summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorMariano Lopez <mariano.lopez@linux.intel.com>2016-01-08 12:03:58 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-01-11 23:26:32 +0000
commite5c011b041dc27cdfeb840b6933dcb9752886bb9 (patch)
tree3737c18bbdaf971699c800e8983b25ae29db6fc9 /meta
parentf04fb8806c75fa7eb9d139c4daaae2de6da6e1ea (diff)
downloadpoky-e5c011b041dc27cdfeb840b6933dcb9752886bb9.tar.gz
Add "CVE:" tag to current patches in OE-core
The currnet patches in OE-core doesn't have the "CVE:" tag, now part of the policy of the patches. This is patch add this tag to several patches. There might be patches that I miss; the tag can be added in the future. (From OE-Core rev: 065ebeb3e15311d0d45385e15bf557b1c95b1669) Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch1
-rw-r--r--meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch1
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch1
-rw-r--r--meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch2
-rw-r--r--meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch1
-rw-r--r--meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch1
-rw-r--r--meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch1
-rw-r--r--meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch1
-rw-r--r--meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch1
-rw-r--r--meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch1
-rw-r--r--meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch1
-rw-r--r--meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch1
-rw-r--r--meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch1
-rw-r--r--meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch1
-rw-r--r--meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch1
-rw-r--r--meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch1
-rw-r--r--meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch1
-rw-r--r--meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch1
-rw-r--r--meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch1
-rw-r--r--meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch1
-rw-r--r--meta/recipes-extended/unzip/unzip/cve-2014-9636.patch1
-rw-r--r--meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch1
-rw-r--r--meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch1
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch1
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch1
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch1
-rw-r--r--meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch1
-rw-r--r--meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch1
-rw-r--r--meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch1
-rw-r--r--meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch1
36 files changed, 36 insertions, 1 deletions
diff --git a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
index f9252e9c22..65ddcaf128 100644
--- a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
+++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Accepted 1Upstream-Status: Accepted
2CVE: CVE-2015-8370
2Signed-off-by: Awais Belal <awais_belal@mentor.com> 3Signed-off-by: Awais Belal <awais_belal@mentor.com>
3 4
4From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 5From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
diff --git a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
index c9edb30597..c5a0be86f5 100644
--- a/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
+++ b/meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
@@ -3,6 +3,7 @@ ppp: Buffer overflow in radius plugin
3From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450 3From: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;bug=782450
4 4
5Upstream-Status: Backport 5Upstream-Status: Backport
6CVE: CVE-2015-3310
6 7
7On systems with more than 65535 processes running, pppd aborts when 8On systems with more than 65535 processes running, pppd aborts when
8sending a "start" accounting message to the RADIUS server because of a 9sending a "start" accounting message to the RADIUS server because of a
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch
index 72f77cc6bd..b904e46bda 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/0001-libext2fs-fix-potential-buffer-overflow-in-closefs.patch
@@ -4,6 +4,7 @@ Date: Fri, 6 Feb 2015 12:46:39 -0500
4Subject: [PATCH] libext2fs: fix potential buffer overflow in closefs() 4Subject: [PATCH] libext2fs: fix potential buffer overflow in closefs()
5 5
6Upstream-Status: Backport 6Upstream-Status: Backport
7CVE: CVE-2015-1572
7 8
8The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if 9The bug fix in f66e6ce4446: "libext2fs: avoid buffer overflow if
9s_first_meta_bg is too big" had a typo in the fix for 10s_first_meta_bg is too big" had a typo in the fix for
diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch
index 4de67c9704..5b6346b150 100644
--- a/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch
+++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs/CVE-2015-0247.patch
@@ -11,8 +11,8 @@ fs->desc_blocks. This doesn't correct the bad s_first_meta_bg value,
11but it avoids causing the e2fsprogs userspace programs from 11but it avoids causing the e2fsprogs userspace programs from
12potentially crashing. 12potentially crashing.
13 13
14Fixes CVE-2015-0247
15Upstream-Status: Backport 14Upstream-Status: Backport
15CVE: CVE-2015-0247
16 16
17Signed-off-by: Theodore Ts'o <tytso@mit.edu> 17Signed-off-by: Theodore Ts'o <tytso@mit.edu>
18Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 18Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
diff --git a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
index 84e8ddcca7..deba45fa86 100644
--- a/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
+++ b/meta/recipes-devtools/elfutils/elfutils-0.148/elf_begin.c-CVE-2014-9447-fix.patch
@@ -7,6 +7,7 @@ this patch is from:
7 https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e 7 https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
8 8
9Upstream-Status: Backport 9Upstream-Status: Backport
10CVE: CVE-2014-9447
10 11
11Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com> 12Signed-off-by: Li Xin <lixin.fnst@cn.fujitsu.com>
12--- 13---
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch
index b107e8f047..a2691f6da8 100644
--- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch
+++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch
@@ -4,6 +4,7 @@ Date: Wed, 10 Jun 2015 14:36:56 +0000
4Subject: [PATCH 2/2] rpm: CVE-2013-6435 4Subject: [PATCH 2/2] rpm: CVE-2013-6435
5 5
6Upstream-Status: Backport 6Upstream-Status: Backport
7CVE: CVE-2013-6435
7 8
8Reference: 9Reference:
9https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6435 10https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-6435
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch
index bf1795ca49..985f150f0f 100644
--- a/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch
+++ b/meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch
@@ -4,6 +4,7 @@ Date: Wed, 10 Jun 2015 12:56:55 +0000
4Subject: [PATCH 1/2] rpm: CVE-2014-8118 4Subject: [PATCH 1/2] rpm: CVE-2014-8118
5 5
6Upstream-Status: Backport 6Upstream-Status: Backport
7CVE: CVE-2014-8118
7 8
8Reference: 9Reference:
9https://bugzilla.redhat.com/show_bug.cgi?id=1168715 10https://bugzilla.redhat.com/show_bug.cgi?id=1168715
diff --git a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
index f054452f37..bea325ea05 100644
--- a/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
+++ b/meta/recipes-devtools/rsync/rsync-2.6.9/rsync-2.6.9-fname-obo.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ] 1Upstream-Status: Backport [ The patch is rsync-2.6.9 specific ]
2CVE: CVE-2007-4091
2 3
3The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to 4The patch is from https://issues.rpath.com/browse/RPL-1647 and is used to
4address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091 5address http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-4091
diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch
index 5ece5420a3..19e7f39167 100644
--- a/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch
+++ b/meta/recipes-devtools/rsync/rsync-3.1.1/0001-Complain-if-an-inc-recursive-path-is-not-right-for-i.patch
@@ -6,6 +6,7 @@ Subject: [PATCH] Complain if an inc-recursive path is not right for its dir.
6 trasnfer path. 6 trasnfer path.
7 7
8Upstream-Status: BackPort 8Upstream-Status: BackPort
9CVE: CVE-2014-9512
9 10
10Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary 11Fix the CVE-2014-9512, rsync 3.1.1 allows remote attackers to write to arbitrary
11files via a symlink attack on a file in the synchronization path. 12files via a symlink attack on a file in the synchronization path.
diff --git a/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
index 1fcac490ae..c86f478ef1 100644
--- a/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
+++ b/meta/recipes-devtools/rsync/rsync-3.1.1/rsync.git-eac858085.patch
@@ -5,6 +5,7 @@ Subject: [PATCH 1/1] Add compat flag to allow proper seed checksum order.
5 Fixes the equivalent of librsync's CVE-2014-8242 issue. 5 Fixes the equivalent of librsync's CVE-2014-8242 issue.
6 6
7Upstream-Status: Backport 7Upstream-Status: Backport
8CVE: CVE-2014-8242
8 9
9Signed-off-by: Roy Li <rongqing.li@windriver.com> 10Signed-off-by: Roy Li <rongqing.li@windriver.com>
10--- 11---
diff --git a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
index 8f719ad8d6..5c999197ff 100644
--- a/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
+++ b/meta/recipes-extended/cpio/cpio-2.12/0001-Fix-CVE-2015-1197.patch
@@ -11,6 +11,7 @@ Author: Vitezslav Cizek <vcizek@suse.cz>
11Bug-Debian: https://bugs.debian.org/774669 11Bug-Debian: https://bugs.debian.org/774669
12 12
13Upstream-Status: Pending 13Upstream-Status: Pending
14CVE: CVE-2015-1197
14Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 15Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
15Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> 16Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
16 17
diff --git a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch
index 49a7cf52a6..a31573510a 100644
--- a/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch
+++ b/meta/recipes-extended/cpio/cpio-2.8/avoid_heap_overflow.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624] 1Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624]
2CVE: CVE-2010-0624
2 3
3This patch avoids heap overflow reported by : 4This patch avoids heap overflow reported by :
4http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624 5http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624
diff --git a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
index 059d0687b3..721f2a0a63 100644
--- a/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
+++ b/meta/recipes-extended/grep/grep-2.5.1a/grep-CVE-2012-5667.patch
@@ -10,6 +10,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5667
10Upstream-Status: Inappropriate [other] 10Upstream-Status: Inappropriate [other]
11This version of GNU Grep has been abandoned upstream and they are no longer 11This version of GNU Grep has been abandoned upstream and they are no longer
12accepting patches. This is not a backport. 12accepting patches. This is not a backport.
13CVE: CVE-2012-5667
13 14
14Signed-off-by Ming Liu <ming.liu@windriver.com> 15Signed-off-by Ming Liu <ming.liu@windriver.com>
15--- 16---
diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch
index 126f80e044..19523f4b89 100644
--- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch
+++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch
@@ -6,6 +6,7 @@ Subject: [PATCH] Fix CVE-2013-0211
6This patch comes from:https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4 6This patch comes from:https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4
7 7
8Upstream-Status: Backport 8Upstream-Status: Backport
9CVE: CVE-2013-0211
9 10
10Signed-off-by: Baogen shang <baogen.shang@windriver.com> 11Signed-off-by: Baogen shang <baogen.shang@windriver.com>
11 12
diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch
index 4ca779c40f..5c24396354 100644
--- a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch
+++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2015-2304.patch
@@ -7,6 +7,7 @@ This fixes a directory traversal in the cpio tool.
7 7
8 8
9Upstream-Status: backport 9Upstream-Status: backport
10CVE: CVE-2015-2304
10 11
11Signed-off-by: Li Zhou <li.zhou@windriver.com> 12Signed-off-by: Li Zhou <li.zhou@windriver.com>
12--- 13---
diff --git a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch
index 5d616458bc..13b955c4b5 100644
--- a/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch
+++ b/meta/recipes-extended/mailx/files/0011-outof-Introduce-expandaddr-flag.patch
@@ -13,6 +13,7 @@ This patch is taken from
13ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz 13ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz
14 14
15Upstream-Status: Inappropriate [upstream is dead] 15Upstream-Status: Inappropriate [upstream is dead]
16CVE: CVE-2014-7844
16--- 17---
17 mailx.1 | 14 ++++++++++++++ 18 mailx.1 | 14 ++++++++++++++
18 names.c | 3 +++ 19 names.c | 3 +++
diff --git a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch
index f65cfa8ca7..ae14b8acfe 100644
--- a/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch
+++ b/meta/recipes-extended/mailx/files/0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch
@@ -7,6 +7,7 @@ This patch is taken from
7ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz 7ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz
8 8
9Upstream-Status: Inappropriate [upstream is dead] 9Upstream-Status: Inappropriate [upstream is dead]
10CVE: CVE-2004-2771
10--- 11---
11 fio.c | 2 +- 12 fio.c | 2 +-
12 1 file changed, 1 insertion(+), 1 deletion(-) 13 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
index f156290bf6..741a99035c 100644
--- a/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
+++ b/meta/recipes-extended/rpcbind/rpcbind/cve-2015-7236.patch
@@ -36,6 +36,7 @@ Date: Thu Aug 6 16:27:20 2015 +0200
36 Signed-off-by: Olaf Kirch <okir@...e.de> 36 Signed-off-by: Olaf Kirch <okir@...e.de>
37 37
38 Upstream-Status: Backport 38 Upstream-Status: Backport
39 CVE: CVE-2015-7236
39 40
40 Signed-off-by: Li Zhou <li.zhou@windriver.com> 41 Signed-off-by: Li Zhou <li.zhou@windriver.com>
41--- 42---
diff --git a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
index 2bc9a59bea..4ac820fde2 100644
--- a/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
+++ b/meta/recipes-extended/screen/screen/0001-Fix-stack-overflow-due-to-too-deep-recursion.patch
@@ -10,6 +10,7 @@ This is time consuming and will overflow stack if n is huge.
10Fixes CVE-2015-6806 10Fixes CVE-2015-6806
11 11
12Upstream-Status: Backport 12Upstream-Status: Backport
13CVE: CVE-2015-6806
13 14
14Signed-off-by: Kuang-che Wu <kcwu@csie.org> 15Signed-off-by: Kuang-che Wu <kcwu@csie.org>
15Signed-off-by: Amadeusz Sławiński <amade@asmblr.net> 16Signed-off-by: Amadeusz Sławiński <amade@asmblr.net>
diff --git a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch
index da2ae3cb0f..af5026f529 100644
--- a/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch
+++ b/meta/recipes-extended/tar/tar-1.17/avoid_heap_overflow.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624] 1Upstream-Status: Inappropriate [bugfix: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624]
2CVE: CVE-2010-0624
2 3
3This patch avoids heap overflow reported by : 4This patch avoids heap overflow reported by :
4http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624 5http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624
diff --git a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
index 9ba3c1dc62..afc4c734a7 100644
--- a/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
+++ b/meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
@@ -3,6 +3,7 @@ Subject: unzip files encoded with non-latin, non-unicode file names
3Last-Update: 2015-02-11 3Last-Update: 2015-02-11
4 4
5Upstream-Status: Backport 5Upstream-Status: Backport
6CVE: CVE-2015-1315
6 7
7Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com> 8Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com>
8to fix buffer overflow in charset_to_intern() 9to fix buffer overflow in charset_to_intern()
diff --git a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
index e137f0dc76..0e497cc65f 100644
--- a/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
+++ b/meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
@@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722
5The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz 5The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
6 6
7Upstream-Status: Backport 7Upstream-Status: Backport
8CVE: CVE-2014-8139
8 9
9Signed-off-by: Roy Li <rongqing.li@windriver.com> 10Signed-off-by: Roy Li <rongqing.li@windriver.com>
10 11
diff --git a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
index edc7d515b0..c989df1896 100644
--- a/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
+++ b/meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
@@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722
5The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz 5The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
6 6
7Upstream-Status: Backport 7Upstream-Status: Backport
8CVE: CVE-2014-8140
8 9
9Signed-off-by: Roy Li <rongqing.li@windriver.com> 10Signed-off-by: Roy Li <rongqing.li@windriver.com>
10 11
diff --git a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
index d0c1db3925..c48c23f304 100644
--- a/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
+++ b/meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
@@ -5,6 +5,7 @@ Bug-Debian: http://bugs.debian.org/773722
5The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz 5The patch comes from unzip_6.0-8+deb7u2.debian.tar.gz
6 6
7Upstream-Status: Backport 7Upstream-Status: Backport
8CVE: CVE-2014-8141
8 9
9Signed-off-by: Roy Li <rongqing.li@windriver.com> 10Signed-off-by: Roy Li <rongqing.li@windriver.com>
10 11
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
index ea93823cbe..87eed965d0 100644
--- a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
+++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Backport 1Upstream-Status: Backport
2CVE: CVE-2015-7696
2Signed-off-by: Tudor Florea <tudor.flore@enea.com> 3Signed-off-by: Tudor Florea <tudor.flore@enea.com>
3 4
4From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001 5From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
index da68988338..a8f293674b 100644
--- a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
+++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Backport 1Upstream-Status: Backport
2CVE: CVE-2015-7697
2Signed-off-by: Tudor Florea <tudor.flore@enea.com> 3Signed-off-by: Tudor Florea <tudor.flore@enea.com>
3 4
4From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001 5From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001
diff --git a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
index 0a0bfbbb17..5fcd318b25 100644
--- a/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
+++ b/meta/recipes-extended/unzip/unzip/cve-2014-9636.patch
@@ -4,6 +4,7 @@ Date: Wed, 11 Feb 2015
4Subject: Info-ZIP UnZip buffer overflow 4Subject: Info-ZIP UnZip buffer overflow
5 5
6Upstream-Status: Backport 6Upstream-Status: Backport
7CVE: CVE-2014-9636
7 8
8By carefully crafting a corrupt ZIP archive with "extra fields" that 9By carefully crafting a corrupt ZIP archive with "extra fields" that
9purport to have compressed blocks larger than the corresponding 10purport to have compressed blocks larger than the corresponding
diff --git a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
index 0542dbe835..c44c5a113f 100644
--- a/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
+++ b/meta/recipes-extended/xinetd/xinetd/xinetd-CVE-2013-4342.patch
@@ -9,6 +9,7 @@ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4342
9the patch come from: 9the patch come from:
10https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff 10https://bugzilla.redhat.com/attachment.cgi?id=799732&action=diff
11 11
12CVE: CVE-2013-4342
12Signed-off-by: Li Wang <li.wang@windriver.com> 13Signed-off-by: Li Wang <li.wang@windriver.com>
13--- 14---
14 xinetd/builtins.c | 2 +- 15 xinetd/builtins.c | 2 +-
diff --git a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
index 1e31caa90a..94213a74ef 100644
--- a/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
+++ b/meta/recipes-multimedia/libav/libav/libav-fix-CVE-2014-9676.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Backport 1Upstream-Status: Backport
2CVE: CVE-2014-9676
2 3
3Backport patch to fix CVE-2014-9676. 4Backport patch to fix CVE-2014-9676.
4 5
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
index c9addca28e..f0667741c8 100644
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4242.patch
@@ -11,6 +11,7 @@ git://git.gnupg.org/libgcrypt.git
11exponents in secure memory. 11exponents in secure memory.
12 12
13Upstream-Status: Backport 13Upstream-Status: Backport
14CVE: CVE-2013-4242
14 15
15Signed-off-by: Kai Kang <kai.kang@windriver.com> 16Signed-off-by: Kai Kang <kai.kang@windriver.com>
16-- 17--
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
index b29ede4233..b50a32f40c 100644
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4351.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Backport 1Upstream-Status: Backport
2CVE: CVE-2013-4351
2 3
3Index: gnupg-1.4.7/g10/getkey.c 4Index: gnupg-1.4.7/g10/getkey.c
4=================================================================== 5===================================================================
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
index b1a22f5853..5dcde1f9cb 100644
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/CVE-2013-4576.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Backport 1Upstream-Status: Backport
2CVE: CVE-2013-4576
2 3
3Index: gnupg-1.4.7/cipher/dsa.c 4Index: gnupg-1.4.7/cipher/dsa.c
4=================================================================== 5===================================================================
diff --git a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
index 8b5d9a1693..362717636b 100644
--- a/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
+++ b/meta/recipes-support/gnupg/gnupg-1.4.7/GnuPG1-CVE-2012-6085.patch
@@ -17,6 +17,7 @@ Date: Thu Dec 20 09:43:41 2012 +0100
17 (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa) 17 (cherry-picked from commit f795a0d59e197455f8723c300eebf59e09853efa)
18 18
19Upstream-Status: Backport 19Upstream-Status: Backport
20CVE: CVE-2012-6085
20 21
21Signed-off-by: Saul Wold <sgw@linux.intel.com> 22Signed-off-by: Saul Wold <sgw@linux.intel.com>
22 23
diff --git a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch
index e4d09c2ac7..f4113efba9 100644
--- a/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch
+++ b/meta/recipes-support/libxslt/libxslt/CVE-2015-7995.patch
@@ -8,6 +8,7 @@ We need to check that the parent node is an element before dereferencing
8its namespace 8its namespace
9 9
10Upstream-Status: Backport 10Upstream-Status: Backport
11CVE: CVE-2015-7995
11 12
12https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 13https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617
13 14
diff --git a/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch b/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch
index 3c4a00ef3e..61fa7e5692 100644
--- a/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch
+++ b/meta/recipes-support/libyaml/files/libyaml-CVE-2014-9130.patch
@@ -10,6 +10,7 @@ The patch comes from
10https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 10https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
11 11
12Upstream-Status: Backport 12Upstream-Status: Backport
13CVE: CVE-2014-9130
13 14
14Signed-off-by: Yue Tao <yue.tao@windriver.com> 15Signed-off-by: Yue Tao <yue.tao@windriver.com>
15 16
diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
index 2407771804..9b9980397a 100644
--- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
+++ b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
@@ -1,4 +1,5 @@
1Upstream-Status: Backport 1Upstream-Status: Backport
2CVE: CVE-2012-2738
2Signed-off-by: Ross Burton <ross.burton@intel.com> 3Signed-off-by: Ross Burton <ross.burton@intel.com>
3 4
4From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001 5From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001