| Age | Commit message (Collapse) | Author | Files |
|---|
|
(From OE-Core rev: 2f8940e8b2a0537f131a6d5410e85bba07a8c116)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.
(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528
(From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted
certificate.<a href=http://cwe.mitre.org/data/definitions/297.html
target=_blank>CWE-297: Improper Validation of Certificate with Host
Mismatch</a>
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522
(From OE-Core rev: 06a33cd00ea11abec1ebe9d5883e44778075ccc6)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #6951]
The TOOLCHAIN_CONFIGSITE_SYSROOTCACHE value was defaulting to the nativesdk
path and not the associated target path. Set the value in toolchain-scripts
to the target path.
Be sure to set the MLPREFIX within the meta-environment script as multilibs
are processed.
Update the config_site file name to use -BPN- not PN. Otherwise the
environment processing can't find the correct filename.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If INCOMPATIBLE_LICENSE=GPLv3, GPLv3+ should be excluded
as well but not now since there is no SPDXLICENSEMAP for
licenses named with 'X+', we can add all the SPDXLICENSEMAP
settings for licenses named with 'X+' in licenses.conf,
but it's more like a duplication, so improve the canonical_license
function to auto map for 'X+' if SPDXLICENSEMAP for 'X' is
available, so GPLv3+ becomes GPL-3.0+.
(From OE-Core rev: 1d6dab1dbbbfbcb32e58dba3111130157ef2b24f)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch adds a flexible way to configure the CMake in SDKs. It adds
a toolchain configuration script which supports subscripts for
extensions, as for example Qt5.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
systemd avoids using nss lookups for the root user, so
naturally it assumes that root's home directory is /root.
In OE that's not the case, and it can lead to long delays when
shutting down due to user shutdown unit failures.
Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2
allows remote attackers to have an unspecified impact via crafted H.264
data, related to an SPS and slice mismatch and an out-of-bounds array
access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0869
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to
cause a denial of service (crash) via vectors related to alternating bit
depths in H.264 data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4358
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When build fs with mtools-3.9.9, has file /usr/bin/lz in rootfs,
it is the symlink to uz:
root@qemu3:~# /usr/bin/lz
-sh: /usr/bin/lz: No such file or directory
$root@qemu3:~# ls -l /usr/bin/lz
lrwxrwxrwx 1 root root 2 Jul 18 18:07 /usr/bin/lz -> uz
root@qemu3:~# uz
-sh: uz: command not found
But the uz isn't actually exist, so the result is that lz is a
broken symlink.
The root cause is that uz hasn't been installed when install-scripts.
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
|
|
If build gnupg 1.4.7 after libusb-compat, it shows warning:
WARNING: QA Issue: gnupg rdepends on libusb-compat, but it isn't a build dependency? [build-deps]
Add package config libusb to fix it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3
allows local users to create or overwrite arbitrary files via a symlink
attack on a /var/tmp/rltrace.[PID] file.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2524
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
|
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x
and possibly other products, allows local users to obtain private RSA
keys via a cache side-channel attack involving the L3 cache, aka
Flush+Reload.
Patch from commit e2202ff2b704623efc6277fb5256e4e15bac5676 in
git://git.gnupg.org/libgcrypt.git
Signed-off-by: Yong Zhang <yong.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
|
Commit e9672387 split one long line into a multi-line string, but in
the process white space between words was lost. This results in badly
formatted output when this message is printed.
Signed-off-by: Peter Urbanec <openembedded-devel@urbanec.net>
|
|
For some recipes that inhrient cmake, the ${B} may be removed by
cmake_do_configure() while sstate_hardcode_path() running, this
causes build errors:
Exception: OSError: [Errno 2] No such file or directory: \
'/path/to/build'
The function sstate_hardcode_path() called command:
$SSTATE_SCAN_CMD which extended as "find ${SSTATE_BUILDDIR} ..."
So the proper function dirs could be ${SSTATE_BUILDDIR}.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
"file" command in exported SDK doesn't work:
...
$ file sysroots/
file: could not find any valid magic files!
...
In oe-core commit 68d548cbae729eaea8ce1403dc95ff63c4a7375c,
it added wrapper to file-native. Do the same thing for
nativesdk-file.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Tell systemd just to kill the sshd process when the ssh connection drops
instead of the entire cgroup for sshd, so that any screen sessions (and
more to the point, processes within them) do not get killed.
(This is what the Fedora sshd service file does, and what we're already
doing in the dropbear service file).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If DISTRO_FEATURES contains "largefile", force the size of off_t to 8 as
a workaround for having ac_cv_sizeof_off_t=4 on 32-bit systems. In
future we will likely drop the value from the site file, but for now
this is a slightly safer fix.
Fixes [YOCTO #6813].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
While syslinux not existed in $bootimg_dir, there was a error:
$ wic create directdisk -e core-image-minimal
...
|Creating image(s)...
|Error: exec_cmd: install -m 444 /home/jiahongxu/yocto/
build-20141010-yocto/tmp/deploy/images/qemux86-64/syslinux/
ldlinux.sys /var/tmp/wic/build/hdd/boot/ldlinux.sys
returned '1' instead of 0
...
Add checking for the existance of syslinux to fix this issue.
If syslinux didn't exist in anywhere, prompt user to build it.
[YOCTO #6826]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixes gcc bug 6144, which in my case exhibited itself as a kernel
module that failed to load. This was because static platform_data
structures were being corrupted with the optimiser being set to any
value other than -O0.
Originally-submitted-by: Peter Urbanec <openembedded-devel@urbanec.net>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Trying to upgrade busybox removing symlinks but update-alternatives
need these links (sed, cut, tail, etc) in order to work.
Adding test to avoid this scripts on upgrade fix the problem, same
solution are found in package_rpm class.
[YOCTO #6768]
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Without these changes mesa_git.bb can't be enabled as the
PREFERRED_VERSION due to build breakage.
Signed-off-by: Randy Witt <randy.e.witt@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
dictionary
shlib2 code puts the information about path where a provider
will be found. e.g.
{'/usr/lib/llvm3.3': ('libllvm3.3-llvm-3.3', '3.3')}
This is obtained from new shlib2 pkgdata from
llvm3.3/3.3-r0/pkgdata/shlibs2/libllvm3.3-llvm-3.3.list
However when we search for NEEDED libraries we ignore the
key above which is the path where the provider library is installed
and instead just seach in libdir and base_libdir and hence
libraries which are not in above standard search paths gets
ignored even if they appear in DT_NEEDED sections
and a note is emitted
NOTE: Couldn't find shared library provider for libLLVM-3.3.so, used by
files: ....
IMO this note should actually become an error since if we do
not have all DT_NEEDED libraries in image the system is dysfunctional.
This patch extracts this libpath from key and add it to seach paths
when looing for a provider of a shared library
[YOCTO #6798]
Change-Id: Ie5f08632e37ba8d3439c8aaae33bc68b8996792f
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed ncurses.do_configure:
configure: WARNING: did not find library /path/to/tmp/sysroots/qemuarm/usr/lib/pkgconfig
And then anyone requires ncurses.pc will fail.
The configure.in checks:
[snip]
if test -n "$PKG_CONFIG_LIBDIR" && test -d "$PKG_CONFIG_LIBDIR" ; then
[snip]
Create PKG_CONFIG_LIBDIR in do_configure will fix the problem.
We can reproduce the problem by:
Set SSTATE_DIR=/path/to/sstate-cache
1) In build1, make sure everything is ready in SSTATE_DIR
$ bitbake ncurses
2) In build2, rebuild ncurses only:
$ bitbake ncurses -ccleansstate && bitbake ncurses
Then we will see the warning in log.do_configure.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The s_sin.c patch undoes some code changes in glibc itself, these changes have nothing to
do with the option groups and I suspect crept in as part of the initial conversion. Undoing
this patch also fixes a test failure in test-double and test-idouble.
[YOCTO #6808]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In a similar way to the previous script which adds support for native
environment scripts, this adds support for target environment scripts
too.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bitbake meta-toolchain
ls tmp/deploy/sdk/poky-glibc-x86_64-meta-toolchain-i586-toolchain-1.7.manifest -al
...
|-rw-rw-r-- 1 root root 0 Oct 10 15:05 tmp/deploy/sdk/poky-glibc-x86_64-
meta-toolchain-i586-toolchain-1.7.manifest
...
The manifest is empty, the reason is target's ipk config path is
d.getVar('IPKGCONF_TARGET') rather than d.getVar('IPKGCONF_Target')
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed when rebuild:
make: *** No rule to make target `/path/to/old//sysroots/qemux86-64/usr/lib/dbus-1.0/include/dbus/dbus-arch-deps.h', needed by `dbus/dbus_old.o'. Stop.
The .d files save the path of the dependencies files which may not exist
when rebuild, we can remove them to make the rebuild work.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed when MACHINE = qemux86-64 and libdir = /usr/lib64:
mv: cannot stat `/path/to/image/usr/lib64/perl-native/perl': No such file or directory
The perl-native files are always installed to /usr/lib on both 32/64
bits targets.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Fixed:
MACHINE = "qemux86-64"
VIRTUAL-RUNTIME_init_manager = " systemd "
DISTRO_FEATURES_append = " systemd"
DISTRO_FEATURES_BACKFILL_CONSIDERED += " sysvinit "
require conf/multilib.conf
MULTILIBS = "multilib:lib32"
DEFAULTTUNE_virtclass-multilib-lib32 = "x86"
$ bitbake avahi avahi-ui
ERROR: QA Issue: avahi-ui: Files/directories were installed but not shipped
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/avahi-daemon.socket
/lib/systemd/system/avahi-dnsconfd.service
/lib/systemd/system/avahi-daemon.service [installed-vs-shipped]
ERROR: The recipe avahi-ui is trying to install files into a sharedarea when those files already exist. Those files and their manifestlocation are:
/path/to/sysroots/qemux86-64/lib/systemd/system/avahi-daemon.socket
Matched in manifest-qemux86-64-avahi.populate_sysroot
/path/to/sysroots/qemux86-64/lib/systemd/system/avahi-dnsconfd.service
Matched in manifest-qemux86-64-avahi.populate_sysroot
/path/to/sysroots/qemux86-64/lib/systemd/system/avahi-daemon.service
Matched in manifest-qemux86-64-avahi.populate_sysroot
Please verify which recipe should provide theabove files.
And remove the duplicated line:
rm ${D}${base_libdir} -rf
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Fixed error when systemd is in DISTRO_FEATURES:
ERROR: The recipe systemd is trying to install files into a sharedarea when those files already exist. Those files and their manifestlocation are:
/path/to/sysroots/qemux86/usr/lib/libnss_myhostname.so.2
Matched in manifest-qemux86-nss-myhostname.populate_sysroot
Please verify which recipe should provide theabove files.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Instead of setting 'Restart=always' in the service file, we should
make the service socket activated, just like what Fedora does.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
The too long line would cause "git send-email" report errors:
patch contains a line longer than 998 characters
Though we can use "--no-validate" to force the send.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
The code:
bb.fatal("foo1")
bb.fatal("foo2")
Would make the second one not work, use bb.error for first one to fix
the problem.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The '-l' option which is valid for GNU make (--> limit by load) has a
different meaning in bjam (--> limit maximum execution time) and will
break very likely the build.
Keep only the the '-l' option when passing PARALLEL_MAKE options to
bjam.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
|
|
systemd expects fsck programs to be located in /sbin and fails for
dosfstools with
| Checking was requested for ..., but /sbin/fsck.vfat cannot be used: No such file or directory
Other fsck programs (e.g. ext4) are located in /sbin already so move
vfat programs into this directory too.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
|
|
libffi is generally present as it's also a build dependency on glib-2.0, but
explicitly declare it for determinism.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Update the service file to more closely match the service file that has been
committed upstream.
In particular we don't want to restart neard on failure (this results in it
restarting repeatedly if no NFC hardware is found), redirecting stdout to
/dev/null means that any messages are lost instead of being sent to the journal,
and the DBus alias is required for bus activation to work correctly.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
