| Age | Commit message (Collapse) | Author |
|---|
|
Fix workspace overflow for (*ACCEPT) with deeply nested parentheses.
The patch is from libpcre version control at
http://vcs.pcre.org/pcre?view=revision&revision=1631 with the ChangeLog
part removed. Original author is Philip Hazel.
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 386534f968f4da376ba7778b5d436bad4ce8355b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affected versions: libcurl 7.32.0 to and including 7.50.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Affected versions: libcurl 7.1 to and including 7.50.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Affected versions: libcurl 7.1 to and including 7.50.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To ensure that boost remains an empty metapackage after version
updates, we explicitly require boost files to be empty. If new
libraries exist after a version update of the boost recipe,
bitbake will emit a warning at the do_package task. For example,
at the version update from 1.58.0 to 1.59.0, the new timer
library is indicated with:
WARNING: QA Issue: boost: Files/directories were installed but not shipped in any package:
/usr/lib/libboost_timer.so.1.59.0
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install.
boost: 1 installed and not shipped files. [installed-vs-shipped]
Ross Burton suggested this improvement on the openembedded-core
mailing list during review of the boost recipe version update [1].
[1] http://lists.openembedded.org/pipermail/openembedded-core/2015-December/114314.html
(From OE-Core master rev: c4e33232db2da3594cc4ba38eea56ee1acb54d3a)
Signed-off-by: Lukas Bulwahn <lukas.bulwahn@oss.bmw-carit.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves
affects libgcrypt < 1.6.5
Patch 1 is a dependancy patch. simple macro name change.
Patch 2 is the cve fix.
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd
affects libbsd <= 0.8.1 (and therefore not needed in master)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
CVE-2016-0754 curl: remote file name path traversal in curl tool for Windows
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
[Yocto # 9008]
This is the next patch release for pcre. The 8.xx series now only contains
bug fixes.
http://www.pcre.org/original/changelog.txt
The following security fixes are included:
CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() / compile_regex()
CVE-2015-3217 pcre: stack overflow in match()
CVE-2015-5073 CVE-2015-8388 pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis
CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec
CVE-2015-8381 pcre: Heap Overflow in compile_regex()
CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group
CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by name within certain group
CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to certain group
CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion
CVE-2015-8387 pcre: Integer overflow in subroutine calls
CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns
CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns
CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with duplicated named groups
CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary
CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions
CVE-2015-8395 pcre: Buffer overflow caused by certain references
CVE-2016-1283 pcre: Heap buffer overflow in pcre_compile2 causes DoS
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
where it fails for qemuarm
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
* otherwise it triggers following ICE:
ERROR: Function failed: do_compile (log file is located at /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/temp/log.do_compile.21570)
ERROR: Logfile of failure stored in: /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/temp/log.do_compile.21570
Log data follows:
| DEBUG: SITE files ['endian-little', 'bit-32', 'arm-common', 'common-linux', 'common-glibc', 'arm-linux', 'arm-linux-gnueabi', 'common']
| DEBUG: Executing shell function do_compile
| NOTE: make
| Note: rebuild with "make VERBOSE=1 " to show all compiler parameters.
| make[0]: Making `all' in `stubdata'
| make[1]: Entering directory '/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/build/stubdata'
| make[1]: Nothing to be done for 'all'.
| make[1]: Leaving directory '/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/build/stubdata'
| make[0]: Making `all' in `common'
| make[1]: Entering directory '/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/build/common'
| arm-oe-linux-gnueabi-gcc ... /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common/ubidiwrt.c
| /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common/ubidiwrt.c: In function 'ubidi_writeReordered_53':
| /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common/ubidiwrt.c:643:1: internal compiler error: in patch_jump_insn, at cfgrtl.c:1275
| }
| ^
| Please submit a full bug report,
| with preprocessed source if appropriate.
| See <http://gcc.gnu.org/bugs.html> for instructions.
| *** Failed compilation command follows: ----------------------------------------------------------
| arm-oe-linux-gnueabi-gcc -march=armv4t -mthumb -mthumb-interwork -mtune=arm920t --sysroot=/OE/build/shr-core/tmp-eglibc/sysroots/om-gta02 -D_REENTRANT -DU_HAVE_ELF_H=1 -DU_HAVE_ATOMIC=1 -I/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common -DDEFAULT_ICU_PLUGINS="/usr/lib/icu" -DU_ATTRIBUTE_DEPRECATED= -DU_COMMON_IMPLEMENTATION -O2 -pipe -g -feliminate-unused-debug-types -std=c99 -Wall -pedantic -Wshadow -Wpointer-arith -Wmissing-prototypes -Wwrite-strings -c -DPIC -fPIC -o ubidiwrt.o /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/common/ubidiwrt.c
| --- ( rebuild with "make VERBOSE=1 all" to show all parameters ) --------
| /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/icu/source/config/mh-linux:44: recipe for target 'ubidiwrt.o' failed
| make[1]: *** [ubidiwrt.o] Error 1
| make[1]: Leaving directory '/OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/build/common'
| Makefile:141: recipe for target 'all-recursive' failed
| make: *** [all-recursive] Error 2
| ERROR: oe_runmake failed
| WARNING: /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/temp/run.do_compile.21570:1 exit 1 from
| exit 1
| ERROR: Function failed: do_compile (log file is located at /OE/build/shr-core/tmp-eglibc/work/arm920tt-oe-linux-gnueabi/icu/53.1-r0/temp/log.do_compile.21570)
NOTE: recipe icu-53.1-r0: task do_compile: Failed
ERROR: Task 6803 (/OE/build/shr-core/openembedded-core/meta/recipes-support/icu/icu_53.1.bb, do_compile) failed with exit code '1'
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This is a is being give a High rating so please consider it for
all 1.1.28 versions.
A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.
(From OE-Core master rev: 0f89bbab6588a1171259801fa879516740030acb)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Backport a fix from upstream to fix a denial of service via a malicious escape
sequence.
[YOCTO #8617]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If ccache is enabled, compiling apr-utils fails with the following error
messages because libtool is confused by the "ccache gcc" appearing on
the command line. Disable ccache for apr, so that ccache don't get
enabled in all software using apr's rules.mk.
The error message from apr-utils-native:
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ICU was invoking install-local twice in parallel which can lead to install
failures as one install deletes files the other is attempting to chown.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Move connmans xuser-related D-Bus policy to a separate file that
xuser-account installs: This way connman does not need to depend on
xuser-account. Add policies for bluez and ofono in the same file.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* cleanup buildpaths from apu-1-config:
- remove ${STAGING_DIR_HOST} from CC, CPP ...
- set APU_SOURCE_DIR, APU_BUILD_DIR as empty
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* cleanup buildpaths from apr_rules.mk and apr-1-config:
- remove ${STAGING_DIR_HOST} from CC, CPP ...
- set APR_SOURCE_DIR, APR_BUILD_DIR as empty
* install ${HOST_SYS}-libtool to sysroot only, it's required for
building apache2 but not suitable for target.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
curl-config will be installed to target, cleanup buildpaths in it:
* remove ${STAGING_DIR_HOST} from CC, CFLAGS ...
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The gettext 0.16.1 doesn't install any m4 files to sysroot, please see
the following commit:
commit 9e10db5bdfe77c0ef2aff2f1cf89958b62c294a1
Author: Christopher Larson <kergoth@gmail.com>
Date: Mon Mar 17 18:10:54 2014 +0000
gettext-0.16.1: kill target m4 macros from sysroot
This is aim for using gettext-native's macros(gettext-native-0.19.4),
but when we set:
PREFERRED_VERSION_gettext = "0.16.1"
And build the recipes like pcmanfm, we would get errors when
do_configure:
configure:5164: error: possibly undefined macro: AM_NLS
This is because autotools_copy_aclocals doesn't copy the native macros
for target unless they're direct dependencies.
Add gettext-native to DEPENDS will fix the problem.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If you currently do a DISTRO_FEATURES_remove = "x11" with OE-Core, you
see failures due to dependency problems. The work in resolving this was
partially completed a while back. This adds in the markup mainly for
gtk/gtk3+ recipes and means "bitbake world" will work successfully.
Rather than code the gtk/gtk+ specific distro features into each recipe,
a shared variable is used.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Configure option --with-trust-paths is only used for test scripts
trust/test-extract which is not packaged by default. If the option is
not provided, it checks 4 files on build machine. If the files don't
exist, configure fails.
Add configure option '--without-trust-paths' to fix this issue.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add '$' to fix a patch which adds pkgconfig support to libksba.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
gcc 5 defaults to C11 rules about "extern inline": this breaks
any code that includes gmp.h header from gmp 4.2.1 with 'multiple
definition' errors.
disable-stdc patch is no longer required because of this.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a patch which adds a configuration for the nios2 processor.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This change allows selecting the 8, 16 or 32 bit version via PACKAGECONFIG.
By default only the 8bit version is built, this corresponds to the old behavior.
Some packages like Qt5 require the 16 bit version of libpcre.
After this change the corresponding layer can easily enable the version
needed via .bbappend.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed:
WARNING: Failed to fetch URL ftp://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v4.10.8/src/nspr-4.10.8.tar.gz, attempting MIRRORS if available
Its ftp:// doesn't work with wget, but http:// works.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fix a variety of problems such as typos, bad punctuations, or incorrect
Upstream-Status values.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
All cases are about glibc and for non-glibc systems it falls back to
last else choice which still is glibc's older version, ideally it
should have a case where libc != glibc
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
bjam is stripped by default, this causes QA warning while stripping it
from do_populate_sysroot():
WARNING: File '.../tmp/sysroots/x86_64-linux/usr/bin/bjam' \
from bjam-native was already stripped, \
this will prevent future debugging!
The JAM scripts allow to build unstripped version with '--debug'. Just
build and install the bjam.debug to stop bjam from being stripped in
compile step.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
p11-kit is a dependency of gcr (which is a dependency of epiphany)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
libyaml is a dependency of ruby
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libunwind: Invalid dwarf opcodes can cause references beyond the end of
the array
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h
in libunwind 1.1 allows local users to have unspecified impact via
invalid dwarf opcodes.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also add an RDEPENDS to dpkg so it will still
pull in run-parts.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Disable RPM signature validation so that it is possible to create
package feeds of signed RPM packages without importing the public part
of the signing key into the RPM database. In any case, the signatures
are validated when the packages in the feed are used (e.g. in image
generation of manually installing packages from the feed).
The original idea idea of this patch is from Mark Hatle
<mark.hatle@windriver.com>.
[YOCTO #8134]
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Build tested against thrift recipe under development.
Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
No-update reasons and manual version checks should be in the recipes
themselves because otherwise they're prone to getting out of date.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use the nettle testsuite as ptests. Skip "sha1-huge-test" because
it can take 20 minutes to finish.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Newer nettle versions are "LGPLv3+ | GPLv2+". Add 3.1.1 but also
keep version 2.7.1 since it's LGPLv2.1+
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
gmp 4.2.1 was removed in f181c6ce8b apparently accidentally: It
was not noticed that 4.2.1 is LGPL 2.1 (and not GPL) so provides
a useful alternative to the newer "GPLv2 | LGPLv3" version.
* Reintroduce 4.2.1. The source includes files that are GPL but the
library package is LGPL 2.1+
* Also reintroduce the two patches removed in f181c6ce8b.
* Refactor gmp.inc: gmp 6.0.0 build should not be affected in any way.
* Update 6.0.0 license from "GPLv2 | LGPLv3" to "GPLv2+ | LGPLv3+".
[YOCTO #8197]
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Set the nettle binary package license to LGPLv2.1+:
There are GPL files in the sources but none of these are used
to produce the files we ship.
* Remove the useless package specific licenses: none of the named
packages are actually produced and the licenses do not affect
the overall license of either the sources or the binary package.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- This recipe is useful for more than just pulseaudio, so move it to
recipes-support.
- Rename to the correct upstream name, which corresponds to the library name.
Keep a PROVIDES of libatomics-ops for compatibility.
(From OE-Core rev: 5014de67fa6da1672626e3ec92fc51430fca3262)
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- Depend on libatomics-ops unconditionally for all archs, as it's used by more
than just arm, and currently the configure script auto-detects and enables
its use based on the existence of its header, resulting in non-deterministic
builds.
- Drop the ldflags bits which link against libatomic_ops, because libunwind
doesn't actually link against it, nor does it need to, as it currently uses
all inline functions from the header file.
(From OE-Core rev: 83bb89502e2f05b8b78b14532ad96abc400ab264)
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
__sync_val_compare_and_swap family specifically asks for proper types of
pointer type parameters, gcc does not notice it but clang does and sends
out errors calling it out.
(From OE-Core rev: 2767b6be71ca809f4a39ba9b8707b311b8334434)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Ismo Puustinen
Maxin B. John
Lukas Bulwahn
Armin Kuster
Martin Jansa
Ross Burton
Dmitry Eremin-Solenikov
Jussi Kukkonen
Wenzong Fan
Robert Yang
Richard Purdie
Kai Kang
Trevor Woerner
Marek Vasut
Pascal Bach
Khem Raj
Alexander Kanavin
Li Zhou
Joe Slater
Markus Lehtonen
Philip Balister
Christopher Larson