summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* pkgconf: upgrade 1.6.1 -> 1.6.3master-nextRoss Burton10 hours1-2/+2
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: upgrade to latest revisionRoss Burton10 hours1-1/+1
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_manager: Ensure the base-feed directory existsAlistair Francis10 hours1-0/+2
| | | | | | | | Ensure that the /etc/opkg directory exists before we try to create a file there. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemurunner.py: Be more verbose about problemsAlistair Francis10 hours1-10/+10
| | | | | | | | Instead of hiding problems in the debug log let's print them as warnings instead. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opensbi: Fix installed-vs-shipped warningAlistair Francis10 hours1-0/+1
| | | | | | | | | | | Fix the following warning by just deleting the files: WARNING: opensbi-0.4-r0 do_package: QA Issue: opensbi: Files/directories were installed but not shipped in any package: /lib /lib/libsbiutils.a /lib/libsbi.a Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xkeyboard-config: remove redundant intltool dependencyRoss Burton10 hours1-2/+1
| | | | | | | Upstream now uses plain gettext. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ltp: getrlimit03: adjust-a-bit-of-code-to-compatiable-with mips32Hongzhi.Song13 hours3-0/+138
| | | | | | | | | | | | | | | | | | | | | | | | Error info: getrlimit03.c:104: FAIL: __NR_prlimit64(0) had rlim_cur = ffffffffffffffff but __NR_getrlimit(0) had rlim_cur = 7fffffff According to kernel code: [arch/mips/include/uapi/asm/resource.h] RLIM_INFINITY is set to 0x7fffffffUL instead of ULONG_MAX on mips32. /* * SuS says limits have to be unsigned. * Which makes a ton more sense anyway, * but we keep the old value on MIPS32, * for compatibility: */ #ifndef __mips64 # define RLIM_INFINITY 0x7fffffffUL #endif Adding conditional statement about mips to fix this. Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: use SQL placeholders instead of format stringsRoss Burton13 hours1-1/+1
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* flex: set CVE_PRODUCT to include vendorRoss Burton13 hours1-0/+3
| | | | | | | | | | There are many projects called Flex and they have CVEs, so also set the vendor to remove these false positives. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: allow comparison of Vendor as well as ProductRoss Burton13 hours1-4/+8
| | | | | | | | | | | | | | Some product names are too vague to be searched without also matching the vendor, for example Flex could be the parser compiler we ship, or Adobe Flex, or Apache Flex, or IBM Flex. If entries in CVE_PRODUCT contain a colon then split it as vendor:product to improve the search. Also don't use .format() to construct SQL as that can lead to security issues. Instead, use ? placeholders and lets sqlite3 handle the escaping. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* freetype: add --tag CC to libtool argumentsMikko Rapeli13 hours1-1/+1
| | | | | | | | | Fixes build failures on aarch64: aarch64-poky-linux-libtool: compile: unable to infer tagged configuration Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oe/copy_buildsystem: move layer into layers directoryAndrej Valek13 hours1-1/+7
| | | | | | | | | | | | | | | | | | | | | Layers could be located outside from poky but inside the build directory. This case should be covered in eSDK. meta-abc meta-def/meta-ghi meta-def/poky meta-def/meta-oe/meta-oe ... It should take all enabled layers and put them into 'layers' dir during build-time with respecting new relative path to poky. layers/meta-abc layers/meta-ghi layers/poky layers/meta-oe/meta-oe ... Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check.bbclass: initialize to_appendMikko Rapeli13 hours1-0/+1
| | | | | | | | | Fixes build failure with core-image-minimal: Exception: UnboundLocalError: local variable 'to_append' referenced before assignment Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: enable unicode supportMikko Rapeli13 hours2-0/+11
| | | | | | | | | | | | | | | | | | | | | While creating and deleting files with unicode or other encodings works, it's annoying when ls and other core utils show questionmarks instead of the unicode characters. In 2019, it's quite common that users of embedded devices based on yocto need unicode support. Debugging a box with unicode encoded file names is a bit annoying when core utils from busybox don't support them. The unicode config fragment has the same config as Debian in their deb and udeb builds of version 1:1.30.1-4. If developers do not want this or other default yocto features in busybox, or optimize the configuration for size, then they likely run a completely custom configuration. Thus I think it's safe to enable unicode support by default. Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ed: set CVE vendor to avoid false positivesRoss Burton13 hours1-0/+2
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: set CVE vendor to git-scmRoss Burton13 hours1-0/+2
| | | | | | | There's a Jenkins plugin for Git. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: set CVE vendor to BoostRoss Burton13 hours1-0/+2
| | | | | | | There's a Boost module for Drupal. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: set CVE vendor to ApacheRoss Burton13 hours1-0/+2
| | | | | | | There's a Jenkins plugin for Subversion. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-fitimage: uboot-sign: fix missing signatureJun Nie13 hours1-1/+3
| | | | | | | | | u-boot.bin with dtb & signature should be placed in ${B} so that it can be deployed by u-boot as expected. Otherwise, the version without signature is installed. Signed-off-by: Jun Nie <jun.nie@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* defaultsetup.conf: enable select init managerKai Kang13 hours7-6/+25
| | | | | | | | | | | | | | | | | Introduce a new variable INIT_MANAGER and create 4 init-manager-*.inc files to configure init manager settings. Available values of INIT_MANAGER are sysvinit, systemd, mdev-busybox and a default of none. 'none' provides backwards compatibility. The settings of various VIRTUAL-RUNTIME variables are moved into these files from the packagegroups. [YOCTO #13031] [Modifications by RP for backwards compatibility] Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: upgrade 3.7.3 -> 3.7.4HEADmasterAnuj Mittal13 hours1-2/+2
| | | | | | | | | Also fixes CVE-2019-9740, CVE-2019-9948. For details, see: https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-4-final Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: fix CVE-2019-9740Anuj Mittal13 hours2-0/+216
| | | | | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wic: add support for kernel with initramfs bundledChee Yang Lee13 hours5-16/+35
| | | | | | | | | | | | | | | | | | when INITRAMFS_IMAGE_BUNDLE and INITRAMFS_IMAGE are set, wic should look for kernel with initramfs image bundled. Include required variable MACHINE, INITRAMFS_IMAGE_BUNDLE, INITRAMFS_IMAGE, INITRAMFS_LINK_NAME and KERNEL_IMAGETYPE in WICVARS. No longer require default value for variable kernel as KERNEL_IMAGETYPE is not optional variable and included in WICVARS. image_types_wic to inherit kernel-artifact-names to obtain default INITRAMFS_LINK_NAME when INITRAMFS_IMAGE_BUNDLE are set. update wic.Wic2.test_image_env test case to filter optional variable INITRAMFS_LINK_NAME, INITRAMFS_IMAGE and INITRAMFS_IMAGE_BUNDLE. Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nasm: fix CVE-2018-19755Anuj Mittal13 hours2-1/+119
| | | | | Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg/package/rootfs_ipk: allow overwriting OPKGLIBDIRAdrian Ratiu13 hours3-3/+3
| | | | | | | | | | | | | | | | | | Some distributions for various reasons (like for example mounting a tmpfs over /var at runtime) can't use /var/lib to store the opkg metadata, so a different path is required to have a functioning package manager. ${localstatedir} can't be modified to something other than the hardcoded value in bitbake.conf because other recipes depending on it will fail to install. So the only recourse, which is also the least invasive, is to allow distros to overwrite the OPKGLIBDIR variable just like they are also allowed to overwrite OPKGBUILDCMD. Signed-off-by: Adrian Ratiu <adrian.ratiu@collabora.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libid3tag: handle unknown encodings (CVE-2017-11550)Ross Burton23 hours2-0/+40
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libid3tag: CVE-2017-11551 is the same as CVE-2004-2779Ross Burton23 hours1-0/+1
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: exclude child recipes from CVE scanningRoss Burton23 hours4-3/+10
| | | | | | | | | | | | As glibc will be scanned for CVEs, we don't need to scan glibc-locale, glibc-mtrace, and glibc-scripts which are all separate recipes for technical reasons. Exclude the recipes by setting CVE_PRODUCT in the recipe, instead of using the global whitelist. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check-tool: removeRoss Burton23 hours6-565/+0
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: remove redundant readline CVE whitelistingRoss Burton23 hours1-4/+9
| | | | | | | | | | CVE-2014-2524 is a readline CVE that was fixed in 6.3patch3 onwards, but the tooling wasn't able to detect this version. As we now ship readline 8 we don't need to manually whitelist it, and if we did then the whitelisting should be in the readline recipe. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: Fix interface bring-up on kernels >= 5.2Ricardo Ribalda Delgado23 hours3-0/+164
| | | | | | | | | | | | | | | With kernels >=5.2 systemd-networkd is unable to bring up the link. eth0: Could not bring up interface: Invalid argument This is already reported upstream and fixed on master: https://github.com/systemd/systemd/issues/12784 They recommend Debian to backport two patches. Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mdadm: make ptest output format align with common styleChangqing Li23 hours2-16/+9
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg: make ptest output format align with common styleChangqing Li23 hours1-0/+5
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* scripts/buildstats-diff: Add option to filter tasksJoshua Watt23 hours2-7/+13
| | | | | | | | | | | | | | Adds a command line option to filter out the buildstats-diff report by one more more tasks. e.g.: buildstats-diff --only-task do_compile A B will only show the differences for do_compile tasks. The --only-task option can be specified multiple times to filter out multiple tasks at once. Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nfs-mountd: Add missing dependency on systemd serviceRicardo Ribalda Delgado23 hours1-0/+1
| | | | | | | | | | | | As described on: https://www.spinics.net/lists/linux-nfs/msg62022.html mountd requires rpcbind, otherwise it can can fail to start, which can lead to nfsroot not booting. Upstream: http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=907426b00bdcd69d9a56ac1870990e8ae8c6fe9f Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* webkitgtk: set incomptible with tune mipsKai Kang23 hours1-0/+2
| | | | | | | | | | | | | It fails to compile webkit when default tune is 'mips': | .../tmp-glibc/work/mips-wrs-linux/webkitgtk/2.24.2-r0/webkitgtk-2.24.2 | /Source/JavaScriptCore/assembler/MacroAssemblerMIPS.h:418:23: | error: static assertion failed: CLZ opcode is not available for this ISA So don't build webkit when default tune is mips. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* devtool: provide support for devtool menuconfig commandSai Hari Chandana Kalluri44 hours2-0/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All packages that support the menuconfig task will be able to run devtool menuconfig command. This would allow the user to modify the current configure options and create a config fragment which can be added to a recipe using devtool finish. 1. The patch checks if devtool menuconfig command is called for a valid package. 2. It checks for oe-local-files dir within source and creates one if needed, this directory is needed to store the final generated config fragment so that devtool finish can update the recipe. 3. Menuconfig command is called for users to make necessary changes. After saving the changes, diffconfig command is run to generate the fragment. Syntax: devtool menuconfig <package name> Ex: devtool menuconfig linux-yocto The config fragment is saved as devtool-fragment.cfg within oe-local-files dir. Ex: <workspace_path>/sources/linux-yocto/oe-local-files/devtool-fragment.cfg Run devtool finish to update the recipe by appending the config fragment to SRC_URI and place a copy of the fragment within the layer where the recipe resides. Ex: devtool finish linux-yocto meta [YOCTO #10416] Signed-off-by: Sai Hari Chandana Kalluri <chandana.kalluri@xilinx.com> Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandr@xilinx.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
* devtool/standard.py: Create a copy of kernel source within work-shared if ↵Sai Hari Chandana Kalluri44 hours1-1/+19
| | | | | | | | | | | | | | | not present If kernel source is not already downloaded i.e staging kernel dir is empty, place a copy of the source when the user runs devtool modify linux-yocto. This way the kernel source is available for other packages that use it. [YOCTO #10416] Signed-off-by: Sai Hari Chandana Kalluri <chandana.kalluri@xilinx.com> Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandr@xilinx.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
* devtool/standard.py: Update devtool modify to copy source from work-shared ↵Sai Hari Chandana Kalluri44 hours1-23/+99
| | | | | | | | | | | | | | | | | | if its already downloaded In the regular devtool modify flow, the kernel source is fetched by running do_fetch task. This is an overhead in time and space. This patch updates modify command to check if the kernel source is already downloaded. If so, then instead of calling do_fetch, copy the source from work-shared to devtool workspace by creating hard links else run the usual devtool modify flow and call do_fetch task. [YOCTO #10416] Signed-off-by: Sai Hari Chandana Kalluri <chandana.kalluri@xilinx.com> Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandr@xilinx.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
* timezone: update to 2019bArmin Kuster44 hours1-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Briefly: Brazil no longer observes DST. 'zic -b slim' outputs smaller TZif files; please try it out. Palestine's 2019 spring-forward transition was on 03-29, not 03-30. Changes to future timestamps Brazil has canceled DST and will stay on standard time indefinitely. (Thanks to Steffen Thorsen, Marcus Diniz, and Daniel Soares de Oliveira.) Predictions for Morocco now go through 2087 instead of 2037, to work around a problem on newlib when using TZif files output by zic 2019a or earlier. (Problem reported by David Gauchard.) Changes to past and future timestamps Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30 at 01:00. (Thanks to Sharef Mustafa and Even Scharning.) Guess future transitions to be March's last Friday at 00:00. Changes to past timestamps Hong Kong's 1941-06-15 spring-forward transition was at 03:00, not 03:30. Its 1945 transition from JST to HKT was on 11-18 at 02:00, not 09-15 at 00:00. In 1946 its spring-forward transition was on 04-21 at 00:00, not the previous day at 03:30. From 1946 through 1952 its fall-back transitions occurred at 04:30, not at 03:30. In 1947 its fall-back transition was on 11-30, not 12-30. (Thanks to P Chan.) Changes to past time zone abbreviations Italy's 1866 transition to Rome Mean Time was on December 12, not September 22. This affects only the time zone abbreviation for Europe/Rome between those dates. (Thanks to Stephen Trainor and Luigi Rosa.) Changes affecting metadata only Add info about the Crimea situation in zone1970.tab and zone.tab. (Problem reported by Serhii Demediuk.) Changes to code zic's new -b option supports a way to control data bloat and to test for year-2038 bugs in software that reads TZif files. 'zic -b fat' and 'zic -b slim' generate larger and smaller output; for example, changing from fat to slim shrinks the Europe/London file from 3648 to 1599 bytes, saving about 56%. Fat and slim files represent the same set of timestamps and use the same TZif format as documented in tzfile(5) and in Internet RFC 8536. Fat format attempts to work around bugs or incompatibilities in older software, notably software that mishandles 64-bit TZif data or uses obsolete TZ strings like "EET-2EEST" that lack DST rules. Slim format is more efficient and does not work around 64-bit bugs or obsolete TZ strings. Currently zic defaults to fat format unless you compile with -DZIC_BLOAT_DEFAULT=\"slim\"; this out-of-the-box default is intended to change in future releases as the buggy software often mishandles timestamps anyway. zic no longer treats a set of rules ending in 2037 specially. Previously, zic assumed that such a ruleset meant that future timestamps could not be predicted, and therefore omitted a POSIX-like TZ string in the TZif output. The old behavior is no longer needed for current tzdata, and caused problems with newlib when used with older tzdata (reported by David Gauchard). zic no longer generates some artifact transitions. For example, Europe/London no longer has a no-op transition in January 1996. Changes to build procedure tzdata.zi now assumes zic 2017c or later. This shrinks tzdata.zi by a percent or so. Changes to documentation and commentary The Makefile now documents the POSIXRULES macro as being obsolete, and similarly, zic's -p POSIXRULES option is now documented as being obsolete. Although the POSIXRULES feature still exists and works as before, in practice it is rarely used for its intended purpose, and it does not work either in the default reference implementation (for timestamps after 2037) or in common implementations such as GNU/Linux (for contemporary timestamps). Since POSIXRULES was designed primarily as a temporary transition facility for System V platforms that died off decades ago, it is being decommissioned rather than institutionalized. New info on Bonin Islands and Marcus (thanks to Wakaba and Phake Nick). Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: backport patch to fix sysctl warning on bootMatthias Schiffer44 hours2-0/+40
| | | | | | | | | | | | Due to improved validation of sysctl settings in recent kernels (5.2+, but also stable kernels like 4.19.53), systemd will log an error message like systemd[1]: Failed to bump fs.file-max, ignoring: Invalid argument during boot. Backport the bugfix from the systemd master. Signed-off-by: Matthias Schiffer <matthias.schiffer@ew.tq-group.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_test_dataMike Crowe44 hours1-1/+1
| | | | | | | | Ensure that we don't create an image test data symlink named ".testdata.json" when IMAGE_LINK_NAME is empty. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rootfs-postcommands: Cope with empty IMAGE_LINK_NAME in write_image_manifestMike Crowe44 hours1-1/+1
| | | | | | | | Ensure that we don't create a symlink named ".manifest" if IMAGE_LINK_NAME is empty. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nativesdk-meson: Remove some unused variablesPeter Kjellerstedt44 hours1-5/+0
| | | | | Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meson.bbclass: Remove the MESON_*_ARGS variablesPeter Kjellerstedt44 hours1-10/+5
| | | | | | | | | | | | | | | | | The options in ${HOST_CC_ARCH}${TOOLCHAIN_OPTIONS} are already passed via ${CC}/${CXX} and there is no reason to pass them a second time. Thus we can remove MESON_TOOLCHAIN_ARGS. And when it is removed, the other MESON_*_ARGS variables revert to the standard CFLAGS, CXXFLAGS and LDFLAGS, so just use them directly instead. Apart from the obvious improvement with not passing a lot of options twice, this also solves a problem where -pie would be passed on the command line in a way that it would prevent building any dynamic libraries using meson if using a toolchain that is not built with --enable-default-pie and if security_flags.inc is used. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2019-7663Ross Burton44 hours2-1/+79
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix CVE-2019-6128Ross Burton44 hours2-1/+54
| | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: remove redundant patchRoss Burton44 hours2-28/+1
| | | | | | | The patching to make the new libtool work (from 2008) is no longer needed. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e2fsprogs: Remove patch that disabled 64bit for ext4 by defaultAdrian Bunk44 hours2-37/+0
| | | | | | | | OE no longer ships a git snapshot of e2fsprogs, so use the new upstream default now. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xauth:upgrade 1.0.10 -> 1.1Zang Ruochen44 hours1-2/+2
| | | | | | | -Upgrade from xauth_1.0.10.bb to xauth_1.1.bb. Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>