summaryrefslogtreecommitdiff
path: root/meta
AgeCommit message (Collapse)AuthorFiles
2016-11-23licenses.conf: Fix variable name in comments (FOSS_NO_COPYRIGHT)Olof Johansson1
A FOSSology related variable was renamed from FOSS_COPRYIGHT to FOSS_NO_COPYRIGHT, but the comment block describing the variable in licenses.conf was missed. Besides fixing this, this change also removes a redundant comment about where the variable is defined (it's right there! ;-)). Signed-off-by: Olof Johansson <olofjn@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23webkitgtk: move recommends on ca-certificates from epiphany to webkitgtk.Carlos Alberto Lopez Perez2
* The webkitgtk package should recommend the ca-certificates one, because any program usign webkit (and not only epiphany) would expect that the CAs certificates are available and that https validation works as expected. * For example, webkitgtk includes a MiniBrowser program that would fail to proper verify https sites if the ca-certificate package is not installed * Instead of making each one of the webkitgtk consumers care about the certificate package, do this in webkit itself. Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23rpm: fix multilib macro installationChen Qi1
For now, the rpm macro for multilib is not installed correctly. For example, in x86-64 lib32 situation, the macro is installed under tmp/work/x86-pokymllib32-linux/rpm/5.4.16-r0/image/usr/lib/rpm/poky/i686-linux/. The directory is even not under WORKDIR. And it will of course not be packaged. We need to save necessary values before updating the localdata and restore them so that the macros could be installed into the correct directory. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23devshell: list commands when throwing NoSupportedTerminalsStephano Cetola2
When attempting to run devshell, if no terminal is available, the error being thrown was not very specific. This adds a list of commands that failed, informing the user of what they can install to fix the error. [ YOCTO #10472] Signed-off-by: Stephano Cetola <stephano.cetola@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23systemd: systemd should not depend on systemd-containerMax Krummenacher1
Currently systemd depends on systemd-container due to a dangling symlink deployed with systemd. Move the symlink to systemd-container. | DEBUG: systemd contains dangling link /lib/systemd/system/systemd-machined.service | DEBUG: target found in systemd-container Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23sanity.bbclass: fix check_connectivity() for BB_NO_NETWORK = "0"Robert Yang1
The old code: network_enabled = not d.getVar('BB_NO_NETWORK', True) It is True only when BB_NO_NETWORK is not set (None), but BB_NO_NETWORK = "0" should also be True while "1" means no network, "0" means need network in a normal case. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23sanity.bbclass:check_connectivity(): print more error messagesRobert Yang1
This can help fix the problem when the error happens. Now the error message is: Fetcher failure for URL: 'https://www.example.com/'. URL https://www.example.com/ doesn't work. Please ensure your host's network is configured correctly, or set BB_NO_NETWORK = "1" to disable network access if all required sources are on local disk. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23testsdk.bbclass: print which file is not foundRobert Yang1
This is helpful when debug. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23populate_sdk_ext.bbclass: use weak assignment for TOOLCHAINEXT_OUTPUTNAMERobert Yang1
The TOOLCHAINEXT_OUTPUTNAME is different from TOOLCHAIN_OUTPUTNAME, it is used for eSDK only, so that it doesn't mix with SDK, use "?=" for it so that other conf file can define it. If we don't use "?=" here, then we need use forcevariable to redfine it: TOOLCHAINEXT_OUTPUTNAME_forcevariable = "foo" Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23glib: remove obsolete gi-exclude patchRoss Burton2
This patch has been superseded by 2907b1 in gobject-introspection, which we're now shipping. Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23sysvinit-inittab: make TERM=vt102 on serial consolesAndré Draszik2
This makes more sense than the default TERM=linux (as set by the linux kernel). In addition, when using busybox init, it tries to achieve the same (in a different way). Both agetty, and busybox getty support the terminal type as the last argument. Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23opkg-utils: clear update-alternatives database on uninstallAndré Draszik1
When uninstalling update-alternatives, it doesn't seem to make much sense to keep the update-alternatives database around. In particular when removing packaging data, e.g. due to read-only rootfs, update-alternatives is removed from the target file system. Leaving its database around serves no purpose in that case as there is no way to use it afterwards anyway. This frees close to 700KB of (uncompressed) space in a busybox based environment. Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23oe-selftest: devtool: test that updating a file with subdir= worksPaul Eggleton1
If you have a file:// entry in SRC_URI with a subdir= parameter that makes it extract into the source tree, then when you update that file in oe-local-files and run devtool update-recipe then you want the original file to be updated. This was made to work by OE-Core commit 9069fef5dad5a873c8a8f720f7bcbc7625556309 together with 31f1bbad248c36a8c86dde4ff57ce42efc664082, however until now there was no oe-selftest test to verify it. Note that in order to succeed this test also requires the fix "lib/oe/recipeutils: ignore archives by default in get_recipe_local_files()" since the test recipe uses a local tarball. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23lib/oe/recipeutils: ignore archives by default in get_recipe_local_files()Paul Eggleton1
By default, have get_recipe_local_files() not return any archive files. This prevents a local tarball from being erroneously removed from SRC_URI if you run "devtool modify" on a recipe followed by "devtool update-recipe". It doesn't actually help you to directly update the contents of such tarballs, but at least now it won't break the recipe. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23devtool: update-recipe: fix handling of compressed local patchesPaul Eggleton3
It is possible to use gzip or bzip2 to compress patches and still refer to them in compressed form in the SRC_URI value within a recipe. If you run "devtool modify" on such a recipe, make changes to the commit for the patch and then run devtool update-recipe, we need to correctly associate the commit back to the compressed patch file and re-compress the patch, neither of which we were doing previously. Additionally, add an oe-selftest test to ensure this doesn't regress in future. Fixes [YOCTO #8278]. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23lib/oe/patch: fix handling of patches with no headerPaul Eggleton1
If a patch applied by a recipe has no header and we turn the recipe's source into a git tree (when PATCHTOOL = "git" or when using devtool extract / modify / upgrade), the commit message ends up consisting only of the original filename marker ("%% original patch: filename.patch"). When we come to do turn the commits back into a set of patches in extractPatches(), this first line ends up in the "Subject: " part of the file, but we were ignoring it because the line didn't start with the marker text. The end result was we weren't able to get the original patch name. Strip off any "Subject [PATCH x/y]" part before looking for the marker text to fix. This caused "devtool modify openssl" followed by "devtool update-recipe openssl" (without any changes in-between) to remove version-script.patch because that patch has no header and we weren't able to determine the original filename. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23oe-selftest: devtool: test update-recipe with only local filesPaul Eggleton1
Add a test to ensure devtool update-recipe works properly on recipes that contain only local files (since the other tests we have didn't test that). Relates to [YOCTO #10563]. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23cmake.bbclass: Set CXXFLAGS and CFLAGSKhem Raj1
We strip the TOOLCHAIN_OPTIONS and HOST_CC_ARCH from CC/CXX in cmake.bbclass whereas CFLAFS and CXXFLAGS assume that TOOLCHAIN_OPTIONS are part of CC/CXX variables, this causes compile failures when cmake is running compiler tests during configure on some architectures especially armhf, because hf ABI information -mfloat-abi is part of TOOLCHAIN_OPTIONS, so what happens is that testcase gets compiled without hard-float, howver, during linking the float ABI option is passed via LDFLAGS, now linker rejects this and fails like /mnt/a/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/arm-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/6.2.0/ld: error: cmTC_27947 uses VFP register arguments, CMakeFiles/cmTC_27947.dir/src.cxx.o does not mnt/a/build/tmp-glibc/sysroots/x86_64-linux/usr/libexec/arm-oe-linux-gnueabi/gcc/arm-oe-linux-gnueabi/6.2.0/ld: failed to merge target specific data of file CMakeFiles/cmTC_27947.dir/src.cxx.o collect2: error: ld returned 1 exit status This means that CMake now fails the configure time test too which is not right, e.g. it might disable features which actually do exist and should be enabled e.g. in case above it is resulting as below Performing C++ SOURCE FILE Test HAS_BUILTIN_SYNC_SUB_AND_FETCH failed with the following output: Its actually a bug in CMake see https://gitlab.kitware.com/cmake/cmake/issues/16421 CMake is ignoring CMAKE_CXX_FLAGS when using CHECK_CXX_SOURCE_COMPILES function. Until it is fixed upstream, we add HOST_CC_ARCH and TOOLCHAIN_OPTIONS to CFLAGS and CXXFLAGS, so that we can ensure that compiler invocation remains consistent. Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23tiff: Security fix CVE-2016-3658Zhixiong Chi2
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving the ma variable. External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3658 http://bugzilla.maptools.org/show_bug.cgi?id=2546 Patch from: https://github.com/vadz/libtiff/commit/45c68450bef8ad876f310b495165c513cad8b67d Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23systemd: Reload configuration on package installLinus Wallgren1
When a systemd service file has changed it is required to reload systemd's configuration. Otherwise changes to a service file will not be picked up during package upgrade. Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23qemu: update run-ptest scriptKai Kang1
The Makefile in directory tests has been renamed, then update script run-ptest to follow the change. Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23qemu: fix CVE-2016-7909Kai Kang2
Backport patch to fix CVE-2016-7909 of qemu. Ref: https://security-tracker.debian.org/tracker/CVE-2016-7909 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23glibc: fix CVE-2016-6323Kai Kang2
Backport patch to fix CVE-2016-6323 of glibc. And remove the section of file ChangeLog which can't be applied. Ref: https://sourceware.org/bugzilla/show_bug.cgi?id=20435 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23openssh: fix CVE-2016-8858Kai Kang2
Backport patch to fix CVE-2016-8858 of openssh. Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1384860 Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23openssl: fix bashism in c_rehash shell scriptAndré Draszik1
This script claims to be a /bin/sh script, but it uses a bashism: from checkbashisms: possible bashism in meta/recipes-connectivity/openssl/openssl/openssl-c_rehash.sh line 151 (should be 'b = a'): if [ "x/" == "x$( echo ${FILE} | cut -c1 -)" ] This causes build issues on systems that don't have /bin/sh symlinked to bash: Updating certificates in ${WORKDIR}/rootfs/etc/ssl/certs... <builddir>/tmp/sysroots/x86_64-linux/usr/bin/c_rehash: 151: [: x/: unexpected operator ... Fix this by using POSIX shell syntax for the comparison. Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Sylvain Lemieux <slemieux@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23webkitgtk: Add an option to disable opengl supportCarlos Alberto Lopez Perez1
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23swig: 3.0.8 -> 3.0.10Wang Xin1
Upgrade swig from 3.0.8 to 3.0.10. Signed-off-by: Wang Xin <wangxin2015.fnst@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23ltp: Reduce duplication in MIPS variants.Zubair Lutfullah Kakakhel1
Reduce duplication in MIPS variants now that the MACHINEOVERRIDES variable is defined Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23glib-networking: remove intltool dependencyRoss Burton1
glib-networking 2.50 moved away from intltool to modern gettext, so remove the build dependency. Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23readline: Update to version 7.0Fabio Berton4
Remove readline 6.3 patches and config-dirent-symbols.patch already apply on upstream. Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-23lib/oe/package_manager: .deb pre/postinst argsLinus Wallgren1
The debian policy manual and MaintainerScripts wiki page states that the postinst script is supposed to be called with the `configure` argument at first install, likewise the preinst script is supposed to be called with the `install` argument on first install. https://www.debian.org/doc/debian-policy/ch-maintainerscripts.html https://wiki.debian.org/MaintainerScripts Signed-off-by: Linus Wallgren <linus.wallgren@scypho.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-16binconfig: Use d.getVarRichard Purdie1
The bb.data API is deprecated, use d.getVar instead. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-11-15sanity.bbclass: fix logging of an errorMarkus Lehtonen1
Fixes a crash in exception handler. All bb logging functions need an string instances as arguments. Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15lib/oe/lsb: attempt to ensure consistent distro id regardless of sourceJoshua Lock1
The LSB Distributor ID and os-release NAME differ for most of the distributions tested by the Yocto Project (CentOS, Debian, Fedora, openSUSE and Ubuntu) however for all but openSUSE the os-release ID matches the LSB Distributor ID when both are lowered before comparison. Therefore, in order to improve the consistency of identification of a distribution, switch to using the os-release ID and converting the ID value to lowercase. Table showing comparison of LSB Distributor ID to os-release fields NAME and ID for current Yocto Project supported host distributions: Distribution | Version | Distributor ID | NAME | ID | ------------------------------------------------------------------------- CentOS | 7 | CentOS | CentOS Linux | centos | Debian | 8 | Debian | Debian GNU/Linux | debian | Fedora | 23 | Fedora | Fedora | fedora | Fedora | 24 | Fedora | Fedora | fedora | openSUSE | 13.2 | openSUSE project | openSUSE | opensuse | openSUSE | 42.1 | SUSE LINUX | openSUSE Leap | opensuse | Ubuntu | 14.04 | Ubuntu | Ubuntu | ubuntu | Ubuntu | 16.04 | Ubuntu | Ubuntu | ubuntu | [YOCTO #10591] Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15lib/oe/lsb: prefer /etc/os-release for distribution dataJoshua Lock1
os-release(5) is an increasingly standard source of operating system identification and more likely to be present on modern OS deployments, i.e. many container variants of common distros include os-release and not the lsb_release tool. Therefore we should favour parsing /etc/os-release in distro_identifier(), try lsb_release when that fails and finally fall back on various distro specific sources of OS identification. Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15lib/oe/lsb: make the release dict keys consistent regardless of sourceJoshua Lock1
Rather than have the distro_identifier method look for different keys in the dict depending on the source ensure that each function for retrieving release data uses the same key names in the returned dict. Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15webkitgtk: drop patch 0001-WebKitMacros-Append-to-I-and-not-to-isystem.patchCarlos Alberto Lopez Perez2
* This patch is not longer needed. Upstream has fixed this issue in: https://trac.webkit.org/changeset/205672 which is already included in WebKitGTK+ >= 2.14.0 Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15systemtap: fix native linking on recent UbuntuRoss Burton2
The latest Ubuntu uses yet more aggressive hardening options, which causes the unconventional build order used by systemtap to fail. [ YOCTO #10521 ] Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15systemtap: remove explicit msgfmt checkRoss Burton2
Passing --disable-nls should be enough to disable the requirement for a full gettext to be present, but the upstream configure explicitly checks for msgfmt even if it isn't going to be used. To avoid having to depend on gettext-native, patch this check out. Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15x264: Update to latest on stable branchKhem Raj2
- unexport AS variable - Switch URI to use github mirror for reliabality - Disable openCL code, its not used - TEXTRELs are fixed, therefore dont skip QA check Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15libpcap: Update to version 1.8.1Fabio Berton4
- Option --enable-canusb was removed on commit: https://github.com/the-tcpdump-group/libpcap/commit/93ca5ff7030aaf1219e1de05ec89a68384bfc50b - Autotools class was improved and we can now stop aclocal from running at all. - File configure.in was renamed to configure.ac, rework libpcap-pkgconfig-support patch and do_configure_prepend task to use configure.ac file. Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15wayland: upgrade from 1.11.1 to 1.12.0Fathi Boudra2
* Remove 0001-scanner-Use-unit32_t-instead-of-uint.patch applied upstream https://cgit.freedesktop.org/wayland/wayland/commit/?id=6750b47d9e0d30 * Update release tarball md5sum/sha256sum Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15populate_sdk_ext.bbclass: check unfsd before create itRobert Yang1
Fixed when nativesdk-unfs3 is installed: $ bitbake <image> -c populate_sdk_ext | Traceback (most recent call last): | File "/path/to/oe-core/scripts/lnr", line 21, in <module> | os.symlink(target, linkname) | FileExistsError: [Errno 17] File exists: '../../../../tmp/sysroots/x86_64-linux/usr/bin/unfsd' -> '/path/to/9.0/sysroots/x86_64-wrlinuxsdk-linux/usr/bin/unfsd' Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15glibc-2.0: Detect pthread_getname_np() before useKhem Raj2
Fixes build with musl Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15libbsd: Fix build with muslKhem Raj4
a.out.h support is not across all architectures only x86/x86_64 support is in linux/a.out.h, this patch abstracts the minimum needed constructs into itself Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15db: disable the ARM assembler mutex codeLi Zhou1
The swpb in macro MUTEX_SET will cause "undefined instruction" error on the new arm arches which don't support this assembly instruction any more. If use ldrex/strex to replace swpb, the old arm arches don't support them. So to avoid this issue, just disable the ARM assembler mutex code, and use the default pthreads mutex. Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15gawk: Update to version 4.1.4Fabio Berton3
Add patch to remove hashbang line in file test/arrayind1.awk. This patch fixes: / |WARNING: gawk-4.1.4-r0 do_package_qa: QA Issue: |/usr/lib/gawk/ptest/test/arrayind1.awk contained in package gawk-ptest |requires /usr/local/bin/awk, but no providers found in RDEPENDS_gawk-ptest? |[file-rdeps] \ Patch was submitted to upstream [1] [1] https://lists.gnu.org/archive/html/bug-gawk/2016-11/msg00003.html Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15cve-check.bbclass: CVE-2014-2524 / readline v5.2André Draszik1
Contrary to the CVE report, the vulnerable trace functions don't exist in readline v5.2 (which we keep for GPLv2+ purposes), they were added in readline v6.0 only - let's whitelist that CVE in order to avoid false positives. See also the discussion in https://patchwork.openembedded.org/patch/81765/ Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Lukasz Nowak <lnowak@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15initrdscripts: add support for NVME target installJoe Konno2
Add awareness of /dev/nvme* block devices to install scripts. As presently written, installer knows only of /dev/sd* and /dev/mmcblk* block devices. Building upon scaffolding put in place by Awais in... 80ec9f627915 ("initrdscripts: handle mmc device as installer medium") Signed-off-by: Joe Konno <joe.konno@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
2016-11-15curl: Update to version 7.51.0Fabio Berton1
CVE fixed in 7.51.0: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curl_maprintf CVE-2016-8619: double-free in krb5 code CVE-2016-8620: glob parser write/read out of bounds CVE-2016-8621: curl_getdate read out of bounds CVE-2016-8622: URL unescape heap overflow via integer truncation CVE-2016-8623: Use-after-free via shared cookies CVE-2016-8624: invalid URL parsing with '#' CVE-2016-8625: IDNA 2003 makes curl use wrong host To see complete log access link bellow: https://curl.haxx.se/changes.html#7_51_0 Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br> Signed-off-by: Ross Burton <ross.burton@intel.com>