summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* rpcbind: Fix CVE-2017-8779Fan Xin2017-06-052-0/+222
| | | | | | | | | | | | | | | This vulnerability is also called "rpcbomb". Backport upstream patch to fix this vulnerability. CVE: CVE-2017-8779 (From OE-Core rev: 7936c9451eb4c376a78a0ac7461d1b2430c7f1f3) (From OE-Core rev: bab6667d44df185b4433bcd1c283105966383844) Signed-off-by: Fan Xin<fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* binutils: Fix CVE-2017-8392Fan Xin2017-06-053-0/+110
| | | | | | | | | | | | | | | | | | | | | | Backport upsream commit to fix CVE-2017-8392 CVE: CVE-2017-8392 [BZ 21409] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21409 PR 21409, segfault in _bfd_dwarf2_find_nearest_line PR 21409 * dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when no symbols. (From OE-Core rev: dff01b827c87ae135a1d5511b1efbdad01c0eaee) (From OE-Core rev: c5a5017ce710108c61dba0e0af72bb72a9419701) Signed-off-by: Fan Xin <fan.xin@jp.fujitsu.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check.bbclass: make warning contain CVE IDsChen Qi2017-06-051-4/+5
| | | | | | | | | | | | | | | | | | | When warning users about unpatched CVE, we'd better put CVE IDs into the warning message, so that it would be more straight forward for the user to know which CVEs are not patched. So instead of: WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE, for more information check /path/to/workdir/cve/cve.log. We should have: WARNING: gnutls-3.5.9-r0 do_cve_check: Found unpatched CVE (CVE-2017-7869), for more information check /path/to/workdir/cve/cve.log. (From OE-Core rev: ad46069e7b58f2fba373131716f28407816fa1a6) (From OE-Core rev: e0e1414a4574d4165a8dc5d0d9d0d5b5a660355f) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cve-check-tool: backport a patch to make CVE checking workChen Qi2017-06-052-0/+53
| | | | | | | | | | | | | | | | | CVE checking in OE didn't work as do_populate_cve_db failed with the following error message. [snip]/downloads/CVE_CHECK/nvdcve-2.0-2002.xml is not consistent Backport a patch to fix this error. (From OE-Core rev: ee55b5685aaa4be92d6d51f8641a559d4e34ce64) (From OE-Core rev: e0f0a7283c597e783b69aac2c8e8a7663b70262d) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* oeqa/selftest: lock down Meson git revision for reliabilityRoss Burton2017-06-051-2/+2
| | | | | | | | | | | | | | | | The test_recipetool_create_github test fetches HEAD of the repository so upstream changes can (and do) break the test. Avoid these problems by passing the rev= argument in the URL to lock the checkout to the same version that is fetched in the github_tarball test. Also pass the commands to runCmd() as a list instead of a string, the semicolon in the URL needs more quotes if the shell is involved and passing a list bypasses the shell entirely. (From OE-Core rev: 5f02b4300fb2ed54270aede54d30317ba757f587) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* scriptutils: fix fetch_uri() to work with RSSPaul Eggleton2017-05-301-24/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | Since recipe-specific sysroots were implemented, devtool add and devtool upgrade operations that fetch from a URL that requires native sysroot dependencies will fail to work as there is no recipe-specific sysroot set up for them during fetching. An example was any URL pointing to a tarball compressed with xz, e.g. devtool upgrade on gnutls. The most expedient way to fix this is to set up a dummy recipe-specific sysroot to use for the fetch/unpack operations. We do this in the same manner as bitbake -b does, so we're just taking all of the sysroot components available and creating a sysroot from those rather than ensuring the correct dependencies are there - this means that we're still going to have problems if e.g. xz-native hasn't been built yet, but that issue will be trickier to solve and is tracked separately. Fixes [YOCTO #11474]. (From OE-Core master rev: 559151e783759af78b5cdd76cdbb9ce325a391e6) (From OE-Core rev: 9e7905c7bada1bafda661fc4a6177afeef0f5015) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* cryptodev-linux: update SRC_URIChang Rebecca Swee Fun2017-05-271-1/+1
| | | | | | | | | | | | | | | Gna! project announced that the download site from gna.org HTTP server will soon be closing down. We have verified that the site is no longer accessible without network proxy cache. We need to update SRC_URI to point to new alternative (nwl.cc HTTP server) in order to avoid fetcher issues in future. [YOCTO #11575] (From OE-Core rev: 3195f7e68eb5cfb2af3506fe4b0dcb2f8cd9ee10) Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bash: CVE-2016-0634Zhixiong Chi2017-05-181-0/+3
| | | | | | | | | | | | | | | | | | | A vulnerability was found in a way bash expands the $HOSTNAME. Injecting the hostname with malicious code would cause it to run each time bash expanded \h in the prompt string. Porting patch from <https://ftp.gnu.org/gnu/bash/bash-4.3-patches/ bash43-047> to solve CVE-2016-0634 CVE: CVE-2016-0634 (From OE-Core rev: 7dd6aa1a4bf6e9fc8a1998cda6ac5397bb5cd5cb) (From OE-Core rev: a4b37b05140b549960baef49237ce3316e84a041) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* staging: Allow BB_LIMITEDDEPS to avoid BB_TASKDEPDATARichard Purdie2017-05-181-16/+16
| | | | | | | | | | | | | | | | In the limited dependency case we don't use any of the data from BB_TASKDEPDATA. Restructure the code so this variable doesn't have to be set. This allows the function to be called from other contexts without creating artificial constructs. There should be no functional change, behaviour remains unchanged. (From OE-Core rev: 71e5243e3ebadb90b45fe418dac3eaa2c1b896bd) (From OE-Core rev: e962e257f4c124869953d1fbb3da7dbf564f818a) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate: Ensure native/cross recipes have relocation of HOSTTOOLS_DIRRichard Purdie2017-05-181-1/+1
| | | | | | | | | | | | | | The previous change to relocate HOSTTOOLS wasn't complete as some files, particularly in gcc stashed build directories were not being correctly relocated. This patch addresses the issue. (From OE-Core rev: 21dd36cc12a033b012544c5d15a6f8afd84dabc9) (From OE-Core rev: 64c2f8acd02e0e5dca234b36a2a7097c0c16f7c2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python.inc: Fix python2/3 hosttools path referencesRichard Purdie2017-05-181-0/+6
| | | | | | | | | | | | | Both native and target versions of this file reference mkdir and install in hosttools paths. Use the version from PATH instead. (From OE-Core rev: 080197bf3bdf612da8104c2ae7f0b2c8dea32a0b) (From OE-Core rev: 8e3134953edfc88bf3d135b5dc00d361f84b5f37) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* rpm: Ensure macros file doesn't reference HOSTTOOLSRichard Purdie2017-05-181-0/+4
| | | | | | | | | | | | | | Currently the file encodes full paths to various host tools in the HOSTTOOLS directory which is bad in native and target cases. We can simply use the versions from PATH quite safely in OE. (From OE-Core rev: be901200d94beaa35e1d05eb502b117b3b523609) (From OE-Core rev: 2a12c159aae9877a05e0ba023de278cdca59ac45) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* GNU_MIRROR: switch from ftp to httpsMaxin B. John2017-05-111-1/+1
| | | | | | | | | | Based on the same reason behind DEBIAN's switch from ftp: https://www.debian.org/News/2017/20170425 (From OE-Core rev: ba119d836c0f4b20a39c92fa2e64abb0d5a55ad4) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* DEBIAN_MIRROR: switch from ftp to httpMaxin B. John2017-05-112-19/+19
| | | | | | | | | | | | | | All public-facing debian.org FTP services will be shut down on November 1, 2017 The mirrors should just be accessed using HTTP instead. https://www.debian.org/News/2017/20170425 Fixes [YOCTO #11413] (From OE-Core rev: c2cdc4d9155d7a3b9cba60fa9cbb448cf64c62bd) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* useradd: remove preinst script referring to recipe sysrootMaxin B. John2017-05-111-1/+1
| | | | | | | | | | | | | | | | Remove recipe-specific-sysroot details from the preinst scripts generated by useradd.bbclass. This was added to match the default from bitbake.conf. Unlike the default case, the dependencies used by useradd mean that a default passwd/group file is always present. This means we don't need the native sysroot fallback. Fixes [YOCTO #11460] (From OE-Core rev: dfc9323c1cd7814989766be5bd1861fbaa739d2d) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* useradd.bbclass: Handle COMPONENTS_DIR when restoring statePeter Kjellerstedt2017-05-112-1/+6
| | | | | | | | | | | The export of PSEUDO in useradd_sysroot() contains references to ${COMPONENTS_DIR}. These need to be handled when restoring postinst-useradd-${PN} from the sstate cache. (From OE-Core rev: 097875bc9ab9d60a452b01ac6825775983684d68) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: Add COMPONENTS_DIR for ${STAGING_DIR}-componentsPeter Kjellerstedt2017-05-1112-17/+18
| | | | | | | | | | The path to where to install and find the sysroot components is used in many places. This warrants it to get its own variable. (From OE-Core rev: 70a84b525470f72339568409daf84845904e4cab) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-project-qs: Updated output for git clone of meta-intel.Scott Rifenbark2017-05-101-5/+5
| | | | | | | (From yocto-docs rev: 446ca716612ced4931b42abd769e0743a3413710) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* yocto-project-qs: Updated git clone output for pyro poky.Scott Rifenbark2017-05-101-5/+6
| | | | | | | (From yocto-docs rev: 50b2ca338312309dd434418e0c88e725c3791ee1) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: Removed section on checking for build-time dependencies.Scott Rifenbark2017-05-101-59/+0
| | | | | | | | | | This scheme has changed due to recipe-specific sysroots making it obsolete. Removed the entire section. (From yocto-docs rev: c52a896829212863402e5532dd8fb7fe4c247fca) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual, dev-manual: replaced "depexp" with "taskexp"Scott Rifenbark2017-05-103-4/+4
| | | | | | | (From yocto-docs rev: 3d7a13357a12b70d0c46b8aafdaf2ace20dcb970) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: Removed text surrounding BB_SETSCENE_VERIFY_FUNCTION* varsScott Rifenbark2017-05-101-11/+0
| | | | | | | | | | | | The BB_SETSCENE_VERIFY_FUNCTION2 variable no longer exists. I removed a link to the BB manual to this variable description, which no longer exists. Also, removed a paragraph in the discussion around setscene that talked about the variable. (From yocto-docs rev: 1f8e3d53ee72c369cb1211332e074976737fd76b) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dev-manual: Cleaned up "Gdbserver" termScott Rifenbark2017-05-101-16/+16
| | | | | | | | | This should be "gdbserver" when referred to generically. (From yocto-docs rev: 83b2be50e34b0c07cce1f27b55e595752b80b3ea) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dev-manual: Updated a few occurrences of "dnf" to "DNF"Scott Rifenbark2017-05-101-3/+3
| | | | | | | | | | These depend on context. In general, "DNF" is the preferred terminology unless directly referring to an application or such. (From yocto-docs rev: 29012a8f8e21b964e1ea6d32841dffa8dae7df9f) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* dev-manual: Changed "Dnf" to "DNF" for consistencyScott Rifenbark2017-05-102-3/+3
| | | | | | | (From yocto-docs rev: 22ca6c591fd28995a5444635dc787c67f8af822a) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: Added links for variablesScott Rifenbark2017-05-101-5/+8
| | | | | | | | | Needed to add cross-links into the glossary for various variables. (From yocto-docs rev: 45acf78a2f99e8fda91042c2bee30094255e5a10) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: Added 4 DISTRO_FEATURES* variable descriptions.Scott Rifenbark2017-05-101-0/+77
| | | | | | | | | | | | | | | | Added the following: * DISTRO_FEATURES_NATIVE * DISTRO_FEATURES_NATIVESDK * DISTRO_FEATURES_FILTER_NATIVE * DISTRO_FEATURES_FILTER_NATIVESDK to the variables glossary. (From yocto-docs rev: ee68291c32cdbf8004c24295784c0f70f02c0a55) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual, dev-manual: Completed first draft of 2.3 migration section.Scott Rifenbark2017-05-108-109/+538
| | | | | | | (From yocto-docs rev: 42ab9e34da640b46d39741c9c83648dc65518ec1) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: Applied 2.3 Migration review comments.Scott Rifenbark2017-05-101-49/+120
| | | | | | | (From yocto-docs rev: 08a077adea37d5b3eb3ac119b1a5981a6fef21a3) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: Added new glossary entries for HOSTTOOLS* variables.Scott Rifenbark2017-05-101-0/+47
| | | | | | | | | Entry added for HOSTTOOLS and HOSTTOOLS_NONFATAL. (From yocto-docs rev: c766920a13071c1bb46a195ea07be38962d2e12d) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to master head revisionyocto-2.3pyro-17.0.0Richard Purdie2017-05-011-1/+1
| | | | | | (From OE-Core rev: 123962018251dfb1d6ca5aa5c0d02534007de3ab) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* sstate.bbclass, staging.bbclass: Handle HOSTTOOLS_DIR when restoring statePeter Kjellerstedt2017-05-013-3/+3
| | | | | | | | | | | Paths to host tools that have been copied to ${HOSTTOOLS_DIR} may end up in the sstate cache. They thus need to be corrected when restoring from the sstate cache. (From OE-Core rev: f8671aecf05a286dd2b34b07bb5fbbe0c31e26d0) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bitbake.conf: Add HOSTTOOLS_DIR for ${TMPDIR}/hosttoolsPeter Kjellerstedt2017-05-013-3/+6
| | | | | | | | | | | The path to where to install and find the tools copied from the host environment is already used in a couple of places. This warrants it to get its own variable. (From OE-Core rev: 8164c466943ffedff399009bf5547dba4f06d6c8) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to master head revisionRichard Purdie2017-04-291-1/+1
| | | | | | (From OE-Core rev: 4fe59183dae7c556363bc885cfda11a38c0d2d47) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ref-manual: Added warning for nativesdk recipe naming conventionScott Rifenbark2017-04-291-0/+8
| | | | | | | | | | | | | | Fixes [YOCTO #11411] To help clear up the importance of the naming convention a user must follow when creating a nativesdk-myrecipe.bb recipe that inherits the nativesdk class, I placed a warning note at the end of the section for the "nativesdk.bbclass" section. (From yocto-docs rev: e6dc512aaeb0267c2c15c17a599c6950728b4547) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky.ent: Added "iputils-ping" to Ubuntu/Debian essential packagesScott Rifenbark2017-04-291-1/+1
| | | | | | | | | | | | Fixes [YOCTO #11310] Added the "iputils-ping" package to the list of essential host packages. (From yocto-docs rev: c6478419940405091d59312d22c45e3f32f9c94d) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* poky.ent: Added "python3-pexpect" to distrosScott Rifenbark2017-04-291-4/+4
| | | | | | | | | | | Fixes [YOCTO #11310] Added this package to Ubuntu/Debina, Fedora, and OpenSUSE. (From yocto-docs rev: e010d1abc083ed064c5340146bcac213286d973c) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* build-appliance-image: Update to master head revisionRichard Purdie2017-04-291-1/+1
| | | | | | (From OE-Core rev: 766bef5755521960e24ed7192214bf66bbee8354) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_deb.bbclass: Avoid writing empty custom fieldsAndreas Oberritter2017-04-291-1/+1
| | | | | | | | | | Avoids parser errors if PACKAGE_ADD_METADATA_DEB is set to an empty value. (From OE-Core rev: f0959c0908dfb386d29f13fcd3e57b2b004c6c14) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* package_deb.bbclass: Fix multi-line package descriptionsAndreas Oberritter2017-04-291-4/+1
| | | | | | | | | | | In deb control files, each line of a long description starts with a single space. Empty lines are represented by a single space followed by a single full stop character. (From OE-Core rev: f66278f471c0bf9421ce2c55a56a144a0f9332bf) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* busybox: make bash a valid login shell if enabledAndreas Oberritter2017-04-291-0/+9
| | | | | | | | | | Add bash to /etc/shells if busybox is built with bash applet anabled to fix login via dropbear. (From OE-Core rev: 86a2db0b2997fd05882ae0119ef45b1ea5411d39) Signed-off-by: Andreas Oberritter <obi@opendreambox.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* gst-player: Disable visualizations as workaroundJussi Kukkonen2017-04-292-0/+60
| | | | | | | | | | | Audio playback in gtk-play is broken with vaapi because the visualizations do not work: disable visualizations as workaround. This should be reverted as soon as [YOCTO #11410] is fixed. (From OE-Core rev: 1092a8d4bc78a53f60ad0137aeb08b31853db9eb) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libxml2: CVE-2016-9318Catalin Enache2017-04-292-0/+208
| | | | | | | | | | | | | | | | | | | | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document. Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9318 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0 (From OE-Core rev: 0dd44c00e3b2fbc3befc3f361624a3a60161d979) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript : CVE-2016-10219, CVE-2016-10220, CVE-2017-5951Catalin Enache2017-04-294-0/+151
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file that is mishandled in the PDF Transparency module. The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8 http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8 (From OE-Core rev: 6679a4d4379f6f18554ed0042546cce94d5d0b19) Signed-off-by: Catalin Enache <catalin.enache@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2016-6170Yi Zhao2017-04-292-0/+1091
| | | | | | | | | | | | | | | | | | | | | | CVE-2016-6170: ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x through 9.11.0b1 allows primary DNS servers to cause a denial of service (secondary DNS server crash) via a large AXFR response, and possibly allows IXFR servers to cause a denial of service (IXFR client crash) via a large IXFR response and allows remote authenticated users to cause a denial of service (primary DNS server crash) via a large UPDATE message. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-6170 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=1bbcfe2fc84f57b1e4e075fb3bc2a1dd0a3a851f (From OE-Core rev: 14abd767349bc868ca59838f1af3aaf17dfe4350) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* bind: Security fix CVE-2016-8864Yi Zhao2017-04-292-0/+220
| | | | | | | | | | | | | | | | | | | | CVE-2016-8864: named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. External References: https://nvd.nist.gov/vuln/detail/CVE-2016-8864 Patch from: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commit;h=c1d0599a246f646d1c22018f8fa09459270a44b8 (From OE-Core rev: c06f3a5993c7d63d91840c2a4d5b621e946ef78f) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* linux-libc-headers: fix upstream version checkAlexander Kanavin2017-04-291-0/+1
| | | | | | | | (From OE-Core rev: 83d55bcc63510d3704078f19c255c524d8fffc39) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* libproxy: speed up upstream version checkAlexander Kanavin2017-04-291-0/+1
| | | | | | | | | | Something in the fetched webpage made the default regex matching really slow. (From OE-Core rev: e4d1100a84e28cb97438c18df6d9f98996a7d578) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* boost: fix upstream version checkAlexander Kanavin2017-04-291-1/+2
| | | | | | | | (From OE-Core rev: b64c4d7e033acf5d58c0fdee6907ea6983a67138) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* python3-iniparse: fix upstream version checkAlexander Kanavin2017-04-291-0/+1
| | | | | | | | (From OE-Core rev: 21e9e3642d1dbd3d868a4472716f633bd5626b08) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-07 05:03:32 +0000