summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build-appliance-image: Update to thud head revisionyocto-2.6.3thud-20.0.3Richard Purdie2019-08-011-1/+1
| | | | | | (From OE-Core rev: d3d3f443039b03f1200a14bfe99f985592632018) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky.conf: Bump version for 2.6.3 thud releaseRichard Purdie2019-08-011-1/+1
| | | | | | (From meta-yocto rev: 9a1d9fd77e2dd2d324654755633e143ef7730dc5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* expat: fix CVE-2018-20843Anuj Mittal2019-07-292-0/+27
| | | | | | | (From OE-Core rev: aad245ea1c55f8e778ae3420c5c31e94301e7cba) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libcroco: fix CVE-2017-7961Ross Burton2019-07-292-1/+48
| | | | | | | | | (From OE-Core rev: 480f15850820746cecdfe0b8450b2be484c1f8f9) (From OE-Core rev: f5cf064b3c138c8a6591d34f40253e10a6f01a14) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: Fix 3 CVEsOvidiu Panait2019-07-297-0/+702
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. References: https://nvd.nist.gov/vuln/detail/CVE-2019-6116 https://www.openwall.com/lists/oss-security/2019/01/23/5 https://nvd.nist.gov/vuln/detail/CVE-2019-3835 https://nvd.nist.gov/vuln/detail/CVE-2019-3838 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f1309 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e (From OE-Core rev: 12e140dfdac8456772223c816e37bd869419bb18) (From OE-Core rev: cf5d29dcac6247e8476f7af78b4e0bb129b94677) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fix for CVE-2019-6116 is already in thud, so that has been removed] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bzip2: fix CVE-2019-12900Anuj Mittal2019-07-293-0/+117
| | | | | | | | | | | Also include a patch to fix regression caused by it. See: https://gitlab.com/federicomenaquintero/bzip2/issues/24 (From OE-Core rev: 7c0b2d228f51aebb4415e63a07bdd645e85b09d8) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: integrate security fixesRoss Burton2019-07-297-0/+337
| | | | | | | | | | | | | | | | | Fix the following CVEs by backporting patches from upstream: - CVE-2019-1000019 - CVE-2019-1000020 - CVE-2018-1000877 - CVE-2018-1000878 - CVE-2018-1000879 - CVE-2018-1000880 (From OE-Core rev: ea251020304b9c18f31c39de867a47311b1bb46c) (From OE-Core rev: 6cba048de29dfea44e926b00e5ea91359e7cbebd) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: fix CVE-2019-9928Anuj Mittal2019-07-292-0/+34
| | | | | | | (From OE-Core rev: 276567b6a8e4b21dc978b352b5c715d6381867b1) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsdl: CVE fixesAnuj Mittal2019-07-2910-0/+832
| | | | | | | | | | | Fixes CVE-2019-7572, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7637, CVE-2019-7638. (From OE-Core rev: 2cfcb3b0fce7e1156eb52260df4330c95d87dc17) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* OpkgPM: use --add-ignore-recommends to process BAD_RECOMMENDATIONSAlejandro del Castillo2019-07-292-41/+2
| | | | | | | | | | | | | | | | | | Currently, BAD_RECOMMENDATIONS on the opkg backed relies on editing the opkg status file (it sets BAD_RECOMMENDATIONS pkg want state to deinstalled and pinned). This is brittle, and not consistent across the different solver backends. Use new --add-ignore-recommends flag instead. (From OE-Core rev: 0d11e813ba9b4e8de9e6e5099ff85f5d914243bc) (From OE-Core rev: bfb0acb6bc6bc11e4aa2c9527916359e1a763e85) (From OE-Core rev: 13ba66338d16cc07cb0129de932f090d0edb7760) Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg: add --ignore-recommends flagAlejandro del Castillo2019-07-292-0/+261
| | | | | | | | | | | | | | | | | To be used for BAD_RECOMMENDATIONS feature. (From OE-Core rev: 788d97b4f8e4452cef1ba6bb3e565e1b52dbb7de) (From OE-Core rev: 85007cdb260bc77ac4ae5f914b0e3a4408606dfd) (From OE-Core rev: c60f9c47380bb53bd2b54373b72f86006edf326e) Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Backport from opkg_0.4.0.bb] Signed-off-by: Quentin Schulz <quentin.schulz@streamunlimited.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* scripts: Remove deprecated imp module usageRichard Purdie2019-07-292-11/+8
| | | | | | | | | The imp module is deprecated, port the code over to use importlib as recently done for bb.utils as well. (From OE-Core rev: f3ba6cee5927c7475c3dc47658fa0548aec52115) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uboot-sign.bbclass: Remove tab indentations in python codeRobert Yang2019-07-271-10/+10
| | | | | | | | | | | Use 4 spaces to replace a tab. (From OE-Core rev: 2bf6098ac1cbbf7ed28522b7f7dce84c8341ce00) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glib: Security fix for CVE-2019-9633Armin Kuster2019-07-273-0/+549
| | | | | | | | | | | | | | | | | | Source: gnome.org MR: 98802 Type: Security Fix Disposition: Backport from https://gitlab.gnome.org/GNOME/glib/commit/d553d92d6e9f53cbe5a34166fcb919ba652c6a8e ChangeID: b73c332f27f47ddc1b1cfd7424f24778acc0c318 Description: includes supporting patch. Fixes CVE-2019-9633 (From OE-Core rev: 3ebf0fc043b6c9b6c2381dab893b54ebcb8ac13d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fixes CVE-2018-20815 CVE-2019-9824Armin Kuster2019-07-274-0/+144
| | | | | | | | | | | | | | | | | Source: qemu.org MR: 98623 Type: Security Fix Disposition: Backport from qemu.org ChangeID: 03b3f28e5860ef1cb9f58dce89f252bd7ed59f37 Description: Fixes both CVE-2018-20815 and CVE-2019-9824 (From OE-Core rev: 5c45cd09fb29d4a1ebda6153a25f16e312049c44) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: backport CVE fixesRoss Burton2019-07-273-0/+282
| | | | | | | | | | | | | Backport the fixes for several CVEs from the 2.28 stable branch: - CVE-2016-10739 - CVE-2018-19591 (From OE-Core rev: 950a60c0e4183037a807031ddc9167b1a81a5348) Signed-off-by: Ross Burton <ross.burton@intel.com> [Dropped CVE-2019-9169 as its in my contrib already] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lighttpd: fix CVE-2019-11072Ross Burton2019-07-272-0/+52
| | | | | | | | (From OE-Core rev: 0dbd16a40a28bb75962f38c6ce450c909c22ee79) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uninative: Update to 2.6 releaseRichard Purdie2019-07-271-4/+4
| | | | | | | | | | | | | | | The 2.6 release contains both libcrypt.so.1 and libcrypt.so.2 which fixes compatibility with recent fedora/suse releases. The difference is one is built with obsolete APIs enabled and one disabled. We now ship both in uninative for compatibility regardless of which distro a binary is built on. (From OE-Core rev: 352ab80333096df92ef0f4cd331baea98e71aa21) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uninative: Switch from bz2 to xzRichard Purdie2019-07-271-2/+2
| | | | | | | | | | (From OE-Core rev: 29fc9210b973be68de474e75068e4c72371afe5a) (From OE-Core rev: 16785ebdc50f38ef4bc30d477a6833bdd4b541d1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-uninative: Update to 2.5 releaseRichard Purdie2019-07-271-4/+4
| | | | | | | | | | | | This includes libstdc++ changes from gcc 9.X. It also switches uninative from bz2 to xz compression. (From OE-Core rev: 0497623882da714cbe098a4281982b7f9ce6030f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix for CVE-2019-12155Armin Kuster2019-07-272-0/+39
| | | | | | | | | | | | | | | | Source: qemu.org MR: 98382 Type: Security Fix Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 ChangeID: e4e5983ec1fa489eb8a0db08d1afa0606e59dde3 Description: Fixes CVE-2019-12155 Affects: <= 4.0.0 (From OE-Core rev: 6045c57895cad301c5e3a94de740427343a08065) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Curl: Securiyt fix CVE-2019-5435 CVE-2019-5436Armin Kuster2019-07-273-0/+234
| | | | | | | | | | | | | | | | Source: CUrl.org MR: 98455 Type: Security Fix Disposition: Backport from https://curl.haxx.se/ ChangeID: 86b094a440ea473b114764e8d64df8142d561609 Description: Fixes CVE-2019-5435 CVE-2019-5436 (From OE-Core rev: 9d5a7dd654a17b67f5cd8a73145e5f5299bfebcc) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wget: Security fix for CVE-2019-5953Armin Kuster2019-07-272-0/+52
| | | | | | | | | | | | | | | | Source: http://git.savannah.gnu.org/cgit/wget.git MR: 89341 Type: Security Fix Disposition: Backport from http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c ChangeID: 1c19a2fd7ead88cc4ee92d425179d60d4635864b Description: Fixes CVE-2019-5953 Affects: < 1.20.1 (From OE-Core rev: c897b862c6cfaa341cc6155b2c9d98ea7ad02884) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glib-2.0: Security fix for CVE-2019-12450Armin Kuster2019-07-272-0/+60
| | | | | | | | | | | | | | Source: glib-2.0 MR: 98443 Type: Security Fix Disposition: Backport from https://gitlab.gnome.org/GNOME/glib/commit/d8f8f4d637ce43f8699ba94c9b7648beda0ca174 ChangeID: 880b9b349cb8d82c7c1314a3657ec9094baba741 Description: (From OE-Core rev: 71bfb9dfdc806e0e95f1302d0d6c3c751f03bb4b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Tar: Security fix CVE-2019-0023Armin Kuster2019-07-272-0/+39
| | | | | | | | | | | | | | | | | | | Source: tar.git MR: 97928 Type: Security Fix Disposition: Backport from http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120 ChangeID: 7aee4c0daf8ce813242fe7b872583560a32bc4e3 Description: Affects tar < 1.32 fixes CVE-2019-9923 (From OE-Core rev: fc77edc8245ab90eee1f1e857f470b6842dc256f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix for CVE-2018-19489Armin Kuster2019-07-272-0/+84
| | | | | | | | | | | | | | | | | | | | | | Source: Qemu.org MR: 97453 Type: Security Fix Disposition: Backport from git.qemu.org/gemu.git ChangeID: a06fcb432d447cec2ed1caf112822dd1b4831ace Description: In the spirt of YP Compatible, sending change upstream. fixes CVE CVE-2018-19489 Affect < = 4.0.0 (From OE-Core rev: 249447828cd1ed13f9faf19793208b503acf0d30) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa_supplicant: Changed systemd template unitsJoshua DeWeese2019-07-272-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | I goofed up the scissor line on the last attempt. Not sure how much it matters, but here it is correct this time. Here it is, updated to work with wpa-supplicant_2.6.bb. -- >8 -- https://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy= When building root filesystems with any of the wpa_supplicant systemd template service files enabled (current default is to have them disabled) the systemd-native-fake script would not process the line: Alias=multi-user.target.wants/wpa_supplicant@%i.service appropriately due the the use of "%i." According to the systemd documentation "WantedBy=foo.service in a service bar.service is mostly equivalent to Alias=foo.service.wants/bar.service in the same file." However, this is not really the intended purpose of install Aliases. All lines of the form: Alias=multi-user.target.wants/*%i.service Were replaced with the following lines: WantedBy=multi-user.target (From OE-Core rev: d05e98cdccbe36be8906c31249adeb0f0bc13ac5) Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: update to minor update 1.11.10Armin Kuster2019-07-271-3/+3
| | | | | | | | | | | | | | | | | | | | | | | Source: golang.org MR: 97548, Type: Security Fix Disposition: Backport from https://github.com/golang/go/issues?q=milestone%3AGo1.11.5 ChangeID: 54377c454f038a41bf35dd447a784e3e66db6268 Description: Bug fix updates only https://golang.org/doc/devel/release.html#go1.11 Fixes: Affects <= 1.11.6 CVE-2019-6486 CVE-2019-9741 (From OE-Core rev: 4e40da53851c550f1a38eff5737d4b69c8cd0afb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: Upgrade 1.11.1 -> 1.11.4 minor releaseKhem Raj2019-07-273-15/+11
| | | | | | | | | | | | | | | | | | | | | | | | | Source: OpenEmbedded.org MR: 98328, 98329, 98330 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/go?h=warrior&id=b964551a0d08aa921d4e0ceea2f1e28a5e83510e ChangeID: 0b4cc69c357ba14c4e7a6c7ff926cfc6f09489b2 Description: include: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Changes: https://golang.org/doc/devel/release.html#go1.11 (From OE-Core rev: 69964488112899371b7fd88b6e86e533d968b457) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix only update] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go-crosssdk: PN should use SDK_SYS, not TARGET_ARCHRichard Purdie2019-07-271-1/+1
| | | | | | | | | | | | | | The crosssdk dependencies are handled using the virtual/ namespace so this name doesn't matter in the general sense. We want to be able to provide recipe maintainer information through overrides though, so this standardises it with the behaviour from gcc-crosssdk and ensures the maintainer overrides work. (From OE-Core rev: 025cd45d4129266d34a919573c02a8504f092c1b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go-target.inc: fix go not found while multilib enabledHongxu Jia2019-07-271-1/+1
| | | | | | | | | | | | | | | Go binaries were installed to ${libdir}/go/bin, and create symlink in ${bindir}, while enabling multilib, libdir was extended (such as /usr/lib64), but BASELIB was not (still /lib), so use baselib (such as /lib64)) to replace (From OE-Core rev: fca74928bf2002daf526ad8c1446c8d9ba891a78) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cairo: fix CVE-2018-19876 CVE-2019-6461 CVE-2019-6462Ross Burton2019-07-273-0/+41
| | | | | | | | | | | | | | | | | | | | | | | | | Source: OpenEmbedded.org MR: 97538, 97543 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-graphics/cairo?h=warrior&id=078e4d5c2114d942806cd0d5ad501805a011e841 ChangeID: fa8bdd44ad8613bb0679a1f6d9d670c3b47a0677 Description: CVE-2018-19876 is a backport from upstream. CVE-2019-6461 and CVE-2019-6462 are patches taken from Clear Linux. (From OE-Core rev: 8b5e68afc9767d8b6b966503e9353cadafae9bfb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Dropped CVE-2018-19876, not affected] Issue was introduced in 1.15.8 by: commit 721b7ea0a785afaa04b6da63f970c3c57666fdfe Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cups: upgrade to 2.2.10Chen Qi2019-07-272-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: OpenEmbedded.org MR: 97351 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-extended/cups?h=warrior&id=fbe7a0c9bab7c9be7fd2c0da8b2af61e66de1ebd ChangeID: fbe7a0c9bab7c9be7fd2c0da8b2af61e66de1ebd Description: (From OE-Core rev: 85541b9ae8cff770e2c20a9132c0867a25d190c2) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> CUPS 2.2.10 is a bug fix release that addresses issues in the scheduler, IPP Everywhere support, CUPS library, and USB printer support. Changes include: CVE-2018-4300: Linux session cookies used a predictable random number seed. The lpoptions command now works with IPP Everywhere printers that have not yet been added as local queues (Issue #5045) Added USB quirk rules (Issue #5395, Issue #5443) The generated PPD files for IPP Everywhere printers did not contain the cupsManualCopies keyword (Issue #5433) Kerberos credentials might be truncated (Issue #5435) The handling of MaxJobTime 0 did not match the documentation (Issue #5438) Incorporated the page accounting changes from CUPS 2.3 (Issue #5439) Fixed a bug adding a queue with the -E option (Issue #5440) Fixed a crash bug when mapping PPD duplex options to IPP attributes (rdar://46183976) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cups: upgrade to 2.2.9Chen Qi2019-07-273-20/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: OpenEmbedded.org MR: 97351 Type: Integration Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-extended/cups?h=warrior&id=ee57d79aec06e9b160cf2713636cda650ba68d5a ChangeID: ee57d79aec06e9b160cf2713636cda650ba68d5a Description: The following patch is rebased. 0001-don-t-try-to-run-generated-binaries.patch (From OE-Core rev: 3c76b6660fc21a987e960dedb2631dcd27b87d07) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> CUPS 2.2.9 is a bug fix release that addresses issues in the scheduler, IPP Everywhere support, CUPS library, and USB printer support. Changes include: Localization changes (Issue #5348, Issue #5362, Issue #5408) Documentation updates (Issue #5369) The lpadmin command would create a non-working printer in some error cases (Issue #5305) The scheduler would crash if an empty AccessLog directive was specified (Issue #5309) Fixed a regression in the changes to ippValidateAttribute (Issue #5322, Issue #5330) Fixed a crash bug in the Epson dot matrix driver (Issue #5323) Automatic debug logging of job errors did not work with systemd (Issue #5337) The web interface did not list the IPP Everywhere "driver" (Issue #5338) The IPP Everywhere "driver" now properly supports face-up printers (Issue #5345) Fixed some typos in the label printer drivers (Issue #5350) Multi-file jobs could get stuck if the backend failed (Issue #5359, Issue #5413) The IPP Everywhere "driver" no longer does local filtering when printing to a shared CUPS printer (Issue #5361) The lpadmin command now correctly reports IPP errors when configuring an IPP Everywhere printer (Issue #5370) Fixed some memory leaks discovered by Coverity (Issue #5375) The PPD compiler incorrectly terminated JCL options (Issue #5379) The cupstestppd utility did not generate errors for missing/mismatched CloseUI/JCLCloseUI keywords (Issue #5381) The scheduler now reports the actual location of the log file (Issue #5398) Added a USB quirk rule (Issue #5420) The scheduler was being backgrounded on macOS, causing applications to spin (rdar://40436080) The scheduler did not validate that required initial request attributes were in the operation group (rdar://41098178) Authentication in the web interface did not work on macOS (rdar://41444473) Fixed an issue with HTTP Digest authentication (rdar://41709086) The scheduler could crash when job history was purged (rdar://42198057) Dropped non-working RSS subscriptions UI from web interface templates. Fixed a memory leak for some IPP (extension) syntaxes. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* file: Multiple Secruity fixesArmin Kuster2019-07-274-0/+180
| | | | | | | | | | | | | | | | | | | | | | | | | Source: https://github.com/file MR: 97573, 97578, 97583, 97588 Type: Security Fix Disposition: Backport from https://github.com/file/file ChangeID: 159e532d518623f19ba777c8edc24d2dc7e3a4e9 Description: CVE-2019-8905 is the same fix as CVE-2019-8907 Affects < 5.36.0 Fixes: CVE-2019-8904 CVE-2019-8906 CVE-2019-8906 CVE-2019-8907 (From OE-Core rev: 3d7375eb2e459b891b4ba16c1fc486afbfecef2c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: Security fixes for CVE-2018-20505 & 20506Armin Kuster2019-07-273-0/+136
| | | | | | | | | | | | | | | | | | | | Source: sqlite.org MR: 97484, 97490 Type: Security Fix Disposition: Backport from sqilte.org ChangeID: c6105b5d3ce4fb2c0f38c3cab745b769d2df38f5 Description: Affects < 3.26.0 fixes: CVE-2018-20505 CVE-2018-20506 (From OE-Core rev: e2f9efdc93068bce00b07021aa447f0b8786f69d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: Security fixes for CVE-2018-20679 CVE-2019-5747Armin Kuster2019-07-273-0/+204
| | | | | | | | | | | | | | | | | | | | Source: busybox.git MR: 97332 Type: Security Fix Disposition: Backport from busybox.git ChangeID: ec203c79e7322de1ed5721d08b6f59b1eca67c7d Description: Affects < 1.30.0 Fixes: CVE-2018-20679 CVE-2019-5747 (From OE-Core rev: 7db146abad6d2bbb7d7a549e7091412e0e494db2) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: add a fix for CVE-2019-9948 and CVE-2019-9636Martin Jansa2019-07-275-0/+253
| | | | | | | | | | | | | | | | | | | | | | | | | Source: OpenEmbedded.org MR: 98320, 98319 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/python/python_2.7.16.bb?id=9d23b982fa4e0290761b3d15f6959779fed72ad6 ChangeID: e79b6fe3b7b4253bf0d76b029070ae869d5234bd Description: Fixes: CVE-2019-9948 CVE-2019-9636 CVE-2019-9940 is a dup of 9948 per python.org CVE-2019-9947 appears to be a dup of 9940 per https://bugs.python.org/issue30458#msg295067 (From OE-Core rev: e7bdff05da6075efc21c5ac9492b06e481e5a239) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Minor clean up for thud] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: Update to 2.7.16Armin Kuster2019-07-2710-462/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Source: Python.org MR: 98220 Type: Security Fix & Integration Disposition: Backport from python.org ChangeID: 96fdd2dee9fe9317eb72584583ae0100c0be9eaa Description: Bug fix update per Python.org https://www.python.org/downloads/release/python-2716/ drop backported patch License-update: copyright years Helps prepare Thud for 2.7 EOL support moving forward. Update includes: CVE-CVE-2019-5010 https://github.com/python/cpython/commit/06b15424b0dcacb1c551b2a36e739fffa8d0c595 (From OE-Core rev: 592e7de7f5208940fbcfcad3371f93f8ce2ca738) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Several CVE fixesArmin Kuster2019-07-276-0/+395
| | | | | | | | | | | | | | | | | | | | | | | Source: qemu.org MR: 97258, 97342, 97438, 97443 Type: Security Fix Disposition: Backport from git.qemu.org/qemu.git ChangeID: a5e9fd03ca5bebc880dcc3c4567e10a9ae47dba5 Description: These issues affect qemu < 3.1.0 Fixes: CVE-2018-16867 CVE-2018-16872 CVE-2018-18849 CVE-2018-19364 (From OE-Core rev: e3dfe53a334cd952cc2194fd3baad6d082659b7e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* elfutils: Security fixes CVE-2019-7146,7149,7150Armin Kuster2019-07-275-0/+320
| | | | | | | | | | | | | | | | | | | | | Source: http://sourceware.org/git/elfutils.git MR: 97563, 97568, 97558 Type: Security Fix Disposition: Backport from http://sourceware.org/git/elfutils.git ChangeID: 6183c2a25d5e32eec1846a428dd165e1de659f24 Description: Affects <= 0.175 Fixes: CVE-2019-7146 CVE-2019-7149 CVE-2019-7150 (From OE-Core rev: ac5dca7dc68519b36aa976dfd25d8efa76af74ec) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Security fix CVE-2019-9169Armin Kuster2019-07-272-0/+64
| | | | | | | (From OE-Core rev: 3103f407ff0c579c7e5887fd925d52d5c92c83f9) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: Fixed typo for BBMULTICONFIG variable.Scott Rifenbark2019-07-181-1/+1
| | | | | | | | | | There was a typo in the BBMULTICONFIG variable description. It appeared as "BBMULTIFONFIG". I fixed it. (From yocto-docs rev: 2ef4ab6d93ccb6208169db9757f9ca2c2551a6d2) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bsp-guide: Fixed build error.Scott Rifenbark2019-07-181-1/+1
| | | | | | | | | I accidently submitted this with a build error. (From yocto-docs rev: 44b659aa7fa1dca96cb38cd272ea96e20b94aadb) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bsp-guide: Minor edits to Configuring Kernel section.Scott Rifenbark2019-07-181-3/+4
| | | | | | | (From yocto-docs rev: de86d2725fc70e5805727ad1eca1a4cebd14228d) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bsp.xml: Updated some output examples and the BSP structureScott Rifenbark2019-07-181-169/+19
| | | | | | | | | | | | | I ran fresh commands for several output examples where repositories are cloned. I also dumped the really detailed listing of the Raspberry Pi BSP. Rather, I provided a link to the layer itself and sent the reader there to do their own exploring. (From yocto-docs rev: d6976296f237420cae7c9f157a4e3a868b0ac588) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* brief-yoctoprojectqs: Updated examples.Scott Rifenbark2019-07-181-15/+16
| | | | | | | | | | I ran the examples against the latest poky repo to get updated example output. (From yocto-docs rev: c2b272f10b731e744f0ecddab6ad37dc13579dcf) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Documentation: Prepare for 2.6.3 release.Scott Rifenbark2019-07-1810-39/+79
| | | | | | | | | | | poky.ent - updated variables mega-manual.sed - updated release string <manual>.xml - updated manual revision history tables (From yocto-docs rev: 6fd8afecc73b6734f9beb02e7ae3cea4d1148177) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: gitsm: Add need_update method to determine when we are going to a ↵Mark Hatle2019-06-182-0/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | new SRCREV If the system had previously fetched a source repository for use by gitsm, and then the SRCREV was updated and the new commit already existed, the system would not re-evaluate the submodules and update them accordingly. The cause of this issue was that need_update was being used, unmodified, from the base git fetcher. It did not have any knowledge, nor did it care if we were moving commits and needed to re-evaluate what was happening due to this switch. To fix the issue, during the download process we add all processed (by gitsm) srcrevs to the git config file, as bitbake.srcrev. This allows us to use a new need_update function that not only checks if the git commit is present, but if we have previously processed this commit to ensure all of the submodule components are also present. This approach is used, instead of iterating over the submodules in need_update to avoid a potential race condition that has affected us in the past. The need_update is called only with the parent locking. Any time we need to dive into the submodules, we need to lock, and unlock them, at each stage. This opens the possibility of errors in either the code, or unintended race conditions with rm_work. This issue was discovered by William A. Kennington III <wak@google.com>. The included test case was also written by him, and included unmodified. (Bitbake rev: 4ce92f43eeac6a4bfd06e8567fa6891614b5b3b0) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: gitsm: Fix a bug where the wrong path was used for the submodule initMark Hatle2019-06-182-5/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Because we are trying to avoid network activity and use our own fetcher, the system emulates the behavior of 'git submodule init'. git submodule init uses the .gitmodules file, where typically the module name and path are the same. However, in this case the module name and path (in the tree) were different. i.e.: [submodule "edgelet/hsm-sys/azure-iot-hsm-c/deps/azure-c-shared-utility"] path = edgelet/hsm-sys/azure-iot-hsm-c/deps/c-shared url = https://github.com/Azure/azure-c-shared-utility.git Previously the code assumed the 'path' was both the checkout location under .git/modules, as well as the path to extract the components. This proved to be incorrect as the .git/modules path needs to match the submodule 'name'. This causes the components that were fetched to be initialized in the wrong location, which later caused the 'git submodule update' process to skip not properly initialized modules. A test case was added for this specific case to ensure a regression does not appear in the future. (Bitbake rev: ffd7ed530a17d22df576d986ac78428a6979e79c) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>