summaryrefslogtreecommitdiffstats
path: root/recipes-support
Commit message (Collapse)AuthorAgeFilesLines
* curl: Drop CVE patchesMartin Borg2018-05-035-292/+0
| | | | | | | curl was upgraded to 7.58.0 on upstream poky rocko branch and this version already contains all our CVE patches. Signed-off-by: Martin Borg <martin.borg@enea.com>
* curl: fix for CVE-2018-1000005Sona Sarmadi2018-03-132-0/+42
| | | | | | | | | | | | | Out-of-bounds read in code handling HTTP/2 trailers References: https://curl.haxx.se/docs/adv_2018-824a.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005 Affects libcurl 7.49.0 to and including 7.57.0 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* curl: fixed build errorSona Sarmadi2018-03-021-9/+10
| | | | | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com>
* curl: Drop CVE patchesMartin Borg2018-03-015-712/+1
| | | | | | The CVEs have been fixed in upstream poky/rocko. Signed-off-by: Martin Borg <martin.borg@enea.com>
* freetype/libarchive/gnutls: Drop CVE patchesMartin Borg2018-03-012-64/+0
| | | | | | The CVEs have been fixed in upstream poky/rocko. Signed-off-by: Martin Borg <martin.borg@enea.com>
* curl: security fix for CVE-2017-8817Sona Sarmadi2017-12-062-0/+135
| | | | | | | | | | | FTP wildcard out of bounds read References: https://curl.haxx.se/docs/adv_2017-ae72.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: security fix for CVE-2017-8816Sona Sarmadi2017-12-062-0/+70
| | | | | | | | | | | NTLM buffer overflow via integer overflow References: https://curl.haxx.se/docs/adv_2017-12e7.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: Security fix for CVE-2017-1000257Sona Sarmadi2017-12-062-0/+40
| | | | | | | | | | | IMAP FETCH response out of bounds read References: https://curl.haxx.se/docs/adv_20171023.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: Security fix for CVE-2017-1000254Sona Sarmadi2017-12-062-0/+140
| | | | | | | | | | | FTP PWD response parser out of bounds read References: https://curl.haxx.se/docs/adv_20171004.html https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libtasn1: Drop duplicate CVE patchAdrian Dudau2017-11-242-68/+0
| | | | | | The patch is already applied in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: Drop CVE patchesAdrian Dudau2017-11-243-158/+0
| | | | | | These CVEs have been fixed in upstream poky/pyro. Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libtasn1: CVE-2017-10790Sona Sarmadi2017-10-042-0/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes a NULL pointer dereference and crash when reading crafted input that triggers assignment of a NULL value within an asn1_node structure. It may lead to a remote denial of service attack. References: https://nvd.nist.gov/vuln/detail/CVE-2017-10790 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit; h=d8d805e1f2e6799bb2dff4871a8598dc83088a39 (From OE-Core rev: 6176151625c971de031e14c97601ffd75a29772f) (From OE-Core rev: 649f78102222ec156d490968c13d3222379a1956) Patch from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h= pyro&id=cb4fd41504826905455a34d3cb85e952f4ed4991 Signed-off-by: Yue Tao <Yue.Tao@windriver.com> Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: CVE-2017-7407Sona Sarmadi2017-10-042-1/+202
| | | | | | | | | --write-out out of buffer read Reference: https://curl.haxx.se/docs/adv_20170403.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: CVE-2017-1000101Sona Sarmadi2017-10-042-0/+98
| | | | | | | | | | URL globbing out of bounds read Reference: https://curl.haxx.se/docs/adv_20170809A.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: CVE-2017-1000100Sona Sarmadi2017-10-042-0/+60
| | | | | | | | | TFTP sends more than buffer size Reference: https://curl.haxx.se/docs/adv_20170809B.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: CVE-2017-9502Sona Sarmadi2017-09-262-0/+70
| | | | | | | | | | | URL file scheme drive letter buffer overflow References: https://curl.haxx.se/docs/adv_20170614.html https://curl.haxx.se/CVE-2017-9502.patch Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* curl: CVE-2017-7468Sona Sarmadi2017-09-262-0/+304
| | | | | | | | | | | TLS session resumption client cert bypass (again) References: https://curl.haxx.se/docs/adv_20170419.html https://curl.haxx.se/CVE-2017-7468.patch Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* libxslt: Fix CVE-2015-9019Sona Sarmadi2017-08-212-0/+60
| | | | | | | | | | | | | | | Fixes a vulnerability in libxslt where the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-9019 Upstream patch: https://bug758400.bugzilla-attachments.gnome.org/attachment.cgi?id=349240&action=diff&collapsed=&context=patch&format=raw&headers=1 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* gnutls: CVE-2017-7869Sona Sarmadi2017-08-212-0/+64
| | | | | | | | | | | | | | | | | | | GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10. This issue affects only applications which utilize the OpenPGP certificate functionality of GnuTLS. References: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7869 Upstream patch: https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* fuse: remove bbappend for fuseNora Björklund2016-01-281-8/+0
| | | | | | | | | | | | | | | | | | | | Remove bbappend for fuse since the problem it was supposed to fix no longer persists. A bug was reported [1] that error occured when using $ /etc/init.d/fuse status When building the openembedded version without this bbappend there is no longer any error: root@qemuppc:~# /etc/init.d/fuse status Checking fuse filesystem ok. root@qemuppc:~# -------- [1] http://patchwork.openembedded.org/patch/68995/ Signed-off-by: Nora Björklund <nora.bjorklund@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
* fuse: Add fusermount package to fuse receipeMihaela Martinas2015-11-211-0/+8
Signed-off-by: Mihaela Martinas <Mihaela.Martinas@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-13 21:37:17 +0000