subtree updates
meta-raspberrypi: 40283f583b..ca11a291ee:
Martin Schuessler (1):
omxplayer: remove hardcoded tune and arch from Makefile
poky: 111b7173fe..50d272863d:
Adrian Bunk (3):
wireless-regdb: Add recipe
go: Upgrade 1.12.5 -> 1.12.6
libxslt: Fix CVE-2019-11068
Alexander Kanavin (7):
vala: upgrade 0.44.3 -> 0.44.5
libnewt: merge libnewt-python recipe into the main recipe
epiphany: update to 3.32.3
btrfs-tools: update to 5.1.1
createrepo-c: upgrade 0.14.0 -> 0.14.2
librepo: upgrade 1.10.2 -> 1.10.3
libmodulemd: upgrade 2.4.0 -> 2.5.0
Alistair Francis (6):
libffi: Add RISC-V support
opensbi: Initial commit of OpenSBI
qemuriscv64: Add the QEMU RISC-V 64-bit machine
linux-yocto: Mark qemuriscv64 as compatible
qemuriscv: Build uImage for RISC-V machines
qemuriscv64: Fix QB_OPT_APPEND overwrite
Anuj Mittal (1):
runtime/cases/logrotate: make test more reliable
Ayoub Zaki (1):
kernel-fitimage: introduce FIT_HASH_ALG
Changqing Li (1):
gcc-runtime: fix C++ header mapping for n32/x32 tune
Chee Yang Lee (1):
wic/bootimg-efi: allow multiple initrd
Chen Qi (2):
manifest.py: fix test_SDK_manifest_entries
target-sdk-provides-dummy: add libperl.so.5 to DUMMY_PROVIDES
Chris PeBenito (1):
volatile-binds: Change cp to use -a instead of -p.
Denys Dmytriyenko (2):
mtd-utils: upgrade 2.0.2 -> 2.1.0+
mtd-utils: add "jffs" and "ubifs" PACKAGECONFIG options
He Zhe (1):
kernel: qemuarmv5: Update machine overrides of KERNEL_DEVICETREE
Joe Slater (1):
parted: change device manager check in ptest
Joshua Watt (1):
python3: Disable PGO for reproducible builds
Kai Kang (3):
systemd-conf: not configure network for nfs root
rng-tools: 6.6 -> 6.7
qemu: disable capstone for 32-bit mips with multilib
Lei Maohui (1):
openssl: Fix a build bug on aarch64BE.
Martin Jansa (4):
buildhistory: show time spent writting buildhistory
base.bbclass: define PACKAGECONFIG_CONFARGS before only sometimes appending to it
serf: stop scons trying to create directories in hosts rootfs
bitbake: tests/utils.py: add one more test cases for bb.utils.vercmp_string
Matt Madison (1):
apt: fix permissions on apt-daily script for systemd
Mingli Yu (1):
bitbake: add iconv to HOSTTOOLS
Pierre Le Magourou (4):
cve-update-db: New recipe to update CVE database
cve-check: Remove dependency to cve-check-tool-native
cve-check: Manage CVE_PRODUCT with more than one name
cve-check: Consider CVE that affects versions with less than operator
Ricardo Ribalda Delgado (4):
dpkg: Use less as pager
meson: Fix native patch to python3
rootfs: Fix dependency for every dpkg run
python3: python3: Fix build error x86->x86
Richard Purdie (7):
libxcrypt: Switch to disable obsolete APIs
libxcrypt-compat: Add recipe to build the obsolete APIs
uninative-tarball: Add libxcrypt-compat
openssh: Add missing DEPENDS on virtual/crypt
lttng-tools: Filter ptest output to remove random tmp directories
cmake: Clarify comment in cmake toolchain file
uninative: Update to 2.6 release
Robert Yang (2):
linux-dummy: Add do_compile_kernelmodules
make-mod-scripts: Depends on bison-native
Ross Burton (7):
insane: improve buildpath warning messages
insane: remove empty test that does nothing
binconfig: don't try to fix up .la files
libsdl2: use binconfig-disabled
glib-2.0: fix host path appearing in gsocketclient-slow test script
oeqa/logparser: ignore test failure commentary
python: make 'python' install everything instead of just the interpretter
Stefano Babic (1):
systat: systemd never enables the service
Tim Orling (4):
perl-rdepends.txt: more ptest dependencies fixes
libxml-sax-perl: upgrade 1.00 -> 1.02
libmodule-build-perl: move from meta-perl
libmodule-build-perl: upgrade 0.4224 -> 0.4229; enable ptest
Yi Zhao (2):
shadow: fix configure error with dash
less: upgrade 550 -> 551
Zang Ruochen (9):
lighttpd: Upgrade 1.4.53 -> 1.4.54
libevent:upgrade 2.1.8 -> 2.1.10
libevdev:upgrade 1.6.0 -> 1.7.0
gnutls:upgrade 3.6.7 -> 3.6.8
gnupg:upgrade 2.2.15 -> 2.2.16
curl:upgrade 7.64.1 -> 7.65.1
lttng-ust:upgrade 2.10.3 -> 2.10.4
xkeyboard:upgrade 2.26 -> 2.27
gobject-introspection:upgrade 1.60.1 -> 1.60.2
Change-Id: I3df401c6822e1c5c2ee9cff57c7264fe31c6d22d
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0/glib-meson.cross b/poky/meta/recipes-core/glib-2.0/glib-2.0/glib-meson.cross
index 8420f98..b5df400 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0/glib-meson.cross
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0/glib-meson.cross
@@ -4,3 +4,6 @@
have_unix98_printf = true
va_val_copy = true
growing_stack = false
+
+[binaries]
+env = "/usr/bin/env"
diff --git a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
index f4ade09..bb77294 100644
--- a/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
+++ b/poky/meta/recipes-core/glib-2.0/glib-2.0_2.60.3.bb
@@ -16,10 +16,10 @@
file://0001-Do-not-write-bindir-into-pkg-config-files.patch \
file://0001-meson.build-do-not-hardcode-linux-as-the-host-system.patch \
file://0001-meson-do-a-build-time-check-for-strlcpy-before-attem.patch \
- file://glib-meson.cross \
"
SRC_URI_append_class-native = " file://relocate-modules.patch"
+SRC_URI_append_class-target = " file://glib-meson.cross"
SRC_URI[md5sum] = "112a850caa8d2c21e24d4c9844e8b1fe"
SRC_URI[sha256sum] = "04ab0d560d45790d055f50db2d69974eab8b693a77390075462c56e652b760b9"
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.6.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.6.bb
new file mode 100644
index 0000000..ebc4648
--- /dev/null
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt-compat_4.4.6.bb
@@ -0,0 +1,18 @@
+#
+# This provides libcrypto.so.1 which contains obsolete APIs, needed for uninative in particular
+#
+
+require libxcrypt_${PV}.bb
+
+PROVIDES = ""
+AUTO_LIBNAME_PKGS = ""
+EXCLUDE_FROM_WORLD = "1"
+
+API = "--enable-obsolete-api"
+
+do_install_append () {
+ rm -rf ${D}${includedir}
+ rm -rf ${D}${libdir}/pkgconfig
+ rm -rf ${D}${datadir}
+}
+
diff --git a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.6.bb b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.6.bb
index 637c0e6..893f5e7 100644
--- a/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.6.bb
+++ b/poky/meta/recipes-core/libxcrypt/libxcrypt_4.4.6.bb
@@ -29,4 +29,7 @@
TARGET_CPPFLAGS = "-I${STAGING_DIR_TARGET}${includedir} -Wno-error=missing-attributes"
CPPFLAGS_append_class-nativesdk = " -Wno-error=missing-attributes"
+API = "--disable-obsolete-api"
+EXTRA_OECONF += "${API}"
+
BBCLASSEXTEND = "nativesdk"
diff --git a/poky/meta/recipes-core/meta/cve-update-db.bb b/poky/meta/recipes-core/meta/cve-update-db.bb
new file mode 100644
index 0000000..522fd23
--- /dev/null
+++ b/poky/meta/recipes-core/meta/cve-update-db.bb
@@ -0,0 +1,121 @@
+SUMMARY = "Updates the NVD CVE database"
+LICENSE = "MIT"
+
+INHIBIT_DEFAULT_DEPS = "1"
+PACKAGES = ""
+
+inherit nopackages
+
+deltask do_fetch
+deltask do_unpack
+deltask do_patch
+deltask do_configure
+deltask do_compile
+deltask do_install
+deltask do_populate_sysroot
+
+python do_populate_cve_db() {
+ """
+ Update NVD database with json data feed
+ """
+
+ import sqlite3, urllib3, shutil, gzip, re
+ from datetime import date
+
+ BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
+ YEAR_START = 2002
+ JSON_TMPFILE = d.getVar("CVE_CHECK_DB_DIR") + '/nvd.json.gz'
+
+ # Connect to database
+ db_file = d.getVar("CVE_CHECK_DB_FILE")
+ conn = sqlite3.connect(db_file)
+ c = conn.cursor()
+
+ initialize_db(c)
+
+ http = urllib3.PoolManager()
+
+ for year in range(YEAR_START, date.today().year + 1):
+ year_url = BASE_URL + str(year)
+ meta_url = year_url + ".meta"
+ json_url = year_url + ".json.gz"
+
+ # Retrieve meta last modified date
+ with http.request('GET', meta_url, preload_content=False) as r:
+ date_line = str(r.data.splitlines()[0])
+ last_modified = re.search('lastModifiedDate:(.*)', date_line).group(1)
+
+ # Compare with current db last modified date
+ c.execute("select DATE from META where YEAR = '%d'" % year)
+ meta = c.fetchone()
+ if not meta or meta[0] != last_modified:
+ # Update db with current year json file
+ with http.request('GET', json_url, preload_content=False) as r, open(JSON_TMPFILE, 'wb') as tmpfile:
+ shutil.copyfileobj(r, tmpfile)
+ with gzip.open(JSON_TMPFILE, 'rt') as jsonfile:
+ update_db(c, jsonfile)
+ c.execute("insert or replace into META values (?, ?)",
+ [year, last_modified])
+
+ conn.commit()
+ conn.close()
+
+ with open(d.getVar("CVE_CHECK_TMP_FILE"), 'a'):
+ os.utime(d.getVar("CVE_CHECK_TMP_FILE"), None)
+}
+
+# DJB2 hash algorithm
+def hash_djb2(s):
+ hash = 5381
+ for x in s:
+ hash = (( hash << 5) + hash) + ord(x)
+
+ return hash & 0xFFFFFFFF
+
+def initialize_db(c):
+ c.execute("CREATE TABLE IF NOT EXISTS META (YEAR INTEGER UNIQUE, DATE TEXT)")
+ c.execute("CREATE TABLE IF NOT EXISTS NVD (ID TEXT UNIQUE, SUMMARY TEXT, \
+ SCOREV2 TEXT, SCOREV3 TEXT, MODIFIED INTEGER, VECTOR TEXT)")
+ c.execute("CREATE TABLE IF NOT EXISTS PRODUCTS (HASH INTEGER UNIQUE, ID TEXT, \
+ VENDOR TEXT, PRODUCT TEXT, VERSION TEXT, OPERATOR TEXT)")
+ c.execute("CREATE INDEX IF NOT EXISTS PRODUCT_IDX ON PRODUCTS \
+ (PRODUCT, VERSION)")
+
+def update_db(c, json_filename):
+ import json
+ root = json.load(json_filename)
+
+ for elt in root['CVE_Items']:
+ if not elt['impact']:
+ continue
+
+ cveId = elt['cve']['CVE_data_meta']['ID']
+ cveDesc = elt['cve']['description']['description_data'][0]['value']
+ date = elt['lastModifiedDate']
+ accessVector = elt['impact']['baseMetricV2']['cvssV2']['accessVector']
+ cvssv2 = elt['impact']['baseMetricV2']['cvssV2']['baseScore']
+
+ try:
+ cvssv3 = elt['impact']['baseMetricV3']['cvssV3']['baseScore']
+ except:
+ cvssv3 = 0.0
+
+ c.execute("insert or replace into NVD values (?, ?, ?, ?, ?, ?)",
+ [cveId, cveDesc, cvssv2, cvssv3, date, accessVector])
+
+ for vendor in elt['cve']['affects']['vendor']['vendor_data']:
+ for product in vendor['product']['product_data']:
+ for version in product['version']['version_data']:
+ product_str = cveId+vendor['vendor_name']+product['product_name']+version['version_value']
+ hashstr = hash_djb2(product_str)
+ c.execute("insert or replace into PRODUCTS values (?, ?, ?, ?, ?, ?)",
+ [ hashstr, cveId, vendor['vendor_name'],
+ product['product_name'], version['version_value'],
+ version['version_affected']])
+
+
+
+addtask do_populate_cve_db before do_cve_check
+do_populate_cve_db[nostamp] = "1"
+
+EXCLUDE_FROM_WORLD = "1"
diff --git a/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb b/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb
index 50182de..b5e8c0f 100644
--- a/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb
+++ b/poky/meta/recipes-core/meta/target-sdk-provides-dummy.bb
@@ -46,6 +46,7 @@
/bin/bash \
/usr/bin/env \
/usr/bin/perl \
+ libperl.so.5 \
pkgconfig \
pkgconfig-dev \
pkgconfig-src \
diff --git a/poky/meta/recipes-core/meta/uninative-tarball.bb b/poky/meta/recipes-core/meta/uninative-tarball.bb
index 25635fc..39638eb 100644
--- a/poky/meta/recipes-core/meta/uninative-tarball.bb
+++ b/poky/meta/recipes-core/meta/uninative-tarball.bb
@@ -16,6 +16,7 @@
nativesdk-glibc-gconv-libjis \
nativesdk-patchelf \
nativesdk-libxcrypt \
+ nativesdk-libxcrypt-compat \
nativesdk-libnss-nis \
"
diff --git a/poky/meta/recipes-core/packagegroups/packagegroup-base.bb b/poky/meta/recipes-core/packagegroups/packagegroup-base.bb
index cae704a..d054036 100644
--- a/poky/meta/recipes-core/packagegroups/packagegroup-base.bb
+++ b/poky/meta/recipes-core/packagegroups/packagegroup-base.bb
@@ -271,6 +271,7 @@
SUMMARY_packagegroup-base-wifi = "WiFi support"
RDEPENDS_packagegroup-base-wifi = "\
iw \
+ wireless-regdb-static \
wpa-supplicant"
RRECOMMENDS_packagegroup-base-wifi = "\
diff --git a/poky/meta/recipes-core/systemd/systemd-conf/wired.network b/poky/meta/recipes-core/systemd/systemd-conf/wired.network
index 253aee9..ff807ba 100644
--- a/poky/meta/recipes-core/systemd/systemd-conf/wired.network
+++ b/poky/meta/recipes-core/systemd/systemd-conf/wired.network
@@ -1,5 +1,6 @@
[Match]
Name=en* eth*
+KernelCommandLine=!nfsroot
[Network]
DHCP=yes
diff --git a/poky/meta/recipes-core/volatile-binds/files/mount-copybind b/poky/meta/recipes-core/volatile-binds/files/mount-copybind
index fddf520..e32e675 100755
--- a/poky/meta/recipes-core/volatile-binds/files/mount-copybind
+++ b/poky/meta/recipes-core/volatile-binds/files/mount-copybind
@@ -42,14 +42,14 @@
if ! mount -t overlay overlay -olowerdir="$mountpoint",upperdir="$spec",workdir="$overlay_workdir" "$mountpoint" > /dev/null 2>&1; then
if [ "$specdir_existed" != "yes" ]; then
- cp -pPR "$mountpoint"/. "$spec/"
+ cp -aPR "$mountpoint"/. "$spec/"
fi
mount -o "bind$options" "$spec" "$mountpoint"
fi
elif [ -f "$mountpoint" ]; then
if [ ! -f "$spec" ]; then
- cp -pP "$mountpoint" "$spec"
+ cp -aP "$mountpoint" "$spec"
fi
mount -o "bind$options" "$spec" "$mountpoint"