| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Security Advisory - ffmpeg - CVE-2013-0866
The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before
1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an
unspecified impact via a large number of channels in an AAC file, which
triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0866
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0875
The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in
FFmpeg before 1.1.3 allows remote attackers to have an unspecified
impact via a crafted PNG image, related to an out-of-bounds array
access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0875
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0860
The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg
before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a
frame is fully initialized, which allows remote attackers to trigger a
NULL pointer dereference via crafted picture data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0860
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-3934
Double free vulnerability in the vp3_update_thread_context function in
libavcodec/vp3.c in FFmpeg before 0.10 allows remote attackers to have
an unspecified impact via crafted vp3 data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3934
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-3946
The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg
before 0.10 allows remote attackers to have an unspecified impact via
crafted Supplemental enhancement information (SEI) data, which triggers
an infinite loop.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3946
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-7023
The ff_combine_frame function in libavcodec/parser.c in FFmpeg before
2.1 does not properly handle certain memory-allocation errors, which
allows remote attackers to cause a denial of service (out-of-bounds
array access) or possibly have unspecified other impact via crafted
data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7023
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-7009
The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before
2.1 does not properly maintain a pointer to pixel data, which allows
remote attackers to cause a denial of service (out-of-bounds array
access) or possibly have unspecified other impact via crafted Apple RPZA
data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7009
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0855
Integer overflow in the alac_decode_close function in libavcodec/alac.c
in FFmpeg before 1.1 allows remote attackers to have an unspecified
impact via a large number of samples per frame in Apple Lossless Audio
Codec (ALAC) data, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0855
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-4351
Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before
0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute
arbitrary code via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4351
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0848
The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via a crafted
width in huffyuv data with the predictor set to median and the
colorspace set to YUV422P, which triggers an out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0848
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-3944
The smacker_decode_header_tree function in libavcodec/smacker.c in
FFmpeg before 0.10 allows remote attackers to have an unspecified impact
via crafted Smacker data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3944
file://0001-huffyuvdec-check-width-more-completely-avoid-out-of-.patch \
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-7010
Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg
before 2.1 allow remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact
via crafted data.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7010
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2011-3941
The decode_mb function in libavcodec/error_resilience.c in FFmpeg before
0.10 allows remote attackers to have an unspecified impact via vectors
related to an uninitialized block index, which triggers an out-of-bound
write.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3941
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0846
Array index error in the qdm2_decode_super_block function in
libavcodec/qdm2.c in FFmpeg before 1.1 allows remote attackers to have
an unspecified impact via crafted QDM2 data, which triggers an
out-of-bounds array access.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0846
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2012-6618
The av_probe_input_buffer function in libavformat/utils.c in FFmpeg
before 1.0.2, when running with certain -probesize values, allows remote
attackers to cause a denial of service (crash) via a crafted MP3 file,
possibly related to frame size or lack of sufficient frames to estimate
rate.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6618
gst-ffmpeg: Security Advisory - ffmpeg - CVE-2012-6617
The prepare_sdp_description function in ffserver.c in FFmpeg before
1.0.2 allows remote attackers to cause a denial of service (crash) via
vectors related to the rtp format.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6617
(From OE-Core rev: 58f08a96764094189b5aaf3cc8b4cc0c95e23409)
(From OE-Core rev: 9b3a2d0716540dae72376a8c2e418b244a85c0cb)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote
attackers to execute arbitrary code or cause a denial of service
(out-of-bounds write) via vectors involving the sprintf and console
functions.Per: http://cwe.mitre.org/data/definitions/787.html
(From OE-Core rev: 191cab2f679491c2b6ddba49c5cf4886dcd22f57)
(From OE-Core rev: bebfeb6d4deac18601edda8dcac0f32c3382cb06)
Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module
in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of
service (assertion failure and abort) via an empty UDP packet.
Fix it by picking a patch from pulseaudio upstream code.
(From OE-Core rev: f9d7407e54f1fa3d3a316a5bbb8b80665e6f03fd)
(From OE-Core rev: cf008bce23e897d1c3a51805af839af9241271df)
Signed-off-by: Shan Hai <shan.hai@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
https://hg.mozilla.org/projects/nss/rev/204f22c527f8
author Robert Relyea <rrelyea@redhat.com>
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
(From OE-Core rev: 7ef613c7f4b9e4ff153766f31dae81fc4810c0df)
(From OE-Core rev: 7e4f3f167c40c09bf2c32f5e366a8fad3c66b74b)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integrate community fix for the issue CVE-2013-1961
and migrated to version 4.0.3.
Stack-based buffer overflow in the t2p_write_pdf_page function
in tiff2pdf in libtiff before 4.0.3 allows remote attackers to
cause a denial of service (application crash) via a crafted
image length and resolution in a TIFF image file.
(From OE-Core rev: f24e3456c60951d2985d7c23bdcc1f8c15d6c167)
(From OE-Core rev: 9b8ca9d9b0b12dff8a3908da00020d253685958f)
Signed-off-by: Priyanka Shobhan <priyanka_shobhan@mentor.com>
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Muzaffar Mahmood <muzaffar_mahmood@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When use default install directory, we can't get the environment setup
script path. The reason is that opkg-cl list incorrect files paths.
This patch sets env_script variable to make us get correct environment
setup script path.
[YOCTO #6443]
(From OE-Core rev: b0ac1ea1f7eaca92b613f874ee2cbf6830743a71)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
The recent bintuils patch update breaks on older gccs such as CentOS 6.
Backport a patch to address this.
(From OE-Core rev: 947c1bab91993be149fba1d09aedbe8509902fbe)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We enable the python module in nativesdk-libxml2, but the python binary
used is in the native sysroot and thus you get the module installed in
the wrong path. Even with that fixed the python files are still
unpackaged, so create an ${PN}-python package and add them to it. (This
does not affect the libxml target build at all since python is disabled
for that.)
(From OE-Core rev: 360fc811ff843c63f796e958517a5152f07e851d)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently linux-firmware rebuilds for each machine due to its usage of
update-alternatives which in turn means a dependency on opkg-utils.
Marking opkg-utils as ABISAFE is the only option we have right now
to avoid this.
(From OE-Core rev: e4c4ca3101062ecc956294ac968dc488321eb33b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steffen Sledz <sledz@dresearch-fe.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Taking run-postinsts and building for two machines which have different
OVERRIDES leads to two different sets of stamps for an allarch package.
We don't need to depend on OVERRIDES in these classes, the end resulting
variables are good enough. We can therefore exclude the dependency
and allow a single package to be generated for run-postinsts.
(From OE-Core rev: 6e875148f79a6877653a5bf95879b8cda1cacbc6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steffen Sledz <sledz@dresearch-fe.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Currently allarch recipes using useradd rebuild each time MACHINE
changes which is not desireable. Adding the useradd dependencies
to this list ensures they do not change under these circumstances.
(From OE-Core rev: 0306b6122a34579673ab89fa4869d577995af960)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steffen Sledz <sledz@dresearch-fe.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment
Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
(From OE-Core rev: e358d20e8ccf1299e8a046e743a31e92546cd239)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-6271 aka ShellShock.
"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."
(From OE-Core rev: eb41d5d4eaee1c810f8e418704c110c2005d0197)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
__gconv_translit_find: Disable function [BZ #17187]
This functionality has never worked correctly, and the implementation
contained a security vulnerability (CVE-2014-5119).
(From OE-Core rev: 3f0a4551969798803e019435f1f4b5e8f88bea1a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mozilla Network Security Services (NSS) before 3.15.2 does
not ensure that data structures are initialized before
read operations, which allows remote attackers to cause a
denial of service or possibly have unspecified other
impact via vectors that trigger a decryption failure.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1739
(From OE-Core rev: 9b43af77d112e75fa9827a9080b7e94f41f9a116)
(From OE-Core rev: 4ce30ef254511ce39dd576b80134b9316f9fa06c)
Signed-off-by: yzhu1 <yanjun.zhu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-support/nss/nss.inc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5606
https://bugzilla.mozilla.org/show_bug.cgi?id=910438
http://hg.mozilla.org/projects/nss/rev/d29898e0981c
The CERT_VerifyCert function in lib/certhigh/certvfy.c in
Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides
an unexpected return value for an incompatible key-usage certificate
when the CERTVerifyLog argument is valid, which might allow remote
attackers to bypass intended access restrictions via a crafted certificate.
(From OE-Core rev: 1e153b1b21276d56144add464d592cd7b96a4ede)
(From OE-Core rev: e2c81356f68eb0b77408e73f01df5bc5c9f2adb3)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-support/nss/nss.inc
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using the useradd-staticids.bbclass under meta/classes,
this error occurs:
"<username> - <username>: Username does not have a static uid defined."
There was a problem with the regular expression for parsing parameters,
it was sometimes returning an empty string.
I have fixed this by skipping empty strings.
(From OE-Core rev: f249ef32709069a2680b92dc5a5b4f6545d014b7)
(From OE-Core rev: 592f0dccaf1985194f40fc019a9d33b9623df37f)
Signed-off-by: Fabrice Coulon <fabrice@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without this, things like arm* can make it into OVERRIDES when we're
building a compiler to build binaries for another architecture like
x86. This can can lead to build failures dependning on the
exact configuration and overrides.
For example:
MACHINE=imx53qsb bitbake gcc-crosssdk-initial-x86_64 -e | grep EXTRA_OECONF
was showing an armv7 configuration option to gcc.
(From OE-Core rev: d02cdf3ee88c7bbb93cecf094008858782deec3f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In cases where we override variables e.g PACKAGE_ARCH
conditionally and use a MACHINEOVERRIDE to qualify the
override like
PACKAGE_ARCH_<MACHINE> = "some target PACKAGE_ARCH"
This would also be effective if this recipe is
BBEXTENDED to native or nativesdk which is undesired
This particular issue will cause wrong sysroot to be
used for nativesdk case since PACKAGE_ARCH would have
been modified and eventually changing value of
STAGING_DIR_TARGET which we use as --sysroot option
to cross and cross-canadian built SDK gcc
(From OE-Core rev: 474234a362b4cda5f2f1afab369c98d4e0ca1b11)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 8f67830e41e435a142d0b905a1b9f706a1cf1175)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"man grep" on centos:
-R, -r, --recursive
Read all files under each directory, recursively; this is equivalent to the -d recurse option.
"man grep" on a more recent ubuntu system:
-r, --recursive
Read all files under each directory, recursively, following symbolic links only if they are on the command line. This
is equivalent to the -d recurse option.
So we have an issue when the SDK installer (even with
buildtools-tarball) is used on old hosts since it may try and
dereference paths which it should not. This is caused by differences in
the behaviour of grep -r on older systems.
The fix is to wrap this in find so that only real files are found (as
elsewhere in the script.
[YOCTO #6577]
(From OE-Core rev: 7986adeac16550b33f65fded39a55f668e0e543f)
(From OE-Core rev: 11e83000b164340b7e261a62f074a0e0cb6d6282)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Qt 4.8.5 was moved from http://download.qt-project.org/official_releases/qt/4.8/ to
http://download.qt-project.org/archive/qt/4.8/
Thi fix must be applied for dora and daisy branches.
(From OE-Core rev: 975f5865bbfd417840be745d09a68dc064ea8d1d)
Signed-off-by: Diego Sueiro <diego.sueiro@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
* cairo-native was failing to build in gentoo with gcc-4.9 and LTO
enabled, more details in upstream bug
https://bugs.freedesktop.org/show_bug.cgi?id=77060
(From OE-Core rev: a7b5605fc8ac5b56f7a9d1587efc5c50d98378b8)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In 3.16+ x86-64 kernel builds produce a vdso64.so.dbg file. If this file is
copied into the kernel source install multiple QA failures are triggered.
Specifically, this file triggers a debug package split that results in
files installed but not shipped, and invalid .debug file errors.
By ensuring that .so files are not copied, we avoid this incorrect split
with no impact on future build phases.
(From OE-Core rev: 649eb801b13e73b532688ede2d966e196d2cb314)
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
* it's not included in DEPENDS and it's detected from sysroot
(From OE-Core rev: e426f6c6711ecc752d0fef67005fb769fd74b5f1)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If building with SDKMACHINE=i686 and using the deb backend, populate_sdk
would fail. Its clear when looking at the options that the 32 bit values
were overwritten.
Replace this code with code similar to that used in package_deb itself.
[YOCTO #6458]
(From OE-Core rev: 9c45575a9df01f0d36fb03120ec86d55b15819f3)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make probing of "platform" bus conditional based on PROBE_PLATFORM_BUS
variable from /etc/default/udev-cache on subsequent boots when udev
cache is used. PROBE_PLATFORM_BUS has to be set to "yes" in order to
force probing on every boot, otherwise it uses the old default behaviour
of probing it just the first time.
This is helpful on modern SoCs where most of the low level peripheral
drivers are registered on the platform bus and need to be probed to load
the necessary modules and enable the connected buses and subsystems.
(From OE-Core rev: 6886a99758d25991ecd6ee995d18f97996b31177)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is fixed by
commit 4199e3b8669d0a36448687850374fdc2ad7240b6
Author: Alan Modra <amodra@gmail.com>
Date: Wed Jan 15 21:50:55 2014 +1030
non-PIC references to __ehdr_start in pie and shared
Rather than hacking every backend to not discard dynamic relocations
against an undefined hidden __ehdr_start, make it appear to be defined
early. We want __ehdr_start hidden before size_dynamic_sections so
that it isn't put in .dynsym, but we do need the dynamic relocations
for a PIE or shared library with a non-PIC reference. Defining it
early is wrong if we don't actually define the symbol later to its
proper value. (In some cases we want to leave the symbol undefined,
for example, when the ELF header isn't loaded, and we don't have this
infomation available in before_allocation.)
So replace the existing patches with this one.
(From OE-Core rev: e48b93a495205f812d71967548943ab80df79092)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Force probing of "platform" bus by default.
(From OE-Core rev: 56ab3df34cbea9f139935297221cc781e44770a2)
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes [YOCTO 6550]
Images installing both trace-cmd and kernelshark would fail with:
error: file /usr/bin/trace-cmd conflicts between attempted installs of
kernelshark-1.2+git0+7055ffd37b-r3.core2_32 and
trace-cmd-1.2+git0+7055ffd37b-r3.core2_32
This patch removes ${bindir}/trace-cmd from the install prior to
packaging, as is already done with the ${datadir}.
Reported-by: California Sullivan <california.l.sullivan@intel.com>
(From OE-Core rev: e80b2075055947b45102da629f99b677f8752e0d)
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
(cherry picked from commit eb08ae8f729ef77329892d19b23ddfdaa7953de0)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Add Freescale lpuart tty's (ttyLPx) to securetty. Freescale Vybrid
devices running upstream kernel use this driver.
(From OE-Core rev: 80ba78dcdef75e7b1c1761cd0cfadfe497cb0591)
Signed-off-by: Stefan Agner <stefan@agner.ch>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* TUI/GUI support was added in 2.6.35 based on libnewt
* since 3.10 slang replaced libnewt completly
* changing TUI_DEFINES is not necessary, because NO_NEWT is
still respected with newer kernels
* add comment about the gui history to the recipe
The patch was sponsored by sysmocom
(From OE-Core rev: 348b90a8a9b32e5e4a10960194a2f622cb07a0c6)
Signed-off-by: Henning Heinold <henning@itconsulting-heinold.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* some fundamental perf commands can work
without the dependency on perl, python or bash
make them separate packages and RSUGGEST them
* bump PR
The patch was sponsored by sysmocom
(From OE-Core rev: 7d00247a3b204cdb35a9baa1eda0eed9a54dbebf)
Signed-off-by: Henning Heinold <henning@itconsulting-heinold.de>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
The patch was sponsored by sysmocom
(From OE-Core rev: f7650cf40492ac5cfe724177d9d9e58d89c54252)
Signed-off-by: Henning Heinold <henning@itconsulting-heinold.de>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 09f7ef16bbfbdfee25f0be3fd829924a6042fae9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: 146f494eb9b98acb5d61e1919ce582dea3367548)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We apply this patch to the python recipe already. Without this patch
the zeroc-ice-native recipe will not build.
See: http://bugs.python.org/issue17547 for more details.
(From OE-Core rev: da5c99c7893b589f0d2f2e6d76261b4063ffdd32)
Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, if we have 'package-management' and 'read-only-rootfs'
both in IMAGE_FEATRUES, we would meet the following error at system
start-up.
rm: can't remove '/etc/rcS.d/S99run-postinsts': Read-only file system
However, what's really expected is that when there's no postinstall
script at system start-up, the /etc/rcS.d/S99run-postinsts should not
even be there.
Whether or not to remove the init script symlinks to run-postinsts should
not depend on whether we have 'package-management' in IMAGE_FEATURES; rather,
it should only depend on whether we have any postinstall script left to run
at system start-up.
This patch changes the _uninstall_unneeded function based on the logic
stated above.
[YOCTO #6257]
(From OE-Core rev: d51b1ced88958d31a1596e37db871257fe013446)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some classes of recipe disable ptest even though its in DISTRO_FEATURES
(e.g. nativesdk). We shouldn't attempt to build ptest packages when
its disabled. This replaces some DISTRO_FEATURE checks with PTEST_ENABLED
checks instead.
(From OE-Core rev: d1369fe95ac6732e5747873eccd6a1e74359cea4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The do_configure_prepend was duplicated in gcc-4.X.inc and
gcc-configure-common.inc leading to confusion when reading the resulting
do_configure task where the file was processed twice.
The only difference was the removal of the include line for gcc 4.8/4.9.
On mingw were were seeing two issues, firstly that the if statements meant
the values we wanted weren't being set, the second that the include
paths were still wrong as there was no header path set.
To fix the first issue, the #ifdef conditionals were removed, we want
to set these things unconditionally. The second issue is addressed by
setting the NATIVE_SYSTEM_HEADER_DIR variable here (it was already
set in t-oe).
(From OE-Core rev: c19bb1db2eb728899e10a28d10567e9e026ee694)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If image contains dbus and ptest is in DISTRO_FEATURES, dbus-ptest package
is installed, regardless of whether ptest-pkgs is in IMAGE_FEATURES. This
issue will increase size for most small images.
This patch fixes this problem.
[YOCTO #5702]
(From OE-Core rev: 0416583f014138656babdf78a574357ae5ff25bd)
(From OE-Core rev: d865612c7c1aaccb9f4c65224c9e4c888876fe92)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
| |
(From OE-Core rev: d28b21e01fbc4b780d14495894c4253d422cd9d9)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When building on XFS filesystems, the resulting rpms can be corrupted
with the same inode number being used for multiple hardlinked files.
There are two fixes, one to stop rpm crashing when accessing a broken
binary rpm, the other to stop generating them in the first places. Full
descriptions in the patch headers.
(From OE-Core rev: 53ce6bacccc0fd97487bdf31ff3b7ee098984652)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fontconfig doesn't need to be passed large file flags through CPPFLAGS because
it's configure script uses AC_SYS_LARGEFILE.
This reverts commit 5a49a24d35794fcf9e3895469a67db992a52305e.
(From OE-Core rev: 98f9a9fd359c356c9ce6dd0ba16a557b7a07b788)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20140605.txt
Anonymous ECDH denial of service (CVE-2014-3470)
OpenSSL TLS clients enabling anonymous ECDH ciphersuites are subject to a
denial of service attack.
(Patch borrowed from Fedora.)
(From OE-Core rev: 595f2fc7dd642d729ab61f20a6719a2cc6c80426)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
(Patch borrowed from Fedora.)
(From OE-Core rev: fd1d740437017d3ed75684768d6915041cdb0631)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
http://www.openssl.org/news/secadv_20140605.txt
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: 833920fadd58fe353d27f94f340e3a9f6923afb8)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This replaces the fix for CVE-2014-0198 with one borrowed from Fedora,
which is the same as the patch which was actually applied upstream for
the issue, i.e.:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=b107586c0c3447ea22dba8698ebbcd81bb29d48c
(From OE-Core rev: d3d6eee3353fcce09e1d6b0181a0ea7b52b7a937)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the OpenSSL Security Advisory [05 Jun 2014]
http://www.openssl.org/news/secadv_20140605.txt
DTLS invalid fragment vulnerability (CVE-2014-0195)
A buffer overrun attack can be triggered by sending invalid DTLS fragments
to an OpenSSL DTLS client or server. This is potentially exploitable to
run arbitrary code on a vulnerable client or server.
Only applications using OpenSSL as a DTLS client or server affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: 5bcb997663a6bd7a4d7395dcdb5e027d7f2bab81)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make openssl-CVE-2010-5298.patch truely work
(From OE-Core rev: eab33442480cc27a5cd00b3f46984fea74b7c0f9)
(From OE-Core rev: 1bd77c28fdb51d1a0dad55c8d1af2991046c801d)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Conflicts:
meta/recipes-connectivity/openssl/openssl_1.0.1g.bb
|
