We want to encourage installation of the buildtools tarball for
getting the most up-to-date packages on this build host.
(From yocto-docs rev: 92dbc6e90dffaefc4a91bab81532d24de0d631cc)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These updates are to the wic section. I have updated the syntax
and some requirements for running and using wic. The original
information was never reviewed before appearing in only the 1.5.2
verison of the dev-manual.
(From yocto-docs rev: 66c755f2753c52bdb304281d2109c2c253941d35)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
`debugfs' treats spaces and "" specially. So when we are dealing with
file names, great care should be taken to make sure that `debugfs'
recognizes file names correctly.
The basic solution here is:
1. Use quotation marks to handle spaces correctly.
2. Replace "xxx" with ""xxx"" so that debugfs knows that the quotation
marks are parts of the file name.
[YOCTO #6503]
(From OE-Core rev: 24f17607e996c499c8f86eda0588d02af1e960b9)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Scenario:
a) libtool script is built on system with bash as /bin/sh
b) machine B installs sstate from build a)
c) machine B has dash as /bin/sh
In this scenario, the script fails to work properly since its expecting
/bin/sh to have bash like syntax and it no longer does have it.
This patch forces the configure process to use /bin/bash, not /bin/sh
and hence allows the scripts to work correctly when used from sstate.
(From OE-Core rev: 24d5b449e5f4d91119f0d8e13c457618811aadfc)
(From OE-Core rev: 330c3085317a0b0981163ff5c41c54596e0d127d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* some fundamental perf commands can work
without the dependency on perl, python or bash
make them separate packages and RSUGGEST them
* bump PR
The patch was sponsored by sysmocom
(From OE-Core rev: a6f79561f7a2f6bc354d5ea8d84b836ac5c9b08f)
Signed-off-by: Henning Heinold <henning@itconsulting-heinold.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* TUI/GUI support was added in 2.6.35 based on libnewt
* since 3.10 slang replaced libnewt completly
* changing TUI_DEFINES is not necessary, because NO_NEWT is
still respected with newer kernels
* add comment about the gui history to the recipe
The patch was sponsored by sysmocom
(From OE-Core rev: 104e317f1fe68244d31c72897df2e5c997ff502a)
Signed-off-by: Henning Heinold <henning@itconsulting-heinold.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch was sponsored by sysmocom
(From OE-Core rev: 7e38d8ad6f7f4c289975acdac5c4d254ff3df7e6)
Signed-off-by: Henning Heinold <henning@itconsulting-heinold.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix the use of command dirname on ubuntu 12.04.
dirname does not accept space in file name.
(From OE-Core rev: ab6bd289d51c3c44862b43241a99d3e4f3ff13c0)
Signed-off-by: Stéphane Cerveau <scerveau@connected-labs.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The SHA we use it actually on cross_prelink branch
if you do not use yocto source mirrors then the fetch
for prelink on dora fails due to missing branch in SRC_URI
(From OE-Core rev: 13b57cab7cdd2bf967622ec5015478dc56938b8b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[YOCTO #6309]
It appears a logic issue has caused rpm -V to no longer
verify the files on the filesystem match what was installed.
(From OE-Core master rev: 117862cd0eebf6887c2ea6cc353432caee2653aa)
(From OE-Core rev: 9f9bcad51381887819d58ffdde2e41307d342473)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
console-kit-log-system-start.service fails to to start if the
/var/log/ConsoleKit directory does not exist. Normally it is created
automatically but as we mount a tmpfs at /var/log, we need to add
a tmpfiles.d entry to create it.
(From OE-Core master rev: 2a9a14bf400fe0c263c58aa85b02aba7311b1328)
(From OE-Core rev: 305da37a4dc0fba2b8f3219cfae47a1d4228f244)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Previously, even if we encounter some error when populating the
ext filesystem, we don't error out and the rootfs process still
succeeds.
However, what's really expected is that the populate-extfs.sh script
should error out if something wrong happens when using `debugfs' to
generate the ext filesystem. For example, if there's not enough block
in the filesystem, and allocating a block for some file fails, the
failure should not be ignored. Otherwise, we will have a successful
build but a corrupted filesystem.
The debugfs returns 0 as long as the command is valid. That is, even
if the command fails, the debugfs still returns 0. That's really a
pain here. That's why this patch checks the error output to see whether
there's any error logged.
(From OE-Core rev: 468d3e60ee10348578f78f846e87c02359fdb8bf)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was a patch trying to fix this problem by using 'dirname', but it
caused some build failures, thus got reverted.
The problem is that $DIR might be empty and we should first do the check
before trying to use $(dirname $DIR).
[YOCTO #5712]
(From OE-Core rev: 8277c71747758e2ba0815a6f5cd11c9e0c9c90ce)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I had the actual title of the manual as displayed in the section
heading for Chapter One wrong.
(From yocto-docs rev: e61b251da0d8225f7497b2b7a0a8c8d1510a429b)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Found a link in the dev-manual that had a hard return splitting
the link across two lines. The mega-manual.sed file cannot process
those links so it ignores them.
(From yocto-docs rev: fabd8d47b4a5ce1e108ad282d9903e3b1daa5f3d)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Found a very subtle problem with the search string that processes
links to the Yocto Project Profiling and Tracing Manual where the
links go to the top-level (i.e. no ID tag in the link).
I had the name of the manual as "Yocto Project Profile and
Tracing Manual", which means there would never be a match.
Consequently, when the Makefile called the mega-manual.sed file
to process the links in mega-manual.html, any top-level link
to that manual was not processed and was being left as a hard
link to the versioned manual. Processing a top-link should
convert it to a non-link (for now).
(From yocto-docs rev: 38c7971abe19293657f0170ecd8dc28c1047859b)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Conflicts:
documentation/tools/mega-manual.sed
Had to clean up some conflicts to get the cherry-pick
to work. It seems the line for the profile manual was
not even in this sed file. Also, had to reset the
1.4.4 strings to 1.5.3.
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added a new entry to support the 1.5.3 release. Using July 2014
as the release month and year.
(From yocto-docs rev: fcd6046b8b2a5606e77d14cffa0bd2eebbe1748a)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It seems that 585324fee380109acd9986388f857f413a60b896 is no
longer there in git and it has been rewritten to
ffc3ad4945da69f3caa2b40e4eed715a9a8d9526
Change-Id: I9ffe8bd9bcef0d2dc5e6f6d3a6e4317bada8f4be
(master rev: b193c7f251542aa76cb5a4d6dcb71d15b27005eb)
(From OE-Core rev: b7371b49b4b83c2e864126480b65363fe9f2cfd2)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Doyle <wpdster@gmail.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
(From OE-Core master rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b)
(From OE-Core rev: 3cc799213e6528fc9fb4a0c40a01a1817484f499)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.
(Patch borrowed from Fedora.)
(From OE-Core rev: fe4e278f1794dda2e1aded56360556fe933614ca)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
(Patch borrowed from Fedora.)
(From OE-Core rev: f19dbbc864b12b0f87248d3199296b41a0dcd5b0)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: 6506f8993c84b966642ef857bb15cf96eada32e8)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This replaces the fix for CVE-2014-0198 with one borrowed from Fedora,
which is the same as the patch which was actually applied upstream for
the issue, i.e.:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c
(From OE-Core rev: 21fa437a37dad14145b6c8c8c16c95f1b074e09c)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: c707b3ea9e1fbff2c6a82670e4b1af2b4f53d5e2)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backported patch for CVE-2014-3466.
This patch is for dora.
(From OE-Core rev: 68da848e0f7f026bf18707d8d59143177ff66f9b)
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The FILESEXTRAPATH was not getting used correctly since our distro
OVERRIDE is for poky-tiny, not poky, so just remove it, also we are
not using a version directory so ensure we get correct BPN (Base Package
Name).
[YOCTO #6353]
(From meta-yocto rev: 43e5c7a92dc06f95ef3110fb404bd07eccc2140a)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A null pointer dereference bug was discovered in do_ssl3_write().
An attacker could possibly use this to cause OpenSSL to crash, resulting
in a denial of service.
https://access.redhat.com/security/cve/CVE-2014-0198
(From OE-Core rev: 4c58fe468790822fe48e0a570779979c831d0f10)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The fetcher will try:
1) PREMIRROR
2) Upstream
3) MIRROR
If it fails to download from the Upstream, but succeeds from the MIRROR,
and ud.localpath != origud.localpath (for example, the git tarball),
then we will get the error (e.g.: xf86-video-omapfb):
ERROR: Function failed: Fetcher failure for URL: 'xxx'. Unable to fetch URL from any source.
ERROR: Logfile of failure stored in: /path/to/log.do_fetch.28024
It should not show the error and let the build go on since it succeeds.
(e.g.: xf86-video-omapfb)
[YOCTO #5686]
(Bitbake rev: 3bb3f1823bdd46ab34577d43f1e39046a32bca77)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A typo was meaning that the mirror creation method wasn't being called
when it should have been. Fix the type to fix mirror tarball creation.
[YOCTO #5284]
(Bitbake rev: 66cdc2e21660847c50317e8bfd28cf3595422e28)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix to be HEAD of Dora, not master
(From OE-Core rev: abc158bf873bb7c01414e437eea2b538eb73881c)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When specifying tags, they're searched for unanchored so foo/bar could
match:
refs/heads/abc/foo/bar
refs/heads/xyz/foo/bar
refs/heads/foo/bar
This change anchors the expressions so they are based against heads
or tags (or any other base level tree that has been created).
(Bitbake master rev: df2e0972cd1db7abd5ec8b7cb295fb0c42e284a4)
(Bitbake rev: da93afe9834e137ed1e9410380181286c80198b5)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Even if 'egl' is in PACKAGECONFIG, mesa egl support
can be disabled explicitly (changing configure flags
using a .bbappend, for example).
On dora, meta-fsl-arm is an example of this kind.
On master there are no known cases, and we should
encourge package configuration through PACKAGECONFIG.
This patch adds another check for the existence
of eglplatform.h before 'sed' can alter it.
(From OE-Core rev: 97bc1bce9a226cc02db8a5afc2c0d4f4f70034a6)
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We don't normally do this, but with the recent CVE fixes (most
importantly the one for the serious CVE-2014-0160 vulnerability) I am
bumping PR explicitly to make it a bit more obvious that the patch has
been applied.
(From OE-Core rev: 813fa9ed5e492e5dc08155d23d74127ca87304df)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This avoids a nasty sstate hash corruption issue where the
fact the testimage bbclass was inherited meant that the checksum
changed due to testimage.bbclass being confused with image.bbclass.
This patch anchors the bbclass names to avoid this confusion.
(From OE-Core master rev: 943a75a4f3b6877e4092dae14b59b7afef8cad3d)
(From OE-Core rev: 71b15a41652e280aca2a451073a83a25fb4e6f50)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since we now run depmod when building images (as the postinst that does
this is now on kernel-base instead of kernel-image) it is possible to
have module file differences between the two halves of the multilib image,
and the code that checks for such differences detects this and fails.
Whitelist this file to avoid the failure.
Specifically, modules.alias, modules.dep and modules.symbol can differ
along with their .bin counterparts.
Related to fix for [YOCTO #5392].
(From OE-Core master rev: 0a315804bf991664c0948e3024b8e8b9e9085808)
(From OE-Core rev: a2c026cf565897e4b0ba4c31c8762b41361649f4)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since kernel-base is the package that contains the files that depmod
needs to run, we should be running depmod from the kernel-base
postinstall rather than kernel-image.
Fixes [YOCTO #5392].
(From OE-Core master rev: f7d2cb383281ec8dfa90950ba04d87dd29ffc676)
(From OE-Core rev: ac92a5ab25ddfd8462c43bac6f93730b1e454a4f)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Scott Rifenbark
Richard Purdie
Roy Li
Chen Qi
Henning Heinold
Stéphane Cerveau
Khem Raj
Mark Hatle
Jonathan Liu
Yue Tao
Paul Eggleton
Valentin Popa
Saul Wold
Maxin B. John
Robert Yang
Hongxu Jia