Chen Qi [Fri, 7 Nov 2014 08:47:19 +0000 (16:47 +0800)]
nfs-utils: change owner/group of directories in do_install
Previously, the owners/groups of directories like /var/lib/nfs/statd
are changed in the init script, /etc/init.d/nfscommon. This is actually
a workaround. We need to change them at do_install time.
This patch fixes the above problem by changing owners/groups at do_install
time.
Besides, configuration option '--with-staduser=nobody' is changed to be
'--with-statduser=rpcuser'. And /var/lib/nfs/statd/state is modified to have
permission 0644, just like other distros (ubuntu, fedora, etc.) do.
Jackie Huang [Thu, 6 Nov 2014 05:33:38 +0000 (00:33 -0500)]
perl: set the perl libraries search path
The default value for this is ../../lib which ends up with
something like:
| ./sysroots/x86_64-linux/usr/bin/perl-native/perl5.20.0.real \
| "-I../../lib" "-I../../lib" "-MExtUtils::Command::MM" -e pod2man \
| "--" --section=0 --perm_rw=644 perldoc.pod blib/man1/perldoc.1
in this case, nativeperl will find libraries from the target build,
When using an x86-64 host to target Haswell, you can end up with
../../lib including precompiled modules which use Haswell
instructions, it fails with:
| Running pm_to_blib for dist/if directly
| Skip ../../lib/if.pm (unchanged)
| Makefile:457: recipe for target 'manifypods' failed
| make[1]: *** [manifypods] Illegal instruction
So set it to use the -native ones instead of those from the target
build.
Richard Purdie [Wed, 5 Nov 2014 18:49:03 +0000 (18:49 +0000)]
perl: Enable rebuilds to account for configuration changes
If configure/compile was rerun for perl, changes such as libdir changes
were not being picked up. To fix this we we add "make clean"
functionality, if the makefile is present.
We also in this case need to delete the .so file, else some perl modules
try and load the target arch libraries leading to build failures. I'd
love it if there were a better way to do this and am open to better
proposals but this was the best I could find, not being a perl expert.
Jackie Huang [Fri, 31 Oct 2014 14:41:49 +0000 (10:41 -0400)]
gcc: backport two patches to fix ICE in dwarf2out_var_location
The first patch fixes the ICE in dwarf2out_var_location, at
dwarf2out.c.
r212171:
* except.c (emit_note_eh_region_end): New helper function.
(convert_to_eh_region_ranges): Use emit_note_eh_region_end to
emit EH_REGION_END note.
* jump.c (cleanup_barriers): Do not split a call and its
corresponding CALL_ARG_LOCATION note.
But it introduced a regression issue:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=63348
so backport the fix for the regression as well:
r215613:
PR rtl-optimization/63348
* emit-rtl.c (try_split): Do not emit extra barrier.
Hongxu Jia [Wed, 29 Oct 2014 05:54:50 +0000 (13:54 +0800)]
python-smartpm: report warn rather than error during install with --attempt
With the following config and build image:
...
IMAGE_INSTALL_append = "shadow man-pages"
EXTRA_IMAGE_FEATURES += "doc-pkgs"
...
There is an error during install with --attempt, and it breaks the build.
...
|error: file /usr/share/man/man5/passwd.5 from install of
shadow-doc-4.2.1-r0.i586 conflicts with file from package
man-pages-3.71-r0.i586
...
For complementary and 'attemptonly' package processing, we should make sure
the warn rather than error messages reported.
Hongxu Jia [Wed, 29 Oct 2014 05:54:49 +0000 (13:54 +0800)]
man-pages/shadow: resolve man pages confliction
Invoke smart/rpm to install man-pages and shadow-doc, there
is a build failure:
...
|error: file /usr/share/man/man5/passwd.5 from install of
shadow-doc-4.2.1-r0.0.core2_64 conflicts with file from
package man-pages-3.70-r0.0.core2_64
|error: file /usr/share/man/man3/getspnam.3 from install of
shadow-doc-4.2.1-r0.0.core2_64 conflicts with file from
package man-pages-3.70-r0.0.core2_64
...
Use alternatives mechanism to fix it.
As README in man-pages said: "Note that sometimes these
pages are duplicates of pages also distributed in other
packages. Be careful not to overwrite more up-to-date
versions. So we set man-pages with lower priority.
The subordinate IDs support in pkg-shadow allows unprivileged users to manage a
set of UIDs and GIDs. These subordinate IDs are specified by root, and can be
further used by the unprivileged user they have been assigned to. This user can
then create an e.g. user namespace, where he is allowed to manage his own set of
users and group from the pool of subordinate IDs. More details can be found at
http://lwn.net/Articles/533617/.
Pull a required change from upstream in order to make shadow cross-compile with
subordinate IDs support. Enable flag in recipe.
Roy.Li [Wed, 29 Oct 2014 06:01:07 +0000 (14:01 +0800)]
iproute2: backport a patch to make adding vxlan link success
If without this patch:
$ ip link add vxlan0 type vxlan id 51 group 238.1.1.1 dev eth0
Error: argument "vxlan0" is wrong: Unknown device
$
With this patch;
$ ip link add vxlan0 type vxlan id 51 group 238.1.1.1 dev eth0
$ ifconfig -a |grep vxlan0
vxlan0 Link encap:Ethernet HWaddr da:61:56:2e:c2:20
$
Gary Thomas [Tue, 28 Oct 2014 15:05:47 +0000 (09:05 -0600)]
python-pygtk: Restore pkg-config file
Some previous version of this recipe was errantly removing the pygtk-2.0.pc
(pkg-config) file. This is needed for other packages to be able to build
against this library.
Also update the .pc file to match current pkg-config use (libdir was missing).
Signed-off-by: Gary Thomas <gary@mlbassoc.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Chong Lu [Mon, 27 Oct 2014 05:24:23 +0000 (13:24 +0800)]
kmod: fix debuginfo is missing in shared library
INHIBIT_PACKAGE_STRIP variable will make debuginfo lose in shared library.
The test cases of kmod contain kernel modules for many different architectures,
strip and arch gets confused and throws errors. Pack kernel modules in test
cases to avoid strip command failed.
Ross Burton [Mon, 6 Oct 2014 22:09:15 +0000 (23:09 +0100)]
systemd: don't add files and dependencies from units Conflicts
Adding dependencies and moving files based on Conflicts tags in unit files isn't
right, mainly as it means that systemd depends on systemd-binfmt, because the
latter ends up containing the shutdown.target unit.
Paul Barker [Sun, 26 Oct 2014 19:36:22 +0000 (19:36 +0000)]
package_manager: Fix BAD_RECOMMENDATIONS for opkg
In package_manager.py, when using opkg as the packager, the command 'opkg <args>
info <pkg>' is called to get information about each pkg in BAD_RECOMMENDATIONS
in a format that can be written to the status file. The 'Status: ...' line is
modified and all other lines are passed through. Changing the verbosity level
argument for this command will change what it written into the status file.
Crucially, with the default verbosity level, no blank lines are being printed by
the opkg command and so no blank lines are being written to the status file to
separate each package entry.
The package parsing code in opkg expects package entries in the status file to
be separated by at least one blank line. If no blank line is seen, the next
package entry is interpreted as a continuation of the last package entry, but
the new values overwrite the old values.
So with the default verbosity level, a blank line follows some package entries
and these are parsed. The others are dropped due to the lack of blank lines. As
the verbosity increases, more debugging messages add blank lines and more
packages are parsed.
The solution to ensure that this works correctly regardless of the verbosity
level is simply add a blank line after the output of 'opkg info' is written to
the status file, ensuring that the next package is separated from the current
package.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Cc: Chris Carr <chris.carr@ge.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Johan Hovold [Fri, 24 Oct 2014 15:39:40 +0000 (17:39 +0200)]
udev: fix uevent-helper disable
Make sure that /proc/sys/kernel/hotplug exists before trying to disable
the uevent-helper mechanism.
Since kernel commit 86d56134f1b6 ("kobject: Make support for
uevent_helper optional.") the kernel can be built without uevent-helper
support. In this case /proc/sys/kernel/hotplug does not exist and the
current sysvinit script fails with
/etc/rcS.d/S04udev: line 132: can't create /proc/sys/kernel/hotplug: nonexistent directory
when trying to disable the uevent-helper mechanism during boot.
Note that a single NULL-character has always been sufficient to disable.
BusyBox: Fixing broadcast address is not fed and rightly initialized
When using udhcpc along with ip command(/sbin/ip), broadcast address is not
assigned. Broadcast address is successfully assigned when using udhcpc without
ip command existence.
with ip command:
$ifconfig eth0|grep Bcast
inet addr:128.224.162.141 Bcast:0.0.0.0 Mask:255.255.254.0
$
without ip command:
$ifconfig eth0|grep Bcast
inet addr:128.224.162.141 Bcast:128.224.163.255 Mask:255.255.254.0
$
/etc/udhcp.d/50default[simple.script] is called to set ip address by dhcp
client, In case of ifconfig, it doesn't care of it's existence because it
will automatically calculate broadcast address then assign it if there is
no broadcast option. However in case of ip command, it requires broadcast
address statically.
Signed-off-by: Hu <yadi.hu@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Par Olsson <Par.Olsson@windriver.com> Signed-off-by: Shan Hai <shan.hai@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
There is a failure to build lib32-meta-toolchain:
...
|ERROR: lib32-packagegroup-core-standalone-sdk-target not found in the base
feeds (qemux86_64 x86 noarch any all).
...
In package_manager.py, the variable 'DEFAULTTUNE_virtclass-multilib-lib32'
is used to process multilib image/toolchain. But for the build of lib32-
meta-toolchain, the value of 'DEFAULTTUNE_virtclass-multilib-lib32' is
deleted. In 'bitbake lib32-meta-toolchain -e', we got:
...
|# $DEFAULTTUNE_virtclass-multilib-lib32 [2 operations]
|# set? /home/jiahongxu/yocto/build-20141010-yocto/conf/local.conf:237
|# "x86"
|# del data_smart.py:406 [finalize]
|# ""
|# pre-expansion value:
|# "None"
...
The commit 899d45b90061eb3cf3e71029072eee42cd80930c in oe-core deleted
it at DataSmart.finalize
...
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Tue May 31 23:52:50 2011 +0100
bitbake/data_smart: Change overrides behaviour to remove
expanded variables from the datastore
...
We add an internal variable 'DEFAULTTUNE_ML_<multilib>', assign it with the
value of 'DEFAULTTUNE_virtclass-multilib-lib32' before deleting.
For rpm backend in package_manager.py, we use DEFAULTTUNE_virtclass-multilib
-lib32 first, if it is not available, and try to use DEFAULTTUNE_ML_<multilib>
Hongxu Jia [Wed, 8 Oct 2014 12:16:36 +0000 (20:16 +0800)]
opkg: fix remove pkg with --force-removal-of-dependent-packages failed
opkg remove perl --force-removal-of-dependent-packages
...
Removing package perl-module-extutils-mm-dos from root...
...
Removing package perl-module-extutils-mm-dos from root...
You can force removal of packages with failed prerm scripts with the option:
--force-remove
No packages removed.
Collected errors:
* pkg_run_script: Internal error: perl-module-extutils-mm-dos has a
NULL tmp_unpack_dir.
* opkg_remove_pkg: not removing package "perl-module-extutils-mm-dos",
prerm script failed
...
While remove pkg with '--force-removal-of-dependent-packages',
pkg may be added to remove list multiple times, add status
check to make sure pkg only be removed once.
Yuanjie Huang [Wed, 22 Oct 2014 08:47:57 +0000 (04:47 -0400)]
mtd-utils: Fix alignment trap triggered by NEON instructions
NEON instruction VLD1.64 was used to copy 64 bits data after type
casting, and they will trigger alignment trap.
This patch uses memcpy to avoid alignment problem.
Roy Li [Wed, 22 Oct 2014 08:35:43 +0000 (16:35 +0800)]
python3: do not replace ccache in the middle of a path
Python recipe did a sed s/ccache/$(CCACHE) on the Makefile, which
replaces all "ccache" including ones that consist of a full path.
This leads to build error when building in a project path with
"ccache" in its name. Fix it by only replacing "ccache " with
"$(CCACHE) ".
Same fix on python 2.xx is: 1181112cf65bc[python: do not replace ccache in the ]
Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Hongxu Jia [Thu, 16 Oct 2014 07:16:25 +0000 (15:16 +0800)]
multilib.bbclass: fix incorrect TARGET_VENDOR in multilib image
While building multilib extended images such as libXX-core-image-minimal,
the WORKDIR has the same dir with the building of core-image-minimal.
$ ls tmp/work/qemux86_64-poky-linux/ -al
...
drwxrwxr-x 3 jiahongxu jiahongxu 4096 Oct 13 16:01 core-image-minimal
drwxrwxr-x 3 jiahongxu jiahongxu 4096 Oct 16 11:11 lib32-core-image-minimal
...
While image class is inherited, it did not assign OVERRIDES with
'virtclass-multilib-libXXX', so the reason is variable TARGET_VENDOR was
not override for multilib in that situation.
It refers what did for PN and MLPREFIX, and manually do the multilib
override for TARGET_VENDOR in RecipePreFinalise handler.
Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Pascal Bach [Fri, 24 Oct 2014 07:41:10 +0000 (09:41 +0200)]
image.py: Fix error in graph sorting
The graph sorting algorithm for image dependencies does a look for an
occurrence of a searched string instead of comparing the chunk to the
searched string. This leads to the problem that ubifs is recognized as ubi aswell.
This fixes this by splitting up the string into chunks.
Richard Purdie [Fri, 24 Oct 2014 14:14:31 +0000 (15:14 +0100)]
rm_work: Speed up rootfs/populate_sdk removal
Commands like bitbake X -c rootfs or bitbake X -c populate_sdk do not
trigger rm_work to clean up the directories afterwards since it
traditionally hooks onto do_build. This change means those two tasks now
clean up after themselves. We use the cleandirs function attribute to
handle this.
Maxin B. John [Fri, 5 Dec 2014 17:08:49 +0000 (18:08 +0100)]
python: fix ssl import error
Fix this ssl import error:
Python 2.7.3 (default, Dec 5 2014, 16:24:17)
[GCC 4.9.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/ssl.py", line 92, in <module>
import base64 # for DER-to-PEM translation
ImportError: No module named base64
Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Bian Naimeng [Mon, 8 Dec 2014 05:45:07 +0000 (13:45 +0800)]
cpio: fix bug CVE-2014-9112 for cpio-2.11
Obtain detain from following URL.
http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
Bian Naimeng [Mon, 8 Dec 2014 05:45:06 +0000 (13:45 +0800)]
cpio: fix bug CVE-2014-9112 for cpio-2.8
Obtain detain from following URL.
http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
He Zhe [Tue, 21 Oct 2014 09:47:44 +0000 (17:47 +0800)]
kernel.bbclass: Create modules directory even if there is no modules installed
During kernel_do_install it needs to make symbol link at
${D}/lib/modules/${KERNEL_VERSION}/build, but there will not be
${D}/lib/modules/${KERNEL_VERSION} if there is no modules installed for current
image, which will result in a build failure.
Add "mkdir -p ${D}/lib/modules/${KERNEL_VERSION}" here to avoid this failure
and the need of similar changes in other scripts that also expect it to exist.
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension
differences, and not bits-per-pixel differences, when determining whether an
image size has changed, which allows remote attackers to cause a denial of
service (out-of-bounds access) or possibly have unspecified other impact via
crafted MJPEG data.
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote
attackers to cause a denial of service (out-of-bounds access) or possibly
have unspecified other impact via crafted Quicktime Graphics (aka SMC) video
data.
Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Tom Zanussi [Wed, 29 Oct 2014 22:04:20 +0000 (17:04 -0500)]
wic: Use overhead factor when creating partitions from rootfs directories
When creating partitions sized to given rootfs directories, filesystem
creation could fail in cases where the calculated target partition
size was too small to contain the filesystem created using mkfs. This
occurred in particular when creating partitions to contain very large
filesystems such as those containing sdk image artifacts.
This same limition is present in the oe-core image creation classes,
which can be readily see by changing IMAGE_OVERHEAD_FACTOR from the
default 1.3 to 1.0 and building a sato-sdk image.
It should be possible to calculate required sizes exactly given the
source rootfs and target filesystem types, but for now, to address the
specific problem users are hitting in such situations, we'll just do
exactly what oe-core does and define and use an IMAGE_OVERHEAD_FACTOR
or 1.3 in those cases.
Ross Burton [Wed, 5 Nov 2014 20:34:40 +0000 (20:34 +0000)]
buildtools-tarball: package all of Python
Instead of cherry-picking pieces of Python to put into the buildtools tarball,
ship all of it. We can't predict what bits of Python will be needed in the
future.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andrei Gherzan [Wed, 26 Nov 2014 16:22:14 +0000 (08:22 -0800)]
xkeyboard-config: Inherit gettext
In a GPLv3-free build we have two different versions of gettext in sysroot due
to GPLv3 restrictions. In this case we need gettext-native too so we can have
the needed macros and avoid errors like:
"error: possibly undefined macro: AM_GNU_GETTEXT"
The needed dependency is added by gettext class which is prefered because it
takes care of NLS flags too.
Signed-off-by: Andrei Gherzan <andrei.gherzan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wenzong Fan [Wed, 26 Nov 2014 16:22:12 +0000 (08:22 -0800)]
python: Fix CVE-2014-7185
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.
Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tom Zanussi [Wed, 26 Nov 2014 16:22:09 +0000 (08:22 -0800)]
wic: Update bootimg-partition to use bootimg_dir
Update bootimg-partition to use bootimg_dir instead of img_deploy_dir,
to match similar usage in other plugins.
As mentioned elsewhere, plugins should use the passed-in value for
bootimg_dir directly if non-null, which corresponds to a user-assigned
value specified via a -b command-line param, and only fetch the value
from bitbake if that value is null.
Tom Zanussi [Wed, 26 Nov 2014 16:22:08 +0000 (08:22 -0800)]
wic: Remove special-case bootimg_dir
The first iterations of wic very shortsightedly catered to two
specific use-cases and added special-purpose params for those cases so
that they could be directly given their corresponding boot artifacts.
(hdddir and staging_data_dir).
As more use-cases are added, it becomes rather obvious that such a
scheme doens't scale, and additionally causes confusion for plugin
writers.
This removes those special cases and states explicitly in the help
text that plugins are responsible for locating their own boot
artifacts.
Tom Zanussi [Wed, 26 Nov 2014 16:22:05 +0000 (08:22 -0800)]
wic: Don't allow mkfs to fail silently in partition command
The return code from the mkfs command used by the partition creation
command was being ignored, allowing it to silently fail and leaving
users mystified as to why the resulting filesystem was corrupted.
This became obvious when failures occurred when creating large
e.g. sdk filesystems [YOCTO #6863].
Wenzong Fan [Fri, 21 Nov 2014 06:02:05 +0000 (01:02 -0500)]
serf: uprev to 1.3.7 for fixing CVE-2014-3504
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
Chong Lu [Tue, 4 Nov 2014 01:35:18 +0000 (09:35 +0800)]
curl: Security Advisory - curl - CVE-2014-3620
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.
Chong Lu [Fri, 24 Oct 2014 08:26:41 +0000 (16:26 +0800)]
curl: Security Advisory - curl - CVE-2014-3613
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted
certificate.<a href=http://cwe.mitre.org/data/definitions/297.html
target=_blank>CWE-297: Improper Validation of Certificate with Host
Mismatch</a>
Mark Hatle [Tue, 11 Nov 2014 02:09:29 +0000 (20:09 -0600)]
meta-environment: Fix config-site with a multilib config
[YOCTO #6951]
The TOOLCHAIN_CONFIGSITE_SYSROOTCACHE value was defaulting to the nativesdk
path and not the associated target path. Set the value in toolchain-scripts
to the target path.
Be sure to set the MLPREFIX within the meta-environment script as multilibs
are processed.
Update the config_site file name to use -BPN- not PN. Otherwise the
environment processing can't find the correct filename.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Jackie Huang [Mon, 27 Oct 2014 07:37:41 +0000 (03:37 -0400)]
license.bbclass: canonicalise the licenses named with 'X+'
If INCOMPATIBLE_LICENSE=GPLv3, GPLv3+ should be excluded
as well but not now since there is no SPDXLICENSEMAP for
licenses named with 'X+', we can add all the SPDXLICENSEMAP
settings for licenses named with 'X+' in licenses.conf,
but it's more like a duplication, so improve the canonical_license
function to auto map for 'X+' if SPDXLICENSEMAP for 'X' is
available, so GPLv3+ becomes GPL-3.0+.
This patch adds a flexible way to configure the CMake in SDKs. It adds
a toolchain configuration script which supports subscripts for
extensions, as for example Qt5.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dan McGregor [Wed, 3 Sep 2014 19:49:28 +0000 (13:49 -0600)]
systemd: Use ${ROOT_HOME} instead of /root
systemd avoids using nss lookups for the root user, so
naturally it assumes that root's home directory is /root.
In OE that's not the case, and it can lead to long delays when
shutting down due to user shutdown unit failures.
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Ross Burton <ross.burton@intel.com>
The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2
allows remote attackers to have an unspecified impact via crafted H.264
data, related to an SPS and slice mismatch and an out-of-bounds array
access.
libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to
cause a denial of service (crash) via vectors related to alternating bit
depths in H.264 data.
Wenlin Kang [Thu, 16 Oct 2014 10:26:49 +0000 (06:26 -0400)]
mtools: fix broken /usr/bin/lz
When build fs with mtools-3.9.9, has file /usr/bin/lz in rootfs,
it is the symlink to uz:
root@qemu3:~# /usr/bin/lz
-sh: /usr/bin/lz: No such file or directory
$root@qemu3:~# ls -l /usr/bin/lz
lrwxrwxrwx 1 root root 2 Jul 18 18:07 /usr/bin/lz -> uz
root@qemu3:~# uz
-sh: uz: command not found
But the uz isn't actually exist, so the result is that lz is a
broken symlink.
The root cause is that uz hasn't been installed when install-scripts.
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3
allows local users to create or overwrite arbitrary files via a symlink
attack on a /var/tmp/rltrace.[PID] file.
Kai Kang [Wed, 15 Oct 2014 07:16:31 +0000 (15:16 +0800)]
gnupg: CVE-2013-4242
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x
and possibly other products, allows local users to obtain private RSA
keys via a cache side-channel attack involving the L3 cache, aka
Flush+Reload.
Peter Urbanec [Wed, 15 Oct 2014 12:08:17 +0000 (23:08 +1100)]
sstate.bbclass: Fix up white space lost in last commit.
Commit e9672387 split one long line into a multi-line string, but in
the process white space between words was lost. This results in badly
formatted output when this message is printed.
Signed-off-by: Peter Urbanec <openembedded-devel@urbanec.net>
Paul Eggleton [Tue, 14 Oct 2014 13:39:10 +0000 (14:39 +0100)]
openssh: avoid screen sessions being killed on disconnect with systemd
Tell systemd just to kill the sshd process when the ssh connection drops
instead of the entire cgroup for sshd, so that any screen sessions (and
more to the point, processes within them) do not get killed.
(This is what the Fedora sshd service file does, and what we're already
doing in the dropbear service file).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Tue, 14 Oct 2014 09:20:24 +0000 (10:20 +0100)]
python: force off_t size to 8 to enable large file support
If DISTRO_FEATURES contains "largefile", force the size of off_t to 8 as
a workaround for having ac_cv_sizeof_off_t=4 on 32-bit systems. In
future we will likely drop the value from the site file, but for now
this is a slightly safer fix.
Fixes [YOCTO #6813].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Saul Wold [Sat, 11 Oct 2014 06:46:16 +0000 (23:46 -0700)]
gcc: backport patch for gcc bug 61144
This fixes gcc bug 6144, which in my case exhibited itself as a kernel
module that failed to load. This was because static platform_data
structures were being corrupted with the optimiser being set to any
value other than -O0.
Originally-submitted-by: Peter Urbanec <openembedded-devel@urbanec.net> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
However when we search for NEEDED libraries we ignore the
key above which is the path where the provider library is installed
and instead just seach in libdir and base_libdir and hence
libraries which are not in above standard search paths gets
ignored even if they appear in DT_NEEDED sections
and a note is emitted
NOTE: Couldn't find shared library provider for libLLVM-3.3.so, used by
files: ....
IMO this note should actually become an error since if we do
not have all DT_NEEDED libraries in image the system is dysfunctional.
This patch extracts this libpath from key and add it to seach paths
when looing for a provider of a shared library
[YOCTO #6798]
Change-Id: Ie5f08632e37ba8d3439c8aaae33bc68b8996792f Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed ncurses.do_configure:
configure: WARNING: did not find library /path/to/tmp/sysroots/qemuarm/usr/lib/pkgconfig
And then anyone requires ncurses.pc will fail.
The configure.in checks:
[snip]
if test -n "$PKG_CONFIG_LIBDIR" && test -d "$PKG_CONFIG_LIBDIR" ; then
[snip]
Create PKG_CONFIG_LIBDIR in do_configure will fix the problem.
We can reproduce the problem by:
Set SSTATE_DIR=/path/to/sstate-cache
1) In build1, make sure everything is ready in SSTATE_DIR
$ bitbake ncurses
2) In build2, rebuild ncurses only:
$ bitbake ncurses -ccleansstate && bitbake ncurses
Then we will see the warning in log.do_configure.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Saul Wold [Fri, 10 Oct 2014 15:20:22 +0000 (08:20 -0700)]
glibc: remove bad patch snippet that eglibc forward ported
The s_sin.c patch undoes some code changes in glibc itself, these changes have nothing to
do with the option groups and I suspect crept in as part of the initial conversion. Undoing
this patch also fixes a test failure in test-double and test-idouble.
[YOCTO #6808]
Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Fri, 10 Oct 2014 05:55:07 +0000 (22:55 -0700)]
wpa-supplicant: fix for rebuild
Fixed when rebuild:
make: *** No rule to make target `/path/to/old//sysroots/qemux86-64/usr/lib/dbus-1.0/include/dbus/dbus-arch-deps.h', needed by `dbus/dbus_old.o'. Stop.
The .d files save the path of the dependencies files which may not exist
when rebuild, we can remove them to make the rebuild work.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
$ bitbake avahi avahi-ui
ERROR: QA Issue: avahi-ui: Files/directories were installed but not shipped
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/avahi-daemon.socket
/lib/systemd/system/avahi-dnsconfd.service
/lib/systemd/system/avahi-daemon.service [installed-vs-shipped]
ERROR: The recipe avahi-ui is trying to install files into a sharedarea when those files already exist. Those files and their manifestlocation are:
/path/to/sysroots/qemux86-64/lib/systemd/system/avahi-daemon.socket
Matched in manifest-qemux86-64-avahi.populate_sysroot
/path/to/sysroots/qemux86-64/lib/systemd/system/avahi-dnsconfd.service
Matched in manifest-qemux86-64-avahi.populate_sysroot
/path/to/sysroots/qemux86-64/lib/systemd/system/avahi-daemon.service
Matched in manifest-qemux86-64-avahi.populate_sysroot
Please verify which recipe should provide theabove files.
And remove the duplicated line:
rm ${D}${base_libdir} -rf
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Robert Yang [Thu, 9 Oct 2014 09:39:09 +0000 (02:39 -0700)]
nss-myhostname: skip it when systemd
Fixed error when systemd is in DISTRO_FEATURES:
ERROR: The recipe systemd is trying to install files into a sharedarea when those files already exist. Those files and their manifestlocation are:
/path/to/sysroots/qemux86/usr/lib/libnss_myhostname.so.2
Matched in manifest-qemux86-nss-myhostname.populate_sysroot
Please verify which recipe should provide theabove files.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
