Maxin B. John [Mon, 11 Sep 2017 11:37:41 +0000 (14:37 +0300)]
hostap-utils: use w1.fi for SRC_URI
epitest.fi is down and hostap-utils source is now available in
w1.fi. So, move SRC_URI to https://w1.fi
Since hostap-utils is only meant for old Intersil Prism2/2.5/3 wifi cards,
this recipe will be removed from oe-core in future (most likely to
meta-handheld)
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ross Burton [Mon, 24 Jul 2017 20:34:49 +0000 (21:34 +0100)]
libpng: use SourceForge mirror
The Gentoo mirror also deletes old versions when they're not used, so revert
back to the canonical SourceForge site, adding /older-releases/ to MIRRORS to
handle new releases moving the version we want.
Original idea by Maxin B. John <maxin.john@intel.com>.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Hand applied to work with morty version
Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel
so (unfortunately) the signing must be done serially. Once the upstream problem is fixed,
this patch must be reverted, otherwise we loose all the intrinsic parallelism from
bitbake.
selftest/cases/signing: ignore removal errors when cleaning temporary gpg directory
The high-level method tempfile.TemporaryDirectory give us no way to
ignore erros on removal thus use tempfile.mkdtemp instead. Ignoring possible issues
on removal is neccesary because it contains gpg sockets that are automatically removed
by the system once the process terminates, otherwise the following log is observed:
..
..
File "/usr/lib/python3.5/shutil.py", line 436, in _rmtree_safe_fd
os.unlink(name, dir_fd=topfd)
FileNotFoundError: [Errno 2] No such file or directory: 'S.gpg-agent.browser'
Nicolas Dechesne [Wed, 13 Sep 2017 19:38:20 +0000 (21:38 +0200)]
kernel.bbclass: fix KERNEL_IMAGETYPE(S) for Image.gz
KERNEL_IMAGETYPES lists all the kernel images that we want to build. in cb17b6c2a7 (kernel.bbclass: support kernel image type of vmlinux.gz), some logic
was added to support vmlinux.gz which is not a target built by kernel
makefiles (only vmlinux). It is clear that the goal of this logic is only to
support vmlinux.gz and not others compressed format (such as Image.gz) which are
valid target for kernel makefiles.
For Image.gz we should rely on the kernel makefiles and not do the compression
in kernel class.
This patch updates the logic used to filter out non supported kernel target from
KERNEL_IMAGETYPES, and make vmlinux.gz a 'special case', instead of *.gz. If
more special cases are needed in the future, we could add them in a similar way.
This patch should be a no-op for anyone using vmlinux or vmlinux.gz, and on top
of that it is fixing the build for Image.gz which was not working until now.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cfc0c897656fe67e81a6a5dcd936dff785529f41) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ross Burton [Thu, 14 Sep 2017 12:27:53 +0000 (13:27 +0100)]
bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250)
All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an
information disclosure vulnerability which allows remote attackers to obtain
sensitive information from the bluetoothd process memory. This vulnerability
lies in the processing of SDP search attribute requests.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
image.bbclass: Sorted ctypes to avoid basehash error
When selected multiple subimages a similar error could happend:
Variable do_image_cpio[subimages] value changed \
from 'cpio.gz.u-boot cpio.gz' to 'cpio.gz cpio.gz.u-boot'
To avoid this, 'ctypes' should be sorted at 'gen_conversion_cmds'.
This garantee that 'CONVERSION_CMD_xxx' are always written in tha same
order and consequently 'do_image_cpio' have the same hash.
Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* but in some builds the glibc dependency isn't built soon enough:
$ diff -uNr BUILD-*/pkgdata/qemux86/runtime/localedef
--- BUILD-bad/pkgdata/qemux86/runtime/localedef 2017-09-02 21:17:50.000000000 +0000
+++ BUILD-ok/pkgdata/qemux86/runtime/localedef 2017-09-11 10:15:49.954381592 +0000
@@ -6,6 +6,7 @@
LICENSE: GPLv2 & LGPLv2.1
DESCRIPTION_localedef: glibc: compile locale definition files
SUMMARY: Locale data from glibc
+RDEPENDS_localedef: glibc (>= 2.26)
SECTION: base
PKG_localedef: localedef
FILES_localedef: /usr/bin/localedef
and the build fails with QA issues:
http://errors.yoctoproject.org/Errors/Details/155529/
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.0), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.15), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.3), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.2), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.1), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6, but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA run found fatal errors. Please consider fixing them.
* reproducible with Yocto 2.2 Morty as well, with slightly different
error message:
ERROR: glibc-locale-2.24-r0 do_package_qa: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.4), but no providers found in RDEPENDS_localedef? [file-rdeps]
Richard Purdie [Wed, 1 Mar 2017 15:16:44 +0000 (15:16 +0000)]
oeqa/selftest: Drop http sstate sharing
Using httpServer from python for sharing sstate is known to be buggy, it can't
cope with the number/type of requests coming from bitbake and quietly fails
to share files.
This causes intermittent build failures which are hard to debug. We can
use a file:// url for the sstate mirror instead, removing the need for
the http server.
The sdk-update test is simply dropped since the SDK is never published
to this location and hence it would never have any update. Its equiavalent
to pointing at an empty web server. There is a better eSDK update test in
testsdk so rather than improve this one, lets drop it and concentrate on
the one there.
Mariano Lopez [Wed, 22 Feb 2017 13:12:55 +0000 (13:12 +0000)]
selftest/eSDK.py: Cleanup when there is an error in setUpClass
Lately autobuilders are experiencing hangs with selftest,
it seems it is cause if an error happens in setUpClass
method of oeSDKExtSelfTest class because HTTP server
keeps running in background.
This patch will ensure tearDownClass will be run if there
is an error in setUpClass.
Signed-off-by: Francisco Pedraza <francisco.j.pedraza.gonzalez@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 14 Aug 2017 13:00:21 +0000 (14:00 +0100)]
python3-native: Avoid use of getentropy/getrandom
getentropy/random() is only available in glibc 2.25+ and uninative may relocate
binaries onto systems that don't have this function. For now, force the code to
the older codepaths until we can come up with a better solution for this kind of
issue.
Sona Sarmadi [Wed, 30 Aug 2017 10:21:41 +0000 (12:21 +0200)]
connman: Fix for CVE-2017-12865
dnsproxy: Fix crash on malformed DNS response
If the response query string is malformed, we might access memory
pass the end of "name" variable in parse_response().
Dmitry Rozhkov [Tue, 21 Feb 2017 15:18:08 +0000 (17:18 +0200)]
scripts/runqemu: avoid overridden user input for bootparams
Currently runqemu hardcodes the "ip=" kernel boot parameter
when configuring QEMU to use tap or slirp networking. This makes
the guest system to have a network interface pre-configured
by kernel and causes systemd to fail renaming the interface
to whatever pleases it:
Feb 21 10:10:20 intel-corei7-64 systemd-udevd[201]: Error changing
net interface name 'eth0' to 'enp0s3': Device or resource busy,
Always append user input for kernel boot params after the ones
added by the script. This way user input has priority over runqemu's
default params.
It isn't clear that the README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt
file in the deploy directory warrants the complexity it brings elsewhere.
Let's just remove it entirely.
In particular, if two do_image_complete tasks run in parallel they risk
both trying to put their image into ${DEPLOY_DIR_IMAGE} at the same time.
Both will contain a README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt
file. In theory this should be safe because "cp -alf" will just cause one
to overwrite the other. Unfortunately, coreutils cp also has a race[1]
which means that if one copy creates the file at just the wrong point the
other will fail with:
cp: cannot create hard link ‘..../tmp-glibc/deploy/images/pantera/README_-_DO_NOT_DELETE_FILES_IN_THIS_D.txt’ to
+‘..../tmp-glibc/work/rage_against-oe-linux-gnueabi/my-own-image/1.0-r0/deploy-my-own-image-complete/README_-_DO_NOT_DELETE_FILES_IN_THIS_DIRECTORY.txt’: File exists
Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gan Yau Wai [Sat, 12 Aug 2017 00:41:45 +0000 (02:41 +0200)]
insane.bbclass: fix override handling in RDEPENDS QA
The package_qa_check_rdepends() in insane.bbclass has
incorrectly replace its localdata OVERRIDES value with
the package name. Fixing it by appending the package name
to the existing OVERRIDES value. This resolves RDEPENDS QA
error when setting PACKAGECONFIG using a pn- override at
local.conf.
Cherry picked from master 60d28dd72daee235150ab6605cbf953f1ea691df
and modified to work with older bitbake where 2nd parameter in
localdata.getVar was mandatory.
[YOCTO #11374]
Signed-off-by: Gan Yau Wai <yau.wai.gan@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Martin Jansa [Sat, 12 Aug 2017 00:41:44 +0000 (02:41 +0200)]
icecc.bbclass: prevent nativesdk builds depending on target specific KERNEL_CC
* without this we cause nativesdk-linux-libc-headers to depend
on target specific KERNEL_CC (through icecc_get_tool ->
icecc_is_kernel -> KERNEL_CC -> HOST_CC_KERNEL_ARCH ->
TARGET_CC_KERNEL_ARCH -> TUNE_FEATURES(thumb) as shown by
bitbake-diffsigs:
OE qemux86@ ~/build/oe-core $ ls /OE/build/oe-core/tmp-glibc/sstate-diff/1499859497/qemu*/*sdk*/*/*do_configure.sigdata*
/OE/build/oe-core/tmp-glibc/sstate-diff/1499859497/qemuarm/x86_64-nativesdk-oesdk-linux/nativesdk-linux-libc-headers/4.10-r0.do_configure.sigdata.3a9a423878d56524e0ee8e42eba1804f
/OE/build/oe-core/tmp-glibc/sstate-diff/1499859497/qemux86/x86_64-nativesdk-oesdk-linux/nativesdk-linux-libc-headers/4.10-r0.do_configure.sigdata.401071dbaa88903ece37d35a47965ff2
OE qemux86@ ~/build/oe-core $ bitbake-diffsigs /OE/build/oe-core/tmp-glibc/sstate-diff/1499859497/qemu*/*sdk*/*/*do_configure.sigdata*
basehash changed from 39774238b66763c598153132e87a2c1a to aa2d66e770bf533e312536eb0a401c4c
Variable TARGET_CC_KERNEL_ARCH value changed from '${@bb.utils.contains('TUNE_FEATURES', 'thumb', '-mno-thumb-interwork-marm', '', d)} TUNE_FEATURES{thumb} = Set' to ''
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Martin Jansa [Sat, 12 Aug 2017 00:41:41 +0000 (02:41 +0200)]
test-dependencies.sh: Strip also '\.bb: .*' before adding failed recipe to list of failed
* format of bitbake tasks changed in: 2c88afb taskdata/runqueue: Rewrite without use of ID indirection
-ERROR: Task 4 (/OE/build/oe-core/openembedded-core/meta/recipes-devtools/rpm/sftp.bb, do_fetch) failed with exit code '1'
+ERROR: Task /OE/build/oe-core/openembedded-core/meta/recipes-devtools/rpm/sftp.bb:do_fetch (/OE/build/oe-core/openembedded-core/meta/recipes-devtools/rpm/sftp.bb:do_fetch) failed with exit code '1'
so strip not only '\.bb, .*' used before, but also '\.bb:.*' to drop
the task name to get recipe name.
* for more details see:
http://lists.openembedded.org/pipermail/openembedded-core/2016-June/123132.html
* without this change you can see test-dependencies.sh trying to rebuild packages
like:
Building recipe: fbprogress (6/21)
Building recipe: fbprogress.bb:do (7/21)
where the later of course doesn't exist as a recipe
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Tom Rini [Tue, 25 Jul 2017 19:58:09 +0000 (15:58 -0400)]
image: Fix "metadata is not deterministic" when chaining 2+ CONVERSION_CMDs
When we have more than one CONVERSION_CMD being used, for example
ext4.gz.sha256sum we will see errors about "metadata is not
deterministic". This is because we do not have a stable order of
intermediate files that will be removed in the generated shell command.
We fix this by calling sorted() on the set of rm_tmp_images so that we
will have a stable hash again.
Cc: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 98a2afeb3a53bec7a72a4a9846e1dba636cc6f3d) Signed-off-by: Armin Kuster <akuster808@gmail.com>
Tom Rini [Fri, 21 Jul 2017 22:06:33 +0000 (18:06 -0400)]
image.bbclass: Correct chaining compression support
When chaining of compression/conversion types was added, we had a new
way to handle doing things like "ext4.bz2.sha256sum" or
"ext2.gz.u-boot". However, because the U-Boot image class isn't
included normally, it wasn't properly converted at the time. After the
support was added the "clean" argument that the .u-boot code uses no
longer functions. The fix for this inadvertently broke chaining
compression/conversion. First, correct the u-boot conversion code.
Fixes: 46bc438374de ("image.bbclass: do exact match for rootfs type") Cc: Zhenhua Luo <zhenhua.luo@nxp.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0a7ce0b971a208956cb895ba5a869ec8c5d94703)
excluded lz4 and lzo chnages Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ross Burton [Fri, 4 Aug 2017 16:27:00 +0000 (17:27 +0100)]
systemd: refuse to load units with errors (CVE-2017-1000082)
If a unit has a statement such as User=0day where the username exists but is
strictly speaking invalid, the unit will be started as the root user instead.
Backport a patch from upstream to mitigate this by refusing to start units such
as this.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Nikolay Merinov [Wed, 26 Jul 2017 08:05:08 +0000 (13:05 +0500)]
systemd: Disable DefaultDependencies for sysv scripts on rcS runlevel
systemd-sysv-generator translate sysv services on rcS runlevel to
services that starts before sysinit.target. This behavour conflict
with default dependency on same tartget.
String that define "DefaultDependency=no" was lost from patch for
sysv generator during porting patches to systemd 229 in commit 64ab17b707dc431aaed880d6d8615971243f46f8.
Current commit returns changes required for services that work on
rcS runlevel.
Signed-off-by: Nikolay Merinov <n.merinov@inango-systems.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Andre McCurdy [Thu, 6 Jul 2017 19:49:01 +0000 (12:49 -0700)]
lsof: update SRC_URI
Upstream lsof releases are hosted on an ftp server which times out
download attempts from hosts for which it can not perform a DNS
reverse-lookup. See:
https://people.freebsd.org/~abe/
http://www.mirrorservice.org seems to be the most commonly used
alternative (and using it for SRC_URI allows the custom
UPSTREAM_CHECK_URI to be removed).
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 4e718242c1554021689a7946add055b22b81ec42) Signed-off-by: Armin Kuster <akuster808@gmail.com>
Kai Kang [Sat, 27 May 2017 07:45:03 +0000 (15:45 +0800)]
lsof: clear setuid
Having 'lsof' as a +s (setuid) binary could lead to security issues if
a compromise in the binary is found. It is better that it be -s by
default as a precaution.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 346c65dd6855106069d1861ca965d3121eb084d1) Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ed Bartosh [Mon, 17 Jul 2017 07:25:28 +0000 (10:25 +0300)]
wic: fix calculation of partition number
Total number of partitions should be taken into account when calculating
real partition number for msdos partition table. The number can be
different for the 4th partition: it can be 4 if there are 4 partitions in
the table and 5 if there are more than 4 partitions in the table. In the
latter case number 4 is occupied by extended partition.
[YOCTO #11790]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Armin Kuster [Sat, 17 Jun 2017 21:20:26 +0000 (14:20 -0700)]
docbook-utils: update SRC_URI from fedora to osl
WARNING: docbook-utils-native-0.6.14-r3 do_fetch: Failed to fetch URL ftp://sources.redhat.com/pub/docbook-tools/new-trials/SOURCES/docbook-utils-0.6.14.tar.gz, attempting MIRRORS if available
Armin Kuster [Sat, 17 Jun 2017 21:17:10 +0000 (14:17 -0700)]
sgml-common: update SRC_URI from fedora to OSL
WARNING: sgml-common-native-0.6.3-r1 do_fetch: Failed to fetch URL ftp://sources.redhat.com/pub/docbook-tools/new-trials/SOURCES/sgml-common-0.6.3.tgz, attempting MIRRORS if available
Signed-off-by: Marek Vasut <marex@denx.de> Cc: Ross Burton <ross.burton@intel.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Cody P Schafer <dev@codyps.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Zhixiong Chi [Thu, 20 Apr 2017 07:04:54 +0000 (15:04 +0800)]
bash: CVE-2016-0634
A vulnerability was found in a way bash expands the $HOSTNAME.
Injecting the hostname with malicious code would cause it to run
each time bash expanded \h in the prompt string.
Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
bash43-047> to solve CVE-2016-0634
Cody P Schafer [Wed, 7 Jun 2017 20:36:44 +0000 (16:36 -0400)]
elfutils: fix building elfutils-native with GCC7
This is heavily based on the oe-core master commit with the same
subject, but includes a backport of upstream's fix for the fallthrough
warnings rebased to 0.166 (the oe-core patch which targeted 0.168 did
not apply), a rebase of the format-truncation patch, and a backport of
the upstream format-length patch.
Joshua Lock [Wed, 7 Jun 2017 18:46:21 +0000 (14:46 -0400)]
gcc-6.2: backport fix of check for empty string in ubsan.c
Building gcc-cross-initial with GCC7 on the host fails due to the
comparison of a pointer to an integer in ubsan_use_new_style_p, which
is forbidden by ISO C++:
ubsan.c:1474:23: error: ISO C++ forbids comparison between pointer and
integer [-fpermissive]
|| xloc.file == '\0' || xloc.file[0] == '\xff'
Backport the fix from upstream GCC to enable the build with GCC 7
