summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* ref-manual: Completed the 3.0 migration section.Scott Rifenbark2019-11-101-29/+476
| | | | | | | (From yocto-docs rev: 1f996ce595b91e2dba55bdeeb2a558eb8a16c195) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pseudo: Drop static linking to sqlite3Richard Purdie2019-11-102-19/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Back in 2010[1] we made pseudo statically link against sqlite3. Since then the world has changed, pseudo now has separate processes for the database in the server and the client and they have separate linking commands. Also, whilst there were concerns about needing specific versions of sqlite3, in the OE environment, this is always the case. [1] http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=ad0ac0ecd38fc77daf42485489fccc10a5e1e3e7 The static sqlite3-native is causing us problems, in particular: tmp/work/x86_64-linux/pseudo-native/1.9.0+gitAUTOINC+060058bb29-r0/recipe-sysroot-native/usr/lib/libsqlite3.a(sqlite3.o):(.data.rel+0xb0): undefined reference to `fcntl64' which occurs if sqlite3-native was built on a machine with glibc 2.28 or later and pseudo-native is being built on glibc before that. With dyanmical linking, libc is backwards compatible and works but with static linking it does not. There appears to be no easy way to avoid this other than adding a copy of sqlite3 into the pseudo recipe. Given the static linking doesn't seem to be required any longer due to the separate processes, drop that to fix those issues. (From OE-Core rev: a0c238d40a9cc1f87da0607fddaaef0c31d93720) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iproute2: update 5.2.0 -> 5.3.0Changhyeok Bae2019-11-101-2/+2
| | | | | | | (From OE-Core rev: 717787910d05f6609432cf7f0292aedf277433a0) Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rm_work: Simplify logic for setscene promotionJacob Kroon2019-11-101-34/+15
| | | | | | | | | | | | * Instead of overwriting the stamp name with 'dummy', handle setscene promotion in the default case block * Merge '*do_image_complete_setscene*' and '*do_image_qa_setscene*' case handling (From OE-Core rev: 3fe6574c93a02e2e67d16e66f24be1053af383b7) Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tune-cortexa32: Fix libgcc-initial build issue for cortex-a32Jagadeesh Krishnanjanappa2019-11-101-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we try to build images for machine which is tuned for cortex-a32, then libgcc-initial recipe fails to build with below error message. -- snip -- configure:3529: aarch64-poky-linux-gcc -mcpu=cortex-a32+crc -fstack-protector-strong -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security --sysroot=.../tmp/work/aarch64-poky-linux/libgcc-initial/9.2.0-r0/recipe-sysroot -o conftest -O2 -pipe -g -feliminate-unused-debug-types -fmacro-prefix-map=.../tmp/work/aarch64-poky-linux/libgcc-initial/9.2.0-r0=/usr/src/debug/libgcc-initial/9.2.0-r0 -fdebug-prefix-map=.../tmp/work/aarch64-poky-linux/libgcc-initial/9.2.0-r0=/usr/src/debug/libgcc-initial/9.2.0-r0 -fdebug-prefix-map=.../tmp/work/aarch64-poky-linux/libgcc-initial/9.2.0-r0/recipe-sysroot= -fdebug-prefix-map=.../tmp/work/aarch64-poky-linux/libgcc-initial/9.2.0-r0/recipe-sysroot-native= -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -fstack-protector-strong -Wl,-z,relro,-z,now conftest.c >&5 aarch64-poky-linux-gcc: fatal error: unknown value 'cortex-a32+crc' for '-mcpu' -- snip -- - Replacing TUNE_FEATURES from aarch64 to armv8a will solve the above build issue. - Changed BASE_LIB to 'lib', as cortex-a32 is a 32bit ARMv8a architecture. The sample machine config file (qemuarma32.conf) used to reproduce the error looks like: -- snip -- require conf/machine/include/tune-cortexa32.inc require conf/machine/include/qemu.inc KERNEL_IMAGETYPE = "Image" SERIAL_CONSOLES ?= "115200;ttyAMA0 115200;hvc0" KMACHINE_qemuarma32 = "qemuarm64" -- snip -- (From OE-Core rev: 2b71569aff9201474d2e047c152c9b28b8db85f4) Signed-off-by: Jagadeesh Krishnanjanappa <workjagadeesh@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* harfbuzz: split libharfbuzz-subset.so to its own binary packageMikko Rapeli2019-11-101-1/+2
| | | | | | | | | | | | | | | | | | harfbuzz binary package size increased from 624608 bytes in yocto 2.5 to 1365431 bytes in yocto 3.0. Most of the size increase is in the new libharfbuzz-subset.so* library https://harfbuzz.github.io/utilities.html#utilities-command-line-hbsubset Split it to its own binary package which will be installed if anyone needs it. Effect to harfbuzz binary package size is: -PKGSIZE = 1476271 +PKGSIZE = 1007424 (From OE-Core rev: eb661eaa2067e91b533fb077479be5432b6e586b) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta/lib/oe/package_manager.py: Enable sha256 checksums in opkg indexerHaris Okanovic2019-11-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pass `--checksum md5` and `--checksum sha256` to opkg-make-index. Sha256 checksum enables more reliable install-time validation of IPKs. This is particularly useful when installing from signed feeds -- I.e. feeds using signed Packages index files that deliver otherwise unsigned IPKs. Such feeds rely on hash validation of enclosed IPKs to thwart tampering. After download, opkg verifies IPK's checksum against the (signed) Packages index file. Weak hashes like md5 are prone to collision and therefore tampering. The md5 checksum is purely for backward compatibility. Sha256 validation was recently added to opkg. Newer builds of opkg will use it. Older builds still look for an md5 checksum. Md5 is deprecated and should be removed once old build are phased out. Testing: I ran `bitbake package-index` after building a few IPKs and verified MD5Sum and SHA256sum attributes are present in Packages. Using opkg-utils 0.4.0. Performance Impact: It takes about 40 seconds to cleanly re-index 8000 IPKs on an Intel Xeon E5-1620 machine. This was previously about 20 seconds. NOTE: It's recommended to delete all Packages* files after applying this patch. Otherwise, some IPKs won't have sha256. (From OE-Core rev: e462f47489f35902b6972f9837d9adfa542fc796) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg/libksba/npth/pinentry: Add nativesdk to BBCLASSEXTENDHaris Okanovic2019-11-104-4/+4
| | | | | | | | | | | | | Enable nativesdk builds of gnupg and it's dependencies (libksba, npth, and pinentry) to fix builds of nativesdk-opkg. This is necessary on distribution which enable gpg signature verification in opkg and also build SDK images that include opkg. (From OE-Core rev: e935cba0122a93df611c9a846c16b7841b715fd8) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg: RDEPEND "gnupg-gpg" instead of "gnupg"Haris Okanovic2019-11-101-1/+4
| | | | | | | | | | | gnupg-gpg is a minimal installation of gnupg with enough functionality to verify signatures and manage keys. Use this package instead of full gnupg to slim down opkg installations with "--enable-gpg". (From OE-Core rev: c0d663da05c5a2c466658246feaa7872756ded2c) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: Split gpg and gpg-agent into a minimal gnupg-gpg packageHaris Okanovic2019-11-101-0/+15
| | | | | | | | | | | | | | | | Add minimal "gnupg-gpg" package containing just enough binaries to run gpg and gpg-agent. Add dependency in normal "gnupg" package to preserve old behavior. Some applications like opkg don't need all functionality provided by normal gnupg installations. This minimal package provides just enough functionality to verify and manage keys in opkg, in order to minimize disk overhead. (From OE-Core rev: 6686c64ad30481d4d67af6a7b9bec7e7ae1a83fe) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libevent: update packaging (one package per shared library)André Draszik2019-11-101-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | libevent produces several libraries that might or might not be used in the end. We can prevent those potentially unused libraries from being pulled into a file-system by splitting the individual shared libraries into individual packages. Because this recipe only provides shared libraries which are handled automatically by bitbake (shlibs), there is no need to add the subpackages to the RDEPENDS of PN for backwards compatibility. The packaging process of dependees will simply pull in the sub-packages as runtime dependency as needed. This also how Debian splits this up. While updating the packaging, we can also drop event_rpcgen.py which appears to be a tool for generating rpc bindings, i.e. something that should normally be in -dev. Given Debian doesn't package this at all, and given it actually requires python to run but no runtime dependency is stated at the moment, it would appear that no users of this exist. (From OE-Core rev: d10e8384bfa08d928dfec3a00c59006badfc88ee) Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* initscripts/sysfs.sh: Mount /sys/firmware/efi/efivars when possibleHaris Okanovic2019-11-101-0/+4
| | | | | | | | | | | | | Without this change, efibootmgr is unable to recover BootOrder if lost during a previous write operation, e.g. exceeded storage capacity. This is problematic using EFI to manage boot flow from Linux (E.g. via RAUC). https://www.kernel.org/doc/Documentation/filesystems/efivarfs.txt (From OE-Core rev: 0fb92b500b7d6b84368ca3a85e675400c6473987) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* isoimage-isohybrid.py: Parameterize ESP partition sizeHaris Okanovic2019-11-101-2/+4
| | | | | | | | | | Add "esp_extra_blocks" plugin parameter so that caller may change ESP's free space from the default 100 blocks. (From OE-Core rev: db4be094b0d6741ca4f9e2cbb499fc9c224fa690) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* isoimage-isohybrid.py: Parameterize ESP labelHaris Okanovic2019-11-101-2/+4
| | | | | | | | | | Add "esp_label" plugin parameter so that caller may override default ESP partition label 'EFIimg'. (From OE-Core rev: 6b3b9042a55d47205b16ef792f93a9bb240fd7cb) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtirpc: create the symbol link for rpc header filesZhixiong Chi2019-11-101-0/+14
| | | | | | | | | | | | | | Since the Sun RPC is deprecated in glibc, the rpc header files are not provided any more, but it allows alternative RPC implementations, such as TIRPC or rpcsvc-proto, to be used. So we create the symbol link for rpc header files for tirpc to be more compatible with the glibc version and the application usage. (From OE-Core rev: 674596421320de08142e010fdd65ec6f0a0f34e9) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* webkitgtk: upgrade 2.26.1 -> 2.26.2Andreas Müller2019-11-101-2/+2
| | | | | | | | | | | | | | | | | | | | >From announcement: What's new in the WebKitGTK 2.26.2 release? =========================================== - Improve performance of querying system fallback fonts. - Don't use prgname in dbus-proxy socket path. - Fix thread-safety issues in image decoders. - Fix the build with WebDriver disabled. - Disable accelerated compositing when we fail to initialize the EGL dispaly under Wayland. - Fill the objects category in emoji picker. - Fix several crashes and rendering issues. (From OE-Core rev: 854a9aa2212cc24620c9ad3d24acc52f686b5c1a) Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pseudo: Add statx support to fix fedora30 issuesRichard Purdie2019-11-072-0/+107
| | | | | | | | | | Modern distros (e.g. fedora30) are starting to use the new statx() syscall through the newly exposed glibc wrapper function in software like coreutils (e.g. the ls command). Add support to intercept this to pseudo. (From OE-Core rev: 11694eb59bea347085d6e389df0b46826219c0d3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa: reproducible: Add option to capture bad packagesJoshua Watt2019-11-071-0/+20
| | | | | | | | | | | Adds an option that can be used to copy the offending packages to a temp directory for later evaluation. This is useful on the Autobuilder to investigate failures. (From OE-Core rev: 54b29bae78d1711074fbd18f0350ef0b83b555d1) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: contrib/vim: Add copyright and license noticeChris Laplante via bitbake-devel2019-11-071-0/+7
| | | | | Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: contrib/vim: handle shell indentingChris Laplante via bitbake-devel2019-11-071-1/+13
| | | | | Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: contrib/vim: indenting for assignments; tweak Python indentingChris Laplante via bitbake-devel2019-11-071-3/+53
| | | | | Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: contrib/vim: renaming & commentsChris Laplante via bitbake-devel2019-11-071-3/+4
| | | | | Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: contrib/vim: don't redeclare indenterChris Laplante via bitbake-devel2019-11-071-0/+4
| | | | | Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: contrib/vim: Special handling of bb.fatalChris Laplante via bitbake-devel2019-11-071-1/+1
| | | | | Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: contrib/vim: More Python indenting; move indent file to correct ↵Chris Laplante via bitbake-devel2019-11-071-0/+21
| | | | | | | directory Signed-off-by: Chris Laplante <chris.laplante@agilent.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: fetch2/hg: Fix various runtime issuesVolker Vogelhuber2019-11-071-10/+17
| | | | | | | | | | Fix mercurial fetching after breakage from changes to the core fetcher. Fix username and password usage and setting moddir needed by setup_revisions. (Bitbake rev: 8962b27abc68427eae085624f26300108ae88aa1) Signed-off-by: Volker Vogelhuber <v.vogelhuber@digitalendoscopy.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: bitbake-worker child process create group before registering ↵Ivan Efimov2019-11-071-3/+5
| | | | | | | | | | | | | | | | | | SIGTERM handler The bitbake-worker child on the SIGTERM signal handling send the SIGTERM to all processes in it's process group. In cases when the bitbake-worker child got SIGTERM after registering own SIGTERM handler and before the os.setsid() call it can send SIGTERM to unwanted processes. In the worst case during SIGTERM processing the bitbake-worker child can be in the group of the process that started BitBake itself. As a result it can kill processes that not related to BitBake at all. (Bitbake rev: b97b1ef0b1b00848a4a44b34eca123ccf33188f4) Signed-off-by: Ivan Efimov <i.efimov@inango-systems.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: runqueue: Improve sstate rehashing outputRichard Purdie2019-11-071-12/+16
| | | | | | | | | | | | | | Bibake is currently too 'chatty' when hash equivalence is enabled. Fix this by only printing the log output if a rehash happens and it matches an sstate object. Also, pass a summary option to the hash checking function. This was already changed to a mechanism which allows addition of new parameters so this should be backwards and forwards compatible. (Bitbake rev: 0c4515603ad08775e3b0404cba5374367e49f236) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp/ruby/ffpmeg: Use CFLAGS, not TARGET_CFLAGSRichard Purdie2019-11-073-4/+4
| | | | | | | | | | | There isn't anything specific about the target in these cases an in general recipes should touch CFLAGS. This ensures people don't copy/paste bad example usages. In reality, behaviour is mostly unchanged. (From OE-Core rev: ae6e7dd19b6da81090a38792dfdf31b459290466) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rm_work: Promote do_image_qa stamps to setscene versionsJacob Kroon2019-11-071-0/+9
| | | | | | | | | | [ YOCTO #13212 ] Suggested-by: Romuald Jeanne <romuald.jeanne@st.com> (From OE-Core rev: 3d3bd7952cf4bf5c94e4d18b45a604b95b69e8c3) Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-firmware: update packaging for brcm filesSamuli Piippo2019-11-071-7/+11
| | | | | | | | | | Add new package for bcm4366c and include available NVRAM config files into the corrent bcm* packages. (From OE-Core rev: dde0f79f32fa6bab045ef60199903f74c4cc3393) Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsoup-2.4: upgrade to 2.66.4Ross Burton2019-11-071-3/+3
| | | | | | | | | Fixes CVE-2019-17266. (From OE-Core rev: ffdbcd78955d43d34988991f1d217036f044167d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsoup: set CVE_PRODUCTRoss Burton2019-11-071-0/+2
| | | | | | | (From OE-Core rev: e4f6914d055b7dbb66aefe093b16dc07fade83a8) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libdrm:upgrade 2.4.99 -> 2.4.100Zang Ruochen2019-11-071-2/+2
| | | | | | | (From OE-Core rev: 48cd46074f358b7f2d633c7dff01fc5d3efffd9d) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ethtool:upgrade 5.2 -> 5.3Zang Ruochen2019-11-072-3/+3
| | | | | | | | | | -Refresh the following patch: ethtool/avoid_parallel_tests.patch (From OE-Core rev: b7420217b971ebe9f9c5099caa6768237416e3e9) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* strace: Fix ptest buildKhem Raj2019-11-072-0/+18
| | | | | | | | | include stdint.h since the test uses uintptr_t C99 type (From OE-Core rev: b0791cfeeed3d4346ea5c9285f09b0a532c58bf8) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtirpc: Do not include bits/endian.h directlyKhem Raj2019-11-071-3/+15
| | | | | | | | | | this file is supposed be included via endian.h indirectly, moreover Future musl versions does not have this file (From OE-Core rev: 3ef6adbc48ea7d5714d04555f3bc80b6e220efa8) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby:upgrade 2.6.4 -> 2.6.5Zang Ruochen2019-11-071-2/+2
| | | | | | | (From OE-Core rev: 087ed197ae7c5022a1185c09fc2d38c4acd7bf18) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest/signing: Fix test_locked_signatures to use a temporary layerRichard Purdie2019-11-071-6/+11
| | | | | | | | | | | | | Tests shouldn't be writing to layers during tests as this could corrupt other tests running in parallel. Modify the test to write the bbappend to a separate temporary layer which is added and removed by the test. This avoids race failures on the autobuilder. (From OE-Core rev: 467c72ff2c9fe00c40d04d5d859d860fb267499e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate: Add ability to hide summary output for sstateRichard Purdie2019-11-071-11/+12
| | | | | | | | | | Its confusing to keep seeing sstate summary messages when hash equivalency is active. This adds an option to control it. A default value is given which maintains compatibility with different bitbake versions. (From OE-Core rev: 038004866ff6650bcff7bb1bde36de6c0f451d29) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* staging: Handle files moving between dependenciesRichard Purdie2019-11-071-1/+15
| | | | | | | | | | | | | | | | | | Currently, if files move between recipes, do_prepare_sysroot can fail with a message like Exception: FileExistsError: [Errno 17] File exists: 'TMPDIR/sysroots-components/core2-64/libx11/usr/include/X11/extensions/XKBgeom.h' -> 'TMPDIR/work/core2-64-poky-linux/gtk+3/3.24.8-r0/recipe-sysroot/usr/include/X11/extensions/XKBgeom.h' This is because files are removed and then added per package. What needs to happen is all removes need to be processed, then all additions. This patch changes the code to process in two phases, removals first, then additions, which avoids the problem. (From OE-Core rev: e3e5ace6e68d5fe68e4add301a44c1a1b8607411) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: fetch2: Ensure cached url data is matched to a datastoreRichard Purdie2019-11-051-2/+2
| | | | | | | | | | | | | | | | | | | | There was a weird error in OE-Core where "devtool modify virtual/kernel" was showing basehash mismatch errors. This was due to SRCPV sometimes being: AUTOINC+b867b78b50_47b80ef7bd and sometimes AUTOINC+b867b78b50_255a750d28. The latter hash comes from KBRANCH and meant sometimes the correct branch was seen, sometimes it was not. The issue was complicated by the execution using a remote datastore over tinfoil. The problem turns out to be a fetcher caching error. If the datastore changes, the cached url data may not be valid. We therefore ensure we match cached url data against the datastore that generated it, which appears to fix this issue. (Bitbake rev: 0540abd338ed2ffd822edbd2947cab2f18873422) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lz4: Whitelist CVE-2014-4715Adrian Bunk2019-11-051-0/+3
| | | | | | | (From OE-Core rev: ccb65286b955d44dacd5fc794851a0c313d116a6) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: Upgrade 3.7.4 -> 3.7.5Adrian Bunk2019-11-055-224/+4
| | | | | | | | | Backported patches removed. (From OE-Core rev: 87f77ac60f57e6b3bfb2b3f3f5877b8d90cf22b8) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpam: set CVE_PRODUCTRoss Burton2019-11-051-0/+2
| | | | | | | (From OE-Core rev: f1d5273d53d66b217f3d4975f5cb5eb367b1aab1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: update to 2.24.0Oleksandr Kravchuk2019-11-052-11/+11
| | | | | | | (From OE-Core rev: ef5e557cb4eb08e15086c1a5a83135e2725f2b65) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: whitelist CVE-2018-13419Ross Burton2019-11-051-0/+4
| | | | | | | | | | This is a memory leak that nobody else can replicate and has been rejected by upstream. (From OE-Core rev: 2c2f70f0f364474e2d9c7d7e5480e80c77e5dea4) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* procps: whitelist CVE-2018-1121Ross Burton2019-11-051-3/+6
| | | | | | | | | | | This CVE is about race conditions in 'ps' which make it unsuitable for security audits. As these race conditions are unavoidable ps shouldn't be used for security auditing, so this isn't a valid CVE. (From OE-Core rev: b3fa0654abf9ac32f683ac174e453ea5e64b6cb8) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: whitelist CVE-2019-17371Ross Burton2019-11-051-0/+3
| | | | | | | | | | This is actually a memory leak in gif2png 2.x, so whitelist it in the libpng recipe. (From OE-Core rev: 341e43ebd935daeb592cb073bf00f80c49a8ec2d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vte: upgrade 0.56.3 -> 0.58.2Andreas Müller2019-11-054-161/+12
| | | | | | | | | | | | | * they moved to meson build * all autotools specific patches must go * although not inheriting gettext dependency on intltool-native can go * tested with all variants of PACKAGECONFIG * need it for gnome-terminal 3.34 (From OE-Core rev: 6e7cfd2edd7b35201478e66d47b21547a1032e30) Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>