summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* poky.conf: Bump version for 1.8.1 fido releaseRichard Purdie2015-09-291-1/+1
| | | | | | (From meta-yocto rev: debe2f66bad75f052bc74681d27951345418310f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate: run recipe-provided hooks outside of ${B}Ross Burton2015-09-291-16/+14
| | | | | | | | | | | | To avoid races between the sstate tasks/hooks using ${B} as the cwd, and other tasks such as cmake_do_configure which deletes and re-creates ${B}, ensure that all sstate hooks are run in the right directory, and run the prefunc/postfunc in WORKDIR. (From OE-Core rev: 07a7e1a0bee5b8757951e67c9353c786a6ac8500) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* autotools.bbclass: mkdir ${B} -> mkdir -p ${B}Robert Yang2015-09-191-1/+1
| | | | | | | | | | | | ${B} is the default cwd of tasks, so there might be race issues such as: | mkdir: cannot create directory `${B}': File exists [snip] NOTE: recipe perf-1.0-r9: task do_configure: Failed (From OE-Core rev: 4c02a30f084408d0a6a5149937ef74520f8346dc) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perf: mkdir ${B} -> mkdir -p ${B}Robert Yang2015-09-191-1/+1
| | | | | | | | | | | | ${B} is the default cwd of tasks, so there might be race issues such as: | mkdir: cannot create directory `/path/to/work/qemux86-poky-linux/perf/1.0-r9/perf-1.0/': File exists [snip] NOTE: recipe perf-1.0-r9: task do_configure: Failed (From OE-Core rev: eb3d1dac724144637a86e8124b7b6b91bbeab822) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libunwind: Security Advisory - libunwind - CVE-2015-3239Li Zhou2015-09-182-0/+30
| | | | | | | | | | | | | | | | libunwind: Invalid dwarf opcodes can cause references beyond the end of the array Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. (From OE-Core master rev: 9c4e7f5c009b076b0bc638a02fcf3d96c362e7eb) (From OE-Core rev: 38de3cd2fcc5e2c79dcf1c864c84f8e712111e5d) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rootfs.py: show intercept script output in log.do_rootfsMartin Jansa2015-09-181-1/+1
| | | | | | | | | | | | | * without this the output wasn't shown anywhere even when the bb.warn says: "See log for details!" (From OE-Core master rev: a3c322b42c7a14584a80e04519c34689ec813210) (From OE-Core rev: 33b9dc43afbf9d201863d4327cd8689582b19070) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* postinst_intercept: allow to pass variables with spacesMartin Jansa2015-09-181-1/+1
| | | | | | | | | | | | | | | * trying to pass foo="a b" through postinst_intercept ends with the actual script header to containing: b foo=a which fails because "b" command doesn't exist. (From OE-Core master rev: c66d7d85b7225be8c838449324d506565dd0081d) (From OE-Core rev: e1cb77476934ea0f80993df049c3708bfa33dba3) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rootfs.py: Allow to override postinst-intercepts locationMartin Jansa2015-09-181-2/+4
| | | | | | | | | | | * useful when we need to overlay/extend intercept scripts from oe-core (From OE-Core master rev: 7d08d2d5c0ae686e3bb8732ea82f30fd189b1cd8) (From OE-Core rev: 0f528bda0bac76e190b03764c603f199a6079fc6) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtasn1: CVE-2015-3622Sona Sarmadi2015-09-182-0/+45
| | | | | | | | | | | | | | _asn1_extract_der_octet: prevent past of boundary access References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch; h=f979435823a02f842c41d49cd41cc81f25b5d677 (From OE-Core rev: 553bc30b96cd9ef9c5bc621debcf7c23c66d7e42) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wic: fix path parsing, use last occurrenceGeorge McCollister2015-09-181-1/+1
| | | | | | | | | | If the path contains 'scripts' more than once the first occurrence will be incorrectly used. Use rfind instead of find to find the last occurrence. (From OE-Core rev: 35ecb0b8557aae85f377c9d99f1a72cbb76fb6d8) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565Armin Kuster2015-09-184-1/+110
| | | | | | | | | | | | | three security fixes. CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable (From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722Armin Kuster2015-09-184-0/+589
| | | | | | | | | three security fixes. (From OE-Core rev: 16e80afe187c173e00b734c757a05157855ed504) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu: Handle device names like tapX@NONERichard Purdie2015-09-181-1/+1
| | | | | | | | | | | | | | | | ip list can return devices in the form tapX@NONE. If it does so, ensure we handle that case correctly. Newer distros appear to do this in some cases. [YOCTO #8129] (From OE-Core master rev: 6459dde380febce24d2c355d441d9cb3b14409b9) (From OE-Core rev: a6709ac54bb9ac79692c3c6faadaace11b8f33f4) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oprofileui: Use inherit gettextSaul Wold2015-09-181-1/+1
| | | | | | | | | | | | | oprofileui uses gettext during the configuration task so should be inherit gettext. This issue appears when an older version of gettext is used do to pinning to the older non-gplv3 version. [YOCTO #7795] (From OE-Core rev: 7a161f8685c551892218a9a7877c10bdcd170c0e) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: CVE-2015-3308Sona Sarmadi2015-09-183-0/+100
| | | | | | | | | | | | | | | Fixes use-after-free flaw in CRL distribution points parsing Reference: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9 https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02 http://www.openwall.com/lists/oss-security/2015/04/15/6 (From OE-Core rev: 4db630c0cd7988c923eb3f48153a6cedafd6a139) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemurunner: Improves checking for server and target IPs on qemus parametersAlejandro Hernandez2015-09-181-5/+8
| | | | | | | | | | | | | Fixes OS hanging infinitely waiting for qemus process to release bitbake.lock (From OE-Core master rev: d168bf34c553dbe5de7511e158cd83869d7a88bc) (From OE-Core rev: b19f599fe8d06d9381ae774f3289fa8c054ad1cc) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/utils/qemurunner: fix loggingPaul Eggleton2015-09-181-25/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | OE-Core commit 519e381278d40bdac79add340e4c0460a9f97e17 unfortunately broke logging in two different ways: 1) it prevented logging to the task log from working within bitbake -c testimage. This is due to the logger object being set up too early which interferes with BitBake's own logging. If we prefix the name with "BitBake." everything works (and we don't need to set the logging level). 2) Additionally because it called the log functions on the logging module and not the logger object it set up, this caused the oe-selftest logging to start printing everything from that point forward. Fix these two issues and return us to the desired behaviour for do_testimage. (From OE-Core master rev: 429b1971be06d5146bb1c14f4697966cddab3b33) (From OE-Core rev: 095b6ccbf86b1830da2dcf5af09a4ebbcdfca921) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/QemuRunner: don't use bb for loggingRoss Burton2015-09-181-29/+32
| | | | | | | | | | | | | | | | | Instead of using bb.note() etc for logging use logging.Logger directly, allowing the use of QemuRunner outside of bitbake. Also clean up the logging/errors by moving create_socket() out of __init__()/restart() and into start(). (From OE-Core master rev: 519e381278d40bdac79add340e4c0460a9f97e17) (From OE-Core rev: 97478640e1449e861b880dd3bedc6af1b0bbacdc) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: update to 2015dArmin Kuster2015-09-012-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes affecting future time stamps Egypt will not observe DST in 2015 and will consider canceling it permanently. For now, assume no DST indefinitely. (Thanks to Ahmed Nazmy and Tim Parenti.) Changes affecting past time stamps America/Whitehorse switched from UTC-9 to UTC-8 on 1967-05-28, not 1966-07-01. Also, Yukon's time zone history is documented better. (Thanks to Brian Inglis and Dennis Ferguson.) Change affecting past and future time zone abbreviations The abbreviations for Hawaii-Aleutian standard and daylight times have been changed from HAST/HADT to HST/HDT, as per US Government Printing Office style. This affects only America/Adak since 1983, as America/Honolulu was already using the new style. (From OE-Core rev: b9f366ab4e0a9cad69b631f402b9afa02d40f667) (From OE-Core rev: 5a1839ecc9a2191252019ddd5c253098006f5bc3) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode: update to 2015dArmin Kuster2015-09-012-10/+11
| | | | | | | | | | | | | | | | Changes affecting code zic has some minor performance improvements. (From OE-Core rev: 3ab7e247b0662a1791169f16424abec426885f80) (From OE-Core rev: cdc4fa9e3301cb478d89cf0c1d690e17313b7096) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: bitbake: cooker: properly fix bitbake.lock handlingRichard Purdie2015-09-014-4/+61
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the PR server or indeed any other child process takes some time to exit (which it sometimes does when saving its database), it can end up holding bitbake.lock after the UI exits, which led to errors if you ran bitbake commands successively - we saw this when running the PR server oe-selftest tests in OE-Core. The recent attempt to fix this wasn't quite right and ended up breaking memory resident bitbake. This time we close the lock file when cooker shuts down (inside the UI process) instead of unlocking it, and this is done in the cooker code rather than the actual UI code so it doesn't matter which UI is in use. Additionally we report that we're waiting for the lock to be released, using lsof or fuser if available to list the processes with the lock open. The 'magic' in the locking is due to all spawned subprocesses of bitbake holding an open file descriptor to the bitbake.lock. It is automatically unlocked when all those fds close the file (as all the processes terminate). We close the UI copy of the lock explicitly, then close the server process copy, any remaining open copy is therefore some proess exiting. (The reproducer for the problem is to set PRSERV_HOST = "localhost:0" and add a call to time.sleep(20) after self.server_close() in lib/prserv/serv.py, then run "bitbake -p; bitbake -p" ). Cleanup work done by Paul Eggleton <paul.eggleton@linux.intel.com>. This reverts bitbake commit 69ecd15aece54753154950c55d7af42f85ad8606 and e97a9f1528d77503b5c93e48e3de9933fbb9f3cd. (Bitbake rev: a29780bd43f74b7326fe788dbd65177b86806fcf) (Bitbake rev: ed30f4ee1cef8db9ea422c5e54b2375c4f3b1d6f) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: bitbake/lib/bb/tinfoil.py
* bitbake: runqueue: Add message to explain the problem if diffsigs multiple ↵Richard Purdie2015-09-011-0/+2
| | | | | | | | tasks don't exist (Bitbake rev: 8292c64e6edae1bf6f554140e8f603cedbd01047) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnome: move introspection options to gnomebaseRoss Burton2015-09-012-4/+3
| | | | | | | | | | The gnome class is really a convenience class to include other classes, so move the introspection arguments into gnomebase.bbclass. (From OE-Core rev: b43a1b244a5ceab52713759dc53b00b162d9d43f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: Remove exporting special CPPKhem Raj2015-09-011-1/+0
| | | | | | | | | | | | | | | | | | | | | | This is no more needed. it was done long ago while systemd lived in meta-openembedded http://lists.openembedded.org/pipermail/openembedded-commits/2012-August/141061.html The accompanying patch has been applied to systemd already so we were not needing to set CPP for sometime now. as a nice side effect it helps compiling systemd with clang (From OE-Core rev: b816e3f520bf71c9b681ccea30c8eefd62fb20a2) (From OE-Core master rev: e95365400ae1ffb6b650723cfb2c6a67913c740c) (From OE-Core rev: 981d99d1307b7c36e964ba9b9929b7329169d72b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* icu: CVE-2014-8146-CVE-2014-8147Sona Sarmadi2015-09-012-0/+50
| | | | | | | | | | | | | | | | | CVE-2014-8146 icu: heap overflow via incorrect isolateCount CVE-2014-8147 icu: integer truncation in the resolveImplicitLevels function References: [1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z [2] https://www.kb.cert.org/vuls/id/602540 [3] http://bugs.icu-project.org/trac/changeset/37080 [4] http://bugs.icu-project.org/trac/changeset/37162 (From OE-Core rev: a461a1a9141fb6a3f79bf9773a837daace2e9996) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* toasterconf: remove master as a branch option from fido releaseAlexandru DAMIAN2015-09-011-19/+4
| | | | | | | | | | | | | | | | | Toaster isn't designed to be forward compatible. As such, a release cannot build releases newer then it. Particularly, "fido" cannot build "master", so we remove "master" from the list of supported releases in "fido" [YOCTO #8154] (From OE-Core rev: bda086118abfb168183dc285357ecbb6dccff5e3) Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com> Signed-off-by: brian avery <avery.brian@gmail.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Consider adding -Wno-error in cases when not using -O2Khem Raj2015-09-011-1/+9
| | | | | | | | | | | | | | | | | | glibc has recently turned on Werror globally which is good but then not all option combos are well tested so there still remains cleanup needed when not using -O2, so lets just disable Werror in such cases, until fixed upstream Change-Id: I2d491c360a15b0752c97ff77ee0faaeede6e8d2a (From OE-Core master rev: 52a90e8e592ddd228939e15d7fd0d69f3c1e816f) (From OE-Core rev: 6f358676c33854cd6b02f41232875cf779cde1b8) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdk-pixbuf: Security Advisory - gdk-pixbuf - CVE-2015-4491Li Zhou2015-09-012-0/+90
| | | | | | | | | | | | | | | | | | | | | pixops: Be more careful about integer overflow Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. (From OE-Core master rev: e27f367d08becce9486f2890cb7382f3c8448246) (From OE-Core rev: 8e6da2d34ed6e3352e235c1723d6b4f425bd5932) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: update SRC_URIRoss Burton2015-09-011-1/+1
| | | | | | | | | | | | | | | Upstream has moved git hosts, so update the SRC_URI appropriately. [ YOCTO #8181 ] (From OE-Core master rev: c6166b7ff7ebcab424af975b1e5378813c684560) (From OE-Core rev: b459e8831dfcb8f4317e115b534567c656efee04) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd-compat-units: set S correctlyRoss Burton2015-09-011-0/+2
| | | | | | | | | | | | | This recipe doesn't unpack any source, so set S to ${WORKDIR}. (From OE-Core master rev: 188a08884d0c1b57d5c8c23f93463399526b19a2) (From OE-Core rev: 5908df2668c46495f3d9626a7d0e6ce8bb1a2f1f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: update the status of configurable root patchUmut Tezduyar Lindskog2015-09-011-1/+4
| | | | | | | | | | | (From OE-Core master rev: a79afafd422a9b8e74c0eaac6296e6d1802bb994) (From OE-Core rev: 7cfaac7e7f49303a00247d4ac221b6fe13eed7b9) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: add PACKAGECONFIG for valgrindChen Qi2015-09-011-0/+1
| | | | | | | | | | | | | | | | | | | | Execute `bitbake valgrind && bitbake systemd -c cleansstate && bitbake systemd -c configure && bitbake valgrind -c cleansstate && bitbake systemd -c compile', and we would get the following error. src/libsystemd/sd-bus/bus-control.c: fatal error: valgrind/memcheck.h: No such file or directory. Add PACKAGECONFIG option to sovle this problem. (From OE-Core master rev: e35ee4e016fbd659c88444ab7ee8e86008984f2c) (From OE-Core rev: 5a9cf55789f030ce940b8d1c78a75147b4a2b486) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: recommend the vconsole setup unitsRoss Burton2015-09-011-4/+5
| | | | | | | | | | | | | | | systemd's early boot wants to run the vconsole setup units. They were split out so that systems without visible consoles don't need the overhead of packaging kbd etc, but we should pull them in by default. (From OE-Core master rev: a2e7a94f8d777d1cd9a07e1543b88a0cf1f9cd67) (From OE-Core rev: dc0a58e396213e3f1131e0f9be4f81bf29f135b2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: add PACKAGECONFIG selinuxKai Kang2015-09-011-1/+4
| | | | | | | | | | | | | | Add PACKAGECONFIG 'selinux' for systemd. debug-shell.service starts different shell according whether selinux is enabled. (From OE-Core master rev: 3d1aa27191fe4c21428eaf4ae036acb1496b7df7) (From OE-Core rev: a7afb11176a997b65e532c5b4fa2e706a3a27a58) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: backport patch for CVE-2015-5477Joshua Lock2015-09-012-0/+25
| | | | | | | (From OE-Core rev: ba84c727b9c8c743e7ac87e6c84456f679118af8) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* base.bbclass: Note when including pn with INCOMPATIBLE_LICENSESBeth Flanagan2015-09-011-3/+26
| | | | | | | | | | | | | | | | | | | We need to be able to tell people if we WHITELIST a recipe that contains an incompatible licese. Example: If we set WHITELIST_GPL-3.0 ?= "foo", foo will end up on an image even if GPL-3.0 is incompatible. This is the correct behaviour but there is nothing telling people that it is even happening. (From OE-Core master rev: c9da529943b2f563b7b0aeb43576c13dd3b6f932) (From OE-Core rev: 1b449dd0ee88274d01f2ec1f2a22955b824ff8ef) Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2015-3209Kai Kang2015-09-012-0/+54
| | | | | | | | | | | | | | | Backport patch to fix CVE-2015-3209. http://git.qemu.org/?p=qemu.git;a=commit;h=9f7c594 (From OE-Core master rev: ea85f36ad438353f5a8e64292dd27f457f1f665c) (From OE-Core rev: d8d68c4a630dc9d802e159f0ffe768e52bea5401) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: backport patches to fix CVE issuesKai Kang2015-09-0112-1/+1244
| | | | | | | | | | | | | | | | | | | | | | | Backport patches to fix CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and CVE-2015-4106. These patches are from debian, but they are originally from: http://git.qemu.org/?p=qemu.git;a=shortlog;h=c25bbf1 (From OE-Core master rev: 496b3ffba6755bb76709c88cf81399c9d23f830a) (From OE-Core rev: 29746e78ca000f4464c8e0a1da55c77e02c651e4) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Refresh the following patches to apply cleanly to our qemu-2.2.0: 07-xen-pt-split-out-calculation-of-throughable-mask-CVE-2015-4106.patch 10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: backport a patch to fix CVE-2015-1863Joshua Lock2015-09-012-0/+48
| | | | | | | | | | | This fix was included in the master branch with the upgrade to 2.4, backport it to fido as the vulnerability was already present in 2.3. (From OE-Core rev: 12fc04731d26597bfb9d9f1713c96b11c8186c43) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, ↵Fan Xin2015-09-017-0/+352
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2015-4145, CVE-2015-4146 wpa-supplicant: backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 Backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146. This patch is originally from: For CVE-2015-4141: http://w1.fi/security/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch For CVE-2015-4143: http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch For CVE-2015-4144 and CVE-2015-4145: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch For CVE-2015-4146: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch (From OE-Core master rev: ce16e95de05db24e4e4132660d793cc7b1d890b9) (From OE-Core rev: b236c0882d62d8aa722117a54c1ff9edec7f5a6d) Signed-off-by: Fan Xin <fan.xin at jp.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Need more buffers in output queue for better ↵Yuqing Zhu2015-09-012-0/+33
| | | | | | | | | | | | performance (From OE-Core master rev: 4b35871f0883ded624c6d5dd9bbf3365934c0e93) (From OE-Core rev: 9b3ae2e90f405d3c157d5c3d645b2be6b6216042) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Set need_segment after sink pad receive ↵Yuqing Zhu2015-09-012-0/+70
| | | | | | | | | | | | | | | | | | | GST_EVENT_SEGMENT Subparse works in push mode, chain funciton will be called once up stream element finished the seeking and flushing. If set need_segment flag in src pad event handler, the segment event will be pushed earlier, result in the subtitle text will be send out to down stream from the beginning. (From OE-Core master rev: 48742378cd91297db439ee83576f3663befaa8f9) (From OE-Core rev: 0ecbbc39353d92a66d32ea13075aaec76b590fa0) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Enhance SSA text lines parsingYuqing Zhu2015-09-012-0/+226
| | | | | | | | | | | | | Some parser will pass in the original ssa text line which starts with "Dialog:" and there's are maybe multiple Dialog lines in one input buffer. (From OE-Core master rev: f47e6185a2e88081f98704357e873a04d2e39c40) (From OE-Core rev: c2e8974e6c9e3e1eb386375a3839b81c23626d43) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Don't set async of custom text-sink to falseYuqing Zhu2015-09-012-0/+32
| | | | | | | | | | | | | Setting async to false will lead A/V sync problem when seeking. The preroll need to use GAP event instead of setting async to false. (From OE-Core master rev: c3ed0c2162dcdbb1aced57aed33e2791b81db558) (From OE-Core rev: 10c4993d4da66ed2eb857b396c24a3771a0bd0d6) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Make memory copy when video buffer's memory is ↵Yuqing Zhu2015-09-012-0/+130
| | | | | | | | | | | | | | | read only Detect the memory flag and use gst_buffer_copy_region with GST_BUFFER_COPY_DEEP parameter to perform deep memory copy. (From OE-Core master rev: 817e542096cf2d415b1725ee98a4d3bbf0ed9415) (From OE-Core rev: 5202a84a67be69259c42bfb109aec1e957783945) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Do not change EOS event to GAP eventYuqing Zhu2015-09-013-0/+82
| | | | | | | | | | | | | | | -Sending EOS event instead of GAP event as GAP event has error if A/V have the different duration. -Stop sending second track EOS event when returing failure after sending the first track EOS. Fixed by ignoring the return error. (From OE-Core master rev: 36dfa24b2a4318b7abe6ab54b64e6c011b8e1e0f) (From OE-Core rev: 6a8d2055421cb6c82203654eabd67e87ae99fee6) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Keep sticky events around when doing a soft resetYuqing Zhu2015-09-012-0/+47
| | | | | | | | | | | | | The current code will first discard all frames, and then tries to copy all sticky events from the (now discarded) frames. So change the order. (From OE-Core master rev: 32e88fd0632619c5d3eb95a58a0cceb6f5f6d0d0) (From OE-Core rev: 17be09863be3804ba58006c8cf622cd0653fed1e) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Fix output buffer can't writable after ↵Yuqing Zhu2015-09-014-0/+185
| | | | | | | | | | | | | | | | | | | | frame_map() issue -Add GST_VIDEO_FRAME_MAP_FLAG_NO_REF This makes sure that the buffer is not reffed another time when storing it in the GstVideoFrame, keeping it writable if it was writable. -Use new GST_VIDEO_FRAME_MAP_FLAG_NO_REF to replace the old one because it's kind of ugly. -Don't ref buffers twice when mapping (From OE-Core master rev: a618f60675dbcc6568d6b9bdee015456cef78a77) (From OE-Core rev: b75f09af7c4bfa023299c4f82bd6c3f781b93354) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Update video alignment after video alignmentYuqing Zhu2015-09-012-0/+54
| | | | | | | | | | | | | | Video buffer pool will update video alignment to respect stride alignment requirement. But haven't update it to video alignment in configure. Which will cause user get wrong video alignment. (From OE-Core master rev: d0b5780125926eb33cc82f17c679e16e64312478) (From OE-Core rev: e2eeca08011abedcba0be8c72dd68557066d4776) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Handle audio/video decoder errorYuqing Zhu2015-09-012-0/+65
| | | | | | | | | | | | | | | When there is input data and no output data to the end of the stream, it will send GST_ELEMENT_ERROR and quit from playing. The patch comments the GST_ELEMENT_ERROR() and just add GST_ERROR_OBJECT() information instead. (From OE-Core master rev: 0690a52bf48543351cdc85d2b3c8068d54b51768) (From OE-Core rev: 0549cb132cbe457dc66f5e8f3df4f61450cb180a) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>