Age | Commit message (Collapse) | Author |
|
CVE-2015-7547: getaddrinfo() stack-based buffer overflow
(Based on OE-Core rev: cf754c5c806307d6eb522d4272b3cd7485f82420)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment
(From OE-Core rev: 03d481070ebc6f9af799aec5d038871f9c73901c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar
(From OE-Core rev: f3c19a39cdec435f26a7f46a3432231ba4daa19c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
it was found that out-of-range time values passed to the strftime function may
cause it to crash, leading to a denial of service, or potentially disclosure
information.
(From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A stack overflow vulnerability was found in nan* functions that could cause
applications which process long strings with the nan function to crash or,
potentially, execute arbitrary code.
(From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A stack overflow vulnerability in the catopen function was found, causing
applications which pass long strings to the catopen function to crash or,
potentially execute arbitrary code.
(From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or
libc6) before 2.23 allows local users to bypass a pointer-guarding protection
mechanism via a zero value of the LD_POINTER_GUARD environment variable.
(From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
includes a depend fix security issue CVE-2015-7500
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
includes:
CVE-2015-7499-1
CVE-2015-7499-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
includes:
CVE-2015-7942
CVE-2015-7942-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
includes:
CVE-2015-7941-1
CVE-2015-7941-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Drop a couple of CVE fixes for easy cherry-picking from jethro.
The same fixes will be pack-ported from jethro in a following
patch.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled
[YOCTO #8641]
(From OE-Core master rev: 27de51f4ad21d9b896e7d48041e7cdf20c564a38)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Apply a patch backported from glibc 2.22 (master) to fix
the loader name on AArch64.
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
This file wasn't named as a patch, nor told to apply explicity, so it was just
unpacked to the work directory and not applied. Rename the file so the patch is
applied correctly.
(thanks to Petter Mabäcker <petter@technux.se> for spotting this)
(From OE-Core master rev: 02be728762c77962f9c3034cd7995ad51afaee95)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Fix linker errors due to posix_spawnp etc being in librt for uclibc.
| sh4-rdk-linux-uclibc-libtool: link: sh4-rdk-linux-uclibc-gcc -ml -m4 --sysroot=/build-foo/tmp/sysroots/foo -O2 -pipe -g -feliminate-unused-debug-types -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed -o .libs/test-names test-names.o libuniname.a ../gnulib-lib/.libs/libgettextlib.so /build-foo/tmp/work/sh4-rdk-linux-uclibc/gettext/0.16.1-r6/build/gettext-tools/intl/.libs/libintl.so -lc /build-foo/tmp/sysroots/foo/usr/lib/libiconv.so
| ../gnulib-lib/.libs/libgettextlib.so: undefined reference to `posix_spawnp'
| ../gnulib-lib/.libs/libgettextlib.so: undefined reference to `posix_spawn_file_actions_adddup2'
| ../gnulib-lib/.libs/libgettextlib.so: undefined reference to `posix_spawn_file_actions_addopen'
| ../gnulib-lib/.libs/libgettextlib.so: undefined reference to `posix_spawn_file_actions_addclose'
| collect2: error: ld returned 1 exit status
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: d46333d)
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
gettext-error_print_progname.patch was originally created for gettext
v0.14.6 and does not apply cleanly to gettext v0.16.1.
Since the original issue addressed by the patch isn't documented and
because gettext v0.16.1 seems to be build OK for uclibc without the
patch, assume the patch is obsolete and no longer required.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: d95d92a)
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Backport upstream fix for building uclibc for SH4 with recent gcc:
http://git.uclibc.org/uClibc/commit/?id=2c8a7766681b704e710f51c0817534e3f9a952d1
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: aa20c3d)
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
The base-files recipe installs /mnt/mtab (it is a softlink of /proc/mounts),
so if an image includes the latter, there is no new to created it again inside
the install-efi.sh script, otherwise an error may occur as indicated on the
bug's site.
[YOCTO #7971]
(From OE-Core master rev: 6c6c6528954952e1e323f5a26afd93b99913e6f2)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
If the ipv6 kernel modules are missing, e.g. /lib/modules/<version>
doesn't match the runnig kernel, networkd doesn't bring up the
interfaces correctly. Backport fix from systemd version v220.
Signed-off-by: Stefan Christ <s.christ@phytec.de>
|
|
(From OE-Core master rev: 5c0dc3e8f49621827e20f79fb6bc945c3f17315e)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Systemd's configuration files for creation, deletion and cleaning
of volatile and temporary files are installed in /usr/lib even when
multilib is in use (when /usr/lib64 is available). In this check the
systemd.conf file will not be found if libdir is /usr/lib64 so we fix the
path to match this file's installation path to look for it in
${exec_prefix}/lib
(From OE-Core master rev: c1ef36c2b3e3876cc166a9a5e153fc6f23b42b92)
Signed-off-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is no more needed.
it was done long ago while systemd lived in meta-openembedded
http://lists.openembedded.org/pipermail/openembedded-commits/2012-August/141061.html
The accompanying patch has been applied to systemd already so we were
not needing to set CPP for sometime now.
as a nice side effect it helps compiling systemd with clang
(From OE-Core rev: b816e3f520bf71c9b681ccea30c8eefd62fb20a2)
(From OE-Core master rev: e95365400ae1ffb6b650723cfb2c6a67913c740c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
glibc has recently turned on Werror globally which is good but then not
all option combos are well tested so there still remains cleanup needed
when not using -O2, so lets just disable Werror in such cases, until
fixed upstream
Change-Id: I2d491c360a15b0752c97ff77ee0faaeede6e8d2a
(From OE-Core master rev: 52a90e8e592ddd228939e15d7fd0d69f3c1e816f)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Upstream has moved git hosts, so update the SRC_URI appropriately.
[ YOCTO #8181 ]
(From OE-Core master rev: c6166b7ff7ebcab424af975b1e5378813c684560)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
This recipe doesn't unpack any source, so set S to ${WORKDIR}.
(From OE-Core master rev: 188a08884d0c1b57d5c8c23f93463399526b19a2)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
(From OE-Core master rev: a79afafd422a9b8e74c0eaac6296e6d1802bb994)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Execute `bitbake valgrind && bitbake systemd -c cleansstate && bitbake
systemd -c configure && bitbake valgrind -c cleansstate && bitbake systemd
-c compile', and we would get the following error.
src/libsystemd/sd-bus/bus-control.c: fatal error: valgrind/memcheck.h: No such file or directory.
Add PACKAGECONFIG option to sovle this problem.
(From OE-Core master rev: e35ee4e016fbd659c88444ab7ee8e86008984f2c)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
systemd's early boot wants to run the vconsole setup units. They were split out
so that systems without visible consoles don't need the overhead of packaging
kbd etc, but we should pull them in by default.
(From OE-Core master rev: a2e7a94f8d777d1cd9a07e1543b88a0cf1f9cd67)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Add PACKAGECONFIG 'selinux' for systemd. debug-shell.service starts
different shell according whether selinux is enabled.
(From OE-Core master rev: 3d1aa27191fe4c21428eaf4ae036acb1496b7df7)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
(From OE-Core rev: 5f3f4196988675e9be5aea8eac56687641b90c10)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It calls /sbin/umount to stop service var-volatile-lib. But umount is
installed into directory /bin. Correct it.
(From OE-Core rev: 55851c6f389cb027496c96f6e0609c8892032e4d)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Systemd 219 immediately unmounts any mounts which don't exist
in fstab. See FDo bug #89383:
https://bugs.freedesktop.org/show_bug.cgi?id=89383
Patch from Fedora:
http://pkgs.fedoraproject.org/cgit/systemd.git/commit/?h=f22&id=9bbe0e92dc59d5a42258c729b105a7d9901eb35e
(From OE-Core rev: a708514a58fd609b7f8c1a4bd4ab35902681f59b)
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also need to correct the path to COPYING.MIT.
(From OE-Core rev: 4c46a6813772d8d35dd1432dbc59f9ff4b3bd074)
(From OE-Core rev: 82661c1cbc619956bb71fc2ee0f10b4048435414)
Signed-off-by: Thomas Perrot <thomas.perrot@tupi.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: c3c240138a38799b611fcc695a51e0c188aa1327)
(From OE-Core rev: 344ed7576603a8202c08a6d28477ef43774a62a8)
Signed-off-by: Thomas Perrot <thomas.perrot@tupi.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix CVE-2015-0245 by preventing non-root and non-systemd processes
from fooling the dbus daemon into thinking systemd service activation
failed.
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
|
|
for CVE-2015-1819 Enforce the reader to run in constant memory
(From OE-Core rev: 9e67d8ae592a37d7c92d6566466b09c83e9ec6a7)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
GCC"s preprocessor starts to add newlines which are not
handled properly by ncurses build system startin from
version 5.0.
See also: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7870
Signed-off-by: Martin Stolpe <martin.stolpe@gmail.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
Backport from upstream glibc:
https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=132a1328eccd20621b77f7810eebbeec0a1af187
Note that the fix is only required when glibc is built for i686/multiarch,
so is not applicable in the default oe-core x86 configuration (which builds
glibc for i586 and therefore does not include SSE2 optimised memcpy etc).
(From OE-Core rev: e643b9bc4c459ea8b59573cf67f2494388e7a377)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libz.so symbolic link created in ${libdir} is
../../${base_libdir}/libz.so.1.2.8. This doesn't work if base_libdir or libdir
is changed, so use oe.path.relative to construct the correct path at build time.
(From OE-Core rev: ada8972ec40441b06e50d3e9ccbc07241a48e30a)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport Arjun Shankar's patch for CVE-2015-1781:
A buffer overflow flaw was found in the way glibc's gethostbyname_r() and
other related functions computed the size of a buffer when passed a
misaligned buffer as input. An attacker able to make an application call
any of these functions with a misaligned buffer could use this flaw to
crash the application or, potentially, execute arbitrary code with the
permissions of the user running the application.
https://sourceware.org/bugzilla/show_bug.cgi?id=18287
(From OE-Core rev: c0f0b6e6ef1edc0a9f9e1ceffb1cdbbef2e409c6)
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com>
Reviewed-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This workaround is not needed in version 219 since the fix is upstreamed with:
919699ec301ea507edce4a619141ed22e789ac0d
(From OE-Core rev: e3330d0602fb3ad347f028063d25f634a36ea344)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Without pkgconfig being present at build time it's possible for the .pc files to
not be installed correctly.
(From OE-Core rev: f049a53078b3876be9fefc1e5f64404a3f378724)
Signed-off-by: Christophe Guillon <christophe.guillon@st.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|