Richard Purdie [Thu, 22 May 2014 09:49:47 +0000 (10:49 +0100)]
libgpg-error: Extend pkgconfig support to m4 macros
Whilst there is currently .pc file pkgconfig support, it was unused by the
m4 macros. This extends the support so they're used instead of the -config
scripts.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 27 May 2014 15:09:16 +0000 (16:09 +0100)]
devshell: Add interactive python shell
Being able to interact with the python context in the Bitbake task execution
environment has long been desireable. This patch introduces such a
mechanism. Executing "bitbake X -c devpyshell" will open a terminal connected
to a python interactive interpretor in the task context so for example you can
run commands like "d.getVar('WORKDIR')"
This version now includes readline support for command history and various other
bug fixes such as exiting cleanly compared to previous versions.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Peter Seebach [Wed, 28 May 2014 00:14:46 +0000 (19:14 -0500)]
pseudo: Honor umask again
The fchmodat-permissions patch was fine for the fchmod case, but
had the unintended side effect of disregarding umask settings for
open, mknod, mkdir, and their close relatives. Start tracking umask
and masking the umask bits out where appropriate.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Mike Crowe [Tue, 27 May 2014 16:28:43 +0000 (17:28 +0100)]
cmake: Avoid accidentally including libacl.h
The cmake recipe doesn't depend on libacl yet cmake will detect libacl.h
and use it by default. This risks build failures if libacl.h is unstaged
during the build and it also means that the build cmake will sometimes
support ACLs and sometimes not.
This can be avoided by setting ENABLE_ACL=0 but until the fix for
http://cmake.org/Bug/view.php?id=14866 is released we also need to set
HAVE_ACL_LIBACL_H=0.
Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Darren Hart [Tue, 27 May 2014 19:47:45 +0000 (12:47 -0700)]
ddimage: Support Mac OS
Update the ddimage script to allow it to work on Mac OS too. The biggest
difference is sysfs vs diskutil and in the syntax of the stat command
between Mac OS and Linux, unfortunately. Workarounds using ls, cut, and
columns got really fragile really quickly. Relying on stat and switching
on uname seemed the more robust solution.
Signed-off-by: Darren Hart <dvhart@linux.intel.com> Cc: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tim Orling [Thu, 22 May 2014 16:02:19 +0000 (09:02 -0700)]
wayland: upgrade to 1.5.0
* update disable-macro-checks-not-used-for-scanner.patch
= trivial change to non-patched text (+ posix_fallocate)
* drop just-scanner.patch, no longer needed
Signed-off-by: Tim Orling <TicoTimo@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Ross Burton [Thu, 22 May 2014 14:28:32 +0000 (15:28 +0100)]
perl: stop perl-modules recommending perl-ptest
Change the logic that generates the perl-modules recommends to be an include
filter instead of an exclude filter, so that new sub-packages don't become
dependants of perl-modules (such as perl-ptest).
[ YOCTO #6203 ]
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Cristian Iorga [Thu, 22 May 2014 09:33:51 +0000 (12:33 +0300)]
bluez5: upgrade to 5.19
- Fixes to OBEX, AVRCP browsing, HID over GATT
and handling of device unpaired events for dual-mode devices.
- New features: user space based HID host implementation (for BR/EDR).
yanjun.zhu [Tue, 20 May 2014 01:27:47 +0000 (09:27 +0800)]
perl: fix for CVE-2010-4777
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0,
5.14.0, and other versions, when running with debugging enabled,
allows context-dependent attackers to cause a denial of service
(assertion failure and application exit) via crafted input that
is not properly handled when using certain regular expressions,
as demonstrated by causing SpamAssassin and OCSInventory to
crash.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777 Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Peter Seebach [Wed, 21 May 2014 23:12:33 +0000 (18:12 -0500)]
pseudo: handle fchmodat better, mask out unwanted write bits
It turns out that pseudo's decision not to report errors from
the host system's fchmodat() can break GNU tar in a very strange
way, resulting in directories being mode 0700 instead of whatever
they should have been.
Additionally, it turns out that if you make directories in your
rootfs mode 777, that results in the local copies being mode 777,
which could allow a hypothetical attacker with access to the
machine to add files to your rootfs image. We should mask out
the 022 bits when making actual mode changes in the rootfs.
This patch represents a backport to the 1.5.1 branch of three
patches from the 1.6 branch, because it took a couple of tries
to get this quite right.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Robert Yang [Tue, 20 May 2014 02:49:47 +0000 (10:49 +0800)]
initramfs-live-install: avoid using grub.d/40_custom
We have this in recipes-bsp/grub/grub/40_custom:
[snip]
menuentry "Linux" {
set root=(hd0,1)
linux /vmlinuz root=__ROOTFS__ rw __CONSOLE__ __VIDEO_MODE__ __VGA_MODE__ quiet
}
[snip]
These lines are only for initrdscripts/files/init-install.sh, the side
effect is that it would make the target's grub-mkconfig doesn't work
well since the 40_custom will be installed to /etc/grub.d/40_custom, the
grub-mkconfig will run the 40_custom, and there will always be a
'menuentry "Linux"' menu in grub.cfg no matter it is valid or not, we
can do this in init-install.sh rather than grub to fix the problem,
which is also much simpler.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Richard Purdie [Wed, 21 May 2014 16:50:17 +0000 (17:50 +0100)]
taglib: Force a disable of the floating dependency on boost
taglib appears to depend on boost if it finds it in the sysroot. Force
it not to do this. Someone with better cmake skills may be able to
do this in a neater way.
Yue Tao [Mon, 28 Apr 2014 03:12:34 +0000 (11:12 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0849
The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via a
crafted (1) width or (2) height dimension that is not a multiple of
sixteen in id RoQ video data.
Yue Tao [Sun, 27 Apr 2014 13:02:51 +0000 (21:02 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0850
The decode_slice_header function in libavcodec/h264.c in FFmpeg before
1.1 allows remote attackers to have an unspecified impact via crafted
H.264 data, which triggers an out-of-bounds array access.
Yue Tao [Sun, 27 Apr 2014 12:24:18 +0000 (20:24 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0856
The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted Apple
Lossless Audio Codec (ALAC) data, related to a large nb_samples value.
Yue Tao [Sun, 27 Apr 2014 12:04:19 +0000 (20:04 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0854
The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c
in FFmpeg before 1.1 allows remote attackers to have an unspecified
impact via crafted MJPEG data.
Yue Tao [Sun, 27 Apr 2014 11:51:12 +0000 (19:51 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0851
The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted
Electronic Arts Madcow video data, which triggers an out-of-bounds array
access.
Yue Tao [Sun, 27 Apr 2014 11:44:28 +0000 (19:44 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0858
The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before
1.0.4 allows remote attackers to have an unspecified impact via ATRAC3
data with the joint stereo coding mode set and fewer than two channels.
Yue Tao [Sun, 27 Apr 2014 07:37:10 +0000 (15:37 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0852
The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via
crafted RLE data, which triggers an out-of-bounds array access.
Yue Tao [Sun, 27 Apr 2014 07:10:15 +0000 (15:10 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0845
libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to
have an unspecified impact via a crafted block length, which triggers an
out-of-bounds write.
Yue Tao [Sun, 27 Apr 2014 03:56:19 +0000 (11:56 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0868
libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers
to have an unspecified impact via crafted Huffyuv data, related to an
out-of-bounds write and (1) unchecked return codes from the init_vlc
function and (2) len==0 cases.
Yue Tao [Fri, 25 Apr 2014 08:26:00 +0000 (16:26 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2014-2099
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.1.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data.
Yue Tao [Mon, 14 Apr 2014 10:58:29 +0000 (18:58 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2013-0865
The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before
1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an
unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood
Studios VQA Video file, which triggers an out-of-bounds write.
Yue Tao [Mon, 14 Apr 2014 10:38:34 +0000 (18:38 +0800)]
gst-ffmpeg: fix for Security Advisory CVE-2014-2263
The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier,
allows remote attackers to have unspecified impact and vectors, which
trigger an out-of-bounds write.
wic: add support to look in all layers and get plugins
Plugins are looked in 'scripts/lib/mic/plugins/[type]/' directory on all
BBLAYERS variable returned by bitbake environment. If found, it will
be load at runtime.
The user could create your own plugin and keep it inside its layers. For
now the path must be <layer-dir>/scripts/lib/mic/plugins/[type]/. Where
'type' could be 'imager' or 'source'.
Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Chen Qi [Mon, 19 May 2014 08:03:28 +0000 (16:03 +0800)]
runqemu-internal: add "console=ttyS0" to ramfs image kernel parameters
We need this kernel command parameter so that when we start a ramfs
image, we can actually get some output. Although we can make this
happen by specifying the 'bootparams' for the 'runqemu' command, it's
better to make this the default behaviour.
Yue Tao [Mon, 19 May 2014 07:00:38 +0000 (15:00 +0800)]
openssl: fix for CVE-2010-5298
Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.
Yue Tao [Mon, 19 May 2014 06:32:13 +0000 (14:32 +0800)]
tiff: fix for Security Advisory CVE-2013-4231
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers
to cause a denial of service (out-of-bounds write) via a crafted (1)
extension block in a GIF image or (2) GIF raster image to
tools/gif2tiff.c or (3) a long filename for a TIFF image to
tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which
states that the input cannot exceed the allocated buffer size.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple
buffer overflows in libtiff before 4.0.3 allow remote attackers to cause
a denial of service (out-of-bounds write) via a crafted (1) extension
block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3)
a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1
and 3 are disputed by Red Hat, which states that the input cannot exceed
the allocated buffer size.
Li Wang [Mon, 19 May 2014 05:42:53 +0000 (13:42 +0800)]
nss: CVE-2013-1740
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=919877
https://bugzilla.mozilla.org/show_bug.cgi?id=713933
changeset: 10946:f28426e944ae
user: Wan-Teh Chang <wtc@google.com>
date: Tue Nov 26 16:44:39 2013 -0800
summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls
changeset: 10945:774c7dec7565
user: Wan-Teh Chang <wtc@google.com>
date: Mon Nov 25 19:16:23 2013 -0800
summary: Bug 713933: Declare the |falseStart| local variable in the smallest
changeset: 10848:141fae8fb2e8
user: Wan-Teh Chang <wtc@google.com>
date: Mon Sep 23 11:25:41 2013 -0700
summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org
changeset: 10898:1b9c43d28713
user: Brian Smith <brian@briansmith.org>
date: Thu Oct 31 15:40:42 2013 -0700
summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc
Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Yue Tao [Thu, 8 May 2014 10:16:24 +0000 (18:16 +0800)]
subversion: fix for Security Advisory CVE-2013-4277
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
Yue Tao [Tue, 15 Apr 2014 07:22:17 +0000 (15:22 +0800)]
subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Yue Tao [Tue, 15 Apr 2014 05:21:25 +0000 (13:21 +0800)]
subversion: fix for Security Advisory CVE-2013-1845
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
Yue Tao [Tue, 15 Apr 2014 07:57:31 +0000 (15:57 +0800)]
subversion: fix for Security Advisory CVE-2013-4131
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.
Yue Tao [Tue, 15 Apr 2014 02:49:03 +0000 (10:49 +0800)]
subversion: fix for Security Advisory CVE-2013-4505
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
Yue Tao [Mon, 14 Apr 2014 05:01:16 +0000 (13:01 +0800)]
screen: fix for Security Advisory CVE-2009-1215
Race condition in GNU screen 4.0.3 allows local users to create or
overwrite arbitrary files via a symlink attack on the
/tmp/screen-exchange temporary file.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Yue Tao [Mon, 14 Apr 2014 04:41:17 +0000 (12:41 +0800)]
Screen: fix for Security Advisory CVE-2009-1214
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with
world-readable permissions, which might allow local users to obtain
sensitive session information.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Chen Qi [Thu, 15 May 2014 09:36:17 +0000 (17:36 +0800)]
initrdscripts: fix for /run/media
mount.sh in udev-extraconf was modified to use /run/media instead
of /media. Unfortunately, our scripts in initrdscripts have some
dependency on the auto-mounting mechanism proviced by udev-extraconf.
So these scripts should also be fixed to use /run/media instead /media,
otherwise, our live image cannot work correctly.
It accidently replaced 'device/media' by 'device/run/media' which causes
error for live images to be unable to boot up correctly, complaining
"Cannot find rootfs.img in /media/*".
Chong Lu [Thu, 15 May 2014 08:54:32 +0000 (16:54 +0800)]
syslinux-native: fix parallel building issue
There might be an error when parallel build:
[snip]
cp: cannot create directory `tmp/sysroots/x86_64-linux/usr/share/
syslinux/com32/include/gplinclude': No such file or directory
make[4]: *** [install] Error 1
make[3]: *** [gpllib] Error 2
[snip]
This is a potential issue. In ${S}/com32/gpllib/Makefile file,
install target wants to copy $(SRC)/../gplinclude to
$(INSTALLROOT)$(COM32DIR)/include/ directory, but in ${S}/com32/lib/Makefile
file, the install target will remove $(INSTALLROOT)$(COM32DIR)/include
directory. We need to do com32/lib first.
The patch make com32/gpllib depends on com32/lib to fix this issue.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Mon, 12 May 2014 17:00:03 +0000 (18:00 +0100)]
gstreamer/lame: Better gcc 4.9 fix
gstreamer/lame does runtime detection to enable/disable things like SSE code.
Unfortunately it is broken and will try and use this even with i586
compiler flags. This change forces it back to the approach with gcc 4.8
by disabling the problematic headers.
Its suboptimal but less so that the proposed previous forced enabling of
SSE on x86 everywhere.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Commit "rt-tests: bump version 0.87 => 0.89" (SHA1 ID: 7996ca) erroneously
deleted several patch files which were still required for proper function
of the rt-tests recipe. These missing patches adversely affected builds
of the hwlatdetect and hackbench utilities as well as other components.
This commit restores the missing patches and allows the recipe to properly
generate all the components once more. hwlatdetect and hackbench are
built properly and the /usr/src/backfire directory is properly populated
on the target system.
Signed-off-by: Gary S. Robertson <gary.robertson@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Tudor Florea [Mon, 5 May 2014 22:40:11 +0000 (00:40 +0200)]
curl: remove inapporpriate file from curl release
This is the adaptation for the a bugfix upstream
The inappropriate file src/tool_hugehelp.c presence in the curl 7.36 release
interfered with the upstream fix for
https://sourceforge.net/p/curl/bugs/1350/
Drew Moseley [Wed, 14 May 2014 17:08:38 +0000 (13:08 -0400)]
glib-2.0: Do not use readlink to set target paths.
Do not use readlink to set ABS_GLIB_RUNTIME_LIBDIR when cross
compiling. Doing so causes host paths to potentially pollute the
target. Unfortunately in this case we don't actually convert to
an absolute path.
Yasir-Khan [Wed, 14 May 2014 12:04:53 +0000 (17:04 +0500)]
bluez5: Update the bluetooth.conf
In bluez5, agent interface has been renamed from org.bluez.Agent
to org.bluez.Agent1. Reflect this change in bluetooth.conf to
allow sending of dbus messages to agent interface.
*Resolves no PIN prompt bug while pairing
*Resolves bluetooth keyboard connection problem
Ross Burton [Wed, 14 May 2014 10:13:19 +0000 (11:13 +0100)]
freetype: disable harfbuzz
Freetype has an automatically detected dependency on Harfbuzz, which has a
dependency on Freetype.
To produce deterministic builds and avoid link failures when rebuilding freetype
with harfbuzz present add a PACKAGECONFIG for Harfbuzz and disable it by
default.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Chong Lu [Wed, 14 May 2014 09:29:07 +0000 (17:29 +0800)]
dbus: Update to 1.8.2 version
Upgrade dbus to 1.8.2.
Modify ptest suite to make it enabled on new version.
If systemd in DISTRO_FEATURES, we expect to install dbus systemd
unit files.
Remove unneeded patches since it's included in new version.
Remove unrecognized option: "--with-xml"
[YOCTO #6092]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
wic: Extend indirect string connection to support image names and rootfs
The wic command-line param --rootfs-dir gets extended to support
multiple directories and image names. Each '--rootfs-dir' could be
connected using a special string. This special string is a image
name which gets expanded by bitbake to get 'IMAGE_ROOTFS' or
a rootfs-dir path pointing to rootfs directory. Like this:
Koen Kooi [Tue, 13 May 2014 10:16:29 +0000 (12:16 +0200)]
ca-certificates: generate CAfile for -native in do_install
Git-replacement-native needs the generated files in place for https:// URIs:
WARNING: Failed to fetch URL git://github.com/kernelslacker/trinity.git;protocol=https, attempting MIRRORS if available
ERROR: Fetcher failure: Fetch command failed with exit code 128, output:
Cloning into bare repository '/build/linaro/build/build/downloads/git2/github.com.kernelslacker.trinity.git'...
fatal: unable to access 'https://github.com/kernelslacker/trinity.git/': error setting certificate verify locations:
CAfile: /build/linaro/build/build/tmp-eglibc/sysroots/x86_64-linux/etc/ssl/certs/ca-certificates.crt
CApath: none
ERROR: Function failed: Fetcher failure for URL: 'git://github.com/kernelslacker/trinity.git;protocol=https'. Unable to fetch URL from any source.
ERROR: Logfile of failure stored in: /build/linaro/build/build/tmp-eglibc/work/aarch64-oe-linux/trinity/1.3-r0/temp/log.do_fetch.7843
ERROR: Task 1378 (/build/linaro/build/meta-linaro/meta-linaro/recipes-extra/trinity/trinity_1.3.bb, do_fetch) failed with exit code '1'
Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Tue, 13 May 2014 07:46:27 +0000 (15:46 +0800)]
openssh: fix for CVE-2014-2653
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and
earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking
by presenting an unacceptable HostCertificate.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Chen Qi [Tue, 13 May 2014 07:46:26 +0000 (15:46 +0800)]
openssh: fix for CVE-2014-2532
sshd in OpenSSH before 6.6 does not properly support wildcards on
AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
