* EXTRA_LDFLAGS isn't defined for !uclibc and configure fails
when it reads it unexpanded, see config.log snippet:
configure:4177: checking whether the C compiler works
configure:4199: i586-oe-linux-gcc -m32 -march=i586 --sysroot=/OE/sysroots/qemux86 -O2 -pipe -g -feliminate-unused-debug-types -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed ${EXTRA_LDFLAGS} conftest.c >&5
i586-oe-linux-gcc: error: ${EXTRA_LDFLAGS}: No such file or directory
configure:4203: $? = 1
configure:4241: result: no
(From OE-Core rev: fd6418949249be252e4831ecf88f84297f81eaeb)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Backported from OpenEmbedded Dizzy branch, commit
c8f9b5c9a8e5179c2013f25decd6a5483df9c716.
Signed-off-by: Jens Rottmann <Jens.Rottmann@ADLINKtech.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ownership needs to be explicitly set otherwise it inherits the user
and group id of the build user.
(From OE-Core rev: 0752c79282b1cc9699743e719518e6c341d50a3a)
(From OE-Core rev: e64cee7ccf9dedbadc3a63e4ed3eb15172ef4403)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Conflicts:
meta/recipes-core/systemd/systemd_219.bb
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The includes two CVE fixes:
CVE-2012-3406
CVE-2014-7817
(From OE-Core rev: fed4d140da67fc51d54b02df83882177f6ddab10)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.
PoC:
(From OE-Core rev: 2590eb53a6dac90cba52edd09ea56a6bdf4c4533)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
x32 builds where broken due to patch rebase not having been done correctly for
this patch
(From OE-Core rev: a2966949e68bbdce8d0a0fd5946d078b84ae63e9)
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If we touch both files, we can end up in a situation where magic.h should be
rebuilt and isn't. The easiest fix is not to touch the generated files which
ensures the timestamps are such that it is always rebuilt.
(From OE-Core rev: ece58a88ef905e42de4b8b690106b553ccaa9f30)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Security update, some patches modified to apply correctly mostly due to
upstream changing indentation/styling
* configure-targets.patch updated
* fix-cipher-des-ede3-cfb1.patch updated
* openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated
* openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no
merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream
(From OE-Core rev: 248dec5e550cfcaaaa479a5bff9b79ba5cd0765d)
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Similar to commit 4569d74 for create_wrapper function, this commit fixes
hardcoded absolute build paths in create_cmdline_wrapper.
Otherwise we end up with incorrect paths in users of this function. For
example the 'file' wrapper in current released toolchain:
exec -a
/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-fsl-arm/build/build/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-file/5.18-r0/image//opt/poky/1.7.1/sysroots/x86_64-pokysdk-linux/usr/bin/file
`dirname $realpath`/file.real --magic-file
/opt/poky/1.7.1/sysroots/x86_64-pokysdk-linux/usr/share/misc/magic.mgc
"$@"
(From OE-Core rev: 49ab89eb9f83388e99069a4b53bdc4cba22bb6f3)
(From OE-Core rev: 8503dee5a42fc0dc6dc6c79ce316aba1c91da6d1)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sometimes you do not want certain packages to be installed when
installing complementary packages, e.g. when using dev-pkgs in
IMAGE_FEATURES you may not want to install all packages from a
particular multilib. This introduces a new PACKAGE_EXCLUDE_COMPLEMENTARY
variable to allow specifying regexes to match packages to exclude.
(From OE-Core master rev: d4fe8f639d87d5ff35e50d07d41d0c1e9f12c4e3)
(From OE-Core rev: 5e92eb11cdf1dd06a3e2ca015f1aebaace321acd)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The newer btrfs-utils needs an empty file to build the filesystem in, so
create an empty file and use it for the mkfs to build the fs in.
[YOCTO #6804]
(From OE-Core rev: afc44fad44261677c799558ffd35f4908556bce0)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* until now all recipes were respecting VIRTUAL-RUNTIME_initscripts
variable but commit bba835fed88c3bd5bb5bd58962034aef57c408d8
hardcoded "initscripts" runtime dependency
(From OE-Core rev: 1cda75706d63c988a0fa9945bd320b71c8e8488a)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Using the export LD in the recipe does not allow for secodnary toolchain
overriding LD later, by setting it in the do_configure_append the export
is used by autotools setting LD based on the env, but would allow for
override later.
[YOCTO #6997]
(From OE-Core rev: 9b37e630f5f6e37e928f825c4f67481cf58c98a1)
(From OE-Core rev: b38f33c96b31c807306dd8b2d7b25cf8fad21026)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssh/openssh_6.5p1.bb
resolvconf was missing a script and needed readlink which was in
/usr/bin. Also the /etc/resolv.conf was not being correctly linked
to /etc/resolvconf/run/resolv.conf, which is fixed by the volaties
change which is now a file as opposed to created in do_install.
Ensure that the correct scripts for ifup/ifdown get installed and that
resolvconf is correctly enabled at startup
[YOCTO #5361]
(From OE-Core rev: 853e8d2c7aff6dddc1d555af22f54c4ecef13df1)
(From OE-Core rev: cb3c7cfe00e96580db5aedc7f7c0970378ab3c6e)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/resolvconf/resolvconf_1.74.bb
Bumping the meta SRCREV for the following fix:
[
The default watchdog behaviour is to stop the timer if the process
managing it closes the file /dev/watchdog. The system would not reboot
if watchdog daemon crashes due to a bug in it or get killed by other
malicious code. So we prefer to enable nowayout option for the
watchdong. With this enabled, there is no way of disabling the watchdog
once it has been started. This option is also enabled in the predecessor
of this BSP (beagleboard)
]
[YOCTO: 3937]
(From OE-Core rev: 7006412c285a4a6c75d5349f60dc71b0b735ff90)
(From OE-Core rev: f34de2175f1d6a443f219b8ceaaf796cfbc6efd5)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport commit 69a3ab3 to 'daisy' which uses a different version of
file package.
Author of the original patch: Hongxu Jia <hongxu.jia@windriver.com>
(From OE-Core rev: 4bd4da1e1433ae64720f59d48188ecd1960dac28)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libarchive's configure script looks for ext2fs/ext2_fs.h in order to use
some defines for file attributes support if present (but doesn't link to
any additional libraries.) There is no configure option to disable this,
and if e2fsprogs is rebuilding between do_configure and do_compile you
can currently get a failure. Because it doesn't need anything else from
e2fsprogs, and e2fsprogs isn't currently buildable for nativesdk anyway,
copy the headers in from e2fsprogs-native which we're likely to have
built already (and add it to DEPENDS just to be sure we have.)
Fixes [YOCTO #6268].
(From OE-Core master rev: ad754e46ad477acfbe7543187a5c38bc333b8612)
(From OE-Core rev: 7504c2e715d675775e166a52ae83cf48504add19)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If DISTRO_FEATURES contains "largefile", force the size of off_t to 8 as
a workaround for having ac_cv_sizeof_off_t=4 on 32-bit systems. In
future we will likely drop the value from the site file, but for now
this is a slightly safer fix.
Fixes [YOCTO #6813].
(From OE-Core master rev: a8216030ee6c65531de8fbf3eed878a345a94edc)
(From OE-Core rev: 94483eff5d0858ef1b5a8850268aa6a7bc6e6463)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tell systemd just to kill the sshd process when the ssh connection drops
instead of the entire cgroup for sshd, so that any screen sessions (and
more to the point, processes within them) do not get killed.
(This is what the Fedora sshd service file does, and what we're already
doing in the dropbear service file).
(From OE-Core master rev: 3c238dff41fbd3687457989c7b17d22b2cc844be)
(From OE-Core rev: 6e6aeb7cca52b92a0c8013473e2b8bb18738a119)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.
(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)
(From OE-Core rev: 13bb2ee98cfd159455e459501dda280a78cb5a3b)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)
(From OE-Core rev: dbbda31ca0a29c930f3078635ae7c5a41d933b58)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-support/curl/curl_7.35.0.bb
This uprevs pseudo to 1.6. This merges in all of the existing
fixes, and also adds partial support for extended attributes,
including storing arbitrary extended attributes in the database,
and also interpreting the posix permissions ACLs as chmod
requests.
The extended attribute support means we need xattr.h, the simplest
way to be sure of this is to build attr before pseudo, which doesn't
take long.
(From OE-Core rev: 606793e7b5c129654f317e5bec9ed7f083d3383d)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
pseudo 1.6.2 fixes problems with 64-bit inodes and some underlying issues
involving file renames that could occasionally cause very strange behaviors
files being deleted, linked, or renamed, mostly observed as strange
recovery if an inode got reused.
(From OE-Core rev: b2c6a032d6e5deb07e76ed75fcd0931fad6a748c)
(From OE-Core rev: c2e56d7da8c7df330869babac198678b33eb3802)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-devtools/pseudo/pseudo_1.6.2.bb
meta/recipes-devtools/pseudo/pseudo_git.bb
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x
and possibly other products, allows local users to obtain private RSA
keys via a cache side-channel attack involving the L3 cache, aka
Flush+Reload.
Patch from commit e2202ff2b704623efc6277fb5256e4e15bac5676 in
git://git.gnupg.org/libgcrypt.git
(From OE-Core rev: 0692743b51f7daa0154fd4d8982236b4702ea2da)
Signed-off-by: Yong Zhang <yong.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This address the latest set of CVE issues
(From OE-Core rev: 461e598815f8749bb26e97369e3b877f7ce749cf)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2
allows remote attackers to have an unspecified impact via crafted H.264
data, related to an SPS and slice mismatch and an out-of-bounds array
access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0869
(From OE-Core rev: 9d0fe8f47e360ad09d4a20144da96576dd4bf82f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Conflicts:
meta/recipes-multimedia/gstreamer/gst-ffmpeg_0.10.13.bb
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie
Martin Jansa
Jonathan Liu
Armin Kuster
Sona Sarmadi
Brendan Le Foll
Javier Viguera
Paul Eggleton
Saul Wold
Chong Lu
Bian Naimeng
Bruce Ashfield
Alejandro Hernandez
Peter Seebach
Kai Kang
Yue Tao