| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes race conditions in collect_mounts
References:
http://seclists.org/oss-sec/2015/q2/640
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-4177
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=6ab282fe6d43027b3b1ef820b3798aae8fdb432b
Signen-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change inode_capable to capable_wrt_inode_uidgid
Fixes privileges escalation in Linux kernel built
with the user namespaces(CONFIG_USER_NS).
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014
http://www.openwall.com/lists/oss-security/2014/06/10/4
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id= 2246a472bce19c0d373fb5488a0e612e3328ce0a
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes an information leakage in Linux kernel built with
the Multimedia support(CONFIG_MEDIA_SUPPORT).
References:
http://www.openwall.com/lists/oss-security/2014/06/15/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=2f1831612c94ee7b1819c4a6d21b9d5efac5297c
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes race condition between chown() and execve() system calls in the
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3339
http://seclists.org/oss-sec/2015/q2/216
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch
/?id=5176b77f1aacdc560eaeac4685ade444bb814689
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes information leak in llc2_timeout_table.
References:
http://www.openwall.com/lists/oss-security/2015/02/20/19
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch
/?id=553dd569ff29bc38cebbf9f9dd7c791863ee9113
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix slab corruption from use after free on INIT collisions
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/
?id=43e39c2f63240f67a67b4060882f67dac1a6f339
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes buffer overflow in ioctl.
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/
?id=482c6cb2dfb40838d67b0ba844b4b3d0af0f3d20
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
try_to_unmap_cluster() should lock_page() before mlocking
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch
/?id=400fc13141fe947c38e8485ee9d37066d4533363
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
|
|
|
|
|
|
| |
Fix the following build error:
ERROR: QA Issue: skmm-host: Files/directories were installed but not shipped
/usr/bin/mini_calc [installed-vs-shipped]
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes incorrect processing of checksums in UDP implementation
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366
http://www.openwall.com/lists/oss-security/2015/07/10/3
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=a97b54dd69cb05df4c57f5d5b40c761f7835ce4e
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes infinite loop in CE record entries
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=1fe5620fcd6c2f0a4a927ee10c8e53196da392f3
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Explicitly clear ramdisk_mcp backend pages
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=186f32e2096c7d9cd9106b8dedd79c596f4c8398
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent requeue pi on same futex
References
http://www.openwall.com/lists/oss-security/2014/06/05/22
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=b9103e5f3a197aec4ec3d78fd5ff2bb74a496b42
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Handle numid overflow
Make sure that id->index does not overflow
References:
http://www.openwall.com/lists/oss-security/2014/06/26/6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
| |
NULL pointer dereference in af->from_addr_param on malformed packet
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
| |
sk_ack_backlog wrap-around problem
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-4652
Protect user controls against concurrent access
CVE-2014-4653
Don't access controls outside of protected regions
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
| |
audit_krule mask accesses need bounds checking
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-3673
skb_over_panic when receiving malformed ASCONF chunks
Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK
chunks.")
CVE-2014-3687
panic on duplicate ASCONF chunks
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1
packet")
CVE-2014-3688
remote memory pressure from excessive queueing
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1
packet")
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
http://www.openwall.com/lists/oss-security/2014/11/13/8
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-3601
Fixes the third parameter of kvm_iommu_put_pages
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn - slot->base_gfn'.
CVE-2014-8369
Fixes excessive pages un-pinning in kvm_iommu_map error path.
(This vulnerability exists because of an incorrect fix for CVE-2014-3601
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369
https://bugzilla.redhat.com/show_bug.cgi?id=1156518
https://lkml.org/lkml/2014/10/24/460
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2014-3181 Kernel: HID: OOB write in magicmouse driver
CVE-2014-3182 Kernel: HID: logitech-dj OOB array access
CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routine
CVE-2014-3185 Kernel: USB serial: memory corruption flaw
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes null pointer dereference when processing authenticated cookie_echo chunk
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101
https://bugzilla.redhat.com/show_bug.cgi?id=1070705
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f9
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
| |
Avoid infinite loop when processing indirect ICBs
References:
http://seclists.org/oss-sec/2014/q3/600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patches fixes mount flags handling during remount issue.
The patches come from:
https://www.kernel.org (remotes/origin/linux-3.12.y branch)
References:
http://seclists.org/oss-sec/2014/q3/357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5207
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
| |
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This includes following fixes:
35af73f Fix: Copy user-space buffer of injected control frame to kernel
00c8040 Add multiple error labels in the probe function
2835689 Fix: Remove memory leaks when the module is removed or fails on probing
d770a37 Fix: Remove compile warning on 32b
89e29fc Fix: Remove unnecessary checks
adbb47e Beautify: Rename macros into more proper names
d5cac6e Add "poll()" function for NPI device
220cee3 Replace rescheduling with work queues
2a5fe4e Add cacheline support for extraction of control frames
6f14f0b Fix: UIO device might not be removed properly if module fails to initialize
2dcea55 Removed unecessary includes
1077880 Add UIO driver
68ab7bd Initial empty repository
update COMPATIBLE_MACHINE to use soc_family.
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This update to fsl sdk v1.7 release. The detailed changes
can be found at:
http://git.freescale.com/git/cgit.cgi/ppc/sdk/asf.git/
Other changes to sync with meta-fsl-arm:
* install kernel modules to ${D}/lib/modules/${KERNEL_VERSION}/asf
* install scripts to ${D}/${libexecdir}/
* remove dependency on virtual/kernel as it inherit module.bbclass
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently pkc-host does not support RSA_KEYGEN. When pkc-host
installed, RSA keygen operations should be avoided.
Introduce DISTRO_FEATURE "c29x_pkc". To install pkc-host, this
feature should be enabled. Then cryptodev checks it to disable
RSA_KEYGEN.
this can be done in conf/local.conf:
DISTRO_FEATURES_append = " c29x_pkc"
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Nikos handed over project maintainance to Phil Sutter.
- Several pending patches have been merged upstream so we removed
them from the recipe. The remaining ones have been sorted
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Change-Id: I0c6160c739d379ba787e72423d1564b9a3d05d8b
Reviewed-on: http://git.am.freescale.net:8181/24177
Reviewed-by: Zhenhua Luo <zhenhua.luo@freescale.com>
Tested-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This update to fsl sdk v1.7 release.
For detailed changes, see:
http://git.freescale.com/git/cgit.cgi/ppc/sdk/linux.git/
Remove the patches which were applied in the repository.
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
|
|
| |
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Having a number higher than necessary for NR_CPUS wastes memory by
instantiating unnecessary structures in RAM. An example is in the DPAA
where DPAA_ETH_TX_QUEUES is defined based on NR_CPUS and used to create
dozens of extra qman_fq structures. Using the prior value of 24, which
was left over from the T4240 created an additonal 60 frame queue
structures alone.
This has been tested on t1040rdb-64b.
Signed-off-by: Bob Cochran <yocto@mindchasers.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Although the flag existed in Kconfig for FMAN_V3L, it was not set by
default. Also, the T1040 and FMAN V3L only support four O/H ports, so
remove the last two from the DTS files. Otherwise, MAJOR FM Errors
will be reported during FMAN probing / init.
This was tested on t1040rdb-64b
Signed-off-by: Bob Cochran <yocto@mindchasers.com>
|
|
|
|
|
|
|
|
| |
T1040 uses an E5500 processor, and E5500 doesn't have an Altivec unit
This was tested on a t1040rdb
Signed-off-by: Bob Cochran <yocto@mindchasers.com>
|
|
|
|
|
|
|
| |
Fix unbounded recursion when processing relocated directories
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A NULL pointer dereference flaw was found in the way the
Linux kernel's Stream Control Transmission Protocol
(SCTP) implementation handled simultaneous connections
between the same hosts. A remote attacker could use this
flaw to crash the system.
References:
- https://access.redhat.com/security/cve/CVE-2014-5077
- http://patchwork.ozlabs.org/patch/372475/
Signed-off-by: Liviu Gheorghisan <liviu.gheorghisan@enea.com>
|
|
|
|
| |
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
|
|
|
|
|
| |
While other cryptodev-fsl's bbapend to assign FILESEXTRAPATHS,
there was a potential dir split error.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
|
|
|
|
| |
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
|
|
| |
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
|
|
|
|
|
| |
ppce6500 is a specific core which only support 64bit kernel, the duplicate
hack codes were packaged into qoriq_build_64bit_kernel.bbclass, use it.
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
|
|
|
|
| |
fslmachine is too generic, use qoriq-ppc instead.
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
|
|
|
|
|
| |
like linux-imx, linux-qoriq is supposed to be provided and supported
by Freescale. it uses latest linux codes on git.freescale.com
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
|
|
|
|
|
|
|
| |
FSL SDK released its own cryptodev based on 1.6, but not all the codes
was upstreamed, add bbappend to use fsl maintained source. This change
only be applied for fsl machines
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
|
|
| |
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
|
|
| |
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
changes:
ASFIPSEC: Fix for IPV6 crash dump when L2blob is not resolved.
ASFIPSEC: Patch to fix P1010/P9131 IPSEC.
ASF: Fix - Reassembly cleanCB not getting called.
ASF: Giving fragmented non TCP/UDP/AH/ESP packet back to linux.
ASFIPSEC:Patch to Fix ICV error in IPv6 case.
asf: handle memory leak due to software buffer counter.
AH-SHA1 does not work with ASF
fmc scripts : 48G fmc config file for T4240RDB
ASFIPSEC: Patch to fix crash when IPSEC traffic is initiated.
Patch to fix klocwork issues
Crash during ping6 test for varied sizes across the tunnel.
FMC : Adding new config file to support 22G ports for T2080QDS
ASF : Porting ASF to kernel 3.13
asf_ipsec: Patch to fix the MD5 issue.
ASF: Memory leaks observed.
asf_ipsec: Patch to fix the issue in AH for 64 bits.
ASF_IPSEC:Same SA is getting added twice under stress traffic
ASF_IPSEC:Multiple times of Addition and deletion of SPD and SAs causing linkage problem.
ASF_IPEC: Unable to delete SPD from ASF.
ASF-IPSEC:SA flush with traffic through the DUT causing crash.
ipsec_scripts: Patch to add scripts for all algorithmic combinations for IPsec.
asf_ipfrag: Patch to fix the issue of crash on P5040RDB.
ASF : Patch to decrement software buffer pool counter when packet send to linux.
ASFCTRL : Patch to reflect back the changes made in linux to netdev_notifier_info_to_dev() of asfctrl.
ASF : update CONFIG_FSL_DPAA_TX_RECYCLE to CONFIG_FMAN_T4240
asf_ipsec: Patch to fix the compilation error.
asf_qos: Patch to fix the compilation error in asf_qos.
ASFIPSEC: Integeration with DPAA eth SG driver
asf_proc: Patch to update the procfs code.
ASFIPSEC : Large size self-generated ping packet crash resolved.
ASF: Patch to fix traffic halt issue in IPSEC fragmentation case.
ASFIPSEC: Patch to fix the crash seen while deleting SA.
ASFCTRL: Patch to check for loopback packet and do not offload it.
ASFIPSEC: invalidate magic number while offloading policy in asfctrl_xfrm_enc_hook
ASFIPSEC: Patch to fix IPSEC fragmented traffic issues.
MODULE_LICENSE is changed to dual(BSD/GPL)
ASF: FMC: Adding 1G port entries for T4240QDS boards.
ASF: Defining flag in ASF for FSL_DPAA_TX_RECYCLE framework
ASF: Adding debug module to create a loopback framawork on DPAA platform
ASF:FMC: Extra line is removed from the file.
Removing make error when ASF is disabled in Kernel
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
|
|
| |
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
|
|
| |
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
|
|
|
|
| |
Currently it does not support S!=B build, workaround it now
Signed-off-by: Ting Liu <b28495@freescale.com>
|