| Age | Commit message (Collapse) | Author | Files |
|---|
|
Backport patch to fix CVE-2016-6185 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7
(From OE-Core rev: 81e550d0c23c9842b85207cdfa73bbe9102e01fb)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Substitute /usr/local with ${bindir}
(From OE-Core rev: bc372d65bc395290e1b7132908a3b943e1b73144)
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
pre-5.25.0 perl by default tries to link to an antiquated libnm (new
math) which is not used anymore since the early 1990's. After 2014
another libnm appeared for NetworkManager causing build failures.
(From OE-Core rev: 97d2ba227044571408151f84cfe611e1a72dd816)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2016-2381 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
(From OE-Core rev: 07ca8a0131f43e9cc2f720e1cdbcb7ba7c074886)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Several ExtUtils-MakeMaker tests fail when cross-compiled and run on
the target machine. Backport an upstream patch to fix the issues. Also
update the customized.dat hash file for the files modified by this patch
and other existing patches so the porting/customized.t test passes.
[YOCTO #8656]
(From OE-Core rev: bf1160a62d758b0148856482cb7b3f6fed63a0c2)
Signed-off-by: Bill Randle <william.c.randle@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add libssp to the list of dependencies when building with perl-ptest
as some tests require it.
[YOCTO #8656]
(From OE-Core rev: 9ea1d6474c5cd3546d1cad7c0f02a1ee8b3c76bb)
Signed-off-by: Bill Randle <william.c.randle@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
During the upgrade from Perl 5.22.0 to 5.22.1 in commit
f4c9908eae1ae3dcc38877abe2d5fbeb46851dd4 the config.sh file was hand edited
to change the subversion numbers. However, the edit was not entirely
correct. As a result the Perl version test failed. Set the correct
version strings.
[YOCTO #8656]
(From OE-Core rev: 6e06fec1ca71979e361d8a6e35ef4ec442e71881)
Signed-off-by: Bill Randle <william.c.randle@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
affects qemu < 2.7.0-rc0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects Qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects util-linux < 2.28.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
The upgrade addresses CVE-2016-3116:
- Validate X11 forwarding input. Could allow bypass of
authorized_keys command= restrictions,
found by github.com/tintinweb.
Thanks for Damien Miller for a patch. CVE-2016-3116
References:
https://matt.ucc.asn.au/dropbear/CHANGES
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3116
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
affects wget < 1.18.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
openssh < 7.2p2
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
openssh < 7.3
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects openssh < 7.3
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
When building busybox, an occasional error was observed.
The error is consistently the same:
libbb/appletlib.c:164:13: error: 'NUM_APPLETS' undeclared (first use in this function)
while (i < NUM_APPLETS) {
The reason is the include file where NUM_APPLETS is defined is not yet generated (or is being modified)
at the time libbb/appletlib.c is compiled.
The attached patchset fixes the problem by assuring libb is compiled as the last directory.
[YOCTO#10116]
(From OE-Core rev: a866a05e2c7d090a77aa6e95339c93e3592703a6)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It is a busybox upstream known bug. When the busybox sed sub-command 'n'
hit the files EOF, it print an extra character that have been printed, but
the GNU sed would not print it.
In busybox source code ../editors/sed.c
------------------------------------------------------------------------
case 'n':
if (!G.be_quiet)
sed_puts(pattern_space, last_gets_char);
if (next_line) {
free(pattern_space);
pattern_space = next_line;
last_gets_char = next_gets_char;
next_line = get_next_line(&next_gets_char, &last_puts_char, last_gets_char);
substituted = 0;
linenum++;
break;
}
/* fall through */
/* Quit. End of script, end of input. */
case 'q':
/* Exit the outer while loop */
free(next_line);
next_line = NULL;
goto discard_commands;
------------------------------------------------------------------------
when read at the end of the file, the 'next_line' is null, it would go
"case 'q'" and goto discard_commands, the discard_commands would print
the old pattern space which have been printed.
So in order to comply with GNU sed, in case 'n', when the next_line is null
I add "else" at the end of the second "if": "goto again;" and send it to
the busybox upstream, the busybox maintainer adopt it and make a little
changes to the patch, we can see it at:
His reply:
http://lists.busybox.net/pipermail/busybox/2016-September/084613.html
The new patch on busybox master branch:
https://git.busybox.net/busybox/commit/?id=76d72376e0244a5cafd4880cdc623e37d86a75e4
(From OE-Core rev: 5a680c267454d7c135c4bfe4e551a780f38a5087)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
version 5.4.1 of rpm was not properly distclean before release, which
causes problems when cross-compiling.
The previous version this recipe called make distclean, but that would
trigger a call to ./configure which would fail when no gcc is
available and make the whole do_configure fail further down the line
This patch manually removes the files from the recipe.
(From OE-Core rev: 6c9f61233f64356291a0c42761a833f3b151114c)
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
We need to call rpmcliInit to ensure the rpm relocation code is called.
when we allow rpm2cpio to be relocatable, The adjusted path used to find
the macro files was being built into the binary and this path was valid
for the machine it was built on and some of our other build machines,
but invalid on some others, and was not being properly overridden at
runtime.
when we export the wrsdk and source the sdk, then execute rpm2cpio xxx.rpm|cpio -t.
we will get the following error :
"rpm-5.4.14/rpmdb/dbconfig.c:493:
db3New: Assertion `dbOpts != ((void *)0) && *dbOpts != '\0'' failed.
(From OE-Core rev: aea2bf5c8101ac0bb27776a5614be345835c4a03)
Signed-off-by: Zhixiong Chi <Zhixiong.Chi@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
OE-core uses rpm's --nosignature, but it never worked:
self._invoke_smart('config --set rpm-check-signatures=false')
Now fix it with:
* Define SUPPORT_NOSIGNATURES to 1 in system.h
* !QVA_ISSET(qva->qva_flags, SIGNATURE) -> QVA_ISSET(qva->qva_flags, SIGNATURE),
otherwise, when use --nosignature would read database and verify
signature, this is not expected.
This can fix some race issues, for example, when more than one process
are querying rpm file with "rpm -qp --nosignature", they may hang up
because of race issues (the processes are trying to get RW/RD lock on
the database, but they shouldn't read the database at all since -qp and
--nosignature are used).
(From OE-Core rev: 038c09d6ab9581030efdc16aa1b96972970eeaab)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Use md5 sum instead of mtime as the "digest" method for rpm_sys channel.
The digest is used to determine if the channel has been updated. It was
found out that mtime was not a reliable digest. On some systems mtime
of the rpm db does not get updated after every transaction if transactions
(smart install / remove commands) are fired in quick succession. As a
consequence smartpm cache and rpm db get out of sync.
[YOCTO #10244]
(From OE-Core rev: e7267b4e78461e71a1175f93e2eb5e90272c2b47)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This will add a patch to debug random errors seen in the
autobuilders, it won't solve the errors, but will give us
a better idea of what is happening.
[YOCTO #8383]
(From OE-Core rev: c52a7e910a3a52a7455a2409d9ade449bbbd66d4)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
RPMv5 has removed support for _RPMVSF_NOSIGNATURES,
the flag can be replaced with a flags set:
"RPMVSF_NODSAHEADER|RPMVSF_NORSAHEADER|RPMVSF_NODSA
RPMVSF_NORSA"
(From OE-Core rev: 5c0c1b8a64643ad7130b17b5dfce9cecffa6d962)
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: fa2ca7660e8f3279736624aa2493b4ca952ae466)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
musl doesn't like lazy loading that xorg uses, therefore
load the needed modules explicitly
[YOCTO #10169]
(From OE-Core rev: e279c9a30f0df400b06a47a487967a734854714b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
QEMU usermode doesn't support n32 binaries, erroring with "Invalid
ELF image for this architecture".
(From OE-Core rev: 66aa39a959bd41f7063fe64a9225eb9fd6c3293b)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
-nativesdk recipes
It is not necessary for those targets, adds to the build time, and pulls
in the unneeded qemu-native dependency.
(From OE-Core rev: be18364edd5cd2c664f68120063a1e147563faab)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CMake wants a relative path for CMAKE_INSTALL_*DIR, an absolute path
breaks cross-compilation. This fact is documented in the following
ticket: https://cmake.org/Bug/view.php?id=14367
$sysconfdir and $localstatedir are not relative to $prefix, so they are
still set as absolute paths. With his change ${PROJECT}Targets.cmake
that are generated by cmakes "export" function will contain relative
paths instead of absolute ones.
(From OE-Core rev: c03b32bd71dbe04f2f239556fea0b53215e403d7)
Signed-off-by: Thomas Witt <Thomas.Witt@bmw.de>
Signed-off-by: Clemens Lang <clemens.lang@bmw-carit.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Now, useradd dollar sign requires three prepending backslash characters to
avoid unintended expansion. It used to be just one prepending backslash
character before Krogoth. Restore that behaviour.
[YOCTO #10062]
(From OE-Core rev: 9e43a73c7ad576666d53c8c9e0283bc6bb9087a8)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affected versions:
Affected versions: libcurl 7.19.6 to and including 7.50.1
Not affected versions: libcurl >= 7.50.2
Reference to upstream patch:
https://curl.haxx.se/CVE-2016-7141.patch
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes race condition when checking digests in sudoers.
Reference:
http://seclists.org/oss-sec/2015/q4/327
Reference to upstream fixes:
https://www.sudo.ws/repos/sudo/raw-rev/397722cdd7ec
https://www.sudo.ws/repos/sudo/raw-rev/0cd3cc8fa195
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Libraries needing versioned symbols, for example mysql, are not
supported by current version of binutils in krogoth.
When mysql library from MariaDB is compiled with the current
version of binutils we encounter errors at runtime as seen
below where php linked to mysql tries to run:
php: relocation error: php: symbol mysql_server_init, version
libmysqlclient_16 not defined in file libmysqlclient.so.18
with link time reference
Above error appears even though symbols exist in library:
245: 000000000001ecc0 0 FUNC GLOBAL DEFAULT 13 mysql_server_init@@libmysqlclient_16
279: 000000000001ecc0 297 FUNC GLOBAL DEFAULT 13 mysql_server_init@@libmysqlclient_18
The problem results from a bug in binutils that has already been
fixed upstream as well as on the 2.26 and 2.27 branches. We advance
the SRCREV on the 2.26 branch used in krogoth release to pick up the fix.
Details about bug: https://sourceware.org/bugzilla/show_bug.cgi?id=19698
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Make sure that we have a pristine source tree after do_unpack.
[YOCTO #9064]
(From OE-Core rev: eccae514b71394ffaed8fc45dea7942152a334a1)
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
In the case of using an external toolchain that supports multilib
compilation with a single binary, TARGET_PREFIX is the same for both main
and multilib abis. Without READELF exported, python3 assumes it is
either the readelf for ${BUILD_SYS}-readelf. Exporting cross readelf
fixes the build issue.
checking LDLIBRARY... libpython$(LDVERSION).so
checking for i586-montavistamllib32-linux-ranlib...
x86_64-montavista-linux-ranlib
checking for i586-montavistamllib32-linux-ar...
x86_64-montavista-linux-ar
checking for i586-montavistamllib32-linux-readelf... no
checking for readelf... readelf
configure: WARNING: using cross tools not prefixed with host triplet
(From OE-Core rev: 3442ee423813d547be7899a25ea31efe719e662f)
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
newval is not defined in all cases. Set to None and check if it is set.
File
"/local/foo/builds/x86/layers/openembedded-core/meta/classes/multilib_global.bbclass",
line 90, in preferred_ml_updates(d=<bb.data_smart.DataSmart object at
0xf6fd528c>):
if not d.getVar(newname, False):
> d.setVar(newname, localdata.expand(newval))
# Avoid future variable key expansion
UnboundLocalError: local variable 'newval' referenced before assignment
(From OE-Core rev: 25ebd3bbc1f9f4b1b6147d98dd43690c3bf03ee7)
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
These tasks relied upon [dirs] being ${B} by default. As the functions are not
simple, add back [dirs] so they work again.
[ YOCTO #10027 ]
(From OE-Core rev: 614d976ee97d6386c37afb54add5b83741ca401e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CFLAGS/CXXFLAGS in the SDK environment script adds debug-prefix mappings
that include staging area/work directories. Remove them since the SDK
shouldn't be aware of them.
(From OE-Core rev: 7918e73e9c5fe8c8c1c1d341eaa42f2f7d3ddb69)
Signed-off-by: Jacob Kroon <jacob.kroon@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
intl is used in gdb as well and we run the configure for
it when running do compile. So we need to insert these
caching of variables to extra oe_make
(From OE-Core rev: 60de4d6c717c6a5131b02de29234d53a6ca1b993)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
booting
When live booting, we need to make sure the running udev processes are killed
to avoid unexepected behavior, we do this just before switching root,
once we do, a new udev process will be spawned from init and will take care
of whatever work was still missing
[YOCTO #9520]
(From OE-Core rev: e88d9e56952414e6214804f9b450c7106d04318d)
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
If the path to "ROOT_SYSCONFDIR /mke2fs.conf" has a permission denied problem,
then the get_dirlist() call will return EACCES. But the code in profile_init
will treat that as a fatal error and all executions will fail with:
Couldn't init profile successfully (error: 13).
But the problem should not really be visible for the target package as the path
then will be "/etc/mke2fs.conf", and it is not likely that a user have no
permission to read /etc.
(From OE-Core rev: 9d7c32a88e0670a09e5e1097ff8bca58e9a7943f)
Fixup bb for Krogoth.
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323
http://bugzilla.maptools.org/show_bug.cgi?id=2559
Patch from:
https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31
(From OE-Core rev: 4ad1220e0a7f9ca9096860f4f9ae7017b36e29e4)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321
http://bugzilla.maptools.org/show_bug.cgi?id=2558
Patch from:
https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0
(From OE-Core rev: 4a167cfb6ad79bbe2a2ff7f7b43c4a162ca42a4d)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2016-3186 libtiff: buffer overflow in the readextension function in
gif2tiff.c allows remote attackers to cause a denial of service via a
crafted GIF file
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186
https://bugzilla.redhat.com/show_bug.cgi?id=1319503
Patch from:
https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff
(From OE-Core rev: 3d818fc862b1d85252443fefa2222262542a10ae)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()
External Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8784
(From OE-Core rev: 36097da9679ab2ce3c4044cd8ed64e5577e3f63e)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2015-8781 libtiff: out-of-bounds writes for invalid images
External Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8781
(From OE-Core rev: 9e97ff5582fab9f157ecd970c7c3559265210131)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
We're seeing regular parallel make failures in applet headers in busybox.
This adds a patch to try and avoid the issue, building upon a fix already
backported from upstream. The patch has been sent to upstream.
[YOCTO #10116]
(From OE-Core rev: 199cef0e8a50b20d0ee6fefd1d4cf3372eba7728)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
