Matt Madison [Wed, 4 Oct 2017 18:21:52 +0000 (18:21 +0000)]
go-runtime: prevent host leakage into target objects
When building for a target whose architecture matches
the build host's, the second pass through make.bash
to build the shareable runtime would also overwrite
the target's static cgo library with host-compatibile
binaries.
Fix this by running the host-side build once and
target-only passes of make.bash twice, for static
and shareable. This ensures that what gets installed
is target-compatible.
Also fix an issue with x86-64 targets running MUSL by
removing the pre-built (for glibc) objects for the
race detector runtime before building.
[YOCTO #12136]
Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Ross Burton <ross.burton@intel.com>
Matt Madison [Thu, 28 Sep 2017 17:34:42 +0000 (10:34 -0700)]
goarch.bbclass: rework mips architecture checks
Remove the TUNE_FEATURES references from go_map_arch,
to avoid an unwanted variable dependency. Direct
comparisons of the architecture name are sufficient
for covering what Go currently supports, and using
TUNE_CCARGS_remove adequately handles the conflict
with the cgo-supplied flags for mips.
Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Ross Burton <ross.burton@intel.com>
meta: Fix return value checks from subprocess.call()'s
Python function subprocess.call() returns the return value of the
executed process. If return values are not checked, errors may
go unnoticed and bad things can happen.
Change all callers of subprocess.call() which do not check for
the return value to use subprocess.check_call() which raises
CalledProcessError if the subprocess returns with non-zero value.
Tested similar patch on top of yocto jethro. Only compile tested
core-image-minimal on poky master branch.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
]
Added return code checking to do_diffconfig. Although the change is
well intentioned, it isn't correct in this instance since 'diff' returns
'1' to indicate that there are differences in the files .. and not as
an error code.
subprocess.check_call() flags this as an error and the routine aborts.
We are already checking the inputs, and in fact already know there's a
diff in the files before we even make the call, so there's no need to
look for an error in this case.
Putting back subprocess.call() restores the routine to working order.
[YOCTO #12132]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Generating the host keys atomically prevents power interruptions during the
first boot from leaving the key files incomplete, which often prevents users
from being able to ssh into the device.
[YOCTO #11671]
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Zhixiong Chi [Thu, 28 Sep 2017 08:06:05 +0000 (16:06 +0800)]
libarchive: CVE-2017-14502
read_header in archive_read_support_format_rar.c suffers from an
off-by-one error for UTF-16 names in RAR archives, leading to an
out-of-bounds read in archive_read_format_rar_read_header.
Backport the patch from
https://github.com/libarchive/libarchive/commit
commit 5562545b5562f6d12a4ef991fae158bf4ccf92b6
CVE: CVE-2017-14502
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Mikko Ylinen [Wed, 27 Sep 2017 08:08:15 +0000 (11:08 +0300)]
package_manager: rpm: improve logging
To be able to better debug remove() behaviour, add more logging
to rpm calls via bb.note(). The change also makes remove() logging
more consistent with other package managers' remove() (e.g., opkg).
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Mikko Ylinen [Wed, 27 Sep 2017 08:08:14 +0000 (11:08 +0300)]
rootfs.py: remove update-alternatives correctly
With "read-only-rootfs" in IMAGE_FEATURES, packages in ROOTFS_RO_UNNEEDED
are removed when building the rootfs. The list of packages to remove is
passed to the package manager and the list is sorted so that
update-alternatives provider is the last entry. This is with the
assumption that the last entry on the list/command line is removed last.
However, it turns out rpm does not care about "last on the command
line" and update-alternatives provider is removed before other the
packages get to run their %preun scripts for update-alternatives.
This leaves broken alternative symlinks in rootfs.
The fix is to first remove all but update-alternatives provider and
after that update-alternatives provider in its own remove() call.
Signed-off-by: Mikko Ylinen <mikko.ylinen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Alistair Francis [Mon, 25 Sep 2017 22:56:55 +0000 (15:56 -0700)]
glib-2.0: Remove recommend shared-mime-info for MinGW
Commit glib-2.0: recommend shared-mime-info
(51e4f9ca5368af5cefa26f4ca50b282e858982f8) broke compilation when cross
compiling for Windows. This patch removes the recommendation for
shared-mime-info when using MinGW cross compile.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Cc: Ross Burton <ross.burton@intel.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
libparted: Use read only when probing devices on linux
When a device is opened for RW closing it can trigger other actions,
like udev scanning it for partition changes. Use read only for the
init_* methods and RW for actual changes to the device.
This adds _device_open which takes mode flags as an argument and turns
linux_open into a wrapper for it with RW_MODE.
_device_open_ro is added to open the device with RD_MODE and increment
the open_counter. This is used in the init_* functions.
_device_close is a wrapper around linux_close that decrements the
open_counter and is used in the init_* functions.
All of these changes are self-contained with no external API changes.
The only visible change in behavior is that when a new PedDevice is
created the device is opened in RO_MODE instead of RW_MODE.
Currently systemd-boot actually incorporates libgcc, since the
systemd-boot needs to be built with 64bit instructions it can not
use the x32 based libgcc.
Use the new override to ensure it gets overriden, linux-gnux32 could
not be used because x86-64 has higher priority.
Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is needed as an x32 more generic x32 override later in the
OVERRIDES, currently linux-gnux32 is the first override, but we
need a stronger (later in the list) x32 override to deal with some
needed x32 dependency overrides.
Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With default --without-nghttp2 flag set there was no way to get
http2 protocol support using nghttp2 library. Instead moved it to
PACKAGECONFIG options
Signed-off-by: baali <shantanu@senic.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
selftest/cases/runtime_test: ignore removal errors when cleaning temporary gpg directory
The high-level method tempfile.TemporaryDirectory give us no way to ignore erros on
removal thus use tempfile.mkdtemp instead. Ignoring possible issues on removal
is neccesary because it contains gpg sockets that are automatically removed by
the system once the process terminates, otherwise the following log is observed:
File "/usr/lib/python3.5/shutil.py", line 436, in _rmtree_safe_fd
os.unlink(name, dir_fd=topfd)
FileNotFoundError: [Errno 2] No such file or directory: 'S.gpg-agent.browser'
Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel
so (unfortunately) the signing must be done serially. Once the upstream problem is fixed,
this patch must be reverted, otherwise we loose all the intrinsic parallelism from
bitbake.
[YOCTO #12022]
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 25 Sep 2017 20:21:55 +0000 (21:21 +0100)]
core-image-sato-sdk-ptest: reduce size
This image is very large and is skirting the maximum size of hddimg images (4GB,
as they're embedded inside FAT partitions). Making the image 10MB bigger can be
enough to cause the build to fail. This image is also used by QA so currently
we need to keep it working.
The default values for expanding an image to give it usable space are quite
generous, (3GB rootfs * 1.3 gives 1GB of empty space), so change the overhead
multiplier to 1.0x and explicitly request just 0.5GB of empty space in the
images.
This should give us a bit more breathing room until we can either remove hddimg
from the default build, or make this image dramatically smaller.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Create an option to wic doesn't change fstab file, the final
fstab file will be same that in rootfs and wic doesn't update
file, e.g adding a new mount point.
Users can control the fstab file content in base-files recipe.
This is useful if you want to only create an partition but not
add fstab mount point or add new mount point using label e.g:
LABEL=recovery /recovery auto defaults 0 1
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Matt Madison [Sat, 23 Sep 2017 00:58:22 +0000 (17:58 -0700)]
go_1.9: remove obsolete overrides
Now that mips and security flags fixes are in place
in the bbclasses, remove the local settings in this
recipe.
Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Matt Madison [Sat, 23 Sep 2017 00:58:21 +0000 (17:58 -0700)]
go: disable PIE flags for cgo
If the security_flags.inc file is included, gcc
will do PIE builds by default. These flags need
to be disabled for go packages that use cgo.
Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Matt Madison [Sat, 23 Sep 2017 00:58:20 +0000 (17:58 -0700)]
goarch.bbclass: fixups for Go mips32 support
* Fix the regular expression in the mips test
* Flag as incompatible any mips32 tunes for n32 ABI
or soft-float, as go does not support them.
* Replace mips32r2 tune with mips32r1. Go only supports
mips32r1, which is a strict subset of r2. Adjusting
this tune is not ideal, but is hopefully a temporary
measure until more complete mips32 ISA coverage
arrives upstream.
[YOCTO #12108]
Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stefan Agner [Wed, 13 Sep 2017 23:05:49 +0000 (16:05 -0700)]
linux-firmware: bump to latest linux-firmware git revision
This requires MD5 sum updates for
- LICENSE.QualcommAtheros_ath10k: year change
- WHENCE: various version updates and addition of new firmwares
The new firmware for Qualcom Venus causes a QA error:
QA Issue: linux-firmware: Recipe inherits the allarch class, but has packaged architecture-specific binaries
Since firmware typically do not run on the CPU, the architecture of
the firmware file is independent from the CPU architecture the image
will be running on. Disable the QA check for the linux-firmware
package by default.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: California Sullivan <california.l.sullivan@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
qemurunner: print tail qemu log in case bootlog is empty
There are cases where the 'while loop' waiting for login prompt fails
and the bootlog variable does not get populated, thus use the the new
qemurunner member (self.msg) which stores all output coming from the qemu
process.
[YOCTO #12113]
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Mon, 25 Sep 2017 11:23:35 +0000 (00:23 +1300)]
classes: drop image dependencies on TOPDIR variable
We don't need a dependency on this variable changing, and having one
causes locked signature warnings during eSDK installation if you have
INITRAMFS_IMAGE_* set (since TOPDIR will always be different between
the eSDK and the environment in which it was built).
Relates to [YOCTO #12102].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
André Draszik [Fri, 22 Sep 2017 09:00:10 +0000 (10:00 +0100)]
useradd-staticids: don't create username-group if gid is specified
Adding distcc to an image, and having staticids enabled,
doesn't work as it causes a a superfluous 'distcc' group
being added using a conflicting GID, thus failing the
build:
| ERROR: distcc-3.2-r0 do_prepare_recipe_sysroot: distcc: groupadd command did not succeed.
Compared to other recipes, the distcc recipe only
specifies --gid for the primary group, and doesn't specify
--no-user-group, but when --gid is given, it doesn't make
sense to create a matching username-group in addition,
even if --no-user-group was not specified, and 'useradd'
actually complains if --gid and --user-group are given
both.
If only --gid is given, the current code in here
effectively behaves as if --user-group was specified,
taking the group-id of the username-group from the
--gid parameter. This causes the error above, as we try
to add a new group (distcc) with an existing group-id
(nogroup).
This is contrary to the comment in this file just above,
contrary to what useradd can do, contrary to behaviour
without the useradd-staticids bbclass, and non-intuitive.
Change the code such that a username-group is only created
- if a primary group using --gid was not specified, or
- if --no-user-group was not specified
To be in line with useradd, if gid is not given, and
--no-user-group is given, we add the user to the group
'users', which mimics useradd's behaviour.
Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 21 Sep 2017 22:19:10 +0000 (23:19 +0100)]
staging: Reduce verbosity of log messages
The staging changes were very verbose in their logging and whilst this is useful
when staging issues occur, those thankfully seem rare now and we can tune down
the logging to a sane level. This improves the readability of error messages from
functions that fail.
The code is still verbose when its replacing things in the sysroot.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 22 Sep 2017 11:39:33 +0000 (12:39 +0100)]
pseudo: Add fastop reply fix
This changes the pseudo FASTOP functionality so that a reply to the
operation is required. This means we then cannot lose data if a connection
is closed. This in turn stops corruption if we run out of file handles
and have to close connections.
This tweaks the connection closure patch to update the comment there which
is now outdated.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The idea came up here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=11309
and here:
http://lists.openembedded.org/pipermail/openembedded-core/2017-August/141491.html
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This causes circular dependencies when UBOOT_SIGN_ENABLE is active.
These are usually caused by circular dependencies and any circular dependency chains found will be printed below. Increase the debug level to see a list of unbuildable tasks.
Identifying dependency loops (this may take a short while)...
Otavio Salvador [Thu, 21 Sep 2017 13:58:33 +0000 (10:58 -0300)]
kernel-devicetree.bbclass: Add support to generate append to kernel
The are use cases where the Device Tree appended to the kernel is
convinient, so we generate the bundle concatenating the kernel (and
potentionally the initramfs) and the Device Tree binaries.
To enable it, set KERNEL_DEVICETREE_BUNDLE variable to '1'
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
Li Zhou [Thu, 21 Sep 2017 02:16:18 +0000 (10:16 +0800)]
xf86-video-intel: use uxa to replace sna as the default acceleration mode
The sna mode causes screen distortion issue on board MinnowMAX
described in this link:
https://bugs.freedesktop.org/show_bug.cgi?id=100700
The uxa mode is verified to not have above issue.
uxa is more stable and has more releases than sna.
So use uxa to replace sna as the default acceleration mode.
Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
André Draszik [Wed, 20 Sep 2017 09:41:56 +0000 (10:41 +0100)]
kernel-uboot: support compressed kernel on MIPS
MIPS generates vmlinuz.bin when compression in the kernel build is
enabled, including any necessary objcopy so we can leverage that
and skip our manual invocation of objcopy here. We just have to
put the file into the right place for the rest of the build to
find it.
Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
André Draszik [Wed, 20 Sep 2017 09:41:53 +0000 (10:41 +0100)]
kernel-fitimage: sanitize dtb section name (unbreak MIPS)
We can't build fitImages for MIPS any more:
| Error: fit-image.its:21.27-28 syntax error
| FATAL ERROR: Unable to parse input tree
| uboot-mkimage: Can't read arch/mips/boot/fitImage.tmp: Invalid argument
Since commit cd2ed7f80b555add07795cc0cbaee866e6c193a3
("kernel-fitimage: dtb sections named by their filenames
and one config section for each dtb"), commit 1ec405ef5df82884c8997878bbe6c66d924b5127 in yocto, dtb
sections are named by the DTB filename, but the filename
can legally be in a subdirectory below
arch/$arch/boot/dts/, and on MIPS all DTBs are actually
in a subdirectory.
If so, mkimage fails with the above error message.
Unbreak this by replacing the offending character
(directory separator /)
Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Set RCONFLICTS to disallow multiple syslog daemon providers to be installed
on the target, and remove codes that deal with such situation.
Also, set ALTERNATIVE_PRIORITY back to 100. It was set to '10' in case of
systemd because sysklogd didn't have systemd support. For now, if we disallow
multiple syslog daemons to be installed, and it stays '10', then if sysklogd
is installed on target, the /sbin/syslogd would link to /bin/busybox.nosuid,
causing sysklogd service files using busybox's utility.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Set RCONFLICTS to disallow multiple syslog daemon providers to be installed
on the target at the same time, and remove codes which dealt with such
situation.
Supporting multiple syslog daemons on the same image doesn't have much sense.
rsyslog and syslog-ng in meta-oe have set RCONFLICTS to disallow this. And
we do the same for busybox.
Also, remove the line of creating a meaningless symlink of
/lib/systemd/syslog.service to /dev/null.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
106b59d9 broke SSH host key generation when systemd and a read-only root file
system are in use because there isn't a way for systemd to get the optional
weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default
value if it is not specified. Instead, move the logic for determining if keys
need to be created to a helper script that both the SysV init script and the
systemd unit file can reference.
This does mean that the systemd unit file can't check for file existence to
know if it should start the service, but it wasn't able to do that correctly
anyway anymore. This should be a problem since the serivce is only run once per
power cycle by systemd, and should exit quickly if the keys already exist
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
wic: allow multiple /boot partitions with different content
It can be useful to have multiple partitions with '--source bootimg-partition'
but different content.
E.g. for TI AM335x, one boot partition can contain an first stage
bootloader ("MLO"), while the real bootloader and kernel plus devicetree
are in another one.
Patch allows to specify multiple IMAGE_BOOT_FILES with optional "_label-XXX"
or "_uuid-XXX" overrides.
E.g. with this patch, a .wks file with
| part --source bootimg-partition ... --label=mlo --active
| part --source bootimg-partition ... --label=boot0
| part --source bootimg-partition ... --label=boot1
Yi Zhao [Thu, 21 Sep 2017 00:34:36 +0000 (08:34 +0800)]
qemu: remove unused patches
Remove the following patches since they are unused after qemu update to
2.10:
0001-replace-struct-ucontext-with-ucontext_t-type.patch
CVE-2016-9908.patch
CVE-2016-9912.patch
configure-fix-Darwin-target-detection.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Yi Zhao [Thu, 21 Sep 2017 03:18:31 +0000 (11:18 +0800)]
ptest-runner: fix segfault with -t option
The ptest-runner would segfault with -t option:
root@qemux86-64:~# ptest-runner -d /usr/lib test_pkg -t 5
[ 237.234112] ptest-runner[810]: segfault at 0 ip 000000382e638060 sp 00007fff9130f400 error 4 in libc-2.26.so[382e600000+1a7000]
It is safe to bump SRCREV to latest upstream commit to fix this issue
because there is only one commit since the last update:
core-image-tiny-initramfs: Enable running poky-tiny on qemux86-64
Building poky-tiny for x86-64 seems fine, but when executing qemu
it complains during boot time about not being able to execute init:
[ 5.409730] Failed to execute /init (error -8)
And then it drops to a login prompt (which it should't do on tiny)
This is supposed to be complaining about init's format, it only happens
on x86-64 architectures so perhaps is a 32/64 bit issue, but since
core-image-tiny-initramfs does not actually provide a traditional init,
the script is simply meant to drop to shell, we can workaround the issue
by specifying the kernel to run the init script via busybox's sh,
dropping to shell correctly on x86-64 leaving x86 unaffected.
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Yi Zhao [Thu, 21 Sep 2017 07:54:58 +0000 (15:54 +0800)]
ltp: fix hanging issue for gdb01 case
If gdb01 testcase runs as background process, gdb can receive SIGTTOU
and then the case gets stuck. Replace stdin with /dev/null to fix this
issue. The patch is backported from upstream.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/lib/oe/rootfs.py: clean up dnf cache after creating an image
It contains cached metadata for a transient repository that is used
only when creating images on the host, and so is of no use on target
images. Dnf will recreate the cache on target when needed.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Wed, 20 Sep 2017 12:57:33 +0000 (13:57 +0100)]
sanity: check that path variables don't use ~
The core path variables (TMPDIR, DL_DIR, SSTATE_DIR) don't use tilde expansion
but if the user does then the errors are very mysterious, so check on startup.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Tue, 19 Sep 2017 03:57:07 +0000 (15:57 +1200)]
scripts: rename yocto-compat-layer to remove "compatible" nomenclature
"Yocto Project Compatible" [1] is a programme which requires you meet
specific criteria including going through an application process - it is
not sufficient simply to run the script we have created here and have it
produce no warnings/errors. To avoid people being confused by the fact
that this script uses the term "compatible" or variations thereof,
substitute usage of that word with "check" instead. The functionality of
the script is unchanged.
There is an illegal address access in the function dump_uses() in progs/dump_entry.c
in ncurses 6.0 that might lead to a remote denial of service attack.
There is an illegal address access in the _nc_safe_strcat function in
strings.c in ncurses 6.0 that will lead to a remote denial of service attack.
There is an illegal address access in the function _nc_read_entry_source()
in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
There is an illegal address access in the _nc_save_str function in
alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
There is an infinite loop in the next_char function in comp_scan.c in
ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
There is an illegal address access in the function postprocess_termcap()
in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
Wenzong Fan [Wed, 20 Sep 2017 08:17:05 +0000 (01:17 -0700)]
kernel.bbclass: build host programs with native sysroots
Allow to search header files and libs from native sysroots.
For example, an expanded BUILD_CFLAGS includes:
'-isystem/builddir/to/linux-yocto/recipe-sysroot-native/usr/include'
And an expanded BUILD_LDFLAGS includes:
'-L/builddir/to/linux-yocto/recipe-sysroot-native/usr/lib
-Wl,-rpath-link,/builddir/to/linux-yocto/recipe-sysroot-native/usr/lib
-Wl,-rpath,/builddir/to/linux-yocto/recipe-sysroot-native/usr/lib'
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
image.bbclass: Sorted ctypes to avoid basehash error
When selected multiple subimages a similar error could happend:
Variable do_image_cpio[subimages] value changed \
from 'cpio.gz.u-boot cpio.gz' to 'cpio.gz cpio.gz.u-boot'
To avoid this, 'ctypes' should be sorted at 'gen_conversion_cmds'.
This garantee that 'CONVERSION_CMD_xxx' are always written in tha same
order and consequently 'do_image_cpio' have the same hash.
Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Otavio Salvador [Tue, 19 Sep 2017 13:19:41 +0000 (10:19 -0300)]
u-boot-fw-utils: Fix cross and target builds
- The environment tools target has change to envtools;
- The HOSTCC variable must be used to set CC for cross;
- Drop ARCH variable as it is set on config;
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
classes/image_live: fix using squashfs as image filesystem
Different squashfs versions have IMAGE_TYPE with hyphen (eg squashfs-lz4).
Tasks on the other hand have names with underscore (eg do_image_squashfs_lz4).
Signed-off-by: Tomasz Meresiński <tomasz.meresinski@comarch.pl> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ming Liu [Sun, 17 Sep 2017 09:53:43 +0000 (11:53 +0200)]
cross-canadian.bbclass: drop TARGET_* flags overrides
A regression was introduced by me in commit 767335c9:
[ cross-canadian.bbclass: override TARGET_* flags ]
it causes BUILDSDK_C/CXXFLAGS being exported in environment-setup
script built from meta-environment recipe, which is wrong, restore to
TARGET_C/CXXFLAGS.
Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
By setting systemd-serialgetty to rdepend on systemd, we are making
configuration files have runtime dependency on the main utility that
uses those configuration files. Applied with the same logic, we should
make any package that provides service files under /etc/init.d/ to have
runtime dependency on sysvinit. And this is not right.
So we should remove systemd from RDEPENDS of systemd-serialgetty.
Besides, as we have changed systemd to have systemd-serialgetty in its
RDEPENDS by default, we should avoid circular dependency issue.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Set NO_RECOMMENDATIONS to "1", build and start a systemd image, and we
could not get serial getty spawned, thus causing the user not able to
login via serial port.
E.g.
MACHINE=qemux86-64 bitbake core-image-minimal
runqemu qemux86-64 nographic
And we cannot login onto the system.
Move util-linux-agetty and systemd-serialgetty (determined by PACKAGECONFIG)
from RRECOMMENDS to RDEPENDS to fix the above problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Mon, 18 Sep 2017 04:54:42 +0000 (16:54 +1200)]
classes/externalsrc: delete symlinks at start of do_buildclean
To help users find the work and log directories (especially within the
eSDK) we create symlinks to these from the source tree. However during
do_buildclean we call "make clean", and some project Makefiles which
delete something like "*/*/lib" which will match files underneath the
oe-workdir symlink and fail. do_buildclean is called from do_clean which
is in turn called by devtool reset by default, and thus devtool reset is
blocked. An example of a recipe where this is visible is the openssl-qat
recipe in meta-intel.
In order to fix this, delete the symlinks at the start of do_buildclean
since we shouldn't need them at that point anyway, and thus make clean
won't be able to trip over them.
Fixes [YOCTO #11036].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
To improve binary reproducibility, only the
relevent part of the Makefile in bzip2-ptest
package that run-ptest needs are copied to
the destination directory.
bzip2-ptest requires Makefile. The original
Makefile contains references to build host.
By copying only the relevent part,
we avoid those references making their way
into the target system
Used Makefile.am as the source to extract
the revelent part instead of Makefile as
it is easier to parse than Makefile.
A redundant command in do_install_ptest()
that repeat the copying of Makefile that
was already copied by Makefile's install-ptest
step is removed because it now interfers with
the creation of the new Makefile by
make's install-ptest.
[YOCTO #11596]
Signed-off-by: Ooi Cinly <cinly.ooi@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Having only this utility is useful for tiny initramfs'es which don't
need the whole util-linux package (and neither the busybox binary
which is much bigger than switch_root) to do operations like decrypt
a rootfs & switch to it in the init file.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
core-image-tiny-initramfs: initramfs recipes should not generate an actual image file
core-image-tiny-initramfs was used to generate a wic image, which was conceptually wrong
since initrafms recipes should only generate the boot artifacts that can later be used
by another recipe to generate an image using the tool of their choice.
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
QEMU version 2.11 will remove the pixman submodule. This means users are
always required to supply pixman from the system if building softmmu
support in QEMU.
Without specifying a pixman configure option QEMU will default to using
the system pixman if it is avaliable. In which case let's remove the
config option as it is no longer supported in recent commits and is not
required in older builds as the configure system defaults are already
using system pixman.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Matt Madison [Thu, 14 Sep 2017 19:22:30 +0000 (16:22 -0300)]
go.bbclass: set TMPDIR during compilation
The go build tool creates working directories under
$TMPDIR for all of its processing. Create a directory
under ${WORKDIR} for this and point TMPDIR at it during
compilation, so that systems that have a relatively
small /tmp filesystems can still compile larger Go
packages.
Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
Matt Madison [Thu, 14 Sep 2017 19:22:29 +0000 (16:22 -0300)]
go: fixes for cross-canadian builds
* Add patch for go's make script to allow for
build system != host system
* Add dependencies on the appropriate crosssdk recipes,
and use the crosssdk C compiler and linker
* Remove bashism in the wrapper script
* Restrict installation to only the tool binaries
to address some packaging errors
Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
