summaryrefslogtreecommitdiffstats
path: root/meta/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
* libunwind: Fix PACKAGECONFIG option typoRichard Purdie2018-01-291-1/+1
| | | | | | | | | (From OE-Core rev: c3035922f2376f90ff282b085368f6d44bd7c020) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c777a6d0ea9505aa57c1c5785af388c23c5e7731) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lz4: remove ptest changesRoss Burton2018-01-251-9/+1
| | | | | | | | | | | | | This recipe installs the test suite by copying the entire build tree into /usr/share/ptest, which is both wasteful and breaks packaging as lz4-ptest then gets renamed by debian.bbclass to liblz4. (From OE-Core rev: 68a3f33027b9ee5ed53a47dd839fc407dcbbaee9) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lz4: fix upstream version checkAlexander Kanavin2018-01-251-0/+1
| | | | | | | | (From OE-Core rev: a3eb3280cc0f33491cdc478086e4cfcd5ecc52d6) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libunwind: Disable documentation explicitlyRichard Purdie2018-01-141-0/+1
| | | | | | | | | | We don't have latex2man in HOSTTOOLs so documentaion is never built but this dependency does cause problems on older releases like morty, pre-HOSTTOOLS. Document the configuration explicitly in master. (From OE-Core rev: d91a064ddd0771aebb8d61016231e4b41ef7ddde) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: fix build with x32 and muslAnuj Mittal2018-01-061-1/+1
| | | | | | | | | | | | | | | | Make sure that boost picks up correct address model value for x32 even when musl is enabled. Fixes [YOCTO #12119] Suggested-by: Ovidiu Panait <ovidiu.panait@windriver.com> (From OE-Core rev: 44257253e6b98c74c539edd2dee7fed3f856fa44) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1879bd13f09c8180f737ddaccd2025e22c7f0c46) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bmap-tools: fix RDEPENDS and update SRC_URITim Orling2018-01-061-2/+2
| | | | | | | | | | | | | | | | | * RDEPENDS are now all the python3 versions * Upstream SRC_URI has moved to github.com/intel/bmap-tools * Missing RDEPENDS on python3-setuptools added - Provides import for pkg_resources Fixes [YOCTO #12148] (From OE-Core rev: 6cc7da6477c6995e936f241b0f6f6ec147814538) Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3d63452d8d8d8dc61cd26b7759b5c0d235d70451) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: use HTTP instead of FTP in SRC_URIRoss Burton2018-01-061-1/+1
| | | | | | | | | | | | | FTP isn't as reliable as HTTP. [ YOCTO #12398 ] (From OE-Core rev: e2573aeeadcd8b34098963ead5667bcdf0517f5e) Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 52263f5f6caeaf215ab96d58218fb5f9a2ed4264) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: pay attention to CFLAGSJoe Slater2017-12-041-1/+6
| | | | | | | | | | | | nss ignores CFLAGS so we suggest them via CC. (From OE-Core rev: 7484c62f88311dbc1e9ade524af31d04e6035bf4) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 95b65eefe7eb001752a37d1015bbf9be63bfd6bb) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* icu: CVE-2017-14952Ovidiu Panait2017-12-042-0/+29
| | | | | | | | | | | | | | | | | | | | | Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14952 Upstream patches: http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp (From OE-Core rev: 16006869e30395dd758a1797e324567ec4f8e074) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: Add /etc to SYSROOT_DIRSPatrick Vacek2017-12-041-0/+1
| | | | | | | | | | | | | For recipes that depend on native ca-certificates.crt, /etc should be added to the list of directories that automatically populate the sysroot, otherwise the file may not be there. (From OE-Core rev: 704e0392809b8a062433f6a4e5c5980c34b47dce) Signed-off-by: Patrick Vacek <patrick@advancedtelematic.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl_7.54.1.bb: improve reproducibilityJuro Bystricky2017-12-042-1/+41
| | | | | | | | | | | | | | Improve reproducible build of curl-dev and curl-dbg packages. curl-dev: Correctly remove build host references from curl-config curl-dbg: Do not generate time stamps in files generated by mkhelp.pl (From OE-Core rev: 4b5bfbf0f474d2657c1ed54a2ff00502d5f419d9) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* db: change types to avoid headers changing between architecturesRoss Burton2017-12-042-3/+61
| | | | | | | | | | | | | | | | | | | | | Triggered by looking at why Python doesn't find db.h (because it greps db.h for a regex, and db.h is actually a oe_multilib_header wrapper) I realised that the only reason we have to oe_multilib_header db.h is because one typedef is different between 32-bit and 64-bit architectures. However, the typedef is for a 64-bit integer so instead of using long (64-bit) or long long (32-bit), just use int64_t. Some of the overly complicated configure tests need to be deleted after this change but that is safe as we're building in a controlled environment and can assume int64_t exists. With this done the header doesn't change between architectures, and it doesn't need to be wrapped by oe_multilib_header. (From OE-Core rev: 6c9ffa50d00a55122ed861e1818186035fd89715) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash-completion: remove rfkill file that util-linux providesChen Qi2017-12-041-1/+1
| | | | | | | | | | | | Remove the rfkill bash completion file that util-linux provides to avoid conflicts. (From OE-Core rev: 1657f98528e6ea70e77b5f8cbe85b8ce970c3535) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security Advisory - curl - CVE-2017-1000254Li Zhou2017-12-042-0/+139
| | | | | | | | | | | | | Porting patch from <https://github.com/curl/curl/commit/ 5ff2c5ff25750aba1a8f64fbcad8e5b891512584> to solve CVE-2017-1000254. (From OE-Core rev: 4e22302603c6a1fc56ef77cdc10e1b1f631a274e) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 08f8d5db06647b94f96d655100c358047682dd2f) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nettle-ptest: fix a failing testJuro Bystricky2017-12-042-0/+24
| | | | | | | | | | | | | | | | | This patch changes the result of the nettle dlopen-test from FAIL to PASS. The test used to fail because the test could not find and load libnettle.so. This patch fixes this by using absolute path instead of relative. This was the only test out of 88 that used to fail. (From OE-Core rev: 511db7c256dbb3f8ba95eabd025d427384d4a1cb) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit f12d493418417c8529a97c7a768e4af58ea5c91b) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: add 'enable-ares' packageconfig optionJavier Viguera2017-12-041-0/+2
| | | | | | | | | | | | | | | | | This build time option is needed to use the '--dns-interface' runtime parameter to instruct 'curl' to use a specific interface for DNS resolution. Not enabled by default, as it depends on 'c-ares' package from meta-openembedded (meta-networking). (From OE-Core rev: 8f3d34217b5b95f1f159c362c6f5dad3ba4fb290) Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 4fe0aa3791db0ee6c85e7a068f69def6e7c0da46) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rng-tools: Fix crazy defaultsRichard Purdie2017-12-041-2/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | Feeding the output of /dev/urandom into /dev/random is pretty much insane and not something we should encourage. I can't really imagine a scenario where this would be a sensible idea since /dev/urandom if effectively derived from /dev/random. This changes the tool to default to /dev/hwrng which makes much more sense, feeding hardware entropy into the random pool. In the QEMU case, this will feed entropy from the host into the guests which is also what we want. Yes, this change will cause rngd not to start if /dev/hwrng isn't present, but it isn't needed if that isn't so I don't see this as a bad thing. (https://wiki.archlinux.org/index.php/Rng-tools has a section in red which agrees with the above, "this is a really bad idea, since you are simple filling the kernel entropy pool with entropy coming from the kernel itself!") (From OE-Core rev: d177516d846ec4bed483d7e9d80775bb341c869e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f1dc9ac46710814c27cae2d22e79c84a9522993a) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sqlite3: fix CVE-2017-13685Wenzong Fan2017-10-162-0/+58
| | | | | | | | | | | | | | | | The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file. Backport patch to fix the issue. Some references: https://sqlite.org/src/info/02f0f4c54f2819b3 http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html (From OE-Core rev: 9b9f566d2042f2b393de88506d2da964bc4d17b0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: Fix building on armv6Paul Barker2017-10-162-0/+97
| | | | | | | | | | | This patch is backported from the upstream git repository to fix building libgcrypt on armv6 platforms such as raspberrypi. (From OE-Core rev: c47ed9aa7a34ef62b3ffaea6ebd5cc9e7c052899) Signed-off-by: Paul Barker <pbarker@toganlabs.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* argp-standalone: drop RDEPENDS dev/staticdev packages on main packageMing Liu2017-10-071-0/+3
| | | | | | | | | | | | This ensures argp-standalone-staticdev package could be installed correctly(without depending on the empty argp-standalone package) if it's being required during SDK population. (From OE-Core rev: 6d13c09fb57e13aa4aae590cd49cff7279c8685d) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nspr, nss: Use BUILD_CC instead of hardcoded "gcc"Nikolay Merinov2017-10-072-4/+4
| | | | | | | | | | | | | Recipes nspr_4.16.bb and nss_3.31.1.bb ignored BUILD_CC and it's BUILD_CFLAGS and tried to compile with hardcoded "gcc" instead. As result build for this recipes will fail if host use different name for compiler or require any flags. (From OE-Core rev: 79e3339ab9edacb9e34d3725305d5880a974364a) Signed-off-by: Nikolay Merinov <n.merinov@inango-systems.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Added option to enable http2 protocol.baali2017-09-261-1/+1
| | | | | | | | | | | | With default --without-nghttp2 flag set there was no way to get http2 protocol support using nghttp2 library. Instead moved it to PACKAGECONFIG options (From OE-Core rev: bcc8560300c8b1218b1f3709f5a7732e17fbfa46) Signed-off-by: baali <shantanu@senic.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: fix CVE-2017-0379Hongxu Jia2017-09-262-0/+159
| | | | | | | | | | Backport the fix from https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git; a=commit;h=bf76acbf0da6b0f245e491bec12c0f0a1b5be7c9 (From OE-Core rev: 3b827eff306c484d78d61b259cd5d4eef8df381c) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ptest-runner: fix segfault with -t optionYi Zhao2017-09-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | The ptest-runner would segfault with -t option: root@qemux86-64:~# ptest-runner -d /usr/lib test_pkg -t 5 [ 237.234112] ptest-runner[810]: segfault at 0 ip 000000382e638060 sp 00007fff9130f400 error 4 in libc-2.26.so[382e600000+1a7000] It is safe to bump SRCREV to latest upstream commit to fix this issue because there is only one commit since the last update: commit 8a93832dad621535e90aa8e1fb74ae5ba743fc3e Author: Anders Wallin <wallinux@gmail.com> Date: Sun May 28 11:47:00 2017 +0200 timeout option missing the argument option ":" to getopt ptest-runner -t xx gives segfault Signed-off-by: Anders Wallin <wallinux@gmail.com> Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> (From OE-Core rev: 503ce98bb89dfa019faff872121c8911e6465b05) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libffi: Add HOMEPAGE info into recipe file.Huang Qiyu2017-09-221-0/+1
| | | | | | | | (From OE-Core rev: cfe74cb67f284e58c6d133d456fb6d8e763f3e5c) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nspr: Fix build with musl/mipsKhem Raj2017-09-212-0/+32
| | | | | | | | (From OE-Core rev: ecf386d113011c430a2e04dfdac981a265a83b7b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* attr: Backports to fix exported headersKhem Raj2017-09-182-0/+70
| | | | | | | | | | | | Packages which depends on attr headers fail due to uint32_t not being defined, this needed header to include sys/types.h (From OE-Core rev: af7c8f8a9bfc3396dc729f3fc54c38d19f2aa3fc) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libproxy: use stable download URLRoss Burton2017-09-181-4/+3
| | | | | | | | | | GitHub automatically-generated tarballs from tags can and do change over time, so change libproxy to use the uploaded tarball. (From OE-Core rev: 1a159da61a8a3d06918f838b1dcec45eed2815a7) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* at-spi2-core: Add HOMEPAGE info into recipe file.Huang Qiyu2017-09-131-0/+1
| | | | | | | | (From OE-Core rev: fb70550c1553d3f3907c2752a742acd3db940123) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* at-spi2-atk: Add HOMEPAGE info into recipe file.Huang Qiyu2017-09-131-0/+1
| | | | | | | | (From OE-Core rev: 927316c17135b87892103c7008f68b3d58631e2f) Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libfm: remove file which conflicts with libfm-extraRoss Burton2017-09-111-0/+1
| | | | | | | | | | Both libfm and libfm-extra provide /usr/include/libfm, so remove it from libfm to avoid sysroot conflicts. (From OE-Core rev: 1ca7d8d89e35f55082d1708639e2146794730a0c) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bmap-tools: switch to Python 3Ed Bartosh2017-09-111-5/+2
| | | | | | | | | | | | | | bmap-tools is the only recipe in oe-core that still uses Python 2. Switching it to Python 3 should help to get rid of building native Python 2 and its dependencies. [YOCTO #11891] (From OE-Core rev: 0d6130b30a1219b2bc2c57578f291311f69c676e) Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bmap-tools: upgrade to v3.4Ed Bartosh2017-09-111-2/+2
| | | | | | | | | | Upgraded to the latest upstream release. (From OE-Core rev: fa36678698108023242f2afbd4e54d6709f84420) Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shared-mime-info: enable nativesdk buildsRoss Burton2017-09-111-2/+1
| | | | | | | | | | Also remove the redundant DEPENDS_class-native, as the native class generates this value automatically. (From OE-Core rev: 7d2d73bf5e9fba30ae79e535adff256b94248e62) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: fix CVE-2017-1000099, 1000100, 1000101Wenzong Fan2017-09-054-0/+194
| | | | | | | | | | | | | | | | | | | | Backport upstream commits to fix: - CVE-2017-1000099 https://curl.haxx.se/docs/adv_20170809C.html https://curl.haxx.se/CVE-2017-1000099.patch - CVE-2017-1000100 https://curl.haxx.se/docs/adv_20170809B.html https://curl.haxx.se/CVE-2017-1000100.patch - CVE-2017-1000101 https://curl.haxx.se/docs/adv_20170809A.html https://curl.haxx.se/CVE-2017-1000101.patch (From OE-Core rev: 2eb590bbeab4dbf2583a78fcbaf3723757116123) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: enable threaded resolverAndré Draszik2017-09-051-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | Multi-threaded applications using libcurl crash on DNS timeouts when built using OE. The reason is as follows: By default, libcurl implements DNS timeouts using a timer (alarm()) and a pair of setjmp()/longjmp(). This approach is unsafe in multi-threaded applications for various reasons, as e.g. explained in the relevant man-pages. To avoid this, libcurl can be compiled with a built-in threaded resolver, or against the c-ares asynchronous resolver library. To keep extra dependencies to a minimum, and to mimic other distributions (debian at least), and because c-ares is not available in OE-core, add a PACKAGECONFIG to be able to enable use of of the built-in threaded resolver and enable it by default. (From OE-Core rev: 41f1e44fce976c4140cda62a41349e91e69d04ef) Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnupg: 2.1.23 -> 2.2.0Hongxu Jia2017-09-021-2/+2
| | | | | | | | | | https://lists.gnupg.org/pipermail/gnupg-announce/2017q3/000413.html (From OE-Core rev: 404cdecec24bc2ed4e2cacc76cd50db7622171cd) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsoup: upgrade to 2.58.2Ross Burton2017-09-021-2/+2
| | | | | | | | | | This fixes CVE-2017-2885 (stack overflow with HTTP chunked encoding), no other relevant changes. (From OE-Core rev: 56d25765641acaadc21391bd7b00187cf0f4ffe0) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: update to 20170717Alexander Kanavin2017-08-311-2/+1
| | | | | | | | | | | | | This is actually the same version as previously; upstream didn't have a tag for it before and now it does, so we can reduce confusion. The SRCREV change is due to a few added commits which modify upstream's debian packaging (not used by us). (From OE-Core rev: 8359730165908025b0762eaa25569e2fdcd9d086) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre2: Fix CVE-2017-7186Robert Yang2017-08-312-0/+97
| | | | | | | | | | | | | | | | A fuzz on libpcre1 through the pcretest utility revealed an invalid read in the library. For who is interested in a detailed description of the bug, will follow a feedback from upstream: This was a genuine bug in the 32-bit library. Thanks for finding it. The crash was caused by trying to find a Unicode property for a code value greater than 0x10ffff, the Unicode maximum, when running in non-UTF mode (where character values can be up to 0xffffffff). (From OE-Core rev: 1b87201784e733f3a9d436f56cb5a6151ba6bdfa) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre2: Fix CVE-2017-8786Robert Yang2017-08-312-0/+94
| | | | | | | | | | | The pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression. (From OE-Core rev: dd63a26fedb8a578d34850ede4c27e26b8876e7e) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rng-tools: add systemd service fileDengke Du2017-08-272-2/+21
| | | | | | | | | Add systemd service file for rng-tools. (From OE-Core rev: d374897100ae756df72677d47c9c70c7fefca192) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* taglib: Security fix CVE-2017-12678Yi Zhao2017-08-272-1/+44
| | | | | | | | | | | | | | | | | | CVE-2017-12678: In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-12678 Patch from: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6 (From OE-Core rev: 24ac12ecb19efc7c131c9711ba32e298ba860eb7) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* db: Add --tag parameter to libtool invocationKhem Raj2017-08-252-6/+59
| | | | | | | | | | | | | | | | | | | Fix do_configure to be able to regenerate configure files Use cross libtool as installed by OE, as done in normal autotooled recipes These changes help in invoking the libtool with proper tags for C and C++ compiler and linker invocation and not use same tag across all different invocations Fixes errors like libtool: compile: unable to infer tagged configuration libtool: compile: specify a tag with `--tag' (From OE-Core rev: afa9f769d62034d4443dfe929422d1d591adf709) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: Fix postinst dependency issuesRichard Purdie2017-08-251-5/+6
| | | | | | | | | | | | | | | | We were relying on running ca-certificates from the -native version. This meant the host and target path layouts had to match which might not be true, it certainly isn't true for the sdk builds. There was a dependency on run-parts which wasn't represented (we can get it from busybox or debianutils). Since this is an allarch script, call the script directly, making sure debianutils and openssl are available as postinst rootfs time to resolve the issues. (From OE-Core rev: d9575e05f2cb8bf293534c036ddc0d0336701256) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* debianutils: Add a native version (for run-parts)Richard Purdie2017-08-251-1/+3
| | | | | | (From OE-Core rev: 46985e66c193ad2aa9b575aeab5c78740bc5a4ed) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: add python to default PACKAGECONFIG optionsJackie Huang2017-08-241-1/+1
| | | | | | | | | | We want to provide python libs by default, and some other popular Linux distributions like redhat/fedora does the same. (From OE-Core rev: 41744c418009dccc5f79c1a4a28419807d67837c) Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* acl_2.25: improve reproducibilityJuro Bystricky2017-08-241-0/+5
| | | | | | | | | Remove all host build references from the acl-ptest package. (From OE-Core rev: 6b799e4b315ee5a1eaba9f445b2ba7d37d1e0176) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* attr: improve reproducibilityJuro Bystricky2017-08-241-0/+6
| | | | | | | | | Remove all host build references from the attr-ptest package. (From OE-Core rev: 0a181e26d09978bff850bc6b303de6053f7c53df) Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bmap-tools: add "python-mmap" to RDEPENDSBinghua Guan2017-08-231-1/+1
| | | | | | | | | | | bmap-tools has run-time dependency on "python-mmp" which is missing in the RDEPENDS. "bmaptool" command in the target will fail without this patch. (From OE-Core rev: 1127154b958d0a0e167cefff4bc40dfb86e3378a) Signed-off-by: Binghua Guan <freebendy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>