Age | Commit message (Collapse) | Author |
|
Remove _GLOBAL_OFFSET_TABLE_ definition from u-boot/mpc85xx/u-boot*.lds
In binutils-2.25, the _GLOBAL_OFFSET_TABLE_ symbols defined by PROVIDE in
u-boot.lds overrides the linker built-in symbols
(https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=b893397a4b1316610f49819344817715e4305de9),
so the linker is treating _GLOBAL_OFFSET_TABLE_ as a definition into the .reloc section.
To align with the change of binutils-2.25, the _GLOBAL_OFFSET_TABLE_ symbol
should not be defined in sections, and the symbols in linker generated .got
section should be used(https://sourceware.org/ml/binutils/2008-09/msg00122.html).
Fixed the following build errors with binutils-2.25:
| powerpc-poky-linux-gnuspe-ld.bfd: _GLOBAL_OFFSET_TABLE_ not defined in linker created .got
[YOCTO #7145]
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
This fixes a 1-byte NULL write past the end of allocated memory
References
http://seclists.org/oss-sec/2015/q1/582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9683
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Fixes memory corruption or panic during key garbage collection
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9529
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Insufficient syscall number validation in perf and ftrace subsystems
CVE-2014-7825
Fixes an out-of-bounds memory access flaw, in the syscall tracing
functionality of the Linux kernel's perf subsystem.
CVE-2014-7826
Fixes an out-of-bounds memory access flaw, in the syscall
tracing functionality of the Linux kernel's ftrace subsystem.
References:
http://www.openwall.com/lists/oss-security/2014/11/06/11
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Fixes a potential privilege escalation flaw when the Linux
kernel is built with the user namespaces(CONFIG_USER_NS)
References:
http://www.openwall.com/lists/oss-security/2014/06/10/4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Fixes a denial of service flaw in the Linux kernel
built with the shared memory suppor
Reference:
http://www.openwall.com/lists/oss-security/2014/06/18/11
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
try_to_unmap_cluster() should lock_page() before mlocking
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Explicitly clear ramdisk_mcp backend pages
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027
http://permalink.gmane.org/gmane.linux.scsi.target.devel/6618
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Handle numid overflow
Make sure that id->index does not overflow
References:
http://www.openwall.com/lists/oss-security/2014/06/26/6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
NULL pointer dereference in af->from_addr_param on malformed packet
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
sk_ack_backlog wrap-around problem
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
CVE-2014-4652
Protect user controls against concurrent access
CVE-2014-4653
Don't access controls outside of protected regions
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
audit_krule mask accesses need bounds checking
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
CVE-2014-3673
skb_over_panic when receiving malformed ASCONF chunks
Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK
chunks.")
CVE-2014-3687
panic on duplicate ASCONF chunks
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1
packet")
CVE-2014-3688
remote memory pressure from excessive queueing
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1
packet")
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
http://www.openwall.com/lists/oss-security/2014/11/13/8
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
CVE-2014-3601
Fixes the third parameter of kvm_iommu_put_pages
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn - slot->base_gfn'.
CVE-2014-8369
Fixes excessive pages un-pinning in kvm_iommu_map error path.
(This vulnerability exists because of an incorrect fix for CVE-2014-3601
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369
https://bugzilla.redhat.com/show_bug.cgi?id=1156518
https://lkml.org/lkml/2014/10/24/460
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
CVE-2014-3181 Kernel: HID: OOB write in magicmouse driver
CVE-2014-3182 Kernel: HID: logitech-dj OOB array access
CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routine
CVE-2014-3185 Kernel: USB serial: memory corruption flaw
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Fixes null pointer dereference when processing authenticated cookie_echo chunk
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101
https://bugzilla.redhat.com/show_bug.cgi?id=1070705
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f9
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Avoid infinite loop when processing indirect ICBs
References:
http://seclists.org/oss-sec/2014/q3/600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
This patches fixes mount flags handling during remount issue.
The patches come from:
https://www.kernel.org (remotes/origin/linux-3.12.y branch)
References:
http://seclists.org/oss-sec/2014/q3/357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5207
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
This aligns with the default setting in Poky.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
this is not bsp related, remove it.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
This pkg is for fsl security, not bsp related. will put it to fsl
distro layer for security.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
This includes following fixes:
2d35e98 CST : Add P2041 support to cst.
c8b29ef CST: initialize uninitialized variables
6d30fc3 Makefile: use CFLAGS environment variable
39a4b89 Makefile: add install rule
7e9d814 Makefile: check OPENSSL setting before use
4ce2fd1 Modify input files to add HASH_FILE and SIGN_FILE felds.
2934719 ls1: ie_key files modified
13cef32 ls1: Remove extra keys from input file in ls1
14660b8 Modify input files to make consisitency with images.
6dbd697 Modify signature offset.
b6d3fe6 input_files/uni_sign: Updated uboot binary name to u-boot.bin
2344105 IE Keys : Add input files
517b3d8 Fixed error handling for sign_embed tool.
f711555 Modify ESBC header fields and use case for SRK and IE KEY.
c9361dd sign_embed: it would embed signature over header passed.
ec541fa gen_sign: it would calculate and generate signature over hash passed.
3b0a522 Modifications for changing argc to optind.
78cfdba Parsing of esbc flag is done prior of other fields.
c0f49a8 Add feature of comparison of key pairs.
c22c94f Add gen_drv tool.
7abb3e1 Modularise the key extraction from key file.
5ac9cd1 Add error handling for not supported values provided as input.
64eb9c4 Modify parsing of field values.
c73ae3a Modify Makefile to discard compilation of uni_pbi tool.
8023fa1 Modify usage of gen_otpmk utility.
9065d2a Corrected the setting of FSL_UID and OEM_UID flag
7b688ed uni_pbi tool added
4ae8899 LS2 specific changes.
5e856de Add T2080 as target.
582fa00 Add input files for ie_key usage.
f5ac295 Modify features enabled with different options.
bcb3791 modify option available.
34c2290 Add key_ext option.
3abf8d3 Signature is moved to end.
7d58769 Add feature to accept externally generated signature.
43a917a Add export hash feature.
d1877da Remove redundancy with keys usage.
9b049cb Add LS2 header support.
8b0044b Add IE key usage support for ESBC header.
a684f4f support for ESBC header generation
63c901a Add ISBC Extension Key Feature.
746a9b9 Linked implementation for headers and tables
15ae37e Revert "LS1021: unisign fixed for group5"
54661bb Corrected LS1 input files.
5f58c80 Corrected dtb name in input file for LS1 dtb
8c0feeb LS1: Change the input file for NOR addresses
Also sync with meta-fsl-arm.
|
|
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
* QE_UCODE definition is moved to <machine>.conf
* add check if QE_UCODE defined in anonymous python function
* install the binary into /boot
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
The multilib setting was set in <core>.inc which was included by
the <machine>.conf. In bitbake.conf, <machine>.conf is included
after local.conf. Change to use ?= to not override the value in
local.conf.
This is useful when using external toolchain which does not need
to enable multilib.
Signed-off-by: Zongchun Yu <Zongchun.Yu@freescale.com>
|
|
This includes following fixes:
35af73f Fix: Copy user-space buffer of injected control frame to kernel
00c8040 Add multiple error labels in the probe function
2835689 Fix: Remove memory leaks when the module is removed or fails on probing
d770a37 Fix: Remove compile warning on 32b
89e29fc Fix: Remove unnecessary checks
adbb47e Beautify: Rename macros into more proper names
d5cac6e Add "poll()" function for NPI device
220cee3 Replace rescheduling with work queues
2a5fe4e Add cacheline support for extraction of control frames
6f14f0b Fix: UIO device might not be removed properly if module fails to initialize
2dcea55 Removed unecessary includes
1077880 Add UIO driver
68ab7bd Initial empty repository
update COMPATIBLE_MACHINE to use soc_family.
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
The source code of cs4315-firmware is not available in public git repo
due to license issue, remove the recipe.
Build error log:
ERROR: Function failed: Fetcher failure for URL: 'git://git.freescale.com/ppc/sdk/firmware.git;nobranch=1'. Unable to fetch URL from any source.
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
This update to fsl sdk v1.7 release. The detailed changes
can be found at:
http://git.freescale.com/git/cgit.cgi/ppc/sdk/asf.git/
Other changes to sync with meta-fsl-arm:
* install kernel modules to ${D}/lib/modules/${KERNEL_VERSION}/asf
* install scripts to ${D}/${libexecdir}/
* remove dependency on virtual/kernel as it inherit module.bbclass
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
e6500 is a specific core which only support 64bit kernel, no
matter rootfs is 32b/64b. qoriq_build_64bit_kernel.bbclass
was added to do this.
BUILD_64BIT_KERNEL is only set for e6500. It is duplicate to check
core and BUILD_64BIT_KERNEL at the same time. remove one.
Signed-off-by: Zongchun Yu <Zongchun.Yu@freescale.com>
|
|
This includes following fixes:
49efc94 Add QE ucode binary for T1024 and LS1021a
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Currently pkc-host does not support RSA_KEYGEN. When pkc-host
installed, RSA keygen operations should be avoided.
Introduce DISTRO_FEATURE "c29x_pkc". To install pkc-host, this
feature should be enabled. Then cryptodev checks it to disable
RSA_KEYGEN.
this can be done in conf/local.conf:
DISTRO_FEATURES_append = " c29x_pkc"
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
|
|
- Nikos handed over project maintainance to Phil Sutter.
- Several pending patches have been merged upstream so we removed
them from the recipe. The remaining ones have been sorted
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Change-Id: I0c6160c739d379ba787e72423d1564b9a3d05d8b
Reviewed-on: http://git.am.freescale.net:8181/24177
Reviewed-by: Zhenhua Luo <zhenhua.luo@freescale.com>
Tested-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
- include fixes for algorithm registration and 32-bit application hanging
on E5500 cores.
- add offloading suport for aes-gcm
- upstream patches are kept except for the documentation patch which is
no longer necessary
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
|
|
* introduce variable RULE for DPAA FMan ethernet ports name rule.
* use 72-fsl-dpaa-persistent-networking.rules for t1024, same as e6500.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
This update to fsl sdk v1.7 release. There are 143 new commits.
The detailed changes can be found at:
http://git.freescale.com/git/cgit.cgi/ppc/sdk/usdpaa.git/
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
listing machine names in recipe is painful when adding support
for boards with same soc. use soc_family instead.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
This includes following fixes:
4cda2e3 fm-ucode: add t1040 and t2080 rev 1.1 files
222cd35 fm-ucode: remove prev version of _t1040_r1.0_107_
c5006bf fm-ucode: add t1024 packages
2698dc3 fm-ucode: release 107.4.2
3b66ca5 fm-ucode: new version 107_4_2_candidate1
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
listing machine names in recipe is painful when adding support
for boards with same soc. use soc_family instead.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
This includes following fixes:
27156a6 skmm-ep: add gcc flag '-mno-strict-align' to improve performance
d6adb62 skmm-ep: fix up skmm application segment fault
13deed1 DMA: fix the mmap failed check
bc505e5 PCIDMA: Add DMA chain and multiple channel support
68ee05f Temporarily add fsl_pci_ep_vfio.h which should be in linux
9e6e2cb PCIDMA: Change DMA BWC and memory allocation
4805577 PCIDMA: Add MSIX trigger functionality
31f653a PCIDMA: Add MSIX outbound window support
e903be6 PCIDMA: Adjust PCI EP display information
7f8012d PCIDMA: Change DMA channel initialization code
fb29219 PCIDMA: Remove duplicate code
Also add missing DEPENDS on virtual/kernel
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
The preferred version of qemu defined in this layer (1.7) does not have
the same configuration options as the original yocto version (2.0).
Since this recipe includes yocto's qemu.inc, some of the configuration
options defined there generate an error during the do_configure task:
| ERROR: unknown option --disable-vte
Setting PACKAGECONFIG[option] to an empty string fixes the problem.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|