Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=thud 2019-10-05T16:01:00+00:00 2019-10-05T16:01:00+00:00 Peiran Hong peiran.hong@windriver.com 2019-09-16T17:41:59+00:00 urn:sha1:446bd615fd7cb9bc7a159fe5c2019ed08d1a7a93 Backport selected parts of three upstream commits to fix CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read. Upstream-Status: Backport [ several ] Upstream commits fully backported: 46aead6 [CVE-2017-16808/AoE: Add a missing bounds check] Upstream commits partially backported: 7068209 [Use nd_ types in 802.x and FDDI headers.] 84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)] 46aead6 fixes the vulnerability and requires two macros defined in 7068209 and 84ef17a, which are committed after the release of 4.9.2. Only the definition of the macros are taken from the two commits as they impact a wide range of code and are difficult to integrate. CVE: CVE-2017-16808 Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-09-04T20:14:32+00:00 Armin Kuster akuster808@gmail.com 2019-09-04T19:59:03+00:00 urn:sha1:91007812fa3da07bfde8215ffa74bd3640d9d596 Source: wireshark.org MR: 99742, 99743, 99744, 99745, 99746 99747, 99742, 99748, 99062 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: d9a2014ea6271a58633cea8899b63257b8b03cd3 Description: Bug fix update only updates. 2.8.10: wnpa-sec-2019-20 ASN.1 BER and related dissectors crash. Bug 15870. CVE-2019-13619. 2.8.9: wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778. CVE-2019-12295 2.6.8: wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895. wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899. wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894. wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896. wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901. wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903. Signed-off-by: Armin Kuster <akuster@mvista.com> 2019-05-25T19:18:49+00:00 Andrej Valek andrej.valek@siemens.com 2019-04-24T10:40:00+00:00 urn:sha1:db8be0454b6235ddda208d813520028f8224b691 License has been changed due to reformatting, no new stuff added. Bug fix only update include security fixes: CVE-2019-8936 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> 2019-03-25T01:44:58+00:00 Adrian Bunk bunk@stusta.de 2019-02-04T15:02:03+00:00 urn:sha1:fafc38e4900b3131bc9a6ca538697b1c92925872 ntpq is the standard query program for ntp, but ntp-utils depends on perl. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-02-05T05:53:15+00:00 Armin Kuster akuster808@gmail.com 2019-01-12T21:32:43+00:00 urn:sha1:99eafb535da88a4de61cc75f581c9f805505186c includes: wnpa-sec-2019-01 The 6LoWPAN dissector could crash. Bug 15217. CVE-2019-5716. wnpa-sec-2019-02 The P_MUL dissector could crash. Bug 15337. CVE-2019-5717. wnpa-sec-2019-03 The RTSE dissector and other dissectors could crash. Bug 15373. CVE-2019-5718. wnpa-sec-2019-04 The ISAKMP dissector could crash. Bug 15374. CVE-2019-5719. For more info see: https://www.wireshark.org/docs/relnotes/wireshark-2.6.6.html Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-02-05T05:02:45+00:00 Hong Liu hongl.fnst@cn.fujitsu.com 2018-12-05T01:22:05+00:00 urn:sha1:d7306703f66bb87da37a0d201d4d451dfa84e371 1.Upgrade wireshark from 2.6.4 to 2.6.5. Signed-off-by: Hong Liu <hongl.fnst@cn.fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-12-22T16:14:11+00:00 Changqing Li changqing.li@windriver.com 2018-12-19T14:41:13+00:00 urn:sha1:6094ae18c8a35e5cc9998ac39869390d7f3bb1e2 previous database on maxmind website will be removed from January 2, 2019. and also we met checksum weekly change problem, so update the SRC_URI to http://sources.openembedded.org/ Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-12-22T16:14:11+00:00 Changqing Li changqing.li@windriver.com 2018-12-19T14:41:12+00:00 urn:sha1:1aefa512944505d78c008c31147e2ac54c53416f Geolite database checksum changed today, so update it to the lastest one. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-12-22T16:14:10+00:00 Changqing Li changqing.li@windriver.com 2018-12-19T14:41:11+00:00 urn:sha1:c6d1bbc06ad6a96481c76afcc31dd69a6740ac4d previous change of checksum don't trigger archive to re-downloaded, , which will cause checksum mismatch. add downloadfilename to trigger re-download. 1. for user with PREMIRROR, another benefit is it can still compile success event upstream checksum change frequently. 2. but for user don't use PREMIRROR, if upstream checksum changed, still might have checksum mismatch problem. Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2018-11-15T21:18:52+00:00 douglas.royds douglas.royds@taitradio.com 2018-11-13T05:08:35+00:00 urn:sha1:5385184a2bebac98da6b3718f232e9544b5b0b12 At configure time, the ntp build goes looking on the build machine for a posix shell, using `which` to find it. Under OE, it settles on hosttools/bash, resulting in this build host path being written into several binaries. This did not affect the Debian reproducibility project, presumably because it consistently found bash at /bin/bash. Don't go looking, just use a fixed path to /bin/sh instead. Upstream-Status: Submitted http://bugs.ntp.org/show_bug.cgi?id=3551 Signed-off-by: Douglas Royds <douglas.royds@taitradio.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>