summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* python-2.7: Security fix CVE-2016-1000110Armin Kuster2016-12-062-0/+146
| | | | | | | | | affects python-2.7 < 2.7.12 (From OE-Core rev: eda260094a793f96ee0b8a79d3266f64797ccc8d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-2.7: Security fix CVE-2016-5699Armin Kuster2016-12-062-0/+163
| | | | | | | | | affect python-2.7 < 2.7.10 (From OE-Core rev: 1b16f5238460f65168851d5cdf74e7e0e64f6bdf) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-2.7: Security fix CVE-2016-5636Armin Kuster2016-12-062-0/+43
| | | | | | | | | Affects python-2.7 < 2.7.12 (From OE-Core rev: d25b86ce8f2712d02bb7cde78d7f9ea5a57a7770) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-2.7: Security fix CVE-2016-0772Armin Kuster2016-12-062-0/+43
| | | | | | | | | Affects python < 2.7.12 (From OE-Core rev: dd1a22f4beeb4100388efdc072e7cff2025535a7) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: fix CVE-2016-1238Mingli Yu2016-10-062-0/+353
| | | | | | | | | | | | | | | | Backport patch to fix CVE-2016-1238 from perl upstream: http://perl5.git.perl.org/perl.git/commitdiff/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab (From OE-Core rev: 7d06ffcbcd0c71dc6dc9efde02bf0cd8d7c7d7e3) (From OE-Core rev: 39ef8e22b52d3f5daa853aa7866145e9c5469d4b) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Fixed up to apply to 5.20.0 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: fix CVE-2015-8607Mingli Yu2016-10-062-0/+75
| | | | | | | | | | | | | | | | | Backport patch to fix CVE-2015-8607 from perl upstream: http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd (From OE-Core rev: e2289647ace9ef96e6a7e4aae201fd9149e56678) (From OE-Core rev: d0451b2ed92867a0a2c37baded45cff997739153) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> fixed up to apply to 5.22.0 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: fix CVE-2016-6185Mingli Yu2016-10-062-0/+129
| | | | | | | | | | | | | | | | | Backport patch to fix CVE-2016-6185 from perl upstream: http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 (From OE-Core rev: 81e550d0c23c9842b85207cdfa73bbe9102e01fb) (From OE-Core rev: 6c72a96e0492e71b6eb9ae72883f4087e75265f0) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> fixed up to apply against 5.22.0 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: fix CVE-2016-2381Kai Kang2016-10-062-0/+114
| | | | | | | | | | | | | | | | | | Backport patch to fix CVE-2016-2381 from perl upstream: http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 (From OE-Core rev: 07ca8a0131f43e9cc2f720e1cdbcb7ba7c074886) (From OE-Core rev: 30b33f5ad1d7a7c55620598427009bd27cfb3d42) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Fixed up to apply again 5.22.0 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Secuirty fix for CVE-2016-5403Armin Kuster2016-09-232-0/+68
| | | | | | | | | affects qemu < 2.7.0-rc0 (From OE-Core rev: 2f3f09dfbff21fb74e50e4e3ce90c252d32ebf61) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix for CVE-2016-4002Armin Kuster2016-09-232-0/+40
| | | | | | | | | affects qemu < 2.6.0 (From OE-Core rev: 6d7c10eae8b23a71eee6d59baab42d98d8fb7ff8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-6351Armin Kuster2016-09-233-0/+137
| | | | | | | | | affects qemu < 2.6.0 (From OE-Core rev: 5729eb105ff69cae0eac7a596cb0e938f6159526) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-4439Armin Kuster2016-09-232-0/+47
| | | | | | | | | affects qemu < 2.6.0 (From OE-Core rev: 628b9bfc91a6f73a5dfff7ade1819ea6a2db7cf0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security Fix CVE-2016-3712Armin Kuster2016-09-235-0/+323
| | | | | | | | | affects qemu < 2.6.0 (From OE-Core rev: 6f25d966c41df5315d253859d9ebf231963bf671) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security Fix CVE-2016-3710Armin Kuster2016-09-232-0/+113
| | | | | | | | | affects Qemu < 2.6.0 (From OE-Core rev: 8ce0ce8a229f8cb2b854e3b9619a9ad75d9b6fe4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: Security fix CVE-2016-2315 CVE-2016-2324Armin Kuster2016-09-236-0/+913
| | | | | | | | | git versions < 2.5.5 & 2.7.4 (From OE-Core rev: 64ff6226d0c927c05fc42fd9ca8b31bac129b16d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl-ptest.inc: fix tar call to prevent objcopy failureEnrico Jorns2016-07-271-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With tar version 1.29, the tar call used to copy the ptest files will not work anymore. While the call did not match the man page (but worked) before, anyway, the latest update of tar seems to have a more strict argument handling. With the current version of the tar call, the copying of files still works with latest tar version, but the excludes will not be handled properly anymore. This results in having binaries compiled with host GCC in the package. When doing the strip_and_split files in do_package() with the target objcopy, bitbake will fail with this error: ERROR: objcopy failed with exit code 256 (cmd was [...]) [...] File format not recognized Thus, the current argument issues and required changes are: * Options must be placed _before_ the pathnames. * --exclude must be followd by a '=' in order to work properly * 'f' options is for providing an archive file, which is unnecessary in this case Note that this could also be a candidate for backporting. (From OE-Core master rev: 2e498879098f7d84610aed7961d92433083d9a02) (From OE-Core rev: a27b907dd3ad20fc60b7732c19012793aaaba2df) Signed-off-by: Enrico Jorns <ejo@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: make sure header path is set correctlyAnuj Mittal2016-07-271-1/+0
| | | | | | | | | | | | | | | | | | | | We're setting the native header paths in do_configure_prepend, and don't need to set them again here. This results in gcc-target not being able to locate the headers and not being able to detect glibc version, which in turn results in SSP support not getting detected even though it's available in libc. (From OE-Core master rev: 85630aa894278e7818c867179dc19ca2fbd994fc) (From OE-Core rev: f28840de3912c805acde8d11188f0c48617678ab) Signed-off-by: Anuj Mittal <anujx.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdb: Backport patch to changes with AVX and MPXSaul Wold2016-05-222-0/+2157
| | | | | | | | | | | | | | | | | | The current MPX target descriptions assume that MPX is always combined with AVX, however that's not correct. We can have machines with MPX and without AVX; or machines with AVX and without MPX. This patch adds new target descriptions for machines that support both MPX and AVX, as duplicates of the existing MPX descriptions. The following commit will remove AVX from the MPX-only descriptions. This commit is backported from 7.12 (From OE-Core rev: 059d459d48bd42a282005698c4dc4a3ecbd2d88f) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Security Fix CVE-2016-4490Armin Kuster2016-05-172-0/+268
| | | | | | | (From OE-Core rev: 69b1e25a53255433262178b91ab3e328768ad725) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Security fix CVE-2016-2226Armin Kuster2016-05-172-0/+104
| | | | | | | (From OE-Core rev: 8fc7db068cf6e2a527e10e8333585a16ce628e22) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Security fix CVE-2016-4489Armin Kuster2016-05-172-0/+57
| | | | | | | (From OE-Core rev: 7bf396e7bdb3faaf900f99f72446f19df1cffe88) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Security fix CVE-2016-4488Armin Kuster2016-05-172-0/+71
| | | | | | | (From OE-Core rev: 07820907d25970f2c22497415aa6ff95fe43dc40) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdb: fix QA warning (uClibc)André Draszik2016-05-111-1/+1
| | | | | | | | | | | | WARNING: QA Issue: gdb rdepends on libiconv, but it isn't a build dependency? [build-deps] We already have virtual/libiconv which is set appropriately in all environments, so let's use it to fix the issue. (From OE-Core rev: 9ae38c3b24b387b02541142d40343d1dd0411c88) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: backport bug fix to the 2.25 branch for jethroTristan Van Berkom2016-05-112-0/+167
| | | | | | | | | | | We fail to build webkit on aarch64 due to this binutils bug: https://sourceware.org/bugzilla/show_bug.cgi?id=19353 Applying patch which fixes this, stripped out changelog entry from patch to make it apply without error. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg: backport fix for double remove of packgesStefan Agner2016-05-092-0/+113
| | | | | | | | | | | | | Backport the fix 7885da3974 ("pkg_get_provider_replacees: do not add installed pkg to replacee list"). This avoids opkg trying to remove a package twice e.g. when upgrading. Suggested-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> (From OE-Core rev: f26fc34bbe9cf9ae059d4fe646a84501b8924f75) Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: fix building nativesdk-python3Juro Bystricky2016-04-111-0/+1
| | | | | | | | | | | | | | | When the class nativesdk.bbclass is inherited, it redefines TARGET_CC_ARCH, in the case of python3, this enables debug, causing an error while linking. Since we don't enable debug during configure some functions are not declared. This patch makes sure we keep debug disabled, fixing the linking errors. [YOCTO #9357] (From OE-Core rev: 2dd22dff121b3effe40abe4370de89231785a823) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cdrtools: update SRC_URIRoss Burton2016-04-111-1/+1
| | | | | | | | | | Upstream released their 3.01 so the alpha releases we were downloading have moved. Update the SRC_URI so it continues to download. (From OE-Core rev: 2ba9f90e86d25aa0b9319093478ea2218e1423e4) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-cross-canadian.inc: add INSANE_SKIP_ to avoid build warningLi Xin2016-04-111-0/+2
| | | | | | | | | | | | | WARNING: QA Issue: gcc-cross-canadian-i586-dbg: found library in wrong location: /PATH/sysroots/x86_64-oesdk-linux/usr/libexec/i586-oe-linux/gcc/ i586-oe-linux/5.2.0/.debug/libcc1.so.0.0.0 This warning is introduced by commit f6e47aa(gcc-target 5.1: fix for libcc1) (From OE-Core rev: 62c51c4178fb66341498c71c74ce42652568c7fa) Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ruby-native: Depend on openssl-nativeKhem Raj2016-04-111-1/+1
| | | | | | | | | | | | | | | | | | | | | This dependency is floating otherwise, It races against openssl-native and when openssl config does not match with openssl on build host the build fails occasionally x86_64-linux/usr/include/openssl/ripemd.h:70:4: error: #error RIPEMD is disabled. # error RIPEMD is disabled. Change-Id: I5ff6d8f058ff99c64ad4dc7c0377724071003ae6 (From OE-Core master rev: d0c8d98077622a700d92384f676770cb4d6d4f46) (From OE-Core rev: 0e3888cc455139bc5ca6080b1d2bc897f42ef7ad) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* make 4.1: fix segfault when ttyname failsChang Rebecca Swee Fun2016-03-152-0/+65
| | | | | | | | | | | | | | | | | | | | | | | GNU make segfaults when run in a chroot environment because of a known bug in GNU make 4.1. See [1] for details. Works if /dev/pts is mounted before chroot. [1] http://savannah.gnu.org/bugs/?43434 [YOCTO #9067] Reported-by: Alexander Larsson <alexl@redhat.com> (From OE-Core master rev: 0fe2a4b428b1b9a937914d87ec089b5a64f641eb) (From OE-Core rev: 1def72ab689bbf0d2974ab771febf241befa2495) Signed-off-by: Anuj Mittal <anujx.mittal@intel.com> Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-2198Armin Kuster2016-02-212-0/+46
| | | | | | | | | CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write (From OE-Core rev: 646a8cfa5398a22062541ba9c98539180ba85d58) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-2197Armin Kuster2016-02-212-0/+60
| | | | | | | | | CVE-2016-2197 Qemu: ide: ahci null pointer dereference when using FIS CLB engines (From OE-Core rev: ca7cbcf22558349f0b43ed7dc84ad38d7c178c55) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e2fsprogs: Ensure we use the right mke2fs.conf when restoring from sstateRichard Purdie2016-02-051-0/+15
| | | | | | | | | | | | | | | | | If we don't do this, we can use an mke2fs.conf from a different path which may contain incompatible flags and lead to obtuse build failures such as: Invalid filesystem option set: has_journal,extent,huge_file,flex_bg,metadata_csum,64bit,dir_nlink,extra_isize To fix this, wrap the mke2fs binary and its hardlinks and point at the correct configuration file. In particular this fixes conflicts between master and jethro builds affecting the main autobuilder. (From OE-Core rev: 0ef6277463517fb0e52b4bd65ca5f6ab42315773) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: Security fix CVE-2015-7545Armin Kuster2016-02-046-0/+897
| | | | | | | | | CVE-2015-7545 git: arbitrary code execution via crafted URLs (From OE-Core rev: 1e0780427bad448c5b3644134b581ecf1d53af84) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dpkg: Security fix CVE-2015-0860Armin Kuster2016-02-042-0/+53
| | | | | | | | | CVE-2015-0860 dpkg: stack overflows and out of bounds read (From OE-Core rev: 5aaec01acc9e5a19374a566307a425d43c887f4b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2015-7295Armin Kuster2016-01-304-0/+176
| | | | | | | | | CVE-2015-7295 Qemu: net: virtio-net possible remote DoS (From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-1568Armin Kuster2016-01-302-0/+47
| | | | | | | | | CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands (From OE-Core rev: 166c19df8be28da255cc68032e2d11afc59d4197) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2015-8345Armin Kuster2016-01-302-0/+74
| | | | | | | | | CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list (From OE-Core rev: 99ffcd66895e4ba064542a1797057e45ec4d3220) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2015-7512Armin Kuster2016-01-302-0/+45
| | | | | | | | | CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mod (From OE-Core rev: e6e9be51f77c9531f49cebe0ca6b495c23cf022d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2015-7504Armin Kuster2016-01-302-0/+57
| | | | | | | | | CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode (From OE-Core rev: b01b569d7d7e651a35fa38750462f13aeb64a2f3) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2015-8504Armin Kuster2016-01-302-0/+52
| | | | | | | | | CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception (From OE-Core rev: c622bdd7133d31d7fbefe87fb38187f0aea4b592) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpmresolve.c: Fix unfreed pointers that keep DB openedMariano Lopez2016-01-301-4/+6
| | | | | | | | | | | | | | | | | | | | | There are some unfreed rpmmi pointers in printDepList() function; this happens when the package have null as the requirement. This patch fixes these unfreed pointers and add small changes to keep consistency with some variables. [YOCTO #8028] (From OE-Core master rev: da7aa183f94adc1d0fff5bb81e827c584f9938ec) (From OE-Core rev: 409f19280983b8100a27a773cefbff187cca737a) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc: Update default Power GCC settings to use secure-pltMark Hatle2016-01-123-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The gcc default, bss-plt, will cause errors when using the prelinker. All other distributions that I am aware of are using the the secure-plt. For an explanation of the differences, the gcc docs: Current PowerPC GCC accepts a `-msecure-plt' option that generates code capable of using a newer PLT and GOT layout that has the security advantage of no executable section ever needing to be writable and no writable section ever being executable. PowerPC ld will generate this layout, including stubs to access the PLT, if all input files (including startup and static libraries) were compiled with `-msecure-plt'. `--bss-plt' forces the old BSS PLT (and GOT layout) which can give slightly better performance. The security of the new PLT and ability to run the prelinker outweigh any performance penalty. The secure-plt is enabled by default. The old bss-plt can be enabled by selecting 'bssplt' in the DISTRO_FEATURES. (From OE-Core master rev: 70c55aada1101a5c687cdaa79f370fa4530b39d9) (From OE-Core rev: 44adc575be5d9b9ad0d87e143467aeeadde2fe89) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* prelink: Fix various prelink issues on IA32, ARM, and MIPS.Mark Hatle2016-01-121-2/+2
| | | | | | | | | | | | | | | | | | | | Fix the following issues: IA32 / ARM - Resync to glibc-2.22, fix a mismatch w/ glibc's ld.so MIPS - Ignore the new SHT_MIPS_ABIFLAGS ARM - Fix missing ARM IFUNC support chunk Also upstream prelink project no longer has a 'trunk' directory. (From OE-Core master rev: c725328f2ab5c9b220c552ed37c0d24b098a218d) (From OE-Core rev: de7f25e9d67b150db4780bb82ef9481982e81312) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* guile, mailx, gcc, opensp, gstreamer1.0-libav, libunwind: disable thumb ↵Martin Jansa2016-01-123-3/+10
| | | | | | | | | where it fails for qemuarm (From OE-Core rev: 0d1ea096cde4a145b0bb6efaa8fac03de74848d1) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix CVE-2015-3187Wenzong Fan2015-12-082-0/+347
| | | | | | | | | | | | | | | | | | | | The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) (From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix CVE-2015-3184Wenzong Fan2015-12-082-0/+2095
| | | | | | | | | | | | | | | | | | | | mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) (From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Fix octeon3 disassembly patchMark Hatle2015-12-081-1/+1
| | | | | | | | | | | | | | | The structure has apparently changed, and there was a missing setting. This corrects a segfault when disassembling code. (From OE-Core master rev: 2e8f1ffe3a8d7740b0ac68eefbba3fe28f7ba6d4) (From OE-Core rev: 6a6f5446303a9b0b858d153137244a5a101520ce) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg: add cache filename length fixesAlejandro del Castillo2015-12-085-0/+431
| | | | | | | | | | | | (From OE-Core master rev: 8e53500a7c05204fc63759f456639545a022e82b) (From OE-Core rev: 71ad09cfe9c43a113295c95a0fb0899d44f2bb7e) Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: Correct path for vendorlib, vendorarch, sitelib and sitearchJens Rehsack2015-10-292-8/+10
| | | | | | | | | | | | | | | This patch corrects the path specifications when building perl for vendorlib, vendorarch, sitelib and sitearch to allow newer dual-life module being installed on host to satisfy configure and build requirements of some CPAN distributions. Additionally, fix search path order in perl wrappers. (From OE-Core rev: ca5d96b1cf406897728f6f6bae6e0ab4e35a469a) Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>