Richard Purdie [Sun, 14 Feb 2021 11:42:23 +0000 (11:42 +0000)]
bitbake.conf: Set as default task umask of 022
Rather than trying to set the umask of every task to the correct
value for determinism, set one value globally. This uses a new
bitbake variable so bump the minimum version to match.
This fixes strange determinism issues in at least quilt-ptest,
valgrind-ptest and kernel-devsrc.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jose Quaresma [Sat, 13 Feb 2021 00:59:22 +0000 (00:59 +0000)]
shaderc: remove the receipe configure hack and use a patch for that
[Yocto #14226]
[RP: Small patch filename fixup to allow to build] Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Fri, 12 Feb 2021 16:51:57 +0000 (10:51 -0600)]
libomxil: Fix up commercial license flag
The commercial license flag on libomxil is set because it may include
the Adaptive Multi-Rate audio codec (AMR) using FFmepg, which is patent
encumbered.
It turns out this component is disabled by default in the recipe; add a
PACKAGECONFIG to enable it and trigger the "commercial" LICENSE_FLAGS on
it. This make the default build configuration clean unless a user
specifically asks for AMR support, and prevents them from marking the
recipe with the "commerical" flag unnecessarily which could hide
potential problems later on.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Fri, 12 Feb 2021 07:59:52 +0000 (23:59 -0800)]
autoconf: Add missing perl modules to rdeps
Calling autoreconf with on-device sdk fails due to missing perl modules
which are required for it to work with autoconf 2.71+
Fixes
Can't locate File/Temp.pm in @INC (you may need to install the File::Temp module) (@INC contains: /usr/share/autoconf /usr/lib/perl5/site_perl/5.32.0/riscv32-linux /usr/lib/perl5/site_perl/5.32.0 /usr/lib/per
l5/vendor_perl/5.32.0/riscv32-linux /usr/lib/perl5/vendor_perl/5.32.0 /usr/lib/perl5/5.32.0/riscv32-linux /usr/lib/perl5/5.32.0 .) at /usr/bin/autoreconf line 50.
BEGIN failed--compilation aborted at /usr/bin/autoreconf line 50.
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 11 Feb 2021 14:46:45 +0000 (14:46 +0000)]
glibc: add workaround for faccessat2 being blocked by seccomp filters
Older seccomp-based filters used in container frameworks will block faccessat2
calls as it's a relatively new syscall. This isn't a big problem with
glibc <2.33 but 2.33 will call faccessat2 itself, get EPERM, and thenn be confused
about what to do as EPERM isn't an expected error code.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yoann Congal [Tue, 9 Feb 2021 15:53:46 +0000 (16:53 +0100)]
npm.bbclass: avoid building target nodejs for native npm recipes
The current recipe unconditionally RDEPENDS on nodejs (the target one).
When building on the "-native recipe" of "BBCLASSEXTEND native" recipe,
the target nodejs is unnecessarily built.
This patch fixes this by only RDEPENDS on nodejs when building for the target.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Wed, 10 Feb 2021 07:40:44 +0000 (23:40 -0800)]
security_flags.inc: Add same O<level> as in SELECTED_OPTIMIZATION
Adding -O can be troublesome in some packages where it may override the
O<n> specified by CFLAGS, this can be due to configure processing of
CFLAGS and munging them into new values in Makefiles, which is
contructed from CC and CFLAGS passed by bitbake environment. Problem
arises if the sequence is altered, which seems to be the case in some
packages e.g. ncurses, where the value from CC variable is added last
and thus overrides -O<n> coming from CFLAGS,
Therefore grok the value from SELECTED_OPTIMIZATION and append the
appropriate -O<level> flag to lcl_maybe_fortify so the level does not
change inaderdantly.
Since we do not use -O0 anymore there is no point of checking for
DEBUG_BUILD since it uses -Og now which works fine with
-D_FORTIFY_SOURCE=2, so check for optlevel O0 instead
akuster [Wed, 10 Feb 2021 04:32:07 +0000 (04:32 +0000)]
connman: update to 1.39
Bug fix only and includes two security fixes:
CVE-2021-26675
CVE-2021-26676
Changelog:
- Fix issue with scanning state synchronization and iwd.
- Fix issue with invalid key with 4-way handshake offloading.
- Fix issue with DNS proxy length checks to prevent buffer overflow.
- Fix issue with DHCP leaking stack data via uninitialized variable.
[Yocto #14231]
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 9 Feb 2021 13:15:24 +0000 (13:15 +0000)]
opkg: Fix patch glitches
The original patch contained some text which shouldn't have been there
and used brackets in configure which isn't a great idea. Tweak the patch
to resolve this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wang Mingyu [Tue, 9 Feb 2021 08:30:36 +0000 (16:30 +0800)]
parted: upgrade 3.3 -> 3.4
0001-Move-python-helper-scripts-used-only-in-tests-to-Pyt.patch
0001-libparted-fs-add-sourcedir-lib-to-include-paths.patch
0002-tests-use-skip_-rather-than-skip_test_-which-is-unde.patch
removed since they are included in 3.4
Add python3-core to RDEPENDS_parted-ptest
since /usr/lib/parted/ptest/tests/msdos-overlap contained in package parted-ptest requires /usr/bin/python3
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 10 Feb 2021 10:12:40 +0000 (10:12 +0000)]
Fix up bitbake logging compatibility
Bitbake changed the debug() logging call to make it compatible with
standard python logging by no longer including a debug level as the
first argument. Fix up the few places this was being used.
Tweaked version of a patch from Joshua Watt.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chee Yang Lee [Tue, 2 Feb 2021 05:43:16 +0000 (13:43 +0800)]
initrdscripts: init-install-efi.sh install extra files for ESP
Currently the install script copy only few hard coded item while
setting up target ESP, kernel artifacts, all .efi in EFI/BOOT,
grub & boot cfg and loader.conf.
While ESP can be much complex, eg: contain multiple initrd.
Add a ESP folder to carry any other files to setup onto ESP.
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
akuster [Mon, 8 Feb 2021 05:51:30 +0000 (05:51 +0000)]
cve-check: add include/exclude layers
There are times when exluding or including a layer
may be desired. This provide the framwork for that via
two variables. The default is all layers in bblayers.
zhengruoqin [Mon, 8 Feb 2021 06:36:26 +0000 (14:36 +0800)]
python3-packaging: upgrade 20.8 -> 20.9
20.9 - 2021-01-29
~~~~~~~~~~~~~~~~~
* Run [isort](https://pypi.org/project/isort/) over the code base (:issue:`377`)
* Add support for the ``macosx_10_*_universal2`` platform tags (:issue:`379`)
* Introduce ``packaging.utils.parse_wheel_filename()`` and ``parse_sdist_filename()``
(:issue:`387` and :issue:`389`)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jose Quaresma [Sat, 6 Feb 2021 14:27:10 +0000 (14:27 +0000)]
spirv-tools: fix reproducible
- remove build host path in cmake dev file to fix spirv-tools-dev reproducible
https://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20210125-8161_obd/packages/diff-html/
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Sat, 6 Feb 2021 06:31:38 +0000 (22:31 -0800)]
security_flags.inc: Use -O with -D_FORTIFY_SOURCE
compiler can only use fortify options when some level of optimization is
on, otherwise it ends up sending some warnings.
warning: _FORTIFY_SOURCE requires compiling with optimization (-O) [-W#warnings]
this is usually OK, since -O<level> would be added via CFLAGS to
compiler cmdline in normal compile stages, however during configure
there are problems when CC,CPP,CXX are probed alone in configure tests
which results in above warning, which confuses the configure results and
autotools 2.70+ detects it as error e.g.
configure:17292: error: C preprocessor "riscv32-yoe-linux-clang -target riscv32-yoe-linux -mlittle-endian -mno-relax -Qunused-arguments -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=/mnt/b/yoe/master/build/tmp/work/riscv32-yoe-linux/ndpi/3.4-r0/recipe-sysroot -E" fails sanity check
See `config.log' for more details
therefore adding a -O ( which actually is -O1 ) to lcl_maybe_fortify
means we can properly test these configure tests and real -O<level> will
still override -O added here, so overrall behavior improves
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 11 Nov 2020 15:30:20 +0000 (15:30 +0000)]
autotools: no need to depend on gnu-config
autoconf 2.70 onwards installs its own copies of config.guess/config.sub
which we keep up to date when autoconf builds, so there's no need to
depend on gnu-config for those files.
Ross Burton [Wed, 15 Jul 2020 15:03:21 +0000 (16:03 +0100)]
autoconf: upgrade to 2.71
After too many years, autoconf has made a new release. On the whole it
is compatible with previous releases, but some macros are more specific
about what they expose so minor tweaks to configure.ac may be required.
autoconf also now invokes intltoolize, gtkdocize, and copies
config.sub/guess, so there is less work for autotools.bbclass to do.
- AC_HEADER_MAJOR-port-to-glibc-2.25.patch
- add_musl_config.patch
- autoconf-replace-w-option-in-shebangs-with-modern-use-warnings.patch
- autoreconf-gnuconfigize.patch
- check-automake-cross-warning.patch
- config_site.patch
- fix_path_xtra.patch
- performance.patch
Drop a number of patches which have been integrated upstream.
- man-host-perl.patch
Don't use the target perl path when building documentation at build time:
- no-man.patch
Don't build documentation in native builds to avoid further build
dependencies.
Mike Looijmans [Fri, 5 Feb 2021 14:53:33 +0000 (15:53 +0100)]
license_image.bbclass: Don't attempt to symlink to the same file
Sometimes (that is, in all my builds) the lic_manifest_dir and
lic_manifest_symlink_dir end up pointing to the same file, resulting
in an error like this:
Exception: FileExistsError: [Errno 17] File exists: '/.../tmp-glibc/deploy/licenses/my-image-tdkz15' -> '/.../tmp-glibc/deploy/licenses/my-image-tdkz15'
First check to see if this is the case before attempting to create
the link.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Fri, 5 Feb 2021 19:22:34 +0000 (20:22 +0100)]
image_types.bbclass: tar: use posix format instead of gnu
* gnu isn't compatible with --xattrs used e.g. here:
https://github.com/advancedtelematic/meta-updater/blob/d3a832f66e8802cb45536ff278d5c77f946d341d/classes/image_types_ostree.bbclass#L16
causing do_image_tar failing with:
| tar: --xattrs can be used only on POSIX archives
| Try 'tar --help' or 'tar --usage' for more information.
* https://www.gnu.org/software/tar/manual/html_chapter/tar_8.html
says about posix format:
This is the most flexible and feature-rich format.
It does not impose any restrictions on file sizes or file name lengths.
This format is quite recent, so not all tar implementations are able to handle it properly.
However, this format is designed in such a way that any tar implementation able to read `ustar'
archives will be able to read most `posix' archives as well, with the only exception that any
additional information (such as long file names etc.) will in such case be extracted as plain
text files along with the files it refers to.
This archive format will be the default format for future versions of GNU tar.
and:
The default format for GNU tar is defined at compilation time.
You may check it by running tar --help, and examining the last lines of its output.
Usually, GNU tar is configured to create archives in `gnu' format, however, future version will switch to `posix'.
* I've compared tar on centos7 and ubuntu-18.04:
bash-4.2$ cat /etc/centos-release
CentOS Linux release 7.9.2009 (Core)
bash-4.2$ tar --version
tar (GNU tar) 1.26
...
bash-4.2$ tar --help | tail -n 5
*This* tar defaults to:
--format=gnu -f- -b20 --quoting-style=escape --rmt-command=/etc/rmt
--rsh-command=/usr/bin/ssh
...
bitbake@e0ee76f81c2f:/$ grep VERSION /etc/os-release
VERSION="18.04.5 LTS (Bionic Beaver)"
VERSION_ID="18.04"
VERSION_CODENAME=bionic
bitbake@e0ee76f81c2f:/$ tar --version
tar (GNU tar) 1.29
...
bitbake@e0ee76f81c2f:/$ tar --help | tail -n 5
...
*This* tar defaults to:
--format=gnu -f- -b20 --quoting-style=escape --rmt-command=/usr/lib/tar/rmt
--rsh-command=/usr/bin/rsh
Both support posix format (as pax POSIX 1003.1-2001). But centos7 version is
already too old anyway, because it doesn't support --sort=name used since:
https://git.openembedded.org/openembedded-core/commit/?id=4fa68626bbcfd9795577e1426c27d00f4d9d1c17
and
https://git.openembedded.org/openembedded-core/commit/?id=f19e43dec63a86c200e04ba14393583588550380
says that 1.28 is the minium version now and
https://git.openembedded.org/openembedded-core/commit/?id=7a66434cf11b7f051699b774e4fccd6738351368
recommends to use install-buildtools for hosts with tar < 1.28
On the other side latest tumbleweed from:
https://hub.docker.com/r/opensuse/tumbleweed
with tar-1.33 alredy defaults to posix format:
b99dbb3d86dd:/ # head -n 3 /etc/os-release
NAME="openSUSE Tumbleweed"
ID="opensuse-tumbleweed"
b99dbb3d86dd:/ # tar --version
tar (GNU tar) 1.33
...
b99dbb3d86dd:/ # tar --help | tail -n 3
*This* tar defaults to:
--format=posix -f- -b20 --quoting-style=escape --rmt-command=/usr/bin/rmt
--rsh-command=/usr/bin/ssh
I've packaged some sample rootfs directory with both tars and the result is
identical (with --format=gnu as well as --format=posix).
with ubuntu:
tar --sort=name --format=gnu --numeric-owner -cf rootfs.ubuntu.gnu.tar -C rootfs .
tar --xattrs --xattrs-include=* --sort=name --format=posix --numeric-owner -cf rootfs.ubuntu.posix.tar -C rootfs .
tumbleweed:
tar --sort=name --format=gnu --numeric-owner -cf rootfs.tumbleweed.gnu.tar -C rootfs .
tar --xattrs --xattrs-include=* --sort=name --format=posix --numeric-owner -cf rootfs.tumbleweed.posix.tar -C rootfs .
centos7 (without --sort=name):
tar --format=gnu --numeric-owner -cf rootfs.centos7.gnu.tar -C rootfs .
tar --xattrs --xattrs-include=* --format=posix --numeric-owner -cf rootfs.centos7.posix.tar -C rootfs .
size is identical:
-rw-r--r-- 1 mjansa mjansa 2487480320 Feb 5 09:19 rootfs.ubuntu.gnu.tar
-rw-r--r-- 1 mjansa mjansa 2487480320 Feb 5 10:17 rootfs.centos7.gnu.tar
-rw-r--r-- 1 mjansa mjansa 2487480320 Feb 5 10:26 rootfs.tumbleweed.gnu.tar
-rw-r--r-- 1 mjansa mjansa 2579875840 Feb 5 10:15 rootfs.ubuntu.posix.tar
-rw-r--r-- 1 mjansa mjansa 2579875840 Feb 5 10:16 rootfs.centos7.posix.tar
-rw-r--r-- 1 mjansa mjansa 2579875840 Feb 5 10:26 rootfs.tumbleweed.posix.tar
so cannot really say which format is better for reproducible tar
archives from different distros, but posix at least supports xattrs
and it's the format for future.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Thu, 4 Feb 2021 21:38:41 +0000 (15:38 -0600)]
bash: Disable bracketed input by default
Bash 5.1 enabled bracketed input mode by default, but this causes a lot
of problems with automated testing as it can inject a lot of control
sequences into non-interactive output. Disable it to cleanup the output
an preserve the pre-5.1 behavior
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
zhengruoqin [Fri, 5 Feb 2021 02:29:41 +0000 (10:29 +0800)]
mc: upgrade 4.8.25 -> 4.8.26
Fix the do_compile error:
| ../../../mc-4.8.26/lib/tty/tty-ncurses.c: In function 'tty_colorize_area':
| ../../../mc-4.8.26/lib/tty/tty-ncurses.c:557:5: error: unknown type name 'cchar_t'; did you mean 'wchar_t'?
add -DNCURSES_WIDECHAR=1 when musl.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 4 Feb 2021 21:31:00 +0000 (21:31 +0000)]
openssh: Backport a fix to fix with glibc 2.33 on some platforms
This fixes openssh failing to work on qemux86 with glibc 2.33 due to
seccomp and the fact new syscalls are used. Also likely fixes issues
on other platforms.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mingli Yu [Thu, 4 Feb 2021 09:07:14 +0000 (17:07 +0800)]
qemu: make ptest rework
After qemu upgrades to 5.2.0 in commit [1], if also switches
to meson and the previous logic which introduces the testsuites
changes in [2] and results in below error when run ptest test:
# ./run-ptest
for f in ; do \
nf=$(echo $f | sed 's/tests\//\.\//g'); \
$nf; \
done
So refactor the ptest part code to make it work again.
Steve Sakoman [Thu, 4 Feb 2021 20:34:51 +0000 (10:34 -1000)]
glibc: update to latest release/2.32/master branch
Remove patches for CVE-2019-25013 and CVE-2020-27618 since they are
present in the branch now. Add both CVEs to CVE_CHECK_WHITELIST.
760e1d28782 gconv: Fix assertion failure in ISO-2022-JP-3 module (bug 27256) d3cb8f6222a aarch64: fix static PIE start code for BTI [BZ #27068] 082798622d8 __vfscanf_internal: fix aliasing violation (bug 26690) 33dc30bc838 aarch64: Use mmap to add PROT_BTI instead of mprotect [BZ #26831] 46e1e64fe3e elf: Pass the fd to note processing b6eae83717d elf: Move note processing after l_phdr is updated c6090dcebd1 aarch64: align address for BTI protection [BZ #26988] 610e2c51504 aarch64: Fix missing BTI protection from dependencies [BZ #26926] 4c619b3eed5 x86: Check IFUNC definition in unrelocated executable [BZ #20019] 87450ecf8a8 x86: Set header.feature_1 in TCB for always-on CET [BZ #27177] 2b4f67c2b33 Update for [BZ #27130] fix 1a24bbd43e4 x86-64: Avoid rep movsb with short distance [BZ #27130] 0d9793e82a1 Fix buffer overrun in EUC-KR conversion module (bz #24973) 1d49bede4d8 tests-mcheck: New variable to run tests with MALLOC_CHECK_=3 050022910be iconv: Accept redundant shift sequences in IBM1364 [BZ #26224] ac0a6929c5d sh: Add sh4 fpu Implies folder 3ea24955bff struct _Unwind_Exception alignment should not depend on compiler flags 5c36293f067 resolv: Serialize processing in resolv/tst-resolv-txnid-collision 2dfa659a66f resolv: Handle transaction ID collisions in parallel queries (bug 26600) 05c025abca1 support: Provide a way to clear the RA bit in DNS server responses f688bcd83de support: Provide a way to reorder responses within the DNS test server eba0ce60588 Remove __warndecl 5337b2af4b8 Remove __warn_memset_zero_len [BZ #25399] c6e794640c3 aarch64: Add unwind information to _start (bug 26853) 70ee5e8b573 aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798] 8813b2682e4 x86: Optimizing memcpy for AMD Zen architecture. e61a8fd8fad Reversing calculation of __x86_shared_non_temporal_threshold 0b9460d22e2 sysvipc: Fix IPC_INFO and SHM_INFO handling [BZ #26636] c4aeedea598 sysvipc: Fix IPC_INFO and MSG_INFO handling [BZ #26639] 9b139b6b81a sysvipc: Fix SEM_STAT_ANY kernel argument pass [BZ #26637] 81c5484d93a AArch64: Use __memcpy_simd on Neoverse N2/V1 0f8f0ed25c1 AArch64: Improve backwards memmove performance 23482f78866 Set version.h RELEASE to "stable" (Bug 26700) 69beb5cbf85 string: Fix strerrorname_np return value [BZ #26555] fe62c4d173f intl: Handle translation output codesets with suffixes [BZ #26383] 386543bc449 NEWS: Update for [BZ #26534] fix cebc01cbfd6 x86-64: Fix FMA4 detection in ifunc [BZ #26534]
Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+ Files: doc/sphinxext/numpydoc/*
+ License: BSD-2-Clause
+ For details, see doc/sphinxext/LICENSE.txt
+
+ Name: scipy-sphinx-theme
+ Files: doc/scipy-sphinx-theme/*
+ License: BSD-3-Clause AND PSF-2.0 AND Apache-2.0
+ For details, see doc/scipy-sphinx-theme/LICENSE.txt
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
