| Age | Commit message (Collapse) | Author |
|---|
|
This is a bugfix release:
ver 0.31:
Fix issue with verification of the second certificate in chain.
Fix issue with handling trusted CA matching in verification.
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License-Update: Updated copyright years [1]
Latest master 0.10.x+ has added support for mips/mips64, which should
help compile ruby on musl for these architectures
Switch SRC_URI to github upstream URI
Check for common arches before checking others in map_kernel_arch
Drop already upstreamed patches
[1] https://github.com/kaniini/libucontext/commit/d31eaabbaf5f45656c10e4bccd3fe6653a7d3ec1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Builds like native-openjdk, really wants a to link
some tools against the static version. Since when
using the extended tarball, its the only place to
get it, add the library.
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently, this unit is packaged into udev-hwdb which then adds it as rdep
instead of rrecommends to systemd itself, this meant that even if we
added udev-hwdb to BAD_RECOMMENDATIONS, it would not be respected since
its a rdep, therefore move the service unit file into udev package
instead, this decouples the hard runtime dependency and restores the bad
recommendations expectations
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Alex Kiernan <alex.kiernan@gmail.com>
Cc: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Avoid confusing messages caused by EIO on reading
/proc/sys/net/ipv6/conf/*/stable_secret if those are not set yet.
Make it behave the same as procps(>=3.3.13).
Fixes:
$ sysctl -a | grep ipv6.conf | grep stable_secret
sysctl: error reading key 'net.ipv6.conf.all.stable_secret': Input/output error
sysctl: error reading key 'net.ipv6.conf.default.stable_secret': Input/output error
sysctl: error reading key 'net.ipv6.conf.eth0.stable_secret': Input/output error
sysctl: error reading key 'net.ipv6.conf.lo.stable_secret': Input/output error
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport fixes introduced in 2.63.6 for memory leaks and memory corruption in
GMainContext
Upstream merge: https://gitlab.gnome.org/GNOME/glib/-/merge_requests/1353
Fixes SIGSEGV in GStreamer:
Thread 2 "multihandlesink" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff6bb9700 (LWP 18045)]
0x00007ffff7d65992 in g_source_unref_internal (source=0x7ffff00047d0, context=0x55555561c800, have_lock=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:2146
2146 ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c: No such file or directory.
(gdb) bt
#0 0x00007ffff7d65992 in g_source_unref_internal (source=0x7ffff00047d0, context=0x55555561c800, have_lock=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:2146
#1 0x00007ffff7d65bb6 in g_source_iter_next (iter=iter@entry=0x7ffff6bb8db0, source=source@entry=0x7ffff6bb8da8) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:980
#2 0x00007ffff7d67ef3 in g_main_context_prepare (context=context@entry=0x55555561c800, priority=priority@entry=0x7ffff6bb8e30) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:944
#3 0x00007ffff7d6896b in g_main_context_iterate (context=context@entry=0x55555561c800, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:3900
#4 0x00007ffff7d68b4c in g_main_context_iteration (context=0x55555561c800, may_block=may_block@entry=1) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gmain.c:3981
#5 0x00007ffff6be4482 in gst_multi_socket_sink_thread (mhsink=0x555555679ab0 [GstMultiSocketSink]) at ../../../gst-plugins-base-1.14.4/gst/tcp/gstmultisocketsink.c:1164
#6 0x00007ffff7d8fb35 in g_thread_proxy (data=0x55555565c770) at ../../../../../../../repo/workspace/sources/glib-2.0/glib/gthread.c:784
#7 0x00007ffff7841ebd in start_thread (arg=<optimized out>) at pthread_create.c:486
#8 0x00007ffff7aa12bf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
#8 0x00007ffff7aa12bf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Signed-off-by: Daniel Gomez <daniel@qtec.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
During a busybox upgrade on a ipk based system, it is possible
that busybox is the only shell in the system. During the uninstall
the alternative for /bin/sh is removed and everything after that
goes down hill.
* Add a check to verify if busybox is the shell, and save it to
the busyboxrm directory created in tmp. Then add an alternative
for /bin/sh that points to that busybox at the lowest priority.
* Add PATH to the busyboxrm directory using shell(as during an upgrade
busybox and its links are missing).
* When install over remove extra busybox if present.
deb and rpm are uneffected by the bug because they both drag in bash,
however neither upgrade seemed to have issue with the changes.
[YOCTO 13850]
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
fix logic for CVE DB update so that when the CPE version is '-',
it keeps the version as '-' in the DB file too and leave other
operation as blank.
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CPE version could be '-' to mean no version info.
Current cve_check treat it as not valid and does not report these
CVE but some of these could be a valid vulnerabilities.
Since non-valid CVE can be whitelisted, so treat '-' as all version
and report all these CVE to capture possible vulnerabilities.
Non-valid CVE to be whitelisted separately.
[YOCTO #13617]
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit 4e692daf66d2c9d51d418706e20f4527505dc0bd.
The patch did not take into consideration of read-only rootfs, causing
the following regression.
ERROR "The following packages could not be configured offline and rootfs is read-only: ['100-ifupdown']"
The original patch was added to resolve problem running `ifup eth1' on
a systemd based rootfs. However, when using systemd, we do not use ifup
to manage our network interfaces.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
systemd sets net.core.default_qdisc = fq_codel, include
kernel-module-sch-fq-codel in RRECOMMENDS to satify this
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
systemd supports a distribution hwdb.bin in /usr/lib/udev/hwdb.bin,
which is used if /etc/udev/hwdb.bin is not present. When generating the
install time hwdb, for systemd, ensure that we put it in /usr/lib/udev,
which then ensures that at boot time we do not regenerate it, unless the
system is marked for update.
This allows fragments dropped into /etc/udev/hwdb.d to be processed
correctly, but without requiring a first boot time build:
root@qemumips:~# systemctl status systemd-hwdb-update.service
* systemd-hwdb-update.service - Rebuild Hardware Database
Loaded: loaded (/usr/lib/systemd/system/systemd-hwdb-update.service; static; vendor preset: disabled)
Active: inactive (dead)
Condition: start condition failed at Wed 2020-03-04 15:18:11 UTC; 44s ago
|- ConditionPathExists=|!/usr/lib/udev/hwdb.bin was not met
|- ConditionPathExists=|/etc/udev/hwdb.bin was not met
`- ConditionDirectoryNotEmpty=|/etc/udev/hwdb.d was not met
Docs: man:hwdb(7)
man:systemd-hwdb(8)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use rootlibexecdir consistently rather than nonarch_base_libdir for udev
rules.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
udev is packaged before systemd so any wildcard inclusions in FILES will
override later specifics. List all udev rules explicitly so that the
systemd specific rules, packaged alongside systemd, appear in the
correct package.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By using PACKAGE_BEFORE_PN rather than =+ it's clearer how we expect the
package ordering to work. It also avoids the possibilty that dev/dbg/etc.
artefacts attempt to package as part of these packages.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When X11 isn't in DISTRO_FEATURES, remove X11 related files.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add sysvinit PACKAGECONFIG which disables all sysvinit handling in
systemd if it isn't present.
Consolidate sysvinit handling so that when it's disabled we exclude all
sysvinit features.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since commit 5a0d5de68957ed11407694cf1acee1ab1cb4be79 ("build: Require at least version 0.29 when building with external ELL") in iwd [1]
ell version 0.29 is required.
Also, this is a bug fix release, see after:
ver 0.30:
Fix issue with missing export of RTNL helper functions.
ver 0.29:
Fix issue with time overflow on 32-bit systems.
Add support for RTNL helper functionality.
[1] - https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=5a0d5de68957ed11407694cf1acee1ab1cb4be79
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
when do_populate_cve_db forced stop at certain point, the
DB execution are stoped however the temporary database
file (DB-JOURNAL) are not removed. This db-journal file
indicates that DB is incomplete and set DB in readonly
mode. So when db-journal exist, remove both DB and the
db-journal and build the DB again from scratch.
[YOCTO #13682]
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ifunc patch is needed to address a glibc ptests failure on riscv
long double double patch is backported to let 2.31 build with gcc10
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
psplash is only expected to run during startup, but if any dependency is
pulled into a transaction and the unit is inactive, then it can be
restarted.
Set RemainAfterExit to ensure that the unit remains active and is not
gratuitously restarted.
Drop the nonexistent systemd-start.service from the unit.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
prevent cve-check from fatal error cause by network issue.
[YOCTO #13680]
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The updates to the tests are done in do_install instead of do_install_ptest,
so the changes need to consider ptest not being turned on.
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It fails to run ifup if /etc/network/interfaces doesn't exist:
| ifup: couldn't open interfaces file "/etc/network/interfaces": No such
| file or directory
Create the config file if not exist.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
ldso is always stored in /lib regardless of multilib
add ld-musl-${MUSL_LDSO_ARCH}.path to aid ldso finding default library
loading paths, it helps when using multilib, where system libraries are
moved to lib32 or lib64 paths under / or /usr
[YOCTO #11971]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The source code such as update-passwd.c states the license to be under
GPL v2 only and does not contain the "or later" clause so correct the
recipe LICENSE field to match.
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libdir is hardcoded to /lib which is not going to work in multilib
scene, patch makefile to add a variable to override the libdir from env
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Based on the recommendation in musl mailing list[1] All symlinks have
been removed from musl recipe.
Move stub libraries into -dev package
having them treated as normal .a which they are not, is not correct and
packages shoves them into static archives, which are not installed on
target usually unless asked for
this should help in linking with -lm, -lpthread etc. on target
[1]: https://www.openwall.com/lists/musl/2020/03/10/11
Signed-off-by: Jan Kaisrlik <ja.kaisrlik@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If console=null systemd-udevd throws an assertion which prevents the
system from booting. This patch redirects stdin, stdout and stderr to
/dev/null in case that the console can't be opened so that udevd still
boots.
A systemd issue was reported here. However, they will not fix this
specific use-case:
https://github.com/systemd/systemd/issues/13332
Signed-off-by: Stefan Eichenberger <stefan.eichenberger@toradex.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add an extra comment about the implications of changing DEPENDS.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The new ptest dependencies present some challenges, in particular libmodule-build-perl
which effectively depends on gcc. In multilib images, this results in both
libXX-gcc-symlinks and libYY-gcc-symlinks being installed which conflict. This also
makes little sense.
The easiest way to fix this is to disable the automatic -dev package dependencies
and manually specify the correct ones.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
coreutils has a large number of tests, including some added by the
Makefile flags RUN_EXPENSIVE_TESTS and RUN_VERY_EXPENSIVE_TESTS that
significantly increase runtime (and that have been disabled). Note
that the coreutils ptest directory is given blanket permissions at
runtime with chmod -R 777 to ensure that the user created for the
tests will be able to run the test scripts and create the necessary
files in the process.
There is still room to improve the results of this ptest without
the aforementioned additions. Of the tests marked SKIP, there are
30 tests that are currently counted as SKIP because they require
sudo permissions, and another 21 that require membership in
multiple user groups. It is important to know that coreutils has
tests for both root and non-root users. Testing showed that 42
tests are skipped when running as root versus 30 when running as a
non-root user, so the decision was made to run the suite as the
latter. Additionally, gdb, valgrind, and strace could be included
in the RDEPENDS list to increase pass rate, but their total
contribution is 13 tests, so they were omitted to reduce image size.
Finally, note that at least one ptest (misc/head-write-error.sh) is
prone to ERROR on builds of core-image-minimal if extra space is
not provided with IMAGE_ROOTFS_EXTRA_SPACE.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The eSDK installation code checks installed locales with the locale command which is
from glibc-utils. Add this so that we find the correct locales from the buildtools.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The locale binary reported incorrect locale lists in relocated toolchains
as some path references were not relocated by this patch. Fix this missing
relocations so the locale binary correctly reports the locales.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport the CVE patch from upstream:
[https://sourceware.org/git/gitweb.cgi?p=glibc.git;
a=patch;h=9333498794cde1d5cca518badf79533a24114b6f]
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If configure is rerun it finds msgfmt from gettext-native which is installed
during package_write_ipk|deb and means builds are not determinisic.
Whether msgfmt is needed is debatable (libc.mo files aren't generated without
it), however, we should at least be consistent which this patch ensures.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Babeltrace 1 vs. Babeltrace 2
The Babeltrace project exists since 2010. In 2020, Babeltrace 2 was released.
Babeltrace 2 is a complete rewrite of the library, Python bindings, and CLI. It
is plugin based and offers much more features and potential than Babeltrace 1.
Because Babeltrace 2 is still a young released project, some distributions still
provide packages for the Babeltrace 1 project. Both projects can coexist on the
same system as there are no common installed files.
Signed-off-by: Anders Wallin <wallinux@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
virtual/crypt-native is assume provided in bitbake.conf, so
buildtools-extended-tarball shoud provide crypt since it doesn't
use the host's headers/libraries.
[YOCTO #13714]
Signed-off-by: Jeremy A. Puhlman <jpuhlman@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Pierre-Jean Texier
Khem Raj
Jeremy Puhlman
Richard Purdie
Yi Zhao
Daniel Gomez
Lee Chee Yang
Chen Qi
Alex Kiernan
Kai Kang
Wang Mingyu
Jan Kaisrlik
Stefan Eichenberger
Trevor Gamblin
Zhixiong Chi
Alexander Kanavin
Mingli Yu
Anders Wallin