| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2016-10229
Reference to upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v3.12.74&id=c3bfbecb1bb575278ce4812746a29c04875a2926
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tty: n_hdlc: get rid of racy n_hdlc.tbuf
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2636
Reference to upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/patch/?id=63075fbddd5151d2e98fa7cf0608a2113e23607d
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
| |
We need this patch to be able to cherry-pick the patch for
CVE-2017-2636 from later version.
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix)
It was found that fix for CVE-2016-7097 was incomplete as it missed tmpfs.
Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-5551
Reference to upstream commit (kernel.org 3.12 branch):
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=b0369e53c851f8cd87afd059d360a4f646840c8c
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Setting a POSIX ACL via setxattr doesn't clear the setgid bit
The filesystem implementation in the Linux kernel through 4.8.2
preserves the setgid bit during a setxattr call, which allows
local users to gain group privileges by leveraging the existence
of a setgid program with restrictions on execute permissions.
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7097
Reference to upstream commits (kernel.org 3.12 branch):
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/log/?id=refs%2Ftags%2Fv3.12.70&qt=grep&q=posix_acl%3A+Clear+SGID+bit+when+setting+file+permissions
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integer overflow in ring_buffer_resize()
The ring_buffer_resize function in kernel/trace/ring_buffer.c in the
profiling subsystem in the Linux kernel before 4.6.1 mishandles certain
integer calculations, which allows local users to gain privileges by
writing to the /sys/kernel/debug/tracing/buffer_size_kb file.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9754
References to upstream patch:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59643d1535eb220668692a5359de22545af579f6
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes double fetch in ioctl_send_fib().
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6480
Upstream bug:
https://bugzilla.kernel.org/show_bug.cgi?id=116751
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=bcc85e09fc60d2e99053eae3fd0515c343189375
Signen-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes privilege escalation via MAP_PRIVATE COW breakage.
References:
===========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-5195
http://www.securityfocus.com/bid/93793
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Crash on invalid USB device descriptors (mct_u232 driver)
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3136
Reference to upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=f9dbb3666b3ddb5f9a7e44a433383cb6880a03f5
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
tcp: make challenge acks less predictable
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not
properly determine the rate of challenge ACK segments, which
makes it easier for man-in-the-middle attackers to hijack TCP
sessions via a blind in-window attack.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=860c53258e634c54f70252c352bae7bac30724a9
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a divide-by-zero vulnerability in a way the linux kernel processes
TCP connections. The error can occur if a connection starts another cwnd
reduction phase by setting tp->prior_cwnd to the current cwnd (0) in
tcp_init_cwnd_reduction().
A remote, unauthenticated attacker could use this flaw to crash the
kernel (denial of service).
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2070
Reference to upstream correction (backported from kernel.org 4.4 branch):
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=8b8a321ff72c785ed5e8b4cf6eda20b35d427390
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a NULL pointer dereference flaw in the Linux kernel's
network subsystem.
A local user could use this flaw to crash the system.
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8543
Reference to upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=0295617f822f630711f5af03316d3cbda6e737d4
Signen-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes an out-of-bounds flaw in the kernel where the length of the
sockaddr parameter was not checked in the pptp_bind() and pptp_connect()
functions. A local system user could exploit this flaw to bypass
kernel ASLR or leak other information.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=d470ffbe3fe914d176ced4cf330a297c523c5711
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
|
|
|
|
| |
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
| |
Replace master with krogoth branch for layer dependencies.
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
| |
Backport from mainline. Only kernels <4.2 are affected by this.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
| |
For Enea specific device tree where only the FM1@GETH5 is allocated to
Linux stack while all other ethernet ports are allocated to USDPAA
it is required to have a specific config file.
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
| |
The patch was intergrated by Freescale into meta-fsl-ppc into krogoth
and krogoth-next branches(commit 324d71e3ef072d17bd6c03973b1d24150fe471ce).
This reverts commit 324d71e3ef072d17bd6c03973b1d24150fe471ce.
|
|
|
|
|
|
|
|
|
|
| |
Compat function takes msgtyp argument as u32 and passes it down to
do_msgrcv which results in casting to long, thus the sign is lost and we
get a big positive number instead.
Cast the argument to signed type before passing it down.
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
|
|
|
|
|
| |
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
| |
We don't release a preempt-rt enabled kernel in 6.0, so no need for the
recipe.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
| |
These are moved to the meta-enea-networking layer.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
| |
Kernel config fragments were renamed and references must be updated
accordingly.
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Poky master branch has recently upgraded to binutils version 2.26,
but for e500mc based targets the kernel crashes early in boot if
built with this version of binutils.
Reverting back to binutils 2.25.1 is a temporary workaround to
be able to build bootable images for these targets.
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
|
|
|
|
|
|
|
| |
pramfs-init is a RRECCOMMEND to pramfs, that helps mount FS to PRAM.
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
| |
The bug this change addresses has been fixed upstream in meta-fsl-ppc
( commit 97a5f5d7c1451649b72cdc4d6faab69a761c6e7b), so it's not needed
anymore.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
|
|
|
|
|
|
|
|
| |
Add support for VFAT fs and one of its available code pages - 437
(United States, Canada).
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
| |
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There were two do_configure_prepend() methods, one within FSL's
repository and another one in Enea's repository. Due to layers'
priorities, the last to be executed was the one from FSL's layer.
Hence .config resulted from executing do_configure_prepend() from
Enea's repository was lost because both were operating on the same
.config file.
The issue is how FSL checks for cfg fragments. Fragments need to be
within build directory instead of source directory, hence
do_unpack_append() method was modified accordingly, otherwise none of
the fragments would have been applied on .config.
do_configure_prepend() from our repository was deleted, since it's not
of much use.
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
| |
The config fragments have been moved to meta-enea-base-ppc now, so this
layer should depend on it now.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This is backported from poky/meta repository. Needed only
by FSL's openssl version (found in meta-fsl-ppc layer).
Original commit: 8132507f0397877c4d528414c6d34ca61674b6dd
on meta-fsl-ppc/dizzy-enea.
Signed-off-by: Stefan Sicleru <stefan.sicleru@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new device tree for USDPAA support has been added for p3041ds platform. This
was necessary to allow the usage of an ethernet interface as a normal one, that
interfaces with the Linux kernel network stack. In the beginning all the
interfaces were allocated to USDPAA, so they were not visible to the Linux
kernel. For the development process this would mean the impossibility to boot
using a nfs or to connect via ssh.
Signen-off-by: Mihaela Martinas <Mihaela.Martinas@enea.com>
Signed-off-by: Huimin She <huimin.she@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A new device tree for USDPAA support has been added for p2041rdb platform. This
was necessary to allow the usage of an ethernet interface as a normal one, that
interfaces with the Linux kernel network stack. In the beginning all the
interfaces were allocated to USDPAA, so they were not visible to the Linux
kernel. For the development process this would mean the impossibility to boot
using a nfs or to connect via ssh.
Signed-off-by: Mihaela Martinas <Mihaela.Martinas@enea.com>
Signed-off-by: Huimin She <huimin.she@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A device tree (dts) is added for USDPAA support on t4240rdb. In the
default USDPAA dts, all the ethernet interfaces are dedicated to
USDPAA, so that they are not visible to Linux kernel. This brings
difficulty for development, such as nfs booting and ssh login.
In the new dts, one ethernet interface is reserved for Linux kernel
network stack, and the others are for USDPAA.
Signed-off-by: Huimin She <huimin.she@enea.com>
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
|
|
|
|
|
|
|
|
|
| |
When printing from a recipe it should be used the printing
functions provided by yocto. Used bb.note for info printing
and bb.error for error exception printing.
Signed-off-by: Andrei Varvara <andrei.varvara@enea.com>
Signed-off-by: George Nita <george.nita@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Freescale linux-qoriq.inc is expecting that cfg folder
is present in the source directory. Our recipes regarding cfg
copies the cfg folder in the working directory. A patch was made
to the Freescale's original recipe to look for cfg patches inside workdir,
but this was not accepted by Freescale.
A new fix was proposed that basically copies the cfg folder from the
working directory to source directory where original FSL recipe expects
to find it. This way we do not have to modify the original FSL recipe.
In order to implement this fix python code that copies the cfg folder
from working directory to source directory has been added in the
do_unpack task.
Signed-off-by: Andrei Varvara <andrei.varvara@enea.com>
Signed-off-by: George Nita <george.nita@enea.com>
|
|
|
|
|
|
|
|
| |
relocated config fragment path fix for linux-qoriq kernel
from meta-fsl-ppc to meta-enea-bsp-ppc
Signed-off-by: Andrei Varvara <andrei.varvara@enea.com>
Signed-off-by: George Nita <george.nita@enea.com>
|
|
|
|
|
|
|
|
| |
New kernel recipes are defined in the meta-enea-bsp-<arch> layers now.
Movin the recipe together with patches from meta-fsl-ppc.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
| |
|
|
|
|
| |
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
| |
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
| |
We give up building the so-called "staging kernel". From now on we'll
use the native kernel configuration mechanism and issue two kernel build
commands if needed.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
| |
To keep it in synch with the one defined in enea.common.inc in
meta-enea-base.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
result of splitting up meta-enea
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|