Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=thud-next 2019-10-05T16:01:00+00:00 2019-10-05T16:01:00+00:00 Peiran Hong peiran.hong@windriver.com 2019-09-16T17:41:59+00:00 urn:sha1:446bd615fd7cb9bc7a159fe5c2019ed08d1a7a93 Backport selected parts of three upstream commits to fix CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read. Upstream-Status: Backport [ several ] Upstream commits fully backported: 46aead6 [CVE-2017-16808/AoE: Add a missing bounds check] Upstream commits partially backported: 7068209 [Use nd_ types in 802.x and FDDI headers.] 84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)] 46aead6 fixes the vulnerability and requires two macros defined in 7068209 and 84ef17a, which are committed after the release of 4.9.2. Only the definition of the macros are taken from the two commits as they impact a wide range of code and are difficult to integrate. CVE: CVE-2017-16808 Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-10-05T16:01:00+00:00 Dan Tran dantran@microsoft.com 2019-09-25T17:12:49+00:00 urn:sha1:eb9b369b2491aabdbda08c3b3c87f36caa0bdd0f Signed-off-by: Dan Tran <dantran@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-10-05T16:00:26+00:00 Denys Dmytriyenko denys@ti.com 2019-09-28T00:56:39+00:00 urn:sha1:436cf0aa2b2802da706588d4daa1a8240d172df8 The old URL now gives 404 Not Found Signed-off-by: Denys Dmytriyenko <denys@ti.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-09-05T00:34:11+00:00 Armin Kuster akuster@mvista.com 2019-09-05T00:34:11+00:00 urn:sha1:2d088d252624b19df384aecc434d23afb636178f Source: postgres.org MR: 99749, 99235, 98775, 99326 Type: Security Fix Disposition: Backport from postgress.org ChangeID: aa72ce0ba009e6544ee0ae57a042aeb99c339d06 Description: LIC_CHK_SUM update do to year updates drop two patches included in update. Bug fix only updates. 10.10 CVE-2019-10211 CVE-2019-10210 CVE-2019-10208 10.9 CVE-2019-10164 10.8 CVE-2019-10130 CVE-2019-10128 10.6 CVE-2019-10127 CVE-2018-16850 Signed-off-by: Armin Kuster <akuster@mvista.com> 2019-09-04T20:14:32+00:00 Armin Kuster akuster808@gmail.com 2019-09-04T19:59:03+00:00 urn:sha1:91007812fa3da07bfde8215ffa74bd3640d9d596 Source: wireshark.org MR: 99742, 99743, 99744, 99745, 99746 99747, 99742, 99748, 99062 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: d9a2014ea6271a58633cea8899b63257b8b03cd3 Description: Bug fix update only updates. 2.8.10: wnpa-sec-2019-20 ASN.1 BER and related dissectors crash. Bug 15870. CVE-2019-13619. 2.8.9: wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778. CVE-2019-12295 2.6.8: wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895. wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899. wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894. wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896. wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901. wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903. Signed-off-by: Armin Kuster <akuster@mvista.com> 2019-09-03T04:34:25+00:00 Maxime Roussin-Bélanger maxime.roussinbelanger@gmail.com 2019-08-26T03:30:16+00:00 urn:sha1:934b8f6dd5f6681daed6490b229b8ba755aacc8e To keep support of meta-clang support on thud branch. It depends on libedit native Signed-off-by: Maxime Roussin-Bélanger <maxime.roussinbelanger@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-09-03T02:54:39+00:00 Armin Kuster akuster808@gmail.com 2019-06-01T01:00:01+00:00 urn:sha1:aaa6eb0bb5da516373aa9e8c1dde8fdf85a54e95 Source: lua.org MR: 97553 Type: Security Fix Disposition: Backport from http://lua.2524044.n2.nabble.com/CVE-2019-6706-use-after-free-in-lua-upvaluejoin-function-tc7685575.html ChangeID: c939b7edcb54274ab0aeebcb7e3dc9f17cc09c2d Description: Affects < 5.3.5 Fixes: CVE-2019-6706 Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-09-03T02:53:53+00:00 Yi Zhao yi.zhao@windriver.com 2019-08-20T08:44:08+00:00 urn:sha1:05360c2a74c62d39818bbbdc4fb7ec18bb6e83ff Security fixes: CVE-2019-10081 CVE-2019-9517 CVE-2019-10098 CVE-2019-10092 CVE-2019-10097 CVE-2019-10082 See: http://www.apache.org/dist/httpd/CHANGES_2.4.41 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-09-03T02:53:53+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2019-04-19T23:56:01+00:00 urn:sha1:6f5862f52561c0874989fa3b232bd258c6fcd0ba A missing space lead to problems if something else was already added to SYSROOT_PREPROCESS_FUNCS. Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-09-03T02:53:53+00:00 Yi Zhao yi.zhao@windriver.com 2019-04-15T03:39:38+00:00 urn:sha1:a42f773baae90558c4a2e9f207579db7edb830a5 * Drop apache2-native recipe. Add native to BBCLASSEXTEND in apache2 recipe. * Refresh patches. Drop CVE-2018-11763.patch and apache-configure_perlbin.patch * Cleanup recipe file. Remove obsolete code. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> [Bug fix only update: Includes CVES: CVE-2018-17189 CVE-2018-17199 CVE-2019-0190 CVE-2019-0220 CVE-2019-0196 CVE-2019-0197 CVE-2019-0215 CVE-2019-0217 CVE-2019-0211 ] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>