Age | Commit message (Collapse) | Author |
|
Source: https://github.com/MariaDB/server.git
MR: 69290
Type: Security Fix
Disposition: Backport from mariadb-5.5.54~4
ChangeID: 8fcdd6b0ecbb966f4479856efe93a963a7a422f7
Description:
CVE-2016-6664
Signed-off-by: Sunil Kumar <sukumar@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://github.com/kkos/oniguruma
MR: 74856
Type: Security Fix
Disposition: Backport from oniguruma-v6.3
ChangeID: 8560428b9d675202266dde31373ce49757ba05be
Description:
fix #59 : access to invalid address by reg->dmax value
Author: K.Kosako <kosako@sofnec.co.jp>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://github.com/kkos/oniguruma/
MR: 74855
Type: Security Fix
Disposition: Backport from oniguruma-v6.3.0
ChangeID: 9ffd46b3694a88bb943c0b407311ad549d624ac5
Description:
The byte value expressed in octal must be smaller than 256
Author: K.Kosako <kosako@sofnec.co.jp>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://github.com/kkos/oniguruma
MR: 74853
Type: Security Fix
Disposition: Backport from oniguruma-v6.3.0
ChangeID: 9ee6052341bbd1f64ea5e403528e4a8729c633a8
Description:
fix #60 : invalid state(CCS_VALUE) in parse_char_class()
Author: K.Kosako <kosako@sofnec.co.jp>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: https://github.com/kkos/oniguruma
MR: 74852
Type: Security Fix
Disposition: Backport from oniguruma-v6.3.0
ChangeID: 0ce4cdc4e4e4a520237a6adab002637f8fcaae8d
Description:
fix #58 : access to invalid address by reg->dmin value
Author: K.Kosako <kosako@sofnec.co.jp>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: php-src.git
MR: 70039
Type: Security Fix
Disposition: Backport from php-7.2.0
ChangeID: 7af5552e8c05decf9ea6de19c81ee4bf0037f56f
Description:
imagefilltoborder stackoverflow on truecolor images
We must not allow negative color values be passed to
gdImageFillToBorder(), because that can lead to infinite recursion
since the recursion termination condition will not necessarily be met.
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: http://git.php.net/repository/php-src.git
MR: 70057
Type: Security Fix
Disposition: Backport from php-5.6.30-RC1
ChangeID: e1e263d511f28c9d986f1adb193b0c5eb4c0cceb
Description:
Fixed the Memory leak due to invalid wddx stack processing.
Author: Stanislav Malyshev <stas@php.net>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: http://git.php.net/repository/php-src.git
MR: 70048
Type: Security Fix
Disposition: Backport from Backport from php-5.6.29RC1
ChangeID: ebcd0ab0790fb0c70877e12aa0a76ae478bb204f
Description:
Fixed bug #73331 - NULL Pointer Dereference in WDDX Packet Deserialization
with PDORow.
Author: Stanislav Malyshev <stas@php.net>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Source: meta-openembedded
MR: 68765, 00000
Type: Integration
Disposition: Merged from meta-openembedded
ChangeID: 1aed8604e5757f9805d98348e78b1f2f09c6bc86
Description:
Use-after-free vulnerability in the CURLFile implementation in
ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via crafted serialized data that is mishandled
during __wakeup processing.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9137
https://bugs.php.net/bug.php?id=73147
Upstream patch:
http://git.php.net/?p=php-src.git;a=commitdiff;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
Reviewed-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Jeremy Puhlman <jpuhlman@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ERROR: flite-alsa-1.3-r1 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '/build/build_artifacts/morty/tmp/work/i586-poky-linux/flite-alsa/1.3-r1/packages-split/libflite-alsa/usr/lib/libflite_cmulex.so.1.3'
ERROR: flite-alsa-1.3-r1 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '/build/build_artifacts/morty/tmp/work/i586-poky-linux/flite-alsa/1.3-r1/packages-split/libflite-alsa-vox8/usr/lib/libflite_cmu_us_kal.so.1.3' [ldflags]
ERROR: flite-alsa-1.3-r1 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '/build/build_artifacts/morty/tmp/work/i586-poky-linux/flite-alsa/1.3-r1/packages-split/libflite-alsa-vox16/usr/lib/libflite_cmu_us_kal16.so.1.3' [ldflags]
V2]
use ${PN}
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
ERROR: log4cpp-1.1.1-r0 do_package_qa: QA Issue: No GNU_HASH in the elf binary: '/build/build_artifacts/morty/tmp/work/i586-poky-linux/log4cpp/1.1.1-r0/packages-split/log4cpp/usr/lib/liblog4cpp.so.5.0.6' [ldflags]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Note, hostapd and wpa_supplicant use the same sources. This commit uses the same
patch than OpenEmbedded-core commit 1d92cb1a20135cfffff9f94a6633ec0840518738 in
morty branch.
Signed-off-by: Isaac Hermida <isaac.hermida@digi.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
musl has ucontext.h header but does not implement the APIs
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b545c0643d2b2a1f1a816e789ff67116c613de5b)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
When cross compiling, the word size of the compiler set via HOST_CC
must match the word size of the target. That's achieved by appending
"-m32" to BUILD_CC_ARCH if the target word size is known to be 32bits.
Unfortunately the current list of over-rides (powerpc, x86 and arm)
does not cover all cases. Add mips and mipsel to the list too (which
is still not enough to cover all targets or corner cases such as x32,
but better than before).
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 18771a9c9946c04dcd3ec89559018c8bbb15201c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Before the path to the dependencies was hard coded into the generated
PocoConfig.cmake file. This causes issues with sstate.
This change overrides the libraries with just the library names and thus
let's the linker take care of finding them.
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 49ea5f4fa4a350f4e0c0e0ece855174274e5fcc1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* --ignore-fail-on-non-empty works when the directory isn't empty, but still reports
failure when the directory doesn't exist at all, like in:
http://errors.yoctoproject.org/Errors/Details/138248/
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit b8368598aed3e07cfb638b537e409bd0b3692df9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The picocom complains about missing GNU_HASH from the binary during
QA stage, this is because the picocom Makefile overrides CPPFLAGS,
CFLAGS and LDFLAGS. Fix this by passing those as an argument to make.
Moreover, since picocom 1.7 now accepts VERSION variable and the
UUCP_LOCK_DIR is set to /var/lock by default, drop the CPPFLAGS
override altogether and replace it simply with passing VERSION
argument to make to precisely retain the original intention.
Signed-off-by: Marek Vasut <marex@denx.de>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit d77049facb76c9372101ccaa38e6f0523cf6c05d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 1250668972522b6f1552de23b7cfc4a93701c24b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
as well
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 1214d169f52301bf89b8b15339feb92d84306e2e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit cafa3a45425108ecbae0ef9324a6228c145fc9f8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
With musl charset.alias is generated due to a gnu-config bug
Fixes
QA Issue: zile: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/charset.alias
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 64640f4e30d7756d80157d49342ae174db2fa065)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 2e3645ea471c95f75aec2fd044950926e008959c)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 738d386c8c361204fb43e4a7171c00163cdaed57)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit ff5d50b43f9729fce33360fa0e9e7ff6a51ac7cf)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit df3d2beaf9e5d4cfc31b2b1e209dc1d8e3956fd3)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
pass correct LDFLAGS to build
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 040036aba62ffc8707e599d19c32c66b27dd85b4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* fixes:
No GNU_HASH in the elf binary:
'/tmp/work/armv5te-oe-linux-gnueabi/pngcheck/2.3.0-r0/packages-split/pngcheck/usr/bin/pngcheck'
[ldflags]
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 9097d4a3fbc57d9c77d18e6a96620241c76c5b77)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
`inherit externalsrc gitver` is a very useful combo to get development trees
in your workspace having a ${PN}_git.bb with PV=${GITVER} coexisting with a regular
${PN}_${PV}.bb
but not everyone wants to checkout all developments sources and managinging different
layers for each options is quite troublesome.
making `gitver` skip the .bb instead of panic()ing every time EXTERNALSRC is missing
allows people to have a single development layer where packages get enabled if
the right sources are present or falling back to the last release if not
Signed-off-by: Alejandro Mery <amery@hanoverdisplays.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
v2:
* use git rev-parse instead of rev-list for consistency with get_git_pv
* fix getVar() to pass `expand` as required by morty's bitbake
Signed-off-by: Alejandro Mery <amery@hanoverdisplays.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Alejandro Mery <amery@hanoverdisplays.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
https://www.python.org/dev/peps/pep-3110/
It's backward compatible with 2.6+
Signed-off-by: Alejandro Mery <amery@hanoverdisplays.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The newly resurrected devmem2.c file besides having a new location, also
updates its header, producing different checksums, which would conflict
with any previously cached or mirrored instances. To avoid such conflicts,
use a different filename in fetch(). Rename it back to original name at
unpack() for devmem2-fixups-2.patch to succeed w/o modifications.
WARNING: devmem2-1.0-r7 do_fetch: Fetcher failure for URL: 'http://www.free-electrons.com/pub/mirror/devmem2.c'. Checksum mismatch!
File: '/OE/master/downloads/devmem2.c' has md5 checksum be12c0132a1ae118cbf5e79d98427c1d when e23f236e94be4c429aa1ceac0f01544b was expected
File: '/OE/master/downloads/devmem2.c' has sha256 checksum ec382c90af3ef2f49695ff14a4d6521e58ac482c4e29d6c9ebca8768f699c191 when 3b15515693bae1ebd14d914e46d388edfec2175829ea1576a7a0c8606ebbe639 was expected
If this change is expected (e.g. you have upgraded to a new version without updating the checksums) then you can use these lines within the recipe:
SRC_URI[md5sum] = "be12c0132a1ae118cbf5e79d98427c1d"
SRC_URI[sha256sum] = "ec382c90af3ef2f49695ff14a4d6521e58ac482c4e29d6c9ebca8768f699c191"
Otherwise you should retry the download and/or check with upstream to determine if the file has become corrupted or otherwise unexpectedly modified.
WARNING: devmem2-1.0-r7 do_fetch: Renaming /OE/sources/devmem2.c to /OE/sources/devmem2.c_bad-checksum_be12c0132a1ae118cbf5e79d98427c1d
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Change URL due to connexion error on the original page.
As the header of the new devmem2.c source file has changed, change the
signature and the LIC_FILES_CHKSUM specificaiton.
Signed-off-by: Nicolas Ferre <nicolas.ferre@microchip.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* fedorahosted is retired
https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* otherwise build fails with:
http://errors.yoctoproject.org/Errors/Details/138387/
make[2]: *** No rule to make target 'auto_check_header_qbconfig.c', needed by 'auto_check_header_qbconfig.o'. Stop.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
* https://fedoraproject.org/wiki/Infrastructure/Fedorahosted-retirement
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Error was not caused by RSS but upstream package path renaming without version
bump - tse tse...
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
(cherry picked from commit 3a9e21d928199a5c8943857b13114f26dc6defd2)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
RROR: lmsensors-3.4.0-r0 do_checkuri: Fetcher failure for URL: 'http://dl.lm-sensors.org/lm-sensors/releases/lm_sensors-3.4.0.tar.bz2'. URL http://dl.lm-sensors.org/lm-sensors/releases/lm_sensors-3.4.0.tar.bz2 doesn't work
ERROR: lmsensors-3.4.0-r0 do_checkuri: Function failed: do_checkur
The project moved to google.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a2e1a14961b9fe9aede61fa91a29272bd70071f6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Max Krummenacher <max.krummenacher@toradex.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 1dcc6e1d044c82038c7d6eb8cd6848128724f70a)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Thomas Perrot <thomas.perrot@tupi.fr>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 42a46903392c85b2b2cc7ed9a8413261f03a8ab4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes:
ARNING: gflags-2.1.2-r0 do_fetch: Failed to fetch URL
git://github.com/gflags/gflags.git;branch=master, attempting MIRRORS if
available
ERROR: gflags-2.1.2-r0 do_fetch: Fetcher failure: Unable to find
revision 1a02f2851ee3d48d32d2c8f4d8f390a0bc25565c in branch master even
from upstream
ERROR: gflags-2.1.2-r0 do_fetch: Fetcher failure for URL:
'git://github.com/gflags/gflags.git;branch=master'. Unable to fetch URL
from any source
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit 1ba2436bdd9f22070c7e0a00f3a7422f6ecdcc4e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Version 3.1.3 includes security fix and all users are encouraged by the
developers to update to this or newer version as soon as possible.
fixes: CVE-2016-4303
see https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
Signed-off-by: Oleksandr Kravchuk <oleksandr.kravchuk@pelagicore.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
(cherry picked from commit fa65be9ba7943a68b988b5e1a3a37cda7ac74c37)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Fixes
WARNING: mpv-0.15.0-r0 do_package_qa: QA Issue: mpv rdepends on libvdpau, but it isn't a build dependency, missing libvdpau in DEPENDS or PACKAGECONFIG? [build-deps]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 761639b9d7681c81dd69eaf3a37c32791d6e97fd)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|