Richard Purdie [Wed, 28 Sep 2016 23:39:37 +0000 (00:39 +0100)]
db: Refresh patches
The patches were failing to apply in some cases, refresh them aganst the
current source.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit eb11f60d9d87aa24e93a86f366764b1848bb5cb1) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
The SRC_URI was changed to point gentoo distfiles because now Oracle
request authorization for download the source code [1], there are no changes
in the LICENSE since version 6.0.20 when the LICENSE changes to AGPL-3
[2], also the md5sum was review to be sure that is the same.
This minor upgrade fix an issue related to multiple rpm instances querying
the database [3].
The bugfixes related are,
- Fixed a bug that may lead to a crash when opening multiple environments
in a multi-threaded program.
- Fixed a bug where closing a panic environment raised access violation
and crashed the program.
For see the complete list of changes mostly bugfixes between 6.0.30 and 6.0.35 [4].
Andre McCurdy [Fri, 16 Sep 2016 22:52:29 +0000 (15:52 -0700)]
kernel.bbclass: assign INITRAMFS_BASE_NAME using ?=
Default values for KERNEL_IMAGE_BASE_NAME and MODULE_IMAGE_BASE_NAME
are already assigned using ?= and anyone wanting to over-ride one is
likely to want to over-ride them all. Make the three consistent with
each other.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit e30c6c93bb70d17244c90c2be12229148f8f6314) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Richard Purdie [Thu, 15 Sep 2016 10:48:39 +0000 (11:48 +0100)]
openjade/sgml-common: Add sstate postrm commands
If you bump the PR of sgml-common and openjade-native but not sgml-
common-native, you will see a failure as files were removed from the
sysroot but still referenced by the sgml docbook catalog.
To properly handle this, the clean function needs to run at sstate
removal time, the problem is that this sstate removal can happen when
the metadata isn't present, so the correct removal commands are
unknown.
To avoid this, we need to write the commands into a "postrm" script
when we install the files, this can then be executed at sstate removal
time.
[YOCTO #8273]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit cdae3e76232110903d124195b036e4e70fb28aa4) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Richard Purdie [Thu, 15 Sep 2016 10:45:14 +0000 (11:45 +0100)]
sstate: Add postrm command support
There are some issues in sstate which can't be handled by file removal
alone. Currently there is no way to execute a command against sstate and
doing so is potentially problematic for things like dependencies. This
patch adds a mechanism where any "postrm" script is executed if its present
allowing some openjade/sgml issues to be resolved.
[YOCTO #8273]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2268efd0cd3ddb40870c4c424d10444ba86d2849) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
dpkg is using a script (dpkg-architecture.pl) to detect the target
architecture automatically.
Unfortunately, it is using the cross compiler prefix to do the detection
and for ARM, oe-core is using <vendor>-linux-gnueabi for toolchains with
and without call-convention hard. The script then always detects
'armel' and never gets 'armhf' for call-convention hard.
This solves:
dpkg: error processing archive evtest_1.32+0+b8343ec112-r0_armhf.deb (--install):
package architecture (armhf) does not match system (armel)
Errors were encountered while processing:
evtest_1.32+0+b8343ec112-r0_armhf.deb
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit b01a01ff47e09da4aaa2db992380ca0498f0e5ae) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
André Draszik [Thu, 21 Jul 2016 11:09:23 +0000 (12:09 +0100)]
kernel.bbclass: explicitly set workdir in do_bundle_initramfs
bitbake rev 67a7b8b02 "build: don't use $B as the default cwd for
functions" (included in current bitbake master) breaks the assumption
that do_bundle_initramfs runs inside the build directory.
This causes kernel_do_compile() as called from within
do_bundle_initramfs() to fail, as the former is not being executed
from the correct directory anymore. (Note that kernel_do_compile()
as called from bitbake directly doesn't suffer from that problem,
as it inherits the workdir from base_do_compile() in that case.)
Set workdir explicitly.
Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 4455da22a151c2ac006af63cbd39779b21b12580) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Reintroduce the use of cross-libtool when building the target package
this fails otherwise with clang
| ./libtool --mode=execute true db_printlog
| /usr/lib/libstdc++.so: file not recognized: File format not recognized
| clang-3.9: error: linker command failed with exit code 1 (use -v to see invocation)
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit f9fab69a15a71f541f93fb38319de03ad07b1bf5) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Ed Bartosh [Mon, 11 Jul 2016 09:43:09 +0000 (12:43 +0300)]
sstate.bbclass: make PV to depend on PV variable value
Currently PV is defined in meta/conf/bitbake.conf as a python
expression: "${@bb.parse.BBHandler.vars_from_file(d.getVar('FILE',
False),d)[1] or '1.0'}". As FILE is whitelisted it causes PV to
not depend on it. This causes sstate code to not detect that
PV changes when recipe filename changes.
Making PV to explicitly depend on PV variable value overrides default
behaviour. Instead of depending on python expression bitbake depends
on evaluated value of PV variable, which should fix the above
mentioned issue.
[YOCTO #9806]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 918646ca803d56004fb0ab7c21e86cc9cb14513d) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Ross Burton [Tue, 23 Feb 2016 14:05:35 +0000 (14:05 +0000)]
db: use S/B more idiomatically
Instead of setting S to a directory inside the tarball and B to another
directory inside the tarball, use the default value of S and set
AUTOTOOLS_SCRIPT_PATH to the right path to find configure. Update the patches
so they still apply, and clean up the recipe slightly.
Because something is not quite right regarding quilt and patching, add a PR bump
to the recipes to ensure that a clean work directory is used: for some reason
rebuilds will rarely fail to patch correctly.
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit dcbef72b8344c22617d65ea1e9f0fa7ad9a742bd) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
André Draszik [Fri, 24 Jun 2016 13:40:08 +0000 (14:40 +0100)]
classes/kernel: fix symlink logic when bundling initramfs images
If linkpath points to the a file in KERNEL_OUTPUT_DIR, rather than
outside, then symlink creation for the bundled initramfs image files
fails.
This is because in that case $linkpath.initramfs and $realpath.initramfs
are in the same directory, KERNEL_OUTPUT_DIR, and hence are the same.
Since we just created $realpath.initramfs, creating a symlink with the
same name will fail.
Given that $linkpath is not necessarily the same as the kernel image type,
just removing this symlink creation is not the right thing to do, as
in that case kernel_do_deploy() wouldn't find the bundled file.
What we really want is a symlink from the name of the initramfs-bundled
kernel image type to the real initramfs-bundled kernel image, as that is
what is actually used later in do_deploy().
This brings the code path for when $KERNEL_OUTPUT_DIR/$type is a symlink
in line with when it is not.
Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 7585ebbbe4e95870ab7475737ed5b94255351c72) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
André Draszik [Fri, 24 Jun 2016 10:42:32 +0000 (11:42 +0100)]
classes/kernel: fix symlink creation in DEPLOYDIR for bundled initramfs
If multiple kernel image types have been specified, only the very first
one would receive a symlink in DEPLOYDIR.
The reason is that we're looping over the list of image types and check
if a bundled initramfs images exists using a relative path. As part of
the loop we're changing the current directory, hence all additional
iterations fail to see the files we're looking for, and hence no symlinks
are being created.
Fix by not changing the directory and adjusting the ln invocation instead.
Signed-off-by: André Draszik <adraszik@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 2a6ac8ca71b669b8653eb19417faf58575385a21) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Maxin B. John [Mon, 6 Jun 2016 09:13:41 +0000 (12:13 +0300)]
db: add RECIPE_NO_UPDATE_REASON
db-6.2.23 does not work with RPM-5.x due to changes in locking semantics
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 8ea6be55b795ae5306606f7d4cdacdf3c2afa5ae) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Maxin B. John [Tue, 31 May 2016 15:26:03 +0000 (18:26 +0300)]
openssl: fix the dangling libcrypto.a symlink
Update libcrypto.a symlink to the proper location.
[YOCTO #9523]
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d6884a99a170a2d1925ed347431518fff3cf367) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
He Zhe [Wed, 25 May 2016 08:47:17 +0000 (04:47 -0400)]
kernel: Make symbol link to vmlinuz in boot directory
Rename do_kernel_link_vmlinux to do_kernel_link_images and make a
symbol link to vmlinuz(if exists) for reference in arch/$arch/boot
directory.
Signen-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 6e58f54be103814b6b8a85b236510633c49e6832) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
He Zhe [Wed, 25 May 2016 08:47:16 +0000 (04:47 -0400)]
kernel: Add KERNEL_IMAGETYPES to build multi types kernel at one time
Add KERNEL_IMAGETYPES to support building packaging and installing
multi types of kernel images, such as zImage uImage, at one time.
KERNEL_IMAGETYPE and KERNEL_ALT_IMAGETYPE work as before.
Signed-off-by: He Zhe <zhe.he@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 849b67b2e4820564b5e5c9bd4bb293c44351c5f3) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Richard Purdie [Sat, 21 May 2016 11:27:48 +0000 (12:27 +0100)]
kernel-uimage: Fix python indentation
Use spaces, not tabs for python functions.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 96ed92aded49fc47c7e407d36ba4f03dafee28cd) Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
Ross Burton [Wed, 19 Jul 2017 13:27:32 +0000 (14:27 +0100)]
libgcrypt: fix CVE-2017-9526
In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from
side-channel observation during the signing process) can easily recover the
long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this
session key in secure memory, to ensure that constant-time point operations are
used in the MPI library.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
initrdscripts/init-install*: Add rootwait when installing to USB devices
It can take a bit for USB devices to be detected, so if a USB device is
your rootfs and you don't set rootwait you will most likely get a kernel
panic. Fix this by adding rootwait to the kernel command line on
installation.
Fixes [YOCTO #9462].
Signed-off-by: California Sullivan <california.l.sullivan@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Richard Purdie [Fri, 16 Jun 2017 08:42:30 +0000 (09:42 +0100)]
package_ipk: Clean up Source entry in ipk packages
There is the potential for sensitive information to leak through the urls
there and removing it brings this into the behavior of the other package
backends since filtering it is likely error prone.
Since ipks don't appear to be generated at all if we don't set this, set
the field to the recipe name used (basename only, no paths). This avoids
information leaking. We may want to drop the field if opkg can allow that
at a future point but the recipe name is a suitable identifier for now.
Reported-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Mon, 5 Jun 2017 16:30:42 +0000 (17:30 +0100)]
oeqa/selftest: lock down Meson git revision for reliability
The test_recipetool_create_github test fetches HEAD of the repository so
upstream changes can (and do) break the test. Avoid these problems by passing
the rev= argument in the URL to lock the checkout to the same version that is
fetched in the github_tarball test.
Also pass the commands to runCmd() as a list instead of a string, the semicolon
in the URL needs more quotes if the shell is involved and passing a list
bypasses the shell entirely.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Thu, 18 Aug 2016 13:46:32 +0000 (14:46 +0100)]
libunwind: Fix build race conflict with gcc and musl
Building libunwind, then gcc-runtime causes build failures. This is hard
to fix since gcc-runtime wants the internal gcc unwind.h header but libunwind
wants to provide this. There are differences in include behaviour between gcc
and glibc which are by design.
This patch hacks around the issue by looking for a define used during gcc-runtime's
build and skipping to the internal header in that case. The patch is only enabled
on musl and is the best workaround I could come up with to unblock failing builds
on our autobuilder.
[YOCTO #10129]
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Tue, 30 May 2017 13:21:31 +0000 (14:21 +0100)]
selftest/recipetool: Fix test for krogoth
This test was backported and doesn't function quite the same way under
krogoth since some of the extended python license checking wasn't yet
added. This tweaks the output to match the expected result in krogoth.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
RP: backported from 2.12 to 2.10 Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gna! project announced that the download site from gna.org HTTP server
will soon be closing down. We have verified that the site is no longer
accessible without network proxy cache. We need to update SRC_URI to
point to new alternative (nwl.cc HTTP server) in order to avoid fetcher
issues in future.
[YOCTO #11575]
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Richard Purdie [Wed, 18 May 2016 18:28:29 +0000 (19:28 +0100)]
pseudo: Work around issues with glibc 2.24
There are issues with a change made to RTLD_NEXT behaviour in glibc 2.24
and that change was also backported to older glibc versions in some distros
like Fedora 23. This adds a workaround whilst the pseudo maintainer fixes
various issues properly.
Patrick Ohly [Fri, 23 Sep 2016 13:23:20 +0000 (15:23 +0200)]
openssl.inc: avoid random ptest failures
"make alltests" is sensitive to the timestamps of the installed
files. Depending on the order in which cp copies files, .o and/or
executables may end up with time stamps older than the source files.
Running tests then triggers recompilation attempts, which typically
will fail because dev tools and files are not installed.
"cp -a" is not enough because the files also have to be newer than
the installed header files. Setting the file time stamps to
the current time explicitly after copying solves the problem because
do_install_ptest_base is guaranteed to run after do_install.
Robert Yang [Tue, 20 Sep 2016 05:34:36 +0000 (22:34 -0700)]
openssl: fix do_configure error when cwd is not in @INC
Fixed when building on Debian-testing:
| Can't locate find.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.22.2 /usr/local/share/perl/5.22.2 /usr/lib/x86_64-linux-gnu/perl5/5.22 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.22 /usr/share/perl/5.22 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at perlpath.pl line 7.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fixed merge conflict Signed-off-by: Armin Kuster <akuster808@gmail.com>
Joshua Lock [Wed, 22 Jun 2016 10:22:25 +0000 (11:22 +0100)]
openssl: prevent warnings from openssl-c_rehash.sh
The openssl-c_rehash.sh script reports duplicate files and files which
don't contain a certificate or CRL by echoing a WARNING to stdout.
This warning gets picked up by the log checker during rootfs and results
in several warnings getting reported to the console during an image build.
To prevent the log from being overrun by warnings related to certificates
change these messages in openssl-c_rehash.sh to be prefixed with NOTE not
WARNING.
Otavio Salvador [Mon, 23 May 2016 20:45:27 +0000 (17:45 -0300)]
openssl: Ensure SSL certificates are stored on sysconfdir
Debian and other generic distributions has moved the certificates for
sysconfdir (/etc/ssl) and made the libdir content to link for it.
This provides several advantages specially for read-only
rootfs. Another benefit is that it ensures foreign implementations
(e.g: BoringSSL, from Chromium, when running with OpenSSL backend for
the certificates) to find the content correctly.
Andrej Valek [Fri, 19 Aug 2016 10:51:06 +0000 (12:51 +0200)]
openssl: fix add missing dependencies building for test directory
Regarding the last commit about missing dependencies, another issue
was found. The problem was found, while ptest has been built with some
set extra settings. It means, when ptest is going to be built,
it is necessary to rebuild dependencies for test directory too.
Andrej Valek [Fri, 5 Aug 2016 11:16:33 +0000 (13:16 +0200)]
openssl: fix add missing `make depend` command before `make` library
Settings from EXTRA_OECONF like en/disable no-ssl3, are transferred
only into DEPFLAGS. It means that settings have no effect on output files.
DEPFLAGS will be transferred into output files with make depend command.
MIPS64 target was being configured for linux-mips which defaults to
MIPS32. Doesn't cause any issue as far as I can see but it would be
wiser to use the correct target configuration.
Ed Bartosh [Wed, 4 Jan 2017 18:48:18 +0000 (20:48 +0200)]
populate_sdk_ext: whitelist do_package tasks
With enabled SSTATE_MIRRORS sstate code expects mirrors to
contain entries for all tasks, which is not the case for ext
installer as it uses reduced sstate cache.
Added do_package tasks to BB_SETSCENE_ENFORCE_WHITELIST to prevent
installer failing with ERROR: Sstate artifact unavailable
Ed Bartosh [Wed, 4 Jan 2017 18:48:17 +0000 (20:48 +0200)]
populate_sdk_ext: fix working with uninative sstate
Mapped uninative sstate directories to make ext SDK installer to
use them when it's run on systems with gcc version different from
gcc version used to build installer.
Mingli Yu [Wed, 7 Dec 2016 08:01:11 +0000 (16:01 +0800)]
tiff: Security fix CVE-2016-9535
* libtiff/tif_predict.h, libtiff/tif_predict.c:
Replace assertions by runtime checks to avoid assertions in debug mode,
or buffer overflows in release mode. Can happen when dealing with
unusual tile size like YCbCr with subsampling.
Zhixiong Chi [Mon, 28 Nov 2016 08:12:04 +0000 (16:12 +0800)]
tiff: Security fix CVE-2016-9540
tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled
images with odd tile width versus image width. Reported as MSVR 35103,
aka "cpStripToTile heap-buffer-overflow."
Yi Zhao [Thu, 17 Nov 2016 08:08:10 +0000 (16:08 +0800)]
tiff: Security fix CVE-2016-3632
CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in
LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of
service (out-of-bounds write) or execute arbitrary code via a crafted
TIFF image.
Zhixiong Chi [Mon, 14 Nov 2016 09:46:52 +0000 (17:46 +0800)]
tiff: Security fix CVE-2016-3658
The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in the tiffset tool
allows remote attackers to cause a denial of service (out-of-bounds read) via vectors
involving the ma variable.
Reference to upstream fix:
https://bugzilla.redhat.com/attachment.cgi?id=1165210
Squashed backport against vanilla Expat 2.1.1, addressing:
* CVE-2012-6702 -- unanticipated internal calls to srand
* CVE-2016-5300 -- use of too little entropy
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ross Burton [Wed, 15 Jun 2016 11:01:23 +0000 (12:01 +0100)]
oeqa: fix hasPackage, add hasPackageMatch
hasPackage() was looking for the string provided as an RE substring in the
manifest, which resulted in a large number of false positives (i.e. libgtkfoo
would match "gtk+").
Rewrite the manifest loader to parse the files into a proper data structure,
change hasPackage to do full string matches, and add hasPackageMatch which does
RE substring matches.
Armin Kuster [Fri, 4 Nov 2016 05:53:28 +0000 (22:53 -0700)]
tzdata: update to 2016i
Briefly: Cyprus split into two time zones on 2016-10-30, and Tonga
reintroduces DST on 2016-11-06.
Changes to future time stamps
Pacific/Tongatapu begins DST on 2016-11-06 at 02:00, ending on
2017-01-15 at 03:00. Assume future observances in Tonga will be
from the first Sunday in November through the third Sunday in
January, like Fiji. (Thanks to Pulu ʻAnau.) Switch to numeric
time zone abbreviations for this zone.
Changes to past and future time stamps
Northern Cyprus is now +03 year round, causing a split in Cyprus
time zones starting 2016-10-30 at 04:00. This creates a zone
Asia/Famagusta. (Thanks to Even Scharning and Matt Johnson.)
Antarctica/Casey switched from +08 to +11 on 2016-10-22.
(Thanks to Steffen Thorsen.)
Changes to past time stamps
Several corrections were made for pre-1975 time stamps in Italy.
These affect Europe/Malta, Europe/Rome, Europe/San_Marino, and
Europe/Vatican.
First, the 1893-11-01 00:00 transition in Italy used the new UT
offset (+01), not the old (+00:49:56). (Thanks to Michael
Deckers.)
Second, rules for daylight saving in Italy were changed to agree
with Italy's National Institute of Metrological Research (INRiM)
except for 1944, as follows (thanks to Pierpaolo Bernardi, Brian
Inglis, and Michael Deckers):
The 1916-06-03 transition was at 24:00, not 00:00.
The 1916-10-01, 1919-10-05, and 1920-09-19 transitions were at
00:00, not 01:00.
The 1917-09-30 and 1918-10-06 transitions were at 24:00, not
01:00.
The 1944-09-17 transition was at 03:00, not 01:00. This
particular change is taken from Italian law as INRiM's table,
(which says 02:00) appears to have a typo here. Also, keep the
1944-04-03 transition for Europe/Rome, as Rome was controlled by
Germany then.
The 1967-1970 and 1972-1974 fallback transitions were at 01:00,
not 00:00.
Yi Zhao [Wed, 26 Oct 2016 08:26:48 +0000 (16:26 +0800)]
tiff: Security fix CVE-2016-3622
CVE-2016-3622 libtiff: The fpAcc function in tif_predict.c in the
tiff2rgba tool in LibTIFF 4.0.6 and earlier allows remote attackers to
cause a denial of service (divide-by-zero error) via a crafted TIFF
image.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Wed, 26 Oct 2016 08:26:47 +0000 (16:26 +0800)]
tiff: Security fix CVE-2016-3623
CVE-2016-3623 libtiff: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier
allows remote attackers to cause a denial of service (divide-by-zero) by
setting the (1) v or (2) h parameter to 0.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Wed, 26 Oct 2016 08:26:46 +0000 (16:26 +0800)]
tiff: Security fix CVE-2016-3991
CVE-2016-3991 libtiff: Heap-based buffer overflow in the loadImage
function in the tiffcrop tool in LibTIFF 4.0.6 and earlier allows remote
attackers to cause a denial of service (out-of-bounds write) or execute
arbitrary code via a crafted TIFF image with zero tiles.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Wed, 26 Oct 2016 08:26:45 +0000 (16:26 +0800)]
tiff: Security fix CVE-2016-3990
CVE-2016-3990 libtiff: Heap-based buffer overflow in the
horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and
earlier allows remote attackers to cause a denial of service (crash) or
execute arbitrary code via a crafted TIFF image to tiffcp.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Yi Zhao [Wed, 26 Oct 2016 08:26:44 +0000 (16:26 +0800)]
tiff: Security fix CVE-2016-3945
CVE-2016-3945 libtiff: Multiple integer overflows in the (1)
cvt_by_strip and (2) cvt_by_tile functions in the tiff2rgba tool in
LibTIFF 4.0.6 and earlier, when -b mode is enabled, allow remote
attackers to cause a denial of service (crash) or execute arbitrary code
via a crafted TIFF image, which triggers an out-of-bounds write.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Armin Kuster [Mon, 24 Oct 2016 03:00:16 +0000 (20:00 -0700)]
tzdata: Update to 2016h
Changes to future time stamps
Asia/Gaza and Asia/Hebron end DST on 2016-10-29 at 01:00, not
2016-10-21 at 00:00. (Thanks to Sharef Mustafa.) Predict that
future fall transitions will be on the last Saturday of October
at 01:00, which is consistent with predicted spring transitions
on the last Saturday of March. (Thanks to Tim Parenti.)
Changes to past time stamps
In Turkey, transitions in 1986-1990 were at 01:00 standard time
not at 02:00, and the spring 1994 transition was on March 20, not
March 27. (Thanks to Kıvanç Yazan.)
Changes to past and future time zone abbreviations
Asia/Colombo now uses numeric time zone abbreviations like "+0530"
instead of alphabetic ones like "IST" and "LKT". Various
English-language sources use "IST", "LKT" and "SLST", with no
working consensus. (Usage of "SLST" mentioned by Sadika
Sumanapala.)
Armin Kuster [Mon, 24 Oct 2016 03:00:15 +0000 (20:00 -0700)]
tzcode-native: update to 2016h
Changes to code
zic no longer mishandles relativizing file names when creating
symbolic links like /etc/localtime, when these symbolic links
are outside the usual directory hierarchy. This fixes a bug
introduced in 2016g. (Problem reported by Andreas Stieger.)
Daniel Díaz [Tue, 25 Oct 2016 18:09:45 +0000 (13:09 -0500)]
weston: Add no-input-device patch to 1.9.0.
The included patch, backported from Weston master, allows
it to run without any input device at launch. An ini option
is introduced for this purpose, so there is no behavioral
change.
Related change in weston.ini:
[core]
require-input=true
Default is true; setting it false allows Weston to run
without a keyboard or mouse, which is handy for automated
environments.
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
