summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* build-appliance-image: Update to jethro head revisionyocto-2.0.1jethro-14.0.1Richard Purdie2016-02-241-1/+1
| | | | | | (From OE-Core rev: 0c702756dd0009c4112028fbf2479a346867b32c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-2198Armin Kuster2016-02-212-0/+46
| | | | | | | | | CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write (From OE-Core rev: 646a8cfa5398a22062541ba9c98539180ba85d58) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-2197Armin Kuster2016-02-212-0/+60
| | | | | | | | | CVE-2016-2197 Qemu: ide: ahci null pointer dereference when using FIS CLB engines (From OE-Core rev: ca7cbcf22558349f0b43ed7dc84ad38d7c178c55) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: Security fix CVE-2015-7511Armin Kuster2016-02-213-0/+304
| | | | | | | | | | | | | | CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves affects libgcrypt < 1.6.5 Patch 1 is a dependancy patch. simple macro name change. Patch 2 is the cve fix. (From OE-Core rev: c691ce99bd2d249d6fdc4ad58300719488fea12c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uclibc: Security fix CVE-2016-2225Armin Kuster2016-02-212-0/+33
| | | | | | | | | | | CVE-2016-2225 Make sure to always terminate decoded string This change is being provide to comply to Yocto compatiblility. (From OE-Core rev: 093d76f3f4a385aae46304bd572ce1545c6bcf33) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uclibc: Security fix CVE-2016-2224Armin Kuster2016-02-212-0/+50
| | | | | | | | | | | CVE-2016-2224 Do not follow compressed items forever. This change is being provide to comply to Yocto compatiblity. (From OE-Core rev: 4fe0654253d7444f2c445a30b06623cef036b2bb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libbsd: Security fix CVE-2016-2090Armin Kuster2016-02-182-1/+53
| | | | | | | | | | | | CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd affects libbsd <= 0.8.1 (and therefore not needed in master) (From OE-Core rev: e56aba3a822f072f8ed2062a691762a4a970a3f0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Security fix CVE-2015-7547Armin Kuster2016-02-182-0/+643
| | | | | | | | | CVE-2015-7547: getaddrinfo() stack-based buffer overflow (From OE-Core rev: cf754c5c806307d6eb522d4272b3cd7485f82420) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to jethro head revisionRichard Purdie2016-02-071-1/+1
| | | | | | (From OE-Core rev: 05e551d821594b0f4c06328386b6a82e0801ac2a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Secuirty fix CVE-2016-0755Armin Kuster2016-02-072-1/+140
| | | | | | | | | CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use (From OE-Core rev: 8322814c7f657f572d5c986652e708d6bd774378) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security fix CVE-2016-0754Armin Kuster2016-02-072-1/+419
| | | | | | | | | CVE-2016-0754 curl: remote file name path traversal in curl tool for Windows (From OE-Core rev: b2c9b48dea2fd968c307a809ff95f2e686435222) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nettle: Security fix CVE-2015-8804Armin Kuster2016-02-072-0/+282
| | | | | | | (From OE-Core rev: 7474c7dbf98c1a068bfd9b14627b604da5d79b67) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nettle: Security fix CVE-2015-8803 and CVE-2015-8805Armin Kuster2016-02-072-0/+75
| | | | | | | (From OE-Core rev: f62eb452244c3124cc88ef01c14116dac43f377a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* socat: Security fix CVE-2016-2217Armin Kuster2016-02-072-0/+373
| | | | | | | | | | | | | this address both Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in OpenSSL" and Socat security advisory 8: "Stack overflow in arguments parser [Yocto # 9024] (From OE-Core rev: 0218ce89d3b5125cf7c9a8a91f4a70eb31c04c52) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: Security fix CVE-2015-8472Armin Kuster2016-02-072-0/+30
| | | | | | | | | | | libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions this patch fixes an incomplete patch in CVE-2015-8126 (From OE-Core rev: f4a805702df691cbd2b80aa5f75d6adfb0f145eb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: Security fix CVE-2015-8126Armin Kuster2016-02-075-0/+359
| | | | | | | | | libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (From OE-Core rev: d0a8313a03711ff881ad89b6cfc545f66a0bc018) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* foomatic-filters: Security fixes CVE-2015-8327Armin Kuster2016-02-072-0/+24
| | | | | | | | | | | CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character this time with the recipe changes. (From OE-Core rev: 62d6876033476592a8ca35f4e563c996120a687b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* foomatic-filters: Security fix CVE-2015-8560Armin Kuster2016-02-072-0/+26
| | | | | | | | | CVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character (From OE-Core rev: 307056ce062bf4063f6effeb4c891c82c949c053) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to jethro head revisionRichard Purdie2016-02-071-1/+1
| | | | | | (From OE-Core rev: a2b1d9a6f0f29a2d21c80e549b10f3522df20c11) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cross-localedef-native: add ABI breaking glibc patchJens Rehsack2016-02-071-0/+1
| | | | | | | | | | | | | | Add patch from commit 96b1b5c127e9e0e637aaf7948cf3330a94a5cd57 to cross-localedef-native to avoid broken images built with ENABLE_BINARY_LOCALE_GENERATION set to 1: $ sh -c "export LANG=de_DE; ls -la" sh: loadlocale.c:130: _nl_intern_locale_data: Assertion `cnt < (sizeof (_nl_value_type_LC_COLLATE) / sizeof (_nl_value_type_LC_COLLATE[0]))' failed. Aborted (From OE-Core rev: 2ddfcfaa996d8c675b5c161acb605dc5573eba67) Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to jethro head revisionRichard Purdie2016-02-051-1/+1
| | | | | | (From OE-Core rev: 113812945c3cddfec75d67d781c0fa2d7ee02762) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e2fsprogs: Ensure we use the right mke2fs.conf when restoring from sstateRichard Purdie2016-02-051-0/+15
| | | | | | | | | | | | | | | | | If we don't do this, we can use an mke2fs.conf from a different path which may contain incompatible flags and lead to obtuse build failures such as: Invalid filesystem option set: has_journal,extent,huge_file,flex_bg,metadata_csum,64bit,dir_nlink,extra_isize To fix this, wrap the mke2fs binary and its hardlinks and point at the correct configuration file. In particular this fixes conflicts between master and jethro builds affecting the main autobuilder. (From OE-Core rev: 0ef6277463517fb0e52b4bd65ca5f6ab42315773) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to jethro head revisionRichard Purdie2016-02-041-1/+1
| | | | | | (From OE-Core rev: f3831307d7c849e60c4141f7bfe4067ec5ff224a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: Updated host package install requirements CentOSScott Rifenbark2016-02-041-9/+18
| | | | | | | | | | | | Put in a caveat about getting the ADT Installer to work with CentOS 6.x. New note. Fixes [YOCTO #8324] (From yocto-docs rev: 6ee7696537ca2031073cc59a42ff035cfd8caeec) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* toaster-manual: Updated the "Installation" to have TOASTER_DIR informationBelen Barros Pena2016-02-041-5/+26
| | | | | | | | | | | | | | In section 3.6 of the manual about setting up a production instance of Toaster, explain that TOASTER_DIR determines the location of the build directory, and that the checksettings command configures the build environment for Toaster. NOTE: I applied some minor fixes to the wording. (From yocto-docs rev: 5d899f3026cff40078449ca8bdaba680f79ee0a8) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* toaster-manual: Updated instructions for production setup.Scott Rifenbark2016-02-041-28/+15
| | | | | | | | | | | Current instructions were wrong. Applied changes to correct them. Author: Belen Barros Pena <belen.barros.pena@intel.com> (From yocto-docs rev: 609e7bd8847cba70e49f4c8a58524392fdc1bd41) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update SRCREV for genericx86* for 4.1, fixes CVE-2016-0728Alejandro Hernandez2016-02-041-2/+5
| | | | | | | | | This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 4.1.17 (From meta-yocto rev: 2aab8657999c2bcf6e7a54f1085664207ba3ac93) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update SRCREV for genericx86* for 3.19, fixes CVE-2016-0728Alejandro Hernandez2016-02-041-2/+2
| | | | | | | | | This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring() (From meta-yocto rev: 20c1e1e8ec2f18fbbb47b6dbc27dd7dfa15922fb) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update SRCREV for genericx86* for 3.14, fixes CVE-2016-0728Alejandro Hernandez2016-02-041-2/+5
| | | | | | | | | This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 3.14.39 (From meta-yocto rev: 47a81a47c5f1f2625365ab7a2f130b75fb5764fd) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta-yocto-bsp: Remove uvesafb (v86d) from generic x86 featuresJianxun Zhang2016-02-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | When uvesafb is automatically loaded during boot and FW doesn't support legacy video bios and frame buffer, its user space helper will throw error messages in kernel log: [6.843790] uvesafb: Getting VBE info block failed (eax=0x4f00, err=1) [6.843864] uvesafb: vbe_init() failed with -22 [6.843916] uvesafb: probe of uvesafb.0 failed with error -22 Assuming most x86 boards today don't really rely on this module, this change simply removes it from the common feature list to get rid of these harmless messages. [YOCTO #6584] (From meta-yocto rev: d58fc630b1114dbafa8342de7dcaef8e7d798848) (From meta-yocto rev: 8b08977dc9f2d9ff4fd5ecf4ead24a36dcbda542) Signed-off-by: Jianxun Zhang <jianxun.zhang@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 6af89812e8a9931ffed63768ed85367519bf7aef) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-bsp: Set SRCREV meta/machine revisions to AUTOREVLeonardo Sandoval2016-02-0449-152/+152
| | | | | | | | | | | | | | | | By default, checkout to latest revision from the machine branch specified by the user. (From meta-yocto rev: f79a43406b5b323587415380ecffc87527c64653) (From meta-yocto rev: 311e084bb321701624785ce56a1ad23d7b20b396) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a35f79ddd8afe54835ad927b21b8f7cfbd86202a) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-bsp: Set KTYPE to user selected base branchLeonardo Sandoval2016-02-0421-21/+42
| | | | | | | | | | | | | | | | | | Fixes the hardcode branch name set to KTYPE, where its value is used as a base branch when user decides to create a new branch. Tested on x86_64 architecture. [YOCTO #8630] (From meta-yocto rev: ab895be90a0cae7dfa77a8aab3b19e5571e7e7bc) (From meta-yocto rev: bc5aec2348b2c314953806734a8fbabf798d142c) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9d585b5025187f059f75ffbdc01bda72d17e8a86) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-bsp: Avoid duplication of user patches ({{=machine}}-user-patches.scc)Leonardo Sandoval2016-02-0428-36/+8
| | | | | | | | | | | | | | | | | | | On linux-yocto-dev or linux-yocto_X.YY bbappend files, the SRC_URI includes {{=machine}}-standard.scc, which in turn includes {{=machine}}-user-parches.scc, thus there is no need to include it again on the corresponding bbappend file. [YOCTO #8486] (From meta-yocto rev: 11c93b5dd8c651df478d4810e1b6ff6ad9fa57e8) (From meta-yocto rev: c1105ff0e65a24f344e5fab17402b1b4fcb1d728) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f674ffa528b06e22d2c70c12f2e17cf308e26173) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-bsp: Default kernel version to 4.1 on x86_64Leonardo Sandoval2016-02-041-1/+1
| | | | | | | | | | | | | | | | | | On the 3.19 to 4.1 migration, the target x86_64 was not taken into account (no reason, just missing the correspoding update on the kernel-list.noinstall file), so moving it to 4.1 to be align with the rest. (From meta-yocto rev: 283665d9295c3c10f964496dc0110137e358daa6) (From meta-yocto rev: d58d3c5e65294bd6f4f3f780d746e1c3f8678c2b) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9cc221dcb6af71ae8a4faa3297269ae80c7e35dd) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: don't use /tmp to write generated sources toRoss Burton2016-02-041-0/+6
| | | | | | | | | | | | If there are multiple builds on the same machine then piglit writing it's generated sources to /tmp will race. Instead, export TEMP to tell the tempfile module to use a temporary directory under ${B}. (From OE-Core rev: 226a26e51eb0789686509d3e22a3766e2e3e8666) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gen-lockedsig-cache: fix bad destination path joiningPaul Eggleton2016-02-041-1/+1
| | | | | | | | | | | | | | | | | When copying the sstate-cache into the extensible SDK, if the source path had a trailing / and the destination path did not, there would be a missing / between the path and the subdirectory name, and you'd end up with subdirectories like "sstate-cacheCentOS-6.7". There are functions in os.path for this sort of thing so let's just use them and avoid the problem. (From OE-Core rev: 2ed6adfea5ba16aeda7b5d908bea4303202d3774) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 5eb8f15c48b5f39a10eb2b63b026cf1ebfd05533) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update SRCREV for qemux86* for 4.1, fixes CVE-2016-0728Alejandro Hernandez2016-02-041-2/+4
| | | | | | | | | | This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 4.1.17 (From OE-Core rev: f070d5fee56a4589a6abf422e6872373c5557c6d) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update SRCREV for qemux86* for 3.19, fixes CVE-2016-0728Alejandro Hernandez2016-02-041-2/+2
| | | | | | | | | | This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring() (From OE-Core rev: 8cb97ea8ed59ee77c0542b50d1af65bf9a3c3fef) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update SRCREV for qemux86* for 3.14, fixes CVE-2016-0728Alejandro Hernandez2016-02-041-2/+4
| | | | | | | | | | This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 3.14.39 (From OE-Core rev: ce53ebc001af87d169a2e0e98ca3d7d4729fdec4) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng12: update URL that no longer existsMaxin B. John2016-02-041-1/+1
| | | | | | | | | | | | | | | | Fix the following warning: WARNING: Failed to fetch URL http://downloads.sourceforge.net/project/ libpng/libpng12/1.2.53/libpng-1.2.53.tar.xz, attempting MIRRORS if available. [YOCTO #8739] (From OE-Core rev: 02363e50b4a3d124fa71edb2870deb820567482b) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: update URL that no longer existsMaxin B. John2016-02-041-1/+1
| | | | | | | | | | | | | | | | Fix the following warning: WARNING: Failed to fetch URL http://downloads.sourceforge.net/ project/libpng/libpng16/1.6.17/libpng-1.6.17.tar.xz, attempting MIRRORS if available [YOCTO #8739] (From OE-Core rev: dbde0550ce0cc112947367eb89b914be5b3359a7) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: fix build of last appletRoss Burton2016-02-042-0/+34
| | | | | | | | | | | | | If CONFIG_FEATURE_LAST_SMALL is enabled the build fails because of a broken __UT_NAMESIZE test. [ YOCTO #8869 ] (From OE-Core rev: 6348b2e8e0510b45f4afd2018e90796714863fc1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: add dependency for pnglibconf.hJoe Slater2016-02-042-0/+22
| | | | | | | | | | | | | | When using parallel make jobs, we need to be sure that pnglibconf.h is created before we try to reference it, so add a rule to png.mak. (From OE-Core rev: 4b7bda9d1ac836de0c657cca28044b822e444bea) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit fad19750d23aad2d14a1726c4e3c2c0d05f6e13d) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcr: Require x11 DISTRO_FEATUREJussi Kukkonen2016-02-041-1/+3
| | | | | | | | | | | | | | | This enables a world build without x11. GTK3DISTROFEATURES is not enough because gtk+-x11.pc is still required. Fixes [YOCTO #8611]. (From OE-Core rev: b1175339287395a7ad4fe4639a73f3a1dda74358) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit dbdcd87144cc1cd6c5d50c800c7f266aaf25ca17) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uClibc: enable utmp for shadow compatibilityBogdan-Alexandru Voiculescu2016-02-041-0/+2
| | | | | | | | | | | | | | | | | | | | with the enabling of utmpx in busybox and uClibc it was noted that shadow support for utmpx also needs utmp explicitly enabled in uclibc. this is a workaround that might be removed once shadow properly supports --enable-utmpx to check for utmpx configuration instead of utmp like it does now [YOCTO #8243] [YOCTO #8971] (From OE-Core rev: 05cab660ea956aabf6e6f971bdc5c9e2d94b9f2d) Signed-off-by: Bogdan-Alexandru Voiculescu <bogdanx.a.voiculescu@intel.com> Signed-off-by: Benjamin Esquivel <benjamin.esquivel@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 969158d63ba2c8e2e11af41c2a6d4f1aa5b0099f) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: Security fix CVE-2015-7545Armin Kuster2016-02-046-0/+897
| | | | | | | | | CVE-2015-7545 git: arbitrary code execution via crafted URLs (From OE-Core rev: 1e0780427bad448c5b3644134b581ecf1d53af84) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc-locale: fix QA warningArmin Kuster2016-02-041-1/+1
| | | | | | | | | | WARNING: QA Issue: glibc-locale: /glibc-binary-localedata-sd-in/usr/lib/locale/sd_IN/LC_CTYPE is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated] fix type (From OE-Core rev: 9d5cd7a353ec257c88d54dd9af2327b0d86d5662) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: Security fix CVE-2015-8370Armin Kuster2016-02-042-0/+60
| | | | | | | | | CVE-2015-8370 grub2: buffer overflow when checking password entered during bootup (From OE-Core rev: b63e3b57b47e95003a1fb014f90333c327681d5b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdk-pixbuf: Security fix CVE-2015-7674Armin Kuster2016-02-042-0/+40
| | | | | | | | | CVE-2015-7674 Heap overflow with a gif file in gdk-pixbuf < 2.32.1 (From OE-Core rev: f2b16d0f9c3ad67fdf63e9e41f42a6d54f1043e4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* librsvg: Security fix CVE-2015-7558Armin Kuster2016-02-044-1/+597
| | | | | | | | | | | CVE-2015-7558 librsvg2: Stack exhaustion causing DoS including two supporting patches. (From OE-Core rev: 4945643bab1ee6b844115cc747e5c67d874d5fe6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>