Armin Kuster [Thu, 3 May 2018 16:00:59 +0000 (09:00 -0700)]
ruby: Update to 2.4.4
The dot releases are maint only.
2.4.4 included:
CVE-2017-17742: HTTP response splitting in WEBrick
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
CVE-2018-8777: DoS by large request in WEBrick
CVE-2018-8778: Buffer under-read in String#unpack
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir
Martin Jansa [Wed, 25 Apr 2018 14:06:48 +0000 (14:06 +0000)]
test-dependencies.sh: remove /sysroots* between component builds
* glibc is now the only component in morty release which is using TMPDIR/sysroots-components (normally used only after RSS):
oe-core$ git grep "\${STAGING_DIR}-components"
meta/recipes-core/glibc/glibc-locale.inc:LOCALETREESRC = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale"
meta/recipes-core/glibc/glibc-mtrace.inc:SRC = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale/scripts"
meta/recipes-core/glibc/glibc-package.inc:do_stash_locale[sstate-outputdirs] = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale"
meta/recipes-core/glibc/glibc-package.inc:do_stash_locale[sstate-fixmedir] = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale"
meta/recipes-core/glibc/glibc-scripts.inc:SRC = "${STAGING_DIR}-components/${PACKAGE_ARCH}/glibc-stash-locale/scripts"
test-dependencies selective pruning of TMPDIR, deletes sysroots, but not sysroots-components
which leaves TMPDIR/sysroots-components files from qlibc.do_stash_locale behind and when next build started in the same workspace it failed, because it was trying to overwrite files already there.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Martin Jansa [Wed, 25 Apr 2018 14:06:47 +0000 (14:06 +0000)]
sstate-diff-machines.sh: Replace MACHINE_ARCH only at the beginning and separated with dash
* I had some components where the MACHINE name was also included in PV of allarch recipe
which was tripping the script into saying that they have different signatures (because
for one MACHINE was the string in PV replaced with 'MACHINE' and not for other MACHINEs
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
When a non-existing MACHINE is specified, sanity check issues
the following message:
Please set a valid MACHINE in your local.conf or environment
However, MACHINE can also be set in multiconfig .conf file(s).
Hence we may have several different MACHINE settings within one
(multiconfig) build, so the present error message is fairly
ambiguous.
This patch remedies this by explicitly naming the offending MACHINE and
by amending the list of places where this erroneous MACHINE definition
could have originated.
MACHINE=xyz is invalid. Please set a valid MACHINE in your local.conf, environment or other configuration file.
[YOCTO#10810]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a7cb408dd784178197687a2129e936620bf6a0d3) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Tanu Kaskinen [Sat, 31 Mar 2018 05:24:27 +0000 (08:24 +0300)]
libvorbis: CVE-2017-14632
Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.
Tanu Kaskinen [Sat, 31 Mar 2018 05:24:26 +0000 (08:24 +0300)]
libvorbis: CVE-2017-14633
In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().
Richard Purdie [Wed, 8 Feb 2017 12:29:04 +0000 (12:29 +0000)]
glibc-package: Avoid race sstate races with do_stash_locale
The change to make do_stash_locale an sstate task between do_install and
do_package has some unforeseen problems since the function deletes part of
${D} but may or may not run depending on whether the task is installed from
sstate.
This cleans up the current "pre packaging" function to be more deterministic
and result in the same set of files, whichever code path we end up reaching
that point by. Its not an ideal sitation but it should avoid the race
failures we've seen on some builds.
Richard Purdie [Wed, 25 Jan 2017 14:25:02 +0000 (14:25 +0000)]
image/packagegroup/populate_sdk: Drop do_populate_sysroot task properly
Setting do_populate_sysroot as noexec means the code keeps thinking it can find
a manifest file for it. It also complicates sstate installtion since the code
would believe there is an sstate object there it should look for.
Instead, delete the task. This causes sdk failures as the dependencies are wrong
so fix those as well.
Ed Bartosh [Wed, 25 Jan 2017 13:18:36 +0000 (15:18 +0200)]
toolchain-shar-extract: compare SDK and host gcc versions
If ext sdk is built by gcc version higher than host gcc version
and host gcc version is 4.8 or 4.9 the installation is known to
fail due to the way uninative sstate package is built.
It's a known issue and we don't have a way to fix it for above
mentioned combinations of build and host gcc versions.
Detected non-installable combinations of gcc versions and
print an installation error.
Ross Burton [Fri, 16 Mar 2018 11:28:32 +0000 (11:28 +0000)]
sdk: streamline locale removal
For some reason dnf is aborting with the fairly useless "failed to read RPMDB"
error during SDK creation. Luckily as we're just deleting locale packages we
can pass False to remove() to use RPM directly, which doesn't crash.
Armin Kuster [Fri, 23 Mar 2018 04:57:20 +0000 (21:57 -0700)]
distcc: Change SRC_URI
ERROR: distcc-3.2-r0 do_fetch: Fetcher failure: Unable to find revision d8b18df3e9dcbe4f092bed565835d3975e99432c in branch 3.2 even from upstream
ERROR: distcc-3.2-r0 do_fetch: Fetcher failure for URL: 'git://github.com/distcc/distcc.git;branch=3.2'. Unable to fetch URL from any source.
ERROR: distcc-3.2-r0 do_fetch: Function failed: base_do_fetch
[v2]
upstream deleted the branch and the hash no longer exists.
Took the git snapshot from yocto and created a copy on my github.
There was no offical 3.2 release, only rc versions.
buildhistory: fix latest_srcrev in the common case
buildhistory was writing srcrevs.values() as SRCREV when only one
srcrev/branch exists. This returns a view of the dictionary values in python
3, and used to return a list in python 2, neither of which is an appropriate
value for SRCREV. It was resulting in latest_srcrev files like this:
Maxin B. John [Thu, 22 Mar 2018 08:53:07 +0000 (10:53 +0200)]
grub-efi: fix build failure
grub-efi build fails with the following error on Fedora 26:
| ../grub-2.00/util/raid.c: In function 'grub_util_raid_getmembers':
| ../grub-2.00/util/raid.c:91:13: error: In the GNU C Library, "makedev"
is defined
| by <sys/sysmacros.h>. For historical compatibility, it is
| currently defined by <sys/types.h> as well, but we plan to
| remove this soon. To use "makedev", include <sys/sysmacros.h>
| directly. If you did not intend to use a system-defined macro
| "makedev", you should undefine it after including <sys/types.h>.
[-Werror]
| makedev (disk.major, disk.minor));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Resolve the build error by backporting the fix from upstream.
[YOCTO #12595]
Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Armin Kuster [Sat, 24 Mar 2018 01:43:16 +0000 (18:43 -0700)]
lib/oe/terminal.py: use an absolute path to execute oe-gnome-terminal-phonehome
A flaw was found on my Ubuntu 14.04.5 LTS, on which that gnome-terminal is
the default terminal, when I run any of the tasks:
bitbake busybox -c menuconfig/devshell/devpyshell
bitbake virtual/kernel -c menuconfig/devshell/devpyshell
I got a error as follows:
"Failed to execute child process "oe-gnome-terminal-phonehome" (No such file or directory)"
Seems the environment of the process calling Popen is not passed to the
child process, this behaviour is a known issue in Python bug tracker:
http://bugs.python.org/issue8557
It could be fixed by using an absolute path instead per test.
Signed-off-by: Ming Liu <liu.ming50@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2117c148ef07d84bc605768e3b3671b0126b9337) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Tanu Kaskinen [Wed, 21 Mar 2018 17:09:16 +0000 (19:09 +0200)]
e2fsprogs: fix compatibility with glibc 2.27
glibc 2.27 added function copy_file_range(), and e2fsprogs happens to
have a different function with the same name. The conflict made
e2fsprogs-native build fail.
Here's a backport of a fix from upstream, the fix was released in
e2fsprogs 1.43.8.
The master branch doesn't need this fix, since it has new enough
e2fsprogs version. At least rocko, pyro and morty need this, I haven't
checked older stable branches. Apparently the problematic function was
introduced in e2fsprogs version 1.43.
libc-package.bbclass: split binary localedata even more if asked to
If GLIBC_SPLIT_LC_PACKAGES is set to a non-zero value, convert
glibc-binary-localedata-XX-YY to be a meta package depending on
glibc-binary-localedata-XX-YY-lc-address and so on. This enables
saving quite some space if someone doesn't need LC_COLLATE for
example.
Some regex code was removed from output_locale_binary_rdepends,
because legitimize_package_name already converts to lowercase.
Richard Purdie [Sat, 4 Feb 2017 17:28:18 +0000 (17:28 +0000)]
glibc: Separate locale files to their own sstate task
Putting the locale and script files into the sysroot for use by their
specific recipes used to be a simple way to share the files. With RSS,
we don't want to copy these into many different recipes so put these
files in their own sstate task.
Juro Bystricky [Tue, 23 Jan 2018 00:35:06 +0000 (16:35 -0800)]
glibc-locale.inc: avoid duplicate packages
PACKAGES_DYNAMIC contained an identical set of packages twice.
I suspect this was a result of global search/replace when moving
recipes from eglibc to glibc long time ago.
Ross Burton [Fri, 2 Mar 2018 20:52:54 +0000 (20:52 +0000)]
populate_sdk_base: depend on nativesdk-glibc-locale
If we're building a SDK and we're using glibc so may be installing locales,
add a build-dependency on natiesdk-glibc-locale so the locales we need will
exist.
Ross Burton [Thu, 1 Mar 2018 18:26:32 +0000 (18:26 +0000)]
populate_sdk: install UTF-8 locales in SDKs
As glibc 2.27 can't read older locale-archives, SDKs using glibc 2.27 on hosts
using glibc earlier than 2.27 won't be able to find any locales, so bitbake
won't start and Python can't use UTF-8.
So by default install all locales into the SDK. Special-case Extensible SDKs by
installing no locales as they ship glibc in a buildtools, and that will have the
locales.
Locale installation requires cross-localedef, so add that to DEPENDS.
Also remove the explicit en_US addition in buildtools-tarball as it is now
redundant.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup for the getVar True bit] Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup do to merge conflict] Signed-off-by: Armin Kuster <akuster808@gmail.com>
package_manager: don't race on a file when installing complementary
packages
the file isn't closed before oe-pkgdata-util uses it and this
temporary file might look empty to oe-pkgdata-util, because it
wasn't flushed yet. Which resulted in almost empty debugfs tarballs
and no locale packages in regular rootfs.
* without this change:
124K May 30 07:41 core-image-full-cmdline-raspberrypi3-64-20170530054003-dbg.rootfs.tar.gz
* with this change:
173M May 30 07:29 core-image-full-cmdline-raspberrypi3-64-20170530052715-dbg.rootfs.tar.gz
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 877d38db08aa7060d16405443cf70539c559fe82) Signed-off-by: Anders Darander <anders@chargestorm.se> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Ross Burton [Tue, 18 Apr 2017 15:19:12 +0000 (16:19 +0100)]
package_manager: don't race on a file when installing complementary packages
PackageManager.install_complementary() uses WORKDIR/installed_pkgs.txt as a
temporary file but if two tasks are executing for the same recipe which uses
this file (e.g. bitbake my-image my-image:do_populate_sdk) then it's possible
for the file to be overwritten or deleted.
Instead of using a static filename, use tempfile to generate a unique name and
ensure it is cleaned up when finished.
Also move the glob generation/expansion earlier in the function as if there are
no globs to install, we don't need to generate a package list.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup do to merge conflicts] Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup do to merge conflicts] Signed-off-by: Armin Kuster <akuster808@gmail.com>
Linus Wallgren [Mon, 14 Nov 2016 16:20:13 +0000 (17:20 +0100)]
lib/oe/package_manager: .deb pre/postinst args
The debian policy manual and MaintainerScripts wiki page states that the
postinst script is supposed to be called with the `configure` argument
at first install, likewise the preinst script is supposed to be called
with the `install` argument on first install.
Ross Burton [Thu, 1 Mar 2018 18:26:27 +0000 (18:26 +0000)]
glibc: relocate locale paths in nativesdk
nativesdk is built with a specific prefix but this will be different at install
time, however glibc hard-codes the path to locale files. Expand these strings to 4K and move them to a magic segment which we can relocate when the SDK is installed.
Richard Purdie [Wed, 14 Mar 2018 16:52:18 +0000 (09:52 -0700)]
uninative: Add compatiblity version check
If glibc is newer on the host than in uninative, the failure mode is
pretty nasty for clusters where the sstate is shared, including the Yocto
Project autobuilder.
This check aborts the use of uninative in such scenarios where a newer
glibc version appears and avoids corruption of sstate caches.
We use ldd to check the glibc version since that is included in libc-bin
(or equivalent) which locales use so it should always be present.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ross Burton [Tue, 20 Feb 2018 00:39:57 +0000 (00:39 +0000)]
libtirpc: stop dropping in NIS headers
libtirpc prior to 1.0.2 assumed that the system provided nis.h but this isn't
always true. Until now we've been using a tarball of the missing files from
Gentoo, but libtirpc 1.0.2 added a copy of nis.h to the sources so this isn't
required anymore.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Richard Purdie [Sun, 11 Mar 2018 12:12:49 +0000 (05:12 -0700)]
gcc: Remove patch causing ICE on x86_64 valgrind compile
| ../../valgrind-3.12.0/VEX/priv/host_ppc_isel.c: In function 'iselInt64Expr':
| ../../valgrind-3.12.0/VEX/priv/host_ppc_isel.c:3270:1: internal compiler error: Segmentation fault
| }
| ^
| Please submit a full bug report,
| with preprocessed source if appropriate.
| See <http://gcc.gnu.org/bugs.html> for instructions.
| rm -f libvexmultiarch-amd64-linux.a
| Makefile:1813: recipe for target 'priv/libvex_amd64_linux_a-host_ppc_isel.o' failed
Remove the patch to gcc causing this until the issue can be figured out.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Juro Bystricky [Thu, 1 Mar 2018 18:32:43 +0000 (10:32 -0800)]
gcc6: Backport few more patches
Backported series of patches from https://github.com/hjl-tools/gcc.git
branch /hjl/indirect/gcc-6-branch/master which contains
an IA patch series for security related issues
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
The result is that gcc 6.4 now refuses to allow -march=armv7ve and
-mcpu=XXX to be used together, even when -mcpu is set to an armv7ve
compatible core:
Fix by defining flags for armv7ve compatible cores directly from
FL_FOR_ARCH7VE, rather than re-creating the armv7ve flags
independently by combining FL_FOR_ARCH7A with the armv7ve specific
FL_THUMB_DIV and FL_ARM_DIV flags.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
gcc: Fix libssh_nonshared linker specs for ppc/musl
The change to link libssp_nonshared.a only for musl was to move
spec file changes to config/linux.h under a conditional when
DEFAULT_LIBC == LIBC_MUSL which worked fine for all but ppc
since gcc for ppc provided its own linux.h overrides which are
used. This patch duplicates the change in those headers too
Khem Raj [Wed, 28 Jun 2017 02:11:44 +0000 (19:11 -0700)]
gcc: Link libssp_nonshared.a only on musl targets
glibc already provides the content for libssp_nonshared
in libc_nonshared.a therefore we dont need to make it
universal.
This also fixed build issues on glibc when linking statically
and using -fstack-protector
Fixed errors like
/mnt/a/oe/build/tmp/work/i586-bec-linux/aufs-util/3.14+gitAUTOINC+bdfcc0dcfc-r0/recipe-sysroot/usr/lib/../lib/libc.a(stack_chk_fail.o): In function `__stack_chk_fail': /usr/src/debug/glibc/2.26-r0/git/debug/stack_chk_fail.c:27: multiple definition of `__stack_chk_fail_local' /mnt/a/oe/build/tmp/work/i586-bec-linux/aufs-util/3.14+gitAUTOINC+bdfcc0dcfc-r0/recipe-sysroot/usr/lib/../lib/libssp_nonshared.a(libssp_nonshared_la-ssp-local.o):/usr/src/debug/gcc-runtime/7.1.0-r0/gcc-7.1.0/build.i586-bec-linux.i586-bec-linux/i586-bec-linux/libssp/../../../../../../../../work-shared/gcc-7.1.0-r0/gcc-7.1.0/libssp/ssp-local.c:47: first defined here collect2: error: ld returned 1 exit status
Use ucontext_t not struct ucontext in linux-unwind.h files.
Current glibc no longer gives the ucontext_t type the tag struct
ucontext, to conform with POSIX namespace rules. This requires
various linux-unwind.h files in libgcc, that were previously using
struct ucontext, to be fixed to use ucontext_t instead. This is
similar to the removal of the struct siginfo tag from siginfo_t some
years ago.
Backport of patches by Joseph Myers, taken from
https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=249957
[YOCTO #12083]
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit ec1c18d866c137b1fa523d0fcc29f65a28f59f44)
Jussi Kukkonen [Thu, 16 Mar 2017 09:15:35 +0000 (11:15 +0200)]
gcc: Remove unused patch
CVE-2016-4490 applied to gcc < 6.1.1, our version is 6.3
Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit d8329861bf6f48f6e541a04062b8d1f373dfcd78)
The demangler in GNU Libiberty allows remote attackers to cause a denial
of service (infinite loop, stack overflow, and crash) via a cycle in the
references of remembered mangled types.
PR c++/71696
* cplus-dem.c: Prevent infinite recursion when there is a cycle
in the referencing of remembered mangled types.
(work_stuff): New stack to keep track of the remembered mangled
types that are currently being processed.
(push_processed_type): New method to push currently processed
remembered type onto the stack.
(pop_processed_type): New method to pop currently processed
remembered type from the stack.
(work_stuff_copy_to_from): Copy values of new variables.
(delete_non_B_K_work_stuff): Free stack memory.
(demangle_args): Push/Pop currently processed remembered type.
(do_type): Do not demangle a cyclic reference and push/pop
referenced remembered type.
cherry-picked from commit of
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@239143 138bc75d-0d04-0410-961f-82ee72b054a4
Stephen Arnold [Mon, 13 Feb 2017 02:25:27 +0000 (18:25 -0800)]
gcc-6: Add fix for missing no-PIE flags
Fixes build on hardened PAX host with gcc-5 (linker error on relocs).
Completes no-PIE config by adding to ALL_* flags variables.
Borrowed from Gentoo gcc patches, tested on 2 hardened amd64 hosts.
Signed-off-by: Stephen Arnold <stephen.arnold42@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit fcb236ea7cd1ac052719187fefed60ebf1a30ac8)
Khem Raj [Fri, 3 Feb 2017 22:45:26 +0000 (14:45 -0800)]
gcc-6: Sync gcc stddef.h with musl stddef.h
GCC provides some of std* headers including stddef.h
and it syncs with glibc definitions via __needed* defines
to find which datatypes are expected to be defined on top
of glibc. we need same for musl.
Drop unused 0048-ARM-PR-target-71056-Don-t-use-vectorized-builtins-wh.patch
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 7da04721a620ad741ea50adf116e6b5afd47caa5)
Pavel Modilaynen [Wed, 31 Jan 2018 19:10:38 +0000 (19:10 +0000)]
buildstats.bbclass: Avoid index exception in /proc/PID/io parsing
There is some probability (depends on system load) to get empty
or line containing "0" as the last line while reading /proc/PID/io.
Avoid build failure by checking if line contains separator
":" before split.
Signed-off-by: Pavel Modilaynen <pavelmn@axis.com> Signed-off-by: Daniel Lublin <daniel@lublin.se> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Khem Raj [Sat, 2 Dec 2017 00:37:37 +0000 (00:37 +0000)]
gnutls_3.5.3.bb: Fix native build on distro with kernel < 3.4.17
When using distros which use old kernels gnutls fails to build
due to missing SYS_getrandom, therefore we need to check for this
before using it.
Fixes errorr e.g.
| ../../../gnutls-3.5.3/lib/nettle/rnd-linux.c: In function 'have_getrandom':
| ../../../gnutls-3.5.3/lib/nettle/rnd-linux.c:59:42: error: 'SYS_getrandom' undeclared (first use in this function)
| # define getrandom(dst,s,flags) syscall(SYS_getrandom, (void*)dst, (size_t)s, (unsigned int)flags)
Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Also, adjust a few things to make it actually build;
handling autotools-based projects from git checkouts is always harder
than taking them from tarballs :-(
Armin Kuster [Mon, 19 Feb 2018 21:06:35 +0000 (13:06 -0800)]
ruby: update to 2.4.3
This fixes a segfault in arm64 multilib.
Drop CVE-2017-14064.patch
Additional CVE included are 2.4.3:
CVE-2017-17405: Command injection vulnerability in Net::FTP
Additional CVE included are 2.4.2:
CVE-2017-0898: Buffer underrun vulnerability in Kernel.sprintf
CVE-2017-10784: Escape sequence injection vulnerability in the Basic authentication of WEBrick
CVE-2017-14033: Buffer underrun vulnerability in OpenSSL ASN1 decode
CVE-2017-14064: Heap exposure in generating JSON
Ruby Gems:
DNS request hijacking vulnerability. (CVE-2017-0902)
ANSI escape sequence vulnerability. (CVE-2017-0899)
DoS vulnerability in the query command. (CVE-2017-0900)
vulnerability in the gem installer that allowed a malicious gem to overwrite arbitrary files. (CVE-2017-0901)
projects / thirdparty / openembedded / openembedded-core-contrib.git / log
