Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=yocto-3.0.3 2020-03-30T16:41:56+00:00 2020-03-30T16:41:56+00:00 Anuj Mittal anuj.mittal@intel.com 2020-03-20T00:54:31+00:00 urn:sha1:bf506f4eba1b7766ffc38656f3107a130a427152 (From OE-Core rev: 6d79a4d7545bc78ac759e575f6d15d7b23fad638) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-03-19T09:57:51+00:00 Wenlin Kang wenlin.kang@windriver.com 2020-03-14T12:19:23+00:00 urn:sha1:9542f3282e9b25aaa97c24715a35c47923a07ecb Fix CVE-2020-9308 (From OE-Core rev: 878817358eb7c25ffa48d10dde9475299674a96c) Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-02-19T18:53:19+00:00 Anuj Mittal anuj.mittal@intel.com 2020-02-19T02:45:57+00:00 urn:sha1:5e1f52edb7a9f790fb6cb5d96502f3690267c1b1 This reverts commit 09e695246d30ef9b73e743e0130e710e19793d14. This isn't a Backport as indicated in patch and not all the changes in this change are relevant to the CVE. Revert and wait for the fix to be available upstream. (From OE-Core rev: f39285bb82e68945a81034b84da09ca1078d6719) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-02-11T23:05:13+00:00 Ross Burton ross.burton@intel.com 2020-02-07T14:29:28+00:00 urn:sha1:5737722432ce26d961c3fb556651056aedb34526 sudo uses AC_PATH_PROG to find target paths, which means at best potential host-contamination (and reproducible issues) and at worst it thinks sh is at /your/build/path/hosttools/sh. Solve this by explicitly passing the correct paths to configure. (From OE-Core rev: 61650dd8498a093f3bfa93202c9cd2e9a7fb7834) (From OE-Core rev: 6e809474ab686fba6924d8b46fd0b9eab5c66c06) (From OE-Core rev: 232430bdee74bb266ded6ccf2fb3842caad06181) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-02-11T23:05:13+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-02-06T23:34:46+00:00 urn:sha1:b7138f18b616b27ee7c4850f2ee09a76a56415dd The suid/setcap code depends on whether setcap is on the host system or not with suid as a fallback. Disable this functionality to be deterministic. (From OE-Core rev: 8b00ec484fb851c301f13145e17707c0167feab1) (From OE-Core rev: 3997c47dea49d583fd48cb03f83c007f61d2cb35) (From OE-Core rev: 46f9c48dc11928ace672e9a3dea7c01d29cf3f04) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-02-11T23:05:12+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-02-05T15:55:16+00:00 urn:sha1:d3d7b1b2d01f1e66dbaeddfa1652de72adcaa2ad The previous tweak for reproducibility didn't handle the duplicate whitepace left behind, fix this. [YOCTO #13771] (From OE-Core rev: 0392fcbdc85180581ce7392212808ebb822cc2e8) (From OE-Core rev: ca213de432d8d9d715ef09e17cea2aa1e6666e91) (From OE-Core rev: 77be3238269de636199f9e1e40133711b7440cb4) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-02-11T23:05:12+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-02-05T15:37:19+00:00 urn:sha1:e91261050ea0e81eed84698e020bc492ed0030ca rsh is insecure and obsolete but tar will enable support if the binary is on the host system. Some systems point it at ssh. Lets explictly disable it for now unless someone actually needs/uses this at which point it could become a packageconfig. (From OE-Core rev: d14a4b0db92a9a7d1ff72a2e0faca7f1a23a0b68) (From OE-Core rev: 6bdc5f787af46e9c849947cad06ad40aa401b767) (From OE-Core rev: af4a284bb6fbfd8b58d10d4a5f0f10297c949912) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-02-11T23:05:12+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-02-04T18:12:15+00:00 urn:sha1:96114090ea7b5675c44d98a392b95cfbaf9e9b43 The man page date can vary depending upon the host perl, e.g. in Russian some versions print 'июня', others 'Июнь' or Polish 'czerwca' or 'czerwiec'. Rather than depend upon perl-native to fix this, just remove the date from the manpages. (From OE-Core rev: 5553c20f9fa4f35bf711b6b9d5717dcf4bfefafa) (From OE-Core rev: 3653fd41fbc28f70259a00bb0098ec8731526449) (From OE-Core rev: feaf05c39ffecd7a9fd8bd81fc1872ce26b7801e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-02-11T23:05:12+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-02-04T13:59:26+00:00 urn:sha1:7688cd8a2f162c250a91806ef40ffcdcba4f2213 This value was floating causing differences in generated files. Set it determinstically. (From OE-Core rev: 11d7a9e37c1d3fc21396a98fefc9d34c0b9e784b) (From OE-Core rev: 8f77075425e2ef9c3b5adbf8e5b29e7cfd7b9b7a) (From OE-Core rev: 60cdd912b565207b9f236116d8832719cfa9ccfd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-02-11T23:05:12+00:00 Joshua Watt jpewhacker@gmail.com 2019-11-13T04:10:31+00:00 urn:sha1:8c224dd6b09a9f81985ee87da61d5627a22b1060 Fixes some issues with reproducible builds. Adds a patch to allow the configure arguments to be omitted from the build and also explicitly setting some autoconf paths that were picking up hosttools. (From OE-Core rev: f54d60ee8f15229aa515e168b9c7d248663b48fe) (From OE-Core rev: 164d72b7a6ab20940f9a124beaf485be9ddc07ba) (From OE-Core rev: 055766f135b4373264827c5b33c8c385b1ff4748) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>