| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
Backport changes to tinfo/comp_hash.c, tinfo/parse_entry.c,
and progs/dump_entry.c from upstream to fix CVEs.
(From OE-Core rev: 7ec70aeb0c6f6080523efa0f983fa36b92cb5558)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Rebase 0001, 0002
2. Fix [already-stripped] QA Issue
Since the following commit add, it strip executables which
are installed by default.
...
commit 087eaf92c621098927f3f98e3652411de48f8b6b
Author: Sven Joachim <svenjoac@gmx.de>
Date: Sun Jan 21 08:01:41 2018 +0100
Import upstream patch 20180120
20180120
+ build-fix in picsmap.c for stdint.h existence.
+ add --disable-stripping option to configure scripts.
...
(From OE-Core rev: 09bc55eeb41a6e06438b35e5456c66198d549b92)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
- Drop backported CVE fix
(From OE-Core rev: 382e861b8c89c65b3538c706361767eff78d4a5a)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-13728, CVE-2017-13731
There is an illegal address access in the function dump_uses() in progs/dump_entry.c
in ncurses 6.0 that might lead to a remote denial of service attack.
There is an illegal address access in the _nc_safe_strcat function in
strings.c in ncurses 6.0 that will lead to a remote denial of service attack.
There is an illegal address access in the function _nc_read_entry_source()
in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.
There is an illegal address access in the _nc_save_str function in
alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.
There is an infinite loop in the next_char function in comp_scan.c in
ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.
There is an illegal address access in the function postprocess_termcap()
in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-13734
https://nvd.nist.gov/vuln/detail/CVE-2017-13732
https://nvd.nist.gov/vuln/detail/CVE-2017-13731
https://nvd.nist.gov/vuln/detail/CVE-2017-13730
https://nvd.nist.gov/vuln/detail/CVE-2017-13729
https://nvd.nist.gov/vuln/detail/CVE-2017-13728
Upstream patch:
https://anonscm.debian.org/cgit/collab-maint/ncurses.git/commit/?id=129aac80802d997b86ab0663836b7fdafb8e3926
(From OE-Core rev: 52d0f351062da730055ffc6b953ff4e68ddb437f)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rebase patches:
- tic-hang.patch -> 0001
- configure-reproducible.patch -> 0002
Drop fix-cflags-mangle.patch, which accepted by upstream
...
commit 1b74f120ab7be89011408a6ad0f1c748a314bae8
Author: Sven Joachim <svenjoac@gmx.de>
Date: Sun Feb 26 09:01:34 2017 +0100
Import upstream patch 20170225
20170225
+ fixes for CF_CC_ENV_FLAGS (report by Ross Burton).
...
(From OE-Core rev: a4ad0703e1209fee6cd89bf74088931785c4d8c7)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Build static libraries without the binutils "ar" -U option.
This option deliberately breaks deterministic mode.
The option seems to be a relic from 2015, intended as a workaround
for some unspecified build problems.
[YOCTO#11247]
(From OE-Core rev: 46c757d0ca7ff294a7e55c130698fd256b69b62e)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Add a patch to fix the CC/CFLAGS mangling that broke builds. [RB]
(From OE-Core rev: e5d1cbbc1a04b0b190f3706e7ab7421c87d46c78)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As "install.libs" also installs header files, it is
redundant to also call "install.includes".
In fact, doing so can lead to a race, as both targets could
try to install the header files at the same time if running
parallel make. Obviously, with only calling "install.libs",
there is no race with "install.includes".
If there is no race, then the patch fix-include-files-race.patch
is no longer needed.
(From OE-Core rev: 8df2060a323acf2a2cc2bc4076623463039c46a6)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Both targets install.libs and install.includes install the same
files, resulting in a race condition when running parallel make.
This race is addressed in a patch file, making sure only one
of the targets (install.includes) installes the include files.
This will work properly (i.e.ncurses will install as intended
by the recipe) as long as we always install both targets.
(From OE-Core rev: a3df0aa78af1c2fecf847e87cc480fd2ed9afe89)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
Also, put the revision into PV, so that a meaningful upstream version
check can be performed.
(From OE-Core rev: 78064460a7087de5065f035633ea37a7f5b5cff6)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
