| Age | Commit message (Collapse) | Author | Files |
|---|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It mis-matched "SanDisk" or "Disk Flags" before, which caused unexpected
error.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a68ac76c1b6ed4c1a2fbc944c5021c89fd26217f)
[YOCTO #10333]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
affects util-linux < 2.28.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects limbxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
busybox <= 1.24.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
busybox <= 1.24.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE: CVE-2015-8778
Improve check against integer wraparound in hcreate_r [BZ #18240]
This is an integer overflow in hcreate and hcreate_r which can result in
an out-of-bound memory access. This could lead to application crashes
or, potentially, arbitrary code execution.
Upstream-Status: Backport [2.23]
(cherry-picked from commit bae7c7c7, 4bd228c8)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
|
|
Upstream re-arranged their FTP server and deleted the tarball that we were
downloading. This tarball is mirrors on downloads.yoctoproject.org but not
everyone uses that, so Work around this by pointing the SRC_URI at the Yocto
Project source mirror directly.
[ YOCTO #9379 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In case a getty is required on a UART which is not being
used as the kernel console, the current agetty invocation
fails to obey the baud rate configured through the
SERIAL_CONSOLES variable because it uses --keep-baud.
(From OE-Core master rev: b54b73834e73d55de1038b55d0a4d7f49cda52d0)
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is created by qemu for the do_rootfs case, which bypasses pseudo, so we
need to correct the ownership. This fixes a warning issued by
rootfs_check_host_user_contaminated.
(From OE-Core master rev: 4ff6b8cadec10e17dbf884a873a227e29944f5d1)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This applies upstream fixes to fix a segfault in systemd-logind on
shutdown.
[Fixes YOCTO #9265]
Signed-off-by: Bill Randle <william.c.randle@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The SRCREV in the busybox git recipe did not point to a commit ID
on the master branch. Point the variable to something reachable from
the master branch (which fixes this recipe's fetch()).
Suggested-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Brad Mouring <brad.mouring@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Busybox upstream fixed the issue where an incorrect comparison of
addresses led to bogus renegotiation of a new ll ip in 1.24. Backport
this change to 1.23.2.
Signed-off-by: Brad Mouring <brad.mouring@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This makes the resulting /etc/os-release file have valid shell
assignment syntax. This makes it loadable by a shell script, using the
'source' command:
source /etc/os-release
Signed-off-by: Ross Burton <ross.burton@intel.com>
(From OE-Core master rev: f6e0ea000fa3b9a726ab56500f643f9902371618)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-2225 Make sure to always terminate decoded string
This change is being provide to comply to Yocto compatiblility.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2016-2224 Do not follow compressed items forever.
This change is being provide to comply to Yocto compatiblity.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-7547: getaddrinfo() stack-based buffer overflow
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add patch from commit 96b1b5c127e9e0e637aaf7948cf3330a94a5cd57 to cross-localedef-native
to avoid broken images built with ENABLE_BINARY_LOCALE_GENERATION set to 1:
$ sh -c "export LANG=de_DE; ls -la"
sh: loadlocale.c:130: _nl_intern_locale_data: Assertion `cnt < (sizeof (_nl_value_type_LC_COLLATE) / sizeof (_nl_value_type_LC_COLLATE[0]))' failed.
Aborted
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If CONFIG_FEATURE_LAST_SMALL is enabled the build fails because of a broken
__UT_NAMESIZE test.
[ YOCTO #8869 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
with the enabling of utmpx in busybox and uClibc it was noted that shadow
support for utmpx also needs utmp explicitly enabled in uclibc. this is
a workaround that might be removed once shadow properly supports
--enable-utmpx to check for utmpx configuration instead of utmp like
it does now
[YOCTO #8243]
[YOCTO #8971]
Signed-off-by: Bogdan-Alexandru Voiculescu <bogdanx.a.voiculescu@intel.com>
Signed-off-by: Benjamin Esquivel <benjamin.esquivel@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 969158d63ba2c8e2e11af41c2a6d4f1aa5b0099f)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
WARNING: QA Issue: glibc-locale: /glibc-binary-localedata-sd-in/usr/lib/locale/sd_IN/LC_CTYPE is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
fix type
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
it was found that out-of-range time values passed to the strftime function may
cause it to crash, leading to a denial of service, or potentially disclosure
information.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
A stack overflow vulnerability was found in nan* functions that could cause
applications which process long strings with the nan function to crash or,
potentially, execute arbitrary code.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
A stack overflow vulnerability in the catopen function was found, causing
applications which pass long strings to the catopen function to crash or,
potentially execute arbitrary code.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or
libc6) before 2.23 allows local users to bypass a pointer-guarding protection
mechanism via a zero value of the LD_POINTER_GUARD environment variable.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
