summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* qemuboot.conf: make cpus match built artifactsMartin Kelly2017-07-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, the qemu CPUs for are specified as generic, but the built artifacts are not. For example, we build x86-64 artifacts targeting core2duo but run them in qemu with generic qemu/kvm CPUs. This causes some packages that take advantage of the host architecture to crash because they try to use CPU features not advertised by qemu. As an example, Qt uses ssse3. When artifacts linked against Qt and built targeting core2duo attempt to run on a generic qemu/kvm CPU, we get the following crash: Incompatible processor. This Qt build requires the following features: ssse3 We could fix this by making packages like Qt not take advantage of CPU features. However, we will probably keep facing similar issues over time, so it's better to resolve them in a more enduring way. Fix this by making the qemu -cpu arguments match the built artifacts. (From OE-Core rev: 20b3574749420a1fef2cb2e0579584453dd4c5c5) (From OE-Core rev: d945678264ba31dccb5b1dec973e8f3a58403ea2) Signed-off-by: Martin Kelly <mkelly@xevo.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_manager.py: set dnf's releasever setting from DISTRO_CODENAMEAlexander Kanavin2017-07-271-3/+5
| | | | | | | | | | | | | | | | | | | | So that: 1) dnf does not complain anymore about releasever not being set and then fail for the same reason; 2) it's possible to refer to $releasever in dnf package feed configuration (repo paths in particular) without hardconding the release name (pyro, morty, etc.) (From OE-Core rev: 789e3fc225adbb61f10aaa3bbc3677856f5f0238) (From OE-Core rev: 5a97694767c76f3083e9ffeeaaa19d76ff424c83) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* zlib: Pass pre-calculate uname enable re-entrant flagsKhem Raj2017-07-271-5/+7
| | | | | | | | | | | | | Fix ptest generation (From OE-Core rev: 07f4b0f016225e2b211689a270e56b2923ecb434) (From OE-Core rev: b99dd747eb8723010f37660de434dde329e7958b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: Add a dependency on perl for gitwebPeter Kjellerstedt2017-07-271-1/+1
| | | | | | | | | | | | (From OE-Core rev: db31c837b579dc64bc86553cbc95736bfca97a90) (From OE-Core rev: 76045a1d96380e3e0a339442f3e19501c4aae5bd) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* texi2html: Add a dependency on perlPeter Kjellerstedt2017-07-271-0/+2
| | | | | | | | | | | | (From OE-Core rev: c391547e95b1854960b90d93fd9f80f02f761e61) (From OE-Core rev: dedba20c149798a6b45957b5abd29d18164581b2) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-firmware: Avoid a dependency on python-corePeter Kjellerstedt2017-07-271-0/+3
| | | | | | | | | | | | | | | Remove the check_whence.py script since it is only needed to validate the WHENCE file, and only if explicitly running `make check`. (From OE-Core rev: 1fc4d5a31f05970d8d80b0106ea81d486f298e33) (From OE-Core rev: a933bd65e7a02e1faa9dc83c04cefd8205f05421) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcap: apply fix from upstream to fix build raceRoss Burton2017-07-272-0/+30
| | | | | | | | | | | | | | ../libpcap-1.8.1/grammar.y:78:10: fatal error: scanner.h: No such file or directory (From OE-Core rev: aaed4e92d79919e40c896536fcb4ff6567c9a755) (From OE-Core rev: d788d2649ec6b1bf3e72b3c8fcec11b6d68412cc) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: Install zone1970.tabJan Kiszka2017-07-271-0/+2
| | | | | | | | | | | | | | The modern version of zone.tab is required by tzselect e.g. (From OE-Core rev: de467998ecfa5fa1d2e9dd43a4a3d828cf9ccade) (From OE-Core rev: c92a783a2d42a6248fc0b982889a9cdc53e6ccd3) Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-0663Andrej Valek2017-07-272-0/+41
| | | | | | | | | | | | | | | | | | | Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228 CVE: CVE-2017-0663 (From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227) (From OE-Core rev: e442e7105ba39ddaed0749614b5ee552f9df2d5a) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-5969Andrej Valek2017-07-272-0/+63
| | | | | | | | | | | | | | | | | | Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 CVE: CVE-2017-5969 (From OE-Core rev: 0cae039cbe513b7998e067f4f3958af2ec65ed1a) (From OE-Core rev: f0017a7b8b3fc4407e6596156b57aa1183937382) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-9049 and CVE-2017-9050Andrej Valek2017-07-272-0/+292
| | | | | | | | | | | | | | | | | | | | Fix handling of parameter-entity references There were two bugs where parameter-entity references could lead to an unexpected change of the input buffer in xmlParseNameComplex and xmlDictLookup being called with an invalid pointer. Fixes bug 781205 and bug 781361 CVE: CVE-2017-9049 CVE-2017-9050 (From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b) (From OE-Core rev: a409c50a09b12caa434b2b06bdcfb6beba43f67f) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix CVE-2017-9047 and CVE-2017-9048Andrej Valek2017-07-272-0/+104
| | | | | | | | | | | | | | | | | xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 and bug 781701 CVE: CVE-2017-9047 CVE-2017-9048 (From OE-Core rev: bb0af023e811907b4e641b39f654ca921ac8794a) (From OE-Core rev: d549b8f3836b2ffda5c59a7ae4d955846c558646) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Avoid reparsing and simplify control flow in xmlParseStartTag2Andrej Valek2017-07-272-0/+591
| | | | | | | | | | | (From OE-Core rev: 4651afdd457eca06da07331186bf28b98df2eeff) (From OE-Core rev: 41a5ea683cca3e635565a7a289ba260addfe4b11) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Disable LeakSanitizer when running API testsAndrej Valek2017-07-271-5/+20
| | | | | | | | | | | | | | | | Makefile.am: Disable LeakSanitizer when running API tests The autogenerated API tests leak memory. Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a] (From OE-Core rev: e3985be0ddb40e8db44422092c875a4e373a6da3) (From OE-Core rev: 008b4d1c80012dc69da2866a2d26bd1d2b736e6f) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes/buildhistory: fix failures collecting output signaturesPaul Eggleton2017-07-271-1/+13
| | | | | | | | | | | | | | | | | | | | It's possible for tasks to stage symlinks that point to non-existent files; an example is ncurses-native.do_populate_sysroot. There wasn't any error checking here so this broke the build when "task" was included in BUILDHISTORY_FEATURES. In any case we shouldn't be following symlinks and getting the sha256sum of the link target - we need concern ourselves only with the target path, so check if the file is a link and sha256 the target path instead if it is. If it's neither a regular file nor a symlink (perhaps a pipe or a device), just skip it. (From OE-Core rev: f60520d97f53dafe783f61eb58fe249798a1e1be) (From OE-Core rev: 66a0d184d8f55a8da03de9fedb18d166b80b198b) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tcf-agent: kill with USR2 in systemd stopMartin Kelly2017-07-201-0/+2
| | | | | | | | | | | | | | | | | | | tcf-agent ignores SIGTERM, so upstream uses USR2 instead. This issue was noticed by Jan Kiszka and Brian Avery around the same time: https://patchwork.openembedded.org/patch/139546/ https://patchwork.openembedded.org/patch/139560/ However, these patches fixed only the init scripts, not the systemd service file. This patch fixes the systemd file. (From OE-Core rev: 4f8ed1b3bf676a58055ebe01184b3594459a4118) (From OE-Core rev: a8d25315baf3226e2213e1cfba1d7023ec02a401) Signed-off-by: Martin Kelly <mkelly@xevo.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tcf-agent: Fix daemon terminationJan Kiszka2017-07-201-11/+1
| | | | | | | | | | | | | The upstream init script uses SIGUSR2 to terminate that daemon because SIGTERM is ignored. As the killproc function does not support specifying a signal, switch to start-stop-daemon. Drop the retry loop because SIGUSR2 is lethal for agent. (From OE-Core rev: b27d804dd0cbce3e4ed43e7fdfcc4e12c141e78d) Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: fix CVE-2017-7526Ross Burton2017-07-192-0/+456
| | | | | | | | | | Fixes CVE-2017-7526, 'flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster"'. (From OE-Core rev: 4442811291ff8b15d5562be0a68a11516183b502) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: fix CVE-2017-9526Ross Burton2017-07-192-0/+40
| | | | | | | | | | | | | In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. (From OE-Core rev: 6039dbfd981830b5406c25a27ccfae0e5ed016e8) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to pyro head revisionyocto-2.3.1pyro-17.0.1Richard Purdie2017-07-121-1/+1
| | | | | | (From OE-Core rev: beab5b357cd46094b1c376c47d04e8d0de73e1e3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance: Set to pyro release branchRichard Purdie2017-07-121-1/+1
| | | | | | (From OE-Core rev: 48b61abac098f180c37e11facd32f3bfa007254e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to pyro head revisionRichard Purdie2017-07-121-1/+1
| | | | | | (From OE-Core rev: 3a2b434ea95612ed52ec9edfd809d87cb5c086be) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd-boot.bbclass: Add configuration data to secondary EFI partitionCalifornia Sullivan2017-07-071-0/+1
| | | | | | | | | | | | | | | The secondary EFI partition is used when booting in EFI mode, and without the configuration data we don't get any boot targets. Partial fix to [YOCTO #11503]. (From OE-Core master rev: 84aa7a00810e135fdad3f77bdb1da7d1f5fb8627) (From OE-Core rev: 915b01258ef426392bb9052c345f952670db4450) Signed-off-by: California Sullivan <california.l.sullivan@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_manager: flush installed_pkgs file before oe-pkgdata-util uses itMartin Jansa2017-07-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * since this commit: commit f5a1013ffa9815f22e13989e2bcb83f966e7ce2c Author: Ross Burton <ross.burton@intel.com> Date: Tue Apr 18 16:19:12 2017 +0100 package_manager: don't race on a file when installing complementary packages the file isn't closed before oe-pkgdata-util uses it and this temporary file might look empty to oe-pkgdata-util, because it wasn't flushed yet. Which resulted in almost empty debugfs tarballs and no locale packages in regular rootfs. * without this change: 124K May 30 07:41 core-image-full-cmdline-raspberrypi3-64-20170530054003-dbg.rootfs.tar.gz * with this change: 173M May 30 07:29 core-image-full-cmdline-raspberrypi3-64-20170530052715-dbg.rootfs.tar.gz (From OE-Core rev: 9b34200048b3d2b477a19b7ddc8d447f873adbb2) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 877d38db08aa7060d16405443cf70539c559fe82) Signed-off-by: Anders Darander <anders@chargestorm.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* u-boot-mkimage: fix nativesdk buildMax Krummenacher2017-07-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | If building for nativesdk the wrong rss sysroot is used leading the following error message. | ERROR: oe_runmake failed | In file included from tools/imximage.c:13:0: | include/image.h:1024:27: fatal error: openssl/evp.h: No such file or directory | # include <openssl/evp.h> Tools needed on the build host (script/basic/fixdep) and code compiled for the SDK machine are both built with the build host's compiler, leading to additinal errors. Adding CROSS_COMPILE="${HOST_PREFIX}" and using the cross-compiler for the SDK_ARCH fixes the build error. The resulting binary in the SDK is working. (From OE-Core rev: aab5311f3ad9fb9f9e26b18b5fe5e54d8ec14798) Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "bitbake.conf: Add sdl-config to HOSTTOOLS if using host SDL"Richard Purdie2017-06-271-3/+0
| | | | | | | | This clearly wasn't tested as the correct variable is ASSUME_PROVIDED. This reverts commit 91cee064332969207334cd1ee5c31d02610281fc. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_ipk: Clean up Source entry in ipk packagespyro-nfvaccessRichard Purdie2017-06-161-4/+3
| | | | | | | | | | | | | | | | There is the potential for sensitive information to leak through the urls there and removing it brings this into the behavior of the other package backends since filtering it is likely error prone. Since ipks don't appear to be generated at all if we don't set this, set the field to the recipe name used (basename only, no paths). This avoids information leaking. We may want to drop the field if opkg can allow that at a future point but the recipe name is a suitable identifier for now. Reported-by: Andrej Valek <andrej.valek@siemens.com> (From OE-Core rev: 0b5e0d072f93a958e4211a8aeb2fd8cc3c25cc21) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mkelfimage: Fix broken patch when building nativeSaul Wold2017-06-141-6/+9
| | | | | | | | | | | | A change occured about a year ago that broke the native build, fix that patch [YOCTO #11590] (From OE-Core rev: ccd8e2cf7157c941ebacc6be306c1dbe2ec31e86) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* automake: Backport perl 5.22 fixMarek Vasut2017-06-142-0/+33
| | | | | | | | | | | Backport 13f00eb4493c "automake: port to Perl 5.22 and later" from automake upstream to fix build with perl 5.22 . (From OE-Core rev: ab0e298ec2c155739565f1cde76639855ba7bba0) Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: Add sdl-config to HOSTTOOLS if using host SDLJonathan Liu2017-06-141-0/+3
| | | | | | | | | | | If ASSUME_PROVIDES contains libsdl-native, we need to add sdl-config to HOSTTOOLS to allow access to the host sdl-config. (From OE-Core rev: ed5a602d3eb418beb2f9731fda96415ed16efff2) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: add patches for unbuildable surfaceless Mesa testDaniel Díaz2017-06-124-0/+171
| | | | | | | | | | | | | | | | | | | | | | [Backported from master.] Some EGL implementations do not actually ship all Khronos- extensions. As it turns out, the Mali 450 driver does not include any of the following symbols, used by the egl_mesa_platform_surfaceless.c spec test: * eglGetPlatformDisplay * eglCreatePlatformPixmapSurface * eglCreatePlatformWindowSurface The Right Thing To Do was to obtain the implementation of these functions (via eglGetProcAddress), as is provided by their EXT counterparts. These are guaranteed to exist since they are required by EGL_EXT_platform_base. (From OE-Core rev: 903a051d47e550553aa9d6d9c38c43737f376cfe) Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: add patch for lack of gbm_bo_mapDaniel Díaz2017-06-122-0/+52
| | | | | | | | | | | | | | | | | | | | | | | | [Backported from master.] [Piglit Bug #100978] -- https://bugs.freedesktop.org/show_bug.cgi?id=100978 When linking against Mali 450 r6, errors like the following can be seen: ../../../../lib/libpiglitutil_gl.so.0: undefined reference to `gbm_bo_unmap' ../../../../lib/libpiglitutil_gl.so.0: undefined reference to `gbm_bo_map' collect2: error: ld returned 1 exit status make[2]: *** [bin/point-sprite] Error 1 This is due to gbm_bo_map() and gbm_bo_unmap() being recently added but not yet implemented by all graphics drivers. Instead of relying on GBM's version, actually try to link against those symbols. (From OE-Core rev: 484db109df742aafa8efc41dc3a8d31386d9b2a3) Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: depend on virtual/eglDaniel Díaz2017-06-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | [Backported from master.] While building for Hikey using Mali 450 driver (r6p0), an error like the following appears while linking: [ 1%] Linking C shared library ../../../../lib/libpiglitutil.so [...] [...]/aarch64-linaro-linux/gcc/aarch64-linaro-linux/6.3.1/ld: cannot find -lEGL collect2: error: ld returned 1 exit status make[2]: *** [lib/libpiglitutil.so.0] Error 1 Mesa generally provides virtual/egl (along with virtual/libgl, which satisfies Piglit's current DEPENDS) but that is not the implementation to use with Mali. (From OE-Core rev: 5bfa4ccdba64d814cc480f22ccd8c493d87d36e7) Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* image-vm: Avoid use of fold, tac and paste commands for DISK_SIGNATUREJonathan Liu2017-06-121-1/+1
| | | | | | | | | | | | These commands are not whitelisted by the HOSTTOOLS variable which silently prevents the MBR disk signature from being written to the image. Reported-by: Michael Davis <michael.davis@essvote.com> (From OE-Core rev: 5527af688f6ccaacd7ec24d29425d0c007d5341c) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel: predefine KBUILD_BUILD_USER and KBUILD_BUILD_HOSTJoshua Lock2017-06-111-0/+2
| | | | | | | | | | | | | | | | By exporting KBUILD_BUILD_USER with a pre-defined value we improve the reproducibility of the kernel and remove the requirement for whoami in the HOSTTOOLS. KBUILD_BUILD_HOST also helps improve the reproducibility of the kernel. For more kernel reproducibility options see: https://lwn.net/Articles/437864/ (From OE-Core rev: 357801a491efc067c6d4bd9a2bfa6fff460357aa) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: fix CVE-2017-7210Yuanjie Huang2017-06-052-0/+72
| | | | | | | | | | | | | | | CVE: CVE-2017-7210 [BZ 21157] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21157 PR binutils/21157: Fix handling of corrupt STABS enum type strings. (From OE-Core rev: d12a99cba6c9dc9e1f6bc3a7ca8057f07e9cb950) (From OE-Core rev: 4ca4e781f1c62696f896d7027081f759798794aa) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: fix CVE-2017-7209 in readelfYuanjie Huang2017-06-052-0/+63
| | | | | | | | | | | | | | | | CVE: CVE-2017-7209 [BZ 21135] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21135 PR binutils/21135: Fix invalid read of section contents whilst processing a corrupt binary. (From OE-Core rev: 2df642ca0a1e4a4e6616729018cf32d2108cabb2) (From OE-Core rev: b262000162cb4e18421dd85bf5216c9fa3bdbf15) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: Fix CVE-2017-5029Fan Xin2017-06-052-0/+81
| | | | | | | | | | | Backport upstream patch to fix CVE-2017-5029. (From OE-Core rev: 5266e74c990df1cf965d162d9695eb5a698883ae) (From OE-Core rev: 172f76a1a43921d92a385d6d123dffaf27eb368f) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2017-9216Catalin Enache2017-06-055-0/+151
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. References: https://nvd.nist.gov/vuln/detail/CVE-2016-7977 https://nvd.nist.gov/vuln/detail/CVE-2016-7978 https://nvd.nist.gov/vuln/detail/CVE-2016-7979 https://nvd.nist.gov/vuln/detail/CVE-2017-9216 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=875a0095f37626a721c7ff57d606a0f95af03913 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3ebffb1d96ba0cacec23016eccb4047dab365853 (From OE-Core rev: 584dfa2f780d5785aaff01f84fbabc18b3478d76) (From OE-Core rev: 6fed7cd6077c46ad2213226d4675fad9b10ab024) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: CVE-2016-8602, CVE-2017-7975Catalin Enache2017-06-053-0/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. References: https://nvd.nist.gov/vuln/detail/CVE-2016-8602 https://nvd.nist.gov/vuln/detail/CVE-2017-7975 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e57e483298 (From OE-Core rev: 8f919c2df47ca93132f21160d919b6ee2207d9a6) (From OE-Core rev: 6040b8735b79397bf49a2154f81e9aab34c15413) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: fix CVE-2017-6969 in readelfYuanjie Huang2017-06-053-0/+181
| | | | | | | | | | | | | | | | | | CVE: CVE-2017-6969 [BZ 21156] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21156 PR binutils/21156: Fix illegal memory accesses in readelf when ing a corrupt binary. PR binutils/21156: Fix another memory access error in readelf when parsing a corrupt binary. (From OE-Core rev: de04c9811f7ce5179ba261bd8eae921d7873d6cd) (From OE-Core rev: ae0e01474623969dc193687d59fb5a65ab4d42bc) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpcbind: Fix CVE-2017-8779Fan Xin2017-06-052-0/+222
| | | | | | | | | | | | | | | This vulnerability is also called "rpcbomb". Backport upstream patch to fix this vulnerability. CVE: CVE-2017-8779 (From OE-Core rev: 7936c9451eb4c376a78a0ac7461d1b2430c7f1f3) (From OE-Core rev: bab6667d44df185b4433bcd1c283105966383844) Signed-off-by: Fan Xin<fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Fix CVE-2017-8392Fan Xin2017-06-053-0/+110
| | | | | | | | | | | | | | | | | | | | | | Backport upsream commit to fix CVE-2017-8392 CVE: CVE-2017-8392 [BZ 21409] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21409 PR 21409, segfault in _bfd_dwarf2_find_nearest_line PR 21409 * dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when no symbols. (From OE-Core rev: dff01b827c87ae135a1d5511b1efbdad01c0eaee) (From OE-Core rev: c5a5017ce710108c61dba0e0af72bb72a9419701) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check.bbclass: make warning contain CVE IDsChen Qi2017-06-051-4/+5
| | | | | | | | | | | | | | | | | | | When warning users about unpatched CVE, we'd better put CVE IDs into the warning message, so that it would be more straight forward for the user to know which CVEs are not patched. So instead of: WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE, for more information check /path/to/workdir/cve/cve.log. We should have: WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE (CVE-2017-7869), for more information check /path/to/workdir/cve/cve.log. (From OE-Core rev: ad46069e7b58f2fba373131716f28407816fa1a6) (From OE-Core rev: e0e1414a4574d4165a8dc5d0d9d0d5b5a660355f) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check-tool: backport a patch to make CVE checking workChen Qi2017-06-052-0/+53
| | | | | | | | | | | | | | | | | CVE checking in OE didn't work as do_populate_cve_db failed with the following error message. [snip]/downloads/CVE_CHECK/nvdcve-2.0-2002.xml is not consistent Backport a patch to fix this error. (From OE-Core rev: ee55b5685aaa4be92d6d51f8641a559d4e34ce64) (From OE-Core rev: e0f0a7283c597e783b69aac2c8e8a7663b70262d) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest: lock down Meson git revision for reliabilityRoss Burton2017-06-051-2/+2
| | | | | | | | | | | | | | | | The test_recipetool_create_github test fetches HEAD of the repository so upstream changes can (and do) break the test. Avoid these problems by passing the rev= argument in the URL to lock the checkout to the same version that is fetched in the github_tarball test. Also pass the commands to runCmd() as a list instead of a string, the semicolon in the URL needs more quotes if the shell is involved and passing a list bypasses the shell entirely. (From OE-Core rev: 5f02b4300fb2ed54270aede54d30317ba757f587) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-linux: update SRC_URIChang Rebecca Swee Fun2017-05-271-1/+1
| | | | | | | | | | | | | | | Gna! project announced that the download site from gna.org HTTP server will soon be closing down. We have verified that the site is no longer accessible without network proxy cache. We need to update SRC_URI to point to new alternative (nwl.cc HTTP server) in order to avoid fetcher issues in future. [YOCTO #11575] (From OE-Core rev: 3195f7e68eb5cfb2af3506fe4b0dcb2f8cd9ee10) Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: CVE-2016-0634Zhixiong Chi2017-05-181-0/+3
| | | | | | | | | | | | | | | | | | | A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string. Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/ bash43-047> to solve CVE-2016-0634 CVE: CVE-2016-0634 (From OE-Core rev: 7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb) (From OE-Core rev: a4b37b05140b549960baef49237ce3316e84a041) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* staging: Allow BB_LIMITEDDEPS to avoid BB_TASKDEPDATARichard Purdie2017-05-181-16/+16
| | | | | | | | | | | | | | | | In the limited dependency case we don't use any of the data from BB_TASKDEPDATA. Restructure the code so this variable doesn't have to be set. This allows the function to be called from other contexts without creating artificial constructs. There should be no functional change, behaviour remains unchanged. (From OE-Core rev: 71e5243e3ebadb90b45fe418dac3eaa2c1b896bd) (From OE-Core rev: e962e257f4c124869953d1fbb3da7dbf564f818a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate: Ensure native/cross recipes have relocation of HOSTTOOLS_DIRRichard Purdie2017-05-181-1/+1
| | | | | | | | | | | | | | The previous change to relocate HOSTTOOLS wasn't complete as some files, particularly in gcc stashed build directories were not being correctly relocated. This patch addresses the issue. (From OE-Core rev: 21dd36cc12a033b012544c5d15a6f8afd84dabc9) (From OE-Core rev: 64c2f8acd02e0e5dca234b36a2a7097c0c16f7c2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>