| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Max Kellermann <max.kellermann@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This upgrades to 3.3.3 release and drop the backported patches when
doing the recipe update.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The testcases of fcntl fail on 32-bit arch
To cope with glibc commit:
06ab719d30b0 ("Fix Linux fcntl OFD locks for non-LFS architectures
(BZ#20251)")
Make OFD command use fcntl64() syscall on 32-bit.
Signed-off-by: Hongzhi.Song <hongzhi.song@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Removed below patches, as v9.25 source already has those
changes/security fixes:
0001-Bug-699665-memory-corruption-in-aesdecode.patch
0001-pdfwrite-Guard-against-trying-to-output-an-infinite-.patch
0002-Bug-699656-Handle-LockDistillerParams-not-being-a-bo.patch
0003-Fix-Bug-699660-shading_param-incomplete-type-checkin.patch
0004-Hide-the-.shfill-operator.patch
0005-Bug-699657-properly-apply-file-permissions-to-.tempf.patch
remove-direct-symlink.patch
Re-worked ghostscript-9.21-native-fix-disable-system-libtiff.patch
and ghostscript-9.21-prevent_recompiling.patch
to fix warnings in do_patch task of ghostscript v9.25 recipe.
Highlights of ghostscript v9.25 release:
---------------------------------------
- This release fixes problems with argument handling, some unintended results
of the security fixes to the SAFER file access restrictions
(specifically accessing ICC profile files), and some additional security
issues over the recent 9.24 release.
- Note: The ps2epsi utility does not, and cannot call Ghostscript with
the -dSAFER command line option. It should never be called with input
from untrusted sources.
- Security issues have been the primary focus of this release, including
solving several (well publicised) real and potential exploits.
- As well as Ghostscript itself, jbig2dec has had a significant amount of work
improving its robustness in the face of out specification files.
- IMPORTANT: We are in the process of forking LittleCMS. LCMS2 is not thread
safe, and cannot be made thread safe without breaking the ABI.
Our fork will be thread safe, and include performance enhancements
(these changes have all be been offered and rejected upstream). We will
maintain compatibility between Ghostscript and LCMS2 for a time, but not in
perpetuity. Our fork will be available as its own package separately from
Ghostscript (and MuPDF).
- The usual round of bug fixes, compatibility changes, and incremental
improvements.
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Actually, this is not a bug, mmap15 only run on 64bit system.
On qemumips64, mmap15 return EINVAL, x86-64 and arm64 return
ENOMEM. This is because mips system check the addr that passed
to the syscall mmap15:
https://github.com/torvalds/linux/blob/master/arch/mips/mm/mmap.c#L71
If the addr larger than (TASK_SIZE - page_size), mips think it is invalid.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CVE-2018-15911
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Otherwise, latest version is reported as 1.0.2 which is less than 1.0.6.
Hopefully some kind of official homepage will exist at some point.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Ensure we have virtual/crypt even if building without PAM; fixes:
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /usr/libexec/sudo/sudoers.so: /usr/libexec/sudo/sudoers.so: undefined symbol: crypt
sudo: fatal error, unable to load plugins
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
iso9660: validate directory record length
Affects libarchive <= 3.3.2
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Issue: LIN1018-1797
At the point of the following failure, the file being checked, setgid,
is owned by "nobody" in the "nogroup" and tries to inherit SGID from
its parent directory who is in group of "bin". This is forbidden since
Linux kernel v4.18-rc4, unless current process is given CAP_FSETID
beforehand. See "Fix up non-directory creation in SGID directories" in
the kernel. The check in Block3 succeeds since it becomes root again
then.
creat08 3 TFAIL : creat08.c:368: testdir.B.1026/setgid: Incorrect modes, setgid bit should be set
creat08 4 TFAIL : creat08.c:376: Test failed in block2.
open10 3 TFAIL : open10.c:352: open10.testdir.B.1045/setgid: Incorrect modes, setgid bit not set
open10 4 TFAIL : open10.c:359: Test failed in block2.
open10 6 TFAIL : open10.c:443: Test failed because of above failures.
Backport a patch from upstream.
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update /sbin to $base_sbindir to fix the
below warning when usrmerge enabled in
DISTRO_FEATURES.
WARNING: mingetty-1.08-r3 do_package: mingetty: NOT adding alternative provide /usr/sbin/getty: /usr/sbin/mingetty does not exist
WARNING: mingetty-1.08-r3 do_package: QA Issue: mingetty: Files/directories were installed but not shipped in any package:
/sbin
/usr/sbin
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update /lib to $nonarch_base_libdir to fix
the below error when usrmerge enabled in
DISTRO_FEATURES.
ERROR: mdadm-4.0-r0 do_package_qa: QA Issue: mdadm package is not obeying usrmerge distro feature. /lib should be relocated to /usr. [usrmerge]
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The name string is too small to contain normal full path names and causes
the following failure.
"ftest06 2 TFAIL : ftest06.c:223: Can't chdir(): errno=ENOENT(2): No such file or directory"
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reject LHA archive entries with negative size.
Affects libarchive = 3.3.2
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libunistring is one such library which many autotooled packages
mistake to use from build system if its installed on it. This
is specifically toxic when build host arch is same as target arch
since we only see the problem during runtime but thankfully OE
has build time QA which warns about it.
QA Issue: libidn2: The compile log indicates that host include and/or library paths were used.
Using --with-libunistring-prefix nudges the autoconf system for the
component to first look into target sysroot before going on to search
on the build host
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
screen uses crypt() so add the missing DEPENDS triggered by glibc 2.28.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The bzip.org domain expired and is now a holding site for adverts, so we can't
trust a tarball that appears on that site (luckily we have source checksums to
detect this).
For now, point SRC_URI at the tarball in the Yocto Project source mirror, but
set HOMEPAGE and UPSTREAM_CHECK_URI to the sourceware.org/bzip2/ page which
apparently will be resurrected as the new canonical home page.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Make man-db rdepend on base-passwd to ensure that base-passwd is
installed before man-db at rootfs time. This is to avoid the following
warning at rootfs time.
warning: user man does not exist - using root
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add volatile configuraiton file for man-db so that in sysvinit systems
we don't get failure when running `mandb'. The error message is like
below.
mandb: can't create index cache /var/cache/man/579: No such file or
directory
[YOCTO #12872]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* let manpages.bbclass to enable manpages PACKAGECONFIG based on
api-documentation DISTRO_FEATURES
PACKAGECONFIG_append_class-target = " ${@bb.utils.contains('DISTRO_FEATURES', 'api-documentation', 'manpages','', d)}"
* it's true that building man-pages without manpages being enabled
doesn't make much sense, but it's included through couple
packagegroups:
meta/recipes-core/packagegroups/packagegroup-self-hosted.bb: man-pages \
meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb: man-pages \
or in world even for people who might not be interested
in man-pages
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes
ERROR: libidn2-2.0.5-r0 do_package: QA Issue: libidn2: Files/directories were installed but not shipped in any packag
e:
/usr/lib/charset.alias
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or del
ete them within do_install.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
enabled
with thumb and debug enabled bash gets stuck forever when building for qemuarm.
bash/4.4.18-r0/build/builtins$ arm-webos-linux-gnueabi-gcc -march=armv5te -mthumb -fstack-protector-strong --sysroot=bash/4.4.18-r0/recipe-sysroot -c -DHAVE_CONFIG_H -DSHELL -I. -I.. -I../../bash-4.4.18 -I../../bash-4.4.18/include -I../../bash-4.4.18/lib -I../../bash-4.4.18/builtins -O -fno-omit-frame-pointer -g -DNON_INTERACTIVE_LOGIN_SHELLS read.c
when -mthumb, -fstack-protector-strong, -fno-omit-frame-pointer appear
together, removing one of them is enough for successful build.
similar to:
http://lists.openembedded.org/pipermail/openembedded-core/2018-May/150654.html
but in this case the build gets stuck instead of failure
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix foe gnulib bug and makedev header move in glibc 2.25+
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When net-tools is built and the local patches haven't been applied, then
`quilt pop -a` will climb parent directories attempting to find a
{patches/.pc} directory; if this succeeds then we end up popping off
some completely unrelated patches from a parent directory.
Ensure that we do have a local patches directory and then turn off the
directory climbing so that we avoid this problem.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The following error appeared at boot.
systemd-tmpfiles[115]: [/usr/lib/tmpfiles.d/man-db.conf:1] Unknown user '1w'
By default cache owner is enabled and defaults to 'man'. Users could
supply '--enable-cache-owner=[ARG]' to change the default cache owner.
Using '--disable-cache-owner' leaves the ownership of system-wide
cache files unconstrained, and users will allowed to modify them.
We'd better keep the default behavior, just like other distros do.
I can guess that we used '--disable-cache-owner' to bypass the following
error at do_install.
| chown: invalid user: ‘man:man’
The 'man' user is provided by base-passwd recipe, so add it to DEPENDS.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The pam_wheel PAM module is used to enforce the so-called wheel group.
By default it permits root access to the system if the applicant user is
a member of the wheel group.
Add PACKAGECONFIG to enable pam_wheel module for sudo.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By splitting the iptables modules into separate packages it is
possible to pick and choose the modules to install and thereby reduce
the total size of the installed modules.
Backwards compatibility is maintained by adding a recommendation of
iptables-modules, which is a meta package that depends on all the
generated packages.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
There is no need to depend on the compatibility library libusb-compat, as CUPS
links directly to libusb1.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Large zip files can cause unzip to crash, take a patch from Fedora to fix it.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
libidn 1.x is deprecated, add the parallel-installable libidn2.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The following patches are removed because problems have been fixed in this version.
0001-shadow-CVE-2017-12424
fix-installation-failure-with-subids-disabled.patch
usermod-fix-compilation-failure-with-subids-disabled.patch
CVE-2017-2616.patch
check_size_of_uid_t_and_gid_t_using_AC_CHECK_SIZEOF.patch
0001-Do-not-read-login.defs-before-doing-chroot.patch
The following patches are rebased.
0001-Disable-use-of-syslog-for-sysroot.patch
0001-useradd-copy-extended-attributes-of-home.patch
0001-useradd.c-create-parent-directories-when-necessary.patch
allow-for-setting-password-in-clear-text.patch
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The 'system services' packagegroup depends on a number of packages which are not
system services, so remove them from the list.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
${base_prefix} is set in bitbake.conf to empty. This makes lsb_release
always install under /bin which is a problem if usrmerge is in
DISTRO_FEATURES, because it needs to be installed under /usr/bin.
By using ${root_prefix} instead, we fix the usrmerge install path and
the following QA warning goes away while keeping the non-usrmerge path
identical.
WARNING: lsb-5.0-r0 do_package: QA Issue: lsb: Files/directories were
installed but not shipped in any package:
/bin
/bin/lsb_release
Please set FILES such that these items are packaged. Alternatively
if they are unneeded, avoid installing them or delete them within do_install.
lsb: 2 installed and not shipped files. [installed-vs-shipped]
Also if usrmerge is defined don't try to create the lib64 symlink
because base-files handles it to avoid the do_rootfs error
Collected errors:
* check_data_file_clashes: Package lsb wants to install file
tmp-glibc/work/x64-nilrt-linux/test-image/1.0-r0/rootfs/lib64
But that file is already provided by package * base-files
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This makes it possible to add extra options to the logrotate
application (via ${LOGROTATE_OPTIONS}), and it allows the Persistent
option in logrotate.timer to be configured via
${LOGROTATE_SYSTEMD_TIMER_PERSISTENT}.
It also changes the sed expressions to allow for
${LOGROTATE_SYSTEMD_TIMER_BASIS} to contain commas without having to
prefix them with backslahes, e.g.:
LOGROTATE_SYSTEMD_TIMER_BASIS = "*-*-* *:00,30:00"
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
License-Update: change license checksums to check the License files themselves (BSD3 and GPL2),
and the tool-to-license file (LICENSE). Changes to LICENSE will now be
detected.
Backport a patch to fix the build with musl.
Drop upstreamed patch.
Update libidn build-dependency to libidn2.
Patch in an install target and use that to install binaries, to avoid upstream
adding binaries that we don't ship. Also ship all binaries that are installed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Relicensed to just GPLv3+, update LICENSE and checksums.
The build dependency for flex should be flex-native.
libmath.h is missing from the tarball (it was present in 1.06) and the
generation rules are not cross-friendly, so delete the rules and copy in a
pre-generated libmath.h.
Remove fix-segment-fault.patch as the fixes are now upstream.
Add PACKAGECONFIG for readline and libedit, defaulting to readline.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Max Kellermann
Otavio Salvador
Hongzhi.Song
Jagadeesh Krishnanjanappa
Andrej Valek
Dengke Du
Hongxu Jia
Alexander Kanavin
Alex Kiernan
He Zhe
Mingli Yu
Changqing Li
Khem Raj
Richard Purdie
Ross Burton
Chen Qi
Martin Jansa
Yi Zhao
Peter Kjellerstedt
Ovidiu Panait
Ioan-Adrian Ratiu