summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFiles
2017-02-28ovmf: build image which enrolls standard keysPatrick Ohly4
When booting a qemu virtual machine with ovmf.secboot, it comes up with no keys installed and thus Secure Boot disabled. To lock down the machine like a typical PC, one has to enroll the same keys that PC vendors normally install, i.e. the ones from Microsoft. This can be done manually (see https://wiki.ubuntu.com/SecurityTeam/SecureBoot and https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_into_UEFI_Secure_Boot_White_Paper.pdf) or automatically with the EnrollDefaultKeys.efi helper from the Fedora ovmf rpm. To use this with qemu: $ bitbake ovmf-shell-image ... $ runqemu serial nographic qemux86 ovmf-shell-image wic ovmf.secboot ... UEFI Interactive Shell v2.1 EDK II UEFI v2.60 (EDK II, 0x00010000) Mapping table FS0: Alias(s):HD2b:;BLK4: PciRoot(0x0)/Pci(0x5,0x0)/HD(1,GPT,06AEF759-3982-4AF6-B517-70BA6304FC1C,0x800,0x566C) BLK0: Alias(s): PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x0) BLK1: Alias(s): PciRoot(0x0)/Pci(0x1,0x0)/Floppy(0x1) BLK2: Alias(s): PciRoot(0x0)/Pci(0x1,0x1)/Ata(0x0) BLK3: Alias(s): PciRoot(0x0)/Pci(0x5,0x0) Press ESC in 1 seconds to skip startup.nsh or any other key to continue. Shell> fs0:EnrollDefaultKeys.efi info: SetupMode=1 SecureBoot=0 SecureBootEnable=0 CustomMode=0 VendorKeys=1 info: SetupMode=0 SecureBoot=1 SecureBootEnable=1 CustomMode=0 VendorKeys=0 info: success Shell> reset Remember that this will modify deploy/images/qemux86/ovmf.secboot.qcow2, so make a copy and use the full path of that copy instead of the "ovmf" argument if needed. The ovmf-shell-image contains an EFI shell, which is what got started here directly. After enrolling the keys, Secure Boot is active and the same image cannot be booted anymore, so the BIOS goes through the normal boot targets (including network boot, which can take a while to time out), and ends up in the internal EFI shell. Trying to invoke bootia32.efi (the shell from the image) or EnrollDefaultKeys.efi then fails: Shell> bootia32.efi Command Error Status: Security Violation The main purpose at the moment is to test that Secure Boot enforcement really works. If we had a way to sign generated images, that part could also be tested by booting in a locked down qemu instance. 0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch is from https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/0007-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch?id=b1781931894bf2057464e634beed68b1e3218c9e with one line changed to fix https://bugzilla.redhat.com/show_bug.cgi?id=132502: "EFI_STATUS Status = EFI_SUCCESS;" in EnrollListOfX509Certs() lacked the initializer. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-28runqemu: support UEFI with OVMF firmwarePatrick Ohly1
In the simplest case, "runqemu qemux86 <some-image> qcow2 ovmf" for an EFI-enabled image in the qcow2 format will locate the ovmf.qcow2 firmware file deployed by the ovmf recipe in the image deploy directory, override the graphics hardware with "-vga std" because that is all that OVMF supports, and boot with UEFI enabled. ovmf is not built by default. Either do it explicitly ("bitbake ovmf") or make it a part of the normal build ("MACHINE_ESSENTIAL_EXTRA_RDEPENDS_append = ' ovmf'"). The firmware file is activated as a flash drive instead of using the qemu BIOS parameters, because that is the recommended method (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764918#47) as it allows storing UEFI variables in the file. Instead of just "ovmf", a full path to an existing file can also be used, just as with the rootfs. That may be useful when making a permanent copy of the virtual machine data files. It is possible to specify "ovmf*" parameters more than once, then each parameter creates a separate flash drive. This way it is possible to use separate flash drives for firmware code and variables: $ runqemu qemux86 <some-image> qcow2 ovmf.code ovmf.vars" Note that rebuilding ovmf will overwrite the ovmf.vars.qcow2 file in the image deploy directory. So when the goal is to update the firmware while keeping variables, make a copy of the variable file and use that: $ mkdir my-machine $ cp tmp/deploy/images/qemux86/ovmf.vars.qcow2 my-machine/ $ runqemu qemux86 <some-image> qcow2 ovmf.code my-machine/ovmf.vars.qcow2 When Secure Boot was enabled in ovmf, one can pick that instead of the non-Secure-Boot enabled ovmf.code: $ runqemu qemux86 <some-image> qcow2 ovmf.secboot.code my-machine/ovmf.vars.qcow2 Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-28runqemu: also accept -image suffix for rootfs parameterPatrick Ohly1
The magic detection of the rootfs parameter only worked for image recipes which embedd the "image" string in the middle, as in "core-image-minimal". Sometimes it is more natural to call an image "something-image". To get such an image detected by runqemu, "-image" at the end of a parameter must also cause that parameter to be treated as the rootfs parameter. Inside the image directory, "something-image" has an -<arch> suffix and thus no change is needed for those usages of re.search('-image-'). However, while at it also enhance those string searches a bit (no need for re; any()+map() a bit closer to the intended logic). Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-28runqemu: fix undefined variable reference in check_arg_path()Patrick Ohly1
'arg' isn't defined, the right name there is 'p'. This fixes a rather obscure error message when that code path ends up being taken: $ runqemu some/existing-file-name runqemu - ERROR - name 'arg' is not defined runqemu - ERROR - Try 'runqemu help' on how to use it Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-28ovmf_git.bb: enable Secure BootPatrick Ohly1
When enabled via PACCKAGECONFIG = "secureboot" (off by default because of the extra work and license change), the recipe compiles OVMF twice, once without Secure Boot, once with. This is the same approach as in https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec The results are "ovmf.qcow2" and "ovmf.secboot.qcow2" in the image deploy directory, so runqemu <machine> <image> ovmf.secboot will boot with Secure Boot enabled. ovmf.secboot.code.qcow2 is provided for those who want separate code and variable flash drives. The normal ovmf.vars.qcow2 can be used with it. In contrast to Fedora, no attempt is made to strip potentially patent encumbered algorithms out of the OpenSSL archive. OVMF does not use the ones considered problematic for Fedora, so this shouldn't be a problem. Fixes: luv-yocto/#38 Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-28ovmf_git.bb: enable parallel compilationPatrick Ohly1
The Fedora srpm [1] seems to have no problems with parallel compilation, so let's also use that for the target. The native tools however indeed have dependency problems: | test_Ecc_CParser (CheckPythonSyntax.Tests) ... gcc -o ../bin/EfiRom -L/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/usr/lib -L/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/lib -Wl,-rpath-link,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath-link,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/lib -Wl,-rpath,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/usr/lib -Wl,-rpath,/fast/build/ostro/x86/tmp-glibc/sysroots/x86_64-linux/lib -Wl,-O1 EfiRom.o -L../libs -lCommon | /usr/bin/ld: cannot find -lCommon | collect2: error: ld returned 1 exit status ERROR: Task (virtual:native:.../meta/recipes-core/ovmf/ovmf_git.bb:do_compile) failed with exit code '1' [1] https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-28ovmf: deploy firmware in image directoryPatrick Ohly1
When used with '-drive if=pflash', qemu will store UEFI variables inside the firmware image file. That is unexpected for a file located in the sysroot, which should be read-only, while it is normal for image files in the deploy/images directory. Therefore that directory is a better place for use with runqemu. The name was chose so that "runqemu ovmf" can be used as shorthand for "runqemu <full path>/ovmf.qcow2" by treating "ovmf" as the base name of the firmware file. "ovmf.secboot.qcow2" is meant to be used for the Secure Boot enabled firmware. qcow2 is used because it is needed for "savevm" snapshots of a virtual machine. With code and variables stored in the same ovmf.qcow2 it is not possible to update the firmware code without also overwriting the variables. For users who care about persistent variables, the code and variables are also provided as separate files, in ovmf.code.qcow2 and ovmf.vars.qcow2. The traditional usage of OVMF via the qemu bios parameter ("biosdir" and/or "biosfilename" in runqemu) is no longer recommended, and therefore this recipe no longer provides the bios.bin file. Instead, OVMF is meant to be used as flash drive in qemu. See the "runqemu: support UEFI with OVMF firmware" patch for details on how to use OVMF that way. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-28ovmf: explicitly depend on nasm-nativePatrick Ohly1
Fixes a build issue when nasm was not build already because of something else. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-28ovmf: move from meta-luv to OE-coremeta-luv5
This is an unmodified copy of github.com/01org/luv-yocto/meta-luv/recipes-core/ovmf revision 4be4329. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-28acpica: fix compilation with muslPatrick Ohly2
Manipulating stderr after freopen() fails as done by upstream does not work with musl. The replacement is Unix specific and uses open()/dup2(). Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23acpica: work around flex 2.6.2 code generation issuePatrick Ohly2
Without this patch, linking fails with a missing implementation of yy_scan_string. This looks like a regression in flex, because 2.6.0 generated different code that called PrParser_scan_string resp. DtParser_scan_string. Working around that in acpica until this is better understood or fixed in flex is the easiest solution for now. Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-23acpica: move from meta-oe to OE-coreFathi Boudra5
qemu support for UEFI in OE-core depends on OVMF, which needs the iasl tools provided by this recipe. There's also an iasl recipe in meta-luv, but than can and will be replaced by this one, thus reducing overall maintenance work. Copied from meta-openembedded rev fa65be9ba (current master). Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-23qemu: support virtual TPMPatrick Ohly5
This enables the use of swtpm (from meta-security) as a virtual TPM in qemu. These patches extend the existing support in qemu for TPM passthrough so that a swtpm daemon can be accessed via CUSE (character device in user space). To use this: - add the meta-security layer including the swtpm enhancements for qemu - bitbake swtpm-native - create a TPM instance and initialize it with: $ mkdir -p my-machine/myvtpm0 $ tmp-glibc/sysroots/x86_64-linux/usr/bin/swtpm_setup_oe.sh --tpm-state my-machine/myvtpm0 --createek Starting vTPM manufacturing as root:root @ Fri 20 Jan 2017 08:56:18 AM CET TPM is listening on TCP port 52167. Successfully created EK. Successfully authored TPM state. Ending vTPM manufacturing @ Fri 20 Jan 2017 08:56:19 AM CET - run swtpm *before each runqemu invocation* (it shuts down after use) and do it as root (required to set up the /dev/vtpm0 CUSE device): $ sudo sh -c 'PATH=`pwd`/tmp-glibc/sysroots/x86_64-linux/usr/bin/:`pwd`/tmp-glibc/sysroots/x86_64-linux/usr/sbin/:$PATH; export TPM_PATH=`pwd`/my-machine/myvtpm0; swtpm_cuse -n vtpm0' && sudo chmod a+rw /dev/vtpm0 - run qemu: $ runqemu 'qemuparams=-tpmdev cuse-tpm,id=tpm0,path=/dev/vtpm0 -device tpm-tis,tpmdev=tpm0' ... The guest kernel has to have TPM support enabled, which can be done with: KERNEL_FEATURES_append = " features/tpm/tpm.scc" Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
2017-02-23libva: Find the correct wayland-scannerJussi Kukkonen3
* Add a patch to make sure wayland-scanner from native sysroot is used * Depend on wayland-native to get the scanner into the sysroot * Add a patch to make sure the scanner really is used Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23selftest/eSDK.py: Cleanup when there is an error in setUpClassMariano Lopez1
Lately autobuilders are experiencing hangs with selftest, it seems it is cause if an error happens in setUpClass method of oeSDKExtSelfTest class because HTTP server keeps running in background. This patch will ensure tearDownClass will be run if there is an error in setUpClass. Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23iptables: upgrade to 1.6.1Maxin B. John3
1.6.0 -> 1.6.1 Refreshed the following patches: a) 0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b) 0002-configure.ac-only-check-conntrack-when-libnfnetlink-enabled.patch Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23ffmpeg: Fix the license descriptionAndreas Oberritter1
FFmpeg has complicated licensing options, so it should also have complicated license statements in its recipe. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23linux-firmware: Add Marvell sd88xx WiFi firmwaresStefan Agner1
Add packages for Marvells sd88xx SDIO WiFi firmwares. Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23libarchive: Backport upstream fixes.Amarnath Valluri3
These set of patches backported from upstream, which fixes the issues in extracting hardlinks over softlinks while etracting packages by opkg. Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23ncurses: 6.0+20160625 -> 6.0+20161126Hongxu Jia2
Add a patch to fix the CC/CFLAGS mangling that broke builds. [RB] Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23dbus: do not use systemctl from host for configureAndy Kling1
configure.ac from dbus uses $PATH to get the location of systemctl. If it is not found /usr/bin/systemctl is used. It is possible to override the location by passing SYSTEMCTL=[value] to configure. The value is used to replace @SYSTEMCTL@ in systemd-user/dbus.socket.in. dbus.socket sets the environment variable DBUS_SESSION_BUS_ADDRESS using systemctl. dbus does not depend on systemd-systemctl-native, so location from host installation or the default value gets used. Adding systemd-systemctl to the build would give path from sysroot. Forcing SYSTEMCTL=${base_bindir}/systemctl for target gives the correct path there and the environment variable is set after a user session was opened. [YOCTO #11002] Signed-off-by: Andy Kling <andreas.kling@peiker-cee.de> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23alsa-lib: merge alsa-conf-base into alsa-confTanu Kaskinen1
As far as I can see, there's no benefit in having separate alsa-conf and alsa-conf-base packages. libasound depended on both, so it was not really possible to only install alsa-conf-base. Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23alsa-lib: fix softfloat enablingTanu Kaskinen2
EXTRA_OECONF = "--disable-python" overrode the previous EXTRA_OECONF assignment, so softfloat didn't get enabled when needed. Fixed this by replacing "=" with "+=". Bitbake then complained about tabs in alsa-fpu.inc, changed them to spaces. Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23alsa-lib: 1.1.2 -> 1.1.3Tanu Kaskinen2
Changelog: http://alsa-project.org/main/index.php/Changes_v1.1.2_v1.1.3 Added a patch to fix a build failure with musl (cherry-picked from upstream). The new release doesn't any more install the smixer modules when Python support is disabled. The modules weren't usable without Python support before either, so this change does not constitute a loss of functionality [1]. alsa-lib-dev has automatic dependencies on alsa-lib and libasound, but since the smixer modules were the only thing in the alsa-lib package, the alsa-lib package doesn't get generated any more. alsa-lib-dev still has an automatic dependency on alsa-lib, however, so I had to override the RDEPENDS of alsa-lib-dev to only include libasound. [1] http://mailman.alsa-project.org/pipermail/alsa-devel/2016-November/114682.html Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23lsb: lsb_release script incompatible with busybox head and findAthanasios Oikonomou2
Busybox implementation only supports head -1 option if ENABLE_INCLUDE_SUSv2 or ENABLE_FEATURE_FANCY_HEAD configuration options are enabled. Also the -and option for find is only supported if ENABLE_DESKTOP configuration option is enabled. These configuration options are not enabled in several builds, which is why this patch is needed. [YOCTO #11041] Signed-off-by: Athanasios Oikonomou <athoik@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23ccache: Switch to downloading xz tarballMike Crowe2
ccache tarballs have been available in tar.xz format since at least v3.1.1. The v3.3.4 tarball is about 30% smaller so we might as well switch to it. Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23ccache: Upgrade to v3.3.4Mike Crowe2
Only the copyright year has been updated in LICENSE.txt. The license text itself has not changed. This version fixes a bug with dependency output that could cause problems when compiling kernels for different MACHINEs using a shared ccache. See https://github.com/ccache/ccache/issues/158 Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23security_flags.inc: let gettext be secureRobert Yang1
It has been fixed. [YOCTO #9544] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23gettext: fix formatting issuesRobert Yang2
Fixed when compile with "-Wformat -Wformat-security -Werror=format-security": | gettext-tools/gnulib-lib/libcroco/cr-statement.c: In function 'cr_statement_dump_charset': | gettext-tools/gnulib-lib/libcroco/cr-statement.c:2661:17: error: format not a string literal and no format arguments [-Werror=format-security] | fprintf (a_fp, str) ; And: gettext-tools/gnulib-lib/libxml/timsort.h:326:80: warning: format '%lu' expects argument of type 'long unsigned int', but argument 3 has type 'unsigned int' [-Wformat=] fprintf(stderr, "Error allocating temporary storage for tim sort: need %lu bytes", sizeof(SORT_TYPE) * new_size); [YOCTO #9544] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23eudev: Upgrade to 3.2.1Alejandro Hernandez1
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23eudev: set downloadfilenameRobert Yang1
Otherwise, the filename is v${PV}.tar.gz which isn't straightforward. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23pigz: set downloadfilenameRobert Yang1
Otherwise, the filename is v${PV}.tar.gz which isn't straightforward. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23unifdef: add UPSTREAM_CHECK_REGEX to filter out development snapshotsRoss Burton1
Upstream is releasing development snapshots of the form unifdef-2.11.23.1cca442.tar.gz so filter out versions which end is something that looks like a git SHA. Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23gstreamer1.0-vaapi: inherit upstream-version-is-evenRoss Burton1
These plugins follow the GStreamer versioning, so inherit this class to ensure we don't get notified about development releases. Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23btrfs-tools: only target requires udevRobert Yang1
The native doesn't have to depend on udev, fixed: $ bitbake btrfs-tools-native ERROR: Nothing PROVIDES 'udev-native' (but virtual:native:btrfs-tools_4.8.5.bb DEPENDS on or otherwise requires it). Close matches: [snip] Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23btrfs-tools: don't run autogen.shRoss Burton1
Instead of running autogen.sh (which runs autoconf et al) before running autoreconf (which runs autoreconf et al...) just do the one task that we need from autogen.sh: copying install-sh from automake's libdir. Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-02-23qemu-native: Point python to python2 on build hostKhem Raj1
On buildhosts where default python has switched to using python3 qemu-native fails configure like this | ERROR: Cannot use 'python', Python 2.6 or later is required. | Note that Python 3 or later is not yet supported. | Use --python=/path/to/python to specify a supported Python. | we still expect build host to have python2 pre-installed and is always available. (From OE-Core rev: 2cac9544752775262fa87517ed49fcac2fb3a574) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23swig: upgrade to 3.0.12Edwin Plauchu1
Minimal update for swig (From OE-Core rev: 17955d9b8f1368b875615d24ae0d4c2aa099afd9) Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23libarchive: fix bzip2 dependency for native buildPatrick Ohly1
When DEPENDS=bzip2 becomes bzip2-native in libarchive-native, the dependency ends up getting ignored because bzip2-native is in ASSUME_PROVIDED. But we need the library and thus have to depend on bzip2-replacement-native, otherwise the build proceeds without it despite the explicit --with-bz2lib. (From OE-Core rev: 7ae1c93ab6df46dc88b0ffaa52778738849ff38d) Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23util-linux: upgrade to 2.29.1Chen Qi1
(From OE-Core rev: b34dc23266e85006b9fdfcc1fdbc0d762f88cace) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23sysstat: upgrade to 11.5.4Chen Qi1
(From OE-Core rev: d6d3346a2e465c1fc0e8e0896d8c6e7e1c49ee32) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23cups: upgrade to 2.2.2Chen Qi2
(From OE-Core rev: 18033505a540a05d52cf98781f763215925e72a6) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23gcc: Fix CVE-2016-6131 in libibertyYuanjie Huang4
[NVD] -- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6131 The demangler in GNU Libiberty allows remote attackers to cause a denial of service (infinite loop, stack overflow, and crash) via a cycle in the references of remembered mangled types. [BZ #71696] -- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696 2016-08-04 Marcel Böhme <boehme.marcel@gmail.com> PR c++/71696 * cplus-dem.c: Prevent infinite recursion when there is a cycle in the referencing of remembered mangled types. (work_stuff): New stack to keep track of the remembered mangled types that are currently being processed. (push_processed_type): New method to push currently processed remembered type onto the stack. (pop_processed_type): New method to pop currently processed remembered type from the stack. (work_stuff_copy_to_from): Copy values of new variables. (delete_non_B_K_work_stuff): Free stack memory. (demangle_args): Push/Pop currently processed remembered type. (do_type): Do not demangle a cyclic reference and push/pop referenced remembered type. cherry-picked from commit of git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@239143 138bc75d-0d04-0410-961f-82ee72b054a4 (From OE-Core rev: 3c288b181a4cfecc80b48994f4dd2df285e4d1d0) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23tcl: fix sed in do_install()Robert Yang1
The command: sed -i "s+${WORKDIR}+${STAGING_INCDIR}+g" tclConfig.sh was used for replacing "${WORKDIR}", but it also replaced "-L${WORKDIR}", but binconfig.bbclass would replace "-L${WORKDIR}", too, which caused incorrect result, use "'${WORKDIR}" to fix the problem. (From OE-Core rev: 2edfcbf0291c0d39be4a37348696329eba8a41f8) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23gawk/json-glib/libcheck: extend to nativesdkRobert Yang3
They are required by nativesdk-cve-check-tool. (From OE-Core rev: 7252c6f1b4b9a63e3bac79c6eba1b66ab85e21b9) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23tcl: extend to nativesdkRobert Yang1
Fixed: $ bitbake nativesdk-expect ERROR: Nothing PROVIDES 'nativesdk-tcl' (but virtual:nativesdk:expect_5.45.bb DEPENDS on or otherwise requires it). Close matches: [snip] (From OE-Core rev: 5c950c509edcc50d39a1f426579b354d97178ff2) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23python-native: PROVIDES python-io-nativeRobert Yang1
python-six-native depends on it. (From OE-Core rev: 475585ed84bf8dac339f97f811582bf782972930) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23kexec-tools/kdump: Correct typo in comment "crashkenrel="Robert P. J. Day1
(From OE-Core rev: 0027c8078fc3d98c7ecaab03d4e637b1fa07778e) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23docbook-xml: correct typo "do_configre"Robert P. J. Day1
(From OE-Core rev: 56cdb1358f4560fce4d8fcd04d754051a4ac6250) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-02-23cmake: Update to 3.7.2.Philip Balister3
Tested by building gnuradio stack. (From OE-Core rev: d3e5a6d38870ecede87812cb81c0b5630bd3b3ff) Signed-off-by: Philip Balister <philip@balister.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>