Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=pyro-next 2018-04-04T10:06:48+00:00 2018-04-04T10:06:48+00:00 Armin Kuster akuster@mvista.com 2018-03-23T04:57:20+00:00 urn:sha1:0dd299ef57b4cb73fc7eb62d1fb75ef8e3f14555 ERROR: distcc-3.2-r0 do_fetch: Fetcher failure: Unable to find revision d8b18df3e9dcbe4f092bed565835d3975e99432c in branch 3.2 even from upstream ERROR: distcc-3.2-r0 do_fetch: Fetcher failure for URL: 'git://github.com/distcc/distcc.git;branch=3.2'. Unable to fetch URL from any source. ERROR: distcc-3.2-r0 do_fetch: Function failed: base_do_fetch [v2] upstream deleted the branch and the hash no longer exists. Took the git snapshot from yocto and created a copy on my github. There was no offical 3.2 release, only rc versions. (From OE-Core rev: f8cc08fc7db26241d996ac710484d559eff5f9c0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:48+00:00 Tanu Kaskinen tanuk@iki.fi 2018-03-21T17:08:38+00:00 urn:sha1:560941ca3483c56a3a28fc455c4e680c8bf0b948 glibc 2.27 added function copy_file_range(), and e2fsprogs happens to have a different function with the same name. The conflict made e2fsprogs-native build fail. Here's a backport of a fix from upstream, the fix was released in e2fsprogs 1.43.8. The master branch doesn't need this fix, since it has new enough e2fsprogs version. At least rocko, pyro and morty need this, I haven't checked older stable branches. Apparently the problematic function was introduced in e2fsprogs version 1.43. (From OE-Core rev: 350f2a4ad6e21acf1d357a90ba37b2c149ec7864) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:48+00:00 Ross Burton ross.burton@intel.com 2018-03-19T15:59:32+00:00 urn:sha1:b6794d2f5ad3ef1acfaeaed8b849cb00da22a2f8 glibc 2.27 has added memfd_create() but this conflicts with a copy in qemu, so take a patch from upstream to fix building with glibc 2.27. (From OE-Core rev: 8e6672055e804a0828e2f51fae9cbac81e4e834d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:48+00:00 Niko Mauno niko.mauno@vaisala.com 2018-03-16T09:01:53+00:00 urn:sha1:736ef9be76e46d3e2a4d26155629e87420dde3ca When running bitbake -c populate_sdk <image_name>, it is expected that packages matching SDKIMAGE_INSTALL_COMPLEMENTARY name mask (unless declared in PACKAGE_EXCLUDE_COMPLEMENTARY) are installed to resulting SDK. Underlying mechanism issues a package manager install call for set of complementary packages. However the mechanism doesn't seem to inform the user all too obviously in case the package manager command behind install_complementary() method fails -- and since it is combined with attempt_only=True option, user might end up wondering why several *-dev, *-dbg packages are missing from resulting SDK. Improve associated install() method behaviour in affected OpkgPM and DpkgPM classes so that a problematic state of affairs becomes directly obvious for bitbake user, resulting in shell output like: WARNING: someimage-1.0-r0 do_populate_sdk: Unable to install packages. Command '...' returned 1: Collected errors: * Solver encountered 1 problem(s): * Problem 1/1: * - package somepkg-dev-1.0-r0.x86 requires somepkg = 1.0-r0, but none of the providers can be installed * * Solution 1: * - allow deinstallation of someotherpkg-1.1-r1.x86 * - do not ask to install a package providing somepkg-dev * Solution 2: * - do not ask to install a package providing somepkg-dev (From OE-Core rev: 2502bd591c37bf532d02dc6b37fc1e8b5224fb0a) (From OE-Core rev: 88bbc4b84ce97f82d08c841edf25e6fc29d408b0) Signed-off-by: Niko Mauno <niko.mauno@vaisala.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0d4459e7086fced5e9e0b4ad10378c9eddec56a8) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-02T16:06:25+00:00 Tanu Kaskinen tanuk@iki.fi 2018-03-31T05:21:32+00:00 urn:sha1:d74851311644caa24f439e911e0fde55010eaf05 Prevent out-of-bounds write in codebook decoding. The bug could allow code execution from a specially crafted Ogg Vorbis file. References: https://www.debian.org/security/2018/dsa-4140 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 (From OE-Core rev: 5c880fe974907195c563b5580cb43b3b2fb92203) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-02T16:06:25+00:00 Tanu Kaskinen tanuk@iki.fi 2018-03-31T05:21:31+00:00 urn:sha1:8950d4ffc4ea677b7900b6de5a3dce65cb4d2ccb Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632 (From OE-Core rev: e584aca38396db5e3d461f57804519261eecedc2) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-02T16:06:25+00:00 Tanu Kaskinen tanuk@iki.fi 2018-03-31T05:21:30+00:00 urn:sha1:20d103d88179e2c46e9e014eb629db411d4544f3 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633 (From OE-Core rev: 3ea65ee8b31a16a20f5c28c19f4c758f8deabf6e) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-02T16:06:24+00:00 Ross Burton ross.burton@intel.com 2018-03-16T11:28:32+00:00 urn:sha1:e04867e26fd30ad4f30000a69d27f0ba7d76df89 For some reason dnf is aborting with the fairly useless "failed to read RPMDB" error during SDK creation. Luckily as we're just deleting locale packages we can pass False to remove() to use RPM directly, which doesn't crash. (From OE-Core rev: cb118806841e585ec6ca820360329ae7d122c0af) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-02T16:06:24+00:00 Ross Burton ross.burton@intel.com 2018-03-01T18:26:28+00:00 urn:sha1:796efea2d2359e6edbd5d4232895ef3a65959f5d localedef has no way to specify which locale archive to use, and the compile-time default isn't useful as it points to the work directory. Add support to read an environmental variable for the path, and don't fail to write a new locale archive. (From OE-Core rev: bf0f205a3c3714926649bd69db29e4df1c0ea112) (From OE-Core rev: 72ab0e7d49610f6ffcc99fa8723aeeaada852d88) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-02T16:06:24+00:00 Ross Burton ross.burton@intel.com 2018-03-01T18:26:30+00:00 urn:sha1:f768fb3d2245b349af44aaa81d39a667adb9778c (From OE-Core rev: 8d1b530c82de386d4183f5673c060b9d416a3835) (From OE-Core rev: b9a7821086b5165fda9f1c8a7c79a7997803f2a6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>