Commit Graph

13907 Commits

Author SHA1 Message Date
Leon Anavi c93994f1bb sip: Upgrade 6.8.3 -> 6.8.6
After the migration from Mercurial to GitHub the homepage has
changed and SIP has been licensed under the BSD-2-Clause license
since Feb 9, 2024. Upgrade to version 6.8.6:

- Handle single number macOS deployment targets
- Support for architectures where `char` is unsigned
- Support for building from git archives
- Run the tests using the current Python version

The project has a proper pyproject.toml which declares the
setuptools.build.meta PEP-517 backend.

Fixes:
WARNING: sip-6.8.6-r0 do_check_backend: QA Issue: inherits
setuptools3 but has pyproject.toml with setuptools.build_meta,
use the correct class [pep517-backend]

Please note SIP version 6.8.6 is present for branch Scarthgap and
it is required for PyQt6 6.8 from layer meta-qt6 (branch 6.8).

The work was sponsored by GOVCERT.LU.

License-Update: SIP is licensed under the BSD-2-Clause license.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-25 08:45:21 -05:00
Peter Kjellerstedt 5864abec5f licenses/MINPACK: Remove
The libeigen recipe, which was the only user of this license file, now
uses the Minpack license from OE-Core instead.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-25 08:45:21 -05:00
Peter Kjellerstedt ac2364b61c libeigen: Remove LGPL code
Since libeigen is a header-only library, LGPL effectively has the same
properties as GPL when it comes to affecting the licensing of the code
that uses libeigen. To avoid the problem, backport a patch to remove all
LGPL-2.1 code from the library.

Switch to using "Minpack" rather than "MINPACK" as license since the
former is the official SPDX name.

Also correct the licenses for ${PN}, ${PN}-dbg and ${PN}-dev to reflect
that they do not contain any GPL code (the GPL code is only used for
benchmark tests and does not affect what is installed).

License-Update: Correct the license information
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-25 08:45:21 -05:00
Peter Kjellerstedt c3b6e20141 lvm2: Remove a lingering reference to ${PN}-udevrules
The lvm2-udevrules package has not actually been created since commit
5d54a52fbe.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-25 08:45:21 -05:00
Peter Kjellerstedt 376903c60e tbb: Re-enable hwloc support
The problem with using pkg-config to find hwloc when cross-compiling was
solved by upstream in 2021.13.0. However, the upgrade in commit
d8c5a72788 missed that upstream defaults
to disabling searching for hwloc when cross-compiling.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-25 08:45:21 -05:00
Martin Jansa 6851cbf026 lapack: fix buildpaths in ptest also when CBLAS is enabled
ERROR: lapack-3.12.0-r0 do_package_qa: QA Issue:
File /usr/lib/lapack/ptest/bin/xccblat3 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xdcblat3 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xdcblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xscblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xccblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xzcblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xzcblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xccblat1 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xdcblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xscblat2 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xscblat3 in package lapack-ptest contains reference to TMPDIR
File /usr/lib/lapack/ptest/bin/xzcblat3 in package lapack-ptest contains reference to TMPDIR [buildpaths]

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Martin Jansa bcb97fcfcb lapack: add PACKAGECONFIG for cblas
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 35b9a26750 audiofile: mark CVE-2020-18781 as patched
Per [1] this CVE is already patched by commit [2].

This can be also verified with yocto build.

Running without this patch:
root@qemux86-64:~# sfconvert poc.wav output format wave
malloc(): corrupted top size
Aborted

Running with it:
root@qemux86-64:~# sfconvert poc.wav output format wave
Audio File Library: Bad number of coefficients [error 62]
Could not open file 'poc.wav' for reading.

[1] https://github.com/mpruett/audiofile/issues/56
[2] https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 68f55c158e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 23bd451257 audiofile: patch CVE-2017-6839
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/844a7c6281eb442881330a5d36d5a0719f2870bf

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 88faae83b2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 2bdeebd11f audiofile: patch CVE-2017-6831
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/bd5f84d301c4e74ca200a9336eca88468ec0e1f3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9d668989b1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 85c8b0ab7a audiofile: fix multiple CVEs
CVE-2017-6830 / CVE-2017-6834 / CVE-2017-6836 / CVE-2017-6838

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/4a1a8277bba490d227f413e218138e39f1fe1203

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 75f2bd2b3b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko beefbac3d7 audiofile: patch CVE-2017-6829
Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/434890df2a7c131b40fec1c49e6239972ab299d2

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f29fbaa465)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 9ed3377c2c audiofile: fix multiple CVEs
CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837

Use patch from buildroot:
https://github.com/buildroot/buildroot/commit/cc00bde57fc20d11f8fa4e8ec5f193c091714c55

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 634cbcb91c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 0a79e257d8 procmail: patch CVE-2017-16844.
Take patch from Debian.
https://sources.debian.org/data/main/p/procmail/3.22-26%2Bdeb10u1/debian/patches/30

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3d97f4c13d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko cf633ae469 procmail: patch CVE-2014-3618
Take patch from Debian.
https://sources.debian.org/data/main/p/procmail/3.22-20%2Bdeb7u1/debian/patches/CVE-2014-3618.patch

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 8378820dab)
[Fixup for styhead context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Jörg Sommer 14cd4fb44e libtinyxml2: set CVE product to tinyxml2
This library gets tracked with the product name tinyxml2:

https://nvd.nist.gov/products/cpe/detail/5A6C04CB-E6AD-4740-882A-34620AEC060A

Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1c60b8ccf7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Zhang Peng bd822f424c lapack: fix TMPDIR reference in do_package_qa
When building the `lapack` package, the following QA error occurs:
"File /usr/lib64/libblas.so.3.12.0 in package lapack contains reference to TMPDIR [buildpaths]"

The issue arises because the `xerbla.o` object file embeds the absolute host path of `xerbla.f`.
This occurs during compilation, where the build command in `build.make` (generated by CMake) specifies:
`gfortran -c <absolute path>/xerbla.f -o`.

As a result, the absolute path is included in `xerbla.o`. Unfortunately,  `gfortran` does not support
flags like `-fdebug-prefix-map` or `-ffile-prefix-map` to remove such paths.

To resolve this, the fix involves replacing the absolute path of `xerbla.f` in the generated
`build.make` file with a relative path before the compilation step. This ensures that the
resulting `xerbla.o` does not contain any references to TMPDIR, passing the `do_package_qa` check.

For ptest code, the solution is to replace `${WORKDIR}` with `../../..` in the generated `build.make`
files located in the TESTING directory.

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b617496fb0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 80ccc42568 libtinyxml: patch CVE-2023-34194
Take patch from Debian:
https://salsa.debian.org/debian/tinyxml/-/commit/2366e1f23d059d4c20c43c54176b6bd78d6a83fc

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f4a6966bf0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 32452210d9 libtinyxml: patch CVE-2021-42260
Take patch from Debian:
https://salsa.debian.org/debian/tinyxml/-/commit/38db99c12e43d7d6e349403ce4d39a706708603d

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 066cf35ae5)
[Fixup for styhead context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Jörg Sommer 6fb8320d51 libtinyxml: set CVE product to tinyxml
This library gets tracked with the product name tinyxml:

https://nvd.nist.gov/products/cpe/detail/95BDA29F-257C-4C44-8847-25CFC107228D

Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c5ef63d685)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Hieu Van Nguyen 7816f8d080 gphoto2: Fix /usr/bin/gphoto2 runtime error
After fixing the TMPDIR [buildpaths] warning, a segmentation fault while
running gphoto2 command.

It seems 'sed' is primarily designed for text processing. When running
'sed' on a binary, it may overwrite or corrupt critical parts of the
binary.
> root@qemux86-64:~# gphoto2 -v
> Segmentation fault

Signed-off-by: Hieu Van Nguyen <hieu2.nguyen@lge.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-02-04 14:29:37 -08:00
Peter Marko 117f44269d php: upgrade 8.2.20 -> 8.2.26
Solves dozens of vulnerabilities. See
https://php.watch/versions/8.2/releases/8.2.21
https://php.watch/versions/8.2/releases/8.2.22
https://php.watch/versions/8.2/releases/8.2.23
https://php.watch/versions/8.2/releases/8.2.24
https://php.watch/versions/8.2/releases/8.2.25
https://php.watch/versions/8.2/releases/8.2.26

Removes CVE-2024-11233, CVE-2024-11234 and CVE-2024-11236 from
current cve metrics.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit eea7188a24)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Yogita Urade 9f9037e5ee postgresql: upgrade 16.4 -> 16.5
Includes fix for CVE-2024-10976, CVE-2024-10977, CVE-2024-10978
and CVE-2024-10979

Changelog:
https://www.postgresql.org/docs/release/16.5/

0003-configure.ac-bypass-autoconf-2.69-version-check.patch
Refreshed for 16.5

Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 54bbf1a630)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Peter Marko 83275506dd emlog: set CVE_PRODUCT
This will remove false-positive CVE-2024-50655 from reports.
There are different emlog components from other vendors around.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d8d45d9093)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Peter Marko cf160b1303 redis: ignore CVE-2022-0543
This is Debian-specific CVE.
NVD tracks this CVE as version-less.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 87a1bcc149)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Peter Marko fb3726d664 gattlib: mark CVE-2019-6498 as fixed
Our hash does not point to exact tag and CVE patch is already in.

We use: 33a8a275928b186381bb0aea0f9778e330e57ec3
Fix: https://github.com/labapart/gattlib/commit/60b813a770e42fdb0e85c1d2da7a55327784b8d6

git describe --tags --match=v0.2 33a8a275928b186381bb0aea0f9778e330e57ec3 60b813a770e42fdb0e85c1d2da7a55327784b8d6
v0.2-262-g33a8a27
v0.2-85-g60b813a

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e5a12d5252)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Peter Marko 07ef671860 ace: ignore CVE-2009-1147
This CVE is for vmware ace.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9bd6efd135)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Peter Marko d95bc96aec dash: set CVE_PRODUCT
This removes false positive CVE-2024-21485 from cve reports.

$ sqlite3 nvdcve_2-2.db
sqlite> select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|<
CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|<

Our dash:dash did not reach major version 1 yet.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1427013e0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Ruiqiang Hao 76f46c61b5 mariadb: Ensure compatibility with ARMv9 by updating .arch directive
The pmem_cvap() function currently uses the '.arch armv8.2-a' directive
for the 'dc cvap' instruction. This will cause build errors below when
compiling for ARMv9 systems. Update the '.arch' directive to 'armv9.4-a'
to ensure compatibility with ARMv9 architectures.

{standard input}: Assembler messages:
{standard input}:169: Error: selected processor does not support `retaa'
{standard input}:286: Error: selected processor does not support `retaa'
make[2]: *** [storage/innobase/CMakeFiles/innobase_embedded.dir/build.make:
1644: storage/innobase/CMakeFiles/innobase_embedded.dir/sync/cache.cc.o]
Error 1

Signed-off-by: Ruiqiang Hao <Ruiqiang.Hao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa667cbe21)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Khem Raj bf36b9bf3a mariadb: Fix build with clang-20/trunk
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5de95a5b7a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Peter Kjellerstedt 8dc3cdccb6 abseil-cpp: Do not leak -Wnon-virtual-dtor into the .pc files
The -Wnon-virtual-dtor flag was unintentionally added to the .pc files,
which causes problems when abseil is used by C code:

  cc1: error: command-line option '-Wnon-virtual-dtor' is valid for
  C++/ObjC++ but not for C [-Werror]

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2025-01-16 09:17:32 -05:00
Fredrik Hugosson 5d54a52fbe lvm2: Remove the lvm2-udevrules package
Add the specific udev rules needed for device mapper notifications to
the libdevmapper package. This is needed to get notifications for
device mapping to work with systemd.

Move the remaining udev rules files to the lvm2 package as there is no
real reason to have them packaged separately.

List all udev files explicitly in the FILES variables so that someone
will have to make an active decision where to package any new udev files
added in the future.

Co-authored-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Fredrik Hugosson <fredrik.hugosson@axis.com>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c37c867e1a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-25 13:29:59 -08:00
Khem Raj a43348e496 xmlsec1: Switch SRC_URI to use github release
This ensures that we do not have to do the toggling from
releases to old-release in LTS release branches

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Jiaying Song <jiaying.song.cn@windriver.com>
(cherry picked from commit 24048ef4b0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:29 -08:00
Jiaying Song e0485882a1 vlock: fix do_fetch error
Change the SRC_URI to the correct value due to the following error:

WARNING: vlock-2.2.3-r0.vr2401 do_fetch: Failed to fetch URL http://distfiles.gentoo.org/distfiles/vlock-2.2.3.tar.gz, attempting MIRRORS if available

Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 784942b68e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:29 -08:00
Wang Mingyu beb0a998f3 nmap: Fix off-by-one overflow in the IP protocol table.
Add patch to fix core dumped error when using "nmap -sO"

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6a5b26d467)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:29 -08:00
J. S. 14da6fb62c nodejs: cleanup
Drop two patches which haven't been referenced by the nodejs recipe since the
20.11.0 version checkin.
  0001-build-fix-build-with-Python-3.12.patch
  0001-gyp-resolve-python-3.12-issues.patch

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 2698039ac4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:29 -08:00
Martin Jansa 89410b0f8d xmlrpc-c: update SRCREV
* github repo was force pushed and git history re-written since 2018 commit:
  69ee98df Release 1.43.07

* $ git branch -a --contains 352aeaa9ae49e90e55187cbda839f2113df06278
  $

* $ git diff 352aeaa9ae49e90e55187cbda839f2113df06278 08b052692b70171a6fcb437d4f52a46977eda62e
  $

* so at least the 1.59.01 content is the same

Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:28 -08:00
Ryan Eatmon 9865b9daf2 kernel-selftest: Update to allow for turning on all tests
In testing adding in more kernel-selftests there were a number of issues
that arose that require changes that are more appropriate for the main
recipe and not a bbappend.

1) Stop looping over TEST_LIST ourselves and use the TARGETS="" provided
by the kernel-sefltest Makefiles.  This correctly sets up various
variables that the selftest Makefiles all need.  Also, do_install
becomes cleaner because the main Makefile already installs the list of
tests and the top level script.

2) Add DEBUG_PREFIX_MAP to the CC setting to avoid some "buildpaths" QA
errors.

3) Add two INSANE_SKIPS for "already-stripped" and "ldflags".  Some of
the selftest Makefiles are adding flags to their compiles that basically
break the above checks.  Since these compiles are not really meant as
user level tools and instead testing, it should be ok to just always set
INSANE_SKIP for these two.

Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc6d6e06aa)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:28 -08:00
Khem Raj 0109f985b6 rsyslog: Enable 64bit atomics check
Build checks for this during configure but the test is a runtime
test, which does not work when cross-compiling, therefore
prescribe this by caching it for architecture/compiler options
where it will work ok.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 91c7ac099b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:28 -08:00
Liyin Zhang ea1f413b12 sound-theme-freedesktop: Update SRC_URI
Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3fbeee6aa5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:28 -08:00
Markus Volk 3a71951a5e cryptsetup: fix udev PACKAGECONFIG
This commit removed the lvm2-udevrules package.
[https://git.openembedded.org/meta-openembedded/commit/?h=master-next&id=c37c867e1adddd6fa39cf3f3d4c6688ea6dc825a]

Align accordingly to avoid error at do_rootfs

Error:
 Problem 1: package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev.so.3()(64bit), but none of the providers can be installed
  - package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libbd_utils.so.3()(64bit), but none of the providers can be installed
  - package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev >= 3.2.0, but none of the providers can be installed
  - package gvfs-1.56.0-r0.corei7_64 from oe-repo requires udisks2, but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12()(64bit), but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit), but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.4)(64bit), but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.7)(64bit), but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires cryptsetup >= 2.7.5, but none of the providers can be installed
  - conflicting requests
  - nothing provides lvm2-udevrules needed by cryptsetup-2.7.5-r0.corei7_64 from oe-repo
 Problem 2: package gvfs-1.56.0-r0.corei7_64 from oe-repo requires udisks2, but none of the providers can be installed
  - package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev.so.3()(64bit), but none of the providers can be installed
  - package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libbd_utils.so.3()(64bit), but none of the providers can be installed
  - package udisks2-2.10.1-r0.corei7_64 from oe-repo requires libblockdev >= 3.2.0, but none of the providers can be installed
  - package gvfsd-trash-1.56.0-r0.corei7_64 from oe-repo requires libgvfscommon.so()(64bit), but none of the providers can be installed
  - package gvfsd-trash-1.56.0-r0.corei7_64 from oe-repo requires libgvfsdaemon.so()(64bit), but none of the providers can be installed
  - package gvfsd-trash-1.56.0-r0.corei7_64 from oe-repo requires gvfs >= 1.56.0, but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12()(64bit), but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.0)(64bit), but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.4)(64bit), but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires libcryptsetup.so.12(CRYPTSETUP_2.7)(64bit), but none of the providers can be installed
  - package libblockdev-3.2.0-r0.corei7_64 from oe-repo requires cryptsetup >= 2.7.5, but none of the providers can be installed
  - conflicting requests
  - nothing provides lvm2-udevrules needed by cryptsetup-2.7.5-r0.corei7_64 from oe-repo
(try to add '--skip-broken' to skip uninstallable packages)

Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1ca8df16af)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:28 -08:00
Chen Qi a07f028b7a jansson: add JSON_INTEGER_IS_LONG_LONG for cmake
This macro is documented, so it should be consistent across
different build systems. It's defined in autotools, but not
cmake. Add it for cmake.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a3854f6893)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:27 -08:00
Yoann Congal cb829fd088 wtmpdb: fix installed-vs-shipped build error
wtmpdb installs a PAM plugin in "${base_libdir}/security/pam_wtmpdb.so".
This path is not in default FILES.

Add this path to FILES:${PN} to fix this error:
  ERROR: wtmpdb-0.11.0-r0 do_package: QA Issue: wtmpdb: Files/directories were installed but not shipped in any package:
    /lib/security/pam_wtmpdb.so
  Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
  wtmpdb: 1 installed and not shipped files. [installed-vs-shipped]
  ERROR: wtmpdb-0.11.0-r0 do_package: Fatal QA errors were found, failing task.
  ERROR: Logfile of failure stored in: .../poky/build-master/tmp/work/core2-64-poky-linux/wtmpdb/0.11.0/temp/log.do_package.939726
  ERROR: Task (.../poky/meta-openembedded/meta-oe/recipes-extended/wtmpdb/wtmpdb_0.11.0.bb:do_package) failed with exit code '1'

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a090cd3e0e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:27 -08:00
J. S. dca3efef19 nodejs: upgrade 20.17.0 -> 20.18.0
License checksum change due to whitespace changes.
https://github.com/nodejs/node/commit/1dfd238781

libatomic.patch change due to changes in node.gyp
https://github.com/nodejs/node/commit/25c788009f1fa7a392af51cb97d0a55f0f4a6983

Changelog :
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V20.md#20.18.0

Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 410a442f89)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:27 -08:00
Khem Raj 2a73f135d4 webkitgtk3: Fix build break with latest gir
Reported with clang-19

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7be0d59669)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:27 -08:00
Khem Raj 61ba32cee6 webkitgtk3: Always use -g1 for debug flags
Ensures that debugging symbols do not explode modeled on oe-core commit [1]

[1] https://git.openembedded.org/openembedded-core/commit/?id=9badf68d78d995f7d5d4cf27e045f029fc6d4044
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit c5fb1e0d3d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:26 -08:00
alperak ffb5c0d505 libhugetlbfs: Fix contains reference to TMPDIR [buildpaths] error
ERROR: libhugetlbfs-1_2.24-r0 do_package_qa: QA Issue: File /usr/lib/libhugetlbfs/tests/obj64/dummy.ldscript in package libhugetlbfs-tests contains reference to TMPDIR [buildpaths]
ERROR: libhugetlbfs-1_2.24-r0 do_package_qa: Fatal QA errors were found, failing task.

Signed-off-by: alperak <alperyasinak1@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1c346f1829)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:26 -08:00
Khem Raj 31d5c4ae9e libhugetlbfs: Use linker wrapper during build
ld.hugetlbfs is munging certain linker commandline options
and presenting a differently named options to its users, in
summary its expecting linker process to call ld.hugetlbfs
which calls the final linker with additional decorations.

This patch makes space for that by adding -B option to compiler
so it finds this the linker in S and then we creates symlinks
for linker name that clang/gcc are expecting.

Fixes

libhugetlbfs/2.24/recipe-sysroot-native/usr/bin/x86_64-yoe-linux/x86_64-yoe-linux-ld.bfd: unrecognized option '--hugetlbfs-link=B'

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit dc84a9e699)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:26 -08:00
Yi Zhao bc81a983b7 libhugetlbfs: upgrade 2.23 -> 2.24
ChangeLog:
https://github.com/libhugetlbfs/libhugetlbfs/blob/2.24/NEWS

* Refresh patches
* Drop backport patches
* Inherit autotools-brokensep since it has switched to automake
* Add a patch to fix build on musl

Test Results:
$ mkdir -p /mnt/hugetlbfs
$ mount -t hugetlbfs none /mnt/hugetlbfs

$ hugeadm --pool-pages-min 2MB:64
$ hugeadm --pool-pages-max 2MB:256

$ cd /usr/lib/libhugetlbfs/tests/
$ ./run_tests.py
PASS
zero_filesize_segment (2M: 64): PASS
test_root (2M: 64):     PASS
meminfo_nohuge (2M: 64):        PASS
gethugepagesize (2M: 64):       PASS
gethugepagesizes (2M: 64):      PASS
HUGETLB_VERBOSE=1 empty_mounts (2M: 64):        PASS
HUGETLB_VERBOSE=1 large_mounts (2M: 64):        PASS
find_path (2M: 64):     PASS
unlinked_fd (2M: 64):   PASS
readback (2M: 64):      PASS
truncate (2M: 64):      PASS
shared (2M: 64):        PASS
mprotect (2M: 64):      PASS
mlock (2M: 64): PASS
misalign (2M: 64):      PASS
fallocate_basic.sh (2M: 64):    PASS
fallocate_align.sh (2M: 64):    PASS
ptrace-write-hugepage (2M: 64): PASS
icache-hygiene (2M: 64):        PASS
slbpacaflush (2M: 64):  PASS (inconclusive)
straddle_4GB_static (2M: 64):   PASS
huge_at_4GB_normal_below_static (2M: 64):       PASS
huge_below_4GB_normal_above_static (2M: 64):    PASS
map_high_truncate_2 (2M: 64):   PASS
misaligned_offset (2M: 64):     PASS (inconclusive)
truncate_above_4GB (2M: 64):    PASS
brk_near_huge (2M: 64): Fatal glibc error: malloc.c:2599 (sysmalloc): assertion failed: (old_top == initial_top (av) && old_size = = 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)
task-size-overrun (2M: 64):     PASS
stack_grow_into_huge (2M: 64):  PASS
corrupt-by-cow-opt (2M: 64):    PASS
noresv-preserve-resv-page (2M: 64):     PASS
noresv-regarded-as-resv (2M: 64):       PASS
readahead_reserve.sh (2M: 64):  PASS
madvise_reserve.sh (2M: 64):    PASS
fadvise_reserve.sh (2M: 64):    PASS
mremap-expand-slice-collision.sh (2M: 64):      PASS
mremap-fixed-normal-near-huge.sh (2M: 64):      PASS
mremap-fixed-huge-near-normal.sh (2M: 64):      PASS
set shmmax limit to 67108864
shm-perms (2M: 64):     PASS
private (2M: 64):       PASS
fork-cow (2M: 64):      PASS
direct (2M: 64):        PASS
malloc (2M: 64):        PASS
LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes malloc (2M: 64):        SKIPPED
LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes HUGETLB_RESTRICT_EXE=unknown:none malloc (2M: 64):      SKIPPED
LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes HUGETLB_RESTRICT_EXE=unknown:malloc malloc (2M: 64):    SKIPPED
malloc_manysmall (2M: 64):      PASS
LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes malloc_manysmall (2M: 64):      SKIPPED
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 heapshrink (2M: 64): PASS
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libheapshrink.so heapshrink (2M: 64):     PASS
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libhugetlbfs.so HUGETLB_MORECORE=yes heapshrink (2M: 64): SKIPPED
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libhugetlbfs.so libheapshrink.so HUGETLB_MORECORE=yes heapshrink (2M: 64): SKIPPED
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libheapshrink.so HUGETLB_MORECORE=yes HUGETLB_MORECORE_SHRINK=yes heapshrink (2M: 64):      SKIPPED
GLIBC_TUNABLES=glibc.malloc.tcache_count=0 LD_PRELOAD=libhugetlbfs.so libheapshrink.so HUGETLB_MORECORE=yes HUGETLB_MORECORE_SHRINK=yes heapshrink (2M: 64):      SKIPPED
HUGETLB_VERBOSE=1 HUGETLB_MORECORE=yes heap-overflow (2M: 64):  SKIPPED
HUGETLB_VERBOSE=0 linkhuge_nofd (2M: 64):       PASS
LD_PRELOAD=libhugetlbfs.so HUGETLB_VERBOSE=0 linkhuge_nofd (2M: 64):    PASS
linkhuge (2M: 64):      PASS
LD_PRELOAD=libhugetlbfs.so linkhuge (2M: 64):   PASS
linkhuge_rw (2M: 64):   PASS
HUGETLB_ELFMAP=R linkhuge_rw (2M: 64):  PASS
HUGETLB_ELFMAP=W linkhuge_rw (2M: 64):  PASS
HUGETLB_ELFMAP=RW linkhuge_rw (2M: 64): PASS
HUGETLB_ELFMAP=no linkhuge_rw (2M: 64): PASS
HUGETLB_MINIMAL_COPY=no HUGETLB_ELFMAP=R linkhuge_rw (2M: 64):  PASS
HUGETLB_MINIMAL_COPY=no HUGETLB_ELFMAP=W linkhuge_rw (2M: 64):  PASS
HUGETLB_MINIMAL_COPY=no HUGETLB_ELFMAP=RW linkhuge_rw (2M: 64): PASS
HUGETLB_ELFMAP=R HUGETLB_SHARE=0 linkhuge_rw (2M: 64):  PASS
HUGETLB_ELFMAP=R HUGETLB_SHARE=1 linkhuge_rw (2M: 64):  PASS
HUGETLB_ELFMAP=W HUGETLB_SHARE=0 linkhuge_rw (2M: 64):  PASS
HUGETLB_ELFMAP=W HUGETLB_SHARE=1 linkhuge_rw (2M: 64):  PASS
HUGETLB_ELFMAP=RW HUGETLB_SHARE=0 linkhuge_rw (2M: 64): PASS
HUGETLB_ELFMAP=RW HUGETLB_SHARE=1 linkhuge_rw (2M: 64): PASS
chunk-overcommit (2M: 64):      PASS
alloc-instantiate-race shared (2M: 64): PASS
alloc-instantiate-race private (2M: 64):        PASS
truncate_reserve_wraparound (2M: 64):   PASS
truncate_sigbus_versus_oom (2M: 64):    PASS
get_huge_pages (2M: 64):        PASS
shmoverride_linked (2M: 64):    PASS
HUGETLB_SHM=yes shmoverride_linked (2M: 64):    PASS
LD_PRELOAD=libhugetlbfs.so shmoverride_unlinked (2M: 64):       PASS
LD_PRELOAD=libhugetlbfs.so HUGETLB_SHM=yes shmoverride_unlinked (2M: 64):       PASS
quota.sh (2M: 64):      PASS
counters.sh (2M: 64):   PASS
mmap-gettest 10 64 (2M: 64):    PASS
mmap-cow 63 64 (2M: 64):        PASS
set shmmax limit to 134217728
shm-fork 10 32 (2M: 64):        PASS
set shmmax limit to 134217728
shm-fork 10 64 (2M: 64):        PASS
set shmmax limit to 134217728
shm-getraw 64 /dev/full (2M: 64):       PASS
fallocate_stress.sh (2M: 64):   PASS
********** TEST SUMMARY
*                      2M
*                      32-bit 64-bit
*     Total testcases:     0     91
*             Skipped:     0      9
*                PASS:     0     81
*                FAIL:     0      0
*    Killed by signal:     0      1
*   Bad configuration:     0      0
*       Expected FAIL:     0      0
*     Unexpected PASS:     0      0
*    Test not present:     0      0
* Strange test result:     0      0
**********

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 47ee82f084)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:26 -08:00
Katariina Lounento 48e7ded364 libtar: patch CVEs
cve-check.bbclass reported unpatched vulnerabilities in libtar
[1,2,3,4,5]. The NIST assigned base score for the worst vulnerability
is 9.1 / critical.

The patches were taken from the libtar [6] master branch after the
latest tag v1.2.20 (the changes in libtar master mostly originate from
Fedora and their patches), and from the Fedora 41 libtar source package
[7] and the Debian libtar package 1.2.20-8 [8] where the patches were
not available in the libtar repository itself.

The Fedora patch series was taken in its entirety in order to minimize
differences to Fedora's source tree instead of cherry-picking only CVE
fixes. Minimizing the differences should avoid issues with potential
inter-dependencies between the patches, and hopefully provide better
confidence as even the newest patches have been in use in Fedora for
nearly 2 years (since December 2022; Fedora rpms/libtar.git commit
e25b692fc7ceaa387dafb865b472510754f51bd2). The series includes even the
Fedora patch libtar-1.2.20-no-static-buffer.patch, which contains
changes *) that match the libtar commit
ec613af2e9371d7a3e1f7c7a6822164a4255b4d1 ("decode: avoid using a static
buffer in th_get_pathname()") whose commit message says

    Note this can break programs that expect sizeof(TAR) to be fixed.

The patches applied cleanly except for the Fedora srpm patch
libtar-1.2.11-bz729009.patch, which is identical with the pre-existing
meta-oe patch 0002-Do-not-strip-libtar.patch and is thus omitted.

The meta-openembedded recipe does not include any of the patches in
Kirkstone [9] nor the current master [10].

libtar does not have newer releases, and the libtar master doesn't
contain all of the changes included in the patches. Fedora's
libtar.1.2.11-*.patch are not included in the libtar v1.2.20 release
either but only in the master branch after the tag v1.2.20. The version
number in the filename is supposedly due to the patches being created
originally against v1.2.11 but have been upstreamed or at least
committed to the master only after v1.2.20.

The commit metadata could not be practically completed in most of the
cases due to missing commit messages in the original commits and
patches. The informal note about the author ("Authored by") was added to
the patch commit messages where the commit message was missing the
original author(s)' Signed-off-by.

*) The patch also contains the changes split to the libtar commits
    495d0c0eabc5648186e7d58ad54b508d14af38f4 ("Check for NULL before
    freeing th_pathname") and 20aa09bd7775094a2beb0f136c2c7d9e9fd6c7e6
    ("Added stdlib.h for malloc() in lib/decode.c"))

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-33643
[2] https://nvd.nist.gov/vuln/detail/CVE-2021-33644
[3] https://nvd.nist.gov/vuln/detail/CVE-2021-33645
[4] https://nvd.nist.gov/vuln/detail/CVE-2021-33646
[5] https://nvd.nist.gov/vuln/detail/CVE-2013-4420
[6] https://repo.or.cz/libtar.git
[7] https://src.fedoraproject.org/rpms/libtar/tree/f41
[8] https://sources.debian.org/patches/libtar/1.2.20-8/CVE-2013-4420.patch/
[9] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=kirkstone&id=9a24b7679810628b594cc5a9b52f77f53d37004f
[10] https://git.openembedded.org/meta-openembedded/tree/meta-oe/recipes-support/libtar/libtar_1.2.20.bb?h=master&id=9356340655b3a4f87f98be88f2d167bb2514a54c

Signed-off-by: Katariina Lounento <katariina.lounento@vaisala.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 3c9b5b36c8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2024-11-19 13:13:25 -08:00