Age | Commit message (Collapse) | Author |
|
GitHub automatically-generated tarballs from tags can and do change over time,
so change libproxy to use the uploaded tarball.
(From OE-Core rev: 1a159da61a8a3d06918f838b1dcec45eed2815a7)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
CVE-2017-12678: In TagLib 1.11.1, the rebuildAggregateFrames function in
id3v2framefactory.cpp has a pointer to cast vulnerability, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted audio file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-12678
Patch from:
https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6
(From OE-Core rev: 24ac12ecb19efc7c131c9711ba32e298ba860eb7)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes
a NULL pointer dereference and crash when reading crafted input that
triggers assignment of a NULL value within an asn1_node structure. It
may lead to a remote denial of service attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10790
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;
h=d8d805e1f2e6799bb2dff4871a8598dc83088a39
(From OE-Core rev: 6176151625c971de031e14c97601ffd75a29772f)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Fixes:
ERROR: nativesdk-libcheck-0.10.0-r0 do_package_qa: QA Issue:
/usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/bin/checkmk
contained in package nativesdk-libcheck requires
/usr/local/oecore-x86_64/sysroots/x86_64-oesdk-linux/usr/bin/gawk,
but no providers found in RDEPENDS_nativesdk-libcheck? [file-rdeps]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is used in NVD for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2016-6153
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit cec6f26f4d2f16c9a58fac5a6344e3d43b36ed09)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This is used in NVD database entries like CVE:
https://nvd.nist.gov/vuln/detail/CVE-2016-1951
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit c75e5d3f4b9293cf2f2ebdd3a23743b3df7aa3df)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It is used in NVD as product name for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-8786
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ce32c5b8ee77012b36c74323f298dc561741aebd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
It is used in NVD for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2017-7246
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 523e823988f08679a384a14c4e768b2819f8a6bf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
NVD uses it for CVE's like:
https://nvd.nist.gov/vuln/detail/CVE-2014-8146
Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit eaac39100cadc81c89e6eb5ab389cd684699aa90)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes CVE-2017-7526, 'flush+reload side-channel attack on RSA secret keys dubbed
"Sliding right into disaster"'.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from
side-channel observation during the signing process) can easily recover the
long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this
session key in secure memory, to ensure that constant-time point operations are
used in the MPI library.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport upstream patch to fix CVE-2017-5029.
(From OE-Core rev: 5266e74c990df1cf965d162d9695eb5a698883ae)
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Something in the fetched webpage made the default regex matching really slow.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
In the 2.25 release, libcap dropped its dependency on an external
libattr library:
https://git.kernel.org/pub/scm/linux/kernel/git/morgan/libcap.git/commit/?id=85f38a573fc47472ab792e813b6f6b6f0b1df112
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixed race issue:
In file included from acl_copy_entry.c:22:0:
libacl.h:19:21: fatal error: sys/acl.h: No such file or directory
#include <sys/acl.h>
[snip]
compilation terminated.
acl_get_file.c:27:24: fatal error: acl/libacl.h: No such file or directory
#include <acl/libacl.h>
^
The acl.h is in "include" directory, and include/Makefile creates
symlink "sys" and "acl" poinst to current dirctory:
$ ls include/ -l
acl -> .
sys -> .
So if "libacl" target runs before "include", the error would happen
since no "acl" or "sys" directory.
Let libacl depend on include can fix the problem.
[YOCTO #11349]
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Existing patch was actually doing the wrong thing and
sometimes removing a linking flag (-lgpgme) that should be present.
Instead, gpgme-config actually has internal logic to remove /usr/lib from the output,
which works only in non-multilib setups, so it is adjusted to include all possible
/usr/lib* and /lib* directories.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To fix a problem when print ERROR after a ptest timeout, this
causes the user confusion about if a test ends or not.
[YOCTO #10842]
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There are a number of reasons that importing a module could cause output on
stderr that isn't a fatal error (compatibilty problems with inputrc, or encoding
warnings) so backport a patch from autoconf-archive to only check the exit code
instead of asserting that stderr is empty.
[ YOCTO #11231 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Re-order some assignments to be logically arranged.
Remove the set -ex statements as they serve no purpose.
Pass --debug-configuration to see what configuration steps boost is taking.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As Python 3 is the default Python version, change Boost to build against Python
3 instead of Python 2 if enabled. It's not simple to support both, so this
means that support for building boost-python against Python 2 has been removed.
This involves backporting a number of patches upstream to fix Python 3 support,
and telling Boost precisely where to find the Python headers and libraries so
that it doesn't try to invoke the host Python to determine these values.
[ YOCTO #11104 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Rename local function to avoid conflicts with compiler intrinsics
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Building the C++ bindings for native requires a host C++ compiler with
C++11 support. Since these bindings are currently not needed, we can
disable them and thus avoid increasing the requirement for the host C++
compiler.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Stop creating the static library archive(liba(ttr|cl).a) when --disable-static
configure option used.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
|
|
To fix:
file /usr/share/man/man1/which.1 conflicts between attempted installs
of debianutils-doc-4.8.1-r0.core2_64 and which-doc-2.21-r3.core2_64
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It breaks rpm 4.x because musl is printing an error message
when the symbol is not found, and rpm takes it as an actual error.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Version 6.x of Berkeley DB has been rejected by open source community due to its hostile
AGPLv3 license; both Fedora and Debian are sticking with db 5.x - and by extension,
all the open source projects are still developed and tested with db 5.x
In oe-core the only thing that was requiring db 6.x was rpm 5.x, and so there's no reason
to continue carrying db 6.x in oe-core. If someone needs API features that are only available in
db 6.x, it can be re-added to meta-oe.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As it varies from one machine to another.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Replace some "+=/=+" with "=" when setting BBCLASSEXTEND, they are
redundant and inconsistent with the same setting in other recipes.
Signed-off-by: Ming Liu <peter.x.liu@external.atlascopco.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Was detected in Martin's world build
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
gpgme failed when configuring since you can only configure for one python
system at a time (via the inherits). So we need to have a PACKAGECONFIG
that defines which one [or neither] you want to use.
The prior pkgconfig patch introduced the usage of the variable PKG_CONFIG,
which is not defined anywhere. Define this.
When building the python module, we can not call gpg-error-config, so we
need to find an alternative way of finding the information the setup.py.in
requires. (In this case, it's easy to just use the environment
STAGING_INCDIR.)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
These are recipes where the upstream has moved to GPLv3 and these old
versions are the last ones under the GPLv2 license.
There are several reasons for making this move. There is a different
quality of service with these recipes in that they don't get security
fixes and upstream no longer care about them, in fact they're actively
hostile against people using old versions. The recipes tend to need a
different kind of maintenance to work with changes in the wider ecosystem
and there needs to be isolation between changes made in the v3 versions
and those in the v2 versions.
There are probably better ways to handle a "non-GPLv3" system but right
now having these in OE-Core makes them look like a first class citizen
when I believe they have potential for a variety of undesireable issues.
Moving them into a separate layer makes their different needs clearer, it
also makes it clear how many of these there are. Some are probably not
needed (e.g. mc), I also wonder whether some are useful (e.g. gmp)
since most things that use them are GPLv3 only already. Someone could
now more clearly see how to streamline the list of recipes here.
I'm proposing we mmove to this separate layer for 2.3 with its future
maintinership and testing to be determined in 2.4 and beyond.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
For mingw32 targets do not attempt to replace the
syscfg/lock-obj-pub.*.h as for mingw32 there are no arch specific
headers that are included in the libgpg-error source.
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This fixes the long-standing error:
../../libgpg-error-1.26/src/posix-lock.c:137: get_lock_object: Assertion `!"sizeof lock obj"' failed.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Drop backported 0002-boost-test-execution_monitor.hpp-fix-mips-soft-float.patch
Rebase consider-hardfp.patch to 0001-When-using-soft-float-on-ARM-we-should-not-expect-th.patch
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Rebase nss-fix-support-cross-compiling.patch
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Dropped patches are all backports.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Drop 0001-Do-not-add-cli-args.h-to-cli-args.stamp-Makefile-tar.patch, it's merged upstream.
Rebase 0001-configure.ac-fix-sed-command.patch.
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
3.16.2 -> 3.17.0
* Approximately 25% better performance from the R-Tree extension.
* Other performance improvements. Uses about 6.5% fewer CPU cycles.
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|