summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* libpcre: Add fix for CVE-2020-14155stable/zeus-nextRahul Taya2020-08-102-0/+42
| | | | | | | | | | | | | | | | | Added below patch in libpcre CVE-2020-14155.patch This patch fixes below error: PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre via a large number after (?C substring. By sending a request with a large number, an attacker can execute arbitrary code on the system or cause the application to crash. Tested-by: Rahul Taya <Rahul.Taya@kpit.com> Signed-off-by: Saloni Jain <Saloni.Jain@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* go: Security Advisory - go - CVE-2020-15586Li Zhou2020-08-102-0/+132
| | | | | | | | Backport patch from <https://github.com/golang/go/commit/ fa98f46741f818913a8c11b877520a548715131f> to solve CVE-2020-15586. Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* pypi.bbclass: use new pypi UPSTREAM_CHECK_URITim Orling2020-08-101-1/+1
| | | | | | | | | | | | Upstream https://pypi.python.org/pypi/${PYPI_PACKAGE}/ redirects to https://pypi.org/project/${PYPI_PACKAGE}/ Signed-off-by: Tim Orling <timothy.t.orling@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit e5f3f961242d888f3f786af8f793bf1d247fdff0) [Yocto # 13990] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* pypi.bbclass: mind package suffix on version checkKonrad Weihmann2020-08-101-1/+1
| | | | | | | | | | | | | | Some pypi packages do have suffixes like dev, or a0 or b1. When doing a version check on these, the version will get falsely identified as major release versions. Add a terminating slash to rule out those false positives Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Steve Sakoman <steve@sakoman.com> (cherry picked from commit 0603f6d9f2abfa67b99b1bc39228f6aa16a0370d) [Yocto bug #13990] Signed-off-by: Armin Kuster <akuster808@gmail.com>
* gstreamer1.0: fix builds with make 4.3Anuj Mittal2020-07-283-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Depend on make-native instead of using host make to avoid errors like: | controller-enumtypes.c:10:1: error: stray '\' in program | 10 | \#include "gstinterpolationcontrolsource.h" | | ^ | controller-enumtypes.c:10:2: error: stray '#' in program | 10 | \#include "gstinterpolationcontrolsource.h" | | ^ | controller-enumtypes.c:10:11: error: expected '=', ',', ';', 'asm' or '__attribute__' before string constant | 10 | \#include "gstinterpolationcontrolsource.h" | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | controller-enumtypes.c:11:1: error: stray '\' in program | 11 | \#include "gstlfocontrolsource.h" | | ^ | controller-enumtypes.c:11:2: error: stray '#' in program | 11 | \#include "gstlfocontrolsource.h" This helps building on autobuilder where some workers have buildtools with make 4.3 installed. Building using meson works fine so later branches are not affected and upstream has rejected patches to fix this: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/515 Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* core: glib-2.0: fix requested libmount/mkostemp/selinux not being linked inAhmad Fatoum2020-07-282-0/+50
| | | | | | | | | | | | | | | | | | | | | Since 010202076760 ("meson.bbclass: avoid unexpected operating-system names"), meson is no longer used with a cross file that appends the used libc to the operating system name, e.g. linux-gnueabi. Prior to that commit, the host_system == 'linux' checks in glib's meson failed, which led to glib being compiled without libmount, mkostemp and selinux even if explicitly requested. As the aforementioned commit affects all recipes built by glib, it might not be a candidate for backporting to current stable branches. To fix just the glib issue, instances of host_system == 'linux' are patched locally. The patch is marked as Upstream-Status: Inappropriate as it is rendered unnecessary for OE releases newer than Dunfell. Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* glibc: CVE-2020-6096Zhixiong Chi2020-07-283-0/+306
| | | | | | | | | | Backport the CVE patch from the upstream: git://sourceware.org/git/glibc.git commit 79a4fa341b8a89cb03f84564fd72abaa1a2db394 commit beea361050728138b82c57dda0c4810402d342b9 Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* nss: Fix CVE-2020-12399Ovidiu Panait2020-07-282-0/+111
| | | | | | | | | | | | | | | Master (nss version 3.54) is not affected by this issue. This is a backport from nss version 3.54. NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. Upstream patch: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* cve-update: handle baseMetricV2 as optionalKonrad Weihmann2020-07-281-4/+9
| | | | | | | | | | | Currently in NVD DB an item popped up, which hasn't set baseMetricV2. Let the parser handle it as an optional item. In case use baseMetricV2 before baseMetricV3 Signed-off-by: Konrad Weihmann <kweihmann@outlook.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit fdcbf3f28289188c5a97664d1421d4a5c4991eda) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* python3-numpy: Stop shipping manual config filesAdrian Bunk2020-07-2829-2022/+0
| | | | | | | | | | Automatic generation seems to work fine, and does not become outdated. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 8993270f8bc65e152418d84fde03f8ead83c054b) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* selftest/context: Avoid tracebacks from tests using multiprocessingRichard Purdie2020-07-281-1/+5
| | | | | | | | | | | | | | We can see tracebacks where the SIGTERM handler catches things it shouldn't. Avoid exit(1) unless we're the process that it was intended for. [YOCTO #13664] (From OE-Core rev: d9c62ffac611310efd47ed6397d31dccb72fe868) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit dba8c1d5ef0b574b7772d59e5992bfad8b7cca13) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* sqlite: backport CVE fixSakib Sajal2020-07-282-0/+33
| | | | | | | | | | | | Fixes CVE-2020-11655 (From OE-Core rev: 3b06a6c73f4e49c6d00f758423c2e8865ec2de00) Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [ without the CVE-2020-11656 fix that did not apply cleanly ] Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* perf: Correct the substitution of python shebangsHe Zhe2020-07-171-5/+2
| | | | | | | | | | | | | | | | | | | | | | To make the native python3 always used, - Use sed one-liner instead - Add substitution for ${S}/scripts/bpf_helpers_doc.py to fix the following warning. File "/usr/lib/python3.6/sysconfig.py", line 421, in _init_posix _temp = __import__(name, globals(), locals(), ['build_time_vars'], 0) ModuleNotFoundError: No module named '_sysconfigdata' This issue is first reported by Joel Stanley <joel@jms.id.au> The sed one-liner is credited to Anuj Mittal <anuj.mittal@intel.com> (From OE-Core rev: 3f93173130a94310255389cfc62c67102a4fb21b) Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 3a1a18ba9d28adb5562eabe9ec354f6d93154f5c) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* perf: fix build for v5.5+Bruce Ashfield2020-07-171-0/+1
| | | | | | | | | | | | | | | | In kernel 5.5+ there are python3 scripts that explicitly use /usr/bin/python3 as the interpreter. That will find the host python and produce undefined results. We add that interpreter path to our substitutions to ensure that our sysroot variant is used. (From OE-Core rev: 103316d50d4947b3c3500eb5cbc4845702a62d22) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e5c4f3127521607742f7cdf62481b64cf4d3e828) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* utils: fix gcc 10 version detectionCharles-Antoine Couret2020-07-171-1/+1
| | | | | | | | | | | | Utils can not detect GCC 10 correctly due to wrong regex. It generates this error "ERROR: Can't get compiler version from gcc --version output" Sub-version numbers should be 1 or more digits instead of 1 only. Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@mind.be> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 186fe4a3d390a52b87282c3e694ce3251e45ee78) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* iso-codes: switch upstream branch master -> mainHongxu Jia2020-07-171-1/+1
| | | | | | | | | (From OE-Core rev: 6e16ef0c2e0ec2bbb862231cd84e7650bd5789af) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 75e91b8e52ec77398e6b0fc09456e971662d9d7e) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* python3: fix CVE-2020-14422Lee Chee Yang2020-07-172-0/+80
| | | | | | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> [Rebased for v3.7.8] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* systemd: fix CVE-2020-13776wenlin.kang@windriver.com2020-07-172-0/+97
| | | | | | | | | Backport from systemd.git. (OE-Core master rev: a1b22b2263da6d11a4e0cbfa792d2bd1e56f5346) Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* wpa-supplicant: Security fix CVE-2020-12695Armin Kuster2020-07-174-1/+267
| | | | | | | | | | | | | | | | Source: http://w1.fi/security/ Disposition: Backport from http://w1.fi/security/2020-1/ Affects <= 2.9 wpa-supplicant (From OE-Core rev: 720d29cbfce34375402c6a4c17e440ffbb2659bf) Signed-off-by: Armin Kuster <akuster@mvista.com> (cherry picked from commit e9c696397ae1b4344b8329a13076f265980ee74d) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* perl: fix CVE-2020-10543 & CVE-2020-10878Lee Chee Yang2020-07-174-0/+227
| | | | | | | | | | (From OE-Core rev: d9c5d9c52eb1f03ff9c907a76dda31042fb26edb) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* dbus: fix CVE-2020-12049Lee Chee Yang2020-07-172-0/+79
| | | | | | | | | | (From OE-Core rev: 3f69946c6159fa359bc5800ee72ef6151d9ecd36) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* perl: Fix host specific modules problemsRichard Purdie2020-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | We were seeing a ton of empty perl modules being created such as "perl-module-x86-64-linux-encoding" where the name would include ${TARGET_ARCH}-linux. These files were already being filtered in an earlier do_split_packages() expression so exclude them from the latter one to remove the pointless empty modules in PACKAGES. This doesn't explain why some were not deterministic but will recude the do_package execution time and clean up the build directories at the very least. (From OE-Core rev: 5aaf9d3a748cbad17a4a3e5d9715ac2f289b007d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9f1a959d9831f43dda656e3b0c4d059db3363877) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* bind: update to 9.11.19akuster2020-07-173-238/+2
| | | | | | | | | | | | | | | | | | | | Bug fix only updates. suitable for Stable branch updates where applicable. Drop CVE patches included in update LIC_FILES_CHKSUM update copyright year to 2020 Full changes found at : https://gitlab.isc.org/isc-projects/bind9/-/blob/v9_11/CHANGES (From OE-Core rev: c672d2b6c98607f1fda917f4a3189a53712e8fc2) Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit a6ba66cf5e754cdcd41f01d233fbef7b94a10225) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* bind: update 9.11.5-P4 -> 9.11.13Alexander Kanavin2020-07-1713-2801/+20
| | | | | | | | | | | | | | | | Drop backports. Drop 0001-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch and 0001-lib-dns-gen.c-fix-too-long-error.patch as problem is fixed upstream. (From OE-Core rev: 6965ec5c491e71d5951dfb58fc060bd0b717e33d) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* mtd-utils: Fix return value of ubiformatOtavio Salvador2020-07-172-0/+63
| | | | | | | | | | | | | | | | | | | | | | This changeset fixes a feature regression in ubiformat. Older versions of ubiformat, when invoked with a flash-image, would return 0 in the case no error was encountered. Upon upgrading to latest, it was discovered that ubiformat returned 255 even without encountering an error condition. This changeset corrects the above issue and causes ubiformat, when given an image file, to return 0 when no errors are detected. Backport fix from 2.1.2 (From OE-Core rev: 3ee98b6c9ddd1dd0825245ca672236b7befb9859) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> (cherry picked from commit 7ebacd9cbaec98fbc406e8ae99c9805a24fdadc6) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* encodings: clear postinst scriptKai Kang2020-07-171-0/+4
| | | | | | | | | | | | | | Postinst script from xorg-font-common.inc doesn't apply to this recipe. So clear the postinst script of encodings. (From OE-Core rev: ba94c908b99713ce115e9240df525c6442a60c7a) Signed-off-by: Kai Kang <kai.kang@windriver.com> (cherry picked from commit 99ae6dbb7278dfd264453af852c108fa56a0d4e3) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* wpa-supplicant: remove service templates from SYSTEMD_SERVICEKai Kang2020-07-171-3/+3
| | | | | | | | | | | | | | | Remove service templates wpa_supplicant-nl80211@.service and wpa_supplicant-wired@.service from SYSTEMD_SERVICE that they should NOT be started/stopped by calling 'systemctl' in postinst and prerm scripts. (From OE-Core rev: 7910a0d6f332253608767a9576a0d521dd87efd7) Signed-off-by: Kai Kang <kai.kang@windriver.com> (cherry picked from commit fe9b8e50461ab00ab3ad8b065ebd32f0eea2a255) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* vim: _FORTIFY_SOURCE=2 be goneJoe Slater2020-07-171-0/+5
| | | | | | | | | | | | | | vim will abort in many places with this setting. Replace it with the benign _FORTIFY_SOURCE=1. (From OE-Core rev: d9de155f6452f916edd3131addd0c2eebaf4d639) Signed-off-by: Joe Slater <joe.slater@windriver.com> (cherry picked from commit 18129cbaeddb3278efe9963718556e3765f06c1e) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* patchelf: Add patch to address corrupt shared library issueRichard Purdie2020-07-172-0/+38
| | | | | | | | | | | | | | patchelf can corrupt shared libraries if the program headers don't immediately follow the elf header. Add a patch submitted upstream to address this. (From OE-Core rev: faaf5f34332290708f3720a5488b3d1549d9e95a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit e7811c787bbe2f5d49b3506309499acc27189988) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* cve-check: include epoch in product version outputRalph Siemsen2020-07-171-1/+1
| | | | | | | | | | | | | | | | In the generated cve.log files, include the epoch in the product version. This better matches how versions are displayed elsewhere, in particular the bb.warn("Found unpatched CVE...") that appears on the terminal when CVEs are found. (From OE-Core rev: 99f6de1c74b581054c74c6b4598a5d47facc9964) Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org> (cherry picked from commit e1c3c0b6e5b01304e2127f5058986697e82adf93) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* libexif: fix CVE-2020-13114Lee Chee Yang2020-07-172-1/+76
| | | | | | | | | | (From OE-Core rev: 2e497029ee00babbc50f3c1d99580230bc46155c) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* cve-check: Run it after do_fetchKhem Raj2020-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | Certain recipes e.g. bash readline ( from meta-gplv2 ) download patches instead of having them in metadata, this could fail cve_check ERROR: readline-5.2-r9 do_cve_check: File Not found: qemuarm/build/../downloads/readline52-001 This patch ensures that download is done before running CVE scan, even though these will be external patches and may not contain CVE tags as it expects, but it will fix the run failures as seen above (From OE-Core rev: dbf143d79476e54e8da93101fc16eaedeec88362) Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e406fcb6c609a0d2456d7da0d2406d2d9fa52dd2) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* file: add bzip2-replacement-native to DEPENDS to fix sstate issueJan-Simon Moeller2020-07-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | file-native when built on a Debian 10 host will embed a dependency to 'libbz2.so.1.0' (instead of 'libbz2.so.1'). This can cause issues when sharing the sstate between hosts e.g.: recipe-sysroot-native/usr/lib/rpm/rpmdeps: error while loading shared libraries: libbz2.so.1.0: \ cannot open shared object file: No such file or directory To avoid this situation, let's add the bzip2-replacement-native to the file recipe's DEPENDS_class-native . Details in https://bugzilla.yoctoproject.org/show_bug.cgi?id=13915 . (From OE-Core rev: 5a2bc3bfa9e1a4f37b6e26a5c40a4a9c025d03f1) Signed-off-by: Jan-Simon Moeller <dl9pf@gmx.de> (cherry picked from commit 4a996574464028bd5d57b90920d0887d1a81e9e9) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* gcr: depends on gnupg-nativeKai Kang2020-07-171-1/+1
| | | | | | | | | | | | | | | | | It fails to build gcr if no commmand gpg on build host: | meson.build:44:0: ERROR: Program(s) ['gpg2', 'gpg'] not found or not executable Add dependency gnupg-native to fix the error. (From OE-Core rev: da7360247995d7c8e79dfcaa0c0761952a9013f1) Signed-off-by: Kai Kang <kai.kang@windriver.com> (cherry picked from commit e4a6eda4c246b2bca059defed796bdab19a7ab5f) Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* timezone: upgrade 2019c -> 2020aPierre-Jean Texier2020-07-091-5/+5
| | | | | | | | | | | See full changelog https://github.com/eggert/tz/blob/master/NEWS#L11 (From OE-Core rev: 9d74b048e3a160d7a9a20e85817e9eb3a558af63) Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* python3: Upgrade 3.7.7 -> 3.7.8Adrian Bunk2020-07-092-251/+2
| | | | | | | Backported patch removed. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* libpam: Remove option 'obscure' from common-passwordhaiqing2020-06-291-4/+1
| | | | | | | | | | | | | libpam does not support 'obscure' checks to password, there are the same checks in pam_cracklib module. And this fix can remove the below error message while updating password with 'passwd': pam_unix(passwd:chauthtok):unrecognized option[obscure] Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit ea761dbac90be77797308666fe1586b05e3df824) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* relocatable.bbclass: Avoid an exception if an empty pkgconfig dir existPeter Kjellerstedt2020-06-291-9/+11
| | | | | | | | | | | Rewrite relocatable_native_pcfiles() so that it can handle that any of the checked pkgconfig directories are empty without causing an exception. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f9c5df6dc1c13e9b05ff1b47ad84ad339f6779a4) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* kernel.bbclass: Fix Module.symvers supportLili Li2020-06-291-1/+1
| | | | | | | | | | | | | | | | | | Starting from v5.8-rc1 commit 269a535ca931 (modpost: generate vmlinux.symvers and reuse it for the second modpost"), kernel will generate new vmlinux.symvers instead of dumping all the vmlinux symbols into Module.symvers in the first pass. Error log: 'run.do_shared_workdir.16614' failed with exit code 1: DEBUG: cp: cannot stat 'Module.symvers': No such file or directory This change will check the file Module.symvers existence before copying it. Signed-off-by: Lili Li <lili.li@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit cd2d62a08a1dfcd890a03ee55132b6d6c65f5ab7) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* kernel-fitimage: introduce FIT_SIGN_ALGRichard Leitner2020-06-291-1/+5
| | | | | | | | | | | | make fitImage configuration signature algorithm selectable with FIT_SIGN_ALG. (From OE-Core rev: e24b27a2b49e97cec6153f2d642d17a901b8ba12) Signed-off-by: Richard Leitner <richard.leitner@skidata.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* gnutls: fixed CVE-2020-13777haiqing2020-06-294-0/+298
| | | | | | | | | | | | | | GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket Backport the patch from upstream: https://gitlab.com/gnutls/gnutls.git commit c2646aeee94e71cb15c90a3147cf3b5b0ca158ca commit 50ad8778a81f9421effa4c5a3b457f98e559b178 commit 3d7fae761e65e9d0f16d7247ee8a464d4fe002da Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* qemu: fix CVE-2020-10702 & CVE-2020-13765Lee Chee Yang2020-06-293-0/+102
| | | | | Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* libjpeg-turbo: Fix CVE-2020-13790jason.lau2020-06-292-0/+82
| | | | | | | | | | | | | libjpeg-turbo 2.0.4 has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. Upstream-Status: Backport [https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a] CVE:CVE-2020-13790 Signed-off-by: Liu Haitao <haitao.liu@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* python3: un-break disabling the readline PACKAGECONFIGAlexander Kanavin2020-06-291-0/+1
| | | | | | | | | | Previously the readline module would have been built regardless of readline's presence in the sysroot, and the recipe would fail at package_qa. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* python3: make gdbm optionalAlexander Kanavin2020-06-293-5/+46
| | | | | | | | | The use case is building a gpl3-free image, without having to rely on outdated recipes from meta-gplv2 layer. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* nfs-utils: fix CVE-2019-3689wenlin.kang@windriver.com2020-06-292-0/+103
| | | | | | | Fix CVE-2019-3689 Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* mesa: fix meson configure fix when 'dri' is excluded from PACKAGECONFIGYann Dirson2020-05-291-1/+1
| | | | | | | Signed-off-by: Yann Dirson <yann@blade-group.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 78efff8741f869647790810a3dd41459b9d9d8a6) Signed-off-by: Armin Kuster <akuster808@gmail.com>
* avahi: Don't advertise example services by defaultPaul Barker2020-05-291-0/+5
| | | | | | | | | | | | | The example service files are placed into /etc/avahi/services when we run `make install` for avahi. This results in ssh and sftp-ssh services being announced by default even if no ssh server is installed in an image. These example files should be moved away to another location such as /usr/share/doc/avahi (taking inspiration from Arch Linux). Signed-off-by: Paul Barker <pbarker@konsulko.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* strace: fix failing ptestsAlexander Kanavin2020-05-292-3/+6
| | | | | | | | | | | | | 1. They need to be run under regular user. 2. Some tests genuinely need more time than 30 seconds 3. The Makefile patch erroneously introduced a test-breaking change. (From OE-Core rev: 3d6bf58c7080c1cacf3ed1f270ff5acf4858c790) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit a5e90281ac211e912ec6bfd6873e56152ec8bd4e) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
* bind: fix CVE-2020-8616/7Lee Chee Yang2020-05-293-0/+237
| | | | | | | fix CVE-2020-8616 and CVE-2020-8617 Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>