This actually are just 2 patches on top of what we have thus far
* 7a43f6fe release 1.2.3
* 01b14242 accept null pointer as message argument to gettext functions
(From OE-Core rev: bb0d9815a8e47b28836ab0eb13ebe236d745b253)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When systemd is used inside an initramfs, it uses the presence of
`/etc/initrd-release` to detect when the system is in the initrd phase.
Otherwise `/etc/initrd-release` has the same format as
`/etc/os-release`.
Add `os-release-initrd` package to provide `/etc/initrd-release` as a
symlink to the os-release file. To avoid adding this file to the
`os-release` package, explicitly only add `/etc/os-release` to the
`os-release` package.
(From OE-Core rev: 6311fb6f412ef923cc0b34a821e875990fc043f5)
Signed-off-by: Claudius Heine <ch@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As with the kmod version of depmod, exclude .debug from being
searched. Since busybox does not use the depmod.d and any
configuration file option is ignored we just hardcode it.
(From OE-Core rev: c082752c06d5723433886cbf7ce2d88a51fb64f1)
Signed-off-by: Saul Wold <saul.wold@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
BitBake can optionally 'import yaml' if BB_LOGCONFIG specifies a yaml
file. This is a 3rd party module, so that this works out of the box
when buildtools is used -- either explicitly via buildtools-tarball or
implicitly via eSDK -- we can add pyyaml to the buildtools.
(From OE-Core rev: 6be90f884bb3fc87d9aa21cb882a835d6bc583a9)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use the new MOUNT_COPYBIND_AVOID_OVERLAYFS flag provided by mount-copybind.
When SELinux is enabled, processes accessing OverlayFS mounts will get a denial
if the process setting up the mount doesn't have all the permissions that
the accessor has.
(From OE-Core rev: 6002bdc77643c363a8326bf163baecba8b36e3e0)
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The system-pcre PACKAGECONFIG was removed in commit e359ee75 (glib-2.0:
update 2.68.4 -> 2.70.0), but a comment was left behind.
(From OE-Core rev: a08655f3d97d947fb29c4b669790f68d661aae96)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
$ shellcheck meta/recipes-core/volatile-binds/files/mount-copybind
In meta/recipes-core/volatile-binds/files/mount-copybind line 54:
mountcontext=",rootcontext=$(matchpathcon -n $mountpoint)"
^---------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
mountcontext=",rootcontext=$(matchpathcon -n "$mountpoint")"
For more information:
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
(From OE-Core rev: 56c7962a6c31acfe0e118f713954aeafd7e2d9c0)
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- 0001-gio-tests-resources.c-comment-out-a-build-host-only-.patch:
dropped (integrated upstream)
News
====
* Bugs fixed:
- #2620 g_time_zone_new_offset() assertion failure if offset >= 25 hours
- #2538 Various unit test fixes
- #2542 fuzzing: Fix test failure with G_DISABLE_ASSERT
- #2547 gprintf: Fix a memory leak with an invalid format in g_vasprintf()
- #2548 tests: Various fixes to gdbus-auth, gdbus-non-socket, gdbus-connection-flush, spawn-multithreaded tests
- #2551 tests: More flaky test fixes to converter-stream and test-printf
- #2552 gtlsconnection: fix typo in docs
* Translation updates:
- Czech
- French
- Friulian
- Hebrew
- Hungarian
- Italian
- Kazakh
- Polish
- Romanian
- Serbian
- Swedish
(From OE-Core rev: bf088d1e9d13eca5b0fb1a4ab1cb689daaf1ff80)
Signed-off-by: Christian Eggers <ceggers@arri.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
brings following fixes
* 6d8a5157 fix invalid free of duplocale object when malloc has been replaced
* 760f5d7e fix __WORDSIZE on x32 sys/user.h
* bdb54540 sys/ptrace.h: add PTRACE_GET_RSEQ_CONFIGURATION from linux v5.13
* aa3bab6c sys/prctl.h: add PR_PAC_{SET,GET}_ENABLED_KEYS from linux v5.13
* a8300f5d elf.h: add NT_ARM_PAC_ENABLED_KEYS from linux v5.13
* dda21f10 netinet/in.h: add INADDR_DUMMY from linux v5.13
* ee05b11b bits/syscall.h: add landlock syscalls from linux v5.13
* 1ee8109e netinet/tcp.h: add tcp_zerocopy_receive fields from linux v5.12
* bc89c311 netinet/tcp.h: add TCP_NLA_* values up to linux v5.12
* 9ffd1454 s390x: add ptrace requests from linux v5.12
* f7d3db5b bits/syscall.h: add mount_setattr from linux v5.12
* e99c4258 signal.h: add new sa_flags from linux v5.11
* 993cccce signal.h: add SYS_USER_DISPATCH si_code value from linux v5.11
* 3dcbd896 signal.h: add si_code values for SIGSYS
* 30c8a145 netinet/tcp.h: add tcp zerocopy related changes from linux v5.11
* b54f481f netinet/if_ether.h: add ETH_P_CFM from linux v5.11
* c5ecaca7 sys/socket.h: add new SO_ socket options from linux v5.11
* f35b99b3 sys/prctl.h: add PR_SET_SYSCALL_USER_DISPATCH from linux v5.11
* b21f3ded bits/syscall.h: add epoll_pwait2 from linux v5.11
* 3aba2150 nice: return EPERM instead of EACCES
* 74a28a8a protect stack canary from leak via read-as-string by zeroing second byte
* 7c0c7a75 math: avoid runtime conversions of floating-point constants
(From OE-Core rev: 56c0629caebd7f22a09925333c2dc800901d7794)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The fix for the CVE in 2.9.13 caused a regression which
was addressed after 2.9.13. We import that patch here.
(From OE-Core rev: f7fd194feb4f7993518388160acd5199fcfc3b26)
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The following security and bug-fix patches are included as part of the 250.4
update:
c6603da3ad boot: Properly check status code of console_key_read
2198c08d07 core: really skip automatic restart when a JOB_STOP job is pending
367041af81 pid1: set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon
160eeab224 virt: Fix Xen Dom0 detection logic to no longer report as VM
514a4c051c network: bridge: fix endian of vlan protocol
4dbc210124 resolve: fix possible memleak
d82bd80cf4 resolve: fix potential memleak and use-after-free
dcba78244e util: another set of CVE-2021-4034 assert()s
74dfb51f70 sd-dhcp6-client: fix sending prefix delegation request during rebind
df59c65a23 mkdir: allow to create directory whose path contains symlink
ae95ca27be sd-dhcp-lease: fix memleak
2b04d3b3fc sd-dhcp-lease: fix reading unaligned memory
1ef56ad928 network: xfrm: refuse zero interface ID
7dc0f80588 sd-dhcp-lease: fix a memory leak in dhcp_lease_parse_search_domains
426807c54b sd-dhcp-lease: fix an infinite loop found by the fuzzer
0456e3aaaa oomd: fix race with path unavailability when killing cgroups
As the following two patches:
0001-mkdir-allow-to-create-directory-whose-path-contains-.patch
0001-src-fundamental-list-fundamental_source_paths-using-.patch
have been merged in 250.4 or replaced, remove them.
(From OE-Core rev: ccf7b8948f0c02e28e8a0151c48bf169d3fc36c8)
Signed-off-by: Richard Neill <richard.neill@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
module.patch
musl-decls-compat.patch
removed since they're included in 2.0.1
Changelog:
==========
- Allow reading/writing from cgroup.* files in cgroup v2
- Add support for cgroup v2's cgroup.threads file
- Fix issue where libcgroup/pam wasn't working properly when
cgrulesengd is disabled
- Fix a bug where the cgroup version wasn't initialized in a
named cgroup v1 hierarchy
- Various automake bug fixes
- Build PAM module as unversioned DSO
- Fix build issues with musl libc
- Fix potential TOCTOU race in cgroup_get_procs()
(From OE-Core rev: 36d43237192aed532b37a52784fb91da64f54c1a)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It fails currently with binutils 2.38
powerpc-yoe-linux-musl-ld: read-only segment has dynamic relocations
(From OE-Core rev: 6a8c1e04e2bf37fa4128b1742ef4184380e3321d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The reason it was separate is that there is a peculiar circular
dependency: dbus tests require glib, while some of glib's gdbus tests
require dbus. So dbus was built with tests disabled and without glib
dependency, then glib was built with dbus dependency, then dbus was
built again with glib dependency and tests enabled, only for the purpose
of installing those tests. I find that brittle and hacky, so this
removes dbus dependecy from glib (the fallout is that some gdbus tests
are no longer being executed), and dbus and its tests are built once,
after glib. Conversely, dbus is now dependent on glib for the purpose
of building the tests.
Also, dbus ptest installation is no longer using custom code, and dbus
run-ptest simply uses standard installed tests execution mechanism from
gnome.
(From OE-Core rev: cfecef4e6925865961858d0fe5ffc7794c71cd3b)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- new version includes fix for CVE-2022-23308
- drop patche which was upstream
- refresh patch
(From OE-Core rev: d687f1ac2017a1cc94ac4733cd46755d5aabd120)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The project has migrated from www.xmlsoft.org to gitlab.gnome.org.
Update the homepage accordingly, and use gnomebase to construct the
download URL, rather than including it in SRC_URI explicitly.
Note that the download is now in .xz format rather than .gz, so the
sha256sum is updated accordingly. Post-decompression tarballs are
identical, so there is no change to the libxml2 code.
(From OE-Core rev: 8bc17ceb997f8f31a03e5f5efc41c03ef1df3add)
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We need to set nobranch=1 as the 0.6.4 tag isn't on any branches at
present.
(From OE-Core rev: 5637ebe76885c21c2c3f975b4f412b02f9e02456)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The statx requires glibc >= 2.28 and linux kernel >= 4.11, but coreutils's
configure only checks glibc compatibility for statx syscall but fail to check
kernel support, e.g.:
RedHat Enterprise Linux Server 7.6 (Maipo)
Host kernel: 3.10.0-1127.8.2.el7.x86_64
Docker OS: Ubuntu 20.04.1 LTS
$ bitbake coreutils-native
find the binary ls and run it as "ls -l ."
The result is something like: "?????????. ? ? ? ? ? foo"
This is because glibc is 2.31 (Ubunut 20.04 in docker) which has statx,
but host's kernel is 3.10.0 (CentOS 7) which doesn't support statx.
Disable statx for native build to fix the problem.
Original from: Davi Poyastro <davi.poyastro@nokia.com>
(From OE-Core rev: 6c120d8856fab044e7b8e09d6de91c2b228a2dd9)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-Fix-VLA-parameter-warning.patch
removed since it's included in 202202
Changelog:
=========
OvmfPkg Add new target for Cloud Hypervisor
Add TDVF to OvmfPkg
Add new APIs to UefiCpuPkg/UefiCpuLib
Add AMD Secure Nested Paging Support
Add SSDT PCI generator in DynamicTablesPkg
Support ACPI 6.4 PPTT changes
Add FdtHwInfoParser library
Add DynamicPlatRepo library
Make package and platform builds reproducible across source format changes
Add Uncrustify CI Plugin
Apply uncrustify changes to all package C and H files
(From OE-Core rev: 5e280a4d6bf67c3b7d26c444bc52f25e63ae57a4)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
Fix issue with multiple offers from the same DHCP server.
Fix issue with Base64 decoding and bytes consumed validation.
(From OE-Core rev: 790f45993ac9c10ee547e4d9ae3dd0bfa96aa469)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In commit ceda3238 (meta/meta-selftest/meta-skeleton: Update LICENSE
variable to use SPDX license identifiers) all LICENSE variables were
updated to only use SPDX license identifiers.
This does the same for comments and other variables where it is
appropriate to use the official SPDX license identifiers. There are
still references to, e.g., "GPLv3", but they are then typically in
descriptive text where they refer to the license in a generic sense.
(From OE-Core rev: 165759dced7fbe73b1db2ede67047896071dc6d0)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When installed, this module mounts a read-write (RW) overlay on
top of a root filesystem, which is kept read-only (RO), free
from modifications by the user, this might prove to be useful
if we want to access or restore the original unmodified rootfs.
The existing overlay-etc.bbclass does something similar, it
mounts an overlay on top of the /etc directory, however doing
the same for root causes the original root to be inaccessible
once the system is booted, hence why this module is added to
the initramfs boot flow, allowing us to mount the RW overlay,
while keeping the original rootfs mounted at /rofs once the
system finishes booting. This script is loosely based on that
class.
This module requires rootrw=<foo> to be passed as a kernel
parameter to specify the device/partition to be used as RW by the
overlay and has a dependency on overlayfs support being present
in the running kernel.
It does not require the read-only IMAGE_FEATURE to be enabled.
The module needs to be executed after the initramfs-module-rootfs
since it relies on it to mount the filesystem at initramfs startup
but before the finish module which normally switches root.
After overlayroot is executed the usual boot flow continues from
the real init process.
If something goes wrong while running this module, the rootfs
is still mounted RO (with no overlay) and the finish module is
executed to continue booting normally.
Its worth noting that, on purpose, this isnt installed by default
on any images that use initramfs-framework to keep the boot flow
unmodified, only when a user manually requests to install it,
then it becomes functional.
(From OE-Core rev: 4f876982a856c54a8074c85346632e33caa7ef53)
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alhe@linux.microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
brings in these fixes
* f8bdc304 fix spurious failures by fgetws when buffer ends with partial character
* 5690668a add missing strerror text for key management
* 3b7b4155 fix out-of-bound read processing time zone data with distant-past dates
* 75b3412f fix potentially wrong-sign zero in cproj functions at infinity
* 52f0deb9 make fseek detect and produce an error for invalid whence arguments
* cbacd638 add SEEK_DATA and SEEK_HOLE to unistd.h
(From OE-Core rev: 6c76063019f9aab5c249750e526bae9031829efe)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Move the systemd shared library (libsystemd-shared.so) into its own
package to prevent a runtime dependency from udev package to systemd
package and thereby to a second init manager.
(From OE-Core rev: d1473149816674e3a3aa3f565e8b6390d2d0f1a6)
Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
* use fakechroot instead of unsharing the mount namespace and mounting tmpfs
* deb-systemd-invoke: systemctl --machine @<UID> is now available in
v249.10. Adjust the version check accordingly
* Skip build-time tests if DEB_BUILD_OPTIONS=nocheck is set
* Fix typos found by Lintian
* Set Rules-Requires-Root: no
(From OE-Core rev: 5ee6558c4364d49a0e003648ac49f58f1fb41765)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Three CVEs were meant to be ignored via CVE_WHITELIST, but that wasn't
the correct variable name.
The CPEs for those CVEs mean that they don't get picked up in our report,
so just remove the assignment.
(From OE-Core rev: dea00faf30ec7c19b6b5ed4651b430ba3faf69ff)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes:
Error: Transaction test error:
file /usr/include/bits/dl_find_object.h conflicts between attempted installs of lib32-libc6-dev-2.35-r0.armv7vet2hf_vfp and libc6-dev-2.35-r0.cortexa57
file /usr/include/bits/rseq.h conflicts between attempted installs of lib32-libc6-dev-2.35-r0.armv7vet2hf_vfp and libc6-dev-2.35-r0.cortexa57
file /usr/include/bits/timesize.h conflicts between attempted installs of lib32-libc6-dev-2.35-r0.armv7vet2hf_vfp and libc6-dev-2.35-r0.cortexa57
(From OE-Core rev: 0982c2bc19f4cacd72fd43f93c6a0a4d45a75c6a)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make sure this header file is same in arm and aarch64.
Fix the conflict error when enable multilib:
Error: Transaction test error:
file /usr/include/bits/wordsize.h conflicts between attempted installs of lib32-libc6-dev-2.35-r0.armv7vet2hf_vfp and libc6-dev-2.35-r0.cortexa57
(From OE-Core rev: 402ba8367f5316fd8d25a536ebd12bc0bcdfa400)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After the change to bitbake, update the references in OE-Core to match the updates.
(From OE-Core rev: 193affb9f28b0116c3fd619834f145326fee08c5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a security fix release containing fixes for CVE-2022-25235, CVE-2022-25236,
CVE-2022-25313, CVE-2022-25314 and CVE-2022-25315.
(From OE-Core rev: b71344dacb71cfc452b335a6f2fb9cb74e2e1ff8)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj
Richard Purdie
Claudius Heine
Saul Wold
Ross Burton
Luca Boccassi
wangmy
Peter Kjellerstedt
Luca Boccassi
Christian Eggers
Joe Slater
Richard Neill
Alexander Kanavin
Ralph Siemsen
Robert Yang
Alejandro Hernandez Samaniego
Stefan Herbrechtsmeier
Yi Zhao
Martin Jansa