Clean up several patches introduced in commit 6732918498 ("grub:fix
several CVEs in grub 2.04").
1) Add CVE tags to individual patches.
2) Rename upstream patches and prefix them with CVE tags.
3) Add description of reference to upstream patch.
(From OE-Core rev: a1db1e71129c3e67ddd9dbef21e1c5eb31552e00)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bcb8b6719beaf6625e6b703e91958fe8afba5819)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Steps to reproduce:
echo "IMAGE_INSTALL_append = \" udev-hwdb lib32-udev-hwdb\"" >> conf/local.conf
When install both udev-hwdb and lib32-udev-hwdb as above,
there comes below do_populate_sdk error:
$ bitbake core-image-sato -c populate_sdk
ERROR: Task (/path/core-image-sato.bb:do_populate_sdk) failed with exit code '134'
NOTE: Tasks Summary: Attempted 5554 tasks of which 0 didn't need to be rerun and 1 failed.
$ cat /path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-r5/pseudo/pseudo.log
[snip]
inode mismatch: '/path/tmp/work/qemux86_64-poky-linux/core-image-sato/1.0-r5/sdk/image/usr/local/oecore-x86_64/sysroots/core2-64-poky-linux/lib/udev/hwdb.bin' ino 427383040 in db, 427383042 in request.
[snip]
It is because both udev-hwdb and lib32-udev-hwdb will generate
${SDK_OUTPUT}/${SDKTARGETSYSROOT}/lib/udev/hwdb.bin during do_populate_sdk
and it triggers pseudo error.
So clean hwdb.bin before generate hwdb.bin to avoid conflict to
fix the above do_populate_sdk error.
(From OE-Core rev: c7472925feb53ce92c1799feba2b7a9104e3f38f)
(From OE-Core rev: 93e59a78da3dab56c91f423b2c0f29a8ebaf2700)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 994ca65e6f)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit 7d32417b4d (busybox: Correct the name of the bzip2 license)
changes the licesne from 'bzip2' to 'bzip2-1.0.6' on the rationale
that the 'bzip2 license was renamed from "bzip2" to "bzip2-1.0.6"
[...] to match the official SPDX identifier.'
Though the above is true for the bzip2 and pbzip2 packages, the bzip2
code bundled in busybox is a copy from the bzip2 1.0.4 version, not the
1.0.6 version.
As such, using bzip2-1.0.6 is wrong.
Unfortunately, there is no official SPDX license identifier for this
bzip2 1.0.4 version, so we just mimick the existing ones (bzip2-1.0.5
and bzip2-1.0.6) by using bzip2-1.0.4.
Also, there is a license file attached to that, so we add it to the
list.
(From OE-Core rev: 6238ee3ecd385cbadd8e75eb8b22a96d9cb13639)
(From OE-Core rev: fb590d12a0979e0db69e9d7b0cb605467f678000)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Alexandre BELLONI <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0776bf6600)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bzip2 license changes with each version; the changes are subtle, but
that makes it a different license everytime:
- copyright year
- authorship identification and address
- version of the release
- date of the release
Although we currently only have bzip2 and pbzip2 packages, we're going
to need this license for busybox, which uses code from bzip2-1.0.4.
Add it, as copied from the upstream bzip2 git tree at tag 'bzip2-1.0.4'
(commit f10a33538e9bab6deb61779b3d8aae168824ef48).
(From OE-Core rev: f303c31b813f371737c9a9d7a93e9f920f84e75a)
(From OE-Core rev: e29fb3d418f3ac53e49a14b430f0ef6ef323375f)
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f3f62ed09d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Refactoring of SDL2 internal API has broken SDL_RenderFillRect for
DirectFB. The problem has already been fixed upstream.
(From OE-Core rev: a7c8dfc1f9beebeb9da7f61b323d85fba82ec1cb)
(From OE-Core rev: 1eabecc8bcb459b0fe6b14c9a368cd1b4b6dd7dd)
Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e956531526)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Build of libsdl2 with directfb is broken due to a spurious '}' and a
missing 'E' since version 2.0.12. The upstream is already fixed.
(From OE-Core rev: 8963daba093c3c5e2c60e1e4e057862971b84cb0)
(From OE-Core rev: a2b4c03bbb1f340da2f0723336978b22f8203065)
Signed-off-by: Mark Jonas <toertel@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9e9871de01)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently gstreamer configuration depends libcap and on whether
setcap is found on the host system.
Removing libcap from DEPENDS and only use it when the 'setcap' is enabled.
* 0004-capfix.patch
Removed as the same goals can be achieved only with the PACKAGECONFIG 'setcap'
(From OE-Core rev: 7691d3f963dc02570b5092db8f061c4d327b277a)
(From OE-Core rev: 3b186880c95e8ab120fee6304af52384b040aae1)
Signed-off-by: Jose Quaresma <quaresma.jose@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Updates global variables for 3.2 / Gategarth release.
(From yocto-docs rev: 7b699c26bfcf05666460746dd7a28eacbf98870c)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are plenty of variables in poky.yaml which are not used anywhere
in the docs. So let's remove them. We can always add the one we need
later.
Note ORGEMAIL could be used in boilerplate.rst, however this file is
not parsed but included, and somehow the yocto-vars.py exenstion does
not process this file, so we cannot use a variable there.
(From yocto-docs rev: 3d58472daf118b25eda151bbf1a638905bba183a)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We now publish the branch 1.48 of bitbake docs to
https://docs.yoctoproject.org/bitbake/1.48/
yocto-docs can refer to bitbake documentation using the intersphinx
extension. The gatesgarth docs should refer to the 1.48 branch of
bitbake, not the development branch.
(From yocto-docs rev: 09ae216a022b85fe1f03b55e6341e258c7215e20)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
conf.py:
* set version to 3.2
switchers.js
* add 3.2 release
* update 'dev' to 3.3
(From yocto-docs rev: eac8b251be5cd28ebec32345562c838dd5f43b00)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since the ADT manual has long been superseded by the SDK manual,
remove the entire adt-manual directory, and the references to it in
the two top-level files "conf.py" and "poky.yaml".
(From yocto-docs rev: 64b2e83bddf6af0439ac7089ac95e60faa696cfc)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We're seeing tracebacks from buildhistory analysing the python 3.8 -> 3.9
upgrade due to the significant file renames. Avoid these by checking before
removal as they can happen multiple times.
(From OE-Core rev: b1eb390bbcb995c0da70478e17f9170721c75341)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
all these were exact copies, therefore just use qemuall to house this
file as it will be same across all qemu machines
Additionally, it can support out of tree qemu definitions better eg.
qemuppc64
(From OE-Core rev: 7822880443ba474431a6a2c43c52406be995d9d4)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently if a task generates the same output with different timestamps,
hasequiv won't detect it but reproducibile builds will fail tests due
to the different timestamps.
Add do_package timestamps to the hash when reproducibile builds are enabled
to avoid this.
(From OE-Core rev: 11e8200ccec765ff6a4263e06512e5751eca261a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When ccache enabled as below:
INHERIT += "ccache"
CCACHE_DIR = "/path/build/ccache"
There comes do_install failure for some recipes randomly, take
linux-libc-headerswhen as example.
$ cat /path/build/tmp/work/corei7-64-wrs-linux/linux-libc-headers/5.8-r0/pseudo/pseudo.log
[snip]
path mismatch [1 link]: ino 243004209 db '/path/build/ccache/6/stats' req '/path/build/ccache/7/stats.lock'.
[snip]
Exclude ${CCACHE_DIR} from pseudo database to fix the potential
do_install failure.
(From OE-Core rev: b65e5280bf9e7f1f9c8e6acabab79bcf209e5342)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport patches from https://git.savannah.gnu.org/git/grub.git
to fix some CVEs. Here is the list.
CVE-2020-14308:
0001-calloc-Make-sure-we-always-have-an-overflow-checking.patch
0002-lvm-Add-LVM-cache-logical-volume-handling.patch
0003-calloc-Use-calloc-at-most-places.patch
CVE-2020-14309, CVE-2020-14310, CVE-2020-14311:
0004-safemath-Add-some-arithmetic-primitives-that-check-f.patch
0005-malloc-Use-overflow-checking-primitives-where-we-do-.patch
CVE-2020-15706:
0006-script-Remove-unused-fields-from-grub_script_functio.patch
0007-script-Avoid-a-use-after-free-when-redefining-a-func.patch
CVE-2020-15707:
0008-linux-Fix-integer-overflows-in-initrd-size-handling.patch
(From OE-Core rev: 67329184985a03534f11f95e9df5f9fb2305a261)
Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Directory has been renamed, so fix README and add a bit more white
space to keep everything lined up.
(From yocto-docs rev: cdd4c705f7271e31e44a94c79b050eda1fba5945)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a migration subsection on the need to add MLPREFIX to conditional
package dependencies in gatesgarth.
(From yocto-docs rev: e202beabfc1282d6999fde0ced89e41c993da27f)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add some info on the image-artifact-names class change in gatesgarth.
(From yocto-docs rev: 71dd9d92bf58c73f5fb3bd14cf8031bfc794fd3f)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This covers most of the changes that would require action on the part of
the user that I was able to see by scouring the commits. Some of the text
was borrowed from commit messages and edited.
(From yocto-docs rev: 35e9349ba6417765274d7d1ce542e7e6f19dbe26)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a variable glossary entry for IMAGE_NAME_SUFFIX, which was added way
back in krogoth.
(From yocto-docs rev: 78920a8ea5fb991606300c1fcb48aa6a7c20f8c1)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add an entry to the variable glossary for IMAGE_VERSION_SUFFIX (which
was added in thud) and update the IMAGE_NAME and KERNEL_ARTIFACT_NAME
entries whose defaults use this variable.
(From yocto-docs rev: 1a02c4be8e348687d4f7e09aefc408aaed5f1be5)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a brief variable glossary entry for the new PSEUDO_IGNORE_PATHS
variable.
(From yocto-docs rev: a337bb317dacdeb174397e7ee8258bc74560436b)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Update for changes to messages
* Add missing QA checks - some added recently, others several releases
ago
Some of this was borrowed from commit messages (with editing) - in
particular thanks to Alexander Kanavin for the writeup on patch-fuzz.
(From yocto-docs rev: 6a5e846a92068758e49d1810789638b6990bf83d)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
distro_features_check was renamed to features_check and extended to
support MACHINE_FEATURES, COMBINED_FEATURES and ANY_OF_*_FEATURES in
dunfell, but the documentation still needed to be updated.
(From yocto-docs rev: 274eb596582a22883e8b386a07cf32ed45a77d79)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make it possible to link to the explanation for a particular QA check.
(From yocto-docs rev: 3f6dc24e0a371feca8fe66c1be8c86e599307854)
Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
