summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* meta/lib/oeqa: Test for bootimg-biosplusefi Source2.8_M2William Bourque2019-07-231-0/+59
| | | | | | | | | | | | Add unittests for bootimg-biosplusefi SourcePlugin in wic module. First test check wic creation works correctly. Second test uses qemu to boot image and checks that it has both EFI and BIOS files in a single partition. (From OE-Core rev: e0c3436241afca93f107e325d1b9ffcdebf706cd) Signed-off-by: William Bourque <wbourque@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-mako: update to 1.0.14Oleksandr Kravchuk2019-07-232-6/+3
| | | | | | | | | Got rid of python-git since there is no python2 version of the package. (From OE-Core rev: cbdb000632b6320fe9741b750a7cf3fe5b3ec640) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-docutils: update to 0.15Oleksandr Kravchuk2019-07-231-3/+2
| | | | | | | (From OE-Core rev: 74b5d8df4e26fcfa8f1bbb91c5184331185973fc) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-scons: update to 3.1.0Oleksandr Kravchuk2019-07-232-2/+2
| | | | | | | (From OE-Core rev: 03a04b197dd0d7af7050a132b4f0ad376b81821d) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* maintainers: Account for musl-obstack and libssp-nonsharedKhem Raj2019-07-231-0/+2
| | | | | | | (From OE-Core rev: 9e138c0b468fc827dfbab43c870ff232f3863281) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* elfutils: Fix eu-* utils builds for muslKhem Raj2019-07-237-295/+359
| | | | | | | | | | | | | | | Re-organize the musl patches in three different areas namely libs, utils and tests, this will help maintain them in future version bumps Add obstack dependency on musl targets which is needed for eu-* PN and PN-binutils is not empty anymore on musl (From OE-Core rev: a747239978e63f22d4107e6e12c75b5f78043cce) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* musl-obstack: Add recipeKhem Raj2019-07-231-0/+22
| | | | | | | | | | | | obstacks from GNUlib is used in some OE-Core packages e.g. elfutils and other packages outside OE-Core, this recipe helps provide this functionality standalone on musl systems, and helps in getting full versions of dependent packages (From OE-Core rev: a0fb9093733a0e7e3e83f9bcedbd0fcbf6e1a0d3) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pam_systemd: Include missing.h for secure_getenvKhem Raj2019-07-231-61/+10
| | | | | | | | | | | | | | | 'secure_getenv' api is not uniformly implemented across all C libraries therefore its good to include missing.h so it can use the alternative implementation where its not awvailable Fixes ../git/src/login/pam_systemd.c:344:13: error: implicit declaration of function 'secure_getenv' is invalid in C99 [-Werror,-Wimplicit-function-declaration] v = secure_getenv(key); (From OE-Core rev: 6cdcb1488a84da6c15145944c2aab3c604252699) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sysvinit: Include sys/sysmacros.h for major/minor definitions on musl tooKhem Raj2019-07-231-60/+39
| | | | | | | | | | | | Fixes musl issue implicit declaration of function 'minor' is invalid in C99 [-Wimplicit-function-declaration] which eventually ends up with a linker error (From OE-Core rev: 6b603924e50a5694421b9142494315799422928d) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mdadm: Include sys/sysmacros.h for major/minor definitionsKhem Raj2019-07-232-0/+15
| | | | | | | | | | | | Fixes implicit declaration of function 'minor' is invalid in C99 [-Wimplicit-function-declaration] which eventually ends up with a linker error (From OE-Core rev: 5841e52e79274b2da17bf7dbd1224d0a3dca2d6f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* musl: Upgrade to 1.1.23+Khem Raj2019-07-232-3/+3
| | | | | | | | | | | | | | | | | | License-Update: Added contributor list and copyright years https://git.musl-libc.org/cgit/musl/commit/COPYRIGHT?id=7a6c8a0df1b685d788fd4d3763681bb3018806d7 https://git.musl-libc.org/cgit/musl/commit/COPYRIGHT?id=d6dcd4185bddff34724d6d539f834e9daf7dcf3d - include release 1.1.23 - Add riscv support - Add syscall numbers upto 5.1 kernel Detailed log https://git.musl-libc.org/cgit/musl/log/?qt=range&q=ac304227bb3ea1787d581f17d76a5f5f3abff51f..0ce49d0a301b4142741b32773492af90f66ed3ca (From OE-Core rev: 31a08144f9c739b8d4f0a968860a5de8af44fdce) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xinput: update to 1.6.3Oleksandr Kravchuk2019-07-231-2/+2
| | | | | | | (From OE-Core rev: f34b852b342cb28fa27a2267ffb211ffec1fa219) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: fix SRC_URIAnuj Mittal2019-07-231-1/+1
| | | | | | | | | | | | | | Fixes build for older versions of git (like on CentOS 7) which don't follow redirects properly if the .git suffix is missing and cause errors: | error: RPC failed; result=22, HTTP code = 404 | fatal: The remote end hung up unexpectedly (From OE-Core rev: f5c6b2d54449d5ea4f65e18e89e40794530e20aa) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: upgrade 1.8.2 -> 1.8.3Anuj Mittal2019-07-233-182/+9
| | | | | | | | | | | | | Remove upstreamed patches and manually package symlinks which aren't handled by do_split_package. Changelog: http://git.netfilter.org/iptables/log/?qt=range&q=v1.8.3...v1.8.2 (From OE-Core rev: 845af88f86f143ca0b119f0489397cd505571cae) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "unzip: fix CVE-2019-13232"Khem Raj2019-07-232-340/+0
| | | | | | | | | | | | | | See [1] This reverts commit 4df4de2ac8bc0e80446e1ad0ce67eb244e2d2a32. [1] http://lists.openembedded.org/pipermail/openembedded-core/2019-July/284859.html (From OE-Core rev: 14655b3a54d086cbbd702adf9446fabf57ce51b0) Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-pbr: update to 5.4.1Oleksandr Kravchuk2019-07-232-5/+5
| | | | | | | (From OE-Core rev: e59c6720271be8e3f1e93c301078a580ffdaafe0) Signed-off-by: Oleksandr Kravchuk <open.source@oleksandr-kravchuk.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* udev-extraconf: do not mount swap partitionsOleksandr Kravchuk2019-07-231-0/+4
| | | | | | | | | | | | | | Swap is a special filesystem that cannot be mounted, so do not try to, otherwise we will have service that tries and fails to mount it with the following error: systemd[1]: Mounting /run/media/nvme0n1p3... mount[1229]: mount: /run/media/nvme0n1p3: unknown filesystem type 'swap'. (From OE-Core rev: 7a2c56da85326043f0663c29535ac3fb555d96fe) Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* psplash: create psplash tmpfs mount directory in psplash-initStefan Agner2019-07-222-3/+1
| | | | | | | | | | | | | | | The psplash binary uses TMPDIR as directory to store the FIFO to communicate with the psplash tools. This directory can be in any location an init system determines to be suitable, psplash-init uses /mnt/ for it. Rather than creating the mount directory in the recipe, just create it in the init script itself. This allows other init scripts to use a different location without having an unnecessary .psplash directory in /mnt. (From OE-Core rev: dd8c7f2466d94fd8326b962e9bcfc4f42a35da38) Signed-off-by: Stefan Agner <stefan.agner@toradex.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mpeg2dec: Fix PIE build and avoid relocation in text section on ARMKhem Raj2019-07-222-0/+157
| | | | | | | | | | | | | This a backport from upstream Fixes package_qa on arm ERROR: QA Issue: ELF binary 'TOPDIR/build/tmpfs/work/armv7vet2hf-neon-yoe-linux-gnueabi/mpeg2dec/0.5.1-r0/packages-split/libmpeg2/usr/lib/libmpeg2.so.0.1.0' has relocations in .text [textrel] (From OE-Core rev: 190531943ab43758f83ff021caef1f68dbdc3840) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: upgrade to 4.1.4Ross Burton2019-07-221-7/+4
| | | | | | | | | | Add a PACKAGECONFIG for the use of XCB and enable by default if X11 is in DISTRO_FEATURES. (From OE-Core rev: 69b0f94c117b3ab922e0061255a1814e69b16435) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ffmpeg: don't use hardcoded lookup tablesRoss Burton2019-07-221-1/+0
| | | | | | | | | | | | | ffmpeg can generate lookup tables at build time instead of runtime, but this is no longer a recommended option. The size impact is significant (12% of the total libavcodec size, nearly 2MB), the runtime impact of dynamic tables isn't too costly, and only a few codecs actually use the pre-generated tables (MP3, notably). (From OE-Core rev: 51f13afe669638dbf72f464f243adccb22be3d21) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meson.bbclass: export STRIP=${BUILD_STRIP}Ross Burton2019-07-221-0/+1
| | | | | | | | | | | | | In Meson the environment variables are always the native tools, so export STRIP=${BUILD_STRIP} along with CC et al to silence this Meson warning: WARNING: Env var STRIP seems to point to the cross compiler. This is probably wrong, it should always point to the native compiler. (From OE-Core rev: 8d1557356d2c7d94eeef2a9b61d3c9622e337a9e) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtool: remove host information from libtoolJoe Slater2019-07-222-1/+22
| | | | | | | | | Import patch from Debian. (From OE-Core rev: b2e0b383a17a3cd450adb3d86f7f818729438375) Signed-off-by: Joe Slater <joe.slater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unfs3: set upstream tag regex to avoid false-positivesRoss Burton2019-07-221-0/+1
| | | | | | | (From OE-Core rev: 4663d06a79c6608127413488676a6e7dfbefb3e1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* freetype: upgrade to 2.10.1Ross Burton2019-07-221-5/+3
| | | | | | | | | | Also switch SRC_URI to the nongnu mirrors as they're more reliable than Sourceforge. (From OE-Core rev: 18875698e182d5eb5a9bc1f95abdc2348f66cedc) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: clean up JSON fetchingRoss Burton2019-07-221-17/+12
| | | | | | | | | | | | | Currently the code fetches the compressed JSON, writes it to a temporary file, uncompresses that with gzip and passes the fake file object to update_db(). Instead, uncompress the gzip'd data in memory and pass the JSON directly to update_db(). (From OE-Core rev: 9422745979256c442f533770203f62ec071c18fb) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: improve metadata parsingRoss Burton2019-07-221-8/+10
| | | | | | | | | | | | | | | | The metadata parser is fragile: first it coerces a bytes() to a str() (so the string is b'LastModifiedDate:2019...'), assumes the first line is the date, and then uses a regex to parse (which then includes the trailing quote as part of the date). Clean this up by parsing the bytes as UTF-8 (ASCII is probably fine, but this is safer), iterate through the lines and split on colons to find the right key/value pair. (From OE-Core rev: bb4e53af33d6ca1e9346464adbdc1b39c47530f3) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: use executemany() to optimise CPE insertionRoss Burton2019-07-221-53/+32
| | | | | | | | | | Instead of calling execute() repeatedly, rewrite the function to be a generator and use executemany() for performance. (From OE-Core rev: b309840b6aa3423b909a43499356e929c8761318) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix valgrind errors on v1.1.1cBonnans, Laurent2019-07-222-0/+36
| | | | | | | | | | Running valgrind against code using Openssl v1.1.1c reports a large number of uninitialized memory errors. This fix from upstream solves this problem. (From OE-Core rev: 8081d645353ed934a0158329f2f36ea49d663e19) Signed-off-by: Laurent Bonnans <laurent.bonnans@here.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runtime_test.py: use track_for_cleanup for temp dirChen Qi2019-07-221-3/+1
| | | | | | | | | | | Use track_for_cleanup for temp dir to avoid such temp dir being not cleaned up when something goes wrong, e.g., building image failure. (From OE-Core rev: 7105c9bcceda3e4defbb6aa9fb3e8fd38c1e00a2) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db: actually inherit nativeRoss Burton2019-07-191-2/+1
| | | | | | | | | The recipe was called -native but didn't inherit native. (From OE-Core rev: f0d822fad2a163d1ee32ed3b4c0359245140e19b) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: use os.path.join instead of +Ross Burton2019-07-191-4/+4
| | | | | | | (From OE-Core rev: 4b301030cf9cf7a981dcff85a50e915c045e3130) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdb: fix CVE-2017-9778Anuj Mittal2019-07-192-0/+99
| | | | | | | (From OE-Core rev: 4fa03fa14f8facb134ecd772a99c25184d8a4cbd) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: include CVE patches for python-native as wellAnuj Mittal2019-07-192-5/+5
| | | | | | | | | Also avoids maintaining a different set of patches for both. (From OE-Core rev: b3b1c00cc46b33ddbf7e008267032220e1e298af) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: fix CVE-2019-13232Anuj Mittal2019-07-192-0/+340
| | | | | | | | | Include the fix by Mark Adler which has also been adopted by Debian. (From OE-Core rev: 4df4de2ac8bc0e80446e1ad0ce67eb244e2d2a32) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2018-20796 is same as CVE-2019-9169Anuj Mittal2019-07-191-0/+1
| | | | | | | | | | | See: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=34141 https://www.securityfocus.com/bid/107160 (From OE-Core rev: 7e90506534ed2a70680382cf28614f02fdb98409) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rsync: fix CVEs for included zlibAnuj Mittal2019-07-195-0/+393
| | | | | | | | | | | | | | | | rsync includes its own copy of zlib and doesn't recommend linking with the system version [1]. Import CVE fixes that impact zlib version 1.2.8 [2] that is currently used by rsync. [1] https://git.samba.org/rsync.git/?p=rsync.git;a=blob;f=zlib/README.rsync [2] https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3agnu%3azlib%3a1.2.8 (From OE-Core rev: a55fbb4cb489853dfb0b4553f6e187c3f3633f48) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iptables: Security Advisory - iptables - CVE-2019-11360Li Zhou2019-07-192-0/+118
| | | | | | | | | | | Porting patch from <https://git.netfilter.org/iptables/commit/iptables/ xshared.c?id=2ae1099a42e6a0f06de305ca13a842ac83d4683e> to solve CVE-2019-11360. (From OE-Core rev: 5a38ef7eef9ecef2d27ae89f01691072bb94a25e) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ltp: upgrade 20190115 -> 20190517Yi Zhao2019-07-1928-1232/+184
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop the following patches since the issues have been fixed upstream: 0001-file01.sh-Fix-in-was-not-recognized.patch 0001-lapi-Define-TST_ABI-32-64-to-detect-target-type.patch 0001-syscalls-setrlimit03.c-read-proc-sys-fs-nr_open-for-.patch 0007-fix-__WORDSIZE-undeclared-when-building-with-musl.patch 0009-fix-redefinition-of-struct-msgbuf-error-building-wit.patch 0021-Define-_GNU_SOURCE-for-MREMAP_MAYMOVE-definition.patch 0023-ptrace-Use-int-instead-of-enum-__ptrace_request.patch 0024-rt_sigaction-rt_sigprocmark-Define-_GNU_SOURCE.patch 0026-crash01-Define-_GNU_SOURCE.patch 0028-rt_sigaction.h-Use-sighandler_t-instead-of-__sighand.patch 0034-periodic_output.patch 0039-commands-ar01-Fix-for-test-in-deterministic-mode.patch define-sigrtmin-and-sigrtmax-for-musl.patch setregid01-security-string-formatting.patch Refresh the following patches: 0004-build-Add-option-to-select-libc-implementation.patch 0005-kernel-controllers-Link-with-libfts-explicitly-on-mu.patch 0008-Check-if-__GLIBC_PREREQ-is-defined-before-using-it.patch 0018-guard-mallocopt-with-__GLIBC__.patch 0020-getdents-define-getdents-getdents64-only-for-glibc.patch 0035-fix-test_proc_kill-hang.patch 0036-testcases-network-nfsv4-acl-acl1.c-Security-fix-on-s.patch 0001-open_posix_testsuite-mmap24-2-Relax-condition-a-bit.patch 0001-shmctl01-don-t-use-hardcoded-index-0-for-SHM_STAT-te.patch 0001-diotest4-Let-kernel-pick-an-address-when-calling-mma.patch 0001-getrlimit03-adjust-a-bit-of-code-to-compatiable-with.patch Add patch: 0006-rt_tgsigqueueinfo-disable-test-on-musl.patch (From OE-Core rev: eb59546c83f4c217de6272a8d3b2fa65e3c84e7f) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd-bootconf: Mark as machine specificRicardo Ribalda Delgado2019-07-191-0/+1
| | | | | | | | | | | | | | | | | | | | | APPEND is usually attached to a machine. This patch avoids multiconfig errors such as: | NOTE: Direct dependencies are ['multiconfig:qt5022:/workdir/repo/poky/meta/recipes-core/glibc/glibc_2.29.bb:do_populate_sysroot', 'multiconfig:qt5022:virtual:native:/workdir/repo/poky/meta/recipes-devtools/pseudo/pseudo_git.bb:do_populate_sysroot', 'multiconfig:qt5022:/workdir/repo/poky/meta/recipes-devtools/quilt/quilt-native_0.65.bb:do_populate_sysroot', 'multiconfig:qt5022:/workdir/repo/poky/meta/recipes-devtools/gcc/gcc-cross_8.3.bb:do_populate_sysroot', 'multiconfig:qt5022:/workdir/repo/poky/meta/recipes-devtools/gcc/gcc-runtime_8.3.bb:do_populate_sysroot'] | NOTE: Installed into sysroot: [] | NOTE: Skipping as already exists in sysroot: ['glibc', 'pseudo-native', 'quilt-native', 'gcc-cross-x86_64', 'gcc-runtime', 'libgcc', 'linux-libc-headers', 'libtool-native', 'texinfo-dummy-native', 'libmpc-native', 'flex-native', 'automake-native', 'zlib-native', 'mpfr-native', 'gmp-native', 'binutils-cross-x86_64', 'xz-native', 'autoconf-native', 'gnu-config-native', 'gettext-minimal-native', 'm4-native'] | DEBUG: Python function extend_recipe_sysroot finished | DEBUG: Executing shell function do_install | install: cannot stat 'loader.conf': No such file or directory | WARNING: exit code 1 from a shell command. | ERROR: Function failed: do_install (log file is located at /workdir/build/tmp/work/bobcat-poky-linux/systemd-bootconf/1.00-r0/temp/log.do_install.737) NOTE: recipe systemd-bootconf-1.00-r0: task do_install: Failed ERROR: Task (multiconfig:qt5022:/workdir/repo/poky/meta/recipes-core/systemd/systemd-bootconf_1.00.bb:do_install) failed with exit code '1' (From OE-Core rev: 84d08b0bed9e1c5f223f9ec437bb8d96a2bda599) Signed-off-by: Ricardo Ribalda Delgado <ricardo@ribalda.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: Remove hash column from database.Pierre Le Magourou2019-07-192-20/+13
| | | | | | | | | | | | djb2 hash algorithm was found to do collisions, so the database was sometime missing data. Remove this hash mechanism, clear and populate elements from scratch in PRODUCTS table if the current year needs an update. (From OE-Core rev: 78de2cb39d74b030cd4ec811bf6f9a6daa003d19) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: Replace CVE_CHECK_CVE_WHITELIST by CVE_CHECK_WHITELISTPierre Le Magourou2019-07-191-11/+11
| | | | | | | | | | CVE_CHECK_WHITELIST does not contain version anymore, as it was not used. This variable should be set per recipe. (From OE-Core rev: 7069302a4ccbb5b72e1902f284cf078516fd7294) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* squashfs-tools: upgrade to commit f95864afe883Ulrich Ölmann2019-07-195-224/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The master branch's current tip commit as of this writing is [1], see the squashfs-tool's repo at [0]. Because of commits [2]-[4] which are included in the master branch three corresponding patches are dropped as they are not needed anymore. The single remaining patch was rebased on top of [1] to apply cleanly. Commits [5] & [6] introduced interesting features, namely zstd support and reproducibility of created SquashFS images. They are reflected in two new PACKAGECONFIG options now, but only the latter ("reproducible") is appended to the default options as OE-core does not contain a recipe to build zstd at the moment (a working zstd recipe can be found e.g. in meta-rauc, see [7]). [0] https://github.com/plougher/squashfs-tools.git [1] f95864afe883 ("unsquashfs-4: Add more sanity checks + fix CVE-2015-4645/6") [2] 46bdc1726e5a ("mksquashfs: Make a load of functions static") [3] b0ca8a5c98ff ("pseudo.c: add explicit <sys/stat.h> include") [4] f95864afe883 ("unsquashfs-4: Add more sanity checks + fix CVE-2015-4645/6") [5] 6113361316d5 ("squashfs-tools: Add zstd support") [6] e0d74d07bb35 ("Add configuration and Mksquashfs build options for reproducible builds") [7] https://layers.openembedded.org/layerindex/recipe/79049/ (From OE-Core rev: 92f34fbe321040db3dc0431dd464747324058e2e) Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: upgrade 7.65.1 -> 7.65.2Anuj Mittal2019-07-191-2/+2
| | | | | | | | | | Changelog: https://curl.haxx.se/changes.html#7_65_2 (From OE-Core rev: 54b91da2bd07e8c3a40e61d90af251a1bfbf50f4) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* debianutils: upgrade 4.8.6.1 -> 4.8.6.3Yi Zhao2019-07-191-5/+3
| | | | | | | (From OE-Core rev: bbde94e994f4904b983ee396b55eb68931de7d4c) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: set CVE vendor to opensslAnuj Mittal2019-07-191-0/+2
| | | | | | | | | Differentiate it from openssl gem for Ruby. (From OE-Core rev: 2ec481b19d6c9c20ce6573de77ae89e576d6b8cb) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpciaccess:upgrade 0.14 -> 0.16Zang Ruochen2019-07-192-31/+2
| | | | | | | | | | | | -Upgrade from libpciaccess_0.14.bb to libpciaccess_0.16.bb. -libpciaccess/0004-Don-t-include-sys-io.h-on-arm.patch Removed since this is included in 0.16. (From OE-Core rev: c2140b42c8516100c55c381d98e0f281b562d2db) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* xwininfo:upgrade 1.1.4 -> 1.1.5Zang Ruochen2019-07-191-2/+2
| | | | | | | | | -Upgrade from xwininfo_1.1.4.bb to xwininfo_1.1.5.bb. (From OE-Core rev: 7f34f3657568a0130aa31a481973509203984a06) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libice:upgrade 1.0.9 -> 1.0.10Zang Ruochen2019-07-192-153/+2
| | | | | | | | | | | | -Upgrade from libice_1.0.9.bb to libice_1.0.10.bb. -libice/CVE-2017-2626.patch Removed since this is included in 1.0.10. (From OE-Core rev: d3581b5d5562604ba31fc2b10873b3b0c9bf75fc) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* vte: upgrade 0.56.1 -> 0.56.3Anuj Mittal2019-07-191-2/+2
| | | | | | | (From OE-Core rev: 00c84fd2583022d6f11067cc0b2e8782a09abc26) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-24 11:02:43 +0000