Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=dizzy 2018-01-17T22:33:30+00:00 2018-01-17T22:33:30+00:00 Scott Rifenbark srifenbark@gmail.com 2018-01-16T23:50:00+00:00 urn:sha1:58863ad092c9a279e305c841dbb4353de2ecfae8 Someone hacked the http://hambedded site or it was moved and some links to that site in the BB manual had been hijacked to point to an entry portal for a pornography site. Replaced the link with an archived version that restores the integrity of the links. (Bitbake rev: daa0aa05a04d8d20473a05b5b5878610e40ef820) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-07-11T22:10:10+00:00 Leonardo Sandoval leonardo.sandoval.gonzalez@linux.intel.com 2015-08-03T15:01:04+00:00 urn:sha1:fb8bf6a75e9ac04d5c6213d3e2f097302f83405f The base-files recipe installs /mnt/mtab (it is a softlink of /proc/mounts), so if an image includes the latter, there is no new to created it again inside the install-efi.sh script, otherwise an error may occur as indicated on the bug's site. [YOCTO #7971] (From OE-Core rev: 1679c3d7bfa1cff4e126e2ed3dff50bdd7c2eeab) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-03-21T15:48:47+00:00 Armin Kuster akuster@mvista.com 2016-02-28T18:53:35+00:00 urn:sha1:c282df8993828bd7b1d50cfcf637a477eaf481a1 it was found that out-of-range time values passed to the strftime function may cause it to crash, leading to a denial of service, or potentially disclosure information. (From OE-Core rev: b9bc001ee834e4f8f756a2eaf2671aac3324b0ee) (From OE-Core rev: c50e30cb078ca0ad6f76241f0b0a5557cc17e3c0) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-03-21T15:48:47+00:00 Armin Kuster akuster@mvista.com 2016-02-28T18:53:34+00:00 urn:sha1:204ad23574e0958af110c180858198c502292566 A stack overflow vulnerability was found in nan* functions that could cause applications which process long strings with the nan function to crash or, potentially, execute arbitrary code. (From OE-Core rev: fd3da8178c8c06b549dbc19ecec40e98ab934d49) (From OE-Core rev: 1916b4c34ee9d752c12b8311cb9fd41e09b82900) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-03-21T15:48:47+00:00 Armin Kuster akuster@mvista.com 2016-02-28T18:53:33+00:00 urn:sha1:14a42e27195a100ca5edc551007a6a120b10c398 A stack overflow vulnerability in the catopen function was found, causing applications which pass long strings to the catopen function to crash or, potentially execute arbitrary code. (From OE-Core rev: af20e323932caba8883c91dac610e1ba2b3d4ab5) (From OE-Core rev: 01e9f306e0af4ea2d9fe611c1592b0f19d83f487) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-03-21T15:48:47+00:00 Armin Kuster akuster@mvista.com 2016-02-28T18:53:32+00:00 urn:sha1:dae5ee4e5e41b9bbfb2d0f22521247efa5cadeb0 The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. (From OE-Core rev: 22570ba08d7c6157aec58764c73b1134405b0252) (From OE-Core rev: bb6ce1334bfb3711428b4b82bca4c0d5339ee2f8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-03-03T10:38:50+00:00 Koen Kooi koen@dominion.thruhere.net 2016-02-26T11:01:28+00:00 urn:sha1:bebaaf1d21f17014bc3671e6496dbb202a048259 CVE-2015-7547: getaddrinfo() stack-based buffer overflow (From OE-Core rev: b30a7375f09158575d63367600190a5e3a00b9fc) Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-30T12:03:15+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-21T11:35:20+00:00 urn:sha1:aefcb6b1151f0961f722fdbf73c60c123e875040 Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. [YOCTO #8838] References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 (From OE-Core rev: c9c42b0ec2c7b9b3e613f68db06230ebc6e2711c) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-30T12:03:15+00:00 Belal, Awais Awais_Belal@mentor.com 2015-12-31T13:38:43+00:00 urn:sha1:79e4cc8954482d66a633f10092aee8dda0b7da8e http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2 (From OE-Core rev: 76ef966b1f47663f570e87aeb21bc98147b0eca2) Signed-off-by: Awais Belal <awais_belal@mentor.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-30T12:03:15+00:00 Armin Kuster akuster808@gmail.com 2015-12-17T04:32:06+00:00 urn:sha1:faf6ada4f27a280e60ba72096f54cc5d2351fa16 References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html http://openwall.com/lists/oss-security/2015/02/04/1 Reference to upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit; h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 (From OE-Core rev: 5aa90eef9b503ba0ffb138e146add6f430dea917) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com> Hand applied. Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>