| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
packagegroup-enea-rt contained licensing information
generating build errors.
Change-Id: Idddddf9e61033c4a885d405da944cf487a36ed79
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2015-9019 affects libxslt 1.1.29, while the 'warrior' branch uses libxslt 1.1.33.
This patch is not applicable anymore.
References:
https://nvd.nist.gov/vuln/detail/CVE-2015-9019
https://git.enea.com/cgit/linux/poky.git/tree/meta/recipes-support/libxslt?h=warrior
Change-Id: I0ec21f4f3f574d06a6cf00eca9f1a221028c175b
Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2018-11237 affects glibc 2.27, while the 'warrior' branch uses glibc 2.29.
This patch is not applicable anymore.
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-11237
https://git.enea.com/cgit/linux/poky.git/tree/meta/recipes-core/glibc?h=warrior
Change-Id: I2b01931064a7828264de1a72c1044109e9030e87
|
|
|
|
|
| |
Change-Id: I2540a2a81a2eacd872d2a44e4d1e00dba6cb1a1d
Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2017-11164 affects libpcre 8.41, while the 'warrior' branch uses libpcre 8.43.
This patch is not applicable anymore.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11164
https://git.enea.com/cgit/linux/poky.git/tree/meta/recipes-support/libpcre
Change-Id: I820e23de5d21648c8c5d0ddef4ad16030a592c80
Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com>
|
|
|
|
|
| |
Change-Id: I08f23aeccc6e4751eba76caf2a0262e8962c6e8d
Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com>
|
|
|
|
|
|
|
|
|
| |
The following patches were fixed in upstream:
CVE-2018-1060
CVE-2018-1061
Change-Id: I063270d94aa1214ded8c51842cfada3410bbe70c
Signed-off-by: Adrian Mangeac <Adrian.Mangeac@enea.com>
|
|
|
|
|
|
|
|
| |
CVE-2016-6252
CVE-2018-13785
Change-Id: I4d016e267929d7df020ee86366a76b5723908705
Signed-off-by: Adrian Mangeac <Adrian.Mangeac@enea.com>
|
|
|
|
|
| |
Change-Id: I9610bc687508bc7b735be9789ae1bdf0286be785
Signed-off-by: Adrian Mangeac <Adrian.Mangeac@enea.com>
|
|
|
|
|
|
|
|
| |
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2018-11237
Change-Id: I703ff10f4c95d85eb183ee791d7be2a450353616
Signed-off-by: Adrian Mangeac <Adrian.Mangeac@enea.com>
|
|
|
|
|
|
|
| |
ref: https://nvd.nist.gov/vuln/detail/CVE-2018-13785
Change-Id: I1e4f17816bca50dd405ac7ee7c16d8d9aa7e0b21
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
| |
The update fixes CVE-2017-11164.
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-11164
Backport from upstream master branch.
Change-Id: I18acd817fa4385974749996685a5aeeb7506d474
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
References:
https://bugs.python.org/issue32981
https://nvd.nist.gov/vuln/detail/CVE-2018-1060
https://nvd.nist.gov/vuln/detail/CVE-2018-1061
Patch is taken from https://github.com/python/cpython/tree/2.7
Change-Id: I3c561499076480c344fe7d34d2edea84615ac9fa
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|\ |
|
| |
| |
| |
| |
| | |
Change-Id: I02b7a0dcb2b60523ba2c489d741868b6edb9d0fd
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|/
|
|
|
|
|
| |
partrt needs 'nproc --all' which is not available in busybox nproc
Change-Id: Id0a63d70033364b427f3c1e87e2be9d49fb507e5
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
| |
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
| |
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
| |
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
| |
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 3f946c2e7ecd26f401b2c7de6d0937bc22872c19.
Revert the revert. The timeout on fetching openjdk is back, but this
time it seems to be a true timeout, and should be fixed by increasing
the wget -T param.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
| |
CONNECTIVITY_CHECK URIs are not very useful to our distro.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
| |
curl was upgraded to 7.58.0 on upstream poky rocko branch
and this version already contains all our CVE patches.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
| |
openssl was upgraded to 1.0.2o on poky rocko branch.
This reverts commit 833374e8e7eb5b9e53117d4c2f966094b7017ecc.
|
|
|
|
|
|
|
|
| |
OpenSSL security advisory:
https://www.openssl.org/news/secadv/20180327.txt
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
| |
When cve-check-tool is enabled, harfbuzz intermittently fails to build:
ERROR: harfbuzz-1.4.8-r0 do_configure: autoreconf execution failed.
This patch could solve this issue according to the mail conversation below:
https://www.mail-archive.com/yocto@yoctoproject.org/msg36472.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
| |
Infinite loop in the dns_packet_read_type_window() function
Upstream patch:
https://github.com/systemd/systemd/commit/8aeadf3052a2130b88d5bccf5439890e1034f28d
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Out-of-bounds read in code handling HTTP/2 trailers
References:
https://curl.haxx.se/docs/adv_2018-824a.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005
Affects libcurl 7.49.0 to and including 7.57.0
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
| |
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
| |
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
| |
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
| |
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
| |
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
| |
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
| |
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
| |
The patch is already included by upstream rocko branch.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
| |
This allows running systemtap remotely using the crosstap script.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
| |
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
| |
Neither rsync not systemtap are debug tools, so they have no place in
this packagegroup.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
| |
This installs the kernel vmlinux image under /boot in both the rootfs
and SDK. This is used for kernel debugging and profiling.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
| |
This will in turn update the contents of enea-image-standard-sdk from
the Standard profile.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Directory Traversal Vulnerability
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8283
http://www.securityfocus.com/bid/98064/info
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Read/write after SSL object in error state
References:
https://www.openssl.org/news/secadv/20171207.txt
https://nvd.nist.gov/vuln/detail/CVE-2017-3737
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
openssl: Malformed X.509 IPAdressFamily could cause OOB read
References:
https://www.openssl.org/news/secadv/20170828.txt
https://nvd.nist.gov/vuln/detail/CVE-2017-3735
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
| |
This patch removes the call to update-rc.d in order to fix the console login
issue for the Cavium board.
Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
FTP wildcard out of bounds read
References:
https://curl.haxx.se/docs/adv_2017-ae72.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
NTLM buffer overflow via integer overflow
References:
https://curl.haxx.se/docs/adv_2017-12e7.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
IMAP FETCH response out of bounds read
References:
https://curl.haxx.se/docs/adv_20171023.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
FTP PWD response parser out of bounds read
References:
https://curl.haxx.se/docs/adv_20171004.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The search utility of spp was incorrect and was returning files
that matched only a defined ktype.
This leads to the system potentially building the wrong BSP, and
not being able to report an error.
We fix the search to only return files that match both ktype and
kmachine, as well as return 0/1 for success/fail in the search.
Patch backported from yocto-kernel-tools master branch:
http://git.yoctoproject.org/cgit/cgit.cgi/yocto-kernel-tools/commit/?id=0571411cc033c11df7827508dd786876ce2f8c83
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|