1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00

3560 Commits

Author SHA1 Message Date
Konrad Weihmann bc319fd044 cve-update: handle baseMetricV2 as optional
Currently in NVD DB an item popped up, which hasn't set baseMetricV2.
Let the parser handle it as an optional item.
In case use baseMetricV2 before baseMetricV3

(From OE-Core rev: 77f119baf6f4b85194a9b26d8442ddc7fb3bb97c)

(From OE-Core rev: 4cee5c4bc74edde48fe19ec11c78f6c598cf08b6)

Signed-off-by: Konrad Weihmann <kweihmann@outlook.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:10 +01:00
Jeremy Puhlman 5158b599a9 buildtools-extended-tarball: add nativesdk-libxcrypt-dev
virtual/crypt-native is assume provided in bitbake.conf, so
buildtools-extended-tarball shoud provide crypt since it doesn't
use the host's headers/libraries.

[YOCTO #13714]

(From OE-Core rev: da948b25d5ef452fb35275d108e18d2a2829f4fb)

(From OE-Core rev: bc42406d83310398bc4d4db4244252411eff117d)

(From OE-Core rev: 6f6d7278358b042aca3e911aefd0d6128480f32d)

(From OE-Core rev: e1b5cab5cf65df4310b63826690a12ea7083e192)

Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Richard Purdie 47724b354a glibc: Update nativesdk locale relocation patch
The locale binary reported incorrect locale lists in relocated toolchains
as some path references were not relocated by this patch. Fix this missing
relocations so the locale binary correctly reports the locales.

(From OE-Core rev: f7a6a72880009380ae81bc7fc863921a26811c8c)

(From OE-Core rev: e4c4337e642f565e9988a4a2c50a995090d1f49e)

(From OE-Core rev: c9e8b7a40b2628331c7cb564aa3f3d9e1822fe36)

(From OE-Core rev: a41c008eb12004ec8938c03dbc495e07c77d45a6)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Jeremy Puhlman bdf9be3ebb buildtools-tarball: add nativesdk-python
(From OE-Core rev: 6467eb4461f3cab16cab2ba63154c92fc2adacef)

(From OE-Core rev: 848c61a07f691638fa529bbe0f0ff1dfded4a967)

(From OE-Core rev: afa4cacff186f28d6a4c4246d1e5caf0aa6938e9)

Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Steve Sakoman 4f3b564ce4 buildtools-tarball: export OPENSSL_CONF in environment setup
The autobuilder has been experiencing SSL: CERTIFICATE_VERIFY_FAILED
errors during error report uploads when using buildtools due to looking
for certs in /opt/poky

(From OE-Core rev: 197f1d5d14b8e57295f5a81c03c86abba5328614)

(From OE-Core rev: 35c6ab2501672083cf8b974d8b9c3daa3202de36)

(From OE-Core rev: 0cb479a5e99289b75e89b2ed5058f33605f15936)

(From OE-Core rev: f96a3082a0822106dfed73d55117552ccff5734f)

Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Liwei Song ceef407f00 buildtools-tarball: export OPENSSL_CONF for openssl
export OPENSSL_CONF to aviod SDK openssl can not find openssl.cnf.

(From OE-Core rev: 0aaf3dd17dcde959e9c0d62543cb91c9b33551b4)

(From OE-Core rev: 63d8569b2c9f66e8123e2672a7f8fb8e7cc1f0b4)

(From OE-Core rev: e733a5f3b0e3c3b8a830db5ae99b3fc6b7e56921)

(From OE-Core rev: 22dd23e3d6c4ee2066198fb91554bbe00a582db0)

Signed-off-by: Liwei Song <liwei.song@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Jeremy Puhlman 0e3bb6019d buildtools-extended-tarball: Add libstc++.a
Builds like native-openjdk, really wants a to link
some tools against the static version. Since when
using the extended tarball, its the only place to
get it, add the library.

(From OE-Core rev: 59c4a3fdbbfd5a6aaba7e0a1675dcd5866a7f3a4)

(From OE-Core rev: 152709dec03bbac582ca63b65f2efb835e0b33fb)

(From OE-Core rev: 5e3664e5f9a0dde07b0f8a56cdce1321456abaa5)

(From OE-Core rev: 2cbc936110f1a5d9532b47439b6da1b12caa307b)

Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Tim Orling 9fbf615baa nativesdk-buildtools-perl-dummy: add dependencies for autoconf and automake
* For buildtools-extended-tarball, where we are adding all of build-essentials
  to the nativesdk, we need additional perl modules for autoconf and automake.

(From OE-Core rev: f0f766160663407ea7683d31bbf5f011accc9ba2)

(From OE-Core rev: e7ade58a7da52ebb40120020dd86dd3ae9b2148e)

(From OE-Core rev: ed9d60fb5d471b4ec472088cc9307fd8575b187a)

(From OE-Core rev: 1276b895008919f510f609d8da4a157d47f09c48)

Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Richard Purdie 6b8c4f7cdf buildtools-extended-tarball: Add locale command
The eSDK installation code checks installed locales with the locale command which is
from glibc-utils. Add this so that we find the correct locales from the buildtools.

(From OE-Core rev: 7d35e4bc6ff94a2d03c48827d7d60a6855c9029d)

(From OE-Core rev: d99b6432decec0964ac0e08698abc782c9b114f5)

(From OE-Core rev: 3562a6848aa3e866ad8e2d3caed3211971817234)

(From OE-Core rev: 76227185faedc0946f2b69a8cfe4286f6e5355d9)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Richard Purdie 9055290590 buildtools-tarball: Add an ld.so.conf for nativesdk-binutils
We need to search our own libdirs, then fall back to the system ones as our
customised dynamic loader will. Have ld.so.conf reflect that.

This ensures that binutils finds libraries here when linking too.

(From OE-Core rev: ab729c362684474a8346e5256d636200826feb47)

(From OE-Core rev: 8de0aee6befc0541fa40563f63dfe1cc36f064fe)

(From OE-Core rev: d7894d3578d9e97185b4a326c346a3fbb6936ab6)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Tim Orling d6c572cd48 buildtools-extended-tarball: add recipe with build-essentials
* For some aging distros, such as CentOS 7, the native version
  of gcc is simply too ancient and is a constant source of
  headaches for moving forward.

* Add an extended version of buildtools-tarball which adds all
  of build-essential, so that the host is now modernized and
  capable of compiling the latest versions of components.

Fixes [YOCTO #13714]

(From OE-Core rev: f0377af2325613b63716b0bb4db1ab253d79f388)

(From OE-Core rev: bb4979f0e8367b475cc9a5274933a61bb0eb64b3)

(From OE-Core rev: f492e172e133a4b52dbe818d806cab783204e575)

(From OE-Core rev: 4b23c235bdf29cc45ab084e6fdce8cba3ce7fce2)

Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2020-09-16 13:35:09 +01:00
Ross Burton 3de2aeb687 glibc: finish incomplete fix for CVE-2016-10739
Somehow the patch for this CVE only included one of the four required patches.

(From OE-Core rev: e7ed139e48b683ebe3e6863886e712998aaa239c)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-12-16 23:11:10 +00:00
Ross Burton 3091533130 cve-update-db-native: clean up proxy handling
urllib handles adding proxy handlers if the proxies are set in the environment,
so call bb.utils.export_proxies() to do that and remove the manual setup.

(From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434)

(From OE-Core rev: aa197b91e1770925ae1a31ee7334b593bfcdc9e3)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-12-16 23:11:10 +00:00
Ross Burton 7da85f3a88 cve-update-db-native: add an index on the CVE ID column
Create an index on the PRODUCTS table which contains a row for each CPE,
drastically increasing the performance of lookups for a specific CVE.

(From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e)

(From OE-Core rev: 27ee95bd1ec2076509cfc2230eadb876fb35d6c2)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-12-16 23:11:10 +00:00
Ross Burton bc70e97a88 cve-update-db-native: don't hardcode the database name
Don't hardcode the database filename, there's a variable for this in
cve-check.bbclass.

(From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab)

(From OE-Core rev: 29cc2b5cd4bcce1c9e93395a1640014877486d7a)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-12-16 23:11:10 +00:00
Ross Burton d5ef4072e8 cve-update-db-native: don't refresh more than once an hour
We already fetch the yearly CVE metadata and check that for updates before
downloading the full data, but we can speed up CVE checking further by only
checking the CVE metadata once an hour.

(From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a)

(From OE-Core rev: 091a35cfbd2f3e82a7783ba9c8fd5586433ba59f)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-12-16 23:11:10 +00:00
Ross Burton 593fe7e352 cve-check: backport rewrite from master
As detailed at [1] the XML feeds provided by NIST are being discontinued on
October 9th 2019.  As cve-check-tool uses these feeds, cve-check.bbclass will be
inoperable after this date.

To ensure that cve-check continues working, backport the following commits from
master to move away from the unmaintained cve-check-tool to our own Python code
that fetches the JSON:

546d14135c5 cve-update-db: New recipe to update CVE database
bc144b028f6 cve-check: Remove dependency to cve-check-tool-native
7f62a20b32a cve-check: Manage CVE_PRODUCT with more than one name
3bf63bc6084 cve-check: Consider CVE that affects versions with less than operator
c0eabd30d7b cve-update-db: Use std library instead of urllib3
27eb839ee65 cve-check: be idiomatic
09be21f4d17 cve-update-db: Manage proxy if needed.
975793e3825 cve-update-db: do_populate_cve_db depends on do_fetch
0325dd72714 cve-update-db: Catch request.urlopen errors.
4078da92b49 cve-check: Depends on cve-update-db-native
f7676e9a38d cve-update-db: Use NVD CPE data to populate PRODUCTS table
bc0195be1b1 cve-check: Update unpatched CVE matching
c807c2a6409 cve-update-db-native: Skip recipe when cve-check class is not loaded.
07bb8b25e17 cve-check: remove redundant readline CVE whitelisting
5388ed6d137 cve-check-tool: remove
270ac00cb43 cve-check.bbclass: initialize to_append
e6bf9000987 cve-check: allow comparison of Vendor as well as Product
91770338f76 cve-update-db-native: use SQL placeholders instead of format strings
7069302a4cc cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELIST
78de2cb39d7 cve-update-db-native: Remove hash column from database.
4b301030cf9 cve-update-db-native: use os.path.join instead of +
f0d822fad2a cve-update-db: actually inherit native
b309840b6aa cve-update-db-native: use executemany() to optimise CPE insertion
bb4e53af33d cve-update-db-native: improve metadata parsing
94227459792 cve-update-db-native: clean up JSON fetching
95438d52b73 cve-update-db-native: fix https proxy issues
1f9a963b9ff glibc: exclude child recipes from CVE scanning

[1] https://nvd.nist.gov/General/News/XML-Vulnerability-Feed-Retirement

(From OE-Core rev: 8c87e78547c598cada1bce92e7b25d85b994e2eb)

(From OE-Core rev: beeed02f9831e75c3f773e44d7efc726f1ff859c)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-12-16 23:11:10 +00:00
Richard Purdie 51f6145f8f build-appliance-image: Update to thud head revision
(From OE-Core rev: cd7cf933b3235560ec71576d8f3836dff736a39f)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-10-17 16:45:38 +01:00
Richard Purdie 47925dc5f9 build-appliance-image: Update to thud head revision
(From OE-Core rev: bace400528115927ed0efa3cd941c9f9f128a555)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-10-15 16:53:51 +01:00
Muminul Islam 7e20a2238c glibc: Security fix for cve <CVE-2019-6488, CVE-2019-7309>
(From OE-Core rev: d68441ed80fd43f091baf01bfdb47c3ec010c662)

Signed-off-by: Muminul Islam <muislam@microsoft.com>

CVE: CVE-2019-6488, CVE-2019-7309

Upstream-Status: Backport
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-10-15 15:54:00 +01:00
Andrii Bordunov via Openembedded-core 9da2eb4bef glib-2.0: fix CVE-2019-13012
(From OE-Core rev: 51f7ecf2259e1fb669cd84c5317cbd8810d731b7)

Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-10-08 22:52:28 +01:00
Andrii Bordunov via Openembedded-core fe27c50545 dbus: fix CVE-2019-12749
(From OE-Core rev: 144363decc922ed03a584eb9b29cf9808a469d08)

Signed-off-by: Kevin Weng <t-keweng@microsoft.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-10-08 22:52:28 +01:00
Richard Purdie cb26830f76 build-appliance-image: Update to thud head revision
(From OE-Core rev: d3d3f443039b03f1200a14bfe99f985592632018)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-08-01 11:58:15 +01:00
Anuj Mittal d49de3810a expat: fix CVE-2018-20843
(From OE-Core rev: aad245ea1c55f8e778ae3420c5c31e94301e7cba)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-29 23:50:43 +01:00
Armin Kuster a51a3b1c82 glib: Security fix for CVE-2019-9633
Source: gnome.org
MR: 98802
Type: Security Fix
Disposition: Backport from https://gitlab.gnome.org/GNOME/glib/commit/d553d92d6e9f53cbe5a34166fcb919ba652c6a8e
ChangeID: b73c332f27f47ddc1b1cfd7424f24778acc0c318
Description:

includes supporting patch.
Fixes CVE-2019-9633

(From OE-Core rev: 3ebf0fc043b6c9b6c2381dab893b54ebcb8ac13d)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-27 18:05:18 +01:00
Ross Burton 45e662b445 glibc: backport CVE fixes
Backport the fixes for several CVEs from the 2.28 stable branch:
- CVE-2016-10739
- CVE-2018-19591

(From OE-Core rev: 950a60c0e4183037a807031ddc9167b1a81a5348)

Signed-off-by: Ross Burton <ross.burton@intel.com>
[Dropped CVE-2019-9169 as its in my contrib already]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-27 18:05:18 +01:00
Armin Kuster f2d2148adb glib-2.0: Security fix for CVE-2019-12450
Source: glib-2.0
MR: 98443
Type: Security Fix
Disposition: Backport from https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174
ChangeID: 880b9b349cb8d82c7c1314a3657ec9094baba741
Description:

(From OE-Core rev: 71bfb9dfdc806e0e95f1302d0d6c3c751f03bb4b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-27 18:05:18 +01:00
Armin Kuster 14d23c29a2 busybox: Security fixes for CVE-2018-20679 CVE-2019-5747
Source: busybox.git
MR: 97332
Type: Security Fix
Disposition: Backport from busybox.git
ChangeID: ec203c79e7322de1ed5721d08b6f59b1eca67c7d
Description:

Affects < 1.30.0

Fixes:
CVE-2018-20679
CVE-2019-5747

(From OE-Core rev: 7db146abad6d2bbb7d7a549e7091412e0e494db2)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-27 18:05:18 +01:00
Armin Kuster 2c225a199d glibc: Security fix CVE-2019-9169
(From OE-Core rev: 3103f407ff0c579c7e5887fd925d52d5c92c83f9)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-07-27 18:05:17 +01:00
Aditya Tayade 6a6756f46a run-ptest: use error handling for useradd and userdel
Error handling in shell scripts is too easy to forget and
get wrong. It is possible to check every external command
for return values but it is better to use a generic setting
which halts execution of the script on any failures.

Upstream-Status: Pending
(From OE-Core rev: ca415c4250e32e9430a13b9edf7b308637ce597f)

Signed-off-by: Aditya Tayade <Aditya.Tayade@kpit.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-05-22 00:31:48 +01:00
Ross Burton fe415144db zlib: clean up ptest
Instead of patching and sedding the makefile, just install test/example and
execute it in run-ptest.  example is the bulk of the test suite, as minimal as
it is.

(From OE-Core rev: 9088a78e78f70721b2aa6bdbdf055551d5bd0265)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-05-22 00:31:48 +01:00
Ross Burton f1add4b50e zlib: cleanup
Drop remove.ldconfig.call.patch, as it's easier to just set LDCONFIG=true.

Pass uname=GNU via the documented configure option instead of undocumented
environment variable.

Rename zlib-1.2.11/ to just zlib/ as we don't ship multiple versions.

Send ldflags-tests.patch upstream and update Upstream-Status.

(From OE-Core rev: 9535dc7c6dc185defac2cad6a2733621c42420b7)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-05-22 00:31:48 +01:00
Khem Raj 1b57d8c575 glibc: Drop upstream rejected patches
These patches were applied, hoping that they will eventually be accepted
upstream but they have been rejected, I think its best that they are
dropped so we can avoid novel unintended behaviours that no other
distros will be seeing

(From OE-Core rev:54550aa42378ce4b215bccbfd95e5e650b0d2efa)

(From OE-Core rev: dc2238b268d48b4e62a795a4f6b257efc298e2b2)

Signed-off-by: Jonathan Rajotte <jonathan.rajotte-julien@efficios.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-05-22 00:31:47 +01:00
Richard Purdie faeb366bc3 build-appliance-image: Update to thud head revision
(From OE-Core rev: 45032e30be70503faeee468159b216031b729309)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-03-27 23:22:57 +00:00
Richard Purdie 9dfebdaf7a build-appliance-image: Update to thud head revision
(From OE-Core rev: afb96dc9ecf15ecb89c749271c7f48d3f8048a02)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-03-26 15:55:32 +00:00
Chen Qi 2f467d8e9b target-sdk-provides-dummy: add more perl modules to avoid populate_sdk failure
When 'adduser' package, which is from meta-perl layer, is added to rootfs,
we will get do_populate_sdk failure like below.

Error:
 Problem: package perl-module-cwd-5.24.4-r0.core2_64 requires perl-module-dynaloader, but none of the providers can be installed
   - package perl-module-file-temp-5.24.4-r0.core2_64 requires perl-module-cwd, but none of the providers can be installed
   - package perl-module-dynaloader-5.24.4-r0.core2_64 requires perl-module-config, but none of the providers can be installed
   - package adduser-3.118-r0.core2_64 requires perl-module-file-temp, but none of the providers can be installed
   - package target-sdk-provides-dummy-1.0-r0.sdk_provides_dummy_target conflicts with perl provided by perl-5.24.4-r0.core2_64

This is because adduser depends on some perl modules which are not
listed in target-sdk-provides-dummy.

So add these perl modules to avoid such failure.

(From OE-Core rev: 1b12c176827c2d0cbb7867da73efac56826036ed)

(From OE-Core rev: 07eb2b7c56d3d2d1d435c16079c7badc1870d0c5)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-03-24 16:48:38 +00:00
George McCollister 39bc9d5f23 systemd: fix CVE-2019-6454
Apply patches from systemd_239-7ubuntu10.8 to fix CVE-2019-6454.
CVE-2019-6454 is an issue in which systemd (PID1) can be crashed with a
specially formed D-Bus message.

For information see:
https://usn.ubuntu.com/3891-1/
https://git.launchpad.net/ubuntu/+source/systemd/commit/?id=f8e75d5634904c8e672658856508c3a02f349adb

(From OE-Core rev: 9d2ec5970adfc906fcc4581528321a879953fd55)

(From OE-Core rev: 81199a83c5e5c4a107a025403bc0a79157ba6630)

Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-03-24 16:48:38 +00:00
Richard Purdie d693d371a6 systemd: Update recent CVE patches
* Added CVE tag, Upstream-Status tag and Sign-off-by tags.
* Removed the verification of the entry length in the header
* Squashed CVE-2018-16865 patches into one
* CVE-2018-16866 patch now taken from systemd-stable and includes
  an additional heap buffer overflow fix.

(From OE-Core rev: bc79395e2fcb886f224a4ad837fd93c779d2c53d)

(From OE-Core rev: 554a65619c45fec24f1790792de2db12a098bd80)

Signed-off-by: Marcus Cooper <marcusc@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-03-24 16:48:38 +00:00
Richard Purdie 7fc2c193b2 target-sdk-provides-dummy: Extend to -dev and -src packages
This avoids errors when running populate_sdk under opkg:

 * Problem 1/1:
 *   - package busybox-dev-1.30.1-r0.core2-64 requires busybox = 1.30.1-r0, but none of the providers can be installed
 *
 * Solution 1:
 *   - allow deinstallation of target-sdk-provides-dummy-1.0-r0.sdk-provides-dummy-target

 * Solution 2:
 *   - do not ask to install a package providing busybox-dev

(From OE-Core rev: 29ea8bdf67829d296ae4755b919f8af828a9a235)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 33d2cde3be4d25389cbea07064ffbc7b2f74273e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-03-24 16:48:38 +00:00
André Draszik 85bf473981 systemd: RDEPENDS on util-linux-umount
It looks like there is an implicit dependency on util-linux'
umount - as otherwise when using busybox' umount we see a
long delay on shutdown / reboot.

[YOCTO #13058]

(From OE-Core rev: 39a3d2c603429865af632fe41b2cf32c3dfdfb1d)

(From OE-Core rev: 68056a9f88021ee81e6475d35f2dc67f7436b9a5)

Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-03-24 16:48:38 +00:00
Oleksandr Kravchuk c1dbb55cd6 target-sdk-provides-dummy: add perl-module-overload
(From OE-Core rev: 9c2fbba5fcf377e650d16145c5313f027b5a5c43)

Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-03-24 16:48:38 +00:00
Dustin Bain 4e262fb162 busybox: update to 1.29.3
Updates busybox to version 1.29.3 to fix a bug related to parsing of
config files: 2993551ef ("Revert "libbb: remove unnecessary variable in
xmalloc_fgets"")

Upgrading the recipe was chosen instead of backporting the fix as a
patch because the only difference between version 1.29.2 and 1.29.3 is
this revert.

(From OE-Core rev: 11d4fd16c3d7dad5d7e3b4d44a96724075be7126)

(From OE-Core rev: 1ee1701a01e1bd9146e53613e80ea9185579c719)

Signed-off-by: Dustin Bain <dustin.bain@garmin.com>
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-25 22:27:38 +00:00
Marcus Cooper d5845c8bc1 systemd: Security fix CVE-2018-16866
Affects < v240

(From OE-Core rev: bdee9122fe67467d1ec17012902a441fecb0cb9b)

(From OE-Core rev: 5e4d9fd5b13dd0603d9001b478b0c3170dd81004)

Signed-off-by: Marcus Cooper <marcusc@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-06 16:38:31 +00:00
Marcus Cooper dc09249022 systemd: Security fix CVE-2018-16865
Affects < v240

(From OE-Core rev: 314887a475ae1ac638eb80d973ffee1bd2a31a35)

(From OE-Core rev: d5d2b821fc85b8cf39f683061ac2a45bddd2139f)

Signed-off-by: Marcus Cooper <marcusc@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-06 16:38:31 +00:00
Marcus Cooper db1f6cba40 systemd: Security fix CVE-2018-16864
Affects < v240

(From OE-Core rev: 6900b9cc2cd3e66469a9561bb478b87c0903b0ea)

(From OE-Core rev: 403e74b07b6f3c4a2444e68c74a8434fb17aee49)

Signed-off-by: Marcus Cooper <marcusc@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-06 16:38:31 +00:00
Peter Kjellerstedt 6454aba9dd systemd: Correct a conditional add to SYSTEMD_PACKAGES
The code conditionally adding ${PN}-journal-remote to SYSTEMD_PACKAGE
checked PACKAGECONFIG for an empty string rather than 'microhttpd'...

(From OE-Core rev: 42d52a279a75c94c4deba50b448dd3b6b2ac75df)

(From OE-Core rev: 86de2bff77054bb35b78aeaed8fcf95c6815779c)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-06 16:38:31 +00:00
Peter Kjellerstedt a80485e6a2 systemd: Correct and clean up user/group definitions
This makes sure that packages are only added to USERADD_PACKAGES if
they will create users/groups. This avoids the following error:

  ERROR: systemd_239.bb: meta/recipes-core/systemd/systemd_239.bb
  inherits useradd but doesn't set USERADD_PARAM, GROUPADD_PARAM or
  GROUPMEMS_PARAM for package systemd-journal-gateway

Normally this problem is not triggered even if the conditional code that
expands in, e.g., USERADD_PARAM_${PN}-journal-gateway is empty because
it is assigned with += and thus ends up as " ", which fools the check in
useradd.bbclass.

However, if USERADDEXTENSION += "useradd-staticids" and
INHERIT += "extrausers" are used, they cause the problem to occur. The
reason for this is because when useradd-staticids is used, it rewrites
USERADD_PARAM_${PN}-journal-gateway, which strips unnecessary whitespace
and thus USERADD_PARAM_${PN}-journal-gateway becomes empty. And
extrausers is needed, because otherwise the test in useradd.bbclass is
triggered before useradd-staticids has rewritten the variables...

(From OE-Core rev: 63ae444b1dba65ccb1693648914becabd65ac30d)

(From OE-Core rev: 419aaf698b2823ec9bb5a94d4605bdcfd8e90142)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-06 16:38:31 +00:00
André Draszik afadb9aa51 meta: remove True option to getVar calls (again)
A couple have still been missed in the past despite multiple
attempts at doing so (or simply have re-appeared?).

Search & replace made using the following command:
    sed -e 's|\(d\.getVar \?\)( \?\([^,()]*\), \?True)|\1(\2)|g' \
        -i $(git grep -E 'getVar ?\( ?([^,()]*), ?True\)' \
             | cut -d':' -f1 \
             | sort -u)

(From OE-Core rev: 9f551d588693328e4d99d33be94f26684eafcaba)

(From OE-Core rev: 2da88ecbbf118bb7440f48184d4b39c273ab57e9)

Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-06 16:38:31 +00:00
Alex Kiernan 46d75fd3db systemd: Add PACKAGECONFIG for gnutls
(From OE-Core rev: da0c196cdc4eb74c7517089dc192d6a77227b6e2)

(From OE-Core rev: 1bd93c625fa64cdddc260fdd164cc0d2c5272ee0)

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-06 16:38:31 +00:00
Alexander Kanavin 3f6e5c54f1 systemd: backport a patch to fix meson 0.49.0 issue
(From OE-Core rev: 81ecfbb19ccb5b5241cfdd871d41459bda3dba4d)

(From OE-Core rev: 925113cfa0f2467cd818bd6f2ec9fe372a99bc79)

Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2019-02-06 16:38:31 +00:00