Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=morty-next 2018-04-04T10:06:56+00:00 2018-04-04T10:06:56+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2018-04-04T09:33:30+00:00 urn:sha1:3ffb69b489da5416dbabb0a45c6e2e7d63ab1ed0 Otherwise it may pop up windows asking for passphrases which breaks automated testing. Newer YP releases and master already have the fix. [YOCTO #12521] (From OE-Core rev: 5a4b4c0350c724ef4ecc01246133e2b816d8976f) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:56+00:00 Ross Burton ross.burton@intel.com 2018-04-04T09:33:31+00:00 urn:sha1:7eb4e0147316f7bdc773d85bfc9978aaf8cc4be9 glibc 2.27 has added memfd_create() but this conflicts with a copy in qemu, so take a patch from upstream to fix building with glibc 2.27. (From OE-Core rev: 1efb8527691b59c62709bb2788f4fcf6452e267d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:56+00:00 Tanu Kaskinen tanuk@iki.fi 2018-03-31T05:24:28+00:00 urn:sha1:6e9e5dddb1288b5af1bf5e443c859ddf8f38772b Prevent out-of-bounds write in codebook decoding. The bug could allow code execution from a specially crafted Ogg Vorbis file. References: https://www.debian.org/security/2018/dsa-4140 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146 (From OE-Core rev: 7d5d262c03745e5c61e1e9c84f108d842d16e5ec) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:56+00:00 Tanu Kaskinen tanuk@iki.fi 2018-03-31T05:24:27+00:00 urn:sha1:272ceafc81d4b1828fb7eb2df82321317ab5beea Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632 (From OE-Core rev: 6dcd8bdd5ffebafec5bbb811243f4dbf3a7038b8) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:56+00:00 Tanu Kaskinen tanuk@iki.fi 2018-03-31T05:24:26+00:00 urn:sha1:7cb8bf848e77f24507e7bf212f20992ddd0c8f69 In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis(). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633 (From OE-Core rev: f398fb04549577922e6265c0969c6d6c35a11e7c) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:56+00:00 Ming Liu liu.ming50@gmail.com 2017-11-20T18:35:57+00:00 urn:sha1:74fcb98dc06172b3326dbceeb3cffc76a7b9a983 A flaw was found on my Ubuntu 14.04.5 LTS, on which that gnome-terminal is the default terminal, when I run any of the tasks: bitbake busybox -c menuconfig/devshell/devpyshell bitbake virtual/kernel -c menuconfig/devshell/devpyshell I got a error as follows: "Failed to execute child process "oe-gnome-terminal-phonehome" (No such file or directory)" Seems the environment of the process calling Popen is not passed to the child process, this behaviour is a known issue in Python bug tracker: http://bugs.python.org/issue8557 It could be fixed by using an absolute path instead per test. (From OE-Core rev: 640d098ef0dc6aec8780f951578163ed3e7df349) Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 2117c148ef07d84bc605768e3b3671b0126b9337) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:55+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2018-03-17T18:16:01+00:00 urn:sha1:ce16d68962c36869048145799f8e6008b5929b3c (From OE-Core rev: 0eb9efa3b1f3f850b51a743fdc82495614289c87) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:55+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2018-03-17T16:19:49+00:00 urn:sha1:b509670c3348b4e32ef205f7f29ea7c07a0e95bd (From OE-Core rev: 97556afe54c350b17493bf1c44f5fcc4de62e4f4) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:55+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2018-03-17T15:20:02+00:00 urn:sha1:03476d52cd389f0ad4ece62dd70cabb39ea0b524 (From OE-Core rev: e1faf9ac7e89d33aba33547ede19a10aaa034207) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-04T10:06:55+00:00 Ross Burton ross.burton@intel.com 2018-03-16T11:28:32+00:00 urn:sha1:677b00feeb6b127883daeed3bee04b0601326cb7 For some reason dnf is aborting with the fairly useless "failed to read RPMDB" error during SDK creation. Luckily as we're just deleting locale packages we can pass False to remove() to use RPM directly, which doesn't crash. (From OE-Core rev: e286be3a2203b403cefa00fcdb6f9d48e0584cf8) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>