Adrian Bunk [Sun, 29 Sep 2019 20:46:25 +0000 (23:46 +0300)]
json-c: Don't --enable-rdrand
In recent years AMD CPUs have had various problems with RDRAND
giving either non-random data or no result at all, which is
problematic if either build or target machine has a CPU with
this problem.
The fallback is /dev/urandom, and I'd trust the kernel here.
--enable-rdrand was added in an upgrade to a new upstream
version without mentioning any reason.
[YOCTO #13534]
Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ruslan Bilovol [Sat, 26 Jan 2019 12:57:57 +0000 (14:57 +0200)]
dhcp: drop lost patch
Commit 7cb42ae87ef9 "dhcp: update 4.4.1" dropped
0008-tweak-to-support-external-bind.patch
from recipe, but left the patch itself in source tree.
Remove this patch since nobody uses it.
Cc: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package. See the Go 1.11.11 milestone on our issue tracker for details.
go1.11.12 (released 2019/07/08) includes fixes to the compiler and the linker. See the Go 1.11.12 milestone on our issue tracker for details.
go1.11.13 (released 2019/08/13) includes security fixes to the net/http and net/url packages. See the Go 1.11.13 milestone on our issue tracker for details.
It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass
the -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document.
It was found that the superexec operator was available in the internal
dictionary in ghostscript before 9.27. A specially crafted PostScript
file could use this flaw in order to, for example, have access to the
file system outside of the constrains imposed by -dSAFER.
It was found that the forceput operator could be extracted from the
DefineResource method in ghostscript before 9.27. A specially crafted
PostScript file could use this flaw in order to, for example, have
access to the file system outside of the constrains imposed by -dSAFER.
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fix for CVE-2019-6116 is already in thud, so that has been removed] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OpkgPM: use --add-ignore-recommends to process BAD_RECOMMENDATIONS
Currently, BAD_RECOMMENDATIONS on the opkg backed relies on editing the
opkg status file (it sets BAD_RECOMMENDATIONS pkg want state to
deinstalled and pinned). This is brittle, and not consistent across the
different solver backends. Use new --add-ignore-recommends flag instead.
Robert Yang [Mon, 1 Jul 2019 03:49:36 +0000 (11:49 +0800)]
uboot-sign.bbclass: Remove tab indentations in python code
Use 4 spaces to replace a tab.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ross Burton [Mon, 24 Jun 2019 18:13:08 +0000 (19:13 +0100)]
glibc: backport CVE fixes
Backport the fixes for several CVEs from the 2.28 stable branch:
- CVE-2016-10739
- CVE-2018-19591
Signed-off-by: Ross Burton <ross.burton@intel.com>
[Dropped CVE-2019-9169 as its in my contrib already] Signed-off-by: Armin Kuster <akuster808@gmail.com>
Richard Purdie [Thu, 20 Jun 2019 14:05:28 +0000 (15:05 +0100)]
uninative: Update to 2.6 release
The 2.6 release contains both libcrypt.so.1 and libcrypt.so.2 which fixes
compatibility with recent fedora/suse releases.
The difference is one is built with obsolete APIs enabled and one disabled.
We now ship both in uninative for compatibility regardless of which distro
a binary is built on.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
When building root filesystems with any of the wpa_supplicant systemd
template service files enabled (current default is to have them disabled) the
systemd-native-fake script would not process the line:
According to the systemd documentation "WantedBy=foo.service in a service
bar.service is mostly equivalent to Alias=foo.service.wants/bar.service in
the same file." However, this is not really the intended purpose of install
Aliases.
Richard Purdie [Thu, 13 Dec 2018 14:46:30 +0000 (14:46 +0000)]
go-crosssdk: PN should use SDK_SYS, not TARGET_ARCH
The crosssdk dependencies are handled using the virtual/ namespace so
this name doesn't matter in the general sense. We want to be able to provide
recipe maintainer information through overrides though, so this standardises it
with the behaviour from gcc-crosssdk and ensures the maintainer overrides work.
Hongxu Jia [Mon, 19 Nov 2018 13:34:56 +0000 (08:34 -0500)]
go-target.inc: fix go not found while multilib enabled
Go binaries were installed to ${libdir}/go/bin, and create symlink
in ${bindir}, while enabling multilib, libdir was extended (such as
/usr/lib64), but BASELIB was not (still /lib), so use
baselib (such as /lib64)) to replace
CVE-2019-6461 and CVE-2019-6462 are patches taken from Clear Linux.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Dropped CVE-2018-19876, not affected]
Issue was introduced in 1.15.8 by:
commit 721b7ea0a785afaa04b6da63f970c3c57666fdfe
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CUPS 2.2.10 is a bug fix release that addresses issues in the scheduler, IPP Everywhere support, CUPS library, and USB printer support. Changes include:
CVE-2018-4300: Linux session cookies used a predictable random number seed.
The lpoptions command now works with IPP Everywhere printers that have not yet been added as local queues (Issue #5045)
Added USB quirk rules (Issue #5395, Issue #5443)
The generated PPD files for IPP Everywhere printers did not contain the cupsManualCopies keyword (Issue #5433)
Kerberos credentials might be truncated (Issue #5435)
The handling of MaxJobTime 0 did not match the documentation (Issue #5438)
Incorporated the page accounting changes from CUPS 2.3 (Issue #5439)
Fixed a bug adding a queue with the -E option (Issue #5440)
Fixed a crash bug when mapping PPD duplex options to IPP attributes (rdar://46183976)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CUPS 2.2.9 is a bug fix release that addresses issues in the scheduler,
IPP Everywhere support, CUPS library, and USB printer support. Changes include:
Localization changes (Issue #5348, Issue #5362, Issue #5408)
Documentation updates (Issue #5369)
The lpadmin command would create a non-working printer in some error cases
(Issue #5305)
The scheduler would crash if an empty AccessLog directive was specified
(Issue #5309)
Fixed a regression in the changes to ippValidateAttribute (Issue #5322,
Issue #5330)
Fixed a crash bug in the Epson dot matrix driver (Issue #5323)
Automatic debug logging of job errors did not work with systemd (Issue #5337)
The web interface did not list the IPP Everywhere "driver" (Issue #5338)
The IPP Everywhere "driver" now properly supports face-up printers
(Issue #5345)
Fixed some typos in the label printer drivers (Issue #5350)
Multi-file jobs could get stuck if the backend failed (Issue #5359,
Issue #5413)
The IPP Everywhere "driver" no longer does local filtering when printing to
a shared CUPS printer (Issue #5361)
The lpadmin command now correctly reports IPP errors when configuring an
IPP Everywhere printer (Issue #5370)
Fixed some memory leaks discovered by Coverity (Issue #5375)
The PPD compiler incorrectly terminated JCL options (Issue #5379)
The cupstestppd utility did not generate errors for missing/mismatched
CloseUI/JCLCloseUI keywords (Issue #5381)
The scheduler now reports the actual location of the log file (Issue #5398)
Added a USB quirk rule (Issue #5420)
The scheduler was being backgrounded on macOS, causing applications to spin
(rdar://40436080)
The scheduler did not validate that required initial request attributes were
in the operation group (rdar://41098178)
Authentication in the web interface did not work on macOS (rdar://41444473)
Fixed an issue with HTTP Digest authentication (rdar://41709086)
The scheduler could crash when job history was purged (rdar://42198057)
Dropped non-working RSS subscriptions UI from web interface templates.
Fixed a memory leak for some IPP (extension) syntaxes.
Richard Purdie [Wed, 15 May 2019 14:45:14 +0000 (15:45 +0100)]
core-image-sato-sdk-ptest: Tweak size to stay within 4GB limit
Adding the valgrind debug symbol information caused the genericx86-64 image to
overflow the 4GB boundary. Tweak the sizes to avoid autobuilder failures yet
leave enough space all the tests still run successfully.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Chee Yang Lee [Mon, 13 May 2019 04:07:09 +0000 (12:07 +0800)]
wic/bootimg-efi: replace hardcoded volume name with label
volume name should refer to --label in .wks.
Replace the hardcoded volume name with label.
set "ESP" as default name when no lable specified.
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Joshua Watt [Wed, 8 May 2019 16:16:23 +0000 (11:16 -0500)]
resulttool: Add option to dump all ptest logs
Adds an option to dump all the ptest logs to individual files in a
specified directory. If multiple test runs are present, the
'--prepend-run' argument will create separate directories for each test
run under the target directory and put the logs there to prevent each
test run from clobbering the others.
Alex Kiernan [Sun, 5 May 2019 05:24:27 +0000 (06:24 +0100)]
recipetool: fix unbound variable when fixed SRCREV can't be found
If attempting to find a fixed SRCREV fails because the directory doesn't exit,
avoid failing with:
Traceback (most recent call last):
File "/home/vagrant/poky/scripts/recipetool", line 121, in <module>
ret = main()
File "/home/vagrant/poky/scripts/recipetool", line 110, in main
ret = args.func(args)
File "/home/vagrant/poky/scripts/lib/recipetool/create.py", line 707, in create_recipe
srcrev = stdout.rstrip()
UnboundLocalError: local variable 'stdout' referenced before assignment
Fixes: 000480c42797 ("recipetool / devtool: set a fixed SRCREV by default when fetching from git") Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
resulttool/manualexecution: Enable test case configuration option
Current manualexecution required user to exceute all test cases defined inside a "modulename.json" file in oeqa/manual
There are cases when all test cases all not required to run for a module on specific DUT.
Enable manualexecution to have the optional feature where it will use pre-defined json format test case configuration file
where user will be able to select test cases from the "modulename.json" instead of running all of them. This will help
in reducing testing time and reporting unneccesary skip or failures.
Example pre-defined json format test case configuration file (for build-applince):
resulttool/manualexecution: Enable creation of configuration option file
Allow the creation of configuration option file based on user inputs.
Where this configuration option file will be used by the the manual
execution to display options for configuration rather than user
need to inputs configuration manually.
Signed-off-by: Yeoh Ee Peng <ee.peng.yeoh@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Hongxu Jia [Mon, 13 May 2019 15:12:46 +0000 (11:12 -0400)]
oeqa/targetcontrol.py: fix qemuparams not work in runqemu with launch_cmd
As runqemu with launch_cmd means directly run the command, don't need set
rootfs or env vars.
Since commit [a847dd7202 runqemu: Let qemuparams override default settings]
applied in oe-core, if launch_cmd contains "qemuparams='***'", it does not
work, which is overridden by latter qemuparams="-serial tcp:127.0.0.1" in
QemuRunner.launch();
So we set qemuparams as a parameter in runqemu, the fix makes it work
Richard Purdie [Sun, 12 May 2019 18:49:25 +0000 (19:49 +0100)]
oeqa/target/ssh: Replace suggogatepass with ignoring errors
We continued to see encoding problems with ssh commands run in oeqa. After much
research the conclusion was we should use ignore the errors since some occasional bad
locale encoding is better than the unicode decoding issues we were seeing which crashed
large parts of tests.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Richard Purdie [Thu, 9 May 2019 13:35:03 +0000 (14:35 +0100)]
oeqa/concurrenttest: Patch subunit module to handle classSetup failures
Currently setupClass errors were not being mapped back to the failing tests
and they were hence being marked as UNKNOWN and the test statistics were
inaccurate.
This is because whilst the errors were being encoded into the test results
stream, the decoder doesn't cope with an error outside a testStart event.
We patch in an addError handler to the outsideTest parser so that this
does get handled in a way similar to the non-concurrent case.
It would be nice if we didn't have to do this but there doesn't seem
to be any other way to fix this other than forking subunit.
We also make a minor change so another of our changes can cope with
tests without a start time.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
map unexpectedSuccesses to PASSED and improve the way they're displayed. We
expect/allow ptest runner to fail but if it passes we should handle it correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Richard Purdie [Wed, 1 May 2019 07:00:00 +0000 (08:00 +0100)]
oeqa/ssh: Avoid unicode decode exceptions
This code really needs to be rewritten to not split potential
multibyte characters, for now work around it to avoid exceptions like:
File "/home/pokybuild/yocto-worker/qa-extras2/build/meta/lib/oeqa/core/target/ssh.py", line 211, in run
data = reader.read(1024, 4096)
File "/usr/lib64/python3.6/codecs.py", line 503, in read
newchars, decodedbytes = self.decode(data, self.errors)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x92 in position 0: invalid start byte
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
oeqa/core/runner: dump stdout and stderr of each test case
Some CI pipelines might perform further processing of the test output
(for instance, to plot some metrics into a chart). However, Since `thud`
we switched away from the XML-based jUnit reporting, and at the same
time we lost the ability of collecting the stdout and stderr of the
various tests.
We now restore this functionality by adding `stdout` and `stderr` keys
to the JSON reports. This behavior is off by default; in order to enable
it, one must set the `TESTREPORT_FULLLOGS` variable in the bitbake
configuration.
Signed-off-by: Alberto Mardegan <amardegan@luxoft.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ming Liu [Fri, 5 Apr 2019 14:22:15 +0000 (16:22 +0200)]
opkg-utils: backport a patch to fix a sstate timestamp issue
When using sstate, two parallel builds can produce two packages
with the same mtime but different checksums. When later one of
those two builds fetches the others ipk, the package index does
not get udpated properly (since mtime matches). This ends up with
messages such as:
Downloading file:/../tmp/work/../image/...ipk.
Removing corrupt package file /../sysroot/../var/cache/opkg/volatile/...ipk
However, in that case, ctime is different. Use ctime instead of
mtime to prevent failures like this.
Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Andreas Müller [Wed, 17 Apr 2019 13:39:41 +0000 (15:39 +0200)]
adwaita-icon-theme: do not delete symbolic svg but pack them in ${PN}-symbolic
This fixes:
* gtk-icon-browser: for symbolic view almost all icons were missing
* xfce's thunar: 'home' and 'up' icons were missing. Had a long discussion with
XFCE-people [1] and asked here [2].
The subprocess.run was replaced by subprocess.check_call because
of compatibility support down to python 3.4. But we really don't
care about whether that command succeeds. Some user reports that
in some tmux environment, this command fails and gives some
unpleasant traceback output. So we use 'call' instead of 'check_call'
to avoid such problem.
image_types.bbclass: fix a race between the ubi and ubifs FSTYPES
The ubi, ubifs and multiubi FSTYPES calls `mkfs.ubifs' to create UBIFS
images.
In do_image_ubi, $vname is empty, the name of UBIFS image conflicts with
the one in do_image_ubifs, and it's a race risk.
[do_image_ubi]
mkfs.ubifs -r ${IMAGE_ROOTFS} -o ${IMGDEPLOYDIR}/${IMAGE_NAME}${vname}${IMAGE_NAME_SUFFIX}.ubifs ${mkubifs_args}
[do_image_ubi]
Richard Purdie [Thu, 11 Apr 2019 21:34:57 +0000 (22:34 +0100)]
e2fsprogs: Skip slow ptest tests
The slow tests run unreliably with our current setup/infrsstructure/timeouts.
There are only five slow ones and having the other ~250 run reliably without timeouts
is the priority right now. We can revisit the slow tests at some later date if wanted.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
