Yue Tao [Mon, 19 May 2014 07:00:38 +0000 (15:00 +0800)]
openssl: fix for CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
Yue Tao [Mon, 19 May 2014 06:32:13 +0000 (14:32 +0800)]
tiff: fix for Security Advisory CVE-2013-4231
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers
to cause a denial of service (out-of-bounds write) via a crafted (1)
extension block in a GIF image or (2) GIF raster image to
tools/gif2tiff.c or (3) a long filename for a TIFF image to
tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which
states that the input cannot exceed the allocated buffer size.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple
buffer overflows in libtiff before 4.0.3 allow remote attackers to cause
a denial of service (out-of-bounds write) via a crafted (1) extension
block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3)
a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1
and 3 are disputed by Red Hat, which states that the input cannot exceed
the allocated buffer size.
Li Wang [Mon, 19 May 2014 05:42:53 +0000 (13:42 +0800)]
nss: CVE-2013-1740
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=919877
https://bugzilla.mozilla.org/show_bug.cgi?id=713933
changeset: 10946:f28426e944ae
user: Wan-Teh Chang <wtc@google.com>
date: Tue Nov 26 16:44:39 2013 -0800
summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls
changeset: 10945:774c7dec7565
user: Wan-Teh Chang <wtc@google.com>
date: Mon Nov 25 19:16:23 2013 -0800
summary: Bug 713933: Declare the |falseStart| local variable in the smallest
changeset: 10848:141fae8fb2e8
user: Wan-Teh Chang <wtc@google.com>
date: Mon Sep 23 11:25:41 2013 -0700
summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org
changeset: 10898:1b9c43d28713
user: Brian Smith <brian@briansmith.org>
date: Thu Oct 31 15:40:42 2013 -0700
summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc
Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Yue Tao [Thu, 8 May 2014 10:16:24 +0000 (18:16 +0800)]
subversion: fix for Security Advisory CVE-2013-4277
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
Yue Tao [Tue, 15 Apr 2014 07:22:17 +0000 (15:22 +0800)]
subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Yue Tao [Tue, 15 Apr 2014 05:21:25 +0000 (13:21 +0800)]
subversion: fix for Security Advisory CVE-2013-1845
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
Yue Tao [Tue, 15 Apr 2014 07:57:31 +0000 (15:57 +0800)]
subversion: fix for Security Advisory CVE-2013-4131
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.
Yue Tao [Tue, 15 Apr 2014 02:49:03 +0000 (10:49 +0800)]
subversion: fix for Security Advisory CVE-2013-4505
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
Yue Tao [Mon, 14 Apr 2014 05:01:16 +0000 (13:01 +0800)]
screen: fix for Security Advisory CVE-2009-1215
Race condition in GNU screen 4.0.3 allows local users to create or
overwrite arbitrary files via a symlink attack on the
/tmp/screen-exchange temporary file.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Yue Tao [Mon, 14 Apr 2014 04:41:17 +0000 (12:41 +0800)]
Screen: fix for Security Advisory CVE-2009-1214
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with
world-readable permissions, which might allow local users to obtain
sensitive session information.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Chen Qi [Thu, 15 May 2014 09:36:17 +0000 (17:36 +0800)]
initrdscripts: fix for /run/media
mount.sh in udev-extraconf was modified to use /run/media instead
of /media. Unfortunately, our scripts in initrdscripts have some
dependency on the auto-mounting mechanism proviced by udev-extraconf.
So these scripts should also be fixed to use /run/media instead /media,
otherwise, our live image cannot work correctly.
It accidently replaced 'device/media' by 'device/run/media' which causes
error for live images to be unable to boot up correctly, complaining
"Cannot find rootfs.img in /media/*".
Chong Lu [Thu, 15 May 2014 08:54:32 +0000 (16:54 +0800)]
syslinux-native: fix parallel building issue
There might be an error when parallel build:
[snip]
cp: cannot create directory `tmp/sysroots/x86_64-linux/usr/share/
syslinux/com32/include/gplinclude': No such file or directory
make[4]: *** [install] Error 1
make[3]: *** [gpllib] Error 2
[snip]
This is a potential issue. In ${S}/com32/gpllib/Makefile file,
install target wants to copy $(SRC)/../gplinclude to
$(INSTALLROOT)$(COM32DIR)/include/ directory, but in ${S}/com32/lib/Makefile
file, the install target will remove $(INSTALLROOT)$(COM32DIR)/include
directory. We need to do com32/lib first.
The patch make com32/gpllib depends on com32/lib to fix this issue.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 12 May 2014 17:00:03 +0000 (18:00 +0100)]
gstreamer/lame: Better gcc 4.9 fix
gstreamer/lame does runtime detection to enable/disable things like SSE code.
Unfortunately it is broken and will try and use this even with i586
compiler flags. This change forces it back to the approach with gcc 4.8
by disabling the problematic headers.
Its suboptimal but less so that the proposed previous forced enabling of
SSE on x86 everywhere.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit "rt-tests: bump version 0.87 => 0.89" (SHA1 ID: 7996ca) erroneously
deleted several patch files which were still required for proper function
of the rt-tests recipe. These missing patches adversely affected builds
of the hwlatdetect and hackbench utilities as well as other components.
This commit restores the missing patches and allows the recipe to properly
generate all the components once more. hwlatdetect and hackbench are
built properly and the /usr/src/backfire directory is properly populated
on the target system.
Signed-off-by: Gary S. Robertson <gary.robertson@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Tudor Florea [Mon, 5 May 2014 22:40:11 +0000 (00:40 +0200)]
curl: remove inapporpriate file from curl release
This is the adaptation for the a bugfix upstream
The inappropriate file src/tool_hugehelp.c presence in the curl 7.36 release
interfered with the upstream fix for
https://sourceforge.net/p/curl/bugs/1350/
Drew Moseley [Wed, 14 May 2014 17:08:38 +0000 (13:08 -0400)]
glib-2.0: Do not use readlink to set target paths.
Do not use readlink to set ABS_GLIB_RUNTIME_LIBDIR when cross
compiling. Doing so causes host paths to potentially pollute the
target. Unfortunately in this case we don't actually convert to
an absolute path.
Yasir-Khan [Wed, 14 May 2014 12:04:53 +0000 (17:04 +0500)]
bluez5: Update the bluetooth.conf
In bluez5, agent interface has been renamed from org.bluez.Agent
to org.bluez.Agent1. Reflect this change in bluetooth.conf to
allow sending of dbus messages to agent interface.
*Resolves no PIN prompt bug while pairing
*Resolves bluetooth keyboard connection problem
Ross Burton [Wed, 14 May 2014 10:13:19 +0000 (11:13 +0100)]
freetype: disable harfbuzz
Freetype has an automatically detected dependency on Harfbuzz, which has a
dependency on Freetype.
To produce deterministic builds and avoid link failures when rebuilding freetype
with harfbuzz present add a PACKAGECONFIG for Harfbuzz and disable it by
default.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Chong Lu [Wed, 14 May 2014 09:29:07 +0000 (17:29 +0800)]
dbus: Update to 1.8.2 version
Upgrade dbus to 1.8.2.
Modify ptest suite to make it enabled on new version.
If systemd in DISTRO_FEATURES, we expect to install dbus systemd
unit files.
Remove unneeded patches since it's included in new version.
Remove unrecognized option: "--with-xml"
[YOCTO #6092]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
wic: Extend indirect string connection to support image names and rootfs
The wic command-line param --rootfs-dir gets extended to support
multiple directories and image names. Each '--rootfs-dir' could be
connected using a special string. This special string is a image
name which gets expanded by bitbake to get 'IMAGE_ROOTFS' or
a rootfs-dir path pointing to rootfs directory. Like this:
Koen Kooi [Tue, 13 May 2014 10:16:29 +0000 (12:16 +0200)]
ca-certificates: generate CAfile for -native in do_install
Git-replacement-native needs the generated files in place for https:// URIs:
WARNING: Failed to fetch URL git://github.com/kernelslacker/trinity.git;protocol=https, attempting MIRRORS if available
ERROR: Fetcher failure: Fetch command failed with exit code 128, output:
Cloning into bare repository '/build/linaro/build/build/downloads/git2/github.com.kernelslacker.trinity.git'...
fatal: unable to access 'https://github.com/kernelslacker/trinity.git/': error setting certificate verify locations:
CAfile: /build/linaro/build/build/tmp-eglibc/sysroots/x86_64-linux/etc/ssl/certs/ca-certificates.crt
CApath: none
ERROR: Function failed: Fetcher failure for URL: 'git://github.com/kernelslacker/trinity.git;protocol=https'. Unable to fetch URL from any source.
ERROR: Logfile of failure stored in: /build/linaro/build/build/tmp-eglibc/work/aarch64-oe-linux/trinity/1.3-r0/temp/log.do_fetch.7843
ERROR: Task 1378 (/build/linaro/build/meta-linaro/meta-linaro/recipes-extra/trinity/trinity_1.3.bb, do_fetch) failed with exit code '1'
Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Tue, 13 May 2014 07:46:27 +0000 (15:46 +0800)]
openssh: fix for CVE-2014-2653
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and
earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking
by presenting an unacceptable HostCertificate.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Tue, 13 May 2014 07:46:26 +0000 (15:46 +0800)]
openssh: fix for CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on
AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Joe Slater [Mon, 12 May 2014 18:54:04 +0000 (11:54 -0700)]
qemu: define PACKAGECONFIG[] for ssh2
qemu configure will search for libssh2 if we do not enable or
disable it's use, resulting in non-deterministic builds. We
define PACKAGECONFIG[] to avoid this.
Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Tue, 13 May 2014 02:54:26 +0000 (10:54 +0800)]
gdb: add PACKAGECONFIG for babeltrace
Add PACKAGECONFIG for 'babeltrace' so that we don't have the implicit
dependency which might lead to problems when building images.
As an example of showing what problem we might have without this patch,
see the following steps which would lead to a failure.
1. IMAGE_INSTALL_append = " gdb"
2. bitbake babeltrace
3. bitbake gdb
4. bitbake babeltrace -ccleansstate
5. bitbake core-image-minimal
The rootfs process would fail with the following error message.
error: Can't install gdb-7.7-r0@i586: no package provides babeltrace >= 1.2.1+git0+66c2a20b43
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Petter Mabäcker [Mon, 12 May 2014 13:55:38 +0000 (15:55 +0200)]
eglibc: remove usage of FILESPATH
Fixes [YOCTO #4497]
Usage of FILESPATH is discouraged, since it can make recipes harder
to bbappend. Instead FILESEXTRAPATHS should be used to extend the path.
If possible try to use any of the default FILESPATH dirs.
Also remove superfluous comment and do minor indentation fix.
Signed-off-by: Petter Mabäcker <petter@technux.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Petter Mabäcker [Mon, 12 May 2014 13:55:36 +0000 (15:55 +0200)]
u-boot: remove unused FILESPATH
Fixes [YOCTO #4497]
Usage of FILESPATH is discouraged, since it can make recipes harder to
bbappend. Instead FILESEXTRAPATHS should be used to extend the path.
However in u-boot no FILESPATH additions are currently needed so
instead it should be removed.
Signed-off-by: Petter Mabäcker <petter@technux.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Petter Mabäcker [Mon, 12 May 2014 13:55:35 +0000 (15:55 +0200)]
python: remove usage of FILESPATH
Fixes [YOCTO #4497]
Usage of FILESPATH is discouraged, since it can make recipes harder to
bbappend. Instead FILESEXTRAPATHS should be used to extend the
path. Don't migrate paths that already exist in base FILESPATH to
FILESEXTRAPATHS.
Signed-off-by: Petter Mabäcker <petter@technux.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Petter Mabäcker [Mon, 12 May 2014 13:55:32 +0000 (15:55 +0200)]
qemu: remove unused FILESPATH
Fixes [YOCTO #4497]
Usage of FILESPATH is discouraged, since it can make recipes harder to
bbappend. Instead FILESEXTRAPATHS should be used to extend the path.
However in nativesdk-qemu-helper no FILESPATH additions are currently needed so
instead it should be removed.
Signed-off-by: Petter Mabäcker <petter@technux.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Petter Mabäcker [Mon, 12 May 2014 13:55:31 +0000 (15:55 +0200)]
mesa: remove usage of FILESPATH
Fixes [YOCTO #4497]
Usage of FILESPATH is discouraged, since it can make recipes harder to
bbappend. Instead FILESEXTRAPATHS should be used to extend the path.
Also remove unused filespath addition.
Signed-off-by: Petter Mabäcker <petter@technux.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Petter Mabäcker [Mon, 12 May 2014 13:55:29 +0000 (15:55 +0200)]
trace-cmd: refactoring recipe
Fixes [YOCTO #4497]
Refactoring recipe to avoid duplicated entries in trace-cmd and
kernelshark bb-files. Also remove usage of FILESPATH and split package
unique patches into separate dirs.
Signed-off-by: Petter Mabäcker <petter@technux.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Petter Mabäcker [Mon, 12 May 2014 13:55:28 +0000 (15:55 +0200)]
gstreamer: remove unused FILESPATH
Fixes [YOCTO #4497]
Usage of FILESPATH is discouraged, since it can make recipes harder to
bbappend. Instead FILESEXTRAPATHS should be used to extend the path.
However in gstreamer no FILESPATH additions are currently needed so
instead it should be removed.
Signed-off-by: Petter Mabäcker <petter@technux.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 12 May 2014 10:04:26 +0000 (11:04 +0100)]
git: Fix various makefile flags
We need to pass CFLAGS and LDFLAGS to the makefile correctly so we
need to list them as part of EXTRA_OEMAKE.
We also have a problem where git hardlinks binaries in bindir with
those in its libexecdir. If we change the RPATH in one of them, it
breaks the other. We therefore set the no cross dir hardlinking flag
git already has for this kind of issue. This ensures the RPATHS for
the git-core binaries works correctly. Its pure luck this has
sometimes worked so far.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 12 May 2014 12:14:47 +0000 (13:14 +0100)]
gst-openmax: fix build with GLib 2.40 onwards
GLib 2.40 adds g_ptr_array_insert, but gst-openmax is definining that as a
static helper function. Rename the static function so it doesn't conflict with
GLib's namespace.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Martin Jansa [Sun, 11 May 2014 06:48:10 +0000 (08:48 +0200)]
gstreamer1.0-plugins-good: add libxfixes and libxdamange to x11 depends
* fixes following issue in test-dependencies report:
gstreamer1.0-plugins-good/gstreamer1.0-plugins-good-ximagesrc/latest lost dependency on libxdamage
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Fri, 9 May 2014 12:29:13 +0000 (13:29 +0100)]
classes/lib/oe: Fix cross/crosssdk references
With the renaming of the cross packages, its no longer possible to use
endswith("-cross") and similar to detect cross packages. Replace these
references with other techniques.
This resolves certain build from sstate failures which were due to the
system believing cross packages were target packages and therefore
dependency handling was altered.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Saul Wold [Fri, 9 May 2014 00:39:22 +0000 (17:39 -0700)]
update-rc.d: Handle multilib case for initscripts
When building multilib, we also have to add the multlib prefix otherwise
we get a WARNING:
WARNING: Multilib QA Issue: lib32-dbus package lib32-dbus - suspicious values 'initscripts-functions' in RDEPENDS
Anders Roxell [Thu, 24 Apr 2014 22:09:05 +0000 (17:09 -0500)]
rt-tests: bump version 0.87 => 0.89
cyclictest was updated to correct some problems with CPU affinity selection
and display of help and/or execution details.
These patches were accepted by the maintainer of the cyclictest utility.
The changes were reflected in an updated release of rt-tests - v0.89
The cyclictest changes were successfully tested on both an ARM v7 and x86_64
host environment.
The OE recipe was updated locally to incorporate the newer rt-tests release
and the resulting builds were verified for the same ARM v7 target
and for qemux86.
Patch files obsoleted by the rt-tests 0.89 release were removed from the recipe
deleted: meta/recipes-rt/rt-tests/files/0001-rt-tests-Allow-for-user-specified-PYLIB.patch
deleted: meta/recipes-rt/rt-tests/files/0002-rt-tests-Break-out-install_hwlatdetect.patch
deleted: meta/recipes-rt/rt-tests/files/added-missing-dependencies.patch
Signed-off-by: Anders Roxell <anders.roxell@linaro.org> Signed-off-by: Gary S. Robertson <gary.robertson@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Matt Cowell [Thu, 17 Apr 2014 19:23:13 +0000 (14:23 -0500)]
chrpath: properly handle rootdir with '..' in path
When there is a '..' in the rootdir path, rootdir will not be a substring of
fpath. This causes an incorrect rpath of the difference between the workdir
and the sysroot to be computed, which is incorrect. Normalizing basedir
fixes this issue.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Wed, 7 May 2014 16:05:33 +0000 (17:05 +0100)]
libxcb: disable check to avoid floating dependencies
The "check" module is checked for in configure without any way to explicitly
enable or disable it, but it isn't a build dependency of libxcb. If it's found
libxslt is also checked for, which is a build dependency but will only be used
if check is also present.
As the libxcb unit test suite is minimal at present, forcibly disable the test
for check and remove the libxslt-native build dependency.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Thu, 8 May 2014 08:31:52 +0000 (16:31 +0800)]
util-linux: fix parallel build issure for PATHFILES
When compiling util-linux, it's possible to encounter the following error.
/bin/sh: line 2:: misc-utils/uuidd.8.tmp: No such file or directory
This is because that the misc-utils directory doesn't exist when trying to
write to misc-utils/uuidd.8.tmp.
When generating misc-utils/uuidd.8 (or anything in PATHFILES), its directory
may not have been created yet. So we need to ensure the existence of the
directory to avoid the compilation error.
[YOCTO #6292]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changhyeok Bae [Thu, 8 May 2014 03:44:04 +0000 (12:44 +0900)]
mirrors.bbclass: Add mirror site for savannah
* The SRC_URI is not accessible.
So need to add mirror site referred by the original site.
* The problem is that
http://download.savannah.gnu.org/releases redirects to closest mirror
and few mirrors (e.g. .jp) weren't working correctly while
http://download-mirror.savannah.gnu.org/releases/ seems to be reliable.
* Add SAVANNAH_GNU_MIRROR and SAVANNAH_NONGNU_MIRROR variable in bitbake.conf.
* Change the SRC_URI using the new variable.
Signed-off-by: Changhyeok Bae <changhyeok.bae@lge.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 6 May 2014 12:50:55 +0000 (12:50 +0000)]
attr: Fix uclibc builds
attr needs libintl headers and libs. Add in the missing dependency and
ensure the linker flag gets passed in multilib builds by replacing the
PN == BPN check with a class-target override instead.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Maxin B. John [Wed, 7 May 2014 12:24:15 +0000 (14:24 +0200)]
libxml2: fix CVE-2014-0191
It was discovered that libxml2, a library providing support to read,
modify and write XML files, incorrectly performs entity substituton in
the doctype prolog, even if the application using libxml2 disabled any
entity substitution. A remote attacker could provide a
specially-crafted XML file that, when processed, would lead to the
exhaustion of CPU and memory resources or file descriptors.
