| Age | Commit message (Collapse) | Author |
|---|
|
New standalone (no new dependency) utility added in v248
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changing BPN to be "util-linux" regardless if it is the util-linux
recipe or the util-linux-libuuid recipe that is being built was an
easy way to allow ${BPN} and ${BP} to be used in the SRC_URI for both
recipes. However, it causes problems for native.bbclass where there
are expectations that ${BPN} and ${PN} match each other.
Use "util-linux" directly in the SRC_URI instead to avoid the problem.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When systemctl fail it would throw an exception and
dump a traceback. Lets use a more controlled workflow.
[Yocto #14395]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
cross compiling with meson is easier than the plain makefile build
method that libucontext has, there were bunch of problems passing
compiler and make variables, compounded by the fact that makefile
decided on some compiler flags internally and thought that cflags are
synthesized completely in makefile and not passed from environment like
OE is doing. As a result some features were not being compiled in e.g.
function name aliases were missing
meson, on the other hand is cleaner and we have to add a patch to
support cpu architecture on meson cmdline, everything else pretty much
works out of box
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream database uses both "expat" and "libexpat" to report CVEs
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This greatly reduces build times needed for those images, as
they no longer need anything graphical, or -dev packages for
everything.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Making ptest images based on core-image-minimal uncovered quite a
few missing depenendcies from various recipes, here they are.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Includes lot of security fixes, especially CVE-2013-0340/CWE-776.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Glibc on aarch64 has a memory tagging option that can be enabled
via GLIBC_TUNABLES="glibc.mem.tagging=$SOMETHING" when glibc
is built with memory tagging support and the kernel/HW supports
MTE. There should be no side effects unless the user turns it
on with approprate HW support
Linux 5.4 headers and binutils 2.33.1 or newer is needed.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is not needed as systemd-conf only packages
standalone config files.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop backports:
48fff0a2af3f62acd446ebec8081b039b72caad8.patch
7c5fd25119a495009ea62f79e5daec34cc464628.patch
0001-analyze-resolve-executable-path-if-it-is-relative.patch
0001-analyze-resolve-executable-path-if-it-is-relative.patch
Drop 0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch
as difficult to rebase; please resend if you feel strongly that
it is needed.
Rebase the big pile of musl patches.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop backported patches
Add CVE-2021-27645 to CVE_CHECK_WHITELIST and drop the patch as its also
upstreamed
Changes in the version bump are
* 3f5080aedd nptl: Do not build nptl/tst-pthread-gdb-attach as PIE
* 36783141cf nptl: Check for compatible GDB in nptl/tst-pthread-gdb-attach
* ea299b62e8 nptl_db: Support different libpthread/ld.so load orders (bug 27744)
* 162df872f0 x86: tst-cpu-features-supports.c: Update AMX check
* 12ff80b312 Remove PR_TAGGED_ADDR_ENABLE from sys/prctl.h
* 1bf38e7260 Fix SXID_ERASE behavior in setuid programs (BZ #27471)
* a7b8e8ec9b Enhance setuid-tunables test
* ee16c81063 tst-env-setuid: Use support_capture_subprogram_self_sgid
* 267e174f19 support: Add capability to fork an sgid child
* 249c486ce8 support: Pass environ to child process
* 45b2c57d34 support: Typo and formatting fixes
* e07abf59b2 tunables: Fix comparison of tunable values
* 3e9ca60a58 linux: always update select timeout (BZ #27706)
* 8380ca5833 linux: Normalize and return timeout on select (BZ #27651)
* 85e4dc415a libsupport: Add support_select_normalizes_timeout
* b5b4aa62c1 libsupport: Add support_select_modifies_timeout
* 3d525dd639 misc: Fix tst-select timeout handling (BZ#27648)
* 830674605f tst: Provide test for select
* e78ea9bd26 Update Nios II libm-test-ulps.
* 98bb18f52a malloc: Fix a realloc crash with heap tagging [BZ 27468]
* fc4ecce85b S390: Also check vector support in memmove ifunc-selector [BZ #27511]
* db32fc27e7 test-container: Always copy test-specific support files [BZ #27537]
* 79c6be6a0a nptl: Remove private futex optimization [BZ #27304]
* f90d6b0484 pthread_once hangs when init routine throws an exception [BZ #18435]
* dd8023c2ac elf: ld.so --help calls _dl_init_paths without a main map [BZ #27577]
* ea5a537e87 elf: Always set l in _dl_init_paths (bug 23462)
* 64f6c287ad x86: Handle _SC_LEVEL1_ICACHE_LINESIZE [BZ #27444]
* 32b9280f1d io: Return EBAFD for negative file descriptor on fstat (BZ #27559)
* a151f2e05a nscd: Fix double free in netgroupcache [BZ #27462]
* ee9f98d9ca x86: Set minimum x86-64 level marker [BZ #27318]
* 3e880d7337 nss: Re-enable NSS module loading after chroot [BZ #27389]
* 71b2463f61 x86: Add CPU-specific diagnostics to ld.so --list-diagnostics
* a1eb3915e7 x86: Automate generation of PREFERRED_FEATURE_INDEX_1 bitfield
* 33dc1dd602 ld.so: Implement the --list-diagnostics option
* 8d4241b897 string: Work around GCC PR 98512 in rawmemchr
* 6efa2d44c8 S390: Add new hwcap values.
* c5e3545897 tunables: Disallow negative values for some tunables
* 905fdc7071 x86: Use SIZE_MAX instead of (long int)-1 for tunable range value
* 15afd6b8d8 tunables: Simplify TUNABLE_SET interface
* 17f0ff0978 nsswitch: return result when nss database is locked [BZ #27343]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop CVE patches which are fixed by the new upstream version.
Modify conflicting patches to apply to the new versions:
libxml2/libxml-m4-use-pkgconfig.patch
libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
Drop fix-python39, which is merged upstream.
Removed hunk for tstLastError.py from
libxml2/0001-Make-ptest-run-the-python-tests-if-python-is-enabled.patch
since it has been fixed upstream by:
8c3e52e: Updated python/tests/tstLastError.py
libxml2.registerErrorHandler(None,None):
None is not acceptable as first argument
failUnlessEqual replaced by assertEqual
The checksums for the licence file changed because a typo was fixed
across the files. The licence remains the same.
The obsolete MD5 checksums for the tar files have been dropped in
favor of SHA256.
The new release also adds fuzz tests, which are removed from the
makefile to allow the ptests to run. Fuzz testing is done upstream
and there is no need to run them as part of ptests which are
intended for functionality testing.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We've noticed that:
MACHINE=qemuarm oe-selftest -r glibc.GlibcSelfTest.test_glibc
ends up with one process growing to about the size of system memory
and triggering the OOM killer. This has been taking out other builds
running on the system on the autobuilders and is one cause of our
intermittent failures.
This was tracked down to:
WORKDIR=XXX/tmp/work/armv7vet2hf-neon-poky-linux-gnueabi/glibc-testsuite/2.33-r0
BUILDDIR=$WORKDIR/build-arm-poky-linux-gnueabi QEMU_SYSROOT=$WORKDIR/recipe-sysroot
QEMU_OPTIONS="$WORKDIR/recipe-sysroot-native/usr/bin/qemu-arm -r 3.2.0" \
$WORKDIR/check-test-wrapper user env GCONV_PATH=$BUILDDIR/iconvdata LOCPATH=$BUILDDIR/localedata LC_ALL=C $BUILDDIR/elf/ld-linux-armhf.so.3 \
--library-path $BUILDDIR:$BUILDDIR/math:$BUILDDIR/elf:$BUILDDIR/dlfcn:$BUILDDIR/nss:$BUILDDIR/nis:$BUILDDIR/rt:$BUILDDIR/resolv:$BUILDDIR/mathvec:$BUILDDIR/support:$BUILDDIR/nptl \
$BUILDDIR/nptl/tst-pthread-timedlock-lockloop
although other glibc tests appear to use 16GB of memory before failing
anyway. By capping the VM size to 8GB, we see the same number of failures
but no OOM situations. There may be some issue in qemu or the test which
could be improved to avoid this entirely but this provides a necessary
and useful safeguard to other builds and doensn't appear to make the
situation worse.
On a loaded system OOM may not occur as the test timeout may be triggered
first. An experiment with a 5GB limit showed an additional 7 failures.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Before, running ptests on core-image-minimal would result in
an error due to missing /bin/bash:
[ -d test ] || ln -s ../libxml2-2.9.10/test .
make: /bin/bash: No such file or directory
make: *** [Makefile:2105: runtests] Error 127
Changing the Makefile to use /bin/sh results in some of the
tests failing, so I have added the missing dependancy on bash.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reformatted runtest.patch to allow it to be applied using git am.
This makes it easier to apply the series of patches to the original git repo.
There are no changes to the code of the patch other than the reformat.
Previously, the patch claimed to be a backport, but I have not found an
upstream commit so I've changed the Upstream-Status to pending.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop 0001-Add-output-of-tests-result.patch
(difficult to rebase). I have verified that ptests
still pass, and print PASS for every test. If they
start failing we can revisit what kind of output would
be beneficial.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
"Given runcon is not really a sandbox command, the advice is to use
`runcon ... setsid ...` to avoid this particular issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When building in longer paths, the ovmf build changes in many ways. This adds a
patch addressing various causes of problems. Full details are in the patch header.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
lto tends to break reproducibility and makes ovmf near impossible to debug
reproducibility issues in. Disable it and supress the warnings that then
generates from Werror.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We want to pass ${DEBUG_PREFIX_MAP} to gcc commands and also pass in
--debug-prefix-map to nasm (we carry a patch to nasm for this). The
tools definitions are built by ovmf-native so we need to pass this in
at target build time when we know the right values.
By using determininistc file paths in the ovmf build, it removes the
opportunitity for gcc/ld to change the output binaries due to path
lengths overflowing section sizes and causing small changes in the
binary output.
This also means that if builds have reproducibility issues in future, it
becomes much easier to compare intermediate build artefacts.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These CVEs are disputed by upstream and there is no plan to fix/address them. No
other distros are carrying patches for them. There is a patch for 1010025
however it isn't merged upstream and probably carries more risk of other bugs
than not having it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0001-decompress_gunzip-Fix-DoS-if-gzip-is-corrupt.patch
removed since it is included in 1.33.1
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
meson
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The ensures that globbing results in same order irrespective of shell in
use
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
certain applets are enabled but the long options are not enabled for
them, it results in subtle failures in ptests where its expecting these
options e.g. gzip --best is commonly used in many package tests e.g.
root@qemux86-64:/usr/lib# grep -r "\-\-best" *
acl/ptest/Makefile:GZIP_ENV = --best
attr/ptest/Makefile:GZIP_ENV = --best
coreutils/ptest/Makefile:GZIP_ENV = --best
ethtool/ptest/Makefile:GZIP_ENV = --best
libxml2/ptest/Makefile:GZIP_ENV = --best
lttng-tools/ptest/Makefile:GZIP_ENV = --best
opkg/ptest/Makefile:GZIP_ENV = --best
perl/ptest/cpan/ExtUtils-MakeMaker/lib/ExtUtils/MakeMaker.pm: COMPRESS ('gzip --best')
python3.9/test/test_gzip.py: for compress_level in ('--fast', '--best'):
...
this ensures that these options are enabled by default, which makes them more
compatible than now with coreutils provided utilities
busybox size grows by 4K which perhaps is acceptable
--rwxr-xr-x root root 817704 ./bin/busybox.nosuid
+-rwxr-xr-x root root 821800 ./bin/busybox.nosuid
This makes autopoint-3/gettext pass
This patch add all the long options to this fragment. The long options
for a tool will only get enabled if the corresponding tool/feature is
enabled in main defconfig, otherwise it will be ignored in final .config
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch upgrades to the 4.4.19 release and replaces a configure patch
from "libxcrypt: fix sporadic failures in nativesdk-libxcrypt-compat" with
a fix to avoid leading spaces in CFLAGS causing failures.
The license changed a few filenames listed in the license but the overall
license remains unchanged.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
changelog [1]
* aad50fcd fix regression in dl_iterate_phdr reporting of modules with no TLS
* 0ea78a64 nscd: fall back gracefully on kernels without AF_UNIX support
* 95a540e1 mallocng/aligned_alloc: check for malloc failure
* 2c00f95c make epoll_[p]wait a cancellation point
* 521b4d27 fix dl_iterate_phdr dlpi_tls_data reporting to match spec
* 122002f0 remove no-longer-needed special case handling in popen
* 8ef9d46f use internal malloc for posix_spawn file actions objects
* cfdfd5ea don't fail to map library/executable with zero-length segment maps
* e48e99c1 suppress isascii() macro for C++
* b129cd86 guard against compilers failing to handle setjmp specially by default
* 3309e2d7 aarch64/bits/mman.h: add PROT_MTE from linux v5.10
* 44331150 aarch64/bits/hwcap.h: add HWCAP2_MTE from linux v5.10
* 42aa19a0 add aarch64/bits/mman.h with PROT_BTI from linux v5.8
* b7554b5e aarch64/bits/hwcap.h: add HWCAP2_BTI from linux v5.8
* 87b8f148 signal.h: add MTE specific SIGSEGV codes from linux v5.10
* 19239cde sys/prctl.h: add MTE related constants from linux v5.10
* 8b29f023 elf.h: add NT_ARM_TAGGED_ADDR_CTRL from linux v5.10
* d7210f0c sys/mman.h: add MAP_HUGE_16KB from linux v5.10
* a7456524 sys/mount.h: add MS_NOSYMFOLLOW from linux v5.10
* 54ca1cc7 sys/membarrier.h: add new constants from linux v5.10
* fd285f9d bits/syscall.h: add process_madvise from linux v5.10
* 49b6df3d fix error return value for cuserid
* cc577d0e fix misuse of getpwuid_r in cuserid
* a75283d7 cuserid: don't return truncated results
* ef137da6 cuserid: support invocation with a null pointer argument
[1] https://git.musl-libc.org/cgit/musl/log/\?qt\=range\&q\=e5d2823631bbfebacf48e1a34ed28f28d7cb2570..aad50fcd791e009961621ddfbe3d4c245fd689a3
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Recently an entry in the NVD DB appeared that looks like that
{'vulnerable': True, 'cpe_name': []}.
As besides all the vulnerable flag no data is present we would get
a KeyError exception on acccess.
Use get method on dictionary and return if no meta data is present
Also quit if the length of the array after splitting is less than 6
Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Change the defaults to use openSSL
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit ed69ef20167da0986bc9363d1a91e62001995af4.
The console entry has already been added into /etc/inittab based
on the SERIAL_CONSOLES. So drop this redundant entry.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The hvc tty driver doesn't populate a file like /proc/tty/driver/serial,
so the current implementation of start_getty doesn't work for the hvc
console. By checking the /sys/class/tty/ for the tty device existence,
it should support more console types and also make the codes more simple.
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
kexec is not yet ported to riscv32.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
valgrind is not yet ported to riscv32.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Luca Boccassi
Andreas Müller
Peter Kjellerstedt
Armin Kuster
Khem Raj
Richard Purdie
Steve Sakoman
zhengruoqin
Alexander Kanavin
Andrej Valek
Ming Liu
Tony Tascioglu
wangmy
Konrad Weihmann
Kevin Hao
Anthony Bagwell
Mingli Yu