| Age | Commit message (Collapse) | Author | Files |
|---|
|
* this can be useful for passing extra parameters, pass
-v by default to see what's going on in do_rootfs
* we need to use this for extra parameter we implemented
in fontconfig:
--ignore-mtime always use cache file regardless of font directory mtime
because the checksum of fontcache generated in do_rootfs
doesn't match with /usr/share/fonts directory as seen on
target device causing fontconfig to re-create the cache
when fontconfig is used for first time or worse create
new cache in every user's home directory when /usr/
filesystem is read only and cache cannot be updated.
Running FC_DEBUG=16 fc-cache -v on such device shows:
FcCacheTimeValid dir "/usr/share/fonts" cache checksum 1441207803 dir checksum 1441206149
* my guess is that the checksum is different, because pseudo
(which is unloaded when running qemuwrapper) or because some
influence of running the rootfs under qemu.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
three security fixes.
CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support
CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support
CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable
(From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Conflicts:
meta/recipes-connectivity/openssh/openssh_6.6p1.bb
|
|
Add check_libattr.patch to version 3.1.0 recipe, which checks
and includes libattr to linker, otherwise rsync may fail to build
with linker error below (as -lattr option gets omitted):
[..]
lib/sysxattrs.o: undefined reference to symbol 'llistxattr@@ATTR_1.0'
[..]/lib/libattr.so.1: error adding symbols: DSO missing from command line
Signed-off-by: Sergiy Kibrik <sakib@meta.ua>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Fixes heap-based buffer overflow flaw in grep.
Affected versions are: grep 2.19 through 2.21
Removed THANKS.in changes from upstream patch since this
file does not exist in version 2.19.
Replaced tab with spaces in SRC_URI as well.
Upstream fix:
http://git.sv.gnu.org/cgit/grep.git/commit/?id=
83a95bd8c8561875b948cadd417c653dbe7ef2e2
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
_asn1_extract_der_octet: prevent past of boundary access
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch;
h=f979435823a02f842c41d49cd41cc81f25b5d677
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To avoid races between the sstate tasks/hooks using ${B} as the cwd, and other
tasks such as cmake_do_configure which deletes and re-creates ${B}, ensure that
all sstate hooks are run in the right directory, and run the prefunc/postfunc in WORKDIR.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
three security fixes.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2014-8146 icu: heap overflow via incorrect isolateCount
CVE-2014-8147 icu: integer truncation in the resolveImplicitLevels function
References:
[1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z
[2] https://www.kb.cert.org/vuls/id/602540
[3] http://bugs.icu-project.org/trac/changeset/37080
[4] http://bugs.icu-project.org/trac/changeset/37162
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
oprofileui uses gettext during the configuration task so should be inherit
gettext. This issue appears when an older version of gettext is used do to
pinning to the older non-gplv3 version.
[YOCTO #7795]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* without this the output wasn't shown anywhere even when the bb.warn
says:
"See log for details!"
(From OE-Core rev: a3c322b42c7a14584a80e04519c34689ec813210)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
* useful when we need to overlay/extend intercept scripts from oe-core
(From OE-Core rev: 7d08d2d5c0ae686e3bb8732ea82f30fd189b1cd8)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
We need to be able to tell people if we WHITELIST a recipe
that contains an incompatible licese.
Example: If we set WHITELIST_GPL-3.0 ?= "foo", foo will end
up on an image even if GPL-3.0 is incompatible. This is the
correct behaviour but there is nothing telling people that it
is even happening.
(From OE-Core rev: c9da529943b2f563b7b0aeb43576c13dd3b6f932)
Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
${B} is the default cwd of tasks, so there might be race issues such as:
| mkdir: cannot create directory `${B}': File exists
[snip]
NOTE: recipe perf-1.0-r9: task do_configure: Failed
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
${B} is the default cwd of tasks, so there might be race issues such as:
| mkdir: cannot create directory `/path/to/work/qemux86-poky-linux/perf/1.0-r9/perf-1.0/': File exists
[snip]
NOTE: recipe perf-1.0-r9: task do_configure: Failed
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
test_incremental_image_generation case failed because the log output
chanaged:
FAIL: test_incremental_image_generation (oeqa.selftest.buildoptions.ImageOptionsTests)
----------------------------------------------------------------------
Traceback (most recent call last):
File
"/buildarea3/yzhao1/poky-build/meta/lib/oeqa/utils/decorators.py", line 90, in wrapped_f
return func(*args)
File
"/buildarea3/yzhao1/poky-build/meta/lib/oeqa/selftest/buildoptions.py", line 25, in test_incremental_image_generation
self.assertEqual(0, res.status, msg="No match for openssh-sshd in log.do_rootfs")
AssertionError: 0 != 1 : No match for openssh-sshd in log.do_rootfs
----------------------------------------------------------------------
Using re search instead grep
(From OE-Core rev: 1872a9430cec0c61f1ec349df198160addd430de)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes OS hanging infinitely waiting for qemus process to release bitbake.lock
(From OE-Core rev: d168bf34c553dbe5de7511e158cd83869d7a88bc)
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
OE-Core commit 519e381278d40bdac79add340e4c0460a9f97e17 unfortunately
broke logging in two different ways:
1) it prevented logging to the task log from working within bitbake
-c testimage. This is due to the logger object being set up too early
which interferes with BitBake's own logging. If we prefix the name
with "BitBake." everything works (and we don't need to set the
logging level).
2) Additionally because it called the log functions on the logging
module and not the logger object it set up, this caused the
oe-selftest logging to start printing everything from that point
forward.
Fix these two issues and return us to the desired behaviour for
do_testimage.
(From OE-Core rev: 429b1971be06d5146bb1c14f4697966cddab3b33)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Instead of using bb.note() etc for logging use logging.Logger directly, allowing
the use of QemuRunner outside of bitbake.
Also clean up the logging/errors by moving create_socket() out of
__init__()/restart() and into start().
(From OE-Core rev: 519e381278d40bdac79add340e4c0460a9f97e17)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes NULL pointer deref in sosendto().
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640
Upstream patch:
http://git.qemu.org/?p=qemu.git;a=commit;
h=9a72433843d912a45046959b1953861211d1838d
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* add quotes around pkged_lic so that it works correctly with spaces
* fixes following error:
run.license_create_manifest.50601: 193: [: GPLv2: unexpected operator
(From OE-Core rev: 2bb8b2abb689d91b7b7e28e6bd528747bde94dd2)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Drop removal of [|&()*] operators in pkged_lic because this removal is only
needed to validate if license is collected.
[YOCTO #6757]
(From OE-Core rev: 57e5f74382d51f2a8df00e18b6008e3d2b44ad1a)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* add leading space so that it works even with some .bbappend adding
additional files to SRC_URI without trailing space
(From OE-Core rev: 0f282f1d4946ac6e81959c66172c115405632a26)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes an uninitialized data structure use flaw in qemu-vnc
which allows remote attackers to cause a denial of service
(crash).
Upstream patch:
http://git.qemu.org/?p=qemu.git;a=commit;
h=b2f1d90530301d7915dddc8a750063757675b21a
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815
http://www.securityfocus.com/bid/70998
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes insufficient parameter validation during ram load
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840
Upstream commit:
http://git.qemu.org/?p=qemu.git;a=commit;
h=0be839a2701369f669532ea5884c15bead1c6e08
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixed a flaw in the way BIND handled requests for TKEY
DNS resource records.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
https://kb.isc.org/article/AA-01272
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
FILESPATH was only being overridden in one fetch location, it should be
equally handled in both.
Also use SSTATE_DIR as FILESPATH so that mirror urls which do remapping
can search the local SSTATE_DIR for other paths.
Also ensure that MIRRORS is removed in both locations, previously
it was only unset in one but both codepaths should be consistent.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The gnome class is really a convenience class to include other classes, so move
the introspection arguments into gnomebase.bbclass.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* unlike in master, the older versions weren't dropped when upgrading to 2015d
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixes the build error seen on newer distros that use gcc5 such as Fedora22
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use canonical_license when doing evaluation of license expresion
since INCOMPATIBLE_LICENSE are already canonized.
[YOCTO #8080]
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Accidentally forgot to merge the backport changes into the commit. Fix
so the patch applies correctly.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
They managed to 'break' tar. Again. Sorry, they fixed a regression
which broke dpkg-deb.
The addition of:
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=163e96a0e619a900eab6de827c7c5749ecc9d3f2
("Bugfix: entries read from the -T file did not get proper matching_flag.")
means that the no-recursion option gets lost. This leads to many files getting included
multiple times, along with files which shouldn't be there.
The commit message is horrendous. The patch actually makes the option positional
(as documnted since 2003) and therefore doesn't affect the input from the -T option.
Moving the --no-reursion option to earlier in the command avoids the bug.
The bug was not present in tar 1.28 however it has been backported in at least
Fedora 22 and heading into Fedora 21.
Redhat reports of issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1230762 [tar]
https://bugzilla.redhat.com/show_bug.cgi?id=1241508 [dpkg]
Discussion of bug in upstream tar:
http://www.mail-archive.com/bug-tar@gnu.org/msg04799.html
[YOCTO #7988]
(From OE-Core rev: 6be698b7270f73f40d38713ecf13f12aec0ced61)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
|
|
write_config overwrites the config rather than appends to it, so
ensure we write both variables in one go.
(From OE-Core rev: c94ba6160d5965d4d2071154b43112eb87f4c898)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Running "-c cleanall" on shared DL_DIR and SSTATE_DIR is antisocial.
It leads to hard to debug races where we wonder why files disappear
and reappear from those directories.
Fix this by using a specific set of directories for these tests. This
avoids a long standing bug on the autobuilder where aspell and man
sources would disappear.
[YOCTO #6276]
(From OE-Core rev: 6b089c4a79dc3aae00c8a6e7ab0f6ba4b4b5f138)
(From OE-Core rev: f1447c256e027553442cf507e217323f7868000c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Similarly to:
http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=9b19d6548a345009a6de79a6820c07a72054d961
we also need to fix the subversion-native case with gcc5 by using
the same fix to the BUILD_CPPFLAGS.
(From OE-Core rev: a5e7a1e597e7bbe3bbc547f43a89d00a8a9a9924)
(From OE-Core rev: 7d445547df528aa9e5bfb85568a7270e27f633ef)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
see https://gcc.gnu.org/gcc-5/porting_to.html
we need to stop the preprocessor from generating the #line directives
or we run into issues like
| checking for apr_int64_t Python/C API format string...
| configure: error: failed to recognize APR_INT64_T_FMT on this platform
| Configure failed. The contents of all config.log files follows to aid
debugging
| ERROR: oe_runconf failed
Rightly subversion should be fixed but lets leave that to subversion
folks
Change-Id: I02a89798ff949f79967ab0a73adcddaa4218662d
(From OE-Core rev: 7793b1c425077ed6ed11a9bc2a8b1b96612b1c96)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This older code needs specific compiler options to allow it to work
with gcc 5. These options are used in the 2.21 recipe in master/fido
so this simply backports them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
gcc-5 is stricter and complains about const to non-const
conversions, we backport the patch from upstream into 2.00
Change-Id: I17db365fdd253daaa1ab726e2a70ecad0ac7b2ae
(From OE-Core rev: ea3d48471db19a2432e4afd86df8caad51ee5166)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-bsp/grub/grub2.inc
|
|
Cherry pick upstream commit to fix -Werror=logical-not-parentheses error
when building with native gcc5.
(From OE-Core rev: b3bd0dba3139a3e79bfcebe137248c7bdcadf04d)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
GCC"s preprocessor starts to add newlines which are not
handled properly by ncurses build system startin from
version 5.0.
See also: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7870
(From OE-Core rev: 3a5435b371c84ec28b6936b8c8fa6541a592d061)
Signed-off-by: Martin Stolpe <martin.stolpe@gmail.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
for CVE-2015-1819 Enforce the reader to run in constant memory
(From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-core/libxml/libxml2.inc
|
|
Backport to fix CVE-2013-6435. Description on [1] and original
patch taken from [2].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6435
[2] https://bugzilla.redhat.com/attachment.cgi?id=956207
[YOCTO #7181]
(From OE-Core rev: 6bf846ed5ccd1a4d01b36630708b2b9aa9e69ed5)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2014-8118. Description is on [1] and
original patch taken from [2].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1168715
[2] https://bugzilla.redhat.com/attachment.cgi?id=962159
[YOCTO #7181]
(From OE-Core rev: 0a1f924157cb75d0f67cf534762c89dc8656d352)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff,
is to fix CVE-2014-9636
(From OE-Core rev: 9cf42db4e545cd260faf45931d3b3c63ab3b3aab)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Ng Shui Lei <shui.lei.ng@intel.com>
Signed-off-by: Ng Wei Tee <wei.tee.ng@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix CVE-2015-0245 by preventing non-root and non-systemd processes
from fooling the dbus daemon into thinking systemd service activation
failed.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Port four patches from unzip_6.0-8+deb7u2.debian.tar.gz to fix:
cve-2014-8139
cve-2014-8140
cve-2014-8141
cve-2014-9636
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
