Patrick Ohly [Fri, 23 Sep 2016 13:23:20 +0000 (15:23 +0200)]
openssl.inc: avoid random ptest failures
"make alltests" is sensitive to the timestamps of the installed
files. Depending on the order in which cp copies files, .o and/or
executables may end up with time stamps older than the source files.
Running tests then triggers recompilation attempts, which typically
will fail because dev tools and files are not installed.
"cp -a" is not enough because the files also have to be newer than
the installed header files. Setting the file time stamps to
the current time explicitly after copying solves the problem because
do_install_ptest_base is guaranteed to run after do_install.
Patrick Ohly [Fri, 23 Sep 2016 13:26:05 +0000 (15:26 +0200)]
openssl: update to 1.0.2i (CVE-2016-6304 and more)
This update fixes several CVEs:
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* SWEET32 Mitigation (CVE-2016-2183)
* OOB write in MDC2_Update() (CVE-2016-6303)
* Malformed SHA512 ticket DoS (CVE-2016-6302)
* OOB write in BN_bn2dec() (CVE-2016-2182)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
* DTLS buffered message DoS (CVE-2016-2179)
* DTLS replay protection DoS (CVE-2016-2181)
* Certificate message OOB reads (CVE-2016-6306)
Of these, only CVE-2016-6304 is considered of high
severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were
already fixed via local patches, which can be removed now.
See https://www.openssl.org/news/secadv/20160922.txt for details.
Some patches had to be refreshed and one compile error fix from
upstream's OpenSSL_1_0_2-stable was required. The server.pem
file is needed for test_dtls.
Paul Eggleton [Fri, 23 Sep 2016 09:22:11 +0000 (21:22 +1200)]
lib/oe/patch: improve accuracy of patch header extraction
When PATCHTOOL = "git", if we need to manually apply a patch and then
commit it (i.e. when git am doesn't work) we try to extract the author /
date / shortlog from the patch header. Make the following improvements
to that extraction process:
* If there's no explicit Subject: but the first line is followed by a
blank line, isn't an Upstream-Status: or Index: marker and isn't too
long, then assume it's good enough to be the shortlog. This avoids
having too many patches with "Upgrade to version x.y" as the shortlog
(since that is often when patches get added).
* Add --follow to the command we use to find the commit that added the
patch, so we mostly get the commit that added the patch rather than
getting stuck on upgrade commits that last moved/renamed the patch
* Populate the date from the commit that added the patch if we were able
to get the author but not the date from the patch (otherwise you get
today's date which is less useful).
Paul Eggleton [Fri, 23 Sep 2016 09:22:10 +0000 (21:22 +1200)]
lib/oe/patch: exclude "From <hash>" from commit message when PATCHTOOL is "git"
If you leave "From <hash>" lines in the commit message it can actually
break git rebase because it tries to interpret the line in the context
of the current repository, and if the hash is invalid then a rebase
will blow up with:
fatal: git cat-file: could not get object info
or in newer git versions:
error: unable to find <hash>
fatal: git cat-file <hash>: bad file
(I hit this when I tried to do a devtool upgrade on openssl to 1.0.2i
the first time I did "git rebase --skip")
Paul Eggleton [Fri, 23 Sep 2016 09:17:52 +0000 (21:17 +1200)]
nativesdk-qemu-helper: drop old Zaurus flash tools
These tools are relics of an earlier time when the Zaurus devices were
reference platforms - these days they are no longer needed. It seems
amazing that they survived earlier purges.
Robert Yang [Thu, 21 Jul 2016 03:35:53 +0000 (20:35 -0700)]
systemd: install udev.pc
It provides udev, but doesn't install udev.pc, which causes other
recipes failed to figure out udevdir.
Fixed when systemd in DISTRO_FEATURES:
$ bitbake pcmciautils (or btrfs-tools):
Package udev was not found in the pkg-config search path.
Perhaps you should add the directory containing `udev.pc'
to the PKG_CONFIG_PATH environment variable
No package 'udev' found
Their udev rules file may not be installed according to each pkg's
implementation.
We still have problems where deploying SDKMACHINE=i686 can cause removal
of SDKMACHINE=x86_64 artefacts.
The reason is that x86_64 is a BUILD_ARCH as well as an SDK_ARCH and
the manifest namespaces overlap. To fix this, set PACKAGE_ARCH and
the stamp-extra-into to include SDK_OS. SDK_OS may not be entirely correct
but it is what sstate.bbclass uses for nativesdk and fixing that is
a separate issue.
This is confirmed to resolve artefact problems on the AB which have been
delaying a new uninative release.
Scott Rifenbark [Fri, 16 Sep 2016 18:11:04 +0000 (11:11 -0700)]
sdk-manual: Removed notes about the BitBake Commander
Fixes [YOCTO #10032]
The fix to remove the BitBake Commander from the tools to install
when dealing with the Eclipse Yocto Plug-in has happened.
Consequently, I removed the developer notes in the manual stating
that the Commander was still showing up there. The manual set
is now clean of this stuff.
Scott Rifenbark [Wed, 14 Sep 2016 01:05:31 +0000 (18:05 -0700)]
sdk-manual: Updated SDK workflow
A new command devtool finish has superceded the final commands
in the SDK workflow. I updated the two figures (add and modify)
to reflect this new flow. I also updated the ordered number list
to match reality.
Scott Rifenbark [Tue, 13 Sep 2016 20:17:57 +0000 (13:17 -0700)]
sdk-manual, ref-manual: New variable for including toolchain
Added a new variable description for SDK_INCLUDE_TOOLCHAIN.
Along with the new glossary entry, I updated a couple places
where it would be relevant to cross-reference the new variable.
Scott Rifenbark [Tue, 13 Sep 2016 18:15:02 +0000 (11:15 -0700)]
ref-manual: New section and updates for runtime dep work
fixes [YOCTO #10248]
The bulk of this change is a new section called "Automatically
Added Runtime Dependencies". Additionally, changes were made
to the RDEPENDS and DEPENDS variables. Some cross-referencing
to the new material was also added in the do_package task entry,
the do_packagedata task entry, the PKGDATA_DIR glossary entry,
and the PRIVATE_LIBS glossary entry.
Scott Rifenbark [Wed, 7 Sep 2016 20:31:08 +0000 (13:31 -0700)]
ref-manual: New section on using oe-pkgdata-util
Fixes [YOCTO #10216]
Creted a new section titled "Viewing Package Information with
oe-pkgdata-util". This section describes how to view information
for already build packages through the use of the
oi-pkgdata-util command.
Scott Rifenbark [Wed, 7 Sep 2016 17:17:42 +0000 (10:17 -0700)]
documentation: Added new description for the PACKAGECONFIG_CONFARGS variable.
Fixes [YOCTO #10183]
Added a new variable entry for the PACKAGECONFIG_CONFARGS variable.
With the introduction of the new PACKAGECONFIG_CONFARGS variable,
many places in the mainstream YP documentation that referenced
how to pass configure arguments using EXTRA_OECONF needed to also
make mention of this new variable. I added many cross-references
to the new variable.
Scott Rifenbark [Sat, 3 Sep 2016 00:24:56 +0000 (17:24 -0700)]
sdk-manual: Updates to "Working With Eclips" for Neon
Fixes [YOCTO #7546]
Applied changes throughout this section to move it from Luna to
the Neon version (latest) of Eclipse. We now provide a single
thread for Eclipse, which is based on the latest version (Neon).
Information for Mars, which is also supported) is in a new Appendix
C.
Previously, YP did not support Python 3.0. We mentioned that
in the manual in several places as a requirement for running YP.
I removed this exclusion in the following areas:
* yocto-project-qs - the section that tells what version of
Python you need.
* ref-manual - the section that tells what version of Python
you need.
* ref-manual - the FAQ entry about not having the right version
of Python.
Scott Rifenbark [Thu, 1 Sep 2016 17:57:39 +0000 (10:57 -0700)]
ref-manual: Clarified the OVERRIDES glossary description.
Fixes [YOCTO #10173]
I provided a more detailed description of how this variable
works. Also provided a cross-reference link back to the
variable at the end of the PREFERRED_VERSION variable.
Scott Rifenbark [Thu, 1 Sep 2016 17:10:47 +0000 (10:10 -0700)]
ref-manual: New section clarifying stamps, input checksums and sstate cache
Fixes [YOCTO #10172]
I added a new section on how BitBake reruns tasks based on the
stamps files. Also put in some cross-referencing links to that
new section in the stamps entry for the structure chapter and in
the STAMP variable in the glossary.
Paul Eggleton [Fri, 23 Sep 2016 09:14:32 +0000 (21:14 +1200)]
bitbake: knotty: ensure progress bar output is accounted for in display
When calculating how many lines we'd printed we weren't properly taking
the progress bars into account, with the result that sometimes if the
last line printed on the terminal wrapped to the next line (which is
possible) we backed up less lines than we should have.
Additionally, we should always print a newline after updating the
progress bar - there's no need to check if there wasn't output (there
always will be courtesy of our overridden _need_update()) and we now
allow the line to wrap so we don't need to check the other condition
either.
Richard Purdie [Thu, 22 Sep 2016 12:54:43 +0000 (13:54 +0100)]
bitbake: knotty: Show task elapsed time
Its often useful to know how long a task has been running for. This patch
adds that information to the task display, updating every 5s if there
were no other updates so the user can see how long tasks have been running
for.
Jose Lamego [Wed, 21 Sep 2016 19:54:59 +0000 (12:54 -0700)]
oeqa/selftest/base: backup and restore local configuration files
Selftests' cleanup method during test setup is not capable of
restoring local configuration files that remain modified after
aborting a test through a keyboard interruption.
This change creates backups for local.conf and bblayers.conf at
test setup, restore them when found, and deletes them at cleanup.
Signed-off-by: Jose Lamego <jose.a.lamego@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The feature to install packages in the target requires to
build the package manager. It would fail, with very obtuse
errors, if a test requires to install something and the
package manager hasn't been build. This will add the package
manager as dependency for testimage.
scripts/runqemu: Using a cpio* rootfs has no special network
When booting a system with the rootfs being of cpio* type the networking
setup should still work the same as for all other root filesystem types.
This change removes the clearing of the NETWORK_CMD variable allowing
for the slirp/tap setup to be provided to QEMU.
Not all QEMU machines (outside of those available in OE-Core) are
capable of using the virtio-rng-pci device due to various machine models
not having a pci/virtio bus. This makes it such that the use of the
'-device virtio-rng-pci' flag to QEMU is machine specific.
This patch removes the general addition of the flag to all runqemu
targets and adds the flag into the QB_OPT_APPEND for all the qemu*
machines in OE-Core that support its use (which is all of them).
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Zhixiong Chi [Thu, 22 Sep 2016 07:54:27 +0000 (15:54 +0800)]
wpa_supplicant: Security Advisory-CVE-2016-4477
Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Zhixiong Chi [Thu, 22 Sep 2016 07:54:20 +0000 (15:54 +0800)]
wpa_supplicant: Security Advisory-CVE-2016-4476
Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Currently adding a font recipe to an image doesn't have enough
dependencies to cause mkfontdir-native to be included in the native
sysroot. This creates problems with the postinstall scripts for fonts
which call mkfontdir to create font index files: font.dir. The end
result is missing font.dir files in the built image and a malfunctioning
font system.
Dependencies for the relevant recipes currently look like this:
Where:
* D = DEPENDS
* R = RDEPENDS
* RN = RDEPENDS_class-native
* <font.bb> e.g. font-adobe-100dpi*.bb
Some details where omitted for clarity e.g. dependencies on util-macros.
I believe the intent behind the RDEPENDS_class-native chain:
* <font.bb> -> font-util-native -> mkfontdir-native
was to provide the necessary dependency on mkfontdir. However because
the native sysroot is not built from packages this RDEPENDS_class-native
chain doesn't have the desire effect (i.e. it doesn't pull in
mkfontdir-native).
Changing the RDEPENDS_class-native chain into a DEPENDS_class-native
chain is a non-starter because of the build time dependency loop it
creates:
* font-util-native -> mkfontscale-native -> libfontenc-native -> font-util-native
Having upstream remove the build time dependency of libfontenc on
font-util is also a non-starter[1] even though it does create problems
in other distributions, for example on Debian see [2], [3].
Instead add a DEPENDS on mkfontdir-native in the encodings recipe in
addition to the mkfontscale-native dependency it already contains. This
solves the missing mkfontdir in the native sysroot problem without
introducing a build dependency loop.
buildtools-tarball shouldn't be regenerated when MACHINE changes,
nor should variants for other SDKMACHINE be removed from the deploy
directory when SDKMACHINE changes.
Remove target architecture dependencies so that deploy artefacts
can overlap.
toolchain-scripts-base: add base class for toolchain_create_sdk_version
We use toolchain_create_sdk_version() in buildtools-tarball but
don't want the extra classes toolchain-scripts pulls in, therefore
split out a separate base class for this function which both
toolchain-scripts and the buildtools-tarball can inherit.
Richard Purdie [Wed, 21 Sep 2016 21:31:57 +0000 (22:31 +0100)]
bitbake: cooker/providers: Only add target to world build if task exists
A "bitbake world -c unpack" currently breaks as not all tasks have an
unpack task. This change allows addition of world targets only if the
specified task exists which makes certain commands possible when otherwise
you just get errors which can't easily be avoided.
Ross Burton [Wed, 21 Sep 2016 16:31:27 +0000 (17:31 +0100)]
bitbake: fetch2: handle absolute paths in subdir
Currently if you use the subdir parameter in a SRC_URI and pass an absolute path
then it gets appended to the unpack directory instead of being used directly.
This is inconvenient as it may be useful to use ${S} when you want to unpack a
file into the source tree.
Change this behaviour so that absolute paths are used directly instead of being
appended to the root directory. To ensure that recipes cannot write files to an
arbitrary location enforce that the subdir starts with the unpack root.
Richard Purdie [Wed, 21 Sep 2016 21:30:03 +0000 (22:30 +0100)]
base.bbclass: Drop unnecessary dirs setting
${D} is listed in cleandirs so no need to list it in dirs as well.
The default directory is ${B} so this is a cleanup which should have
no changes to the execution.
Richard Purdie [Wed, 21 Sep 2016 10:53:57 +0000 (11:53 +0100)]
autotools/siteinfo: Tweak CONFIG_SITE handling for determism/races
As things stand there are multiple races in the CONFIG_SITE handling
where checksums can change depending on whether site directories
exist or not when parsing happens. This is bad.
Secondly, there is a build race that occurs if you build virtuals
in parallel with the "main" recipe, since the main recipe is parsed
when the virtual is (since it sets variables like BBCLASSEXTEND)
and with the current code, it may look for files and directories
which could be created/destroyed which the loop is executing. This
is also bad.
The aclocal-copy directory should only ever be accessed by the call
from autotools.bbclass. This changes the parameter name to make it
clear and ensures all callers have the right usage, neatly avoiding
all the problems above. Also added better comments.
Robert Yang [Tue, 20 Sep 2016 10:32:57 +0000 (03:32 -0700)]
asciidoc: set CLEANBROKEN to fix rebuild
The make clean removes doc/a2x.1 and doc/asciidoc.1, then it would cause
build failures since in the second build:
Fixing CONF_DIR in asciidoc.py
Fixing CONF_DIR in a2x.py
python a2x.py -f manpage doc/a2x.1.txt
a2x: ERROR: "xmllint" --nonet --noout --valid "/path/to/asciidoc-native/8.6.9-r0/asciidoc-8.6.9/doc/a2x.1.xml" returned non-zero exit status 4
make: *** [doc/a2x.1] Error 1
The xmllint failed because "--nonext" is used:
I/O error : Attempt to load network entity http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd
/buildarea/lyang1/test_arm/tmp/work/x86_64-linux/asciidoc-native/8.6.9-r0/asciidoc-8.6.9/doc/a2x.1.xml:2: warning: failed to load external entity "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When built on an i686 host for qemux86-64 without the
fix to obey LD and it fails:
/scratch/dogwood/toolchains/x86_64/bin/i686-pc-linux-gnu-ld:
Relocatable linking with relocations from format elf64-x86-64
(/scratch/dogwood/perf-ld-test/build/tmp/work/qemux86_64-mel-linux/perf/1.0-r9/perf-1.0/fs/fs.o)
to format elf32-i386 (/scratch/dogwood/perf-ld-test/build/tmp/work/qemux86_64-mel-linux/perf/1.0-r9/perf-1.0/fs/libapi-in.o)
is not supported
This is because LD includes HOST_LD_ARCH, which contains TUNE_LDARGS,
which is -m elf32_x86_64 for x86_64. Without that, direct use of ld will fail.
Andreas Müller [Wed, 21 Sep 2016 05:30:43 +0000 (07:30 +0200)]
libunwind: fix build by linking with bfd instead of gold
works around:
<native-sysroot>/ld: error: Gperf-simple.o: cannot make copy relocation for protected symbol '_Uarm_local_addr_space', defined in ../src/.libs/libunwind-arm.so
collect2: error: ld returned 1 exit status
Makefile:1038: recipe for target 'Gperf-simple' failed
make[1]: *** [Gperf-simple] Error 1
make[1]: *** Waiting for unfinished jobs....
<...>
<native-sysroot>/ld: error: Lperf-simple.o: cannot make copy relocation for protected symbol '_ULarm_local_addr_space', defined in ../src/.libs/libunwind.so
collect2: error: ld returned 1 exit status
Makefile:1094: recipe for target 'Lperf-simple' failed
make[1]: *** [Lperf-simple] Error 1
<...>
ERROR: oe_runmake failed
<native-sysroot>/ld: error: Gperf-trace.o: cannot make copy relocation for protected symbol '_Uarm_local_addr_space', defined in ../src/.libs/libunwind-arm.so
collect2: error: ld returned 1 exit status
Makefile:1042: recipe for target 'Gperf-trace' failed
make[1]: *** [Gperf-trace] Error 1
<native-sysroot>/ld: error: Lperf-trace.o: cannot make copy relocation for protected symbol '_ULarm_local_addr_space', defined in ../src/.libs/libunwind.so
collect2: error: ld returned 1 exit status
Makefile:1098: recipe for target 'Lperf-trace' failed
make[1]: *** [Lperf-trace] Error 1
<...>
<native-sysroot>/ld: error: test-coredump-unwind.o: cannot make copy relocation for protected symbol '_UCD_accessors', defined in ../src/.libs/libunwind-coredump.so
collect2: error: ld returned 1 exit status
Makefile:1186: recipe for target 'test-coredump-unwind' failed
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tried by adding CFLAGS_append = " -fpic " to
the recipe. But that couldn't help resolve the
warning message:
x264/r2491+gitAUTOINC+c8a773ebfc-r0/packages-split/x264/usr/lib/libx264.so.144' has relocations in .text [textrel]
It was found that this warning is emitted because of the
assembly files in the source code. And it is not easy to
get rid of TEXTREL's which are coming from the assembly
source files.
Adding textrel to INSANE_SKIP resolves this issue.
This issue was observed in cyclone5 and imx6qsabresd BSP's.
So generalizing the patch.
The relocation script of the SDK doesn't have enough
error handling when replacing host perl with SDK perl
or changing the symlinks. This will add those checks
along with a sanity check of xargs.
Andreas Müller [Wed, 21 Sep 2016 20:46:38 +0000 (22:46 +0200)]
libnewt: link whiptail properly with libnewt
Configuration failed to detect gold as GNU linker. It was searching for
'GNU ld' but gold returns 'GNU gold (GNU Binutils 2.27.0.20160806) 1.12' which
does not match. When not linking by GNU linker Makefile did some magic link
target alignment:
| WARNING: libnewt-0.52.19-r0 do_package_qa: QA Issue: /usr/bin/whiptail contained in package whiptail requires libnewt.so, but no providers found in RDEPENDS_whiptail? [file-rdeps]
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 21 Sep 2016 23:24:03 +0000 (00:24 +0100)]
uninative-tarball: Make stamp independent
The uninative tarball only contains nativesdk compoents. It should
not get regenerated when MACHINE changes for example. Currently its
sstate arch is also incorrect so changing SDKMACHINE results in other
variants being removed from the deploy directory.
This patch removes the target architecture dependencies so that
deploy artefacts can overlap and it doesn't continually rebuild. This
also fixes various autobuilder/release artefact issues we're having
as a result of these issues.
Scott Rifenbark [Wed, 21 Sep 2016 21:03:10 +0000 (14:03 -0700)]
bitbake: bitbake-user-manual: Added information for using single quotes
Fixes [YOCTO #10293]
In the section about setting variables, I added a paragraph that
explains the use of single quotes when setting a variable. The
case covers when you must have the double quote charater as part
of your variable's value.
Scott Rifenbark [Wed, 7 Sep 2016 14:52:26 +0000 (07:52 -0700)]
bitbake: bitbake-user-manual: New section on functions you can call from Python
Fixes [YOCTO #10100]
I added a new parent directory named "Functions You Can Call From
Within Python". This section contains a couple new sub-sections.
One is the existing "Functions for Accessing Datastore Variables".
The other is called "Other Functions", and it is used to point
or reference some commonly used functions that the user can call
from within Python.
If DEPLOY_DIR_IMAGE doesn't exist during check_arg_machine() we
will attempt to guess a suitable value later when check_and_set()
calls validate_paths(), therefore this shouldn't raise an exception
runqemu: don't try and invoke bitbake when running in a toolchain env
If a MACHINE value is passed we can't validate it by running bitbake
as the toolchain environment doesn't include the build system, we
must assume that the passed value for MACHINE is correct.
runqemu: try and guess qemu-system binary when MACHINE isn't set
Emulate some logic from the prior, shell based, version of runqemu
to try and infer the correct setting for MACHINE from the kernel
and rootfs filenames.
runqemu: validate paths and attempt to infer unset paths
We need to validate and ensure all paths are set regardless of
whether runqemu was invoked with a .qemuboot.conf file or
otherwise. Split this logic out into a separate method called
during check_and_set()
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
