| Age | Commit message (Collapse) | Author | Files |
|---|
|
Delete entries of removed packages.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Prevent out-of-bounds write in codebook decoding. The bug could allow
code execution from a specially crafted Ogg Vorbis file.
References:
https://www.debian.org/security/2018/dsa-4140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Debian and Fedora both carry this patch, and the xf86-video-modesetting
driver seems better on recent hardware.
As an example, on a NUC6CAYS, the x11perf -aa10text and -rgb10text tests
see around a 20x increase.
[YOCTO #12019]
[YOCTO #12390]
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix CVE-2017-99935, CVE-2017-18013, CVE-2018-5784
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9935
https://nvd.nist.gov/vuln/detail/CVE-2017-18013
https://nvd.nist.gov/vuln/detail/CVE-2018-5784
Patches from:
CVE-2017-9935:
https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
CVE-2017-18013:
https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
CVE-2018-5784:
https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade systemd-boot to 237.
As systemd has dropped autotools support, fix configure and compile
failures related to meson.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
Remove the 'fstack-protector' and 'fstack-protector-strong' flags
as a workaround to fix the following error when building for qemux86
and qemuppc with musl.
undefined reference to `__stack_chk_fail_local'
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
Upgrade systemd to 237.
Note that this version has dropped autotools support.
The following patches are rebased:
0004-Use-getenv-when-secure-versions-are-not-available.patch
0005-binfmt-Don-t-install-dependency-links-at-install-tim.patch
0007-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch
0015-Revert-udev-remove-userspace-firmware-loading-suppor.patch
0018-check-for-uchar.h-in-configure.patch
0019-socket-util-don-t-fail-if-libc-doesn-t-support-IDN.patch
0001-add-fallback-parse_printf_format-implementation.patch
0002-src-basic-missing.h-check-for-missing-strndupa.patch
0007-check-for-missing-canonicalize_file_name.patch
0008-Do-not-enable-nss-tests.patch
0010-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
0011-nss-mymachines-Build-conditionally-when-HAVE_MYHOSTN.patch
The following backported patches are dropped:
0001-core-evaluate-presets-after-generators-have-run-6526.patch
0001-main-skip-many-initialization-steps-when-running-in-.patch
0001-meson-update-header-file-to-detect-memfd_create.patch
0003-fileio-include-sys-mman.h.patch
The following patch is dropped as autotools support is dropped:
0002-configure.ac-Check-if-memfd_create-is-already-define.patch
The following patches are newly added to fix problems:
0027-remove-nobody-user-group-checking.patch
0028-add-missing-FTW_-macros-for-musl.patch
0030-fix-missing-of-__register_atfork-for-non-glibc-build.patch
0031-fix-missing-ULONG_LONG_MAX-definition-in-case-of-mus.patch
Other changes are mostly autotools/meson related.
This new version has dropped ptest support, as there's no easy
way to do this in the framework of meson.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
fixes:
WARNING: libsolv-0.6.33-r0 do_patch:
Some of the context lines in patches were ignored. This can lead to
incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
Applying patch
0001-Add-fallback-fopencookie-implementation.patch
patching file ext/CMakeLists.txt
patching file ext/solv_xfopen.c
Hunk #1 succeeded at 12 with fuzz 1 (offset -1 lines).
Hunk #2 succeeded at 25 (offset -18 lines).
Hunk #3 succeeded at 34 (offset -18 lines).
Hunk #4 succeeded at 46 (offset -18 lines).
patching file ext/solv_xfopen_fallback_fopencookie.c
patching file ext/solv_xfopen_fallback_fopencookie.h
Now at patch 0001-Add-fallback-fopencookie-implementation.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* it got enabled by default, but without the dependency on libidn in:
commit 5997981fa2c22609a88b8cbb595dbf7758b2f7c2
Author: Alexander Kanavin <alexander.kanavin@linux.intel.com>
AuthorDate: Thu Feb 1 20:02:08 2018 +0200
Subject: iputils: update to 20161105
* https://github.com/iputils/iputils/blob/master/RELNOTES.old
mentiones that IDN was enabled by default in:
[s20160308] and surprisingly the same in [s20150815]
but there are no release notes for s20151218 version we were using until
now, don't know how it really relates to [s20150815].
* but there are some issues with libidn as described in:
https://github.com/iputils/iputils/commit/f3a461603ef4fb7512ade3bdb73fe1824e294547
so disable it by default.
* fails with:
| In file included from ping_common.c:1:0:
| ping.h:39:10: fatal error: idna.h: No such file or directory
| #include <idna.h>
| ^~~~~~~~
* Easiest way to reproduce this failure is to remove libidn from gnutls
PACKAGECONFIG or to use gnutls which doesn't have libidn PACKAGECONFIG
at all (like the one in meta-gplv2).
* First it leads to following QA issue:
http://errors.yoctoproject.org/Errors/Build/53212/
ERROR: iputils-s20161105-r0 do_package_qa: QA Issue: iputils-ping rdepends on libidn, but it isn't a build dependency, missing libidn in DEPENDS or PACKAGECONFIG? [build-deps]
ERROR: iputils-s20161105-r0 do_package_qa: QA Issue: iputils-traceroute6 rdepends on libidn, but it isn't a build dependency, missing libidn in DEPENDS or PACKAGECONFIG? [build-deps]
ERROR: iputils-s20161105-r0 do_package_qa: QA run found fatal errors.
Please consider fixing them.
ERROR: iputils-s20161105-r0 do_package_qa: Function failed:
do_package_qa
ERROR: Logfile of failure stored in: /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/iputils/s20161105-r0/temp/log.do_package_qa.7627
ERROR: Task (/OE/build/oe-core/openembedded-core/meta/recipes-extended/iputils/iputils_s20161105.bb:do_package_qa) failed with exit code '1'
* But if you cleansstate iputils as well (after removing libidn from
gnutls PACKAGECONFIG) to empty iputils RSS, then you get the error about
missing idna.h:
http://errors.yoctoproject.org/Errors/Build/53213/
* Adding the libidn dependency explicitly in iputils recipe fixes the
issue.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Previously only the top-level index was created, which did not
work if PACKAGE_FEED_ARCHS whitelisting (or explicitly listing
architectures in dnf repo files by hand) was in use:
https://lists.yoctoproject.org/pipermail/yocto/2018-March/040327.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=12419
[YOCTO #12419]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Exclude x.y.90* pre-release versions in particular.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Refresh patches with devtool
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Some architectures e.g. riscv gcc does not add -D_REENTRANT
when enabling pthreads. Help it here by adding these options
while gcc gets fixed
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
License-Update: new releases and copyright years updated.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Since watchdog and watchdog-keepalive packages can't be installed
together, move wd_keepalive.service to watchdog-keepalive package.
Remove the inter-dependencies of watchdog and wd_keepalive
services as well.
[YOCTO #12565]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
perf needs audit-python to be able to show syscall names and for
'perf trace' to work.
Enable dependency on audit-python if present in PACKAGECONFIG. It's
disabled by default since audit as of now is in meta-selinux.
Fixes [YOCTO #3343]
Fixes [YOCTO #3358]
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
LZ4 format currently used by the Linux kernel is the 'legacy' format.
In order to avoid creating an image that can't be used as a compressed
initial ramdisk with Linux kernel, rename lz4_legacy to lz4.
[YOCTO #12461]
[YOCTO #12149]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* --no-signature saves unnecessary .patch modifications when executed on
host with different git version
* --no-numbered saves unnecessary .patch modifications when number of the
applied patches is changed (the number is still in the filename so the
order how they should be applied is still preserved)
* both options exist for very long time, I've tested them with git 1.9.1
from Ubuntu 14.04 and I'm quite sure they were available even in much
older releases, so there shouldn't be any issue on relatively new sanity
tested distros
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Kernel v4.14 and newer contain the following in their Makefile:
HOST_LFS_LDFLAGS := $(shell getconf LFS_LDFLAGS)
HOSTLDFLAGS := $(HOST_LFS_LDFLAGS)
This breaks our menuconfig, because it can no longer find ncurses if its
not on the host machine. This can be seen in linux-yocto-dev, for
example:
[clsulliv@clsulliv build]$ bitbake virtual/kernel -c menuconfig
GEN ./Makefile
HOSTLD scripts/kconfig/mconf
/home/clsulliv/yocto/poky/build/tmp/hosttools/ld: cannot find -lncurses
/home/clsulliv/yocto/poky/build/tmp/hosttools/ld: cannot find -ltinfo
collect2: error: ld returned 1 exit status
make[3]: *** [scripts/Makefile.host:99: scripts/kconfig/mconf] Error 1
make[2]: *** [/home/clsulliv/yocto/poky/build/tmp/work-shared/intel-corei7-64/kernel-source/Makefile:504: menuconfig] Error 2
make[1]: *** [Makefile:146: sub-make] Error 2
make: *** [Makefile:24: __sub-make] Error 2
Command failed.
Press any key to continue...
Fix this by setting HOSTLDFLAGS to ${BUILD_LDFLAGS} in our
'make menuconfig' command.
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Update to the latest stable release
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Update to the latest stable release
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Update to the latest stable release
Tested in qemux86-64 running core-image-minimal
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Update the python{3}-setuptools to the latest stable version
Tested on the qemu with core-image-minimal
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
License-Update: checksum change is due to bump in copyright year
Resolves CVE-2017-1000158 and other potential security issues
See https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-5-final
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Python 2.x and target Python 3.x do not have this issue.
[YOCTO #12596]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Replace use of atol() to set a time_t variable.
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
None of the test suite works, so something quite fundamental broke.
[ YOCTO #12606 ]
This reverts commit 406ea737f1ce5bb5fed46c8cbeb5c7c13bf3b8ad.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade slang from 2.3.1a to 2.3.2.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Provide a way to make readline dependency optional in case someone
might want to use BSD alternative editline instead.
Using editline would need some changes though (python issue13501).
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Nativesdk package has a special arrangement where the same thing is done
in do_install(). It was assumed (in the comment) that postinsts don't run when
installing nativesdk packages, but this was incorrect: they are run, but
any failures were previously silently ignored. Now this missing failure reporting has
been fixed, and so we get to see the failures.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Sourceforge for some reason claims an older version is 'the latest'.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upstream has finally released a new version.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
LayerError doesn't exist and will lead to an error when this failure
code path is hit.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We allow to set LINKER_HASH_STYLE to be empty so this would fail
since --with-linker-hash-style needs an argument and cant be empty
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport a patch to fix an ICE when compiling for MIPS64.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix a crash when generating a txt report and the two commits to be
compared were not consecutive (but there were some tested commits
between them).
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Integrating the following commits:
60b649971940 x86/hibernate/64: Mask off CR3's PCID bits in the saved CR3
cec3c008ec8f drm/i915/cfl: Coffee Lake works on Kaby Lake PCH.
073873cb152c brd: remove unused brd_mutex
912c53b1b346 audit: fix memleak in auditd_send_unicast_skb.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
I introduced the recipe, so I get to fix any bugs!
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
CONFIG_KERNEL_DEBUG"
The following commit:
Author: California Sullivan <california.l.sullivan@intel.com>
Date: Wed Feb 17 16:47:10 2016 -0800
ktypes: add developer ktype
The developer ktype enables EMBEDDED, EXPERT, and DEBUG_KERNEL,
opening up more kernel options and setting some defaults.
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Was created to address the kernel footprint related issues that are related
to many of the kernel debug options.
When this commit was merged, it re-enabled CONFIG_DEBUG_KERNEL for the
standard kernel, since it includes the systemtap fragment. The correct thing
to do is to move systemtap properly into the developer kernel type.
For now, you can build the developer kernel type, or add the developer kernel
configuration fragment via a bbappend, and you'll have a functional systemtap.
[YOCTO #12603]
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
oe-core commit: 45afadf0b6 fixed the pip problem with purelib for
python2, even though the the patch stated it was for python3. This
patch addresses the purelib problem for python3.
If you install the package python3-pip you will have a pip3 binary
where you can see the problem on the device easily where the modules
install into the incorrect area and are not able to be referenced by
python3 at all.
Example error:
pip3 install imutils
pip3 list |grep imutils || echo ERROR no imutils
ERROR no imutils
python3 -c 'import imutils'
Traceback (most recent call last):
File "<string>", line 1, in <module>
ImportError: No module named 'imutils'
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
