summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFiles
2017-01-11cve-check.bbclass: CVE-2014-2524 / readline v5.2André Draszik1
Contrary to the CVE report, the vulnerable trace functions don't exist in readline v5.2 (which we keep for GPLv2+ purposes), they were added in readline v6.0 only - let's whitelist that CVE in order to avoid false positives. See also the discussion in https://patchwork.openembedded.org/patch/81765/ (From OE-Core rev: b881a288eec598002685f68da80a24e0478fa496) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11qemuarm64.conf: make runqemu's graphics workRobert Yang1
Fixed: $ runqemu qemuarm64 (without -nographics) There is no output in qemu console without this fix. (From OE-Core rev: 40a64e64b2ff41661ff254d0836c5f60120c6795) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11weston: Add no-input-device patch to 1.11.0.Daniel Díaz2
The included patch, backported from Weston master (and OE-Core master since Weston 1.11.1, b6864b1), allows it to run without any input device at launch. An ini option is introduced for this purpose, so there is no behavioral change. Related change in weston.ini: [core] require-input=true Default is true; setting it false allows Weston to run without a keyboard or mouse, which is handy for automated environments. Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11libbsd 0.8.3: BBCLASSEXTEND to native and nativesdkKoen Kooi1
Android-tools depends on it and to build the native versions of fastboot, adb, mkbootimg and others libbsd needs to support native builds. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit b02cef58ee35dd277fff48538ce2803df1cbc4d5) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11tzdata: update to 2016iArmin Kuster1
Briefly: Cyprus split into two time zones on 2016-10-30, and Tonga reintroduces DST on 2016-11-06. Changes to future time stamps Pacific/Tongatapu begins DST on 2016-11-06 at 02:00, ending on 2017-01-15 at 03:00. Assume future observances in Tonga will be from the first Sunday in November through the third Sunday in January, like Fiji. (Thanks to Pulu ʻAnau.) Switch to numeric time zone abbreviations for this zone. Changes to past and future time stamps Northern Cyprus is now +03 year round, causing a split in Cyprus time zones starting 2016-10-30 at 04:00. This creates a zone Asia/Famagusta. (Thanks to Even Scharning and Matt Johnson.) Antarctica/Casey switched from +08 to +11 on 2016-10-22. (Thanks to Steffen Thorsen.) Changes to past time stamps Several corrections were made for pre-1975 time stamps in Italy. These affect Europe/Malta, Europe/Rome, Europe/San_Marino, and Europe/Vatican. First, the 1893-11-01 00:00 transition in Italy used the new UT offset (+01), not the old (+00:49:56). (Thanks to Michael Deckers.) Second, rules for daylight saving in Italy were changed to agree with Italy's National Institute of Metrological Research (INRiM) except for 1944, as follows (thanks to Pierpaolo Bernardi, Brian Inglis, and Michael Deckers): The 1916-06-03 transition was at 24:00, not 00:00. The 1916-10-01, 1919-10-05, and 1920-09-19 transitions were at 00:00, not 01:00. The 1917-09-30 and 1918-10-06 transitions were at 24:00, not 01:00. The 1944-09-17 transition was at 03:00, not 01:00. This particular change is taken from Italian law as INRiM's table, (which says 02:00) appears to have a typo here. Also, keep the 1944-04-03 transition for Europe/Rome, as Rome was controlled by Germany then. The 1967-1970 and 1972-1974 fallback transitions were at 01:00, not 00:00. (From OE-Core rev: daf95f7fd9f7ab65685d7b764d8e50df8d00d308) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11tzcode: update to 2016iArmin Kuster1
Changes to code The code should now be buildable on AmigaOS merely by setting the appropriate Makefile variables. (From a patch by Carsten Larsen.) (From OE-Core rev: d2b8c4ee535684f5d874082a7f76efbda1907ea5) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11openssh: fix CVE-2016-8858Kai Kang2
Backport patch to fix CVE-2016-8858 of openssh. Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1384860 (From OE-Core rev: 134a05616839d002970b2e7124ea38348d10209b) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11lib/oe/qa: handle binaries with segments outside the first 4kbRoss Burton1
The ELF parser was assuming that the segment tables are in the first 4kb of the binary. Whilst this generally appears to be the case, there have been instances where the segment table is elsewhere (offset 2MB, in this sample I have). Solve this problem by mmap()ing the file instead. Also clean up the code a little whilst chasing the problem. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11Revert "epiphany: remove unnecessary libwnck3 dependency"Ross Burton1
This version of epiphany still needs libwnck3. This reverts commit fb5c4f181176710a4cfb3c875b5edb4e5aa5df73. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2017-01-11Revert "libwnck3: remove the recipe"Ross Burton1
The epiphany in morty still needs libwnck3, so bring it back. This reverts commit 129281e8557ec8d29ecf863675884713a3050f4b. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16rm_work: Ensure we don't remove sigbasedata filesRichard Purdie1
We don't remove sigdata files, we also shouldn't remove sigbasedata files as this hinders debugging. (From OE-Core rev: 988349f90c8dc5498b1f08f71e99b13e928a0fd0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-11-16sstate: Ensure we don't remove sigbasedata filesRichard Purdie1
We don't remove sigdata files, we also shouldn't remove sigbasedata files as this hinders debugging. (From OE-Core rev: 1ebd85f8dfe45b92c0137547c05e013e340f9cec) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-11-16gdb: update 7.11+git1a982b689c -> 7.11.1Andre McCurdy6
41d8236 Set GDB version number to 7.11.1. 136613e Fix PR gdb/19828: gdb -p <process from a container>: internal error a0de87e Make gdb/linux-nat.c consider a waitstatus pending on the infrun side cf2cd51 Add mi-threads-interrupt.exp test (PR 20039) f0a8d0d Fix double prompt output after run control MI commands with mi-async on (PR 20045) b5f0db4 Fix -exec-run not running asynchronously with mi-async on (PR gdb/18077) 7f8e34d Use target_terminal_ours_for_output in MI (From OE-Core rev: 371345c0dc49bf781c27aea1e9f6a4c947fa30e6) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16subversion: fix "svnadmin create" fail on x86Dengke Du2
When run the following command on x86: svnadmin create /var/test_repo It cause segmentation fault error like the following: [16499.751837] svnadmin[21117]: segfault at 83 ip 00000000f74bf7f6 sp 00000000ffdd9b34 error 4 in libc-2.24.so[f7441000+1af000] Segmentation fault (core dumped) This is because in source code ./subversion/libsvn_fs_fs/low_level.c, function svn_fs_fs__unparse_footer, when: target arch: x86 apr_off_t: 4 bytes if the "APR_OFF_T_FMT" is "lld", it still use type "apr_off_t" to pass data to apr, but in apr source code file apr_snprintf.c the function apr_vformatter meet "lld", it would use the: i_quad = va_arg(ap, apr_int64_t); It uses the apr_int64_t to deal data, it read 8 bytes, so the follow-up data may be error. (From OE-Core rev: 7ea7e3db7801b58495b89a95ec2751d618d3a29f) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16classes/populate_sdk_ext: prevent invalid TEMPLATECONF entering eSDKPaul Eggleton1
If you are using a repository which contains a .templateconf file that sets TEMPLATECONF to point into a layer it contains, but you aren't using that layer in your bblayers.conf, the eSDK would produce an error during the preparation step of the installation. An example would be using the poky repository but setting DISTRO to your own custom distro and removing meta-poky from your bblayers.conf. The eSDK doesn't support creating new build directories, so we don't care about the templates and can thus force a known good value to prevent this from happening. Fixes [YOCTO #10568]. (From OE-Core rev: 5ee32191a18013061dfa72e64713a94c5d321496) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16oe-setup-builddir: fix TEMPLATECONF error messagePaul Eggleton1
This directory shouldn't contain local.conf and bblayers.conf - just templates for them; except it doesn't have to contain those, it just has to exist to pass this test. Change the error message accordingly, and mention TEMPLATECONF so that the user has at least some context. (From OE-Core rev: 61adaaa4348c670769f8750223977dbefe369ffb) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16bash_3.2.x: update recipe version to match what we're shippingAndré Draszik8
Make sure the recipe version matches what we're actually shipping, so that tools like cve-check can do the right thing. Rather than fetching version 3.2.48 and applying all patches up to and including version 3.2.57, we just fetch the latter in the first place. (From OE-Core rev: 614ac87f2832c5359f371439559be88d6106cd6b) Signed-off-by: André Draszik <adraszik@tycoint.com> Acked-by: Sylvain Lemieux <slemieux@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16qemu: fix CVE-2016-7423 and CVE-2016-7908Kai Kang3
Backport patches to fix CVE-2016-7423 and CVE-2016-7908 of qemu. (From OE-Core rev: 1f4c303fd64a4bc05882de01676f241f0df6da78) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16qemu: supplementary fix of CVE-2016-5403Kai Kang2
It is reported in qemu community that VM always exits with: | 2016-10-17T07:33:40.393592Z qemu-kvm: Virtqueue size exceede when VM is suspend and resume. Solution from the maintainer of virtio is to merge following 3 commits: http://git.qemu.org/?p=qemu.git;a=commit;h=bccdef6 http://git.qemu.org/?p=qemu.git;a=commit;h=58a83c6 http://git.qemu.org/?p=qemu.git;a=commit;h=4b7f91e The first 2 commits have been merged in qemu 2.7.0. Then apply the third one. (From OE-Core rev: db5b9254fbbc30e50b50c7c8cd1f04dcc965cd52) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16oe-pkgdata-util: Use standard verb form in help info.Robert P. J. Day1
"Shows" -> "Show", to be consistent with standard form of help output. (From OE-Core rev: 5a7994df6cdb5af8d240e2802e6bb3d9671f17e3) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tzdata: Update to 2016hArmin Kuster1
Changes to future time stamps Asia/Gaza and Asia/Hebron end DST on 2016-10-29 at 01:00, not 2016-10-21 at 00:00. (Thanks to Sharef Mustafa.) Predict that future fall transitions will be on the last Saturday of October at 01:00, which is consistent with predicted spring transitions on the last Saturday of March. (Thanks to Tim Parenti.) Changes to past time stamps In Turkey, transitions in 1986-1990 were at 01:00 standard time not at 02:00, and the spring 1994 transition was on March 20, not March 27. (Thanks to Kıvanç Yazan.) Changes to past and future time zone abbreviations Asia/Colombo now uses numeric time zone abbreviations like "+0530" instead of alphabetic ones like "IST" and "LKT". Various English-language sources use "IST", "LKT" and "SLST", with no working consensus. (Usage of "SLST" mentioned by Sadika Sumanapala.) (From OE-Core rev: ff11ca44fec8e4b2aa523e032bd967e3ab8339a8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tzcode-native: update to 2016hArmin Kuster1
Changes to code zic no longer mishandles relativizing file names when creating symbolic links like /etc/localtime, when these symbolic links are outside the usual directory hierarchy. This fixes a bug introduced in 2016g. (Problem reported by Andreas Stieger.) (From OE-Core rev: 9c5de646e01a83219be74e99dcf7c1e56ba38b53) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16testsdk.bbclass: Clean up comments, clarify image choices.Robert P. J. Day1
Make it clear that SDK testing can use any valid image. (From OE-Core rev: d190c69347921a626665a53469dcf99b3c86994b) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16texi2html: Allow compiling out-of-sourceOlaf Mandel2
Compiling texi2html 5.0 out-of-source with USE_NLS set to no failed because it tried to copy from srcdir without using that variable. Fix this issue and add a reference to the upstream commit. (From OE-Core rev: 28a37020f50e513b247015b1b0a784c99d41aae3) Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16valgrind: update to 3.12.0Alexander Kanavin3
Remove backported gcc5-port.patch Remove 11_mips-link-tool.patch as there is nothing in the target file (or the entire source tree) that resembles anything contained in the patch. (From OE-Core rev: 221093e850fbc3c154e9069f1958384b59ba3f70) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16libarchive: update to 3.2.2Alexander Kanavin1
(From OE-Core rev: 14fc66856a59e44d6861ed4ef88909908e597615) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16libwnck3: remove the recipeAlexander Kanavin1
Nothing requires it in oe-core now, so it will be re-added to meta-openembedded. (From OE-Core rev: 5741419426c6f8255d55560e3a4721fa4c68a179) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16epiphany: remove unnecessary libwnck3 dependencyAlexander Kanavin1
libwnck3 dependency was removed upstream (From OE-Core rev: 0af26d519fd282d0b270939a75ce33eba715669b) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16rt-tests: fix the recipe version to match upstreamAlexander Kanavin3
Upstream had a 2.0 tag for a while, then removed it and added a 1.1 tag :-/ Let's make it match to avoid confusion. There's only one new commit added, which adds a missing manpage. Also, update the outdated version comment in rt-tests.inc (From OE-Core rev: 799a7b74f1219040fe2d43dcdcd145600a9fecbd) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16webkitgtk: remove lib_package inherit as executables are now installed in ↵Alexander Kanavin1
libexecdir (From OE-Core rev: 60751d66118103712f7670412051234cec41e439) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16gnome-desktop3: fix dependenciesAlexander Kanavin1
libxrandr dependency has been removed upstream Udev dependecy has been added upstream: commit b8cbfbe06475703f333367976eae9477f229891a pnp-ids: Use udev's hwdb to query PNP IDs (From OE-Core rev: 5f939fbf229e3c05d6b726f481a0e862ad5a5ceb) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16lttng-tools: do not install shared libraries in ptest packageAlexander Kanavin1
This was creating a race in runtime library dependency resolution where sometimes the library was assumed to be provided by the ptest package. (From OE-Core rev: c4a10c0b4bc14f4bac06deed8ecb64d0303f4029) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16shadow: add nologin.8 to alternativesRoss Burton1
This manpage is also shipped in util-linux-doc as an alternative, so it needs to be managed as an alternative here too. (From OE-Core rev: 0c1e8e0939b39dcf6ea753b41da5ec9bc6ebb82a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16util-linux: add su.1 to update-alternativesRoss Burton1
The su binary is handled by alternatives but the man page wasn't, so installing both util-linux-doc and shadow-doc produces errors. Also use d.expand() to neaten the code. (From OE-Core rev: 70a161ee88d3d54fec6d59039c181b43f1857dc3) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16busybox/mdev.conf: Ignore eMMC RPMB and boot block devicesMike Looijmans1
eMMC devices may report block devices like "mmcblk0rpmb" and "mmcblk0boot0". These are not actually block devices and any read/write operation on them will fail. To prevent spamming error messages attempting to mount them, just ignore these devices. (From OE-Core rev: 9f4a85eb929f67420d9689d7dddadd120ed49843) Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16package_manager.py: correctly remove all dependent packagesSamuli Piippo1
Do not use --force-depends when trying to remove all dependent packages, as it removes only the selected package and not the dependent packages. (From OE-Core rev: a82e8725902086dab785a0b14305927dae1e4e8d) Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16insane.bbclass:buildpaths: open() file with 'rb'Robert Yang1
open() is default to 'rt' which may cause decoding errors when open binary file: $ bitbake xcursor-transparent-theme [snip] Exception: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xfd in position 18: invalid start byte [snip] (From OE-Core rev: ddbab61f47efd9b4fde38ef8f0f3482c78abe37c) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16classes/nativesdk: set SDK_OLDEST_KERNEL appropriatelyPaul Eggleton6
SDK_OLDEST_KERNEL currently only controls the check on SDK installation, however as with OLDEST_KERNEL it should be controlling the OLDEST_KERNEL value for building glibc used in the SDK. Thus, set it in nativesdk.bbclass. This means we need to move the default to bitbake.conf so that it can be seen in both places. Also set a more reasonable default for SDK_OLDEST_KERNEL for x86/x86-64 as glibc 2.24 still supports back to 2.6.32 there and there are still people wanting to build SDKs that will install on older distros (e.g. CentOS 6). However it's not possible to set this with overrides since there aren't any for the SDK_ARCH, however we can instead set the variable from conf files in conf/machine-sdk especially as there is now a soft default for SDKMACHINE. Fixes [YOCTO #10561]. (From OE-Core rev: 42d5781e31c5bf76b5b7e27abed4f6f3fd65bf40) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16classes/populate_sdk_base: fix usage of & character in SDK_TITLEPaul Eggleton1
If you used an & character in SDK_TITLE (possibly indirectly from DISTRO_NAME) then sed interpreted this as a directive to paste in the replaced string (@SDK_TITLE@ in this case). Escape any & characters in SDK_TITLE to avoid that. (From OE-Core rev: acb85689c13cfdac21435509001048af5c3a7e99) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3622Yi Zhao2
CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3622 http://www.openwall.com/lists/oss-security/2016/04/07/4 Patch from: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286 (From OE-Core rev: 0af0466f0381a72b560f4f2852e1d19be7b6a7fb) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3623Yi Zhao2
CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623 http://bugzilla.maptools.org/show_bug.cgi?id=2569 Patch from: https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b (From OE-Core rev: d66824eee47b7513b919ea04bdf41dc48a9d85e9) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3991Yi Zhao2
CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3991 http://bugzilla.maptools.org/show_bug.cgi?id=2543 Patch from: https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba (From OE-Core rev: d31267438a654ecb396aefced201f52164171055) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3990Yi Zhao2
CVE-2016-3990 libtiff: Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3990 http://bugzilla.maptools.org/show_bug.cgi?id=2544 Patch from: https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 (From OE-Core rev: c6492563037bcdf7f9cc50c8639f7b6ace261e62) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16tiff: Security fix CVE-2016-3945Yi Zhao2
CVE-2016-3945 libtiff: Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3945 http://bugzilla.maptools.org/show_bug.cgi?id=2545 Patch from: https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6 (From OE-Core rev: 04b9405c7e980d7655c2fd601aeeae89c0d83131) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16systemd: CVE-2016-7795Chen Qi2
The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. The patch is a backport from the latest git repo. Please see the link below for more information. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7795 (From OE-Core rev: 543570cafa8d7f595b489d03d05f0aa4478f8539) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16oe/copy_buildsystem.py: dereference symlinkRobert Yang1
When there is a relative symlink in the layer, for example: symA -> ../out/of/layer/file symA will be invalid fater copied, it would be invalid from build time if it points to a relative path, and would be invalid after extracted the sdk if it points to a absolute py. Dereference symlink when copy will fix the problem. Use tar rather than shutil.copytree() to copy is because: 1) shutil.copytree(symlinks=Fasle) has bugs when dereference symlinks: https://bugs.python.org/issue21697 And Ubunutu 1404 doesn't upgrade python3 to fix the problem. 2) shutil.copytree(symlinks=False) raises errors when there is a invalid symlink, and tar just prints a warning, tar is preferred here since the real world is unpredicatable 3) tar is faster than shutil.copytree() as said by oe.path.copytree() So use tar to copy. (From OE-Core rev: f4d70bb0882eec4fb46cd942f2796fad57c72982) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16openssl: rehash actual mozilla certificates inside rootfsDmitry Rozhkov1
The c_rehash utility is supposed to be run in the folder /etc/ssl/certs of a rootfs where the package ca-certificates puts symlinks to various CA certificates stored in /usr/share/ca-certificates/mozilla/. These symlinks are absolute. This means that when c_rehash is run at rootfs creation time it can't hash the actual files since they actually reside in the build host's directory $SYSROOT/usr/share/ca-certificates/mozilla/. This problem doesn't reproduce when building on Debian or Ubuntu hosts though, because these OSs have the certificates installed in the same /usr/share/ca-certificates/mozilla/ folder. Images built in other distros, e.g. Fedora, have problems with connecting to https servers when using e.g. python's http lib. The patch fixes c_rehash to check if it runs on a build host by testing $SYSROOT and to translate the paths to certificates accordingly. (From OE-Core rev: 5199b990edf4d9784c19137d0ce9ef141cd85e46) Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16uboot-sign: fix do_concat_dtb for .img, .romGeorge McCollister1
Now that out of tree building is enabled, ${B} must be used instead of ${S} as the path for UBOOT_BINARY. (From OE-Core rev: 1fe17c52e4d7ce1b9d69aaa2cd9d4b351a4b2603) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16rpm: fix file location of rpm2cpio.realChen Qi1
rpm2cpio is in ${PN}-common, but rpm2cpio.real is in ${PN}. This seperation is really weird. Put them both in ${PN}-common. (From OE-Core rev: 8a0af7e4ae8ba8ce0c7fd2a9f6ab7cc070f47af0) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2016-11-16boost: disable 'wave' in MIPS16e modeAndré Draszik1
This doesn't compile, see https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77757#c2 (From OE-Core rev: 59f77d48528498f12cc9d1ba641a9c7ff50ba03a) Signed-off-by: André Draszik <adraszik@tycoint.com> Acked-by: Sylvain Lemieux <slemieux@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>