Having 'lsof' as a +s (setuid) binary could lead to security issues if
a compromise in the binary is found. It is better that it be -s by
default as a precaution.
(From OE-Core rev: 346c65dd6855106069d1861ca965d3121eb084d1)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This vulnerability is also called "rpcbomb".
Backport upstream patch to fix this vulnerability.
CVE: CVE-2017-8779
(From OE-Core rev: 7936c9451eb4c376a78a0ac7461d1b2430c7f1f3)
Signed-off-by: Fan Xin<fan.xin@jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
NIS functionality has been split out into independent
library from glibc
(From OE-Core rev: b73de31cbf58efb303006125f8cd22f130e21d8c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Re-introduce the patch that was deemed to be not needed
but it infact is still needed with musl
(From OE-Core rev: 3ba88c72e84c8c2a142b990b7547aa221f564d82)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The following warning occurs when building with meta-zephyr
with MACHINE set to arduino-101-sss:
WARNING: /srv/sdc/builds/11319/meta/recipes-extended/ghostscript/ghostscript_9.20.bb: Unable to get checksum for ghostscript SRC_URI entry objarch.h: file could not be found
This is due to the the TARGET_ARCH = "arc" for meta-zephyr is not
supported by ghostscript and causing bitbake unable to locate the
correct config file during recipe parse.
Adding checker in the recipe to raise an exception if the target
architecture is "arc". This would then only display an error if
someone specifically tries to build the recipe:
ERROR: ghostscript was skipped: incompatible with host arc-yocto-elf (not in COMPATIBLE_HOST)
[YOCTO #11344]
(From OE-Core rev: 720a7230b92d734106d5340a426270dd4e921e8e)
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
They have not been ported to Python 3, and they are for
browsing Amazon s3+ and Commodore 64/128 emulator filesystems -
hardly consequential.
(From OE-Core rev: f41a7b81a1957669e80e21e57df27d8cbc5cdbb8)
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1) Upgrade libarchive from 3.2.2 to 3.3.1.
2) Fix an unknown-configure-option "--without-lzmadec" when do_configure.
3) Delete three patches, since they are integrated upstream.
0001-archive_write_disk_posix.c-make-_fsobj-functions-mor.patch
0002-Fix-extracting-hardlinks-over-symlinks.patch
non-recursive-extract-and-list.patch
(From OE-Core rev: b5a5ca83670f93879048758d0637ea0f0a3866ac)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
A vulnerability was found in a way bash expands the $HOSTNAME.
Injecting the hostname with malicious code would cause it to run
each time bash expanded \h in the prompt string.
Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/
bash43-047> to solve CVE-2016-0634
CVE: CVE-2016-0634
(From OE-Core rev: 7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb)
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1)Upgrade byacc from 20161202 to 20170201.
2)License checksum changed,since the copyright years were updated.
(From OE-Core rev: f859b95c0d3dce36c6d39f5aba414a27f855a18d)
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use memset() API instead of __bzero()
Drop the patch removing des_* functions for musl
(From OE-Core rev: 2be873301420ec6ca2c70d899b7c49a7e2b0954d)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace a local patch for format warning with the one
that got committed upstream
(From OE-Core rev: 0f3e67a5d9bcd304fef0618f62f48fcf087d30c7)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We were carrying patches which are no longer
needed when building rpcbind for musl
(From OE-Core rev: 56b3b440fa139c8f132b2b71dc6b8eb0ee974e7a)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
After change to the rpm4, the rpm packages in lsbtest, such as:
lsb-setup-4.1.0-1.noarch.rpm
lsb-dist-checker-5.0.0.1-1.x86_64.rpm
......
lsb-cmdchk-5.0.3-1.x86_64.rpm
When install above rpm packages, the error log appears:
package lsb-setup-4.1.0-1.noarch is intended for a different operating system
......
So we should add option "--ignoreos" to the rpm install command in LSB_Test.sh
in ./meta/recipes-extended/lsb/lsbtest directory. In this way we can make sure
the correct installation of those rpm packages.
The YOCTO bug #11224 didn't create logs, this is because the above test rpm
packages didn't install.
[YOCTO #11224]
(From OE-Core rev: db2798d967dbffed834070b52fe778efa18cb4ae)
Signed-off-by: Dengke Du <dengke.du@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sadly this breaks previous OE releases as it means the source mirror contains a
tarball with the same name but different checksums as was previously available.
This reverts commit 99c6e89db1.
(From OE-Core rev: eb4fee616287ae731f7af52e0fe5fc81f2eea2c0)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The previous patch added a check but incorrectly
change the elif to if, then it always return 0
for cpuid if the machine is not __i386__
getcpu01 1 TFAIL : getcpu01.c:140: getcpu() returned wrong value expected cpuid:7, returned value cpuid: 0
After this fix:
getcpu01 1 TPASS : getcpu() returned proper cpuid:7, node id:0
(From OE-Core rev: ca798705b3b8fa9b2f6467970e9bda9d9433986c)
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed when len(TMPDIR) = 410:
aclocal: error: cannot open echo 'm4_define [snip]' configure.ac |: Argument list too long'
This is becuase it has a lot of m4 files, use relative path for them
can fix the problem.
(From OE-Core rev: 081974e75cc0cfa0a1a1bb01cd9f9cbc585b7692)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream has removed the 1.14.1 release from ftp.gnu.org and
moved to the latest 1.14.2. Since we don't want to upgrade at
this point of time, temporarily move the SRC_URI to yoctoproject
mirror.
(From OE-Core rev: a2f1026b3d8c9f9810cb4389a8a93fabb04e15a4)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fedorahosted.org was retired on March 1st, 2017. This is to
update the SRC_URI to point to github.com.
Update the ${PN} to ${BPN} in order to pass the autobuilder
mulitlib enable configuration.
[YOCTO #11226]
(From OE-Core rev: 73a358bdef99771b493fefb5114a936138cb78ce)
Signed-off-by: Choong YinThong <yin.thong.choong@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The shebang's max length is usually 128 as defined in
/usr/include/linux/binfmts.h:
#define BINPRM_BUF_SIZE 128
There would be errors when @PERL@ (hostools/perl) is longer than 128,
use '/usr/bin/env perl' can fix the problem, but '/usr/bin/env perl -w'
doesn't work:
/usr/bin/env: perl -w: No such file or directory
So replace "perl -w" with "use warnings" to make it work.
(From OE-Core rev: 85decf26fe580acdf072baf561418bf73b7bfca4)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The shebang's max length is usually 128 as defined in
/usr/include/linux/binfmts.h:
#define BINPRM_BUF_SIZE 128
There would be errors when @PERL@ (hostools/perl) is longer than 128,
use '/usr/bin/env perl' can fix the problem, but '/usr/bin/env perl -w'
doesn't work:
/usr/bin/env: perl -w: No such file or directory
So replace "perl -w" with "use warnings" to make it work.
(From OE-Core rev: f3408bcf9d2710b07f5825683931e28571de130c)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The configuration change was already done for -native but
we really want it when USE_NLS is set.
Fixes [YOCTO #11285].
(From OE-Core rev: 95d6910bb5d9331adb7a693fcb4f7b1271c68cc6)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fedorahosted.org was retired on March 1st, 2017. This is to update
the SRC_URI to point to github.com.
[YOCTO #11226]
(From OE-Core rev: 0fb5427937576fe46d463b9c9953d0bcdc1f256a)
Signed-off-by: Choong YinThong <yin.thong.choong@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fedorahosted.org was retired on March 1st, 2017. This is to
update the SRC_URI to point to github.com.
[YOCTO #11226]
(From OE-Core rev: b0703175ed650d89870309e4065cda917199ac93)
Signed-off-by: Choong YinThong <yin.thong.choong@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fedorahosted.org was retired on March 1st, 2017. This is to
update the SRC_URI to point to pagure.io. pagure.io is a
replacement for fedorahosted.
[YOCTO #11226]
(From OE-Core rev: b85905bc8b845c9da7d2a086ea239ec00d5142e3)
Signed-off-by: Choong YinThong <yin.thong.choong@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fedorahosted.org was retired on March 1st, 2017. This is to
update the SRC_URI to point to pagure.io. pagure.io is a
replacement for fedorahosted.
[YOCTO #11226]
(From OE-Core rev: bbe3cde5fc2102fd84ba065ed14f2732bcd0d420)
Signed-off-by: Choong YinThong <yin.thong.choong@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There were two remaining cases that could end up creating /lib64
rather than ${base_prefix}/lib64. The difference matters when building
with usrmerge.
(From OE-Core rev: b791f13286c8c58ce1f3fa3745ffdd5bd5ff1d02)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
