poky: subtree update:7035b4b21e..a616ffebdc
Adrian Bunk (3):
python3: Upgrade 3.7.4 -> 3.7.5
lz4: Whitelist CVE-2014-4715
iputils: Whitelist CVE-2000-1213 CVE-2000-1214
Alex Kube (1):
go: Refactor patches for 1.13.3
Andreas Müller (2):
vte: upgrade 0.56.3 -> 0.58.2
webkitgtk: upgrade 2.26.1 -> 2.26.2
Andreas Oberritter (3):
glibc: move ldconfig to its own package
package.bbclass: Always include ldconfig fragment
systemd: Add runtime dependency on new ldconfig package
André Draszik (1):
libevent: update packaging (one package per shared library)
Anuj Mittal (1):
libsdl2: fix race when building in parallel
Armin Kuster (13):
oeqa/core: Add a check for MACHINE
oeqa/core: Add qemu checks
oeqa/manual/bsp-qemu: remove rpm tests already done in runtime
oeqa/manual/bsp-qemu: remove KVM enabled which is already done in selftest runqemu
oeqa/manual/bsp-qemu: drop xserver test done at runtime
oeqa/manual/bsp-qemu: remove only_one_connmand_in_background test done at runtime
oeqa/manual/bsp-qemu: remove postinit test done w/selftest runtime
oeqa/manual/bsp-qemu: remove manual bash test
oeqa/manual/bsp-qemu: remove manual useradd test
oeqa/selftest/oescripts: move list-packageconfig-flags tests from manual to self
oeqa/manua/oe-core: remove manual PACKAGECONFIG_FLAGS tests
oeqa/selftest/runtime_test: add crosstab selftest
oeqa/manual/oe-core: remove crosstab test from manual
Changhyeok Bae (1):
iproute2: update 5.2.0 -> 5.3.0
Chee Yang Lee (1):
wic: beautify 'wic help'
Chris Laplante via bitbake-devel (7):
bitbake: contrib/vim: More Python indenting; move indent file to correct directory
bitbake: contrib/vim: Special handling of bb.fatal
bitbake: contrib/vim: don't redeclare indenter
bitbake: contrib/vim: renaming & comments
bitbake: contrib/vim: indenting for assignments; tweak Python indenting
bitbake: contrib/vim: handle shell indenting
bitbake: contrib/vim: Add copyright and license notice
Denys Dmytriyenko (1):
buildhistory: fix "version went backwards" QA error message
Gavin Li (1):
bitbake: prserv: fix ResourceWarning due to unclosed socket
Haris Okanovic (8):
isoimage-isohybrid.py: Parameterize ESP label
isoimage-isohybrid.py: Parameterize ESP partition size
initscripts/sysfs.sh: Mount /sys/firmware/efi/efivars when possible
gnupg: Split gpg and gpg-agent into a minimal gnupg-gpg package
opkg: RDEPEND "gnupg-gpg" instead of "gnupg"
gnupg/libksba/npth/pinentry: Add nativesdk to BBCLASSEXTEND
meta/lib/oe/package_manager.py: Enable sha256 checksums in opkg indexer
dhcp: Workaround busybox limitation in Linux dhclient-script
Ivan Efimov (1):
bitbake: bitbake-worker child process create group before registering SIGTERM handler
Jacob Kroon (2):
rm_work: Promote do_image_qa stamps to setscene versions
rm_work: Simplify logic for setscene promotion
Jagadeesh Krishnanjanappa (1):
tune-cortexa32: Fix libgcc-initial build issue for cortex-a32
Joshua Watt (4):
oeqa: reproducible: Add option to capture bad packages
icecc-create-env: Use OE patchelf in SDK
mc: Fix build reproducibility
wayland: Fix wayland-scanner build for MinGW
Khem Raj (4):
libtirpc: Do not include bits/endian.h directly
strace: Fix ptest build
libnsl2: Update to latest master
strace: Fix build found with 64bit time_t/musl
Liwei Song (1):
buildtools-tarball: export OPENSSL_CONF for openssl
Mark Hatle (1):
populate_sdk_ext.bbclass: Make integrated buildtools optional
Maxime Roussin-Bélanger (1):
meta: add missing description for some recipes in graphics
Mikko Rapeli (1):
harfbuzz: split libharfbuzz-subset.so to its own binary package
Oleksandr Kravchuk (1):
git: update to 2.24.0
Paul Barker (1):
scripts/native-intercept: Add chgrp intercept
Peter Kjellerstedt (3):
sysstat: Correct our systemd unit file
sysstat: Correct when to use the package provided systemd unit files
bitbake: cooker: Remove a left-over comment about expanded_data
Richard Purdie (9):
bitbake: fetch2: Ensure cached url data is matched to a datastore
staging: Handle files moving between dependencies
sstate: Add ability to hide summary output for sstate
selftest/signing: Fix test_locked_signatures to use a temporary layer
dhcp/ruby/ffpmeg: Use CFLAGS, not TARGET_CFLAGS
bitbake: runqueue: Improve sstate rehashing output
pseudo: Add statx support to fix fedora30 issues
pseudo: Drop static linking to sqlite3
sqlite3: Drop pic as we no longer need the sqlite3 static lib
Ross Burton (16):
file: fix CVE-2019-18218
file: remove redundant upstream check workaround
file: run test suite when building natively
patch: the CVE-2019-13638 fix also handles CVE-2018-20969
libpng: whitelist CVE-2019-17371
procps: whitelist CVE-2018-1121
libsndfile1: whitelist CVE-2018-13419
libpam: set CVE_PRODUCT
libsoup: set CVE_PRODUCT
libsoup-2.4: upgrade to 2.66.4
insane: improve textrel warning message
libsoup: update patch upstream status
acpica: upgrade to 20191018
ovmf: unify DEPENDS
cve-check: we don't actually need to unpack to check
cve-update-db-native: don't refresh more than once an hour
Samuli Piippo (1):
linux-firmware: update packaging for brcm files
Scott Rifenbark (3):
ref-manual: Completed the 3.0 migration section.
mega-manual: Updated mega-manual Bitbake manual search path
ref-manual: Removed blank lines from 3.0 migratrion section.
Stefan Agner (1):
dbus: drop unused group netdev
Torbjörn Svensson (1):
psplash: Do mount psplash tmpfs if not mounted
Trevor Gamblin (1):
python3-misc: add python3-audio to RDEPENDS
Volker Vogelhuber (1):
bitbake: fetch2/hg: Fix various runtime issues
Yeoh Ee Peng (4):
scripts/resulttool/report: Enable report to use regression_map
scripts/resulttool/report: Enable output raw test results
scripts/resulttool/report: Add total statistic to test result.
resulttool/store.py: Enable add extra test environment data
Yongxin Liu (2):
systemd: Fix invalid argument of pstore log entry
ltp: Add "udevadm trigger" before swap verification in mkswap01.sh
Zang Ruochen (8):
ruby:upgrade 2.6.4 -> 2.6.5
ethtool:upgrade 5.2 -> 5.3
libdrm:upgrade 2.4.99 -> 2.4.100
libcheck:upgrade 0.12.0 -> 0.13.0
curl:upgrade 7.66.0 -> 7.67.0
libinput:upgrade 1.14.1 -> 1.14.3
python3-six:upgrade 1.12.0 -> 1.13.0
libedit: upgrade 20190324 -> 20191025
Zhixiong Chi (1):
libtirpc: create the symbol link for rpc header files
grygorii tertychnyi (1):
archiver: avoid empty incfile in ar_recipe
Change-Id: Ice596e426e4533d7568a82bcbb21efdfc19e21e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
diff --git a/poky/meta/recipes-extended/acpica/acpica_20190816.bb b/poky/meta/recipes-extended/acpica/acpica_20191018.bb
similarity index 75%
rename from poky/meta/recipes-extended/acpica/acpica_20190816.bb
rename to poky/meta/recipes-extended/acpica/acpica_20191018.bb
index 8f79974..4692275 100644
--- a/poky/meta/recipes-extended/acpica/acpica_20190816.bb
+++ b/poky/meta/recipes-extended/acpica/acpica_20191018.bb
@@ -9,19 +9,19 @@
HOMEPAGE = "http://www.acpica.org/"
SECTION = "console/tools"
-LICENSE = "BSD | GPLv2"
-LIC_FILES_CHKSUM = "file://generate/unix/readme.txt;md5=204407e197c1a01154a48f6c6280c3aa"
+LICENSE = "Intel | BSD | GPLv2"
+LIC_FILES_CHKSUM = "file://source/compiler/aslcompile.c;beginline=7;endline=150;md5=b5690d9ef8d54b2b1e1cc98aad64cd87"
COMPATIBLE_HOST = "(i.86|x86_64|arm|aarch64).*-linux"
DEPENDS = "bison flex bison-native"
-SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix2-${PV}.tar.gz"
-SRC_URI[md5sum] = "6a73b1e34715916fa31132dbe11008b0"
-SRC_URI[sha256sum] = "888e80f3bb77381620a5ead208e1a1be06f3ea66ddc8cfdfa62811cae5f03752"
+SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix-${PV}.tar.gz"
+SRC_URI[md5sum] = "539a0252bcb42c383ceeaeb12ae9a60d"
+SRC_URI[sha256sum] = "029db4014600e4b771b11a84276d2d76eb40fb26eabc85864852ef1f962be95f"
UPSTREAM_CHECK_URI = "https://acpica.org/downloads"
-S = "${WORKDIR}/acpica-unix2-${PV}"
+S = "${WORKDIR}/acpica-unix-${PV}"
inherit update-alternatives
diff --git a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch
index 7c5d4f9..153ea55 100644
--- a/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch
+++ b/poky/meta/recipes-extended/ethtool/ethtool/avoid_parallel_tests.patch
@@ -19,7 +19,7 @@
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@ dnl Process this file with autoconf to produce a configure script.
- AC_INIT(ethtool, 5.2, netdev@vger.kernel.org)
+ AC_INIT(ethtool, 5.3, netdev@vger.kernel.org)
AC_PREREQ(2.52)
AC_CONFIG_SRCDIR([ethtool.c])
-AM_INIT_AUTOMAKE([gnu])
diff --git a/poky/meta/recipes-extended/ethtool/ethtool_5.2.bb b/poky/meta/recipes-extended/ethtool/ethtool_5.3.bb
similarity index 88%
rename from poky/meta/recipes-extended/ethtool/ethtool_5.2.bb
rename to poky/meta/recipes-extended/ethtool/ethtool_5.3.bb
index 67e7fad..401331b 100644
--- a/poky/meta/recipes-extended/ethtool/ethtool_5.2.bb
+++ b/poky/meta/recipes-extended/ethtool/ethtool_5.3.bb
@@ -11,8 +11,8 @@
file://avoid_parallel_tests.patch \
"
-SRC_URI[md5sum] = "79cff0d4af62b030ad28be90414b5c4a"
-SRC_URI[sha256sum] = "8ad6cb30f6e1767d9d23a5cb5f606f3b51f83e85ebf0153c1506194f6709e90b"
+SRC_URI[md5sum] = "63d1c835b861912ea0dfd52cf66a2da4"
+SRC_URI[sha256sum] = "cd2d8ea360431a2ea35ff61c276bcf2afee1ad901668a0b50ae9f1c5814756bd"
UPSTREAM_CHECK_URI = "https://www.kernel.org/pub/software/network/ethtool/"
diff --git a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb
index d8f2470..3f9e991 100644
--- a/poky/meta/recipes-extended/iputils/iputils_s20190709.bb
+++ b/poky/meta/recipes-extended/iputils/iputils_s20190709.bb
@@ -17,6 +17,10 @@
UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>s\d+)"
+# Fixed in 2000-10-10, but the versioning of iputils
+# breaks the version order.
+CVE_CHECK_WHITELIST += "CVE-2000-1213 CVE-2000-1214"
+
PACKAGECONFIG ??= "libcap libgcrypt rarpd traceroute6"
PACKAGECONFIG[libcap] = "-DUSE_CAP=true, -DUSE_CAP=false, libcap"
PACKAGECONFIG[libgcrypt] = "-DUSE_CRYPTO=gcrypt, -DUSE_CRYPTO=none, libgcrypt"
diff --git a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb
index c3a24fa..28c84af 100644
--- a/poky/meta/recipes-extended/libnsl/libnsl2_git.bb
+++ b/poky/meta/recipes-extended/libnsl/libnsl2_git.bb
@@ -12,7 +12,7 @@
PV = "1.2.0+git${SRCPV}"
-SRCREV = "37c5ffe3038d42e9fa9ed232ad2cbca4d8f14681"
+SRCREV = "4a062cf4180d99371198951e4ea5b4550efd58a3"
SRC_URI = "git://github.com/thkukuk/libnsl \
"
diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc/musl.patch b/poky/meta/recipes-extended/libtirpc/libtirpc/musl.patch
index 0c3ce60..21cd9f9 100644
--- a/poky/meta/recipes-extended/libtirpc/libtirpc/musl.patch
+++ b/poky/meta/recipes-extended/libtirpc/libtirpc/musl.patch
@@ -1,13 +1,14 @@
Consider musl provided built-in defines
Helps compile libtirpc with musl
+bits/endian.h is not supposed to be included directly
Upstream-Status: Pending
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---- ./tirpc/rpc/types.h.orig 2018-03-17 10:23:10.022055255 +0100
-+++ ./tirpc/rpc/types.h 2018-03-17 10:23:30.877751656 +0100
-@@ -66,7 +66,7 @@
+--- a/tirpc/rpc/types.h
++++ b/tirpc/rpc/types.h
+@@ -66,7 +66,7 @@ typedef int32_t rpc_inline_t;
#define mem_free(ptr, bsize) free(ptr)
@@ -16,3 +17,14 @@
# define __u_char_defined
# define __daddr_t_defined
#endif
+--- a/src/xdr_float.c
++++ b/src/xdr_float.c
+@@ -83,7 +83,7 @@ static struct sgl_limits {
+ };
+ #else
+
+-#include <bits/endian.h>
++#include <endian.h>
+ #define IEEEFP
+
+ #endif /* vax */
diff --git a/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb b/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb
index e73ffe7..633cece 100644
--- a/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb
+++ b/poky/meta/recipes-extended/libtirpc/libtirpc_1.1.4.bb
@@ -23,6 +23,20 @@
do_install_append() {
chown root:root ${D}${sysconfdir}/netconfig
+ install -d ${D}${includedir}/rpc
+ install -d ${D}${includedir}/rpcsvc
+ for link_header in ${D}${includedir}/tirpc/rpc/*; do
+ if [ -f $link_header -a ! -e ${D}/${includedir}/rpc/$(basename $link_header) ]; then
+ ln -sf ../tirpc/rpc/$(basename $link_header) ${D}${includedir}/rpc/$(basename $link_header)
+ fi
+ done
+ for link_header in ${D}${includedir}/tirpc/rpcsvc/*; do
+ if [ -f $link_header -a ! -e ${D}/${includedir}/rpcsvc/$(basename $link_header) ]; then
+ ln -sf ../tirpc/rpc/$(basename $link_header) ${D}${includedir}/rpcsvc/$(basename $link_header)
+ fi
+ done
+ ln -sf tirpc/netconfig.h ${D}/${includedir}/netconfig.h
+
}
BBCLASSEXTEND = "native nativesdk"
diff --git a/poky/meta/recipes-extended/ltp/ltp/0001-mkswap01.sh-Add-udevadm-trigger-before-swap-verifica.patch b/poky/meta/recipes-extended/ltp/ltp/0001-mkswap01.sh-Add-udevadm-trigger-before-swap-verifica.patch
new file mode 100644
index 0000000..1b433d3
--- /dev/null
+++ b/poky/meta/recipes-extended/ltp/ltp/0001-mkswap01.sh-Add-udevadm-trigger-before-swap-verifica.patch
@@ -0,0 +1,35 @@
+From fae8852a63d9fa6e56fb8b24eaf10560bd13757f Mon Sep 17 00:00:00 2001
+From: Yongxin Liu <yongxin.liu@windriver.com>
+Date: Tue, 12 Nov 2019 11:33:50 +0800
+Subject: [PATCH] mkswap01.sh: Add "udevadm trigger" before swap verification
+
+Fix: https://github.com/linux-test-project/ltp/issues/458
+
+Sometimes the swap device cannot show up in /dev/disk/by-uuid/
+or /dev/disk/by-lable/ due to the issue #458. When this issue
+happens, "blkid -c /dev/null" and "ls /dev/disk/by-uuid/" show
+different UUID of the device.
+
+Upstream-Status: Submitted [https://patchwork.ozlabs.org/patch/1193414]
+
+Signed-off-by: Yongxin Liu <yongxin.liu@windriver.com>
+---
+ testcases/commands/mkswap/mkswap01.sh | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/testcases/commands/mkswap/mkswap01.sh b/testcases/commands/mkswap/mkswap01.sh
+index 3a348c6e6..9437c4a4e 100755
+--- a/testcases/commands/mkswap/mkswap01.sh
++++ b/testcases/commands/mkswap/mkswap01.sh
+@@ -129,6 +129,8 @@ mkswap_test()
+ return
+ fi
+
++ udevadm trigger --name-match=$TST_DEVICE
++
+ if [ -n "$device" ]; then
+ mkswap_verify "$mkswap_op" "$op_arg" "$device" "$size" "$dev_file"
+ if [ $? -ne 0 ]; then
+--
+2.14.4
+
diff --git a/poky/meta/recipes-extended/ltp/ltp_20190517.bb b/poky/meta/recipes-extended/ltp/ltp_20190517.bb
index 5915b1c..47aa967 100644
--- a/poky/meta/recipes-extended/ltp/ltp_20190517.bb
+++ b/poky/meta/recipes-extended/ltp/ltp_20190517.bb
@@ -50,6 +50,7 @@
file://0001-syscall-rt_sigtimedwait01-Fix-wrong-sigset-length-fo.patch \
file://0001-cve-2017-17052-Avoid-unsafe-exits-in-threads.patch \
file://0001-overcommit_memory-update-for-mm-fix-false-positive-O.patch \
+ file://0001-mkswap01.sh-Add-udevadm-trigger-before-swap-verifica.patch \
"
S = "${WORKDIR}/git"
diff --git a/poky/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch b/poky/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch
new file mode 100644
index 0000000..e76aac8
--- /dev/null
+++ b/poky/meta/recipes-extended/mc/files/0001-Add-option-to-control-configure-args.patch
@@ -0,0 +1,99 @@
+From a54501d3c9541bc8600225aa2d42531f93c6def7 Mon Sep 17 00:00:00 2001
+From: Joshua Watt <JPEWhacker@gmail.com>
+Date: Sat, 9 Nov 2019 20:01:48 -0600
+Subject: [PATCH] Add option to control configure args
+
+Embedding the configure time options into the executable can lead to
+non-reproducible builds, since configure options often have embedded
+paths. Add a configure time option to control if the configure args are
+embedded so this can be disabled.
+
+Upstream-Status: Submitted [https://midnight-commander.org/ticket/4031]
+Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
+---
+ configure.ac | 6 ++++++
+ src/args.c | 6 ++++++
+ src/textconf.c | 2 ++
+ 3 files changed, 14 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 19d1a76be..a1948f6b9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -544,6 +544,12 @@ dnl Clarify do we really need GModule
+ AM_CONDITIONAL([HAVE_GMODULE], [test -n "$g_module_supported" && \
+ test x"$textmode_x11_support" = x"yes" -o x"$enable_aspell" = x"yes"])
+
++AC_ARG_ENABLE([configure-args],
++ AS_HELP_STRING([--enable-configure-args], [Handle all compiler warnings as errors]))
++if test "x$enable_configure_args" != xno; then
++ AC_DEFINE([ENABLE_CONFIGURE_ARGS], 1, [Define to enable showing configure arguments in help])
++fi
++
+ AC_DEFINE_UNQUOTED([MC_CONFIGURE_ARGS], ["$ac_configure_args"], [MC configure arguments])
+
+ AC_CONFIG_FILES(
+diff --git a/src/args.c b/src/args.c
+index baef1a1c8..f8dc24020 100644
+--- a/src/args.c
++++ b/src/args.c
+@@ -95,7 +95,9 @@ static gboolean mc_args__nouse_subshell = FALSE;
+ #endif /* ENABLE_SUBSHELL */
+ static gboolean mc_args__show_datadirs = FALSE;
+ static gboolean mc_args__show_datadirs_extended = FALSE;
++#ifdef ENABLE_CONFIGURE_ARGS
+ static gboolean mc_args__show_configure_opts = FALSE;
++#endif
+
+ static GOptionGroup *main_group;
+
+@@ -125,6 +127,7 @@ static const GOptionEntry argument_main_table[] = {
+ NULL
+ },
+
++#ifdef ENABLE_CONFIGURE_ARGS
+ /* show configure options */
+ {
+ "configure-options", '\0', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_NONE,
+@@ -132,6 +135,7 @@ static const GOptionEntry argument_main_table[] = {
+ N_("Print configure options"),
+ NULL
+ },
++#endif
+
+ {
+ "printwd", 'P', G_OPTION_FLAG_IN_MAIN, G_OPTION_ARG_STRING,
+@@ -758,11 +762,13 @@ mc_args_show_info (void)
+ return FALSE;
+ }
+
++#ifdef ENABLE_CONFIGURE_ARGS
+ if (mc_args__show_configure_opts)
+ {
+ show_configure_options ();
+ return FALSE;
+ }
++#endif
+
+ return TRUE;
+ }
+diff --git a/src/textconf.c b/src/textconf.c
+index 1e0613e58..f39b9e028 100644
+--- a/src/textconf.c
++++ b/src/textconf.c
+@@ -232,10 +232,12 @@ show_datadirs_extended (void)
+
+ /* --------------------------------------------------------------------------------------------- */
+
++#ifdef ENABLE_CONFIGURE_ARGS
+ void
+ show_configure_options (void)
+ {
+ (void) printf ("%s\n", MC_CONFIGURE_ARGS);
+ }
++#endif
+
+ /* --------------------------------------------------------------------------------------------- */
+--
+2.23.0
+
diff --git a/poky/meta/recipes-extended/mc/mc_4.8.23.bb b/poky/meta/recipes-extended/mc/mc_4.8.23.bb
index 83de8db..71f61b4 100644
--- a/poky/meta/recipes-extended/mc/mc_4.8.23.bb
+++ b/poky/meta/recipes-extended/mc/mc_4.8.23.bb
@@ -8,6 +8,7 @@
SRC_URI = "http://www.midnight-commander.org/downloads/${BPN}-${PV}.tar.bz2 \
file://0001-mc-replace-perl-w-with-use-warnings.patch \
+ file://0001-Add-option-to-control-configure-args.patch \
"
SRC_URI[md5sum] = "152927ac29cf0e61d7d019f261bb7d89"
SRC_URI[sha256sum] = "238c4552545dcf3065359bd50753abbb150c1b22ec5a36eaa02c82808293267d"
@@ -21,9 +22,11 @@
PACKAGECONFIG[smb] = "--enable-vfs-smb,--disable-vfs-smb,samba,"
PACKAGECONFIG[sftp] = "--enable-vfs-sftp,--disable-vfs-sftp,libssh2,"
-EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x"
+EXTRA_OECONF = "--with-screen=ncurses --without-gpm-mouse --without-x --disable-configure-args"
CACHED_CONFIGUREVARS += "ac_cv_path_PERL='/usr/bin/env perl'"
+CACHED_CONFIGUREVARS += "ac_cv_path_PYTHON='/usr/bin/env python'"
+CACHED_CONFIGUREVARS += "ac_cv_path_GREP='/usr/bin/env grep'"
do_install_append () {
sed -i -e '1s,#!.*perl,#!${bindir}/env perl,' ${D}${libexecdir}/mc/extfs.d/*
diff --git a/poky/meta/recipes-extended/pam/libpam_1.3.1.bb b/poky/meta/recipes-extended/pam/libpam_1.3.1.bb
index 6b73f0a..a2aa1ec 100644
--- a/poky/meta/recipes-extended/pam/libpam_1.3.1.bb
+++ b/poky/meta/recipes-extended/pam/libpam_1.3.1.bb
@@ -163,3 +163,5 @@
CONFFILES_${PN}-runtime += "${sysconfdir}/security/limits.conf"
UPSTREAM_CHECK_URI = "https://github.com/linux-pam/linux-pam/releases"
+
+CVE_PRODUCT = "linux-pam"
diff --git a/poky/meta/recipes-extended/procps/procps_3.3.15.bb b/poky/meta/recipes-extended/procps/procps_3.3.15.bb
index 9756db0..f240e54 100644
--- a/poky/meta/recipes-extended/procps/procps_3.3.15.bb
+++ b/poky/meta/recipes-extended/procps/procps_3.3.15.bb
@@ -4,9 +4,9 @@
HOMEPAGE = "https://gitlab.com/procps-ng/procps"
SECTION = "base"
LICENSE = "GPLv2+ & LGPLv2+"
-LIC_FILES_CHKSUM="file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
- file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \
- "
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+ file://COPYING.LIB;md5=4cf66a4984120007c9881cc871cf49db \
+ "
DEPENDS = "ncurses"
@@ -64,3 +64,6 @@
d.setVarFlag('ALTERNATIVE_LINK_NAME', prog, '%s/%s' % (d.getVar('base_sbindir'), prog))
}
+# 'ps' isn't suitable for use as a security tool so whitelist this CVE.
+# https://bugzilla.redhat.com/show_bug.cgi?id=1575473#c3
+CVE_CHECK_WHITELIST += "CVE-2018-1121"
diff --git a/poky/meta/recipes-extended/sysstat/sysstat.inc b/poky/meta/recipes-extended/sysstat/sysstat.inc
index 5a7d211..62de36b 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat.inc
+++ b/poky/meta/recipes-extended/sysstat/sysstat.inc
@@ -17,7 +17,7 @@
# autotools-brokensep as this package doesn't use automake
inherit autotools-brokensep gettext systemd upstream-version-is-even
-PACKAGECONFIG ??= ""
+PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
PACKAGECONFIG[lm-sensors] = "--enable-sensors,--disable-sensors,lmsensors,lmsensors-libsensors"
PACKAGECONFIG[cron] = "--enable-install-cron --enable-copy-only,--disable-install-cron --disable-copy-only"
PACKAGECONFIG[systemd] = "--with-systemdsystemunitdir=${systemd_system_unitdir}"
@@ -46,10 +46,12 @@
echo "d ${localstatedir}/log/sa - - - -" \
> ${D}${sysconfdir}/tmpfiles.d/sysstat.conf
- if ${@bb.utils.contains('PACKAGECONFIG', 'cron', 'false', 'true', d)}; then
+ # Unless both cron and systemd are enabled, install our own
+ # systemd unit file. Otherwise the package will install one.
+ if ${@bb.utils.contains('PACKAGECONFIG', 'cron systemd', 'false', 'true', d)}; then
install -d ${D}${systemd_unitdir}/system
install -m 0644 ${WORKDIR}/sysstat.service ${D}${systemd_unitdir}/system
- sed -i -e 's#@LIBDIR@#${libdir}#g' ${D}${systemd_unitdir}/system/sysstat.service
+ sed -i -e 's#@LIBEXECDIR@#${libexecdir}#g' ${D}${systemd_unitdir}/system/sysstat.service
fi
fi
}
@@ -62,6 +64,6 @@
fi
}
-FILES_${PN} += "${libdir}/sa ${systemd_system_unitdir}"
+FILES_${PN} += "${systemd_system_unitdir}"
TARGET_CC_ARCH += "${LDFLAGS}"
diff --git a/poky/meta/recipes-extended/sysstat/sysstat/sysstat.service b/poky/meta/recipes-extended/sysstat/sysstat/sysstat.service
index aff0710..ca46bef 100644
--- a/poky/meta/recipes-extended/sysstat/sysstat/sysstat.service
+++ b/poky/meta/recipes-extended/sysstat/sysstat/sysstat.service
@@ -5,7 +5,7 @@
Type=oneshot
RemainAfterExit=yes
User=root
-ExecStart=@LIBDIR@/sa/sa1 --boot
+ExecStart=@LIBEXECDIR@/sa/sa1 --boot
[Install]
WantedBy=multi-user.target