Bruce Ashfield [Mon, 9 Jul 2018 15:25:36 +0000 (11:25 -0400)]
linux-yocto/4.12: bump to v4.12.25
Integrating Paul Gortmaker's v4.12.25 -stable queue, which comprises the
following commits:
e61748ef5db0 Linux 4.12.25 c34553e3e8af x86/bugs: Rename SSBD_NO to SSB_NO 4aa9e65a91b9 x86/bugs: Remove x86_spec_ctrl_set() 7283d22a40c4 x86/bugs: Expose x86_spec_ctrl_base directly 60fb8f1bbd46 x86/speculation: Rework speculative_store_bypass_update() cc8a65725832 x86/cpufeatures: Disentangle SSBD enumeration 4cadf648f802 x86/cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS 14476a34b4d0 x86/speculation: Use synthetic bits for IBRS/IBPB/STIBP e66dd0595eac x86/cpu: Make alternative_msr_write work for 32-bit code 32e38eda9958 x86/bugs: Fix the parameters alignment and missing void 5593194735ea x86/bugs: Make cpu_show_common() static 86e7eb199990 x86/bugs: Fix __ssb_select_mitigation() return type 4efd9170a722 Documentation/spec_ctrl: Do some minor cleanups e074092d9d0a proc: Use underscores for SSBD in 'status' f57b4be9a391 x86/bugs: Rename _RDS to _SSBD f395cafed558 x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass 9599751872de seccomp: Move speculation migitation control to arch code 647fb2d84f05 seccomp: Add filter flag to opt-out of SSB mitigation 44d5a1d9fe07 seccomp: Use PR_SPEC_FORCE_DISABLE 9490e71c3074 prctl: Add force disable speculation ad5b97fe1ab6 x86/bugs: Make boot modes __ro_after_init cfc00a7877b6 seccomp: Enable speculation flaw mitigations bc4bf81c64b0 proc: Provide details on speculation flaw mitigations a41d2136a447 nospec: Allow getting/setting on non-current task 7e17279e72b9 x86/speculation: Add prctl for Speculative Store Bypass mitigation eea6b1abc91e x86/process: Allow runtime control of Speculative Store Bypass c8630c28cd28 prctl: Add speculation control prctls ecefae5ca101 x86/speculation: Create spec-ctrl.h to avoid include hell 4bcdf54612aa x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested 6ce1317929a3 x86/bugs: Whitelist allowed SPEC_CTRL MSR values cd5e5e6f2e39 x86/bugs/intel: Set proper CPU features and setup RDS d97584229d85 x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation 793b7453cfc5 x86/cpufeatures: Add X86_FEATURE_RDS c6c3cd47ccbb x86/bugs: Expose /sys/../spec_store_bypass 2d92a521bda7 x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits 81865e325abe x86/bugs: Concentrate bug reporting into a separate function 45245a5b9dc4 x86/bugs: Concentrate bug detection into a separate function 05e82d536970 x86/nospec: Simplify alternative_msr_write() effb0dfecfa2 x86/cpu_entry_area: Sync cpu_entry_area to initial_page_table 89fffee9d555 x86/xen: Zero MSR_IA32_SPEC_CTRL before suspend 76199d7beb0b x86/speculation: Move firmware_restrict_branch_speculation_*() from C to CPP 426210b00b02 x86/speculation: Use IBRS if available before calling into firmware 63904f8a6d41 x86/entry/64: Fix CR3 restore in paranoid_exit() 35cf6a9daf5f x86/cpu: Change type of x86_cache_size variable to unsigned int 7fded60b2cb7 x86/spectre: Fix an error message 343945a16727 x86/speculation: Add <asm/msr-index.h> dependency eb0f059ee2de nospec: Move array_index_nospec() parameter checking into separate macro 31951a39de73 x86/speculation: Fix up array_index_nospec_mask() asm constraint 344711f16fec x86/entry/64: Remove the unused 'icebp' macro d4324affaf05 x86/entry/64: Fix paranoid_entry() frame pointer warning 3cadbc9228b4 x86/entry/64: Indent PUSH_AND_CLEAR_REGS and POP_REGS properly 0d561147160c x86/entry/64: Get rid of the ALLOC_PT_GPREGS_ON_STACK and SAVE_AND_CLEAR_REGS macros 22c1269eefa9 x86/entry/64: Use PUSH_AND_CLEAN_REGS in more cases ac897d25b1d3 x86/entry/64: Introduce the PUSH_AND_CLEAN_REGS macro 226eea037fa6 x86/entry/64: Interleave XOR register clearing with PUSH instructions 120d889cac9f x86/entry/64: Merge the POP_C_REGS and POP_EXTRA_REGS macros into a single POP_REGS macro 2d5eb3888f24 x86/entry/64: Merge SAVE_C_REGS and SAVE_EXTRA_REGS, remove unused extensions 797a6f4444f1 x86/speculation: Clean up various Spectre related details ff032faca431 KVM/nVMX: Set the CPU_BASED_USE_MSR_BITMAPS if we have a valid L02 MSR bitmap 1aaab2d1a1fd KVM/x86: Reduce retpoline performance impact in slot_handle_level_range(), by always inlining iterator helper methods dd17c0f5a114 Revert "x86/speculation: Simplify indirect_branch_prediction_barrier()" add7dd4f1f81 x86/speculation: Correct Speculation Control microcode blacklist again 358f03a9395f x86/speculation: Update Speculation Control microcode blacklist 0307861327c7 x86/mm/pti: Fix PTI comment in entry_SYSCALL_64() a612b987b028 x86/entry/64/compat: Clear registers for compat syscalls, to reduce speculation attack surface 1b8b432f6dee x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface 513e4bbfc32c x86/entry/64: Clear extra registers beyond syscall arguments, to reduce speculation attack surface
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 9 Jul 2018 15:25:35 +0000 (11:25 -0400)]
linux-yocto: igb.cfg: change igb config from m to y
Yocto Project reference board such as Minnowboard need IGB module to
enable ethernet networking. It need to bundle together with kernel when
use NFS boot without initramfs.
Signed-off-by: Mohamad Noor Alim Hussin <mohamad.noor.alim.hussin@intel.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 9 Jul 2018 15:25:34 +0000 (11:25 -0400)]
linux-yocto: add qemuarm -tiny support
Adding a BSP definition to the kernel-cache, creating a tiny branch for
board specific patches and finally setting the machine compatibility in
the linux-yocto-tiny recipe.
This is only the BSP definition and kernel configuration side of things,
more changes are necessary for full tiny distro support on qemumarm.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Lei Maohui [Mon, 9 Jul 2018 15:25:33 +0000 (11:25 -0400)]
linux-libc-headers: To fix build error when enable mutilib on aarch64 Big endian.
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
He Zhe [Wed, 4 Jul 2018 10:17:56 +0000 (03:17 -0700)]
lttng-tools: Allow reconnect to relayd
If relayd is started after connection attempt from consumerd it will
leave the session in disconnected state and causes the following
inconvenience. This is covered by an upstream feature, see
https://bugs.lttng.org/issues/883. Before it's done, this patches
allows users to reconnect to relayd.
Andre McCurdy [Fri, 6 Jul 2018 20:54:54 +0000 (13:54 -0700)]
gobject-introspection: avoid using += with an over-ride
Using += with an over-ride can be a source of confusion so try to
avoid the construct in core recipes.
The current usage functions correctly (it over-rides the default, ie
empty, value of EXTRA_OECONF and then PACKAGECONFIG derived options
are subsequently appended), however the += is unnecessary and can be
dropped.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jackie Huang [Thu, 29 Jun 2017 03:31:47 +0000 (11:31 +0800)]
dropbear: add default config file to disable root login
root login is disabled by default for openssh and we can
enable it through IMAGE_FEATURES 'debug-tweaks' or
'allow-empty-password', so change to the same default
behavior for dropbear.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
"allow root login" should not be bundled in ssh_allow_empty_password,
because some distro may want only one of "allow root login" and "allow
empty password", so split it out into ssh_allow_root_login and add new
imagefeature allow-root-login so they can be controlled separately,
debug-tweaks will still include both of them.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 6 Jul 2018 14:51:15 +0000 (15:51 +0100)]
meson: send user to our wiki instead of Meson bug system
If a CPU family isn't recognised the first step should be to verify the mapping.
Send the user to a wiki page explaining what to do, instead of directly to the
Meson bug tracker.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Fri, 4 May 2018 02:47:59 +0000 (10:47 +0800)]
testsdk.bbclass: set PREMIRRORS for kernel to speed up test
Currently if we do a testsdkext task for the image, it would take
very long time to finish. The time is mostly spent fetching kernel
source via network.
We have done some configuration in auto.conf, trying to make use
of own-mirrors.bbclass to avoid fetching kernel via network.
However, the solution normally does not work. Below is some log
from log.do_fetch.
The tar.gz file is not available. It is generated only if
BB_GENERATE_MIRROR_TARBALLS is set to "1". The default value of
BB_GENERATE_MIRROR_TARBALLS is "0", and according to the manual, users
need choose to set it to "1" only if they are trying to make a source
mirror. So generally, this var's value is "0".
Anyway, we do need to avoid fetching kernel source from network when
doing testsdkext. So set PREMIRRORS in auto.conf to achieve this.
After this change, the time reduces from 4209.131s to 1399.436s on
my local machine.
[YOCTO #12729]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andre McCurdy [Fri, 6 Jul 2018 03:49:05 +0000 (20:49 -0700)]
quilt.inc: avoid using += with an over-ride (drop unmaintained darwin support)
Using += with an over-ride can be a source of confusion so try to
avoid the construct in core recipes.
In this case, the _darwin over-ride seems to be unmaintained. It was
added in early 2013 but has not been accounted for in subsequent
updates to the recipe and (from inspection) now appears to be broken.
Remove the _darwin over-ride rather than try to debug or fix it.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andre McCurdy [Fri, 6 Jul 2018 05:07:02 +0000 (22:07 -0700)]
ca-certificates: avoid using += with an over-ride
Using += with an over-ride can be a source of confusion so try to
avoid the construct in core recipes.
In this case, the commit which added the over-ride seems to have been
buggy - the commit message mentions "add to SYSROOT_DIRS" rather than
a correct description of what the change actually did, ie "over-ride
SYSROOT_DIRS":
The commit also appears to have been unnecessary as ${sysconfdir} is
appended to SYSROOT_DIRS for -native recipes by default from within
staging.bbclass.
To workaround the bug introduced by the first commit, a subsequent
commit later added ${datadir}/ca-certificates to the over-ride value
(which would not normally be necessary as ${datadir} is included in
the default value of SYSROOT_DIRS - ie the value which was lost due
to being over-ridden):
Therefore the fix seem to be to remove the SYSROOT_DIRS over-ride
entirely - the default value of SYSROOT_DIRS set by staging.bbclass
includes both ${datadir} and ${sysconfdir} when building for -native.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Fri, 25 May 2018 02:54:46 +0000 (10:54 +0800)]
buildtools-tarball: add nativesdk-libnss-nis
Recent glibc change removed libnss-nis module from glibc and a new
recipe libnss-nis.bb was added.
After this change, we need to make sure nativesdk-libnss-nis is also
included in buildtools-tarball, otherwise, we may encounter the following
error when using 'tar' command from buildtools-tarball.
tar: relocation error: /lib/x86_64-linux-gnu/libnss_nis.so.2: \
symbol _nsl_default_nss version GLIBC_PRIVATE not defined \
in file libnsl.so.1 with link time reference
This error occured on my ubuntu16.04 host with 'nis' configured in
/etc/nssswitch.conf.
So add nativesdk-libnss-nis to buildtools-tarball to fix this problem.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Pablo Saavedra [Fri, 6 Jul 2018 09:50:23 +0000 (11:50 +0200)]
patch: Jail patch_task_patch_prefunc in classes/patch into the workdir
With PATCHTOOL=git patches the changes in the patch_task_postfunc
of the classes/patch. This works OK when the S dir is a Git repo
but doesn't if the source is a tarball.
The while condition in the patch_task_patch_prefunc must be
jailed into the WORKDIR. In the opposite, when you are executing
the recipe out of a Git subtree the function simply fails but when
your recipes are into a Git repo the patch_task_postfunc execute a
commit over your BSP local Git repo adding the changes in an
arbitrary Git repo found in the path from the SOURCE directory to
the '/'. This situation is highly probable in cases like ~home
directories under the control of a .git repo or Yocto BSP which
manage the meta layers as git submodules.
This patch fix the changes introduced in
classes/patch: when PATCHTOOL = "git" double-check the repository
commit: 86ab56b55164393924b5e688b20e8f3f3f8fc578
Author: Paul Eggleton <paul.eggleton@linux.intel.com>
Date: Tue Dec 5 14:36:58 2017 +1300
classes/patch: when PATCHTOOL = "git" double-check the repository
If a bug is present or the user has set PATCHTOOL = "git" on a source
tree that isn't git, if we try to perform git operations (such as
committing or changing branches) when extracting source, then we might
in fact be running those operations on the metadata repository if the
build directory is underneath, say, poky or OE-Core, and that could
make a mess. Check if the source tree is a git repository and refuse
to continue if it isn't.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 5 Jul 2018 12:29:29 +0000 (13:29 +0100)]
distutils: clean the build tree in do_configure
base_do_configure() tries to do "make clean" if there is a Makefile present.
For most recipes using distutils there is not a Makefile, but we do know that
"setup.py clean" will work so call that instead.
Signed-off-by: Ross Burton <ross.burton@intel.com>
util-linux.inc: add fallocate & unshare to alternatives
These binaries can be provided by busybox triggering a conflict in
do_rootfs so update-alternatives needs to know about them to properly
create the symlinks.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
with bind 9.11.2+ when the build host has lmdb installed, bind configure looks into
host headers and wrongly interprets that it should be enabling lmdb
disable lmdb to fix
| configure: error: found lmdb include but not library.
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It was breaking quite common use case that the dtb files are in
some subdirectory and then kernel build fails to build them.
As reported by khem:
http://lists.openembedded.org/pipermail/openembedded-core/2018-July/152578.html
me:
http://lists.openembedded.org/pipermail/openembedded-core/2018-July/152579.html
on raspberrypi3 build:
make[3]: *** No rule to make target 'arch/arm/boot/dts/dwc2.dtbo'. Stop.
arch/arm/Makefile:345: recipe for target 'dwc2.dtbo' failed
make[2]: *** [dwc2.dtbo] Error 2
Makefile:146: recipe for target 'sub-make' failed
and trevor on the IRC:
20:35:49 < tlwoerner> the recent 2e7f3b2b9318d1e5395ad58131eafb873f614326 commit in oe-core seems to cause dragonboard-410c's kernel to fail to build
20:36:26 < tlwoerner> for the dragonboard-410c, KERNEL_DEVICETREE is set to "qcom/apq8016-sbc.dtb" but the build failure is:
20:36:37 < tlwoerner> *** No rule to make target 'arch/arm64/boot/dts/dts/qcom/apq8016-sbc.dtb'. Stop.
20:36:44 < tlwoerner> i.e. the "qcom/" is getting removed
20:37:08 < tlwoerner> oops!!
20:37:33 < tlwoerner> wrong copy&paste, the actual error is:
20:37:36 < tlwoerner> *** No rule to make target 'arch/arm64/boot/dts/apq8016-sbc.dtb'. Stop.
20:37:53 < tlwoerner> i.e., the "qcom/" is being stripped out
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
oeqa/runtime/cases/parselog.py: ignore a message from weston
The following error message when starting core-image-weston is not
critical as long as the image could start up correctly. So extend
the common_errors list for parselog.py test case to ignore this
message.
logind: cannot setup systemd-logind helper (-61), using legacy fallback
[YOCTO #12835]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4
allows attackers to cause a denial of service (buffer over-read) or
information disclosure.
https://bugzilla.gnome.org/show_bug.cgi?id=775200
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Robert Yang [Tue, 26 Jun 2018 07:59:00 +0000 (15:59 +0800)]
nfs-utils: 2.1.1 -> 2.3.1
* Removed 001-configure-Allow-to-explicitly-disable-nfsidmap.patch,
the nfsidmap is enabled when --enable-nfsv4, so I added a
PACKAGECONFIG[nfsv4], and default is no since keyutils is not in oe-core by
default.
* Removed 0001-include-stdint.h-for-UINT16_MAX-definition.patch and
nfs-utils-1.2.3-sm-notify-res_init.patch since they are already in the
source.
* Taken two patches from git://git.alpinelinux.org/aports to fix build
with musl, and the nfs-utils-musl-res_querydomain.patch is for musl only.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Wed, 4 Jul 2018 09:15:12 +0000 (10:15 +0100)]
elfutils: clean up patches
In the upgrade a large number of Upstream-Status tags were dropped, so add them
back. I'm taking the stand that copying a patch Debian is carrying doesn't
count as a backport.
Remove two Debian-specific patches (one for Hurd, one for kfreebsd) so
we're not carrying useless patches.
Remove two patches that are no longer applied.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Otavio Salvador [Tue, 3 Jul 2018 12:34:34 +0000 (09:34 -0300)]
go: Update 1.10.2 -> 1.10.3
go1.10.3 (released 2018/06/05) includes fixes to the go command, and
the crypto/tls, crypto/x509, and strings packages. In particular, it
adds minimal support to the go command for the vgo transition.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otavio Salvador [Tue, 3 Jul 2018 12:34:33 +0000 (09:34 -0300)]
go: Update 1.9.6 -> 1.9.7
go1.9.7 (released 2018/06/05) includes fixes to the go command, and
the crypto/x509, and strings packages. In particular, it adds minimal
support to the go command for the vgo transition.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Olof Johansson [Tue, 3 Jul 2018 12:00:08 +0000 (14:00 +0200)]
rpm: Avoid leaking temporary scriplet files
RPM writes each package scriptlet (post-/preinstall) to
/var/tmp/rpm-tmp.XXXXXX --- a lot of files potentially gets created.
When debugging is enabled, these temporary scriptlet files aren't
cleaned up at all and after a while this results in the filesystem
resources are eaten up (like running out of available inodes).
Normally, the temporary files would have been written to the tmp
directory of the target sysroot (which we can easily clean up), but in
this tree, you can't necessarily run the scriptlets.
Fixes [YOCTO #12792]
Signed-off-by: Olof Johansson <olofjn@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Tue, 3 Jul 2018 04:11:57 +0000 (12:11 +0800)]
ccache: 3.3.5 -> 3.4.2
* The license file is changed to LICENSE.adoc, it is still GPLv3+.
* Removed Revert-Create-man-page-in-the-make-install-from-git-.patch, it was
used for fixing a build failure of no asciidoc, but now there is no such a
failure, so remove it.
* Refreshed 0002-dev.mk.in-fix-file-name-too-long.patch
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Tue, 3 Jul 2018 04:11:54 +0000 (12:11 +0800)]
e2fsprogs: 1.43.8 -> 1.44.2
- Rebased Revert-mke2fs-enable-the-metadata_csum-and-64bit-fea.patch
- Removed backport patch 0001-libext2fs-fix-build-failure-in-swapfs.c-on-big-endia.patch
- The LIC_FILES_CHKSUM changed because it updated the address, others are the same
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 3 Jul 2018 13:04:11 +0000 (14:04 +0100)]
meson: validate cpu_family
Meson has a defined list of known CPU families but these are not currently
validated, so mistakes in cross files or new architectures are not noticed.
Backport a patch from upstream which warns on unknown architectures, but tweak
it to fatally error instead. When we upgrade to Meson 0.47 the first half of
this patch can be dropped.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 3 Jul 2018 13:04:10 +0000 (14:04 +0100)]
meson: map architecture to correct values in cross file
The cross file specifies the host/target cpu_family, which should be one of a
defined set of values[1] but if it isn't Meson won't complain and instead
recipes may behave unexpectedly.
removed:
dont-test-on-host.patch, no longer implemented
drop use-python3-and-fix-install-lib-path.patch, they added the ability to pass in lib dir loctions
drop bind-confgen-build-unix.o-once.patch, fix included in update
Refresh other patches:
add python3 flag for PACKAGECONFIG to pull in python
add new config option --with-eddsa=no (needs openssl support not released)
Python support is disaled by default now.
Acked-by: Martin Hundebøll <mnhu@prevas.dk> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
include several CVE fixes.
CVE: CVE-2018-5733
CVE: CVE-2018-5732
LIC_CHKSUM_FILE updated to SPFX format
https://kb.isc.org/article/AA-01571
remove several patches now included in update.
Shared libarary support is now enabled in configure+lt, use it
and revert to autotools-brokensep
Refresh patches
Aligns support with bind 9.11.x
Add libxml2 support to configure.ac+lt
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paulo Neves [Mon, 2 Jul 2018 15:03:44 +0000 (17:03 +0200)]
kernel-devicetree: Corrected normalize_dtb
The normalize_dtb function was buggy because
it only converted from .dts suffix to .dtb
suffix if the user passed a full source path to
KERNEL_DEVICETREE containing the /dts/ path.
The problem is that if the user did that there
would be a warning.
On the othet hand if user just set the variable
KERNEL_DEVICETREE="file.dts" the bbclass translation
to the respective .dtb target did not occur and
make would fail saying it has no rule to make target
file.dts
This patch decouples the logic of having /dts/ in the
path from the target translation.
Signed-off-by: Paulo Neves <ptsneves@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kai Kang [Mon, 2 Jul 2018 01:15:34 +0000 (09:15 +0800)]
webkitgtk: 2.20.2 -> 2.20.3
Upgrade webkitgtk from 2.20.2 to 2.20.3.
* update context of 0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
* remove detect-atomics-during-configure.patch that webkitgtk 2.20.3
contains the commit of better solution, see
https://bugs.webkit.org/show_bug.cgi?id=161900#c9
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alex Kiernan [Wed, 20 Jun 2018 04:23:19 +0000 (04:23 +0000)]
kernel-fitimage: Make DTB key insertion optional
If UBOOT_DTB_BINARY is empty, then don't try inserting the U-Boot
signing keys into the DTB. In this configuration the keys are expected
to be already present in U-Boot's DTB.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
This is a function much like shutil.which or bb.utils.which, retaining
shutil.which-like function semantics, bb.utils.which's support for
returning available candidates for signatures, and most importantly,
supports wildcards, returning only the first occurrance of each found
pathname in the search path.
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Results in gcc-cross-canadian-mips failing to build due to the use
of an incorrect sysroot, fix this. All nativesdk pieces should be in
the same sysroot (unprefixed).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 2 Jul 2018 12:43:50 +0000 (12:43 +0000)]
staging: Improve fixup processing code
With the fixes to other parts of multilib, it was found that the fixup code's
assumptions about the recipe sysroot were incorrect. We need to use the value
calculated earlier in the function.
It turns out there is a rather neat way to do this which cleans up the code
as an added bonus.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 2 Jul 2018 09:05:17 +0000 (09:05 +0000)]
lib/oe/sstatesig: Fix task mappings from multilib<->non-multilib contexts
If we're in a multilib context already and want a non-multilib context
this function returned incorrect values.
Try and retain optimisations for the common case not needing to request
a datastore but allow the different multilib/non-multilib combinations
to work too.
This fixes bugs where rootfs generation of a multilib image would
write into incorrect locations, or be unable to find sstate manifest
files due to incorrect data stores being used to expand data.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 2 Jul 2018 08:59:34 +0000 (08:59 +0000)]
classes/utils: Improve all_multilib_tune_values
Currently there is duplication in the code, we can clean this up
by extending the multilib variants list.
This code also currently fails its its called from an existing multilib
context since its assumes the data store passed in is the non-multilib
case. When building an image, say lib32-core-image-sato, this leads to
incorrect PATH values.
To fix this, we also request a data store for the "" variant allowing
this corner case to be fixed and for the function to correctly return
values for each multilib even when a multilib is already selected.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 29 Jun 2018 16:33:26 +0000 (16:33 +0000)]
staging/image: Fix multilib recipe sysroot issues
Currently if you enable multilib, then build an image, the multilib
recipe sysroot is build in the wrong WORKDIR. If you then clean and
rebuild the image you see "file exists" errors.
This patch ensures the real WORKDIR is used consistently and then
cleans/rebuilds also work correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 2 Jul 2018 09:03:12 +0000 (09:03 +0000)]
lib/oe/utils: Improve get_multilib_datastore
Currently this function assumes that no multilib is applied and that
we're applying a multilib. This means if we're in multilib context
and want the non-multilib context we can't obtain it (and no other
function exists for this either).
Improve the function to allow this to be requested.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joe Slater [Thu, 21 Jun 2018 18:22:17 +0000 (11:22 -0700)]
postinst-intercepts: do not execute any variant of delay_to_first_boot
As of commit 2c5c6e3ff we create multilib variants of intercept
hooks but we did not account for delay_to_first_boot variants.
This was covered up until commit a335e7867, but will now cause
an error.
Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alp Özmert [Fri, 29 Jun 2018 15:41:02 +0000 (17:41 +0200)]
license: Fix and extend recommendations for license packages.
Changed package recommendations so that the license package of a
recipe is recommended for all packages of a recipe instead of for one
package given by the recipe name.
Pre-patch behaviour results in a missing recommendation when a recipe
does not have a package with the same name.
Signed-off-by: Alp Özmert <info@ib-oezmert.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alistair Francis [Fri, 25 May 2018 15:56:36 +0000 (08:56 -0700)]
recipes-kernel/linux: Enable NUMA Kconfig from MACHINE_FEATURES
If the user has set numa in their MACHINE_FEATURES we should enable
NUMA support in the kernel config.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Acked-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>