summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* distro: Set Enea mirror to nfv-access-mirrorrockoMartin Borg2020-02-201-9/+9
| | | | | Change-Id: Id3739b2572460e178c1b8b30d935798788c63ab4 Signed-off-by: Martin Borg <martin.borg@enea.com>
* Revert "Revert "enea distro: increase wget timeout""Adrian Dudau2018-06-191-0/+3
| | | | | | | | | | | This reverts commit 3f946c2e7ecd26f401b2c7de6d0937bc22872c19. Revert the revert. The timeout on fetching openjdk is back, but this time it seems to be a true timeout, and should be fixed by increasing the wget -T param. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* distro/enea.conf: Update maintainer address and drop CONNECTIVITY_CHECKAdrian Dudau2018-05-031-4/+1
| | | | | | | CONNECTIVITY_CHECK URIs are not very useful to our distro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* curl: Drop CVE patchesMartin Borg2018-05-035-292/+0
| | | | | | | curl was upgraded to 7.58.0 on upstream poky rocko branch and this version already contains all our CVE patches. Signed-off-by: Martin Borg <martin.borg@enea.com>
* Revert "openssl: update 1.0.2n -> 1.0.2o"Martin Borg2018-05-0337-7315/+0
| | | | | | openssl was upgraded to 1.0.2o on poky rocko branch. This reverts commit 833374e8e7eb5b9e53117d4c2f966094b7017ecc.
* openssl: update 1.0.2n -> 1.0.2oSona Sarmadi2018-04-2537-0/+7315
| | | | | | | | OpenSSL security advisory: https://www.openssl.org/news/secadv/20180327.txt Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* harfbuzz: fix error when cve-check-tool is enabledSona Sarmadi2018-04-031-0/+4
| | | | | | | | | | When cve-check-tool is enabled, harfbuzz intermittently fails to build: ERROR: harfbuzz-1.4.8-r0 do_configure: autoreconf execution failed. This patch could solve this issue according to the mail conversation below: https://www.mail-archive.com/yocto@yoctoproject.org/msg36472.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* systemd: fix for CVE-2017-15908Sona Sarmadi2018-03-132-0/+49
| | | | | | | | | | Infinite loop in the dns_packet_read_type_window() function Upstream patch: https://github.com/systemd/systemd/commit/8aeadf3052a2130b88d5bccf5439890e1034f28d Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* curl: fix for CVE-2018-1000005Sona Sarmadi2018-03-132-0/+42
| | | | | | | | | | | | | Out-of-bounds read in code handling HTTP/2 trailers References: https://curl.haxx.se/docs/adv_2018-824a.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005 Affects libcurl 7.49.0 to and including 7.57.0 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* Update README for rocko branchMartin Borg2018-03-121-1/+1
| | | | | Signed-off-by: Martin Borg <martin.borg@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: fixed build errorSona Sarmadi2018-03-021-9/+10
| | | | | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* curl: Drop CVE patchesMartin Borg2018-03-015-712/+1
| | | | | | The CVEs have been fixed in upstream poky/rocko. Signed-off-by: Martin Borg <martin.borg@enea.com>
* freetype/libarchive/gnutls: Drop CVE patchesMartin Borg2018-03-017-220/+0
| | | | | | The CVEs have been fixed in upstream poky/rocko. Signed-off-by: Martin Borg <martin.borg@enea.com>
* qemu: Drop CVE patchesMartin Borg2018-03-017-362/+0
| | | | | | The CVEs have been fixed in upstream poky/rocko. Signed-off-by: Martin Borg <martin.borg@enea.com>
* openssl: Drop CVE patchesMartin Borg2018-02-283-97/+0
| | | | | | The CVEs have been fixed in upstream poky/rocko. Signed-off-by: Martin Borg <martin.borg@enea.com>
* Drop CVE patches that have been fixed in upstream poky/rockoMartin Borg2018-02-2822-2475/+0
| | | | Signed-off-by: Martin Borg <martin.borg@enea.com>
* kern-tools-native: remove bbappendMartin Borg2018-02-262-88/+0
| | | | | | The patch is already included by upstream rocko branch. Signed-off-by: Martin Borg <martin.borg@enea.com>
* systemtap: Add dependency on systemtap-nativeAdrian Dudau2018-01-251-0/+2
| | | | | | | This allows running systemtap remotely using the crosstap script. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* enea-image-extra: Add dev and dbg packages to the SDKAdrian Dudau2018-01-231-0/+6
| | | | | Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* packagegroup-core-tools-debug: Drop bbappendAdrian Dudau2018-01-221-1/+0
| | | | | | | | Neither rsync not systemtap are debug tools, so they have no place in this packagegroup. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* enea-image-extra: Add kernel-vmlinuxAdrian Dudau2018-01-191-1/+1
| | | | | | | | This installs the kernel vmlinux image under /boot in both the rootfs and SDK. This is used for kernel debugging and profiling. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* Update contents of enea-image-extraAdrian Dudau2018-01-151-35/+2
| | | | | | | | This will in turn update the contents of enea-image-standard-sdk from the Standard profile. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* DPKG: Fix and test case for CVE-2017-8283Sona Sarmadi2017-12-143-0/+279
| | | | | | | | | | | Directory Traversal Vulnerability References: https://nvd.nist.gov/vuln/detail/CVE-2017-8283 http://www.securityfocus.com/bid/98064/info Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* openssl: Fix for CVE-2017-3737Sona Sarmadi2017-12-142-0/+50
| | | | | | | | | | | Read/write after SSL object in error state References: https://www.openssl.org/news/secadv/20171207.txt https://nvd.nist.gov/vuln/detail/CVE-2017-3737 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* openssl: Fix for CVE-2017-3735Sona Sarmadi2017-12-142-0/+47
| | | | | | | | | | | openssl: Malformed X.509 IPAdressFamily could cause OOB read References: https://www.openssl.org/news/secadv/20170828.txt https://nvd.nist.gov/vuln/detail/CVE-2017-3735 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* run-postinsts: don't call update-rc.d if systemd is presentGabriel Ionescu2017-12-061-4/+11
| | | | | | | | This patch removes the call to update-rc.d in order to fix the console login issue for the Cavium board. Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: security fix for CVE-2017-8817Sona Sarmadi2017-12-062-0/+135
| | | | | | | | | | | FTP wildcard out of bounds read References: https://curl.haxx.se/docs/adv_2017-ae72.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: security fix for CVE-2017-8816Sona Sarmadi2017-12-062-0/+70
| | | | | | | | | | | NTLM buffer overflow via integer overflow References: https://curl.haxx.se/docs/adv_2017-12e7.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: Security fix for CVE-2017-1000257Sona Sarmadi2017-12-062-0/+40
| | | | | | | | | | | IMAP FETCH response out of bounds read References: https://curl.haxx.se/docs/adv_20171023.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: Security fix for CVE-2017-1000254Sona Sarmadi2017-12-062-0/+140
| | | | | | | | | | | FTP PWD response parser out of bounds read References: https://curl.haxx.se/docs/adv_20171004.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* spp: only return files that match KMACHINE and KTYPEMartin Borg2017-12-042-0/+88
| | | | | | | | | | | | | | | | | The search utility of spp was incorrect and was returning files that matched only a defined ktype. This leads to the system potentially building the wrong BSP, and not being able to report an error. We fix the search to only return files that match both ktype and kmachine, as well as return 0/1 for success/fail in the search. Patch backported from yocto-kernel-tools master branch: http://git.yoctoproject.org/cgit/cgit.cgi/yocto-kernel-tools/commit/?id=0571411cc033c11df7827508dd786876ce2f8c83 Signed-off-by: Martin Borg <martin.borg@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* bitcalc: disable gcc-sanitizers for aarch64Martin Borg2017-12-042-0/+29
| | | | | Signed-off-by: Martin Borg <martin.borg@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* Revert "distro: Update distro name and version"Adrian Dudau2017-11-281-2/+2
| | | | | | | | | This reverts commit d74d2d2928ef9d5cffab2c9c19b4b6d50532962c. This is the distro name and version used for the upcoming EL7 release. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* Update README for pyro branchAdrian Dudau2017-11-271-1/+1
| | | | | Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* libtasn1: Drop duplicate CVE patchAdrian Dudau2017-11-242-68/+0
| | | | | | The patch is already applied in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* systemd: Drop duplicat CVE patchesAdrian Dudau2017-11-242-330/+0
| | | | | | This patch has already been applied in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: Drop CVE patchesAdrian Dudau2017-11-243-158/+0
| | | | | | These CVEs have been fixed in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxml: Remove CVE fixesAdrian Dudau2017-11-246-605/+0
| | | | | | These have been fixed already in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* enea mirror: add distro name to mirror pathAdrian Calianu2017-11-241-9/+11
| | | | | | | | Since we have multiple distributions now we need to have a mirror for each distro name and distro version. Signed-off-by: Adrian Calianu <adrian.calianu@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* run-postinsts: Disable dpkg --configure for debs to fix boot lockupGabriel Ionescu2017-11-221-0/+7
| | | | | | | | | | | | When a board boots for the first time, it executes run-postinsts.service and dpkg-configure.service. Since both services run dpkg --configure, it sometimes results in locking up the login service. This patch disables the execution of dpkg --configure from run-postinsts by removing the deb keyword from the list of scanned packet types. Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* Revert "enea distro: increase wget timeout"Adrian Dudau2017-11-131-3/+0
| | | | | | | | | This reverts commit eb6fe9f31ec566dd16d1120e4ed6d91e43d77545. This patch dinn't fix ther fetch issues, the only solution is to establish our own source mirros. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* enea distro: increase wget timeoutAdrian Calianu2017-11-101-0/+3
| | | | | | | to allow some slow downloads to finish, like openjre. Signed-off-by: Adrian Calianu <adrian.calianu@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* dnsmasq: CVE-2017-14495Sona Sarmadi2017-10-042-0/+70
| | | | | | | | | | | Lack of free() here. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14495 https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* dnsmasq: CVE-2017-14496Sona Sarmadi2017-10-042-0/+95
| | | | | | | | | | | Invalid boundary checks here. Integer underflow leading to a huge memcpy. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14496 https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* dnsmasq: CVE-2017-14494Sona Sarmadi2017-10-042-0/+56
| | | | | | | | | | | Can help bypass ASLR. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14494 https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* dnsmasq: CVE-2017-14493Sona Sarmadi2017-10-042-0/+56
| | | | | | | | | | | Stack Based overflow. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14493 https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* dnsmasq: CVE-2017-14492Sona Sarmadi2017-10-042-0/+58
| | | | | | | | | | | Heap based overflow. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14492 https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* dnsmasq: CVE-2017-14491Sona Sarmadi2017-10-043-0/+348
| | | | | | | | | | | | Heap based overflow (2 bytes). Before 2.76 and this commit overflow was unrestricted. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14491 https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* distro: Update distro name and versionAdrian Dudau2017-10-041-2/+2
| | | | | Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* systemd: CVE-2017-1000082Sona Sarmadi2017-10-042-0/+330
| | | | | | | | | | | | | | | | | | | | | | | refuse to load units with errors If a unit has a statement such as User=0day where the username exists but is strictly speaking invalid, the unit will be started as the root user instead. Backport a patch from upstream to mitigate this by refusing to start units such as this. (From OE-Core rev: a6eaef0f179a341c0b96bb30aaec2d80862a11d6) Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000082 Backport from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=b7e7b5e294f944c27fb1d2be61c0cf38f6c81ba8 Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>