aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* mklibs-native: update SRC_URIdaisyAndre McCurdy2017-09-111-1/+1
| | | | | | | | | | The upstream oe-core recipe fixed similar fetcher issues by switching to a specific debian snapshot version. However, the debian snapshot doesn't provide mklibs 0.1.38 so fetch from yoctoproject.org mirror instead. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* netbase: update SRC_URIAndre McCurdy2017-09-111-1/+1
| | | | | | | | | | The upstream oe-core recipe fixed similar fetcher issues by switching to a specific debian snapshot version. However, the debian snapshot doesn't provide netbase v5.2 so fetch from yoctoproject.org mirror instead. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lsof: update SRC_URIAndre McCurdy2017-09-111-1/+1
| | | | | | | | | | | | The official lsof ftp site rejects download attempts from hosts for which it can not perform a DNS reverse-lookup. See: https://people.freebsd.org/~abe/ Fix for long download timeout and warnings from the bitbake fetcher. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libproxy: update SRC_URIAndre McCurdy2017-09-111-1/+1
| | | | | | | | Google Code has been shut down so libproxy tarball needs to be fetched from elsewhere. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dpkg: update SRC_URIAndre McCurdy2017-09-111-1/+1
| | | | | | | | | | The upstream oe-core recipe fixed similar fetcher issues by switching to a specific debian snapshot version. However, the debian snapshot doesn't provide dpkg v1.17.4 so fetch from yoctoproject.org mirror instead. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ossp-uuid: use snapshot.debian.org for SRC_URIMaxin B. John2017-09-111-1/+2
| | | | | | | | | | | | | | | Using ${DEBIAN_MIRROR} for SRC_URI doesn't work very well as that will only contain releases that are currently in Debian. So, move all of SRC_URI to the .bb so it can use snapshot.debian.org instead, and set UPSTREAM_CHECK_URI to ${DEBIAN_MIRROR} so upstream release checking continues to work. [YOCTO #10040] Signed-off-by: Maxin B. John <maxin.john@intel.com> (cherry picked from commit 1b38ad4cb8faeb86c5e8cb6b7201194722c5ef31) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ossp-uuid: update SRC_URI to not use Google CodeAlexander Kanavin2017-09-111-1/+1
| | | | | | | | | | | Google Code is shutting down so tarballs will be fetched from a Debian mirror instead Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 779c53911da663f06437e8a06c9a8c361d614fe6) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* mailx: fix SRC_URIRobert Yang2017-09-111-2/+2
| | | | | | | | | | The old one is not available any more. Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 3569d434e754a62ec998fbf48380d653d1524dc4) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dosfstools: fix SRC_URIRobert Yang2017-09-111-1/+2
| | | | | | | | | | | | | Fixed: WARNING: Failed to fetch URL ftp://ftp.uni-erlangen.de/pub/Linux/LOCAL/dosfstools/dosfstools-2.11.src.tar.gz, attempting MIRRORS if available And add a HOMEPAGE for it, there is no dosfstools 2.11 on its official page (but 3.x). Signed-off-by: Robert Yang <liezhi.yang@windriver.com> (cherry picked from commit cba73a598abc396fae4fb582be98fc04cb2a580f) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* base-passwd: fix SRC_URIRobert Yang2017-09-111-1/+1
| | | | | | | | | | Fixed: WARNING: Failed to fetch URL ftp://ftp.debian.org/debian/pool/main/b/base-passwd/base-passwd_3.5.29.tar.gz, attempting MIRRORS if available Signed-off-by: Robert Yang <liezhi.yang@windriver.com> (cherry picked from commit 9ac88e3a9ac36ed83f01ac21db57a3c01a24385e) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-linux: update SRC_URIChang Rebecca Swee Fun2017-09-111-1/+1
| | | | | | | | | | | | | | | | | | | Gna! project announced that the download site from gna.org HTTP server will soon be closing down. We have verified that the site is no longer accessible without network proxy cache. We need to update SRC_URI to point to new alternative (nwl.cc HTTP server) in order to avoid fetcher issues in future. [YOCTO #11575] Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dc8b21ae0ed3bceb9f3df4f6cd8f8f55b9c306fb) Tweak commit to apply to older cryptodev 1.6 recipe in OE 1.6 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* pigz: Update SRC_URIRichard Purdie2017-09-111-1/+1
| | | | | | | | | | | | | | Upstream have released a new tarball and removed the old one. Revert to the Yocto Project source mirror instead, preserving the upstream version check. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 839b17ffd96abff3e9cf47fb4a6d680637c865b1) Tweak commit to apply to older pigz v2.3.1 recipe in OE 1.6 Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* stat: fix SRC_URIRobert Yang2017-09-111-1/+1
| | | | | | | | | | | The old SRC_URI is redirected to the new one, fixed: WARNING: Failed to fetch URL ftp://metalab.unc.edu/pub/Linux/utils/file/stat-3.3.tar.gz, attempting MIRRORS if available Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 45034239c7e38ec991aa75d7c30417c22bfdef28) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* kernel: Added bc-native as DEPENDSAlejandro Hernandez2017-09-111-1/+1
| | | | | | | | | | | | The makefile checks for bc during for compilation [YOCTO #6781] Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c067e52cffe002de3b39aa1bced308dd532859c1) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* setserial: add missing depends on groff-nativeYue Tao2017-09-111-0/+2
| | | | | | | | | | | | | | | [YOCTO #6526] setserial needs groff-native to build Signed-off-by: Jonas Zetterberg <jonas.zetterberg@windriver.com> Signed-off-by: Yue Tao <yue.tao@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 1a1d1d89b490703ec163b82ba93f10a7d3e93270) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* eglibc: security fix CVE-2015-7547Javier Viguera2016-04-112-0/+586
| | | | | | | | | CVE-2015-7547: getaddrinfo() stack-based buffer overflow Backport patch from GLIBC-2.20 to EGLIBC-2.19. Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_manager: Fix BAD_RECOMMENDATIONS for opkgPaul Barker2016-01-191-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In package_manager.py, when using opkg as the packager, the command 'opkg <args> info <pkg>' is called to get information about each pkg in BAD_RECOMMENDATIONS in a format that can be written to the status file. The 'Status: ...' line is modified and all other lines are passed through. Changing the verbosity level argument for this command will change what it written into the status file. Crucially, with the default verbosity level, no blank lines are being printed by the opkg command and so no blank lines are being written to the status file to separate each package entry. The package parsing code in opkg expects package entries in the status file to be separated by at least one blank line. If no blank line is seen, the next package entry is interpreted as a continuation of the last package entry, but the new values overwrite the old values. So with the default verbosity level, a blank line follows some package entries and these are parsed. The others are dropped due to the lack of blank lines. As the verbosity increases, more debugging messages add blank lines and more packages are parsed. The solution to ensure that this works correctly regardless of the verbosity level is simply add a blank line after the output of 'opkg info' is written to the status file, ensuring that the next package is separated from the current package. [YOCTO #6816] Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Cc: Chris Carr <chris.carr@ge.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
* squashfs-tools: enable building unsquashfs and fix ↵Martin Jansa2015-07-165-34/+101
| | | | | | | | | | | | | | | squashfs-4.2-fix-CVE-2012-4025.patch * build unsqaushfs, useful when debuging corrupt squashfs from mksquashfs * squashfs-4.2-fix-CVE-2012-4025.patch fixes CVE in unsquashfs which we weren't building and it actually breaks building it, because someone missed squashfs_fs.h change from the original change * add git headers in all patches and fix references to new github repository Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: upgrade to 1.0.1pTudor Florea2015-07-152-38/+2
| | | | | | | | This upgrade fixes CVE-2015-1793 Removed openssl-fix-link.patch. The linking issue has been fixed in openssl. Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to daisy head revisionRichard Purdie2015-05-131-1/+1
| | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* security_flags: Fix typo for cupsRichard Purdie2015-05-131-1/+1
| | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* powertop: Fix build for !uclibcMartin Jansa2015-05-121-1/+2
| | | | | | | | | | | | | | | | | | | * EXTRA_LDFLAGS isn't defined for !uclibc and configure fails when it reads it unexpanded, see config.log snippet: configure:4177: checking whether the C compiler works configure:4199: i586-oe-linux-gcc -m32 -march=i586 --sysroot=/OE/sysroots/qemux86 -O2 -pipe -g -feliminate-unused-debug-types -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed ${EXTRA_LDFLAGS} conftest.c >&5 i586-oe-linux-gcc: error: ${EXTRA_LDFLAGS}: No such file or directory configure:4203: $? = 1 configure:4241: result: no Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Backported from OpenEmbedded Dizzy branch, commit c8f9b5c9a8e5179c2013f25decd6a5483df9c716. Signed-off-by: Jens Rottmann <Jens.Rottmann@ADLINKtech.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* systemd: fix /var/log/journal ownershipJonathan Liu2015-05-121-0/+1
| | | | | | | | | | | | | | | | The ownership needs to be explicitly set otherwise it inherits the user and group id of the build user. (From OE-Core rev: 0752c79282b1cc9699743e719518e6c341d50a3a) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Conflicts: meta/recipes-core/systemd/systemd_219.bb Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* eglibc: fix two security issues.Armin Kuster2015-05-013-0/+535
| | | | | | | | | The includes two CVE fixes: CVE-2012-3406 CVE-2014-7817 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* e2fsprogs: CVE-2015-0247Sona Sarmadi2015-05-012-0/+59
| | | | | | | | | | | | Fixes input sanitization errors. References http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4 http://www.ocert.org/advisories/ocert-2015-002.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* elfutils: CVE-2014-9447Sona Sarmadi2015-05-012-0/+51
| | | | | | | | | | | | | | directory traversal in read_long_names() Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447 Upstream commit with the analysis: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* coreutils: parse-datetime: CVE-2014-9471Sona Sarmadi2015-05-012-0/+44
| | | | | | | | | | | Memory corruption flaw in parse_datetime() Reference https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9471 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libpng16: CVE-2015-0973Sona Sarmadi2015-05-012-0/+48
| | | | | | | | | | | | | | | | | Fixes CVE-2015-0973 (duplicate of CVE-2014-9495), a heap-based overflow vulnerability in the png_combine_row() function of the libpng library, when very large interlaced images were used. Upstream patch: http://sourceforge.net/p/libpng/code/ci/dc294204b641373bc6eb603075a8b98f51a75dd8/ External Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0973 http://seclists.org/oss-sec/2014/q4/1133 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Qemu: CVE-2014-2894Sona Sarmadi2015-05-012-1/+48
| | | | | | | | | | | | Fixes an out of bounds memory access flaw in Qemu's IDE device model Reference http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2894 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: CVE-2014-7185Sona Sarmadi2015-04-272-0/+76
| | | | | | | | | | Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function. PoC: Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Fix x32 openssl patch which was not buildingBrendan Le Foll2015-04-151-0/+30
| | | | | | | | x32 builds where broken due to patch rebase not having been done correctly for this patch Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "file: Update CVE patch to ensure file gets built correctly"Richard Purdie2015-03-281-3/+21
| | | | This reverts commit ece58a88ef905e42de4b8b690106b553ccaa9f30.
* file: Update CVE patch to ensure file gets built correctlyRichard Purdie2015-03-281-21/+3
| | | | | | | | If we touch both files, we can end up in a situation where magic.h should be rebuilt and isn't. The easiest fix is not to touch the generated files which ensures the timestamps are such that it is always rebuilt. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssl: Upgrade to 1.0.1mBrendan Le Foll2015-03-257-157/+121
| | | | | | | | | | | | | | Security update, some patches modified to apply correctly mostly due to upstream changing indentation/styling * configure-targets.patch updated * fix-cipher-des-ede3-cfb1.patch updated * openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch updated * openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch removed as no merged with 3942e7d9ebc262fa5c5c42aba0167e06d981f004 in upstream Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* utils.bbclass: fix create_cmdline_wrapperJavier Viguera2015-03-111-2/+2
| | | | | | | | | | | | | | | | | | | Similar to commit 4569d74 for create_wrapper function, this commit fixes hardcoded absolute build paths in create_cmdline_wrapper. Otherwise we end up with incorrect paths in users of this function. For example the 'file' wrapper in current released toolchain: exec -a /home/pokybuild/yocto-autobuilder/yocto-worker/nightly-fsl-arm/build/build/tmp/work/x86_64-nativesdk-pokysdk-linux/nativesdk-file/5.18-r0/image//opt/poky/1.7.1/sysroots/x86_64-pokysdk-linux/usr/bin/file `dirname $realpath`/file.real --magic-file /opt/poky/1.7.1/sysroots/x86_64-pokysdk-linux/usr/share/misc/magic.mgc "$@" (From OE-Core rev: 49ab89eb9f83388e99069a4b53bdc4cba22bb6f3) Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* qt4: add patch for BMP denial-of-service vulnerabilityJonathan Liu2015-03-102-0/+45
| | | | | | | | For further details, see: https://bugreports.qt.io/browse/QTBUG-44547 Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: several security fixesArmin Kuster2015-03-109-0/+1148
| | | | | | | | | | | | | | | | | | | | | | | CVE-2014-8484 CVE-2014-8485 CVE-2014-8501 CVE-2014-8502 CVE-2014-8503 CVE-2014-8504 CVE-2014-8737 and one supporting patch. [Yocto # 7084] (From OE-Core rev: 859fb4d9ec6974be9ce755e4ffefd9b199f3604c) (From OE-Core rev: d2b2d8c9ce3ef16ab053bd19a5705b01402b76ba) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lib/oe/package_manager: support exclusion from complementary glob process by ↵Paul Eggleton2015-03-032-3/+12
| | | | | | | | | | | | | | | | regex Sometimes you do not want certain packages to be installed when installing complementary packages, e.g. when using dev-pkgs in IMAGE_FEATURES you may not want to install all packages from a particular multilib. This introduces a new PACKAGE_EXCLUDE_COMPLEMENTARY variable to allow specifying regexes to match packages to exclude. (From OE-Core master rev: d4fe8f639d87d5ff35e50d07d41d0c1e9f12c4e3) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* btrfs: create an empty file to build the fs inSaul Wold2015-02-061-2/+2
| | | | | | | | | | The newer btrfs-utils needs an empty file to build the filesystem in, so create an empty file and use it for the mkfs to build the fs in. [YOCTO #6804] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix for CVE-2014-8500Sona Sarmadi2015-02-062-0/+991
| | | | | | | | | | | | | | | [From upstream commit: 603a0e2637b35a2da820bc807f69bcf09c682dce] [YOCTO #7098] External References: =================== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8500 (From OE-Core rev: 7225d6e0c82f264057de40c04b31655f2b0e0c96) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* file: CVE-2014-9620 and CVE-2014-9621Chong Lu2015-02-062-0/+1360
| | | | | | | | | | | | | | | | | | | | | | | | CVE-2014-9620: Limit the number of ELF notes processed - DoS CVE-2014-9621: Limit string printing to 100 chars - DoS The patch comes from: https://github.com/file/file/commit/6ce24f35cd4a43c4bdd249e8e0c4952c1f8eac67 https://github.com/file/file/commit/0056ec32255de1de973574b0300161a1568767d6 https://github.com/file/file/commit/09e41625c999a2e5b51e1092f0ef2432a99b5c33 https://github.com/file/file/commit/af444af0738468393f40f9d2261b1ea10fc4b2ba https://github.com/file/file/commit/68bd8433c7e11a8dbe100deefdfac69138ee7cd9 https://github.com/file/file/commit/dddd3cdb95210a765dd90f7d722cb8b5534daee7 https://github.com/file/file/commit/445c8fb0ebff85195be94cd9f7e1df89cade5c7f https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4 https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c [YOCTO #7178] Signed-off-by: Chong Lu <Chong.Lu@windriver.com> [sgw - Fixed magic.h.in to match magic.h] Signed-off-by: Saul Wold <sgw@linux.intel.com>
* update-rc.d: Allow to use different initscripts providerMartin Jansa2015-02-061-1/+2
| | | | | | | | | * until now all recipes were respecting VIRTUAL-RUNTIME_initscripts variable but commit bba835fed88c3bd5bb5bd58962034aef57c408d8 hardcoded "initscripts" runtime dependency Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
* python: Disables SSLv3Sona Sarmadi2015-02-062-0/+38
| | | | | | | | | | | | | | | | | | | | | This is related to "SSLv3 POODLE vulnerability" CVE-2014-3566 Building python without SSLv3 support when openssl is built without any support for SSLv3 (e.g. by adding EXTRA_OECONF = " -no-ssl3" in the openssl recipes). Backport from: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768611#22 [python2.7-nossl3.patch] only Modules/_ssl.c is backported. References: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7015 https://bugzilla.yoctoproject.org/show_bug.cgi?id=6843 http://bugs.python.org/issue22638 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
* systemd: backport patch to fix reading journal backwardsJonathan Liu2015-02-062-0/+35
| | | | | Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
* openssh: move setting LD to allow for correct overrideSaul Wold2015-02-061-1/+1
| | | | | | | | | | | | | | | | | | Using the export LD in the recipe does not allow for secodnary toolchain overriding LD later, by setting it in the do_configure_append the export is used by autotools setting LD based on the env, but would allow for override later. [YOCTO #6997] (From OE-Core rev: 9b37e630f5f6e37e928f825c4f67481cf58c98a1) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-connectivity/openssh/openssh_6.5p1.bb
* resolvconf: add fixes for busybox and make it workSaul Wold2015-02-063-4/+39
| | | | | | | | | | | | | | | | | | | | | resolvconf was missing a script and needed readlink which was in /usr/bin. Also the /etc/resolv.conf was not being correctly linked to /etc/resolvconf/run/resolv.conf, which is fixed by the volaties change which is now a file as opposed to created in do_install. Ensure that the correct scripts for ifup/ifdown get installed and that resolvconf is correctly enabled at startup [YOCTO #5361] (From OE-Core rev: 853e8d2c7aff6dddc1d555af22f54c4ecef13df1) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Conflicts: meta/recipes-connectivity/resolvconf/resolvconf_1.74.bb
* cpio: fix bug CVE-2014-9112 for cpio-2.8Bian Naimeng2015-02-062-3/+221
| | | | | | | | | | | | Obtain detain from following URL. http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d (From OE-Core rev: 732fc8de55a9c7987608162879959c03423de907) Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cpio: fix bug CVE-2014-9112 for cpio-2.11Bian Naimeng2015-02-062-1/+222
| | | | | | | | | | | | Obtain detain from following URL. http://lists.gnu.org/archive/html/bug-cpio/2014-12/msg00000.html http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff670dcfcdd28fcc990e79cd6fccc7ae48d (From OE-Core rev: 9a32da05f5a9bc62c592fd2d6057dc052e363261) Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* beaglebone: enable the nowayout option for the watchdogBruce Ashfield2014-12-283-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | Bumping the meta SRCREV for the following fix: [ The default watchdog behaviour is to stop the timer if the process managing it closes the file /dev/watchdog. The system would not reboot if watchdog daemon crashes due to a bug in it or get killed by other malicious code. So we prefer to enable nowayout option for the watchdong. With this enabled, there is no way of disabling the watchdog once it has been started. This option is also enabled in the predecessor of this BSP (beagleboard) ] [YOCTO: 3937] (From OE-Core rev: 7006412c285a4a6c75d5349f60dc71b0b735ff90) Signed-off-by: Kevin Hao <kexin.hao@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-yocto-rt/3.14: update to 3.14-rt5Bruce Ashfield2014-12-281-3/+3
| | | | | | | | | | | Updating the the latest 3.14-rt release. (From OE-Core rev: ca1d952c964ce25bf78d47c7a856105d59d72cac) Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>