summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* perl: Security fix CVE-2017-12883Armin Kuster2018-05-032-0/+45
| | | | | | | | | Affects: Perl < 5.24.3-rc1 and 5.26.x before 5.26.1-RC1 (From OE-Core rev: d20917f3ce9ac45fb9562d1cabf7ddc212b1d07a) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: add patch to solve libcrypt incompatibilityCharles-Antoine Couret2018-05-033-0/+30
| | | | | | | | | | | | | Add Perl's patch submitted to upstream to be compiled along with glibc with libcrypt split. (From OE-Core rev: 79703d83790a2973fefdb0e12e125b5f17e98cdf) (From OE-Core rev: 53eef48621b19a1b88c042f9ee5eeb84d9746c64) Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@essensium.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rsync: update to 3.1.3Yi Zhao2018-05-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | (From OE-Core rev: ded47001bec3fbbcbcdbe358a32c14ed0322d431) Updating is safer than backporting the CVE fixes. Included CVE: CVE-2017-16548 CVE-2017-15994 CVE-2017-17434 CVE-2017-17434 CVE-2018-5764 plus many bugfixes (From OE-Core rev: 3f244c68defd45d89107ff58a95c8d4462faeaed) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mpfr: Update SRC_URI to use gnuArmin Kuster2018-05-031-1/+1
| | | | | | | | | | | | ERROR: mpfr-native-3.1.5-r0 do_checkuri: Fetcher failure for URL: 'http://www.mpfr.org/mpfr-3.1.5/mpfr-3.1.5.tar.xz'. URL http://www.mpfr.org/mpfr-3.1.5/mpfr-3.1.5.tar.xz doesn't work ERROR: mpfr-native-3.1.5-r0 do_checkuri: Function failed: do_checkuri Found gnu has the same copy (From OE-Core rev: ee3de1e4963ae56515be3a56b473f25ace286511) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uninative: Set the dynamic linker to use at compile timeRichard Purdie2018-05-031-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | Its possible some dynamic runtime library in the dependency chain may come from sstate and link to libraries which need the libc from uninative. If we don't do this and binaries are run at do_install time they would fail to find the symbols from the later libc. Examples: cmake-native do_install: bin/cmake: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by TOPDIR/tmp/work/x86_64-linux/cmake-native/3.10.3-r0/recipe-sysroot-native/usr/lib/libexpat.so.1) dbus-native do_install: tmp/work/x86_64-linux/dbus-native/1.12.2-r0/build/bus/.libs/lt-dbus-daemon: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by /home/pokybuild/yocto-autobuilder/yocto-worker/nightly-x32/build/build/tmp/work/x86_64-linux/dbus-native/1.12.2-r0/recipe-sysroot-native/usr/lib/libexpat.so.1) This issue is resolved when the interpreter is changed at sstate unpack time but this isn't soon enough to avoid issues at compile/install time. By specifing which dynamic linker/loader to use at compile time, this race window is removed entirely. (From OE-Core rev: 35867ee035030ab76fc9ccdb0eb1c3f80126301c) (From OE-Core rev: cead3c4925d39f8adc328007d8a8c1b23cc72842) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uninative: Add allow-shlib-undefined to BUILD_LDFLAGS and drop other workaroundsRichard Purdie2018-05-036-48/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have a problem when for example, a glibc 2.27 based system builds some library like libpopt-native and puts it into sstate then it is reused on a pre glibc-2.27 system to build something which depends on popt like rpm-native. This results in an error like: recipe-sysroot-native/usr/lib/libpopt.so: undefined reference to `glob@GLIBC_2.27' In the past we've had this problem with new symbols like getrandom and getentropy, here its with a more complex symbol where there is an old version and a newer version. We've looked into various options, basically we cannot link against our uninative libc/ld.so since we don't have the right headers or compiler link libraries. The compiler doesn't allow you to switch in a new set either, even if we did want to ship them. Shipping a complete compiler, dev headers and libs also isn't an option. On the other hand if we follow the ld man page, it does say: """ The reasons for allowing undefined symbol references in shared libraries specified at link time are that: - A shared library specified at link time may not be the same as the one that is available at load time, so the symbol might actually be resolvable at load time. """ which is exactly this case. By the time the binary runs, it will use our uninative loader and libc and the symbol will be available. Therefore we basically have a choice, we get weird intermittent bugs, we drop uninative entirely, or we pass this option. If we pass the option, we can drop the other workarounds too. (From OE-Core rev: 75a62ede393bf6b4972390ef5290d50add19341a) (From OE-Core rev: d18bf7fa8e80d6cfaf3fdbe1ab06eec84b954432) (From OE-Core rev: 4545f5436a5a106154680825ecb1cb60437faa91) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Clean up for Rocko context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: Set and export TZ envvar to UTCRichard Purdie2018-05-031-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We just ran into an issue where tar failed to build on one server setup but built everywhere else just fine. It was running makeinfo to regenerate some docs files and makeinfo was too old for the host it was running on. There was no dependency on makeinfo-native as it was not meant to be regenerating the docs. It was being regenerated as a date from a timestamp used in the docs was different in Asian timezones than in the other timezones our builds were being tested in. I added an entry to https://wiki.yoctoproject.org/wiki/TipsAndTricks/ about how this was debugged. As such, lets default to setting and exporting TZ to 'UTC' as was already pioneered by the reproducibile builds work. This makes the builds deterministic. [YOCTO #12665] (From OE-Core rev: 2a90ae7a3286724ff9e3615c4dbf56038f703810) (From OE-Core rev: e31f31f81efe4b60938b724bece2a03c7c74a68d) (From OE-Core rev: 2c72aa56e6065100582cb17f281c4c11521712e6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Drop simple.bbclass changes] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-uninative: Update to version 1.9 (fedora28 compatible)Richard Purdie2018-05-031-3/+3
| | | | | | | | | | | | | | This includes the libxcrypt change which allows uninative to work on fedora28. (From OE-Core rev: 4b27ab6487a54b42a52aa16e98ea4d19fa62b5ae) (From OE-Core rev: 0685eb697f1dfa3b858b6e594cbd8e6070b4fbb8) (From OE-Core rev: 2b462bdc2b9bad40425769ece380e46b52cca095) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package.bbclass: Add '-b' option to file call in isELFMark Hatle2018-05-032-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The isELF function works by running: result = file <pathname> if 'ELF' in result By default 'file' will prepend the result with the path name of the file that is being checked. This usually works fine, such as: $ file /home/foo/openembedded-core/meta/classes/package.bbclass /home/foo/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines However, if the path includes 'ELF', ELF will end up in the result, and then the check will return positive. $ file /home/ELF/openembedded-core/meta/classes/package.bbclass /home/ELF/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines This will then result in the isELF coming back true, and possibly causing the checks that use isELF, such as the 'is it already stripped' check, to do the incorrect thing. Adding the '-b' option to file will result in the path being omitted in the result: $ file /home/ELF/openembedded-core/meta/classes/package.bbclass Python script, ASCII text executable, with very long lines (From OE-Core rev: 5a324e9b2cf6378f8eaa4e394f9cb36d4e2680ac) (From OE-Core rev: 46ddc11a8be79515b4ab9f9f7568c3d624ac72fe) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [fixup for Rocko] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2018-1000156Jackie Huang2018-05-033-0/+255
| | | | | | | | | | | | | | | | | | | | | | | * CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156 * upstream tracking: https://savannah.gnu.org/bugs/index.php?53566 * Fix arbitrary command execution in ed-style patches: - src/pch.c (do_ed_script): Write ed script to a temporary file instead of piping it to ed: this will cause ed to abort on invalid commands instead of rejecting them and carrying on. - tests/ed-style: New test case. - tests/Makefile.am (TESTS): Add test case. (From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270) (From OE-Core rev: 413c54e0698589b17976e88fa7ab76e5dbac51aa) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2018-6951Jackie Huang2018-05-032-1/+38
| | | | | | | | | | | | | | | | | | | | * CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951 * upstream tracking: http://savannah.gnu.org/bugs/?53132 * Fix segfault with mangled rename patch - src/pch.c (intuit_diff_type): Ensure that two filenames are specified for renames and copies (fix the existing check). (From OE-Core rev: cdf74e1c67698b2d44a7460ff7d365d6da7b7b96) (From OE-Core rev: e628af83e8d00ed3e3db318b323a9f5e48d35aae) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch:2.7.5 -> 2.7.6Huang Qiyu2018-05-031-2/+2
| | | | | | | | | | | | | | Upgrade patch from 2.7.5 to 2.7.6. (From OE-Core rev: e5dcd58e5b2ef0b8e2bbe90e9bb1cede4e76bf75) (From OE-Core rev: 6ecaabfff944773a09096a9ce293842c7c00b3a1) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: Security Advisory - CVE-2017-3144Yue Tao2018-05-032-0/+75
| | | | | | | | | | | | | | | | | | | | | | | Fix CVE-2017-3144 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144 https://kb.isc.org/article/AA-01541 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4 (From OE-Core rev: bcbe9025560dee658c0ead566384e1a8647cebf9) (From OE-Core rev: cf029db42a6bb96203d2d6bb64a62e6eeec9be8d) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gio-module-cache.bbclass: pass in ${libexecdir}Alexander Kanavin2018-05-031-0/+1
| | | | | | | | | | | | | | When it was something else than /usr/libexec (e.g. when installing native SDK packages), things broke down. (From OE-Core rev: d99e819a6cbde6d1116c434ddba4c5f8eca7e6d8) (From OE-Core rev: 1c8c163bfb736518f66276eca5765c493b8cc787) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uninative: add variables to the whitelist so that it does not re-triger ↵Cuero Bugot2018-05-031-0/+3
| | | | | | | | | | | | | | | | | | | | recipe parsing When uninative is activated (poky's default) internal datastore variables are modified (NATIVELSBSTRING and SSTATEPOSTUNPACKFUNCS) to enable uninative support. This is happening after parsing is done at the beginning of the build. On the next bitbake call the recipe would be parsed if the two variables above were not added to the parsing whitelist BB_HASHCONFIG_WHITELIST. The fix is to add these two variables to the recipe parsing whitelist BB_HASHCONFIG_WHITELIST, this is done at recipe parsing time, only when uninative.bbclass is used. (From OE-Core rev: 75bb95ada98ef129d2fa48568f27dddb078c852c) (From OE-Core rev: ca52b8e4f32063234815493746c4059392862af8) Signed-off-by: Cuero Bugot <cbugot@sierrawireless.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_manager.py: Skip gpgcheck while using dnf on targetManjukumar Matha2018-05-031-1/+1
| | | | | | | | | | | | | | | | | By default, RPM_SIGN_PACKAGES is not defined. Add gpgcheck=0 to oe-remote-repo.repo file, otherwise dnf will complain during install operation on target Note, RPM_SIGN_PACKAGES is set only when you inherit sign_rpm explicitly (From OE-Core rev: 002a71eaa7606828c399972d8fd35e19e7b71929) (From OE-Core rev: 21ca5428fa320aa4c925fe8a1a141c7df863fa84) Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre-ptest: skip locale testJuro Bystricky2018-05-031-0/+4
| | | | | | | | | | | | | | | | | | If a fr_FR locale is found, it is automatically tested. The test will fail if the locale is UTF-8, as the test blindly assumes (and expects) a non-UTF fr_FR locale. The remedy is to skip the test. [YOCTO #12215] (From OE-Core rev: 4cedddb83623c79980b354642dfeaf78218ca4b7) (From OE-Core rev: ebb6c4f6a2bb6a6be4b3c4f8b7095bad529c62ea) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update 1.1.0g -> 1.1.0hAlexander Kanavin2018-05-033-143/+4
| | | | | | | | | | | | | | | | | | | | | | Please see this security advisory: https://www.openssl.org/news/secadv/20180327.txt Remove 0001-Remove-test-that-requires-running-as-non-root.patch (issue fixed upstream) Remove 0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch (backport) License-Update: copyright years (From OE-Core rev: 96d5e9c186fb83f1b5d9b38ace0b1222c3c04c54) (From OE-Core rev: a4f7a637d9a2c738f217c67394a98f6081149022) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: update 1.0.2n -> 1.0.2oAlexander Kanavin2018-05-0333-3/+3
| | | | | | | | | | | | | | | | | Please see this security advisory: https://www.openssl.org/news/secadv/20180327.txt License-Update: copyright years (From OE-Core rev: 13542282e34c078296c46a98721b31ed9a69a980) (From OE-Core rev: 9460cdd9227edcca425b919d5b9061d1da55528b) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix libdir logic to allow multiarch style pathsKoen Kooi2018-05-032-2/+4
| | | | | | | | | | | | | | The recipes were using 'basename' to turn '/usr/lib' into 'lib', which breaks when libdir is '/usr/lib/tuple', leading to libraries ending up in '/usr/tuple', which isn't in FILES_*. Change the logic to use sed to strip the prefix instead. (From OE-Core rev: e58d5521c7bae8daafdac85754545be176550a02) (From OE-Core rev: 373763d4f6668c3e324edf8d699c8c15d0267278) Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: drop openssl-1.0.2a-x32-asm.patchAlexander Kanavin2018-05-032-47/+0
| | | | | | | | | | | | | | | | | The patch was applied in a completely incorrect spot (due to fuzz), no one noticed or complained. Meanwhile upstream says the issue has been resolved differently: https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest (From OE-Core rev: 325e516b59e677dc8e2c5756589fa8037b3e9392) (From OE-Core rev: d7f682f592538073eefd24bf06c32e8e2e685f05) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: refresh patchesRoss Burton2018-05-032-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 7baba7a19c5610a63ccbfd6a2238667772b32118) (From OE-Core rev: 95b5ec1d6d614ebd1ea3a57bbbcef33b08966265) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_rpm: set _builddir to B not SRichard Purdie2018-05-031-1/+1
| | | | | | | | | | | | | | | | | Recipes which use a shared workdir (e.g. gcc-runtine and libgcc) can race over temporary files causing interesting build failures. Using B instead of S avoids this problem. [YOCTO #12605] (From OE-Core rev: d6c13a5ff441f7076eb327c0d0b747bd7603db0f) (From OE-Core rev: 9c72ddb605f1f4fc98fa427e37b5ba8c8758c6cd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/4.12: intel-socfpga, intel-pmc-core and ish support for ↵Bruce Ashfield2018-05-033-13/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CoffeeLake board Integrating a series of mainline backports to allow better 4.12 support for the coffeelake board: 97e710ef0545 driver: clk: socfpga: remove unused variable 2852089a6b7f x86/cpu: Add Cannonlake to Intel family 1af96090b1f4 ACPI / LPIT: Export lpit_read_residency_count_address() 1e85b644ad5e ACPI / LPIT: Add Low Power Idle Table (LPIT) support 3b931f776349 platform/x86: intel_pmc_core: Special case for Coffeelake 5666379331a9 platform/x86: intel_pmc_core: Add CannonLake PCH support de9e9e9518ee platform/x86: intel_pmc_core: Read base address from LPIT f422abd33358 platform/x86: intel_pmc_core: Remove unused header file ec1ca0048923 platform/x86: intel_pmc_core: Convert to ICPU macro f894e2c0cfff platform/x86: intel_pmc_core: Substitute PCI with CPUID enumeration ce7b50cc047d platform/x86: intel_pmc_core: Refactor debugfs entries c9ca0426c9c8 platform/x86: intel_pmc_core: Fix file permission warnings 17294194d03c platform/x86: intel_pmc_core: Change driver to a module 7f142e82c8f0 platform/x86: intel_pmc_core: Fix kernel doc for pmc_dev d095df17ddf4 platform/x86: intel_pmc_core: Remove unused variable cdfd431ccc3d platform/x86: intel_pmc_core: Remove unused EXPORTED API c54edf864c58 platform/x86: intel_pmc_core: Make the driver PCH family agnostic 5302f0bfbaed HID: intel-ish-hid: Enable Cannon Lake and Coffee Lake laptop/desktop 7e5cc39c3f61 HID: intel-ish-hid: Enable Gemini Lake ish driver b00e0e88689f HID: intel-ish-hid: Enable Cannon Lake ish driver (From OE-Core rev: 0b53601c0e8a87e336dadd6854c19cdb2e1f6b55) (From OE-Core rev: 61e6adc8dfb8aa63628a2e96f9d5f7ab62307c59) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/meta: improve wifi driver granularityBruce Ashfield2018-05-033-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Integrating the following commit for the 4.12+ kernels: Author: Nathan Rossi <nathan@nathanrossi.com> Date: Wed Mar 21 00:10:02 2018 +1000 features/wifi: Add WiFi driver fragments for various vendors/interfaces This change adds WiFi driver configuration fragments. The fragments are split into vendor and interface files to allow for easy selection of drivers for specific interface types (USB, PCI, SDIO) which is useful for BSPs with specific interfaces. The specific vendor/interface config fragments can be included by specific BSPs in its .scc files. However .scc files (wifi-*.scc) are provided to allow enabling interface specific or all interfaces drivers via KERNEL_FEATURES or inclusion via other .scc files. And wifi-common.scc is provided to enable the base config options required for all WiFi drivers, which is done to ensure correct configuration for default no config setups (e.g. linux-yocto-tiny). This patch only enables a limited set of drivers, which is based on what the common-pc-wifi.cfg fragment sets as well as some additional drivers, that primarily appear in USB WiFi devices. Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> This gives us a much better granularity of drivers and a good baseline for future improvements. The 4.12 fragments are also slightly re-organized on top of this commit to avoid patch failures when including the new frags. (From OE-Core rev: c24d6863768a64b2c1632d5202790689a1164694) (From OE-Core rev: 9e1bc0e552d7609428cb71bda7d2b6b726146c21) Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Removed upsupported kernels] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/4.12: add ssl and utils native dependenciesBruce Ashfield2018-05-031-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | Via the -stable updates, and other configuration changes the 4.12 kernel has the same dependency on openssl headers as 4.14+. So we add the same DEPENDS line that we already have in newer kernels to avoid the following error: | HOSTCC scripts/sign-file | build/tmp/work-shared/qemux86-64/kernel-source/scripts/sign-file.c:25:30: fatal error: openssl/opensslv.h: No such file or directory | compilation terminated. | scripts/Makefile.host:107: recipe for target 'scripts/sign-file' failed | make[3]: *** [scripts/sign-file] Error 1 | make[3]: *** Waiting for unfinished jobs.... (From OE-Core rev: 80f6840baecb8b161f6443f3dd1af4e70b5e5221) (From OE-Core rev: 8660345a665ef74828036c89257bc23246243c40) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/4.12: update to v4.12.21Bruce Ashfield2018-05-033-16/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Integrating Paul Gortmaker's stable update to 4.12, this includes CVE fixes for meltdown and spectre: 3bb926457832 Linux 4.12.21 76781f72ce64 lguest: disable it vs. removing it. 6ab3176bb365 x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL efa97ecdf026 x86/pti: Mark constant arrays as __initconst a4d9aaf35e28 x86/spectre: Simplify spectre_v2 command line parsing 1dbde4da259a x86/retpoline: Avoid retpolines for built-in __init functions 7f3a7b69b0f7 x86/paravirt: Remove 'noreplace-paravirt' cmdline option ebeddfbee13f x86/speculation: Use Indirect Branch Prediction Barrier in context switch 7e0a7c84eb35 x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel bf0c4c3f38f6 x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable" f4d4ccfdf361 x86/spectre: Report get_user mitigation for spectre_v1 12f20abacd8b nl80211: Sanitize array index in parse_txq_params 7686c72bfd9c vfs, fdtable: Prevent bounds-check bypass via speculative execution a3d62741fc9b x86/syscall: Sanitize syscall table de-references under speculation 0b99c598274c x86/get_user: Use pointer masking to limit speculation bf532304a22f x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec 04584b001618 x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end} 5a64c3ccd99d x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec 9bbc24f34f03 x86: Introduce barrier_nospec b55fd06d6fe0 x86: Implement array_index_mask_nospec 79a2efa3e0f5 array_index_nospec: Sanitize speculative array de-references e9046d054bb9 Documentation: Document array_index_nospec 0078d6b103f9 x86/asm: Move 'status' from thread_struct to thread_info 46afe23798a3 x86/entry/64: Push extra regs right away 4213246ab7a8 x86/entry/64: Remove the SYSCALL64 fast path 026a59b9de37 x86/spectre: Check CONFIG_RETPOLINE in command line parser a345c5f7a1b6 x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP 999e3eca6861 x86/speculation: Simplify indirect_branch_prediction_barrier() c7acab78a24c x86/retpoline: Simplify vmexit_fill_RSB() be5c3f1101f7 x86/cpufeatures: Clean up Spectre v2 related CPUID flags 7addf309d0e0 x86/cpu/bugs: Make retpoline module warning conditional b7c17f71e9cc x86/bugs: Drop one "mitigation" from dmesg af16629cc1da x86/nospec: Fix header guards names ebfadec0c9dc x86/alternative: Print unadorned pointers 2e4bcf1ccaa9 x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support 332de1ac4373 x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes 79a2a1ba23e7 x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown d29069565618 x86/msr: Add definitions for new speculation control MSRs 114a7b0f431c x86/cpufeatures: Add AMD feature bits for Speculation Control 2d5755e9daac x86/cpufeatures: Add Intel feature bits for Speculation Control 3f5d9b428f05 x86/cpufeatures: Add CPUID_7_EDX CPUID leaf 2f1b883356ca module/retpoline: Warn about missing retpoline in module 8c935f65cf6a KVM: VMX: Make indirect call speculation safe 79c0d980e610 KVM: x86: Make indirect calls in emulator speculation safe 956ca31407ab x86/retpoline: Remove the esp/rsp thunk de8cd92003c6 x86/mm/64: Fix vmapped stack syncing on very-large-memory 4-level systems f2846896cd75 x86/microcode: Fix again accessing initrd after having been freed badb7498ab69 x86/retpoline: Optimize inline assembler for vmexit_fill_RSB 750d9c97cede x86/pti: Document fix wrong index 8d759c94307d kprobes/x86: Disable optimizing on the function jumps to indirect thunk 59a3c4dc0ab9 kprobes/x86: Blacklist indirect thunk functions for kprobes 2eef7eab7aea retpoline: Introduce start/end markers of indirect thunk a37c55916910 x86/mce: Make machine check speculation protected 3aab76cd9d88 x86/tsc: Fix erroneous TSC rate on Skylake Xeon b129f5955cd5 x86/tsc: Future-proof native_calibrate_tsc() 7639b8268579 x86/mm/pkeys: Fix fill_sig_info_pkey b19a92bb0f18 x86/cpufeature: Move processor tracing out of scattered features eb5a1177e60b x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros ed114eb7be88 x86/retpoline: Fill RSB on context switch for affected CPUs 70d519c9f97c x86/kasan: Panic if there is not enough memory to boot 01e21b5f7c9c x86/retpoline: Remove compile time warning 8ca1b5f8a9f4 x86,perf: Disable intel_bts when PTI 6f037d7eaeaa security/Kconfig: Correct the Documentation reference for PTI b8c74586d251 x86/pti: Fix !PCID and sanitize defines 8e24a4722756 selftests/x86: Add test_vsyscall c3d9420f23cf x86/retpoline: Fill return stack buffer on vmexit dd182d455654 x86/retpoline/irq32: Convert assembler indirect jumps d592a8a2c5f5 x86/retpoline/checksum32: Convert assembler indirect jumps 0f3df59f16d3 x86/retpoline/xen: Convert Xen hypercall indirect jumps c0459b479a22 x86/retpoline/ftrace: Convert ftrace assembler indirect jumps 11edfaeadbd1 x86/retpoline/entry: Convert entry assembler indirect jumps bf4c91a3b74f x86/retpoline/crypto: Convert crypto assembler indirect jumps 2b243b8623a5 x86/spectre: Add boot time option to select Spectre v2 mitigation 8ab0d792e81c x86/retpoline: Add initial retpoline support f2f4c0853dba x86/pti: Make unpoison of pgd for trusted boot work for real 7495fd5400e6 x86/alternatives: Fix optimize_nops() checking 8b932f131e26 sysfs/cpu: Fix typos in vulnerability documentation 299b4adfed2e x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC 32996f3a0a81 x86/cpu/AMD: Make LFENCE a serializing instruction 10ffc3c2b2f7 x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*() 9e1201731d4b x86/tboot: Unbreak tboot with PTI enabled 728d879e5c6b x86/cpu: Implement CPU vulnerabilites sysfs functions aeba317a23de sysfs/cpu: Add vulnerability folder 83e59b5d52bf x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] f7845c2cbd6e x86/Documentation: Add PTI description 16331e2c3b06 x86/pti: Unbreak EFI old_memmap 5723b0260415 kdump: Write the correct address of mem_section into vmcoreinfo 50d02826dfc0 mm/sparse.c: wrong allocation for mem_section d3cbfb481af2 mm/sparsemem: Fix ARM64 boot crash when CONFIG_SPARSEMEM_EXTREME=y (From OE-Core rev: 607b443f2abb915d4d12d6483b26030734983288) (From OE-Core rev: f10c5251dcb545e633f01b680ffee6e8cf75852d) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mirrors.bbclass: change Debian anonscm to salsaMikko Rapeli2018-05-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Debian anonscm service in Alioth is shutdown and thus fetching sources fails. https://wiki.debian.org/Alioth "Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information." https://wiki.debian.org/Salsa "What is Salsa? Salsa is the name of a collaborative development server for Debian based on the gitlab software. Salsa is supposed to provide the necessary tools for package maintainers, packaging teams and other Debian related individuals and groups for collaborative development. What is the status of Salsa? After various discussions about the future of Alioth, the Alioth Sprint in August 2017 gave birth to the initial setup of the the upcoming Salsa service. The productive weekend resulted in a working prototype and was launched as a beta in December 2017. It left its beta status in January 2018." (From OE-Core rev: 08ff7b42d8b7d06ef61255185c95e900ada8769b) (From OE-Core rev: 407de0c37ba21aff49b9fd43ee74ea4af28d19d4) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: change SRC_URI from Debian anonscm to salsaMikko Rapeli2018-05-031-1/+1
| | | | | | | | | | | | | | | | | | | Debian anonscm service in Alioth is shutdown and thus fetching ca-certificates sources fails. https://wiki.debian.org/Alioth "Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information." (From OE-Core rev: fc20ff2003cee7ee3b78ba3bc236a60a8caabc35) (From OE-Core rev: 127d1d68346bece34ccd8f6203976e2399c31a92) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ncurses: change SRC_URI from Debian anonscm to salsaMikko Rapeli2018-05-031-1/+1
| | | | | | | | | | | | | | | | | | | Debian anonscm service in Alioth is shutdown and thus fetching ncurses sources fails. https://wiki.debian.org/Alioth "Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information." (From OE-Core rev: 8fab5794218445ddb3e8f73a74fa3f130e7c42f6) (From OE-Core rev: fd64bf2dab8f259fb5e3d04e1a2af09e0775adc5) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: DEPENDS on libidn2 (not libidn)André Draszik2018-05-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since v7.51.0, libidn2 is the only available option, libidn support was dropped. The configure option was renamed as of v7.53.0 Therefore, curl unconditionally tries to build against libidn2, which in particular is a problem for curl-native, as that might or might not build against the build-machine's libidn2 now, which furthermore causes problems when trying to share sstate between multiple build machines. We therefore see the following in the config log: ... checking whether to build with libidn2... (assumed) yes ... checking for libidn2 options with pkg-config... no configure: IDN_LIBS: "-lidn2" configure: IDN_LDFLAGS: "" configure: IDN_CPPFLAGS: "" configure: IDN_DIR: "" checking if idn2_lookup_ul can be linked... yes checking idn2.h usability... yes checking idn2.h presence... yes checking for idn2.h... yes ... IDN support: enabled (libidn2) ... even though this recipe tries to disable that. While libidn2 isn't available in OE, this change at least: * prevents curl-native to silently build against libidn2 if that is installed on build machine, even if not requested * alerts people who use the PACKAGECONFIG option that it's not actually doing what they intend to do (From OE-Core rev: 705eaea991622bdbb2ee83eefa8df8e665e3efe4) (From OE-Core rev: 6ec8cb59b2f58784a9f74afa6018791694f8a030) Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: 2.9.4 -> 2.9.5Andrej Valek2018-05-0313-1723/+15
| | | | | | | | | | | | | | | | | | | | | | (From OE-Core rev: a0d2427bb86668215d7c9e1be07cb9a2d86f6755) This includes these CVEs: CVE-2017-7376 CVE-2017-7375 CVE-2017-5130 CVE-2017-16932 CVE-2017-16931 see http://xmlsoft.org/news.html for more info. (From OE-Core rev: 6a62f30bcb516f6a5c97f21086ecd13ffbb6f821) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade to 7.58.0Oleksandr Kravchuk2018-05-031-2/+2
| | | | | | | | | | | | | | | | | | | (From OE-Core rev: 9763c9d649a22f9024d832eb625bee35b583e717) This update include these CVES: CVE-2018-1000122 CWE-126: Buffer Over-read CVE-2018-1000121 CWE-476: NULL Pointer Dereference CVE-2018-1000120 CWE-122: Heap-based Buffer Overflow Mostly bugfixes. (From OE-Core rev: f99e2ce01ed01cf036a8282b2d155d941ed7ec9b) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: 7.54.1 -> 7.57.0Huang Qiyu2018-05-036-373/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1.Upgrade curl from 7.54.1 to 7.57.0. 2.Delete CVE-2017-1000099.patch, CVE-2017-1000100.patch, CVE-2017-1000101.patch, CVE-2017-1000254.patch, reproducible-mkhelp.patch, since it is integrated upstream. 3.Remove "do_install_append()" from curl_7.57.0.bb, since curl/curlbuild.h has been removed. this update include CVE fixes for: CVE-2018-1000007 CWE-522: Insufficiently Protected Credentials CVE-2018-1000005 CWE-126: Buffer Over-read CVE-2017-8818 CWE-125: Out-of-bounds Read CVE-2017-8817 CWE-126: Buffer Over-read CVE-2017-8816 CWE-131: Incorrect Calculation of Buffer Size CVE-2017-1000257 CWE-126: Buffer Over-read Most of the changes are bug fixes. https://curl.haxx.se/changes.html (From OE-Core rev: 215d5677004537fc190b5381157ac8b94db6d7e8) (From OE-Core rev: 7f1029aff8abaadb25730fef50c495dcd6fc1e30) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Safer to upgrade than to backport CVE-2017-8818. Lots of depends patches] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* logging.bbclass: Enclose the tr string in quotesJason Wessel2018-05-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On some linux hosts image recipes will fail to build as follows: ERROR: build-essential-0.3-r0 do_image_ext3: Usage: bbdebug [123] "message" ERROR: build-essential-0.3-r0 do_image_ext3: Function failed: do_image_ext3 (log file is located at /opt/build/tmp/work/intel_corei7_64-wrs-linux/build-essential/0.3-r0/temp/log.do_image_ext3.43744) ERROR: Logfile of failure stored in: /opt/build/tmp/work/intel_corei7_64-wrs-linux/build-essential/0.3-r0/temp/log.do_image_ext3.43744 ERROR: Task (/opt/layers/meta-overc/meta-build/recipes-core/images/build-essential_0.3.bb:do_image_ext3) failed with exit code '1' Running with bitbake -v -v -v -D we get in the log file: + bbdebug 1 Executing 'dd if=/dev/zero of=/opt/build/tmp/work/intel_corei7_64-wrs-linux/build-essential/0.3-r0/deploy-build-essential-image-complete/build-essential-intel-corei7-64-20180220190510.rootfs.ext3 seek=484486 count=0 bs=1024' + USAGE='Usage: bbdebug [123] "message"' + '[' 3 -lt 2 ']' + DBGLVL=1 + shift ++ echo 1 ++ echo 1 ++ tr -d t ++ tr -d t + NONDIGITS=1 + '[' 1 ']' + bbfatal 'Usage: bbdebug [123] "message"' The debug output tells us that the NONDIGITS check failed to remove the digits using the tr expression. Enclosing the expression in quotes causes it to work properly. (From OE-Core rev: 9e6d283aa9c77685f55a62fa220226d9149ecd7a) (From OE-Core rev: 35ed47d1fcbdd384aa804b686e1c92d22b74fc15) Signed-off-by: Jason Wessel <jason.wessel@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: CVE-2018-5146Tanu Kaskinen2018-04-022-0/+101
| | | | | | | | | | | | | | Prevent out-of-bounds write in codebook decoding. The bug could allow code execution from a specially crafted Ogg Vorbis file. References: https://www.debian.org/security/2018/dsa-4140 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 (From OE-Core rev: 1b18cdf6b8bdb00ff5df165b9ac7bc2b10c87d57) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: CVE-2017-14632Tanu Kaskinen2018-04-022-0/+63
| | | | | | | | | | | | | | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632 (From OE-Core rev: a2b4718b5db8f220c89d71fbea4e3418be20731e) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libvorbis: CVE-2017-14633Tanu Kaskinen2018-04-022-0/+43
| | | | | | | | | | | | | | In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633 (From OE-Core rev: 300b5e921460f8ab1d4870014b343eddd00e77b1) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: Add comm to HOSTTOOLSNiko Mauno2018-03-301-1/+1
| | | | | | | | | | | | | | | | | This mitigates following issues during u-boot do_compile() step -- otherwise, if comm is not available, they are quietly ignored: .../scripts/check-config.sh: line 33: comm: command not found .../scripts/check-config.sh: line 39: comm: command not found Since 'comm' is provided by coreutils package, adding it to HOSTTOOLS was considered a lower impact fix compared to adding coreutils-native buildtime dependency to u-boot recipe. (From OE-Core rev: c1b711e265e2ff6ba74b0f6f568f231ddf476f8b) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lttng-modules: update to v2.10.5 for kernel 4.15Bruce Ashfield2018-03-261-2/+2
| | | | | | | | | | | | | (From OE-Core rev: 7f00a5161889a422d83dc113521d9241fdd89abf) (From OE-Core rev: 30f326fb9c0f3b4dbfe7f99e18b74f90e99f4207) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [got reports the latest 4.4 is having issues too] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lttng-ust: upgrade 2.9.1 -> 2.10.1Richard Purdie2018-03-261-2/+2
| | | | | | | | | | (From OE-Core rev: 7c3ec9b7d21377ac3bc80de418615b00a23505b6) (From OE-Core rev: 6dc7f7d8b83b3136f16fc3afb10192cff8462533) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lttng-modules: upgrade 2.9.5 -> 2.10.4Richard Purdie2018-03-261-4/+5
| | | | | | | | | | | | | LICENSE file contains a list of files and addtional files were added to the list, license was unchanged. (From OE-Core rev: f6372633b481fc267c1983a5276616513ec778a9) (From OE-Core rev: 173f3534a7217074f7291d42b1d572242bc710e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* distcc: Change SRC_URIArmin Kuster2018-03-261-1/+1
| | | | | | | | | | | | | | | | | ERROR: distcc-3.2-r0 do_fetch: Fetcher failure: Unable to find revision d8b18df3e9dcbe4f092bed565835d3975e99432c in branch 3.2 even from upstream ERROR: distcc-3.2-r0 do_fetch: Fetcher failure for URL: 'git://github.com/distcc/distcc.git;branch=3.2'. Unable to fetch URL from any source. ERROR: distcc-3.2-r0 do_fetch: Function failed: base_do_fetch [v2] upstream deleted the branch and the hash no longer exists. Took the git snapshot from yocto and created a copy on my github. There was no offical 3.2 release, only rc versions. (From OE-Core rev: 22d30ed7c847b6ee4fdccb96fa9a3ce3d1491967) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e2fsprogs: fix compatibility with glibc 2.27Tanu Kaskinen2018-03-262-0/+63
| | | | | | | | | | | | | | | | | | | | glibc 2.27 added function copy_file_range(), and e2fsprogs happens to have a different function with the same name. The conflict made e2fsprogs-native build fail. Here's a backport of a fix from upstream, the fix was released in e2fsprogs 1.43.8. The master branch doesn't need this fix, since it has new enough e2fsprogs version. At least rocko, pyro and morty need this, I haven't checked older stable branches. Apparently the problematic function was introduced in e2fsprogs version 1.43. (From OE-Core rev: 0dbe43e520be5e60e3a98fc0e46358bb291b0c13) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl_1.0.2n: improve reproducibilityJuro Bystricky2018-03-264-0/+49
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Improve reproducible build of: openssl-staticdev openssl-dbg libcrypto There are two main causes that prevent reproducible build, both related to the generated file "buildinf.h": 1. "buildinf.h" contains build host CFLAGS, containing various build host references. We need to pass sanitized CFLAGS to the script generating this file ("mkbuildinf.pl". ) 2. We also need to modify the script "mkbuildinf.pl" itsel in order to generate a build timestamp based on SOURCE_DATE_EPOCH, if present in the environment. (From OE-Core rev: 6c556ed3553d8f5e75d65cd7db92b26df43846b7) (From OE-Core rev: 5a7cf3296715ac6543a171984fd09168bf73d1af) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* checklayer: remove reference to undefined classAnuj Mittal2018-03-261-2/+2
| | | | | | | | | | | | | | | LayerError doesn't exist and will lead to an error when this failure code path is hit. (From OE-Core rev: 7780482772d005c77825dc3e99e63f00911156bf) (From OE-Core rev: d06cf17109a2ca310c270ce4a27a15cb6190e2ff) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* valgrind: Fix multilib header conflict - valgrind/config.hZhang Xiao2018-03-261-1/+2
| | | | | | | | | | | | | | Header file conflict between 32-bit and 64-bit versions. (From OE-Core rev: 6084879306db61c347b6f01f3bb64de327a9052d) (From OE-Core rev: 1c2213fe1ac082288f366e4578d7a6e84410d820) Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Fix multilib header conflict - tiffconf.hZhang Xiao2018-03-261-1/+5
| | | | | | | | | | | | | | Header file conflict between 32-bit and 64-bit versions. (From OE-Core rev: 53f320797765b5f184a83cd065f9b5e454ee14e3) (From OE-Core rev: 837f8df7bd5767e49ce59b2b1e5a4a65d1bfa276) Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* scripts/oe-build-perf-report: fix comparing arbitrary commitsMarkus Lehtonen2018-03-261-7/+4
| | | | | | | | | | | | | | | Fix a crash when generating a txt report and the two commits to be compared were not consecutive (but there were some tested commits between them). (From OE-Core rev: f3afd2c47f4c740df52dfd80e208ce721d5ebf6e) (From OE-Core rev: 00b197b2fb2253f2c5c534b16cc2d3d55aad6352) Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: run postinst script only for -target packageAlexander Kanavin2018-03-261-2/+3
| | | | | | | | | | | | | | | | | | Nativesdk package has a special arrangement where the same thing is done in do_install(). It was assumed (in the comment) that postinsts don't run when installing nativesdk packages, but this was incorrect: they are run, but any failures were previously silently ignored. Now this missing failure reporting has been fixed, and so we get to see the failures. (From OE-Core rev: 8ebb695c1429f8d57d655072a362a4f176258699) (From OE-Core rev: 31f69f8fd8a08fadee0ea288214aa33c33ad6912) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>