1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00

1904 Commits

Author SHA1 Message Date
Ross Burton 64a257fa22 gnupg: patch gnupg-native to allow path relocation
GnuPG hard-codes $bindir etc and uses them to find the helper binaries, such as
gpg-agent.  This breaks if gnupg-native is reused from sstate for a different
build directory and GPG signing of packages is required.

Patch in getenv() checks for gnupg-native when returning the hardcoded paths,
and create a wrapper script which overrides GNUPG_BINDIR. There are more paths
that can be overridden, but this one is sufficient to make GnuPG work.

(From OE-Core rev: dfd69ff889ed78bf137116583d8ae351859ee203)

(From OE-Core rev: ddaf41f210f80556eca1d0acaee1e3f9cbf80122)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-24 21:49:51 +00:00
Ross Burton b200094891 curl: actually apply latest CVE patches
(From OE-Core rev: f0394e80a37f1da47042a1aa0487594f390603f9)

(From OE-Core rev: b2ccfeeffc5762648ee6b1f1d05c3cc6f347ed28)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-24 21:45:58 +00:00
Peter Kjellerstedt 92a984b100 apr-util: Trim license info extracted from apu_version.h
Two unrelated lines were extracted from apu_version.h for the license
information.

License-Update: Only extract the relevant part from apu_version.h
(From OE-Core rev: 2edb0f24a13f27b2fae94fb447221ad2ddb924a0)

(From OE-Core rev: 6aebc3a4452d1422cf2ba59dd9b381f89e2fefcc)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-24 21:45:58 +00:00
Peter Kjellerstedt 5398272834 apr: Trim license info extracted from apr_lib.h
Two unrelated lines were extracted from apr_lib.h for the license
information.

License-Update: Only extract the relevant part from apr_lib.h
(From OE-Core rev: 90ab83ecc509c2fdc1f6083d771031decdcaad63)

(From OE-Core rev: f7883a0fae697eefffccd56a45e013f24e20ba5c)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-24 21:45:58 +00:00
Changqing Li 62c0904ed4 curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
(From OE-Core rev: 0f0db9fc8512a0ecd0cdba3304a195cd925a5029)

(From OE-Core rev: b3e92c0c1864cac8c8f6c693ede713a2fc7f2ef5)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-24 21:45:58 +00:00
Peter Kjellerstedt 1a2f356116 curl: Include the complete license information
For some reason, the copyright part was left out of the license
information included in LIC_FILES_CHKSUM, preventing it from being
used in, e.g., documentation to satisfy the requirements of the
license.

License-Update: Include the complete license information
(From OE-Core rev: 390becd2dcf4fe791ec3715a74e34a46bd457e7a)

(From OE-Core rev: 015f65b5c391c75fe96f927a007a8be04db70a63)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-16 16:33:09 +00:00
Zhixiong Chi b949a00e76 curl: CVE-2018-14618
Backport the CVE patch from the upstream
https://github.com/curl/curl/commit/57d299a499155d4b327e341c6024e293b0418243.patch
https://curl.haxx.se/docs/CVE-2018-14618.html
https://nvd.nist.gov/vuln/detail/CVE-2018-14618

(From OE-Core rev: b76903b4b7bfec71be0a8a14e2cab4e2ec852222)

(From OE-Core rev: 4c51e82e43cbcc74d9bcabe24b778aae3cf123ca)

Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-16 16:33:09 +00:00
Grygorii Tertychnyi 3baf63563f curl: extend CVE_PRODUCT
There are both "curl" and "libcurl" CPEs in NVD.
All "curl" CVEs are now missed in the reports.

Hence, switch "CVE_PRODUCT" to a space separated list
of the items.

(From OE-Core rev: 69ff709c2450c42139fd9705e3a74464221ad754)

(From OE-Core rev: 5df0d75fe63a0e1ada396f5ecfa953ac63f65354)

Signed-off-by: Grygorii Tertychnyi <gtertych@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-11-16 16:33:08 +00:00
Richard Purdie 842dc807b7 recipes: Update git.gnome.org addresses after upstream changes
git.gnome.org is no more. It has ceased to be. It's an ex-git.

Please see here:
https://about.gitlab.com/2018/05/31/welcome-gnome-to-gitlab/

Note that gitlab does not support git://, only https:// (and ssh).

[Commit message from Alexander Kanavin]

(From OE-Core rev: 8382cdc0888ca645a44aacaac1155afb8dcde979)

(From OE-Core rev: a6b6af83e344501057b0eb28dce1077992e5a7f3)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup for sumo context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-10-18 11:08:53 +01:00
Armin Kuster 242829e5b6 libcroco: CVE-2017-7961
* CVE-2017-7961
The cr_tknzr_parse_rgb function in cr-tknzr.c in libcroco has an
"outside the range of representable values of type long" undefined
behavior issue, which might allow remote attackers to cause a denial
of service (application crash) or possibly have unspecified other
impact via a crafted CSS file.

CVE: CVE-2017-7961
Ref: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7961
(From OE-Core rev: 9b321cf141c3fa18d5b85f17ffe1710f4555ca49)

Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-10-10 13:26:25 +01:00
Sinan Kaya c8a29e6c81 gnupg: CVE-2018-9234
* CVE-2018-9234
GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key
certification requires an offline master Certify key, which results
in apparently valid certifications that occurred only with access to
a signing subkey.

Affects gnupg <= 2.2.5

CVE: CVE-2018-9234
Ref: https://access.redhat.com/security/cve/cve-2018-9234
(From OE-Core rev: af920831ed1ef607db195372f135cc56e9f53b41)

Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-10-10 13:26:25 +01:00
Sinan Kaya a36165011e sqlite3: CVE-2018-8740
* CVE-2018-8740
In SQLite through 3.22.0, databases whose schema is corrupted
using a CREATE TABLE AS statement could cause a NULL pointer dereference,
related to build.c and prepare.c.

Affects sqlite3 <= 3.22.0

CVE: CVE-2018-8740
Ref: https://access.redhat.com/security/cve/cve-2018-8740
(From OE-Core rev: 0469c075d904026ec37214fb39397bb1cb07ab43)

Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-27 12:17:46 +01:00
Changqing Li 2d1aef0b0d apr-util: fix ptest fail problem
Test suite test_dbm failed after gdbm upgrtade to 13.1,
from 13.1, return value of some function are changed.

* gdbm_fetch, gdbm_firstkey, and gdbm_nextkey behavior

If the requested key was not found, these functions return datum with
dptr pointing to NULL and set gdbm_errno to GDBM_ITEM_NOT_FOUND (in
prior releases, gdbm_errno was set to GDBM_NO_ERROR),

(From OE-Core rev: 0952c190fc6aec333676ce3883e8232fa8595551)

(From OE-Core rev: a8cb9b68e91db42a17bfb54591e3ea91565f9241)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-27 12:17:46 +01:00
Khem Raj d4234f8a2f serf: Fix Sconstruct build with python 3.7
These patches will be needed to build serf on hosts with
python 3.7+

(From OE-Core rev: ab0be544b392bbd6cb1dc91edd5fe8563d7de393)

(From OE-Core rev: ffe1795dc6daf9999e1be858a4e97a4c2cf44526)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-27 12:17:45 +01:00
Yi Zhao 337e750c40 taglib: Security fix CVE-2018-11439
CVE-2018-11439: The TagLib::Ogg::FLAC::File::scan function in
oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause
information disclosure (heap-based buffer over-read) via a crafted audio
file.

References:
https://nvd.nist.gov/vuln/detail/CVE-2018-11439

Patch from:
https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278

(From OE-Core rev: a300c4917b6c22ef039158be7ae92055c35658d4)

(From OE-Core rev: 4b4c663fe048be7e7c39addb022a7ae471c743de)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-27 12:17:45 +01:00
Changqing Li d3e6b9e6f4 libcroco: patch for CVE-2017-7960
(From OE-Core rev: 2539d7334cbe9693ebe68d33c7a97872a1645510)

(From OE-Core rev: 3abf7932e43115cc6f9a1c85a00e6578bb327b9a)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-27 12:17:45 +01:00
Changqing Li b0c32939f2 libexif: patch for CVE-2017-7544
(From OE-Core rev: b25f5e8efbe723520fa6e6311767c35e4cb71859)

(From OE-Core rev: 221e5fca3aa222e67fb6af248a99b2d0f0d1f6a0)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-09-27 12:17:45 +01:00
Jagadeesh Krishnanjanappa 8fcd5a31b9 gnupg: CVE-2018-12020
gpg: Sanitize diagnostic with the original file name.

* g10/mainproc.c (proc_plaintext): Sanitize verbose output.

(From OE-Core rev: f1c0da2bcb0587ac25176db11365d4a2a15b3d30)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-08-29 15:23:51 +01:00
Jagadeesh Krishnanjanappa dfe237a93b libgcrypt: CVE-2018-0495
ecc: Add blinding for ECDSA.

* cipher/ecc-ecdsa.c (_gcry_ecc_ecdsa_sign): Blind secret D with
randomized nonce B.

(From OE-Core rev: e05c9b1be8e852293dfc7026f0e3178c3bc5444d)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-08-29 15:23:51 +01:00
Andre McCurdy b136c92b29 curl: update 7.60.0 -> 7.61.0
https://curl.haxx.se/changes.html#7_61_0

(From OE-Core rev: b26ca91574a88745910d44777bb17ac0616baf3e)

(From OE-Core rev: 99ea485195327fcdd63f682a41a4b340a2fd1dda)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-30 00:02:52 +01:00
Ross Burton d79d44e27f gnutls: use HTTP instead of FTP
HTTP is in general more reliable so use that in the SRC_URI.

(From OE-Core rev: 4f3378e0763a94a5daac7169f498177fc6ef4e75)

(From OE-Core rev: 195f7a1d1a40c341ca6c84232194a565e9daa9d6)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-30 00:02:52 +01:00
Alex Kiernan 96fbd39ba3 bmap-tools: Add python3-fcntl dependency
Add missing python3-fcntl dependency

(From OE-Core rev: 5821db83e5c21a7a85b8675951e4e9c1893e4b26)

(From OE-Core rev: 6aaed231cce829aa6684a7e10c7cf0e8b0504781)

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-19 10:53:52 +01:00
Armin Kuster 0f3409c195 iso-codes: fix SRC_URI
The original FTP server, alioth.debian.org has been permanently taken down by the Debian Project and replaced with salsa.debian.org.

(From OE-Core rev: 565394d69925837c0d6f2140bc9489b68dc39474)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-19 10:53:52 +01:00
Armin Kuster fff93becc6 popt: update SRC_URI
It appears the rpm5.org has been down for some time, switch to fossies

WARNING: popt-native-1.16-r3 do_fetch: Failed to fetch URL http://rpm5.org/files/popt/popt-1.16.tar.gz, attempting MIRRORS if available

(From OE-Core rev: 347ee336dcc94e6fa4e4788117013615b90abd70)

(From OE-Core rev: 9e3bf0ce4ebb885ca0ede0e636d80e032c29e744)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 50804c0663)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-02 11:41:26 +01:00
Changqing Li c029685b18 nettle: do the multilib_header magic for nettle-stdint.h and version.h
add multilib support for this receipe, or it will conflicts in mutlilib setting

(From OE-Core rev: ea618e061fa190e4ae647da6466d074b49940395)

(From OE-Core rev: 5a77f191a451c8592be605020597253b37cea1e9)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c8a1e372f3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-02 11:41:26 +01:00
Ross Burton d62fbd6281 attr/acl: disable make clean
These packages use hand-grown makefiles which don't handle cleans as they can
invoke /usr/bin/gmake directly which may not exist.  Until new upstream releases
are made (which have ported to automake) set CLEANBROKEN to work around this.

[ YOCTO #12775 ]

(From OE-Core rev: eb924bc684f92fc2d806715872667f241e54b365)

(From OE-Core rev: 1ff55b8810ec2ed61dc6b7c73464a97d7088839d)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bd0d7c7ed5)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-02 11:41:26 +01:00
S. Lockwood-Childs 86835a90ef sqlite3: consistent set of features for nativesdk
Enable use of pread() and enable column metadata API for nativesdk builds.
This brings nativesdk in line with target and native builds.

(From OE-Core rev: 7c8b85e1c3d852975cd5961a297aa939bf4c7fe7)

(From OE-Core rev: b476119fb72511fb384600db659c73c9bd6486e8)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 086610faf0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-02 11:41:26 +01:00
Ross Burton 529be09f81 shared-mime-info: fix license statement
The freedesktop.org.xml data and the update-mime-database tool are both GPLv2 as
per COPYING, so change LICENSE to GPLv2.

test-mime-magic.c is LGPLv2+ but we don't install that so isn't relevant.

(From OE-Core rev: 4ca838097c43755e19f8ffc66436f9ad773fcd39)

(From OE-Core rev: a590642af4d0d93b1d380409f45f5ef7e1793466)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-07-02 11:41:25 +01:00
Andre McCurdy 664b1d5379 curl: update 7.59.0 -> 7.60.0
includes:
CVE-2018-1000300	CWE-122: Heap-based Buffer Overflow
CVE-2018-1000301	CWE-126: Buffer Over-read

  https://curl.haxx.se/changes.html#7_60_0

Also refresh 0001-replace-krb5-config-with-pkg-config.patch and drop
configure_ac.patch, which we've apparently been dragging along
unnecessarily for the past 5 years:

  https://github.com/curl/curl/commit/c277bd6ce7069819484eb3dc30b5858735fde377

(From OE-Core rev: 4063c1e4b233b28ae14420a83960fd93b437a4a4)

(From OE-Core rev: 4decc8ca3bd1b6c1c67182782fe6019dc0efc4fa)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-06-15 17:56:57 +01:00
Armin Kuster 3fc84130ca curl: update to 7.59.0
includes:
CVE-2018-1000300	CWE-122: Heap-based Buffer Overflow
CVE-2018-1000301	CWE-126: Buffer Over-read
CVE-2018-1000122	CWE-126: Buffer Over-read
CVE-2018-1000121	CWE-476: NULL Pointer Dereference
CVE-2018-1000120	CWE-122: Heap-based Buffer Overflow

(From OE-Core rev: 4c1ed0a1a265add8d856a6d2c6f04562b975c180)

(From OE-Core rev: 6582a76c990fe068fd37525943403ca9ff9c1d05)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-06-15 17:56:57 +01:00
André Draszik a306bcc427 curl: DEPENDS on libidn2 (not libidn)
Since v7.51.0, libidn2 is the only available option, libidn
support was dropped.
The configure option was renamed as of v7.53.0

Therefore, curl unconditionally tries to build against libidn2,
which in particular is a problem for curl-native, as that might
or might not build against the build-machine's libidn2 now,
which furthermore causes problems when trying to share sstate
between multiple build machines.

We therefore see the following in the config log:
    ...
    checking whether to build with libidn2... (assumed) yes
    ...
    checking for libidn2 options with pkg-config... no
    configure: IDN_LIBS: "-lidn2"
    configure: IDN_LDFLAGS: ""
    configure: IDN_CPPFLAGS: ""
    configure: IDN_DIR: ""
    checking if idn2_lookup_ul can be linked... yes
    checking idn2.h usability... yes
    checking idn2.h presence... yes
    checking for idn2.h... yes
    ...
      IDN support:      enabled (libidn2)
    ...
even though this recipe tries to disable that.

While libidn2 isn't available in OE, this change at least:
* prevents curl-native to silently build against libidn2 if
  that is installed on build machine, even if not requested
* alerts people who use the PACKAGECONFIG option that it's
  not actually doing what they intend to do

(From OE-Core rev: 705eaea991622bdbb2ee83eefa8df8e665e3efe4)

Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-04-07 11:44:50 +01:00
Maxin B. John bb570816ac libcroco: remove duplication in inherit
Since gnomebase class already inherits autotools and pkgconfig,
there is no need to repeat it here.

(From OE-Core rev: 301d153781c7ddb6e38178c56f960e18d62788ab)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-04-05 14:49:07 +01:00
Juro Bystricky 2212687352 libpcre-ptest: skip locale test
If a fr_FR locale is found, it is automatically tested. The test
will fail if the locale is UTF-8, as the test blindly assumes
(and expects) a non-UTF fr_FR locale.
The remedy is to skip the test.

[YOCTO #12215]

(From OE-Core rev: 4cedddb83623c79980b354642dfeaf78218ca4b7)

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-31 09:48:43 +01:00
André Draszik 20e6d8762b ca-certificates: use relative symlinks from $ETCCERTSDIR
update-ca-certificates symlinks (trusted) certificates
from $CERTSDIR or $LOCALCERTSDIR into $ETCCERTSDIR.
update-ca-certificates can call hook scripts installed
into /etc/ca-certificates/update.d. Those scripts are
passed the pem file in /etc/ssl/certs/ that was added or
removed in this run and those pem files are absolute
symlinks into $CERTSDIR or $LOCALCERTSDIR at the moment.

When running update-ca-certificates during image build
time, they thusly all point into the host's file system,
not into the $SYSROOT. This means:
* the host's file system layout must match the one
  produced by OE, and
* it also means that the host must have installed the same
  (or more) certificates as the target in $CERTSDIR and
  $LOCALCERTSDIR

This is a problem when wanting to execute hook scripts,
because they all need to be taught about $SYSROOT, and
behave differently depending on whether they're called
at image build time, or on the target, as otherwise they
will be trying to actually read the host's certificates
from $CERTSDIR or $LOCALCERTSDIR.

This also is a problem when running anything else during
image build time that depends on the trusted CA
certificates.

Changing the symlink to be relative solves all of these
problems. At the same time, we have to make sure to add
$CERTSDIR to SYSROOT_DIRS, so that the symlinks are still
valid when somebody DEPENDS on ca-certificates-native. As
a side-effect, this also fixes a problem in meta-java,
where some recipes (e.g. openjdk-8-native) try to access
certificates from $CERTSDIR to generate the java trustStore
at build time.

Do so.

Upstream-Status: Inappropriate [OE-specific]
(From OE-Core rev: 09bb7718d74573be9a5db4d0737fb14126f6489c)

Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-31 09:48:42 +01:00
Khem Raj 9280c47662 nss: Use snprintf in sign.c
Fies security warnings
| sign.c:86:31: error: 'sprintf' may write a terminating nul past the end of the destination [-Werror=format-overflow=]
|          sprintf(fullfn, "%s/%s", tree, tempfn);

(From OE-Core rev: 7171e96f3a5f54c63674cf5282aea31bcb9cd7f9)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-30 00:31:18 +01:00
Armin Kuster 697e36fb75 nspr: update to 4.19
patch 0001-include-stdint.h-for-SSIZE_MAX-and-SIZE_MAX-definiti.patch remove
as it is included in update

(From OE-Core rev: 3f203582ac646f96e6b86ec4b19721e7a78d55f8)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-30 00:31:18 +01:00
Armin Kuster a5463fc07f nss: update to 3.35
(From OE-Core rev: d136548ad7aef23021eac6af2ffc6317f36bd1c5)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-30 00:31:18 +01:00
Mikko Rapeli 1fe6ca8206 ca-certificates: change SRC_URI from Debian anonscm to salsa
Debian anonscm service in Alioth is shutdown and thus
fetching ca-certificates sources fails.

https://wiki.debian.org/Alioth

"Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information."

(From OE-Core rev: fc20ff2003cee7ee3b78ba3bc236a60a8caabc35)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-28 12:09:52 +01:00
Alexander Kanavin f2103873bd ca-certificates: run postinst script only for -target package
Nativesdk package has a special arrangement where the same thing is done
in do_install(). It was assumed (in the comment) that postinsts don't run when
installing nativesdk packages, but this was incorrect: they are run, but
any failures were previously silently ignored. Now this missing failure reporting has
been fixed, and so we get to see the failures.

(From OE-Core rev: 8ebb695c1429f8d57d655072a362a4f176258699)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-20 09:59:31 +00:00
Zhang Xiao 508ab8b836 libgpg-error: Fix multilib header conflict - pg-error.h and gpgrt.h
Header file conflict between 32-bit and 64-bit versions.

(From OE-Core rev: 66b0f977cc1809616b78939f8096330e7c8a94de)

Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-15 06:27:19 -07:00
Ross Burton 5e9bd58874 attr: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

(From OE-Core rev: 9a0465bd26a8359c8b432595589a13f295f2de2d)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-11 06:27:01 -07:00
Ross Burton 016c527bed libunwind: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

(From OE-Core rev: 268186429d10047796a4801baf95ae8a8f722658)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-11 06:27:01 -07:00
Khem Raj a3e8538a38 liburcu: Explicitly add pthread options to cflags
Some architectures e.g. riscv gcc does not add -D_REENTRANT
when enabling pthreads. Help it here by adding these options
while gcc gets fixed

(From OE-Core rev: 784f4418259fe441060c134a7dcf305f4e0d4e2d)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-11 06:26:59 -07:00
Ross Burton 438685084d libksba: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

(From OE-Core rev: f413ae03a61ad8593cc3c0dda11f2bb02cd96c25)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-09 09:17:02 -08:00
Ross Burton aa0c57f6a5 libffi: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

(From OE-Core rev: 7ae4ce08071c02beaf09675c2c1ed70617b797dd)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-09 09:17:02 -08:00
Ross Burton 63fe020e5e gnutls: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

(From OE-Core rev: ca9c8fe634ca91fe1825fae7ebb0d00021ca480b)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-09 09:17:02 -08:00
Ross Burton c43ff6a8b2 gmp: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

(From OE-Core rev: 9adf817a638229d69d866fd6f8f48ee23caa6864)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-09 09:17:02 -08:00
Ross Burton d1b6e1892d libical: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

(From OE-Core rev: 91e54d9967d8237abf0cc9aab408bad9bbb4c0b7)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-09 09:17:02 -08:00
Ross Burton e109e6bd7f nspr: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

(From OE-Core rev: 684a2533a2b25b900e12f7da912a2c729d60b69d)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-09 09:17:02 -08:00
Ross Burton 00cb0ff014 serf: refresh patches
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.

Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450).  This is obviously bad.

We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.

(From OE-Core rev: e88a184fbefa69233e0cc86134808bce7b06d6cf)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2018-03-09 09:17:02 -08:00