summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* package_ipk: Clean up Source entry in ipk packagespyro-nfvaccessRichard Purdie2017-06-161-4/+3
| | | | | | | | | | | | | | | | There is the potential for sensitive information to leak through the urls there and removing it brings this into the behavior of the other package backends since filtering it is likely error prone. Since ipks don't appear to be generated at all if we don't set this, set the field to the recipe name used (basename only, no paths). This avoids information leaking. We may want to drop the field if opkg can allow that at a future point but the recipe name is a suitable identifier for now. Reported-by: Andrej Valek <andrej.valek@siemens.com> (From OE-Core rev: 0b5e0d072f93a958e4211a8aeb2fd8cc3c25cc21) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mkelfimage: Fix broken patch when building nativeSaul Wold2017-06-141-6/+9
| | | | | | | | | | | | A change occured about a year ago that broke the native build, fix that patch [YOCTO #11590] (From OE-Core rev: ccd8e2cf7157c941ebacc6be306c1dbe2ec31e86) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* automake: Backport perl 5.22 fixMarek Vasut2017-06-142-0/+33
| | | | | | | | | | | Backport 13f00eb4493c "automake: port to Perl 5.22 and later" from automake upstream to fix build with perl 5.22 . (From OE-Core rev: ab0e298ec2c155739565f1cde76639855ba7bba0) Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: Add sdl-config to HOSTTOOLS if using host SDLJonathan Liu2017-06-141-0/+3
| | | | | | | | | | | If ASSUME_PROVIDES contains libsdl-native, we need to add sdl-config to HOSTTOOLS to allow access to the host sdl-config. (From OE-Core rev: ed5a602d3eb418beb2f9731fda96415ed16efff2) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: add patches for unbuildable surfaceless Mesa testDaniel Díaz2017-06-124-0/+171
| | | | | | | | | | | | | | | | | | | | | | [Backported from master.] Some EGL implementations do not actually ship all Khronos- extensions. As it turns out, the Mali 450 driver does not include any of the following symbols, used by the egl_mesa_platform_surfaceless.c spec test: * eglGetPlatformDisplay * eglCreatePlatformPixmapSurface * eglCreatePlatformWindowSurface The Right Thing To Do was to obtain the implementation of these functions (via eglGetProcAddress), as is provided by their EXT counterparts. These are guaranteed to exist since they are required by EGL_EXT_platform_base. (From OE-Core rev: 903a051d47e550553aa9d6d9c38c43737f376cfe) Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: add patch for lack of gbm_bo_mapDaniel Díaz2017-06-122-0/+52
| | | | | | | | | | | | | | | | | | | | | | | | [Backported from master.] [Piglit Bug #100978] -- https://bugs.freedesktop.org/show_bug.cgi?id=100978 When linking against Mali 450 r6, errors like the following can be seen: ../../../../lib/libpiglitutil_gl.so.0: undefined reference to `gbm_bo_unmap' ../../../../lib/libpiglitutil_gl.so.0: undefined reference to `gbm_bo_map' collect2: error: ld returned 1 exit status make[2]: *** [bin/point-sprite] Error 1 This is due to gbm_bo_map() and gbm_bo_unmap() being recently added but not yet implemented by all graphics drivers. Instead of relying on GBM's version, actually try to link against those symbols. (From OE-Core rev: 484db109df742aafa8efc41dc3a8d31386d9b2a3) Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: depend on virtual/eglDaniel Díaz2017-06-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | [Backported from master.] While building for Hikey using Mali 450 driver (r6p0), an error like the following appears while linking: [ 1%] Linking C shared library ../../../../lib/libpiglitutil.so [...] [...]/aarch64-linaro-linux/gcc/aarch64-linaro-linux/6.3.1/ld: cannot find -lEGL collect2: error: ld returned 1 exit status make[2]: *** [lib/libpiglitutil.so.0] Error 1 Mesa generally provides virtual/egl (along with virtual/libgl, which satisfies Piglit's current DEPENDS) but that is not the implementation to use with Mali. (From OE-Core rev: 5bfa4ccdba64d814cc480f22ccd8c493d87d36e7) Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* image-vm: Avoid use of fold, tac and paste commands for DISK_SIGNATUREJonathan Liu2017-06-121-1/+1
| | | | | | | | | | | | These commands are not whitelisted by the HOSTTOOLS variable which silently prevents the MBR disk signature from being written to the image. Reported-by: Michael Davis <michael.davis@essvote.com> (From OE-Core rev: 5527af688f6ccaacd7ec24d29425d0c007d5341c) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel: predefine KBUILD_BUILD_USER and KBUILD_BUILD_HOSTJoshua Lock2017-06-111-0/+2
| | | | | | | | | | | | | | | | By exporting KBUILD_BUILD_USER with a pre-defined value we improve the reproducibility of the kernel and remove the requirement for whoami in the HOSTTOOLS. KBUILD_BUILD_HOST also helps improve the reproducibility of the kernel. For more kernel reproducibility options see: https://lwn.net/Articles/437864/ (From OE-Core rev: 357801a491efc067c6d4bd9a2bfa6fff460357aa) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: fix CVE-2017-7210Yuanjie Huang2017-06-052-0/+72
| | | | | | | | | | | | | | | CVE: CVE-2017-7210 [BZ 21157] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21157 PR binutils/21157: Fix handling of corrupt STABS enum type strings. (From OE-Core rev: d12a99cba6c9dc9e1f6bc3a7ca8057f07e9cb950) (From OE-Core rev: 4ca4e781f1c62696f896d7027081f759798794aa) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: fix CVE-2017-7209 in readelfYuanjie Huang2017-06-052-0/+63
| | | | | | | | | | | | | | | | CVE: CVE-2017-7209 [BZ 21135] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21135 PR binutils/21135: Fix invalid read of section contents whilst processing a corrupt binary. (From OE-Core rev: 2df642ca0a1e4a4e6616729018cf32d2108cabb2) (From OE-Core rev: b262000162cb4e18421dd85bf5216c9fa3bdbf15) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: Fix CVE-2017-5029Fan Xin2017-06-052-0/+81
| | | | | | | | | | | Backport upstream patch to fix CVE-2017-5029. (From OE-Core rev: 5266e74c990df1cf965d162d9695eb5a698883ae) (From OE-Core rev: 172f76a1a43921d92a385d6d123dffaf27eb368f) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: CVE-2016-7977, CVE-2016-7978, CVE-2016-7979, CVE-2017-9216Catalin Enache2017-06-055-0/+151
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently read arbitrary files via the use of the .libfile operator in a crafted postscript document. Use-after-free vulnerability in Ghostscript 9.20 might allow remote attackers to execute arbitrary code via vectors related to a reference leak in .setdevice. Ghostscript before 9.21 might allow remote attackers to bypass the SAFER mode protection mechanism and consequently execute arbitrary code by leveraging type confusion in .initialize_dsc_parser. libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and Ghostscript, has a NULL pointer dereference in the jbig2_huffman_get function in jbig2_huffman.c. For example, the jbig2dec utility will crash (segmentation fault) when parsing an invalid file. References: https://nvd.nist.gov/vuln/detail/CVE-2016-7977 https://nvd.nist.gov/vuln/detail/CVE-2016-7978 https://nvd.nist.gov/vuln/detail/CVE-2016-7979 https://nvd.nist.gov/vuln/detail/CVE-2017-9216 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=875a0095f37626a721c7ff57d606a0f95af03913 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=3ebffb1d96ba0cacec23016eccb4047dab365853 (From OE-Core rev: 584dfa2f780d5785aaff01f84fbabc18b3478d76) (From OE-Core rev: 6fed7cd6077c46ad2213226d4675fad9b10ab024) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: CVE-2016-8602, CVE-2017-7975Catalin Enache2017-06-053-0/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Postscript document that calls .sethalftone5 with an empty operand stack. Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds writes because of an integer overflow in the jbig2_build_huffman_table function in jbig2_huffman.c during operations on a crafted JBIG2 file, leading to a denial of service (application crash) or possibly execution of arbitrary code. References: https://nvd.nist.gov/vuln/detail/CVE-2016-8602 https://nvd.nist.gov/vuln/detail/CVE-2017-7975 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=f5c7555c303 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e57e483298 (From OE-Core rev: 8f919c2df47ca93132f21160d919b6ee2207d9a6) (From OE-Core rev: 6040b8735b79397bf49a2154f81e9aab34c15413) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: fix CVE-2017-6969 in readelfYuanjie Huang2017-06-053-0/+181
| | | | | | | | | | | | | | | | | | CVE: CVE-2017-6969 [BZ 21156] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21156 PR binutils/21156: Fix illegal memory accesses in readelf when ing a corrupt binary. PR binutils/21156: Fix another memory access error in readelf when parsing a corrupt binary. (From OE-Core rev: de04c9811f7ce5179ba261bd8eae921d7873d6cd) (From OE-Core rev: ae0e01474623969dc193687d59fb5a65ab4d42bc) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpcbind: Fix CVE-2017-8779Fan Xin2017-06-052-0/+222
| | | | | | | | | | | | | | | This vulnerability is also called "rpcbomb". Backport upstream patch to fix this vulnerability. CVE: CVE-2017-8779 (From OE-Core rev: 7936c9451eb4c376a78a0ac7461d1b2430c7f1f3) (From OE-Core rev: bab6667d44df185b4433bcd1c283105966383844) Signed-off-by: Fan Xin<fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Fix CVE-2017-8392Fan Xin2017-06-053-0/+110
| | | | | | | | | | | | | | | | | | | | | | Backport upsream commit to fix CVE-2017-8392 CVE: CVE-2017-8392 [BZ 21409] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21409 PR 21409, segfault in _bfd_dwarf2_find_nearest_line PR 21409 * dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when no symbols. (From OE-Core rev: dff01b827c87ae135a1d5511b1efbdad01c0eaee) (From OE-Core rev: c5a5017ce710108c61dba0e0af72bb72a9419701) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check.bbclass: make warning contain CVE IDsChen Qi2017-06-051-4/+5
| | | | | | | | | | | | | | | | | | | When warning users about unpatched CVE, we'd better put CVE IDs into the warning message, so that it would be more straight forward for the user to know which CVEs are not patched. So instead of: WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE, for more information check /path/to/workdir/cve/cve.log. We should have: WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE (CVE-2017-7869), for more information check /path/to/workdir/cve/cve.log. (From OE-Core rev: ad46069e7b58f2fba373131716f28407816fa1a6) (From OE-Core rev: e0e1414a4574d4165a8dc5d0d9d0d5b5a660355f) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check-tool: backport a patch to make CVE checking workChen Qi2017-06-052-0/+53
| | | | | | | | | | | | | | | | | CVE checking in OE didn't work as do_populate_cve_db failed with the following error message. [snip]/downloads/CVE_CHECK/nvdcve-2.0-2002.xml is not consistent Backport a patch to fix this error. (From OE-Core rev: ee55b5685aaa4be92d6d51f8641a559d4e34ce64) (From OE-Core rev: e0f0a7283c597e783b69aac2c8e8a7663b70262d) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest: lock down Meson git revision for reliabilityRoss Burton2017-06-051-2/+2
| | | | | | | | | | | | | | | | The test_recipetool_create_github test fetches HEAD of the repository so upstream changes can (and do) break the test. Avoid these problems by passing the rev= argument in the URL to lock the checkout to the same version that is fetched in the github_tarball test. Also pass the commands to runCmd() as a list instead of a string, the semicolon in the URL needs more quotes if the shell is involved and passing a list bypasses the shell entirely. (From OE-Core rev: 5f02b4300fb2ed54270aede54d30317ba757f587) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-linux: update SRC_URIChang Rebecca Swee Fun2017-05-271-1/+1
| | | | | | | | | | | | | | | Gna! project announced that the download site from gna.org HTTP server will soon be closing down. We have verified that the site is no longer accessible without network proxy cache. We need to update SRC_URI to point to new alternative (nwl.cc HTTP server) in order to avoid fetcher issues in future. [YOCTO #11575] (From OE-Core rev: 3195f7e68eb5cfb2af3506fe4b0dcb2f8cd9ee10) Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: CVE-2016-0634Zhixiong Chi2017-05-181-0/+3
| | | | | | | | | | | | | | | | | | | A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string. Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/ bash43-047> to solve CVE-2016-0634 CVE: CVE-2016-0634 (From OE-Core rev: 7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb) (From OE-Core rev: a4b37b05140b549960baef49237ce3316e84a041) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* staging: Allow BB_LIMITEDDEPS to avoid BB_TASKDEPDATARichard Purdie2017-05-181-16/+16
| | | | | | | | | | | | | | | | In the limited dependency case we don't use any of the data from BB_TASKDEPDATA. Restructure the code so this variable doesn't have to be set. This allows the function to be called from other contexts without creating artificial constructs. There should be no functional change, behaviour remains unchanged. (From OE-Core rev: 71e5243e3ebadb90b45fe418dac3eaa2c1b896bd) (From OE-Core rev: e962e257f4c124869953d1fbb3da7dbf564f818a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate: Ensure native/cross recipes have relocation of HOSTTOOLS_DIRRichard Purdie2017-05-181-1/+1
| | | | | | | | | | | | | | The previous change to relocate HOSTTOOLS wasn't complete as some files, particularly in gcc stashed build directories were not being correctly relocated. This patch addresses the issue. (From OE-Core rev: 21dd36cc12a033b012544c5d15a6f8afd84dabc9) (From OE-Core rev: 64c2f8acd02e0e5dca234b36a2a7097c0c16f7c2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python.inc: Fix python2/3 hosttools path referencesRichard Purdie2017-05-181-0/+6
| | | | | | | | | | | | | Both native and target versions of this file reference mkdir and install in hosttools paths. Use the version from PATH instead. (From OE-Core rev: 080197bf3bdf612da8104c2ae7f0b2c8dea32a0b) (From OE-Core rev: 8e3134953edfc88bf3d135b5dc00d361f84b5f37) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: Ensure macros file doesn't reference HOSTTOOLSRichard Purdie2017-05-181-0/+4
| | | | | | | | | | | | | | Currently the file encodes full paths to various host tools in the HOSTTOOLS directory which is bad in native and target cases. We can simply use the versions from PATH quite safely in OE. (From OE-Core rev: be901200d94beaa35e1d05eb502b117b3b523609) (From OE-Core rev: 2a12c159aae9877a05e0ba023de278cdca59ac45) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* GNU_MIRROR: switch from ftp to httpsMaxin B. John2017-05-111-1/+1
| | | | | | | | | | Based on the same reason behind DEBIAN's switch from ftp: https://www.debian.org/News/2017/20170425 (From OE-Core rev: ba119d836c0f4b20a39c92fa2e64abb0d5a55ad4) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* DEBIAN_MIRROR: switch from ftp to httpMaxin B. John2017-05-112-19/+19
| | | | | | | | | | | | | | All public-facing debian.org FTP services will be shut down on November 1, 2017 The mirrors should just be accessed using HTTP instead. https://www.debian.org/News/2017/20170425 Fixes [YOCTO #11413] (From OE-Core rev: c2cdc4d9155d7a3b9cba60fa9cbb448cf64c62bd) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* useradd: remove preinst script referring to recipe sysrootMaxin B. John2017-05-111-1/+1
| | | | | | | | | | | | | | | | Remove recipe-specific-sysroot details from the preinst scripts generated by useradd.bbclass. This was added to match the default from bitbake.conf. Unlike the default case, the dependencies used by useradd mean that a default passwd/group file is always present. This means we don't need the native sysroot fallback. Fixes [YOCTO #11460] (From OE-Core rev: dfc9323c1cd7814989766be5bd1861fbaa739d2d) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* useradd.bbclass: Handle COMPONENTS_DIR when restoring statePeter Kjellerstedt2017-05-112-1/+6
| | | | | | | | | | | The export of PSEUDO in useradd_sysroot() contains references to ${COMPONENTS_DIR}. These need to be handled when restoring postinst-useradd-${PN} from the sstate cache. (From OE-Core rev: 097875bc9ab9d60a452b01ac6825775983684d68) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: Add COMPONENTS_DIR for ${STAGING_DIR}-componentsPeter Kjellerstedt2017-05-1112-17/+18
| | | | | | | | | | The path to where to install and find the sysroot components is used in many places. This warrants it to get its own variable. (From OE-Core rev: 70a84b525470f72339568409daf84845904e4cab) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to master head revisionyocto-2.3pyro-17.0.0Richard Purdie2017-05-011-1/+1
| | | | | | (From OE-Core rev: 123962018251dfb1d6ca5aa5c0d02534007de3ab) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate.bbclass, staging.bbclass: Handle HOSTTOOLS_DIR when restoring statePeter Kjellerstedt2017-05-013-3/+3
| | | | | | | | | | | Paths to host tools that have been copied to ${HOSTTOOLS_DIR} may end up in the sstate cache. They thus need to be corrected when restoring from the sstate cache. (From OE-Core rev: f8671aecf05a286dd2b34b07bb5fbbe0c31e26d0) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: Add HOSTTOOLS_DIR for ${TMPDIR}/hosttoolsPeter Kjellerstedt2017-05-013-3/+6
| | | | | | | | | | | The path to where to install and find the tools copied from the host environment is already used in a couple of places. This warrants it to get its own variable. (From OE-Core rev: 8164c466943ffedff399009bf5547dba4f06d6c8) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to master head revisionRichard Purdie2017-04-291-1/+1
| | | | | | (From OE-Core rev: 4fe59183dae7c556363bc885cfda11a38c0d2d47) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to master head revisionRichard Purdie2017-04-291-1/+1
| | | | | | (From OE-Core rev: 766bef5755521960e24ed7192214bf66bbee8354) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_deb.bbclass: Avoid writing empty custom fieldsAndreas Oberritter2017-04-291-1/+1
| | | | | | | | | | Avoids parser errors if PACKAGE_ADD_METADATA_DEB is set to an empty value. (From OE-Core rev: f0959c0908dfb386d29f13fcd3e57b2b004c6c14) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_deb.bbclass: Fix multi-line package descriptionsAndreas Oberritter2017-04-291-4/+1
| | | | | | | | | | | In deb control files, each line of a long description starts with a single space. Empty lines are represented by a single space followed by a single full stop character. (From OE-Core rev: f66278f471c0bf9421ce2c55a56a144a0f9332bf) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: make bash a valid login shell if enabledAndreas Oberritter2017-04-291-0/+9
| | | | | | | | | | Add bash to /etc/shells if busybox is built with bash applet anabled to fix login via dropbear. (From OE-Core rev: 86a2db0b2997fd05882ae0119ef45b1ea5411d39) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-player: Disable visualizations as workaroundJussi Kukkonen2017-04-292-0/+60
| | | | | | | | | | | Audio playback in gtk-play is broken with vaapi because the visualizations do not work: disable visualizations as workaround. This should be reverted as soon as [YOCTO #11410] is fixed. (From OE-Core rev: 1092a8d4bc78a53f60ad0137aeb08b31853db9eb) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: CVE-2016-9318Catalin Enache2017-04-292-0/+208
| | | | | | | | | | | | | | | | | | | | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript : CVE-2016-10219, CVE-2016-10220, CVE-2017-5951Catalin Enache2017-04-294-0/+151
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8 http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 (From OE-Core rev: 6679a4d4379f6f18554ed0042546cce94d5d0b19) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2016-6170Yi Zhao2017-04-292-0/+1091
| | | | | | | | | | | | | | | | | | | | | | CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-6170 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f (From OE-Core rev: 14abd767349bc868ca59838f1af3aaf17dfe4350) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2016-8864Yi Zhao2017-04-292-0/+220
| | | | | | | | | | | | | | | | | | | | CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-8864 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8 (From OE-Core rev: c06f3a5993c7d63d91840c2a4d5b621e946ef78f) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-libc-headers: fix upstream version checkAlexander Kanavin2017-04-291-0/+1
| | | | | | | | (From OE-Core rev: 83d55bcc63510d3704078f19c255c524d8fffc39) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libproxy: speed up upstream version checkAlexander Kanavin2017-04-291-0/+1
| | | | | | | | | | Something in the fetched webpage made the default regex matching really slow. (From OE-Core rev: e4d1100a84e28cb97438c18df6d9f98996a7d578) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: fix upstream version checkAlexander Kanavin2017-04-291-1/+2
| | | | | | | | (From OE-Core rev: b64c4d7e033acf5d58c0fdee6907ea6983a67138) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-iniparse: fix upstream version checkAlexander Kanavin2017-04-291-0/+1
| | | | | | | | (From OE-Core rev: 21e9e3642d1dbd3d868a4472716f633bd5626b08) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* acpica: fix upstream version checkAlexander Kanavin2017-04-292-0/+2
| | | | | | | | (From OE-Core rev: a5d5a244717259c15145c65e0f44e37544afe8ee) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lsbtest: add option --ignoreos to rpm install commandDengke Du2017-04-291-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | After change to the rpm4, the rpm packages in lsbtest, such as: lsb-setup-4.1.0-1.noarch.rpm lsb-dist-checker-5.0.0.1-1.x86_64.rpm ...... lsb-cmdchk-5.0.3-1.x86_64.rpm When install above rpm packages, the error log appears: package lsb-setup-4.1.0-1.noarch is intended for a different operating system ...... So we should add option "--ignoreos" to the rpm install command in LSB_Test.sh in ./meta/recipes-extended/lsb/lsbtest directory. In this way we can make sure the correct installation of those rpm packages. The YOCTO bug #11224 didn't create logs, this is because the above test rpm packages didn't install. [YOCTO #11224] (From OE-Core rev: db2798d967dbffed834070b52fe778efa18cb4ae) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>