Append " -fno-tree-switch-conversion -fno-tree-tail-merge" to
FULL_OPTIMIZATION to workaround login problem on qemumips64. Otherwise,
user cannot login onto the target even username and password are
provided.
(From OE-Core rev: 89d53c742d3538744b892237698ffde2c9c60009)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 35403ba3707c3c8dd94bcc557eef6f7c66696bc5)
Hand applied
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a unit has a statement such as User=0day where the username exists but is
strictly speaking invalid, the unit will be started as the root user instead.
Backport a patch from upstream to mitigate this by refusing to start units such
as this.
(From OE-Core rev: a6eaef0f179a341c0b96bb30aaec2d80862a11d6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix type confusion in xmlValidateOneNamespace
Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
on namespace declarations make no practical sense anyway.
Fixes bug 780228
CVE: CVE-2017-0663
(From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227)
(From OE-Core rev: e442e7105ba39ddaed0749614b5ee552f9df2d5a)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix handling of parameter-entity references
There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.
Fixes bug 781205 and bug 781361
CVE: CVE-2017-9049 CVE-2017-9050
(From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b)
(From OE-Core rev: a409c50a09b12caa434b2b06bdcfb6beba43f67f)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
xmlSnprintfElementContent failed to correctly check the available
buffer space in two locations.
Fixes bug 781333 and bug 781701
CVE: CVE-2017-9047 CVE-2017-9048
(From OE-Core rev: bb0af023e811907b4e641b39f654ca921ac8794a)
(From OE-Core rev: d549b8f3836b2ffda5c59a7ae4d955846c558646)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The path to where to install and find the sysroot components is used
in many places. This warrants it to get its own variable.
(From OE-Core rev: 70a84b525470f72339568409daf84845904e4cab)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add bash to /etc/shells if busybox is built with bash applet anabled
to fix login via dropbear.
(From OE-Core rev: 86a2db0b2997fd05882ae0119ef45b1ea5411d39)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and other products, does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
(From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The busybox _git recipe is not formally tested or kept up to date.
The gstreamer _git recipes were recently removed from oe-core and the
justifications for that change apply to the busybox _git recipe too.
(From OE-Core rev: 139c97fa7f71a554ce85900ac33054a216db62e9)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently there are multiple issues with useradd:
* If base-passwd rebuilds, it wipes out recipe specific user/group additions
to sysroots and causes errors
* If recipe A adds a user and recipe B depends on A, it can't see any of the
users/groups A adds.
This patch changes base-passwd so it always works as a postinst script
within the sysroot and copies in the master files, then runs any
postinst-useradd-* scripts afterwards to add additional user/groups.
The postinst-useradd-* scripts are tweaked so that if /etc/passwd doesn't exist
they just exit, knowning they'll be executed later. We also add a dummy entry to
the dummy passwd file from pseudo so we can avoid this too.
There is a problem where if recipe A adds a user and recipe B depends on A but
doesn't care about users, it may not have a dependency on the useradd/groupadd
tools which would therefore not be available in B's sysroot. We therefore also
tweak postinst-useradd-* scripts so that if the tools aren't present we simply
don't add users. If you need the users, you add a dependency on the tools in the
recipe and they'll be added.
We add postinst-* to SSTATE_SCAN_FILES since almost any postinst script of this
kind is going to need relocation help.
We also ensure that the postinst-useradd script is written into the sstate
object as the current script was only being added in a recipe local way.
Thanks to Peter Kjellerstedt <pkj@axis.com> and Patrick Ohly for some pieces
of this patch.
[Yocto #11124]
(From OE-Core rev: 1b5afaf437f7a1107d4edca8eeb668b9618a5488)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is common for *ash shells to have 'command' available as a built-in
function. POSIX 2008 also documents the availability of this command.
Additionally the /etc/profile of base-files requires this command to be
available as of commit e77cdb7611 ("base-files: profile: Do not assume
that the tty command exists"). If it is not available the following
message is output during login on a image using busybox.
-sh: command: not found
It however should be noted that tcsh and csh do not provide 'command'
(built-in or otherwise).
(From OE-Core rev: e41c90b852167bbcb434da57b84280e855acae33)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* 54807d47 aarch64: add single instruction math functions
* b6e1fe0d fix strptime output for %C without %y
* 834ef7af fix processing of strptime %p format
* 85dfab7e fix off-by-one in strptime %j
* 9571c531 regex: fix newline matching with negated brackets
* e6917ece increase limit on locale name length from 15 to 23 bytes
* e4fc9ad7 search locale name variants for gettext translations
* 16319a5d make setlocale return a single name for LC_ALL if all categories match
* 0c53178e fix dlopen/dlsym regression opening libs already loaded at startup
* dbff2bb8 fix POSIX-format TZ dst transition times for southern hemisphere
* 74bca42e s390x: fix fpreg_t and remove unused per_struct
* a393d5cc precalculate gnu hash rather than doing it lazily in find_sym inner loop
* 8cba1dc4 fix threshold constants in j0f, y0f, j1f, y1f
(From OE-Core rev: 340b3fa6be034bf6a4cd9b2d1ad4788668fabb5b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The --disable-static option doesn't exist in ncurses. Its equivalent is
--without-normal so remove the option which does nothing.
(From OE-Core rev: 974ddd2f99be04f44978c1bce054ed75c9367631)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We've had a lot of users running into RSS issues where -initial recipes
were being installed into sysroots alongside their counterparts and
causing overlapping files issues.
In general this was through do_build dependencies. Such dependencies are
bad in general and I'd encourage people to compare the taskgraphs with
using a more specific dependency like do_populate_sysroot, do_image_complete
or do_deploy as often the more specific dependency will result in a much
cleaner build.
Regardless, we don't want -initial dependencies getting in the way like
this and there are cases a do_build dependency could make sense.
Deleting the do_build task in these cases makes sense since this is not
a build "endpoint" we'd ever want a user to use, its a behind the scenes
piece of bootstrappping.
Unfortunately to make this work, we need a newer bitbake version which
has a bitbake bug fixed.
(From OE-Core rev: 04c053d42ab05f77b2d1ca93a0fabae44073d57e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This avoids the following error when logging in to a host that does
not have the tty command:
-sh: tty: not found
Reported-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
(From OE-Core rev: e77cdb761169e404556487ac650dc562000da406)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ntpd: NTP server denial of service flaw
CVE: CVE-2016-6301
(From OE-Core rev: 301dc9df16cce1f4649f90af47159bc21be0de59)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Override RTLDLIST for nativesdk, or else ldd would fail to run on
SDK targets.
(From OE-Core rev: 3a1cce659156ef2654a55a6e3c6922fa2dc780e4)
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
EXTRA_OEMAKE no longer contains '-e MAKEFLAGS=' so the comment
explaining that it needs to be removed / over-ridden is obsolete.
(From OE-Core rev: 19be2237798f51c01c1c21a68382d114a2f6ead2)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The library libxml2 can provide its own bindings for python2 in addition
to the third party python-lxml and python3-lxml packages if this
functionality is enabled in PACKAGECONFIG.
But in case the functionality is disabled there's no need to depend
on python2.
Make the dependency on python2 enabled only if the python feature
is added to PACKAGECONFIG. Also add missing run-time dependency on make
to libxml2-ptest.
(From OE-Core rev: 3f1be2c3875fc112d9c67af16759091e007e5b99)
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The results of meta-ide-support are used by utilities like runqemu and
runqemu-extract-sdk. Since the usr/bin that meta-ide-support creates is
subsequently removed bu rm_work, we exclude this recipe from the rm_work
list.
[YOCTO #11119]
(From OE-Core rev: 6c0fc4daee0e32c85c8895ce77126d3d0c6c2ed5)
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Build static libraries without the binutils "ar" -U option.
This option deliberately breaks deterministic mode.
The option seems to be a relic from 2015, intended as a workaround
for some unspecified build problems.
[YOCTO#11247]
(From OE-Core rev: 46c757d0ca7ff294a7e55c130698fd256b69b62e)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We don't want to run resize on non serial consoles. There's
been an earlier attempt (6557787), so this builds upon that.
The problem we're seeing is that if there is text buffered in
the virtual console (like from a desperate user trying to
enter login details), resize will get stuck while calling
ioctl(tty, TCSETAW);
Since serial consoles are named (not just numbered), this
change limits resize's reach even further to run only on
/dev/tty[A-z] (thus avoiding /dev/tty[0-9]).
(From OE-Core rev: 474ef7c95722aa68ee5dfbae2920d7c3d436d717)
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Allowing to remove the systemd-vconsole-setup package without specifying
the --disable-vconsole configure option for systemd will make the system
boot with the failure prompt
| systemd-udevd[142]: failed to execute '/lib/systemd/systemd-vconsole-setup' '/lib/systemd/systemd-vconsole-setup': No such file or directory
| systemd-udevd[96]: Process '/lib/systemd/systemd-vconsole-setup' failed with exit code 2.
as the 90-vconsole.rules will still be installed with having a
RUN+="/lib/systemd/systemd-vconsole-setup" in it that attempts to
execute a non-existing binary.
(From OE-Core rev: 396e9dcf308a2a6660a84eb36c5ff29f8a0d08de)
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added btrfs-tools-native and squashfs-tools-native to DEPENDS as
wic uses these tools to support btrfs and squashfs filesystems.
(From OE-Core rev: d6fea657671637af30fe9bf9a2264746b5bd6deb)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd-tmpfiles-setup will fail at boot, so we suppress
the default versions of etc.conf and home.conf.
We also make sure that /var/{cache,spool} and /srv are writeable
if they exist.
(From OE-Core rev: 4a44a7658cebafab336f061f270b6ff44150a6d6)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With this change (combined with the previous linux-libc-header fix), a
combined sysroot for 32 and 64 bit arm works meaning our SDK works
correctly for that multilib setup.
(From OE-Core rev: 4690cd8e34fc23de10400cc1c178b2c73c7690c7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Linking with gold fails due to an internal error in gold. The ovmf
linker is gcc, which has a -fuse-ld=bfd option to choose the linker
which (for ovmf) is known to work.
Like the choice of the compilers, this is done in ovmf-native. To keep
that recipe independent of DISTRO_FEATURES, choosing bfd is done
unconditionally.
(From OE-Core rev: 7ee548b9f6f2893caf6b5ade8c892f2968d4ec47)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This sycncs eudev with systemd. This is required for old kernels to
work and does same backport as did in:
,----
| commit 31163abc7bedd477c1aad10e6d1f47dbee194513
| Author: Jonathan Liu <net147@gmail.com>
| Date: Thu Mar 19 15:38:32 2015 +1100
|
| systemd: restore userspace firmware loading support
|
| This changes the minimum required Linux version from 3.7 back to 3.0.
|
| [YOCTO #7409]
|
| Signed-off-by: Jonathan Liu <net147@gmail.com>
| Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
`----
(From OE-Core rev: d6b139ef1b52ee4842f8706c1b8b950cc50a3d54)
Signed-off-by: Lauren Post <lauren.post@nxp.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ifupdown does not provide an initscript so this recipe should not
inherit update-rc.d class. Instead, we rely on init-ifupdown recipe to
startup networking.
(From OE-Core rev: 4e6bf6ea766a0d47f96b3c4682d4f7e81a5763e7)
Signed-off-by: David Vincent <freesilicon@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Make use of lnr/ln -r while creating relative symlinks than guessing the
relalive path.
(From OE-Core rev: 8205b92631bc1dcb3419c709ef5a98b2b3cd9d70)
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The windres binutils binary which is used for Windows resource files
requires utf-16 and cp1252 encoding support in order to correctly
generate resource files with strings. As such when using uninative to
build mingw resources for a nativesdk target the windres binary is
executed on the native host, thus using the uninative libc and gconv
modules.
(From OE-Core rev: 778fb2342da55e202cfb7af04bbf120c1b68620a)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For the native tools, a static patch inserted gcc/g++/ld/ar while later
adding BUILD_LDFLAGS and BUILD_CFLAGS with sed. Now it's all done with sed,
which has the advantage that it uses the actual compile variables. However,
in practice those are the same.
More importantly, picking the build tools for the target was
broken. ovmf-native tried to insert TARGET_PREFIX into the tools
definition file, but that variable is empty in a native recipe. As a
result, "gcc" was used instead of "${HOST_PREFIX}gcc", leading to an
undesirable dependency on the host compiler and potentially
(probably?!) causing some of the build issues that were seen for ovmf.
The new approach is to override the tool selection in ovmf-native so
that the HOST_PREFIX env variable is used, which then gets exported
during do_compile for the target.
While at it, Python code that gets appened to do_patch only to call
shell functions gets replaced with the do_patch[postfuncs] mechanism.
Incremental builds now always use the tools definition from the
current ovmf-native; previously, only the initial build copied the
template file.
Probably the entire split into ovmf-native and ovmf could be
removed. This merely hasn't been attempted yet.
(From OE-Core rev: 23a12d87a6e82f80f4ccc1a01c707faa89ff7abd)
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi
Ross Burton
Khem Raj
Andrej Valek
Richard Purdie
Peter Kjellerstedt
Andreas Oberritter
Catalin Enache
Andre McCurdy
Nathan Rossi
Martin Jansa
Martin Balik
Ming Liu
Dmitry Rozhkov
brian avery
Juro Bystricky
Daniel Díaz
Enrico Jorns
Ed Bartosh
Joe Slater
Patrick Ohly
Lauren Post
David Vincent
Amarnath Valluri