Age | Commit message (Collapse) | Author |
|
This is a followup patch to incomplete CVE-2014-6271 fix code execution via
specially-crafted environment
This patch changes the encoding bash uses for exported functions to avoid
clashes with shell variables and to avoid depending only on an environment
variable's contents to determine whether or not to interpret it as a shell
function.
(From OE-Core daisy rev: 6c51cc96d03df26d1c10867633e7a10dfbec7c45)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment
Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
(From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
CVE-2014-6271 aka ShellShock.
"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."
(From OE-Core master rev: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
== is a bashism use = instead.
(Based on OE-Core master rev: c90d1047c41148cbd57f26b5a34563346602a71b)
Signed-off-by: Stefan Stanacar <stefanx.stanacar@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
(From OE-Core master rev: bc6258f88705b0e7989089a8666ac5e5d2355823)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
[YOCTO #5212]
(From OE-Core rev: cb41aff1ac343b4fa8b4c9d43cc38652f7593ee6)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It contains helper programs that are needed to make mc do the right actions
for the various file formats it understands.
The helpers are perl, python and shell scripts, split them out so the core
mc does not try to pull in perl and python, it will still run without these
helpers.
[YOCTO #4432]
(From OE-Core rev: 6d0205576ef1e8a62c469b883dc0c962440469a7)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* it's autodetected from sysroot
* add PACKAGECONFIG to make it deterministic
(From OE-Core master rev: 871d9d264dbf43ca4a7d000f39253d16854c0bd3)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* when it's not detected in sysroot it uses bundled version
* add explicit dependency to make it deterministic
* PACKAGECONFIG wasn't used because configure doesn't have an
option to select which one should be used
(From OE-Core master rev: 98c6ea817bb0ca60bddc6be5cf90f14d46cc05a2)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* it's autodetected from sysroot
* add PACKAGECONFIG to make it deterministic
(From OE-Core master rev: a886f2f78c847df9d6fbbcbd3c4ad3581b928e2f)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* it's autodetected from sysroot and makeconfig doesn't allow
to explicitly define what's expected
(From OE-Core master rev: 203d5e1deb53e1c968498ff7595f57c73dc2697a)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* acl is autodetected from sysroot
* add PACKAGECONFIG to make it deterministic
(From OE-Core master rev: 4f0b420b8a64862e6caa53ba0653c27a3d2387c3)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: a564463609f4ec832adbe12bff7a66ece53a0d9f)
Signed-off-by: Christopher Larson <chris_larson@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Move to using the PACKAGECONFIG mechanism to select configure options and
dependencies. Without this the system will attempt to discover various
dependencies, and usually does so incorrectly.
We also ensure that the nativesdk version does not inherit any of the
DISTRO_FEATURES. We shouldn't need acl or xattr support for nativesdk.
(From OE-Core master rev: d9f9bfed56ef8562256fc01c3e42e15734230c3a)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Create a new build enviroment, build wget failed
...
configure:34512: checking for libssl
configure:34542: i586-poky-linux-gcc -m32 -march=i586 --sysroot=/home/jiahongxu/yocto/build-20130613-qemu/tmp/sysroots/qemux86 -o conftest - O2 -pipe -g -feliminate-unused-debug-types -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed conftest.c -ldl -lssl /home/jiahongxu/yocto/build- 20130613-qemu/tmp/sysroots/qemux86/lib/libcrypto.so -lz >&5
/home/jiahongxu/yocto/build-20130613-qemu/tmp/sysroots/x86_64-linux/usr/libexec/i586-poky-linux/gcc/i586-poky-linux/4.7.2/ld: cannot find -lz collect2: error: ld returned 1 exit status
...
>From log as we known, the reason is link zlib failed, it isn't
explicitly in wget's DEPENDS. Add zlib to wget's DEPENDS.
[YOCTO #4749]
(From OE-Core master rev: e54393f18e2ffa5d8dbeca2357b0b3b7e4e31829)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* missing dependency on pkgconfig-native was causing
that PKG_CHECK_MODULES(DBUS, dbus-1) stayed unexpanded in
configure script:
checking for dbm_store in -lndbm... no
libpam/1.1.6-r2/Linux-PAM-1.1.6/configure:
line 14217: syntax error near unexpected token `libtirpc,'
libpam/1.1.6-r2/Linux-PAM-1.1.6/configure:
line 14217: ` PKG_CHECK_MODULES(libtirpc, libtirpc,'
Configure failed. The contents of all config.log files follows to aid
debugging
(From OE-Core master rev: d8d230a164b4e98dbb3a9e6d9bb567c2aabee7f9)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* missing dependency on pkgconfig-native was causing
that PKG_CHECK_MODULES(DBUS, dbus-1) stayed unexpanded in
configure script:
checking for ext2fs_initialize in -lext2fs... yes
quota/4.01-r1/quota-tools/configure: line 3746: syntax error near unexpected token `DBUS,'
quota/4.01-r1/quota-tools/configure: line 3746: ` PKG_CHECK_MODULES(DBUS, dbus-1)'
Configure failed. The contents of all config.log files follows to aid debugging
(From OE-Core master rev: 933df6f9cc309cfb5d63401c5b6cf8d4432a1b1a)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Apparrently a LICENSE change was missed, so we add the GPLv2 version back in
(From OE-Core master rev: 002818712fab5c6325b1f7205512945ea87ad76c)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: 4090c4d9b204118ec9826db02b0739ce60563dd4)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
shadow falsely assumes that if --enable-libpam is set, it doesn't need to link
against libcrypt; this breaks chsh. (This same fix exists in Arch.)
(From OE-Core master rev: f68eccd67a3f9ed0d62e5ab75545891bd724daa3)
Signed-off-by: Richard Tollerton <rich.tollerton@ni.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* it's autodetected from sysroot
(From OE-Core master rev: 0d6fa308e7c2838a51013b16b348e95f9e177105)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: f0c89f4122a0df67a003a6721afb45d7979ffc6f)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: 661897219bc50d569a2c87b414ab04a7f83f5a8e)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This removed patch is a workaround for gcc-4.5 manifests buffer
overflow with app-arch/tar-1.{22,23}, according to the information
from https://bugs.gentoo.org/show_bug.cgi?id=317139.
The problem with that patch is that it's only setting the magic
field of the header while the original statement sets both the magic
and the version field of the header. Because of this, all tar balls
created by the tar package in OE will be treated as old V7 format
tar balls.
As a negative effect of this behaviour, the tar package in OE cannot
handle device files correctly. This in turn leads to the udev cache
failure in images like core-image-lsb-sdk.
[YOCTO #4815]
(From OE-Core master rev: 32210f73c7e9f24951306f462b25e66e1d11a6b8)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
openvswitch build failed due to wrong install path of man.local which is
provided by groff.
Error log:
/yocto/build/tmp/sysroots/x86_64-linux/usr/share/groff/1.22.2/tmac/an-old.tmac:690:
warning: can't find macro file `man.local'
(From OE-Core master rev: 5f2dd65e758ead8177a1cdda047bdb105b96e208)
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If a logfile is a symlink, it may be read when being compressed, being
copied (copy, copytruncate) or mailed. Secure data (eg. password files)
may be exposed.
Portback nofollow.patch from:
http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
(From OE-Core master rev: d0e3fc1b28fc16200adbe690aa27124041036ba3)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Change default for user_readenv to 0 and document the
new default for user_readenv.
This fix from:
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.c?r1=1.22&r2=1.23&view=patch
http://pam.cvs.sourceforge.net/viewvc/pam/Linux-PAM/modules/pam_env
/pam_env.8.xml?r1=1.7&r2=1.8&view=patch
(From OE-Core master rev: 871ae7a6453b3b66610fd8bbaa770c92be850e19)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Multiple integer overflows in GNU Grep before 2.11 might allow
context-dependent attackers to execute arbitrary code via vectors
involving a long input line that triggers a heap-based buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667
(From OE-Core master rev: 7dd4d0178e2b057f76cd2b0b6fe8402f8c1ab23d)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: bb6e59e58033edac509d449b4be916ad6a0a5ad1)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: e34257bab558384936ba73f78902a5185ed51c49)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
${datadir} was empty when building ${B} != ${S}, this patch addresses that
problem and means the -lenses package is no longer empty.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patches from linux-pam git repo to fix test case
tst-pam_pwhistory1 failure.
[YOCTO #4107]
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Upstream closed my bug and rewrote the patch, so update our patch with a
backport from upstream.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Staring from glibc 2.17 the crypt() function will error out and return NULL if
the seed or "correct" is invalid. The failure case for this is the sudo user
having a locked account in /etc/shadow, so their password is "!", which is an
invalid hash. crypt() never returned NULL previously so this is crashing in
strcmp().
[ YOCTO #4241 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Because rename libpng_1.2.50 to libpng, remove the perfer verion from
default-versions.inc and add libpng12 to lsb packagegroup.
Signed-off-by: Kang Kai <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch came from Slackware and address a change in crypt()'s handling
of an invalid seed, which in the past returned an encrypted string and now
returns a NULL.
[YOCTO #4097] related to tinylogin segfault
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Poky distro codename info added to /etc/lsb-release file.
lsb_release script will not complain anymore about
the incompleteness of /etc/lsb-release file by
returning an error code.
Increases LSB compliance.
Partial fix for [YOCTO #4071].
Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The --with/--without pam support in configure appears to have been dropped
leading to builds which can detect host headers, then fail or result in non-
determinstic builds. Add an explicit option to fix this detection.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add nspr for LSB library check.
[YOCTO 4015]
Signed-off-by: Kang Kai <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The last change to sudo broke out of tree builds, fix this.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Perl packages should know about arch so that they could install to the
correct libdir. Or else they always install to the default libdir in
multilib builds.
Signed-off-by: Jesse Zhang <sen.zhang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Split out the packages added for Eclipse remote debugging to a separate
package group so that we can avoid pulling them in if not using Eclipse.
Fixes [YOCTO #3251].
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
cross compiling sudo doesnt work well since it uses
mksigname and mksiglist to generate C sources which
are then used in sudo build itself. With this patch
now we make sure those hosttools are compiled for
build machine. It fixes the build failures like
./mksigname > signame.c
/bin/sh: ./mksigname: cannot execute binary file
make[1]: *** [signame.c] Error 126
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Previous commits have meant that PolicyKit isn't used by default anymore, so
remove this now that it's been integrated into meta-gnome.
Rationales for this move inludes that PolicyKit isn't "core" for embedded
systems, and future versions require the SpiderMonkey JavaScript runtime.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
srcdir is still relative to pwd. We need to use
abs_srcdir to get absolute source directory names
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
do_install needs to reference files in ${B} and we need to run
do_configuze in ${S}.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The install function needs to reference generated files in ${B}.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix out of tree builds and a parallel make race, see the patch header
for details.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|