linux/poky.git/meta/recipes-core, branch yocto-2.2.1 Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-2.2.1 2017-02-08T12:00:36+00:00 build-appliance-image: Update to morty head revision 2017-02-08T12:00:36+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-02-08T12:00:29+00:00 urn:sha1:6a1f33cc40bfac33cf030fe41e1a8efd1e5fad6f (From OE-Core rev: 55c835c73cc41b6fc809c941c295d62a612e49e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> zlib: update SRC_URI to fix fetching 2017-01-12T17:52:04+00:00 Joshua Lock joshua.g.lock@intel.com 2017-01-05T16:34:23+00:00 urn:sha1:e0b862b68c20922c6ee05039de87555eeb88351a Upstream have removed the file from zlib.net as a new version has been released, switch to fetching from the official sourceforge mirror. [YOCTO #10879] (From OE-Core rev: bb99e4a620efd59556539c156cd98ea23aae74c8) (From OE-Core rev: b7599330f1d629384e16a5fbeffc1a65c1555667) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> build-appliance-image: Update to morty head revision 2017-01-11T17:26:52+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2017-01-11T17:26:48+00:00 urn:sha1:4b8ddc432273cca1d8580de22c2078b96973a737 (From OE-Core rev: ae3513b8e752d0dc1757fbfc681f644a3f2855b0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: Fix more NULL pointer derefs 2017-01-11T17:21:46+00:00 Andrej Valek andrej.valek@siemens.com 2016-12-12T13:20:21+00:00 urn:sha1:c8f4fb15de070b7462eee66a5e0e0b63b704046b The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. (From OE-Core rev: 8f3008114d5000a0865f50833db7c3a3f9808601) (From OE-Core rev: 401d552f9e4ed3341e42864e566dddb2b26019dc) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges 2017-01-11T17:21:46+00:00 Andrej Valek andrej.valek@siemens.com 2016-12-12T13:20:20+00:00 urn:sha1:359189b6e6e5307156b08f0b7922a79e6acea1e2 Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. (From OE-Core rev: 00e928bd1c2aed9caeaf9e411743805d2139a023) (From OE-Core rev: cf810d5cc17cb6b9f53d21a404c89afe372accb7) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: Necessary changes before fixing CVE-2016-5131 2017-01-11T17:21:46+00:00 Andrej Valek andrej.valek@siemens.com 2016-12-12T13:20:19+00:00 urn:sha1:5ba779d5abdbb8707ec6b346c76b798a6cd0d98f xpath: - Check for errors after evaluating first operand. - Add sanity check for empty stack. - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes (From OE-Core rev: 96ef568f75dded56a2123b63dcc8b443f796afe0) (From OE-Core rev: 68b0f3a0bf8dfdf49be4aed1745a7f50662c555d) Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Pascal Bach <pascal.bach@siemens.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> glibc: Enable backtrace from abort on ARM 2017-01-11T17:21:45+00:00 Yuanjie Huang yuanjie.huang@windriver.com 2016-12-09T17:49:34+00:00 urn:sha1:80d90725f52a89da76fa35ef5fe058e2209e327b ARM stack frames for abort and raise were limited to the the actual abort and raise call, such as: Obtained 4 stack frames. ./test-app(print_trace+0x1c) [0x10a08] ./test-app() [0x10b3c] /lib/libc.so.6(__default_sa_restorer+0) [0x4adae1e0] /lib/libc.so.6(gsignal+0xa0) [0x4adacf74] This is not terribly useful when trying to figure out what function may have called called the abort, especially when using pthreads. After the change the trace would now look like: Obtained 8 stack frames. ./test-app(print_trace+0x1c) [0x10a08] ./test-app() [0x10b3c] /lib/libc.so.6(__default_sa_restorer+0) [0x4befe1e0] /lib/libc.so.6(gsignal+0xa0) [0x4befcf74] /lib/libc.so.6(abort+0x134) [0x4befe358] ./test-app(dummy_function+0x50) [0x10adc] ./test-app(main+0xd4) [0x10c24] /lib/libc.so.6(__libc_start_main+0x114) [0x4bee7a58] (From OE-Core rev: 93bf8713d8e13c278543baea94fb8dad0cb80e49) (From OE-Core rev: b0e6a6048fa09dceac78bf8c46d484690ff5b098) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> libxml2: Security fix CVE-2016-5131 2017-01-11T17:21:43+00:00 Yi Zhao yi.zhao@windriver.com 2016-11-28T09:55:40+00:00 urn:sha1:40734384918a730ed684ecada93f00f3bca6c47f CVE-2016-5131 libxml2: Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5131 Patch from: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e (From OE-Core rev: 640bd2b98ff33e49b42f1087650ebe20d92259a4) (From OE-Core rev: 1e284447b9bf42e1fd6080f5a50fe01c8267a4e6) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> util-linux: add su.1 to update-alternatives 2016-11-16T10:37:57+00:00 Ross Burton ross.burton@intel.com 2016-11-01T14:50:35+00:00 urn:sha1:54e8fa5060814603fce2aa80f611edee4ee095f8 The su binary is handled by alternatives but the man page wasn't, so installing both util-linux-doc and shadow-doc produces errors. Also use d.expand() to neaten the code. (From OE-Core rev: 70a161ee88d3d54fec6d59039c181b43f1857dc3) (From OE-Core rev: bec07530536c36b2ab2a7818a9ffc475faba27ac) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> busybox/mdev.conf: Ignore eMMC RPMB and boot block devices 2016-11-16T10:37:57+00:00 Mike Looijmans mike.looijmans@topic.nl 2016-11-01T13:30:56+00:00 urn:sha1:9600da51e480b72c163ba6b87aea986cbb4fc9a9 eMMC devices may report block devices like "mmcblk0rpmb" and "mmcblk0boot0". These are not actually block devices and any read/write operation on them will fail. To prevent spamming error messages attempting to mount them, just ignore these devices. (From OE-Core rev: 9f4a85eb929f67420d9689d7dddadd120ed49843) (From OE-Core rev: 50d97edaeb18a4c6374101d222410a3b0f344bf2) Signed-off-by: Mike Looijmans <mike.looijmans@topic.nl> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>