Age | Commit message (Collapse) | Author |
|
Affects openssl <= 1.0.2h
CVSS v2 Base Score: 7.5 HIGH
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 2848c7d3e454cbc84cba9183f23ccdf3e9200ec9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Apply a patch taken from Gentoo to hopefully fix the remaining parallel make
races.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d806d59a4c5e8ff35c7e7c5a3a6ef85e2b4b259)
Minor fixup to get patch to apply to jethro
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affected versions: libcurl 7.32.0 to and including 7.50.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Affected versions: libcurl 7.1 to and including 7.50.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Affected versions: libcurl 7.1 to and including 7.50.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With tar version 1.29, the tar call used to copy the ptest files will
not work anymore. While the call did not match the man page (but worked)
before, anyway, the latest update of tar seems to have a more strict argument
handling.
With the current version of the tar call, the copying of files still
works with latest tar version, but the excludes will not be handled
properly anymore.
This results in having binaries compiled with host GCC in the package.
When doing the strip_and_split files in do_package() with the target
objcopy, bitbake will fail with this error:
ERROR: objcopy failed with exit code 256 (cmd was [...])
[...]
File format not recognized
Thus, the current argument issues and required changes are:
* Options must be placed _before_ the pathnames.
* --exclude must be followd by a '=' in order to work properly
* 'f' options is for providing an archive file, which is unnecessary in
this case
Note that this could also be a candidate for backporting.
(From OE-Core master rev: 2e498879098f7d84610aed7961d92433083d9a02)
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
We're setting the native header paths in do_configure_prepend,
and don't need to set them again here.
This results in gcc-target not being able to locate the headers
and not being able to detect glibc version, which in turn
results in SSP support not getting detected even though it's available
in libc.
(From OE-Core master rev: 85630aa894278e7818c867179dc19ca2fbd994fc)
Signed-off-by: Anuj Mittal <anujx.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Changes affecting future time stamps
Africa/Cairo observes DST in 2016 from July 7 to the end of October.
Guess October 27 and 24:00 transitions. (Thanks to Steffen Thorsen.)
For future years, guess April's last Thursday to October's last
Thursday except for Ramadan.
Changes affecting past time stamps
Locations while uninhabited now use '-00', not 'zzz', as a
placeholder time zone abbreviation. This is inspired by Internet
RFC 3339 and is more consistent with numeric time zone
abbreviations already used elsewhere. The change affects several
arctic and antarctic locations, e.g., America/Cambridge_Bay before
1920 and Antarctica/Troll before 2005.
Asia/Baku's 1992-09-27 transition from +04 (DST) to +04 (non-DST) was
at 03:00, not 23:00 the previous day. (Thanks to Michael Deckers.)
(From OE-Core master rev: ddcf128e76ed0678ce42416531f4ecb309c57439)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
V2: typo in title (jet lagged)
Changes to code
zic now outputs a dummy transition at time 2**31 - 1 in zones
whose POSIX-style TZ strings contain a '<'. This mostly works
around Qt bug 53071 <https://bugreports.qt.io/browse/QTBUG-53071>.
(Thanks to Zhanibek Adilbekov for reporting the Qt bug.)
Changes affecting documentation and commentary
tz-link.htm says why governments should give plenty of notice for
time zone or DST changes, and refers to Matt Johnson's blog post.
tz-link.htm mentions Tzdata for Elixir. (Thanks to Matt Johnson.)
(From OE-Core master rev: 5f3340e5c966f4233e0cd4ec468b20a1fd5a7346)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
If the path contains 'scripts' more than once the first occurrence will be
incorrectly used. Use rfind instead of find to find the last occurrence.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
|
|
Upstream in 5.33 btmgmt was moved from experimental to common READLINE section,
in commit e4f0c5582f1fe3451d5588243adba9de1ed68b80, but this was never updated
in the recipe.
This is a backport from master branch, commit
28777e593d3dd3a5d0ee2effcdca6a971e2887f9.
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects limbxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
affects libxml2 < 2.9.4
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Due to changes in master to support Python 3, Toaster is no
longer able to build from master.
Remove references to master and set default release to jethro.
The dizzy release should also be removed, as Toaster jethro
is unable to build using this release.
Signed-off-by: Elliot Smith <elliot.smith@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This follows how bitbake performs path insertion, and fixes a
failure to start wic on Ubuntu 15.10 with the distribution's
version of python-ply installed.
Signed-off-by: Matt Madison <matt@madison.systems>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The current MPX target descriptions assume that MPX is always combined
with AVX, however that's not correct. We can have machines with MPX
and without AVX; or machines with AVX and without MPX.
This patch adds new target descriptions for machines that support
both MPX and AVX, as duplicates of the existing MPX descriptions.
The following commit will remove AVX from the MPX-only descriptions.
This commit is backported from 7.12
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
The backported upgrade to 1.0.2h included an updated GNU LD
version-script which results in an ABI change. In order to try and
respect ABI for existing binaries built against fido this commit
partially reverts the version-script to maintain the existing ABI
and instead only add the new symbols required by 1.0.2h.
Suggested-by: Martin Jansa <martin.jansa@gmail.com>
(From OE-Core rev: 480db6be99f9a53d8657b31b846f0079ee1a124f)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
opehssh <= 7.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
busybox <= 1.24.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
busybox <= 1.24.2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-8665
CVE-2015-8683
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* CVEs:
- CVE-2016-0705
- CVE-2016-0798
- CVE-2016-0797
- CVE-2016-0799
- CVE-2016-0702
- CVE-2016-0703
- CVE-2016-0704
- CVE-2016-2105
- CVE-2016-2106
- CVE-2016-2109
- CVE-2016-2176
* The LICENSE's checksum is changed because of date changes (2011 ->
2016), the contents are the same.
* Remove backport patches
- 0001-Add-test-for-CVE-2015-3194.patch
- CVE-2015-3193-bn-asm-x86_64-mont5.pl-fix-carry-propagating-bug-CVE.patch
- CVE-2015-3194-1-Add-PSS-parameter-check.patch
- CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
- CVE-2015-3197.patch
- CVE-2016-0701_1.patch
- CVE-2016-0701_2.patch
- CVE-2016-0800.patch
- CVE-2016-0800_2.patch
- CVE-2016-0800_3.patch
* Update crypto_use_bigint_in_x86-64_perl.patch
* Add version-script.patch and update block_diginotar.patch (From master branch)
* Update openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
(From Armin)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
for kernel ARCH"
This reverts commit a6f52930a68d8462e23486d51cdda715072dd752.
In addition to also causing the problem in [YOCTO #9579], this commit
was reverted in krogoth and master but wasn't reverted in jethro but
should be. The original revert message was:
This reverts commit 8d310b24927d0f348fb431895f0583733db2aad0.
That commit completely breaks KBUILD_DEFCONFIG because it relies on
$ARCH to match between the target OE arch and the kernel subdirectory
containing the defconfigs. In the kernel all defconfigs for everything
x86-based (including x86_64) is stored in dir arch/x86/configs/
kernel-yocto.bbclass correctly searches for all the defconfigs inside
${S}/arch/${ARCH}/configs/${KBUILD_DEFCONFIG}
Commit 8d310b249 makes it search in wrong places and _only_ if you
define TARGET_ARCH = "athlon" will it search x86 which is nonsensical.
The commit further adds an if clause to hack the mungled kernel arches
back to their original values (ugh) in do_shared_workdir which is run
after do compile, but of course the build breaks before that in
do_kernel_metadata because of the KBUILD_DEFCONFIG mentioned above (so
that hack is useless).
Please fix that corner case bug in another way which does not completely
screw up the kernel arch mapping & defconfig logic. If 64bit configs are
generated in the kernel for 32bit machines because the host is asked,
then it it a bug in the kernel, it is of no use to hack around it in OE.
(From OE-Core rev: bc02a478a5d4a5de7b3943ed809d5c22711f5b1f)
Signed-off-by: Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
|
|
The additional autotooling patched into glew claims the version is 1.9.0
whilst we are building 1.12.0. The version in the autotooling is used to
set the version number in the pkgconfig file, this results in the
configuration of packages which depend on glew > 1.9.0 failing.
This patch updates the version number used in the patches to match that of
the version being built.
Signed-off-by: Martyn Welch <martyn.welch@collabora.co.uk>
|
|
WARNING: QA Issue: gdb rdepends on libiconv, but it isn't a build dependency? [build-deps]
We already have virtual/libiconv which is set appropriately
in all environments, so let's use it to fix the issue.
Signed-off-by: André Draszik <adraszik@tycoint.com>
|
|
We fail to build webkit on aarch64 due to this binutils bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=19353
Applying patch which fixes this, stripped out changelog entry
from patch to make it apply without error.
|
|
CVE: CVE-2015-8778
Improve check against integer wraparound in hcreate_r [BZ #18240]
This is an integer overflow in hcreate and hcreate_r which can result in
an out-of-bound memory access. This could lead to application crashes
or, potentially, arbitrary code execution.
Upstream-Status: Backport [2.23]
(cherry-picked from commit bae7c7c7, 4bd228c8)
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
|
|
Fixed when rebuild:
mkdosfs: file /path/to/hdd.image already exists
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry-pick from 9abcd309c098558360cde2bff65be840ead25f83)
Signed-off-by: Tim Kilbourn <tkilbourn@gmail.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport the fix 7885da3974 ("pkg_get_provider_replacees: do not
add installed pkg to replacee list"). This avoids opkg trying to
remove a package twice e.g. when upgrading.
Suggested-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|