From: Jackie Huang jackie.hu...@windriver.com
* Add a patch to use CROSSPYTHONPATH as PYTHONPATH for
PYTHON_FOR_BUILD, otherwise CROSSPYTHONPATH is never used,
and it use the path in target builds to find libraries.
* Add a patch to avoid finding host headers and libs
* Fix a typo:
Please consider the these changes for Dizzy next.
The following changes since commit 6dcaf44d8c28c466ff271d5f5585a84632bf8769:
subversion: Security Advisory - subversion - CVE-2014-3522 (2014-11-11
09:04:57 -0800)
are available in the git repository at:
From: Yue Tao yue@windriver.com
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before
1.8.10 uses an MD5 hash of the URL and authentication realm to store
cached credentials, which makes it easier for remote servers to obtain
the credentials via a crafted authentication realm.
From: Chong Lu chong...@windriver.com
the patch comes from:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-1568
https://bugzilla.mozilla.org/show_bug.cgi?id=1064636
nss ng log:
=
changeset: 11252:ad411fb64046
user:Kai Engert k...@kuix.de
date:Tue Sep 23 19:28:34
(From OE-Core rev: 2f8940e8b2a0537f131a6d5410e85bba07a8c116)
Signed-off-by: Armin Kuster akuster...@gmail.com
Signed-off-by: Ross Burton ross.bur...@intel.com
Signed-off-by: Richard Purdie richard.pur...@linuxfoundation.org
Signed-off-by: Armin Kuster akuster...@gmail.com
---
From: Chong Lu chong...@windriver.com
By not detecting and rejecting domain names for partial literal IP addresses
properly when parsing received HTTP cookies, libcurl can be fooled to both
sending cookies to wrong sites and into allowing arbitrary sites to set cookies
for others.
(From OE-Core
(From OE-Core rev: 3ab9dfb703835fee21fd73c4e5cbad1c34c6a163)
Signed-off-by: Armin Kuster akuster...@gmail.com
Signed-off-by: Ross Burton ross.bur...@intel.com
Signed-off-by: Richard Purdie richard.pur...@linuxfoundation.org
Signed-off-by: Armin Kuster akuster...@gmail.com
---
From: Chong Lu chong...@windriver.com
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs), thus
making them apply broader than cookies are allowed. This can allow arbitrary
sites to set cookies that then would get sent to a different and unrelated site
or domain.
(From OE-Core
Peter Seebach peter.seebach@... writes:
On Tue, 11 Nov 2014 10:55:24 +
Richard Purdie richard.purdie@... wrote:
Whilst I haven't 100% confirmed it,
https://autobuilder.yoctoproject.org/main/builders/poky-tiny/builds/102/steps/...
looks like it may well be as a result of this
There's subversion 1.8.10 in master branch that has included the CVE fixes.
Would you like to backport 1.8.10 from master? Or just patch 1.8.9 to
fix this CVE?
Thanks
Wenzong
On 11/19/2014 12:18 AM, Armin Kuster wrote:
From: Yue Tao yue@windriver.com
Apache Subversion 1.0.0 through
As https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
mentioned:
We recommend all users to upgrade to Subversion 1.8.10. Users of
Subversion 1.7.x or 1.8.x who are unable to upgrade may apply the
included patch. We also recommend that all users upgrade to Serf 1.3.7
or
From: Yue Tao yue@windriver.com
[ Sent for Yocto Project compliance, not believed to be generally applicable ]
do_rootfs() runs depmod on the final rootfs, so the depmod files are
in the rootfs image. But the kernel module .tgz doesn't have the files.
If you un-tar the new version of the
From: Yue Tao yue@windriver.com
WARNING: QA Issue: lib64-libpam: Files/directories were installed but
not shipped
/usr/sbin/pam_console_apply
Because the package name is changed to mlprefix-pam-plugin-console. The file
must be appended to that item.
Signed-off-by: Yue Tao
From: Robert Yang liezhi.y...@windriver.com
Disable it since ICE on mips with wr toolchain only:
translate.c:7838:1: internal compiler error: Segmentation fault
Signed-off-by: Robert Yang liezhi.y...@windriver.com
Signed-off-by: Mark Hatle mark.ha...@windriver.com
---
The companion debug filesystem contains only the package database and the
complementary *-dbg packages for the main filesystem component. This is
useful in a production environment to produce a companion filesystem capable
of remote system debugging, without requiring corresponding debug symbols
From: Robert Yang liezhi.y...@windriver.com
[ Sent for Yocto Project compliance, unlikely to be generally applicable ]
There are no MS_* macros are added after glibc 2.7.0, but it is 2.5 on
CentOS 5.10, so workaround atm, I think that we can try to use the
macros from libmount.h as a fix.
From: Roy Li rongqing...@windriver.com
Backport patch to fix the segfault when do multiple.
Signed-off-by: Roy Li rongqing...@windriver.com
Signed-off-by: Mark Hatle mark.ha...@windriver.com
---
.../nss/files/Using-correct-macro-for-x86.patch| 42 ++
From: Roy Li rongqing...@windriver.com
Issue: LIN7-1755
Issue: LIN7-1739
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8541
libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension
differences, and not bits-per-pixel differences, when determining whether an
image size
Wenzong,
I wanted to just patch 1.8.9 for dizzy since 1.8.10 included more than
just security fixes. Looks like my subject should have included
[dizzy] even though the cover letter did. I will have to be more
careful next time.
thanks,
Armin
On 11/18/2014 05:29 PM, wenzong fan wrote:
Removed Poky-1.4, Poky-1.5, Ubuntu-13.10, Fedora-19,
CentOs-6.4,Suse-LINUX-12.2. Replaced the list of Debian-7.x with wildcard.
Signed-off-by: Lucian Musat
george.l.mu...@intel.commailto:george.l.mu...@intel.com
---
meta-yocto/conf/distro/poky.conf | 14 +-
1 file changed, 1
And modified condition to install complementary packages.
Signed-off-by: Lucian Musat
george.l.mu...@intel.commailto:george.l.mu...@intel.com
---
meta/lib/oeqa/runtime/_ptest.py | 10 +++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/meta/lib/oeqa/runtime/_ptest.py
21 matches
Mail list logo