Age | Commit message (Collapse) | Author |
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
includes a depend fix security issue CVE-2015-7500
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
includes:
CVE-2015-7499-1
CVE-2015-7499-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
includes:
CVE-2015-7942
CVE-2015-7942-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
includes:
CVE-2015-7941-1
CVE-2015-7941-2
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
By mistake, the file initially had a wrong extension name, so changing to the
correct one.
(From meta-yocto master rev: 32c2278b8fe93429d4cfa097eefccd20157cd3b8)
(From meta-yocto rev: 4bc43893cc437e4278f7332b4486a196a7d0315d)
Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Changed the license statement to not be "non-commercial".
(From yocto-docs rev: 42124666b6ba2f5673807bdfc40624b79c5870de)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Applied this patch from Anibal to correct an earlier patch.
(From yocto-docs rev: 27df743fd55735addb9d2ab1164b07381908c98a)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Forgot to add these to the mega-manual figures folder so they
were not being found when the mega-manual was made. This is
an issue with the tarball for jethro but will be correct for
the HTML published versions in the jethro branch.
(From yocto-docs rev: e1c9ef040ea1540f6ba84a1b40c60394cd64443f)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Turns out this variable was accidentally incremented to "15.0.0"
during the release. I did this because of skipping the YP 1.9
release. The variable got wrapped into the tarball as the incorrect
"15.0.0". This could be issues for anyone starting with a set
of manuals generated from the tarball release. I updated the value
in the yocto-docs jethro branch and rebuilt the dev-manual where the
error was seven times. Also rebuilt the mega-manual. Both corrected
versions are available on the website under the 2.0 set of manuals.
(From yocto-docs rev: 90e9495baddae9fc5a0e79410e10eaaa72f86e76)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes [YOCTO #8696]
Turns out the 'dnf' command is not yet supported for CentOS
as it is for Fedora, I changed the 'dnf' command back to
'yum'. Also, there were some essential packages that needed
to be added to CentOS. Finally, there was a slight
inconsistency in the Fedora list of essential packages and the
ones for supporting Graphics. I had a redundant listing of
one of the packages. I took that out of the Graphics area and
left it only in the essentials area.
(From yocto-docs rev: b9f7bcd796d33e95a1e5da9c1af167ef8cfe9f1b)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Since 2.0 release KVM mode does not require VHOST
enablement and a new option was added to support the
old mode. Updated the list of runqemu command options.
(From yocto-docs rev: 2a0d7affc34ce6d018e81940106e6fe2848780ac)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From yocto-docs rev: ea20ff8361fe72c701b085ee82f0702ad66baa7d)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From yocto-docs rev: 863367fd38df2b2c80edba27b8483fda82c4e119)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added another link to Josh's porting guide.
(From yocto-docs rev: 12161bbbf75485589275b5d60ed84ed4849c5e3d)
Signed-off-by: Scott Rifenbark <srifenbark@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
bblayers.conf formatting
Make the following improvements to edit_bblayers_conf():
* Support ~ in BBLAYERS entries
* Handle where BBLAYERS items are added over multiple lines with +=
instead of one single long item
Also add some comments documenting the function arguments and return
values as well as a set of bitbake-selftest tests.
(This function is used by the bitbake-layers add, remove and
layerindex-fetch subcommands, as well as devtool when adding the
workspace layer).
(Bitbake master rev: e9a0858023c7671e30cc8ebb08496304b7f26b31)
(Bitbake rev: fca41cf073469493e9dada377fc42d4b084c45c9)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
If you tried to delete the variable on the first line passed to
edit_metadata() this failed because the logic for trimming extra blank
lines didn't expect the list to be empty at that point - fix that bad
assumption.
(Bitbake master rev: 8bce6fefdc5c046b916588962a2b429c0f648133)
(Bitbake rev: 3fbf3f8211183ecb18938f2fc9acaa400766d9f0)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rpcbind: Fix memory corruption in PMAP_CALLIT code
Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in
rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of
service (daemon crash) via crafted packets, involving a PMAP_CALLIT
code.
The patch comes from
<http://www.openwall.com/lists/oss-security/2015/09/18/7>, and it hasn't
been in rpcbind upstream yet.
(From OE-Core master rev: cc4f62f3627f3804907e8ff9c68d9321979df32b)
(From OE-Core rev: 224bcc2ead676600bcd9e290ed23d9b2ed2f481e)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
(From OE-Core master rev: 6da25614edcad30fdb4bea8ff47b81ff81cdaed2)
(From OE-Core rev: e1e277bf51c6f00268358f6bf8623261b1b9bc22)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
(From OE-Core master rev: 29eb921ed074d86fa8d5b205a313eb3177473a63)
(From OE-Core rev: 7af7a3e692a6cd0d92768024efe32bfa7d83bc8f)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add latest available firmware binaries for RTL8192CX chipsets.
These new firmwares have been released in 2012, have been used
by the mainline kernel as preferred firmware since 3.13 and
even backported to stable branches.
(master rev: 2dc67b53d1b7c056bbbff2f90ad16ed214b57609)
(From OE-Core rev: 3671e20cb31f0a5c11939f3c5ba2d088db08e705)
Signed-off-by: Bhuvanchandra DV <bhuvanchandra.dv@toradex.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
After running gummiboot loader install option, the installed target
storage device boot parameter for root=PARTUUID is empty causing boot failure.
This issue is only observed with gummiboot and not with GRUB loader.
This fix assign the rootuuid of the rootfs partition for gummiboot loader.
[YOCTO #8709]
(From OE-Core rev: 0b9f31452a65d1a8d8392b4ba9c335bd32860a6a)
Signed-off-by: Ng, Mei Yeen <mei.yeen.ng@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Running the install option from bootloader to install image to eMMC will fail
with error:
Formatting /dev/mmcblk01 to vfat...
mkfs.fat 3.0.28 (2015-05-16)
/dev/mmcblk01: No such file or directory
This issue impacts both grub and gummiboot install option to eMMC device.
The installation failure is due to the following:
[1] Unable to partition eMMC as the partition prefix 'p' is not appended
The condition checking failed with the additional /dev/ appended with
the target device name.
[2] The partition uuid for boot, root and swap partition is not captured
for eMMC
This fix updated the condition checking and changed the variables to
reference the boot, root and swap partitions for UUID.
[YOCTO #8710]
(master rev: a7d081c3db776c8b0734942df6bf96f811f15bd3)
(From OE-Core rev: 1be316beb5c2b1e32f11ab8ec5dee68f64defb2d)
Signed-off-by: Ng, Mei Yeen <mei.yeen.ng@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
On systems with two cards, the correct output profile does not get
selected automatically even in the simple case where there is one
available profile. This scenario is typical at least with HDMI audio
(which is on a separate card).
Fixes [YOCTO #8448]
(From OE-Core rev: 7d26b5f7fad5f5200f73e2a2c11874d8ccf34c59)
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may
differ between MACHINEs. Since they are exported they affect task hashes
even if unused which leads to multiple variants of allarch packages
existing in sstate and bouncing in the sysroot when switching between
MACHINEs.
allarch packages shouldn't be using these variables anyway, so let's
ensure they have a fixed value in order to avoid this problem.
(Compare with 05a70ac30b37cab0952f1b9df501993a9dec70da and
14f4d016fef9d660da1e7e91aec4a0e807de59ab.)
(From OE-Core rev: 16482cf042e129e8f429bdcea9c0c9addb0e8a0b)
Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fix divide by zero bug (CVE-2014-9756)
(From OE-Core master rev: f47cf07ab9d00ed7eddc8e867138481f7bd2bb7d)
(From OE-Core rev: 353f6d9530e9545aee5c77de348abeee9002f046)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is a is being give a High rating so please consider it for
all 1.1.28 versions.
A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.
(From OE-Core master rev: 0f89bbab6588a1171259801fa879516740030acb)
(From OE-Core rev: bc8b7401fa18f6a987041d7f93a1fa3512f8513c)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: e3d2974348bd830ec2fcf84ea08cbf38abbc0327)
(master rev: 78e05984b1ac48b1f25547ccd9740611cd5890a9)
(From OE-Core rev: 97b247a88024083ce145f9e64ac9c9a182d02d3e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
To help automated scanning of CVEs, put the CVE ID in the filename.
(From OE-Core master rev: 211bce4f23230c7898cccdb73b582420f830f977)
(From OE-Core rev: 6821bb42febfc5f939896b0ffbc1c00b15b9329e)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch is a CVE fix, so rename it to help CVE detection tools identify it as
such.
(From OE-Core master rev: 3fd05ce1f709cbbd8fdeb1dbfdffbd39922eca6e)
(From OE-Core rev: 2cc8c8066193f851ea0ed3912dee287c2d1c5257)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The structure has apparently changed, and there was a missing
setting. This corrects a segfault when disassembling code.
(From OE-Core master rev: 2e8f1ffe3a8d7740b0ac68eefbba3fe28f7ba6d4)
(From OE-Core rev: 6a6f5446303a9b0b858d153137244a5a101520ce)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core master rev: 8e53500a7c05204fc63759f456639545a022e82b)
(From OE-Core rev: 71ad09cfe9c43a113295c95a0fb0899d44f2bb7e)
Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Nicolas Dechesne <nicolas.dechesne@linaro.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: e44ed8c18e395b9c055aefee113b90708e8a8a2f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added Ubuntu 15.10.
(From meta-yocto rev: 08ccca7559e2b74094f7335746a8cbec892d450d)
Signed-off-by: Lucian Musat <george.l.musat@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Added poky 2.0 and Fedora 22.
(From meta-yocto rev: 76d3570b011c71d9d5e00e05ba17afecc7819cb4)
Signed-off-by: Lucian Musat <george.l.musat@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 49fdc7e3bcb0f15b89db6ac653a861a5a55c8d14)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping
References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697
(From OE-Core rev: a11b23a7d2a29414a4ea47c411f09a68b1b28e2d)
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a fix from upstream to fix a denial of service via a malicious escape
sequence.
[YOCTO #8617]
(From OE-Core rev: d5065e2b1c49fa65627f0adec8e42190ebccb572)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: d3aa328147e364f88791564920cfb933f9aa2b20)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This update matches the kernel update made to oe-core linux-yocto
and address some graphics issues.
(From meta-yocto rev: afe024cd4a97bb32bf8296a85b403669ca41f634)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The fix consist of allowing 64bit atomic ops for x86.
This should be safe for i586 and newer CPUs.
It also makes the synchronization more efficient.
[YOCTO #8140]
(From OE-Core rev: 2b8c7aa51f6ac7f79c4834e04b697c04afc8beaf)
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Due to problems with the prelinker itself, we need to disable the
image-prelink by default. This will hopefully be re-enabled in the near
future.
(From meta-yocto rev: 51f83d2ee593c3936138aa50c06b0bfe9c6b9162)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|