Updated the notes to help the user be sure they have the
right set of documents for the matching YP release.
(From yocto-docs rev: 8e112affb406731ac98f3c2e08542c5049232ff1)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Someone hacked the http://hambedded site or it was moved and some
links to that site in the BB manual had been hijacked to point to
an entry portal for a pornography site. Replaced the link with an
archived version that restores the integrity of the links.
(Bitbake rev: d0a4652fec6d3968b65b4a2776948a7b9e19407e)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For various reasons we need to be able to set and override this from
auto.conf on our test infrastructure. We have tried forcing the variable
but this then breaks other selftests. In the interests of not complicating
things further and needing to modify the tests across releases, weaken
the default assignment.
(From meta-yocto rev: 5eea5239b3172b147bdef8023d1c5a8981d18f7e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since 2017-08-17 (git version 2.14.1.473.g3ec7d702a) using deprecated
git branch parameter "--set-upstream" causes a fetcher error. Replace
it by "--set-upstream-to".
https://git.kernel.org/pub/scm/git/git.git/commit/?id=52668846ea2d41ffbd87cda7cb8e492dea9f2c4d
says, it's deprecated since 2012-08-30 so hopefully all still supported
host distributions have new enough git to support "--set-upstream-to".
ERROR: PACKAGE do_unpack: Fetcher failure: ...;
git -c core.fsyncobjectfiles=0 branch --set-upstream master origin/master failed with exit code 128, output:
fatal: the '--set-upstream' option is no longer supported. Please use '--track' or '--set-upstream-to' instead.
ERROR: PACKAGE do_unpack: Function failed: base_do_unpack
(Bitbake rev: 62a53e9dbb6dc7489e44c32340b0caddd4596f0a)
Signed-off-by: Andre Rosa <andre.rosa@lge.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2ab50074c1a6c56a8a178755de108447d7b7acaf)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.
* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake
* CVE-2017-13078: reinstallation of the group key in the Four-way handshake
* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake
* CVE-2017-13080: reinstallation of the group key in the Group Key handshake
* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake
* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it
* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake
* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame
* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame
Backport patches from upstream to resolve these CVEs.
(From OE-Core rev: bfa04fa71c47e8fe9528208848cfcec2e232777d)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As of html5lib 0.9999999/1.0b8 (released on July 14, 2016), some modules
have moved from _base to base. Handle this, while staying compatible
with earlier versions.
(Bitbake rev: a37d0f0247c9174fec124789b7a07c792193d909)
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from
side-channel observation during the signing process) can easily recover the
long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this
session key in secure memory, to ensure that constant-time point operations are
used in the MPI library.
(From OE-Core rev: fb28c54347fcf4957b9b8ee7dee423d859eb7820)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It can take a bit for USB devices to be detected, so if a USB device is
your rootfs and you don't set rootwait you will most likely get a kernel
panic. Fix this by adding rootwait to the kernel command line on
installation.
Fixes [YOCTO #9462].
(From OE-Core rev: 7f26cee3d8e4b2e9240b30c21be9fa7661186ccd)
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The code in these two functions is meant to be equivlanet in behaviour
but isn't. Add in code to ensure files that don't exist are handled
consistently by both functions. Users did report being able to generate
tracebacks otherwise.
(Bitbake rev: 51e913e178a02bb603ddf874669e3ce54f90bd5d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is the potential for sensitive information to leak through the urls
there and removing it brings this into the behavior of the other package
backends since filtering it is likely error prone.
Since ipks don't appear to be generated at all if we don't set this, set
the field to the recipe name used (basename only, no paths). This avoids
information leaking. We may want to drop the field if opkg can allow that
at a future point but the recipe name is a suitable identifier for now.
Reported-by: Andrej Valek <andrej.valek@siemens.com>
(From OE-Core rev: 1aa51cfb4b8d10f478b1a6a68c69a3e35342b1c0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The release was pushed from May to June for 2.1.3 (krogoth). Updated
all manual revision tables.
(From yocto-docs rev: 5ec75c194147fecf0bda8095e430cdd8e6f34b6b)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The Meson revision was locked down but the license list change wasn't actually
committed...
Also specify the exact path for recipetool to write to, for clarity.
(From OE-Core rev: cbd6a2de4d8bda44f1d53956acc49a4bef810e95)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Recent distros are enabling -pie by default; in case of grub
we need to turn it off.
(From OE-Core rev: aaff6c99dde3f1058bb3c4b320f27753c6c992ad)
(From OE-Core rev: 720ac6e2b46d4d78244033a2474a2716a7a08b03)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This doubles the amount of extra space that is provided for SMART and
RPM, as they consume more disk space during qa testing via testimage
[YOCTO #9800]
(From OE-Core rev: 2d636068d9d3a1ea2db3ace49462be13ba9ef125)
(From OE-Core rev: 1d35417502aa8bce9d65d15f29d9d7bee077b7cc)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The test_recipetool_create_github test fetches HEAD of the repository so
upstream changes can (and do) break the test. Avoid these problems by passing
the rev= argument in the URL to lock the checkout to the same version that is
fetched in the github_tarball test.
Also pass the commands to runCmd() as a list instead of a string, the semicolon
in the URL needs more quotes if the shell is involved and passing a list
bypasses the shell entirely.
(From OE-Core rev: b7a26dbca4d92b36aeb8b183e679701b5706adb0)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This test works fine with su, which is more likely to be installed in images
than sudo.
(From OE-Core rev: 59d10be745a1f7d31c68e4d5da9e1c3461b7d390)
(From OE-Core rev: 0c35ac4b1b78a0b1be8e50ced5502c1bf9d31774)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Building libunwind, then gcc-runtime causes build failures. This is hard
to fix since gcc-runtime wants the internal gcc unwind.h header but libunwind
wants to provide this. There are differences in include behaviour between gcc
and glibc which are by design.
This patch hacks around the issue by looking for a define used during gcc-runtime's
build and skipping to the internal header in that case. The patch is only enabled
on musl and is the best workaround I could come up with to unblock failing builds
on our autobuilder.
[YOCTO #10129]
(From OE-Core rev: 793b6e57d7cf4a093223b4cd34085a929a5c43c3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This test was backported and doesn't function quite the same way under
krogoth since some of the extended python license checking wasn't yet
added. This tweaks the output to match the expected result in krogoth.
(From OE-Core rev: fcb2fcae57df403f1fff4b9ddb6b2d52e41aea33)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This occasionally triggered autobuilder errors where the .gir file
appeared truncated to introspection tools.
(From OE-Core rev: 2154c1c803b7bd36a1401fa657e7fd8cb1060a70)
RP: backported from 2.12 to 2.10
(From OE-Core rev: cf06e8aa07c8b60a377b4716be5c72311be12f1c)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gna! project announced that the download site from gna.org HTTP server
will soon be closing down. We have verified that the site is no longer
accessible without network proxy cache. We need to update SRC_URI to
point to new alternative (nwl.cc HTTP server) in order to avoid fetcher
issues in future.
[YOCTO #11575]
(From OE-Core rev: 0314442ec4cb280fd8ad2f9deb9b3ec8842f8c2a)
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are issues with a change made to RTLD_NEXT behaviour in glibc 2.24
and that change was also backported to older glibc versions in some distros
like Fedora 23. This adds a workaround whilst the pseudo maintainer fixes
various issues properly.
(From OE-Core rev: 21c38a091c4a1917f62a942c4751b0fd11dce340)
(From OE-Core rev: 47f5c2a52f93e1984b0269c708ca5218b9fd41ec)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
"make alltests" is sensitive to the timestamps of the installed
files. Depending on the order in which cp copies files, .o and/or
executables may end up with time stamps older than the source files.
Running tests then triggers recompilation attempts, which typically
will fail because dev tools and files are not installed.
"cp -a" is not enough because the files also have to be newer than
the installed header files. Setting the file time stamps to
the current time explicitly after copying solves the problem because
do_install_ptest_base is guaranteed to run after do_install.
(From OE-Core rev: 101e2a5e0b7822ca3de3d3a73369405c05ab3c5b)
(From OE-Core rev: b309bfa265456cda7269ff67e9df5f5c05a9a5a5)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The openssl-c_rehash.sh script reports duplicate files and files which
don't contain a certificate or CRL by echoing a WARNING to stdout.
This warning gets picked up by the log checker during rootfs and results
in several warnings getting reported to the console during an image build.
To prevent the log from being overrun by warnings related to certificates
change these messages in openssl-c_rehash.sh to be prefixed with NOTE not
WARNING.
(From OE-Core rev: 88c25318db9f8091719b317bacd636b03d50a411)
(From OE-Core rev: c270ebf9235c5414de1bf80ff40253f5a98dca2a)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Debian and other generic distributions has moved the certificates for
sysconfdir (/etc/ssl) and made the libdir content to link for it.
This provides several advantages specially for read-only
rootfs. Another benefit is that it ensures foreign implementations
(e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
the certificates) to find the content correctly.
(From OE-Core rev: 50d63fa346bbb05dafffc0cb55e21e1092272d95)
(From OE-Core rev: 735f4528b5046024f118658cda8ee340ff8aa082)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The PLD Linux distribution has ported the c_rehash[1] utility from Perl
to Shell-Script, allowing it to be shipped by default.
1. https://git.pld-linux.org/?p=packages/openssl.git;a=blob;f=openssl-c_rehash.sh;h=0ea22637ee6dbce845a9e2caf62540aaaf5d0761
The OpenSSL upstream intends[2] to convert the utility for C however
did not yet finished the conversion.
2. https://rt.openssl.org/Ticket/Display.html?id=2324
This patch adds this script and thus removed the Perl requirement for
it.
(From OE-Core rev: cb6150f1a779e356f120d5e45c91fda75789970a)
(From OE-Core rev: 9ae6e105bb689faf004f60bb4f9f0ea56e3b8fde)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Regarding the last commit about missing dependencies, another issue
was found. The problem was found, while ptest has been built with some
set extra settings. It means, when ptest is going to be built,
it is necessary to rebuild dependencies for test directory too.
(From OE-Core rev: 030142d0410bec85aeacfff6be27d5fed41ce808)
(From OE-Core rev: 28419a4e9ad9430e477c1eb7f2a2d1f328bcacaf)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Settings from EXTRA_OECONF like en/disable no-ssl3, are transferred
only into DEPFLAGS. It means that settings have no effect on output files.
DEPFLAGS will be transferred into output files with make depend command.
https://wiki.openssl.org/index.php/Compilation_and_Installation#Dependencies
(From OE-Core rev: e3c251427a305780d3257a011260bd978de273d5)
(From OE-Core rev: 11c388226399ec703f4f67ae7cf11c1e4e332710)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
MIPS64 target was being configured for linux-mips which defaults to
MIPS32. Doesn't cause any issue as far as I can see but it would be
wiser to use the correct target configuration.
Also add MIPS64le configuration which is missing.
(From OE-Core rev: 0afec72913bc31d315cba079da317e8b28755ded)
(From OE-Core rev: e2b2fbe05fe97a512265d9978011650415e1589a)
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ERROR: Task 944 (virtual:nativesdk:/home/akuster/oss/maint/poky/meta/recipes-multimedia/libpng/libpng_1.6.21.bb, do_checkuri) failed with exit code '1'
ERROR: libpng12-1.2.56-r0 do_checkuri: Function failed: Fetcher failure for URL: 'http://distfiles.gentoo.org/distfiles/libpng-1.2.56.tar.xz'. URL http://distfiles.gentoo.org/distfiles/libpng-1.2.56.tar.xz doesn't work
ERROR: Logfile of failure stored in: /home/akuster/oss/maint/poky/build/tmp/work/i586-poky-linux/libpng12/1.2.56-r0/temp/log.do_checkuri.14781
Log data follows:
| DEBUG: Executing python function do_checkuri
| DEBUG: Testing URL http://distfiles.gentoo.org/distfiles/libpng-1.2.56.tar.xz
| DEBUG: checkstatus() urlopen failed: HTTP Error 404: Not Found
| DEBUG: Python function do_checkuri finished
| ERROR: Function failed: Fetcher failure for URL: 'http://distfiles.gentoo.org/distfiles/libpng-1.2.56.tar.xz'. URL http://distfiles.gentoo.org/distfiles/libpng-1.2.56.tar.xz doesn't work
SF now has a old releases dir which contains this tarball. It got dropped from Gentoo
(From OE-Core rev: 30722ea82dd8e90c33d607e1a8847dabf16b4225)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream have removed the file from zlib.net as a new version has
been released, switch to fetching from the official sourceforge
mirror.
[YOCTO #10879]
(From OE-Core rev: bb99e4a620efd59556539c156cd98ea23aae74c8)
(From OE-Core rev: b7599330f1d629384e16a5fbeffc1a65c1555667)
(From OE-Core rev: d2522df5bf85875a896d3b7ddeb20b63af3f4470)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With enabled SSTATE_MIRRORS sstate code expects mirrors to
contain entries for all tasks, which is not the case for ext
installer as it uses reduced sstate cache.
Added do_package tasks to BB_SETSCENE_ENFORCE_WHITELIST to prevent
installer failing with ERROR: Sstate artifact unavailable
[YOCTO #10832]
(From OE-Core rev: 2ed46ada4b8e496493835e84b36f7e9c367f59d2)
(From OE-Core rev: eb2fc2cd9081a4533ed30fe81c9f491b06cc5ae1)
(From OE-Core rev: 6549641a65b8e67ed46400921f89acf395f13a80)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mapped uninative sstate directories to make ext SDK installer to
use them when it's run on systems with gcc version different from
gcc version used to build installer.
[YOCTO #10832]
(From OE-Core rev: fb945c0fd2e66d70461e6cf2e602020eeabe32f7)
(From OE-Core rev: 31ce79200035584c26576afe043688132532bc8b)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in
LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of
service (out-of-bounds write) or execute arbitrary code via a crafted
TIFF image.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3632http://bugzilla.maptools.org/show_bug.cgi?id=2549https://bugzilla.redhat.com/show_bug.cgi?id=1325095
The patch is from RHEL7.
(From OE-Core rev: 9206c86239717718be840a32724fd1c190929370)
(From OE-Core rev: 0c6928f4129e5b1e24fa2d42279353e9d15d39f0)
(From OE-Core rev: f10cef0119c3bcf5b23a142f131a2d452ef2b837)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool
allows remote attackers to cause a denial of service (out-of-bounds read) via vectors
involving the ma variable.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3658http://bugzilla.maptools.org/show_bug.cgi?id=2546
Patch from:
45c68450be
(From OE-Core rev: c060e91d2838f976774d074ef07c9e7cf709f70a)
(From OE-Core rev: cc266584158c8dfc8583d21534665b6152a4f7ee)
(From OE-Core rev: 7ba456a35e0e75e0e8b3d8f9530aab312775672d)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
