Armin Kuster [Mon, 22 Oct 2018 14:05:12 +0000 (15:05 +0100)]
tzdata: update to 2018f
Briefly:
Volgograd moves from +03 to +04 on 2018-10-28.
Fiji ends DST 2019-01-13, not 2019-01-20.
Most of Chile changes DST dates, effective 2019-04-06.
Changes to future timestamps
Volgograd moves from +03 to +04 on 2018-10-28 at 02:00.
(Thanks to Alexander Fetisov and Stepan Golosunov.)
Fiji ends DST 2019-01-13 instead of the 2019-01-20 previously
predicted. (Thanks to Raymond Kumar.) Adjust future predictions
accordingly.
Most of Chile will end DST on the first Saturday in April at 24:00 mainland
time, and resume DST on the first Saturday in September at 24:00 mainland
time. The changes are effective from 2019-04-06, and do not affect the
Magallanes region modeled by America/Punta_Arenas. (Thanks to Juan Correa
and Tim Parenti.) Adjust future predictions accordingly.
Changes to past timestamps
The 2018-05-05 North Korea 30-minute time zone change took place
at 23:30 the previous day, not at 00:00 that day.
China's 1988 spring-forward transition was on April 17, not
April 10. Its DST transitions in 1986/91 were at 02:00, not 00:00.
(Thanks to P Chan.)
Fix several issues for Macau before 1992. Macau's pre-1904 LMT
was off by 10 s. Macau switched to +08 in 1904 not 1912, and
temporarily switched to +09/+10 during World War II. Macau
observed DST in 1942/79, not 1961/80, and there were several
errors for transition times and dates. (Thanks to P Chan.)
The 1948-1951 fallback transitions in Japan were at 25:00 on
September's second Saturday, not at 24:00. (Thanks to Phake Nick.)
zic turns this into 01:00 on the day after September's second
Saturday, which is the best that POSIX or C platforms can do.
Incorporate 1940-1949 Asia/Shanghai DST transitions from a 2014
paper by Li Yu, replacing more-questionable data from Shanks.
Changes to time zone abbreviations
Use "PST" and "PDT" for Philippine time. (Thanks to Paul Goyette.)
Changes to documentation
New restrictions: A Rule name must start with a character that
is neither an ASCII digit nor "-" nor "+", and an unquoted name
should not use characters in the set "!$%&'()*,/:;<=>?@[\]^`{|}~".
The latter restriction makes room for future extensions (a
possibility noted by Tom Lane).
tzfile.5 now documents what time types apply before the first and
after the last transition, if any.
Documentation now uses the spelling "timezone" for a TZ setting
that determines timestamp history, and "time zone" for a
geographic region currently sharing the same standard time.
The name "TZif" is now used for the tz binary data format.
tz-link.htm now mentions the A0 TimeZone Migration utilities.
(Thanks to Aldrin Martoq for the link.)
Changes to build procedure
New 'make' target 'rearguard_tarballs' to build the rearguard
tarball only. This is a convenience on platforms that lack lzip
if you want to build the rearguard tarball. (Problem reported by
Deborah Goldsmith.)
tzdata.zi is now more stable from release to release. (Problem
noted by Tom Lane.) It is also a bit shorter.
tzdata.zi now can contain comment lines documenting configuration
information, such as which data format was selected, which input
files were used, and how leap seconds are treated. (Problems
noted by Lester Caine and Brian Inglis.) If the Makefile defaults
are used these comment lines are absent, for backward
compatibility. A redistributor intending to alter its copy of the
files should also append "-LABEL" to the 'version' file's first
line, where "LABEL" identifies the redistributor's change.
(From OE-Core rev: 9d786808fb9471eff46d95dd354f6254e468aa17)
Armin Kuster [Mon, 22 Oct 2018 14:05:11 +0000 (15:05 +0100)]
tzcode: update to 2018f
Changes to code
zic now always generates TZif files where time type 0 is used for
timestamps before the first transition. This simplifies the
reading of TZif files and should not affect behavior of existing
TZif readers because the same set of time types is used; only
their internal indexes may have changed. This affects only the
legacy zones EST5EDT, CST6CDT, MST7MDT, PST8PDT, CET, MET, and
EET, which previously used nonzero types for these timestamps.
Because of the type 0 change, zic no longer outputs a dummy
transition at time -2**59 (before the Big Bang), as clients should
no longer need this to handle historical timestamps correctly.
This reverts a change introduced in 2013d and shrinks most TZif
files by a few bytes.
zic now supports negative time-of-day in Rule and Leap lines, e.g.,
"Rule X min max - Apr lastSun -6:00 1:00 -" means the transition
occurs at 18:00 on the Saturday before the last Sunday in April.
This behavior was documented in 2018a but the code did not
entirely match the documentation.
localtime.c no longer requires at least one time type in TZif
files that lack transitions or have a POSIX-style TZ string. This
future-proofs the code against possible future extensions to the
format that would allow TZif files with POSIX-style TZ strings and
without transitions or time types.
A read-access subscript error in localtime.c has been fixed.
It could occur only in TZif files with timecnt == 0, something that
does not happen in practice now but could happen in future versions.
localtime.c no longer ignores TZif POSIX-style TZ strings that
specify only standard time. Instead, these TZ strings now
override the default time type for timestamps after the last
transition (or for all time stamps if there are no transitions),
just as DST strings specifying DST have always done.
leapseconds.awk now outputs "#updated" and "#expires" comments,
and supports leap seconds at the ends of months other than June
and December. (Inspired by suggestions from Chris Woodbury.)
(From OE-Core rev: 4670dcdb6e2504469c30ebed828d4702d8c0003c)
Armin Kuster [Fri, 4 May 2018 17:05:16 +0000 (10:05 -0700)]
tzdata: update to 2018e
Briefly:
North Korea switches back to +09 on 2018-05-05.
The main format uses negative DST again, for Ireland etc.
'make tarballs' now also builds a rearguard tarball.
New 's' and 'd' suffixes in SAVE columns of Rule and Zone lines.
Changes to past and future time stamps
North Korea switches back from +0830 to +09 on 2018-05-05.
(Thanks to Kang Seonghoon, Arthur David Olson, Seo Sanghyeon,
and Tim Parenti.)
Bring back the negative-DST changes of 2018a, except be more
compatible with data parsers that do not support negative DST.
Also, this now affects historical time stamps in Namibia and the
former Czechoslovakia, not just Ireland. The main format now uses
negative DST to model time stamps in Europe/Dublin (from 1971 on),
Europe/Prague (1946/7), and Africa/Windhoek (1994/2017). This
does not affect UT offsets, only time zone abbreviations and the
tm_isdst flag. Also, this does not affect rearguard or vanguard
formats; effectively the main format now uses vanguard instead of
rearguard format. Data parsers that do not support negative DST
can still use data from the rearguard tarball described below
Armin Kuster [Fri, 4 May 2018 17:05:15 +0000 (10:05 -0700)]
tzcode-native: updatet to 2018e
Changes to build procedure
The command 'make tarballs' now also builds the tarball
tzdataVERSION-rearguard.tar.gz, which is like tzdataVERSION.tar.gz
except that it uses rearguard format intended for trailing-edge
data parsers.
Changes to data format and to code
The SAVE column of Rule and Zone lines can now have an 's' or 'd'
suffix, which specifies whether the adjusted time is standard time
or daylight saving time. If no suffix is given, daylight saving
time is used if and only if the SAVE column is nonzero; this is
the longstanding behavior. Although this new feature is not used
in tzdata, it could be used to specify the legal time in Namibia
1994-2017, as opposed to the popular time (see below).
Changes to past time stamps
From 1994 through 2017 Namibia observed DST in winter, not summer.
That is, it used negative DST, as Ireland still does. This change
does not affect UTC offsets; it affects only the tm_isdst flag and
the abbreviation used during summer, which is now CAT, not WAST.
Although (as noted by Michael Deckers) summer and winter time were
both simply called "standard time" in Namibian law, in common
practice winter time was considered to be DST (as noted by Stephen
Colebourne). The full effect of this change is only in vanguard
format; in rearguard and main format, the tm_isdst flag is still
zero in winter and nonzero in summer.
In 1946/7 Czechoslovakia also observed negative DST in winter.
The full effect of this change is only in vanguard format; in
rearguard and main formats, it is modeled as plain GMT without
daylight saving. Also, the dates of some 1944/5 DST transitions
in Czechoslovakia have been changed.
(From OE-Core rev: aeb3d295581908ca9a9d8f1705f70b49b2de32e3)
Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
The fix is similar to what was done for PowerPC32.
It solves below error, while compiling for PowerPC64,
-- snip --
| ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c: In function 'usage':
| ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:3: warning: implicit declaration of function 'fprintf' [-Wimplicit-function-declaration]
| fprintf(stderr,
| ^~~~~~~
| ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:3: warning: incompatible implicit declaration of built-in function 'fprintf'
| ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:3: note: include '<stdio.h>' or provide a declaration of 'fprintf'
| ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:11: error: 'stderr' undeclared (first use in this function)
| fprintf(stderr,
| ^~~~~~
-- snip --
Zhixiong Chi [Wed, 11 Apr 2018 08:26:18 +0000 (16:26 +0800)]
valgrind: fix the shared object issue while prelink ptest
If valgrind-ptest is installed, we will get the some prelink error
like below at do_image:
.../usr/sbin/prelink: /usr/lib64/valgrind/ptest/memcheck/tests/wrap7:\
Could not find one of the dependencies: \
.../usr/sbin//prelink-rtld: error \
while loading shared libraries: wrap7so.so: cannot open shared \
object file: No such file or directory
The wrap7 needs to link the shared object in the path
/usr/lib64/valgrind/ptest/memcheck/tests, but it fails.
So we correct the path for ptest.
toolchain-scripts: preserve host path in environment setup script
The environment setup script generated in the build directory sets the PATH
variable by expanding ${PATH} which would have host paths filtered. Sourcing
this script to run runqemu will not work as it complains host stty (/bin/stty)
cannot be found.
To resolve this, the script no longer expands ${PATH} during generation time,
instead it will now source oe-init-build-env to initialize the build
environment so that all host paths will be preserved. Also be sure to prepend
STAGING_BINDIR_TOOLCHAIN to the PATH variable so that the toolchain from the
build directory can be found.
lsb/lsbtests: Update package lists to use latest version of binary
Currently package list is pointing to "lsb-setup-4.1.0-1.noarch.rpm"
which is not available anymore on
http://ftp.linuxfoundation.org/pub/lsb/base/released-all/binary/ hence
BASE_PACKAGES_LIST is updated to point to the latest available version.
Anuj Mittal [Tue, 16 Oct 2018 02:47:12 +0000 (10:47 +0800)]
perl: skip tests that are not useful
Some tests, like the one that compares the hashes for a list of files
against those stored in a .dat file, don't make sense for downstream
distros packaging perl.
Backport a patch from upstream that allows skipping of these tests at
runtime. Also remove the local patch trying to keep hashes up-to-date
for one of those tests.
Kai Kang [Fri, 25 May 2018 02:48:23 +0000 (10:48 +0800)]
shadow: update ownership and permission of /var/spool/mail
Update shadow to change ownership of /var/spool/mail from root:root to
root:mail and permission from 0755 to 0775 just as in most popular
distributions such as fedora and debian(It also set setgid bit in debian
but we don't need it).
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
newgidmap: enforce setgroups=deny if self-mapping a group
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by dropping supplementary groups that were "blacklisted" from
certain paths.
This is the simplest fix for the underlying issue, and effectively makes
it so that unless a user has a valid mapping set in /etc/subgid (which
only administrators can modify) -- and they are currently trying to use
that mapping -- then /proc/$pid/setgroups will be set to deny. This
workaround is only partial, because ideally it should be possible to set
an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
administrators to further restrict newgidmap(1).
We also don't write anything in the "allow" case because "allow" is the
default, and users may have already written "deny" even if they
technically are allowed to use setgroups. And we don't write anything if
the setgroups policy is already "deny".
linux-firmware: fix the mess of licenses
* LICENSE_CREATE_PACKAGE functionality in license.bbclass when enabled
adds new package with suffix:
LICENSE_PACKAGE_SUFFIX ??= "-lic"
but then it checks if ${PN}-${LICENSE_PACKAGE_SUFFIX} is included
in PACKAGES before adding it and when found it shows:
WARNING: linux-firmware-1_0.0+gitAUTOINC+4c0bf113a5-r0 do_package: linux-firmware-lic package already existed in linux-firmware.
and doesn't add the ${PN}-lic to PACKAGES and causes another warning:
WARNING: linux-firmware-1_0.0+gitAUTOINC+4c0bf113a5-r0 do_package: QA Issue: linux-firmware: Files/directories were installed but not shipped in any package:
/usr
/usr/share
/usr/share/licenses
/usr/share/licenses/linux-firmware
that's because it was searching ${PN}-lic in PACKAGES as a string
so it found ${PN}-lic as a substring of ${PN}-license, add a split
to search in an list
license.bbclass: Minor simplification of get_deployed_dependencies()
Since ${SSTATE_ARCHS} now contains ${PACKAGE_EXTRA_ARCHS} there is no
longer any need to add those extra architectures to the list of
architectures handled in get_deployed_dependencies().
Daniel DÃaz [Tue, 14 Aug 2018 14:47:03 +0000 (09:47 -0500)]
multilib_header: recognize BPF as a target
When building with `clang -target bpf` using the
multilib_header, a recursion was unavoidable because
bits/wordsize.h would #include itself, still lacking
a definition for __MHWORDSIZE or __WORDSIZE.
Derek Straka [Tue, 30 Jan 2018 03:04:39 +0000 (22:04 -0500)]
python-native: add dependency for gdbm and db native packages
These two packages are required to ensure the manifest files contain
all of the generated packages. Without this, the db and gdbm packages
will not contain the .so files as they are skipped during the compilation steps
Ross Burton [Mon, 13 Aug 2018 23:59:39 +0000 (00:59 +0100)]
bzip2: use Yocto Project mirror for SRC_URI
The bzip.org domain expired and is now a holding site for adverts, so we can't
trust a tarball that appears on that site (luckily we have source checksums to
detect this).
For now, point SRC_URI at the tarball in the Yocto Project source mirror, but
set HOMEPAGE and UPSTREAM_CHECK_URI to the sourceware.org/bzip2/ page which
apparently will be resurrected as the new canonical home page.
Ross Burton [Mon, 13 Aug 2018 17:20:54 +0000 (18:20 +0100)]
classes: sanity-check LIC_FILES_CHKSUM
We assume that LIC_FILES_CHKSUM is a file: URI but don't actually verify this,
which can lead to problems if you have a URI that resolves to a path of / as
Bitbake will then dutifully checksum / recursively.
module-base.bbclass: fix out-of-tree module builds with custom EXTRA_OEMAKE
Commit d2aa88a6a92985f21414fceea2dc0facbf7f8779 was meant to backport build
dependencies on bc-native and openssl-native, but it also changed execution
of do_make_scripts() from calling make directly to using oe_runmake. That
change was made in master/sumo as part of a separate make-mod-scripts recipe.
Unfortunately, that doesn't work here in rocko in the context of module-base
class, as it gets executed inside out-of-tree module environment. Quite often
those out-of-tree modules provide own Makefile with custom EXTRA_OEMAKE var
defined. But do_make_scripts() gets executed within STAGING_KERNEL_DIR and
cannot simply use custom EXTRA_OEMAKE set by a module.
Move back to calling make and passing HOSTCC/HOSTCPP directly w/o using
EXTRA_OEMAKE.
For more details please see:
http://lists.openembedded.org/pipermail/openembedded-core/2018-August/154189.html
CVE-2017-16612: Fix heap overflows when parsing malicious files
It is possible to trigger heap overflows due to an integer overflow
while parsing images and a signedness issue while parsing comments.
The integer overflow occurs because the chosen limit 0x10000 for
dimensions is too large for 32 bit systems, because each pixel takes 4 bytes.
Properly chosen values allow an overflow which in turn will lead to less
allocated memory than needed for subsequent reads.
The signedness bug is triggered by reading the length of a comment
as unsigned int, but casting it to int when calling the function
XcursorCommentCreate. Turning length into a negative value allows the
check against XCURSOR_COMMENT_MAX_LEN to pass, and the following
addition of sizeof (XcursorComment) + 1 makes it possible to allocate
less memory than needed for subsequent reads.
Chen Qi [Mon, 14 May 2018 08:35:22 +0000 (16:35 +0800)]
devtool/sdk.py: error out in case of downloading file failure
It's possible that downloading file from updateserver fails. In
this case, we should error out instead of continue.
We have users reporting unexpected behavior of 'devtool sdk-update'.
When an invalid url is supplied, e.g., `devtool sdk-update http://invalid',
the program reports 'Note: Already up-to-date'.
This is obviously not expected. We should error out in such case.
Whenever perf got rebuilt, I was consistently getting errors such as
| find: '[...]/perf/1.0-r9/perf-1.0/plugin_mac80211.so': No such file or directory
| find: '[...]/perf/1.0-r9/perf-1.0/plugin_mac80211.so': No such file or directory
| find: find: '[...]/perf/1.0-r9/perf-1.0/libtraceevent.a''[...]/perf/1.0-r9/perf-1.0/libtraceevent.a': No such file or directory: No such file or directory
|
[...]
| find: cannot delete '/mnt/xfs/devel/pil/yocto/tmp-glibc/work/wandboard-oe-linux-gnueabi/perf/1.0-r9/perf-1.0/util/.pstack.o.cmd': No such file or directory
breaking the whole build. The root cause seems to be that the implicit
'make clean' done during do_configure ends up running in parallel, and
thus multiple find commands attempt to stat and/or delete the same
file.
A patch disabling parallelism for the clean target has been ack'ed
upstream (lkml.kernel.org/r/20180705134955.GB3686@krava), but it should
be harmless to pass JOBS=1 even with a fixed kernel. This can be removed
if and when all relevant -stable kernels have that patch.
Ross Burton [Fri, 9 Mar 2018 18:56:10 +0000 (20:56 +0200)]
cryptodev: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
One of the tarball mirrors is down; the other is blocked by Intel's corporate proxy
for being deemed 'suspicious' (the same problem might pop up in other
companies as well). Let's just take the source from github.
Ross Burton [Wed, 15 Nov 2017 16:47:41 +0000 (16:47 +0000)]
ovmf: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
Martin Jansa [Thu, 24 May 2018 14:56:01 +0000 (14:56 +0000)]
perf: fix build with kernel older than 4.8
* perf is failing to build for me since this oe-core commit:
commit 9b38c824961fc9dce51bda95c25dac91a69fc64f
Author: Hongxu Jia <hongxu.jia@windriver.com>
Date: Tue Apr 24 11:33:47 2018 +0800
perf: make a copy of kernel source to perf workdir
the problem is that perf sources in kernel older than 4.8 (in my case
4.4) are depending on the "global" include headers outside tools
directory, e.g. swab.h in:
kernel-source/tools$ git grep swab.h
perf/MANIFEST:include/linux/swab.h
perf/MANIFEST:include/uapi/linux/swab.h
perf/util/include/asm/byteorder.h:#include "../../../../include/uapi/linux/swab.h"
this was resolved in 4.8 with:
commit 7e3f36411342a54f1981fa97b43550b8406a3d69
Author: Arnaldo Carvalho de Melo <acme@redhat.com>
Date: Mon Jul 18 17:42:16 2016 -0300
Not used anymore. This also stops include linux/swab.h directly
from the kernel sources, remove that reference from the MANIFEST.
and few more changes to make tools/include more complete and standalone:
tools/include in 4.15:
asm asm-generic linux tools trace uapi
tools/include in 4.4:
asm asm-generic linux tools
but copying the include header even for kernels which don't really
need it doesn't add big overhead, so just copy include to perf sources
for all kernels.
perf: make a copy of kernel source to perf workdir
Since perf contaminates linux shared workdir, it probably caused
kernel-devsrc compile failure at world build.
...
|0 blocks
|cpio: ./tools/perf/arch/arm/util/sedr7ORqk: Cannot stat:
No such file or directory
|0 blocks
...
cpio tried to find a file at ${S}/tools/perf and failed
if the input list is not valid.
Make a copy of kernel shared source directory into a perf workdir
could fix the issue.
Bruce Ashfield [Sat, 28 Jul 2018 08:49:50 +0000 (16:49 +0800)]
make-mod-scripts: add build requirements for external modules
Newer kernels (4.14/v4.15+) have dependencies for the build of
modules (and hence external modules). Without these dependencies
explicitly in the build chain, you can end up with build failures like:
work-shared/qemux86/kernel-source/scripts/extract-cert.c:21:25: fatal
error: openssl/bio.h: No such file or directory
| #include <openssl/bio.h>
| ^
| compilation terminated.
| make[2]: *** [scripts/extract-cert] Error 1
| make[1]: *** [scripts] Error 2
To ensure that these headers are in place, and that the scripts use
our build environment flags, we add a dependency on openssl-native
and use oe_make to invoke the build.
Older kernels have no issues with the extra dependency, so there's no
need to make this conditional.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Tweaked to have changes in module*.bbclass instead from where
make-mod-scripts was split in sumo] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
