Bruce Ashfield [Mon, 15 May 2017 12:51:38 +0000 (08:51 -0400)]
linux-yocto/4.10: update to v4.10.15
Merging the korg stable releases 4.10.10 -> 4.10.15 with the following
shortlog summary:
b1cff0b2ed20 Linux 4.10.15 de7b7a35c99e dm ioctl: prevent stack leak in dm ioctl call 8dee04de5def hwmon: (it87) Avoid registering the same chip on both SIO addresses ad66b968a0e5 scsi: storvsc: Workaround for virtual DVD SCSI version fc08ba650a2b Handle mismatched open calls 43c1696e5e91 timerfd: Protect the might cancel mechanism proper d08276658dee Linux 4.10.14 3adeab312a65 ftrace/x86: Fix triple fault with graph tracing and suspend-to-ram 13d970940217 cpu/hotplug: Serialize callback invocations proper bd7c4f5e1d25 net: can: usb: gs_usb: Fix buffer on stack 43a35e671f8f macsec: avoid heap overflow in skb_to_sgvec e4720b009def ceph: fix recursion between ceph_set_acl() and __ceph_setattr() 43e360377b09 nfsd: stricter decoding of write-like NFSv2/v3 ops 144180dc4736 nfsd4: minor NFSv2/v3 write decoding cleanup 86eb1d0aab0d nfsd: check for oversized NFSv2/v3 arguments b98d12a15ed1 Input: i8042 - add Clevo P650RS to the i8042 reset list 2f680d46a0b5 ASoC: intel: Fix PM and non-atomic crash in bytcr drivers bec0749254e7 p9_client_readdir() fix 67355b67b41c MIPS: Avoid BUG warning in arch_check_elf 7cb5877dc20e MIPS: cevt-r4k: Fix out-of-bounds array access 09c953f73ff0 MIPS: KGDB: Use kernel context for sleeping threads 4a71345ea6f8 ARC: [plat-eznps] Fix build error 47dbabb85ef7 scsi: return correct blkprep status code in case scsi_init_io() fails. dcb730f79d33 ALSA: seq: Don't break snd_use_lock_sync() loop by timeout 7b2b791c65d2 ALSA: firewire-lib: fix inappropriate assignment between signed/unsigned type a33e886d3f19 ALSA: oxfw: fix regression to handle Stanton SCS.1m/1d f62c45868079 ipv6: check raw payload size correctly in ioctl 466dfcd1d81a tcp: memset ca_priv data to 0 properly 04630e2ed834 ipv6: check skb->protocol before lookup for nexthop 683f8d60761c net: phy: fix auto-negotiation stall due to unavailable interrupt f9a8970e9eee net: ipv6: regenerate host route if moved to gc list e2ae71739253 macvlan: Fix device ref leak when purging bc_queue b073c2c3d40c tcp: mark skbs with SCM_TIMESTAMPING_OPT_STATS cdaf15b43bd3 tcp: fix SCM_TIMESTAMPING_OPT_STATS for normal skbs df4c4820a0b0 net/mlx5e: Fix ETHTOOL_GRXCLSRLALL handling cce19108367e net/mlx5e: Fix small packet threshold 3faae16bf93e net/mlx5: E-Switch, Correctly deal with inline mode on ConnectX-5 82aa6b2c1f19 net/mlx5: Fix driver load bad flow when having fw initializing timeout ff247bdf248a ip6mr: fix notification device destruction 9db670f71b6a netpoll: Check for skb->queue_mapping 5e54291edfb9 net: ipv6: RTF_PCPU should not be settable from userspace ee1f368e99ba gso: Validate assumption of frag_list segementation 03940f08b972 ipv6: fix source routing c52ac0687247 ipv6: sr: fix double free of skb after handling invalid SRH 3b600a30d126 dp83640: don't recieve time stamps twice a024074740e7 ipv6: sr: fix out-of-bounds access in SRH validation 7e793ce3b3e1 sh_eth: unmap DMA buffers when freeing rings c526d0869a3a net: vrf: Fix setting NLM_F_EXCL flag when adding l3mdev rule 9ca5d7e426dd net-timestamp: avoid use-after-free in ip_recv_error 0d8ef98cefae ipv6: Fix idev->addr_list corruption 29dc163a721e tcp: clear saved_syn in tcp_disconnect() 1ebfe5cf3727 sctp: listen on the sock only when it's state is listening or closed 280a7e34a987 net: ipv4: fix multipath RTM_GETROUTE behavior when iif is given c747d66b6c6f l2tp: fix PPP pseudo-wire auto-loading 2ba7cfd4f6a9 l2tp: take reference on sessions being dumped 0fbdeb789013 openvswitch: Fix ovs_flow_key_update() f9bd6b937de6 net/packet: fix overflow in check for tp_reserve 57a88382a969 net/packet: fix overflow in check for tp_frame_nr 5894337297ad l2tp: purge socket queues in the .destruct() callback 7d5eb39c0d8c l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 63ae30d5caa7 net/mlx5: Avoid dereferencing uninitialized pointer 4f45e887a632 bpf: improve verifier packet range checks 443fac9f2618 secure_seq: downgrade to per-host timestamp offsets a35c14672325 kcm: return immediately after copy_from_user() failure c79db30fd1b0 net: phy: handle state correctly in phy_stop_machine 693d7da388c2 net: neigh: guard against NULL solicit() method 2ec8024c5672 sparc64: Fix kernel panic due to erroneous #ifdef surrounding pmd_write() 1797e172bf10 sparc64: kern_addr_valid regression 7cf480444103 ping: implement proper locking b957be36d793 Linux 4.10.13 9254ada03382 device-dax: switch to srcu, fix rcu_read_lock() vs pte allocation 7d1c1be6c8d3 x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs 1136723a6cf0 powerpc/kprobe: Fix oops when kprobed on 'stdu' instruction a6db433483db ubi/upd: Always flush after prepared for an update a32ff3f07f9b x86/mce: Make the MCE notifier a blocking one c77e7d37ac50 mac80211: fix MU-MIMO follow-MAC mode ee9b489925a0 mac80211: reject ToDS broadcast data frames 71a3e3679e30 ubifs: Fix O_TMPFILE corner case in ubifs_link() c1cadf6af8b7 ubifs: Fix RENAME_WHITEOUT support 2745665258c3 mmc: sdhci-esdhc-imx: increase the pad I/O drive strength for DDR50 card b478c19f3de4 mmc: dw_mmc: Don't allow Runtime PM for SDIO cards 9b02ecd10cff ACPI / power: Avoid maybe-uninitialized warning 7010e15d1d22 Input: elantech - add Fujitsu Lifebook E547 to force crc_enabled 0cb760dfc75b s390/mm: fix CMMA vs KSM vs others 71766b913996 mmc: dw_mmc: silent verbose log when calling from PM context 9f8296778b61 CIFS: remove bad_network_name flag 5cd77ebf2254 cifs: Do not send echoes before Negotiate is complete 63ad4051e89c mm: prevent NR_ISOLATE_* stats from going negative 64d253367ae0 ring-buffer: Have ring_buffer_iter_empty() return true when empty eff248618a59 HID: wacom: Treat HID_DG_TOOLSERIALNUMBER as unsigned 838a281c4a17 tracing: Allocate the snapshot buffer before enabling probe 523ae2e9e39a KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings cc4f98410688 KEYS: Change the name of the dead type to ".dead" to prevent user access 4cbbfd6aafe1 KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings 055c0a94117c Linux 4.10.12 e5349c13c7a8 virtio-console: avoid DMA from stack e0116f4d9a9a cxusb: Use a dma capable buffer also for reading b1bfb5083bfa mm: Tighten x86 /dev/mem with zeroing reads 2c4d8f20cc29 rtc: tegra: Implement clock handling a16534a33305 ACPI / EC: Use busy polling mode when GPE is not enabled 8a73a223fb70 x86/xen: Fix APIC id mismatch warning on Intel e765ef79fdf3 platform/x86: acer-wmi: setup accelerometer when machine has appropriate notify event 35549ee08285 ASoC: Intel: select DW_DMAC_CORE since it's mandatory 765c74b9cc27 dvb-usb-v2: avoid use-after-free ce5fe5a547d8 parisc: Fix get_user() for 64-bit value on 32-bit kernel aa7ca04fb26c crypto: lrw - Fix use-after-free on EINPROGRESS cb0567fc5114 crypto: ahash - Fix EINPROGRESS notification callback 102da3a73f9a crypto: xts - Fix use-after-free on EINPROGRESS 25308983eda6 crypto: algif_aead - Fix bogus request dereference in completion function a0a1e90f5057 ftrace: Fix function pid filter on instances 58bc856c41fb zram: do not use copy_page with non-page aligned address 9bf69094c2ad Revert "MIPS: Lantiq: Fix cascaded IRQ setup" 1cb293ab0236 char: lack of bool string made CONFIG_DEVPORT always on ebe4deab5c80 drm/i915/gvt: set the correct default value of CTX STATUS PTR 4bf7df7b3bd7 ftrace: Fix removing of second function probe 9b35ab51a0b4 irqchip/irq-imx-gpcv2: Fix spinlock initialization b648679070a9 cpufreq: Bring CPUs up even if cpufreq_online() failed 26052e29d6a2 pwm: rockchip: State of PWM clock should synchronize with PWM enabled state 96b121b50683 can: ifi: use correct register to read rx status 5b750d3c56e3 libnvdimm: band aid btt vs clear poison locking f0f306710e24 libnvdimm: fix reconfig_mutex, mmap_sem, and jbd2_handle lockdep splat e0d47228949e libnvdimm: fix blk free space accounting 66481ca0750d make skb_copy_datagram_msg() et.al. preserve ->msg_iter on error a99a9ff2374a new privimitive: iov_iter_revert() 939707c50352 xen, fbfront: fix connecting to backend 22113847cd11 target: Avoid mappedlun symlink creation during lun shutdown 53204334cca0 scsi: sd: Fix capacity calculation with 32-bit sector_t 24c01b369765 scsi: qla2xxx: Add fix to read correct register value for ISP82xx. 8b30ed56fa89 scsi: sd: Consider max_xfer_blocks if opt_xfer_blocks is unusable 01fb9440938a scsi: sr: Sanity check returned mode data c8270f29214c iscsi-target: Drop work-around for legacy GlobalSAN initiator 510152205d41 iscsi-target: Fix TMR reference leak during session shutdown c100de410c1e efi/fb: Avoid reconfiguration of BAR that covers the framebuffer 6b8a0080915d efi/libstub: Skip GOP with PIXEL_BLT_ONLY format ca3e0b6d6b25 parisc: fix bugs in pa_memcpy 87ad80ecdb5c ACPI / scan: Set the visited flag for all enumerated devices 122c16ccc71b acpi, nfit, libnvdimm: fix interleave set cookie calculation (64-bit comparison) 083d30d61a1a x86/vdso: Plug race between mapping and ELF header setup 90dc1120444f x86/vdso: Ensure vdso32_enabled gets set to valid values only b8cb11e01a7f x86, pmem: fix broken __copy_user_nocache cache-bypass assumptions 1a99658f083d x86/intel_rdt: Fix locking in rdtgroup_schemata_write() 565194a42052 x86/signals: Fix lower/upper bound reporting in compat siginfo c6be568a2f24 x86/efi: Don't try to reserve runtime regions 4ff9e6c2d86b perf/x86: Avoid exposing wrong/stale data in intel_pmu_lbr_read_32() 535adf24d1a7 perf annotate s390: Fix perf annotate error -95 (4.10 regression) 7869b4078ba9 Input: xpad - add support for Razer Wildcat gamepad 3f17ee38a808 CIFS: store results of cifs_reopen_file to avoid infinite wait 6e9b6937a923 CIFS: reconnect thread reschedule itself d38b12ab7b05 drm/fb-helper: Allow var->x/yres(_virtual) < fb->width/height again e97e515b7448 drm/etnaviv: fix missing unlock on error in etnaviv_gpu_submit() 3287a46c7829 drm/nouveau: initial support (display-only) for GP107 2efa4bd3b644 drm/nouveau/kms/nv50: fix double dma_fence_put() when destroying plane state b6b2448efe64 drm/nouveau/kms/nv50: fix setting of HeadSetRasterVertBlankDmi method 8418bb809e55 drm/nouveau/mmu/nv4a: use nv04 mmu rather than the nv44 one cc3c096855c6 drm/nouveau/mpeg: mthd returns true on success now 5de87d225e08 orangefs: free superblock when mount fails 5f8cde206712 zsmalloc: expand class bit 5c7de4610825 thp: fix MADV_DONTNEED vs clear soft dirty race d7847a2203a1 thp: fix MADV_DONTNEED vs. MADV_FREE race e2083153996d tcmu: Skip Data-Out blocks before gathering Data-In buffer for BIDI case acbb93eb7447 tcmu: Fix wrongly calculating of the base_command_size 1486f834e887 tcmu: Fix possible overwrite of t_data_sg's last iov[] e8339b9ddfe6 audit: make sure we don't let the retry queue grow without bounds 668e2d892499 cgroup, kthread: close race window where new kthreads can be migrated to non-root cgroups 4c031101dc08 Linux 4.10.11 2ef9c8dd6ecd dma-buf: add support for compat ioctl 10e13823b0a9 net/packet: fix overflow in check for priv area size 50d60091d294 crypto: caam - fix invalid dereference in caam_rsa_init_tfm() 41889ca0002a crypto: caam - fix RNG deinstantiation error checking 8e94a6f43dff MIPS: IRQ Stack: Fix erroneous jal to plat_irq_dispatch 4a1fe14b16c9 MIPS: Select HAVE_IRQ_EXIT_ON_IRQ_STACK 2c7235dbdd51 MIPS: Switch to the irq_stack in interrupts b21e28eafd17 MIPS: Only change $28 to thread_info if coming from user mode ece65a60793c MIPS: Stack unwinding while on IRQ stack 6b720ff376fd MIPS: Introduce irq_stack 612973c55404 rt2x00usb: do not anchor rx and tx urb's 244ff096a321 rt2x00usb: fix anchor initialization df741f77edfa nfs: flexfiles: fix kernel OOPS if MDS returns unsupported DS type f536c2058420 orangefs: fix buffer size mis-match between kernel space and user space. f20e76a469c1 orangefs: Dan Carpenter influenced cleanups... b01252079ec7 drm/i915: Do .init_clock_gating() earlier to avoid it clobbering watermarks d5b5a4d3f77f drm/i915: Avoid rcu_barrier() from reclaim paths (shrinker) de3571619eeb drm/i915: Stop using RP_DOWN_EI on Baytrail 29abfd4ee598 drm/i915: Drop support for I915_EXEC_CONSTANTS_* execbuf parameters. b364cf79fc37 drm/i915: Only enable hotplug interrupts if the display interrupts are enabled 56613bca0578 drm/i915: Reject HDMI 12bpc if the sink doesn't indicate support dba29c1139fc drm/i915: Avoid tweaking evaluation thresholds on Baytrail v3 fccb5940cc17 drm/i915: Nuke debug messages from the pipe update critical section 29a9a6a329d1 drm/i915: Store a permanent error in obj->mm.pages 432ae45238b8 drm/i915/gen9: Increase PCODE request timeout to 50ms b93cb4cc2eab drm/i915: Squelch any ktime/jiffie rounding errors for wait-ioctl ec417098e18f drm/i915/fbdev: Stop repeating tile configuration on stagnation 4f985d41bc5f drm/i915: Move updating color management to before vblank evasion a8a20aecc9c1 drm/i915: Fix forcewake active domain tracking e6925852d5b8 Linux 4.10.10 e6c5fe2374cd x86/reboot/quirks: Fix typo in ASUS EeeBook X205TA reboot quirk a148ee8f7156 usb-storage: Add ignore-residue quirk for Initio INIC-3619 118b1ef49a33 x86/reboot/quirks: Add ASUS EeeBook X205TA/W reboot quirk 2b0766deb008 x86/reboot/quirks: Add ASUS EeeBook X205TA reboot quirk 3db435d09bc3 platform/x86: asus-wmi: Detect quirk_no_rfkill from the DSDT d0331c21a1a6 watchdog: s3c2410: Fix infinite interrupt in soft mode 07371cd9ef21 PCI: Add ACS quirk for Qualcomm QDF2400 and QDF2432 e90d491bcf00 PCI: Sort the list of devices with D3 delay quirk by ID 9fd0dee94856 mmc: sdhci-of-esdhc: remove default broken-cd for ARM 8f24ffc2f9a0 PCI: Disable MSI for HiSilicon Hip06/Hip07 Root Ports f2d9c08fc9b2 PCI: Add Broadcom Northstar2 PAXC quirk for device class and MPSS 0755d2b5fe92 ARM: smccc: Update HVC comment to describe new quirk parameter 7dd05d366148 firmware: qcom: scm: Fix interrupted SCM calls cc9b9deb6197 arm: kernel: Add SMC structure parameter 2dca786b85e2 HID: wacom: don't apply generic settings to old devices 6ac0617424d4 ASoC: sun4i-i2s: Add quirks to handle a31 compatible ab0b1f481fa9 ACPI: save NVS memory for Lenovo G50-45 36426b3a31dc ASoC: Intel: cht_bsw_rt5645: add Baytrail MCLK support bdbe9135ead6 ASoC: Intel: cht_bsw_rt5645: harden ACPI device detection 88f1372e28b2 ASoC: Intel: Baytrail: add quirk for Lenovo Thinkpad 10 770049fddd84 ASoC: codecs: rt5670: add quirk for Lenovo Thinkpad 10 8d5dd97f5556 ACPI / button: Change default behavior to lid_init_state=open 53a898c2dc3b sata: ahci-da850: implement a workaround for the softreset quirk fcfd2ac4abfb PCI: xgene: Fix double free on init error c259b9b74ebc PCI: Add ACS quirk for Intel Union Point 8a4b2d4ba49c drm/mga: remove device_is_agp callback f08ae685954e usb: dwc3: host: pass quirk-broken-port-ped property for known broken revisions 41d6d9750ba3 usb: host: xhci-plat: enable BROKEN_PED quirk if platform requested 9763fee4c38d usb: xhci: add quirk flag for broken PED bits afdb6b99f54e serial: 8250_omap: Add OMAP_DMA_TX_KICK quirk for AM437x 99b4f57bffe5 usb: chipidea: msm: Rely on core to override AHBBURST f576c28172a3 ASoC: Intel: bytcr_rt5640: quirks for Insyde devices 24fdd3f90f4c drm/i915: actually drive the BDW reserved IDs 0325b5e1b637 drm/i915: more .is_mobile cleanups for BDW bb4c89250bcc drm/i915: fix INTEL_BDW_IDS definition d7f19357fe65 drm/edid: constify edid quirk list b04940e26f10 kvm: fix page struct leak in handle_vmon af7291601501 random: use chacha20 for get_random_int/long d57c764a703b mm/mempolicy.c: fix error handling in set_mempolicy and mbind. 596c2d180a96 Documentation: stable-kernel-rules: fix stable-tag format 813e1ac7259b usb: dwc3: gadget: delay unmap of bounced requests 5e87a005ff57 drm/i915/kvmgt: fix suspicious rcu dereference usage cccf8321af1c drm/i915/gvt: Fix gvt scheduler interval time fba7cfc66b25 MIPS: c-r4k: Fix Loongson-3's vcache/scache waysize calculation 42ce8ecfd141 MIPS: Flush wrong invalid FTLB entry for huge page a854a7975ce0 MIPS: Add MIPS_CPU_FTLB for Loongson-3A R2 5dc665924208 MIPS: Check TLB before handle_ri_rdhwr() for Loongson-3 464d88e8a0ad MIPS: Lantiq: fix missing xbar kernel panic 187b957634f0 MIPS: End spinlocks with .insn 0c4b9fe70343 MIPS: ralink: Fix typos in rt3883 pinctrl e09e410969ef MIPS: Force o32 fp64 support on 32bit MIPS64r6 kernels 94f3dd6b140a s390/uaccess: get_user() should zero on failure (again) 5d4d57697aa1 s390/decompressor: fix initrd corruption caused by bss clear a66f5106e710 xtensa: make __pa work with uncached KSEG addresses 36463a76abeb nios2: reserve boot memory for device tree be9fe9d48988 x86/mce: Don't print MCEs when mcelog is active fe96b265778a dm raid: fix NULL pointer dereference for raid1 without bitmap 5c67d5410bbb powerpc/crypto/crc32c-vpmsum: Fix missing preempt_disable() d625e1a1530d powerpc: Don't try to fix up misaligned load-with-reservation instructions b129e418406b powerpc/64: Fix flush_(d|i)cache_range() called from modules 12502ae4c9a1 powerpc/mm: Add missing global TLB invalidate if cxl is active 2a3134e106d4 powerpc: Disable HFSCR[TM] if TM is not supported be5569719b5c drm/msm: adreno: fix build error without debugfs 169b36bef88f metag/usercopy: Add missing fixups 191e4c735549 metag/usercopy: Fix src fixup in from user rapf loops e6ca39ac0c0d metag/usercopy: Set flags before ADDZ b03dd10e4c58 metag/usercopy: Zero rest of buffer from copy_from_user 60a0b56ea119 metag/usercopy: Add early abort to copy_to_user e61ffb12b6ac metag/usercopy: Fix alignment error checking 804453ff0993 metag/usercopy: Drop unused macros 6d855e027553 brcmfmac: use local iftype avoiding use-after-free of virtual interface 96499191fe6d mac80211: unconditionally start new netdev queues with iTXQ support ab23a82a0176 ring-buffer: Fix return value check in test_ringbuffer() 24d108e4dfec xfs: Honor FALLOC_FL_KEEP_SIZE when punching ends of files 1d656a4d8e87 orangefs: move features validation to fix filesystem hang b92a638e002b jump label: fix passing kbuild_cflags when checking for asm goto support 7b73b72fbf82 Kbuild: use cc-disable-warning consistently for maybe-uninitialized 52b38ad09a6c ACPI / scan: Prefer devices without _HID for _ADR matching e56bb92202f7 ACPI / gpio: do not fall back to parsing _CRS when we get a deferral 1c9925e63abb dm verity fec: fix bufio leaks 88c358b1f453 dm verity fec: limit error correction recursion 523a19324267 dax: fix radix tree insertion race 8bdc69ccb9f8 ptrace: fix PTRACE_LISTEN race corrupting task->state 0666cf6c9c18 mm/page_alloc.c: fix print order in show_free_areas() 674850494e19 Reset TreeId to zero on SMB2 TREE_CONNECT c793e3374981 cfg80211: check rdev resume callback only for registered wiphy b48b63d5f583 arm64: mm: unaligned access by user-land should be received as SIGBUS 3d44ecc1206e iio: bmg160: reset chip when probing 2501a0af1734 iio: st_pressure: initialize lps22hb bootime a16d8c4e8f77 iio: core: Fix IIO_VAL_FRACTIONAL_LOG2 for negative values 0d50669ca41f kvm: arm/arm64: Fix locking for kvm_free_stage2_pgd e8c3d6542edb arm/arm64: KVM: Take mmap_sem in kvm_arch_prepare_memory_region fc29073a15e8 arm/arm64: KVM: Take mmap_sem in stage2_unmap_vm fb3ce7a85213 staging: android: ashmem: lseek failed due to no FMODE_LSEEK. 38b4b8a0969d sysfs: be careful of error returns from ops->show() a709613559d6 PCI: thunder-pem: Fix legacy firmware PEM-specific resources f8709a9ec8ae PCI: thunder-pem: Add legacy firmware support for Cavium ThunderX host controller 44eed6f02491 drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() a2d474ab560c drm/vmwgfx: Remove getparam error message 009eb75f7fb0 drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces 7a392c9a4563 drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl() 0570c0cd987f drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() 3622a033c419 drm/vmwgfx: Type-check lookups of fence objects
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 58063bcdb78c9434b4d36e3a73df977b64d1640f) Signed-off-by: Armin Kuster <akuster808@gmail.com>
Bruce Ashfield [Tue, 13 Jun 2017 07:26:17 +0000 (03:26 -0400)]
kernel-yocto: propagate configuration errors to bbclass
As pointed out by klapperichpaul@johndeere.com, missing configuration
fragments were being picked up twice, once by the tools and once by the
bbclass. Unfortunately, the tools error message was being detected as
configs, and hence no error was reported at all.
Rather than catching the output of the tools, we can instead check the
return code and propagate the error message from the tools directly to
the user.
[YOCTO #11649]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 960652416e2390337df6d9734375d6829ceb6420) Signed-off-by: Armin Kuster <akuster808@gmail.com>
recipetool: git reformat URI mangling & parameter stripped
recipetool seems to be mangling and stripping out the parameters for git
URI. This will fix this issue as well as resolve the conflict of
protocol parameter added by user. If a user adds their own protocol as
an argument, it'll be honored.
[YOCTO #11390]
[YOCTO #11391]
Signed-off-by: Stanley Cheong Kwan, Phoong <stanley.cheong.kwan.phoong@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 0cd2fc8ca278ebaa76de95545eef26a07b350c8e) Signed-off-by: Armin Kuster <akuster808@gmail.com>
systemd: workaround login failure on qemumips64 when 'pam' is enabled
Append " -fno-tree-switch-conversion -fno-tree-tail-merge" to
FULL_OPTIMIZATION to workaround login problem on qemumips64. Otherwise,
user cannot login onto the target even username and password are
provided.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 35403ba3707c3c8dd94bcc557eef6f7c66696bc5)
Hand applied Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ross Burton [Wed, 19 Jul 2017 12:34:44 +0000 (13:34 +0100)]
systemd: refuse to load units with errors (CVE-2017-1000082)
If a unit has a statement such as User=0day where the username exists but is
strictly speaking invalid, the unit will be started as the root user instead.
Backport a patch from upstream to mitigate this by refusing to start units such
as this.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Patrick Ohly [Tue, 27 Jun 2017 15:33:43 +0000 (17:33 +0200)]
yocto-compat-layer.py: make signature check code reusable
This moves the main content of test_signature into a helper
function. It can be reused by arbitrary tests that need to do
a before/after signature comparison. Long-term this might even
be useful in oeqa itself.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Patrick Ohly [Tue, 27 Jun 2017 15:33:42 +0000 (17:33 +0200)]
yocto-compat-layer.py: allow README with suffix
It may be useful to append a suffix denoting the file format. For
example, README.rst is rendered differently when viewed on Github, and
also helps editors to switch to a mode more suitable for the format.
The tests uses a file pattern to find the README file(s) and treats
the one with the shortest name as the main one which must not be
empty.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Patrick Ohly [Tue, 27 Jun 2017 15:33:41 +0000 (17:33 +0200)]
yocto-compat-layer.py: add test_world
"test_signatures" ignores wold build breakage for the sake of
reporting differences also when a world build is broken. Therefore we
need a dedicated test that a world build at least theoretically can
proceed without obvious parse time problems (dependencies, parse
errors, dangling .bbappends, etc.).
This is similar to the BSP test_machine_world. The difference is
that test_world doesn't change the MACHINE.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Patrick Ohly [Tue, 27 Jun 2017 15:33:40 +0000 (17:33 +0200)]
yocto-compat-layer.py: apply test_signatures to all layers
Software layers were previously allowed to change signatures, but
that's not desired for those layers either. The rule that a layer
which is "Yocto Compatible 2.0" must not change signatures unless
explicitly requested holds for all kinds of layers.
However, as this is something that software layers might not be able
to do right away, testing for signature changes in software layers can
be disabled. It's on by default, as that was Richard's
recommendation. Whether that should change needs further discussion as
part of finalizing "Yocto Compatible 2.0".
As it might still change, the tool now has both a with/without
parameter so that users of the tool can choose the desired behavior
without being affected by future changes to the default.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Patrick Ohly [Tue, 27 Jun 2017 15:33:39 +0000 (17:33 +0200)]
yocto-compat-layer.py: tolerate broken world builds during signature diff
The "test_signatures" test ignored a broken world build when getting
signatures, but the code which then tried to analyze a difference
found by the test didn't, which prevented printing the difference.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Patrick Ohly [Tue, 27 Jun 2017 15:33:38 +0000 (17:33 +0200)]
yocto-compat-layer.py: avoid adding layers more than once
add_layer_dependencies() might get called more than once, or one of
the layer dependencies might already be present. The function should
not add layers again because doing so can cause warnings like:
WARNING: Duplicate inclusion for .../meta-openembedded/meta-oe/conf/distro/include/meta_oe_security_flags.inc in .../meta-openembedded/meta-oe/conf/layer.conf
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Martin Kelly [Tue, 2 May 2017 19:20:13 +0000 (12:20 -0700)]
qemuboot.conf: make cpus match built artifacts
Currently, the qemu CPUs for are specified as generic, but the built
artifacts are not. For example, we build x86-64 artifacts targeting
core2duo but run them in qemu with generic qemu/kvm CPUs. This causes
some packages that take advantage of the host architecture to crash
because they try to use CPU features not advertised by qemu. As an
example, Qt uses ssse3. When artifacts linked against Qt and built
targeting core2duo attempt to run on a generic qemu/kvm CPU, we get
the following crash:
Incompatible processor. This Qt build requires the following features:
ssse3
We could fix this by making packages like Qt not take advantage of CPU
features. However, we will probably keep facing similar issues over
time, so it's better to resolve them in a more enduring way.
Fix this by making the qemu -cpu arguments match the built artifacts.
Signed-off-by: Martin Kelly <mkelly@xevo.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
package_manager.py: set dnf's releasever setting from DISTRO_CODENAME
So that:
1) dnf does not complain anymore about releasever not being set and then fail
for the same reason;
2) it's possible to refer to $releasever in dnf package feed configuration
(repo paths in particular) without hardconding the release name (pyro, morty, etc.)
Andrej Valek [Wed, 14 Jun 2017 12:58:47 +0000 (14:58 +0200)]
libxml2: Fix CVE-2017-9049 and CVE-2017-9050
Fix handling of parameter-entity references
There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.
It's possible for tasks to stage symlinks that point to non-existent
files; an example is ncurses-native.do_populate_sysroot. There wasn't
any error checking here so this broke the build when "task" was included
in BUILDHISTORY_FEATURES. In any case we shouldn't be following symlinks
and getting the sha256sum of the link target - we need concern ourselves
only with the target path, so check if the file is a link and sha256 the
target path instead if it is. If it's neither a regular file nor a
symlink (perhaps a pipe or a device), just skip it.
Signed-off-by: Martin Kelly <mkelly@xevo.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jan Kiszka [Sun, 30 Apr 2017 15:28:01 +0000 (17:28 +0200)]
tcf-agent: Fix daemon termination
The upstream init script uses SIGUSR2 to terminate that daemon because
SIGTERM is ignored. As the killproc function does not support specifying
a signal, switch to start-stop-daemon. Drop the retry loop because
SIGUSR2 is lethal for agent.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ross Burton [Tue, 18 Jul 2017 22:07:08 +0000 (23:07 +0100)]
libgcrypt: fix CVE-2017-9526
In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from
side-channel observation during the signing process) can easily recover the
long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this
session key in secure memory, to ensure that constant-time point operations are
used in the MPI library.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
mkefidsk currently writes a startup.nsh with embedded control characters.
This happens because \b etc are control sequences to the shell echo
command when using dash. The resulting startup.nsh causes the bootup
to fail, and the user is dropped into the EFI shell to manually run
startup.nsh.
Patch originally provided by Troy D. Hanson <troy.hanson@jhuapl.edu>
[YOCTO #9665]
Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 008d6cb5bb4969f53a228893c502be8c9420ecb0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: California Sullivan <california.l.sullivan@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
package_manager: don't race on a file when installing complementary
packages
the file isn't closed before oe-pkgdata-util uses it and this
temporary file might look empty to oe-pkgdata-util, because it
wasn't flushed yet. Which resulted in almost empty debugfs tarballs
and no locale packages in regular rootfs.
* without this change:
124K May 30 07:41 core-image-full-cmdline-raspberrypi3-64-20170530054003-dbg.rootfs.tar.gz
* with this change:
173M May 30 07:29 core-image-full-cmdline-raspberrypi3-64-20170530052715-dbg.rootfs.tar.gz
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 877d38db08aa7060d16405443cf70539c559fe82) Signed-off-by: Anders Darander <anders@chargestorm.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Max Krummenacher [Wed, 17 May 2017 20:11:34 +0000 (22:11 +0200)]
u-boot-mkimage: fix nativesdk build
If building for nativesdk the wrong rss sysroot is used leading the
following error message.
| ERROR: oe_runmake failed
| In file included from tools/imximage.c:13:0:
| include/image.h:1024:27: fatal error: openssl/evp.h: No such file or directory
| # include <openssl/evp.h>
Tools needed on the build host (script/basic/fixdep) and code compiled
for the SDK machine are both built with the build host's compiler,
leading to additinal errors.
Adding CROSS_COMPILE="${HOST_PREFIX}" and using the cross-compiler for
the SDK_ARCH fixes the build error.
The resulting binary in the SDK is working.
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Richard Purdie [Fri, 16 Jun 2017 08:42:30 +0000 (09:42 +0100)]
package_ipk: Clean up Source entry in ipk packages
There is the potential for sensitive information to leak through the urls
there and removing it brings this into the behavior of the other package
backends since filtering it is likely error prone.
Since ipks don't appear to be generated at all if we don't set this, set
the field to the recipe name used (basename only, no paths). This avoids
information leaking. We may want to drop the field if opkg can allow that
at a future point but the recipe name is a suitable identifier for now.
Reported-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Marek Vasut [Tue, 13 Jun 2017 13:39:14 +0000 (14:39 +0100)]
automake: Backport perl 5.22 fix
Backport 13f00eb4493c "automake: port to Perl 5.22 and later"
from automake upstream to fix build with perl 5.22 .
Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Daniel Díaz [Wed, 7 Jun 2017 14:51:21 +0000 (09:51 -0500)]
piglit: add patches for unbuildable surfaceless Mesa test
[Backported from master.]
Some EGL implementations do not actually ship all Khronos-
extensions. As it turns out, the Mali 450 driver does not
include any of the following symbols, used by the
egl_mesa_platform_surfaceless.c spec test:
* eglGetPlatformDisplay
* eglCreatePlatformPixmapSurface
* eglCreatePlatformWindowSurface
The Right Thing To Do was to obtain the implementation of
these functions (via eglGetProcAddress), as is provided
by their EXT counterparts. These are guaranteed to exist
since they are required by EGL_EXT_platform_base.
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When linking against Mali 450 r6, errors like the following
can be seen:
../../../../lib/libpiglitutil_gl.so.0: undefined reference to `gbm_bo_unmap'
../../../../lib/libpiglitutil_gl.so.0: undefined reference to `gbm_bo_map'
collect2: error: ld returned 1 exit status
make[2]: *** [bin/point-sprite] Error 1
This is due to gbm_bo_map() and gbm_bo_unmap() being recently
added but not yet implemented by all graphics drivers.
Instead of relying on GBM's version, actually try to link
against those symbols.
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Daniel Díaz [Wed, 7 Jun 2017 14:51:19 +0000 (09:51 -0500)]
piglit: depend on virtual/egl
[Backported from master.]
While building for Hikey using Mali 450 driver (r6p0), an
error like the following appears while linking:
[ 1%] Linking C shared library ../../../../lib/libpiglitutil.so
[...]
[...]/aarch64-linaro-linux/gcc/aarch64-linaro-linux/6.3.1/ld: cannot find -lEGL
collect2: error: ld returned 1 exit status
make[2]: *** [lib/libpiglitutil.so.0] Error 1
Mesa generally provides virtual/egl (along with virtual/libgl,
which satisfies Piglit's current DEPENDS) but that is not the
implementation to use with Mali.
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jonathan Liu [Thu, 8 Jun 2017 11:07:54 +0000 (21:07 +1000)]
image-vm: Avoid use of fold, tac and paste commands for DISK_SIGNATURE
These commands are not whitelisted by the HOSTTOOLS variable which
silently prevents the MBR disk signature from being written to the
image.
Reported-by: Michael Davis <michael.davis@essvote.com> Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joshua Lock [Fri, 19 May 2017 15:53:06 +0000 (16:53 +0100)]
kernel: predefine KBUILD_BUILD_USER and KBUILD_BUILD_HOST
By exporting KBUILD_BUILD_USER with a pre-defined value we improve the
reproducibility of the kernel and remove the requirement for whoami in the
HOSTTOOLS.
KBUILD_BUILD_HOST also helps improve the reproducibility of the kernel.
For more kernel reproducibility options see:
https://lwn.net/Articles/437864/
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER
mode protection mechanism and consequently read arbitrary files via the
use of the .libfile operator in a crafted postscript document.
Use-after-free vulnerability in Ghostscript 9.20 might allow remote
attackers to execute arbitrary code via vectors related to a reference
leak in .setdevice.
Ghostscript before 9.21 might allow remote attackers to bypass the SAFER
mode protection mechanism and consequently execute arbitrary code by
leveraging type confusion in .initialize_dsc_parser.
libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript,
has a NULL pointer dereference in the jbig2_huffman_get function in
jbig2_huffman.c. For example, the jbig2dec utility will
crash (segmentation fault) when parsing an invalid file.
Catalin Enache [Mon, 8 May 2017 13:42:59 +0000 (16:42 +0300)]
ghostscript: CVE-2016-8602, CVE-2017-7975
The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote
attackers to cause a denial of service (application crash) or possibly execute
arbitrary code via a crafted Postscript document that calls .sethalftone5 with an
empty operand stack.
Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because
of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c
during operations on a crafted JBIG2 file, leading to a denial of service (application
crash) or possibly execution of arbitrary code.
PR binutils/21156: Fix illegal memory accesses in readelf when
ing a corrupt binary.
PR binutils/21156: Fix another memory access error in readelf when
parsing a corrupt binary.
Signed-off-by: Fan Xin<fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Tue, 9 May 2017 09:31:36 +0000 (17:31 +0800)]
cve-check.bbclass: make warning contain CVE IDs
When warning users about unpatched CVE, we'd better put CVE IDs into
the warning message, so that it would be more straight forward for the
user to know which CVEs are not patched.
So instead of:
WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE, for more information check /path/to/workdir/cve/cve.log.
We should have:
WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE (CVE-2017-7869), for more information check /path/to/workdir/cve/cve.log.
Ross Burton [Mon, 5 Jun 2017 16:30:42 +0000 (17:30 +0100)]
oeqa/selftest: lock down Meson git revision for reliability
The test_recipetool_create_github test fetches HEAD of the repository so
upstream changes can (and do) break the test. Avoid these problems by passing
the rev= argument in the URL to lock the checkout to the same version that is
fetched in the github_tarball test.
Also pass the commands to runCmd() as a list instead of a string, the semicolon
in the URL needs more quotes if the shell is involved and passing a list
bypasses the shell entirely.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Mon, 29 May 2017 02:01:56 +0000 (14:01 +1200)]
scriptutils: fix fetch_uri() to work with RSS
Since recipe-specific sysroots were implemented, devtool add and devtool
upgrade operations that fetch from a URL that requires native sysroot
dependencies will fail to work as there is no recipe-specific sysroot
set up for them during fetching. An example was any URL pointing to a
tarball compressed with xz, e.g. devtool upgrade on gnutls.
The most expedient way to fix this is to set up a dummy recipe-specific
sysroot to use for the fetch/unpack operations. We do this in the same
manner as bitbake -b does, so we're just taking all of the sysroot
components available and creating a sysroot from those rather than
ensuring the correct dependencies are there - this means that we're
still going to have problems if e.g. xz-native hasn't been built yet,
but that issue will be trickier to solve and is tracked separately.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gna! project announced that the download site from gna.org HTTP server
will soon be closing down. We have verified that the site is no longer
accessible without network proxy cache. We need to update SRC_URI to
point to new alternative (nwl.cc HTTP server) in order to avoid fetcher
issues in future.
[YOCTO #11575]
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Zhixiong Chi [Thu, 20 Apr 2017 07:04:54 +0000 (15:04 +0800)]
bash: CVE-2016-0634
A vulnerability was found in a way bash expands the $HOSTNAME.
Injecting the hostname with malicious code would cause it to run
each time bash expanded \h in the prompt string.
Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
bash43-047> to solve CVE-2016-0634
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 8 May 2017 10:56:22 +0000 (11:56 +0100)]
staging: Allow BB_LIMITEDDEPS to avoid BB_TASKDEPDATA
In the limited dependency case we don't use any of the data from
BB_TASKDEPDATA. Restructure the code so this variable doesn't have
to be set. This allows the function to be called from other contexts
without creating artificial constructs. There should be no functional
change, behaviour remains unchanged.
Richard Purdie [Thu, 4 May 2017 10:59:14 +0000 (11:59 +0100)]
sstate: Ensure native/cross recipes have relocation of HOSTTOOLS_DIR
The previous change to relocate HOSTTOOLS wasn't complete as some files,
particularly in gcc stashed build directories were not being correctly
relocated. This patch addresses the issue.
Currently the file encodes full paths to various host tools in the
HOSTTOOLS directory which is bad in native and target cases. We can
simply use the versions from PATH quite safely in OE.
Maxin B. John [Tue, 9 May 2017 16:19:20 +0000 (19:19 +0300)]
useradd: remove preinst script referring to recipe sysroot
Remove recipe-specific-sysroot details from the preinst scripts
generated by useradd.bbclass.
This was added to match the default from bitbake.conf. Unlike the default
case, the dependencies used by useradd mean that a default passwd/group
file is always present. This means we don't need the native sysroot fallback.
Fixes [YOCTO #11460]
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
useradd.bbclass: Handle COMPONENTS_DIR when restoring state
The export of PSEUDO in useradd_sysroot() contains references to
${COMPONENTS_DIR}. These need to be handled when restoring
postinst-useradd-${PN} from the sstate cache.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
sstate.bbclass, staging.bbclass: Handle HOSTTOOLS_DIR when restoring state
Paths to host tools that have been copied to ${HOSTTOOLS_DIR} may end
up in the sstate cache. They thus need to be corrected when restoring
from the sstate cache.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bitbake.conf: Add HOSTTOOLS_DIR for ${TMPDIR}/hosttools
The path to where to install and find the tools copied from the host
environment is already used in a couple of places. This warrants it to
get its own variable.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In deb control files, each line of a long description starts with
a single space. Empty lines are represented by a single space
followed by a single full stop character.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jussi Kukkonen [Fri, 28 Apr 2017 11:54:34 +0000 (14:54 +0300)]
gst-player: Disable visualizations as workaround
Audio playback in gtk-play is broken with vaapi because the
visualizations do not work: disable visualizations as workaround.
This should be reverted as soon as [YOCTO #11410] is fixed.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and other products, does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document.
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript
9.20 allows remote attackers to cause a denial of service (divide-by-zero
error and application crash) via a crafted file.
The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file that is
mishandled in the PDF Transparency module.
The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file.
Yi Zhao [Thu, 13 Apr 2017 05:48:13 +0000 (13:48 +0800)]
bind: Security fix CVE-2016-6170
CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and
9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of
service (secondary DNS server crash) via a large AXFR response, and
possibly allows IXFR servers to cause a denial of service (IXFR client
crash) via a large IXFR response and allows remote authenticated users
to cause a denial of service (primary DNS server crash) via a large
UPDATE message.
Yi Zhao [Thu, 13 Apr 2017 05:48:12 +0000 (13:48 +0800)]
bind: Security fix CVE-2016-8864
CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before
9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause
a denial of service (assertion failure and daemon exit) via a DNAME
record in the answer section of a response to a recursive query,
related to db.c and resolver.c.
When install above rpm packages, the error log appears:
package lsb-setup-4.1.0-1.noarch is intended for a different operating system
......
So we should add option "--ignoreos" to the rpm install command in LSB_Test.sh
in ./meta/recipes-extended/lsb/lsbtest directory. In this way we can make sure
the correct installation of those rpm packages.
The YOCTO bug #11224 didn't create logs, this is because the above test rpm
packages didn't install.
[YOCTO #11224]
Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
cmake.bbclass: Do not use bitbake variable syntax for shell variables
Using bitbake variable syntax (i.e., ${FOO}) for shell variables is
bad practice. First of all it is confusing, but more importantly it
can lead to weird problems if someone actually defines a bitbake
variable with the same name as the shell variable.
Also use lower case for local shell variables.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Patrick Ohly [Thu, 13 Apr 2017 20:32:51 +0000 (22:32 +0200)]
runqemu: support virtio drive type
Setting QB_DRIVE_TYPE=/dev/vd selects virtio without triggering any
warnings. Previously, that was only possible by setting an unknown
value and relying on the fallback to virtio, which caused some
warnings to be printed.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Diego Rondini [Thu, 27 Apr 2017 13:28:40 +0000 (13:28 +0000)]
bitbake.conf: Add python2 to HOSTTOOLS
Add python2 to HOSTTOOLS as, according to
https://www.python.org/dev/peps/pep-0394/, the command "python2" should be the
one used in scripts that are not yet ported to Python 3.
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
devtool: Avoid touch sstates when cleaning linux-yocto environment
sstates are cleaned when ruining test_devtool_virtual_kernel_modify to
have a clean environment but this is affecting eSDK test that are
dependent of those sstates, hence “cleansstate” is replaced for
“clean”.
[YOCTO #11300]
Signed-off-by: Jose Perez Carranza <jose.perez.carranza@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
