Age | Commit message (Collapse) | Author | Files |
|
Addresses CVE-2015-8704 and CVE-2015-8705
CVE-2015-8704
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record
CVE-2015-8705:
When debug loggin is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option
[YOCTO 8966]
References:
https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If the local fetcher is used then files are not actually fetched into DL_DIR, so
check if this happened and if required add a symlink to the real file.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When uninative was changed to use it's own sysroot the path to patchelf lost
${bindir_native}, so add it back.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The uninative sysroot is in ${STAGING_DIR}-uninative so delete that alongwith
$STAGING_DIR.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add a new Python module (oe.gpg_sign) for handling GPG signing
operations, i.e. currently package and package feed signing. The purpose
is to be able to more easily support various signing backends and to be
able to centralise signing functionality into one place (e.g. package
signing and sstate signing). Currently, only local signing with gpg is
implemented.
[YOCTO #8755]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
https://git.busybox.net/busybox/commit/?h=1_24_stable&id=be729c1d3b5c923f10871dd68ea94156d0f8c803
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
liboil was replaced by Orc prior to the gst-plugins-base 0.10.30 release:
http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=8e4314f0fbfa4957f8e84d46824d10178b106fe6
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Both e2fsprogs and util-linux can build blkid, but we want to always use
util-linux's for consistency.
(blkid was enabled again in a1f235)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Legacy workaround dating back to 2007, no longer required.
http://git.openembedded.org/openembedded-core/commit/?id=975809901d32756a1abb03d23a459ab0c6eadc17
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When you need to set EXTRA_OECONF for a recipe, you need to know what
options the configure script actually supports; the configure script
however is only accessible from within a devshell and (at least in the
case of autotooled software fetched from an SCM repository) may not
actually exist until do_configure has run. Thus, provide a "devtool
configure-help" subcommand that runs the configure script for a recipe
with --help and shows you the output through a pager (e.g. less),
prefaced by a header describing the current options being specified.
There is basic support for autotools, cmake and bare configure scripts.
The cmake support is a little hacky since cmake doesn't really have a
concise help option that lists user-defined knobs (without actually
running through the configure process), however that being a design
feature of cmake there's not much I can think of to do about that at
the moment.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When we run the tasks required to extract the source for a recipe (e.g.
within "devtool modify" or "devtool extract") if one of those tasks
fails you get a bb.build.FuncFailed exception; handle this properly so
you don't see a traceback.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If a recipe generated by "devtool add" has been modified since then when
you run "devtool reset", it will be moved into the "attic" subdirectory
of the workspace in case those modifications need to be preserved. It
seems natural that if those modifications were worth preserving we
should warn the user if such a file exists when they run "devtool add"
to create the same recipe again, so they can pick up where they left off
if they want to.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Provide an option to devtool build-image to specify the list of packages
instead of taking the list of packages produced by recipes in the
workspace. Sometimes you don't want all of these packages; other times
you want to add more.
This is the most immediate fix for [YOCTO #8855], though it is a little
crude so I would like to provide better means of customising the image
contents later.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
standard.py is getting a bit large; move the "utility" commands to
another module.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Similarly to "-", "." doesn't work well in task names but is used in
some real world image classes. Work around this with some replacements
for now to unbreak layers.
(Issues don't show themselves until runtime, e.g. with --dry-run)
Tested-By: Otavio Salvador <otavio.salvador@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When a read-only rootfs is being used sshd uses a different sshd_config file,
which also needs to be editted.
[ YOCTO #8680 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If we don't do this, the deploy sstate object contains an every
increasing number of modules tarballs and kernel images, one per
execution of "-c deploy -f".
Cleaning the directory before we start makes things much tidier.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The cross-canadian compiler needs the nativesdk compiler to build
but for some reason this was missing. Add the missing dependency.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
xz-native is needed to decompress the sources but DEPENDS isn't correct
for this, its needed at do_unpack time. base.bbclass already handles
this correctly so drop the unneeded dependency.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
xz-native is needed to decompress the sources but DEPENDS isn't correct
for this, its needed at do_unpack time. base.bbclass already handles
this correctly so drop the unneeded dependency.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit 5c69c561a76cb10d7896ae0a0399190f11b2e0ca.
The change was incomplete, not handling cases such as the fetcher
using xz, or linux-yocto, dpkg or apt or the lzma image type.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
2.0.25 -> 2.0.26
a) Fixed an out of tree build error with musl
b) Updated HOMEPAGE and BUGTRACKER info
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add simple initial eSDK test. Currently, only download size and
installation time of eSDK is measured. The eSDK to be tested is
generated from the same image that the other tests are run for. This
patch will add two new fields to the global results log and that needs
to be taken into account when examining the results.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make it possible to time also other than bitbake commands. The name of
the log file is changed from bitbake.log to commands.log.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LIC_FILES_CHKSUM changed, but LICESE still applies, dates changed
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The old entropywave.com URL no longer responds.
Also remove unnecessary 'name=orc' from SRC_URI.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The workaround was originally added to the 0.10.x gst-plugins recipes
in late 2012 [1] and the root cause seems to have been fixed upstream
in late 2013 [2] (ie prior to the 1.4.0 release).
[1] http://lists.openembedded.org/pipermail/openembedded-core/2012-November/071149.html
[2] https://bugzilla.gnome.org/show_bug.cgi?id=705455
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
in config metadata we can configure busybox based init and device
initializer ( mdev ) using e.g.
VIRTUAL-RUNTIME_dev_manager = "busybox-mdev"
VIRTUAL-RUNTIME_login_manager = "busybox"
VIRTUAL-RUNTIME_init_manager = "busybox"
VIRTUAL-RUNTIME_initscripts = "initscripts"
VIRTUAL-RUNTIME_keymaps = "keymaps"
DISTRO_FEATURES_BACKFILL_CONSIDERED += "sysvinit"
busybox can be used to provide init system
combined with mdev it makes it a complete init
system for really tiny systems.
This patch uses above defines to configure features in busybox to enable
the init system and mdev in a configurable manner
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Pulseaudio dropped its dependency on liboil in 2009.
http://cgit.freedesktop.org/pulseaudio/pulseaudio/commit/?id=25724cdd40283a00e6edd9449d0f3cf16823b41b
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By default, the sqlite3 command-line utility will be statically linked
with sqlite3. For OE, dynamic linking is probably more appropriate and
can be enabled by configuring with "--disable-static-shell".
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reformatting only, no functional changes.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These exports date back to 2007, when sqlite needed patching
in order to cross compile:
http://git.openembedded.org/openembedded-core/commit/?id=4ffe8f6b1ff640722880cf2cd88990956de87e30
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make it clearer that readline support for the target build is now
disabled by default.
Since readline dependencies and configure options are now handled by
PACKAGECONFIG, avoid duplicating readline in DEPENDS or duplicating
--disable-readline in EXTRA_OECONF.
Also add --disable-editline to EXTRA_OECONF to avoid a potential
floating dependency, since the configure script checks for libedit
before it checks for libreadline.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The previous parallel.patch broke dynamically linking sqlite3 with
libsqlite3.so (ie using the --disable-static-shell configure option).
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Weston needs wayland-scanner which comes from wayland-native. Add the missing
dependency to avoid build failures from:
bitbake wayland; bitbake wayland-native:do_clean weston:do_cleansstate; bitbake weston
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently this code installs into the standard sysroot, however this causes
some conflicts when linking since the linker can look specifically for
versioned .so files (e.g. like libpthreads.so.0). This breaks builds
of util-linux-native for example.
The easiest solution is to install uninative into its own separate sysroot.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
do_stage was obsoleted years ago, drop the test now.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
xz is slow at compressing the SDKs, we can speed it up by using the
parallel compressor, pixz.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
OE-Core rev: f2b64f725803ad8be7c2876c531e057a4fe5ca7c (poky
1362986886cc96c8cc11fb60795f729b41770414) unintentionally broke opkg/dpkg
multilib support within the SDK by making things not honour
self.install_order. This reinstates that code for opkg/dpkg but
not rpm where the original problem was.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Originally, the idea was that the init environment would handle
fetching or providing the binary shim that uninative needs.
This turns out to be ugly, especially when you consider proxy
environments and so on getting involved. Instead, lets therefore
support our fetcher which already handles all this.
The distro is expected to setup configuration like:
UNINATIVE_URL ?= "http://mydomain/mypath/"
UNINATIVE_CHECKSUM[i586] =
"md5sum1"
UNINATIVE_CHECKSUM[x86_64] = "md5sum2"
and then it should all work if the user inherits the uninative class.
This patch also improves the error handling in the class to give more
user readable error messages.
If the shim binary is already provided, the system will just use that
and ignore the url information.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
xz gives better compression results than bzip/gz but is often slower.
Using parallel compression mitigates this somewhat and is particularly
useful for the SDK.
Whilst xz does have some parallel support, pixz appears to perform better
and supports parallel decompression as well as a simpler command line.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
At some point we may want to add xz-native to ASSUME_PROVIDED. This
allows that to work whilst still allowing access to liblzma for
those things which need it (e.g. pixz).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This prevents an error in do_populate_sdk when building
buildtools-tarball with ipk as the package manager:
Exception: UnboundLocalError: local variable 'pkg' referenced
before assignment
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
I was a little bit hasty in OE-Core revision
c2cc5abe34169eae92067d97ce1e747e7c1413f5 - it turns out BitBake's
fetcher code is not consistent in whether it logs something useful or
not; when fetching from an http URL it does but with a git repository
it doesn't. In advance of any major reworking of fetch error handling in
BitBake, let's just print the text of the exception and then we know we
have shown something to the user.
Additionally, we were only catching FetchException here but there are
several other classes of exception that the fetcher can raise (e.g.
MalformedUrl); catch the parent BBFetchException class instead so we
avoid tracebacks for those other classes as well.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the URL ends in a / then we want to strip that off the path we split
out of the URL before calling os.path.basename() on it.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If you specify a local directory which happens to be a git repository
with an origin remote (and it is in fact remote), we can use that for
SRC_URI rather than leaving it blank in the recipe.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
source
Sometimes you don't want to build an entire project, just a subdirectory
of it; add a --src-subdir option to make that easier. (We still look for
a single subdirectory in what gets unpacked, e.g. what you might find
within a tarball, so whatever you specify with this option is added onto
the end of that.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|