| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NVD uses product glib and vendor gnome for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2016-6855
(From OE-Core rev: 4d4d07650d600fcb8fb1de8592494c3a9e4189ce)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 69d6342d45316389afb4b062088919689db0a6dd)
Signed-off-by: Ruslan Ruslichenko <rruslich@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All recipes which include this .inc map to glibc NVD component.
(From OE-Core rev: 221266dcf1f8825b5e4cf397d67cf535facca7e7)
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 613a13725db4e05539974cc7c66584a287d7b4bd)
Signed-off-by: Ruslan Ruslichenko <rruslich@cisco.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 1718f0a6c1de9c23660a9bebfd4420e3c4ed37e6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With out this patch, one can not login to a mips64 machine like qumumips64 or Octeon mips64 when
systemd is enabled.
remove PACKAGECONFIG option too
affects: systemd < 2.3.1
Reviewed-by: Jeremy Puhlman <jpuhlman@mvista.com>
(From OE-Core rev: ce97fa3c673c7adc7a1fb81e0fd47f103fe281de)
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: git://sourceware.org/git/glibc.git
MR: 76647
Type: Security Fix
Disposition: Backport from glibc-2.27
ChangeID: f4494e472d36748c2b3171a91640b26c638f6e0b
Description:
CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
Affects: glibc < 2.27
(From OE-Core rev: 25bd45375fd90489a3d80955b2f0f7c800e9fc9a)
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source: https://sourceware.org
MR: 74337
Type: Security Fix
Disposition: Backport from https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
ChangeID: c8c51220e40185dd0ac3d657046e70b82cb94bee
Description:
CVE-2017-8804
sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ #21461]
Affects: glibc < 2.25
(From OE-Core rev: b7099c48641f5db6ec7831a48c9d9c5e9e9de6f9)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add backported patches from the upstream release/2.24/master branch to
fix CVE-2017-1000366. Also add a backported patch that resolves SSE
related build problems introduced by these patches.
(From OE-Core rev: 07e041138f0b037e7ddc75a33c7960668acdb8bb)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Add backported patch to fix CVE-2015-5180 from the upstream
release/2.24/master branch.
(From OE-Core rev: e8a6e3894c8aebac4aa6b0ceea021b95e94e6691)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer versions of glibc (2.26) moved the struct locale definition from
xlocale.h to bits/types/locale_t.h. For compatibility with build hosts
using this version of glibc, include this header.
See f0be25b6336db7492e47d2e8e72eb8af53b5506d in glibc
(From OE-Core rev: 4e9bb9ab2e5c603f3eb2d52ce272401c8e320cc0)
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 93b7f83a4212409a55ddf568a34468d4f6ef2c06)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add backported patch to fix CVE-2016-9843 which was fixed in zlib 1.2.9
https://nvd.nist.gov/vuln/detail/CVE-2016-9843
(From OE-Core rev: 32db742922b6e4127d65abf42905a07eca6a2255)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add backported patch to fix CVE-2016-9842 which was fixed in zlib 1.2.9
https://nvd.nist.gov/vuln/detail/CVE-2016-9842
(From OE-Core rev: 715645a1be700e132a31aa9c40da1e66dd427ae8)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add backported patch to fix CVE-2016-9841 which was fixed in zlib 1.2.9
https://nvd.nist.gov/vuln/detail/CVE-2016-9841
(From OE-Core rev: aa650d4f5eb2b671e76d7c4da3ef080e26eed543)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add backported patch to fix CVE-2016-9840 which was fixed in zlib 1.2.9
https://nvd.nist.gov/vuln/detail/CVE-2016-9840
(From OE-Core rev: c34064cceeb56806ed8ddf3aff73a3971378066c)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As per the patch
(From OE-Core rev: a0cb33b3285de03ae901e474da255efc88811c2d)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Acked-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Cherry-pick from meta-gplv2:
http://git.yoctoproject.org/cgit/cgit.cgi/meta-gplv2/commit/?id=e42ded0ee35d0aab0de8fa090eda9f1c08bcbb4c
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are generated from --help output of the host tools which is clearly
incorrect, particularly given the older nature of this recipe. Simply
disable them entirely.
(From OE-Core rev: a70dc7d38764e1835ed947599b7fcbe3cc71d5b1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cherry-pick from meta-gplv2:
http://git.yoctoproject.org/cgit/cgit.cgi/meta-gplv2/commit/?id=46349e1a8734fb94a04bf7c234c01fa175333238
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* the libc.so.6 dependency is detected always:
$ grep FILERDEPENDS BUILD-*/pkgdata/qemux86/runtime/localedef
BUILD-bad/pkgdata/qemux86/runtime/localedef:FILERDEPENDSFLIST_localedef: /usr/bin/localedef
BUILD-bad/pkgdata/qemux86/runtime/localedef:FILERDEPENDS_/usr/bin/localedef_localedef: libc.so.6(GLIBC_2.15) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.0) libc.so.6
BUILD-ok/pkgdata/qemux86/runtime/localedef:FILERDEPENDSFLIST_localedef: /usr/bin/localedef
BUILD-ok/pkgdata/qemux86/runtime/localedef:FILERDEPENDS_/usr/bin/localedef_localedef: libc.so.6(GLIBC_2.15) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.0) libc.so.6
* but in some builds the glibc dependency isn't built soon enough:
$ diff -uNr BUILD-*/pkgdata/qemux86/runtime/localedef
--- BUILD-bad/pkgdata/qemux86/runtime/localedef 2017-09-02 21:17:50.000000000 +0000
+++ BUILD-ok/pkgdata/qemux86/runtime/localedef 2017-09-11 10:15:49.954381592 +0000
@@ -6,6 +6,7 @@
LICENSE: GPLv2 & LGPLv2.1
DESCRIPTION_localedef: glibc: compile locale definition files
SUMMARY: Locale data from glibc
+RDEPENDS_localedef: glibc (>= 2.26)
SECTION: base
PKG_localedef: localedef
FILES_localedef: /usr/bin/localedef
and the build fails with QA issues:
http://errors.yoctoproject.org/Errors/Details/155529/
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.0), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.15), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.3), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.2), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.1), but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6, but no providers found in RDEPENDS_localedef? [file-rdeps]
ERROR: QA run found fatal errors. Please consider fixing them.
* reproducible with Yocto 2.2 Morty as well, with slightly different
error message:
ERROR: glibc-locale-2.24-r0 do_package_qa: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.4), but no providers found in RDEPENDS_localedef? [file-rdeps]
* cherry-picked from master 2d2b4d7383c93174fe8eeb72440e81345df71295
(From OE-Core rev: 6c6a06bb806ecd496bb1c3ad723f074ccb454076)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a unit has a statement such as User=0day where the username exists but is
strictly speaking invalid, the unit will be started as the root user instead.
Backport a patch from upstream to mitigate this by refusing to start units such
as this.
(From OE-Core rev: e56cb926c170f493ee2a9c4c63d0ecbf883d4685)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
The addition of missing.h to user-utils.c was done in v230 with 0b6b45d5.
(From OE-Core rev: b9e5a58f64e45be37b9532b20bf22d91257abbd6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd-sysv-generator translate sysv services on rcS runlevel to
services that starts before sysinit.target. This behavour conflict
with default dependency on same tartget.
String that define "DefaultDependency=no" was lost from patch for
sysv generator during porting patches to systemd 229 in commit
64ab17b707dc431aaed880d6d8615971243f46f8.
Current commit returns changes required for services that work on
rcS runlevel.
(From OE-Core rev: 5c0a87c94ab086514039f2f8d0e9b06daa2179a7)
Signed-off-by: Nikolay Merinov <n.merinov@inango-systems.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pthread_mutex functions such as pthread_cond_wait(), pthread_mutex_unlock() return
errors after PTHREAD_PRIO_INHERIT is enabled
Reference:
https://sourceware.org/bugzilla/show_bug.cgi?id=18463
Upstream patches:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f0e3925bf3b8df6940c3346db17e42615979d458
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=13cb8f76da9d9420330796f469dbf10643ba5b12
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=23b5cae1af04f2d912910fdaf73cb482265798c1
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ed19993b5b0d05d62cc883571519a67dae481a14
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2e4cf778972573221e9b87fd992844ea9b67b9bf
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=abff18c0c6055ca5d1cd46923fd1205c057139a5
This issue is Morty specific (glibc 2.24).
The issue is no longer present in glibc 2.25 (master branch).
(From OE-Core rev: 6dc1f1c3cc871d00ecd59d5aeeef86b7e6965750)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
arm: mark __startcontext as .cantunwind, GNU
CVE: CVE-2016-6323
(From OE-Core rev: e80d454711f67a9a3a2a43bb7d9ff911c4664a84)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 56210d562347eafd1433b3fbab64dd023ece421f)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you want to be able to use -fstack-protector then you need the
runtime support - you can either write this yourself or use libssp
supplied with GCC. If you're using GCC then it seems likely that you'd
just be using libssp, so include in the SDK by default; however use
RRECOMMENDS just in case it's been disabled or you aren't using GCC.
(From OE-Core rev: 6c990655e35bb3a14d59555662ec5802c9980028)
(From OE-Core rev: 69b5643ec66e1495c9d805736d8765a06f67416c)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 8daed12b4327e4c362a7af4ddc38e7a9cea2c939)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: ce06f3a0c9859df1f897583659f836234c47d2d7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier
and other products, does not offer a flag directly indicating that
the current document may be read but other files may not be opened,
which makes it easier for remote attackers to conduct XML External
Entity (XXE) attacks via a crafted document.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
(From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979)
(From OE-Core rev: 53c39f29578a4468e7f64a7403e77c28d951de6a)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[BZ 20116] -- https://sourceware.org/bugzilla/show_bug.cgi?id=20116
The commit documents the ownership rules around 'struct pthread' and
when a thread can read or write to the descriptor. With those ownership
rules in place it becomes obvious that pd->stopped_start should not be
touched in several of the paths during thread startup, particularly so
for detached threads. In the case of detached threads, between the time
the thread is created by the OS kernel and the creating thread checks
pd->stopped_start, the detached thread might have already exited and the
memory for pd unmapped. As a regression test we add a simple test which
exercises this exact case by quickly creating detached threads with
large enough stacks to ensure the thread stack cache is bypassed and the
stacks are unmapped. Before the fix the testcase segfaults, after the
fix it works correctly and completes without issue.
For a detailed discussion see:
https://www.sourceware.org/ml/libc-alpha/2017-01/msg00505.html
(cherry-picked from commit f8bf15febcaf137bbec5a61101e88cd5a9d56ca8)
(From OE-Core rev: eaa844b6ce75d68f952de67ea5145a54a1968171)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 3842dc98a471530e23305d09669d7f4bdc05a532)
Signed-off-by: Martin Balik <martin.balik@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 0354a9b7adad27b012bcd6bb6cab54dfe0297bcd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ntpd: NTP server denial of service flaw
CVE: CVE-2016-6301
(From OE-Core rev: dafbf8a9e9ed068ecbf22cc816f9a6a3a2da7aa9)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 301dc9df16cce1f4649f90af47159bc21be0de59)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IPv6 routes need the device argument for link-local routes, or they
cannot be used at all. E.g. "gateway fe80::def" seems to be used in
some places, but kernel refuses to insert the route unless device
name is explicitly specified in the route addition.
(From OE-Core rev: 4d9fcf9f2fa573218cda3a133e0da34c4185838a)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 96ed437d57316153453bb5e170a4fd4f3a95883d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These changes are required for compatibility with ConnMan, which by default
uses table ids greater than 255.
(From OE-Core rev: 8ab20681730a3cbd75ed0c7c208a30b437714915)
Signed-off-by: Lukasz Nowak <lnowak@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit e9114bdd8a83b88f59526780910c49e3092fdd57)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[Backported from master.]
We don't want to run resize on non serial consoles. There's
been an earlier attempt (6557787), so this builds upon that.
The problem we're seeing is that if there is text buffered in
the virtual console (like from a desperate user trying to
enter login details), resize will get stuck while calling
ioctl(tty, TCSETAW);
Since serial consoles are named (not just numbered), this
change limits resize's reach even further to run only on
/dev/tty[A-z] (thus avoiding /dev/tty[0-9]).
(From OE-Core rev: 00ff70dc6284a510e4fe3acfaae6b59663fd3141)
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd-tmpfiles-setup will fail at boot, so we suppress
the default versions of etc.conf and home.conf.
We also make sure that /var/{cache,spool} and /srv are writeable
if they exist.
(From OE-Core rev: a7c6129a7c9c0c7e1b729e16a60b2ca704af3f97)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream accepted the flock fix with some improvements. Backport those
changes.
(From OE-Core rev: 58c01c9ccbec416b297dacd4b917d4073c35c6fb)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 55c835c73cc41b6fc809c941c295d62a612e49e0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream have removed the file from zlib.net as a new version has
been released, switch to fetching from the official sourceforge
mirror.
[YOCTO #10879]
(From OE-Core rev: bb99e4a620efd59556539c156cd98ea23aae74c8)
(From OE-Core rev: b7599330f1d629384e16a5fbeffc1a65c1555667)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: ae3513b8e752d0dc1757fbfc681f644a3f2855b0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The NULL pointer dereferencing could produced some
security problems.
This is a preventive security fix.
(From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601)
(From OE-Core rev: 401d552f9e4ed3341e42864e566dddb2b26019dc)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ranges
Namespace nodes must be copied to avoid use-after-free errors.
But they don't necessarily have a physical representation in a
document, so simply disallow them in XPointer ranges.
(From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023)
(From OE-Core rev: cf810d5cc17cb6b9f53d21a404c89afe372accb7)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xpath:
- Check for errors after evaluating first operand.
- Add sanity check for empty stack.
- Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes
(From OE-Core rev: 96ef568f75dded56a2123b63dcc8b443f796afe0)
(From OE-Core rev: 68b0f3a0bf8dfdf49be4aed1745a7f50662c555d)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ARM stack frames for abort and raise were limited to the the actual
abort and raise call, such as:
Obtained 4 stack frames.
./test-app(print_trace+0x1c) [0x10a08]
./test-app() [0x10b3c]
/lib/libc.so.6(__default_sa_restorer+0) [0x4adae1e0]
/lib/libc.so.6(gsignal+0xa0) [0x4adacf74]
This is not terribly useful when trying to figure out what function
may have called called the abort, especially when using pthreads.
After the change the trace would now look like:
Obtained 8 stack frames.
./test-app(print_trace+0x1c) [0x10a08]
./test-app() [0x10b3c]
/lib/libc.so.6(__default_sa_restorer+0) [0x4befe1e0]
/lib/libc.so.6(gsignal+0xa0) [0x4befcf74]
/lib/libc.so.6(abort+0x134) [0x4befe358]
./test-app(dummy_function+0x50) [0x10adc]
./test-app(main+0xd4) [0x10c24]
/lib/libc.so.6(__libc_start_main+0x114) [0x4bee7a58]
(From OE-Core rev: 93bf8713d8e13c278543baea94fb8dad0cb80e49)
(From OE-Core rev: b0e6a6048fa09dceac78bf8c46d484690ff5b098)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through
2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to the XPointer range-to function.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131
Patch from:
https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
(From OE-Core rev: 640bd2b98ff33e49b42f1087650ebe20d92259a4)
(From OE-Core rev: 1e284447b9bf42e1fd6080f5a50fe01c8267a4e6)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The su binary is handled by alternatives but the man page wasn't, so
installing both util-linux-doc and shadow-doc produces errors.
Also use d.expand() to neaten the code.
(From OE-Core rev: 70a161ee88d3d54fec6d59039c181b43f1857dc3)
(From OE-Core rev: bec07530536c36b2ab2a7818a9ffc475faba27ac)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
eMMC devices may report block devices like "mmcblk0rpmb" and
"mmcblk0boot0". These are not actually block devices and any
read/write operation on them will fail. To prevent spamming error
messages attempting to mount them, just ignore these devices.
(From OE-Core rev: 9f4a85eb929f67420d9689d7dddadd120ed49843)
(From OE-Core rev: 50d97edaeb18a4c6374101d222410a3b0f344bf2)
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The manager_invoke_notify_message function in systemd 231 and earlier allows
local users to cause a denial of service (assertion failure and PID 1 hang)
via a zero-length message received over a notify socket.
The patch is a backport from the latest git repo.
Please see the link below for more information.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7795
(From OE-Core rev: 543570cafa8d7f595b489d03d05f0aa4478f8539)
(From OE-Core rev: df3f4785fc69d3ddbd30ccd954aad3d3618c5916)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When modifying the PATH variable in .bashrc, double quote characters
were used, resulting in expanding the variable $PATH with the value of
PATH of the system building the Build Appliance.
The original intent was to enter an un-expanded (literal) $PATH.
In order to that, one must use single quotes instead of double quotes.
[YOCTO#10434] [YOCTO#10504]
(From OE-Core rev: 6238faf901956e2a350315a66ca1ce557deaa513)
(From OE-Core rev: ac2b0413526df46cfdcae2d3f9add1a29fe3c2b5)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 2a59d0fa7bda78927435603e3049ce373cf6a198)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 742e6d462948cdc89e5c538c9d834ff4fb42352e)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
runqemu script fails with an error when executed in Build Appliance.
Typical use case:
$ bitbake core-image-minimal
$ runqemu qemux86
Observed error:
runqemu - ERROR - In order for this script to dynamically infer paths
...snip...
runqemu-ifup, runqemu-ifdown or ip not found
The error is caused by the fact that "ip" is located in /sbin, however /sbin is
not in user's ("builder") PATH. To fix this we add /sbin to PATH.
The simplest place to do this is in user's .bashrc.
[YOCTO#10434]
(From OE-Core rev: 7561514454c20a86e9e126af80dcf114ccd23535)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|