review.tizen.org Git - scm/bb/tizen-distro.git/log

image.bbclass: Remove dependency on ldconfig-native for musl

it does not grok glibc ldconfig format

(From OE-Core rev: 9c85aef3ce25f6eb1d370a1a94e3fe16d59ec627)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

multilib_header: Do not install mutlilib headers for musl

musl is not multilib and this creates trouble. eg. when
util-linux probes for ncurses it does not find it because
ncurses has installed the multilibbed header and this
header includes bits/wordsize.h and this header does not
exist on musl systems. If and when musl adds multilib
support we will revisit it.

(From OE-Core rev: dad1c2746326912db41a3ff180679cdfe0e844f9)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

tclibc-musl.inc: Add musl specific distro policy file

With this we could use TCLIBC=musl to switch to images
based on musl

(From OE-Core rev: 797ef28c55a30f1b465ce512fffa4e06c7f1c658)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

siteinfo, insane: Recognize musl specific triplets

We will use '-musl' to identify musl based systems
this patch lays the foundation for recognising those
and map them to internal variable representations

(From OE-Core rev: 9cd77aed67373e33dc69158ab02b94d7045c1119)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: utils: avoid printing traceback on ExpansionError during parsing

If an ExpansionError occurs during better_exec() we should just raise it
instead of printing the traceback, so that recipe errors (such as broken
URLs in SRC_URI) are more easily comprehensible.

(Bitbake rev: 5b0da8932c318813138c113d2bb20498145dbd42)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: fetch2: improve handling of two classes of URL parameter mistakes

Handle the following situations in a URL (e.g. in SRC_URI):

* Trailing semicolon in a URL - this is now ignored.
* Parameter specified with no value (no equals sign). This still
produces an error, but at least it is MalformedUrl with a proper
message rather than "ValueError: need more than 1 value to unpack".

(Bitbake rev: bfd13dfbc4c9f1dd8315002271791b1d9e274989)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: Revert "toaster: toaster oe-selftest support"

This reverts commit bb5b1d6b139b886e54bfdc0c17f2b556db6a7fde.

Applied to incorrect repo.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

toaster: toaster oe-selftest support

This patch adds toaster tests using the oe-selftest infrastructure.
You need to have builds done - the tests will verify data integrity
after the toaster collection phase.

Once you have your toaster builds done, to run the automated backend
tests via oe-selftest do the followings:

1. Update builddir/conf/bblayers.conf to contain the meta-selftest
layer
2. From the builddir run:

'oe-selftest toaster'

or if you just want to run a single test:

'oe-selftest toaster.Toaster_DB_Tests.testname'

This first part adds the meta/lib/oeqa toaster file.

(From OE-Core rev: 762d425ed6f6d9046d3e3230c44b42ea6173b447)

Signed-off-by: Ionut Chisanovici <ionutx.chisanovici@intel.com>
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Update tzcode to 2014c

(From OE-Core rev: 3fa9508521d27e17bfe1a0aeb15d7fc2377218cd)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Update tzdata to 2014c

Removed solar-time experiment as per
http://mm.icann.org/pipermail/tz/2013-November/020488.html

(From OE-Core rev: 57af3fb9662106f0a65a1b4edf83e2398be0a8f1)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

ethtool: use serial-tests config needed by ptest.

buildtest-TESTS and runtest-TESTS targets are required by ptest.
In order to have those targets in automake 1.13.4 serial-tests
should be specified since parallel-tests is assumed by default
and serial-tests is optional.

ptest results:
PASS: test-cmdline
PASS: test-features
==================
All 2 tests passed
==================

(From OE-Core rev: 15bdef1f25ef567caf2f2e270de899e35da7cca9)

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

sstatesig: Move saferecipedeps handling to be earlier

We want to use the saferecipedeps handling code to allow gcc-cross-* to
work on multiple different tunes. Its currently in target only code
so it needs to be earlier to allow it to work on native-> target
dependencies.

This change has no effect on existing uses but makes gcc-cross become
shared as desired.

(From OE-Core rev: 9e03db2dfab0b534b86fd48c9190b2d7d0d21238)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

openssl: add openssl-CVE-2010-5298.patch SRC_URI

make openssl-CVE-2010-5298.patch truely work

(From OE-Core rev: eab33442480cc27a5cd00b3f46984fea74b7c0f9)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

readline: use upstream's aclocal.m4 as acinclude.m4

Instead of shipping a fork of the upstream aclocal.m4, simply rename it to
acinclude.m4 at configure time. We don't need the fork now that autoheader is
excluded.

(From OE-Core rev: e531923c4c17becb2f1a8a89adfeff0a82961a4a)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

readline: exclude autoheader from autoreconf

readline ships a hand-maintained config.h, instead of letting autoheader
generate one from configure.ac. The required arguments to AC_DEFINE are not in
configure.ac so autoheader will produce warnings and the generated code will not
behave as expected.

Solve this by excluding autoheader from autoreconf, so the upstream config.h.in
is used.

(From OE-Core rev: 8c37d32d6133c6ad2b9142e7a42775e7a979b570)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

readline: add missing STRUCT_DIRENT_D_* symbols to config.h.in

readline maintains config.h.in by hand but several symbols are incorrect. Fix
these so that the test results are reflected in config.h.

(From OE-Core rev: bc0d0c71eca48be05490209261b88b1f92bcf847)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

tcmode-default.inc: Default to using gcc 4.9

(From OE-Core rev: 050dbf916b7da792be0f9ca2ee7895ceb397fbce)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gcc: add patch to fix errors with Decimal64 type

[OE-core bug #6270] - https://bugzilla.yoctoproject.org/show_bug.cgi?id=6270

(From OE-Core rev: 8f8ef80131d4aa62a4b106d365a5e7b6273c766d)

Signed-off-by: Alexandru-Cezar Sardan <alexandru.sardan-KZfg59tc24xl57MIdRCFDg@public.gmane.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

i2c-tools: Add i2c-tools to the core

i2c-tools has been sitting outside of oe-core for long enough now. It is
a required tool for board validation, and many people are pulling it
into their builds and their own layers. Let's add it to the core.

This patch includes the i2c-tools recipe from meta-oe as of:

  commit 9df13b4140e8c6bfa0e4fb89107a6146981d2cdc
  Author: Khem Raj <raj.khem@gmail.com>
  Date:   2014-04-26

      i2c-tools: Fix build when S != B

(From OE-Core rev: 32ac58819580d359e22161be1abf62215d202250)

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Khem Raj <raj.khem@gmail.com>
Cc: Martin Jansa <Martin.Jansa@gmail.com>
Cc: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Cc: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

linux-yocto-dev: Dynamic SRCREV update

The current implementation would result in the default SRCREVs being
used by the fetcher, even though the anonymous python would update them
to AUTOREV. This appears to be something to do with early parsing
bitbake black magic.

This patch ensures the default is never assigned if we are actually
building the recipe by using a function to assign it in the first place.

The USE_DEFAULT* variables are removed as they are not necessary to
allow for overriding the SRCREVs.

The anonymous python parse check is moved closer to the top of the
recipe to be a bit more logically representative of its intended
purpose.

(From OE-Core rev: a0334b0de654a41c53df54ef80625094368113f6)

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

linux-yocto/3.10: bump kver to v3.10.40

Integrating the latest korg releases for the 3.10 kernel.

(From OE-Core rev: 574c03bd5fd73281472f8267a31cfecb235f1c65)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

beaglebone: enable the nowayout option for the watchdog

Bumping the meta SRCREV for the following fix:

[
  The default watchdog behaviour is to stop the timer if the process
  managing it closes the file /dev/watchdog. The system would not reboot
  if watchdog daemon crashes due to a bug in it or get killed by other
  malicious code. So we prefer to enable nowayout option for the
  watchdong. With this enabled, there is no way of disabling the watchdog
  once it has been started. This option is also enabled in the predecessor
  of this BSP (beagleboard)
]

[YOCTO: 3937]

(From OE-Core rev: 7006412c285a4a6c75d5349f60dc71b0b735ff90)

Signed-off-by: Kevin Hao <kexin.hao@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

linux-yocto-rt/3.14: update to 3.14-rt5

Updating the the latest 3.14-rt release.

(From OE-Core rev: ca1d952c964ce25bf78d47c7a856105d59d72cac)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

linux-yocto/3.14: update to v3.14.4

Bumping the 3.14 recipes to the latest korg -stable release.

(From OE-Core rev: 5c0088767a59c63d2197b54450a54578fa10fa07)

Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: fetch2/hg: Fix missing proto param for hg checkout with user and pw

A fix for the former patch when checking out a repository with
username and password using HG

(Bitbake rev: 0e7b594ccbceb3149f38776cea204807031ef69f)

Signed-off-by: Volker Vogelhuber <v.vogelhuber@digitalendoscopy.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: bitbake-layers: show-cross-depends: add support for RRECOMMENDS

RRECOMMENDS must be satisfied at build time, and these could cross layer
boundaries, so report these if they exist.

(Bitbake rev: 5569b3dca61e6d962494ca65c7aad09b2eb2ae63)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: bitbake-layers: show-cross-depends: ignore self-satisfied RDEPENDS

Overlayed recipes caused this to show false positives because the
overlaying version appeared to be satisfying the overlayed version's
RDEPENDS; but you'd never be building both at the same time.

(Bitbake rev: b94318174fe7f92b9a20eabb0bc4055066cb3d51)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: bitbake-layers: show-cross-depends: ignore global inherits

It's not particularly useful to show globally inherited classes here
since they do not normally represent a dependency.

(Bitbake rev: d16948bb88fcf44d861985838030be7c08697963)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: bitbake-layers: show-cross-depends: add option to ignore a layer

By default, show-cross-depends shows dependencies on OE-Core (i.e.
"meta") which is not particularly useful. Add an option to allow you to
hide those. For example, to hide all dependencies on OE-Core:

bitbake-layers show-cross-depends -i meta

Multiple layers can be specified by using commas as separators (no
spaces).

(Bitbake rev: 0e9062e65acbb05c1d9b3a9145eb866c3d562309)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

lighthttp: Use pkg-config for pcre dependency

(From OE-Core rev: d2457880e7bb08b9c2f8d60e70b1d59ed84e9da9)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libarchive: Use pkg-config for libxml2 dependency

(From OE-Core rev: fe277bf0a61d5d7787dba699ee1ed4d979ba5cff)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libksba: Use pkg-config for dependencies

Use pkg-config in the m4 macros for the package, ensure we have a host
field in the .pc file.

(From OE-Core rev: 4a971a90988435902a4a8dd9c721d440cd80c0bd)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gpgme: Update to ensure we pkg-config for dependencies

(From OE-Core rev: ffffc627b21a3cf8b407d16a437793b5fddf7127)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libgcrypt: Use pkg-config for dependencies

Use pkg-config instead of -config files in the m4 macros.

(From OE-Core rev: 74d73cf1e4607cb313b5e4c7138b555d5999a46d)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libxslt: Use pkg-config for dependencies

(From OE-Core rev: f0479e60b660778ab27b946d426daa17a08a28ea)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gnupg: Convert to use pkg-config for dependencies

Use pkg-config to find pth instead of pth-config and our own macros from
aclocal-copy.

(From OE-Core rev: 437ad15de308769c9251a37ed41dabed5653fc96)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libassuan: Improve pkgconfig support

Add api_version and host to the .pc file and use pkg-config in the
m4 macros for the package.

(From OE-Core rev: 17e5793847601d2aeb497ffe14871df65543abfb)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libgpg-error: Extend pkgconfig support to m4 macros

Whilst there is currently .pc file pkgconfig support, it was unused by the
m4 macros. This extends the support so they're used instead of the -config
scripts.

(From OE-Core rev: ff573270f7e87296840911189fd2087a1bc597f7)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

devshell: Add interactive python shell

Being able to interact with the python context in the Bitbake task execution
environment has long been desireable. This patch introduces such a
mechanism. Executing "bitbake X -c devpyshell" will open a terminal connected
to a python interactive interpretor in the task context so for example you can
run commands like "d.getVar('WORKDIR')"

This version now includes readline support for command history and various other
bug fixes such as exiting cleanly compared to previous versions.

(From OE-Core rev: 36734f34fe6e4b91e293234687e63c02f5b3117e)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

pseudo: Honor umask again

The fchmodat-permissions patch was fine for the fchmod case, but
had the unintended side effect of disregarding umask settings for
open, mknod, mkdir, and their close relatives. Start tracking umask
and masking the umask bits out where appropriate.

(From OE-Core rev: ce23c1cc33a015fbd184df6c16658353334ab611)

Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

cmake: Avoid accidentally including libacl.h

The cmake recipe doesn't depend on libacl yet cmake will detect libacl.h
and use it by default. This risks build failures if libacl.h is unstaged
during the build and it also means that the build cmake will sometimes
support ACLs and sometimes not.

This can be avoided by setting ENABLE_ACL=0 but until the fix for
http://cmake.org/Bug/view.php?id=14866 is released we also need to set
HAVE_ACL_LIBACL_H=0.

(From OE-Core rev: e76973b4ef687c5b36ed6f9eb202322ae4af9b9f)

Signed-off-by: Mike Crowe <mac@mcrowe.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

ddimage: Support Mac OS

Update the ddimage script to allow it to work on Mac OS too. The biggest
difference is sysfs vs diskutil and in the syntax of the stat command
between Mac OS and Linux, unfortunately. Workarounds using ls, cut, and
columns got really fragile really quickly. Relying on stat and switching
on uname seemed the more robust solution.

(From OE-Core rev: 8962fe11a0697348affb8a1ab95abca4995470a6)

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

eglinfo: updated to compile with mesa10+

Updated to the newer 4b317648ec6cf39556a9e5d8078f605bc0edd5de.

(From OE-Core rev: 9948e4239b88026804c33d84830dbfe6b0ed3e59)

Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libxshmfence: add it to oe-core

mesa 10+ depends on this (if the user builds mesa
with dri3 support enabled). So add it to oe-core.

(From OE-Core rev: afa3e8943d9e52a2d20ceea1e6a02a3133ef79fa)

Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

dri3proto: add it to oe-core

mesa 10+ depends on this (if the user builds mesa
with dri3 support enabled). So add it to oe-core.

(From OE-Core rev: 6a9717bd34854ecb56a4ab1731b6bf3cf4b471ea)

Signed-off-by: Valentin Popa <valentin.popa@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

distro_features_check.bbclass: fix searching whole list

Search whole list of REQUIRED_DISTRO_FEATURES.
Print only the missing/conflicting feature on error.

(From OE-Core rev: 4290e10c17aa5477bbd57023c35426c12fcc25cb)

Signed-off-by: Sebastian Wiegand <sebastian.wiegand@gersys.de>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

weston: upgrade to 1.5.0

* replace 0001-remove-dependence-on-wayland-scanner-flags.patch with
disable-wayland-scanner-pkg-check.patch
* add make-lcms-configureable.patch (WIP... needs work)
= fix for JaMa test-dependencies

(From OE-Core rev: 7c40efb62f34f866c98a0b2df50d66c60d76143a)

Signed-off-by: Tim Orling <TicoTimo@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

wayland: upgrade to 1.5.0

* update disable-macro-checks-not-used-for-scanner.patch
= trivial change to non-patched text (+ posix_fallocate)
* drop just-scanner.patch, no longer needed

(From OE-Core rev: f453259c6710a6b3fb3c542b3921426baf160347)

Signed-off-by: Tim Orling <TicoTimo@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

perl: stop perl-modules recommending perl-ptest

Change the logic that generates the perl-modules recommends to be an include
filter instead of an exclude filter, so that new sub-packages don't become
dependants of perl-modules (such as perl-ptest).

[ YOCTO #6203 ]

(From OE-Core rev: 94e164c5b5316e2797c5bab51d127935002c6008)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

babeltrace: fix alignment issue

Fix alignment issue in babeltrace

(From OE-Core rev: 862f14832d2d8a1917a5046d0299dbbbe6dc66da)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

lttng-tools: fix alignment issue

Fix alignment issue in lttng-tools

(From OE-Core rev: 539b77a29eb24b3896c9c436c0b4ce61c6b72b34)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bluez5: upgrade to 5.19

- Fixes to OBEX, AVRCP browsing, HID over GATT
and handling of device unpaired events for dual-mode devices.
- New features: user space based HID host implementation (for BR/EDR).

(From OE-Core rev: 5dce15e6623748ce3c1456f12d5cde6edc1be939)

Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

perl: fix for CVE-2010-4777

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0,
5.14.0, and other versions, when running with debugging enabled,
allows context-dependent attackers to cause a denial of service
(assertion failure and application exit) via crafted input that
is not properly handled when using certain regular expressions,
as demonstrated by causing SpamAssassin and OCSInventory to
crash.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4777
(From OE-Core rev: 368df9f13ddf124e6aaaec06c02ab698c9e0b6c3)

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

pseudo: handle fchmodat better, mask out unwanted write bits

It turns out that pseudo's decision not to report errors from
the host system's fchmodat() can break GNU tar in a very strange
way, resulting in directories being mode 0700 instead of whatever
they should have been.

Additionally, it turns out that if you make directories in your
rootfs mode 777, that results in the local copies being mode 777,
which could allow a hypothetical attacker with access to the
machine to add files to your rootfs image. We should mask out
the 022 bits when making actual mode changes in the rootfs.

This patch represents a backport to the 1.5.1 branch of three
patches from the 1.6 branch, because it took a couple of tries
to get this quite right.

(From OE-Core rev: 45371858129bbad8f4cfb874e237374a5ba8db4c)

Signed-off-by: Peter Seebach <peter.seebach@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

python-native : Add patch to fix configure error with gcc 4.8.

We apply this patch to the python recipe already. Without this patch
the zeroc-ice-native recipe will not build.

See: http://bugs.python.org/issue17547 for more details.

(From OE-Core rev: 2335a8ed3748e687e7f34f21f27f8e4029d1e26b)

Signed-off-by: Philip Balister <philip@balister.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake.conf: add default ${CPAN_MIRROR}

* Set default to http://search.cpan.org/CPAN/, as it should be

(From OE-Core rev: 7cf349c3f1f195d529fbd73ce4bf63a439ffa4e6)

Signed-off-by: Tim Orling <TicoTimo@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

mirrors.bbclass: add ${CPAN_MIRROR} option

* Perl modules fail to fetch because default CPAN site has been flaky lately.
* Create option to use metacpan.org as a mirror.

(From OE-Core rev: ffca381d9ad5de3e593c93274cfdb3d2ff4a447f)

Signed-off-by: Tim Orling <TicoTimo@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

initramfs-live-install: avoid using grub.d/40_custom

We have this in recipes-bsp/grub/grub/40_custom:

[snip]
menuentry "Linux" {
set root=(hd0,1)
linux /vmlinuz root=__ROOTFS__ rw __CONSOLE__ __VIDEO_MODE__ __VGA_MODE__ quiet
}
[snip]

These lines are only for initrdscripts/files/init-install.sh, the side
effect is that it would make the target's grub-mkconfig doesn't work
well since the 40_custom will be installed to /etc/grub.d/40_custom, the
grub-mkconfig will run the 40_custom, and there will always be a
'menuentry "Linux"' menu in grub.cfg no matter it is valid or not, we
can do this in init-install.sh rather than grub to fix the problem,
which is also much simpler.

(From OE-Core rev: 8ae89d08454c11035eb2826a06e2243c9f2568b4)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

taglib: Force a disable of the floating dependency on boost

taglib appears to depend on boost if it finds it in the sysroot. Force
it not to do this. Someone with better cmake skills may be able to
do this in a neater way.

(From OE-Core rev: 2c6c6c98416e5a458a02106524b5aa10a4b71d60)

(From OE-Core rev: 87fd1d7331f6f64a9037d97672dbe66d93f276de)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

guile: Update to 2.0.11 version

Upgrade guile to 2.0.11 version and remove unneeded patch since
it's included in new version.

(From OE-Core rev: f1727bb18f35ff01e53d3d442a6ff3c613639fa6)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

byacc: Update to 20140422 version

Upgrade byacc to 20140422 version.

(From OE-Core rev: d58ab8819724cf460360458ac6e59a9c0ca7966c)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

flex: Update to 2.5.39 version

Upgrade flex to 2.5.39 version.

(From OE-Core rev: 701f1ae89926306dfbd19786fe0ddabc36fb485c)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0849

The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via a
crafted (1) width or (2) height dimension that is not a multiple of
sixteen in id RoQ video data.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0849

(From OE-Core rev: 1a43a8054f51fbd542f3f037dc35f8b501e455bf)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0850

The decode_slice_header function in libavcodec/h264.c in FFmpeg before
1.1 allows remote attackers to have an unspecified impact via crafted
H.264 data, which triggers an out-of-bounds array access.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0850

(From OE-Core rev: 69f3f0f94f4fd224e5a6b275207adf0539d085c3)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0856

The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted Apple
Lossless Audio Codec (ALAC) data, related to a large nb_samples value.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0856

(From OE-Core rev: 571ccce77859435ff8010785e11627b20d8b31f4)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0854

The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c
in FFmpeg before 1.1 allows remote attackers to have an unspecified
impact via crafted MJPEG data.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0854

(From OE-Core rev: b3d9c8f603ebdbc21cb2ba7e62f8b5ebb57c40c1)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0851

The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1
allows remote attackers to have an unspecified impact via crafted
Electronic Arts Madcow video data, which triggers an out-of-bounds array
access.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0851

(From OE-Core rev: 8c9868d074f5d09022efc9419ee09eb805f68394)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0858

The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg before
1.0.4 allows remote attackers to have an unspecified impact via ATRAC3
data with the joint stereo coding mode set and fewer than two channels.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0858

(From OE-Core rev: 0ee8754c973f5eff3ba4d00319a5308888c12b17)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0852

The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg
before 1.1 allows remote attackers to have an unspecified impact via
crafted RLE data, which triggers an out-of-bounds array access.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0852

(From OE-Core rev: 37f9371b44bd914fdd64e4c4e4448a2908512203)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0845

libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to
have an unspecified impact via a crafted block length, which triggers an
out-of-bounds write.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0845

(From OE-Core rev: cc6e2ee53c49206aa3377c512c3bd1de2e14a7b7)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0868

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers
to have an unspecified impact via crafted Huffyuv data, related to an
out-of-bounds write and (1) unchecked return codes from the init_vlc
function and (2) len==0 cases.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0868

(From OE-Core rev: 29dcc2c8e834cf43e415eedefb8fce9667b3aa40)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2014-2099

The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before
2.1.4 does not properly calculate line sizes, which allows remote
attackers to cause a denial of service (out-of-bounds array access) or
possibly have unspecified other impact via crafted Microsoft RLE video
data.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2099

(From OE-Core rev: 3e27099f9aad1eb48412b07a18dcea398c18245b)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2013-0865

The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before
1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an
unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood
Studios VQA Video file, which triggers an out-of-bounds write.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0865

(From OE-Core rev: 4a93fc0a63cedbebfdc9577e2f1deb3598fb5851)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

gst-ffmpeg: fix for Security Advisory CVE-2014-2263

The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB)
muxer (libavformat/mpegtsenc.c) in FFmpeg, possibly 2.1 and earlier,
allows remote attackers to have unspecified impact and vectors, which
trigger an out-of-bounds write.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2263

(From OE-Core rev: 70bf8c8dea82e914a6dcf67aefb6386dbc7706cd)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

distro_features_check.bbclass: fix wrong indentation

To fix check of REQUIRED_DISTRO_FEATURES fix indentation in python code.

[YOCTO #6349]
Reported and written by: Sebastian Wiegand <sebastian.wiegand@gersys.de>
(From OE-Core rev: 986db87a3931edce8be79f309d07497e4179a810)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: data_smart: Fix an unusual variable reference bug

If you try:

Y = ""
Y_remove = "X"

in OE-Core, bitbake will crash with a KeyError during expansion. The reason
is that no expansion of the empty value is attempted but removal from is it
and hence no varparse data is present for it in the expand_cache.

If the value is empty, there is nothing to remove so the best fix is simply
not to check for None but check it has any value.

Also add a test for this error so it doesn't get reintroduced.

(Bitbake rev: af3ce0fc0280e6642fa35de400f75fdbabf329b1)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: toaster: reduce redundant foreign key lookups

Replace redundant foreign key lookups with "with" to improve all
recipes page load time. Do depends pre-lookup in the view class,
and use python itertation instead of filter() all to achieve x16
processing speedup.

[YOCTO #6137]

(Bitbake rev: a68a6dc50c11cc59e7c873414e3e22ac2644dea7)

Signed-off-by: David Reyna <David.Reyna@windriver.com>
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
Conflicts:
bitbake/lib/toaster/toastergui/views.py
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: toaster: sort columns properly after edit columns

If a sorted column is made invisible through the edit columns function,
resort the table the its default order.

[YOCTO 5919]

(Bitbake rev: 64618f7489eb9eb13a97d03cd2d353384f5faa70)

Signed-off-by: Farrell Wymore <farrell.wymore@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: toaster: toaster oe-selftest support

This patch adds toaster tests using the oe-selftest infrastructure.
You need to have builds done - the tests will verify data integrity
after the toaster collection phase.

Once you have your toaster builds done, to run the automated backend
tests via oe-selftest do the followings:

1. Update builddir/conf/bblayers.conf to contain the meta-selftest
layer
2. From the builddir run:

'oe-selftest toaster'

or if you just want to run a single test:

'oe-selftest toaster.Toaster_DB_Tests.testname'

This first part adds the meta/lib/oeqa toaster file.

(Bitbake rev: bb5b1d6b139b886e54bfdc0c17f2b556db6a7fde)

Signed-off-by: Ionut Chisanovici <ionutx.chisanovici@intel.com>
Signed-off-by: Alexandru DAMIAN <alexandru.damian@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

cups: fix for cups not building without avahi

Backport upstream patch for CUPS issue: STR #4402

[YOCTO #6325]

(From OE-Core rev: 7decf9dce56868e39902dac5957eb72f6e1e9acd)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

harfbuzz: upgrade to 0.9.28

(From OE-Core rev: 8462728aef78debaa15e33121b3ae733049a96ab)

Signed-off-by: Cristian Iorga <cristian.iorga@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

wic: add support to look in all layers and get plugins

Plugins are looked in 'scripts/lib/mic/plugins/[type]/' directory on all
BBLAYERS variable returned by bitbake environment. If found, it will
be load at runtime.

The user could create your own plugin and keep it inside its layers. For
now the path must be <layer-dir>/scripts/lib/mic/plugins/[type]/. Where
'type' could be 'imager' or 'source'.

(From OE-Core rev: bb6f5d7de1c7ce2680874a74949903db0f5bb91a)

Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

wic: add support to look in all layers and get .wks file

.wks file are looked in 'scripts/lib/image/canned-wks' directory on all
BBLAYERS variable returned by bitbake environment. If found, it will
be used.

The user could create your own .wks and keep it inside its layers. For
now the path must be <layer-dir>/scripts/lib/image/canned-wks.

(From OE-Core rev: 1f3e312211f277a1befd707a59a0c0a9bf6cbcbc)

Signed-off-by: João Henrique Ferreira de Freitas <joaohf@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libav: upgrade 9.x version to 9.13

(From OE-Core rev: 937a0da0861abb7656762b2a3fb69eb275dd4a9a)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libav: upgrade 0.8.x version to 0.8.11

(From OE-Core rev: 206f34ac0c0b65768ec2b553a0cb8b93fe7e5ae3)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

runqemu-internal: add "console=ttyS0" to ramfs image kernel parameters

We need this kernel command parameter so that when we start a ramfs
image, we can actually get some output. Although we can make this
happen by specifying the 'bootparams' for the 'runqemu' command, it's
better to make this the default behaviour.

(From OE-Core rev: 3d202594bb92fe75cd70f81345e64c2179b52c32)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

quilt: Update to 0.63 version

Upgrade quilt to 0.63 version and add perl-module-text-parsewords to
RDEPENDS of ptest.

(From OE-Core rev: 48c09163db18634e3071009b94645812ade285f4)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

libpcre: Update to 8.35 version

Upgrade libpcre to 8.35 version.

(From OE-Core rev: 32c007bfc4fe7a0ba75644584bb80f8bdff09a01)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

openssl: fix for CVE-2010-5298

Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote
attackers to inject data across sessions or cause a denial of service
(use-after-free and parsing error) via an SSL connection in a
multithreaded environment.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5298

(From OE-Core rev: 751f81ed8dc488c500837aeb3eb41ebf3237e10b)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

tiff: fix for Security Advisory CVE-2013-4231

Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers
to cause a denial of service (out-of-bounds write) via a crafted (1)
extension block in a GIF image or (2) GIF raster image to
tools/gif2tiff.c or (3) a long filename for a TIFF image to
tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which
states that the input cannot exceed the allocated buffer size.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231Multiple
buffer overflows in libtiff before 4.0.3 allow remote attackers to cause
a denial of service (out-of-bounds write) via a crafted (1) extension
block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3)
a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1
and 3 are disputed by Red Hat, which states that the input cannot exceed
the allocated buffer size.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4231

(From OE-Core rev: 19e6d05161ef9f4e5f7277f6eb35eb5d94ecf629)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

nss: CVE-2013-1740

the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1740
https://bugzilla.mozilla.org/show_bug.cgi?id=919877
https://bugzilla.mozilla.org/show_bug.cgi?id=713933

changeset:   10946:f28426e944ae
user:        Wan-Teh Chang <wtc@google.com>
date:        Tue Nov 26 16:44:39 2013 -0800
summary:     Bug 713933: Handle the return value of both ssl3_HandleRecord calls

changeset:   10945:774c7dec7565
user:        Wan-Teh Chang <wtc@google.com>
date:        Mon Nov 25 19:16:23 2013 -0800
summary:     Bug 713933: Declare the |falseStart| local variable in the smallest

changeset:   10848:141fae8fb2e8
user:        Wan-Teh Chang <wtc@google.com>
date:        Mon Sep 23 11:25:41 2013 -0700
summary:     Bug 681839: Allow SSL_HandshakeNegotiatedExtension to be called before the handshake is finished, r=brian@briansmith.org

changeset:   10898:1b9c43d28713
user:        Brian Smith <brian@briansmith.org>
date:        Thu Oct 31 15:40:42 2013 -0700
summary:     Bug 713933: Make SSL False Start work with asynchronous certificate validation, r=wtc

(From OE-Core rev: 11e728e64e37eec72ed0cb3fb4d5a49ddeb88666)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

nss: CVE-2014-1492

the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1492
https://bugzilla.mozilla.org/show_bug.cgi?id=903885

changeset:   11063:709d4e597979
user:        Kai Engert <kaie@kuix.de>
date:        Wed Mar 05 18:38:55 2014 +0100
summary:     Bug 903885, address requests to clarify comments from wtc

changeset:   11046:2ffa40a3ff55
tag:         tip
user:        Wan-Teh Chang <wtc@google.com>
date:        Tue Feb 25 18:17:08 2014 +0100
summary:     Bug 903885, fix IDNA wildcard handling v4, r=kaie

changeset:   11045:15ea62260c21
user:        Christian Heimes <sites@cheimes.de>
date:        Mon Feb 24 17:50:25 2014 +0100
summary:     Bug 903885, fix IDNA wildcard handling, r=kaie

(From OE-Core rev: a83a1b26704f1f3aadaa235bf38094f03b3610fd)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

subversion: fix for Security Advisory CVE-2013-4277

Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through
1.8.1 allows local users to overwrite arbitrary files or kill arbitrary
processes via a symlink attack on the file specified by the --pid-file
option.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4277

(From OE-Core rev: e0e483c5b2f481240e590ebb7d6189a211450a7e)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before 1.6.21
and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of
service (NULL pointer dereference and crash) via a LOCK on an activity URL.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1846

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through 1.6.20
and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service
(NULL pointer dereference and crash) via an anonymous LOCK for a URL that does
not exist.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1847

(From OE-Core rev: 3962b76185194fa56be7f1689204a1188ea44737)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

subversion: fix for Security Advisory CVE-2013-1845

The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before
1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to
cause a denial of service (memory consumption) by (1) setting or (2)
deleting a large number of properties for a file or directory.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1845

(From OE-Core rev: 432666b84b80f8b0d13672aa94855369f577c56d)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

subversion: fix for Security Advisory CVE-2013-4131

The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through
1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause
a denial of service (assertion failure or out-of-bounds read) via a
certain (1) COPY, (2) DELETE, or (3) MOVE request against a revision
root.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4131

(From OE-Core rev: ce41ed3ca5b6ef06c02c5ca65f285e5ee8c04e7f)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

subversion: fix for Security Advisory CVE-2013-4505

The is_this_legal function in mod_dontdothat for Apache Subversion 1.4.0
through 1.7.13 and 1.8.0 through 1.8.4 allows remote attackers to bypass
intended access restrictions and possibly cause a denial of service
(resource consumption) via a relative URL in a REPORT request.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4505

(From OE-Core rev: 02314673619f44e5838ddb65bbe22f9342ee6167)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

subversion: fix for Security Advisory CVE-2013-1849

Reject operations on getcontentlength and getcontenttype properties
if the resource is an activity.

(From OE-Core rev: 94e8b503e8a5ae476037d4aa86f8e27d4a8c23ea)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

screen: fix for Security Advisory CVE-2009-1215

Race condition in GNU screen 4.0.3 allows local users to create or
overwrite arbitrary files via a symlink attack on the
/tmp/screen-exchange temporary file.

(From OE-Core rev: be8693bf151987f59c9622b8fd8b659ee203cefc)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Screen: fix for Security Advisory CVE-2009-1214

GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with
world-readable permissions, which might allow local users to obtain
sensitive session information.

(From OE-Core rev: 25a212d0154906e7a05075d015dbc1cfdfabb73a)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>