Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=pyro-enea 2018-05-07T14:57:44+00:00 2018-05-07T14:57:44+00:00 Armin Kuster akuster808@gmail.com 2018-05-03T16:00:59+00:00 urn:sha1:90068771dd6fbd0f90a133b9c1c95c71d7cf035f The dot releases are maint only. 2.4.4 included: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir 2.4.3 includes: CVE-2017-17405: Command injection vulnerability in Net::FTP (From OE-Core rev: ce12ff394281a42448d92109568db33739b2b542) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-07T14:57:44+00:00 Andre McCurdy armccurdy@gmail.com 2018-01-22T23:38:06+00:00 urn:sha1:da6716b70c07fe0432116d626d9f4340609b9ed5 (From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761) (From OE-Core rev: a9b55cbec9f5ff11f92f50c529049e83ac898043) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-07T14:57:44+00:00 Ross Burton ross.burton@intel.com 2017-11-01T09:57:53+00:00 urn:sha1:f24ffeefb1b7a40366313b0895ed08beb8cc1ed3 The dbm module uses gdbm by default which is also a build dependency. (From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9) (From OE-Core rev: 20d9821e9131c3d715ed629ad38eed802f737056) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-07T14:57:44+00:00 Leonardo Sandoval leonardo.sandoval.gonzalez@linux.intel.com 2017-10-12T18:35:23+00:00 urn:sha1:82528b2f84f2d519bb670ee12fa16257192e6fe9 The CVE-2017-14064 patch is already at 2.4.2 as explained on project's commit, so removing from the recipe & repo. commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153 Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Wed Apr 12 00:21:18 2017 +0000 Merge json-2.0.4. * https://github.com/flori/json/releases/tag/v2.0.4 * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e (From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438) (From OE-Core rev: 4562790471c7e3f3e393cd3e8b77d28ed4196452) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for pyro context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-07T14:57:44+00:00 Leonardo Sandoval leonardo.sandoval.gonzalez@linux.intel.com 2017-05-22T18:47:01+00:00 urn:sha1:5c9e4bbba7c5f604b366815ad5f776c2d6c17b06 (From OE-Core rev: 3ff2d0bc7a8e7a7e8c8e953dc0ccf84d891688ef) (From OE-Core rev: b102521a146197749dc1493307f222cbf0292921) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for pyro context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-07T14:57:43+00:00 Daniel Díaz daniel.diaz@linaro.org 2018-04-12T22:55:08+00:00 urn:sha1:76ffc6b7e5ff6f2bab6e53bb07f52a25fcb81ac9 This error can appear in gdb/nat/linux-ptrace.c because of the order in which some headers are processed: | In file included from ../../gdb-7.11.1/gdb/nat/linux-ptrace.c:20:0: | ../../gdb-7.11.1/gdb/nat/linux-ptrace.h:175:22: error: expected identifier before numeric constant | # define TRAP_HWBKPT 4 | ^ | Makefile:2357: recipe for target 'linux-ptrace.o' failed | make[2]: *** [linux-ptrace.o] Error 1 | make[2]: *** Waiting for unfinished jobs.... | make[2]: Leaving directory '/oe/build/tmp-rpb-glibc/work/aarch64-linaro-linux/gdb/7.11.1-r0/build-aarch64-linaro-linux/gdb' | Makefile:8822: recipe for target 'all-gdb' failed | make[1]: *** [all-gdb] Error 2 | make[1]: Leaving directory '/oe/build/tmp-rpb-glibc/work/aarch64-linaro-linux/gdb/7.11.1-r0/build-aarch64-linaro-linux' | Makefile:846: recipe for target 'all' failed | make: *** [all] Error 2 A patch from GDB's current master solves the issue. (From OE-Core rev: 4aaf747099714ec11158571527396ed9e818729e) (From OE-Core rev: 463e512a027966123ec113b7507eb5e55a19b072) Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-05T15:26:20+00:00 Armin Kuster akuster@mvista.com 2018-03-23T04:57:20+00:00 urn:sha1:f3e674cb654d4dab3e4ba5b2ae1fac72ef8363da ERROR: distcc-3.2-r0 do_fetch: Fetcher failure: Unable to find revision d8b18df3e9dcbe4f092bed565835d3975e99432c in branch 3.2 even from upstream ERROR: distcc-3.2-r0 do_fetch: Fetcher failure for URL: 'git://github.com/distcc/distcc.git;branch=3.2'. Unable to fetch URL from any source. ERROR: distcc-3.2-r0 do_fetch: Function failed: base_do_fetch [v2] upstream deleted the branch and the hash no longer exists. Took the git snapshot from yocto and created a copy on my github. There was no offical 3.2 release, only rc versions. (From OE-Core rev: f8cc08fc7db26241d996ac710484d559eff5f9c0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-05T15:26:19+00:00 Tanu Kaskinen tanuk@iki.fi 2018-03-21T17:08:38+00:00 urn:sha1:4a6c358a6f4a576beaffd21fd97cb310942f3307 glibc 2.27 added function copy_file_range(), and e2fsprogs happens to have a different function with the same name. The conflict made e2fsprogs-native build fail. Here's a backport of a fix from upstream, the fix was released in e2fsprogs 1.43.8. The master branch doesn't need this fix, since it has new enough e2fsprogs version. At least rocko, pyro and morty need this, I haven't checked older stable branches. Apparently the problematic function was introduced in e2fsprogs version 1.43. (From OE-Core rev: 350f2a4ad6e21acf1d357a90ba37b2c149ec7864) Signed-off-by: Tanu Kaskinen <tanuk@iki.fi> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-04-05T15:26:19+00:00 Ross Burton ross.burton@intel.com 2018-03-19T15:59:32+00:00 urn:sha1:3b3642cf5c71ddae4184634eb385b0484ae37c6b glibc 2.27 has added memfd_create() but this conflicts with a copy in qemu, so take a patch from upstream to fix building with glibc 2.27. (From OE-Core rev: 8e6672055e804a0828e2f51fae9cbac81e4e834d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-03-15T22:47:53+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2018-03-12T22:23:53+00:00 urn:sha1:46a64a5b05694e649d5333a98ff34641f3b7a5c1 (From OE-Core rev: 2b0617e1e416bd6cd1ec75e55e46c4f699785452) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>