summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* tiff: Security fix CVE-2016-10267Rajkumar Veer2017-11-052-0/+71
| | | | | | | | (From OE-Core rev: 91aff69faa7861f9872331ea386145667607550c) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-10266Rajkumar Veer2017-11-052-0/+61
| | | | | | | | (From OE-Core rev: aa1dc0afd99970f474f38a671e6c49aa2090fbe3) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-10268Rajkumar Veer2017-11-052-0/+31
| | | | | | | | (From OE-Core rev: a384e06b6ac12541b9928ecbc5834ef1d505ac0f) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Secruity fix CVE-2016-10093Rajkumar Veer2017-11-052-0/+48
| | | | | | | | (From OE-Core rev: a34da9ea14275d0bf8e9f2b7df7416fe622770cb) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix for CVE-2016-10271Rajkumar Veer2017-11-052-0/+31
| | | | | | | | (From OE-Core rev: d358e9bda3dcbdcfff7008804099f89f97f8bf79) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* valgrind: enable on mips soft-floatAndré Draszik2017-11-051-2/+0
| | | | | | | | | | | | | | | | | | | Valgrind support for mips soft-float hosts has been fixed in the 3.12 [1] and 3.13 [2] releases, so let's start building it on those, too. [1] https://sourceware.org/git/?p=valgrind.git;a=commit;h=8f0070d31daea6f0ed18f8fe69498a67530bfcbb [2] https://sourceware.org/git/?p=valgrind.git;a=commit;h=3172936d63da4b6257099bc05aee5793978269cb (From OE-Core rev: fe734c3adddef18e1dade182eb77c6d3c923e498) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 82dbad6aa1390668aa86d28c8a3125b68d6072fa) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/sdk: Replace buildiptables for buildlzip testsJose Perez Carranza2017-11-051-4/+4
| | | | | | | | | | | | | | | | | | | Buildiptables test cases are conflicting with images built with “musl” as standard C library, in order to avoid those issues lzip package was selected to be used on the tests as this does not have any "musl" dependency. [YOCTO #11713] (From OE-Core rev: b798284f62b3cb171373716b1ee84403439314aa) (From OE-Core rev: 0699de9efe40029a6c5e799bb8c9616337fd163e) Signed-off-by: Jose Perez Carranza <jose.perez.carranza@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/runtime: Replace buildiptables for buildlzip on runtime testsJose Perez Carranza2017-11-051-3/+3
| | | | | | | | | | | | | | | | | | | | | Buildiptables test cases are conflicting with images built with “musl” as standard C library, in order to avoid those issues lzip package was selected to be used on the tests as this does not have any "musl" dependency. This patch is applicable for testimage tests [YOCTO # 11713] (From OE-Core rev: 41683e0ab316049e28b1f4ceaf39f0fe17722d92) (From OE-Core rev: d40bcafb574788ed26855c5d1a072523893c1b4b) Signed-off-by: Jose Perez Carranza <jose.perez.carranza@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* image_types.bbclass: Make u-boot signed images more versatileTom Rini2017-11-053-40/+4
| | | | | | | | | | | | | | | | | | | | With the introduction of chaining compression/conversion support we can convert the old image_types_uboot.bbclass code that did a hand-chaining of a set of ${filesystem}.${compression} into generic and arbitrary support to sign whatever the user wants to sign for their image. This, for the record, does remove setting a valid compression type in the record in favour of just saying none. This is not a generally useful feature in U-Boot and I believe being versatile in terms of being able to pass in arbitrary compressions is more important. (From OE-Core rev: 979ff606d8c4c6f66c6dc533a92212f18708089e) Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Fix key generation with systemdJoshua Watt2017-11-054-81/+76
| | | | | | | | | | | | | | | | | | | | | | | | 106b59d9 broke SSH host key generation when systemd and a read-only root file system are in use because there isn't a way for systemd to get the optional weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default value if it is not specified. Instead, move the logic for determining if keys need to be created to a helper script that both the SysV init script and the systemd unit file can reference. This does mean that the systemd unit file can't check for file existence to know if it should start the service, but it wasn't able to do that correctly anyway anymore. This should be a problem since the serivce is only run once per power cycle by systemd, and should exit quickly if the keys already exist (From OE-Core rev: 73f1397d86f33abace089cc9a28e859b47bb7b6c) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 7e49c5879862253ae1b6a26535d07a2740a95798) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* json-c: backport patch to fix gcc7 compilationAndré Draszik2017-11-052-0/+78
| | | | | | | | | | | | | | | (The native version might be being built using gcc-7) We can't cherry-pick a commit from master, as master has upgraded json-c at the same time as applying this patch, see commit ccf630e78aad ("json-c: Upgrade to 0.12.1 release") (From OE-Core rev: 9b0cb8149ce82c0e6fa3054b54d35e9bf1353bf0) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* useradd-staticids: don't create username-group if gid is specifiedAndré Draszik2017-11-051-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adding distcc to an image, and having staticids enabled, doesn't work as it causes a a superfluous 'distcc' group being added using a conflicting GID, thus failing the build: | ERROR: distcc-3.2-r0 do_prepare_recipe_sysroot: distcc: groupadd command did not succeed. Compared to other recipes, the distcc recipe only specifies --gid for the primary group, and doesn't specify --no-user-group, but when --gid is given, it doesn't make sense to create a matching username-group in addition, even if --no-user-group was not specified, and 'useradd' actually complains if --gid and --user-group are given both. If only --gid is given, the current code in here effectively behaves as if --user-group was specified, taking the group-id of the username-group from the --gid parameter. This causes the error above, as we try to add a new group (distcc) with an existing group-id (nogroup). This is contrary to the comment in this file just above, contrary to what useradd can do, contrary to behaviour without the useradd-staticids bbclass, and non-intuitive. Change the code such that a username-group is only created - if a primary group using --gid was not specified, or - if --no-user-group was not specified To be in line with useradd, if gid is not given, and --no-user-group is given, we add the user to the group 'users', which mimics useradd's behaviour. (From OE-Core rev: b1843e60ebe534243b49f3685540fa5ea49d5f35) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fc3a86ae68919cec72c1a8ae0f9ba1f98ae13f0d) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: enable threaded resolverAndré Draszik2017-11-051-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Multi-threaded applications using libcurl crash on DNS timeouts when built using OE. The reason is as follows: By default, libcurl implements DNS timeouts using a timer (alarm()) and a pair of setjmp()/longjmp(). This approach is unsafe in multi-threaded applications for various reasons, as e.g. explained in the relevant man-pages. To avoid this, libcurl can be compiled with a built-in threaded resolver, or against the c-ares asynchronous resolver library. To keep extra dependencies to a minimum, and to mimic other distributions (debian at least), and because c-ares is not available in OE-core, add a PACKAGECONFIG to be able to enable use of of the built-in threaded resolver and enable it by default. (From OE-Core rev: f4dbb4ce29fcd03e64c83efea39f32df437c21cc) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 41f1e44fce976c4140cda62a41349e91e69d04ef) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-fitimage: support MIPS (compressed)André Draszik2017-11-051-1/+3
| | | | | | | | | | | | | | On MIPS, the compressed kernel image target is vmlinuz.bin (From OE-Core rev: ed459bc971697fdd46e5204f625cde7afcdef6eb) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 74d97569aa4e0f82e094a539dec302076103affa) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-uboot: support compressed kernel on MIPSAndré Draszik2017-11-051-1/+7
| | | | | | | | | | | | | | | | | | MIPS generates vmlinuz.bin when compression in the kernel build is enabled, including any necessary objcopy so we can leverage that and skip our manual invocation of objcopy here. We just have to put the file into the right place for the rest of the build to find it. (From OE-Core rev: 3db4004b2982a297a02ebeb6b0cb90cebdb44a0a) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 00bc7682473c2558d72ba42c182f8e3bd445f8af) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-uimage: optimise UBOOT_ENTRYSYMBOL supportAndré Draszik2017-11-051-1/+1
| | | | | | | | | | | | | | | | | | | This is the remaining local change to a fix similar to commit e0b4f018d1c2 ("kernel-uimage.bbclass: Fix up generation of uImage from vmlinux"): Make awk exit on match to save a few CPU cycles so as to make this similar to kernel-fitimage.bbclass (From OE-Core rev: d60b3d02949ba318e30627131fd38f74c74cf590) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 614e8be7a89a2f2113fa40b11e7a05b9e8155f6a) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-fitimage: unbreak UBOOT_ENTRYSYMBOL supportAndré Draszik2017-11-051-2/+2
| | | | | | | | | | | | | | | | | | | | - vmlinux is located in ${B}, not ${S}. - parsing of nm output got broken completely in commit b406a89935f148779569fa3770776e009dd51f13 ("kernel-fitimage: add initramfs support"), commit ec755d2524fcbd9dfded23a576f25c990d405a6c in yocto While at it, make awk exit on match to save a few CPU cycles. (From OE-Core rev: 1353892f3a130bcfa4e9c5b36b3ed7eb4a2c872d) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 9d2ec9c046c4a9c6a842d28133d40639f5a65297) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-fitimage: sanitize dtb section name (unbreak MIPS)André Draszik2017-11-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We can't build fitImages for MIPS any more: | Error: fit-image.its:21.27-28 syntax error | FATAL ERROR: Unable to parse input tree | uboot-mkimage: Can't read arch/mips/boot/fitImage.tmp: Invalid argument Since commit cd2ed7f80b555add07795cc0cbaee866e6c193a3 ("kernel-fitimage: dtb sections named by their filenames and one config section for each dtb"), commit 1ec405ef5df82884c8997878bbe6c66d924b5127 in yocto, dtb sections are named by the DTB filename, but the filename can legally be in a subdirectory below arch/$arch/boot/dts/, and on MIPS all DTBs are actually in a subdirectory. If so, mkimage fails with the above error message. Unbreak this by replacing the offending character (directory separator /) (From OE-Core rev: feb78cb536a5e5cc9f1c36014b1a1ae1c147f45c) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 335fc50cf54e47db4e3d5c35a9846484faf0270f) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-uimage.bbclass: Fix up generation of uImage from vmlinuxNathan Rossi2017-11-051-14/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | Fix up the generation of uImage from vmlinux when KEEPUIMAGE != 'yes'. This fixes up the working directory that do_uboot_mkimage is run from, such that it is run from the ${B} directory to access built artefacts. Simplify the logic in the task so that the parse step either adds the task or not if the conditions are met. This reduces the need for the task to run in cases when it is not used. The task is also changed to depend on the kernel_link_images task as arch/<arch>/boot/* is not available until after kernel_link_images in certain cases (e.g. vmlinux/uImage only KERNEL_IMAGETYPES). Fix up the use of ${S}/vmlinux when pulling the entry symbols address so that it accesses the vmlinux in ${B}. (From OE-Core rev: 60f0e4b18c7d77d7be2b22573b7d0c7ad3d0832f) Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit e0b4f018d1c2a65e66c81e5be1da8894e9a6c132) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: Fix postinst dependency issuesRichard Purdie2017-11-051-5/+6
| | | | | | | | | | | | | | | | | | | | | We were relying on running ca-certificates from the -native version. This meant the host and target path layouts had to match which might not be true, it certainly isn't true for the sdk builds. There was a dependency on run-parts which wasn't represented (we can get it from busybox or debianutils). Since this is an allarch script, call the script directly, making sure debianutils and openssl are available as postinst rootfs time to resolve the issues. (From OE-Core rev: a406704fd68d08c3916b7986f96175be34affc50) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d9575e05f2cb8bf293534c036ddc0d0336701256) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* debianutils: Add a native version (for run-parts)Richard Purdie2017-11-051-1/+3
| | | | | | | | | | | (From OE-Core rev: 4c8be205c317eaa649d034de22b960409bb3fa3b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 46985e66c193ad2aa9b575aeab5c78740bc5a4ed) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* copyleft_filter.bbclass: restore possiblity to filter on typeAndré Draszik2017-11-051-16/+16
| | | | | | | | | | | | | | | | | | | | | Since the changes introduced in ae9102bda398 ("copyleft_filter.bbclass: Allow to filter on name"), it is impossible to filter on the recipe type, all recipes are treated as though they should be included if the license matches, irrespective of the COPYLEFT_RECIPE_TYPES variable. Fix this. (From OE-Core rev: 23b520c42e93e47e3a19037877281af673144b31) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit e612dfa520c7d7ecf58006e82189be601204f38d) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest/archiver: only execute deploy_archives taskAndré Draszik2017-11-051-1/+1
| | | | | | | | | | | | | | | | | There should be no reason to execute a full build, as we're just interested in the deployment of the archives. The newly added tests already do the same. (From OE-Core rev: 89a00238c45b0457bdf7add3629124901bc72f4b) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 78c2897dff7cd9fe2cab511549cb146d5231e573) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest/archiver: add tests for recipe type filteringAndré Draszik2017-11-051-0/+76
| | | | | | | | | | | | | | | | | | | | The archiver used to be able to filter based on COPYLEFT_RECIPE_TYPES. Unfortunately, this got broken with the fix for https://bugzilla.yoctoproject.org/show_bug.cgi?id=6929 in commit ae9102bda398 ("copyleft_filter.bbclass: Allow to filter on name") Add two tests to prevent that from happening again. (From OE-Core rev: 11064f15d7fc10b99eac4084af48a91d8b212932) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 709f02c5cb25983090251c6237bac4fc0a295c4f) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: allow to override OpenSSL HostKeys when read-only-rootfsAndré Draszik2017-11-052-6/+44
| | | | | | | | | | | | | | | | | | With these changes it is possible to have a .bbappend that - sets SYSCONFDIR to some persistent storage - modifies SYSCONFDIR/sshd_config to use ssh host keys from the (writable) sysconfdir (From OE-Core rev: 79c7c8342859306750f0af17210a183fdc543caf) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Stephane Ayotte <sayotte@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 106b59d9f96f70d133fa1421091ad280d27a5b6a) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: add backported patch to support iproute 'scope'André Draszik2017-11-053-0/+157
| | | | | | | | | | | | | | | | | | | | | | | | This is needed for avahi-autoipd, which attempts to create a link-scope route as part of its work. Without iproute scope support in busybox, the route is not created due to an error message, and hence we aren't accessible by, and can't access ourselves, IP addresses outside the link-local scope (169.254.0.0/16) unless we also have a proper non link-local IP address, which somehow defeats the purpose of zeroconf. (From OE-Core rev: d0047eb364b5e38c3fbd349c40c71f6c50a1a22d) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Stephane Ayotte <sayotte@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit bd06a1cbe8e97b7f66979b12d4d248092379df4a) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: fix a linking issueMing Liu2017-11-052-0/+71
| | | | | | | | | | | | | | | | | | | | | | | | | | A following linking error was observed: | ========== | archival/lib.a(tar.o): In function `tar_main': | archival/tar.c:1168: undefined reference to `unpack_Z_stream' | archival/tar.c:1168: undefined reference to `unpack_Z_stream' | ld: busybox_unstripped: hidden symbol `unpack_Z_stream' isn't defined | ld: final link failed: Bad value this happened with clang compiler, with the following configs: | CONFIG_TAR=y | # CONFIG_FEATURE_SEAMLESS_Z is not set which can be fixed by adding IF_FEATURE_* checks in. (From OE-Core rev: 5e9e8b336931335c660733a269c59ae0547019bd) Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 789254b5ae983a94346f53de18286713b80eb5f2) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdb: fix gdbserver not working in musl/mips contextAndré Draszik2017-11-052-0/+46
| | | | | | | | | | | | | | | | Similar to https://bugs.lede-project.org/index.php?do=details&task_id=637&openedfrom=-1%2Bweek (From OE-Core rev: c33426e2011054043c276c72b8af651a9aa179ad) Signed-off-by: André Draszik <adraszik@tycoint.com> Acked-by: Sylvain Lemieux <slemieux@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 0b9d94a5e54191f93659f7b4e7a3cb4376487823) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oe-pkgdata-util: package-info: Allow extra variables to be displayedPeter Kjellerstedt2017-11-051-2/+10
| | | | | | | | | | | | | | | | By specifying the -e <var> option one or multiple times, extra variables available in the pkgdata can be displayed, e.,g, `oe-pkgdata-util package-info -e SUMMARY -e LICENSE ...`. The extra variables displayed are quoted since some of them may contain whitespace. (From OE-Core rev: 265db40c75b6a4b9a666e49dd1739423eb711695) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: apply mingw fix only for binutils-cross-canadianSamuli Piippo2017-11-052-1/+2
| | | | | | | | | | | | | | | | Whenever SDKMACHINE is set to mingw32, sdkmingw32 override is defined everywhere. This meant that value of LDGOLD was different also for binutils and binutils-cross depending whether SDKMACHINE was set or not. (From OE-Core rev: 0398f84482dbe5ee99b20e2ca6b3e9984f7ccec5) (From OE-Core rev: ef5f97aea26fa22accfd1841a2f1319935d6d95f) Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oe-build-perf-report: use correct x-axis max value in html chartsMarkus Lehtonen2017-11-051-1/+1
| | | | | | | | | | | | (From OE-Core rev: 1d99b018c2b6a44b9db2f2ede113e64dae751eee) (From OE-Core rev: 3a5a8280a1c079c8cc1161e0abc407c1a62aa068) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oe-build-perf-report: allow slashes in {branch} field in tag namesMarkus Lehtonen2017-11-051-0/+1
| | | | | | | | | | | | | | The target branch name might contain slashes. (From OE-Core rev: 3ddde7d5bcffdd855dae0da6ba5feec752cbacec) (From OE-Core rev: 6b3f1a6107de04bc4f212876db2e3c4c762b044a) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oe-build-perf-report: accept parenthesis in tag namesMarkus Lehtonen2017-11-051-2/+4
| | | | | | | | | | | | (From OE-Core rev: b1feae0e23300ea3894d14d2e7b1c1f8b419146e) (From OE-Core rev: f2a7a52b7a0915bd9905b3244b7b0deb6795205d) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/recipetool: use stable tarball for recipetool create testRoss Burton2017-11-051-6/+6
| | | | | | | | | | | | | | | GitHub dynamically generates the /archive/ tarballs but we're encoding checksums in the test suite. Change the URL to use a static tarball, and update the checksums. (From OE-Core rev: 9c668f9ff989a34e615e2ecc051dadbfe24a5bb4) (From OE-Core rev: 20f54eb2b2a306858f330eb50205e594d53767ec) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wic: accept '-' in bitbake variablesEnrico Scholz2017-11-051-1/+1
| | | | | | | | | | | | | | | | | | | '-' is valid and common in bitbake variables (e.g. 'FOO_pn-bar'). Accept it and other characters when reading the .env file. Also, allow variables to be empty. (From OE-Core rev: e688ac8e92d2bc451d8b2d437596f630bedccd2c) (From OE-Core rev: 2a69250abf61e51f633033ddb672e8f459191899) (From OE-Core rev: aa367a3583f6e1fb0e55f7ec46ddad13291f1c6f) Signed-off-by: Enrico Scholz <enrico.scholz@ensc.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* useradd: don't override pseudo environmentRoss Burton2017-11-051-1/+1
| | | | | | | | | | | | | | | | | | | | Back in the dark days before recipe-specific-sysroots the paths being passed in this manual construction of the pseudo environment made sense, but now they're incorrect and result in pseudo writing to two different databases during a single build. The result is that pseudo doesn't follow changes to /etc/passwd in the sysroot, and warns in the logs. Remove the PSEUDO_LOCALSTATEDIR assignment and inherit the correct assignment in FAKEROOTENV. (From OE-Core rev: 02457ef7f600ce954874e2d11e74b1c6daaa3bfc) (From OE-Core rev: e8112536055e75dff43369395a6cf6ba44ba8db7) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: tests/fetch: handle network failures gracefullyRoss Burton2017-11-051-0/+2
| | | | | | | | | | | | | | If there is a network failure the return value from latest_versionstring() is ('','') which later causes an exception when comparing versions. Improve this by checking the return value and failing the test early. [ YOCTO #12053 ] (Bitbake rev: 4284d918dc7451f6a4d00be065369e86bbaec4d2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: bitbake: Fix return value checks from subprocess.call()'sMikko Rapeli2017-11-052-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Python function subprocess.call() returns the return value of the executed process. If return values are not checked, errors may go unnoticed and bad things can happen. Change all callers of subprocess.call() which do not check for the return value to use subprocess.check_call() which raises CalledProcessError if the subprocess returns with non-zero value. https://docs.python.org/2/library/subprocess.html#using-the-subprocess-module All users of the function were found with: $ git grep "subprocess\.call" | \ egrep -v 'if.*subprocess\.call|=\ +subprocess\.call|return.*subprocess\.call' Tested similar patch on top of yocto jethro. Only compile tested core-image-minimal on poky master branch. (Bitbake rev: aac956a0950c05bf58af1885474cd89bb9c8fbd1) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: Replace deprecated git branch parameter "--set-upstream"Andre Rosa2017-11-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | Since 2017-08-17 (git version 2.14.1.473.g3ec7d702a) using deprecated git branch parameter "--set-upstream" causes a fetcher error. Replace it by "--set-upstream-to". https://git.kernel.org/pub/scm/git/git.git/commit/?id=52668846ea2d41ffbd87cda7cb8e492dea9f2c4d says, it's deprecated since 2012-08-30 so hopefully all still supported host distributions have new enough git to support "--set-upstream-to". ERROR: PACKAGE do_unpack: Fetcher failure: ...; git -c core.fsyncobjectfiles=0 branch --set-upstream master origin/master failed with exit code 128, output: fatal: the '--set-upstream' option is no longer supported. Please use '--track' or '--set-upstream-to' instead. ERROR: PACKAGE do_unpack: Function failed: base_do_unpack (Bitbake rev: 698e36430761cd3cf81283d58ca5bb3426bd24dd) Signed-off-by: Andre Rosa <andre.rosa@lge.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* goarch.bbclass: Replace logic for setting GOARMWill Newton2017-10-241-2/+5
| | | | | | | | | | | | | The previous logic applied a regex to TUNE_FEATURES which could set the GOARM value to 7 incorrectly, for example when dealing with an arm1176 core. Simplify to check for the presence of "armv7" instead. At the same time add a check for "armv6" and set GOARM to 6 in that case. (From OE-Core rev: 93dd2f9f3edf0584f9e806c629611d645dd72dbf) Signed-off-by: Will Newton <willn@resin.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa_supplicant: fix WPA2 key replay security bugRoss Burton2017-10-162-0/+1026
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. (From OE-Core rev: 28d2d47f2a4fc3eb649cf58e82bce0525ab0bc74) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: toaster/highlight.pack.js: Fix corrupted fileRichard Purdie2017-10-101-1/+1
| | | | | | | | The newly added file in the last commit was corrupted, fix it. (Bitbake rev: 64e4f407bc235b774acf55f959b699ad3a5c9fa8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: toaster: Remove prettifyDavid Reyna2017-10-106-35/+6
| | | | | | | | | | | | | | Remove "prettify.js" and "prettify.css" due to license issues with Apache2. Replace with "highlight.pack.js" with its BSD3 License. [YOCTO #12206] (Bitbake rev: 8c86ec28abd406f6d62dee9f917ed1df47f7f301) Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Brian Avery <brian.avery@intel.com> Signed-off-by: David Reyna <david.reyna@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* image.bbclass: Sorted ctypes to avoid basehash errorGerson Fernando Budke2017-09-221-1/+1
| | | | | | | | | | | | | | | | | | When selected multiple subimages a similar error could happend: Variable do_image_cpio[subimages] value changed \ from 'cpio.gz.u-boot cpio.gz' to 'cpio.gz cpio.gz.u-boot' To avoid this, 'ctypes' should be sorted at 'gen_conversion_cmds'. This garantee that 'CONVERSION_CMD_xxx' are always written in tha same order and consequently 'do_image_cpio' have the same hash. (From OE-Core rev: 271f1a5f65b8685a1e3645026876251122ef3974) (From OE-Core rev: 404a04a862a71a5a0fb1c20b6bc9fc9c8b2bb98c) Signed-off-by: Gerson Fernando Budke <nandojve@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: cooker: add BB_CMDLINE to enable access to UI command line with memresPaul Eggleton2017-09-213-3/+9
| | | | | | | | | | | | | | | | | | | | | | | In OpenEmbedded's buildhistory class we want access to the bitbake command line that launched the build, and up to now we were simply using sys.argv from within the event handler to get that. Unfortunately that doesn't work in memory resident mode, since the event handler is naturally executing within the server and thus will give you the command that launched the bitbake server which is much less interesting. Add a dynamic variable BB_CMDLINE to provide access to this, set from sys.argv within the UI process in updateToServer(). (Note that BB_CMDLINE isn't currently passed through to the worker, so this is only really readable from event handlers plus any explicit getVariable calls - in theory an observe-only UI could read it for example.) Part of the fix for [YOCTO #11634]. (Bitbake rev: 85596c9af3bb6407159c6c8de229cbe275aa74ea) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/4.1: generix86* bsp fix perf issue with gcc >=7Armin Kuster2017-09-211-2/+2
| | | | | | | (From meta-yocto rev: 9e7a7a8dc6c1e08e973ee9f91bbad3b659e9848e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.1Alejandro Hernandez2017-09-211-4/+4
| | | | | | | | | | | | | | | - Includes fix for CVE-2017-1000251 - Upgrades to Linux 4.1.43 (From meta-yocto rev: e3ae387f2f7f40f66f08cc79e66b933e3c1b217c) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> cleaned up as other bsp already updated to 4.1.43 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta-yocto-bsp: bump 4.1 to latest linux stable kernel for the non-x86 BSPsArmin Kuster2017-09-211-6/+6
| | | | | | | (From meta-yocto rev: 30e33eb070d8fd2d44b5e56ea163ea0b861770c5) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta-yocto-bsp: bump to the latest linux stable kernel for the non-x86 BSPsKevin Hao2017-09-213-15/+15
| | | | | | | | | | | | | | | Bump to the latest stable kernel for 4.4, 4.9, 4.10 and 4.12. (From meta-yocto rev: 6909368e9b193c3fc79257982ec609307a5e1ba4) (From meta-yocto rev: 72f1afdd9e532146609c85aab4a2b540b988ce0b) Signed-off-by: Kevin Hao <kexin.hao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Dropped 4.12 changes Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.9Alejandro Hernandez2017-09-211-4/+4
| | | | | | | | | | | | | | - Includes fix for CVE-2017-1000251 - Upgrades to Linux 4.9.49 (From meta-yocto rev: b3c4140647104fc764e8f8ffef6bd4bcba9ef4a2) (From meta-yocto rev: ba4a104566ad993d6bf1387cb0e6be32664acc51) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>