| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ownership needs to be explicitly set otherwise it inherits the user
and group id of the build user.
(From OE-Core rev: 0752c79282b1cc9699743e719518e6c341d50a3a)
(From OE-Core rev: e64cee7ccf9dedbadc3a63e4ed3eb15172ef4403)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Conflicts:
meta/recipes-core/systemd/systemd_219.bb
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
The includes two CVE fixes:
CVE-2012-3406
CVE-2014-7817
(From OE-Core rev: fed4d140da67fc51d54b02df83882177f6ddab10)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes input sanitization errors.
References
http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
http://www.ocert.org/advisories/ocert-2015-002.html
(From OE-Core rev: f3e5b052689b2eba30e26903e964791f92241e65)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
directory traversal in read_long_names()
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447
Upstream commit with the analysis:
https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
(From OE-Core rev: 6e7badf6819f372bd6dced191c7fda9748062126)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Memory corruption flaw in parse_datetime()
Reference
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471
(From OE-Core rev: 0b13fbf3f9b4419141445b381ffa9445af6e52ab)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2015-0973 (duplicate of CVE-2014-9495), a heap-based overflow
vulnerability in the png_combine_row() function of the libpng library,
when very large interlaced images were used.
Upstream patch:
http://sourceforge.net/p/libpng/code/ci/dc294204b641373bc6eb603075a8b98f51a75dd8/
External Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973
http://seclists.org/oss-sec/2014/q4/1133
(From OE-Core rev: 10c8aeebca301ffd853e75df3f9c1d16d0352d76)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes an out of bounds memory access flaw
in Qemu's IDE device model
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894
(From OE-Core rev: 5f7cdf1e1212af5e3dcf36c8817c63cc853b1a91)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Using May of 2015 now.
(From yocto-docs rev: b5ade15ae89769e6e9a082e48d635a09ecdcc116)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.
PoC:
(From OE-Core rev: 2590eb53a6dac90cba52edd09ea56a6bdf4c4533)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
shouldn't
Add some very basic safeguard against recursively deleting paths such
as / and /home in the event of bugs or user mistakes.
Addresses [YOCTO #7620].
(Bitbake master rev: 56cddeb9e1e4d249f84ccd6ef65db245636e38ea)
(Bitbake rev: aa56ab0593b36abb4d7d2303ab19eb80d9cee93d)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the subpath parameter to the git fetcher ends with a trailing '/',
bb.utils.prunedir() will be called on '/'...
Fixes [YOCTO #7620].
(Bitbake master rev: 380a3fb372c8b0a53dd7528562e6e7a222dc76ef)
(Bitbake rev: fad3ea40ebaf2cdcb981fb38bd755015e50fc9a5)
Signed-off-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
x32 builds where broken due to patch rebase not having been done correctly for
this patch
(From OE-Core rev: a2966949e68bbdce8d0a0fd5946d078b84ae63e9)
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Running bitbake inside make results in the exported environment variable
MAKEOVERRIDES="${-*-command-variables-*-}", which the shell chokes on
when trying to expand it. But of course, it probably shouldn't have been
trying to expand it in the first place -- so just escape the dollar
sign.
(Bitbake rev: 18cd0ce6a55c9065c3f1bf223b47d817b5efcd8f)
(Bitbake rev: 012fb876c1cf0b3aeee3c8c168af0a8947518246)
Signed-off-by: Richard Tollerton <rich.tollerton@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
A cut-and-paste error had left a "package_deb" string in the
first sentence of the section. Replaced with "package_rpm."
Reported-by: Geoffroy VanCutsem <geoffroy.vancutsem@intel.com>
(From yocto-docs rev: 1197367b394d4d2267ed1ce4fefdd55b9efae621)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
This reverts commit ece58a88ef905e42de4b8b690106b553ccaa9f30.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
If we touch both files, we can end up in a situation where magic.h should be
rebuilt and isn't. The easiest fix is not to touch the generated files which
ensures the timestamps are such that it is always rebuilt.
(From OE-Core rev: ece58a88ef905e42de4b8b690106b553ccaa9f30)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security update, some patches modified to apply correctly mostly due to
upstream changing indentation/styling
* configure-targets.patch updated
* fix-cipher-des-ede3-cfb1.patch updated
* openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated
* openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no
merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream
(From OE-Core rev: 248dec5e550cfcaaaa479a5bff9b79ba5cd0765d)
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to commit 4569d74 for create_wrapper function, this commit fixes
hardcoded absolute build paths in create_cmdline_wrapper.
Otherwise we end up with incorrect paths in users of this function. For
example the 'file' wrapper in current released toolchain:
exec -a
/home/pokybuild/yocto-autobuilder/yocto-worker/nightly-fsl-arm/build/build/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-file/5.18-r0/image//opt/poky/1.7.1/sysroots/x86_64-pokysdk-linux/usr/bin/file
`dirname $realpath`/file.real --magic-file
/opt/poky/1.7.1/sysroots/x86_64-pokysdk-linux/usr/share/misc/magic.mgc
"$@"
(From OE-Core rev: 49ab89eb9f83388e99069a4b53bdc4cba22bb6f3)
(From OE-Core rev: 8503dee5a42fc0dc6dc6c79ce316aba1c91da6d1)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
For further details, see:
https://bugreports.qt.io/browse/QTBUG-44547
(From OE-Core rev: 4c61140ae04b3957bec12b18863d8ff39b81b396)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-8484
CVE-2014-8485
CVE-2014-8501
CVE-2014-8502
CVE-2014-8503
CVE-2014-8504
CVE-2014-8737
and one supporting patch.
[Yocto # 7084]
(From OE-Core rev: 859fb4d9ec6974be9ce755e4ffefd9b199f3604c)
(From OE-Core rev: d2b2d8c9ce3ef16ab053bd19a5705b01402b76ba)
(From OE-Core rev: 2343cdb81ddef875dc3d52b07565b4ce9b3a14a4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updated the following:
* poky.ent - bumped the variables for 1.6.3
* <manuals>.xml - updated the manual revision tables for
June of 2015.
* mega-manual.sed - Rolled the 1.6.2 string to 1.6.3 so links
in mega-manual will work locally.
(From yocto-docs rev: b3048611d268d129e9e1244d8dab6203519aa361)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
regex
Sometimes you do not want certain packages to be installed when
installing complementary packages, e.g. when using dev-pkgs in
IMAGE_FEATURES you may not want to install all packages from a
particular multilib. This introduces a new PACKAGE_EXCLUDE_COMPLEMENTARY
variable to allow specifying regexes to match packages to exclude.
(From OE-Core master rev: d4fe8f639d87d5ff35e50d07d41d0c1e9f12c4e3)
(From OE-Core rev: 5e92eb11cdf1dd06a3e2ca015f1aebaace321acd)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes [YOCTO #6912]
The example used to make sure builders use the same sstate
signatures regardless if they use icecc or not was incorrect.
I updated the INHERIT_DISTRO line of the example to use the
append part in the name so it appends the icecc as suggested
by the bug submitter.
Reported-by: Peter Bergin <petan679@gmail.com>
(From yocto-docs rev: 772e95e201c21b8488962e7a31b7cc02f9186882)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the 1.76.1 version in all the customization layers so
the manual revision tables will build with boxes.
(From yocto-docs rev: a5ff3f41ed0eb0157983affdd0238d88d545295b)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Conflicts:
documentation/adt-manual/adt-manual-customization.xsl
documentation/bsp-guide/bsp-guide-customization.xsl
documentation/dev-manual/dev-manual-customization.xsl
documentation/mega-manual/mega-manual-customization.xsl
documentation/ref-manual/ref-manual-customization.xsl
documentation/yocto-project-qs/yocto-project-qs-customization.xsl
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without 'branch' in the SRC_URI, a SRCREV specified for a non-master
KBRANCH will result in a fetch failure since the branch tested by the
fetcher will default to master, which doesn't contain the SRCREV.
This fixes the problem by adding branch=KBRANCH to the SRC_URI.
Fixes [Yocto #6518].
(From meta-yocto rev: 8aeb8715690ea5aa4a36fbe6403d46f53e0f99a5)
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The newer btrfs-utils needs an empty file to build the filesystem in, so
create an empty file and use it for the mkfs to build the fs in.
[YOCTO #6804]
(From OE-Core rev: afc44fad44261677c799558ffd35f4908556bce0)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[From upstream commit: 603a0e2637b35a2da820bc807f69bcf09c682dce]
[YOCTO #7098]
External References:
===================
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500
(From OE-Core rev: 7225d6e0c82f264057de40c04b31655f2b0e0c96)
(From OE-Core rev: 97fcb0bb1f0bead8190b0c8f2435e551c2e2efe0)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-9620:
Limit the number of ELF notes processed - DoS
CVE-2014-9621:
Limit string printing to 100 chars - DoS
The patch comes from:
https://github.com/file/file/commit/6ce24f35cd4a43c4bdd249e8e0c4952c1f8eac67
https://github.com/file/file/commit/0056ec32255de1de973574b0300161a1568767d6
https://github.com/file/file/commit/09e41625c999a2e5b51e1092f0ef2432a99b5c33
https://github.com/file/file/commit/af444af0738468393f40f9d2261b1ea10fc4b2ba
https://github.com/file/file/commit/68bd8433c7e11a8dbe100deefdfac69138ee7cd9
https://github.com/file/file/commit/dddd3cdb95210a765dd90f7d722cb8b5534daee7
https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f
https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
[YOCTO #7178]
(From OE-Core rev: ee78555fe54e98c6296566b5e701ef268d77db61)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
[sgw - Fixed magic.h.in to match magic.h]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* until now all recipes were respecting VIRTUAL-RUNTIME_initscripts
variable but commit bba835fed88c3bd5bb5bd58962034aef57c408d8
hardcoded "initscripts" runtime dependency
(From OE-Core rev: 1cda75706d63c988a0fa9945bd320b71c8e8488a)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566
Building python without SSLv3 support when openssl is built without
any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in
the openssl recipes).
Backport from:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22
[python2.7-nossl3.patch] only Modules/_ssl.c is backported.
References:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015
https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843
http://bugs.python.org/issue22638
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
(From OE-Core rev: 926904f65db33aa7a6a54bd6cdc9c8b34f000b0d)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 85029adf4f2dbf2d100f1d1b41c7a7323afc008b)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using the export LD in the recipe does not allow for secodnary toolchain
overriding LD later, by setting it in the do_configure_append the export
is used by autotools setting LD based on the env, but would allow for
override later.
[YOCTO #6997]
(From OE-Core rev: 9b37e630f5f6e37e928f825c4f67481cf58c98a1)
(From OE-Core rev: b38f33c96b31c807306dd8b2d7b25cf8fad21026)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssh/openssh_6.5p1.bb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
resolvconf was missing a script and needed readlink which was in
/usr/bin. Also the /etc/resolv.conf was not being correctly linked
to /etc/resolvconf/run/resolv.conf, which is fixed by the volaties
change which is now a file as opposed to created in do_install.
Ensure that the correct scripts for ifup/ifdown get installed and that
resolvconf is correctly enabled at startup
[YOCTO #5361]
(From OE-Core rev: 853e8d2c7aff6dddc1d555af22f54c4ecef13df1)
(From OE-Core rev: cb3c7cfe00e96580db5aedc7f7c0970378ab3c6e)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/resolvconf/resolvconf_1.74.bb
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Obtain detain from following URL.
http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
(From OE-Core rev: 732fc8de55a9c7987608162879959c03423de907)
(From OE-Core rev: 6f238c8293c3578eead15bf9f9ab5fdf95d1e9a5)
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Obtain detain from following URL.
http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html
http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d
(From OE-Core rev: 9a32da05f5a9bc62c592fd2d6057dc052e363261)
(From OE-Core rev: 674e1b4d44c7b108a843d486178182b943607a55)
Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the meta SRCREV for the following fix:
[
The default watchdog behaviour is to stop the timer if the process
managing it closes the file /dev/watchdog. The system would not reboot
if watchdog daemon crashes due to a bug in it or get killed by other
malicious code. So we prefer to enable nowayout option for the
watchdong. With this enabled, there is no way of disabling the watchdog
once it has been started. This option is also enabled in the predecessor
of this BSP (beagleboard)
]
[YOCTO: 3937]
(From OE-Core rev: 7006412c285a4a6c75d5349f60dc71b0b735ff90)
(From OE-Core rev: f34de2175f1d6a443f219b8ceaaf796cfbc6efd5)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating the the latest 3.14-rt release.
(From OE-Core rev: ca1d952c964ce25bf78d47c7a856105d59d72cac)
(From OE-Core rev: 3211df158743f1b3d24421336c6bfbc2087b689a)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the 3.14 recipes to the latest korg -stable release.
(From OE-Core rev: 5c0088767a59c63d2197b54450a54578fa10fa07)
(From OE-Core rev: 9a63b30c4ab41dee1c4c5a0d2a4053d29902db3c)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating to the korg 3.14.2 -stable release.
(From OE-Core rev: 34afc38d86d169f0c0c5f2427f644b0dcc3bf9a1)
(From OE-Core rev: 992d94d886abc9a971cfb8a8ba7f7b189c40cf6d)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport commit 69a3ab3 to 'daisy' which uses a different version of
file package.
Author of the original patch: Hongxu Jia <hongxu.jia@windriver.com>
(From OE-Core rev: 4bd4da1e1433ae64720f59d48188ecd1960dac28)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes [YOCTO #5482]
I did some significant re-writing and re-organization of this
section. It now includes a bit about securing an image in general,
provides general considerations, considerations specific to the
OpenEmbedded build system, pointers to some tools in meta-security
layer, and some other items.
I added some key references to the section on considerations
specific to the OpenEmbedded build system. In particular, I
provided some cross-linking back to the extrausers.bbclass
section to reference an example of adding a user account. I
also split out the topics of adding an extra user and setting
a password on the image in the bulleted list.
Updated the setting root and extra user's passwords. Also,
permanently removed the reference to the wiki that showed the
less optimal way of setting a root password.
Added a cross-reference to the meta-selinux layer in the section
that describes how to make images more secure.
(From yocto-docs rev: 812bf8e2c91c4dd14a2245509ea7008a24e90835)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The LTTng Documentation website has been updated to actually
have extensive documentation now. Previously, in the profile-manual,
we were stating that documentation did not exist, which was true
at the time of writing. I updated the section to link to the
main LTTng documentation website and altered some other text in
the section appropriately.
Additionally, I found and corrected a couple spelling errors in
this chapter.
(From yocto-docs rev: d40ea4d8cfcbc225025d73288cd01336e0d41afc)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 1c7a2d764c9a5df4f1d249f34c9dacfc09c0071c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 5ef447d243e5c4954e00d49a4c499dc3fd691725)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From OE-Core rev: 52f9eebe86e4b641229b524dd7701c01d9ed833c)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libarchive's configure script looks for ext2fs/ext2_fs.h in order to use
some defines for file attributes support if present (but doesn't link to
any additional libraries.) There is no configure option to disable this,
and if e2fsprogs is rebuilding between do_configure and do_compile you
can currently get a failure. Because it doesn't need anything else from
e2fsprogs, and e2fsprogs isn't currently buildable for nativesdk anyway,
copy the headers in from e2fsprogs-native which we're likely to have
built already (and add it to DEPENDS just to be sure we have.)
Fixes [YOCTO #6268].
(From OE-Core master rev: ad754e46ad477acfbe7543187a5c38bc333b8612)
(From OE-Core rev: 7504c2e715d675775e166a52ae83cf48504add19)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If DISTRO_FEATURES contains "largefile", force the size of off_t to 8 as
a workaround for having ac_cv_sizeof_off_t=4 on 32-bit systems. In
future we will likely drop the value from the site file, but for now
this is a slightly safer fix.
Fixes [YOCTO #6813].
(From OE-Core master rev: a8216030ee6c65531de8fbf3eed878a345a94edc)
(From OE-Core rev: 94483eff5d0858ef1b5a8850268aa6a7bc6e6463)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tell systemd just to kill the sshd process when the ssh connection drops
instead of the entire cgroup for sshd, so that any screen sessions (and
more to the point, processes within them) do not get killed.
(This is what the Fedora sshd service file does, and what we're already
doing in the dropbear service file).
(From OE-Core master rev: 3c238dff41fbd3687457989c7b17d22b2cc844be)
(From OE-Core rev: 6e6aeb7cca52b92a0c8013473e2b8bb18738a119)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: d1729495a19bda411fa84310ecf6c0ac3073ce36)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.
(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)
(From OE-Core rev: 13bb2ee98cfd159455e459501dda280a78cb5a3b)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|