include several CVE fixes.
CVE: CVE-2018-5733
CVE: CVE-2018-5732
LIC_CHKSUM_FILE updated to SPFX format
https://kb.isc.org/article/AA-01571
remove several patches now included in update.
Shared libarary support is now enabled in configure+lt, use it
and revert to autotools-brokensep
Refresh patches
Aligns support with bind 9.11.x
Add libxml2 support to configure.ac+lt
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paulo Neves [Mon, 2 Jul 2018 15:03:44 +0000 (17:03 +0200)]
kernel-devicetree: Corrected normalize_dtb
The normalize_dtb function was buggy because
it only converted from .dts suffix to .dtb
suffix if the user passed a full source path to
KERNEL_DEVICETREE containing the /dts/ path.
The problem is that if the user did that there
would be a warning.
On the othet hand if user just set the variable
KERNEL_DEVICETREE="file.dts" the bbclass translation
to the respective .dtb target did not occur and
make would fail saying it has no rule to make target
file.dts
This patch decouples the logic of having /dts/ in the
path from the target translation.
Signed-off-by: Paulo Neves <ptsneves@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Kai Kang [Mon, 2 Jul 2018 01:15:34 +0000 (09:15 +0800)]
webkitgtk: 2.20.2 -> 2.20.3
Upgrade webkitgtk from 2.20.2 to 2.20.3.
* update context of 0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
* remove detect-atomics-during-configure.patch that webkitgtk 2.20.3
contains the commit of better solution, see
https://bugs.webkit.org/show_bug.cgi?id=161900#c9
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alex Kiernan [Wed, 20 Jun 2018 04:23:19 +0000 (04:23 +0000)]
kernel-fitimage: Make DTB key insertion optional
If UBOOT_DTB_BINARY is empty, then don't try inserting the U-Boot
signing keys into the DTB. In this configuration the keys are expected
to be already present in U-Boot's DTB.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
This is a function much like shutil.which or bb.utils.which, retaining
shutil.which-like function semantics, bb.utils.which's support for
returning available candidates for signatures, and most importantly,
supports wildcards, returning only the first occurrance of each found
pathname in the search path.
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Results in gcc-cross-canadian-mips failing to build due to the use
of an incorrect sysroot, fix this. All nativesdk pieces should be in
the same sysroot (unprefixed).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 2 Jul 2018 12:43:50 +0000 (12:43 +0000)]
staging: Improve fixup processing code
With the fixes to other parts of multilib, it was found that the fixup code's
assumptions about the recipe sysroot were incorrect. We need to use the value
calculated earlier in the function.
It turns out there is a rather neat way to do this which cleans up the code
as an added bonus.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 2 Jul 2018 09:05:17 +0000 (09:05 +0000)]
lib/oe/sstatesig: Fix task mappings from multilib<->non-multilib contexts
If we're in a multilib context already and want a non-multilib context
this function returned incorrect values.
Try and retain optimisations for the common case not needing to request
a datastore but allow the different multilib/non-multilib combinations
to work too.
This fixes bugs where rootfs generation of a multilib image would
write into incorrect locations, or be unable to find sstate manifest
files due to incorrect data stores being used to expand data.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 2 Jul 2018 08:59:34 +0000 (08:59 +0000)]
classes/utils: Improve all_multilib_tune_values
Currently there is duplication in the code, we can clean this up
by extending the multilib variants list.
This code also currently fails its its called from an existing multilib
context since its assumes the data store passed in is the non-multilib
case. When building an image, say lib32-core-image-sato, this leads to
incorrect PATH values.
To fix this, we also request a data store for the "" variant allowing
this corner case to be fixed and for the function to correctly return
values for each multilib even when a multilib is already selected.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 29 Jun 2018 16:33:26 +0000 (16:33 +0000)]
staging/image: Fix multilib recipe sysroot issues
Currently if you enable multilib, then build an image, the multilib
recipe sysroot is build in the wrong WORKDIR. If you then clean and
rebuild the image you see "file exists" errors.
This patch ensures the real WORKDIR is used consistently and then
cleans/rebuilds also work correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 2 Jul 2018 09:03:12 +0000 (09:03 +0000)]
lib/oe/utils: Improve get_multilib_datastore
Currently this function assumes that no multilib is applied and that
we're applying a multilib. This means if we're in multilib context
and want the non-multilib context we can't obtain it (and no other
function exists for this either).
Improve the function to allow this to be requested.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joe Slater [Thu, 21 Jun 2018 18:22:17 +0000 (11:22 -0700)]
postinst-intercepts: do not execute any variant of delay_to_first_boot
As of commit 2c5c6e3ff we create multilib variants of intercept
hooks but we did not account for delay_to_first_boot variants.
This was covered up until commit a335e7867, but will now cause
an error.
Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alp Özmert [Fri, 29 Jun 2018 15:41:02 +0000 (17:41 +0200)]
license: Fix and extend recommendations for license packages.
Changed package recommendations so that the license package of a
recipe is recommended for all packages of a recipe instead of for one
package given by the recipe name.
Pre-patch behaviour results in a missing recommendation when a recipe
does not have a package with the same name.
Signed-off-by: Alp Özmert <info@ib-oezmert.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alistair Francis [Fri, 25 May 2018 15:56:36 +0000 (08:56 -0700)]
recipes-kernel/linux: Enable NUMA Kconfig from MACHINE_FEATURES
If the user has set numa in their MACHINE_FEATURES we should enable
NUMA support in the kernel config.
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Acked-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Hongzhi.Song [Fri, 29 Jun 2018 06:16:20 +0000 (02:16 -0400)]
oeqa/runtime: Add testcases for kernel sample
We are going to let runtime test support kernel tests. Now we just add
kernel self-contained sample tests. And we plan to add overall kernel
tests in the future.
This patch is just add kernel samples test which contains about 13 tests
enabled by kernel-sample.scc. So it needs statement,
KERNEL_FEATURES_append += " features/kernel-sample/kernel-sample.scc" in
local.conf.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 29 Jun 2018 08:02:16 +0000 (08:02 +0000)]
xtrans: Fix multilib .pc file conflict
Error: Transaction check error:
file /usr/share/pkgconfig/xtrans.pc from install of lib32-xtrans-dev-1:1.3.5-r0.core2_32 conflicts with file from package xtrans-dev-1:1.3.5-r0.core2_64
[YOCTO #12511]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Arsalan H. Awan [Thu, 28 Jun 2018 14:16:36 +0000 (19:16 +0500)]
initrdscripts/init-live.sh: fix mounts w/ spaces fail to move to real rootfs
When there are spaces in the mount points of devices e.g.:
a partition mounted at "/run/media/My Root Partition-sda1",
the initrd fails to move such mount points over to the
corresponding directories at /media under the real root filesystem,
and the mount points would appear at the same location as they were
mounted on when detected by initrd, for example:
here: "/run/media/My Root Partition-sda1"
instead of here: "/media/My Root Partition-sda1"
This causes issues such as:
* The disks/partitions cannot be formated with any filesystem
using e.g. mkfs.ext4 or mke2fs in general. When tried to do so
by making sure the device is not mounted, it failed with
errors such as:
> /dev/sda1 is apparently in use by the system; will not make a
filesystem here!
> /dev/sda1: Device or resource busy while setting up superblock
* The read/write operations become extremely slow. e.g. Under testing,
it took approx. 2 hours just to copy 700 MB of data to the partition,
and it took more than 40 minutes to delete that data from it.
Same operations took under 5 minutes on a partition that had no
spaces in its mount point (or that was successfully moved to real
root by initrd and appeared under /media instead of /run/media).
This commit fixes such issues by quoting the arguments of failing mount
move commands and by parsing OCT or HEX encoded special characters
such as spaces to ASCII charecters in the mount points as kernel
populates the procfs like so.
Signed-off-by: Arsalan H. Awan <Arsalan_Awan@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Watt [Thu, 28 Jun 2018 17:53:41 +0000 (12:53 -0500)]
bitbake-bblayers/create: Fix layer name generation
The path to where the layer was being created was taken verbatim as the
name of the layer when generating the layer.conf and README files from
templates. This causes problems in the layer.conf file because it would
result in strangely named variables like
BBFILE_PATTERN_../my-layer = "..."
Instead of blindly taking the path, use the name of the last component
of the path as the layer name.
Additionally, rework the template files to use python format strings
with named parameters so that the same argument doesn't have to be
repeated multiple times.
[YOCTO #12808]
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 28 Jun 2018 17:47:45 +0000 (18:47 +0100)]
libsdl2: fix build race
There's an occasional build race from headers being generated in parallel with
other files which include the headers being compiled. Solve this by adding more
dependencies.
[ YOCTO #12815 ]
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
wic: isoimage-isohybrid: debloat image of redundant rootfs
There's no reason to have that rootfs.img filesystem in the image:
it's not used for anything because both the EFI and legacy boot paths
use the /initrd which contains the same contents as the rootfs.img,
only compressed. It was probably forgotten in there :)
My iso went down from 224 to 94 mb.
Tested using UEFI/legacy boots on CD-roms, usb dongle and qemu VM's.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It's really good that OE supports multiple EFI_PROVIDERs and that
commit 9a1709278de87 ("wic: isoimage-isohybrid: use grub-efi from
deploy dir") makes re-use of the grub-efi built image, but we should
still respect the standard otherwise the ISO will not boot, so install
grub images as boot[x64|ia32].efi not ${PN}-boot[x64|ia32].efi.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Daniel Díaz [Thu, 28 Jun 2018 13:56:28 +0000 (08:56 -0500)]
kmscube: Update to master from 2018-06-17
Changes from 0d8de4ce: c2d4ba8 drm-legacy: fix poll for flip event, actually exit on user input 56c3917 formats: use weston's egl config matching logic, centralize format aac3788 Rework default modifier handling 4f7cec0 Use weak functions to handle lack of gbm modifiers 98f31bf cube-tex: make use of modifiers 063ce5c gbm: fix fallback for drivers that don't support modifiers 9dcce71 add MSAA
Also refresh gbm_bo_map/_unmap patch.
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 28 Jun 2018 11:25:12 +0000 (12:25 +0100)]
bitbake.conf: Allow BBINCLUDED to be unset
For some reason the layer index is expanding HOSTTOOLS before BBINCLUDED is
set so recent changes break it. This adds in a simple workaround to stop it b
reaking allowing the index to function correctly again.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andre McCurdy [Tue, 26 Jun 2018 19:48:11 +0000 (12:48 -0700)]
bitbake.conf: handle cmake -dev files packaging with default rules
Move packaging rules for cmake -dev files from cmake.bbclass into
bitbake.conf to handle recipes (e.g. harfbuzz 1.8.1) which build with
autotools but also install cmake -dev files.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Samuli Piippo [Tue, 26 Jun 2018 07:59:51 +0000 (10:59 +0300)]
glib: remove unnecessary dependency to DISTRO_FEATURES
Since DISTRO_FEATURES was expanded in the comments, it created
task dependency to the full content of DISTRO_FEATURES, instead
of just the x11 used below. This prevented reuse of sstate-cache
when unrelated feature flags were changed.
Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andre McCurdy [Fri, 18 May 2018 22:50:40 +0000 (15:50 -0700)]
arch-armv7a.inc: default to Thumb2 instruction set for armv7a and above
Although there may still be specific cases which can benefit from the
ARM instruction set, the Thumb2 instruction set is generally a better
default for armv7a class CPUs. Distros such as Debian and Fedora have
been targeting Thumb2 by default for some time.
Note that setting ARM_INSTRUCTION_SET has no effect unless
TUNE_FEATURES contains "thumb" (which is controlled by the "t" suffix
in DEFAULTTUNE, e.g. armv7vehf-neon -vs- armv7vethf-neon, etc) so out
of tree machine configs may need to update their DEFAULTTUNE to take
advantage of this change.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Olof Johansson [Mon, 25 Jun 2018 11:34:46 +0000 (13:34 +0200)]
insane.bbclass: Don't let warnings make previous errors non-fatal
package_qa_handle_error() returns True on non-fatal issues and False on
fatal issues. But the current usage has been to do
sane = package_qa_handle_error(...)
which would always reset sanity status to be that of the last issue
identified. This change the assignments to use the &= operator instead:
sane &= package_qa_handle_error(...)
As far as I can tell, this is not a real problem in practice, because
warnings of different levels (WARN_QA, ERROR_QA) does not seem to have
been mixed in a way that triggered this issue.
Signed-off-by: Olof Johansson <olofjn@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Olof Johansson [Mon, 25 Jun 2018 11:34:45 +0000 (13:34 +0200)]
insane.bbclass: Make missing license file fatal
If a license file referenced from LIC_FILES_CHKSUM doesn't exist,
insane.bbclass would output an error message, but would continue the
build. This change makes this error fatal (as I suspect has been the
intention).
Signed-off-by: Olof Johansson <olofjn@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alex Kiernan [Tue, 26 Jun 2018 12:08:56 +0000 (12:08 +0000)]
kernel: Set SOURCE_DATE_EPOCH to kernel git timestamp if not set
If SOURCE_DATE_EPOCH is unset (in addition to the existing "0" behaviour)
parse out the top most commit timestamp from the kernel tree to use as the
timestamp.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Alex Kiernan [Tue, 26 Jun 2018 12:08:55 +0000 (12:08 +0000)]
image: Set COREBASE as the git directory for timestamp
When REPRODUCIBLE_TIMESTAMP_ROOTFS is unset and we want to parse one
from git, use COREBASE as the base for the git command so we have a
known repository which we're using. Without this the build may fail
if the current directory is not part of a git repository.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andre McCurdy [Tue, 26 Jun 2018 20:24:55 +0000 (13:24 -0700)]
db: drop legacy ARM specific SWP based mutex optimisation
Although the ARM SWP instruction may exist for ARMv6 and above, it's
not guaranteed to work, especially on SMP systems where it's use may
lead to instability at runtime, etc:
Keeping the optimisation for architecture levels which pre-date SMP
(ie <= ARMv5) may be safe, however other distros (Buildroot, Debian,
Fedora, etc) are not doing so and mutex contention is likely to be
less of an issue on uniprocessor systems anyway, so the benefits of
this micro optimisations are not clear. Since OE uses ARMv5 qemu as
a proxy for testing all 32bit ARM architecture levels, it's desirable
to keep the ARMv5 builds aligned with later ARM architecture levels
wherever possible.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Damien Riegel [Fri, 22 Jun 2018 18:43:02 +0000 (14:43 -0400)]
systemd: escape paths passed to shell
Systemd mount configuration file must have a name that match the mount
point directory they control. So for instance, if a mount file contains
[Mount]
...
Where=/mnt/my-data
The file must be named `mnt-my\x2ddata.mount`, or systemd will refuse to
honour it.
If this config file contains an [Install] section, it will silently fail
because the unit file is not escaped properly when systemctl is called.
To fix that, make sure paths are escaped through `shlex.quote`.
Signed-off-by: Damien Riegel <damien.riegel@savoirfairelinux.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Entropy is needed earlier in the boot process in some cases, for example
connman can require it, and rgd doesn't require much, so move it earlier
in the boot process, 03 for sysvinit, and before sysinit for systemd.
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Thu, 21 Jun 2018 16:15:28 +0000 (17:15 +0100)]
oeqa: add Git mirror test
Add an automated test to exercise that fetching a git: recipe...
1) works over git without mirrors
2) fails without git connectivity or mirrors
3) works without git connectivity but with a mirror
(2) is done by setting GIT_PROXY_COMMAND to 'false' which should break any git
network operations.
[ YOCTO #12805 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Chen Qi [Thu, 21 Jun 2018 06:00:23 +0000 (14:00 +0800)]
avahi: fix error at boot time for avahi-daemon.service
The following error messages appear now and then at boot time.
avahi-daemon/chroot.c: open() failed: No such file or directory
Failed to open /etc/resolv.conf: Invalid argument
The problem is about /etc/resolv.conf. In Yocto's systemd based
systems, it's a symlink to /etc/resolv-conf.systemd which in turn
is a symlink to /run/systemd/resolve/resolv.conf. The systemd-resolved
service handles creation of /run/systemd/resolve/resolv.conf file.
So if avahi-daemon is started before systemd-resolved, the error messages
appear.
Fix this problem by making avahi-daemon start after systemd-resolved.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
# Access to certain kernel and userspace facilities
g kmem - - -
-g lock - - -
g tty @TTY_GID@ - -
g utmp - - -
[...]
The upstream documentation doc/UIDS-GIDS.md says that basic.conf.in is "the
precise list of the currently defined groups":
## Special `systemd` GIDs
`systemd` defines no special UIDs beyond what Linux already defines (see
above). However, it does define some special group/GID assignments, which are
primarily used for `systemd-udevd`'s device management. The precise list of the
currently defined groups is found in this `sysusers.d` snippet:
[basic.conf](https://raw.githubusercontent.com/systemd/systemd/master/sysusers.d/basic.conf.in)
It's strongly recommended that downstream distributions include these groups in
their default group databases.
Removing the creation of the group also avoids the need to define a GID
for it when using static ids.
Signed-off-by: Hannu Lounento <hannu.lounento@vaisala.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Fri, 15 Jun 2018 14:43:07 +0000 (15:43 +0100)]
minicom: change SRC_URI to use Debian mirrors
Alioth is dead and the minicom project on Salsa (the replacement for Alioth)
doesn't actually have any files in, so just use the Debian mirror instead.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Fri, 15 Jun 2018 13:29:31 +0000 (14:29 +0100)]
shadow: update SRC_URI now Alioth is down
Alioth is dead so we can't use it for SRC_URI anymore. There is a shadow
repository on GitHub which is the new upstream, but for some reason it is
missing the 4.2.1 tag and tarball that we use. Also 4.2.1 was never uploaded
into Debian itself, so we can't use their mirror network either.
For now point SRC_URI at the Yocto Project source mirror and set
UPSTREAM_CHECK_URI so that we get nagged to upgrade to 4.6.
Signed-off-by: Ross Burton <ross.burton@intel.com>
