| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
This is an initial commit, containing quick fixes and hacks to allow
building the images. All these issues will be re-evaluated and fixed
properly in their own commits.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
| |
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Integer overflow in shadow 4.2.1 allows local users to gain privileges via
crafted input to newuidmap.
References:
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6252
Upstream fix:
https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-10349:
The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows
remote attackers to cause a denial of service (heap-based buffer over-read
and application crash) via a crafted file.
Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3
CVE-2016-10350:
The archive_read_format_cab_read_header function in archive_read_support_format
_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service
(heap-based buffer over-read and application crash) via a crafted file.
Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3
References:
==========
https://security-tracker.debian.org/tracker/CVE-2016-10349
https://security-tracker.debian.org/tracker/CVE-2016-10350
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An error in the lha_read_file_header_1() in libarchive 3.2.2 allows
remote attackers to trigger an out-of-bounds read memory access and
subsequently cause a crash via a specially crafted archive.
References:
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601
https://secuniaresearch.flexerasoftware.com//secunia_research/2017-3
Upstream patch:
https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
|
|
|
| |
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
|
|
|
| |
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Mihaela Martinas <Mihaela.Martinas@enea.com>
|
|
|
|
|
|
|
|
|
| |
Remove libuio since an updated version exists in meta-oe
which is a dependency to this layer. Also remove run-ptest
since it is empty.
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
|
|
|
| |
Upgrade so changes apply to the version used in poky
(master).
Signed-off-by: Nora Björklund <nora.bjorklund@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
|
|
|
|
| |
Signed-off-by: Catalina Focsa <catalina.focsa@enea.com>
Signed-off-by: George Nita <george.nita@enea.com>
|
|
|
|
|
| |
Signed-off-by: Iulian Popa <iulian.popa@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
|
|
result of splitting up meta-enea
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|