summaryrefslogtreecommitdiffstats
path: root/meta
Commit message (Collapse)AuthorAgeFilesLines
...
* libiconv_1.11.1: merge build and packaging fixes from libiconv_1.14Andre McCurdy2015-12-081-1/+12
| | | | | | | | | | | | | | | | 054151c libiconv: Fix B != S with uclibc builds 273c437 libiconv: Remove RPATH from binaries fcb8d6f libiconv_1.14.bb: Fix build failure [partial-merge] (From OE-Core rev: 3f5b2da748bbb0417a63c69393cdd024623074a2) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: 898e9d7) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* uclibc: backport upstream fix for SH4Andre McCurdy2015-12-082-0/+49
| | | | | | | | | | | | | | | | Backport upstream fix for building uclibc for SH4 with recent gcc: http://git.uclibc.org/uClibc/commit/?id=2c8a7766681b704e710f51c0817534e3f9a952d1 (From OE-Core rev: 6077f09f76b05b002f21e14c62c7c986db5427a9) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (From OE-Core master rev: aa20c3d) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Backport CVE-2015-5600 fixHaris Okanovic2015-12-082-0/+51
| | | | | | | | | | | | | | | | | | | | | | | | | | | | only query each keyboard-interactive device once per authentication request regardless of how many times it is listed Source: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c?f=h#rev1.43 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/auth2-chall.c.diff?r2=1.43&r1=1.42&f=u Bug report: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5600 https://bugzilla.redhat.com/show_bug.cgi?id=1245969 Testing: Built in Fido and installed to x86_64 test system. Verified both 'keyboard-interactive' and 'publickey' logon works with root and a regular user from an openssh 7.1p1-1 client on Arch. (From OE-Core rev: 433f66ba6c79cf49e29251af0985baf5c4b79e23) Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Reviewed-by: Rich Tollerton <rich.tollerton@ni.com> Reviewed-by: Ken Sharp <ken.sharp@ni.com> Natinst-ReviewBoard-ID: 115602 Natinst-CAR-ID: 541263 Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* unzip: CVE-2015-7696, CVE-2015-7697Tudor Florea2015-12-083-0/+71
| | | | | | | | | | | | | | | | CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 (From OE-Core rev: 458d877590bcd39c7f05d31cc6e7600ca59de332) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxslt: CVE-2015-7995Armin Kuster2015-12-082-1/+35
| | | | | | | | | | | | | | | This is a is being give a High rating so please consider it for all 1.1.28 versions. A type confusion error within the libxslt "xsltStylePreCompute()" function in preproc.c can lead to a DoS. Confirmed in version 1.1.28, other versions may also be affected. (From OE-Core rev: 2ad0b4dd7262c251f991bbf7826580d89bd6e73a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oprofile: update --with-kernel option to find perf_event.hTing Liu2015-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | Update --with-kernel=${STAGING_DIR_HOST}/${prefix} to find kernel headers (linux/*.h) to fix the error: | checking kernel supports perf_events... unknown -- perf_event.h not found | ERROR: You requested to build oprofile with '--with-kernel=/buildarea/lyang1/test_f2/tmp/work-shared/qemux86/kernel-source', | but headers were not accessible at the given location. | Be sure you have run the following command from within your kernel source tree: | make headers_install INSTALL_HDR_PATH=<kernel-hdrs-install-dir> | Then pass <kernel-hdrs-install-dir> to oprofile's '--with-kernel' configure option. | configure: error: Unable to build oprofile. Exiting. This is part of the commit b5b3085d9d6a351a1de86f95d5c8ba28dbfbddbb which already applied in poky master branch. (From OE-Core rev: 91ca81244e683c4f24752c59ec3342cd4fb1315d) Signed-off-by: Ting Liu <ting.liu@freescale.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* init-install-efi.sh: Avoid /mnt/mtab creation if already presentLeonardo Sandoval2015-12-081-1/+5
| | | | | | | | | | | | | | | | | | The base-files recipe installs /mnt/mtab (it is a softlink of /proc/mounts), so if an image includes the latter, there is no new to created it again inside the install-efi.sh script, otherwise an error may occur as indicated on the bug's site. [YOCTO #7971] (From OE-Core master rev: 6c6c6528954952e1e323f5a26afd93b99913e6f2) (From OE-Core rev: 92da534cefb5937c69553dbe599b664dc73292f3) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: fix networking setup when ipv6 modules are missingStefan Christ2015-12-082-0/+79
| | | | | | | | | | | If the ipv6 kernel modules are missing, e.g. /lib/modules/<version> doesn't match the runnig kernel, networkd doesn't bring up the interfaces correctly. Backport fix from systemd version v220. (From OE-Core rev: 3db960ef645606226784cbfd994d476892db07fe) Signed-off-by: Stefan Christ <s.christ@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: add PACKAGECONFIG for qrencodeJonathan Liu2015-12-081-0/+1
| | | | | | | | | | | (From OE-Core master rev: 5c0dc3e8f49621827e20f79fb6bc945c3f17315e) (From OE-Core rev: 2b8579f18f6e0477ac46bca870c1caf2c2469128) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: fix tmpfiles location when multilib in useReinette Chatre2015-12-081-2/+2
| | | | | | | | | | | | | | | | | | Systemd's configuration files for creation, deletion and cleaning of volatile and temporary files are installed in /usr/lib even when multilib is in use (when /usr/lib64 is available). In this check the systemd.conf file will not be found if libdir is /usr/lib64 so we fix the path to match this file's installation path to look for it in ${exec_prefix}/lib (From OE-Core master rev: c1ef36c2b3e3876cc166a9a5e153fc6f23b42b92) (From OE-Core rev: 771ee44f3b6f15cc07eb4e3990a05130d3cd6bf1) Signed-off-by: Reinette Chatre <reinette.chatre@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to fido head revisionRichard Purdie2015-09-291-1/+1
| | | | | | (From OE-Core rev: f0873b83d693af4a103999160d67fcf25c7eedc1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate: run recipe-provided hooks outside of ${B}Ross Burton2015-09-291-16/+14
| | | | | | | | | | | | To avoid races between the sstate tasks/hooks using ${B} as the cwd, and other tasks such as cmake_do_configure which deletes and re-creates ${B}, ensure that all sstate hooks are run in the right directory, and run the prefunc/postfunc in WORKDIR. (From OE-Core rev: 07a7e1a0bee5b8757951e67c9353c786a6ac8500) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* autotools.bbclass: mkdir ${B} -> mkdir -p ${B}Robert Yang2015-09-191-1/+1
| | | | | | | | | | | | ${B} is the default cwd of tasks, so there might be race issues such as: | mkdir: cannot create directory `${B}': File exists [snip] NOTE: recipe perf-1.0-r9: task do_configure: Failed (From OE-Core rev: 4c02a30f084408d0a6a5149937ef74520f8346dc) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* perf: mkdir ${B} -> mkdir -p ${B}Robert Yang2015-09-191-1/+1
| | | | | | | | | | | | ${B} is the default cwd of tasks, so there might be race issues such as: | mkdir: cannot create directory `/path/to/work/qemux86-poky-linux/perf/1.0-r9/perf-1.0/': File exists [snip] NOTE: recipe perf-1.0-r9: task do_configure: Failed (From OE-Core rev: eb3d1dac724144637a86e8124b7b6b91bbeab822) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libunwind: Security Advisory - libunwind - CVE-2015-3239Li Zhou2015-09-182-0/+30
| | | | | | | | | | | | | | | | libunwind: Invalid dwarf opcodes can cause references beyond the end of the array Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. (From OE-Core master rev: 9c4e7f5c009b076b0bc638a02fcf3d96c362e7eb) (From OE-Core rev: 38de3cd2fcc5e2c79dcf1c864c84f8e712111e5d) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rootfs.py: show intercept script output in log.do_rootfsMartin Jansa2015-09-181-1/+1
| | | | | | | | | | | | | * without this the output wasn't shown anywhere even when the bb.warn says: "See log for details!" (From OE-Core master rev: a3c322b42c7a14584a80e04519c34689ec813210) (From OE-Core rev: 33b9dc43afbf9d201863d4327cd8689582b19070) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rootfs.py: Allow to override postinst-intercepts locationMartin Jansa2015-09-181-2/+4
| | | | | | | | | | | * useful when we need to overlay/extend intercept scripts from oe-core (From OE-Core master rev: 7d08d2d5c0ae686e3bb8732ea82f30fd189b1cd8) (From OE-Core rev: 0f528bda0bac76e190b03764c603f199a6079fc6) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libtasn1: CVE-2015-3622Sona Sarmadi2015-09-182-0/+45
| | | | | | | | | | | | | | _asn1_extract_der_octet: prevent past of boundary access References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch; h=f979435823a02f842c41d49cd41cc81f25b5d677 (From OE-Core rev: 553bc30b96cd9ef9c5bc621debcf7c23c66d7e42) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565Armin Kuster2015-09-184-1/+110
| | | | | | | | | | | | | three security fixes. CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable (From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: CVE-2015-1349 CVE-2015-4620 CVE-2015-5722Armin Kuster2015-09-184-0/+589
| | | | | | | | | three security fixes. (From OE-Core rev: 16e80afe187c173e00b734c757a05157855ed504) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oprofileui: Use inherit gettextSaul Wold2015-09-181-1/+1
| | | | | | | | | | | | | oprofileui uses gettext during the configuration task so should be inherit gettext. This issue appears when an older version of gettext is used do to pinning to the older non-gplv3 version. [YOCTO #7795] (From OE-Core rev: 7a161f8685c551892218a9a7877c10bdcd170c0e) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnutls: CVE-2015-3308Sona Sarmadi2015-09-183-0/+100
| | | | | | | | | | | | | | | Fixes use-after-free flaw in CRL distribution points parsing Reference: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9 https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02 http://www.openwall.com/lists/oss-security/2015/04/15/6 (From OE-Core rev: 4db630c0cd7988c923eb3f48153a6cedafd6a139) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemurunner: Improves checking for server and target IPs on qemus parametersAlejandro Hernandez2015-09-181-5/+8
| | | | | | | | | | | | | Fixes OS hanging infinitely waiting for qemus process to release bitbake.lock (From OE-Core master rev: d168bf34c553dbe5de7511e158cd83869d7a88bc) (From OE-Core rev: b19f599fe8d06d9381ae774f3289fa8c054ad1cc) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/utils/qemurunner: fix loggingPaul Eggleton2015-09-181-25/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | OE-Core commit 519e381278d40bdac79add340e4c0460a9f97e17 unfortunately broke logging in two different ways: 1) it prevented logging to the task log from working within bitbake -c testimage. This is due to the logger object being set up too early which interferes with BitBake's own logging. If we prefix the name with "BitBake." everything works (and we don't need to set the logging level). 2) Additionally because it called the log functions on the logging module and not the logger object it set up, this caused the oe-selftest logging to start printing everything from that point forward. Fix these two issues and return us to the desired behaviour for do_testimage. (From OE-Core master rev: 429b1971be06d5146bb1c14f4697966cddab3b33) (From OE-Core rev: 095b6ccbf86b1830da2dcf5af09a4ebbcdfca921) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/QemuRunner: don't use bb for loggingRoss Burton2015-09-181-29/+32
| | | | | | | | | | | | | | | | | Instead of using bb.note() etc for logging use logging.Logger directly, allowing the use of QemuRunner outside of bitbake. Also clean up the logging/errors by moving create_socket() out of __init__()/restart() and into start(). (From OE-Core master rev: 519e381278d40bdac79add340e4c0460a9f97e17) (From OE-Core rev: 97478640e1449e861b880dd3bedc6af1b0bbacdc) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzdata: update to 2015dArmin Kuster2015-09-012-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Changes affecting future time stamps Egypt will not observe DST in 2015 and will consider canceling it permanently. For now, assume no DST indefinitely. (Thanks to Ahmed Nazmy and Tim Parenti.) Changes affecting past time stamps America/Whitehorse switched from UTC-9 to UTC-8 on 1967-05-28, not 1966-07-01. Also, Yukon's time zone history is documented better. (Thanks to Brian Inglis and Dennis Ferguson.) Change affecting past and future time zone abbreviations The abbreviations for Hawaii-Aleutian standard and daylight times have been changed from HAST/HADT to HST/HDT, as per US Government Printing Office style. This affects only America/Adak since 1983, as America/Honolulu was already using the new style. (From OE-Core rev: b9f366ab4e0a9cad69b631f402b9afa02d40f667) (From OE-Core rev: 5a1839ecc9a2191252019ddd5c253098006f5bc3) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tzcode: update to 2015dArmin Kuster2015-09-012-10/+11
| | | | | | | | | | | | | | | | Changes affecting code zic has some minor performance improvements. (From OE-Core rev: 3ab7e247b0662a1791169f16424abec426885f80) (From OE-Core rev: cdc4fa9e3301cb478d89cf0c1d690e17313b7096) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gnome: move introspection options to gnomebaseRoss Burton2015-09-012-4/+3
| | | | | | | | | | The gnome class is really a convenience class to include other classes, so move the introspection arguments into gnomebase.bbclass. (From OE-Core rev: b43a1b244a5ceab52713759dc53b00b162d9d43f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: Remove exporting special CPPKhem Raj2015-09-011-1/+0
| | | | | | | | | | | | | | | | | | | | | | This is no more needed. it was done long ago while systemd lived in meta-openembedded http://lists.openembedded.org/pipermail/openembedded-commits/2012-August/141061.html The accompanying patch has been applied to systemd already so we were not needing to set CPP for sometime now. as a nice side effect it helps compiling systemd with clang (From OE-Core rev: b816e3f520bf71c9b681ccea30c8eefd62fb20a2) (From OE-Core master rev: e95365400ae1ffb6b650723cfb2c6a67913c740c) (From OE-Core rev: 981d99d1307b7c36e964ba9b9929b7329169d72b) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* icu: CVE-2014-8146-CVE-2014-8147Sona Sarmadi2015-09-012-0/+50
| | | | | | | | | | | | | | | | | CVE-2014-8146 icu: heap overflow via incorrect isolateCount CVE-2014-8147 icu: integer truncation in the resolveImplicitLevels function References: [1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z [2] https://www.kb.cert.org/vuls/id/602540 [3] http://bugs.icu-project.org/trac/changeset/37080 [4] http://bugs.icu-project.org/trac/changeset/37162 (From OE-Core rev: a461a1a9141fb6a3f79bf9773a837daace2e9996) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* toasterconf: remove master as a branch option from fido releaseAlexandru DAMIAN2015-09-011-19/+4
| | | | | | | | | | | | | | | | | Toaster isn't designed to be forward compatible. As such, a release cannot build releases newer then it. Particularly, "fido" cannot build "master", so we remove "master" from the list of supported releases in "fido" [YOCTO #8154] (From OE-Core rev: bda086118abfb168183dc285357ecbb6dccff5e3) Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com> Signed-off-by: brian avery <avery.brian@gmail.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* glibc: Consider adding -Wno-error in cases when not using -O2Khem Raj2015-09-011-1/+9
| | | | | | | | | | | | | | | | | | glibc has recently turned on Werror globally which is good but then not all option combos are well tested so there still remains cleanup needed when not using -O2, so lets just disable Werror in such cases, until fixed upstream Change-Id: I2d491c360a15b0752c97ff77ee0faaeede6e8d2a (From OE-Core master rev: 52a90e8e592ddd228939e15d7fd0d69f3c1e816f) (From OE-Core rev: 6f358676c33854cd6b02f41232875cf779cde1b8) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdk-pixbuf: Security Advisory - gdk-pixbuf - CVE-2015-4491Li Zhou2015-09-012-0/+90
| | | | | | | | | | | | | | | | | | | | | pixops: Be more careful about integer overflow Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling. (From OE-Core master rev: e27f367d08becce9486f2890cb7382f3c8448246) (From OE-Core rev: 8e6da2d34ed6e3352e235c1723d6b4f425bd5932) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: update SRC_URIRoss Burton2015-09-011-1/+1
| | | | | | | | | | | | | | | Upstream has moved git hosts, so update the SRC_URI appropriately. [ YOCTO #8181 ] (From OE-Core master rev: c6166b7ff7ebcab424af975b1e5378813c684560) (From OE-Core rev: b459e8831dfcb8f4317e115b534567c656efee04) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd-compat-units: set S correctlyRoss Burton2015-09-011-0/+2
| | | | | | | | | | | | | This recipe doesn't unpack any source, so set S to ${WORKDIR}. (From OE-Core master rev: 188a08884d0c1b57d5c8c23f93463399526b19a2) (From OE-Core rev: 5908df2668c46495f3d9626a7d0e6ce8bb1a2f1f) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: update the status of configurable root patchUmut Tezduyar Lindskog2015-09-011-1/+4
| | | | | | | | | | | (From OE-Core master rev: a79afafd422a9b8e74c0eaac6296e6d1802bb994) (From OE-Core rev: 7cfaac7e7f49303a00247d4ac221b6fe13eed7b9) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: add PACKAGECONFIG for valgrindChen Qi2015-09-011-0/+1
| | | | | | | | | | | | | | | | | | | | Execute `bitbake valgrind && bitbake systemd -c cleansstate && bitbake systemd -c configure && bitbake valgrind -c cleansstate && bitbake systemd -c compile', and we would get the following error. src/libsystemd/sd-bus/bus-control.c: fatal error: valgrind/memcheck.h: No such file or directory. Add PACKAGECONFIG option to sovle this problem. (From OE-Core master rev: e35ee4e016fbd659c88444ab7ee8e86008984f2c) (From OE-Core rev: 5a9cf55789f030ce940b8d1c78a75147b4a2b486) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: recommend the vconsole setup unitsRoss Burton2015-09-011-4/+5
| | | | | | | | | | | | | | | systemd's early boot wants to run the vconsole setup units. They were split out so that systems without visible consoles don't need the overhead of packaging kbd etc, but we should pull them in by default. (From OE-Core master rev: a2e7a94f8d777d1cd9a07e1543b88a0cf1f9cd67) (From OE-Core rev: dc0a58e396213e3f1131e0f9be4f81bf29f135b2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: add PACKAGECONFIG selinuxKai Kang2015-09-011-1/+4
| | | | | | | | | | | | | | Add PACKAGECONFIG 'selinux' for systemd. debug-shell.service starts different shell according whether selinux is enabled. (From OE-Core master rev: 3d1aa27191fe4c21428eaf4ae036acb1496b7df7) (From OE-Core rev: a7afb11176a997b65e532c5b4fa2e706a3a27a58) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: backport patch for CVE-2015-5477Joshua Lock2015-09-012-0/+25
| | | | | | | (From OE-Core rev: ba84c727b9c8c743e7ac87e6c84456f679118af8) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* base.bbclass: Note when including pn with INCOMPATIBLE_LICENSESBeth Flanagan2015-09-011-3/+26
| | | | | | | | | | | | | | | | | | | We need to be able to tell people if we WHITELIST a recipe that contains an incompatible licese. Example: If we set WHITELIST_GPL-3.0 ?= "foo", foo will end up on an image even if GPL-3.0 is incompatible. This is the correct behaviour but there is nothing telling people that it is even happening. (From OE-Core master rev: c9da529943b2f563b7b0aeb43576c13dd3b6f932) (From OE-Core rev: 1b449dd0ee88274d01f2ec1f2a22955b824ff8ef) Signed-off-by: Beth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: fix CVE-2015-3209Kai Kang2015-09-012-0/+54
| | | | | | | | | | | | | | | Backport patch to fix CVE-2015-3209. http://git.qemu.org/?p=qemu.git;a=commit;h=9f7c594 (From OE-Core master rev: ea85f36ad438353f5a8e64292dd27f457f1f665c) (From OE-Core rev: d8d68c4a630dc9d802e159f0ffe768e52bea5401) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: backport patches to fix CVE issuesKai Kang2015-09-0112-1/+1244
| | | | | | | | | | | | | | | | | | | | | | | Backport patches to fix CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and CVE-2015-4106. These patches are from debian, but they are originally from: http://git.qemu.org/?p=qemu.git;a=shortlog;h=c25bbf1 (From OE-Core master rev: 496b3ffba6755bb76709c88cf81399c9d23f830a) (From OE-Core rev: 29746e78ca000f4464c8e0a1da55c77e02c651e4) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Refresh the following patches to apply cleanly to our qemu-2.2.0: 07-xen-pt-split-out-calculation-of-throughable-mask-CVE-2015-4106.patch 10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: backport a patch to fix CVE-2015-1863Joshua Lock2015-09-012-0/+48
| | | | | | | | | | | This fix was included in the master branch with the upgrade to 2.4, backport it to fido as the vulnerability was already present in 2.3. (From OE-Core rev: 12fc04731d26597bfb9d9f1713c96b11c8186c43) Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* wpa-supplicant: Fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, ↵Fan Xin2015-09-017-0/+352
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CVE-2015-4145, CVE-2015-4146 wpa-supplicant: backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146 Backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146. This patch is originally from: For CVE-2015-4141: http://w1.fi/security/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch For CVE-2015-4143: http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch For CVE-2015-4144 and CVE-2015-4145: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch For CVE-2015-4146: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch (From OE-Core master rev: ce16e95de05db24e4e4132660d793cc7b1d890b9) (From OE-Core rev: b236c0882d62d8aa722117a54c1ff9edec7f5a6d) Signed-off-by: Fan Xin <fan.xin at jp.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Need more buffers in output queue for better ↵Yuqing Zhu2015-09-012-0/+33
| | | | | | | | | | | | performance (From OE-Core master rev: 4b35871f0883ded624c6d5dd9bbf3365934c0e93) (From OE-Core rev: 9b3ae2e90f405d3c157d5c3d645b2be6b6216042) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Set need_segment after sink pad receive ↵Yuqing Zhu2015-09-012-0/+70
| | | | | | | | | | | | | | | | | | | GST_EVENT_SEGMENT Subparse works in push mode, chain funciton will be called once up stream element finished the seeking and flushing. If set need_segment flag in src pad event handler, the segment event will be pushed earlier, result in the subtitle text will be send out to down stream from the beginning. (From OE-Core master rev: 48742378cd91297db439ee83576f3663befaa8f9) (From OE-Core rev: 0ecbbc39353d92a66d32ea13075aaec76b590fa0) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Enhance SSA text lines parsingYuqing Zhu2015-09-012-0/+226
| | | | | | | | | | | | | Some parser will pass in the original ssa text line which starts with "Dialog:" and there's are maybe multiple Dialog lines in one input buffer. (From OE-Core master rev: f47e6185a2e88081f98704357e873a04d2e39c40) (From OE-Core rev: c2e8974e6c9e3e1eb386375a3839b81c23626d43) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Don't set async of custom text-sink to falseYuqing Zhu2015-09-012-0/+32
| | | | | | | | | | | | | Setting async to false will lead A/V sync problem when seeking. The preroll need to use GAP event instead of setting async to false. (From OE-Core master rev: c3ed0c2162dcdbb1aced57aed33e2791b81db558) (From OE-Core rev: 10c4993d4da66ed2eb857b396c24a3771a0bd0d6) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: Make memory copy when video buffer's memory is ↵Yuqing Zhu2015-09-012-0/+130
| | | | | | | | | | | | | | | read only Detect the memory flag and use gst_buffer_copy_region with GST_BUFFER_COPY_DEEP parameter to perform deep memory copy. (From OE-Core master rev: 817e542096cf2d415b1725ee98a4d3bbf0ed9415) (From OE-Core rev: 5202a84a67be69259c42bfb109aec1e957783945) Signed-off-by: Yuqing Zhu <b54851@freescale.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OpenPOWER on IntegriCloud