| Age | Commit message (Collapse) | Author |
|---|
|
CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323
http://bugzilla.maptools.org/show_bug.cgi?id=2559
Patch from:
https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321
http://bugzilla.maptools.org/show_bug.cgi?id=2558
Patch from:
https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2016-3186 libtiff: buffer overflow in the readextension function in
gif2tiff.c allows remote attackers to cause a denial of service via a
crafted GIF file
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186
https://bugzilla.redhat.com/show_bug.cgi?id=1319503
Patch from:
https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
External Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8784
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2015-8781 libtiff: out-of-bounds writes for invalid images
External Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8781
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If the path to "ROOT_SYSCONFDIR /mke2fs.conf" has a permission denied problem,
then the get_dirlist() call will return EACCES. But the code in profile_init
will treat that as a fatal error and all executions will fail with:
Couldn't init profile successfully (error: 13).
But the problem should not really be visible for the target package as the path
then will be "/etc/mke2fs.conf", and it is not likely that a user have no
permission to read /etc.
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It can take a bit for USB devices to be detected, so if a USB device is
your rootfs and you don't set rootwait you will most likely get a kernel
panic. Fix this by adding rootwait to the kernel command line on
installation.
Fixes [YOCTO #9462].
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This patch enabled out-of-tree builds for u-boot. This also helps building
u-boot using EXTERNALSRC flow
Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This patch adds DROPBEAR_RSAKEY_ARGS and DROPBEAR_DSSKEY_ARGS optional
parameters to /etc/default/dropbear. The contents are simply passed to
the 'dropbearkey' program when generating a host key.
The default keysize for RSA is currently 2048 bits. It takes a CortexA9
running at 700MHz between 4 and 10 seconds to calculate a keypair. The
board boots Linux in about a second, but you have to wait for several
seconds because of the keypair generation. This patch allows one to put
the line DROPBEAR_RSAKEY_ARGS="-s 1024" into /etc/default/dropbear, and
have a host key generated in about 0.2 seconds on the same CPU. This is
particulary useful for read-only rootfs systems which generate a key on
each boot.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
booting
When live booting, we need to make sure the running udev processes are killed
to avoid unexepected behavior, we do this just before switching root,
once we do, a new udev process will be spawned from init and will take care
of whatever work was still missing
[YOCTO #9520]
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
By default the system will expand the extra os entries for uclibc and musl
even if they are not enabled in the build. There was no way to prevent this
behavior while still getting the expansion for things like x32 or spe.
The change adds a new setting which a distribution creator can override
easily, setting the base set of canadianextraos components. The other
expansions are then based on this setting.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
They used to fail with PIE enabled, but no longer do.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Without this, we get to know the command failed and the exit code but
have no idea how the command failed since we don't get the output by
default.
This makes it much easier to see what went wrong and stand a chance of
fixing it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently the code gives tracebacks if there are no recipes to be built in a
BuildStarted event. Parse the list into a string rather than just taking the
first item. There is nothing special about the first time.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Uninative 1.2 didn't contain the nativesdk locale fix we really needed
to release and update to uninative 1.3 which does contain that fix
and also uses glibc 2.24 final release.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Give each rootfs its own RPM channel to use. This puts the RPM metadata
in a private subdirectory of $WORKDIR, rather than living in DEPLOY_DIR
where other tasks may race with it.
This allows us to reduce the time that the rpm.lock is held to only the
time needed to hardlink the RPMs, allowing the majority of the rootfs
operation to run in parallel.
Also, this fixes the smart tests by generating an index for all packages
at the time of the test, rather than using the one provided by the
rootfs process.
Original credit for the enhancement should go to Steven Walter
stevenrwalter@gmail.com.
Signed-off-by: Stephano Cetola <stephano.cetola@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch fixes an error where dbus configure doesn't detect
stdint.h correctly.
Upstream commit 1bfde222 on branches dbus-1.10 and master
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We don't need/wan't to run resize on an ssh connection. It's useless and
it breaks the Eclipse SSH debug connection. So, we added a check.
YOCTO #9362
Signed-off-by: bavery <brian.avery@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This effectively reverts the commit
3dd233ac0c80393824100c54bb525236f8290fd2
gold now emits errors on copy relocs against
protected symbols what ld.bfd did in past, however
it seems its too conservative.
This does not fix the case for folks who
use gold as default linker, however it
does make bintuls 2.27 work with default
configuration of OE
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
with binutils 2.27, mips has got the gold support
but it doesnt work for webkitgtk _yet_ therefore
disable it for now.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The upstreamable include fixes have been sent upstream. The patch set adds
AC_USE_SYSTEM_EXTENSIONS so we don't need to explictly define _GNU_SOURCE
anymore.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
With binutils 2.27 on at least MIPS, connmand will crash on startup. This
appears to be due to the symbol visibilty scripts hiding symbols that stdio
looks up at runtime, resulting in it segfaulting.
This certainly appears to be a bug in binutils 2.27 although the problem has
been known about for some time:
https://sourceware.org/bugzilla/show_bug.cgi?id=17908
As the version scripts are only used to hide symbols from plugins we can safely
remove the scripts to work around the problem until binutils is fixed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Now Runner's support extra_bootargs for the kernel so add
extra_bootparams to the start() methods to avoid exception.
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When using non-tty consoles (e.g. VirtIO console /dev/hvc0) the
current init system fails with:
process '/sbin/getty 115200 hvc0' (pid 545) exited. Scheduling for restart.
can't open /dev/ttyhvc0: No such file or directory
The first field needs to be a valid device. The BusyBox inittab example
explains as follows:
"<id>: WARNING: This field has a non-traditional meaning for BusyBox init!
The id field is used by BusyBox init to specify the controlling tty for
the specified process to run on. The contents of this field are
appended to "/dev/" and used as-is."
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Prior to running oe_runmake make sure $B is the cwd. This is required
due to bitbake commit 67a7b8b021badc17d8fdf447c250e79d291e75f7
"build: don't use $B as the default cwd for functions".
Without this change, do_concat_dtb fails with:
| ERROR: oe_runmake failed
| make: *** No targets specified and no makefile found. Stop.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Handle u-boot.rom signing (U-Boot as x86 BIOS replacement) the same way
that u-boot.img signing is handled.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For x86, bzImage must be built instead of zImage.
Include setup.bin (which is required to boot the kernel) in the fitimage
and always use a load/boot address of 0x00090000.
For details see:
http://git.denx.de/?p=u-boot.git;a=blob;f=doc/uImage.FIT/x86-fit-boot.txt
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If INITRAMFS_IMAGE is set, build an additional fitImage containing the
initramfs. Copy the additional fitImage and the source (*.its) file, used
to create it to DEPLOYDIR. The fitImage containing the initramfs must be
built before do_deploy and after do_install to avoid circular dependencies.
UBOOT_RD_LOADADDRESS - Specifies the load address used by u-boot for the
initramfs.
UBOOT_RD_ENTRYPOINT - Specifies the entry point used by u-boot for the
initramfs.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Prior to assembling the fitimage, ensure that $B is the cwd due to
bitbake commit 67a7b8b021badc17d8fdf447c250e79d291e75f7 "build: don't
use $B as the default cwd for functions".
Without this change, do_assemble_fitimage() fails like:
Log data follows:
| DEBUG: Executing shell function do_assemble_fitimage
| arm-ka-linux-gnueabi-objcopy: 'vmlinux': No such file
| WARNING: exit code 1 from a shell command.
| ERROR: Function failed: do_assemble_fitimage
Signed-off-by: Andrew Bradford <andrew.bradford@kodakalaris.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Herve Jourdain <herve.jourdain@neuf.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Fix multilib + rpm since its multilib package name is special.
* Update SSTATE_DUPWHITELIST to avoid shared location conflicted error.
* Fix message when "not copying", now the messages are:
Copying packages for recipe <foo>
Not copying packages for recipe <foo>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This is a non-functional change, which intends to correct element
names of a tuple returned by Popen.communicate().
Both in python2 and python3 subprocess.Popen.communicate() method
returns a tuple (stdoutdata, stderrdata), thus old assignments and
collateral comments are incorrect from human's point of view, however
formally there is no error in the code.
The change is desired to have to avoid copy-paste errors in future.
Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This is a non-functional change, which intends to correct element
names of a tuple returned by Popen.communicate().
Both in python2 and python3 subprocess.Popen.communicate() method
returns a tuple (stdoutdata, stderrdata), thus old assignments and
collateral comments are incorrect from human's point of view, however
formally there is no error in the code.
The change is desired to have to avoid copy-paste errors in future.
Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Previously, find_license_files() in license.bbclass just blindly assumed
that all different licenses specified in LIC_FILES_CHKSUM have unique
filenames. As a consequence, only the last one of these similarly named
license files was copied and the rest were "lost". This patch changes
the behavior so that all license files get copied. However, if multiple
identically named files are found, they are renamed to <file>.0,
<file>.1 etc.
The patch also changes the handling of NO_GENERIC_LICENSE slightly.
Previously, only basenames of NO_GENERIC_LICENSE and LIC_FILES_CHKSUM
were compared when searching for the correct license file. After this
patch NO_GENERIC_LICENSE must have the full path, matching what is
specified in LIC_FILES_CHKSUM. This is required in order to be able
to handle identical filenames (basenames) consistently. For example, if
you have:
LICENSE = "my-custom-license"
LIC_FILES_CHKSUM = "file://src/LICENCE;md5=d41d8cd98f00b204e9800998ecf8427e"
you must specify:
NO_GENERIC_LICENSE[my-custom-license] = "src/LICENCE"
[YOCTO #9663]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
|
|
With some hardware the name of the device node and the name in
/proc/console differ. This causes SERIAL_CONSOLES_CHECK to not enable
working consoles in these cases. This patch changes SERIAL_CONSOLES_CHECK
to have an optional alias for the checked consoles. The new format is:
<device>:<alias to check(optional)>
Fixes [YOCTO #9440].
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This code was outputting variables by iterating a dictionary. In Py2 this
always results in the same iteration order but with Py3 the order changes every
execution, which resulted in buildhistory having to store diffs where fields
were simply re-ordered.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
LICENSE_${PN} shouldn't contain anything that is not specified in LICENSE.
[YOCTO #10075]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
provide similar behaviour for Media Player's quit and close callback
functions.
[YOCTO #10045]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
dpkg is using a script (dpkg-architecture.pl) to detect the target
architecture automatically.
Unfortunately, it is using the cross compiler prefix to do the detection
and for ARM, oe-core is using <vendor>-linux-gnueabi for toolchains with
and without call-convention hard. The script then always detects
'armel' and never gets 'armhf' for call-convention hard.
This solves:
dpkg: error processing archive evtest_1.32+0+b8343ec112-r0_armhf.deb (--install):
package architecture (armhf) does not match system (armel)
Errors were encountered while processing:
evtest_1.32+0+b8343ec112-r0_armhf.deb
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Options and directory separator -- slipped past the patch removing
Debianims, thus resulting in failures on hosts running Fedora.
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
gcc and libunwind race and when libunwind wins
results are build fails for gcc as described
this is only seen on musl/arm since on musl
/usr/include is search before gcc fixed headers
and unwind.h is in fixed headers. So it works
ok on glibc but not on musl due to reversed search
order.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
SIGEMT doesnt exist on musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
HTTPServer now supports multiple connections using Python threads.
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Starting from tar 1.29 the --exclude option won't work
anymore if is not used before the path. There are some
recipes that copy the ptest using tar and --exclude
option. This fixes these for OE-Core recipes.
[YOCTO #9763]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The bat PACKAGECONFIG does not install the test script correctly. Fix
this by following the packaging used for the other bash scripts. While
at it, fix some tabs.
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Settings from EXTRA_OECONF like en/disable no-ssl3, are transferred
only into DEPFLAGS. It means that settings have no effect on output files.
DEPFLAGS will be transferred into output files with make depend command.
https://wiki.openssl.org/index.php/Compilation_and_Installation#Dependencies
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Monitoring the process started by gnome-terminal was
spinning in a busy-loop. Insert some sleeping so that
we don't eat all the cpu.
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This directory is created on demand, and won't be visible if /var/log is a
tmpfs, so don't bother shipping it.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
[YOCTO #9827]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For example in a directory structure like this
.
├── symlink -> foo/bar
└── foo
└── bar
└── file
'file' could be referenced by specifying e.g. 'foo/bar/file' or
'symlink/file'. In cases like this populate_packages() might crash if
the file was referenced (in FILES) via the symlinked directory. The
outcome depends on how the user defined FILES_pn. This patch should
make the function behave more consistently. It looks for files which are
referenced via symlinked directories and handles them separately,
failing if their parent directory is a non-existent path. For example,
defining FILES_{PN} = "symlink/file" causes a build failure because
symlinks target 'foo/bar' is not included at all.
[YOCTO #9827]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
Yi Zhao
Armin Kuster
Jackie Huang
California Sullivan
Manjukumar Matha
Mike Looijmans
Alejandro Hernandez
Mark Hatle
Alexander Kanavin
Richard Purdie
Stephano Cetola
Ioan-Adrian Ratiu
bavery
Khem Raj
Ross Burton
Aníbal Limón
Stefan Agner
George McCollister
Andrew Bradford
Herve Jourdain
Robert Yang
Vladimir Zapolskiy
Markus Lehtonen
Maxin B. John
Alexandre Belloni
Maciej Borzecki
Mariano Lopez
Stefan Müller-Klieser
Andrej Valek
Jacob Kroon