Age | Commit message (Collapse) | Author |
|
Since the Sun RPC is deprecated in glibc, the rpc header files
are not provided any more, but it allows alternative RPC
implementations, such as TIRPC or rpcsvc-proto, to be used.
So we create the symbol link for rpc header files for tirpc to
be more compatible with the glibc version and the application usage.
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport a patch from upstream to fix the following runtime failure.
mem.c:814: INFO: set overcommit_memory to 0
overcommit_memory.c:213: FAIL: alloc passed, expected to fail
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
reproduce steps:
1. add DISTRO_FEATURE_append = 'usrmerge' in local.conf
2. bitbake mdadm --success
3. remove DISTRO_FEATURE_append = 'usrmerge' from local.conf
4. bitbake mdadm -- failed when do_package
it is not proper to change source Makefile during do_install by sed,
fix by pass correct config to EXTRA_OEMAKE
[YOCTO #13493]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It looks like https://www.sudo.ws/download.html changed certificate
and directory structure. This breaks fetching sources.
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
This CVE is about race conditions in 'ps' which make it unsuitable for security
audits. As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
|
|
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0xffffffff))" command.
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This commit is another part of CVE-2019-16167, please see
https://github.com/sysstat/sysstat/issues/232.
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 586c045eb81b79200b46bf743f5d3fdb5f68c12d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
OE does not provide libpaper recipe, and the configure check looks for
libpaper if not disabled, this causes problems especially when shared
state is built on a machine which has libpaper installed on host but the
consumer machine although running same OS, but does not have libpaper
installed, the artifact from sstate are re-used but then native binary
./obj/aux/packps fails to execute
./obj/aux/packps: error while loading shared libraries: libpaper.so.1: cannot open shared object file: No such file or directory
So either we need to provide libpaper in OE or we disable it, disabling
is best for now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
systemd throws a warning about the value of PIDFile:
systemd[1]: /usr/lib/systemd/system/watchdog.service:11: PIDFile=
references a path below legacy directory /var/run/, updating
/var/run/watchdog.pid → /run/watchdog.pid; please update the
unit file accordingly.
This is actually due to patch file 0001-watchdog-remove-interdependencies-of-watchdog-and-wd.patch
setting PIDFile=/var/run/watchdog.pid. Modify PIDFile in the patch
to be correctly set to /run/watchdog.pid.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The default URI returns a gzip-compressed index page
which browsers can auto-detect, but we can't.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch to the fix possible hang caused by the case of CVE-2017-17052.
CVE: CVE-2017-17052
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The previous commit <shadow: use relaxed usernames> works only for
target. When test with configuration:
INHERIT += 'extrausers'
EXTRA_USERS_PARAMS += "useradd -p '' aBcD; "
and run "bitbake core-image-minimal", error occurs:
NOTE: core-image-minimal: Performing useradd with [
-R .../build/tmp-glibc/work/qemux86_64-wrs-linux/core-image-minimal/1.0-r0/rootfs -p '' aBcD]
useradd: invalid user name 'aBcD'
Here move the patch for using relaxed usernames from class_target to
the source code for all.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
lighttpd builds fail if "fam" (and therefore gamin) is enabled.
In conf/local.conf:
CORE_IMAGE_EXTRA_INSTALL += "lighttpd"
PACKAGECONFIG_append_pn-lighttpd = " fam"
bitbake error:
ERROR: Nothing PROVIDES 'gamin' (but /yow-lpggp31/tgamblin/oe-core.git/meta/recipes-extended/lighttpd/lighttpd_1.4.54.bb DEPENDS on or otherwise requires it)
NOTE: Runtime target 'lighttpd' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['lighttpd', 'gamin']
ERROR: Required build target 'core-image-minimal' has no buildable providers.
Missing or unbuildable dependency chain was: ['core-image-minimal', 'lighttpd', 'gamin']
Since gamin hasn't been maintained for several years, this should
be removed from the list of lighttpd PACKAGECONFIG options.
--without-fam is hard-coded in EXTRA_OECONF for good measure.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed:
$ bitbake nativesdk-net-tools
ERROR: nativesdk-net-tools-1.60-26-r0 do_package: QA Issue: nativesdk-net-tools: Files/directories were installed but not shipped in any package:
/usr
/usr/share
/usr/share/man
[snip]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
During restructuring of the packaging in 2af4d6eb (tzdata: Install
everything by default), these two files remained in the tzdata
package, which is supposed to be empty. Move them to tzdata-core where
they belong.
Also simplify the definition of CONFFILES_tzdata-core. As its value
only takes effect for files that actually exist, there is no need to
complicate its definition by checking if a file is created before
adding it to the list of configuration files.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is currently no way to automatically load iptables rules in OE.
Add a systemd unit file to automatically load rules on network
connection. This is cribbed from the way ArchLinux handles iptables with
some minor modifications for OE.
New rules can be generated directly on the target using:
# iptables-save -f /etc/iptables/iptables.rules
Good documentation for writing rules offline is lacking, but the basics
are explained here:
https://unix.stackexchange.com/q/400163/49405
Signed-off-by: Jack Mitchell <jack@embed.me.uk>
Signed-off-by: Diego Rondini <diego.rondini@kynetics.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
-tzdata : upgrade from 2019b to 2019c.
-tzcode-native : upgrade from 2019b to 2019c.
-tzdata.bb and tzcode-native.bb require timezone.inc.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
A flaw was found in, ghostscript versions prior to 9.28,
in the .pdf_hook_DSC_Creator procedure where it did not
properly secure its privileged calls, enabling scripts to
bypass `-dSAFER` restrictions. A specially crafted PostScript
file could disable security protection and then have access
to the file system, or execute arbitrary commands.
A flaw was found in, ghostscript versions prior to 9.28,
in the .pdfexectoken and other procedures where it did not
properly secure its privileged calls, enabling scripts to
bypass `-dSAFER` restrictions. A specially crafted PostScript
file could disable security protection and then have access
to the file system, or execute arbitrary commands.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-14811
https://nvd.nist.gov/vuln/detail/CVE-2019-14817
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=885444fcbe10dc42787ecb76686c8ee4dd33bf33
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=cd1b1cacadac2479e291efe611979bdc1b3bdb19
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Added perl to the run-time dependency of the recipe for diffutils since
it is required by the test "large-subpot".
The test "strip-trailing-cr" is skipped since it requires valgrind to
work, but valgrind is considered too heavy-weight for diffutils package.
Signed-off-by: Peiran Hong <peiran.hong@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix build with usrmerge enabled:
WARNING: iputils-s20190709-r0 do_package: iputils: alternative target (/usr/bin/ping or /usr/bin/ping.iputils) does not exist, skipping...
WARNING: iputils-s20190709-r0 do_package: iputils: NOT adding alternative provide /usr/bin/ping: /usr/bin/ping.iputils does not exist
ERROR: iputils-s20190709-r0 do_package: QA Issue: iputils: Files/directories were installed but not shipped in any package:
/bin/tftpd
/bin/tracepath
/bin/arping
/bin/clockdiff
/bin/ping
/bin/traceroute6
/sbin/rarpd
/sbin/ninfod
/sbin/rdisc
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
iputils: 9 installed and not shipped files. [installed-vs-shipped]
WARNING: iputils-s20190709-r0 do_package: iputils: alt_link == alt_target: /usr/bin/ping == /usr/bin/ping
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update sysstat from 12.1.3 to 12.1.6.
* make sa_lib_dir refer to ${libexecdir}/sa to fix conflictions when
multilib is enabled
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Inherit multilib_script to fix file confliction when mutlilib enabled.
| Error: Transaction check error:
| file /usr/bin/texi2any conflicts between attempted installs of
lib32-texinfo-6.5-r0.core2_32 and texinfo-6.5-r0.core2_64
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Redefine CUPS_SERVERBIN to "$libexecdir/cups" for cups which solves file
confliction when multilib is enabled.
| Error: Transaction check error:
| file /lib/systemd/system/org.cups.cups-lpd@.service conflicts between
attempted installs of cups-2.2.11-r0.core2_64 and lib32-cups-2.2.11-r0.core2_32
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #13368]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Denys Zagorui <dzagorui@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch to fix the following failure.
rt_sigtimedwait01 1 TFAIL : .../sigwaitinfo01.c:58: test_empty_set
(.../sigwaitinfo01.c: 148): Unexpected failure:
TEST_ERRNO=EINVAL(22): Invalid argument
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With the new recipe matching the tarbal version, there is
no need for an exception from the check.
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch to fix the following error.
safe_file_ops.c:219: BROK: Expected 3 conversions got 2 at meltdown.c:272
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LSB as a standard isn't current and isn't well suited to embedded
anyway. Its putting artifical constraints on the system and with modern
layer technology, would now be better off as its own layer. As such
its time to split it out.
The only part with some (marginal) usage is lsb_release,
which is split from the lsb package into an own lsb-release
package.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
build system is changed to meson.
Signed-off-by: Changhyeok Bae <changhyeok.bae@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
-libarchive/CVE-2018-1000877.patch
-libarchive/CVE-2018-1000878.patch
-libarchive/CVE-2018-1000879.patch
-libarchive/CVE-2018-1000880.patch
-libarchive/CVE-2019-1000019.patch
-libarchive/CVE-2019-1000020.patch
-libarchive/bug1066.patch
-libarchive/non-recursive-extract-and-list.patch
Removed since these are included in 3.4.0.
-License-Update: Copyright year updated to 2018.
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When building lighttpd with PACKAGECONFIG_append_pn-lighttpd = "lua" in local.conf,
bitbake gives the following error:
ERROR: Nothing PROVIDES 'lua5.1' (but /home/tgamblin/build/oe-core/meta/recipes-extended/lighttpd/lighttpd_1.4.54.bb DEPENDS on or otherwise requires it)
NOTE: Runtime target 'lighttpd' is unbuildable, removing...
Missing or unbuildable dependency chain was: ['lighttpd', 'lua5.1']
Removing the "5.1" from the PACKAGECONFIG line in lighttpd_1.4.54.bb fixes the issue.
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove patch 0001-nis-hosts-Remove-use-of-RES_USE_INET6.patch
since this is included in 3.1
Signed-off-by: Yuan Chao <yuanc.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
BSD license files must include the copyright notice.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
BSD license files must include the copyright notice.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
"account" not "acount".
Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Recipe makes use of the variable MACHINE_FEATURES, which is machine
specific:
${@bb.utils.contains("MACHINE_FEATURES", "keyboard", "kbd", "", d)}
This patch avoids multiconfig errors such as:
ERROR: mc:qt5222:packagegroup-core-base-utils-1.0-r0 do_package_qa_setscene: Error executing a python function in exec_python_func() autogenerated:
The stack trace of python calls that resulted in this exception/failure was:
File: 'exec_python_func() autogenerated', lineno: 2, function: <module>
0001:
*** 0002:do_package_qa_setscene(d)
0003:
File: '/workdir/repo/poky/meta/classes/insane.bbclass', lineno: 1026, function: do_package_qa_setscene
1022:SSTATETASKS += "do_package_qa"
1023:do_package_qa[sstate-inputdirs] = ""
1024:do_package_qa[sstate-outputdirs] = ""
1025:python do_package_qa_setscene () {
*** 1026: sstate_setscene(d)
1027:}
1028:addtask do_package_qa_setscene
1029:
1030:python do_qa_staging() {
(From OE-Core rev: 70234797b973046a6198bea684bdb757def2dce1)
Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This fixed a potential security vulnerability on musl and made
the patch obsolete.
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch to fix the following failure.
ustat02.c:44: FAIL: ustat(2) failed to produce expected error; 14, errno: EFAULT: EINVAL
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch to fix the followig failure.
tgkill03.c:94: FAIL: Defunct tid should have failed with ESRCH: SUCCESS
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|