| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function
in LibYAML before 0.1.6 allows context-dependent attackers to execute
arbitrary code via a long sequence of percent-encoded characters in a
URI in a YAML file.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2525
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit. We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a
security issue. Nonetheless it seems prudent to forestall any risk by
using strlcpy() and similar functions.
Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.
In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass. The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode"). This ideally should've been a separate commit, but since
it touches code adjacent to one of the buffer overrun changes, I
included it in this commit to avoid last-minute merge issues. This
issue was reported by Honza Horak.
Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The make check command for the test suites in PostgreSQL 9.3.3 and
earlier does not properly invoke initdb to specify the authentication
requirements for a database cluster to be used for the tests, which
allows local users to gain privileges by leveraging access to this
cluster.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x
before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before
9.3.3 allow remote authenticated users to cause a denial of service
(crash) or possibly execute arbitrary code via vectors related to an
incorrect MAXDATELEN constant and datetime values involving (1)
intervals, (2) timestamps, or (3) timezones, a different vulnerability
than CVE-2014-0065.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE
commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before
9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote
authenticated users to create an unauthorized index or read portions of
unauthorized tables by creating or deleting a table with the same name
during the timing window.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The validator functions for the procedural languages (PLs) in PostgreSQL
before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before
9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain
privileges via a function that is (1) defined in another language or (2)
not allowed to be directly called by the user due to permissions.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12,
9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the
ADMIN OPTION restriction, which allows remote authenticated members of a
role to add or remove arbitrary users to that role by calling the SET
ROLE command before the associated GRANT command.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple integer overflows in the path_in and other unspecified
functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before
9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote
authenticated users to have unspecified impact and attack vectors, which
trigger a buffer overflow. NOTE: this identifier has been SPLIT due to
different affected versions; use CVE-2014-2669 for the hstore vector.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
* This is the first time meta-python is being taged with a release
Acked-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This solves the following warning:
syslog-ng-3.5.4.1: syslog-ng requires /usr/bin/awk, but no providers in its
RDEPENDS [file-rdeps]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This solves the following warning:
libhugetlbfs-2.18: libhugetlbfs-tests requires /bin/bash, but no providers in
its RDEPENDS [file-rdeps]
libhugetlbfs-2.18: libhugetlbfs requires /bin/bash, /usr/bin/perl, but no
providers in its RDEPENDS [file-rdeps]
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Hongjun.Yang <hongjun.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
original uri seems to be down now
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
TinyXML-2 is a rewrite of TinyXML-1. It provides some advantages over the original. They are covered on the homepage. (http://www.grinninglizard.com/tinyxml2/)
Signed-off-by: A. Varnin <fenixk19@mail.ru>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
The patch applied to toybox is rebased onto the new release and updated.
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
Log4c is logging library for C (http://log4c.sourceforge.net/)
Signed-off-by: A. Varnin <fenixk19@mail.ru>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* set correct path for dnsmasq
* add dnsmasq to RRECOMMENDS
this popped up when testing access point enabled for network-manager-applet
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change is used for fixing cmd path in rsnapshot.conf.default.
The options --without-* disable checking command * on host and get
the default path used, otherwise the host path will be injected into
target configs.
The runtime dependencies to ssh, logger, cp, du are optional and
could be customized in rsnapshot.conf, so it's not needed that
using PACKAGECONFIG to define the runtime dependencies.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Without this patch, we may have problem using vim.
Steps to reproduce the problem is as follows:
1. Set NO_RECOMMENDATIONS to "1".
2. bitbake core-image-minimal
3. runqemu qemux86
4. On target, execute `vi 1.txt'.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
fix
libgphoto2-2.4.11: libgphoto2 requires /bin/bash, but no providers in its RDEPENDS [file-rdeps]
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
| |
|
|
|
|
|
|
|
| |
most executables are perl scripts.
fix
| mime-support-3.48: mime-support requires /usr/bin/perl, but no providers in its RDEPENDS [file-rdeps]
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
| |
|
|
|
|
| |
check and rework licenses a bit
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
| |
|
|
|
|
|
| |
Add systemd service for samba.
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixed do_packagedata error when multilib:
ERROR: The recipe openldap is trying to install files into a shared area when those files already exist. Those files and their manifest location are:
/path/to/sysroots/qemux86-64/pkgdata/runtime-rprovides/openldap-backends/openldap-backends
Matched in manifest-qemux86-64-lib32-openldap.packagedata
/path/to/tmp/sysroots/qemux86-64/pkgdata/runtime/openldap-backends.packaged
Matched in manifest-qemux86-64-lib32-openldap.packagedata
/path/to/tmp/sysroots/qemux86-64/pkgdata/runtime/openldap-backends
Matched in manifest-qemux86-64-lib32-openldap.packagedata
Please verify which recipe should provide the above files.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Otherwise do_unpack failed when multilib:
tar (child): /path/to/lib32-krb5-1.12.2.tar.gz: Cannot open: No such file or directory
And do_patch error:
ERROR: Command Error: exit status: 1 Output:
Applying patch 0001-aclocal-Add-parameter-to-disable-keyutils-detection.patch
can't find file to patch at input line 15
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* /etc/lxdm/lxdm.conf was empty since out of tree build causing greeter not started
* pam is now an option to configure - set it based upon distro feature
* bash was added to RDEPENDS - it is required by /etc/lxdm/Xsession
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
* only dependency on this was from links's PACKAGECONFIG
* xz from oe-core provides liblzma as well and they conflict
in sysroot
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
One patch was a backport and can be dropped, add Upstream-status to the others.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
There's only one version of the recipe in the repo and the split makes it harder to debug and fix problems.
Also fix target overrides and style issues.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
* I've started with upgrade, but requires lot more changes which I'm not
comfortable to finish on something I cannot test in runtime
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed:
* Move slapd from ${libexecdir} to ${sbin}:
Installing slapd under ${sbin} is more FHS and LSB compliance
* Manage init script by inheriting update-rc.d, than postinst
* Add status for initscript
* Rename the patch named with commit id to
gnutls-Avoid-use-of-deprecated-function.patch
* Add a patch for CVE-2013-4449
* Add a patch to use /dev/urandom for entropy
* Allow tls obtains random bits from /dev/urandom:
The URANDOM_DEVICE is undefined for cross-compiling, define it as
/dev/urandom to allow tls obtains random bits from /dev/urandom.
* Add PACKAGECONFIG for mdb, ndb, relay and sock
* Remove unsupported config for ldbm
* Add license file
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
| |
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* now when sysroot conflicts are fatal we really don't want to build
multiple fftw providers in the same sysroot
ERROR: The recipe fftwl is trying to install files into a shared area
when those files already exist. Those files and their manifest
location are:
/home/jenkins/oe/world/shr-core/tmp-glibc/sysroots/qemuarm/usr/include/fftw3.f
Matched in
manifest-qemuarm-fftw.populate_sysroot
manifest-qemuarm-fftwf.populate_sysroot
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
| |
* add json-c dependency and fix with-* params
* LICENSE.txt change only added SUN copyright for
gdal/alg/thinplatespline.cpp file
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
A separate commit on curl adds a PACKAGECONFIG option within the
curl recipe in OE-Core to use libssh2 in curl, the user can enable
libssh2 via conf/local.conf or custom distro configuration, this will
pull in libssh2, which is not used by default.
Signed-off-by: Fabrice Coulon <fabrice.coulon@axis.com>
Signed-off-by: Olof Johansson <olof.johansson@axis.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
rsnapshot is a filesystem snapshot utility based on rsync.
rsnapshot makes it easy to make periodic snapshots of local machines,
and remote machines over ssh. The code makes extensive use of hard links
whenever possible, to greatly reduce the disk space required.
Homepage: http://www.rsnapshot.org/
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fix fetch failures
Remove automate patch we have 1.12+ automake in
OE-Core now
Change-Id: I2ba1f6fb173613774f29f87c621ad3ca10f4e872
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
| |
update md5sums and refresh patches
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
| |
* it's needed for newer qtwebkit-5.4
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Changed:
* Add init scripts and default configs based on debian
* Add a patch for crosscompile nm
* Add a patch to suppress /usr/lib in krb5-config
* Add DESCRIPTION
* Remove blacklist and inherit autotools-brokensep
* Add PACKAGECONFIG for ldap and readline
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The anonymous function redefined bindir to bindir_noprefix (and
others), which broke the sstate between build dirs.
The redefined *_noprefix was to used to pass to the INSTALL_*
variables to change the layout as we want, but in fact we can
do this in other ways instead of the pain one:
1) Change the default layout and a little adjustment.
There are 4 install layout: STANDALONE(default), RPM, DEB and SVR4.
And RPM is the one close to what we are using.
2) Don't use prefix and pass full paths to INSTALL_*.
The mariadb's cmake define some of the INSTALL_* relative to
CMAKE_INSTALL_PREFIX, So we can use empty CMAKE_INSTALL_PREFIX,
then we can pass our full paths to INSTALL_* directly.
This patch set the default layout to RPM and pass paths only for:
- INSTALL_DOCDIR: no prefix prepending, so ${datadir} works.
- INSTALL_LIBDIR/INSTALL_PLUGINDIR: use ${baselib}.
The mysql-test is moved from /usr to /usr/share which is more
reasonable, fix the FILES inclusion accordingly.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Fathi Boudra <fathi.boudra@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* continue the priority for packages shipping bash-completion
* oe-core's latest changes turn sysroot conflicts into critical error
ERROR: The recipe bash-completion is trying to install files into a shared area when those files already exist. Those files and their manifest location are:
/home/a.mueller/tmp/oe-core-glibc/sysroots/overo/usr/share/bash-completion/completions/nmcli
Matched in manifest-overo-networkmanager.populate_sysroot
/home/a.mueller/tmp/oe-core-glibc/sysroots/overo/usr/share/bash-completion/completions/su
Matched in manifest-overo-util-linux.populate_sysroot
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
| |
|
|
| |
Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
|
