Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=thud-next 2019-10-05T16:01:00+00:00 2019-10-05T16:01:00+00:00 Peiran Hong peiran.hong@windriver.com 2019-09-16T17:41:59+00:00 urn:sha1:446bd615fd7cb9bc7a159fe5c2019ed08d1a7a93 Backport selected parts of three upstream commits to fix CVE-2017-16808 where tcpdump 4.9.2 has a heap-based buffer over-read. Upstream-Status: Backport [ several ] Upstream commits fully backported: 46aead6 [CVE-2017-16808/AoE: Add a missing bounds check] Upstream commits partially backported: 7068209 [Use nd_ types in 802.x and FDDI headers.] 84ef17a [Replace ND_TTEST2()/ND_TCHECK2() macros by macros using pointers (1/n)] 46aead6 fixes the vulnerability and requires two macros defined in 7068209 and 84ef17a, which are committed after the release of 4.9.2. Only the definition of the macros are taken from the two commits as they impact a wide range of code and are difficult to integrate. CVE: CVE-2017-16808 Signed-off-by: Peiran Hong <peiran.hong@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-09-04T20:14:32+00:00 Armin Kuster akuster808@gmail.com 2019-09-04T19:59:03+00:00 urn:sha1:91007812fa3da07bfde8215ffa74bd3640d9d596 Source: wireshark.org MR: 99742, 99743, 99744, 99745, 99746 99747, 99742, 99748, 99062 Type: Security Fix Disposition: Backport from wireshark.org ChangeID: d9a2014ea6271a58633cea8899b63257b8b03cd3 Description: Bug fix update only updates. 2.8.10: wnpa-sec-2019-20 ASN.1 BER and related dissectors crash. Bug 15870. CVE-2019-13619. 2.8.9: wnpa-sec-2019-19 Wireshark dissection engine crash. Bug 15778. CVE-2019-12295 2.6.8: wnpa-sec-2019-09 NetScaler file parser crash. Bug 15497. CVE-2019-10895. wnpa-sec-2019-10 SRVLOC dissector crash. Bug 15546. CVE-2019-10899. wnpa-sec-2019-14 GSS-API dissector crash. Bug 15613. CVE-2019-10894. wnpa-sec-2019-15 DOF dissector crash. Bug 15617. CVE-2019-10896. wnpa-sec-2019-17 LDSS dissector crash. Bug 15620. CVE-2019-10901. wnpa-sec-2019-18 DCERPC SPOOLSS dissector crash. Bug 15568. CVE-2019-10903. Signed-off-by: Armin Kuster <akuster@mvista.com> 2019-05-28T05:22:25+00:00 Qi.Chen@windriver.com Qi.Chen@windriver.com 2019-05-07T02:54:35+00:00 urn:sha1:9b3b907f30b0d5b92d58c7e68289184fda733d3e Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-05-28T05:22:25+00:00 Yi Zhao yi.zhao@windriver.com 2019-04-15T06:58:34+00:00 urn:sha1:b63137da3fce51c412f20bc2ea6f333b0ef4ab34 Fix CVE-2019-7282, CVE-2019-7283 References: https://nvd.nist.gov/vuln/detail/CVE-2019-7282 https://nvd.nist.gov/vuln/detail/CVE-2019-7283 Patch from: https://sources.debian.org/src/netkit-rsh/0.17-20/debian/patches/fix-CVE-2018-20685-and-CVE-2019-6111.patch Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-05-28T05:22:17+00:00 Tom Rini trini@konsulko.com 2019-03-12T19:26:46+00:00 urn:sha1:8e1252625315dd21077d401affe7988b766e0f46 Uses iruserok and ruserok which are GNU extensions available in glibc but not in musl Cc: Khem Raj <raj.khem@gmail.com> Signed-off-by: Tom Rini <trini@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-05-25T19:18:49+00:00 Andrej Valek andrej.valek@siemens.com 2019-04-24T10:40:00+00:00 urn:sha1:db8be0454b6235ddda208d813520028f8224b691 License has been changed due to reformatting, no new stuff added. Bug fix only update include security fixes: CVE-2019-8936 Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Armin Kuster <akuster@mvista.com> 2019-03-25T01:44:58+00:00 Adrian Bunk bunk@stusta.de 2019-02-04T15:02:03+00:00 urn:sha1:fafc38e4900b3131bc9a6ca538697b1c92925872 ntpq is the standard query program for ntp, but ntp-utils depends on perl. Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-03-25T01:44:58+00:00 Adrian Bunk bunk@stusta.de 2019-02-04T15:02:04+00:00 urn:sha1:8b95f6ad33e4ca2eeba9e20cc8acb0921b1e2a79 Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-03-25T01:44:58+00:00 André Draszik andre.draszik@jci.com 2019-03-07T21:11:12+00:00 urn:sha1:af237f985f9cdf5c83390ec7a6be00031852c241 Convert all other instances of explicit PACKAGECONFIG uses to the PACKAGECONFIG_CONFARGS infrastructure. Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Damien Riegel <damien.riegel@gmail.com> [Damien Riegel: backport from master] Signed-off-by: Armin Kuster <akuster808@gmail.com> 2019-03-25T01:44:58+00:00 André Draszik andre.draszik@jci.com 2019-03-07T21:11:11+00:00 urn:sha1:6cc951d6578db9567a474f7eb577b71ecdbe3ec9 The mosquitto systemd service file instructs systemd to wait for mosquitto to notify systemd that mosquitto has started correctly. This isn't working as mosquitto is not *compiled* with systemd support enabled. As such, systemd restarts mosquitto every few seconds. For reference, this was introduced in commit a483d344d9fb ("mosquitto: Make enabling systemd also enable build dep on systemd") Because we build mosquitto using the provided Makefile infrastructure, the solution is to add PACKAGECONFIG_CONFARGS to EXTRA_OEMAKE, so that the required make flags are added to the make command line. Signed-off-by: André Draszik <andre.draszik@jci.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Damien Riegel <damien.riegel@gmail.com> [Damien Riegel: backport from master] Signed-off-by: Armin Kuster <akuster808@gmail.com>