1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-17 04:07:06 +00:00

2012 Commits

Author SHA1 Message Date
Leonardo Sandoval fb8bf6a75e init-install-efi.sh: Avoid /mnt/mtab creation if already present
The base-files recipe installs /mnt/mtab (it is a softlink of /proc/mounts),
so if an image includes the latter, there is no new to created it again inside
the install-efi.sh script, otherwise an error may occur as indicated on the
bug's site.

[YOCTO #7971]

(From OE-Core rev: 1679c3d7bfa1cff4e126e2ed3dff50bdd7c2eeab)

Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-07-11 23:10:10 +01:00
Armin Kuster c282df8993 glibc: CVE-2015-8776
it was found that out-of-range time values passed to the strftime function may
cause it to crash, leading to a denial of service, or potentially disclosure
information.

(From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee)

(From OE-Core rev: c50e30cb078ca0ad6f76241f0b0a5557cc17e3c0)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21 15:48:47 +00:00
Armin Kuster 204ad23574 glibc: CVE-2015-9761
A stack overflow vulnerability was found in nan* functions that could cause
applications which process long strings with the nan function to crash or,
potentially, execute arbitrary code.

(From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)

(From OE-Core rev: 1916b4c34ee9d752c12b8311cb9fd41e09b82900)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21 15:48:47 +00:00
Armin Kuster 14a42e2719 glibc: CVE-2015-8779
A stack overflow vulnerability in the catopen function was found, causing
applications which pass long strings to the catopen function to crash or,
potentially execute arbitrary code.

(From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5)

(From OE-Core rev: 01e9f306e0af4ea2d9fe611c1592b0f19d83f487)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21 15:48:47 +00:00
Armin Kuster dae5ee4e5e glibc: CVE-2015-8777
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or
libc6) before 2.23 allows local users to bypass a pointer-guarding protection
mechanism via a zero value of the LD_POINTER_GUARD environment variable.

(From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252)

(From OE-Core rev: bb6ce1334bfb3711428b4b82bca4c0d5339ee2f8)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21 15:48:47 +00:00
Koen Kooi bebaaf1d21 glibc 2.20: Security fix CVE-2015-7547
CVE-2015-7547: getaddrinfo() stack-based buffer overflow

(From OE-Core rev: b30a7375f09158575d63367600190a5e3a00b9fc)

Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-03 10:38:50 +00:00
Armin Kuster faf6ada4f2 glibc: Fixes a heap buffer overflow in glibc wscanf.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
http://openwall.com/lists/oss-security/2015/02/04/1

Reference to upstream fix:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;
h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06

(From OE-Core rev: 5aa90eef9b503ba0ffb138e146add6f430dea917)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>

Hand applied.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:15 +00:00
Sona Sarmadi a779191033 libxml2: CVE-2015-8241
Upstream bug (contains reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756263

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=
ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe

(From OE-Core rev: 84c6a67baaafee565ac4fad229bd8d07a21da09c)

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Sona Sarmadi d4db68ae6b libxml2: CVE-2015-8035
Fixes DoS when parsing specially crafted XML document
if XZ support is enabled.

References:
https://bugzilla.gnome.org/show_bug.cgi?id=757466

Upstream correction:
https://git.gnome.org/browse/libxml2/commit/?id=
f0709e3ca8f8947f2d91ed34e92e38a4c23eae63

(From OE-Core rev: e40cae30575a227bb0274869f720dffd816d629a)

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Sona Sarmadi aa10f103e1 libxml2: CVE-2015-7942
Fixes heap-based buffer overflow in xmlParseConditionalSections().

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/
?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456

(From OE-Core rev: a2980f004519a4baeb4c88ad924e15195fe75e32)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Tudor Florea fc3d4ce07d glibc: use patch for CVE-2015-1781
Patch added to the repo wasn't actually considered due to a
erronously way of specifying the sources.

(From OE-Core rev: 2cdc3dd4cc4426aa081b6cb99b67f1143cc64f81)

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Richard Purdie b38454c2e3 build-appliance-image: Update to dizzy head revision
(From OE-Core rev: 7bb182bdd130266100fc541fd09b82d09c51cd80)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-29 14:56:15 +01:00
Richard Purdie ca052426a6 cross-localedef-native: Use older C standards for older code
This older code needs specific compiler options to allow it to work
with gcc 5. These options are used in the 2.21 recipe in master/fido
so this simply backports them.

(From OE-Core rev: 447dba2a6a077c83083556ab79ab265d4b8a048f)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-26 09:14:43 +01:00
Martin Stolpe cfc5952b11 ncurses: fix native builds when host has gcc5
GCC"s preprocessor starts to add newlines which are not
handled properly by ncurses build system startin from
version 5.0.

See also: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7870

(From OE-Core rev: 3a5435b371c84ec28b6936b8c8fa6541a592d061)

(From OE-Core rev: 8492e143af25bf64d07fc117e7f1607aadf89f09)

Signed-off-by: Martin Stolpe <martin.stolpe@gmail.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-26 09:14:43 +01:00
Yue Tao 1b492dfcdd libxml2: Security Advisory - libxml2 - CVE-2015-1819
for CVE-2015-1819 Enforce the reader to run in constant memory

(From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7)

(From OE-Core rev: de6e4114d5285ea0d2a53d19c93ce96430cc9e30)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

Conflicts:
	meta/recipes-core/libxml/libxml2.inc
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-20 20:54:34 +01:00
Jussi Kukkonen 00fce45b55 dbus: CVE-2015-0245: prevent forged ActivationFailure
Fix CVE-2015-0245 by preventing non-root and non-systemd processes
from fooling the dbus daemon into thinking systemd service activation
failed.

(From OE-Core rev: a8aa06b2405dec31a306fdf47bd1fdf740fde7bd)

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-20 20:54:34 +01:00
Haris Okanovic 215c4d948d glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
Backport Arjun Shankar's patch for CVE-2015-1781:

A buffer overflow flaw was found in the way glibc's gethostbyname_r() and
other related functions computed the size of a buffer when passed a
misaligned buffer as input. An attacker able to make an application call
any of these functions with a misaligned buffer could use this flaw to
crash the application or, potentially, execute arbitrary code with the
permissions of the user running the application.

https://sourceware.org/bugzilla/show_bug.cgi?id=18287

(From OE-Core rev: c0f0b6e6ef1edc0a9f9e1ceffb1cdbbef2e409c6)

(From OE-Core rev: 96ff830b79c64d8f35c311b66906b492cbeeeb55)

Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Reviewed-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-07-20 20:54:33 +01:00
Reinette Chatre 9fd145d27e init-install-efi.sh: fix gummiboot entry installation
After selecting the "install" gummiboot option of a Live image we are
seeing boot failure resulting from the gummiboot entries not being
installed correctly. This seems to be a problem in this init-install-efi.sh
script where it incorrectly installs the gummiboot entries into the root
filesystem, not the boot partition. We fix it by installing the entries in
the boot partition.

(From OE-Core rev: c9b06c79ed8a082d1b385e9f61721aeeda9bf1af)

(From OE-Core rev: 4a44c9287d80dec0973b31d30d3d6250ce4b4df4)

Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Acked-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-05-01 12:35:40 +01:00
Saul Wold 29812e6173 busybox: unbreak tar of uncompressed files
A patch was added to fix compressed tar files, but broke uncompressed
tar files, this fix is from the busybox mailing list

http://lists.busybox.net/pipermail/busybox/2014-January/080389.html

[YOCTO #7645]

(From OE-Core rev: 2e67a2d35ffcaa0d35363b05209060aff7026c9a)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-29 17:53:35 +01:00
Richard Purdie 192a9e1031 build-appliance-image: Update to dizzy head revision
(From OE-Core rev: 907ef15bb8bf6bd4fb9edb529240ed9982626401)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-18 08:57:38 +01:00
Richard Purdie 15892013ce build-appliance-image: Update to dizzy head revision
(From OE-Core rev: 723e5486e89c6ebe4533ad05ebe5346744c452b1)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-17 22:44:19 +01:00
Bryan Evenson 1f994e8171 initscripts: Remove /etc/volatile.cache on upgrade
/etc/volatile.cache is a cached copy of a script (which is
generated by /etc/init.d/populate-volatile.sh) that generates
the volatile filesystem directories.  Since volatile.cache is
a generated file, it is not necessarily changed if
populate-volatile.sh is updated.  As a result, the stale script
can add/remove the wrong directories on the next system boot.

If initscripts is being upgraded, make sure volatile.cache gets
deleted.

(From OE-Core rev: 3bdc098028732a4b22b1e65e5566b4cbe105fd41)

Signed-off-by: Bryan Evenson <bevenson@melinkcorp.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-17 22:39:32 +01:00
Bryan Evenson 433ec67686 base-files: Check for /run and /var/lock softlinks on upgrade
Commit ea647cd9ee moved the locations
of /run and /var/lock to match the FHS 3 draft specifications.
However, the install doesn't remove the existing directories.
As a result, upgrading a system may result in /run as a softlink
to /var/run and /var/run as a softlink to /run, creating a circular
link.

During pre-install, check for the existence of the old softlinks and
remove them so the new directories can be installed.

(From OE-Core rev: edeeee8432dc749b02e5e6eca0503229e394ebd3)

Signed-off-by: Bryan Evenson <bevenson@melinkcorp.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-17 22:39:32 +01:00
Armin Kuster e8a260c9b8 util-linux: fix CVE-2014-9114
Backport a patch to fix CVE-2014-9114.
The patch has been integrated in util-linux-2.26.

[YOCTO #7180]

Hand applied do to version differencses.

(From OE-Core rev: de0c751f57de118bba808f85fa255bb2d99ed9cb)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-04-17 22:39:30 +01:00
Jonathan Liu 0fecd492b2 systemd: fix /var/log/journal ownership
The ownership needs to be explicitly set otherwise it inherits the user
and group id of the build user.

(From OE-Core rev: b81ad1d960fc0555f6255a887f6a3b524893703e)

Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-03-27 21:44:39 +00:00
Max Krummenacher f2a6123ba3 udev: don't keep ptest testdata laying around
Only unpack udev's testdata right before executing the tests and cleanup
afterwards.

udev's testsuite can be used by ptest. However currently the testdata against
which its functionality is tested is installed in the sysroot at udev install
time.
If the sysroot is used with qemu the testdata makes qemu entering an infinite
loop.
http://lists.openembedded.org/pipermail/openembedded-core/2014-September/097098.html

This has already been fixed for the systemd udev flavour.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=5664

(From OE-Core rev: 60c0b80048e1f8aae1a4aaa3619c84496a111ae2)

Signed-off-by: Max Krummenacher <max.oss.09@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-03-26 14:17:21 +00:00
Max Krummenacher ff2621b86c udev: fix ptest rule syntax check
The ptest which checks for correct udev rules fails.
Missing files and paths for the build host caused this.

(From OE-Core rev: 32fa3ff2849a74deeb13ac53cc65e212b9cffd92)

Signed-off-by: Max Krummenacher <max.oss.09@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-03-26 14:17:21 +00:00
Andre McCurdy 4c6ceb07f0 busybox: libarchive: open_zipped() does not need to check extensions
Backport from busybox 1_22_stable branch:

  http://git.busybox.net/busybox/commit/?h=1_22_stable&id=28dd64a0e1a9cffcde7799f2849b66c0e16bb9cc

(From OE-Core rev: cd20b3c009a9c1743f5cb054710214231e5dfcfc)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-03-25 12:52:51 +00:00
Andre McCurdy 1f718df76e busybox: lzop: add overflow check (CVE-2014-4607)
Backport from busybox 1_22_stable branch:

  http://git.busybox.net/busybox/commit/?h=1_22_stable&id=5698ff93233b47218a677fd7facd8cc90211d1a4

(From OE-Core rev: 680fc6e7c571f70cffa9799c21604e0719504591)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-03-25 12:52:51 +00:00
Khem Raj 42195a3ff5 systemd: Backports fixes to 216
Fix systemd-timesyncd assertion

when networkd is disabled then we now do not
create /run/systemd/netif/links but timesyncd needs it. So lets
manually create this file when networkd is disabled so timesyncd
can still function

When enabling systemd-timesyncd we need systemd-timesync user

Backport patches to enable timesyncd when resolved and networkd
are disabled

replace the resolv.conf symlinink patch with a proper backport

Change-Id: I53f1a53eec4e4a4dbdfb7e8cd155d544ee5d81ec
(From OE-Core rev: 2a675bc63b22724f12e6ed6ff58d0f1d1e0d3b29)

(From OE-Core rev: c53b22e593fe13edacddf2ecd4d5df67abd74905)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:10 +00:00
Armin Kuster 15ff8423dc busybox: cve-2014-9645
modprobe,rmmod: reject module names with slashes

(From OE-Core rev: 815a7b6fbf3b0cf95f5464bca687d97366d7ed6a)

(From OE-Core rev: 698ef44edcff82457e29baef1dd364d1fecf892b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:10 +00:00
Paul Gortmaker 8e02546ddd packagegroup-self-hosted: package all of Python
Based on commit 745dfbc869fd593d1b92e2bc9c01d589ab21ade3
"buildtools-tarball: package all of Python", we do the same here
for packagegroup-self-hosted.

The switch to the fetcher where it added BeautifulSoup revealed
a shortcoming in the python packaged for the self hosting (missing
htmlentitydefs).  Here we fix it in the same way as what was done
for buildtools-tarball and include python-modules vs. all the
individual little chunks.

(From OE-Core rev: 4afbc5f7b2b8a6587110b16cda90e72c3e73a506)

(From OE-Core rev: 55073276dabf0a996209296e0096ff1a93a3e1e5)

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:09 +00:00
Armin Kuster 620718b05d glibc: CVE-2014-9402 endless loop in getaddr_r
The getnetbyname function in glibc 2.21 in earlier will enter an infinite loop
if the DNS backend is activated in the system Name Service Switch
configuration, and the DNS resolver receives a positive answer while processing
the network name.

(From OE-Core rev: f03bf84c179f69ef4800ed92a4a9d9401d0e5966)

(From OE-Core rev: 7e3f4ddd001f9c50a49d8ba5ab548af311e6b51f)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:07 +00:00
Richard Purdie 6a07977e76 cross-canadian/meta-environment: Allow modification of TARGET_OS to be optional
There are some cases we want the manipulation cross-canadian performance
on TARGET_OS, there are also cases like meta-environment where we do not
want this manipulation.

We did try and use immediate expansion to avoid this problem and it
works in the non multilib case. If we have a multilib that used an
extension, like for example:

require conf/multilib.conf
MULTILIBS = "multilib:lib32 multilib:lib64"
DEFAULTTUNE = "mips32r2"
DEFAULTTUNE_virtclass-multilib-lib32 = "mips64-n32"
DEFAULTTUNE_virtclass-multilib-lib64 = "mips64"

then the n32 extension case will be misconfigured.

It turns out saving an unexpanded variable is hard. The best I could
come up with was:

SAVEDTOS := "${@d.getVar('TARGET_OS', False).replace("{", "*")}"

and then

localdata.setVar("TARGET_OS", d.getVar("SAVEDOS", False).replace('*','{'))

which is rather evil, I'd challenge someone to come up with a nicer way
of making it work though!

Rather than the above madness, we modify cross-canadian to make the
problamtic code conditional.

This fixes the original issue (where a linux-gnuspe target was seeing
'linux') of
http://cgit.openembedded.org/openembedded-core/commit/?id=0038634ee6e2b6035c023a2702547f20f67c103a
but also fixes the multilib one.

(From OE-Core rev: 85ff3d6491c54aa712ed238c561742cda4f4ba07)

(From OE-Core rev: 78a2eeea4e2ef867437c315337b9188e1f3fa759)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:06 +00:00
Ross Burton 37d5b56cb6 systemd: add missing RDEPENDS
systemd-ptest also needs a Python interpretter.  Also remove the redundant
comment.

systemd-kernel-install is a bash script that can't be trivially ported to POSIX
sh.

(From OE-Core rev: 9f6b34493d332f9eff54c3eb2da9483a344e6d3c)

(From OE-Core rev: 66900dc504d8e8af5439a01f94c7853e418fd0e3)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:05 +00:00
Richard Purdie 64090cf0d8 libxml2: Backport fix for CVE introduced entity issues
The CVE fix introduced problems with entity issues, we observed this
when building the Yocto Docs in particular. Backport the fix from
upstream so we can build our docs correctly.

[YOCTO #7134]

(From OE-Core rev: af501bd51f9a86edd34e0405bc32dabe21312229)

(From OE-Core rev: 9aa93835d19159ffd7cb212680044fc7f914a68f)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:05 +00:00
Joe MacDonald 41cca6fbe7 libxml2: fix CVE-2014-3660
It was discovered that the patch for CVE-2014-0191 for libxml2 is
incomplete.  It is still possible to have libxml2 incorrectly perform
entity substituton even when the application using libxml2 explicitly
disables the feature.  This can allow a remote denial-of-service attack on
systems with libxml2 prior to 2.9.2.

References:
    http://www.openwall.com/lists/oss-security/2014/10/17/7
    https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html

(From OE-Core rev: 643597a5c432b2e02033d0cefa3ba4da980d078f)

(From OE-Core rev: de7bc57398aaeb84fc9370d025b87f7711986ada)

Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:04 +00:00
Maxin B. John de51204518 coreutils: Fix CVE-2014-9471
Fiedler Roman discovered that coreutils' parse_datetime() function
has some flaws that may be exploitable if the date(1), touch(1),
or potentially other programs, accept untrusted input for certain
parameters. While researching this issue, he discovered that it
was independently discovered by Bertrand Jacquin and reported at
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872

$ touch '--date=TZ="123"345" @1'
*** Error in `touch': free(): invalid pointer: 0x00007fffd33e55e0 ***
Aborted

$ date '--date=TZ="123"345" @1'
date[394]: segfault at 7fff24000000 ip 00007f6dd5b73404 sp 00007fff27cce8f8
error 4 in libc-2.20.so[7f6dd5af7000+199000]
Segmentation fault

(From OE-Core rev: 54debe63cbd38dba56895541c434f895e158f70b)

Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:04 +00:00
Saul Wold eed2260137 glibc: Fix up minimal build with libc-libm
This addresses 2 issues discovered trying to build a minimal libc with
libm option.  By default nscd was always being built and without inet
enabled there were missing symbols.

[YOCTO #7108]

(From OE-Core rev: 89649881bcd0e76d6ee7c85c30e75bb01e1c004f)

(From OE-Core rev: 965943176c580b7943bb4d94efd58b8818c04919)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-02-11 17:40:04 +00:00
Richard Purdie 6dd21a9f15 build-appliance-image: Update to dizzy head revision
(From OE-Core rev: 64efe68c731d202059880b2fb61a282b9ad1c3e6)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-01-06 14:18:52 +00:00
Jackie Huang 63c0b4a441 packagegroup-self-hosted: add git-perltools
git-perltools provides some usefull git tools like:
git-submodule, git-request-pull, git-send-email, git-am, etc.

We should have it added in self-hosted image.

(From OE-Core rev: 4b0cbdc9c94b336f3102d4cce1886842b28ce6d5)

(From OE-Core rev: a4296a49ada629bc21ab29e2c6860583e0b4be07)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-01-06 14:13:42 +00:00
Otavio Salvador 7461790c39 sysvinit-inittab: Disable the carrier detect requirement for serial consoles
This aligns the params of getty with the ones used in Debian. From the
getty(8) manpage:

,----[ getty(8) manpage ]
|  -L, --local-line
|
|    Force the line to be a local line with no need for carrier
| 	 detect. This can be useful when you have a locally attached
| 	 terminal where the serial line does not set the carrier detect
| 	 signal.
`----

Reported-by: Craig McQueen <craig.mcqueen@beamcommunications.com>
(From OE-Core rev: a899c362be71cb7b94bd318c57702446b017005c)

(From OE-Core rev: 9936afa01866e1024770b9ad4c378b5ce93e8298)

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Tested-by: Craig McQueen <craig.mcqueen@beamcommunications.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-01-06 14:13:38 +00:00
Paul Eggleton 2658acef69 buildtools-tarball: restore missing git tools
Since the split out of git-perltools, some git tools (such as "git am",
"git send-email" and "git-submodule") have no longer been part of the
buildtools. We need these, so add them back in.

However, adding git-perltools to buildtools triggers perl itself being
brought into buildtools as well, and we don't want that; but we also
don't want to have to hack the git recipe or indeed anything else that
starts depending on perl. Thus, add a dummy package which gets installed
in its place, in a separate package architecture that is only enabled
for buildtools to ensure it doesn't start appearing in place of
nativesdk-perl anywhere else.

Fixes [YOCTO #7033].

(From OE-Core rev: 5b051d65e797624cca3a81fc6f5c924925f3493e)

(From OE-Core rev: 1f7651763e48d5d3d661987997dc6edae17a8718)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-01-06 14:13:37 +00:00
mike.looijmans@topic.nl 7cacecf444 busybox-mdev: Install missing find-touchscreen.sh
mdev.conf references the find-touchscreen.sh script, but this file
was not being installed. Add the script to the busybox-mdev package.

(From OE-Core rev: 44f6df0dfac54845ef5c3ab1af5663d1b6c1d64b)

(From OE-Core rev: 1734b65056f379b358e70efcdba94e2abb98ce37)

Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-12-31 10:19:07 +00:00
Jonathan Liu 87f7ca2613 systemd: backport patch to fix reading journal backwards
(From OE-Core rev: c0650feb6ce7151a22632bab7270002314a1b6be)

(From OE-Core rev: 97a90102f5834c317c0d0f4b645fdfa410c27e04)

Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-12-31 10:19:07 +00:00
Armin Kuster 37ca92bb2a glibc: CVE 2014-7817 and 2012-3406 fixes
(From OE-Core rev: 41eb5a1ae2a92034bed93c735e712d18ea3d9d1d)

(From OE-Core rev: 007144bdfb2dfb10e4b1794799f8b5aa6976266c)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-12-31 10:19:04 +00:00
Wenzong Fan b48b07f1fb coreutils-native: don't install groups
This binary is provided by shadow-native nowadays. Fixes:

  ERROR: The recipe coreutils-native is trying to install files \
    into a shared area when those files already exist. \
    Those files and their manifest location are: \
      .../tmp/sysroots/x86_64-linux/usr/bin/groups \
    Matched in manifest-x86_64-shadow-native.populate_sysroot

To reproduce the errors:

  $ bitbake shadow-native && bitbake coreutils-native

(From OE-Core rev: 113225b93c55d55a330fcca7d9f996ec039fb953)

(From OE-Core rev: 40de12333e05247ff52a5837fd55d61b38af3bf0)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-12-31 10:19:00 +00:00
Jackie Huang 4eab67dda8 util-linux: add switch_root to alternatives list
switch_root is provided by both busybox in /sbin/switch_root and util-linux provides one
in /usr/sbin/switch_root, so move util-linux's to sbin and setup ALTERNATIVE_LINK.

(From OE-Core rev: cac818f0ecd0553b59b967a94766534643fecdf4)

(From OE-Core rev: 812e525ce46c7e4e87ab2e6509376235dd3523df)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-12-31 10:18:58 +00:00
Hongxu Jia 89398c3e07 Revert "busybox : fix do_compile failed on qemumips when DEBUG_BUILD (ICE)"
Since the gcc has resolved this, so we revert the workaround patch.

This reverts commit f026b7a211.

(From OE-Core rev: cfabce81df042121e0b98af92050333b7a284eaa)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-12-31 10:18:58 +00:00
Juro Bystricky 0d65f6c16d eglibc: modified option-groups.h generation
option-groups.h only explicitely #defines options that are enabled.
EGLIBC options are typically pre-processed under the assumption that if
an option is not explicitely defined then it evaluates as 0.
This assumption is correct, but it generates a compiler warning
message each time an undefined symbol is being evaluated.
In order to remove the warnings, each EGLIBC option is now defined
as 1 if the option is enabled or as 0 otherwise.
The consequence is we cannot use #ifdef OPTION_XXX when evaluating
the option, we must always use #if OPTION_XXX.

[YOCTO #7001]

(From OE-Core rev: 7f1bdc331304a61a4836a5752bca210450b6c5b5)

(From OE-Core rev: bce598f21ee9f21228766d4bb19fef21695981da)

Signed-off-by: Juro Bystricky <jurobystricky@hotmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-12-31 10:18:57 +00:00