Stefan Stanacar [Sun, 30 Mar 2014 14:47:33 +0000 (17:47 +0300)]
initrdscripts: add install scripts with a second rootfs
These are meant to be used by a master image, for a simple
initial setup.
The install scripts are similar to the default ones, but:
- custom partitioning, replaces the swap partiton with a second root filesystem
- adds labels to the partitions
- preconfigures a boot loader entry for the second rootfs
Part of [YOCTO #5614]
Signed-off-by: Stefan Stanacar <stefanx.stanacar@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joe Slater [Sun, 30 Mar 2014 20:48:45 +0000 (13:48 -0700)]
openssh: build without libbsd
We do not DEPEND on libbsd, so we do not want to
build with it just because libutil.h is found by configure.
As noted in the patch, specifying --disable-libutil to
configure does not work, so we provide "cached" configure
variables.
Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Mon, 31 Mar 2014 10:29:36 +0000 (11:29 +0100)]
classes/sanity: check if SDKMACHINE setting has taken effect
If you try to set SDKMACHINE in a distro configuration file, it won't
take effect because by the time that is parsed the line in bitbake.conf
which includes the appropriate conf file for SDKMACHINE has already been
parsed. Check that SDK_ARCH has changed from its default value and show
an error if it hasn't in order to catch this misconfiguration.
Fixes [YOCTO #5861].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
yanjun.zhu [Mon, 31 Mar 2014 14:41:08 +0000 (22:41 +0800)]
pseudo-1.5.1: keep install command directory mode
When install command sets the created directory mode, pseudo will change
the mode of the directory to 0700 incorrectly. Backport patch to fix it.
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Matthieu Crapet [Mon, 31 Mar 2014 16:14:57 +0000 (18:14 +0200)]
libomxil-0.9.3: fix configure unrecognised option
Drop --disable-ffmpegcomponents which is deprecated since libomxil-bellagio-0.9.1
Explicitly disable doc generation to prevent using doxygen from build machine.
Components are external and are available separately here:
http://sourceforge.net/projects/omxil/files/components/
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alexandru DAMIAN [Mon, 31 Mar 2014 16:39:18 +0000 (17:39 +0100)]
sstate.bbclass: update missed sstate event
This is a patch to update the missed sstate event with
info about the sstate files locations that were found.
It's needed as to display the found file in the toaster ui.
Also fixes a bug where a setscene task may have appeared in the
missed list even if it was found in a sstate mirror.
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 30 Mar 2014 22:49:52 +0000 (22:49 +0000)]
sstatesig: Anchor inherits class tests
There was a nasty sstate hash corruption issue occurring where the
fact the testimage bbclass was inherited meant that the checksum
changed due to testimage.bbclass being confused with image.bbclass.
This patch anchors the bbclass names to avoid this confusion.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yue Tao [Fri, 28 Mar 2014 09:43:09 +0000 (17:43 +0800)]
e2fsprogs: Add e2fsprogs-mke2fs and e2fsprogs-e2fsck as recommend packages
The mke2fs and e2fsck commands are regular tools of e2fsprogs, so they
should be installed.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Hongxu Jia [Fri, 28 Mar 2014 09:43:07 +0000 (17:43 +0800)]
lttng-ust: add python to lttng-ust's RDEPENDS
| Note: adding Smart RPM DB channel
|
| Note: to be installed: run-postinsts@x86_64 kernel-modules@qemux86_64 packagegroup-core-boot@qemux86_64 lttng-ust@x86_64
| Loading cache...
| Updating cache... ######################################## [100%]
|
| Computing transaction...error: Can't install lttng-ust-2:2.3.0-r0.0@x86_64: no package provides /usr/bin/python
|
| Saving cache...
|
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_rootfs (log file is located at tmp/work/qemux86_64-wrs-linux/wrlinux-image-glibc-small/1.0-r1/temp/do_rootfs/log.do_rootfs.13619)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* the same for target and native versions of the same recipe:
OE qemux86@ ~/build/oe-core $ find tmp-eglibc/stamps/ | grep opkg-utils.*populate_lic
tmp-eglibc/stamps/x86_64-linux/opkg-utils-native/0.1.8+gitAUTOINC+c33b217016-r0.do_populate_lic_setscene.dd21a3c5444482ce90be4c9a33d806f1
tmp-eglibc/stamps/i586-oe-linux/opkg-utils/0.1.8+gitAUTOINC+c33b217016-r0.do_populate_lic_setscene.8571422f9e311dc41bb6b21e71a09bc0
* similar problem for .siginfo file of do_patch:
OE qemux86@ ~/build/oe-core $ find sstate-cache/ | grep eglibc.*patch
sstate-cache/99/sstate:eglibc::2.19:r0::3:99b7e1d688e4c6c659b458c9c57611df_patch.tgz.siginfo
sstate-cache/11/sstate:eglibc::2.19:r0::3:11401ddd208a753fee17696b14dc1e52_patch.tgz.siginfo
Martin Jansa [Sat, 29 Mar 2014 10:34:11 +0000 (11:34 +0100)]
sstate-cache-management: rm_by_stamps - remove .siginfo and .done files
* it's possible that corresponding .tgz files were already removed
(e.g. with -d option and older version of this script) and this
won't find orphaned .siginfo or .done files to remove
* add sort -u to count files found multiple times only once
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Sat, 29 Mar 2014 10:34:10 +0000 (11:34 +0100)]
sstate-cache-management: rm_by_stamps - include signatures of .sigdata. files
* there are .siginfo files in sstate-cache, but STAMPS_DIR calls them
.sigdata, make sure that such signatures are kept, because some tasks
like do_package, don't have _setscene or main task entry and are
removed:
stamps:
tmp-eglibc/stamps/i586-oe-linux/busybox/1.22.1-r0.do_package.sigdata.cd6f625471ef1b20a9379e90519db6f1
tmp-eglibc/stamps/i586-oe-linux/busybox/1.22.1-r0.do_package_write_ipk.f20fe66285219f23373fc64d5de1d412
tmp-eglibc/stamps/i586-oe-linux/busybox/1.22.1-r0.do_package_write_ipk.sigdata.f20fe66285219f23373fc64d5de1d412
tmp-eglibc/stamps/i586-oe-linux/busybox/1.22.1-r0.do_packagedata.sigdata.c55a3dbe90010c15aa3294753fbd402e
tmp-eglibc/stamps/i586-oe-linux/busybox/1.22.1-r0.do_packagedata_setscene.c55a3dbe90010c15aa3294753fbd402e.qemux86
sstate (we want to keep all in this case):
sstate-cache/c5/sstate:busybox:i586-oe-linux:1.22.1:r0:i586:3:c55a3dbe90010c15aa3294753fbd402e_packagedata.tgz
sstate-cache/c5/sstate:busybox:i586-oe-linux:1.22.1:r0:i586:3:c55a3dbe90010c15aa3294753fbd402e_packagedata.tgz.siginfo
sstate-cache/cd/sstate:busybox:i586-oe-linux:1.22.1:r0:i586:3:cd6f625471ef1b20a9379e90519db6f1_package.tgz
sstate-cache/cd/sstate:busybox:i586-oe-linux:1.22.1:r0:i586:3:cd6f625471ef1b20a9379e90519db6f1_package.tgz.siginfo
sstate-cache/f2/sstate:busybox:i586-oe-linux:1.22.1:r0:i586:3:f20fe66285219f23373fc64d5de1d412_package_write_ipk.tgz
sstate-cache/f2/sstate:busybox:i586-oe-linux:1.22.1:r0:i586:3:f20fe66285219f23373fc64d5de1d412_package_write_ipk.tgz.siginfo
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The wic command-line param --rootfs-dir gets generalized to support
multiple directories. Each '--rootfs-dir' could be connected using a
special string, that should be present in .wks. I.e:
This means that 'rootfs' must use '<special rootfs>' as rootfs and
the default partition filename in /var/tmp/wic/build/ will be create
using the '--label' as part of the name. E.g:
/var/tmp/wic/build/rootfs_secondary.ext3
Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
wic: Add rootfs_dir argument to do_prepare_partition() method
The do_prepare_partition() method from RootfsPlugin class need
to know what will be the rootfs_dir. This makes sense when .wks
file has a partition set up like this:
part /standby --source rootfs --rootfs-dir=<special rootfs> ...
then do_prepare_partition() will work with the correct rootfs.
Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 29 Mar 2014 22:49:39 +0000 (22:49 +0000)]
packagegroup-core-lsb: Limit mips64 issues to qt4 packages only
The COMPATIBLE_HOST setting was only there for mips64 issues. Move that
restriction to the qt4 packages themselves so the rest of the lsb images can
be built.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Matthieu Crapet [Fri, 28 Mar 2014 16:13:35 +0000 (17:13 +0100)]
libcap 2.22: fix, disable gperf detection
gperf straight invoke is not suitable for cross environment (gperf-native should be used instead).
Formal patch has been submited to the upstream.
As libcap 2.24 is currently available, I prefer doing this quick fix.
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Wed, 26 Mar 2014 20:33:26 +0000 (16:33 -0400)]
linux-yocto/3.8: remove versioned recipes
Yocto 1.6 will support the LTSI 3.4/3.10 kernels and the 3.14 kernel. As
such, we remove the 3.8 linux-yocto recipes to keep our number of supported
kernels at three.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Bruce Ashfield [Thu, 13 Mar 2014 17:53:36 +0000 (13:53 -0400)]
linux-yocto/3.10: update EFI configuration
Importing the following two meta data changes for EFI configuration:
284e9589436a meta: efi.cfg/efi-ext.cfg: add EFIVAR_FS to default efi fragment 0a8c4971e2d9 meta: update efi config fragment to include EFI_STUB by default
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Laurentiu Palcu [Fri, 28 Mar 2014 10:27:00 +0000 (12:27 +0200)]
populate_sdk_base: add dependency of do_package_write_* tasks
nativesdk packages were created only for the first backend listed in
PACKAGE_CLASSES. Hence, if one had it set to "package_rpm package_ipk"
and did a 'bitbake -c populate_sdk core-image-something', the nativesdk
packages were created only for rpm.
This is particularily bad for adt-installer which is based on opkg
repos.
Credits go to richard.purdie@linuxfoundation.org who suggested me this
fix.
[YOCTO #5900]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Laurentiu Palcu [Fri, 28 Mar 2014 10:10:44 +0000 (12:10 +0200)]
rootfs.py: add new cleanup method
This commit adds a new _cleanup() internal method that will be called at
the end of rootfs creation, so that each backend can delete various
files that were probably generated during rootfs postprocess execution,
etc.
[YOCTO #6049]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Laurentiu Palcu [Fri, 28 Mar 2014 10:10:43 +0000 (12:10 +0200)]
package_manager.py: leave the __db.00* files in place
Do not delete the __db.00* files in the PackageManager class. Leave this
operation up to the client classes. One side effect of this deletion was
the following message appearing in the output of the next rpm command
executed:
rpmdb: BDB1540 configured environment flags incompatible with existing
environment
We might also gain some time here by not deleting/creating those files
very often.
[YOCTO #6049]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
yanjun.zhu [Fri, 28 Mar 2014 09:43:38 +0000 (17:43 +0800)]
nss-3.15.1: fix CVE-2013-5605
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via
invalid handshake packets.
yanjun.zhu [Fri, 28 Mar 2014 09:43:37 +0000 (17:43 +0800)]
nss-3.15.1: fix CVE-2013-1741
Integer overflow in Mozilla Network Security Services (NSS)
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via a
large size value.
Baogen Shang [Fri, 28 Mar 2014 09:43:36 +0000 (17:43 +0800)]
libtiff: fix CVE-2013-4244
cve description:
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier
allows context-dependent attackers to cause a denial of service
(out-of-bounds write and crash) or possibly execute arbitrary code via
a crafted GIF image.
Baogen Shang [Fri, 28 Mar 2014 09:43:35 +0000 (17:43 +0800)]
libarchive: fix CVE-2013-0211
CVE description:
Integer signedness error in the archive_write_zip_data function in
archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running
on 64-bit machines, allows context-dependent attackers to cause a denial of
service (crash) via unspecified vectors, which triggers an improper conversion
between unsigned and signed types, leading to a buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0211 Signed-off-by: Baogen Shang <baogen.shang@windriver.com> Signed-off-by: Jeff Polk <jeff.polk@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Radu Patriu [Wed, 26 Mar 2014 14:38:18 +0000 (16:38 +0200)]
autoconf: new autotest/testsuite option to enable automake test result format
lib/autotest/general.m4: added "--am-fmt | -A" command line parameter
for testsuite script to enable "RESULT: testname" output format; to be
used by yocto ptest packages directly or with autoconf TESTSUITEFLAGS.
Signed-off-by: Radu Patriu <radu.patriu@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kai Kang [Wed, 26 Mar 2014 10:15:59 +0000 (18:15 +0800)]
ocf-linux: remove recipe
ocf-linux only provides header file and no kernel module is built. We
can't use ocf-linux without its implementation. And linux-yocto uses an
alternative project cryptodev-linux, so we remove ocf-linux and use
cryptodev-linux instead.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kai Kang [Wed, 26 Mar 2014 10:15:58 +0000 (18:15 +0800)]
openssl: replace dependency ocf-linux with cryptodev-linux
ocf-linux only provides header files but no implementation in kernel.
And Yocto kernel linux-yocto use cryptodev-linux to implement
/dev/crypto interface. So replace dependency ocf-linux with
cryptodev-linux for openssl.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kai Kang [Wed, 26 Mar 2014 10:15:57 +0000 (18:15 +0800)]
cryptodev-linux: add recipe
Yocto kernel linux-yocto uses cryptodev-linux to use device /dev/crypto.
So add cryptodev-linux which is one alternative of ocf-linux and then
remove ocf-linux later.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Laurentiu Palcu [Thu, 27 Mar 2014 12:43:57 +0000 (14:43 +0200)]
run-postinsts: fix issue with checking IMAGE_FEATURES
The old implementation was wrong. It was not very generic and it checked
IMAGE_FEATURES while building the recipe, which led to various issues
with the generation of the final script. That is, the run-postinsts
script was generated once, while building the package for the first
time. Hence, any other changes to IMAGE_FEATURES, like removing/adding
'package-management' did not reflect in the final script.
This commit makes run-postinsts script autodetect the backend used for
creating the image, making it generic.
[YOCTO #5666]
[YOCTO #5972]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Thu, 27 Mar 2014 07:29:02 +0000 (15:29 +0800)]
gummiboot: fix the installed but not shipped warning
Fix the warning:
WARNING: QA Issue: gummiboot: Files/directories were installed but not shipped
/usr/lib
/usr/lib/gummiboot
/usr/lib/gummiboot/gummibootx64.efi
This is because it uses "/usr/lib" in gummibootlibdir, use ${libdir} to
fix it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Cristian Iorga [Thu, 27 Mar 2014 07:18:17 +0000 (09:18 +0200)]
lsb: fix lsb_log_msg() implementation
LSB lsb_log_message calls a begin()
function that should be implemented
in /etc/init.d/functions.
The aforementioned script does not
implement the begin() function, as
such there is a small issue related to logging.
This fix implements a local version of
the function, while cleaning up the
troublesome previous implementation.
Fix [YOCTO #5795]
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 26 Mar 2014 22:29:20 +0000 (22:29 +0000)]
git: Fix perl paths in scripts and population of the perltools package
References to "perl-native" were slipping into the target packages. These
changes ensure those references are cleaned up and that tools using perl
are packaged in the correct perltools package. The same issues affected
the nativesdk-git output so are also applied there.
[YOCTO #5918]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 26 Mar 2014 15:09:06 +0000 (15:09 +0000)]
sanity.bbclass: Update against bitbake sanity event changes
Bitbake will now trigger sanity events when it needs the checks to run in all cases
so we can drop the ConfigParsed hook. We now control whether events are generated
or errors are raised from the event itself.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 26 Mar 2014 09:30:33 +0000 (09:30 +0000)]
base.bbclass: Run oe_import before other INHERITs
Its possible for classes listed in INHERIT directives to use things like
the oe.utils functions. If that happens the user sees a traceback since
the modules don't become available until the ConfigParsed event.
This change to use immediate expansion means that the oe modules become available
much sooner and can be used in the core classes, including within base.bbclass.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jukka Rissanen [Wed, 26 Mar 2014 14:40:26 +0000 (16:40 +0200)]
meta-skeleton: Add name attribute to SRC_URI
The SRCREV_machine line does not work without having name=machine
attribute in SRC_URI.
This error is seen if the custom kernel recipe is used without
the name attribute:
NOTE: Error during finalise of .../linux-yocto-custom.bb
ERROR: ExpansionError during parsing .../linux-yocto-custom.bb: Failure expanding variable do_patch: ExpansionError: Failure expanding variable SRCPV, expression was ${@bb.fetch2.get_srcrev(d)} which triggered exception FetchError: Fetcher failure for URL: 'git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git;protocol=git;nocheckout=1'. Please set a valid SRCREV for url ['SRCREV_default_pn-linux-yocto-custom', 'SRCREV_default', 'SRCREV_pn-linux-yocto-custom', 'SRCREV'] (possible key names are git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git;protocol=git;nocheckout=1, or use a ;rev=X URL parameter)
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 26 Mar 2014 11:41:31 +0000 (11:41 +0000)]
apt/package_mamager: Ensure WORKDIR is used for lists directory
The native sysroot should not be used as a store for the lists files since
multiple images running at once would conflict over this. Instead redirect
this to WORKDIR. This means some extra directories need to be created.
Also create apt.conf.d to silence some warnings.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 26 Mar 2014 11:40:12 +0000 (11:40 +0000)]
package_manager: Ensure we don't process directories twice
Processing directories twice is both pointless and introduces a race condition.
When building the list, ensure duplicates (like "all" and "noarch") are handled
correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chase Maupin [Tue, 18 Mar 2014 11:56:13 +0000 (06:56 -0500)]
mmc-utils: Add user space mmc utilities for eMMC
* The mmc-utils are useful userspace utilities for configuring and
working with MMC devices. These are particularly useful when
working with eMMC devices to do the initial programming of the
device.
Signed-off-by: Chase Maupin <Chase.Maupin@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Tue, 25 Mar 2014 02:18:47 +0000 (10:18 +0800)]
meta/conf/bitbake.conf: add STAMPCLEAN to BB_HASHBASE_WHITELIST
The problem is that do_configure.sigdata depends on STAMPS_DIR because:
do_configure -> STAMPCLEAN -> STAMPS_DIR
this will make the sigdata generated by "STAMPS_DIR=/tmp/stps bitbake -S
recipe" doesn't match the ones in our build dir, but it should. We can
add STAMPS_DIR or STAMPCLEAN to BB_HASHBASE_WHITELIST to fix the
problem, but we can't add STAMPS_DIR since once it is in
BB_HASHBASE_WHITELIST, the "STAMPS_DIR=/tmp/stps bitbake -S recipe"
would not run again.
[YOCTO $6031]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Wed, 26 Mar 2014 07:01:29 +0000 (03:01 -0400)]
util-linux-native: fix qsort_r for CentOS 5.10
The qsort_r() was added to glibc in version 2.8, so there is no qsort_r() on
the host like CentOS 5.x, use qsort() to fix it since they are nearly
identical.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jonas Eriksson [Mon, 24 Mar 2014 15:56:05 +0000 (16:56 +0100)]
cpio rootfs build: Avoid modifying rootfs dir
The Linux kernel requires that initrd images contain a /init file for
the image to be used as an initrd, even if it is empty. Adding it into
the rootfs directory creates a race, that can upset tar when building
both a .tar and .cpio image file ("tar: .: file changed as we read it").
Additionally, whether or not the tar file will contain the /init file is
also up to the race condition.
To avoid this problem, move the /init addition out from the rootfs
directory, and thus only include it in the .cpio image.
Signed-off-by: Jonas Eriksson <jonas.eriksson@enea.com> Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com> Cc: Laurentiu Palcu <laurentiu.palcu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yong Zhang [Wed, 26 Mar 2014 08:32:13 +0000 (16:32 +0800)]
gnupg: CVE-2013-4576
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions
with certain patterns that introduce a side channel, which allows physically
proximate attackers to extract RSA keys via a chosen-ciphertext attack and
acoustic cryptanalysis during decryption. NOTE: applications are not typically
expected to protect themselves from acoustic side-channel attacks, since this
is arguably the responsibility of the physical device. Accordingly, issues of
this type would not normally receive a CVE identifier. However, for this
issue, the developer has specified a security policy in which GnuPG should
offer side-channel resistance, and developer-specified security-policy
violations are within the scope of CVE.
Ming Liu [Wed, 26 Mar 2014 08:32:12 +0000 (16:32 +0800)]
gnupg: CVE-2013-4351
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits
cleared (no usage permitted) as if it has all bits set (all usage permitted),
which might allow remote attackers to bypass intended cryptographic protection
mechanisms by leveraging the subkey.
Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yue Tao [Wed, 26 Mar 2014 09:08:45 +0000 (17:08 +0800)]
Security Advisory - openssl - CVE-2013-6449
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yue Tao [Wed, 26 Mar 2014 09:08:44 +0000 (17:08 +0800)]
Security Advisory - openssl - CVE-2013-6450
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yue Tao [Wed, 26 Mar 2014 09:08:43 +0000 (17:08 +0800)]
Security Advisory - openssl - CVE-2013-4353
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since yasm has been moved to OE-core, there is no reason for not enabling
yasm by default anymore. It improves performance of gstreamer1.0-libav
considerably.
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Valentin Popa [Tue, 25 Mar 2014 12:06:08 +0000 (14:06 +0200)]
piglit: ship files with correct permissions
Adress the warning
| warning: group pulse does not exist - using root
Piglit files from framework/ generated_tests/ tests/
and templates/ belong to xuser/pulse.
Don't keep the permissions while shipping the files,
they should be root/root.
[YOCTO #6028]
Signed-off-by: Valentin Popa <valentin.popa@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 25 Mar 2014 10:29:26 +0000 (10:29 +0000)]
binutils: Add fixes for binutils issue 16428
"ld:i386 crashes with -static -fPIE -pie"
https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1266492
This adds in two upstream binutils fixes to avoid the internal error
triggered by the combination of -static with -pie on x86 builds. This
triggers a backtrace which then triggers a bug in glibc where the process
ends up hanging on some systems with broken libcs.
We can't fix the libc but we can stop the internal error and hence
avoid the hanging builds.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Tue, 25 Mar 2014 08:34:14 +0000 (16:34 +0800)]
tcl: fix path in Config.sh for sstate
We need fix the path in tclConfig.sh, tdbcConfig.sh and itclConfig.sh
for sstate, otherwise there would be build failures when use the sstate
across different builds.
e.g., when building expect:
[snip]
tmp/sysroots/qemuarma9/usr/include/tcl8.6
checking for Tcl private include files... configure: error: Cannot find private header tclInt.h in
/path/to/another/build/tmp/sysroots/qemuarma9/usr/include/tcl8.6.1
Configure failed.
[snip]
[YOCTO #6035]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
