summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
Commit message (Collapse)AuthorAgeFilesLines
* fixupRichard Purdie2018-04-041-33/+11
| | | | | | (From OE-Core rev: e1faf9ac7e89d33aba33547ede19a10aaa034207) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cross-localedef-native: add way to specify which locale archive to writeRoss Burton2018-04-042-0/+40
| | | | | | | | | | | | | | | localedef has no way to specify which locale archive to use, and the compile-time default isn't useful as it points to the work directory. Add support to read an environmental variable for the path, and don't fail to write a new locale archive. (From OE-Core rev: bf0f205a3c3714926649bd69db29e4df1c0ea112) (From OE-Core rev: 38b0e8d9b1944a955e4ed682184dafdce20db4b9) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* populate_sdk: install UTF-8 locales in SDKsRoss Burton2018-04-041-1/+0
| | | | | | | | | | | | | | | | | | | | | | As glibc 2.27 can't read older locale-archives, SDKs using glibc 2.27 on hosts using glibc earlier than 2.27 won't be able to find any locales, so bitbake won't start and Python can't use UTF-8. So by default install all locales into the SDK. Special-case Extensible SDKs by installing no locales as they ship glibc in a buildtools, and that will have the locales. Locale installation requires cross-localedef, so add that to DEPENDS. Also remove the explicit en_US addition in buildtools-tarball as it is now redundant. (From OE-Core rev: 96896568d197cd06302713c24c0f7d91bfaea6c1) (From OE-Core rev: 385dd115d00aabbcd970ef6b62353480d87a5a55) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: relocate locale paths in nativesdkRoss Burton2018-04-042-0/+56
| | | | | | | | | | | | nativesdk is built with a specific prefix but this will be different at install time, however glibc hard-codes the path to locale files. Expand these strings to 4K and move them to a magic segment which we can relocate when the SDK is installed. (From OE-Core rev: 59e0679378aac27c4fea0b06721e0a184a93c100) (From OE-Core rev: c1f220f89496de51d3aa6eacd42cd8d3ddaad104) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: don't use host locales in nativesdkRoss Burton2018-04-041-6/+0
| | | | | | | | | (From OE-Core rev: d7ded85766852689a0d774c896a11d0609004ab2) (From OE-Core rev: 152e045f42a66a0f74f6c097213f023c2c740292) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glib.inc: set CVE_PRODUCT to glibMikko Rapeli2018-01-071-0/+2
| | | | | | | | | | | | | | | NVD uses product glib and vendor gnome for CVE's like: https://nvd.nist.gov/vuln/detail/CVE-2016-6855 (From OE-Core rev: 4d4d07650d600fcb8fb1de8592494c3a9e4189ce) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 69d6342d45316389afb4b062088919689db0a6dd) Signed-off-by: Ruslan Ruslichenko <rruslich@cisco.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc-common.inc: set CVE_PRODUCT to glibcMikko Rapeli2018-01-071-0/+1
| | | | | | | | | | | | | All recipes which include this .inc map to glibc NVD component. (From OE-Core rev: 221266dcf1f8825b5e4cf397d67cf535facca7e7) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 613a13725db4e05539974cc7c66584a287d7b4bd) Signed-off-by: Ruslan Ruslichenko <rruslich@cisco.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to morty head revisionyocto-2.2.3morty-16.0.3Richard Purdie2017-12-141-1/+1
| | | | | | (From OE-Core rev: 1718f0a6c1de9c23660a9bebfd4420e3c4ed37e6) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: fixes mips64 login issueArmin Kuster2017-12-092-2/+671
| | | | | | | | | | | | | | | | With out this patch, one can not login to a mips64 machine like qumumips64 or Octeon mips64 when systemd is enabled. remove PACKAGECONFIG option too affects: systemd < 2.3.1 Reviewed-by: Jeremy Puhlman <jpuhlman@mvista.com> (From OE-Core rev: ce97fa3c673c7adc7a1fb81e0fd47f103fe281de) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2017-15670Thiruvadi Rajaraman2017-12-092-0/+39
| | | | | | | | | | | | | | | | | | | Source: git://sourceware.org/git/glibc.git MR: 76647 Type: Security Fix Disposition: Backport from glibc-2.27 ChangeID: f4494e472d36748c2b3171a91640b26c638f6e0b Description: CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320] Affects: glibc < 2.27 (From OE-Core rev: 25bd45375fd90489a3d80955b2f0f7c800e9fc9a) Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Security fix for CVE-2017-8804Rajkumar Veer2017-12-092-0/+233
| | | | | | | | | | | | | | | | | | | | | Source: https://sourceware.org MR: 74337 Type: Security Fix Disposition: Backport from https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html ChangeID: c8c51220e40185dd0ac3d657046e70b82cb94bee Description: CVE-2017-8804 sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ #21461] Affects: glibc < 2.25 (From OE-Core rev: b7099c48641f5db6ec7831a48c9d9c5e9e9de6f9) Signed-off-by: Rajkumar Veer <rveer@mvista.com> Reviewed-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Fix CVE-2017-1000366George McCollister2017-12-095-0/+513
| | | | | | | | | | | | Add backported patches from the upstream release/2.24/master branch to fix CVE-2017-1000366. Also add a backported patch that resolves SSE related build problems introduced by these patches. (From OE-Core rev: 07e041138f0b037e7ddc75a33c7960668acdb8bb) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Fix CVE-2015-5180George McCollister2017-12-092-0/+358
| | | | | | | | | | | Add backported patch to fix CVE-2015-5180 from the upstream release/2.24/master branch. (From OE-Core rev: e8a6e3894c8aebac4aa6b0ceea021b95e94e6691) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cross-localedef-native: Include locale_t.hJoshua Watt2017-12-072-0/+28
| | | | | | | | | | | | | Newer versions of glibc (2.26) moved the struct locale definition from xlocale.h to bits/types/locale_t.h. For compatibility with build hosts using this version of glibc, include this header. See f0be25b6336db7492e47d2e8e72eb8af53b5506d in glibc (From OE-Core rev: 4e9bb9ab2e5c603f3eb2d52ce272401c8e320cc0) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to morty head revisionRichard Purdie2017-11-221-1/+1
| | | | | | (From OE-Core rev: 93b7f83a4212409a55ddf568a34468d4f6ef2c06) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* zlib: Fix CVE-2016-9843George McCollister2017-11-212-0/+56
| | | | | | | | | | | | Add backported patch to fix CVE-2016-9843 which was fixed in zlib 1.2.9 https://nvd.nist.gov/vuln/detail/CVE-2016-9843 (From OE-Core rev: 32db742922b6e4127d65abf42905a07eca6a2255) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* zlib: Fix CVE-2016-9842George McCollister2017-11-212-0/+36
| | | | | | | | | | | | Add backported patch to fix CVE-2016-9842 which was fixed in zlib 1.2.9 https://nvd.nist.gov/vuln/detail/CVE-2016-9842 (From OE-Core rev: 715645a1be700e132a31aa9c40da1e66dd427ae8) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* zlib: Fix CVE-2016-9841George McCollister2017-11-212-0/+231
| | | | | | | | | | | | Add backported patch to fix CVE-2016-9841 which was fixed in zlib 1.2.9 https://nvd.nist.gov/vuln/detail/CVE-2016-9841 (From OE-Core rev: aa650d4f5eb2b671e76d7c4da3ef080e26eed543) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* zlib: Fix CVE-2016-9840George McCollister2017-11-212-0/+78
| | | | | | | | | | | | Add backported patch to fix CVE-2016-9840 which was fixed in zlib 1.2.9 https://nvd.nist.gov/vuln/detail/CVE-2016-9840 (From OE-Core rev: c34064cceeb56806ed8ddf3aff73a3971378066c) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* coreutils_6.9: fix musl compilationAndré Draszik2017-11-212-0/+47
| | | | | | | | | | | | | | | | | | As per the patch (From OE-Core rev: a0cb33b3285de03ae901e474da255efc88811c2d) Signed-off-by: André Draszik <adraszik@tycoint.com> Acked-by: Sylvain Lemieux <slemieux@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Cherry-pick from meta-gplv2: http://git.yoctoproject.org/cgit/cgit.cgi/meta-gplv2/commit/?id=e42ded0ee35d0aab0de8fa090eda9f1c08bcbb4c Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* coreutils_6.9: Disable broken man pagesRichard Purdie2017-11-212-0/+22
| | | | | | | | | | | | | | | | | | These are generated from --help output of the host tools which is clearly incorrect, particularly given the older nature of this recipe. Simply disable them entirely. (From OE-Core rev: a70dc7d38764e1835ed947599b7fcbe3cc71d5b1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Cherry-pick from meta-gplv2: http://git.yoctoproject.org/cgit/cgit.cgi/meta-gplv2/commit/?id=46349e1a8734fb94a04bf7c234c01fa175333238 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc-locale: add runtime dependency on glibcMartin Jansa2017-09-131-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * the libc.so.6 dependency is detected always: $ grep FILERDEPENDS BUILD-*/pkgdata/qemux86/runtime/localedef BUILD-bad/pkgdata/qemux86/runtime/localedef:FILERDEPENDSFLIST_localedef: /usr/bin/localedef BUILD-bad/pkgdata/qemux86/runtime/localedef:FILERDEPENDS_/usr/bin/localedef_localedef: libc.so.6(GLIBC_2.15) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.0) libc.so.6 BUILD-ok/pkgdata/qemux86/runtime/localedef:FILERDEPENDSFLIST_localedef: /usr/bin/localedef BUILD-ok/pkgdata/qemux86/runtime/localedef:FILERDEPENDS_/usr/bin/localedef_localedef: libc.so.6(GLIBC_2.15) libc.so.6(GLIBC_2.3) libc.so.6(GLIBC_2.2) libc.so.6(GLIBC_2.1) libc.so.6(GLIBC_2.0) libc.so.6 * but in some builds the glibc dependency isn't built soon enough: $ diff -uNr BUILD-*/pkgdata/qemux86/runtime/localedef --- BUILD-bad/pkgdata/qemux86/runtime/localedef 2017-09-02 21:17:50.000000000 +0000 +++ BUILD-ok/pkgdata/qemux86/runtime/localedef 2017-09-11 10:15:49.954381592 +0000 @@ -6,6 +6,7 @@ LICENSE: GPLv2 & LGPLv2.1 DESCRIPTION_localedef: glibc: compile locale definition files SUMMARY: Locale data from glibc +RDEPENDS_localedef: glibc (>= 2.26) SECTION: base PKG_localedef: localedef FILES_localedef: /usr/bin/localedef and the build fails with QA issues: http://errors.yoctoproject.org/Errors/Details/155529/ ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.0), but no providers found in RDEPENDS_localedef? [file-rdeps] ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.15), but no providers found in RDEPENDS_localedef? [file-rdeps] ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.3), but no providers found in RDEPENDS_localedef? [file-rdeps] ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.2), but no providers found in RDEPENDS_localedef? [file-rdeps] ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.1), but no providers found in RDEPENDS_localedef? [file-rdeps] ERROR: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6, but no providers found in RDEPENDS_localedef? [file-rdeps] ERROR: QA run found fatal errors. Please consider fixing them. * reproducible with Yocto 2.2 Morty as well, with slightly different error message: ERROR: glibc-locale-2.24-r0 do_package_qa: QA Issue: /usr/bin/localedef contained in package localedef requires libc.so.6(GLIBC_2.4), but no providers found in RDEPENDS_localedef? [file-rdeps] * cherry-picked from master 2d2b4d7383c93174fe8eeb72440e81345df71295 (From OE-Core rev: 6c6a06bb806ecd496bb1c3ad723f074ccb454076) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: refuse to load units with errors (CVE-2017-1000082)Ross Burton2017-08-292-0/+857
| | | | | | | | | | | | | | If a unit has a statement such as User=0day where the username exists but is strictly speaking invalid, the unit will be started as the root user instead. Backport a patch from upstream to mitigate this by refusing to start units such as this. (From OE-Core rev: e56cb926c170f493ee2a9c4c63d0ecbf883d4685) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: remove upstreamed patchRoss Burton2017-08-292-28/+0
| | | | | | | | | | The addition of missing.h to user-utils.c was done in v230 with 0b6b45d5. (From OE-Core rev: b9e5a58f64e45be37b9532b20bf22d91257abbd6) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: Disable DefaultDependencies for sysv scripts on rcS runlevelNikolay Merinov2017-08-291-4/+14
| | | | | | | | | | | | | | | | | | | systemd-sysv-generator translate sysv services on rcS runlevel to services that starts before sysinit.target. This behavour conflict with default dependency on same tartget. String that define "DefaultDependency=no" was lost from patch for sysv generator during porting patches to systemd 229 in commit 64ab17b707dc431aaed880d6d8615971243f46f8. Current commit returns changes required for services that work on rcS runlevel. (From OE-Core rev: 5c0a87c94ab086514039f2f8d0e9b06daa2179a7) Signed-off-by: Nikolay Merinov <n.merinov@inango-systems.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: fix pthread_cond_broadcast issue (arm)Catalin Enache2017-08-297-0/+10786
| | | | | | | | | | | | | | | | | | | | | | | | | pthread_mutex functions such as pthread_cond_wait(), pthread_mutex_unlock() return errors after PTHREAD_PRIO_INHERIT is enabled Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=18463 Upstream patches: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f0e3925bf3b8df6940c3346db17e42615979d458 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=13cb8f76da9d9420330796f469dbf10643ba5b12 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=23b5cae1af04f2d912910fdaf73cb482265798c1 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ed19993b5b0d05d62cc883571519a67dae481a14 https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2e4cf778972573221e9b87fd992844ea9b67b9bf https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=abff18c0c6055ca5d1cd46923fd1205c057139a5 This issue is Morty specific (glibc 2.24). The issue is no longer present in glibc 2.25 (master branch). (From OE-Core rev: 6dc1f1c3cc871d00ecd59d5aeeef86b7e6965750) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Security fix CVE-2016-6323Armin Kuster2017-08-292-0/+40
| | | | | | | | | | | | arm: mark __startcontext as .cantunwind, GNU CVE: CVE-2016-6323 (From OE-Core rev: e80d454711f67a9a3a2a43bb7d9ff911c4664a84) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* eudev: set LGPL-2.1+ for libudev packageMartin Jansa2017-08-291-1/+2
| | | | | | | | (From OE-Core rev: 56210d562347eafd1433b3fbab64dd023ece421f) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* packagegroup-core-standalone-sdk-target: add libsspPaul Eggleton2017-08-291-0/+5
| | | | | | | | | | | | | | | | | | If you want to be able to use -fstack-protector then you need the runtime support - you can either write this yourself or use libssp supplied with GCC. If you're using GCC then it seems likely that you'd just be using libssp, so include in the SDK by default; however use RRECOMMENDS just in case it's been disabled or you aren't using GCC. (From OE-Core rev: 6c990655e35bb3a14d59555662ec5802c9980028) (From OE-Core rev: 69b5643ec66e1495c9d805736d8765a06f67416c) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to morty head revisionRichard Purdie2017-05-291-1/+1
| | | | | | (From OE-Core rev: 8daed12b4327e4c362a7af4ddc38e7a9cea2c939) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to morty head revisionRichard Purdie2017-05-251-1/+1
| | | | | | (From OE-Core rev: ce06f3a0c9859df1f897583659f836234c47d2d7) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: CVE-2016-9318Catalin Enache2017-05-182-0/+208
| | | | | | | | | | | | | | | | | | | | | | | | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) (From OE-Core rev: 53c39f29578a4468e7f64a7403e77c28d951de6a) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Fix use after free in pthread_create()Yuanjie Huang2017-05-182-0/+669
| | | | | | | | | | | | | | | | | | | | | | | | | | | | [BZ 20116] -- https://sourceware.org/bugzilla/show_bug.cgi?id=20116 The commit documents the ownership rules around 'struct pthread' and when a thread can read or write to the descriptor. With those ownership rules in place it becomes obvious that pd->stopped_start should not be touched in several of the paths during thread startup, particularly so for detached threads. In the case of detached threads, between the time the thread is created by the OS kernel and the creating thread checks pd->stopped_start, the detached thread might have already exited and the memory for pd unmapped. As a regression test we add a simple test which exercises this exact case by quickly creating detached threads with large enough stacks to ensure the thread stack cache is bypassed and the stacks are unmapped. Before the fix the testcase segfaults, after the fix it works correctly and completes without issue. For a detailed discussion see: https://www.sourceware.org/ml/libc-alpha/2017-01/msg00505.html (cherry-picked from commit f8bf15febcaf137bbec5a61101e88cd5a9d56ca8) (From OE-Core rev: eaa844b6ce75d68f952de67ea5145a54a1968171) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: Security fix BUG9071Martin Balik2017-05-182-0/+54
| | | | | | | | | | | (From OE-Core rev: 3842dc98a471530e23305d09669d7f4bdc05a532) Signed-off-by: Martin Balik <martin.balik@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 0354a9b7adad27b012bcd6bb6cab54dfe0297bcd) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: Security fix CVE-2016-6301Andrej Valek2017-05-182-0/+38
| | | | | | | | | | | | | | ntpd: NTP server denial of service flaw CVE: CVE-2016-6301 (From OE-Core rev: dafbf8a9e9ed068ecbf22cc816f9a6a3a2da7aa9) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 301dc9df16cce1f4649f90af47159bc21be0de59) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: ifupdown:pass interface device name for ipv6 route commandHaiqing Bai2017-05-182-0/+53
| | | | | | | | | | | | | | | IPv6 routes need the device argument for link-local routes, or they cannot be used at all. E.g. "gateway fe80::def" seems to be used in some places, but kernel refuses to insert the route unless device name is explicitly specified in the route addition. (From OE-Core rev: 4d9fcf9f2fa573218cda3a133e0da34c4185838a) Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 96ed437d57316153453bb5e170a4fd4f3a95883d) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: allow libiproute to handle table ids larger than 255Lukasz Nowak2017-05-182-0/+135
| | | | | | | | | | | | | These changes are required for compatibility with ConnMan, which by default uses table ids greater than 255. (From OE-Core rev: 8ab20681730a3cbd75ed0c7c208a30b437714915) Signed-off-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit e9114bdd8a83b88f59526780910c49e3092fdd57) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* base-files: resize only serial tty's in profileDaniel Díaz2017-05-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | [Backported from master.] We don't want to run resize on non serial consoles. There's been an earlier attempt (6557787), so this builds upon that. The problem we're seeing is that if there is text buffered in the virtual console (like from a desperate user trying to enter login details), resize will get stuck while calling ioctl(tty, TCSETAW); Since serial consoles are named (not just numbered), this change limits resize's reach even further to run only on /dev/tty[A-z] (thus avoiding /dev/tty[0-9]). (From OE-Core rev: 00ff70dc6284a510e4fe3acfaae6b59663fd3141) Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* volatile-binds: correct some errors reported by systemdJoe Slater2017-05-181-0/+9
| | | | | | | | | | | | | | systemd-tmpfiles-setup will fail at boot, so we suppress the default versions of etc.conf and home.conf. We also make sure that /var/{cache,spool} and /srv are writeable if they exist. (From OE-Core rev: a7c6129a7c9c0c7e1b729e16a60b2ca704af3f97) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: refresh the flock patchMaxin John2017-05-181-43/+34
| | | | | | | | | | | | Upstream accepted the flock fix with some improvements. Backport those changes. (From OE-Core rev: 58c01c9ccbec416b297dacd4b917d4073c35c6fb) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to morty head revisionyocto-2.2.1morty-16.0.1Richard Purdie2017-02-081-1/+1
| | | | | | (From OE-Core rev: 55c835c73cc41b6fc809c941c295d62a612e49e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* zlib: update SRC_URI to fix fetchingJoshua Lock2017-01-121-1/+1
| | | | | | | | | | | | | | | | Upstream have removed the file from zlib.net as a new version has been released, switch to fetching from the official sourceforge mirror. [YOCTO #10879] (From OE-Core rev: bb99e4a620efd59556539c156cd98ea23aae74c8) (From OE-Core rev: b7599330f1d629384e16a5fbeffc1a65c1555667) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to morty head revisionRichard Purdie2017-01-111-1/+1
| | | | | | (From OE-Core rev: ae3513b8e752d0dc1757fbfc681f644a3f2855b0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Fix more NULL pointer derefsAndrej Valek2017-01-112-0/+47
| | | | | | | | | | | | | | | | | The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. (From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601) (From OE-Core rev: 401d552f9e4ed3341e42864e566dddb2b26019dc) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ↵Andrej Valek2017-01-112-0/+270
| | | | | | | | | | | | | | | | | | | ranges Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. (From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023) (From OE-Core rev: cf810d5cc17cb6b9f53d21a404c89afe372accb7) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Necessary changes before fixing CVE-2016-5131Andrej Valek2017-01-112-0/+68
| | | | | | | | | | | | | | | | | | xpath: - Check for errors after evaluating first operand. - Add sanity check for empty stack. - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes (From OE-Core rev: 96ef568f75dded56a2123b63dcc8b443f796afe0) (From OE-Core rev: 68b0f3a0bf8dfdf49be4aed1745a7f50662c555d) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Enable backtrace from abort on ARMYuanjie Huang2017-01-111-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ARM stack frames for abort and raise were limited to the the actual abort and raise call, such as: Obtained 4 stack frames. ./test-app(print_trace+0x1c) [0x10a08] ./test-app() [0x10b3c] /lib/libc.so.6(__default_sa_restorer+0) [0x4adae1e0] /lib/libc.so.6(gsignal+0xa0) [0x4adacf74] This is not terribly useful when trying to figure out what function may have called called the abort, especially when using pthreads. After the change the trace would now look like: Obtained 8 stack frames. ./test-app(print_trace+0x1c) [0x10a08] ./test-app() [0x10b3c] /lib/libc.so.6(__default_sa_restorer+0) [0x4befe1e0] /lib/libc.so.6(gsignal+0xa0) [0x4befcf74] /lib/libc.so.6(abort+0x134) [0x4befe358] ./test-app(dummy_function+0x50) [0x10adc] ./test-app(main+0xd4) [0x10c24] /lib/libc.so.6(__libc_start_main+0x114) [0x4bee7a58] (From OE-Core rev: 93bf8713d8e13c278543baea94fb8dad0cb80e49) (From OE-Core rev: b0e6a6048fa09dceac78bf8c46d484690ff5b098) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Security fix CVE-2016-5131Yi Zhao2017-01-112-0/+181
| | | | | | | | | | | | | | | | | | | | | | | CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131 Patch from: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e (From OE-Core rev: 640bd2b98ff33e49b42f1087650ebe20d92259a4) (From OE-Core rev: 1e284447b9bf42e1fd6080f5a50fe01c8267a4e6) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* util-linux: add su.1 to update-alternativesRoss Burton2016-11-161-3/+5
| | | | | | | | | | | | | | | | The su binary is handled by alternatives but the man page wasn't, so installing both util-linux-doc and shadow-doc produces errors. Also use d.expand() to neaten the code. (From OE-Core rev: 70a161ee88d3d54fec6d59039c181b43f1857dc3) (From OE-Core rev: bec07530536c36b2ab2a7818a9ffc475faba27ac) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox/mdev.conf: Ignore eMMC RPMB and boot block devicesMike Looijmans2016-11-161-0/+2
| | | | | | | | | | | | | | | | | eMMC devices may report block devices like "mmcblk0rpmb" and "mmcblk0boot0". These are not actually block devices and any read/write operation on them will fail. To prevent spamming error messages attempting to mount them, just ignore these devices. (From OE-Core rev: 9f4a85eb929f67420d9689d7dddadd120ed49843) (From OE-Core rev: 50d97edaeb18a4c6374101d222410a3b0f344bf2) Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-11 10:01:29 +0000