Robert Yang [Tue, 22 Aug 2017 01:23:12 +0000 (18:23 -0700)]
testimage.bbclass: update comments
It's very important to add IMAGE_CLASSES += "testimage" in local.conf firstly,
otherwise the var like TEST_LOG_DIR (defined in testimage.bbclass) will not be
in testdata.json.
[YOCTO #11547]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Tue, 22 Aug 2017 01:23:05 +0000 (18:23 -0700)]
runtime/cases/_ptest.py: revive it
* Make it work with current oeqa
* Skip the test if ptest is not in DISTRO_FEATURES
* Skip the test if ptest-pkgs is not in IMAGE_FEATURES
* The logs are saved to:
testimage/ptest_log -> testimage/ptest_log.<datetime>
* This provides data that could be used to detect regressions in ptest results
[YOCTO #11547]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OE-Core commit 1df60b09f7a60427795ec828c9c7180e4e52f98c caused a
regression in npm handling since it still expected to be able to get the
results of the license handling, but this no longer happens until after
the npm plugin is called. Thus, call the license handling function
ourselves here (which will record this as having been handled so it
doesn't get done again later).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Wed, 23 Aug 2017 12:14:47 +0000 (00:14 +1200)]
recipetool: create: fix broken import in npm module
With "import oe" in create_npm.py you get "AttributeError: module 'oe'
has no attribute 'package'" when it tries to call
oe.package.npm_split_package_dirs().
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 22 Aug 2017 21:58:02 +0000 (22:58 +0100)]
runqemu: Use virtio to mount cdrom drives
The IDE driver in the kernel is fragile and in 4.12 is causing backtraces.
To unblock 4.12 kernel merging use the virtio CD driver instead to mount
iso images which should be faster and more stable.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jackie Huang [Tue, 22 Aug 2017 06:34:24 +0000 (14:34 +0800)]
initscripts: split sushell into sub package
* sushell is required by systemd service debug-shell
when selinux is enabled, but it doesn't make sense
to make systemd depend on initscripts, so split sushell
into sub package initscripts-sushell.
* The bash dependency has been removed by:
''' 4917e36a77bd6821b45db52caa43939d344d92f6
initscripts: Fix regression for requiring /bin/bash
'''
so remove bash from RDEPENDS when selinux is enabled.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ibt-firmware was not packaged separately and was part of big linux-firmware
package. Packaging allows to install it separately, according to requirements.
Signed-off-by: Maciej Pijanowski <maciej.pijanowski@3mdeb.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Maxin B. John [Mon, 21 Aug 2017 15:09:45 +0000 (18:09 +0300)]
pkgconf: add recipe
pkgconf is a better replacement for pkg-config. Fedora 26 replaces the
system pkg-config implementation with pkgconf because it "provides better
support for handling .pc files and a stable library ABI/API for integrating
into applications." and is actively maintained, unlike pkg-config.
pkgconf aims to offer many improvements over pkg-config such as faster/more
efficient dependency resolver which "allows for the user to more conservatively
link their binaries -- which may be helpful in some environments, such as when
prelink(1) is being used.
pkgconf also aims to provide a more complete implementation of pkg-config.
The features most likely to benefit the Yocto Project build system are the
faster/more efficient dependency resolution and linker flag optimisation.
Move pkgconf recipe to oe-core from meta-pkgconf:
https://github.com/kergoth/meta-kergoth-wip/tree/master/meta-pkgconf
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ming Liu [Mon, 21 Aug 2017 11:45:52 +0000 (13:45 +0200)]
meta: move some text from oe-setup-builddir to conf-notes.txt
This allows the end users to be able to override the entire notes
showing on the shell console. For instance, Our company uses a
external conf-notes.txt, and we run bitbake with some extra variables,
looks like: F=xxx D=xxx M=xxx bitbake <target>, so we want to show
exactly these texts on the shell console, that's why we need this
change.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Before GNU tar 1.24, only the archive creation command had the '-h'
argument to preserve and follow symlinks. After >= 1.24 via commit 14efeb9f956e38d7be (tar: --dereference consistency) the capability to
preserve symlinks was also added to the archive extraction command.
-h is default at archive creation but is not default at extraction,
meaning that it will replace symlinks with directories even if the
original filesystem directory tree and archive contains them.
Add -h to the copyhardlinktree extraction step so the build can
support symlinks in variables like ${DEPLOY_DIR_IPK/RPM/DEB}.
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Juro Bystricky [Sat, 19 Aug 2017 17:21:57 +0000 (10:21 -0700)]
python2.7: improve reproducibility
The compiled .pyc files contain time stamp corresponding to the compile time.
This prevents binary reproducibility. This patch allows to achieve binary
reproducibility by overriding the build time stamp by the value
exported via SOURCE_DATE_EPOCH.
Patch by Bernhard M. Wiedemann, backported from https://github.com/python/cpython/pull/296
[YOCTO#11241]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 21 Aug 2017 02:58:22 +0000 (22:58 -0400)]
linux-yocto/4.10: CVE & misc fixes
Updating the 4.10 SRCREVs to import the following changes:
65370fa249e2 drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() 530ec12a0cb0 ACPICA: Namespace: fix operand cache leak b1098b5bbded char: lp: fix possible integer overflow in lp_setup() 56ee0c7811e5 dccp/tcp: do not inherit mc_list from parent 9f6cbd022bba nfsd: encoders mustn't use unitialized values in error cases 084036ebc243 nfsd: fix undefined behavior in nfsd4_layout_verify 973f780eeaa6 xen-blkback: don't leak stack data via response ring 20c4b5015fea brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() 1dff0f28b490 ipx: call ipxitf_put() in ioctl error path d666a8e60a45 mm: fix new crash in unmapped_area_topdown() 73d059ba1a17 mm: larger stack guard gap, between vmas
Bruce Ashfield [Mon, 21 Aug 2017 02:58:21 +0000 (22:58 -0400)]
kernel-yocto: ensure that only valid BSPs are built
There was a bug in the search routines responsible for locating
BSP definitions which returned a valid match if only the ktype
matched.
This meant that someone looking for "qemux86foo" (which is an
invalid definition) would potentially end up building "qemuarm"
and be none the wiser (until it didn't boot).
With this fix to the tools search routine, and improved return
code testing, we will now stop the build and report and error to
the user.
[YOCTO: #11878]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 21 Aug 2017 02:58:20 +0000 (22:58 -0400)]
qemu: bump default version to 4.12
Not all the qemu machines carry default kernel specifications.
While we could drop these references, we'll bump them to 4.12
to pick up the latest and remove them in future commits.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Tue, 22 Aug 2017 16:00:14 +0000 (12:00 -0400)]
linux-yocto: introduce 4.12 recipes
The 4.12 kernel will be the default/reference for the fall 2017
release.
These recipes represent the introduction of 4.12.7 + related kernel
meta data. Existing functionality has been validated against this
new kernel version, and older versions will be removed in separate
commits.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bruce Ashfield [Mon, 21 Aug 2017 02:58:15 +0000 (22:58 -0400)]
linux-yocto/4.1: fix fsl-ls10xx sdhci
mmc: sdhci: fix two compile errors
| CC drivers/mmc/host/sdhci.o
| drivers/mmc/host/sdhci.c: In function 'sdhci_execute_tuning':
| drivers/mmc/host/sdhci.c:1990:4: error: implicit
| declaration of function 'sdhci_do_reset'
| [-Werror=implicit-function-declaration]
| sdhci_do_reset(host, SDHCI_RESET_CMD);
| ^
| drivers/mmc/host/sdhci.c:2006:7: error: 'struct
| mmc_command' has no member named 'busy_timeout'
| cmd.busy_timeout = 50;
| ^
In function sdhci_execute_tuning, replace sdhci_do_reset
with sdhci_reset, replace busy_timeout with cmd_timeout_ms.
Commit a629a90ba0 adds eMMC DDR mode support for t2080qds and
modified some data structures and function name. Later
commit a2080cc280 just backport upstream commit 61e53bd004
without aligning the current source tree thus cause
these build errors. Fix them.
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joe Slater [Tue, 22 Aug 2017 21:14:46 +0000 (14:14 -0700)]
ghostscript: CVE-2017-9727, -9835, -11714
CVE-2017-9727: make bounds check in gx_ttfReader__Read more robust
CVE-2017-9835: bounds check the array allocations methods
CVE-2017-11714: prevent trying to reloc a freed object
Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Tue, 22 Aug 2017 22:10:20 +0000 (00:10 +0200)]
grub2: fix build on gcc where _FORTIFY_SOURCE is defined
* e.g. with gentoo gcc-7.1 they define _FORTIFY_SOURCE by default with:
https://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo/src/patchsets/gcc/7.1.0/gentoo/10_all_default-fortify-source.patch?view=markup
which results in following error while building grub-efi-native:
./config-util.h:1504:48: error: this use of "defined" may not be portable [-Werror=expansion-to-defined]
|| (defined _FORTIFY_SOURCE && 0 < _FORTIFY_SOURCE \
^~~~~~~~~~~~~~~
this part comes from gnulib and it's used only for Apple and BSD,
so we can ignore it, but we cannot add -Wno-error=expansion-to-defined
because this warning was introduced only in gcc-7 and older gcc
will fail with:
cc1: error: -Werror=expansion-to-defined: no option -Wexpansion-to-defined
use #pragma to work around this
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ruslan Bilovol [Tue, 22 Aug 2017 11:06:40 +0000 (14:06 +0300)]
machine-sdk: oldest kernel for x86/x86_64 is 3.2.0 now
With glibc upgrade to 2.26 release (commit d6a0bc57fa07
"glibc: Upgrade to 2.26 final release") it's not possible
to build x86/x86_64 SDK for kernels lower than 3.2.0
(see glibc commit 139ace95756a "Require Linux kernel 3.2
or later on x86 / x86_64.")
Thus drop SDK_OLDEST_KERNEL overrides from machine-specific
conf files, so default version 3.2.0 from conf/bitbake.conf
will be picked up.
Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Mon, 21 Aug 2017 20:56:59 +0000 (22:56 +0200)]
libcheck: fix file-rdeps QA issue
* Fixes:
ERROR: nativesdk-libcheck-0.10.0-r0 do_package_qa: QA Issue: /usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/bin/checkmk contained in package nativesdk-libcheck requires /usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/bin/gawk, but no providers found in RDEPENDS_nativesdk-libcheck? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Aníbal Limón [Tue, 22 Aug 2017 17:20:39 +0000 (12:20 -0500)]
apt: Upgrade to 1.2.24
Add new patches for enable builds on hosts that has GCC version
minor than 5 because doesn't support std::array and std::put_time,
those patches could be removed after get rid of Debian8 and Centos7
support.
Patches related to move ostable/triplettable insida data/ostable and
data/tupletable instead also needs to comply the new format of the
tables for arch detection.
Robert Yang [Mon, 21 Aug 2017 08:00:41 +0000 (01:00 -0700)]
strace: 4.17 -> 4.18
- Updated update-gawk-paths.patch.
- Updated Makefile-ptest.patch
- Removed 0008-replace-struct-ucontext-with-ucontext_t.patch which is already in
the source.
- The LIC_FILES_CHKSUM is changed because the years have been updated,
the contents are the same.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Mon, 21 Aug 2017 08:00:40 +0000 (01:00 -0700)]
e2fsprogs: 1.43.4 -> 1.43.5
Removed the following 2 patches which are already in the source:
- 0001-e2fsck-exit-with-exit-status-0-if-no-errors-were-fix.patch
- e2fsprogs-1.43-sysmacros.patch
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Hundebøll [Mon, 21 Aug 2017 09:21:34 +0000 (11:21 +0200)]
kernel-module-split: rrecommend kernel-image instead of rdepend
Hard depending on the kernel makes it impossible to install kernel
modules without getting the kernel image installed too. This is
inconvenient in e.g. initramdisks, where the kernel is loaded from
outside the initramdisk.
Making the kernel modules rrecommend kernel-image-<version> instead of
rdepending on it, makes it possible to install kernel modules without
the kernel image by setting "kernel-image" in BAD_RECOMMENDATIONS.
Signed-off-by: Martin Hundebøll <mnhu@prevas.dk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sona Sarmadi [Mon, 21 Aug 2017 12:05:34 +0000 (14:05 +0200)]
connman: Fix for CVE-2017-12865
dnsproxy: Fix crash on malformed DNS response
If the response query string is malformed, we might access memory
pass the end of "name" variable in parse_response().
[YOCTO #11959]
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The upstream install gpg by default and no gpg2
...
commit a69464b0b6dac88b360a13d3faf19dd7f2a0e02b
Author: Werner Koch <wk@gnupg.org>
Date: Sat Aug 5 14:39:32 2017 +0200
gpg: Install gpg by default under the name gpg.
...
Add --enable-gpg-is-gpg2 to revert it.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Mon, 21 Aug 2017 05:39:49 +0000 (17:39 +1200)]
recipetool: allow plugins to set LICENSE and LIC_FILES_CHKSUM
We were being a bit prescriptive in setting LICENSE and
LIC_FILES_CHKSUM. We can't always trust what's in the metadata
accompanying some source which plugins will almost always be pulling
from, however we do want to allow plugins to set the LICENSE and
LIC_FILES_CHKSUM values. Merge what we find in our license file scan
with what the plugin sends back.
Additionally, plugins can now add a "license" item to the handled list
in order to inhibit the normal LICENSE / LIC_FILES_CHKSUM handling if
they have already taken care of it completely.
Thanks to Mark Horn <mark.d.horn@intel.com> for prompting, testing and
fixing this patch.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Paul Eggleton [Mon, 21 Aug 2017 05:39:48 +0000 (17:39 +1200)]
recipetool: allow plugins to set PN / PV more easily
Previously if we were able to auto-determine the name from the URL, that
took precedence over any name that might be set in extravalues by a
plugin. Some plugins might be able to get a better idea of the name and
thus we should move defaulting of the name further down after the
plugins have had a chance to set it.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
devtool: import: new plugin to import the devtool workspace
Takes a tar archive created by 'devtool export' and imports (untars) it
into the workspace. Currently the whole tar archive is imported, there
is no way to limit what is imported.
devtool: export: new plugin to export the devtool workspace
By default, exports the whole workspace (all recipes) including the source code.
User can also limit what is exported with --included/--excluded flags. As
a result of this operation, a tar archive containing only workspace metadata
and its corresponding source code is created, which can be properly imported
with 'devtool import'.
devtool: upgrade: enable branch checking when revision is provided
When devtool upgrade is run on a recipe with revision specified
that is not on master branch, and branch isn't set by --srcbranch or -B,
then we should get the correct branch and append the branch to the URL.
If the revision was found on multiple branches, we will display error
to inform user to provide a correct branch and exit.
[YOCTO #11484]
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stanley Phoong [Mon, 21 Aug 2017 05:39:43 +0000 (17:39 +1200)]
recipetool: create: replacing PV in SRCURI
During recipe creation, it seems that the automation for replacing
${PV} at the SRCURI for tag, (e.g mbed-tls-${PV}) is causing some
issue due to PV assuming it's a git source. A fix is implemented in
this patch to resolve this issue.
Signed-off-by: Stanley Phoong <stanley.cheong.kwan.phoong@intel.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Stanley Phoong [Mon, 21 Aug 2017 05:39:42 +0000 (17:39 +1200)]
recipetool: create: handle git URLs specifying only a tag
If a git URL is passed to recipetool create with a tag=, recipetool
should handle it assuming that the tag is valid.
[YOCTO #11393]
Signed-off-by: Stanley Phoong <stanley.cheong.kwan.phoong@intel.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
recipetool: create: being able to set branch when revision is provided
This change is to improve the buildability of the recipe created by
recipetool and devtool.
When recipetool create is run on a git URL and a revision specified
that is not on master, and "branch=" isn't already in the URL, then
we should get the correct branch and append the branch to the URL.
If the revision was found on multiple branches and 'master' is not
in the list, we will display error to inform user to provide a
correct branch and exit.
[YOCTO #11389]
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
recipetool: create: disable PREMIRRORS and MIRRORS by default
When creating new recipes, we are almost certainly fetching a new
source rather that something that has already been fetched. I have
disable PREMIRRORS and MIRRORS settings in the recipe that created
by devtool while leaving an option for users to enable them manually
if needed. Since devtool already has this options, we need to ensure
that recipetool is able to handle the options passed from devtool.
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
devtool/copy_buildsystem: adds meta-skeleton layer in the eSDK installation.
The eSDK installation requires the meta-skeleton layer.
The build system might use the meta-skeleton recipes as layout
to create custom recipes. An example is the recipetool script
that uses the meta-skeleton kernel recipe when creating a custom
kernel recipe.
[YOCTO #11102]
Signed-off-by: Juan M Cruz Alcaraz <juan.m.cruz.alcaraz@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
initramfs-framework/setup-live: also boot live image if root=/dev/ram0
Our grub and syslinux bootloaders both define root=/dev/ram0 for live
images by default. Kernel docs show that root=/dev/ram0 is just a
sentinel value for the kernel to mount the initrd as root, which then
mounts and switches to the real root. This is exactly what our scripts
do, so just check for root=/dev/ram0 as well.
openssl10: rename back to openssl and make it the default via PREFERRED_VERSION
openssl 1.1 broke 3rd party layers a lot more than was expected; let's flip
the switch at the start of next development cycle.
Add a PROVIDES = "openssl10" to openssl 1.0 recipe; any dependency that is
not compatible with 1.1 should use that in its DEPENDS, as the 1.0
recipe will later be renamed back to openssl10. This does not always work:
http://lists.openembedded.org/pipermail/openembedded-core/2017-August/140957.html
but for many recipes it does.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mark Hatle [Fri, 18 Aug 2017 19:12:33 +0000 (14:12 -0500)]
prelink: Change the behavior to avoid checking USER_CLASSES
The behavior before this change was to check USER_CLASSES and adjust
the install script to return either exit 0 (don't do anything) or
exit 1 (run on first boot). This enabled a user to include the prelink
package without enablign the image-prelink bbclass and get a first boot
prelink.
Checking USER_CLASSES is not desired, as an image should be able to simply
inherit the image-prelink and get the same type of behavior. Modifying
the recipe based on the inclusion of a class is a bad idea as it makes
this style work more difficult. So we move to a more defined strategy
based on exist uses. (That we know of...)
If we ae doing a cross install, we want to avoid prelinking.
Prelinking during a cross install should be handled by the image-prelink
bbclass. If the user desires this to run on the target at first boot
they will need to create a custom boot script.
[YOCTO #11169]
Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joe Slater [Fri, 18 Aug 2017 17:43:44 +0000 (10:43 -0700)]
ruby: fix CVE-2017-922{6-9}
CVE-2017-9226 : check too big code point value for single byte
CVE-2017-9227 : access to invalid address by reg->dmin value
CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class()
CVE-2017-9229 : access to invalid address by reg->dmax value
Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Andreas Müller [Thu, 10 Aug 2017 09:37:55 +0000 (11:37 +0200)]
mesa: update to 17.1.6
Optional installation of khrplatform.h was implemented upstream by a slightly
different approach -> 0001-mapi-Only-install-khrplatform.h-with-EGL-or-GLES.patch
can be removed.
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* without this package installed any WebKitGTK+ based browser
will fail to correctly open html files (and other files)
from disk (file:// URIs). It will open them as plain txt files.
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ooi Cinly [Wed, 16 Aug 2017 01:17:50 +0000 (09:17 +0800)]
libtool: remove /absolute/path/to/host references
Removed all instances of -fdebug-prefix-map in LTCFLAGS
declaration because they contain references to host system
and are not needed.
/absolute/path/to/host/dd was replaced with 'dd' in
lt_truncate_bin declaration.
Please take note that the location of regex is important
for DEBUG_PREFIX_MAP. Removal of DEBUG_PREFIX_MAP has to be
done before other regex command modify its option value.
Both are modified because they affect binary reproducibility.
[YOCTO #11656]
Signed-off-by: Ooi Cinly <cinly.ooi@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Thu, 17 Aug 2017 05:43:17 +0000 (22:43 -0700)]
rootfs-postcommands.bbclass: Filter out dangling symlinks in ssh_allow_empty_password()
In images built with pam in DISTRO_FEATURES, we end up with dangling symlinks
if su is not packaged into image
$ ls /mnt/a/oe/build/tmp/work/raspberrypi3-bec-linux-gnueabi/core-image-minimal/1.0-r0/rootfs/etc/pam.d/su-l -l
lrwxrwxrwx 1 kraj users 2 Aug 9 07:56 /mnt/a/oe/build/tmp/work/raspberrypi3-bec-linux-gnueabi/core-image-minimal/1.0-r0/rootfs/etc/pam.d/su-l -> su
This causes image do_rootfs to fail
| sed: can't read /mnt/a/oe/build/tmp/work/raspberrypi3-bec-linux-gnueabi/core-image-minimal/1.0-r0/rootfs/etc/pam.d/s
u-l: No such file or directory
| WARNING: /mnt/a/oe/build/tmp/work/raspberrypi3-bec-linux-gnueabi/core-image-minimal/1.0-r0/temp/run.ssh_allow_empty_
password.19238:1 exit 2 from 'sed -i 's/nullok_secure/nullok/' /mnt/a/oe/build/tmp/work/raspberrypi3-bec-linux-gnueabi
/core-image-minimal/1.0-r0/rootfs/etc/pam.d/*'
Therefore we need to filter out dangling symlinks before sed'ing
things out
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Jackie Huang [Thu, 17 Aug 2017 06:44:29 +0000 (14:44 +0800)]
libsndfile1: Fix CVE-2017-8363
Backport the patch to fix CVE-2017-8363:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (heap-based buffer
over-read and application crash) via a crafted audio file.
Jackie Huang [Thu, 17 Aug 2017 06:44:28 +0000 (14:44 +0800)]
libsndfile1: Fix CVE-2017-8362
Backport the patch to fix CVE-2017-8362:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (invalid read and
application crash) via a crafted audio file.
Jackie Huang [Thu, 17 Aug 2017 06:44:27 +0000 (14:44 +0800)]
libsndfile1: Fix CVE-2017-8361 and CVE-2017-8365
Backport the patch to fix two CVEs:
CVE-2017-8361:
The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows
remote attackers to cause a denial of service (buffer overflow and
application crash) or possibly have unspecified other impact via a
crafted audio file.
CVE-2017-8365:
The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote
attackers to cause a denial of service (buffer over-read and application
crash) via a crafted audio file.
Yi Zhao [Thu, 17 Aug 2017 07:40:30 +0000 (15:40 +0800)]
wget: Security fix CVE-2017-6508
CVE-2017-6508: CRLF injection vulnerability in the url_parse function in
url.c in Wget through 1.19.1 allows remote attackers to inject arbitrary
HTTP headers via CRLF sequences in the host subcomponent of a URL.
Jackie Huang [Thu, 17 Aug 2017 07:39:13 +0000 (15:39 +0800)]
xserver-xorg: Fix CVE-2017-10971
Backport 3 patches to fix CVE-2017-10971:
In the X.Org X server before 2017-06-19, a user authenticated to an X
Session could crash or execute code in the context of the X Server by
exploiting a stack overflow in the endianness conversion of X Events.
Andrej Valek [Thu, 17 Aug 2017 13:16:01 +0000 (15:16 +0200)]
copy_buildsystem: include layer tree during build structure creation
When buildsystem with layer structure is going to be copied, only the last
meta-XXX layer is taken.
For example, during ext_sdk bblayers creating:
layers/oe/meta \
layers/oe/meta-oe \
layers/oe/meta-networking \
layers/oe/meta-webserver \
...
It restructured meta-oe, meta-networking,... contents into meta-oe.
Recipes from meta-oe will be on the same level like meta-networking,
meta-webserver, ... .
It should take the whole meta path instead of the last one.
layers/oe/meta \
layers/oe/meta-oe/meta-oe \
layers/oe/meta-oe/meta-networking \
layers/oe/meta-oe/meta-webserver \
...
Now the directory structure is the same like during build creation.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
report-error: provide distro identifier string in case of uninative build
Besides providing the NATIVELSBSTRING, include distro info when creating
the (json) error report. This information provides better info than the
standard 'universal*' string for uninative builds.
[YOCTO #11824]
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
