When specifying tags, they're searched for unanchored so foo/bar could
match:
refs/heads/abc/foo/bar
refs/heads/xyz/foo/bar
refs/heads/foo/bar
This change anchors the expressions so they are based against heads
or tags (or any other base level tree that has been created).
(Bitbake master rev: df2e0972cd1db7abd5ec8b7cb295fb0c42e284a4)
(Bitbake rev: da93afe9834e137ed1e9410380181286c80198b5)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Even if 'egl' is in PACKAGECONFIG, mesa egl support
can be disabled explicitly (changing configure flags
using a .bbappend, for example).
On dora, meta-fsl-arm is an example of this kind.
On master there are no known cases, and we should
encourge package configuration through PACKAGECONFIG.
This patch adds another check for the existence
of eglplatform.h before 'sed' can alter it.
(From OE-Core rev: 97bc1bce9a226cc02db8a5afc2c0d4f4f70034a6)
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We don't normally do this, but with the recent CVE fixes (most
importantly the one for the serious CVE-2014-0160 vulnerability) I am
bumping PR explicitly to make it a bit more obvious that the patch has
been applied.
(From OE-Core rev: 813fa9ed5e492e5dc08155d23d74127ca87304df)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This avoids a nasty sstate hash corruption issue where the
fact the testimage bbclass was inherited meant that the checksum
changed due to testimage.bbclass being confused with image.bbclass.
This patch anchors the bbclass names to avoid this confusion.
(From OE-Core master rev: 943a75a4f3b6877e4092dae14b59b7afef8cad3d)
(From OE-Core rev: 71b15a41652e280aca2a451073a83a25fb4e6f50)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since we now run depmod when building images (as the postinst that does
this is now on kernel-base instead of kernel-image) it is possible to
have module file differences between the two halves of the multilib image,
and the code that checks for such differences detects this and fails.
Whitelist this file to avoid the failure.
Specifically, modules.alias, modules.dep and modules.symbol can differ
along with their .bin counterparts.
Related to fix for [YOCTO #5392].
(From OE-Core master rev: 0a315804bf991664c0948e3024b8e8b9e9085808)
(From OE-Core rev: a2c026cf565897e4b0ba4c31c8762b41361649f4)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since kernel-base is the package that contains the files that depmod
needs to run, we should be running depmod from the kernel-base
postinstall rather than kernel-image.
Fixes [YOCTO #5392].
(From OE-Core master rev: f7d2cb383281ec8dfa90950ba04d87dd29ffc676)
(From OE-Core rev: ac92a5ab25ddfd8462c43bac6f93730b1e454a4f)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With the "ABI safe" recipes, we've been excluding those from signatures. This
is fine in the general case but in the specific case of image recipes it breaks.
A good test case is the interfaces file. Editting this causes init-ifupdown
to rebuild but not an image containing it (e.g. core-image-minimal).
We need to ensure the checksums are added to the image recipes and this change
does that.
(From OE-Core master rev: fd085f15e7cd093953f974f69277e130174d551d)
(From OE-Core rev: 946ec90c5de1faa18c899e9b45efedc3d47b93bd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes the "heartbleed" TLS vulnerability (CVE-2014-0160). More
information here:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160
Patch borrowed from Debian; this is just a tweaked version of the
upstream commit (without patching the CHANGES file which otherwise
would fail to apply on top of this version).
(From OE-Core rev: c3acfdfe0c0c3579c5f469f10b87a2926214ba5d)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2
obtains a certain version number from an incorrect data structure, which
allows remote attackers to cause a denial of service (daemon crash) via
crafted traffic from a TLS 1.2 client.
(From OE-Core master rev: 3e0ac7357a962e3ef6595d21ec4843b078a764dd)
(From OE-Core rev: 33b6441429603b82cfca3d35e68e47e1ca021fd7)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The DTLS retransmission implementation in OpenSSL through 0.9.8y and 1.x
through 1.0.1e does not properly maintain data structures for digest and
encryption contexts, which might allow man-in-the-middle attackers to
trigger the use of a different context by interfering with packet delivery,
related to ssl/d1_both.c and ssl/t1_enc.c.
(From OE-Core master rev: 94352e694cd828aa84abd846149712535f48ab0f)
(From OE-Core rev: 1e934529e501110a7bfe1cb09fe89dd0078bd426)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before
1.0.1f allows remote TLS servers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted Next Protocol
Negotiation record in a TLS handshake.
(From OE-Core master rev: 35ccce7002188c8270d2fead35f9763b22776877)
(From OE-Core rev: a5060594208de172cb31ad406b34b25decd061e4)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
While working on the OpenBSC/NITB schema migration I experienced
crashes and traced it down to libdbi-drivers. It was possible that
a special string quote each character and then adding '"\0' would
result in out of bounds write.
These provide us with a nice way to provision/install the BSCs
with grub. This way we can easily upgrade the kernel on the BSC
as well. It is a fix for SYS#75.
Concatenated fix of PowerPC time related system calls in eglibc 2.18 taken
from upstream glibc. See credits in patch header.
The effect is that some time related system calls returns nothing or garbage.
Fix tested on PowerPC e300c3.
Eglibc 2.17 does not have this issue and the patches are already part of 2.19.
(From OE-Core rev: fae2f635e795d496228dd5d302e99d9ab7706900)
Signed-off-by: Mats Karrman <mats.karrman@tritech.se>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(*) add MESA_EGL_NO_X11_HEADERS to defines
(*) avoid altering eglplatform.h from {top_srcdir}/include
using an alternative to
0003-EGL-Mutate-NativeDisplayType-depending-on-config
patch.
[YOCTO #5882]
(From OE-Core rev: 4c6340dba65185acef7301762270fa1dc7e0afda)
Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We do not intend to use u-boot right now but at least this
version will build. In the first version we will use the
barebox images provided to us by the producer of the SoM.
This is fixing max_power_reduction for revC hardware and applies
a new max_power_reduction when it arrives through OML and the
system is already initialized.
The image not correctly created if 'ptest-pkgs' is in IMAGE_FEATURES,
this is because there is no free inode left. We can use 4096 instead of
8192 bytes-per-inode to fix the problem, and most of the distributions
us 4096, such as Ubuntu, Suse, Fedora and CentOS.
There are another problems:
* There are error message when there is no free inode left if we run the
mke2fs command manually, but they are not in log.do_rootfs.
* The image generation doesn't stop when error happens because mke2fs
doesn't return failed for this case.
Will fix them in other threads.
[YOCTO #5957]
(From OE-Core master rev: 09ab3a00598d06e3a1bf871811c2ac37359c74da)
(From OE-Core rev: ec8ae16e35fd7db6a5bb12412d50ab6f355b0f6e)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>