Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=pyro-next 2018-02-09T05:19:16+00:00 2018-02-09T05:19:16+00:00 Armin Kuster akuster808@gmail.com 2018-02-06T07:18:35+00:00 urn:sha1:9eaebc6e783f1394bb5444326cd05a976b3122e9 Includes: wnpa-sec-2018-01, Multiple dissectors could crash. (Bug 14253) CVE-2018-5336 wnpa-sec-2018-02, The MRDISC dissector could crash. (Bug 14299, Bug 13707) CVE-2017-17997 wnpa-sec-2018-03, The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334 wnpa-sec-2018-04, The WCP dissector could crash. (Bug 14251) CVE-2018-5335 Full release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-02-09T05:19:04+00:00 Armin Kuster akuster@mvista.com 2017-12-19T15:38:46+00:00 urn:sha1:a370c771887107f424c723c0fcb3c246ffe022a4 changed --with-ssh to --with-libssh=DIR includes: wnpa-sec-2017-47 : CVE-2017-17084 The IWARP_MPA dissector could crash. (Bug 14236) wnpa-sec-2017-48 : CVE-2017-17083 The NetBIOS dissector could crash. (Bug 14249) wnpa-sec-2017-49 : CVE-2017-17085 The CIP Safety dissector could crash. (Bug 14250) release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-02-09T05:15:39+00:00 Armin Kuster akuster808@gmail.com 2017-10-11T01:43:09+00:00 urn:sha1:d8ce5a7195f1210912c698a135492df1e073447e The following vulnerabilities have been fixed: * [1]wnpa-sec-2017-42 BT ATT dissector crash ([2]Bug 14049) [3]CVE-2017-15192 * [4]wnpa-sec-2017-43 MBIM dissector crash ([5]Bug 14056) [6]CVE-2017-15193 * [7]wnpa-sec-2017-44 DMP dissector crash ([8]Bug 14068) [9]CVE-2017-15191 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-02-09T05:07:39+00:00 Andre McCurdy armccurdy@gmail.com 2017-10-25T19:11:57+00:00 urn:sha1:fd2d083bc0ae64dd855860057540ed55b08704da Versions 2.16 to 2.69 have now also moved into the archives folder. Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> (cherry picked from commit d338d219dfbcbbdd133c7d4364bc8a1b19835e0b) Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-02-09T05:07:06+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2017-10-03T01:58:03+00:00 urn:sha1:a9c2ab5e7527c2ccdb9fc375a9bf3b1faa57bb57 This update fixes a number of bugs including the following vulnerabilities: CVE-2017-13704 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Further details can be found in the changelog here: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2017-10-28T03:33:55+00:00 Ismo Puustinen ismo.puustinen@intel.com 2017-06-08T09:57:31+00:00 urn:sha1:14ab9699e9b8e596c69bd5c6758f47bff3e8e033 The newly split "libopencv-ts" package is empty (and thus not created), because all ts files are installed in the development package. So, do not add a runtime dependency to libopencv-ts. Signed-off-by: Ismo Puustinen <ismo.puustinen@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2017-10-16T21:43:15+00:00 Philip Balister philip@balister.org 2017-05-11T20:13:15+00:00 urn:sha1:dfbdd28d206a74bf264c2f7ee0f7b3e5af587796 * Needed for PyQt-5.8.2, a recipe I am looking at again. Signed-off-by: Philip Balister <philip@balister.org> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> (cherry picked from commit 229f824568406df354bc857b31989a7777d778bb) Signed-off-by: Armin Kuster <akuster808@gmail.com> 2017-10-16T21:39:31+00:00 Mark Hatle mark.hatle@windriver.com 2017-10-16T16:43:36+00:00 urn:sha1:35076e347be65073a7f9d0598d2e1664aed86fa4 Note, hostapd and wpa_supplicant use the same sources. This commit is based on Ross Burton's change to OpenEmbedded-core. Below is Ross's commit message from OpenEmbedded-Core. WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by: Ross Burton <ross.burton@intel.com> The hunk: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request does not apply to hostapd and was removed from the patch. Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> (cherry picked from commit ed6b5da8740034faf599010c12e3dc77e5490cd4) Signed-off-by: Armin Kuster <akuster808@gmail.com> 2017-09-18T19:06:38+00:00 Armin Kuster akuster808@gmail.com 2017-09-01T13:56:34+00:00 urn:sha1:3552877d24845689e7d4e7919ff7b372da70dd40 Change LIC_FILES_CHKSUM from README.linux to COPYING as COPYING contains the license info 2.2.9 security fixes: wnpa-sec-2017-38 MSDP dissector infinite loop (Bug 13933) CVE-2017-13767 wnpa-sec-2017-39 Profinet I/O buffer overrun (Bug 13847) CVE-2017-13766 wnpa-sec-2017-41 IrCOMM dissector buffer overrun (Bug 13929) CVE-2017-13765 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> (cherry picked from commit c6928f15d93a1546c47116b3244893b9f813e6e1) Signed-off-by: Armin Kuster <akuster808@gmail.com> 2017-09-18T19:03:02+00:00 Kai Kang kai.kang@windriver.com 2017-08-16T09:41:06+00:00 urn:sha1:d8b55931ce3b120515ec9ab0bc91418a5cb00a7b Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com> (cherry picked from commit 3ca10e7d924d94d85783dc7440096a7dab72b978) Bug fix only: Including these security fixes: wnpa-sec-2017-13 WBMXL dissector infinite loop (Bug 13477, Bug 13796) CVE-2017-7702, CVE-2017-11410 Note: This is an update for a fix in Wireshark 2.2.6 and 2.0.12. wnpa-sec-2017-28 openSAFETY dissector memory exhaustion (Bug 13649, Bug 13755) CVE-2017-9350, CVE-2017-11411 Note: This is an update for a fix in Wireshark 2.2.7. wnpa-sec-2017-34 AMQP dissector crash. (Bug 13780) CVE-2017-11408 wnpa-sec-2017-35 MQ dissector crash. (Bug 13792) CVE-2017-11407 wnpa-sec-2017-36 DOCSIS infinite loop. (Bug 13797) CVE-2017-11406 Signed-off-by: Armin Kuster <akuster808@gmail.com>