Dizzy is missing several CVE's and upgrading to a later version within the same
series seems reasonable since most changes are bugfixes or Security releated.
if you are ok with this approach, please Ack and I will stage this with the next series of updates I am working on.
- armin
18-Dec-2014
Core:
Upgraded crypt_blowfish to version 1.3.
Fixed bug #68545 (NULL pointer dereference in unserialize.c).
Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142)
Mcrypt:
Fixed possible read after end of buffer and use after free.
13 Nov 2014
Core:
Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
Fileinfo:
Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers). (CVE-2014-3710)
GMP:
Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
PDO_pgsql:
Fixed bug #66584 (Segmentation fault on statement deallocation).
16 Oct 2014
Fileinfo:
Fixed bug #66242 (libmagic: don't assume char is signed).
Core:
Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)). (CVE-2014-3669)
cURL:
Fixed bug #68089 (NULL byte injection - cURL lib).
EXIF:
Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
OpenSSL:
Reverted fixes for bug #41631, due to regressions.
XMLRPC:
Fixed bug #68027 (Global buffer overflow in mkgmtime() function). (CVE-2014-3668)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
One patch was a backport and can be dropped, add Upstream-status to the others.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
There's only one version of the recipe in the repo and the split makes it harder to debug and fix problems.
Also fix target overrides and style issues.
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
luajit as well as acpitests build system has mind of its own and does not
respect CC and friends in makefiles so we have to inject
the CFLAGS via EXTRA_OEMAKE, some of ABI defining params
e.g. float-abi selection is mentioned in TUNE_CCARGS and
not in TOOLCHAIN_OPTIONS. This causes build to go for softfloat
build and that is not what we want.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This decouples meta-oe dependencies on meta-gnome, right now
we have to use meta-gnome as dependent layer
ERROR: Nothing PROVIDES 'libbonoboui' (but
meta-openembedded/meta-oe/recipes-devtools/glade/glade3_3.8.2.bb
DEPENDS on or otherwise requires it)
ERROR: Required build target 'glade3' has no buildable providers.
Missing or unbuildable dependency chain was: ['glade3', 'libbonoboui']
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The configure script has mistakenly choose to enable iconv support,
due host to provide it, adding '/usr/lib' to the linking flags and
failing as:
,----[ Linking error while testing 'fork' support ]
| conftest.c:268: warning: conflicting types for built-in function 'fork'
| .../build/tmp/sysroots/x86_64-linux/usr/lib/libxml2.so:
| undefined reference to `gzopen64@ZLIB_1.2.3.3'
| collect2: ld returned 1 exit status
`----
This patch disables iconv support for native builds fixing the error.
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Fix KERNEL_DIR vs. KERNEL_INC properly, drop not needed Makefile patch
* Pass CC and KERNEL_CC to preserve the necessary system flags
* Tons of other fixes and new testcases
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
cgdb is a lightweight ncurses-based interface to gdb that provides
syntax highlighting, visual breakpoints, and other features.
Signed-off-by: Ben Shelton <ben.shelton@ni.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Update the mercurial version to 3.0.1.
Update the checksums.
Remove the PR per current best-practice.
This resolves an issue with Mercurial 1.9 where fetching from behind a
proxy breaks with a python stack trace. The current python
httpconnection class no longer has the port setter method.
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
./configure checks for libbonoboui and libgnomeui.
Add a PACKAGECONFIG for it, enabled by default.
Signed-off-by: Jacob Kroon <jacob.kroon@mikrodidakt.se>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* Move recipes from meta-openembedded/meta-oe that are not
depended upon by recipes already in meta-oe (e.g. gateone,
anki)
* Recipes NOT moved:
python-futures
python-pyopenssl
python-simplejson
python-tornado
python-pyqt
python-sip
Signed-off-by: Tim Orling <TicoTimo@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
memstat is a small proc-based utility designed to help the
system administrator figure out what's consuming memory.
Like ps, it lists all the processes, and how much private
memory each is using. Unlike ps, it also lists all the shared
objects (shared libraries and executables) that are in memory,
and which processes are using those shared objects.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Fixed SRC_URI:
* ${PN} -> ${BPN}, use ${BP} if it was ${PN}-${PV}
* ${P} -> ${BP}
Otherwise we would meet do_fetch errors when we do the multilib, native
or nativesdk build.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* we have lua-5.2 in "lua" recipe and lua-5.1 in "lua5.1", but these
aren't completely separate in sysroot:
WARNING: The recipe lua is trying to install files into a shared area when those files already exist. Those files and their manifest location are:
/OE/build/oe-core/tmp-eglibc/sysroots/qemux86/usr/include/lauxlib.h
Matched in manifest-qemux86-lua5.1.populate_sysroot
/OE/build/oe-core/tmp-eglibc/sysroots/qemux86/usr/include/lua.h
Matched in manifest-qemux86-lua5.1.populate_sysroot
/OE/build/oe-core/tmp-eglibc/sysroots/qemux86/usr/include/lua.hpp
Matched in manifest-qemux86-lua5.1.populate_sysroot
/OE/build/oe-core/tmp-eglibc/sysroots/qemux86/usr/include/luaconf.h
Matched in manifest-qemux86-lua5.1.populate_sysroot
/OE/build/oe-core/tmp-eglibc/sysroots/qemux86/usr/include/lualib.h
Matched in manifest-qemux86-lua5.1.populate_sysroot
/OE/build/oe-core/tmp-eglibc/sysroots/qemux86/usr/lib/liblua.a
Matched in manifest-qemux86-lua5.1.populate_sysroot
Please verify which package should provide the above files.
Causing some undeterministic behavior.
* keep only 5.2 in "lua"
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* These recipes all use pkg-config in some way but were missing
dependencies on the tool, this patch adds them.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Swig is used to generate C source and it has trouble processing opensslconf.h
sometimes. So, we help it out when multilib variants exist.
For native builds, the variant header will never exist.
Specific multi-lib header files might be named *-32.h or *-n32.h, so we check
for both names. We also might check for *-n64.h although that will never exist.
It appears that *-o??.h will never exist, so we don't check for that.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Chong Lu <Chong.Lu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* http://luajit.org/changes.html says:
This release has the new PS4 port and various important bugfixes over
2.0.2 - an update is recommended.
* add native support (used by efl-native)
* drop lua dependency, it doesn't need lua to be built before luajit
* LIC_FILES_CHKSUM change is only from copyright year update
< Copyright (C) 2005-2013 Mike Pall. All rights reserved.
---
> Copyright (C) 2005-2014 Mike Pall. All rights reserved.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
nodejs should use python from python-native package. On some hosts, the
default python is missing bz2 support.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The autogen.sh script needs to be run in and from the source
directory. The configuration step can still be run from
out-of-tree.
Signed-off-by: Ash Charles <ashcharles@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Changes:
- add PACKAGECONFIG "xft" enables XFontConfig features
- add PACKAGECONFIG "xss" enables XScreenSaver extension
- use ${BPN} and ${PV}
- use ${VER} intermediate variable for readability
- fulfill LIC_FILES_CHKSUM
- remove BINCONFIG_GLOB: inherit binconfig is not present, lib/tkConfig.sh paths are valid
- add SSTATE_SCAN_FILES, like it is done in tcl recipe (OE-Core)
Note: tcl and tk are sharing the same licence, tcl licence file in commited in OE-Core.
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The old license file, COPYING has been renamed to LICENSE. It has also been
appended with the the disclaimer from src/common/convert_UTF.h (see r1285).
Signed-off-by: Anders Darander <anders@chargestorm.se>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Armin Kuster
Andreas Müller
Koen Kooi
Fathi Boudra
Denys Dmytriyenko
Khem Raj
Otavio Salvador
Ben Shelton
Robert P. J. Day
Martin Jansa
Matthieu CRAPET
Darren Hart
Jacob Kroon
Richard Purdie
Ting Liu
Tim Orling
Jackie Huang
Robert Yang
Chong.Lu@windriver.com
Amy Fong
Ash Charles
Anders Darander