summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* tar: Fix CVE-2018-20482Dan Tran2019-12-162-0/+406
| | | | | | | | (From OE-Core rev: 95ab1519ea5f1a0ed73f6f484bcf15fde5de8140) Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: CVE-2019-12904Shubham Agrawal2019-12-163-0/+508
| | | | | | | | | | fix Upstream-Status: Backport (From OE-Core rev: fbc13f9774497866441916a95e12cc1e9d29b7b4) Signed-off-by: Shubham Agrawal<shuagr@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sdk: Install nativesdk locales for all TCLIBC variantsKhem Raj2019-12-161-4/+0
| | | | | | | | | | | | | | | | | | | | | | | install_locales() here is actually operating on nativesdk and only glibc is the default library for nativesdk, since thats what most of desktop/server distros use, therefore bailing out based on TCLIBC is not needed here, since nativesdk-glibc would be required for all non-glibc targetting SDKs as well. Fixes SDK install time error ERROR: OE-core's config sanity checker detected a potential misconfiguration. Either fix the cause of this error or at your own risk disable the checker (see sanity.conf). Following is the list of potential problems / advisories: Your system needs to support the en_US.UTF-8 locale. ERROR: SDK preparation failed (From OE-Core rev: 4a17afb3fe42cbc01c52b2d5357f6021bf782c01) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* at-spi2: fix dbus-daemon pathJed2019-12-161-1/+1
| | | | | | | | | | | "dbus_daemon" is supposed to be set to the full dbus-daemon file path, not just its directory. (From OE-Core rev: 3aead67fc219ab20617a2a0462cba550a08a4455) Signed-off-by: Jed <jed.openxt@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: runqueue: fix multiconfig task dependency filteringKyle Russell2019-12-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | multiconfig dependencies should be excluded from BB_TASKDEPDATA. However in thud, multiconfig filtering on task dependencies doesn't happen until after deps has already been added to taskdepdata. One manifestation of this results in multiconfig dependencies leaking into staging processing. File: 'exec_python_func() autogenerated', lineno: 2, function: <module> 0001: *** 0002:extend_recipe_sysroot(d) 0003: File: '/home/user/thud/meta/classes/staging.bbclass', lineno: 344, function: extend_recipe_sysroot 0340: #bb.note(" start is %s" % str(start)) 0341: 0342: # Direct dependencies should be present and can be depended upon 0343: for dep in set(start): *** 0344: if setscenedeps[dep][1] == "do_populate_sysroot": 0345: if dep not in configuredeps: 0346: configuredeps.append(dep) 0347: bb.note("Direct dependencies are %s" % str(configuredeps)) 0348: #bb.note(" or %s" % str(start)) Exception: KeyError: 'multiconfig:musl:/home/user/thud/meta/recipes-kernel/linux/linux-yocto_4.18.bb:do_deploy' This can be reproduced on thud by backporting the multiconfig.MultiConfig.test_multiconfig test and mcextend bbclass from warrior. d22b6e03a5504145abed7c2ca44cf12854df85da mcextend: Add helper class useful for multiconfig d9018a3d9c828551c465b68b27920ec4681524ae selftest: Add multiconfig test Flipping the ordering to match warrior's behavior fixes the test case. (Bitbake rev: b690030efc87850951e8e3ecf4ae3c1dd1dc9b63) Signed-off-by: Kyle Russell <bkylerussell@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/4.14: meta-yocto-bsp update to 143Armin Kuster2019-11-161-10/+10
| | | | | | | (From meta-yocto rev: 347093d4d24eac8165e2be66a4a7503af4bfc833) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta-yocto-bsp: Bump to the latest stable kernel for the BSPsKevin Hao2019-11-162-20/+20
| | | | | | | | | | | | | | | | In order to fix a systemtap bug [1] on arm board, we backport a kernel patch from v5.0 kernel to v4.14 & v4.18 kernel, then need to bump the kernel version to include this patch. Even this is only an arm specific bug, we would like to bump the kernel version for the BSPs at the same time. Boot test for all the boards. [1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=13273 (From meta-yocto rev: 23ea5a859346f19ea3a53451702621e9102c853d) Signed-off-by: Kevin Hao <kexin.hao@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: fetch2: Ensure cached url data is matched to a datastoreRichard Purdie2019-11-131-2/+2
| | | | | | | | | | | | | | | | | | | | There was a weird error in OE-Core where "devtool modify virtual/kernel" was showing basehash mismatch errors. This was due to SRCPV sometimes being: AUTOINC+b867b78b50_47b80ef7bd and sometimes AUTOINC+b867b78b50_255a750d28. The latter hash comes from KBRANCH and meant sometimes the correct branch was seen, sometimes it was not. The issue was complicated by the execution using a remote datastore over tinfoil. The problem turns out to be a fetcher caching error. If the datastore changes, the cached url data may not be valid. We therefore ensure we match cached url data against the datastore that generated it, which appears to fix this issue. (Bitbake rev: 97067634b1f149b56844b10e3a5e8d0d980b6e34) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* documentation: Setup for 2.6.4 releaseScott Rifenbark2019-11-1011-33/+83
| | | | | | | | | | | | * Updated poky.ent to use 2.6.4 stuff * Updated mega-manual.sed to use "2.6.4" string * Updated all the <manual>.xml files manual revision table to be "November 2019" (From yocto-docs rev: 607598f72bc3e7393ccf7c6380c03dddef3bb41c) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: bitbake-worker child process create group before registering ↵Ivan Efimov2019-11-071-3/+5
| | | | | | | | | | | | | | | | | | SIGTERM handler The bitbake-worker child on the SIGTERM signal handling send the SIGTERM to all processes in it's process group. In cases when the bitbake-worker child got SIGTERM after registering own SIGTERM handler and before the os.setsid() call it can send SIGTERM to unwanted processes. In the worst case during SIGTERM processing the bitbake-worker child can be in the group of the process that started BitBake itself. As a result it can kill processes that not related to BitBake at all. (Bitbake rev: b51877cbb8a7c713aa2bcec8354ec66e2f3dad51) Signed-off-by: Ivan Efimov <i.efimov@inango-systems.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to thud head revisionyocto-2.6.4thud-20.0.4Richard Purdie2019-10-171-1/+1
| | | | | | (From OE-Core rev: cd7cf933b3235560ec71576d8f3836dff736a39f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "OpkgPM: use --add-ignore-recommends to process BAD_RECOMMENDATIONS"Armin Kuster2019-10-172-2/+41
| | | | | | | | | | | | | This reverts commit e8cd30ba6cec854d85c7ad47edc208107858a5d7. This backport introduced an issue not seen the AB QA. Issue can be seen if BAD_RECOMMENDATIONS_append = " udev-hwdb" is used (From OE-Core rev: 5110080fbecd3f1cf43797c7eeb742951d88d1a8) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to thud head revisionRichard Purdie2019-10-151-1/+1
| | | | | | (From OE-Core rev: bace400528115927ed0efa3cd941c9f9f128a555) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky.conf: Bump version for 2.6.4 thud releaseRichard Purdie2019-10-151-1/+1
| | | | | | (From meta-yocto rev: 591984ed1d9f371af0410a91786c60b7cf8e3a5c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security fix for CVE-2019-5482Muminul Islam2019-10-152-0/+69
| | | | | | | | | (From OE-Core rev: 57d30f26c3dbba720079e98d429dfcb53d527d54) Signed-off-by: Muminul Islam <muislam@microsoft.com> [Fixup for thud context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsolv: Security fix for CVEs: <CVE-2018-20532, CVE-2018-20533, CVE-2018-20534>Muminul Islam2019-10-158-0/+472
| | | | | | | | | | | | | | (From OE-Core rev: 82a9850d6ef8cca816f9e0a53a8d20b056f95320) Signed-off-by: Muminul Islam <muislam@microsoft.com> CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 Upstream-Status: Backport Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: Fix CVE-2019-3829 and CVE-2019-3836Dan Tran2019-10-155-0/+985
| | | | | | | | (From OE-Core rev: 54c6892543319c4b8f7248e95966e956053c97b7) Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-devsrc: check for localversion files in the kernel source treec-thaler2019-10-151-0/+9
| | | | | | | | | | | | localversion files are ignored. This might lead to a bad version magic when building out-of-tree modules via SDK. (Backport from master https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-kernel/linux/kernel-devsrc.bb?id=59fcee90de0cbb5b6b8333ab2b0e36214b174e52) (From OE-Core rev: 85da4ccfff2103815eb3cd9a0b0f1af122b05567) Signed-off-by: Christian Thaler <christian.thaler@tes-dst.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Security fix for cve <CVE-2019-6488, CVE-2019-7309>Muminul Islam2019-10-153-0/+483
| | | | | | | | | | | | (From OE-Core rev: d68441ed80fd43f091baf01bfdb47c3ec010c662) Signed-off-by: Muminul Islam <muislam@microsoft.com> CVE: CVE-2019-6488, CVE-2019-7309 Upstream-Status: Backport Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* arch-arm64.inc: Lower the priority of aarch64 in MACHINEOVERRIDESPeter Kjellerstedt2019-10-151-1/+1
| | | | | | | | | | | | This makes sure, e.g., ${SOC_FAMILY} and ${MACHINE} have higher priorities than aarch64. (From OE-Core rev: 3b8db95973fc144b00d59c4797adb405a935cd7c) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel.bbclass: fix installation of modules signing certificatesDmitry Eremin-Solenikov2019-10-151-1/+1
| | | | | | | | | | | | | | | | If one has provided external key/certificate for modules signing, Kbuild will skip creating signing_key.pem and will write only signing_key.x509 certificate. Thus we have to check for .x509 file existence rather than .pem one. (From OE-Core rev: 4972582767a3325d22a16db9a5479c2d0001964b) Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2527e731eba43bd36d0ea268aca6b03155376134) Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: cookerdata: Add mc conffiles hashes to cache hashJoshua Watt2019-10-101-1/+5
| | | | | | | | | | | | | | | | | | | | | The variable values that result from parsing multiconfig should be included in the cooker data hash, otherwise changes to these files won't be detected, which will allow the parsing cache to be loaded with the old values for the multiconfigs. This can either manifest as the variable values simply not updating, or getting basehash changed errors when building. This bug was previously undetected because all of the multiconfig base files were a direct file dependency in all parsed recipes. This was fixed in 34137a00f60 ("bitbake: bitbake: cooker: Rename __depends in all multiconfigs"), exposing this bug. [YOCTO #13541] (Bitbake rev: 6b045e074c6fea97d4e305a5a3c8bf82135d95eb) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uninative: Update to 2.7 releaseMichael Halstead2019-10-101-5/+5
| | | | | | | | | | | | The 2.7 release updates glibc to version 2.30. Recently added to openSUSE Tumbleweed and needed for Fedora Core 31. (From OE-Core rev: e6728a873f1eef335a9e21bdface304f13f0c952) Signed-off-by: Michael Halstead <mhalstead@linuxfoundation.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: Do not apply -Woverride-init guard for gcc >= 9Khem Raj2019-10-104-5/+37
| | | | | | | | | (From OE-Core rev: e40c38afc1747d1ed71c9bd2ab3189bbb1efcee9) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgpg-error: Fix build with gawk 5.xSean Nyekjaer2019-10-102-0/+162
| | | | | | | | | | | | | Based on poky master, but for version 1.35 (From OE-Core rev: ff3b021136d7af66f05475da8475495fe7c653ee) Signed-off-by: Sean Nyekjaer <sean@geanix.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> [backported to thud yocto# 13580] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix build issue on new hosts with glibc 2.30Armin Kuster2019-10-103-0/+146
| | | | | | | | | | | | | | | | | | | | | | This fixes the following error: TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:254:16: error: static declaration of ‘gettid’ follows non-static declaration 254 | _syscall0(int, gettid) | ^~~~~~ TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:185:13: note: in definition of macro ‘_syscall0’ 185 | static type name (void) \ | ^~~~ In file included from /usr/include/unistd.h:1170, from TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/include/qemu/osdep.h:90, from TOPDIR/tmp/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/syscall.c:20: /usr/include/bits/unistd_ext.h:34:16: note: previous declaration of ‘gettid’ was here 34 | extern __pid_t gettid (void) __THROW; | ^~~~~~ (From OE-Core rev: 5b5ca76cc5dd424248c7e687e562597a2c85df57) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wget: Security fixes CVE-2018-20483Andrii Bordunov via Openembedded-core2019-10-103-0/+202
| | | | | | | | | | | | | | | | Source: http://git.savannah.gnu.org/cgit/wget.git/ Type: Security Fix Disposition: Backport from http://git.savannah.gnu.org/cgit/wget.git/ Description: Fixes CVE-2018-20483 (From OE-Core rev: c901bc8cd9de5853185af2059c6f1efeb4ccdd60) Signed-off-by: Aviraj CJ <acj@cisco.com> [Affects Wget before 1.20.1] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: Security fix for CVE-2019-8457Shubham Agrawal2019-10-102-0/+127
| | | | | | | | | (From OE-Core rev: c0c66d213b4b6deb0a5e9a688810d2e9674d3ecf) Signed-off-by: Shubham Agrawal <shuagr@microsoft.com> [Cleaned up patch] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: Fix CVE-2018-18311 to 18314Dan Tran2019-10-105-0/+518
| | | | | | | | | (From OE-Core rev: cffd085ef77d055e5e837887b0eaf820aa982f00) Signed-off-by: Dan Tran <dantran@microsoft.com> [Perl before 5.26.3 and 5.28.x before 5.28.1] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* json-c: Don't --enable-rdrandAdrian Bunk2019-10-101-2/+0
| | | | | | | | | | | | | | | | | | | | | In recent years AMD CPUs have had various problems with RDRAND giving either non-random data or no result at all, which is problematic if either build or target machine has a CPU with this problem. The fallback is /dev/urandom, and I'd trust the kernel here. --enable-rdrand was added in an upgrade to a new upstream version without mentioning any reason. [YOCTO #13534] (From OE-Core rev: fad633eb5c464d4e2a984b9259625bcd150ee357) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: fix CVE-2019-13232Dan Tran2019-10-104-0/+513
| | | | | | | | (From OE-Core rev: 7857d85db69bcb2cb94399a22de6903263e52965) Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* elfutils: CVE fix for elfutilsShubham Agrawal2019-10-103-0/+221
| | | | | | | | | | | | CVE: CVE-2019-7664.patch CVE: CVE-2019-7665.patch Sign off: Shubham Agrawal <shuagr@microsoft.com> (From OE-Core rev: 8ca80002aa21897834b8c9869137461221e50225) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Fix 4 CVEsDan Tran2019-10-107-54/+351
| | | | | | | | | | | | Fixes CVE-2018-18954, CVE-2019-3812, CVE-2019-6778, and CVE-2019-8934. Also deleted duplicated patch and cleanup. (From OE-Core rev: e4b6a39bdf1b660233a7145599cd4fc3e971fc8f) Signed-off-by: Dan Tran <dantran@microsoft.com> [fixup for thud-next] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/context: ensure log directory existsChen Qi2019-10-101-0/+1
| | | | | | | | | | | | | Ensure log directory exists to avoid the following error. FileNotFoundError: [Errno 2] No such file or directory: '/.../build-selftest/tmp/log/oe-selftest-results-20181207043431.log' (From OE-Core rev: c54411d0e03fe1cea8b6bb0c80dea029dd264f36) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/4.14: update to v4.14.143Bruce Ashfield2019-10-083-16/+16
| | | | | | | | | | | Updating to the latest 4.14 -stable. Lightly build and boot tested on qemu* (From OE-Core rev: f5be8c8309a932cde507ba24d042880a922df0b6) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pango: fix CVE-2019-1010238Anuj Mittal2019-10-082-1/+41
| | | | | | | | | | | (From OE-Core rev: 20b23cb40917b1c83b862817b13f0eefc8fa7a64) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 65631a048f57965745dc8cc23cb80c4c3a71ba94) [Fix up for thud context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: backport fixesAnuj Mittal2019-10-083-0/+175
| | | | | | | | | | | | | | | | The original fix for CVE-2018-1000156 was incomplete. Backport more fixes done later for a complete fix. Also see: https://savannah.gnu.org/bugs/index.php?53820 (From OE-Core rev: e2869ff2f76adb2b1ba6f003d6d02d242afe49e8) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 12f9689cba740da6b8c7d9292c74c3992c2e18f2) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2019-13638Trevor Gamblin2019-10-082-0/+45
| | | | | | | | | | | | | (From OE-Core rev: b59b1222b3f73f982286222a583de09c661dc781) (From OE-Core rev: 308c44fd8f1d7d348c6c7cf9054f9c8403d8e8bd) Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 555b0642579c00c41bc3daab9cef08452f9834d5) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: fix CVE-2019-13117 CVE-2019-13118Anuj Mittal2019-10-083-1/+112
| | | | | | | | | | | | (From OE-Core rev: 7dc3048fec88dd62ef49ef16517b7382ab7cf2a5) (From OE-Core rev: 07cd0d606fea63e683c7de7ebfaa6a55170b8318) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for thud context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: Cve fix CVE-2019-11068Muminul Islam2019-10-082-0/+129
| | | | | | | | (From OE-Core rev: c9c3fabddb4e1779ef330f2073f85dce83cb460b) Signed-off-by: Muminul Islam <muislam@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: Fix CVEsDan Tran2019-10-085-0/+599
| | | | | | | | | | | Fixes CVE-2018-14647, CVE-2018-20406, CVE-2018-20852, CVE-2019-9636, CVE-2019-9740, and CVE-2019-9747. (From OE-Core rev: 5862716f22ca9f5745d3bca85c6ed0d8c35c437b) Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: Fix 3 CVEsDan Tran2019-10-083-0/+348
| | | | | | | | | | Fixes CVE-2018-20852, CVE-2019-9740, and CVE-2019-9747 (From OE-Core rev: 3f1c02aa7b7d485e64503d601124c335d4b7299f) Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Fix 4 CVEsDan Tran2019-10-085-0/+342
| | | | | | | | | | | | Fixes CVE-2018-20623, CVE-2018-20651, CVE-2018-20-671, and CVE-2018-1000876 for binutils 2.31.1. (From OE-Core rev: 981eeec0f26f25db444782f40a86c558a2358215) Signed-off-by: Dan Tran <dantran@microsoft.com> [fixed up .inc for thud-next context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: Replace OE specific patch for compatibility with latest bind with ↵Adrian Bunk2019-10-083-2883/+80
| | | | | | | | | | | | | upstream patch This also fixes a dhcp breakage noticed by Enrico Scholz. (From OE-Core rev: 5deab12cdcf1d7372634324e1fd70145ff59f9f9) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: drop lost patchRuslan Bilovol2019-10-081-117/+0
| | | | | | | | | | | | | | | Commit 7cb42ae87ef9 "dhcp: update 4.4.1" dropped 0008-tweak-to-support-external-bind.patch from recipe, but left the patch itself in source tree. Remove this patch since nobody uses it. Cc: Armin Kuster <akuster808@gmail.com> (From OE-Core rev: 109e8420c8a4e94dccb3c83e2b0b7fc6ceb66b04) Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dhcp: fix issue with new bind changesArmin Kuster2019-10-082-0/+2883
| | | | | | | (From OE-Core rev: d0e2babdab1625e86d0abc7fa7dab25caa73ccb6) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: update to 1.11.13, minor updatesArmin Kuster2019-10-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Source: golang.org MR: 99376 Type: Security Fix Disposition: Backport from golang.org ChangeID: 41576ab4a0abdebbc44f1a35a83bf04e5f2fde06 Description: https://golang.org/doc/devel/release.html go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package. See the Go 1.11.11 milestone on our issue tracker for details. go1.11.12 (released 2019/07/08) includes fixes to the compiler and the linker. See the Go 1.11.12 milestone on our issue tracker for details. go1.11.13 (released 2019/08/13) includes security fixes to the net/http and net/url packages. See the Go 1.11.13 milestone on our issue tracker for details. Includes CVE: CVE-2019-14809 (From OE-Core rev: 6018e9755dce3eaa22a1fe691dc18546c43c9cbe) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: upgrade 9.11.5 -> 9.11.5-P4Adrian Bunk2019-10-081-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | Source: OE.org MR: 99751, 99752, 99753 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/bind?h=warrior&id=5d286da0fbe1a7ded2f84eec990e49d221bdeab4 ChangeID: ce3719ea11bd03af3baeca51a22115badf84be01 Description: Bugfix-only compared to 9.11.5, mostly CVE fixes. COPYRIGHT checksum changed due to 2018 -> 2019. (From OE-Core rev: b24447b40e4988e337bdd4b5cf194df0827f9887) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Included cves: CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 ] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: update to latest LTS 9.11.5Armin Kuster2019-10-082-75/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Source: bind.org MR: 99750 Type: Security Fix Disposition: Backport from bind.org ChangeID: bca5c436229f1b8c7e8eb3e45fc6188ffdb5e224 Description: includes: CVE-2018-5738 drop patch for CVE-2018-5740 now included in update see: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html Add RECIPE_NO_UPDATE_REASON for lts (From OE-Core rev: 25b2f2c6fc67eabb0e7f0b7c5ffe08c554613c10) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Also includes CVE-2018-5740] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Security fix for CVE-2019-12972Armin Kuster2019-10-082-0/+40
| | | | | | | | | | | | | | | | | | | | Source: git://sourceware.org / binutils-gdb.git MR: 98770 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031 ChangeID: 7ced6bffbe01cbeadf50177eb332eef514baa19c Description: Fixes CVE-2019-12972 (From OE-Core rev: 16f4520f5cb581eb93bd3f0e3aa1feecc5c567ba) Signed-off-by: Armin Kuster <akuster@mvista.com> [v2] forgot to refresh inc file before sending Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>