| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An elevation of privilege vulnerability in libnl could enable a local
malicious application to execute arbitrary code within the context of
the Wi-Fi service. This issue is rated as Moderate because it first
requires compromising a privileged process and is mitigated by
current platform configurations. Product: Android. Versions: 5.0.2,
5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this
issue also exists in the upstream libnl before 3.3.0 library.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553
Backport fix from upstream libnl 3.3.0 release:
https://github.com/thom311/libnl/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
http://lists.infradead.org/pipermail/libnl/2017-May/002313.html
(From OE-Core rev: f452fbc5d2ffb9c1417079574bed0dfcdc44787a)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
termlib needs to be disabled on some targets e.g. mingw
this change paves the way for doing that. Functionally
it does not change anything for other platforms
(From OE-Core rev: 88f33e1e5ba4f85093f60a296cba3ee1c1341c43)
(From OE-Core rev: 82fc84b059367917690336d279cd8cab679d63ed)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ncurses doesn't honour ${libdir} for terminfo, so try more options to remove it.
(From OE-Core rev: 17fd322e925cf492b22c75e296d5fee31e3511db)
(From OE-Core rev: 3d07d4a1e8a7324437e2f37ffcafbb032a086008)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Other sections of the .inc already use mkdir -p, so use it here as well.
(From OE-Core rev: 62434e5021b99391a0c129a40bf943465a19e7ce)
(From OE-Core rev: f7538ee974d5bb07be193a3c8e31a05087bcc990)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Drop backported CVE fix
includes cves:
CVE-2017-10684
CVE-2017-10685
CVE-2017-11112
CVE-2017-11113
(From OE-Core rev: 382e861b8c89c65b3538c706361767eff78d4a5a)
(From OE-Core rev: 6e7b9c78aca121301e9c92ed9cdb65f1a7613ee0)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Align package.py is_elf() with recent changes in package.bbclass
isELF():
http://git.openembedded.org/openembedded-core/commit/?id=7877761534b0c2492da6289e9f2269d41b6ed464
(From OE-Core rev: 5fcb57ffd67384b3487d0a1b83a1f13d52a15eb7)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ab056c7f6065f310be4dd256ceb45f85ff981f69)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The isELF function works by running:
result = file <pathname>
if 'ELF' in result
By default 'file' will prepend the result with the path name of the file
that is being checked. This usually works fine, such as:
$ file /home/foo/openembedded-core/meta/classes/package.bbclass
/home/foo/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines
However, if the path includes 'ELF', ELF will end up in the result, and then
the check will return positive.
$ file /home/ELF/openembedded-core/meta/classes/package.bbclass
/home/ELF/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines
This will then result in the isELF coming back true, and possibly causing the
checks that use isELF, such as the 'is it already stripped' check, to do the
incorrect thing.
Adding the '-b' option to file will result in the path being omitted in the
result:
$ file /home/ELF/openembedded-core/meta/classes/package.bbclass
Python script, ASCII text executable, with very long lines
(From OE-Core rev: b6d5729a0f0e6f2c8b36d425a18e9e2ed26f5de0)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 5a324e9b2cf6378f8eaa4e394f9cb36d4e2680ac)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently there are recipes in the wild which generate files with
filenames containing '$' characters - which cause errors during
packaging.
Instead of adding another special case to escape '$' characters when
constructing the command passed to oe.utils.getstatusoutput(), switch
to using single quotes to quote the path - and therefore make isELF()
consistent with the way filenames and paths are quoted by every other
caller of oe.utils.getstatusoutput() in oe-core.
(From OE-Core rev: 080f0ee910684beb8bc263d5a45d3aa39b6ee647)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 7877761534b0c2492da6289e9f2269d41b6ed464)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 46ddc11a8be79515b4ab9f9f7568c3d624ac72fe.
The change is good in master but became subtly broken during the
backport to rocko. Either the path passed to file should be quoted
using double quotes (with any " chars in the path being escaped) or
the path should be quoted using single quotes (and then any " chars
in the path should NOT be escaped). Escaping " chars and using single
quotes will cause problems for filenames containing " chars.
(From OE-Core rev: 534a4e6775e5b4030619b20ae1f6a319adadccf5)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dot releases are maint only.
2.4.4 included:
CVE-2017-17742: HTTP response splitting in WEBrick
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
CVE-2018-8777: DoS by large request in WEBrick
CVE-2018-8778: Buffer under-read in String#unpack
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
2.4.3 includes:
CVE-2017-17405: Command injection vulnerability in Net::FTP
(From OE-Core rev: 7003a36ef3f686af97798ff6f4bc7b3473f937de)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761)
(From OE-Core rev: 02fe324eb6913b27961e8e30c5510c89733dd011)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The dbm module uses gdbm by default which is also a build dependency.
(From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9)
(From OE-Core rev: f18fe9f116bd6697ded5d93eeccdfea7c3215d7b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.
commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed Apr 12 00:21:18 2017 +0000
Merge json-2.0.4.
* https://github.com/flori/json/releases/tag/v2.0.4
* https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438)
(From OE-Core rev: 59fed1c288bc8d5549fffccedcc24ae9f4f32dac)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While installing grub and grub-efi, there are conflict files
in ${sysconfdir} ${datadir} ${bindir} ${sbindir}.
- Since all of the conflicted files are tools which is
common for grub and grub-efi, we split them (except
grub-editenv) to grub-common in grub.
- The package grub-common runtime depends grub-editenv
- The package grub-editenv runtime provides grub-efi-editenv
- Remove SYSROOT_DIRS_BLACKLIST
- The recipe grub-efi does not generate the duplicated files
and use runtime depends grub-common to instead
Debian and Fedora do the similar thing.
Debian use a common package grub-common for both of pc bios and efi,
and use package grub-pc-bin for pc bios, grub-efi-amd64-bin for efi.
Both of grub-pc-bin and grub-efi-amd64-bin requires grub-common.
https://packages.debian.org/sid/grub-common
https://packages.debian.org/jessie/grub-pc-bin
https://packages.debian.org/jessie/grub-efi-amd64-bin
Fedora use a common package grub2-tools for both of pc bios and efi,
and use package grub2 for pc bios, grub2-efi-modules for efi.
Both of grub2 and grub2-efi-modules requires grub2-tools.
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/g/grub2-tools-2.02-0.34.fc24.x86_64.html
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/g/grub2-2.02-0.34.fc24.x86_64.html
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/g/grub2-efi-modules-2.02-0.34.fc24.x86_64.html
[YOCTO #11639]
(From OE-Core rev: 60c360c0561f1ff5ff2135c4557f5992f9485617)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* with RSS used in pyro this script isn't very useful anymore
* RSS makes sure that the dependencies are almost always deterministic
the only case known to me where dependencies are different based on
what was already built in TMPDIR are runtime dependencies resolved
by shlibs code in package.bbclass (which is using global pkgdata, not
specific to given recipe and its RSS) as described here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=9217#c4
but for this case it's not worth running complete test-dependencies.sh
runs
(From OE-Core rev: 522005e722ceb1d1447826e6d7a36d43e49d0450)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* this doesn't work correctly as discussed in:
http://lists.openembedded.org/pipermail/openembedded-commits/2018-January/218460.html
* some of the issues were fixed in master since then
but not all, so revert it until it's completely resolved
This reverts commit eac21f981337bfaddb2d67161a1ff049158041ce.
(From OE-Core rev: 74c26c2f63121d92d50b0cca4d3288b8d196b777)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Affects: Perl < 5.24.3-rc1 and 5.26.x before 5.26.1-RC1
(From OE-Core rev: d20917f3ce9ac45fb9562d1cabf7ddc212b1d07a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add Perl's patch submitted to upstream to be compiled along with glibc with libcrypt split.
(From OE-Core rev: 79703d83790a2973fefdb0e12e125b5f17e98cdf)
(From OE-Core rev: 53eef48621b19a1b88c042f9ee5eeb84d9746c64)
Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@essensium.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: ded47001bec3fbbcbcdbe358a32c14ed0322d431)
Updating is safer than backporting the CVE fixes.
Included CVE:
CVE-2017-16548
CVE-2017-15994
CVE-2017-17434
CVE-2017-17434
CVE-2018-5764
plus many bugfixes
(From OE-Core rev: 3f244c68defd45d89107ff58a95c8d4462faeaed)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
ERROR: mpfr-native-3.1.5-r0 do_checkuri: Fetcher failure for URL: 'http://www.mpfr.org/mpfr-3.1.5/mpfr-3.1.5.tar.xz'. URL http://www.mpfr.org/mpfr-3.1.5/mpfr-3.1.5.tar.xz doesn't work
ERROR: mpfr-native-3.1.5-r0 do_checkuri: Function failed: do_checkuri
Found gnu has the same copy
(From OE-Core rev: ee3de1e4963ae56515be3a56b473f25ace286511)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Its possible some dynamic runtime library in the dependency chain may
come from sstate and link to libraries which need the libc from
uninative. If we don't do this and binaries are run at do_install time
they would fail to find the symbols from the later libc. Examples:
cmake-native do_install:
bin/cmake: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by TOPDIR/tmp/work/x86_64-linux/cmake-native/3.10.3-r0/recipe-sysroot-native/usr/lib/libexpat.so.1)
dbus-native do_install:
tmp/work/x86_64-linux/dbus-native/1.12.2-r0/build/bus/.libs/lt-dbus-daemon: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by /home/pokybuild/yocto-autobuilder/yocto-worker/nightly-x32/build/build/tmp/work/x86_64-linux/dbus-native/1.12.2-r0/recipe-sysroot-native/usr/lib/libexpat.so.1)
This issue is resolved when the interpreter is changed at sstate unpack
time but this isn't soon enough to avoid issues at compile/install time.
By specifing which dynamic linker/loader to use at compile time, this
race window is removed entirely.
(From OE-Core rev: 35867ee035030ab76fc9ccdb0eb1c3f80126301c)
(From OE-Core rev: cead3c4925d39f8adc328007d8a8c1b23cc72842)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a problem when for example, a glibc 2.27 based system builds some
library like libpopt-native and puts it into sstate then it is reused
on a pre glibc-2.27 system to build something which depends on popt like
rpm-native. This results in an error like:
recipe-sysroot-native/usr/lib/libpopt.so: undefined reference to `glob@GLIBC_2.27'
In the past we've had this problem with new symbols like getrandom and
getentropy, here its with a more complex symbol where there is an old
version and a newer version.
We've looked into various options, basically we cannot link against our
uninative libc/ld.so since we don't have the right headers or compiler
link libraries. The compiler doesn't allow you to switch in a new set
either, even if we did want to ship them. Shipping a complete compiler,
dev headers and libs also isn't an option.
On the other hand if we follow the ld man page, it does say:
"""
The reasons for allowing undefined symbol references in shared libraries
specified at link time are that:
- A shared library specified at link time may not be the same as the one
that is available at load time, so the symbol might actually be
resolvable at load time.
"""
which is exactly this case. By the time the binary runs, it will use
our uninative loader and libc and the symbol will be available.
Therefore we basically have a choice, we get weird intermittent bugs,
we drop uninative entirely, or we pass this option.
If we pass the option, we can drop the other workarounds too.
(From OE-Core rev: 75a62ede393bf6b4972390ef5290d50add19341a)
(From OE-Core rev: d18bf7fa8e80d6cfaf3fdbe1ab06eec84b954432)
(From OE-Core rev: 4545f5436a5a106154680825ecb1cb60437faa91)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Clean up for Rocko context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We just ran into an issue where tar failed to build on one server setup
but built everywhere else just fine.
It was running makeinfo to regenerate some docs files and makeinfo was too
old for the host it was running on. There was no dependency on makeinfo-native
as it was not meant to be regenerating the docs.
It was being regenerated as a date from a timestamp used in the docs
was different in Asian timezones than in the other timezones our builds
were being tested in.
I added an entry to https://wiki.yoctoproject.org/wiki/TipsAndTricks/
about how this was debugged.
As such, lets default to setting and exporting TZ to 'UTC' as was already
pioneered by the reproducibile builds work. This makes the builds
deterministic.
[YOCTO #12665]
(From OE-Core rev: 2a90ae7a3286724ff9e3615c4dbf56038f703810)
(From OE-Core rev: e31f31f81efe4b60938b724bece2a03c7c74a68d)
(From OE-Core rev: 2c72aa56e6065100582cb17f281c4c11521712e6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Drop simple.bbclass changes]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes the libxcrypt change which allows uninative to work on fedora28.
(From OE-Core rev: 4b27ab6487a54b42a52aa16e98ea4d19fa62b5ae)
(From OE-Core rev: 0685eb697f1dfa3b858b6e594cbd8e6070b4fbb8)
(From OE-Core rev: 2b462bdc2b9bad40425769ece380e46b52cca095)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The isELF function works by running:
result = file <pathname>
if 'ELF' in result
By default 'file' will prepend the result with the path name of the file
that is being checked. This usually works fine, such as:
$ file /home/foo/openembedded-core/meta/classes/package.bbclass
/home/foo/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines
However, if the path includes 'ELF', ELF will end up in the result, and then
the check will return positive.
$ file /home/ELF/openembedded-core/meta/classes/package.bbclass
/home/ELF/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines
This will then result in the isELF coming back true, and possibly causing the
checks that use isELF, such as the 'is it already stripped' check, to do the
incorrect thing.
Adding the '-b' option to file will result in the path being omitted in the
result:
$ file /home/ELF/openembedded-core/meta/classes/package.bbclass
Python script, ASCII text executable, with very long lines
(From OE-Core rev: 5a324e9b2cf6378f8eaa4e394f9cb36d4e2680ac)
(From OE-Core rev: 46ddc11a8be79515b4ab9f9f7568c3d624ac72fe)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[fixup for Rocko]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156
* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566
* Fix arbitrary command execution in ed-style patches:
- src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
- tests/ed-style: New test case.
- tests/Makefile.am (TESTS): Add test case.
(From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270)
(From OE-Core rev: 413c54e0698589b17976e88fa7ab76e5dbac51aa)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951
* upstream tracking: http://savannah.gnu.org/bugs/?53132
* Fix segfault with mangled rename patch
- src/pch.c (intuit_diff_type): Ensure that two filenames are specified
for renames and copies (fix the existing check).
(From OE-Core rev: cdf74e1c67698b2d44a7460ff7d365d6da7b7b96)
(From OE-Core rev: e628af83e8d00ed3e3db318b323a9f5e48d35aae)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade patch from 2.7.5 to 2.7.6.
(From OE-Core rev: e5dcd58e5b2ef0b8e2bbe90e9bb1cede4e76bf75)
(From OE-Core rev: 6ecaabfff944773a09096a9ce293842c7c00b3a1)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix CVE-2017-3144
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144
https://kb.isc.org/article/AA-01541
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4
(From OE-Core rev: bcbe9025560dee658c0ead566384e1a8647cebf9)
(From OE-Core rev: cf029db42a6bb96203d2d6bb64a62e6eeec9be8d)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When it was something else than /usr/libexec (e.g. when
installing native SDK packages), things broke down.
(From OE-Core rev: d99e819a6cbde6d1116c434ddba4c5f8eca7e6d8)
(From OE-Core rev: 1c8c163bfb736518f66276eca5765c493b8cc787)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
recipe parsing
When uninative is activated (poky's default) internal datastore variables are modified (NATIVELSBSTRING and SSTATEPOSTUNPACKFUNCS) to enable uninative
support. This is happening after parsing is done at the beginning of the build. On the next bitbake call the recipe would be parsed if the two
variables above were not added to the parsing whitelist BB_HASHCONFIG_WHITELIST.
The fix is to add these two variables to the recipe parsing whitelist BB_HASHCONFIG_WHITELIST, this is done at recipe parsing time, only when
uninative.bbclass is used.
(From OE-Core rev: 75bb95ada98ef129d2fa48568f27dddb078c852c)
(From OE-Core rev: ca52b8e4f32063234815493746c4059392862af8)
Signed-off-by: Cuero Bugot <cbugot@sierrawireless.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, RPM_SIGN_PACKAGES is not defined. Add gpgcheck=0 to
oe-remote-repo.repo file, otherwise dnf will complain during
install operation on target
Note, RPM_SIGN_PACKAGES is set only when you inherit sign_rpm explicitly
(From OE-Core rev: 002a71eaa7606828c399972d8fd35e19e7b71929)
(From OE-Core rev: 21ca5428fa320aa4c925fe8a1a141c7df863fa84)
Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a fr_FR locale is found, it is automatically tested. The test
will fail if the locale is UTF-8, as the test blindly assumes
(and expects) a non-UTF fr_FR locale.
The remedy is to skip the test.
[YOCTO #12215]
(From OE-Core rev: 4cedddb83623c79980b354642dfeaf78218ca4b7)
(From OE-Core rev: ebb6c4f6a2bb6a6be4b3c4f8b7095bad529c62ea)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Please see this security advisory:
https://www.openssl.org/news/secadv/20180327.txt
Remove 0001-Remove-test-that-requires-running-as-non-root.patch
(issue fixed upstream)
Remove 0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch
(backport)
License-Update: copyright years
(From OE-Core rev: 96d5e9c186fb83f1b5d9b38ace0b1222c3c04c54)
(From OE-Core rev: a4f7a637d9a2c738f217c67394a98f6081149022)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Please see this security advisory:
https://www.openssl.org/news/secadv/20180327.txt
License-Update: copyright years
(From OE-Core rev: 13542282e34c078296c46a98721b31ed9a69a980)
(From OE-Core rev: 9460cdd9227edcca425b919d5b9061d1da55528b)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recipes were using 'basename' to turn '/usr/lib' into 'lib', which breaks when libdir is '/usr/lib/tuple', leading to libraries ending up in '/usr/tuple', which isn't in FILES_*. Change the logic to use sed to strip the prefix instead.
(From OE-Core rev: e58d5521c7bae8daafdac85754545be176550a02)
(From OE-Core rev: 373763d4f6668c3e324edf8d699c8c15d0267278)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch was applied in a completely incorrect spot (due to fuzz),
no one noticed or complained. Meanwhile upstream says the issue
has been resolved differently:
https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
(From OE-Core rev: 325e516b59e677dc8e2c5756589fa8037b3e9392)
(From OE-Core rev: d7f682f592538073eefd24bf06c32e8e2e685f05)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch tool will apply patches by default with "fuzz", which is where if the
hunk context isn't present but what is there is close enough, it will force the
patch in.
Whilst this is useful when there's just whitespace changes, when applied to
source it is possible for a patch applied with fuzz to produce broken code which
still compiles (see #10450). This is obviously bad.
We'd like to eventually have do_patch() rejecting any fuzz on these grounds. For
that to be realistic the existing patches with fuzz need to be rebased and
reviewed.
(From OE-Core rev: 7baba7a19c5610a63ccbfd6a2238667772b32118)
(From OE-Core rev: 95b5ec1d6d614ebd1ea3a57bbbcef33b08966265)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recipes which use a shared workdir (e.g. gcc-runtine and libgcc) can
race over temporary files causing interesting build failures.
Using B instead of S avoids this problem.
[YOCTO #12605]
(From OE-Core rev: d6c13a5ff441f7076eb327c0d0b747bd7603db0f)
(From OE-Core rev: 9c72ddb605f1f4fc98fa427e37b5ba8c8758c6cd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CoffeeLake board
Integrating a series of mainline backports to allow better 4.12 support
for the coffeelake board:
97e710ef0545 driver: clk: socfpga: remove unused variable
2852089a6b7f x86/cpu: Add Cannonlake to Intel family
1af96090b1f4 ACPI / LPIT: Export lpit_read_residency_count_address()
1e85b644ad5e ACPI / LPIT: Add Low Power Idle Table (LPIT) support
3b931f776349 platform/x86: intel_pmc_core: Special case for Coffeelake
5666379331a9 platform/x86: intel_pmc_core: Add CannonLake PCH support
de9e9e9518ee platform/x86: intel_pmc_core: Read base address from LPIT
f422abd33358 platform/x86: intel_pmc_core: Remove unused header file
ec1ca0048923 platform/x86: intel_pmc_core: Convert to ICPU macro
f894e2c0cfff platform/x86: intel_pmc_core: Substitute PCI with CPUID enumeration
ce7b50cc047d platform/x86: intel_pmc_core: Refactor debugfs entries
c9ca0426c9c8 platform/x86: intel_pmc_core: Fix file permission warnings
17294194d03c platform/x86: intel_pmc_core: Change driver to a module
7f142e82c8f0 platform/x86: intel_pmc_core: Fix kernel doc for pmc_dev
d095df17ddf4 platform/x86: intel_pmc_core: Remove unused variable
cdfd431ccc3d platform/x86: intel_pmc_core: Remove unused EXPORTED API
c54edf864c58 platform/x86: intel_pmc_core: Make the driver PCH family agnostic
5302f0bfbaed HID: intel-ish-hid: Enable Cannon Lake and Coffee Lake laptop/desktop
7e5cc39c3f61 HID: intel-ish-hid: Enable Gemini Lake ish driver
b00e0e88689f HID: intel-ish-hid: Enable Cannon Lake ish driver
(From OE-Core rev: 0b53601c0e8a87e336dadd6854c19cdb2e1f6b55)
(From OE-Core rev: 61e6adc8dfb8aa63628a2e96f9d5f7ab62307c59)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrating the following commit for the 4.12+ kernels:
Author: Nathan Rossi <nathan@nathanrossi.com>
Date: Wed Mar 21 00:10:02 2018 +1000
features/wifi: Add WiFi driver fragments for various vendors/interfaces
This change adds WiFi driver configuration fragments. The fragments are
split into vendor and interface files to allow for easy selection of
drivers for specific interface types (USB, PCI, SDIO) which is useful
for BSPs with specific interfaces. The specific vendor/interface config
fragments can be included by specific BSPs in its .scc files.
However .scc files (wifi-*.scc) are provided to allow enabling interface
specific or all interfaces drivers via KERNEL_FEATURES or inclusion via
other .scc files. And wifi-common.scc is provided to enable the base
config options required for all WiFi drivers, which is done to ensure
correct configuration for default no config setups (e.g.
linux-yocto-tiny).
This patch only enables a limited set of drivers, which is based on what
the common-pc-wifi.cfg fragment sets as well as some additional drivers,
that primarily appear in USB WiFi devices.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
This gives us a much better granularity of drivers and a good baseline for
future improvements.
The 4.12 fragments are also slightly re-organized on top of this commit
to avoid patch failures when including the new frags.
(From OE-Core rev: c24d6863768a64b2c1632d5202790689a1164694)
(From OE-Core rev: 9e1bc0e552d7609428cb71bda7d2b6b726146c21)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Removed upsupported kernels]
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Via the -stable updates, and other configuration changes the 4.12 kernel has the
same dependency on openssl headers as 4.14+.
So we add the same DEPENDS line that we already have in newer kernels to avoid the
following error:
| HOSTCC scripts/sign-file
| build/tmp/work-shared/qemux86-64/kernel-source/scripts/sign-file.c:25:30: fatal error: openssl/opensslv.h: No such file or directory
| compilation terminated.
| scripts/Makefile.host:107: recipe for target 'scripts/sign-file' failed
| make[3]: *** [scripts/sign-file] Error 1
| make[3]: *** Waiting for unfinished jobs....
(From OE-Core rev: 80f6840baecb8b161f6443f3dd1af4e70b5e5221)
(From OE-Core rev: 8660345a665ef74828036c89257bc23246243c40)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrating Paul Gortmaker's stable update to 4.12, this includes CVE
fixes for meltdown and spectre:
3bb926457832 Linux 4.12.21
76781f72ce64 lguest: disable it vs. removing it.
6ab3176bb365 x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
efa97ecdf026 x86/pti: Mark constant arrays as __initconst
a4d9aaf35e28 x86/spectre: Simplify spectre_v2 command line parsing
1dbde4da259a x86/retpoline: Avoid retpolines for built-in __init functions
7f3a7b69b0f7 x86/paravirt: Remove 'noreplace-paravirt' cmdline option
ebeddfbee13f x86/speculation: Use Indirect Branch Prediction Barrier in context switch
7e0a7c84eb35 x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
bf0c4c3f38f6 x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
f4d4ccfdf361 x86/spectre: Report get_user mitigation for spectre_v1
12f20abacd8b nl80211: Sanitize array index in parse_txq_params
7686c72bfd9c vfs, fdtable: Prevent bounds-check bypass via speculative execution
a3d62741fc9b x86/syscall: Sanitize syscall table de-references under speculation
0b99c598274c x86/get_user: Use pointer masking to limit speculation
bf532304a22f x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
04584b001618 x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
5a64c3ccd99d x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
9bbc24f34f03 x86: Introduce barrier_nospec
b55fd06d6fe0 x86: Implement array_index_mask_nospec
79a2efa3e0f5 array_index_nospec: Sanitize speculative array de-references
e9046d054bb9 Documentation: Document array_index_nospec
0078d6b103f9 x86/asm: Move 'status' from thread_struct to thread_info
46afe23798a3 x86/entry/64: Push extra regs right away
4213246ab7a8 x86/entry/64: Remove the SYSCALL64 fast path
026a59b9de37 x86/spectre: Check CONFIG_RETPOLINE in command line parser
a345c5f7a1b6 x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
999e3eca6861 x86/speculation: Simplify indirect_branch_prediction_barrier()
c7acab78a24c x86/retpoline: Simplify vmexit_fill_RSB()
be5c3f1101f7 x86/cpufeatures: Clean up Spectre v2 related CPUID flags
7addf309d0e0 x86/cpu/bugs: Make retpoline module warning conditional
b7c17f71e9cc x86/bugs: Drop one "mitigation" from dmesg
af16629cc1da x86/nospec: Fix header guards names
ebfadec0c9dc x86/alternative: Print unadorned pointers
2e4bcf1ccaa9 x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
332de1ac4373 x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
79a2a1ba23e7 x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
d29069565618 x86/msr: Add definitions for new speculation control MSRs
114a7b0f431c x86/cpufeatures: Add AMD feature bits for Speculation Control
2d5755e9daac x86/cpufeatures: Add Intel feature bits for Speculation Control
3f5d9b428f05 x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
2f1b883356ca module/retpoline: Warn about missing retpoline in module
8c935f65cf6a KVM: VMX: Make indirect call speculation safe
79c0d980e610 KVM: x86: Make indirect calls in emulator speculation safe
956ca31407ab x86/retpoline: Remove the esp/rsp thunk
de8cd92003c6 x86/mm/64: Fix vmapped stack syncing on very-large-memory 4-level systems
f2846896cd75 x86/microcode: Fix again accessing initrd after having been freed
badb7498ab69 x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
750d9c97cede x86/pti: Document fix wrong index
8d759c94307d kprobes/x86: Disable optimizing on the function jumps to indirect thunk
59a3c4dc0ab9 kprobes/x86: Blacklist indirect thunk functions for kprobes
2eef7eab7aea retpoline: Introduce start/end markers of indirect thunk
a37c55916910 x86/mce: Make machine check speculation protected
3aab76cd9d88 x86/tsc: Fix erroneous TSC rate on Skylake Xeon
b129f5955cd5 x86/tsc: Future-proof native_calibrate_tsc()
7639b8268579 x86/mm/pkeys: Fix fill_sig_info_pkey
b19a92bb0f18 x86/cpufeature: Move processor tracing out of scattered features
eb5a1177e60b x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
ed114eb7be88 x86/retpoline: Fill RSB on context switch for affected CPUs
70d519c9f97c x86/kasan: Panic if there is not enough memory to boot
01e21b5f7c9c x86/retpoline: Remove compile time warning
8ca1b5f8a9f4 x86,perf: Disable intel_bts when PTI
6f037d7eaeaa security/Kconfig: Correct the Documentation reference for PTI
b8c74586d251 x86/pti: Fix !PCID and sanitize defines
8e24a4722756 selftests/x86: Add test_vsyscall
c3d9420f23cf x86/retpoline: Fill return stack buffer on vmexit
dd182d455654 x86/retpoline/irq32: Convert assembler indirect jumps
d592a8a2c5f5 x86/retpoline/checksum32: Convert assembler indirect jumps
0f3df59f16d3 x86/retpoline/xen: Convert Xen hypercall indirect jumps
c0459b479a22 x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
11edfaeadbd1 x86/retpoline/entry: Convert entry assembler indirect jumps
bf4c91a3b74f x86/retpoline/crypto: Convert crypto assembler indirect jumps
2b243b8623a5 x86/spectre: Add boot time option to select Spectre v2 mitigation
8ab0d792e81c x86/retpoline: Add initial retpoline support
f2f4c0853dba x86/pti: Make unpoison of pgd for trusted boot work for real
7495fd5400e6 x86/alternatives: Fix optimize_nops() checking
8b932f131e26 sysfs/cpu: Fix typos in vulnerability documentation
299b4adfed2e x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
32996f3a0a81 x86/cpu/AMD: Make LFENCE a serializing instruction
10ffc3c2b2f7 x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*()
9e1201731d4b x86/tboot: Unbreak tboot with PTI enabled
728d879e5c6b x86/cpu: Implement CPU vulnerabilites sysfs functions
aeba317a23de sysfs/cpu: Add vulnerability folder
83e59b5d52bf x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
f7845c2cbd6e x86/Documentation: Add PTI description
16331e2c3b06 x86/pti: Unbreak EFI old_memmap
5723b0260415 kdump: Write the correct address of mem_section into vmcoreinfo
50d02826dfc0 mm/sparse.c: wrong allocation for mem_section
d3cbfb481af2 mm/sparsemem: Fix ARM64 boot crash when CONFIG_SPARSEMEM_EXTREME=y
(From OE-Core rev: 607b443f2abb915d4d12d6483b26030734983288)
(From OE-Core rev: f10c5251dcb545e633f01b680ffee6e8cf75852d)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Debian anonscm service in Alioth is shutdown and thus
fetching sources fails.
https://wiki.debian.org/Alioth
"Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information."
https://wiki.debian.org/Salsa
"What is Salsa?
Salsa is the name of a collaborative development server for Debian based on the gitlab software. Salsa is supposed to provide the necessary tools for package maintainers, packaging teams and other Debian related individuals and groups for collaborative development.
What is the status of Salsa?
After various discussions about the future of Alioth, the Alioth Sprint in August 2017 gave birth to the initial setup of the the upcoming Salsa service. The productive weekend resulted in a working prototype and was launched as a beta in December 2017. It left its beta status in January 2018."
(From OE-Core rev: 08ff7b42d8b7d06ef61255185c95e900ada8769b)
(From OE-Core rev: 407de0c37ba21aff49b9fd43ee74ea4af28d19d4)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Debian anonscm service in Alioth is shutdown and thus
fetching ca-certificates sources fails.
https://wiki.debian.org/Alioth
"Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information."
(From OE-Core rev: fc20ff2003cee7ee3b78ba3bc236a60a8caabc35)
(From OE-Core rev: 127d1d68346bece34ccd8f6203976e2399c31a92)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Debian anonscm service in Alioth is shutdown and thus
fetching ncurses sources fails.
https://wiki.debian.org/Alioth
"Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information."
(From OE-Core rev: 8fab5794218445ddb3e8f73a74fa3f130e7c42f6)
(From OE-Core rev: fd64bf2dab8f259fb5e3d04e1a2af09e0775adc5)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since v7.51.0, libidn2 is the only available option, libidn
support was dropped.
The configure option was renamed as of v7.53.0
Therefore, curl unconditionally tries to build against libidn2,
which in particular is a problem for curl-native, as that might
or might not build against the build-machine's libidn2 now,
which furthermore causes problems when trying to share sstate
between multiple build machines.
We therefore see the following in the config log:
...
checking whether to build with libidn2... (assumed) yes
...
checking for libidn2 options with pkg-config... no
configure: IDN_LIBS: "-lidn2"
configure: IDN_LDFLAGS: ""
configure: IDN_CPPFLAGS: ""
configure: IDN_DIR: ""
checking if idn2_lookup_ul can be linked... yes
checking idn2.h usability... yes
checking idn2.h presence... yes
checking for idn2.h... yes
...
IDN support: enabled (libidn2)
...
even though this recipe tries to disable that.
While libidn2 isn't available in OE, this change at least:
* prevents curl-native to silently build against libidn2 if
that is installed on build machine, even if not requested
* alerts people who use the PACKAGECONFIG option that it's
not actually doing what they intend to do
(From OE-Core rev: 705eaea991622bdbb2ee83eefa8df8e665e3efe4)
(From OE-Core rev: 6ec8cb59b2f58784a9f74afa6018791694f8a030)
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: a0d2427bb86668215d7c9e1be07cb9a2d86f6755)
This includes these CVEs:
CVE-2017-7376
CVE-2017-7375
CVE-2017-5130
CVE-2017-16932
CVE-2017-16931
see http://xmlsoft.org/news.html for more info.
(From OE-Core rev: 6a62f30bcb516f6a5c97f21086ecd13ffbb6f821)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 9763c9d649a22f9024d832eb625bee35b583e717)
This update include these CVES:
CVE-2018-1000122 CWE-126: Buffer Over-read
CVE-2018-1000121 CWE-476: NULL Pointer Dereference
CVE-2018-1000120 CWE-122: Heap-based Buffer Overflow
Mostly bugfixes.
(From OE-Core rev: f99e2ce01ed01cf036a8282b2d155d941ed7ec9b)
Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.Upgrade curl from 7.54.1 to 7.57.0.
2.Delete CVE-2017-1000099.patch, CVE-2017-1000100.patch, CVE-2017-1000101.patch, CVE-2017-1000254.patch, reproducible-mkhelp.patch, since it is integrated upstream.
3.Remove "do_install_append()" from curl_7.57.0.bb, since curl/curlbuild.h has been removed.
this update include CVE fixes for:
CVE-2018-1000007 CWE-522: Insufficiently Protected Credentials
CVE-2018-1000005 CWE-126: Buffer Over-read
CVE-2017-8818 CWE-125: Out-of-bounds Read
CVE-2017-8817 CWE-126: Buffer Over-read
CVE-2017-8816 CWE-131: Incorrect Calculation of Buffer Size
CVE-2017-1000257 CWE-126: Buffer Over-read
Most of the changes are bug fixes.
https://curl.haxx.se/changes.html
(From OE-Core rev: 215d5677004537fc190b5381157ac8b94db6d7e8)
(From OE-Core rev: 7f1029aff8abaadb25730fef50c495dcd6fc1e30)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Safer to upgrade than to backport CVE-2017-8818. Lots of depends patches]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
