summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
...
* qemu: Security fix CVE-2015-7504Armin Kuster2016-02-072-0/+57
| | | | | | | | | | | | | CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode (From OE-Core rev: b01b569d7d7e651a35fa38750462f13aeb64a2f3) (From OE-Core rev: 10752d6beb5520ec0fc83a7d0173e10144b11685) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2015-8504Armin Kuster2016-02-072-0/+52
| | | | | | | | | | | | | CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception (From OE-Core rev: c622bdd7133d31d7fbefe87fb38187f0aea4b592) (From OE-Core rev: 38f102a9271896a49aa32aacf2c2be3a14f51493) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix CVE-2015-3187Wenzong Fan2016-02-072-0/+347
| | | | | | | | | | | | | | | | | | | | | | | | The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) (From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22) (From OE-Core rev: b45dcbadc1a51188ac6dead855e14a181a7bccd9) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix CVE-2015-3184Wenzong Fan2016-02-072-0/+2083
| | | | | | | | | | | | | | | | | | | | | | | | mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) (From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f) (From OE-Core rev: e4a1caecc5ae6b8488ec8ed7d303296af99146c0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2016-0701Armin Kuster2016-02-073-0/+260
| | | | | | | | | | | | | CVE-2016-0701 OpenSSL: DH small subgroups (From OE-Core rev: c5868a7cd0a28c5800dfa4be1c9d98d3de08cd12) (From OE-Core rev: 5e73d0e88c28ca1e948f5c463b9d9d1001251a42) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Security fix CVE-2015-3197Armin Kuster2016-02-072-0/+64
| | | | | | | | | | | | | CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers (From OE-Core rev: b387d9b8dff8e2c572ca14f9628ab8298347fd4f) (From OE-Core rev: c037cbdac6a0e871a60077703432c08be6d29677) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2015-8776Armin Kuster2016-02-072-0/+156
| | | | | | | | | | | | | | | | it was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information. (From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee) (From OE-Core rev: 3527ba3be7cfdfd813f5ca495bc74db559a648cd) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2015-9761Armin Kuster2016-02-073-0/+1429
| | | | | | | | | | | | | | | | A stack overflow vulnerability was found in nan* functions that could cause applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49) (From OE-Core rev: 6cb0465247195ec25ef1073e79997001380aa807) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2015-8779Armin Kuster2016-02-072-0/+263
| | | | | | | | | | | | | | | | A stack overflow vulnerability in the catopen function was found, causing applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5) (From OE-Core rev: 2e1c8cab3bc7b70e2a05dca20cb5bcec4335f04d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: CVE-2015-8777Armin Kuster2016-02-072-0/+123
| | | | | | | | | | | | | | | | The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. (From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252) (From OE-Core rev: 9cc998978bd67bc5569cc1478f4ddee40020b929) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: CVE-2016-077xArmin Kuster2016-01-202-0/+57
| | | | | | | | | | this address two CVE's. CVE-2016-0777 and CVE-2016-0778 (From OE-Core rev: 1c05115a906499989d2159683195ed6d2cda75ba) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* logrotate: do not move binary logrotate to /usr/binHongxu Jia2016-01-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | In oe-core commit a46d3646a3e1781be4423b508ea63996b3cfca8a ... Author: Fahad Usman <fahad_usman@mentor.com> Date: Tue Aug 26 13:16:48 2014 +0500 logrotate: obey our flags Needed to quiet GNU_HASH warnings, and some minor fixes. ... it explicitly move logrotate to /usr/bin without any reason, which is against the original Linux location /usr/sbin. So partly revert the above commit which let logrotate be kept in the original place /usr/sbin. (From OE-Core rev: 88015d6d0a887969ae82b0888bf32659a6d225d3) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-5312Armin Kuster2016-01-202-0/+40
| | | | | | | | (From OE-Core rev: 15d05f186fbe78774c933cf93f116af1a2a8e51a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-8242Armin Kuster2016-01-202-0/+50
| | | | | | | | (From OE-Core rev: acbd71fe7d0571b78bbecb7464d99823411a7b22) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-7500Armin Kuster2016-01-203-0/+271
| | | | | | | | | | includes a depend fix security issue CVE-2015-7500 (From OE-Core rev: 7d54f2f85dfcc3a56239abafd5eaefb9d7d25081) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-7499Armin Kuster2016-01-203-0/+133
| | | | | | | | | | | | includes: CVE-2015-7499-1 CVE-2015-7499-2 (From OE-Core rev: 3048fe24e4c5f83ad0971062a88592bcb6bf52bc) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-7497Armin Kuster2016-01-202-0/+41
| | | | | | | | (From OE-Core rev: 5b72983d1a6d5ad5e9a21d2673d57d1da2333ac6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-7498Armin Kuster2016-01-202-0/+90
| | | | | | | | (From OE-Core rev: b3d6a714180199a5e0099e3d40b37c9bfa106eb1) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-8035Armin Kuster2016-01-202-0/+39
| | | | | | | | (From OE-Core rev: 495eaf5039596ac0fab7684cfc867569710eb0f4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-7942Armin Kuster2016-01-203-0/+76
| | | | | | | | | | | | includes: CVE-2015-7942 CVE-2015-7942-2 (From OE-Core rev: 4ca806d70cf65a66daab85898bcf5d682bef43d3) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-8317Armin Kuster2016-01-202-0/+43
| | | | | | | | (From OE-Core rev: 34379b38919d535cd787bde4493fff61bd17f37a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: security fix CVE-2015-7941Armin Kuster2016-01-203-0/+97
| | | | | | | | | | | | includes: CVE-2015-7941-1 CVE-2015-7941-2 (From OE-Core rev: e06312c71209b2e1d19c7df1434e409ad96b58be) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: remove files for easier maintenanceJoshua Lock2016-01-203-98/+0
| | | | | | | | | | | Drop a couple of CVE fixes for easy cherry-picking from jethro. The same fixes will be pack-ported from jethro in a following patch. (From OE-Core rev: 02fb45bada58f03c5571baf700934154e9fc57c2) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2015-3195Armin Kuster2016-01-202-0/+67
| | | | | | | | (From OE-Core rev: 55d09d4e2dad9d1f80e50348d44177e47e6e33e1) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2015-3194Armin Kuster2016-01-203-0/+113
| | | | | | | | (From OE-Core rev: edff5fc629c8f70191bd33c731084e8217780a38) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2015-3193Armin Kuster2016-01-202-0/+102
| | | | | | | | (From OE-Core rev: ee47f6ca78d15ec56556d5c078bf20315af457b8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* texinfo: don't create dependency on INHERIT variableMartin Jansa2016-01-201-1/+1
| | | | | | | | | | | | | | | | | * we don't want the do_package signature depending on INHERIT variable * e.g. just adding the own-mirrors causes texinfo to rebuild: # bitbake-diffsigs BUILD/sstate-diff/*/*/texinfo/*do_package.sig* basehash changed from 015df2fd8e396cc1e15622dbac843301 to 9f1d06c4f238c70a99ccb6d8da348b6a Variable INHERIT value changed from ' rm_work blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' to ' rm_work own-mirrors blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' (From OE-Core rev: e6cae8ace890fc4322830731cb95bcc2680f4cfc) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub2: Fix CVE-2015-8370Belal, Awais2016-01-152-0/+51
| | | | | | | | | | | http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2 (From OE-Core rev: 3f2701c102e4e5b95fc79a8d967f9c48f8232fc6) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix SRC_URIThomas PERROT2016-01-151-1/+1
| | | | | | | | | | | Corrects the URI of the openssl's recipe from fido. The sources were moved to a new subdirectory. (From OE-Core rev: 685e861f085736a4b0bae09bab86c3d456ec84ae) Signed-off-by: Thomas Perrot <thomas.perrot@tupi.fr> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: CVE-2015-8000Sona Sarmadi2016-01-152-0/+195
| | | | | | | | | | | | | | | | | | | | | | | Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. [YOCTO #8838] References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 (From OE-Core rev: 5e1c3942a02564904ee2b2e24004b9679d649b4e) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcc-4.9: backport from gcc trunk r212178Stefan Müller-Klieser2016-01-152-0/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | When compiling meta-toolchain-qt5 on cortexa8, the compiler throws an internal compiler error: ... qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp: In function 'bool loadPO(Translator&, QIODevice&, ConversionData&)': qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:717:1: internal compiler error: in add_stores, at var-tracking.c:6000 ... Tracking this down led to https://bugs.linaro.org/show_bug.cgi?id=534 It seems the bug is well know and fixed upstream. So backporting from trunk seems to be the right solution. This fixes the compiler problem on cortexa8 and does not seem to be very invasive. The original commit can be found at: git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@212178 138bc75d-0d04-0410-961f-82ee72b054a4 (From OE-Core master rev: 6751ef78694783fb86e55c77afefae750ab1b610) (From OE-Core rev: 91a001fc74dd13ea9e5249aa624ad360ce807349) Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* feature-arm-thumb.inc: Fix ARMPKGSFX_THUMB valueMartin Jansa2016-01-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * my previous thumb related commit: commit 3e760031f91fb87c3e2f62b77a117eb41164f259 Author: Martin Jansa <martin.jansa@gmail.com> Date: Wed Feb 18 15:40:35 2015 +0100 feature-arm-thumb.inc: respect ARM_INSTRUCTION_SET when adding thumb suffix unfortunately removed conditional on "thumb" in TUNE_FEATURES, when setting ARMPKGSFX_THUMB * in case we have MACHINE without "thumb" in TUNE_FEATURES and distro setting ARM_INSTRUCTION_SET to "thumb" we end with: ARM_INSTRUCTION_SET="thumb" ARM_THUMB_OPT="thumb" ARM_M_OPT="thumb" # TUNE_CCARGS correctly not adding -mthumb TUNE_CCARGS=" -march=armv7-a -mthumb-interwork -mfloat-abi=softfp -mfpu=neon" # but ARMPKGSFX_THUMB and TUNE_PKGARCH including "t2": ARMPKGSFX_THUMB="t2" TUNE_PKGARCH="armv7at2-vfp-neon" # causing following error: Error, the PACKAGE_ARCHS variable does not contain TUNE_PKGARCH (armv7at2-vfp-neon). (From OE-Core master rev: 951200673af27538beaef647a33308b4f15d1fb0) (From OE-Core rev: 17b3112a3d6fc4c777429f8b5965206889c55cc3) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* allarch: Force TARGET_*FLAGS variable valuesMike Crowe2016-01-151-0/+4
| | | | | | | | | | | | | | | | | | | | | | | TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may differ between MACHINEs. Since they are exported they affect task hashes even if unused which leads to multiple variants of allarch packages existing in sstate and bouncing in the sysroot when switching between MACHINEs. allarch packages shouldn't be using these variables anyway, so let's ensure they have a fixed value in order to avoid this problem. (Compare with 05a70ac30b37cab0952f1b9df501993a9dec70da and 14f4d016fef9d660da1e7e91aec4a0e807de59ab.) (From OE-Core master rev: d08fda21bfb7d264c238af0232a22cdd751f5150) (From OE-Core rev: 017b1992c7b9055f3a16e9c2e14535fe81dde6c8) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* layer.conf: Add missing dependency for allarch package initramfs-frameworkRichard Purdie2016-01-151-0/+1
| | | | | | | | | | | | | Similiarly to the other previous changes, add a missing allarch package dependency for initramfs-framework on udev. (From OE-Core master rev: 00524d0c4449eb358dcf6c5a049a8f5371ddadee) (From OE-Core rev: c195dfac6fd248f65f00b9d5419ab132dbc1e6c9) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* layer.conf: Add several allarch dependency exclusionsRichard Purdie2016-01-151-0/+10
| | | | | | | | | | | | | | | | | | These are dependencies that our allarch packages have in OE-Core that cause those allarch packages to rebuild every time MACHINE changes. With these changes, OE-Core allarch packages all have a common sstate signatures and no longer rebuild. (From OE-Core rev: 63bff90fa4fb4a95e8c79f9f8e5dd90ae1dfc69d) (From OE-Core master rev: 0b5e868d160faca041cda42b670066facd4db531) (From OE-Core rev: 4e69cfb612520f3413be3e2a075d943a9e7c8df1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-dtb.inc: drop unused DTB_NAME variable from do_installMartin Jansa2016-01-151-1/+0
| | | | | | | | | | | | | | | | | | * this is causing do_install to depend on KERNEL_IMAGE_BASE_NAME which in some cases contains something like BUILD_NUMBER from CI, that caused do_install to be reexecuted every single time, which is very sad to be caused by unused variable. * jethro and newer don't need this change, because it's also fixed in commit 86b3f29f93e3f87903668ea317c6bd97be4cdf62 Author: Marek Vasut <marex@denx.de> Date: Thu May 14 14:31:11 2015 +0200 Subject: kernel: Build DTBs early (From OE-Core rev: d17abc45f1e1ba0a08c6e7411eda52a5140faea7) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-firmware: rtl8192cx: Add latest available firmwareBhuvanchandra DV2016-01-151-2/+2
| | | | | | | | | | | | | | | | Add latest available firmware binaries for RTL8192CX chipsets. These new firmwares have been released in 2012, have been used by the mainline kernel as preferred firmware since 3.13 and even backported to stable branches. (From OE-Core master rev: 2dc67b53d1b7c056bbbff2f90ad16ed214b57609) (From OE-Core rev: 89c6d043aa76c0e1eac694b92cdd95c6b02c9762) Signed-off-by: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: fix CVE-2015-7942 and CVE-2015-8035Armin Kuster2016-01-153-0/+98
| | | | | | | | | | | | | | | | CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [YOCTO #8641] (From OE-Core master rev: 27de51f4ad21d9b896e7d48041e7cdf20c564a38) (From OE-Core rev: fdaf0f8f8b034f19639f66e1d30088bb9abfc68d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: Disable custom memory allocatorAníbal Limón2015-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Bash is failing trying to allocate memory [1] using the custom memory allocator if we disable it the issue is fixed. The major distributions also disabled by default [2], so we don't have a good reason to use it. The underlying issue is due to bash’s malloc using brk() calls to allocate memory, which fail when address randomization is enabled in kernel. sbrk() based custom allocators are obsolete. There may be some performance impact of this however correctness is more important. [YOCTO #8452] [1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=8452#c0 [2] https://bugzilla.yoctoproject.org/show_bug.cgi?id=8452#c5 (From OE-Core master rev: e42d8eff9eed7d1454b4f331d96dcee6dea232df) (From OE-Core rev: 9f339f516ab03d598fae0e536b3a420ea4d8ee1a) Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: reinstate changes reverted in 2014c upgradePaul Eggleton2015-12-081-2/+3
| | | | | | | | | | | | | | | | | OE-Core commit 57af3fb9662106f0a65a1b4edf83e2398be0a8f1 upgraded tzdata but also reverted a couple of changes to SUMMARY and LIC_FILES_CHKSUM. Reinstate these (with an update to the README md5 value since that has changed slightly, without any change to the licensing statements within). (From OE-Core master rev: cea4f6b86129f84a99700207777929bf7e811ed6) (From OE-Core rev: ea1169efac715140cebf20fae67eae58b5f1caf2) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: update to 2015gArmin Kuster2015-12-081-0/+207
| | | | | | | | | | | | | | | | | | | | | | | | | | | Resend: typo in version in subject. Changes affecting future time stamps Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25. (Thanks to Fatih.) Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time. (Thanks to Alexander Krivenyshev.) Fiji's 2016 fall-back transition is scheduled for January 17, not 24. (Thanks to Ken Rylander.) Fort Nelson, British Columbia will not fall back on 2015-11-01. It has effectively been on MST (-0700) since it advanced its clocks on 2015-03-08. New zone America/Fort_Nelson. (Thanks to Matt Johnson.) (From OE-Core master rev: fce47d3bd51ede32a392b53b046a4583ef1847c8) (From OE-Core rev: a987c482584c3500c42d733f1d78b7662d46a3c1) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode: update to 2015gArmin Kuster2015-12-082-11/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes affecting code localtime no longer mishandles America/Anchorage after 2037. (Thanks to Bradley White for reporting the bug.) On hosts with signed 32-bit time_t, localtime no longer mishandles Pacific/Fiji after 2038-01-16 14:00 UTC. The localtime module allows the variables 'timezone', 'daylight', and 'altzone' to be in common storage shared with other modules, and declares them in case the system <time.h> does not. (Problems reported by Kees Dekker.) On platforms with tm_zone, strftime.c now assumes it is not NULL. This simplifies the code and is consistent with zdump.c. (Problem reported by Christos Zoulas.) Changes affecting documentation The tzfile man page now documents that transition times denote the starts (not the ends) of the corresponding time periods. (Ambiguity reported by Bill Seymour.) (From OE-Core master rev: 7c9082ab1ae6f7810c7cffe137d7d232b03852f8) (From OE-Core rev: 6c32103a8491fb0a0fa5dec905720a40877c6563) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: fix the big endian loader name on AArch64Adrian Calianu2015-12-082-0/+50
| | | | | | | | | | | Apply a patch backported from glibc 2.22 (master) to fix the loader name on AArch64. (From OE-Core rev: 513e52670ea52e8143f46777accf441bb5c299fa) Signed-off-by: Adrian Calianu <adrian.calianu@enea.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* fontcache: allow to pass extra parameters and environment to fc-cacheMartin Jansa2015-12-081-4/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | * this can be useful for passing extra parameters, pass -v by default to see what's going on in do_rootfs * we need to use this for extra parameter we implemented in fontconfig: --ignore-mtime always use cache file regardless of font directory mtime because the checksum of fontcache generated in do_rootfs doesn't match with /usr/share/fonts directory as seen on target device causing fontconfig to re-create the cache when fontconfig is used for first time or worse create new cache in every user's home directory when /usr/ filesystem is read only and cache cannot be updated. Running FC_DEBUG=16 fc-cache -v on such device shows: FcCacheTimeValid dir "/usr/share/fonts" cache checksum 1441207803 dir checksum 1441206149 * my guess is that the checksum is different, because pseudo (which is unloaded when running qemuwrapper) or because some influence of running the rootfs under qemu. (From OE-Core rev: 22bb7e11f9c75943efa07997a98304aa01d14699) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* readline: actually apply readline63-003 (aka CVE-2014-2524)Ross Burton2015-12-082-1/+1
| | | | | | | | | | | | | | | | This file wasn't named as a patch, nor told to apply explicity, so it was just unpacked to the work directory and not applied. Rename the file so the patch is applied correctly. (thanks to Petter Mabäcker <petter@technux.se> for spotting this) (From OE-Core master rev: 02be728762c77962f9c3034cd7995ad51afaee95) (From OE-Core rev: 7f2e2d57c7496547b7970377547482ead2e152cf) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gettext_0.16.1: add -lrt and -lpthread to LDFLAGS for uclibc buildsAndre McCurdy2015-12-081-0/+2
| | | | | | | | | | | | | | | | | | | | | Fix linker errors due to posix_spawnp etc being in librt for uclibc. | sh4-rdk-linux-uclibc-libtool: link: sh4-rdk-linux-uclibc-gcc -ml -m4 --sysroot=/build-foo/tmp/sysroots/foo -O2 -pipe -g -feliminate-unused-debug-types -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -o .libs/test-names test-names.o libuniname.a ../gnulib-lib/.libs/libgettextlib.so /build-foo/tmp/work/sh4-rdk-linux-uclibc/gettext/0.16.1-r6/build/gettext-tools/intl/.libs/libintl.so -lc /build-foo/tmp/sysroots/foo/usr/lib/libiconv.so | ../gnulib-lib/.libs/libgettextlib.so: undefined reference to `posix_spawnp' | ../gnulib-lib/.libs/libgettextlib.so: undefined reference to `posix_spawn_file_actions_adddup2' | ../gnulib-lib/.libs/libgettextlib.so: undefined reference to `posix_spawn_file_actions_addopen' | ../gnulib-lib/.libs/libgettextlib.so: undefined reference to `posix_spawn_file_actions_addclose' | collect2: error: ld returned 1 exit status (From OE-Core rev: 28f4d6d6e926be2f5efc098eb599200301f1ab2c) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: d46333d) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gettext_0.16.1: remove obsolete uclibc specific patchAndre McCurdy2015-12-082-23/+0
| | | | | | | | | | | | | | | | | | | gettext-error_print_progname.patch was originally created for gettext v0.14.6 and does not apply cleanly to gettext v0.16.1. Since the original issue addressed by the patch isn't documented and because gettext v0.16.1 seems to be build OK for uclibc without the patch, assume the patch is obsolete and no longer required. (From OE-Core rev: 66e229474271a4ae6df8b5377bb2f9fe8175fb64) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: d95d92a) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libiconv_1.11.1: fix LICENSE declaration, LGPL -> LGPLv2.0Andre McCurdy2015-12-081-1/+3
| | | | | | | | | | | | (From OE-Core rev: dde08a4ba4a12a81b780b69c6ec395508b0a030f) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: 7d2da0e) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libiconv_1.11.1: merge build and packaging fixes from libiconv_1.14Andre McCurdy2015-12-081-1/+12
| | | | | | | | | | | | | | | | 054151c libiconv: Fix B != S with uclibc builds 273c437 libiconv: Remove RPATH from binaries fcb8d6f libiconv_1.14.bb: Fix build failure [partial-merge] (From OE-Core rev: 3f5b2da748bbb0417a63c69393cdd024623074a2) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: 898e9d7) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uclibc: backport upstream fix for SH4Andre McCurdy2015-12-082-0/+49
| | | | | | | | | | | | | | | | Backport upstream fix for building uclibc for SH4 with recent gcc: http://git.uclibc.org/uClibc/commit/?id=2c8a7766681b704e710f51c0817534e3f9a952d1 (From OE-Core rev: 6077f09f76b05b002f21e14c62c7c986db5427a9) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: aa20c3d) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-28 21:53:10 +0000