find-version always assumes that gnupg is beta if autogen.sh is run
out of git-repo. This doesn't work for users whom just take release
tarball and re-run autoconf in their local build dir.
This fixes runtime issue:
$gpg --list-sigs
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
(From OE-Core rev: d39e7ca717b67ad9f2f78b83d90d91e410e52965)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Affected versions: libcurl 7.32.0 to and including 7.50.0
(From OE-Core rev: f6999fa952c7db980cfc97f6e5a971e4f34cc0a3)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Affected versions: libcurl 7.1 to and including 7.50.0
(From OE-Core rev: 6b732a392289a7bb50b0e3716c066c62fa32a14d)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Affected versions: libcurl 7.1 to and including 7.50.0
(From OE-Core rev: d1d6c93b491056b18b528216303047e353956e34)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
To ensure that boost remains an empty metapackage after version
updates, we explicitly require boost files to be empty. If new
libraries exist after a version update of the boost recipe,
bitbake will emit a warning at the do_package task. For example,
at the version update from 1.58.0 to 1.59.0, the new timer
library is indicated with:
WARNING: QA Issue: boost: Files/directories were installed but not shipped in any package:
/usr/lib/libboost_timer.so.1.59.0
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
boost: 1 installed and not shipped files. [installed-vs-shipped]
Ross Burton suggested this improvement on the openembedded-core
mailing list during review of the boost recipe version update [1].
[1] http://lists.openembedded.org/pipermail/openembedded-core/2015-December/114314.html
(From OE-Core master rev: c4e33232db2da3594cc4ba38eea56ee1acb54d3a)
(From OE-Core rev: 90dcc9838e5be74f5ec7a8380cf6da3bddb1c955)
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@oss.bmw-carit.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-0754 curl: remote file name path traversal in curl tool for Windows
(From OE-Core rev: b2c9b48dea2fd968c307a809ff95f2e686435222)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Yocto # 9008]
This is the next patch release for pcre. The 8.xx series now only contains
bug fixes.
http://www.pcre.org/original/changelog.txt
The following security fixes are included:
CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex()
CVE-2015-3217 pcre: stack overflow in match()
CVE-2015-5073 CVE-2015-8388 pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis
CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec
CVE-2015-8381 pcre: Heap Overflow in compile_regex()
CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group
CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by name within certain group
CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to certain group
CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion
CVE-2015-8387 pcre: Integer overflow in subroutine calls
CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns
CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns
CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with duplicated named groups
CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary
CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions
CVE-2015-8395 pcre: Buffer overflow caused by certain references
CVE-2016-1283 pcre: Heap buffer overflow in pcre_compile2 causes DoS
(From OE-Core rev: 3e403cc1bdeefd4f39e54bae2269ca56307e8468)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a is being give a High rating so please consider it for
all 1.1.28 versions.
A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.
(From OE-Core master rev: 0f89bbab6588a1171259801fa879516740030acb)
(From OE-Core rev: bc8b7401fa18f6a987041d7f93a1fa3512f8513c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a fix from upstream to fix a denial of service via a malicious escape
sequence.
[YOCTO #8617]
(From OE-Core rev: d5065e2b1c49fa65627f0adec8e42190ebccb572)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If ccache is enabled, compiling apr-utils fails with the following error
messages because libtool is confused by the "ccache gcc" appearing on
the command line. Disable ccache for apr, so that ccache don't get
enabled in all software using apr's rules.mk.
The error message from apr-utils-native:
(From OE-Core rev: 3533552050d0f91b669c6939755c5f6efefa9d58)
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ICU was invoking install-local twice in parallel which can lead to install
failures as one install deletes files the other is attempting to chown.
(From OE-Core rev: 1dd92fbdc030bee30a0c5b233f7b61ac0cb2b459)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Move connmans xuser-related D-Bus policy to a separate file that
xuser-account installs: This way connman does not need to depend on
xuser-account. Add policies for bluez and ofono in the same file.
(From OE-Core rev: 9f37ce18b7d79135a67474187b6119980e0130ae)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cleanup buildpaths from apu-1-config:
- remove ${STAGING_DIR_HOST} from CC, CPP ...
- set APU_SOURCE_DIR, APU_BUILD_DIR as empty
(From OE-Core rev: d61e73a37f805fd56efda1a6cfe7262356fc6274)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cleanup buildpaths from apr_rules.mk and apr-1-config:
- remove ${STAGING_DIR_HOST} from CC, CPP ...
- set APR_SOURCE_DIR, APR_BUILD_DIR as empty
* install ${HOST_SYS}-libtool to sysroot only, it's required for
building apache2 but not suitable for target.
(From OE-Core rev: 44c1a6af03ce9b45e5bfd6956062aa2b3a1be741)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
curl-config will be installed to target, cleanup buildpaths in it:
* remove ${STAGING_DIR_HOST} from CC, CFLAGS ...
(From OE-Core rev: 3e4978a534afc7fd4b82a044da8d9774cf09a4f0)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The gettext 0.16.1 doesn't install any m4 files to sysroot, please see
the following commit:
commit 9e10db5bdf
Author: Christopher Larson <kergoth@gmail.com>
Date: Mon Mar 17 18:10:54 2014 +0000
gettext-0.16.1: kill target m4 macros from sysroot
This is aim for using gettext-native's macros(gettext-native-0.19.4),
but when we set:
PREFERRED_VERSION_gettext = "0.16.1"
And build the recipes like pcmanfm, we would get errors when
do_configure:
configure:5164: error: possibly undefined macro: AM_NLS
This is because autotools_copy_aclocals doesn't copy the native macros
for target unless they're direct dependencies.
Add gettext-native to DEPENDS will fix the problem.
(From OE-Core rev: 48c168334bb60937653ab782026948d139603f8e)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If you currently do a DISTRO_FEATURES_remove = "x11" with OE-Core, you
see failures due to dependency problems. The work in resolving this was
partially completed a while back. This adds in the markup mainly for
gtk/gtk3+ recipes and means "bitbake world" will work successfully.
Rather than code the gtk/gtk+ specific distro features into each recipe,
a shared variable is used.
(From OE-Core rev: ef967c70182eeccb59c7511d838a7ecb0b2315c1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Configure option --with-trust-paths is only used for test scripts
trust/test-extract which is not packaged by default. If the option is
not provided, it checks 4 files on build machine. If the files don't
exist, configure fails.
Add configure option '--without-trust-paths' to fix this issue.
(From OE-Core rev: 875f566f670f695d4538786df3a3e8c3cebaa30a)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add '$' to fix a patch which adds pkgconfig support to libksba.
(From OE-Core rev: cf3c5a6253e14576a63dde20682ab2cc50bdcbfe)
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gcc 5 defaults to C11 rules about "extern inline": this breaks
any code that includes gmp.h header from gmp 4.2.1 with 'multiple
definition' errors.
disable-stdc patch is no longer required because of this.
(From OE-Core rev: e03d95d70f8bfe57c258d270ac6b3331650dbc10)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a patch which adds a configuration for the nios2 processor.
(From OE-Core rev: 16a04f25c114837e5d309a95d3841c9399b9f417)
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This change allows selecting the 8, 16 or 32 bit version via PACKAGECONFIG.
By default only the 8bit version is built, this corresponds to the old behavior.
Some packages like Qt5 require the 16 bit version of libpcre.
After this change the corresponding layer can easily enable the version
needed via .bbappend.
(From OE-Core rev: 6c133405c790d29859d441cc596e6459cb32537f)
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed:
WARNING: Failed to fetch URL ftp://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.8/src/nspr-4.10.8.tar.gz, attempting MIRRORS if available
Its ftp:// doesn't work with wget, but http:// works.
(From OE-Core rev: 17972b2792c5d686f91f364ee7b2c87ab2a2a10c)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix a variety of problems such as typos, bad punctuations, or incorrect
Upstream-Status values.
(From OE-Core rev: bd220fe6ce8c3a0805f13a14706d3130ea872604)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
All cases are about glibc and for non-glibc systems it falls back to
last else choice which still is glibc's older version, ideally it
should have a case where libc != glibc
(From OE-Core rev: 3140a731d36adbf5be9f988f25653304ac86676e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bjam is stripped by default, this causes QA warning while stripping it
from do_populate_sysroot():
WARNING: File '.../tmp/sysroots/x86_64-linux/usr/bin/bjam' \
from bjam-native was already stripped, \
this will prevent future debugging!
The JAM scripts allow to build unstripped version with '--debug'. Just
build and install the bjam.debug to stop bjam from being stripped in
compile step.
(From OE-Core rev: e7147de9f28925b1bb5df39d9c0848dd7957328c)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libunwind: Invalid dwarf opcodes can cause references beyond the end of
the array
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h
in libunwind 1.1 allows local users to have unspecified impact via
invalid dwarf opcodes.
(From OE-Core rev: 9c4e7f5c009b076b0bc638a02fcf3d96c362e7eb)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Also add an RDEPENDS to dpkg so it will still
pull in run-parts.
(From OE-Core rev: aba3ef50d65e0dc8659a48bf98d0fb00dd44a6fc)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Disable RPM signature validation so that it is possible to create
package feeds of signed RPM packages without importing the public part
of the signing key into the RPM database. In any case, the signatures
are validated when the packages in the feed are used (e.g. in image
generation of manually installing packages from the feed).
The original idea idea of this patch is from Mark Hatle
<mark.hatle@windriver.com>.
[YOCTO #8134]
(From OE-Core rev: c419c64c30736ecc7b496161b4f9d9f3cc88102f)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Build tested against thrift recipe under development.
(From OE-Core rev: 947950242376f23808bc5b9c7ddddff46a1f1925)
Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
No-update reasons and manual version checks should be in the recipes
themselves because otherwise they're prone to getting out of date.
(From OE-Core rev: b384345d9a693cbc3fd0dbeed9edd8c24618259d)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use the nettle testsuite as ptests. Skip "sha1-huge-test" because
it can take 20 minutes to finish.
(From OE-Core rev: 75839c401f319d4367cb1b9259d0931170212ec8)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Newer nettle versions are "LGPLv3+ | GPLv2+". Add 3.1.1 but also
keep version 2.7.1 since it's LGPLv2.1+
(From OE-Core rev: 1299a222653d94f5c61f8d9ce8e450bf5684242e)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gmp 4.2.1 was removed in f181c6ce8b apparently accidentally: It
was not noticed that 4.2.1 is LGPL 2.1 (and not GPL) so provides
a useful alternative to the newer "GPLv2 | LGPLv3" version.
* Reintroduce 4.2.1. The source includes files that are GPL but the
library package is LGPL 2.1+
* Also reintroduce the two patches removed in f181c6ce8b.
* Refactor gmp.inc: gmp 6.0.0 build should not be affected in any way.
* Update 6.0.0 license from "GPLv2 | LGPLv3" to "GPLv2+ | LGPLv3+".
[YOCTO #8197]
(From OE-Core rev: 1adec83621f36a3dd748990c307ca4ebebcdd554)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Set the nettle binary package license to LGPLv2.1+:
There are GPL files in the sources but none of these are used
to produce the files we ship.
* Remove the useless package specific licenses: none of the named
packages are actually produced and the licenses do not affect
the overall license of either the sources or the binary package.
(From OE-Core rev: 1c2f26ed3e98d6b702c21012bb9652d16798f2b2)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- This recipe is useful for more than just pulseaudio, so move it to
recipes-support.
- Rename to the correct upstream name, which corresponds to the library name.
Keep a PROVIDES of libatomics-ops for compatibility.
(From OE-Core rev: 5014de67fa6da1672626e3ec92fc51430fca3262)
(From OE-Core rev: 5a14d4f981c2c12c274fade518d23706dca5889b)
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
