Below commits on glibc-2.40 stable branch are updated.
7073164add libio: Attempt wide backup free only for non-legacy code
adfb14e71f debug: Fix read error handling in pcprofiledump
f4a9b6e97b elf: Fix tst-dlopen-tlsreinit1.out test dependency
f496b750f1 elf: Avoid re-initializing already allocated TLS in dlopen (bug 31717)
b7edcfa0f4 elf: Clarify and invert second argument of _dl_allocate_tls_init
3414b17e9d nptl: Use <support/check.h> facilities in tst-setuid3
3b3350d7ba posix: Use <support/check.h> facilities in tst-truncate and tst-truncate64
e24902f409 ungetc: Fix backup buffer leak on program exit [BZ #27821]
dac7a0694b ungetc: Fix uninitialized read when putting into unused streams [BZ #27821]
2f749d2b15 Make tst-ungetc use libsupport
27fb563bfe stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650]
bc240ba7c8 support: Add FAIL test failure helper
709319f9de string: strerror, strsignal cannot use buffer after dlmopen (bug 32026)
586e4cd8c6 Define __libc_initial for the static libc
c0af0c2ba0 x86: Fix bug in strchrnul-evex512 [BZ #32078]
898f25e0b1 x32/cet: Support shadow stack during startup for Linux 6.10
e3556937c2 x86-64: Remove sysdeps/x86_64/x32/dl-machine.h
39ee60a719 support: Add options list terminator to the test driver
5641780762 manual/stdio: Further clarify putc, putwc, getc, and getwc
6a97e2ba14 Fix name space violation in fortify wrappers (bug 32052)
aa533d58ff x86: Tunables may incorrectly set Prefer_PMINUB_for_stringop (bug 32047)
928769737c resolv: Fix tst-resolv-short-response for older GCC (bug 32042)
ca53bc68ab Add mremap tests
2eb2d78ca7 mremap: Update manual entry
3433a35842 linux: Update the mremap C implementation [BZ #31968]
46f19b2342 Enhanced test coverage for strncmp, wcsncmp
509166c9a5 Enhance test coverage for strnlen, wcsnlen
132a72f93c manual: make setrlimit() description less ambiguous
65fbcfe589 manual/stdio: Clarify putc and putwc
5d2a931a81 malloc: add multi-threaded tests for aligned_alloc/calloc/malloc
2aebac5e15 malloc: avoid global locks in tst-aligned_alloc-lib.c
145b588637 Fix version number in NEWS file
b6aeba2de1 manual: Do not mention STATIC_TLS in dynamic linker hardening recommendations
ef14142663 resolv: Do not wait for non-existing second DNS response after error (bug 30081)
8bbb8d7b16 resolv: Allow short error responses to match any query (bug 31890)
(From OE-Core rev: 08d6477a47ff7819af2c24693c5dfbd0c59ac2ff)
Signed-off-by: Deepthi Hemraj <Deepthi.Hemraj@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 5335a7b2852ce891a98eda18d59fc32e60f1c722)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
NVD CVE report [1] links Ubuntu bug [2] which has a very good
description/discussion about this issue.
It applies only to distros patching wpa-supplicant to allow non-root
users (e.g. via netdev group) to load modules.
This is not the case of Yocto.
Quote:
So upstream isn't vulnerable as they only expose the dbus interface to
root. Downstreams like Ubuntu and Chromium added a patch that grants
access to the netdev group. The patch is the problem, not the upstream
code IMHO.
There is also a commit [3] associated with this CVE, however that only
provides build-time configuration to limit paths which can be accessed
but it acts only as a mitigation for distros which allow non-root users
to load crafted modules.
The patch is included in version 2.11, however NVD has this CVE
version-less, so explicit ignore is necessary.
[1] https://nvd.nist.gov/vuln/detail/CVE-2024-5290
[2] https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613
[3] https://w1.fi/cgit/hostap/commit/?id=c84388ee4c66bcd310db57489eac4a75fc600747
(From OE-Core rev: 617cf25b0f49b732f961f1fa4d1390e8e883f12b)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6cb794d44a8624784ec0f76dca764616d81ffbf5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Finalize the release note for the 5.1 release (styhead).
Add enhancements, changes, removals, license changes, and migration
notes for this release by going over the git commit log of
openembedded-core, bitbake and meta-yocto.
(From yocto-docs rev: 65618b0588053d2c4325d995482957b660f5e104)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
update for these changes:
- license
- recipe enable for ptests
- new class, recipe and variable.
- PACKAGECONFIG
- some utility script, class and include file.
- bitbake.
- qemu/runqemu.
- Contributors.
removed wic as no significant change or improvement.
Antonin Godard: amend and fix some typos.
(From yocto-docs rev: afbcc16cd5244d8bb6bb79796aa064156f99e3d3)
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
New sanity check to check for PEP517-backend compliance.
(From yocto-docs rev: 24e5bbeefe989e22ecdf5e86f48432e437330cc2)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These are not distinct anymore and check for any patches in any layer.
(From yocto-docs rev: 300c585909743754e0e6662d48d43834c031b835)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
No longer required as TMPDIR can be shared for multiple lib providers
nowadays.
(From yocto-docs rev: 6690c0aee9e7f0dcc63ccbe19657b78963240610)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This variable can be used to specify one or more compiled device tree or
device tree overlays to use in addition to the one compiled by the
kernel.
(From yocto-docs rev: 6566ffceab3780dc5ecbfe26f786ebe6ff17e693)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
New variables that control the output of the image task manifests.
(From yocto-docs rev: e46af38733ae581c4aa180efc226d8a34ea4e590)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This variable lists space-separated paths on the target to retrieve onto
the host, when inheriting testimage.
(From yocto-docs rev: 2537642d2cdf844dc5f6027fb3097aac52162c1f)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removed as it was only used by ncurses and zlib and adding minimal
added-value for a considerable amount of added runtime.
(From yocto-docs rev: c35688a0f4cb115c63387cc15fd15ec57cb386fb)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Document the new `retain` class with its configuration variables in the
variable index.
(From yocto-docs rev: b62f1be5dada0fb760ff7e0806b16225f7261560)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a brief description on the new vex.bbclass that is used to generate
metadata needed by external tools to check for vulnerabilities.
(From yocto-docs rev: 32cf3414f5ed127f59119e38639bc8dbd57b7891)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Variables that can be used for toggling creation of manifest and
specifying the path to the output in the deploy directory.
(From yocto-docs rev: 14131a42a7ea8bbae2165c1b8dbcabd5f28b2b22)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The pipes module is removed in python 3.13. It was already using the
quote function from shlex so use that directly instead.
The module already imports shlex too so it is an easy substitution.
(Bitbake rev: 9ef4f2a30127455562e38e869793a723eed6c07c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When copying files as part of the unpack we currently use cp -p, which
is a shortcut for --preserve=mode,ownership,timestamps.
We do want to preserve timestamps, because some fetchers set these
explicitly.
We don't care about ownership. If the files are owned by us then they
ill remain owned by us, and if they're not then the attempt to change
ownership will be silently ignored. In a shared DL_DIR where files have
group ownership this group access isn't relevant in the single-user build
tree.
We do want to preserve executable bits in the mode, but cp always does
this. The difference between --preserve=mode and no --preserve is that
the mode isn't preserved exactly (no sticky bits, no suid, umask is
applied) but this also isn't a relevant difference in a build tree.
Also expand the arguments to be clearer about what options are being
passed.
The impetus for this is that coreutils 9.4 includes a change in gnulib[1]
and will now try to preserve permission-based xattrs if asked to preserve
the mode. This can result in cp failing when copying a file from a
NFSv4 server with ACLs stored in xattrs to a non-NFS directory where
those xattrs cannot be written:
cp: preserving permissions for ‘./jquery-3.7.1.js’: Operation not supported
The error comes from the kernel refusing to write a system.nfs4_acl
xattr to a file on ext4.
This situation doesn't appear on all systems with coreutils 9.4, at the
time of writing it fails on Ubuntu 24.04 onwards but not Fedora 40. This
is because /etc/xattr.conf is used to determine which xattrs describe
permissions, and Fedora 40 has removed the NFSv4 attributes[2].
Also, use long-form options to make the cp command clearer.
[1] https://github.com/coreutils/gnulib/commit/eb6a8a4dfb
[2] https://src.fedoraproject.org/rpms/attr/blob/rawhide/f/0003-attr-2.4.48-xattr-conf-nfs4-acls.patch
[ YOCTO #15596 ]
(Bitbake rev: 2f35dac0c821ab231459922ed98e1b2cc599ca9a)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add test cases for a module path consisting of only a hostname and add
checksum verification of the unpacked go.mod files.
(Bitbake rev: 9380859b59923dee17469348f472a22e11be1779)
Signed-off-by: Christian Lindeberg <christian.lindeberg@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Also update sanity tested distros to list distros on the typhoon and
valkyrie clusters which are known to work.
(From meta-yocto rev: d2ff1a0780456681ca0747cdf7aa79d6002cf70a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update to the 5.0.3 release of the 5.0 series for buildtools.
(From OE-Core rev: c922ca720a0c3b7b4d3d3187539e7cf77d93d457)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add styhead. Also fix a typo in the usage instructions.
(Bitbake rev: d3c84198771b7f79aa84dc73061d8ca071fe18f3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When calculating the module name for a gomod URI with only a hostname,
e.g.:
gomod://go.opencensus.io;version=v0.24.0;sha256sum=203a767d7f8e7c1ebe5588220ad168d1e15b14ae70a636de7ca9a4a88a7e0d0c
the non-existing path would actually be treated as "/", which resulted
in a trailing slash being added to the module name preventing the unpack
method from correctly locating the go.mod file.
(Bitbake rev: f0e02e1de4d649e647e4ab61341042dd38d0eeb0)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When using Arm binary toolchain, version 2.11 of wpa-supplicant is
failing to compile with the following error:
| ../src/drivers/driver_macsec_linux.c:81:29: error: field ‘offload’ has incomplete type
| 81 | enum macsec_offload offload;
| |
Backport a recent patch that corrects the issue by adding a check for
the version of kernel headers being used in compilation and disabling
that enum if too old a version is being used (or is used by the
binary toolchain).
(From OE-Core rev: 373d8d4f5316416d70eb2c0733d9838e57419ac3)
Signed-off-by: Jon Mason <jdmason@kudzu.us>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make ImageQAFailed inherit BBHandledException so exceptions raised in tests are
catched when the actual test function is executed by bb.utils.better_exec.
Change the do_image_qa tasks so errors are handled with oe.qa.handle_error. Add
some comment to explain this requires to list the test in ERROR_QA or WARN_QA.
[YOCTO #14807]
https://bugzilla.yoctoproject.org/show_bug.cgi?id=14807
(From OE-Core rev: 905e224849fbbed1719e0add231b00e2d570b3b4)
Signed-off-by: Louis Rannou <louis.rannou@non.se.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In oe-core ebcd355 TCLIBCAPPEND (a string that is appended to TMPDIR) was
removed entirely. Warn if this is being set by the distro as it will no
longer have any effect.
(From OE-Core rev: 992ba784c168710328749fd61a0e2869df519dea)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add the firmware package for the TI CC33xx firmware.
The TI CC33xx family are combo WLAN and BLE devices
supporting 802.11ax and BLE 5.4.
(From OE-Core rev: b618504e496a5df84cfc8d6b90ba295f8f0497e4)
Signed-off-by: Sabeeh Khan <sabeeh-khan@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The libsamplerate option was floating and being enabled on some systems
and not others. Fix this to be deterministic.
(From OE-Core rev: 61455a839e568a3ae7e059ea95c02a1c88d39e1a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is no longer needed/supported. That solves the FIXME I guess!
(From meta-yocto rev: 9ea01f67bb15c78cd7ba0efe1dfc8861f21f9825)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If user namespaces are not available (typically because AppArmor is
blocking them), alert the user.
We consider network isolation sufficiently important that this is a fatal
error, and the user will need to configure AppArmor to allow bitbake to
create a user namespace.
[ YOCTO #15592 ]
(From OE-Core rev: b6af956fe6e876957a49d4abf425e8c789bf0459)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Integrating the following commit(s) to linux-yocto/.:
1/2 [
Author: Ross Burton
Email: ross.burton@arm.com
Subject: features/security: fix Meltdown/Spectre configurations
Date: Thu, 12 Sep 2024 16:42:50 +0100
These are both specific to x86 so move them into the x86 file, and were
renamed to have a MITIGATION_ prefix in 6.9.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
2/2 [
Author: Ross Burton
Email: ross.burton@arm.com
Subject: bsp/genericarm64: update for 6.10 kconfig symbol renames
Date: Thu, 12 Sep 2024 16:42:51 +0100
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]
(From OE-Core rev: dcf2879bb3ac663509743c760042e93cbc5d447e)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Method is_file() was wrongly called as isfile()
(From OE-Core rev: 356c52a45db139bf1fdfcf5b6e0903ece7d1dd46)
Signed-off-by: Daniil Batalov <dbatalov@deltard.ru>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Deepthi Hemraj
Shunsuke Tokumoto
Peter Marko
Antonin Godard
Lee Chee Yang
Yoann Congal
Richard Purdie
Ross Burton
Christian Lindeberg
Mathieu Dubois-Briand
Jörg Sommer
Peter Kjellerstedt
Jon Mason
Guðni Már Gilbert
Louis Rannou
Sabeeh Khan
Khem Raj
Martin Jansa
Divya Chellam
Bruce Ashfield
Daniil Batalov