summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* selftest/signing: Ensure build path relocation is safezeusRichard Purdie9 days1-1/+3
| | | | | | | | | Similarly to 04ee0e8b95cd8ed890374e0007f976684206b630, ensure only full build paths are replaced in the environment to avoid breaking buildtools. (From OE-Core rev: db8ceed8f2eca92a4cffe8295481d8041281fdd0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uninative: Upgrade to 2.9Khem Raj9 days1-5/+5
| | | | | | | | | This supports glibc upto 2.32 which is now rolling into distributions (From OE-Core rev: 8523e55cc70ef5972da63a666aabacfe2a258e8f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: CVE-2020-24659Zhixiong Chi9 days2-0/+118
| | | | | | | | | | | | Backport the CVE patch from the usptream: https://gitlab.com/gnutls/gnutls.git commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a (From OE-Core rev: 7a9969fe8cb8b039976bcd482d7b815922ae54ea) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: Security Advisory - go - CVE-2020-24553Li Zhou9 days3-0/+459
| | | | | | | | | | | Backport the patch from <https://github.com/golang/go/commit/ eb07103a083237414145a45f029c873d57037e06> to solve CVE-2020-24553. (From OE-Core rev: 794dfa173adbce781c9fe609d58d3ed9b8cbd501) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: CVE-2020-14364Li Wang9 days2-0/+94
| | | | | | | | | | | Backport patch from: https://git.qemu.org/?p=qemu.git;a=patch;h=b946434f2659a182afc17e155be6791ebfb302eb (From OE-Core rev: 8b4163c4e60f5e96790522e129f84102831feb8e) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security Advisory - bind - CVE-2020-8624Li Zhou9 days2-0/+34
| | | | | | | | | | | Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/e4cccf9668c7adee4724a7649ec64685f82c8677> to solve CVE-2020-8624. (From OE-Core rev: 660d170b6889b5e644da9fbef22220f63169aeb5) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security Advisory - bind - CVE-2020-8623Li Zhou9 days2-0/+403
| | | | | | | | | | | Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab> to solve CVE-2020-8623. (From OE-Core rev: cfbd144e94452bc4a197b284b5ec47cfff5b0047) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security Advisory - bind - CVE-2020-8622Li Zhou9 days2-0/+61
| | | | | | | | | | | Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/6ed167ad0a647dff20c8cb08c944a7967df2d415> to solve CVE-2020-8622. (From OE-Core rev: 64a2b62c41574bf4d45dd8ed447ee3b6c05fbd84) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu : fix CVE-2020-15863Li Wang9 days2-0/+65
| | | | | | | | | | (From OE-Core rev: 30b0784e2eef9c4d45296857b0792a4374020fab) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Li Wang <Li.Wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: CVE-2020-10756Stefan Ghinea9 days2-0/+41
| | | | | | | | | | | | | | | | | | | | | | An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. References: https://nvd.nist.gov/vuln/detail/CVE-2020-10756 https://bugzilla.redhat.com/show_bug.cgi?id=1835986 Upstream patches: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c7ede54cbd2e2b25385325600958ba0124e31cc0 (From OE-Core rev: b6d73f9f8c055928051dc57943baf5833568d04f) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: CVE-2020-16845Zhixiong Chi9 days2-0/+111
| | | | | | | | | | | | Backport CVE patch from the upstream: https://github.com/golang/go.git commit 027d7241ce050d197e7fabea3d541ffbe3487258 (From OE-Core rev: 4fa2a6c171e62855ad9a2bd7a2d8507067f62988) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: CVE-2020-16092Li Wang9 days2-0/+50
| | | | | | | | | | | Backport CVE patch from the upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 (From OE-Core rev: ffb65dd34fce4c75b9aa00dc0197bf83198a9980) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xserver-xorg: Security Advisory - xserver-xorg - CVE-2020-14347Li Zhou9 days2-0/+38
| | | | | | | | | | | | Backport patch from <https://gitlab.freedesktop.org/xorg/xserver/-/ commit/aac28e162e5108510065ad4c323affd6deffd816> to solve CVE-2020-14347. (From OE-Core rev: 850b454c090523f7f7503d4472fda77a4b2fc7a0) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/runtime_test: Disable test_testimage_virgl_gtkRichard Purdie9 days1-1/+1
| | | | | | | | | | | | This test keeps failing on the autobuilder and is proving extremely annoying. It works much better in later releases but for zeus and earlier, lets just stop running it as it doesn't really tell us anything useful at this point, nobody has any plans to improve the distro exclusions or otherwise fix it in the older releases. (From OE-Core rev: 290b9083b539a938fe8e12d5b17bb1348644a4e8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-testtools: Avoid traceback2 module requirementRichard Purdie9 days2-0/+25
| | | | | | | | | | | | | | | | traceback2 adds traceback for python2. Rather than depend on traceback2, we're python3 only so just use traceback. This caused breakage in oe-selftest -j which uses testtools on the autobuilder using buildtools-tarball. [YOCTO #13652] (From OE-Core rev: ee80a06c107375e3cf0d246ea17c09dda4536dab) (From OE-Core rev: 9f51e83ab407c3dff6624b6ae1b03ca6c326d382) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* acl: Disable parallel make installRichard Purdie9 days1-0/+3
| | | | | | | | | | Similiarly to attr, do_install fails on newer versions of make with interesting and hard to debug errors. Disablle parallle make install as a workaround. Later verisons of acl in newer releases don't have the issue. (From OE-Core rev: 036a4b425f88a237c2c7c1b9575bd2d372a8e130) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* attr: Disable parallel make installRichard Purdie9 days1-0/+3
| | | | | | | | | | do_install fails on newer versions of make with interesting and hard to debug errors. Disablle parallle make install as a workaround. Later verisons of attr in newer releases don't have the issue. (From OE-Core rev: 3bea0931087698b9913f56bb93df3ef279ab4930) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest: Ensure buildtools in environment variables isn't replacedRichard Purdie9 days1-1/+1
| | | | | | | | | | | | | This avoids the seeing broken replacements like: oe-selftest-centos/build/build-st-926tools/sysroots/x86_64-pokysdk-linux/etc/ssl/certs/ca-certificates.crt which understandably break builds. (From OE-Core rev: 04ee0e8b95cd8ed890374e0007f976684206b630) (Cherry-picked from f930e2cadb9ee69759720b6c49aeeb6dd43a7edd but adjusted for thud) (From OE-Core rev: 3841b0e2a2e1c1ebd296c6057831b3e463fcba69) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/testsdk: Use original PATHRichard Purdie9 days1-5/+2
| | | | | | | | | | | | | | | | We want to test the SDK with PATH from the original host, not with our own tools injected via HOSTTOOLS. It even uses some tools which aren't in HOSTTOOLS. This is necessary after changing the SDK to not reset PATH to the system default which is bad for other reasons and brings the testing into sync with that change. (From OE-Core rev: 87c9602fd0dedc7bcf75b822aaf5f6ebfc17737c) (From OE-Core rev: e58bc5ea7d4da2e50e1820e80a5f906ce38d2372) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildtools-extended-tarball: add nativesdk-libxcrypt-devJeremy Puhlman9 days1-0/+1
| | | | | | | | | | | | | | | virtual/crypt-native is assume provided in bitbake.conf, so buildtools-extended-tarball shoud provide crypt since it doesn't use the host's headers/libraries. [YOCTO #13714] (From OE-Core rev: da948b25d5ef452fb35275d108e18d2a2829f4fb) (From OE-Core rev: bc42406d83310398bc4d4db4244252411eff117d) Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Update nativesdk locale relocation patchRichard Purdie9 days1-3/+32
| | | | | | | | | | | | The locale binary reported incorrect locale lists in relocated toolchains as some path references were not relocated by this patch. Fix this missing relocations so the locale binary correctly reports the locales. (From OE-Core rev: f7a6a72880009380ae81bc7fc863921a26811c8c) (From OE-Core rev: e4c4337e642f565e9988a4a2c50a995090d1f49e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildtools-tarball: add nativesdk-pythonJeremy Puhlman9 days1-0/+1
| | | | | | | (From OE-Core rev: 6467eb4461f3cab16cab2ba63154c92fc2adacef) Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildtools-tarball: export OPENSSL_CONF in environment setupSteve Sakoman9 days1-0/+1
| | | | | | | | | | | | | The autobuilder has been experiencing SSL: CERTIFICATE_VERIFY_FAILED errors during error report uploads when using buildtools due to looking for certs in /opt/poky (From OE-Core rev: 197f1d5d14b8e57295f5a81c03c86abba5328614) (From OE-Core rev: 35c6ab2501672083cf8b974d8b9c3daa3202de36) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildtools-tarball: export OPENSSL_CONF for opensslLiwei Song9 days1-0/+1
| | | | | | | | | | | export OPENSSL_CONF to aviod SDK openssl can not find openssl.cnf. (From OE-Core rev: 0aaf3dd17dcde959e9c0d62543cb91c9b33551b4) (From OE-Core rev: 63d8569b2c9f66e8123e2672a7f8fb8e7cc1f0b4) Signed-off-by: Liwei Song <liwei.song@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildtools-extended-tarball: Add libstc++.aJeremy Puhlman9 days1-0/+1
| | | | | | | | | | | | | | Builds like native-openjdk, really wants a to link some tools against the static version. Since when using the extended tarball, its the only place to get it, add the library. (From OE-Core rev: 59c4a3fdbbfd5a6aaba7e0a1675dcd5866a7f3a4) (From OE-Core rev: 152709dec03bbac582ca63b65f2efb835e0b33fb) Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nativesdk-buildtools-perl-dummy: add dependencies for autoconf and automakeTim Orling9 days1-0/+3
| | | | | | | | | | | | * For buildtools-extended-tarball, where we are adding all of build-essentials to the nativesdk, we need additional perl modules for autoconf and automake. (From OE-Core rev: f0f766160663407ea7683d31bbf5f011accc9ba2) (From OE-Core rev: e7ade58a7da52ebb40120020dd86dd3ae9b2148e) Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildtools-extended-tarball: Add locale commandRichard Purdie9 days1-0/+1
| | | | | | | | | | | The eSDK installation code checks installed locales with the locale command which is from glibc-utils. Add this so that we find the correct locales from the buildtools. (From OE-Core rev: 7d35e4bc6ff94a2d03c48827d7d60a6855c9029d) (From OE-Core rev: d99b6432decec0964ac0e08698abc782c9b114f5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* files/toolchain-shar-extract.sh: Rework PATH cleaningRichard Purdie9 days1-8/+3
| | | | | | | | | | | | | Trying to create a clean PATH breaks cases where we install a buildtools tarball on hosts to provide newer versions of gcc. Rework the fix for #8698 to clean up directories in PATH which don't exist isntead. Do it with python as the shell version was too fraught with corner cases. (From OE-Core rev: 7674b63819aa7ca95ca5ca5477a5cce32e9691eb) (From OE-Core rev: 9825236deacf6eb311121d233435a46288c02cdb) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Install non-alternatives links for nativesdkRichard Purdie9 days1-0/+3
| | | | | | | | | | | In the SDK we need the plain symlinks and don't use alternative providers. When these are missing the toolchain can work incorrectly so fix this. (From OE-Core rev: 0c06cfaa016d06cc56d80dc1c244a938f3d38a3c) (From OE-Core rev: 0d299c5dc04407d2d54574157f4014f50f2d0468) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Fix relocation of ld.so.conf in nativesdk buildsRichard Purdie9 days2-0/+82
| | | | | | | | | | | | | | | | | | | We need binutils to look at our ld.so.conf file within the SDK to ensure we search the SDK's libdirs as well as those from the host system. There add a patch which passes in the directory to the code using a define, then add it to a section we relocate in a similar way to the way we relocate the gcc internal paths. This ensures that ld works correctly in our buildtools tarball. Standard sysroot relocation doesn't work since we're not in a sysroot, we want to use both the host system and SDK libs. (From OE-Core rev: f6c1089642934ad93056ef19a0888965486ee030) (From OE-Core rev: 09a2b16ac2bd1e3e415131e46315c851373aa7e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildtools-tarball: Add an ld.so.conf for nativesdk-binutilsRichard Purdie9 days1-0/+4
| | | | | | | | | | | We need to search our own libdirs, then fall back to the system ones as our customised dynamic loader will. Have ld.so.conf reflect that. This ensures that binutils finds libraries here when linking too. (From OE-Core rev: ab729c362684474a8346e5256d636200826feb47) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* buildtools-extended-tarball: add recipe with build-essentialsTim Orling9 days1-0/+32
| | | | | | | | | | | | | | | | | | | * For some aging distros, such as CentOS 7, the native version of gcc is simply too ancient and is a constant source of headaches for moving forward. * Add an extended version of buildtools-tarball which adds all of build-essential, so that the host is now modernized and capable of compiling the latest versions of components. Fixes [YOCTO #13714] (From OE-Core rev: f0377af2325613b63716b0bb4db1ab253d79f388) (From OE-Core rev: bb4979f0e8367b475cc9a5274933a61bb0eb64b3) Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: tests/fetch: Allow wget upgrade tests to run against a local serverRichard Purdie10 days40-20/+7691
| | | | | | | | | | | Currently these tests rely upon multiple uptream webservers which may change or be unavailable. Add local copies of the test data, copy the httpserver from OE-Core (used for testing there) and run these tests against a local server instead. (Bitbake rev: 1d4f3a5cb64273508357cddc32cc5367e7807191) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: fetch2: Change git fetcher not to destroy old referencesRichard Purdie11 days1-1/+1
| | | | | | | | | | | | | | | | It looks like we're about to see a lot of changes in branch names in repos. If we have the prune option here, those old names are lost, the changes propagate to our source mirrors and our old releases break. We have the force option so any replaced references should be replaced, its only orphaned branches which will now be preserved. I believe this behaviour will cause us fewer problems given the changes that look likely to happen. (Bitbake rev: e2fc4147bbe436ac79de187d92d3bc80a8a95349) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Documentation: Prepared for 3.0.4 releaseakuster2020-08-159-37/+72
| | | | | | | (From yocto-docs rev: 9f51be3a11b7422aba3617a90a98336c3c75f71e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to zeus head revisionzeus-22.0.4yocto-3.0.4Richard Purdie2020-08-141-1/+1
| | | | | | (From OE-Core rev: 9cad716656b427e625a470a820b8b29b1ec9f976) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky.conf: Bump version for 3.0.4 zeus releaseRichard Purdie2020-08-141-1/+1
| | | | | | (From meta-yocto rev: 6cd2fc85bd6a40474b21b83408c0a57bb819649f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre: Add fix for CVE-2020-14155Rahul Taya2020-08-122-0/+42
| | | | | | | | | | | | | | | | | | | | Added below patch in libpcre CVE-2020-14155.patch This patch fixes below error: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre via a large number after (?C substring. By sending a request with a large number, an attacker can execute arbitrary code on the system or cause the application to crash. Tested-by: Rahul Taya <Rahul.Taya@kpit.com> (From OE-Core rev: 3f536edfa56ce3f93223c23ed48427a0c24ede1a) Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: Security Advisory - go - CVE-2020-15586Li Zhou2020-08-122-0/+132
| | | | | | | | | | | Backport patch from <https://github.com/golang/go/commit/ fa98f46741f818913a8c11b877520a548715131f> to solve CVE-2020-15586. (From OE-Core rev: 0e8526ce8694ebd6988c3804e4d2ccf39cda90c7) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pypi.bbclass: use new pypi UPSTREAM_CHECK_URITim Orling2020-08-121-1/+1
| | | | | | | | | | | | | | | Upstream https://pypi.python.org/pypi/${PYPI_PACKAGE}/ redirects to https://pypi.org/project/${PYPI_PACKAGE}/ (From OE-Core rev: b535360f0bd2fb6a057b678f35da1803a31eeba6) Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit e5f3f961242d888f3f786af8f793bf1d247fdff0) [Yocto # 13990] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pypi.bbclass: mind package suffix on version checkKonrad Weihmann2020-08-121-1/+1
| | | | | | | | | | | | | | | | | Some pypi packages do have suffixes like dev, or a0 or b1. When doing a version check on these, the version will get falsely identified as major release versions. Add a terminating slash to rule out those false positives (From OE-Core rev: 13b145b9551884534f1dd2446eccfc55abc25f38) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 0603f6d9f2abfa67b99b1bc39228f6aa16a0370d) [Yocto bug #13990] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0: fix builds with make 4.3Anuj Mittal2020-08-043-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Depend on make-native instead of using host make to avoid errors like: | controller-enumtypes.c:10:1: error: stray '\' in program | 10 | \#include "gstinterpolationcontrolsource.h" | | ^ | controller-enumtypes.c:10:2: error: stray '#' in program | 10 | \#include "gstinterpolationcontrolsource.h" | | ^ | controller-enumtypes.c:10:11: error: expected '=', ',', ';', 'asm' or '__attribute__' before string constant | 10 | \#include "gstinterpolationcontrolsource.h" | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | controller-enumtypes.c:11:1: error: stray '\' in program | 11 | \#include "gstlfocontrolsource.h" | | ^ | controller-enumtypes.c:11:2: error: stray '#' in program | 11 | \#include "gstlfocontrolsource.h" This helps building on autobuilder where some workers have buildtools with make 4.3 installed. Building using meson works fine so later branches are not affected and upstream has rejected patches to fix this: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/515 (From OE-Core rev: 74e22d0d2b61d0014f408972725469bb7a024622) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* core: glib-2.0: fix requested libmount/mkostemp/selinux not being linked inAhmad Fatoum2020-08-042-0/+50
| | | | | | | | | | | | | | | | | | | | | | | | Since 010202076760 ("meson.bbclass: avoid unexpected operating-system names"), meson is no longer used with a cross file that appends the used libc to the operating system name, e.g. linux-gnueabi. Prior to that commit, the host_system == 'linux' checks in glib's meson failed, which led to glib being compiled without libmount, mkostemp and selinux even if explicitly requested. As the aforementioned commit affects all recipes built by glib, it might not be a candidate for backporting to current stable branches. To fix just the glib issue, instances of host_system == 'linux' are patched locally. The patch is marked as Upstream-Status: Inappropriate as it is rendered unnecessary for OE releases newer than Dunfell. (From OE-Core rev: 2adcc5ade62fe10715a6c943565f71efe7627229) Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2020-6096Zhixiong Chi2020-08-043-0/+306
| | | | | | | | | | | | | Backport the CVE patch from the upstream: git://sourceware.org/git/glibc.git commit 79a4fa341b8a89cb03f84564fd72abaa1a2db394 commit beea361050728138b82c57dda0c4810402d342b9 (From OE-Core rev: 9059f720f00f7b8dfac89d842ad19876eae201d5) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: Fix CVE-2020-12399Ovidiu Panait2020-08-042-0/+111
| | | | | | | | | | | | | | | | | | Master (nss version 3.54) is not affected by this issue. This is a backport from nss version 3.54. NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Upstream patch: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e (From OE-Core rev: c447b32c1ec0c117748a4be68dda02d375c81b85) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update: handle baseMetricV2 as optionalKonrad Weihmann2020-08-041-4/+9
| | | | | | | | | | | | | | Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 (From OE-Core rev: e1c507da9fa5fd12dd42037d0476d94fe3aac730) Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fdcbf3f28289188c5a97664d1421d4a5c4991eda) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-numpy: Stop shipping manual config filesAdrian Bunk2020-08-0429-2022/+0
| | | | | | | | | | | | | Automatic generation seems to work fine, and does not become outdated. (From OE-Core rev: 49a9b38bb8355aa6b3413335851b7b609356e33b) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8993270f8bc65e152418d84fde03f8ead83c054b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest/context: Avoid tracebacks from tests using multiprocessingRichard Purdie2020-08-041-1/+5
| | | | | | | | | | | | | | | | | We can see tracebacks where the SIGTERM handler catches things it shouldn't. Avoid exit(1) unless we're the process that it was intended for. [YOCTO #13664] (From OE-Core rev: d9c62ffac611310efd47ed6397d31dccb72fe868) (From OE-Core rev: 45b4bd7b4d30d81bdff0d471e8d97c2322ed2f75) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dba8c1d5ef0b574b7772d59e5992bfad8b7cca13) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite: backport CVE fixSakib Sajal2020-08-042-0/+33
| | | | | | | | | | | | | | | Fixes CVE-2020-11655 (From OE-Core rev: 3b06a6c73f4e49c6d00f758423c2e8865ec2de00) (From OE-Core rev: 36edee3e489e7bd94d6fa555f87d94c5ec0f3ad8) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [ without the CVE-2020-11656 fix that did not apply cleanly ] Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perf: Correct the substitution of python shebangsHe Zhe2020-08-041-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | | To make the native python3 always used, - Use sed one-liner instead - Add substitution for ${S}/scripts/bpf_helpers_doc.py to fix the following warning. File "/usr/lib/python3.6/sysconfig.py", line 421, in _init_posix _temp = __import__(name, globals(), locals(), ['build_time_vars'], 0) ModuleNotFoundError: No module named '_sysconfigdata' This issue is first reported by Joel Stanley <joel@jms.id.au> The sed one-liner is credited to Anuj Mittal <anuj.mittal@intel.com> (From OE-Core rev: 3f93173130a94310255389cfc62c67102a4fb21b) (From OE-Core rev: c0bcc24ccc6d769935d7fa202a1405250d94e342) Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3a1a18ba9d28adb5562eabe9ec354f6d93154f5c) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>