| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Paul Gortmaker released another 4.12-stable that comprises the following
changes:
23dcfbfbca0a Linux 4.12.22
d4879ce5efb7 arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
77915e1a7544 arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
b06fbedb6e14 arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
1f400b388a20 arm/arm64: smccc: Make function identifiers an unsigned quantity
f5d3afa3aecc firmware/psci: Expose SMCCC version through psci_ops
4c69d3a66e60 firmware/psci: Expose PSCI conduit
cfec930a45f8 arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
9e9697733818 arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
2a8574eb6e3f arm/arm64: KVM: Turn kvm_psci_version into a static inline
2c79f828dfed arm64: KVM: Make PSCI_VERSION a fast path
042626a87234 arm/arm64: KVM: Advertise SMCCC v1.1
48a9e563e528 arm/arm64: KVM: Implement PSCI 1.0 support
28283de68052 arm/arm64: KVM: Add smccc accessors to PSCI code
33d47367626b arm/arm64: KVM: Add PSCI_VERSION helper
82ca1dcebf95 arm/arm64: KVM: Consolidate the PSCI include files
efb7c6b5b7f9 arm64: KVM: Increment PC after handling an SMC trap
b720b7837ed8 arm64: Branch predictor hardening for Cavium ThunderX2
6f2750c7a1c9 arm64: Implement branch predictor hardening for Falkor
b56fa11959a7 arm64: Implement branch predictor hardening for affected Cortex-A CPUs
5eb80f970c49 arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
cf45e77d8106 arm64: entry: Apply BP hardening for suspicious interrupts from EL0
e9c2f25bf62d arm64: entry: Apply BP hardening for high-priority synchronous exceptions
b4f51ebd0fc3 arm64: KVM: Use per-CPU vector when BP hardening is enabled
e8f7c5ba8c70 arm64: Move BP hardening to check_and_switch_context
e2c124fa14e1 arm64: Add skeleton to harden the branch predictor against aliasing attacks
ddd305f0fdf8 arm64: Move post_ttbr_update_workaround to C code
204d987e7143 drivers/firmware: Expose psci_get_version through psci_ops structure
8880e6380d91 arm64: cpufeature: Pass capability structure to ->enable callback
48017c15187b arm64: Run enable method for errata work arounds on late CPUs
cf64258fb122 arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
7d550f8cb119 arm64: futex: Mask __user pointers prior to dereference
b9d01590df34 arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
1b74ca827ed3 arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
41b08b7c365b arm64: uaccess: Prevent speculative use of the current addr_limit
1736debe11ef arm64: entry: Ensure branch through syscall table is bounded under speculation
84e4780beea5 arm64: Use pointer masking to limit uaccess speculation
d77d4c9aa433 arm64: Make USER_DS an inclusive limit
b96ab81a6468 arm64: Implement array_index_mask_nospec()
21eb21937d8e arm64: barrier: Add CSDB macros to control data-value prediction
da1217a79997 arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
c20b48f5b7a3 arm64: entry: Reword comment about post_ttbr_update_workaround
15d4d37f7709 arm64: Force KPTI to be disabled on Cavium ThunderX
3489abd67e33 arm64: kpti: Add ->enable callback to remap swapper using nG mappings
b154d9be8c6f arm64: mm: Permit transitioning from Global to Non-Global without BBM
1610bb019302 arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
250a3a64585f arm64: Turn on KPTI only on CPUs that need it
32da2aa26b97 arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
93d290bbe8f1 arm64: kpti: Fix the interaction between ASID switching and software PAN
923618230c12 arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
51218390beb6 arm64: capabilities: Handle duplicate entries for a capability
630cf7161fca arm64: Take into account ID_AA64PFR0_EL1.CSV3
4b7ebe5c3644 arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
e09f32469091 arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
8202169d678a arm64: use RET instruction for exiting the trampoline
414d9eabda3d arm64: kaslr: Put kernel vectors address in separate data page
fce92f180168 arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
83584a583bff arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
4732b98b6400 arm64: cpu_errata: Add Kryo to Falkor 1003 errata
85dacaa58475 arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
bb0fa2f9cece arm64: entry: Hook up entry trampoline to exception vectors
df7f7308d5f0 arm64: entry: Explicitly pass exception level to kernel_ventry macro
14bcc912ca7e arm64: mm: Map entry trampoline into trampoline and kernel page tables
c30f47afaa64 arm64: entry: Add exception trampoline page for exceptions from EL0
21b891bf770f arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
09e8df92ba8e arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
6832da386e60 arm64: mm: Allocate ASIDs in pairs
bfd2ff25b585 arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
1e4477930e5e arm64: mm: Rename post_ttbr0_update_workaround
1e1890551573 arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
0223b2589432 arm64: mm: Move ASID from TTBR0 to TTBR1
9fe82f4ebdc3 arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
199f832ebf00 arm64: mm: Use non-global mappings for kernel space
e9b0e14af7e3 arm64: move TASK_* definitions to <asm/processor.h>
cab5207f57fd brd: remove unused brd_mutex
7522521435a4 arm/syscalls: Optimize address limit check
797f169015c5 Revert "arm/syscalls: Check address limit on user-mode return"
3056c8f5be3a syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check
74116ef5625a arm64: add VMAP_STACK overflow detection
0d82fd80a2d1 arm64: add on_accessible_stack()
c38502bc1472 arm64: add basic VMAP_STACK support
c3a53247c1ff arm64: use an irq stack pointer
73dcb6d84040 arm64: assembler: allow adr_this_cpu to use the stack pointer
344a8e142697 arm64: factor out entry stack manipulation
59c4a6fb5606 efi/arm64: add EFI_KIMG_ALIGN
1a5300c6063f arm64: move SEGMENT_ALIGN to <asm/memory.h>
3969d302c52f arm64: clean up irq stack definitions
f030f0edba48 arm64: clean up THREAD_* definitions
1f3c78245a4a arm64: factor out PAGE_* and CONT_* definitions
8a5bc40e0c93 arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP
deba543af0b8 fork: allow arch-override of VMAP stack alignment
774f64ce7b0f arm64: remove __die()'s stack dump
7342855775d5 arm64: unwind: remove sp from struct stackframe
553dbcbcff1d arm64: unwind: reference pt_regs via embedded stack frame
926b0fe43412 arm64: unwind: disregard frame.sp when validating frame pointer
da32ad8b5c11 arm64: unwind: avoid percpu indirection for irq stack
eac4e8ecdd77 arm64: move non-entry code out of .entry.text
b341e176374e arm64: consistently use bl for C exception entry
3cdad1f0b9d0 arm64: Add ASM_BUG()
01ace65c9150 arm64/vdso: Support mremap() for vDSO
8050b6ba63cb arm64: Handle trapped DC CVAP
0ee09d69dc93 arm64: Expose DC CVAP to userspace
704046e3e554 arm64: Convert __inval_cache_range() to area-based
b40935f19c73 arm64: mm: Fix set_memory_valid() declaration
29530b5b549e arm64: Abstract syscallno manipulation
f9f1c9d7d767 arm64: syscallno is secretly an int, make it official
ab69949ffe23 x86/tracing: Build tracepoints only when they are used
03793940e25c x86/tracing: Disentangle pagefault and resched IPI tracing key
2822852ed8a5 x86/idt: Clean up the i386 low level entry macros
d5654eb18f73 x86/idt: Remove the tracing IDT completely
0d38071a05e7 x86/smp: Use static key for reschedule interrupt tracing
4ef6e0f37891 x86/smp: Remove pointless duplicated interrupt code
40b216cec86d x86/mce: Remove duplicated tracing interrupt code
03f41cf538fd x86/irqwork: Get rid of duplicated tracing interrupt code
418b9a493901 x86/apic: Remove the duplicated tracing versions of interrupts
5be95f8dfffe x86/irq: Get rid of duplicated trace_x86_platform_ipi() code
bd936c5d828a x86/apic: Remove the duplicated tracing version of local_timer_interrupt()
f4971407abbb x86/traps: Simplify pagefault tracing logic
2f436623b2c3 x86/tracing: Introduce a static key for exception tracing
4395735bf0a9 arm64/syscalls: Check address limit on user-mode return
3e1d12839e05 arm/syscalls: Check address limit on user-mode return
649cd48799ef x86/syscalls: Check address limit on user-mode return
8fe35f321cd3 audit: fix memleak in auditd_send_unicast_skb.
4b1e889a4dd0 arm64: ptrace: Flush user-RW TLS reg to thread_struct before reading
75a382c72d50 arm64: Add dump_backtrace() in show_regs
(From OE-Core rev: 9edeb4733e4a49d11febadc0e282c68c05e39575)
(From OE-Core rev: 87b88590ec4f9fce8a9d1bcc56631f17abd137f0)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From yocto-docs rev: f2ccccd9098b11b6dbfa4edbe240cc9c47893b60)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
poky.ent - variables updated
mega-manual.sed - 2.4.3 replaced 2.4.2
<manual>.xml - Updated the manual revision tables for a "June 2018"
date.
(From yocto-docs rev: 62919ae0c15f12f0fcb75e3fc78387ab756d07a3)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
For commit 8608810da1c91116415dc568b2a1a929c923c629, the
special token (*) addition did not apply to the rocko release.
I have taken that out of the variable description.
(From yocto-docs rev: a7ba7b6e9b4fcb457d43fc1e86aa0dbcefe1399e)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
| |
(From yocto-docs rev: 0bc79b58022a44168074eb9081e15c49e658c01d)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Describes the new wildcard syntax
(From yocto-docs rev: 8608810da1c91116415dc568b2a1a929c923c629)
Signed-off-by: Joshua Watt <jpewhacker@gmail.com>
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I updated the notes to help the user get the version of the
docs that they are interested in. Sometimes a search using the
web returns really old versions of the manual and the user
is clueless about using a manual that is not matching the
YP release they are working with.
(From yocto-docs rev: d0ef1c7edec0a28ce8a49992b71e6d3c878cdbb4)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Explicitly capture and ignore errors when trying to load the optional
'custom.xml' fixture file.
[YOCTO #12554]
(Bitbake rev: 5b26fc8e332daaed092cdbafea3f0b8e11e5e7ae)
Signed-off-by: David Reyna <David.Reyna@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix typo in shutdown code to kill threads when "kill -0" is not enough.
Use the '--noreload' flag for 'runserver' so that there are no extra
and unaccounted threads.
[YOCTO #12555]
(Bitbake rev: 14079cb1fd497799548c677962d89c02a6d2bf92)
Signed-off-by: David Reyna <David.Reyna@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 0d70ca998b3bdc18db6a5644f4ed8797fd0e7ddd)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From meta-yocto rev: 52883b21ee64c04db23a6fb3f32b33c39d54b324)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
(From meta-yocto rev: 08884dc6ed749da5e7f73c9045a56d2dd53827bb)
(From meta-yocto rev: 5de52cf4a74f6d87f7f62f322f8f39f3f4f0a136)
Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump to stable kernel release 4.12.21.
(From meta-yocto rev: de49fbc8dda014ab26294ff97955d545dd09123c)
(From meta-yocto rev: c0fee7423ae9321a2f0d28036abee62bef6360ea)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An elevation of privilege vulnerability in libnl could enable a local
malicious application to execute arbitrary code within the context of
the Wi-Fi service. This issue is rated as Moderate because it first
requires compromising a privileged process and is mitigated by
current platform configurations. Product: Android. Versions: 5.0.2,
5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. NOTE: this
issue also exists in the upstream libnl before 3.3.0 library.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0553
Backport fix from upstream libnl 3.3.0 release:
https://github.com/thom311/libnl/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
http://lists.infradead.org/pipermail/libnl/2017-May/002313.html
(From OE-Core rev: f452fbc5d2ffb9c1417079574bed0dfcdc44787a)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
termlib needs to be disabled on some targets e.g. mingw
this change paves the way for doing that. Functionally
it does not change anything for other platforms
(From OE-Core rev: 88f33e1e5ba4f85093f60a296cba3ee1c1341c43)
(From OE-Core rev: 82fc84b059367917690336d279cd8cab679d63ed)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ncurses doesn't honour ${libdir} for terminfo, so try more options to remove it.
(From OE-Core rev: 17fd322e925cf492b22c75e296d5fee31e3511db)
(From OE-Core rev: 3d07d4a1e8a7324437e2f37ffcafbb032a086008)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Other sections of the .inc already use mkdir -p, so use it here as well.
(From OE-Core rev: 62434e5021b99391a0c129a40bf943465a19e7ce)
(From OE-Core rev: f7538ee974d5bb07be193a3c8e31a05087bcc990)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Drop backported CVE fix
includes cves:
CVE-2017-10684
CVE-2017-10685
CVE-2017-11112
CVE-2017-11113
(From OE-Core rev: 382e861b8c89c65b3538c706361767eff78d4a5a)
(From OE-Core rev: 6e7b9c78aca121301e9c92ed9cdb65f1a7613ee0)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Align package.py is_elf() with recent changes in package.bbclass
isELF():
http://git.openembedded.org/openembedded-core/commit/?id=7877761534b0c2492da6289e9f2269d41b6ed464
(From OE-Core rev: 5fcb57ffd67384b3487d0a1b83a1f13d52a15eb7)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ab056c7f6065f310be4dd256ceb45f85ff981f69)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The isELF function works by running:
result = file <pathname>
if 'ELF' in result
By default 'file' will prepend the result with the path name of the file
that is being checked. This usually works fine, such as:
$ file /home/foo/openembedded-core/meta/classes/package.bbclass
/home/foo/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines
However, if the path includes 'ELF', ELF will end up in the result, and then
the check will return positive.
$ file /home/ELF/openembedded-core/meta/classes/package.bbclass
/home/ELF/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines
This will then result in the isELF coming back true, and possibly causing the
checks that use isELF, such as the 'is it already stripped' check, to do the
incorrect thing.
Adding the '-b' option to file will result in the path being omitted in the
result:
$ file /home/ELF/openembedded-core/meta/classes/package.bbclass
Python script, ASCII text executable, with very long lines
(From OE-Core rev: b6d5729a0f0e6f2c8b36d425a18e9e2ed26f5de0)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 5a324e9b2cf6378f8eaa4e394f9cb36d4e2680ac)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apparently there are recipes in the wild which generate files with
filenames containing '$' characters - which cause errors during
packaging.
Instead of adding another special case to escape '$' characters when
constructing the command passed to oe.utils.getstatusoutput(), switch
to using single quotes to quote the path - and therefore make isELF()
consistent with the way filenames and paths are quoted by every other
caller of oe.utils.getstatusoutput() in oe-core.
(From OE-Core rev: 080f0ee910684beb8bc263d5a45d3aa39b6ee647)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 7877761534b0c2492da6289e9f2269d41b6ed464)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 46ddc11a8be79515b4ab9f9f7568c3d624ac72fe.
The change is good in master but became subtly broken during the
backport to rocko. Either the path passed to file should be quoted
using double quotes (with any " chars in the path being escaped) or
the path should be quoted using single quotes (and then any " chars
in the path should NOT be escaped). Escaping " chars and using single
quotes will cause problems for filenames containing " chars.
(From OE-Core rev: 534a4e6775e5b4030619b20ae1f6a319adadccf5)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dot releases are maint only.
2.4.4 included:
CVE-2017-17742: HTTP response splitting in WEBrick
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
CVE-2018-8777: DoS by large request in WEBrick
CVE-2018-8778: Buffer under-read in String#unpack
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
2.4.3 includes:
CVE-2017-17405: Command injection vulnerability in Net::FTP
(From OE-Core rev: 7003a36ef3f686af97798ff6f4bc7b3473f937de)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761)
(From OE-Core rev: 02fe324eb6913b27961e8e30c5510c89733dd011)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The dbm module uses gdbm by default which is also a build dependency.
(From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9)
(From OE-Core rev: f18fe9f116bd6697ded5d93eeccdfea7c3215d7b)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.
commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed Apr 12 00:21:18 2017 +0000
Merge json-2.0.4.
* https://github.com/flori/json/releases/tag/v2.0.4
* https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438)
(From OE-Core rev: 59fed1c288bc8d5549fffccedcc24ae9f4f32dac)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While installing grub and grub-efi, there are conflict files
in ${sysconfdir} ${datadir} ${bindir} ${sbindir}.
- Since all of the conflicted files are tools which is
common for grub and grub-efi, we split them (except
grub-editenv) to grub-common in grub.
- The package grub-common runtime depends grub-editenv
- The package grub-editenv runtime provides grub-efi-editenv
- Remove SYSROOT_DIRS_BLACKLIST
- The recipe grub-efi does not generate the duplicated files
and use runtime depends grub-common to instead
Debian and Fedora do the similar thing.
Debian use a common package grub-common for both of pc bios and efi,
and use package grub-pc-bin for pc bios, grub-efi-amd64-bin for efi.
Both of grub-pc-bin and grub-efi-amd64-bin requires grub-common.
https://packages.debian.org/sid/grub-common
https://packages.debian.org/jessie/grub-pc-bin
https://packages.debian.org/jessie/grub-efi-amd64-bin
Fedora use a common package grub2-tools for both of pc bios and efi,
and use package grub2 for pc bios, grub2-efi-modules for efi.
Both of grub2 and grub2-efi-modules requires grub2-tools.
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/g/grub2-tools-2.02-0.34.fc24.x86_64.html
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/g/grub2-2.02-0.34.fc24.x86_64.html
https://www.rpmfind.net/linux/RPM/fedora/devel/rawhide/x86_64/g/grub2-efi-modules-2.02-0.34.fc24.x86_64.html
[YOCTO #11639]
(From OE-Core rev: 60c360c0561f1ff5ff2135c4557f5992f9485617)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* with RSS used in pyro this script isn't very useful anymore
* RSS makes sure that the dependencies are almost always deterministic
the only case known to me where dependencies are different based on
what was already built in TMPDIR are runtime dependencies resolved
by shlibs code in package.bbclass (which is using global pkgdata, not
specific to given recipe and its RSS) as described here:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=9217#c4
but for this case it's not worth running complete test-dependencies.sh
runs
(From OE-Core rev: 522005e722ceb1d1447826e6d7a36d43e49d0450)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* this doesn't work correctly as discussed in:
http://lists.openembedded.org/pipermail/openembedded-commits/2018-January/218460.html
* some of the issues were fixed in master since then
but not all, so revert it until it's completely resolved
This reverts commit eac21f981337bfaddb2d67161a1ff049158041ce.
(From OE-Core rev: 74c26c2f63121d92d50b0cca4d3288b8d196b777)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
Affects: Perl < 5.24.3-rc1 and 5.26.x before 5.26.1-RC1
(From OE-Core rev: d20917f3ce9ac45fb9562d1cabf7ddc212b1d07a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add Perl's patch submitted to upstream to be compiled along with glibc with libcrypt split.
(From OE-Core rev: 79703d83790a2973fefdb0e12e125b5f17e98cdf)
(From OE-Core rev: 53eef48621b19a1b88c042f9ee5eeb84d9746c64)
Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@essensium.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: ded47001bec3fbbcbcdbe358a32c14ed0322d431)
Updating is safer than backporting the CVE fixes.
Included CVE:
CVE-2017-16548
CVE-2017-15994
CVE-2017-17434
CVE-2017-17434
CVE-2018-5764
plus many bugfixes
(From OE-Core rev: 3f244c68defd45d89107ff58a95c8d4462faeaed)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
ERROR: mpfr-native-3.1.5-r0 do_checkuri: Fetcher failure for URL: 'http://www.mpfr.org/mpfr-3.1.5/mpfr-3.1.5.tar.xz'. URL http://www.mpfr.org/mpfr-3.1.5/mpfr-3.1.5.tar.xz doesn't work
ERROR: mpfr-native-3.1.5-r0 do_checkuri: Function failed: do_checkuri
Found gnu has the same copy
(From OE-Core rev: ee3de1e4963ae56515be3a56b473f25ace286511)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Its possible some dynamic runtime library in the dependency chain may
come from sstate and link to libraries which need the libc from
uninative. If we don't do this and binaries are run at do_install time
they would fail to find the symbols from the later libc. Examples:
cmake-native do_install:
bin/cmake: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by TOPDIR/tmp/work/x86_64-linux/cmake-native/3.10.3-r0/recipe-sysroot-native/usr/lib/libexpat.so.1)
dbus-native do_install:
tmp/work/x86_64-linux/dbus-native/1.12.2-r0/build/bus/.libs/lt-dbus-daemon: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.25' not found (required by /home/pokybuild/yocto-autobuilder/yocto-worker/nightly-x32/build/build/tmp/work/x86_64-linux/dbus-native/1.12.2-r0/recipe-sysroot-native/usr/lib/libexpat.so.1)
This issue is resolved when the interpreter is changed at sstate unpack
time but this isn't soon enough to avoid issues at compile/install time.
By specifing which dynamic linker/loader to use at compile time, this
race window is removed entirely.
(From OE-Core rev: 35867ee035030ab76fc9ccdb0eb1c3f80126301c)
(From OE-Core rev: cead3c4925d39f8adc328007d8a8c1b23cc72842)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We have a problem when for example, a glibc 2.27 based system builds some
library like libpopt-native and puts it into sstate then it is reused
on a pre glibc-2.27 system to build something which depends on popt like
rpm-native. This results in an error like:
recipe-sysroot-native/usr/lib/libpopt.so: undefined reference to `glob@GLIBC_2.27'
In the past we've had this problem with new symbols like getrandom and
getentropy, here its with a more complex symbol where there is an old
version and a newer version.
We've looked into various options, basically we cannot link against our
uninative libc/ld.so since we don't have the right headers or compiler
link libraries. The compiler doesn't allow you to switch in a new set
either, even if we did want to ship them. Shipping a complete compiler,
dev headers and libs also isn't an option.
On the other hand if we follow the ld man page, it does say:
"""
The reasons for allowing undefined symbol references in shared libraries
specified at link time are that:
- A shared library specified at link time may not be the same as the one
that is available at load time, so the symbol might actually be
resolvable at load time.
"""
which is exactly this case. By the time the binary runs, it will use
our uninative loader and libc and the symbol will be available.
Therefore we basically have a choice, we get weird intermittent bugs,
we drop uninative entirely, or we pass this option.
If we pass the option, we can drop the other workarounds too.
(From OE-Core rev: 75a62ede393bf6b4972390ef5290d50add19341a)
(From OE-Core rev: d18bf7fa8e80d6cfaf3fdbe1ab06eec84b954432)
(From OE-Core rev: 4545f5436a5a106154680825ecb1cb60437faa91)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Clean up for Rocko context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We just ran into an issue where tar failed to build on one server setup
but built everywhere else just fine.
It was running makeinfo to regenerate some docs files and makeinfo was too
old for the host it was running on. There was no dependency on makeinfo-native
as it was not meant to be regenerating the docs.
It was being regenerated as a date from a timestamp used in the docs
was different in Asian timezones than in the other timezones our builds
were being tested in.
I added an entry to https://wiki.yoctoproject.org/wiki/TipsAndTricks/
about how this was debugged.
As such, lets default to setting and exporting TZ to 'UTC' as was already
pioneered by the reproducibile builds work. This makes the builds
deterministic.
[YOCTO #12665]
(From OE-Core rev: 2a90ae7a3286724ff9e3615c4dbf56038f703810)
(From OE-Core rev: e31f31f81efe4b60938b724bece2a03c7c74a68d)
(From OE-Core rev: 2c72aa56e6065100582cb17f281c4c11521712e6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Drop simple.bbclass changes]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes the libxcrypt change which allows uninative to work on fedora28.
(From OE-Core rev: 4b27ab6487a54b42a52aa16e98ea4d19fa62b5ae)
(From OE-Core rev: 0685eb697f1dfa3b858b6e594cbd8e6070b4fbb8)
(From OE-Core rev: 2b462bdc2b9bad40425769ece380e46b52cca095)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The isELF function works by running:
result = file <pathname>
if 'ELF' in result
By default 'file' will prepend the result with the path name of the file
that is being checked. This usually works fine, such as:
$ file /home/foo/openembedded-core/meta/classes/package.bbclass
/home/foo/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines
However, if the path includes 'ELF', ELF will end up in the result, and then
the check will return positive.
$ file /home/ELF/openembedded-core/meta/classes/package.bbclass
/home/ELF/openembedded-core/meta/classes/package.bbclass: Python script, ASCII text executable, with very long lines
This will then result in the isELF coming back true, and possibly causing the
checks that use isELF, such as the 'is it already stripped' check, to do the
incorrect thing.
Adding the '-b' option to file will result in the path being omitted in the
result:
$ file /home/ELF/openembedded-core/meta/classes/package.bbclass
Python script, ASCII text executable, with very long lines
(From OE-Core rev: 5a324e9b2cf6378f8eaa4e394f9cb36d4e2680ac)
(From OE-Core rev: 46ddc11a8be79515b4ab9f9f7568c3d624ac72fe)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[fixup for Rocko]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156
* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566
* Fix arbitrary command execution in ed-style patches:
- src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
- tests/ed-style: New test case.
- tests/Makefile.am (TESTS): Add test case.
(From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270)
(From OE-Core rev: 413c54e0698589b17976e88fa7ab76e5dbac51aa)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951
* upstream tracking: http://savannah.gnu.org/bugs/?53132
* Fix segfault with mangled rename patch
- src/pch.c (intuit_diff_type): Ensure that two filenames are specified
for renames and copies (fix the existing check).
(From OE-Core rev: cdf74e1c67698b2d44a7460ff7d365d6da7b7b96)
(From OE-Core rev: e628af83e8d00ed3e3db318b323a9f5e48d35aae)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade patch from 2.7.5 to 2.7.6.
(From OE-Core rev: e5dcd58e5b2ef0b8e2bbe90e9bb1cede4e76bf75)
(From OE-Core rev: 6ecaabfff944773a09096a9ce293842c7c00b3a1)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix CVE-2017-3144
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3144
https://kb.isc.org/article/AA-01541
Patch from:
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=5097bc0559f592683faac1f67bf350e1bddf6ed4
(From OE-Core rev: bcbe9025560dee658c0ead566384e1a8647cebf9)
(From OE-Core rev: cf029db42a6bb96203d2d6bb64a62e6eeec9be8d)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When it was something else than /usr/libexec (e.g. when
installing native SDK packages), things broke down.
(From OE-Core rev: d99e819a6cbde6d1116c434ddba4c5f8eca7e6d8)
(From OE-Core rev: 1c8c163bfb736518f66276eca5765c493b8cc787)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
recipe parsing
When uninative is activated (poky's default) internal datastore variables are modified (NATIVELSBSTRING and SSTATEPOSTUNPACKFUNCS) to enable uninative
support. This is happening after parsing is done at the beginning of the build. On the next bitbake call the recipe would be parsed if the two
variables above were not added to the parsing whitelist BB_HASHCONFIG_WHITELIST.
The fix is to add these two variables to the recipe parsing whitelist BB_HASHCONFIG_WHITELIST, this is done at recipe parsing time, only when
uninative.bbclass is used.
(From OE-Core rev: 75bb95ada98ef129d2fa48568f27dddb078c852c)
(From OE-Core rev: ca52b8e4f32063234815493746c4059392862af8)
Signed-off-by: Cuero Bugot <cbugot@sierrawireless.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By default, RPM_SIGN_PACKAGES is not defined. Add gpgcheck=0 to
oe-remote-repo.repo file, otherwise dnf will complain during
install operation on target
Note, RPM_SIGN_PACKAGES is set only when you inherit sign_rpm explicitly
(From OE-Core rev: 002a71eaa7606828c399972d8fd35e19e7b71929)
(From OE-Core rev: 21ca5428fa320aa4c925fe8a1a141c7df863fa84)
Signed-off-by: Manjukumar Matha <manjukumar.harthikote-matha@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a fr_FR locale is found, it is automatically tested. The test
will fail if the locale is UTF-8, as the test blindly assumes
(and expects) a non-UTF fr_FR locale.
The remedy is to skip the test.
[YOCTO #12215]
(From OE-Core rev: 4cedddb83623c79980b354642dfeaf78218ca4b7)
(From OE-Core rev: ebb6c4f6a2bb6a6be4b3c4f8b7095bad529c62ea)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Please see this security advisory:
https://www.openssl.org/news/secadv/20180327.txt
Remove 0001-Remove-test-that-requires-running-as-non-root.patch
(issue fixed upstream)
Remove 0001-aes-asm-aes-armv4-bsaes-armv7-.pl-make-it-work-with-.patch
(backport)
License-Update: copyright years
(From OE-Core rev: 96d5e9c186fb83f1b5d9b38ace0b1222c3c04c54)
(From OE-Core rev: a4f7a637d9a2c738f217c67394a98f6081149022)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Please see this security advisory:
https://www.openssl.org/news/secadv/20180327.txt
License-Update: copyright years
(From OE-Core rev: 13542282e34c078296c46a98721b31ed9a69a980)
(From OE-Core rev: 9460cdd9227edcca425b919d5b9061d1da55528b)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The recipes were using 'basename' to turn '/usr/lib' into 'lib', which breaks when libdir is '/usr/lib/tuple', leading to libraries ending up in '/usr/tuple', which isn't in FILES_*. Change the logic to use sed to strip the prefix instead.
(From OE-Core rev: e58d5521c7bae8daafdac85754545be176550a02)
(From OE-Core rev: 373763d4f6668c3e324edf8d699c8c15d0267278)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch was applied in a completely incorrect spot (due to fuzz),
no one noticed or complained. Meanwhile upstream says the issue
has been resolved differently:
https://rt.openssl.org/Ticket/Display.html?id=3759&user=guest&pass=guest
(From OE-Core rev: 325e516b59e677dc8e2c5756589fa8037b3e9392)
(From OE-Core rev: d7f682f592538073eefd24bf06c32e8e2e685f05)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|