Dominic Sacré [Tue, 25 Oct 2016 17:20:17 +0000 (19:20 +0200)]
python3: Build and package precompiled modules
Remove the patch that was applied in the python3 and python3-native
recipes to skip compilation of python modules.
Modify generate-manifest-3.5.py to match '__pycache__' directories in
FILES_*.
This is necessary because Python3 puts .pyc files in '__pycache__'
subdirectories one level below the corresponding .py files, whereas in
Python2 they used to be right next to the sources.
This change significantly reduces the startup overhead of Python3
scripts. For example, on a Cortex-A9, "python3 -c pass" took 0.40s
before, and 0.19s after.
Signed-off-by: Dominic Sacré <dominic.sacre@gmx.de> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Tue, 22 Nov 2016 17:41:43 +0000 (17:41 +0000)]
conf: add C++ flags for uninative interoperatility
Create a common include file for compiler flags which allow native binaries to
be interoperable on a wide range of hosts. In particular the C++ ABI is
problematic so choose the CXX11 version to allow interoperation between gcc4 and
gcc5 based hosts. Moving this to a common include instead of uninative.bbclass
allows uninative to be configured later and used in the eSDK (where its
mandatory) even if the base configuration doesn't enable uninative by default
(e.g. nodistro in OE-Core).
[ YOCTO #10645 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Fabio Berton [Thu, 17 Nov 2016 15:26:34 +0000 (13:26 -0200)]
libpcap: Fix build when PACKAGECONFIG ipv6 is not enable
Add patches to fix error:
/
| ERROR: oe_runmake failed
| config.status: creating pcap-config.tmp
| mv pcap-config.tmp pcap-config
| chmod a+x pcap-config
| ../libpcap-1.8.1/gencode.c: In function 'pcap_compile':
| ../libpcap-1.8.1/gencode.c:693:8: error: 'compiler_state_t
| {aka struct _compiler_state}' has no member named 'ai'
| cstate.ai = NULL;
| ^
| ../libpcap-1.8.1/gencode.c: In function 'gen_gateway':
| ../libpcap-1.8.1/gencode.c:4914:13: error: 'cstate' undeclared
| (first use in this function)
| bpf_error(cstate, "direction applied to 'gateway'");
| ^~~~~~
| ../libpcap-1.8.1/gencode.c:4914:13: note: each undeclared identifier is
| reported only once for each function it appears in
\
Jiajie Hu [Fri, 11 Nov 2016 06:02:18 +0000 (14:02 +0800)]
devtool: fix handling of unicode characters from subprocess stdout
In previous implementation, a UnicodeDecodeError exception will be
raised if multi-byte encoded characters are printed by the subprocess.
As an example, the following command will fail in an en_US.UTF-8
environment because wget quotes its saving destination with '‘'(0xE2
0x80 0x98), while just the first byte is provided for decoding:
Yi Zhao [Thu, 17 Nov 2016 08:08:10 +0000 (16:08 +0800)]
tiff: Security fix CVE-2016-3632
CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in
LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of
service (out-of-bounds write) or execute arbitrary code via a crafted
TIFF image.
Yi Zhao [Thu, 17 Nov 2016 06:05:41 +0000 (14:05 +0800)]
grub_git: set COMPATIBLE_HOST_armv7ve to null
When build nxp-ls10xx which enable hard-float, it try to force soft-float:
| checking if compiling with clang... no
| checking for options to compile assembly...
| checking whether -freg-struct-return works... yes
| checking for options to get soft-float... no
| configure: error: could not force soft-float
Set COMPATIBLE_HOST_armv7ve to null to skip the build.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Yi Zhao [Wed, 16 Nov 2016 10:07:43 +0000 (18:07 +0800)]
nfs-utils: fix protocol minor version fall-back
Mount nfs directory would fail if no specific nfsvers:
mount -t nfs IP:/foo/bar/ /mnt/
mount.nfs: an incorrect mount option was specified
mount.nfs currently expects mount(2) to fail with EPROTONOSUPPORT if
the kernel doesn't understand the requested NFS version.
Unfortunately if the requested minor is not known to the kernel
it returns -EINVAL.
Backport patch from nfs-utils-1.3.4 to fix this issue.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Yi Zhao [Wed, 16 Nov 2016 10:07:33 +0000 (18:07 +0800)]
openssl: Security fix CVE-2016-7055
There is a carry propagating bug in the Broadwell-specific Montgomery
multiplication procedure that handles input lengths divisible by, but
longer than 256 bits.
Use SHA256 as default digest for OpenSSL instead of MD5.
CVE: CVE-2004-2761
The MD5 Message-Digest Algorithm is not collision resistant,
which makes it easier for context-dependent attackers to
conduct spoofing attacks, as demonstrated by attacks on the
use of MD5 in the signature algorithm of an X.509 certificate.
Joshua Lock [Tue, 15 Nov 2016 22:08:54 +0000 (22:08 +0000)]
lib/oe/lsb: better handle missing fields
Some rolling release distros, such as Arch Linux, don't include a
VERSION_ID field in their os-release file.
Change release_dict_osr() to better handle this optional field
being absent.
Further improve the resilience of the release_dict_*() methods by
always returning a dict and using dict.get() in distro_identifier()
to supply a default, empty string, value when then key is missing.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
There are many more stats on buildstats that 'Elapsed time', so make the script
more flexible to support all stats. Some cmd line examples:
$ buildstats.sh -s 'utime'
Buildstats' data covers proc's stats in different areas, including CPU times,
IO, program system resources and child program system resources. In order
to print values on each of these sets from command line, one can use the
following:
$ buildstats.sh -H -s 'TIME' | less
$ buildstats.sh -H -s 'IO' | less
and 'RUSAGE' and 'CHILD_RUSAGE' for program and program's child system
resources.
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Tue, 15 Nov 2016 20:05:45 +0000 (09:05 +1300)]
devtool: modify: support recipes with only local files as source
The hello-mod recipe is unusual in that it has only local files in
SRC_URI and builds these out of ${WORKDIR}. When you use devtool modify
on it, devtool puts all of those files in an "oe-local-files"
subdirectory of the source tree, which is not ${S} (or ${B}) any more
and thus building the recipe afterwards fails. It's a bit of a hack, but
symlink the files in oe-local-files into the source tree (and commit the
symlinks with an ignored commit so that the repo is clean) to work
around the problem. We only do this at time of extraction, so any files
added to or removed from oe-local-files after that won't be handled, but
I think there's a limit to how far we should go to support these kinds
of recipes - ultimately they are anomalies.
I initially tried a hacky workaround where I set effectively set B =
"${WORKDIR}" and that allowed it to build, but other things such as the
LIC_FILES_CHKSUM checks still broke because they expected to find files
in ${S}. Another hack where I set the sourcetree to point to the
oe-local-files subdirectory works for hello-mod but not for makedevs
since whilst that is similar, unlike hello-mod it does in fact have
files in the source tree (since it has a patch that adds COPYING) and
thus the same issue occurred.
Also tweak one of the tests that tries devtool modify / update-recipe on
the makedevs recipe to try building it since that would have caught this
issue.
Fixes [YOCTO #10616].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Olof Johansson [Tue, 15 Nov 2016 19:10:39 +0000 (20:10 +0100)]
licenses.conf: Fix variable name in comments (FOSS_NO_COPYRIGHT)
A FOSSology related variable was renamed from FOSS_COPRYIGHT to
FOSS_NO_COPYRIGHT, but the comment block describing the variable
in licenses.conf was missed.
Besides fixing this, this change also removes a redundant comment
about where the variable is defined (it's right there! ;-)).
Signed-off-by: Olof Johansson <olofjn@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
webkitgtk: move recommends on ca-certificates from epiphany to webkitgtk.
* The webkitgtk package should recommend the ca-certificates one,
because any program usign webkit (and not only epiphany) would
expect that the CAs certificates are available and that https
validation works as expected.
* For example, webkitgtk includes a MiniBrowser program that would
fail to proper verify https sites if the ca-certificate package
is not installed
* Instead of making each one of the webkitgtk consumers care about
the certificate package, do this in webkit itself.
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Stephano Cetola [Tue, 15 Nov 2016 17:03:00 +0000 (09:03 -0800)]
recipetool: add postinst to .deb import
The .deb import feature did not import postinst, postrm, preinst, or
prerm functions. This change checks to see if those files exist, and
if so, adds the appropriate functions.
[ YOCTO #10421 ]
Signed-off-by: Stephano Cetola <stephano.cetola@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Chen Qi [Tue, 15 Nov 2016 06:31:06 +0000 (14:31 +0800)]
rpm: fix multilib macro installation
For now, the rpm macro for multilib is not installed correctly. For
example, in x86-64 lib32 situation, the macro is installed under
tmp/work/x86-pokymllib32-linux/rpm/5.4.16-r0/image/usr/lib/rpm/poky/i686-linux/.
The directory is even not under WORKDIR. And it will of course not be
packaged.
We need to save necessary values before updating the localdata and restore
them so that the macros could be installed into the correct directory.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Stephano Cetola [Tue, 15 Nov 2016 02:30:11 +0000 (18:30 -0800)]
devshell: list commands when throwing NoSupportedTerminals
When attempting to run devshell, if no terminal is available, the
error being thrown was not very specific. This adds a list of
commands that failed, informing the user of what they can install to
fix the error.
[ YOCTO #10472]
Signed-off-by: Stephano Cetola <stephano.cetola@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Robert Yang [Mon, 14 Nov 2016 14:34:06 +0000 (06:34 -0800)]
sanity.bbclass: fix check_connectivity() for BB_NO_NETWORK = "0"
The old code:
network_enabled = not d.getVar('BB_NO_NETWORK', True)
It is True only when BB_NO_NETWORK is not set (None),
but BB_NO_NETWORK = "0" should also be True while "1" means no network,
"0" means need network in a normal case.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Robert Yang [Mon, 14 Nov 2016 14:34:05 +0000 (06:34 -0800)]
sanity.bbclass:check_connectivity(): print more error messages
This can help fix the problem when the error happens.
Now the error message is:
Fetcher failure for URL: 'https://www.example.com/'. URL https://www.example.com/ doesn't work.
Please ensure your host's network is configured correctly,
or set BB_NO_NETWORK = "1" to disable network access if
all required sources are on local disk.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Robert Yang [Mon, 14 Nov 2016 14:34:03 +0000 (06:34 -0800)]
populate_sdk_ext.bbclass: use weak assignment for TOOLCHAINEXT_OUTPUTNAME
The TOOLCHAINEXT_OUTPUTNAME is different from TOOLCHAIN_OUTPUTNAME, it
is used for eSDK only, so that it doesn't mix with SDK, use "?=" for it
so that other conf file can define it.
If we don't use "?=" here, then we need use forcevariable to redfine it:
TOOLCHAINEXT_OUTPUTNAME_forcevariable = "foo"
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
André Draszik [Thu, 10 Nov 2016 10:47:01 +0000 (10:47 +0000)]
sysvinit-inittab: make TERM=vt102 on serial consoles
This makes more sense than the default TERM=linux (as set
by the linux kernel).
In addition, when using busybox init, it tries to achieve
the same (in a different way).
Both agetty, and busybox getty support the terminal type as
the last argument.
Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
André Draszik [Thu, 10 Nov 2016 10:46:19 +0000 (10:46 +0000)]
opkg-utils: clear update-alternatives database on uninstall
When uninstalling update-alternatives, it doesn't seem to
make much sense to keep the update-alternatives database
around.
In particular when removing packaging data, e.g. due to
read-only rootfs, update-alternatives is removed from
the target file system. Leaving its database around
serves no purpose in that case as there is no way to
use it afterwards anyway.
This frees close to 700KB of (uncompressed) space in
a busybox based environment.
Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 10 Nov 2016 01:45:20 +0000 (14:45 +1300)]
oe-selftest: devtool: test that updating a file with subdir= works
If you have a file:// entry in SRC_URI with a subdir= parameter that
makes it extract into the source tree, then when you update that file in
oe-local-files and run devtool update-recipe then you want the original
file to be updated. This was made to work by OE-Core commit 9069fef5dad5a873c8a8f720f7bcbc7625556309 together with 31f1bbad248c36a8c86dde4ff57ce42efc664082, however until now there was no
oe-selftest test to verify it.
Note that in order to succeed this test also requires the fix
"lib/oe/recipeutils: ignore archives by default in
get_recipe_local_files()" since the test recipe uses a local tarball.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 10 Nov 2016 01:45:19 +0000 (14:45 +1300)]
lib/oe/recipeutils: ignore archives by default in get_recipe_local_files()
By default, have get_recipe_local_files() not return any archive
files. This prevents a local tarball from being erroneously removed
from SRC_URI if you run "devtool modify" on a recipe followed by
"devtool update-recipe". It doesn't actually help you to directly
update the contents of such tarballs, but at least now it won't break
the recipe.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 10 Nov 2016 01:45:18 +0000 (14:45 +1300)]
devtool: update-recipe: support replacing remote patches
If you have a patch remotely fetched in a recipe (e.g. from an http
server) that needs updating then add a local version and substitute the
entry in SRC_URI to point to it.
One can argue about how desirable it is to be modifying patches fetched
in this way, but then one can argue about how desirable it is to have
such patches in the recipe in the first place - and in any case if
devtool update-recipe is to correctly transfer changes to such patches
made in the git repository within the source tree to the recipe then
there isn't much choice but to do it this way.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 10 Nov 2016 01:45:17 +0000 (14:45 +1300)]
devtool: update-recipe: fix handling of compressed local patches
It is possible to use gzip or bzip2 to compress patches and still refer
to them in compressed form in the SRC_URI value within a recipe. If you
run "devtool modify" on such a recipe, make changes to the commit for
the patch and then run devtool update-recipe, we need to correctly
associate the commit back to the compressed patch file and re-compress
the patch, neither of which we were doing previously.
Additionally, add an oe-selftest test to ensure this doesn't regress in
future.
Fixes [YOCTO #8278].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 10 Nov 2016 01:45:16 +0000 (14:45 +1300)]
lib/oe/patch: fix handling of patches with no header
If a patch applied by a recipe has no header and we turn the recipe's
source into a git tree (when PATCHTOOL = "git" or when using devtool
extract / modify / upgrade), the commit message ends up consisting only
of the original filename marker ("%% original patch: filename.patch").
When we come to do turn the commits back into a set of patches in
extractPatches(), this first line ends up in the "Subject: " part of
the file, but we were ignoring it because the line didn't start with the
marker text. The end result was we weren't able to get the original
patch name. Strip off any "Subject [PATCH x/y]" part before looking for
the marker text to fix.
This caused "devtool modify openssl" followed by "devtool update-recipe
openssl" (without any changes in-between) to remove version-script.patch
because that patch has no header and we weren't able to determine the
original filename.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Thu, 10 Nov 2016 01:45:14 +0000 (14:45 +1300)]
devtool: update-recipe: check output before treating it as a string
As of the move to Python 3 and the fixes we applied at that time,
bb.process.run() will return a byte array of length 0 rather than an
empty string if the output is empty. That may be a bug that we should
fix, but for now it's easiest to just check the result here before
treating it as a string. This fixes running "devtool update-recipe" or
"devtool finish" on a recipe which has no source tree, for example
initramfs-framework.
Fixes [YOCTO #10563].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Khem Raj [Mon, 14 Nov 2016 05:35:46 +0000 (21:35 -0800)]
cmake.bbclass: Set CXXFLAGS and CFLAGS
We strip the TOOLCHAIN_OPTIONS and HOST_CC_ARCH from CC/CXX in cmake.bbclass
whereas CFLAFS and CXXFLAGS assume that TOOLCHAIN_OPTIONS are
part of CC/CXX variables, this causes compile failures when cmake
is running compiler tests during configure on some architectures
especially armhf, because hf ABI information -mfloat-abi is part
of TOOLCHAIN_OPTIONS, so what happens is that testcase gets compiled
without hard-float, howver, during linking the float ABI option
is passed via LDFLAGS, now linker rejects this and fails like
/mnt/a/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/arm-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/6.2.0/ld: error: cmTC_27947 uses VFP register arguments, CMakeFiles/cmTC_27947.dir/src.cxx.o does not
mnt/a/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/arm-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/6.2.0/ld: failed to merge target specific data of file CMakeFiles/cmTC_27947.dir/src.cxx.o
collect2: error: ld returned 1 exit status
This means that CMake now fails the configure time test too
which is not right, e.g. it might disable features which actually do exist
and should be enabled e.g. in case above it is resulting as below
Performing C++ SOURCE FILE Test HAS_BUILTIN_SYNC_SUB_AND_FETCH failed with the following output:
Its actually a bug in CMake see
https://gitlab.kitware.com/cmake/cmake/issues/16421
CMake is ignoring CMAKE_CXX_FLAGS when using CHECK_CXX_SOURCE_COMPILES
function.
Until it is fixed upstream, we add HOST_CC_ARCH and TOOLCHAIN_OPTIONS
to CFLAGS and CXXFLAGS, so that we can ensure that compiler invocation
remains consistent.
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Zhixiong Chi [Mon, 14 Nov 2016 09:46:52 +0000 (17:46 +0800)]
tiff: Security fix CVE-2016-3658
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool
allows remote attackers to cause a denial of service (out-of-bounds read) via vectors
involving the ma variable.
Linus Wallgren [Fri, 28 Oct 2016 14:36:27 +0000 (16:36 +0200)]
systemd: Reload configuration on package install
When a systemd service file has changed it is required to reload
systemd's configuration. Otherwise changes to a service file will not be
picked up during package upgrade.
Signed-off-by: Ross Burton <ross.burton@intel.com>
André Draszik [Wed, 9 Nov 2016 14:48:53 +0000 (14:48 +0000)]
openssl: fix bashism in c_rehash shell script
This script claims to be a /bin/sh script, but it uses
a bashism:
from checkbashisms:
possible bashism in meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh line 151 (should be 'b = a'):
if [ "x/" == "x$( echo ${FILE} | cut -c1 -)" ]
This causes build issues on systems that don't have
/bin/sh symlinked to bash:
Linus Wallgren [Mon, 14 Nov 2016 16:20:13 +0000 (17:20 +0100)]
lib/oe/package_manager: .deb pre/postinst args
The debian policy manual and MaintainerScripts wiki page states that the
postinst script is supposed to be called with the `configure` argument
at first install, likewise the preinst script is supposed to be called
with the `install` argument on first install.
Maciej Borzecki [Thu, 10 Nov 2016 12:18:37 +0000 (13:18 +0100)]
oe-selftest: fix handling of test cases without ID in --list-tests-by
Running `oe-selftest --list-tests-by module wic` will produce the
following backtrace:
Traceback (most recent call last):
File "<snip>/poky/scripts/oe-selftest", line 668, in <module>
ret = main()
File "<snip>/poky/scripts/oe-selftest", line 486, in main
list_testsuite_by(criteria, keyword)
File "<snip>/poky/scripts/oe-selftest", line 340, in list_testsuite_by
ts = sorted([ (tc.tcid, tc.tctag, tc.tcname, tc.tcclass, tc.tcmodule) for tc in get_testsuite_by(criteria, keyword) ])
TypeError: unorderable types: int() < NoneType()
The root cause is that a test case does not necessarily have an ID
assigned, hence its value is None. Since Python 3 does not allow
comparison of heterogeneous types, TypeError is raised.
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Maciej Borzecki [Thu, 10 Nov 2016 12:18:34 +0000 (13:18 +0100)]
wic: check that filesystem is specified for a rootfs partition
We explicitly check for --fstype if no source was provided for a
partition. However, this was not the case for rootfs partitions. Make
sure to raise an error if filesystem was left unspecified when preparing
a rootfs partition image.
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Maciej Borzecki [Thu, 10 Nov 2016 12:18:33 +0000 (13:18 +0100)]
wic: use partition size when creating empty partition files
It seems that prepare_empty_partition_ext() and
prepare_empty_partition_btrfs() got broken in commit c8669749e37fe865c197c98d5671d9de176ff4dd, thus one could observe the
following backtrace:
Backtrace:
File "<snip>/poky/scripts/lib/wic/plugins/imager/direct_plugin.py", line 93, in do_create
creator.create()
File "<snip>/poky/scripts/lib/wic/imager/baseimager.py", line 159, in create
self._create()
File "<snip>/poky/scripts/lib/wic/imager/direct.py", line 290, in _create
self.bootimg_dir, self.kernel_dir, self.native_sysroot)
File "<snip>/poky/scripts/lib/wic/partition.py", line 146, in prepare
method(rootfs, oe_builddir, native_sysroot)
File "<snip>/poky/scripts/lib/wic/partition.py", line 325, in prepare_empty_partition_ext
os.ftruncate(sparse.fileno(), rootfs_size * 1024)
NameError: name 'rootfs_size' is not defined
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Joshua Lock [Tue, 8 Nov 2016 14:49:56 +0000 (14:49 +0000)]
lib/oe/lsb: attempt to ensure consistent distro id regardless of source
The LSB Distributor ID and os-release NAME differ for most of the
distributions tested by the Yocto Project (CentOS, Debian, Fedora,
openSUSE and Ubuntu) however for all but openSUSE the os-release ID
matches the LSB Distributor ID when both are lowered before
comparison.
Therefore, in order to improve the consistency of identification of
a distribution, switch to using the os-release ID and converting
the ID value to lowercase.
Table showing comparison of LSB Distributor ID to os-release fields NAME
and ID for current Yocto Project supported host distributions:
Joshua Lock [Tue, 8 Nov 2016 14:49:55 +0000 (14:49 +0000)]
lib/oe/lsb: prefer /etc/os-release for distribution data
os-release(5) is an increasingly standard source of operating system
identification and more likely to be present on modern OS deployments, i.e.
many container variants of common distros include os-release and not the
lsb_release tool.
Therefore we should favour parsing /etc/os-release in distro_identifier(),
try lsb_release when that fails and finally fall back on various distro
specific sources of OS identification.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Joshua Lock [Tue, 8 Nov 2016 14:49:54 +0000 (14:49 +0000)]
lib/oe/lsb: make the release dict keys consistent regardless of source
Rather than have the distro_identifier method look for different keys in
the dict depending on the source ensure that each function for retrieving
release data uses the same key names in the returned dict.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
webkitgtk: drop patch 0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
* This patch is not longer needed. Upstream has fixed this issue in:
https://trac.webkit.org/changeset/205672 which is already included
in WebKitGTK+ >= 2.14.0
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Tue, 8 Nov 2016 23:07:41 +0000 (23:07 +0000)]
systemtap: remove explicit msgfmt check
Passing --disable-nls should be enough to disable the requirement for a full
gettext to be present, but the upstream configure explicitly checks for msgfmt
even if it isn't going to be used. To avoid having to depend on gettext-native,
patch this check out.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Khem Raj [Tue, 8 Nov 2016 15:19:32 +0000 (07:19 -0800)]
x264: Update to latest on stable branch
- unexport AS variable
- Switch URI to use github mirror for reliabality
- Disable openCL code, its not used
- TEXTRELs are fixed, therefore dont skip QA check
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Fabio Berton [Tue, 8 Nov 2016 11:52:48 +0000 (09:52 -0200)]
libpcap: Update to version 1.8.1
- Option --enable-canusb was removed on commit:
https://github.com/the-tcpdump-group/libpcap/commit/93ca5ff7030aaf1219e1de05ec89a68384bfc50b
- Autotools class was improved and we can now stop aclocal from running at all.
- File configure.in was renamed to configure.ac, rework libpcap-pkgconfig-support
patch and do_configure_prepend task to use configure.ac file.
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ed Bartosh [Mon, 24 Oct 2016 13:54:41 +0000 (16:54 +0300)]
systemd-bootdisk.wks: use PARTUUID
Root device name in systemd-bootdisk.wks is 'sda'. This can cause
images, produced using this wks to refuse booting if real device
name is not 'sda'. For example, when booting MinnowBoard MAX from
MicroSD card the boot process stucks with this message on the boot
console output: Waiting for root device /dev/sda2...
This happens because real device name of MicroSD card on this device
is mmcblk1.
Used --use-uuid option for root partition. This should make
wic to put partiion UUID instead of device name into kernel command
line.
[YOCTO #10485]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Khem Raj [Mon, 7 Nov 2016 07:25:26 +0000 (23:25 -0800)]
libbsd: Fix build with musl
a.out.h support is not across all architectures only
x86/x86_64 support is in linux/a.out.h, this patch
abstracts the minimum needed constructs into itself
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Li Zhou [Mon, 7 Nov 2016 03:02:16 +0000 (11:02 +0800)]
db: disable the ARM assembler mutex code
The swpb in macro MUTEX_SET will cause "undefined instruction" error
on the new arm arches which don't support this assembly instruction
any more. If use ldrex/strex to replace swpb, the old arm arches don't
support them. So to avoid this issue, just disable the ARM assembler
mutex code, and use the default pthreads mutex.
Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Fabio Berton [Fri, 4 Nov 2016 11:08:38 +0000 (09:08 -0200)]
gawk: Update to version 4.1.4
Add patch to remove hashbang line in file test/arrayind1.awk. This
patch fixes:
/
|WARNING: gawk-4.1.4-r0 do_package_qa: QA Issue:
|/usr/lib/gawk/ptest/test/arrayind1.awk contained in package gawk-ptest
|requires /usr/local/bin/awk, but no providers found in RDEPENDS_gawk-ptest?
|[file-rdeps]
\
André Draszik [Fri, 4 Nov 2016 11:06:31 +0000 (11:06 +0000)]
cve-check.bbclass: CVE-2014-2524 / readline v5.2
Contrary to the CVE report, the vulnerable trace functions
don't exist in readline v5.2 (which we keep for GPLv2+
purposes), they were added in readline v6.0 only - let's
whitelist that CVE in order to avoid false positives.
See also the discussion in
https://patchwork.openembedded.org/patch/81765/
Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Joe Konno [Thu, 3 Nov 2016 23:46:10 +0000 (16:46 -0700)]
initrdscripts: add support for NVME target install
Add awareness of /dev/nvme* block devices to install scripts. As presently
written, installer knows only of /dev/sd* and /dev/mmcblk* block devices.
Building upon scaffolding put in place by Awais in...
80ec9f627915 ("initrdscripts: handle mmc device as installer medium")
Signed-off-by: Joe Konno <joe.konno@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Fabio Berton [Thu, 3 Nov 2016 20:41:58 +0000 (18:41 -0200)]
curl: Update to version 7.51.0
CVE fixed in 7.51.0:
CVE-2016-8615: cookie injection for other servers
CVE-2016-8616: case insensitive password comparison
CVE-2016-8617: OOB write via unchecked multiplication
CVE-2016-8618: double-free in curl_maprintf
CVE-2016-8619: double-free in krb5 code
CVE-2016-8620: glob parser write/read out of bounds
CVE-2016-8621: curl_getdate read out of bounds
CVE-2016-8622: URL unescape heap overflow via integer truncation
CVE-2016-8623: Use-after-free via shared cookies
CVE-2016-8624: invalid URL parsing with '#'
CVE-2016-8625: IDNA 2003 makes curl use wrong host
To see complete log access link bellow:
https://curl.haxx.se/changes.html#7_51_0
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Mon, 7 Nov 2016 14:11:01 +0000 (14:11 +0000)]
lib/oe/qa: handle binaries with segments outside the first 4kb
The ELF parser was assuming that the segment tables are in the first 4kb of the
binary. Whilst this generally appears to be the case, there have been instances
where the segment table is elsewhere (offset 2MB, in this sample I have). Solve
this problem by mmap()ing the file instead.
Also clean up the code a little whilst chasing the problem.
Signed-off-by: Ross Burton <ross.burton@intel.com>
runqemu: Split out the base name of QB_DEFAULT_KERNEL
The function write_qemuboot_conf() in qemuboot.bbclass always inserts
the full path into QB_DEFAULT_KERNEL. Remove this path before using the
variable.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Armin Kuster [Fri, 4 Nov 2016 05:53:28 +0000 (22:53 -0700)]
tzdata: update to 2016i
Briefly: Cyprus split into two time zones on 2016-10-30, and Tonga
reintroduces DST on 2016-11-06.
Changes to future time stamps
Pacific/Tongatapu begins DST on 2016-11-06 at 02:00, ending on
2017-01-15 at 03:00. Assume future observances in Tonga will be
from the first Sunday in November through the third Sunday in
January, like Fiji. (Thanks to Pulu ʻAnau.) Switch to numeric
time zone abbreviations for this zone.
Changes to past and future time stamps
Northern Cyprus is now +03 year round, causing a split in Cyprus
time zones starting 2016-10-30 at 04:00. This creates a zone
Asia/Famagusta. (Thanks to Even Scharning and Matt Johnson.)
Antarctica/Casey switched from +08 to +11 on 2016-10-22.
(Thanks to Steffen Thorsen.)
Changes to past time stamps
Several corrections were made for pre-1975 time stamps in Italy.
These affect Europe/Malta, Europe/Rome, Europe/San_Marino, and
Europe/Vatican.
First, the 1893-11-01 00:00 transition in Italy used the new UT
offset (+01), not the old (+00:49:56). (Thanks to Michael
Deckers.)
Second, rules for daylight saving in Italy were changed to agree
with Italy's National Institute of Metrological Research (INRiM)
except for 1944, as follows (thanks to Pierpaolo Bernardi, Brian
Inglis, and Michael Deckers):
The 1916-06-03 transition was at 24:00, not 00:00.
The 1916-10-01, 1919-10-05, and 1920-09-19 transitions were at
00:00, not 01:00.
The 1917-09-30 and 1918-10-06 transitions were at 24:00, not
01:00.
The 1944-09-17 transition was at 03:00, not 01:00. This
particular change is taken from Italian law as INRiM's table,
(which says 02:00) appears to have a typo here. Also, keep the
1944-04-03 transition for Europe/Rome, as Rome was controlled by
Germany then.
The 1967-1970 and 1972-1974 fallback transitions were at 01:00,
not 00:00.
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
