| Age | Commit message (Collapse) | Author | Files |
|---|
|
Via the -stable updates, and other configuration changes the 4.12 kernel has the
same dependency on openssl headers as 4.14+.
So we add the same DEPENDS line that we already have in newer kernels to avoid the
following error:
| HOSTCC scripts/sign-file
| build/tmp/work-shared/qemux86-64/kernel-source/scripts/sign-file.c:25:30: fatal error: openssl/opensslv.h: No such file or directory
| compilation terminated.
| scripts/Makefile.host:107: recipe for target 'scripts/sign-file' failed
| make[3]: *** [scripts/sign-file] Error 1
| make[3]: *** Waiting for unfinished jobs....
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Integrating Paul Gortmaker's stable update to 4.12, this includes CVE
fixes for meltdown and spectre:
3bb926457832 Linux 4.12.21
76781f72ce64 lguest: disable it vs. removing it.
6ab3176bb365 x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
efa97ecdf026 x86/pti: Mark constant arrays as __initconst
a4d9aaf35e28 x86/spectre: Simplify spectre_v2 command line parsing
1dbde4da259a x86/retpoline: Avoid retpolines for built-in __init functions
7f3a7b69b0f7 x86/paravirt: Remove 'noreplace-paravirt' cmdline option
ebeddfbee13f x86/speculation: Use Indirect Branch Prediction Barrier in context switch
7e0a7c84eb35 x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
bf0c4c3f38f6 x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
f4d4ccfdf361 x86/spectre: Report get_user mitigation for spectre_v1
12f20abacd8b nl80211: Sanitize array index in parse_txq_params
7686c72bfd9c vfs, fdtable: Prevent bounds-check bypass via speculative execution
a3d62741fc9b x86/syscall: Sanitize syscall table de-references under speculation
0b99c598274c x86/get_user: Use pointer masking to limit speculation
bf532304a22f x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
04584b001618 x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
5a64c3ccd99d x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
9bbc24f34f03 x86: Introduce barrier_nospec
b55fd06d6fe0 x86: Implement array_index_mask_nospec
79a2efa3e0f5 array_index_nospec: Sanitize speculative array de-references
e9046d054bb9 Documentation: Document array_index_nospec
0078d6b103f9 x86/asm: Move 'status' from thread_struct to thread_info
46afe23798a3 x86/entry/64: Push extra regs right away
4213246ab7a8 x86/entry/64: Remove the SYSCALL64 fast path
026a59b9de37 x86/spectre: Check CONFIG_RETPOLINE in command line parser
a345c5f7a1b6 x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
999e3eca6861 x86/speculation: Simplify indirect_branch_prediction_barrier()
c7acab78a24c x86/retpoline: Simplify vmexit_fill_RSB()
be5c3f1101f7 x86/cpufeatures: Clean up Spectre v2 related CPUID flags
7addf309d0e0 x86/cpu/bugs: Make retpoline module warning conditional
b7c17f71e9cc x86/bugs: Drop one "mitigation" from dmesg
af16629cc1da x86/nospec: Fix header guards names
ebfadec0c9dc x86/alternative: Print unadorned pointers
2e4bcf1ccaa9 x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
332de1ac4373 x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
79a2a1ba23e7 x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
d29069565618 x86/msr: Add definitions for new speculation control MSRs
114a7b0f431c x86/cpufeatures: Add AMD feature bits for Speculation Control
2d5755e9daac x86/cpufeatures: Add Intel feature bits for Speculation Control
3f5d9b428f05 x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
2f1b883356ca module/retpoline: Warn about missing retpoline in module
8c935f65cf6a KVM: VMX: Make indirect call speculation safe
79c0d980e610 KVM: x86: Make indirect calls in emulator speculation safe
956ca31407ab x86/retpoline: Remove the esp/rsp thunk
de8cd92003c6 x86/mm/64: Fix vmapped stack syncing on very-large-memory 4-level systems
f2846896cd75 x86/microcode: Fix again accessing initrd after having been freed
badb7498ab69 x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
750d9c97cede x86/pti: Document fix wrong index
8d759c94307d kprobes/x86: Disable optimizing on the function jumps to indirect thunk
59a3c4dc0ab9 kprobes/x86: Blacklist indirect thunk functions for kprobes
2eef7eab7aea retpoline: Introduce start/end markers of indirect thunk
a37c55916910 x86/mce: Make machine check speculation protected
3aab76cd9d88 x86/tsc: Fix erroneous TSC rate on Skylake Xeon
b129f5955cd5 x86/tsc: Future-proof native_calibrate_tsc()
7639b8268579 x86/mm/pkeys: Fix fill_sig_info_pkey
b19a92bb0f18 x86/cpufeature: Move processor tracing out of scattered features
eb5a1177e60b x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
ed114eb7be88 x86/retpoline: Fill RSB on context switch for affected CPUs
70d519c9f97c x86/kasan: Panic if there is not enough memory to boot
01e21b5f7c9c x86/retpoline: Remove compile time warning
8ca1b5f8a9f4 x86,perf: Disable intel_bts when PTI
6f037d7eaeaa security/Kconfig: Correct the Documentation reference for PTI
b8c74586d251 x86/pti: Fix !PCID and sanitize defines
8e24a4722756 selftests/x86: Add test_vsyscall
c3d9420f23cf x86/retpoline: Fill return stack buffer on vmexit
dd182d455654 x86/retpoline/irq32: Convert assembler indirect jumps
d592a8a2c5f5 x86/retpoline/checksum32: Convert assembler indirect jumps
0f3df59f16d3 x86/retpoline/xen: Convert Xen hypercall indirect jumps
c0459b479a22 x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
11edfaeadbd1 x86/retpoline/entry: Convert entry assembler indirect jumps
bf4c91a3b74f x86/retpoline/crypto: Convert crypto assembler indirect jumps
2b243b8623a5 x86/spectre: Add boot time option to select Spectre v2 mitigation
8ab0d792e81c x86/retpoline: Add initial retpoline support
f2f4c0853dba x86/pti: Make unpoison of pgd for trusted boot work for real
7495fd5400e6 x86/alternatives: Fix optimize_nops() checking
8b932f131e26 sysfs/cpu: Fix typos in vulnerability documentation
299b4adfed2e x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
32996f3a0a81 x86/cpu/AMD: Make LFENCE a serializing instruction
10ffc3c2b2f7 x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*()
9e1201731d4b x86/tboot: Unbreak tboot with PTI enabled
728d879e5c6b x86/cpu: Implement CPU vulnerabilites sysfs functions
aeba317a23de sysfs/cpu: Add vulnerability folder
83e59b5d52bf x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
f7845c2cbd6e x86/Documentation: Add PTI description
16331e2c3b06 x86/pti: Unbreak EFI old_memmap
5723b0260415 kdump: Write the correct address of mem_section into vmcoreinfo
50d02826dfc0 mm/sparse.c: wrong allocation for mem_section
d3cbfb481af2 mm/sparsemem: Fix ARM64 boot crash when CONFIG_SPARSEMEM_EXTREME=y
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ps: invalid option -- 'e'
BusyBox v1.27.2 (2018-03-17 09:07:25 PDT) multi-call binary.
Usage: ps
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Debian anonscm service in Alioth is shutdown and thus
fetching sources fails.
https://wiki.debian.org/Alioth
"Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information."
https://wiki.debian.org/Salsa
"What is Salsa?
Salsa is the name of a collaborative development server for Debian based on the gitlab software. Salsa is supposed to provide the necessary tools for package maintainers, packaging teams and other Debian related individuals and groups for collaborative development.
What is the status of Salsa?
After various discussions about the future of Alioth, the Alioth Sprint in August 2017 gave birth to the initial setup of the the upcoming Salsa service. The productive weekend resulted in a working prototype and was launched as a beta in December 2017. It left its beta status in January 2018."
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Debian anonscm service in Alioth is shutdown and thus
fetching ca-certificates sources fails.
https://wiki.debian.org/Alioth
"Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information."
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Debian anonscm service in Alioth is shutdown and thus
fetching ncurses sources fails.
https://wiki.debian.org/Alioth
"Alioth is broken, and there is nobody around to fix it. Don't ask the remaining people who give it life support to implement fixes and changes. It is being replaced by a cocktail of ?GitLab (see Salsa), read-only repos and keep-alive mechanisms. See below for more information."
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport fix from qemu mainline for intermediate qemuarm64 hang
issue. Root caused in OE environment, issue with aarch64 qemu
logic of executing instructions that reenabe interrupts. See patch
commit message for more details.
Upstream-Status: Backport
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Apparently there are recipes in the wild which generate files with
filenames containing '$' characters - which cause errors during
packaging.
Instead of adding another special case to escape '$' characters when
constructing the command passed to oe.utils.getstatusoutput(), switch
to using single quotes to quote the path - and therefore make isELF()
consistent with the way filenames and paths are quoted by every other
caller of oe.utils.getstatusoutput() in oe-core.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Although get_filesystem_id() is a private API and never gets passed
a path containing spaces or other special characters, etc, quote the
path anyway for consistency.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Here is full list of fixes
https://sourceware.org/git/?p=glibc.git;a=shortlog;h=df3ff4e49d4ee3cbbdaeb0b1cb5dc2344c08be98;hp=23158b08a0908f381459f273a984c6fd328363cb
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix non-void function 'fix_options' should return a value.
Add function prototype to tcpd.c and miscd.c.
Signed-off-by: Oleksiy Obitotskyy <oobitots@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
With 4.15 kernel systemtap needs update to address systemtap module
compilation issues. It is fixed in later version of systemtap by
PR22551.
Upstream-Status: Backport
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Allow devtool to organize the SRC_URI
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Use ext4 filesystem instead of ext3 when using the live image to install
on target. wic defaults to ext4 as well.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* Fix RDEPENDS
* Upstream v1.12_9 is a development version, not a stable release
* Add UPSTREAM_CHECK_REGEX skip development releases
* Drop anonymous python function to "fix" version, which breaks
auto-upgrade-helper (AUH)
* Use LICENSE file for checksum rather than ephemeral META.yml
* License remains the same
Fixes: [YOCTO #12581]
License-Update: use LICENSE file for checksum
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Pseudo is using a custom configure script that detects if it shall build with
extended file attribute support or not. The check is done by simply calling
'getfattr' provided by attr-native which is not part of the dependency list.
Due to the recent changes (recipe specific sysroot & cleanup of $PATH) this
call fails now when the recipe is being build for the first time (at least
when being build for nativesdk case). Explicitly setting up a dependency to
attr-native just to satisfy configure would be wrong also since the real
dependency is to attr/nativesdk-attr which are already part of the dependency
list (see DEPENDS). Therefore bypass the test in the configure by explicitly
enabling xattr using a configure option available in any case.
Signed-off-by: Andreas Kaufmann <andreas.kaufmann.79@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The 'glamor' PACKAGECONFIG in xserver-xorg creates a dependency on libgbm
which can be satisfied in some cases by mesa, in others by blobs such as mali.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Mesa only PROVIDES these features if they are enabled via PACKAGECONFIG.
Therefore make the PROVIDES conditional depending on whether or not these
features have been enabled.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
replace_glibc_check_with_linux.patch was accepted upstream with
modifications.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This version has been published at March 21, 2018, and it is a bugfix
only release. It includes several important fixes that were made as
part of 18.0.0 development cycle.
Full list of bug fixes can be see online at:
https://www.mesa3d.org/relnotes/17.3.7.html
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ERROR: distcc-3.2-r0 do_fetch: Fetcher failure: Unable to find revision d8b18df3e9dcbe4f092bed565835d3975e99432c in branch 3.2 even from upstream
ERROR: distcc-3.2-r0 do_fetch: Fetcher failure for URL: 'git://github.com/distcc/distcc.git;branch=3.2'. Unable to fetch URL from any source.
ERROR: distcc-3.2-r0 do_fetch: Function failed: base_do_fetch
[v2]
upstream deleted the branch and the hash no longer exists.
Took the git snapshot from yocto and created a copy on my github.
There was no offical 3.2 release, only rc versions.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Before, waf.bbclass would fail to catch FileNotFoundError. Now, it will
catch this error and say that waf doesn't exist.
Fixes [YOCTO 12553]
Signed-off-by: Amanda Brindle <amanda.r.brindle@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Setup environment for builds requiring binary reproducibility.
Determine and export SOURCE_DATE_EPOCH per each recipe.
This is a crucial step to achieve binary reproducibility.
The value for this variable (timestamp) is obtained after source code for
a recipe has been unpacked, but before it is patched. If the code sources
come from a GIT repo, we get the timestamp from the top commit. (GIT repo
does not preserve file mktime timestamps). Otherwise, if GIT repo is not
present, we try to get mtime from known files such as NEWS, ChangeLog, etc.
If this also fails, we go through all files and get the timestamp from the
youngest one. We create an individual timestamp for each recipe.
The timestamp is stored in the file '__source_date_epoch.txt' (in the folder
source-date-epoch_). Later on, each task reads this file and sets
the exported value of SOURCE_DATE_EPOCH to the value found in the file.
Uasge:
INHERIT += "reproducible_build"
[YOCTO#11178]
[YOCTO#11179]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This was the default behavior with autotools, but is not with meson.
Otherwise, udev package will pull in the rest of systemd even
that is not desired.
[YOCTO #12618]
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
When systemd was upgraded from 234 to 237, the PACKAGECONFIG item
'resolved' is changed to 'resolve', this is because meson_options.txt
uses the word 'resolve' instead of 'resolved'.
However, this causes trouble for users. Backward compatibility is obviously
more important, because we might have bbappend files in other layers
using this PACKAGECONFIG item.
So change the name back to 'resolved'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ERROR: distrho-ports-0.0.0+git999-r0 do_buildclean: oe_runmake failed
ERROR: distrho-ports-0.0.0+git999-r0 do_buildclean: Function failed: do_buildclean
ERROR: Logfile of failure stored in: <...>/temp/log.do_buildclean.17285
Log data follows:
| DEBUG: Executing shell function do_buildclean
| NOTE: make clean
| make clean -C libs/drowaudio
| make[1]: Entering directory '/home/a.mueller/data/oe-core/workspace/sources/distrho-ports/libs/drowaudio'
| make clean -C build-drowaudio
| make[2]: Entering directory '/home/a.mueller/data/oe-core/workspace/sources/distrho-ports/libs/drowaudio/build-drowaudio'
| make[2]: *** No rule to make target 'clean'. Stop.
| make[2]: Leaving directory '/home/a.mueller/data/oe-core/workspace/sources/distrho-ports/libs/drowaudio/build-drowaudio'
| make[1]: *** [Makefile:7: clean] Error 2
| make[1]: Leaving directory '/home/a.mueller/data/oe-core/workspace/sources/distrho-ports/libs/drowaudio'
| make: *** [Makefile:73: clean] Error 2
| ERROR: oe_runmake failed
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
In out-of-tree builds gtk-doc's setup-build target copies all the content from
$srcdir to $builddir. However, if some of this content is regenerated at
configure time this can happen:
1) configure writes new build/version.xml
2) make compile copies content, including the tarball's src/version.xml
to build/version.xml, and generates gtk-doc.
3) make install notices build/version.xml is older than configure.status,
so regenerates gtk-doc.
gtk-doc generation is a slow process at the best of times, so doing it twice
isn't good.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Also remove libcheck dependency which was required only for tests.
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
termlib needs to be disabled on some targets e.g. mingw
this change paves the way for doing that. Functionally
it does not change anything for other platforms
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport a fix that is needed for systemd to build with latest glibc
and kernel being old.
see
https://github.com/systemd/systemd/issues/8099
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
These variables force runtime tests during configure
they are already cached for other architectures
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
To use 'glide' this class does the integration and reduces code
duplication.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* fails for nativesdk-shadow with:
pwconv: /etc/passwd.29063: No such file or directory
pwconv: cannot lock /etc/passwd; try again later.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* wrong revision of this patch, where the commit message didn't match
with the default PACKAGECONFIG value, was merged to master, update
it to avoid confusion
* it got enabled by default, but without the dependency on libidn in:
commit 5997981fa2c22609a88b8cbb595dbf7758b2f7c2
Author: Alexander Kanavin <alexander.kanavin@linux.intel.com>
AuthorDate: Thu Feb 1 20:02:08 2018 +0200
Subject: iputils: update to 20161105
* https://github.com/iputils/iputils/blob/master/RELNOTES.old
mentiones that IDN was enabled by default in:
[s20160308] and surprisingly the same in [s20150815]
but there are no release notes for s20151218 version we were using until
now, don't know how it really relates to [s20150815].
* but there are some issues with libidn as described in:
https://github.com/iputils/iputils/commit/f3a461603ef4fb7512ade3bdb73fe1824e294547
so disable it by default.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The following perl module packages were removed from oe-core
with commit: 30fb4c8f329fe3aa3c528ffeba60ee7d702e873e
- libclass-isa-perl
- libenv-perl
- libdumpvalue-perl
- libfile-checktree-perl
- libi18n-collate-perl
- libpod-plainer-perl
Remove these from the maintainers list
Fixes: [Yocto #12582]
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Delete entries of removed packages.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Prevent out-of-bounds write in codebook decoding. The bug could allow
code execution from a specially crafted Ogg Vorbis file.
References:
https://www.debian.org/security/2018/dsa-4140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Debian and Fedora both carry this patch, and the xf86-video-modesetting
driver seems better on recent hardware.
As an example, on a NUC6CAYS, the x11perf -aa10text and -rgb10text tests
see around a 20x increase.
[YOCTO #12019]
[YOCTO #12390]
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix CVE-2017-99935, CVE-2017-18013, CVE-2018-5784
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9935
https://nvd.nist.gov/vuln/detail/CVE-2017-18013
https://nvd.nist.gov/vuln/detail/CVE-2018-5784
Patches from:
CVE-2017-9935:
https://gitlab.com/libtiff/libtiff/commit/3dd8f6a357981a4090f126ab9025056c938b6940
CVE-2017-18013:
https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
CVE-2018-5784:
https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade systemd-boot to 237.
As systemd has dropped autotools support, fix configure and compile
failures related to meson.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
Remove the 'fstack-protector' and 'fstack-protector-strong' flags
as a workaround to fix the following error when building for qemux86
and qemuppc with musl.
undefined reference to `__stack_chk_fail_local'
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
Upgrade systemd to 237.
Note that this version has dropped autotools support.
The following patches are rebased:
0004-Use-getenv-when-secure-versions-are-not-available.patch
0005-binfmt-Don-t-install-dependency-links-at-install-tim.patch
0007-use-lnr-wrapper-instead-of-looking-for-relative-opti.patch
0015-Revert-udev-remove-userspace-firmware-loading-suppor.patch
0018-check-for-uchar.h-in-configure.patch
0019-socket-util-don-t-fail-if-libc-doesn-t-support-IDN.patch
0001-add-fallback-parse_printf_format-implementation.patch
0002-src-basic-missing.h-check-for-missing-strndupa.patch
0007-check-for-missing-canonicalize_file_name.patch
0008-Do-not-enable-nss-tests.patch
0010-test-sizeof.c-Disable-tests-for-missing-typedefs-in-.patch
0011-nss-mymachines-Build-conditionally-when-HAVE_MYHOSTN.patch
The following backported patches are dropped:
0001-core-evaluate-presets-after-generators-have-run-6526.patch
0001-main-skip-many-initialization-steps-when-running-in-.patch
0001-meson-update-header-file-to-detect-memfd_create.patch
0003-fileio-include-sys-mman.h.patch
The following patch is dropped as autotools support is dropped:
0002-configure.ac-Check-if-memfd_create-is-already-define.patch
The following patches are newly added to fix problems:
0027-remove-nobody-user-group-checking.patch
0028-add-missing-FTW_-macros-for-musl.patch
0030-fix-missing-of-__register_atfork-for-non-glibc-build.patch
0031-fix-missing-ULONG_LONG_MAX-definition-in-case-of-mus.patch
Other changes are mostly autotools/meson related.
This new version has dropped ptest support, as there's no easy
way to do this in the framework of meson.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
|
|
fixes:
WARNING: libsolv-0.6.33-r0 do_patch:
Some of the context lines in patches were ignored. This can lead to
incorrectly applied patches.
The context lines in the patches can be updated with devtool:
devtool modify <recipe>
devtool finish --force-patch-refresh <recipe> <layer_path>
Then the updated patches and the source tree (in devtool's workspace)
should be reviewed to make sure the patches apply in the correct place
and don't introduce duplicate lines (which can, and does happen
when some of the context is ignored). Further information:
http://lists.openembedded.org/pipermail/openembedded-core/2018-March/148675.html
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10450
Details:
Applying patch
0001-Add-fallback-fopencookie-implementation.patch
patching file ext/CMakeLists.txt
patching file ext/solv_xfopen.c
Hunk #1 succeeded at 12 with fuzz 1 (offset -1 lines).
Hunk #2 succeeded at 25 (offset -18 lines).
Hunk #3 succeeded at 34 (offset -18 lines).
Hunk #4 succeeded at 46 (offset -18 lines).
patching file ext/solv_xfopen_fallback_fopencookie.c
patching file ext/solv_xfopen_fallback_fopencookie.h
Now at patch 0001-Add-fallback-fopencookie-implementation.patch
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* it got enabled by default, but without the dependency on libidn in:
commit 5997981fa2c22609a88b8cbb595dbf7758b2f7c2
Author: Alexander Kanavin <alexander.kanavin@linux.intel.com>
AuthorDate: Thu Feb 1 20:02:08 2018 +0200
Subject: iputils: update to 20161105
* https://github.com/iputils/iputils/blob/master/RELNOTES.old
mentiones that IDN was enabled by default in:
[s20160308] and surprisingly the same in [s20150815]
but there are no release notes for s20151218 version we were using until
now, don't know how it really relates to [s20150815].
* but there are some issues with libidn as described in:
https://github.com/iputils/iputils/commit/f3a461603ef4fb7512ade3bdb73fe1824e294547
so disable it by default.
* fails with:
| In file included from ping_common.c:1:0:
| ping.h:39:10: fatal error: idna.h: No such file or directory
| #include <idna.h>
| ^~~~~~~~
* Easiest way to reproduce this failure is to remove libidn from gnutls
PACKAGECONFIG or to use gnutls which doesn't have libidn PACKAGECONFIG
at all (like the one in meta-gplv2).
* First it leads to following QA issue:
http://errors.yoctoproject.org/Errors/Build/53212/
ERROR: iputils-s20161105-r0 do_package_qa: QA Issue: iputils-ping rdepends on libidn, but it isn't a build dependency, missing libidn in DEPENDS or PACKAGECONFIG? [build-deps]
ERROR: iputils-s20161105-r0 do_package_qa: QA Issue: iputils-traceroute6 rdepends on libidn, but it isn't a build dependency, missing libidn in DEPENDS or PACKAGECONFIG? [build-deps]
ERROR: iputils-s20161105-r0 do_package_qa: QA run found fatal errors.
Please consider fixing them.
ERROR: iputils-s20161105-r0 do_package_qa: Function failed:
do_package_qa
ERROR: Logfile of failure stored in: /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/iputils/s20161105-r0/temp/log.do_package_qa.7627
ERROR: Task (/OE/build/oe-core/openembedded-core/meta/recipes-extended/iputils/iputils_s20161105.bb:do_package_qa) failed with exit code '1'
* But if you cleansstate iputils as well (after removing libidn from
gnutls PACKAGECONFIG) to empty iputils RSS, then you get the error about
missing idna.h:
http://errors.yoctoproject.org/Errors/Build/53213/
* Adding the libidn dependency explicitly in iputils recipe fixes the
issue.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
