summaryrefslogtreecommitdiffstats
path: root/meta/recipes-devtools
Commit message (Collapse)AuthorAgeFilesLines
* apt: update SRC_URIChangqing Li2018-11-161-1/+1
| | | | | | | | | | | | | | update SRC_URI since previous link is not valid now (From OE-Core rev: 0b5972c8189dade0e77df175651b8d8707647bb1) (From OE-Core rev: c7ec464643682215edab491fada150544b717b4d) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nasm: fix CVE-2018-1000667Hongxu Jia2018-11-162-0/+38
| | | | | | | | | | | | | | Since the latest nasm is 2.14rc16 (not formal release), so backport a patch to 2.13 to fix CVE-2018-1000667. (From OE-Core rev: 024b395425c95a08c881d922c310be78ffad483a) (From OE-Core rev: 4de7f29b8a0a57e14029a630fa7cfd0ef9583a9e) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* m4: Workaround gnulib's fseeko.c implementationKhem Raj2018-11-162-0/+130
| | | | | | | | | | | | | | exposed by glibc 2.28 for details see https://lists.gnu.org/r/bug-gnulib/2018-03/msg00000.html (From OE-Core rev: acca7f964bf9c21f3777085563a7928b8246f17f) (From OE-Core rev: 4cbfd526eebb2ff0a15042094e972e132deb985e) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: backport patch to fix CVE-2018-14647Chen Qi2018-11-162-0/+99
| | | | | | | | | | | | | | | Backport patch to fix the following CVE. CVE: CVE-2018-14647 (From OE-Core rev: 68e51756f67499081c3c53cff6c5c1efdf4b60f0) (From OE-Core rev: c566c8d6525a263a48035d4de5249780ab08e521) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: backport patch to fix CVE-2018-1000802Chen Qi2018-11-162-0/+70
| | | | | | | | | | | | | | | Backport a patch to fix the following CVE. CVE: CVE-2018-1000802 (From OE-Core rev: c0343f1035af98cb451eea0de94c16fe89ffdf48) (From OE-Core rev: 64d0cfb0f2291434f3ceacff99015f6a35942868) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: don't use runtime checks to identify float endianismRoss Burton2018-11-162-0/+217
| | | | | | | | | | | | | | | | | | | | | Python uses AC_RUN_IFELSE to determine the byte order for floats and doubles, and falls back onto "I don't know" if it can't run code. This results in crippled floating point numbers in Python, and the regression tests fail. Instead of running code, take a macro from autoconf-archive which compiles C with a special double in which has an ASCII representation, and then greps the binary to identify the format. This is essentially a backport of the Python 3 patch in oe-core 1781b87. (From OE-Core rev: 94cea72a23a374eb616d5642977b45172537beac) (From OE-Core rev: ceae3eb0d8a0ee69182cf4f4cfa5a6a3814df1f8) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: clean up ptestRoss Burton2018-11-163-60/+3
| | | | | | | | | | | | | | | | | | As the manifest handling is done differently now, just inherit ptest with the other inherits. test_shutil needs unzip so add to RDEPENDS. Instead of using a patched Makefile, call test.regrtest directly. (From OE-Core rev: 84f34ad223b1e3f36cab2ac12246eb90efc919bc) (From OE-Core rev: c4647674da480c5925178cd821ce2d485c7467b7) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: update to version 2.7.15Derek Straka2018-11-166-495/+4
| | | | | | | | | | | | | | | | | | | Update to the latest stable version License-Update: Copyright year updated to include 2018 Remove the alignment patch that is included upstream (From OE-Core rev: 855020053906478cea164ed254c08bedce48479d) (From OE-Core rev: ab2dd15f72a94cce528276e6e3e38c56677e7ba4) Signed-off-by: Derek Straka <derek@asterius.io> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix update only, drop patches included in update] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* valgrind: fix compile ptest failure on mips32Hongxu Jia2018-11-163-1/+131
| | | | | | | | | | | | | | | | | | - Pass mips32's CFLAGS to tests - Fix broken inline asm in tests on mips32-linux - Build mips n32 successfully, support it. (From OE-Core rev: 23d9eba99d1180a0b859aadc23a10b391b8f6440) (From OE-Core rev: 74308b2ca81bb7a3d294ce344ba6e8fdf7ebca5d) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* valgrind: fix ptest compilation for PowerPC64Jagadeesh Krishnanjanappa2018-11-161-0/+78
| | | | | | | | | | | | | | | | | | | | | | | The fix is similar to what was done for PowerPC32. It solves below error, while compiling for PowerPC64, -- snip -- | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c: In function 'usage': | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:3: warning: implicit declaration of function 'fprintf' [-Wimplicit-function-declaration] | fprintf(stderr, | ^~~~~~~ | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:3: warning: incompatible implicit declaration of built-in function 'fprintf' | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:3: note: include '<stdio.h>' or provide a declaration of 'fprintf' | ../../../../valgrind-3.13.0/none/tests/ppc64/test_isa_2_06_part2.c:1778:11: error: 'stderr' undeclared (first use in this function) | fprintf(stderr, | ^~~~~~ -- snip -- (From OE-Core rev: 9f82bb4bf3d0ded246eb252b3f9b4b618b22fc95) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: skip tests that are not usefulAnuj Mittal2018-11-164-88/+128
| | | | | | | | | | | | | | | | | | | | | Some tests, like the one that compares the hashes for a list of files against those stored in a .dat file, don't make sense for downstream distros packaging perl. Backport a patch from upstream that allows skipping of these tests at runtime. Also remove the local patch trying to keep hashes up-to-date for one of those tests. Fixes [YOCTO #12787] (From OE-Core rev: 557f4618b75b8739a647e46054ab587ae2bbdc25) (From OE-Core rev: 7157e7804b21a84ecbd809b6e171106d7ddc86a6) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nasm: fix CVE-2018-10016Hongxu Jia2018-10-182-0/+41
| | | | | | | | | | | | | | | | | | Previously fix of CVE-2018-10016 caused ovmf build failure, I reported the failure to upstream and it replied with this V2 fix. Details at: https://bugzilla.nasm.us/show_bug.cgi?id=3392473 (From OE-Core rev: e2fa6bc137faebba3c440cac93c88092421e8e82) (From OE-Core rev: 19138a21aabe60b67015e3383f4030db0d4d37a4) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: CVE-2018-11233Sinan Kaya2018-10-182-1/+46
| | | | | | | | | | | | | | | | * CVE-2018-11233 Code to sanity-check pathnames on NTFS can result in reading out-of-bounds memory. Affects < 2.17.1 CVE: CVE-2018-11233 Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1583888 (From OE-Core rev: d145f605c274386baf0dde023f15cddf37523f3b) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3: CVE-2018-1061Sinan Kaya2018-10-182-0/+166
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * CVE-2018-1060 Prevent low-grade poplib REDOS: The regex to test a mail server's timestamp is susceptible to catastrophic backtracking on long evil responses from the server. Happily, the maximum length of malicious inputs is 2K thanks to a limit introduced in the fix for CVE-2013-1752. * CVE-2018-1061 Prevent difflib REDOS The default regex for IS_LINE_JUNK is susceptible to catastrophic backtracking. This is a potential DOS vector. Replace it with an equivalent non-vulnerable regex. Affects < 3.5.6rc1 CVE: CVE-2018-1060 CVE: CVE-2018-1061 Ref: https://access.redhat.com/security/cve/cve-2018-1060 Ref: https://access.redhat.com/security/cve/cve-2018-1061 (From OE-Core rev: 1461bcc72e6649920ecf4226e006e5667c48a21c) Signed-off-by: Sinan Kaya <okaya@kernel.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cmake: put cmake.m4 and toolchain file in PNRoss Burton2018-10-101-1/+2
| | | | | | | | | | | | | | | | | | | | | Previously cmake-dev held some files which should be in cmake. - cmake.m4 should be in installed in cmake so it can be used out of the box - nativesdk-specific OEToolchainConfig.cmake file used to be in cmake, but the change of default packaging rules move it into cmake-dev. This recipe is the exception and it should be moved back. Add the extra paths to cmake, and clear FILES for cmake-dev to ensure nothing else slips in. (From OE-Core rev: a6ce79b87d3db57033a3d1710cb3292366a0a8f7) (From OE-Core rev: 5f985f02a932ebce238a6b1c644d2e3179226aab) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Change the ARM assembler's ADR and ADRl pseudo-ops so that they ↵Armin Kuster2018-09-272-0/+177
| | | | | | | | | | | | | will only set the bottom bit of imported thumb function symbols if the -mthumb-interwork option is active. [Yocto 12865] < 2.30 (From OE-Core rev: a1c0135e96bca684db0e3a7c6209c0cb2054f306) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* squashfs-tools: patch for CVE-2015-4645(4646)Changqing Li2018-09-272-0/+48
| | | | | | | | | | | (From OE-Core rev: 8aa8bc77ef311b1c9dffcd2e2c0da610697b89fd) (From OE-Core rev: cf3b59c3466d45ce4451dc8d775350e4762fe6d1) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* swig: Remove superfluous python dependencyJoshua Watt2018-08-291-1/+1
| | | | | | | | | | | | | | The actual dependency on native Python and is handled by inheriting python3native (From OE-Core rev: 115a6dea664c9b18fd19b79659029afb52b1a660) (From OE-Core rev: 82b018956763bf85b90d512c8a6bc96d59fa67fd) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* patch: fix CVE-2018-6952Hongxu Jia2018-08-292-0/+37
| | | | | | | | | | | (From OE-Core rev: 1314a6953aa647706107557faaba8574e307d2bd) (From OE-Core rev: 100d7f19b7075b54dcc60f07ef8159e0e4f5be8c) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: CVE-2018-12015Jagadeesh Krishnanjanappa2018-08-292-0/+49
| | | | | | | | | | | | | | | | | | Remove existing files before overwriting them Archive should extract only the latest same-named entry. Extracted regular file should not be writtent into existing block device (or any other one). https://rt.cpan.org/Ticket/Display.html?id=125523 Affects perl <= 5.26.2 (From OE-Core rev: ca005cd857f8e79b135c43526d5b792478a07eb3) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: CVE-2018-6913Jagadeesh Krishnanjanappa2018-08-292-0/+154
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (perl #131844) fix various space calculation issues in pp_pack.c - for the originally reported case, if the start/cur pointer is in the top 75% of the address space the add (cur) + glen addition would overflow, resulting in the condition failing incorrectly. - the addition of the existing space used to the space needed could overflow, resulting in too small an allocation and a buffer overflow. - the scaling for UTF8 could overflow. - the multiply to calculate the space needed for many items could overflow. For the first case, do a space calculation without making new pointers. For the other cases, detect the overflow and croak if there's an overflow. Originally this used Size_t_MAX as the maximum size of a memory allocation, but for -DDEBUGGING builds realloc() throws a panic for allocations over half the address space in size, changing the error reported for the allocation. For non-DEBUGGING builds the Size_t_MAX limit has the small chance of finding a system that has 3GB of contiguous space available, and allocating that space, which could be a denial of servce in some cases. Unfortunately changing the limit to half the address space means that the exact case with the original issue can no longer occur, so the test is no longer testing against the address + length issue that caused the original problem, since the allocation is failing earlier. One option would be to change the test so the size request by pack is just under 2GB, but this has a higher (but still low) probability that the system has the address space available, and will actually try to allocate the memory, so let's not do that. Note: changed plan tests => 14713; to plan tests => 14712; in a/t/op/pack.t to apply this patch on perl 5.24.1. Affects perl < 5.26.2 (From OE-Core rev: 0542779d2f1a8977a732800a8998fd88971c0c1d) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: CVE-2018-6797Jagadeesh Krishnanjanappa2018-08-292-0/+46
| | | | | | | | | | | | | | | (perl #132227) restart a node if we change to uni rules within the node and encounter... This could lead to a buffer overflow. (cherry picked from commit a02c70e35d1313a5f4e245e8f863c810e991172d) Affects perl >= 5.18 && perl <= 5.26 (From OE-Core rev: 109ffd1b3d10753bfd711a14ad59b194ca3ce831) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: CVE-2018-6798Jagadeesh Krishnanjanappa2018-08-293-0/+169
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | * CVE-2018-6798-1 The proximal cause is several instances in regexec.c of the code assuming that the input was valid UTF-8, whereas the input was too short for what the start byte claimed it would be. I grepped through the core for any other similar uses, and did not find any. (cherry picked from commit fe7d8ba0a1bf567af8fa8fea128e2b9f4c553e84) * CVE-2018-6798-2 The first patch for 132063 prevented the buffer read overflow when dumping the warning but didn't fix the underlying problem. The next change treats the supplied buffer correctly, preventing the non-UTF-8 SV from being treated as UTF-8, preventing the warning. (cherry picked from commit 1e8b61488f195e1396aa801c685340b156104f4f) Affects perl >= 5.22 && perl <= 5.26 (From OE-Core rev: 4aaf09b9d657b1c2df85bf509008beacd6a00342) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: CVE-2018-12617Jagadeesh Krishnanjanappa2018-08-292-0/+54
| | | | | | | | | | | | | | | | | qga: check bytes count read by guest-file-read While reading file content via 'guest-file-read' command, 'qmp_guest_file_read' routine allocates buffer of count+1 bytes. It could overflow for large values of 'count'. Add check to avoid it. Affects qemu < v3.0.0 (From OE-Core rev: a11c8ee86007f7f7a34b9dc29d01acc323b71873) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: CVE-2018-7550Jagadeesh Krishnanjanappa2018-08-292-0/+63
| | | | | | | | | | | | | | | | | | multiboot: bss_end_addr can be zero The multiboot spec (https://www.gnu.org/software/grub/manual/multiboot/), section 3.1.3, allows for bss_end_addr to be zero. A zero bss_end_addr signifies there is no .bss section. Affects qemu < v2.12.0 (From OE-Core rev: 9f1d026168956e7bf45135577c123f7679a6ebba) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: CVE-2018-1000030Jagadeesh Krishnanjanappa2018-08-293-1/+447
| | | | | | | | | | | | | | | | | | | | | | | | | | | | * CVE-2018-1000030-1 [2.7] bpo-31530: Stop crashes when iterating over a file on multiple threads * CVE-2018-1000030-2 Multiple threads iterating over a file can corrupt the file's internal readahead buffer resulting in crashes. To fix this, cache buffer state thread-locally for the duration of a file_iternext call and only update the file's internal state after reading completes. No attempt is made to define or provide "reasonable" semantics for iterating over a file on multiple threads. (Non-crashing) races are still present. Duplicated, corrupt, and missing data will happen. This was originally fixed by 6401e56, which raised an exception from seek() and next() when concurrent operations were detected. Alas, this simpler solution breaks legitimate use cases such as capturing the standard streams when multiple threads are logging. Affects python <= 2.7.14 (From OE-Core rev: 4b6c84e0f950f839bfb8c40f197197f838d8b733) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: CVE-2018-11235Jagadeesh Krishnanjanappa2018-08-292-1/+290
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | submodule-config: verify submodule names as paths Submodule "names" come from the untrusted .gitmodules file, but we blindly append them to $GIT_DIR/modules to create our on-disk repo paths. This means you can do bad things by putting "../" into the name (among other things). Let's sanity-check these names to avoid building a path that can be exploited. There are two main decisions: 1. What should the allowed syntax be? It's tempting to reuse verify_path(), since submodule names typically come from in-repo paths. But there are two reasons not to: a. It's technically more strict than what we need, as we really care only about breaking out of the $GIT_DIR/modules/ hierarchy. E.g., having a submodule named "foo/.git" isn't actually dangerous, and it's possible that somebody has manually given such a funny name. b. Since we'll eventually use this checking logic in fsck to prevent downstream repositories, it should be consistent across platforms. Because verify_path() relies on is_dir_sep(), it wouldn't block "foo\..\bar" on a non-Windows machine. 2. Where should we enforce it? These days most of the .gitmodules reads go through submodule-config.c, so I've put it there in the reading step. That should cover all of the C code. We also construct the name for "git submodule add" inside the git-submodule.sh script. This is probably not a big deal for security since the name is coming from the user anyway, but it would be polite to remind them if the name they pick is invalid (and we need to expose the name-checker to the shell anyway for our test scripts). This patch issues a warning when reading .gitmodules and just ignores the related config entry completely. This will generally end up producing a sensible error, as it works the same as a .gitmodules file which is missing a submodule entry (so "submodule update" will barf, but "git clone --recurse-submodules" will print an error but not abort the clone. There is one minor oddity, which is that we print the warning once per malformed config key (since that's how the config subsystem gives us the entries). So in the new test, for example, the user would see three warnings. That's OK, since the intent is that this case should never come up outside of malicious repositories (and then it might even benefit the user to see the message multiple times). Credit for finding this vulnerability and the proof of concept from which the test script was adapted goes to Etienne Stalmans. Affects: git < 2.13.7 and git < 2.14.4 and git < 2.15.2 and git < 2.16.4 and git < 2.17.1 (From OE-Core rev: 229bb7cd70c79944d54696d50f4f34df85a5804a) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nasm: fix CVE-2018-8883 & CVE-2018-8882 & CVE-2018-10316Hongxu Jia2018-08-294-0/+148
| | | | | | | | | | | (From OE-Core rev: 10a52e436d2f9a40c04271bc8aeb04c75fb11383) (From OE-Core rev: 058bdd077da005d412fbbcd98d70fbd80fa80555) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-10534Armin Kuster2018-08-062-0/+3430
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: d18dfef01fb7d37029e5a612f79201adf7ff5921) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-10535Armin Kuster2018-08-062-0/+62
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: 1ff22881249591d64fe61353a4d97ab91dc8efa0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-10372Armin Kuster2018-08-062-0/+59
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: 832316491aab8b90719cefeba2bfd94cef04b80f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-10373Armin Kuster2018-08-062-0/+46
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: 3c83b9be884015e238249c0382299aedf4d81459) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-7568Armin Kuster2018-08-062-0/+86
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: 9dee4cec26322604e71ca5db4b17b1088a98971b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-7569Armin Kuster2018-08-062-0/+120
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: f79f5162088ceb29cf4820d2c3ef2aff263d7967) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-7208Armin Kuster2018-08-062-0/+48
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: a994ef27a997bce0dd18f8e507b8d795b8111aeb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-7642Armin Kuster2018-08-062-0/+52
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: 8c58ec80990a2c6b8b5e0832b3d5fe2c3f4378ff) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-6759Armin Kuster2018-08-062-0/+109
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: 8f9b8ee0e7ad6526a3f93a8f0ca8e9fe055fdff6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-6872Armin Kuster2018-08-062-0/+51
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: 9626b58123eb50cb830443b3f514988f5417cc6c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutls: Security fix CVE-2018-7643Armin Kuster2018-08-062-0/+103
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: 70308a1133a3bd0e9d297bd66be4e05722484e7a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Security fix CVE-2018-8945Armin Kuster2018-08-062-0/+71
| | | | | | | | | Affects <= 2.30 (From OE-Core rev: d128790b8593ee0cccd5e3c935ff28fb27644a8c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python2: Fix build with gcc8Ross Burton2018-08-043-0/+45
| | | | | | | | | | | | | | (From OE-Core rev: 910f68c9c8dc26e12d28ef29e956af63d100f121) (From OE-Core rev: 04c2d53ef48a09747d0577d9ec1ffa548d247615) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Martin Hundebøll <martin@geanix.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-7.3: Backport fixes for std::pair high memory usageJoel Stanley2018-08-012-0/+59
| | | | | | | | | | | | | | | | | | C++ applications that contain a specfic use of std::pair with tempates cause the build to require many gigabytes of RAM to build. This is a fix that was applied to the upstream GCC 7 branch. Change-Id: I213f96d1d6332e2dce5765482ff3413f1abd7ff8 (From OE-Core rev: 51a09ba2729a840a9f2f87b68c7f50a3e6ac0d04) (From OE-Core rev: dc6d466edde2ebe26e2ece5601429baabff38bbb) Signed-off-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-7.3: Fix build on ppc64le hostsJoel Stanley2018-08-012-0/+38
| | | | | | | | | | | | | | | | | | | | When building on ppc64le hosts that have GCC 8 (such as Ubuntu 18.10) the GCC build bootstrap fails. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86162 This is a fix that was applied to the upstream GCC 7 branch. Change-Id: I7796d2a999ec420805dd1c6cf0a1ecba1de5a897 (From OE-Core rev: c17f5e7e954487ad3e97e26c3e0d31443d658d5a) (From OE-Core rev: 7d1ab4088f67f267b0c5a8ce9913feeedc3a7d7d) Signed-off-by: Joel Stanley <joel@jms.id.au> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: Avoid leaking temporary scriplet filesOlof Johansson2018-07-191-5/+30
| | | | | | | | | | | | | | | | | | | | | | | RPM writes each package scriptlet (post-/preinstall) to /var/tmp/rpm-tmp.XXXXXX --- a lot of files potentially gets created. When debugging is enabled, these temporary scriptlet files aren't cleaned up at all and after a while this results in the filesystem resources are eaten up (like running out of available inodes). Normally, the temporary files would have been written to the tmp directory of the target sysroot (which we can easily clean up), but in this tree, you can't necessarily run the scriptlets. Fixes [YOCTO #12792] (From OE-Core rev: ffb0ece83e74797f4c3da3866bb3d691c388a5e5) (From OE-Core rev: f0e1683d53e3b7436c04d665a181cdf5909e987c) Signed-off-by: Olof Johansson <olofjn@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: Update 1.10.2 -> 1.10.3Otavio Salvador2018-07-191-3/+3
| | | | | | | | | | | | | | | go1.10.3 (released 2018/06/05) includes fixes to the go command, and the crypto/tls, crypto/x509, and strings packages. In particular, it adds minimal support to the go command for the vgo transition. (From OE-Core rev: 37f288d783257cb9e6c035aaab1b661b1016b4c3) (From OE-Core rev: aef0052ba416e24e503f5c984f254d023c32d5b3) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* go: Update 1.9.6 -> 1.9.7Otavio Salvador2018-07-191-3/+3
| | | | | | | | | | | | | | | go1.9.7 (released 2018/06/05) includes fixes to the go command, and the crypto/x509, and strings packages. In particular, it adds minimal support to the go command for the vgo transition. (From OE-Core rev: 98d3ec92e8953304db51c73aff7a4e81b97f668c) (From OE-Core rev: 8c90d5c8ecc146d37de5d7f1076a963c18f04f4c) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* chrpath: Alioth is dead, use DEBIAN_MIRRORRoss Burton2018-07-191-3/+1
| | | | | | | | | | | | | | The previous host of chrpath, Alioth, is dead. chrpath hasn't yet moved to Salsa, so download the tarball from the Debian mirrors. (From OE-Core rev: a8a2c5ec891286a1e7fd5ebdd33565f9ae3965c2) (From OE-Core rev: 53d9da66dcb684cd2d1c703a4887c30ce7bf14d7) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Qemu: CVE-2018-11806 slirp-heap-buffer-overflowJeremy Puhlman2018-07-022-0/+70
| | | | | | | | | (From OE-Core rev: d3d0798086177c463142e33f1493be6e34536c64) Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com> [Fixed up for Sumo context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: refresh patches with devtool and make them applicable with gitMartin Jansa2018-07-0217-145/+173
| | | | | | | | | | | | (From OE-Core rev: e8fb42f3a54e8b8d68ae216a48534fa745ea99f1) (From OE-Core rev: 0c0f1849ea0e40296117510b4d87a2505fe18e16) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nativesdk-python*: suppress user site dirsMartin Kelly2018-07-023-3/+3
| | | | | | | | | | | | | | | | | | | Currently, $HOME/.local is being added into sys.path in the Python SDK causing subtle host contamination. Suppress this by exporting PYTHONNOUSERSITE = "1" as documented in PEP 370. This issue occurred in the past for python*-native and was fixed similarly in OE-core commit 8fe9fb4d5a61dcbcb3fc5b9ee0234cc135af873f ("python*native.bbclass: suppress user site dirs"). (From OE-Core rev: 0dc36439cb9fe1cea50bed59da6302f78372a30b) (From OE-Core rev: 376827d359a3769ee6477eac6e6b349a2050a867) Signed-off-by: Martin Kelly <mkelly@xevo.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>