[yocto-security] [OE-core CVE] branch master-next updated. uninative-2.2-221-g31d8a8b
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Sat Aug 11 03:07:28 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master-next has been updated
discards e7b1aa10f577086675a6478c9d59dc66782cbfe1 (commit)
discards e0a98ea3b35bffa797f2227e106e0414c58786f9 (commit)
discards 7dfb275eb2ed352f7c6cc4553eff761d2189e83f (commit)
discards 85eb6cb06bb881cc3f8e395694e87dafd450ee0c (commit)
discards eca0cf17d94b338580ca3ddba95ac57fcbec78ba (commit)
discards 0ba508a55dd29283d9aad4107edb31746ef7c3ca (commit)
discards 496167c069b7a6f200b332743d2958f51269d5cc (commit)
discards 9949655038527d14fa3149adc46605a228884bcf (commit)
discards ddb055ca103cc8999a0f4bb496636a0a805fdf80 (commit)
discards 82b392b58c7d6a2a85e96efdd22cd7c0a5c0cd33 (commit)
discards 66653c2fd2ae10390b6ab8de812bef0a05127ad6 (commit)
discards cab71c49dd6be3a8658b470fd8b101af47db9fbf (commit)
discards 026140c0338f56368bb7dcbcb614f3b47b1666fd (commit)
discards 8b7802a06ced05d7978cf07740ab5b267c575400 (commit)
discards b3acc35118abdb64f60211612a22312a7e6d1364 (commit)
discards 8dfba8cc56e47c72192a83804214e34287f36920 (commit)
via 31d8a8b33d6fef9ca18a3e410012ce96749d0c2a (commit)
via 010f0d6c82b81254ae7ed70b6cdb6961e23ff233 (commit)
via de9303992721ab33ddccd085369165e403323d37 (commit)
via 5a008b50ba5ec0b8aae6d73ae59fc0e0e0fb4c1a (commit)
via 520be9646f20ff4782a523e2881f30ee9eb48d6f (commit)
via b756e4502af18396180cd7462c161a94dc92a454 (commit)
via c6047ba8d5ccad82c8c5dece79299b4577359d51 (commit)
via 9be9e0d277849346b8b19092944956b4bb169a50 (commit)
via bf6e00b3ab1b4cd6db9566147142c597a4e9f221 (commit)
via 23e1e3326b1b2e810a88664a30043f0002666b0e (commit)
via 58874f7cd39dd9baa7065e9044958ddf446c89c4 (commit)
via 85d2c3406a4c020c1235a33ee740a5263c52c3a4 (commit)
via db88b5211ec9f856d6a439109299243390b1000e (commit)
via 142f97239e8aadc95aeb944afba69870e210ca01 (commit)
via e6b17441237a7ed42e6eece4eae642f0f77b2252 (commit)
via a97b6aa39179d30b8a29e2c867b8d56965d4a95f (commit)
via a9b4e04178bdf3e659891b172b5d6de0c3ec53aa (commit)
via c05f27f9fa6a532e2d7aad5b1d934f07c657b3de (commit)
via 9865e2d15a267e7a165257ad1c89831822a612aa (commit)
via 54d11034e5df52079d2b354bdff82da18fc6688e (commit)
via aff18c3e790597106c390f5026e191d138a560d4 (commit)
via 4cf08d623dc69b9293d0a7e459e221dcb4837a99 (commit)
via 98f6972be1930e12ad7cace43fb5c6d89901bddb (commit)
via 21c276c12931e6b698c1701519a944d7fde226a2 (commit)
via 17098c53c10e71d95afa5d96eef310c0e886d0b5 (commit)
via dfd56a0f4b57e9294a6ff7ebb2f05b98a01f55a1 (commit)
via d51384218c39c7bfbb1118b4c349cf8446a8e8a4 (commit)
via e733de3f5d0221ffb57a99cdd024c56dcd9c7257 (commit)
via 4b079b803867c3e3f7d68d816b072f4de40944dd (commit)
via 160a6cf7a60bfe9d5173086ac6c63e9796e4b389 (commit)
via 021941fc408880352e2b6b171fa4cfa2d3e614c5 (commit)
via ab6862d9cfa8e7ef2371af03bdbb5be28e16b3c3 (commit)
via a67a1fc3089ecb0385ff7c31514e8d4312cb2855 (commit)
via e763151e1f7cfe9ea56de06f41769f8a3d74d219 (commit)
via 0474326d79b7675dabe63f691733e8c6b24b2fb0 (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (e7b1aa10f577086675a6478c9d59dc66782cbfe1)
\
N -- N -- N (31d8a8b33d6fef9ca18a3e410012ce96749d0c2a)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 31d8a8b33d6fef9ca18a3e410012ce96749d0c2a
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:25 2018 -0700
sysvinit: Fix build with glibc 2.28 + libxcrypt
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 010f0d6c82b81254ae7ed70b6cdb6961e23ff233
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:24 2018 -0700
ppp, libpam: Add missing dep on virtual/crypt
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit de9303992721ab33ddccd085369165e403323d37
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:22 2018 -0700
glibc: Disable crypt support in glibc
Drop packaging libcrypt from 2.28+ onwards
We have independent crypt implementation coming from libxcrypt
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 5a008b50ba5ec0b8aae6d73ae59fc0e0e0fb4c1a
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:21 2018 -0700
libxcrypt: Upgrade to 4.1.1
license update: Remove CDDL code with Public Domain pieces
https://github.com/besser82/libxcrypt/commit/c76847e3be40c4ac0d78bc8518502418c6207144#diff-fdcb2380ff1eeea2e5795ec115ba1c0d
inherit pkgconfig as it uses pkg-config during build
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 520be9646f20ff4782a523e2881f30ee9eb48d6f
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:20 2018 -0700
libxcrypt: Provide virtual/crypt for target and native as well
virtual/crypt for musl will come from libc itself
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit b756e4502af18396180cd7462c161a94dc92a454
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:19 2018 -0700
cross-localedef-native: Update to build with glibc 2.28
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit c6047ba8d5ccad82c8c5dece79299b4577359d51
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:18 2018 -0700
glibc: Upgrade to 2.28
License-Update: libidn is dropped from glibc and a testcase that was a particular contributor copyrighted
see
https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=LICENSES;h=0e3a9fe39b26e97038d92f904508a4c3aa1bb43b;hp=b29efe01084af28cc40953d7317f22927c0ee3b7;hb=5a357506659f9a00fcf5bc9c5d8fc676175c89a7;hpb=7279af007c420a9d5f88a6909d11e7cb712c16a4
https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=LICENSES;h=b29efe01084af28cc40953d7317f22927c0ee3b7;hp=80f7f1487947f57815b9fe076fadc8c7f94eeb8e;hb=7f9f1ecb710eac4d65bb02785ddf288cac098323;hpb=5f7b841d3aebdccc2baed27cb4b22ddb08cd7c0c
Drop upstreamed and backported patches
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 9be9e0d277849346b8b19092944956b4bb169a50
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Wed Aug 1 13:25:35 2018 +0800
base-files: fix handling of resize
The current handling of resize is incorrect. Using `resize > /dev/null
2>&1 && resize > /dev/null' will cause the second resize command to not
execute because 'resize > /dev/null 2>&1' will fail for resize utility
from busybox.
What we really should do is just to check whether ${bindir}/resize
is executable and execute it if so. Using '-x' is sufficient.
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit bf6e00b3ab1b4cd6db9566147142c597a4e9f221
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Mon Jul 30 17:41:57 2018 +0800
busybox: move init related configs to init.cfg
Move init related configs to init.cfg.
These config items do not make much sense unless busybox is selected
as the init manager. They should belong to init.cfg.
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 23e1e3326b1b2e810a88664a30043f0002666b0e
Author: Andrej Valek <andrej.valek at siemens.com>
Date: Thu Aug 9 10:06:37 2018 +0200
libxml2: Fix CVE-2018-14404
Fix nullptr deref with XPath logic ops
If the XPath stack is corrupted, for example by a misbehaving extension
function, the "and" and "or" XPath operators could dereference NULL
pointers. Check that the XPath stack isn't empty and optimize the
logic operators slightly.
CVE: CVE-2018-14404
Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 58874f7cd39dd9baa7065e9044958ddf446c89c4
Author: Changqing Li <changqing.li at windriver.com>
Date: Fri Aug 10 17:35:55 2018 +0800
curl: support multilib installation of curl-config
Signed-off-by: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 85d2c3406a4c020c1235a33ee740a5263c52c3a4
Author: Mikko Rapeli <mikko.rapeli at bmw.de>
Date: Fri Aug 10 17:27:56 2018 +0300
perf: fail if src path does not exist
A missing src directory from a broken kernel recipe resulted
only in a warning:
WARNING: copyfile: stat of /home/builder/src/tmp-glibc/work-shared/target/kernel-source/tools/arch failed ([Errno 2] No such file or directory: '/home/builder/src/tmp-glibc/work-shared/target/kernel-source/tools/arch')
With this change it's an error which can not be missed:
ERROR: perf-1.0-r9 do_configure: Path does not exist: /home/builder/src/tmp-glibc/work-shared/target/kernel-source/tools/arch
ERROR: perf-1.0-r9 do_configure: Function failed: copy_perf_source_from_kernel
ERROR: Logfile of failure stored in: /home/builder/src/tmp-glibc/work/target-linux/perf/1.0-r9/temp/log.do_configure.21083
NOTE: recipe perf-1.0-r9: task do_configure: Failed
ERROR: Task (/home/builder/src/poky/meta/recipes-kernel/perf/perf.bb:do_configure) failed with exit code '1'
Signed-off-by: Mikko Rapeli <mikko.rapeli at bmw.de>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit db88b5211ec9f856d6a439109299243390b1000e
Author: Kai Kang <kai.kang at windriver.com>
Date: Fri Aug 10 16:14:26 2018 +0800
allarch: disable allarch when multilib is used
Some allarch packages rdepends non-allarch packages. When multilib is
used, it doesn't expand the dependency chain correctly, e.g.
core-image-sato -> ca-certificates(allarch) -> openssl
we expect dependency chain for lib32-core-image-sato:
lib32-core-image-sato -> ca-certificates(allarch) -> lib32-openssl
it should install lib32-openssl for ca-certificates but openssl is
still wrongly imported.
Disable allarch when multilib is used.
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 142f97239e8aadc95aeb944afba69870e210ca01
Author: Zhixiong Chi <zhixiong.chi at windriver.com>
Date: Fri Aug 10 00:31:34 2018 -0700
multilib-script: Fix ALTERNATIVE_${PN} overwrite issue
If multilib scripts handle more than one file per package, the variable
ALTERNATIVE_${PN} will be overwritten and there will be only one symbol
link file. Append to the variable to avoid this.
Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit e6b17441237a7ed42e6eece4eae642f0f77b2252
Author: Christopher Clark <christopher.w.clark at gmail.com>
Date: Thu Aug 9 18:32:01 2018 -0700
libjpeg-turbo: fix timezone of reproducible build timestamp
Avoids producing different build results in different timezones.
Uses UTC with SOURCE_DATE_EPOCH.
Signed-off-by: Christopher Clark <christopher.clark6 at baesystems.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit a97b6aa39179d30b8a29e2c867b8d56965d4a95f
Author: Jaewon Lee <jaewon.lee at xilinx.com>
Date: Thu Aug 9 16:41:29 2018 -0700
devtool-source.bbclass: Support kernel-fragments/patch not in SRC_URI
When using a recipe space kernel-meta, scc files are added through
SRC_URI, but they may include corresponding kernel fragments or patches
that are not necessarily in SRC_URI.
For bitbake, this is not a problem because the kernel-yocto class adds
the path where the .scc file was found to includes which consequentially
makes the .cfg, .patch file available to the kernel build.
However, when using devtool, only files specified in SRC_URI are copied
to oe-local-files in devtool's workspace. So if the cfg/patch file is not in
SRC_URI, it won't be copied, causing a kernel build failure when trying
to find it.
This fix parses local .scc files in SRC_URI, copies the corresponding
.cfg/.patch file to devtool's workdir, and also adds it to local_files
so it is available when doing a devtool build for the kernel.
[YOCTO #12858]
v2: also supporting patch not in SRC_URI
v3: fix spacing issues
Signed-off-by: Jaewon Lee <jaewon.lee at xilinx.com>
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandr at xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit a9b4e04178bdf3e659891b172b5d6de0c3ec53aa
Author: Paulo Neves <ptsneves at gmail.com>
Date: Fri Aug 10 21:37:59 2018 +0200
masterimage: Check for rootfs path instead of file.
The rootfs might be a directory path or a file path. A
case in point is if the test wants to deploy a rootfs
directly by rsyncing it to the target or even use it
as part of a tftp server.
Signed-off-by: Paulo Neves <ptsneves at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit c05f27f9fa6a532e2d7aad5b1d934f07c657b3de
Author: Paulo Neves <ptsneves at gmail.com>
Date: Fri Aug 10 21:37:58 2018 +0200
testimage: target.start exceptions not masked.
Previously the target.start exceptions were being
masked by the catch clause of RuntimeError and
BlockingIOError which are very broad. We decoupled
the start method try clause from the runTests try
clause which requires catching the BlockingIOError and
RuntimeError.
Signed-off-by: Paulo Neves <ptsneves at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 9865e2d15a267e7a165257ad1c89831822a612aa
Author: Paulo Neves <ptsneves at gmail.com>
Date: Fri Aug 10 21:37:57 2018 +0200
testimage: Refactoring and fixing.
The testimage.bbclass invocation of controllers besides
simpletarget and qemutarget was broken. Setting TEST_TARGET
to class names did not work, only hardcoded values set in
context.py were allowed. On the other hand the other
TEST_TARGETs available were supposedly available through the
class name convetion but none of them were working. See:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=12842
In this commit qemuwrapper and simpletarget TEST_TARGETS are
now not available through these names, but through the
common convention of class names.
The code for layer defined controllers was outdated and
broken because the example controllers in meta-yocto-bsp as
well as the controllers available in masterimage were
dependent only on the datastore d being available for
__init__ contruction, when the testimage.bbclass and
context.py, which initialize test controllers never passed
the datastore. This commit fixes all the openembedded
controllers to not use the datastore, but the testdata json
file that is loaded by the testimage.bbclass. This way the
tests can still be exported to be ran outside bitbake. The
kwargs and logger is still passed in the constructor and
there maybe some redundancies between the kwargs and the td
test datstore, but this is not addressed in this commit.
In masterimage.py there was a duplicate SystemdbootTarget
which was removed. It is my opinion that all targets should
go to meta-yocto-bsp or meta/ and should not get special
treatment whether they come from poky or other layer.
In this commit functionality that was lost in masterimage
about retrieving a fresh BB_ORIGENV. The test data json file
does not store this variable, so the build-time enviromental
variables cannot be retrieved later on, when running the
tests.
The deploy() method invocation of the test cases was removed
in the refactoring and this commit re-adds it in the same
logical place. The deploy method was added as an abstract
method so that all Test controller classes have this method.
This method had been lost and was not used in the
simpleremote and qemuwrapper, because these controllers do
not need the functionality, but almost any real board
requires certain steps to deploy the new images, before the
tests can be ran. An example of this need was visible in the
master image and subclasses in meta-yocto-bsp.
A dependency on images fstypes of qemu was removed from
testimage. The allowed file system types were not relevant
for other controllers, and made it so that there was an
import of the OEQemuTarget python class applicable to all
possible controllers, including non qemu.
The SimpleRemoteTarget, OEQemuTarget and a custom
controller, developed according to the manual were
successfully tested.
Signed-off-by: Paulo Neves <ptsneves at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 54d11034e5df52079d2b354bdff82da18fc6688e
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Tue Jul 10 18:57:56 2018 +0100
oe-selftest: quick hack to test
(From OE-Core rev: aa5fd58151b4bee84ebdb3e93fec8960312acd5d)
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit aff18c3e790597106c390f5026e191d138a560d4
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Fri Aug 10 10:10:15 2018 +0000
libtool-cross: Handle ccache sstate 'infection' issues
On a system without ccache, f you:
INHERIT += "ccache"
bitbake libtool-cross
<remove INHERIT>
bitbake apmd
then it fails due to being unable to find ccache. The references to ccache are
coded into libtool-cross but the sstate checksum doesn't reflect this due to the
way the class is coded (output should be the same regardless).
The simplest solution is to remove references to ccache from the libtool script.
The output then works regardless of whether ccache is present or not. The
libtool-cross script is only used in a handful of cases (most of the time its
dynamically generated by autoconf) so any performance issue is minor.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 4cf08d623dc69b9293d0a7e459e221dcb4837a99
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Thu Aug 9 16:58:07 2018 +0000
sstate: Remove DEPLOY_DIR_IMAGE from SSTATE_DUPWHITELIST
Replace the generic whitelist entry with entries for the three specific
'problem' cases in OE-Core. This means the general DEPLOY_DIR_IMAGE entry
doesn't mask problems for others as was recently encoutered by users
reported on irc. In the whitelisted cases they occur only in multilib builds
and the files are identical.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 98f6972be1930e12ad7cace43fb5c6d89901bddb
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Thu Aug 9 12:17:39 2018 +0000
oeqa/esdk/devtool: Drop OETestDepends usage
OETestDepends doesn't work with parallelism and in this case we don't
really need this dependency, it would just short out some tests quickly
in the rare case the esdk environment was broken.
Currently this is masking tests which is a much worse problem and we
can't make OETestDepends work reliably with parallelism so drop the
dependencies.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 21c276c12931e6b698c1701519a944d7fde226a2
Author: Urs Fässler <urs.fassler at bbv.ch>
Date: Wed Aug 8 09:33:52 2018 +0200
cmake: fix compiling some C++ projects with Yocto SDK and GCC
Setting CMAKE_SYSROOT in the toolchain file allows CMake to correctly
remove user-provided system include directories pointing to
<sysroot>/usr/include. The mentioned projects failed with "stdlib.h:
No such file or directory #include_next <stdlib.h>".
Signed-off-by: Urs Fässler <urs.fassler at bbv.ch>
Signed-off-by: Raphael Freudiger <raphael.freudiger at siemens.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 17098c53c10e71d95afa5d96eef310c0e886d0b5
Author: Andre McCurdy <armccurdy at gmail.com>
Date: Wed Aug 8 11:15:12 2018 -0700
openssl_1.0: drop unnecessary call to perlpath.pl from do_configure()
The perlpath.pl script is used to patch the #! lines in all perl
scripts in the utils directory. However, as these scripts are run via
e.g. "perl foo.pl", they don't actually rely on the #! path to be
correct (which can be confirmed by the observation that the path is
currently being set to ${STAGING_BINDIR_NATIVE}/perl, which doesn't
exist).
Signed-off-by: Andre McCurdy <armccurdy at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit dfd56a0f4b57e9294a6ff7ebb2f05b98a01f55a1
Author: Maciej Pijanowski <maciej.pijanowski at 3mdeb.com>
Date: Wed Aug 8 22:27:54 2018 +0200
meta: replace deprecated "SERIAL_CONSOLE"
SERIAL_CONSOLE was already deprecated in 2013, yet still some
machine configuration files were using it. This patch replaces
it with SERIAL_CONSOLES, which is the successor.
The default value in systemd-serialgetty.bb can also be safely
transitioned from SERIAL_CONSOLE to SERIAL_CONSOLES, as this
recipe already uses SERIAL_CONSOLES within do_install().
The documentation seems to be already up do date.
beaglebone-yocto.conf in the bsp-guide already uses
SERIAL_CONSOLES. The ref-manual redirects from SERIAL_CONSOLE
to SERIAL_CONSOLES.
[YOCTO #12653]
Signed-off-by: Maciej Pijanowski <maciej.pijanowski at 3mdeb.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit d51384218c39c7bfbb1118b4c349cf8446a8e8a4
Author: Daniel Díaz <daniel.diaz at linaro.org>
Date: Thu Aug 9 12:14:54 2018 -0500
multilib_header: recognize BPF as a target
When building with `clang -target bpf` using the
multilib_header, a recursion was unavoidable because
bits/wordsize.h would #include itself, still lacking
a definition for __MHWORDSIZE or __WORDSIZE.
Signed-off-by: Daniel Díaz <daniel.diaz at linaro.org>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit e733de3f5d0221ffb57a99cdd024c56dcd9c7257
Author: Daniel Díaz <daniel.diaz at linaro.org>
Date: Thu Aug 9 12:14:53 2018 -0500
glibc: Make bits/wordsize.h multilibbed again
As reported by ChenQi, leaving bits/wordsize.h out of being
multilibbed introduced a problem in building the SDK for
arm64:
Error: Transaction check error:
file /usr/include/bits/wordsize.h conflicts between attempted installs of lib32-libc6-dev-2.27-r0.armv7vet2hf_vfp and libc6-dev-2.27-r0.aarch64
This effectively reverts commit a74c77d6.
Signed-off-by: Daniel Díaz <daniel.diaz at linaro.org>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 4b079b803867c3e3f7d68d816b072f4de40944dd
Author: Martin Jansa <martin.jansa at gmail.com>
Date: Thu Aug 9 13:39:45 2018 +0000
man-pages: respect api-documentation
* let manpages.bbclass to enable manpages PACKAGECONFIG based on
api-documentation DISTRO_FEATURES
PACKAGECONFIG_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'api-documentation', 'manpages','', d)}"
* it's true that building man-pages without manpages being enabled
doesn't make much sense, but it's included through couple
packagegroups:
meta/recipes-core/packagegroups/packagegroup-self-hosted.bb: man-pages \
meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb: man-pages \
or in world even for people who might not be interested
in man-pages
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 160a6cf7a60bfe9d5173086ac6c63e9796e4b389
Author: Martin Jansa <martin.jansa at gmail.com>
Date: Thu Aug 9 12:16:59 2018 +0000
dropbear.inc: add dependency on virtual/crypt to fix build with glibc-2.28
configure tests crypt() existence with:
dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
dnl but we don't want link all binaries to -lcrypt, just dropbear server.
dnl OS X doesn't need -lcrypt
AC_CHECK_FUNC(crypt, found_crypt_func=here)
AC_CHECK_LIB(crypt, crypt,
[
CRYPTLIB="-lcrypt"
found_crypt_func=here
])
AC_SUBST(CRYPTLIB)
if test "t$found_crypt_func" = there; then
AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
fi
but that silently fails with glibc-2.28 and a bit later do_compile fails with;
http://errors.yoctoproject.org/Errors/Details/185895/
../dropbear-2018.76/sysoptions.h:237:3: error: #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
#error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
^~~~~
Add dependency on virtual/crypt so that do_configure detects it correctly.
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 021941fc408880352e2b6b171fa4cfa2d3e614c5
Author: Martin Jansa <martin.jansa at gmail.com>
Date: Thu Aug 9 12:14:41 2018 +0000
perf: inherit manpages instead of adding man to RDEPENDS_${PN}-doc
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit ab6862d9cfa8e7ef2371af03bdbb5be28e16b3c3
Author: Martin Jansa <martin.jansa at gmail.com>
Date: Thu Aug 9 11:44:47 2018 +0000
glide: add INSANE_SKIP for textrel
* I'm not using glide, so I'm not going to fix it proplerly,
it was just bothering me in world builds
* this is reproducible only with ptest in DISTRO_FEATUREs (for aarch64
issue) and included security_flags.inc, more specifically with the PIE
flags, so alternative work around is:
SECURITY_CFLAGS_pn-glide = "${SECURITY_NOPIE_CFLAGS}"
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit a67a1fc3089ecb0385ff7c31514e8d4312cb2855
Author: Martin Jansa <martin.jansa at gmail.com>
Date: Thu Aug 9 11:44:46 2018 +0000
go(-dep): add INSANE_SKIP for textrel
* I'm not using go or go-dep, so I'm not going to fix it proplerly,
it was just bothering me in world builds
* this is reproducible only with ptest in DISTRO_FEATUREs (for aarch64
issue) and included security_flags.inc, more specifically with the PIE
flags, so alternative work around is:
SECURITY_CFLAGS_pn-go = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_CFLAGS_pn-go-dep = "${SECURITY_NOPIE_CFLAGS}"
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit e763151e1f7cfe9ea56de06f41769f8a3d74d219
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 15:49:13 2018 -0700
lib/oe: Fix collections ABCs DeprecationWarning in Python 3.7+
- Prefer collections.abc (new in Python 3.3) over collections for abstract base classes
- In Python 3.8, the abstract base classes in collections.abc will no longer be exposed in
the regular collections module. This will help create a clearer distinction between
the concrete classes and the abstract base classes."
- https://docs.python.org/3.7/whatsnew/3.7.html#deprecated
- see https://github.com/python/cpython/commit/c66f9f8d3909f588c251957d499599a1680e2320
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 0474326d79b7675dabe63f691733e8c6b24b2fb0
Author: Ross Burton <ross.burton at intel.com>
Date: Wed Aug 8 21:37:52 2018 +0100
oeqa/sdk/buildgalculator: check for nativesdk-gettext-dev
We don't need target gettext to build, but nativesdk-gettext-dev (for nls.m4).
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/allarch.bbclass | 4 +
meta/classes/devtool-source.bbclass | 12 +
meta/classes/icecc.bbclass | 2 +-
meta/classes/multilib.bbclass | 3 +-
meta/classes/multilib_global.bbclass | 4 +-
meta/classes/multilib_script.bbclass | 2 +-
meta/classes/package.bbclass | 9 +-
meta/classes/staging.bbclass | 2 +-
meta/classes/testimage.bbclass | 54 ++-
meta/conf/distro/include/tclibc-musl.inc | 1 +
meta/conf/distro/include/tcmode-default.inc | 2 +-
meta/lib/oeqa/controllers/masterimage.py | 113 ++----
.../target/qemu.py => controllers/qemutarget.py} | 30 +-
meta/lib/oeqa/controllers/simpleremote.py | 33 ++
.../target/ssh.py => controllers/sshtarget.py} | 9 +-
meta/lib/oeqa/core/target/__init__.py | 4 +
meta/lib/oeqa/runtime/context.py | 32 +-
meta/lib/oeqa/targetcontrol.py | 97 ++---
meta/recipes-connectivity/ppp/ppp_2.4.7.bb | 2 +-
meta/recipes-core/base-files/base-files/profile | 6 +-
meta/recipes-core/base-files/base-files_3.0.14.bb | 1 +
meta/recipes-core/busybox/busybox/defconfig | 12 +-
meta/recipes-core/busybox/busybox/init.cfg | 7 +-
...tive_2.27.bb => cross-localedef-native_2.28.bb} | 20 +-
...glibc-initial_2.27.bb => glibc-initial_2.28.bb} | 0
.../{glibc-locale_2.27.bb => glibc-locale_2.28.bb} | 0
.../{glibc-mtrace_2.27.bb => glibc-mtrace_2.28.bb} | 0
meta/recipes-core/glibc/glibc-package.inc | 2 +-
...glibc-scripts_2.27.bb => glibc-scripts_2.28.bb} | 0
meta/recipes-core/glibc/glibc.inc | 4 +-
...libc-Look-for-host-system-ld.so.cache-as-.patch | 12 +-
...libc-Fix-buffer-overrun-with-a-relocated-.patch | 10 +-
...libc-Raise-the-size-of-arrays-containing-.patch | 18 +-
...ivesdk-glibc-Allow-64-bit-atomics-for-x86.patch | 6 +-
...ibc-Make-relocatable-install-for-locales.patch} | 45 ++-
...00-e5500-e6500-603e-fsqrt-implementation.patch} | 44 +--
...OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch} | 6 +-
...Fix-undefined-reference-to-__sqrt_finite.patch} | 6 +-
...rt-f-are-now-inline-functions-and-call-o.patch} | 6 +-
...ug-1443-which-explains-what-the-patch-do.patch} | 8 +-
...-libm-err-tab.pl-with-specific-dirs-in-S.patch} | 6 +-
...rt-f-are-now-inline-functions-and-call-o.patch} | 6 +-
...configure.ac-handle-correctly-libc_cv_ro.patch} | 6 +-
...ibute.patch => 0014-Add-unused-attribute.patch} | 6 +-
...hin-the-path-sets-wrong-config-variables.patch} | 6 +-
...timezone-re-written-tzselect-as-posix-sh.patch} | 6 +-
...ove-bash-dependency-for-nscd-init-script.patch} | 6 +-
...-Cross-building-and-testing-instructions.patch} | 10 +-
...19-eglibc-Help-bootstrap-cross-toolchain.patch} | 12 +-
... 0020-eglibc-Clear-cache-lines-on-ppc8xx.patch} | 6 +-
...021-eglibc-Resolve-__fpscr_values-on-SH4.patch} | 6 +-
...ward-port-cross-locale-generation-support.patch | 28 +-
...0023-Define-DUMMY_LOCALE_T-if-not-defined.patch | 6 +-
....c-Make-_dl_build_local_scope-breadth-fir.patch | 10 +-
...-locale-fix-hard-coded-reference-to-gcc-E.patch | 6 +-
...26-reset-dl_load_write_lock-after-forking.patch | 14 +-
...so-lock-before-switching-to-malloc_atfork.patch | 30 +-
...o-consts.h-enum-definition-for-TRAP_HWBKP.patch | 14 +-
...ncpy-with-memccpy-to-fix-Wstringop-trunca.patch | 40 --
...d-to-archive-uses-a-hard-coded-locale-pa.patch} | 23 +-
...l-Emit-no-lines-in-bison-generated-files.patch} | 17 +-
.../glibc/0031-nativesdk-deprecate-libcrypt.patch | 419 ---------------------
meta/recipes-core/glibc/glibc/CVE-2017-18269.patch | 178 ---------
meta/recipes-core/glibc/glibc/CVE-2018-11236.patch | 164 --------
meta/recipes-core/glibc/glibc/CVE-2018-11237.patch | 82 ----
.../glibc/{glibc_2.27.bb => glibc_2.28.bb} | 47 ++-
.../{libxcrypt_4.0.1.bb => libxcrypt_4.1.1.bb} | 11 +-
.../libxml/libxml2/fix-CVE-2018-14404.patch | 45 +++
meta/recipes-core/libxml/libxml2_2.9.8.bb | 1 +
...-sysmacros.h-for-major-minor-defines-in-g.patch | 71 ++++
meta/recipes-core/sysvinit/sysvinit_2.88dsf.bb | 3 +-
meta/recipes-extended/pam/libpam_1.3.0.bb | 2 +-
meta/recipes-graphics/jpeg/libjpeg-turbo_1.5.3.bb | 2 +-
meta/recipes-kernel/perf/perf.bb | 2 +
meta/recipes-support/curl/curl_7.61.0.bb | 3 +
75 files changed, 580 insertions(+), 1342 deletions(-)
rename meta/lib/oeqa/{core/target/qemu.py => controllers/qemutarget.py} (58%)
create mode 100644 meta/lib/oeqa/controllers/simpleremote.py
rename meta/lib/oeqa/{core/target/ssh.py => controllers/sshtarget.py} (98%)
rename meta/recipes-core/glibc/{cross-localedef-native_2.27.bb => cross-localedef-native_2.28.bb} (67%)
rename meta/recipes-core/glibc/{glibc-initial_2.27.bb => glibc-initial_2.28.bb} (100%)
rename meta/recipes-core/glibc/{glibc-locale_2.27.bb => glibc-locale_2.28.bb} (100%)
rename meta/recipes-core/glibc/{glibc-mtrace_2.27.bb => glibc-mtrace_2.28.bb} (100%)
rename meta/recipes-core/glibc/{glibc-scripts_2.27.bb => glibc-scripts_2.28.bb} (100%)
rename meta/recipes-core/glibc/glibc/{relocate-locales.patch => 0005-nativesdk-glibc-Make-relocatable-install-for-locales.patch} (80%)
rename meta/recipes-core/glibc/glibc/{0005-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch => 0006-fsl-e500-e5500-e6500-603e-fsqrt-implementation.patch} (97%)
rename meta/recipes-core/glibc/glibc/{0006-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch => 0007-readlib-Add-OECORE_KNOWN_INTERPRETER_NAMES-to-known-.patch} (85%)
rename meta/recipes-core/glibc/glibc/{0007-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch => 0008-ppc-sqrt-Fix-undefined-reference-to-__sqrt_finite.patch} (98%)
rename meta/recipes-core/glibc/glibc/{0008-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch => 0009-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch} (98%)
rename meta/recipes-core/glibc/glibc/{0009-Quote-from-bug-1443-which-explains-what-the-patch-do.patch => 0010-Quote-from-bug-1443-which-explains-what-the-patch-do.patch} (93%)
rename meta/recipes-core/glibc/glibc/{0010-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch => 0011-eglibc-run-libm-err-tab.pl-with-specific-dirs-in-S.patch} (89%)
rename meta/recipes-core/glibc/glibc/{0011-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch => 0012-__ieee754_sqrt-f-are-now-inline-functions-and-call-o.patch} (93%)
rename meta/recipes-core/glibc/glibc/{0012-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch => 0013-sysdeps-gnu-configure.ac-handle-correctly-libc_cv_ro.patch} (88%)
rename meta/recipes-core/glibc/glibc/{0013-Add-unused-attribute.patch => 0014-Add-unused-attribute.patch} (86%)
rename meta/recipes-core/glibc/glibc/{0014-yes-within-the-path-sets-wrong-config-variables.patch => 0015-yes-within-the-path-sets-wrong-config-variables.patch} (98%)
rename meta/recipes-core/glibc/glibc/{0015-timezone-re-written-tzselect-as-posix-sh.patch => 0016-timezone-re-written-tzselect-as-posix-sh.patch} (90%)
rename meta/recipes-core/glibc/glibc/{0016-Remove-bash-dependency-for-nscd-init-script.patch => 0017-Remove-bash-dependency-for-nscd-init-script.patch} (92%)
rename meta/recipes-core/glibc/glibc/{0017-eglibc-Cross-building-and-testing-instructions.patch => 0018-eglibc-Cross-building-and-testing-instructions.patch} (99%)
rename meta/recipes-core/glibc/glibc/{0018-eglibc-Help-bootstrap-cross-toolchain.patch => 0019-eglibc-Help-bootstrap-cross-toolchain.patch} (91%)
rename meta/recipes-core/glibc/glibc/{0019-eglibc-Clear-cache-lines-on-ppc8xx.patch => 0020-eglibc-Clear-cache-lines-on-ppc8xx.patch} (96%)
rename meta/recipes-core/glibc/glibc/{0020-eglibc-Resolve-__fpscr_values-on-SH4.patch => 0021-eglibc-Resolve-__fpscr_values-on-SH4.patch} (92%)
delete mode 100644 meta/recipes-core/glibc/glibc/0029-Replace-strncpy-with-memccpy-to-fix-Wstringop-trunca.patch
rename meta/recipes-core/glibc/glibc/{archive-path.patch => 0029-localedef-add-to-archive-uses-a-hard-coded-locale-pa.patch} (69%)
rename meta/recipes-core/glibc/glibc/{0030-plural_c_no_preprocessor_lines.patch => 0030-intl-Emit-no-lines-in-bison-generated-files.patch} (59%)
delete mode 100644 meta/recipes-core/glibc/glibc/0031-nativesdk-deprecate-libcrypt.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-18269.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2018-11236.patch
delete mode 100644 meta/recipes-core/glibc/glibc/CVE-2018-11237.patch
rename meta/recipes-core/glibc/{glibc_2.27.bb => glibc_2.28.bb} (72%)
rename meta/recipes-core/libxcrypt/{libxcrypt_4.0.1.bb => libxcrypt_4.1.1.bb} (70%)
create mode 100644 meta/recipes-core/libxml/libxml2/fix-CVE-2018-14404.patch
create mode 100644 meta/recipes-core/sysvinit/sysvinit-2.88dsf/0001-include-sys-sysmacros.h-for-major-minor-defines-in-g.patch
hooks/post-receive
--
More information about the yocto-security
mailing list