- No need to use bb.utils.which() as subprocess will search $PATH
- Clarity flow by moving the install inside the try/except
(From OE-Core rev: f4d22b7195dd8f08fe26dd353c7e860208e87d6a)
(From OE-Core rev: 1267df89164d7dcbbf77668ac49452bd0df87b54)
(From OE-Core rev: fdc95793dff3dbfa49faa19c51c7e8c9cd67dc6c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup do to merge conflict]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* since this commit:
commit f5a1013ffa9815f22e13989e2bcb83f966e7ce2c
Author: Ross Burton <ross.burton@intel.com>
Date: Tue Apr 18 16:19:12 2017 +0100
package_manager: don't race on a file when installing complementary
packages
the file isn't closed before oe-pkgdata-util uses it and this
temporary file might look empty to oe-pkgdata-util, because it
wasn't flushed yet. Which resulted in almost empty debugfs tarballs
and no locale packages in regular rootfs.
* without this change:
124K May 30 07:41 core-image-full-cmdline-raspberrypi3-64-20170530054003-dbg.rootfs.tar.gz
* with this change:
173M May 30 07:29 core-image-full-cmdline-raspberrypi3-64-20170530052715-dbg.rootfs.tar.gz
(From OE-Core rev: 9b34200048b3d2b477a19b7ddc8d447f873adbb2)
(From OE-Core rev: 667c43354e38c2fec1829089de0b7de076498e85)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 877d38db08aa7060d16405443cf70539c559fe82)
Signed-off-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
PackageManager.install_complementary() uses WORKDIR/installed_pkgs.txt as a
temporary file but if two tasks are executing for the same recipe which uses
this file (e.g. bitbake my-image my-image:do_populate_sdk) then it's possible
for the file to be overwritten or deleted.
Instead of using a static filename, use tempfile to generate a unique name and
ensure it is cleaned up when finished.
Also move the glob generation/expansion earlier in the function as if there are
no globs to install, we don't need to generate a package list.
(From OE-Core rev: f5a1013ffa9815f22e13989e2bcb83f966e7ce2c)
(From OE-Core rev: b02b54192ce71606aac30c21f3ff2199fa70a529)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup do to merge conflicts]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If createrepo isn't found then the errors later are mysterious, so explicitly
check and error out early if it isn't there.
(From OE-Core rev: e09636bbb3ea8ec58984197fd9c691bb908efe00)
(From OE-Core rev: c87361fc886432a9db584712bf3e41ecd0541960)
(From OE-Core rev: 0adc876ed8be21190510a91220f9755c8e9df021)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup do to merge conflicts]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When using subprocess call and check_output, it is better to use arrays
rather than strings when possible to avoid whitespace and quoting
problems.
[ YOCTO #9342 ]
(From OE-Core rev: b12cec9a5ef14ecb02be7feec65508cf5d65c795)
(From OE-Core rev: 60ba1d424636bdd5700ec3ee0acec5c19550b884)
Signed-off-by: Stephano Cetola <stephano.cetola@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The debian policy manual and MaintainerScripts wiki page states that the
postinst script is supposed to be called with the `configure` argument
at first install, likewise the preinst script is supposed to be called
with the `install` argument on first install.
https://www.debian.org/doc/debian-policy/ch-maintainerscripts.htmlhttps://wiki.debian.org/MaintainerScripts
(From OE-Core rev: 3d9c3aae54589794ce3484fa1b21d1af2bd32661)
(From OE-Core rev: ba59b6416f24ad53f1caccf9185b46cb60da213a)
Signed-off-by: Linus Wallgren <linus.wallgren@scypho.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nativesdk is built with a specific prefix but this will be different at install
time, however glibc hard-codes the path to locale files. Expand these strings to 4K and move them to a magic segment which we can relocate when the SDK is installed.
(From OE-Core rev: 59e0679378aac27c4fea0b06721e0a184a93c100)
(From OE-Core rev: c1f220f89496de51d3aa6eacd42cd8d3ddaad104)
(From OE-Core rev: 39d0aca4e3e4e1115ee9db64e84625f5827ea50f)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: e1faf9ac7e89d33aba33547ede19a10aaa034207)
Fixup patch
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
portmap was dropped in rocko and later and doesn't work with libtirpc
so don't build it for musl
(From OE-Core rev: ceeda7a60c613a93f7bd3c8234010d34e3e98b3b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If glibc is newer on the host than in uninative, the failure mode is
pretty nasty for clusters where the sstate is shared, including the Yocto
Project autobuilder.
This check aborts the use of uninative in such scenarios where a newer
glibc version appears and avoids corruption of sstate caches.
We use ldd to check the glibc version since that is included in libc-bin
(or equivalent) which locales use so it should always be present.
(From OE-Core rev: 676d4d91064d4e4f7abb2bd3597a0ddd5b7e2390)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Now distros are starting to ship glibc 2.27 we need a uninatve version
which contains glibc 2.27 which is in the 1.8 version.
(From OE-Core rev: 922dae3a2adde21717ebcd1b5fe8e75f69b391df)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Should also fix build on new build hosts where
with glibc 2.27 rpc support is dropped in favor
of libtirpc
(From OE-Core rev: 62552a76b65b7ab5fa71b188537ae0582c3cbaea)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libtirpc prior to 1.0.2 assumed that the system provided nis.h but this isn't
always true. Until now we've been using a tarball of the missing files from
Gentoo, but libtirpc 1.0.2 added a copy of nis.h to the sources so this isn't
required anymore.
(From OE-Core rev: cc20757169f833c322fbdee592788e37ed2d549f)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This vulnerability is also called "rpcbomb".
Backport upstream patch to fix this vulnerability.
CVE: CVE-2017-8779
(From OE-Core rev: 19faff705a0458570bc640adbbdc07348a831b0c)
Signed-off-by: Fan Xin<fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use memset() API instead of __bzero()
Drop the patch removing des_* functions for musl
(From OE-Core rev: f77f93f9458e2279ec2322578b1366fa1a632485)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libnsl needs this API
(From OE-Core rev: 36f9db435506922976b68ad0912d26674d574653)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These fixes are needed for it to work with gcc7
(From OE-Core rev: 387cd21a6792b3243c4fde84231d6e164e660f98)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
| ../../valgrind-3.12.0/VEX/priv/host_ppc_isel.c: In function 'iselInt64Expr':
| ../../valgrind-3.12.0/VEX/priv/host_ppc_isel.c:3270:1: internal compiler error: Segmentation fault
| }
| ^
| Please submit a full bug report,
| with preprocessed source if appropriate.
| See <http://gcc.gnu.org/bugs.html> for instructions.
| rm -f libvexmultiarch-amd64-linux.a
| Makefile:1813: recipe for target 'priv/libvex_amd64_linux_a-host_ppc_isel.o' failed
Remove the patch to gcc causing this until the issue can be figured out.
(From OE-Core rev: 67e99321233e6a2897a0de33f0b98cd89bc9d3dc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backported series of patches from https://github.com/hjl-tools/gcc.git
branch /hjl/indirect/gcc-6-branch/master which contains
an IA patch series for security related issues
(From OE-Core rev: 155936a8e5d29d26ef80333920a056f7c3211657)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The following commit added the FL_LPAE flag to FL_FOR_ARCH7VE, but
neglected to also add it to the armv7ve compatible cores defined in
arm-cores.def.
af2d9b9e58
The result is that gcc 6.4 now refuses to allow -march=armv7ve and
-mcpu=XXX to be used together, even when -mcpu is set to an armv7ve
compatible core:
arm-linux-gnueabi-gcc -march=armv7ve -mcpu=cortex-a7 -Werror ...
error: switch -mcpu=cortex-a7 conflicts with -march=armv7ve switch [-Werror]
Fix by defining flags for armv7ve compatible cores directly from
FL_FOR_ARCH7VE, rather than re-creating the armv7ve flags
independently by combining FL_FOR_ARCH7A with the armv7ve specific
FL_THUMB_DIV and FL_ARM_DIV flags.
(From OE-Core rev: 9923939703d918461d789712e14420a38ebf978b)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The change to link libssp_nonshared.a only for musl was to move
spec file changes to config/linux.h under a conditional when
DEFAULT_LIBC == LIBC_MUSL which worked fine for all but ppc
since gcc for ppc provided its own linux.h overrides which are
used. This patch duplicates the change in those headers too
Cherry-picked from oe-core master 9d39168a6acfa1f289a4448271c0bf9caaea10ec
(From OE-Core rev: 7d391a9e566a6ddc2970fc666a45570310bdc780)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
glibc already provides the content for libssp_nonshared
in libc_nonshared.a therefore we dont need to make it
universal.
This also fixed build issues on glibc when linking statically
and using -fstack-protector
Fixed errors like
/mnt/a/oe/build/tmp/work/i586-bec-linux/aufs-util/3.14+gitAUTOINC+bdfcc0dcfc-r0/recipe-sysroot/usr/lib/../lib/libc.a(stack_chk_fail.o): In function `__stack_chk_fail': /usr/src/debug/glibc/2.26-r0/git/debug/stack_chk_fail.c:27: multiple definition of `__stack_chk_fail_local' /mnt/a/oe/build/tmp/work/i586-bec-linux/aufs-util/3.14+gitAUTOINC+bdfcc0dcfc-r0/recipe-sysroot/usr/lib/../lib/libssp_nonshared.a(libssp_nonshared_la-ssp-local.o):/usr/src/debug/gcc-runtime/7.1.0-r0/gcc-7.1.0/build.i586-bec-linux.i586-bec-linux/i586-bec-linux/libssp/../../../../../../../../work-shared/gcc-7.1.0-r0/gcc-7.1.0/libssp/ssp-local.c:47: first defined here collect2: error: ld returned 1 exit status
Cherry-picked from oe-core master d71eba26850838b2878efea3f8c392a2eb2ebbfb
(From OE-Core rev: 27eaa97595cbac38a8bec118fe3d5f8920ab814e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use ucontext_t not struct ucontext in linux-unwind.h files.
Current glibc no longer gives the ucontext_t type the tag struct
ucontext, to conform with POSIX namespace rules. This requires
various linux-unwind.h files in libgcc, that were previously using
struct ucontext, to be fixed to use ucontext_t instead. This is
similar to the removal of the struct siginfo tag from siginfo_t some
years ago.
Backport of patches by Joseph Myers, taken from
https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=249957
[YOCTO #12083]
(From OE-Core rev: 063f5558ef2040b6d2c34caa553ed09733fc6470)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ec1c18d866c137b1fa523d0fcc29f65a28f59f44)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2016-4490 applied to gcc < 6.1.1, our version is 6.3
(From OE-Core rev: 869d7ddb30e5c522a3e7e200b0696340d37f5198)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8329861bf6f48f6e541a04062b8d1f373dfcd78)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[NVD] -- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6131
The demangler in GNU Libiberty allows remote attackers to cause a denial
of service (infinite loop, stack overflow, and crash) via a cycle in the
references of remembered mangled types.
[BZ #71696] -- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
2016-08-04 Marcel Böhme <boehme.marcel@gmail.com>
PR c++/71696
* cplus-dem.c: Prevent infinite recursion when there is a cycle
in the referencing of remembered mangled types.
(work_stuff): New stack to keep track of the remembered mangled
types that are currently being processed.
(push_processed_type): New method to push currently processed
remembered type onto the stack.
(pop_processed_type): New method to pop currently processed
remembered type from the stack.
(work_stuff_copy_to_from): Copy values of new variables.
(delete_non_B_K_work_stuff): Free stack memory.
(demangle_args): Push/Pop currently processed remembered type.
(do_type): Do not demangle a cyclic reference and push/pop
referenced remembered type.
cherry-picked from commit of
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@239143 138bc75d-0d04-0410-961f-82ee72b054a4
(From OE-Core rev: 3c288b181a4cfecc80b48994f4dd2df285e4d1d0)
(From OE-Core rev: be00ad34a3827a4205718609f349bc6e8a09733b)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96a16c4181d18b8580dad243350d589586cb2b07)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
GCC provides some of std* headers including stddef.h
and it syncs with glibc definitions via __needed* defines
to find which datatypes are expected to be defined on top
of glibc. we need same for musl.
Drop unused 0048-ARM-PR-target-71056-Don-t-use-vectorized-builtins-wh.patch
(From OE-Core rev: 5c3cfa24e49cbea34c74009b91bf96e0f9a00a63)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 7da04721a620ad741ea50adf116e6b5afd47caa5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
6.3.0 is a bugfix release in gcc 6 series
Cherry-picked from oe-core master 36ffcd1d7d2ab9dcc91e9c09623a6613a248bc69
(From OE-Core rev: c24f6de26efdfb13b95e51b4531d1e111fab409c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is some probability (depends on system load) to get empty
or line containing "0" as the last line while reading /proc/PID/io.
Avoid build failure by checking if line contains separator
":" before split.
Backport from pyro commit b26feaf51af55f17fad79dbd53dd3ec0a37c38ff
(From OE-Core rev: 31a098032eb82eb40eaa3952de4d29ab472e368a)
Signed-off-by: Pavel Modilaynen <pavelmn@axis.com>
Signed-off-by: Daniel Lublin <daniel@lublin.se>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When using distros which use old kernels gnutls fails to build
due to missing SYS_getrandom, therefore we need to check for this
before using it.
Fixes errorr e.g.
| ../../../gnutls-3.5.3/lib/nettle/rnd-linux.c: In function 'have_getrandom':
| ../../../gnutls-3.5.3/lib/nettle/rnd-linux.c:59:42: error: 'SYS_getrandom' undeclared (first use in this function)
| # define getrandom(dst,s,flags) syscall(SYS_getrandom, (void*)dst, (size_t)s, (unsigned int)flags)
(From OE-Core rev: ce18ec34549cf11d84a906c2abe7a492b8687c4f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We saw builds where runtime providers were sometimes changing order and the
build result was therefore non-deterministic. For example it could show:
DEBUG: providers for lib32-initd-functions are: ['lib32-lsbinitscripts', 'lib32-initscripts']
or
DEBUG: providers for lib32-initd-functions are: ['lib32-initscripts', 'lib32-lsbinitscripts']
which could cause a test to pass or fail.
This change ensures we don't rely on the random order of dictonaries in
memory and act deterministically.
(Bitbake rev: da85da9b58ed252c7b80a437fb5babff9e6dde48)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The previous tarball URI seems to be gone.
Also, adjust a few things to make it actually build;
handling autotools-based projects from git checkouts is always harder
than taking them from tarballs :-(
(From OE-Core rev: b4542e867d54c56e6ef088fac28ae3d5e6c0d7bc)
(From OE-Core rev: ee49a37d096a76cce349d6eff7964daada58efb1)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This fixes a segfault in arm64 multilib.
Drop CVE-2017-14064.patch
Additional CVE included are 2.4.3:
CVE-2017-17405: Command injection vulnerability in Net::FTP
Additional CVE included are 2.4.2:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Ruby Gems:
DNS request hijacking vulnerability. (CVE-2017-0902)
ANSI escape sequence vulnerability. (CVE-2017-0899)
DoS vulnerability in the query command. (CVE-2017-0900)
vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
(From OE-Core rev: 5bf664ba85c06d17c6e8c200301e42bc5fdab75e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
