Ross Burton [Mon, 11 Apr 2016 07:29:16 +0000 (00:29 -0700)]
ncurses: update SRC_URI
Upstream re-arranged their FTP server and deleted the tarball that we were
downloading. This tarball is mirrors on downloads.yoctoproject.org but not
everyone uses that, so Work around this by pointing the SRC_URI at the Yocto
Project source mirror directly.
[ YOCTO #9379 ]
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When the class nativesdk.bbclass is inherited, it redefines TARGET_CC_ARCH,
in the case of python3, this enables debug, causing an error while linking.
Since we don't enable debug during configure some functions are not declared.
This patch makes sure we keep debug disabled, fixing the linking errors.
[YOCTO #9357]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
In case a getty is required on a UART which is not being
used as the kernel console, the current agetty invocation
fails to obey the baud rate configured through the
SERIAL_CONSOLES variable because it uses --keep-baud.
Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
boost: ensure boost to remain an empty metapackage
To ensure that boost remains an empty metapackage after version
updates, we explicitly require boost files to be empty. If new
libraries exist after a version update of the boost recipe,
bitbake will emit a warning at the do_package task. For example,
at the version update from 1.58.0 to 1.59.0, the new timer
library is indicated with:
WARNING: QA Issue: boost: Files/directories were installed but not shipped in any package:
/usr/lib/libboost_timer.so.1.59.0
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
boost: 1 installed and not shipped files. [installed-vs-shipped]
Ross Burton suggested this improvement on the openembedded-core
mailing list during review of the boost recipe version update [1].
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@oss.bmw-carit.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd: chown hwdb.bin to root:root for do_rootfs
This is created by qemu for the do_rootfs case, which bypasses pseudo, so we
need to correct the ownership. This fixes a warning issued by
rootfs_check_host_user_contaminated.
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
nfs-utils: bugfix: adjust name of statd service unit
Upstream nfs-utils use 'rpc-statd.service' and Yocto introduced
'nfs-statd.service' instead but forgot to update the mount.nfs helper
'start-statd' accordingly.
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The SRCREV in the busybox git recipe did not point to a commit ID
on the master branch. Point the variable to something reachable from
the master branch (which fixes this recipe's fetch()).
busybox-1.23: Backport patch to fix zcip false-conflict
Busybox upstream fixed the issue where an incorrect comparison of
addresses led to bogus renegotiation of a new ll ip in 1.24. Backport
this change to 1.23.2.
Signed-off-by: Brad Mouring <brad.mouring@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This dependency is floating otherwise, It races against openssl-native
and when openssl config does not match with openssl on build host the
build fails occasionally
x86_64-linux/usr/include/openssl/ripemd.h:70:4: error: #error RIPEMD is
disabled.
# error RIPEMD is disabled.
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Lehtonen [Thu, 3 Dec 2015 13:54:25 +0000 (15:54 +0200)]
devtool: extract: update SRCTREECOVEREDTASKS for kernel
Add 'do_kernel_configme' and 'do_kernel_configcheck' to
SRCTREECOVEREDTASKS of kernel packages. These tasks should not be run
because kernel meta in the srctree is not necessarily up-to-date or
even present which causes build failures and/or invalid kernel config.
Especially so because 'do_patch' which is a dependency of
'do_kernel_configme' is not being run.
We now store .config in the srctree and 'do_configure' task is able to
run successfully.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Markus Lehtonen [Thu, 3 Dec 2015 13:54:24 +0000 (15:54 +0200)]
devtool: extract: copy kernel config to srctree
This makes the correct kernel config to be used when building kernel
from srctree (extrernalsrc). If no kernel config is present in the
builddir 'do_configure' task copies .config from the srctree.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
lib/oe/patch: Make GitApplyTree._applypatch() support read-only .git/hooks
Rather than modifying files in .git/hooks, which can be read-only
(e.g., if it is a link to a directory in /usr/share), move away the
entire .git/hooks directory temporarily.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Anuj Mittal <anujx.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
license.bbclass: fix host contamination warnings for license files
We get below host contamination warnings of license files for
each recipe, when we try to create a separate ${PN}-lic package (which
contains license files), by setting LICENSE_CREATE_PACKAGE equal to "1"
in local.conf.
-- snip --
WARNING: QA Issue: libcgroup: /libcgroup-lic/usr/share/licenses/libcgroup/generic_LGPLv2.1 is owned by uid 5001, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
WARNING: QA Issue: attr: /attr-lic/usr/share/licenses/attr/libattr.c is owned by uid 5001, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
WARNING: QA Issue: bash: /bash-lic/usr/share/licenses/bash/COPYING is owned by uid 5001, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
-- CUT --
Since the license files from source and OE-core, are populated in a normal
shell environment rather in pseudo environment (fakeroot); the ownership of
these files will be same as host user running bitbake. During the do_package
task (which runs in pseudo environment (fakeroot)), os.link preserves the
ownership of these license files as host user instead of root user.
This causes license files to have UID same as host user id and resulting in
above warnings during do_package_qa task.
Changing ownership of license files to root user (which has UID and GID as 0)
under pseudo environment will solve above warnings, and on exiting pseudo
environment the license files will continue to be owned by host user. Perform
this manipulation within try/except statements, as tasks which are not exected
under pseudo (such as do_populate_lic) result in OSError when trying to
change ownership of license files.
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Anuj Mittal <anujx.mittal@intel.com> Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Ross Burton [Mon, 14 Mar 2016 20:35:35 +0000 (20:35 +0000)]
xorg-lib: allow native building without x11 DISTRO_FEATURES
The Xorg libraries use REQUIRED_DISTRO_FEATURES to stop building on
distributions without the x11 feature but this stops people building native
tooling that uses libX11, such as libsdl-native.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Fri, 11 Mar 2016 20:54:00 +0000 (20:54 +0000)]
base: check for existing prefix when expanding names in PACKAGECONFIG
When the DEPENDS are added as part of the PACKAGECONFIG logic the list of
packages are expanded so that any required nativesdk-/-native/multilib prefixes
and suffixes are added.
However the special handling of virtual/foo names doesn't check that the prefix
already exists, which breaks under nativesdk as in that situation there's an
explicit nativesdk- prefix *and* MLPREFIX is set to nativesdk-. This results in
the same prefix being applied twice, and virtual packages such as virtual/libx11
ending up as virtual/nativesdk-nativesdk-libx11.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Craig McQueen [Thu, 15 Oct 2015 05:13:09 +0000 (16:13 +1100)]
os-release: put double-quotes around variable contents
This makes the resulting /etc/os-release file have valid shell
assignment syntax. This makes it loadable by a shell script, using the
'source' command:
Ross Burton [Fri, 18 Dec 2015 16:56:18 +0000 (16:56 +0000)]
conf/local.conf.sample: comment out ASSUME_PROVIDED=libsdl-native
Ubuntu 15.10 and Debian testing can't build qemu-native against the host libsdl.
Now that libsdl-native is buildable, comment out the ASSUME_PROVIDED which meant
it wouldn't be used.
Ross Burton [Mon, 30 Nov 2015 11:31:14 +0000 (11:31 +0000)]
libsdl: expand PACKAGECONFIG and enable native builds
Use PACKAGECONFIG instead of using logic in DEPENDS and EXTRA_OECONF, adding new
options for PulseAudio, tslib, DirectFB, OpenGL and X11. Pass
--disable-x11-shared so that it links to the X libraries instead of using
dlopen().
Disable tslib by default as the kernel event input subsystem is generally used.
SDL's OpenGL support requires X11 so check for both x11 and opengl, and merge
the dependencies.
Finally enable native builds, with a minimal PACKAGECONFIG that will build from
oe-core for native and nativesdk.
Mariano Lopez [Wed, 30 Dec 2015 06:52:54 +0000 (06:52 +0000)]
image_types.bbclass: Rebuild when WICVARS change
The procces to do a wic image is to save a file with
variables required by wic and then call wic using this
file. Because this is external to bitbake if the vars
change, the image won't be rebuild; an example of such
is IMAGE_BOOT_FILES.
This patch adds these variables to vardeps of do_rootfs
when a wic image is build. This will rebuild the image
if a variable needed by wic changes.
Hardcoding a full input path with zero flexibility goes against everything the
Yocto Project is about. Rework it to let the user specify the wks base
filename with WKS_FILE and it'll search the layers for the wks file and use
it.
Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(From OE-Core master rev: 8cc7f5229f5447c2183ac319dd52c7ed737ec89b) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Noor Ahsan [Wed, 23 Dec 2015 13:50:35 +0000 (15:50 +0200)]
wic: rawcopy: Copy source file to build folder
When a file is given using --sourceparams then wic directly use that file
instead of copying them to build folder. At time of assembling it os.rename
is called which renames all the files to name. In that process the original
file is renamed. When image recipe is rebuilt then wic complains about
missing file which was renamed in previous build.
[YOCTO #8854]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(From OE-Core master rev: 33c52b1f2d39feb641465bf42e8b16d0ab22a316)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Not required for master, an update to 1.0.2g has been submitted.
Backport to fido is required. Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Hongxu Jia [Fri, 13 Nov 2015 11:08:06 +0000 (19:08 +0800)]
wpa-supplicant: Fix CVE-2015-8041
Backport patch from http://w1.fi/security/2015-5/
and rebase for wpa-supplicant 2.4
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Not needed in master since the upgrade to 2.5 Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Armin Kuster [Fri, 5 Feb 2016 14:31:06 +0000 (06:31 -0800)]
socat: Security fix CVE-2016-2217
this address both
Socat security advisory 7 and MSVR-1499: "Bad DH p parameter in OpenSSL"
and Socat security advisory 8: "Stack overflow in arguments parser
Jens Rehsack [Fri, 5 Feb 2016 10:25:40 +0000 (11:25 +0100)]
cross-localedef-native: add ABI breaking glibc patch
Add patch from commit 96b1b5c127e9e0e637aaf7948cf3330a94a5cd57 to cross-localedef-native
to avoid broken images built with ENABLE_BINARY_LOCALE_GENERATION set to 1:
$ sh -c "export LANG=de_DE; ls -la"
sh: loadlocale.c:130: _nl_intern_locale_data: Assertion `cnt < (sizeof (_nl_value_type_LC_COLLATE) / sizeof (_nl_value_type_LC_COLLATE[0]))' failed.
Aborted
Signed-off-by: Jens Rehsack <sno@netbsd.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 2 Feb 2016 22:42:57 +0000 (22:42 +0000)]
piglit: don't use /tmp to write generated sources to
If there are multiple builds on the same machine then piglit writing it's
generated sources to /tmp will race. Instead, export TEMP to tell the tempfile
module to use a temporary directory under ${B}.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
Paul Eggleton [Tue, 26 Jan 2016 00:20:24 +0000 (13:20 +1300)]
gen-lockedsig-cache: fix bad destination path joining
When copying the sstate-cache into the extensible SDK, if the source
path had a trailing / and the destination path did not, there would be a
missing / between the path and the subdirectory name, and you'd end up
with subdirectories like "sstate-cacheCentOS-6.7". There are functions
in os.path for this sort of thing so let's just use them and avoid the
problem.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 5eb8f15c48b5f39a10eb2b63b026cf1ebfd05533) Signed-off-by: Saul Wold <sgw@linux.intel.com>
with the enabling of utmpx in busybox and uClibc it was noted that shadow
support for utmpx also needs utmp explicitly enabled in uclibc. this is
a workaround that might be removed once shadow properly supports
--enable-utmpx to check for utmpx configuration instead of utmp like
it does now
[YOCTO #8243]
[YOCTO #8971]
Signed-off-by: Bogdan-Alexandru Voiculescu <bogdanx.a.voiculescu@intel.com> Signed-off-by: Benjamin Esquivel <benjamin.esquivel@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 969158d63ba2c8e2e11af41c2a6d4f1aa5b0099f) Signed-off-by: Saul Wold <sgw@linux.intel.com>
Armin Kuster [Sun, 31 Jan 2016 17:32:05 +0000 (09:32 -0800)]
glibc-locale: fix QA warning
WARNING: QA Issue: glibc-locale: /glibc-binary-localedata-sd-in/usr/lib/locale/sd_IN/LC_CTYPE is owned by uid 1000, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
fix type Signed-off-by: Armin Kuster <akuster@mvista.com>
Armin Kuster [Thu, 28 Jan 2016 02:17:59 +0000 (18:17 -0800)]
tzdata: update to 2016a
Changed LIC_CHKSUM_FILES to a new LICENSE file.
Add BSD-3-clause to licenses
Changes affecting future time stamps
America/Cayman will not observe daylight saving this year after all.
Revert our guess that it would. (Thanks to Matt Johnson.)
Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00.
(Thanks to Alexander Krivenyshev.)
Asia/Tehran now has DST predictions for the year 2038 and later,
to be March 21 00:00 to September 21 00:00. This is likely better
than predicting no DST, albeit off by a day every now and then.
Changes affecting past and future time stamps
America/Metlakatla switched from PST all year to AKST/AKDT on
2015-11-01 at 02:00. (Thanks to Steffen Thorsen.)
America/Santa_Isabel has been removed, and replaced with a
backward compatibility link to America/Tijuana. Its contents were
apparently based on a misreading of Mexican legislation.
Changes affecting past time stamps
Asia/Karachi's two transition times in 2002 were off by a minute.
(Thanks to Matt Johnson.)
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 39e231cfabda8d75906c935d2a01f37df6121b84) Signed-off-by: Saul Wold <sgw@linux.intel.com>
Armin Kuster [Thu, 28 Jan 2016 02:17:58 +0000 (18:17 -0800)]
tzcode: update to 2016a
Change LIC_CHKSUM_FILES to License. Some files are BSD clause 3
Changes affecting build procedure
An installer can now combine leap seconds with use of the backzone file,
e.g., with 'make PACKRATDATA=backzone REDO=posix_right zones'.
The old 'make posix_packrat' rule is now marked as obsolescent.
(Thanks to Ian Abbott for an initial implementation.)
Changes affecting documentation and commentary
A new file LICENSE makes it easier to see that the code and data
are mostly public-domain. (Thanks to James Knight.) The three
non-public-domain files now use the current (3-clause) BSD license
instead of older versions of that license.
tz-link.htm mentions the BDE library (thanks to Andrew Paprocki),
CCTZ (thanks to Tim Parenti), TimeJones.com, and has a new section
on editing tz source files (with a mention of Sublime zoneinfo,
thanks to Gilmore Davidson).
The Theory and asia files now mention the 2015 book "The Global
Transformation of Time, 1870-1950", and cite a couple of reviews.
The America/Chicago entry now documents the informal use of US
central time in Fort Pierre, South Dakota. (Thanks to Rick
McDermid, Matt Johnson, and Steve Jones.)
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit b7f292b84eea202fb13730c11452ac1957e41cf0) Signed-off-by: Saul Wold <sgw@linux.intel.com>
The existing code doesn't tell regular (with .git) and bare cases and
just move the unpacked repo to the place of kernel source. But later
steps will fail on a bare-cloned repo because we can not checkout
directly in a bare cloned repo.
This change performs another clone to fix the issue.
Note: This change doesn't cover the case that S and WORKDIR are same
and the repo is bare cloned.
Signed-off-by: Jianxun Zhang <jianxun.zhang@linux.intel.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ccfa2ee5c4f509de4c18a7054b2a66fc874d5d69) Signed-off-by: Saul Wold <sgw@linux.intel.com>
Armin Kuster [Wed, 27 Jan 2016 22:20:21 +0000 (14:20 -0800)]
libpcre: bug fixes include security
[Yocto # 9008]
This is the next patch release for pcre. The 8.xx series now only contains
bug fixes.
http://www.pcre.org/original/changelog.txt
The following security fixes are included:
CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex()
CVE-2015-3217 pcre: stack overflow in match()
CVE-2015-5073 CVE-2015-8388 pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis
CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec
CVE-2015-8381 pcre: Heap Overflow in compile_regex()
CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group
CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by name within certain group
CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to certain group
CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion
CVE-2015-8387 pcre: Integer overflow in subroutine calls
CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns
CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns
CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with duplicated named groups
CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary
CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions
CVE-2015-8395 pcre: Buffer overflow caused by certain references
CVE-2016-1283 pcre: Heap buffer overflow in pcre_compile2 causes DoS
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Derek Straka [Mon, 25 Jan 2016 19:15:28 +0000 (14:15 -0500)]
bind: CVE-2015-8704 and CVE-2015-8705
CVE-2015-8704:
Allows remote authenticated users to cause a denial of service via a malformed Address Prefix List record
CVE-2015-8705:
When debug logging is enabled, allows remote attackers to cause a denial of service or have possibly unspecified impact via OPT data or ECS option
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Armin Kuster [Sat, 23 Jan 2016 04:25:19 +0000 (20:25 -0800)]
glibc: CVE-2015-8776
it was found that out-of-range time values passed to the strftime function may
cause it to crash, leading to a denial of service, or potentially disclosure
information.
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Armin Kuster [Sat, 23 Jan 2016 04:23:04 +0000 (20:23 -0800)]
glibc: CVE-2015-9761
A stack overflow vulnerability was found in nan* functions that could cause
applications which process long strings with the nan function to crash or,
potentially, execute arbitrary code.
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Armin Kuster [Sat, 23 Jan 2016 04:19:24 +0000 (20:19 -0800)]
glibc: CVE-2015-8779
A stack overflow vulnerability in the catopen function was found, causing
applications which pass long strings to the catopen function to crash or,
potentially execute arbitrary code.
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Armin Kuster [Sat, 23 Jan 2016 04:13:00 +0000 (20:13 -0800)]
glibc: CVE-2015-8777.patch
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or
libc6) before 2.23 allows local users to bypass a pointer-guarding protection
mechanism via a zero value of the LD_POINTER_GUARD environment variable.
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Richard Purdie [Thu, 17 Dec 2015 12:33:39 +0000 (12:33 +0000)]
nativesdk-buildtools-perl-dummy: Bump PR
Recent changes to this recipe caused automated PR increments
to break, regressing package feeds. The only way to recover
is to bump PR, so do this centrally to fix anyone affected.
Paul Eggleton [Fri, 11 Dec 2015 00:51:31 +0000 (13:51 +1300)]
nativesdk-buildtools-perl-dummy: properly set PACKAGE_ARCH
Turns out I did a silly thing in OE-Core revision 9b1831cf4a2940dca1d23f14dff460ff5a50a520 and forgot to remove the
explicit setting of PACKAGE_ARCH outside of the anonymous python
function; the original bug was apparently fixed but the functionality of
allarch.bbclass was being disabled because it was able to see that
PACKAGE_ARCH was not set to "all" - which was what I was trying to
ensure.
Paul Eggleton [Mon, 9 Nov 2015 16:45:21 +0000 (16:45 +0000)]
nativesdk-buildtools-perl-dummy: fix rebuilding when SDKMACHINE changes
This recipe produces an empty dummy package (in order to satisfy
dependencies on perl so we don't have perl within buildtools-tarball).
Because we were inheriting nativesdk here the recipe was being rebuilt,
but having forced PACKAGE_ARCH to a particular value the packages for
each architecture were stepping on eachother. Since the packages are
empty they can in fact be allarch (even though they won't actually go
into the "all" package feed). It turns out that nheriting nativesdk
wasn't actually necessary either, so drop that.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
