summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build-appliance-image: Update to fido head revisionyocto-1.8.2fido-13.0.2Richard Purdie2016-05-121-1/+1
| | | | | | (From OE-Core rev: 511ea0fcc9c238ad8e3b3089ec2bcf82bb1ecc77) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: prevent ABI break from earlier fido releasesJoshua Lock2016-05-121-9/+22
| | | | | | | | | | | | | | The backported upgrade to 1.0.2h included an updated GNU LD version-script which results in an ABI change. In order to try and respect ABI for existing binaries built against fido this commit partially reverts the version-script to maintain the existing ABI and instead only add the new symbols required by 1.0.2h. Suggested-by: Martin Jansa <martin.jansa@gmail.com> (From OE-Core rev: 480db6be99f9a53d8657b31b846f0079ee1a124f) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* conf/local.conf.sample: comment out ASSUME_PROVIDED=libsdl-nativeRoss Burton2016-05-121-3/+4
| | | | | | | | | | | | | | | | | Ubuntu 15.10 and Debian testing can't build qemu-native against the host libsdl. Now that libsdl-native is buildable, comment out the ASSUME_PROVIDED which meant it wouldn't be used. [ YOCTO #8553 ] (From meta-yocto master rev: 759accbfca46de058ce402938713189dab22a70c) (From meta-yocto rev: aa4ad74c23b283f545a0f9f1ee57635fbe1a1dc6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to fido head revisionRichard Purdie2016-05-111-1/+1
| | | | | | (From OE-Core rev: e7c46ce3e59cb4fd770e76ae006c0166d0dd5265) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: 1.0.2d -> 1.0.2h (mainly for CVEs)Robert Yang2016-05-1115-1950/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * CVEs: - CVE-2016-0705 - CVE-2016-0798 - CVE-2016-0797 - CVE-2016-0799 - CVE-2016-0702 - CVE-2016-0703 - CVE-2016-0704 - CVE-2016-2105 - CVE-2016-2106 - CVE-2016-2109 - CVE-2016-2176 * The LICENSE's checksum is changed because of date changes (2011 -> 2016), the contents are the same. * Remove backport patches - 0001-Add-test-for-CVE-2015-3194.patch - CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch - CVE-2015-3194-1-Add-PSS-parameter-check.patch - CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch - CVE-2015-3197.patch - CVE-2016-0701_1.patch - CVE-2016-0701_2.patch - CVE-2016-0800.patch - CVE-2016-0800_2.patch - CVE-2016-0800_3.patch * Update crypto_use_bigint_in_x86-64_perl.patch * Add version-script.patch and update block_diginotar.patch (From master branch) * Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch (From Armin) (From OE-Core master rev: bca156013af0a98cb18d8156626b9acc8f9883e3) (From OE-Core rev: 6ed7c8a9f82bc173ae0cc8b494af5a2c838f08fc) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: tests/fetch: ensure fetch tests preserve current dirPaul Eggleton2016-05-091-0/+2
| | | | | | | | | | | | | | | The fetcher calls os.chdir() in a number of places, which can affect other tests (since the directory it changes into gets deleted) - let's just put the current directory back to where it was when we're done. (This fixes bb.tests.Path.test_unsafe_delete_path failing if it was run as part of a full bitbake-selftest run, where the fetcher tests get to run before it.) (Bitbake rev: fdb6c123593fd2255b9b09e6bdf7306d64a82892) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: bb/tests/fetch: Update cups urlRichard Purdie2016-05-091-2/+2
| | | | | | | | | Update the upstream url used for testing cups versions after upstream website changes. (Bitbake rev: 27ae1b39c400cf7edbd6902ff050a39147d64217) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gtk+_2.24.25: backport a fix for building with newer host perlJoshua Lock2016-05-092-0/+76
| | | | | | | | | | This backports a patch from gtk+ upstream to prevent an issue when building on Fedora 23 hosts. (From OE-Core rev: fd27f8620ae4d95dfe07b27eee4256b0a128348a) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: update to 2016dArmin Kuster2016-05-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes affecting future time stamps America/Caracas switches from -0430 to -04 on 2016-05-01 at 02:30. (Thanks to Alexander Krivenyshev for the heads-up.) Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00. (Thanks to Alexander Krivenyshev and Matt Johnson.) New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29 at 02:00. (Thanks to Stepan Golosunov.) Changes affecting past time stamps New zone Europe/Kirov, split off from Europe/Volgograd. It covers Kirov Oblast, Russia, which switched from +04/+05 to +03/+04 on 1989-03-26 at 02:00, roughly a year after Europe/Volgograd made the same change. (Thanks to Stepan Golosunov.) Russia and nearby locations had daylight-saving transitions on 1992-03-29 at 02:00 and 1992-09-27 at 03:00, instead of on 1992-03-28 at 23:00 and 1992-09-26 at 23:00. (Thanks to Stepan Golosunov.) Many corrections to historical time in Kazakhstan from 1991 through 2005. (Thanks to Stepan Golosunov.) Replace Kazakhstan's invented time zone abbreviations with numeric abbreviations. (From OE-Core rev: 80936e6c259923e19331678ca2f8aa40b79da5c2) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (From OE-Core master rev: 10194ca3d8c2f4d8648a685c5c239a33d944b6fe) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode: update to 2016dArmin Kuster2016-05-091-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | they keep the versions in-sync. changes are all in data. Changes affecting future time stamps America/Caracas switches from -0430 to -04 on 2016-05-01 at 02:30. (Thanks to Alexander Krivenyshev for the heads-up.) Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00. (Thanks to Alexander Krivenyshev and Matt Johnson.) New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29 at 02:00. (Thanks to Stepan Golosunov.) Changes affecting past time stamps New zone Europe/Kirov, split off from Europe/Volgograd. It covers Kirov Oblast, Russia, which switched from +04/+05 to +03/+04 on 1989-03-26 at 02:00, roughly a year after Europe/Volgograd made the same change. (Thanks to Stepan Golosunov.) Russia and nearby locations had daylight-saving transitions on 1992-03-29 at 02:00 and 1992-09-27 at 03:00, instead of on 1992-03-28 at 23:00 and 1992-09-26 at 23:00. (Thanks to Stepan Golosunov.) Many corrections to historical time in Kazakhstan from 1991 through 2005. (Thanks to Stepan Golosunov.) Replace Kazakhstan's invented time zone abbreviations with numeric abbreviations. (From OE-Core rev: a17a81991a10d6c61def5eb81687f57fc7ad87b0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (From OE-Core master rev: db8223e4dd2e513a656aedfae217d94e053c2366) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode: update to 2016cArmin Kuster2016-05-091-4/+4
| | | | | | | | | | | (From OE-Core rev: 2dd4085180b5fca144b0e0b5ef149e291e796bf0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: 41adb87c2f1aa20e51f1af3542d65c920eb94be6) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: update to 2016cArmin Kuster2016-05-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 2016c release of the tz code and data is available. Its most urgent change is for Asia/Baku, where the update takes effect this weekend. This release reflects the following changes, which were either circulated on the tz mailing list or are relatively minor technical or administrative changes: Changes affecting future time stamps Azerbaijan no longer observes DST. (Thanks to Steffen Thorsen.) Chile reverts from permanent to seasonal DST. (Thanks to Juan Correa for the heads-up, and to Tim Parenti for corrections.) Guess that future transitions are August's and May's second Saturdays at 24:00 mainland time. Also, call the period from 2014-09-07 through 2016-05-14 daylight saving time instead of standard time, as that seems more appropriate now. Changes affecting past time stamps Europe/Kaliningrad and Europe/Vilnius changed from +03/+04 to +02/+03 on 1989-03-26, not 1991-03-31. Europe/Volgograd changed from +04/+05 to +03/+04 on 1988-03-27, not 1989-03-26. (Thanks to Stepan Golosunov.) Changes to commentary Several updates and URLs for historical and proposed Russian changes. (Thanks to Stepan Golosunov, Matt Johnson, and Alexander Krivenyshev.) (From OE-Core rev: 770f1769df2930fdc57a3a7427b18e9b6ebe9dda) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: 66031bcf8cec2e8e7a6803f2c6cfc2c2ba071ffe) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode: update to 2016bArmin Kuster2016-05-092-25/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change SRC_URI http seems more reliable Changes to code tzselect's diagnostics and checking, and checktab.awk's checking, have been improved. (Thanks to J William Piggott.) tzcode now builds under MinGW. (Thanks to Ian Abbott and Esben Haabendal.) tzselect now tests Julian-date TZ settings more accurately. (Thanks to J William Piggott.) Changes to commentary Comments in zone tables have been improved. (Thanks to J William Piggott.) tzselect again limits its menu comments so that menus fit on a 24x80 alphanumeric display. A new web page tz-how-to.html. (Thanks to Bill Seymour.) In the Theory file, the description of possible time zone abbreviations in tzdata has been cleaned up, as the old description was unclear and inconsistent. (Thanks to Alain Mouette for reporting the problem.) (From OE-Core rev: 8598455b372931e88d4936f0ec0313540ec602a0) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: 0c4816c1f723951179988a274f236f28fe4db20f) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: update to 2016bArmin Kuster2016-05-091-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | updated SRC_URI to http as it seems more stable. Changes affecting future time stamps New zones Europe/Astrakhan and Europe/Ulyanovsk for Astrakhan and Ulyanovsk Oblasts, Russia, both of which will switch from +03 to +04 on 2016-03-27 at 02:00 local time. They need distinct zones since their post-1970 histories disagree. New zone Asia/Barnaul for Altai Krai and Altai Republic, Russia, which will switch from +06 to +07 on the same date and local time. Also, Asia/Sakhalin moves from +10 to +11 on 2016-03-27 at 02:00. (Thanks to Alexander Krivenyshev for the heads-up, and to Matt Johnson and Stepan Golosunov for followup.) As a trial of a new system that needs less information to be made up, the new zones use numeric time zone abbreviations like "+04" instead of invented abbreviations like "ASTT". Haiti will not observe DST in 2016. (Thanks to Jean Antoine via Steffen Thorsen.) Palestine's spring-forward transition on 2016-03-26 is at 01:00, not 00:00. (Thanks to Hannah Kreitem.) Guess future transitions will be March's last Saturday at 01:00, not March's last Friday at 24:00. Changes affecting past time stamps Europe/Chisinau observed DST during 1990, and switched from +04 to +03 at 1990-05-06 02:00, instead of switching from +03 to +02. (Thanks to Stepan Golosunov.) 1991 abbreviations in Europe/Samara should be SAMT/SAMST, not KUYT/KUYST. (Thanks to Stepan Golosunov.) (From OE-Core rev: 55eb60c513ac0125e7fdb697d171e4c6ab8883f8) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: d3ab7005f0c899da9f9f132b22861bd5d4f952ba) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: CVE-2016-1285 CVE-2016-1286Sona Sarmadi2016-05-095-0/+572
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure CVE-2016-1286 bind: malformed signature records for DNAME records can trigger assertion failure [YOCTO #9400] External References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286 References to the Upstream commits and Security Advisories: CVE-2016-1285: https://kb.isc.org/article/AA-01352 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=31e4657cf246e41d4c5c890315cb6cf89a0db25a CVE-2016-1286_1: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7 CVE-2016-1286_2: https://kb.isc.org/article/AA-01353 https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch; h=ce3cd91caee698cb144e1350c6c78292c6be6339 (From OE-Core rev: e289df4daa4b90fb95ae3602c244cba9d56a8c2f) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox_git: Fix SRCREVBrad Mouring2016-05-091-1/+1
| | | | | | | | | | | | | The SRCREV in the busybox git recipe did not point to a commit ID on the master branch. Point the variable to something reachable from the master branch (which fixes this recipe's fetch()). Suggested-by: Khem Raj <raj.khem@gmail.com> (From OE-Core rev: b0720e996dde537d04a9129e7ffdc883836c3cf8) Signed-off-by: Brad Mouring <brad.mouring@ni.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: Backport patch to fix zcip false-conflictBrad Mouring2016-05-092-0/+35
| | | | | | | | | | | | Busybox upstream fixed the issue where an incorrect comparison of addresses led to bogus renegotiation of a new ll ip in 1.24. Backport this change to 1.23.1. (From OE-Core rev: 37f074eed40ec0e100066eeef16ff8af555e3301) Signed-off-by: Brad Mouring <brad.mouring@ni.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* populate_sdk_base: Ensure PKGDATA_DIR existsRichard Purdie2016-05-091-1/+1
| | | | | | | | | | | | | | | | | The code assumes that PKG_DATADIR exists and will fail if an image has not been generated which creates it. This occurs when something like buildtools-tarball is built which doesn't have target packages, only nativesdk ones. Since this shouldn't be fatal, workaround this by creating the missing directory. (From OE-Core master rev: 319c5d55bb0c7e429766f46dd42a15e16a43c4dd) (From OE-Core rev: d9ea863ff844ee1b84d4699b0d3af7245f3703c5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* scripts/oe-pkgdata-util: Fix variable name in error handlingRichard Purdie2016-05-091-1/+1
| | | | | | | | | | | | | | | Fix: logger.error('Unable to find pkgdata directory %s' % pkgdata_dir) NameError: global name 'pkgdata_dir' is not defined (From OE-Core master rev: a1202ed17e11400f08064c9065fdfa996554d4ad) (From OE-Core rev: af95fa33067542fe6f253d57b6dda575ceea5527) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xorg-lib: allow native building without x11 DISTRO_FEATURESRoss Burton2016-05-091-0/+1
| | | | | | | | | | | | | | | | | The Xorg libraries use REQUIRED_DISTRO_FEATURES to stop building on distributions without the x11 feature but this stops people building native tooling that uses libX11, such as libsdl-native. (From OE-Core master rev: 161bb3409edee21827cf594cc011fe88185f1496) (From OE-Core rev: 16b2e5a5af9fadbfe85a9f66be2896d1c7c3b72d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxcb change removed as it's not valid in fido Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* base: check for existing prefix when expanding names in PACKAGECONFIGRoss Burton2016-05-091-1/+4
| | | | | | | | | | | | | | | | | | | | | When the DEPENDS are added as part of the PACKAGECONFIG logic the list of packages are expanded so that any required nativesdk-/-native/multilib prefixes and suffixes are added. However the special handling of virtual/foo names doesn't check that the prefix already exists, which breaks under nativesdk as in that situation there's an explicit nativesdk- prefix *and* MLPREFIX is set to nativesdk-. This results in the same prefix being applied twice, and virtual packages such as virtual/libx11 ending up as virtual/nativesdk-nativesdk-libx11. (From OE-Core master rev: 9e7d207e207bf0319b09d403d87d37f24e3dfbee) (From OE-Core rev: af32a5d84e9aa300095ffb7d4626708e2f85e7a2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsdl: expand PACKAGECONFIG and enable native buildsRoss Burton2016-05-091-17/+18
| | | | | | | | | | | | | | | | | | | | | | | Use PACKAGECONFIG instead of using logic in DEPENDS and EXTRA_OECONF, adding new options for PulseAudio, tslib, DirectFB, OpenGL and X11. Pass --disable-x11-shared so that it links to the X libraries instead of using dlopen(). Disable tslib by default as the kernel event input subsystem is generally used. SDL's OpenGL support requires X11 so check for both x11 and opengl, and merge the dependencies. Finally enable native builds, with a minimal PACKAGECONFIG that will build from oe-core for native and nativesdk. (From OE-Core master rev: 3d6c31c3a4ff34376e17005a981bb55fc6f7a38f) (From OE-Core rev: c1b39f145b9e9f65875ec7b46030327741267031) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsdl: depends on libglu when both x11 and openglRobert Yang2016-05-091-1/+2
| | | | | | | | | | | | | | | | The libglu requires both opengl (depends on virtual/libgl) and x11 (needs libGL.so which is provided by mesa when x11 in DISTRO_FEATURES), so let libsdl depends on libglu when both x11 and opengl in DISTRO_FEATURES. (From OE-Core master rev: b33e927096292f22f1bd9b2b0f633a6d645fc1eb) (From OE-Core rev: 45a6ae4cf6b2684ee7e58b8a85f44eb0031fa2b4) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* testimage: Handle ipk/deb packaging format tests correctlyRichard Purdie2016-05-091-2/+4
| | | | | | | | | | | | | | | The default test list only works for rpm packaging. This fixes it for deb and ipk too. (From OE-Core master rev: 210c8926405fcf695ec00f5768f29ba198320d6a) (From OE-Core rev: 961a9de0e918526bc8c880ea1d35db16b55f500a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: CVE-2015-8605Mariano Lopez2016-05-093-0/+234
| | | | | | | | | | | | ISC DHCP allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. (From OE-Core rev: 43f2cfdf63fb70e3c2da0224221dae63b05477df) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to fido head revisionRichard Purdie2016-03-131-1/+1
| | | | | | (From OE-Core rev: 1ebf604cae8d9bd3d2c10d06cd126e79e13732ee) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky.conf: Bump version for 1.8.2 fido releaseRichard Purdie2016-03-131-1/+1
| | | | | | (From meta-yocto rev: 16d067de9a9682e93b30726b74078a1c4366a015) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to fido head revisionRichard Purdie2016-03-121-1/+1
| | | | | | (From OE-Core rev: aba91bb6e2b748f05051bf824531e4f283eb5f09) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* documentation: Final bits for the 1.8.2 manual setScott Rifenbark2016-03-1110-26/+66
| | | | | | | | | | | | | | Changes include: * Updating all the Manual revision history tables for 1.8.2 * Updating the poky.ent file with new variable values for 1.8.2 * Updating the mega-manual.sed file so good links are generated for the mega-manual (From yocto-docs rev: d77321f4bef95c48d1df8b671418ebb4fa68bd66) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nettle: The variable named p in the patch file was incorrectly named.ngutzmann2016-03-111-1/+1
| | | | | | | | | | | | | | The variable in question should have been called ecc->p. The patch has been updated so that the compilation of the nettle recipe would complete successfully. The backport originated from this commit https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d (From OE-Core rev: 7f4d3b90840a14d660a56d23e1fe79f4fb633d59) Signed-off-by: ngutzmann <nathangutzmann@gmail.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-0800Armin Kuster2016-03-034-0/+1296
| | | | | | | | | | | | | | | CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) https://www.openssl.org/news/secadv/20160301.txt (From OE-Core rev: 6c06c42594539bec4c360c8cc28ebee8a338e6b4) Signed-off-by: Armin Kuster <akuster@mvista.com> Not required for master, an update to 1.0.2g has been submitted. Backport from jethro. Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Fix CVE-2015-8041Hongxu Jia2016-03-032-0/+65
| | | | | | | | | | | | | Backport patch from http://w1.fi/security/2015-5/ and rebase for wpa-supplicant 2.4 (From OE-Core rev: 12520d7f729fe3d07c2f94b813994718edb2d987) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Not needed in master since the upgrade to 2.5 Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: Security fixes CVE-2015-7545Armin Kuster2016-03-036-0/+888
| | | | | | | | | | | | | CVE-2015-7545 git: arbitrary code execution via crafted URLs (From OE-Core rev: 0c4bdd61acbc1fa1b9bfb167d8eaf90c8bccc25c) Signed-off-by: Armin Kuster <akuster@mvista.com> Already in Jethro, not needed in master due to shipping a version of git which is already fixes (> 2.6.1) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nettle: Security fix CVE-2015-8804Armin Kuster2016-03-032-0/+273
| | | | | | | | | | | | | | (From OE-Core master rev: 7474c7dbf98c1a068bfd9b14627b604da5d79b67) minor tweak to get x86_64/ecc-384-modp.asm to apply (From OE-Core rev: d1903e264ab62d34daeb652c89c6fb67e7c9b42d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nettle: Security fix CVE-2015-8803 and CVE-2015-8805Armin Kuster2016-03-032-0/+75
| | | | | | | | | | | | | | (From OE-Core master rev: f62eb452244c3124cc88ef01c14116dac43f377a) hand applied changes for ecc-256.c (From OE-Core rev: cb03397ac97bfa99df6b72c80e1e03214e059e6e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2015-8461Armin Kuster2016-03-032-1/+47
| | | | | | | | | | | | | | | | CVE-2015-8461 bind: race condition when handling socket errors can lead to an assertion failure in resolver.c\ (From OE-Core master rev: 1656eaa722952861ec73362776bd0c4826aec3da) Hand applied Changelog changes. (From OE-Core rev: 104d050d420ee4aa14b772850742699b15d127d6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpcbind: Security Advisory - rpcbind - CVE-2015-7236Li Zhou2016-03-032-0/+84
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | rpcbind: Fix memory corruption in PMAP_CALLIT code Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMAP_CALLIT code. The patch comes from <http://www.openwall.com/lists/oss-security/2015/09/18/7>, and it hasn't been in rpcbind upstream yet. (From OE-Core master rev: cc4f62f3627f3804907e8ff9c68d9321979df32b) (From OE-Core rev: 224bcc2ead676600bcd9e290ed23d9b2ed2f481e) (From OE-Core rev: 16cf2f5386bc438dc20c4ae40de267618e9dc500) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Secuirty fix CVE-2016-0755Armin Kuster2016-03-032-1/+135
| | | | | | | | | | | | | | | | CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use (From OE-Core master rev: 8322814c7f657f572d5c986652e708d6bd774378) hand applied changed to url.c (From OE-Core rev: e479ec9e6cbd34f3a7a56a170aaabcc4229f1959) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security fix CVE-2016-0754Armin Kuster2016-03-032-1/+386
| | | | | | | | | | | | | | | | CVE-2016-0754 curl: remote file name path traversal in curl tool for Windows (From OE-Core master rev: b2c9b48dea2fd968c307a809ff95f2e686435222) minor tweak to tool_operate.c to get it to apply (From OE-Core rev: b8df558ece47e51653e1fc0fb0637ec2cdf2907b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: Security fix CVE-2015-7511Armin Kuster2016-03-033-0/+305
| | | | | | | | | | | | | | | | | | | | | CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves affects libgcrypt < 1.6.5 adjust SRC_URI + for this version. Patch 1 is a dependancy patch. simple macro name change. Patch 2 is the cve fix. (From OE-Core master rev: c691ce99bd2d249d6fdc4ad58300719488fea12c) (From OE-Core rev: 88ba5ea3f3a421ac91d670e450f4b0645a53d733) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: Security fix CVE-2015-8472Armin Kuster2016-03-032-0/+30
| | | | | | | | | | | | | | | | | | libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions this patch fixes an incomplete patch in CVE-2015-8126 adjusted dir to match this version. (From OE-Core master rev: f4a805702df691cbd2b80aa5f75d6adfb0f145eb) (From OE-Core rev: bed289a9ac39fb9b613e3075d5a062b24c59c956) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: Security fix CVE-2015-8126Armin Kuster2016-03-035-0/+358
| | | | | | | | | | | | | | | | libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions Adjusted dir location to match the version. (From OE-Core master rev: d0a8313a03711ff881ad89b6cfc545f66a0bc018) (From OE-Core rev: 20a1f80f554c2dc9da414c5846fb5bafd73e2cac) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdk-pixbuf: Security fix CVE-2015-7674Armin Kuster2016-03-032-0/+40
| | | | | | | | | | | | | | CVE-2015-7674 Heap overflow with a gif file in gdk-pixbuf < 2.32.1 (From OE-Core master rev: f2b16d0f9c3ad67fdf63e9e41f42a6d54f1043e4) (From OE-Core rev: 50602eebe1150819c320b6b611dcd792573eb55a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* librsvg: Security fix CVE-2015-7558Armin Kuster2016-03-034-1/+597
| | | | | | | | | | | | | | | | CVE-2015-7558 librsvg2: Stack exhaustion causing DoS including two supporting patches. (From OE-Core master rev: 4945643bab1ee6b844115cc747e5c67d874d5fe6) (From OE-Core rev: 4e21caee47a0ca3e66e84a15d104d3b532731263) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2015-8784Armin Kuster2016-03-032-0/+74
| | | | | | | | | | | | | | | CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() (From OE-Core master rev: 3e89477c8ad980fabd13694fa72a0be2e354bbe2) minor tweak to get tif_next.c changes to apply. (From OE-Core rev: 645255274769bfaeb737f66a6222a9a929823160) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2015-8781Armin Kuster2016-03-032-1/+199
| | | | | | | | | | | | | | | | CVE-2015-8781 libtiff: out-of-bounds writes for invalid images (From OE-Core master rev: 29c80024bdb67477dae47d8fb903feda2efe75d4) minor tweek to get Changelog changes to apply (From OE-Core rev: fa7fac56be40fdb519d426e9465436415e3f5527) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* foomatic-filters: Security fixes CVE-2015-8327Armin Kuster2016-03-032-0/+24
| | | | | | | | | | | | | | | | CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character this time with the recipe changes. (From OE-Core master rev: 62d6876033476592a8ca35f4e563c996120a687b) (From OE-Core rev: 9ca5534b1d8ce71eb150964e11ce79ba79ced7e4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* foomatic-filters: Security fix CVE-2015-8560Armin Kuster2016-03-032-0/+26
| | | | | | | | | | | | | | CVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character (From OE-Core master rev: 307056ce062bf4063f6effeb4c891c82c949c053) (From OE-Core rev: 4f92365ebfb382509d152dfe6220e225193645f1) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-2198Armin Kuster2016-03-032-0/+46
| | | | | | | | | | | | | | CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write (From OE-Core master rev: 646a8cfa5398a22062541ba9c98539180ba85d58) (From OE-Core rev: 082031bdd4b5c5d4acea816c95d94a731b7855c2) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libbsd: Security fix CVE-2016-2090Armin Kuster2016-02-182-1/+53
| | | | | | | | | | | | CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd affects libbsd <= 0.8.1 (and therefore not needed in master) (From OE-Core rev: ab29efb8e85020a3621079c7fde217c1bfaa5289) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>