summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* lttng-tools: fix alignment issueRoy Li2014-05-273-0/+49
| | | | | | | | | | Fix alignment issue in lttng-tools (From OE-Core rev: 539b77a29eb24b3896c9c436c0b4ce61c6b72b34) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bluez5: upgrade to 5.19Cristian Iorga2014-05-272-3/+3
| | | | | | | | | | | | - Fixes to OBEX, AVRCP browsing, HID over GATT and handling of device unpaired events for dual-mode devices. - New features: user space based HID host implementation (for BR/EDR). (From OE-Core rev: 5dce15e6623748ce3c1456f12d5cde6edc1be939) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perl: fix for CVE-2010-4777yanjun.zhu2014-05-273-2/+49
| | | | | | | | | | | | | | | | | | The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777 (From OE-Core rev: 368df9f13ddf124e6aaaec06c02ab698c9e0b6c3) Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pseudo: handle fchmodat better, mask out unwanted write bitsPeter Seebach2014-05-272-1/+109
| | | | | | | | | | | | | | | | | | | | | | | It turns out that pseudo's decision not to report errors from the host system's fchmodat() can break GNU tar in a very strange way, resulting in directories being mode 0700 instead of whatever they should have been. Additionally, it turns out that if you make directories in your rootfs mode 777, that results in the local copies being mode 777, which could allow a hypothetical attacker with access to the machine to add files to your rootfs image. We should mask out the 022 bits when making actual mode changes in the rootfs. This patch represents a backport to the 1.5.1 branch of three patches from the 1.6 branch, because it took a couple of tries to get this quite right. (From OE-Core rev: 45371858129bbad8f4cfb874e237374a5ba8db4c) Signed-off-by: Peter Seebach <peter.seebach@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python-native : Add patch to fix configure error with gcc 4.8.Philip Balister2014-05-271-0/+1
| | | | | | | | | | | | | We apply this patch to the python recipe already. Without this patch the zeroc-ice-native recipe will not build. See: http://bugs.python.org/issue17547 for more details. (From OE-Core rev: 2335a8ed3748e687e7f34f21f27f8e4029d1e26b) Signed-off-by: Philip Balister <philip@balister.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: add default ${CPAN_MIRROR}Tim Orling2014-05-271-0/+1
| | | | | | | | | | * Set default to http://search.cpan.org/CPAN/, as it should be (From OE-Core rev: 7cf349c3f1f195d529fbd73ce4bf63a439ffa4e6) Signed-off-by: Tim Orling <TicoTimo@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mirrors.bbclass: add ${CPAN_MIRROR} optionTim Orling2014-05-271-0/+2
| | | | | | | | | | | * Perl modules fail to fetch because default CPAN site has been flaky lately. * Create option to use metacpan.org as a mirror. (From OE-Core rev: ffca381d9ad5de3e593c93274cfdb3d2ff4a447f) Signed-off-by: Tim Orling <TicoTimo@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* initramfs-live-install: avoid using grub.d/40_customRobert Yang2014-05-271-8/+7
| | | | | | | | | | | | | | | | | | | | | | | | | We have this in recipes-bsp/grub/grub/40_custom: [snip] menuentry "Linux" { set root=(hd0,1) linux /vmlinuz root=__ROOTFS__ rw __CONSOLE__ __VIDEO_MODE__ __VGA_MODE__ quiet } [snip] These lines are only for initrdscripts/files/init-install.sh, the side effect is that it would make the target's grub-mkconfig doesn't work well since the 40_custom will be installed to /etc/grub.d/40_custom, the grub-mkconfig will run the 40_custom, and there will always be a 'menuentry "Linux"' menu in grub.cfg no matter it is valid or not, we can do this in init-install.sh rather than grub to fix the problem, which is also much simpler. (From OE-Core rev: 8ae89d08454c11035eb2826a06e2243c9f2568b4) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* taglib: Force a disable of the floating dependency on boostRichard Purdie2014-05-271-0/+2
| | | | | | | | | | | | taglib appears to depend on boost if it finds it in the sysroot. Force it not to do this. Someone with better cmake skills may be able to do this in a neater way. (From OE-Core rev: 2c6c6c98416e5a458a02106524b5aa10a4b71d60) (From OE-Core rev: 87fd1d7331f6f64a9037d97672dbe66d93f276de) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* guile: Update to 2.0.11 versionChong Lu2014-05-212-68/+2
| | | | | | | | | | | Upgrade guile to 2.0.11 version and remove unneeded patch since it's included in new version. (From OE-Core rev: f1727bb18f35ff01e53d3d442a6ff3c613639fa6) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* byacc: Update to 20140422 versionChong Lu2014-05-211-2/+2
| | | | | | | | | | Upgrade byacc to 20140422 version. (From OE-Core rev: d58ab8819724cf460360458ac6e59a9c0ca7966c) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* flex: Update to 2.5.39 versionChong Lu2014-05-211-2/+2
| | | | | | | | | | Upgrade flex to 2.5.39 version. (From OE-Core rev: 701f1ae89926306dfbd19786fe0ddabc36fb485c) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0849Yue Tao2014-05-212-0/+37
| | | | | | | | | | | | | | | | The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0849 (From OE-Core rev: 1a43a8054f51fbd542f3f037dc35f8b501e455bf) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0850Yue Tao2014-05-212-0/+30
| | | | | | | | | | | | | | | The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850 (From OE-Core rev: 69f3f0f94f4fd224e5a6b275207adf0539d085c3) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0856Yue Tao2014-05-212-0/+31
| | | | | | | | | | | | | | | The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0856 (From OE-Core rev: 571ccce77859435ff8010785e11627b20d8b31f4) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0854Yue Tao2014-05-212-0/+33
| | | | | | | | | | | | | | | The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854 (From OE-Core rev: b3d9c8f603ebdbc21cb2ba7e62f8b5ebb57c40c1) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0851Yue Tao2014-05-212-0/+30
| | | | | | | | | | | | | | | | The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0851 (From OE-Core rev: 8c9868d074f5d09022efc9419ee09eb805f68394) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0858Yue Tao2014-05-212-0/+38
| | | | | | | | | | | | | | | The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858 (From OE-Core rev: 0ee8754c973f5eff3ba4d00319a5308888c12b17) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0852Yue Tao2014-05-212-0/+35
| | | | | | | | | | | | | | | The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0852 (From OE-Core rev: 37f9371b44bd914fdd64e4c4e4448a2908512203) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0845Yue Tao2014-05-212-0/+62
| | | | | | | | | | | | | | | libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0845 (From OE-Core rev: cc6e2ee53c49206aa3377c512c3bd1de2e14a7b7) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0868Yue Tao2014-05-213-0/+150
| | | | | | | | | | | | | | | | libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) len==0 cases. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0868 (From OE-Core rev: 29dcc2c8e834cf43e415eedefb8fce9667b3aa40) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2014-2099Yue Tao2014-05-212-0/+51
| | | | | | | | | | | | | | | | | The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2099 (From OE-Core rev: 3e27099f9aad1eb48412b07a18dcea398c18245b) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0865Yue Tao2014-05-212-0/+52
| | | | | | | | | | | | | | | | The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0865 (From OE-Core rev: 4a93fc0a63cedbebfdc9577e2f1deb3598fb5851) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2014-2263Yue Tao2014-05-212-0/+70
| | | | | | | | | | | | | | | | The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2263 (From OE-Core rev: 70bf8c8dea82e914a6dcf67aefb6386dbc7706cd) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* distro_features_check.bbclass: fix wrong indentationSebastian Wiegand2014-05-211-2/+2
| | | | | | | | | | | To fix check of REQUIRED_DISTRO_FEATURES fix indentation in python code. [YOCTO #6349] Reported and written by: Sebastian Wiegand <sebastian.wiegand@gersys.de> (From OE-Core rev: 986db87a3931edce8be79f309d07497e4179a810) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: data_smart: Fix an unusual variable reference bugRichard Purdie2014-05-212-1/+6
| | | | | | | | | | | | | | | | | | | | If you try: Y = "" Y_remove = "X" in OE-Core, bitbake will crash with a KeyError during expansion. The reason is that no expansion of the empty value is attempted but removal from is it and hence no varparse data is present for it in the expand_cache. If the value is empty, there is nothing to remove so the best fix is simply not to check for None but check it has any value. Also add a test for this error so it doesn't get reintroduced. (Bitbake rev: af3ce0fc0280e6642fa35de400f75fdbabf329b1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: toaster: reduce redundant foreign key lookupsDavid Reyna2014-05-212-6/+29
| | | | | | | | | | | | | | | | | | Replace redundant foreign key lookups with "with" to improve all recipes page load time. Do depends pre-lookup in the view class, and use python itertation instead of filter() all to achieve x16 processing speedup. [YOCTO #6137] (Bitbake rev: a68a6dc50c11cc59e7c873414e3e22ac2644dea7) Signed-off-by: David Reyna <David.Reyna@windriver.com> Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com> Conflicts: bitbake/lib/toaster/toastergui/views.py Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: toaster: sort columns properly after edit columnsFarrell Wymore2014-05-212-14/+204
| | | | | | | | | | | | If a sorted column is made invisible through the edit columns function, resort the table the its default order. [YOCTO 5919] (Bitbake rev: 64618f7489eb9eb13a97d03cd2d353384f5faa70) Signed-off-by: Farrell Wymore <farrell.wymore@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake: toaster: toaster oe-selftest supportIonut Chisanovici2014-05-211-0/+411
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds toaster tests using the oe-selftest infrastructure. You need to have builds done - the tests will verify data integrity after the toaster collection phase. Once you have your toaster builds done, to run the automated backend tests via oe-selftest do the followings: 1. Update builddir/conf/bblayers.conf to contain the meta-selftest layer 2. From the builddir run: 'oe-selftest toaster' or if you just want to run a single test: 'oe-selftest toaster.Toaster_DB_Tests.testname' This first part adds the meta/lib/oeqa toaster file. (Bitbake rev: bb5b1d6b139b886e54bfdc0c17f2b556db6a7fde) Signed-off-by: Ionut Chisanovici <ionutx.chisanovici@intel.com> Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cups: fix for cups not building without avahiSaul Wold2014-05-211-0/+190
| | | | | | | | | | | Backport upstream patch for CUPS issue: STR #4402 [YOCTO #6325] (From OE-Core rev: 7decf9dce56868e39902dac5957eb72f6e1e9acd) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* harfbuzz: upgrade to 0.9.28Cristian Iorga2014-05-211-5/+3
| | | | | | | | (From OE-Core rev: 8462728aef78debaa15e33121b3ae733049a96ab) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wic: add support to look in all layers and get pluginsJoão Henrique Ferreira de Freitas2014-05-211-5/+23
| | | | | | | | | | | | | | | | Plugins are looked in 'scripts/lib/mic/plugins/[type]/' directory on all BBLAYERS variable returned by bitbake environment. If found, it will be load at runtime. The user could create your own plugin and keep it inside its layers. For now the path must be <layer-dir>/scripts/lib/mic/plugins/[type]/. Where 'type' could be 'imager' or 'source'. (From OE-Core rev: bb6f5d7de1c7ce2680874a74949903db0f5bb91a) Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wic: add support to look in all layers and get .wks fileJoão Henrique Ferreira de Freitas2014-05-212-29/+49
| | | | | | | | | | | | | | | .wks file are looked in 'scripts/lib/image/canned-wks' directory on all BBLAYERS variable returned by bitbake environment. If found, it will be used. The user could create your own .wks and keep it inside its layers. For now the path must be <layer-dir>/scripts/lib/image/canned-wks. (From OE-Core rev: 1f3e312211f277a1befd707a59a0c0a9bf6cbcbc) Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libav: upgrade 9.x version to 9.13Paul Eggleton2014-05-211-2/+2
| | | | | | | | (From OE-Core rev: 937a0da0861abb7656762b2a3fb69eb275dd4a9a) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libav: upgrade 0.8.x version to 0.8.11Paul Eggleton2014-05-211-2/+2
| | | | | | | | (From OE-Core rev: 206f34ac0c0b65768ec2b553a0cb8b93fe7e5ae3) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu-internal: add "console=ttyS0" to ramfs image kernel parametersChen Qi2014-05-211-1/+1
| | | | | | | | | | | | | We need this kernel command parameter so that when we start a ramfs image, we can actually get some output. Although we can make this happen by specifying the 'bootparams' for the 'runqemu' command, it's better to make this the default behaviour. (From OE-Core rev: 3d202594bb92fe75cd70f81345e64c2179b52c32) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* quilt: Update to 0.63 versionChong Lu2014-05-213-2/+3
| | | | | | | | | | | Upgrade quilt to 0.63 version and add perl-module-text-parsewords to RDEPENDS of ptest. (From OE-Core rev: 48c09163db18634e3071009b94645812ade285f4) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpcre: Update to 8.35 versionChong Lu2014-05-211-3/+3
| | | | | | | | | | Upgrade libpcre to 8.35 version. (From OE-Core rev: 32c007bfc4fe7a0ba75644584bb80f8bdff09a01) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2010-5298Yue Tao2014-05-211-0/+24
| | | | | | | | | | | | | | | | | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 (From OE-Core rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix for Security Advisory CVE-2013-4231Yue Tao2014-05-212-1/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231 (From OE-Core rev: 19e6d05161ef9f4e5f7277f6eb35eb5d94ecf629) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: CVE-2013-1740Li Wang2014-05-212-0/+917
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740 https://bugzilla.mozilla.org/show_bug.cgi?id=919877 https://bugzilla.mozilla.org/show_bug.cgi?id=713933 changeset: 10946:f28426e944ae user: Wan-Teh Chang <wtc@google.com> date: Tue Nov 26 16:44:39 2013 -0800 summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls changeset: 10945:774c7dec7565 user: Wan-Teh Chang <wtc@google.com> date: Mon Nov 25 19:16:23 2013 -0800 summary: Bug 713933: Declare the |falseStart| local variable in the smallest changeset: 10848:141fae8fb2e8 user: Wan-Teh Chang <wtc@google.com> date: Mon Sep 23 11:25:41 2013 -0700 summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org changeset: 10898:1b9c43d28713 user: Brian Smith <brian@briansmith.org> date: Thu Oct 31 15:40:42 2013 -0700 summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc (From OE-Core rev: 11e728e64e37eec72ed0cb3fb4d5a49ddeb88666) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: CVE-2014-1492Li Wang2014-05-212-0/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492 https://bugzilla.mozilla.org/show_bug.cgi?id=903885 changeset: 11063:709d4e597979 user: Kai Engert <kaie@kuix.de> date: Wed Mar 05 18:38:55 2014 +0100 summary: Bug 903885, address requests to clarify comments from wtc changeset: 11046:2ffa40a3ff55 tag: tip user: Wan-Teh Chang <wtc@google.com> date: Tue Feb 25 18:17:08 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie changeset: 11045:15ea62260c21 user: Christian Heimes <sites@cheimes.de> date: Mon Feb 24 17:50:25 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling, r=kaie (From OE-Core rev: a83a1b26704f1f3aadaa235bf38094f03b3610fd) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-4277Yue Tao2014-05-214-1/+33
| | | | | | | | | | | | | | | | Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277 (From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846Yue Tao2014-05-212-1/+55
| | | | | | | | | | | | | | | | | | | | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847 (From OE-Core rev: 3962b76185194fa56be7f1689204a1188ea44737) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-1845Yue Tao2014-05-212-1/+173
| | | | | | | | | | | | | | | | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845 (From OE-Core rev: 432666b84b80f8b0d13672aa94855369f577c56d) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-4131Yue Tao2014-05-212-0/+43
| | | | | | | | | | | | | | | | | The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131 (From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-4505Yue Tao2014-05-214-1/+259
| | | | | | | | | | | | | | | | The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505 (From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-1849Yue Tao2014-05-212-0/+26
| | | | | | | | | | | | Reject operations on getcontentlength and getcontenttype properties if the resource is an activity. (From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* screen: fix for Security Advisory CVE-2009-1215Yue Tao2014-05-212-0/+28
| | | | | | | | | | | | | Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. (From OE-Core rev: be8693bf151987f59c9622b8fd8b659ee203cefc) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Screen: fix for Security Advisory CVE-2009-1214Yue Tao2014-05-212-0/+87
| | | | | | | | | | | | | GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. (From OE-Core rev: 25a212d0154906e7a05075d015dbc1cfdfabb73a) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OpenPOWER on IntegriCloud