| Age | Commit message (Collapse) | Author |
|---|
|
The dot releases are maint only.
2.4.4 included:
CVE-2017-17742: HTTP response splitting in WEBrick
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
CVE-2018-8777: DoS by large request in WEBrick
CVE-2018-8778: Buffer under-read in String#unpack
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
2.4.3 includes:
CVE-2017-17405: Command injection vulnerability in Net::FTP
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The dbm module uses gdbm by default which is also a build dependency.
(From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.
commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
Date: Wed Apr 12 00:21:18 2017 +0000
Merge json-2.0.4.
* https://github.com/flori/json/releases/tag/v2.0.4
* https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
(From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup for pyro context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
(From OE-Core rev: 3ff2d0bc7a8e7a7e8c8e953dc0ccf84d891688ef)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup for pyro context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
This error can appear in gdb/nat/linux-ptrace.c because of
the order in which some headers are processed:
| In file included from ../../gdb-7.11.1/gdb/nat/linux-ptrace.c:20:0:
| ../../gdb-7.11.1/gdb/nat/linux-ptrace.h:175:22: error: expected identifier before numeric constant
| # define TRAP_HWBKPT 4
| ^
| Makefile:2357: recipe for target 'linux-ptrace.o' failed
| make[2]: *** [linux-ptrace.o] Error 1
| make[2]: *** Waiting for unfinished jobs....
| make[2]: Leaving directory '/oe/build/tmp-rpb-glibc/work/aarch64-linaro-linux/gdb/7.11.1-r0/build-aarch64-linaro-linux/gdb'
| Makefile:8822: recipe for target 'all-gdb' failed
| make[1]: *** [all-gdb] Error 2
| make[1]: Leaving directory '/oe/build/tmp-rpb-glibc/work/aarch64-linaro-linux/gdb/7.11.1-r0/build-aarch64-linaro-linux'
| Makefile:846: recipe for target 'all' failed
| make: *** [all] Error 2
A patch from GDB's current master solves the issue.
(From OE-Core rev: 4aaf747099714ec11158571527396ed9e818729e)
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
ERROR: distcc-3.2-r0 do_fetch: Fetcher failure: Unable to find revision d8b18df3e9dcbe4f092bed565835d3975e99432c in branch 3.2 even from upstream
ERROR: distcc-3.2-r0 do_fetch: Fetcher failure for URL: 'git://github.com/distcc/distcc.git;branch=3.2'. Unable to fetch URL from any source.
ERROR: distcc-3.2-r0 do_fetch: Function failed: base_do_fetch
[v2]
upstream deleted the branch and the hash no longer exists.
Took the git snapshot from yocto and created a copy on my github.
There was no offical 3.2 release, only rc versions.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
glibc 2.27 added function copy_file_range(), and e2fsprogs happens to
have a different function with the same name. The conflict made
e2fsprogs-native build fail.
Here's a backport of a fix from upstream, the fix was released in
e2fsprogs 1.43.8.
The master branch doesn't need this fix, since it has new enough
e2fsprogs version. At least rocko, pyro and morty need this, I haven't
checked older stable branches. Apparently the problematic function was
introduced in e2fsprogs version 1.43.
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
glibc 2.27 has added memfd_create() but this conflicts with a copy in qemu, so
take a patch from upstream to fix building with glibc 2.27.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Should also fix build on new build hosts where
with glibc 2.27 rpc support is dropped in favor
of libtirpc
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
| ../../valgrind-3.12.0/VEX/priv/host_ppc_isel.c: In function 'iselInt64Expr':
| ../../valgrind-3.12.0/VEX/priv/host_ppc_isel.c:3270:1: internal compiler error: Segmentation fault
| }
| ^
| Please submit a full bug report,
| with preprocessed source if appropriate.
| See <http://gcc.gnu.org/bugs.html> for instructions.
| rm -f libvexmultiarch-amd64-linux.a
| Makefile:1813: recipe for target 'priv/libvex_amd64_linux_a-host_ppc_isel.o' failed
Remove the patch to gcc causing this until the issue can be figured out.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backported series of patches from https://github.com/hjl-tools/gcc.git
branch /hjl/indirect/gcc-6-branch/master which contains
an IA patch series for security related issues
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
The following commit added the FL_LPAE flag to FL_FOR_ARCH7VE, but
neglected to also add it to the armv7ve compatible cores defined in
arm-cores.def.
https://github.com/gcc-mirror/gcc/commit/af2d9b9e58e8be576c53d94f30c48c68146b0c98
The result is that gcc 6.4 now refuses to allow -march=armv7ve and
-mcpu=XXX to be used together, even when -mcpu is set to an armv7ve
compatible core:
arm-linux-gnueabi-gcc -march=armv7ve -mcpu=cortex-a7 -Werror ...
error: switch -mcpu=cortex-a7 conflicts with -march=armv7ve switch [-Werror]
Fix by defining flags for armv7ve compatible cores directly from
FL_FOR_ARCH7VE, rather than re-creating the armv7ve flags
independently by combining FL_FOR_ARCH7A with the armv7ve specific
FL_THUMB_DIV and FL_ARM_DIV flags.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Backport
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82445
Fixes [YOCTO 12297]
Cherry-picked from oe-core master 568227133be3f9f015679df3525f6c4f86304fd0
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 568227133be3f9f015679df3525f6c4f86304fd0)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Cherry-picked from oe-core master 7874fa86cb583fe6a178b95ead09430486197197
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Fixes
internal compiler error: Max. number of generated reload insns per insn is achieved (90)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Cherry-picked from oe-core master 21caa8bcda93ce67ef58548f7b85d0569d13d0b9
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
This resolves a conflict when both python-nose and python3-nose are pulled
into an image and try to install ${bindir}/nosetests binary.
This matches with how other distros are solving this problem, e.g. Debian:
https://packages.debian.org/jessie/all/python3-nose/filelist
Also, other packages like python3-setuptools are already doing the same with
their binaries.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Extend python3-setuptools to nativesdk because nativesdk-python3-pip needs
it.
Also, adjust RDEPENDS variable setting to keep the runtime dependencies
for nativesdk package the same with the target one. The native package and
the target package's dependencies remain the same as before.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Kelly <mkelly@xevo.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The gentoo.osuosl.org mirror doesn't store all versions of pax-utils, so
use the maintainers own mirror which stores them all.
Fixes [YOCTO #11559]
(From OE-Core rev: 2f21725d68db1e76c8494522d6d4ca8a4aee080e)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
OE-core commit 800753069f667cd1664d70b3779150c467e3b3fe remove
RPROVIDES list to get runtime dependences from manifest file.
python3-misc is added in python3 recipe, we need to add
native runtime to use python3-misc with native recipes.
Signed-off-by: Fabio Berton <fabio.berton@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 31fd20811f6d11e7ed6ac84caf776ac46cd6fb6f)
Signed-off-by: André Draszik <andre.draszik@jci.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
The Invisible Mirror FTP service is currently down, and FTP is horrible, so
switch to the HTTP mirror.
(cherry picked from commit f31461f8ea11e82dbe14454a1149d9ec2120404d)
[YOCTO #12455]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Upstream has removed the 1.71 release from www.cpan.org and
moved to the latest 1.72. Since we don't want to upgrade at
this point of time, temporarily move the SRC_URI to yoctoproject
source mirror.
[YOCTO #12454]
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
[v2]
Fixed signed-off-by for CVE-2017-9955_9
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
|
Affects <= 2.28
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
Armin Kuster
Andre McCurdy
Ross Burton
Leonardo Sandoval
Daniel Díaz
Armin Kuster
Tanu Kaskinen
Richard Purdie
Khem Raj
Juro Bystricky
Denys Dmytriyenko
Chen Qi
Maxin B. John
Fabio Berton
Chang Rebecca Swee Fun