aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)Author
2019-06-28wpa-supplicant: update to 2.8akuster/mv_thudOleksandr Kravchuk
Source: OpenEmbedded.org MR: 97302, 97307, 97312, 97317, 97327, 97322 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/wpa-supplicant?id=d6df8c1a7766e5df6351bb56f905664394cbdcc0 ChangeID: 90cdfc7008381f91dd18f6310c8c862a1f13c818 Description: License checksums were changed due to modified copyright years. Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix update only Includes CVE-2019-9494 CVE-2019-9495 CVE-2019-9496 CVE-2019-9497 CVE-2019-9498 ] Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-28wpa-supplicant: update to 2.7Armin Kuster
CVE patches is already applied in v2.7 Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix only update] Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-28nettle: fix the Segmentation faultMingli Yu
The commit[8ac8fa8ee1 nettle: update to 3.4.1] add CFLAGS_append = " -std=c99" to silence the below error for native build: | ../nettle-3.4.1/rsa-sign-tr.c: In function 'sec_equal': | ../nettle-3.4.1/rsa-sign-tr.c:243:3: error: 'for' loop initial declarations are only allowed in C99 mode for (size_t i = 0; i < limbs; i++) ^ | ../nettle-3.4.1/rsa-sign-tr.c:243:3: note: use option -std=c99 or -std=gnu99 to compile your code | Makefile:263: recipe for target 'rsa-sign-tr.o' failed But the above change will trigger below Segmentation fault: # echo -n passwd| nettle-pbkdf2 -i 1 -l 16 salt [65534.886509] nettle-pbkdf2[708]: segfault at 1f594260 ip 00007f3332256998 sp 00007fff60d44410 error 4 in libnettle.so.6.5[7f3332244000+1d00] [65534.887525] Code: e8 6d db fe ff 44 01 6d 68 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 2e 0f 1f 84 00 00 00 00 00 49 89 dc e9 68 ff f Segmentation fault So update the logic to CFLAGS_append = " -std=gnu99" to fix the issue. (From OE-Core rev: 91359a91b8c89dc5e1f3a946137204156c47a3af) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-28Revert "nettle: fix ptest failure"Richard Purdie
This reverts commit 83faaf7b2a5f4fc4ae504b300134409e90389770. This should never have merged as the change was rejected upstream and adding a library to the ptest package resulted in it providing that SONAME which led to being included in images like core-image-sato. This in turn led to a ton of ptest failures in the 2.7 r1 QA report. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-28nettle: fix ptest failureMingli Yu
Remove dlopen-test.patch which originally used to fix the test dlopen-test, but autually the patch didn't resolve the issue as dlopen-test.patch supposes the file /usr/lib/libnettle.so exists. Instead deploy ${D}${PTEST_PATH}/libnettle.so to fix the dlopen-test failure. Update the initialization for the salt to fix below Segmentation fault and also nettle-pbkdf2-test failure. # echo -n passwd| nettle-pbkdf2 -i 1 -l 16 salt [65534.886509] nettle-pbkdf2[708]: segfault at 1f594260 ip 00007f3332256998 sp 00007fff60d44410 error 4 in libnettle.so.6.5[7f3332244000+1d00] [65534.887525] Code: e8 6d db fe ff 44 01 6d 68 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f c3 66 2e 0f 1f 84 00 00 00 00 00 49 89 dc e9 68 ff f Segmentation fault Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-28nettle: update to 3.4.1Armin Kuster
Source: Openembedded.org MR: 98314, 98315 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-support/nettle?h=warrior&id=8ac8fa8ee10c59a081d368a5429e0eced8dd5d3c ChangeID: 657aa277fb284b66e8d349cbc3424f10208652c3 Description: Bug fix only release Include: CVE-2018-16868 gnutls: Bleichenbacher-like side channel leakage in PKCS#1 1.5 verification and padding oracle verification CVE-2018-16869 nettle: Leaky data conversion exposing a manager oracle For full details see: http://lists.lysator.liu.se/pipermail/nettle-bugs/2018/007369.html [V2] Add -std=c99 to cflags Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-28gnutls: upgrade 3.6.5 -> 3.6.7Adrian Bunk
Source: Openembedded.org MR: 97367, 97377 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-support/gnutls?h=warrior&id=93993fe8ffd31e3e94946023b2cd8927ae595fc3 ChangeID: e47c21374c83d7bbb8ec48a7c4fe14040457ea45 Description: This is a new upstream release from the same stable branch bringing new features and bugfixes (including CVE fixes). COPYING changed http -> https. configure no longer has a --without-libunistring-prefix option. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [includes: CVE-2019-3836 CVE-2019-3829] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-28gnutls: update to 3.6.5Armin Kuster
Bug fix only release Full details: https://lists.gnupg.org/pipermail/gnutls-help/2018-December/004465.html Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-28gnutls: no need to inherit binconfigRoss Burton
This recipe doesn't ship a *-config binary, so don't inherit binconfig. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-28sqlite3: Security fixes CVE-2019-9936, 9937Armin Kuster
Source: OpenEmbedded.org MR: 98324, 97484 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-support/sqlite?h=warrior&id=4ec161ea684b305b303f32e96ce23f472c82e1a1 ChangeID: 9bb19b8794f532caee85893dc8cb5d037b3a8eec Description: Backports from Warrior with minor fixups for thud Fixes: CVE-2019-9936 CVE-2019-9937 Affects < 3.27.2 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25uninative: Update to 2.6 releaseRichard Purdie
The 2.6 release contains both libcrypt.so.1 and libcrypt.so.2 which fixes compatibility with recent fedora/suse releases. The difference is one is built with obsolete APIs enabled and one disabled. We now ship both in uninative for compatibility regardless of which distro a binary is built on. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25uninative: Switch from bz2 to xzRichard Purdie
(From OE-Core rev: 29fc9210b973be68de474e75068e4c72371afe5a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25yocto-uninative: Update to 2.5 releaseRichard Purdie
This includes libstdc++ changes from gcc 9.X. It also switches uninative from bz2 to xz compression. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25qemu: Security fix for CVE-2019-12155Armin Kuster
Source: qemu.org MR: 98382 Type: Security Fix Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 ChangeID: e4e5983ec1fa489eb8a0db08d1afa0606e59dde3 Description: Fixes CVE-2019-12155 Affects: <= 4.0.0 Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-25Curl: Securiyt fix CVE-2019-5435 CVE-2019-5436Armin Kuster
Source: CUrl.org MR: 98455 Type: Security Fix Disposition: Backport from https://curl.haxx.se/ ChangeID: 86b094a440ea473b114764e8d64df8142d561609 Description: Fixes CVE-2019-5435 CVE-2019-5436 Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-25wget: Security fix for CVE-2019-5953Armin Kuster
Source: http://git.savannah.gnu.org/cgit/wget.git MR: 89341 Type: Security Fix Disposition: Backport from http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c ChangeID: 1c19a2fd7ead88cc4ee92d425179d60d4635864b Description: Fixes CVE-2019-5953 Affects: < 1.20.1 Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-25glib-2.0: Security fix for CVE-2019-12450Armin Kuster
Source: glib-2.0 MR: 98443 Type: Security Fix Disposition: Backport from https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 ChangeID: 880b9b349cb8d82c7c1314a3657ec9094baba741 Description: Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-06-25Tar: Security fix CVE-2019-0023Armin Kuster
Source: tar.git MR: 97928 Type: Security Fix Disposition: Backport from http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120 ChangeID: 7aee4c0daf8ce813242fe7b872583560a32bc4e3 Description: Affects tar < 1.32 fixes CVE-2019-9923 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25qemu: Security fix for CVE-2018-19489Armin Kuster
Source: Qemu.org MR: 97453 Type: Security Fix Disposition: Backport from git.qemu.org/gemu.git ChangeID: a06fcb432d447cec2ed1caf112822dd1b4831ace Description: In the spirt of YP Compatible, sending change upstream. fixes CVE CVE-2018-19489 Affect < = 4.0.0 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25wpa_supplicant: Changed systemd template unitsJoshua DeWeese
I goofed up the scissor line on the last attempt. Not sure how much it matters, but here it is correct this time. Here it is, updated to work with wpa-supplicant_2.6.bb. -- >8 -- https://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy= When building root filesystems with any of the wpa_supplicant systemd template service files enabled (current default is to have them disabled) the systemd-native-fake script would not process the line: Alias=multi-user.target.wants/wpa_supplicant@%i.service appropriately due the the use of "%i." According to the systemd documentation "WantedBy=foo.service in a service bar.service is mostly equivalent to Alias=foo.service.wants/bar.service in the same file." However, this is not really the intended purpose of install Aliases. All lines of the form: Alias=multi-user.target.wants/*%i.service Were replaced with the following lines: WantedBy=multi-user.target Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25go: update to minor update 1.11.10Armin Kuster
Source: golang.org MR: 97548, Type: Security Fix Disposition: Backport from https://github.com/golang/go/issues?q=milestone%3AGo1.11.5 ChangeID: 54377c454f038a41bf35dd447a784e3e66db6268 Description: Bug fix updates only https://golang.org/doc/devel/release.html#go1.11 Fixes: Affects <= 1.11.6 CVE-2019-6486 CVE-2019-9741 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25go: Upgrade 1.11.1 -> 1.11.4 minor releaseKhem Raj
Source: OpenEmbedded.org MR: 98328, 98329, 98330 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/go?h=warrior&id=b964551a0d08aa921d4e0ceea2f1e28a5e83510e ChangeID: 0b4cc69c357ba14c4e7a6c7ff926cfc6f09489b2 Description: include: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Changes: https://golang.org/doc/devel/release.html#go1.11 Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix only update] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25go-crosssdk: PN should use SDK_SYS, not TARGET_ARCHRichard Purdie
The crosssdk dependencies are handled using the virtual/ namespace so this name doesn't matter in the general sense. We want to be able to provide recipe maintainer information through overrides though, so this standardises it with the behaviour from gcc-crosssdk and ensures the maintainer overrides work. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25go-target.inc: fix go not found while multilib enabledHongxu Jia
Go binaries were installed to ${libdir}/go/bin, and create symlink in ${bindir}, while enabling multilib, libdir was extended (such as /usr/lib64), but BASELIB was not (still /lib), so use baselib (such as /lib64)) to replace Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25cairo: fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462Ross Burton
Source: OpenEmbedded.org MR: 97538, 97543 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-graphics/cairo?h=warrior&id=078e4d5c2114d942806cd0d5ad501805a011e841 ChangeID: fa8bdd44ad8613bb0679a1f6d9d670c3b47a0677 Description: CVE-2018-19876 is a backport from upstream. CVE-2019-6461 and CVE-2019-6462 are patches taken from Clear Linux. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Dropped CVE-2018-19876, not affected] Issue was introduced in 1.15.8 by: commit 721b7ea0a785afaa04b6da63f970c3c57666fdfe Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25cups: upgrade to 2.2.10Chen Qi
Source: OpenEmbedded.org MR: 97351 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-extended/cups?h=warrior&id=fbe7a0c9bab7c9be7fd2c0da8b2af61e66de1ebd ChangeID: fbe7a0c9bab7c9be7fd2c0da8b2af61e66de1ebd Description: Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> CUPS 2.2.10 is a bug fix release that addresses issues in the scheduler, IPP Everywhere support, CUPS library, and USB printer support. Changes include: CVE-2018-4300: Linux session cookies used a predictable random number seed. The lpoptions command now works with IPP Everywhere printers that have not yet been added as local queues (Issue #5045) Added USB quirk rules (Issue #5395, Issue #5443) The generated PPD files for IPP Everywhere printers did not contain the cupsManualCopies keyword (Issue #5433) Kerberos credentials might be truncated (Issue #5435) The handling of MaxJobTime 0 did not match the documentation (Issue #5438) Incorporated the page accounting changes from CUPS 2.3 (Issue #5439) Fixed a bug adding a queue with the -E option (Issue #5440) Fixed a crash bug when mapping PPD duplex options to IPP attributes (rdar://46183976) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25cups: upgrade to 2.2.9Chen Qi
Source: OpenEmbedded.org MR: 97351 Type: Integration Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-extended/cups?h=warrior&id=ee57d79aec06e9b160cf2713636cda650ba68d5a ChangeID: ee57d79aec06e9b160cf2713636cda650ba68d5a Description: The following patch is rebased. 0001-don-t-try-to-run-generated-binaries.patch Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> CUPS 2.2.9 is a bug fix release that addresses issues in the scheduler, IPP Everywhere support, CUPS library, and USB printer support. Changes include: Localization changes (Issue #5348, Issue #5362, Issue #5408) Documentation updates (Issue #5369) The lpadmin command would create a non-working printer in some error cases (Issue #5305) The scheduler would crash if an empty AccessLog directive was specified (Issue #5309) Fixed a regression in the changes to ippValidateAttribute (Issue #5322, Issue #5330) Fixed a crash bug in the Epson dot matrix driver (Issue #5323) Automatic debug logging of job errors did not work with systemd (Issue #5337) The web interface did not list the IPP Everywhere "driver" (Issue #5338) The IPP Everywhere "driver" now properly supports face-up printers (Issue #5345) Fixed some typos in the label printer drivers (Issue #5350) Multi-file jobs could get stuck if the backend failed (Issue #5359, Issue #5413) The IPP Everywhere "driver" no longer does local filtering when printing to a shared CUPS printer (Issue #5361) The lpadmin command now correctly reports IPP errors when configuring an IPP Everywhere printer (Issue #5370) Fixed some memory leaks discovered by Coverity (Issue #5375) The PPD compiler incorrectly terminated JCL options (Issue #5379) The cupstestppd utility did not generate errors for missing/mismatched CloseUI/JCLCloseUI keywords (Issue #5381) The scheduler now reports the actual location of the log file (Issue #5398) Added a USB quirk rule (Issue #5420) The scheduler was being backgrounded on macOS, causing applications to spin (rdar://40436080) The scheduler did not validate that required initial request attributes were in the operation group (rdar://41098178) Authentication in the web interface did not work on macOS (rdar://41444473) Fixed an issue with HTTP Digest authentication (rdar://41709086) The scheduler could crash when job history was purged (rdar://42198057) Dropped non-working RSS subscriptions UI from web interface templates. Fixed a memory leak for some IPP (extension) syntaxes. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-25file: Multiple Secruity fixesArmin Kuster
Source: https://github.com/file MR: 97573, 97578, 97583, 97588 Type: Security Fix Disposition: Backport from https://github.com/file/file ChangeID: 159e532d518623f19ba777c8edc24d2dc7e3a4e9 Description: CVE-2019-8905 is the same fix as CVE-2019-8907 Affects < 5.36.0 Fixes: CVE-2019-8904 CVE-2019-8906 CVE-2019-8906 CVE-2019-8907 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-01sqlite3: Security fixes for CVE-2018-20505 & 20506Armin Kuster
Source: sqlite.org MR: 97484, 97490 Type: Security Fix Disposition: Backport from sqilte.org ChangeID: c6105b5d3ce4fb2c0f38c3cab745b769d2df38f5 Description: Affects < 3.26.0 fixes: CVE-2018-20505 CVE-2018-20506 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-01busybox: Security fixes for CVE-2018-20679 CVE-2019-5747Armin Kuster
Source: busybox.git MR: 97332 Type: Security Fix Disposition: Backport from busybox.git ChangeID: ec203c79e7322de1ed5721d08b6f59b1eca67c7d Description: Affects < 1.30.0 Fixes: CVE-2018-20679 CVE-2019-5747 Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-01python: add a fix for CVE-2019-9948 and CVE-2019-9636Martin Jansa
Source: OpenEmbedded.org MR: 98320, 98319 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/python/python_2.7.16.bb?id=9d23b982fa4e0290761b3d15f6959779fed72ad6 ChangeID: e79b6fe3b7b4253bf0d76b029070ae869d5234bd Description: Fixes: CVE-2019-9948 CVE-2019-9636 CVE-2019-9940 is a dup of 9948 per python.org CVE-2019-9947 appears to be a dup of 9940 per https://bugs.python.org/issue30458#msg295067 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Minor clean up for thud] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-01python: Update to 2.7.16Armin Kuster
Source: Python.org MR: 98220 Type: Security Fix & Integration Disposition: Backport from python.org ChangeID: 96fdd2dee9fe9317eb72584583ae0100c0be9eaa Description: Bug fix update per Python.org https://www.python.org/downloads/release/python-2716/ drop backported patch License-update: copyright years Helps prepare Thud for 2.7 EOL support moving forward. Update includes: CVE-CVE-2019-5010 https://github.com/python/cpython/commit/06b15424b0dcacb1c551b2a36e739fffa8d0c595 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-06-01qemu: Several CVE fixesArmin Kuster
Source: qemu.org MR: 97258, 97342, 97438, 97443 Type: Security Fix Disposition: Backport from git.qemu.org/qemu.git ChangeID: a5e9fd03ca5bebc880dcc3c4567e10a9ae47dba5 Description: These issues affect qemu < 3.1.0 Fixes: CVE-2018-16867 CVE-2018-16872 CVE-2018-18849 CVE-2018-19364 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-29elfutils: Security fixes CVE-2019-7146,7149,7150Armin Kuster
Source: http://sourceware.org/git/elfutils.git MR: 97563, 97568, 97558 Type: Security Fix Disposition: Backport from http://sourceware.org/git/elfutils.git ChangeID: 6183c2a25d5e32eec1846a428dd165e1de659f24 Description: Affects <= 0.175 Fixes: CVE-2019-7146 CVE-2019-7149 CVE-2019-7150 Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-05-26glibc: Security fix CVE-2019-9169Armin Kuster
Signed-off-by: Armin Kuster <akuster@mvista.com>
2019-05-17core-image-sato-sdk-ptest: Tweak size to stay within 4GB limitRichard Purdie
Adding the valgrind debug symbol information caused the genericx86-64 image to overflow the 4GB boundary. Tweak the sizes to avoid autobuilder failures yet leave enough space all the tests still run successfully. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17core-image-sato-sdk-ptest: Try and keep image below 4GB limitRichard Purdie
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17wic/bootimg-efi: replace hardcoded volume name with labelChee Yang Lee
volume name should refer to --label in .wks. Replace the hardcoded volume name with label. set "ESP" as default name when no lable specified. Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17resulttool: Add option to dump all ptest logsJoshua Watt
Adds an option to dump all the ptest logs to individual files in a specified directory. If multiple test runs are present, the '--prepend-run' argument will create separate directories for each test run under the target directory and put the logs there to prevent each test run from clobbering the others. [YOCTO #13331] Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17wic: change expand behaviour to match docsRoss Burton
The documentation says that --expand takes a comma-separated list of partition:size pairs, but the code was splitting on hyphens. Hyphens are not a transitional separator for a list of items, so change the code to reflect the documentation. Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17recipetool: fix unbound variable when fixed SRCREV can't be foundAlex Kiernan
If attempting to find a fixed SRCREV fails because the directory doesn't exit, avoid failing with: Traceback (most recent call last): File "/home/vagrant/poky/scripts/recipetool", line 121, in <module> ret = main() File "/home/vagrant/poky/scripts/recipetool", line 110, in main ret = args.func(args) File "/home/vagrant/poky/scripts/lib/recipetool/create.py", line 707, in create_recipe srcrev = stdout.rstrip() UnboundLocalError: local variable 'stdout' referenced before assignment Fixes: 000480c42797 ("recipetool / devtool: set a fixed SRCREV by default when fetching from git") Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17resulttool/manualexecution: Enable test case configuration optionsangeeta jain
Current manualexecution required user to exceute all test cases defined inside a "modulename.json" file in oeqa/manual There are cases when all test cases all not required to run for a module on specific DUT. Enable manualexecution to have the optional feature where it will use pre-defined json format test case configuration file where user will be able to select test cases from the "modulename.json" instead of running all of them. This will help in reducing testing time and reporting unneccesary skip or failures. Example pre-defined json format test case configuration file (for build-applince): { "testcases" : [ "build-appliance.build-appliance.Create_core-image-sato-sdk_using_build_appliance", "build-appliance.build-appliance.Build_a_image_without_error_(added_recipe)" ] } Signed-off-by: sangeeta jain <sangeeta.jain@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17resultool/resultutils: Fix module import errorRichard Purdie
Fix AttributeError: module 'urllib' has no attribute 'request' when using remote http urls. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17resulttool: Add log subcommandJoshua Watt
Adds a subcommand for dumping various logs from test results Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17resulttool: Load results from URLJoshua Watt
Adds support for resulttool to load JSON files directly from a http:// or https:// URL Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17resulttool/manualexecution: Refactor and remove duplicate codeYeoh Ee Peng
Remove duplicate codes. Replace unnecessary class variables with local variables. Rename variables and arguments with simple and standard name. Signed-off-by: Yeoh Ee Peng <ee.peng.yeoh@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17resulttool/manualexecution: Enable creation of configuration option fileYeoh Ee Peng
Allow the creation of configuration option file based on user inputs. Where this configuration option file will be used by the the manual execution to display options for configuration rather than user need to inputs configuration manually. Signed-off-by: Yeoh Ee Peng <ee.peng.yeoh@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17oeqa/targetcontrol.py: fix qemuparams not work in runqemu with launch_cmdHongxu Jia
As runqemu with launch_cmd means directly run the command, don't need set rootfs or env vars. Since commit [a847dd7202 runqemu: Let qemuparams override default settings] applied in oe-core, if launch_cmd contains "qemuparams='***'", it does not work, which is overridden by latter qemuparams="-serial tcp:127.0.0.1" in QemuRunner.launch(); So we set qemuparams as a parameter in runqemu, the fix makes it work Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17oeqa/target/ssh: Replace suggogatepass with ignoring errorsRichard Purdie
We continued to see encoding problems with ssh commands run in oeqa. After much research the conclusion was we should use ignore the errors since some occasional bad locale encoding is better than the unicode decoding issues we were seeing which crashed large parts of tests. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2019-05-17oeqa/sdk: use bash to execute SDK test commandsMikko Rapeli
The commands only work with with bash. If /bin/sh is dash like in Debian, the command execution fails with errors like: Standard Output: /bin/sh: 5: export: --sysroot: bad variable name and all SDK tests fail. Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>