Drop obsolete patch, the lib/gnulib.mk has been removed by upstream
- 0001-Unset-need_charset_alias-when-building-for-musl.patch
Drop backport patches:
- 0002-Fix-segfault-with-mangled-rename-patch.patch
- 0003-Allow-input-files-to-be-missing-for-ed-style-patches.patch
- 0004-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
- 0001-Fix-swapping-fake-lines-in-pch_swap.patch
- CVE-2019-13636.patch
- 0001-Invoke-ed-directly-instead-of-using-the-shell.patch
- 0001-Don-t-leak-temporary-file-on-failed-ed-style-patch.patch
- 0001-Don-t-leak-temporary-file-on-failed-multi-file-ed.patch
- CVE-2019-20633.patch
GNU patch 2.8 released: http://savannah.gnu.org/news/?id=10741
NEWS since v2.7.6 (2018-02-03):
The --follow-symlinks option now applies to output files as well as input.
'patch' now supports file timestamps after 2038 even on traditional
GNU/Linux platforms where time_t defaults to 32 bits.
'patch' no longer creates files with names containing newlines,
as encouraged by POSIX.1-2024.
Patches can no longer contain NUL ('\0') bytes in diff directive lines.
These bytes would otherwise cause unpredictable behavior.
Patches can now contain sequences of spaces and tabs around line numbers
and in other places where POSIX requires support for these sequences.
--enable-gcc-warnings no longer uses expensive static checking.
Use --enable-gcc-warnings=expensive if you still want it.
Fix undefined or ill-defined behavior in unusual cases, such as very
large sizes, possible stack overflow, I/O errors, memory exhaustion,
races with other processes, and signals arriving at inopportune moments.
Remove old "Plan B" code, designed for machines with 16-bit pointers.
Assume C99 or later; previously it assumed C89 or later.
Port to current GCC, Autoconf, Gnulib, etc.
(From OE-Core rev: b7034d912122582bd63f06d2e4a849dd376b7157)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We have long since obsoleted md5sum in favour of sha256sum. Drop the remaining
56 entries (which were showing many recipes hadn't been touched in a long time).
They all do have the corresponding sha256sum entries as is clear from the diff.
(From OE-Core rev: 7e4bfcc9706fa8a09f6a0004174a2c3b21c90df3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bulk of these recipes used acpaths to work around argument list
limits as we passed the full path to every directory. As this behaviour
no longer happens we can remove these workarounds.
(From OE-Core rev: c4336f1b0da981b3ea396b17779b67898bceccef)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.
(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is a bug in patch 2.7.3 and earlier where index lines
in patches can change file modes when they shouldn't:
http://git.savannah.gnu.org/cgit/patch.git/patch/?id=82b800c9552a088a241457948219d25ce0a407a4
This leaks into debug sources in particular (e.g. tcp-wrappers where
source files are read-only). Add the dependency to target recipes
to avoid this problem until we can rely on 2.7.4 or later.
We could try and remove all index lines from patch files but it will be a
losing battle. We could try and identify all the recipes which change
modes on files in patches but again, its a losing battle.
Instead, compromise and have patch-native as a dependency
for target recipes. We use patch-replacement-native since patch-native
is in ASSUME_PROVIDED.
Also add nativesdk-patch to buildtools-tarball.
[YOCTO #13777]
(From OE-Core rev: 5ed0840c93804488cd1c1aba6cb382b2434714a5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These patches improve CVE fixes but trip up patch status sanity checks, so add
CVE tags to them.
(From OE-Core rev: b30e060639d99849e27e5136c33c52d27e3288dc)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The original fix for CVE-2018-1000156 was incomplete. Backport more
fixes done later for a complete fix.
Also see:
https://savannah.gnu.org/bugs/index.php?53820
(From OE-Core rev: 9ea833b7d1655e042a513ea2225468c84f1c8bfb)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156
* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566
* Fix arbitrary command execution in ed-style patches:
- src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
- tests/ed-style: New test case.
- tests/Makefile.am (TESTS): Add test case.
(From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.
There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.
There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.
Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.
I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.
(From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix a variety of problems such as typos, bad punctuations, or incorrect
Upstream-Status values.
(From OE-Core rev: bd220fe6ce8c3a0805f13a14706d3130ea872604)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is same gnulib fix replicated across needed recipes
Change-Id: I756713407111a726eae98e26c9c1ff64981371c0
(From OE-Core rev: fbe6d2c12aa9f7956bc87efeb68cb64b26b60c7a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed:
WARNING: QA Issue: patch: configure was passed unrecognised options: --disable-xattr [unknown-configure-option]
The patch 2.5.9 doesn't support --disable-xattr, there are already
PACKAGECONFIG and PACKAGECONFIG[attr] in patch_2.7.1.bb, so remove them from
patch.inc to fix the problem.
(From OE-Core rev: 7d10af1954aa4f27e3f32b7371a1f2454344bb5f)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
(From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Remove all PR = "r0" from all .bb files in oe-core. This was done
with the command sed -e '/^PR.*=.*r0\"/d' recipes*/*/*.bb -i
We've switching to the PR server, PR bumps are no longer needed and
this saves people either accidentally bumping them or forgetting to
remove the lines (r0 is the default anyway).
(From OE-Core rev: 58ae94f1b06d0e6234413dbf9869bde85f154c85)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* it's autodetected from sysroot
* add PACKAGECONFIG to make it deterministic
(From OE-Core rev: 2eb394b6111a7df730e38604e8efe8bce5c1653a)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This will enable or disable xattr with the correct dependency
on attr as needed.
(From OE-Core rev: dd219cb2608e5800dcd900117b37ad8cf9ac689a)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is a optional dependency on xattr (and thus the attr package),
disable it by default, to ensure it builds correctly.
(From OE-Core rev: a7de32c8ad1405ed31b620fb99dfe0fe80ac23a9)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
global-reject-file.diff was patch ported from Debian that Debian
itself has dropped as upstream now has equivalent functionality.
To update users of this functionality, replace
"--global-reject-file=file" with simple "--reject-file=file" which
no longer overwrites reject hunks from different files.
(From OE-Core rev: 1c15ffab4d68e86f1ffcfd538e1d0ab77c21cb97)
Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some place pnum=1 is used which is removed as well since
striplevel=1 is default
(From OE-Core rev: 4e108857e0d40105f7ecbc55e99bd6c367bb7386)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As discussed on the mailing list, this variable isn't useful and if wanted
would be better implemented by distros using pn-X overrides.
This patch executes:
find . -regex ".*\.\(bb\|inc\)$" | xargs sed -i '/^PRIORITY = ".*"$/d'
against the tree removing the referenced. Thanks to Phil Blundell for
the command.
(From OE-Core rev: d122343362669c683acc4af295971a62cbc823fc)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit patch recipe based on latest upstream code. This is GPLv3
code based. Hence the earlier patch-2.5.9 recipe is left intact for
GPLv2 needs.
Patches from 2.5.9 patch recipe are rebased to this new recipe except
these exceptions:
unified-reject-files.diff: dropped
This patch implements this new parameter:
" --unified-reject-files Create unified reject files."
And upstream has implemented very similar parameter like this:
" --reject-format=FORMAT Create 'context' or 'unified' rejects."
Hence this patch is dropped for the 2.6.1 recipe.
global-reject-file.diff: rebased
This patch is rebased to the newer upstream codebase.
install.patch: dropped
Newer upstream code now includes code form this patch.
debian.patch: dropped
This huge (10k lines) patch was specific for 2.5.9 version of GPLv2 patch.
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
Earlier the recipe was using 2.5.4 tar ball and a patch for upgrading to
2.5.9. Replaces these with pointer to 2.5.9 tarball.
Also noted that both 2.5.4 & 2.5.9 are GPLv2 sources.
Updated checksums and license of the recipe
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
Having one monolithic packages directory makes it hard to find things
and is generally overwhelming. This commit splits it into several
logical sections roughly based on function, recipes.txt gives more
information about the classifications used.
The opportunity is also used to switch from "packages" to "recipes"
as used in OpenEmbedded as the term "packages" can be confusing to
people and has many different meanings.
Not all recipes have been classified yet, this is just a first pass
at separating things out. Some packages are moved to meta-extras as
they're no longer actively used or maintained.
Signed-off-by: Richard Purdie <rpurdie@linux.intel.com>
