Richard Purdie [Fri, 13 Feb 2015 13:05:59 +0000 (13:05 +0000)]
gcc-target: Don't install target gcc libdir files
Installing /usr/lib/gcc/* means we'd have two copies, one from gcc-cross
and one from here. These can confuse gcc cross where includes use #include_next
and builds track file dependencies (e.g. perl and its makedepends code).
For determinism we don't install this to the sysroot, ever and rely on the
copy from gcc-cross.
initscripts: Remove /etc/volatile.cache on upgrade
/etc/volatile.cache is a cached copy of a script (which is
generated by /etc/init.d/populate-volatile.sh) that generates
the volatile filesystem directories. Since volatile.cache is
a generated file, it is not necessarily changed if
populate-volatile.sh is updated. As a result, the stale script
can add/remove the wrong directories on the next system boot.
If initscripts is being upgraded, make sure volatile.cache gets
deleted.
base-files: Check for /run and /var/lock softlinks on upgrade
Commit ea647cd9eebdc3e3121b84074519c4bb305adac9 moved the locations
of /run and /var/lock to match the FHS 3 draft specifications.
However, the install doesn't remove the existing directories.
As a result, upgrading a system may result in /run as a softlink
to /var/run and /var/run as a softlink to /run, creating a circular
link.
During pre-install, check for the existence of the old softlinks and
remove them so the new directories can be installed.
Richard Purdie [Sat, 28 Mar 2015 08:50:27 +0000 (08:50 +0000)]
dpkg-native: Avoid 'file changed' errors from tar
Hardlink count duing do_package_write_deb can change causing dpkg-deb
failures. We don't care about this error case so avoid it by checking
the tar exit code.
Otherwise, when fortran support will be enabled in the compiler, both
lingfortran and gcc-runtime receipes will create the same files and will
try to install them. This will cause errors:
ERROR: The recipe libgfortran is trying to install files into a shared
area when those files already exist. Those files and their manifest
location are: ...
Please verify which recipe should provide the above files.
Jonathan Liu [Wed, 11 Mar 2015 02:25:56 +0000 (13:25 +1100)]
fontcache.bbclass: prepend to PACKAGEFUNCS instead of appending
Appending to PACKAGEFUNCS results in the font packages missing the
postinst/postrm scripts and the fontconfig cache not being generated
in /var/cache/fontconfig when creating images or installing font
packages. This is because the package data has already been emitted
by emit_pkgdata in PACKAGEFUNCS. Prepend to PACKAGEFUNCS to ensure
add_fontcache_postinsts is executed before emit_pkgdata.
[YOCTO #7410]
Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Richard Purdie [Thu, 26 Mar 2015 14:18:30 +0000 (14:18 +0000)]
autotools: Avoid find race for S = "${WORKDIR}"
For recipes with PACKAGES_remove = "${PN}", the find which removes .la files
can race against deletion of other directories in WORKDIR e.g.:
find: '/home/autobuilder/yocto-autobuilder/yocto-worker/nightly-oe-selftest/build/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0-r7/sstate-build-populate_lic': No such file or directory
| WARNING: /home/autobuilder/yocto-autobuilder/yocto-worker/nightly-oe-selftest/build/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0-r7/temp/run.do_configure.6558:1 exit 1 from
| find /home/autobuilder/yocto-autobuilder/yocto-worker/nightly-oe-selftest/build/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0-r7 -name \*.la -delete
The simplest fix is to add the find option which ignores these kind of races.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Armin Kuster [Sat, 21 Mar 2015 14:42:09 +0000 (07:42 -0700)]
tzdata: update to 2015b
Changes affecting future time stamps
Mongolia will start observing DST again this year, from the last
Saturday in March at 02:00 to the last Saturday in September at 00:00.
(Thanks to Ganbold Tsagaankhuu.)
Palestine will start DST on March 28, not March 27. Also,
correct the fall 2014 transition from September 26 to October 24.
Adjust future predictions accordingly. (Thanks to Steffen Thorsen.)
Changes affecting past time stamps
The 1982 zone shift in Pacific/Easter has been corrected, fixing a 2015a
regression. (Thanks to Stuart Bishop for reporting the problem.)
Some more zones have been turned into links, when they differed
from existing zones only for older time stamps. As usual,
these changes affect UTC offsets in pre-1970 time stamps only.
Their old contents have been moved to the 'backzone' file.
The affected zones are: America/Antigua, America/Cayman,
Pacific/Midway, and Pacific/Saipan.
Changes affecting time zone abbreviations
Correct the 1992-2010 DST abbreviation in Volgograd from "MSK" to "MSD".
(Thanks to Hank W.)
Armin Kuster [Sat, 21 Mar 2015 14:42:08 +0000 (07:42 -0700)]
tzcode: update to 2015b
Changes affecting code
Fix integer overflow bug in reference 'mktime' implementation.
(Problem reported by Jörg Richter.)
Allow -Dtime_tz=time_t compilations, and allow -Dtime_tz=... libraries
to be used in the same executable as standard-library time_t functions.
(Problems reported by Bradley White.)
Changes affecting commentary
Cite the recent Mexican decree changing Quintana Roo's time zone.
(Thanks to Carlos Raúl Perasso.)
Likewise for the recent Chilean decree. (Thanks to Eduardo Romero Urra.)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
and because 'bitbake' cleans environment we can pass it completely
instead of trying to enumerate needed env.
With the 'env.patch' the FULLCC variable is not needed anymore (which
would break when CC is 'ccache arm-...-gcc' and host ccache is used)
because the correct $PATH is available during scons build:
| sh: .../sysroots/x86_64-oe-linux/usr/bin/arm-linux-gnueabi/ccache: No such file or directory
| scons: *** [context.o] Error 127
Chen Qi [Tue, 3 Feb 2015 20:53:39 +0000 (14:53 -0600)]
package_manager.py: fix rootfs failure with multilib enabled
With the current code, if we use debian package backend and enable
multilib support, the do_rootfs process would always fail with error
messages like below.
E: Unable to locate package packagegroup-core-boot
Richard Purdie [Wed, 15 Apr 2015 13:13:22 +0000 (14:13 +0100)]
toolchain-scripts: Allow the CONFIGSITE_CACHE variable to be overridden
In multilib and baremetal configurations, this variable can cause a variety of
problems due to the use of TCLIBC. At least allowing it to be overriden
is a start and allows various configurations to avoid the issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 28 Mar 2015 10:34:13 +0000 (10:34 +0000)]
file: Update CVE patch to ensure file gets built correctly
If we touch both files, we can end up in a situation where magic.h should be
rebuilt and isn't. The easiest fix is not to touch the generated files which
ensures the timestamps are such that it is always rebuilt.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Max Krummenacher [Wed, 25 Mar 2015 22:09:37 +0000 (23:09 +0100)]
udev: don't keep ptest testdata laying around
Only unpack udev's testdata right before executing the tests and cleanup
afterwards.
udev's testsuite can be used by ptest. However currently the testdata against
which its functionality is tested is installed in the sysroot at udev install
time.
If the sysroot is used with qemu the testdata makes qemu entering an infinite
loop.
http://lists.openembedded.org/pipermail/openembedded-core/2014-September/097098.html
This has already been fixed for the systemd udev flavour.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=5664
Signed-off-by: Max Krummenacher <max.oss.09@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Max Krummenacher [Wed, 25 Mar 2015 22:09:36 +0000 (23:09 +0100)]
udev: fix ptest rule syntax check
The ptest which checks for correct udev rules fails.
Missing files and paths for the build host caused this.
Signed-off-by: Max Krummenacher <max.oss.09@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Brendan Le Foll [Wed, 25 Mar 2015 13:15:43 +0000 (13:15 +0000)]
openssl: Upgrade to 1.0.1m
Security update, some patches modified to apply correctly mostly due to
upstream changing indentation/styling
* configure-targets.patch updated
* fix-cipher-des-ede3-cfb1.patch updated
* openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated
* openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no
merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Wed, 18 Feb 2015 10:23:42 +0000 (10:23 +0000)]
lib/oe/package_manager: support exclusion from complementary glob process by regex
Sometimes you do not want certain packages to be installed when
installing complementary packages, e.g. when using dev-pkgs in
IMAGE_FEATURES you may not want to install all packages from a
particular multilib. This introduces a new PACKAGE_EXCLUDE_COMPLEMENTARY
variable to allow specifying regexes to match packages to exclude.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Thu, 29 Jan 2015 20:44:20 +0000 (12:44 -0800)]
systemd: Backports fixes to 216
Fix systemd-timesyncd assertion
when networkd is disabled then we now do not
create /run/systemd/netif/links but timesyncd needs it. So lets
manually create this file when networkd is disabled so timesyncd
can still function
When enabling systemd-timesyncd we need systemd-timesync user
Backport patches to enable timesyncd when resolved and networkd
are disabled
replace the resolv.conf symlinink patch with a proper backport
Sona Sarmadi [Fri, 16 Jan 2015 10:16:03 +0000 (11:16 +0100)]
python: Disables SSLv3
This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566
Building python without SSLv3 support when openssl is built without
any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in
the openssl recipes).
Backport from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22
[python2.7-nossl3.patch] only Modules/_ssl.c is backported.
Armin Kuster [Sat, 31 Jan 2015 01:15:50 +0000 (17:15 -0800)]
tzdata: update to 2015a including leap second
Changes affecting future time stamps
The Mexican state of Quintana Roo, represented by America/Cancun,
will shift from Central Time with DST to Eastern Time without DST
on 2015-02-01 at 02:00. (Thanks to Steffen Thorsen and Gwillim Law.)
Chile will not change clocks in April or thereafter; its new standard time
will be its old daylight saving time. This affects America/Santiago,
Pacific/Easter, and Antarctica/Palmer. (Thanks to Juan Correa.)
New leap second 2015-06-30 23:59:60 UTC as per IERS Bulletin C 49.
(Thanks to Tim Parenti.)
Changes affecting past time stamps
Iceland observed DST in 1919 and 1921, and its 1939 fallback
transition was Oct. 29, not Nov. 29. Remove incorrect data from
Shanks about time in Iceland between 1837 and 1908.
Some more zones have been turned into links, when they differed
from existing zones only for older time stamps. As usual,
these changes affect UTC offsets in pre-1970 time stamps only.
Their old contents have been moved to the 'backzone' file.
The affected zones are: Asia/Aden, Asia/Bahrain, Asia/Kuwait,
and Asia/Muscat.
Armin Kuster [Sat, 31 Jan 2015 01:15:49 +0000 (17:15 -0800)]
tzcode: update to 2015a leap second changes too
Changes affecting code
tzalloc now scrubs time zone abbreviations compatibly with the way
that tzset always has, by replacing invalid bytes with '_' and by
shortening too-long abbreviations.
tzselect ports to POSIX awk implementations, no longer mishandles
POSIX TZ settings when GNU awk is used, and reports POSIX TZ
settings to the user. (Thanks to Stefan Kuhn.)
Changes affecting build procedure
'make check' now checks for links to links in the data.
One such link (for Africa/Asmera) has been fixed.
(Thanks to Stephen Colebourne for pointing out the problem.)
Changes affecting commentary
The leapseconds file commentary now mentions the expiration date.
(Problem reported by Martin Burnicki.)
Ross Burton [Mon, 1 Dec 2014 16:26:55 +0000 (16:26 +0000)]
python: ensure all of Python is installed in nativesdk
If any part of Python gets installed in a SDK, we need to ensure that all of
Python gets installed to avoid replacing python in the environment with a
minimal package set.
The switch to the fetcher where it added BeautifulSoup revealed
a shortcoming in the python packaged for the self hosting (missing
htmlentitydefs). Here we fix it in the same way as what was done
for buildtools-tarball and include python-modules vs. all the
individual little chunks.
Mark Hatle [Thu, 22 Jan 2015 22:10:34 +0000 (16:10 -0600)]
python-smartpm: Fix attemptonly builds when file conflicts occur
[YOCTO #7299]
When file conflicts occur, the RPM transaction aborts. Instead of
simply accepting the failure, we now identify, capture, and remove
the offending package(s) from the transaction and retry.
For cpio images, do_rootfs() can operate on a dirty '${WORKDIR}/cpio_append'
directory which contains e.g. files from previous builds. This can cause
unwanted files in the image or can break the build.
E.g. when there is a cpio_append/init -> /sbin/init symlink symlink, the
'ln -sf' can fail due to SELinux restrictions:
Patch cleans up 'cpio_append' before executing the 'do_rootfs' task by
adding it to 'cleandirs'. An alternative implementation (which avoids
creation of this empty dir for non-cpio images) might remove it within
IMAGE_CMD_cpio, but this might break builds where people rely on the
existence of this directory (e.g. to add local files).
Mike Looijmans [Sat, 10 Jan 2015 13:46:42 +0000 (14:46 +0100)]
package.bbclass: Let PR server update PKGV, not PV
PV is the package version as we need it to be during the build. PKGV is the
final version as it ends up in the package, and defaults to PV.
The packager handled builds without PR-server by replacing the AUTOINC string
in PKGV, but when the PR-server is being used, the script replaces the contents
of PKGV with the PV if the PV contains "AUTOINC". Thus the packager overrides
any change to PKGV the recipe might have made.
This breaks classes like gitpkgv that provide a correctly numbered PKGV, the
number as calculated by that class will simply be replaced with a 0-based index
from the PR-server.
This patch makes the packager look at the PKGV version instead of the PV, and
update the PKGV only based on the PKGV contents as set by the recipe.
See also the discussion here:
http://lists.openembedded.org/pipermail/openembedded-core/2015-January/100329.html
From investigating the history of the code and changes in the past year, the
use of "pv" instead of "pkgv" appears to be just an oversight, introduced in:
commit b27b438221e16ac3df6ac66d761b77e3bd43db67 "prs: use the PRServer to replace the BB_URI_LOCALCOUNT functionality"
A later commit 865d001de168915a5796e5c760f96bdd04cebd61 "package/prserv: Merge two similar functions into one"
silently fixed this only for the case without PR-server by using pkgv there.
Richard Purdie [Wed, 21 Jan 2015 17:33:55 +0000 (17:33 +0000)]
net-tools: Fix rerunning of do_patch task
Rerunning the do_patch task currently fails. The code is nearly correct
but needs to remove the quilt ".pc" directory and move the secondary
one into place in order to rerun, not move it into the .pc directory
as the code currently does.
Enrico Scholz [Thu, 22 Jan 2015 16:13:00 +0000 (17:13 +0100)]
image_types.bbclass: fixed 'init' creation for cpio images
When /init is a dangling symlink or a symlink to a file which can not be
stated on the build system (e.g. due to SELinux restrictions), the '[ !
-e .../init ]' test will succeed which causes the manual creation of
/init.
Hongxu Jia [Thu, 22 Jan 2015 09:09:14 +0000 (17:09 +0800)]
distcc: fix initscript can not stop distcc daemon correctly
The distcc's initscript has used option '--pid-file' to save daemon
process id, but it didn't to create that file, that caused start/stop
distcc daemon failed.
We refer what Ubuntu 14.04 did, create pid file before start and
delete it after stop
Richard Purdie [Wed, 21 Jan 2015 11:34:50 +0000 (11:34 +0000)]
lib/oe/package: Ensure strip breaks hardlinks
Normally, strip preserves hardlinks which in the case of the way our hardlink
rather than copy functionality works, is a disadvantage and leads to non-deterministic
builds. This adds a move into place after the strip operation to ensure hardlinks
are broken and we bring back build determinism.
Richard Purdie [Tue, 20 Jan 2015 21:29:41 +0000 (21:29 +0000)]
oeqa/utils/decorators: Try and improve ugly _ErrorHandler tracebacks
Currently, if one module is skipped, any other module calling skipModule
causes tracebacks about _ErrorHandler not having a _testMethodName
method.
This reworks the code in a way to avoid some of the problems by using
the id() method of the objects. It also maps to the correct name
format rather than "setupModule" or just skiping the item entirely.
Robert Yang [Mon, 19 Jan 2015 06:46:29 +0000 (22:46 -0800)]
perf: fix for rebuilding
Fix for rebuilding error:
make[3]: *** No rule to make target `/path/to/sysroots/qemuarm64/usr/src/kernel/tools/lib/traceevent//trace-seq.c',
needed by `.trace-seq.d'. Stop.
make[2]: *** [sub-make] Error 2
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Paul Eggleton [Thu, 22 Jan 2015 14:50:00 +0000 (14:50 +0000)]
gcc: ensure target gcc headers can be included
There are a few headers installed as part of gcc-runtime (omp.h,
ssp/*.h). Being installed from a recipe built for the target
architecture, these are within the target sysroot and not
cross/nativesdk; thus they weren't able to be found by gcc with the
existing search paths. Add support for picking up these headers
under the sysroot supplied on the gcc command line in order to
resolve this.
Thanks to Richard Purdie for giving me a number of pointers during
fixing this issue.
Armin Kuster [Wed, 21 Jan 2015 20:43:11 +0000 (12:43 -0800)]
glibc: CVE-2014-9402 endless loop in getaddr_r
The getnetbyname function in glibc 2.21 in earlier will enter an infinite loop
if the DNS backend is activated in the system Name Service Switch
configuration, and the DNS resolver receives a positive answer while processing
the network name.
Signed-off-by: Gary Thomas <gary@mlbassoc.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Robert Yang [Fri, 16 Jan 2015 02:24:07 +0000 (18:24 -0800)]
neard: fix parallel issue
There might be no src dir if the src/builtin.h runs earlier, create it
to fix the race issue:
src/genbuiltin nfctype1 nfctype2 nfctype3 nfctype4 p2p > src/builtin.h
/bin/sh: src/builtin.h: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Dan McGregor [Thu, 15 Jan 2015 15:41:14 +0000 (09:41 -0600)]
dpkg: fix host contamination
Force dpkg to use "tar" on the target.
The dpkg configure script looks for gnutar, gtar, and
tar in order. If it finds gnutar or gtar on the host
it expects to use that as its tar program on the target.
Without this, if gtar exists (as it does on my system) then
dpkg will consistently fail on the target with an error about
gtar not being found.
Tom Zanussi [Thu, 15 Jan 2015 11:54:16 +0000 (11:54 +0000)]
perf: Add libdw unwind support to perf-libunwind feature
perf can use either libdw or libunwind dwarf unwinders, or neither.
The perf-libunwind feature implies that if disabled, neither should be
used, so have it disable both libdw and libunwind DWARF unwinders if
disabled.
Ross Burton [Fri, 9 Jan 2015 16:40:31 +0000 (16:40 +0000)]
socat: forcibly disable use of libbsd
Socat will look for openpty() in BSD headers before Linux headers, so if libbsd
is present at configure time then that will be used. We don't need to depend on
libbsd though, and leaving it floating can cause build errors, so tell configure
that the libbsd header isn't present.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Martin Jansa [Thu, 8 Jan 2015 17:11:18 +0000 (18:11 +0100)]
package.bbclass: Fix support for private libs
* n is a tuple since this commit:
commit d3aa7668a9f001044d0a0f1ba2de425a36056102
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Mon Jul 7 18:41:23 2014 +0100
Subject package.bbclass: Improve shlibs needed data structure
since then 'n in private_libs' was always false and private libs
were always processed
* this is bad when we have libfoo in private libs, but also some package
providing libfoo, that way we ship own libfoo.so, but together with
runtime dependency on package providing libfoo
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Richard Purdie [Thu, 15 Jan 2015 10:03:50 +0000 (10:03 +0000)]
cross-canadian/meta-environment: Allow modification of TARGET_OS to be optional
There are some cases we want the manipulation cross-canadian performance
on TARGET_OS, there are also cases like meta-environment where we do not
want this manipulation.
We did try and use immediate expansion to avoid this problem and it
works in the non multilib case. If we have a multilib that used an
extension, like for example:
which is rather evil, I'd challenge someone to come up with a nicer way
of making it work though!
Rather than the above madness, we modify cross-canadian to make the
problamtic code conditional.
This fixes the original issue (where a linux-gnuspe target was seeing
'linux') of
http://cgit.openembedded.org/openembedded-core/commit/?id=0038634ee6e2b6035c023a2702547f20f67c103a
but also fixes the multilib one.
Always use use_icc to check if IceCC should be enabled. Move
ICECC_DISABLED variable checking to use_icc function. Also while we are
at it, fix condition in icc_is_allarch function.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Saul Wold [Tue, 6 Jan 2015 22:04:01 +0000 (14:04 -0800)]
security_flags: disable pie support for libaio, blktrace and ltp
libaio when built with pie and fpie does not link correctly with blktrace or ltp
so we need to disable those flags until a better solution comes along.
André Draszik [Mon, 13 Oct 2014 11:09:09 +0000 (12:09 +0100)]
openssl: fix hard paths in native openssl
This causes the package to not be relocateable from sstate
The OpenSSL binaries respect a few environment variables for determining
locations of files, so we now use these to point the binaries to the
relocated locations.
Ting Liu [Thu, 15 Jan 2015 04:03:51 +0000 (12:03 +0800)]
bitbake.conf: add PKGDATA_DIR to BB_HASHBASE_WHITELIST
In meta/conf/bitbake.conf, PKGDATA_DIR is default to:
PKGDATA_DIR = "${STAGING_DIR_HOST}/pkgdata"
But in meta/conf/multilib.conf, PKGDATA_DIR is set as:
PKGDATA_DIR = "${STAGING_DIR}/${MACHINE}/pkgdata"
When multilib enabled, linux-libc-headers cache will be machine
specific:
$ bitbake-diffsigs sstate-cache/1a/sstate:linux-libc-headers:ppce6500-poky-linux:3.17.7:r0:ppce6500:3:1a0c3934d91479fd7242a5b1d407d155_package.tgz.siginfo sstate-cache/28/sstate:linux-libc-headers:ppce6500-poky-linux:3.17.7:r0:ppce6500:3:28c918e8f9f4a4cfceb3a38b258f7501_package.tgz.siginfo
basehash changed from 8d3158bbddcee612fa30badd05f47b8e to 68ac258fc6c8e489f360fde3123a5894
Variable MACHINE value changed from 'b4420qds' to 'b4860qds'
Signed-off-by: Ting Liu <ting.liu@freescale.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Richard Purdie [Thu, 15 Jan 2015 09:37:16 +0000 (09:37 +0000)]
libxml2: Backport fix for CVE introduced entity issues
The CVE fix introduced problems with entity issues, we observed this
when building the Yocto Docs in particular. Backport the fix from
upstream so we can build our docs correctly.
Joe MacDonald [Mon, 20 Oct 2014 17:51:21 +0000 (13:51 -0400)]
libxml2: fix CVE-2014-3660
It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete. It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature. This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.
Maxin B. John [Wed, 7 Jan 2015 12:11:43 +0000 (13:11 +0100)]
coreutils: Fix CVE-2014-9471
Fiedler Roman discovered that coreutils' parse_datetime() function
has some flaws that may be exploitable if the date(1), touch(1),
or potentially other programs, accept untrusted input for certain
parameters. While researching this issue, he discovered that it
was independently discovered by Bertrand Jacquin and reported at
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872
Saul Wold [Thu, 15 Jan 2015 14:39:06 +0000 (06:39 -0800)]
glibc: Fix up minimal build with libc-libm
This addresses 2 issues discovered trying to build a minimal libc with
libm option. By default nscd was always being built and without inet
enabled there were missing symbols.
Chen Qi [Tue, 21 Oct 2014 06:30:36 +0000 (14:30 +0800)]
image.bbclass: avoid boot error on read-only systemd image
New version of systemd implements a new feature of updating /etc
or /var when needed at boot. For details, please see link below.
Opointer.de/blog/projects/stateless.html
For now, at boot time, the systemd-sysusers.service would update user
database files (/etc/passwd, /etc/group, etc.) according to the configuration
files under /usr/lib/sysusers.d. This step is necessary for other systemd
services to work correctly. Examples of such services are systemd-resolved
and systemd-tmpfiles-setup.
The problem is that on a read-only file system, that is, if /etc is read-only,
the user database files could not be updated, causing failures of services.
This patch fixes this problem by adding users/groups at rootfs time.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 4 Dec 2014 15:20:53 +0000 (15:20 +0000)]
default-distrovars: add gcc-source recipe to the GPLv3 whitelist
gcc-source is a convenience recipe to save duplicate copies of the GCC source
tree and should be whitelisted for GPLv3 avoidance along with the rest of GCC.
