aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2016-07-13report-error: Allow to upload reports automaticallyjansa/dizzyMartin Jansa
* useful when distro wants to collect build statistics from all users/developers without any manual interaction from them Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13qemux86: Add identical qemux86copy variant for testsMartin Jansa
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13libav: drop older 0.8.11 and use libav-9 by defaultMartin Jansa
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13recipes-qt: add x11 to required DISTRO_FEATURESMartin Jansa
* it's not complete, but recipes depending on virtual/libx11 are easiest to spot, I've long list of PNBLACKLIST for all recipes which cannot be built in distro without x11 in DISTRO_FEATURES Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13xorg-driver: add x11 to required DISTRO_FEATURESMartin Jansa
* it's not complete, but recipes depending on virtual/libx11 are easiest to spot, I've long list of PNBLACKLIST for all recipes which cannot be built in distro without x11 in DISTRO_FEATURES Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13recipes: add x11 to required DISTRO_FEATURESMartin Jansa
* it's not complete, but recipes depending on virtual/libx11 are easiest to spot, I've long list of PNBLACKLIST for all recipes which cannot be built in distro without x11 in DISTRO_FEATURES Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13libav: drop unused FFMPEG_LIBS and move libpostproc only to 0.8.11Martin Jansa
* standalone libpostproc recipe depends on libav, but current PACKAGES_DYNAMIC indicated that libav-9.13 also provides libpostproc Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13gst-ffmpeg: add dependency on libpostprocMartin Jansa
* building with libav-9 fails with: | checking for POSTPROC... configure: error: Package requirements (libpostproc libavcodec libavutil) were not met: | | No package 'libpostproc' found Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13icu: force arm modeMartin Jansa
* otherwise it triggers following ICE: ERROR: Function failed: do_compile (log file is located at /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/temp/log.do_compile.21570) ERROR: Logfile of failure stored in: /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/temp/log.do_compile.21570 Log data follows: | DEBUG: SITE files ['endian-little', 'bit-32', 'arm-common', 'common-linux', 'common-glibc', 'arm-linux', 'arm-linux-gnueabi', 'common'] | DEBUG: Executing shell function do_compile | NOTE: make | Note: rebuild with "make VERBOSE=1 " to show all compiler parameters. | make[0]: Making `all' in `stubdata' | make[1]: Entering directory '/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/build/stubdata' | make[1]: Nothing to be done for 'all'. | make[1]: Leaving directory '/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/build/stubdata' | make[0]: Making `all' in `common' | make[1]: Entering directory '/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/build/common' | arm-oe-linux-gnueabi-gcc ... /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common/ubidiwrt.c | /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common/ubidiwrt.c: In function 'ubidi_writeReordered_53': | /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common/ubidiwrt.c:643:1: internal compiler error: in patch_jump_insn, at cfgrtl.c:1275 | } | ^ | Please submit a full bug report, | with preprocessed source if appropriate. | See <http://gcc.gnu.org/bugs.html> for instructions. | *** Failed compilation command follows: ---------------------------------------------------------- | arm-oe-linux-gnueabi-gcc -march=armv4t -mthumb -mthumb-interwork -mtune=arm920t --sysroot=/OE/build/shr-core/tmp-eglibc/sysroots/om-gta02 -D_REENTRANT -DU_HAVE_ELF_H=1 -DU_HAVE_ATOMIC=1 -I/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common -DDEFAULT_ICU_PLUGINS="/usr/lib/icu" -DU_ATTRIBUTE_DEPRECATED= -DU_COMMON_IMPLEMENTATION -O2 -pipe -g -feliminate-unused-debug-types -std=c99 -Wall -pedantic -Wshadow -Wpointer-arith -Wmissing-prototypes -Wwrite-strings -c -DPIC -fPIC -o ubidiwrt.o /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common/ubidiwrt.c | --- ( rebuild with "make VERBOSE=1 all" to show all parameters ) -------- | /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/config/mh-linux:44: recipe for target 'ubidiwrt.o' failed | make[1]: *** [ubidiwrt.o] Error 1 | make[1]: Leaving directory '/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/build/common' | Makefile:141: recipe for target 'all-recursive' failed | make: *** [all-recursive] Error 2 | ERROR: oe_runmake failed | WARNING: /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/temp/run.do_compile.21570:1 exit 1 from | exit 1 | ERROR: Function failed: do_compile (log file is located at /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/temp/log.do_compile.21570) NOTE: recipe icu-53.1-r0: task do_compile: Failed ERROR: Task 6803 (/OE/build/shr-core/openembedded-core/meta/recipes-support/icu/icu_53.1.bb, do_compile) failed with exit code '1' Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13gdb: force arm modeMartin Jansa
* triggers some issue in gcc-4.9, this call: arm-oe-linux-gnueabi-gcc -march=armv5te -mthumb -mthumb-interwork -mtune=xscale --sysroot=/OE/build/shr-core/tmp-eglibc/sysroots/spitz -O2 -pipe -g -feliminate-unused-debug-types -I. -I/OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb -I/OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb/common -I/OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb/config -DLOCALEDIR="\"/usr/share/locale\"" -DHAVE_CONFIG_H -I/OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb/../include/opcode -I/OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb/../opcodes/.. -I../bfd -I/OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb/../bfd -I/OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb/../include -I../libdecnumber -I/OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb/../libdecnumber -I/OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb/gnulib/import -Ibuild-gnulib/import -Wall -Wdeclaration-after-statement -Wpointer-arith -Wpointer-sign -Wno-unused -Wunused-value -Wunused-function -Wno-switch -Wno-char-subscripts -Wmissing-prototypes -Wdeclaration-after-statement -Wempty-body -Wmissing-parameter-type -Wold-style-declaration -Wold-style-definition -Wformat-nonliteral -c -o eval.o -MT eval.o -MMD -MP -MF .deps/eval.Tpo /OE/build/shr-core/tmp-eglibc/work/xscalete-oe-linux-gnueabi/gdb/7.7-r0/gdb-7.7/gdb/eval.c just hangs (strace shows occasional call to mmap, brk, munmap) and eats all available memory (in my case 20GB), I've waited for 2,5 hours and it didn't finish, after removing -mthumb it builds in second. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13DO-NOT-MERGE: distutils3.bbclass: Don't use MACHINE variableMartin Jansa
The original patch says this about MACHINE variables: Use MACHINE for sysroot when not building for build host Python's machinery replaces directories in sysroot path to match OE's staging area sysroots. Earlier we use to have HOST_SYS represent sysroot always but now we use MACHINE to represent target sysroots but HOST_SYS to represent host sysroot. This patch caters to that difference But I think we need to find some different solution, because right now the only user of distutils3 bbclass python3-distribute becames effectivelly MACHINE_ARCH because of this. Detected with sstate-diff-machines.sh script: == Comparing signatures for python3-distribute.do_populate_sysroot.sigdata between qemux86 and qemux86copy == Hash for dependent task python3-distribute_0.6.32.bb.do_install changed from ef2f64ea6aecf1f9c2c6a0f201c52f67 to 7afd17fd366b28cf4a0353c7dd5e1c5b $ bitbake-diffsigs sstate-diff/1403174194/qemux86*/i586*/python3-distribute*/*do_install* basehash changed from 5311d29c25ff324645de9c17cdefe083 to 2f079b81b13427faddeb040e7a115965 Variable MACHINE value changed from 'qemux86copy' to 'qemux86' Hash for dependent task python3-distribute_0.6.32.bb.do_compile changed from 4fcb29eb2a0df7bef2f9806a0d9cdd92 to e7df3cdd7b82733d69c87f1822b7177b $ bitbake-diffsigs sstate-diff/1403174194/qemux86*/i586*/python3-distribute*/*do_compile* basehash changed from 870a9e01c2c4eb73dd57451eeb2a7f0c to c061ae11d7f16d74d49f667243a21be0 Variable MACHINE value changed from 'qemux86copy' to 'qemux86' Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13libsdl: Add support for libsdl-nativeAlexandru Niculita
Change-Id: I4fb1e623c7bbb1f35ae3001c839cd7e16ce1bd65 Signed-off-by: Alexandru Niculita <alexnick87@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2016-07-13WIP: Add KERNEL_EXTRA_ARGS?Martin Jansa
2016-07-11init-install-efi.sh: Avoid /mnt/mtab creation if already presentLeonardo Sandoval
The base-files recipe installs /mnt/mtab (it is a softlink of /proc/mounts), so if an image includes the latter, there is no new to created it again inside the install-efi.sh script, otherwise an error may occur as indicated on the bug's site. [YOCTO #7971] Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-03-21glibc: CVE-2015-8776Armin Kuster
it was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information. (From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21glibc: CVE-2015-9761Armin Kuster
A stack overflow vulnerability was found in nan* functions that could cause applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21glibc: CVE-2015-8779Armin Kuster
A stack overflow vulnerability in the catopen function was found, causing applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21glibc: CVE-2015-8777Armin Kuster
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. (From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-02-26glibc 2.20: Security fix CVE-2015-7547Koen Kooi
CVE-2015-7547: getaddrinfo() stack-based buffer overflow Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30bind: CVE-2015-8000Sona Sarmadi
Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. [YOCTO #8838] References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30grub2: Fix CVE-2015-8370Belal, Awais
http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2 Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30glibc: Fixes a heap buffer overflow in glibc wscanf.Armin Kuster
References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html http://openwall.com/lists/oss-security/2015/02/04/1 Reference to upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit; h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Hand applied. Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30libxml2: CVE-2015-8241Sona Sarmadi
Upstream bug (contains reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756263 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id= ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30openssl: CVE-2015-3194, CVE-2015-3195Sona Sarmadi
Fixes following vulnerabilities: Certificate verify crash with missing PSS parameter (CVE-2015-3194) X509_ATTRIBUTE memory leak (CVE-2015-3195) References: https://openssl.org/news/secadv/20151203.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 Upstream patches: CVE-2015-3194: https://git.openssl.org/?p=openssl.git;a=commit;h= d8541d7e9e63bf5f343af24644046c8d96498c17 CVE-2015-3195: https://git.openssl.org/?p=openssl.git;a=commit;h= b29ffa392e839d05171206523e84909146f7a77c Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30libxml2: CVE-2015-8035Sona Sarmadi
Fixes DoS when parsing specially crafted XML document if XZ support is enabled. References: https://bugzilla.gnome.org/show_bug.cgi?id=757466 Upstream correction: https://git.gnome.org/browse/libxml2/commit/?id= f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30unzip: CVE-2015-7696, CVE-2015-7697Tudor Florea
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30libxml2: CVE-2015-7942Sona Sarmadi
Fixes heap-based buffer overflow in xmlParseConditionalSections(). Upstream patch: https://git.gnome.org/browse/libxml2/commit/ ?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30linux-dtb.inc: drop unused DTB_NAME variable from do_installMartin Jansa
* this is causing do_install to depend on KERNEL_IMAGE_BASE_NAME which in some cases contains something like BUILD_NUMBER from CI, that caused do_install to be reexecuted every single time, which is very sad to be caused by unused variable. * jethro and newer don't need this change, because it's also fixed in commit 86b3f29f93e3f87903668ea317c6bd97be4cdf62 Author: Marek Vasut <marex@denx.de> Date: Thu May 14 14:31:11 2015 +0200 Subject: kernel: Build DTBs early Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30glibc: use patch for CVE-2015-1781Tudor Florea
Patch added to the repo wasn't actually considered due to a erronously way of specifying the sources. Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30texinfo: don't create dependency on INHERIT variableMartin Jansa
* we don't want the do_package signature depending on INHERIT variable * e.g. just adding the own-mirrors causes texinfo to rebuild: # bitbake-diffsigs BUILD/sstate-diff/*/*/texinfo/*do_package.sig* basehash changed from 015df2fd8e396cc1e15622dbac843301 to 9f1d06c4f238c70a99ccb6d8da348b6a Variable INHERIT value changed from ' rm_work blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' to ' rm_work own-mirrors blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30allarch: Force TARGET_*FLAGS variable valuesMike Crowe
TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may differ between MACHINEs. Since they are exported they affect task hashes even if unused which leads to multiple variants of allarch packages existing in sstate and bouncing in the sysroot when switching between MACHINEs. allarch packages shouldn't be using these variables anyway, so let's ensure they have a fixed value in order to avoid this problem. (Compare with 05a70ac30b37cab0952f1b9df501993a9dec70da and 14f4d016fef9d660da1e7e91aec4a0e807de59ab.) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30layer.conf: Add missing dependency for allarch package initramfs-frameworkRichard Purdie
Similiarly to the other previous changes, add a missing allarch package dependency for initramfs-framework on udev. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30layer.conf: Add several allarch dependency exclusionsRichard Purdie
These are dependencies that our allarch packages have in OE-Core that cause those allarch packages to rebuild every time MACHINE changes. With these changes, OE-Core allarch packages all have a common sstate signatures and no longer rebuild. (From OE-Core rev: 63bff90fa4fb4a95e8c79f9f8e5dd90ae1dfc69d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30image.bbclass: don't let do_rootfs depend on BUILDNAMEChen Qi
BUILDNAME is set by cooker as a string of current time. Letting do_rootfs task depend on this variable gets us no benefit. Besides, letting do_rootfs task depend on this variable will cause us trouble when executing `bitbake -S none core-image-minimal'. With current code, this command gives us error complaining about the different bashhash of do_rootfs task. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30fontcache: allow to pass extra parameters and environment to fc-cacheMartin Jansa
* this can be useful for passing extra parameters, pass -v by default to see what's going on in do_rootfs * we need to use this for extra parameter we implemented in fontconfig: --ignore-mtime always use cache file regardless of font directory mtime because the checksum of fontcache generated in do_rootfs doesn't match with /usr/share/fonts directory as seen on target device causing fontconfig to re-create the cache when fontconfig is used for first time or worse create new cache in every user's home directory when /usr/ filesystem is read only and cache cannot be updated. Running FC_DEBUG=16 fc-cache -v on such device shows: FcCacheTimeValid dir "/usr/share/fonts" cache checksum 1441207803 dir checksum 1441206149 * my guess is that the checksum is different, because pseudo (which is unloaded when running qemuwrapper) or because some influence of running the rootfs under qemu. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-01-30openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565Armin Kuster
three security fixes. CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable (From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Conflicts: meta/recipes-connectivity/openssh/openssh_6.6p1.bb
2016-01-30rsync: backport libattr checking patchSergiy Kibrik
Add check_libattr.patch to version 3.1.0 recipe, which checks and includes libattr to linker, otherwise rsync may fail to build with linker error below (as -lattr option gets omitted): [..] lib/sysxattrs.o: undefined reference to symbol 'llistxattr@@ATTR_1.0' [..]/lib/libattr.so.1: error adding symbols: DSO missing from command line Signed-off-by: Sergiy Kibrik <sakib@meta.ua> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-01-30grep2.19: CVE-2015-1345Sona Sarmadi
Fixes heap-based buffer overflow flaw in grep. Affected versions are: grep 2.19 through 2.21 Removed THANKS.in changes from upstream patch since this file does not exist in version 2.19. Replaced tab with spaces in SRC_URI as well. Upstream fix: http://git.sv.gnu.org/cgit/grep.git/commit/?id= 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2016-01-30libtasn1: CVE-2015-3622Sona Sarmadi
_asn1_extract_der_octet: prevent past of boundary access References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch; h=f979435823a02f842c41d49cd41cc81f25b5d677 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2015-09-29build-appliance-image: Update to dizzy head revisionRichard Purdie
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-29sstate: run recipe-provided hooks outside of ${B}Ross Burton
To avoid races between the sstate tasks/hooks using ${B} as the cwd, and other tasks such as cmake_do_configure which deletes and re-creates ${B}, ensure that all sstate hooks are run in the right directory, and run the prefunc/postfunc in WORKDIR. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722Armin Kuster
three security fixes. Signed-off-by: Armin Kuster <akuster@mvista.com>
2015-09-19icu: CVE-2014-8146-CVE-2014-8147Sona Sarmadi
CVE-2014-8146 icu: heap overflow via incorrect isolateCount CVE-2014-8147 icu: integer truncation in the resolveImplicitLevels function References: [1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z [2] https://www.kb.cert.org/vuls/id/602540 [3] http://bugs.icu-project.org/trac/changeset/37080 [4] http://bugs.icu-project.org/trac/changeset/37162 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-09-19oprofileui: Use inherit gettextSaul Wold
oprofileui uses gettext during the configuration task so should be inherit gettext. This issue appears when an older version of gettext is used do to pinning to the older non-gplv3 version. [YOCTO #7795] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-09-19gnutls: CVE-2015-3308Sona Sarmadi
Signed-off-by: Armin Kuster <akuster808@gmail.com>
2015-09-19rootfs.py: show intercept script output in log.do_rootfsMartin Jansa
* without this the output wasn't shown anywhere even when the bb.warn says: "See log for details!" (From OE-Core rev: a3c322b42c7a14584a80e04519c34689ec813210) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2015-09-19postinst_intercept: allow to pass variables with spacesMartin Jansa
* trying to pass foo="a b" through postinst_intercept ends with the actual script header to containing: b foo=a which fails because "b" command doesn't exist. (From OE-Core rev: c66d7d85b7225be8c838449324d506565dd0081d) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2015-09-19rootfs.py: Allow to override postinst-intercepts locationMartin Jansa
* useful when we need to overlay/extend intercept scripts from oe-core (From OE-Core rev: 7d08d2d5c0ae686e3bb8732ea82f30fd189b1cd8) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2015-09-19base.bbclass: Note when including pn with INCOMPATIBLE_LICENSESBeth Flanagan
We need to be able to tell people if we WHITELIST a recipe that contains an incompatible licese. Example: If we set WHITELIST_GPL-3.0 ?= "foo", foo will end up on an image even if GPL-3.0 is incompatible. This is the correct behaviour but there is nothing telling people that it is even happening. (From OE-Core rev: c9da529943b2f563b7b0aeb43576c13dd3b6f932) Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2015-09-19autotools.bbclass: mkdir ${B} -> mkdir -p ${B}Robert Yang
${B} is the default cwd of tasks, so there might be race issues such as: | mkdir: cannot create directory `${B}': File exists [snip] NOTE: recipe perf-1.0-r9: task do_configure: Failed Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>