Yue Tao [Tue, 8 Apr 2014 18:15:06 +0000 (19:15 +0100)]
Security Advisory - openssl - CVE-2013-6450
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
Yue Tao [Tue, 8 Apr 2014 18:15:05 +0000 (19:15 +0100)]
Security Advisory - openssl - CVE-2013-4353
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
Concatenated fix of PowerPC time related system calls in eglibc 2.18 taken
from upstream glibc. See credits in patch header.
The effect is that some time related system calls returns nothing or garbage.
Fix tested on PowerPC e300c3.
Eglibc 2.17 does not have this issue and the patches are already part of 2.19.
Signed-off-by: Mats Karrman <mats.karrman@tritech.se> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(*) add MESA_EGL_NO_X11_HEADERS to defines
(*) avoid altering eglplatform.h from {top_srcdir}/include
using an alternative to
0003-EGL-Mutate-NativeDisplayType-depending-on-config
patch.
[YOCTO #5882]
Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Wed, 26 Mar 2014 09:26:45 +0000 (05:26 -0400)]
image_types.bbclass: use 4096 instead of 8192 bytes-per-inode
The image not correctly created if 'ptest-pkgs' is in IMAGE_FEATURES,
this is because there is no free inode left. We can use 4096 instead of
8192 bytes-per-inode to fix the problem, and most of the distributions
us 4096, such as Ubuntu, Suse, Fedora and CentOS.
There are another problems:
* There are error message when there is no free inode left if we run the
mke2fs command manually, but they are not in log.do_rootfs.
* The image generation doesn't stop when error happens because mke2fs
doesn't return failed for this case.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For each recipe, it populated license files to ${LICENSE_DIRECTORY}/${PN},
such as kernel's license dir was ${LICENSE_DIRECTORY}/kernel-3.10.17-yocto-standard;
In do_rootfs task, it copied license directories from ${LICENSE_DIRECTORY}/
${pkg}, and ${pkg} was listed in ${INSTALLED_PKGS};
We got ${INSTALLED_PKGS} by rpm query, such as the kernel were 'kernel-*',
but the kernel's PN was linux-yocto, so searching ${LICENSE_DIRECTORY}/
kernel-* failed.
Copied license directories from ${LICENSE_DIRECTORY}/${PN} fixed this
issue.
[YOCTO #5572]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Stefan Stanacar <stefanx.stanacar@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sébastien Mennetrier <s.mennetrier@innotis.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 11 Mar 2014 12:57:04 +0000 (12:57 +0000)]
avahi: handle SO_REUSEPORT not being available
Linux < 3.9 doesn't have the SO_REUSEPORT option so instead of failing to start
when built with >=3.9 kernel headers but booted on <3.9 kernels, continue as if
SO_REUSEPORT wasn't available.
For more info see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1959
http://www.gnutls.org/security.html#GNUTLS-SA-2014-1
https://www.gitorious.org/gnutls/gnutls/commit/467478d8ff08a3cb4be3034ff04c9d08a0ceba3e
Signed-off-by: Karl Hiramoto <karl@hiramoto.org> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For more info see:
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0092
https://www.gitorious.org/gnutls/gnutls/commit/6aa26f78150ccbdf0aec1878a41c17c41d358a3b
Signed-off-by: Karl Hiramoto <karl@hiramoto.org> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diego Sueiro [Fri, 14 Feb 2014 02:40:58 +0000 (10:40 +0800)]
systemd: journald fix ignored disk space restrictions
The upstream bug report can be seen at:
[Systemd #68161] -- https://bugs.freedesktop.org/show_bug.cgi?id=68161
This backports patches come from 207 and need to address this in the 206 version for dora branch.
Signed-off-by: Diego Sueiro <diego.sueiro@gmail.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gcc: Include patch scheduled for GCC 4.8.3 to fix epilogue on ARM
GCC 4.8.0, 4.8.1 and 4.8.2 can generate broken epilogues for the
ABI used by the kernel. Apply the patch that is included for GCC
4.8.3 from http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58854.
The issue was found on Yocto/Dora and the patch should be backported
to this branch. A kernel built with Dora's GCC 4.8.1 misbehaved on:
while true;
do
(for i in `seq 1 100`;
do
echo "Log message... $RANDOM";
done) | logger;
done
busybox's syslogd would from time to read a huge negative value and
then exit, strace would get stuck waiting on a syscall. After this
patch it appears to work better.
Signed-off-by: Holger Hans Peter Freyther <holger@moiji-mobile.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Wed, 4 Dec 2013 17:32:43 +0000 (18:32 +0100)]
cpan-base: Add vardepvalue to get_perl_version function
* without this bitbake -S perf shows following error:
ERROR: Bitbake's cached basehash does not match the one we just generated
(/OE/oe-core/meta/recipes-kernel/perf/perf.bb.do_package)!
if you run it twice, once without perl in sysroot and once with perl
already built
Ross Burton [Thu, 6 Feb 2014 23:17:18 +0000 (23:17 +0000)]
binconfig: mangle ${base_libdir}
Some recipes are installing libraries into ${base_libdir} (typically /lib) and
also use a foo-config binary to identify compile paths, for example
libusb-compat. Without mangling ${base_libdir} the ${base_libdir} path is
passed to the compiler, where it looks like a host path and results in
compile-host-path QA errors.
Laurentiu Palcu [Thu, 16 Jan 2014 14:25:08 +0000 (16:25 +0200)]
x11vnc: fix CAPS_LOCK issues
Currently, pressing CAPS_LOCK on the viewer changes the lock state on
the server and the key will not change the case.
To fix this, use -skip_lockkeys option to ignore all Caps_Lock,
Shift_Lock, Num_Lock, Scroll_Lock keysyms received from viewers, in
order to leave the lock state on the server side unchanged. However, the
keys will appear correctly on the remote side.
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Exiting explicitly in pkg_postinst makes it impossible to use the
update-rc.d class in a .bbappend because the link creation is appended
to the pkg_postinst script.
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Richard Purdie [Tue, 14 Jan 2014 11:42:38 +0000 (11:42 +0000)]
eglibc-locale: Fix depends on binutils
The dependency here needs to apply for nativesdk as well as target packages
as the autobuilder just tripped over that. We'd never want a native version
so I'm not sure why the target class override was even present. The dependency
also applies to do_package so lets be explicit about that in case sstate
decides to get clever.
Anders Darander [Fri, 10 Jan 2014 14:59:01 +0000 (15:59 +0100)]
terminal.bbclass: do not export PS1
With a complex PS1 setup, PS1 might not have all characters correctly escaped
when terminal.bbclass writes the export. This caused the run.do_terminal.PID to
terminate, making it impossible to use the devshell.
As the spawned shell will parse e.g. .bashrc (or whatever rc-file is being
used), PS1 will be reset in the devshell.
Signed-off-by: Anders Darander <anders@chargestorm.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Phil Blundell [Fri, 10 Jan 2014 12:54:16 +0000 (12:54 +0000)]
binutils: Also add autoconf-native to DEPENDS
Commit 616354f13732d13c17434d5b60b166f691c25761 is insufficient because
gnu-config-native's gnu-configize script uses perl modules from autoconf
and hence doesn't work unless autoconf-native is staged (which it may
not be if building from sstate).
Ideally g-c-n would itself declare a dependency on autoconf-native but this
is difficult to arrange without creating a dependency loop. autoconf-native
already depends on gnu-config-native (because autoreconf invokes gnu-configize)
and has a build dependency on m4-native, which in turn build-depends on g-c-n
because it configizes itself by steam in do_configure and needs config.{guess,sub}
to be available. Adding some sort of gnu-config-initial-native recipe would
fix the latter problem, but this would be ugly because it would need special-casing
in (at least) autotools.bbclass, and in any case this still wouldn't solve
the problem of autoconf itself depending on g-c-n.
So, the easiest solution to the problem at hand is to arrange for those
few recipes that depend on g-c-n but not autoconf-native to gain that
latter dependency as well.
Signed-off-by: Phil Blundell <pb@pbcl.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Phil Blundell [Thu, 9 Jan 2014 11:16:10 +0000 (11:16 +0000)]
libsoup: Remove libproxy from DEPENDS
Although libsoup did use to support direct usage of libproxy, it hasn't
done so for some time. Worse, if libsoup depends on libproxy then it
is impossible to build libproxy against webkit since webkit itself
depends on libsoup in some configurations. Fix this by removing the
extraneous entry from DEPENDS.
Signed-off-by: Phil Blundell <pb@pbcl.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Jacob Kroon [Mon, 30 Dec 2013 18:17:58 +0000 (19:17 +0100)]
meta/lib/oe/terminal.py: Don't pass non-supported '--disable-factory' flag to gnome-terminal
By default, all GNOME terminals share a single process,
reducing memory usage. This can be disabled by starting gnome-terminal
with the --disable-factory option
However, gnome-terminal in Fedora 20 does no longer support the
'--disable-factory' flag, so remove it. As the support for 'mate' terminals was
added as a copy of the gnome code in 8cc078a9c679845464c59028f584d7aba098cc1f,
remove the flag here aswell.
Signed-off-by: Jacob Kroon <jacob.kroon@mikrodidakt.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Saul Wold [Fri, 20 Dec 2013 18:47:26 +0000 (10:47 -0800)]
openssl: use PACKAGECONFIG to disable perl bits
Adding perl to the RDEPENDS caused a performance hit to the overall build time since this was
the only package that depended on perl. The openssl-misc package is not installed by default
so use a PACKAGECONFIG which can be overridden to allow the perl scripts along with perl to
be installed.
Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Paul Eggleton [Fri, 20 Dec 2013 14:55:09 +0000 (14:55 +0000)]
libav: add libpostproc to PROVIDES (for 0.8.x version only)
There is a separate libpostproc recipe in meta-oe for use with 9.x and
later versions of libav for those few that need libpostproc; however if
you just add meta-oe and try to build libpostproc without selecting the
libav 9.x version recipe, you'll be building the libpostproc recipe
together with libav 0.8.x, which provides its own libpostproc; this
leads to confusing errors at packaging time. In order to flag up that
these conflict more appropriately, add libpostproc to PROVIDES
explicitly so that you at least get a multiple providers error at the
start of the build.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Tom Zanussi [Tue, 31 Dec 2013 19:59:24 +0000 (13:59 -0600)]
systemtap: Add --enable-prologues to configuration
In some cases, the debuginfo generated by the compiler is insufficient
for systemtap to figure out function param locations; using -P allows
it to use prologue searching to find the correct locations.
Enable prologue searching in the configuration so the user doesn't
have to specify it manually.
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Scott Garman [Thu, 5 Dec 2013 21:57:31 +0000 (13:57 -0800)]
runqemu: remove core-image-* whitelist
Using a whitelist for image names to default to when none are
specified on the command line is no longer desired. Instead,
choose the most recently created image filename that conforms
to typical image naming conventions.
Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Krzysztof Sywula <krzysztof.m.sywula@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Ross Burton [Wed, 18 Dec 2013 16:20:02 +0000 (16:20 +0000)]
useradd.bbclass: add dependency on base-files
Packages that use useradd.bbclass should have a dependency on base-files so that
the /etc/skel directory is populated. Without this dependency base-files may or
may not be installed when the postinst runs, and the skel content may or may not
be copied.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
mykhani [Tue, 17 Dec 2013 08:28:35 +0000 (13:28 +0500)]
openssl.inc: Install c_rehash utility with openssl
c_rehash utility is not being installed with openssl.It conveniently
generates hash and symbolic links based on it for CA certificates
stored locally for SSL based server authentication
Signed-off-by: Yasir-Khan <yasir_khan@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Christopher Larson <kergoth@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Yue Tao [Thu, 5 Dec 2013 23:52:19 +0000 (17:52 -0600)]
icu: CVE-2013-2924
Use-after-free vulnerability in International Components for Unicode (ICU),
as used in Google Chrome before 30.0.1599.66 and other products, allows
remote attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Yue Tao [Thu, 5 Dec 2013 23:52:18 +0000 (17:52 -0600)]
acpid: CVE-2011-1159
acpid.c in acpid before 2.0.9 does not properly handle a situation in which
a process has connected to acpid.socket but is not reading any data, which
allows local users to cause a denial of service (daemon hang) via a crafted
application that performs a connect system call but no read system calls.
Signed-off-by: Yue Tao <yue.tao@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Li Wang [Thu, 5 Dec 2013 23:52:17 +0000 (17:52 -0600)]
xinetd: CVE-2013-4342
xinetd does not enforce the user and group configuration directives
for TCPMUX services, which causes these services to be run as root
and makes it easier for remote attackers to gain privileges by
leveraging another vulnerability in a service.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
the patch come from:
https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Roy Li [Tue, 10 Dec 2013 05:46:16 +0000 (13:46 +0800)]
multilib: Ensure we map the SYSTEMD_PACKAGES variable
If we don't do this, systemd.bbclase will complain to unable to find multilib
packages since PACKAGES is expand with mlprefix, but SYSTEMD_PACKAGES is not,
like in ntp.inc:
Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Hongxu Jia [Tue, 3 Dec 2013 06:03:50 +0000 (06:03 +0000)]
nativesdk.bbclass: support nativesdk to override with the PACKAGES_DYNAMIC statement
While compiling nativesdk-mtools, there was failure:
...
Nothing PROVIDES 'nativesdk-glibc-gconv-ibm850'. Close matches:
...
This patch supports nativesdk to override with the PACKAGES_DYNAMIC statement
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
For each recipe, it populated license files to ${LICENSE_DIRECTORY}/${PN},
such as kernel's license dir was ${LICENSE_DIRECTORY}/kernel-3.10.17-yocto-standard;
In do_rootfs task, it copied license directories from ${LICENSE_DIRECTORY}/
${pkg}, and ${pkg} was listed in ${INSTALLED_PKGS};
We got ${INSTALLED_PKGS} by rpm query, such as the kernel were 'kernel-*',
but the kernel's PN was linux-yocto, so searching ${LICENSE_DIRECTORY}/
kernel-* failed.
Copied license directories from ${LICENSE_DIRECTORY}/${PN} fixed this issue.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Include the console-kit module in PACKSGES explicitly so bitbake can map to
the RDEPENDS we define for it in this recipe, and thereby ensure that when
adding the console-kit module to an image, we also get the necessary
consolekit package produced.
Signed-off-by: Christopher Larson <kergoth@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
yzhu1 [Tue, 26 Nov 2013 08:38:28 +0000 (08:38 +0000)]
populate_sdk: verify executable or dynamically linked library
When toolchain directory is changed to execute mode, some non-executable
files or empty files are sorted. This will result in some errors. Thus when
sorting executable files or dynamically linked library, additional conditions
are to exclude non-executable files or empty files.
Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Christopher Larson <kergoth@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
When using make -j with the 'install' target, it's possible for altbininstall
(which normally creates BINDIR) and libainstall (which doesn't, though it
installs python-config there) to race, resulting in a failure due to
attempting to install python-config into a nonexistent BINDIR. Ensure it also
exists in the libainstall target.
Signed-off-by: Christopher Larson <kergoth@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Yue Tao [Thu, 28 Nov 2013 08:34:48 +0000 (16:34 +0800)]
python: do not replace ccache in the middle of a path
Python recipe did a sed s/ccache/$(CCACHE) on the Makefile, which
replaces all "ccache" including ones that consist of a full path.
This leads to build error when building in a project path with
"ccache" in its name. Fix it by only replacing "ccache " with
"$(CCACHE) ".
Signed-off-by: Lei Liu <lei.liu2@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Cristiana Voicu <cristiana.voicu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Richard Purdie [Fri, 29 Nov 2013 14:36:42 +0000 (14:36 +0000)]
image.bbclass: Depend on virtual/kernel:do_deploy
Now that none of the packagegroups depend on virtual/kernel, we have the problem
that MACHINE=qemumips bitbake core-image-minimal doesn't put a kernel
into the deploy directory. This breaks many common usecases and
user expectations.
To avoid this, add a dependency on the kernel deploy to image do_build tasks.
This should avoid any circular dependency issues but equally ensure users
have their expectations met.
Richard Purdie [Fri, 29 Nov 2013 11:22:56 +0000 (11:22 +0000)]
base/gcc-common: Ensure umask setting is consistent for shared workdir
gcc has cross and target components with a shared workdir. The unpack umask
settings need to match for all of these. We need to use strings in each
case to ensure the sstate code matches them correctly.
This patch tweaks various things to ensure the change adding the unpack umask
change doesn't break the compiler builds.
Martin Jansa [Fri, 22 Nov 2013 21:19:03 +0000 (22:19 +0100)]
base.bbclass: Set umask 022 also for do_unpack task
* when git checkouts files from fetched clone it respects system umask
and creates files with different permissions, if such files are copied
to packages, resulting target images have also different permissions
on them.
* we need reproducible builds across different builders with different
system umask, so set 022 umask
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Nick D'Ademo [Tue, 26 Nov 2013 06:26:46 +0000 (17:26 +1100)]
libav: install libraries to right directory when multilib is enabled
Explicitly set libdir and shlibdir to ${libdir} in EXTRA_OECONF. Otherwise, default library path of ${prefix}/lib is used which is incorrect in a multilib build.
Signed-off-by: Nick D'Ademo <nickdademo@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Robert Yang [Tue, 26 Nov 2013 10:32:34 +0000 (18:32 +0800)]
coreutils 6.9: fix coreutils.texi
This is used for fixing coreutils 6.9 (GPLv2+) do_installed failed:
[snip]
| coreutils.texi:2499: @itemx must follow @item
| coreutils.texi:2636: @itemx must follow @item
| coreutils.texi:2644: @itemx must follow @item
| coreutils.texi:2654: @itemx must follow @item
| coreutils.texi:2677: @itemx must follow @item
| coreutils.texi:2689: @itemx must follow @item
| coreutils.texi:2820: @itemx must follow @item
| coreutils.texi:3058: @itemx must follow @item
| coreutils.texi:3253: @itemx must follow @item
[snip]
Use '@item' instead of '@itemx' in several places, as Texinfo 5 refuses
to process an '@itemx' that is not preceded by an '@item'. Ensure that
node extended names in menus and sectioning are consistent, and that
ordering and presence of nodes in menus and in the actual text are
consistent as well.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Ming Liu [Wed, 13 Nov 2013 08:15:47 +0000 (16:15 +0800)]
qemu: explicitly disable xen support
We don't make use of xen and when building on Ubuntu 13.04 when
libxen-dev is installed on the build host you will get errors like the
following:
| /usr/include/x86_64-linux-gnu/bits/string3.h:81: warning: memset used with constant zero length parameter; this could be due to transposed parameters
| /usr/lib/gcc/x86_64-linux-gnu/4.7/../../../../lib/libxenguest.so: undefined reference to `lzma_alone_decoder@XZ_5.0'
| /usr/lib/gcc/x86_64-linux-gnu/4.7/../../../../lib/libxenguest.so: undefined reference to `lzma_code@XZ_5.0'
| /usr/lib/gcc/x86_64-linux-gnu/4.7/../../../../lib/libxenguest.so: undefined reference to `lzma_stream_decoder@XZ_5.0'
| /usr/lib/gcc/x86_64-linux-gnu/4.7/../../../../lib/libxenguest.so: undefined reference to `lzma_end@XZ_5.0'
This change disables xen for both -native and target packages but
since it is a PACKAGECONFIG a user could tune this to have xen support
in the target package.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Enrico Scholz [Mon, 25 Nov 2013 15:10:44 +0000 (16:10 +0100)]
bluez4: added dependency on 'libsndfile1'
bluez4 detects and uses libsndfile1 and the compilation can fail with
| sbc/sbctester.c:32:21: fatal error: sndfile.h: No such file or directory
| ...
| compilation terminated.
| make[1]: *** [sbc/sbctester.o] Error 1
in rebuilds (image with libsndfile1 was built, then some change ->
bluez4 do_configure runs with libsndfile1 -> libsndfile1 gets removed
-> bluez4 do_compile fails).
As there is no trivial way to disable its detection and to make it a
PACKAGECONFIG option, 'libsndfile1' was put into static DEPENDS.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Martin Jansa [Sun, 24 Nov 2013 13:28:27 +0000 (14:28 +0100)]
avahi: add leading space to RRECOMMENDS append
* in case update-rc.d is already in RRECOMMENDS it fails with
ERROR: Nothing RPROVIDES 'update-rc.dlibnss-mdns' (but
meta/recipes-connectivity/avahi/avahi_0.6.31.bb
RDEPENDS on or otherwise requires it)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Kai Kang [Mon, 25 Nov 2013 08:17:07 +0000 (16:17 +0800)]
x264: install libraries to right directory when enable multilib
x264 use [EPREFIX/lib] as default libdir. When multlib is enabled that
is not right. Packages depends on x264 such as libav configure fails
that can't find library x264.
Pass the right libdir to configure script to fix it.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Martin Jansa [Sat, 7 Dec 2013 17:49:42 +0000 (18:49 +0100)]
ltp: set PREFERRED_PROVIDER and rename runtests_noltp.sh script
* ltp installs 2 different runtests_noltp.sh files from different
directories into /opt/ltp/testcases/bin/runtests_noltp.sh
last one installed wins and causes unexpected changes in
buildhistory's files-in-image.txt report, rename them to have
unique name as other ltp scripts have.
* also define PREFERRED_PROVIDER to resolve note shown when
building with meta-oe layer:
NOTE: multiple providers are available for ltp (ltp, ltp-ddt)
NOTE: consider defining a PREFERRED_PROVIDER entry to match ltp
* use patch generated without -M
in my builds both versions worked, but Saul reported that it fails to
apply with:
Applying patch
0001-Rename-runtests_noltp.sh-script-so-have-unique-name.patch
patch: **** Only garbage was found in the patch input.
Now I've see the same issue on different builder (with Ubuntu 12.04).
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Mike Crowe [Fri, 22 Nov 2013 14:23:02 +0000 (14:23 +0000)]
kernel.bbclass: Stop bundle_initramfs thwarting sstate cache and fix race
The new do_bundle_initramfs task introduced in 609d5a9ab9e58bb1c2bcc2145399fbc8b701b85a defeats using the sstate
cache. The kernel is resurrected from the sstate cache but ends up being
built again since do_bundle_initramfs depends on do_compile.
The task is no longer nostamp to avoid causing unnecessary rebuilds. The
sstate checksum stamps should know when to rebuild.
The task now runs before do_deploy and part of the work has been moved to
do_deploy where it now writes to ${DEPLOYDIR} rather than
${DEPLOY_DIR_IMAGE} so that the files end up in sstate.
The task can also race against do_install since both call into the kernel
build system. This is fixed by making do_bundle_initramfs run after
do_install (which therefore also fixes the problem that 3baa63b4d588c3262254528b406ede265dd117bf was addressing.)
Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Steffen Sledz [Thu, 28 Nov 2013 14:09:31 +0000 (15:09 +0100)]
gdb-7.6: fix cygwin check in configure script
This is a fix which avoids false positives if the search pattern
"lose" is found in path descriptions in comments generated by the
preprocessor we hit in our development environment.
Baogen Shang [Mon, 21 Oct 2013 03:03:41 +0000 (11:03 +0800)]
libtiff: CVE-2013-4243
cve description:
Heap-based buffer overflow in the readgifimage function in the gif2tiff
tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a crafted height
and width values in a GIF image.
Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Baogen Shang [Mon, 21 Oct 2013 03:00:05 +0000 (11:00 +0800)]
libtiff: CVE-2013-4232
cve description:
Use-after-free vulnerability in the t2p_readwrite_pdf_image function
in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause
a denial of service (crash) or possible execute arbitrary code via a
crafted TIFF image.
Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Chen Qi [Thu, 21 Nov 2013 07:26:54 +0000 (01:26 -0600)]
nfs-utils: explicitly rdepend on bash
Scripts in nfs-utils need bash as their interpreter, so if nfs-utils
doesn't explicitly rdepend on bash, we would experience build failures
if we add nfs-utils to glibc-small images.
Add bash to RDEPENDS to solve this problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Ming Liu [Thu, 21 Nov 2013 07:05:04 +0000 (01:05 -0600)]
libtiff: fix CVE-2013-1960
Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf
in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted TIFF image
file.
Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Ross Burton [Fri, 29 Nov 2013 13:51:05 +0000 (13:51 +0000)]
qt4-x11-free: depend on ICU
ICU presence is auto-detected at configure time and until recently (e68850 and
d61230) was pulled into most builds through harfbuzz and beecrypt. Now it's
floating and this leads to build failures.
As in all likelihood the majority of people were building this with ICU enabled,
add an explicit dependency.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Lei Liu [Thu, 21 Nov 2013 19:30:48 +0000 (13:30 -0600)]
syslinux: use cross toolchain to compile
syslinux is compling something with host gcc at do_install
stage, which leads to some unexpected errors with old gcc
on host. Using our cross toolchain instead.
Signed-off-by: Lei Liu <lei.liu2@windriver.com> Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Jeffrey C Honig [Thu, 21 Nov 2013 07:34:41 +0000 (01:34 -0600)]
rootfs_*.bbclass: List which post-install scripts can not be run
When preping a read-only rootfs and finding some post-install
scripts that can not be run, list the names of said scripts to
avoid having to look around the rootfs to find a list.
Signed-off-by: Jeffrey C Honig <jeffrey.honig@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
