I added a link to the PRSERV_HOST variable. That variable is
now defined in the ref-manual variable glossary.
(From yocto-docs rev: 7166fe94107cd379081fd81b7351ec081aa2c6ae)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Forgot the part about the class being automatically enabled
when using the Hob.
(From yocto-docs rev: e15b52fc703f2bc4c02e2afe05de1cc4d057b685)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Previously, we were documenting the "package*" class and lumping
the "package_deb", "package_rpm", and "package_ipk" classes in
that entry. Really, we need to break out the "package" class on
its own and create entries for the sub-classes that were being
bundled in there. Additionally, we needed to document the
"package_tar" class.
(From yocto-docs rev: 608edf7eaa264d5e20c6ffb5d2a6173d38b42ebc)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On some machines, a hang has been noticed where the system sits in
the select call despite the task having completed.
The exact reasons for this as unknown but adding a timeout unblocked
the builds and resolved the hangs in question.
(Bitbake rev: 5223ffb5b6a46d8b3f6ac3362bd2672e2edf2691)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use PACKAGECONFIG to offer some flexibility to the libmatchbox configuration,
and remove two spurious build dependencies (expat and libstartup-notification).
(From OE-Core rev: 8505f0fa48cc79d51616b923c6e2c778c4b46a44)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The configure script looks for libpng12 though pkg-config and if that fails
falls back to looking for library files directly. The result of this is that
the linkage can change between libpng12 or libpng16 depending on what is
installed in the sysroot.
To resolve this, take a patch from upstream to just link using pkg-config.
(From OE-Core rev: 1f17598031059f498e8681cd09c5b0832622d3ac)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Use-after-free vulnerability in International Components for Unicode (ICU),
as used in Google Chrome before 30.0.1599.66 and other products, allows
remote attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2924
(From OE-Core rev: 36e2981687acc5b7a74f08718d4578f92af4dc8b)
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
acpid.c in acpid before 2.0.9 does not properly handle a situation in which
a process has connected to acpid.socket but is not reading any data, which
allows local users to cause a denial of service (daemon hang) via a crafted
application that performs a connect system call but no read system calls.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1159
(From OE-Core rev: e7b2b84dece29d16b8f05daf962b69e78dd64cb3)
Signed-off-by: Yue Tao <yue.tao@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
xinetd does not enforce the user and group configuration directives
for TCPMUX services, which causes these services to be run as root
and makes it easier for remote attackers to gain privileges by
leveraging another vulnerability in a service.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
the patch come from:
https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
(From OE-Core rev: c6ccb09cee54a7b9d953f58fbb8849fd7d7de6a9)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve description:
Heap-based buffer overflow in the readgifimage function in the gif2tiff
tool in libtiff 4.0.3 and earlier allows remote attackers to cause a denial
of service (crash) and possibly execute arbitrary code via a crafted height
and width values in a GIF image.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4243
(From OE-Core rev: 47388363f69bfbf5ed1816a9367627182ee10e88)
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cve description:
Use-after-free vulnerability in the t2p_readwrite_pdf_image function
in tools/tiff2pdf.c in libtiff 4.0.3 allows remote attackers to cause
a denial of service (crash) or possible execute arbitrary code via a
crafted TIFF image.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4232
(From OE-Core rev: bd4a878815e7033b1114940e2a5a16568322655b)
Signed-off-by: Baogen Shang <baogen.shang@windriver.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Heap-based buffer overflow in the tp_process_jpeg_strip function in tiff2pdf
in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of
service (crash) and possibly execute arbitrary code via a crafted TIFF image
file.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1960
(From OE-Core rev: 9db7a897d216a8293152c1a3b96c72b699d469c7)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This version includes libavresample needed for packages like xbmc.
To use this version add:
PREFERRED_VERSION_libav = "9.10".
Removed git version as being an older version of a 9.X release.
(From OE-Core rev: d142fcea02438e06338a1d1a5644667fdda59172)
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
On systems where default locale is utf-8 we get errors like
File: 'buildhistory.bbclass', lineno: 38, function: write_pkghistory
0034: if pkginfo.rconflicts:
0035: f.write("RCONFLICTS = %s\n" % pkginfo.rconflicts)
0036: f.write("PKGSIZE = %d\n" % pkginfo.size)
0037: f.write("FILES = %s\n" % pkginfo.files)
*** 0038: f.write("FILELIST = %s\n" % pkginfo.filelist)
0039:
0040: for filevar in pkginfo.filevars:
0041: filevarpath = os.path.join(pkgpath, "latest.%s" % filevar)
0042: val = pkginfo.filevars[filevar]
Exception: UnicodeEncodeError: 'ascii' codec can't encode character
u'\xed' in position 337: ordinal not in range(128)
This patch specifies decode to use utf-8 so ascii and utf-8 based
locales both work
(From OE-Core rev: 259b8718a31b886f8a158aeb5de164840c9a28b2)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ltp installs 2 different runtests_noltp.sh files from different
directories into /opt/ltp/testcases/bin/runtests_noltp.sh
last one installed wins and causes unexpected changes in
buildhistory's files-in-image.txt report, rename them to have
unique name as other ltp scripts have.
* also define PREFERRED_PROVIDER to resolve note shown when
building with meta-oe layer:
NOTE: multiple providers are available for ltp (ltp, ltp-ddt)
NOTE: consider defining a PREFERRED_PROVIDER entry to match ltp
(From OE-Core rev: ec3bb2c2203b2e8bafc1a631f623f858779e20b7)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Scott Rifenbark
Richard Purdie
Ross Burton
Yue Tao
Li Wang
Baogen Shang
Ming Liu
Andrei Gherzan
Khem Raj
Martin Jansa