This release includes security fixes. Please check the topics below for details.
CVE-2022-28738: Double free in Regexp compilation
CVE-2022-28739: Buffer overrun in String-to-Float conversion
(From OE-Core rev: 025bac703bc9682c67ded480226e6125226d5372)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 402254a5f841520b132508c21465111d33b6eb1a)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0.52.23
- fix automatic height of menu/list in whiptail (broken in 0.52.22)
- fix automatic width of whiptail --yesno box
- fix automatic width in whiptail with unicode characters
- fix automatic width with whiptail --noitem and --notags options
- fix spacing with longer tags in whiptail
- avoid overlapping backtitle in whiptail with automatic height
0.52.22
- fix crash in whiptail with new libpopt
- switch from usleep to nanosleep (Rosen Penev)
- fix libnewt.pc to enable static linking (Alexey Sheplyakov)
- fix LDFLAGS order in snack linking (Sam James)
- use CFLAGS when compiling snack
- improve configure.ac (Thomas Kuehne)
- install header and libnewt.pc with shared library (Michael Olbrich)
(From OE-Core rev: ba10c1e4ebcd2ac517fd472dee84833815b73f9d)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ff12622451f1f8580f928c6771cd82daa632071c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* Changed the error handler of oversized chunks (i.e. larger than
PNG_USER_CHUNK_MALLOC_MAX) from png_chunk_error to png_benign_error.
* Fixed a buffer overflow error in contrib/tools/pngfix.
* Fixed a memory leak (CVE-2019-6129) in contrib/tools/pngcp.
* Disabled the ARM Neon optimizations by default in the CMake file,
following the default behavior of the configure script.
* Allowed configure.ac to work with the trunk version of autoconf.
* Removed the support for "install" targets from the legacy makefiles;
removed the obsolete makefile.cegcc.
* Cleaned up the code and updated the internal documentation.
(From OE-Core rev: 53f517d6dd71cf01c828c956b37456dedbd95809)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 19799cb50a00561b318cba1c8c20737f20e4a47f)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Opkg 0.6.1 Changes:
- Opkg will no longer complain when trying to clean up the temporary
directory, if the directory does not exist.
- Fixed a SEGFAULT when parsing package indexes with invalid `Size` or
`Installed-Size` fields. These indexes will now produce a
comprehensible error.
- Fixed an inconsistecy in .list generation where files would sometimes
be entered with/without a trailing slash. The trailng slash should now
always be removed.
- Fixed [a bug](https://bugzilla.yoctoproject.org/show_bug.cgi?id=10461)
in package removal, where empty common directories would be left on
disk, even after all owning packages were removed.
(From OE-Core rev: e5915dec64272ad35bd406071c92dc0d4bba2071)
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 037ff235fa8e369c0eac9f84cb82c9eaffba85f3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream went with something slightly different so let's update the
patch so we don't have to carry a patch that isn't going to be merged.
This patch is part of snapshot 1.17.6.
Cc: Quentin Schulz <foss+yocto@0leil.net>
(From OE-Core rev: 12fb14eb6fbd7c284e081bc177bdba4153aeab86)
Signed-off-by: Quentin Schulz <quentin.schulz@theobroma-systems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 19eb1e388fbbe5bfb8462710c745f2bb5446b5b5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit 0361ecf7eb82c386a9842cf1f3cb706c0a112e77 introduced regression
in submodules path parsing. As the result gitsm fetcher fails on each
submodule which name begins from the name of the parent repo which is
totally valid usecase [Yocto #14045] [1]
Fix the code to error out only if submodule's name is equal to parent
name but not if it's part of it.
[1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=14045#c4
(Bitbake rev: f0f166aee766b4bb1f8cf8b35dfc7d406c75e6a4)
Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3ad27272c18f2bb9edd441f840167a3dabd5407b)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For unknown reasons we've never seemingly run the check layer script
against OE-Core itself. This isn't entirely straightforward as the core
layer is a bit of a special case, we can't for example compare signatures
against ourselve and we can't remove core from bblayers.conf.
Core does have distro, machine and software components too, in the case
of distro, our fallback default settings. Whilst the qemu machines could
be split into a seperate layer directory, core wouldn't then parse at all
standalone due to the lack of any machine so it seems a bit pointless to
do that.
These changes tweak the script to handle core's special cases, specifically
to allow distro and machine directories and to account for the README placed
a directory level higher than other layers.
(From OE-Core rev: 4efc5ec83bc97e5731284ef3879f89fda4b8ef0b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ba312ed228507d05f280aeb96819d671b01400b8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When starting to use combo-layer, or if someone else is using it too,
the local last_revision may be incorrect.
This command will forcibly update the last_revision config values to the
latest SHA on the remote branch that is tracked.
(From OE-Core rev: 8c681c9e56065fac26088b4d2c7f22c09088a9b5)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2bb5d12ecd1b0273983f7c05699f34dd64b11c25)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bitbake may not be configured, and bb isn't imported anyway.
Instead just use os.rename(), and take the filename from the file object
instead of duplicating logic.
(From OE-Core rev: acc824693463a06c77951ce913dbd356e48f711e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 528f4fb3683d048537604e4562ea758968060d62)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: ae6c752a7056b956e83a6ff1c351bdaa1c53a7fd)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ebfab6c3034d41252d19c6e1a0ba79072aa51146)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 3cdcd2ce80daaa4a49471e483bd7863803fa6388)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7b9728e5b8bdf1193c1304ec3beeca4b5bf8d2da)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit 0533edac27 broke
bitbake parsing when bitbake is executed from directory with existing .gitmodules
and the recipe in externalsrc does not have .gitmodules
The check needs to search for .gitmodules in sources path, not cwd.
iParsing recipes...ERROR: ExpansionError during parsing <path to recipe>
...
bb.data_smart.ExpansionError: Failure expanding variable do_compile[file-checksums], expression was ${@srctree_hash_files(d)} which triggered exception CalledProcessError: Command '['git', 'config', '--file', '.gitmodules', '--get-regexp', 'path']' returned non-zero exit status 1.
(From OE-Core rev: 61153027d56b420303868b5d3be9c5b82920f687)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 66ff3d1f65cd2e7f5319e98fa41f47a59b714c72)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The /proc/pressure support in buildstats is creating directories in the
buildstats tree called reduced_proc_pressure, which confuses the parsing
logic as that cannot be parsed as a name-epoc-version-revision tuple.
Explicitly skip this directory to solve the problem.
(From OE-Core rev: a764aa876342724fc3520a3e97389c8678f18681)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 24f0331f0b7e51161b1fa43d4592b491d2037fe9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, allyesconfig test runs for x86_64 fail with:
ERROR: linux-yocto-5.19.17+gitAUTOINC+0cba9aa404_aaf4490d18-r0 do_package:
QA Issue: linux-yocto: Files/directories were installed but not shipped in any
package:
/lib/modules/5.19.17/kernel/drivers/nvdimm
With CONFIG_NVDIMM_TEST_BUILD=m, an empty nvdimm directory is created during
modules_install, which triggers the QA issue.
Extend kernel_do_install() to also remove inner empty directories that might
get created by modules_install.
(From OE-Core rev: 141a42ba690dc56fb9b52f06d09ed3cef3fe4748)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7120b09a33af4c9a18063c0f2e51fb598697e39c)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For now, if we use rm_work and `bitbake core-image-minimal', some
recipes' WORKDIRs are not cleaned up, e.g., makedevs-native.
Adjust the dependency to make do_rm_work_all depend on do_rm_work
to solve this problem.
Below are the detailed explanation of why this would work.
Without this patch, the dependency chain is like:
[other deps] -> [do_rm_work] -+-> [do_build]
|
[do_rm_work_all] -------------+
With this patch, the depedency chain is like:
[other deps] -> [do_rm_work] -> [do_rm_work_all] -> [do_build]
Such dependency chain adjustment fixes the issue because do_rm_work_all
now depends on [other deps] and thus the [depends] of these [other deps].
Take core-image-minimal as an example. Before this adjustment,
do_rm_work_all does not have any relationship with do_rootfs, and we have
do_rootfs[depends] += "makedevs-native:do_populate_sysroot ..."
This essentially prevents 'recrdeptask' setting of do_rm_work_all extend
to makedevs-native. With this patch, the do_rm_work_all now depends
on do_rm_work which in turn depends on do_rootfs, and so do_rm_work_all's
recrdeptask could have effect on makedevs-native.
With this patch, all built recipes WORKDIR will be cleaned up with
a few expected exceptions such as kernel and qemu-helper-native.
(From OE-Core rev: 298a74b9d8c1643e7a9b69c64dcad928520680d2)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b25cc45c9b39f79ba0a03c4556cb2e2431677b4e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the host has libpng, because of the way we handle the GL dependency in qemu,
it can cause determinism issues. Add a specific PACKAGECONFIG entry for libpng
to avoid this (and the associated autobuilder/uninative glibc symbol mismatch
failures).
(From OE-Core rev: 6e28ce40fcec1beed2b6662fd131fe66118b7b98)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 34afdd0bf5e2810d440bcd378ba1023159c2b2d0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some distributions (NI LinuxRT) provide both busybox-lsof and
full-featured lsof implementations. When users install the full-featured
lsof package, the full-binary fails to replace the bbox-binary in PATH,
because `lsof` contains no update-alternatives logic.
Inherit the update-alternatives bbclass and assert that the
full-featured lsof package has higher priority than the busybox
implementation.
Co-Authored-By: Kyle Roeschley <kyle.roeschley@ni.com>
(From OE-Core rev: d2713d7b93401ffb2c6f9f61ad6928ef09aa8702)
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit e2893fa692a6e91eee09fc04c8c03fe27c718a58)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* The build error happens already at configure time:
| meson.build: ERROR: Problem encountered: DRI3 requested, but xshmfence not found
(From OE-Core rev: 93380be9278d975fa08b7dc516b7ebaee8208119)
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 451fe4a067432b432b9cd38d2fc78072f6ce5421)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bc is needed for compiling kernel modules, more specifially
whenr running `make scripts prepare'.
In linux-yocto.inc, we have bc-native in DEPENDS. But we will
need nativesdk-bc in case we compile a kernel module inside
SDK.
(From OE-Core rev: efecf978380e97f2eb9de6b14fa96ecf4b3f9cb2)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 95b5c89066baccb1e64bfba7d9a66feeeb086da9)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We've seen two different regressions in this API since it is used by
layer-index but not be the core code. Add a test for it to try and
ensure we don't break it again.
(From OE-Core rev: 82e2b21f4a91c03203178a4d927c7c7feb930785)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b07de5de43ec9c9a2c5d496a64940ccdc5b47cf8)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In current psplash framework, the psplash might not exist at all.
For example, in case DSITRO is set to nodistro, the psplash does
not exist.
In our psplash recipe, we have:
SPLASH_IMAGES = "file://psplash-poky-img.h;outsuffix=default"
This variable is parsed to if psplash-poky-img.h exists, a package
named psplash-default is created and is added to RDEPENDS:${PN}.
We can see that the psplash-poky-img.h resides in meta-poky,
and in psplash_git.bbappend file in meta-poky, we have:
FILESEXTRAPATHS:prepend:poky := "${THISDIR}/files:"
So this file is only available in case poky distro is used.
To fix this issue, add condition check in the corresponding systemd
services.
(From OE-Core rev: 91c69c875a2d22898f5d643ad416b7df69cb2f7b)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7a62ff9ed39c179d2b9b0c40f4f8423ced413063)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently TOOLCHAIN is strictly set to gcc in kernel-arch.bbclass.
And this prevents any TOOLCHAIN changes for any kernel recipe.
This change makes TOOLCHAIN configurable as usual.
(From OE-Core rev: c53d05e95ea3935e2736fbc8ba00786eded57747)
Signed-off-by: Alexey Smirnov <pyih.soft@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit be1634fc35dcc81f0301d942064a6eed584e0704)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The tests are packaged into the main glibc-tests package which is fine,
but then glibc-tests-ptest package needs to depend on that.
Which is what this commit addresses.
(From OE-Core rev: 6731e8ff3a0c036ebf3680bf86038e88d3450caa)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit d37c2d428b09b9d0cbb875f083c6a1e9883a7fed)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Based on a discussion on the mailing list [1], there are panic
errors that occur on a few platforms caused by the patch. We
cannot simply remove the original patch due to the
reproducibility issues that it addresses, so this patch on the
original patch fixes the cause of the panic errors.
The previous version of this patch was a little too aggressive
in cleaning up the environment. Some of the variables impacted
by the filerCompilerFlags() function require at least one value
to remain in the array. In this case, the values for ccExe,
cxxExe, and fcExe require a value or later code that access
them result in a panic related to accessing a value out of range.
This updated patch adds a flag that requires keeping the first
value so that at least one thing remains and the assignments
for the Exes set that flag to true. The first item in the
array should be the executable name, so leaving it should be
safe.
I have run the oe-selftest and everything passed in my setup.
There is a bug report [2] filed for the issue that this patch
addresses.
[YOCTO #14976]
[1] https://lists.openembedded.org/g/openembedded-core/topic/94022663
[2] https://bugzilla.yoctoproject.org/show_bug.cgi?id=14976
(From OE-Core rev: 8d436e2bc71618b13b7cd40e1e24ea8381045037)
Signed-off-by: Ryan Eatmon <reatmon@ti.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 9eaa3a813555dd016a65be63a258f9c0b548a115)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Adds argument parsing to the conversion script so that the fields that
the script uses to do conversions can be customized on the command line.
The intention is to allows easier customization without having to fork
the script, and allow automated checking on 3rd party layers via CI
without false positives
(From OE-Core rev: 3e3e787d5501911604b8e194ff99cc0c54f93045)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit b9551f9180bf9f13fb1c480b5b7892fdc831ffcd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add --disable-tests to EXTRA_OECONF as the tests are not usable in
ptest - they can only run in-situ - and fails to build when building
with -D_TIME_BITS=64 -D_FILE_OFFSET_BITS=64.
(From OE-Core rev: 96dcd95cb04c28e19afbfaefa61b15497e499cff)
Signed-off-by: Ola x Nilsson <olani@axis.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit ec63f507362faacf49edb22b3c472e54e3cc62c5)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Distros can customize the location of OPKG data using OPKGLIBDIR. In
OE-Core commit 11f1956cf5d7 ("package_manager.py: define info_dir and
status_file when OPKGLIBDIR isn't the default"), a fix was applied to
correctly set the info_dir and status_file options relative to
OPKGLIBDIR.
However, as the commit message notes, the opkg.conf file deployed as
part of the opkg package must also be adjusted to correctly reflect the
changed location. Otherwise, opkg running inside the image cannot find
its data.
Fix this by also setting the info_dir and status_file options in
opkg.conf to the correct location relative to OPKGLIBDIR.
Fixes: 11f1956cf5d7 ("package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default")
(From OE-Core rev: 2c7284c36398078b38271412ec3b2a457c197a5f)
Signed-off-by: Harald Seiler <hws@denx.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit adb939ae3635de6e02208859fbf29cf0ed39f565)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
* Fix -Werror=sign-conversion in lib/alg-yescrypt-platform.c.
With commit 894aee75433b4dc8d9724b126da6e79fa5f6814b we introduced some
changes to huge page handling, that show this error when building with
GCC v12.2.1, and thus need a small fix.
(From OE-Core rev: 760626c0409c4f735a0e00b73161d239c44e9645)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 6918477ad121f9c7335c661433a909e948f66d51)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
Fix a crash that could happen when you change
a dnssec-policy zone with NSEC3 to start using
inline-signing. [GL #3591]
Don't trust a placeholder KEYDATA from the managed-keys
zone by adding it into secroots. [GL #2895]
Fixed a race condition that could cause a crash
in dns_zone_synckeyzone(). [GL #3617]
Don't enforce the jemalloc use on NetBSD. [GL #3634]
Fix an inheritance bug when setting the port on
remote servers in configuration. [GL #3627]
Fix a resolver prefetch bug when the record's TTL value
is equal to the configured prefetch eligibility value,
but the record was erroneously not treated as eligible
for prefetching. [GL #3603]
Always call dns_adb_endudpfetch() after calling
dns_adb_beginudpfetch() for UDP queries in resolver.c,
in order to adjust back the quota. [GL #3598]
Fix a startup issue on Solaris systems with many
(reportedly > 510) CPUs. Thanks to Stacey Marshall from
Oracle for deep investigation of the problem. [GL #3563]
rpz-ip rules could be ineffective in some scenarios
with CD=1 queries. [GL #3247]
The RecursClients statistics counter could overflow
in certain resolution scenarios. [GL #3584]
Less ceremonial UNEXPECTED_ERROR() and FATAL_ERROR()
reporting macros. [GL !6914]
Fix a couple of bugs in cfg_print_duration(), which
could result in generating incomplete duration values
when printing the configuration using named-checkconf.
[GL !6880]
Refactor the isc_httpd implementation used in the
statistics channel. [GL !6879]
(From OE-Core rev: eea02875a8dbbd1a33c7f6daa2b267933cd25c8b)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit e57fe26b3f85ebfabdc8b574caa5c97602e4d771)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes fixes for CVE-2022-4141
https://nvd.nist.gov/vuln/detail/CVE-2022-4141
For a short list of important changes, see:
https://www.arp242.net/vimlog/
(From OE-Core rev: e6b2f6113232e5c1f38f1885f34061c570790323)
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 160f459febc7fb36cc0fe85c63eb26780ace3bfd)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Using backported content from the master branch
(From yocto-docs rev: cfd9848fae96a2b047df22d1a8bd4821c3d71cbf)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Using backported content from the master branch
(From yocto-docs rev: a02c8e5e1d6548a2db884a8b1430e20178e44d49)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Both of these redirect to https://cpan.metacpan.org/:
http://cpan.metacpan.org/http://search.cpan.org/CPAN/
(From OE-Core rev: 5a622a9171da941c705aedc88d487d7158955a8f)
Signed-off-by: Tim Orling <tim.orling@konsulko.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit f1b74fc09f70d52d9ac629b04d81aa94fd97ff40)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The current resolvconf does not work. Make it work with the
following changes.
1. Install normalize-resolvconf, which is used by resolvconf.
2. Add dependencies: sed, util-linux-flock.
util-linux-flock is needed by our busybox does not support '-w'
by default. sed is needed because we want to avoid package
QA issue complaining sed is needed by no one provides it.
3. Add a patch to replace 'readlink -m' with 'readlink -l'.
This could avoid the runtime dependency on coreutils. The replacement
is safe as /etc always exits in OE's system.
4. Remove allarch inheritage. This is because the above RDEPENDS
change does not allow this any more. test_sstate_allarch_samesigs
would fail if we don't do this.
(From OE-Core rev: aba0164359347e062cf64bcc6bb34ed08c2377b5)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 1b0581fd241cc9de2feda896aefbf055dc0099dc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, dhcpcd does not work well with systemd. When using dhcpcd
to configure network, the /etc/resolv.conf contents are not correct.
This issue could easily be reproduced by using 'qemu + slirp' to
start a systemd based image and using dhcpcd to configure network.
The expected 'nameserver 10.0.2.3' is not in /etc/resolv.conf.
The root cause of this problem is that dhcpcd assumes the resolvconf
should recognize .protocol suffix[1]. But systemd's resolvconf (which
is a symlink to resolvectl) has a limited support for traditional
resolvconf interface[2], and "may not work with all clients"[3]. This
of cource includes the clients that use the .protocol suffix.
The current situation is:
1. systemd is not going to support the .protocol suffix in the foreseeable
near future[4].
2. dhcpcd does not want to merge systemd specific patch and insists
systemd needs to consider the .protocol suffix[5][6].
It's a normal thing that people have different opinions. As a build system
that supports such combination, however, we do need to come up with a
solution to fix this typical integration problem, making dhcpcd and systemd
work together.
This patch solves this integration problem by relying on dhcpcd's ability
to manage its own resolv.conf contents. But instead of letting it to write
to /etc/resolv.conf directly, we supply the generated contents to resolvconf.
In this way, the resolvconf still stands in the central place and dhcpcd remains
a supplier to it. And the /etc/resolv.conf can get the correct contents.
With this patch, dhcpcd could work with both sysvinit and systemd.
[1] https://man.archlinux.org/man/resolvconf.8.en
[2] https://man.archlinux.org/man/resolvectl.1#COMPATIBILITY_WITH_RESOLVCONF(8)
[3] https://wiki.archlinux.org/title/systemd-resolved
[4] https://github.com/systemd/systemd/issues/25032
[5] https://github.com/NetworkConfiguration/dhcpcd/pull/152
[6] https://github.com/NetworkConfiguration/dhcpcd/issues/146
(From OE-Core rev: a56579912c5fa9c0d1f1e4fcefdbf75c1d13ab1f)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 935ae419f51d911c73f5dc7b4a2e5e9a7b206985)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since oe-core commit 64b89f3c8fc31842256c482a3039d90d3f12c1cc
("sstatesig.py: make it fatal error when sstate manifest isn't found")
errors like:
| Manifest [..]/tmp/sstate-control/manifest-x86_64_x86_64-nativesdk-dbus.populate_sysroot not found in imx8mm_dummy cortexa53-mx8mm cortexa53 armv8a-crc armv8a aarch64 allarch x86_64_x86_64-nativesdk (variant '')?
are fatal now and cannot be ignored but must be debugged.
Unfortunately, the currently emitted error message is a bit imprecise
with telling the reader what has actually gone wrong.
This commit:
* adds the word 'sstate' to the error message to clarify the scope we
are dealing with ('sstate manifests', since there are other manifests,
too)
* does not randomly print the last manifest file searched for as THE
manifest file that could not be found
Instead, we print the name of the task the sstate was searched for
* adds the word 'multilib' to variant to make clear which variant we are
talking about
* adds a separate line noting the searched pkgarchs and adds explicitly
mentions this word ('pkgarchs')
* prints a list of ALL manifest file locations attempted
* removes the '?' at the end of the message since such errors indeed
leave the question of what is the cause but the error message itself
is more like a statement.
The result for the exact same issue as noted above then looks as
follows:
| The sstate manifest for task 'dbus:populate_sysroot' (multilib variant '') could not be found.
| The pkgarchs considered were: imx8mm_dummy, cortexa53-mx8mm, cortexa53, armv8a-crc, armv8a, aarch64, allarch, x86_64_x86_64-nativesdk.
| But none of these manifests exists:
| [..]/tmp/sstate-control/manifest-imx8mm_dummy-dbus.populate_sysroot
| [..]/tmp/sstate-control/manifest-cortexa53-mx8mm-dbus.populate_sysroot
| [..]/tmp/sstate-control/manifest-cortexa53-dbus.populate_sysroot
| [..]/tmp/sstate-control/manifest-armv8a-crc-dbus.populate_sysroot
| [..]/tmp/sstate-control/manifest-armv8a-dbus.populate_sysroot
| [..]/tmp/sstate-control/manifest-aarch64-dbus.populate_sysroot
| [..]/tmp/sstate-control/manifest-allarch-dbus.populate_sysroot
| [..]/tmp/sstate-control/manifest-x86_64_x86_64-nativesdk-dbus.populate_sysroot
(From OE-Core rev: 18f1a5554063b0cecd206abed6e57f397f7d1346)
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 735ec126ec219c7cb89cb05b0e433201bb7f59eb)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently, the KERNEL_DEBUG_TIMESTAMPS is not working as expected
at rebuild. That is, even if we set it to "1", the kernel build time
is not changed. The problem could be reproduced by the following steps.
1. bitbake core-image-minimal; start image and check `uname -a` output.
2. set in local.conf: KERNEL_DEBUG_TIMESTAMPS = "1"
3. bitbake core-image-minimal; start image and check `uname -a` output.
It's expected that after enabling KERNEL_DEBUG_TIMESTAMPS, the kernel
build time will be set to current date. But it's not. This is because
the compile.h was not re-generated when do_compile task was re-executed.
In mkcompile_h, we have:
"""
# Only replace the real compile.h if the new one is different,
# in order to preserve the timestamp and avoid unnecessary
# recompilations.
# We don't consider the file changed if only the date/time changed,
# unless KBUILD_BUILD_TIMESTAMP was explicitly set (e.g. for
# reproducible builds with that value referring to a commit timestamp).
# A kernel config change will increase the generation number, thus
# causing compile.h to be updated (including date/time) due to the
# changed comment in the
# first line.
"""
It has made it very clear that it will not be re-generated unless
we have KBUILD_BUILD_TIMESTAMP set explicitly. So we set this variable
explicitly in do_compile to fix this issue.
(From OE-Core rev: 5e508a8060c7397b5f9630fc62797dd091f99c6e)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 1b68c2d2d385013a1c535ef81172494302a36d74)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
