Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: d0283e421e41b6775f40a51de6018c2c5cfda61f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: 0a2cb15d6953a809135bea69609673d068f46df1)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: 9ecee5f950f249d982b307bbdbe0e13e55f27b24)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: def610a1298ad7b8c98185a2b4c46f2c7173a950)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: ab56d0eb79b40f5e60af20dadcda1b0239fe020e)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: bfebaeb1705d072eb6b42a6dfe9bff4829a49a33)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: ba19a6126d315c964214e7ca89895ea1ba8b4a15)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: aeefadfda0e98d0b3369c4abc98485774e1fe562)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 0ae686de6aefb10d961cd8965dba8a02d1c977c6)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: e956e7437aa95e006547c3a92271b64c25252a50)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 29778ceddd775c47d722ecf1cc587c6526202d0b)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 7c18697372444ef9e4df03b7c9de7b8da7f4f600)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: 3c33dbc32859ce45743c507120317a562b1a897d)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning these CVEs.
(From OE-Core rev: 3b497db0bff69c8e7a4f5466b155d1c84051cc59)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Cherry-pick patch mentioning this CVE.
(From OE-Core rev: ef41ef5730d08371d1eb03f94fa9357edf26889f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
It is used to fix multiple CVEs.
(From OE-Core rev: 48cf877397b82449f171190a33a8e723512b8227)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
CVE-2021-46705 was needed only with 2.06
CVE-2023-4692 and CVE-2023-4693 were fixed in NVD DB meanwhile
(From OE-Core rev: 7d35eefd2290bad78199354157e5d275ceda0ce2)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This option fails with clang compiler when testing for soft-float because
OE enforces this option via CCARGS however, gtub's
makefile/configure does disable all sse options when checking for
soft-float support, but it can not disable -mfpmath=sse as its inserted
by OE, therefore remove it in recipe
Fixes build errors seen with clang/musl like on x86
error: the 'sse' unit is not supported with this instruction set
(From OE-Core rev: ad76da4ff6d7110747b620621ae3728de9905465)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Where recipes use S = ${WORKDIR}, change them to set UNPACKDIR to
a subdir of WORKDIR and make S point at this instead.
I've chosen not to force S into any standard UNPACKDIR we may pick in
future just so the S = UNPACKDIR case is clearly visible by the
directory naming under WORKDIR as that should aid usability.
(From OE-Core rev: d9328e3b0b062f0621de3d114584b44f384a1c02)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace references of WORKDIR with UNPACKDIR where it makes sense to do
so in preparation for changing the default value of UNPACKDIR.
(From OE-Core rev: 1f18b9a512800860d5153d89eb82b56388efad6f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Set CVE_STATUS as none of the issues apply against the versions
used in the recipes.
(From OE-Core rev: cea8c8bf73e84133f566d1c2ca0637494f2d7afe)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Redhat/Fedora specific as it affects the grub2-set-bootflag extension
added by Redhat to grub.
(From OE-Core rev: 40cd768368167f81de5bb55e9ff0584035f4c1b4)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A issue was found when I run "runqemu genericx86-64 ovmf", grub failed
to boot, it's a known issue has been fixed in grub upstream, backport
the fix.
(From OE-Core rev: 51eab4bb0cae46c9c32d28986eb97badf47594b7)
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It enable the metadata_csum_seed feature by default in e2fsprogs 1.47.0
and causes grub doesn't work. Backport patch to make grub support this
feature.
(From OE-Core rev: ae3b4588d69e534ac8aff136ed44f3975f5a2d4f)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The commit(75dbdea940 grub: Allow build on armv7ve/a with softfp)
enable build on armv7ve/a with softfp, but it acutally enable
build on armv7ve/a with hardfp altogether and result in below build
failure:
| checking for compile options to get strict alignment... -mno-unaligned-access
| checking if compiler generates unaligned accesses... no
| checking if C symbols get an underscore after compilation... no
| checking whether target compiler is working... no
| configure: error: cannot compile for the target
So update the check to disable build on armv7ve/a with hardfp.
(From OE-Core rev: f67b2880fc2cfb21f51216c63b5f24d0524b4278)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Grub tries to force the compilation in softfp mode for some known target
CPU. That is because it doesn't use floats or doubles and there are
known limitations of using a configuration with hardfp. There are though
target CPUs that grub won't know how to configure failing with something
similar to:
| checking for options to get soft-float... no
| configure: error: could not force soft-float
This change relaxes a bit the COMPATIBLE_HOST restriction to only apply
for hardfp configuration even for arm7ve/a.
(From OE-Core rev: 75dbdea94057b6977a20fb738c00c226ca694243)
Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport CVE patches from upstream to fix:
CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
Backport the following 5 patches to make CVE patches be applied smoothly.
video-Remove-trailing-whitespaces.patch
video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch
video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch
(From OE-Core rev: db43401a3a4c201f02f4128fa4bac8ce993bfec0)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Include all available modules If 'all' is present in GRUB_BUILDIN variable.
To achieve this we need to search for all .mod files in ${B}/grub-core/ and
pass them to grub-mkimage command.
Also, add the verbose option to grub-mkimage.
(From OE-Core rev: ed1bf9aa0af8c12905cf8332bbbb212ab158fe3c)
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
'xen-boot' module is available only for aarch64.
(From OE-Core rev: bfabc6d4f8742cc1fdeb49c180b0f78faf5739a2)
Signed-off-by: Kamil Dziezyk <kamil.dziezyk@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
(From OE-Core rev: 93ac180d8c389f16964bce8bd5538d9389e970e6)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The CVE only applies to RHEL.
(From OE-Core rev: 8cfc3ebe50facb7e34e778f3e264b26cfae20a04)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We're using a pre-release version of 2.06 so these issues are fixed but
continue to show up in the checks since it is pre-2.06 and the CPE
entries are "before but excluding 2.06".
Adding these will clean up CVE reports until the 2.06 release comes out.
(From OE-Core rev: 2467ab1554bee3a431636046735e8e369e865bc6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Marko
Khem Raj
Alexander Kanavin
Richard Purdie
Simone Weiß
Ross Burton
Anuj Mittal
Ming Liu
Xiangyu Chen
Andrej Valek
Alexander Kanavin
Kai Kang
Xiangyu Chen
Mingli Yu
Andrei Gherzan
Yongxin Liu
Ross Burton
Diego Sueiro
Kamil Dziezyk
Michael Opdenacker