| Age | Commit message (Collapse) | Author | Files |
|---|
|
http://bugs.python.org/issue21529
Python 2 and 3 are susceptible to arbitrary process memory reading by
a user or adversary due to a bug in the _json module caused by
insufficient bounds checking.
The sole prerequisites of this attack are that the attacker is able to
control or influence the two parameters of the default scanstring
function: the string to be decoded and the index.
The bug is caused by allowing the user to supply a negative index
value. The index value is then used directly as an index to an array
in the C code; internally the address of the array and its index are
added to each other in order to yield the address of the value that is
desired. However, by supplying a negative index value and adding this
to the address of the array, the processor's register value wraps
around and the calculated value will point to a position in memory
which isn't within the bounds of the supplied string, causing the
function to access other parts of the process memory.
Signed-off-by: Benjamin Peterson <benjamin@python.org>
Applied to python-native recipe in order to fix the above mentioned
vulnerability.
Upstream-Status: Submitted
Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In subdir 'gcc', Most C source files included config.h which was
generated by a rule. But no related prerequisites was added to
the C source compiling rule. There was potential building failure
while makefile enabled parallel.
The C source compiling rule used suffix rule '.c.o', but the suffix
rule doesn't support prerequisites.
https://www.gnu.org/software/make/manual/html_node/Suffix-Rules.html
We used the pattern rule '%.o : %.c' to instead, and add the config.h
as its prerequisite
We also moved the '%.o : %.c' rule down to the 'build/%.o :' rule, which
makes '%.o : %.c' rule doesn't override 'build/%.o :'.
[YOCTO #6568]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Reproduce steps:
1) bitbake perl
2) vim local.conf to tweak CC, just add redundant option.
...
CC_append = " ${HOST_CC_ARCH}"
...
3) bitbake perl
...
./miniperl -Ilib make_ext.pl lib/auto/Time/HiRes/HiRes.so MAKE=make LIBPERL_A=libperl.so LINKTYPE=dynamic
Making Time::HiRes (all)my $filename=
Deleting non-Cross makefile
Running Makefile.PL in cpan/Time-HiRes
Makefile.PL: The "xdefine" exists, skipping the configure step.
("tmp/sysroots/x86_64-linux/usr/bin/perl-native/perl5.20.0.real Makefile.PL --configure" to force the configure step)
Warning: No Makefile!
make[2]: Entering directory `tmp/work/armv5te-poky-linux-gnueabi/perl/5.20.0-r1/perl-5.20.0/cpan/Time-HiRes'
make[2]: *** No rule to make target `config'. Stop.
...
While ${CC} changed, the existance of 'xdefine' caused makefile
regeneration failed.
[YOCTO #6569]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
anyway
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
MULTILIB_OPTIONS takes the parameters which trigger a given multilib to be
selected. It supports *one* option per multilib, '/' separated. Spaces
separate options used to generate additional multilib combinations.
Adding in all of CFLAGS to this is therefore clearly a really bad idea
but how do we fix things?
The best option I've come up with so far is a list of whitelist variables
to use to trigger the multilibs. Its populated with the standard multilibs
we support, anyone setting up an advanced multilib can populate the variable
with the correct trigger parameters.
This has the advantage of simplifying the code and allowing us to remove
the code filtering blocks since there is no longer option duplication. Testing
after this change shows a much improved sdk toolchain functionality.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Necessary for including it in meta-toolchain.
Signed-off-by: Richard Tollerton <rich.tollerton@ni.com>
Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When use default install directory, we can't get the environment setup
script path. The reason is that opkg-cl list incorrect files paths.
This patch sets env_script variable to make us get correct environment
setup script path.
[YOCTO #6443]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Pseudo now automatically tries to shut down the server after running
single commands under pseudo ("pseudo <cmd>"), which means it can
print a useless "server already offline" message in some cases. The
message has been changed to a debugging message only.
The glibc symbol versions for memcpy were being applied to non-x86
targets, unintentionally, which broke builds for at least some targets.
(But pseudo doesn't usually get built for targets so it didn't
get noticed right away.)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Qemu PCIe bus support is vulnerable to a use-after-free flaw. It could
occur via guest, when it tries to hotplug/hotunplug devices on the
guest.
A user able to add & delete Virtio block devices on a guest could use
this flaw to crash the Qemu instance resulting in DoS.
Originated-by: Marcel Apfelbaum <address@hidden>
Updated the qemu recipe to include the security patch.
Upstream-Status: Submitted
Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ting Liu <b28495@freescale.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove unneeded patches, since they're included in new version.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* GLIBC_DYNAMIC_LINKER64 reglex does not work for rs6000/linux64.h,
update it.
* it turns out that UCLIBC_DYNAMIC_LINKER reglex will strip the 32/64
chars from UCLIBC_DYNAMIC_LINKER64/UCLIBC_DYNAMIC_LINKER32, add '\b'.
my two PCs: Centos 6.5 (python 2.7.5) and Fedora 13 (python 2.7.3)
Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Some versions of gcc will put a reference to __gxx_personality_v0
into rpm.o and rpmbuild.o. This means we must link using g++,
and Makefile does not.
Go back to using rpmqv.c (which is currently identical to rpmqv.cc).
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Without this, python tools that need python-distribute doesn't install
in SDK generated by OE.
Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Makefile generation for subversion is horrible, I can't figure out
where the dependencies are missing, it looks like they might be missing
everywhere. Give up and disable parallel make install.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove patches that are now implemented upstream
COPYING file has formating change no change to licence itself
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
some syscalls are obsolete and no longer available for EABI, exclude them to
fix the below error:
In file included from qemu-seccomp.c:16:0:
qemu-seccomp.c:28:7: error: '__NR_select' undeclared here (not in a function)
{ SCMP_SYS(select), 252 },
^
qemu-seccomp.c:36:7: error: '__NR_mmap' undeclared here (not in a function)
{ SCMP_SYS(mmap), 247 },
^
qemu-seccomp.c:57:7: error: '__NR_getrlimit' undeclared here (not in a function)
{ SCMP_SYS(getrlimit), 245 },
^
qemu-seccomp.c:96:7: error: '__NR_time' undeclared here (not in a function)
{ SCMP_SYS(time), 245 },
^
qemu-seccomp.c:185:7: error: '__NR_alarm' undeclared here (not in a function)
{ SCMP_SYS(alarm), 241 },
please refer source files:
arch/arm/include/uapi/asm/unistd.h
or kernel header:
/usr/include/asm/unistd.h
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Avoids the determinism problem shown with the warnings:
WARNING: QA Issue: python-tkinter rdepends on libx11 but its not a build dependency? [build-deps]
WARNING: QA Issue: python-tkinter rdepends on tcl-lib but its not a build dependency? [build-deps
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License text just moved within the README.rst (same checksum)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Dropped neon patches as neon support was dropped.
Dropped CVE patches as applied in later version
Added patch to avoid OS-X check which doesn't cross compile
Add PACKAGECONFIG for gnome-keyring
Addition to license:
For the file subversion/libsvn_subr/utf_width.c
* Markus Kuhn -- 2007-05-26 (Unicode 5.0)
*
* Permission to use, copy, modify, and distribute this software
* for any purpose and without fee is hereby granted. The author
* disclaims all warranties with regard to this software.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License file changes copyright years only.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License change is just a date change in the license file, looks
like English to German locale change to the date display.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Versioned RPROVIDES don't make sense and break the pkgdata rprovides code.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Each of the items requires perl, but had not previously stated their perl
dependency.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It moved from meta-oe and fixed the defect that xmlto/xsltproc
stylesheets cannot be found even when they are installed in
sysroot.
About the config files (catalog.xml), we refered what Ubuntu
13.04 did, so it could correctly search the xsl stylesheets
and xml dtds.
Assigned the environment variable XML_CATALOG_FILES, so the
xmlto will use oe-core's config as priority to avoid the
the search from build system.
[YOCTO #2416]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Refer debian, it shipped the latest DocBook 4.5 XML DTD, as well as
a selected set of legacy DTDs for use with older documents, including
4.0, 4.1.2, 4.2, 4.3 and 4.4.
About the config files (docbook-xml.xml and the update patch), we
refered what Ubuntu 13.04 did, so the xmlto could correctly search
among multible DTDs.
[YOCTO #2416]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
About the config files (docbook-xsl.xml), we refered what Ubuntu 13.04 did,
so the xmlto could correctly search the xsl stylesheets.
[YOCTO #2416]
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
I can't find the reason from the log why we need them, and they are out
of date, so remove them, then file would use the one from its package.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The awk pattern was checked *before* the Perl pattern, so the perl
script with BEGIN{...} would be reported as awk, this patch fixes it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also fetch source code from kernel.org. As per the Git release announcement, see
[1], Git source tarball are now located back on kernel.org, at [2].
[1] https://lkml.org/lkml/2014/6/25/760
[2] https://www.kernel.org/pub/software/scm/git/
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This uprevs pseudo to 1.6. This merges in all of the existing
fixes, and also adds partial support for extended attributes,
including storing arbitrary extended attributes in the database,
and also interpreting the posix permissions ACLs as chmod
requests.
The extended attribute support means we need xattr.h, the simplest
way to be sure of this is to build attr before pseudo, which doesn't
take long.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed rpm-native.do_configure error on CentOS 5.x:
cc1: error: unrecognized command line option "-Wno-override-init"
The -Wno-override-init was commented in rpm-5.4.9, but commented out in
rpm-5.4.14 thus it is failed to build on CentOS 5.x, comment it again to fix
the problem.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
It was observed that code using STLport 4.6 fails to compile under the
SDK with the following error message:
.../includes/cstddef:38:46: fatal error: ../4.7.2/cstddef: No such file
or directory
STLport 4.6 (screwily) assumes that the C++ system headers live in a
gcc-versioned subdirectory, for gcc>=3.0; cf
http://sourceforge.net/p/stlport/code/ci/STLport-4.6-patch/tree/stlport/config/stl_gcc.h#l269.
This assumption is *almost always* valid, because that matches the
default setting of --with-gxx-include-dir. We can match that behavior by
appending "/${BINV}" to our own --with-gxx-include-dir settings.
Natinst-CAR-ID: 446449
Natinst-Reviewboard-ID: 57209
Acked-by: Ken Sharp <ken.sharp@ni.com>
Acked-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Richard Tollerton <rich.tollerton@ni.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Add "--spider" argument to wget command, since we don't need to download
repo page, just check that it is there.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We should check the result of updating opkg rather than echo_info.
So we should call check_result function after updating opkg.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to check YOCTOADT_QEMU variable whether is equal to "y".
So we should use "==" rather than "=".
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
YOCTOADT_VERSION is not included in adt_installer.conf file.
Remove this variable, because we don't need it.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enable the rpm-5_4 branch via a specific recipe to help track the latest
community development. This should allow us to more quickly move to the next
release when it is available.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Update various patches. A few corrections to the patch descriptions,
otherwise simple quilt refresh or conflict resolution.
Remove rpm-solvedb.patch and rpm-respect-arch.patch. These are both related
to the old solvedb package dependency solver. This is no longer used since
we moved to smartpm.
rpm-stub-out-git_strerror was a backport and is no longer needed.
RPM 5.4.12 and newer normally requires Berkley DB 6.0 or newer. A small
patch to configure allows RPM to dynamically select DB 5.3 or DB 6.0 based
on what is available at configure time.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changed:
- The Copying has no change, except the company address.
- pick patches from debian
http://ftp.de.debian.org/debian/pool/main/p/perl/perl_5.20.0-1.debian.tar.xz
- Not used by oe:
deprecate-with-apt.diff
patchlevel.diff
fakeroot.diff
- Create/Update perl-rdepends_${PV}.inc by the hardcode script;
- Update config.sh by:
1) Copy the Perl 5.20.0 source code onto your TARGET machine
linux qemuarm 3.14.5-yocto-standard from OE-Core rev:
f506d0660c9949485268a92724ac770b5457b0ca
2) Execute sh Configure as normal and configure as required,
do not "make";
3) Compare with the old config.sh files, and update;
- perl-ptest.inc
1) Copy the souce code to ptest since almost 112 test cases
failed with the reason that no souce code found;
2) Add two patches to fix test case issue;
- perl-native
Reference perl (5.20.0-1) in debian to update perl shared library headers
https://packages.debian.org/experimental/i386/perl/filelist
Obsolete:
- 09_fix_installperl.patch
The dead code was removed from installperl
http://perl5.git.perl.org/perl.git/commit/236818e0b9d9fe874831086b4d0b94dc6f245dfd
- perl-build-in-t-dir.patch
The upstream has fix it. The issue description:
Perl cannot cross build in a path containing a directory that has the
name of "t". As an example, you can make the perl build fail with
"mkdir -p /tmp/build/t", go to the directory, unpack the sources,
configure and cross build.
- 0001-Fix-misparsing-of-maketext-strings.patch
as they are part of the upstream code now:
http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8
- 0001-Prevent-premature-hsplit-calls-and-only-trigger-REHA.patch
the hash function changed:
http://perl5.git.perl.org/perl.git/commit/7dc8663964c66a698d31bbdc8e8abed69bddeec3
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use '${CCLD}' as '${LD}' which the cpan was doing.
...
i586-poky-linux-ld: unrecognized option '-Wl,-O1'
i586-poky-linux-ld: use the --help option for usage information
...
Also fix do_configure warnings
...
'--SYSROOT' is not a known MakeMaker parameter name.
'-MARCH' is not a known MakeMaker parameter name.
...
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Patch redhat-portability.diff was patching generated files.
This patch removes every hunk related to Makefile.in and configure files.
[YOCTO #6491]
Signed-off-by: Roxana Ciobanu <roxana.ciobanu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The previous change to adt_installer was incorrect, this reverts it and
fixes the real issue. The real issue is that if a previous installation was
present, it may have been moved and therefore the paths returned by opkg
could be a little odd.
To address this, when we move files to a different location, ensure we
update the *.list files with the revised paths. This means later installs
over the top return consistent values from opkg and the script works
as intended.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
