From d04d0c07355b40dc2f2f71548526d9bb74147fbb Mon Sep 17 00:00:00 2001 From: Valentin Popa Date: Thu, 3 Apr 2014 23:21:45 -0400 Subject: [PATCH 01/59] mesa: build fix for gallium-egl (*) add MESA_EGL_NO_X11_HEADERS to defines (*) avoid altering eglplatform.h from {top_srcdir}/include using an alternative to 0003-EGL-Mutate-NativeDisplayType-depending-on-config patch. [YOCTO #5882] (From OE-Core rev: 4c6340dba65185acef7301762270fa1dc7e0afda) Signed-off-by: Valentin Popa Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- ...d-MESA_EGL_NO_X11_HEADERS-to-defines.patch | 41 ++ ...ativeDisplayType-depending-on-config.patch | 359 ------------------ meta/recipes-graphics/mesa/mesa_9.1.6.bb | 10 +- meta/recipes-graphics/mesa/mesa_git.bb | 10 +- 4 files changed, 59 insertions(+), 361 deletions(-) create mode 100644 meta/recipes-graphics/mesa/mesa/0001-Add-MESA_EGL_NO_X11_HEADERS-to-defines.patch delete mode 100644 meta/recipes-graphics/mesa/mesa/0003-EGL-Mutate-NativeDisplayType-depending-on-config.patch diff --git a/meta/recipes-graphics/mesa/mesa/0001-Add-MESA_EGL_NO_X11_HEADERS-to-defines.patch b/meta/recipes-graphics/mesa/mesa/0001-Add-MESA_EGL_NO_X11_HEADERS-to-defines.patch new file mode 100644 index 0000000000..c66bf17f09 --- /dev/null +++ b/meta/recipes-graphics/mesa/mesa/0001-Add-MESA_EGL_NO_X11_HEADERS-to-defines.patch @@ -0,0 +1,41 @@ +From 63d5b4ec7a5853bbbae2e1963d406bb09e77dd60 Mon Sep 17 00:00:00 2001 +From: Valentin Popa +Date: Thu, 27 Feb 2014 10:32:17 +0200 +Subject: [PATCH] Add MESA_EGL_NO_X11_HEADERS to defines + +MESA_EGL_NO_X11_HEADERS is used in eglplatform.h +but the preprocessor doesn't know about it. +Define MESA_EGL_NO_X11_HEADERS for builds without +x11 in DISTRO_FEATURES. + +Backport from 9.2.5. + +Upstream-Status: Backport + +Signed-off-by: Valentin Popa +--- + configure.ac | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/configure.ac b/configure.ac +index 2acf579..a1a8487 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1568,6 +1568,14 @@ AC_SUBST([EGL_NATIVE_PLATFORM]) + AC_SUBST([EGL_PLATFORMS]) + AC_SUBST([EGL_CFLAGS]) + ++# If we don't have the X11 platform, set this define so we don't try ++# to include ++# the X11 headers. ++if ! echo "$egl_platforms" | grep -q 'x11'; then ++ DEFINES="$DEFINES -DMESA_EGL_NO_X11_HEADERS" ++ GL_PC_CFLAGS="$GL_PC_CFLAGS -DMESA_EGL_NO_X11_HEADERS" ++fi ++ + AC_ARG_WITH([egl-driver-dir], + [AS_HELP_STRING([--with-egl-driver-dir=DIR], + [directory for EGL drivers [[default=${libdir}/egl]]])], +-- +1.8.3.2 + diff --git a/meta/recipes-graphics/mesa/mesa/0003-EGL-Mutate-NativeDisplayType-depending-on-config.patch b/meta/recipes-graphics/mesa/mesa/0003-EGL-Mutate-NativeDisplayType-depending-on-config.patch deleted file mode 100644 index 8a83f4b07b..0000000000 --- a/meta/recipes-graphics/mesa/mesa/0003-EGL-Mutate-NativeDisplayType-depending-on-config.patch +++ /dev/null @@ -1,359 +0,0 @@ -From 8d31ae23683394617c49301b039b3a069b9ea436 Mon Sep 17 00:00:00 2001 -From: Daniel Stone -Date: Fri, 24 May 2013 17:20:27 +0100 -Subject: [PATCH 3/4] EGL: Mutate NativeDisplayType depending on config - -If we go through ./configure without enabling X11 anywhere, then set the -fallback types for EGL NativeDisplay and friends, rather than assuming -X11/Xlib. - -Upstream-Status: Backport (slightly different solution was applied in master -https://bugs.freedesktop.org/show_bug.cgi?id=64959) - -Signed-off-by: Daniel Stone -Signed-off-by: Martin Jansa ---- - configure.ac | 5 ++ - include/EGL/eglplatform.h | 146 ------------------------------------------- - include/EGL/eglplatform.h.in | 146 +++++++++++++++++++++++++++++++++++++++++++ - 3 files changed, 151 insertions(+), 146 deletions(-) - delete mode 100644 include/EGL/eglplatform.h - create mode 100644 include/EGL/eglplatform.h.in - -diff --git a/configure.ac b/configure.ac -index 67b8c40..afc3217 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -1499,6 +1499,9 @@ EGL_PLATFORMS="$egl_platforms" - - if echo "$egl_platforms" | grep 'x11' >/dev/null 2>&1; then - NEED_WINSYS_XLIB=yes -+ MESA_EGL_NO_X11_HEADERS=0 -+else -+ MESA_EGL_NO_X11_HEADERS=1 - fi - AM_CONDITIONAL(HAVE_EGL_PLATFORM_X11, echo "$egl_platforms" | grep 'x11' >/dev/null 2>&1) - AM_CONDITIONAL(HAVE_EGL_PLATFORM_WAYLAND, echo "$egl_platforms" | grep 'wayland' >/dev/null 2>&1) -@@ -1512,6 +1515,7 @@ AM_CONDITIONAL(HAVE_EGL_DRIVER_GLX, test "x$HAVE_EGL_DRIVER_GLX" != "x") - AC_SUBST([EGL_NATIVE_PLATFORM]) - AC_SUBST([EGL_PLATFORMS]) - AC_SUBST([EGL_CFLAGS]) -+AC_SUBST([MESA_EGL_NO_X11_HEADERS]) - - AC_ARG_WITH([egl-driver-dir], - [AS_HELP_STRING([--with-egl-driver-dir=DIR], -@@ -1991,6 +1995,7 @@ CXXFLAGS="$CXXFLAGS $USER_CXXFLAGS" - - dnl Substitute the config - AC_CONFIG_FILES([Makefile -+ include/EGL/eglplatform.h - src/Makefile - src/egl/Makefile - src/egl/drivers/Makefile -diff --git a/include/EGL/eglplatform.h b/include/EGL/eglplatform.h -deleted file mode 100644 -index 17fdc61..0000000 ---- a/include/EGL/eglplatform.h -+++ /dev/null -@@ -1,146 +0,0 @@ --#ifndef __eglplatform_h_ --#define __eglplatform_h_ -- --/* --** Copyright (c) 2007-2009 The Khronos Group Inc. --** --** Permission is hereby granted, free of charge, to any person obtaining a --** copy of this software and/or associated documentation files (the --** "Materials"), to deal in the Materials without restriction, including --** without limitation the rights to use, copy, modify, merge, publish, --** distribute, sublicense, and/or sell copies of the Materials, and to --** permit persons to whom the Materials are furnished to do so, subject to --** the following conditions: --** --** The above copyright notice and this permission notice shall be included --** in all copies or substantial portions of the Materials. --** --** THE MATERIALS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, --** EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF --** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. --** IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY --** CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, --** TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE --** MATERIALS OR THE USE OR OTHER DEALINGS IN THE MATERIALS. --*/ -- --/* Platform-specific types and definitions for egl.h -- * $Revision: 12306 $ on $Date: 2010-08-25 09:51:28 -0700 (Wed, 25 Aug 2010) $ -- * -- * Adopters may modify khrplatform.h and this file to suit their platform. -- * You are encouraged to submit all modifications to the Khronos group so that -- * they can be included in future versions of this file. Please submit changes -- * by sending them to the public Khronos Bugzilla (http://khronos.org/bugzilla) -- * by filing a bug against product "EGL" component "Registry". -- */ -- --#include -- --/* Macros used in EGL function prototype declarations. -- * -- * EGL functions should be prototyped as: -- * -- * EGLAPI return-type EGLAPIENTRY eglFunction(arguments); -- * typedef return-type (EXPAPIENTRYP PFNEGLFUNCTIONPROC) (arguments); -- * -- * KHRONOS_APICALL and KHRONOS_APIENTRY are defined in KHR/khrplatform.h -- */ -- --#ifndef EGLAPI --#define EGLAPI KHRONOS_APICALL --#endif -- --#ifndef EGLAPIENTRY --#define EGLAPIENTRY KHRONOS_APIENTRY --#endif --#define EGLAPIENTRYP EGLAPIENTRY* -- --/* The types NativeDisplayType, NativeWindowType, and NativePixmapType -- * are aliases of window-system-dependent types, such as X Display * or -- * Windows Device Context. They must be defined in platform-specific -- * code below. The EGL-prefixed versions of Native*Type are the same -- * types, renamed in EGL 1.3 so all types in the API start with "EGL". -- * -- * Khronos STRONGLY RECOMMENDS that you use the default definitions -- * provided below, since these changes affect both binary and source -- * portability of applications using EGL running on different EGL -- * implementations. -- */ -- --#if defined(_WIN32) || defined(__VC32__) && !defined(__CYGWIN__) && !defined(__SCITECH_SNAP__) /* Win32 and WinCE */ --#ifndef WIN32_LEAN_AND_MEAN --#define WIN32_LEAN_AND_MEAN 1 --#endif --#include -- --typedef HDC EGLNativeDisplayType; --typedef HBITMAP EGLNativePixmapType; --typedef HWND EGLNativeWindowType; -- --#elif defined(__WINSCW__) || defined(__SYMBIAN32__) /* Symbian */ -- --typedef int EGLNativeDisplayType; --typedef void *EGLNativeWindowType; --typedef void *EGLNativePixmapType; -- --#elif defined(WL_EGL_PLATFORM) -- --typedef struct wl_display *EGLNativeDisplayType; --typedef struct wl_egl_pixmap *EGLNativePixmapType; --typedef struct wl_egl_window *EGLNativeWindowType; -- --#elif defined(__GBM__) -- --typedef struct gbm_device *EGLNativeDisplayType; --typedef struct gbm_bo *EGLNativePixmapType; --typedef void *EGLNativeWindowType; -- --#elif defined(ANDROID) /* Android */ -- --struct ANativeWindow; --struct egl_native_pixmap_t; -- --typedef struct ANativeWindow *EGLNativeWindowType; --typedef struct egl_native_pixmap_t *EGLNativePixmapType; --typedef void *EGLNativeDisplayType; -- --#elif defined(__unix__) -- --#ifdef MESA_EGL_NO_X11_HEADERS -- --typedef void *EGLNativeDisplayType; --typedef khronos_uint32_t EGLNativePixmapType; --typedef khronos_uint32_t EGLNativeWindowType; -- --#else -- --/* X11 (tentative) */ --#include --#include -- --typedef Display *EGLNativeDisplayType; --typedef Pixmap EGLNativePixmapType; --typedef Window EGLNativeWindowType; -- --#endif /* MESA_EGL_NO_X11_HEADERS */ -- --#else --#error "Platform not recognized" --#endif -- --/* EGL 1.2 types, renamed for consistency in EGL 1.3 */ --typedef EGLNativeDisplayType NativeDisplayType; --typedef EGLNativePixmapType NativePixmapType; --typedef EGLNativeWindowType NativeWindowType; -- -- --/* Define EGLint. This must be a signed integral type large enough to contain -- * all legal attribute names and values passed into and out of EGL, whether -- * their type is boolean, bitmask, enumerant (symbolic constant), integer, -- * handle, or other. While in general a 32-bit integer will suffice, if -- * handles are 64 bit types, then EGLint should be defined as a signed 64-bit -- * integer type. -- */ --typedef khronos_int32_t EGLint; -- --#endif /* __eglplatform_h */ -diff --git a/include/EGL/eglplatform.h.in b/include/EGL/eglplatform.h.in -new file mode 100644 -index 0000000..5126c92 ---- /dev/null -+++ b/include/EGL/eglplatform.h.in -@@ -0,0 +1,146 @@ -+#ifndef __eglplatform_h_ -+#define __eglplatform_h_ -+ -+/* -+** Copyright (c) 2007-2009 The Khronos Group Inc. -+** -+** Permission is hereby granted, free of charge, to any person obtaining a -+** copy of this software and/or associated documentation files (the -+** "Materials"), to deal in the Materials without restriction, including -+** without limitation the rights to use, copy, modify, merge, publish, -+** distribute, sublicense, and/or sell copies of the Materials, and to -+** permit persons to whom the Materials are furnished to do so, subject to -+** the following conditions: -+** -+** The above copyright notice and this permission notice shall be included -+** in all copies or substantial portions of the Materials. -+** -+** THE MATERIALS ARE PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -+** EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -+** MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -+** IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -+** CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -+** TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -+** MATERIALS OR THE USE OR OTHER DEALINGS IN THE MATERIALS. -+*/ -+ -+/* Platform-specific types and definitions for egl.h -+ * $Revision: 12306 $ on $Date: 2010-08-25 09:51:28 -0700 (Wed, 25 Aug 2010) $ -+ * -+ * Adopters may modify khrplatform.h and this file to suit their platform. -+ * You are encouraged to submit all modifications to the Khronos group so that -+ * they can be included in future versions of this file. Please submit changes -+ * by sending them to the public Khronos Bugzilla (http://khronos.org/bugzilla) -+ * by filing a bug against product "EGL" component "Registry". -+ */ -+ -+#include -+ -+/* Macros used in EGL function prototype declarations. -+ * -+ * EGL functions should be prototyped as: -+ * -+ * EGLAPI return-type EGLAPIENTRY eglFunction(arguments); -+ * typedef return-type (EXPAPIENTRYP PFNEGLFUNCTIONPROC) (arguments); -+ * -+ * KHRONOS_APICALL and KHRONOS_APIENTRY are defined in KHR/khrplatform.h -+ */ -+ -+#ifndef EGLAPI -+#define EGLAPI KHRONOS_APICALL -+#endif -+ -+#ifndef EGLAPIENTRY -+#define EGLAPIENTRY KHRONOS_APIENTRY -+#endif -+#define EGLAPIENTRYP EGLAPIENTRY* -+ -+/* The types NativeDisplayType, NativeWindowType, and NativePixmapType -+ * are aliases of window-system-dependent types, such as X Display * or -+ * Windows Device Context. They must be defined in platform-specific -+ * code below. The EGL-prefixed versions of Native*Type are the same -+ * types, renamed in EGL 1.3 so all types in the API start with "EGL". -+ * -+ * Khronos STRONGLY RECOMMENDS that you use the default definitions -+ * provided below, since these changes affect both binary and source -+ * portability of applications using EGL running on different EGL -+ * implementations. -+ */ -+ -+#if defined(_WIN32) || defined(__VC32__) && !defined(__CYGWIN__) && !defined(__SCITECH_SNAP__) /* Win32 and WinCE */ -+#ifndef WIN32_LEAN_AND_MEAN -+#define WIN32_LEAN_AND_MEAN 1 -+#endif -+#include -+ -+typedef HDC EGLNativeDisplayType; -+typedef HBITMAP EGLNativePixmapType; -+typedef HWND EGLNativeWindowType; -+ -+#elif defined(__WINSCW__) || defined(__SYMBIAN32__) /* Symbian */ -+ -+typedef int EGLNativeDisplayType; -+typedef void *EGLNativeWindowType; -+typedef void *EGLNativePixmapType; -+ -+#elif defined(WL_EGL_PLATFORM) -+ -+typedef struct wl_display *EGLNativeDisplayType; -+typedef struct wl_egl_pixmap *EGLNativePixmapType; -+typedef struct wl_egl_window *EGLNativeWindowType; -+ -+#elif defined(__GBM__) -+ -+typedef struct gbm_device *EGLNativeDisplayType; -+typedef struct gbm_bo *EGLNativePixmapType; -+typedef void *EGLNativeWindowType; -+ -+#elif defined(ANDROID) /* Android */ -+ -+struct ANativeWindow; -+struct egl_native_pixmap_t; -+ -+typedef struct ANativeWindow *EGLNativeWindowType; -+typedef struct egl_native_pixmap_t *EGLNativePixmapType; -+typedef void *EGLNativeDisplayType; -+ -+#elif defined(__unix__) -+ -+#if @MESA_EGL_NO_X11_HEADERS@ -+ -+typedef void *EGLNativeDisplayType; -+typedef khronos_uint32_t EGLNativePixmapType; -+typedef khronos_uint32_t EGLNativeWindowType; -+ -+#else -+ -+/* X11 (tentative) */ -+#include -+#include -+ -+typedef Display *EGLNativeDisplayType; -+typedef Pixmap EGLNativePixmapType; -+typedef Window EGLNativeWindowType; -+ -+#endif /* MESA_EGL_NO_X11_HEADERS */ -+ -+#else -+#error "Platform not recognized" -+#endif -+ -+/* EGL 1.2 types, renamed for consistency in EGL 1.3 */ -+typedef EGLNativeDisplayType NativeDisplayType; -+typedef EGLNativePixmapType NativePixmapType; -+typedef EGLNativeWindowType NativeWindowType; -+ -+ -+/* Define EGLint. This must be a signed integral type large enough to contain -+ * all legal attribute names and values passed into and out of EGL, whether -+ * their type is boolean, bitmask, enumerant (symbolic constant), integer, -+ * handle, or other. While in general a 32-bit integer will suffice, if -+ * handles are 64 bit types, then EGLint should be defined as a signed 64-bit -+ * integer type. -+ */ -+typedef khronos_int32_t EGLint; -+ -+#endif /* __eglplatform_h */ --- -1.8.2.1 - diff --git a/meta/recipes-graphics/mesa/mesa_9.1.6.bb b/meta/recipes-graphics/mesa/mesa_9.1.6.bb index b55fa02a7e..6e9cd826f0 100644 --- a/meta/recipes-graphics/mesa/mesa_9.1.6.bb +++ b/meta/recipes-graphics/mesa/mesa_9.1.6.bb @@ -2,8 +2,8 @@ require ${BPN}.inc SRC_URI = "ftp://ftp.freedesktop.org/pub/mesa/${PV}/MesaLib-${PV}.tar.bz2 \ file://0001-configure-Avoid-use-of-AC_CHECK_FILE-for-cross-compi.patch \ + file://0001-Add-MESA_EGL_NO_X11_HEADERS-to-defines.patch \ file://0002-pipe_loader_sw-include-xlib_sw_winsys.h-only-when-HA.patch \ - file://0003-EGL-Mutate-NativeDisplayType-depending-on-config.patch \ file://0004-glsl-fix-builtin_compiler-cross-compilation.patch \ file://0005-llvmpipe-remove-the-power-of-two-sizeof-struct-cmd_b.patch \ file://0005-fix-out-of-tree-builds-gallium.patch \ @@ -14,3 +14,11 @@ SRC_URI[md5sum] = "443a2a352667294b53d56cb1a74114e9" SRC_URI[sha256sum] = "e632dff0acafad0a59dc208d16dedb37f7bd58f94c5d58c4b51912e41d005e3d" S = "${WORKDIR}/Mesa-${PV}" + +#because we cannot rely on the fact that all apps will use pkgconfig, +#make eglplatform.h independent of MESA_EGL_NO_X11_HEADER +do_install_append() { + if ${@base_contains('PACKAGECONFIG', 'egl', 'true', 'false', d)}; then + sed -i -e 's/^#ifdef MESA_EGL_NO_X11_HEADERS/#if ${@base_contains('DISTRO_FEATURES', 'x11', '0', '1', d)}/' ${D}${includedir}/EGL/eglplatform.h + fi +} \ No newline at end of file diff --git a/meta/recipes-graphics/mesa/mesa_git.bb b/meta/recipes-graphics/mesa/mesa_git.bb index 6397ece6fe..1babcc05a9 100644 --- a/meta/recipes-graphics/mesa/mesa_git.bb +++ b/meta/recipes-graphics/mesa/mesa_git.bb @@ -10,11 +10,19 @@ PV = "9.1.3+git${SRCPV}" SRC_URI = "git://anongit.freedesktop.org/git/mesa/mesa \ file://0001-configure-Avoid-use-of-AC_CHECK_FILE-for-cross-compi.patch \ + file://0001-Add-MESA_EGL_NO_X11_HEADERS-to-defines.patch \ file://0002-pipe_loader_sw-include-xlib_sw_winsys.h-only-when-HA.patch \ - file://0003-EGL-Mutate-NativeDisplayType-depending-on-config.patch \ file://0004-glsl-fix-builtin_compiler-cross-compilation.patch \ file://0005-fix-out-of-tree-builds-gallium.patch \ file://0006-fix-out-of-tree-egl.patch \ " S = "${WORKDIR}/git" + +#because we cannot rely on the fact that all apps will use pkgconfig, +#make eglplatform.h independent of MESA_EGL_NO_X11_HEADER +do_install_append() { + if ${@base_contains('PACKAGECONFIG', 'egl', 'true', 'false', d)}; then + sed -i -e 's/^#ifdef MESA_EGL_NO_X11_HEADERS/#if ${@base_contains('DISTRO_FEATURES', 'x11', '0', '1', d)}/' ${D}${includedir}/EGL/eglplatform.h + fi +} From 75c9f43129da2cabb65659782d5ef30922fa9618 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mats=20K=C3=A4rrman?= Date: Thu, 3 Apr 2014 23:21:46 -0400 Subject: [PATCH 02/59] eglibc 2.18: powerpc: Fix time related syscalls Concatenated fix of PowerPC time related system calls in eglibc 2.18 taken from upstream glibc. See credits in patch header. The effect is that some time related system calls returns nothing or garbage. Fix tested on PowerPC e300c3. Eglibc 2.17 does not have this issue and the patches are already part of 2.19. (From OE-Core rev: fae2f635e795d496228dd5d302e99d9ab7706900) Signed-off-by: Mats Karrman Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- .../ppc-fix-time-related-syscalls.patch | 227 ++++++++++++++++++ meta/recipes-core/eglibc/eglibc_2.18.bb | 1 + 2 files changed, 228 insertions(+) create mode 100644 meta/recipes-core/eglibc/eglibc-2.18/ppc-fix-time-related-syscalls.patch diff --git a/meta/recipes-core/eglibc/eglibc-2.18/ppc-fix-time-related-syscalls.patch b/meta/recipes-core/eglibc/eglibc-2.18/ppc-fix-time-related-syscalls.patch new file mode 100644 index 0000000000..c2373c53cc --- /dev/null +++ b/meta/recipes-core/eglibc/eglibc-2.18/ppc-fix-time-related-syscalls.patch @@ -0,0 +1,227 @@ +Upstream-Status: Backport + +Concatenated fix of PowerPC time related system calls in eglibc 2.18 taken +from upstream glibc. Eglibc 2.17 does not have this issue and the patches are +already part of 2.19. +This compilation includes the following committs: + + +PowerPC: Fix vDSO missing ODP entries + +author Adhemerval Zanella + Thu, 7 Nov 2013 11:34:22 +0000 (05:34 -0600) + +This patch fixes the vDSO symbol used directed in IFUNC resolver where +they do not have an associated ODP entry leading to undefined behavior +in some cases. It adds an artificial OPD static entry to such cases +and set its TOC to non 0 to avoid triggering lazy resolutions. + + +Update copyright notices with scripts/update-copyrights + +author Allan McRae + Wed, 1 Jan 2014 11:03:15 +0000 (21:03 +1000) + +((Only for files otherwise touched by this patch)) + + +PowerPC: Fix ftime gettimeofday internal call returning bogus data + +author Adhemerval Zanella + Thu, 16 Jan 2014 12:53:18 +0000 (06:53 -0600) + +This patches fixes BZ#16430 by setting a different symbol for internal +GLIBC calls that points to ifunc resolvers. For PPC32, if the symbol +is defined as hidden (which is the case for gettimeofday and time) the +compiler will create local branches (symbol@local) and linker will not +create PLT calls (required for IFUNC). This will leads to internal symbol +calling the IFUNC resolver instead of the resolved symbol. +For PPC64 this behavior does not occur because a call to a function in +another translation unit might use a different toc pointer thus requiring +a PLT call. + + +PowerPC: Fix gettimeofday ifunc selection + +author Adhemerval Zanella + Mon, 20 Jan 2014 18:29:51 +0000 (12:29 -0600) + +The IFUNC selector for gettimeofday runs before _libc_vdso_platform_setup where +__vdso_gettimeofday is set. The selector then sets __gettimeofday (the internal +version used within GLIBC) to use the system call version instead of the vDSO one. +This patch changes the check if vDSO is available to get its value directly +instead of rely on __vdso_gettimeofday. + +This patch changes it by getting the vDSO value directly. + +It fixes BZ#16431. + + +--- +diff -pruN libc.orig/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h libc/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h +--- libc.orig/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h ++++ libc/sysdeps/unix/sysv/linux/powerpc/bits/libc-vdso.h +@@ -1,5 +1,5 @@ + /* Resolve function pointers to VDSO functions. +- Copyright (C) 2005-2013 Free Software Foundation, Inc. ++ Copyright (C) 2005-2014 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -34,12 +34,32 @@ extern void *__vdso_getcpu; + + extern void *__vdso_time; + +-/* This macro is needed for PPC64 to return a skeleton OPD entry of a vDSO +- symbol. This works because _dl_vdso_vsym always return the function +- address, and no vDSO symbols use the TOC or chain pointers from the OPD +- so we can allow them to be garbage. */ + #if defined(__PPC64__) || defined(__powerpc64__) +-#define VDSO_IFUNC_RET(value) ((void *) &(value)) ++/* The correct solution is for _dl_vdso_vsym to return the address of the OPD ++ for the kernel VDSO function. That address would then be stored in the ++ __vdso_* variables and returned as the result of the IFUNC resolver function. ++ Yet, the kernel does not contain any OPD entries for the VDSO functions ++ (incomplete implementation). However, PLT relocations for IFUNCs still expect ++ the address of an OPD to be returned from the IFUNC resolver function (since ++ PLT entries on PPC64 are just copies of OPDs). The solution for now is to ++ create an artificial static OPD for each VDSO function returned by a resolver ++ function. The TOC value is set to a non-zero value to avoid triggering lazy ++ symbol resolution via .glink0/.plt0 for a zero TOC (requires thread-safe PLT ++ sequences) when the dynamic linker isn't prepared for it e.g. RTLD_NOW. None ++ of the kernel VDSO routines use the TOC or AUX values so any non-zero value ++ will work. Note that function pointer comparisons will not use this artificial ++ static OPD since those are resolved via ADDR64 relocations and will point at ++ the non-IFUNC default OPD for the symbol. Lastly, because the IFUNC relocations ++ are processed immediately at startup the resolver functions and this code need ++ not be thread-safe, but if the caller writes to a PLT slot it must do so in a ++ thread-safe manner with all the required barriers. */ ++#define VDSO_IFUNC_RET(value) \ ++ ({ \ ++ static Elf64_FuncDesc vdso_opd = { .fd_toc = ~0x0 }; \ ++ vdso_opd.fd_func = (Elf64_Addr)value; \ ++ &vdso_opd; \ ++ }) ++ + #else + #define VDSO_IFUNC_RET(value) ((void *) (value)) + #endif +diff -pruN libc.orig/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c libc/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c +--- libc.orig/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c ++++ libc/sysdeps/unix/sysv/linux/powerpc/gettimeofday.c +@@ -1,4 +1,4 @@ +-/* Copyright (C) 2005-2013 Free Software Foundation, Inc. ++/* Copyright (C) 2005-2014 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -22,6 +22,7 @@ + + # include + # include ++# include + + void *gettimeofday_ifunc (void) __asm__ ("__gettimeofday"); + +@@ -34,17 +35,36 @@ __gettimeofday_syscall (struct timeval * + void * + gettimeofday_ifunc (void) + { ++ PREPARE_VERSION (linux2615, "LINUX_2.6.15", 123718565); ++ + /* If the vDSO is not available we fall back syscall. */ +- return (__vdso_gettimeofday ? VDSO_IFUNC_RET (__vdso_gettimeofday) +- : __gettimeofday_syscall); ++ void *vdso_gettimeofday = _dl_vdso_vsym ("__kernel_gettimeofday", &linux2615); ++ return (vdso_gettimeofday ? VDSO_IFUNC_RET (vdso_gettimeofday) ++ : (void*)__gettimeofday_syscall); + } + asm (".type __gettimeofday, %gnu_indirect_function"); + + /* This is doing "libc_hidden_def (__gettimeofday)" but the compiler won't + let us do it in C because it doesn't know we're defining __gettimeofday + here in this file. */ +-asm (".globl __GI___gettimeofday\n" +- "__GI___gettimeofday = __gettimeofday"); ++asm (".globl __GI___gettimeofday"); ++ ++/* __GI___gettimeofday is defined as hidden and for ppc32 it enables the ++ compiler make a local call (symbol@local) for internal GLIBC usage. It ++ means the PLT won't be used and the ifunc resolver will be called directly. ++ For ppc64 a call to a function in another translation unit might use a ++ different toc pointer thus disallowing direct branchess and making internal ++ ifuncs calls safe. */ ++#ifdef __powerpc64__ ++asm ("__GI___gettimeofday = __gettimeofday"); ++#else ++int ++__gettimeofday_vsyscall (struct timeval *tv, struct timezone *tz) ++{ ++ return INLINE_VSYSCALL (gettimeofday, 2, tv, tz); ++} ++asm ("__GI___gettimeofday = __gettimeofday_vsyscall"); ++#endif + + #else + +diff -pruN libc.orig/sysdeps/unix/sysv/linux/powerpc/time.c libc/sysdeps/unix/sysv/linux/powerpc/time.c +--- libc.orig/sysdeps/unix/sysv/linux/powerpc/time.c ++++ libc/sysdeps/unix/sysv/linux/powerpc/time.c +@@ -1,5 +1,5 @@ + /* time system call for Linux/PowerPC. +- Copyright (C) 2013 Free Software Foundation, Inc. ++ Copyright (C) 2013-2014 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or +@@ -20,7 +20,9 @@ + + # include + # include ++# include + # include ++# include + + void *time_ifunc (void) asm ("time"); + +@@ -43,17 +45,36 @@ time_syscall (time_t *t) + void * + time_ifunc (void) + { ++ PREPARE_VERSION (linux2615, "LINUX_2.6.15", 123718565); ++ + /* If the vDSO is not available we fall back to the syscall. */ +- return (__vdso_time ? VDSO_IFUNC_RET (__vdso_time) +- : time_syscall); ++ void *vdso_time = _dl_vdso_vsym ("__kernel_time", &linux2615); ++ return (vdso_time ? VDSO_IFUNC_RET (vdso_time) ++ : (void*)time_syscall); + } + asm (".type time, %gnu_indirect_function"); + + /* This is doing "libc_hidden_def (time)" but the compiler won't + * let us do it in C because it doesn't know we're defining time + * here in this file. */ +-asm (".globl __GI_time\n" +- "__GI_time = time"); ++asm (".globl __GI_time"); ++ ++/* __GI_time is defined as hidden and for ppc32 it enables the ++ compiler make a local call (symbol@local) for internal GLIBC usage. It ++ means the PLT won't be used and the ifunc resolver will be called directly. ++ For ppc64 a call to a function in another translation unit might use a ++ different toc pointer thus disallowing direct branchess and making internal ++ ifuncs calls safe. */ ++#ifdef __powerpc64__ ++asm ("__GI_time = time"); ++#else ++time_t ++__time_vsyscall (time_t *t) ++{ ++ return INLINE_VSYSCALL (time, 1, t); ++} ++asm ("__GI_time = __time_vsyscall"); ++#endif + + #else + diff --git a/meta/recipes-core/eglibc/eglibc_2.18.bb b/meta/recipes-core/eglibc/eglibc_2.18.bb index 15e5eed3ff..43f43ae2b0 100644 --- a/meta/recipes-core/eglibc/eglibc_2.18.bb +++ b/meta/recipes-core/eglibc/eglibc_2.18.bb @@ -28,6 +28,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/eglibc/eglibc-${PV}-svnr23 file://fix-tibetian-locales.patch \ file://0001-ARM-Pass-dl_hwcap-to-IFUNC-resolver.patch \ file://make-4.patch \ + file://ppc-fix-time-related-syscalls.patch \ " SRC_URI[md5sum] = "b395b021422a027d89884992e91734fc" SRC_URI[sha256sum] = "15f564b45dc5dd65faf0875579e3447961ae61e876933384ae05d19328539ad4" From 98bd952a5b72c584fc1094e4a61eb9e2a24cc97b Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 4 Apr 2014 16:16:39 +0100 Subject: [PATCH 03/59] Revert "buildhistory_analysis: fix error when comparing image contents" This reverts commit 5b616aa7b618f6ed221d6fa9738220a2c2349f7d. Signed-off-by: Richard Purdie --- meta/lib/oe/buildhistory_analysis.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oe/buildhistory_analysis.py b/meta/lib/oe/buildhistory_analysis.py index ffe12d0023..86b5a12347 100644 --- a/meta/lib/oe/buildhistory_analysis.py +++ b/meta/lib/oe/buildhistory_analysis.py @@ -400,7 +400,7 @@ def process_changes(repopath, revision1, revision2 = 'HEAD', report_all = False) chg = ChangeRecord(path, filename, d.a_blob.data_stream.read(), d.b_blob.data_stream.read(), True) changes.append(chg) elif filename == 'image-info.txt': - changes.extend(compare_dict_blobs(path, d.a_blob, d.b_blob, report_all, report_ver)) + changes.extend(compare_dict_blobs(path, d.a_blob, d.b_blob, report_all)) elif '/image-files/' in path: chg = ChangeRecord(path, filename, d.a_blob.data_stream.read(), d.b_blob.data_stream.read(), True) changes.append(chg) From 2b09b26cb7c0c820fb84e71d7c57aec1a86dfb60 Mon Sep 17 00:00:00 2001 From: Yue Tao Date: Tue, 8 Apr 2014 19:15:05 +0100 Subject: [PATCH 04/59] Security Advisory - openssl - CVE-2013-4353 The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. (From OE-Core master rev: 35ccce7002188c8270d2fead35f9763b22776877) (From OE-Core rev: a5060594208de172cb31ad406b34b25decd061e4) Signed-off-by: Yue Tao Signed-off-by: Jackie Huang Signed-off-by: Richard Purdie --- ...S-record-tampering-bug-CVE-2013-4353.patch | 31 +++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch new file mode 100644 index 0000000000..d03dc06daf --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch @@ -0,0 +1,31 @@ +From 197e0ea817ad64820789d86711d55ff50d71f631 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Mon, 6 Jan 2014 14:35:04 +0000 +Subject: [PATCH] Fix for TLS record tampering bug CVE-2013-4353 + +Upstream-Status: Backport +commit 197e0ea817ad64820789d86711d55ff50d71f631 upstream + + ssl/s3_both.c | 6 +++++- + 3 files changed, 11 insertions(+), 1 deletions(-) + +diff --git a/ssl/s3_both.c b/ssl/s3_both.c +index 1e5dcab..53b9390 100644 +--- a/ssl/s3_both.c ++++ b/ssl/s3_both.c +@@ -210,7 +210,11 @@ static void ssl3_take_mac(SSL *s) + { + const char *sender; + int slen; +- ++ /* If no new cipher setup return immediately: other functions will ++ * set the appropriate error. ++ */ ++ if (s->s3->tmp.new_cipher == NULL) ++ return; + if (s->state & SSL_ST_CONNECT) + { + sender=s->method->ssl3_enc->server_finished_label; +-- +1.7.5.4 + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index ac27dba494..3476d84bdf 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -34,6 +34,7 @@ SRC_URI += "file://configure-targets.patch \ file://openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch \ file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ file://find.pl \ + file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From 0cdc1147d39f05e1317045a802044dae0bc2f752 Mon Sep 17 00:00:00 2001 From: Yue Tao Date: Tue, 8 Apr 2014 19:15:06 +0100 Subject: [PATCH 05/59] Security Advisory - openssl - CVE-2013-6450 The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x through 1.0.1e does not properly maintain data structures for digest and encryption contexts, which might allow man-in-the-middle attackers to trigger the use of a different context by interfering with packet delivery, related to ssl/d1_both.c and ssl/t1_enc.c. (From OE-Core master rev: 94352e694cd828aa84abd846149712535f48ab0f) (From OE-Core rev: 1e934529e501110a7bfe1cb09fe89dd0078bd426) Signed-off-by: Yue Tao Signed-off-by: Jackie Huang Signed-off-by: Richard Purdie --- ...retransmission-from-previous-session.patch | 81 +++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 1 + 2 files changed, 82 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch new file mode 100644 index 0000000000..39592e2d67 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-DTLS-retransmission-from-previous-session.patch @@ -0,0 +1,81 @@ +From 34628967f1e65dc8f34e000f0f5518e21afbfc7b Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Fri, 20 Dec 2013 15:26:50 +0000 +Subject: [PATCH] Fix DTLS retransmission from previous session. + +Upstream-Status: Backport +commit 34628967f1e65dc8f34e000f0f5518e21afbfc7b upstream + +For DTLS we might need to retransmit messages from the previous session +so keep a copy of write context in DTLS retransmission buffers instead +of replacing it after sending CCS. CVE-2013-6450. +--- + ssl/d1_both.c | 6 ++++++ + ssl/ssl_locl.h | 2 ++ + ssl/t1_enc.c | 17 +++++++++++------ + 4 files changed, 24 insertions(+), 6 deletions(-) + +diff --git a/ssl/d1_both.c b/ssl/d1_both.c +index 65ec001..7a5596a 100644 +--- a/ssl/d1_both.c ++++ b/ssl/d1_both.c +@@ -214,6 +214,12 @@ dtls1_hm_fragment_new(unsigned long frag_len, int reassembly) + static void + dtls1_hm_fragment_free(hm_fragment *frag) + { ++ ++ if (frag->msg_header.is_ccs) ++ { ++ EVP_CIPHER_CTX_free(frag->msg_header.saved_retransmit_state.enc_write_ctx); ++ EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash); ++ } + if (frag->fragment) OPENSSL_free(frag->fragment); + if (frag->reassembly) OPENSSL_free(frag->reassembly); + OPENSSL_free(frag); +diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h +index 96ce9a7..e485907 100644 +--- a/ssl/ssl_locl.h ++++ b/ssl/ssl_locl.h +@@ -621,6 +621,8 @@ extern SSL3_ENC_METHOD TLSv1_enc_data; + extern SSL3_ENC_METHOD SSLv3_enc_data; + extern SSL3_ENC_METHOD DTLSv1_enc_data; + ++#define SSL_IS_DTLS(s) (s->method->version == DTLS1_VERSION) ++ + #define IMPLEMENT_tls_meth_func(version, func_name, s_accept, s_connect, \ + s_get_meth) \ + const SSL_METHOD *func_name(void) \ +diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c +index 72015f5..56db834 100644 +--- a/ssl/t1_enc.c ++++ b/ssl/t1_enc.c +@@ -414,15 +414,20 @@ int tls1_change_cipher_state(SSL *s, int which) + s->mac_flags |= SSL_MAC_FLAG_WRITE_MAC_STREAM; + else + s->mac_flags &= ~SSL_MAC_FLAG_WRITE_MAC_STREAM; +- if (s->enc_write_ctx != NULL) ++ if (s->enc_write_ctx != NULL && !SSL_IS_DTLS(s)) + reuse_dd = 1; +- else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) ++ else if ((s->enc_write_ctx=EVP_CIPHER_CTX_new()) == NULL) + goto err; +- else +- /* make sure it's intialized in case we exit later with an error */ +- EVP_CIPHER_CTX_init(s->enc_write_ctx); + dd= s->enc_write_ctx; +- mac_ctx = ssl_replace_hash(&s->write_hash,NULL); ++ if (SSL_IS_DTLS(s)) ++ { ++ mac_ctx = EVP_MD_CTX_create(); ++ if (!mac_ctx) ++ goto err; ++ s->write_hash = mac_ctx; ++ } ++ else ++ mac_ctx = ssl_replace_hash(&s->write_hash,NULL); + #ifndef OPENSSL_NO_COMP + if (s->compress != NULL) + { +-- +1.7.5.4 + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 3476d84bdf..32e03a5eb2 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -35,6 +35,7 @@ SRC_URI += "file://configure-targets.patch \ file://openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch \ file://find.pl \ file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \ + file://0001-Fix-DTLS-retransmission-from-previous-session.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From 7f9dd3ff42f4016ffc93690e29d633ee41c661af Mon Sep 17 00:00:00 2001 From: Yue Tao Date: Tue, 8 Apr 2014 19:15:07 +0100 Subject: [PATCH 06/59] Security Advisory - openssl - CVE-2013-6449 The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (daemon crash) via crafted traffic from a TLS 1.2 client. (From OE-Core master rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd) (From OE-Core rev: 33b6441429603b82cfca3d35e68e47e1ca021fd7) Signed-off-by: Yue Tao Signed-off-by: Jackie Huang Signed-off-by: Richard Purdie --- ...sion-in-SSL_METHOD-not-SSL-structure.patch | 33 +++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch new file mode 100644 index 0000000000..e5a8ade936 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch @@ -0,0 +1,33 @@ +From ca989269a2876bae79393bd54c3e72d49975fc75 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Thu, 19 Dec 2013 14:37:39 +0000 +Subject: [PATCH] Use version in SSL_METHOD not SSL structure. + +Upstream-Status: Backport +commit ca989269a2876bae79393bd54c3e72d49975fc75 upstream + +When deciding whether to use TLS 1.2 PRF and record hash algorithms +use the version number in the corresponding SSL_METHOD structure +instead of the SSL structure. The SSL structure version is sometimes +inaccurate. Note: OpenSSL 1.0.2 and later effectively do this already. +(CVE-2013-6449) +--- + ssl/s3_lib.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c +index bf832bb..c4ef273 100644 +--- a/ssl/s3_lib.c ++++ b/ssl/s3_lib.c +@@ -4286,7 +4286,7 @@ need to go to SSL_ST_ACCEPT. + long ssl_get_algorithm2(SSL *s) + { + long alg2 = s->s3->tmp.new_cipher->algorithm2; +- if (TLS1_get_version(s) >= TLS1_2_VERSION && ++ if (s->method->version == TLS1_2_VERSION && + alg2 == (SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF)) + return SSL_HANDSHAKE_MAC_SHA256 | TLS1_PRF_SHA256; + return alg2; +-- +1.7.5.4 + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 32e03a5eb2..3313ed57f6 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -36,6 +36,7 @@ SRC_URI += "file://configure-targets.patch \ file://find.pl \ file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \ file://0001-Fix-DTLS-retransmission-from-previous-session.patch \ + file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From 609ae3928477294e769b9aee54b818c625723b14 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Tue, 8 Apr 2014 19:15:08 +0100 Subject: [PATCH 07/59] openssl: backport fix for CVE-2014-0160 Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More information here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160 Patch borrowed from Debian; this is just a tweaked version of the upstream commit (without patching the CHANGES file which otherwise would fail to apply on top of this version). (From OE-Core rev: c3acfdfe0c0c3579c5f469f10b87a2926214ba5d) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- .../openssl-1.0.1e/CVE-2014-0160.patch | 118 ++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 1 + 2 files changed, 119 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch new file mode 100644 index 0000000000..c06cd64fc6 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/CVE-2014-0160.patch @@ -0,0 +1,118 @@ +From 96db9023b881d7cd9f379b0c154650d6c108e9a3 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Sun, 6 Apr 2014 00:51:06 +0100 +Subject: [PATCH] Add heartbeat extension bounds check. + +A missing bounds check in the handling of the TLS heartbeat extension +can be used to reveal up to 64k of memory to a connected client or +server. + +Thanks for Neel Mehta of Google Security for discovering this bug and to +Adam Langley and Bodo Moeller for +preparing the fix (CVE-2014-0160) + +Patch (tweaked version of upstream fix without CHANGES change) borrowed +from Debian. + +Upstream-Status: Backport +Signed-off-by: Paul Eggleton + +--- + ssl/d1_both.c | 26 ++++++++++++++++++-------- + ssl/t1_lib.c | 14 +++++++++----- + 3 files changed, 36 insertions(+), 13 deletions(-) + +diff --git a/ssl/d1_both.c b/ssl/d1_both.c +index 7a5596a..2e8cf68 100644 +--- a/ssl/d1_both.c ++++ b/ssl/d1_both.c +@@ -1459,26 +1459,36 @@ dtls1_process_heartbeat(SSL *s) + unsigned int payload; + unsigned int padding = 16; /* Use minimum padding */ + +- /* Read type and payload length first */ +- hbtype = *p++; +- n2s(p, payload); +- pl = p; +- + if (s->msg_callback) + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, + &s->s3->rrec.data[0], s->s3->rrec.length, + s, s->msg_callback_arg); + ++ /* Read type and payload length first */ ++ if (1 + 2 + 16 > s->s3->rrec.length) ++ return 0; /* silently discard */ ++ hbtype = *p++; ++ n2s(p, payload); ++ if (1 + 2 + payload + 16 > s->s3->rrec.length) ++ return 0; /* silently discard per RFC 6520 sec. 4 */ ++ pl = p; ++ + if (hbtype == TLS1_HB_REQUEST) + { + unsigned char *buffer, *bp; ++ unsigned int write_length = 1 /* heartbeat type */ + ++ 2 /* heartbeat length */ + ++ payload + padding; + int r; + ++ if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) ++ return 0; ++ + /* Allocate memory for the response, size is 1 byte + * message type, plus 2 bytes payload length, plus + * payload, plus padding + */ +- buffer = OPENSSL_malloc(1 + 2 + payload + padding); ++ buffer = OPENSSL_malloc(write_length); + bp = buffer; + + /* Enter response type, length and copy payload */ +@@ -1489,11 +1499,11 @@ dtls1_process_heartbeat(SSL *s) + /* Random padding */ + RAND_pseudo_bytes(bp, padding); + +- r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); ++ r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); + + if (r >= 0 && s->msg_callback) + s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, +- buffer, 3 + payload + padding, ++ buffer, write_length, + s, s->msg_callback_arg); + + OPENSSL_free(buffer); +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index b82fada..bddffd9 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2588,16 +2588,20 @@ tls1_process_heartbeat(SSL *s) + unsigned int payload; + unsigned int padding = 16; /* Use minimum padding */ + +- /* Read type and payload length first */ +- hbtype = *p++; +- n2s(p, payload); +- pl = p; +- + if (s->msg_callback) + s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, + &s->s3->rrec.data[0], s->s3->rrec.length, + s, s->msg_callback_arg); + ++ /* Read type and payload length first */ ++ if (1 + 2 + 16 > s->s3->rrec.length) ++ return 0; /* silently discard */ ++ hbtype = *p++; ++ n2s(p, payload); ++ if (1 + 2 + payload + 16 > s->s3->rrec.length) ++ return 0; /* silently discard per RFC 6520 sec. 4 */ ++ pl = p; ++ + if (hbtype == TLS1_HB_REQUEST) + { + unsigned char *buffer, *bp; +-- +1.9.1 + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 3313ed57f6..949f3a19e3 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \ file://0001-Fix-for-TLS-record-tampering-bug-CVE-2013-4353.patch \ file://0001-Fix-DTLS-retransmission-from-previous-session.patch \ file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \ + file://CVE-2014-0160.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From 8d0f411fdbc209895d0f8958d156dc0561d61161 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Wed, 27 Nov 2013 15:32:13 +0000 Subject: [PATCH 08/59] sstatesig.py: Fix image regeneration issue With the "ABI safe" recipes, we've been excluding those from signatures. This is fine in the general case but in the specific case of image recipes it breaks. A good test case is the interfaces file. Editting this causes init-ifupdown to rebuild but not an image containing it (e.g. core-image-minimal). We need to ensure the checksums are added to the image recipes and this change does that. (From OE-Core master rev: fd085f15e7cd093953f974f69277e130174d551d) (From OE-Core rev: 946ec90c5de1faa18c899e9b45efedc3d47b93bd) Signed-off-by: Richard Purdie --- meta/lib/oe/sstatesig.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index 852fb7e64a..1bcaacf6a9 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -11,6 +11,8 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCache): def isKernel(fn): inherits = " ".join(dataCache.inherits[fn]) return inherits.find("module-base.bbclass") != -1 or inherits.find("linux-kernel-base.bbclass") != -1 + def isImage(fn): + return "image.bbclass" in " ".join(dataCache.inherits[fn]) # Always include our own inter-task dependencies if recipename == depname: @@ -32,7 +34,7 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCache): return False # Exclude well defined machine specific configurations which don't change ABI - if depname in siggen.abisaferecipes: + if depname in siggen.abisaferecipes and not isImage(fn): return False # Exclude well defined recipe->dependency From 337de046c8144b2fbcd7799a11828dc3eb34b839 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Fri, 21 Mar 2014 18:02:38 +0000 Subject: [PATCH 09/59] classes/kernel: move module postinst commands to kernel-base Since kernel-base is the package that contains the files that depmod needs to run, we should be running depmod from the kernel-base postinstall rather than kernel-image. Fixes [YOCTO #5392]. (From OE-Core master rev: f7d2cb383281ec8dfa90950ba04d87dd29ffc676) (From OE-Core rev: ac92a5ab25ddfd8462c43bac6f93730b1e454a4f) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- meta/classes/kernel.bbclass | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass index e639bd57b9..925aed1a07 100644 --- a/meta/classes/kernel.bbclass +++ b/meta/classes/kernel.bbclass @@ -337,8 +337,7 @@ ALLOW_EMPTY_kernel-image = "1" ALLOW_EMPTY_kernel-modules = "1" DESCRIPTION_kernel-modules = "Kernel modules meta package" -pkg_postinst_kernel-image () { - update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true +pkg_postinst_kernel-base () { if [ ! -e "$D/lib/modules/${KERNEL_VERSION}" ]; then mkdir -p $D/lib/modules/${KERNEL_VERSION} fi @@ -349,6 +348,10 @@ pkg_postinst_kernel-image () { fi } +pkg_postinst_kernel-image () { + update-alternatives --install /${KERNEL_IMAGEDEST}/${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} ${KERNEL_PRIORITY} || true +} + pkg_postrm_kernel-image () { update-alternatives --remove ${KERNEL_IMAGETYPE} ${KERNEL_IMAGETYPE}-${KERNEL_VERSION} || true } From b96f0217e408700e4b0ce270d3b0322b5d5a9863 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Fri, 21 Mar 2014 18:02:39 +0000 Subject: [PATCH 10/59] classes/image: ignore modules.* changing during multilib image construction Since we now run depmod when building images (as the postinst that does this is now on kernel-base instead of kernel-image) it is possible to have module file differences between the two halves of the multilib image, and the code that checks for such differences detects this and fails. Whitelist this file to avoid the failure. Specifically, modules.alias, modules.dep and modules.symbol can differ along with their .bin counterparts. Related to fix for [YOCTO #5392]. (From OE-Core master rev: 0a315804bf991664c0948e3024b8e8b9e9085808) (From OE-Core rev: a2c026cf565897e4b0ba4c31c8762b41361649f4) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- meta/classes/image.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 0986858b48..aaaa2241a1 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -410,7 +410,7 @@ log_check() { done } -MULTILIBRE_ALLOW_REP =. "${base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|" +MULTILIBRE_ALLOW_REP =. "${base_bindir}|${base_sbindir}|${bindir}|${sbindir}|${libexecdir}|/lib/modules/[^/]*/modules.*|" MULTILIB_CHECK_FILE = "${WORKDIR}/multilib_check.py" MULTILIB_TEMP_ROOTFS = "${WORKDIR}/multilib" From e5cb267922d146ab1972de7c183982c7cc312e46 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 4 Apr 2014 15:28:58 +0100 Subject: [PATCH 11/59] sstatesig: Anchor inherits class tests This avoids a nasty sstate hash corruption issue where the fact the testimage bbclass was inherited meant that the checksum changed due to testimage.bbclass being confused with image.bbclass. This patch anchors the bbclass names to avoid this confusion. (From OE-Core master rev: 943a75a4f3b6877e4092dae14b59b7afef8cad3d) (From OE-Core rev: 71b15a41652e280aca2a451073a83a25fb4e6f50) Signed-off-by: Richard Purdie Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- meta/lib/oe/sstatesig.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/lib/oe/sstatesig.py b/meta/lib/oe/sstatesig.py index 1bcaacf6a9..a1efc7b3a0 100644 --- a/meta/lib/oe/sstatesig.py +++ b/meta/lib/oe/sstatesig.py @@ -10,9 +10,9 @@ def sstate_rundepfilter(siggen, fn, recipename, task, dep, depname, dataCache): return x.startswith("nativesdk-") def isKernel(fn): inherits = " ".join(dataCache.inherits[fn]) - return inherits.find("module-base.bbclass") != -1 or inherits.find("linux-kernel-base.bbclass") != -1 + return inherits.find("/module-base.bbclass") != -1 or inherits.find("/linux-kernel-base.bbclass") != -1 def isImage(fn): - return "image.bbclass" in " ".join(dataCache.inherits[fn]) + return "/image.bbclass" in " ".join(dataCache.inherits[fn]) # Always include our own inter-task dependencies if recipename == depname: From 99f46fd25cdf544b0d25eb333c6329fd77174fa7 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Fri, 11 Apr 2014 13:31:10 +0100 Subject: [PATCH 12/59] openssl: bump PR We don't normally do this, but with the recent CVE fixes (most importantly the one for the serious CVE-2014-0160 vulnerability) I am bumping PR explicitly to make it a bit more obvious that the patch has been applied. (From OE-Core rev: 813fa9ed5e492e5dc08155d23d74127ca87304df) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- meta/recipes-connectivity/openssl/openssl_1.0.1e.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 949f3a19e3..bfdb25e80f 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -6,7 +6,7 @@ DEPENDS += "ocf-linux" CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" -PR = "${INC_PR}.0" +PR = "${INC_PR}.1" LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" From c65c136746d9f918a635440a6131ac27da2456d5 Mon Sep 17 00:00:00 2001 From: Valentin Popa Date: Mon, 14 Apr 2014 17:51:25 +0300 Subject: [PATCH 13/59] mesa: double check for eglplatform.h Even if 'egl' is in PACKAGECONFIG, mesa egl support can be disabled explicitly (changing configure flags using a .bbappend, for example). On dora, meta-fsl-arm is an example of this kind. On master there are no known cases, and we should encourge package configuration through PACKAGECONFIG. This patch adds another check for the existence of eglplatform.h before 'sed' can alter it. (From OE-Core rev: 97bc1bce9a226cc02db8a5afc2c0d4f4f70034a6) Signed-off-by: Valentin Popa Signed-off-by: Richard Purdie --- meta/recipes-graphics/mesa/mesa_9.1.6.bb | 4 +++- meta/recipes-graphics/mesa/mesa_git.bb | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/meta/recipes-graphics/mesa/mesa_9.1.6.bb b/meta/recipes-graphics/mesa/mesa_9.1.6.bb index 6e9cd826f0..388cfd785c 100644 --- a/meta/recipes-graphics/mesa/mesa_9.1.6.bb +++ b/meta/recipes-graphics/mesa/mesa_9.1.6.bb @@ -19,6 +19,8 @@ S = "${WORKDIR}/Mesa-${PV}" #make eglplatform.h independent of MESA_EGL_NO_X11_HEADER do_install_append() { if ${@base_contains('PACKAGECONFIG', 'egl', 'true', 'false', d)}; then - sed -i -e 's/^#ifdef MESA_EGL_NO_X11_HEADERS/#if ${@base_contains('DISTRO_FEATURES', 'x11', '0', '1', d)}/' ${D}${includedir}/EGL/eglplatform.h + if [ -e "${D}${includedir}/EGL/eglplatform.h" ]; then + sed -i -e 's/^#ifdef MESA_EGL_NO_X11_HEADERS/#if ${@base_contains('DISTRO_FEATURES', 'x11', '0', '1', d)}/' ${D}${includedir}/EGL/eglplatform.h + fi fi } \ No newline at end of file diff --git a/meta/recipes-graphics/mesa/mesa_git.bb b/meta/recipes-graphics/mesa/mesa_git.bb index 1babcc05a9..714911f81f 100644 --- a/meta/recipes-graphics/mesa/mesa_git.bb +++ b/meta/recipes-graphics/mesa/mesa_git.bb @@ -23,6 +23,8 @@ S = "${WORKDIR}/git" #make eglplatform.h independent of MESA_EGL_NO_X11_HEADER do_install_append() { if ${@base_contains('PACKAGECONFIG', 'egl', 'true', 'false', d)}; then - sed -i -e 's/^#ifdef MESA_EGL_NO_X11_HEADERS/#if ${@base_contains('DISTRO_FEATURES', 'x11', '0', '1', d)}/' ${D}${includedir}/EGL/eglplatform.h + if [ -e "${D}${includedir}/EGL/eglplatform.h" ]; then + sed -i -e 's/^#ifdef MESA_EGL_NO_X11_HEADERS/#if ${@base_contains('DISTRO_FEATURES', 'x11', '0', '1', d)}/' ${D}${includedir}/EGL/eglplatform.h + fi fi } From 50e9ccb2aff7b9f9dca4fda99a6832c60f64de3b Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Mon, 20 Jan 2014 14:30:11 +0000 Subject: [PATCH 14/59] bitbake: bitbake: fetch2/git: Anchor names when using ls-remote When specifying tags, they're searched for unanchored so foo/bar could match: refs/heads/abc/foo/bar refs/heads/xyz/foo/bar refs/heads/foo/bar This change anchors the expressions so they are based against heads or tags (or any other base level tree that has been created). (Bitbake master rev: df2e0972cd1db7abd5ec8b7cb295fb0c42e284a4) (Bitbake rev: da93afe9834e137ed1e9410380181286c80198b5) Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- bitbake/lib/bb/fetch2/git.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bitbake/lib/bb/fetch2/git.py b/bitbake/lib/bb/fetch2/git.py index 6175e4c7c9..989d72cb31 100644 --- a/bitbake/lib/bb/fetch2/git.py +++ b/bitbake/lib/bb/fetch2/git.py @@ -305,8 +305,8 @@ class Git(FetchMethod): username = "" basecmd = data.getVar("FETCHCMD_git", d, True) or "git" - cmd = "%s ls-remote %s://%s%s%s %s" % \ - (basecmd, ud.proto, username, ud.host, ud.path, ud.branches[name]) + cmd = "%s ls-remote %s://%s%s%s refs/heads/%s refs/tags/%s" % \ + (basecmd, ud.proto, username, ud.host, ud.path, ud.branches[name], ud.branches[name]) if ud.proto.lower() != 'file': bb.fetch2.check_network_access(d, cmd) output = runfetchcmd(cmd, d, True) From e07904836a5dc71bb68577eeb4963bc7ecde0224 Mon Sep 17 00:00:00 2001 From: Hongxu Jia Date: Fri, 25 Apr 2014 08:59:36 +0000 Subject: [PATCH 15/59] make: fix invoking makeinfo failed at do_install time Reproduce steps: $ bitbake texinfo-native $ bitbake make $ bitbake make -cdevshell In the devshell: root:make-3.82# echo "" >> doc/make.texi root:make-3.82# ../temp/run.do_install Failed Log: ... tmp/work/i586-poky-linux/make/3.81-r1/make-3.81/doc/make.texi:8165: @itemx must follow @item ... Backport from make 4.0 to fix this issue. [YOCTO #6219] (From OE-Core rev: b191d869e86c7d4393716eee6ac27aa259d6521c) Signed-off-by: Hongxu Jia Signed-off-by: Saul Wold Signed-off-by: Richard Purdie --- ...make.texi-fix-itemx-must-follow-item.patch | 24 +++++++++++++++++++ meta/recipes-devtools/make/make.inc | 1 + 2 files changed, 25 insertions(+) create mode 100644 meta/recipes-devtools/make/files/doc-make.texi-fix-itemx-must-follow-item.patch diff --git a/meta/recipes-devtools/make/files/doc-make.texi-fix-itemx-must-follow-item.patch b/meta/recipes-devtools/make/files/doc-make.texi-fix-itemx-must-follow-item.patch new file mode 100644 index 0000000000..fbbff38a75 --- /dev/null +++ b/meta/recipes-devtools/make/files/doc-make.texi-fix-itemx-must-follow-item.patch @@ -0,0 +1,24 @@ +doc/make.texi: fix @itemx must follow @item + +Upstream-Status: Backport from make 4.0 + +Signed-off-by: Hongxu Jia +--- + doc/make.texi | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/make.texi b/doc/make.texi +--- a/doc/make.texi ++++ b/doc/make.texi +@@ -8162,7 +8162,7 @@ from complicated nests of recursive @code{make} commands. + rarely need to specify this option since @samp{make} does it for you; + see @ref{-w Option, ,The @samp{--print-directory} Option}.) + +-@itemx --no-print-directory ++@item --no-print-directory + @cindex @code{--no-print-directory} + Disable printing of the working directory under @code{-w}. + This option is useful when @code{-w} is turned on automatically, +-- +1.8.1.2 + diff --git a/meta/recipes-devtools/make/make.inc b/meta/recipes-devtools/make/make.inc index 5de74e4261..faf66e1b90 100644 --- a/meta/recipes-devtools/make/make.inc +++ b/meta/recipes-devtools/make/make.inc @@ -6,6 +6,7 @@ HOMEPAGE = "http://www.gnu.org/software/make/" SECTION = "devel" SRC_URI = "${GNU_MIRROR}/make/make-${PV}.tar.bz2 \ + file://doc-make.texi-fix-itemx-must-follow-item.patch \ file://SCCS.patch" inherit autotools gettext From e34b38b723b5c6efa07f8c1667d3d5c13dd265c9 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Tue, 29 Apr 2014 18:00:51 +0100 Subject: [PATCH 16/59] build-appliance-image: Update to head revision (From OE-Core rev: d18553830ed3377b40878df1b0bef4e8e109bec3) Signed-off-by: Richard Purdie --- meta/recipes-core/images/build-appliance-image_8.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/images/build-appliance-image_8.0.bb b/meta/recipes-core/images/build-appliance-image_8.0.bb index 1e039a8c1d..916a88b05c 100644 --- a/meta/recipes-core/images/build-appliance-image_8.0.bb +++ b/meta/recipes-core/images/build-appliance-image_8.0.bb @@ -21,7 +21,7 @@ IMAGE_FSTYPES = "vmdk" inherit core-image -SRCREV ?= "785b7e392922453698dd8b21cae5b229a9352031" +SRCREV ?= "107269d9d02debe1adde9745df52da9dd5faf5c7" SRC_URI = "git://git.yoctoproject.org/poky \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ From b626e109e83384558f45dc2e30e7caec677ce1db Mon Sep 17 00:00:00 2001 From: Saul Wold Date: Tue, 29 Apr 2014 10:19:22 -0700 Subject: [PATCH 17/59] build-appliance: Update to Dora 1.5.2 Fix to be HEAD of Dora, not master (From OE-Core rev: abc158bf873bb7c01414e437eea2b538eb73881c) Signed-off-by: Saul Wold Signed-off-by: Richard Purdie --- meta/recipes-core/images/build-appliance-image_8.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/images/build-appliance-image_8.0.bb b/meta/recipes-core/images/build-appliance-image_8.0.bb index 916a88b05c..261beb69ab 100644 --- a/meta/recipes-core/images/build-appliance-image_8.0.bb +++ b/meta/recipes-core/images/build-appliance-image_8.0.bb @@ -21,7 +21,7 @@ IMAGE_FSTYPES = "vmdk" inherit core-image -SRCREV ?= "107269d9d02debe1adde9745df52da9dd5faf5c7" +SRCREV ?= "e07904836a5dc71bb68577eeb4963bc7ecde0224" SRC_URI = "git://git.yoctoproject.org/poky \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ From 8a5af7ff337e452fc9d0d26bcbc3072af3472ef4 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Mon, 24 Feb 2014 12:57:38 +0000 Subject: [PATCH 18/59] bitbake: fetch2: Fix mirror repo tarball creation A typo was meaning that the mirror creation method wasn't being called when it should have been. Fix the type to fix mirror tarball creation. [YOCTO #5284] (Bitbake rev: 66cdc2e21660847c50317e8bfd28cf3595422e28) Signed-off-by: Richard Purdie --- bitbake/lib/bb/fetch2/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py index 1cda059f6d..6170e1c9bc 100644 --- a/bitbake/lib/bb/fetch2/__init__.py +++ b/bitbake/lib/bb/fetch2/__init__.py @@ -807,7 +807,7 @@ def try_mirror_url(newuri, origud, ud, ld, check = False): os.symlink(ud.localpath, dest) if not os.path.exists(origud.donestamp) or origud.method.need_update(origud.url, origud, ld): origud.method.download(origud.url, origud, ld) - if hasattr(ud.method,"build_mirror_data"): + if hasattr(origud.method,"build_mirror_data"): origud.method.build_mirror_data(origud.url, origud, ld) return None # Otherwise the result is a local file:// and we symlink to it From 6a92f7ede3be3edd58d7819aa611b0c5270756bf Mon Sep 17 00:00:00 2001 From: Robert Yang Date: Thu, 26 Dec 2013 00:01:26 +0800 Subject: [PATCH 19/59] bitbake: fetch2/__init__.py: let try_mirror_url return correct value The fetcher will try: 1) PREMIRROR 2) Upstream 3) MIRROR If it fails to download from the Upstream, but succeeds from the MIRROR, and ud.localpath != origud.localpath (for example, the git tarball), then we will get the error (e.g.: xf86-video-omapfb): ERROR: Function failed: Fetcher failure for URL: 'xxx'. Unable to fetch URL from any source. ERROR: Logfile of failure stored in: /path/to/log.do_fetch.28024 It should not show the error and let the build go on since it succeeds. (e.g.: xf86-video-omapfb) [YOCTO #5686] (Bitbake rev: 3bb3f1823bdd46ab34577d43f1e39046a32bca77) Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- bitbake/lib/bb/fetch2/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bitbake/lib/bb/fetch2/__init__.py b/bitbake/lib/bb/fetch2/__init__.py index 6170e1c9bc..d8f8bbd792 100644 --- a/bitbake/lib/bb/fetch2/__init__.py +++ b/bitbake/lib/bb/fetch2/__init__.py @@ -809,7 +809,7 @@ def try_mirror_url(newuri, origud, ud, ld, check = False): origud.method.download(origud.url, origud, ld) if hasattr(origud.method,"build_mirror_data"): origud.method.build_mirror_data(origud.url, origud, ld) - return None + return ud.localpath # Otherwise the result is a local file:// and we symlink to it if not os.path.exists(origud.localpath): if os.path.islink(origud.localpath): From 24935b0c0998611580359592036ee15cd377aa74 Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Tue, 29 Apr 2014 17:45:16 -0700 Subject: [PATCH 20/59] poky.ent: Updated the variables to support the 1.5.2 point release. (From yocto-docs rev: 5d1921371e44c7830a2e2f1d6b6b7553277a3370) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/poky.ent | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/documentation/poky.ent b/documentation/poky.ent index 6041b31245..5407f98595 100644 --- a/documentation/poky.ent +++ b/documentation/poky.ent @@ -1,9 +1,9 @@ - - + + - - - + + + From 3decaf26208f163f38c669c086070dd6853442bc Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Tue, 29 Apr 2014 17:45:42 -0700 Subject: [PATCH 21/59] documentation: Updated the manual revision history tables for 1.5.2 (From yocto-docs rev: c3674816afea52cc37ae842577f8eebf34d20d69) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/adt-manual/adt-manual.xml | 5 +++++ documentation/bsp-guide/bsp-guide.xml | 5 +++++ documentation/dev-manual/dev-manual.xml | 5 +++++ documentation/kernel-dev/kernel-dev.xml | 5 +++++ documentation/profile-manual/profile-manual.xml | 5 +++++ documentation/ref-manual/ref-manual.xml | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/documentation/adt-manual/adt-manual.xml b/documentation/adt-manual/adt-manual.xml index f86adcf465..0a5383bc8d 100644 --- a/documentation/adt-manual/adt-manual.xml +++ b/documentation/adt-manual/adt-manual.xml @@ -71,6 +71,11 @@ January 2014 Released with the Yocto Project 1.5.1 Release. + + 1.5.2 + May 2014 + Released with the Yocto Project 1.5.2 Release. + diff --git a/documentation/bsp-guide/bsp-guide.xml b/documentation/bsp-guide/bsp-guide.xml index 8bb4ff1461..23697f4345 100644 --- a/documentation/bsp-guide/bsp-guide.xml +++ b/documentation/bsp-guide/bsp-guide.xml @@ -83,6 +83,11 @@ January 2014 Released with the Yocto Project 1.5.1 Release. + + 1.5.2 + May 2014 + Released with the Yocto Project 1.5.2 Release. + diff --git a/documentation/dev-manual/dev-manual.xml b/documentation/dev-manual/dev-manual.xml index 3f6fad8d1d..9b9f89f857 100644 --- a/documentation/dev-manual/dev-manual.xml +++ b/documentation/dev-manual/dev-manual.xml @@ -61,6 +61,11 @@ January 2014 Released with the Yocto Project 1.5.1 Release. + + 1.5.2 + May 2014 + Released with the Yocto Project 1.5.2 Release. + diff --git a/documentation/kernel-dev/kernel-dev.xml b/documentation/kernel-dev/kernel-dev.xml index aebb6a2eb3..06cdbab57d 100644 --- a/documentation/kernel-dev/kernel-dev.xml +++ b/documentation/kernel-dev/kernel-dev.xml @@ -46,6 +46,11 @@ January 2014 Released with the Yocto Project 1.5.1 Release. + + 1.5.2 + May 2014 + Released with the Yocto Project 1.5.2 Release. + diff --git a/documentation/profile-manual/profile-manual.xml b/documentation/profile-manual/profile-manual.xml index c4ffb9d2a6..93c2d9fed1 100644 --- a/documentation/profile-manual/profile-manual.xml +++ b/documentation/profile-manual/profile-manual.xml @@ -46,6 +46,11 @@ January 2014 Released with the Yocto Project 1.5.1 Release. + + 1.5.2 + May 2014 + Released with the Yocto Project 1.5.2 Release. + diff --git a/documentation/ref-manual/ref-manual.xml b/documentation/ref-manual/ref-manual.xml index 240f8cee53..69cdd04be3 100644 --- a/documentation/ref-manual/ref-manual.xml +++ b/documentation/ref-manual/ref-manual.xml @@ -77,6 +77,11 @@ January 2014 Released with the Yocto Project 1.5.1 Release. + + 1.5.2 + May 2014 + Released with the Yocto Project 1.5.2 Release. + From 0a6f0dbf9476dcb4a17a210af90e2dd1a43b61aa Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Wed, 30 Apr 2014 08:00:57 -0700 Subject: [PATCH 22/59] mega-manual.sed: Updated the link version to 1.5.2 (From yocto-docs rev: 2e0cf7319ec72e8ccbf93b4a6602f3ab20259588) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/tools/mega-manual.sed | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/documentation/tools/mega-manual.sed b/documentation/tools/mega-manual.sed index d3142ec60d..baf3945a27 100644 --- a/documentation/tools/mega-manual.sed +++ b/documentation/tools/mega-manual.sed @@ -1,13 +1,13 @@ # Processes ref-manual and yocto-project-qs manual (-- style) -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.2\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g # Processes all other manuals (- style) -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.1\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.2\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g # Process cases where just an external manual is referenced without an id anchor -s/Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g -s/Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g -s/Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g -s/Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g -s/Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g -s/Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g +s/Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g +s/Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g +s/Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g +s/Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g +s/Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g +s/Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g From 19745990465b37107142c5464008ca9f7959cc0b Mon Sep 17 00:00:00 2001 From: "Maxin B. John" Date: Mon, 19 May 2014 16:13:04 +0100 Subject: [PATCH 23/59] openssl: fix CVE-2014-0198 A null pointer dereference bug was discovered in do_ssl3_write(). An attacker could possibly use this to cause OpenSSL to crash, resulting in a denial of service. https://access.redhat.com/security/cve/CVE-2014-0198 (From OE-Core rev: 4c58fe468790822fe48e0a570779979c831d0f10) Signed-off-by: Maxin B. John Signed-off-by: Matt Fleming Signed-off-by: Richard Purdie --- .../openssl-CVE-2014-0198-fix.patch | 23 +++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 3 ++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch new file mode 100644 index 0000000000..4c51d746ff --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch @@ -0,0 +1,23 @@ +Upstream-Status: Backport + +Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837 + +CVE-2014-0198: An attacker can trigger generation of an SSL +alert which could cause a null pointer dereference. + +Signed-off-by: Maxin B. John +--- +diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c +--- openssl-1.0.1g-orig/ssl/s3_pkt.c 2014-03-17 17:14:20.000000000 +0100 ++++ openssl-1.0.1g/ssl/s3_pkt.c 2014-05-06 02:32:43.862587660 +0200 +@@ -657,6 +657,10 @@ + if (i <= 0) + return(i); + /* if it went, fall through and send more stuff */ ++ /* we may have released our buffer, so get it again */ ++ if (wb->buf == NULL) ++ if (!ssl3_setup_write_buffer(s)) ++ return -1; + } + + if (len == 0 && !create_empty_fragment) diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index bfdb25e80f..842a903332 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -6,7 +6,7 @@ DEPENDS += "ocf-linux" CFLAG += "-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS" -PR = "${INC_PR}.1" +PR = "${INC_PR}.2" LIC_FILES_CHKSUM = "file://LICENSE;md5=f9a8f968107345e0b75aa8c2ecaa7ec8" @@ -38,6 +38,7 @@ SRC_URI += "file://configure-targets.patch \ file://0001-Fix-DTLS-retransmission-from-previous-session.patch \ file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \ file://CVE-2014-0160.patch \ + file://openssl-CVE-2014-0198-fix.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From e6aafde7d201c714e2f9b88392b0d5efe53227d9 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Fri, 6 Jun 2014 09:28:35 +0100 Subject: [PATCH 24/59] poky.conf: Fix DISTRO_VERSION to be 1.5.2 (From meta-yocto rev: a55c4e66c2cdf72576baa9bb431ccfababcac585) Signed-off-by: Richard Purdie --- meta-yocto/conf/distro/poky.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-yocto/conf/distro/poky.conf b/meta-yocto/conf/distro/poky.conf index 9764fbce66..35d47e276f 100644 --- a/meta-yocto/conf/distro/poky.conf +++ b/meta-yocto/conf/distro/poky.conf @@ -1,6 +1,6 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "1.5.1" +DISTRO_VERSION = "1.5.2" DISTRO_CODENAME = "next" SDK_VENDOR = "-pokysdk" SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}" From c7432a006eaeb2998ad93ec2a4fb38b7002b7e5b Mon Sep 17 00:00:00 2001 From: Saul Wold Date: Tue, 3 Jun 2014 07:52:51 -0700 Subject: [PATCH 25/59] busybox: fix meta-yocto's bbappend's FILESEXTRAPATH The FILESEXTRAPATH was not getting used correctly since our distro OVERRIDE is for poky-tiny, not poky, so just remove it, also we are not using a version directory so ensure we get correct BPN (Base Package Name). [YOCTO #6353] (From meta-yocto rev: 43e5c7a92dc06f95ef3110fb404bd07eccc2140a) Signed-off-by: Saul Wold Signed-off-by: Richard Purdie --- meta-yocto/recipes-core/busybox/busybox_1.21.1.bbappend | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-yocto/recipes-core/busybox/busybox_1.21.1.bbappend b/meta-yocto/recipes-core/busybox/busybox_1.21.1.bbappend index ffe8631ab4..000578744a 100644 --- a/meta-yocto/recipes-core/busybox/busybox_1.21.1.bbappend +++ b/meta-yocto/recipes-core/busybox/busybox_1.21.1.bbappend @@ -1,2 +1,2 @@ -FILESEXTRAPATHS_prepend_poky := "${THISDIR}/${P}:" +FILESEXTRAPATHS_prepend := "${THISDIR}/${BPN}:" From ad2c79b0fd8c9cf5d68c158ebe83e5a0b09656c7 Mon Sep 17 00:00:00 2001 From: Valentin Popa Date: Thu, 5 Jun 2014 16:08:31 +0300 Subject: [PATCH 26/59] gnutls: patch for CVE-2014-3466 backported Backported patch for CVE-2014-3466. This patch is for dora. (From OE-Core rev: 68da848e0f7f026bf18707d8d59143177ff66f9b) Signed-off-by: Valentin Popa Signed-off-by: Richard Purdie --- .../gnutls/gnutls/CVE-2014-3466.patch | 30 +++++++++++++++++++ meta/recipes-support/gnutls/gnutls_2.12.23.bb | 1 + 2 files changed, 31 insertions(+) create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch new file mode 100644 index 0000000000..dd118f599a --- /dev/null +++ b/meta/recipes-support/gnutls/gnutls/CVE-2014-3466.patch @@ -0,0 +1,30 @@ +From fcf3745f1d03c4a97e87ef4341269c645fdda787 Mon Sep 17 00:00:00 2001 +From: Valentin Popa +Date: Thu, 5 Jun 2014 11:50:11 +0300 +Subject: [PATCH] CVE-2014-3466 + +Prevent memory corruption due to server hello parsing. + +Upstream-Status: Backport + +Signed-off-by: Valentin Popa +--- + lib/gnutls_handshake.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c +index e4a63e4..e652528 100644 +--- a/lib/gnutls_handshake.c ++++ b/lib/gnutls_handshake.c +@@ -1797,7 +1797,7 @@ _gnutls_read_server_hello (gnutls_session_t session, + DECR_LEN (len, 1); + session_id_len = data[pos++]; + +- if (len < session_id_len) ++ if (len < session_id_len || session_id_len > TLS_MAX_SESSION_ID_SIZE) + { + gnutls_assert (); + return GNUTLS_E_UNSUPPORTED_VERSION_PACKET; +-- +1.9.1 + diff --git a/meta/recipes-support/gnutls/gnutls_2.12.23.bb b/meta/recipes-support/gnutls/gnutls_2.12.23.bb index 22182426ee..efe9e04ee1 100644 --- a/meta/recipes-support/gnutls/gnutls_2.12.23.bb +++ b/meta/recipes-support/gnutls/gnutls_2.12.23.bb @@ -8,6 +8,7 @@ SRC_URI += "file://gnutls-openssl.patch \ file://avoid_AM_PROG_MKDIR_P_warning_error_with_automake_1.12.patch \ file://CVE-2014-1959-rejection-of-v1-intermediate-cert.patch \ file://CVE-2014-0092-corrected-return-codes.patch \ + file://CVE-2014-3466.patch \ file://25_updatedgdocfrommaster.diff \ ${@['', 'file://fix-gettext-version.patch'][bb.data.inherits_class('native', d) or (not ((d.getVar("INCOMPATIBLE_LICENSE", True) or "").find("GPLv3") != -1))]} \ " From c5d81c3386b945293580ed87fcecc0c80851ef0e Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Mon, 9 Jun 2014 16:53:43 +0100 Subject: [PATCH 27/59] openssl: fix CVE-2014-0195 http://www.openssl.org/news/secadv_20140605.txt DTLS invalid fragment vulnerability (CVE-2014-0195) A buffer overrun attack can be triggered by sending invalid DTLS fragments to an OpenSSL DTLS client or server. This is potentially exploitable to run arbitrary code on a vulnerable client or server. Only applications using OpenSSL as a DTLS client or server affected. (Patch borrowed from Fedora.) (From OE-Core rev: c707b3ea9e1fbff2c6a82670e4b1af2b4f53d5e2) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- .../openssl-1.0.1e-cve-2014-0195.patch | 40 +++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch new file mode 100644 index 0000000000..0c43919427 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0195.patch @@ -0,0 +1,40 @@ +commit 208d54db20d58c9a5e45e856a0650caadd7d9612 +Author: Dr. Stephen Henson +Date: Tue May 13 18:48:31 2014 +0100 + + Fix for CVE-2014-0195 + + A buffer overrun attack can be triggered by sending invalid DTLS fragments + to an OpenSSL DTLS client or server. This is potentially exploitable to + run arbitrary code on a vulnerable client or server. + + Fixed by adding consistency check for DTLS fragments. + + Thanks to Jüri Aedla for reporting this issue. + +Patch borrowed from Fedora +Upstream-Status: Backport +Signed-off-by: Paul Eggleton + +diff --git a/ssl/d1_both.c b/ssl/d1_both.c +index 2e8cf68..07f67f8 100644 +--- a/ssl/d1_both.c ++++ b/ssl/d1_both.c +@@ -627,7 +627,16 @@ dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok) + frag->msg_header.frag_off = 0; + } + else ++ { + frag = (hm_fragment*) item->data; ++ if (frag->msg_header.msg_len != msg_hdr->msg_len) ++ { ++ item = NULL; ++ frag = NULL; ++ goto err; ++ } ++ } ++ + + /* If message is already reassembled, this must be a + * retransmit and can be dropped. + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 842a903332..7783206a4b 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -39,6 +39,7 @@ SRC_URI += "file://configure-targets.patch \ file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \ file://CVE-2014-0160.patch \ file://openssl-CVE-2014-0198-fix.patch \ + file://openssl-1.0.1e-cve-2014-0195.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From d6f29c015404fb87889e7275a398733a906b81d1 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Mon, 9 Jun 2014 16:53:44 +0100 Subject: [PATCH 28/59] openssl: use upstream fix for CVE-2014-0198 This replaces the fix for CVE-2014-0198 with one borrowed from Fedora, which is the same as the patch which was actually applied upstream for the issue, i.e.: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c (From OE-Core rev: 21fa437a37dad14145b6c8c8c16c95f1b074e09c) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- .../openssl-1.0.1e-cve-2014-0198.patch | 38 +++++++++++++++++++ .../openssl-CVE-2014-0198-fix.patch | 23 ----------- .../openssl/openssl_1.0.1e.bb | 2 +- 3 files changed, 39 insertions(+), 24 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch delete mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch new file mode 100644 index 0000000000..12dcfb7f3a --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0198.patch @@ -0,0 +1,38 @@ +From: Matt Caswell +Date: Sun, 11 May 2014 23:38:37 +0000 (+0100) +Subject: Fixed NULL pointer dereference. See PR#3321 +X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=b107586 + +Fixed NULL pointer dereference. See PR#3321 + +Patch borrowed from Fedora +Upstream-Status: Backport +Signed-off-by: Paul Eggleton + +--- + +diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c +index 40eb0dd..d961d12 100644 +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -657,9 +657,6 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + SSL3_BUFFER *wb=&(s->s3->wbuf); + SSL_SESSION *sess; + +- if (wb->buf == NULL) +- if (!ssl3_setup_write_buffer(s)) +- return -1; + + /* first check if there is a SSL3_BUFFER still being written + * out. This will happen with non blocking IO */ +@@ -675,6 +672,10 @@ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, + /* if it went, fall through and send more stuff */ + } + ++ if (wb->buf == NULL) ++ if (!ssl3_setup_write_buffer(s)) ++ return -1; ++ + if (len == 0 && !create_empty_fragment) + return 0; + diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch deleted file mode 100644 index 4c51d746ff..0000000000 --- a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2014-0198-fix.patch +++ /dev/null @@ -1,23 +0,0 @@ -Upstream-Status: Backport - -Reference: https://bugzilla.redhat.com/show_bug.cgi?id=1093837 - -CVE-2014-0198: An attacker can trigger generation of an SSL -alert which could cause a null pointer dereference. - -Signed-off-by: Maxin B. John ---- -diff -Naur openssl-1.0.1g-orig/ssl/s3_pkt.c openssl-1.0.1g/ssl/s3_pkt.c ---- openssl-1.0.1g-orig/ssl/s3_pkt.c 2014-03-17 17:14:20.000000000 +0100 -+++ openssl-1.0.1g/ssl/s3_pkt.c 2014-05-06 02:32:43.862587660 +0200 -@@ -657,6 +657,10 @@ - if (i <= 0) - return(i); - /* if it went, fall through and send more stuff */ -+ /* we may have released our buffer, so get it again */ -+ if (wb->buf == NULL) -+ if (!ssl3_setup_write_buffer(s)) -+ return -1; - } - - if (len == 0 && !create_empty_fragment) diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 7783206a4b..38cdb3f740 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -38,8 +38,8 @@ SRC_URI += "file://configure-targets.patch \ file://0001-Fix-DTLS-retransmission-from-previous-session.patch \ file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \ file://CVE-2014-0160.patch \ - file://openssl-CVE-2014-0198-fix.patch \ file://openssl-1.0.1e-cve-2014-0195.patch \ + file://openssl-1.0.1e-cve-2014-0198.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From bd1a6f3d567e300e53301d1362b8c191ed927266 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Mon, 9 Jun 2014 16:53:45 +0100 Subject: [PATCH 29/59] openssl: fix CVE-2014-0221 http://www.openssl.org/news/secadv_20140605.txt DTLS recursion flaw (CVE-2014-0221) By sending an invalid DTLS handshake to an OpenSSL DTLS client the code can be made to recurse eventually crashing in a DoS attack. Only applications using OpenSSL as a DTLS client are affected. (Patch borrowed from Fedora.) (From OE-Core rev: 6506f8993c84b966642ef857bb15cf96eada32e8) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- .../openssl-1.0.1e-cve-2014-0221.patch | 38 +++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch new file mode 100644 index 0000000000..bf730a8124 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0221.patch @@ -0,0 +1,38 @@ +commit d30e582446b027868cdabd0994681643682045a4 +Author: Dr. Stephen Henson +Date: Fri May 16 13:00:45 2014 +0100 + + Fix CVE-2014-0221 + + Unnecessary recursion when receiving a DTLS hello request can be used to + crash a DTLS client. Fixed by handling DTLS hello request without recursion. + + Thanks to Imre Rad (Search-Lab Ltd.) for discovering this issue. + +Patch borrowed from Fedora +Upstream-Status: Backport +Signed-off-by: Paul Eggleton + +diff --git a/ssl/d1_both.c b/ssl/d1_both.c +index 07f67f8..4c2fd03 100644 +--- a/ssl/d1_both.c ++++ b/ssl/d1_both.c +@@ -793,6 +793,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) + int i,al; + struct hm_header_st msg_hdr; + ++ redo: + /* see if we have the required fragment already */ + if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) + { +@@ -851,8 +852,7 @@ dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok) + s->msg_callback_arg); + + s->init_num = 0; +- return dtls1_get_message_fragment(s, st1, stn, +- max, ok); ++ goto redo; + } + else /* Incorrectly formated Hello request */ + { + diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 38cdb3f740..dc77330df8 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -40,6 +40,7 @@ SRC_URI += "file://configure-targets.patch \ file://CVE-2014-0160.patch \ file://openssl-1.0.1e-cve-2014-0195.patch \ file://openssl-1.0.1e-cve-2014-0198.patch \ + file://openssl-1.0.1e-cve-2014-0221.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From 0ea0a14bd934964fa84a2d655d94ea227ed1981d Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Mon, 9 Jun 2014 16:53:46 +0100 Subject: [PATCH 30/59] openssl: fix CVE-2014-0224 http://www.openssl.org/news/secadv_20140605.txt SSL/TLS MITM vulnerability (CVE-2014-0224) An attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited by a Man-in-the-middle (MITM) attack where the attacker can decrypt and modify traffic from the attacked client and server. The attack can only be performed between a vulnerable client *and* server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution. (Patch borrowed from Fedora.) (From OE-Core rev: f19dbbc864b12b0f87248d3199296b41a0dcd5b0) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- .../openssl-1.0.1e-cve-2014-0224.patch | 103 ++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 1 + 2 files changed, 104 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch new file mode 100644 index 0000000000..0ed1d12551 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-0224.patch @@ -0,0 +1,103 @@ +Fix for CVE-2014-0224 + +Only accept change cipher spec when it is expected instead of at any +time. This prevents premature setting of session keys before the master +secret is determined which an attacker could use as a MITM attack. + +Thanks to KIKUCHI Masashi (Lepidum Co. Ltd.) for reporting this issue +and providing the initial fix this patch is based on. + + +Patch borrowed from Fedora +Upstream-Status: Backport +Signed-off-by: Paul Eggleton + + +diff -up openssl-1.0.1e/ssl/ssl3.h.keying-mitm openssl-1.0.1e/ssl/ssl3.h +--- openssl-1.0.1e/ssl/ssl3.h.keying-mitm 2014-06-02 19:48:04.518100562 +0200 ++++ openssl-1.0.1e/ssl/ssl3.h 2014-06-02 19:48:04.642103429 +0200 +@@ -388,6 +388,7 @@ typedef struct ssl3_buffer_st + #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 + #define TLS1_FLAGS_SKIP_CERT_VERIFY 0x0010 + #define TLS1_FLAGS_KEEP_HANDSHAKE 0x0020 ++#define SSL3_FLAGS_CCS_OK 0x0080 + + /* SSL3_FLAGS_SGC_RESTART_DONE is set when we + * restart a handshake because of MS SGC and so prevents us +diff -up openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm openssl-1.0.1e/ssl/s3_clnt.c +--- openssl-1.0.1e/ssl/s3_clnt.c.keying-mitm 2013-02-11 16:26:04.000000000 +0100 ++++ openssl-1.0.1e/ssl/s3_clnt.c 2014-06-02 19:49:57.042701985 +0200 +@@ -559,6 +559,7 @@ int ssl3_connect(SSL *s) + case SSL3_ST_CR_FINISHED_A: + case SSL3_ST_CR_FINISHED_B: + ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, + SSL3_ST_CR_FINISHED_B); + if (ret <= 0) goto end; +@@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s) + SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); + goto f_err; + } ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + s->hit=1; + } + else /* a miss or crap from the other end */ +diff -up openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm openssl-1.0.1e/ssl/s3_pkt.c +--- openssl-1.0.1e/ssl/s3_pkt.c.keying-mitm 2014-06-02 19:48:04.640103383 +0200 ++++ openssl-1.0.1e/ssl/s3_pkt.c 2014-06-02 19:48:04.643103452 +0200 +@@ -1298,6 +1298,15 @@ start: + goto f_err; + } + ++ if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) ++ { ++ al=SSL_AD_UNEXPECTED_MESSAGE; ++ SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); ++ goto f_err; ++ } ++ ++ s->s3->flags &= ~SSL3_FLAGS_CCS_OK; ++ + rr->length=0; + + if (s->msg_callback) +@@ -1432,7 +1441,7 @@ int ssl3_do_change_cipher_spec(SSL *s) + + if (s->s3->tmp.key_block == NULL) + { +- if (s->session == NULL) ++ if (s->session == NULL || s->session->master_key_length == 0) + { + /* might happen if dtls1_read_bytes() calls this */ + SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); +diff -up openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm openssl-1.0.1e/ssl/s3_srvr.c +--- openssl-1.0.1e/ssl/s3_srvr.c.keying-mitm 2014-06-02 19:48:04.630103151 +0200 ++++ openssl-1.0.1e/ssl/s3_srvr.c 2014-06-02 19:48:04.643103452 +0200 +@@ -673,6 +673,7 @@ int ssl3_accept(SSL *s) + case SSL3_ST_SR_CERT_VRFY_A: + case SSL3_ST_SR_CERT_VRFY_B: + ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + /* we should decide if we expected this one */ + ret=ssl3_get_cert_verify(s); + if (ret <= 0) goto end; +@@ -700,6 +701,7 @@ int ssl3_accept(SSL *s) + + case SSL3_ST_SR_FINISHED_A: + case SSL3_ST_SR_FINISHED_B: ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, + SSL3_ST_SR_FINISHED_B); + if (ret <= 0) goto end; +@@ -770,7 +772,10 @@ int ssl3_accept(SSL *s) + s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + #else + if (s->s3->next_proto_neg_seen) ++ { ++ s->s3->flags |= SSL3_FLAGS_CCS_OK; + s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; ++ } + else + s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; + #endif diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index dc77330df8..fae0b93f37 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -41,6 +41,7 @@ SRC_URI += "file://configure-targets.patch \ file://openssl-1.0.1e-cve-2014-0195.patch \ file://openssl-1.0.1e-cve-2014-0198.patch \ file://openssl-1.0.1e-cve-2014-0221.patch \ + file://openssl-1.0.1e-cve-2014-0224.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From 8ac53f3c2d0c20409aee7161ce6b548221e43709 Mon Sep 17 00:00:00 2001 From: Paul Eggleton Date: Mon, 9 Jun 2014 16:53:47 +0100 Subject: [PATCH 31/59] openssl: fix CVE-2014-3470 http://www.openssl.org/news/secadv_20140605.txt Anonymous ECDH denial of service (CVE-2014-3470) OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a denial of service attack. (Patch borrowed from Fedora.) (From OE-Core rev: fe4e278f1794dda2e1aded56360556fe933614ca) Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- .../openssl-1.0.1e-cve-2014-3470.patch | 31 +++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 1 + 2 files changed, 32 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch new file mode 100644 index 0000000000..025727f587 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-1.0.1e-cve-2014-3470.patch @@ -0,0 +1,31 @@ +commit 4ad43d511f6cf064c66eb4bfd0fb0919b5dd8a86 +Author: Dr. Stephen Henson +Date: Thu May 29 15:00:05 2014 +0100 + + Fix CVE-2014-3470 + + Check session_cert is not NULL before dereferencing it. + +Patch borrowed from Fedora +Upstream-Status: Backport +Signed-off-by: Paul Eggleton + + +diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c +index d35376d..4324f8d 100644 +--- a/ssl/s3_clnt.c ++++ b/ssl/s3_clnt.c +@@ -2511,6 +2511,13 @@ int ssl3_send_client_key_exchange(SSL *s) + int ecdh_clnt_cert = 0; + int field_size = 0; + ++ if (s->session->sess_cert == NULL) ++ { ++ ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); ++ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); ++ goto err; ++ } ++ + /* Did we send out the client's + * ECDH share for use in premaster + * computation as part of client certificate? diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index fae0b93f37..65083fb8bf 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -42,6 +42,7 @@ SRC_URI += "file://configure-targets.patch \ file://openssl-1.0.1e-cve-2014-0198.patch \ file://openssl-1.0.1e-cve-2014-0221.patch \ file://openssl-1.0.1e-cve-2014-0224.patch \ + file://openssl-1.0.1e-cve-2014-3470.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From 381c6b89574df10411fa28a593a5c02cd169bf46 Mon Sep 17 00:00:00 2001 From: Yue Tao Date: Mon, 9 Jun 2014 16:53:48 +0100 Subject: [PATCH 32/59] openssl: fix for CVE-2010-5298 Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 (From OE-Core master rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b) (From OE-Core rev: 3cc799213e6528fc9fb4a0c40a01a1817484f499) Signed-off-by: Yue Tao Signed-off-by: Roy Li Signed-off-by: Saul Wold Signed-off-by: Richard Purdie Signed-off-by: Paul Eggleton Signed-off-by: Richard Purdie --- .../openssl-CVE-2010-5298.patch | 24 +++++++++++++++++++ .../openssl/openssl_1.0.1e.bb | 1 + 2 files changed, 25 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch new file mode 100644 index 0000000000..417a774ba2 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch @@ -0,0 +1,24 @@ +openssl fix for CVE-2010-5298 + +Upstream-Status: Backport + +Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL +through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote +attackers to inject data across sessions or cause a denial of service +(use-after-free and parsing error) via an SSL connection in a +multithreaded environment. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 + +Signed-off-by: Yue Tao +--- a/ssl/s3_pkt.c ++++ b/ssl/s3_pkt.c +@@ -1013,7 +1013,7 @@ start: + { + s->rstate=SSL_ST_READ_HEADER; + rr->off=0; +- if (s->mode & SSL_MODE_RELEASE_BUFFERS) ++ if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) + ssl3_release_read_buffer(s); + } + } diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb index 65083fb8bf..d639d0a6ad 100644 --- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb +++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb @@ -43,6 +43,7 @@ SRC_URI += "file://configure-targets.patch \ file://openssl-1.0.1e-cve-2014-0221.patch \ file://openssl-1.0.1e-cve-2014-0224.patch \ file://openssl-1.0.1e-cve-2014-3470.patch \ + file://openssl-CVE-2010-5298.patch \ " SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c" From 527868fbfc3fde58ffd3590caef3a56d4b6b3659 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Wed, 18 Jun 2014 00:05:53 +0800 Subject: [PATCH 33/59] x264: Update SRCREV to match commit in upstream git repo It seems that 585324fee380109acd9986388f857f413a60b896 is no longer there in git and it has been rewritten to ffc3ad4945da69f3caa2b40e4eed715a9a8d9526 Change-Id: I9ffe8bd9bcef0d2dc5e6f6d3a6e4317bada8f4be (master rev: b193c7f251542aa76cb5a4d6dcb71d15b27005eb) (From OE-Core rev: b7371b49b4b83c2e864126480b65363fe9f2cfd2) Signed-off-by: Khem Raj Signed-off-by: Saul Wold Signed-off-by: Richard Purdie Signed-off-by: Patrick Doyle Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- meta/recipes-multimedia/x264/x264_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-multimedia/x264/x264_git.bb b/meta/recipes-multimedia/x264/x264_git.bb index 406df30e64..e40290fba5 100644 --- a/meta/recipes-multimedia/x264/x264_git.bb +++ b/meta/recipes-multimedia/x264/x264_git.bb @@ -11,7 +11,7 @@ SRC_URI = "git://git.videolan.org/x264.git \ file://don-t-default-to-cortex-a9-with-neon.patch \ " -SRCREV = "585324fee380109acd9986388f857f413a60b896" +SRCREV = "ffc3ad4945da69f3caa2b40e4eed715a9a8d9526" PV = "r2265+git${SRCPV}" From 3fb2ce03a2f1f129b818abdf0915fb520e4e506e Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Tue, 17 Jun 2014 21:11:26 +0300 Subject: [PATCH 34/59] poky.ent: Updated variables to support 1.5.3 release. (From yocto-docs rev: bb35f7584ab40d5689d3d4ff27410b106f1e9bd6) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/poky.ent | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/documentation/poky.ent b/documentation/poky.ent index 5407f98595..7d8767759f 100644 --- a/documentation/poky.ent +++ b/documentation/poky.ent @@ -1,9 +1,9 @@ - - + + - - - + + + From 780d5d0b911f418fc74f3023b154c1815e546681 Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Tue, 17 Jun 2014 21:13:32 +0300 Subject: [PATCH 35/59] mega-manual.sed: Updated release string to support 1.5.3 release. (From yocto-docs rev: d89818c7e258a546726c9fbe5f338f7917773a29) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/tools/mega-manual.sed | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/documentation/tools/mega-manual.sed b/documentation/tools/mega-manual.sed index baf3945a27..4d288daf43 100644 --- a/documentation/tools/mega-manual.sed +++ b/documentation/tools/mega-manual.sed @@ -1,13 +1,13 @@ # Processes ref-manual and yocto-project-qs manual (-- style) -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.2\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/[a-z]*-[a-z]*-[a-z]*\/[a-z]*-[a-z]*-[a-z]*.html#/\"link\" href=\"#/g # Processes all other manuals (- style) -s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.2\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g +s/\"ulink\" href=\"http:\/\/www.yoctoproject.org\/docs\/1.5.3\/[a-z]*-[a-z]*\/[a-z]*-[a-z]*.html#/\"link\" href=\"#/g # Process cases where just an external manual is referenced without an id anchor -s/Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g -s/Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g -s/Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g -s/Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g -s/Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g -s/Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g +s/Yocto Project Quick Start<\/a>/Yocto Project Quick Start/g +s/Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g +s/Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g +s/Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g +s/Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g +s/Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g From 3a980abd280e685b3d9815a2a18b5b79e1c508be Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Tue, 17 Jun 2014 21:57:24 +0300 Subject: [PATCH 36/59] documentation: Updated manual history tables. Added a new entry to support the 1.5.3 release. Using July 2014 as the release month and year. (From yocto-docs rev: fcd6046b8b2a5606e77d14cffa0bd2eebbe1748a) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/adt-manual/adt-manual.xml | 5 +++++ documentation/bsp-guide/bsp-guide.xml | 5 +++++ documentation/dev-manual/dev-manual.xml | 5 +++++ documentation/kernel-dev/kernel-dev.xml | 5 +++++ documentation/profile-manual/profile-manual.xml | 5 +++++ documentation/ref-manual/ref-manual.xml | 5 +++++ 6 files changed, 30 insertions(+) diff --git a/documentation/adt-manual/adt-manual.xml b/documentation/adt-manual/adt-manual.xml index 0a5383bc8d..8efa0a9442 100644 --- a/documentation/adt-manual/adt-manual.xml +++ b/documentation/adt-manual/adt-manual.xml @@ -76,6 +76,11 @@ May 2014 Released with the Yocto Project 1.5.2 Release. + + 1.5.3 + July 2014 + Released with the Yocto Project 1.5.3 Release. + diff --git a/documentation/bsp-guide/bsp-guide.xml b/documentation/bsp-guide/bsp-guide.xml index 23697f4345..ee43ee014b 100644 --- a/documentation/bsp-guide/bsp-guide.xml +++ b/documentation/bsp-guide/bsp-guide.xml @@ -88,6 +88,11 @@ May 2014 Released with the Yocto Project 1.5.2 Release. + + 1.5.3 + July 2014 + Released with the Yocto Project 1.5.3 Release. + diff --git a/documentation/dev-manual/dev-manual.xml b/documentation/dev-manual/dev-manual.xml index 9b9f89f857..4966c81978 100644 --- a/documentation/dev-manual/dev-manual.xml +++ b/documentation/dev-manual/dev-manual.xml @@ -66,6 +66,11 @@ May 2014 Released with the Yocto Project 1.5.2 Release. + + 1.5.3 + July 2014 + Released with the Yocto Project 1.5.3 Release. + diff --git a/documentation/kernel-dev/kernel-dev.xml b/documentation/kernel-dev/kernel-dev.xml index 06cdbab57d..0acd569022 100644 --- a/documentation/kernel-dev/kernel-dev.xml +++ b/documentation/kernel-dev/kernel-dev.xml @@ -51,6 +51,11 @@ May 2014 Released with the Yocto Project 1.5.2 Release. + + 1.5.3 + July 2014 + Released with the Yocto Project 1.5.3 Release. + diff --git a/documentation/profile-manual/profile-manual.xml b/documentation/profile-manual/profile-manual.xml index 93c2d9fed1..290ce2f0bb 100644 --- a/documentation/profile-manual/profile-manual.xml +++ b/documentation/profile-manual/profile-manual.xml @@ -51,6 +51,11 @@ May 2014 Released with the Yocto Project 1.5.2 Release. + + 1.5.3 + July 2014 + Released with the Yocto Project 1.5.3 Release. + diff --git a/documentation/ref-manual/ref-manual.xml b/documentation/ref-manual/ref-manual.xml index 69cdd04be3..706e4985b7 100644 --- a/documentation/ref-manual/ref-manual.xml +++ b/documentation/ref-manual/ref-manual.xml @@ -82,6 +82,11 @@ May 2014 Released with the Yocto Project 1.5.2 Release. + + 1.5.3 + July 2014 + Released with the Yocto Project 1.5.3 Release. + From afec960d87dcb3854bf5e7ba8f9d82f6cf236015 Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Wed, 18 Jun 2014 10:23:08 +0300 Subject: [PATCH 37/59] mega-manual.sed: Fixed search string problem for profile-manual. Found a very subtle problem with the search string that processes links to the Yocto Project Profiling and Tracing Manual where the links go to the top-level (i.e. no ID tag in the link). I had the name of the manual as "Yocto Project Profile and Tracing Manual", which means there would never be a match. Consequently, when the Makefile called the mega-manual.sed file to process the links in mega-manual.html, any top-level link to that manual was not processed and was being left as a hard link to the versioned manual. Processing a top-link should convert it to a non-link (for now). (From yocto-docs rev: 38c7971abe19293657f0170ecd8dc28c1047859b) Signed-off-by: Scott Rifenbark Conflicts: documentation/tools/mega-manual.sed Had to clean up some conflicts to get the cherry-pick to work. It seems the line for the profile manual was not even in this sed file. Also, had to reset the 1.4.4 strings to 1.5.3. Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/tools/mega-manual.sed | 1 + 1 file changed, 1 insertion(+) diff --git a/documentation/tools/mega-manual.sed b/documentation/tools/mega-manual.sed index 4d288daf43..1891ced108 100644 --- a/documentation/tools/mega-manual.sed +++ b/documentation/tools/mega-manual.sed @@ -9,5 +9,6 @@ s/Yocto Project Development Manual<\/a>/Yocto Project Development Manual/g s/Yocto Project Application Developer's Guide<\/a>/Yocto Project Application Developer's Guide/g s/Yocto Project Board Support Package (BSP) Developer's Guide<\/a>/Yocto Project Board Support Package (BSP) Developer's Guide/g +s/Yocto Project Profiling and Tracing Manual<\/a>/Yocto Project Profiling and Tracing Manual/g s/Yocto Project Linux Kernel Development Manual<\/a>/Yocto Project Linux Kernel Development Manual/g s/Yocto Project Reference Manual<\/a>/Yocto Project Reference Manual/g From 8cc89418217f961118a7b5dae1795911b7e8f881 Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Wed, 18 Jun 2014 11:47:01 +0300 Subject: [PATCH 38/59] dev-manual: Fixed a link that was broke in the mega-manual. Found a link in the dev-manual that had a hard return splitting the link across two lines. The mega-manual.sed file cannot process those links so it ignores them. (From yocto-docs rev: fabd8d47b4a5ce1e108ad282d9903e3b1daa5f3d) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/dev-manual/dev-manual-model.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/documentation/dev-manual/dev-manual-model.xml b/documentation/dev-manual/dev-manual-model.xml index c185522e15..66eb68973a 100644 --- a/documentation/dev-manual/dev-manual-model.xml +++ b/documentation/dev-manual/dev-manual-model.xml @@ -18,8 +18,7 @@ "Creating a New BSP Layer Using the yocto-bsp Script" section in the Yocto Project Board Support Package (BSP) Developer's Guide. For more complete information on how to work with the kernel, see the - Yocto Project Linux Kernel - Development Manual. + Yocto Project Linux Kernel Development Manual. User Application Development: User Application Development covers development of applications that you intend From 09d260e3e510c4e24d66ecd01a106e199fb1866a Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Wed, 18 Jun 2014 11:48:23 +0300 Subject: [PATCH 39/59] profile-manual: Fixed a transposed title. I had the actual title of the manual as displayed in the section heading for Chapter One wrong. (From yocto-docs rev: e61b251da0d8225f7497b2b7a0a8c8d1510a429b) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/profile-manual/profile-manual-intro.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/profile-manual/profile-manual-intro.xml b/documentation/profile-manual/profile-manual-intro.xml index 96f819c4d9..0d3f5a6099 100644 --- a/documentation/profile-manual/profile-manual-intro.xml +++ b/documentation/profile-manual/profile-manual-intro.xml @@ -4,7 +4,7 @@ -Yocto Project Tracing and Profiling Manual +Yocto Project Profiling and Tracing Manual
Introduction From 8c346a66b5a4ed787ad3d1950d959706a75e1997 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Thu, 19 Jun 2014 10:11:32 +0800 Subject: [PATCH 40/59] populate-extfs.sh: fix to handle /var/lib/opkg/alternatives/[[ correctly There was a patch trying to fix this problem by using 'dirname', but it caused some build failures, thus got reverted. The problem is that $DIR might be empty and we should first do the check before trying to use $(dirname $DIR). [YOCTO #5712] (From OE-Core rev: 8277c71747758e2ba0815a6f5cd11c9e0c9c90ce) Signed-off-by: Chen Qi Signed-off-by: Richard Purdie --- .../e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh index 7de720b115..da3954ea7d 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh @@ -23,12 +23,13 @@ DEBUGFS="debugfs" find $SRCDIR | while read FILE; do TGT="${FILE##*/}" DIR="${FILE#$SRCDIR}" - DIR="${DIR%$TGT}" # Skip the root dir [ ! -z "$DIR" ] || continue [ ! -z "$TGT" ] || continue + DIR="$(dirname $DIR)" + if [ "$DIR" != "$CWD" ]; then echo "cd $DIR" CWD="$DIR" From 3ceb90eacdcb7a38542edbe8856b55cfecc1d5a0 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Thu, 19 Jun 2014 10:11:33 +0800 Subject: [PATCH 41/59] populate-extfs.sh: error out if debugfs encounters some error Previously, even if we encounter some error when populating the ext filesystem, we don't error out and the rootfs process still succeeds. However, what's really expected is that the populate-extfs.sh script should error out if something wrong happens when using `debugfs' to generate the ext filesystem. For example, if there's not enough block in the filesystem, and allocating a block for some file fails, the failure should not be ignored. Otherwise, we will have a successful build but a corrupted filesystem. The debugfs returns 0 as long as the command is valid. That is, even if the command fails, the debugfs still returns 0. That's really a pain here. That's why this patch checks the error output to see whether there's any error logged. (From OE-Core rev: 468d3e60ee10348578f78f846e87c02359fdb8bf) Signed-off-by: Chen Qi Signed-off-by: Richard Purdie --- .../e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh index da3954ea7d..23d97d39b6 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh @@ -94,4 +94,9 @@ DEBUGFS="debugfs" echo "sif $SRC links_count $LN_CNT" done rm -fr $INODE_DIR -} | $DEBUGFS -w -f - $DEVICE +} | $DEBUGFS -w -f - $DEVICE 2>&1 1>/dev/null | grep '.*: .*' + +if [ $? = 0 ]; then + echo "Some error occured while executing [$DEBUGFS -w -f - $DEVICE]" + exit 1 +fi From c60886f9f5ce046da9259a2b2a9b907351dfc259 Mon Sep 17 00:00:00 2001 From: Jonathan Liu Date: Mon, 26 May 2014 22:15:14 -0400 Subject: [PATCH 42/59] consolekit: fix console-kit-log-system-start.service startup console-kit-log-system-start.service fails to to start if the /var/log/ConsoleKit directory does not exist. Normally it is created automatically but as we mount a tmpfs at /var/log, we need to add a tmpfiles.d entry to create it. (From OE-Core master rev: 2a9a14bf400fe0c263c58aa85b02aba7311b1328) (From OE-Core rev: 305da37a4dc0fba2b8f3219cfae47a1d4228f244) Signed-off-by: Jonathan Liu Signed-off-by: Saul Wold Signed-off-by: Richard Purdie Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- meta/recipes-support/consolekit/consolekit_0.4.6.bb | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta/recipes-support/consolekit/consolekit_0.4.6.bb b/meta/recipes-support/consolekit/consolekit_0.4.6.bb index 63da028f81..ac5c37fd39 100644 --- a/meta/recipes-support/consolekit/consolekit_0.4.6.bb +++ b/meta/recipes-support/consolekit/consolekit_0.4.6.bb @@ -37,6 +37,12 @@ FILES_pam-plugin-ck-connector += "${base_libdir}/security/*.so" RDEPENDS_pam-plugin-ck-connector += "${PN}" do_install_append() { + if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}${sysconfdir}/tmpfiles.d + echo "d ${localstatedir}/log/ConsoleKit - - - -" \ + > ${D}${sysconfdir}/tmpfiles.d/consolekit.conf + fi + # Remove /var/run from package as console-kit-daemon will populate it on startup rm -fr "${D}${localstatedir}/run" } From 47afe5bcfabff3acc6502f9ec502d18e652d033a Mon Sep 17 00:00:00 2001 From: Mark Hatle Date: Mon, 26 May 2014 22:15:15 -0400 Subject: [PATCH 43/59] rpm: Fix rpm -V usage [YOCTO #6309] It appears a logic issue has caused rpm -V to no longer verify the files on the filesystem match what was installed. (From OE-Core master rev: 117862cd0eebf6887c2ea6cc353432caee2653aa) (From OE-Core rev: 9f9bcad51381887819d58ffdde2e41307d342473) Signed-off-by: Mark Hatle Signed-off-by: Richard Purdie Signed-off-by: Robert Yang Signed-off-by: Richard Purdie --- .../rpm/rpm/rpm-verify-files.patch | 22 +++++++++++++++++++ meta/recipes-devtools/rpm/rpm_5.4.9.bb | 1 + 2 files changed, 23 insertions(+) create mode 100644 meta/recipes-devtools/rpm/rpm/rpm-verify-files.patch diff --git a/meta/recipes-devtools/rpm/rpm/rpm-verify-files.patch b/meta/recipes-devtools/rpm/rpm/rpm-verify-files.patch new file mode 100644 index 0000000000..fddac7a1c0 --- /dev/null +++ b/meta/recipes-devtools/rpm/rpm/rpm-verify-files.patch @@ -0,0 +1,22 @@ +lib/verify.c: Fix rpm -V file processing + +rpm -V should verify the md5sum and other values on individual files. +A logic error in the query for GHOST files prevented this from working. + +[ Upstream-Status: Submitted ] + +Signed-off-by: Mark Hatle + +Index: rpm-5.4.9/lib/verify.c +=================================================================== +--- rpm-5.4.9.orig/lib/verify.c ++++ rpm-5.4.9/lib/verify.c +@@ -587,7 +587,7 @@ uint32_t fc = rpmfiFC(fi); + + /* If not verifying %ghost, skip ghost files. */ + /* XXX the broken!!! logic disables %ghost queries always. */ +- if (!(FF_ISSET(qva->qva_fflags, GHOST) && FF_ISSET(fflags, GHOST))) ++ if (!(FF_ISSET(qva->qva_fflags, GHOST)) && FF_ISSET(fflags, GHOST)) + continue; + + /* Gather per-file data into a carrier. */ diff --git a/meta/recipes-devtools/rpm/rpm_5.4.9.bb b/meta/recipes-devtools/rpm/rpm_5.4.9.bb index c2f22799e9..702a142977 100644 --- a/meta/recipes-devtools/rpm/rpm_5.4.9.bb +++ b/meta/recipes-devtools/rpm/rpm_5.4.9.bb @@ -89,6 +89,7 @@ SRC_URI = "http://www.rpm5.org/files/rpm/rpm-5.4/rpm-5.4.9-0.20120508.src.rpm;ex file://debugedit-valid-file-to-fix-segment-fault.patch \ file://rpm-platform-file-fix.patch \ file://rpm-lsb-compatibility.patch \ + file://rpm-verify-files.patch \ " # Uncomment the following line to enable platform score debugging From 05f172c745799a34aa8c530ac88b25c0081c15d8 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Mon, 26 May 2014 22:15:16 -0400 Subject: [PATCH 44/59] populate-extfs.sh: keep file timestamps Fix populate-extfs.sh to keep file timestamps while generating the ext file systems. [YOCTO #6348] (From OE-Core rev: f8c0359edc2ce740e13e874ea189770ff99d1525) Signed-off-by: Chen Qi Signed-off-by: Richard Purdie --- .../e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh index 23d97d39b6..26a8d89143 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh @@ -36,7 +36,7 @@ DEBUGFS="debugfs" fi # Only stat once since stat is a time consuming command - STAT=$(stat -c "TYPE=\"%F\";DEVNO=\"0x%t 0x%T\";MODE=\"%f\";U=\"%u\";G=\"%g\"" "$FILE") + STAT=$(stat -c "TYPE=\"%F\";DEVNO=\"0x%t 0x%T\";MODE=\"%f\";U=\"%u\";G=\"%g\";AT=\"%x\";MT=\"%y\";CT=\"%z\"" "$FILE") eval $STAT case $TYPE in @@ -70,6 +70,14 @@ DEBUGFS="debugfs" # Set uid and gid echo "sif \"$TGT\" uid $U" echo "sif \"$TGT\" gid $G" + + # Set atime, mtime and ctime + AT=`echo $AT | cut -d'.' -f1 | sed -e 's#[- :]##g'` + MT=`echo $MT | cut -d'.' -f1 | sed -e 's#[- :]##g'` + CT=`echo $CT | cut -d'.' -f1 | sed -e 's#[- :]##g'` + echo "sif \"$TGT\" atime $AT" + echo "sif \"$TGT\" mtime $MT" + echo "sif \"$TGT\" ctime $CT" done # Handle the hard links. From 7c3f509c065960fed9445cd73e350b7c7ddfd521 Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Sun, 18 May 2014 19:14:32 -0700 Subject: [PATCH 45/59] prelink: Fix SRC_URI The SHA we use it actually on cross_prelink branch if you do not use yocto source mirrors then the fetch for prelink on dora fails due to missing branch in SRC_URI (From OE-Core rev: 13b57cab7cdd2bf967622ec5015478dc56938b8b) Signed-off-by: Khem Raj Signed-off-by: Richard Purdie --- meta/recipes-devtools/prelink/prelink_git.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/prelink/prelink_git.bb b/meta/recipes-devtools/prelink/prelink_git.bb index 744a55ff39..9f6e315050 100644 --- a/meta/recipes-devtools/prelink/prelink_git.bb +++ b/meta/recipes-devtools/prelink/prelink_git.bb @@ -26,7 +26,7 @@ FILES_${PN}-cron = "${sysconfdir}/cron.daily ${sysconfdir}/default" PACKAGES =+ "${PN}-cron" -SRC_URI = "git://git.yoctoproject.org/prelink-cross.git \ +SRC_URI = "git://git.yoctoproject.org/prelink-cross.git;branch=cross_prelink \ file://prelink.conf \ file://prelink.cron.daily \ file://prelink.default \ From 4a18e162d841a6b52a022d4c76b0d60bbd77d5f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Cerveau?= Date: Mon, 30 Jun 2014 16:18:44 +0200 Subject: [PATCH 46/59] e2fsprogs: Fix populate-extfs.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix the use of command dirname on ubuntu 12.04. dirname does not accept space in file name. (From OE-Core rev: ab6bd289d51c3c44862b43241a99d3e4f3ff13c0) Signed-off-by: Stéphane Cerveau Signed-off-by: Richard Purdie --- .../e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh index 26a8d89143..47f5b5b237 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh @@ -28,7 +28,7 @@ DEBUGFS="debugfs" [ ! -z "$DIR" ] || continue [ ! -z "$TGT" ] || continue - DIR="$(dirname $DIR)" + DIR="$(dirname "$DIR")" if [ "$DIR" != "$CWD" ]; then echo "cd $DIR" From 19f3e362b379e493144791269c5da7f936448b76 Mon Sep 17 00:00:00 2001 From: Henning Heinold Date: Tue, 24 Jun 2014 23:34:45 +0200 Subject: [PATCH 47/59] perf: fix broken shell comparsion in do_install The patch was sponsored by sysmocom (From OE-Core rev: 7e38d8ad6f7f4c289975acdac5c4d254ff3df7e6) Signed-off-by: Henning Heinold Signed-off-by: Richard Purdie --- meta/recipes-kernel/perf/perf.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index 903ffa6eaf..31c2c8eade 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -109,7 +109,7 @@ do_install() { unset CFLAGS oe_runmake DESTDIR=${D} install # we are checking for this make target to be compatible with older perf versions - if [ "${@perf_feature_enabled('perf-scripting', 1, 0, d)}" = "1" -a $(grep install-python_ext ${S}/tools/perf/Makefile) = "0"]; then + if [ "${@perf_feature_enabled('perf-scripting', 1, 0, d)}" = "1" -a $(grep install-python_ext ${S}/tools/perf/Makefile) = "0" ]; then oe_runmake DESTDIR=${D} install-python_ext fi } From a63f07c4ce8216b59c61ed97616766328b42a2b2 Mon Sep 17 00:00:00 2001 From: Henning Heinold Date: Tue, 24 Jun 2014 23:34:47 +0200 Subject: [PATCH 48/59] perf: add slang to the dependencies * TUI/GUI support was added in 2.6.35 based on libnewt * since 3.10 slang replaced libnewt completly * changing TUI_DEFINES is not necessary, because NO_NEWT is still respected with newer kernels * add comment about the gui history to the recipe The patch was sponsored by sysmocom (From OE-Core rev: 104e317f1fe68244d31c72897df2e5c997ff502a) Signed-off-by: Henning Heinold Signed-off-by: Richard Purdie --- meta/recipes-kernel/perf/perf.bb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index 31c2c8eade..0c258e7287 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -15,7 +15,10 @@ require perf-features.inc BUILDPERF_libc-uclibc = "no" -TUI_DEPENDS = "${@perf_feature_enabled('perf-tui', 'libnewt', '',d)}" +# gui support was added with kernel 3.6.35 +# since 3.10 libnewt was replaced by slang +# to cover a wide range of kernel we add both dependencies +TUI_DEPENDS = "${@perf_feature_enabled('perf-tui', 'libnewt slang', '',d)}" SCRIPTING_DEPENDS = "${@perf_feature_enabled('perf-scripting', 'perl python', '',d)}" DEPENDS = "virtual/kernel \ From 2e2a6d0c4e54eda550294d9394ed77315886b8ac Mon Sep 17 00:00:00 2001 From: Henning Heinold Date: Tue, 24 Jun 2014 23:34:46 +0200 Subject: [PATCH 49/59] perf: split packging * some fundamental perf commands can work without the dependency on perl, python or bash make them separate packages and RSUGGEST them * bump PR The patch was sponsored by sysmocom (From OE-Core rev: a6f79561f7a2f6bc354d5ea8d84b836ac5c9b08f) Signed-off-by: Henning Heinold Signed-off-by: Richard Purdie --- meta/recipes-kernel/perf/perf.bb | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index 0c258e7287..63d356ed51 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -9,7 +9,7 @@ as well." LICENSE = "GPLv2" LIC_FILES_CHKSUM = "file://COPYING;md5=d7810fab7487fb0aad327b76f1be7cd7" -PR = "r8" +PR = "r9" require perf-features.inc @@ -30,9 +30,6 @@ DEPENDS = "virtual/kernel \ bison flex \ " -SCRIPTING_RDEPENDS = "${@perf_feature_enabled('perf-scripting', 'perl perl-modules python', '',d)}" -RDEPENDS_${PN} += "elfutils bash ${SCRIPTING_RDEPENDS}" - PROVIDES = "virtual/perf" inherit linux-kernel-base kernel-arch pythonnative @@ -127,6 +124,18 @@ python do_package_prepend() { PACKAGE_ARCH = "${MACHINE_ARCH}" -FILES_${PN} += "${libexecdir}/perf-core" +PACKAGES =+ "${PN}-archive ${PN}-tests ${PN}-perl ${PN}-python" + +RDEPENDS_${PN} += "elfutils" +RDEPENDS_${PN}-archive =+ "bash" +RDEPENDS_${PN}-python =+ "bash python" +RDEPENDS_${PN}-perl =+ "bash perl perl-modules" + +RSUGGESTS_SCRIPTING = "${@perf_feature_enabled('perf-scripting', '${PN}-perl ${PN}-python', '',d)}" +RSUGGESTS_${PN} += "${PN}-archive ${PN}-tests ${RSUGGESTS_SCRIPTING}" + FILES_${PN}-dbg += "${libdir}/python*/site-packages/.debug" -FILES_${PN} += "${libdir}/python*/site-packages" +FILES_${PN}-archive = "${libdir}/perf/perf-core/perf-archive" +FILES_${PN}-tests = "${libdir}/perf/perf-core/tests" +FILES_${PN}-python = "${libdir}/python*/site-packages ${libdir}/perf/perf-core/scripts/python" +FILES_${PN}-perl = "${libdir}/perf/perf-core/scripts/perl" From 845df01345e166b9f9921514cea3a4f1274023a1 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Thu, 23 Jan 2014 12:10:01 +0000 Subject: [PATCH 50/59] libtool-cross/native: Force usage of bash due to sstate inconsistencies Scenario: a) libtool script is built on system with bash as /bin/sh b) machine B installs sstate from build a) c) machine B has dash as /bin/sh In this scenario, the script fails to work properly since its expecting /bin/sh to have bash like syntax and it no longer does have it. This patch forces the configure process to use /bin/bash, not /bin/sh and hence allows the scripts to work correctly when used from sstate. (From OE-Core rev: 24d5b449e5f4d91119f0d8e13c457618811aadfc) (From OE-Core rev: 330c3085317a0b0981163ff5c41c54596e0d127d) Signed-off-by: Richard Purdie --- meta/recipes-devtools/libtool/libtool-cross_2.4.2.bb | 2 ++ meta/recipes-devtools/libtool/libtool-native_2.4.2.bb | 1 + 2 files changed, 3 insertions(+) diff --git a/meta/recipes-devtools/libtool/libtool-cross_2.4.2.bb b/meta/recipes-devtools/libtool/libtool-cross_2.4.2.bb index 34aae0bf13..72fad37eaf 100644 --- a/meta/recipes-devtools/libtool/libtool-cross_2.4.2.bb +++ b/meta/recipes-devtools/libtool/libtool-cross_2.4.2.bb @@ -39,3 +39,5 @@ libtoolcross_sysroot_preprocess () { } SSTATE_SCAN_FILES += "libtoolize *-libtool" + +export CONFIG_SHELL="/bin/bash" diff --git a/meta/recipes-devtools/libtool/libtool-native_2.4.2.bb b/meta/recipes-devtools/libtool/libtool-native_2.4.2.bb index df73f08e99..f1051d84f3 100644 --- a/meta/recipes-devtools/libtool/libtool-native_2.4.2.bb +++ b/meta/recipes-devtools/libtool/libtool-native_2.4.2.bb @@ -22,3 +22,4 @@ do_install () { install -m 0755 ${HOST_SYS}-libtool ${D}${bindir}/${HOST_SYS}-libtool } +export CONFIG_SHELL="/bin/bash" From c4a539c8c85b16237a865d31549748a398de62d3 Mon Sep 17 00:00:00 2001 From: Chen Qi Date: Tue, 8 Jul 2014 18:38:15 +0800 Subject: [PATCH 51/59] populate-extfs.sh: fix to handle special file names correctly `debugfs' treats spaces and "" specially. So when we are dealing with file names, great care should be taken to make sure that `debugfs' recognizes file names correctly. The basic solution here is: 1. Use quotation marks to handle spaces correctly. 2. Replace "xxx" with ""xxx"" so that debugfs knows that the quotation marks are parts of the file name. [YOCTO #6503] (From OE-Core rev: 24f17607e996c499c8f86eda0588d02af1e960b9) Signed-off-by: Chen Qi Signed-off-by: Richard Purdie --- .../e2fsprogs-1.42.8/populate-extfs.sh | 72 ++++++++++++++----- 1 file changed, 54 insertions(+), 18 deletions(-) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh index 47f5b5b237..a1808b3b3f 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs-1.42.8/populate-extfs.sh @@ -30,8 +30,41 @@ DEBUGFS="debugfs" DIR="$(dirname "$DIR")" + # debugfs handles the quotation mark differently from other special marks like { + # If FILE contains quotation marks in its name, then we have to replace " with "" + # so that debugfs could correclty recognize them. In this script, we use the prefix + # of D_ to denote the file names that should be used by debugfs. + # + # The usage of case statements here is to avoid performace impact. + case $FILE in + *\"*) + D_FILE="$(echo $FILE | sed -e 's#\"#\"\"#g')" + ;; + *) + D_FILE="$FILE" + ;; + esac + + case $DIR in + *\"*) + D_DIR="$(echo $DIR | sed -e 's#\"#\"\"#g')" + ;; + *) + D_DIR="$DIR" + ;; + esac + + case $TGT in + *\"*) + D_TGT="$(echo $TGT | sed -e 's#\"#\"\"#g')" + ;; + *) + D_TGT="$TGT" + ;; + esac + if [ "$DIR" != "$CWD" ]; then - echo "cd $DIR" + echo "cd \"$D_DIR\"" CWD="$DIR" fi @@ -41,23 +74,24 @@ DEBUGFS="debugfs" case $TYPE in "directory") - echo "mkdir $TGT" + echo "mkdir \"$D_TGT\"" ;; "regular file" | "regular empty file") - echo "write \"$FILE\" \"$TGT\"" + echo "write \"$D_FILE\" \"$D_TGT\"" ;; "symbolic link") LINK_TGT=$(readlink "$FILE") - echo "symlink \"$TGT\" \"$LINK_TGT\"" + D_LINK_TGT="$(echo $LINK_TGT | sed -e 's#\"#\"\"#g')" + echo "symlink \"$D_TGT\" \"$D_LINK_TGT\"" ;; "block special file") - echo "mknod \"$TGT\" b $DEVNO" + echo "mknod \"$D_TGT\" b $DEVNO" ;; "character special file") - echo "mknod \"$TGT\" c $DEVNO" + echo "mknod \"$D_TGT\" c $DEVNO" ;; "fifo") - echo "mknod \"$TGT\" p" + echo "mknod \"$D_TGT\" p" ;; *) echo "Unknown/unhandled file type '$TYPE' file: $FILE" 1>&2 @@ -65,19 +99,19 @@ DEBUGFS="debugfs" esac # Set the file mode - echo "sif \"$TGT\" mode 0x$MODE" + echo "sif \"$D_TGT\" mode 0x$MODE" # Set uid and gid - echo "sif \"$TGT\" uid $U" - echo "sif \"$TGT\" gid $G" + echo "sif \"$D_TGT\" uid $U" + echo "sif \"$D_TGT\" gid $G" # Set atime, mtime and ctime AT=`echo $AT | cut -d'.' -f1 | sed -e 's#[- :]##g'` MT=`echo $MT | cut -d'.' -f1 | sed -e 's#[- :]##g'` CT=`echo $CT | cut -d'.' -f1 | sed -e 's#[- :]##g'` - echo "sif \"$TGT\" atime $AT" - echo "sif \"$TGT\" mtime $MT" - echo "sif \"$TGT\" ctime $CT" + echo "sif \"$D_TGT\" atime $AT" + echo "sif \"$D_TGT\" mtime $MT" + echo "sif \"$D_TGT\" ctime $CT" done # Handle the hard links. @@ -91,15 +125,17 @@ DEBUGFS="debugfs" # Use the debugfs' ln and "sif links_count" to handle them. for i in `ls $INODE_DIR`; do # The link source - SRC=`head -1 $INODE_DIR/$i` + SRC="$(head -1 $INODE_DIR/$i)" + D_SRC="$(echo $SRC | sed -e 's#\"#\"\"#g')" # Remove the files and link them again except the first one - for TGT in `sed -n -e '1!p' $INODE_DIR/$i`; do - echo "rm $TGT" - echo "ln $SRC $TGT" + sed -n -e '1!p' $INODE_DIR/$i | while read TGT; do + D_TGT="$(echo $TGT | sed -e 's#\"#\"\"#g')" + echo "rm \"$D_TGT\"" + echo "ln \"$D_SRC\" \"$D_TGT\"" done LN_CNT=`cat $INODE_DIR/$i | wc -l` # Set the links count - echo "sif $SRC links_count $LN_CNT" + echo "sif \"$D_SRC\" links_count $LN_CNT" done rm -fr $INODE_DIR } | $DEBUGFS -w -f - $DEVICE 2>&1 1>/dev/null | grep '.*: .*' From acb65ef18e4a494bf4f12d6114349e475ccbaa57 Mon Sep 17 00:00:00 2001 From: Roy Li Date: Tue, 8 Jul 2014 11:17:15 +0800 Subject: [PATCH 52/59] opkg: putting the service files into PN (From OE-Core rev: f0ec7f81c1951211f049c342fd6bd1cad424564a) [YOCTO #6392] (From OE-Core rev: b76a5dd195000d157034f1f0a9a35d4ba4680e60) Signed-off-by: Roy Li Signed-off-by: Saul Wold Signed-off-by: Richard Purdie Signed-off-by: Chen Qi Signed-off-by: Richard Purdie --- meta/recipes-devtools/opkg/opkg.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/opkg/opkg.inc b/meta/recipes-devtools/opkg/opkg.inc index 78724f359b..fb99fb5076 100644 --- a/meta/recipes-devtools/opkg/opkg.inc +++ b/meta/recipes-devtools/opkg/opkg.inc @@ -51,6 +51,7 @@ FILES_update-alternatives-cworth = "${bindir}/update-alternatives" FILES_libopkg-dev = "${libdir}/*.la ${libdir}/*.so ${includedir}/libopkg" FILES_libopkg-staticdev = "${libdir}/*.a" FILES_libopkg = "${libdir}/*.so.* ${OPKGLIBDIR}/opkg/" +FILES_${PN} += "${systemd_unitdir}/system/" do_install_append() { # We need to create the lock directory From 5d1f0c016098d5950fe97ce3b397b0781ed78aba Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Tue, 8 Jul 2014 16:23:23 +0100 Subject: [PATCH 53/59] build-appliance-image: Update to dora head revision (From OE-Core rev: 2bfb8cbe773f6e496ed6192c94a74db1293d72eb) Signed-off-by: Richard Purdie --- meta/recipes-core/images/build-appliance-image_8.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/images/build-appliance-image_8.0.bb b/meta/recipes-core/images/build-appliance-image_8.0.bb index 261beb69ab..82df5ef1ee 100644 --- a/meta/recipes-core/images/build-appliance-image_8.0.bb +++ b/meta/recipes-core/images/build-appliance-image_8.0.bb @@ -21,7 +21,7 @@ IMAGE_FSTYPES = "vmdk" inherit core-image -SRCREV ?= "e07904836a5dc71bb68577eeb4963bc7ecde0224" +SRCREV ?= "acb65ef18e4a494bf4f12d6114349e475ccbaa57" SRC_URI = "git://git.yoctoproject.org/poky \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ From 4278b11da97f6fbb5da16dffe46e797923063da9 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Tue, 8 Jul 2014 16:26:15 +0100 Subject: [PATCH 54/59] poky.conf: Bump version for 1.5.3 dora release (From meta-yocto rev: 9ad69dd83856cd5a9fd4b1fc50fc6d5d6d349560) Signed-off-by: Richard Purdie --- meta-yocto/conf/distro/poky.conf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta-yocto/conf/distro/poky.conf b/meta-yocto/conf/distro/poky.conf index 35d47e276f..f50bf55ceb 100644 --- a/meta-yocto/conf/distro/poky.conf +++ b/meta-yocto/conf/distro/poky.conf @@ -1,7 +1,7 @@ DISTRO = "poky" DISTRO_NAME = "Poky (Yocto Project Reference Distro)" -DISTRO_VERSION = "1.5.2" -DISTRO_CODENAME = "next" +DISTRO_VERSION = "1.5.3" +DISTRO_CODENAME = "dora" SDK_VENDOR = "-pokysdk" SDK_VERSION := "${@'${DISTRO_VERSION}'.replace('snapshot-${DATE}','snapshot')}" From dc743744d8e3a9caef577aeab6b7f51bc08ded17 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Tue, 8 Jul 2014 16:27:34 +0100 Subject: [PATCH 55/59] build-appliance-image: Update to dora head revision (From OE-Core rev: 026d26e3b6c2f608cc03aa00fe1fb1ace9e070d8) Signed-off-by: Richard Purdie --- meta/recipes-core/images/build-appliance-image_8.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/images/build-appliance-image_8.0.bb b/meta/recipes-core/images/build-appliance-image_8.0.bb index 82df5ef1ee..63cd61b5a1 100644 --- a/meta/recipes-core/images/build-appliance-image_8.0.bb +++ b/meta/recipes-core/images/build-appliance-image_8.0.bb @@ -21,7 +21,7 @@ IMAGE_FSTYPES = "vmdk" inherit core-image -SRCREV ?= "acb65ef18e4a494bf4f12d6114349e475ccbaa57" +SRCREV ?= "4278b11da97f6fbb5da16dffe46e797923063da9" SRC_URI = "git://git.yoctoproject.org/poky \ file://Yocto_Build_Appliance.vmx \ file://Yocto_Build_Appliance.vmxf \ From 60907ba907557bfd1b0f10fa39f3dd3fdbceda8c Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Fri, 18 Jul 2014 10:29:29 +0300 Subject: [PATCH 56/59] dev-manual: Updates to the "Creating Partitioned Images" section. These updates are to the wic section. I have updated the syntax and some requirements for running and using wic. The original information was never reviewed before appearing in only the 1.5.2 verison of the dev-manual. (From yocto-docs rev: 66c755f2753c52bdb304281d2109c2c253941d35) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- .../dev-manual/dev-manual-common-tasks.xml | 171 +++++++++--------- 1 file changed, 83 insertions(+), 88 deletions(-) diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml index 941550dc24..c8de6bff93 100644 --- a/documentation/dev-manual/dev-manual-common-tasks.xml +++ b/documentation/dev-manual/dev-manual-common-tasks.xml @@ -1940,7 +1940,7 @@ format the device requires. Should your device require multiple partitions on an SD card, flash, or an HDD, you can use the OpenEmbedded Image Creator - () to create the properly partitioned image. + to create the properly partitioned image. @@ -1949,8 +1949,10 @@ Image generation is driven by partitioning commands contained in an Openembedded kickstart file (.wks) specified either directly on the command-line or as one of a - selection of canned .wks files - (see 'wic list images'). + selection of canned .wks files as shown + with the wic list images command in the + "Using a Provided Kickstart File" + section. When applied to a given set of build artifacts, the result is an image or set of images that can be directly written onto media and used on a particular system. @@ -2003,34 +2005,6 @@
- -
Requirements @@ -2131,14 +2105,65 @@ the details. + + Regardless of the mode you use, you need to have the build + artifacts ready and available. + Additionally, the environment must be set up using the + &OE_INIT_FILE; + or + oe-init-build-env-memres + script found in the + Build Directory. + +
Raw Mode The general form of the 'wic' command in raw mode is: - $ wic create <image_name>.wks -r <rootfs_dir> -b <bootimg_dir> / - -k <kernel_dir> -n <native_sysroot> + $ wic create image_name.wks [options] [...] + + Where: + + image_name.wks + An an OpenEmbedded kickstart file. You can provide + your own custom file or use a file from a set of + provided files as described by further options. + + -o OUTDIR, --outdir=OUTDIR + The name of a directory in which to create image. + + -i PROPERTIES_FILE, --infile=PROPERTIES_FILE + The name of a file containing the values for image + properties as a JSON file. + + -e IMAGE_NAME, --image-name=IMAGE_NAME + The name of the image from which to use the artifacts + (e.g. core-image-sato). + + -r ROOTFS_DIR, --rootfs-dir=ROOTFS_DIR + The path to the /rootfs directory to use as the + .wks rootfs source. + + -b BOOTIMG_DIR, --bootimg-dir=BOOTIMG_DIR + The path to the directory containing the boot artifacts + (e.g. /EFI or /syslinux) to use as the .wks bootimg + source. + + -k KERNEL_DIR, --kernel-dir=KERNEL_DIR + The path to the directory containing the kernel to use + in the .wks boot image. + + -n NATIVE_SYSROOT, --native-sysroot=NATIVE_SYSROOT + The path to the native sysroot containing the tools to use + to build the image. + + -p, --skip-build-check + Skips the build check. + + -D, --debug + Output debug information. You do not need root privileges to run @@ -2147,37 +2172,6 @@ the details. utility. - - - Following is a description of the wic - parameters and options: - - <image_name>.wks: - An OpenEmbedded kickstart file. - You can provide your own custom file or use a - file from a set of provided files as described - following this list. - -r <rootfs_dir>: - Specifies the path to the root filesystem directory - to be used and the .wks - root filesystem source. - -b <bootimg_dir>: - Specifies the path to the directory that contains - the boot artifacts (e.g. the - EFI or - syslinux directories) to use - as the .wks boot image source. - - -k <kernel_dir>: - Specifies the path to the dir containing the kernel - to use in the .wks boot - image. - -n <native_sysroot>: - Specifies the path to the native sysroot - that contains the tools used to build the image. - - -
@@ -2187,7 +2181,17 @@ the details. The general form of the wic command using Cooked Mode is: - $ wic create <kickstart_file> -e <image_name> + $ wic create kickstart_file -e image_name + + Where: + + kickstart_file + An OpenEmbedded kickstart file. You can provide your own + custom file or supplied file. + + image_name + Specifies the image built using the OpenEmbedded build + system. This form is the simplest and most user-friendly, as it does not require specifying all individual parameters. @@ -2195,20 +2199,6 @@ the details. .wks file or one provided with the release. - - - Following is a description of the wic - parameters and options: - - <kickstart>: - An OpenEmbedded kickstart file. - You can provide your own custom file or supplied - file. - -e <image_name>: - Specifies the image built using the OpenEmbedded - build system. - -
@@ -2222,16 +2212,16 @@ the details. Use the following command to list the available files: $ wic list images - mkefidisk Create an EFI disk image directdisk Create a 'pcbios' direct disk image + mkefidisk Create an EFI disk image When you use a provided file, you do not have to use the .wks extension. Here is an example in Raw Mode that uses the directdisk file: - $ wic create directdisk -r <rootfs_dir> -b <bootimg_dir> \ - -k <kernel_dir> -n <native_sysroot> + $ wic create directdisk -r rootfs_dir -b bootimg_dir \ + -k kernel_dir -n native_sysroot @@ -2244,13 +2234,13 @@ the details. # long-description: Creates a partitioned EFI disk image that the user # can directly dd to boot media. - part /boot --source bootimg --ondisk sda --fstype=efi --label msdos --active --align 1024 + part /boot ‐‐source bootimg-efi ‐‐ondisk sda ‐‐fstype=efi ‐‐active - part / --source rootfs --ondisk sda --fstype=ext3 --label platform --align 1024 + part / ‐‐source rootfs ‐‐ondisk sda ‐‐fstype=ext3 ‐‐label platform - part swap --ondisk sda --size 44 --label swap1 --fstype=swap + part swap ‐‐ondisk sda ‐‐size 44 ‐‐label swap1 ‐‐fstype=swap - bootloader --timeout=10 --append="rootwait rootfstype=ext3 console=ttyPCH0,115200 console=tty0 vmalloc=256MB snd-hda- intel.enable_msi=0" + bootloader ‐‐timeout=10 ‐‐append="rootwait console=ttyPCH0,115200" @@ -2377,7 +2367,8 @@ the details. directory and then changing the lines that specify the target disk from which to boot. - $ cp /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisk.wks /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisksdb.wks + $ cp /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisk.wks \ + /home/trz/yocto/yocto-image/scripts/lib/image/canned-wks/directdisksdb.wks Next, the example modifies the directdisksdb.wks file and changes all @@ -2474,7 +2465,11 @@ the details. somewhere other than the default /var/tmp/wic directory: - $ wic create ~/test.wks -o /home/trz/testwic --rootfs-dir /home/trz/yocto/yocto-image/build/tmp/work/crownbay_noemgd-poky-linux/core-image-minimal/1.0-r0/rootfs --bootimg-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/share --kernel-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/src/kernel --native-sysroot /home/trz/yocto/yocto-image/build/tmp/sysroots/x86_64-linux + $ wic create ~/test.wks -o /home/trz/testwic --rootfs-dir \ + /home/trz/yocto/yocto-image/build/tmp/work/crownbay_noemgd-poky-linux/core-image-minimal/1.0-r0/rootfs \ + --bootimg-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/share \ + --kernel-dir /home/trz/yocto/yocto-image/build/tmp/sysroots/crownbay-noemgd/usr/src/kernel \ + --native-sysroot /home/trz/yocto/yocto-image/build/tmp/sysroots/x86_64-linux Creating image(s)... From c84c5360195b3a379a4bc5fd27142e89b123f4bb Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Wed, 23 Jul 2014 09:46:43 +0300 Subject: [PATCH 57/59] dev-manual: Fixed broken link to MACHINE variable. (From yocto-docs rev: bdbadd1ccb2648482a40335921b2076f0149a0c0) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/dev-manual/dev-manual-common-tasks.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml index c8de6bff93..9809add16a 100644 --- a/documentation/dev-manual/dev-manual-common-tasks.xml +++ b/documentation/dev-manual/dev-manual-common-tasks.xml @@ -2099,7 +2099,7 @@ command-line arguments. Cooked Mode: The current - MACHINE + MACHINE setting and image name are used to automatically locate and provide the build artifacts. From 90ea79e5156c0023d10c39e380e84c2e233f4c1c Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Fri, 25 Jul 2014 08:16:41 +0300 Subject: [PATCH 58/59] ref-manual: Updated note in the "CentOS Packages" section. We want to encourage installation of the buildtools tarball for getting the most up-to-date packages on this build host. (From yocto-docs rev: 92dbc6e90dffaefc4a91bab81532d24de0d631cc) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- documentation/ref-manual/introduction.xml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/documentation/ref-manual/introduction.xml b/documentation/ref-manual/introduction.xml index bcac4c750f..81e6f78608 100644 --- a/documentation/ref-manual/introduction.xml +++ b/documentation/ref-manual/introduction.xml @@ -285,11 +285,17 @@ The following list shows the required packages by function given a supported CentOS Linux distribution: - Depending on the CentOS version you are using, other requirements - and dependencies might exist. - For details, you should look at the CentOS sections on the - Poky/GettingStarted/Dependencies - wiki page. + + For CentOS 6.x, some of the versions of the components + provided by the distribution are too old (e.g. Git, Python, + and tar). + It is recommended that you install the buildtools in order + to provide versions that will work with the OpenEmbedded + build system. + For information on how to install the buildtools tarball, + see the + "Required Git, Tar, and Python Versions" + section. Essentials: From e72727500d678f6c94a8846079970593c177534a Mon Sep 17 00:00:00 2001 From: Khem Raj Date: Fri, 25 Apr 2014 00:19:30 -0700 Subject: [PATCH 59/59] binutils: Fix building nativesdk binutils with gcc 4.9 Patches explain the issue in detail but this is exposed with gcc 4.9 in binutils 2.23.2 (From OE-Core rev: fc5c467b680fc5aef4b0f689e6988e17a9322ae0) (From OE-Core rev: 4dfb8847ebf8aab90ad8888933468e2899c96998) (From OE-Core rev: af347d3298e15552d502d5b2ce497bbda9705bc7) (From OE-Core rev: 07a7228392ec5157616888cee1eb119f4adb39a7) Signed-off-by: Khem Raj Signed-off-by: Richard Purdie --- .../binutils/binutils-2.23.2.inc | 2 + ...reakage-from-bfd_set_section_vma-cha.patch | 31 +++ .../replace_macros_with_static_inline.patch | 188 ++++++++++++++++++ 3 files changed, 221 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch create mode 100644 meta/recipes-devtools/binutils/binutils/replace_macros_with_static_inline.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.23.2.inc b/meta/recipes-devtools/binutils/binutils-2.23.2.inc index 99fe2e558f..4de833962f 100644 --- a/meta/recipes-devtools/binutils/binutils-2.23.2.inc +++ b/meta/recipes-devtools/binutils/binutils-2.23.2.inc @@ -30,6 +30,8 @@ SRC_URI = "\ ${BACKPORT} \ file://binutils-fix-over-array-bounds-issue.patch \ file://binutils-xlp-support.patch \ + file://replace_macros_with_static_inline.patch \ + file://0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch \ " BACKPORT = "\ diff --git a/meta/recipes-devtools/binutils/binutils/0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch b/meta/recipes-devtools/binutils/binutils/0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch new file mode 100644 index 0000000000..f786b176f2 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0001-Fix-MMIX-build-breakage-from-bfd_set_section_vma-cha.patch @@ -0,0 +1,31 @@ +Upstream-Status: Backport + +From 0a09fb4a09e80c36fa3ef763ae276fd13d272a36 Mon Sep 17 00:00:00 2001 +From: Hans-Peter Nilsson +Date: Sat, 1 Feb 2014 01:11:28 +0100 +Subject: [PATCH] Fix MMIX build breakage from bfd_set_section_vma change. + + * emultempl/mmix-elfnmmo.em (mmix_after_allocation): Fix typo in + call to bfd_set_section_vma exposed by recent bfd_set_section_vma + change. +--- + ld/ChangeLog | 6 ++++++ + ld/emultempl/mmix-elfnmmo.em | 2 +- + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/ld/emultempl/mmix-elfnmmo.em b/ld/emultempl/mmix-elfnmmo.em +index 0059792..5e9781a 100644 +--- a/ld/emultempl/mmix-elfnmmo.em ++++ b/ld/emultempl/mmix-elfnmmo.em +@@ -102,7 +102,7 @@ mmix_after_allocation (void) + This section is only present when there are register symbols. */ + sec = bfd_get_section_by_name (link_info.output_bfd, MMIX_REG_SECTION_NAME); + if (sec != NULL) +- bfd_set_section_vma (abfd, sec, 0); ++ bfd_set_section_vma (sec->owner, sec, 0); + + if (!_bfd_mmix_after_linker_allocation (link_info.output_bfd, &link_info)) + { +-- +1.7.10.4 + diff --git a/meta/recipes-devtools/binutils/binutils/replace_macros_with_static_inline.patch b/meta/recipes-devtools/binutils/binutils/replace_macros_with_static_inline.patch new file mode 100644 index 0000000000..834f55cf6d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/replace_macros_with_static_inline.patch @@ -0,0 +1,188 @@ +Upstream-Status: Backport + +From 27b829ee701e29804216b3803fbaeb629be27491 Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Wed, 29 Jan 2014 13:46:39 +0000 +Subject: [PATCH 1/1] Following up on Tom's suggestion I am checking in a patch to replace the various + bfd_xxx_set macros with static inline functions, so that we can avoid compile time + warnings about comma expressions with unused values. + + * bfd-in.h (bfd_set_section_vma): Delete. + (bfd_set_section_alignment): Delete. + (bfd_set_section_userdata): Delete. + (bfd_set_cacheable): Delete. + * bfd.c (bfd_set_cacheable): New static inline function. + * section.c (bfd_set_section_userdata): Likewise. + (bfd_set_section_vma): Likewise. + (bfd_set_section_alignment): Likewise. + * bfd-in2.h: Regenerate. +--- + bfd/ChangeLog | 12 ++++++++++++ + bfd/bfd-in.h | 5 ----- + bfd/bfd-in2.h | 41 +++++++++++++++++++++++++++++++++++------ + bfd/bfd.c | 8 ++++++++ + bfd/section.c | 26 ++++++++++++++++++++++++++ + 5 files changed, 81 insertions(+), 11 deletions(-) + +diff --git a/bfd/bfd-in.h b/bfd/bfd-in.h +index 3afd71b..c7c5a7d 100644 +--- a/bfd/bfd-in.h ++++ b/bfd/bfd-in.h +@@ -292,9 +292,6 @@ typedef struct bfd_section *sec_ptr; + + #define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0) + +-#define bfd_set_section_vma(bfd, ptr, val) (((ptr)->vma = (ptr)->lma = (val)), ((ptr)->user_set_vma = TRUE), TRUE) +-#define bfd_set_section_alignment(bfd, ptr, val) (((ptr)->alignment_power = (val)),TRUE) +-#define bfd_set_section_userdata(bfd, ptr, val) (((ptr)->userdata = (val)),TRUE) + /* Find the address one past the end of SEC. */ + #define bfd_get_section_limit(bfd, sec) \ + (((bfd)->direction != write_direction && (sec)->rawsize != 0 \ +@@ -517,8 +514,6 @@ extern void warn_deprecated (const char *, const char *, int, const char *); + + #define bfd_get_symbol_leading_char(abfd) ((abfd)->xvec->symbol_leading_char) + +-#define bfd_set_cacheable(abfd,bool) (((abfd)->cacheable = bool), TRUE) +- + extern bfd_boolean bfd_cache_close + (bfd *abfd); + /* NB: This declaration should match the autogenerated one in libbfd.h. */ +diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h +index 71996db..b5aeb40 100644 +--- a/bfd/bfd-in2.h ++++ b/bfd/bfd-in2.h +@@ -299,9 +299,6 @@ typedef struct bfd_section *sec_ptr; + + #define bfd_is_com_section(ptr) (((ptr)->flags & SEC_IS_COMMON) != 0) + +-#define bfd_set_section_vma(bfd, ptr, val) (((ptr)->vma = (ptr)->lma = (val)), ((ptr)->user_set_vma = TRUE), TRUE) +-#define bfd_set_section_alignment(bfd, ptr, val) (((ptr)->alignment_power = (val)),TRUE) +-#define bfd_set_section_userdata(bfd, ptr, val) (((ptr)->userdata = (val)),TRUE) + /* Find the address one past the end of SEC. */ + #define bfd_get_section_limit(bfd, sec) \ + (((bfd)->direction != write_direction && (sec)->rawsize != 0 \ +@@ -524,8 +521,6 @@ extern void warn_deprecated (const char *, const char *, int, const char *); + + #define bfd_get_symbol_leading_char(abfd) ((abfd)->xvec->symbol_leading_char) + +-#define bfd_set_cacheable(abfd,bool) (((abfd)->cacheable = bool), TRUE) +- + extern bfd_boolean bfd_cache_close + (bfd *abfd); + /* NB: This declaration should match the autogenerated one in libbfd.h. */ +@@ -1029,7 +1024,7 @@ bfd *bfd_openr (const char *filename, const char *target); + + bfd *bfd_fdopenr (const char *filename, const char *target, int fd); + +-bfd *bfd_openstreamr (const char *, const char *, void *); ++bfd *bfd_openstreamr (const char * filename, const char * target, void * stream); + + bfd *bfd_openr_iovec (const char *filename, const char *target, + void *(*open_func) (struct bfd *nbfd, +@@ -1596,6 +1591,32 @@ struct relax_table { + int size; + }; + ++/* Note: the following are provided as inline functions rather than macros ++ because not all callers use the return value. A macro implementation ++ would use a comma expression, eg: "((ptr)->foo = val, TRUE)" and some ++ compilers will complain about comma expressions that have no effect. */ ++static inline bfd_boolean ++bfd_set_section_userdata (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, void * val) ++{ ++ ptr->userdata = val; ++ return TRUE; ++} ++ ++static inline bfd_boolean ++bfd_set_section_vma (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, bfd_vma val) ++{ ++ ptr->vma = ptr->lma = val; ++ ptr->user_set_vma = TRUE; ++ return TRUE; ++} ++ ++static inline bfd_boolean ++bfd_set_section_alignment (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, unsigned int val) ++{ ++ ptr->alignment_power = val; ++ return TRUE; ++} ++ + /* These sections are global, and are managed by BFD. The application + and target back end are not permitted to change the values in + these sections. */ +@@ -6415,6 +6436,14 @@ struct bfd + unsigned int selective_search : 1; + }; + ++/* See note beside bfd_set_section_userdata. */ ++static inline bfd_boolean ++bfd_set_cacheable (bfd * abfd, bfd_boolean val) ++{ ++ abfd->cacheable = val; ++ return TRUE; ++} ++ + typedef enum bfd_error + { + bfd_error_no_error = 0, +diff --git a/bfd/bfd.c b/bfd/bfd.c +index 8d0580c..2d174f3 100644 +--- a/bfd/bfd.c ++++ b/bfd/bfd.c +@@ -311,6 +311,14 @@ CODE_FRAGMENT + . unsigned int selective_search : 1; + .}; + . ++.{* See note beside bfd_set_section_userdata. *} ++.static inline bfd_boolean ++.bfd_set_cacheable (bfd * abfd, bfd_boolean val) ++.{ ++. abfd->cacheable = val; ++. return TRUE; ++.} ++. + */ + + #include "sysdep.h" +diff --git a/bfd/section.c b/bfd/section.c +index fb19d8c..a661228 100644 +--- a/bfd/section.c ++++ b/bfd/section.c +@@ -542,6 +542,32 @@ CODE_FRAGMENT + . int size; + .}; + . ++.{* Note: the following are provided as inline functions rather than macros ++. because not all callers use the return value. A macro implementation ++. would use a comma expression, eg: "((ptr)->foo = val, TRUE)" and some ++. compilers will complain about comma expressions that have no effect. *} ++.static inline bfd_boolean ++.bfd_set_section_userdata (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, void * val) ++.{ ++. ptr->userdata = val; ++. return TRUE; ++.} ++. ++.static inline bfd_boolean ++.bfd_set_section_vma (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, bfd_vma val) ++.{ ++. ptr->vma = ptr->lma = val; ++. ptr->user_set_vma = TRUE; ++. return TRUE; ++.} ++. ++.static inline bfd_boolean ++.bfd_set_section_alignment (bfd * abfd ATTRIBUTE_UNUSED, asection * ptr, unsigned int val) ++.{ ++. ptr->alignment_power = val; ++. return TRUE; ++.} ++. + .{* These sections are global, and are managed by BFD. The application + . and target back end are not permitted to change the values in + . these sections. *} +-- +1.7.1 +