- Nov 19, 2014
-
-
Peter Bigot authored
The only version available at the original URI is patch 9. All releases are available at the /releases sub-path. Signed-off-by:
Peter A. Bigot <pab@pabigot.com> Signed-off-by:
Martin Jansa <Martin.Jansa@gmail.com>
-
Yevhen Kyriukha authored
Signed-off-by:
Yevhen Kyriukha <kirgene@gmail.com> Acked-by:
Maciej Borzecki <maciej.borzecki@open-rnd.pl> Signed-off-by:
-
Xufeng Zhang authored
When udp connection is used, there are several memory leaks happen after run a long time. Signed-off-by:
Xufeng Zhang <xufeng.zhang@windriver.com> Signed-off-by:
Roy Li <rongqing.li@windriver.com> Signed-off-by:
-
Mario Domenech Goulart authored
gmock is a library for writing and using C++ mock classes, by Google. Signed-off-by:
Mario Domenech Goulart <mario@ossystems.com.br> Signed-off-by:
-
Mario Domenech Goulart authored
gtest is a framework for writing C++ tests, by Google. Signed-off-by:
-
Andreas Müller authored
* g_memmove was deprecated ib glib-2.0 2.40 * opening a remote connection created by gigolo with thunar failed with: | thunar: symbol lookup error: /usr/lib/modules/libgvfsdbus.so: undefined symbol: g_memmove * further tests showed that browsing in windows networks is fixed now Signed-off-by:
Andreas Müller <schnitzeltony@googlemail.com> Signed-off-by:
-
Andreas Müller authored
see [1] for more information https://bugzilla.xfce.org/show_bug.cgi?id=10916 Signed-off-by:
-
- Nov 17, 2014
-
-
Andrea Adami authored
NOTE: we track master upstream so we are some commits ahead v 1.5.1. Signed-off-by:Andrea Adami <andrea.adami@gmail.com>
-
Andrea Adami authored
Next patch replaces with v. 1.5.1 and new/rebased patchset Signed-off-by: -
Andrea Adami authored
Fix build of klibc extending the EXTRA_OEMAKE. | LIST usr/klibc/klib.list | KLIBCAR usr/klibc/libc.a | KLIBCLD usr/klibc/libc.so | arm-oe-linux-gnueabi-ld: cannot find libgcc.a: No such file or directory | make[2]: *** [usr/klibc/libc.so] Error 1 | make[2]: *** Waiting for unfinished jobs.... | make[1]: *** [all] Error 2 | make: *** [klibc] Error 2 | ERROR: oe_runmake failed Signed-off-by:
-
- Nov 10, 2014
-
-
Roy Li authored
aliases.db should be created by postinstall script, but failed since queue_directory is not includes root dir ${D}: ------ |newaliases: fatal: chdir /var/spool/postfix: No such file or directory ------ initscript will recall newaliases before start postfix daemon, the similar method, which run aliasesdb to create aliases.db when using systemd, is introduced to fix this issue. Signed-off-by:Joe MacDonald <joe_macdonald@mentor.com>
-
Hongxu Jia authored
The previous do_install is empty and do nothing. Tweak install doc dir, so the man doc could be installed to /usr/share/man rather than /usr/locale/man. Signed-off-by:
Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by:
-
Hongxu Jia authored
The previous do_install is empty and do nothing. Unset variables datadir and mandir, use pimd's default set. So it could install doc files correctly. Signed-off-by:
-
Jackie Huang authored
Fixed: make[1]: *** No rule to make target '-lm', needed by 'traceroute'. Stop. Signed-off-by:
Jackie Huang <jackie.huang@windriver.com> Signed-off-by:
-
- Nov 07, 2014
-
-
Chen Qi authored
As this recipe doesn't inherit update-rc.d, we need to add to its runtime dependency initscripts-functions ourselves. Otherwise, we would spot errors in systemd systems when we execute commands like `systemctl start krb5-kdc'. Signed-off-by:
Chen Qi <Qi.Chen@windriver.com> Signed-off-by:
-
Kang Kai authored
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2525 Signed-off-by:
Yue Tao <Yue.Tao@windriver.com> Signed-off-by:
Kai Kang <kai.kang@windriver.com> Signed-off-by:
-
Kang Kai authored
Coverity identified a number of places in which it couldn't prove that a string being copied into a fixed-size buffer would fit. We believe that most, perhaps all of these are in fact safe, or are copying data that is coming from a trusted source so that any overrun is not really a security issue. Nonetheless it seems prudent to forestall any risk by using strlcpy() and similar functions. Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports. In addition, fix a potential null-pointer-dereference crash in contrib/chkpass. The crypt(3) function is defined to return NULL on failure, but chkpass.c didn't check for that before using the result. The main practical case in which this could be an issue is if libc is configured to refuse to execute unapproved hashing algorithms (e.g., "FIPS mode"). This ideally should've been a separate commit, but since it touches code adjacent to one of the buffer overrun changes, I included it in this commit to avoid last-minute merge issues. This issue was reported by Honza Horak. Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt() https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0065 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0066 Signed-off-by:
-
Kang Kai authored
The make check command for the test suites in PostgreSQL 9.3.3 and earlier does not properly invoke initdb to specify the authentication requirements for a database cluster to be used for the tests, which allows local users to gain privileges by leveraging access to this cluster. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0067 Signed-off-by:
-
Kang Kai authored
Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via vectors related to an incorrect MAXDATELEN constant and datetime values involving (1) intervals, (2) timestamps, or (3) timezones, a different vulnerability than CVE-2014-0065. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0063 Signed-off-by:
-
Kang Kai authored
Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0062 Signed-off-by:
-
Kang Kai authored
The validator functions for the procedural languages (PLs) in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is (1) defined in another language or (2) not allowed to be directly called by the user due to permissions. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0061 Signed-off-by:
-
Kang Kai authored
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0060 Signed-off-by:
-
Kang Kai authored
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0064 Signed-off-by:
-
Chen Qi authored
Use ${PN} instead of hardcoding 'mariadb' so that everything works fine in case of multilib. Signed-off-by: -
Anders Darander authored
minidump_stackwalk looks for a .sym file extension. Correct the extension used for the generated file. Signed-off-by:
Anders Darander <anders@chargestorm.se> Signed-off-by:
-
Yue Tao authored
Replace the PN with BPN to fix the multilib build. The error is: /ala-lpggp21/bpiolin/intel-x86-64-gplv2-4/bitbake_build/tmp/pkgdata/*/runtime-reverse/lib32-libfftw: No such file or directory Because the PN causes the package is named as lib32-liblib32-fftw. Signed-off-by:
-
Chen Qi authored
Change socket location to /var/lib/mysql/mysql.sock. Otherwise, we could spot errors in systemd systems like below. mysqladmin: connect to server at 'localhost' failed error: 'Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)' Check that mysqld is running and that the socket: '/tmp/mysql.sock' exists! This is because mysqld.service is using PrivateTmp=true. Signed-off-by:
-
Jackie Huang authored
* No configure option for valgrind, use the ac_cv_header_* * The PACKAGECONFIG for valgrind is disabled by default Signed-off-by:
-
- Nov 04, 2014
-
-
Jackie Huang authored
inhert perlnative and make sure we use nativeperl to run perl scripts when compile. fixed: | ./makeman.pl | Can't locate Fatal.pm in @INC Signed-off-by:
-
Chong Lu authored
This solves the following warning: squid-3.4.7: squid requires /bin/bash, /usr/bin/perl, but no providers in its RDEPENDS [file-rdeps] Signed-off-by:
Chong Lu <Chong.Lu@windriver.com> Signed-off-by:
-
Chong Lu authored
This solves the following warning: polarssl-1.3.8: polarssl: Files/directories were installed but not shipped /usr/lib /usr/lib/libpolarssl.so.1.3.8 /usr/lib/libpolarssl.so.7 /usr/lib/libpolarssl.so /usr/lib/libpolarssl.a /usr/lib/.debug /usr/lib/.debug/libpolarssl.so.1.3.8 [installed-vs-shipped] polarssl-1.3.8: polarssl requires libpolarssl.so.7()(64bit), but no providers in its RDEPENDS [file-rdeps] Signed-off-by:
-
Roy Li authored
snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is used, allows remote attackers to cause a denial of service (snmptrapd crash) via a crafted SNMP trap message, which triggers a conversion to the variable type designated in the MIB file, as demonstrated by a NULL type in an ifMtu trap message. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3565 Signed-off-by:
-
Chen Qi authored
Fix the service so that the ntpd daemon is run under ntp:ntp. Signed-off-by:
-
Chong Lu authored
This solves the following warning: lib32-ntp-4.2.6p5: lib32-ntp: Files/directories were installed but not shipped /lib/systemd/system/sntp.service [installed-vs-shipped] Signed-off-by:
-
- Oct 31, 2014
-
-
Chong.Lu@windriver.com authored
The configure.initd.gentoo script is used for gentoo, it is invalid for oe. So remove it to solve the following warning: webmin-1.700: webmin-module-ajaxterm requires /sbin/runscript, but no providers in its RDEPENDS [file-rdeps] Signed-off-by: -
Roy Li authored
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7217 Signed-off-by:
-
Roy Li authored
Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274 Signed-off-by:
-
Roy Li authored
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273 Signed-off-by:
-
Kang Kai authored
The patch comes from upstream: http://svn.apache.org/viewvc?view=revision&revision=1610674 SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse proxy configuration, a remote attacker could send a carefully crafted request which could crash a server process, resulting in denial of service. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this issue. Submitted by: Edward Lu, breser, covener Signed-off-by:
Zhang Xiao <xiao.zhang@windriver.com> Signed-off-by:
-
- Oct 30, 2014
-
-
Ben Shelton authored
In the commit 'openvpn: use default iproute2 path', the configure flag to explicitly set the iproute2 path was removed, since busybox now provides the 'ip' applet at the default path. However, setting this flag is necessary to bypass the configure-time check for /sbin/ip on the host, which will otherwise fail if iproute2 is not installed on the host. Add back the flag (pointing to the correct path), and add a comment to describe why this is necessary. Signed-off-by:
Ben Shelton <ben.shelton@ni.com> Signed-off-by:
-
