Multiple format string vulnerabilities in the parse_error_msg
function in parsehelp.c in dpkg before 1.17.22 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via format string specifiers in the (1) package or (2)
architecture name.
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before
1.17.25 allows remote attackers to bypass signature verification
via a crafted Debian source control file (.dsc).
Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Shan Hai [Wed, 29 Apr 2015 08:53:09 +0000 (16:53 +0800)]
grub2: fix initrd size restriction bug
The current grub2 fails on loading large initrd file (> 500M) since
the initrd size is added to the addr_min and causes the failure.
Fix it by picking a patch from grub2 upstream.
Signed-off-by: Shan Hai <shan.hai@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Tue, 28 Apr 2015 03:43:27 +0000 (20:43 -0700)]
openssl: remove 3 patches
Removed:
- openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
- upgate-vegsion-script-for-1.0.2.patch
Since they are already in the source.
- make-targets.patch
It removed test dir from DIRS, which is not needed any more since we
need build it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Wed, 29 Apr 2015 09:09:18 +0000 (02:09 -0700)]
python-numpy: remove 2 dangling patches
Removed:
- unbreak-assumptions.diff
This patch changs the dir to /non-existant-dir, the source code has
changed the dir to /deadir, so it is not needed any more.
- trycompile.diff
There is no try_compile or try_run in numpy/core/setup.py any more, so
assumed that it is not needed.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jussi Kukkonen [Wed, 29 Apr 2015 13:33:20 +0000 (16:33 +0300)]
mesa: Upgrade 10.4.4 -> 10.5.4
* Remove patches that are no longer needed
* git build depends on python module mako. Inherit pythonnative
for this
* source directory changed: default S is now correct in mesa recipe,
but still needs to be set in mesa-gl
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 29 Apr 2015 09:36:27 +0000 (10:36 +0100)]
default-distrovars: Clean up gcc license issues
There are several entries here which are not needed with the
modern license handling code:
gcc-source - moved to direct handling in base.bbclass
(due to version appended to the name)
libgcc - Listed as GPLv3 exception for its packages
libgcc-initial - Listed as GPLv3 exception
gcc-runtime - Indivisual packages listed as GPLv3 exception where appropriate
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 29 Apr 2015 09:35:38 +0000 (10:35 +0100)]
libgcc-initial: Correctly reflect libgcc LICENSE
In an effort to clean up some of the license handling, correctly set the
LICENSE of libgcc-initial to be the same as libgcc which has a GPLv3
exception.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 29 Apr 2015 09:35:00 +0000 (10:35 +0100)]
gcc-shared-source: Add PV to PN
This means you can have one gcc version for some gcc recipes
(e.g. crosssdk/nativesdk) and another gcc version for target code.
Also remove the preferred version entry from the default toolchains
list since the version issue is now handled automatically.
We also need to specifically handle gcc-source in the license handling
code since expanding ${PV} in the base class isn't possible. Since
gcc-source doesn't generate any packages directly this shouldn't be
an issue and whitelisting in this way is easiest (and matches the
rest of the toolchain handling).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Created separate group of hardlinks for the files inside
the same package. This should prevent stripped files to be
populated outside of package directories.
This turns out not to be straightforward and has overlap with the
other hardlink handling code in this area. The code is condensed
into a more concise and documented form.
[Original patch from Ed with tweaks from RP]
[YOCTO #7586]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 28 Apr 2015 10:51:12 +0000 (11:51 +0100)]
autotools: Fix find races on source directory
In a similar way to http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=aa1438b56f30515f9c31b306decef7f562dda81f
there are more find races in the autotools class.
For recipes with PACKAGES_remove = "${PN}", the find which removes
.la files can race against deletion of other directories in WORKDIR
e.g.:
find: '/home/autobuilder/yocto-autobuilder/yocto-worker/nightly-oe-selftest/build/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0-r7/sstate-build-populate_lic': No such file or directory
| WARNING: /home/autobuilder/yocto-autobuilder/yocto-worker/nightly-oe-selftest/build/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0-r7/temp/run.do_configure.6558:1 exit 1 from
| find /home/autobuilder/yocto-autobuilder/yocto-worker/nightly-oe-selftest/build/build/tmp/work/qemux86_64-poky-linux/init-ifupdown/1.0-r7 -name \*.la -delete
Fix the remaining races in the same way.
[YOCTO #7522]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 28 Apr 2015 10:50:26 +0000 (11:50 +0100)]
testimage: Improve sdk handling of TEST_SUITES
Currently TEST_SUITES is used for both target image and sdk versions which
can be confusing. This introduces TEST_SUITES_SDK for the sdk version of
the code so that the different test sets can be specified independently.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bdfReadCharacters: ensure metrics fit into xCharInfo struct
We use 32-bit ints to read from the bdf file, but then try to stick
into a 16-bit int in the xCharInfo struct, so make sure they won't
overflow that range.
Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Fri, 24 Apr 2015 16:13:53 +0000 (12:13 -0400)]
kern-tools: unify meta directory detection
It is possible that recipe specific tasks, or build processes drop
files into the kernel source directory. These files can cause problems
with the meta data detection in the kern-tools.
With this change, we have a single unified meta data detection routine,
that logs the result in a new file ".metadir", which subsequent scripts
can find, and use, thereby avoid repeating the same check many times.
We also enhance the check to look for a sentinel file in a proper meta
directory, to avoid false positives when an unexpected kernel process
leaves an uncommitted directory in the kernel dir.
[YOCTO: #7441]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alexander Cherepanov discovered that bsdcpio, an implementation of the "cpio"
program part of the libarchive project, is susceptible to a directory
traversal vulnerability via absolute paths.
Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An out of bounds read access in the UTF-8 decoding can be triggered with
a malformed file in the tool less. The access happens in the function
is_utf8_well_formed due to a truncated multibyte character in the sample
file.
The bug does not crash less, it can only be made visible by running less
with valgrind or compiling it with Address Sanitizer.
Version 475 of less contains a fix for this issue. The file version.c
contains some entry mentioning this issue (without any credit):
- v475 3/2/15 Fix possible buffer overrun with invalid UTF-8
The fix is in the file line.c. We derive this patch from:
Robert Yang [Thu, 23 Apr 2015 09:15:20 +0000 (02:15 -0700)]
kernel-devsrc: depends on virtual/kernel:do_install
The linux-yocto.inc may remove the meta dir:
do_install_append(){
if [ -n "${KMETA}" ]; then
rm -rf ${STAGING_KERNEL_DIR}/${KMETA}
fi
}
Which may cause the error:
[snip]
find: `./meta/cfg/kernel-cache/bsp/altera-socfpga/0073-FogBugz-116676-Align-clk.c-with-kernel.org.patch': No such file or directory
find: `./meta/cfg/kernel-cache/bsp/altera-socfpga/0047-FogBugz-90657-Fix-SD-MMC-driver-for-VT.patch': No such file or directory
find: `./meta/cfg/kernel-cache/bsp/altera-socfpga/0006-spi-qspi-cadence-Add-spi-and-qspi-driver.patch': No such file or directory
[snip]
cpio: ./meta/scripts/kgit-config-cleaner: Cannot stat: No such file or directory
cpio: ./meta/scripts/kgit-s2q: Cannot stat: No such file or directory
cpio: ./meta/scripts/kgit-clean: Cannot stat: No such file or directory
[snip]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Thu, 23 Apr 2015 09:15:19 +0000 (02:15 -0700)]
gnu-efi: fix parallel issue
Fixed:
Assembler messages:
Fatal error: can't create runtime/rtlock.o: No such file or directory
Assembler messages:
Fatal error: can't create runtime/rtdata.o: No such file or directory
Assembler messages:
Fatal error: can't create runtime/vm.o: No such file or directory
Assembler messages:
Fatal error: can't create runtime/efirtlib.o: No such file or directory
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Building libgcc-initial with IceCC enabled can fail with the CPP sanity
check error in the following case (using ARM for example):
* sysroot contains cross gcc built for another ARM variant
* sysroot contains initial cross gcc built to suit the target machine
* bitbake tries to configure libgcc-initial
* libgcc-initial calls icecc wrapper
* icecc wrapper calls non-initial cross gcc via the full path
* non-initial cross gcc looks for the headers in the wrong place
* BOOM
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ken Sharp [Tue, 21 Apr 2015 15:35:45 +0000 (10:35 -0500)]
udev-cache: improve error handling
If an error occurs while the udev cache is being populated, the system
is left in a state where udev is stopped. Remedy this with a clean up
function to restart udev and remove any intermediate files.
Signed-off-by: Ken Sharp <ken.sharp@ni.com> Reviewed-by: Ben Shelton <ben.shelton@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
populate_sdk_base: also record the host part into manifest
For now, we can create manifest for the target part for SDK.
I think it's nice to have a place for users to look into to examine contents
of the host part of SDK.
This also affects uninative-tarball and buildtools-tarball as they
inherit populate_sdk.bbclass. After this change, we could have a manifest file
created in the deploy directory containing a list of packages used to
construct them.
[YOCTO #7604]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 23 Apr 2015 14:42:42 +0000 (15:42 +0100)]
ptest: add recommends to ptest-runner
If you're installing ptest packages into an image there's a good chance
you want to run the tests. Assist with this by recommending
ptest-runner in the -ptest packages.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Tue, 21 Apr 2015 13:01:55 +0000 (14:01 +0100)]
mkefidisk.sh: fix hanging on non-writeable device
If cleanup() is called early on, as happens when the device isn't
writeable, then none of the mount point variables are set; thus the
script was calling grep with only one argument and appeared to hang
since it was waiting for input on stdin.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Mon, 27 Apr 2015 09:53:21 +0000 (10:53 +0100)]
devtool: update-recipe: check if source tree is a git repository
If you've done "devtool add" (or "devtool modify" without -x) then it's
possible that the external source tree is not a git repository, so we
should handle that case here instead of printing a traceback.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Mon, 27 Apr 2015 09:53:19 +0000 (10:53 +0100)]
devtool: reset: avoid errors in case file no longer exists
If you manually delete files in the workspace layer (which you really
shouldn't) it was possible to get yourself into the situation where you
couldn't reset because we were attempting to check if the file had been
modified and erroring out if it couldn't be opened. If the file's not
there anymore there's not much point checking if it needs to be
preserved, just skip it.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Lehtonen [Mon, 27 Apr 2015 09:53:14 +0000 (10:53 +0100)]
devtool: modify: implement --no-same-dir
This option can be used to have a separate build directory, in order to
keep the srctree directory clean for packages that do not need to be
built in the source directory.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Lehtonen [Mon, 27 Apr 2015 09:53:13 +0000 (10:53 +0100)]
devtool: modify: use B=S if that is the default for the recipe
Makes the build succeed for packages which do not support separate build
directory, e.g. zlib. The same outcome could be achieved with the
--same-dir option, but, it's generally hard to tell if a random package
would need that option. The negative side effect of this patch is that
dev srctree (of some packages that build fine without this modification)
gets dirtied by build artefacts.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Acked-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Fri, 24 Apr 2015 16:13:54 +0000 (12:13 -0400)]
linux-yocto/3.19: configuration updates and stable integration
Bumping the linux-yocto 3.19 SRCREVs to integrate the 3.19.5 korg
stable updates, as well as the following meta data changes:
205aca0c1241 meta: intel-common: Enable USB-based Bluetooth hardware b6a810e8e808 meta: features/bluetooth: add support for USB Bluetooth hardware 767f3fa34680 common-pc-drivers: Add CONFIG_EEPROM_AT24 e308b2c52519 intel-core*: Add Braswell soc support 8c1c74d5052b braswell: Add features/soc/braswell
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Egypt will not observe DST in 2015 and will consider canceling it
permanently. For now, assume no DST indefinitely.
(Thanks to Ahmed Nazmy and Tim Parenti.)
Changes affecting past time stamps
America/Whitehorse switched from UTC-9 to UTC-8 on 1967-05-28, not
1966-07-01. Also, Yukon's time zone history is documented better.
(Thanks to Brian Inglis and Dennis Ferguson.)
Change affecting past and future time zone abbreviations
The abbreviations for Hawaii-Aleutian standard and daylight times
have been changed from HAST/HADT to HST/HDT, as per US Government
Printing Office style. This affects only America/Adak since 1983,
as America/Honolulu was already using the new style.
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| insserv.c:997:5: note: each undeclared identifier is reported only
once for each function it appears in
| insserv.c:997:15: error: expected ';' before 'char'
| extension char buf[strlen(myname)+2+strlen(fmt)+1];
| ^
| insserv.c: In function 'main':
| insserv.c:2379:5: error: 'extension' undeclared (first use in this
function)
| extension char * argr[argc];
| ^
| insserv.c:2379:15: error: expected ';' before 'char'
| extension char * argr[argc];
| ^
| insserv.c:2401:2: error: 'argr' undeclared (first use in this
function)
| argr[c] = (char*)0;
| ^
Change-Id: I36b7fb9e8baeda5a7cc252da10c0527401248226 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0.28 was released 2 years ago and bunch of patches
have gone in since. The commit rate is quite low
so its not a lot of churn to use. We have backports
for few bugs that are removed. Git version of recipe is removed too
since its no longer needed
Change-Id: I4b57db15320c76b1de5d26a733e60436663ff34a Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
we need to stop the preprocessor from generating the #line directives
or we run into issues like
| checking for apr_int64_t Python/C API format string...
| configure: error: failed to recognize APR_INT64_T_FMT on this platform
| Configure failed. The contents of all config.log files follows to aid
debugging
| ERROR: oe_runconf failed
Rightly subversion should be fixed but lets leave that to subversion
folks
Change-Id: I02a89798ff949f79967ab0a73adcddaa4218662d Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruno Bottazzini [Wed, 22 Apr 2015 17:01:10 +0000 (14:01 -0300)]
systemd 219 -> system 219-stable
The upstream systemd git repo only contains the main systemd branch that
progresses at a quick pace, continuously bringing both bugfixes and new features.
Distributions usually prefer basing their releases on stabilized versions
that receive the bugfixes but not the features.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This task is meaningless for uninative-tarball as the package task
has been deleted. Besides, sometimes it would cause problems. To
reproduce, use the following command.
bash: explicitly define NON_INTERACTIVE_LOGIN_SHELLS in CFLAGS
If NON_INTERACTIVE_LOGIN_SHELLS is defined, all login shells read the
startup files, even if they are not interactive.
This is the behaviour of other major distros like Ubuntu and Fedora.
We also need to set it so that when executing `su -l xxx -c env' command,
/etc/profile is parsed.
[YOCTO #5359]
[YOCTO #7137]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0001-su.c-fix-to-exec-command-correctly.patch is removed. Below is the reason.
This patch is introduced to solve the 'su: applet not found' problem when
executing `su -l xxx -c env'. The patch references codes of previous release
of shadow. However, this patch introduces bug#5359. So it's not correct.
Let's first look at the root cause of 'su: applet not found' problem.
This problem appears when /bin/sh is provided by busybox.
When executing `su -l xxx -c env' command, the following function is invoked.
execve("/bin/sh", ["-su", "-c", "env"], [/* 6 vars */])
Note that the argv[0] provided to new executable file (/bin/sh) is "-su".
As /bin/sh is a symlink to /bin/busybox. It's /bin/busybox that is executed.
In busybox's appletlib.c, it would examine argv[0], try to find an applet
that has the same name, and then try to execute the main function of the
applet. This logic results in `su' applet from busybox to be executed.
However, we default to set 'BUSYBOX_SPLIT_SUID' to "1", so 'su' is not found.
Further more, even if we set 'BUSYBOX_SPLIT_SUID' to "0", so that 'su' applet
is found. The whole behaviour is still not correct. Because 'su' from shadow
takes higher priority than that from busybox, so 'su' from busybox should never
be executed on such system unless it's specified clearly by the end user.
The logic of busybox's appletlib.c is totally correct from the point of busybox
itself. It's an integration problem.
To solve the above problem, this patch comment out SU_NAME in /etc/login.defs
so that the final function executed in shadow's su is as below.
execve("/bin/sh", ["-sh", "-c", "env"], [/* 6 vars */])
[YOCTO #5359]
[YOCTO #7137]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When compiling meta-toolchain-qt5 on cortexa8, the compiler throws an
internal compiler error:
...
qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:
In function 'bool loadPO(Translator&, QIODevice&, ConversionData&)':
qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:717:1:
internal compiler error: in add_stores, at var-tracking.c:6000
...
Tracking this down led to https://bugs.linaro.org/show_bug.cgi?id=534
It seems the bug is well know and fixed upstream. So backporting from
trunk seems to be the right solution. This fixes the compiler problem
on cortexa8 and does not seem to be very invasive. The original commit
can be found at:
Adding machine definitions for the epiphany (http://www.adapteva.com/) chip using https://github.com/adapteva/epiphany-binutils-gdb.
For binutils implementation that defines TARGET_ARCH MACHINE "epiphany": 4643 See https://github.com/adapteva/epiphany-binutils-gdb/blob/epiphany-binutils-2.24/bfd/elf32-epiphany.c
For example layer that uses these defines see https://github.com/peteasa/meta-epiphany.git
Signed-off-by: Peter Saunderson <peteasa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Patrick Ohly [Mon, 13 Apr 2015 15:44:38 +0000 (08:44 -0700)]
rootfsdebugfiles.bbclass: quick-and-dirty installation of additional files
The main motivation for this class was the observation that
a) a core-image can hang under qemu when the kernel does not
have enough entropy to generate the ssh host key
b) ssh complains about changing ssh host key files when
rebooting the same machine with different images
For debugging it is okay to reuse an ssh host key generated on the device
before. There may be also similar use cases, so the class is generic enough to
also copy more than one file or directory, with dropbear_rsa_host_key given as
example.
The documentation and naming of the class makes it clear that it
should not be used for production images.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ghostscript application fails to fetch objarch.h file while building for armeb.
The fetch failure is due to absence of this file in the default set of
directories that the OpenEmbedded build system searches (i.e FILESPATH)
for patches and files. This patch adds the required objarch.h file for
armeb in one of the default locations where OpenEmbedded build system searches.
Signed-off-by: Krishnanjanappa, Jagadeesh <jagadeesh.krishnanjanappa@caviumnetworks.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ed Bartosh [Wed, 15 Apr 2015 20:47:10 +0000 (23:47 +0300)]
wic: code cleanup: wildcard imports
Here is what PEP8(Style Guide for Python Code) says about this:
Wildcard imports (from <module> import *) should be avoided, as they
make it unclear which names are present in the namespace, confusing
both readers and many automated tools.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
