* the libc.so.6 dependency is detected always:
$ grep FILERDEPENDS BUILD-*/pkgdata/qemux86/runtime/localedef
BUILD-bad/pkgdata/qemux86/runtime/localedef:FILERDEPENDSFLIST_localedef: /usr/bin/localedef
BUILD-bad/pkgdata/qemux86/runtime/localedef:FILERDEPENDS_/usr/bin/localedef_localedef: libc.so.6(GLIBC_2.15) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.0) libc.so.6
BUILD-ok/pkgdata/qemux86/runtime/localedef:FILERDEPENDSFLIST_localedef: /usr/bin/localedef
BUILD-ok/pkgdata/qemux86/runtime/localedef:FILERDEPENDS_/usr/bin/localedef_localedef: libc.so.6(GLIBC_2.15) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.0) libc.so.6
* but in some builds the glibc dependency isn't built soon enough:
$ diff -uNr BUILD-*/pkgdata/qemux86/runtime/localedef
--- BUILD-bad/pkgdata/qemux86/runtime/localedef 2017-09-02 21:17:50.000000000 +0000
+++ BUILD-ok/pkgdata/qemux86/runtime/localedef 2017-09-11 10:15:49.954381592 +0000
@@ -6,6 +6,7 @@
LICENSE: GPLv2 & LGPLv2.1
DESCRIPTION_localedef: glibc: compile locale definition files
SUMMARY: Locale data from glibc
+RDEPENDS_localedef: glibc (>= 2.26)
SECTION: base
PKG_localedef: localedef
FILES_localedef: /usr/bin/localedef
and the build fails with QA issues:
http://errors.yoctoproject.org/Errors/Details/155529/
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.0), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.15), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.3), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.2), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.1), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6, but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA run found fatal errors. Please consider fixing them.
* reproducible with Yocto 2.2 Morty as well, with slightly different
error message:
ERROR: glibc-locale-2.24-r0 do_package_qa: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.4), but no providers found in RDEPENDS_localedef? [file-rdeps]
* cherry-picked from master 2d2b4d7383c93174fe8eeb72440e81345df71295
(From OE-Core rev: eade33d548bd1a16f5397a44299ac809707efd60)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This reverts commit 450942db7f4638eba7ec262901fe1d7e1b1f6070.
Applied in error to the pyro branch.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The new flag doesn't work and the change even broke the XML_PARSE_NONET option.
(From OE-Core rev: 8b586f60778579ee2c9adae429128a07e8437553)
(From OE-Core rev: d2b1486bf8773d3eef36c5e77b82e70c88d9c682)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
getrandom() is only available in glibc 2.25+ and uninative may relocate
binaries onto systems that don't have this function. For now, force
the code to the older codepath until we can come up with a better solution
for this kind of issue.
(From OE-Core rev: da9ac8092497c3f2c246d3534f47e42cb2d9e4e8)
(From OE-Core rev: 450942db7f4638eba7ec262901fe1d7e1b1f6070)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since we go through the trouble of copying the Python tests, we may as
well actually run them...
This also avoids the following QA issue:
ERROR: libxml2-2.9.4-r0 do_package_qa: QA Issue:
/usr/lib/libxml2/ptest/python/tests/push.py contained in package
libxml2-ptest requires /usr/bin/python, but no providers found in
RDEPENDS_libxml2-ptest? [file-rdeps]
(From OE-Core rev: 2b9470678d8df152af54899adb4774fb0d481cf3)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 30417429cea525e6eb6c3cfbe760ebe7b13f0980)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After switching to Recipe Specific Sysroots, ncurses
will not be populated in its own sysroots, then
siteconfig_gencache fails to find some headers,
so add ${SYSROOT_DESTDIR}/${includedir} into the
search list to fix the issue.
(From OE-Core rev: 421850875a5dafa1deed0647b7b30b76df9b25cf)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2ef34f7fb60ecdff29aae1d54a90a2e765c15e1e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
All recipes which include this .inc map to glibc NVD component.
(From OE-Core rev: 5e11fa22f0b9ee18878b49389603ddf5533cbbc4)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 613a13725db4e05539974cc7c66584a287d7b4bd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Append " -fno-tree-switch-conversion -fno-tree-tail-merge" to
FULL_OPTIMIZATION to workaround login problem on qemumips64. Otherwise,
user cannot login onto the target even username and password are
provided.
(From OE-Core rev: 89d53c742d3538744b892237698ffde2c9c60009)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 35403ba3707c3c8dd94bcc557eef6f7c66696bc5)
Hand applied
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If a unit has a statement such as User=0day where the username exists but is
strictly speaking invalid, the unit will be started as the root user instead.
Backport a patch from upstream to mitigate this by refusing to start units such
as this.
(From OE-Core rev: a6eaef0f179a341c0b96bb30aaec2d80862a11d6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix type confusion in xmlValidateOneNamespace
Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
on namespace declarations make no practical sense anyway.
Fixes bug 780228
CVE: CVE-2017-0663
(From OE-Core rev: a965be7b6a1d730851b4a3bc8fd534b9b2334227)
(From OE-Core rev: e442e7105ba39ddaed0749614b5ee552f9df2d5a)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix handling of parameter-entity references
There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.
Fixes bug 781205 and bug 781361
CVE: CVE-2017-9049 CVE-2017-9050
(From OE-Core rev: 2300762fef8fc8e3e56fb07fd4076c1deeba0a9b)
(From OE-Core rev: a409c50a09b12caa434b2b06bdcfb6beba43f67f)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
xmlSnprintfElementContent failed to correctly check the available
buffer space in two locations.
Fixes bug 781333 and bug 781701
CVE: CVE-2017-9047 CVE-2017-9048
(From OE-Core rev: bb0af023e811907b4e641b39f654ca921ac8794a)
(From OE-Core rev: d549b8f3836b2ffda5c59a7ae4d955846c558646)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The path to where to install and find the sysroot components is used
in many places. This warrants it to get its own variable.
(From OE-Core rev: 70a84b525470f72339568409daf84845904e4cab)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add bash to /etc/shells if busybox is built with bash applet anabled
to fix login via dropbear.
(From OE-Core rev: 86a2db0b2997fd05882ae0119ef45b1ea5411d39)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and other products, does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
(From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The busybox _git recipe is not formally tested or kept up to date.
The gstreamer _git recipes were recently removed from oe-core and the
justifications for that change apply to the busybox _git recipe too.
(From OE-Core rev: 139c97fa7f71a554ce85900ac33054a216db62e9)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently there are multiple issues with useradd:
* If base-passwd rebuilds, it wipes out recipe specific user/group additions
to sysroots and causes errors
* If recipe A adds a user and recipe B depends on A, it can't see any of the
users/groups A adds.
This patch changes base-passwd so it always works as a postinst script
within the sysroot and copies in the master files, then runs any
postinst-useradd-* scripts afterwards to add additional user/groups.
The postinst-useradd-* scripts are tweaked so that if /etc/passwd doesn't exist
they just exit, knowning they'll be executed later. We also add a dummy entry to
the dummy passwd file from pseudo so we can avoid this too.
There is a problem where if recipe A adds a user and recipe B depends on A but
doesn't care about users, it may not have a dependency on the useradd/groupadd
tools which would therefore not be available in B's sysroot. We therefore also
tweak postinst-useradd-* scripts so that if the tools aren't present we simply
don't add users. If you need the users, you add a dependency on the tools in the
recipe and they'll be added.
We add postinst-* to SSTATE_SCAN_FILES since almost any postinst script of this
kind is going to need relocation help.
We also ensure that the postinst-useradd script is written into the sstate
object as the current script was only being added in a recipe local way.
Thanks to Peter Kjellerstedt <pkj@axis.com> and Patrick Ohly for some pieces
of this patch.
[Yocto #11124]
(From OE-Core rev: 1b5afaf437f7a1107d4edca8eeb668b9618a5488)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is common for *ash shells to have 'command' available as a built-in
function. POSIX 2008 also documents the availability of this command.
Additionally the /etc/profile of base-files requires this command to be
available as of commit e77cdb7611 ("base-files: profile: Do not assume
that the tty command exists"). If it is not available the following
message is output during login on a image using busybox.
-sh: command: not found
It however should be noted that tcsh and csh do not provide 'command'
(built-in or otherwise).
(From OE-Core rev: e41c90b852167bbcb434da57b84280e855acae33)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* 54807d47 aarch64: add single instruction math functions
* b6e1fe0d fix strptime output for %C without %y
* 834ef7af fix processing of strptime %p format
* 85dfab7e fix off-by-one in strptime %j
* 9571c531 regex: fix newline matching with negated brackets
* e6917ece increase limit on locale name length from 15 to 23 bytes
* e4fc9ad7 search locale name variants for gettext translations
* 16319a5d make setlocale return a single name for LC_ALL if all categories match
* 0c53178e fix dlopen/dlsym regression opening libs already loaded at startup
* dbff2bb8 fix POSIX-format TZ dst transition times for southern hemisphere
* 74bca42e s390x: fix fpreg_t and remove unused per_struct
* a393d5cc precalculate gnu hash rather than doing it lazily in find_sym inner loop
* 8cba1dc4 fix threshold constants in j0f, y0f, j1f, y1f
(From OE-Core rev: 340b3fa6be034bf6a4cd9b2d1ad4788668fabb5b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The --disable-static option doesn't exist in ncurses. Its equivalent is
--without-normal so remove the option which does nothing.
(From OE-Core rev: 974ddd2f99be04f44978c1bce054ed75c9367631)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We've had a lot of users running into RSS issues where -initial recipes
were being installed into sysroots alongside their counterparts and
causing overlapping files issues.
In general this was through do_build dependencies. Such dependencies are
bad in general and I'd encourage people to compare the taskgraphs with
using a more specific dependency like do_populate_sysroot, do_image_complete
or do_deploy as often the more specific dependency will result in a much
cleaner build.
Regardless, we don't want -initial dependencies getting in the way like
this and there are cases a do_build dependency could make sense.
Deleting the do_build task in these cases makes sense since this is not
a build "endpoint" we'd ever want a user to use, its a behind the scenes
piece of bootstrappping.
Unfortunately to make this work, we need a newer bitbake version which
has a bitbake bug fixed.
(From OE-Core rev: 04c053d42ab05f77b2d1ca93a0fabae44073d57e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This avoids the following error when logging in to a host that does
not have the tty command:
-sh: tty: not found
Reported-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn@axis.com>
(From OE-Core rev: e77cdb761169e404556487ac650dc562000da406)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
ntpd: NTP server denial of service flaw
CVE: CVE-2016-6301
(From OE-Core rev: 301dc9df16cce1f4649f90af47159bc21be0de59)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Override RTLDLIST for nativesdk, or else ldd would fail to run on
SDK targets.
(From OE-Core rev: 3a1cce659156ef2654a55a6e3c6922fa2dc780e4)
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
EXTRA_OEMAKE no longer contains '-e MAKEFLAGS=' so the comment
explaining that it needs to be removed / over-ridden is obsolete.
(From OE-Core rev: 19be2237798f51c01c1c21a68382d114a2f6ead2)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The library libxml2 can provide its own bindings for python2 in addition
to the third party python-lxml and python3-lxml packages if this
functionality is enabled in PACKAGECONFIG.
But in case the functionality is disabled there's no need to depend
on python2.
Make the dependency on python2 enabled only if the python feature
is added to PACKAGECONFIG. Also add missing run-time dependency on make
to libxml2-ptest.
(From OE-Core rev: 3f1be2c3875fc112d9c67af16759091e007e5b99)
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The results of meta-ide-support are used by utilities like runqemu and
runqemu-extract-sdk. Since the usr/bin that meta-ide-support creates is
subsequently removed bu rm_work, we exclude this recipe from the rm_work
list.
[YOCTO #11119]
(From OE-Core rev: 6c0fc4daee0e32c85c8895ce77126d3d0c6c2ed5)
Signed-off-by: brian avery <brian.avery@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Build static libraries without the binutils "ar" -U option.
This option deliberately breaks deterministic mode.
The option seems to be a relic from 2015, intended as a workaround
for some unspecified build problems.
[YOCTO#11247]
(From OE-Core rev: 46c757d0ca7ff294a7e55c130698fd256b69b62e)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We don't want to run resize on non serial consoles. There's
been an earlier attempt (6557787), so this builds upon that.
The problem we're seeing is that if there is text buffered in
the virtual console (like from a desperate user trying to
enter login details), resize will get stuck while calling
ioctl(tty, TCSETAW);
Since serial consoles are named (not just numbered), this
change limits resize's reach even further to run only on
/dev/tty[A-z] (thus avoiding /dev/tty[0-9]).
(From OE-Core rev: 474ef7c95722aa68ee5dfbae2920d7c3d436d717)
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Allowing to remove the systemd-vconsole-setup package without specifying
the --disable-vconsole configure option for systemd will make the system
boot with the failure prompt
| systemd-udevd[142]: failed to execute '/lib/systemd/systemd-vconsole-setup' '/lib/systemd/systemd-vconsole-setup': No such file or directory
| systemd-udevd[96]: Process '/lib/systemd/systemd-vconsole-setup' failed with exit code 2.
as the 90-vconsole.rules will still be installed with having a
RUN+="/lib/systemd/systemd-vconsole-setup" in it that attempts to
execute a non-existing binary.
(From OE-Core rev: 396e9dcf308a2a6660a84eb36c5ff29f8a0d08de)
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>