linux/poky.git, branch krogoth

documentation: Updated title page notes

2018-12-10T20:43:10+00:00

Updated the notes to help the user be sure they have the right set of documents for the matching YP release. (From yocto-docs rev: 8e112affb406731ac98f3c2e08542c5049232ff1) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie

bitbake: bitbake-user-manual: Fixed porno hack for hello world example

2018-01-17T22:32:30+00:00

Someone hacked the http://hambedded site or it was moved and some links to that site in the BB manual had been hijacked to point to an entry portal for a pornography site. Replaced the link with an archived version that restores the integrity of the links. (Bitbake rev: d0a4652fec6d3968b65b4a2776948a7b9e19407e) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie

local.conf.sample: Weakly set BB_DISKMON_DIRS

2018-01-06T10:07:45+00:00

For various reasons we need to be able to set and override this from auto.conf on our test infrastructure. We have tried forcing the variable but this then breaks other selftests. In the interests of not complicating things further and needing to modify the tests across releases, weaken the default assignment. (From meta-yocto rev: 5eea5239b3172b147bdef8023d1c5a8981d18f7e) Signed-off-by: Richard Purdie

bitbake: Replace deprecated git branch parameter "--set-upstream"

2017-11-07T13:40:32+00:00

Since 2017-08-17 (git version 2.14.1.473.g3ec7d702a) using deprecated git branch parameter "--set-upstream" causes a fetcher error. Replace it by "--set-upstream-to". https://git.kernel.org/pub/scm/git/git.git/commit/?id=52668846ea2d41ffbd87cda7cb8e492dea9f2c4d says, it's deprecated since 2012-08-30 so hopefully all still supported host distributions have new enough git to support "--set-upstream-to". ERROR: PACKAGE do_unpack: Fetcher failure: ...; git -c core.fsyncobjectfiles=0 branch --set-upstream master origin/master failed with exit code 128, output: fatal: the '--set-upstream' option is no longer supported. Please use '--track' or '--set-upstream-to' instead. ERROR: PACKAGE do_unpack: Function failed: base_do_unpack (Bitbake rev: 62a53e9dbb6dc7489e44c32340b0caddd4596f0a) Signed-off-by: Andre Rosa Signed-off-by: Martin Jansa Signed-off-by: Richard Purdie (cherry picked from commit 2ab50074c1a6c56a8a178755de108447d7b7acaf) Signed-off-by: Javier Viguera Signed-off-by: Richard Purdie

wpa_supplicant: fix WPA2 key replay security bug

2017-10-16T22:47:12+00:00

WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. (From OE-Core rev: bfa04fa71c47e8fe9528208848cfcec2e232777d) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

bitbake: lib/bs4: Fix imports from html5lib >= 0.9999999/1.0b8

2017-09-04T16:51:16+00:00

As of html5lib 0.9999999/1.0b8 (released on July 14, 2016), some modules have moved from _base to base. Handle this, while staying compatible with earlier versions. (Bitbake rev: a37d0f0247c9174fec124789b7a07c792193d909) Signed-off-by: Daniel Lublin Signed-off-by: Richard Purdie

libgcrypt: fix CVE-2017-9526

2017-07-19T14:13:47+00:00

In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. (From OE-Core rev: fb28c54347fcf4957b9b8ee7dee423d859eb7820) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

libgcrypt: fix CVE-2017-7526

2017-07-19T14:13:46+00:00

Fixes CVE-2017-7526, 'flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster"'. (From OE-Core rev: 1a713fb654a31a6dd218dc1b5b810e2b380ecbb1) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

initrdscripts/init-install*: Add rootwait when installing to USB devices

2017-06-27T22:41:01+00:00

It can take a bit for USB devices to be detected, so if a USB device is your rootfs and you don't set rootwait you will most likely get a kernel panic. Fix this by adding rootwait to the kernel command line on installation. Fixes [YOCTO #9462]. (From OE-Core rev: 7f26cee3d8e4b2e9240b30c21be9fa7661186ccd) Signed-off-by: California Sullivan Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

bitbake: siggen: Make calc_taskhash match get_taskhash for file checksums

2017-06-27T12:46:39+00:00

The code in these two functions is meant to be equivlanet in behaviour but isn't. Add in code to ensure files that don't exist are handled consistently by both functions. Users did report being able to generate tracebacks otherwise. (Bitbake rev: 51e913e178a02bb603ddf874669e3ce54f90bd5d) Signed-off-by: Richard Purdie