linux/poky.git, branch krogoth-next

bitbake: Replace deprecated git branch parameter "--set-upstream"

2017-11-07T13:40:32+00:00

Since 2017-08-17 (git version 2.14.1.473.g3ec7d702a) using deprecated git branch parameter "--set-upstream" causes a fetcher error. Replace it by "--set-upstream-to". https://git.kernel.org/pub/scm/git/git.git/commit/?id=52668846ea2d41ffbd87cda7cb8e492dea9f2c4d says, it's deprecated since 2012-08-30 so hopefully all still supported host distributions have new enough git to support "--set-upstream-to". ERROR: PACKAGE do_unpack: Fetcher failure: ...; git -c core.fsyncobjectfiles=0 branch --set-upstream master origin/master failed with exit code 128, output: fatal: the '--set-upstream' option is no longer supported. Please use '--track' or '--set-upstream-to' instead. ERROR: PACKAGE do_unpack: Function failed: base_do_unpack (Bitbake rev: 62a53e9dbb6dc7489e44c32340b0caddd4596f0a) Signed-off-by: Andre Rosa Signed-off-by: Martin Jansa Signed-off-by: Richard Purdie (cherry picked from commit 2ab50074c1a6c56a8a178755de108447d7b7acaf) Signed-off-by: Javier Viguera Signed-off-by: Richard Purdie

wpa_supplicant: fix WPA2 key replay security bug

2017-10-16T22:47:12+00:00

WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. (From OE-Core rev: bfa04fa71c47e8fe9528208848cfcec2e232777d) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

bitbake: lib/bs4: Fix imports from html5lib >= 0.9999999/1.0b8

2017-09-04T16:51:16+00:00

As of html5lib 0.9999999/1.0b8 (released on July 14, 2016), some modules have moved from _base to base. Handle this, while staying compatible with earlier versions. (Bitbake rev: a37d0f0247c9174fec124789b7a07c792193d909) Signed-off-by: Daniel Lublin Signed-off-by: Richard Purdie

libgcrypt: fix CVE-2017-9526

2017-07-19T14:13:47+00:00

In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. (From OE-Core rev: fb28c54347fcf4957b9b8ee7dee423d859eb7820) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

libgcrypt: fix CVE-2017-7526

2017-07-19T14:13:46+00:00

Fixes CVE-2017-7526, 'flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster"'. (From OE-Core rev: 1a713fb654a31a6dd218dc1b5b810e2b380ecbb1) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

initrdscripts/init-install*: Add rootwait when installing to USB devices

2017-06-27T22:41:01+00:00

It can take a bit for USB devices to be detected, so if a USB device is your rootfs and you don't set rootwait you will most likely get a kernel panic. Fix this by adding rootwait to the kernel command line on installation. Fixes [YOCTO #9462]. (From OE-Core rev: 7f26cee3d8e4b2e9240b30c21be9fa7661186ccd) Signed-off-by: California Sullivan Signed-off-by: Ross Burton Signed-off-by: Richard Purdie

bitbake: siggen: Make calc_taskhash match get_taskhash for file checksums

2017-06-27T12:46:39+00:00

The code in these two functions is meant to be equivlanet in behaviour but isn't. Add in code to ensure files that don't exist are handled consistently by both functions. Users did report being able to generate tracebacks otherwise. (Bitbake rev: 51e913e178a02bb603ddf874669e3ce54f90bd5d) Signed-off-by: Richard Purdie

package_ipk: Clean up Source entry in ipk packages

2017-06-16T09:21:12+00:00

There is the potential for sensitive information to leak through the urls there and removing it brings this into the behavior of the other package backends since filtering it is likely error prone. Since ipks don't appear to be generated at all if we don't set this, set the field to the recipe name used (basename only, no paths). This avoids information leaking. We may want to drop the field if opkg can allow that at a future point but the recipe name is a suitable identifier for now. Reported-by: Andrej Valek (From OE-Core rev: 1aa51cfb4b8d10f478b1a6a68c69a3e35342b1c0) Signed-off-by: Richard Purdie

documentation: Updated all manual revision tables to June, 2017

2017-06-14T09:19:50+00:00

The release was pushed from May to June for 2.1.3 (krogoth). Updated all manual revision tables. (From yocto-docs rev: 5ec75c194147fecf0bda8095e430cdd8e6f34b6b) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie

oeqa/selftest/recipetool: actually fix create_github test

2017-06-07T14:59:03+00:00

The Meson revision was locked down but the license list change wasn't actually committed... Also specify the exact path for recipetool to write to, for clarity. (From OE-Core rev: cbd6a2de4d8bda44f1d53956acc49a4bef810e95) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie