| Age | Commit message (Collapse) | Author |
|---|
|
The aim of the original commit was to make connman-gnome load the icons
at the exact size of the systray. There are two problems with this:
* There are not enough icon sizes provided to make the scaling
look good at most sizes (including current panel size)
* Both connman-gnome and mb-panel have bugs in the icon size update
code and using scaling to exact size makes these much more visible
(See bug 9995 for example).
The problems the original commit tried to fix can be worked around
with better packing in matchbox-panel-2.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Deals with a CVE issue
Drops a patch applied upstream and no longer needed.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
"make alltests" is sensitive to the timestamps of the installed
files. Depending on the order in which cp copies files, .o and/or
executables may end up with time stamps older than the source files.
Running tests then triggers recompilation attempts, which typically
will fail because dev tools and files are not installed.
"cp -a" is not enough because the files also have to be newer than
the installed header files. Setting the file time stamps to
the current time explicitly after copying solves the problem because
do_install_ptest_base is guaranteed to run after do_install.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This update fixes several CVEs:
* OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
* SWEET32 Mitigation (CVE-2016-2183)
* OOB write in MDC2_Update() (CVE-2016-6303)
* Malformed SHA512 ticket DoS (CVE-2016-6302)
* OOB write in BN_bn2dec() (CVE-2016-2182)
* OOB read in TS_OBJ_print_bio() (CVE-2016-2180)
* DTLS buffered message DoS (CVE-2016-2179)
* DTLS replay protection DoS (CVE-2016-2181)
* Certificate message OOB reads (CVE-2016-6306)
Of these, only CVE-2016-6304 is considered of high
severity. Everything else is low. CVE-2016-2177 and CVE-2016-2178 were
already fixed via local patches, which can be removed now.
See https://www.openssl.org/news/secadv/20160922.txt for details.
Some patches had to be refreshed and one compile error fix from
upstream's OpenSSL_1_0_2-stable was required. The server.pem
file is needed for test_dtls.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bitbake.conf already sets it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
It doesn't have files in udev dir, and bitbake.conf already sets it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Add CVE-2016-4477 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add CVE-2016-4476 patch for avoiding \n and \r characters in passphrase
parameters, which allows remote attackers to cause a denial of service
(daemon outage) via a crafted WPS operation.
Patches came from http://w1.fi/security/2016-1/
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed when building on Debian-testing:
| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Pointer arithmatic results in implementation defined signed integer
type, so that 's - src' in strlcpy and others may trigger signed overflow.
In case of compilation by gcc or clang with -ftrapv option, the overflow
would lead to program abort.
Upstream-status: Submitted [https://bugzilla.mindrot.org/show_bug.cgi?id=2608]
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
MIPS64 target was being configured for linux-mips which defaults to
MIPS32. Doesn't cause any issue as far as I can see but it would be
wiser to use the correct target configuration.
Also add MIPS64le configuration which is missing.
Signed-off-by: Zubair Lutfullah Kakakhel <Zubair.Kakakhel@imgtec.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- kernel-module-tun is needed so that ofono can create the
ppp network interface
- mobile-broadband-provider-info is needed as an explicit
dependency even though it is in DEPENDS, because it's
just an xml database, and the DEPENDS simply allows
ofono to figure out its location in the file system
(using pkg-config during configure). But there is no
shared library dependency or so for bitbake to figure
out this runtime dependency.
We make it a recommendation only, so that it can still
be removed from filesystem images in case people build
images that don't need the provider database (and e.g.
hard-code APNs for specific use-cases)
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add PACKAGECONFIG for ipv6 and control it based
on DISTRO_FEATURES.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove CVE-2015-8325.patch as it's included upstream. Rebase another
patch.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Regarding the last commit about missing dependencies, another issue
was found. The problem was found, while ptest has been built with some
set extra settings. It means, when ptest is going to be built,
it is necessary to rebuild dependencies for test directory too.
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It's simply been missing.
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
We do that everywhere else, and otherwise anybody
extending SRC_URI through bbappend must know to
add a space at the end, which is an unusual
requirement.
Signed-off-by: André Draszik <git@andred.net>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
4.6.0 -> 4.7.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The upstreamable include fixes have been sent upstream. The patch set adds
AC_USE_SYSTEM_EXTENSIONS so we don't need to explictly define _GNU_SOURCE
anymore.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
With binutils 2.27 on at least MIPS, connmand will crash on startup. This
appears to be due to the symbol visibilty scripts hiding symbols that stdio
looks up at runtime, resulting in it segfaulting.
This certainly appears to be a bug in binutils 2.27 although the problem has
been known about for some time:
https://sourceware.org/bugzilla/show_bug.cgi?id=17908
As the version scripts are only used to hide symbols from plugins we can safely
remove the scripts to work around the problem until binutils is fixed.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Settings from EXTRA_OECONF like en/disable no-ssl3, are transferred
only into DEPFLAGS. It means that settings have no effect on output files.
DEPFLAGS will be transferred into output files with make depend command.
https://wiki.openssl.org/index.php/Compilation_and_Installation#Dependencies
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Modify dhcrelay.service to avoid it start failed.
Signed-off-by: Dai Caiyun <daicy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1.32 -> 1.33
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The commit "054ea20 avahi-ui: Build with Gtk+3"
enabled gtk3 and disabled gtk2, which causes failure on
some package depends on gtk2, like gnome-disk-utility
in meta-openembedded/meta-gnome:
| checking for GTK2... yes
| checking for AVAHI_UI... no
| configure: error: Package requirements (avahi-ui >= 0.6.25) were not met:
|
| No package 'avahi-ui' found
The gtk2 and gtk3 feature for avahi-ui is not exclusive, so change
to use PACKAGECONFIG for them so we can easily enable/disable one
of them or both of them as needed.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
5.40 -> 5.41
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Take the dash compatible IPv6 link-local address test from the Debian
version of dhclient-script.
Note that although "echo -e" in the OE version of dhclient-script is
technically bash specific too, it is supported by Busybox echo when
Busybox is configured with CONFIG_FEATURE_FANCY_ECHO enabled (which
is the default in the OE Busybox defconfig) therefore leave as-is.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
After openssl disabled DES, openssh fails to build
for some DES codes are not wrapped in conditional
compile statement "#ifndef OPENSSL_NO_DES" and "#endif".
Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It sometimes fails to run avahi with error: "Could not receive return value
from daemon process". It has same root cause with
https://github.com/lxc/lxc/issues/25.
Backport patch to fix this issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
affects openssl <= 1.0.2h
CVSS v2 Base Score: 2.1 LOW
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Affects openssl <= 1.0.2h
CVSS v2 Base Score: 7.5 HIGH
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
0.15 -> 0.16
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The hardcoded shifting offset causes the following runtime error:
| socat: xioinitialize.c:41: xioinitialize: Assertion `3 <<
| opt_crdly.arg3 == 00030000' failed.
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Enforce the correct tag names across all of oe-core for consistency.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Update the Gtk3 patch to make the StatusIcon load pixbufs at (more)
correct sizes -- Gtk3 does not seem to reliably position the icon
otherwise.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The openssl-c_rehash.sh script reports duplicate files and files which
don't contain a certificate or CRL by echoing a WARNING to stdout.
This warning gets picked up by the log checker during rootfs and results
in several warnings getting reported to the console during an image build.
To prevent the log from being overrun by warnings related to certificates
change these messages in openssl-c_rehash.sh to be prefixed with NOTE not
WARNING.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
restart in the init script uses the check_config() function which doesn't have
the $SSHD_OPTS passed through. This causes it to check the wrong config (and
fail when read-only-rootfs is enabled.
Signed-off-by: Matthew Campbell <mcampbell@izotope.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Add patch to install GtkBuilder ui files for GTK+3.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upstream is not really active anymore: patch the Gtk+3 upgrade
in for now (long term solution is to change to another UI).
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
- Drop fix-external-bind.patch, which dhcp 4.3.4 supports
option --with-libbind=PATH
- Add tweak-to-support-external-bind.patch, tweak the external
bind to oe-core's sysroot rather than external bind source build.
- Drop CVE-2015-8605.patch, CVE-2016-2774.patch, dhcp 4.3.4 has fixed them
- Add configure option --with-randomdev=/dev/random
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Dmitriy Falko <d.falko.work@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
1.17 -> 1.18
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
They are not compatible with python 3, and require python-dbus
and python-gobject (which are provided only for Python 3).
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
They require python-dbus and python-gobject
(which are only provided for Python 3), and have not
been ported to Python 3.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Jussi Kukkonen
Richard Purdie
Patrick Ohly
Robert Yang
Zhixiong Chi
Yuanjie Huang
Zubair Lutfullah Kakakhel
André Draszik
Jackie Huang
Andrej Valek
Maxin B. John
Ross Burton
Stefan Müller-Klieser
Dai Caiyun
Andre McCurdy
mingli.yu@windriver.com
Kai Kang
Armin Kuster
Zhenhua Luo
Joshua Lock
Matthew Campbell
Hongxu Jia
Chen Qi
Dmitriy Falko
Alexander Kanavin