| Age | Commit message (Collapse) | Author |
|---|
|
Directory traversal vulnerability in the read_long_names function in
libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers
to write to arbitrary files to the root directory via a / (slash) in a
crafted archive, as demonstrated using the ar program.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed:
rm -f src/yacc src/yacc.tmp
echo '#! /bin/sh' >src/yacc.tmp
/bin/bash: src/yacc.tmp: No such file or directory
Makefile:6670: recipe for target 'src/yacc' failed
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upgrade to fix two CVE defects: CVE-2014-8625 and CVE-2015-0840
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8625
Multiple format string vulnerabilities in the parse_error_msg
function in parsehelp.c in dpkg before 1.17.22 allow remote attackers
to cause a denial of service (crash) and possibly execute arbitrary
code via format string specifiers in the (1) package or (2)
architecture name.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0840
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before
1.17.25 allows remote attackers to bypass signature verification
via a crafted Debian source control file (.dsc).
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The patch fixes a warning seen with gcc 4.8 (especially on ubuntu 13.10)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is aready in the source.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Removed:
- unbreak-assumptions.diff
This patch changs the dir to /non-existant-dir, the source code has
changed the dir to /deadir, so it is not needed any more.
- trycompile.diff
There is no try_compile or try_run in numpy/core/setup.py any more, so
assumed that it is not needed.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In an effort to clean up some of the license handling, correctly set the
LICENSE of libgcc-initial to be the same as libgcc which has a GPLv3
exception.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This means you can have one gcc version for some gcc recipes
(e.g. crosssdk/nativesdk) and another gcc version for target code.
Also remove the preferred version entry from the default toolchains
list since the version issue is now handled automatically.
We also need to specifically handle gcc-source in the license handling
code since expanding ${PV} in the base class isn't possible. Since
gcc-source doesn't generate any packages directly this shouldn't be
an issue and whitelisting in this way is easiest (and matches the
rest of the toolchain handling).
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink
attack on a file in the synchronization path.
Backport Complain-if-an-inc-recursive-path-is-not-right-for-i.patch to fix it
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
upgrade to fix two CVE defects: CVE-2015-0248 and CVE-2015-0251
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Kill 2 bugs with one patch
| insserv.c:997:5: note: each undeclared identifier is reported only
once for each function it appears in
| insserv.c:997:15: error: expected ';' before 'char'
| extension char buf[strlen(myname)+2+strlen(fmt)+1];
| ^
| insserv.c: In function 'main':
| insserv.c:2379:5: error: 'extension' undeclared (first use in this
function)
| extension char * argr[argc];
| ^
| insserv.c:2379:15: error: expected ';' before 'char'
| extension char * argr[argc];
| ^
| insserv.c:2401:2: error: 'argr' undeclared (first use in this
function)
| argr[c] = (char*)0;
| ^
Change-Id: I36b7fb9e8baeda5a7cc252da10c0527401248226
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
0.28 was released 2 years ago and bunch of patches
have gone in since. The commit rate is quite low
so its not a lot of churn to use. We have backports
for few bugs that are removed. Git version of recipe is removed too
since its no longer needed
Change-Id: I4b57db15320c76b1de5d26a733e60436663ff34a
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
see https://gcc.gnu.org/gcc-5/porting_to.html
we need to stop the preprocessor from generating the #line directives
or we run into issues like
| checking for apr_int64_t Python/C API format string...
| configure: error: failed to recognize APR_INT64_T_FMT on this platform
| Configure failed. The contents of all config.log files follows to aid
debugging
| ERROR: oe_runconf failed
Rightly subversion should be fixed but lets leave that to subversion
folks
Change-Id: I02a89798ff949f79967ab0a73adcddaa4218662d
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Using PERLHOSTLIB as possible, which is same as
${STAGING_LIBDIR_NATIVE}/perl-native/perl/${@get_perl_version(d)}
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch
We still need it, so update and enable it.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When compiling meta-toolchain-qt5 on cortexa8, the compiler throws an
internal compiler error:
...
qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:
In function 'bool loadPO(Translator&, QIODevice&, ConversionData&)':
qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:717:1:
internal compiler error: in add_stores, at var-tracking.c:6000
...
Tracking this down led to https://bugs.linaro.org/show_bug.cgi?id=534
It seems the bug is well know and fixed upstream. So backporting from
trunk seems to be the right solution. This fixes the compiler problem
on cortexa8 and does not seem to be very invasive. The original commit
can be found at:
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@212178 138bc75d-0d04-0410-961f-82ee72b054a4
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix build error when no help2man on the host:
tmp/work/x86_64-linux/bison-native/3.0.4-r0/bison-3.0.4/build-aux/missing: line 81: help2man: command not found
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There should be only one dev and dbg package.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There should be only one dev and dbg package.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Based on Chong Lu's previous upgrade to 3.0.2
* Remove unneeded patches:
dont-depend-on-help2man.patch and
fix_cross_manpage_building.patch
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The LIC_FILES_CHKSUM has been changed since 2 extra spaces in the end
were moved.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is same gnulib fix replicated across needed recipes
Change-Id: I756713407111a726eae98e26c9c1ff64981371c0
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
use static storage class instead of extern for inline functions
and remove duplicate definitions as a result
Change-Id: I72e8c5f19dff656c18f719d1e9e2ca697c9a856f
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is exposed by musl
Change-Id: I39ea3a66135d33ed0a9abbd94d3c0f39120e3586
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We need to pass _GNU_SOURCE and include fcntl.h
Change-Id: Ice0597ddac3b275400880d85793ece4b300bec9b
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backports from upstream:
http://sourceforge.net/p/strace/code/ci/d34e00b293942b1012ddc49ed3ab379a32337611
http://sourceforge.net/p/strace/code/ci/3460dc486d333231998de0f19918204aacee9ae3
Expected to be released officially as part of strace 4.11
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enable ptest for e2fsprogs by reusing provided testsuite.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream added aarch64 support but forgot to update 'make dist' leading to missing files in the tarball.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The permissions should be 755 in bindir, not 644.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
The original uclibc-support.patch is not compatible with elfutils-0.161.
It should be corrected through adjusting context.
So regenerate a new patch for elfutils-0.161, rename the patch for
elfutils-0.148, and put them into respective directories.
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The default installed syslinux depends on mtools, we install
syslinux-nomtools too, which has the ext2/3/4 support.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Drop dead patches sim-install.patch, uclibc.patch
Change-Id: I5bd160d0959154896096ebc93a8a450d04979c73
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The changes are covered under "${TARGET_OS}" = "linux-musl"
Change-Id: I24a1a8e07abb35c7e3d64b372addfb3bd6f7731c
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There should be only one dev and dbg package
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There should be only one dev and dbg package
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There should be only one dev and dbg package
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
python-cryptography requires fractions module which is currently unpackaged.
Signed-off-by: Tim Orling <TicoTimo@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This issue is surfaces with gcc 5.0 but its a real issue in gold
errors are like
https://sourceware.org/ml/binutils/2010-12/msg00473.html
is the test case
Change-Id: I44806e9fb75a164745e52f0040b7efc9be624ae6
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Cross-compling dpkg application for armeb fails with below error
during configure task,
(snip)
configure:23141: checking dpkg cpu type
configure:23148: result: armeb
configure:23150: WARNING: armeb not found in cputable
configure:23162: checking dpkg operating system type
configure:23169: result: linux-gnueabi
configure:23171: WARNING: linux-gnueabi not found in ostable
configure:23183: checking dpkg architecture name
configure:23189: error: cannot determine host dpkg architecture
-- CUT --
Add the required combination of "gnueabi-linux-armeb" entry in
triplet list.
Signed-off-by: Krishnanjanappa, Jagadeesh <jagadeesh.krishnanjanappa@caviumnetworks.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Currently, file's usage info doesn't contain -P prompt. So add it.
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix perl runtime issue:
* Can't locate overloading.pm in @INC (you may need to install the
overloading module ...) at /usr/lib64/perl/5.20.0/overload.pm line 83.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changes in python 2.7.9 from 2.7.3 cause issues when building the in
tree libffi for ctypes. These issues primarily affect less common
platforms (e.g. MicroBlaze) that are supported by libffi but the python
overrides for the in tree libffi are not able to detect correctly.
This patch changes the python 2.7.9 recipe to match how the python 3
recipe handles libffi by configuring the build to use the system
libffi. This brings consistency between the libffi used for different
python versions as well as with the system.
Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Resolves:
ERROR: QA Issue: binutils: Files/directories were installed but not shipped
/usr/bin/dwp
/usr/bin/ld.gold [installed-vs-shipped]
now gold is always built.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Roy Li
Robert Yang
Richard Purdie
Khem Raj
Stefan Müller-Klieser
Andre McCurdy
Dmitry Eremin-Solenikov
Koen Kooi
Junling Zheng
Martin Jansa
Tim Orling
Krishnanjanappa, Jagadeesh
Wenzong Fan
Nathan Rossi