CVE-2015-7545 git: arbitrary code execution via crafted URLs
(From OE-Core rev: 0c4bdd61acbc1fa1b9bfb167d8eaf90c8bccc25c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Already in Jethro, not needed in master due to shipping a version of git
which is already fixes (> 2.6.1)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There are some unfreed rpmmi pointers in printDepList()
function; this happens when the package have null as
the requirement.
This patch fixes these unfreed pointers and add small
changes to keep consistency with some variables.
[YOCTO #8028]
(From OE-Core master rev: da7aa183f94adc1d0fff5bb81e827c584f9938ec)
(From OE-Core rev: 8821b0443b4b39b3bd4f41800a6fc809197fda82)
Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When compiling meta-toolchain-qt5 on cortexa8, the compiler throws an
internal compiler error:
...
qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:
In function 'bool loadPO(Translator&, QIODevice&, ConversionData&)':
qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:717:1:
internal compiler error: in add_stores, at var-tracking.c:6000
...
Tracking this down led to https://bugs.linaro.org/show_bug.cgi?id=534
It seems the bug is well know and fixed upstream. So backporting from
trunk seems to be the right solution. This fixes the compiler problem
on cortexa8 and does not seem to be very invasive. The original commit
can be found at:
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@212178 138bc75d-0d04-0410-961f-82ee72b054a4
(From OE-Core master rev: 6751ef78694783fb86e55c77afefae750ab1b610)
(From OE-Core rev: 91a001fc74dd13ea9e5249aa624ad360ce807349)
Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport patches to fix CVE-2015-4103, CVE-2015-4104, CVE-2015-4105 and
CVE-2015-4106. These patches are from debian, but they are originally
from:
http://git.qemu.org/?p=qemu.git;a=shortlog;h=c25bbf1
(From OE-Core master rev: 496b3ffba6755bb76709c88cf81399c9d23f830a)
(From OE-Core rev: 29746e78ca000f4464c8e0a1da55c77e02c651e4)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Refresh the following patches to apply cleanly to our qemu-2.2.0:
07-xen-pt-split-out-calculation-of-throughable-mask-CVE-2015-4106.patch
10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch
Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Opkg's configure script doesn't use the value from --sysconfdir to determine
the location of the conf file, it uses the value from --with-opkgetcdir
(From OE-Core rev: d32f7f86b5d2b48222bdaada2697cd5e23cfe1c9)
(From OE-Core rev: dcda6e1e7b95f13dc4a9bb136e6a31c46c76ea9e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Default behavior of opkg was to use ${OPKGLIBDIR}/opkg/lists;
but in our recipe we modify it to ${OPKGLIBDIR}/opkg/${OPKGLIBDIR}/opkg/,
when appending package-management to IMAGE_FEATURES these lists are
populated during build time (using the default directory),
but since our config was different these populated lists were never used at runtime,
this patch solves this inconsistency by using default behavior for both build time and runtime.
[YOCTO #6966]
(From OE-Core rev: a71b29ffc514892ca394fc8de275294b910586f0)
(From OE-Core rev: f49fc4fc5c5f150dad9807d92239ada885bca5fd)
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Bootchartd needs the command lsb_release and pidof to run, pidof maybe
provided by sysvinit or procpus;
To native bootchart2, only pybootchartgui is used, and which is not needed
both pidof and lsb_release
(From OE-Core rev: d0d641bf8cbf96d7c30dfcbdf2572d2709b56858)
(From OE-Core rev: a8f64210776ee2399d25c6249b4deb715938c4f9)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
They managed to 'break' tar. Again. Sorry, they fixed a regression
which broke dpkg-deb.
The addition of:
http://git.savannah.gnu.org/cgit/tar.git/commit/?id=163e96a0e619a900eab6de827c7c5749ecc9d3f2
("Bugfix: entries read from the -T file did not get proper matching_flag.")
means that the no-recursion option gets lost. This leads to many files getting included
multiple times, along with files which shouldn't be there.
The commit message is horrendous. The patch actually makes the option positional
(as documnted since 2003) and therefore doesn't affect the input from the -T option.
Moving the --no-reursion option to earlier in the command avoids the bug.
The bug was not present in tar 1.28 however it has been backported in at least
Fedora 22 and heading into Fedora 21.
Redhat reports of issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1230762 [tar]
https://bugzilla.redhat.com/show_bug.cgi?id=1241508 [dpkg]
Discussion of bug in upstream tar:
http://www.mail-archive.com/bug-tar@gnu.org/msg04799.html
[YOCTO #7988]
(From OE-Core rev: 6be698b7270f73f40d38713ecf13f12aec0ced61)
(From OE-Core rev: 1c916ddebc3009d3817359144b02745c3ecbd5c4)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
use static storage class instead of extern for inline functions
and remove duplicate definitions as a result
Change-Id: I72e8c5f19dff656c18f719d1e9e2ca697c9a856f
(From OE-Core rev: 1a9d92b9891c06ede91af05d516a429e1f81777d)
(From OE-Core rev: efada40a7a785446f9c46aa8a7d0e1c7407376e9)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With python enabled, gdb refuses to start without core
python modules:
| Could not find platform independent libraries <prefix>
| Could not find platform dependent libraries <exec_prefix>
| Consider setting $PYTHONHOME to <prefix>[:<exec_prefix>]
| ImportError: No module named site
It also complains if python-codecs is missing.
(From OE-Core rev: 646adb4d90030970f6e2136f65b51b3c8b0c9d5c)
(From OE-Core rev: c1c2c9c7f20b289928c94beb7adfe03f03c4b64e)
Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This patch is needed for certain cpus and has been accepted into upstream
(From OE-Core rev: 3371b42a4ac5becb063157f1b258918601211ebf)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
see https://gcc.gnu.org/gcc-5/porting_to.html
we need to stop the preprocessor from generating the #line directives
or we run into issues like
| checking for apr_int64_t Python/C API format string...
| configure: error: failed to recognize APR_INT64_T_FMT on this platform
| Configure failed. The contents of all config.log files follows to aid
debugging
| ERROR: oe_runconf failed
Rightly subversion should be fixed but lets leave that to subversion
folks
Change-Id: I02a89798ff949f79967ab0a73adcddaa4218662d
(From OE-Core rev: 7793b1c425077ed6ed11a9bc2a8b1b96612b1c96)
(From OE-Core rev: a240d28492f05c22198dd4b20c11c0d510f0c897)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
When cross compiling for arm targets ctypes compilation fails because
it uses _sysconfigdata from the HOST, this patches makes it use the
one from TARGET fixing compilation of this module
[YOCTO #7873]
(From OE-Core rev: a676ee838aae1ac05fa6542d1b0791d61ff9f05f)
Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Jonas Göransson <jonas.goransson@qmatic.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The print statement should capture the output and send it to the script
processing engine, and not display it directly to the screen.
Note, this is only a bug if 'lua' support has been enabled in the RPM
recipe's PACKAGECONFIG.
This patch is from: http://rpm5.org/cvs/patchset?cn=17671
(From OE-Core rev: 6bc0e8207d0e7b1d6f2eac8ed1b75a3fd9fab87b)
(From OE-Core rev: 7d4230b7eb7aa09087a6267dd6e686f713ac6f72)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Building both 32-bit and 64-bit binaries in valgrind at a time would
lead to following QA issue as below,
(snip)
ERROR: QA Issue: Architecture did not match (62 to 3) on ${WORKDIR}/valgrind/3.10.1-r0/packages-split/valgrind-dbg/usr/lib64/valgrind/.debug/vgpreload_exp-sgcheck-x86-linux.so
ERROR: QA Issue: Architecture did not match (62 to 3) on ${WORKDIR}/valgrind/3.10.1-r0/packages-split/valgrind-dbg/usr/lib64/valgrind/.debug/getoff-x86-linux
ERROR: QA Issue: Architecture did not match (62 to 3) on ${WORKDIR}/valgrind/3.10.1-r0/packages-split/valgrind-dbg/usr/lib64/valgrind/.debug/vgpreload_core-x86-linux.so
ERROR: QA Issue: Architecture did not match (62 to 3) on ${WORKDIR}/valgrind/3.10.1-r0/packages-split/valgrind-dbg/usr/lib64/valgrind/.debug/vgpreload_memcheck-x86-linux.so
-- CUT --
hence perform only one type of build 32-bit or 64-bit, but not both.
(From OE-Core rev: 53afa26655d0b5f75ef2dd6bccef76281a14655c)
(From OE-Core rev: cc79ca38c6f8af4f47fb1e466a836bc8764cd938)
Signed-off-by: Krishnanjanappa, Jagadeesh <jagadeesh.krishnanjanappa@caviumnetworks.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cherry pick upstream commit to fix -Werror=logical-not-parentheses error
when building with native gcc5.
(From OE-Core rev: b3bd0dba3139a3e79bfcebe137248c7bdcadf04d)
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Yocto #7453]
Corrects the original commit for the patch that removed ARM ptest CFLAGS
settings. Since the flags could be set by a user, the flags should
be kept in place during compilation. By keeping the original up-stream
CFLAGS for the tests, then additional tests successfully compile
for all tested ARM tunings.
However, there were still two tests listed below that did not compile
for any beaglebone tuning that is valid for valgrind. With the updated
patch, the set of excluded ARM ptests and their respective build
failures are:
intdiv - fails for all beaglebone tunings with 2 errors:
{standard input}:(40 or 41): Error: selected processor does not
support Thumb mode `udiv r3,r9,r10'
{standard input}:(72 or 73): Error: selected processor does not
support Thumb mode `sdiv r3,r9,r10'
vcvt_fixed_float_VFP - fails for all beaglebone tunings in one of
two ways:
with neon tuning (-mfpu=neon) fails with Internal Compiler Error
without neon tuning fails with 3 errors:
{standard input}:33: Error: selected FPU does not support
instruction -- `vcvt.f32.s32 s15,s15,#1'
{standard input}:58: Error: selected FPU does not support
instruction -- `vcvt.f32.s32 s15,s15,#32'
{standard input}:136: Error: selected FPU does not support
instruction -- `vcvt.f32.u32 s15,s15,#1'
After applying this commit, the valgrind ARM ptests compile without
errors for tunings:
armv7[t][hf][b][-neon] cortexa8[t][hf][-neon]
where the tuning [option] was successfully compiled, both with
and without the 'option', and in combination with all other options.
(From OE-Core rev: 2fb0edcb47a14e47780d545f60885b36e71fca71)
(From OE-Core rev: 132886498816f6407416196fd5ccf8d1b8c589ab)
Signed-off-by: Dave Lerner <dave.lerner@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed when build on armv7a_vfp_neon:
Python-3.3.3/Modules/_struct.o: relocation R_ARM_MOVW_ABS_NC against `a local symbol' can not be used when making a shared object; recompile with -fPIC
All the archs should use -fPIC when build shared object for linux.
(From OE-Core rev: 60c1f76f65060cbea458b06f9719a2536f50474e)
(From OE-Core rev: d9c3d3036da6f36d1f494987aa854d0c76968a27)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* install populate-extfs.sh from contrib, be aware that in order
to use it you need to set DEBUGFS shell variable, otherwise it will
try to use debugfs from relative path which is almost always
incorrect:
CONTRIB_DIR=$(dirname $(readlink -f $0))
DEBUGFS="$CONTRIB_DIR/../debugfs/debugfs"
(From OE-Core rev: 525b7b587a00466e4322450c171d920b47201e56)
(From OE-Core rev: 32e847f6988eb488dad23badf1cabae92ef803df)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Directory traversal vulnerability in the read_long_names function in
libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers
to write to arbitrary files to the root directory via a / (slash) in a
crafted archive, as demonstrated using the ar program.
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447
(From OE-Core rev: 4a65944b89a76f18c8ff6e148f17508882d387cf)
(From OE-Core rev: 5eda84a62201461b9c69498ec35585d2c8142dec)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The patch fixes a warning seen with gcc 4.8 (especially on ubuntu 13.10)
(From OE-Core rev: c577a52b252ccbad9a8dde79c6a4a4f23376d9d8)
(From OE-Core rev: 1878cadb02aa01a58f6985d2b7a9268df4f381a6)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It is aready in the source.
(From OE-Core rev: 99f9df3add049ec18dbcd604646a67dc59b3db16)
(From OE-Core rev: 6c1b44872d9cd09ad46fd9d2cc3555f9cd3a55e6)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Removed:
- unbreak-assumptions.diff
This patch changs the dir to /non-existant-dir, the source code has
changed the dir to /deadir, so it is not needed any more.
- trycompile.diff
There is no try_compile or try_run in numpy/core/setup.py any more, so
assumed that it is not needed.
(From OE-Core rev: 56aac948ca9686d79a2c56f4f034f8de445ff37b)
(From OE-Core rev: 7f0d86dd43a10a981aa2ad8acde66fe345fe4096)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink
attack on a file in the synchronization path.
Backport Complain-if-an-inc-recursive-path-is-not-right-for-i.patch to fix it
(From OE-Core master rev: f280b4f28231ea5a416266ae022d6e4c4ea91117)
(From OE-Core rev: a42af2e434c01c04af36d6ed7a7a5480a7a255a5)
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream added aarch64 support but forgot to update 'make dist' leading to missing files in the tarball.
(From OE-Core master rev: a40309f284805e8cda024f7299a676cfdf8f97a5)
(From OE-Core rev: fd11110b7d63fce6a1f7a26f123ae7a8ddee3175)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The original uclibc-support.patch is not compatible with elfutils-0.161.
It should be corrected through adjusting context.
So regenerate a new patch for elfutils-0.161, rename the patch for
elfutils-0.148, and put them into respective directories.
(From OE-Core master rev: 64acb72e7ec63528073d8290137fe74d3382f876)
(From OE-Core rev: d4924543c265ca497d4c419d4571cf1f8ef31d09)
Signed-off-by: Junling Zheng <zhengjunling@huawei.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Cross-compling dpkg application for armeb fails with below error
during configure task,
(snip)
configure:23141: checking dpkg cpu type
configure:23148: result: armeb
configure:23150: WARNING: armeb not found in cputable
configure:23162: checking dpkg operating system type
configure:23169: result: linux-gnueabi
configure:23171: WARNING: linux-gnueabi not found in ostable
configure:23183: checking dpkg architecture name
configure:23189: error: cannot determine host dpkg architecture
-- CUT --
Add the required combination of "gnueabi-linux-armeb" entry in
triplet list.
(From OE-Core master rev: 63eb33bced1fc1e5451988fc5249ab362fb82615)
(From OE-Core rev: 0c83ca720ccfbef6964ac34fedfefa9006c484c4)
Signed-off-by: Krishnanjanappa, Jagadeesh <jagadeesh.krishnanjanappa@caviumnetworks.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changes in python 2.7.9 from 2.7.3 cause issues when building the in
tree libffi for ctypes. These issues primarily affect less common
platforms (e.g. MicroBlaze) that are supported by libffi but the python
overrides for the in tree libffi are not able to detect correctly.
This patch changes the python 2.7.9 recipe to match how the python 3
recipe handles libffi by configuring the build to use the system
libffi. This brings consistency between the libffi used for different
python versions as well as with the system.
(From OE-Core master rev: 4302cc20dbe0f0490a5e7b62baeb632322c40200)
(From OE-Core rev: 9f7b0133b63d315703d0c44e877ae81d4a9a1692)
Signed-off-by: Nathan Rossi <nathan.rossi@xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix perl runtime issue:
* Can't locate overloading.pm in @INC (you may need to install the
overloading module ...) at /usr/lib64/perl/5.20.0/overload.pm line 83.
(From OE-Core master rev: 3dec9ad1cd6ad1236950b0100f6327df7a0bf7db)
(From OE-Core rev: cecac1d52143e34b6e1142e38a1c874188dd74e9)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
