summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* runqemu: add user mode (SLIRP) support to x86 QEMU targetsTodor Minchev2016-11-061-0/+1
| | | | | | | | | | | | | | | | Using 'slirp' as a command line option to runqemu will start QEMU with user mode networking instead of creating tun/tap devices. SLIRP does not require root access. By default port 2222 on the host will be mapped to port 22 in the guest. The default port mapping can be overwritten with the QB_SLIRP_OPT variable e.g. QB_SLIRP_OPT = "-net nic,model=e1000 -net user,hostfwd=tcp::2222-:22" (From OE-Core rev: 80e6fc678f3dcd774d9376cdf2a6afcba2cd0b09) Signed-off-by: Todor Minchev <todor.minchev@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash_3.2.x: update recipe version to match what we're shippingAndré Draszik2016-11-068-47/+18
| | | | | | | | | | | | | | | | | Make sure the recipe version matches what we're actually shipping, so that tools like cve-check can do the right thing. Rather than fetching version 3.2.48 and applying all patches up to and including version 3.2.57, we just fetch the latter in the first place. (From OE-Core rev: 614ac87f2832c5359f371439559be88d6106cd6b) Signed-off-by: André Draszik <adraszik@tycoint.com> Acked-by: Sylvain Lemieux <slemieux@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2016-7423 and CVE-2016-7908Kai Kang2016-11-063-0/+109
| | | | | | | | | | Backport patches to fix CVE-2016-7423 and CVE-2016-7908 of qemu. (From OE-Core rev: 1f4c303fd64a4bc05882de01676f241f0df6da78) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: supplementary fix of CVE-2016-5403Kai Kang2016-11-062-0/+58
| | | | | | | | | | | | | | | | | | | | | | It is reported in qemu community that VM always exits with: | 2016-10-17T07:33:40.393592Z qemu-kvm: Virtqueue size exceede when VM is suspend and resume. Solution from the maintainer of virtio is to merge following 3 commits: http://git.qemu.org/?p=qemu.git;a=commit;h=bccdef6 http://git.qemu.org/?p=qemu.git;a=commit;h=58a83c6 http://git.qemu.org/?p=qemu.git;a=commit;h=4b7f91e The first 2 commits have been merged in qemu 2.7.0. Then apply the third one. (From OE-Core rev: db5b9254fbbc30e50b50c7c8cd1f04dcc965cd52) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: Update to 2016hArmin Kuster2016-11-061-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes to future time stamps Asia/Gaza and Asia/Hebron end DST on 2016-10-29 at 01:00, not 2016-10-21 at 00:00. (Thanks to Sharef Mustafa.) Predict that future fall transitions will be on the last Saturday of October at 01:00, which is consistent with predicted spring transitions on the last Saturday of March. (Thanks to Tim Parenti.) Changes to past time stamps In Turkey, transitions in 1986-1990 were at 01:00 standard time not at 02:00, and the spring 1994 transition was on March 20, not March 27. (Thanks to Kıvanç Yazan.) Changes to past and future time zone abbreviations Asia/Colombo now uses numeric time zone abbreviations like "+0530" instead of alphabetic ones like "IST" and "LKT". Various English-language sources use "IST", "LKT" and "SLST", with no working consensus. (Usage of "SLST" mentioned by Sadika Sumanapala.) (From OE-Core rev: ff11ca44fec8e4b2aa523e032bd967e3ab8339a8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode-native: update to 2016hArmin Kuster2016-11-061-4/+4
| | | | | | | | | | | | | | | Changes to code zic no longer mishandles relativizing file names when creating symbolic links like /etc/localtime, when these symbolic links are outside the usual directory hierarchy. This fixes a bug introduced in 2016g. (Problem reported by Andreas Stieger.) (From OE-Core rev: 9c5de646e01a83219be74e99dcf7c1e56ba38b53) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: Upgrade 1.6.24 -> 1.6.25Maxin B. John2016-11-061-4/+4
| | | | | | | | | | License file changes are due to updates in Version and Copyright date (From OE-Core rev: f231bd63ab82575b2ad6ccfd0a3f5da76b56a125) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libjpeg-turbo: Upgrade 1.5.0 -> 1.5.1Maxin B. John2016-11-062-3/+49
| | | | | | | | | | | | Bug fixes and various improvements for AArch64 and PowerPC. Apply a patch from upstream to fix compilation on MIPS [RB] (From OE-Core rev: 86fdcfd1169e892192f85a80d228b9bd2b84497a) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ethtool: Upgrade 4.6 -> 4.8Maxin B. John2016-11-061-2/+2
| | | | | | | | | | Various bug fixes and improvements. (From OE-Core rev: 1aa70f441e6cda540699b65a45c0ad71eff5e17c) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* harfbuzz: Upgrade 1.3.0 -> 1.3.2Maxin B. John2016-11-061-2/+2
| | | | | | | | | | 1.3.0 -> 1.3.2 (From OE-Core rev: f2eb5bde1d6c3c24a4c57b79f56f555c80207e52) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: Upgrade 5.41 -> 5.42Maxin B. John2016-11-061-2/+2
| | | | | | | | | | | Bug fixes, add support for new management tracing capability and marking GATT D-Bus APIs as stable interfaces (From OE-Core rev: 03f0b46520e6a6df7cde37fdb4c27ac6145dff4f) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* acpid: Upgrade 2.0.27 -> 2.0.28Maxin B. John2016-11-061-2/+2
| | | | | | | | | | Bug fix release (From OE-Core rev: 5895afc820e72dd7d81eb75ed1cacc7efb12b6a7) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* orc: Upgrade 0.4.25 -> 0.4.26Maxin B. John2016-11-061-2/+2
| | | | | | | | | | New upstream bugfix release (From OE-Core rev: 0918f605bff6407521f46058fedaaa9ee6bd1ebd) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mmc-utils: Upgrade to latest git versionMaxin B. John2016-11-061-1/+1
| | | | | | | | | | | Upgrade to most recent commit: 2cb6695e8dec00d887bdd5309d1b57d836fcd214 (From OE-Core rev: 6b50e393f36c44fd1230fe5d0ee97581dc871e2e) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* neon: Upgrade 0.30.1 -> 0.30.2Maxin B. John2016-11-062-71/+3
| | | | | | | | | | | Remove "gnutls_4.3_fixup.patch" since fix for PKCS#11 support under GnuTLS 3.x is included in version 0.30.2 (From OE-Core rev: 7371436749b74ae91942d1e130b096087aa483c0) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mc: Upgrade 4.8.17 -> 4.8.18Maxin B. John2016-11-061-2/+2
| | | | | | | | | | New release contains bug fixes and refactoring of widget subsystem (From OE-Core rev: c6393ae7790db56b328f9723bcd49429dfbaa119) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* testsdk.bbclass: Clean up comments, clarify image choices.Robert P. J. Day2016-11-061-6/+8
| | | | | | | | | | Make it clear that SDK testing can use any valid image. (From OE-Core rev: d190c69347921a626665a53469dcf99b3c86994b) Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* texi2html: Allow compiling out-of-sourceOlaf Mandel2016-11-062-0/+40
| | | | | | | | | | | | Compiling texi2html 5.0 out-of-source with USE_NLS set to no failed because it tried to copy from srcdir without using that variable. Fix this issue and add a reference to the upstream commit. (From OE-Core rev: 28a37020f50e513b247015b1b0a784c99d41aae3) Signed-off-by: Olaf Mandel <o.mandel@menlosystems.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: fix upstream version checkAlexander Kanavin2016-11-061-0/+2
| | | | | | | | (From OE-Core rev: d3a7aeb4e7bd48fabb786e8ecd32f2a71db22581) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rt-tests: fix the recipe version to match upstreamAlexander Kanavin2016-11-063-2/+3
| | | | | | | | | | | | | | Upstream had a 2.0 tag for a while, then removed it and added a 1.1 tag :-/ Let's make it match to avoid confusion. There's only one new commit added, which adds a missing manpage. Also, update the outdated version comment in rt-tests.inc (From OE-Core rev: 799a7b74f1219040fe2d43dcdcd145600a9fecbd) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* valgrind: update to 3.12.0Alexander Kanavin2016-11-063-105/+2
| | | | | | | | | | | | Remove backported gcc5-port.patch Remove 11_mips-link-tool.patch as there is nothing in the target file (or the entire source tree) that resembles anything contained in the patch. (From OE-Core rev: 221093e850fbc3c154e9069f1958384b59ba3f70) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: update to 3.2.2Alexander Kanavin2016-11-061-2/+2
| | | | | | | | (From OE-Core rev: 14fc66856a59e44d6861ed4ef88909908e597615) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libwnck3: remove the recipeAlexander Kanavin2016-11-061-19/+0
| | | | | | | | | | Nothing requires it in oe-core now, so it will be re-added to meta-openembedded. (From OE-Core rev: 5741419426c6f8255d55560e3a4721fa4c68a179) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* epiphany: remove unnecessary libwnck3 dependencyAlexander Kanavin2016-11-061-3/+1
| | | | | | | | | | libwnck3 dependency was removed upstream (From OE-Core rev: 0af26d519fd282d0b270939a75ce33eba715669b) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* webkitgtk: remove lib_package inherit as executables are now installed in ↵Alexander Kanavin2016-11-061-1/+1
| | | | | | | | | | libexecdir (From OE-Core rev: 60751d66118103712f7670412051234cec41e439) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vala: update to 0.34.2Alexander Kanavin2016-11-061-2/+2
| | | | | | | | (From OE-Core rev: 5f7b3e41b8e2e751c7a81376dafccef1a452abf3) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nspr: update to 4.13.1Alexander Kanavin2016-11-061-2/+2
| | | | | | | | (From OE-Core rev: 7bcfbee734d83d1158f8f1be15b4aa5daee885df) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnome-desktop3: fix dependenciesAlexander Kanavin2016-11-061-1/+1
| | | | | | | | | | | | | | | | libxrandr dependency has been removed upstream Udev dependecy has been added upstream: commit b8cbfbe06475703f333367976eae9477f229891a pnp-ids: Use udev's hwdb to query PNP IDs (From OE-Core rev: 5f939fbf229e3c05d6b726f481a0e862ad5a5ceb) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: update to 3.2Alexander Kanavin2016-11-061-4/+3
| | | | | | | | | | Drop faac package config as upstream ./configure doesn't have it anymore. (From OE-Core rev: a08b016c04a4e4eca78cd5ffae0226af4cb5226b) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* btrfs-tools: update to 4.8.2Alexander Kanavin2016-11-061-2/+2
| | | | | | | | | | Add udev dependency as btrfs-tools installs a udev rule. (From OE-Core rev: fa975530db25667669c4e711b80d73e6615a7688) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lttng-tools: do not install shared libraries in ptest packageAlexander Kanavin2016-11-061-0/+3
| | | | | | | | | | | This was creating a race in runtime library dependency resolution where sometimes the library was assumed to be provided by the ptest package. (From OE-Core rev: c4a10c0b4bc14f4bac06deed8ecb64d0303f4029) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* shadow: add nologin.8 to alternativesRoss Burton2016-11-061-1/+2
| | | | | | | | | | This manpage is also shipped in util-linux-doc as an alternative, so it needs to be managed as an alternative here too. (From OE-Core rev: 0c1e8e0939b39dcf6ea753b41da5ec9bc6ebb82a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* util-linux: add su.1 to update-alternativesRoss Burton2016-11-061-3/+5
| | | | | | | | | | | | The su binary is handled by alternatives but the man page wasn't, so installing both util-linux-doc and shadow-doc produces errors. Also use d.expand() to neaten the code. (From OE-Core rev: 70a161ee88d3d54fec6d59039c181b43f1857dc3) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox/mdev.conf: Ignore eMMC RPMB and boot block devicesMike Looijmans2016-11-061-0/+2
| | | | | | | | | | | | | eMMC devices may report block devices like "mmcblk0rpmb" and "mmcblk0boot0". These are not actually block devices and any read/write operation on them will fail. To prevent spamming error messages attempting to mount them, just ignore these devices. (From OE-Core rev: 9f4a85eb929f67420d9689d7dddadd120ed49843) Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_manager.py: correctly remove all dependent packagesSamuli Piippo2016-11-061-1/+1
| | | | | | | | | | | Do not use --force-depends when trying to remove all dependent packages, as it removes only the selected package and not the dependent packages. (From OE-Core rev: a82e8725902086dab785a0b14305927dae1e4e8d) Signed-off-by: Samuli Piippo <samuli.piippo@qt.io> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* insane.bbclass:buildpaths: open() file with 'rb'Robert Yang2016-11-061-2/+2
| | | | | | | | | | | | | | | open() is default to 'rt' which may cause decoding errors when open binary file: $ bitbake xcursor-transparent-theme [snip] Exception: UnicodeDecodeError: 'utf-8' codec can't decode byte 0xfd in position 18: invalid start byte [snip] (From OE-Core rev: ddbab61f47efd9b4fde38ef8f0f3482c78abe37c) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes/nativesdk: set SDK_OLDEST_KERNEL appropriatelyPaul Eggleton2016-11-066-5/+10
| | | | | | | | | | | | | | | | | | | | | | | | SDK_OLDEST_KERNEL currently only controls the check on SDK installation, however as with OLDEST_KERNEL it should be controlling the OLDEST_KERNEL value for building glibc used in the SDK. Thus, set it in nativesdk.bbclass. This means we need to move the default to bitbake.conf so that it can be seen in both places. Also set a more reasonable default for SDK_OLDEST_KERNEL for x86/x86-64 as glibc 2.24 still supports back to 2.6.32 there and there are still people wanting to build SDKs that will install on older distros (e.g. CentOS 6). However it's not possible to set this with overrides since there aren't any for the SDK_ARCH, however we can instead set the variable from conf files in conf/machine-sdk especially as there is now a soft default for SDKMACHINE. Fixes [YOCTO #10561]. (From OE-Core rev: 42d5781e31c5bf76b5b7e27abed4f6f3fd65bf40) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* classes/populate_sdk_base: fix usage of & character in SDK_TITLEPaul Eggleton2016-11-061-1/+1
| | | | | | | | | | | | | If you used an & character in SDK_TITLE (possibly indirectly from DISTRO_NAME) then sed interpreted this as a directive to paste in the replaced string (@SDK_TITLE@ in this case). Escape any & characters in SDK_TITLE to avoid that. (From OE-Core rev: acb85689c13cfdac21435509001048af5c3a7e99) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wayland: upgrade from 1.11.0 to 1.11.1Fathi Boudra2016-11-062-3/+3
| | | | | | | | | | Update release tarball md5sum/sha256sum (From OE-Core rev: c2c63b4e8d2614bd6ae8ca3283b5bcdf38afc7a2) Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* weston: upgrade from 1.11.0 to 1.11.1Fathi Boudra2016-11-067-79/+131
| | | | | | | | | | | | | | | | | | | | * Refresh patches to apply cleanly without hunk on 1.11.1 (no changes): - 0001-make-error-portable.patch - 0001-configure.ac-Fix-wayland-protocols-path.patch - 0001-shared-include-stdint.h-for-int32_t.patch - 0001-weston-launch-Provide-a-default-version-that-doesn-t.patch * Remove make-weston-launch-exit-for-unrecognized-option.patch applied upstream https://cgit.freedesktop.org/wayland/weston/commit/?h=1.11&id=fc3dd183 * Add 0001-Add-configuration-option-for-no-input-device.patch backported from upstream https://cgit.freedesktop.org/wayland/weston/commit/?id=75b7197f (From OE-Core rev: b6864b13b01f466dcb8602a08f99d6d2a7a3d48b) Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3622Yi Zhao2016-11-062-0/+130
| | | | | | | | | | | | | | | | | | | | CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted TIFF image. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3622 http://www.openwall.com/lists/oss-security/2016/04/07/4 Patch from: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286 (From OE-Core rev: 0af0466f0381a72b560f4f2852e1d19be7b6a7fb) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3623Yi Zhao2016-11-062-0/+53
| | | | | | | | | | | | | | | | | | | CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (divide-by-zero) by setting the (1) v or (2) h parameter to 0. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3623 http://bugzilla.maptools.org/show_bug.cgi?id=2569 Patch from: https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b (From OE-Core rev: d66824eee47b7513b919ea04bdf41dc48a9d85e9) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3991Yi Zhao2016-11-062-0/+148
| | | | | | | | | | | | | | | | | | | | CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted TIFF image with zero tiles. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3991 http://bugzilla.maptools.org/show_bug.cgi?id=2543 Patch from: https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba (From OE-Core rev: d31267438a654ecb396aefced201f52164171055) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3990Yi Zhao2016-11-062-0/+67
| | | | | | | | | | | | | | | | | | | | CVE-2016-3990 libtiff: Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3990 http://bugzilla.maptools.org/show_bug.cgi?id=2544 Patch from: https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 (From OE-Core rev: c6492563037bcdf7f9cc50c8639f7b6ace261e62) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Security fix CVE-2016-3945Yi Zhao2016-11-062-0/+119
| | | | | | | | | | | | | | | | | | | | | CVE-2016-3945 libtiff: Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image, which triggers an out-of-bounds write. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3945 http://bugzilla.maptools.org/show_bug.cgi?id=2545 Patch from: https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6 (From OE-Core rev: 04b9405c7e980d7655c2fd601aeeae89c0d83131) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: CVE-2016-7795Chen Qi2016-11-062-0/+70
| | | | | | | | | | | | | | | | | The manager_invoke_notify_message function in systemd 231 and earlier allows local users to cause a denial of service (assertion failure and PID 1 hang) via a zero-length message received over a notify socket. The patch is a backport from the latest git repo. Please see the link below for more information. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7795 (From OE-Core rev: 543570cafa8d7f595b489d03d05f0aa4478f8539) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oe/copy_buildsystem.py: dereference symlinkRobert Yang2016-11-061-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When there is a relative symlink in the layer, for example: symA -> ../out/of/layer/file symA will be invalid fater copied, it would be invalid from build time if it points to a relative path, and would be invalid after extracted the sdk if it points to a absolute py. Dereference symlink when copy will fix the problem. Use tar rather than shutil.copytree() to copy is because: 1) shutil.copytree(symlinks=Fasle) has bugs when dereference symlinks: https://bugs.python.org/issue21697 And Ubunutu 1404 doesn't upgrade python3 to fix the problem. 2) shutil.copytree(symlinks=False) raises errors when there is a invalid symlink, and tar just prints a warning, tar is preferred here since the real world is unpredicatable 3) tar is faster than shutil.copytree() as said by oe.path.copytree() So use tar to copy. (From OE-Core rev: f4d70bb0882eec4fb46cd942f2796fad57c72982) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: rehash actual mozilla certificates inside rootfsDmitry Rozhkov2016-11-061-4/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | The c_rehash utility is supposed to be run in the folder /etc/ssl/certs of a rootfs where the package ca-certificates puts symlinks to various CA certificates stored in /usr/share/ca-certificates/mozilla/. These symlinks are absolute. This means that when c_rehash is run at rootfs creation time it can't hash the actual files since they actually reside in the build host's directory $SYSROOT/usr/share/ca-certificates/mozilla/. This problem doesn't reproduce when building on Debian or Ubuntu hosts though, because these OSs have the certificates installed in the same /usr/share/ca-certificates/mozilla/ folder. Images built in other distros, e.g. Fedora, have problems with connecting to https servers when using e.g. python's http lib. The patch fixes c_rehash to check if it runs on a build host by testing $SYSROOT and to translate the paths to certificates accordingly. (From OE-Core rev: 5199b990edf4d9784c19137d0ce9ef141cd85e46) Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uboot-sign: fix do_concat_dtb for .img, .romGeorge McCollister2016-11-061-2/+2
| | | | | | | | | | | Now that out of tree building is enabled, ${B} must be used instead of ${S} as the path for UBOOT_BINARY. (From OE-Core rev: 1fe17c52e4d7ce1b9d69aaa2cd9d4b351a4b2603) Signed-off-by: George McCollister <george.mccollister@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: fix file location of rpm2cpio.realChen Qi2016-11-061-1/+1
| | | | | | | | | | | rpm2cpio is in ${PN}-common, but rpm2cpio.real is in ${PN}. This seperation is really weird. Put them both in ${PN}-common. (From OE-Core rev: 8a0af7e4ae8ba8ce0c7fd2a9f6ab7cc070f47af0) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-08 02:32:42 +0000