openembedded-core.git/meta/recipes-core, branch master-next2 Mirror of openembedded-core libxml2: move python module to Python 3 2017-04-28T10:32:21+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2017-04-21T12:39:54+00:00 21451351d9662bbf2a6f4048f383a39b6082f958 Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
ovmf: Fix build with gcc7 2017-04-28T10:32:21+00:00 Khem Raj raj.khem@gmail.com 2017-04-21T20:55:22+00:00 f75fae52ea38e0df981c52b0c0cb8e39287d553b backport a patch which fixing warnings with gcc7 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
backport a patch which fixing warnings with gcc7

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
libxml2: CVE-2016-9318 2017-04-28T10:26:07+00:00 Catalin Enache catalin.enache@windriver.com 2017-04-14T08:43:32+00:00 0dd44c00e3b2fbc3befc3f361624a3a60161d979 libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and other products, does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
build-appliance-image: Update to master head revision 2017-04-21T07:22:14+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-04-21T07:22:14+00:00 e584be78f92ee6f08f570c239698d56ac78d05f9 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
busybox: fix typo in CVE-2016-2147_2.patch Upstream-Status tag 2017-04-21T07:22:00+00:00 Andre McCurdy armccurdy@gmail.com 2017-04-20T00:47:34+00:00 7fe8bb9c736eadbd1201c008e57527cee9de9a71 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
build-appliance-image: Update to master head revision 2017-04-20T07:16:42+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-04-20T07:16:42+00:00 0126fe8934ecae3c91e441c4e1f5a86a15837679 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
build-appliance-image: Update to master head revision 2017-04-20T07:16:12+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-04-20T07:16:12+00:00 0b8167fa3e792dac272e24e3f06af88ada90ff14 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
busybox: drop unmaintained _git recipe 2017-04-13T22:58:19+00:00 Andre McCurdy armccurdy@gmail.com 2017-03-30T18:06:20+00:00 139c97fa7f71a554ce85900ac33054a216db62e9 The busybox _git recipe is not formally tested or kept up to date. The gstreamer _git recipes were recently removed from oe-core and the justifications for that change apply to the busybox _git recipe too. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
The busybox _git recipe is not formally tested or kept up to date.
The gstreamer _git recipes were recently removed from oe-core and the
justifications for that change apply to the busybox _git recipe too.

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
base-passwd/useradd: Various improvements to useradd with RSS 2017-04-13T22:57:37+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-04-12T17:29:09+00:00 1b5afaf437f7a1107d4edca8eeb668b9618a5488 Currently there are multiple issues with useradd: * If base-passwd rebuilds, it wipes out recipe specific user/group additions to sysroots and causes errors * If recipe A adds a user and recipe B depends on A, it can't see any of the users/groups A adds. This patch changes base-passwd so it always works as a postinst script within the sysroot and copies in the master files, then runs any postinst-useradd-* scripts afterwards to add additional user/groups. The postinst-useradd-* scripts are tweaked so that if /etc/passwd doesn't exist they just exit, knowning they'll be executed later. We also add a dummy entry to the dummy passwd file from pseudo so we can avoid this too. There is a problem where if recipe A adds a user and recipe B depends on A but doesn't care about users, it may not have a dependency on the useradd/groupadd tools which would therefore not be available in B's sysroot. We therefore also tweak postinst-useradd-* scripts so that if the tools aren't present we simply don't add users. If you need the users, you add a dependency on the tools in the recipe and they'll be added. We add postinst-* to SSTATE_SCAN_FILES since almost any postinst script of this kind is going to need relocation help. We also ensure that the postinst-useradd script is written into the sstate object as the current script was only being added in a recipe local way. Thanks to Peter Kjellerstedt <pkj@axis.com> and Patrick Ohly for some pieces of this patch. [Yocto #11124] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Currently there are multiple issues with useradd:

* If base-passwd rebuilds, it wipes out recipe specific user/group additions
  to sysroots and causes errors
* If recipe A adds a user and recipe B depends on A, it can't see any of the
  users/groups A adds.

This patch changes base-passwd so it always works as a postinst script
within the sysroot and copies in the master files, then runs any
postinst-useradd-* scripts afterwards to add additional user/groups.

The postinst-useradd-* scripts are tweaked so that if /etc/passwd doesn't exist
they just exit, knowning they'll be executed later. We also add a dummy entry to
the dummy passwd file from pseudo so we can avoid this too.

There is a problem where if recipe A adds a user and recipe B depends on A but
doesn't care about users, it may not have a dependency on the useradd/groupadd
tools which would therefore not be available in B's sysroot. We therefore also
tweak postinst-useradd-* scripts so that if the tools aren't present we simply
don't add users. If you need the users, you add a dependency on the tools in the
recipe and they'll be added.

We add postinst-* to SSTATE_SCAN_FILES since almost any postinst script of this
kind is going to need relocation help.

We also ensure that the postinst-useradd script is written into the sstate
object as the current script was only being added in a recipe local way.

Thanks to Peter Kjellerstedt <pkj@axis.com> and Patrick Ohly for some pieces
of this patch.

[Yocto #11124]

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
busybox: In defconfig enable ASH_CMDCMD for built-in 'command' 2017-04-12T14:18:42+00:00 Nathan Rossi nathan@nathanrossi.com 2017-04-11T14:21:26+00:00 e41c90b852167bbcb434da57b84280e855acae33 It is common for *ash shells to have 'command' available as a built-in function. POSIX 2008 also documents the availability of this command. Additionally the /etc/profile of base-files requires this command to be available as of commit e77cdb7611 ("base-files: profile: Do not assume that the tty command exists"). If it is not available the following message is output during login on a image using busybox. -sh: command: not found It however should be noted that tcsh and csh do not provide 'command' (built-in or otherwise). Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
It is common for *ash shells to have 'command' available as a built-in
function. POSIX 2008 also documents the availability of this command.

Additionally the /etc/profile of base-files requires this command to be
available as of commit e77cdb7611 ("base-files: profile: Do not assume
that the tty command exists"). If it is not available the following
message is output during login on a image using busybox.

    -sh: command: not found

It however should be noted that tcsh and csh do not provide 'command'
(built-in or otherwise).

Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>