| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using 'slirp' as a command line option to runqemu will start QEMU
with user mode networking instead of creating tun/tap devices.
SLIRP does not require root access. By default port 2222 on the
host will be mapped to port 22 in the guest. The default port
mapping can be overwritten with the QB_SLIRP_OPT variable e.g.
QB_SLIRP_OPT = "-net nic,model=e1000 -net user,hostfwd=tcp::2222-:22"
(From OE-Core rev: 80e6fc678f3dcd774d9376cdf2a6afcba2cd0b09)
Signed-off-by: Todor Minchev <todor.minchev@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure the recipe version matches what we're
actually shipping, so that tools like cve-check
can do the right thing.
Rather than fetching version 3.2.48 and applying all
patches up to and including version 3.2.57, we just
fetch the latter in the first place.
(From OE-Core rev: 614ac87f2832c5359f371439559be88d6106cd6b)
Signed-off-by: André Draszik <adraszik@tycoint.com>
Acked-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Backport patches to fix CVE-2016-7423 and CVE-2016-7908 of qemu.
(From OE-Core rev: 1f4c303fd64a4bc05882de01676f241f0df6da78)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is reported in qemu community that VM always exits with:
| 2016-10-17T07:33:40.393592Z qemu-kvm: Virtqueue size exceede
when VM is suspend and resume. Solution from the maintainer of virtio
is to merge following 3 commits:
http://git.qemu.org/?p=qemu.git;a=commit;h=bccdef6
http://git.qemu.org/?p=qemu.git;a=commit;h=58a83c6
http://git.qemu.org/?p=qemu.git;a=commit;h=4b7f91e
The first 2 commits have been merged in qemu 2.7.0. Then apply the
third one.
(From OE-Core rev: db5b9254fbbc30e50b50c7c8cd1f04dcc965cd52)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes to future time stamps
Asia/Gaza and Asia/Hebron end DST on 2016-10-29 at 01:00, not
2016-10-21 at 00:00. (Thanks to Sharef Mustafa.) Predict that
future fall transitions will be on the last Saturday of October
at 01:00, which is consistent with predicted spring transitions
on the last Saturday of March. (Thanks to Tim Parenti.)
Changes to past time stamps
In Turkey, transitions in 1986-1990 were at 01:00 standard time
not at 02:00, and the spring 1994 transition was on March 20, not
March 27. (Thanks to Kıvanç Yazan.)
Changes to past and future time zone abbreviations
Asia/Colombo now uses numeric time zone abbreviations like "+0530"
instead of alphabetic ones like "IST" and "LKT". Various
English-language sources use "IST", "LKT" and "SLST", with no
working consensus. (Usage of "SLST" mentioned by Sadika
Sumanapala.)
(From OE-Core rev: ff11ca44fec8e4b2aa523e032bd967e3ab8339a8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes to code
zic no longer mishandles relativizing file names when creating
symbolic links like /etc/localtime, when these symbolic links
are outside the usual directory hierarchy. This fixes a bug
introduced in 2016g. (Problem reported by Andreas Stieger.)
(From OE-Core rev: 9c5de646e01a83219be74e99dcf7c1e56ba38b53)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
License file changes are due to updates in Version and Copyright date
(From OE-Core rev: f231bd63ab82575b2ad6ccfd0a3f5da76b56a125)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug fixes and various improvements for AArch64 and PowerPC.
Apply a patch from upstream to fix compilation on MIPS [RB]
(From OE-Core rev: 86fdcfd1169e892192f85a80d228b9bd2b84497a)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Various bug fixes and improvements.
(From OE-Core rev: 1aa70f441e6cda540699b65a45c0ad71eff5e17c)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
1.3.0 -> 1.3.2
(From OE-Core rev: f2eb5bde1d6c3c24a4c57b79f56f555c80207e52)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Bug fixes, add support for new management tracing capability
and marking GATT D-Bus APIs as stable interfaces
(From OE-Core rev: 03f0b46520e6a6df7cde37fdb4c27ac6145dff4f)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Bug fix release
(From OE-Core rev: 5895afc820e72dd7d81eb75ed1cacc7efb12b6a7)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
New upstream bugfix release
(From OE-Core rev: 0918f605bff6407521f46058fedaaa9ee6bd1ebd)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to most recent commit:
2cb6695e8dec00d887bdd5309d1b57d836fcd214
(From OE-Core rev: 6b50e393f36c44fd1230fe5d0ee97581dc871e2e)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Remove "gnutls_4.3_fixup.patch" since fix for PKCS#11 support under
GnuTLS 3.x is included in version 0.30.2
(From OE-Core rev: 7371436749b74ae91942d1e130b096087aa483c0)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
New release contains bug fixes and refactoring of widget subsystem
(From OE-Core rev: c6393ae7790db56b328f9723bcd49429dfbaa119)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Make it clear that SDK testing can use any valid image.
(From OE-Core rev: d190c69347921a626665a53469dcf99b3c86994b)
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Compiling texi2html 5.0 out-of-source with USE_NLS set to no failed
because it tried to copy from srcdir without using that variable.
Fix this issue and add a reference to the upstream commit.
(From OE-Core rev: 28a37020f50e513b247015b1b0a784c99d41aae3)
Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: d3a7aeb4e7bd48fabb786e8ecd32f2a71db22581)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream had a 2.0 tag for a while, then removed it and added a 1.1 tag :-/
Let's make it match to avoid confusion. There's only one new commit
added, which adds a missing manpage.
Also, update the outdated version comment in rt-tests.inc
(From OE-Core rev: 799a7b74f1219040fe2d43dcdcd145600a9fecbd)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove backported gcc5-port.patch
Remove 11_mips-link-tool.patch as there is nothing in the target file
(or the entire source tree) that resembles anything contained in the patch.
(From OE-Core rev: 221093e850fbc3c154e9069f1958384b59ba3f70)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 14fc66856a59e44d6861ed4ef88909908e597615)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Nothing requires it in oe-core now, so it will be re-added to meta-openembedded.
(From OE-Core rev: 5741419426c6f8255d55560e3a4721fa4c68a179)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
libwnck3 dependency was removed upstream
(From OE-Core rev: 0af26d519fd282d0b270939a75ce33eba715669b)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
libexecdir
(From OE-Core rev: 60751d66118103712f7670412051234cec41e439)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 5f7b3e41b8e2e751c7a81376dafccef1a452abf3)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 7bcfbee734d83d1158f8f1be15b4aa5daee885df)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libxrandr dependency has been removed upstream
Udev dependecy has been added upstream:
commit b8cbfbe06475703f333367976eae9477f229891a
pnp-ids: Use udev's hwdb to query PNP IDs
(From OE-Core rev: 5f939fbf229e3c05d6b726f481a0e862ad5a5ceb)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Drop faac package config as upstream ./configure doesn't have it anymore.
(From OE-Core rev: a08b016c04a4e4eca78cd5ffae0226af4cb5226b)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Add udev dependency as btrfs-tools installs a udev rule.
(From OE-Core rev: fa975530db25667669c4e711b80d73e6615a7688)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
This was creating a race in runtime library dependency resolution
where sometimes the library was assumed to be provided by the ptest
package.
(From OE-Core rev: c4a10c0b4bc14f4bac06deed8ecb64d0303f4029)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
This manpage is also shipped in util-linux-doc as an alternative, so it needs to
be managed as an alternative here too.
(From OE-Core rev: 0c1e8e0939b39dcf6ea753b41da5ec9bc6ebb82a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The su binary is handled by alternatives but the man page wasn't, so
installing both util-linux-doc and shadow-doc produces errors.
Also use d.expand() to neaten the code.
(From OE-Core rev: 70a161ee88d3d54fec6d59039c181b43f1857dc3)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
eMMC devices may report block devices like "mmcblk0rpmb" and
"mmcblk0boot0". These are not actually block devices and any
read/write operation on them will fail. To prevent spamming error
messages attempting to mount them, just ignore these devices.
(From OE-Core rev: 9f4a85eb929f67420d9689d7dddadd120ed49843)
Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Do not use --force-depends when trying to remove all dependent packages,
as it removes only the selected package and not the dependent packages.
(From OE-Core rev: a82e8725902086dab785a0b14305927dae1e4e8d)
Signed-off-by: Samuli Piippo <samuli.piippo@qt.io>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
open() is default to 'rt' which may cause decoding errors when open
binary file:
$ bitbake xcursor-transparent-theme
[snip]
Exception: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xfd in position 18: invalid start byte
[snip]
(From OE-Core rev: ddbab61f47efd9b4fde38ef8f0f3482c78abe37c)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SDK_OLDEST_KERNEL currently only controls the check on SDK installation,
however as with OLDEST_KERNEL it should be controlling the OLDEST_KERNEL
value for building glibc used in the SDK. Thus, set it in
nativesdk.bbclass. This means we need to move the default to
bitbake.conf so that it can be seen in both places.
Also set a more reasonable default for SDK_OLDEST_KERNEL for x86/x86-64 as
glibc 2.24 still supports back to 2.6.32 there and there are still
people wanting to build SDKs that will install on older distros (e.g.
CentOS 6). However it's not possible to set this with overrides since
there aren't any for the SDK_ARCH, however we can instead set the variable
from conf files in conf/machine-sdk especially as there is now a soft
default for SDKMACHINE.
Fixes [YOCTO #10561].
(From OE-Core rev: 42d5781e31c5bf76b5b7e27abed4f6f3fd65bf40)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you used an & character in SDK_TITLE (possibly indirectly from
DISTRO_NAME) then sed interpreted this as a directive to paste in the
replaced string (@SDK_TITLE@ in this case). Escape any & characters in
SDK_TITLE to avoid that.
(From OE-Core rev: acb85689c13cfdac21435509001048af5c3a7e99)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
| |
Update release tarball md5sum/sha256sum
(From OE-Core rev: c2c63b4e8d2614bd6ae8ca3283b5bcdf38afc7a2)
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refresh patches to apply cleanly without hunk on 1.11.1 (no changes):
- 0001-make-error-portable.patch
- 0001-configure.ac-Fix-wayland-protocols-path.patch
- 0001-shared-include-stdint.h-for-int32_t.patch
- 0001-weston-launch-Provide-a-default-version-that-doesn-t.patch
* Remove make-weston-launch-exit-for-unrecognized-option.patch
applied upstream
https://cgit.freedesktop.org/wayland/weston/commit/?h=1.11&id=fc3dd183
* Add 0001-Add-configuration-option-for-no-input-device.patch
backported from upstream
https://cgit.freedesktop.org/wayland/weston/commit/?id=75b7197f
(From OE-Core rev: b6864b13b01f466dcb8602a08f99d6d2a7a3d48b)
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the
tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to
cause a denial of service (divide-by-zero error) via a crafted TIFF
image.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3622
http://www.openwall.com/lists/oss-security/2016/04/07/4
Patch from:
https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286
(From OE-Core rev: 0af0466f0381a72b560f4f2852e1d19be7b6a7fb)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier
allows remote attackers to cause a denial of service (divide-by-zero) by
setting the (1) v or (2) h parameter to 0.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623
http://bugzilla.maptools.org/show_bug.cgi?id=2569
Patch from:
https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b
(From OE-Core rev: d66824eee47b7513b919ea04bdf41dc48a9d85e9)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage
function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote
attackers to cause a denial of service (out-of-bounds write) or execute
arbitrary code via a crafted TIFF image with zero tiles.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3991
http://bugzilla.maptools.org/show_bug.cgi?id=2543
Patch from:
https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba
(From OE-Core rev: d31267438a654ecb396aefced201f52164171055)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-3990 libtiff: Heap-based buffer overflow in the
horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and
earlier allows remote attackers to cause a denial of service (crash) or
execute arbitrary code via a crafted TIFF image to tiffcp.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3990
http://bugzilla.maptools.org/show_bug.cgi?id=2544
Patch from:
https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1
(From OE-Core rev: c6492563037bcdf7f9cc50c8639f7b6ace261e62)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-3945 libtiff: Multiple integer overflows in the (1)
cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in
LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote
attackers to cause a denial of service (crash) or execute arbitrary code
via a crafted TIFF image, which triggers an out-of-bounds write.
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3945
http://bugzilla.maptools.org/show_bug.cgi?id=2545
Patch from:
https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6
(From OE-Core rev: 04b9405c7e980d7655c2fd601aeeae89c0d83131)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The manager_invoke_notify_message function in systemd 231 and earlier allows
local users to cause a denial of service (assertion failure and PID 1 hang)
via a zero-length message received over a notify socket.
The patch is a backport from the latest git repo.
Please see the link below for more information.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7795
(From OE-Core rev: 543570cafa8d7f595b489d03d05f0aa4478f8539)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When there is a relative symlink in the layer, for example:
symA -> ../out/of/layer/file
symA will be invalid fater copied, it would be invalid from build time
if it points to a relative path, and would be invalid after extracted
the sdk if it points to a absolute py. Dereference symlink when copy
will fix the problem.
Use tar rather than shutil.copytree() to copy is because:
1) shutil.copytree(symlinks=Fasle) has bugs when dereference symlinks:
https://bugs.python.org/issue21697
And Ubunutu 1404 doesn't upgrade python3 to fix the problem.
2) shutil.copytree(symlinks=False) raises errors when there is a invalid
symlink, and tar just prints a warning, tar is preferred here since
the real world is unpredicatable
3) tar is faster than shutil.copytree() as said by oe.path.copytree()
So use tar to copy.
(From OE-Core rev: f4d70bb0882eec4fb46cd942f2796fad57c72982)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The c_rehash utility is supposed to be run in the folder /etc/ssl/certs
of a rootfs where the package ca-certificates puts symlinks to
various CA certificates stored in /usr/share/ca-certificates/mozilla/.
These symlinks are absolute. This means that when c_rehash is run
at rootfs creation time it can't hash the actual files since they
actually reside in the build host's directory
$SYSROOT/usr/share/ca-certificates/mozilla/.
This problem doesn't reproduce when building on Debian or Ubuntu
hosts though, because these OSs have the certificates installed
in the same /usr/share/ca-certificates/mozilla/ folder.
Images built in other distros, e.g. Fedora, have problems with
connecting to https servers when using e.g. python's http lib.
The patch fixes c_rehash to check if it runs on a build host
by testing $SYSROOT and to translate the paths to certificates
accordingly.
(From OE-Core rev: 5199b990edf4d9784c19137d0ce9ef141cd85e46)
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Now that out of tree building is enabled, ${B} must be used instead of
${S} as the path for UBOOT_BINARY.
(From OE-Core rev: 1fe17c52e4d7ce1b9d69aaa2cd9d4b351a4b2603)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
rpm2cpio is in ${PN}-common, but rpm2cpio.real is in ${PN}. This seperation
is really weird. Put them both in ${PN}-common.
(From OE-Core rev: 8a0af7e4ae8ba8ce0c7fd2a9f6ab7cc070f47af0)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|