mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-02-16 05:33:03 +01:00

Author	SHA1	Message	Date
Armin Kuster	db99f58eea	bind: Security fix CVE-2015-8704 CVE-2015-8704 bind: specific APL data could trigger an INSIST in apl_42.c (From OE-Core rev: 600c1d2beb64e23123e478051537b917f5d4a8a7) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:06 +00:00
Armin Kuster	092903a2ef	libxml2: Security fix CVE-2015-8710 CVE-2015-8710 libxml2: out-of-bounds memory access when parsing an unclosed HTML comment (From OE-Core rev: 03d481070ebc6f9af799aec5d038871f9c73901c) (From OE-Core rev: d5db25213613cb862255047c0e995fd5489d9765) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:06 +00:00
Armin Kuster	c2f4fe8d0c	libxml2: Security fix CVE-2015-8241 CVE-2015-8241 libxml2: Buffer overread with XML parser in xmlNextChar (From OE-Core rev: f3c19a39cdec435f26a7f46a3432231ba4daa19c) (From OE-Core rev: 428878a67fd723908af74c4881e933969f2928a7) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:05 +00:00
Paul Eggleton	ce70f38442	tzdata: reinstate changes reverted in 2014c upgrade OE-Core commit 57af3fb9662106f0a65a1b4edf83e2398be0a8f1 upgraded tzdata but also reverted a couple of changes to SUMMARY and LIC_FILES_CHKSUM. Reinstate these (with an update to the README md5 value since that has changed slightly, without any change to the licensing statements within). (From OE-Core rev: cea4f6b86129f84a99700207777929bf7e811ed6) (From OE-Core rev: 37069c7511603f9fe33bcc48e38ac58ab89138f9) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:05 +00:00
Armin Kuster	f359ebd78d	tzdata: update to 2016a Changed LIC_CHKSUM_FILES to a new LICENSE file. Add BSD-3-clause to licenses Changes affecting future time stamps America/Cayman will not observe daylight saving this year after all. Revert our guess that it would. (Thanks to Matt Johnson.) Asia/Chita switches from +0800 to +0900 on 2016-03-27 at 02:00. (Thanks to Alexander Krivenyshev.) Asia/Tehran now has DST predictions for the year 2038 and later, to be March 21 00:00 to September 21 00:00. This is likely better than predicting no DST, albeit off by a day every now and then. Changes affecting past and future time stamps America/Metlakatla switched from PST all year to AKST/AKDT on 2015-11-01 at 02:00. (Thanks to Steffen Thorsen.) America/Santa_Isabel has been removed, and replaced with a backward compatibility link to America/Tijuana. Its contents were apparently based on a misreading of Mexican legislation. Changes affecting past time stamps Asia/Karachi's two transition times in 2002 were off by a minute. (Thanks to Matt Johnson.) (From OE-Core rev: 790315dbd2dcb5b2024948ef412f32d2788cb6b5) (From OE-Core rev: 6ebd2689f72b725c1ca493eae77d5a41386ee901) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 39e231cfabda8d75906c935d2a01f37df6121b84) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:05 +00:00
Armin Kuster	5ddc177fdf	tzcode: update to 2016a Change LIC_CHKSUM_FILES to License. Some files are BSD clause 3 Changes affecting build procedure An installer can now combine leap seconds with use of the backzone file, e.g., with 'make PACKRATDATA=backzone REDO=posix_right zones'. The old 'make posix_packrat' rule is now marked as obsolescent. (Thanks to Ian Abbott for an initial implementation.) Changes affecting documentation and commentary A new file LICENSE makes it easier to see that the code and data are mostly public-domain. (Thanks to James Knight.) The three non-public-domain files now use the current (3-clause) BSD license instead of older versions of that license. tz-link.htm mentions the BDE library (thanks to Andrew Paprocki), CCTZ (thanks to Tim Parenti), TimeJones.com, and has a new section on editing tz source files (with a mention of Sublime zoneinfo, thanks to Gilmore Davidson). The Theory and asia files now mention the 2015 book "The Global Transformation of Time, 1870-1950", and cite a couple of reviews. The America/Chicago entry now documents the informal use of US central time in Fort Pierre, South Dakota. (Thanks to Rick McDermid, Matt Johnson, and Steve Jones.) (From OE-Core rev: 1ee9072e16d96f95d07ec5a1f63888ce4730d60e) (From OE-Core rev: 7d8a32361c45ab99c88bc65612327aa49cf3bd39) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit b7f292b84eea202fb13730c11452ac1957e41cf0) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:05 +00:00
Armin Kuster	3c686ae014	qemu: Security fix CVE-2015-7295 CVE-2015-7295 Qemu: net: virtio-net possible remote DoS (From OE-Core rev: 74771f8c41aaede0ddfb86983c6841bd1f1c1f0f) (From OE-Core rev: 3a7c84952d40f95b0f34bc35eef4490ecc8da07e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:05 +00:00
Armin Kuster	27aeaab726	qemu: Security fix CVE-2016-1568 CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands (From OE-Core rev: 166c19df8be28da255cc68032e2d11afc59d4197) (From OE-Core rev: c2361dd9bb663b00dd194cb7fdb0e07d7e1ab5e1) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:05 +00:00
Armin Kuster	94c26caff1	qemu: Security fix CVE-2015-8345 CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list (From OE-Core rev: 99ffcd66895e4ba064542a1797057e45ec4d3220) (From OE-Core rev: e51fc319b859f44be61822d93e0b72647a02f7c6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:05 +00:00
Armin Kuster	05f4812d15	qemu: Security fix CVE-2015-7512 CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mod (From OE-Core rev: e6e9be51f77c9531f49cebe0ca6b495c23cf022d) (From OE-Core rev: 90d2a8eb0853f506a457e9935f4354c71d2fc9c9) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:05 +00:00
Armin Kuster	caa104fd2a	qemu: Security fix CVE-2015-7504 CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in loopback mode (From OE-Core rev: b01b569d7d7e651a35fa38750462f13aeb64a2f3) (From OE-Core rev: 10752d6beb5520ec0fc83a7d0173e10144b11685) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Armin Kuster	73941fbc6a	qemu: Security fix CVE-2015-8504 CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception (From OE-Core rev: c622bdd7133d31d7fbefe87fb38187f0aea4b592) (From OE-Core rev: 38f102a9271896a49aa32aacf2c2be3a14f51493) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Wenzong Fan	4d3ce52194	subversion: fix CVE-2015-3187 The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path. Patch is from: http://subversion.apache.org/security/CVE-2015-3187-advisory.txt (From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2) (From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22) (From OE-Core rev: b45dcbadc1a51188ac6dead855e14a181a7bccd9) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Wenzong Fan	f0ecaf46bb	subversion: fix CVE-2015-3184 mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name. Patch is from: http://subversion.apache.org/security/CVE-2015-3184-advisory.txt (From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63) (From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f) (From OE-Core rev: e4a1caecc5ae6b8488ec8ed7d303296af99146c0) Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Armin Kuster	165fa6ce62	openssl: Security fix CVE-2016-0701 CVE-2016-0701 OpenSSL: DH small subgroups (From OE-Core rev: c5868a7cd0a28c5800dfa4be1c9d98d3de08cd12) (From OE-Core rev: 5e73d0e88c28ca1e948f5c463b9d9d1001251a42) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Armin Kuster	1098a7bc0c	openssl: Security fix CVE-2015-3197 CVE-2015-3197 OpenSSL: SSLv2 doesn't block disabled ciphers (From OE-Core rev: b387d9b8dff8e2c572ca14f9628ab8298347fd4f) (From OE-Core rev: c037cbdac6a0e871a60077703432c08be6d29677) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Armin Kuster	e6d734904d	glibc: CVE-2015-8776 it was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information. (From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee) (From OE-Core rev: 3527ba3be7cfdfd813f5ca495bc74db559a648cd) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Armin Kuster	b03994fe3b	glibc: CVE-2015-9761 A stack overflow vulnerability was found in nan* functions that could cause applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49) (From OE-Core rev: 6cb0465247195ec25ef1073e79997001380aa807) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:04 +00:00
Armin Kuster	ec05eebf8d	glibc: CVE-2015-8779 A stack overflow vulnerability in the catopen function was found, causing applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5) (From OE-Core rev: 2e1c8cab3bc7b70e2a05dca20cb5bcec4335f04d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:03 +00:00
Armin Kuster	7ff74d177c	glibc: CVE-2015-8777 The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. (From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252) (From OE-Core rev: 9cc998978bd67bc5569cc1478f4ddee40020b929) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-02-07 17:23:03 +00:00
Armin Kuster	9845a542a7	openssh: CVE-2016-077x this address two CVE's. CVE-2016-0777 and CVE-2016-0778 (From OE-Core rev: 1c05115a906499989d2159683195ed6d2cda75ba) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:30 +00:00
Hongxu Jia	368da33ee7	logrotate: do not move binary logrotate to /usr/bin In oe-core commit a46d3646a3e1781be4423b508ea63996b3cfca8a ... Author: Fahad Usman <fahad_usman@mentor.com> Date: Tue Aug 26 13:16:48 2014 +0500 logrotate: obey our flags Needed to quiet GNU_HASH warnings, and some minor fixes. ... it explicitly move logrotate to /usr/bin without any reason, which is against the original Linux location /usr/sbin. So partly revert the above commit which let logrotate be kept in the original place /usr/sbin. (From OE-Core rev: 88015d6d0a887969ae82b0888bf32659a6d225d3) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:30 +00:00
Armin Kuster	48d9e00913	libxml2: security fix CVE-2015-5312 (From OE-Core rev: 15d05f186fbe78774c933cf93f116af1a2a8e51a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:30 +00:00
Armin Kuster	436e204445	libxml2: security fix CVE-2015-8242 (From OE-Core rev: acbd71fe7d0571b78bbecb7464d99823411a7b22) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:29 +00:00
Armin Kuster	389549c0bb	libxml2: security fix CVE-2015-7500 includes a depend fix security issue CVE-2015-7500 (From OE-Core rev: 7d54f2f85dfcc3a56239abafd5eaefb9d7d25081) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:29 +00:00
Armin Kuster	88e28c86c5	libxml2: security fix CVE-2015-7499 includes: CVE-2015-7499-1 CVE-2015-7499-2 (From OE-Core rev: 3048fe24e4c5f83ad0971062a88592bcb6bf52bc) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:29 +00:00
Armin Kuster	6abe713244	libxml2: security fix CVE-2015-7497 (From OE-Core rev: 5b72983d1a6d5ad5e9a21d2673d57d1da2333ac6) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:29 +00:00
Armin Kuster	66740c3314	libxml2: security fix CVE-2015-7498 (From OE-Core rev: b3d6a714180199a5e0099e3d40b37c9bfa106eb1) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:29 +00:00
Armin Kuster	2390475894	libxml2: security fix CVE-2015-8035 (From OE-Core rev: 495eaf5039596ac0fab7684cfc867569710eb0f4) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:29 +00:00
Armin Kuster	663943a802	libxml2: security fix CVE-2015-7942 includes: CVE-2015-7942 CVE-2015-7942-2 (From OE-Core rev: 4ca806d70cf65a66daab85898bcf5d682bef43d3) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:29 +00:00
Armin Kuster	7aaf773d32	libxml2: security fix CVE-2015-8317 (From OE-Core rev: 34379b38919d535cd787bde4493fff61bd17f37a) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:29 +00:00
Armin Kuster	9d44210c74	libxml2: security fix CVE-2015-7941 includes: CVE-2015-7941-1 CVE-2015-7941-2 (From OE-Core rev: e06312c71209b2e1d19c7df1434e409ad96b58be) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:28 +00:00
Joshua Lock	d3ad918a71	libxml2: remove files for easier maintenance Drop a couple of CVE fixes for easy cherry-picking from jethro. The same fixes will be pack-ported from jethro in a following patch. (From OE-Core rev: 02fb45bada58f03c5571baf700934154e9fc57c2) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:28 +00:00
Armin Kuster	f9e5cc9e16	openssl: fix for CVE-2015-3195 (From OE-Core rev: 55d09d4e2dad9d1f80e50348d44177e47e6e33e1) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:28 +00:00
Armin Kuster	0ed23c1a0a	openssl: fix for CVE-2015-3194 (From OE-Core rev: edff5fc629c8f70191bd33c731084e8217780a38) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:28 +00:00
Armin Kuster	5c12661f8c	openssl: fix for CVE-2015-3193 (From OE-Core rev: ee47f6ca78d15ec56556d5c078bf20315af457b8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:28 +00:00
Martin Jansa	c7e2c072c2	texinfo: don't create dependency on INHERIT variable * we don't want the do_package signature depending on INHERIT variable * e.g. just adding the own-mirrors causes texinfo to rebuild: # bitbake-diffsigs BUILD/sstate-diff///texinfo/do_package.sig basehash changed from 015df2fd8e396cc1e15622dbac843301 to 9f1d06c4f238c70a99ccb6d8da348b6a Variable INHERIT value changed from ' rm_work blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' to ' rm_work own-mirrors blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' (From OE-Core rev: e6cae8ace890fc4322830731cb95bcc2680f4cfc) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-20 17:08:28 +00:00
Belal, Awais	c1162207c9	grub2: Fix CVE-2015-8370 http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2 (From OE-Core rev: 3f2701c102e4e5b95fc79a8d967f9c48f8232fc6) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:35 +00:00
Thomas PERROT	a690c381ab	openssl: fix SRC_URI Corrects the URI of the openssl's recipe from fido. The sources were moved to a new subdirectory. (From OE-Core rev: 685e861f085736a4b0bae09bab86c3d456ec84ae) Signed-off-by: Thomas Perrot <thomas.perrot@tupi.fr> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:35 +00:00
Sona Sarmadi	58f6a400d1	bind: CVE-2015-8000 Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. [YOCTO #8838] References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 (From OE-Core rev: 5e1c3942a02564904ee2b2e24004b9679d649b4e) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:34 +00:00
Stefan Müller-Klieser	152e4c11e6	gcc-4.9: backport from gcc trunk r212178 When compiling meta-toolchain-qt5 on cortexa8, the compiler throws an internal compiler error: ... qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp: In function 'bool loadPO(Translator&, QIODevice&, ConversionData&)': qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:717:1: internal compiler error: in add_stores, at var-tracking.c:6000 ... Tracking this down led to https://bugs.linaro.org/show_bug.cgi?id=534 It seems the bug is well know and fixed upstream. So backporting from trunk seems to be the right solution. This fixes the compiler problem on cortexa8 and does not seem to be very invasive. The original commit can be found at: git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@212178 138bc75d-0d04-0410-961f-82ee72b054a4 (From OE-Core master rev: 6751ef78694783fb86e55c77afefae750ab1b610) (From OE-Core rev: 91a001fc74dd13ea9e5249aa624ad360ce807349) Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:34 +00:00
Martin Jansa	2924348da7	feature-arm-thumb.inc: Fix ARMPKGSFX_THUMB value * my previous thumb related commit: commit 3e760031f91fb87c3e2f62b77a117eb41164f259 Author: Martin Jansa <martin.jansa@gmail.com> Date: Wed Feb 18 15:40:35 2015 +0100 feature-arm-thumb.inc: respect ARM_INSTRUCTION_SET when adding thumb suffix unfortunately removed conditional on "thumb" in TUNE_FEATURES, when setting ARMPKGSFX_THUMB * in case we have MACHINE without "thumb" in TUNE_FEATURES and distro setting ARM_INSTRUCTION_SET to "thumb" we end with: ARM_INSTRUCTION_SET="thumb" ARM_THUMB_OPT="thumb" ARM_M_OPT="thumb" # TUNE_CCARGS correctly not adding -mthumb TUNE_CCARGS=" -march=armv7-a -mthumb-interwork -mfloat-abi=softfp -mfpu=neon" # but ARMPKGSFX_THUMB and TUNE_PKGARCH including "t2": ARMPKGSFX_THUMB="t2" TUNE_PKGARCH="armv7at2-vfp-neon" # causing following error: Error, the PACKAGE_ARCHS variable does not contain TUNE_PKGARCH (armv7at2-vfp-neon). (From OE-Core master rev: 951200673af27538beaef647a33308b4f15d1fb0) (From OE-Core rev: 17b3112a3d6fc4c777429f8b5965206889c55cc3) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:34 +00:00
Mike Crowe	36ea7bd65f	allarch: Force TARGET_*FLAGS variable values TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may differ between MACHINEs. Since they are exported they affect task hashes even if unused which leads to multiple variants of allarch packages existing in sstate and bouncing in the sysroot when switching between MACHINEs. allarch packages shouldn't be using these variables anyway, so let's ensure they have a fixed value in order to avoid this problem. (Compare with 05a70ac30b37cab0952f1b9df501993a9dec70da and 14f4d016fef9d660da1e7e91aec4a0e807de59ab.) (From OE-Core master rev: d08fda21bfb7d264c238af0232a22cdd751f5150) (From OE-Core rev: 017b1992c7b9055f3a16e9c2e14535fe81dde6c8) Signed-off-by: Mike Crowe <mac@mcrowe.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:34 +00:00
Richard Purdie	619b1c6b7d	layer.conf: Add missing dependency for allarch package initramfs-framework Similiarly to the other previous changes, add a missing allarch package dependency for initramfs-framework on udev. (From OE-Core master rev: 00524d0c4449eb358dcf6c5a049a8f5371ddadee) (From OE-Core rev: c195dfac6fd248f65f00b9d5419ab132dbc1e6c9) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:34 +00:00
Richard Purdie	61f5562730	layer.conf: Add several allarch dependency exclusions These are dependencies that our allarch packages have in OE-Core that cause those allarch packages to rebuild every time MACHINE changes. With these changes, OE-Core allarch packages all have a common sstate signatures and no longer rebuild. (From OE-Core rev: 63bff90fa4fb4a95e8c79f9f8e5dd90ae1dfc69d) (From OE-Core master rev: 0b5e868d160faca041cda42b670066facd4db531) (From OE-Core rev: 4e69cfb612520f3413be3e2a075d943a9e7c8df1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:34 +00:00
Martin Jansa	7cbff59de8	linux-dtb.inc: drop unused DTB_NAME variable from do_install * this is causing do_install to depend on KERNEL_IMAGE_BASE_NAME which in some cases contains something like BUILD_NUMBER from CI, that caused do_install to be reexecuted every single time, which is very sad to be caused by unused variable. * jethro and newer don't need this change, because it's also fixed in commit 86b3f29f93e3f87903668ea317c6bd97be4cdf62 Author: Marek Vasut <marex@denx.de> Date: Thu May 14 14:31:11 2015 +0200 Subject: kernel: Build DTBs early (From OE-Core rev: d17abc45f1e1ba0a08c6e7411eda52a5140faea7) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:34 +00:00
Bhuvanchandra DV	cfd74b00e5	linux-firmware: rtl8192cx: Add latest available firmware Add latest available firmware binaries for RTL8192CX chipsets. These new firmwares have been released in 2012, have been used by the mainline kernel as preferred firmware since 3.13 and even backported to stable branches. (From OE-Core master rev: 2dc67b53d1b7c056bbbff2f90ad16ed214b57609) (From OE-Core rev: 89c6d043aa76c0e1eac694b92cdd95c6b02c9762) Signed-off-by: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:34 +00:00
Armin Kuster	01b93fb33d	libxml2: fix CVE-2015-7942 and CVE-2015-8035 CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections() CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled [YOCTO #8641] (From OE-Core master rev: 27de51f4ad21d9b896e7d48041e7cdf20c564a38) (From OE-Core rev: fdaf0f8f8b034f19639f66e1d30088bb9abfc68d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2016-01-15 13:14:34 +00:00
Elliot Smith	6e3eefb997	bitbake: toaster: Rework mimetype guessing to fix artifact downloads Artifact download links were broken because the function to get the mimetype for the artifact was incorrectly using the underlying mimetype library. The function was also attached to the build environment controller, which was unnecessary, as we only support local controllers anyway. Remove the mimetype getter on the build environment and use the one in the view code instead. This prevents the download error from occurring. (Backport of `dd957fe0f2` and `dd957fe0f2` from master to Yocto 1.8) [YOCTO #8472] (Bitbake rev: b09966906ef054834f0b465f0c5a2a937b4c4a4c) Signed-off-by: Elliot Smith <elliot.smith@intel.com> Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-12-18 13:52:00 +00:00
brian avery	aff2257e0b	toasterconf: remove master as a branch option from fido release Toaster isn't designed to be forward compatible. As such, a release cannot build releases newer then it. Particularly, "fido" cannot build "master", so we remove "master" from the list of supported releases in "fido" [YOCTO #8154] (From meta-yocto rev: e12c4cf27ccdf3f93035a8450b5ff62fe4fe9838) Signed-off-by: brian avery <avery.brian@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2015-12-08 13:28:14 +00:00

1 2 3 4 5 ...

33948 Commits