summaryrefslogtreecommitdiff
path: root/meta
AgeCommit message (Collapse)AuthorFiles
2017-05-01bitbake.conf: Add HOSTTOOLS_DIR for ${TMPDIR}/hosttoolsPeter Kjellerstedt3
The path to where to install and find the tools copied from the host environment is already used in a couple of places. This warrants it to get its own variable. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-29build-appliance-image: Update to master head revisionRichard Purdie1
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-29build-appliance-image: Update to master head revisionRichard Purdie1
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-29package_deb.bbclass: Avoid writing empty custom fieldsAndreas Oberritter1
Avoids parser errors if PACKAGE_ADD_METADATA_DEB is set to an empty value. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-29package_deb.bbclass: Fix multi-line package descriptionsAndreas Oberritter1
In deb control files, each line of a long description starts with a single space. Empty lines are represented by a single space followed by a single full stop character. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-29busybox: make bash a valid login shell if enabledAndreas Oberritter1
Add bash to /etc/shells if busybox is built with bash applet anabled to fix login via dropbear. Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-29gst-player: Disable visualizations as workaroundJussi Kukkonen2
Audio playback in gtk-play is broken with vaapi because the visualizations do not work: disable visualizations as workaround. This should be reverted as soon as [YOCTO #11410] is fixed. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-28libxml2: CVE-2016-9318Catalin Enache2
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28ghostscript : CVE-2016-10219, CVE-2016-10220, CVE-2017-5951Catalin Enache4
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8 http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28bind: Security fix CVE-2016-6170Yi Zhao2
CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-6170 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28bind: Security fix CVE-2016-8864Yi Zhao2
CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-8864 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28linux-libc-headers: fix upstream version checkAlexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28libproxy: speed up upstream version checkAlexander Kanavin1
Something in the fetched webpage made the default regex matching really slow. Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28boost: fix upstream version checkAlexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28python3-iniparse: fix upstream version checkAlexander Kanavin1
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28acpica: fix upstream version checkAlexander Kanavin2
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28lsbtest: add option --ignoreos to rpm install commandDengke Du1
After change to the rpm4, the rpm packages in lsbtest, such as: lsb-setup-4.1.0-1.noarch.rpm lsb-dist-checker-5.0.0.1-1.x86_64.rpm ...... lsb-cmdchk-5.0.3-1.x86_64.rpm When install above rpm packages, the error log appears: package lsb-setup-4.1.0-1.noarch is intended for a different operating system ...... So we should add option "--ignoreos" to the rpm install command in LSB_Test.sh in ./meta/recipes-extended/lsb/lsbtest directory. In this way we can make sure the correct installation of those rpm packages. The YOCTO bug #11224 didn't create logs, this is because the above test rpm packages didn't install. [YOCTO #11224] Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28rpm: properly relocate additional native toolsAlexander Kanavin1
These tools are not currently used for anything, but we should still provide working versions of them. [YOCTO #11400] Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28libcap: drop obsolete attr PACKAGECONFIG option and libattr dependencyAndre McCurdy1
In the 2.25 release, libcap dropped its dependency on an external libattr library: https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git/commit/?id=85f38a573fc47472ab792e813b6f6b6f0b1df112 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28cmake.bbclass: use weakest ??= assignment for default OECMAKE_SOURCEPATHAndre McCurdy1
Make it slightly easier to support situations where the default path needs to be over-ridden more than once. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-28cmake.bbclass: Do not use bitbake variable syntax for shell variablesPeter Kjellerstedt1
Using bitbake variable syntax (i.e., ${FOO}) for shell variables is bad practice. First of all it is confusing, but more importantly it can lead to weird problems if someone actually defines a bitbake variable with the same name as the shell variable. Also use lower case for local shell variables. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28bitbake.conf: Add python2 to HOSTTOOLSDiego Rondini1
Add python2 to HOSTTOOLS as, according to https://www.python.org/dev/peps/pep-0394/, the command "python2" should be the one used in scripts that are not yet ported to Python 3. Signed-off-by: Diego Rondini <diego.rondini@kynetics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-28bitbake.conf: Add pr to list of hosttoolsKhem Raj1
pr is used by gstreamer1.0-libav during configure Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28devtool: Avoid touch sstates when cleaning linux-yocto environmentJose Perez Carranza1
sstates are cleaned when ruining test_devtool_virtual_kernel_modify to have a clean environment but this is affecting eSDK test that are dependent of those sstates, hence “cleansstate” is replaced for “clean”. [YOCTO #11300] Signed-off-by: Jose Perez Carranza <jose.perez.carranza@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28gstreamer1.0-vaapi: Fix playback breaking bugJussi Kukkonen2
gstreamer-vaapi fails to play files with specific frame sizes because of buffer allocation issues. Fix is a backport. Fixes [YOCTO #11311]. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28selftest/bbtests: improve download rename testRoss Burton1
This test was assuming the format of SRC_URI so broke when SRC_URI was changed. Fix the test by hardcoding a complete SRC_URI instead of appending and hoping for the best. Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-28kernel-yocto/kern-tools: fix do_validate_branches clean stageBruce Ashfield2
It was reported that do_validate_branches was failing with the following error: Log data follows: | DEBUG: Executing shell function do_validate_branches | HEAD is now at fe0fb8d Merge tag 'v4.10.9' into standard/base | mkdir: cannot create directory .: File exists | | [ERROR] Can't find patch dir at ./patches/standard/base | usage: kgit s2q | WARNING: exit code 1 from a shell command. | ERROR: Function failed: do_validate_branches This was triggered by the execution of 'kgit-s2q --clean' after forcing the SRCREV to something other than the tip of the branch. --clean is being run to remove any sentinel files from previous kernel builds to ensure that the tree is in a consistent state. There were two bugs, --clean was being executed and not exiting the script as it was supposed to. Hence validation for applying patches was done, and threw the error that eventually makes it to the console. And the second bug is that since do_validate_branches actually calls kgit-s2q --clean, the dependency on kern-tools-native needs to be on that function (versus do_kernel_metadata which runs later). With the tweaked kern-tool + the dependency fix, we no longer see this error. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-28useradd-statids.bbclass: Add support for -P / --clear-password optionMark Hatle1
The commit 31dee7946340bf0f1e94e4e714191d3d6ca3bf6a added a new useradd and groupadd option to specify a clear text password. The parsing logic in the useradd-staticid class did not understand this new option. If the meta-skeleton examples were run with the class enabled an error would be generated, as an example uses the -P option. Note, the code has a check that we do not attempt to set both a crypt and clear text password. It is not allowed that these two options are set at the same time, so we prefer the crypt option if they happen to be. Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-21build-appliance-image: Update to master head revisionRichard Purdie1
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-21testimage.bbclass: add additional dependencybrian avery1
qemu-native-helper has an additional task that needs to be run in order for testimage to work. This task is usually run by default in a full build but there are use cases where it might be skipped. This commit adds the dependency explicitly. Also, this commit adds a try/catch error message to make it clearer what you need to do if you try to run testimage before you have built or downloaded the image artifacts. [YOCTO #11375] Signed-off-by: brian avery <brian.avery@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-21openssl: Bump SONAME to match the ABIJussi Kukkonen2
Commit 7933fbbc637 "Security fix Drown via 1.0.2g update" included a version-script change from Debian that was an ABI change. It did not include the soname change that Debian did so we have been calling our ABI 1.0.0 but it really matches what others call 1.0.2. Bump SONAME to match the ABI. In practice this changes both libcrypto and libssl sonames from 1.0.0 to 1.0.2. For background: Upstream does not do sonames so these are set by distros. In this case the ABI changes based on a build time configuration! Debian took the ABI changing configuration and bumped soname but e.g. Ubuntu kept the deprecated API and just made it not work, keeping soname. So both have same version of openssl but support different ABI (and expose different SONAME). Fixes [YOCTO #11396]. Thanks to Alexander Larsson et al for detective work. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-21Revert "logrotate: set downloadfilename"Ross Burton1
Sadly this breaks previous OE releases as it means the source mirror contains a tarball with the same name but different checksums as was previously available. This reverts commit 99c6e89db193d572e845f95eabbd9ec89c3508c7. Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-21busybox: fix typo in CVE-2016-2147_2.patch Upstream-Status tagAndre McCurdy1
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-20build-appliance-image: Update to master head revisionRichard Purdie1
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-20build-appliance-image: Update to master head revisionRichard Purdie1
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-20kexec-tools: Add again the x32 patchAníbal Limón1
kexec-tools upstream previously integrated the patch into master rev 587778e24c9 but for a bug report it was remove [1][2], after an intensive testing on OpenSUSE 13.1 64 bits and in poky variants: qemux86 [3], qemux86-64-x32 [4] and generix86-64 (minnow) [5] it worked. I think that the upstream revert was due to some integration issue while testing into OpenSUSE [2], i will try to push again to upstream. [1] http://lists.infradead.org/pipermail/kexec/2015-March/013482.html [2] https://github.com/horms/kexec-tools/commit/5041d45b1c6b66a0e6c48f6121c24cd9be506c68 [3] https://bugzilla.yoctoproject.org/show_bug.cgi?id=11050#c3 [4] https://bugzilla.yoctoproject.org/show_bug.cgi?id=11050#c4 [5] https://bugzilla.yoctoproject.org/show_bug.cgi?id=11050#c4 [YOCTO #11050] Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-20Revert "kexec-tools: Remove unused patch"Aníbal Limón1
This reverts commit ec1f1c4abe1d40708fefd56f01c58fff38f28960. Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-20qemuboot.bbclass: save relative paths in conf filebrian avery1
This saves relative paths in the qemuboot.conf file instead of absolute paths. This is to allow the images and kernels to be relocated and still have the testimage and runqemu work. [YOCTO #11375] Signed-off-by: brian avery <brian.avery@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-20rootfs-postcommands.bbclass: save relative pathsbrian avery1
We pass the TOPDIR to do a search/replace in export2json so that we save relative paths in the testdata.json file rather than absolute paths. This is to allow the images and kernels to be relocated yet still allow testimage to work. [YOCTO #11375] Signed-off-by: brian avery <brian.avery@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-20meta: add search, replace strings to export2jsonbrian avery1
We want to be able to save relative paths so that we can relocate the deploy dir images and kernels, yet still have qemu and testimage work correctly. This extends export2json with 2 named arguments so a search/replace operation can be done to remove the leading path. [YOCTO #11375] Signed-off-by: brian avery <brian.avery@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-20kernel-arch.bbclass: conditional error messageJuro Bystricky1
The single purpose of "map_kernel_arch" is to set export ARCH = "some-arch" The case when "some-arch" is not a valid Linux architecture results in an error. This makes sense if the TARGET_OS is Linux, but that is not always the case. kernel-arch is also inherited by toolchain-script, which may be used to build toolchains for architectures not supported by Linux. Rather than modifying toolchain-script to provide its own version of "map_arch" this patch bypasses the error if the TARGET_OS is not linux. Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-20package_rpm.bbclass: Dosen't filter Conflicts if found in ProvidesAníbal Limón1
This filter was add to make compilence with debian packaging but in package_deb.bbclass is allowed to have the same values in Conflicts and Provides. With this filtering errors in recipe meta-data are hidden and could end on install two packages that conflicts [2]. Reviewing the RPM spec from Fedora doesn't have anything that denies to use the both Conflicts and Provides with the same value [3], also in debian manual section 7.6.2 of [4] this behaviour is allowed to force the removal of the conflicted package and RPM is compilence with this behaviour after remove the filtering this is seen [5]. [1] http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=4b611b66743a5ec220aef34d796af63029bb5fd9 [2] https://bugzilla.yoctoproject.org/show_bug.cgi?id=9349#c9 [3] https://docs.fedoraproject.org/en-US/Fedora_Draft_Documentation/0.1/html/RPM_Guide/ch-advanced-packaging.html [4] https://www.debian.org/doc/debian-policy/ch-relationships.html [5] https://bugzilla.yoctoproject.org/show_bug.cgi?id=9349#c12 Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-20libsdl2: fix build failures on powerpcKai Kang2
Backport patch from upstream to fix build failures on ppc and ppc64. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2017-04-20bitbake.conf: add sha256sum to HOSTTOOLSRichard Leitner1
icedtea-native from meta-java needs sha256sum for checksum validation. Therefore add sha256sum to HOSTTOOLS (as md5sum is already in there). Without it the icedtea-native build will fail during configuration at current master. Signed-off-by: Richard Leitner <richard.leitner@skidata.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-20package_manager.py: Reverse rpm arch orderJussi Kukkonen1
The architecture list used by dnf/libsolv was in the wrong order. As a result, the images were built with wrong and unpredictable packages. $ MACHINE=intel-corei7-64 bitbake core-image-sato $ MACHINE=qemux86-64 bitbake core-image-sato $ MACHINE=intel-corei7-64 bitbake -ccleansstate core-image-sato $ MACHINE=intel-corei7-64 bitbake core-image-sato The first image had 0 core2_64 packages in it, but the last one had 583 core2_64 packages (which were built for the qemu image in between). Reverse the arch order in etc/dnf/vars/arch. Fixes [YOCTO #11384]. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-20documentation.conf: update TCLIBC[doc] to match current options in oe-coreAndre McCurdy1
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-20tclibc-musl.inc: fix stray comment reference to uclibcAndre McCurdy1
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-19ext-sdk-prepare.py: use quiet mode when preparing sysrootPaul Eggleton1
In order to have a shared sysroot usable within the eSDK after recipe specific sysroots were implemented, we need to run bitbake build-sysroots as a separate call. However, unlike the first call, --quiet wasn't being specified and that somewhat undermined the earlier effort to clean up the eSDK installation output. Make this second call quiet as well so that the output is tidier. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-19classes/populate_sdk_ext: work around runqemu behaviour within the eSDKPaul Eggleton1
Currently, in order to figure out variable values when run within the eSDK, runqemu does not use the standard SDK method nor is it able to run bitbake (since the eSDK environment isn't initialised like the normal OE build environment). runqemu really ought to be fixed, but the quick workaround is to set DEPLOY_DIR_IMAGE in the environment so that runqemu can find image files. Fixes [YOCTO #10447]. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-04-19cmake.bbclass: Set CMAKE_CROSSCOMPILING correctlyKyle Russell1
If CMAKE_SYSTEM_NAME is defined, CMake assumes we're cross-compiling, which is not necessarily the case. Signed-off-by: Kyle Russell <bkylerussell@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>