| Age | Commit message (Collapse) | Author | Files |
|---|
|
Use PACKAGECONFIG instead of using logic in DEPENDS and EXTRA_OECONF, adding new
options for PulseAudio, tslib, DirectFB, OpenGL and X11. Pass
--disable-x11-shared so that it links to the X libraries instead of using
dlopen().
Disable tslib by default as the kernel event input subsystem is generally used.
SDL's OpenGL support requires X11 so check for both x11 and opengl, and merge
the dependencies.
Finally enable native builds, with a minimal PACKAGECONFIG that will build from
oe-core for native and nativesdk.
Signed-off-by: Ross Burton <ross.burton@intel.com>
(From OE-Core master rev: 3d6c31c3a4ff34376e17005a981bb55fc6f7a38f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
The procces to do a wic image is to save a file with
variables required by wic and then call wic using this
file. Because this is external to bitbake if the vars
change, the image won't be rebuild; an example of such
is IMAGE_BOOT_FILES.
This patch adds these variables to vardeps of do_rootfs
when a wic image is build. This will rebuild the image
if a variable needed by wic changes.
[YOCTO #8693]
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(From OE-Core master rev: 12c54d50ed4c321dc272beb3c6cb770965c979f1)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Hardcoding a full input path with zero flexibility goes against everything the
Yocto Project is about. Rework it to let the user specify the wks base
filename with WKS_FILE and it'll search the layers for the wks file and use
it.
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(From OE-Core master rev: 8cc7f5229f5447c2183ac319dd52c7ed737ec89b)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN)
https://www.openssl.org/news/secadv/20160301.txt
Signed-off-by: Armin Kuster <akuster@mvista.com>
Not required for master, an update to 1.0.2g has been submitted.
Backport to fido is required.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch from http://w1.fi/security/2015-5/
and rebase for wpa-supplicant 2.4
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Not needed in master since the upgrade to 2.5
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2016-2197 Qemu: ide: ahci null pointer dereference when using FIS CLB engines
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves
affects libgcrypt < 1.6.5
Patch 1 is a dependancy patch. simple macro name change.
Patch 2 is the cve fix.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2016-2225 Make sure to always terminate decoded string
This change is being provide to comply to Yocto compatiblility.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2016-2224 Do not follow compressed items forever.
This change is being provide to comply to Yocto compatiblity.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd
affects libbsd <= 0.8.1 (and therefore not needed in master)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-7547: getaddrinfo() stack-based buffer overflow
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2016-0754 curl: remote file name path traversal in curl tool for Windows
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
this address both
Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in OpenSSL"
and Socat security advisory 8: "Stack overflow in arguments parser
[Yocto # 9024]
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
this patch fixes an incomplete patch in CVE-2015-8126
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8327 cups-filters: foomatic-rip did not consider the back tick as an illegal shell escape character
this time with the recipe changes.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8560 cups-filters: foomatic-rip did not consider semicolon as illegal shell escape character
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add patch from commit 96b1b5c127e9e0e637aaf7948cf3330a94a5cd57 to cross-localedef-native
to avoid broken images built with ENABLE_BINARY_LOCALE_GENERATION set to 1:
$ sh -c "export LANG=de_DE; ls -la"
sh: loadlocale.c:130: _nl_intern_locale_data: Assertion `cnt < (sizeof (_nl_value_type_LC_COLLATE) / sizeof (_nl_value_type_LC_COLLATE[0]))' failed.
Aborted
Signed-off-by: Jens Rehsack <sno@netbsd.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If we don't do this, we can use an mke2fs.conf from a different path which
may contain incompatible flags and lead to obtuse build failures such as:
Invalid filesystem option set: has_journal,extent,huge_file,flex_bg,metadata_csum,64bit,dir_nlink,extra_isize
To fix this, wrap the mke2fs binary and its hardlinks and point at the
correct configuration file.
In particular this fixes conflicts between master and jethro builds
affecting the main autobuilder.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If there are multiple builds on the same machine then piglit writing it's
generated sources to /tmp will race. Instead, export TEMP to tell the tempfile
module to use a temporary directory under ${B}.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 4.1.17
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring()
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This addresses CVE-2016-0728: KEYS: Fix keyring ref leak in join_session_keyring(), and upgrades to LINUX_VERSION 3.14.39
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Fix the following warning:
WARNING: Failed to fetch URL http://downloads.sourceforge.net/project/
libpng/libpng12/1.2.53/libpng-1.2.53.tar.xz, attempting MIRRORS if
available.
[YOCTO #8739]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Fix the following warning:
WARNING: Failed to fetch URL http://downloads.sourceforge.net/
project/libpng/libpng16/1.6.17/libpng-1.6.17.tar.xz, attempting
MIRRORS if available
[YOCTO #8739]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
If CONFIG_FEATURE_LAST_SMALL is enabled the build fails because of a broken
__UT_NAMESIZE test.
[ YOCTO #8869 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
When using parallel make jobs, we need to be sure that
pnglibconf.h is created before we try to reference it,
so add a rule to png.mak.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit fad19750d23aad2d14a1726c4e3c2c0d05f6e13d)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
This enables a world build without x11. GTK3DISTROFEATURES is not
enough because gtk+-x11.pc is still required.
Fixes [YOCTO #8611].
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit dbdcd87144cc1cd6c5d50c800c7f266aaf25ca17)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
with the enabling of utmpx in busybox and uClibc it was noted that shadow
support for utmpx also needs utmp explicitly enabled in uclibc. this is
a workaround that might be removed once shadow properly supports
--enable-utmpx to check for utmpx configuration instead of utmp like
it does now
[YOCTO #8243]
[YOCTO #8971]
Signed-off-by: Bogdan-Alexandru Voiculescu <bogdanx.a.voiculescu@intel.com>
Signed-off-by: Benjamin Esquivel <benjamin.esquivel@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 969158d63ba2c8e2e11af41c2a6d4f1aa5b0099f)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
CVE-2015-7545 git: arbitrary code execution via crafted URLs
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
WARNING: QA Issue: glibc-locale: /glibc-binary-localedata-sd-in/usr/lib/locale/sd_IN/LC_CTYPE is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
fix type
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8370 grub2: buffer overflow when checking password entered during bootup
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-7674 Heap overflow with a gif file in gdk-pixbuf < 2.32.1
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-7558 librsvg2: Stack exhaustion causing DoS
including two supporting patches.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8461 bind: race condition when handling socket errors can lead to an assertion failure in resolver.c\
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8000 bind: responses with a malformed class attribute can trigger an assertion failure in db.c
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2015-0860 dpkg: stack overflows and out of bounds read
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Changed LIC_CHKSUM_FILES to a new LICENSE file.
Add BSD-3-clause to licenses
Changes affecting future time stamps
America/Cayman will not observe daylight saving this year after all.
Revert our guess that it would. (Thanks to Matt Johnson.)
Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00.
(Thanks to Alexander Krivenyshev.)
Asia/Tehran now has DST predictions for the year 2038 and later,
to be March 21 00:00 to September 21 00:00. This is likely better
than predicting no DST, albeit off by a day every now and then.
Changes affecting past and future time stamps
America/Metlakatla switched from PST all year to AKST/AKDT on
2015-11-01 at 02:00. (Thanks to Steffen Thorsen.)
America/Santa_Isabel has been removed, and replaced with a
backward compatibility link to America/Tijuana. Its contents were
apparently based on a misreading of Mexican legislation.
Changes affecting past time stamps
Asia/Karachi's two transition times in 2002 were off by a minute.
(Thanks to Matt Johnson.)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 39e231cfabda8d75906c935d2a01f37df6121b84)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Change LIC_CHKSUM_FILES to License. Some files are BSD clause 3
Changes affecting build procedure
An installer can now combine leap seconds with use of the backzone file,
e.g., with 'make PACKRATDATA=backzone REDO=posix_right zones'.
The old 'make posix_packrat' rule is now marked as obsolescent.
(Thanks to Ian Abbott for an initial implementation.)
Changes affecting documentation and commentary
A new file LICENSE makes it easier to see that the code and data
are mostly public-domain. (Thanks to James Knight.) The three
non-public-domain files now use the current (3-clause) BSD license
instead of older versions of that license.
tz-link.htm mentions the BDE library (thanks to Andrew Paprocki),
CCTZ (thanks to Tim Parenti), TimeJones.com, and has a new section
on editing tz source files (with a mention of Sublime zoneinfo,
thanks to Gilmore Davidson).
The Theory and asia files now mention the 2015 book "The Global
Transformation of Time, 1870-1950", and cite a couple of reviews.
The America/Chicago entry now documents the informal use of US
central time in Fort Pierre, South Dakota. (Thanks to Rick
McDermid, Matt Johnson, and Steve Jones.)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit b7f292b84eea202fb13730c11452ac1957e41cf0)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
