aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2018-01-17bitbake: bitbake-user-manual: Fixed porno hack for hello world exampledizzyScott Rifenbark
Someone hacked the http://hambedded site or it was moved and some links to that site in the BB manual had been hijacked to point to an entry portal for a pornography site. Replaced the link with an archived version that restores the integrity of the links. (Bitbake rev: daa0aa05a04d8d20473a05b5b5878610e40ef820) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-07-11init-install-efi.sh: Avoid /mnt/mtab creation if already presentLeonardo Sandoval
The base-files recipe installs /mnt/mtab (it is a softlink of /proc/mounts), so if an image includes the latter, there is no new to created it again inside the install-efi.sh script, otherwise an error may occur as indicated on the bug's site. [YOCTO #7971] (From OE-Core rev: 1679c3d7bfa1cff4e126e2ed3dff50bdd7c2eeab) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21glibc: CVE-2015-8776Armin Kuster
it was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information. (From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee) (From OE-Core rev: c50e30cb078ca0ad6f76241f0b0a5557cc17e3c0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21glibc: CVE-2015-9761Armin Kuster
A stack overflow vulnerability was found in nan* functions that could cause applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49) (From OE-Core rev: 1916b4c34ee9d752c12b8311cb9fd41e09b82900) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21glibc: CVE-2015-8779Armin Kuster
A stack overflow vulnerability in the catopen function was found, causing applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5) (From OE-Core rev: 01e9f306e0af4ea2d9fe611c1592b0f19d83f487) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21glibc: CVE-2015-8777Armin Kuster
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. (From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252) (From OE-Core rev: bb6ce1334bfb3711428b4b82bca4c0d5339ee2f8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-03glibc 2.20: Security fix CVE-2015-7547Koen Kooi
CVE-2015-7547: getaddrinfo() stack-based buffer overflow (From OE-Core rev: b30a7375f09158575d63367600190a5e3a00b9fc) Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30bind: CVE-2015-8000Sona Sarmadi
Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. [YOCTO #8838] References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 (From OE-Core rev: c9c42b0ec2c7b9b3e613f68db06230ebc6e2711c) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30grub2: Fix CVE-2015-8370Belal, Awais
http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2 (From OE-Core rev: 76ef966b1f47663f570e87aeb21bc98147b0eca2) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30glibc: Fixes a heap buffer overflow in glibc wscanf.Armin Kuster
References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html http://openwall.com/lists/oss-security/2015/02/04/1 Reference to upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit; h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 (From OE-Core rev: 5aa90eef9b503ba0ffb138e146add6f430dea917) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Hand applied. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30libxml2: CVE-2015-8241Sona Sarmadi
Upstream bug (contains reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756263 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id= ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe (From OE-Core rev: 84c6a67baaafee565ac4fad229bd8d07a21da09c) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30openssl: CVE-2015-3194, CVE-2015-3195Sona Sarmadi
Fixes following vulnerabilities: Certificate verify crash with missing PSS parameter (CVE-2015-3194) X509_ATTRIBUTE memory leak (CVE-2015-3195) References: https://openssl.org/news/secadv/20151203.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 Upstream patches: CVE-2015-3194: https://git.openssl.org/?p=openssl.git;a=commit;h= d8541d7e9e63bf5f343af24644046c8d96498c17 CVE-2015-3195: https://git.openssl.org/?p=openssl.git;a=commit;h= b29ffa392e839d05171206523e84909146f7a77c (From OE-Core rev: 09c3a0f01572a6a65e9f87ce16817ee7de3296f1) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30libxml2: CVE-2015-8035Sona Sarmadi
Fixes DoS when parsing specially crafted XML document if XZ support is enabled. References: https://bugzilla.gnome.org/show_bug.cgi?id=757466 Upstream correction: https://git.gnome.org/browse/libxml2/commit/?id= f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 (From OE-Core rev: e40cae30575a227bb0274869f720dffd816d629a) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30unzip: CVE-2015-7696, CVE-2015-7697Tudor Florea
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 (From OE-Core rev: 9c841157f8ecd3221702c4675a4145f586617780) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30libxml2: CVE-2015-7942Sona Sarmadi
Fixes heap-based buffer overflow in xmlParseConditionalSections(). Upstream patch: https://git.gnome.org/browse/libxml2/commit/ ?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 (From OE-Core rev: a2980f004519a4baeb4c88ad924e15195fe75e32) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30linux-dtb.inc: drop unused DTB_NAME variable from do_installMartin Jansa
* this is causing do_install to depend on KERNEL_IMAGE_BASE_NAME which in some cases contains something like BUILD_NUMBER from CI, that caused do_install to be reexecuted every single time, which is very sad to be caused by unused variable. * jethro and newer don't need this change, because it's also fixed in commit 86b3f29f93e3f87903668ea317c6bd97be4cdf62 Author: Marek Vasut <marex@denx.de> Date: Thu May 14 14:31:11 2015 +0200 Subject: kernel: Build DTBs early (From OE-Core rev: 7bbed4ecd5e919eb274aeb9d6cdaba2c85cccc71) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30glibc: use patch for CVE-2015-1781Tudor Florea
Patch added to the repo wasn't actually considered due to a erronously way of specifying the sources. (From OE-Core rev: 2cdc3dd4cc4426aa081b6cb99b67f1143cc64f81) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30texinfo: don't create dependency on INHERIT variableMartin Jansa
* we don't want the do_package signature depending on INHERIT variable * e.g. just adding the own-mirrors causes texinfo to rebuild: # bitbake-diffsigs BUILD/sstate-diff/*/*/texinfo/*do_package.sig* basehash changed from 015df2fd8e396cc1e15622dbac843301 to 9f1d06c4f238c70a99ccb6d8da348b6a Variable INHERIT value changed from ' rm_work blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' to ' rm_work own-mirrors blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' (From OE-Core rev: 2f61930f55390bd2dfeb52a1ccfbc1cbe560c3ad) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30allarch: Force TARGET_*FLAGS variable valuesMike Crowe
TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may differ between MACHINEs. Since they are exported they affect task hashes even if unused which leads to multiple variants of allarch packages existing in sstate and bouncing in the sysroot when switching between MACHINEs. allarch packages shouldn't be using these variables anyway, so let's ensure they have a fixed value in order to avoid this problem. (Compare with 05a70ac30b37cab0952f1b9df501993a9dec70da and 14f4d016fef9d660da1e7e91aec4a0e807de59ab.) (From OE-Core rev: b5a9d4ab564c2a6645922eed0203acb88ec5dd33) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30layer.conf: Add missing dependency for allarch package initramfs-frameworkRichard Purdie
Similiarly to the other previous changes, add a missing allarch package dependency for initramfs-framework on udev. (From OE-Core rev: 685cc8a2922d51f7b1a255f11c72233ae572e2b2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30layer.conf: Add several allarch dependency exclusionsRichard Purdie
These are dependencies that our allarch packages have in OE-Core that cause those allarch packages to rebuild every time MACHINE changes. With these changes, OE-Core allarch packages all have a common sstate signatures and no longer rebuild. (From OE-Core rev: 63bff90fa4fb4a95e8c79f9f8e5dd90ae1dfc69d) (From OE-Core rev: 0d07fd7496c1f86538341eac43753f031583e2c4) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30image.bbclass: don't let do_rootfs depend on BUILDNAMEChen Qi
BUILDNAME is set by cooker as a string of current time. Letting do_rootfs task depend on this variable gets us no benefit. Besides, letting do_rootfs task depend on this variable will cause us trouble when executing `bitbake -S none core-image-minimal'. With current code, this command gives us error complaining about the different bashhash of do_rootfs task. (From OE-Core rev: e1763aae5961a06a05ee8834ab20cf752bddf793) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30fontcache: allow to pass extra parameters and environment to fc-cacheMartin Jansa
* this can be useful for passing extra parameters, pass -v by default to see what's going on in do_rootfs * we need to use this for extra parameter we implemented in fontconfig: --ignore-mtime always use cache file regardless of font directory mtime because the checksum of fontcache generated in do_rootfs doesn't match with /usr/share/fonts directory as seen on target device causing fontconfig to re-create the cache when fontconfig is used for first time or worse create new cache in every user's home directory when /usr/ filesystem is read only and cache cannot be updated. Running FC_DEBUG=16 fc-cache -v on such device shows: FcCacheTimeValid dir "/usr/share/fonts" cache checksum 1441207803 dir checksum 1441206149 * my guess is that the checksum is different, because pseudo (which is unloaded when running qemuwrapper) or because some influence of running the rootfs under qemu. (From OE-Core rev: f2b86a69d88d382f16bbec070adc8199932b2c02) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565Armin Kuster
three security fixes. CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable (From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f) (From OE-Core rev: ddfe191355a042e6995f7b4b725b108c5bb4d36e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Conflicts: meta/recipes-connectivity/openssh/openssh_6.6p1.bb Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30rsync: backport libattr checking patchSergiy Kibrik
Add check_libattr.patch to version 3.1.0 recipe, which checks and includes libattr to linker, otherwise rsync may fail to build with linker error below (as -lattr option gets omitted): [..] lib/sysxattrs.o: undefined reference to symbol 'llistxattr@@ATTR_1.0' [..]/lib/libattr.so.1: error adding symbols: DSO missing from command line (From OE-Core rev: 576f63c50badd54b47cdda42a6466bb18984958d) Signed-off-by: Sergiy Kibrik <sakib@meta.ua> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30grep2.19: CVE-2015-1345Sona Sarmadi
Fixes heap-based buffer overflow flaw in grep. Affected versions are: grep 2.19 through 2.21 Removed THANKS.in changes from upstream patch since this file does not exist in version 2.19. Replaced tab with spaces in SRC_URI as well. Upstream fix: http://git.sv.gnu.org/cgit/grep.git/commit/?id= 83a95bd8c8561875b948cadd417c653dbe7ef2e2 (From OE-Core rev: fb3e73fb2536b718dfce0e7b126f75464b9874aa) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30libtasn1: CVE-2015-3622Sona Sarmadi
_asn1_extract_der_octet: prevent past of boundary access References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch; h=f979435823a02f842c41d49cd41cc81f25b5d677 (From OE-Core rev: 61bee3f813127c91d75a2af5197bdc874483a1fd) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-17bitbake: cooker: Ensure bbappend files are processed in a determistic orderRichard Purdie
self.appendlist is a dict and as such unordered. This can lead to cases where appends with different names (e.g. x_%.bbappend vs. x_123.bbappend) can be reordered in application which in turn reorders the variables that those bbappend files might touch. Reorderd variables changes the sstate cache signatures causing real world issues. To avoid this, use a list for the append files instead. This patch is conservative and just adds a new data structure alongside the existing one and uses it to resolve the core issue. Later patches (post release) can handle some of the wider but less problematic ones (e.g. issues in bitbake-layers flatten). [YOCTO #7511] (Bitbake rev: 370a19bf956a2fba5bf4db3d72806e17d7f9e000) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-11-18documentation: Changed some 'intro' tags to resolve multiple mega-manual ↵Scott Rifenbark
warnings. (From yocto-docs rev: 411beb911b826d19fe3a6755c7a432ca1f17352f) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-11-18poky.ent, mega-manual.sed: Updated to support 1.7.3 releaseScott Rifenbark
(From yocto-docs rev: a8294f1fb2e1d5d990a678492dd87d9d31dcf0ee) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-11-18documentation: Updated manual revision tables for 1.7.3 releaseScott Rifenbark
(From yocto-docs rev: 4de7a8b829cd45356d64885202850b3499b0da10) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-29build-appliance-image: Update to dizzy head revisionyocto-1.7.3dizzy-12.0.3Richard Purdie
(From OE-Core rev: 7bb182bdd130266100fc541fd09b82d09c51cd80) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-29poky.conf: Bump version for 1.7.3 dizzy releaseRichard Purdie
(From meta-yocto rev: 661f1023c499c490255ca5e97b76d54e51a8f59e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-29sstate: run recipe-provided hooks outside of ${B}Ross Burton
To avoid races between the sstate tasks/hooks using ${B} as the cwd, and other tasks such as cmake_do_configure which deletes and re-creates ${B}, ensure that all sstate hooks are run in the right directory, and run the prefunc/postfunc in WORKDIR. (From OE-Core rev: dc8546241a66c6eb076dc67fd165b5216b822ced) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722Armin Kuster
three security fixes. (From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19icu: CVE-2014-8146-CVE-2014-8147Sona Sarmadi
CVE-2014-8146 icu: heap overflow via incorrect isolateCount CVE-2014-8147 icu: integer truncation in the resolveImplicitLevels function References: [1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z [2] https://www.kb.cert.org/vuls/id/602540 [3] http://bugs.icu-project.org/trac/changeset/37080 [4] http://bugs.icu-project.org/trac/changeset/37162 (From OE-Core rev: 1bc6391f65dec41ff0360b625b7a85a161e43955) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19oprofileui: Use inherit gettextSaul Wold
oprofileui uses gettext during the configuration task so should be inherit gettext. This issue appears when an older version of gettext is used do to pinning to the older non-gplv3 version. [YOCTO #7795] (From OE-Core rev: 9a747554ba985970009a065f3403b94565e698e3) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19gnutls: CVE-2015-3308Sona Sarmadi
(From OE-Core rev: 75b25e7d463ed1af0fd9b3dd56e407e6e72b0f6a) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19rootfs.py: show intercept script output in log.do_rootfsMartin Jansa
* without this the output wasn't shown anywhere even when the bb.warn says: "See log for details!" (From OE-Core rev: a3c322b42c7a14584a80e04519c34689ec813210) (From OE-Core rev: b708151b798013119cbc651cd11a534c0cb816af) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19postinst_intercept: allow to pass variables with spacesMartin Jansa
* trying to pass foo="a b" through postinst_intercept ends with the actual script header to containing: b foo=a which fails because "b" command doesn't exist. (From OE-Core rev: c66d7d85b7225be8c838449324d506565dd0081d) (From OE-Core rev: 05af103b9b9141319644cde452afbe73e4c2d226) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19rootfs.py: Allow to override postinst-intercepts locationMartin Jansa
* useful when we need to overlay/extend intercept scripts from oe-core (From OE-Core rev: 7d08d2d5c0ae686e3bb8732ea82f30fd189b1cd8) (From OE-Core rev: 2374910466d82c817d74e9098a1636b21ff779af) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19base.bbclass: Note when including pn with INCOMPATIBLE_LICENSESBeth Flanagan
We need to be able to tell people if we WHITELIST a recipe that contains an incompatible licese. Example: If we set WHITELIST_GPL-3.0 ?= "foo", foo will end up on an image even if GPL-3.0 is incompatible. This is the correct behaviour but there is nothing telling people that it is even happening. (From OE-Core rev: c9da529943b2f563b7b0aeb43576c13dd3b6f932) (From OE-Core rev: c468724d2932708dffc766e182a69665de6226f6) Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19autotools.bbclass: mkdir ${B} -> mkdir -p ${B}Robert Yang
${B} is the default cwd of tasks, so there might be race issues such as: | mkdir: cannot create directory `${B}': File exists [snip] NOTE: recipe perf-1.0-r9: task do_configure: Failed (From OE-Core rev: 3390dde6addaafad84c635eb37d2eae1ac22fcb7) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19perf: mkdir ${B} -> mkdir -p ${B}Robert Yang
${B} is the default cwd of tasks, so there might be race issues such as: | mkdir: cannot create directory `/path/to/work/qemux86-poky-linux/perf/1.0-r9/perf-1.0/': File exists [snip] NOTE: recipe perf-1.0-r9: task do_configure: Failed (From OE-Core rev: 197d9fb922cc234294e8ca090bddfcd023fc82ce) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-02bitbake: prserv/serv: Improve exit handlingRichard Purdie
Currently, I'm not sure how the prserver managed to shut down cleanly. These issues may explain some of the hangs people have reported. This change: * Ensures the connection acceptance thread monitors self.quit * We wait for the thread to exit before exitting * We sync the database when the thread exits * We do what the comment mentions, timeout after 30s and sync the database if needed. Previously, there was no timeout (the 0.5 applies to sockets, not the Queue object) (Bitbake rev: bd9d827ae6ef02ec9a0577fb2fd19b830ccb4416) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0926492295d485813d8a4f6b77c7b152e4c5b4c4) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01bitbake: bitbake: cooker: properly fix bitbake.lock handlingRichard Purdie
If the PR server or indeed any other child process takes some time to exit (which it sometimes does when saving its database), it can end up holding bitbake.lock after the UI exits, which led to errors if you ran bitbake commands successively - we saw this when running the PR server oe-selftest tests in OE-Core. The recent attempt to fix this wasn't quite right and ended up breaking memory resident bitbake. This time we close the lock file when cooker shuts down (inside the UI process) instead of unlocking it, and this is done in the cooker code rather than the actual UI code so it doesn't matter which UI is in use. Additionally we report that we're waiting for the lock to be released, using lsof or fuser if available to list the processes with the lock open. The 'magic' in the locking is due to all spawned subprocesses of bitbake holding an open file descriptor to the bitbake.lock. It is automatically unlocked when all those fds close the file (as all the processes terminate). We close the UI copy of the lock explicitly, then close the server process copy, any remaining open copy is therefore some proess exiting. (The reproducer for the problem is to set PRSERV_HOST = "localhost:0" and add a call to time.sleep(20) after self.server_close() in lib/prserv/serv.py, then run "bitbake -p; bitbake -p" ). Cleanup work done by Paul Eggleton <paul.eggleton@linux.intel.com>. This reverts bitbake commit 69ecd15aece54753154950c55d7af42f85ad8606 and e97a9f1528d77503b5c93e48e3de9933fbb9f3cd. (Bitbake rev: a29780bd43f74b7326fe788dbd65177b86806fcf) (Bitbake rev: 830b8f31459ca484bdaf2caa8ff4b7cbf21c77ac) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Conflicts: bitbake/lib/bb/cooker.py bitbake/lib/bb/main.py bitbake/lib/bb/tinfoil.py bitbake/lib/bb/ui/knotty.py Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01bitbake: runqueue: Add message to explain the problem if diffsigs multiple ↵Richard Purdie
tasks don't exist (Bitbake rev: 3bfc0105ae993a3304face1fc0af75e012673567) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01oeqa/selftest: fix test_incremental_image_generation for changes in log outputYi Zhao
test_incremental_image_generation case failed because the log output chanaged: FAIL: test_incremental_image_generation (oeqa.selftest.buildoptions.ImageOptionsTests) ---------------------------------------------------------------------- Traceback (most recent call last): File "/buildarea3/yzhao1/poky-build/meta/lib/oeqa/utils/decorators.py", line 90, in wrapped_f return func(*args) File "/buildarea3/yzhao1/poky-build/meta/lib/oeqa/selftest/buildoptions.py", line 25, in test_incremental_image_generation self.assertEqual(0, res.status, msg="No match for openssh-sshd in log.do_rootfs") AssertionError: 0 != 1 : No match for openssh-sshd in log.do_rootfs ---------------------------------------------------------------------- Using re search instead grep (From OE-Core rev: 1872a9430cec0c61f1ec349df198160addd430de) (From OE-Core rev: afecc84cdd491789e62fb191a4f03de61e408629) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01qemurunner: Improves checking for server and target IPs on qemus parametersAlejandro Hernandez
Fixes OS hanging infinitely waiting for qemus process to release bitbake.lock (From OE-Core rev: d168bf34c553dbe5de7511e158cd83869d7a88bc) (From OE-Core rev: 99ac0971aecb1b6bc113da28b79d169095e6b671) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01oeqa/utils/qemurunner: fix loggingPaul Eggleton
OE-Core commit 519e381278d40bdac79add340e4c0460a9f97e17 unfortunately broke logging in two different ways: 1) it prevented logging to the task log from working within bitbake -c testimage. This is due to the logger object being set up too early which interferes with BitBake's own logging. If we prefix the name with "BitBake." everything works (and we don't need to set the logging level). 2) Additionally because it called the log functions on the logging module and not the logger object it set up, this caused the oe-selftest logging to start printing everything from that point forward. Fix these two issues and return us to the desired behaviour for do_testimage. (From OE-Core rev: 429b1971be06d5146bb1c14f4697966cddab3b33) (From OE-Core rev: 144c6a2d711f7cf4dafc22999ed8cf4cdb329dfc) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>