Age | Commit message (Collapse) | Author |
|
All recipes which include this .inc map to glibc NVD component.
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
NVD uses product glib and vendor gnome for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2016-6855
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add support for armeb of multilib.
Signed-off-by: zhengrq <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
bootmisc.sh is responsible for setting the system date to a sane
default. Currently, it is the last script to be run from the rcS
runlevel.
Problem is that the files created before appear to have been created
on 1/1/1970. Most notably, /var/log/dmesg created in dmesg.sh cannot be
properly rotated with logrotate which does not consider it a valid date
and stops processing.
There is no blocker on moving this script right before populating
volatiles because it just requires the local and virtual filesystems to
be mounted to work.
Signed-off-by: David Vincent <freesilicon@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Append " -fno-tree-switch-conversion -fno-tree-tail-merge" to
FULL_OPTIMIZATION to workaround login problem on qemumips64. Otherwise,
user cannot login onto the target even username and password are
provided.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If a unit has a statement such as User=0day where the username exists but is
strictly speaking invalid, the unit will be started as the root user instead.
Backport a patch from upstream to mitigate this by refusing to start units such
as this.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When using "su - myuser" to change from root to a non-privileged user,
"mesg n" from the default .profile fails with "mesg: error: tty device
is not owned by group `tty' or "mesg: cannot open /dev/ttyS0:
Permission denied", depending on whether mesg comes from busybox or
util-linux.
This does not happen during a normal login because permissions on
/dev/tty* get changed while doing that, something that isn't possible
with plain "su -".
As the error can't be avoided and failures of mesg probably aren't
particularly important, now error messages get dumped to /dev/null.
[YOCTO #11127]
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
"su -" == "su --login" was broken because it uses /etc/pam.d/su-l and
lacking that, falls back to /etc/pam.d/other which denies the
operation. The fix is to symlink "su-l" to the normal "su" pam config
file.
Because "su" usually comes from "shadow" and has been broken like this
without anyone noticing, it probably is not used much and thus should
be packaged separately so that it can be installed only when really
needed. For backwards compatibility, "util-linux" still pulls it in.
It is a bit strange that DISTRO_FEATURES are getting checked when
deciding whether the packages should be defined. It is not wrong, the
packages will be simply empty and thus probably not created when the
distro feature is on and the package config is off. Perhaps there is a
reason, so this is kept unchanged. The symlink however only gets
created when su.util-linux really gets built.
[YOCTO #11126]
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
wic-tools.env was uses only when wic is run from bitbake.
As wic doesn't use wic-tools anymore in this mode there is
no need for this file.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Bring in following changes
* fix missing volatile qualifier on lock in __get_locale
* remove ineffective compiler assist from printf
* fix undefined behavior in ptrace
* unify the use of FUTEX_PRIVATE
* fix undefined behavior in free
* reapply va_arg hacks removal to wprintf
* remove useless declarations in string.h
* allow specifying argv[0] when invoking a program via ldso command
* fix regression in dlopen promotion from RTLD_LOCAL to RTLD_GLOBAL
* ldso: avoid spurious & possible erroneous work for libs with no deps
* powerpc64: add single-instruction math functions
* fix clang CFLAGS checks and silence unused argument warnings
* s390x: add single-instruction math functions
* fix arm run-time abi string functions
* fix regression in getspnam[_r] error code for insufficient buffer size
* fix omission of microblaze user.h definitions
* fix iconv conversions for iso88592-iso885916
* handle errors from localtime_r in ctime_r
* set errno when getpw*_r, getgr*_r, and getspnam_r fail
* handle localtime errors in ctime
* handle mremap failure in realloc of mmap-serviced allocations
* getdate: correctly specify error number
* catopen: set errno to EOPNOTSUPP
* fix glob failure to match plain "/" to root directory
* use hard-coded sh4a atomic opcodes to avoid linker errors on sh
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
libnsl has been obsoleted in 2.26 and will be removed in future
until them we enable it
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
glibc 2.26 has dropped bits/string.h
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Eventually it will be released as 2.26 final
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
GCC44_IA32_X64_DLINK_COMMON and GCC49_IA32_X64_DLINK_COMMON
variables add to final linker flags that ovmf build forms
on its own, so trying to inject it from environment will not
work.
Here we add option to disable pie during linking, which should
have been accompanied with correcponding gcc/cflags.
Fixes
| /mnt/a/oe/build/tmp/work/i586-bec-linux/ovmf/git-r0/git/Build/OvmfIa32/RELEASE_GCC5/IA32/OvmfPkg/AcpiTables/AcpiTables/OUTPUT/./Facs.dll: Bad definition for symbol '<unknown>'@0 or unsupported symbol type. For example, absolute and undefined symbols are not supported.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
- Enable/disable the split-usr support in systemd based on 'usrmerge'
DISTRO_FEATURE.
- Modify rootprefix to point to ${root_prefix}, rather than ${base_prefix}.
- And fixed firmware path to use ${nonarch_base_libdir} instead of hard-coded
'/lib', because when 'usrmege' distro feature enabled this path would be
'/usr/lib'.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
glibc specific header which has been removed from glibc 2.26+
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The COPYING file in expat has the following changes:
2001-20016 to 2001-2017
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Now that epiphany needs a working msgfmt as well, let's do this trick
where it should be.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
This adds or fixes the Upstream-Status for all remaining patches missing it
in OE-Core.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix a variety of spelling and format mistakes to improve the ease of reading the
tags programatically.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix ptest generation
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
even local"
The new flag doesn't work and the change even broke the XML_PARSE_NONET option.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Fix type confusion in xmlValidateOneNamespace
Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types
on namespace declarations make no practical sense anyway.
Fixes bug 780228
CVE: CVE-2017-0663
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Fix NULL pointer deref in xmlDumpElementContent
Can only be triggered in recovery mode.
Fixes bug 758422
CVE: CVE-2017-5969
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Fix handling of parameter-entity references
There were two bugs where parameter-entity references could lead to an
unexpected change of the input buffer in xmlParseNameComplex and
xmlDictLookup being called with an invalid pointer.
Fixes bug 781205 and bug 781361
CVE: CVE-2017-9049 CVE-2017-9050
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
xmlSnprintfElementContent failed to correctly check the available
buffer space in two locations.
Fixes bug 781333 and bug 781701
CVE: CVE-2017-9047 CVE-2017-9048
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Makefile.am: Disable LeakSanitizer when running API tests
The autogenerated API tests leak memory.
Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a]
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
|
|
Drop uuid-test-error-api.patch as it's been fixed upstream differently:
https://github.com/karelzak/util-linux/commit/b770b487004778f4425639c7ed1bb6ca22d157bf
Drop ptest for tailf, as it got deprecated and removed:
https://github.com/karelzak/util-linux/commit/70ca1a77721b41f2355eeb00d4e55e13dba3e313
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Some of these are clearly dead, e.g. one binutils patch reverts the effects
of the earlier one.
This also removes the uclibc site files. We now have mechanisms to allow these
to be extended from another layer should someone ever wish to do that.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
uclibc support was removed a while ago and musl works much better. Start to
remove the various overrides and patches related to uclibc which are no longer
needed.
uclibc support in a layer would still be possible. I have strong reasons to
believe nobody is still using uclibc since patches are missing and I doubt
the metadata even parses anymore.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The recent ovmf update broke secureboot because upstream changed the
way how openssl gets compiled into ovmf. It's now integrated directly
into the ovmf build process, without having to patch it first.
In addition, more recent OpenSSL releases are supported. 1.1.0e was
explicitly mentioned in the ovmf commits and because the current
1.1.0f only has minor build enhancements, 1.1.0e is used here.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enable systemd-resolved and systemd-networkd by default.
Make it co-exist with connman and Fix associated problems
in read-only rootfs.
Fixes [YOCTO #11331]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix build with gcc7
clang can not compile it therefore mark it gcc only recipe
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Most of the shell scripts refer to /bin/sh inside the script. When 'usrmege'
feature is enabled, this path would be /usr/bin/sh. Hence, to satisfy build
dependency add '/bin/sh' to it's providers list.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since we go through the trouble of copying the Python tests, we may as
well actually run them...
This also avoids the following QA issue:
ERROR: libxml2-2.9.4-r0 do_package_qa: QA Issue:
/usr/lib/libxml2/ptest/python/tests/push.py contained in package
libxml2-ptest requires /usr/bin/python, but no providers found in
RDEPENDS_libxml2-ptest? [file-rdeps]
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is needed for avahi-autoipd, which attempts to
create a link-scope route as part of its work.
Without iproute scope support in busybox, the route is
not created due to an error message, and hence we
aren't accessible by, and can't access ourselves,
IP addresses outside the link-local scope
(169.254.0.0/16) unless we also have a proper
non link-local IP address, which somehow defeats the
purpose of zeroconf.
Signed-off-by: André Draszik <adraszik@tycoint.com>
Reviewed-by: Stephane Ayotte <sayotte@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use the package maintained by voidlinux
Drop local patches
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
A following linking error was observed:
| ==========
| archival/lib.a(tar.o): In function `tar_main':
| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
| archival/tar.c:1168: undefined reference to `unpack_Z_stream'
| ld: busybox_unstripped: hidden symbol `unpack_Z_stream' isn't defined
| ld: final link failed: Bad value
this happened with clang compiler, with the following configs:
| CONFIG_TAR=y
| # CONFIG_FEATURE_SEAMLESS_Z is not set
which can be fixed by adding IF_FEATURE_* checks in.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
In some cases, it may be useful to populate a volatile file from an
existing one, e.g. a file in a read-only rootfs that may be edited in a
read-write destination.
To provide this behavior, creation of volatile files has been updated to
copy a file which has been given in the <linksource> field. If set to
none, the current behavior is preserved.
Signed-off-by: David Vincent <freesilicon@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Using "cp -a" leaks UID of user running the builds, causing
many QA warnings.
* See this thread for details:
http://lists.openembedded.org/pipermail/openembedded-core/2015-November/112904.html
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- towupper/towlower: fast path for ascii chars
- remove long-obsolete clang workarounds from mips* syscall_arch.h files
- fix fstatat syscall on mips64
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop patch support-out-of-tree-builds.patch:
Because the upstream has already contain it.
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove upstreamed patches (thanks Ross).
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Error log will be logged into /var/log/message.
Added in more condition checking on the script. Check
/proc/tty/drivers and /proc/tty/driver/*
file system to retrieve active targeted serial.
Only establish getty with active serial in runtime.
[YOCTO #10844]
Reviewed-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Choong YinThong <yin.thong.choong@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Some distros might choose another syslogd provider like rsyslogd.
update-alternative will update the link from syslogd to the right
provider. However the syslogd feature is still present and enabled
in busybox.
This commit adds a new configuration fragment to make syslogd
optionnal in busybox.
Signed-off-by: Romain Perier <romain.perier@collabora.com>
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|