Jussi Kukkonen [Mon, 28 Aug 2017 12:46:35 +0000 (15:46 +0300)]
mesa: Support building without opengl
mesa can build certain things without opengl: most importantly vulkan
drivers.
Add comments on the dependencies between the packageconfigs. Also add
a few dependencies to packageconfigs. Modify default packageconfig to
do the reasonable thing based on distro features.
Add a backported patch to fix the build with --disable-opengl. Fix
do_install_append() so it works even if dri drivers are not built.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
signing-keys: do not use DISTRO_VERSION in key names
DISTRO_VERSION may contain the current date, and so is prone to mismatches
particularly when keys are created on one date, and dnf is configured to use the keys
on another date.
[YOCTO #11983]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 29 Aug 2017 15:51:27 +0000 (16:51 +0100)]
qemurunner: Tweak qemu pid starting timeout code
We're seeing timeouts in the autobuilder testing code. Increase these
timeouts to 120, print the length of time we're having to wait, change
the error messages to really be errors and don't print empty logs, its
not helpful, print a message about the empty log instead.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gettext.bbclass: do not add virtual/gettext to DEPENDS
gettext has a notoriously slow configuration step, and so in my testing
this greatly speeds up building core-image-minimal: from 21m36s to 19m2s
(empty sstate and tmp, but pre-populated downloads).
I have also built world, and core-image-sato to make sure it doesn't break
or modify the build, and there is no difference whatsoever in packages
and images content. Target gettext seems not to be used for anything.
Also fix up insane.bbclass to remove the corresponding QA check.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yeoh Ee Peng [Mon, 28 Aug 2017 19:02:01 +0000 (12:02 -0700)]
insane: add qa check for uppercase recipe name
Since we disabled uppercase characters in overrides a few releases
ago, uppercase characters in recipe names (and for that matter, distro
and machine names) cannot be supported due to their reliance upon
overrides including the name.
QA check will produce an warning message when it verify that recipe
name is uppercase.
[YOCTO# 11592]
Signed-off-by: Yeoh Ee Peng <ee.peng.yeoh@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Mon, 28 Aug 2017 20:29:31 +0000 (15:29 -0500)]
libsdl: Move PACKAGECONFIG options from meta-mingw
There is no way to make PACKAGECONFIG options sdkmachine specific using
overrides. This causes potential failures when running the Yocto Project
compatible script. Moving these to the OpenEmbedded Core recipe will
ensure that the options are always applied evenly and avoid any potential
problems with the compatible script.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tobias Hagelborn [Fri, 25 Aug 2017 11:32:38 +0000 (13:32 +0200)]
devtool: deploy-target: Support stripped libs and execs
New devtool deploy-target option --strip which enables deploying
stripped binaries, saving some space on target.
* Copies the files of ${D} into a new directory and strips them in place
* Used oe.package.strip_execs for stripping directory
* Added devtool.conf option "strip" for changing default behavior
Config example:
[Deploy]
strip = true
[YOCTO #11227]
Signed-off-by: Tobias Hagelborn <tobiasha@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Fri, 25 Aug 2017 20:12:29 +0000 (23:12 +0300)]
wic: setlftest: test expanding MBR image
Added test_expand_mbr_image test case to the wic oe-selftest suite.
The test expands directdisk wic image to 1Gb target, checks if it's
expanded correctly and boots it in qemu to make sure the image
is bootable, i.e. bootloader, kernel, boot and root partitions
are still functional.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Fri, 25 Aug 2017 20:12:25 +0000 (23:12 +0300)]
wic: added 'fstypes' parameter to Disk.__init__
This parameter specifies list of supported filesystems.
So far only 'fat' is supported, but 'wic write' is going
to support at least 'fat', 'ext' and 'swap'.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Fri, 25 Aug 2017 20:12:22 +0000 (23:12 +0300)]
wic: reimplement getting paths of used tools
So far every used tool have to have separate property and
private attribute in the Disk class. This is too verbose,
considering that there will be much more tools used.
Reimplemented getting tools paths using custom __getattr__
method. This is much more compact and readable.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andre McCurdy [Fri, 25 Aug 2017 20:36:31 +0000 (13:36 -0700)]
terminal.py: fix devshell with mate-terminal
Without the --disable-factory option, mate-terminal fails to start
with the error:
| There was an error creating the child process for this terminal
| Failed to execute child process "oe-gnome-terminal-phonehome" (No such file or directory)
apparently based on an assuption that mate-terminal continues to
track gnome-terminal since forking from it. However, based on the
mate-terminal man page in the upstream master branch, the option is
still supported:
https://github.com/mate-desktop/mate-terminal
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andre McCurdy [Fri, 25 Aug 2017 20:36:30 +0000 (13:36 -0700)]
terminal.py: avoid 100% cpu while waiting for phonehome pid file
Some of the less common terminal types haven't been tested with the
recent phonehome pid file changes and there may be error cases where
the pid file is never created.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Asselstine [Sat, 26 Aug 2017 18:58:58 +0000 (14:58 -0400)]
gnome-themes-standard: drop .la file as unused
oe-core commit 51b3ee298635b11d5784caaa0ac1c8f4034c25a5
[gnome-themes-standard: Fix packages so dev-pkgs image generation
works] disabled generation of the -dev pkg. Since a libtool archive
file was no longer being picked up by the -dev pkg the build will fail
with a QA issue (if ERROR_QA includes installed-vs-shipped):
ERROR: gnome-themes-standard-3.22.3-r0 do_package: QA Issue:
gnome-themes-standard: Files/directories were installed but not
shipped in any package:
/usr/lib64/gtk-2.0/2.10.0/engines/libadwaita.la
The libtool archive file is mostly useless in modern Linux with a
single shared library file so instead of including this in the -dev
pkg we simply drop it.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sun, 27 Aug 2017 08:21:10 +0000 (09:21 +0100)]
staging: Ensure dependencies are removed before being added
Currently items are added to the sysroot, the obsolete items are removed. If
a change such as pkgconfig -> pkgconf is made, this leads to conflicts of
overlapping files in the sysroot.
In order to better support this, handle removing items before adding them.
This requires some minor refactoring to construct the installed list
before the main function loop, otherwise there are no changes in this
patch other than reordering the operations.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 26 Aug 2017 22:30:39 +0000 (23:30 +0100)]
staging: Avoid sysroot removal races
Currently a task could remove a dependency needed by another task leading
to build failures, often due to missing dependencies (e.g. dynamic libraries
not being found). This was often seen for all-arch recipes in package_write_rpm.
When removing a dependency, first check that no other task active for the
recipe has that same dependency.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Otavio Salvador [Thu, 24 Aug 2017 18:06:51 +0000 (15:06 -0300)]
mesa: Upgrade to 17.1.7 release
This is a bugfix release and has following upstream bugs as noteworth:
Bug 101334 - AMD SI cards: Some vulkan apps freeze the system
Bug 101766 - Assertion `!"invalid type"' failed when constant expression involves literal of different type
Bug 102024 - FORMAT_FEATURE_SAMPLED_IMAGE_BIT not supported for D16_UNORM and D32_SFLOAT
Bug 102148 - Crash when running qopenglwidget example on mesa llvmpipe win32
Bug 102241 - gallium/wgl: SwapBuffers freezing regularly with swap interval enabled
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 24 Aug 2017 13:08:45 +0000 (14:08 +0100)]
bitbake.conf: Drop usage of build/BUILD_SYS and target/TARGET_SYS conf files
Its been highlighted that TARGET_SYS can be changed by MACHINE and DISTRO files
so this doesn't work at all today. build/ configuration files also don't see to
be used. Drop these forms of include files for those reasons and simplfy the code
slightly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Zhang Xiao [Fri, 25 Aug 2017 00:42:38 +0000 (08:42 +0800)]
bash: memleak bug fix for builtin command read
Built in command "read" with "-e" use Readline to obtain the line
in an interactive shell. In this process, a string "rlbuf" is
just allocated without free operation thus cause memory leak.
This patch had been submitted to upstream:
http://lists.gnu.org/archive/html/bug-bash/2017-02/msg00061.html
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Fri, 25 Aug 2017 02:56:56 +0000 (10:56 +0800)]
taglib: Security fix CVE-2017-12678
CVE-2017-12678: In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted audio file.
Yi Zhao [Fri, 25 Aug 2017 02:11:20 +0000 (10:11 +0800)]
e2fsprogs: fix ptest script
* Fix hardcoded path for ptest script which would cause failure on
mulitilib:
ls: cannot access '/usr/lib/e2fsprogs/ptest/test/[a-zA-Z]_*': No such file or directory
./test_script: line 54: /usr/lib/e2fsprogs/ptest/test/test_post: No such file or directory
* Add missing '$' for shell variable reference
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Sat, 19 Aug 2017 17:26:59 +0000 (10:26 -0700)]
db: Add --tag parameter to libtool invocation
Fix do_configure to be able to regenerate configure files
Use cross libtool as installed by OE, as done in normal autotooled recipes
These changes help in invoking the libtool with proper tags for C
and C++ compiler and linker invocation and not use same tag across all
different invocations
Fixes errors like
libtool: compile: unable to infer tagged configuration
libtool: compile: specify a tag with `--tag'
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 24 Aug 2017 14:09:53 +0000 (15:09 +0100)]
ca-certificates: Fix postinst dependency issues
We were relying on running ca-certificates from the -native version. This
meant the host and target path layouts had to match which might not be true,
it certainly isn't true for the sdk builds.
There was a dependency on run-parts which wasn't represented (we can get it
from busybox or debianutils).
Since this is an allarch script, call the script directly, making sure debianutils
and openssl are available as postinst rootfs time to resolve the issues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 24 Aug 2017 12:10:12 +0000 (13:10 +0100)]
populate_sdk_ext: Add BB_SERVER_TIMEOUT to SDK_LOCAL_CONF_BLACKLIST
Whilst this should work we see failures in testsdkext at the moment when
this is set. Add this to the blacklist for now until we can fix these issues
meaning we can at least test BB_SERVER_TIMEOUT in other scenarios.
Bug 119733 has been opened to track this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Wed, 23 Aug 2017 19:20:20 +0000 (15:20 -0400)]
kernel-yocto: relax BSP definition test
commit 44aea7b873 [kernel-yocto: ensure that only valid BSPs are built]
introduced a new check to ensure that a valid BSP definition was found,
rather than building something that 'closely' matched the current
MACHINE.
This check breaks valid configurations which do not have a bsp
definition but are otherwise completely configured machines.
To allow both elements to co-exist (and not add warnings or errors
to otherwise valid builds), we first check to see if an empty bsp
definition was found, but then check to see if a defconfig was
provided.
If a defconfig has been provided, that is a sign that the board
configuration is complete and we should continue the build without
otherwise bothering the user.
Tested on meta-raspberrypi and linux-yocto*
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Tue, 22 Aug 2017 01:23:12 +0000 (18:23 -0700)]
testimage.bbclass: update comments
It's very important to add IMAGE_CLASSES += "testimage" in local.conf firstly,
otherwise the var like TEST_LOG_DIR (defined in testimage.bbclass) will not be
in testdata.json.
[YOCTO #11547]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Tue, 22 Aug 2017 01:23:05 +0000 (18:23 -0700)]
runtime/cases/_ptest.py: revive it
* Make it work with current oeqa
* Skip the test if ptest is not in DISTRO_FEATURES
* Skip the test if ptest-pkgs is not in IMAGE_FEATURES
* The logs are saved to:
testimage/ptest_log -> testimage/ptest_log.<datetime>
* This provides data that could be used to detect regressions in ptest results
[YOCTO #11547]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OE-Core commit 1df60b09f7a60427795ec828c9c7180e4e52f98c caused a
regression in npm handling since it still expected to be able to get the
results of the license handling, but this no longer happens until after
the npm plugin is called. Thus, call the license handling function
ourselves here (which will record this as having been handled so it
doesn't get done again later).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Wed, 23 Aug 2017 12:14:47 +0000 (00:14 +1200)]
recipetool: create: fix broken import in npm module
With "import oe" in create_npm.py you get "AttributeError: module 'oe'
has no attribute 'package'" when it tries to call
oe.package.npm_split_package_dirs().
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 22 Aug 2017 21:58:02 +0000 (22:58 +0100)]
runqemu: Use virtio to mount cdrom drives
The IDE driver in the kernel is fragile and in 4.12 is causing backtraces.
To unblock 4.12 kernel merging use the virtio CD driver instead to mount
iso images which should be faster and more stable.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jackie Huang [Tue, 22 Aug 2017 06:34:24 +0000 (14:34 +0800)]
initscripts: split sushell into sub package
* sushell is required by systemd service debug-shell
when selinux is enabled, but it doesn't make sense
to make systemd depend on initscripts, so split sushell
into sub package initscripts-sushell.
* The bash dependency has been removed by:
''' 4917e36a77bd6821b45db52caa43939d344d92f6
initscripts: Fix regression for requiring /bin/bash
'''
so remove bash from RDEPENDS when selinux is enabled.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ibt-firmware was not packaged separately and was part of big linux-firmware
package. Packaging allows to install it separately, according to requirements.
Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Maxin B. John [Mon, 21 Aug 2017 15:09:45 +0000 (18:09 +0300)]
pkgconf: add recipe
pkgconf is a better replacement for pkg-config. Fedora 26 replaces the
system pkg-config implementation with pkgconf because it "provides better
support for handling .pc files and a stable library ABI/API for integrating
into applications." and is actively maintained, unlike pkg-config.
pkgconf aims to offer many improvements over pkg-config such as faster/more
efficient dependency resolver which "allows for the user to more conservatively
link their binaries -- which may be helpful in some environments, such as when
prelink(1) is being used.
pkgconf also aims to provide a more complete implementation of pkg-config.
The features most likely to benefit the Yocto Project build system are the
faster/more efficient dependency resolution and linker flag optimisation.
Move pkgconf recipe to oe-core from meta-pkgconf:
https://github.com/kergoth/meta-kergoth-wip/tree/master/meta-pkgconf
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ming Liu [Mon, 21 Aug 2017 11:45:52 +0000 (13:45 +0200)]
meta: move some text from oe-setup-builddir to conf-notes.txt
This allows the end users to be able to override the entire notes
showing on the shell console. For instance, Our company uses a
external conf-notes.txt, and we run bitbake with some extra variables,
looks like: F=xxx D=xxx M=xxx bitbake <target>, so we want to show
exactly these texts on the shell console, that's why we need this
change.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Before GNU tar 1.24, only the archive creation command had the '-h'
argument to preserve and follow symlinks. After >= 1.24 via commit 14efeb9f956e38d7be (tar: --dereference consistency) the capability to
preserve symlinks was also added to the archive extraction command.
-h is default at archive creation but is not default at extraction,
meaning that it will replace symlinks with directories even if the
original filesystem directory tree and archive contains them.
Add -h to the copyhardlinktree extraction step so the build can
support symlinks in variables like ${DEPLOY_DIR_IPK/RPM/DEB}.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Juro Bystricky [Sat, 19 Aug 2017 17:21:57 +0000 (10:21 -0700)]
python2.7: improve reproducibility
The compiled .pyc files contain time stamp corresponding to the compile time.
This prevents binary reproducibility. This patch allows to achieve binary
reproducibility by overriding the build time stamp by the value
exported via SOURCE_DATE_EPOCH.
Patch by Bernhard M. Wiedemann, backported from https://github.com/python/cpython/pull/296
[YOCTO#11241]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 21 Aug 2017 02:58:22 +0000 (22:58 -0400)]
linux-yocto/4.10: CVE & misc fixes
Updating the 4.10 SRCREVs to import the following changes:
65370fa249e2 drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() 530ec12a0cb0 ACPICA: Namespace: fix operand cache leak b1098b5bbded char: lp: fix possible integer overflow in lp_setup() 56ee0c7811e5 dccp/tcp: do not inherit mc_list from parent 9f6cbd022bba nfsd: encoders mustn't use unitialized values in error cases 084036ebc243 nfsd: fix undefined behavior in nfsd4_layout_verify 973f780eeaa6 xen-blkback: don't leak stack data via response ring 20c4b5015fea brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() 1dff0f28b490 ipx: call ipxitf_put() in ioctl error path d666a8e60a45 mm: fix new crash in unmapped_area_topdown() 73d059ba1a17 mm: larger stack guard gap, between vmas
Bruce Ashfield [Mon, 21 Aug 2017 02:58:21 +0000 (22:58 -0400)]
kernel-yocto: ensure that only valid BSPs are built
There was a bug in the search routines responsible for locating
BSP definitions which returned a valid match if only the ktype
matched.
This meant that someone looking for "qemux86foo" (which is an
invalid definition) would potentially end up building "qemuarm"
and be none the wiser (until it didn't boot).
With this fix to the tools search routine, and improved return
code testing, we will now stop the build and report and error to
the user.
[YOCTO: #11878]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 21 Aug 2017 02:58:20 +0000 (22:58 -0400)]
qemu: bump default version to 4.12
Not all the qemu machines carry default kernel specifications.
While we could drop these references, we'll bump them to 4.12
to pick up the latest and remove them in future commits.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Tue, 22 Aug 2017 16:00:14 +0000 (12:00 -0400)]
linux-yocto: introduce 4.12 recipes
The 4.12 kernel will be the default/reference for the fall 2017
release.
These recipes represent the introduction of 4.12.7 + related kernel
meta data. Existing functionality has been validated against this
new kernel version, and older versions will be removed in separate
commits.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 21 Aug 2017 02:58:15 +0000 (22:58 -0400)]
linux-yocto/4.1: fix fsl-ls10xx sdhci
mmc: sdhci: fix two compile errors
| CC drivers/mmc/host/sdhci.o
| drivers/mmc/host/sdhci.c: In function 'sdhci_execute_tuning':
| drivers/mmc/host/sdhci.c:1990:4: error: implicit
| declaration of function 'sdhci_do_reset'
| [-Werror=implicit-function-declaration]
| sdhci_do_reset(host, SDHCI_RESET_CMD);
| ^
| drivers/mmc/host/sdhci.c:2006:7: error: 'struct
| mmc_command' has no member named 'busy_timeout'
| cmd.busy_timeout = 50;
| ^
In function sdhci_execute_tuning, replace sdhci_do_reset
with sdhci_reset, replace busy_timeout with cmd_timeout_ms.
Commit a629a90ba0 adds eMMC DDR mode support for t2080qds and
modified some data structures and function name. Later
commit a2080cc280 just backport upstream commit 61e53bd004
without aligning the current source tree thus cause
these build errors. Fix them.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joe Slater [Tue, 22 Aug 2017 21:14:46 +0000 (14:14 -0700)]
ghostscript: CVE-2017-9727, -9835, -11714
CVE-2017-9727: make bounds check in gx_ttfReader__Read more robust
CVE-2017-9835: bounds check the array allocations methods
CVE-2017-11714: prevent trying to reloc a freed object
Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Tue, 22 Aug 2017 22:10:20 +0000 (00:10 +0200)]
grub2: fix build on gcc where _FORTIFY_SOURCE is defined
* e.g. with gentoo gcc-7.1 they define _FORTIFY_SOURCE by default with:
https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/gcc/7.1.0/gentoo/10_all_default-fortify-source.patch?view=markup
which results in following error while building grub-efi-native:
./config-util.h:1504:48: error: this use of "defined" may not be portable [-Werror=expansion-to-defined]
|| (defined _FORTIFY_SOURCE && 0 < _FORTIFY_SOURCE \
^~~~~~~~~~~~~~~
this part comes from gnulib and it's used only for Apple and BSD,
so we can ignore it, but we cannot add -Wno-error=expansion-to-defined
because this warning was introduced only in gcc-7 and older gcc
will fail with:
cc1: error: -Werror=expansion-to-defined: no option -Wexpansion-to-defined
use #pragma to work around this
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ruslan Bilovol [Tue, 22 Aug 2017 11:06:40 +0000 (14:06 +0300)]
machine-sdk: oldest kernel for x86/x86_64 is 3.2.0 now
With glibc upgrade to 2.26 release (commit d6a0bc57fa07
"glibc: Upgrade to 2.26 final release") it's not possible
to build x86/x86_64 SDK for kernels lower than 3.2.0
(see glibc commit 139ace95756a "Require Linux kernel 3.2
or later on x86 / x86_64.")
Thus drop SDK_OLDEST_KERNEL overrides from machine-specific
conf files, so default version 3.2.0 from conf/bitbake.conf
will be picked up.
Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Mon, 21 Aug 2017 20:56:59 +0000 (22:56 +0200)]
libcheck: fix file-rdeps QA issue
* Fixes:
ERROR: nativesdk-libcheck-0.10.0-r0 do_package_qa: QA Issue: /usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/bin/checkmk contained in package nativesdk-libcheck requires /usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/bin/gawk, but no providers found in RDEPENDS_nativesdk-libcheck? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
