Fix for no-ssl3 configuration option
This patch is a backport from OpenSSL_1.0.1j.
(From OE-Core rev: 97e7b7a96178cf32411309f3e9e3e3b138d2050b)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix for session tickets memory leak.
This patch is a backport from OpenSSL_1.0.1j.
(From OE-Core rev: 420a8dc7b84b03a9c0a56280132e15b6c9a8b4df)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix for SRTP Memory Leak
This patch is a backport from OpenSSL_1.0.1j.
(From OE-Core rev: 6c19ca0d5aa6094aa2cfede821d63c008951cfb7)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
OpenSSL_1.0.1 SSLV3 POODLE VULNERABILITY (CVE-2014-3566)
This patch is a backport from OpenSSL_1.0.1j.
(From OE-Core rev: 47633059a8556c03c0eaff2dd310af87d33e2b28)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This variable now needs to have the form
"&YOCTO_HOME_URL;/downloads/core/&DISTRO_NAME;&DISTRO_COMPRESSED;"
The old form was causing the release team to have to hand-redirect
the three links in the YP manuals that resolve to the release notes.
(From yocto-docs rev: 312790be8f7ff8089213f14cf2d7765dc43f5977)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a followup patch to incomplete CVE-2014-6271 fix code execution via
specially-crafted environment
This patch changes the encoding bash uses for exported functions to avoid
clashes with shell variables and to avoid depending only on an environment
variable's contents to determine whether or not to interpret it as a shell
function.
(From OE-Core daisy rev: 6c51cc96d03df26d1c10867633e7a10dfbec7c45)
(From OE-Core rev: af1f65b57dbfcaf5fc7c254dce80ac55f3a632cb)
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bash_4.2 recipe was missed when the fix was backported to the dora
branch.
Patch from OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc
by Khem Raj <raj.khem@gmail.com>
(From OE-Core rev: a71680ec6e12c17159336dc34d904cb70155d0d7)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bash_4.2 recipe was missed when the fix was backported to the dora
branch.
Patch based on the one from OE-Core master rev
798d833c9d4bd9ab287fa86b85b4d5f128170ed3 by Ross Burton
<ross.burton@intel.com>, with the content replaced from the
appropriate upstream patch.
(From OE-Core rev: 74d45affd5cda2e388d42db3322b4a0d5aff07e8)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment
Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
(From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc)
(From OE-Core rev: 1c8f43767c7d78872d38652ea808f30ea825bbef)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE-2014-6271 aka ShellShock.
"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."
(From OE-Core master rev: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3)
(From OE-Core rev: 05eecceb4d2a5821cd0ca0164610e9e6d68bb22c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
With a release of YP, there are certain steps you need to take
to the documentation set to prepare it for development of the
next release in the branch. This commit takes care of those
steps in preparation for the YP 1.5.4 release:
1. Updated all manuals that have a manual revision history
table so that they have a new "TBD" entry for the 1.5.4
release.
2. Updated the poky.ent file so that the appropriate variables
support the 1.5.4 work.
3. Updated the mega-manual.sed file to replace the 1.5.3
strings with 1.5.4 so that all links in the manual are
self-contained and properly processed.
(From yocto-docs rev: ffb3175cb6cf5859a7bb134af4c9f49e9e350c30)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* backported from 4.8.2, so daisy isn't affected
(From OE-Core rev: 3aba676cb5d81ceaee85ca87d9ae706242f3454b)
Signed-off-by: Martin Jansa <martin.jansa@lge.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Patches explain the issue in detail but this is exposed
with gcc 4.9 in binutils 2.23.2
(From OE-Core rev: fc5c467b680fc5aef4b0f689e6988e17a9322ae0)
(From OE-Core rev: 4dfb8847ebf8aab90ad8888933468e2899c96998)
(From OE-Core rev: af347d3298e15552d502d5b2ce497bbda9705bc7)
(From OE-Core rev: 07a7228392ec5157616888cee1eb119f4adb39a7)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We want to encourage installation of the buildtools tarball for
getting the most up-to-date packages on this build host.
(From yocto-docs rev: 92dbc6e90dffaefc4a91bab81532d24de0d631cc)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These updates are to the wic section. I have updated the syntax
and some requirements for running and using wic. The original
information was never reviewed before appearing in only the 1.5.2
verison of the dev-manual.
(From yocto-docs rev: 66c755f2753c52bdb304281d2109c2c253941d35)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
`debugfs' treats spaces and "" specially. So when we are dealing with
file names, great care should be taken to make sure that `debugfs'
recognizes file names correctly.
The basic solution here is:
1. Use quotation marks to handle spaces correctly.
2. Replace "xxx" with ""xxx"" so that debugfs knows that the quotation
marks are parts of the file name.
[YOCTO #6503]
(From OE-Core rev: 24f17607e996c499c8f86eda0588d02af1e960b9)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Scenario:
a) libtool script is built on system with bash as /bin/sh
b) machine B installs sstate from build a)
c) machine B has dash as /bin/sh
In this scenario, the script fails to work properly since its expecting
/bin/sh to have bash like syntax and it no longer does have it.
This patch forces the configure process to use /bin/bash, not /bin/sh
and hence allows the scripts to work correctly when used from sstate.
(From OE-Core rev: 24d5b449e5f4d91119f0d8e13c457618811aadfc)
(From OE-Core rev: 330c3085317a0b0981163ff5c41c54596e0d127d)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* some fundamental perf commands can work
without the dependency on perl, python or bash
make them separate packages and RSUGGEST them
* bump PR
The patch was sponsored by sysmocom
(From OE-Core rev: a6f79561f7a2f6bc354d5ea8d84b836ac5c9b08f)
Signed-off-by: Henning Heinold <henning@itconsulting-heinold.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* TUI/GUI support was added in 2.6.35 based on libnewt
* since 3.10 slang replaced libnewt completly
* changing TUI_DEFINES is not necessary, because NO_NEWT is
still respected with newer kernels
* add comment about the gui history to the recipe
The patch was sponsored by sysmocom
(From OE-Core rev: 104e317f1fe68244d31c72897df2e5c997ff502a)
Signed-off-by: Henning Heinold <henning@itconsulting-heinold.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fix the use of command dirname on ubuntu 12.04.
dirname does not accept space in file name.
(From OE-Core rev: ab6bd289d51c3c44862b43241a99d3e4f3ff13c0)
Signed-off-by: Stéphane Cerveau <scerveau@connected-labs.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The SHA we use it actually on cross_prelink branch
if you do not use yocto source mirrors then the fetch
for prelink on dora fails due to missing branch in SRC_URI
(From OE-Core rev: 13b57cab7cdd2bf967622ec5015478dc56938b8b)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[YOCTO #6309]
It appears a logic issue has caused rpm -V to no longer
verify the files on the filesystem match what was installed.
(From OE-Core master rev: 117862cd0eebf6887c2ea6cc353432caee2653aa)
(From OE-Core rev: 9f9bcad51381887819d58ffdde2e41307d342473)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
console-kit-log-system-start.service fails to to start if the
/var/log/ConsoleKit directory does not exist. Normally it is created
automatically but as we mount a tmpfs at /var/log, we need to add
a tmpfiles.d entry to create it.
(From OE-Core master rev: 2a9a14bf400fe0c263c58aa85b02aba7311b1328)
(From OE-Core rev: 305da37a4dc0fba2b8f3219cfae47a1d4228f244)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Previously, even if we encounter some error when populating the
ext filesystem, we don't error out and the rootfs process still
succeeds.
However, what's really expected is that the populate-extfs.sh script
should error out if something wrong happens when using `debugfs' to
generate the ext filesystem. For example, if there's not enough block
in the filesystem, and allocating a block for some file fails, the
failure should not be ignored. Otherwise, we will have a successful
build but a corrupted filesystem.
The debugfs returns 0 as long as the command is valid. That is, even
if the command fails, the debugfs still returns 0. That's really a
pain here. That's why this patch checks the error output to see whether
there's any error logged.
(From OE-Core rev: 468d3e60ee10348578f78f846e87c02359fdb8bf)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There was a patch trying to fix this problem by using 'dirname', but it
caused some build failures, thus got reverted.
The problem is that $DIR might be empty and we should first do the check
before trying to use $(dirname $DIR).
[YOCTO #5712]
(From OE-Core rev: 8277c71747758e2ba0815a6f5cd11c9e0c9c90ce)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I had the actual title of the manual as displayed in the section
heading for Chapter One wrong.
(From yocto-docs rev: e61b251da0d8225f7497b2b7a0a8c8d1510a429b)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Found a link in the dev-manual that had a hard return splitting
the link across two lines. The mega-manual.sed file cannot process
those links so it ignores them.
(From yocto-docs rev: fabd8d47b4a5ce1e108ad282d9903e3b1daa5f3d)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Found a very subtle problem with the search string that processes
links to the Yocto Project Profiling and Tracing Manual where the
links go to the top-level (i.e. no ID tag in the link).
I had the name of the manual as "Yocto Project Profile and
Tracing Manual", which means there would never be a match.
Consequently, when the Makefile called the mega-manual.sed file
to process the links in mega-manual.html, any top-level link
to that manual was not processed and was being left as a hard
link to the versioned manual. Processing a top-link should
convert it to a non-link (for now).
(From yocto-docs rev: 38c7971abe19293657f0170ecd8dc28c1047859b)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Conflicts:
documentation/tools/mega-manual.sed
Had to clean up some conflicts to get the cherry-pick
to work. It seems the line for the profile manual was
not even in this sed file. Also, had to reset the
1.4.4 strings to 1.5.3.
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Added a new entry to support the 1.5.3 release. Using July 2014
as the release month and year.
(From yocto-docs rev: fcd6046b8b2a5606e77d14cffa0bd2eebbe1748a)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It seems that 585324fee380109acd9986388f857f413a60b896 is no
longer there in git and it has been rewritten to
ffc3ad4945da69f3caa2b40e4eed715a9a8d9526
Change-Id: I9ffe8bd9bcef0d2dc5e6f6d3a6e4317bada8f4be
(master rev: b193c7f251542aa76cb5a4d6dcb71d15b27005eb)
(From OE-Core rev: b7371b49b4b83c2e864126480b65363fe9f2cfd2)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Doyle <wpdster@gmail.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
SSL/TLS MITM vulnerability (CVE-2014-0224)
An attacker using a carefully crafted handshake can force the use of weak
keying material in OpenSSL SSL/TLS clients and servers. This can be exploited
by a Man-in-the-middle (MITM) attack where the attacker can decrypt and
modify traffic from the attacked client and server.
The attack can only be performed between a vulnerable client *and*
server. OpenSSL clients are vulnerable in all versions of OpenSSL. Servers
are only known to be vulnerable in OpenSSL 1.0.1 and 1.0.2-beta1. Users
of OpenSSL servers earlier than 1.0.1 are advised to upgrade as a precaution.
(Patch borrowed from Fedora.)
(From OE-Core rev: f19dbbc864b12b0f87248d3199296b41a0dcd5b0)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
http://www.openssl.org/news/secadv_20140605.txt
DTLS recursion flaw (CVE-2014-0221)
By sending an invalid DTLS handshake to an OpenSSL DTLS client the code
can be made to recurse eventually crashing in a DoS attack.
Only applications using OpenSSL as a DTLS client are affected.
(Patch borrowed from Fedora.)
(From OE-Core rev: 6506f8993c84b966642ef857bb15cf96eada32e8)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
