| Age | Commit message (Collapse) | Author |
|---|
|
In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from
side-channel observation during the signing process) can easily recover the
long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this
session key in secure memory, to ensure that constant-time point operations are
used in the MPI library.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes CVE-2017-7526, 'flush+reload side-channel attack on RSA secret keys dubbed
"Sliding right into disaster"'.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Building libunwind, then gcc-runtime causes build failures. This is hard
to fix since gcc-runtime wants the internal gcc unwind.h header but libunwind
wants to provide this. There are differences in include behaviour between gcc
and glibc which are by design.
This patch hacks around the issue by looking for a define used during gcc-runtime's
build and skipping to the internal header in that case. The patch is only enabled
on musl and is the best workaround I could come up with to unblock failing builds
on our autobuilder.
[YOCTO #10129]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
| ERROR: Function failed: Fetcher failure for URL: 'ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz'. URL ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz doesn't work
ERROR: Logfile of failure stored in: /home/akuster/oss/maint/poky/build/tmp/work/x86_64-linux/libxslt-native/1.1.28-r0/temp/log.do_checkuri.16102
Log data follows:
| DEBUG: Executing python function do_checkuri
| DEBUG: Testing URL ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz
| DEBUG: checkstatus() urlopen failed: <urlopen error ftp error: [Errno 110] Connection timed out>
| DEBUG: Python function do_checkuri finished
| ERROR: Function failed: Fetcher failure for URL: 'ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz'. URL ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz doesn't work
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ERROR: Task 75 (/home/akuster/oss/maint/poky/meta/recipes-support/libpcre/libpcre_8.38.bb, do_checkuri) failed with exit code '1'
ERROR: libpcre-native-8.38-r0 do_checkuri: Function failed: Fetcher failure for URL: 'ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.bz2'. URL ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.bz2 doesn't work
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
IDNA 2003 makes curl use wrong host
Affected versions: curl 7.12.0 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102K.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
invalid URL parsing with '#'
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102J.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Use-after-free via shared cookies
Affected versions: curl 7.10.7 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102I.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
URL unescape heap overflow via integer truncation
Affected versions: curl 7.24.0 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102H.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
curl_getdate read out of bounds
Affected versions: curl 7.12.2 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102G.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
glob parser write/read out of bounds
Affected versions: curl 7.34.0 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102F.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
double-free in krb5 code
Affected versions: curl 7.3 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102E.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
double-free in curl_maprintf
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102D.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
OOB write via unchecked multiplication
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102C.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
case insensitive password comparison
Affected versions: curl 7.7 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102B.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
cookie injection for other servers
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102A.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
nss itself enables Werror if gcc is version 4.8 of greater, which fails
the build against new glibc (2.24) because of use of readdir_r(), which
is now deprecated. Let's just disable warnings on deprecated API usage.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=10644
Signed-off-by: Zeeshan Ali <zeeshan.ali@pelagicore.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affected versions:
Affected versions: libcurl 7.19.6 to and including 7.50.1
Not affected versions: libcurl >= 7.50.2
Reference to upstream patch:
https://curl.haxx.se/CVE-2016-7141.patch
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affected versions: libcurl 7.32.0 to and including 7.50.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Affected versions: libcurl 7.1 to and including 7.50.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Affected versions: libcurl 7.1 to and including 7.50.0
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Using ${DEBIAN_MIRROR} for SRC_URI doesn't work very well as that will
only contain releases that are currently in Debian.
So, move all of SRC_URI to the .bb so it can use snapshot.debian.org
instead, and set UPSTREAM_CHECK_URI to ${DEBIAN_MIRROR} so upstream
release checking continues to work.
[YOCTO #10040]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Using ${DEBIAN_MIRROR} for SRC_URI doesn't work very well as that will
only contain releases that are currently in Debian. So, move all of SRC_URI
to the .bb so it can use snapshot.debian.org instead, and set
UPSTREAM_CHECK_URI to ${DEBIAN_MIRROR} so upstream release checking continues
to work.
[YOCTO #10040]
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
[YOCTO #9897] (Fedora-24 host is gcc-6)
Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fix workspace overflow for (*ACCEPT) with deeply nested parentheses.
The patch is from libpcre version control at
http://vcs.pcre.org/pcre?view=revision&revision=1631 with the ChangeLog
part removed. Original author is Philip Hazel.
(From OE-Core rev: 386534f968f4da376ba7778b5d436bad4ce8355b)
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Fix the following QA warning:
WARNING: popt-1.16-r3 do_package_qa: QA Issue: popt rdepends on
libiconv, but it isn't a build dependency, missing libiconv in DEPENDS
or PACKAGECONFIG? [build-deps]
(From OE-Core rev: 08aeb5a9e0067e2e9e0fba8614409102e5a0a00e)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Backport 2 patches from v1.2-rc1 tag of libunwind git repo.
These patches add aarch64_be support to this package.
(From OE-Core rev: 396353c3127b20244c4c5cc321adad7d4e48f544)
Signed-off-by: Ruslan Bilovol <rbilovol@cisco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Instead of adding a custom task (do_boostconfig) simply use the existing
do_configure.
Ensure that there are no relative paths in do_configure.
Instead of editing the user-config.jam sample file in the source tree (which is
entirely comments) and extending it on every build, create a new user-config.jam
in ${WORKDIR}.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
If there is an existing build directory when do enter do_compile() then delete
it, as it contains the previous build. If the rebuild was caused because
dependencies have changed we want to ensure that a rebuild actually happens.
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
"mktemp -t" is deprecated and does not work when using Toybox. Replace
with something that works also with Toybox.
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
ac_cv_sizeof_off_t was previously in the site cache files, which was breaking
large file support and required a workaround in each recipe that actually wanted
to use large files.
Now that the entry has been removed from the site cache, we can remove the
workarounds.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed when build nativesdk-apr-util:
| gawk: fatal: can't open source file `/opt/poky/2.0+snapshot/sysroots/x86_64-pokysdk-linux/usr/share/build-1/make_exports.awk' for reading (No such file or directory)
The ${S} should be ${B}.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed:
ERROR: nativesdk-bdwgc-7.4.2-r0 do_package: QA Issue: nativesdk-bdwgc: Files/directories were installed but not shipped in any package:
/opt/poky/2.0+snapshot/sysroots/x86_64-pokysdk-linux/usr/share
/opt/poky/2.0+snapshot/sysroots/x86_64-pokysdk-linux/usr/share/gc
/opt/poky/2.0+snapshot/sysroots/x86_64-pokysdk-linux/usr/share/gc/porting.html
/opt/poky/2.0+snapshot/sysroots/x86_64-pokysdk-linux/usr/share/gc/gcinterface.html
/opt/poky/2.0+snapshot/sysroots/x86_64-pokysdk-linux/usr/share/gc/gcdescr.html
/opt/poky/2.0+snapshot/sysroots/x86_64-pokysdk-linux/usr/share/gc/README.solaris2
[snip]
This was caused by hardcode of datadir.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The Yocto Autobuilder has been unable to fetch the release package
from the developer's website at www.hboehm.info, so change recipe
to fetch from the developer's github repo instead.
Signed-off-by: Bill Randle <william.c.randle@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
- The main libassuan.so library is LGPLv2.1+
- Test apps (in tests sub directory) and documentation are GPLv3+
- Windows CE specific binaries (gpgcedev.dll and gpgcemgr) are GPLv3+
When building the current OE recipe, the test apps are compiled but
not installed. The Windows CE specific binaries are not compiled.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When using systemd as init rng-tools is causing a circular dependency
between units,
[ 7.706250] systemd[1]: basic.target: Found ordering cycle on
basic.target/start
[ 7.706934] systemd[1]: basic.target: Found dependency on
sysinit.target/start
[ 7.707795] systemd[1]: basic.target: Found dependency on
rng-tools.service/start
[ 7.708692] systemd[1]: basic.target: Found dependency on
basic.target/start
[ 7.709461] systemd[1]: basic.target: Breaking ordering cycle by
deleting job rng-tools.service/start
[ 7.710404] systemd[1]: rng-tools.service: Job rng-tools.service/start
deleted to break ordering cycle starting with basic.target/start
The problem is related to systemd running sysvinit scripts by default
add dependency of basic.target for sysvinit script so when sysvscript
is at rcS is added also as dependency of sysinit.target causing a
cirular dependency in this case: basic.target -> sysinit.target ->
rng-tools.service -> basic.target.
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since ptest-runner is a Yocto Project tool is better to have hosted
into git.yoctoproject.org.
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libunwind makery inserts -nostdlib during linking
which fails the build on musl when security flags are enabled
since it remove ssp from linking, so add them explicitly
to SECURITY_LDFLAGS
disable tests for musl targets, tests use obsolete
posix APIs e.g. getcontext
patchout x86_local_resume() on x86, gets a working
linunwind on x86, it seems that it wont work even
in glibc case but lets leave it as it is for glibc
and apply the patch only for musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport patch from bdwgc mainline which adds initial
support for nios2 architecture.
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Ley Foon Tan <lftan@altera.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@intel.com>
Cc: Thomas Chou <thomas@wytron.com.tw>
Cc: Walter Goossens <waltergoossens@home.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Backport a patch adding nios2 support into libatomic-ops
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Ley Foon Tan <lftan@altera.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Ross Burton <ross.burton@intel.com>
Cc: Thomas Chou <thomas@wytron.com.tw>
Cc: Walter Goossens <waltergoossens@home.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This helps in compiling dependent components like
guile where it shows the problem of missing getcontext
API when using libc which dont implement it e.g. musl
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The variable in question should have been called ecc->p. The patch has been updated
so that the compilation of the nettle recipe would complete successfully. The backport
originated from this commit https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
Signed-off-by: ngutzmann <nathangutzmann@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
|
|
(From OE-Core master rev: 7474c7dbf98c1a068bfd9b14627b604da5d79b67)
minor tweak to get x86_64/ecc-384-modp.asm to apply
(From OE-Core rev: d1903e264ab62d34daeb652c89c6fb67e7c9b42d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: f62eb452244c3124cc88ef01c14116dac43f377a)
hand applied changes for ecc-256.c
(From OE-Core rev: cb03397ac97bfa99df6b72c80e1e03214e059e6e)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
Ross Burton
Richard Purdie
Armin Kuster
Sona Sarmadi
Zeeshan Ali
Maxin B. John
Khem Raj
Tim Orling
Ismo Puustinen
Ruslan Bilovol
Patrick Ohly
Robert Yang
Bill Randle
Andre McCurdy
Aníbal Limón
Marek Vasut
Alexander Kanavin
ngutzmann
Armin Kuster
Mark Hatle