linux/poky.git/meta/recipes-devtools/patch, branch yocto-2.4.4Mirror of git.yoctoproject.org/pokyhttps://git.enea.com/cgit/linux/poky.git/atom?h=yocto-2.4.42018-09-13T09:55:38+00:00patch: fix CVE-2018-69522018-09-13T09:55:38+00:00Hongxu Jiahongxu.jia@windriver.com2018-08-22T12:10:40+00:00urn:sha1:05711ba18587aaaf4a9c465a1dd4537f27ceda93
(From OE-Core rev: 1314a6953aa647706107557faaba8574e307d2bd)
(From OE-Core rev: 7d518d342eb67d25aa071fb08d03f06d6da576c6)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
patch: fix CVE-2018-10001562018-05-03T08:53:49+00:00Jackie Huangjackie.huang@windriver.com2018-04-11T06:56:10+00:00urn:sha1:95f831745cd5fe850fe374c34aaccb8a52b827c4
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156
* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566
* Fix arbitrary command execution in ed-style patches:
- src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
- tests/ed-style: New test case.
- tests/Makefile.am (TESTS): Add test case.
(From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270)
(From OE-Core rev: 413c54e0698589b17976e88fa7ab76e5dbac51aa)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
patch: fix CVE-2018-69512018-05-03T08:53:49+00:00Jackie Huangjackie.huang@windriver.com2018-04-11T06:56:09+00:00urn:sha1:4240011020ec5c294096084860f2c5cad9b08f8a
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951
* upstream tracking: http://savannah.gnu.org/bugs/?53132
* Fix segfault with mangled rename patch
- src/pch.c (intuit_diff_type): Ensure that two filenames are specified
for renames and copies (fix the existing check).
(From OE-Core rev: cdf74e1c67698b2d44a7460ff7d365d6da7b7b96)
(From OE-Core rev: e628af83e8d00ed3e3db318b323a9f5e48d35aae)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
patch:2.7.5 -> 2.7.62018-05-03T08:53:48+00:00Huang Qiyuhuangqy.fnst@cn.fujitsu.com2018-03-07T03:10:10+00:00urn:sha1:85eaada5ec4289ec85fd77aed8bbe7f07cd3f53d
Upgrade patch from 2.7.5 to 2.7.6.
(From OE-Core rev: e5dcd58e5b2ef0b8e2bbe90e9bb1cede4e76bf75)
(From OE-Core rev: 6ecaabfff944773a09096a9ce293842c7c00b3a1)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
recipes: Move out stale GPLv2 versions to a seperate layer2017-03-07T20:05:31+00:00Richard Purdierichard.purdie@linuxfoundation.org2017-03-02T12:04:08+00:00urn:sha1:2345af9b4829ed3eed5abf60f2483055649f8af7
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.
There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.
There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.
Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.
I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.
(From OE-Core rev: 19b7e950346fb1dde6505c45236eba6cd9b33b4b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
recipes: Make use of the new bb.utils.filter() function2017-03-01T11:17:45+00:00Peter Kjellerstedtpeter.kjellerstedt@axis.com2017-02-27T13:02:50+00:00urn:sha1:254bfb107134702d8d1e0bfbdd1b011212e8c291
(From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta: Fix Upstream-Status statements2015-09-12T22:01:53+00:00Ross Burtonross.burton@intel.com2015-09-10T18:59:47+00:00urn:sha1:1c914a844b35ff57b1c528251a9eaa19cedbaa10
Fix a variety of problems such as typos, bad punctuations, or incorrect
Upstream-Status values.
(From OE-Core rev: bd220fe6ce8c3a0805f13a14706d3130ea872604)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
recipes: Fix charset.alias for musl2015-04-21T06:20:25+00:00Khem Rajraj.khem@gmail.com2015-04-16T02:00:25+00:00urn:sha1:72830226190b828854e3d27720711f9c147bfe28
This is same gnulib fix replicated across needed recipes
Change-Id: I756713407111a726eae98e26c9c1ff64981371c0
(From OE-Core rev: fbe6d2c12aa9f7956bc87efeb68cb64b26b60c7a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
patch: 2.7.1 -> 2.7.52015-04-08T09:53:24+00:00Robert Yangliezhi.yang@windriver.com2015-04-07T11:24:24+00:00urn:sha1:2402fe82b69aea57b324733432ce1b2f2bbdbf69
* Removed backport patch patch-CVE-2015-1196.patch
* Add HOMEPAGE
(From OE-Core rev: c35135d5b99e852bc3ae718281c33925630a4cfb)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
patch: fix CVE-2015-11962015-03-31T21:23:11+00:00Robert Yangliezhi.yang@windriver.com2015-03-26T06:42:34+00:00urn:sha1:c35aba339aa3ecc0c7b15c8423e81a9c9bca037b
A directory traversal flaw was reported in patch:
References:
http://www.openwall.com/lists/oss-security/2015/01/18/6
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775227
https://bugzilla.redhat.com/show_bug.cgi?id=1182154
[YOCTO #7182]
(From OE-Core rev: 4c389880dc9c6221344f7aed221fe8356e8c2056)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>