Age | Commit message (Collapse) | Author |
|
The variable in question should have been called ecc->p. The patch has been
updated so that the compilation of the nettle recipe would complete
successfully. The backport originated from this commit
https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
Signed-off-by: ngutzmann <nathangutzmann@gmail.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
(From OE-Core master rev: 7474c7dbf98c1a068bfd9b14627b604da5d79b67)
minor tweak to get x86_64/ecc-384-modp.asm to apply
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
(From OE-Core master rev: f62eb452244c3124cc88ef01c14116dac43f377a)
hand applied changes for ecc-256.c
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
CVE-2016-0755 curl: NTLM credentials not-checked for proxy connection re-use
(From OE-Core master rev: 8322814c7f657f572d5c986652e708d6bd774378)
hand applied changed to url.c
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
CVE-2016-0754 curl: remote file name path traversal in curl tool for Windows
(From OE-Core master rev: b2c9b48dea2fd968c307a809ff95f2e686435222)
minor tweak to tool_operate.c to get it to apply
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
CVE-2015-7511 libgcrypt: side-channel attack on ECDH with Weierstrass curves
affects libgcrypt < 1.6.5
adjust SRC_URI + for this version.
Patch 1 is a dependancy patch. simple macro name change.
Patch 2 is the cve fix.
(From OE-Core master rev: c691ce99bd2d249d6fdc4ad58300719488fea12c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
CVE-2016-2090 Heap buffer overflow in fgetwln function of libbsd
affects libbsd <= 0.8.1 (and therefore not needed in master)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
this is related to [Yocto # 9008]
8.38:
The following security fixes are included:
CVE-2015-3210 pcre: heap buffer overflow in pcre_compile2() compile_regex()
CVE-2015-3217 pcre: stack overflow in match()
CVE-2015-5073 CVE-2015-8388 pcre: Buffer overflow caused by certain patterns with an unmatched closing parenthesis
CVE-2015-8380 pcre: Heap-based buffer overflow in pcre_exec
CVE-2015-8381 pcre: Heap Overflow in compile_regex()
CVE-2015-8383 pcre: Buffer overflow caused by repeated conditional group
CVE-2015-8384 pcre: Buffer overflow caused by recursive back reference by name within certain group
CVE-2015-8385 pcre: Buffer overflow caused by forward reference by name to certain group
CVE-2015-8386 pcre: Buffer overflow caused by lookbehind assertion
CVE-2015-8387 pcre: Integer overflow in subroutine calls
CVE-2015-8389 pcre: Infinite recursion in JIT compiler when processing certain patterns
CVE-2015-8390 pcre: Reading from uninitialized memory when processing certain patterns
CVE-2015-8392 pcre: Buffer overflow caused by certain patterns with duplicated named groups
CVE-2015-8393 pcre: Information leak when running pcgrep -q on crafted binary
CVE-2015-8394 pcre: Integer overflow caused by missing check for certain conditions
CVE-2015-8395 pcre: Buffer overflow caused by certain references
CVE-2016-1283 pcre: Heap buffer overflow in pcre_compile2 causes DoS
8.37:
The following security fixes are included:
CVE-2014-8964 pcre: incorrect handling of zero-repeat assertion conditions
CVE-2015-2325 pcre: heap buffer overflow in compile_branch()
CVE-2015-2326 pcre: heap buffer overflow in pcre_compile2()
LICENSE file changed do to Copyright date updates.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Jethro and master don't require this patch as they have newer libpcre which
contains these fixes.
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: 7d2da0e)
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
054151c libiconv: Fix B != S with uclibc builds
273c437 libiconv: Remove RPATH from binaries
fcb8d6f libiconv_1.14.bb: Fix build failure [partial-merge]
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: 898e9d7)
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
This is a is being give a High rating so please consider it for
all 1.1.28 versions.
A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
libunwind: Invalid dwarf opcodes can cause references beyond the end of
the array
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h
in libunwind 1.1 allows local users to have unspecified impact via
invalid dwarf opcodes.
(From OE-Core master rev: 9c4e7f5c009b076b0bc638a02fcf3d96c362e7eb)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
_asn1_extract_der_octet: prevent past of boundary access
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch;
h=f979435823a02f842c41d49cd41cc81f25b5d677
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Fixes use-after-free flaw in CRL distribution points parsing
Reference:
https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02
http://www.openwall.com/lists/oss-security/2015/04/15/6
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
CVE-2014-8146 icu: heap overflow via incorrect isolateCount
CVE-2014-8147 icu: integer truncation in the resolveImplicitLevels function
References:
[1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z
[2] https://www.kb.cert.org/vuls/id/602540
[3] http://bugs.icu-project.org/trac/changeset/37080
[4] http://bugs.icu-project.org/trac/changeset/37162
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
AC_LIB_HAVE_LINKFLAGS can sometimes find host libs and is therefore not
robust when cross-compiling. Remove it for zlib and use PKG_CHECK_MODULES
instead.
(From OE-Core rev: 78a0e916882a747c267808c08ab8bc615198b5a8)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport patch to fix CVE-2014-3564.
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f
(From OE-Core rev: 421e21b08a6a32db88aaf46033ca503a99e49b74)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
|
|
The default search path in sysroot is sufficient to find zlib, so the
--with-libz-prefix configure option seems to be unnecessary.
For target builds, relying on sysroot also prevents an absolute path
from being hardcoded in the gnutls.pc pkg-config file.
(From OE-Core rev: 7a800bfeb6c8c83ee7cc74739f496982cd71c8e8)
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The icu recipe installs icu-native twice, once in the usual location,
and once for cross builds into the path given by --with-cross-build.
This latter path is not included in the list of paths recognised by
chrpath.bbclass, hence the binaries in there retain the rpath as used
during compilation. This causes the package to not be relocateable
from sstate
[YOCTO #6851]
We use the infrastructure that is in place already, and simply set
PREPROCESS_RELOCATE_DIRS as necessary, and things start to work.
(From OE-Core rev: e7fcaa534511e3f65b630b01cf0c824ee5a5fd4d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* it was partially fixed in:
commit 291e20a51544c640d07767d1dc32d762f4370f41
Author: Venkata ramana gollamudi <ramana.gollamudi@huawei.com>
Date: Fri Apr 13 11:42:46 2012 +0000
Subject: boost: fix re-execution of task
but with disadvantage that when CXX or *FLAGS variables were changed
it was continuing to use old values
* just remove the line before appending it with current values to fix
that
(From OE-Core rev: 8ce9584a78079b3db88eabfa902025a94443378d)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
oe-core 51540b64f62234c145fc32cfa3fbbaaebbeece08 altered libcap.inc (at the
time) to append to EXTRA_OEMAKE rather than assign to it. The default value
for EXTRA_OEMAKE contains "-e". This means that the change caused "-e" to
be passed to make for the first time.
Unfortunately passing "-e" subtly changes the behaviour of libcap's
Make.Rules under recursive make when prefix="" (which it is for us since
we're using meta-micro.)
Without "-e" the prefix comes from the command line in both the parent and
submakes. This takes precedence over any attempt to reassign it with a
simple "=" operation so the headers are correctly installed in (empty
string)/include.
With "-e" the prefix still comes from the command line in the parent make
but from the environment in the submake. The attempt to assign it fails in
the parent make as before, but not in the submake so the headers are
installed incorrectly in /usr/include.
In all four cases the "ifdef prefix" else clause is executed.
So, let's assign EXTRA_OEMAKE in order to avoid using "-e" at all.
(From OE-Core rev: a8d35fa4fd76ea4a70063492cd5eab0858f2edb6)
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This issue was reported on poky ml as well see
https://lists.yoctoproject.org/pipermail/poky/2013-December/009435.html
Change-Id: Iedf22467889893111fde0433e411fd0546a38546
(From OE-Core rev: 3c58712465494e441c4036a7cf21d2e6d343efab)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It is a backport patch, and verified that the patch is in the source.
(From OE-Core rev: a7e723bd78e280ae48e6de725b2881b35ae21f5c)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There is a pspell-config.
(From OE-Core master rev: 53c8a954e699b3ae3e7a0a2b3860cf7c9ad1288e)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add a default option to the case statement and remove the duplicates. Also add support for armv8b architectures.
(From OE-Core master rev: 8d207e55031c0b93387e728f4312b8cb34ad5b12)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When try to build nss with x32 ABI enabled fails because
it need to be specified USE_X32 env var.
[YOCTO #7420]
(From OE-Core master rev: 2898c2cf94bd690ebfc4ab5f4d220e6ea05aca82)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Most modern x86 systems return i686 as the system type. This
patch handles i486, i586 and i686 correctly.
(From OE-Core master rev: 1b24eaa71702c07e525d8a62c08c0983e9917468)
Signed-off-by: Gary Thomas <gary@mlbassoc.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes compile errors when usb.h is included in
other packages, it expects sys/types.h to be
there, instead it should include it itself
Change-Id: Ib49477b7d3f3cd97d65c9578bdc33f2ee33f5a26
(From OE-Core master rev: 577b5c6ce6753b9ae3587da47caf6ecfac358668)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When tries to build lzop using x32 ABI fails trying to get
FLAGS register that is 64-bit and destination variable is
32-bit size_t.
[YOCTO #7424]
(From OE-Core master rev: 6122c5e02b96ab786204d08b470177d824004d24)
Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Because the build of nss seems to ignore CFLAGS, we never
have put source code in the -dbg package. We do not address
the CFLAGS issue, but we do add -g to the definition of CC
so that we will generate debug info.
We also let package.bbclass populate the -dbg package instead
of forcing the contents locally.
(From OE-Core master rev: 0ec01bbd845b61798366441b2c7e5b8738db6b32)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes below listed bugs:
1. CVE-2015-3143
2. CVE-2015-3144
3. CVE-2015-3145
4. CVE-2015-3148
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
--dbpath option can be used in cases where users don't want
createrepo to use system rpm db to avoid possible collisiouns
with other programs.
For bitbake builds it would be possible to specify different
databases even for every createrepo run. Considering that rootfs
builds can run multiple createrepo in parallel, it can help to avoid
race conditions caused by accessing or creating the same rpm database
by multiple createrepo instances at the same time.
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixed parallel issue:
libtool: link: `bt_rec.lo' is not a valid libtool object
Makefile:867: recipe for target 'libdb-6.0.la' failed
make: *** [libdb-6.0.la] Error 1
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Otherwise the script which converts mozilla certificates extracts
each certificate twice.
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* remove perl runtime dependency from main package
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Enabling support for the smb protocol does not create
a build time dependency on samba.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
The wget reported errors for the past URI since it can't follow the redirection well:
Connecting to cloud.github.com (cloud.github.com)|54.192.140.6|:443... connected.
OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Unable to establish SSL connection.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
|
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Fixes https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1301822.html
libgpg-error FTBFS when built with gcc-5. Here is the relevant excerpt:
| Making all in src
| make[4]: Entering directory '/tmp/buildd/libgpg-error/libgpg-error-1.17/src'
| gawk -f ./mkstrtable.awk -v textidx=3 \
| ./err-sources.h.in >err-sources.h
| gawk -f ./mkstrtable.awk -v textidx=3 \
| ./err-codes.h.in >err-codes.h
| gawk -f ./mkerrnos.awk ./errnos.in >code-to-errno.h
| gawk -f ./mkerrcodes1.awk ./errnos.in >_mkerrcodes.h
| gcc -E -D_FORTIFY_SOURCE=2 _mkerrcodes.h | grep GPG_ERR_ | \
| gawk -f ./mkerrcodes.awk >mkerrcodes.h
| rm _mkerrcodes.h
| gcc -I. -I. -o mkerrcodes ./mkerrcodes.c
| In file included from ./mkerrcodes.c:26:0:
| ./mkerrcodes.h:9:5: error: expected expression before ',' token
| { , "GPG_ERR_E2BIG" },
| ^
It makes invalid assumptions on undefined behaviour of gcc. To see why,
let us look at the contents of the intermediate steps:
_mkerrcodes.h (deleted):
| ...
| #ifdef E2BIG
| E2BIG GPG_ERR_E2BIG
| #endif
| #ifdef WSAE2BIG
| WSAE2BIG GPG_ERR_E2BIG
| #endif
| ...
gcc -E -D_FORTIFY_SOURCE=2 _mkerrcodes.h | grep -v '^$':
| ...
| # 26 "_mkerrcodes.h" 2
| 7
| # 31 "_mkerrcodes.h"
| GPG_ERR_E2BIG
| # 37 "_mkerrcodes.h" 3 4
| 13
| # 37 "_mkerrcodes.h"
| GPG_ERR_EACCES
| ...
As can be seen here, the cpp from gcc-5 can split lines and "grep
GPG_ERR_" fails to account for that.
Change-Id: I6f1476e4afc7163ebc3a05106ceaa3b83e3fab3e
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* it's not complete, but recipes depending on virtual/libx11 are easiest
to spot, I've long list of PNBLACKLIST for all recipes which cannot
be built in distro without x11 in DISTRO_FEATURES
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The previous fix for this issue was incomplete. We also need to change
the source file to avoid this error. Grepping the build directory for boost
will show the issue when building taglib after boost has been built.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
License checksums changed due to year change
- Copyright (C) 2003, 2004, 2010, 2013, 2014 g10 Code GmbH
+ Copyright (C) 2003, 2004, 2010, 2013, 2014, 2015 g10 Code GmbH
Change-Id: I870446796cf9ffe3acae7aeeac2d96d6305d4186
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Given that bitbake.conf sets the default values:
BP = "${BPN}-${PV}"
S = "${WORKDIR}/${BP}"
there are a number of recipes that set the variable S completely
superfluously, so get rid of them.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
lzo_init checksum changed due to date change, not license change
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
pkgconfig.patch needed a minor refresh due to the following fix for
static linking using neon.pc being merged upstream:
http://lists.manyfish.co.uk/pipermail/neon/2013-October/001568.html
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libassuan-native is required for gpgme-native - introduced in next patch
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Patch also includes some minor formatting cleanup of icu.inc.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
I used a for loop to build these packages more than 520 times, these
recipes never failed.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|