| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
affect python-2.7 < 2.7.10
(From OE-Core rev: 1b16f5238460f65168851d5cdf74e7e0e64f6bdf)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Affects python-2.7 < 2.7.12
(From OE-Core rev: d25b86ce8f2712d02bb7cde78d7f9ea5a57a7770)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Affects python < 2.7.12
(From OE-Core rev: dd1a22f4beeb4100388efdc072e7cff2025535a7)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.2i
(From OE-Core rev: 0256b61cdafe540edb3cec2a34429e24b037cfae)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.2i
(From OE-Core rev: 31e8b48da540d357ac0e7ac17ff41d7eadf4f963)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affect bind < 9.10.4-p3
(From OE-Core rev: 57b4c03b263f2ad056d7973038662d6d6614a9de)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affect bind < 9.10.4-p2
(From OE-Core rev: 54bf7379036eec6d6c4399aa374f898ba3464996)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects gnutls < 3.3.24
(From OE-Core rev: c0a682cfeedfc8976324a3bba863f1d9b0127d76)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
find-version always assumes that gnupg is beta if autogen.sh is run
out of git-repo. This doesn't work for users whom just take release
tarball and re-run autoconf in their local build dir.
This fixes runtime issue:
$gpg --list-sigs
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
(From OE-Core rev: d39e7ca717b67ad9f2f78b83d90d91e410e52965)
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2016-1238 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab
(From OE-Core rev: 7d06ffcbcd0c71dc6dc9efde02bf0cd8d7c7d7e3)
(From OE-Core rev: 39ef8e22b52d3f5daa853aa7866145e9c5469d4b)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed up to apply to 5.20.0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2015-8607 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/0b6f93036de171c12ba95d415e264d9cf7f4e1fd
(From OE-Core rev: e2289647ace9ef96e6a7e4aae201fd9149e56678)
(From OE-Core rev: d0451b2ed92867a0a2c37baded45cff997739153)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fixed up to apply to 5.22.0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2016-6185 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7
(From OE-Core rev: 81e550d0c23c9842b85207cdfa73bbe9102e01fb)
(From OE-Core rev: 6c72a96e0492e71b6eb9ae72883f4087e75265f0)
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
fixed up to apply against 5.22.0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport patch to fix CVE-2016-2381 from perl upstream:
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
(From OE-Core rev: 07ca8a0131f43e9cc2f720e1cdbcb7ba7c074886)
(From OE-Core rev: 30b33f5ad1d7a7c55620598427009bd27cfb3d42)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixed up to apply again 5.22.0
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LICENSE md5sum changed do to rewording some text not released to the license.
see https://github.com/eggert/tz/commit/8c143a2b65fdfd43a7911be6fdb700c9c4553f58
Changes to future time stamps
Turkey switched from EET/EEST (+02/+03) to permanent +03,
effective 2016-09-07. (Thanks to Burak AYDIN.) Use "+03" rather
than an invented abbreviation for the new time.
New leap second 2016-12-31 23:59:60 UTC as per IERS Bulletin C 52.
(Thanks to Tim Parenti.)
Changes to past time stamps
For America/Los_Angeles, spring-forward transition times have been
corrected from 02:00 to 02:01 in 1948, and from 02:00 to 01:00 in
1950-1966.
For zones using Soviet time on 1919-07-01, transitions to UT-based
time were at 00:00 UT, not at 02:00 local time. The affected
zones are Europe/Kirov, Europe/Moscow, Europe/Samara, and
Europe/Ulyanovsk. (Thanks to Alexander Belopolsky.)
Changes to past and future time zone abbreviations
The Factory zone now uses the time zone abbreviation -00 instead
of a long English-language string, as -00 is now the normal way to
represent an undefined time zone.
Several zones in Antarctica and the former Soviet Union, along
with zones intended for ships at sea that cannot use POSIX TZ
strings, now use numeric time zone abbreviations instead of
invented or obsolete alphanumeric abbreviations. The affected
zones are Antarctica/Casey, Antarctica/Davis,
Antarctica/DumontDUrville, Antarctica/Mawson, Antarctica/Rothera,
Antarctica/Syowa, Antarctica/Troll, Antarctica/Vostok,
Asia/Anadyr, Asia/Ashgabat, Asia/Baku, Asia/Bishkek, Asia/Chita,
Asia/Dushanbe, Asia/Irkutsk, Asia/Kamchatka, Asia/Khandyga,
Asia/Krasnoyarsk, Asia/Magadan, Asia/Omsk, Asia/Sakhalin,
Asia/Samarkand, Asia/Srednekolymsk, Asia/Tashkent, Asia/Tbilisi,
Asia/Ust-Nera, Asia/Vladivostok, Asia/Yakutsk, Asia/Yekaterinburg,
Asia/Yerevan, Etc/GMT-14, Etc/GMT-13, Etc/GMT-12, Etc/GMT-11,
Etc/GMT-10, Etc/GMT-9, Etc/GMT-8, Etc/GMT-7, Etc/GMT-6, Etc/GMT-5,
Etc/GMT-4, Etc/GMT-3, Etc/GMT-2, Etc/GMT-1, Etc/GMT+1, Etc/GMT+2,
Etc/GMT+3, Etc/GMT+4, Etc/GMT+5, Etc/GMT+6, Etc/GMT+7, Etc/GMT+8,
Etc/GMT+9, Etc/GMT+10, Etc/GMT+11, Etc/GMT+12, Europe/Kaliningrad,
Europe/Minsk, Europe/Samara, Europe/Volgograd, and
Indian/Kerguelen. For Europe/Moscow the invented abbreviation MSM
was replaced by +05, whereas MSK and MSD were kept as they are not
our invention and are widely used.
Changes to zone names
Rename Asia/Rangoon to Asia/Yangon, with a backward compatibility link.
(Thanks to David Massoud.)
(From OE-Core rev: d1341aeda6d9fa5d7f13afabadae60a6fc295b87)
(From OE-Core rev: 4662af3256d6f373e2071047b8a845361188e878)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LICENSE file checksum changed do to a verbage change.
Changes to code
zic no longer generates binary files containing POSIX TZ-like
strings that disagree with the local time type after the last
explicit transition in the data. This fixes a bug with
Africa/Casablanca and Africa/El_Aaiun in some year-2037 time
stamps on the reference platform. (Thanks to Alexander Belopolsky
for reporting the bug and suggesting a way forward.)
If the installed localtime and/or posixrules files are symbolic
links, zic now keeps them symbolic links when updating them, for
compatibility with platforms like OpenSUSE where other programs
configure these files as symlinks.
zic now avoids hard linking to symbolic links, avoids some
unnecessary mkdir and stat system calls, and uses shorter file
names internally.
zdump has a new -i option to generate transitions in a
more-compact but still human-readable format. This option is
experimental, and the output format may change in future versions.
(Thanks to Jon Skeet for suggesting that an option was needed,
and thanks to Tim Parenti and Chris Rovick for further comments.)
Changes to build procedure
An experimental distribution format is available, in addition
to the traditional format which will continue to be distributed.
The new format is a tarball tzdb-VERSION.tar.lz with signature
file tzdb-VERSION.tar.lz.asc. It unpacks to a top-level directory
tzdb-VERSION containing the code and data of the traditional
two-tarball format, along with extra data that may be useful.
(Thanks to Antonio Diaz Diaz, Oscar van Vlijmen, and many others
for comments about the experimental format.)
The release version number is now more accurate in the usual case
where releases are built from a Git repository. For example, if
23 commits and some working-file changes have been made since
release 2016g, the version number is now something like
'2016g-23-g50556e3-dirty' instead of the misleading '2016g'.
Official releases uses the same version number format as before,
e.g., '2016g'. To support the more-accurate version number, its
specification has moved from a line in the Makefile to a new
source file 'version'.
The experimental distribution contains a file to2050.tzs that
contains what should be the output of 'zdump -i -c 2050' on
primary zones. If this file is available, 'make check' now checks
that zdump generates this output.
'make check_web' now works on Fedora-like distributions.
Changes to documentation and commentary
tzfile.5 now documents the new restriction on POSIX TZ-like
strings that is now implemented by zic.
Comments now cite URLs for some 1917-1921 Russian DST decrees.
(Thanks to Alexander Belopolsky.)
tz-link.htm mentions JuliaTime (thanks to Curtis Vogt) and Time4J
(thanks to Meno Hochschild) and ThreeTen-Extra, and its
description of Java 8 has been brought up to date (thanks to
Stephen Colebourne). Its description of local time on Mars has
been updated to match current practice, and URLs have been updated
and some obsolete ones removed.
(From OE-Core rev: 19c365b23c3b835dcb5595aba598f35bf16a6d81)
(From OE-Core rev: f5213870101ab57eb6303290c57935aed40cd9c4)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
changes done in data
(From OE-Core rev: 29377fa91a5f679909d582317c2b53d1f2e5da88)
(From OE-Core rev: 319df4f24b3eca45f068514826e08ab0aeed4f93)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes affecting future time stamps
The Egyptian government changed its mind on short notice, and
Africa/Cairo will not introduce DST starting 2016-07-07 after all.
(Thanks to Mina Samuel.)
Asia/Novosibirsk switches from +06 to +07 on 2016-07-24 at 02:00.
(Thanks to Stepan Golosunov.)
Changes to past and future time stamps
Asia/Novokuznetsk and Asia/Novosibirsk now use numeric time zone
abbreviations instead of invented ones.
Changes affecting past time stamps
Europe/Minsk's 1992-03-29 spring-forward transition was at 02:00 not 00:00.
(Thanks to Stepan Golosunov.)
(From OE-Core rev: dc80bf9b092a76f758d01474619cd9db46a1070d)
(From OE-Core rev: c1191c22fe9d92262645da17f741014a4465a0eb)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: 7277061de39cdcdc2d1db15cefd9040a54527cd6)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: d6e1a56f4e764832ac84b842fa2696b56d850ee9)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: df7e4fdba42e9fcb799e812f6706bd56967858d9)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: 963c69e1e8e9cefccccb59619cb07ee31f07ffa1)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: bf3918d613b6b2a9707af1eb3c253d23f84d09a3)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: c3d4cc8e452b29d4ca620b5c93d22a88c5aa1f03)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssl < 1.0.1i
(From OE-Core rev: ed8bed3bf2d2460ff93bdaa255091e0d388a8209)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It mis-matched "SanDisk" or "Disk Flags" before, which caused unexpected
error.
(From OE-Core rev: 346b6ef31253789d7d6664a19297b6deec9d27a0)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit a68ac76c1b6ed4c1a2fbc944c5021c89fd26217f)
[YOCTO #10333]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects util-linux < 2.28.2
(From OE-Core rev: c9c85df86cd2270b144fa824ef76adedd3636c8a)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.7.0-rc0
(From OE-Core rev: 2f3f09dfbff21fb74e50e4e3ce90c252d32ebf61)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.6.0
(From OE-Core rev: 6d7c10eae8b23a71eee6d59baab42d98d8fb7ff8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.6.0
(From OE-Core rev: 5729eb105ff69cae0eac7a596cb0e938f6159526)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.6.0
(From OE-Core rev: 628b9bfc91a6f73a5dfff7ade1819ea6a2db7cf0)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects qemu < 2.6.0
(From OE-Core rev: 6f25d966c41df5315d253859d9ebf231963bf671)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects Qemu < 2.6.0
(From OE-Core rev: 8ce0ce8a229f8cb2b854e3b9619a9ad75d9b6fe4)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects wget < 1.18.0
(From OE-Core rev: 15b6586ae64f745777ba5c42f4cf055aeeed83d8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
openssh < 7.2p2
(From OE-Core rev: c71cbdd557476b7669c28b44f56e21ce0d0c53dc)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
openssh < 7.3
(From OE-Core rev: 3fdad451afcc16b1fa94024310b4d26333ca7de9)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
affects openssh < 7.3
(From OE-Core rev: 7d07de3841c0a736262088c95a938deff194d9e2)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
git versions < 2.5.5 & 2.7.4
(From OE-Core rev: 64ff6226d0c927c05fc42fd9ca8b31bac129b16d)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 91e05c25eb221ff1dc2bde5cfaa0bea88345b1e4)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323
http://bugzilla.maptools.org/show_bug.cgi?id=2559
Patch from:
https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31
(From OE-Core rev: 4e2f4484d6e1418c34f65de954809d06df41cc38)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 4ad1220e0a7f9ca9096860f4f9ae7017b36e29e4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command
External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321
http://bugzilla.maptools.org/show_bug.cgi?id=2558
Patch from:
https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0
(From OE-Core rev: 35a7cb62be554e28f64b7583d46d693ea184491f)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 4a167cfb6ad79bbe2a2ff7f7b43c4a162ca42a4d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2016-3186 libtiff: buffer overflow in the readextension function in
gif2tiff.c allows remote attackers to cause a denial of service via a
crafted GIF file
External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186
https://bugzilla.redhat.com/show_bug.cgi?id=1319503
Patch from:
https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff
(From OE-Core rev: b4471e7264538b3577808fae5e78f42c0d31e195)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 3d818fc862b1d85252443fefa2222262542a10ae)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix workspace overflow for (*ACCEPT) with deeply nested parentheses.
The patch is from libpcre version control at
http://vcs.pcre.org/pcre?view=revision&revision=1631 with the ChangeLog
part removed. Original author is Philip Hazel.
(From OE-Core rev: 249cc163e7a16f307e8b94a7b449cd3e93cc6b15)
Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 386534f968f4da376ba7778b5d436bad4ce8355b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
affects openssl <= 1.0.2h
CVSS v2 Base Score: 2.1 LOW
(From OE-Core rev: 82fe0e8c98244794531f0e24ceb93953fe68dda5)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 5b3df0c5e8885ea34f66b41fcf209a9960fbbf5e)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Affects openssl <= 1.0.2h
CVSS v2 Base Score: 7.5 HIGH
(From OE-Core rev: 5781eb9a6e6bf8984b090a488d2a326bf9fafcf8)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 2848c7d3e454cbc84cba9183f23ccdf3e9200ec9)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply a patch taken from Gentoo to hopefully fix the remaining parallel make
races.
(From OE-Core rev: 7ab2f49107cf491d602880205a3ea1222cb5e616)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 3d806d59a4c5e8ff35c7e7c5a3a6ef85e2b4b259)
Minor fixup to get patch to apply to jethro
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Affected versions: libcurl 7.32.0 to and including 7.50.0
(From OE-Core rev: f6999fa952c7db980cfc97f6e5a971e4f34cc0a3)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Affected versions: libcurl 7.1 to and including 7.50.0
(From OE-Core rev: 6b732a392289a7bb50b0e3716c066c62fa32a14d)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Affected versions: libcurl 7.1 to and including 7.50.0
(From OE-Core rev: d1d6c93b491056b18b528216303047e353956e34)
Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With tar version 1.29, the tar call used to copy the ptest files will
not work anymore. While the call did not match the man page (but worked)
before, anyway, the latest update of tar seems to have a more strict argument
handling.
With the current version of the tar call, the copying of files still
works with latest tar version, but the excludes will not be handled
properly anymore.
This results in having binaries compiled with host GCC in the package.
When doing the strip_and_split files in do_package() with the target
objcopy, bitbake will fail with this error:
ERROR: objcopy failed with exit code 256 (cmd was [...])
[...]
File format not recognized
Thus, the current argument issues and required changes are:
* Options must be placed _before_ the pathnames.
* --exclude must be followd by a '=' in order to work properly
* 'f' options is for providing an archive file, which is unnecessary in
this case
Note that this could also be a candidate for backporting.
(From OE-Core master rev: 2e498879098f7d84610aed7961d92433083d9a02)
(From OE-Core rev: a27b907dd3ad20fc60b7732c19012793aaaba2df)
Signed-off-by: Enrico Jorns <ejo@pengutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We're setting the native header paths in do_configure_prepend,
and don't need to set them again here.
This results in gcc-target not being able to locate the headers
and not being able to detect glibc version, which in turn
results in SSP support not getting detected even though it's available
in libc.
(From OE-Core master rev: 85630aa894278e7818c867179dc19ca2fbd994fc)
(From OE-Core rev: f28840de3912c805acde8d11188f0c48617678ab)
Signed-off-by: Anuj Mittal <anujx.mittal@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
