summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* dosfstools: fix CP437 error from `dosfsck -l`zeusChristopher Larson4 days1-0/+3
| | | | | | | | | | | | | Fix this error seen when using dosfsck -l to list fs contents: CP437: Invalid argument (From OE-Core rev: 8a5fdac3c2d207b2cfac64ec2a2626c3ef154d84) Signed-off-by: Christopher Larson <chris_larson@mentor.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* libarchive: fix CVE-2019-19221Anuj Mittal4 days2-0/+102
| | | | | | | | | | | | Also see: https://github.com/libarchive/libarchive/issues/1276 (From OE-Core rev: 422bef7a205b9b5d48d5b0e0b2b14ac65484607a) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* glibc: fix CVE-2019-19126Anuj Mittal4 days2-0/+33
| | | | | | | | | | | Backport from 2.30 stable branch and drop NEWS section. (From OE-Core rev: b4d4f70380c100d8ab06557237d8d5649a885e30) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* nasm: fix CVE-2019-14248Anuj Mittal4 days2-0/+44
| | | | | | | | | | | | See: https://bugzilla.nasm.us/show_bug.cgi?id=3392576 (From OE-Core rev: 5ac52e78775759d2d06514ac2ae4c98e94190875) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* ghostscript: fix for CVE-2019-14811 is same as CVE-2019-14813Anuj Mittal4 days1-0/+1
| | | | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813 https://www.openwall.com/lists/oss-security/2019/08/28/2 (From OE-Core rev: afef29326b4332fc87c53a5d9d43288cddcdd944) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* libsoup-2.4: upgrade to 2.66.4Ross Burton4 days1-3/+3
| | | | | | | | | | | | Fixes CVE-2019-17266. (From OE-Core rev: ffdbcd78955d43d34988991f1d217036f044167d) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix release: https://gitlab.gnome.org/GNOME/libsoup/compare/2.66.2...2.66.4] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* go: fix CVE-2019-17596Hongxu Jia4 days2-0/+43
| | | | | | | https://github.com/golang/go/commit/2017d88dbc096381d4f348d2fb08bfb3c2b7ed73 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* bind: Whitelist CVE-2019-6470Adrian Bunk4 days1-0/+4
| | | | | | Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* gdb: Fix CVE-2019-1010180Vinay Kumar4 days2-0/+133
| | | | | | | | | | | | | | | | Source: git://sourceware.org/git/binutils-gdb.git Tracking -- https://sourceware.org/bugzilla/show_bug.cgi?id=23657 Backported upstream commit 950b74950f6020eda38647f22e9077ac7f68ca49 to gdb-8.3.1 sources. Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=950b74950f6020eda38647f22e9077ac7f68ca49] (From OE-Core rev: 82a227e54e704ef9237c1613b9d3350fa26fe9dd) Signed-off-by: Vinay Kumar <vinay.m.engg@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* ghostscript: CVE-2019-14869Stefan Ghinea4 days2-0/+71
| | | | | | | | | | | | | | | | | | | | | | A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. References: https://nvd.nist.gov/vuln/detail/CVE-2019-14869 Upstream patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904 (From OE-Core rev: 0bb88ac63b4e1728373c6425477a32f7a6362b2c) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* build-appliance-image: Update to zeus head revision2019-10.1-zeusRichard Purdie13 days1-1/+1
| | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to zeus head revisionRichard Purdie13 days1-1/+1
| | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance: Use zeus as the branchRichard Purdie13 days1-1/+1
| | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to zeus head revisionRichard Purdie13 days1-1/+1
| | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer: Change SRC_URI to use HTTPS access instead of HTTPCarlos Rafael Giani2019-11-259-9/+9
| | | | | | | | | | | | Some GStreamer recipes like gstreamer1.0-vaapi already use HTTPS instead of http. Also, access to http:// is simply redirected by the freedesktop server to https://, and using HTTPS is anyway generally recommended over plain HTTP for security reasons. So, normalize the URLs to use HTTPS only. Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-validate: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-rtsp-server: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-python: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-omx: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-vaapi: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-libav: upgrade to version 1.16.1Carlos Rafael Giani2019-11-252-38/+2
| | | | | | | | | Removed gtkdoc-no-tree.patch since its changes are now included in 1.16.1 Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-ugly: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-bad: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-good: upgrade to version 1.16.1Carlos Rafael Giani2019-11-253-84/+2
| | | | | | | | | | | * 0001-scaletempo-Advertise-interleaved-layout-in-caps-temp.patch * headerfix.patch Removed since these changes are already included in 1.16.1 Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0-plugins-base: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gstreamer1.0: upgrade to version 1.16.1Carlos Rafael Giani2019-11-251-2/+2
| | | | | | | | | | | | | Signed-off-by: Carlos Rafael Giani <crg7475@mailbox.org> Signed-off-by: Ross Burton <ross.burton@intel.com> [ Bug fix only update per release notes: https://gstreamer.freedesktop.org/releases/1.16/#1.16.1] 1.16.1 The first 1.16 bug-fix release (1.16.1) was released on 23 September 2019 This release only contains bugfixes and it should be safe to update from 1.16.0. ] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: fix CVE-2019-6471 and CVE-2018-5743Kai Kang2019-11-259-0/+2723
| | | | | | | | | | | | | | Backport patches to fix CVE-2019-6471 and CVE-2018-5743 for bind. CVE-2019-6471 is fixed by 0001-bind-fix-CVE-2019-6471.patch and the other 6 patches are for CVE-2018-5743. And backport one more patch to fix compile error on arm caused by these 6 commits. (From OE-Core rev: 3c39d4158677b97253df63f23b74c3a9dd5539f6) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* tiff: Refresh patchZheng Ruoqin2019-11-251-45/+26
| | | | | | | | Refresh CVE-2019-7663.patch as it can't be applyed when using PATCHTOOL = "patch". Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python: update to 2.7.17Alexander Kanavin2019-11-2514-904/+49
| | | | | | | | | | | | | | | | | | | Drop backports, rebase a couple of patches. This is the second last release of py 2.x; upstream support ends on 1 January 2020, there will be one final 2.x afterwards. Note that the only thing that still needs python 2.x in oe-core is u-boot; when the next u-boot update arrives, we should find out where the py3 migration is for that component before merging the update. (From OE-Core rev: 184b60eb905bb75ecc7a0c29a175e624d8555fac) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Revert "devtool/standard.py: Not filtering devtool workspace for devtool finish"Alexander Kanavin2019-11-251-1/+1
| | | | | | | | | | | | | | | This reverts commit 41d225f4a37d02e9f79bdbfb79caac8cd3d291ce. Unfortunately this change broke 'devtool upgrade' functionality, causing 'devtool finish' to write out an upgraded recipe that no longer includes the original upstream source in SRC_URI. (From OE-Core rev: 2d6e55192dba0bf7f6e23e5ab5b3dbc68835bb28) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: fix build for x32Anuj Mittal2019-11-252-0/+43
| | | | | | | | | | | | | | | | | | | | | | | | Commit: d336110b94 boost: update to 1.67.0 dropped the patch that ensured boost doesn't over-ride the architecture flags set by us resulting in errors: | build/tmp/work/x86_64_x32-poky-linux-gnux32/boost/1.69.0-r0/recipe-sysroot/usr/include/bits/long-double.h:44:10: fatal error: bits/long-double-64.h: No such file or directory | #include <bits/long-double-64.h> | ^~~~~~~~~~~~~~~~~~~~~~~ | compilation terminated. Remove the relevant part from gcc.jam again to ensure we are passing them correctly again. Fixes [YOCTO #13598] (From OE-Core rev: aad28f42b1c8aa1335c040630ebff4a69be07e35) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: fetch CVE data once at a time instead of in a single callRoss Burton2019-11-251-10/+10
| | | | | | | | | | | | | | | | | | | This code used to construct a single SQL statement that fetched the NVD data for every CVE requested. For recipes such as the kernel where there are over 2000 CVEs to report this can hit the variable count limit and the query fails with "sqlite3.OperationalError: too many SQL variables". The default limit is 999 variables, but some distributions such as Debian set the default to 250000. As the NVD table has an index on the ID column, whilst requesting the data CVE-by-CVE is five times slower when working with 2000 CVEs the absolute time different is insignificant: 0.05s verses 0.01s on my machine. (From OE-Core rev: 53d0cc1e9b7190fa66d7ff1c59518f91b0128d99) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: neaten get_cve_infoRoss Burton2019-11-251-13/+5
| | | | | | | | | | | Remove obsolete Python 2 code, and use convenience methods for neatness. (From OE-Core rev: f19253cc9e70c974a8e21a142086c13d7cde04ff) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: rewrite look to fix false negativesRoss Burton2019-11-251-29/+34
| | | | | | | | | | | | | | | | | A previous optimisation was premature and resulted in false-negatives in the report. Rewrite the checking algorithm to first get the list of potential CVEs by vendor:product, then iterate through every matching CPE for that CVE to determine if the bounds match or not. By doing this in two stages we can know if we've checked every CPE, instead of accidentally breaking out of the scan too early. (From OE-Core rev: d61aff9e22704ad69df1f7ab0f8784f4e7cc0c69) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: clean up proxy handlingRoss Burton2019-11-251-26/+5
| | | | | | | | | | | | urllib handles adding proxy handlers if the proxies are set in the environment, so call bb.utils.export_proxies() to do that and remove the manual setup. (From OE-Core rev: 6b73004668b3b71c9c38814b79fbb58c893ed434) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: add an index on the CVE ID columnRoss Burton2019-11-251-0/+3
| | | | | | | | | | | | Create an index on the PRODUCTS table which contains a row for each CPE, drastically increasing the performance of lookups for a specific CVE. (From OE-Core rev: b4048b05b3a00d85c40d09961f846eadcebd812e) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: don't hardcode the database nameRoss Burton2019-11-251-2/+2
| | | | | | | | | | | | Don't hardcode the database filename, there's a variable for this in cve-check.bbclass. (From OE-Core rev: 0d188a9dc4ae64c64cd661e9d9c3841e86f226ab) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-update-db-native: don't refresh more than once an hourRoss Burton2019-11-251-1/+9
| | | | | | | | | | | | | We already fetch the yearly CVE metadata and check that for updates before downloading the full data, but we can speed up CVE checking further by only checking the CVE metadata once an hour. (From OE-Core rev: 50d898fd360c58fe85460517d965f62b7654771a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check: we don't actually need to unpack to checkRoss Burton2019-11-251-2/+1
| | | | | | | | | | | | The patch scanner works with patch files in the layer, not in the workdir, so it doesn't need to unpack. (From OE-Core rev: 2cba6ada970deb5156e1ba0182f4f372851e3c17) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libsoup: set CVE_PRODUCTRoss Burton2019-11-251-0/+2
| | | | | | | | Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* lz4: Whitelist CVE-2014-4715Adrian Bunk2019-11-251-0/+3
| | | | | | | Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa: reproducible: Add option to capture bad packagesJoshua Watt2019-11-251-0/+20
| | | | | | | | | | | Adds an option that can be used to copy the offending packages to a temp directory for later evaluation. This is useful on the Autobuilder to investigate failures. Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* selftest: check that 'devtool upgrade' correctly drops backported patchesAlexander Kanavin2019-11-254-5/+65
| | | | | | | | | | There was a regression in this functionality that went unnoticed due to lack of tests. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cairo: the component is dual licensedAlexander Kanavin2019-11-251-6/+6
| | | | | | | | | | | | Somehow, over the years, no one noticed that cairo does in fact offer a choice between mpl and lgpl, but the COPYING makes it clear: https://gitlab.freedesktop.org/cairo/cairo/blob/1.16/COPYING Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest/sstatetests: Ensure we don't use hashequiv for sstatesigs testsRichard Purdie2019-11-251-0/+12
| | | | | | Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sanity: Add check for tar older than 1.28Richard Purdie2019-11-251-1/+4
| | | | | | | | | | Older versions break opkg-build when reproducible builds are enabled. Rather than trying to be selective based on which features are enabled, lets just make this a minimum version. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* core-image-full-cmdline: Add lessRichard Purdie2019-11-251-0/+1
| | | | | | | | | | Less was coming from busybox in these images, add the full version. [YOCTO #13630] Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg-utils: Fix silent empty/broken opkg package creationRichard Purdie2019-11-252-0/+34
| | | | | | | | | | | | | opkg-build was failing on hosts where tar < 1.28 and reproducibile builds were enabled but it was doing this silently and generating corrupted (empty) ipk files. Add a fix for this (submitted upstream). The fix requires bash but if you're building ipk files this shoudn't be a problem. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* opkg: Add upstream fixes for empty packagesRichard Purdie2019-11-253-0/+102
| | | | | | | | | An ipk with a zero size data.tar file caused opkg to crash with a double free abort. Add the upstream fixes for this. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* iputils: Whitelist CVE-2000-1213 CVE-2000-1214Adrian Bunk2019-11-191-0/+4
| | | | | | | | | (From OE-Core rev: 9fea7c3fae30bb1eecb31ec3bf777db981dc1eed) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>