summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* systemd: update a uclibc specific patch to avoid segment faultChenQi/daisy-systemd-uclibc-allocaChen Qi2014-06-041-24/+33
| | | | | | | | | | | | | The alloca() function allocates space in the stack frame of the caller, so using alloca(new_size - old_size) would possibly crash the stack, causing a segment fault error. This patch fixes the above problem by avoiding using this function in journal-file.c. [YOCTO #6201] Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
* binutils: Fix building nativesdk binutils with gcc 4.9Khem Raj2014-05-293-0/+221
| | | | | | | | | | | | Patches explain the issue in detail but this is exposed with gcc 4.9 in binutils 2.24 (From OE-Core rev: fc5c467b680fc5aef4b0f689e6988e17a9322ae0) (From OE-Core rev: 4dfb8847ebf8aab90ad8888933468e2899c96998) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-tests: recipe for cryptodev test suite based on OpenSSLDenys Dmytriyenko2014-05-293-0/+121
| | | | | | | (From OE-Core rev: c54fa061da6195081cd29817a351a36377b58e53) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-module: recipe for out-of-tree cryptodev device driverDenys Dmytriyenko2014-05-293-0/+132
| | | | | | | | | Depends on cryptodev-linux for providing a header file (From OE-Core rev: b7587d2ef7642dcc248744ade8f85f815185e78c) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-linux: create common .inc file to be shared by module and testsDenys Dmytriyenko2014-05-292-9/+13
| | | | | | | (From OE-Core rev: a3a834cf9f35682655661a7c6ba66c1de3491320) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-linux: move to recipes-kernel to be shared with module and testsDenys Dmytriyenko2014-05-291-0/+0
| | | | | | | (From OE-Core rev: e7aace7658fabe41839a3ec1b596bf28c6a4c02e) Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0849Yue Tao2014-05-292-0/+37
| | | | | | | | | | | | | | | | The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a crafted (1) width or (2) height dimension that is not a multiple of sixteen in id RoQ video data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0849 (From OE-Core rev: 1a43a8054f51fbd542f3f037dc35f8b501e455bf) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0850Yue Tao2014-05-292-0/+30
| | | | | | | | | | | | | | | The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted H.264 data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850 (From OE-Core rev: 69f3f0f94f4fd224e5a6b275207adf0539d085c3) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0856Yue Tao2014-05-292-0/+31
| | | | | | | | | | | | | | | The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0856 (From OE-Core rev: 571ccce77859435ff8010785e11627b20d8b31f4) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0854Yue Tao2014-05-292-0/+33
| | | | | | | | | | | | | | | The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted MJPEG data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854 (From OE-Core rev: b3d9c8f603ebdbc21cb2ba7e62f8b5ebb57c40c1) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0851Yue Tao2014-05-292-0/+30
| | | | | | | | | | | | | | | | The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0851 (From OE-Core rev: 8c9868d074f5d09022efc9419ee09eb805f68394) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0858Yue Tao2014-05-292-0/+38
| | | | | | | | | | | | | | | The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via ATRAC3 data with the joint stereo coding mode set and fewer than two channels. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858 (From OE-Core rev: 0ee8754c973f5eff3ba4d00319a5308888c12b17) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0852Yue Tao2014-05-292-0/+35
| | | | | | | | | | | | | | | The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0852 (From OE-Core rev: 37f9371b44bd914fdd64e4c4e4448a2908512203) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0845Yue Tao2014-05-292-0/+62
| | | | | | | | | | | | | | | libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to have an unspecified impact via a crafted block length, which triggers an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0845 (From OE-Core rev: cc6e2ee53c49206aa3377c512c3bd1de2e14a7b7) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0868Yue Tao2014-05-293-0/+150
| | | | | | | | | | | | | | | | libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) len==0 cases. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0868 (From OE-Core rev: 29dcc2c8e834cf43e415eedefb8fce9667b3aa40) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2014-2099Yue Tao2014-05-292-0/+51
| | | | | | | | | | | | | | | | | The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2099 (From OE-Core rev: 3e27099f9aad1eb48412b07a18dcea398c18245b) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2013-0865Yue Tao2014-05-292-0/+52
| | | | | | | | | | | | | | | | The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0865 (From OE-Core rev: 4a93fc0a63cedbebfdc9577e2f1deb3598fb5851) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-ffmpeg: fix for Security Advisory CVE-2014-2263Yue Tao2014-05-292-0/+70
| | | | | | | | | | | | | | | | The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier, allows remote attackers to have unspecified impact and vectors, which trigger an out-of-bounds write. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2263 (From OE-Core rev: 70bf8c8dea82e914a6dcf67aefb6386dbc7706cd) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: fix for CVE-2010-5298Yue Tao2014-05-291-0/+24
| | | | | | | | | | | | | | | | | Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298 (From OE-Core rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: fix for Security Advisory CVE-2013-4231Yue Tao2014-05-292-1/+46
| | | | | | | | | | | | | | | | | | | | | | | | | | Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231 (From OE-Core rev: 19e6d05161ef9f4e5f7277f6eb35eb5d94ecf629) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: CVE-2013-1740Li Wang2014-05-292-0/+917
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740 https://bugzilla.mozilla.org/show_bug.cgi?id=919877 https://bugzilla.mozilla.org/show_bug.cgi?id=713933 changeset: 10946:f28426e944ae user: Wan-Teh Chang <wtc@google.com> date: Tue Nov 26 16:44:39 2013 -0800 summary: Bug 713933: Handle the return value of both ssl3_HandleRecord calls changeset: 10945:774c7dec7565 user: Wan-Teh Chang <wtc@google.com> date: Mon Nov 25 19:16:23 2013 -0800 summary: Bug 713933: Declare the |falseStart| local variable in the smallest changeset: 10848:141fae8fb2e8 user: Wan-Teh Chang <wtc@google.com> date: Mon Sep 23 11:25:41 2013 -0700 summary: Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org changeset: 10898:1b9c43d28713 user: Brian Smith <brian@briansmith.org> date: Thu Oct 31 15:40:42 2013 -0700 summary: Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc (From OE-Core rev: 11e728e64e37eec72ed0cb3fb4d5a49ddeb88666) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* nss: CVE-2014-1492Li Wang2014-05-292-0/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | the patch comes from: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492 https://bugzilla.mozilla.org/show_bug.cgi?id=903885 changeset: 11063:709d4e597979 user: Kai Engert <kaie@kuix.de> date: Wed Mar 05 18:38:55 2014 +0100 summary: Bug 903885, address requests to clarify comments from wtc changeset: 11046:2ffa40a3ff55 tag: tip user: Wan-Teh Chang <wtc@google.com> date: Tue Feb 25 18:17:08 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling v4, r=kaie changeset: 11045:15ea62260c21 user: Christian Heimes <sites@cheimes.de> date: Mon Feb 24 17:50:25 2014 +0100 summary: Bug 903885, fix IDNA wildcard handling, r=kaie (From OE-Core rev: a83a1b26704f1f3aadaa235bf38094f03b3610fd) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-4277Yue Tao2014-05-294-1/+33
| | | | | | | | | | | | | | | | Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through 1.8.1 allows local users to overwrite arbitrary files or kill arbitrary processes via a symlink attack on the file specified by the --pid-file option. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277 (From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846Yue Tao2014-05-292-1/+55
| | | | | | | | | | | | | | | | | | | | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a LOCK on an activity URL. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846 The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an anonymous LOCK for a URL that does not exist. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847 (From OE-Core rev: 3962b76185194fa56be7f1689204a1188ea44737) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-1845Yue Tao2014-05-292-1/+173
| | | | | | | | | | | | | | | | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service (memory consumption) by (1) setting or (2) deleting a large number of properties for a file or directory. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845 (From OE-Core rev: 432666b84b80f8b0d13672aa94855369f577c56d) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-4131Yue Tao2014-05-292-0/+43
| | | | | | | | | | | | | | | | | The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service (assertion failure or out-of-bounds read) via a certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision root. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131 (From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-4505Yue Tao2014-05-294-1/+259
| | | | | | | | | | | | | | | | The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0 through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass intended access restrictions and possibly cause a denial of service (resource consumption) via a relative URL in a REPORT request. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505 (From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* subversion: fix for Security Advisory CVE-2013-1849Yue Tao2014-05-292-0/+26
| | | | | | | | | | | | Reject operations on getcontentlength and getcontenttype properties if the resource is an activity. (From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* screen: fix for Security Advisory CVE-2009-1215Yue Tao2014-05-292-0/+28
| | | | | | | | | | | | | | | | Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file. (From OE-Core rev: be8693bf151987f59c9622b8fd8b659ee203cefc) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-extended/screen/screen_4.0.3.bb
* Screen: fix for Security Advisory CVE-2009-1214Yue Tao2014-05-292-0/+87
| | | | | | | | | | | | | | | | GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information. (From OE-Core rev: 25a212d0154906e7a05075d015dbc1cfdfabb73a) Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-extended/screen/screen_4.0.3.bb
* openssh: fix for CVE-2014-2653Chen Qi2014-05-292-1/+116
| | | | | | | | | | | | | | The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. (From OE-Core rev: 7b2fff61b3d1c0566429793ee348fa8978ef0cba) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-connectivity/openssh/openssh_6.5p1.bb
* openssh: fix for CVE-2014-2532Chen Qi2014-05-292-1/+24
| | | | | | | | | | | | | | | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. (From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-connectivity/openssh/openssh_6.5p1.bb
* mesa-demos: Specify the lib dir properly.Drew Moseley2014-05-292-2/+2
| | | | | | | | | | | | Use STAGING_EXECPREFIXDIR to specify the location of glut header files and libs rather than STAGING_LIBDIR. Also revert the previous unneeded change to glut.patch. (From OE-Core rev: f38c1846184722180d9091a7a5c1e6e20eed7f2c) Signed-off-by: Drew Moseley <drew_moseley@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mesa-demos: Specify the lib dir to locate glut librariesDrew Moseley2014-05-292-2/+2
| | | | | | | | (From OE-Core rev: 55ecbebdf13ef46f0fb4d87ef11651fe692be33d) Signed-off-by: Drew Moseley <drew_moseley@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qemu: define PACKAGECONFIG[] for ssh2Joe Slater2014-05-291-0/+1
| | | | | | | | | | | qemu configure will search for libssh2 if we do not enable or disable it's use, resulting in non-deterministic builds. We define PACKAGECONFIG[] to avoid this. (From OE-Core rev: ecb819b12a89e4e944974068d2e20ed226979317) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gdb: add PACKAGECONFIG for babeltraceChen Qi2014-05-291-0/+1
| | | | | | | | | | | | | | | | | | | | | Add PACKAGECONFIG for 'babeltrace' so that we don't have the implicit dependency which might lead to problems when building images. As an example of showing what problem we might have without this patch, see the following steps which would lead to a failure. 1. IMAGE_INSTALL_append = " gdb" 2. bitbake babeltrace 3. bitbake gdb 4. bitbake babeltrace -ccleansstate 5. bitbake core-image-minimal The rootfs process would fail with the following error message. error: Can't install gdb-7.7-r0@i586: no package provides babeltrace >= 1.2.1+git0+66c2a20b43 (From OE-Core rev: 3c34d9391136b09bc2e7b0bda6cdc96507845c4b) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rt-tests: Fix warning flag typoRichard Purdie2014-05-291-1/+1
| | | | | | | | As per the comment, this makes it match the Makefile (From OE-Core rev: 6fce92430e6e837d068eb8531dcd432f38adca3a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: Fix rpm -V usageMark Hatle2014-05-292-0/+23
| | | | | | | | | | | | [YOCTO #6309] It appears a logic issue has caused rpm -V to no longer verify the files on the filesystem match what was installed. (From OE-Core rev: 117862cd0eebf6887c2ea6cc353432caee2653aa) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* adt_installer: run autoreconf before configuring opkgLaurentiu Palcu2014-05-291-0/+1
| | | | | | | | | | | opkg fails to build on hosts with older autotools versions. [YOCTO #6293] (From OE-Core rev: 01f3afece8917a5f965f463b79e04693b0d2932a) Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* git: Fix various makefile flagsRichard Purdie2014-05-291-1/+2
| | | | | | | | | | | | | | | | We need to pass CFLAGS and LDFLAGS to the makefile correctly so we need to list them as part of EXTRA_OEMAKE. We also have a problem where git hardlinks binaries in bindir with those in its libexecdir. If we change the RPATH in one of them, it breaks the other. We therefore set the no cross dir hardlinking flag git already has for this kind of issue. This ensures the RPATHS for the git-core binaries works correctly. Its pure luck this has sometimes worked so far. (From OE-Core rev: 64c6ae6a69215b659b82c67e238bc0fbc09a3eab) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ca-certificates: generate CAfile for -native in do_installKoen Kooi2014-05-291-0/+4
| | | | | | | | | | | | | | | | | | | | Git-replacement-native needs the generated files in place for https:// URIs: WARNING: Failed to fetch URL git://github.com/kernelslacker/trinity.git;protocol=https, attempting MIRRORS if available ERROR: Fetcher failure: Fetch command failed with exit code 128, output: Cloning into bare repository '/build/linaro/build/build/downloads/git2/github.com.kernelslacker.trinity.git'... fatal: unable to access 'https://github.com/kernelslacker/trinity.git/': error setting certificate verify locations: CAfile: /build/linaro/build/build/tmp-eglibc/sysroots/x86_64-linux/etc/ssl/certs/ca-certificates.crt CApath: none ERROR: Function failed: Fetcher failure for URL: 'git://github.com/kernelslacker/trinity.git;protocol=https'. Unable to fetch URL from any source. ERROR: Logfile of failure stored in: /build/linaro/build/build/tmp-eglibc/work/aarch64-oe-linux/trinity/1.3-r0/temp/log.do_fetch.7843 ERROR: Task 1378 (/build/linaro/build/meta-linaro/meta-linaro/recipes-extra/trinity/trinity_1.3.bb, do_fetch) failed with exit code '1' (From OE-Core rev: 74a772727cbf4d76d2ef314041acafb3086e4ff9) Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: remove inapporpriate file from curl releaseTudor Florea2014-05-292-0/+8149
| | | | | | | | | | | | | | | | This is the adaptation for the a bugfix upstream The inappropriate file src/tool_hugehelp.c presence in the curl 7.36 release interfered with the upstream fix for https://sourceforge.net/p/curl/bugs/1350/ (From OE-Core rev: c5a52f5b5ae7c5528bc59ee7fb69a2f460a89b81) Signed-off-by: Tudor Florea <tudor.florea@enea.com> [sgw - rebased patch for daisy] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* curl: make PACKAGES match with FILES/RRECOMMENDSKoen Kooi2014-05-291-1/+1
| | | | | | | | | Mostly cosmetic, but entries in PACKAGES should be specified the exact same way as FILES/RRECOMMENDS entries to avoid problems. (From OE-Core rev: 4d2a7f47a9830788455afe00a7c6a857cebbcb81) Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* freetype: disable harfbuzzRoss Burton2014-05-291-0/+2
| | | | | | | | | | | | | | | Freetype has an automatically detected dependency on Harfbuzz, which has a dependency on Freetype. To produce deterministic builds and avoid link failures when rebuilding freetype with harfbuzz present add a PACKAGECONFIG for Harfbuzz and disable it by default. (From OE-Core rev: 17131d42c02b591e1b6d547852cb09b004b8d609) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* syslinux-native: fix parallel building issueChong Lu2014-05-292-1/+40
| | | | | | | | | | | | | | | | | | | | | | | | | There might be an error when parallel build: [snip] cp: cannot create directory `tmp/sysroots/x86_64-linux/usr/share/ syslinux/com32/include/gplinclude': No such file or directory make[4]: *** [install] Error 1 make[3]: *** [gpllib] Error 2 [snip] This is a potential issue. In ${S}/com32/gpllib/Makefile file, install target wants to copy $(SRC)/../gplinclude to $(INSTALLROOT)$(COM32DIR)/include/ directory, but in ${S}/com32/lib/Makefile file, the install target will remove $(INSTALLROOT)$(COM32DIR)/include directory. We need to do com32/lib first. The patch make com32/gpllib depends on com32/lib to fix this issue. (From OE-Core rev: cae1a039658cfb47390650ad5b56536ff19e1217) Signed-off-by: Chong Lu <Chong.Lu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* runqemu-internal: add "console=ttyS0" to ramfs image kernel parametersChen Qi2014-05-291-1/+1
| | | | | | | | | | | | | We need this kernel command parameter so that when we start a ramfs image, we can actually get some output. Although we can make this happen by specifying the 'bootparams' for the 'runqemu' command, it's better to make this the default behaviour. (From OE-Core rev: 3d202594bb92fe75cd70f81345e64c2179b52c32) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* distro_features_check.bbclass: fix wrong indentationSebastian Wiegand2014-05-291-2/+2
| | | | | | | | | | | To fix check of REQUIRED_DISTRO_FEATURES fix indentation in python code. [YOCTO #6349] Reported and written by: Sebastian Wiegand <sebastian.wiegand@gersys.de> (From OE-Core rev: 986db87a3931edce8be79f309d07497e4179a810) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bzip2: fix ptest execution failureMaxin B. John2014-05-291-1/+2
| | | | | | | | | | | | | | | This patch fixes the bzip2 ptest execution failure: root@qemux86:/usr/lib/bzip2/ptest# ./run-ptest make: *** No rule to make target 'runtest'. (This is also applicable for daisy branch) (From OE-Core rev: a8157ba1682c650962150f941b2db775156bbde6) Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lttng-modules: Fix build with older kernels for 2.3.3 as 2.4.0Martin Jansa2014-05-292-123/+1
| | | | | | | | | | | Apply the change "lttng-modules: Fix 3.14 bio tracepoints" to 2.3.3 as well as 2.4.0. (From OE-Core rev: a419ad43a5b3aa5bc3aa095af4d79abe4c24b0d7) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tcf-agent: add systemd supportChen Qi2014-05-292-1/+17
| | | | | | | | | Add systemd unit file tcf-agent.service. (From OE-Core rev: 1a4feebf98780f586bf2e81cf9844e6805a50799) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>