| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When copying the sstate-cache into the extensible SDK, if the source
path had a trailing / and the destination path did not, there would be a
missing / between the path and the subdirectory name, and you'd end up
with subdirectories like "sstate-cacheCentOS-6.7". There are functions
in os.path for this sort of thing so let's just use them and avoid the
problem.
(From OE-Core rev: 2ed6adfea5ba16aeda7b5d908bea4303202d3774)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 5eb8f15c48b5f39a10eb2b63b026cf1ebfd05533)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 4.1.17
(From OE-Core rev: f070d5fee56a4589a6abf422e6872373c5557c6d)
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring()
(From OE-Core rev: 8cb97ea8ed59ee77c0542b50d1af65bf9a3c3fef)
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 3.14.39
(From OE-Core rev: ce53ebc001af87d169a2e0e98ca3d7d4729fdec4)
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following warning:
WARNING: Failed to fetch URL http://downloads.sourceforge.net/project/
libpng/libpng12/1.2.53/libpng-1.2.53.tar.xz, attempting MIRRORS if
available.
[YOCTO #8739]
(From OE-Core rev: 02363e50b4a3d124fa71edb2870deb820567482b)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix the following warning:
WARNING: Failed to fetch URL http://downloads.sourceforge.net/
project/libpng/libpng16/1.6.17/libpng-1.6.17.tar.xz, attempting
MIRRORS if available
[YOCTO #8739]
(From OE-Core rev: dbde0550ce0cc112947367eb89b914be5b3359a7)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If CONFIG_FEATURE_LAST_SMALL is enabled the build fails because of a broken
__UT_NAMESIZE test.
[ YOCTO #8869 ]
(From OE-Core rev: 6348b2e8e0510b45f4afd2018e90796714863fc1)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using parallel make jobs, we need to be sure that
pnglibconf.h is created before we try to reference it,
so add a rule to png.mak.
(From OE-Core rev: 4b7bda9d1ac836de0c657cca28044b822e444bea)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit fad19750d23aad2d14a1726c4e3c2c0d05f6e13d)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This enables a world build without x11. GTK3DISTROFEATURES is not
enough because gtk+-x11.pc is still required.
Fixes [YOCTO #8611].
(From OE-Core rev: b1175339287395a7ad4fe4639a73f3a1dda74358)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit dbdcd87144cc1cd6c5d50c800c7f266aaf25ca17)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with the enabling of utmpx in busybox and uClibc it was noted that shadow
support for utmpx also needs utmp explicitly enabled in uclibc. this is
a workaround that might be removed once shadow properly supports
--enable-utmpx to check for utmpx configuration instead of utmp like
it does now
[YOCTO #8243]
[YOCTO #8971]
(From OE-Core rev: 05cab660ea956aabf6e6f971bdc5c9e2d94b9f2d)
Signed-off-by: Bogdan-Alexandru Voiculescu <bogdanx.a.voiculescu@intel.com>
Signed-off-by: Benjamin Esquivel <benjamin.esquivel@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 969158d63ba2c8e2e11af41c2a6d4f1aa5b0099f)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-7545 git: arbitrary code execution via crafted URLs
(From OE-Core rev: 1e0780427bad448c5b3644134b581ecf1d53af84)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
WARNING: QA Issue: glibc-locale: /glibc-binary-localedata-sd-in/usr/lib/locale/sd_IN/LC_CTYPE is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
fix type
(From OE-Core rev: 9d5cd7a353ec257c88d54dd9af2327b0d86d5662)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-8370 grub2: buffer overflow when checking password entered during bootup
(From OE-Core rev: b63e3b57b47e95003a1fb014f90333c327681d5b)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-7674 Heap overflow with a gif file in gdk-pixbuf < 2.32.1
(From OE-Core rev: f2b16d0f9c3ad67fdf63e9e41f42a6d54f1043e4)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
CVE-2015-7558 librsvg2: Stack exhaustion causing DoS
including two supporting patches.
(From OE-Core rev: 4945643bab1ee6b844115cc747e5c67d874d5fe6)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-8461 bind: race condition when handling socket errors can lead to an assertion failure in resolver.c\
(From OE-Core rev: 1656eaa722952861ec73362776bd0c4826aec3da)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c
(From OE-Core rev: a159f9dcf3806f2c3677775d6fb131dab17a5a17)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
(From OE-Core rev: 03d481070ebc6f9af799aec5d038871f9c73901c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar
(From OE-Core rev: f3c19a39cdec435f26a7f46a3432231ba4daa19c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-0860 dpkg: stack overflows and out of bounds read
(From OE-Core rev: 5aaec01acc9e5a19374a566307a425d43c887f4b)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed LIC_CHKSUM_FILES to a new LICENSE file.
Add BSD-3-clause to licenses
Changes affecting future time stamps
America/Cayman will not observe daylight saving this year after all.
Revert our guess that it would. (Thanks to Matt Johnson.)
Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00.
(Thanks to Alexander Krivenyshev.)
Asia/Tehran now has DST predictions for the year 2038 and later,
to be March 21 00:00 to September 21 00:00. This is likely better
than predicting no DST, albeit off by a day every now and then.
Changes affecting past and future time stamps
America/Metlakatla switched from PST all year to AKST/AKDT on
2015-11-01 at 02:00. (Thanks to Steffen Thorsen.)
America/Santa_Isabel has been removed, and replaced with a
backward compatibility link to America/Tijuana. Its contents were
apparently based on a misreading of Mexican legislation.
Changes affecting past time stamps
Asia/Karachi's two transition times in 2002 were off by a minute.
(Thanks to Matt Johnson.)
(From OE-Core rev: 790315dbd2dcb5b2024948ef412f32d2788cb6b5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 39e231cfabda8d75906c935d2a01f37df6121b84)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change LIC_CHKSUM_FILES to License. Some files are BSD clause 3
Changes affecting build procedure
An installer can now combine leap seconds with use of the backzone file,
e.g., with 'make PACKRATDATA=backzone REDO=posix_right zones'.
The old 'make posix_packrat' rule is now marked as obsolescent.
(Thanks to Ian Abbott for an initial implementation.)
Changes affecting documentation and commentary
A new file LICENSE makes it easier to see that the code and data
are mostly public-domain. (Thanks to James Knight.) The three
non-public-domain files now use the current (3-clause) BSD license
instead of older versions of that license.
tz-link.htm mentions the BDE library (thanks to Andrew Paprocki),
CCTZ (thanks to Tim Parenti), TimeJones.com, and has a new section
on editing tz source files (with a mention of Sublime zoneinfo,
thanks to Gilmore Davidson).
The Theory and asia files now mention the 2015 book "The Global
Transformation of Time, 1870-1950", and cite a couple of reviews.
The America/Chicago entry now documents the informal use of US
central time in Fort Pierre, South Dakota. (Thanks to Rick
McDermid, Matt Johnson, and Steve Jones.)
(From OE-Core rev: 1ee9072e16d96f95d07ec5a1f63888ce4730d60e)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit b7f292b84eea202fb13730c11452ac1957e41cf0)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The existing code doesn't tell regular (with .git) and bare cases and
just move the unpacked repo to the place of kernel source. But later
steps will fail on a bare-cloned repo because we can not checkout
directly in a bare cloned repo.
This change performs another clone to fix the issue.
Note: This change doesn't cover the case that S and WORKDIR are same
and the repo is bare cloned.
(From OE-Core rev: f3d0ae7b174f47170fef14a699aec22d02ea1745)
Signed-off-by: Jianxun Zhang <jianxun.zhang@linux.intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ccfa2ee5c4f509de4c18a7054b2a66fc874d5d69)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[Yocto # 9008]
This is the next patch release for pcre. The 8.xx series now only contains
bug fixes.
http://www.pcre.org/original/changelog.txt
The following security fixes are included:
CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex()
CVE-2015-3217 pcre: stack overflow in match()
CVE-2015-5073 CVE-2015-8388 pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis
CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec
CVE-2015-8381 pcre: Heap Overflow in compile_regex()
CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group
CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by name within certain group
CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to certain group
CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion
CVE-2015-8387 pcre: Integer overflow in subroutine calls
CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns
CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns
CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with duplicated named groups
CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary
CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions
CVE-2015-8395 pcre: Buffer overflow caused by certain references
CVE-2016-1283 pcre: Heap buffer overflow in pcre_compile2 causes DoS
(From OE-Core rev: 3e403cc1bdeefd4f39e54bae2269ca56307e8468)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-7295 Qemu: net: virtio-net possible remote DoS
(From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands
(From OE-Core rev: 166c19df8be28da255cc68032e2d11afc59d4197)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list
(From OE-Core rev: 99ffcd66895e4ba064542a1797057e45ec4d3220)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mod
(From OE-Core rev: e6e9be51f77c9531f49cebe0ca6b495c23cf022d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode
(From OE-Core rev: b01b569d7d7e651a35fa38750462f13aeb64a2f3)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception
(From OE-Core rev: c622bdd7133d31d7fbefe87fb38187f0aea4b592)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2016-0701 OpenSSL: DH small subgroups
(From OE-Core rev: c5868a7cd0a28c5800dfa4be1c9d98d3de08cd12)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers
(From OE-Core rev: b387d9b8dff8e2c572ca14f9628ab8298347fd4f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
(From OE-Core rev: 3e89477c8ad980fabd13694fa72a0be2e354bbe2)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
CVE-2015-8781 libtiff: out-of-bounds writes for invalid images
(From OE-Core rev: 29c80024bdb67477dae47d8fb903feda2efe75d4)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-8704:
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record
CVE-2015-8705:
When debug logging is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option
[YOCTO 8966]
References:
https://kb.isc.org/article/AA-01346/0/BIND-9.10.3-P3-Release-Notes.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8705
(From OE-Core rev: 78ceabeb2df55194f16324d21ba97e81121f996b)
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are some unfreed rpmmi pointers in printDepList()
function; this happens when the package have null as
the requirement.
This patch fixes these unfreed pointers and add small
changes to keep consistency with some variables.
[YOCTO #8028]
(From OE-Core master rev: da7aa183f94adc1d0fff5bb81e827c584f9938ec)
(From OE-Core rev: 409f19280983b8100a27a773cefbff187cca737a)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This issue requires three commits:
https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0
(From OE-Core master rev: a42229df424552955c0ac62da1063461f97f5938)
(From OE-Core rev: 50f46e40fa2d1d126294874765f90ed5bdee0f15)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
it was found that out-of-range time values passed to the strftime function may
cause it to crash, leading to a denial of service, or potentially disclosure
information.
(From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A stack overflow vulnerability was found in nan* functions that could cause
applications which process long strings with the nan function to crash or,
potentially, execute arbitrary code.
(From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A stack overflow vulnerability in the catopen function was found, causing
applications which pass long strings to the catopen function to crash or,
potentially execute arbitrary code.
(From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or
libc6) before 2.23 allows local users to bypass a pointer-guarding protection
mechanism via a zero value of the LD_POINTER_GUARD environment variable.
(From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids having a loop in shell code and initializing
heavy Django init machinery every second.
Ignore exceptions to prevent exiting the loop.
(Bitbake rev: e04da15556ca0936de652b8c085e4199e5551457)
(Bitbake rev: 0e9d8d63ddb35d181d4e470585d1e4a4c646cd00)
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: brian avery <avery.brian@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
Signed-off-by: Elliot Smith <elliot.smith@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Recent changes to this recipe caused automated PR increments
to break, regressing package feeds. The only way to recover
is to bump PR, so do this centrally to fix anyone affected.
(From OE-Core rev: dacdb499d31cb2e80cca33cba9d599c8ee983dc4)
(From OE-Core rev: 8ce8f62b22b1e20db0f62d7bd8246738147d5f2e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Turns out I did a silly thing in OE-Core revision
9b1831cf4a2940dca1d23f14dff460ff5a50a520 and forgot to remove the
explicit setting of PACKAGE_ARCH outside of the anonymous python
function; the original bug was apparently fixed but the functionality of
allarch.bbclass was being disabled because it was able to see that
PACKAGE_ARCH was not set to "all" - which was what I was trying to
ensure.
(From OE-Core rev: a25ab5449825315d4f51b31a634fe6cd8f908526)
(From OE-Core rev: afd527d365c58e622983b77a1a7ed57f59ef7b32)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This recipe produces an empty dummy package (in order to satisfy
dependencies on perl so we don't have perl within buildtools-tarball).
Because we were inheriting nativesdk here the recipe was being rebuilt,
but having forced PACKAGE_ARCH to a particular value the packages for
each architecture were stepping on eachother. Since the packages are
empty they can in fact be allarch (even though they won't actually go
into the "all" package feed). It turns out that nheriting nativesdk
wasn't actually necessary either, so drop that.
Fixes [YOCTO #8509].
(From OE-Core rev: 9b1831cf4a2940dca1d23f14dff460ff5a50a520)
(From OE-Core rev: 66694fe312cf0668d08e42246332ce085a4d6372)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
This reverts commit 5c90b561930aac1783485d91579d313932273e92.
The original change was intentional so back out 'fixes'.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
This reverts commit bc458ae9586b45b11b6908eadb31e94d892e698f.
The original change was intentional so back out 'fixes'.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 716d3140c150bb3d99210e74da91904efc84c907)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
In jethro, the dependency is "udev", the change to libgudev happened
in master after the release and this was a mistake during
backporting of gstreamer fixes.
(From OE-Core rev: bc458ae9586b45b11b6908eadb31e94d892e698f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: bc1d59a075bfd1b0dca7a19553cc7970b7460b38)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
