summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* openssl: Security fix CVE-2016-0800Armin Kuster2016-03-034-0/+1296
| | | | | | | | | | | | | | | CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) https://www.openssl.org/news/secadv/20160301.txt (From OE-Core rev: c99ed6b73f397906475c09323b03b53deb83de55) Signed-off-by: Armin Kuster <akuster@mvista.com> Not required for master, an update to 1.0.2g has been submitted. Backport to fido is required. Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Fix CVE-2015-8041Hongxu Jia2016-03-032-0/+65
| | | | | | | | | | | | | Backport patch from http://w1.fi/security/2015-5/ and rebase for wpa-supplicant 2.4 (From OE-Core rev: 4d0ebfd77c07475494665dde962137934dd2194a) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Not needed in master since the upgrade to 2.5 Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to jethro head revisionyocto-2.0.1jethro-14.0.1Richard Purdie2016-02-241-1/+1
| | | | | | (From OE-Core rev: 0c702756dd0009c4112028fbf2479a346867b32c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-2198Armin Kuster2016-02-212-0/+46
| | | | | | | | | CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write (From OE-Core rev: 646a8cfa5398a22062541ba9c98539180ba85d58) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2016-2197Armin Kuster2016-02-212-0/+60
| | | | | | | | | CVE-2016-2197 Qemu: ide: ahci null pointer dereference when using FIS CLB engines (From OE-Core rev: ca7cbcf22558349f0b43ed7dc84ad38d7c178c55) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libgcrypt: Security fix CVE-2015-7511Armin Kuster2016-02-213-0/+304
| | | | | | | | | | | | | | CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves affects libgcrypt < 1.6.5 Patch 1 is a dependancy patch. simple macro name change. Patch 2 is the cve fix. (From OE-Core rev: c691ce99bd2d249d6fdc4ad58300719488fea12c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uclibc: Security fix CVE-2016-2225Armin Kuster2016-02-212-0/+33
| | | | | | | | | | | CVE-2016-2225 Make sure to always terminate decoded string This change is being provide to comply to Yocto compatiblility. (From OE-Core rev: 093d76f3f4a385aae46304bd572ce1545c6bcf33) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uclibc: Security fix CVE-2016-2224Armin Kuster2016-02-212-0/+50
| | | | | | | | | | | CVE-2016-2224 Do not follow compressed items forever. This change is being provide to comply to Yocto compatiblity. (From OE-Core rev: 4fe0654253d7444f2c445a30b06623cef036b2bb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libbsd: Security fix CVE-2016-2090Armin Kuster2016-02-182-1/+53
| | | | | | | | | | | | CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd affects libbsd <= 0.8.1 (and therefore not needed in master) (From OE-Core rev: e56aba3a822f072f8ed2062a691762a4a970a3f0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Security fix CVE-2015-7547Armin Kuster2016-02-182-0/+643
| | | | | | | | | CVE-2015-7547: getaddrinfo() stack-based buffer overflow (From OE-Core rev: cf754c5c806307d6eb522d4272b3cd7485f82420) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to jethro head revisionRichard Purdie2016-02-071-1/+1
| | | | | | (From OE-Core rev: 05e551d821594b0f4c06328386b6a82e0801ac2a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Secuirty fix CVE-2016-0755Armin Kuster2016-02-072-1/+140
| | | | | | | | | CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use (From OE-Core rev: 8322814c7f657f572d5c986652e708d6bd774378) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security fix CVE-2016-0754Armin Kuster2016-02-072-1/+419
| | | | | | | | | CVE-2016-0754 curl: remote file name path traversal in curl tool for Windows (From OE-Core rev: b2c9b48dea2fd968c307a809ff95f2e686435222) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nettle: Security fix CVE-2015-8804Armin Kuster2016-02-072-0/+282
| | | | | | | (From OE-Core rev: 7474c7dbf98c1a068bfd9b14627b604da5d79b67) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nettle: Security fix CVE-2015-8803 and CVE-2015-8805Armin Kuster2016-02-072-0/+75
| | | | | | | (From OE-Core rev: f62eb452244c3124cc88ef01c14116dac43f377a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* socat: Security fix CVE-2016-2217Armin Kuster2016-02-072-0/+373
| | | | | | | | | | | | | this address both Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in OpenSSL" and Socat security advisory 8: "Stack overflow in arguments parser [Yocto # 9024] (From OE-Core rev: 0218ce89d3b5125cf7c9a8a91f4a70eb31c04c52) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: Security fix CVE-2015-8472Armin Kuster2016-02-072-0/+30
| | | | | | | | | | | libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions this patch fixes an incomplete patch in CVE-2015-8126 (From OE-Core rev: f4a805702df691cbd2b80aa5f75d6adfb0f145eb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: Security fix CVE-2015-8126Armin Kuster2016-02-075-0/+359
| | | | | | | | | libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions (From OE-Core rev: d0a8313a03711ff881ad89b6cfc545f66a0bc018) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* foomatic-filters: Security fixes CVE-2015-8327Armin Kuster2016-02-072-0/+24
| | | | | | | | | | | CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character this time with the recipe changes. (From OE-Core rev: 62d6876033476592a8ca35f4e563c996120a687b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* foomatic-filters: Security fix CVE-2015-8560Armin Kuster2016-02-072-0/+26
| | | | | | | | | CVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character (From OE-Core rev: 307056ce062bf4063f6effeb4c891c82c949c053) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to jethro head revisionRichard Purdie2016-02-071-1/+1
| | | | | | (From OE-Core rev: a2b1d9a6f0f29a2d21c80e549b10f3522df20c11) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cross-localedef-native: add ABI breaking glibc patchJens Rehsack2016-02-071-0/+1
| | | | | | | | | | | | | | Add patch from commit 96b1b5c127e9e0e637aaf7948cf3330a94a5cd57 to cross-localedef-native to avoid broken images built with ENABLE_BINARY_LOCALE_GENERATION set to 1: $ sh -c "export LANG=de_DE; ls -la" sh: loadlocale.c:130: _nl_intern_locale_data: Assertion `cnt < (sizeof (_nl_value_type_LC_COLLATE) / sizeof (_nl_value_type_LC_COLLATE[0]))' failed. Aborted (From OE-Core rev: 2ddfcfaa996d8c675b5c161acb605dc5573eba67) Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to jethro head revisionRichard Purdie2016-02-051-1/+1
| | | | | | (From OE-Core rev: 113812945c3cddfec75d67d781c0fa2d7ee02762) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e2fsprogs: Ensure we use the right mke2fs.conf when restoring from sstateRichard Purdie2016-02-051-0/+15
| | | | | | | | | | | | | | | | | If we don't do this, we can use an mke2fs.conf from a different path which may contain incompatible flags and lead to obtuse build failures such as: Invalid filesystem option set: has_journal,extent,huge_file,flex_bg,metadata_csum,64bit,dir_nlink,extra_isize To fix this, wrap the mke2fs binary and its hardlinks and point at the correct configuration file. In particular this fixes conflicts between master and jethro builds affecting the main autobuilder. (From OE-Core rev: 0ef6277463517fb0e52b4bd65ca5f6ab42315773) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to jethro head revisionRichard Purdie2016-02-041-1/+1
| | | | | | (From OE-Core rev: f3831307d7c849e60c4141f7bfe4067ec5ff224a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* piglit: don't use /tmp to write generated sources toRoss Burton2016-02-041-0/+6
| | | | | | | | | | | | If there are multiple builds on the same machine then piglit writing it's generated sources to /tmp will race. Instead, export TEMP to tell the tempfile module to use a temporary directory under ${B}. (From OE-Core rev: 226a26e51eb0789686509d3e22a3766e2e3e8666) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update SRCREV for qemux86* for 4.1, fixes CVE-2016-0728Alejandro Hernandez2016-02-041-2/+4
| | | | | | | | | | This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 4.1.17 (From OE-Core rev: f070d5fee56a4589a6abf422e6872373c5557c6d) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update SRCREV for qemux86* for 3.19, fixes CVE-2016-0728Alejandro Hernandez2016-02-041-2/+2
| | | | | | | | | | This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring() (From OE-Core rev: 8cb97ea8ed59ee77c0542b50d1af65bf9a3c3fef) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto: Update SRCREV for qemux86* for 3.14, fixes CVE-2016-0728Alejandro Hernandez2016-02-041-2/+4
| | | | | | | | | | This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 3.14.39 (From OE-Core rev: ce53ebc001af87d169a2e0e98ca3d7d4729fdec4) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng12: update URL that no longer existsMaxin B. John2016-02-041-1/+1
| | | | | | | | | | | | | | | | Fix the following warning: WARNING: Failed to fetch URL http://downloads.sourceforge.net/project/ libpng/libpng12/1.2.53/libpng-1.2.53.tar.xz, attempting MIRRORS if available. [YOCTO #8739] (From OE-Core rev: 02363e50b4a3d124fa71edb2870deb820567482b) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng: update URL that no longer existsMaxin B. John2016-02-041-1/+1
| | | | | | | | | | | | | | | | Fix the following warning: WARNING: Failed to fetch URL http://downloads.sourceforge.net/ project/libpng/libpng16/1.6.17/libpng-1.6.17.tar.xz, attempting MIRRORS if available [YOCTO #8739] (From OE-Core rev: dbde0550ce0cc112947367eb89b914be5b3359a7) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: fix build of last appletRoss Burton2016-02-042-0/+34
| | | | | | | | | | | | | If CONFIG_FEATURE_LAST_SMALL is enabled the build fails because of a broken __UT_NAMESIZE test. [ YOCTO #8869 ] (From OE-Core rev: 6348b2e8e0510b45f4afd2018e90796714863fc1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: add dependency for pnglibconf.hJoe Slater2016-02-042-0/+22
| | | | | | | | | | | | | | When using parallel make jobs, we need to be sure that pnglibconf.h is created before we try to reference it, so add a rule to png.mak. (From OE-Core rev: 4b7bda9d1ac836de0c657cca28044b822e444bea) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit fad19750d23aad2d14a1726c4e3c2c0d05f6e13d) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gcr: Require x11 DISTRO_FEATUREJussi Kukkonen2016-02-041-1/+3
| | | | | | | | | | | | | | | This enables a world build without x11. GTK3DISTROFEATURES is not enough because gtk+-x11.pc is still required. Fixes [YOCTO #8611]. (From OE-Core rev: b1175339287395a7ad4fe4639a73f3a1dda74358) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit dbdcd87144cc1cd6c5d50c800c7f266aaf25ca17) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uClibc: enable utmp for shadow compatibilityBogdan-Alexandru Voiculescu2016-02-041-0/+2
| | | | | | | | | | | | | | | | | | | | with the enabling of utmpx in busybox and uClibc it was noted that shadow support for utmpx also needs utmp explicitly enabled in uclibc. this is a workaround that might be removed once shadow properly supports --enable-utmpx to check for utmpx configuration instead of utmp like it does now [YOCTO #8243] [YOCTO #8971] (From OE-Core rev: 05cab660ea956aabf6e6f971bdc5c9e2d94b9f2d) Signed-off-by: Bogdan-Alexandru Voiculescu <bogdanx.a.voiculescu@intel.com> Signed-off-by: Benjamin Esquivel <benjamin.esquivel@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 969158d63ba2c8e2e11af41c2a6d4f1aa5b0099f) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: Security fix CVE-2015-7545Armin Kuster2016-02-046-0/+897
| | | | | | | | | CVE-2015-7545 git: arbitrary code execution via crafted URLs (From OE-Core rev: 1e0780427bad448c5b3644134b581ecf1d53af84) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc-locale: fix QA warningArmin Kuster2016-02-041-1/+1
| | | | | | | | | | WARNING: QA Issue: glibc-locale: /glibc-binary-localedata-sd-in/usr/lib/locale/sd_IN/LC_CTYPE is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated] fix type (From OE-Core rev: 9d5cd7a353ec257c88d54dd9af2327b0d86d5662) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* grub: Security fix CVE-2015-8370Armin Kuster2016-02-042-0/+60
| | | | | | | | | CVE-2015-8370 grub2: buffer overflow when checking password entered during bootup (From OE-Core rev: b63e3b57b47e95003a1fb014f90333c327681d5b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdk-pixbuf: Security fix CVE-2015-7674Armin Kuster2016-02-042-0/+40
| | | | | | | | | CVE-2015-7674 Heap overflow with a gif file in gdk-pixbuf < 2.32.1 (From OE-Core rev: f2b16d0f9c3ad67fdf63e9e41f42a6d54f1043e4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* librsvg: Security fix CVE-2015-7558Armin Kuster2016-02-044-1/+597
| | | | | | | | | | | CVE-2015-7558 librsvg2: Stack exhaustion causing DoS including two supporting patches. (From OE-Core rev: 4945643bab1ee6b844115cc747e5c67d874d5fe6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2015-8461Armin Kuster2016-02-042-0/+45
| | | | | | | | | CVE-2015-8461 bind: race condition when handling socket errors can lead to an assertion failure in resolver.c\ (From OE-Core rev: 1656eaa722952861ec73362776bd0c4826aec3da) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2015-8000Armin Kuster2016-02-042-0/+279
| | | | | | | | | CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c (From OE-Core rev: a159f9dcf3806f2c3677775d6fb131dab17a5a17) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Security fix CVE-2015-8710Armin Kuster2016-02-042-0/+72
| | | | | | | | | CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment (From OE-Core rev: 03d481070ebc6f9af799aec5d038871f9c73901c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: Security fix CVE-2015-8241Armin Kuster2016-02-042-0/+41
| | | | | | | | | CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar (From OE-Core rev: f3c19a39cdec435f26a7f46a3432231ba4daa19c) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dpkg: Security fix CVE-2015-0860Armin Kuster2016-02-042-0/+53
| | | | | | | | | CVE-2015-0860 dpkg: stack overflows and out of bounds read (From OE-Core rev: 5aaec01acc9e5a19374a566307a425d43c887f4b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: update to 2016aArmin Kuster2016-02-041-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Changed LIC_CHKSUM_FILES to a new LICENSE file. Add BSD-3-clause to licenses Changes affecting future time stamps America/Cayman will not observe daylight saving this year after all. Revert our guess that it would. (Thanks to Matt Johnson.) Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00. (Thanks to Alexander Krivenyshev.) Asia/Tehran now has DST predictions for the year 2038 and later, to be March 21 00:00 to September 21 00:00. This is likely better than predicting no DST, albeit off by a day every now and then. Changes affecting past and future time stamps America/Metlakatla switched from PST all year to AKST/AKDT on 2015-11-01 at 02:00. (Thanks to Steffen Thorsen.) America/Santa_Isabel has been removed, and replaced with a backward compatibility link to America/Tijuana. Its contents were apparently based on a misreading of Mexican legislation. Changes affecting past time stamps Asia/Karachi's two transition times in 2002 were off by a minute. (Thanks to Matt Johnson.) (From OE-Core rev: 790315dbd2dcb5b2024948ef412f32d2788cb6b5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 39e231cfabda8d75906c935d2a01f37df6121b84) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode: update to 2016aArmin Kuster2016-02-042-25/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change LIC_CHKSUM_FILES to License. Some files are BSD clause 3 Changes affecting build procedure An installer can now combine leap seconds with use of the backzone file, e.g., with 'make PACKRATDATA=backzone REDO=posix_right zones'. The old 'make posix_packrat' rule is now marked as obsolescent. (Thanks to Ian Abbott for an initial implementation.) Changes affecting documentation and commentary A new file LICENSE makes it easier to see that the code and data are mostly public-domain. (Thanks to James Knight.) The three non-public-domain files now use the current (3-clause) BSD license instead of older versions of that license. tz-link.htm mentions the BDE library (thanks to Andrew Paprocki), CCTZ (thanks to Tim Parenti), TimeJones.com, and has a new section on editing tz source files (with a mention of Sublime zoneinfo, thanks to Gilmore Davidson). The Theory and asia files now mention the 2015 book "The Global Transformation of Time, 1870-1950", and cite a couple of reviews. The America/Chicago entry now documents the informal use of US central time in Fort Pierre, South Dakota. (Thanks to Rick McDermid, Matt Johnson, and Steve Jones.) (From OE-Core rev: 1ee9072e16d96f95d07ec5a1f63888ce4730d60e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit b7f292b84eea202fb13730c11452ac1957e41cf0) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel-yocto: fix checkout bare-cloned kernel repositoriesJianxun Zhang2016-02-041-3/+10
| | | | | | | | | | | | | | | | | | | | | The existing code doesn't tell regular (with .git) and bare cases and just move the unpacked repo to the place of kernel source. But later steps will fail on a bare-cloned repo because we can not checkout directly in a bare cloned repo. This change performs another clone to fix the issue. Note: This change doesn't cover the case that S and WORKDIR are same and the repo is bare cloned. (From OE-Core rev: f3d0ae7b174f47170fef14a699aec22d02ea1745) Signed-off-by: Jianxun Zhang <jianxun.zhang@linux.intel.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit ccfa2ee5c4f509de4c18a7054b2a66fc874d5d69) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre: bug fixes include securityArmin Kuster2016-01-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | [Yocto # 9008] This is the next patch release for pcre. The 8.xx series now only contains bug fixes. http://www.pcre.org/original/changelog.txt The following security fixes are included: CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex() CVE-2015-3217 pcre: stack overflow in match() CVE-2015-5073 CVE-2015-8388 pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec CVE-2015-8381 pcre: Heap Overflow in compile_regex() CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by name within certain group CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to certain group CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion CVE-2015-8387 pcre: Integer overflow in subroutine calls CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with duplicated named groups CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions CVE-2015-8395 pcre: Buffer overflow caused by certain references CVE-2016-1283 pcre: Heap buffer overflow in pcre_compile2 causes DoS (From OE-Core rev: 3e403cc1bdeefd4f39e54bae2269ca56307e8468) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: Security fix CVE-2015-7295Armin Kuster2016-01-304-0/+176
| | | | | | | | | CVE-2015-7295 Qemu: net: virtio-net possible remote DoS (From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>