Age | Commit message (Collapse) | Author |
|
Mitigate pathname truncation when installing in a project
with a very long pathname.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
lzo was missing CVE_PRODUCT and related CVEs (at least CVE-2014-4607) were
not reported.
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 366cf8201e36df1ac836e49de04ccda1f763ca9e)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3593a4c47d5e8faccb27c7cd975f18f90b9cd86f)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This ensures that if libseccomp is installed on build host then it does
not resort to use it.
Fixes
checking for libseccomp... (cached) yes
checking how to link with libseccomp... /usr/lib/libseccomp.so
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3751ac58720a500e3b749b2296922d7c82db49a1)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f2527b5567252c7da4fbd863e119c8114e6debcd)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
fix CVE-2021-3580
(From OE-Core rev: 219c89310264f99c2c43bb80e437a8a1e8e3217a)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport patches to fix below CVEs:
CVE-2021-22901
CVE-2021-22924
CVE-2021-22926
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
CVE-2021-22925
Reported-by: Red Hat Product Security
Bug: https://curl.se/docs/CVE-2021-22925.html
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 297f8c4eb4ff209b5ea69910902d216d86dbe2bf)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
CVE:
CVE-2021-22897
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
CVE:
CVE-2021-22898
Signed-off-by: Khairul Rohaizzat Jamaluddin <khairul.rohaizzat.jamaluddin@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Reproduce scenes:
* On fedora34
* autofs.service is started
* test is nis user, which mounted at /nis by autofs
* under /nis/test, there are symlinks point to another nis mount point /nis/yan
Result:
task boost-build-native:do_install hang forever
NOTE: recipe ovmf-edk2-stable202102-r0: task do_package_write_rpm: Succeeded
NOTE: Running noexec task 8124 of 8152 (/layers/oe-core/meta/recipes-core/ovmf/ovmf_git.bb:do_build)
Bitbake still alive (5000s)
Bitbake still alive (10000s)
Bitbake still alive (15000s)
Bitbake still alive (20000s)
Bitbake still alive (25000s)
Bitbake still alive (30000s)
Bitbake still alive (35000s)
Bitbake still alive (40000s)
Bitbake still alive (45000s)
Bitbake still alive (50000s)
$ps aux | grep b2
test 2773444 0.0 0.0 13532 2748 ? D Jul01 0:00 ./b2 install --prefix=/build/tmp-glibc/work/x86_64-linux/boost-build-native/4.4.1-r0/recipe-sysroot-native/usr staging-prefix=/build/tmp-glibc/work/x86_64-linux/boost-build-native/4.4.1-r0/image/build/tmp-glibc/work/x86_64-linux/boost-build-native/4.4.1-r0/recipe-sysroot-native/usr
$ sudo cat /proc/2773444/stack
[<0>] autofs_wait+0x257/0x720
[<0>] autofs_mount_wait+0x49/0xf0
[<0>] autofs_d_manage+0x76/0x1a0
[<0>] __traverse_mounts+0xd9/0x220
[<0>] step_into+0x3ad/0x6d0
[<0>] walk_component+0x62/0x190
[<0>] link_path_walk.part.0.constprop.0+0x20d/0x350
[<0>] path_lookupat+0x3a/0x1b0
[<0>] filename_lookup+0x9b/0x180
[<0>] vfs_statx+0x64/0x100
[<0>] __do_sys_newfstatat+0x1e/0x40
[<0>] do_syscall_64+0x33/0x40
[<0>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
$ dmesg
[1559743.424610] autofs4:pid:2773444:autofs_mount_wait: waiting for mount name=yan
[1559743.424621] autofs4:pid:2773444:autofs_wait: existing wait id = 0x00000056, name = yan, nfy=1
[1560001.400440] autofs4:pid:2774530:autofs_mount_wait: waiting for mount name=yan
[1560001.400452] autofs4:pid:2774530:autofs_wait: existing wait id = 0x00000056, name = yan, nfy=1
[1560022.493282] autofs4:pid:2774537:autofs_mount_wait: waiting for mount name=yan
[1560022.493292] autofs4:pid:2774537:autofs_wait: existing wait id = 0x00000056, name = yan, nfy=1
[1560122.076589] autofs4:pid:3979116:autofs_mount_wait: mount wait done status=-4
[1560162.222374] autofs4:pid:2774530:autofs_mount_wait: mount wait done status=-4
[1560167.116188] autofs4:pid:2774537:autofs_mount_wait: mount wait done status=-4
[1560188.140532] autofs4:pid:2774671:autofs_mount_wait: waiting for mount name=yan
[1560188.140540] autofs4:pid:2774671:autofs_wait: existing wait id = 0x00000056, name = yan, nfy=1
[1560189.651905] autofs4:pid:2774671:autofs_mount_wait: mount wait done status=-4
Analyzation:
b2 will walk the HOME dir, when access the symlink point to /nis/yan,
autofs hang at autofs_wait. the process stay at D stat forever. This
maybe caused by abnormal status of autofs.service. The problem cannot
reproduce after restart autofs.service. There should be an autofs bug.
and there is an autofs hang problem bug on fedora34 on it's bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1953390
Workaround:
Since b2 don't actually write something to HOME dir, change HOME dir to
/var/run, a dir not mounted by autofs.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7ff692d2e9787bb5b36929a208597595473db0c7)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport upstream patches to fix issues introduced by a backported CVE
patch. Fixes:
| ../../curl-7.75.0/lib/vtls/vtls.c: In function ‘Curl_ssl_addsessionid’:
| ../../curl-7.75.0/lib/vtls/vtls.c:508:14: error: ‘isProxy’ redeclared as different kind of symbol
| 508 | const bool isProxy = FALSE;
| | ^~~~~~~
| ../../curl-7.75.0/lib/vtls/vtls.c:488:37: note: previous definition of ‘isProxy’ with type ‘_Bool’
| 488 | bool isProxy,
| | ^
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
License-Update: added terms for cipher/cipher-gcm-ppc.c, still under GPL
(From OE-Core rev: d28c1f67c447f99313890e68083da61adcc66f74 )
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
The patch backported to address CVE-2021-22890 was missing a bracket to
properly close out the logic in lib/vtls/wolfssl.c. Fix this so to avoid
any surprise failures when using curl with hardknott.
Also fix the CVE designation in the patch descriptions for CVEs
CVE-2021-22890 and CVE-2021-22876 so that CVE checks run with bitbake
correctly detect that they are patched.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Backport and modify the patch for CVE-2021-22876 from curl 7.76 to
make it apply cleanly on 7.75.
CVE: CVE-2021-22876
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport and modify the patch for CVE-2021-22890 from curl 7.76 to make
it apply cleanly on 7.75.
CVE: CVE-2021-22890
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bintray service has been discontinued causing boost do_fetch to fail:
WARNING: boost-1.76.0-r0 do_fetch: Failed to fetch URL
https://dl.bintray.com/boostorg/release/1.75.0/source/boost_1_75_0.tar.bz2,
attempting MIRRORS if available
RP: Backport to 1.75.0
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Occasionally, the build would fail with:
make[2]: execvp: mkdir: Argument list too long
This turned out to be due to a hacky solution used in the recipe to
modify the Makefile, which resulted in one more $(BUILD_CFLAGS) being
added to the immediately expanded BUILD_CFLAGS Make variable each time
do_configure was executed. After a couple of times, this lead to an
environment with a 140 kB BUILD_CFLAGS when mkdir should execute, which
resulted in the E2BIG.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 116e6b61c585c6f0f7ae6f010bd490bb39914348)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Update CVE_PRODUCT to also include 'berkeley_db'. For example,
CVE-2020-2981 uses 'berkeley_db'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ad799b109716ccd2f44dcf7a6a4cfcbd622ea661)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Adjusting the tolerance to a more reasonable time
given the load on the AB and given the high amount(100) of
events some of the tests like `common_timeout` generates.
[YOCTO #14163]
Signed-off-by: Yi Fan Yu <yifan.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 38b36d2b90d570149e63816e68f457aea28a5092)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Reversal of global setting in previous commit necessitates
a local fix, otherwise, this happens:
File "/home/pokybuild/yocto-worker/reproducible-debian/build/build-st-52142/tmp/work/x86_64-linux/diffoscope-native/172-r0/recipe-sysroot-native/usr/lib/python3.9/ctypes/__init__.py", line 392, in __getitem__
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: nativepython3: undefined symbol: archive_errno
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 87884d9938829d5ae5d250f483c749e00cd83322)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This only affects glibc systems and have been
found on runqemu core-image-minimal with gstreamer ptest-runner
STOP: ptest-runner
libgcc_s.so.1 must be installed for pthread_cancel to work
Aborted
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1cb679e6a4528a2cef16f65342d5e65adb14cb16)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
libssh2 fails at do_compile if
DEPRECATED_CRYPTO_FLAGS = "no-ecdsa" is set in recipe:
../src/.libs/libssh2.so: undefined reference to
`LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY'
References:
https://github.com/libssh2/libssh2/issues/549
Upstream patches:
https://github.com/libssh2/libssh2/commit/1f76151c92e1b52e9c24ebf06adc77fbd6c062bc
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2bb146e7315f8080cb49a95212231ccb76a4a822)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
With commit dc778c70449ee5401b5a24ad18b22b88338c47c5, dependency was
moved to openssl-bin which in itself was a fine change, but dropping
dependency on openssl too should have been kept along, dropping this
meant that openssl binary wont be able to validate secure connections as
the CApath files wont be installed, which infact are required for
openssl bins to work, following call e.g. fails
$ openssl s_client -connect google.com:443
....
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 20 (unable to get local issuer certificate)
....
The local issuer certs are not found in default location
/usr/lib/ssh-1.1/certs, this dir and its content is installed by openssl package
therefore re-add the dependency on openssl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit eaf377315efc73d6ffe361372a873918b3bb3bf5)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
Version 3.7.2 includes a fix for CVE-2021-20305.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 29f0ef2e32a9b55d8271fde240a4469070d57729)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
In particular 170 includes rpm header fixes which stop the webpages
for rpm diffs breaking web browsers and are important in the context
of the autobuilder.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes:
cce0edb utils.c: wait_child reimplement timeout using alarm
acbba90 utils.c: Use a thread to read from child
cb2840a utils.c: Fix exit status of a child
77bc79e utils.c: get_available_ptests allow to specify relative directories
d27e242 README.md: Small fix mtrace call
c5d5831 tests/utils.c: Add braces in START_TEST/END_TEST now required in check 0.15.x
Signed-off-by: Aníbal Limón <anibal.limon@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The standard macros from gettext for iconv include problematic tests which
we've been patching out adhoc. Stop doing this and set results in the site
files instead which is simpler, more maintainable and peforms better too
as an added bonus.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is needed for newer versions of apt.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Functions like unw_getcontext in libunwind call getcontext() which are
not part of musl C library like glibc, however there is a supplimental
library providing these functions called libucontext, therefore link
libunwind with a static version of this library to resolve such symbols,
this inturn helps packages needing libunwind, who look for certain
APIs in libunwind during configure e.g. heaptrack
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This ensures that build respects OE's choice for libdir
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* it doesn't listen on http and the redirect sometimes doesn't work
WARNING: iso-codes-4.6.0-r0 do_fetch: Failed to fetch URL git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;, attempting MIRRORS if available
The protocol should be changed to https, like all other salsa.debian.org pulls are, so that it doesn't depend on mirrors.bbclass to resolve this.
meta/classes/mirrors.bbclass:git://salsa.debian.org/.* git://salsa.debian.org/PATH;protocol=https \n \
from log.do_fetch:
DEBUG: Fetcher accessed the network with the command LANG=C git -c core.fsyncobjectfiles=0 fetch -f --progress http://salsa.debian.org/iso-codes-team/iso-codes.git refs/*:refs/*
fatal: unable to access 'http://salsa.debian.org/iso-codes-team/iso-codes.git/': Couldn't connect to server
WARNING: Failed to fetch URL git://salsa.debian.org/iso-codes-team/iso-codes.git;protocol=http;branch=main;, attempting MIRRORS if available
...
warning: redirecting to https://salsa.debian.org/iso-codes-team/iso-codes.git/
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added missing HOMEPAGE and DESCRIPTION found using the test command
`oe-selftest -r distrodata.Distrodata.test_missing_homepg`
[YOCTO #13471]
Signed-off-by: Dorinda Bassey <dorindabassey@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With a bit of help from upstream I figured out how to do
cross-builds the way upstream intends to.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream attempted to fix cross-compilation, but seems to have broken it,
so a new ticket was filed, and patch to un-break it was rewritten.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2017-12678.patch
CVE-2018-11439.patch
removed since they are included in 1.12
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: [YOCTO #13471]
Signed-off-by: Ida Delphine <idadelm@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: copyright years, file lists
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is required by new versions of libbsd.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Refresh xxx-config->pkg-config patches.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop backports.
Add a patch that inserts missing spaces in Makefiles.
Drop determinism.patch: upstream has moved the git
stuff to an external script, which has a guard that
checkes for presence of .git/ in source tree.
License-Update: additional source file listed
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This includes a fix for the 'hang' on larger diffs with html output
as seen on the autobuilder.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to use CFLAGS with the correct WORKDIR in them, replace those
in the sysroot file with the ones appropriate to the current recipe.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|