mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-22 15:32:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
43,234 Commits 38 Branches 623 Tags
7039d1ad320d3bb48c0b031340ceb8a5cd273290
Commit Graph

43234 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thiruvadi Rajaraman
7039d1ad32 ruby: Secruity fix for CVE-2017-9226 
affects ruby < 2.4.1

(From OE-Core rev: 0c1eec0c6a789e1e9dbfcc66c3fb8c7d1d8b4e99)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
7f7e00483a ruby: Security fix for CVE-2017-9228 
affects ruby < 2.4.1

(From OE-Core rev: cdfb60a7b573c034868ef27d8eb2c667f2a7ad1d)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
5899c6b77c ruby: Security fix for CVE-2017-9227 
affects ruby < 2.4.1

(From OE-Core rev: d83f18936a0eb470e8faf7adbd7c580c23fa3370)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
cab5a620ac ruby: Security fix for CVE-2016-7798 
affectes ruby < 2.3.1

(From OE-Core rev: 6af2319008dc16c61092f71ff227c285aac51288)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Rajkumar Veer
fe8a56109b curl: Security fix for CVE-2017-1000101 
Affected versions: curl 7.34.0 to and including 7.54.1
Not affected versions: curl < 7.34.0 and >= 7.55.0

(From OE-Core rev: 3cd67ae472cf163a592aac6ca783e451068fca0c)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Rajkumar Veer
dc96e5ae3f curl: Security fix for CVE-2017-1000100 
Affected versions: libcurl 7.15.0 to and including 7.54.1
Not affected versions: libcurl < 7.15.0 and >= 7.55.0

(From OE-Core rev: 2ad0d34313b30f3f18d2f15879294fab310aa874)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
6131edc2c9 curl: Security fix for CVE-2016-9586 
Affected versions: libcurl 7.1 to and including 7.51.0
Not affected versions: libcurl >= 7.52.0

(From OE-Core rev: 559ccc284987846c5b266cc2bc5ecd91c1c155f9)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:55 +00:00
Thiruvadi Rajaraman
c4339c0e74 curl: Security fix for CVE-2016-8624 
Affected versions: curl 7.1 to and including 7.50.3
Not affected versions: curl >= 7.51.0

(From OE-Core rev: 26e464767ab53cb78e4ede10c77fe12907a7daad)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
5affd0af1f curl: Security fix for CVE-2016-8617 
Affected versions: curl 7.1 to and including 7.50.3
Not affected versions: curl >= 7.51.0

(From OE-Core rev: 3b73976716ee71a8040221f22c5fbda79512a958)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
b0827cbb4b curl: Security fix for CVE-2016-8623 
Affected versions: curl 7.10.7 to and including 7.50.3
Not affected versions: curl < 7.10.7 and curl >= 7.51.0

(From OE-Core rev: 2da99dc9f7f3d8373cc3108c18300723ad4a243a)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
d8353bdb23 curl: Security fix for CVE-2016-8621 
Affected versions: curl 7.12.2 to and including 7.50.3
Not affected versions: curl < 7.12.2 and curl >= 7.51.0

(From OE-Core rev: d664a1372c3322093038fc8443026e3499e977ec)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
00c963cfa3 curl: Security fix for CVE-2016-8620 
Affected versions: curl 7.34.0 to and including 7.50.3
Not affected versions: curl < 7.34.0 and curl >= 7.51.0

(From OE-Core rev: daeb0f5369f7c9ff470c9db3ba6ae42ac5abea2c)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
5d93f6b23b curl: Security fix for CVE-2016-8619 
Affected versions: curl 7.3 to and including 7.50.3
Not affected versions: curl < 7.3 and curl >= 7.51.0

(From OE-Core rev: 3b97fc78d9cfee6586f3d55f04f20f72fd1af8dd)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
b29b1bc1d7 curl: Security fix for CVE-2016-8618 
Affected versions: curl 7.1 to and including 7.50.3
Not affected versions: curl >= 7.51.0

(From OE-Core rev: 1fc1c9a11eee2f5ba727b18300a92949b166b035)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Thiruvadi Rajaraman
c8ebaaaf8d curl: Security fix for CVE-2016-8615 
Affected versions: curl 7.1 to and including 7.50.3
Not affected versions: curl >= 7.51.0

(From OE-Core rev: b754be84206b454789fbd6d444d00a4e422cb3e9)

Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
a5cbc746fa tiff: Security fix for CVE-2017-7593 
(From OE-Core rev: ff3904dec584daf627c267bf639d69aca13a1227)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
c505c12a07 tiff: Security fix for CVE-2017-7602 
(From OE-Core rev: 12325a8ebb5cab1837a6f6092eaa623a1a784eb6)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
9e658d2462 tiff: Security fix for CVE-2017-7601 
(From OE-Core rev: ade8551d6a6810e87e83af72ea217aeca55c65c4)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
e963d34b7f tiff: Security fix for CVE-2017-7598 
(From OE-Core rev: 7e367796d4bf97e299ee966b120f924de0f2bb04)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
3c0fab47bc tiff: Security fix for CVE-2017-7596 
(From OE-Core rev: 94daee02cad9930d4ada648fd4bfdb63510643c0)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
dc293a78fc tiff: Security fix for CVE-2017-7595 
(From OE-Core rev: 6536bfecb13b06765fdf6cb6fd70ce64f9077b8e)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:54 +00:00
Rajkumar Veer
f8db77f490 tiff: Security fix for CVE-2017-7594 
(From OE-Core rev: 7bdb52d06a46ad659fc85db1992f9c6ab2fcf065)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
8192fe8abe tiff: Security fix for CVE-2017-7592 
(From OE-Core rev: 75e953388fa1973cdbd0897894a3e5398de16a10)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
de7d5146bc tiff: Security fix for CVE-2016-10270 
(From OE-Core rev: eeb7197d85435ec73be8b77accc0feea7e1536bb)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
dcb2fc9d7c tiff: Security fix for CVE-2016-10269 
(From OE-Core rev: 46504a224a9f33f1f8752bbcd51a285d19920524)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
7b108a757b tiff: Security fix CVE-2016-10267 
(From OE-Core rev: 87aebc2b02131d2fce0621faf399916c4789c293)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
1ca6c2afe8 tiff: Security fix CVE-2016-10266 
(From OE-Core rev: 3a604aa5cb0d35a9df10a5b958eb4a871de76c26)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
60d8855b3e tiff: Security fix CVE-2016-10268 
(From OE-Core rev: 24b62c84102116e6531babc68d8d2fb33e3f2d5c)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
776791238d tiff: Secruity fix CVE-2016-10093 
(From OE-Core rev: 6e39b24d003fb4e702097a01142fcfe2861593dd)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Rajkumar Veer
bef8d0ed39 tiff: Security fix for CVE-2016-10271 
(From OE-Core rev: 8fb9a143e93de5a2de4b7d5fe2712c29d7ca4263)

Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Yi Zhao
9b6e00b7d7 tiff: Security fixes 
Fix CVE-2017-9147, CVE-2017-9936, CVE-2017-10668, CVE-2017-11335

References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9147
https://nvd.nist.gov/vuln/detail/CVE-2017-9936
https://nvd.nist.gov/vuln/detail/CVE-2017-10668
https://nvd.nist.gov/vuln/detail/CVE-2017-11335

Patches from:
CVE-2017-9147:
4d4fa0b68a
CVE-2017-9936:
fe8d716595
CVE-2017-10688:
6173a57d39
CVE-2017-11355:
69bfeec247

(From OE-Core rev: 5c89539edb17d01ffe82a1b2e7d092816003ecf3)

(From OE-Core rev: eaf72d105bed54e332e2e5c0c5c0a0087ecd91dd)

(From OE-Core rev: dc7573cd330d1fc2e4bd50c1ba171906e1d5d5c0)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

minor fixes to get to apply

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Li Zhou
b35a4b34dd libtiff: Security Advisory - libtiff - CVE-2017-5225 
Libtiff is vulnerable to a heap buffer overflow in the tools/tiffcp
resulting in DoS or code execution via a crafted BitsPerSample value.

Porting patch from <https://github.com/vadz/libtiff/commit/
5c080298d59efa53264d7248bbe3a04660db6ef7> to solve CVE-2017-5225.

(From OE-Core rev: 434990304bdfb70441b399ff8998dbe3fe1b1e1f)

(From OE-Core rev: d26ea3b9b698fcb059aaa34c2408e3b95ca4f31d)

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Joshua Lock
0d44dbdaa8 ruby: fix build of ruby-native with gcc7 
Marsalling is broken when ruby-2.2.x is built with gcc7, backport the change
fix  in Ruby SVN r57410 to apply to ruby 2.2.5:

https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=57410

Fixes [YOCTO #12271]

(From OE-Core rev: b9de98cdc816904583970369848181c2c79f1dc5)

Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-21 14:43:53 +00:00
Scott Rifenbark
1b231d7b06 documentation: Updated Doc set to 2.2.3 
Poky.ent - variables changed
<manual>.xml - Updated manual revision table
mega-manual.sed - updated 2.2.2 to 2.2.3

(From yocto-docs rev: 4566d401f58f4532b71747c8fe8a486d1091a371)

Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-12 06:51:03 +00:00
Andre Rosa
6da3e0a0ab bitbake: Replace deprecated git branch parameter "--set-upstream" 
Since 2017-08-17 (git version 2.14.1.473.g3ec7d702a) using deprecated
git branch parameter "--set-upstream" causes a fetcher error. Replace
it by "--set-upstream-to".

https://git.kernel.org/pub/scm/git/git.git/commit/?id=52668846ea2d41ffbd87cda7cb8e492dea9f2c4d
says, it's deprecated since 2012-08-30 so hopefully all still supported
host distributions have new enough git to support "--set-upstream-to".

ERROR: PACKAGE do_unpack: Fetcher failure: ...;
git -c core.fsyncobjectfiles=0 branch --set-upstream master origin/master failed with exit code 128, output:
fatal: the '--set-upstream' option is no longer supported. Please use '--track' or '--set-upstream-to' instead.

ERROR: PACKAGE do_unpack: Function failed: base_do_unpack

(Bitbake rev: 991b533f1d61042a7b3edd1fbf3dea0bf9991606)

Signed-off-by: Andre Rosa <andre.rosa@lge.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-11-07 13:38:57 +00:00
Ross Burton
1d92cb1a20 wpa_supplicant: fix WPA2 key replay security bug 
WPA2 is vulnerable to replay attacks which result in unauthenticated users
having access to the network.

* CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake

* CVE-2017-13078: reinstallation of the group key in the Four-way handshake

* CVE-2017-13079: reinstallation of the integrity group key in the Four-way
handshake

* CVE-2017-13080: reinstallation of the group key in the Group Key handshake

* CVE-2017-13081: reinstallation of the integrity group key in the Group Key
handshake

* CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation
Request and reinstalling the pairwise key while processing it

* CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS)
PeerKey (TPK) key in the TDLS handshake

* CVE-2017-13087: reinstallation of the group key (GTK) when processing a
Wireless Network Management (WNM) Sleep Mode Response frame

* CVE-2017-13088: reinstallation of the integrity group key (IGTK) when
processing a Wireless Network Management (WNM) Sleep Mode Response frame

Backport patches from upstream to resolve these CVEs.

(From OE-Core rev: c79b479ab4b129007c6679bb0bdd8e2ec7ecb6ad)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-16 23:47:06 +01:00
Armin Kuster
577c91d706 linux-yotoc/4.1: update to 4.1.43 plus CVE-2017-1000251 
(From meta-yocto rev: 95560bdc6414069ad2679f366fbf3a9946815d72)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:32:38 +01:00
Maxin B. John
21daf5cdc3 hostap-utils: use w1.fi for SRC_URI 
epitest.fi is down and hostap-utils source is now available in
w1.fi. So, move SRC_URI to https://w1.fi

Since hostap-utils is only meant for old Intersil Prism2/2.5/3 wifi cards,
this recipe will be removed from oe-core in future (most likely to
meta-handheld)

[YOCTO #12051]

(From OE-Core rev: 541b14c58132e8460a762617889bd5e3d736c1a4)

(From OE-Core rev: 0bc03289b775fefcb7f03e5463c79e4f96cd0b12)

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:32:38 +01:00
Armin Kuster
46a8c07a84 linux-yotoc/4.8: update to 4.8.25 plus CVE-2017-1000251 
(From meta-yocto rev: 3a7bbdd637481afd6da47a4084c2dc7cac5836f4)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:30:53 +01:00
Armin Kuster
640b9c6080 linux-yotoc/4.4: update to 4.4.87 plus CVE-2017-1000251 
(From meta-yocto rev: d642307afcc35f1ba01af5e5c3acd0848c93090b)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:30:53 +01:00
Ross Burton
49ace39866 diffstat: use HTTP mirror for SRC_URI 
The Invisible Mirror FTP service is currently down, and FTP is horrible, so
switch to the HTTP mirror.

(From OE-Core rev: f31461f8ea11e82dbe14454a1149d9ec2120404d)

(From OE-Core rev: 4839f039036f3d72f9ef114a37500f9b498101df)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:30:53 +01:00
Alexander Kanavin
9be3cc6eaa v86d: take tarball from debian 
Gentoo is removing the package due to dead upstream;
Debian might carry it for a while longer.

(From OE-Core rev: 5026730a2f0701ebad4ddf57990b1ae3b484ae72)

(From OE-Core rev: ac16b6d3a734de2e2ea3e491d23817774a3e57f6)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:30:53 +01:00
Armin Kuster
09c7d32f2d libpng: lsb version 1.2.56 url fix 
The mirrors are not working so remove them. Simplify the SRC_URI as the archive in only in the older-releases dir.

(From OE-Core rev: 889cc3404255e9ba920909e90fbf3ab846a5d97a)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:27:40 +01:00
Ross Burton
068c1a2c22 libpng: use SourceForge mirror 
The Gentoo mirror also deletes old versions when they're not used, so revert
back to the canonical SourceForge site, adding /older-releases/ to MIRRORS to
handle new releases moving the version we want.

Original idea by Maxin B. John <maxin.john@intel.com>.

(From OE-Core rev: 791a3493c88c9c249f21f6d893b2061e1d8a0af6)

(From OE-Core rev: 16af873638830477a435574f1fedc643af2e2661)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Hand applied to work with morty version

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:27:40 +01:00
Leonardo Sandoval
6ba57ee8b8 sign_rpm.bbclass: force rpm serial signing 
Newer versions of gpg (at least 2.1.5 and 2.2.1) have issues when signing occurs in parallel
so (unfortunately) the signing must be done serially. Once the upstream problem is fixed,
this patch must be reverted, otherwise we loose all the intrinsic parallelism from
bitbake.

[YOCTO #12022]

(From OE-Core rev: 3aced3783b808449cd50f12684c061151861a1a5)

Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:27:39 +01:00
Leonardo Sandoval
913b20f799 selftest/cases/signing: ignore removal errors when cleaning temporary gpg directory 
The high-level method tempfile.TemporaryDirectory give us no way to
ignore erros on removal thus use tempfile.mkdtemp instead. Ignoring possible issues
on removal is neccesary because it contains gpg sockets that are automatically removed
by the system once the process terminates, otherwise the following log is observed:

  ..
  ..
  File "/usr/lib/python3.5/shutil.py", line 436, in _rmtree_safe_fd
    os.unlink(name, dir_fd=topfd)
  FileNotFoundError: [Errno 2] No such file or directory: 'S.gpg-agent.browser'

[YOCTO #11821]

(From OE-Core rev: e7f139c5d97a3871215c88c5bfc07ecf4e8fd7f3)

Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:27:39 +01:00
Armin Kuster
a0e04be746 lunux-yocto/4.8: update to 4.8.25 plus bluetooth: CVE-2017-1000251 
(From OE-Core rev: fdb9c64f225eaf94c9087dfac52ed6a7779b0744)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:27:39 +01:00
Armin Kuster
ec31268aea linux-yocto/4.4: update to 4.4.87 plus bluetooth: CVE-2017-1000251 
(From OE-Core rev: aadd6461cfd2d296df79efc253b7edbbe80f40f0)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:27:39 +01:00
Armin Kuster
0582ea3d8e linux-yocto/4.1: update to 4.1.43 plus bluetooth CVE-2017-1000251 
(From OE-Core rev: 2653a523a936a4055fe06418cbe258d82de3e718)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:27:39 +01:00
Bruce Ashfield
08e0475d89 linux-yocto/4.1: fix gcc7 compilation and v4.1.39 
Porting the mainline commit, to fix gcc7 builds:

  474c90156c [give up on gcc ilog2() constant optimizations]

We also integrate the 4.1.39 -stable update to pick up additional
fixes.

(From OE-Core rev: 774e0d3f429d383c55e9f54ab095f13694e1d8e6)

(From OE-Core rev: 7c816700d6f49c0e8fec142912738f36a7b1eb8c)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit f0effea8716faae749a7d15003647d68fa0cabf7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-10-10 17:27:39 +01:00