| Age | Commit message (Collapse) | Author |
|---|
|
-tzdata : upgrade from 2019b to 2019c.
-tzcode-native : upgrade from 2019b to 2019c.
-tzdata.bb and tzcode-native.bb require timezone.inc.
(From OE-Core rev: 0d58f5a01c7d49765d66a7e2d73eef0adb868eac)
Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit c5a382429d18642d35d40a4df6a58b971c724603)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Briefly:
Brazil no longer observes DST.
'zic -b slim' outputs smaller TZif files; please try it out.
Palestine's 2019 spring-forward transition was on 03-29, not 03-30.
Changes to future timestamps
Brazil has canceled DST and will stay on standard time indefinitely.
(Thanks to Steffen Thorsen, Marcus Diniz, and Daniel Soares de
Oliveira.)
Predictions for Morocco now go through 2087 instead of 2037, to
work around a problem on newlib when using TZif files output by
zic 2019a or earlier. (Problem reported by David Gauchard.)
Changes to past and future timestamps
Palestine's 2019 spring transition was 03-29 at 00:00, not 03-30
at 01:00. (Thanks to Sharef Mustafa and Even Scharning.) Guess
future transitions to be March's last Friday at 00:00.
Changes to past timestamps
Hong Kong's 1941-06-15 spring-forward transition was at 03:00, not
03:30. Its 1945 transition from JST to HKT was on 11-18 at 02:00,
not 09-15 at 00:00. In 1946 its spring-forward transition was on
04-21 at 00:00, not the previous day at 03:30. From 1946 through
1952 its fall-back transitions occurred at 04:30, not at 03:30.
In 1947 its fall-back transition was on 11-30, not 12-30.
(Thanks to P Chan.)
Changes to past time zone abbreviations
Italy's 1866 transition to Rome Mean Time was on December 12, not
September 22. This affects only the time zone abbreviation for
Europe/Rome between those dates. (Thanks to Stephen Trainor and
Luigi Rosa.)
Changes affecting metadata only
Add info about the Crimea situation in zone1970.tab and zone.tab.
(Problem reported by Serhii Demediuk.)
Changes to code
zic's new -b option supports a way to control data bloat and to
test for year-2038 bugs in software that reads TZif files.
'zic -b fat' and 'zic -b slim' generate larger and smaller output;
for example, changing from fat to slim shrinks the Europe/London
file from 3648 to 1599 bytes, saving about 56%. Fat and slim
files represent the same set of timestamps and use the same TZif
format as documented in tzfile(5) and in Internet RFC 8536.
Fat format attempts to work around bugs or incompatibilities in
older software, notably software that mishandles 64-bit TZif data
or uses obsolete TZ strings like "EET-2EEST" that lack DST rules.
Slim format is more efficient and does not work around 64-bit bugs
or obsolete TZ strings. Currently zic defaults to fat format
unless you compile with -DZIC_BLOAT_DEFAULT=\"slim\"; this
out-of-the-box default is intended to change in future releases
as the buggy software often mishandles timestamps anyway.
zic no longer treats a set of rules ending in 2037 specially.
Previously, zic assumed that such a ruleset meant that future
timestamps could not be predicted, and therefore omitted a
POSIX-like TZ string in the TZif output. The old behavior is no
longer needed for current tzdata, and caused problems with newlib
when used with older tzdata (reported by David Gauchard).
zic no longer generates some artifact transitions. For example,
Europe/London no longer has a no-op transition in January 1996.
Changes to build procedure
tzdata.zi now assumes zic 2017c or later. This shrinks tzdata.zi
by a percent or so.
Changes to documentation and commentary
The Makefile now documents the POSIXRULES macro as being obsolete,
and similarly, zic's -p POSIXRULES option is now documented as
being obsolete. Although the POSIXRULES feature still exists and
works as before, in practice it is rarely used for its intended
purpose, and it does not work either in the default reference
implementation (for timestamps after 2037) or in common
implementations such as GNU/Linux (for contemporary timestamps).
Since POSIXRULES was designed primarily as a temporary transition
facility for System V platforms that died off decades ago, it is
being decommissioned rather than institutionalized.
New info on Bonin Islands and Marcus (thanks to Wakaba and Phake
Nick).
(From OE-Core rev: 1d1dcea1d2de02cb49950235586adbe4593f0eb7)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit bbbb985808e5c301cdb7fdb1ff677706e99b4785)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: ea0553398a2882a7a6e3c276dd3d81129a417a25)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
(cherry picked from commit 3a9872c664cdc5c5a6ac712142ce1d28d6fcd6d1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 7c51ca8538f228d98a4b3411a15fde83516c0419)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 7f8f018ea5ef6ecb80c5b5250df90a8b690e6f47)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: abc2d1fad91f1378be3946e35d8f8f450823599e)
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also see:
https://github.com/libarchive/libarchive/issues/1276
(From OE-Core rev: b4628dd1ef9d50e8778cadae09e6d31886bd47d2)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Fixes:
WARNING: stress-1.0.4-r0 do_fetch: Failed to fetch URL http://people.seas.harvard.edu/~apw/stress/stress-1.0.4.tar.gz, attempting MIRRORS if available
(From OE-Core rev: 279c4da2e5f46dccfeff0c898c2205940be9e174)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It looks like https://www.sudo.ws/download.html changed certificate
and directory structure. This breaks fetching sources.
(From OE-Core rev: adb6af60dcf098bfce64168e6443c26d124661c4)
Signed-off-by: Ferry Toth <ftoth@exalondelft.nl>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit f02e9f46ce54fed3c7ddfad7d1003a2fb7ba3a67)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The old URI returns 404, and has an invalid TLS certificate.
(From OE-Core rev: abb42b83e1a96cdc7dac73e223a87cf078979c49)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 73ff6aba0a53ffc3ee0a5859a3ad4c8021be4de0)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This CVE is about race conditions in 'ps' which make it unsuitable for security
audits. As these race conditions are unavoidable ps shouldn't be used for
security auditing, so this isn't a valid CVE.
(From OE-Core rev: afc529aa689daed18af29ecc64f3dae1fcbdc282)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: c214c6c7c0f011c933da8b271630fd6833d84685)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 154e286042c289cbd225ba82aaf1247714aee857)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
During restructuring of the packaging in 2af4d6eb (tzdata: Install
everything by default), these two files remained in the tzdata
package, which is supposed to be empty. Move them to tzdata-core where
they belong.
Also simplify the definition of CONFFILES_tzdata-core. As its value
only takes effect for files that actually exist, there is no need to
complicate its definition by checking if a file is created before
adding it to the list of configuration files.
(From OE-Core rev: 50e64732585e0d3abe0a8e589d2122a7dc06c826)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0xffffffff))" command.
(From OE-Core rev: 650dd9486d6e5410665d5376be30732c7625396d)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit b1e0149c41e3c344a0496e64ab3b0c9dd4685ea4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 8bc35e7b23ca0f10f4a2f3c4f7137d3dedc051fb)
Signed-off-by: Dan Tran <dantran@microsoft.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
When using USE_NLS="no" in the local.conf psmisc will fail to
compile as follows:
| autoreconf: Entering directory `.'
| autoreconf: running: autopoint --force
| autoreconf: failed to run autopoint: No such file or directory
| autoreconf: autopoint is needed because this package uses Gettext
| ERROR: autoreconf execution failed.
This is because the gettext.bbclass returns gettext-minimal-native for
the host dependency which does not include autopoint. The autopoint
utility is required to build psmisc, so it needs to list
gettext-native as a dependency.
(From OE-Core rev: 423115b70a4a2cdef4b3882ad4491446b84a1f1e)
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Adrian Bunk <bunk@stusta.de>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 4f608782e43accb23aa144339ed9169b1718c4f0)
Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also include a patch to fix regression caused by it. See:
https://gitlab.com/federicomenaquintero/bzip2/issues/24
(From OE-Core rev: 91798737ec0aadcb5313c4c140393933420b066d)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: db17c2467af57a802f29a423ce1e9f0508bff5fe)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The original version of template.py parses the arguments manually. This
fails when looking for the -E option if, e.g., an -I option is specified
without any space before its argument, and that argument contains the
letter 'E'.
A minor difference to the original version is that it parsed the
arguments in the order they were specified on the command line whereas
this version will always handle -E before -o.
(From OE-Core rev: c4949e0109cc823101f56fc192474d3ceaa7d916)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is mainly whitespace clean up, plus using the with statement when
writing files.
(From OE-Core rev: b2c4a3571c9311ee7fca165817ccad6d77ecac7c)
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
1. Run run-ptest at arbitrary path
2. Fix large-subopt.in1 not found
...
|diff: /lib32-diffutils/3.7-r0/build/../diffutils-3.7/tests/large-subopt.in1:
No such file or directory
|diff: /lib32-diffutils/3.7-r0/build/../diffutils-3.7/tests/large-subopt.in2:
No such file or directory
...
(From OE-Core rev: ba4e54609e80abe12939bc01871d78d1914fdbaf)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* bc can be provided by busybox as well (e.g. if you have your own
defconfig and forget to explicitly disable it:
...
*
* Miscellaneous Utilities
*
adjtimex (4.7 kb) (ADJTIMEX) [N/y/?] n
bbconfig (9.7 kb) (BBCONFIG) [N/y/?] n
bc (45 kb) (BC) [Y/n/?] (NEW) dc (36 kb) (DC) [Y/n/?] y
Use bc code base for dc (larger, more features) (FEATURE_DC_BIG) [Y] (NEW) y
Interactive mode (+4kb) (FEATURE_BC_INTERACTIVE) [Y/n/?] (NEW) Enable bc/dc long options (FEATURE_BC_LONG_OPTIONS) [Y/n] (NEW) beep (2.4 kb) (BEEP) [N/y/?] n
chat (6.3 kb) (CHAT) [N/y/?] n
conspy (10 kb) (CONSPY) [N/y/?] n
...
), causing conflict in u-a:
update-alternatives: Error: not linking /usr/bin/bc to /bin/busybox.nosuid since /usr/bin/bc exists and is not a link
and then whole do_rootfs or do_populate_sdk to fail because busybox postinst is failing:
do_populate_sdk: Postinstall scriptlets of ['busybox'] have failed. If the intention is to defer them to first boot,
then please place them into pkg_postinst_ontarget_${PN} (). Deferring to first boot via 'exit 1' is no longer supported.
(From OE-Core rev: 99df89a2ee7fb4c896224b68ffbe0aad03c39601)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Whilst not complete, this resolves some module dependency failures being seen
by various lib*-perl ptests and in quilt.
(From OE-Core rev: 3f5f91a2a1f3ebb8151834ce4223dcd33f363803)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Bash's ptest needs glibc-utils (for locale), some extra locales for various tests
it uses options busybox doesn't support for some tools, hence coreutils and also runs
perl for some tests.
(From OE-Core rev: ea2fdbd84da199c89081a824ecb0b97cf5a56bdf)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This solves ptest runtime errors where make was missing causing the ptests
to fail.
(From OE-Core rev: 47bcd4dec32e87b7353b079f63931d11cd0568e6)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
[Fixup for warrior context]
[Dropped ptest fixes for pkg w/o ptests in warrior]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Source: tar.git
MR: 97928
Type: Security Fix
Disposition: Backport from http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120
ChangeID: 7aee4c0daf8ce813242fe7b872583560a32bc4e3
Description:
Affects tar < 1.32
fixes CVE-2019-9923
(From OE-Core rev: fa40d49bfb0dedea7f3dad454c408e249f4c05f7)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This reverts commit c3a325b5c2d9315629d014e5ebba552fe045171c.
This seems to be causing:
WARNING: acpica-20180508-r0 do_package: acpica: alternative target (/usr/bin/acpidump or /usr/bin/acpidump.acpica) does not exist, skipping...
WARNING: acpica-20180508-r0 do_package: acpica: NOT adding alternative provide /usr/bin/acpidump: /usr/bin/acpidump.acpica does not exist
WARNING: acpica-20180508-r0 do_package: acpica: alt_link == alt_target: /usr/bin/acpidump == /usr/bin/acpidump
because the 20180508 version in warrior unlike the 20190405 in master doesn't install acpidump binary.
(From OE-Core rev: ba36b0c5c1db632dd849f3f28f83c272530f67b6)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The third field in the /etc/shadow file (sp_lstchg) contains the date of
the last password change expressed as the number of days since Jan 1,
1970.
Backport the upstream changes to honour SOURCE_DATE_EPOCH for build
reproducibility.
(From OE-Core rev: 807a2f76e86d34fa69b0b2b369287985cc9eff78)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
acpidump is both provided by acpica and pmtools, so use
update-alternatives to fix conflicts:
...
|Error: Transaction check error:
| file /usr/bin/acpidump conflicts between attempted installs of
pmtools-20130209+git0+3ebe0e54c5-r0.i586 and acpica-20190405-r0.i586
...
(From OE-Core rev: c3a325b5c2d9315629d014e5ebba552fe045171c)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: 23822fb39341ba064d2e01389409958f6b4dd15c)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
native clashing
The rmt in cpio-native and tar-native is clashing, since
tar-native has set var-NATIVE_PACKAGE_PATH_SUFFIX, we move rmt
to sbindir, and add suffix NATIVE_PACKAGE_PATH_SUFFIX to sbindir
could avoid the clashing.
And in Ubuntu, rmt is in sbindir
$ which rmt
/usr/sbin/rmt
(From OE-Core rev: 9f47cea3c58a53db8599f1be4ff4401406c00928)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch from upstream to fix the following error.
"setrlimit03.c:54: FAIL: call succeeded unexpectedly"
(From OE-Core rev: 908173cfbec631139283f3b35be03865eb7d73b1)
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This patch tried to address a gcc problem when -Og is used, but it did
cause regressions on normal compiles when using clang e.g. the real
problem is to fix the compiler until then disable the warning in
DEBUG_FLAGS
This reverts commit 630281663893cdcfa9c4323b717b415d87d5510f.
(From OE-Core rev: 949961cdf7d4639da538045dc83c2a354e16ea80)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass
the -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document.
It was found that the superexec operator was available in the internal
dictionary in ghostscript before 9.27. A specially crafted PostScript
file could use this flaw in order to, for example, have access to the
file system outside of the constrains imposed by -dSAFER.
It was found that the forceput operator could be extracted from the
DefineResource method in ghostscript before 9.27. A specially crafted
PostScript file could use this flaw in order to, for example, have
access to the file system outside of the constrains imposed by -dSAFER.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6116
https://www.openwall.com/lists/oss-security/2019/01/23/5
https://nvd.nist.gov/vuln/detail/CVE-2019-3835
https://nvd.nist.gov/vuln/detail/CVE-2019-3838
Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f1309
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e
(From OE-Core rev: 12e140dfdac8456772223c816e37bd869419bb18)
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Now that docbook-xml and docbook-xsl are writing catalog files, tell
xmllint/xsltproc where the catalog is.
(From OE-Core rev: e60ec1dc23df918a7ec2e4572233ee12e73f4aff)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
libxml-native by default uses a XML catalogue at /etc/xml/catalog, instead of
the one in the sysroot. Until this is fixed (#13260) override the XML catalogue
manually in the recipe to point explicitly at the docbook-xml and docbook-xsl
catalogues.
This fixes either complete build failures (where the host doesn't have
docbook-xml installed) or slow builds (where the host doesn't have docbook-xsl
installed).
(From OE-Core rev: efb6168e41797ad6ed00ede6f3d9141b90eff4b5)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
tzdata is converted to an empty meta package which pulls in all
subpackages. The subpackages are defined in a TZ_PACKAGES variable so
that we don't have to repeat ourselves.
The timezones and conffiles which were in the tzdata package are moved
to a new 'tzdata-core' package.
(From OE-Core rev: 2af4d6eb2526d60b26bc5128068541ff3350fb58)
Signed-off-by: Paul Barker <paul@betafive.co.uk>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Backport a patch from upstream to use GNUInstallDirs instead of hand-coded path
logic, so we have proper control over where files end up.
(From OE-Core rev: 7c7d8ce6fe54e239374a6a04c007b4aa0712ba33)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
lzip is pretty niche: people are typically either sticking with that they know
(gzip, bzip) or using xz. Data point: only one recipe in oe-core is shipped as
a .lz file.
(From OE-Core rev: 80b0ac3bdbaee50d0023b7c869dd204485903dfe)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
(From OE-Core rev: cf7473fae0f339286221f8e2b54d5c38ea41e6e2)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
There's a sort-of-official port of asciidoc to Python 3. Whilst the official
replacement is asciidoctor which is rewritten in Ruby, this is a fairly trivial
swap and removes Python 2 from core-image-sato builds entirely.
Moving forward we should evaluate asciidoctor, but that can wait.
Change the RDEPENDS so that python3 is only a dependency for target and
nativesdk builds, for native this can use the host python3.
Remove redundant DESTDIR export that isn't needed.
(From OE-Core rev: 266a13139ea45e28deb167f077917f04c3bdb7e6)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The previous SRC_URI seems to be gone, and sysklogd hasn't received
any updates there for a long time.
The new location says:
Origin & References
This is the continuation of the original sysklogd by Martin Schulze.
Now maintained by Joachim Nilsson. Please file bug reports, or send
pull requests for bug fixes and proposed extensions at GitHub.
and generally seems credible: http://troglobit.com/
(From OE-Core rev: 22a4a6fe24c26dd5ae4a82a742c9bdf41c6bf2b7)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
blktool-gnulib-makedev.patch is actually doing the same
thing as 0004-fix-ftbfs-glibc-2.28.patch, so we end up
including the same file twice.
(From OE-Core rev: 8de82c63fe49917c80d1b634819ae2001625a645)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This update adds a patch from Debian to match the latest version there.
(From OE-Core rev: 11fdad15c2c8f4b4be696008bac0841a271aa161)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The 2019a release of the tz code and data is available. It reflects the following changes, which were either circulated on the tz mailing list or are relatively minor technical or administrative changes:
Briefly:
Palestine "springs forward" on 2019-03-30 instead of 2019-03-23.
Metlakatla "fell back" to rejoin Alaska Time on 2019-01-20 at 02:00.
Changes to past and future timestamps
Palestine will not start DST until 2019-03-30, instead of 2019-03-23 as
previously predicted. Adjust our prediction by guessing that spring
transitions will be between 24 and 30 March, which matches recent practice
since 2016. (Thanks to Even Scharning and Tim Parenti.)
Metlakatla ended its observance of Pacific standard time,
rejoining Alaska Time, on 2019-01-20 at 02:00. (Thanks to Ryan
Stanley and Tim Parenti.)
Changes to past timestamps
Israel observed DST in 1980 (08-02/09-13) and 1984 (05-05/08-25).
(Thanks to Alois Treindl and Isaac Starkman.)
Changes to time zone abbreviations
Etc/UCT is now a backward-compatibility link to Etc/UTC, instead
of being a separate zone that generates the abbreviation "UCT",
which nowadays is typically a typo. (Problem reported by Isiah
Meadows.)
Changes to code
zic now has an -r option to limit the time range of output data.
For example, 'zic -r @1000000000' limits the output data to
timestamps starting 1000000000 seconds after the Epoch.
This helps shrink output size and can be useful for applications
not needing the full timestamp history, such as TZDIST truncation;
see Internet RFC 8536 section 5.1. (Inspired by a feature request
from Christopher Wong, helped along by bug reports from Wong and
from Tim Parenti.)
Changes to documentation
Mention Internet RFC 8536 (February 2019), which documents TZif.
tz-link.html now cites tzdata-meta
<https://tzdata-meta.timtimeonline.com/>.
(From OE-Core rev: f51df4809be08fa7e137467a386637ebe7b57175)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Test case:
* open xfce4-terminal
* run 'echo | less'
* press arrow up/down few times
* exit less with 'q'
=> From now on all mouse(wheel) buttons create strange inputs on terminal
Release note says [1]: "Sometimes the terminal was left in mouse-reporting mode
after exiting less."
http://www.greenwoodsoftware.com/less/index.html
(From OE-Core rev: 4cefbf492d98ec14b8bb323c92d987b795addaf2)
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Convert existing EXTRA_OECONF and DEPENDS to PACKAGECONFIG, fill out
remaining PACKAGECONFIG options. When building without libpsl we pass in
--without-libpsl, which we didn't previously, but all this actually ends
up doing is silencing a warning from the configure script, the code
still uses an internal implemention when using this option.
(From OE-Core rev: 6472261c7dba1ecc67d639d13b7cf04258f13c7c)
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
when compile with DEBUG_OPTIMIZATION(-Og), compile failed with below
error, fix by add -Wno-error:
[snip]
| Incremental.c: In function 'Incremental_container':
| Incremental.c:1593:3: error: 'mdfd' may be used uninitialized in this function [-Werror=maybe-uninitialized]
| close(mdfd);
| ^~~~~~~~~~~
[snip]
super-intel.c: In function 'apply_takeover_update':
| super-intel.c:9615:15: error: '%d' directive writing between 1 and 11 bytes into a region of size 7 [-Werror=format-overflow=]
| " MISSING_%d", du->index);
| ^~
...
(From OE-Core rev: 1e0dbc9e320b200b948abaae418f640f9f65fe06)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
Zang Ruochen
Armin Kuster
Anuj Mittal
Adrian Bunk
Ferry Toth
Alexander Kanavin
Ross Burton
Peter Kjellerstedt
Changqing Li
Dan Tran
Jason Wessel
Naveen Saini
Hongxu Jia
Martin Jansa
Richard Purdie
Armin Kuster
Alex Kiernan
Chen Qi
He Zhe
Khem Raj
Ovidiu Panait
Paul Barker
Andreas Müller