 4.11, but coreutils's
configure only checks glibc compatibility for statx syscall but fail to check
kernel support, e.g.:
RedHat Enterprise Linux Server 7.6 (Maipo)
Host kernel: 3.10.0-1127.8.2.el7.x86_64
Docker OS: Ubuntu 20.04.1 LTS
$ bitbake coreutils-native
find the binary ls and run it as "ls -l ."
The result is something like: "?????????. ? ? ? ? ? foo"
This is because glibc is 2.31 (Ubunut 20.04 in docker) which has statx,
but host's kernel is 3.10.0 (CentOS 7) which doesn't support statx.
Disable statx for native build to fix the problem.
Original from: Davi Poyastro <davi.poyastro@nokia.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0001-Fix-VLA-parameter-warning.patch
removed since it's included in 202202
Changelog:
=========
OvmfPkg Add new target for Cloud Hypervisor
Add TDVF to OvmfPkg
Add new APIs to UefiCpuPkg/UefiCpuLib
Add AMD Secure Nested Paging Support
Add SSDT PCI generator in DynamicTablesPkg
Support ACPI 6.4 PPTT changes
Add FdtHwInfoParser library
Add DynamicPlatRepo library
Make package and platform builds reproducible across source format changes
Add Uncrustify CI Plugin
Apply uncrustify changes to all package C and H files
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
==========
Fix issue with multiple offers from the same DHCP server.
Fix issue with Base64 decoding and bytes consumed validation.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In commit ceda3238 (meta/meta-selftest/meta-skeleton: Update LICENSE
variable to use SPDX license identifiers) all LICENSE variables were
updated to only use SPDX license identifiers.
This does the same for comments and other variables where it is
appropriate to use the official SPDX license identifiers. There are
still references to, e.g., "GPLv3", but they are then typically in
descriptive text where they refer to the license in a generic sense.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When installed, this module mounts a read-write (RW) overlay on
top of a root filesystem, which is kept read-only (RO), free
from modifications by the user, this might prove to be useful
if we want to access or restore the original unmodified rootfs.
The existing overlay-etc.bbclass does something similar, it
mounts an overlay on top of the /etc directory, however doing
the same for root causes the original root to be inaccessible
once the system is booted, hence why this module is added to
the initramfs boot flow, allowing us to mount the RW overlay,
while keeping the original rootfs mounted at /rofs once the
system finishes booting. This script is loosely based on that
class.
This module requires rootrw=<foo> to be passed as a kernel
parameter to specify the device/partition to be used as RW by the
overlay and has a dependency on overlayfs support being present
in the running kernel.
It does not require the read-only IMAGE_FEATURE to be enabled.
The module needs to be executed after the initramfs-module-rootfs
since it relies on it to mount the filesystem at initramfs startup
but before the finish module which normally switches root.
After overlayroot is executed the usual boot flow continues from
the real init process.
If something goes wrong while running this module, the rootfs
is still mounted RO (with no overlay) and the finish module is
executed to continue booting normally.
Its worth noting that, on purpose, this isnt installed by default
on any images that use initramfs-framework to keep the boot flow
unmodified, only when a user manually requests to install it,
then it becomes functional.
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
brings in these fixes
* f8bdc304 fix spurious failures by fgetws when buffer ends with partial character
* 5690668a add missing strerror text for key management
* 3b7b4155 fix out-of-bound read processing time zone data with distant-past dates
* 75b3412f fix potentially wrong-sign zero in cproj functions at infinity
* 52f0deb9 make fseek detect and produce an error for invalid whence arguments
* cbacd638 add SEEK_DATA and SEEK_HOLE to unistd.h
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Move the systemd shared library (libsystemd-shared.so) into its own
package to prevent a runtime dependency from udev package to systemd
package and thereby to a second init manager.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
=========
* use fakechroot instead of unsharing the mount namespace and mounting tmpfs
* deb-systemd-invoke: systemctl --machine @<UID> is now available in
v249.10. Adjust the version check accordingly
* Skip build-time tests if DEB_BUILD_OPTIONS=nocheck is set
* Fix typos found by Lintian
* Set Rules-Requires-Root: no
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Three CVEs were meant to be ignored via CVE_WHITELIST, but that wasn't
the correct variable name.
The CPEs for those CVEs mean that they don't get picked up in our report,
so just remove the assignment.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes:
Error: Transaction test error:
file /usr/include/bits/dl_find_object.h conflicts between attempted installs of lib32-libc6-dev-2.35-r0.armv7vet2hf_vfp and libc6-dev-2.35-r0.cortexa57
file /usr/include/bits/rseq.h conflicts between attempted installs of lib32-libc6-dev-2.35-r0.armv7vet2hf_vfp and libc6-dev-2.35-r0.cortexa57
file /usr/include/bits/timesize.h conflicts between attempted installs of lib32-libc6-dev-2.35-r0.armv7vet2hf_vfp and libc6-dev-2.35-r0.cortexa57
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make sure this header file is same in arm and aarch64.
Fix the conflict error when enable multilib:
Error: Transaction test error:
file /usr/include/bits/wordsize.h conflicts between attempted installs of lib32-libc6-dev-2.35-r0.armv7vet2hf_vfp and libc6-dev-2.35-r0.cortexa57
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After the change to bitbake, update the references in OE-Core to match the updates.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* fixes:
oe-core/meta/classes/package.bbclass:1342: DeprecationWarning: invalid escape sequence \.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a security fix release containing fixes for CVE-2022-25235, CVE-2022-25236,
CVE-2022-25313, CVE-2022-25314 and CVE-2022-25315.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
license identifiers
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rename the image, the test controller class/code/module and the underlying
image sentinel file to all match the controller terminology.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since upstream commit [d8ea0d0168 Add an internal wrapper for clone, clone2
and clone3] applied, start a unprivileged container (docker run without
--privileged), it creates a thread failed in container.
In commit d8ea0d0168, it calls __clone3 if HAVE_CLONE3_WAPPER is defined. If
__clone3 returns -1 with ENOSYS, fall back to clone or clone2.
As known from [1], cloneXXX fails with EPERM if CLONE_NEWCGROUP,
CLONE_NEWIPC, CLONE_NEWNET, CLONE_NEWNS, CLONE_NEWPID, or CLONE_NEWUTS
was specified by an unprivileged process (process without CAP_SYS_ADMIN)
[1] https://man7.org/linux/man-pages/man2/clone3.2.html
So if __clone3 returns -1 with EPERM, fall back to clone or clone2 could
fix the issue.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
=========
* Bugs fixed:
- !2462 Backport !2461 "Fix memory leak in gio/gdbusauthmechanismsha1.c"
to glib-2-70
* Translation updates:
- Czech
- French
- Indonesian
- Japanese
- Polish
- Portuguese (Brazil)
- Russian
- Slovenian
- Spanish
- Swedish
- Ukrainian
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If mounts are left lingering, then after we switch_root, attempts to
modify the block devices will result in an EBUSY with no way to unmount
them. As we're about to switch_root anyways, there isn't much use to
keep anything mounted unless it has the new rootfs.
Signed-off-by: Justin Bronder <jsbronder@cold-front.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some of the buildtools tests test network access so allow this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add libsystemd dependency if we have systemd in DISTRO_FEATURES.
This is needed to build the systemd backend. Projects that use seatd
to hook into logind (e.g. wlroots) fail to properly login without it.
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
=========
Add glibc-on-or1k (OpenRISC 1000) entry to libcrypt.minver.
This was added in GNU libc 2.35.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Glibc has dropped them starting with 2.35 see [1]
[1] https://sourceware.org/git/?p=glibc.git;a=commit;h=65ccd641bacea33be23d51da737c2de7543d0f5e
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Package /usr/bin/ld.so in a separate package
ld.so is a new tool which is added as a symlink to original dynamic
linker so make it available with same name across architectures which is
useful to leveral features like --preload, --audit, and --list-diagnostics
more accessible to end users
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
COPYING.LIBGLOSS simply had the FSF street address change.
COPYING.NEWLIB now includes BSD-3-Clause.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fix boot from NFS for systemd enabled systems. Previously
systemd-networkd dropped network configuration on exit from initrd even
if there're NFS mount.
[YOCTO #14708]
Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandro@enedino.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Link udev shared with systemd helper to minimize the udev package size
if DISTRO_FEATURES doesn't configure sysvinit to be used.
It is only usefull to link udev static with systemd helper if udev
should be installed without systemd such as a mixed sysvinit and systemd environment
[RP: Fixed to use sysvinit distro feature instead of systemd]
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a PACKAGECONFIG to link systemd-udev and its helpers to
libsystemd-shared.so. If enabled the udev package depends on the systemd
package.
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Systemd version 250 has a regression which blocks mountd service from
creating subdirectories if path contains symlink. This blocks bind
mounts under /var/run, /lib for example.
Bug-Url: https://github.com/systemd/systemd/issues/22334
Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|