| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
This backports a patch from gtk+ upstream to prevent an issue when
building on Fedora 23 hosts.
(From OE-Core rev: fd27f8620ae4d95dfe07b27eee4256b0a128348a)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes affecting future time stamps
America/Caracas switches from -0430 to -04 on 2016-05-01 at 02:30.
(Thanks to Alexander Krivenyshev for the heads-up.)
Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00.
(Thanks to Alexander Krivenyshev and Matt Johnson.)
New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers
Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29
at 02:00. (Thanks to Stepan Golosunov.)
Changes affecting past time stamps
New zone Europe/Kirov, split off from Europe/Volgograd. It covers
Kirov Oblast, Russia, which switched from +04/+05 to +03/+04 on
1989-03-26 at 02:00, roughly a year after Europe/Volgograd made
the same change. (Thanks to Stepan Golosunov.)
Russia and nearby locations had daylight-saving transitions on
1992-03-29 at 02:00 and 1992-09-27 at 03:00, instead of on
1992-03-28 at 23:00 and 1992-09-26 at 23:00. (Thanks to Stepan
Golosunov.)
Many corrections to historical time in Kazakhstan from 1991
through 2005. (Thanks to Stepan Golosunov.) Replace Kazakhstan's
invented time zone abbreviations with numeric abbreviations.
(From OE-Core rev: 80936e6c259923e19331678ca2f8aa40b79da5c2)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(From OE-Core master rev: 10194ca3d8c2f4d8648a685c5c239a33d944b6fe)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
they keep the versions in-sync. changes are all in data.
Changes affecting future time stamps
America/Caracas switches from -0430 to -04 on 2016-05-01 at 02:30.
(Thanks to Alexander Krivenyshev for the heads-up.)
Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00.
(Thanks to Alexander Krivenyshev and Matt Johnson.)
New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers
Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29
at 02:00. (Thanks to Stepan Golosunov.)
Changes affecting past time stamps
New zone Europe/Kirov, split off from Europe/Volgograd. It covers
Kirov Oblast, Russia, which switched from +04/+05 to +03/+04 on
1989-03-26 at 02:00, roughly a year after Europe/Volgograd made
the same change. (Thanks to Stepan Golosunov.)
Russia and nearby locations had daylight-saving transitions on
1992-03-29 at 02:00 and 1992-09-27 at 03:00, instead of on
1992-03-28 at 23:00 and 1992-09-26 at 23:00. (Thanks to Stepan
Golosunov.)
Many corrections to historical time in Kazakhstan from 1991
through 2005. (Thanks to Stepan Golosunov.) Replace Kazakhstan's
invented time zone abbreviations with numeric abbreviations.
(From OE-Core rev: a17a81991a10d6c61def5eb81687f57fc7ad87b0)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(From OE-Core master rev: db8223e4dd2e513a656aedfae217d94e053c2366)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core rev: 2dd4085180b5fca144b0e0b5ef149e291e796bf0)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: 41adb87c2f1aa20e51f1af3542d65c920eb94be6)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 2016c release of the tz code and data is available. Its most urgent change is for Asia/Baku, where the update takes effect this weekend.
This release reflects the following changes, which were either circulated on the tz mailing list or are relatively minor technical or administrative changes:
Changes affecting future time stamps
Azerbaijan no longer observes DST. (Thanks to Steffen Thorsen.)
Chile reverts from permanent to seasonal DST. (Thanks to Juan
Correa for the heads-up, and to Tim Parenti for corrections.)
Guess that future transitions are August's and May's second
Saturdays at 24:00 mainland time. Also, call the period from
2014-09-07 through 2016-05-14 daylight saving time instead of
standard time, as that seems more appropriate now.
Changes affecting past time stamps
Europe/Kaliningrad and Europe/Vilnius changed from +03/+04 to
+02/+03 on 1989-03-26, not 1991-03-31. Europe/Volgograd changed
from +04/+05 to +03/+04 on 1988-03-27, not 1989-03-26.
(Thanks to Stepan Golosunov.)
Changes to commentary
Several updates and URLs for historical and proposed Russian changes.
(Thanks to Stepan Golosunov, Matt Johnson, and Alexander Krivenyshev.)
(From OE-Core rev: 770f1769df2930fdc57a3a7427b18e9b6ebe9dda)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: 66031bcf8cec2e8e7a6803f2c6cfc2c2ba071ffe)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
change SRC_URI http seems more reliable
Changes to code
tzselect's diagnostics and checking, and checktab.awk's checking,
have been improved. (Thanks to J William Piggott.)
tzcode now builds under MinGW. (Thanks to Ian Abbott and Esben Haabendal.)
tzselect now tests Julian-date TZ settings more accurately.
(Thanks to J William Piggott.)
Changes to commentary
Comments in zone tables have been improved. (Thanks to J William Piggott.)
tzselect again limits its menu comments so that menus fit on a
24x80 alphanumeric display.
A new web page tz-how-to.html. (Thanks to Bill Seymour.)
In the Theory file, the description of possible time zone abbreviations in
tzdata has been cleaned up, as the old description was unclear and
inconsistent. (Thanks to Alain Mouette for reporting the problem.)
(From OE-Core rev: 8598455b372931e88d4936f0ec0313540ec602a0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: 0c4816c1f723951179988a274f236f28fe4db20f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
updated SRC_URI to http as it seems more stable.
Changes affecting future time stamps
New zones Europe/Astrakhan and Europe/Ulyanovsk for Astrakhan and
Ulyanovsk Oblasts, Russia, both of which will switch from +03 to +04 on
2016-03-27 at 02:00 local time. They need distinct zones since their
post-1970 histories disagree. New zone Asia/Barnaul for Altai Krai and
Altai Republic, Russia, which will switch from +06 to +07 on the same date
and local time. Also, Asia/Sakhalin moves from +10 to +11 on 2016-03-27
at 02:00. (Thanks to Alexander Krivenyshev for the heads-up, and to
Matt Johnson and Stepan Golosunov for followup.)
As a trial of a new system that needs less information to be made up,
the new zones use numeric time zone abbreviations like "+04"
instead of invented abbreviations like "ASTT".
Haiti will not observe DST in 2016. (Thanks to Jean Antoine via
Steffen Thorsen.)
Palestine's spring-forward transition on 2016-03-26 is at 01:00, not 00:00.
(Thanks to Hannah Kreitem.) Guess future transitions will be March's last
Saturday at 01:00, not March's last Friday at 24:00.
Changes affecting past time stamps
Europe/Chisinau observed DST during 1990, and switched from +04 to
+03 at 1990-05-06 02:00, instead of switching from +03 to +02.
(Thanks to Stepan Golosunov.)
1991 abbreviations in Europe/Samara should be SAMT/SAMST, not
KUYT/KUYST. (Thanks to Stepan Golosunov.)
(From OE-Core rev: 55eb60c513ac0125e7fdb697d171e4c6ab8883f8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: d3ab7005f0c899da9f9f132b22861bd5d4f952ba)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure
CVE-2016-1286 bind: malformed signature records for DNAME records can
trigger assertion failure
[YOCTO #9400]
External References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286
References to the Upstream commits and Security Advisories:
CVE-2016-1285: https://kb.isc.org/article/AA-01352
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=31e4657cf246e41d4c5c890315cb6cf89a0db25a
CVE-2016-1286_1: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=76c3c9fe9f3f1353b47214b8f98b3d7f53e10bc7
CVE-2016-1286_2: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=ce3cd91caee698cb144e1350c6c78292c6be6339
(From OE-Core rev: e289df4daa4b90fb95ae3602c244cba9d56a8c2f)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SRCREV in the busybox git recipe did not point to a commit ID
on the master branch. Point the variable to something reachable from
the master branch (which fixes this recipe's fetch()).
Suggested-by: Khem Raj <raj.khem@gmail.com>
(From OE-Core rev: b0720e996dde537d04a9129e7ffdc883836c3cf8)
Signed-off-by: Brad Mouring <brad.mouring@ni.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Busybox upstream fixed the issue where an incorrect comparison of
addresses led to bogus renegotiation of a new ll ip in 1.24. Backport
this change to 1.23.1.
(From OE-Core rev: 37f074eed40ec0e100066eeef16ff8af555e3301)
Signed-off-by: Brad Mouring <brad.mouring@ni.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code assumes that PKG_DATADIR exists and will fail if an image has not been
generated which creates it. This occurs when something like buildtools-tarball
is built which doesn't have target packages, only nativesdk ones.
Since this shouldn't be fatal, workaround this by creating the missing
directory.
(From OE-Core master rev: 319c5d55bb0c7e429766f46dd42a15e16a43c4dd)
(From OE-Core rev: d9ea863ff844ee1b84d4699b0d3af7245f3703c5)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Xorg libraries use REQUIRED_DISTRO_FEATURES to stop building on
distributions without the x11 feature but this stops people building native
tooling that uses libX11, such as libsdl-native.
(From OE-Core master rev: 161bb3409edee21827cf594cc011fe88185f1496)
(From OE-Core rev: 16b2e5a5af9fadbfe85a9f66be2896d1c7c3b72d)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libxcb change removed as it's not valid in fido
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the DEPENDS are added as part of the PACKAGECONFIG logic the list of
packages are expanded so that any required nativesdk-/-native/multilib prefixes
and suffixes are added.
However the special handling of virtual/foo names doesn't check that the prefix
already exists, which breaks under nativesdk as in that situation there's an
explicit nativesdk- prefix *and* MLPREFIX is set to nativesdk-. This results in
the same prefix being applied twice, and virtual packages such as virtual/libx11
ending up as virtual/nativesdk-nativesdk-libx11.
(From OE-Core master rev: 9e7d207e207bf0319b09d403d87d37f24e3dfbee)
(From OE-Core rev: af32a5d84e9aa300095ffb7d4626708e2f85e7a2)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use PACKAGECONFIG instead of using logic in DEPENDS and EXTRA_OECONF, adding new
options for PulseAudio, tslib, DirectFB, OpenGL and X11. Pass
--disable-x11-shared so that it links to the X libraries instead of using
dlopen().
Disable tslib by default as the kernel event input subsystem is generally used.
SDL's OpenGL support requires X11 so check for both x11 and opengl, and merge
the dependencies.
Finally enable native builds, with a minimal PACKAGECONFIG that will build from
oe-core for native and nativesdk.
(From OE-Core master rev: 3d6c31c3a4ff34376e17005a981bb55fc6f7a38f)
(From OE-Core rev: c1b39f145b9e9f65875ec7b46030327741267031)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The libglu requires both opengl (depends on virtual/libgl) and x11
(needs libGL.so which is provided by mesa when x11 in DISTRO_FEATURES),
so let libsdl depends on libglu when both x11 and opengl in
DISTRO_FEATURES.
(From OE-Core master rev: b33e927096292f22f1bd9b2b0f633a6d645fc1eb)
(From OE-Core rev: 45a6ae4cf6b2684ee7e58b8a85f44eb0031fa2b4)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default test list only works for rpm packaging. This fixes it for
deb and ipk too.
(From OE-Core master rev: 210c8926405fcf695ec00f5768f29ba198320d6a)
(From OE-Core rev: 961a9de0e918526bc8c880ea1d35db16b55f500a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
ISC DHCP allows remote attackers to cause a denial of
service (application crash) via an invalid length field
in a UDP IPv4 packet.
(From OE-Core rev: 43f2cfdf63fb70e3c2da0224221dae63b05477df)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: 1ebf604cae8d9bd3d2c10d06cd126e79e13732ee)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
| |
(From OE-Core rev: aba91bb6e2b748f05051bf824531e4f283eb5f09)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The variable in question should have been called ecc->p. The patch has been
updated so that the compilation of the nettle recipe would complete
successfully. The backport originated from this commit
https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
(From OE-Core rev: 7f4d3b90840a14d660a56d23e1fe79f4fb633d59)
Signed-off-by: ngutzmann <nathangutzmann@gmail.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
https://www.openssl.org/news/secadv/20160301.txt
(From OE-Core rev: 6c06c42594539bec4c360c8cc28ebee8a338e6b4)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Not required for master, an update to 1.0.2g has been submitted.
Backport from jethro.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch from http://w1.fi/security/2015-5/
and rebase for wpa-supplicant 2.4
(From OE-Core rev: 12520d7f729fe3d07c2f94b813994718edb2d987)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Not needed in master since the upgrade to 2.5
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-7545 git: arbitrary code execution via crafted URLs
(From OE-Core rev: 0c4bdd61acbc1fa1b9bfb167d8eaf90c8bccc25c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Already in Jethro, not needed in master due to shipping a version of git
which is already fixes (> 2.6.1)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core master rev: 7474c7dbf98c1a068bfd9b14627b604da5d79b67)
minor tweak to get x86_64/ecc-384-modp.asm to apply
(From OE-Core rev: d1903e264ab62d34daeb652c89c6fb67e7c9b42d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(From OE-Core master rev: f62eb452244c3124cc88ef01c14116dac43f377a)
hand applied changes for ecc-256.c
(From OE-Core rev: cb03397ac97bfa99df6b72c80e1e03214e059e6e)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-8461 bind: race condition when handling socket errors can lead to an assertion failure in resolver.c\
(From OE-Core master rev: 1656eaa722952861ec73362776bd0c4826aec3da)
Hand applied Changelog changes.
(From OE-Core rev: 104d050d420ee4aa14b772850742699b15d127d6)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rpcbind: Fix memory corruption in PMAP_CALLIT code
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in
rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of
service (daemon crash) via crafted packets, involving a PMAP_CALLIT
code.
The patch comes from
<http://www.openwall.com/lists/oss-security/2015/09/18/7>, and it hasn't
been in rpcbind upstream yet.
(From OE-Core master rev: cc4f62f3627f3804907e8ff9c68d9321979df32b)
(From OE-Core rev: 224bcc2ead676600bcd9e290ed23d9b2ed2f481e)
(From OE-Core rev: 16cf2f5386bc438dc20c4ae40de267618e9dc500)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use
(From OE-Core master rev: 8322814c7f657f572d5c986652e708d6bd774378)
hand applied changed to url.c
(From OE-Core rev: e479ec9e6cbd34f3a7a56a170aaabcc4229f1959)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-0754 curl: remote file name path traversal in curl tool for Windows
(From OE-Core master rev: b2c9b48dea2fd968c307a809ff95f2e686435222)
minor tweak to tool_operate.c to get it to apply
(From OE-Core rev: b8df558ece47e51653e1fc0fb0637ec2cdf2907b)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves
affects libgcrypt < 1.6.5
adjust SRC_URI + for this version.
Patch 1 is a dependancy patch. simple macro name change.
Patch 2 is the cve fix.
(From OE-Core master rev: c691ce99bd2d249d6fdc4ad58300719488fea12c)
(From OE-Core rev: 88ba5ea3f3a421ac91d670e450f4b0645a53d733)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
this patch fixes an incomplete patch in CVE-2015-8126
adjusted dir to match this version.
(From OE-Core master rev: f4a805702df691cbd2b80aa5f75d6adfb0f145eb)
(From OE-Core rev: bed289a9ac39fb9b613e3075d5a062b24c59c956)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
Adjusted dir location to match the version.
(From OE-Core master rev: d0a8313a03711ff881ad89b6cfc545f66a0bc018)
(From OE-Core rev: 20a1f80f554c2dc9da414c5846fb5bafd73e2cac)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-7674 Heap overflow with a gif file in gdk-pixbuf < 2.32.1
(From OE-Core master rev: f2b16d0f9c3ad67fdf63e9e41f42a6d54f1043e4)
(From OE-Core rev: 50602eebe1150819c320b6b611dcd792573eb55a)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-7558 librsvg2: Stack exhaustion causing DoS
including two supporting patches.
(From OE-Core master rev: 4945643bab1ee6b844115cc747e5c67d874d5fe6)
(From OE-Core rev: 4e21caee47a0ca3e66e84a15d104d3b532731263)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
(From OE-Core master rev: 3e89477c8ad980fabd13694fa72a0be2e354bbe2)
minor tweak to get tif_next.c changes to apply.
(From OE-Core rev: 645255274769bfaeb737f66a6222a9a929823160)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-8781 libtiff: out-of-bounds writes for invalid images
(From OE-Core master rev: 29c80024bdb67477dae47d8fb903feda2efe75d4)
minor tweek to get Changelog changes to apply
(From OE-Core rev: fa7fac56be40fdb519d426e9465436415e3f5527)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
this time with the recipe changes.
(From OE-Core master rev: 62d6876033476592a8ca35f4e563c996120a687b)
(From OE-Core rev: 9ca5534b1d8ce71eb150964e11ce79ba79ced7e4)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character
(From OE-Core master rev: 307056ce062bf4063f6effeb4c891c82c949c053)
(From OE-Core rev: 4f92365ebfb382509d152dfe6220e225193645f1)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
(From OE-Core master rev: 646a8cfa5398a22062541ba9c98539180ba85d58)
(From OE-Core rev: 082031bdd4b5c5d4acea816c95d94a731b7855c2)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd
affects libbsd <= 0.8.1 (and therefore not needed in master)
(From OE-Core rev: ab29efb8e85020a3621079c7fde217c1bfaa5289)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-7547: getaddrinfo() stack-based buffer overflow
(Based on OE-Core rev: cf754c5c806307d6eb522d4272b3cd7485f82420)
(From OE-Core rev: ed6299ab0970d836d6719795531458078ba4cbf6)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If externalsrc is enabled the 'do_unpack' task is run if the recipe has
some local source files. In the case of kernel recipe this caused the
(externalsrc) source tree to be moved/symlinked. This patch prevents the
behaviour, making sure the source tree is not moved around when
externalsrc is enabled. Instead of moving the source tree,
STAGING_KERNEL_DIR will be a symlink to it.
[YOCTO #6658]
(From OE-Core master rev: 8f6c564661a3801012eb2d9a98cdc99c91712367)
(From OE-Core rev: ca55a01908126c45120fc18e68e78f8f49ecf0ce)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this is related to [Yocto # 9008]
8.38:
The following security fixes are included:
CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() compile_regex()
CVE-2015-3217 pcre: stack overflow in match()
CVE-2015-5073 CVE-2015-8388 pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis
CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec
CVE-2015-8381 pcre: Heap Overflow in compile_regex()
CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group
CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by name within certain group
CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to certain group
CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion
CVE-2015-8387 pcre: Integer overflow in subroutine calls
CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns
CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns
CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with duplicated named groups
CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary
CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions
CVE-2015-8395 pcre: Buffer overflow caused by certain references
CVE-2016-1283 pcre: Heap buffer overflow in pcre_compile2 causes DoS
8.37:
The following security fixes are included:
CVE-2014-8964 pcre: incorrect handling of zero-repeat assertion conditions
CVE-2015-2325 pcre: heap buffer overflow in compile_branch()
CVE-2015-2326 pcre: heap buffer overflow in pcre_compile2()
LICENSE file changed do to Copyright date updates.
(From OE-Core rev: 3bbd53035fb62793f1e44b24b18eb275bd860ed1)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Jethro and master don't require this patch as they have newer libpcre which
contains these fixes.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* this is left-over from upgrade to 2016a
* it's safer to remove so that .bbappends in other layers really apply to version
used in build (currently we have bbappend for 2015d and build will use 2016a
without any warning
* the same problem was reported with 2015f upgrade:
http://lists.openembedded.org/pipermail/openembedded-core/2015-August/109708.html
(From OE-Core rev: 6b0f0ed6b9ffc3e81b04cf442645130bb41b7ee9)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Not required by other branches as this is removing a leftover file in Fido
only.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are some unfreed rpmmi pointers in printDepList()
function; this happens when the package have null as
the requirement.
This patch fixes these unfreed pointers and add small
changes to keep consistency with some variables.
[YOCTO #8028]
(From OE-Core master rev: da7aa183f94adc1d0fff5bb81e827c584f9938ec)
(From OE-Core rev: 8821b0443b4b39b3bd4f41800a6fc809197fda82)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-0860 dpkg: stack overflows and out of bounds read
(From OE-Core rev: 5aaec01acc9e5a19374a566307a425d43c887f4b)
(From OE-Core rev: 4dea3e7b9a0041e7359981e68c561e7de8ad3ae5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
| |
CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c
(From OE-Core rev: 600c1d2beb64e23123e478051537b917f5d4a8a7)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
(From OE-Core rev: 03d481070ebc6f9af799aec5d038871f9c73901c)
(From OE-Core rev: d5db25213613cb862255047c0e995fd5489d9765)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar
(From OE-Core rev: f3c19a39cdec435f26a7f46a3432231ba4daa19c)
(From OE-Core rev: 428878a67fd723908af74c4881e933969f2928a7)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OE-Core commit 57af3fb9662106f0a65a1b4edf83e2398be0a8f1 upgraded tzdata
but also reverted a couple of changes to SUMMARY and LIC_FILES_CHKSUM.
Reinstate these (with an update to the README md5 value since that has
changed slightly, without any change to the licensing statements
within).
(From OE-Core rev: cea4f6b86129f84a99700207777929bf7e811ed6)
(From OE-Core rev: 37069c7511603f9fe33bcc48e38ac58ab89138f9)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|