| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of using bb.note() etc for logging use logging.Logger directly, allowing
the use of QemuRunner outside of bitbake.
Also clean up the logging/errors by moving create_socket() out of
__init__()/restart() and into start().
(From OE-Core rev: 519e381278d40bdac79add340e4c0460a9f97e17)
(From OE-Core rev: c3c87fa26fec8c6e620ad2f1ce95b989f8c108ed)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes NULL pointer deref in sosendto().
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3640
Upstream patch:
http://git.qemu.org/?p=qemu.git;a=commit;
h=9a72433843d912a45046959b1953861211d1838d
(From OE-Core rev: f63a4f706269b4cd82c56d92f37c881de824d8bc)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add quotes around pkged_lic so that it works correctly with spaces
* fixes following error:
run.license_create_manifest.50601: 193: [: GPLv2: unexpected operator
(From OE-Core rev: 2bb8b2abb689d91b7b7e28e6bd528747bde94dd2)
(From OE-Core rev: 4c31f726cf1ea2e01b1fbf1c23e96a110fbb9623)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop removal of [|&()*] operators in pkged_lic because this removal is only
needed to validate if license is collected.
[YOCTO #6757]
(From OE-Core rev: 57e5f74382d51f2a8df00e18b6008e3d2b44ad1a)
(From OE-Core rev: a5fe29ff72dc2ce1667caa2ab1fdfbf2c1a4413b)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* add leading space so that it works even with some .bbappend adding
additional files to SRC_URI without trailing space
(From OE-Core rev: 0f282f1d4946ac6e81959c66172c115405632a26)
(From OE-Core rev: 55b183aa476754b050779d36dfbb03eb936443ad)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes an uninitialized data structure use flaw in qemu-vnc
which allows remote attackers to cause a denial of service
(crash).
Upstream patch:
http://git.qemu.org/?p=qemu.git;a=commit;
h=b2f1d90530301d7915dddc8a750063757675b21a
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7815
http://www.securityfocus.com/bid/70998
(From OE-Core rev: 31e3d1bab6612d8116086f9ada048a0c094fb2c8)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes insufficient parameter validation during ram load
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7840
Upstream commit:
http://git.qemu.org/?p=qemu.git;a=commit;
h=0be839a2701369f669532ea5884c15bead1c6e08
(From OE-Core rev: 0bd4b0c7ede8a52559e4bf05085a3f0d46a0a280)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed a flaw in the way BIND handled requests for TKEY
DNS resource records.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477
https://kb.isc.org/article/AA-01272
(From OE-Core rev: 18a01db3f2430095a4e6966aed5afd738dbc112e)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FILESPATH was only being overridden in one fetch location, it should be
equally handled in both.
Also use SSTATE_DIR as FILESPATH so that mirror urls which do remapping
can search the local SSTATE_DIR for other paths.
Also ensure that MIRRORS is removed in both locations, previously
it was only unset in one but both codepaths should be consistent.
(From OE-Core rev: d66a45c52200f73e67ebb3e6e447907bb3334319)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
The gnome class is really a convenience class to include other classes, so move
the introspection arguments into gnomebase.bbclass.
(From OE-Core rev: d0bf0e5fd9c2cb18437ccca14b2f41d410aa832a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
* unlike in master, the older versions weren't dropped when upgrading to 2015d
(From OE-Core rev: 1341554e582407e85697f05e3fcc82fcf29c9d56)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 4621675632518caae3a8c2098ee36896b9372551)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
This fixes the build error seen on newer distros that use gcc5 such as Fedora22
(From OE-Core rev: ac135bd462dc4e674260fdb97c9e2e79c2e96460)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Use canonical_license when doing evaluation of license expresion
since INCOMPATIBLE_LICENSE are already canonized.
[YOCTO #8080]
(From OE-Core rev: 8687b8bb8233e7f867539d69463671aa9c0806e9)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Accidentally forgot to merge the backport changes into the commit. Fix
so the patch applies correctly.
(From OE-Core rev: 5f50f90ed824ea6a8d1d1b41a5345f51a15c443f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
They managed to 'break' tar. Again. Sorry, they fixed a regression
which broke dpkg-deb.
The addition of:
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=163e96a0e619a900eab6de827c7c5749ecc9d3f2
("Bugfix: entries read from the -T file did not get proper matching_flag.")
means that the no-recursion option gets lost. This leads to many files getting included
multiple times, along with files which shouldn't be there.
The commit message is horrendous. The patch actually makes the option positional
(as documnted since 2003) and therefore doesn't affect the input from the -T option.
Moving the --no-reursion option to earlier in the command avoids the bug.
The bug was not present in tar 1.28 however it has been backported in at least
Fedora 22 and heading into Fedora 21.
Redhat reports of issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1230762 [tar]
https://bugzilla.redhat.com/show_bug.cgi?id=1241508 [dpkg]
Discussion of bug in upstream tar:
http://www.mail-archive.com/bug-tar@gnu.org/msg04799.html
[YOCTO #7988]
(From OE-Core rev: 6be698b7270f73f40d38713ecf13f12aec0ced61)
(From OE-Core rev: 386898afde40971653af646d55e64aef65807e3b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-devtools/dpkg/dpkg_1.17.25.bb
|
| |
|
|
|
|
|
|
|
|
|
| |
write_config overwrites the config rather than appends to it, so
ensure we write both variables in one go.
(From OE-Core rev: c94ba6160d5965d4d2071154b43112eb87f4c898)
(From OE-Core rev: c58814c910d813a761b5c0e3ba63d6fddef86cc9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running "-c cleanall" on shared DL_DIR and SSTATE_DIR is antisocial.
It leads to hard to debug races where we wonder why files disappear
and reappear from those directories.
Fix this by using a specific set of directories for these tests. This
avoids a long standing bug on the autobuilder where aspell and man
sources would disappear.
[YOCTO #6276]
(From OE-Core rev: 6b089c4a79dc3aae00c8a6e7ab0f6ba4b4b5f138)
(From OE-Core rev: f1447c256e027553442cf507e217323f7868000c)
(From OE-Core rev: e4434982e0d2c086ee946d3742c257daf31e8bfd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similarly to:
http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=9b19d6548a345009a6de79a6820c07a72054d961
we also need to fix the subversion-native case with gcc5 by using
the same fix to the BUILD_CPPFLAGS.
(From OE-Core rev: a5e7a1e597e7bbe3bbc547f43a89d00a8a9a9924)
(From OE-Core rev: 7d445547df528aa9e5bfb85568a7270e27f633ef)
(From OE-Core rev: 7e57945be22c1d141c6a9be6f73f585cd07938a6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
see https://gcc.gnu.org/gcc-5/porting_to.html
we need to stop the preprocessor from generating the #line directives
or we run into issues like
| checking for apr_int64_t Python/C API format string...
| configure: error: failed to recognize APR_INT64_T_FMT on this platform
| Configure failed. The contents of all config.log files follows to aid
debugging
| ERROR: oe_runconf failed
Rightly subversion should be fixed but lets leave that to subversion
folks
Change-Id: I02a89798ff949f79967ab0a73adcddaa4218662d
(From OE-Core rev: 7793b1c425077ed6ed11a9bc2a8b1b96612b1c96)
(From OE-Core rev: 4954cd6abad556d75beec860e82750bb1090a109)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This older code needs specific compiler options to allow it to work
with gcc 5. These options are used in the 2.21 recipe in master/fido
so this simply backports them.
(From OE-Core rev: 447dba2a6a077c83083556ab79ab265d4b8a048f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc-5 is stricter and complains about const to non-const
conversions, we backport the patch from upstream into 2.00
Change-Id: I17db365fdd253daaa1ab726e2a70ecad0ac7b2ae
(From OE-Core rev: ea3d48471db19a2432e4afd86df8caad51ee5166)
(From OE-Core rev: f396bcfdc4f05d0a047903262edc5b52f3c85b6e)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-bsp/grub/grub2.inc
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Cherry pick upstream commit to fix -Werror=logical-not-parentheses error
when building with native gcc5.
(From OE-Core rev: b3bd0dba3139a3e79bfcebe137248c7bdcadf04d)
(From OE-Core rev: c8bc2d7913e11278990d1fe82066e26f7fc1c11b)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GCC"s preprocessor starts to add newlines which are not
handled properly by ncurses build system startin from
version 5.0.
See also: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7870
(From OE-Core rev: 3a5435b371c84ec28b6936b8c8fa6541a592d061)
(From OE-Core rev: 8492e143af25bf64d07fc117e7f1607aadf89f09)
Signed-off-by: Martin Stolpe <martin.stolpe@gmail.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
for CVE-2015-1819 Enforce the reader to run in constant memory
(From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7)
(From OE-Core rev: de6e4114d5285ea0d2a53d19c93ce96430cc9e30)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-core/libxml/libxml2.inc
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport to fix CVE-2013-6435. Description on [1] and original
patch taken from [2].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6435
[2] https://bugzilla.redhat.com/attachment.cgi?id=956207
[YOCTO #7181]
(From OE-Core rev: 6bf846ed5ccd1a4d01b36630708b2b9aa9e69ed5)
(From OE-Core rev: 74d4895c4d30a45af5856228a00810bd14e5e071)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2014-8118. Description is on [1] and
original patch taken from [2].
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1168715
[2] https://bugzilla.redhat.com/attachment.cgi?id=962159
[YOCTO #7181]
(From OE-Core rev: 0a1f924157cb75d0f67cf534762c89dc8656d352)
(From OE-Core rev: f61750cfc3dd14a72b1ade4274b1a577136111fe)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
12-cve-2014-9636-test-compr-eb.patch is same as unzip-6.0_overflow3.diff,
is to fix CVE-2014-9636
(From OE-Core rev: 9cf42db4e545cd260faf45931d3b3c63ab3b3aab)
(From OE-Core rev: 7567dbc552819906a876b729e2a599ec412139a3)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: 86106da1068ec802ec9e1dd7bcdd9baf78182cb7)
Signed-off-by: Ng Shui Lei <shui.lei.ng@intel.com>
Signed-off-by: Ng Wei Tee <wei.tee.ng@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix CVE-2015-0245 by preventing non-root and non-systemd processes
from fooling the dbus daemon into thinking systemd service activation
failed.
(From OE-Core rev: a8aa06b2405dec31a306fdf47bd1fdf740fde7bd)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port four patches from unzip_6.0-8+deb7u2.debian.tar.gz to fix:
cve-2014-8139
cve-2014-8140
cve-2014-8141
cve-2014-9636
(From OE-Core rev: 429ab46f975c05f65120beddf50099c7cb0b2f86)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9636
unzip 6.0 allows remote attackers to cause a denial of service
(out-of-bounds read or write and crash) via an extra field with
an uncompressed size smaller than the compressed field size in a
zip archive that advertises STORED method compression.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1315
Buffer overflow in the charset_to_intern function in unix/unix.c in
Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code
via a crafted string, as demonstrated by converting a string from CP866
to UTF-8.
(From OE-Core rev: f86a178fd7036541a45bf31a46bddf634c133802)
(From OE-Core rev: 7c667c6aa0302649c125b0325a2e6f641810cb09)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* we were stripping too much when stripping recipe name from line like this:
ERROR: Task 12016 (/some/patch/something.dot.bar.bb, do_fetch) failed with exit code '1'
where the recipe name contains dots and doesn't end with _<version>.bb
(From OE-Core rev: f4953004ec26c97fb696854f8e31d36b8bbeb8bf)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the Mesa 10.2 release notes, "--with-llvm-shared-libs"
has been renamed to "--enable-llvm-shared-libs".
http://www.mesa3d.org/relnotes/10.2.html
(From OE-Core rev: b534c13bb13c1ab2739daaf32b59d917e93106fd)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* install populate-extfs.sh from contrib, be aware that in order
to use it you need to set DEBUGFS shell variable, otherwise it will
try to use debugfs from relative path which is almost always
incorrect:
CONTRIB_DIR=$(dirname $(readlink -f $0))
DEBUGFS="$CONTRIB_DIR/../debugfs/debugfs"
(From OE-Core rev: 1a3a7a1ba8c271acd13cb1d740ef83ee02829e33)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2014-3564.
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f
(From OE-Core rev: 421e21b08a6a32db88aaf46033ca503a99e49b74)
(From OE-Core rev: 7643fe96bbce57995580162b5339674cc4a9c81f)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-support/gpgme/gpgme_1.4.3.bb
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport Arjun Shankar's patch for CVE-2015-1781:
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and
other related functions computed the size of a buffer when passed a
misaligned buffer as input. An attacker able to make an application call
any of these functions with a misaligned buffer could use this flaw to
crash the application or, potentially, execute arbitrary code with the
permissions of the user running the application.
https://sourceware.org/bugzilla/show_bug.cgi?id=18287
(From OE-Core rev: c0f0b6e6ef1edc0a9f9e1ceffb1cdbbef2e409c6)
(From OE-Core rev: 96ff830b79c64d8f35c311b66906b492cbeeeb55)
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Reviewed-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix qemuc CVE issue CVE-2015-3456.
Refs:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3456
http://git.qemu.org/?p=qemu.git;a=commit;h=e907746266721f305d67bc0718795fedee2e824c
(From OE-Core rev: 1d9e6ef173bea8181fabc6abf0dbb53990b15fd8)
(From OE-Core rev: e4c1374330679f84436796a3f6c50b486465a7ed)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-devtools/qemu/qemu_2.1.0.bb
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3310
Buffer overflow in the rc_mksid function in plugins/radius/util.c in
Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is
greater than 65535, allows remote attackers to cause a denial of
service (crash) via a start accounting message to the RADIUS server.
oe-core is using ppp 2.4.7, and this CVE say ppp 2.4.7 was not
effected, but I found this buggy codes are same between 2.4.6 and
2.4.7, and 2.4.7 should have this issue.
(From OE-Core rev: 5b549c6d73e91fdbd0b618a752d618deb1449ef9)
(From OE-Core rev: d2f15f2ec2d9e8ecdb9aa69a413663f3615d7e0c)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
did not include aarch64 patches.
For further details, see:
https://bugreports.qt.io/browse/QTBUG-44547
(From OE-Core rev: 840fccf8ec7691f03deeb167487cde941ebea8bf)
(From OE-Core rev: c050f01d56c1eaf747ebb471b0b726b9cb3794d8)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-qt/qt4/qt4-4.8.6.inc
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Backport two commits from libsndfile upstream to fix a segfault and
two potential buffer overflows.
(From OE-Core rev: e2fdc340c109bd64b1520443b27bd42a0faef0e0)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed:
ERROR: Build of do_populate_lic failed
ERROR: Traceback (most recent call last):
File "bitbake/lib/bb/build.py", line 497, in exec_task
return _exec_task(fn, task, d, quieterr)
File "bitbake/lib/bb/build.py", line 437, in _exec_task
exec_func(func, localdata)
File "bitbake/lib/bb/build.py", line 212, in exec_func
exec_func_python(func, d, runfile, cwd=adir)
File "/home/nxadm/nx/ala-blade44.1/builds-2015-03-09-163005/qemuppc_world_oe_bp/bitbake/lib/bb/build.py", line 237, in exec_func_python
os.chdir(cwd)
OSError: [Errno 2] No such file or directory: 'bitbake_build/tmp/work/ppc7400-wrs-linux/taglib/1.9.1-r0/build'
When running setscene, the cwd is $B which maybe removed by
autotools.bbclass or cmake.bbclass when rebuild.
(From OE-Core rev: 29872741d1d118e32cc04469535fed1b892b92e6)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster@smtp.gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed:
WARNING: QA Issue: perf rdepends on numactl, but it isn't a build dependency? [build-deps]
The numactl is in meta-oe.
(From OE-Core rev: bf7bbcf1f28f83b08b9067b13352af477bf48b37)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Armin Kuster <akuster@smtp.gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
* it's useful for debugging corrupt squashfs images from mksquashfs
(From OE-Core rev: 2811ea0d0f9cc4e9a1d4eed71bbc2d0c77043a40)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster@smtp.gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-3707
CVE-2014-8150
CVE-2015-3153
not affected by: CVE-2014-8151
(From OE-Core rev: cfcda9db45350d03158569c8c01e448cb426de5a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes below listed bugs:
1. CVE-2015-3143
2. CVE-2015-3144
3. CVE-2015-3145
Dropped: 4. CVE-2015-3148
SPNEGO was introduced in 7.39 so this version not affected
(From OE-Core rev: e525ef63ed2b4f3a250caf0748637b7f16b34d90)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes affecting future time stamps
Egypt will not observe DST in 2015 and will consider canceling it
permanently. For now, assume no DST indefinitely.
(Thanks to Ahmed Nazmy and Tim Parenti.)
Changes affecting past time stamps
America/Whitehorse switched from UTC-9 to UTC-8 on 1967-05-28, not
1966-07-01. Also, Yukon's time zone history is documented better.
(Thanks to Brian Inglis and Dennis Ferguson.)
Change affecting past and future time zone abbreviations
The abbreviations for Hawaii-Aleutian standard and daylight times
have been changed from HAST/HADT to HST/HDT, as per US Government
Printing Office style. This affects only America/Adak since 1983,
as America/Honolulu was already using the new style.
(From OE-Core rev: b9f366ab4e0a9cad69b631f402b9afa02d40f667)
(From OE-Core rev: ff1547cccd840068500193d4aec772988a1f2023)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes affecting code
zic has some minor performance improvements.
(From OE-Core rev: 3ab7e247b0662a1791169f16424abec426885f80)
(From OE-Core rev: 0c90fd63e8f4cd7179e836c3f20981913d19be75)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The neard make scripts will place the daemon executable
in /usr/lib/neard/nfc/neard. Change the path accordingly
in init scripts.
Fixes [YOCTO #7390].
(From OE-Core rev: bd277f3a46e7fc764cc55c5354d2136fcfddc3c1)
(From OE-Core rev: d86fd6190b9ffd5012f229f319520615176c27ee)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This upgrade fixes CVE-2015-1793
Removed openssl-fix-link.patch. The linking issue has been fixed in openssl.
(From OE-Core rev: 208d1d72b0d248b12f800e566cb011aec9a1a084)
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
