meta-tizen: first commit

Change-Id: Iab079591ad1df187e9ccab8b4cb882894bcce467
(From meta-tizen rev: df785cb304e2bbc08076cf6fe2e58036f2277917)

Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-openembedded: update to latest rev from "dizzy" branch

We cannot match tizen-distro 0.9 for the meta-openembedded
component because 0.9 incorrectly included revision f2833950
from the master branch.

ntp: fix several security issues

* CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, and CVE-2014-9296.
  For more details please see:
  https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01A

(From meta-openembedded rev: 200f6cafc878d4c26871fc56d21ecc8eaa9aa61b)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

mplayer2: cleanup empty directories

The mplayer "make install" phase leaves an empty
/usr/lib directory seemingly regardless of the setting
of libdir.  Remove it to avoid a packaging warning.

(From meta-openembedded rev: f9f2548e1833de07716c450312810e45d1377f11)

Signed-off-by: Drew Moseley <drew_moseley@mentor.com>
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

mplayer2: use autotools-brokensep (B = S)

The mplayer2 package does not support out of tree builds
and the do_configure step also tries to find the configure
script in the same build directory while the script lies in
the src directory.
This patch updates the builddir to point to the srcdir in
order to cope with the above issues.

(From meta-openembedded rev: c9b69b16dbdfc9ddc6253498329b78220c3e1634)

Signed-off-by: Drew Moseley <drew_moseley@mentor.com>
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

PNBLACKLIST: use weak assignments

* this makes it easier to unblacklist it from local.conf which
  is parsed before the recipes

(From meta-openembedded rev: 4bf3c443a56749f332913d3435f1850ab8207a8e)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

rfkill: fix the SRC_URI

It has been changed to:
http://www.kernel.org/pub/software/network/rfkill/

(From meta-openembedded rev: 80c4c5c4ae30716dd2b4e05651ab5536e528f2c8)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

enca: fix broken automake

The added patch fixes the usage of AM_ICONV macro and
comes straight from the Buildroot source tree.

(From meta-openembedded rev: ca118b8054149441e6c956891e59126f2da195e8)

Signed-off-by: Drew Moseley <drew_moseley@mentor.com>
Signed-off-by: Awais Belal <awais_belal@mentor.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

obex-data-server: conflict with bluez5

Although this package builds with bluez5, it was removed from Fedora 20
[1] and is not used in bluez5-based GNOME [2], suggesting the bluez5
obexd is to be used instead.

[1] http://pkgs.fedoraproject.org/cgit/obex-data-server.git/log/?h=f20
[2] http://www.hadess.net/2013/11/bluetooth-file-sharing-obexpush-in.html

(From meta-openembedded rev: 551b484a7dd8621f45b3cef7acccf1cf64781ac9)

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

obexd: conflict with bluez5

obexd was integrated into bluez5 and is no longer a separate package.

(From meta-openembedded rev: 06090d792d817261bee3ce453f73d8875e5c7fdb)

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libhugetlbfs: Fix page size & text offset for arm arches

Fixed computation of page size and text segment offset for various arm
architectures - including both LE and BE variants of armv7 as well as
aarch64

Upstream Status: Accepted at libhugetlbfs project

(From meta-openembedded rev: 8d8b0f1cc843e6df6f44d16360d712a7a44d17d7)

Signed-off-by: Gary S. Robertson <gary.robertson@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libhugetlbfs: Make cross-devel recognize all ix86 arches

In a non-native cross-development scenario, the Makefile
only recognized i386 or x86_64 PC architectures.
Extended this to also recognize i486, i586, and i686

Upstream Status: Accepted but not yet applied by libhugetlbfs project

(From meta-openembedded rev: 2b524c31f7b1750e7976284b099f24c9c196c876)

Signed-off-by: Gary S. Robertson <gary.robertson@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-gnome: fix typo of directory name

Fix typo of directory name 'recipe-devtools' in meta-gnome. It should
recipes-devtools.

(From meta-openembedded rev: 1b01b3c6288df09160f0a8d28c0ab56d4eb17be1)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libnet-ssleay-perl: avoid host contamination

Check the configure log, libnet-ssleay-perl uses host's openssl:

*** Found OpenSSL-1.0.1 installed in /usr

Export OPENSSL_PREFIX to find the native openssl to use.

Replace library pathes '/lib', '/usr/lib' and header path with correct
staging pathes at same time.

(From meta-openembedded rev: 3cac29682c1b0a7aa51ebb26fd87d4747292d2d4)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libcanberra: fix installed-vs-shipped warning

When build libcanberra for powerpc64 bsp, it shows warning:

WARNING: QA Issue: libcanberra: Files/directories were installed but not shipped
  /lib
  /lib/systemd
  /lib/systemd/system
  /lib/systemd/system/canberra-system-shutdown.service
  /lib/systemd/system/canberra-system-shutdown-reboot.service
  /lib/systemd/system/canberra-system-bootup.service [installed-vs-shipped]

Update FILES_${PN}-systemd to fix it.

(From meta-openembedded rev: 7c58d49071052b1acb6128024029d0279cade876)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

xserver-common: disable TCP connections

For security reasons disable TCP connections to the xserver.

(From meta-openembedded rev: 988092c0c21b8a016932a6f787b1ac966645c344)

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

sethdlc: fix host contamination

* Clean INCLUDES to fix the host contamination errors:

  In file included from /usr/src/linux/include/linux/posix_types.h:47:0,
  from /usr/src/linux/include/linux/types.h:17,
  from /usr/src/linux/include/linux/if.h:22,
  from sethdlc.c:23:
  /usr/src/linux/include/asm-generic/posix_types.h:91:3: \
    error: conflicting types for '__kernel_fsid_t'
  } __kernel_fsid_t;
  ^
  .../tmp/sysroots/qemumips/usr/include/asm/posix_types.h:26:3: \
    note: previous declaration of '__kernel_fsid_t' was here
  } __kernel_fsid_t;
  ^

* Correct LIC_FILES_CHKSUM to checkout license infos from sethdl.c
  instead of Makefile.

(From meta-openembedded rev: 1721c79c955a70c51d71516a9fd379ac4ab01dee)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

iotop: Drop python-distutils from RDEPENDS

* nothing in iotop is using that for normal function

(From meta-openembedded rev: 6db21347aab2dccd6f205aa6f60b273f70c8e331)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

lvm2: add lvm.con to CONFFILES

* Files will be over written when updating using rpm.

* If there is no %config micro before the file in the spec file,
  this file will be over-written after updating this package
  using rpm. This will make our settings lost.

(From meta-openembedded rev: c46d487b35f71ff4a9ecbc02ab17fde4ddd0a506)

Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

hostapd: several fixes for init script

* restart: The stop may delay a few seconds according to different wireless
  devices, on debian/ubuntu, the init script directly sleep 8 seconds
  to wait the stop complete, here we add a delay function (sleep in a loop)
  to ensure the stop is completed before start.
* add status command.
* add --oknodo for stop so it will not break restart if there is no
  running process.

(From meta-openembedded rev: ad4734201b02f7acec08ad4571571e125d05b975)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

glibmm: add perl to RDEPENDS_{PN}-dev

QA Issue: glibmm-dev requires /usr/bin/perl, but no providers in its RDEPENDS [file-rdeps]

(From meta-openembedded rev: eaf285dc302e5fce489b63c918bc085cf370fb5a)

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

rrdtool: add missing dependency on groff-native

rrdtool needs groff-native to format the documentation.

(From meta-openembedded rev: 29d4fc8895056ecc24195b8136b6cf464987c80d)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

rrdtool: inherit cpan-base to help build perl modules

It's incorrect to use -I for nativeperl to specify @INC/#include
directory to target build perl, which cause error like:
| temp/do_configure/run.do_configure.20749: line 112: 20256 Illegal instruction (core dumped)
| perl -I/path/to/tmp/sysroots/intel-haswell-64/usr/lib64/perl/$perl_version Makefile.PL

Inherit cpan-base and set related env vars to fix this and
avoid using sed to hack Makefile when build perl modules.

(From meta-openembedded rev: a88ed1d7a836b21c5af7320f95d72249e3ca2fcc)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

dfu-util: Point to gitorious.org repository as gnumonks.org is down

(From meta-openembedded rev: 4534f363651b332e611f1f3cd170e0e9379cfb52)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Chris Morgan <chmorgan@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

samba: fix error messages when startup samba service

This solves the following error messages when startup samba:

  Unable to open new log file '/var/log/samba/log.smbd': No such file or directory

(From meta-openembedded rev: e324dd37cfc2f89eb9d392dac700416cd281db2c)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

samba: add winbind.service to winbind package

This solves the following warning:

lib32-samba-3.6.24: lib32-samba: Files/directories were installed but not shipped
  /lib/systemd/system/winbind.service [installed-vs-shipped]

(From meta-openembedded rev: 80f3a32d734bab595ee88ef5aed718b4dc0b0c3c)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postfix.inc: Remove references to buildmachine paths in target makedefs.out

Fixed the buildpaths QA issue:
ERROR: QA Issue: File
/work/core2-64-wrs-linux/postfix/2.11.1-r0/packages-split/postfix/etc/postfix/makedefs.out
in package contained reference to tmpdir [buildpaths]

(From meta-openembedded rev: bbb3ee05cb1aedd820f38424c339cda4e43e5977)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

polarssl: add dependency openssl

polarssl compiles with openssl to build unit test cases. If openssl
doesn't exist, native libssl.so will be used. Then causes error:

| .../bitbake_build/tmp/sysroots/x86_64-linux/usr/lib/libssl.so: error adding symbols: File in wrong format

Add dependency openssl for polarssl to fix it.

(From meta-openembedded rev: 3d563139b0ff4c29ecfdd6bb026fc1e84167b03d)

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

imagemagick: update URI to allow fetching current and previous releases

The only version available at the original URI is patch 9.  All releases
are available at the /releases sub-path.

(From meta-openembedded rev: 82ce460437189e773308d3d81667938df0207d5a)

Signed-off-by: Peter A. Bigot <pab@pabigot.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

krb5: fix CVE-2014-5351

The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c
in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a
response to a -randkey -keepold request, which allows remote authentic-
ated users to forge tickets by leveraging administrative access.

This back-ported patch fixes CVE-2014-5351.

(From meta-openembedded rev: 510b7a9d8d5dda07120df5866507742a626478c1)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wireshark: update to 1.12.2

The following vulnerabilities have been fixed.
* wnpa-sec-2014-20
  SigComp UDVM buffer overflow. (Bug 10662)
  CVE-2014-8710
* wnpa-sec-2014-21
  AMQP crash. (Bug 10582)
  CVE-2014-8711
* wnpa-sec-2014-22
  NCP crashes. (Bug 10552, Bug 10628)
  CVE-2014-8712, CVE-2014-8713
* wnpa-sec-2014-23
  TN5250 infinite loops. (Bug 10596)
  CVE-2014-8714

Reference:
https://www.wireshark.org/docs/relnotes/wireshark-1.12.2.html

(From meta-openembedded rev: f6faa7b431368e277849916ab0c692ab829e8138)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

syslog-ng: Fix memory leak when udp connection is used [ LIN7-1379 ]

When udp connection is used, there are several memory leaks happen
after run a long time.

(From meta-openembedded rev: ac82cbf88da083cfb717628e30faab3c0cc3a0c7)

Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

gvfs: replace deprecated g_memmove by memmove

* g_memmove was deprecated ib glib-2.0 2.40
* opening a remote connection created by gigolo with thunar failed with:
  | thunar: symbol lookup error: /usr/lib/modules/libgvfsdbus.so: undefined symbol: g_memmove
* further tests showed that browsing in windows networks is fixed now

(From meta-openembedded rev: e927c88d6f83c30eec9ad973a0dbcd05f01b5a69)

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

xfce4-weather-plugin: make work properly after met.no API change

see [1] for more information

https://bugzilla.xfce.org/show_bug.cgi?id=10916

(From meta-openembedded rev: 26a6160c49294ceba130d221e14c8f1fc5c429ad)

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

libyaml: add fix for CVE-2014-2525 Security Advisory

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function
in LibYAML before 0.1.6 allows context-dependent attackers to execute
arbitrary code via a long sequence of percent-encoded characters in a
URI in a YAML file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2525

(From meta-openembedded rev: f58ee5acdd436f822c42bed063a319f926854f7d)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0065 and CVE-2014-0066 Security Advisory

Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit.  We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a
security issue.  Nonetheless it seems prudent to forestall any risk by
using strlcpy() and similar functions.

Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.

In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass.  The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode").  This ideally should've been a separate commit, but since
it touches code adjacent to one of the buffer overrun changes, I
included it in this commit to avoid last-minute merge issues.  This
issue was reported by Honza Horak.

Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066

(From meta-openembedded rev: 21adba175d21e0ae554c258d5d3d084fff355ad5)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0067 Security Advisory

The make check command for the test suites in PostgreSQL 9.3.3 and
earlier does not properly invoke initdb to specify the authentication
requirements for a database cluster to be used for the tests, which
allows local users to gain privileges by leveraging access to this
cluster.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067

(From meta-openembedded rev: 8a118e3db53730626b64f6bf7cd568f77e449a7d)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0063 Security Advisory

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x
before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before
9.3.3 allow remote authenticated users to cause a denial of service
(crash) or possibly execute arbitrary code via vectors related to an
incorrect MAXDATELEN constant and datetime values involving (1)
intervals, (2) timestamps, or (3) timezones, a different vulnerability
than CVE-2014-0065.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063

(From meta-openembedded rev: b675ed0eaca83e74ff62d0bf86f7003470999240)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0062 Security Advisory

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE
commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before
9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote
authenticated users to create an unauthorized index or read portions of
unauthorized tables by creating or deleting a table with the same name
during the timing window.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062

(From meta-openembedded rev: e569c274230e1bc304f137b2dcad7822b709a140)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0061 Security Advisory

The validator functions for the procedural languages (PLs) in PostgreSQL
before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before
9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain
privileges via a function that is (1) defined in another language or (2)
not allowed to be directly called by the user due to permissions.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061

(From meta-openembedded rev: 9cc023acd7846171644502ac03a64cdd60b45c20)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0060 Security Advisory

PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12,
9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the
ADMIN OPTION restriction, which allows remote authenticated members of a
role to add or remove arbitrary users to that role by calling the SET
ROLE command before the associated GRANT command.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060

(From meta-openembedded rev: 08398ec33330425ad8a1706d92e0eb5055afbb81)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

postgresql: add fix for CVE-2014-0064 Security Advisory

Multiple integer overflows in the path_in and other unspecified
functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before
9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote
authenticated users to have unspecified impact and attack vectors, which
trigger a buffer overflow. NOTE: this identifier has been SPLIT due to
different affected versions; use CVE-2014-2669 for the hstore vector.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064

(From meta-openembedded rev: 62d029bbec465ba54c5e2056dd4ab66d47230489)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

net-snmp: fix for Security Advisory - CVE-2014-3565

snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used,
allows remote attackers to cause a denial of service (snmptrapd crash) via
a crafted SNMP trap message, which triggers a conversion to the variable
type designated in the MIB file, as demonstrated by a NULL type in an ifMtu
trap message.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3565

(From meta-openembedded rev: 2b6d61791f6a3db9367a81acdc58486a1369f38b)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

phpmyadmin: fix for Security Advisory CVE-2014-5274

Cross-site scripting (XSS) vulnerability in the view operations page in
phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote
authenticated users to inject arbitrary web script or HTML via a crafted
view name, related to js/functions.js.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274

(From meta-openembedded rev: 9167cec3d6f2ae63b3a407d70eb5137c19b993a7)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

phpmyadmin: fix for Security Advisory CVE-2014-5273

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow
remote authenticated users to inject arbitrary web script or HTML via the
(1) browse table page, related to js/sql.js; (2) ENUM editor page, related
to js/functions.js; (3) monitor page, related to js/server_status_monitor.js;
(4) query charts page, related to js/tbl_chart.js; or (5) table relations
page, related to libraries/tbl_relation.lib.php.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273

(From meta-openembedded rev: 59b1d88761ed98a2bd6a4ab4a68962773a473463)

Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

openvpn: bypass check for /sbin/ip on the host

In the commit 'openvpn: use default iproute2 path', the configure flag
to explicitly set the iproute2 path was removed, since busybox now
provides the 'ip' applet at the default path.  However, setting this
flag is necessary to bypass the configure-time check for /sbin/ip on the
host, which will otherwise fail if iproute2 is not installed on the
host.  Add back the flag (pointing to the correct path), and add a
comment to describe why this is necessary.

(From meta-openembedded rev: 71fa1879f486f8ffb0be03744e8d27e9eaa5d693)

Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

openvpn: bypass check for /sbin/ip on the host

In the commit 'openvpn: use default iproute2 path', the configure flag
to explicitly set the iproute2 path was removed, since busybox now
provides the 'ip' applet at the default path.  However, setting this
flag is necessary to bypass the configure-time check for /sbin/ip on the
host, which will otherwise fail if iproute2 is not installed on the
host.  Add back the flag (pointing to the correct path), and add a
comment to describe why this is necessary.

(From meta-openembedded rev: 9efaed99125b1c4324663d9a1b2d3319c74e7278)

Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

update maintainer info in README's for dizzy

* This is the first time meta-python is being taged with a release

Acked-by: Otavio Salvador <otavio@ossystems.com.br>
(From meta-openembedded rev: 3f7b49d039a169be88236e1b3e4bca25c6814284)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

openembedded-core: update to revision used in tizen-distro 0.9

First ran "combo-layer update meta-openembedded-core", then dropped
patches not included yet in tizen-distro 0.9.

buildtools-tarball: package all of Python

Instead of cherry-picking pieces of Python to put into the buildtools tarball,
ship all of it.  We can't predict what bits of Python will be needed in the
future.

(From OE-Core rev: 1cf1edcd28a002291622d04dd2d0ee2c67e329e4)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

babeltrace: Backport fix for unaligned integer

[YOCTO #6464]

(From OE-Core rev: 7c04085a0b5f978d7fd07f83b0799abbeb3b7052)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

xkeyboard-config: Inherit gettext

In a GPLv3-free build we have two different versions of gettext in sysroot due
to GPLv3 restrictions. In this case we need gettext-native too so we can have
the needed macros and avoid errors like:
"error: possibly undefined macro: AM_GNU_GETTEXT"

The needed dependency is added by gettext class which is prefered because it
takes care of NLS flags too.

(From OE-Core rev: 23d8a4d64e9ff126d6460a69e6d086b1c86e87a9)

(From OE-Core rev: 1975981e7777748c2b45b16e47ec704a9c37b56b)

Signed-off-by: Andrei Gherzan <andrei.gherzan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

package_manager: DpkgPM fix populate_sdk

DpkgPM change all_arch_list variable set from PACKAGE_ARCHS to passed
archs variable because is different when is executed from rootfs.py
and sdk.py.

Credits to: Ricardo Ribalda <ricardo.ribalda@gmail.com>

(From OE-Core rev: f6fb8c16f49fd9a2b124ad55f5c4fed82d7e6dca)

(From OE-Core rev: d9612ac36d59eb9e800f06339965d66f27c66ae0)

Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

python: Fix CVE-2014-7185

Integer overflow in bufferobject.c in Python before 2.7.8 allows
context-dependent attackers to obtain sensitive information from
process memory via a large size and offset in a "buffer" function.

This back-ported patch fixes CVE-2014-7185

(From OE-Core rev: 49ceed974e39ab8ac4be410e5caa5e1ef7a646d9)

(From OE-Core rev: 3dd696e03e66fa98b58a17b7f34ffe4002ddc9c6)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Conflicts:
meta/recipes-devtools/python/python_2.7.3.bb

hand merged bb file since I did not take previous patch.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

shadow-securetty: add ttyAM[0-3] serial ports

Old version of the ARM AMBA serial port driver creates those device nodes.

(From OE-Core rev: fa17b9ea435f5c49e3bea56524152b21d915d464)

(From OE-Core rev: 0956df1596f899337afb3551db01a59bf1c38856)

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wic: Update bootimg-partition to use bootimg_dir

Update bootimg-partition to use bootimg_dir instead of img_deploy_dir,
to match similar usage in other plugins.

As mentioned elsewhere, plugins should use the passed-in value for
bootimg_dir directly if non-null, which corresponds to a user-assigned
value specified via a -b command-line param, and only fetch the value
from bitbake if that value is null.

(From OE-Core rev: 3822f8a7b33da56ecd9144b4bcae50734fb1af81)

(From OE-Core rev: f22bd26627595e3719d3b1f9e3d487d5011c9c42)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wic: Remove special-case bootimg_dir

The first iterations of wic very shortsightedly catered to two
specific use-cases and added special-purpose params for those cases so
that they could be directly given their corresponding boot artifacts.
(hdddir and staging_data_dir).

As more use-cases are added, it becomes rather obvious that such a
scheme doens't scale, and additionally causes confusion for plugin
writers.

This removes those special cases and states explicitly in the help
text that plugins are responsible for locating their own boot
artifacts.

(From OE-Core rev: 6ba3eb5ff7c47aee6b3419fb3a348a634fe74ac9)

(From OE-Core rev: e7ecb139a215484422652ef35de8282acbf18ed2)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

Revert "wic: set bootimg_dir when using image-name artifacts"

This reverts commit 7ce1dc13f91df70e8a2f420e7c3eba51cbc4bd48.

This patch broke the assumption that a non-null boot_dir means a
user-assigned (-b command-line param) value.

Reverting doesn't break anything, since the case it was added for
doesn't use the boot_dir for anything except debugging anyhow.

Fixes [YOCTO #6290]

(From OE-Core rev: db90f10bf31dec8d7d7bb2d3680d50e133662850)

(From OE-Core rev: 36c93423ee272c4d4aafeb50f83734fd4bb3bb29)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wic: Update the help text to include -D (--debug)

The --debug option is missing from the wic help text; this adds it and
at the same time rearranges the usage into a more logical arrangement.

(From OE-Core rev: cf5144ef241d8f4ccaa3461ae5c9f89c2cf2f8d1)

(From OE-Core rev: e7f18c43f1b368b71acdc507e1a9035179d7e53f)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

wic: Don't allow mkfs to fail silently in partition command

The return code from the mkfs command used by the partition creation
command was being ignored, allowing it to silently fail and leaving
users mystified as to why the resulting filesystem was corrupted.

This became obvious when failures occurred when creating large
e.g. sdk filesystems [YOCTO #6863].

(From OE-Core rev: 8cef3b06f7e9f9d922673f430ddb3170d2fac000)

(From OE-Core rev: ac7b2eb0a35613d030eeef0b8df0d69ae0935b43)

Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

nss: CVE-2014-1568

the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1568
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
nss ng log:
=====
changeset:   11252:ad411fb64046
user:        Kai Engert <kaie@kuix.de>
date:        Tue Sep 23 19:28:34 2014 +0200
summary:     Fix bug 1064636, patch part 2, r=rrelyea
=====
changeset:   11253:4e90910ad2f9
user:        Kai Engert <kaie@kuix.de>
date:        Tue Sep 23 19:28:45 2014 +0200
summary:     Fix bug    1064636, patch part 3, r=rrelyea
=====
changeset:   11254:fb7208e91ae8
user:        Kai Engert <kaie@kuix.de>
date:        Tue Sep 23 19:28:52 2014 +0200
summary:     Fix bug    1064636, patch part 1, r=rrelyea
=====
changeset:   11255:8dd6c6ac977d
user:        Kai Engert <kaie@kuix.de>
date:        Tue Sep 23 19:39:40 2014 +0200
summary:     Bug 1064636, follow up commit to fix Windows build bustage

(From OE-Core rev: 0ed9070619f959b802dcc4ee8399d252d0349583)

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

curl: Fixup line ending merge issues

Somehow the patch line endings got messed up during merge. This restores
the delta.

(From OE-Core rev: 5dee4e241d64e6144d74967cca583d249689773a)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

serf: uprev to 1.3.7 for fixing CVE-2014-3504

The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) serf_-
ssl_cert_certificate functions in Serf 0.2.0 through 1.3.x before 1.3.7
does not properly handle a NUL byte in a domain name in the subject's
Common Name (CN) field of an X.509 certificate, which allows man-in-
the-middle attackers to spoof arbitrary SSL servers via a crafted
certificate issued by a legitimate Certification Authority.

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3504

(From OE-Core rev: 832aa4c5a7989636dae3068f508ab2bff8b4ab23)

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

tzdata: update to 2014j

(From OE-Core rev: 3ab9dfb703835fee21fd73c4e5cbad1c34c6a163)

(From OE-Core rev: 06ffe5637f23f6036aaf58b40f7f9a721624cd5b)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

tzcode: update to 2014j

(From OE-Core rev: 2f8940e8b2a0537f131a6d5410e85bba07a8c116)

(From OE-Core rev: 429077a21c7753dee64ea869a73309903b659f6a)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

curl: Security Advisory - curl - CVE-2014-3620

libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.

(From OE-Core rev: ddbaade8afbc9767583728bfdc220639203d6853)

(From OE-Core rev: db194a3af25a37ff2d6f091ef021894967ca5910)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

curl: Security Advisory - curl - CVE-2014-3613

By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.

(From OE-Core rev: 985ef933208da1dd1f17645613ce08e6ad27e2c1)

(From OE-Core rev: 7c4dfa64fd88066f2e0fbc917d8660f5b35e00c4)

Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

subversion: Security Advisory - subversion - CVE-2014-3528

Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3528

(From OE-Core rev: e0dc0432b13f38d16f642bdadf8ebc78b7a74806)

(From OE-Core rev: 4ff3355e4daf841c66fb78e88bf2d6e26d8f9ced)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

subversion: Security Advisory - subversion - CVE-2014-3522

The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before 1.7.18
and 1.8.x before 1.8.10 does not properly handle wildcards in the Common
Name (CN) or subjectAltName field of the X.509 certificate, which allows
man-in-the-middle attackers to spoof servers via a crafted
certificate.<a href=http://cwe.mitre.org/data/definitions/297.html
target=_blank>CWE-297: Improper Validation of Certificate with Host
Mismatch</a>

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3522

(From OE-Core rev: 06a33cd00ea11abec1ebe9d5883e44778075ccc6)

(From OE-Core rev: 529ce75be949944a6e54151cd4233703e40c6351)

Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

meta-environment: Fix config-site with a multilib config

[YOCTO #6951]

The TOOLCHAIN_CONFIGSITE_SYSROOTCACHE value was defaulting to the nativesdk
path and not the associated target path.  Set the value in toolchain-scripts
to the target path.

Be sure to set the MLPREFIX within the meta-environment script as multilibs
are processed.

Update the config_site file name to use -BPN- not PN.  Otherwise the
environment processing can't find the correct filename.

(From OE-Core rev: 26a2f98155a867a71217e52d33f761dcc60800ca)

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

readline: Patch for readline multikey dispatch issue

(From OE-Core rev: 4fc3553cfecb42c124b7cfff8e0d20ade14a3ffc)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

wget: Fix for CVE-2014-4887

(From OE-Core rev: 6815a99d6735a39f4af09726d4f514ac27801406)

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

license.bbclass: canonicalise the licenses named with 'X+'

If INCOMPATIBLE_LICENSE=GPLv3, GPLv3+ should be excluded
as well but not now since there is no SPDXLICENSEMAP for
licenses named with 'X+', we can add all the SPDXLICENSEMAP
settings for licenses named with 'X+' in licenses.conf,
but it's more like a duplication, so improve the canonical_license
function to auto map for 'X+' if SPDXLICENSEMAP for 'X' is
available, so GPLv3+ becomes GPL-3.0+.

(From OE-Core rev: 1d6dab1dbbbfbcb32e58dba3111130157ef2b24f)

(From OE-Core rev: 652008fd9dc909836819e5c6808c63643eff6db6)

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

nativesdk-cmake: Adjust toolchain paths dynamically

This patch adds a flexible way to configure the CMake in SDKs. It adds
a toolchain configuration script which supports subscripts for
extensions, as for example Qt5.

(From OE-Core rev: 484502e4e062fae1130a60626f39f5512af4c5c8)

Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

systemd: Use ${ROOT_HOME} instead of /root

systemd avoids using nss lookups for the root user, so
naturally it assumes that root's home directory is /root.
In OE that's not the case, and it can lead to long delays when
shutting down due to user shutdown unit failures.

(From OE-Core rev: e0e8a904cd287a23352e5713a93aeab3933e4563)

Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

bitbake: update to revision used in tizen-distro 0.9

First ran "combo-layer update meta-bitbake", then dropped
one patch not included yet in tizen-distro 0.9.

bitbake: progressbar: use '/usr/bin/env' in shebangs with python

To support yocto on systems with python3 as default version, scripts
should use /usr/bin/env python in the shebang, as this allows the use of
a fake env to mimic python2 as default version.

This patch simply replaces occurrences of #!/usr/bin/python with
 #!/usr/bin/env python and was done with this oneliner:

     git grep -lE '^#!/usr/bin/python' | xargs \
         sed -i 's|/usr/bin/python|/usr/bin/env python|'

(Bitbake rev: 0f9823adb7832c4ca3b2985391473aa6e8c22148)

Signed-off-by: Martin Hundebøll <martin@hundeboll.net>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: bitbake-worker: exit normally when SIGHUP

Fixed:
1) Run "bitbake recipe" in the terminal
2) Close the terminal while building
3) $ ps aux | grep bitbake-worker
There will be many processes, and they will keep the resources (e.g.,
memory), and won't exit unless kill or kill -9.

(Bitbake rev: 72536d4e0cc3379001b730950afa012f7a96a79b)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: event: fix resetting class handlers object

If you don't explicitly specify to use a global variable when doing an
assignment, you will be setting a local variable instead, which means
this function wasn't working at all. It explains some odd behaviour we
have seen in the layer index where event handlers were sometimes
bleeding into other contexts where they should not have been.

(Bitbake rev: f12c738d3dc1f0fd105d457385511440024bffab)

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: data: Handle BASH_FUNC shellshock implication

The shellshock patches changed the way bash functions are exported.
Unfortunately different distros used slightly different formats,
Fedora went with BASH_FUNC_XXX()=() { echo foo; } and Ubuntu went with
BASH_FUNC_foo%%=() {  echo foo; }.

The former causes errors in dealing with out output from emit_env,
the functions are not exported in either case any more.

This patch handles things so the functions work as expected in either
case.

[YOCTO #6880]

(Bitbake rev: 4d4baf20487271aa83bd9f1a778e4ea9af6f6681)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: runqueue: Fix 100% cpu use after keyboard interrupt

After Ctrl+C is pressed to interrupt bitbake, it loops continually, running
at 100% cpu. This patch selects on the correct file descriptors resolving
the excess cpu usage.

(Bitbake rev: dca5d82830ef2838439e5272da9dac1f28954cf1)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: buildinfohelper: Make sure we use the orm defined value for loglevel

We need to consistently use LogMessage.INFO/WARNING/ERROR to make sure toaster knows
how to categories these rather than passing in the "raw" loglevel value
which in best case comes from python logging but worst case any value.

[YOCTO 6885]

(Bitbake rev: 926235aad806232bc73e33d6dd8955dd26562e6b)

Signed-off-by: Michael Wood <michael.g.wood@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: prserv: Use WAL mode

Ideally, we want the PR service to have minimal influence from
queued disk IO. sqlite tends to be paranoid about data loss and
locks/fsync calls. There is a "WAL mode" which changes the journalling
mechanism and would appear much better suited to our use case.

This patch therefore switches the database to use WAL mode. With this
change, write overhead appears significantly reduced.

(Bitbake rev: 90b05e79764b684b20ce8454e89f05763b02ac97)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: prserv/serv: Ensure sync happens in the correct thread

The sync/commit calls are happening in the submission thread which can
race against the handler. The handler may start new transactions which
then causes the submission thread to error with "cannot start a
transaction within a transaction".

The fix is to move the calls to the correct thread.

(Bitbake rev: 08cf468ab751f4c6e4ffdab2d8e5d748f7698593)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: prserv: don't wait until exit to sync

In the commit 'prserv: Ensure data is committed', the PR server moved to
only committing transactions to the database when the PR server is
stopped.  This improves performance, but it means that if the machine
running the PR server loses power unexpectedly or if the PR server
process gets SIGKILL, the uncommitted package revision data is lost.

To fix this issue, sync the database periodically, once per 30 seconds
by default, if it has been marked as dirty.  To be safe, continue to
sync the database at exit regardless of its status.

(Bitbake rev: 973ac2cc63323ca9c3e916effa4765747db3564c)

Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: bitbake-user-manual-metadata.xml: Updated do_package_write example

Given that the "do_package_write" task doesn't exist in OE anymore,
steal another, existing example to demonstrate the "rdeptask" flag.

(Bitbake rev: d412d3680f78eebe0517e4f933d853b8973df711)

Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: bitbake-user-manual-metadata.xml: Added [eventmask] flag information.

Reported-by: Laszlo Papp <lpapp@kde.org>
(Bitbake rev: 1c7788f5c9b4f600063908fe93bfc4e5dfb3960f)

Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: bitbake-user-manual: Updated copyright to 2015.

(Bitbake rev: c2f68465dd97a8be0795384f971a3f8d05369416)

Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: siggen: Fix shared work checksum mismatch/rebuild issues

Similar to the last shared work task signature bug, we've found another
one. Looking at the improved output of diffsigs in this case:

runtaskdeps changed from [
'autoconf_2.69.bb.do_populate_sysroot:virtual:native',
'gnu-config_20120814.bb.do_populate_sysroot:virtual:native',
'libgcc-initial_4.9.bb.do_patch:virtual:nativesdk'
] to [
'autoconf_2.69.bb.do_populate_sysroot:virtual:native',
'gcc-crosssdk-initial_4.9.bb.do_patch',
'gnu-config_20120814.bb.do_populate_sysroot:virtual:native'
]

so we can get a different task hash since libgcc sorts before gnu-config
and gcc sorts after it. We could do with a way of fixing this, the best
I can come up with is to include a single parent directory. Since
recipes are never at the top of any metadata trees I've seen, this
should suffice for now.

I'm planning to burn the concept of shared work within bitbake
and do something at the metadata level in the 1.8 timeframe as its just
too fragile as things stand and hard to fix well.

(Bitbake rev: fc7ebf3835a206a5daafd4e1b73bac2549714ad3)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

bitbake: data_smart.py: fix variable splitting at _remove mechanism

If we split variables only at whitespaces, a slipped in tab will render
a value unremovable.

(Bitbake rev: 0da22ba3e930fbb060b31fc423fd3333ca8843a0)

Signed-off-by: Stefan Müller-Klieser <s.mueller-klieser@phytec.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

tizen-distro: switch to tracking Yocto 1.7 ("Dizzy")

For now, Tizen uses Yocto 1.7 as base. Therefore switch to importing the
component branches for 1.7.

This works seamlessly because the current state of the tizen-distro repo
matches the branch points of each of these branches.

meta-qt5: update to revision used in tizen-distro 0.9

First ran "combo-layer update meta-qt5", then "git reset --hard"
to the commit corresponding to the code used in tizen-distro 0.9.

qtwayland: re-enable cmake files they don't break build anymore

(From meta-qt5 rev: 8b040e58b263741ea19e1826308e22ab3cae585b)

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

qt5-opengles2-test: import from meta-webos-ports

(From meta-qt5 rev: 38ddbf8b1945c657576cba4ec4a6e5199a0b7f33)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

qt5-plugin-generic-vboxtouch: Import from meta-webos-ports

(From meta-qt5 rev: a5d4f3d649b03c60108552a0df258f4b318a0e04)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

qttools-native 5.4.0: align source checksums

(From meta-qt5 rev: 393cdf866b138c8c5a0681f3faa3d18acfb46026)

Signed-off-by: Andreas Müller <schnitzeltony@googlemail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

qtbwebengine: fix build for qemux86-64

* it was applied only for qtwebengine_5.3.2+git.bb, then removed
  completely with 5.4.0 upgrade, but it's still needed for both
  versions

(From meta-qt5 rev: 8d9a1b8b61630bc14862d4862d1340059d6f9c16)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

qtbase: add PACKAGECONFIG for cups

(From meta-qt5 rev: d5d2aa57010a6d9488c60464b622051b3e72e705)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

qtwebengine: Include resources in main package and add rdep on qmlplugins

(From meta-qt5 rev: 37e921db22689131144b453d53a8cce4a314aa48)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>

qt5-git: Update to 5.4.0+, latest revision in 5.4 branch

(From meta-qt5 rev: 77f262d7c7013b452b6eba11d329bcb94efde944)

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>