Needed to quiet GNU_HASH warnings, and some minor fixes.
...
it explicitly move logrotate to /usr/bin without any reason,
which is against the original Linux location /usr/sbin.
So partly revert the above commit which let logrotate be
kept in the original place /usr/sbin.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Mark Hatle [Fri, 30 Oct 2015 14:48:27 +0000 (09:48 -0500)]
glibc: Fix ld.so / prelink interface for ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA
A bug in glibc 2.22's ld.so interface for the prelink support causes
the displayed values to be incorrect. The included path fixes this
issue.
Clear ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA for prelink
prelink runs ld.so with the environment variable LD_TRACE_PRELINKING
set to dump the relocation type class from _dl_debug_bindings. prelink
has the following relocation type classes:
where ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA has a conflict with
RTYPE_CLASS_TLS.
Since prelink doesn't use ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA, we
should clear the ELF_RTYPE_CLASS_EXTERN_PROTECTED_DATA bit when the
DL_DEBUG_PRELINK bit is set.
Mark Hatle [Mon, 2 Nov 2015 14:52:28 +0000 (08:52 -0600)]
gcc: Update default Power GCC settings to use secure-plt
The gcc default, bss-plt, will cause errors when using the prelinker. All
other distributions that I am aware of are using the the secure-plt. For an
explanation of the differences, the gcc docs:
Current PowerPC GCC accepts a `-msecure-plt' option that generates code
capable of using a newer PLT and GOT layout that has the security
advantage of no executable section ever needing to be writable and no
writable section ever being executable. PowerPC ld will generate this
layout, including stubs to access the PLT, if all input files (including
startup and static libraries) were compiled with `-msecure-plt'.
`--bss-plt' forces the old BSS PLT (and GOT layout) which can give
slightly better performance.
The security of the new PLT and ability to run the prelinker outweigh
any performance penalty.
The secure-plt is enabled by default. The old bss-plt can be enabled by
selecting 'bssplt' in the DISTRO_FEATURES.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
OpenJDK-8 has it's configure script at common/autotools - which will cause
the entire assumption of ${S}/configure is regenerated by autoreconf, intltoolize or alike
fails heavily.
Also - other configure mechanisms can be supported more similar (see how pkgsrc
manages different ones ...)
Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
On Ubuntu-system, When sourcing the env.sh from an exported sdk, and
running a bogus linux command (for example "asd"), a core dump of
python is usually generated.
Paul Eggleton [Sun, 22 Nov 2015 21:07:57 +0000 (10:07 +1300)]
devtool: upgrade: fetch remote repository before checking out new revision
If we're upgrading a recipe that fetches from git, and we've simply
fetched a tarball of the repo instead of directly from the upstream repo
(this can happen if you have PREMIRRORS set up as in poky with a core recipe,
e.g. kernelshark) then we won't have any new revisions, and the checkout
will fail with "fatal: reference is not a tree: <hash>". To avoid this,
do a "git fetch" before checking out the new revision.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Sun, 22 Nov 2015 21:06:50 +0000 (10:06 +1300)]
devtool: upgrade: remove erroneous error when not renaming recipe
If we're upgrading a git recipe the recipe file usually won't need
renaming; for some unknown reason we were throwing an error here which
isn't correct.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Sun, 22 Nov 2015 21:14:44 +0000 (10:14 +1300)]
devtool: upgrade: fix updating PV and SRCREV
This code was clearly never tested. Fix the following issues:
* Actually set SRCREV if it's been specified
* Enable history tracking and reparse so that we handle if variables are
set in an inc file next to the recipe
* Use a more accurate check for PV being in the recipe which will work
if it's in an inc file next to the recipe
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Sun, 22 Nov 2015 20:39:39 +0000 (09:39 +1300)]
devtool: upgrade: fix removing other recipes from workspace on reset
If you did a "devtool add" followed by "devtool upgrade" and then did
a "devtool reset" on the recipe you upgraded, the first recipe would
also be deleted from the workspace - this was because we were
erroneously adding the entire "recipes" subdirectory and its contents to
be tracked for removal on reset. Remove the unnecessary call to
os.path.dirname() that caused this.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Tzu-Jung Lee <roylee17@currantlabs.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Fri, 4 Dec 2015 02:42:50 +0000 (15:42 +1300)]
toolchain-shar-extract.sh: proper fix for additional env setup scripts
buildtools-tarball uses a custom env setup script, which isn't named the
same as the default; thus unfortunately OE-Core revision a36469c97c9cb335de1e95dea5141038f337df95 broke installation of
buildtools-tarball. Revert that and implement a more robust mechanism.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
toolchain-shar-relocate: don't assume last state of env_setup_script is good
In the case where many environment-setup-* files exist, the incorrect
filename might be lastly set in env_setup_script, which leads to
incorrect behaviour for the initialization of native_sysroot.
The scenario I had was that our custom meta-toolchain-*.bb, which
inherits populate_sdk, defined another environment-setup-* file to dump
variable information for qt-creator. The file is named like so in order
for the sdk shell script to pick it up and fix the SDK paths in the
file. Since it (coincidentally) alphabetically comes after ...-core2, it
was last set in env_setup_script and the grep OECORE_NATIVE_SYSROOT
would simply be blank. The apparent symptom was "...relocate_sdk.py:
Argument list too long" since the find command would not be searching in
the right path.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Wed, 18 Nov 2015 20:59:36 +0000 (09:59 +1300)]
classes/populate_sdk_ext: fail if SDK_ARCH != BUILD_ARCH
The extensible SDK relies upon uninative, and with the way that
uninative works, the build system architecture must be the same as the
SDK architecture or the extensible SDK won't be usable. At some point in
future hopefully we can remove this limitation, but until then it's
disingenuous to allow this to build, so add a check to ensure
SDK_ARCH == BUILD_ARCH and fail if it isn't.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Thu, 12 Nov 2015 15:24:29 +0000 (15:24 +0000)]
classes/populate_sdk_ext: tweak reporting of workspace exclusion
If you have a local workspace layer enabled when building the
extensible SDK, we explicitly exclude that from the SDK (mostly because
the SDK has its own for the user to use). Adjust the message we print
notifying the user of this so it's clear that we're excluding it from
the SDK, and scale it back from a warning to a note printed with
bb.plain().
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Thu, 12 Nov 2015 15:00:47 +0000 (15:00 +0000)]
classes/populate_sdk_ext: tidy up preparation log file writing
Use a variable for the log file which includes the full path; this is
not only neater but avoids us writing the first part (the output of
oe-init-build-env) to a file in another directory since we are
changing directory as part of this subshell.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes the following warning sometimes appearing during image builds:
WARNING: The license listed ABC was not in the licenses collected for recipe xyz
The files being looked for here, which runs during do_rootfs,
are written out by the do_populate_lic task for each recipe. However,
there was no explicit dependency between do_rootfs and all of the
do_populate_lic tasks to ensure they had run - only an implicit link via
do_build, so it is possible that sometimes they had not depending on how
the tasks were scheduled. Add an explicit set of dependencies to fix
this.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Mon, 9 Nov 2015 14:40:08 +0000 (14:40 +0000)]
classes/metadata_scm: fix git errors showing up on non-git repositories
Fixes the following error showing up for layers that aren't a git repo
(or aren't parented by one):
fatal: Not a git repository (or any of the parent directories): .git
This was because we weren't intercepting stderr. We might as well just
use bb.process.run() here which does that and returns stdout and stderr
separately.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Fri, 6 Nov 2015 09:34:05 +0000 (09:34 +0000)]
classes/distrodata: split SRC_URI properly before determining type
We weren't splitting SRC_URI values containing multiple URIs here; this
didn't cause any errors except when a trailing ; was left on a URI, in
which case the next URI was considered part of the parameter, which
didn't contain a = and therefore was considered invalid.
We only care about the first URI in SRC_URI in this context (since
that's the upstream URI by convention) so split it as we should and take
the first item.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Ross Burton [Wed, 11 Nov 2015 14:50:27 +0000 (14:50 +0000)]
openssl: sanity check that the bignum module is present
The crypto_use_bigint_in_x86-64_perl patch uses the "bigint" module to
transparently support 64-bit integers on 32-bit hosts. Whilst bigint (part of
bignum) is a core Perl module not all distributions install it (notable Fedora
23).
As the error message when bignum isn't installed is obscure, add a task to check
that it is available and alert the user if it isn't.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Martin Jansa [Fri, 4 Dec 2015 18:44:23 +0000 (19:44 +0100)]
texinfo: don't create dependency on INHERIT variable
* we don't want the do_package signature depending on INHERIT variable
* e.g. just adding the own-mirrors causes texinfo to rebuild:
# bitbake-diffsigs BUILD/sstate-diff/*/*/texinfo/*do_package.sig*
basehash changed from 015df2fd8e396cc1e15622dbac843301 to 9f1d06c4f238c70a99ccb6d8da348b6a
Variable INHERIT value changed from
' rm_work blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity'
to
' rm_work own-mirrors blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity'
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Martin Jansa [Wed, 25 Nov 2015 09:07:26 +0000 (10:07 +0100)]
package_manager.py: define info_dir and status_file when OPKGLIBDIR isn't the default
* without this the do_rootfs task doesn't respect OPKGLIBDIR and
info, status are created in different directory than opkg on
target expects
* people who modify OPKGLIBDIR need to make sure that opkg.conf included
in opkg package also sets info_dir and status_file options
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Ross Burton [Wed, 11 Nov 2015 13:40:13 +0000 (13:40 +0000)]
libsdl2: require GLES when building Wayland support
The Wayland support requires GLES2 to be enabled as otherwise the EGL support
code in SDL2 isn't enabled.
| In file included from .../SDL2-2.0.3/src/video/wayland/SDL_waylandvideo.c:34:0:
| .../SDL2-2.0.3/src/video/wayland/SDL_waylandvideo.c: In function 'Wayland_CreateDevice':
| .../SDL2-2.0.3/src/video/wayland/SDL_waylandopengles.h:38:38: error: 'SDL_EGL_GetSwapInterval' undeclared (first use in this function)
| #define Wayland_GLES_GetSwapInterval SDL_EGL_GetSwapInterval
Solve this by adding gles2 to the Wayland PACKAGECONFIG option.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Martin Jansa [Thu, 12 Nov 2015 19:44:51 +0000 (20:44 +0100)]
gst-plugins-bad: add PACKAGECONFIGs for voamrwbenc, voaacenc, resindvd
* allows to easily enable them and fixes:
WARNING: QA Issue: gstreamer1.0-plugins-bad: Files/directories were installed but not shipped in any package:
/usr/share/gstreamer-1.0
/usr/share/gstreamer-1.0/presets
/usr/share/gstreamer-1.0/presets/GstVoAmrwbEnc.prs
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
gstreamer1.0-plugins-bad: 3 installed and not shipped files. [installed-vs-shipped]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Martin Jansa [Thu, 12 Nov 2015 12:07:28 +0000 (13:07 +0100)]
gstreamer1.0-plugins-good: fix PACKAGECONFIG for gudev and add one for v4l2 and libv4l2
* WARN: gstreamer1.0-plugins-good: gstreamer1.0-plugins-good-video4linux2 rdepends on libcap, but it isn't a build dependency?
WARN: gstreamer1.0-plugins-good: gstreamer1.0-plugins-good-video4linux2 rdepends on libgudev, but it isn't a build dependency?
WARN: gstreamer1.0-plugins-good: gstreamer1.0-plugins-good-video4linux2 rdepends on libudev, but it isn't a build dependency?
WARN: gstreamer1.0-plugins-good: gstreamer1.0-plugins-good-video4linux2 rdepends on zlib, but it isn't a build dependency?
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Martin Jansa [Thu, 12 Nov 2015 11:49:37 +0000 (12:49 +0100)]
gstreamer1.0-plugins-bad: fix dependencies for uvch264 PACKAGECONFIG
* ERROR: gstreamer1.0-plugins-bad: gstreamer1.0-plugins-bad-uvch264 package isn't created when building with minimal dependencies?
* ERROR: gstreamer1.0-plugins-bad: gstreamer1.0-plugins-bad-uvch264-dev package isn't created when building with minimal dependencies?
* it's because it should depend on libgudev not udev:
configure: *** for plug-ins: uvch264 ***
checking linux/uvcvideo.h usability... yes
checking linux/uvcvideo.h presence... yes
checking for linux/uvcvideo.h... yes
checking for GST_VIDEO... yes
checking for G_UDEV... no
checking for LIBUSB... yes
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
rpcbind: Fix memory corruption in PMAP_CALLIT code
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in
rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of
service (daemon crash) via crafted packets, involving a PMAP_CALLIT
code.
The patch comes from
<http://www.openwall.com/lists/oss-security/2015/09/18/7>, and it hasn't
been in rpcbind upstream yet.
Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Wenzong Fan [Tue, 17 Nov 2015 05:38:42 +0000 (00:38 -0500)]
subversion: fix CVE-2015-3187
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Wenzong Fan [Tue, 17 Nov 2015 05:38:41 +0000 (00:38 -0500)]
subversion: fix CVE-2015-3184
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Bhuvanchandra DV [Thu, 26 Nov 2015 09:12:35 +0000 (14:42 +0530)]
linux-firmware: rtl8192cx: Add latest available firmware
Add latest available firmware binaries for RTL8192CX chipsets.
These new firmwares have been released in 2012, have been used
by the mainline kernel as preferred firmware since 3.13 and
even backported to stable branches.
Signed-off-by: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Ng, Mei Yeen [Thu, 26 Nov 2015 03:30:49 +0000 (11:30 +0800)]
init-install-efi: fix script for gummiboot loader
After running gummiboot loader install option, the installed target
storage device boot parameter for root=PARTUUID is empty causing boot failure.
This issue is only observed with gummiboot and not with GRUB loader.
This fix assign the rootuuid of the rootfs partition for gummiboot loader.
[YOCTO #8709] Signed-off-by: Ng, Mei Yeen <mei.yeen.ng@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Ng, Mei Yeen [Thu, 26 Nov 2015 03:30:50 +0000 (11:30 +0800)]
init-install-efi: fix script for eMMC installation
Running the install option from bootloader to install image to eMMC will fail
with error:
Formatting /dev/mmcblk01 to vfat...
mkfs.fat 3.0.28 (2015-05-16)
/dev/mmcblk01: No such file or directory
This issue impacts both grub and gummiboot install option to eMMC device.
The installation failure is due to the following:
[1] Unable to partition eMMC as the partition prefix 'p' is not appended
The condition checking failed with the additional /dev/ appended with
the target device name.
[2] The partition uuid for boot, root and swap partition is not captured
for eMMC
This fix updated the condition checking and changed the variables to
reference the boot, root and swap partitions for UUID.
Signed-off-by: Ng, Mei Yeen <mei.yeen.ng@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Jussi Kukkonen [Tue, 24 Nov 2015 13:44:46 +0000 (15:44 +0200)]
pulseaudio: Fix HDMI profile selection
On systems with two cards, the correct output profile does not get
selected automatically even in the simple case where there is one
available profile. This scenario is typical at least with HDMI audio
(which is on a separate card).
Fixes [YOCTO #8448]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Mike Crowe [Thu, 29 Oct 2015 12:28:21 +0000 (12:28 +0000)]
allarch: Force TARGET_*FLAGS variable values
TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may
differ between MACHINEs. Since they are exported they affect task hashes
even if unused which leads to multiple variants of allarch packages
existing in sstate and bouncing in the sysroot when switching between
MACHINEs.
allarch packages shouldn't be using these variables anyway, so let's
ensure they have a fixed value in order to avoid this problem.
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Armin Kuster [Thu, 29 Oct 2015 23:22:41 +0000 (16:22 -0700)]
libxslt: CVE-2015-7995
This is a is being give a High rating so please consider it for
all 1.1.28 versions.
A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Tudor Florea [Thu, 29 Oct 2015 00:14:18 +0000 (01:14 +0100)]
unzip: CVE-2015-7696, CVE-2015-7697
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping
Jens Rehsack [Thu, 8 Oct 2015 14:22:41 +0000 (16:22 +0200)]
perl: Correct path for vendorlib, vendorarch, sitelib and sitearch
This patch corrects the path specifications when building perl
for vendorlib, vendorarch, sitelib and sitearch to allow newer
dual-life module being installed on host to satisfy configure
and build requirements of some CPAN distributions.
Additionally, fix search path order in perl wrappers.
Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
Jens Rehsack [Thu, 8 Oct 2015 14:21:21 +0000 (16:21 +0200)]
perl: fix Perl5 module builds
This patch fixes some issues in classes providing cpan module build support:
* add support even for xs modules with more than 3 levels as
B::Hooks::End::Of::Scope or Math::Random::ISAAC::XS
* correct handling of Module::Build (as far as stolen from pkgsrc
and my humble knowledge)
* configure to install to vendor_libs as default, even when
inherited do_install remains unused (overwritten do_install)
Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
So, update the location of unfsd binary from "/usr/sbin" to "/usr/bin" in
runqemu-export-rootfs. Also update unfs3-native to install unfsd under
"bin" directory so the binary is always in the same location.
[YOCTO #8315]
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Tue, 27 Oct 2015 17:52:47 +0000 (17:52 +0000)]
gtk-icon-cache: pass the native libdir to the intercept
The intercept runs against the native sysroot so we need to pass it
the native libdir instead of the target libdir, as otherwise it will
use target paths (such as lib64) in the native sysroot.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Jussi Kukkonen [Tue, 27 Oct 2015 13:16:40 +0000 (15:16 +0200)]
connman: Move wired-setup to ${datadir}
wired-setup script should not be in ${libdir} as it's not arch
dependent.
This also fixes (or works around) a practical issue where a multilib
build installs the wrong version of connman-conf and then connman
can't find the script.
[YOCTO #8550]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
useradd-staticids.bbclass: Do not require trailing colons
Before, the users and groups specified in the passwd file and the
groups file had to have trailing colons to make sure there were enough
elements in the definitions, or bitbake would throw a Python
exception. After this change one can omit the trailing colons, which
especially simplifies passwd files used only to specify static UIDs.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Paul Eggleton [Mon, 26 Oct 2015 13:28:26 +0000 (13:28 +0000)]
oeqa/utils/decorators: fix missing keyword arguments on decorators
We need to handle keyword arguments here or sending a keyword argument
to a decorated function that accepts keyword arguments will trigger an
error. (This showed up when testcase decorators were added to the
recipetool.RecipetoolTests.test_recipetool_appendsrcfiles_basic_subdir
test).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 20 Oct 2015 19:17:58 +0000 (20:17 +0100)]
intercepts/update_icon_cache: use STAGING_DIR_NATIVE from environment
Instead of expecting that the calling postinst has exported
STAGING_LIBDIR_NATIVE (which will get set to the sysroot at package build time
and may not be correct if sstate is used), use the new STAGING_DIR_NATIVE that
is exported by rootfs.py.
[ YOCTO #8547 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Tue, 20 Oct 2015 19:14:12 +0000 (20:14 +0100)]
lib/oe/rootfs: tell intercepts where the native sysroot is
Some intercepts may want to access files in the native sysroot that are not on
$PATH (such as something in $libexecdir) but any use of STAGING_DIR_NATIVE in
the postinst that calls the intercept will be "baked" into the package, so if
sstate is reused it will use paths that may not exist.
Solve this by exporting the location of the native sysroot in the environment so
the postinst and intercept can use an environment variable instead of a bitbake
variable.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Fri, 16 Oct 2015 22:02:26 +0000 (23:02 +0100)]
file: don't replace host file when built natively
To avoid races over the file binaries being replaced mid-build we made
file-native an assume-provided binary and check for it at startup, but target
file still needs a native file binary of the same version to compile the magic
data.
The least invasive way of doing this is to build a native file don't put it on
PATH, and tell the target build where to find the native binary. We do however
want the native libmagic to be installed normally (as for example rpm and
subversion need it) so we can't use NATIVE_PACKAGE_PATH_SUFFIX as that change
libdir.
[ YOCTO #8144 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Fri, 16 Oct 2015 21:49:26 +0000 (22:49 +0100)]
bitbake: add file-native to ASSUME_PROVIDED
Various key parts of the core classes (for example, do_package and
do_populate_sysroot) currently require file. As it's not possible to build a
file-native without invoking do_populate_sysroot mark file-native as
ASSUME_PROVIDED and expect to use the host's binary.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Richard Purdie [Fri, 23 Oct 2015 03:30:36 +0000 (20:30 -0700)]
populate_sdk_base: Ensure PKGDATA_DIR exists
The code assumes that PKG_DATADIR exists and will fail if an image has not been
generated which creates it. This occurs when something like buildtools-tarball
is built which doesn't have target packages, only nativesdk ones.
Since this shouldn't be fatal, workaround this by creating the missing
directory.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jeremy Puhlman [Fri, 23 Oct 2015 17:18:07 +0000 (10:18 -0700)]
Perl: Use CC version not $Config(gccversion)
Get version data from querying $CC rather then
$Config(gccversion) which comes from running version of
perl. Since perl-native is not likely compiled by gcc
5 at this point, it will never trigger the required
fixes for gcc 5.
[YOCTO #8367]
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Randy Witt [Fri, 23 Oct 2015 02:53:56 +0000 (19:53 -0700)]
wic/utils/oe/misc.py: Preserve PATH when running native tools
Previously exec_native_cmd() would remove all items from PATH except for
the native sysroot. This can cause issues for the tools that are created
using create_wrapper().
Now instead of wiping out the PATH, run a sanity check to check if the
command is in the native sysroot.
Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Randy Witt [Fri, 23 Oct 2015 02:46:11 +0000 (19:46 -0700)]
mtools_4.0.18.bb: Use create_wrapper() for mcopy
mcopy uses the IBM850 codepage from gconv. The default install location
for gconv will not match the actual install location since it can be
pulled from sstate. This patch overrides the default location when
running by adding GCONV_PATH to the environment for mcopy.
[YOCTO #7629]
Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Robert Yang [Fri, 23 Oct 2015 11:22:04 +0000 (04:22 -0700)]
e2fsprogs: backport a patch to fix filetype for hardlink
Backport a patch to fix hardlinks filetype:
IMAGE_INSTALL_append = " e2fsprogs"
$ ./tmp/sysroots/x86_64-linux/sbin/fsck.ext4 tmp/deploy/images/qemux86/core-image-minimal-qemux86.ext4 -f
Pass 1: Checking inodes, blocks, and sizes
Pass 2: Checking directory structure
Setting filetype for entry 'fsck.ext2' in /sbin (80) to 1.
Setting filetype for entry 'mkfs.ext4' in /sbin (80) to 1.
Setting filetype for entry 'fsck.ext4' in /sbin (80) to 1.
Setting filetype for entry 'mkfs.ext4dev' in /sbin (80) to 1.
Setting filetype for entry 'fsck.ext3' in /sbin (80) to 1.
Setting filetype for entry 'mkfs.ext2' in /sbin (80) to 1.
Setting filetype for entry 'mkfs.ext3' in /sbin (80) to 1.
Setting filetype for entry 'e2fsck' in /sbin (80) to 1.
Pass 3: Checking directory connectivity
Pass 4: Checking reference counts
Pass 5: Checking group summary information
test.img: ***** FILE SYSTEM WAS MODIFIED *****
test.img: 799/65536 files (0.1% non-contiguous), 14652/262144 blocks
Now when run it again, we may get:
[snip]
Pass 3A: Optimizing directories
[snip]
test.img: ***** FILE SYSTEM WAS MODIFIED *****
test.img: 799/65536 files (0.1% non-contiguous), 14652/262144 blocks
This is fine since it is optimizing, from "man e2fsck":
e2fsck may sometimes optimize a few directories --- for example, if
directory indexing is enabled and a directory is not indexed and would
benefit from being indexed, or if the index structures are corrupted
and need to be rebuilt.
[YOCTO #8544]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Mariano Lopez [Thu, 22 Oct 2015 13:39:20 +0000 (13:39 +0000)]
runqemu-ifup: Check if the tap interface is set up correctly
The process to set up a tap interface is as follows:
- tap interface is created
- An IP address is assigned to the tap interface
- The interface is bring up
- A route is added to the target using the tap
interface
Of all the previous steps, only the first one is
check if it was sucessful. The status of the others
are ignored and all of them are required to have
basic connectivity in the target.
This patch adds the checks for the rest of the stpes
needed to set up the tap interface.
[YOCTO #8550]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
