| Age | Commit message (Collapse) | Author | Files |
|---|
|
After systemd-boot was introduced, its been tested for a while with no major
issues being found until now, this patch completely replaces all gummiboot
instances with systemd-boot ones, taking the next step into cleaning
up systemd-boot/gummiboot.
[YOCTO #10332]
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
There were a few straggling expansion parameter removals left for
getVar/getVarFlag where the odd whitespace meant they were missed
on previous passes. There were also some plain broken ussages such
as:
d.getVar('ALTERNATIVE_TARGET', old_name, True)
path = d.getVar('PATH', d, True)
d.getVar('IMAGE_ROOTFS', 'True')
which I've corrected (they happend to work by luck).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This rdepends on libgl.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Refreshed the following patch:
* inet-6-.defn-fix-inverted-checks-for-loopback.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Newer host distributions are moving to ncurses6, therefore add entries so the
host's ncurses{w}6-config scripts aren't picked up.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If you want to be able to use -fstack-protector then you need the
runtime support - you can either write this yourself or use libssp
supplied with GCC. If you're using GCC then it seems likely that you'd
just be using libssp, so include in the SDK by default; however use
RRECOMMENDS just in case it's been disabled or you aren't using GCC.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
rm: can't remove '/etc/resolv.conf': Read-only file system
ln: /etc/resolv.conf: File exists
/etc/default/volatiles contains an entry:
l root root 0644 /etc/resolv.conf /var/run/resolv.conf
which causes populate-volatile.sh to execute the following in link_file():
if [ -L \"$2\" ]; then
[ \"\$(readlink -f \"$2\")\" != \"\$(readlink -f \"$1\")\" ] && { rm -f \"$2\"; ln -sf \"$1\" \"$2\"; };
elif [ -d \"$2\" ]; then
...
At the time the image is created, /etc/resolv.conf is already a
symlink to /var/run/resolv.conf, but at boot time when
populate-volatiles.sh is run, /var/run/resolv.conf doesn't
exist, causing it to try to rm -f and ln -sf which of course
fails due to the read-only filesystem.
[YOCTO #10814]
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If commands are run asynchronously they may be completed out of
order causing problems if later entries depend on earlier ones.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
latest systemd has changed the resolved defaults which points to
127.0.0.53 port 53 on local network. If someone wants to use
host-local IP address then it can be pointed to copy in /lib/systemd
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade dbus-glib from 0.106 to 0.108
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
There is no break in busybox's "defconfig" file to show where Runit
settings suddenly morph into SELinux settings, so add some comments.
(From OE-Core rev: 0fa590ed6c26aa065a9da8edbf65436fa1f6d04f)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upgrade util-linux from 2.28.1 to 2.29
(From OE-Core rev: a675e8219f09a92f1c9c9fccce449d0f0753a53f)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When building systemd with multilib support enabled in your build you
will get the following QA warnings (if the 'libdir' QA check is
enabled.)
WARNING: systemd-1_232-r0 do_package_qa: QA Issue: systemd-dbg: found \
library in wrong location: /lib/systemd/.debug/libsystemd-shared-232.so
systemd: found library in wrong location: /lib/systemd/libsystemd-shared.so
systemd: found library in wrong location: /lib/systemd/libsystemd-shared-232.so [libdir]
Since systemd 231 upstream has included an 'internal' library which
they explicitly place in the application specific /lib/systemd
directory. You can see some of the discussion about this placement
here https://github.com/systemd/systemd/issues/3810
This placement is being picked up by the QA checker since when
multilibs are enabled it expects all libraries to be in lib32 or
lib64. Since the systemd and systemd-dbg packages don't contain any
other libraries we can respect the upstream placement and skip this QA
check for these packages. Unfortunately the QA mechanism doesn't allow
us to specify individual files so this approach is the best we can do.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The NULL pointer dereferencing could produced some
security problems.
This is a preventive security fix.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ranges
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
xpath:
- Check for errors after evaluating first operand.
- Add sanity check for empty stack.
- Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
getty devices were not being removed in some cases because device name
was not at the end of the line, for example a ttyS1 device:
S1:12345:respawn:/bin/start_getty 115200 ttyS1 vt102
Removing this limitation allows sed to remove any line containing
the device.
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
These changes are required for compatibility with ConnMan, which by default
uses table ids greater than 255.
Signed-off-by: Lukasz Nowak <lnowak@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ARM stack frames for abort and raise were limited to the the actual
abort and raise call, such as:
Obtained 4 stack frames.
./test-app(print_trace+0x1c) [0x10a08]
./test-app() [0x10b3c]
/lib/libc.so.6(__default_sa_restorer+0) [0x4adae1e0]
/lib/libc.so.6(gsignal+0xa0) [0x4adacf74]
This is not terribly useful when trying to figure out what function
may have called called the abort, especially when using pthreads.
After the change the trace would now look like:
Obtained 8 stack frames.
./test-app(print_trace+0x1c) [0x10a08]
./test-app() [0x10b3c]
/lib/libc.so.6(__default_sa_restorer+0) [0x4befe1e0]
/lib/libc.so.6(gsignal+0xa0) [0x4befcf74]
/lib/libc.so.6(abort+0x134) [0x4befe358]
./test-app(dummy_function+0x50) [0x10adc]
./test-app(main+0xd4) [0x10c24]
/lib/libc.so.6(__libc_start_main+0x114) [0x4bee7a58]
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
There is a critical regression in the default behavior with systemd
232 which prevents lxc, docker, and opencontainers from working
properly out of the box. The change was already committed to the
systemd 233 code stream.
The failure looks like what is shown below.
% lxc-start -n container -F
lxc-start: cgfsng.c: parse_hierarchies: 825 Failed to find current cgroup for controller 'name=systemd'
lxc-start: cgfsng.c: all_controllers_found: 431 no systemd controller mountpoint found
lxc-start: start.c: lxc_spawn: 1082 failed initializing cgroup support
lxc-start: start.c: __lxc_start: 1332 failed to spawn 'container'
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
Commit 843d5baf6aad6c53fc00ea8d95d83209a4f92de1 from the systemd git
has been backported and can be dropped in a future uprev.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This improves the config file parsing to permit blank lines and
comments following an entry or preceeded by whitespace.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Drop support for rcS.d SysV init scripts.
These are prone to cause dependency loops, and almost all packages with
rcS scripts now ship a native systemd service.
* Drop mount propagation patch, it only happens with libseccomp, OE doesnt
enable it
* kdbus option has disappeared from configure
* Ignore dev-so for PN now since systemd introduced private .so see
https://github.com/systemd/systemd/issues/3810
* Add libnss* to PACKAGES_DYNAMIC for libnss-resolve to work correctly
* Forward port systemd-boot patches to systemd-232
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through
2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to the XPointer range-to function.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131
Patch from:
https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fractional durations (e.g. 0.5s) for the sleep command are useful and
not terribly uncommon in practice, especially in scripts associated
with test cases (e.g. mdadm, lttng-tools). Enable FEATURE_FLOAT_SLEEP
by default in order to avoid having to patch every instance of a
script using a fractional sleep.
The busybox binary gains a few hundred bytes in text (armv5e shown):
$ size -x busybox.nosuid.{before,after}
text data bss dec hex filename
0x89382 0x71d 0x2250 572655 8bcef busybox.nosuid.before
0x8954e 0x721 0x2250 573119 8bebf busybox.nosuid.after
Signed-off-by: Nathan Lynch <nathan_lynch@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Bobby Bingham (2):
treat null vdso base same as missing
add s390x port
Rich Felker (2):
generalize ELF hash table types not to assume 32-bit entries
work around gdb issues recognizing sigreturn trampoline on x86_64
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Currently systemd depends on systemd-container due to a dangling
symlink deployed with systemd.
Move the symlink to systemd-container.
| DEBUG: systemd contains dangling link /lib/systemd/system/systemd-machined.service
| DEBUG: target found in systemd-container
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This patch has been superseded by 2907b1 in gobject-introspection, which we're
now shipping.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This makes more sense than the default TERM=linux (as set
by the linux kernel).
In addition, when using busybox init, it tries to achieve
the same (in a different way).
Both agetty, and busybox getty support the terminal type as
the last argument.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patch to fix CVE-2016-6323 of glibc. And remove the section of
file ChangeLog which can't be applied.
Ref:
https://sourceware.org/bugzilla/show_bug.cgi?id=20435
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
glib-networking 2.50 moved away from intltool to modern gettext, so remove the build dependency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove readline 6.3 patches and config-dirent-symbols.patch already
apply on upstream.
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixes build with musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add awareness of /dev/nvme* block devices to install scripts. As presently
written, installer knows only of /dev/sd* and /dev/mmcblk* block devices.
Building upon scaffolding put in place by Awais in...
80ec9f627915 ("initrdscripts: handle mmc device as installer medium")
Signed-off-by: Joe Konno <joe.konno@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Reduce duplication in MIPS variants now that the MACHINEOVERRIDES
variable is defined
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Reduce duplication in MIPS variants now that the MACHINEOVERRIDES
variable is defined
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Reduce duplication in MIPS variants now that the MACHINEOVERRIDES
variable is defined
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The su binary is handled by alternatives but the man page wasn't, so
installing both util-linux-doc and shadow-doc produces errors.
Also use d.expand() to neaten the code.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
eMMC devices may report block devices like "mmcblk0rpmb" and
"mmcblk0boot0". These are not actually block devices and any
read/write operation on them will fail. To prevent spamming error
messages attempting to mount them, just ignore these devices.
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The manager_invoke_notify_message function in systemd 231 and earlier allows
local users to cause a denial of service (assertion failure and PID 1 hang)
via a zero-length message received over a notify socket.
The patch is a backport from the latest git repo.
Please see the link below for more information.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7795
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When modifying the PATH variable in .bashrc, double quote characters
were used, resulting in expanding the variable $PATH with the value of
PATH of the system building the Build Appliance.
The original intent was to enter an un-expanded (literal) $PATH.
In order to that, one must use single quotes instead of double quotes.
[YOCTO#10434] [YOCTO#10504]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Six-monthly feature release, mostly bug fixes.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Six-monthly feature release.
glib-2.0-utils now includes "gio" command line utility.
Drop a patch that's now upstream. Add PACKAGECONFIG for libmount,
enabled by default.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
LICENSE and LIC_FILES_CHKSUM apply to the sources specified by SRC_URI,
not to the recipe itself. As such a license declaration for a source-less
recipe makes little sense. The LICENSE declaration is mandatory, but
LIC_FILES_CHKSUM can be removed in such cases.
Remove the LIC_FILES_CHKSUM declarations from all recipes that do not
need it.
CC: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
distro features
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
I couldn't find any reference whatsoever to it in the source tree.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2016-8859: TRE & musl libc regex integer overflows in buffer size computations
Affects musl <= 1.1.15
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Several recipes reference the LICENSE file in their LIC_FILES_CHKSUM
variable as ${COREBASE}/LICENSE. This forces distribution providers to
keep this file verbatim or to overload the affected recipes. The section
"Moving to the Yocto Project 1.6 Release" in the Yocto manual suggests
removing the LICENSE file where possible.
Remove LICENSE in cases where COPYING.MIT is also given and replace
LICENSE with COPYING.MIT if the former was the only entry. All modified
recipes specify LICENSE = "MIT" and none of the in-tree files specify a
different license either.
As the packages do not change (the license files are not contained in
them), do not increase PR.
Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
