mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-26 18:32:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
46,680 Commits 38 Branches 623 Tags
babc9c4d0dc1c2da1bf7758f12caeceee99f0218
Commit Graph

32274 Commits

Author SHA1 Message Date
Enrico Scholz
babc9c4d0d externalsrc: place copy of git index into /tmp and do not use copyfile2 
Using shutil.copy2() to copy .git/index to a temporary file tries to
copy SELinux attributes which might fail for confined users in SELinux
environments.

E.g. our builders are running in docker containers and modification of
sources (inclusive updated of .git/index) is done outside.  Trying to
copy .git/index fails with

| $ python3 -c 'import shutil; shutil.copy2("index", "a")'
| ...
| PermissionError: [Errno 13] Permission denied: 'a'

and an AVC like

| denied  { relabelto } for  pid=18043 comm="python3" name="a" dev="dm-29" ino=1067553 scontext=system_u:system_r:container_t:s0:c39,c558 tcontext=unconfined_u:object_r:build_file_t:s0 tclass=file permissive=0

is created.  This can not be solved by adapting the SELinux policy because
this is a very deep constraint violation:

| constrain file { create relabelfrom relabelto } ((u1 == u2 -Fail-)  or (t1 == can_change_object_identity -Fail-) ); Constraint DENIED
|
| Possible cause is the source user (system_u) and target user (unconfined_u) are different.

I do not see much sense in using 'shutil.copy2()' here; 'shutil.copyfile()'
seems to be a better choice (target file is created in a secure way by
tempfile.NamedTemporaryFile()).

By placing the tempfile into /tmp we avoid potential problems related to
git's 'core.sharedRepository'.  As a (positive) side effect, the source
tree will not be modified anymore (at least by this part of code) which
prevented to mount it read-only from somewhere else.

(From OE-Core rev: 3c3c8ecc61dfed68987750d79b5482ab2f6fa02f)

Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-25 15:59:12 +01:00
Ming Liu
232e3b3a8a buildtools-tarball: drop deltask package/packagedata 
They are redundant since nopackages are being inherited.

(From OE-Core rev: 71af69fa898e5614920710ca9e0cea832a2401e4)

Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-25 15:59:12 +01:00
Ming Liu
5adabdb168 uninative-tarball: drop deltask package/packagedata 
They are redundant since nopackages are being inherited.

(From OE-Core rev: 2414e9f286d34af2db5982a988b78362decb7961)

Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-25 15:59:12 +01:00
Ming Liu
c59ee50082 package-index: inherit nopackages 
Drop deltask do_package* syntax, inheriting nopackages instead.

(From OE-Core rev: 2eee6c4ac9ce1b020e9a6658a957459f1915fdb1)

Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-25 15:59:12 +01:00
Paul Eggleton
5abdc0d728 wic-tools: ensure pseudo is available 
wic will attempt to use pseudo from the wic-tools sysroot to run, but it
was only sure to be in there if do_install had executed - which is not
the case if it had been restored from sstate, in which case it failed
horribly as seen when running the wic.Wic.test_fs_types and
test_mkfs_extraopts tests on the Yocto Project autobuilder recently. Add
an explicit dependency on pseudo-native to ensure it's always there.

(From OE-Core rev: ada7408a55ec58e4aa1b094462f8a681e60be613)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-25 15:59:12 +01:00
Joe Slater
f19dd2be62 linux-yocto: only suggest default kernel type 
The distro should set a default kernel type (?=) which could be
overriden by local.conf (=) or extensions (templates).  The kernel itself
should only use "??=" to provide a value which allows builds to succeed.

(From OE-Core rev: d3a41fbd94462efc8c6f1b55f6fb54001b447c45)

Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:32 +01:00
Mikko Rapeli
87af2104af cve-check.bbclass: use "+git" as separator in PV instead of "git+" 
PV is the recipe major version number. cve-check tries to map that to
NVD database release versions of the component. If the recipe sources
are taken from git, the PV can be automatically modified to include
git details, but the syntax is like 233+gitAUTOINC+a1e2ef7ec9.
In CVE checks we want to remove the git details and just use the major
version information, in this example 233.

Thus use "+git" as the separator and use the first part before the separator
as SW product version number in CVE check.

Fixes version number for e.g. systemd recipe. If systemd PV is
233+gitAUTOINC+a1e2ef7ec9 there will be no matches from CVE database where
latest release mentioned is plain 233. If the filter is set to +git, then
CVE PV is 233 and issues like this are detected by do_cve_check:

https://nvd.nist.gov/vuln/detail/CVE-2017-1000082

(From OE-Core rev: db8815abe3db60b0510fb378bf6d82172c2f2768)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:32 +01:00
Martin Kelly
a2cf84afff gstreamer1.0-python: add new recipe 
Previously, we had a gst-python recipe, but it supported only GStreamer
0.1. After GStreamer switched the Python bindings to use GObject
introspection, we were no longer able to build the bindings, and they
were dropped in this patch:

https://patchwork.openembedded.org/patch/93793/

However, at this point, we have a gobject-introspection class, so we can
use the bindings again, this time with GStreamer 1.0.

(From OE-Core rev: 6650bd1b9c770b01525356f9a1fabd758360ee8f)

Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:32 +01:00
Nicolas Dechesne
9d6b0c508b ffmpeg: fix pkg-config utilization 
in config.log we can see:
WARNING: aarch64-linaro-linux-pkg-config not found, library detection may fail.

ffmpeg configure script is not looking for pkg-config at the rigt place since it
is assuming cross compilation. let's force its value in the recipe.

This patches 'fixes' library detection, so it also adds:

--disable-libxcb
--disable-libxcb-shm
--disable-libxcb-xfixes
--disable-libxcb-shape

Which were dangling configure options, which started to be enabled after the
pkg-config fix, so they need now to be explicitely disabled. Follow up patch
will enable these options when DISTRO_FEATURES has x11.

(From OE-Core rev: 3d5f11f0a1fd036e28a1d3f0c3169d8e21cc1358)

Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:32 +01:00
Patrick Ohly
ba1ea783fd ovmf-shell-image.bb: simplify dependencies 
The image consists only of the EFI system partition, therefore
we can avoid depending on the default wic tools.

(From OE-Core rev: f147b2502ae53d63a884a46e994ae18e12ec4ef6)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Nicolas Dechesne
9a7ddbe10c ffmpeg: add PACKAGECONFIG for sdl2 
Enabling sdl2 will bring ffplay applications, which can be handy when working
with ffmpeg.

(From OE-Core rev: 5c880eb08ec29e169b9f6b7d6f2e0598a0395d30)

Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
1d9a27d0cd kernel.bbclass: set CVE_PRODUCT to linux_kernel if not set by recipe 
It is used by NVD database CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2017-7273

Setting this in kernel.bbclass fixes CVE reporting for all users of
the class.

(From OE-Core rev: 2e3d325440a50265c73f7d2e782530a02458bc33)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
edaeec5809 cve-check.bbclass: use weak assignment for default CVE_PRODUCT 
This way also bbclasses can override it. For example kernel.bbclass
could set CVE_PRODUCT to linux_kernel for all users of the class
which compile Linux kernels.

(From OE-Core rev: 74672a7de5ada45ab8e25b89cbdea3ec33b63b7f)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
487c28986b wpa-supplicant_2.6.bb: set CVE_PRODUCT to wpa_supplicant 
It is used in NVD database CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2015-1863

(From OE-Core rev: cc3882ca2fea2c5a8830311eeb7840ae98da9b3c)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
b134fda353 sqlite3.inc: set CVE_PRODUCT to sqlite 
It is used in NVD for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2016-6153

(From OE-Core rev: cec6f26f4d2f16c9a58fac5a6344e3d43b36ed09)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
fde69b8241 quota_4.03.bb: set CVE_PRODUCT to linux_diskquota 
It is used in NVD for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2012-3417

(From OE-Core rev: 07be7cb9405e4a6289edad8afb3a50c1f8651620)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
ef738c5a6a lttng-ust_2.9.1.bb: set CVE_PRODUCT to ust 
It is used in NVD for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2010-3386

(From OE-Core rev: 1c6643f139911ab27618d20f9d4ca609235a680b)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
095dac9129 python.inc: set CVE_PRODUCT to python 
All python versions are just python in NVD like this CVE
for python 3.4.4:

https://nvd.nist.gov/vuln/detail/CVE-2016-5699

(From OE-Core rev: 848e1be494e8ea10c729f95f02acb366e1843d75)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
3e9e96a1f0 nspr_4.14.bb: set CVE_PRODUCT to netscape_portable_runtime 
This is used in NVD database entries like CVE:

https://nvd.nist.gov/vuln/detail/CVE-2016-1951

(From OE-Core rev: c75e5d3f4b9293cf2f2ebdd3a23743b3df7aa3df)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
e1e79e946e libsndfile1_1.0.28.bb: set CVE_PRODUCT to libsndfile 
It is used in NVD to CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2017-6892

(From OE-Core rev: adfb1c7fe28a6ef2bcf698f7415fd86b01bdc489)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
0160ec630e libsamplerate0_0.1.9.bb: set CVE_PRODUCT to libsamplerate 
It is used in NVD for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2017-7697

(From OE-Core rev: baafa21919082a8b61af3345c35922d205b254c6)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
e21383f8e1 libpcre2_10.23.bb: set CVE_PRODUCT to pcre2 
It is used in NVD as product name for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2017-8786

(From OE-Core rev: ce32c5b8ee77012b36c74323f298dc561741aebd)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
e93cca8add libpcre_8.40.bb: set CVE_PRODUCT to prce 
It is used in NVD for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2017-7246

(From OE-Core rev: 523e823988f08679a384a14c4e768b2819f8a6bf)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
5d68f0a822 icu.inc: set CVE_PRODUCT to international_components_for_unicode 
NVD uses it for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2014-8146

(From OE-Core rev: eaac39100cadc81c89e6eb5ab389cd684699aa90)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
07afa97ea5 glibc-common.inc: set CVE_PRODUCT to glibc 
All recipes which include this .inc map to glibc NVD component.

(From OE-Core rev: 613a13725db4e05539974cc7c66584a287d7b4bd)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
2f9360d2c8 glib.inc: set CVE_PRODUCT to glib 
NVD uses product glib and vendor gnome for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2016-6855

(From OE-Core rev: 69d6342d45316389afb4b062088919689db0a6dd)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
2db6cdbc6f gcc-common.inc: set CVE_PRODUCT to gcc 
All recipes which include this are using gcc as product name in NVD like

https://nvd.nist.gov/vuln/detail/CVE-2015-5276

(From OE-Core rev: bd6f1430334412588c143d8029be39fe814672cd)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
1b8e31afcc flac_1.3.1.bb: set CVE_PRODUCT to libflac 
NVD uses product name libflac for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2014-8962

(From OE-Core rev: e09bd27059b26affddf466f4e55a7f4c719c3b17)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
71d451d169 eglinfo.inc: set CVE_PRODUCT to eglinfo 
Upstream is called eglinfo no matter how the recipes are named.
There are no existing CVE's for eglinfo in NVD yet.

(From OE-Core rev: 0b8e2a017e117810c83039a316a11da66fe148b1)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
ba828811d7 bluez5.inc: set CVE_PRODUCT to bluez 
bluez is the product name in NVD database for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2016-7837

(From OE-Core rev: aade84aa54bb2f958572623ed6464184efd19862)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
Mikko Rapeli
d2950cacf7 acpid.inc: set CVE_PRODUCT to acpid2 
It is used in NVD database for CVE's like:

https://nvd.nist.gov/vuln/detail/CVE-2011-4578

(From OE-Core rev: 966052df79df0f68565ebc40887170322d3f85b8)

Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:31 +01:00
zhengrq
7100c46a40 glibc-package.inc: add support for armeb of multilib 
Add support for armeb of multilib.

(From OE-Core rev: ac3acdcdc313ee13739d378e88b907b31765cfee)

Signed-off-by: zhengrq <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:30 +01:00
Alexander Kanavin
ebfc2e42dd rpm/dnf: fix Upstream-Status to reflect upstream submission status 
(From OE-Core rev: 1ed4b8438087fe6d61203ffbe9737ac382e0d6eb)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:30 +01:00
Chen Qi
695b3fa02e dhcp: add dhclient.service 
Add dhclient.service. This service file mainly comes from meta-systemd,
with modifications to take nfs boot into consideration.

While using eth0 as the nfsboot interface, we'd like dhclient service
to skip it like what ifup and connman do in sysvinit.

(From OE-Core rev: faa8d0f5e8db4a99367d42ba8c8de5b2e339d8d2)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:30 +01:00
Ross Burton
7b078d95fb glibc: fix upstream-status tag in a patch 
(From OE-Core rev: 76c824fa3b43fd8902fb89c575b2954e8b1a6ab8)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:30 +01:00
sweeaun
027f3d0aef libffi: Support musl-x32 build 
Added target musl-x32 in configure.ac to support musl-x32 build in libffi.

(From OE-Core rev: 318e33a708378652edcf61ce7d9d7f3a07743000)

Signed-off-by: sweeaun <swee.aun.khor@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:30 +01:00
Jose Lamego
07f87dadd7 python*-setuptools: upgrade to 36.2.0 
Both python-setuptools and python3-setuptools need to be
upgraded to latest upstream version.

license checksum is now targeted to be performed over the actual
license text at license file.

These changes were tested using qemux86 with core-image-minimal.

(From OE-Core rev: 6ad635a33b5a49fa51165b6ac7606b27438f5d96)

Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:30 +01:00
Khem Raj
37ec69301a mkelfimage: Fix build on x86_64 with hardening 
We get linking errors on some hosts like
| ld -static --warn-multiple-gp --warn-common -T linux-i386/convert.lds -o objdir/linux-i386/convert ob
jdir/linux-i386/head.o objdir/linux-i386/convert_params.o
| objdir/linux-i386/convert_params.o: In function `printf':
| convert_params.c:(.text+0x1fd): undefined reference to `__stack_chk_fail_local'

This is because the build system is defaulting to host linker when building
32bit binaries and it may not have same defaults as OE toolchain and issue
gets highlighted.

fix it by using cross linker for 32bit links when building on x86_64

(From OE-Core rev: 470c8a0fb5f51a626a194c8fd3aabd448b50ebfa)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:30 +01:00
Ed Bartosh
ec5c4e97c8 patchelf: fix segfault for binaries linked by gold 
Due to a bug in calculating adresses of modified program
headers patchelf breaks executables linked by Gold linker
causing them to segfault, e.g.
$ tmp/sysroots-components/x86_64/m4-native/usr/bin/m4 --help
Segmentation fault

This is reproducible only in some cases and only for executables
of ET_DYN type produced by Gold or by ld linked with pie.

This should be solved by fix-adjusting-startPage.patch that
fixes calculation logic.

[YOCTO #11785]

(From OE-Core rev: 4e4c96db4b1d2356b5d071cee6746a96eca20439)

Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:30 +01:00
Ed Bartosh
52f2d81c9a patchelf: change patch status 
The patch has been accepted upstream.
Changed patch status Pending -> Accepted.

(From OE-Core rev: 4e9b1e9798e7b12664d4afc611e430a988b6b1ca)

Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-24 09:13:30 +01:00
Maxin B. John
5ffec4ad91 bluez5: upgrade to 5.46 
5.45 -> 5.46

This includes the new testing utility "advtest"

(From OE-Core rev: 514e9be6b00cd39bb8b2eaf117125109fba17910)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00
Jose Lamego
853b79db69 python3-git: upgrade to 2.1.5 
python3-git needs to be upgraded to latest upstream version.

"git" is added as RDEPENDS.

These changes were tested using qemux86 with core-image-minimal.

(From OE-Core rev: 0b48514d1d26d234c158a4b72087a67d2478362a)

Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00
Jose Lamego
b571e422c5 python3-mako: update to 1.0.7 
python3-mako need to be upgraded to latest upstream version.
This change was tested using qemux86 with core-image-minimal

(From OE-Core rev: 1a2bb950b38035b842d120697d076cfdc832fa37)

Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00
Maxin B. John
187aa1b9bb libtirpc: upgrade to 1.0.2 
1.0.1 -> 1.0.2

Remove these Backported and upstreamed patches:
        1. 0001-Fix-for-CVE-2017-8779.patch
        2. libtirpc-0.2.1-fortify.patch
        3. libtirpc-1.0.2-rc3.patc

(From OE-Core rev: 351a629114c67691ba434a27ec42671474fdc605)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00
Maxin B. John
e25ff31d95 sqlite3: upgrade to 3.19.3 
3.19.2 -> 3.19.3

Fixes a bug associated with auto_vacuum that can lead to database
corruption.

(From OE-Core rev: 2635067901c932888a998ea0fbb45f5d4d3c7c24)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00
Maxin B. John
887fa65fca orc: upgrade to 0.4.27 
0.4.26 -> 0.4.27

(From OE-Core rev: d852730365183f835d4c580775f2393822d60b86)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00
Maxin B. John
4fe3407cbc libsolv: upgrade to 0.6.28 
0.6.27 -> 0.6.28

(From OE-Core rev: dd4c896a3248176c8d992a829d10e2ab135f6522)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00
Maxin B. John
3b8ca07a0c libjpeg-turbo: upgrade to 1.5.2 
1.5.1 -> 1.5.2

Remove this backported patch:
        1. fix-mips.patch

(From OE-Core rev: 5b3c92af0cc7f12313d2e7ac02dc68f8e01b76a1)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00
Bian Yaqin
aea13401f8 screen: 4.5.1 -> 4.6.0 
Update screen from 4.5.1 to 4.6.0

(From OE-Core rev: 422cfb92af8d7d2982dc76614388f22aeb658062)

Signed-off-by: Bian Yaqin <bianyq@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00
Ricardo Ribalda Delgado
2b77e439f1 base.bbclass: Make .jar file depend on unzip-native 
Unzip is required for jar files. Without this patch:
ERROR: junit4-4.3.1-r0 do_unpack: Unpack failure for URL:
'http://downloads.sourceforge.net/junit/junit-4.3.1-src.jar'. Unpack
command
PATH="/var/lib/jenkins/workspace/qt5122-dyspro/build/tmp/sysroots-uninative/x86_64-linux/usr/bin ......."
unzip -q -o '/var/lib/yocto/downloads/junit-4.3.1-src.jar' failed with
return value 127

Suggested-by: Ross Burton <ross.burton@intel.com>
(From OE-Core rev: 96665f8b204b0f0ba571bb6634203aada5983f8a)

Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-07-21 22:51:38 +01:00