summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
AgeCommit message (Collapse)Author
2022-03-30python3-numpy: fix CVE-2021-41496Mingli Yu
Backport patch [1] to fix CVE-2021-41496. [1] https://github.com/numpy/numpy/commit/271010f1037150e95017f803f4214b8861e528f2 Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-03-25go: update to 1.16.15Chee Yang Lee
go1.16.15 (released 2022-03-03) includes a security fix to the regexp/syntax package, as well as bug fixes to the compiler, runtime, the go command, and to the net package. See the Go 1.16.15 milestone on our issue tracker for detai ls. Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-03-25gnu-config: update SRC_URIMinjae Kim
The git repo for gnu-config was changed, so update the SRC_URI accordingly with the new link. Signed-off-by:Minjae Kim <flowergom@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-03-07unfs3: correct configure optionChangqing Li
On some new distro like ubuntu21.04, unfs3-native compile failed with error: undefined reference to `xdr_uint32', since new distro has new glibc. >From glibc 2.27 rpc support is dropped, so unfs3 need to link to libtirpc. Here is defination of ac_link: ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' Depended library should be added into LIBS, not LDFLAGS, otherwise, gcc may not load the lib since it is before conftest.$ac_ext during configure. Finally, it results in compile failed. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 27867862c1fee6c0e649286500fa1ab015d57faf) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-03-07ruby : update to 3.0.3Lee Chee Yang
Do not tweak a file that is no longer installed. Ruby 3.0.3 includes security fixes. CVE-2021-41817: Regular Expression Denial of Service Vulnerability of Date Parsing Methods CVE-2021-41816: Buffer Overrun in CGI.escape_html CVE-2021-41819: Cookie Prefix Spoofing in CGI::Cookie.parse Ruby 3.0.2 release includes security fixes. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-03-07go: upgrade 1.16.13 -> 1.16.14Sakib Sajal
go 1.16.14 release includes fix for CVE-2022-23806. Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-02-25ccache: upgrade 4.2 -> 4.2.1wangmy
License-Update: add license information of src/third_party/win32/winerror_to_errno.h Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 12f0aa9533edc7ac5a65b1c165797b049349b19e) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-02-25e2fsprogs: backport to fix one regressionChangqing Li
Backport a patch in 1.46.3 which fix one regression: This is what the changelog says: Fix e2fsck so that the if the s_interval is zero, and the last mount or write time is in the future, it will fix invalid last mount/write timestamps in the superblock. (This was a regression introduced in v1.45.5.) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-02-07qemu: fix CVE-2021-20196Sakib Sajal
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-02-07qemu: fix CVE-2021-3930Sakib Sajal
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-02-07qemu: fix CVE-2021-3748Sakib Sajal
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-02-07qemu: fix CVE-2021-3713Sakib Sajal
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-01-26gcc: upgrade to gcc-10.3 versionPgowda
gcc-10.2 in Hardknott branch has been upgraded to gcc-10.3 version that includes many bug fixes. Regression tested on X86-64, Arm and Aarch64 without issues. Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-01-25binutils: upgrade binutils-2.36 to latest versionPgowda
binutils-2.36 in Hardknott branch has been upgraded to latest version that includes many bug fixes. Regression tested on X86-64, Arm and Aarch64 without any new issues. Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-01-17go: upgrade 1.16.10 -> 1.16.13Sakib Sajal
Release 1.16.13 includes fixes for CVE-2021-44716 and CVE-2021-44717. Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-01-11python3-pyelftools: fix the override syntaxAnuj Mittal
An earlier patch cherry-picked from master used : for override. Change it to use _ for hardknott. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-01-11gcc: add support for Neoverse N2 CPUPgowda
This patch backports the AArch32 support for Arm's Neoverse N2 CPU. Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=d7e8411f6a333d4054894ad3b23f23415a525230] Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-01-11gcc: Fix CVE-2021-42574pgowda
Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=004bb936d6d5f177af26ad4905595e843d5665a5] Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=bd5e882cf6e0def3dd1bc106075d59a303fe0d1e] Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=51c500269bf53749b107807d84271385fad35628] Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=1a7f2c0774129750fdf73e9f1b78f0ce983c9ab3] Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=bef32d4a28595e933f24fef378cf052a30b674a7] Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2022-01-11gcc: add aarch64 support for Arm's Neoverse N2 CPUpgowda
The patch backports the AArch64 support for Arm's Neoverse N2 CPU Upstream-Status: Backport [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=9428e9267435a62f672e2ba42df46432c021a9cf] Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-12-31binutils: Fix CVE-2021-45078Sundeep KOKKONDA
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=161e87d12167b1e36193385485c1f6ce92f74f02] Signed-off-by: Sundeep KOKKONDA <sundeep.kokkonda@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-12-28python3-pyelftools: Depend on debugger, pprintChaitanya Vadrevu
python3-pyelftools uses python3-debugger, python3-pprint. So add dependencies on these packages. Signed-off-by: Chaitanya Vadrevu <chaitanya.vadrevu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 22e84cdd05870f1a19c6389b66c4dfd5e9b418f7) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-12-28binutils: CVE-2021-42574pgowda
Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=b3aa80b45c4f46029efeb204bb9f2d2c4278a0e5] Signed-off-by: pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-12-10patchelf: fix PT_PHDR program header corruptionChen Qi
Backport patch and tweak it to fix PT_PHDR program header corruption. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-12-10gcc: Add CVE-2021-37322 to the list of CVEs to ignoreRichard Purdie
The CVE applies to binutils 2.26 and not to gcc so ignore there. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fea2726663a3db03170c49fceaffc632c509aeea) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-12-10python3: upgrade 3.9.7 -> 3.9.9Anuj Mittal
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-29python3: update to 3.9.7Oleksandr Kravchuk
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 9612bb0639c13571e661f208aa7b28789953d9ec) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-29python3: upgrade 3.9.5 -> 3.9.6zhengruoqin
0001-Makefile-fix-Issue36464-parallel-build-race-problem.patch removed since it is included in 3.9.6 Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1a12d978f2046fc5d3abc96db3753e378f29ecae) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-29go: upgrade 1.16.8 -> 1.16.10Pavel Zhukov
The release includes fixes for CVE-2021-41771 and CVE-2021-41772 Signed-off-by: Pavel Zhukov <pavel.zhukov@huawei.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> This release also contains a fix for CVE-2021-38297 and the changes are minor, so backport the uprev rather than manually backporting individual commits. CVE: CVE-2021-38297 Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-22squashfs-tools: fix CVE-2021-41072Kai Kang
Backport patches to fix CVE-2021-41072. And update context for verison 4.4 at same time. CVE: CVE-2021-41072 Ref: * https://nvd.nist.gov/vuln/detail/CVE-2021-41072 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-22rpm: fix CVE-2021-3521Changqing Li
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-22gcc: Fix CVE-2021-35465Pgowda
source : https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102035 Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=3929bca9ca95de9d35e82ae8828b188029e3eb70] Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=574e7950bd6b34e9e2cacce18c802b45505d1d0a] Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=30461cf8dba3d3adb15a125e4da48800eb2b9b8f] Upstream-Status: Backport[https://gcc.gnu.org/git/gitweb.cgi?p=gcc.git;h=809330ab8450261e05919b472783bf15e4b000f7] Signed-off-by: Pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-22mklibs-native: drop deprecated cpp17 exceptionsAndrej Valek
gcc11 has -std=gnu++17 as default. Remove deprecated C++17 exceptions based on http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2016/p0003r5.html. Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit ef8b7946b4793db653ef7dd716e1d3f919a84725) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-16llvm: bump HASHEQUIV_HASH_VERSIONAnuj Mittal
llvm embeds the repository location in a header file. We just changed the SRC_URI to fetch using https instead of git. This has started giving errors in reproducibility testing when one of the RPMs to be compared is fetched from sstate. Bump HASHEQUIV_HASH_VERSION and PR so its rebuilt. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-12meta: add explicit branch and protocol to SRC_URIAnuj Mittal
Add branch name explicitly to SRC_URI where it's not defined and switch to using https protocol for Github projects. The change was made using convert-srcuri script in scripts/contrib. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-10pseudo: Add fcntl64 wrapperRichard Purdie
Add fcntl64 wrapper which hopefully fixes issues seen in findutils and the find command in the libtool removal code when built with LFS compile flags on Gentoo. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f26867fe4daec7299f59a82ae4a0d70cceb3e082) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-10pseudo: Add in ability to flush database with shutdown requestRichard Purdie
Pulls in: pseudo_db: Flush DB if there is a shutdown request fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ (test fix) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0882095d608ce3abbcc9814517434c21ea549063) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-01bootchart2: Don't compile python modulesRichard Purdie
"make install" may attempt to compile the python modules but it uses the host python and host paths which means the binaries are not reproducbile. Make things consistent. If anyone needs compiling, it will beed to be fixed to be cross compile compatible. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1189f95e05c80286e009e1ab46a603ee5b7ca239) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-01strace: show test suite log on failureRoss Burton
If the tests fail, dump the log so we can see the failures. Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3154a65039831b1e041217707fdd6ca042f588fb) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-11-01binutils: Fix CVE-2021-3530Pgowda
Upstream-Status: Backport[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=25162c795b1a2becf936bb3581d86a307ea491eb] Upstream-Status: Backport[https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=999566402e3] Signed-off-by: Pgowda <pgowda.cve@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-22rpm: Deterministically set vendor macro entryRichard Purdie
On an aarch64 build host, vendor is found to be "unknown", on x86 systems it is "pc". This filters through to the PLATFORM tag in target rpms. We saw reproducibility test failures where the PLATFORM tags in noarch rpms were changing depending upon which host built them. Forcing the vendor value to a consistent one makes things deterministic. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f6434075b2bdfc23c683d22281b674b1e6abde77) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-21go: upgrade 1.16.7 -> 1.16.8Sakib Sajal
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> (cherry picked from commit 97a2f406635f51bad1ab070f018a6466209f257b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-21ruby: fix the reproducibility issueThomas Perrot
Apply some changes on the Ruby makefiles in order to fix the reproducibility: - use a fixed timestamp, - sort linked objects, - doesn't use the current date, - and use UTC date. [YOCTO #14268] Signed-off-by: Thomas Perrot <thomas.perrot@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 59b07ab51ff932a4632a31675445ba4192bae36b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-20pseudo: Update with fcntl and glibc 2.34 fixesRichard Purdie
Pull in the following changes: * ports/linux/guts: Add closefrom support for glibc 2.34 * pseudo_client: Make msg static in pseudo_op_client * ports/linux/guts: Add close_range wrapper for glibc 2.34 * pseudo_client: Do not pass null argument to pseudo_diag() * test-openat: Consider device as well as inode number * test: Add missing test-statx test case * fcntl: Add support for fcntl F_GETPIPE_SZ and F_SETPIPE_SZ Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 71b549924a7fa7973a8e03e11f3db45fdc29889d) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-20nativesdk-pseudo: Fix to work with glibc 2.34 systemsHongxu Jia
Since commit [df313aa810 pseudo: Fix to work with glibc 2.34 systems] applied, it fixed native only. And nativesdk has the similar issue Tweak library search order, make prebuilt lib ahead of recipe lib, after apply the fix: ... $ readelf -a lib/pseudo/lib64/libpseudo.so | grep 'Shared library' 0x0000000000000001 (NEEDED) Shared library: [libdl.so.2] 0x0000000000000001 (NEEDED) Shared library:[libpthread.so.0] 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] ... Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d6d116b5db78645958ea30be3d0572e0f6d7bd92) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-20pseudo: Fix to work with glibc 2.34 systemsRichard Purdie
The merge of libdl into libc in glibc 2.34 causes problems for pseudo. Add a fix that works around this issue. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dd3e46a043c81cd4d81731a0f691868d3c059742) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-20m4: Do not use SIGSTKSZKhem Raj
Fixes ../../m4-1.4.18/lib/c-stack.c:55:26: error: missing binary operator before token "(" 55 | #elif HAVE_LIBSIGSEGV && SIGSTKSZ < 16384 | ^~~~~~~~ Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 44ca8edd622782733d507e20a3d5ee9e44eb8be4) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-20python3: Add a fix for a make install raceRichard Purdie
Add a fix for reproducibility issues where pyc files for python-config.py may not always be generated. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d1c3a87c48b598b6e5624d0affe8bd89320631bf) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-20rpm: Ensure compression parallelism isn't coded into rpmsRichard Purdie
We don't want the compression thread numbers to be encoded into the rpm since this results in the rpm not being deterministic. Add a patch from Alex Kanavin which addresses this issue (was queued for rpm 4.17 but we need to fix this with 4.16 too). Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1ba0bf50c72f2506dfa507559c49a70e16cd5124) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-10-04qemu: fix CVE-2021-3682Sakib Sajal
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e16cd155c5ef7cfe8b4d3a94485cb7b13fd95036) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2021-09-15go: Exclude CVE-2021-29923 from report listRichard Purdie
Upstream don't believe it is a signifiant real world issue and will only fix in 1.17 onwards. Therefore exclude it from our reports. https://github.com/golang/go/issues/30999#issuecomment-910470358 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 5bd5faf0c34b47b2443975d66b71482d2380a01a) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>