Commmon distro layer for Enea Linux https://git.enea.com/cgit/linux/meta-el-common.git/atom?h=kirkstone 2022-08-02T07:44:43+00:00 2022-08-02T07:44:43+00:00 Bogdan Oprescu bogdan.oprescu@enea.com 2022-06-17T15:44:46+00:00 urn:sha1:ce0397ba44158ff139c3d1bb98a81c29ff07aa99 Change-Id: Iaf8381bd4e43bdbcae44325627ed99ebec3f6a34 Signed-off-by: Bogdan Oprescu <bogdan.oprescu@enea.com> 2019-08-09T11:21:57+00:00 Adrian Mangeac Adrian.Mangeac@enea.com 2019-08-09T11:21:57+00:00 urn:sha1:89fcde81a924774214389e3e9e96eddc4af34339 The following patches were fixed in upstream: CVE-2018-1060 CVE-2018-1061 Change-Id: I063270d94aa1214ded8c51842cfada3410bbe70c Signed-off-by: Adrian Mangeac <Adrian.Mangeac@enea.com> 2018-09-14T08:12:35+00:00 Sona Sarmadi sona.sarmadi@enea.com 2018-09-14T07:39:57+00:00 urn:sha1:205f0cd0ded4b0c7b39202eac7b9d6c2470626b6 References: https://bugs.python.org/issue32981 https://nvd.nist.gov/vuln/detail/CVE-2018-1060 https://nvd.nist.gov/vuln/detail/CVE-2018-1061 Patch is taken from https://github.com/python/cpython/tree/2.7 Change-Id: I3c561499076480c344fe7d34d2edea84615ac9fa Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> 2018-03-01T09:38:09+00:00 Martin Borg martin.borg@enea.com 2018-03-01T09:34:33+00:00 urn:sha1:2c0b43b3032f9a55edd395ae37f45fffce44fa9d The CVEs have been fixed in upstream poky/rocko. Signed-off-by: Martin Borg <martin.borg@enea.com> 2018-02-28T08:33:50+00:00 Martin Borg martin.borg@enea.com 2018-02-28T08:33:50+00:00 urn:sha1:495b231e8e0da5046b6b1803d372fe33d0b14be9 Signed-off-by: Martin Borg <martin.borg@enea.com> 2017-12-14T14:31:54+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-12-14T12:17:04+00:00 urn:sha1:ef74e9d6103be37e4f4a43fb4c8b948789346b7c Directory Traversal Vulnerability References: https://nvd.nist.gov/vuln/detail/CVE-2017-8283 http://www.securityfocus.com/bid/98064/info Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-12-06T10:43:12+00:00 Gabriel Ionescu gabriel.ionescu@enea.com 2017-12-05T14:08:13+00:00 urn:sha1:6fe6de08fe746ae3df54eb3bb6eee35e95914b6d This patch removes the call to update-rc.d in order to fix the console login issue for the Cavium board. Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-11-22T10:46:21+00:00 Gabriel Ionescu gabriel.ionescu@enea.com 2017-11-20T18:03:25+00:00 urn:sha1:2c80876ac2a42928167ed5567dc803179485c815 When a board boots for the first time, it executes run-postinsts.service and dpkg-configure.service. Since both services run dpkg --configure, it sometimes results in locking up the login service. This patch disables the execution of dpkg --configure from run-postinsts by removing the deb keyword from the list of scanned packet types. Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-09-18T11:54:31+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-09-14T06:16:06+00:00 urn:sha1:4c6acb2de2b9612dfae273e63348c40921ebf235 Fixes integer overflow in in handling virtio-crypto requests Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5931 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Martin Borg <martin.borg@enea.com> 2017-08-29T11:32:58+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-08-29T08:29:30+00:00 urn:sha1:7da6ebdca2d6b30dd6240db73b0c7605c310a4f1 Qemu built with the Audio subsystem support is vulnerable to a host memory leakage issue. It could occur if a guest user was to repeatedly start and stop audio capture. A privileged user inside guest could use this flaw to exhaust host memory, resulting in DoS. Reference: ========== https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-8309 Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg05587.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>