| Age | Commit message (Collapse) | Author | Files |
|---|
|
The package_write task was previously removed. Remove a remaining superfluous
reference to it.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Now populate_sdk_base has the appropriate flags, we can drop these from the individual
classes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
nativesdk packages were created only for the first backend listed in
PACKAGE_CLASSES. Hence, if one had it set to "package_rpm package_ipk"
and did a 'bitbake -c populate_sdk core-image-something', the nativesdk
packages were created only for rpm.
This is particularily bad for adt-installer which is based on opkg
repos.
Credits go to richard.purdie@linuxfoundation.org who suggested me this
fix.
[YOCTO #5900]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This commit adds a new _cleanup() internal method that will be called at
the end of rootfs creation, so that each backend can delete various
files that were probably generated during rootfs postprocess execution,
etc.
[YOCTO #6049]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Do not delete the __db.00* files in the PackageManager class. Leave this
operation up to the client classes. One side effect of this deletion was
the following message appearing in the output of the next rpm command
executed:
rpmdb: BDB1540 configured environment flags incompatible with existing
environment
We might also gain some time here by not deleting/creating those files
very often.
[YOCTO #6049]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via
invalid handshake packets.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5605
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Integer overflow in Mozilla Network Security Services (NSS)
3.15 before 3.15.3 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via a
large size value.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1741
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
cve description:
The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier
allows context-dependent attackers to cause a denial of service
(out-of-bounds write and crash) or possibly execute arbitrary code via
a crafted GIF image.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4244
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE description:
Integer signedness error in the archive_write_zip_data function in
archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running
on 64-bit machines, allows context-dependent attackers to cause a denial of
service (crash) via unspecified vectors, which triggers an improper conversion
between unsigned and signed types, leading to a buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0211
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
lib/autotest/general.m4: added "--am-fmt | -A" command line parameter
for testsuite script to enable "RESULT: testname" output format; to be
used by yocto ptest packages directly or with autoconf TESTSUITEFLAGS.
Signed-off-by: Radu Patriu <radu.patriu@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ocf-linux only provides header file and no kernel module is built. We
can't use ocf-linux without its implementation. And linux-yocto uses an
alternative project cryptodev-linux, so we remove ocf-linux and use
cryptodev-linux instead.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ocf-linux only provides header files but no implementation in kernel.
And Yocto kernel linux-yocto use cryptodev-linux to implement
/dev/crypto interface. So replace dependency ocf-linux with
cryptodev-linux for openssl.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Yocto kernel linux-yocto uses cryptodev-linux to use device /dev/crypto.
So add cryptodev-linux which is one alternative of ocf-linux and then
remove ocf-linux later.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The old implementation was wrong. It was not very generic and it checked
IMAGE_FEATURES while building the recipe, which led to various issues
with the generation of the final script. That is, the run-postinsts
script was generated once, while building the package for the first
time. Hence, any other changes to IMAGE_FEATURES, like removing/adding
'package-management' did not reflect in the final script.
This commit makes run-postinsts script autodetect the backend used for
creating the image, making it generic.
[YOCTO #5666]
[YOCTO #5972]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Build Appliance includes a more recent version
of poky, up to commit:
ae938eba92b2c89a9fd91161e57c5dbc594ad4ad.
Adds bitbake fixes/optimizations;
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix the warning:
WARNING: QA Issue: gummiboot: Files/directories were installed but not shipped
/usr/lib
/usr/lib/gummiboot
/usr/lib/gummiboot/gummibootx64.efi
This is because it uses "/usr/lib" in gummibootlibdir, use ${libdir} to
fix it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Fix the error:
[snip]
| nm -D -u src/efi/gummiboot.so | grep ' U ' && exit 1 || :
| objcopy -j .text -j .sdata -j .data -j .dynamic \
| -j .dynsym -j .rel -j .rela -j .reloc -j .eh_frame \
| --target=efi-app-x86_64 src/efi/gummiboot.so gummibootx64.efi
| objcopy: src/efi/gummiboot.so: Invalid bfd target
| make[1]: *** [gummibootx64.efi] Error 1
| make[1]: *** Waiting for unfinished jobs....
| make: *** [all] Error 2
[snip]
It uses the "objcopy" directly, which is not suitable for cross compile.
[YOCTO #6054]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
The gummiboot depends on gnu-efi which had set:
COMPATIBLE_HOST = "(x86_64.*|i.86.*)-linux"
We also need set this for gummiboot, otherwise there would be build
failures for other non-x86 archs.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Its LIBDIR in Makefile is:
LIBDIR = $(PREFIX)/lib
This is incorrect for 64 bit bsp, thus will cause build failures on gummiboot:
ld: cannot open linker script file /path/to/usr/lib64/elf_x86_64_efi.lds: No such file or directory
[YOCTO #6053]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
This patch adds the bitbake qemu option for the ppc e6500 &
ppc e6500-64b architectures.
Signed-off-by: Valentin Cobelea <valentin.cobelea@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
test_warnings_errors
The test failed when more than 1 error or 1 warning is present.
Also pasting the bitbake output when the test fails.
Signed-off-by: Corneliu Stoicescu <corneliux.stoicescu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LSB lsb_log_message calls a begin()
function that should be implemented
in /etc/init.d/functions.
The aforementioned script does not
implement the begin() function, as
such there is a small issue related to logging.
This fix implements a local version of
the function, while cleaning up the
troublesome previous implementation.
Fix [YOCTO #5795]
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Replace 'rootfs' with '/dev/root' in read_only_rootfs_hook function
to match the latest change in fstab file from the base-files recipe.
The related commit is as follows.
commit e8bc7a136a81a0d8df2d32dfba0920c1b2835141
base-files: use /dev/root in /etc/fstab for systemd support
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
References to "perl-native" were slipping into the target packages. These
changes ensure those references are cleaned up and that tools using perl
are packaged in the correct perltools package. The same issues affected
the nativesdk-git output so are also applied there.
[YOCTO #5918]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There were two ConfigParsed event handlers in base.bbclass, this merges
them together for small efficiency wins.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bitbake will now trigger sanity events when it needs the checks to run in all cases
so we can drop the ConfigParsed hook. We now control whether events are generated
or errors are raised from the event itself.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Its possible for classes listed in INHERIT directives to use things like
the oe.utils functions. If that happens the user sees a traceback since
the modules don't become available until the ConfigParsed event.
This change to use immediate expansion means that the oe modules become available
much sooner and can be used in the core classes, including within base.bbclass.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The SRCREV_machine line does not work without having name=machine
attribute in SRC_URI.
This error is seen if the custom kernel recipe is used without
the name attribute:
NOTE: Error during finalise of .../linux-yocto-custom.bb
ERROR: ExpansionError during parsing .../linux-yocto-custom.bb: Failure expanding variable do_patch: ExpansionError: Failure expanding variable SRCPV, expression was ${@bb.fetch2.get_srcrev(d)} which triggered exception FetchError: Fetcher failure for URL: 'git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git;protocol=git;nocheckout=1'. Please set a valid SRCREV for url ['SRCREV_default_pn-linux-yocto-custom', 'SRCREV_default', 'SRCREV_pn-linux-yocto-custom', 'SRCREV'] (possible key names are git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git;protocol=git;nocheckout=1, or use a ;rev=X URL parameter)
Signed-off-by: Jukka Rissanen <jukka.rissanen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The special case when wic is set up to use SD/MMC-Cards in place
of sdX disks is not handled properly.
Append 'p' to the rootdev when disk is SD/MMC-Cards fix this situation.
Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The native sysroot should not be used as a store for the lists files since
multiple images running at once would conflict over this. Instead redirect
this to WORKDIR. This means some extra directories need to be created.
Also create apt.conf.d to silence some warnings.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
a) There were missing parameters to the release and package commands (".")
b) The commands need to be executed as one block since they build upon each other
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Processing directories twice is both pointless and introduces a race condition.
When building the list, ensure duplicates (like "all" and "noarch") are handled
correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* The mmc-utils are useful userspace utilities for configuring and
working with MMC devices. These are particularly useful when
working with eMMC devices to do the initial programming of the
device.
Signed-off-by: Chase Maupin <Chase.Maupin@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If we run "bitbake -S base-files" today, and re-run it tomorrow with
nothing changed, we would see that the do_install.sigdata changes
because of:
do_intall -> do_install_basefilesissue -> DISTRO_VERSION -> DATE
We had set:
IMAGE_NAME[vardepsexclude] += "DATETIME"
in meta/conf/bitbake.conf, we can set a similar line in
base-files_3.0.14.bb to fix the problem.
[YOCTO #6032]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The problem is that do_configure.sigdata depends on STAMPS_DIR because:
do_configure -> STAMPCLEAN -> STAMPS_DIR
this will make the sigdata generated by "STAMPS_DIR=/tmp/stps bitbake -S
recipe" doesn't match the ones in our build dir, but it should. We can
add STAMPS_DIR or STAMPCLEAN to BB_HASHBASE_WHITELIST to fix the
problem, but we can't add STAMPS_DIR since once it is in
BB_HASHBASE_WHITELIST, the "STAMPS_DIR=/tmp/stps bitbake -S recipe"
would not run again.
[YOCTO $6031]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The qsort_r() was added to glibc in version 2.8, so there is no qsort_r() on
the host like CentOS 5.x, use qsort() to fix it since they are nearly
identical.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Linux kernel requires that initrd images contain a /init file for
the image to be used as an initrd, even if it is empty. Adding it into
the rootfs directory creates a race, that can upset tar when building
both a .tar and .cpio image file ("tar: .: file changed as we read it").
Additionally, whether or not the tar file will contain the /init file is
also up to the race condition.
To avoid this problem, move the /init addition out from the rootfs
directory, and thus only include it in the .cpio image.
Signed-off-by: Jonas Eriksson <jonas.eriksson@enea.com>
Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com>
Cc: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions
with certain patterns that introduce a side channel, which allows physically
proximate attackers to extract RSA keys via a chosen-ciphertext attack and
acoustic cryptanalysis during decryption. NOTE: applications are not typically
expected to protect themselves from acoustic side-channel attacks, since this
is arguably the responsibility of the physical device. Accordingly, issues of
this type would not normally receive a CVE identifier. However, for this
issue, the developer has specified a security policy in which GnuPG should
offer side-channel resistance, and developer-specified security-policy
violations are within the scope of CVE.
Signed-off-by: Yong Zhang <yong.zhang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits
cleared (no usage permitted) as if it has all bits set (all usage permitted),
which might allow remote attackers to bypass intended cryptographic protection
mechanisms by leveraging the subkey.
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add the filter license comment for archiver.bbclass.
[YOCTO #5740]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We add the PN to the buildstats event data in order to
proper select database task when multiple similar tasks
are executed for the same recipe file.
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since yasm has been moved to OE-core, there is no reason for not enabling
yasm by default anymore. It improves performance of gstreamer1.0-libav
considerably.
Signed-off-by: Carlos Rafael Giani <dv@pseudoterminal.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Adress the warning
| warning: group pulse does not exist - using root
Piglit files from framework/ generated_tests/ tests/
and templates/ belong to xuser/pulse.
Don't keep the permissions while shipping the files,
they should be root/root.
[YOCTO #6028]
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The nslookup had been disabled from 2010 (or earlier), but it still in
FILES_${PN}-utils, we need remove it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
