This addresses CVE-2020-25125 and provides some other minor
updates and translations.
Updated commits for reference: e234d04c3 Werner Koch Release 2.2.23 aeb8272ca Werner Koch gpg: Fix AEAD preference list overflow 038314665 Werner Koch po: auto update 1a4b0fd79 Yuri Chornoivan po: Update Ukrainian translation 93d10403a Jakub Bogusz po: Update Polish translation a8a8105bc Werner Koch po: Add key-check.c to the list of translatable sources. cad9955ac Petr Pisar po: Update Czech translation. 896c528ba Werner Koch gpg: Fix segv importing certain keys. 0a9665187 NIIBE Yutaka scd: Fix a regression for OpenPGP card. bcae9cd4e Nagy Ferenc László po: Minor update to the Hungarian translation. d2fe2ffd7 Werner Koch sm: Fix a bug in the rfc2253 parser f799b3ddb Werner Koch Post release updates
Signed-off-by: Saul Wold <saul.wold@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jon Mason [Wed, 9 Sep 2020 22:16:51 +0000 (18:16 -0400)]
tune-cortexa57-cortexa53.inc: add CRC and set march
Add CRC to the default tuning of big.LITTLE Cortex-A57-A53. This puts
it inline with all other ARMv8a tunings. Also, reference
PACKAGE_EXTRA_ARCHS_tune-armv8a-crc instead of
PACKAGE_EXTRA_ARCHS_tune-aarch64, which sets the -march to armv8 and
enables the CRC.
Signed-off-by: Jon Mason <jon.mason@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chris Laplante [Wed, 9 Sep 2020 20:51:07 +0000 (16:51 -0400)]
cve-check/cve-update-db-native: use lockfile to fix usage under multiconfig
Previously CVE_CHECK_DB_FILE / CVE_CHECK_DB_DIR was the same across
multiconfigs which led to a race condition wherein multiple
cve-update-db-native:do_populate_cve_db tasks could attempt to write to
the same sqlite database. This led to the following task failure:
Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_populate_cve_db(d)
0003:
File: '/mnt/data/agent/work/74f119cccb44f133/yocto/sources/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 103, function: do_populate_cve_db
0099: if year == date.today().year:
0100: cve_f.write('CVE database update : %s\n\n' % date.today())
0101:
0102: cve_f.close()
*** 0103: conn.commit()
0104: conn.close()
0105:}
0106:
0107:def initialize_db(c):
Exception: sqlite3.OperationalError: disk I/O error
Use a lockfile to ensure multiple tasks don't step over each other.
Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Weston 9.0.0 is released! This release cycle has been pretty quiet,
with just a few new features:
- A new kiosk shell allows to display regular desktop apps in an
always-fullscreen mode
- Improved testing infrastructure: the test harness has been
redesigned, DRM tests are now supported, DRM and OpenGL tests are now
enabled in our CI
- DRM panel orientation property support
As always, a number of bug fixes are included as well.
https://lists.freedesktop.org/archives/wayland-devel/2020-September/041595.html
Add a patch to fix building of tests/weston-test-fixture-compositor.c on musl.
Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GNOME project libxml2 v2.9.10 and earlier have a global Buffer Overflow
vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has
been fixed in commit 8e7c20a1 (20910-GITv2.9.10-103-g8e7c20a1).
recipes-graphics/xorg-xserver: Add patch to fix segfault when probe
Fix segfault on probing a non-PCI platform device on a system with PCI.
...
at ../../xorg-server-1.20.9/os/log.c:1017
at ../../xorg-server-1.20.9/os/osinit.c:156
at ../../xorg-server-1.20.9/os/osinit.c:110
at ../../../../xorg-server-1.20.9/hw/xfree86/common/xf86platformBus.c:292
argv=argv@entry=0xffffca43c7c8) at ../../../../xorg-server-1.20.9/hw/xfree86/common/xf86Init.c:388
at ../../xorg-server-1.20.9/dix/main.c:193
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=<optimized out>)
at ../csu/libc-start.c:314
...
Changelog
- Fix issue with uintset and number of bytes copied.
- Fix issue with overflow in DHCP lease T2 computation.
- Fix issue with side channel leak in l_ecc_scalar_new.
- Fix issue with missing MSG_MORE in l_cipher_set_iv.
- Add support for DHCP v6 client implementation.
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Its possible some patterns may cause problems with the current path
manipulations, make a small tweak to try and avoid potential pathname
overlap issues.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Error Message:
| NOTE: Installed into sysroot: []
| NOTE: Skipping as already exists in sysroot: ['pseudo-native', 'glibc', 'patch-native', 'quilt-native', 'gcc-cross-arm', 'gcc-runtime', 'linux-libc-headers', 'libgcc', 'flex-native', 'xz-native', 'libtool-native', 'automake-native', 'binutils-cross-arm', 'zlib-native', 'mpfr-native', 'texinfo-dummy-native', 'autoconf-native', 'libmpc-native', 'gnu-config-native', 'gmp-native', 'attr-native', 'm4-native', 'gettext-minimal-native']
| DEBUG: Python function extend_recipe_sysroot finished
| DEBUG: Executing shell function do_install
| sed: -e expression #1, char 13: unterminated `s' command
| WARNING: exit code 1 from a shell command.
| ERROR: Execution of '/opt/Projects/poky/build/tmp/work/qemux86_64-poky-linux/systemd-serialgetty/1.0-r5/temp/run.do_install.11228' failed with exit code 1:
| sed: -e expression #1, char 13: unterminated `s' command
| WARNING: exit code 1 from a shell command.
|
To Fix this Issue using the strong (single quote) character in sed command.
It is recommend to use quotes. If we have meta-characters in the command, quotes are necessary.
Signed-off-by: Rahul Kumar <rahulk@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Escaping does not work in my use case. It must be escaped for
python, ssh and shell as well as for different versions of echo.
Let's try it a little less elegant, but hopefully more reliable.
Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit 97b439469a45a089431ca9c31893288c855045f4 added a fallback
mechanism for getting the rootfs timestamp. However, it uses curly
braces around the variable name, which causes bitbake resolve the
variable reference, rather than the shell, so the git timestamp
never gets used. Fix the reference to restore the intent of
making it a fallback for when there is no git timestamp to
retrieve.
Signed-off-by: Matt Madison <matt@madison.systems> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Sat, 5 Sep 2020 14:06:07 +0000 (15:06 +0100)]
runqemu: Add a hook to allow it to renice
We have an issue where qemu is being starved of resources on our autobuilders.
We can't raise its priority without special capacilties, therefore add a hook
which if present can allow this to happen using an executable
"~/runqemu-renice".
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 3 Sep 2020 20:31:53 +0000 (21:31 +0100)]
kea: bump to 1.7.10
This is the latest release in the 1.7.x series so should be a safe
upgrade, and means we can drop a patch as the AC_TRY_RUN has an
optimistic fallback for cross-compiling now.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 3 Sep 2020 20:31:52 +0000 (21:31 +0100)]
kea: don't use PACKAGECONFIG inappropriately
The Kea recipe has PACKAGECONFIG options for boost, openssl, and
log4cplus. However, these are not optional but mandatory dependencies.
Remove the PACKAGECONFIGs and replace with explicit DEPENDS and
EXTRA_OECONF. Also the RDEPENDS in the PACKAGECONFIGs are redundant as
the library dependencies are generated correctly.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 3 Sep 2020 20:31:51 +0000 (21:31 +0100)]
kea: no need to depend on kea-native
kea-msg-compiler is only needed if you alter the messages and the
generated sources need to be rebuilt. When this is the case, there are
better ways to build kea-msg-compiler that don't involve building all of
Kea.
Don't depend on kea-native, remove BBCLASSEXTEND=native, and the target
overrides.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 3 Sep 2020 14:39:25 +0000 (15:39 +0100)]
autoconf: consolidate DEPENDS
Depending on nativesdk- varients in a nativesdk build isn't correct, so
just collapse the DEPENDS down and let bitbake do the right thing (which
is leaving them as -native).
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 3 Sep 2020 12:43:19 +0000 (13:43 +0100)]
insane: only load real files as ELF
The file path checks are passed an ELF object if the file is an ELF. It
doesn't make a lot of sense to load symlinks to ELFs as if they're in
the same package then the real file will be checked too.
This should speed up do_package_qa slightly as libraries won't be
scanned repeatedly.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 3 Sep 2020 10:54:48 +0000 (11:54 +0100)]
debianutils: change SRC_URI to use snapshot.debian.org
The primary Debian archive only contains tarballs which are currently
shipped in a release, so it's easy for a tarball we need to disappear.
Instead, point at snapshot.debian.org to ensure the link remains valid.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: adjusted file list Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Wed, 2 Sep 2020 15:33:22 +0000 (10:33 -0500)]
package.bbclass: hash equivalency and pr service
When the PR service is enabled a number of small changes may happen
to variables. In the do_package step a call to package_get_auto_pr
will end up setting PRAUTO and modifying PKGV (if AUTOINC is there).
PRAUTO is then used by EXTENDPRAUTO, which is then used to generate
PKGR.
Since this behavior typically happens BEFORE the BB_UNIHASH is
calculated for do_package, we need a way to defer the expansion
until after we have the unihash value.
Writing out the pkgdata files w/o AUTOPR and PKGV (AUTOINC) expanded
to placeholder values is the easiest way to deal with this. All other
variables are expanded as expected.
In the next task, typically do_packagedata, we will then use the
UNIHASH from the do_package to get the PR (AUTOPR) as well as
generate the AUTOINC replacement value (now PRSERV_PV_AUTOINC).
The do_packagedata then translates the placeholders to the final values
when copying the data from pkgdata to pkgdata-pdata-input.
Also update the prservice test case. With unihash, just changing the
do_package (via a _append) will not change the PR. So write the date
to a specific file that is incorporated into the unihash to ensure it
is always different for the test. Various assert messages were also
updated to make it easier to figure out where/why a problem occured.
Signed-off-by: Mark Hatle <mark.hatle@kernel.crashing.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Wed, 2 Sep 2020 14:33:03 +0000 (10:33 -0400)]
linux-yocto/5.8: update to v5.8.5
Updating linux-yocto/5.8 to the latest korg -stable release that comprises
the following commits:
9ece50d8a470 Linux 5.8.5 c05dea7c0f3f binfmt_flat: revert "binfmt_flat: don't offset the data start" 44f639d5aeda io_uring: fix missing ->mm on exit 3f4be7a7db9f netlink: fix state reallocation in policy export 1c0be9a99c9c ethtool: Don't omit the netlink reply if no features were changed 507d7ac63fad ethtool: Account for hw_features in netlink interface e53140320193 ethtool: Fix preserving of wanted feature bits in netlink interface da995e0a6dac net: ena: Make missed_tx stat incremental 3942262b7499 tipc: fix uninit skb->data in tipc_nl_compat_dumpit() 828fd2e892b0 tipc: call rcu_read_lock() in tipc_aead_encrypt_done() 22f2be57784e net/smc: Prevent kernel-infoleak in __smc_diag_dump() df805b956877 net: sctp: Fix negotiation of the number of data streams. 4c1fc05e5d6a net/sched: act_ct: Fix skb double-free in tcf_ct_handle_fragments() error flow 351366ffef2c net: qrtr: fix usage of idr in port assignment to socket c4c76ec584a7 net: nexthop: don't allow empty NHA_GROUP a75f8a60c415 net: Fix potential wrong skb->protocol in skb_vlan_untag() 3f13223bb0b1 gre6: Fix reception with IP6_TNL_F_RCV_DSCP_COPY
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
linux-libc-headers: kernel headers are installed in STAGING_KERNEL_BUILDDIR
Since 'fido', kernel headers are installed in STAGING_KERNEL_BUILDDIR,
not STAGING_KERNEL_DIR. So this message in the linux-libc-headers
recipe is slightly misleading.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- libgcrypt is not required anymore because the md5 implementation was
part of this project.
- ninfod patches are upstreamed and other patch is not required anymore.
- Add tftpd in PACKAGECONFIG
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Michael Tretter [Tue, 1 Sep 2020 13:29:00 +0000 (15:29 +0200)]
devtool: deploy-target: Fix size calculation for hard links
If a package contains hard links to a file, the file size is added for
each hard link instead of once for the file. Therefore, the calculated
size may be much larger than the actual package size.
For example, the mesa-megadriver package contains several hard links to
the same library.
Keep track of the inode numbers when listing the files that are
installed and use the actual size only for the first occurrence of an
inode. All further hard links to the same inode are added to the file
list, but accounted with size 0.
All file names need to be added to the file list, because the list is
used for preserving the files/hard links on the target.
Signed-off-by: Michael Tretter <m.tretter@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 2 Sep 2020 10:41:54 +0000 (11:41 +0100)]
elfutils: silence a new QA warning
The fix to the gnu-hash-style check (oe-core 70d932f21) causes elfutils-ptest
to emit a new warning. This binary is explicitly compiled with a curated
minimal set of compiler flags, so to avoid breaking the test simply skip the
ldflags check for elfutils-ptest.
Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Michael Gloff [Sat, 29 Aug 2020 03:09:01 +0000 (22:09 -0500)]
sysvinit rc: Use PSPLASH_FIFO_DIR for progress fifo
psplash expects the fifo to be in /run or specified
by PSPLASH_FIFO_DIR. This patch allows psplash to
quit normally. Also, fix the work around of using
echo directly into the fifo and use psplash-write.
Signed-off-by: Michael Gloff <mgloff@emacinc.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Sun, 30 Aug 2020 03:00:34 +0000 (22:00 -0500)]
oeqa: reproducible: Fix test not producing diffs
Diffoscope changed the --exclude-directory-metadata option to require an
argument.
Add a test to validate that diffoscope is functioning as
expected to ensure that future upgrades do not unintentionally break
the reproducibility tests.
[YOCTO #14025]
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Mon, 31 Aug 2020 21:53:53 +0000 (16:53 -0500)]
oeqa: sdk: Capture stderr output
Redirect stderr to stdout when running subcommands while doing the SDK
tests. The tests will show stdout when CalledProcessError is raised,
but any output to stderr was lost.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
hongxu [Fri, 28 Aug 2020 01:46:10 +0000 (18:46 -0700)]
sysstat: fix installed-vs-shipped QA Issue in systemd
While enabling systemd, there is QA issue:
...
|ERROR: sysstat-12.4.0-r0 do_package: QA Issue: sysstat: Files/directories
were installed but not shipped in any package:
| /lib/systemd/system-sleep
| /lib/systemd/system-sleep/sysstat.sleep
...
https://www.freedesktop.org/software/systemd/man/systemd-sleep.html
says the files should be dropped into /usr/lib/systemd/system-sleep
(that would be /lib/systemd/system-sleep in our configuration). By
moving the files to another directory they'll be packaged but not
loaded by systemd.
Suggested-by Ross Burton <ross@burtonini.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
