The fix backported in commit aa9fc551 of oe-core does not completely fix the
issue (Yocto #4595) as intended. The modules symlink is still created in the
working directory instead of in the deploy directory. To fix this, we just need
to use an absolute path to ${DEPLOYDIR} when creating the symlink.
(From OE-Core rev: f07a4e0d80f5e0dd94514f6aae11a7bd56034f30)
Signed-off-by: Paul Barker <paul.barker@commagility.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* backported from 2.23.2, fixes:
work/x86_64-linux/binutils-native/2.23.1-r3/binutils-2.23.1/gas/write.c:409:24:
error: 'dummy.fr_type' may be used uninitialized in this function [-Werror=maybe-uninitialized]
gas_assert (prev_frag->fr_type != 0);
^
work/x86_64-linux/binutils-native/2.23.1-r3/binutils-2.23.1/gas/write.c:392:9: note: 'dummy' was declared here
fragS dummy, *prev_frag = &dummy;
^
(From OE-Core rev: 8c5396bd3b7f1eef3d53ebf0404189fd75f1d5e1)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Patches explain the issue in detail but this is exposed
with gcc 4.9 in binutils 2.23.2
(From OE-Core rev: fc5c467b680fc5aef4b0f689e6988e17a9322ae0)
(From OE-Core rev: 4dfb8847ebf8aab90ad8888933468e2899c96998)
(From OE-Core rev: af347d3298e15552d502d5b2ce497bbda9705bc7)
(From OE-Core rev: 5ab846580ec2ebf13f5e4775bab45fa30518cb31)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The modules-${MACHINE}.tgz should link to ${MODULE_TARBALL_BASE_NAME}.
But now it links to an invalid file ${MODULE_TARBALL_BASE_NAME}.bin.
Remove the extra .bin suffix.
[YOCTO #4595]
(From OE-Core rev: aa9fc551a8df9ead287c0ddc18bc60a7aded1d3c)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ant reported on irc that the sstate absolute to relative symlink creation
code wasn't working in klibc. He was correct although the level of breakage is
rather surprising since it only worked for one level of symlink (usr/include) with
everything else being broken.
The reason is probably that nothing really uses absolute paths, we use relative
paths where at all possible already. Nothing in the target sysroot should use
absolute paths for a start. In this regard, the klibc-dev package is broken and
needs fixing. It will currently break when building for one machine, then switching
to another of the same TUNE_PKGARCH and installing from sstate but that is a
separate issue.
This patch fixes the symlink creation code by firstly passing in the correct
value we need (where the symlink will end up) and seccondly, actually using it.
I've also tweaked the debug message to contain appropriate information and got
right of the double "//" value the existing code created in favour of the form
'./..' which looks neater.
(From OE-Core rev: 9b05c65450526522d7358d0c0901b594de546748)
(From OE-Core rev: 67831122fce62b71263b85592c8d1de4e7deabd2)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a followup patch to incomplete CVE-2014-6271 fix code execution via
specially-crafted environment
This patch changes the encoding bash uses for exported functions to avoid
clashes with shell variables and to avoid depending only on an environment
variable's contents to determine whether or not to interpret it as a shell
function.
(From OE-Core daisy rev: 6c51cc96d03df26d1c10867633e7a10dfbec7c45)
(From OE-Core rev: 998cd2c6dd3709ae0d47c845dff227680bda96f5)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment
Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
(From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc)
(From OE-Core rev: 59e7817b6e1d1dd90668083cf34f1650a84430c0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2014-6271 aka ShellShock.
"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."
(From OE-Core master rev: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3)
(From OE-Core rev: d57b9ce8bb97f88c329da973c3567d04d8eb07d2)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added a new entry and used "July 2014" as the release date.
(From yocto-docs rev: d6a86bf28419a43a2a692d33c8cedddadebe1dfb)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Following fixes:
dev-manual - Discovered a <ulink> tag that was not a single
line. These types of links need to not have hard
returns. If they do, mega-manual.sed will not
process the link. Changed the reference to a
single line.
kernel-dev - Discovered that I had the old poky.ent variable
(i.e. YOCTO_DOCS_KERNEL_URL) as part of the link
in the opening note on the title page. I changed
it to the proper variable, which is
YOCTO_DOCS_KERNEL_DEV_URL. The old link was not
being processed by mega-manual.sed.
profile-manual - First problem was the wrong manual title in
a <ulink> tag, which caused the mega-manual.sed
file to skip processing the link into a non-link.
Second problem was on the title page. Incredulously,
I had the title of the manual reversed for Chapter
1. Fixed it.
(From yocto-docs rev: 71dedd610dce9fdc6472a5cf2b18ec8729d77e55)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Found a very subtle problem with the search string that processes
links to the Yocto Project Profiling and Tracing Manual where the
links go to the top-level (i.e. no ID tag in the link).
I had the name of the manual as "Yocto Project Profile and
Tracing Manual", which means there would never be a match.
Consequently, when the Makefile called the mega-manual.sed file
to process the links in mega-manual.html, any top-level link
to that manual was not processed and was being left as a hard
link to the versioned manual. Processing a top-link should
convert it to a non-link (for now).
(From yocto-docs rev: bb32b3445cb8b3a498cff93d22f1ed9435fd715d)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.
(Patch borrowed from Fedora.)
(From OE-Core rev: 299de5ea53446bc211e6aadf158d6ef7576384ab)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
(Patch borrowed from Fedora.)
(From OE-Core rev: 50050c9c2449d14a0d3da91eed5d16cddce9cf76)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: 2a9e46a319d32e99266fd44e1ea1ca2b5e7c9a6a)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: aac6d15448e9a471a8d4ce086538b39f0b928518)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backported patch for CVE-2014-3466.
This patch is for dylan.
(From OE-Core rev: 7ff1924674871d604f9656f3928b91dc417c7246)
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This makes sure the mega-manual cross-reference links stay within
the mega-manual and don't stray to 1.4.3 documentation.
(From yocto-docs rev: 4470f32879ea9ad21c1d4821de6a8aa5740bbc6b)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
All six manuals using May of 2014 for a release date.
(From yocto-docs rev: 7c4fe11ca8f001d18329aa6255793618bbb06ab8)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We don't normally do this, but with the recent CVE fixes (most
importantly the one for the serious CVE-2014-0160 vulnerability) I am
bumping PR explicitly to make it a bit more obvious that the patch has
been applied.
(From OE-Core rev: c50da4a2c1128f599b2c66d06b7d2ea80215f9d0)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More
information here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Patch borrowed from Debian; this is just a tweaked version of the
upstream commit (without patching the CHANGES file which otherwise
would fail to apply on top of this version).
(From OE-Core rev: bebed954e8fea9d805a0eb6b284dd90177379242)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
(From OE-Core master rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd)
(From OE-Core rev: 0d3d2d7062a181e878435487c06e26c6547e492f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
(From OE-Core master rev: 94352e694cd828aa84abd846149712535f48ab0f)
(From OE-Core rev: 80263dc0b6c02c21949e81564ac1e5c6f198d9ac)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
(From OE-Core master rev: 35ccce7002188c8270d2fead35f9763b22776877)
(From OE-Core rev: e36aff4b0ed5f70deb4862dc893eef9ceaa93003)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The release pushed into March so I changed the revision date
in the manual history tables from February to March.
(From yocto-docs rev: 27214ecebd7a74eb54bc92aaff020b5dbfa8d2ba)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These are in the Toolchain list, so they should also be installed on the build appliance
[YOCTO #5061]
Fixes [YOCTO #5941].
(Partial backport of OE-Core master rev: 82374feece5c576f9950bad6861b1e00c6b30d84)
(From OE-Core rev: 58b479f4d4d283e590a55a71151fca481fbe3c24)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I have a feeling this code exists from the time before we had proper
coverage of one sstate task by another task. At that time it was a
"poor" persons version of that idea, we now have much better
code internal to bitbake which handles this.
Worse, this code actually breaks certain rebuild scenarios,
e.g.:
bitbake libtool-cross
bitbake libtool-cross -c cleansstate
rm tmp -rf
bitbake libtool-cross
would fail as binutils-cross wasn't installed from sstate.
The easiest fix is to remove the obsolete/broken code.
[YOCTO #5773]
(From OE-Core master rev: ccad07f35fb7f959e24fd50d04c7d10dd5cf20d0)
(From OE-Core rev: 30d3f06fddea2d8f3537d3415c95d75a6487078c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some LSB packages appear to have the platform set to '%{_target_platform}'
which is not a valid platform field. This causes a failure of the type:
warning: package lsb-test-core-4.1.15-1.x86_64 is intended for a %{_target_platform} platform
When we detect an invalid platform, fall back and try to construct a new
platform name that may be valid based on the arch and os contents of the
package. (This should only ever be needed by invalid or older RPM packages.)
(From OE-Core master rev: 6513fa327aeb7e9fdd313290c205917952eed226)
(From OE-Core rev: c3f1bedb2494a2465db23a4d89b9f998db953f0d)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes [YOCTO #5233]
Modeled after Chen Qi's fix to [YOCTO #3924] from oe-core commit:
6b6db7b4fb7aa17b8e29076decc830149b9d35bc
init-install.sh: remove unnecessary udev rules file to avoid error messages
/etc/udev/scripts/mount.sh is removed by init-install-efi.sh, but the
udev rules file which specifies the invocation of this script is not
removed, thus causing the error message during a live install:
/etc/udev/scripts/mount.sh: No such file or directory
The /etc/udev/rules/automount.rules no longer works once the mount.sh
script is removed. Remove it to avoid the error message.
(From OE-Core master rev: 1f5a2b616d902b1158e348bf8c33b6d36e21cadc)
(From OE-Core rev: c45acfae254004baa4011a35addf0e26a11d71bd)
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: mihaix.lindner@linux.intel.com
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The existing -cpu host option caused kernel panics when people attempted to use
the kvm option. After research and discussion, the best options appear to
be the kvm32/kvm64 cpu types so lets use these instead. These resolve
the kernel issues for me.
[YOCTO #3908]
(From OE-Core master rev: bdc6d3be6ffa4ed358153f9c9332b632324f5833)
(From OE-Core rev: 8f3ecfda5e57fbc1903dec1cbb44c92ef599849f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
