aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* make: add missing Signed-off-byrockoRoss Burton12 hours1-0/+1
| | | | | | | | | (From OE-Core rev: 5282774e0a8df40a04808622e6d265157477488f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* make: Backport fixes to not assume glibc internal glob implementationKhem Raj12 hours3-1/+111
| | | | | | | | | | Exposed with glibc 2.27 (From OE-Core rev: cdf370f1bd046ba6207b63c9a82bdfff2b261a7d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* recipes: Update git.gnome.org addresses after upstream changesRichard Purdie12 hours7-8/+9
| | | | | | | | | | | | | | | | | git.gnome.org is no more. It has ceased to be. It's an ex-git. Please see here: https://about.gitlab.com/2018/05/31/welcome-gnome-to-gitlab/ Note that gitlab does not support git://, only https:// (and ssh). [Commit message from Alexander Kanavin] (From OE-Core rev: 8382cdc0888ca645a44aacaac1155afb8dcde979) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for sumo context] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptodev: Fix build errors with v4.17+He Zhe12 hours2-0/+44
| | | | | | | | | | | | | Backport from upstream to update internal syscall function usage. https://github.com/cryptodev-linux/cryptodev-linux f60aa08c63fc02780554a0a12180a478ca27d49f (From OE-Core rev: 270a1e9bcf26a43f5cbdc5b901c4c6f79495311d) Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* shadow: CVE-2016-6252Armin Kuster8 days2-0/+49
| | | | | | | | | Backport patch from the upstream https://github.com/shadow-maint/shadow/commit/ 1d5a926cc2d6078d23a96222b1ef3e558724dad1 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* shadow: update ownership and permission of /var/spool/mailKai Kang8 days1-1/+2
| | | | | | | | | | | | | | | | | Update shadow to change ownership of /var/spool/mail from root:root to root:mail and permission from 0755 to 0775 just as in most popular distributions such as fedora and debian(It also set setgid bit in debian but we don't need it). (From OE-Core rev: b3ab5fe359c38cdd5cd86cb8ffe076d7a2baac18) (From OE-Core rev: a77eff19be1d5812999bf584364000440f218fbb) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* shadow: CVE-2018-7169Jagadeesh Krishnanjanappa8 days2-0/+187
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | newgidmap: enforce setgroups=deny if self-mapping a group This is necessary to match the kernel-side policy of "self-mapping in a user namespace is fine, but you cannot drop groups" -- a policy that was created in order to stop user namespaces from allowing trivial privilege escalation by dropping supplementary groups that were "blacklisted" from certain paths. This is the simplest fix for the underlying issue, and effectively makes it so that unless a user has a valid mapping set in /etc/subgid (which only administrators can modify) -- and they are currently trying to use that mapping -- then /proc/$pid/setgroups will be set to deny. This workaround is only partial, because ideally it should be possible to set an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow administrators to further restrict newgidmap(1). We also don't write anything in the "allow" case because "allow" is the default, and users may have already written "deny" even if they technically are allowed to use setgroups. And we don't write anything if the setgroups policy is already "deny". Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 Fixes: CVE-2018-7169 Affects shadow <= 4.5 (From OE-Core rev: a875522540372a4fa6658885692e564dfd729f54) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* shadow: fix CVE-2017-2616Andrej Valek8 days2-0/+65
| | | | | | | | | | | | | (From OE-Core rev: 94a1e2794df15f0f2cb62ae030cd81e6c0798b1f) (From OE-Core rev: 8894c70ae5a44974f74434d251def3148818a866) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* license.bbclass: be a bit more strict when searching ↵Martin Jansa8 days1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ${PN}-${LICENSE_PACKAGE_SUFFIX} in packages * linux-firmware contains ${PN}-license package since this commit: commit 1ee083da0730408fffdbbf5f29abc299c0e61be9 Author: Jackie Huang <jackie.huang@windriver.com> Date: Mon Apr 13 10:17:21 2015 +0800 linux-firmware: fix the mess of licenses * LICENSE_CREATE_PACKAGE functionality in license.bbclass when enabled adds new package with suffix: LICENSE_PACKAGE_SUFFIX ??= "-lic" but then it checks if ${PN}-${LICENSE_PACKAGE_SUFFIX} is included in PACKAGES before adding it and when found it shows: WARNING: linux-firmware-1_0.0+gitAUTOINC+4c0bf113a5-r0 do_package: linux-firmware-lic package already existed in linux-firmware. and doesn't add the ${PN}-lic to PACKAGES and causes another warning: WARNING: linux-firmware-1_0.0+gitAUTOINC+4c0bf113a5-r0 do_package: QA Issue: linux-firmware: Files/directories were installed but not shipped in any package: /usr /usr/share /usr/share/licenses /usr/share/licenses/linux-firmware that's because it was searching ${PN}-lic in PACKAGES as a string so it found ${PN}-lic as a substring of ${PN}-license, add a split to search in an list (From OE-Core rev: 9b9897fc034819385a9d4ce591cc79dd458f3f24) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Yocto 12572] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* license.bbclass: Minor simplification of get_deployed_dependencies()Peter Kjellerstedt8 days1-3/+1
| | | | | | | | | | | | Since ${SSTATE_ARCHS} now contains ${PACKAGE_EXTRA_ARCHS} there is no longer any need to add those extra architectures to the list of architectures handled in get_deployed_dependencies(). (From OE-Core rev: e55e6df4f1434458cdfa0e2d3610b48119e5a782) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* patch: fix CVE-2018-6952Hongxu Jia2018-09-132-0/+37
| | | | | | | | (From OE-Core rev: 1314a6953aa647706107557faaba8574e307d2bd) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* multilib_header: recognize BPF as a targetDaniel Díaz2018-09-131-1/+3
| | | | | | | | | | | | | | When building with `clang -target bpf` using the multilib_header, a recursion was unavoidable because bits/wordsize.h would #include itself, still lacking a definition for __MHWORDSIZE or __WORDSIZE. (From OE-Core rev: 70b41b3c335a80b4ac243f468f22331d261299db) (From OE-Core rev: 58abe666d3bad7a915c244c61085482e94b3d549) Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python2: Fix build with gcc8Ross Burton2018-09-133-0/+45
| | | | | | | | | | | | | | | (From OE-Core rev: 910f68c9c8dc26e12d28ef29e956af63d100f121) (From OE-Core rev: 04c2d53ef48a09747d0577d9ec1ffa548d247615) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Hundebøll <martin@geanix.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python-native: add dependency for gdbm and db native packagesDerek Straka2018-09-131-1/+1
| | | | | | | | | | | | | These two packages are required to ensure the manifest files contain all of the generated packages. Without this, the db and gdbm packages will not contain the .so files as they are skipped during the compilation steps (From OE-Core rev: 912c06615269f42230db2d93d70db2b340ed270a) Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* python: Upgrade both python and python-native to 2.7.14Derek Straka2018-09-137-61/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Rebased: - python/01-use-proper-tools-for-cross-build.patch - python/fix-makefile-for-ptest.patch - python/parallel-makeinst-create-bindir.patch Removed Upstreamed Patch: - python/Don-t-use-getentropy-on-Linux.patch Updated license checksum for changes in the copyright date. The license terms remain unchanged Added an extra do_compile item to create the native pgen that no longer gets compiled by default (From OE-Core rev: 9f2de4f9cf1eb6de75dc789bd0549f45c7a68c55) Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix release only] CVE-2017-9233 CVE-2016-0718 CVE-2012-0876 CVE-2016-4472 Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libvorbis: CVE-2018-10392Jagadeesh Krishnanjanappa2018-09-132-0/+30
| | | | | | | | | | Sanity check number of channels in setup. Fixes #2335. Link: https://gitlab.xiph.org/xiph/vorbis/issues/2335 Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* libvorbis: CVE-2017-14160 CVE-2018-10393Jagadeesh Krishnanjanappa2018-09-132-0/+35
| | | | | | | CVE-2017-14160: fix bounds check on very low sample rates. Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* bzip2: use Yocto Project mirror for SRC_URIRoss Burton2018-09-131-3/+3
| | | | | | | | | | | | | | | | The bzip.org domain expired and is now a holding site for adverts, so we can't trust a tarball that appears on that site (luckily we have source checksums to detect this). For now, point SRC_URI at the tarball in the Yocto Project source mirror, but set HOMEPAGE and UPSTREAM_CHECK_URI to the sourceware.org/bzip2/ page which apparently will be resurrected as the new canonical home page. (From OE-Core rev: 9e291d9923efc988abe8689c64bafbb29da06339) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
* classes: sanity-check LIC_FILES_CHKSUMRoss Burton2018-08-302-3/+5
| | | | | | | | | | | | | | We assume that LIC_FILES_CHKSUM is a file: URI but don't actually verify this, which can lead to problems if you have a URI that resolves to a path of / as Bitbake will then dutifully checksum / recursively. [ YOCTO #12883 ] (From OE-Core rev: e2b8a3d5a10868f9c0dec8d7b9f5f89fdd100fc8) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* module-base.bbclass: fix out-of-tree module builds with custom EXTRA_OEMAKEDenys Dmytriyenko2018-08-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | Commit d2aa88a6a92985f21414fceea2dc0facbf7f8779 was meant to backport build dependencies on bc-native and openssl-native, but it also changed execution of do_make_scripts() from calling make directly to using oe_runmake. That change was made in master/sumo as part of a separate make-mod-scripts recipe. Unfortunately, that doesn't work here in rocko in the context of module-base class, as it gets executed inside out-of-tree module environment. Quite often those out-of-tree modules provide own Makefile with custom EXTRA_OEMAKE var defined. But do_make_scripts() gets executed within STAGING_KERNEL_DIR and cannot simply use custom EXTRA_OEMAKE set by a module. Move back to calling make and passing HOSTCC/HOSTCPP directly w/o using EXTRA_OEMAKE. For more details please see: http://lists.openembedded.org/pipermail/openembedded-core/2018-August/154189.html Signed-off-by: Denys Dmytriyenko <denys@ti.com> Cc: Bruce Ashfield <bruce.ashfield@windriver.com> Cc: Richard Purdie <richard.purdie@linuxfoundation.org> Cc: Anuj Mittal <anuj.mittal@intel.com> Cc: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* libxcursor: CVE-2017-16612Jagadeesh Krishnanjanappa2018-08-152-0/+77
| | | | | | | | | | | | | | | | | | | | | | | | affects: <= 1.1.14 CVE-2017-16612: Fix heap overflows when parsing malicious files It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. The integer overflow occurs because the chosen limit 0x10000 for dimensions is too large for 32 bit systems, because each pixel takes 4 bytes. Properly chosen values allow an overflow which in turn will lead to less allocated memory than needed for subsequent reads. The signedness bug is triggered by reading the length of a comment as unsigned int, but casting it to int when calling the function XcursorCommentCreate. Turning length into a negative value allows the check against XCURSOR_COMMENT_MAX_LEN to pass, and the following addition of sizeof (XcursorComment) + 1 makes it possible to allocate less memory than needed for subsequent reads. Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
* devtool/sdk.py: error out in case of downloading file failureChen Qi2018-08-151-0/+3
| | | | | | | | | | | | | | | | | It's possible that downloading file from updateserver fails. In this case, we should error out instead of continue. We have users reporting unexpected behavior of 'devtool sdk-update'. When an invalid url is supplied, e.g., `devtool sdk-update http://invalid', the program reports 'Note: Already up-to-date'. This is obviously not expected. We should error out in such case. (From OE-Core rev: 449564783dfb162536a2f772b3a8704973221e0f) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* perf: disable parallelism for 'make clean'Rasmus Villemoes2018-08-151-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Whenever perf got rebuilt, I was consistently getting errors such as | find: '[...]/perf/1.0-r9/perf-1.0/plugin_mac80211.so': No such file or directory | find: '[...]/perf/1.0-r9/perf-1.0/plugin_mac80211.so': No such file or directory | find: find: '[...]/perf/1.0-r9/perf-1.0/libtraceevent.a''[...]/perf/1.0-r9/perf-1.0/libtraceevent.a': No such file or directory: No such file or directory | [...] | find: cannot delete '/mnt/xfs/devel/pil/yocto/tmp-glibc/work/wandboard-oe-linux-gnueabi/perf/1.0-r9/perf-1.0/util/.pstack.o.cmd': No such file or directory breaking the whole build. The root cause seems to be that the implicit 'make clean' done during do_configure ends up running in parallel, and thus multiple find commands attempt to stat and/or delete the same file. A patch disabling parallelism for the clean target has been ack'ed upstream (lkml.kernel.org/r/20180705134955.GB3686@krava), but it should be harmless to pass JOBS=1 even with a fixed kernel. This can be removed if and when all relevant -stable kernels have that patch. (From OE-Core rev: bb58203b668df42fd08c2e5fa4a172cf63e37369) (From OE-Core rev: d12722681a4c13c1a6bc9c965cc43c4544ce7aa9) Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* glibc: Update 2.26 to tipArmin Kuster2018-08-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVES: CVE-2018-11236, CVE-2017-18269, CVE-2018-11237 LIC_FILES_CHKSUM for LICENSE changed do to removal of "stdio-common/tst-printf.c is copyright C E Chew" text changelog: c9570bd x86: Populate COMMON_CPUID_INDEX_80000001 for Intel CPUs [BZ #23459] 86e0996 x86: Correct index_cpu_LZCNT [BZ #23456] cf6deb0 conform/conformtest.pl: Escape literal braces in regular expressions b12bed3 stdio-common/tst-printf.c: Remove part under a non-free license [BZ #23363] 20dc7a9 libio: Add tst-vtables, tst-vtables-interposed 4b10e69 Synchronize support/ infrastructure with master 762e9d6 NEWS: Reorder out-of-order bugs 2781bd5 libio: Disable vtable validation in case of interposition [BZ #23313] 74d16a5 Check length of ifname before copying it into to ifreq structure. 3aaf8bd getifaddrs: Don't return ifa entries with NULL names [BZ #21812] f958b45 Use _STRUCT_TIMESPEC as guard in <bits/types/struct_timespec.h> [BZ #23349] 81b994b Fix parameter type in C++ version of iseqsig (bug 23171) 7b52c8a libio: Avoid _allocate_buffer, _free_buffer function pointers [BZ #23236] 4df8479 Add NEWS entry for CVE-2018-11236 a5bc5ec Add references to CVE-2018-11236, CVE-2017-18269 58ad5f8 Add a test case for [BZ #23196] 6b4362f Don't write beyond destination in __mempcpy_avx512_no_vzeroupper (bug 23196) af7519f Fix path length overflow in realpath [BZ #22786] 365722a Fix stack overflow with huge PT_NOTE segment [BZ #20419] be056fa Fix blocking pthread_join. [BZ #23137] 02f0dd8 Fix signed integer overflow in random_r (bug 17343). 3241353 i386: Fix i386 sigaction sa_restorer initialization (BZ#21269) 677e6d1 [BZ #22342] Fix netgroup cache keys. 71d339c Fix i386 memmove issue (bug 22644). 31e2d15 Fix crash in resolver on memory allocation failure (bug 23005) 1f7c474 getlogin_r: return early when linux sentinel value is set 7e7a5f0 resolv: Fully initialize struct mmsghdr in send_dg [BZ #23037] Signed-off-by: Armin Kuster <akuster@mvista.com>
* cryptodev: refresh patchesRoss Burton2018-08-151-21/+21
| | | | | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: cecd562742c94f223c92bf5426148967fc9a8054) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptodev: switch SRC_URI to gitAlexander Kanavin2018-08-151-5/+3
| | | | | | | | | | | | | One of the tarball mirrors is down; the other is blocked by Intel's corporate proxy for being deemed 'suspicious' (the same problem might pop up in other companies as well). Let's just take the source from github. (From OE-Core rev: 69f60f6ef9061760643d6b4e378052ddad424754) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* cryptodev: Fix build errors with v4.13+Daniel Schultz2018-08-152-0/+50
| | | | | | | | | | | | | Without this compiles of 4.13 and later kernels fail. Backport from https://github.com/cryptodev-linux/cryptodev-linux Based on commit f0d69774afb27ffc62bf353465fba145e70cb85a (From OE-Core rev: 317fd9814653ee22496dda63a02e628e8a16899b) Signed-off-by: Daniel Schultz <d.schultz@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ovmf: set PARALLEL_MAKE for target as wellChristopher Larson2018-08-151-1/+1
| | | | | | | | | | | | | | This can fail for target, not just native. (From OE-Core rev: 747c7dc8702d2241475894876d06a2f1f2b29fed) (From OE-Core rev: 0d4ccd6eac41c878b5a9eec10e1a00b76241b846) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ovmf: Fix build with gcc8Khem Raj2018-08-155-0/+296
| | | | | | | | | | | | (From OE-Core rev: 278b00ddccb274150ed85e48e984675b40fc9aaa) (From OE-Core rev: 2e4a05879f56e96bcdc0770d3fe27abc8b9af35e) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* ovmf: refresh patchesRoss Burton2018-08-151-1/+1
| | | | | | | | | | | | | | | | | | | The patch tool will apply patches by default with "fuzz", which is where if the hunk context isn't present but what is there is close enough, it will force the patch in. Whilst this is useful when there's just whitespace changes, when applied to source it is possible for a patch applied with fuzz to produce broken code which still compiles (see #10450). This is obviously bad. We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For that to be realistic the existing patches with fuzz need to be rebased and reviewed. (From OE-Core rev: 68d567bd64debc3dfb37df3c814287549da56a3b) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perf: fix build with kernel older than 4.8Martin Jansa2018-08-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * perf is failing to build for me since this oe-core commit: commit 9b38c824961fc9dce51bda95c25dac91a69fc64f Author: Hongxu Jia <hongxu.jia@windriver.com> Date: Tue Apr 24 11:33:47 2018 +0800 perf: make a copy of kernel source to perf workdir the problem is that perf sources in kernel older than 4.8 (in my case 4.4) are depending on the "global" include headers outside tools directory, e.g. swab.h in: kernel-source/tools$ git grep swab.h perf/MANIFEST:include/linux/swab.h perf/MANIFEST:include/uapi/linux/swab.h perf/util/include/asm/byteorder.h:#include "../../../../include/uapi/linux/swab.h" this was resolved in 4.8 with: commit 7e3f36411342a54f1981fa97b43550b8406a3d69 Author: Arnaldo Carvalho de Melo <acme@redhat.com> Date: Mon Jul 18 17:42:16 2016 -0300 perf tools: Remove tools/perf/util/include/asm/byteorder.h Not used anymore. This also stops include linux/swab.h directly from the kernel sources, remove that reference from the MANIFEST. and few more changes to make tools/include more complete and standalone: tools/include in 4.15: asm asm-generic linux tools trace uapi tools/include in 4.4: asm asm-generic linux tools but copying the include header even for kernels which don't really need it doesn't add big overhead, so just copy include to perf sources for all kernels. (From OE-Core rev: 19fb2d11a8bb3c6dfdd5edc1b9155d642dc0f5e0) (From OE-Core rev: 7950b1ed077eaecff1523221c297158aa54b7ecf) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* perf: make a copy of kernel source to perf workdirHongxu Jia2018-08-151-5/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since perf contaminates linux shared workdir, it probably caused kernel-devsrc compile failure at world build. ... |0 blocks |cpio: ./tools/perf/arch/arm/util/sedr7ORqk: Cannot stat: No such file or directory |0 blocks ... cpio tried to find a file at ${S}/tools/perf and failed if the input list is not valid. Make a copy of kernel shared source directory into a perf workdir could fix the issue. Drop `Fix for rebuilding' which is obsolete [YOCTO #10880] (From OE-Core rev: 9b38c824961fc9dce51bda95c25dac91a69fc64f) (From OE-Core rev: 1a39330bf79f3d36a1a0f6d34b421de53ff36405) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* perf: enable support for libauditAnuj Mittal2018-08-151-1/+4
| | | | | | | | | | | | | | | | | | perf needs audit-python to be able to show syscall names and for 'perf trace' to work. Enable dependency on audit-python if present in PACKAGECONFIG. It's disabled by default since audit as of now is in meta-selinux. Fixes [YOCTO #3343] Fixes [YOCTO #3358] (From OE-Core rev: c386abacae89a148e77ffa51630c7917e90406f9) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* Binutils: Security fix for CVE-2018-7642Armin Kuster2018-08-152-0/+52
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-7569Armin Kuster2018-08-152-0/+121
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-7568Armin Kuster2018-08-153-0/+236
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-7208Armin Kuster2018-08-152-0/+48
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-6759Armin Kuster2018-08-152-0/+109
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-6323Armin Kuster2018-08-152-0/+56
| | | | | | Affected: <= 2.29.1 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-13033Armin Kuster2018-08-152-0/+72
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-10535Armin Kuster2018-08-152-0/+64
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-10534Armin Kuster2018-08-152-0/+2444
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-10373Armin Kuster2018-08-152-0/+46
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2018-10372Armin Kuster2018-08-152-0/+59
| | | | | | Affects: <= 2.30 Signed-off-by: Armin Kuster <akuster@mvista.com>
* binutils: Security fix for CVE-2017-17123Armin Kuster2018-08-152-0/+34
| | | | | | Affects: <= 2.29.1 Signed-off-by: Armin Kuster <akuster@mvista.com>
* binutls: Security fix for CVE-2017-17125Armin Kuster2018-08-152-0/+130
| | | | | | Affects: <= 2.29.1 Signed-off-by: Armin Kuster <akuster@mvista.com>
* binutls: Security fix for CVE-2017-17122Armin Kuster2018-08-152-0/+59
| | | | | | Affects: <= 2.29.1 Signed-off-by: Armin Kuster <akuster@mvista.com>
* Binutils: Security fix for CVE-2017-17121Armin Kuster2018-08-152-0/+367
| | | | | | Affects: <= 2.29.1 Signed-off-by: Armin Kuster <akuster@mvista.com>
* binutls: Security fix for CVE-2017-17080Armin Kuster2018-08-152-0/+79
| | | | | | Affects: <= 2.29.1 Signed-off-by: Armin Kuster <akuster@mvista.com>
* binutls: Security fix for CVE-2017-16832Armin Kuster2018-08-152-0/+62
| | | | | | Affects: <= 2.29.1 Signed-off-by: Armin Kuster <akuster@mvista.com>