| Age | Commit message (Collapse) | Author |
|---|
|
The upstream fix for CVE-2016-2037 introduced a read from uninitialized memory
bug when appending to an existing archive, which is an operation we perform when
building an image.
(From OE-Core rev: 046e3e1fca925febf47b3fdd5d4e9ee2e1fad868)
(From OE-Core rev: 2ff6ab2e2944c6a53523b4b1611e1d22f6393500)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
2018i:
Briefly:
São Tomé and Príncipe switches from +01 to +00 on 2019-01-01.
Changes to future timestamps
Due to a change in government, São Tomé and Príncipe switches back
from +01 to +00 on 2019-01-01 at 02:00. (Thanks to Vadim
Nasardinov and Michael Deckers.)
2018h:
Briefly:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21.
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move.
Metlakatla, Alaska observes PST this winter only.
Guess Morocco will continue to adjust clocks around Ramadan.
Add predictions for Iran from 2038 through 2090.
Changes to future timestamps
Guess that Morocco will continue to fall back just before and
spring forward just after Ramadan, the practice since 2012.
(Thanks to Maamar Abdelkader.) This means Morocco will observe
negative DST during Ramadan in main and vanguard formats, and in
rearguard format it stays in the +00 timezone and observes
ordinary DST in all months other than Ramadan. As before, extend
this guesswork to the year 2037. As a consequence, Morocco is
scheduled to observe three DST transitions in some Gregorian years
(e.g., 2033) due to the mismatch between the Gregorian and Islamic
calendars.
The table of exact transitions for Iranian DST has been extended.
It formerly cut off before the year 2038 in a nod to 32-bit time_t.
It now cuts off before 2091 as there is doubt about how the Persian
calendar will treat 2091. This change predicts DST transitions in
2038-9, 2042-3, and 2046-7 to occur one day later than previously
predicted. As before, post-cutoff transitions are approximated.
Changes to past and future timestamps
Qyzylorda (aka Kyzylorda) oblast in Kazakhstan moved from +06 to
+05 on 2018-12-21. This is a zone split as Qostanay (aka
Kostanay) did not switch, so create a zone Asia/Qostanay.
Metlakatla moved from Alaska to Pacific standard time on 2018-11-04.
It did not change clocks that day and remains on -08 this winter.
(Thanks to Ryan Stanley.) It will revert to the usual Alaska
rules next spring, so this change affects only timestamps
from 2018-11-04 through 2019-03-10.
Change to past timestamps
Kwajalein's 1993-08-20 transition from -12 to +12 was at 24:00,
not 00:00. I transcribed the time incorrectly from Shanks.
(Thanks to Phake Nick.)
Nauru's 1979 transition was on 02-10 at 02:00, not 05-01 at 00:00.
(Thanks to Phake Nick.)
Guam observed DST irregularly from 1959 through 1977.
(Thanks to Phake Nick.)
Hong Kong observed DST in 1941 starting 06-15 (not 04-01), then on
10-01 changed standard time to +08:30 (not +08). Its transition
back to +08 after WWII was on 1945-09-15, not the previous day.
Its 1904-10-30 change took effect at 01:00 +08 (not 00:00 LMT).
(Thanks to Phake Nick, Steve Allen, and Joseph Myers.) Also,
its 1952 fallback was on 11-02 (not 10-25).
This release contains many changes to timestamps before 1946 due
to Japanese possession or occupation of Pacific/Chuuk,
Pacific/Guam, Pacific/Kosrae, Pacific/Kwajalein, Pacific/Majuro,
Pacific/Nauru, Pacific/Palau, and Pacific/Pohnpei.
(Thanks to Phake Nick.)
Assume that the Spanish East Indies was like the Philippines and
observed American time until the end of 1844. This affects
Pacific/Chuuk, Pacific/Kosrae, Pacific/Palau, and Pacific/Pohnpei.
Changes to past tm_isdst flags
For the recent Morocco change, the tm_isdst flag should be 1 from
2018-10-27 00:00 to 2018-10-28 03:00. (Thanks to Michael Deckers.)
Give a URL to the official decree. (Thanks to Matt Johnson.)
(From OE-Core rev: 100d0d0f24cabedd1a89b69ac8ffb05d85663761)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changes to code
When generating TZif files with leap seconds, zic no longer uses a
format that trips up older 32-bit clients, fixing a bug introduced
in 2018f. (Reported by Daniel Fischer.) Also, the zic workaround
for QTBUG-53071 now also works for TZif files with leap seconds.
The translator to rearguard format now rewrites the line
"Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
"Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S".
This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
and earlier. (Reported by Christos Zoulas.)
Changes to past time zone abbreviations
Change HDT to HWT/HPT for WWII-era abbreviations in Hawaii.
This reverts to 2011h, as the abbreviation change in 2011i was
likely inadvertent.
Changes to documentation
tzfile.5 has new sections on interoperability issues.
(From OE-Core rev: a24d0c174411a32a2793c89980ca87c4f9d98bc4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes to code
When generating TZif files with leap seconds, zic no longer uses a
format that trips up older 32-bit clients, fixing a bug introduced
in 2018f. (Reported by Daniel Fischer.) Also, the zic workaround
for QTBUG-53071 now also works for TZif files with leap seconds.
The translator to rearguard format now rewrites the line
"Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
"Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S".
This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
and earlier. (Reported by Christos Zoulas.)
Changes to past time zone abbreviations
Change HDT to HWT/HPT for WWII-era abbreviations in Hawaii.
This reverts to 2011h, as the abbreviation change in 2011i was
likely inadvertent.
Changes to documentation
tzfile.5 has new sections on interoperability issues.
(From OE-Core rev: 32e5dd919a61b1c245fb6a867d0ea4a71d394aca)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The shadow configure script tries really hard to detect the running
shell to make sure it doesn't do unsupported calls.
On my system the shell is detected as /bin/sh, while a build in an
ubuntu docker it resolves to /bin/bash. And since the shell path is
baked into the target binaries through config.h, the build becomes
inreproducible.
Fix reproducibility by hard-coding the shell to be /bin/sh
(From OE-Core rev: 5f4fe91cb6c21cd3ecd0b68d1c6b46a9530c7570)
Signed-off-by: Martin Hundebøll <martin@geanix.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: d8e1b7afc536f989e7e6efdab0998d54f26ad1f6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 2ddb3b25ed063b47d3fe2b3e9e17b7f9d0e2a7e5)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Briefly:
Volgograd moves from +03 to +04 on 2018-10-28.
Fiji ends DST 2019-01-13, not 2019-01-20.
Most of Chile changes DST dates, effective 2019-04-06.
Changes to future timestamps
Volgograd moves from +03 to +04 on 2018-10-28 at 02:00.
(Thanks to Alexander Fetisov and Stepan Golosunov.)
Fiji ends DST 2019-01-13 instead of the 2019-01-20 previously
predicted. (Thanks to Raymond Kumar.) Adjust future predictions
accordingly.
Most of Chile will end DST on the first Saturday in April at 24:00 mainland
time, and resume DST on the first Saturday in September at 24:00 mainland
time. The changes are effective from 2019-04-06, and do not affect the
Magallanes region modeled by America/Punta_Arenas. (Thanks to Juan Correa
and Tim Parenti.) Adjust future predictions accordingly.
Changes to past timestamps
The 2018-05-05 North Korea 30-minute time zone change took place
at 23:30 the previous day, not at 00:00 that day.
China's 1988 spring-forward transition was on April 17, not
April 10. Its DST transitions in 1986/91 were at 02:00, not 00:00.
(Thanks to P Chan.)
Fix several issues for Macau before 1992. Macau's pre-1904 LMT
was off by 10 s. Macau switched to +08 in 1904 not 1912, and
temporarily switched to +09/+10 during World War II. Macau
observed DST in 1942/79, not 1961/80, and there were several
errors for transition times and dates. (Thanks to P Chan.)
The 1948-1951 fallback transitions in Japan were at 25:00 on
September's second Saturday, not at 24:00. (Thanks to Phake Nick.)
zic turns this into 01:00 on the day after September's second
Saturday, which is the best that POSIX or C platforms can do.
Incorporate 1940-1949 Asia/Shanghai DST transitions from a 2014
paper by Li Yu, replacing more-questionable data from Shanks.
Changes to time zone abbreviations
Use "PST" and "PDT" for Philippine time. (Thanks to Paul Goyette.)
Changes to documentation
New restrictions: A Rule name must start with a character that
is neither an ASCII digit nor "-" nor "+", and an unquoted name
should not use characters in the set "!$%&'()*,/:;<=>?@[\]^`{|}~".
The latter restriction makes room for future extensions (a
possibility noted by Tom Lane).
tzfile.5 now documents what time types apply before the first and
after the last transition, if any.
Documentation now uses the spelling "timezone" for a TZ setting
that determines timestamp history, and "time zone" for a
geographic region currently sharing the same standard time.
The name "TZif" is now used for the tz binary data format.
tz-link.htm now mentions the A0 TimeZone Migration utilities.
(Thanks to Aldrin Martoq for the link.)
Changes to build procedure
New 'make' target 'rearguard_tarballs' to build the rearguard
tarball only. This is a convenience on platforms that lack lzip
if you want to build the rearguard tarball. (Problem reported by
Deborah Goldsmith.)
tzdata.zi is now more stable from release to release. (Problem
noted by Tom Lane.) It is also a bit shorter.
tzdata.zi now can contain comment lines documenting configuration
information, such as which data format was selected, which input
files were used, and how leap seconds are treated. (Problems
noted by Lester Caine and Brian Inglis.) If the Makefile defaults
are used these comment lines are absent, for backward
compatibility. A redistributor intending to alter its copy of the
files should also append "-LABEL" to the 'version' file's first
line, where "LABEL" identifies the redistributor's change.
(From OE-Core rev: 9d786808fb9471eff46d95dd354f6254e468aa17)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changes to code
zic now always generates TZif files where time type 0 is used for
timestamps before the first transition. This simplifies the
reading of TZif files and should not affect behavior of existing
TZif readers because the same set of time types is used; only
their internal indexes may have changed. This affects only the
legacy zones EST5EDT, CST6CDT, MST7MDT, PST8PDT, CET, MET, and
EET, which previously used nonzero types for these timestamps.
Because of the type 0 change, zic no longer outputs a dummy
transition at time -2**59 (before the Big Bang), as clients should
no longer need this to handle historical timestamps correctly.
This reverts a change introduced in 2013d and shrinks most TZif
files by a few bytes.
zic now supports negative time-of-day in Rule and Leap lines, e.g.,
"Rule X min max - Apr lastSun -6:00 1:00 -" means the transition
occurs at 18:00 on the Saturday before the last Sunday in April.
This behavior was documented in 2018a but the code did not
entirely match the documentation.
localtime.c no longer requires at least one time type in TZif
files that lack transitions or have a POSIX-style TZ string. This
future-proofs the code against possible future extensions to the
format that would allow TZif files with POSIX-style TZ strings and
without transitions or time types.
A read-access subscript error in localtime.c has been fixed.
It could occur only in TZif files with timecnt == 0, something that
does not happen in practice now but could happen in future versions.
localtime.c no longer ignores TZif POSIX-style TZ strings that
specify only standard time. Instead, these TZ strings now
override the default time type for timestamps after the last
transition (or for all time stamps if there are no transitions),
just as DST strings specifying DST have always done.
leapseconds.awk now outputs "#updated" and "#expires" comments,
and supports leap seconds at the ends of months other than June
and December. (Inspired by suggestions from Chris Woodbury.)
(From OE-Core rev: 4670dcdb6e2504469c30ebed828d4702d8c0003c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Briefly:
North Korea switches back to +09 on 2018-05-05.
The main format uses negative DST again, for Ireland etc.
'make tarballs' now also builds a rearguard tarball.
New 's' and 'd' suffixes in SAVE columns of Rule and Zone lines.
Changes to past and future time stamps
North Korea switches back from +0830 to +09 on 2018-05-05.
(Thanks to Kang Seonghoon, Arthur David Olson, Seo Sanghyeon,
and Tim Parenti.)
Bring back the negative-DST changes of 2018a, except be more
compatible with data parsers that do not support negative DST.
Also, this now affects historical time stamps in Namibia and the
former Czechoslovakia, not just Ireland. The main format now uses
negative DST to model time stamps in Europe/Dublin (from 1971 on),
Europe/Prague (1946/7), and Africa/Windhoek (1994/2017). This
does not affect UT offsets, only time zone abbreviations and the
tm_isdst flag. Also, this does not affect rearguard or vanguard
formats; effectively the main format now uses vanguard instead of
rearguard format. Data parsers that do not support negative DST
can still use data from the rearguard tarball described below
(From OE-Core rev: f717eeff2d4823163cb72fb79101220cc48b3286)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Changes to build procedure
The command 'make tarballs' now also builds the tarball
tzdataVERSION-rearguard.tar.gz, which is like tzdataVERSION.tar.gz
except that it uses rearguard format intended for trailing-edge
data parsers.
Changes to data format and to code
The SAVE column of Rule and Zone lines can now have an 's' or 'd'
suffix, which specifies whether the adjusted time is standard time
or daylight saving time. If no suffix is given, daylight saving
time is used if and only if the SAVE column is nonzero; this is
the longstanding behavior. Although this new feature is not used
in tzdata, it could be used to specify the legal time in Namibia
1994-2017, as opposed to the popular time (see below).
Changes to past time stamps
From 1994 through 2017 Namibia observed DST in winter, not summer.
That is, it used negative DST, as Ireland still does. This change
does not affect UTC offsets; it affects only the tm_isdst flag and
the abbreviation used during summer, which is now CAT, not WAST.
Although (as noted by Michael Deckers) summer and winter time were
both simply called "standard time" in Namibian law, in common
practice winter time was considered to be DST (as noted by Stephen
Colebourne). The full effect of this change is only in vanguard
format; in rearguard and main format, the tm_isdst flag is still
zero in winter and nonzero in summer.
In 1946/7 Czechoslovakia also observed negative DST in winter.
The full effect of this change is only in vanguard format; in
rearguard and main formats, it is modeled as plain GMT without
daylight saving. Also, the dates of some 1944/5 DST transitions
in Czechoslovakia have been changed.
(From OE-Core rev: aeb3d295581908ca9a9d8f1705f70b49b2de32e3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
iso9660: validate directory record length
Affects libarchive <= 3.3.2
(From OE-Core rev: dea4280623f945c06e8132c888988373e686318e)
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
proc/readproc.c: Fix bugs and overflows in file2strvec().
Note: this is by far the most important and complex patch of the whole
series, please review it carefully; thank you very much!
For this patch, we decided to keep the original function's design and
skeleton, to avoid regressions and behavior changes, while fixing the
various bugs and overflows. And like the "Harden file2str()" patch, this
patch does not fail when about to overflow, but truncates instead: there
is information available about this process, so return it to the caller;
also, we used INT_MAX as a limit, but a lower limit could be used.
The easy changes:
- Replace sprintf() with snprintf() (and check for truncation).
- Replace "if (n == 0 && rbuf == 0)" with "if (n <= 0 && tot <= 0)" and
do break instead of return: it simplifies the code (only one place to
handle errors), and also guarantees that in the while loop either n or
tot is > 0 (or both), even if n is reset to 0 when about to overflow.
- Remove the "if (n < 0)" block in the while loop: it is (and was) dead
code, since we enter the while loop only if n >= 0.
- Rewrite the missing-null-terminator detection: in the original
function, if the size of the file is a multiple of 2047, a null-
terminator is appended even if the file is already null-terminated.
- Replace "if (n <= 0 && !end_of_file)" with "if (n < 0 || tot <= 0)":
originally, it was equivalent to "if (n < 0)", but we added "tot <= 0"
to handle the first break of the while loop, and to guarantee that in
the rest of the function tot is > 0.
- Double-force ("belt and suspenders") the null-termination of rbuf:
this is (and was) essential to the correctness of the function.
- Replace the final "while" loop with a "for" loop that behaves just
like the preceding "for" loop: in the original function, this would
lead to unexpected results (for example, if rbuf is |\0|A|\0|, this
would return the array {"",NULL} but should return {"","A",NULL}; and
if rbuf is |A|\0|B| (should never happen because rbuf should be null-
terminated), this would make room for two pointers in ret, but would
write three pointers to ret).
The hard changes:
- Prevent the integer overflow of tot in the while loop, but unlike
file2str(), file2strvec() cannot let tot grow until it almost reaches
INT_MAX, because it needs more space for the pointers: this is why we
introduced ARG_LEN, which also guarantees that we can add "align" and
a few sizeof(char*)s to tot without overflowing.
- Prevent the integer overflow of "tot + c + align": when INT_MAX is
(almost) reached, we write the maximal safe amount of pointers to ret
(ARG_LEN guarantees that there is always space for *ret = rbuf and the
NULL terminator).
Affects procps-ng < 3.3.15
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
newgidmap: enforce setgroups=deny if self-mapping a group
This is necessary to match the kernel-side policy of "self-mapping in a
user namespace is fine, but you cannot drop groups" -- a policy that was
created in order to stop user namespaces from allowing trivial privilege
escalation by dropping supplementary groups that were "blacklisted" from
certain paths.
This is the simplest fix for the underlying issue, and effectively makes
it so that unless a user has a valid mapping set in /etc/subgid (which
only administrators can modify) -- and they are currently trying to use
that mapping -- then /proc/$pid/setgroups will be set to deny. This
workaround is only partial, because ideally it should be possible to set
an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow
administrators to further restrict newgidmap(1).
We also don't write anything in the "allow" case because "allow" is the
default, and users may have already written "deny" even if they
technically are allowed to use setgroups. And we don't write anything if
the setgroups policy is already "deny".
Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
Fixes: CVE-2018-7169
Affects shadow <= 4.5
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Reject LHA archive entries with negative size.
Affects libarchive = 3.3.2
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: f75289b9215580030540245cd0b5f945bfb05ffa)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Large zip files can cause unzip to crash, take a patch from Fedora to fix it.
(From OE-Core rev: a001833b7c7a0a6eef88e053fe65e2a0c91ca7bc)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The bzip.org domain expired and is now a holding site for adverts, so we can't
trust a tarball that appears on that site (luckily we have source checksums to
detect this).
For now, point SRC_URI at the tarball in the Yocto Project source mirror, but
set HOMEPAGE and UPSTREAM_CHECK_URI to the sourceware.org/bzip2/ page which
apparently will be resurrected as the new canonical home page.
(From OE-Core rev: 9e291d9923efc988abe8689c64bafbb29da06339)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
(From OE-Core rev: 94a1e2794df15f0f2cb62ae030cd81e6c0798b1f)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
In Linux,8 bits of the return code and 8 bits of the number of
the killing signal are mixed into a single value on the exit code,
so the exit status offset should be 8. But the autoconf checker
can not determine it while cross compiling, and then it is set to
the default value 0, which will cause generating the wrong exit
code if program exit with an error code.
(From OE-Core rev: e2dea46607a24620d6d2c250efc9b2e95bfd5ad8)
Signed-off-by: Rui Wang <rui.wang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Alioth is dead and the minicom project on Salsa (the replacement for Alioth)
doesn't actually have any files in, so just use the Debian mirror instead.
(From OE-Core rev: b0338efcdabeec79c568c74b6888d7d523e8e9dc)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Alioth is dead so we can't use it for SRC_URI anymore. There is a shadow
repository on GitHub which is the new upstream, but for some reason it is
missing the 4.2.1 tag and tarball that we use. Also 4.2.1 was never uploaded
into Debian itself, so we can't use their mirror network either.
For now point SRC_URI at the Yocto Project source mirror and set
UPSTREAM_CHECK_URI so that we get nagged to upgrade to 4.6.
(From OE-Core rev: b3e246fef166030f327b5a852718ea907ada1759)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
SystemD 237 implements a stricted PIDfile handling that breaks several
daemons [1].
Change the way we start xinetd, mimicing other distros [2].
Fixes:
root@qt5122:~# journalctl -u xinetd
-- Logs begin at Fri 2018-05-25 14:33:29 UTC, end at Mon 2018-06-11 07:33:08 UTC. --
May 25 14:33:31 qt5122 systemd[1]: Starting Xinetd A Powerful Replacement For Inetd...
May 25 14:33:31 qt5122 systemd[1]: xinetd.service: Permission denied while opening PID file or unsafe symlink chain: /var/run/xinetd.pid
Jun 11 07:27:24 qt5122 systemd[1]: xinetd.service: Start operation timed out. Terminating.
Jun 11 07:27:24 qt5122 systemd[1]: xinetd.service: Failed with result 'timeout'.
Jun 11 07:27:24 qt5122 systemd[1]: Failed to start Xinetd A Powerful Replacement For Inetd.
Jun 11 07:31:38 qt5122 systemd[1]: Starting Xinetd A Powerful Replacement For Inetd...
Jun 11 07:31:38 qt5122 systemd[1]: xinetd.service: Permission denied while opening PID file or unsafe symlink chain: /var/run/xinetd.pid
Jun 11 07:33:08 qt5122 systemd[1]: xinetd.service: Start operation timed out. Terminating.
Jun 11 07:33:08 qt5122 systemd[1]: xinetd.service: Failed with result 'timeout'.
Jun 11 07:33:08 qt5122 systemd[1]: Failed to start Xinetd A Powerful Replacement For Inetd.
[1]: https://github.com/systemd/systemd/issues/8085
[2]: https://github.com/felixonmars/archlinux-community/commit/e49040636737fdb09031e75ec4d73a580f80676b
(From OE-Core rev: eea25f03e4c46cfe0d05df46f8f50e1389179c80)
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e4b365eb76bc634ff0707bddc578ff1d839c8588)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
"The cpio_safer_name_suffix function in util.c in cpio 2.11 allows
remote attackers to cause a denial of service (out-of-bounds write)
via a crafted cpio file."
https://nvd.nist.gov/vuln/detail/CVE-2016-2037
Note that there appear to be two versions of this fix. The original
patch posted to the bug-cpio mailing list [1] is used by Debian [2],
but apparently causes regression [3]. The patch accepted to the
upstream git repo [4] seems to be the most complete fix.
[1] https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
[2] https://security-tracker.debian.org/tracker/CVE-2016-2037
[3] https://www.mail-archive.com/bug-cpio@gnu.org/msg00584.html
[4] http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=d36ec5f4e93130efb24fb9678aafd88e8070095b
(From OE-Core rev: f170288ac706126e69a504a14d564b2e5c3513e4)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 31a87d4d1dc80c6054c15a6f7dbc83b4d79bf0b2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 7dad119dd0ee82b14a82b2a0b5a89f790e3bc007)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a0a395a8c614277cdbfe3f13ae7f200c85d1f2b5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Merge contents of cpio_v2.inc into the only recipe which uses it.
(From OE-Core rev: 162ff3871779d646dadc7e7287f4667641d6e612)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b177ee9244e1978bcfcaab799e83fcb7d5e6242c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It should be RCONFLICTS_${PN} instead of RCONFLICTS_${PN}-syslog.
There's no ${PN}-syslog package.
(From OE-Core rev: 840d04182bc71ae3f6f562f668b9900c5625e1aa)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ae49d379b74bc2dd63ba3b946b3fb85726458575)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
We ship the open posix test suite already but it isn't compiled.
Let's build it and make it ready to use on the device.
(From OE-Core rev: 79b22a2539b7dec762523ca544e27b9cce7ee81e)
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix below errors while pam is enabled on target:
root@qemux86:~# newusers
newusers: PAM: Authentication failure
root@qemux86:~# chpasswd
chpasswd: PAM: Authentication failure
The configs copied from "chgpasswd" which command works with pam.
(From OE-Core rev: f6efc1dbd1f3a0f68ee731ff2b5a5d798ecf2cf8)
Signed-off-by: Hu <yadi.hu@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* add libselinux to PACKAGECONFIG for at
(From OE-Core rev: 978309270afc0e3d3fd9c46f68ddf28db99d7416)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* Correct the command location in ptest scripts such as
update the line "#!/bin/awk -f" to "#!/usr/bin/awk -f" in the
file /usr/lib64/gawk/ptest/test/fcall_exit2.awk belongs
to package gawk-ptest and the line "#!/usr/local/bin/gawk -f"
to "#!/usr/bin/gawk -f" in the file
/usr/lib64/gawk/ptest/test/fnarydel.awk
(From OE-Core rev: 66aa9f1424202a583acd168182ae13ea68e2ab15)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 86f137436da8a6d4aded66e586ba2b1eff725022)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Bug fix release per gawk release notes]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Update shadow to change ownership of /var/spool/mail from root:root to
root:mail and permission from 0755 to 0775 just as in most popular
distributions such as fedora and debian(It also set setgid bit in debian
but we don't need it).
(From OE-Core rev: b3ab5fe359c38cdd5cd86cb8ffe076d7a2baac18)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Noteworthy changes:
* Fix cookie injection (CVE-2018-0494)
* Enable TLS1.3 with recent OpenSSL environment
* New option --ciphers to set GnuTLS / OpenSSL ciphers directly
* Updated CSS grammar to CSS 2.2
* Fixed several memleaks found by OSS-Fuzz
* Fixed several buffer overflows found by OSS-Fuzz
* Fixed several integer overflows found by OSS-Fuzz
* Several minor bug fixes
(From OE-Core rev: 5b966e87aba19629408daeff25c1e6883300fb10)
Signed-off-by: Jibin Xu <jibin.xu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Avoid collision of propcs provided w binary with BusyBox-provided
applet in case both are installed to same rootfs, by adding w to
update-alternatives scope via bindir_progs variable
(From OE-Core rev: de4206c6fd0c3be77d71958f532604b65a4dd5be)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 6e3ea2f17bcd9d942f838ba972338d92e95f65d4)
Signed-off-by: Kevin Carli <k.carli@overkiz.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add groff to RDEPENDS_${PN}, otherwise, the 'man' command cannot
work correctly on target.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fedora28[1] has decided to go ahead and use libxcrypt to replace libcrypt from glibc
despite the change not having merged into glibc upstream yet. This breaks the use of
uninative in OE on fedora28 since binaries there are now using new symbols only found
in libxcrypt. libxcrypt is meant to be backwards compatible with libcrypt but not the
reverse.
Since this will impact OE in the next release cycle, this changes nativesdk only
to use this new model and adds libxcrypt to work in that case. This allows us to
build a uninative which is compatible with fedora28 and previous other OSes.
In order to work, recipes will now need to depend on virtual/crypt where they use
libcrypt since its now a separate library and we can't depend on it from glibc to
preseve backwards compatibility since glibc needs to build first. For now, only the
problematic nativesdk recipes have been fixed up. For target use, the default
provider remains glibc for now. Assuming this change is merged into upstream glibc,
we will need to roll this change out for the target but we will do this in the next
release cycle when we can better deal with the resulting bugs.
[1] https://fedoraproject.org/wiki/Changes/Replace_glibc_libcrypt_with_libxcrypt
Original patch from Charles-Antoine Couret <charles-antoine.couret@essensium.com>,
tweaked by RP to add virtual provides, SkipRecipe for libxcrypt and other minor
tweaks.
Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@essensium.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ps: invalid option -- 'e'
BusyBox v1.27.2 (2018-03-17 09:07:25 PDT) multi-call binary.
Usage: ps
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix non-void function 'fix_options' should return a value.
Add function prototype to tcpd.c and miscd.c.
Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Fix RDEPENDS
* Upstream v1.12_9 is a development version, not a stable release
* Add UPSTREAM_CHECK_REGEX skip development releases
* Drop anonymous python function to "fix" version, which breaks
auto-upgrade-helper (AUH)
* Use LICENSE file for checksum rather than ephemeral META.yml
* License remains the same
Fixes: [YOCTO #12581]
License-Update: use LICENSE file for checksum
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* fails for nativesdk-shadow with:
pwconv: /etc/passwd.29063: No such file or directory
pwconv: cannot lock /etc/passwd; try again later.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* wrong revision of this patch, where the commit message didn't match
with the default PACKAGECONFIG value, was merged to master, update
it to avoid confusion
* it got enabled by default, but without the dependency on libidn in:
commit 5997981fa2c22609a88b8cbb595dbf7758b2f7c2
Author: Alexander Kanavin <alexander.kanavin@linux.intel.com>
AuthorDate: Thu Feb 1 20:02:08 2018 +0200
Subject: iputils: update to 20161105
* https://github.com/iputils/iputils/blob/master/RELNOTES.old
mentiones that IDN was enabled by default in:
[s20160308] and surprisingly the same in [s20150815]
but there are no release notes for s20151218 version we were using until
now, don't know how it really relates to [s20150815].
* but there are some issues with libidn as described in:
https://github.com/iputils/iputils/commit/f3a461603ef4fb7512ade3bdb73fe1824e294547
so disable it by default.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
fixes:
WARNING: libsolv-0.6.33-r0 do_patch:
Some of the context lines in patches were ignored. This can lead to
incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
Applying patch
0001-Add-fallback-fopencookie-implementation.patch
patching file ext/CMakeLists.txt
patching file ext/solv_xfopen.c
Hunk #1 succeeded at 12 with fuzz 1 (offset -1 lines).
Hunk #2 succeeded at 25 (offset -18 lines).
Hunk #3 succeeded at 34 (offset -18 lines).
Hunk #4 succeeded at 46 (offset -18 lines).
patching file ext/solv_xfopen_fallback_fopencookie.c
patching file ext/solv_xfopen_fallback_fopencookie.h
Now at patch 0001-Add-fallback-fopencookie-implementation.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* it got enabled by default, but without the dependency on libidn in:
commit 5997981fa2c22609a88b8cbb595dbf7758b2f7c2
Author: Alexander Kanavin <alexander.kanavin@linux.intel.com>
AuthorDate: Thu Feb 1 20:02:08 2018 +0200
Subject: iputils: update to 20161105
* https://github.com/iputils/iputils/blob/master/RELNOTES.old
mentiones that IDN was enabled by default in:
[s20160308] and surprisingly the same in [s20150815]
but there are no release notes for s20151218 version we were using until
now, don't know how it really relates to [s20150815].
* but there are some issues with libidn as described in:
https://github.com/iputils/iputils/commit/f3a461603ef4fb7512ade3bdb73fe1824e294547
so disable it by default.
* fails with:
| In file included from ping_common.c:1:0:
| ping.h:39:10: fatal error: idna.h: No such file or directory
| #include <idna.h>
| ^~~~~~~~
* Easiest way to reproduce this failure is to remove libidn from gnutls
PACKAGECONFIG or to use gnutls which doesn't have libidn PACKAGECONFIG
at all (like the one in meta-gplv2).
* First it leads to following QA issue:
http://errors.yoctoproject.org/Errors/Build/53212/
ERROR: iputils-s20161105-r0 do_package_qa: QA Issue: iputils-ping rdepends on libidn, but it isn't a build dependency, missing libidn in DEPENDS or PACKAGECONFIG? [build-deps]
ERROR: iputils-s20161105-r0 do_package_qa: QA Issue: iputils-traceroute6 rdepends on libidn, but it isn't a build dependency, missing libidn in DEPENDS or PACKAGECONFIG? [build-deps]
ERROR: iputils-s20161105-r0 do_package_qa: QA run found fatal errors.
Please consider fixing them.
ERROR: iputils-s20161105-r0 do_package_qa: Function failed:
do_package_qa
ERROR: Logfile of failure stored in: /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/iputils/s20161105-r0/temp/log.do_package_qa.7627
ERROR: Task (/OE/build/oe-core/openembedded-core/meta/recipes-extended/iputils/iputils_s20161105.bb:do_package_qa) failed with exit code '1'
* But if you cleansstate iputils as well (after removing libidn from
gnutls PACKAGECONFIG) to empty iputils RSS, then you get the error about
missing idna.h:
http://errors.yoctoproject.org/Errors/Build/53213/
* Adding the libidn dependency explicitly in iputils recipe fixes the
issue.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Since watchdog and watchdog-keepalive packages can't be installed
together, move wd_keepalive.service to watchdog-keepalive package.
Remove the inter-dependencies of watchdog and wd_keepalive
services as well.
[YOCTO #12565]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade slang from 2.3.1a to 2.3.2.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Ross Burton
Armin Kuster
Martin Hundebøll
Changqing Li
Jagadeesh Krishnanjanappa
Andrej Valek
Rui Wang
Ricardo Ribalda Delgado
Andre McCurdy
Chen Qi
Fathi Boudra
yadi.hu@windriver.com
Mingli Yu
Li Wang
Kai Kang
Jibin Xu
Niko Mauno
Kevin Carli
Richard Purdie
akuster@mvista.com
Oleksiy Obitotskyy
Tim Orling
Martin Jansa
Maxin B. John
Huang Qiyu
Khem Raj