| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
The recent bintuils patch update breaks on older gccs such as CentOS 6.
Backport a patch to address this.
(From OE-Core rev: 76f65e73081f52cea718ef164f9d1d7a5c65d537)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is fixed by
commit 4199e3b8669d0a36448687850374fdc2ad7240b6
Author: Alan Modra <amodra@gmail.com>
Date: Wed Jan 15 21:50:55 2014 +1030
non-PIC references to __ehdr_start in pie and shared
Rather than hacking every backend to not discard dynamic relocations
against an undefined hidden __ehdr_start, make it appear to be defined
early. We want __ehdr_start hidden before size_dynamic_sections so
that it isn't put in .dynsym, but we do need the dynamic relocations
for a PIE or shared library with a non-PIC reference. Defining it
early is wrong if we don't actually define the symbol later to its
proper value. (In some cases we want to leave the symbol undefined,
for example, when the ELF header isn't loaded, and we don't have this
infomation available in before_allocation.)
So replace the existing patches with this one.
(From OE-Core rev: db37534c412ff3f1460687611060b3c4b3f95a04)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When call isohybrid with option '-u', it overflows on a 32 bits host. It
seeks to 512 bytes before the end of the image to install gpt header. If
the size of image is larger than LONG_MAX, it overflows fseek() and
cause error:
isohybrid: wrlinux-image-x86-64-20140505110100.iso: seek error - 8: Invalid argument
Replace fseek with fseeko to fix this issue.
(From OE-Core rev: 41bd9dbf6f3e0add6a9e2cb20cfcbff44d785ea4)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
v2 changes:
* update format for commit log
* add Upstream-Status for patch
commit a12eb58959d0a10584a428f4a3103a49204c410f upstream
Dpkg::Source::Patch: Outright reject C-style filenames in patches
Because patch only started recognizing C-style filenames in diffs
in version 2.7, it's not safe to assume one behaviour or the other,
as the system might or might not have a recent enough version, or
a GNU patch program at all. There's also no reason we should be
supporting this kind of strange encoded filenames in patches, when
we have not done so up to now.
Let's just ban these types of diffs and be done with it.
Fixes: CVE-2014-0471, CVE-2014-3127
Closes: #746306
[drop the text for debian/changelog,because it's not suitable
for the veriosn]
(From OE-Core rev: 2c3838443eacd3a86ea8917ea53a20248e7bdf03)
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
v2 changes:
* update format for commit log
* add Upstream-Status for patch
commit a82651188476841d190c58693f95827d61959b51 upstream
Dkpkg::Source::Patch: Correctly parse C-style diff filenames
We need to strip the surrounding quotes, and unescape any escape
sequence, so that we check the same files that the patch program will
be using, otherwise a malicious package could overpass those checks,
and perform directory traversal attacks on source package unpacking.
Fixes: CVE-2014-0471
Reported-by: Jakub Wilk <jwilk@debian.org>
[drop the text for debian/changelog,because it's not suitable
for the veriosn]
(From OE-Core rev: 81880b34a8261e824c5acafaa4cb321908e554a0)
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The gengtype patch we apply to gcc aims to ensure that the build and host
config headers don't get confused. We're seeing build failures where
both headers have been included, likely due to a race over the configuration
files.
It seems the gengtype-lex.c file isn't being regenerated when it should
and the unconditional inclusion of bconfig.h is resulting in these issues.
The fix is therefore to remove the file, forcing its regeneration.
[YOCTO #6393]
(From OE-Core rev: dd649374b30eb2d9980dce6eae95db0563593ef7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
The correct cpu options are needed in order to correctly run some CPU
types. This information is available in QEMU_OPTIONS, use it. This
avoids architectures like qemuppc failing postinstalls.
(From OE-Core rev: 3d9c0cbf1f9b9802d7374c4fa1672c26fc5db5cb)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Hardcoded paths to perl don't make sense, use from the environment instead.
[Patch taken from meta-mentor by RP]
(From OE-Core rev: 8072f26f7304ff5367d5be357037644cb1f6241e)
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems that there are multiple problems with the upstream RUNTIME_PREFIX
mechanism at this time. It doesn't canonicalize argv[0] to an absolute path,
breaking calls via the PATH, for example. In addition, it doesn't seem to
locate template_dir via the runtime prefix even when specified as relative.
Revert this for now to the previous wrapper-based mechanism, but tweaked
slightly to avoid hardcoding the sysroot path into the wrapper (based on the
bits in the rpm recipe).
[YOCTO #6211]
[Pulled from meta-mentor by RP]
(From OE-Core rev: 85ce11e7b5402cc443adb8007c0e5d01f914fa74)
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Both busybox and e2fsprogs provide chattr, ensure that they are delivered
to the same location and use update-alternatives to ensure the correct
links are there.
[YOCTO #6407]
(From OE-Core rev: 23f1dddbf9cf783d90040b67978d1291b16a13de)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We've seeing occasional debugedit failures in grub during do_package
which in turn are coming from section alignment failures from libelf.
The failures occur when gold is used to link grub instead of ld.bfd.
"readelf -e uhci.module" shows:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[12] .note.GNU-stack PROGBITS 00000000 0010ce 000000 00 0 0 1
in a good build and:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[24] .note.GNU-stack PROGBITS 00000000 009180 000000 00 0 0 0
in a bad build. The problem is the "Al" (alignment) change from 1 to 0.
If its 0, debugedit complains.
As far as I can tell, the alignment of a zero length section is not
an issue and the check in libelf should check the section size and only
give alignment errors if there is some data to align.
(From OE-Core rev: b34447fa5223b4e0be49594aaf0254defd69bbd1)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
variable is called 'libexecdir', not 'libxecdir'.
(From OE-Core rev: 92fc79690374aceaa3b821013cfe25604b1db18a)
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When building on XFS filesystems, the resulting rpms can be corrupted
with the same inode number being used for multiple hardlinked files.
There are two fixes, one to stop rpm crashing when accessing a broken
binary rpm, the other to stop generating them in the first places. Full
descriptions in the patch headers.
(From OE-Core rev: d20d3476157b7c949b0077cad0ab1e8716d6162a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
python-gst needs python shared library in python config directory.
(From OE-Core rev: 7a3b7d70a0cc4cdef81bb63fdac7de8f1309d1fc)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
importlib isn't currently included in any of the python packages, so
create a new one for recipes that require it.
Cc: Paul Eggleton <paul.eggleton@linux.intel.com>
(From OE-Core rev: b3dae96d9fdb4e26101f6f7edc6e65989375a5a2)
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade autogen-native from 2.18.2 to 2.18.3.
A patch is made to fix the compilation error.
(From OE-Core rev: 84052c30c7e4b845543c9704945170a55734343e)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Upgrade file from 5.17 to 5.18.
(From OE-Core rev: 6167e415e63366c606c8366abda7edfa21d68b58)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The usual autoheader warning is due to AC_DEFINE variables not having a
description. This results in no variable being defined in config.h, which leads
to code behaving as if the test failed when it actually succeeded.
This patch was introduced to OpenEmbedded back in 2004:
http://git.openembedded.org/openembedded/commit/?id=5eab06d132cb2895fd579f5cedffbb54c27794f8
There is no rationale for the patch so I suspect this is due to the warnings
being fatal and the submitter not understanding that the problem is more than
cosmetic.
(From OE-Core rev: de5fb9d7f60763082327ddeca71842c00a2fa23e)
(From OE-Core rev: dd9c3d7bc946ff44e0ca90f4e345711d6ad21728)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
importlib isn't currently included in any of the python packages, so
create a new one for recipes that require it.
Cc: Paul Eggleton <paul.eggleton@linux.intel.com>
(From OE-Core rev: b17d2e1838f1f1c3310926a4f3eed375898c60f3)
Signed-off-by: Matt Fleming <matt.fleming@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add 'm4-biarch.m4-tweak-AC_RUN_IFELSE-for-cross-compiling.patch' to fix cross compiling failure;
Rebase 'elf_additions.diff' for 0.158;
Drop obsolete patches:
- nm-Fix-size-passed-to-snprintf-for-invalid-sh_name-case.patch
- elfutils-ar-c-fix-num-passed-to-memset.patch
- fix-build-gcc-4.8.patch
Pick patches from debian:
http://ftp.de.debian.org/debian/pool/main/e/elfutils/elfutils_0.158-2.debian.tar.xz
We could not directly add elfutils_0.158-2.debian.tar.xz to SRC_URI, because it
contains other souce codes which are not pathces.
(From OE-Core rev: d9c7a02240ce37d5b2569d9177e8ba534b9295ce)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
These recipes all use pkg-config in some way but were missing
dependencies on the tool, this patch adds them.
(From OE-Core rev: 2543b14dd0ca13005be0df027543431fc8e882ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
- switched to ${BP} variable.
- updated download link;
- fxrstorssefix.patch no longer needed, superseded;
(From OE-Core rev: b6f6e389b68468266926856bd318c245696ea932)
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 6433f5d68eba1ce7306fbfb19265ea6786715d7c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 9c9da40b6de2cd29378e56fef643305872a52f62)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The do_configure_prepend was duplicated in gcc-4.X.inc and
gcc-configure-common.inc leading to confusion when reading the resulting
do_configure task where the file was processed twice.
The only difference was the removal of the include line for gcc 4.8/4.9.
On mingw were were seeing two issues, firstly that the if statements meant
the values we wanted weren't being set, the second that the include
paths were still wrong as there was no header path set.
To fix the first issue, the #ifdef conditionals were removed, we want
to set these things unconditionally. The second issue is addressed by
setting the NATIVE_SYSTEM_HEADER_DIR variable here (it was already
set in t-oe).
(From OE-Core rev: db44be06c75f2ac17a55dd1764471e869e872b8b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Recent changes in opkg-utils allow package files to be stored in a different
directory to the package index if desired.
(From OE-Core rev: 237b9700d449de03a3f5dc524c15709f46941cf9)
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 68a0e34260f884f6fb39aae2d0bad035b2b1d177)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
This will help autotools based packages to recognise
musl
(From OE-Core rev: a51f790bd657011d871aab603d1695937bfa2033)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
[OE-core bug #6270] - https://bugzilla.yoctoproject.org/show_bug.cgi?id=6270
(From OE-Core rev: 8f8ef80131d4aa62a4b106d365a5e7b6273c766d)
Signed-off-by: Alexandru-Cezar Sardan <alexandru.sardan-KZfg59tc24xl57MIdRCFDg@public.gmane.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
i2c-tools has been sitting outside of oe-core for long enough now. It is
a required tool for board validation, and many people are pulling it
into their builds and their own layers. Let's add it to the core.
This patch includes the i2c-tools recipe from meta-oe as of:
commit 9df13b4140e8c6bfa0e4fb89107a6146981d2cdc
Author: Khem Raj <raj.khem@gmail.com>
Date: 2014-04-26
i2c-tools: Fix build when S != B
(From OE-Core rev: 32ac58819580d359e22161be1abf62215d202250)
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Cc: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Cc: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The fchmodat-permissions patch was fine for the fchmod case, but
had the unintended side effect of disregarding umask settings for
open, mknod, mkdir, and their close relatives. Start tracking umask
and masking the umask bits out where appropriate.
(From OE-Core rev: ce23c1cc33a015fbd184df6c16658353334ab611)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cmake recipe doesn't depend on libacl yet cmake will detect libacl.h
and use it by default. This risks build failures if libacl.h is unstaged
during the build and it also means that the build cmake will sometimes
support ACLs and sometimes not.
This can be avoided by setting ENABLE_ACL=0 but until the fix for
http://cmake.org/Bug/view.php?id=14866 is released we also need to set
HAVE_ACL_LIBACL_H=0.
(From OE-Core rev: e76973b4ef687c5b36ed6f9eb202322ae4af9b9f)
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change the logic that generates the perl-modules recommends to be an include
filter instead of an exclude filter, so that new sub-packages don't become
dependants of perl-modules (such as perl-ptest).
[ YOCTO #6203 ]
(From OE-Core rev: 94e164c5b5316e2797c5bab51d127935002c6008)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0,
5.14.0, and other versions, when running with debugging enabled,
allows context-dependent attackers to cause a denial of service
(assertion failure and application exit) via crafted input that
is not properly handled when using certain regular expressions,
as demonstrated by causing SpamAssassin and OCSInventory to
crash.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777
(From OE-Core rev: 368df9f13ddf124e6aaaec06c02ab698c9e0b6c3)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It turns out that pseudo's decision not to report errors from
the host system's fchmodat() can break GNU tar in a very strange
way, resulting in directories being mode 0700 instead of whatever
they should have been.
Additionally, it turns out that if you make directories in your
rootfs mode 777, that results in the local copies being mode 777,
which could allow a hypothetical attacker with access to the
machine to add files to your rootfs image. We should mask out
the 022 bits when making actual mode changes in the rootfs.
This patch represents a backport to the 1.5.1 branch of three
patches from the 1.6 branch, because it took a couple of tries
to get this quite right.
(From OE-Core rev: 45371858129bbad8f4cfb874e237374a5ba8db4c)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We apply this patch to the python recipe already. Without this patch
the zeroc-ice-native recipe will not build.
See: http://bugs.python.org/issue17547 for more details.
(From OE-Core rev: 2335a8ed3748e687e7f34f21f27f8e4029d1e26b)
Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade guile to 2.0.11 version and remove unneeded patch since
it's included in new version.
(From OE-Core rev: f1727bb18f35ff01e53d3d442a6ff3c613639fa6)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade flex to 2.5.39 version.
(From OE-Core rev: 701f1ae89926306dfbd19786fe0ddabc36fb485c)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upgrade quilt to 0.63 version and add perl-module-text-parsewords to
RDEPENDS of ptest.
(From OE-Core rev: 48c09163db18634e3071009b94645812ade285f4)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277
(From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847
(From OE-Core rev: 3962b76185194fa56be7f1689204a1188ea44737)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845
(From OE-Core rev: 432666b84b80f8b0d13672aa94855369f577c56d)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131
(From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505
(From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.
(From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There might be an error when parallel build:
[snip]
cp: cannot create directory `tmp/sysroots/x86_64-linux/usr/share/
syslinux/com32/include/gplinclude': No such file or directory
make[4]: *** [install] Error 1
make[3]: *** [gpllib] Error 2
[snip]
This is a potential issue. In ${S}/com32/gpllib/Makefile file,
install target wants to copy $(SRC)/../gplinclude to
$(INSTALLROOT)$(COM32DIR)/include/ directory, but in ${S}/com32/lib/Makefile
file, the install target will remove $(INSTALLROOT)$(COM32DIR)/include
directory. We need to do com32/lib first.
The patch make com32/gpllib depends on com32/lib to fix this issue.
(From OE-Core rev: cae1a039658cfb47390650ad5b56536ff19e1217)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
qemu configure will search for libssh2 if we do not enable or
disable it's use, resulting in non-deterministic builds. We
define PACKAGECONFIG[] to avoid this.
(From OE-Core rev: ecb819b12a89e4e944974068d2e20ed226979317)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add PACKAGECONFIG for 'babeltrace' so that we don't have the implicit
dependency which might lead to problems when building images.
As an example of showing what problem we might have without this patch,
see the following steps which would lead to a failure.
1. IMAGE_INSTALL_append = " gdb"
2. bitbake babeltrace
3. bitbake gdb
4. bitbake babeltrace -ccleansstate
5. bitbake core-image-minimal
The rootfs process would fail with the following error message.
error: Can't install gdb-7.7-r0@i586: no package provides babeltrace >= 1.2.1+git0+66c2a20b43
(From OE-Core rev: 3c34d9391136b09bc2e7b0bda6cdc96507845c4b)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Build success for qemux86-64, and test on core-image-minimal.
(From OE-Core rev: 791302c5842bac59e47fc6f096cc3d4ce3ce57a9)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
[YOCTO #6309]
It appears a logic issue has caused rpm -V to no longer
verify the files on the filesystem match what was installed.
(From OE-Core rev: 117862cd0eebf6887c2ea6cc353432caee2653aa)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
