summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* linux-yocto/4.14: fix kernel configuration audit warningsBruce Ashfield2018-11-163-3/+3
| | | | | | | | | | | | | | | | | | | | | | Some of the reference BSPs for 4.14 need fixes that have been done on 4.18 and master to silence warnings, so we cherry-pick the following changes: f991b21d7858 config: flash: drop obselete config values da7524cf2980 edgerouter: Drop the obsolete kernel options 675c5b0cde65 cfg: drop MACH_VERSATILE_PB and MACH_VERSTAILE_AB 0936b18ed8d5 cfg/timer/rtc: toggle RTC_CLASS instead of GEN_RTC 634d8f2230d1 mpc8315e-rdb: Drop the obsolete kernel options 9beb3a28736e rt: drop obselete configuration options (From OE-Core rev: bfe6a9b2d1a118791cebcd1019f3e80bced294c6) (From OE-Core rev: d986ced945462164f7410a4df083b792e0f90cdf) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: tweak RTC configurationBruce Ashfield2018-11-163-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [ Author: Jens Rehsack <sno@netbsd.org> Date: Thu Sep 13 19:29:54 2018 +0200 cfg/timer/rtc: toggle RTC_CLASS instead of GEN_RTC In 2016, the final removal of GEN_RTC happened with commit 6705fdb3 char/genrtc: remove the rest of the driver What is remaining, is a legacy driver (char/rtc) and the new RTC_CLASS framework - which supports everything except S390 and Atari. Many platforms automatically support the right driver for RTC_CLASS framework. Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> ] (From OE-Core rev: 7ddcba89a3bbed4b582768661585684ffdc85f31) (From OE-Core rev: 924ce56ab8a957087906c97ffbfcf9a4a96e0d4f) Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Drop 4.18 changes] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: configuration warning fixesBruce Ashfield2018-11-163-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Integrating the following commits to address kernel configuration audit warnings: 856794172e8f features/intel-pinctrl: Fix conflict with configs 397b67321037 bsp/intel-x86: Rename CONFIG_R8723BE to CONFIG_RTL8723BE fca2a16483f2 features/thermal: Add dependency for kernel option b6110e2e8e55 features/tpm: fix conflict with configs and add dependency ee22bc1f8fcd features/mmc: modify dependency e50eb6bd929b features: drop the obsolete kernel option f5327047994f features/hostapd: drop obsolete configs 48b54e625876 bsp/intel-x86: Drop configs that has been removed by kernel (From OE-Core rev: a49c66844c8c3a87f8383085661ff59bfb045452) (From OE-Core rev: 73a4746a5d37ab4869b0eb17979dc9d8970f2ae3) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Dropped 4.18 changes] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto-rt: Add paravirt_kvm support for qemux86-64Hongzhi.Song2018-11-161-1/+1
| | | | | | | | | | | | | | | | | This feature includes paravirtualized KVM guest support, including KVMCLOCK for enhancing clock accuracy of guest OS. (From OE-Core rev: 2b2238e5e81748475de8a339c33529484971b0ff) (From OE-Core rev: 0c13f6b8ba3460029ee239eac080e57d42650841) Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Drop 4.18 changes] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/4.14/4.18: address kernel configuration warningsBruce Ashfield2018-11-163-3/+3
| | | | | | | | | | | | | | | | | | | Making the following commits available to address kernel configuration warnings: 734172039130 preempt-rt: remove entry for aufs 7a6753341309 common_pc: remove config audit warnings dea9c6aa7ddd common-pc/tiny: mask configuration warnings (From OE-Core rev: cc3fa85467c0423b06e78b3e775d5358c422ee4e) (From OE-Core rev: 3b7e38b6519a0ff6edcf40941976a8b65eab8a17) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Drop 4.18 changes] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-yocto/cfg: configuration warning fixesBruce Ashfield2018-11-163-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Now that the kernel configuration audit output is visible, we cleanup and drop obselete configs: bae5cc4e973f bsp/romley: drop obsolete config 2e39f82df02a x86: update microcode configs 6894481e965e wifi: CONFIG_VENDOR_ATH must be build in 3a9f687cdf42 pm: drop obselete CONFIG_USB_SUSPEND bb869e576f6b pm: change CONFIG_PM_RUNTIME to CONFIG_PM 49547fd6b4a3 i915: remove obselete CONFIG_DRM_I915_KMS 4b49aa8e8d09 i915: rename preliminary_hw_support to alpha_support d6186c621856 sound: fix CONFIG_SND_SST_MFLD_PLATFORM d57f4ebf6b54 netfilter: drop CONFIG_NF_CONNTRACK_PROC_COMPAT c8e3cf86df8b netfilter: remove obselete ULOG configs 13da6cb561c0 fs: drop old ext3 options 8e25da60cfd3 cgroups: remove obselete options aa6a61d826e0 wifi: ATH_CARDS -> WLAN_VENDOR_ATH 4e32f99a1591 intel: remove CONFIG_CPU_FREQ_TABLE 131df62ce93a common-pc: remove obselete subsystem 0040deb2fad7 bsp: don't include crypto.scc 3f94205d082c features/crypto: drop feature e2951464ef97 features/thermal: use the correct config name 5a09f42be52e features: drop obsolete configs (From OE-Core rev: fbd0ae4e302fa8e18a15d9081537c58edec2a460) (From OE-Core rev: ad44a133cdc3aa9ad9ecf57a7cf8754951f6fd96) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Drop 4.18 changes] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* base-files: change permissions on /sys and /procDan McGregor2018-11-161-2/+6
| | | | | | | | | | | | | | | | | | | The kernel mounts /proc and /sys with the mode 555. Fedora explicitly sets this value in its filesystem setup package. Debian doesn't seem to set it explictly. Having them be 755 causes permission issues on upgrades inside a container where the guest does not have the permission to change the modes of the mount points. So, just bite the bullet and force them to be 555. (From OE-Core rev: 7e311b0c7222fa9127a96945c9ded7bee5e40eb3) (From OE-Core rev: 26d5ceb33425fa85bc84b825609e1b45b13d3ddd) Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* os-release: move to nonarch_libdirDan McGregor2018-11-161-4/+4
| | | | | | | | | | | | | | Even on multilib systems, /usr/lib is where systemd expects the os-release file to live. (From OE-Core rev: b7b476efee8c959a0227905e40bd9b5ef493632d) (From OE-Core rev: 0362788144c3eff36099d8812c85cc70e8736859) Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: update to 2018fArmin Kuster2018-11-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Briefly: Volgograd moves from +03 to +04 on 2018-10-28. Fiji ends DST 2019-01-13, not 2019-01-20. Most of Chile changes DST dates, effective 2019-04-06. Changes to future timestamps Volgograd moves from +03 to +04 on 2018-10-28 at 02:00. (Thanks to Alexander Fetisov and Stepan Golosunov.) Fiji ends DST 2019-01-13 instead of the 2019-01-20 previously predicted. (Thanks to Raymond Kumar.) Adjust future predictions accordingly. Most of Chile will end DST on the first Saturday in April at 24:00 mainland time, and resume DST on the first Saturday in September at 24:00 mainland time. The changes are effective from 2019-04-06, and do not affect the Magallanes region modeled by America/Punta_Arenas. (Thanks to Juan Correa and Tim Parenti.) Adjust future predictions accordingly. Changes to past timestamps The 2018-05-05 North Korea 30-minute time zone change took place at 23:30 the previous day, not at 00:00 that day. China's 1988 spring-forward transition was on April 17, not April 10. Its DST transitions in 1986/91 were at 02:00, not 00:00. (Thanks to P Chan.) Fix several issues for Macau before 1992. Macau's pre-1904 LMT was off by 10 s. Macau switched to +08 in 1904 not 1912, and temporarily switched to +09/+10 during World War II. Macau observed DST in 1942/79, not 1961/80, and there were several errors for transition times and dates. (Thanks to P Chan.) The 1948-1951 fallback transitions in Japan were at 25:00 on September's second Saturday, not at 24:00. (Thanks to Phake Nick.) zic turns this into 01:00 on the day after September's second Saturday, which is the best that POSIX or C platforms can do. Incorporate 1940-1949 Asia/Shanghai DST transitions from a 2014 paper by Li Yu, replacing more-questionable data from Shanks. Changes to time zone abbreviations Use "PST" and "PDT" for Philippine time. (Thanks to Paul Goyette.) Changes to documentation New restrictions: A Rule name must start with a character that is neither an ASCII digit nor "-" nor "+", and an unquoted name should not use characters in the set "!$%&'()*,/:;<=>?@[\]^`{|}~". The latter restriction makes room for future extensions (a possibility noted by Tom Lane). tzfile.5 now documents what time types apply before the first and after the last transition, if any. Documentation now uses the spelling "timezone" for a TZ setting that determines timestamp history, and "time zone" for a geographic region currently sharing the same standard time. The name "TZif" is now used for the tz binary data format. tz-link.htm now mentions the A0 TimeZone Migration utilities. (Thanks to Aldrin Martoq for the link.) Changes to build procedure New 'make' target 'rearguard_tarballs' to build the rearguard tarball only. This is a convenience on platforms that lack lzip if you want to build the rearguard tarball. (Problem reported by Deborah Goldsmith.) tzdata.zi is now more stable from release to release. (Problem noted by Tom Lane.) It is also a bit shorter. tzdata.zi now can contain comment lines documenting configuration information, such as which data format was selected, which input files were used, and how leap seconds are treated. (Problems noted by Lester Caine and Brian Inglis.) If the Makefile defaults are used these comment lines are absent, for backward compatibility. A redistributor intending to alter its copy of the files should also append "-LABEL" to the 'version' file's first line, where "LABEL" identifies the redistributor's change. (From OE-Core rev: 9d786808fb9471eff46d95dd354f6254e468aa17) (From OE-Core rev: 7ac4ecb04f02a7df943d1f9f0542e28e8f414cc5) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode: update to 2018fArmin Kuster2018-11-161-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes to code zic now always generates TZif files where time type 0 is used for timestamps before the first transition. This simplifies the reading of TZif files and should not affect behavior of existing TZif readers because the same set of time types is used; only their internal indexes may have changed. This affects only the legacy zones EST5EDT, CST6CDT, MST7MDT, PST8PDT, CET, MET, and EET, which previously used nonzero types for these timestamps. Because of the type 0 change, zic no longer outputs a dummy transition at time -2**59 (before the Big Bang), as clients should no longer need this to handle historical timestamps correctly. This reverts a change introduced in 2013d and shrinks most TZif files by a few bytes. zic now supports negative time-of-day in Rule and Leap lines, e.g., "Rule X min max - Apr lastSun -6:00 1:00 -" means the transition occurs at 18:00 on the Saturday before the last Sunday in April. This behavior was documented in 2018a but the code did not entirely match the documentation. localtime.c no longer requires at least one time type in TZif files that lack transitions or have a POSIX-style TZ string. This future-proofs the code against possible future extensions to the format that would allow TZif files with POSIX-style TZ strings and without transitions or time types. A read-access subscript error in localtime.c has been fixed. It could occur only in TZif files with timecnt == 0, something that does not happen in practice now but could happen in future versions. localtime.c no longer ignores TZif POSIX-style TZ strings that specify only standard time. Instead, these TZ strings now override the default time type for timestamps after the last transition (or for all time stamps if there are no transitions), just as DST strings specifying DST have always done. leapseconds.awk now outputs "#updated" and "#expires" comments, and supports leap seconds at the ends of months other than June and December. (Inspired by suggestions from Chris Woodbury.) (From OE-Core rev: 4670dcdb6e2504469c30ebed828d4702d8c0003c) (From OE-Core rev: 9702041a732ca062a9899543d05e585c930407f3) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: update to 2018eArmin Kuster2018-11-161-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Briefly: North Korea switches back to +09 on 2018-05-05. The main format uses negative DST again, for Ireland etc. 'make tarballs' now also builds a rearguard tarball. New 's' and 'd' suffixes in SAVE columns of Rule and Zone lines. Changes to past and future time stamps North Korea switches back from +0830 to +09 on 2018-05-05. (Thanks to Kang Seonghoon, Arthur David Olson, Seo Sanghyeon, and Tim Parenti.) Bring back the negative-DST changes of 2018a, except be more compatible with data parsers that do not support negative DST. Also, this now affects historical time stamps in Namibia and the former Czechoslovakia, not just Ireland. The main format now uses negative DST to model time stamps in Europe/Dublin (from 1971 on), Europe/Prague (1946/7), and Africa/Windhoek (1994/2017). This does not affect UT offsets, only time zone abbreviations and the tm_isdst flag. Also, this does not affect rearguard or vanguard formats; effectively the main format now uses vanguard instead of rearguard format. Data parsers that do not support negative DST can still use data from the rearguard tarball described below (From OE-Core rev: f717eeff2d4823163cb72fb79101220cc48b3286) (From OE-Core rev: 24227750484cca1c1fdf431751247960c19b926f) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode-native: updatet to 2018eArmin Kuster2018-11-161-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes to build procedure The command 'make tarballs' now also builds the tarball tzdataVERSION-rearguard.tar.gz, which is like tzdataVERSION.tar.gz except that it uses rearguard format intended for trailing-edge data parsers. Changes to data format and to code The SAVE column of Rule and Zone lines can now have an 's' or 'd' suffix, which specifies whether the adjusted time is standard time or daylight saving time. If no suffix is given, daylight saving time is used if and only if the SAVE column is nonzero; this is the longstanding behavior. Although this new feature is not used in tzdata, it could be used to specify the legal time in Namibia 1994-2017, as opposed to the popular time (see below). Changes to past time stamps From 1994 through 2017 Namibia observed DST in winter, not summer. That is, it used negative DST, as Ireland still does. This change does not affect UTC offsets; it affects only the tm_isdst flag and the abbreviation used during summer, which is now CAT, not WAST. Although (as noted by Michael Deckers) summer and winter time were both simply called "standard time" in Namibian law, in common practice winter time was considered to be DST (as noted by Stephen Colebourne). The full effect of this change is only in vanguard format; in rearguard and main format, the tm_isdst flag is still zero in winter and nonzero in summer. In 1946/7 Czechoslovakia also observed negative DST in winter. The full effect of this change is only in vanguard format; in rearguard and main formats, it is modeled as plain GMT without daylight saving. Also, the dates of some 1944/5 DST transitions in Czechoslovakia have been changed. (From OE-Core rev: aeb3d295581908ca9a9d8f1705f70b49b2de32e3) (From OE-Core rev: a8f643726e991608d5595cd551a4c3e43a254d6a) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: extend CVE_PRODUCTGrygorii Tertychnyi2018-11-161-1/+1
| | | | | | | | | | | | | | | | | There are both "curl" and "libcurl" CPEs in NVD. All "curl" CVEs are now missed in the reports. Hence, switch "CVE_PRODUCT" to a space separated list of the items. (From OE-Core rev: 69ff709c2450c42139fd9705e3a74464221ad754) (From OE-Core rev: 5df0d75fe63a0e1ada396f5ecfa953ac63f65354) Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: Allow multiple entries in CVE_PRODUCTGrygorii Tertychnyi2018-11-161-1/+2
| | | | | | | | | | | | | | | | | | There are both "curl" and "libcurl" CPEs in NVD. All "curl" CVEs are currently missing in the reports. Hence, switch "CVE_PRODUCT" to a space separated list. It is useful for recipes generating several packages, that have different product names in NVD. (From OE-Core rev: 404f75e026393ddc55da87f6f04fb1201cff4e11) (From OE-Core rev: 667d5e77e1ce0f0e531ed87f6fc30e1d65b16759) Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-uninative: Upgrade to verson 2.3 which includes glibc 2.28Richard Purdie2018-11-161-4/+4
| | | | | | | | | | | | | | This allows us to handle distros which contain glibc 2.28 such as Ubuntu 18.10. (From OE-Core rev: 5c7d9abcd611d23d4340f9a0aee2564f72158a0b) (From OE-Core rev: f01153e1782425756a40929ffb3fa72993b7a3b1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixed up for sumo context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel: specify dependencies for compilation for config tasksBruce Ashfield2018-11-162-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | With recent kernels (i.e. 4.17+) the configuration phase of the kernel will check for capabilities/options of the compiler for CVE and other mitigation support. For a general kernel, we want to ensure that CC is fully defined when the config targets are invoked (so the proper compiler will be checked). For linux-yocto, we also need to specify the compiler/tools dependencies for the configme task since it executes before configure and hence the main kernel build DEPENDS will not always be in the sysroot before it executes. Without those dependencies the kernel will be incorrectly configured (i.e. bison is missing) or the configuration will fail the mitigation tests. [YOCTO #12757] (From OE-Core rev: ff1bdd75d50f0ebac3d599e461685ace29559a82) (From OE-Core rev: ec5cc387ca6828c5dbb3d36c9a92e2d7654c616a) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* valgrind: fix compile ptest failure on mips32Hongxu Jia2018-11-163-1/+131
| | | | | | | | | | | | | | | | | | - Pass mips32's CFLAGS to tests - Fix broken inline asm in tests on mips32-linux - Build mips n32 successfully, support it. (From OE-Core rev: 23d9eba99d1180a0b859aadc23a10b391b8f6440) (From OE-Core rev: 74308b2ca81bb7a3d294ce344ba6e8fdf7ebca5d) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* valgrind: fix ptest compilation for PowerPC64Jagadeesh Krishnanjanappa2018-11-161-0/+78
| | | | | | | | | | | | | | | | | | | | | | | The fix is similar to what was done for PowerPC32. It solves below error, while compiling for PowerPC64, -- snip -- | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c: In function 'usage': | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:3: warning: implicit declaration of function 'fprintf' [-Wimplicit-function-declaration] | fprintf(stderr, | ^~~~~~~ | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:3: warning: incompatible implicit declaration of built-in function 'fprintf' | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:3: note: include '<stdio.h>' or provide a declaration of 'fprintf' | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:11: error: 'stderr' undeclared (first use in this function) | fprintf(stderr, | ^~~~~~ -- snip -- (From OE-Core rev: 9f82bb4bf3d0ded246eb252b3f9b4b618b22fc95) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: skip tests that are not usefulAnuj Mittal2018-11-164-88/+128
| | | | | | | | | | | | | | | | | | | | | Some tests, like the one that compares the hashes for a list of files against those stored in a .dat file, don't make sense for downstream distros packaging perl. Backport a patch from upstream that allows skipping of these tests at runtime. Also remove the local patch trying to keep hashes up-to-date for one of those tests. Fixes [YOCTO #12787] (From OE-Core rev: 557f4618b75b8739a647e46054ab587ae2bbdc25) (From OE-Core rev: 7157e7804b21a84ecbd809b6e171106d7ddc86a6) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* externalsrc.bbclass: Set BB_DONT_CACHE for non-target recipesOla x Nilsson2018-10-181-2/+2
| | | | | | | | | | | | | | | BB_DONT_CACHE was not set for non-virtual recipes where PN != BPN, such as quilt-native. Recipes that do not set BBCLASSEXTEND should always have BB_DONT_CACHE set by externalsrc. (From OE-Core rev: 4eff427a0ee629a1541a420a9591411648569a97) (From OE-Core rev: 30b055d2296f060a4ca054d042f353a2153fdd4e) Signed-off-by: Ola x Nilsson <olani@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rootfs: always update the opkg indexIoan-Adrian Ratiu2018-10-181-3/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The previous logic assumed that if $BUILD_IMAGES_FROM_FEEDS=1 then a complete set of ipk feeds from which to build the image is already present under $IPK_FEED_URIS at do_rootfs runtime. $IPK_FEED_URIS usually contains "file://${DEPLOY_DIR_IPK}" which renders the above assumption bad because some recipes in the current build can contain code like do_install[nostamp] = "1" which will cause rebuilds bumping $PR and invalidating the index. Even when the index is manually re-created before an image build ("bitbake package-index"), the nostamp will cause failures because the dependency gets rebuilt before do_rootfs in the "bitbake <image>" call. So make the opkg rootfs index logic the same as for rpm/deb, to always update the index in $DEPLOY_DIR_IPK to fix the above nostamp failure. Feeds outside $DEPLOY_DIR_IPK added to $IPK_FEED_URIS continue to work as usual, for eg. by using a http:// URI. (From OE-Core rev: bce90f48d1cc136fdfdf98b3830f5d99e381271b) (From OE-Core rev: 6e03d1d56587d93b9a9ec936ceb69350234c627a) Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu: fix handling of SIGTERM and the problem of line wrappingChen Qi2018-10-181-3/+11
| | | | | | | | | | | | | | | | | | | | | | | | | The current handling of SIGTERM is incorrect as the process pid returned by Popen call with shell setting to True is actualy the shell instead of the qemu process. So use shlex to split cmd so that we can avoid using shell=True. This ensures the child process is the actual qemu process. Also, as we install a SIGTERM handler, we need handle the situation of qemu terminated by SIGTERM, otherwise we will get ERROR message in such case. Besides, we have a problem that after running qemu, the terminal's behavior is incorrect regarding long lines or long commands. Long commands or long outputs should appear in multiple lines, but they appear in the same line, overriding previous output. Use `tput smam' to fix this problem. (From OE-Core rev: e8acef383767cfd1ef0c3d3c45d9d6eb1c83b3e7) (From OE-Core rev: a2ee5c8a1ff449250e6f37fccf01b85a7361b24c) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu: exit gracefully with an error message if qemu system is not evaluatedJagadeesh Krishnanjanappa2018-10-181-0/+5
| | | | | | | | | | | | | | | | | | | It solves below error: -- snip -- return 'qemu-system-%s' % qbsys UnboundLocalError: local variable 'qbsys' referenced before assignment -- snip -- [YOCTO #12846] (From OE-Core rev: 519273f54c0b8a6fff36afeb7646d8e37717be22) (From OE-Core rev: bc030c9f5af4af5a8bad48bc8beca9324a65d25b) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu: add SIGTERM handler to make sure things are cleaned upChen Qi2018-10-181-1/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add SIGTERM handler so that runqemu could clean things up correctly when receving such signal. This problem was originally observed when running testimage. On some hosts, after running testimage task, the user has to manually operate on the tap interface (e.g. `sudo ip link del tap0') in order for the next runqemu command to launch successfully. The problem is about runqemu, SIGTERM and network manager on the host. In testimage task, the runqemu process will receive SIGTERM. In such situation, its cleanup() function is not run, resulting in tap interface not cleaned up. On some hosts, the network manager will bring down the tap interface automatically, thus this problem. I saw this problem on Fedora21. I think we'd better just clean up the tap interface ourselves. So this patch adds to runqemu a SIGTERM handler, in which the actual qemu process is terminated and other things cleaned up. (From OE-Core rev: 02709d4709c56f9b9095e3555da35b659b03a8a3) (From OE-Core rev: 05c2a590980819e31acee29e1e7282d2ed3586b7) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtiff: fix CVE-2017-17095Joe Slater2018-10-182-0/+47
| | | | | | | | | | | | | | | Backport fix from gitlab.com/libtiff/libtiff. nvd.nist.gov does not yet reference this patch. (From OE-Core rev: f72c8af3f2c1ec9e4d9ffcf0cc6e7fdf572b21b9) (From OE-Core rev: 6681ba9759b2d09945e415daf251162ac9600df7) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* x264: Disable asm on musl/x86Khem Raj2018-10-181-0/+1
| | | | | | | | | | | | | | | | | | Fixes WARNING: x264-r2854+gitAUTOINC+e9a5903edf-r0 do_package_qa: QA Issue: ELF binary '/mnt/a/yoe/build/tmp/work/i586-yoe-linux-musl/x264/r2854+gitAUTOINC+e9a5903edf-r0/packages-split/x264/usr/lib/libx264.so.152' has relocations in .text [textrel] WARNING: x264-r2854+gitAUTOINC+e9a5903edf-r0 do_package_qa: QA Issue: ELF binary '/mnt/a/yoe/build/tmp/work/i586-yoe-linux-musl/x264/r2854+gitAUTOINC+e9a5903edf-r0/packages-split/x264-bin/usr/bin/x264' has relocations in .text [textrel] (From OE-Core rev: ea1204c6d9a02f0e38cf616e89d46530908972bb) (From OE-Core rev: 221a02355c8c2128f086f71bcbe95085a6306dcc) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsndfile1: CVE-2018-13139Changqing Li2018-10-182-0/+36
| | | | | | | | | | | | | | | A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28. Fixed in https://github.com/erikd/libsndfile/issues/397 (From OE-Core rev: 6b5a9078a7c5035590ee4dc2e23582da94d4a104) (From OE-Core rev: da7342a774ae9bcd876ceb7c260dfb49791949d5) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nasm: fix CVE-2018-10016Hongxu Jia2018-10-182-0/+41
| | | | | | | | | | | | | | | | | | Previously fix of CVE-2018-10016 caused ovmf build failure, I reported the failure to upstream and it replied with this V2 fix. Details at: https://bugzilla.nasm.us/show_bug.cgi?id=3392473 (From OE-Core rev: e2fa6bc137faebba3c440cac93c88092421e8e82) (From OE-Core rev: 19138a21aabe60b67015e3383f4030db0d4d37a4) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Update git.gnome.org addresses after upstream changesRichard Purdie2018-10-187-8/+9
| | | | | | | | | | | | | | | | | | | | git.gnome.org is no more. It has ceased to be. It's an ex-git. Please see here: https://about.gitlab.com/2018/05/31/welcome-gnome-to-gitlab/ Note that gitlab does not support git://, only https:// (and ssh). [Commit message from Alexander Kanavin] (From OE-Core rev: 8382cdc0888ca645a44aacaac1155afb8dcde979) (From OE-Core rev: a6b6af83e344501057b0eb28dce1077992e5a7f3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for sumo context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: CVE-2018-11233Sinan Kaya2018-10-182-1/+46
| | | | | | | | | | | | | | | | * CVE-2018-11233 Code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. Affects < 2.17.1 CVE: CVE-2018-11233 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1583888 (From OE-Core rev: d145f605c274386baf0dde023f15cddf37523f3b) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: CVE-2018-1061Sinan Kaya2018-10-182-0/+166
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * CVE-2018-1060 Prevent low-grade poplib REDOS: The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. * CVE-2018-1061 Prevent difflib REDOS The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Affects < 3.5.6rc1 CVE: CVE-2018-1060 CVE: CVE-2018-1061 Ref: https://access.redhat.com/security/cve/cve-2018-1060 Ref: https://access.redhat.com/security/cve/cve-2018-1061 (From OE-Core rev: 1461bcc72e6649920ecf4226e006e5667c48a21c) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: CVE-2018-14404Sinan Kaya2018-10-182-0/+59
| | | | | | | | | | | | | | | | | | | * CVE-2018-14404 A null pointer dereference vulnerability exists in the xpath.c:xmlXPathCompOpEval() function of libxml2 when parsing invalid XPath expression. Applications processing untrusted XSL format inputs with the use of libxml2 library may be vulnerable to denial of service attack due to crash of the application. Affects libxml <= 2.9.8 CVE: CVE-2018-14404 Ref: https://access.redhat.com/security/cve/cve-2018-14404 (From OE-Core rev: 06d7f9039b005c2112e28336ac1c30e5120ec815) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* checklayer: avoid recursive loop in add_layer_dependenciesNicolas Dechesne2018-10-181-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When Layer A and Layer B depend on each other, then we will end up in a recursive loop in function recurse_dependencies(). To avoid such situation before making the recursive function call we check whether or not we have already processed this layer. e.g. without this patch, running this script on layers with dependency loops, we are seeing: $ yocto-check-layer -d /srv/work/oe/meta-openembedded/ INFO: Detected layers: INFO: meta-python: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-python INFO: meta-filesystems: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-filesystems INFO: meta-gnome: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-gnome INFO: meta-xfce: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-xfce INFO: meta-networking: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-networking INFO: meta-initramfs: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-initramfs INFO: meta-oe: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-oe INFO: meta-multimedia: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-multimedia INFO: meta-perl: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-perl INFO: meta-webserver: LayerType.SOFTWARE, /srv/work/oe/meta-openembedded/meta-webserver INFO: INFO: Setting up for meta-python(LayerType.SOFTWARE), /srv/work/oe/meta-openembedded/meta-python DEBUG: Processing dependencies core openembedded-layer for layer meta-python. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. DEBUG: Processing dependencies core networking-layer for layer meta-oe. DEBUG: Processing dependencies core openembedded-layer meta-python for layer meta-networking. ... ... ... [keep repeating] This patch fixes this situation. (From OE-Core rev: 759290ed5fedc1ce10639b3584d4532d688ea714) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 171900b4bcb06416685ce90b63114a10fefe0b94) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: fetcher: Fixed remote removal not throwing exception.Paulo Neves2018-10-101-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Before this fix it is assumed that the removal of the remote can only fail because there is not remote to remove. This is a false assumption. Example error which would be ignored: git -c core.fsyncobjectfiles=0 remote rm origin failed with exit code 1, output: Note: A branch outside the refs/remotes/ hierarchy was not removed; to delete it, use: git branch -d master error: could not lock config file config error: Could not remove config section 'remote.origin' Due to the masking of this error a stranger error will be presented to the user, because this time we do not mask the exception: git -c core.fsyncobjectfiles=0 remote add --mirror=fetch origin https://github.com/ptsneves/tl-wn722.git failed with exit code 128, output: fatal: remote origin already exists. The most likely reason that the remote cannot be removed nor modified is that the DL_DIR/git2 does not have permissions compatible with the user running bitbake. This commit fixes: https://bugzilla.yoctoproject.org/show_bug.cgi?id=12728 (Bitbake rev: 67189588a68b9bcb39421ef12103507b4c8820c3) Signed-off-by: Paulo Neves <ptsneves@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* initramfs-framework/udev: call settle before killAnuj Mittal2018-10-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | When mount command is executed in rootfs module of initrd, eudev creates a loop0 device node, applies rules and adds a inotify watch to it. Right after this step, we execute finish which first tries to kill any running udevd daemon before doing a switch_root. In some cases, it is possible that switch_root is executed before inotify_add_watch was actually processed which would lead to errors like: | inotify_add_watch(6, /dev/loop0, 10) failed: No such file or directory Make sure that we process all the events in queue before actually trying to kill udevd to prevent this race. Fixes [YOCTO #12861] (From OE-Core rev: a85c34d263fcf1542bbedcaf1634302466bb20cf) (From OE-Core rev: 196659ca05623996e2b36f7b1e52195a81fd3bdd) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcroco: CVE-2017-7961Armin Kuster2018-10-102-1/+48
| | | | | | | | | | | | | | | | | * CVE-2017-7961 The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CSS file. CVE: CVE-2017-7961 Ref: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7961 (From OE-Core rev: 9b321cf141c3fa18d5b85f17ffe1710f4555ca49) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: CVE-2018-9234Sinan Kaya2018-10-102-0/+29
| | | | | | | | | | | | | | | | | | * CVE-2018-9234 GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key certification requires an offline master Certify key, which results in apparently valid certifications that occurred only with access to a signing subkey. Affects gnupg <= 2.2.5 CVE: CVE-2018-9234 Ref: https://access.redhat.com/security/cve/cve-2018-9234 (From OE-Core rev: af920831ed1ef607db195372f135cc56e9f53b41) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemux86-directdisk: remove mem= parameterAnuj Mittal2018-10-101-1/+1
| | | | | | | | | | | | | | | | | | | | | Remove usage of a specific amount of memory and let it be controlled by users. This was the default behaviour before it was changed by commit 3b79d9a78 that switched the wks file to be used for qemux86. Also fixes the bitbake parsing issues seen because of memory starvation using build appliance images. Fixes [YOCTO #12894] (From OE-Core rev: 18d6b668c52dc881cff7b107420e0de527eecce4) (From OE-Core rev: a53026f03a1d07cef1d1590c689e036f3ee21026) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cmake: put cmake.m4 and toolchain file in PNRoss Burton2018-10-101-1/+2
| | | | | | | | | | | | | | | | | | | | | Previously cmake-dev held some files which should be in cmake. - cmake.m4 should be in installed in cmake so it can be used out of the box - nativesdk-specific OEToolchainConfig.cmake file used to be in cmake, but the change of default packaging rules move it into cmake-dev. This recipe is the exception and it should be moved back. Add the extra paths to cmake, and clear FILES for cmake-dev to ensure nothing else slips in. (From OE-Core rev: a6ce79b87d3db57033a3d1710cb3292366a0a8f7) (From OE-Core rev: 5f985f02a932ebce238a6b1c644d2e3179226aab) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mkefidisk: fix installation of kernel imageChong Yi Chai2018-10-101-2/+10
| | | | | | | | | | | | | Kernel image can be 'vmlinuz' for 'bzImage' but the script is written to support 'vmlinuz' only. When building with meta-intel on sumo branch, the kernel image is now bzImage and the installation will fail. Add option to install bzImage as well. (From OE-Core rev: a702a5efdaece4197ceefec2a3b4c1e872e82f11) Signed-off-by: Chong Yi Chai <chong.yi.chai@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsdl2: Fix left rotated display for RaspPi/VC4/GLES2Andreas Müller2018-10-102-0/+142
| | | | | | | | | | | | | The patch should increase performance for libsdl2 on GLES2 too. (From OE-Core rev: 52f9659f2bb44affec2f67935df01f13b6ff3e02) (From OE-Core rev: 80b6a08f55e322bfc41f69476509dc5a62ada83f) Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: disable static PIE in glibcRoss Burton2018-10-101-1/+1
| | | | | | | | | | | | | | Static PIE doesn't work entirely right in GCC 7, for example ldconfig on ARM with the flags enabled will something segfault during initialisation. To mitigate this until we have GCC 8 integrated, don't enable static PIE. (From OE-Core rev: 502de6f5db232a104eb269782a690f52fd665ef4) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: main: Fix environment handling for UI module importsRichard Purdie2018-10-101-3/+4
| | | | | | | | | | | | | | | The environment was being cleared before the UI imports occurred which caused problems for graphical UIs like taskexp. The full environment was intended to be available to UI clients and it was only meant to be cleared for the server/cooker, so tweak the code order so this is the case. This fixes problems reported for taskexp. [YOCTO #12670] (Bitbake rev: 66ac33b6888edb7077b6e94a4d3d1e1d1d53c0c5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: toaster: Fix bitbake flexible path error from Bugzilla #12891Awais Belal2018-10-041-1/+1
| | | | | | | | | | | | | | | | Commit 15340edce23e63b060c75114d508e1f76757239c introduced a way which allowed bitbake to be found from the PATH variable when directory structures different from poky are used. This just drops a leftover bitbake definition which made the earlier implementation meaningless by reassigning the path relative to oe-core/meta. [YOCTO #12942] (Bitbake rev: 99321236c516277c9d423b1b355bbce1245d9923) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: David Reyna <David.Reyna@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: fix CVE-2018-11237Zheng Ruoqin2018-09-272-0/+83
| | | | | | | | | | | | | glibc: fix CVE-2018-11237 (From OE-Core rev: b9b254da08c1db94ac9ded5f67d7e2e82e3b9be7) (From OE-Core rev: 361c40d4bea101875747eac9c8cc46e92ced173f) Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: CVE-2018-8740Sinan Kaya2018-09-272-0/+48
| | | | | | | | | | | | | | | | | * CVE-2018-8740 In SQLite through 3.22.0, databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference, related to build.c and prepare.c. Affects sqlite3 <= 3.22.0 CVE: CVE-2018-8740 Ref: https://access.redhat.com/security/cve/cve-2018-8740 (From OE-Core rev: 0469c075d904026ec37214fb39397bb1cb07ab43) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: CVE-2018-13785Sinan Kaya2018-09-272-1/+40
| | | | | | | | | | | | | | | | | | | | * CVE-2018-13785 In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. (cherry picked from 8a05766cb74af05c04c53e6c9d60c13fc4d59bf2) Affects libpng <= 1.6.34 CVE: CVE-2018-13785 Ref: https://access.redhat.com/security/cve/cve-2018-13785 (From OE-Core rev: 4cc1862695c6899b61e3900216376c1b2f338a19) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: CVE-2017-15874Sinan Kaya2018-09-272-0/+31
| | | | | | | | | | | | | | | | | * CVE-2017-15874 busybox: Integer underflow in archival/libarchive/decompress_unlzma.c (cherry picked from 9ac42c500586fa5f10a1f6d22c3f797df11b1f6b) Affects busybox <= 1.27.2 CVE: CVE-2017-15874 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15874 (From OE-Core rev: c35a0355a3561cd17703ece3a66c3389ceb224bf) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check.bbclass: do not download the CVE DB in package-specific tasksKonstantin Shemyak2018-09-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | Disable downloading of the vulnerability DB in do_check_cves() task. When invoked in this task, cve-check-tool attempts re-download of the CVE DB if the latter is older than certain threshold. While reasonable for a stand-alone CVE checker, this behavior can cause errors in parallel builds if the build time is longer than this threshold: * Other tasks might be using the DB. * Several packages can start the download of the same file at the same time. This check is not really needed, as the DB has been downloaded by cve_check_tool:do_populate_cve_db() which is a prerequisite of any do_build(). The DB will be at most (threshold + build_time) old. (From OE-Core rev: 125789b6ee6d47ab84192230f63971c4e22418ba) (From OE-Core rev: 2f84939b0e17dfba1fc43bf053871ea930d9a04c) Signed-off-by: Konstantin Shemyak <konstantin.shemyak@ge.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check.bbclass: detect CVE IDs listed on multiple linesJon Szymaniak2018-09-271-4/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | Some backported patches fix multiple CVEs and list the corresponding identifiers on multiple lines, rather than on a single line. cve-check.bbclass yields false positive warnings when CVE IDs are presented on multiple lines because re.search() returns only the first match. An example of this behavior may be found when running do_cve_check() on the wpa-supplicant recipe while in the rocko branch. Only CVE-2017-13077 is reported to be patched by commit de57fd8, despite the patch including fixes for a total of 9 CVEs. This is resolved by iterating over all regular expression matches, rather than just the first. (From OE-Core rev: 8fb70ce2df66fc8404395ecbe66a75d0038f22dd) (From OE-Core rev: 1c6ae927ca8acc1e5f362b1424b2c6a5da1e8be9) Signed-off-by: Jon Szymaniak <jon.szymaniak.foss@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>