| Age | Commit message (Collapse) | Author |
|---|
|
Single executable ttyrun is taken ouf of s390-tools repository
containing ton of other helper tools.
CVEs are not assigned to executables, but to whole components.
Historically there also already exists one CVE for s390-tools.
Most of the CVEs will not be for ttyrun, but this is the way
how to get notified even if most we get will have to be ignored.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Install the manpages for shadow, and also make the conflicting manpages
alternatives in util-linux.
Signed-off-by: Daniel McGregor <daniel.mcgregor@vecima.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
This hash is ahead of the tag, so adapt PV accordingly.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
0001-urandom-xauth-changes-to-options.h.patch
dropbear-disable-weak-ciphers.patch
0005-dropbear-enable-pam.patch
0006-dropbear-configuration-file.patch
refreshed for 2024.84
CVE-2023-36328.patch
removed since it's included in 2024.84
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Backport a patch [1] to fix CVE-2023-50495.
[1] http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commitdiff;h=7723dd6799ab10b32047ec73b14df9f107bafe99
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Many of the common use cases for buildtools need pip to allow python to be
extended. Add it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
===========
- dbginfo.sh: dash compatible copy sequence
- rust/pv_core: Fix UvDeviceInfo::get() method
- zipl/src: Fix leak of files if run with a broken configuration
- zkey: Fix convert command to accept only keys of type CCA-AESDATA
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
==========
-Fix issue with casting in C++ environment.
-Fix issue with ASCII string upper and lower helpers.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0001-posixtm-pacify-clang-18.patch
CVE-2024-0684.patch
removed since they're included in 9.5
0001-local.mk-fix-cross-compiling-problem.patch
remove-usr-local-lib-from-m4.patch
refreshed for 9.5
License-Update: Copyright updatedto 2024.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changelog:
===========
- parser: Fix detection of duplicate attributes in XML namespace
- xmlreader: Fix xmlTextReaderConstEncoding
- html: Fix htmlCreatePushParserCtxt with encoding
- xmllint: Return error code if XPath returns empty nodeset
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After the dependency on setuptools was dropped from python3-testtools, this
exposed eSDK dependencies in devtool and recipetool on python3-setuptools. Add
this to buildtools to fix build failures after the testtools fixes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
GPL-3 is used for keymaps-pine
LGPL2 is used in all C source files under src/libkfont/
which generate binaries included in main kbd package.
This is seen in their SPDX headers.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Its license makes it impossible to distribute kbd in any commercial products.
Backport commit which removes it.
[RP/Khem Raj: Switched binary diff to just delete the files in do_configure]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Pine keymap was added with GPL-3 license.
https://github.com/legionus/kbd/commit/1589e9e1019756b5287b41dddcd7285271c5990e
Split this GPL-3 keymap and install it via recommendation
so it is easy to remove it by excluding recommendations.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Even the patch says it's inappropriate for upstream,
and it's also inappropriate for some downstream projects, too.
So make it possible to opt-out on it by replacing
the patch by sed and depend on distro feature pni-names.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For the newer hash equivlance servers we need websockets. Add it
to buildtools tarball.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the distro features sysvinit and pni-names are
enabled, RRECOMMENDS ifupdown because busybox ifupdown
will not initialize the renamed interfaces.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Busybox ifupdown does not recognize /xxx names, so we
use eth0 instead of /eth0. If we want to find "predictable name"
interfaces starting with en..., we will have to use the
real ifupdown.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For all those CVE-2019-xxxxx CVEs, following the links in NVD, we
can see they have all been fixed.
For CVE-2014-4859 and CVE-2014-4860, there's no useful links in NVD,
but according to the following two links, they have also been fixed.
https://security-tracker.debian.org/tracker/CVE-2014-4859
https://security-tracker.debian.org/tracker/CVE-2014-4860
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
RP: The upgrade covers these security issues:
CVE-2022-36763
CVE-2022-36764
CVE-2022-36765
CVE-2023-45229
CVE-2023-45230
CVE-2023-45231
CVE-2023-45232
CVE-2023-45233
CVE-2023-45234
CVE-2023-45235
CVE-2023-45236
CVE-2023-45237
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2014-8271 has an unusual versioning, svn_16280, which breaks
the version comparison and gives us warning like below:
Failed to compare 202308 < svn_16280 for CVE-2014-8271
The fix has been there since 2014, our current version has included
the fix.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
qemumips and qemuppc were leaving stale processes behind after
running glibc oe-selftest. During analysis, it was found that
it was due to "tst-scm_rights" and "tst-scm_rights-time64" tests.
Disable them so that there are no stale processes left behind.
[YOCTO #15423]
https://bugzilla.yoctoproject.org/show_bug.cgi?id=15423
Signed-off-by: Yash Shinde <Yash.Shinde@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This avoids problems if BSD-4-Clause is in INCOMPATIBLE_LICENSE since
util-linux-fcntl-lock is now a dependency of run-postinsts.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2' and the
version should be the date only. Here's an example:
https://nvd.nist.gov/vuln/detail/CVE-2023-45232
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
DISTRO_FEATURE zeroconf installs avahi. If additionally resolved mdns
implementation is running they will fight each other:
Mar 29 13:31:51 intel-corei7-64 avahi-daemon[752]: *** WARNING: Detected another IPv4 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
Mar 29 13:31:51 intel-corei7-64 avahi-daemon[752]: *** WARNING: Detected another IPv6 mDNS stack running on this host. This makes mDNS unreliable and is thus not recommended. ***
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These patches are submitted/backported to 8.2 release
and address issues reported by different distros.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a version of flock that uses the fnctl based lockf locking instead of
flock based locks. This allows us to take the same lock that opkg would
use from a shell script. The two different locking mechanisms operate
independently of each other.
Inserting this C file into the util-linux build seems like the easiest/best
place to insert the code. At this point it hasn't been discussed with upstream.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The MIT license was missing from the license list for util-linux. Add
a patch, submitted to upstream which adds the missing license mentions.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The /timeout/rounding test is sensitive to system load, as it expects
timeouts to trigger in windows that on an idle system are realistic but
not when running inside a qemu-system on a loaded system.
[ YOCTO #14464 ]
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The upstream maintainer for Error has deprecated it for quite some time [1].
There is no dependency in current coreutils tests for it.
[YOCTO #15461]
[1] https://metacpan.org/pod/Error#WARNING
Using the "Error" module is no longer recommended due to the black-magical
nature of its syntactic sugar, which often tends to break. Its maintainers
have stopped actively writing code that uses it, and discourage people from
doing so.
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
despite it being an issue in gcc and still being open
glibc has fixed this problem upstream regardless, therefore
apply the backport instead.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some BSPs only provide information to construct a
predictable network interface named based on a mac
address, so we enable that NamePolicy option.
This policy has been adopted for sysvinit as of
commit 4a7b42fcf6981d3120c08091a7ed3d4d7bcd41f0.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Brings
* 1b9c1a0047 Use gcc __builtin_stdc_* builtins in stdbit.h if possible
* e0910f1d32 S390: Do not clobber r7 in clone [BZ #31402]
* d0724994de math: Update mips64 ulps
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes a fix for CVE-2024-28757.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When a CVE is created, it often has no precise version information and
this is stored as "-" (matching any version). After an update, version
information is added. The previous "-" must be removed, otherwise, the
CVE is still "Unpatched" for cve-check.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a URL to the doc of the API used in the function.
... and fix a small typo dabase -> database
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE_CHECK_DB_FILE is already defined in cve-check.bbclass which is
always inherited in cve-update-nvd2-native (There is a check line 40).
Remove it to avoid confusion. Otherwise, this should not change
anything.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a new variable "CVE_DB_INCR_UPDATE_AGE_THRES", which can be used to
specify the maximum age of the database for doing an incremental update
For older databases, a full re-download is done.
With a value of "0", this forces a full-redownload.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
attmepts -> attempts
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
da9db878a15 systemd: fix dead link /var/log/README
add -Dcreate-log-dirs=false which means journal dir
will not be generated regardless of VOLATILE_LOG_DIR value
if a distro decided to set VOLATILE_LOG_DIR=no this
code path will be executes and the directory being operated
upon wont exist ending in do_install errors
chown: cannot access '/mnt/b/yoe/master/build/tmp/work/riscv64-yoe-linux/systemd/255.4/image/var/log/journal': No such file or directory
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
systemd-bus-proxy was removed since v230.
>From the NEWS file:
"""
* systemd-bus-proxyd has been removed, as kdbus is unlikely to still be
merged into the kernel in its current form.
"""
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With NO_RECOMMENDATIONS set to "1", systemd-vonsole-setup.service
will fail because it invokes /usr/bin/loadkeys, which is from kbd.
The RRECOMMENDATION should be changed to RDEPENDS, because it's not
a recommenation, instead it's necessary.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are 2 issues here:
First, in package systemd, there is a file /usr/lib/tmpfile.d/legacy.conf,
which will create a symlink to /usr/share/doc/systemd/README.logs during
boot time. But for oe, /usr/share/doc/systemd/README.logs is packaged in
systemd-doc, which will make /var/log/README is dead link.
Second, the symlink /var/log/README in legacy.conf use relative path:
"L /var/log/README - - - - ../../usr/share/doc/systemd/README.logs"
But for oe, when VOLATILE_LOG_DIR is true, /var/log is a link to
/var/volatile/log, so /var/log/README need link to
../../../usr/share/doc/systemd/README.logs, while VOLATILE_LOG_DIR is
false, /var/log is a dir, so /var/log/README need link to
../../usr/share/doc/systemd/README.logs. So current symlink in
legacy.conf will also make it a dead link when VOLATILE_LOG_DIR is true.
Turn off CREATE_LOG_DIRS to avoid these issues.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fish vfs was renamed to shell vfs:
https://github.com/MidnightCommander/mc/commit/6ca4ab4b4ef0f42e9b56103038b7f45e146cbdc8
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Peter Marko
Dan McGregor
Wang Mingyu
Mingli Yu
Richard Purdie
Joe Slater
Ross Burton
Chen Qi
Alexander Kanavin
Yash Shinde
Peter Kjellerstedt
Markus Volk
Khem Raj
Tim Orling
Yoann Congal
Changqing Li