Age | Commit message (Collapse) | Author |
|
Fix CVE-2017-13672, CVE-2017-13673, CVE-2017-13711, CVE-2017-14167
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13672
https://nvd.nist.gov/vuln/detail/CVE-2017-13673
https://nvd.nist.gov/vuln/detail/CVE-2017-13711
https://nvd.nist.gov/vuln/detail/CVE-2017-14167
Patches from:
CVE-2017-13672:
https://git.qemu.org/?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681
CVE-2017-13673:
https://git.qemu.org/?p=qemu.git;a=commit;h=e65294157d4b69393b3f819c99f4f647452b48e3
CVE-2017-13711:
https://git.qemu.org/?p=qemu.git;a=commit;h=1201d308519f1e915866d7583d5136d03cc1d384
CVE-2017-14167:
https://git.qemu.org/?p=qemu.git;a=commit;h=ed4f86e8b6eff8e600c69adee68c7cd34dd2cccb
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove the following patches since they are unused after qemu update to
2.10:
0001-replace-struct-ucontext-with-ucontext_t-type.patch
CVE-2016-9908.patch
CVE-2016-9912.patch
configure-fix-Darwin-target-detection.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove build host references from strace-ptest package.
Also removed some unneeded timestaps.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
QEMU version 2.11 will remove the pixman submodule. This means users are
always required to supply pixman from the system if building softmmu
support in QEMU.
Without specifying a pixman configure option QEMU will default to using
the system pixman if it is avaliable. In which case let's remove the
config option as it is no longer supported in recent commits and is not
required in older builds as the configure system defaults are already
using system pixman.
Signed-off-by: Alistair Francis <alistair.francis@xilinx.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Add patch for go's make script to allow for
build system != host system
* Add dependencies on the appropriate crosssdk recipes,
and use the crosssdk C compiler and linker
* Remove bashism in the wrapper script
* Restrict installation to only the tool binaries
to address some packaging errors
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Switch to using an external linker for nativesdk
go, go-runtime, and go package builds, which works
more reliably when building 32-bit SDKs.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* The _FOR_TARGET variables need to include SDKNATIVEPATH
* Install tools (cmd) only, and for the build host
* Remove unnecessary FILES setting
Corrects some errors when the build host architecture
is different from the SDKMACHINE's.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Whenever SDKMACHINE is set to mingw32, sdkmingw32 override is defined
everywhere. This meant that value of LDGOLD was different also for
binutils and binutils-cross depending whether SDKMACHINE was set or not.
Signed-off-by: Samuli Piippo <samuli.piippo@qt.io>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose
arbitrary memory during a JSON.generate call. The issues lies in using
strdup in ext/json/ext/generator/generator.c, which will stop after
encountering a '\0' byte, returning a pointer to a string of length zero,
which is not the length stored in space_len.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14064
Upstream patch:
https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use ucontext_t not struct ucontext in linux-unwind.h files.
Current glibc no longer gives the ucontext_t type the tag struct
ucontext, to conform with POSIX namespace rules. This requires
various linux-unwind.h files in libgcc, that were previously using
struct ucontext, to be fixed to use ucontext_t instead. This is
similar to the removal of the struct siginfo tag from siginfo_t some
years ago.
Backport of patches by Joseph Myers, taken from
https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=249957
[YOCTO #12083]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed:
1) in pkg_postinst task set wanted file permissions:
---> chmod -R 521 "$D/opt/my_folder"
2) generate the rootfs image
Results:
my_folder hasn't correct permissions on rootfs ext4 image -> permissions are changed to 721
But it should be 521.
[YOCTO #11652]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Rebased patches
- dropped armhf-elf patch, should no longer be needed
- dropped syslog patch which should not have been imported to begin with
- reworked other patches as needed for the updated code base
* Updated native, cross, cross-canadian .inc files to
remove some testdata directories that contain .a files
that strip chokes on during sysroot staging
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently every Go package will end with GNU_HASH in the ELF binary
however adding it to every recipe is cumbersome so instead we handle
that here.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If the target architecture supports, it build the Go
runtime as a shared library in addition to building
the static libraries.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The go link tool does not set the soname by default, which
prevents package.bbclass's shlibs processing from seeing
shared libraries built with go.
This patch passes appropriate options to go's linker and
the external linker to set the soname.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Missed this when addding SDK support.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Modified ostable and tupletable to support muslx32 build.
Signed-off-by: sweeaun <swee.aun.khor@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Update to the latest commit on the 2.29 branch to fix CVEs:
CVE-2017-12448, CVE-2017-12449. CVE-2017-12451, CVE-2017-12452,
CVE-2017-12454, CVE-2017-12455, CVE-2017-12456, CVE-2017-12457,
CVE-2017-12458, CVE-2017-12459, CVE-2017-12799, CVE-2017-12967,
CVE-2017-13710
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-12448
https://nvd.nist.gov/vuln/detail/CVE-2017-12449
https://nvd.nist.gov/vuln/detail/CVE-2017-12451
https://nvd.nist.gov/vuln/detail/CVE-2017-12452
https://nvd.nist.gov/vuln/detail/CVE-2017-12454
https://nvd.nist.gov/vuln/detail/CVE-2017-12455
https://nvd.nist.gov/vuln/detail/CVE-2017-12456
https://nvd.nist.gov/vuln/detail/CVE-2017-12457
https://nvd.nist.gov/vuln/detail/CVE-2017-12458
https://nvd.nist.gov/vuln/detail/CVE-2017-12459
https://nvd.nist.gov/vuln/detail/CVE-2017-12799
https://nvd.nist.gov/vuln/detail/CVE-2017-12967
https://nvd.nist.gov/vuln/detail/CVE-2017-13710
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enable cross-canadian builds of the Go toolchain. This
requires an additional patch to the Go source to allow us
to use the native GOTOOLDIR during the bootstrap phase.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enable crosssdk builds for the Go toolchain.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
All that's needed is setting BBCLASSEXTEND.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Instead of hard-coding GOARM to ${TARGET_GOARM} in
the wrapper script, take it from an existing
environment setting if present. This allows the
same cross-compiler to be used for different ARM
targets.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
to make it clearer that it is only used for building
the toolchain for the target.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The src content has been moved to -dev package, so does the test
routines. Fix the runtime dependency accordingly.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reorganize the Go toolchain build to split out
the Go standard runtime libraries into a separate
recipe. This simplifies the extension to crosssdk
and cross-canadian builds.
* Adds a patch to the go build tool to prevent it
from trying to rebuild anything in GOROOT, which
is now resident in the target sysroot.
* 'go' bb and inc files are now for building the
compiler for the target only.
* 'go-cross' bb and inc files are now just for
the cross-compiler.
* Adds virtual/<prefix> PROVIDES for the compiler
and runtime
* Removes testdata directories from the sysroot
during staging, as they are unnecessary and
can cause strip errors (some of the test files
are ELF files).
* Re-enables pacakage QA checks, adding selective
INSANE_SKIP settings where needed.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
No longer needed, with go-native handling its own
bootstrap phase.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The go1.4 toolchain is only required for bootstrapping
go-native, and should not be used for anything else,
so build it as part of the go-native build. This way,
we don't have to carry around its built artifacts in
the native sysroot.
The go-cross and target toolchains can then just depend
on go-native, using that for their 'bootstrap' toolchain.
Also removed some unnecessary package-related noexec
settings, since native recipes inherit nopackages.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the Golang dependency management tool under development; it is
ready for production use and intended to be merged onto Golang
1.10. Until that, projects are starting to use it and making it
available on OE-Core reduces the Golang integration work for new
recipes.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The OE-Core has no reason to support multiple versions of Go as this
increases the maintenance work and testing efforts. So we are going to
support just a single version from now on which currently is 1.8.3.
The 1.4 release is kept around as it is used for bootstrap, as such,
it cannot be removed.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A maliciously constructed svn+ssh:// URL would cause Subversion clients
before 1.8.19, 1.9.x before 1.9.7, and 1.10.0.x through 1.10.0-alpha3
to run an arbitrary shell command. Such a URL could be generated by a
malicious server, by a malicious user committing to a honest server(to
attack another user of that server's repositories), or by a proxy
server.
The vulnerability affects all clients, including those that use
file://, http://, and plain (untunneled) svn://.
Backport patch from:
http://svn.apache.org/viewvc?view=revision&sortby=rev&revision=1804691
Reference:
http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It is perfectly fine to execute cve_check tasks against a cached
CVE database during a BB_NO_NETWORK build.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
For bootchart2-native, the python interpreter "#!FIXMESTAGINGDIRHOST/usr/bin/python3"
of file pybootchartgui is not right.
Use '#!${USRBINPATH}/env python3' instead to fix the issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Extend python3-setuptools to nativesdk because nativesdk-python3-pip needs
it.
Also, adjust RDEPENDS variable setting to keep the runtime dependencies
for nativesdk package the same with the target one. The native package and
the target package's dependencies remain the same as before.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Extend python3-pip to nativesdk because some nativesdk python3 packages
need it, e.g. nativesdk-python3-django from meta-python layer.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport upstream patch to fix CVE-2017-12852
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a compile code fragment that has an elf signature, it needs to be
updated for the newer tools.
After 2.4 we will be removing the elf Image type as it has been expunged
from the coreboot repo since 2014.
[YOCTO #11967]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove recipes for older versions.
Remove patches no longer needed.
Modify the patch "add-ptest-in-makefile.patch" for version 2.10.0
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove build host references from flex-ptest package.
[YOCTO #11667]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|