Age | Commit message (Collapse) | Author |
|
The master version of extended package data uses zstd for efficient
compression, but it relies on the zstd tool to be present on the host
system. Since dunfell supports older distros, we don't want to add this
tool as an additional requirement so switch to using gzip instead.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
|
|
The master version of the SPDX classes uses zstd for efficient
compression, but it relies on the zstd tool to be present on the host
system. Since dunfell supports older distros, we don't want to add this
tool as an additional requirement so switch to using gzip instead.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
|
|
Adds some missing licenses mappings related to the "+" versions of the
GPL licenses
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
|
|
Adds extended package data which is encoded as JSON which allows it to
encode more structure than the "flat" package data files. The extended
data might be much larger than the standard package data, so it is not
read by default and instead requires
oe.packagedata.read_subpkgdata_extended() to be called
Currently, the file sizes and ELF debug sources are saved off into the
extended package data
(cherry picked from commit db9cf430e54ae68da80fbc3fba80ce88d8df164d)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Reviewed-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backports the create-spdx classes from the latest versions on master.
This backport is a simple copy with no modifications, as its too
complex to cherry-pick all the corresponding changes. This will give an
appropriate base commit for subsequent changes and if necessary
additional backport cherry-picks from master in the future.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
|
|
This was likely something we took inspiration from elsewhere with.
It was added in:
https://git.openembedded.org/openembedded/commit/packages/netbase/netbase/hosts?id=c8e5702127e507e82e6f68a4b8c546803accea9d
in 2005. Debian added this entry around 2004 and discussed and dropped
it in 2005:
https://lists.debian.org/debian-devel/2005/10/msg00559.html
resulting in:
https://salsa.debian.org/installer-team/netcfg/-/commit/3c15ee521b2b8f47b34ccc7f610523cd284f2221
We should drop this for some of the reasons in those threads,
it doesn't seem to be doing anything too helpful and isn't what most
applications expect.
(From OE-Core rev: a04b207c4ffa900313a0b5e3079ad2eec7d31f27)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e730d005fa8aec07f9ae25c58d4566eaa92a6997)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The script generated by the sdk_ext_postinst function was not quoting
the user existing PATH when updating it causing the export command to
fail.
Add necessary double quotes around $PATH.
(From OE-Core rev: b8298401c710146ae35f282048b66d5773a513ed)
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 00e96bf250eaaded839caf465dbc0af5b604aed7)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The environment-setup script generated by the recipe was not quoting the
user existing PATH when updating it causing the export command to fail.
Add necessary double quotes around $PATH.
(From OE-Core rev: ad6aaa77f1d08b4ca66f46e318f1a09b645d9e23)
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 42177ff2d45ee70ad00917bb6fbabca49dae4f59)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The environment-setup script generated by the recipe was not quoting the
user existing PATH when updating it causing the export command to fail.
Add necessary double quotes around $PATH.
(From OE-Core rev: 9ececa2c36eff7c954d92e9d13a2fe8c1fae9bd2)
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2d4c032bf3187aaa953a0c33a999074e695f54bb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
glibc has it's dependencies handled more manually due to it's place
in the toolchain bootstrap. It depends upon the compiler and indirectly
through that to binutils. This did mean that if binutils changes and the
compiler does not, sstate and hash equivalence could mean that glibc
wouldn't rebuild.
Add a direct dependency on binutils that if it changes, it forces glibc
to rebuild, as it should.
(From OE-Core rev: ea6d768d0910e2076a971bdba57605dd9d68763a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c4a7b3decff636292f5e76e95406a22b6fe4a994)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The previous fix wasn't enough to address all the possible ways the
manifests might be ordered. Rework the previous fix so it is tied
to the multilib cross-canadian code which is causing the problem.
RECIPE_SYSROOT_MANIFEST_SUBDIR is not documented as I'd hope nobody
ever needs to use this outside the core multilib code.
(From OE-Core rev: 271ac31e15d00d636e888a1f3b7d4e22e0b8267a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit beab42e00713880cd95a04729c892f8662fbcbed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"""
require conf/multilib.conf
MACHINE = "qemuarm64"
MULTILIBS = "multilib:lib32"
DEFAULTTUNE:virtclass-multilib-lib32 = "armv7athf-neon"
bitbake gcc-cross-canadian-arm
"""
and then inspecting the lib32* manifest files under recipe-sysroot-native shows
them referencing lib32-recipe-sysroot instead of recipe-sysroot as used by
gcc-cross-canadian recipes.
To fix this separate out the manifest by multilib. It is caching mechanism to
optimise disk usage so this doesn't break anything, just separated out some files.
(From OE-Core rev: eb9c6f7ac91431a6296789c23900f2a3016ef619)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 891d3faa3ed3d1cc231da58e5fa1325f05d5ade5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Per default systemd use a pager for the output of most of its tools
and it expect this pager to be color capable. But that is not the case
when the busybox `less` is used, which lead to output garbled by color
escape sequences.
To fix this issue add a profile frament that disable the systemd pager
when busybox `less` is detected.
(From OE-Core rev: 06271fd8d26bc34448524157077c23eb1ea29c52)
Signed-off-by: Alban Bedel <alban.bedel@aerq.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit de7e36a7858ebca4615975967fcad1c399eacdb0)
Signed-off-by: Jermain Horsman <jermain.horsman@nedap.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Clause II.3 of the Vim license states that any distribution of Vim that
has been extended or modified must _at least_ indicate in the :version
output that this is the case.
Handily, Vim has a --with-modified-by argument to add a line in that
text, so use MAINTAINER. This is the distribution maintainer contact,
by default it is OE-Core Developers
<openembedded-core@lists.openembedded.org>.
(From OE-Core rev: e630b404b1d1797be5e915592a6ef71e34aaf680)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit acc007e23445aa53182e13902dd9509c39dd5645)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This incorporates fixes for CVE-2023-1127, CVE-2023-1170, CVE-2023-1175.
Also remove runtime/doc/uganda.txt from the license checksum: the Vim
license is also in the top-level LICENSE file so this is redundant.
(From OE-Core rev: 9351cd3bf259260c17e7c99612b3c28d58a89bf3)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 71111e6b62d37c5e6853d7940dec2993df127a35)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 16d8176218230007dac98cd0d941da03a354e90c)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch fix CVE-2021-45944.
https://nvd.nist.gov/vuln/detail/CVE-2021-45944
(From OE-Core rev: d966b565d39bf50f058b388235ccea5ab0c2e60b)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
to out-of-bounds read
Upstream-Status: Backport from https://gitlab.com/qemu-project/qemu/-/commit/6dbbf055148c6f1b7d8a3251a65bd6f3d1e1f622
(From OE-Core rev: 754cce68614c7985d5848134635a6b318f4505ab)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Replace the tabs with spaces to correct the indent.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport fix from https://github.com/libarchive/libarchive/issues/1672
(From OE-Core rev: b23482f9ea1cc930a3d5ecfe5fc465e2f720a949)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: efb1a73a13907bed3acac8e06053aef3e2ef57f5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
pkgconfig is being required to find dependencies for building kernel
native tools, move "inherit pkgconfig" to kernel.bbclass so BSP kernel
recipes can also benefit from it.
(From OE-Core rev: a5e62888768be641d5da00fd847e0cac96820c75)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 8a84bd98e3fbc16c782f83064801e469d086911e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Vim uses pkgconfig to find dependencies but it wasn't present, so it
silently doesn't enable features like GTK+ UI.
[ YOCTO #15044 ]
(From OE-Core rev: c84f0822e7cffc62e2f042bf9d2e424f85f74ecd)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 70900616298f5e70732a34e7406e585e323479ed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We keep seeing this failure on the autobuilder but the output amounts
to "False is not True". Improve the debug message on the chance it may
make the issue clearer.
(From OE-Core rev: 68d3766c37e4b3a1b49dc27226b2513e3b0db9a9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d03f4cf19c2cc96e9d942252a451521dfec42ebc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This recently got an updated CPE which matches this recipe, but the issue
is related to an entirely different shadow project so ignore it.
(From OE-Core rev: 9d5a05c27a01b3859eae70590ba7dd836abe2719)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 2331e98abb09cbcd56625d65c4e5d258dc29dd04)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream-Status: Backport from [https://github.com/harfbuzz/harfbuzz/commit/8708b9e081192786c027bb7f5f23d76dbe5c19e8]
(From OE-Core rev: c22bbe9b45e38601b89138999dd157fad8513262)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove branching that depends on secret data.
since the `ok` variable isn't used any more, we can remove all code
used to calculate it
(From OE-Core rev: 5b8a3601ebff7a0cdfaa50d7a0b5e384a7e2514c)
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The use of scripts/git-intercept was introduced in commit 3266c327df
(install/devshell: Introduce git intercept script due to fakeroot
issues) and later reverted in commit af27c81eaf (scripts: Make git
intercept global).
(From OE-Core rev: 51424b9955374196307aaf73cf4b6c184ce4fb6d)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit f6c260c8e2a33e282a35afc99de4ef8cc1791b08)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For the QA checks in `image.bbclass`, all exceptions
other than `oe.utils.ImageQAFailed` always print the
following generic message:
"Image QA function func_name failed"
This can be very misleading, as it may hide
python syntax errors and other kind of issues that are
hard to detect without more explicit error messages.
This change makes sure that the error message of all
exceptions are displayed.
Before this change:
"Image QA function func_name failed"
After this change:
"Image QA function func_name failed: f-string: empty expression not allowed (<string>, line 13)"
(From OE-Core rev: c4e3b86f2bcb2b445efc72bd8e06b1b89d88daa2)
Signed-off-by: Mauro Queiros <maurofrqueiros@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d85b30d8704d38b86f5b006748cebc74bd2a4fa)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes: 7ef7af5c03ba ("kernel-yocto: restore kernel-meta data detection for SRC_URI elements")
(From OE-Core rev: 4533e8363549f87a0484d7c0a43a162c918f33bc)
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c77754f23e3fb49a62602a6c6a04d5525d1cf457)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport of gcc upstream commit 2b2d97fc545635a0f6aa9c9ee3b017394bc494bf
to gcc release 9.5.0. This fix is available to all release-branches
except releases/gcc-9 because upstream do not support gcc-9 now.
(From OE-Core rev: 9779b66162a014f26594bdde43afdc4332617240)
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Major changes between OpenSSL 1.1.1s and OpenSSL 1.1.1t [7 Feb 2023]
* Fixed X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
* Fixed Use-after-free following BIO_new_NDEF (CVE-2023-0215)
* Fixed Double free after calling PEM_read_bio_ex (CVE-2022-4450)
* Fixed Timing Oracle in RSA Decryption (CVE-2022-4304)
(From OE-Core rev: 22de5ecae3ebb04a4bab05010c04b205c52ee888)
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes with APR-util 1.6.3
*) Correct a packaging issue in 1.6.2. The contents of the release were
correct, but the top level directory was misnamed.
Changes with APR-util 1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions
of Apache Portable Runtime Utility (APR-util) allows an attacker to
write beyond bounds of a buffer.
*) Teach configure how to find and build against MariaDB 10.2. PR 61517
[Kris Karas <bugs-a17 moonlit-rail.com>]
*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
prevented commoncrypto being enabled. [Graham Leggett]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
apr_dbm_gdbm will now also return error codes starting with
APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always
returning APR_EGENERAL. [Stefan Fritsch]
Drop backport.
(From OE-Core rev: 9eb027bebb19bfb0fb136169e865ca269890fa6f)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dca707f9fecc805503e17f6db3e4c88069ac0125)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 43cd36b178ebb602edd5919c26f8b8642736a3a8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit e24b38a14b3520648ec418783fb74fcf61df7ff2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to use CFLAGS with the correct WORKDIR in them, replace those
in the sysroot file with the ones appropriate to the current recipe.
(From OE-Core rev: 92fb7261a1c7ebe6330832a9a71d1bed82c85a6a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 45edf189961aff1858be9bb7b63116073c0a0c10)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes for APR 1.7.2
*) Correct a packaging issue in 1.7.1. The contents of the release were
correct, but the top level directory was misnamed.
Changes for APR 1.7.1
*) SECURITY: CVE-2022-24963 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_encode functions of
Apache Portable Runtime (APR) allows an attacker to write beyond bounds
of a buffer.
*) SECURITY: CVE-2022-28331 (cve.mitre.org)
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond
the end of a stack based buffer in apr_socket_sendv(). This is a result
of integer overflow.
*) SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling]
*) configure: Fix various build issues for compilers enforcing
strict C99 compliance. PR 66396, 66408, 66426.
[Florian Weimer <fweimer redhat.com>, Sam James <sam gentoo.org>]
*) apr_atomic_read64(): Fix non-atomic read on 32-bit Windows [Ivan Zhakov]
*) configure: Prefer posix name-based shared memory over SysV IPC.
[Jim Jagielski]
*) configure: Add --disable-sctp argument to forcibly disable SCTP
support, or --enable-sctp which fails if SCTP support is not
detected. [Lubos Uhliarik <luhliari redhat.com>, Joe Orton]
*) Fix handle leak in the Win32 apr_uid_current implementation.
PR 61165. [Ivan Zhakov]
*) Add error handling for lseek() failures in apr_file_write() and
apr_file_writev(). [Joe Orton]
*) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file
to avoid a fd and inode leak when/if later passed to apr_file_setaside().
[Yann Ylavic]
*) APR's configure script uses AC_TRY_RUN to detect whether the return type
of strerror_r is int. When cross-compiling this defaults to no.
This commit adds an AC_CACHE_CHECK so users who cross-compile APR may
influence the outcome with a configure variable. [Sebastian Kemper
<sebastian_ml gmx net>]
*) Add a cache check with which users who cross-compile APR
can influence the outcome of the /dev/zero test by setting the variable
ac_cv_mmap__dev_zero=yes [Sebastian Kemper <sebastian_ml gmx net>]
*) Trick autoconf into printing the correct default prefix in the help.
[Stefan Fritsch]
*) Don't try to use PROC_PTHREAD by default when cross compiling.
[Yann Ylavic]
*) Add the ability to cross compile APR. [Graham Leggett]
*) While cross-compiling, the tools/gen_test_char could not
be executed at build time, use AX_PROG_CC_FOR_BUILD to
build native tools/gen_test_char
Support explicit libtool by variable assigning before buildcheck.sh,
it is helpful for cross-compiling (such as libtool=aarch64-linux-libtool)
[Hongxu Jia <hongxu.jia windriver.com>]
*) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen
<r... hjortskov.dk>]
*) Use AC_CHECK_SIZEOF, so as to support cross compiling. PR 56053.
[Mike Frysinger <vapier gentoo.org>]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_pools: Fix pool debugging output so that creation events are
always emitted before allocation events and subpool destruction
events are emitted on pool clear/destroy for proper accounting.
[Brane Čibej]
*) apr_socket_listen: Allow larger listen backlog values on Windows 8+.
[Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
*) Fixed: apr_get_oslevel() was returning APR_WIN_XP on Windows 10
*) Fix attempt to free invalid memory on exit when apr_app is used
on Windows. [Ivan Zhakov]
*) Fix double free on exit when apr_app is used on Windows. [Ivan Zhakov]
*) Fix a regression in apr_stat() for root path on Windows. [Ivan Zhakov]
Dropped patches have all been merged, addressed separately or are backports.
(From OE-Core rev: 013633b9f4b7dff2616c6d2e59e4d8118e3ce51f)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ffae93f24bb1e3954b232099153fd059cfd7daf)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit a308e10ef4ad9e097b025f009866eae178259781)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
AC_TRY_RUN macro means the test needs to run to find the result and we
are cross compiling so this will always get wrong results, this results
in miscompiling apache2 on musl because it disables rlimit
(ac_cv_struct_rlimit) wrongly.
All these variables are determined with AC_TRY_RUN checks
(From OE-Core rev: 104c9ddf7a5323e5193c611b98b3e7465157aecd)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
(cherry picked from commit 504eb0ff1cae200ee85ec18ebae564cae9bf9c8c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
musl does not implement GNU extention of strerror_r but XSI compliant
version, therefore add it via a packageconfig to set right variables
during configure to cache the value.
configure detection logic depends on runtime test which will always be
wrong on cross compiles therefore backport a patch to make it possible
to cache the needed configure variable.
(From OE-Core rev: 993cfeaefa73e3b82cf15db78584e5f9b9f86ddf)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ded3d76a844dd1aef9ac610fbe506bf76285369b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix an issue with autoconf 2.70 where duplicate macro includes
caused configure failures.
(From OE-Core rev: 41121149212b3684991a62261c17a45afd50bb83)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@arm.com>
(cherry picked from commit 4e5d7c86a8a5e752df451d988861a86236e8c8ff)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: a9a7c73b2b2b584b80f3a70029d1c5ce5fd6784f)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit a8e8ea1b4b100b6f0ba5ca9441a8f3f1ac31fbfd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: additional firmwares
(From OE-Core rev: f19ceec135e6afd2a31367a28744eb413b3d2e42)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 8e6134d39b840d96e1c37d3df21a522afea8bc76)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Newest linux-firmware release got firmware for Adreno A200. Add these
two files to the ${PN}-qcom-adreno-a2xx package. As these files are
licensed under a separate BSD-3-Clause license, add separate license
package too.
(From OE-Core rev: 420c41b9560574b10aa56fbe073509c56adda93e)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 56e1b2b06ef7f22d4ac5899046f650ae8ec0d547)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is not enough to depend on the ${PN}-qcom-license package. Set
LICENSE variable for all the qcom packages to point to the proper
license.
(From OE-Core rev: 2cb8f5efb99df37c8e2103ecdc7f482ee129650a)
Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9dc41e18dc138a7cce920f8e4c85eb3130c0d553)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: additional firmwares, copyright years
(From OE-Core rev: 4cfe4c03904cb313d5cfbb6739cd9964a61c5fa0)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fdb8c12fc71b4a985372f5d02ce59a1402c14c4a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: ea88ec38aa0e42b8c45e300e69dae7c2f7a13299)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6d77dbe499ee362b6e28902f1efcf52b961037a5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes CVE-2022-48303 by checking Base-256 encoding is at least
2 bytes long. GNU Tar through 1.34 has a one-byte out-of-bounds
read that results in use of uninitialized memory for a conditional
jump. Exploitation to change the flow of control has not been
demonstrated. The issue occurs in from_header in list.c via a
V7 archive in which mtime has approximately 11 whitespace characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-48303
Upstream patch:
https://savannah.gnu.org/bugs/?62387
https://git.savannah.gnu.org/cgit/tar.git/patch/src/list.c?id=3da78400eafcccb97e2f2fd4b227ea40d794ede8
(From OE-Core rev: 231360a55bf1b96d6bb1cf94820b08788677c58b)
(From OE-Core rev: af77a413db59863a898c32dc7536b680473ae9c5)
Signed-off-by: Rodolfo Quesada Zumbado <rodolfo.zumbado@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a00f15354084cee6b2183fcdbfdfc7826c365da)
Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
Signed-off-by: Riyaz Khan <rak3033@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport from https://sourceware.org/git/?p=glibc.git;a=patch;h=801af9fafd4689337ebf27260aa115335a0cb2bc
(From OE-Core rev: d7c7e9acd5b5699e4a0c2c7f2664cce7a5a08641)
Signed-off-by: Shubham Kulkarni <skulkarni@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE already fixed in CVE-2022-39176.patch
(From OE-Core rev: 27c59788ce8b97666429981104d9e5d38634230e)
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream-Status: Backport from https://github.com/git/git/commit/a244dc5b & https://github.com/git/git/commit/81dc898d &
https://github.com/git/git/commit/b49f309a & https://github.com/git/git/commit/f6e0b9f3 &
https://github.com/git/git/commit/1de69c0c & https://github.com/git/git/commit/48050c42 &
https://github.com/git/git/commit/522cc87f & https://github.com/git/git/commit/17d23e8a &
https://github.com/git/git/commit/937b71cc & https://github.com/git/git/commit/81c2d4c3 &
https://github.com/git/git/commit/f930a239 & https://github.com/git/git/commit/304a50ad
(From OE-Core rev: d591ac4dfeff7b69086a47c7e88a8127f1d31299)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
import patches from debian
http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz
fix multiple CVEs:
CVE-2022-3570
CVE-2022-3597
CVE-2022-3598
CVE-2022-3599
CVE-2022-3626
CVE-2022-3627
CVE-2022-3970
CVE-2022-48281
CVE-2023-0795
CVE-2023-0796
CVE-2023-0797
CVE-2023-0798
CVE-2023-0799
CVE-2023-0800
CVE-2023-0801
CVE-2023-0802
CVE-2023-0803
CVE-2023-0804
(From OE-Core rev: a6859c967e6e0079dd197fc36844b862938f4eed)
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream-Status: Backport from https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2
(From OE-Core rev: e172a9d7dc92561e26b8ec7ff11d4c598dcaf5c8)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From meta-yocto rev: 8485f6da8c49c7a8cd1d768facf3ff3b746f3b49)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|