| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When running 32bit code on a large filessytem with 64bit inodes, the
fontcache was not being created correctly because an EOVERFLOW was being
returned from the fstat when reading the 64 inode on a 32bit system.
The fontcache is created at rootfs time on the host system via qemu.
[YOCTO #6338]
(From OE-Core rev: bf6fcfa17d73171623a4d27089c32031705c2591)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Currently the SDL configuration option for qemu floats. This is confusing to new users
and makes the build non-determinstic. This patch adds a PACKAGECONFIG option, defaulting
to off and adds documentation to local.conf.sample leaving it on by default since this
is the configuration our quick start assumes.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Patches explain the issue in detail but this is exposed
with gcc 4.9 in binutils 2.24
(From OE-Core rev: fc5c467b680fc5aef4b0f689e6988e17a9322ae0)
(From OE-Core rev: 4dfb8847ebf8aab90ad8888933468e2899c96998)
(From OE-Core rev: af347d3298e15552d502d5b2ce497bbda9705bc7)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: c54fa061da6195081cd29817a351a36377b58e53)
(From OE-Core rev: 7c58b852f21588b2763a1b90d8f3cf2f31a868e2)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Depends on cryptodev-linux for providing a header file
(From OE-Core rev: b7587d2ef7642dcc248744ade8f85f815185e78c)
(From OE-Core rev: a0930e6dfabc32a0f1f116a9de05c2b4b3b3a216)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: a3a834cf9f35682655661a7c6ba66c1de3491320)
(From OE-Core rev: d069595deb434cb6a0e8caf6f156cb20630dff97)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: e7aace7658fabe41839a3ec1b596bf28c6a4c02e)
(From OE-Core rev: 421e8aa969135097fcc2da0625ad74c1934297a2)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via a
crafted (1) width or (2) height dimension that is not a multiple of
sixteen in id RoQ video data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0849
(From OE-Core rev: 1a43a8054f51fbd542f3f037dc35f8b501e455bf)
(From OE-Core rev: 2a6b495d9f6017874057942b1ba42ab220c7c517)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The decode_slice_header function in libavcodec/h264.c in FFmpeg before
1.1 allows remote attackers to have an unspecified impact via crafted
H.264 data, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850
(From OE-Core rev: 69f3f0f94f4fd224e5a6b275207adf0539d085c3)
(From OE-Core rev: bf7b08d94c1d8282ca7ea584254d5c0d1fd7e469)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted Apple
Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0856
(From OE-Core rev: 571ccce77859435ff8010785e11627b20d8b31f4)
(From OE-Core rev: a51eb5fc4c5c2da67219bdd0d84c6fab8ed2343e)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c
in FFmpeg before 1.1 allows remote attackers to have an unspecified
impact via crafted MJPEG data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854
(From OE-Core rev: b3d9c8f603ebdbc21cb2ba7e62f8b5ebb57c40c1)
(From OE-Core rev: ed928b72dcc9a7eca01abb41aabca3553c47ffe3)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted
Electronic Arts Madcow video data, which triggers an out-of-bounds array
access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0851
(From OE-Core rev: 8c9868d074f5d09022efc9419ee09eb805f68394)
(From OE-Core rev: ae619444026ebfa0dd7e87a37571d56d558f37d6)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before
1.0.4 allows remote attackers to have an unspecified impact via ATRAC3
data with the joint stereo coding mode set and fewer than two channels.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858
(From OE-Core rev: 0ee8754c973f5eff3ba4d00319a5308888c12b17)
(From OE-Core rev: 58aaf7ef101efb046a03e65fb084e9dfe871c648)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via
crafted RLE data, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0852
(From OE-Core rev: 37f9371b44bd914fdd64e4c4e4448a2908512203)
(From OE-Core rev: e7fc2b61bc44df58a23d02775847015a52ea8fcb)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to
have an unspecified impact via a crafted block length, which triggers an
out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0845
(From OE-Core rev: cc6e2ee53c49206aa3377c512c3bd1de2e14a7b7)
(From OE-Core rev: 0cfba084a543bc928de8da2ea95ed6aa11a05fa3)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers
to have an unspecified impact via crafted Huffyuv data, related to an
out-of-bounds write and (1) unchecked return codes from the init_vlc
function and (2) len==0 cases.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0868
(From OE-Core rev: 29dcc2c8e834cf43e415eedefb8fce9667b3aa40)
(From OE-Core rev: 8229523ea86e9545cc0ee9e34af12a2f84d0809e)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.1.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2099
(From OE-Core rev: 3e27099f9aad1eb48412b07a18dcea398c18245b)
(From OE-Core rev: 5898f20bb2f38a91b2dd1b4cc4798fd960331a14)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before
1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an
unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood
Studios VQA Video file, which triggers an out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0865
(From OE-Core rev: 4a93fc0a63cedbebfdc9577e2f1deb3598fb5851)
(From OE-Core rev: 62854105de72f09dcffa08dbdc975e8f306a4a39)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier,
allows remote attackers to have unspecified impact and vectors, which
trigger an out-of-bounds write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2263
(From OE-Core rev: 70bf8c8dea82e914a6dcf67aefb6386dbc7706cd)
(From OE-Core rev: 408581d744221a1dc723ed6bf4985b1021aa52c4)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298
(From OE-Core rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b)
(From OE-Core rev: da3ba2886c27ce222f8c394e8fa56bbf8a128de6)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers
to cause a denial of service (out-of-bounds write) via a crafted (1)
extension block in a GIF image or (2) GIF raster image to
tools/gif2tiff.c or (3) a long filename for a TIFF image to
tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which
states that the input cannot exceed the allocated buffer size.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple
buffer overflows in libtiff before 4.0.3 allow remote attackers to cause
a denial of service (out-of-bounds write) via a crafted (1) extension
block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3)
a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1
and 3 are disputed by Red Hat, which states that the input cannot exceed
the allocated buffer size.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231
(From OE-Core rev: 19e6d05161ef9f4e5f7277f6eb35eb5d94ecf629)
(From OE-Core rev: c21a6b18001801532c459579b9ebfc8ae824dace)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=919877
https://bugzilla.mozilla.org/show_bug.cgi?id=713933
changeset: 10946:f28426e944ae
user: Wan-Teh Chang <wtc@google.com>
date: Tue Nov 26 16:44:39 2013 -0800
summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls
changeset: 10945:774c7dec7565
user: Wan-Teh Chang <wtc@google.com>
date: Mon Nov 25 19:16:23 2013 -0800
summary: Bug 713933: Declare the |falseStart| local variable in the smallest
changeset: 10848:141fae8fb2e8
user: Wan-Teh Chang <wtc@google.com>
date: Mon Sep 23 11:25:41 2013 -0700
summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org
changeset: 10898:1b9c43d28713
user: Brian Smith <brian@briansmith.org>
date: Thu Oct 31 15:40:42 2013 -0700
summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc
(From OE-Core rev: 11e728e64e37eec72ed0cb3fb4d5a49ddeb88666)
(From OE-Core rev: 9f5402d5e40b82213fdfc09fcfc71d22f8bf5a0e)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492
https://bugzilla.mozilla.org/show_bug.cgi?id=903885
changeset: 11063:709d4e597979
user: Kai Engert <kaie@kuix.de>
date: Wed Mar 05 18:38:55 2014 +0100
summary: Bug 903885, address requests to clarify comments from wtc
changeset: 11046:2ffa40a3ff55
tag: tip
user: Wan-Teh Chang <wtc@google.com>
date: Tue Feb 25 18:17:08 2014 +0100
summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie
changeset: 11045:15ea62260c21
user: Christian Heimes <sites@cheimes.de>
date: Mon Feb 24 17:50:25 2014 +0100
summary: Bug 903885, fix IDNA wildcard handling, r=kaie
(From OE-Core rev: a83a1b26704f1f3aadaa235bf38094f03b3610fd)
(From OE-Core rev: 65ebe470a8d69073d0ebce3111abdb0c2e2ebe3c)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277
(From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e)
(From OE-Core rev: 0517d47172c68097e30a5063cd09c1da6158c71d)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847
(From OE-Core rev: 3962b76185194fa56be7f1689204a1188ea44737)
(From OE-Core rev: 8d52c071e66ff02a9f5ea9d4a60f3e06905b01db)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845
(From OE-Core rev: 432666b84b80f8b0d13672aa94855369f577c56d)
(From OE-Core rev: 890cbced4c2bc45db3b5ec493d5f390f2de70bc2)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131
(From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f)
(From OE-Core rev: 0cb67304f5b124d21468fcbc2928c7cb1f37c5f6)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505
(From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167)
(From OE-Core rev: d245459306939aef078a89e671ec093e3d6321cd)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.
(From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea)
(From OE-Core rev: 4a67bb2a27c1c32b2a912b603e1c543db9e1810e)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Race condition in GNU screen 4.0.3 allows local users to create or
overwrite arbitrary files via a symlink attack on the
/tmp/screen-exchange temporary file.
(From OE-Core rev: be8693bf151987f59c9622b8fd8b659ee203cefc)
(From OE-Core rev: 6874667333d83960d03f1b30030fe42b747b5972)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-extended/screen/screen_4.0.3.bb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with
world-readable permissions, which might allow local users to obtain
sensitive session information.
(From OE-Core rev: 25a212d0154906e7a05075d015dbc1cfdfabb73a)
(From OE-Core rev: f61238b9431e6470d7e76f8c37c51cebe069514a)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-extended/screen/screen_4.0.3.bb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and
earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking
by presenting an unacceptable HostCertificate.
(From OE-Core rev: 7b2fff61b3d1c0566429793ee348fa8978ef0cba)
(From OE-Core rev: 6a8a9903de24cc7e1f27b1f7202bd4157719327c)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssh/openssh_6.5p1.bb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sshd in OpenSSH before 6.6 does not properly support wildcards on
AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character.
(From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596)
(From OE-Core rev: e5786afbfa79e1288d1df2401684c4c151c60406)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssh/openssh_6.5p1.bb
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use STAGING_EXECPREFIXDIR to specify the location of glut
header files and libs rather than STAGING_LIBDIR.
Also revert the previous unneeded change to glut.patch.
(From OE-Core rev: f38c1846184722180d9091a7a5c1e6e20eed7f2c)
(From OE-Core rev: 1a965b2ecca07d231a8058e453cbeafacc5b6c69)
Signed-off-by: Drew Moseley <drew_moseley@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 55ecbebdf13ef46f0fb4d87ef11651fe692be33d)
(From OE-Core rev: 359a3317684cdd61b35bf569b0b65148e89abe12)
Signed-off-by: Drew Moseley <drew_moseley@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
qemu configure will search for libssh2 if we do not enable or
disable it's use, resulting in non-deterministic builds. We
define PACKAGECONFIG[] to avoid this.
(From OE-Core rev: ecb819b12a89e4e944974068d2e20ed226979317)
(From OE-Core rev: f9f2f347571b0c15813354de1a2ce275c878b7fb)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add PACKAGECONFIG for 'babeltrace' so that we don't have the implicit
dependency which might lead to problems when building images.
As an example of showing what problem we might have without this patch,
see the following steps which would lead to a failure.
1. IMAGE_INSTALL_append = " gdb"
2. bitbake babeltrace
3. bitbake gdb
4. bitbake babeltrace -ccleansstate
5. bitbake core-image-minimal
The rootfs process would fail with the following error message.
error: Can't install gdb-7.7-r0@i586: no package provides babeltrace >= 1.2.1+git0+66c2a20b43
(From OE-Core rev: 3c34d9391136b09bc2e7b0bda6cdc96507845c4b)
(From OE-Core rev: ebe73f25c68780d1a5f593e7b842312ac738b324)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
As per the comment, this makes it match the Makefile
(From OE-Core rev: 6fce92430e6e837d068eb8531dcd432f38adca3a)
(From OE-Core rev: be4aef60e6da08b77a5c1fbbf783305bee9f96ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
[YOCTO #6309]
It appears a logic issue has caused rpm -V to no longer
verify the files on the filesystem match what was installed.
(From OE-Core rev: 117862cd0eebf6887c2ea6cc353432caee2653aa)
(From OE-Core rev: 0fe6974b3a4bd4d4fc1d8d4398650c1313840f01)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
opkg fails to build on hosts with older autotools versions.
[YOCTO #6293]
(From OE-Core rev: 01f3afece8917a5f965f463b79e04693b0d2932a)
(From OE-Core rev: 41da4686404e130ac844ac7ea3553b38cff6aa88)
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to pass CFLAGS and LDFLAGS to the makefile correctly so we
need to list them as part of EXTRA_OEMAKE.
We also have a problem where git hardlinks binaries in bindir with
those in its libexecdir. If we change the RPATH in one of them, it
breaks the other. We therefore set the no cross dir hardlinking flag
git already has for this kind of issue. This ensures the RPATHS for
the git-core binaries works correctly. Its pure luck this has
sometimes worked so far.
(From OE-Core rev: 64c6ae6a69215b659b82c67e238bc0fbc09a3eab)
(From OE-Core rev: 9b2e7dcb8cbf00670954d8314f4a8f97b674274d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Git-replacement-native needs the generated files in place for https:// URIs:
WARNING: Failed to fetch URL git://github.com/kernelslacker/trinity.git;protocol=https, attempting MIRRORS if available
ERROR: Fetcher failure: Fetch command failed with exit code 128, output:
Cloning into bare repository '/build/linaro/build/build/downloads/git2/github.com.kernelslacker.trinity.git'...
fatal: unable to access 'https://github.com/kernelslacker/trinity.git/': error setting certificate verify locations:
CAfile: /build/linaro/build/build/tmp-eglibc/sysroots/x86_64-linux/etc/ssl/certs/ca-certificates.crt
CApath: none
ERROR: Function failed: Fetcher failure for URL: 'git://github.com/kernelslacker/trinity.git;protocol=https'. Unable to fetch URL from any source.
ERROR: Logfile of failure stored in: /build/linaro/build/build/tmp-eglibc/work/aarch64-oe-linux/trinity/1.3-r0/temp/log.do_fetch.7843
ERROR: Task 1378 (/build/linaro/build/meta-linaro/meta-linaro/recipes-extra/trinity/trinity_1.3.bb, do_fetch) failed with exit code '1'
(From OE-Core rev: 74a772727cbf4d76d2ef314041acafb3086e4ff9)
(From OE-Core rev: 90c97c32d982ede16297c2cd5a5fb9d6794f5401)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the adaptation for the a bugfix upstream
The inappropriate file src/tool_hugehelp.c presence in the curl 7.36 release
interfered with the upstream fix for
https://sourceforge.net/p/curl/bugs/1350/
(From OE-Core rev: c5a52f5b5ae7c5528bc59ee7fb69a2f460a89b81)
(From OE-Core rev: 59c390885d9a6562c02cca0a6193a88aa2a72e78)
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
[sgw - rebased patch for daisy]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Mostly cosmetic, but entries in PACKAGES should be specified the exact same way as FILES/RRECOMMENDS entries to avoid problems.
(From OE-Core rev: 4d2a7f47a9830788455afe00a7c6a857cebbcb81)
(From OE-Core rev: 66ba1d0e800b67399028d0f164f8f39b1a9fbe88)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Freetype has an automatically detected dependency on Harfbuzz, which has a
dependency on Freetype.
To produce deterministic builds and avoid link failures when rebuilding freetype
with harfbuzz present add a PACKAGECONFIG for Harfbuzz and disable it by
default.
(From OE-Core rev: 17131d42c02b591e1b6d547852cb09b004b8d609)
(From OE-Core rev: 4bb76f0e21e699bd70e52b8cbd7c6986d179bd8a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There might be an error when parallel build:
[snip]
cp: cannot create directory `tmp/sysroots/x86_64-linux/usr/share/
syslinux/com32/include/gplinclude': No such file or directory
make[4]: *** [install] Error 1
make[3]: *** [gpllib] Error 2
[snip]
This is a potential issue. In ${S}/com32/gpllib/Makefile file,
install target wants to copy $(SRC)/../gplinclude to
$(INSTALLROOT)$(COM32DIR)/include/ directory, but in ${S}/com32/lib/Makefile
file, the install target will remove $(INSTALLROOT)$(COM32DIR)/include
directory. We need to do com32/lib first.
The patch make com32/gpllib depends on com32/lib to fix this issue.
(From OE-Core rev: cae1a039658cfb47390650ad5b56536ff19e1217)
(From OE-Core rev: fa97064172a2191fbb778565475a074d08d54f9a)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
To fix check of REQUIRED_DISTRO_FEATURES fix indentation in python code.
[YOCTO #6349]
Reported and written by: Sebastian Wiegand <sebastian.wiegand@gersys.de>
(From OE-Core rev: 986db87a3931edce8be79f309d07497e4179a810)
(From OE-Core rev: d56b29b251d94f16992726a0ed0192693265a20d)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes the bzip2 ptest execution failure:
root@qemux86:/usr/lib/bzip2/ptest# ./run-ptest
make: *** No rule to make target 'runtest'.
(This is also applicable for daisy branch)
(From OE-Core rev: a8157ba1682c650962150f941b2db775156bbde6)
(From OE-Core rev: 0927dbf7183574fc17f3684fff39a74385b971a5)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Apply the change "lttng-modules: Fix 3.14 bio tracepoints" to
2.3.3 as well as 2.4.0.
(From OE-Core rev: a419ad43a5b3aa5bc3aa095af4d79abe4c24b0d7)
(From OE-Core rev: d02b69b622d0900add7a30879b82281be2cfd88a)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add systemd unit file tcf-agent.service.
(From OE-Core rev: 1a4feebf98780f586bf2e81cf9844e6805a50799)
(From OE-Core rev: 22f99c2aca4af26520ad75b33bb48f2a248ab7af)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
