diff options
Diffstat (limited to 'poky/meta/conf')
-rw-r--r-- | poky/meta/conf/bitbake.conf | 16 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/cve-extra-exclusions.inc | 73 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/maintainers.inc | 12 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/ptest-packagelists.inc | 51 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/tcmode-default.inc | 2 | ||||
-rw-r--r-- | poky/meta/conf/distro/include/yocto-uninative.inc | 8 | ||||
-rw-r--r-- | poky/meta/conf/machine/include/qemuboot-x86.inc | 11 | ||||
-rw-r--r-- | poky/meta/conf/machine/qemuarm.conf | 1 | ||||
-rw-r--r-- | poky/meta/conf/machine/qemuarm64.conf | 1 |
9 files changed, 141 insertions, 34 deletions
diff --git a/poky/meta/conf/bitbake.conf b/poky/meta/conf/bitbake.conf index 4fa47d88e..f451ba6a4 100644 --- a/poky/meta/conf/bitbake.conf +++ b/poky/meta/conf/bitbake.conf @@ -173,25 +173,25 @@ DATETIME = "${DATE}${TIME}" # python-native should be here but python relies on building # its own in staging ASSUME_PROVIDED = "\ + bash-native \ bzip2-native \ chrpath-native \ + diffstat-native \ file-native \ findutils-native \ gawk-native \ git-native \ grep-native \ - diffstat-native \ - patch-native \ - libgcc-native \ hostperl-runtime-native \ hostpython-runtime-native \ + libgcc-native \ + patch-native \ + sed-native \ tar-native \ - virtual/libintl-native \ - virtual/libiconv-native \ - virtual/crypt-native \ texinfo-native \ - bash-native \ - sed-native \ + virtual/crypt-native \ + virtual/libiconv-native \ + virtual/libintl-native \ wget-native \ " # gzip-native should be listed above? diff --git a/poky/meta/conf/distro/include/cve-extra-exclusions.inc b/poky/meta/conf/distro/include/cve-extra-exclusions.inc new file mode 100644 index 000000000..cf07acce1 --- /dev/null +++ b/poky/meta/conf/distro/include/cve-extra-exclusions.inc @@ -0,0 +1,73 @@ +# This file contains a list of CVE's where resolution has proven to be impractical +# or there is no reasonable action the Yocto Project can take to resolve the issue. +# It contains all the information we are aware of about an issue and analysis about +# why we believe it can't be fixed/handled. Additional information is welcome through +# patches to the file. +# +# Include this file in your local.conf or distro.conf to exclude these CVE's +# from the cve-check results or add to the bitbake command with: +# -R conf/distro/include/cve-extra-exclusions.inc +# +# The file is not included by default since users should review this data to ensure +# it matches their expectations and usage of the project. +# +# We may also include "in-flight" information about current/ongoing CVE work with +# the aim of sharing that work and ensuring we don't duplicate it. +# + + +# strace https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0006 +# CVE is more than 20 years old with no resolution evident +# broken links in CVE database references make resolution impractical +CVE_CHECK_WHITELIST += "CVE-2000-0006" + +# epiphany https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0238 +# The issue here is spoofing of domain names using characters from other character sets. +# There has been much discussion amongst the epiphany and webkit developers and +# whilst there are improvements about how domains are handled and displayed to the user +# there is unlikely ever to be a single fix to webkit or epiphany which addresses this +# problem. Whitelisted as there isn't any mitigation or fix or way to progress this further +# we can seem to take. +CVE_CHECK_WHITELIST += "CVE-2005-0238" + +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4756 +# Issue is memory exhaustion via glob() calls, e.g. from within an ftp server +# Best discussion in https://bugzilla.redhat.com/show_bug.cgi?id=681681 +# Upstream don't see it as a security issue, ftp servers shouldn't be passing +# this to libc glob. Exclude as upstream have no plans to add BSD's GLOB_LIMIT or similar +CVE_CHECK_WHITELIST += "CVE-2010-4756" + +# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29509 +# go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29511 +# The encoding/xml package in go can potentially be used for security exploits if not used correctly +# CVE applies to a netapp product as well as flagging a general issue. We don't ship anything +# exposing this interface in an exploitable way +CVE_CHECK_WHITELIST += "CVE-2020-29509 CVE-2020-29511" + + + +#### CPE update pending #### + +# groff:groff-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0803 +# Appears it was fixed in https://git.savannah.gnu.org/cgit/groff.git/commit/?id=07f95f1674217275ed4612f1dcaa95a88435c6a7 +# so from 1.17 onwards. Reported to the database for update by RP 2021/5/9. Update accepted 2021/5/10. +#CVE_CHECK_WHITELIST += "CVE-2000-0803" + + + +#### Upstream still working on #### + +# qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 +# There was a proposed patch https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html +# however qemu maintainers are sure the patch is incorrect and should not be applied. + +# flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293 +# Upstream bug, still open: https://github.com/westes/flex/issues/414 +# Causes memory exhaustion so potential DoS but no buffer overflow, low priority + +# wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 +# https://mail.gnu.org/archive/html/bug-wget/2021-02/msg00002.html +# No response upstream as of 2021/5/12 + + + diff --git a/poky/meta/conf/distro/include/maintainers.inc b/poky/meta/conf/distro/include/maintainers.inc index 140f7b490..fa7eb9da0 100644 --- a/poky/meta/conf/distro/include/maintainers.inc +++ b/poky/meta/conf/distro/include/maintainers.inc @@ -111,19 +111,17 @@ RECIPE_MAINTAINER_pn-core-image-minimal-mtdutils = "Richard Purdie <richard.purd RECIPE_MAINTAINER_pn-core-image-tiny-initramfs = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-full-cmdline = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-kernel-dev = "Richard Purdie <richard.purdie@linuxfoundation.org>" +RECIPE_MAINTAINER_pn-core-image-ptest-all = "Richard Purdie <richard.purdie@linuxfoundation.org>" +RECIPE_MAINTAINER_pn-core-image-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-sato = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-sato-sdk = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-testmaster-initramfs = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-testmaster = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-clutter = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-weston = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-core-image-weston-ptest-all = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-core-image-weston-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-weston-sdk = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-x11 = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-core-image-sato-dev = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-core-image-sato-ptest-fast = "Richard Purdie <richard.purdie@linuxfoundation.org>" -RECIPE_MAINTAINER_pn-core-image-sato-sdk-ptest = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-coreutils = "Chen Qi <Qi.Chen@windriver.com>" RECIPE_MAINTAINER_pn-cpio = "Denys Dmytriyenko <denis@denix.org>" RECIPE_MAINTAINER_pn-cracklib = "Armin Kuster <akuster808@gmail.com>" @@ -171,6 +169,7 @@ RECIPE_MAINTAINER_pn-ell = "Zang Ruochen <zangrc.fnst@fujitsu.com>" RECIPE_MAINTAINER_pn-enchant2 = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-encodings = "Armin Kuster <akuster808@gmail.com>" RECIPE_MAINTAINER_pn-epiphany = "Alexander Kanavin <alex.kanavin@gmail.com>" +RECIPE_MAINTAINER_pn-erofs-utils = "Richard Weinberger <richard@nod.at>" RECIPE_MAINTAINER_pn-ethtool = "Changhyeok Bae <changhyeok.bae@gmail.com>" RECIPE_MAINTAINER_pn-eudev = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-expat = "Yi Zhao <yi.zhao@windriver.com>" @@ -205,6 +204,7 @@ RECIPE_MAINTAINER_pn-gdk-pixbuf = "Ross Burton <ross.burton@arm.com>" RECIPE_MAINTAINER_pn-gettext = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-gettext-minimal-native = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-ghostscript = "Hongxu Jia <hongxu.jia@windriver.com>" +RECIPE_MAINTAINER_pn-gi-docgen = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-git = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-glew = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-glib-2.0 = "Anuj Mittal <anuj.mittal@intel.com>" @@ -507,7 +507,6 @@ RECIPE_MAINTAINER_pn-mingetty = "Yi Zhao <yi.zhao@windriver.com>" RECIPE_MAINTAINER_pn-mini-x-session = "Armin Kuster <akuster808@gmail.com>" RECIPE_MAINTAINER_pn-minicom = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-mkfontscale = "Armin Kuster <akuster808@gmail.com>" -RECIPE_MAINTAINER_pn-mklibs-native = "Robert Yang <liezhi.yang@windriver.com>" RECIPE_MAINTAINER_pn-mmc-utils = "Anuj Mittal <anuj.mittal@intel.com>" RECIPE_MAINTAINER_pn-mobile-broadband-provider-info = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-modutils-initscripts = "Yi Zhao <yi.zhao@windriver.com>" @@ -608,6 +607,7 @@ RECIPE_MAINTAINER_pn-python3-jinja2 = "Richard Purdie <richard.purdie@linuxfound RECIPE_MAINTAINER_pn-python3-libarchive-c = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER_pn-python3-magic = "Joshua Watt <JPEWhacker@gmail.com>" RECIPE_MAINTAINER_pn-python3-mako = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" +RECIPE_MAINTAINER_pn-python3-markdown = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-python3-markupsafe = "Richard Purdie <richard.purdie@linuxfoundation.org>" RECIPE_MAINTAINER_pn-python3-more-itertools = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-python3-nose = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" @@ -630,11 +630,13 @@ RECIPE_MAINTAINER_pn-python3-scons-native = "Tim Orling <timothy.t.orling@linux. RECIPE_MAINTAINER_pn-python3-setuptools = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-setuptools-scm = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-python3-six = "Zang Ruochen <zangrc.fnst@fujitsu.com>" +RECIPE_MAINTAINER_pn-python3-smartypants = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-python3-smmap = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-sortedcontainers = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-python3-subunit = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-testtools = "Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>" RECIPE_MAINTAINER_pn-python3-toml = "Tim Orling <timothy.t.orling@linux.intel.com>" +RECIPE_MAINTAINER_pn-python3-typogrify = "Alexander Kanavin <alex.kanavin@gmail.com>" RECIPE_MAINTAINER_pn-python3-wcwidth = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-python3-zipp = "Tim Orling <timothy.t.orling@linux.intel.com>" RECIPE_MAINTAINER_pn-qemu = "Richard Purdie <richard.purdie@linuxfoundation.org>" diff --git a/poky/meta/conf/distro/include/ptest-packagelists.inc b/poky/meta/conf/distro/include/ptest-packagelists.inc index e0a876dbd..aef70343f 100644 --- a/poky/meta/conf/distro/include/ptest-packagelists.inc +++ b/poky/meta/conf/distro/include/ptest-packagelists.inc @@ -14,17 +14,21 @@ PTESTS_FAST = "\ diffutils-ptest \ elfutils-ptest \ ethtool-ptest \ + expat-ptest \ flex-ptest \ gawk-ptest \ gdbm-ptest \ gdk-pixbuf-ptest \ gettext-ptest \ + glib-networking-ptest \ gzip-ptest \ json-glib-ptest \ libconvert-asn1-perl-ptest \ liberror-perl-ptest \ + libnl-ptest \ libmodule-build-perl-ptest \ libpcre-ptest \ + libssh2-ptest \ libtimedate-perl-ptest \ libtest-needs-perl-ptest \ liburi-perl-ptest \ @@ -43,6 +47,12 @@ PTESTS_FAST = "\ opkg-ptest \ pango-ptest \ parted-ptest \ + python3-atomicwrites-ptest \ + python3-jinja2-ptest \ + python3-markupsafe-ptest \ + python3-more-itertools-ptest \ + python3-pluggy-ptest \ + python3-wcwidth-ptest \ qemu-ptest \ quilt-ptest \ sed-ptest \ @@ -51,17 +61,7 @@ PTESTS_FAST = "\ zlib-ptest \ " PTESTS_FAST_remove_mips64 = "qemu-ptest" - -#PTESTS_PROBLEMS = "\ -# ruby-ptest \ # Timeout -# clutter-1.0-ptest \ # Doesn't build due to depends on cogl-1.0 -# lz4-ptest \ # Needs a rewrite -# rt-tests-ptest \ # Needs to be checked whether it runs at all -# bash-ptest \ # Test outcomes are non-deterministic by design -# ifupdown-ptest \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py -# mdadm-ptest \ # Tests rely on non-deterministic sleep() amounts -# libinput-ptest \ # Tests need an unloaded system to be reliable -#" +PTESTS_PROBLEMS_append_mips64 = "qemu-ptest" PTESTS_SLOW = "\ babeltrace-ptest \ @@ -85,3 +85,32 @@ PTESTS_SLOW = "\ " PTESTS_SLOW_remove_riscv64 = "valgrind-ptest" +PTESTS_PROBLEMS_append_riscv64 = "valgrind-ptest" + +# ruby-ptest \ # Timeout +# clutter-1.0-ptest \ # Doesn't build due to depends on cogl-1.0 +# lz4-ptest \ # Needs a rewrite +# rt-tests-ptest \ # Needs to be checked whether it runs at all +# bash-ptest \ # Test outcomes are non-deterministic by design +# ifupdown-ptest \ # Tested separately in lib/oeqa/selftest/cases/imagefeatures.py +# mdadm-ptest \ # Tests rely on non-deterministic sleep() amounts +# libinput-ptest \ # Tests need an unloaded system to be reliable +# libpam-ptest \ # Needs pam DISTRO_FEATURE +# numactl-ptest \ # qemu not (yet) configured for numa; all tests are skipped +# libseccomp-ptest \ # tests failed: 38; add to slow tests once addressed +# python3-numpy-ptest \ # requires even more RAM and (possibly) disk space; multiple failures + +PTESTS_PROBLEMS = "\ + ruby-ptest \ + clutter-1.0-ptest \ + lz4-ptest \ + rt-tests-ptest \ + bash-ptest \ + ifupdown-ptest \ + mdadm-ptest \ + libinput-ptest \ + libpam-ptest \ + libseccomp-ptest \ + numactl-ptest \ + python3-numpy-ptest \ +" diff --git a/poky/meta/conf/distro/include/tcmode-default.inc b/poky/meta/conf/distro/include/tcmode-default.inc index a0c35eed0..c6e5ac61d 100644 --- a/poky/meta/conf/distro/include/tcmode-default.inc +++ b/poky/meta/conf/distro/include/tcmode-default.inc @@ -22,7 +22,7 @@ BINUVERSION ?= "2.36%" GDBVERSION ?= "10.%" GLIBCVERSION ?= "2.33" LINUXLIBCVERSION ?= "5.10%" -QEMUVERSION ?= "5.2%" +QEMUVERSION ?= "6.0%" GOVERSION ?= "1.16%" # This can not use wildcards like 8.0.% since it is also used in mesa to denote # llvm version being used, so always bump it with llvm recipe version bump diff --git a/poky/meta/conf/distro/include/yocto-uninative.inc b/poky/meta/conf/distro/include/yocto-uninative.inc index 05b79d14c..740cca0ec 100644 --- a/poky/meta/conf/distro/include/yocto-uninative.inc +++ b/poky/meta/conf/distro/include/yocto-uninative.inc @@ -8,7 +8,7 @@ UNINATIVE_MAXGLIBCVERSION = "2.33" -UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.1/" -UNINATIVE_CHECKSUM[aarch64] ?= "7fa12b9fe7a95934cc09beb0e8a25ff97179ef3105116015d32548eadd27b024" -UNINATIVE_CHECKSUM[i686] ?= "bbfcdd48336800b5af97e294918c6586a0a8fa903f127f813b0bd5110de8c55c" -UNINATIVE_CHECKSUM[x86_64] ?= "5d0611df544edff6428cef7d871257a91aa6ba1bd92f5365a2df8deb54b6b31e" +UNINATIVE_URL ?= "http://downloads.yoctoproject.org/releases/uninative/3.2/" +UNINATIVE_CHECKSUM[aarch64] ?= "4f0872cdca2775b637a8a99815ca5c8dd42146abe903a24a50ee0448358c764b" +UNINATIVE_CHECKSUM[i686] ?= "e2eeab92e67263db37d9bb6d4c58579abd1f47ff4cded3171bde572fece124b2" +UNINATIVE_CHECKSUM[x86_64] ?= "3ee8c7d55e2d4c7ae3887cddb97219f97b94efddfeee2e24923c0cb0e8ce84c6" diff --git a/poky/meta/conf/machine/include/qemuboot-x86.inc b/poky/meta/conf/machine/include/qemuboot-x86.inc index 2a4760c71..a2dcdc6d5 100644 --- a/poky/meta/conf/machine/include/qemuboot-x86.inc +++ b/poky/meta/conf/machine/include/qemuboot-x86.inc @@ -1,13 +1,14 @@ # For runqemu IMAGE_CLASSES += "qemuboot" -QB_CPU_x86 = "-cpu core2duo" -QB_CPU_KVM_x86 = "-cpu core2duo" +QB_SMP = "-smp 4" +QB_CPU_x86 = "-cpu IvyBridge -machine q35" +QB_CPU_KVM_x86 = "-cpu IvyBridge -machine q35" -QB_CPU_x86-64 = "-cpu core2duo" -QB_CPU_KVM_x86-64 = "-cpu core2duo" +QB_CPU_x86-64 = "-cpu IvyBridge -machine q35" +QB_CPU_KVM_x86-64 = "-cpu IvyBridge -machine q35" QB_AUDIO_DRV = "alsa" QB_AUDIO_OPT = "-soundhw ac97,es1370" -QB_KERNEL_CMDLINE_APPEND = "oprofile.timer=1" +QB_KERNEL_CMDLINE_APPEND = "oprofile.timer=1 tsc=reliable no_timer_check rcupdate.rcu_expedited=1" QB_OPT_APPEND = "-usb -device usb-tablet" diff --git a/poky/meta/conf/machine/qemuarm.conf b/poky/meta/conf/machine/qemuarm.conf index e5ec4cc06..34fcde698 100644 --- a/poky/meta/conf/machine/qemuarm.conf +++ b/poky/meta/conf/machine/qemuarm.conf @@ -16,6 +16,7 @@ SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}" QB_SYSTEM_NAME = "qemu-system-arm" QB_MACHINE = "-machine virt,highmem=off" QB_CPU = "-cpu cortex-a15" +QB_SMP = "-smp 4" # Standard Serial console QB_KERNEL_CMDLINE_APPEND = "vmalloc=256" # For graphics to work we need to define the VGA device as well as the necessary USB devices diff --git a/poky/meta/conf/machine/qemuarm64.conf b/poky/meta/conf/machine/qemuarm64.conf index 51f7ecdcf..150a0744e 100644 --- a/poky/meta/conf/machine/qemuarm64.conf +++ b/poky/meta/conf/machine/qemuarm64.conf @@ -16,6 +16,7 @@ SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}" QB_SYSTEM_NAME = "qemu-system-aarch64" QB_MACHINE = "-machine virt" QB_CPU = "-cpu cortex-a57" +QB_SMP = "-smp 4" QB_CPU_KVM = "-cpu host -machine gic-version=3" # For graphics to work we need to define the VGA device as well as the necessary USB devices QB_GRAPHICS = "-device VGA,edid=on" |