| Age | Commit message (Collapse) | Author | Files |
|---|
|
affects python-2.7 < 2.7.12
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affect python-2.7 < 2.7.10
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects python-2.7 < 2.7.12
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects python < 2.7.12
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Backport patch to fix CVE-2016-1238 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab
(From OE-Core rev: 7d06ffcbcd0c71dc6dc9efde02bf0cd8d7c7d7e3)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed up to apply to 5.20.0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2015-8607 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd
(From OE-Core rev: e2289647ace9ef96e6a7e4aae201fd9149e56678)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fixed up to apply to 5.22.0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2016-6185 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7
(From OE-Core rev: 81e550d0c23c9842b85207cdfa73bbe9102e01fb)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fixed up to apply against 5.22.0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2016-2381 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
(From OE-Core rev: 07ca8a0131f43e9cc2f720e1cdbcb7ba7c074886)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed up to apply again 5.22.0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
affects qemu < 2.7.0-rc0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects Qemu < 2.6.0
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
git versions < 2.5.5 & 2.7.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
With tar version 1.29, the tar call used to copy the ptest files will
not work anymore. While the call did not match the man page (but worked)
before, anyway, the latest update of tar seems to have a more strict argument
handling.
With the current version of the tar call, the copying of files still
works with latest tar version, but the excludes will not be handled
properly anymore.
This results in having binaries compiled with host GCC in the package.
When doing the strip_and_split files in do_package() with the target
objcopy, bitbake will fail with this error:
ERROR: objcopy failed with exit code 256 (cmd was [...])
[...]
File format not recognized
Thus, the current argument issues and required changes are:
* Options must be placed _before_ the pathnames.
* --exclude must be followd by a '=' in order to work properly
* 'f' options is for providing an archive file, which is unnecessary in
this case
Note that this could also be a candidate for backporting.
(From OE-Core master rev: 2e498879098f7d84610aed7961d92433083d9a02)
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
We're setting the native header paths in do_configure_prepend,
and don't need to set them again here.
This results in gcc-target not being able to locate the headers
and not being able to detect glibc version, which in turn
results in SSP support not getting detected even though it's available
in libc.
(From OE-Core master rev: 85630aa894278e7818c867179dc19ca2fbd994fc)
Signed-off-by: Anuj Mittal <anujx.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
The current MPX target descriptions assume that MPX is always combined
with AVX, however that's not correct. We can have machines with MPX
and without AVX; or machines with AVX and without MPX.
This patch adds new target descriptions for machines that support
both MPX and AVX, as duplicates of the existing MPX descriptions.
The following commit will remove AVX from the MPX-only descriptions.
This commit is backported from 7.12
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
WARNING: QA Issue: gdb rdepends on libiconv, but it isn't a build dependency? [build-deps]
We already have virtual/libiconv which is set appropriately
in all environments, so let's use it to fix the issue.
Signed-off-by: André Draszik <adraszik@tycoint.com>
|
|
We fail to build webkit on aarch64 due to this binutils bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=19353
Applying patch which fixes this, stripped out changelog entry
from patch to make it apply without error.
|
|
Backport the fix 7885da3974 ("pkg_get_provider_replacees: do not
add installed pkg to replacee list"). This avoids opkg trying to
remove a package twice e.g. when upgrading.
Suggested-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When the class nativesdk.bbclass is inherited, it redefines TARGET_CC_ARCH,
in the case of python3, this enables debug, causing an error while linking.
Since we don't enable debug during configure some functions are not declared.
This patch makes sure we keep debug disabled, fixing the linking errors.
[YOCTO #9357]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream released their 3.01 so the alpha releases we were downloading have
moved. Update the SRC_URI so it continues to download.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
WARNING: QA Issue: gcc-cross-canadian-i586-dbg: found library in wrong location:
/PATH/sysroots/x86_64-oesdk-linux/usr/libexec/i586-oe-linux/gcc/
i586-oe-linux/5.2.0/.debug/libcc1.so.0.0.0
This warning is introduced by commit f6e47aa(gcc-target 5.1: fix for libcc1)
Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This dependency is floating otherwise, It races against openssl-native
and when openssl config does not match with openssl on build host the
build fails occasionally
x86_64-linux/usr/include/openssl/ripemd.h:70:4: error: #error RIPEMD is
disabled.
# error RIPEMD is disabled.
Change-Id: I5ff6d8f058ff99c64ad4dc7c0377724071003ae6
(From OE-Core master rev: d0c8d98077622a700d92384f676770cb4d6d4f46)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
GNU make segfaults when run in a chroot environment because
of a known bug in GNU make 4.1. See [1] for details.
Works if /dev/pts is mounted before chroot.
[1] http://savannah.gnu.org/bugs/?43434
[YOCTO #9067]
Reported-by: Alexander Larsson <alexl@redhat.com>
(From OE-Core master rev: 0fe2a4b428b1b9a937914d87ec089b5a64f641eb)
Signed-off-by: Anuj Mittal <anujx.mittal@intel.com>
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2016-2197 Qemu: ide: ahci null pointer dereference when using FIS CLB engines
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
If we don't do this, we can use an mke2fs.conf from a different path which
may contain incompatible flags and lead to obtuse build failures such as:
Invalid filesystem option set: has_journal,extent,huge_file,flex_bg,metadata_csum,64bit,dir_nlink,extra_isize
To fix this, wrap the mke2fs binary and its hardlinks and point at the
correct configuration file.
In particular this fixes conflicts between master and jethro builds
affecting the main autobuilder.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-7545 git: arbitrary code execution via crafted URLs
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-0860 dpkg: stack overflows and out of bounds read
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-7295 Qemu: net: virtio-net possible remote DoS
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mod
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are some unfreed rpmmi pointers in printDepList()
function; this happens when the package have null as
the requirement.
This patch fixes these unfreed pointers and add small
changes to keep consistency with some variables.
[YOCTO #8028]
(From OE-Core master rev: da7aa183f94adc1d0fff5bb81e827c584f9938ec)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
The gcc default, bss-plt, will cause errors when using the prelinker. All
other distributions that I am aware of are using the the secure-plt. For an
explanation of the differences, the gcc docs:
Current PowerPC GCC accepts a `-msecure-plt' option that generates code
capable of using a newer PLT and GOT layout that has the security
advantage of no executable section ever needing to be writable and no
writable section ever being executable. PowerPC ld will generate this
layout, including stubs to access the PLT, if all input files (including
startup and static libraries) were compiled with `-msecure-plt'.
`--bss-plt' forces the old BSS PLT (and GOT layout) which can give
slightly better performance.
The security of the new PLT and ability to run the prelinker outweigh
any performance penalty.
The secure-plt is enabled by default. The old bss-plt can be enabled by
selecting 'bssplt' in the DISTRO_FEATURES.
(From OE-Core master rev: 70c55aada1101a5c687cdaa79f370fa4530b39d9)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Fix the following issues:
IA32 / ARM - Resync to glibc-2.22, fix a mismatch w/ glibc's ld.so
MIPS - Ignore the new SHT_MIPS_ABIFLAGS
ARM - Fix missing ARM IFUNC support chunk
Also upstream prelink project no longer has a 'trunk' directory.
(From OE-Core master rev: c725328f2ab5c9b220c552ed37c0d24b098a218d)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
where it fails for qemuarm
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
(From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
(From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
The structure has apparently changed, and there was a missing
setting. This corrects a segfault when disassembling code.
(From OE-Core master rev: 2e8f1ffe3a8d7740b0ac68eefbba3fe28f7ba6d4)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
(From OE-Core master rev: 8e53500a7c05204fc63759f456639545a022e82b)
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
This patch corrects the path specifications when building perl
for vendorlib, vendorarch, sitelib and sitearch to allow newer
dual-life module being installed on host to satisfy configure
and build requirements of some CPAN distributions.
Additionally, fix search path order in perl wrappers.
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
