mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-11 17:59:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,350 Commits 38 Branches 621 Tags
8eeacb689b934c989a1cfad882559cd2d5c5f901
Commit Graph

4376 Commits

Author SHA1 Message Date
Armin Kuster
8eeacb689b Binutils: Security fix for CVE-2018-10535 
Affects: <= 2.30

(From OE-Core rev: 5fc41ff3341074497a1359969baf880d8035826b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
5a60b74887 Binutils: Security fix for CVE-2018-10534 
Affects: <= 2.30

(From OE-Core rev: 7934bbc460009f52824e142273f2ecce957fc123)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
711e5e7b08 Binutils: Security fix for CVE-2018-10373 
Affects: <= 2.30

(From OE-Core rev: bea11092ddf2e6778bd55af1f2044a9e9fa1383b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
2d7d54a5c5 Binutils: Security fix for CVE-2018-10372 
Affects: <= 2.30

(From OE-Core rev: 8d254fe04992aed29a2c8ecbf99e91d0167449ce)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
e82b9a5096 binutils: Security fix for CVE-2017-17123 
Affects: <= 2.29.1

(From OE-Core rev: 520bc451e7727568ec7457ace7b1281493f9cbdc)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
e1a49c7e83 binutls: Security fix for CVE-2017-17125 
Affects: <= 2.29.1

(From OE-Core rev: 7e5cf6ef776465101f18daf22f283c87423c7d20)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
e6fdc8959b binutls: Security fix for CVE-2017-17122 
Affects: <= 2.29.1

(From OE-Core rev: 86c54c4770ce207575e29c589732c74e68d9ff3c)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
4e970e6409 Binutils: Security fix for CVE-2017-17121 
Affects: <= 2.29.1

(From OE-Core rev: 942e7f65fd656f2cc526a3c99edcea60f341132c)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
ad4d04429a binutls: Security fix for CVE-2017-17080 
Affects: <= 2.29.1

(From OE-Core rev: 238a0a40a7835226dd25134e88f830683f60dac3)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
1abb9cc58e binutls: Security fix for CVE-2017-16832 
Affects: <= 2.29.1

(From OE-Core rev: ec8861a2f280a3210f9423fd1b687bca6340b8ca)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
d40d4bf86f binutls: Security fix for CVE-2017-16831 
Affects: <= 2.29.1

(From OE-Core rev: ab9e8161a3b89914d8664175a684675bc99d6f21)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
7d51055f44 binutls: Security fix for CVE-2017-16830 
Affects: <= 2.29.1

(From OE-Core rev: 29c6da2092599145e5a4f00ccc6029f31ec724da)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
2720b93220 binutls: Security fix for CVE-2017-16829 
Affects: <= 2.29.1

(From OE-Core rev: 7dc47bc3f3d66aea3b8bbc2fb6fb9bbb7d2dc0a0)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
3a47233ad7 binutls: Security fix for CVE-2017-16828 
Affects: <= 2.29.1

(From OE-Core rev: 98e5e27514a19d31038aec22408e27b84514c5b8)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
8073f5664b binutls: Security fix for CVE-2017-16827 
Affects: <= 2.29.1

(From OE-Core rev: 9fa2d818018420f3c9afc30012267e6a46fe1d09)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
aa7d33713c binutls: Security fix for CVE-2017-16826 
Affects: <= 2.29.1

(From OE-Core rev: acac226dd46a0e27da51db75197f57dd45254502)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
d85be1b736 binutls: Security fix for CVE-2017-15996 
Affects: <= 2.29.1

(From OE-Core rev: ee5ad659a9f2ea1714e3ae51ca1948f165fb21d3)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
f0be43144f binutls: Security fix for CVE-2017-15939 
affects: <= 2.29.1

(From OE-Core rev: dec0162e16040aa00c5fff3e5cfde1b488af3e55)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
e4c382ecc6 binutls: Security fix for CVE-2017-15225 
Affects: <= 2.29.1

(From OE-Core rev: 885e991934e5e20ac69551e73da9d3219eb4c24e)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
09d31d0806 binutls: Security fix for CVE-2017-15025 
Affects: <= 2.29.1

(From OE-Core rev: b3cc9eedf3a64d4c0914b2eaf204fe38a864d238)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
8011a1aed9 binutls: Security fix for CVE-2017-15024 
Affects: <= 2.29.1

(From OE-Core rev: 349b3cfb39c76304e351481899de9f72e4f1295b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
9e7dc232e7 binutls: Security fix for CVE-2017-15023 
affects: <= 2.29.1

(From OE-Core rev: 755fd4e68af4cdafc482c02b7822cc06215da4fb)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
00a04d8d8b binutls: Security fix for CVE-2017-15022 
Affected: <= 2.29.1

(From OE-Core rev: c19aa7eafd38639095b415efc16dba3777507d70)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
fb5416e874 binutls: Security fix for CVE-2017-15021 
Affects: <= 2.29.1

(From OE-Core rev: 65411acb41a2461aab2904fea2d348d2a06e48e0)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
bc0ca9fb89 binutils: Security fix for CVE-2017-14940 
Affects: <= 2.29.1

(From OE-Core rev: 59deda9b709640030bc0199e34e39fa07cfcca69)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
bc5c5f19b6 binutls: Security fix for CVE-2017-14939 
Affects: <= 2.29.1

(From OE-Core rev: 03fb0028d76d18bac48b333f743ce27e21324d59)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
b38088da6a binutls: Security fix for CVE-2017-14938 
Affects: <= 2.29.1

(From OE-Core rev: 45de3690367c8e0adf443a2f2630ecf8791789d6)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
6e01f78994 binutls: Security fix CVE-2017-14934 
Affects: <= 2.29.1

(From OE-Core rev: b7715d4782cf956c198eaa6b43a6bf11fe8ece7c)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
9be7b4f3db binutls: Security fix CVE-2017-14933 
Affects: <= 2.29.1

(From OE-Core rev: 16cdbc7504cc14547bb99ed742484ae9e658ec6e)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Armin Kuster
4ad8bd4a60 binutls: Security fix CVE-2017-14932 
(From OE-Core rev: 56d6acf145cc7550377588ca3c654d6f86143dfe)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Armin Kuster
701eecc7d3 binutils: Secuirty fix CVE-2017-14930 
affects <= 2.29.1

(From OE-Core rev: 47c3add5dcc7a29d4647da2c0ad86d756323aa8f)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Armin Kuster
1ce31b2a81 binutils: Security fix CVE-2017-12967 
affects: <= 2.29.1

[v2]
Fix patch header typo
Rename 2017-12967 to 2017-17124

(From OE-Core rev: 732f051ff9b0103774d670d8c4971315cbb83a68)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Armin Kuster
407c64a876 binutils: Update to tip of 2.29 branch 
mostly bug fixes

(From OE-Core rev: dc9b9d2e1fc8353d187a14deee576fcda52442c2)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Ross Burton
fc34a24e48 chrpath: Alioth is dead, use DEBIAN_MIRROR 
The previous host of chrpath, Alioth, is dead.  chrpath hasn't yet moved to
Salsa, so download the tarball from the Debian mirrors.

(From OE-Core rev: a8a2c5ec891286a1e7fd5ebdd33565f9ae3965c2)

(From OE-Core rev: 8310ff1730a1d814f63de5e313605b0094c7931c)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-07-19 10:54:55 +01:00
Juro Bystricky
f4372765f3 distcc-doc_3.2: improve reproducibility 
Remove timestamps from metadata of gzip compressed files.

(From OE-Core rev: 8d009dd8c3c56601905a156cb06f339dd4a298e6)

(From OE-Core rev: 6c20c550a82aed9e8fa312f09888c8f16250159c)

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-06-15 17:56:52 +01:00
Hongxu Jia
fe958e8864 perl: fix CVE-2017-12837 
https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5

(From OE-Core rev: bd53256e165f5bb59a28d77a466d71fce39080fa)

(From OE-Core rev: d3a785ea11caffe2537fd83f2b9d13f1b64adab9)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-06-15 17:56:52 +01:00
Armin Kuster
3befe6d7b7 ruby: Update to 2.4.4 
The dot releases are maint only.

2.4.4 included:
CVE-2017-17742: HTTP response splitting in WEBrick
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
CVE-2018-8777: DoS by large request in WEBrick
CVE-2018-8778: Buffer under-read in String#unpack
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir

2.4.3 includes:
CVE-2017-17405: Command injection vulnerability in Net::FTP

(From OE-Core rev: 7003a36ef3f686af97798ff6f4bc7b3473f937de)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-07 15:57:37 +01:00
Andre McCurdy
41943e4fba ruby: fix typo in gmp PACKAGECONFIG option 
(From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761)

(From OE-Core rev: 02fe324eb6913b27961e8e30c5510c89733dd011)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-07 15:57:37 +01:00
Ross Burton
f75993bc22 ruby: remove spurious db build dependency 
The dbm module uses gdbm by default which is also a build dependency.

(From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9)

(From OE-Core rev: f18fe9f116bd6697ded5d93eeccdfea7c3215d7b)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-07 15:57:37 +01:00
Leonardo Sandoval
d9a5006a73 ruby: upgrade to 2.4.2 
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.

    commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
    Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
    Date:   Wed Apr 12 00:21:18 2017 +0000

        Merge json-2.0.4.

          * https://github.com/flori/json/releases/tag/v2.0.4
          * 09fabeb03e/CHANGES.md (2017-03-23-204)

        git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

(From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438)

(From OE-Core rev: 59fed1c288bc8d5549fffccedcc24ae9f4f32dac)

Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-07 15:57:37 +01:00
Armin Kuster
701cc0009f perl: Security fix CVE-2017-12883 
Affects: Perl  < 5.24.3-rc1 and  5.26.x before 5.26.1-RC1

(From OE-Core rev: d20917f3ce9ac45fb9562d1cabf7ddc212b1d07a)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:49 +01:00
Charles-Antoine Couret
0d0ca4211e perl: add patch to solve libcrypt incompatibility 
Add Perl's patch submitted to upstream to be compiled along with glibc with libcrypt split.

(From OE-Core rev: 79703d83790a2973fefdb0e12e125b5f17e98cdf)

(From OE-Core rev: 53eef48621b19a1b88c042f9ee5eeb84d9746c64)

Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@essensium.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:49 +01:00
Yi Zhao
54b9f0da14 rsync: update to 3.1.3 
(From OE-Core rev: ded47001bec3fbbcbcdbe358a32c14ed0322d431)

Updating is safer than backporting the CVE fixes.
Included CVE:
CVE-2017-16548
CVE-2017-15994
CVE-2017-17434
CVE-2017-17434
CVE-2018-5764

plus many bugfixes

(From OE-Core rev: 3f244c68defd45d89107ff58a95c8d4462faeaed)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:49 +01:00
Richard Purdie
c9a58aa355 uninative: Add allow-shlib-undefined to BUILD_LDFLAGS and drop other workarounds 
We have a problem when for example, a glibc 2.27 based system builds some
library like libpopt-native and puts it into sstate then it is reused
on a pre glibc-2.27 system to build something which depends on popt like
rpm-native. This results in an error like:

recipe-sysroot-native/usr/lib/libpopt.so: undefined reference to `glob@GLIBC_2.27'

In the past we've had this problem with new symbols like getrandom and
getentropy, here its with a more complex symbol where there is an old
version and a newer version.

We've looked into various options, basically we cannot link against our
uninative libc/ld.so since we don't have the right headers or compiler
link libraries. The compiler doesn't allow you to switch in a new set
either, even if we did want to ship them. Shipping a complete compiler,
dev headers and libs also isn't an option.

On the other hand if we follow the ld man page, it does say:

"""
The reasons for allowing undefined symbol references in shared libraries
specified at link time are that:

- A shared library specified at link time may not be the same as the one
  that is available at load time, so the symbol might actually be
  resolvable at load time.
"""

which is exactly this case. By the time the binary runs, it will use
our uninative loader and libc and the symbol will be available.

Therefore we basically have a choice, we get weird intermittent bugs,
we drop uninative entirely, or we pass this option.

If we pass the option, we can drop the other workarounds too.

(From OE-Core rev: 75a62ede393bf6b4972390ef5290d50add19341a)

(From OE-Core rev: d18bf7fa8e80d6cfaf3fdbe1ab06eec84b954432)

(From OE-Core rev: 4545f5436a5a106154680825ecb1cb60437faa91)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Clean up for Rocko context]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:49 +01:00
Jackie Huang
95f831745c patch: fix CVE-2018-1000156 
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156

* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566

* Fix arbitrary command execution in ed-style patches:
  - src/pch.c (do_ed_script): Write ed script to a temporary file instead
    of piping it to ed: this will cause ed to abort on invalid commands
    instead of rejecting them and carrying on.
  - tests/ed-style: New test case.
  - tests/Makefile.am (TESTS): Add test case.

(From OE-Core rev: 6b6ae212837a07aaefd2b675b5b527fbce2a4270)

(From OE-Core rev: 413c54e0698589b17976e88fa7ab76e5dbac51aa)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:49 +01:00
Jackie Huang
4240011020 patch: fix CVE-2018-6951 
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951

* upstream tracking: http://savannah.gnu.org/bugs/?53132

* Fix segfault with mangled rename patch
  - src/pch.c (intuit_diff_type): Ensure that two filenames are specified
    for renames and copies (fix the existing check).

(From OE-Core rev: cdf74e1c67698b2d44a7460ff7d365d6da7b7b96)

(From OE-Core rev: e628af83e8d00ed3e3db318b323a9f5e48d35aae)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:49 +01:00
Huang Qiyu
85eaada5ec patch:2.7.5 -> 2.7.6 
Upgrade patch from 2.7.5 to 2.7.6.

(From OE-Core rev: e5dcd58e5b2ef0b8e2bbe90e9bb1cede4e76bf75)

(From OE-Core rev: 6ecaabfff944773a09096a9ce293842c7c00b3a1)

Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:48 +01:00
Armin Kuster
228aa9815c distcc: Change SRC_URI 
ERROR: distcc-3.2-r0 do_fetch: Fetcher failure: Unable to find revision d8b18df3e9dcbe4f092bed565835d3975e99432c in branch 3.2 even from upstream
ERROR: distcc-3.2-r0 do_fetch: Fetcher failure for URL: 'git://github.com/distcc/distcc.git;branch=3.2'. Unable to fetch URL from any source.
ERROR: distcc-3.2-r0 do_fetch: Function failed: base_do_fetch

[v2]
upstream deleted the branch and the hash no longer exists.

Took the git snapshot from yocto and created a copy on my github.
There was no offical 3.2 release, only rc versions.

(From OE-Core rev: 22d30ed7c847b6ee4fdccb96fa9a3ce3d1491967)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-03-26 15:07:12 +01:00
Tanu Kaskinen
7c99bd7189 e2fsprogs: fix compatibility with glibc 2.27 
glibc 2.27 added function copy_file_range(), and e2fsprogs happens to
have a different function with the same name. The conflict made
e2fsprogs-native build fail.

Here's a backport of a fix from upstream, the fix was released in
e2fsprogs 1.43.8.

The master branch doesn't need this fix, since it has new enough
e2fsprogs version. At least rocko, pyro and morty need this, I haven't
checked older stable branches. Apparently the problematic function was
introduced in e2fsprogs version 1.43.

(From OE-Core rev: 0dbe43e520be5e60e3a98fc0e46358bb291b0c13)

Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-03-26 15:07:12 +01:00
Zhang Xiao
e22a534bae valgrind: Fix multilib header conflict - valgrind/config.h 
Header file conflict between 32-bit and 64-bit versions.

(From OE-Core rev: 6084879306db61c347b6f01f3bb64de327a9052d)

(From OE-Core rev: 1c2213fe1ac082288f366e4578d7a6e84410d820)

Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-03-26 15:07:11 +01:00