Commit Graph

22392 Commits

Author SHA1 Message Date
Armin Kuster
dae5ee4e5e glibc: CVE-2015-8777
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or
libc6) before 2.23 allows local users to bypass a pointer-guarding protection
mechanism via a zero value of the LD_POINTER_GUARD environment variable.

(From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252)

(From OE-Core rev: bb6ce1334bfb3711428b4b82bca4c0d5339ee2f8)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-21 15:48:47 +00:00
Koen Kooi
bebaaf1d21 glibc 2.20: Security fix CVE-2015-7547
CVE-2015-7547: getaddrinfo() stack-based buffer overflow

(From OE-Core rev: b30a7375f09158575d63367600190a5e3a00b9fc)

Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-03-03 10:38:50 +00:00
Sona Sarmadi
aefcb6b115 bind: CVE-2015-8000
Fixes a denial of service in BIND.

An error in the parsing of incoming responses allows some
records with an incorrect class to be accepted by BIND
instead of being rejected as malformed. This can trigger
a REQUIRE assertion failure when those records are subsequently
cached.

[YOCTO #8838]

References:
http://www.openwall.com/lists/oss-security/2015/12/15/14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
https://bugzilla.redhat.com/attachment.cgi?id=1105581

(From OE-Core rev: c9c42b0ec2c7b9b3e613f68db06230ebc6e2711c)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:15 +00:00
Belal, Awais
79e4cc8954 grub2: Fix CVE-2015-8370
http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2

(From OE-Core rev: 76ef966b1f47663f570e87aeb21bc98147b0eca2)

Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:15 +00:00
Armin Kuster
faf6ada4f2 glibc: Fixes a heap buffer overflow in glibc wscanf.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
http://openwall.com/lists/oss-security/2015/02/04/1

Reference to upstream fix:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;
h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06

(From OE-Core rev: 5aa90eef9b503ba0ffb138e146add6f430dea917)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>

Hand applied.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:15 +00:00
Sona Sarmadi
a779191033 libxml2: CVE-2015-8241
Upstream bug (contains reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756263

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=
ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe

(From OE-Core rev: 84c6a67baaafee565ac4fad229bd8d07a21da09c)

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Sona Sarmadi
1930286e3f openssl: CVE-2015-3194, CVE-2015-3195
Fixes following vulnerabilities:
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
X509_ATTRIBUTE memory leak (CVE-2015-3195)

References:
https://openssl.org/news/secadv/20151203.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195

Upstream patches:
CVE-2015-3194:
https://git.openssl.org/?p=openssl.git;a=commit;h=
d8541d7e9e63bf5f343af24644046c8d96498c17

CVE-2015-3195:
https://git.openssl.org/?p=openssl.git;a=commit;h=
b29ffa392e839d05171206523e84909146f7a77c

(From OE-Core rev: 09c3a0f01572a6a65e9f87ce16817ee7de3296f1)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Sona Sarmadi
d4db68ae6b libxml2: CVE-2015-8035
Fixes DoS when parsing specially crafted XML document
if XZ support is enabled.

References:
https://bugzilla.gnome.org/show_bug.cgi?id=757466

Upstream correction:
https://git.gnome.org/browse/libxml2/commit/?id=
f0709e3ca8f8947f2d91ed34e92e38a4c23eae63

(From OE-Core rev: e40cae30575a227bb0274869f720dffd816d629a)

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Tudor Florea
3beebd9447 unzip: CVE-2015-7696, CVE-2015-7697
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping

References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697

(From OE-Core rev: 9c841157f8ecd3221702c4675a4145f586617780)

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Sona Sarmadi
aa10f103e1 libxml2: CVE-2015-7942
Fixes heap-based buffer overflow in xmlParseConditionalSections().

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/
?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456

(From OE-Core rev: a2980f004519a4baeb4c88ad924e15195fe75e32)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Martin Jansa
d54de3ebc0 linux-dtb.inc: drop unused DTB_NAME variable from do_install
* this is causing do_install to depend on KERNEL_IMAGE_BASE_NAME which
  in some cases contains something like BUILD_NUMBER from CI, that
  caused do_install to be reexecuted every single time, which is very
  sad to be caused by unused variable.
* jethro and newer don't need this change, because it's also fixed in
  commit 86b3f29f93e3f87903668ea317c6bd97be4cdf62
  Author: Marek Vasut <marex@denx.de>
  Date:   Thu May 14 14:31:11 2015 +0200
  Subject: kernel: Build DTBs early

(From OE-Core rev: 7bbed4ecd5e919eb274aeb9d6cdaba2c85cccc71)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Tudor Florea
fc3d4ce07d glibc: use patch for CVE-2015-1781
Patch added to the repo wasn't actually considered due to a
erronously way of specifying the sources.

(From OE-Core rev: 2cdc3dd4cc4426aa081b6cb99b67f1143cc64f81)

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Martin Jansa
217d56ec31 texinfo: don't create dependency on INHERIT variable
* we don't want the do_package signature depending on INHERIT variable
* e.g. just adding the own-mirrors causes texinfo to rebuild:
  # bitbake-diffsigs BUILD/sstate-diff/*/*/texinfo/*do_package.sig*
  basehash changed from 015df2fd8e396cc1e15622dbac843301 to 9f1d06c4f238c70a99ccb6d8da348b6a
  Variable INHERIT value changed from
  ' rm_work blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity'
  to
  ' rm_work own-mirrors blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity'

(From OE-Core rev: 2f61930f55390bd2dfeb52a1ccfbc1cbe560c3ad)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:14 +00:00
Mike Crowe
6fd01ed845 allarch: Force TARGET_*FLAGS variable values
TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may
differ between MACHINEs. Since they are exported they affect task hashes
even if unused which leads to multiple variants of allarch packages
existing in sstate and bouncing in the sysroot when switching between
MACHINEs.

allarch packages shouldn't be using these variables anyway, so let's
ensure they have a fixed value in order to avoid this problem.

(Compare with 05a70ac30b37cab0952f1b9df501993a9dec70da and
14f4d016fef9d660da1e7e91aec4a0e807de59ab.)

(From OE-Core rev: b5a9d4ab564c2a6645922eed0203acb88ec5dd33)

Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:13 +00:00
Richard Purdie
767142c1ba layer.conf: Add missing dependency for allarch package initramfs-framework
Similiarly to the other previous changes, add a missing allarch package dependency
for initramfs-framework on udev.

(From OE-Core rev: 685cc8a2922d51f7b1a255f11c72233ae572e2b2)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:13 +00:00
Richard Purdie
eca2b438bc layer.conf: Add several allarch dependency exclusions
These are dependencies that our allarch packages have in OE-Core that cause
those allarch packages to rebuild every time MACHINE changes.

With these changes, OE-Core allarch packages all have a common sstate
signatures and no longer rebuild.

(From OE-Core rev: 63bff90fa4fb4a95e8c79f9f8e5dd90ae1dfc69d)

(From OE-Core rev: 0d07fd7496c1f86538341eac43753f031583e2c4)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:13 +00:00
Chen Qi
2d569edae2 image.bbclass: don't let do_rootfs depend on BUILDNAME
BUILDNAME is set by cooker as a string of current time. Letting do_rootfs
task depend on this variable gets us no benefit. Besides, letting do_rootfs
task depend on this variable will cause us trouble when executing
`bitbake -S none core-image-minimal'. With current code, this command
gives us error complaining about the different bashhash of do_rootfs task.

(From OE-Core rev: e1763aae5961a06a05ee8834ab20cf752bddf793)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:13 +00:00
Martin Jansa
2ad71d0ae8 fontcache: allow to pass extra parameters and environment to fc-cache
* this can be useful for passing extra parameters, pass
  -v by default to see what's going on in do_rootfs
* we need to use this for extra parameter we implemented
  in fontconfig:
  --ignore-mtime always use cache file regardless of font directory mtime
  because the checksum of fontcache generated in do_rootfs
  doesn't match with /usr/share/fonts directory as seen on
  target device causing fontconfig to re-create the cache
  when fontconfig is used for first time or worse create
  new cache in every user's home directory when /usr/
  filesystem is read only and cache cannot be updated.

  Running FC_DEBUG=16 fc-cache -v on such device shows:
  FcCacheTimeValid dir "/usr/share/fonts" cache checksum 1441207803 dir checksum 1441206149
* my guess is that the checksum is different, because pseudo
  (which is unloaded when running qemuwrapper) or because some
  influence of running the rootfs under qemu.

(From OE-Core rev: f2b86a69d88d382f16bbec070adc8199932b2c02)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:13 +00:00
Armin Kuster
73a04a266c openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565
three security fixes.

CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support
CVE-2015-6564 (medium)  openssh: Use-after-free bug related to PAM support
CVE-2015-6565 (High)  openssh: Incorrectly set TTYs to be world-writable

(From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f)

(From OE-Core rev: ddfe191355a042e6995f7b4b725b108c5bb4d36e)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>

Conflicts:
	meta/recipes-connectivity/openssh/openssh_6.6p1.bb
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:13 +00:00
Sergiy Kibrik
b3269fc2e6 rsync: backport libattr checking patch
Add check_libattr.patch to version 3.1.0 recipe, which checks
and includes libattr to linker, otherwise rsync may fail to build
with linker error below (as -lattr option gets omitted):

[..]
lib/sysxattrs.o: undefined reference to symbol 'llistxattr@@ATTR_1.0'
[..]/lib/libattr.so.1: error adding symbols: DSO missing from command line

(From OE-Core rev: 576f63c50badd54b47cdda42a6466bb18984958d)

Signed-off-by: Sergiy Kibrik <sakib@meta.ua>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:13 +00:00
Sona Sarmadi
0facda51ce grep2.19: CVE-2015-1345
Fixes heap-based buffer overflow flaw in grep.
Affected versions are: grep 2.19 through 2.21

Removed THANKS.in changes from upstream patch since this
file does not exist in version 2.19.
Replaced tab with spaces in SRC_URI as well.

Upstream fix:
http://git.sv.gnu.org/cgit/grep.git/commit/?id=
83a95bd8c8561875b948cadd417c653dbe7ef2e2

(From OE-Core rev: fb3e73fb2536b718dfce0e7b126f75464b9874aa)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:13 +00:00
Sona Sarmadi
8cf47f82b9 libtasn1: CVE-2015-3622
_asn1_extract_der_octet: prevent past of boundary access

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch;
h=f979435823a02f842c41d49cd41cc81f25b5d677

(From OE-Core rev: 61bee3f813127c91d75a2af5197bdc874483a1fd)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-01-30 12:03:13 +00:00
Richard Purdie
b38454c2e3 build-appliance-image: Update to dizzy head revision
(From OE-Core rev: 7bb182bdd130266100fc541fd09b82d09c51cd80)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-29 14:56:15 +01:00
Ross Burton
03666c8a74 sstate: run recipe-provided hooks outside of ${B}
To avoid races between the sstate tasks/hooks using ${B} as the cwd, and other
tasks such as cmake_do_configure which deletes and re-creates ${B}, ensure that
all sstate hooks are run in the right directory, and run the prefunc/postfunc in WORKDIR.

(From OE-Core rev: dc8546241a66c6eb076dc67fd165b5216b822ced)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-29 14:42:29 +01:00
Armin Kuster
85f6cf736b bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722
three security fixes.

(From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19 11:53:16 +01:00
Sona Sarmadi
a01280b7ab icu: CVE-2014-8146-CVE-2014-8147
CVE-2014-8146 icu: heap overflow via incorrect isolateCount
CVE-2014-8147 icu: integer truncation in the resolveImplicitLevels function

References:
[1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z
[2] https://www.kb.cert.org/vuls/id/602540
[3] http://bugs.icu-project.org/trac/changeset/37080
[4] http://bugs.icu-project.org/trac/changeset/37162

(From OE-Core rev: 1bc6391f65dec41ff0360b625b7a85a161e43955)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19 11:53:16 +01:00
Saul Wold
800a3dc9b0 oprofileui: Use inherit gettext
oprofileui uses gettext during the configuration task so should be inherit
gettext. This issue appears when an older version of gettext is used do to
pinning to the older non-gplv3 version.

[YOCTO #7795]

(From OE-Core rev: 9a747554ba985970009a065f3403b94565e698e3)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19 11:53:15 +01:00
Sona Sarmadi
bdfee8758e gnutls: CVE-2015-3308
(From OE-Core rev: 75b25e7d463ed1af0fd9b3dd56e407e6e72b0f6a)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19 11:53:15 +01:00
Martin Jansa
915498e230 rootfs.py: show intercept script output in log.do_rootfs
* without this the output wasn't shown anywhere even when the bb.warn
  says:
  "See log for details!"

(From OE-Core rev: a3c322b42c7a14584a80e04519c34689ec813210)

(From OE-Core rev: b708151b798013119cbc651cd11a534c0cb816af)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19 11:51:34 +01:00
Martin Jansa
2e6494e55a rootfs.py: Allow to override postinst-intercepts location
* useful when we need to overlay/extend intercept scripts from oe-core

(From OE-Core rev: 7d08d2d5c0ae686e3bb8732ea82f30fd189b1cd8)

(From OE-Core rev: 2374910466d82c817d74e9098a1636b21ff779af)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19 11:51:33 +01:00
Beth Flanagan
55fbde1fde base.bbclass: Note when including pn with INCOMPATIBLE_LICENSES
We need to be able to tell people if we WHITELIST a recipe
that contains an incompatible licese.

Example: If we set WHITELIST_GPL-3.0 ?= "foo", foo will end
up on an image even if GPL-3.0 is incompatible. This is the
correct behaviour but there is nothing telling people that it
is even happening.

(From OE-Core rev: c9da529943b2f563b7b0aeb43576c13dd3b6f932)

(From OE-Core rev: c468724d2932708dffc766e182a69665de6226f6)

Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19 11:51:33 +01:00
Robert Yang
3a2725e5d9 autotools.bbclass: mkdir ${B} -> mkdir -p ${B}
${B} is the default cwd of tasks, so there might be race issues such as:
| mkdir: cannot create directory `${B}': File exists
[snip]
NOTE: recipe perf-1.0-r9: task do_configure: Failed

(From OE-Core rev: 3390dde6addaafad84c635eb37d2eae1ac22fcb7)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19 11:11:20 +01:00
Robert Yang
adcc476412 perf: mkdir ${B} -> mkdir -p ${B}
${B} is the default cwd of tasks, so there might be race issues such as:
| mkdir: cannot create directory `/path/to/work/qemux86-poky-linux/perf/1.0-r9/perf-1.0/': File exists
[snip]
NOTE: recipe perf-1.0-r9: task do_configure: Failed

(From OE-Core rev: 197d9fb922cc234294e8ca090bddfcd023fc82ce)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-19 11:11:20 +01:00
Yi Zhao
d526b3f9ac oeqa/selftest: fix test_incremental_image_generation for changes in log output
test_incremental_image_generation case failed because the log output
chanaged:

FAIL: test_incremental_image_generation (oeqa.selftest.buildoptions.ImageOptionsTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File
  "/buildarea3/yzhao1/poky-build/meta/lib/oeqa/utils/decorators.py", line 90, in wrapped_f
    return func(*args)
  File
  "/buildarea3/yzhao1/poky-build/meta/lib/oeqa/selftest/buildoptions.py", line 25, in test_incremental_image_generation
    self.assertEqual(0, res.status, msg="No match for openssh-sshd in log.do_rootfs")
AssertionError: 0 != 1 : No match for openssh-sshd in log.do_rootfs
----------------------------------------------------------------------

Using re search instead grep

(From OE-Core rev: 1872a9430cec0c61f1ec349df198160addd430de)

(From OE-Core rev: afecc84cdd491789e62fb191a4f03de61e408629)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:32 +01:00
Alejandro Hernandez
e74c4a5ff4 qemurunner: Improves checking for server and target IPs on qemus parameters
Fixes OS hanging infinitely waiting for qemus process to release bitbake.lock

(From OE-Core rev: d168bf34c553dbe5de7511e158cd83869d7a88bc)

(From OE-Core rev: 99ac0971aecb1b6bc113da28b79d169095e6b671)

Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:32 +01:00
Paul Eggleton
1a99652a88 oeqa/utils/qemurunner: fix logging
OE-Core commit 519e381278d40bdac79add340e4c0460a9f97e17 unfortunately
broke logging in two different ways:

1) it prevented logging to the task log from working within bitbake
   -c testimage. This is due to the logger object being set up too early
   which interferes with BitBake's own logging. If we prefix the name
   with "BitBake." everything works (and we don't need to set the
   logging level).

2) Additionally because it called the log functions on the logging
   module and not the logger object it set up, this caused the
   oe-selftest logging to start printing everything from that point
   forward.

Fix these two issues and return us to the desired behaviour for
do_testimage.

(From OE-Core rev: 429b1971be06d5146bb1c14f4697966cddab3b33)

(From OE-Core rev: 144c6a2d711f7cf4dafc22999ed8cf4cdb329dfc)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:31 +01:00
Ross Burton
20db29fb4d oeqa/QemuRunner: don't use bb for logging
Instead of using bb.note() etc for logging use logging.Logger directly, allowing
the use of QemuRunner outside of bitbake.

Also clean up the logging/errors by moving create_socket() out of
__init__()/restart() and into start().

(From OE-Core rev: 519e381278d40bdac79add340e4c0460a9f97e17)

(From OE-Core rev: c3c87fa26fec8c6e620ad2f1ce95b989f8c108ed)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:31 +01:00
Sona Sarmadi
f7b041121e qemu-slirp: CVE-2014-3640
Fixes NULL pointer deref in sosendto().

Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640

Upstream patch:
http://git.qemu.org/?p=qemu.git;a=commit;
h=9a72433843d912a45046959b1953861211d1838d

(From OE-Core rev: f63a4f706269b4cd82c56d92f37c881de824d8bc)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:30 +01:00
Martin Jansa
7a263b2e60 license.bbclass: fix unexpected operator for LICENSE values with space
* add quotes around pkged_lic so that it works correctly with spaces
* fixes following error:
  run.license_create_manifest.50601: 193: [: GPLv2: unexpected operator

(From OE-Core rev: 2bb8b2abb689d91b7b7e28e6bd528747bde94dd2)

(From OE-Core rev: 4c31f726cf1ea2e01b1fbf1c23e96a110fbb9623)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:30 +01:00
Aníbal Limón
117d9b2f45 license_class: fix license.manifest shows LICENSE field differently to recipe
Drop removal of [|&()*] operators in pkged_lic because this removal is only
needed to validate if license is collected.

[YOCTO #6757]

(From OE-Core rev: 57e5f74382d51f2a8df00e18b6008e3d2b44ad1a)

(From OE-Core rev: a5fe29ff72dc2ce1667caa2ab1fdfbf2c1a4413b)

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:30 +01:00
Martin Jansa
a4162fa9fa connman-conf: fix SRC_URI_append
* add leading space so that it works even with some .bbappend adding
  additional files to SRC_URI without trailing space

(From OE-Core rev: 0f282f1d4946ac6e81959c66172c115405632a26)

(From OE-Core rev: 55b183aa476754b050779d36dfbb03eb936443ad)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:30 +01:00
Sona Sarmadi
5a3899981c qemu-vnc: CVE-2014-7815
Fixes an uninitialized data structure use flaw in qemu-vnc
which allows remote attackers to cause a denial of service
(crash).

Upstream patch:
http://git.qemu.org/?p=qemu.git;a=commit;
h=b2f1d90530301d7915dddc8a750063757675b21a

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815
http://www.securityfocus.com/bid/70998

(From OE-Core rev: 31e3d1bab6612d8116086f9ada048a0c094fb2c8)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:29 +01:00
Sona Sarmadi
db031c40bb qemu: CVE-2014-7840
Fixes insufficient parameter validation during ram load

Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840

Upstream commit:
http://git.qemu.org/?p=qemu.git;a=commit;
h=0be839a2701369f669532ea5884c15bead1c6e08

(From OE-Core rev: 0bd4b0c7ede8a52559e4bf05085a3f0d46a0a280)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:29 +01:00
Sona Sarmadi
b64eae5767 bind9.9.5: CVE-2015-5477
Fixed a flaw in the way BIND handled requests for TKEY
DNS resource records.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
https://kb.isc.org/article/AA-01272

(From OE-Core rev: 18a01db3f2430095a4e6966aed5afd738dbc112e)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:29 +01:00
Richard Purdie
0e6473ad75 sstate: Use SSTATE_DIR for FILESPATH
FILESPATH was only being overridden in one fetch location, it should be
equally handled in both.

Also use SSTATE_DIR as FILESPATH so that mirror urls which do remapping
can search the local SSTATE_DIR for other paths.

Also ensure that MIRRORS is removed in both locations, previously
it was only unset in one but both codepaths should be consistent.

(From OE-Core rev: d66a45c52200f73e67ebb3e6e447907bb3334319)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:37:28 +01:00
Ross Burton
27fc73496c gnome: move introspection options to gnomebase
The gnome class is really a convenience class to include other classes, so move
the introspection arguments into gnomebase.bbclass.

(From OE-Core rev: d0bf0e5fd9c2cb18437ccca14b2f41d410aa832a)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:19:56 +01:00
Martin Jansa
012e1a4431 tzdata, tzcode-native: drop older versions 2014h, 2015b
* unlike in master, the older versions weren't dropped when upgrading to 2015d

(From OE-Core rev: 1341554e582407e85697f05e3fcc82fcf29c9d56)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-09-01 21:19:56 +01:00
Richard Purdie
137f52ac3a grub-efi: Add backslash lost from previous commit
(From OE-Core rev: 4621675632518caae3a8c2098ee36896b9372551)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-08-20 21:42:31 +01:00
Saul Wold
ebe3096910 grub-efi: Use the backport patch from grub
This fixes the build error seen on newer distros that use gcc5 such as Fedora22

(From OE-Core rev: ac135bd462dc4e674260fdb97c9e2e79c2e96460)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-08-20 17:49:21 +01:00
Aníbal Limón
f1c45d15c2 license_class: Fix choose_lic_set into incompatible license
Use canonical_license when doing evaluation of license expresion
since INCOMPATIBLE_LICENSE are already canonized.

[YOCTO #8080]

(From OE-Core rev: 8687b8bb8233e7f867539d69463671aa9c0806e9)

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2015-08-20 11:26:53 +01:00