mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-06 07:19:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,242 Commits 38 Branches 619 Tags
51d3a57bc8c5428b0010fd74a22da2a7e83697b6
Commit Graph

43242 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ross Burton
51d3a57bc8 opkg: fix conffile errors in 'opkg status' calls 
If a conffile has been deleted (common when building a debugfs) the status
command will throw errors instead of handling that situation.  Stop the code
being executed in the first place if it wasn't asked for, and handle errors
gracefully.

[ YOCTO #10761 ]

(From OE-Core rev: c32bca840d262ebc5ac93b06d0bce79729a178b1)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
André Draszik
c51ac0b5c3 coreutils_6.9: fix musl compilation 
As per the patch

(From OE-Core rev: a0cb33b3285de03ae901e474da255efc88811c2d)

Signed-off-by: André Draszik <adraszik@tycoint.com>
Acked-by: Sylvain Lemieux <slemieux@tycoint.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>

Cherry-pick from meta-gplv2:

  http://git.yoctoproject.org/cgit/cgit.cgi/meta-gplv2/commit/?id=e42ded0ee35d0aab0de8fa090eda9f1c08bcbb4c

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Richard Purdie
169aff63bf coreutils_6.9: Disable broken man pages 
These are generated from --help output of the host tools which is clearly
incorrect, particularly given the older nature of this recipe. Simply
disable them entirely.

(From OE-Core rev: a70dc7d38764e1835ed947599b7fcbe3cc71d5b1)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Cherry-pick from meta-gplv2:

  http://git.yoctoproject.org/cgit/cgit.cgi/meta-gplv2/commit/?id=46349e1a8734fb94a04bf7c234c01fa175333238

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Andre McCurdy
230407cab0 gmp_4.2.1: prevent calls to mpn_add_nc() if HAVE_NATIVE_mpn_sub_nc is false 
When building for aarch64 (ie relying only on generic C code rather
than asm) libgmp.so contains undefined references to __gmpn_add_nc
and __gmpn_sub_nc which causes attempts to link with -lgmp to fail:

 | .../usr/lib/libgmp.so: undefined reference to `__gmpn_sub_nc'
 | .../usr/lib/libgmp.so: undefined reference to `__gmpn_add_nc'

Solution based on a historical patch posted to the gmp mailing list:

  https://gmplib.org/list-archives/gmp-discuss/2006-May/002344.html

Cherry-pick from meta-gplv2:

  http://git.yoctoproject.org/cgit/cgit.cgi/meta-gplv2/commit/?id=d8668018d5d795be2297f878fd871a27edf532bf

(From OE-Core rev: 93af40ae113e9b505a9739ca2688360f12015fb7)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Andre McCurdy
61d7b4aa03 libevdev: add libcheck dependency 
The libevdev configure script contains an unconditional check for
libcheck. If libcheck is found, libevdev unit tests will be built.

Without a dependency, the presence of libcheck in sysroot is non
deterministic (in morty and earlier) and builds can fail if libcheck
is available during do_configure but not during do_compile.

(In pyro and later, the libcheck dependency is not required to make
libevdev builds deterministic due to recipe specific sysroots).

(From OE-Core rev: 9dc52a9959b05c9fa548f1991366f29ae873a793)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Rajkumar Veer
eb70e899c4 ruby: Security fix for CVE-2017-14064 
Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1

(From OE-Core rev: 8d53b03e8fa1bc20c0d77d6cd7869bd7f7325987)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Rajkumar Veer
ecd6e7d101 ruby: Security fix for CVE-2017-14033 
affects ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1

(From OE-Core rev: 6033983453ff7b39d9d0d0a64353611128e26fae)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
32c81fb55d ruby: Security fix for CVE-2017-9229 
affects ruby < 2.4.1

(From OE-Core rev: a636bf8cb5063f349b2af6594b131af6852b3076)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
7039d1ad32 ruby: Secruity fix for CVE-2017-9226 
affects ruby < 2.4.1

(From OE-Core rev: 0c1eec0c6a789e1e9dbfcc66c3fb8c7d1d8b4e99)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
7f7e00483a ruby: Security fix for CVE-2017-9228 
affects ruby < 2.4.1

(From OE-Core rev: cdfb60a7b573c034868ef27d8eb2c667f2a7ad1d)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
5899c6b77c ruby: Security fix for CVE-2017-9227 
affects ruby < 2.4.1

(From OE-Core rev: d83f18936a0eb470e8faf7adbd7c580c23fa3370)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
cab5a620ac ruby: Security fix for CVE-2016-7798 
affectes ruby < 2.3.1

(From OE-Core rev: 6af2319008dc16c61092f71ff227c285aac51288)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Rajkumar Veer
fe8a56109b curl: Security fix for CVE-2017-1000101 
Affected versions: curl 7.34.0 to and including 7.54.1
Not affected versions: curl < 7.34.0 and >= 7.55.0

(From OE-Core rev: 3cd67ae472cf163a592aac6ca783e451068fca0c)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Rajkumar Veer
dc96e5ae3f curl: Security fix for CVE-2017-1000100 
Affected versions: libcurl 7.15.0 to and including 7.54.1
Not affected versions: libcurl < 7.15.0 and >= 7.55.0

(From OE-Core rev: 2ad0d34313b30f3f18d2f15879294fab310aa874)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
6131edc2c9 curl: Security fix for CVE-2016-9586 
Affected versions: libcurl 7.1 to and including 7.51.0
Not affected versions: libcurl >= 7.52.0

(From OE-Core rev: 559ccc284987846c5b266cc2bc5ecd91c1c155f9)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
c4339c0e74 curl: Security fix for CVE-2016-8624 
Affected versions: curl 7.1 to and including 7.50.3
Not affected versions: curl >= 7.51.0

(From OE-Core rev: 26e464767ab53cb78e4ede10c77fe12907a7daad)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
5affd0af1f curl: Security fix for CVE-2016-8617 
Affected versions: curl 7.1 to and including 7.50.3
Not affected versions: curl >= 7.51.0

(From OE-Core rev: 3b73976716ee71a8040221f22c5fbda79512a958)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
b0827cbb4b curl: Security fix for CVE-2016-8623 
Affected versions: curl 7.10.7 to and including 7.50.3
Not affected versions: curl < 7.10.7 and curl >= 7.51.0

(From OE-Core rev: 2da99dc9f7f3d8373cc3108c18300723ad4a243a)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
d8353bdb23 curl: Security fix for CVE-2016-8621 
Affected versions: curl 7.12.2 to and including 7.50.3
Not affected versions: curl < 7.12.2 and curl >= 7.51.0

(From OE-Core rev: d664a1372c3322093038fc8443026e3499e977ec)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
00c963cfa3 curl: Security fix for CVE-2016-8620 
Affected versions: curl 7.34.0 to and including 7.50.3
Not affected versions: curl < 7.34.0 and curl >= 7.51.0

(From OE-Core rev: daeb0f5369f7c9ff470c9db3ba6ae42ac5abea2c)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
5d93f6b23b curl: Security fix for CVE-2016-8619 
Affected versions: curl 7.3 to and including 7.50.3
Not affected versions: curl < 7.3 and curl >= 7.51.0

(From OE-Core rev: 3b97fc78d9cfee6586f3d55f04f20f72fd1af8dd)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
b29b1bc1d7 curl: Security fix for CVE-2016-8618 
Affected versions: curl 7.1 to and including 7.50.3
Not affected versions: curl >= 7.51.0

(From OE-Core rev: 1fc1c9a11eee2f5ba727b18300a92949b166b035)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
c8ebaaaf8d curl: Security fix for CVE-2016-8615 
Affected versions: curl 7.1 to and including 7.50.3
Not affected versions: curl >= 7.51.0

(From OE-Core rev: b754be84206b454789fbd6d444d00a4e422cb3e9)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
a5cbc746fa tiff: Security fix for CVE-2017-7593 
(From OE-Core rev: ff3904dec584daf627c267bf639d69aca13a1227)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
c505c12a07 tiff: Security fix for CVE-2017-7602 
(From OE-Core rev: 12325a8ebb5cab1837a6f6092eaa623a1a784eb6)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
9e658d2462 tiff: Security fix for CVE-2017-7601 
(From OE-Core rev: ade8551d6a6810e87e83af72ea217aeca55c65c4)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
e963d34b7f tiff: Security fix for CVE-2017-7598 
(From OE-Core rev: 7e367796d4bf97e299ee966b120f924de0f2bb04)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
3c0fab47bc tiff: Security fix for CVE-2017-7596 
(From OE-Core rev: 94daee02cad9930d4ada648fd4bfdb63510643c0)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
dc293a78fc tiff: Security fix for CVE-2017-7595 
(From OE-Core rev: 6536bfecb13b06765fdf6cb6fd70ce64f9077b8e)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
f8db77f490 tiff: Security fix for CVE-2017-7594 
(From OE-Core rev: 7bdb52d06a46ad659fc85db1992f9c6ab2fcf065)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
8192fe8abe tiff: Security fix for CVE-2017-7592 
(From OE-Core rev: 75e953388fa1973cdbd0897894a3e5398de16a10)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
de7d5146bc tiff: Security fix for CVE-2016-10270 
(From OE-Core rev: eeb7197d85435ec73be8b77accc0feea7e1536bb)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
dcb2fc9d7c tiff: Security fix for CVE-2016-10269 
(From OE-Core rev: 46504a224a9f33f1f8752bbcd51a285d19920524)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
7b108a757b tiff: Security fix CVE-2016-10267 
(From OE-Core rev: 87aebc2b02131d2fce0621faf399916c4789c293)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
1ca6c2afe8 tiff: Security fix CVE-2016-10266 
(From OE-Core rev: 3a604aa5cb0d35a9df10a5b958eb4a871de76c26)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
60d8855b3e tiff: Security fix CVE-2016-10268 
(From OE-Core rev: 24b62c84102116e6531babc68d8d2fb33e3f2d5c)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
776791238d tiff: Secruity fix CVE-2016-10093 
(From OE-Core rev: 6e39b24d003fb4e702097a01142fcfe2861593dd)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
bef8d0ed39 tiff: Security fix for CVE-2016-10271 
(From OE-Core rev: 8fb9a143e93de5a2de4b7d5fe2712c29d7ca4263)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Yi Zhao
9b6e00b7d7 tiff: Security fixes 
Fix CVE-2017-9147, CVE-2017-9936, CVE-2017-10668, CVE-2017-11335

References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9147
https://nvd.nist.gov/vuln/detail/CVE-2017-9936
https://nvd.nist.gov/vuln/detail/CVE-2017-10668
https://nvd.nist.gov/vuln/detail/CVE-2017-11335

Patches from:
CVE-2017-9147:
4d4fa0b68a
CVE-2017-9936:
fe8d716595
CVE-2017-10688:
6173a57d39
CVE-2017-11355:
69bfeec247

(From OE-Core rev: 5c89539edb17d01ffe82a1b2e7d092816003ecf3)

(From OE-Core rev: eaf72d105bed54e332e2e5c0c5c0a0087ecd91dd)

(From OE-Core rev: dc7573cd330d1fc2e4bd50c1ba171906e1d5d5c0)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

minor fixes to get to apply

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Li Zhou
b35a4b34dd libtiff: Security Advisory - libtiff - CVE-2017-5225 
Libtiff is vulnerable to a heap buffer overflow in the tools/tiffcp
resulting in DoS or code execution via a crafted BitsPerSample value.

Porting patch from <https://github.com/vadz/libtiff/commit/
5c080298d59efa53264d7248bbe3a04660db6ef7> to solve CVE-2017-5225.

(From OE-Core rev: 434990304bdfb70441b399ff8998dbe3fe1b1e1f)

(From OE-Core rev: d26ea3b9b698fcb059aaa34c2408e3b95ca4f31d)

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Joshua Lock
0d44dbdaa8 ruby: fix build of ruby-native with gcc7 
Marsalling is broken when ruby-2.2.x is built with gcc7, backport the change
fix  in Ruby SVN r57410 to apply to ruby 2.2.5:

https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=57410

Fixes [YOCTO #12271]

(From OE-Core rev: b9de98cdc816904583970369848181c2c79f1dc5)

Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Scott Rifenbark
1b231d7b06 documentation: Updated Doc set to 2.2.3 
Poky.ent - variables changed
<manual>.xml - Updated manual revision table
mega-manual.sed - updated 2.2.2 to 2.2.3

(From yocto-docs rev: 4566d401f58f4532b71747c8fe8a486d1091a371)

Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-12 06:51:03 +00:00
Andre Rosa
6da3e0a0ab bitbake: Replace deprecated git branch parameter "--set-upstream" 
Since 2017-08-17 (git version 2.14.1.473.g3ec7d702a) using deprecated
git branch parameter "--set-upstream" causes a fetcher error. Replace
it by "--set-upstream-to".

https://git.kernel.org/pub/scm/git/git.git/commit/?id=52668846ea2d41ffbd87cda7cb8e492dea9f2c4d
says, it's deprecated since 2012-08-30 so hopefully all still supported
host distributions have new enough git to support "--set-upstream-to".

ERROR: PACKAGE do_unpack: Fetcher failure: ...;
git -c core.fsyncobjectfiles=0 branch --set-upstream master origin/master failed with exit code 128, output:
fatal: the '--set-upstream' option is no longer supported. Please use '--track' or '--set-upstream-to' instead.

ERROR: PACKAGE do_unpack: Function failed: base_do_unpack

(Bitbake rev: 991b533f1d61042a7b3edd1fbf3dea0bf9991606)

Signed-off-by: Andre Rosa <andre.rosa@lge.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-07 13:38:57 +00:00
Ross Burton
1d92cb1a20 wpa_supplicant: fix WPA2 key replay security bug 
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.

* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake

* CVE-2017-13078: reinstallation of the group key in the Four-way handshake

* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake

* CVE-2017-13080: reinstallation of the group key in the Group Key handshake

* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake

* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it

* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake

* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame

* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame

Backport patches from upstream to resolve these CVEs.

(From OE-Core rev: c79b479ab4b129007c6679bb0bdd8e2ec7ecb6ad)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-16 23:47:06 +01:00
Armin Kuster
577c91d706 linux-yotoc/4.1: update to 4.1.43 plus CVE-2017-1000251 
(From meta-yocto rev: 95560bdc6414069ad2679f366fbf3a9946815d72)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:32:38 +01:00
Maxin B. John
21daf5cdc3 hostap-utils: use w1.fi for SRC_URI 
epitest.fi is down and hostap-utils source is now available in
w1.fi. So, move SRC_URI to https://w1.fi

Since hostap-utils is only meant for old Intersil Prism2/2.5/3 wifi cards,
this recipe will be removed from oe-core in future (most likely to
meta-handheld)

[YOCTO #12051]

(From OE-Core rev: 541b14c58132e8460a762617889bd5e3d736c1a4)

(From OE-Core rev: 0bc03289b775fefcb7f03e5463c79e4f96cd0b12)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:32:38 +01:00
Armin Kuster
46a8c07a84 linux-yotoc/4.8: update to 4.8.25 plus CVE-2017-1000251 
(From meta-yocto rev: 3a7bbdd637481afd6da47a4084c2dc7cac5836f4)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:30:53 +01:00
Armin Kuster
640b9c6080 linux-yotoc/4.4: update to 4.4.87 plus CVE-2017-1000251 
(From meta-yocto rev: d642307afcc35f1ba01af5e5c3acd0848c93090b)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:30:53 +01:00
Ross Burton
49ace39866 diffstat: use HTTP mirror for SRC_URI 
The Invisible Mirror FTP service is currently down, and FTP is horrible, so
switch to the HTTP mirror.

(From OE-Core rev: f31461f8ea11e82dbe14454a1149d9ec2120404d)

(From OE-Core rev: 4839f039036f3d72f9ef114a37500f9b498101df)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:30:53 +01:00
Alexander Kanavin
9be3cc6eaa v86d: take tarball from debian 
Gentoo is removing the package due to dead upstream;
Debian might carry it for a while longer.

(From OE-Core rev: 5026730a2f0701ebad4ddf57990b1ae3b484ae72)

(From OE-Core rev: ac16b6d3a734de2e2ea3e491d23817774a3e57f6)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:30:53 +01:00