[v2] Fixed where the commits start from to be the correct commit. Richard,
Here is the first pass at fixes, a number of these are requests from the list, along with the 29 CVE Fixes. I also have a bitbake patch set, which I will send to bitbake-devel. Sau! The following changes since commit 03a11d3cecc977b23bdf7b8510bf80dbe408b135: lib/oe/sdk: Ensure target directory exists before creating the link (2014-05-22 16:31:38 +0100) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib sgw/daisy http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=sgw/daisy Adrian Calianu (1): oprofileui-server_git: add avahi-daemon to RDEPENDS list Andreas Müller (2): shadow: fix building systemd with useradd-staticids.bbclass enabled make menuconfig work for recent xfce environment Andreas Oberritter (1): recipe_sanity.bbclass: avoid error when running 'bitbake -e' Bruce Ashfield (1): linux-yocto/3.14: aufs, edgerouter config and -rt Chen Qi (7): bind: add support for read-only rootfs mmc-utils: fix compilation failure for mips64 target. tcf-agent: add systemd support runqemu-internal: add "console=ttyS0" to ramfs image kernel parameters gdb: add PACKAGECONFIG for babeltrace openssh: fix for CVE-2014-2532 openssh: fix for CVE-2014-2653 Chong Lu (1): syslinux-native: fix parallel building issue Denys Dmytriyenko (4): cryptodev-linux: move to recipes-kernel to be shared with module and tests cryptodev-linux: create common .inc file to be shared by module and tests cryptodev-module: recipe for out-of-tree cryptodev device driver cryptodev-tests: recipe for cryptodev test suite based on OpenSSL Drew Moseley (3): systemd: Check for HAVE_POSIX_FALLOCATE mesa-demos: Specify the lib dir to locate glut libraries mesa-demos: Specify the lib dir properly. Hongxu Jia (1): apr: remove the use of ${SHELL} to avoid bash/dash confliction Irina Patru (1): distrodata.bbclass: Fix checkpkg functionality Jacob Kroon (2): console-tools: Remove floating runtime dependency on flex sstate-cache-management: Minor cleanup of help text Joe Slater (2): pixbufcache: add error exit in pixbufcache_sstate_postinst qemu: define PACKAGECONFIG[] for ssh2 Joel Fernandes (1): serial-getty service: Add xterm as default TERM Khem Raj (4): libav: Add libsdl to DEPENDS only when x11 is enabled uclibc: Add libgcc-initial to DEPENDS procps: Do not detect 32/64 bit compiler options lttng-modules_2.3.3.bb: Fix build on ARM/gcc-4.9 Koen Kooi (5): grub git: workaround debugedit problems xdg-utils: reinstall xdg-terminal xinput-calibrator: fix XDG launch curl: make PACKAGES match with FILES/RRECOMMENDS ca-certificates: generate CAfile for -native in do_install Laurentiu Palcu (1): adt_installer: run autoreconf before configuring opkg Li Wang (2): nss: CVE-2014-1492 nss: CVE-2013-1740 Mark Hatle (1): rpm: Fix rpm -V usage Martin Jansa (11): libnotify: add dbus-glib dependency icecc: don't create unnecessary 'ice' dirs in sysroots when disabled gsettings-desktop-schemas: add missing dependency on intltool-native qt4: Explicitly disable sqlite2 gstreamer1.0-plugins-good: add libxfixes and libxdamange to x11 depends gst-plugins-bad: add PACKAGECONFIG for schro, dc1394 and faac gst-plugins-good: add PACKAGECONFIG for x11 package.bbclass: add SHLIBSSEARCHDIRS to define where to search for shlib providers gtk+: Add PACKAGECONFIG for directfb defaultsetup: enable blacklist by default lttng-modules: Fix build with older kernels for 2.3.3 as 2.4.0 Matthieu Crapet (1): openssh-sshd: host contamination fix Maxin B. John (3): openssl: fix CVE-2014-0198 libxml2: fix CVE-2014-0191 bzip2: fix ptest execution failure Mike Crowe (1): native.bbclass: Override TARGET_ flags too Ming Liu (2): kernel: don't populate source symbolic link ldconfig-native: also default to lib32 and lib64 directories Philip Tricca (1): grub-efi: Use a variable to specify built-in grub modules. Radek Dostal (1): distutils.bbclass: only modify *.py file if it contains path to be removed Ricardo Ribalda Delgado (2): package_manager: Fix Argument list too long package_manager: Fix NoneType Object on do_populate_sdk Richard Purdie (8): initscripts: Fix PR reversal base.bbclass: Fix multilib PREFERRED_VERSION handling libiconv: Fix B != S with uclibc builds uclibc: Set MULTILIB_DIR based on baselib gcc: Handle uclibc linker relocation for multilib support attr: Fix uclibc builds git: Fix various makefile flags rt-tests: Fix warning flag typo Ross Burton (1): freetype: disable harfbuzz Saul Wold (2): report-error: Add posting in the public note openssh: add /var/log/lastlog to volatile list Sebastian Wiegand (1): distro_features_check.bbclass: fix wrong indentation Stefan Stanacar (1): scripts/send-error-report: simple hack to use proxy from the enviroment Tim Orling (1): perl: fix missing Module::Metadata Tudor Florea (2): curl: Backport a fix for a build issue curl: remove inapporpriate file from curl release Tyler Hall (2): python3: Substitute correct python version in shebang python3: Revert python-config to distutils.sysconfig Valentin Popa (1): wpa-supplicant: add libgcrypt as a dependencie Yue Tao (22): Screen: fix for Security Advisory CVE-2009-1214 screen: fix for Security Advisory CVE-2009-1215 subversion: fix for Security Advisory CVE-2013-1849 subversion: fix for Security Advisory CVE-2013-4505 subversion: fix for Security Advisory CVE-2013-4131 subversion: fix for Security Advisory CVE-2013-1845 subversion: fix for Security Advisory CVE-2013-1847 and CVE-2013-1846 subversion: fix for Security Advisory CVE-2013-4277 tiff: fix for Security Advisory CVE-2013-4231 openssl: fix for CVE-2010-5298 gst-ffmpeg: fix for Security Advisory CVE-2014-2263 gst-ffmpeg: fix for Security Advisory CVE-2013-0865 gst-ffmpeg: fix for Security Advisory CVE-2014-2099 gst-ffmpeg: fix for Security Advisory CVE-2013-0868 gst-ffmpeg: fix for Security Advisory CVE-2013-0845 gst-ffmpeg: fix for Security Advisory CVE-2013-0852 gst-ffmpeg: fix for Security Advisory CVE-2013-0858 gst-ffmpeg: fix for Security Advisory CVE-2013-0851 gst-ffmpeg: fix for Security Advisory CVE-2013-0854 gst-ffmpeg: fix for Security Advisory CVE-2013-0856 gst-ffmpeg: fix for Security Advisory CVE-2013-0850 gst-ffmpeg: fix for Security Advisory CVE-2013-0849 meta/classes/base.bbclass | 6 +- meta/classes/distro_features_check.bbclass | 4 +- meta/classes/distrodata.bbclass | 40 +- meta/classes/distutils.bbclass | 5 +- meta/classes/icecc.bbclass | 12 +- meta/classes/kernel.bbclass | 2 +- meta/classes/native.bbclass | 4 + meta/classes/package.bbclass | 26 +- meta/classes/pixbufcache.bbclass | 6 +- meta/classes/recipe_sanity.bbclass | 1 - meta/classes/report-error.bbclass | 1 + meta/conf/distro/defaultsetup.conf | 3 +- meta/lib/oe/package_manager.py | 14 +- meta/lib/oe/terminal.py | 12 +- meta/recipes-bsp/grub/grub-efi_2.00.bb | 4 +- meta/recipes-bsp/grub/grub_git.bb | 4 + .../init.d-add-support-for-read-only-rootfs.patch | 65 + meta/recipes-connectivity/bind/bind_9.9.5.bb | 2 + .../openssh/openssh/openssh-CVE-2014-2532.patch | 22 + .../openssh/openssh/openssh-CVE-2014-2653.patch | 114 + .../openssh/openssh/volatiles.99_sshd | 1 + meta/recipes-connectivity/openssh/openssh_6.5p1.bb | 16 +- .../openssl-1.0.1e/openssl-CVE-2010-5298.patch | 24 + .../openssl/openssl-CVE-2014-0198-fix.patch | 23 + .../recipes-connectivity/openssl/openssl_1.0.1g.bb | 1 + .../wpa-supplicant/wpa-supplicant.inc | 2 +- .../console-tools-0.3.2/no-dep-on-libfl.patch | 19 + .../console-tools/console-tools_0.3.2.bb | 1 + .../ldconfig-default-to-all-multilib-dirs.patch | 37 + meta/recipes-core/eglibc/ldconfig-native_2.12.1.bb | 4 +- meta/recipes-core/initscripts/initscripts_1.0.bb | 2 +- meta/recipes-core/libxml/libxml2.inc | 1 + .../libxml/libxml2/libxml2-CVE-2014-0191-fix.patch | 37 + .../systemd-serialgetty/[email protected] | 3 +- .../systemd/systemd-pam-fix-fallocate.patch | 4 +- meta/recipes-core/uclibc/uclibc-git/uClibc.distro | 1 + meta/recipes-core/uclibc/uclibc-initial_git.bb | 2 +- meta/recipes-core/uclibc/uclibc.inc | 1 + meta/recipes-core/uclibc/uclibc_git.bb | 2 +- ...C_DYNAMIC_LINKER-and-UCLIBC_DYNAMIC_LINKE.patch | 128 +- meta/recipes-devtools/gcc/gcc-multilib-config.inc | 11 +- meta/recipes-devtools/gdb/gdb_7.6.2.bb | 1 + meta/recipes-devtools/git/git.inc | 3 +- .../installer/adt-installer/adt_installer | 1 + ...mc.h-don-t-include-asm-generic-int-ll64.h.patch | 28 + meta/recipes-devtools/mmc/mmc-utils_git.bb | 4 +- meta/recipes-devtools/perl/perl-5.14.3/config.sh | 2 +- .../recipes-devtools/perl/perl-rdepends_5.14.3.inc | 1 + .../python/python3-native_3.3.3.bb | 3 +- .../python/python3/python-config.patch | 46 + meta/recipes-devtools/python/python3_3.3.3.bb | 1 + meta/recipes-devtools/qemu/qemu.inc | 1 + .../rpm/rpm/rpm-verify-files.patch | 22 + meta/recipes-devtools/rpm/rpm_5.4.9.bb | 1 + .../subversion-CVE-2013-4131.patch | 42 + .../subversion-CVE-2013-4277.patch | 15 + .../subversion-CVE-2013-4505.patch | 130 + .../subversion/subversion-CVE-2013-1845.patch | 171 + .../subversion-CVE-2013-1847-CVE-2013-1846.patch | 53 + .../subversion/subversion-CVE-2013-1849.patch | 25 + .../subversion/subversion-CVE-2013-4277.patch | 15 + .../subversion/subversion-CVE-2013-4505.patch | 127 + .../subversion/subversion_1.6.15.bb | 6 +- .../subversion/subversion_1.7.10.bb | 3 + .../syslinux-fix-parallel-building-issue.patch | 38 + meta/recipes-devtools/syslinux/syslinux_6.01.bb | 3 +- .../tcf-agent/tcf-agent/tcf-agent.service | 10 + meta/recipes-devtools/tcf-agent/tcf-agent_git.bb | 8 +- meta/recipes-extended/bzip2/bzip2_1.0.6.bb | 3 +- .../procps/procps-3.2.8/detect_bitness.patch | 26 + meta/recipes-extended/procps/procps_3.2.8.bb | 1 + .../screen-4.0.3/screen-4.0.2-CVE-2009-1215.patch | 27 + .../screen-4.0.3/screen-4.0.3-CVE-2009-1214.patch | 86 + meta/recipes-extended/screen/screen_4.0.3.bb | 2 + meta/recipes-extended/shadow/shadow.inc | 1 + .../xdg-utils/0001-Reinstate-xdg-terminal.patch | 672 ++ .../xdg-utils/xdg-utils_1.1.0-rc1.bb | 5 +- .../gnome/gsettings-desktop-schemas_3.10.1.bb | 2 +- meta/recipes-gnome/gtk+/gtk+.inc | 6 +- meta/recipes-gnome/libnotify/libnotify_0.6.0.bb | 2 +- meta/recipes-graphics/freetype/freetype_2.5.2.bb | 2 + meta/recipes-graphics/mesa/mesa-demos_8.1.0.bb | 2 +- .../xinput-calibrator/xinput-calibrator_git.bb | 4 + .../cryptodev/cryptodev-linux_1.6.bb | 15 + .../cryptodev/cryptodev-module_1.6.bb | 18 + .../cryptodev/cryptodev-tests_1.6.bb | 23 + .../cryptodev/cryptodev_1.6.inc} | 15 +- ...pile-and-install-rules-for-cryptodev-test.patch | 69 + ...talling-header-file-provided-by-another-p.patch | 28 + ...ests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch | 29 + ...-rc1-Linux-kernel-the-INIT_COMPLETION-mac.patch | 86 + meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb | 27 + meta/recipes-kernel/linux/linux-yocto-tiny_3.14.bb | 4 +- meta/recipes-kernel/linux/linux-yocto_3.14.bb | 16 +- meta/recipes-kernel/lttng/lttng-modules_2.3.3.bb | 4 +- .../oprofile/oprofileui-server_git.bb | 2 +- .../0001-alac-fix-nb_samples-order-case.patch | 30 + .../0001-alsdec-check-block-length.patch | 61 + ...ac3dec-Check-coding-mode-against-channels.patch | 37 + ...le-use-av_image_get_linesize-to-calculate.patch | 50 + ...egtsenc-Check-data-array-size-in-mpegts_w.patch | 69 + .../0001-eamad-fix-out-of-array-accesses.patch | 29 + ...t-ref-count-check-and-limit-fix-out-of-ar.patch | 29 + ...01-huffyuvdec-Check-init_vlc-return-codes.patch | 87 + .../0001-huffyuvdec-Skip-len-0-cases.patch | 61 + .../0001-mjpegdec-check-SE.patch | 32 + ...heck-RLE-size-before-copying.-Fix-out-of-.patch | 34 + ...001-roqvideodec-check-dimensions-validity.patch | 36 + ...o-check-chunk-sizes-before-reading-chunks.patch | 51 + .../gstreamer/gst-ffmpeg_0.10.13.bb | 13 + .../gstreamer/gst-plugins-bad_0.10.23.bb | 3 + .../gstreamer/gst-plugins-good_0.10.31.bb | 6 +- .../gstreamer/gstreamer1.0-plugins-good.inc | 2 +- meta/recipes-multimedia/libav/libav.inc | 4 +- .../libtiff/files/libtiff-CVE-2013-4231.patch | 44 + meta/recipes-multimedia/libtiff/tiff_4.0.3.bb | 3 +- meta/recipes-qt/qt4/qt4.inc | 2 +- meta/recipes-rt/rt-tests/rt-tests.inc | 2 +- meta/recipes-support/apr/apr_1.4.8.bb | 2 +- meta/recipes-support/attr/attr.inc | 2 +- meta/recipes-support/attr/ea-acl.inc | 4 +- .../ca-certificates/ca-certificates_20130610.bb | 4 + .../curl/generate_code_for_disable_manual.patch | 38 + .../curl/remove_inappropriate_file_from_rel.patch | 8148 ++++++++++++++++++++ meta/recipes-support/curl/curl_7.35.0.bb | 4 +- meta/recipes-support/libiconv/libiconv_1.14.bb | 2 +- .../nss/files/nss-CVE-2013-1740.patch | 916 +++ .../nss/files/nss-CVE-2014-1492.patch | 68 + meta/recipes-support/nss/nss.inc | 2 + scripts/runqemu-internal | 2 +- scripts/send-error-report | 46 +- scripts/sstate-cache-management.sh | 6 +- 132 files changed, 12340 insertions(+), 193 deletions(-) create mode 100644 meta/recipes-connectivity/bind/bind/init.d-add-support-for-read-only-rootfs.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2653.patch create mode 100644 meta/recipes-connectivity/openssl/openssl-1.0.1e/openssl-CVE-2010-5298.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-CVE-2014-0198-fix.patch create mode 100644 meta/recipes-core/console-tools/console-tools-0.3.2/no-dep-on-libfl.patch create mode 100644 meta/recipes-core/eglibc/ldconfig-native-2.12.1/ldconfig-default-to-all-multilib-dirs.patch create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-0191-fix.patch create mode 100644 meta/recipes-devtools/mmc/mmc-utils/0001-mmc.h-don-t-include-asm-generic-int-ll64.h.patch create mode 100644 meta/recipes-devtools/python/python3/python-config.patch create mode 100644 meta/recipes-devtools/rpm/rpm/rpm-verify-files.patch create mode 100644 meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4131.patch create mode 100644 meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4277.patch create mode 100644 meta/recipes-devtools/subversion/subversion-1.7.10/subversion-CVE-2013-4505.patch create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1845.patch create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1847-CVE-2013-1846.patch create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-1849.patch create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4277.patch create mode 100644 meta/recipes-devtools/subversion/subversion/subversion-CVE-2013-4505.patch create mode 100644 meta/recipes-devtools/syslinux/files/syslinux-fix-parallel-building-issue.patch create mode 100644 meta/recipes-devtools/tcf-agent/tcf-agent/tcf-agent.service create mode 100644 meta/recipes-extended/procps/procps-3.2.8/detect_bitness.patch create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen-4.0.2-CVE-2009-1215.patch create mode 100644 meta/recipes-extended/screen/screen-4.0.3/screen-4.0.3-CVE-2009-1214.patch create mode 100644 meta/recipes-extended/xdg-utils/xdg-utils/0001-Reinstate-xdg-terminal.patch create mode 100644 meta/recipes-kernel/cryptodev/cryptodev-linux_1.6.bb create mode 100644 meta/recipes-kernel/cryptodev/cryptodev-module_1.6.bb create mode 100644 meta/recipes-kernel/cryptodev/cryptodev-tests_1.6.bb rename meta/{recipes-connectivity/openssl/cryptodev-linux_1.6.bb => recipes-kernel/cryptodev/cryptodev_1.6.inc} (43%) create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Add-the-compile-and-install-rules-for-cryptodev-test.patch create mode 100644 meta/recipes-kernel/cryptodev/files/0001-Disable-installing-header-file-provided-by-another-p.patch create mode 100644 meta/recipes-kernel/cryptodev/files/0002-Fix-tests-Makefile-usage-of-LDLIBS-vs.-LDFLAGS.patch create mode 100644 meta/recipes-kernel/cryptodev/files/0002-In-the-3.13-rc1-Linux-kernel-the-INIT_COMPLETION-mac.patch create mode 100644 meta/recipes-kernel/linux/linux-yocto-rt_3.14.bb create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alac-fix-nb_samples-order-case.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-alsdec-check-block-length.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-atrac3dec-Check-coding-mode-against-channels.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avcodec-msrle-use-av_image_get_linesize-to-calculate.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-avformat-mpegtsenc-Check-data-array-size-in-mpegts_w.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-eamad-fix-out-of-array-accesses.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-h264-correct-ref-count-check-and-limit-fix-out-of-ar.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Check-init_vlc-return-codes.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-huffyuvdec-Skip-len-0-cases.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-mjpegdec-check-SE.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-pgssubdec-check-RLE-size-before-copying.-Fix-out-of-.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-roqvideodec-check-dimensions-validity.patch create mode 100644 meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-vqavideo-check-chunk-sizes-before-reading-chunks.patch create mode 100644 meta/recipes-multimedia/libtiff/files/libtiff-CVE-2013-4231.patch create mode 100644 meta/recipes-support/curl/curl/generate_code_for_disable_manual.patch create mode 100644 meta/recipes-support/curl/curl/remove_inappropriate_file_from_rel.patch create mode 100644 meta/recipes-support/nss/files/nss-CVE-2013-1740.patch create mode 100644 meta/recipes-support/nss/files/nss-CVE-2014-1492.patch -- 1.8.3.1 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
