Age | Commit message (Collapse) | Author |
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
(cherry picked from commit 6774efd1e3d0bd5c8c34f84dcf4f698d7eafb36a)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Fix a slew of CVEs (CVE-2021-3544, CVE-2021-3545, CVE-2021-3546) by
backporting the relevant patches from qemu's git.
(From OE-Core rev: ce850a5ce84f949d3114024c89ae3dd98fcbef41)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ce850a5ce84f949d3114024c89ae3dd98fcbef41)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
In sdk, call createrepo-c failed with:
...
$ createrepo_c --update ./test_repo/rpm
Directory walk started Critical: Failed to detect compression for file
./test_repo/rpm/cortexa72/hello-2.10-r0.cortexa72.rpm: magic_load() failed: could not find any valid magic files!
...
Since commit [ea666fbc74 createrepo-c: set path to magic database for
native and nativesdk] applied, the MAGIC is incorrectly assigned.
The variable datadir will be expanded automatically for nativesdk,
do not need to add prefix ${SDKPATHNATIVE} to MAGIC
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 54368f1b02e1ac4aa068515730a8c8bcd3683eb3)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Recently, the none/tests/amd64/fb_test_amd64 test had been flaky and
causing failures on the auto-builder. Until we can get to the root cause
of the issue, we are going to skip the test to reduce the noise from the
ptests.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a365cd7a358db96791033e6dc6e45d2e816d3e4c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This updates to the latest pseudo version which includes:
Revert "client: Fix some compiler warnings"
ports/linux: Always build statx support
makewrappers: Handle parameters marked as nonnull
client: Fix some compiler warnings
wrappers: Avoid -Wcast-function-type warning
In particular, this pseudo version always has statx enabled which means
we can then remove the need to make pseudo-native host distro specific
which fixes an eSDK issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 58cc70940ff998be49a9b89e1ad0538242cb7998)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
When building pseudo-native to work with uninative, we need to ensure the
configuration will work on all supported target systems. This means
"new clone" semantics, xattr and statvfs support in particular. It is
extremely unlikely we'd run on a system without any of these but add
a check just to be sure when uninative is enabled.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ea5b208ee25752bea6037cd0f3b28da7d2c9905e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport patch to fix CVE-2020-29509, CVE-2020-29511
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport the body of a fix for CVE-2021-3572 since hardknott carries
20.0.2, and the delta between it and the latest 21.1.3 is more than just
bugfixes.
CVE: CVE-2021-3572
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
We use dwarfsrcfiles in package.bbclass to list the source files used by a binary.
This is done before they're stripped and linked to debug symbols in separate files.
It is possible a binary may already have a link to separate debug symbols, e.g.
some of the test binaries in lttng-tools ptest. In those cases, the linked binary
may be changed by package.bbclass code whilst dwarfsrcfiles is reading it. That
would result in a rare SIGBUS race causing the binary to fail.
To avoid this, break the debug file search path so no other binaries are found.
Also fix a segfault if no binary is specified while here.
[YOCTO #14400]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit efef732859e265533acf16f2f4da3b29d50e0df4)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c0c567ed2fb092cde97d03cb658d8bae93d9b28c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1e280a596293976ac835b557dcaaa56972682480)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Source: git://sourceware.org/git/binutils-gdb.git
Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=26945
Backported upstream commit id d3edaa91d4cf7202ec14342410194841e2f67f12
and its dependent commits 8e03235147a9e774d3ba084e93c2da1aa94d1cec and
8b69e61d4be276bb862698aaafddc3e779d23c8f to binutils-2.36 source.
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8e03235147a9e774d3ba084e93c2da1aa94d1cec]
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d3edaa91d4cf7202ec14342410194841e2f67f12]
Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8b69e61d4be276bb862698aaafddc3e779d23c8f]
Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Previouly there is a logic as below used to set libpth in config.sh.
libpth='@LIBDIR@ @BASELIBDIR@'
But after the below commits introduced, the above logic is dropped.
52f2828314 perl: add a version that builds the recipe using perl-cross, and update to 5.28.1
68552c3532 perl: remove the previous version of the recipe
So correct the value of libpth and glibpth to add the dropped logic
back to avoid confusing.
Before the patch(on 64bits system):
# perl -V:libpth
libpth='/usr/lib /lib';
After the patch(on 64bits system):
# perl -V:libpth
libpth='/usr/lib64 /lib64';
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a494de43c3ccdcf7af988765ae5c3a95bc20c567)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Install list of non-deterministic threaded ptests to be run using taskset
to force them to a single core. This commit works with b318944d7, which
updated the testing script to run the non-deterministic tests separately
but didn't install the list of tests, so these tests were being run
without taskset.
The taskset_nondeterministic_tests file is the list of tests that will
be run separately with taskset, and ignored during the other tests. This
is installed to /usr/lib/valgrind/ptest similar to the 2 existing lists
for tests to skip on ARM and all architectures.
Removed bar_bad and bar_bad_xml to be included separately as they cause
issues on non-kvm QEMU instances.
See:
b318944dd7 valgrind: Improve non-deterministic ptest reliability
for more info.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d23985d0d653844863ed513d75d93a36359992f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This commit removes the stack_changes ptest from aarch64 devices.
This test is buggy and fails almost 100% of the time in qemuarm64.
In general, many of the valgrind tests are more likely to fail on
qemuarm64 vs native x86_64.
This test previously worked on gatesgarth and dunfell, but has
been failing since hardknott. It might be due to a recent change
in the cross-compiler or glibc.
The test runs fine when running natively on arm on a Raspberry Pi.
Until we can find the root cause for the failures, this shorter
term solution should clear up some of the noise from the autobuilder
from a known failure.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 82d6411b80a46d8ec0258ca75c3c80dc6128d44e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Several of the valgrind tests (particulaly helgrind) are unreliable and
can fail with a different output.
Particularly, there is a higher chance of failure on QEMU instances with
SMP enabled and on systems with more interrupts such as laptops on powersave.
The tests have been reported upstream as being unreliable dating back
over 5 years, due in part to the ordering of threads during
an "unwinding" process in helgrind.
https://bugs.kde.org/show_bug.cgi?id=345121
https://bugs.kde.org/show_bug.cgi?id=430321
A workaround to improve the reliability of such tests is to force them
to run on a single CPU core using taskset. This greatly reduces the
chance of a failure.
>From my testing, I have found it can help reduce the rate of failures
on both a laptop and QEMU by over 5x. Stress-testing in QEMU for several
hours did not result in a failure while running the test normally did.
The flaky or undeterministic thread-based tests are defined in the
taskset_nondeterministic_tests file. These test cases will be run with
taskset 0x00000001 to run on a single CPU core rather then the regular
test.
The edited run-ptest executes the flaky tests first, then ignores them
to not duplicate the results from the main tests. Everything modified is
restored when testing is complete.
The drawback is that this isn't a foolproof solution. It helps the tests
fail much less frequently, and considering how this issue has been documented
for a long time, a workaround such as this is needed.
Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b318944dd72ca7b0408e955f3599381ab3ac3ba8)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0478d9b04d6a6d10e439116b23b641a1e2553e26)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Version 3.9.5 includes a fix for CVE-2021-29921.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit be23351f97c1a7362c0ddd240a6de0cddfca1b01)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The git repo for pkg-config was changed, so update the
SRC_URI accordingly with the new link.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: Corrected license information
flex package is under two licenses:
- "BSD-3-Clause" is provided in top-level COPYING file; the license
actually include third obligation (without the actual "3" numbering)
- "LGPL-2.0+" is explained by src/gettext.h
Signed-off-by: Dmitry Kisil <d.kisil@inango-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE's affect ESP (NCR53C90) part of chip STP2000 (Master I/O).
On Sparc32 it is the NCR89C100 part of the chip.
On Macintosh Quadra it is NCR53C96.
Both are not supported by yocto.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Before, ccache's configure stage built HTML documentation and man pages
depending on if asciidoc is installed. This patch makes it configurable.
Pass the new cmake option ENABLE_DOCUMENTATION along and add the
asciidoc dependency if necessary.
This fixes an issue when ccache's configure stage found asciidoc/a2x on
the system outside of the sysroot (e.g. installed via 'apt install
asciidoc'). ccache would then decide to build docs and manual pages, but
would fail during compilation: the system's a2x could not find the
system's asciidoc because it did not reside in the set PATH.
By enabling/disabling docs/man page generation explicitly and adding
asciidoc to DEPENDS as necessary, this is no longer an issue.
[ This corresponds to commit b0aedd74 and parts of commit 1eedc5f8,
with the patch replaced by the upstream version. ]
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The CVE is non-specific and depends on the users of jquery, doesn't
make sense to have this flagged against jquery as there is nothing we can
do about it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The issues were investigated and found not to be an issue therefore
exclude from checks.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The CVE applies to the built-in VNC server but we don't enable this by default.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The CVE applies to virglrender before 0.6.0 which we don't have.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9b5355375d028577de0b98e05992de6a088cb972)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
|
|
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b6949a028fd31bd04ed0478fb34a58b971f31e1f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
runtest return an error due to missing expect on the target.
Add expect as runtime dependency.
Signed-off-by: Romain Naour <romain.naour@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d9a3a08edc1efcbe7b02e80be98370792d3c6cc2)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a0257aee7d80fc67c92877e2de1e4b98ece54174)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
virtiofs: drop remapped security.capability xattr as needed
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7ad71de89dd60700cbaad2df1937bc3d743112da)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
memory: clamp cached translation in case it points to an MMIO region
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit df92b3359743ed1837fa57df8035d121f5c5676b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The previous fix was in the right direction but needed to account
for the section alignment of the current section. Tweak the patch
to handle this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e464efc07a8997c43998a9c6a9544be11ab4f303)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Improve note section normalization was added to patchelf in recent versions
however if fails if there are two note sections which aren't sized to match
section alignment. Tweak the code to account for section alignment.
This fixes patchelf failures on the autobuilder, particularly to ccache-native.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fee8dde0d597b511b37d8dcf215e8355980d5f2b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport patch to fix CVE-2020-14387.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5e7a536d07856630e4eb421614c8d823c67e0294)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport a patch from upstream to fix an error:
patchelf: cannot normalize PT_NOTE segment: non-contiguous SHT_NOTE sections
seen on our ubuntu1604 autobuilder worker.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 80e8f7d34d7032cc94b61bf155eac7648e6b6c74)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
golang.org/dl is resolving to this anyway
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8470e38ac1d9f9bb6d8a4ee43724af452d080057)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 547ac986a74cfcae39b691ebb92aadc8436443ea)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e2b5bc11d1b26b73b62e1a63cb75572793282dcb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e2fb8c15a64e1f5db678e8e95924da8c88a188c0)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 59a44f8c70d4a026ae74e44b9d70100029c691b5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 481e012de865ee232fa5a233e9f1d4fc7a2232ab)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c2f79065ef0684f2c0bdb92f1b03e690ab730b8c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Fixes some security vulnerabilities such as CVE-2021-3421 and
CVE-2021-20271.
Rebase 0001-Do-not-hardcode-lib-rpm-as-the-installation-path-for.patch
to avoid fuzz warnings.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
(cherry picked from commit 25fe972c4aa6ea640b1cdcd1624108f70e539586)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This is bugfix release in 1.16 series [1]
[1] https://github.com/golang/go/issues?q=milestone%3AGo1.16.3+label%3ACherryPickApproved
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 84188e7b78aa40b168b526fa5d681a8a21d3b77c)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
When use automake to generate Makefile.in from Makefile.am, there
comes below race:
| configure.ac:45: error: required file 'config-h.in' not found
It is because the file config-h.in in updating process by autoheader,
so make automake run after autoheader to avoid the above race.
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1fc0a4a98e65db7efba8bb5cb835101ea5dd865b)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a1eb731ed3bcb049192550e362b771c3a9ea6eb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|