| Age | Commit message (Collapse) | Author | Files |
|---|
|
_asn1_extract_der_octet: prevent past of boundary access
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch;
h=f979435823a02f842c41d49cd41cc81f25b5d677
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2014-8146 icu: heap overflow via incorrect isolateCount
CVE-2014-8147 icu: integer truncation in the resolveImplicitLevels function
References:
[1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z
[2] https://www.kb.cert.org/vuls/id/602540
[3] http://bugs.icu-project.org/trac/changeset/37080
[4] http://bugs.icu-project.org/trac/changeset/37162
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Backport patch to fix CVE-2014-3564.
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f
(From OE-Core rev: 421e21b08a6a32db88aaf46033ca503a99e49b74)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-support/gpgme/gpgme_1.4.3.bb
|
|
CVE-2014-3707
CVE-2014-8150
CVE-2015-3153
not affected by: CVE-2014-8151
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes below listed bugs:
1. CVE-2015-3143
2. CVE-2015-3144
3. CVE-2015-3145
Dropped: 4. CVE-2015-3148
SPNEGO was introduced in 7.39 so this version not affected
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
'scons' cleans the environment which breaks ccache builds because
CCACHEDIR can point to an unexpected location:
| ccache arm-linux-gnueabi-gcc ... context.c
| ccache: failed to create .../serf/1.3.8-r0/.home/.ccache (No such file or directory)
Issue is described in
http://www.scons.org/wiki/ImportingEnvironmentSettings
and because 'bitbake' cleans environment we can pass it completely
instead of trying to enumerate needed env.
With the 'env.patch' the FULLCC variable is not needed anymore (which
would break when CC is 'ccache arm-...-gcc' and host ccache is used)
because the correct $PATH is available during scons build:
| sh: .../sysroots/x86_64-oe-linux/usr/bin/arm-linux-gnueabi/ccache: No such file or directory
| scons: *** [context.o] Error 127
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This fixes the following error when building liburcu:
"Your gcc version produces clobbered frame accesses"
OE-Core is using a patched GCC 4.8.2 which is able to compile liburcu
properly.
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 6586aeb3e26d58322c169dfef0228a425fe5d3fa)
Signed-off-by: Fabien Proriol <fabien.proriol@jdsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The apr provides usr/share/build-1/libtool which is required by
the recipe such as apache2, and it will find grep on the host
and set absolute paths in libtool: GREP="/usr/bin/grep"
If we build apr/apr-native on a host that grep is in "/usr/bin/grep",
and re-use the sstate on another host with "/bin/grep", it will fail
when build apache2/apache2-native with:
| tmp/sysroots/x86_64-linux/usr/share/build-1/libtool: line 1093: /usr/bin/grep: No such file or directory
| tmp/sysroots/intel-x86-64/usr/share/build-1/libtool: line 1093: /usr/bin/grep: No such file or directory
(From OE-Core rev: 475709fc4f32e1ed01f45ee44819cd24e739eb43)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
[YOCTO #6994]
(From OE-Core rev: 2910478f42ec23ab112da4753dbf38cefb835a3a)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
By default, xsltproc from libxslt would use configuration files under
/etc/xml. To avoid host system contamination, we create a wrapper for
this command to make it use configuration files in the sysroot directory.
(From OE-Core rev: f14ecfa98baf98edf47b6820d3b0b3af376c5623)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Disable tpm to solve following error:
.../usr/lib64/libtspi.la: No such file or directory
trousers isn't an oe-core recipe, disable it for now.
(From OE-Core rev: f735a540d2bf489547aede0745e34174c39c71bd)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The apr-native provides usr/share/build-1/libtool which is required by
the recipe such as apache2-native. If we don't set the CONFIG_SHELL to
/bin/bash, then:
1) If we build apr-native on a host which is "/bin/sh -> bash", the
interpreter in usr/share/build-1/libtool would be "#!/bin/sh".
2) When we re-use apr-native's sstate on a host which is
"/bin/sh -> dash", there would be errors.
(From OE-Core rev: 38d83009dfe77437533969ce681605a9ab9534ac)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Add this configure option for developer to control if the
/dev/dsp should be used on target. Instead of judging it
based on the very device file of build server.
(From OE-Core rev: 5960262802c394cb6a54ede30e4994929621ca06)
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1568
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
nss ng log:
=====
changeset: 11252:ad411fb64046
user: Kai Engert <kaie@kuix.de>
date: Tue Sep 23 19:28:34 2014 +0200
summary: Fix bug 1064636, patch part 2, r=rrelyea
=====
changeset: 11253:4e90910ad2f9
user: Kai Engert <kaie@kuix.de>
date: Tue Sep 23 19:28:45 2014 +0200
summary: Fix bug 1064636, patch part 3, r=rrelyea
=====
changeset: 11254:fb7208e91ae8
user: Kai Engert <kaie@kuix.de>
date: Tue Sep 23 19:28:52 2014 +0200
summary: Fix bug 1064636, patch part 1, r=rrelyea
=====
changeset: 11255:8dd6c6ac977d
user: Kai Engert <kaie@kuix.de>
date: Tue Sep 23 19:39:40 2014 +0200
summary: Bug 1064636, follow up commit to fix Windows build bustage
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Somehow the patch line endings got messed up during merge. This restores
the delta.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.
(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If build gnupg 1.4.7 after libusb-compat, it shows warning:
WARNING: QA Issue: gnupg rdepends on libusb-compat, but it isn't a build dependency? [build-deps]
Add package config libusb to fix it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
|
GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x
and possibly other products, allows local users to obtain private RSA
keys via a cache side-channel attack involving the L3 cache, aka
Flush+Reload.
Patch from commit e2202ff2b704623efc6277fb5256e4e15bac5676 in
git://git.gnupg.org/libgcrypt.git
Signed-off-by: Yong Zhang <yong.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
|
|
Fixed error when systemd is in DISTRO_FEATURES:
ERROR: The recipe systemd is trying to install files into a sharedarea when those files already exist. Those files and their manifestlocation are:
/path/to/sysroots/qemux86/usr/lib/libnss_myhostname.so.2
Matched in manifest-qemux86-nss-myhostname.populate_sysroot
Please verify which recipe should provide theabove files.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
The '-l' option which is valid for GNU make (--> limit by load) has a
different meaning in bjam (--> limit maximum execution time) and will
break very likely the build.
Keep only the the '-l' option when passing PARALLEL_MAKE options to
bjam.
Signed-off-by: Enrico Scholz <enrico.scholz@sigma-chemnitz.de>
|
|
[YOCTO #6577]
Change-Id: Ia29fb963a7df4e77504993172f85851e0b540c7e
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The user can enable libssh2 via conf/local.conf or custom distro
configuration, this will pull in libssh2, which is not used by default.
For example, a curl_x.y.z.bbappend file containing the following line:
PACKAGECONFIG += "libssh2"
Signed-off-by: Fabrice Coulon <fabrice.coulon@axis.com>
Signed-off-by: Olof Johansson <olof.johansson@axis.com>
|
|
Fixed when rebuild:
rm: cannot remove `/path/to/2.1.2-r0/libassuan-2.1.2/m4/*.m4': No such file or directory
The files may not exist when rebuild.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
RPM4 requires an nss-native component
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Modify SPDX_S to the source tree of icu instead of ${S}.
Signed-off-by: leimaohui <leimaohui@cn.fujitsu.com>
|
|
Modify SPDX_S to the source tree of db-6.0.30 instead of ${S}.
Signed-off-by: leimaohui <leimaohui@cn.fujitsu.com>
|
|
Because $S is set to sub-directory of db-5.3.28.
So modify SPDX_S to the source tree of db-5.3.28 instead of ${S}.
Signed-off-by: leimaohui <leimaohui@cn.fujitsu.com>
|
|
meta-raspberrypi and some other systems are ARMv6k but tell OE that
they're ARMv6 which doesn't fully support non-word atomics. armv6k
does, but Boost didn't handle the recognition correctly in the 1.56
release. Backport the patch that fixes the build.
See: https://svn.boost.org/trac/boost/ticket/10446
Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
From reading the COPYING and various license headers, the nss
LICENSE was incorrect. It's actually MPL-2.0 (not 1.1) with a
few different Or instances.
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Otherwise this is a non-deterministic build dependency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Pinentry is needed for most function of GnuPG, so add it into RRECOMMENDS
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
gnupg 2.x.x needs pinentry to work
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
|
|
libgcrypt.so.20 contains .text relocations, backport a patch
to fix it.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Modify the macro so it will work when cross-compiling.
Note that the values checked are normally in a site file
so the macro rarely has to discover them.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Remove patch that was directly modifing the configure script
since we can now use autoreconf to configure. This also allowed
for the removal of the do_configure() functions.
Added patch to remove an undefined ${srcdir}.
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Add libunwind from meta-oe to oe-core, since perf depends on it.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Makefile md5sum changed its is where they bump the version.
r122 fixes:
Fix : AIX & AIX64 support (SamG)
Fix : mips 64-bits support (lew van)
Added : Examples directory, using code examples from Takayuki Matsuoka
Updated : Framing specification, to v1.4.1
Updated : xxHash, to r36
r121 fixes:
Fix : make install for OS-X and BSD, thanks to Takayuki Matsuoka
Added : make install for kFreeBSD and Hurd (Nobuhiro Iwamatsu)
Fix : LZ4 HC streaming bug
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
change use of eglibc related variabled to glibc equivalents
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
pthread-fix.patch no longer needed, included upstream;
Switched to new website, new bug tracker, new source repo.
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These script use /bin/sh as the interpreter, but contains bashism:
recipes-devtools/insserv/files/run-ptest
recipes-devtools/quilt/quilt/run-ptest
recipes-devtools/tcltk/tcl/run-ptest
recipes-extended/gawk/gawk-4.1.1/run-ptest
recipes-support/beecrypt/beecrypt/run-ptest
Fixed:
"==" -> "=" (should be -eq when integer)
"&>log" -> ">log 2>&1"
And quilt's test scripts requires bash, add bash to RDEPENDS_quilt-ptest
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
the patch comes from:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-1544
https://hg.mozilla.org/projects/nss/rev/204f22c527f8
author Robert Relyea <rrelyea@redhat.com>
https://bugzilla.mozilla.org/show_bug.cgi?id=963150
Bug 963150: Add nssCertificate_AddRef and nssCertificate_Destroy calls
to PK11_ImportCert to prevent nssTrustDomain_AddCertsToCache from
freeing the CERTCertificate associated with the NSSCertificate. r=wtc.
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A basic gpgme.pc file is installed with gpgme which should allow the library to
be found and used using pkg-config rather than gpgme-config.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
