| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
systemd in the upstream pyro is 232
CVE: CVE-2017-15908
Reference:
https://github.com/systemd/systemd/commit/9f939335a07085aa9a9663efd1dca06ef6405d62
Change-Id: Ifb3c138b324fe943c8a80e646c06731420d69ec0
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
busybox in the upstream pyro is 1.24.1.
CVE: CVE-2018-1000517
Reference:
https://git.busybox.net/busybox/commit/?id=8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e
Change-Id: I5a5173db69d7419564989a9fda731ebbbb5aaded
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CVE: CVE-2017-12133 CVE-2017-16997 CVE-2018-6551
Glibc in the upstream pyro is 2.25.
Reference:
CVE-2017-12133 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491
CVE-2017-16997 https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=patch;h=21c5d14bfb4e08bee86f94fd815535d3be2c3869
CVE-2018-6551 https://sourceware.org/git/?p=glibc.git;a=patch;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
Change-Id: I16492f0713f8134cf31597d2f38ab039c277d77c
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE: CVE-2017-16932 CVE-2017-5130 CVE-2017-7375 CVE-2017-7376
Libxml2 in the upstream pyro is 2.9.4
CVE-2017-7376: For the stable distribution (stretch), these problems
have been fixed in version 2.9.4+dfsg1-2.2+deb9u1
CVE-2017-7375: stretch (security) 2.9.4+dfsg1-2.2+deb9u2
Reference:
CVE-2017-16932 https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
CVE-2017-5130 https://gitlab.gnome.org/GNOME/libxml2/commit/897dffbae322b46b83f99a607d527058a72c51ed
CVE-2017-7375 https://gitlab.gnome.org/GNOME/libxml2/commit/90ccb58242866b0ba3edbef8fe44214a101c2b3e
CVE-2017-7376 https://gitlab.gnome.org/GNOME/libxml2/commit/5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
Change-Id: Icf68eea8e0916be2bc9f3e844f7d38f6fae75300
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
|
| |
|
|
|
|
|
|
| |
Neither rsync not systemtap are debug tools, so they have no place in
this packagegroup.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
| |
This patch has already been applied in upstream poky/pyro.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
| |
These have been fixed already in upstream poky/pyro.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
refuse to load units with errors
If a unit has a statement such as User=0day where the username exists but is
strictly speaking invalid, the unit will be started as the root user instead.
Backport a patch from upstream to mitigate this by refusing to start units such
as this.
(From OE-Core rev: a6eaef0f179a341c0b96bb30aaec2d80862a11d6)
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000082
Backport from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=b7e7b5e294f944c27fb1d2be61c0cf38f6c81ba8
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Out-of-bounds read in htmlParseTryOrFinish
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872
Backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=d2b60efe20f4d9dce03f8f351715b103a85b7338
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Out-of-bounds write in systemd-resolved due to allocating too
small buffer in dns_packet_new
References:
https://bugzilla.redhat.com/attachment.cgi?id=1290017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9445
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes memory leak in sunrpc when decoding malformed XDR
References:
https://security-tracker.debian.org/tracker/CVE-2017-8804
Upstream patch:
https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The DNS stub resolver in the glibc or libc6 before version 2.26,
when EDNS support is enabled, will solicit large UDP responses
from name servers, potentially simplifying off-path DNS
spoofing attacks due to IP fragmentation.
Reference:
https://security-tracker.debian.org/tracker/CVE-2017-12132
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
glibc contains a vulnerability that allows specially crafted
LD_LIBRARY_PATH values to manipulate the heap/stack, causing
them to alias, potentially resulting in arbitrary code execution.
Reference:
https://security-tracker.debian.org/tracker/CVE-2017-1000366
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
A remote code execution vulnerability in libxml2 could enable an attacker
using a specially crafted file to execute arbitrary code within the context
of an unprivileged process. This issue is rated as High due to the
possibility of remote code execution in an application that uses this library.
Reference:
https://security-tracker.debian.org/tracker/CVE-2017-0663
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
References:
CVE-2017-9049: Heap-based buffer over-read in function xmlDictComputeFastKey
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
CVE-2017-9050: Heap-based buffer over-read in function xmlDictAddString
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
References:
CVE-2017-9047: Buffer overflow in function xmlSnprintfElementContent
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9047
CVE-2017-9048: Stack-based buffer overflow in function
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes a NULL pointer dereference in libxml2, when using
xmllint --recover. A maliciously crafted file, when parsed
in recovery mode, could cause the application to crash.
Reference
https://bugzilla.gnome.org/show_bug.cgi?id=778519
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
| |
Added new recipe for the bitcalc tool. Removed list2mask recipe and updated
the partrt and the count-ticks recipes.
Signed-off-by: Dragos Motrea <Dragos.Motrea@enea.com>
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
from recipe
rpm-build and rpm-common packages does not exist anymore after
the replacement of the smart package manager with the DNF, so the
nativesdk-packagegroup-sdk-host recipe should be updated.
Signed-off-by: Dragos Motrea <Dragos.Motrea@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
| |
Not all architectures/targets use u-boot, so we shouldn't force mkimage
in every SDK.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
| |
poky/LICENSE has changed and the md5 throws a warning
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
packagegroup-enea-ptest has been removed because it is obsolete and
world image cannot be created due to unmet dependencies.
The new way of running ptests is through the new package defined in
one of the internal layers (meta-enea-test).
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
|
| |
|
|
|
|
|
|
|
|
| |
This packagegroup creates a dependency on an internal layer which
generates build errors when building without that layer. Aside that,
it is not of much use since testing is done by installing required
packages at runtime. Hence, this package is removed.
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Mihaela Martinas <Mihaela.Martinas@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
packagegroup-enea-sys has been removed since it is no longer needed, all
its packages can be installed at runtime through smart package manager.
Aside that, some of its RRECOMMENDS packages can only be found within an
internal layer, which creates build errors when that layer is not
included.
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Mihaela Martinas <Mihaela.Martinas@enea.com>
|
| |
|
|
|
| |
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
| |
packagroup-enea-core-boot was a legacy from older releases, all of its
useful content can be found in packagegroup-core-boot from poky
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of packagegroup-enea-debug content can be found within
packagegroup-core-tools-debug which is provided through tools-debug
image feature.
rsync and systemtap are provided through a bbappend; kexec-tools is
provided through tools-testapps image feature.
Other variables such as PACKAGES, PACKAGE_ARCH, ALLOW_EMPTY are already
provided through inherited packagegroup.bbclass, hence enea-debug
packagegroup is deleted.
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Test formerly executed by systest are defined as separate packages,
ltptest-runner and posix-runner. Updated packagegroup's definition
accordingly.
Original commit: 9ee9a4896c9ce973e0e3d8f99978e23dcd0fa166
on meta-enea/dizzy-enea.
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Removing fm-ucode (licensed under Freescale EULA) since
meta-enea-base should be free from proprietary code.
Original commit on meta-enea/dizzy-enea:
63136bcdc1dd97f99b5e6a8dc2bd04ed6f5e48d0
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
|
| |
|
|
|
|
|
|
|
| |
This change is not applicable to our distro and can
therefore be removed. There is no need to give all execution
right on shutdown.
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Renaming the recipe in order for the configurations added to
the poky version to apply to all versions of busybox.
* The 3 first configurations are necessary to install the
tools 'taskset' and 'chrt' to simpify core-partitioning.
* The following 14 configurations enables httpd and adds the
-m parameter to busybox's 'tar'-command.
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
| |
CVE-2014-3532 is fixed in dbus [1] and exists in dbus
version 1.8.20 which poky master is using.
[1] http://cgit.freedesktop.org/dbus/dbus/commit/?id=9ca90648fc870c24d852ce6d7ce9387a9fc9a94a
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
| |
The patch files were upstreamed and are available in poky
since commit 6f837cc142ccad39856cb846a205a2999658b16e.
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
| |
Internal tests handled in meta-enea-test.
Signed-off-by: George Nita <george.nita@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes denial of service in file descriptor passing feature
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3532
https://bugs.freedesktop.org/show_bug.cgi?id=80163
http://openwall.com/lists/oss-security/2014/07/02/4
Upstream commit:
http://cgit.freedesktop.org/dbus/dbus/commit/?id=
9ca90648fc870c24d852ce6d7ce9387a9fc9a94a
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
perf-networking was for network performance tests which are
not run anymore. Moreover, it depends on netperf which has
a non-commenrcial license.
It's a port of meta-enea 29415d496decf2df2a68427d2ec6c1b698271702
change.
Signed-off-by: George Nita <george.nita@enea.com>
|
| |
|
|
|
| |
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
result of splitting up meta-enea
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
