summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
* build-appliance-image: Update to daisy head revisionyocto-1.6.3daisy-11.0.3Richard Purdie2015-05-131-1/+1
| | | | | | (From OE-Core rev: 5a577ec878a15f3caaf4893b819825ffb8c81266) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: Fix typo for cupsRichard Purdie2015-05-131-1/+1
| | | | | | (From OE-Core rev: 327da66bb4d0b2a219e8a1b0805b504b269b22d9) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* powertop: Fix build for !uclibcMartin Jansa2015-05-121-1/+2
| | | | | | | | | | | | | | | | | | | | | * EXTRA_LDFLAGS isn't defined for !uclibc and configure fails when it reads it unexpanded, see config.log snippet: configure:4177: checking whether the C compiler works configure:4199: i586-oe-linux-gcc -m32 -march=i586 --sysroot=/OE/sysroots/qemux86 -O2 -pipe -g -feliminate-unused-debug-types -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed ${EXTRA_LDFLAGS} conftest.c >&5 i586-oe-linux-gcc: error: ${EXTRA_LDFLAGS}: No such file or directory configure:4203: $? = 1 configure:4241: result: no (From OE-Core rev: fd6418949249be252e4831ecf88f84297f81eaeb) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Backported from OpenEmbedded Dizzy branch, commit c8f9b5c9a8e5179c2013f25decd6a5483df9c716. Signed-off-by: Jens Rottmann <Jens.Rottmann@ADLINKtech.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: fix /var/log/journal ownershipJonathan Liu2015-05-121-0/+1
| | | | | | | | | | | | | | | | | | The ownership needs to be explicitly set otherwise it inherits the user and group id of the build user. (From OE-Core rev: 0752c79282b1cc9699743e719518e6c341d50a3a) (From OE-Core rev: e64cee7ccf9dedbadc3a63e4ed3eb15172ef4403) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Conflicts: meta/recipes-core/systemd/systemd_219.bb Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* eglibc: fix two security issues.Armin Kuster2015-05-013-0/+535
| | | | | | | | | | | The includes two CVE fixes: CVE-2012-3406 CVE-2014-7817 (From OE-Core rev: fed4d140da67fc51d54b02df83882177f6ddab10) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e2fsprogs: CVE-2015-0247Sona Sarmadi2015-05-012-0/+59
| | | | | | | | | | | | | | Fixes input sanitization errors. References http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4 http://www.ocert.org/advisories/ocert-2015-002.html (From OE-Core rev: f3e5b052689b2eba30e26903e964791f92241e65) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* elfutils: CVE-2014-9447Sona Sarmadi2015-05-012-0/+51
| | | | | | | | | | | | | | | | directory traversal in read_long_names() Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447 Upstream commit with the analysis: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e (From OE-Core rev: 6e7badf6819f372bd6dced191c7fda9748062126) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* coreutils: parse-datetime: CVE-2014-9471Sona Sarmadi2015-05-012-0/+44
| | | | | | | | | | | | | Memory corruption flaw in parse_datetime() Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471 (From OE-Core rev: 0b13fbf3f9b4419141445b381ffa9445af6e52ab) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng16: CVE-2015-0973Sona Sarmadi2015-05-012-0/+48
| | | | | | | | | | | | | | | | | | | Fixes CVE-2015-0973 (duplicate of CVE-2014-9495), a heap-based overflow vulnerability in the png_combine_row() function of the libpng library, when very large interlaced images were used. Upstream patch: http://sourceforge.net/p/libpng/code/ci/dc294204b641373bc6eb603075a8b98f51a75dd8/ External Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973 http://seclists.org/oss-sec/2014/q4/1133 (From OE-Core rev: 10c8aeebca301ffd853e75df3f9c1d16d0352d76) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Qemu: CVE-2014-2894Sona Sarmadi2015-05-012-1/+48
| | | | | | | | | | | | | | Fixes an out of bounds memory access flaw in Qemu's IDE device model Reference http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894 (From OE-Core rev: 5f7cdf1e1212af5e3dcf36c8817c63cc853b1a91) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: CVE-2014-7185Sona Sarmadi2015-04-272-0/+76
| | | | | | | | | | | | Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. PoC: (From OE-Core rev: 2590eb53a6dac90cba52edd09ea56a6bdf4c4533) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix x32 openssl patch which was not buildingBrendan Le Foll2015-04-151-0/+30
| | | | | | | | | | x32 builds where broken due to patch rebase not having been done correctly for this patch (From OE-Core rev: a2966949e68bbdce8d0a0fd5946d078b84ae63e9) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "file: Update CVE patch to ensure file gets built correctly"Richard Purdie2015-03-281-3/+21
| | | | | | This reverts commit ece58a88ef905e42de4b8b690106b553ccaa9f30. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* file: Update CVE patch to ensure file gets built correctlyRichard Purdie2015-03-281-21/+3
| | | | | | | | | | If we touch both files, we can end up in a situation where magic.h should be rebuilt and isn't. The easiest fix is not to touch the generated files which ensures the timestamps are such that it is always rebuilt. (From OE-Core rev: ece58a88ef905e42de4b8b690106b553ccaa9f30) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to 1.0.1mBrendan Le Foll2015-03-257-157/+121
| | | | | | | | | | | | | | | | Security update, some patches modified to apply correctly mostly due to upstream changing indentation/styling * configure-targets.patch updated * fix-cipher-des-ede3-cfb1.patch updated * openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated * openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream (From OE-Core rev: 248dec5e550cfcaaaa479a5bff9b79ba5cd0765d) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* utils.bbclass: fix create_cmdline_wrapperJavier Viguera2015-03-111-2/+2
| | | | | | | | | | | | | | | | | | | | | Similar to commit 4569d74 for create_wrapper function, this commit fixes hardcoded absolute build paths in create_cmdline_wrapper. Otherwise we end up with incorrect paths in users of this function. For example the 'file' wrapper in current released toolchain: exec -a /home/pokybuild/yocto-autobuilder/yocto-worker/nightly-fsl-arm/build/build/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-file/5.18-r0/image//opt/poky/1.7.1/sysroots/x86_64-pokysdk-linux/usr/bin/file `dirname $realpath`/file.real --magic-file /opt/poky/1.7.1/sysroots/x86_64-pokysdk-linux/usr/share/misc/magic.mgc "$@" (From OE-Core rev: 49ab89eb9f83388e99069a4b53bdc4cba22bb6f3) (From OE-Core rev: 8503dee5a42fc0dc6dc6c79ce316aba1c91da6d1) Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qt4: add patch for BMP denial-of-service vulnerabilityJonathan Liu2015-03-102-0/+45
| | | | | | | | | | For further details, see: https://bugreports.qt.io/browse/QTBUG-44547 (From OE-Core rev: 4c61140ae04b3957bec12b18863d8ff39b81b396) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: several security fixesArmin Kuster2015-03-109-0/+1148
| | | | | | | | | | | | | | | | | | | | | | | | | CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 and one supporting patch. [Yocto # 7084] (From OE-Core rev: 859fb4d9ec6974be9ce755e4ffefd9b199f3604c) (From OE-Core rev: d2b2d8c9ce3ef16ab053bd19a5705b01402b76ba) (From OE-Core rev: 2343cdb81ddef875dc3d52b07565b4ce9b3a14a4) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lib/oe/package_manager: support exclusion from complementary glob process by ↵Paul Eggleton2015-03-031-0/+3
| | | | | | | | | | | | | | | | | | regex Sometimes you do not want certain packages to be installed when installing complementary packages, e.g. when using dev-pkgs in IMAGE_FEATURES you may not want to install all packages from a particular multilib. This introduces a new PACKAGE_EXCLUDE_COMPLEMENTARY variable to allow specifying regexes to match packages to exclude. (From OE-Core master rev: d4fe8f639d87d5ff35e50d07d41d0c1e9f12c4e3) (From OE-Core rev: 5e92eb11cdf1dd06a3e2ca015f1aebaace321acd) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* btrfs: create an empty file to build the fs inSaul Wold2015-02-061-2/+2
| | | | | | | | | | | | The newer btrfs-utils needs an empty file to build the filesystem in, so create an empty file and use it for the mkfs to build the fs in. [YOCTO #6804] (From OE-Core rev: afc44fad44261677c799558ffd35f4908556bce0) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix for CVE-2014-8500Sona Sarmadi2015-02-062-0/+991
| | | | | | | | | | | | | | | | | [From upstream commit: 603a0e2637b35a2da820bc807f69bcf09c682dce] [YOCTO #7098] External References: =================== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500 (From OE-Core rev: 7225d6e0c82f264057de40c04b31655f2b0e0c96) (From OE-Core rev: 97fcb0bb1f0bead8190b0c8f2435e551c2e2efe0) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* file: CVE-2014-9620 and CVE-2014-9621Chong Lu2015-02-062-0/+1360
| | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2014-9620: Limit the number of ELF notes processed - DoS CVE-2014-9621: Limit string printing to 100 chars - DoS The patch comes from: https://github.com/file/file/commit/6ce24f35cd4a43c4bdd249e8e0c4952c1f8eac67 https://github.com/file/file/commit/0056ec32255de1de973574b0300161a1568767d6 https://github.com/file/file/commit/09e41625c999a2e5b51e1092f0ef2432a99b5c33 https://github.com/file/file/commit/af444af0738468393f40f9d2261b1ea10fc4b2ba https://github.com/file/file/commit/68bd8433c7e11a8dbe100deefdfac69138ee7cd9 https://github.com/file/file/commit/dddd3cdb95210a765dd90f7d722cb8b5534daee7 https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4 https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c [YOCTO #7178] (From OE-Core rev: ee78555fe54e98c6296566b5e701ef268d77db61) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> [sgw - Fixed magic.h.in to match magic.h] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* update-rc.d: Allow to use different initscripts providerMartin Jansa2015-02-061-1/+2
| | | | | | | | | | | | * until now all recipes were respecting VIRTUAL-RUNTIME_initscripts variable but commit bba835fed88c3bd5bb5bd58962034aef57c408d8 hardcoded "initscripts" runtime dependency (From OE-Core rev: 1cda75706d63c988a0fa9945bd320b71c8e8488a) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: Disables SSLv3Sona Sarmadi2015-02-062-0/+38
| | | | | | | | | | | | | | | | | | | | | | | | This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566 Building python without SSLv3 support when openssl is built without any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in the openssl recipes). Backport from: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22 [python2.7-nossl3.patch] only Modules/_ssl.c is backported. References: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015 https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843 http://bugs.python.org/issue22638 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 (From OE-Core rev: 926904f65db33aa7a6a54bd6cdc9c8b34f000b0d) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: backport patch to fix reading journal backwardsJonathan Liu2015-02-062-0/+35
| | | | | | | | (From OE-Core rev: 85029adf4f2dbf2d100f1d1b41c7a7323afc008b) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: move setting LD to allow for correct overrideSaul Wold2015-02-061-1/+1
| | | | | | | | | | | | | | | | | | | | Using the export LD in the recipe does not allow for secodnary toolchain overriding LD later, by setting it in the do_configure_append the export is used by autotools setting LD based on the env, but would allow for override later. [YOCTO #6997] (From OE-Core rev: 9b37e630f5f6e37e928f825c4f67481cf58c98a1) (From OE-Core rev: b38f33c96b31c807306dd8b2d7b25cf8fad21026) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-connectivity/openssh/openssh_6.5p1.bb
* resolvconf: add fixes for busybox and make it workSaul Wold2015-02-063-4/+39
| | | | | | | | | | | | | | | | | | | | | | | resolvconf was missing a script and needed readlink which was in /usr/bin. Also the /etc/resolv.conf was not being correctly linked to /etc/resolvconf/run/resolv.conf, which is fixed by the volaties change which is now a file as opposed to created in do_install. Ensure that the correct scripts for ifup/ifdown get installed and that resolvconf is correctly enabled at startup [YOCTO #5361] (From OE-Core rev: 853e8d2c7aff6dddc1d555af22f54c4ecef13df1) (From OE-Core rev: cb3c7cfe00e96580db5aedc7f7c0970378ab3c6e) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-connectivity/resolvconf/resolvconf_1.74.bb
* cpio: fix bug CVE-2014-9112 for cpio-2.8Bian Naimeng2015-02-062-3/+221
| | | | | | | | | | | | | | Obtain detain from following URL. http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d (From OE-Core rev: 732fc8de55a9c7987608162879959c03423de907) (From OE-Core rev: 6f238c8293c3578eead15bf9f9ab5fdf95d1e9a5) Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix bug CVE-2014-9112 for cpio-2.11Bian Naimeng2015-02-062-1/+222
| | | | | | | | | | | | | | Obtain detain from following URL. http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d (From OE-Core rev: 9a32da05f5a9bc62c592fd2d6057dc052e363261) (From OE-Core rev: 674e1b4d44c7b108a843d486178182b943607a55) Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* beaglebone: enable the nowayout option for the watchdogBruce Ashfield2014-12-283-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | Bumping the meta SRCREV for the following fix: [ The default watchdog behaviour is to stop the timer if the process managing it closes the file /dev/watchdog. The system would not reboot if watchdog daemon crashes due to a bug in it or get killed by other malicious code. So we prefer to enable nowayout option for the watchdong. With this enabled, there is no way of disabling the watchdog once it has been started. This option is also enabled in the predecessor of this BSP (beagleboard) ] [YOCTO: 3937] (From OE-Core rev: 7006412c285a4a6c75d5349f60dc71b0b735ff90) (From OE-Core rev: f34de2175f1d6a443f219b8ceaaf796cfbc6efd5) Signed-off-by: Kevin Hao <kexin.hao@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto-rt/3.14: update to 3.14-rt5Bruce Ashfield2014-12-281-3/+3
| | | | | | | | | | | | | Updating the the latest 3.14-rt release. (From OE-Core rev: ca1d952c964ce25bf78d47c7a856105d59d72cac) (From OE-Core rev: 3211df158743f1b3d24421336c6bfbc2087b689a) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/3.14: update to v3.14.4Bruce Ashfield2014-12-283-16/+16
| | | | | | | | | | | | | Bumping the 3.14 recipes to the latest korg -stable release. (From OE-Core rev: 5c0088767a59c63d2197b54450a54578fa10fa07) (From OE-Core rev: 9a63b30c4ab41dee1c4c5a0d2a4053d29902db3c) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto/3.14: update to v3.14.2Bruce Ashfield2014-12-283-16/+16
| | | | | | | | | | | | | Updating to the korg 3.14.2 -stable release. (From OE-Core rev: 34afc38d86d169f0c0c5f2427f644b0dcc3bf9a1) (From OE-Core rev: 992d94d886abc9a971cfb8a8ba7f7b189c40cf6d) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* file: add wrapper to nativesdk-fileJavier Viguera2014-11-251-0/+4
| | | | | | | | | | | | Backport commit 69a3ab3 to 'daisy' which uses a different version of file package. Author of the original patch: Hongxu Jia <hongxu.jia@windriver.com> (From OE-Core rev: 4bd4da1e1433ae64720f59d48188ecd1960dac28) Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to daisy head revisionRichard Purdie2014-11-061-1/+1
| | | | | | (From OE-Core rev: 1c7a2d764c9a5df4f1d249f34c9dacfc09c0071c) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* readline: Patch for readline multikey dispatch issueSaul Wold2014-11-062-1/+34
| | | | | | | (From OE-Core rev: 5ef447d243e5c4954e00d49a4c499dc3fd691725) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wget: Fix for CVE-2014-4887Saul Wold2014-11-062-0/+79
| | | | | | | (From OE-Core rev: 52f9eebe86e4b641229b524dd7701c01d9ed833c) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libarchive: avoid dependency on e2fsprogsPaul Eggleton2014-11-061-0/+11
| | | | | | | | | | | | | | | | | | | | | libarchive's configure script looks for ext2fs/ext2_fs.h in order to use some defines for file attributes support if present (but doesn't link to any additional libraries.) There is no configure option to disable this, and if e2fsprogs is rebuilding between do_configure and do_compile you can currently get a failure. Because it doesn't need anything else from e2fsprogs, and e2fsprogs isn't currently buildable for nativesdk anyway, copy the headers in from e2fsprogs-native which we're likely to have built already (and add it to DEPENDS just to be sure we have.) Fixes [YOCTO #6268]. (From OE-Core master rev: ad754e46ad477acfbe7543187a5c38bc333b8612) (From OE-Core rev: 7504c2e715d675775e166a52ae83cf48504add19) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: force off_t size to 8 to enable large file supportPaul Eggleton2014-11-061-0/+3
| | | | | | | | | | | | | | | | | If DISTRO_FEATURES contains "largefile", force the size of off_t to 8 as a workaround for having ac_cv_sizeof_off_t=4 on 32-bit systems. In future we will likely drop the value from the site file, but for now this is a slightly safer fix. Fixes [YOCTO #6813]. (From OE-Core master rev: a8216030ee6c65531de8fbf3eed878a345a94edc) (From OE-Core rev: 94483eff5d0858ef1b5a8850268aa6a7bc6e6463) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: avoid screen sessions being killed on disconnect with systemdPaul Eggleton2014-11-061-0/+1
| | | | | | | | | | | | | | | | | Tell systemd just to kill the sshd process when the ssh connection drops instead of the entire cgroup for sshd, so that any screen sessions (and more to the point, processes within them) do not get killed. (This is what the Fedora sshd service file does, and what we're already doing in the dropbear service file). (From OE-Core master rev: 3c238dff41fbd3687457989c7b17d22b2cc844be) (From OE-Core rev: 6e6aeb7cca52b92a0c8013473e2b8bb18738a119) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to daisy head revisionRichard Purdie2014-11-051-1/+1
| | | | | | (From OE-Core rev: d1729495a19bda411fa84310ecf6c0ac3073ce36) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security Advisory - curl - CVE-2014-3620Chong Lu2014-11-052-0/+70
| | | | | | | | | | | | | | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus making them apply broader than cookies are allowed. This can allow arbitrary sites to set cookies that then would get sent to a different and unrelated site or domain. (From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853) (From OE-Core rev: 13bb2ee98cfd159455e459501dda280a78cb5a3b) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: Security Advisory - curl - CVE-2014-3613Chong Lu2014-11-052-0/+270
| | | | | | | | | | | | | | | | | By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both sending cookies to wrong sites and into allowing arbitrary sites to set cookies for others. (From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1) (From OE-Core rev: dbbda31ca0a29c930f3078635ae7c5a41d933b58) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-support/curl/curl_7.35.0.bb
* pseudo.inc: Clean up backport of version update to 1.6.2Saul Wold2014-11-051-5/+1
| | | | | | | | | | | | | | | | | This uprevs pseudo to 1.6. This merges in all of the existing fixes, and also adds partial support for extended attributes, including storing arbitrary extended attributes in the database, and also interpreting the posix permissions ACLs as chmod requests. The extended attribute support means we need xattr.h, the simplest way to be sure of this is to build attr before pseudo, which doesn't take long. (From OE-Core rev: 606793e7b5c129654f317e5bec9ed7f083d3383d) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ltp: Added zip-native as a DEPENDSAlejandro Hernandez2014-11-041-1/+1
| | | | | | | | | | | | | | | | The Makefile checks for zip during installation [YOCTO #6699] (From OE-Core rev: a6e8ced3fa8e8e2aa3df0798b80eb26e5ebc4b15) (From OE-Core rev: 00dc2ac9e0a7d4cec2d94f4d934dc1ab42d5b20b) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-extended/ltp/ltp_20140115.bb
* pseudo*.bb: update to pseudo 1.6.2Peter Seebach2014-11-043-17/+12
| | | | | | | | | | | | | | | | | pseudo 1.6.2 fixes problems with 64-bit inodes and some underlying issues involving file renames that could occasionally cause very strange behaviors files being deleted, linked, or renamed, mostly observed as strange recovery if an inode got reused. (From OE-Core rev: b2c6a032d6e5deb07e76ed75fcd0931fad6a748c) (From OE-Core rev: c2e56d7da8c7df330869babac198678b33eb3802) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-devtools/pseudo/pseudo_1.6.2.bb meta/recipes-devtools/pseudo/pseudo_git.bb
* gnupg: CVE-2013-4242Kai Kang2014-10-232-0/+63
| | | | | | | | | | | | | | | | GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload. Patch from commit e2202ff2b704623efc6277fb5256e4e15bac5676 in git://git.gnupg.org/libgcrypt.git (From OE-Core rev: 0692743b51f7daa0154fd4d8982236b4702ea2da) Signed-off-by: Yong Zhang <yong.zhang@windriver.com> Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to 1.0.1jSaul Wold2014-10-2312-688/+145
| | | | | | | | | This address the latest set of CVE issues (From OE-Core rev: 461e598815f8749bb26e97369e3b877f7ce749cf) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-0869Yue Tao2014-10-232-0/+34
| | | | | | | | | | | | | | | | | | The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted H.264 data, related to an SPS and slice mismatch and an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0869 (From OE-Core rev: 9d0fe8f47e360ad09d4a20144da96576dd4bf82f) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Conflicts: meta/recipes-multimedia/gstreamer/gst-ffmpeg_0.10.13.bb Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: Security Advisory - ffmpeg - CVE-2013-4358Yue Tao2014-10-232-0/+146
| | | | | | | | | | | | | | | | | libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to cause a denial of service (crash) via vectors related to alternating bit depths in H.264 data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4358 (From OE-Core rev: 187470bf4e1d0d87d84aae251e663c3eb490ff9c) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Conflicts: meta/recipes-multimedia/gstreamer/gst-ffmpeg_0.10.13.bb Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-03 02:54:32 +0000