| Age | Commit message (Collapse) | Author |
|---|
|
'apt-opkg' provides a stripped-down opkg frontend with an apt backend.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
systemd.bbclass handles everything based on DISTRO_FEATURES.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
It needs to be relative to DPKG_INSTDIR when installing.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Target scripts already contain the correct value.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Exporting PERL_LIBDIR is enough, compiler.m4 isn't needed.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Keep default dependencies as before. Set default compressor to xz
if selected, gzip otherwise.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
(Backported from master)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
With OE's long build paths, __FILE__ can get annoyingly long and makes
it hard to read debug output of some programs, e.g. lighttpd. So reduce
it to the filename and let's hope nothing breaks.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Debian, Ubuntu and opkg all have it in bindir.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Since 3.8.0, valgrind supports MIPS32. MIPS64 was added in 3.9.0.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The user site-packages gets inserted into sys.path ahead of the
system site directories, so a site package installed there will
be used in preference to what's in our sysroot, causing less
deterministic builds, and potential build breakage, depending
on what the user has installed there. Disable it for our native
python, so they don't affect our builds.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Yasir-Khan <yasir_khan@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit c448bf3629ab5d930ed845d4ba48e37e4a85d2a3)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
opkg-build now checks whether tar supports the '--format' option before using
'--format=gnu' so that packages can be build with both Busybox tar (no
'--format' option) and GNU tar (defaults to posix format unless told otherwise
on some distros).
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 99ed5ed0d2f43549e92481de388c69d65a897774)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The target recipe has these DEPENDS but the native version does not
and this can lead to none deterministic builds. Fix this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9a3240acd0ac64a257bcfd48f743fc85b6c8f449)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
http://bugs.python.org/issue21529
Python 2 and 3 are susceptible to arbitrary process memory reading by
a user or adversary due to a bug in the _json module caused by
insufficient bounds checking.
The sole prerequisites of this attack are that the attacker is able to
control or influence the two parameters of the default scanstring
function: the string to be decoded and the index.
The bug is caused by allowing the user to supply a negative index
value. The index value is then used directly as an index to an array
in the C code; internally the address of the array and its index are
added to each other in order to yield the address of the value that is
desired. However, by supplying a negative index value and adding this
to the address of the array, the processor's register value wraps
around and the calculated value will point to a position in memory
which isn't within the bounds of the supplied string, causing the
function to access other parts of the process memory.
Signed-off-by: Benjamin Peterson <benjamin@python.org>
Applied to python-native recipe in order to fix the above mentioned
vulnerability.
Upstream-Status: Submitted
Signed-off-by: Daniel BORNAZ <daniel.bornaz@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 9ec213bf67afbdfdbe25802ec86487bb22aeb2e4)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Pseudo now automatically tries to shut down the server after running
single commands under pseudo ("pseudo <cmd>"), which means it can
print a useless "server already offline" message in some cases. The
message has been changed to a debugging message only.
The glibc symbol versions for memcpy were being applied to non-x86
targets, unintentionally, which broke builds for at least some targets.
(But pseudo doesn't usually get built for targets so it didn't
get noticed right away.)
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f3b5421a9c95b5516e5810285729affe80729135)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
This uprevs pseudo to 1.6. This merges in all of the existing
fixes, and also adds partial support for extended attributes,
including storing arbitrary extended attributes in the database,
and also interpreting the posix permissions ACLs as chmod
requests.
The extended attribute support means we need xattr.h, the simplest
way to be sure of this is to build attr before pseudo, which doesn't
take long.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b8f5d6b493ec759a97b92cf9b4c07ad8a8114de6)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org> (merge fixes)
|
|
v2 changes:
* update format for commit log
* add Upstream-Status for patch
commit a12eb58959d0a10584a428f4a3103a49204c410f upstream
Dpkg::Source::Patch: Outright reject C-style filenames in patches
Because patch only started recognizing C-style filenames in diffs
in version 2.7, it's not safe to assume one behaviour or the other,
as the system might or might not have a recent enough version, or
a GNU patch program at all. There's also no reason we should be
supporting this kind of strange encoded filenames in patches, when
we have not done so up to now.
Let's just ban these types of diffs and be done with it.
Fixes: CVE-2014-0471, CVE-2014-3127
Closes: #746306
[drop the text for debian/changelog,because it's not suitable
for the veriosn]
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2c3838443eacd3a86ea8917ea53a20248e7bdf03)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
v2 changes:
* update format for commit log
* add Upstream-Status for patch
commit a82651188476841d190c58693f95827d61959b51 upstream
Dkpkg::Source::Patch: Correctly parse C-style diff filenames
We need to strip the surrounding quotes, and unescape any escape
sequence, so that we check the same files that the patch program will
be using, otherwise a malicious package could overpass those checks,
and perform directory traversal attacks on source package unpacking.
Fixes: CVE-2014-0471
Reported-by: Jakub Wilk <jwilk@debian.org>
[drop the text for debian/changelog,because it's not suitable
for the veriosn]
Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 81880b34a8261e824c5acafaa4cb321908e554a0)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Recent changes in opkg-utils allow package files to be stored in a different
directory to the package index if desired.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 237b9700d449de03a3f5dc524c15709f46941cf9)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The fchmodat-permissions patch was fine for the fchmod case, but
had the unintended side effect of disregarding umask settings for
open, mknod, mkdir, and their close relatives. Start tracking umask
and masking the umask bits out where appropriate.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit ce23c1cc33a015fbd184df6c16658353334ab611)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0,
5.14.0, and other versions, when running with debugging enabled,
allows context-dependent attackers to cause a denial of service
(assertion failure and application exit) via crafted input that
is not properly handled when using certain regular expressions,
as demonstrated by causing SpamAssassin and OCSInventory to
crash.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 368df9f13ddf124e6aaaec06c02ab698c9e0b6c3)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
It turns out that pseudo's decision not to report errors from
the host system's fchmodat() can break GNU tar in a very strange
way, resulting in directories being mode 0700 instead of whatever
they should have been.
Additionally, it turns out that if you make directories in your
rootfs mode 777, that results in the local copies being mode 777,
which could allow a hypothetical attacker with access to the
machine to add files to your rootfs image. We should mask out
the 022 bits when making actual mode changes in the rootfs.
This patch represents a backport to the 1.5.1 branch of three
patches from the 1.6 branch, because it took a couple of tries
to get this quite right.
Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 45371858129bbad8f4cfb874e237374a5ba8db4c)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
We apply this patch to the python recipe already. Without this patch
the zeroc-ice-native recipe will not build.
See: http://bugs.python.org/issue17547 for more details.
Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 2335a8ed3748e687e7f34f21f27f8e4029d1e26b)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit e0e483c5b2f481240e590ebb7d6189a211450a7e)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 3962b76185194fa56be7f1689204a1188ea44737)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 432666b84b80f8b0d13672aa94855369f577c56d)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 02314673619f44e5838ddb65bbe22f9342ee6167)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
(cherry picked from commit 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The patches for opkg have been rebased using git so that they apply cleanly onto
the new release.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 354e25fe51a8e85122898d1849008ace5dbe9461)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
A remote user can send specially crafted data to trigger a buffer overflow
in socket.recvfrom_into() and execute arbitrary code on the target system.
The code will run with the privileges of the target service.
This back-ported patch fixes CVE-2014-1912
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 344049ccfa59ae489c35fe0fb7592f7d34720b51)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Backport two patches from upstream:
use new readline function types (closes #20374)
Issue #20374: Avoid compiler warnings when compiling readline with libedit.
[YOCTO #6107]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a6b91ae7dec2edebc0eaea0592c42b1c455ad4d7)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org> (merge fixes)
|
|
When install command sets the created directory mode, pseudo will change
the mode of the directory to 0700 incorrectly. Backport patch to fix it.
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit af595b09d570cbd320e4e138651144ac96bfbb83)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The old implementation was wrong. It was not very generic and it checked
IMAGE_FEATURES while building the recipe, which led to various issues
with the generation of the final script. That is, the run-postinsts
script was generated once, while building the package for the first
time. Hence, any other changes to IMAGE_FEATURES, like removing/adding
'package-management' did not reflect in the final script.
This commit makes run-postinsts script autodetect the backend used for
creating the image, making it generic.
[YOCTO #5666]
[YOCTO #5972]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 44902f7550e490a9d4d2e2bcdf8c577329b4af75)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The native sysroot should not be used as a store for the lists files since
multiple images running at once would conflict over this. Instead redirect
this to WORKDIR. This means some extra directories need to be created.
Also create apt.conf.d to silence some warnings.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit dc4abfc8f99c08e0c1ac9d098ce17838d0eda028)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org> (merge fixes)
|
|
apt-ftparchive is needed to create a Release file compatible with
SecureApt.
It is also a more efficient replacement of dpkg-scanpackages.
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 383e6c7d5fa1f6f02b50155a77d7c82237c11ba9)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Just use the run-postinsts recipe for running first boot postinstalls.
[YOCTO #5666]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2dadf775f619571c273ea20eb8d3fdd7ba656052)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Currently, opkg/dpkg have their own postinstalls that create a
run-postinsts script which is run at first boot.
This commit prepares the run-postinsts recipe/script to be used by
opkg/dpkg when DISTRO_FEATURES includes package-management.
[YOCTO #5666]
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f33555f52a4ee83f0bd205cdf483045fcd0578b2)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
The latest commit in opkg-utils allows packages created by opkg-build to be read
by dpkg-deb again.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 219944af2700ce9dbc425fac384cd32b0a802123)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
bzip2-native is in ASSUME_PROVIDED so the dependency that dpkg has doesn't correctly
trigger the build dependency. This shows up if you don't have bzip2 development
headers on your build machine and you:
bitbake dpkg-native
bitbake dpkg-native -c cleansstate
rm tmp -rf
bitbake dpkg-native
This patch uses the bzip2-replacement-native dependency as a handful
of other recipes do to make sure libbz2 is available.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 1a84333bcc73e6eba14217dd9704678a4da9ab4b)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 30754b50f4a2b7290d1a4288be69d42d3269658e)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
|
This back ported patch fixes CVE-2013-1752 for smtplib
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Reviewed-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4af111e94edc93657c94de6b584c099571b4cf40)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
|
Andreas Oberritter
Yasir-Khan
Paul Barker
Richard Purdie
Daniel BORNAZ
Peter Seebach
Guillem Jover
yanjun.zhu
Philip Balister
Yue Tao
Maxin B. John
Chong Lu
Laurentiu Palcu
Ricardo Ribalda Delgado
Paul Eggleton