| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
CVE: CVE-2017-1000158 CVE-2018-1060 CVE-2018-1061
CVE-2017-1000158 python in the upstream pyro is 2.7.13
CVE-2018-1060 - python in the upstream pyro is 2.7.13
CVE-2018-1061 - python in the upstream pyro is 2.7.13
Reference:
CVE-2017-1000158 https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae
CVE-2018-1060 https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b
CVE-2018-1061 https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b
Change-Id: I09dc5e7d1754c00d4bcdf57b1124370e3d790e5a
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
CVE: CVE-2018-6913
perl in the upstream pyro is 5.24.1.
Reference:
CVE-2018-6913 https://rt.perl.org/Public/Ticket/Attachment/1480002/799836/0001-perl-131844-fix-various-space-calculation-issues-in-.patch
Change-Id: I0b728e9d8752d625d674a82cf4269f8abc880889
Signed-off-by: Andreas Wellving <andreas.wellving@enea.com>
Signed-off-by: Adrian Mangeac <adrian.mangeac@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Directory Traversal Vulnerability
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8283
http://www.securityfocus.com/bid/98064/info
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
| |
This patch removes the call to update-rc.d in order to fix the console login
issue for the Cavium board.
Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When a board boots for the first time, it executes run-postinsts.service and
dpkg-configure.service. Since both services run dpkg --configure, it sometimes
results in locking up the login service.
This patch disables the execution of dpkg --configure from run-postinsts by
removing the deb keyword from the list of scanned packet types.
Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes integer overflow in in handling virtio-crypto requests
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Qemu built with the Audio subsystem support is vulnerable to
a host memory leakage issue. It could occur if a guest user
was to repeatedly start and stop audio capture.
A privileged user inside guest could use this flaw to exhaust host memory,
resulting in DoS.
Reference:
==========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-8309
Upstream patch:
https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Quick Emulator built with the USB OHCI Emulation support is vulnerable to an
infinite loop issue. It could occur while processing an endpoint list
descriptor in ohci_service_ed_list().
A guest user/process could use this flaw to crash Qemu process resulting in DoS.
References:
==========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-6505
Upstream patch:
http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Qemu built with the VirtFS, host directory sharing via Plan 9 File
System(9pfs) support, is vulnerable to an improper access control issue.
It could occur while accessing files on a shared host directory.
A privileged user inside guest could use this flaw to access host file system
beyond the shared folder and potentially escalating their privileges on a host.
References:
==========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471
Upstream patch:
http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=96bae145e27d4df62671b4eebd6c735f412016cf
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QEMU built with the Cirrus CLGD 54xx VGA Emulator support
is vulnerable to an out-of-bounds access issue. The issue
could occur while copying VGA data in cirrus_bitblt_cputovideo.
References:
==========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2620
Upstream patch:
https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
| |
We won't upstream this and we won't maintain it anymore, so drop it.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
| |
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was a temporary fix for 64bit PPC kernel builds with binutils 2.24 [1].
The build problem was fixed in meta-fsl-ppc by backport of a kernel patch
(commit a6c4175595b0f316e543cf93a8b6dc1a7f098997) and this backported
patch was later removed when the kernel version was upgraded
(commit e321cb35d66d31b4d7f10da989e7b94eea3337c3).
binutils has also been upgraded to 2.25.1 on poky master
-------
[1] https://lists.yoctoproject.org/pipermail/meta-freescale/2014-April/008083.html
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Huimin She <huimin.she@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
These workarounds were needed because Power ISA 2.07 was not supported
in GCC 4.8.2 (introduced in GCC 4.9).
GCC 4.8 support has been dropped from poky master since commit
d9aabf9639510fdb3e2ccc21ba5ae4aa9f6e4a57.
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
| |
elfutils 0.164 is now the default version used on poky master
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade gdb so changes apply to the version used on poky master branch.
The patch to avoid ksh dependency was removed since the patched file
has been removed from gdb.
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
| |
The patch exists on poky master since commit
e5a11759d8d6f15191167ab1f3ffb3db8b6715aa
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
| |
Fixed on poky master since commit
06ff3c420ca3b4237271879571d9933bbe6463ec
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
| |
The problem has been fixed in meta-openembedded,
commit f6f4cadd65c7609776b5e6946e2448bee22397d0
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Starting with dizzy(poky v1.7) parallel testing was activated and
test-driver is the log driver for this mechanism.
But generated Makefile is using an absolute path when calls the test-driver
which is a wrong path at run-time.
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
Signed-off-by: George Nita <george.nita@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
|
| |
|
|
|
|
|
| |
This is ported from meta-openembedded:master
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
| |
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
Signed-off-by: George Nita <george.nita@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's possible to trigger "already installed" messages during normal
usage if you explicitly install something in the image through
IMAGE_INSTALL that has a dependency on some -dev packages and also have
dev-pkgs in IMAGE_FEATURES. Since we now check the do_rootfs log for
warnings, these are reported as warnings at the build system level.
This situation should not trigger warnings, nor is it really cause for
concern under any other circumstance if the user asks smart to install
something that's already installed, so make it an info message rather
than a warning.
Fixes [YOCTO #7840].
This patch was ported from poky/master
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
| |
Add Enea Specific ptest
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
result of splitting up meta-enea
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
