summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFiles
2018-03-28linux-yocto/4.12: add ssl and utils native dependenciesBruce Ashfield1
Via the -stable updates, and other configuration changes the 4.12 kernel has the same dependency on openssl headers as 4.14+. So we add the same DEPENDS line that we already have in newer kernels to avoid the following error: | HOSTCC scripts/sign-file | build/tmp/work-shared/qemux86-64/kernel-source/scripts/sign-file.c:25:30: fatal error: openssl/opensslv.h: No such file or directory | compilation terminated. | scripts/Makefile.host:107: recipe for target 'scripts/sign-file' failed | make[3]: *** [scripts/sign-file] Error 1 | make[3]: *** Waiting for unfinished jobs.... Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-28linux-yocto/4.12: update to v4.12.21Bruce Ashfield3
Integrating Paul Gortmaker's stable update to 4.12, this includes CVE fixes for meltdown and spectre: 3bb926457832 Linux 4.12.21 76781f72ce64 lguest: disable it vs. removing it. 6ab3176bb365 x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL efa97ecdf026 x86/pti: Mark constant arrays as __initconst a4d9aaf35e28 x86/spectre: Simplify spectre_v2 command line parsing 1dbde4da259a x86/retpoline: Avoid retpolines for built-in __init functions 7f3a7b69b0f7 x86/paravirt: Remove 'noreplace-paravirt' cmdline option ebeddfbee13f x86/speculation: Use Indirect Branch Prediction Barrier in context switch 7e0a7c84eb35 x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel bf0c4c3f38f6 x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" f4d4ccfdf361 x86/spectre: Report get_user mitigation for spectre_v1 12f20abacd8b nl80211: Sanitize array index in parse_txq_params 7686c72bfd9c vfs, fdtable: Prevent bounds-check bypass via speculative execution a3d62741fc9b x86/syscall: Sanitize syscall table de-references under speculation 0b99c598274c x86/get_user: Use pointer masking to limit speculation bf532304a22f x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec 04584b001618 x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} 5a64c3ccd99d x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec 9bbc24f34f03 x86: Introduce barrier_nospec b55fd06d6fe0 x86: Implement array_index_mask_nospec 79a2efa3e0f5 array_index_nospec: Sanitize speculative array de-references e9046d054bb9 Documentation: Document array_index_nospec 0078d6b103f9 x86/asm: Move 'status' from thread_struct to thread_info 46afe23798a3 x86/entry/64: Push extra regs right away 4213246ab7a8 x86/entry/64: Remove the SYSCALL64 fast path 026a59b9de37 x86/spectre: Check CONFIG_RETPOLINE in command line parser a345c5f7a1b6 x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP 999e3eca6861 x86/speculation: Simplify indirect_branch_prediction_barrier() c7acab78a24c x86/retpoline: Simplify vmexit_fill_RSB() be5c3f1101f7 x86/cpufeatures: Clean up Spectre v2 related CPUID flags 7addf309d0e0 x86/cpu/bugs: Make retpoline module warning conditional b7c17f71e9cc x86/bugs: Drop one "mitigation" from dmesg af16629cc1da x86/nospec: Fix header guards names ebfadec0c9dc x86/alternative: Print unadorned pointers 2e4bcf1ccaa9 x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support 332de1ac4373 x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes 79a2a1ba23e7 x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown d29069565618 x86/msr: Add definitions for new speculation control MSRs 114a7b0f431c x86/cpufeatures: Add AMD feature bits for Speculation Control 2d5755e9daac x86/cpufeatures: Add Intel feature bits for Speculation Control 3f5d9b428f05 x86/cpufeatures: Add CPUID_7_EDX CPUID leaf 2f1b883356ca module/retpoline: Warn about missing retpoline in module 8c935f65cf6a KVM: VMX: Make indirect call speculation safe 79c0d980e610 KVM: x86: Make indirect calls in emulator speculation safe 956ca31407ab x86/retpoline: Remove the esp/rsp thunk de8cd92003c6 x86/mm/64: Fix vmapped stack syncing on very-large-memory 4-level systems f2846896cd75 x86/microcode: Fix again accessing initrd after having been freed badb7498ab69 x86/retpoline: Optimize inline assembler for vmexit_fill_RSB 750d9c97cede x86/pti: Document fix wrong index 8d759c94307d kprobes/x86: Disable optimizing on the function jumps to indirect thunk 59a3c4dc0ab9 kprobes/x86: Blacklist indirect thunk functions for kprobes 2eef7eab7aea retpoline: Introduce start/end markers of indirect thunk a37c55916910 x86/mce: Make machine check speculation protected 3aab76cd9d88 x86/tsc: Fix erroneous TSC rate on Skylake Xeon b129f5955cd5 x86/tsc: Future-proof native_calibrate_tsc() 7639b8268579 x86/mm/pkeys: Fix fill_sig_info_pkey b19a92bb0f18 x86/cpufeature: Move processor tracing out of scattered features eb5a1177e60b x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros ed114eb7be88 x86/retpoline: Fill RSB on context switch for affected CPUs 70d519c9f97c x86/kasan: Panic if there is not enough memory to boot 01e21b5f7c9c x86/retpoline: Remove compile time warning 8ca1b5f8a9f4 x86,perf: Disable intel_bts when PTI 6f037d7eaeaa security/Kconfig: Correct the Documentation reference for PTI b8c74586d251 x86/pti: Fix !PCID and sanitize defines 8e24a4722756 selftests/x86: Add test_vsyscall c3d9420f23cf x86/retpoline: Fill return stack buffer on vmexit dd182d455654 x86/retpoline/irq32: Convert assembler indirect jumps d592a8a2c5f5 x86/retpoline/checksum32: Convert assembler indirect jumps 0f3df59f16d3 x86/retpoline/xen: Convert Xen hypercall indirect jumps c0459b479a22 x86/retpoline/ftrace: Convert ftrace assembler indirect jumps 11edfaeadbd1 x86/retpoline/entry: Convert entry assembler indirect jumps bf4c91a3b74f x86/retpoline/crypto: Convert crypto assembler indirect jumps 2b243b8623a5 x86/spectre: Add boot time option to select Spectre v2 mitigation 8ab0d792e81c x86/retpoline: Add initial retpoline support f2f4c0853dba x86/pti: Make unpoison of pgd for trusted boot work for real 7495fd5400e6 x86/alternatives: Fix optimize_nops() checking 8b932f131e26 sysfs/cpu: Fix typos in vulnerability documentation 299b4adfed2e x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC 32996f3a0a81 x86/cpu/AMD: Make LFENCE a serializing instruction 10ffc3c2b2f7 x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*() 9e1201731d4b x86/tboot: Unbreak tboot with PTI enabled 728d879e5c6b x86/cpu: Implement CPU vulnerabilites sysfs functions aeba317a23de sysfs/cpu: Add vulnerability folder 83e59b5d52bf x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] f7845c2cbd6e x86/Documentation: Add PTI description 16331e2c3b06 x86/pti: Unbreak EFI old_memmap 5723b0260415 kdump: Write the correct address of mem_section into vmcoreinfo 50d02826dfc0 mm/sparse.c: wrong allocation for mem_section d3cbfb481af2 mm/sparsemem: Fix ARM64 boot crash when CONFIG_SPARSEMEM_EXTREME=y Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-28tzdata: update to 2018dakuster@mvista.com1
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28tzcode-native: update to 2018dakuster@mvista.com1
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28ltp: add rdepend for procpsArmin Kuster1
ps: invalid option -- 'e' BusyBox v1.27.2 (2018-03-17 09:07:25 PDT) multi-call binary. Usage: ps Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28mirrors.bbclass: change Debian anonscm to salsaMikko Rapeli1
Debian anonscm service in Alioth is shutdown and thus fetching sources fails. https://wiki.debian.org/Alioth "Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information." https://wiki.debian.org/Salsa "What is Salsa? Salsa is the name of a collaborative development server for Debian based on the gitlab software. Salsa is supposed to provide the necessary tools for package maintainers, packaging teams and other Debian related individuals and groups for collaborative development. What is the status of Salsa? After various discussions about the future of Alioth, the Alioth Sprint in August 2017 gave birth to the initial setup of the the upcoming Salsa service. The productive weekend resulted in a working prototype and was launched as a beta in December 2017. It left its beta status in January 2018." Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28ca-certificates: change SRC_URI from Debian anonscm to salsaMikko Rapeli1
Debian anonscm service in Alioth is shutdown and thus fetching ca-certificates sources fails. https://wiki.debian.org/Alioth "Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information." Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28ncurses: change SRC_URI from Debian anonscm to salsaMikko Rapeli1
Debian anonscm service in Alioth is shutdown and thus fetching ncurses sources fails. https://wiki.debian.org/Alioth "Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information." Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28qemu: fix qemuarm64 intermediate kernel hang in raid6_select_algo funcVictor Kamensky1
Backport fix from qemu mainline for intermediate qemuarm64 hang issue. Root caused in OE environment, issue with aarch64 qemu logic of executing instructions that reenabe interrupts. See patch commit message for more details. Upstream-Status: Backport Signed-off-by: Victor Kamensky <kamensky@cisco.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28package.bbclass: use single quotes for path passed to file in isELF()Andre McCurdy1
Apparently there are recipes in the wild which generate files with filenames containing '$' characters - which cause errors during packaging. Instead of adding another special case to escape '$' characters when constructing the command passed to oe.utils.getstatusoutput(), switch to using single quotes to quote the path - and therefore make isELF() consistent with the way filenames and paths are quoted by every other caller of oe.utils.getstatusoutput() in oe-core. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28sanity.bbclass: quote path passed to stat in get_filesystem_id()Andre McCurdy1
Although get_filesystem_id() is a private API and never gets passed a path containing spaces or other special characters, etc, quote the path anyway for consistency. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28glibc: Replace strncpy with memccpy to fix -Wstringop-truncation.Khem Raj2
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28glibc-2.27: Update to bring in 2.27 bug fixes since releaseKhem Raj2
Here is full list of fixes https://sourceware.org/git/?p=glibc.git;a=shortlog;h=df3ff4e49d4ee3cbbdaeb0b1cb5dc2344c08be98;hp=23158b08a0908f381459f273a984c6fd328363cb Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28tcp-wrappers: Fix build with clangOleksiy Obitotskyy2
Fix non-void function 'fix_options' should return a value. Add function prototype to tcpd.c and miscd.c. Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28systemtap: bring in PR22551 fix that addresses build against 4.15 kernel issueVictor Kamensky2
With 4.15 kernel systemtap needs update to address systemtap module compilation issues. It is fixed in later version of systemtap by PR22551. Upstream-Status: Backport Signed-off-by: Victor Kamensky <kamensky@cisco.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28systemtap: supports mips starting with version 3.1Victor Kamensky1
Signed-off-by: Victor Kamensky <kamensky@cisco.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28elfutils: Fix gcc compile time alignment errorsKhem Raj3
Allow devtool to organize the SRC_URI Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28initrdscripts: format rootfs partition as ext4Anuj Mittal2
Use ext4 filesystem instead of ext3 when using the live image to install on target. wic defaults to ext4 as well. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28libxml-namespacesupport: use stable v1.12 release; inherit ptest-perlTim Orling2
* Fix RDEPENDS * Upstream v1.12_9 is a development version, not a stable release * Add UPSTREAM_CHECK_REGEX skip development releases * Drop anonymous python function to "fix" version, which breaks auto-upgrade-helper (AUH) * Use LICENSE file for checksum rather than ephemeral META.yml * License remains the same Fixes: [YOCTO #12581] License-Update: use LICENSE file for checksum Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28pseudo: explicitly enable xattr supportAndreas Kaufmann1
Pseudo is using a custom configure script that detects if it shall build with extended file attribute support or not. The check is done by simply calling 'getfattr' provided by attr-native which is not part of the dependency list. Due to the recent changes (recipe specific sysroot & cleanup of $PATH) this call fails now when the recipe is being build for the first time (at least when being build for nativesdk case). Explicitly setting up a dependency to attr-native just to satisfy configure would be wrong also since the real dependency is to attr/nativesdk-attr which are already part of the dependency list (see DEPENDS). Therefore bypass the test in the configure by explicitly enabling xattr using a configure option available in any case. Signed-off-by: Andreas Kaufmann <andreas.kaufmann.79@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28virtual/libgbm: createTrevor Woerner2
The 'glamor' PACKAGECONFIG in xserver-xorg creates a dependency on libgbm which can be satisfied in some cases by mesa, in others by blobs such as mali. Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28mesa.inc: make PROVIDES conditional on PACKAGECONFIGTrevor Woerner1
Mesa only PROVIDES these features if they are enabled via PACKAGECONFIG. Therefore make the PROVIDES conditional depending on whether or not these features have been enabled. Signed-off-by: Trevor Woerner <twoerner@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28mesa: update Upstream-Status of a patchMaxin B. John1
replace_glibc_check_with_linux.patch was accepted upstream with modifications. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-28mesa: Upgrade 17.3.6 -> 17.3.7Otavio Salvador2
This version has been published at March 21, 2018, and it is a bugfix only release. It includes several important fixes that were made as part of 18.0.0 development cycle. Full list of bug fixes can be see online at: https://www.mesa3d.org/relnotes/17.3.7.html Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25distcc: Change SRC_URIArmin Kuster1
ERROR: distcc-3.2-r0 do_fetch: Fetcher failure: Unable to find revision d8b18df3e9dcbe4f092bed565835d3975e99432c in branch 3.2 even from upstream ERROR: distcc-3.2-r0 do_fetch: Fetcher failure for URL: 'git://github.com/distcc/distcc.git;branch=3.2'. Unable to fetch URL from any source. ERROR: distcc-3.2-r0 do_fetch: Function failed: base_do_fetch [v2] upstream deleted the branch and the hash no longer exists. Took the git snapshot from yocto and created a copy on my github. There was no offical 3.2 release, only rc versions. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25waf.bbclass: Throw error if waf doesn't existAmanda Brindle1
Before, waf.bbclass would fail to catch FileNotFoundError. Now, it will catch this error and say that waf doesn't exist. Fixes [YOCTO 12553] Signed-off-by: Amanda Brindle <amanda.r.brindle@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25reproducible_build.bbclass: support for binary reproducibilityJuro Bystricky1
Setup environment for builds requiring binary reproducibility. Determine and export SOURCE_DATE_EPOCH per each recipe. This is a crucial step to achieve binary reproducibility. The value for this variable (timestamp) is obtained after source code for a recipe has been unpacked, but before it is patched. If the code sources come from a GIT repo, we get the timestamp from the top commit. (GIT repo does not preserve file mktime timestamps). Otherwise, if GIT repo is not present, we try to get mtime from known files such as NEWS, ChangeLog, etc. If this also fails, we go through all files and get the timestamp from the youngest one. We create an individual timestamp for each recipe. The timestamp is stored in the file '__source_date_epoch.txt' (in the folder source-date-epoch_). Later on, each task reads this file and sets the exported value of SOURCE_DATE_EPOCH to the value found in the file. Uasge: INHERIT += "reproducible_build" [YOCTO#11178] [YOCTO#11179] Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25systemd: link udev statically with systemd internal librariesAlexander Kanavin1
This was the default behavior with autotools, but is not with meson. Otherwise, udev package will pull in the rest of systemd even that is not desired. [YOCTO #12618] Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25systemd: change PACKAGECONFIG 'resolve' back to 'resolved'Chen Qi1
When systemd was upgraded from 234 to 237, the PACKAGECONFIG item 'resolved' is changed to 'resolve', this is because meson_options.txt uses the word 'resolve' instead of 'resolved'. However, this causes trouble for users. Backward compatibility is obviously more important, because we might have bbappend files in other layers using this PACKAGECONFIG item. So change the name back to 'resolved'. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25externalsrc: do not call make clean for recipes with CLEANBROKEN = "1" setAndreas Müller1
ERROR: distrho-ports-0.0.0+git999-r0 do_buildclean: oe_runmake failed ERROR: distrho-ports-0.0.0+git999-r0 do_buildclean: Function failed: do_buildclean ERROR: Logfile of failure stored in: <...>/temp/log.do_buildclean.17285 Log data follows: | DEBUG: Executing shell function do_buildclean | NOTE: make clean | make clean -C libs/drowaudio | make[1]: Entering directory '/home/a.mueller/data/oe-core/workspace/sources/distrho-ports/libs/drowaudio' | make clean -C build-drowaudio | make[2]: Entering directory '/home/a.mueller/data/oe-core/workspace/sources/distrho-ports/libs/drowaudio/build-drowaudio' | make[2]: *** No rule to make target 'clean'. Stop. | make[2]: Leaving directory '/home/a.mueller/data/oe-core/workspace/sources/distrho-ports/libs/drowaudio/build-drowaudio' | make[1]: *** [Makefile:7: clean] Error 2 | make[1]: Leaving directory '/home/a.mueller/data/oe-core/workspace/sources/distrho-ports/libs/drowaudio' | make: *** [Makefile:73: clean] Error 2 | ERROR: oe_runmake failed Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25gtk-doc: don't regenerate gtk-doc in do_installRoss Burton2
In out-of-tree builds gtk-doc's setup-build target copies all the content from $srcdir to $builddir. However, if some of this content is regenerated at configure time this can happen: 1) configure writes new build/version.xml 2) make compile copies content, including the tarball's src/version.xml to build/version.xml, and generates gtk-doc. 3) make install notices build/version.xml is older than configure.status, so regenerates gtk-doc. gtk-doc generation is a slow process at the best of times, so doing it twice isn't good. Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25librepo: disable building of tests and docsAnuj Mittal1
Also remove libcheck dependency which was required only for tests. Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25ncurses: Abstract out termlibKhem Raj1
termlib needs to be disabled on some targets e.g. mingw this change paves the way for doing that. Functionally it does not change anything for other platforms Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25systemd: Fix build failures with glibc 2.27 + kernels without memfdKhem Raj2
Backport a fix that is needed for systemd to build with latest glibc and kernel being old. see https://github.com/systemd/systemd/issues/8099 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25site/risc-v: Cache common variables to build libIDLKhem Raj2
These variables force runtime tests during configure they are already cached for other architectures Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25glide.bbclass: Add class to easy Glide useOtavio Salvador1
To use 'glide' this class does the integration and reduces code duplication. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25shadow.inc: run postinst only for targetMartin Jansa1
* fails for nativesdk-shadow with: pwconv: /etc/passwd.29063: No such file or directory pwconv: cannot lock /etc/passwd; try again later. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25iputils: change default PACKAGECONFIG to disable libidnMartin Jansa1
* wrong revision of this patch, where the commit message didn't match with the default PACKAGECONFIG value, was merged to master, update it to avoid confusion * it got enabled by default, but without the dependency on libidn in: commit 5997981fa2c22609a88b8cbb595dbf7758b2f7c2 Author: Alexander Kanavin <alexander.kanavin@linux.intel.com> AuthorDate: Thu Feb 1 20:02:08 2018 +0200 Subject: iputils: update to 20161105 * https://github.com/iputils/iputils/blob/master/RELNOTES.old mentiones that IDN was enabled by default in: [s20160308] and surprisingly the same in [s20150815] but there are no release notes for s20151218 version we were using until now, don't know how it really relates to [s20150815]. * but there are some issues with libidn as described in: https://github.com/iputils/iputils/commit/f3a461603ef4fb7512ade3bdb73fe1824e294547 so disable it by default. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25maintainers.inc: drop lsb4 perl modules no longer in coreTim Orling1
The following perl module packages were removed from oe-core with commit: 30fb4c8f329fe3aa3c528ffeba60ee7d702e873e - libclass-isa-perl - libenv-perl - libdumpvalue-perl - libfile-checktree-perl - libi18n-collate-perl - libpod-plainer-perl Remove these from the maintainers list Fixes: [Yocto #12582] Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25maintainers: remove obsolete entriesMaxin B. John1
Delete entries of removed packages. Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25libvorbis: CVE-2018-5146Tanu Kaskinen2
Prevent out-of-bounds write in codebook decoding. The bug could allow code execution from a specially crafted Ogg Vorbis file. References: https://www.debian.org/security/2018/dsa-4140 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25libvorbis: CVE-2017-14632Tanu Kaskinen2
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632 Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25libvorbis: CVE-2017-14633Tanu Kaskinen2
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633 Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25xserver-xorg: import distro patch to use modesetting driver on newer hardwareCalifornia Sullivan2
Debian and Fedora both carry this patch, and the xf86-video-modesetting driver seems better on recent hardware. As an example, on a NUC6CAYS, the x11perf -aa10text and -rgb10text tests see around a 20x increase. [YOCTO #12019] [YOCTO #12390] Signed-off-by: California Sullivan <california.l.sullivan@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-25tiff: Security fixesYi Zhao4
Fix CVE-2017-99935, CVE-2017-18013, CVE-2018-5784 References: https://nvd.nist.gov/vuln/detail/CVE-2017-9935 https://nvd.nist.gov/vuln/detail/CVE-2017-18013 https://nvd.nist.gov/vuln/detail/CVE-2018-5784 Patches from: CVE-2017-9935: https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940 CVE-2017-18013: https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01 CVE-2018-5784: https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-20systemd-boot: upgrade to 237Chen Qi3
Upgrade systemd-boot to 237. As systemd has dropped autotools support, fix configure and compile failures related to meson. Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
2018-03-20systemd: fix build failure for qemux86 and qemuppc with muslChen Qi2
Remove the 'fstack-protector' and 'fstack-protector-strong' flags as a workaround to fix the following error when building for qemux86 and qemuppc with musl. undefined reference to `__stack_chk_fail_local' Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
2018-03-20systemd: upgrade to 237Chen Qi48
Upgrade systemd to 237. Note that this version has dropped autotools support. The following patches are rebased: 0004-Use-getenv-when-secure-versions-are-not-available.patch 0005-binfmt-Don-t-install-dependency-links-at-install-tim.patch 0007-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch 0015-Revert-udev-remove-userspace-firmware-loading-suppor.patch 0018-check-for-uchar.h-in-configure.patch 0019-socket-util-don-t-fail-if-libc-doesn-t-support-IDN.patch 0001-add-fallback-parse_printf_format-implementation.patch 0002-src-basic-missing.h-check-for-missing-strndupa.patch 0007-check-for-missing-canonicalize_file_name.patch 0008-Do-not-enable-nss-tests.patch 0010-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch 0011-nss-mymachines-Build-conditionally-when-HAVE_MYHOSTN.patch The following backported patches are dropped: 0001-core-evaluate-presets-after-generators-have-run-6526.patch 0001-main-skip-many-initialization-steps-when-running-in-.patch 0001-meson-update-header-file-to-detect-memfd_create.patch 0003-fileio-include-sys-mman.h.patch The following patch is dropped as autotools support is dropped: 0002-configure.ac-Check-if-memfd_create-is-already-define.patch The following patches are newly added to fix problems: 0027-remove-nobody-user-group-checking.patch 0028-add-missing-FTW_-macros-for-musl.patch 0030-fix-missing-of-__register_atfork-for-non-glibc-build.patch 0031-fix-missing-ULONG_LONG_MAX-definition-in-case-of-mus.patch Other changes are mostly autotools/meson related. This new version has dropped ptest support, as there's no easy way to do this in the framework of meson. Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
2018-03-20libsolv: refresh the patchesMaxin B. John2
fixes: WARNING: libsolv-0.6.33-r0 do_patch: Some of the context lines in patches were ignored. This can lead to incorrectly applied patches. The context lines in the patches can be updated with devtool: devtool modify <recipe> devtool finish --force-patch-refresh <recipe> <layer_path> Then the updated patches and the source tree (in devtool's workspace) should be reviewed to make sure the patches apply in the correct place and don't introduce duplicate lines (which can, and does happen when some of the context is ignored). Further information: http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450 Details: Applying patch 0001-Add-fallback-fopencookie-implementation.patch patching file ext/CMakeLists.txt patching file ext/solv_xfopen.c Hunk #1 succeeded at 12 with fuzz 1 (offset -1 lines). Hunk #2 succeeded at 25 (offset -18 lines). Hunk #3 succeeded at 34 (offset -18 lines). Hunk #4 succeeded at 46 (offset -18 lines). patching file ext/solv_xfopen_fallback_fopencookie.c patching file ext/solv_xfopen_fallback_fopencookie.h Now at patch 0001-Add-fallback-fopencookie-implementation.patch Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2018-03-20iputils: add PACKAGECONFIG for libidn and disable it by defaultMartin Jansa1
* it got enabled by default, but without the dependency on libidn in: commit 5997981fa2c22609a88b8cbb595dbf7758b2f7c2 Author: Alexander Kanavin <alexander.kanavin@linux.intel.com> AuthorDate: Thu Feb 1 20:02:08 2018 +0200 Subject: iputils: update to 20161105 * https://github.com/iputils/iputils/blob/master/RELNOTES.old mentiones that IDN was enabled by default in: [s20160308] and surprisingly the same in [s20150815] but there are no release notes for s20151218 version we were using until now, don't know how it really relates to [s20150815]. * but there are some issues with libidn as described in: https://github.com/iputils/iputils/commit/f3a461603ef4fb7512ade3bdb73fe1824e294547 so disable it by default. * fails with: | In file included from ping_common.c:1:0: | ping.h:39:10: fatal error: idna.h: No such file or directory | #include <idna.h> | ^~~~~~~~ * Easiest way to reproduce this failure is to remove libidn from gnutls PACKAGECONFIG or to use gnutls which doesn't have libidn PACKAGECONFIG at all (like the one in meta-gplv2). * First it leads to following QA issue: http://errors.yoctoproject.org/Errors/Build/53212/ ERROR: iputils-s20161105-r0 do_package_qa: QA Issue: iputils-ping rdepends on libidn, but it isn't a build dependency, missing libidn in DEPENDS or PACKAGECONFIG? [build-deps] ERROR: iputils-s20161105-r0 do_package_qa: QA Issue: iputils-traceroute6 rdepends on libidn, but it isn't a build dependency, missing libidn in DEPENDS or PACKAGECONFIG? [build-deps] ERROR: iputils-s20161105-r0 do_package_qa: QA run found fatal errors. Please consider fixing them. ERROR: iputils-s20161105-r0 do_package_qa: Function failed: do_package_qa ERROR: Logfile of failure stored in: /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/iputils/s20161105-r0/temp/log.do_package_qa.7627 ERROR: Task (/OE/build/oe-core/openembedded-core/meta/recipes-extended/iputils/iputils_s20161105.bb:do_package_qa) failed with exit code '1' * But if you cleansstate iputils as well (after removing libidn from gnutls PACKAGECONFIG) to empty iputils RSS, then you get the error about missing idna.h: http://errors.yoctoproject.org/Errors/Build/53213/ * Adding the libidn dependency explicitly in iputils recipe fixes the issue. Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>