Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=dizzy 2016-01-30T12:03:15+00:00 2016-01-30T12:03:15+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-21T11:35:20+00:00 urn:sha1:aefcb6b1151f0961f722fdbf73c60c123e875040 Fixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. [YOCTO #8838] References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 (From OE-Core rev: c9c42b0ec2c7b9b3e613f68db06230ebc6e2711c) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-30T12:03:14+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-12-15T10:07:48+00:00 urn:sha1:1930286e3fa4a144dae963fb531e7caa1311c225 Fixes following vulnerabilities: Certificate verify crash with missing PSS parameter (CVE-2015-3194) X509_ATTRIBUTE memory leak (CVE-2015-3195) References: https://openssl.org/news/secadv/20151203.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 Upstream patches: CVE-2015-3194: https://git.openssl.org/?p=openssl.git;a=commit;h= d8541d7e9e63bf5f343af24644046c8d96498c17 CVE-2015-3195: https://git.openssl.org/?p=openssl.git;a=commit;h= b29ffa392e839d05171206523e84909146f7a77c (From OE-Core rev: 09c3a0f01572a6a65e9f87ce16817ee7de3296f1) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-01-30T12:03:13+00:00 Armin Kuster akuster@mvista.com 2015-09-09T00:22:26+00:00 urn:sha1:73a04a266cb2bfc2bd5c7ed0155bf4204baf9072 three security fixes. CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable (From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f) (From OE-Core rev: ddfe191355a042e6995f7b4b725b108c5bb4d36e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Conflicts: meta/recipes-connectivity/openssh/openssh_6.6p1.bb Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-09-19T10:53:16+00:00 Armin Kuster akuster@mvista.com 2015-09-12T22:17:26+00:00 urn:sha1:85f6cf736b5ecf3af6d1596b782dae81b9ac1f11 three security fixes. (From OE-Core rev: d3af844b05e566c2188fc3145e66a9826fed0ec8) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-09-01T20:37:30+00:00 Martin Jansa martin.jansa@gmail.com 2015-07-14T12:36:45+00:00 urn:sha1:a4162fa9face9641069e7e6ad5d888a99fea5fbe * add leading space so that it works even with some .bbappend adding additional files to SRC_URI without trailing space (From OE-Core rev: 0f282f1d4946ac6e81959c66172c115405632a26) (From OE-Core rev: 55b183aa476754b050779d36dfbb03eb936443ad) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-09-01T20:37:29+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-07-30T11:48:55+00:00 urn:sha1:b64eae5767dbea2d7d85a0a281e1a25efe91d157 Fixed a flaw in the way BIND handled requests for TKEY DNS resource records. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5477 https://kb.isc.org/article/AA-01272 (From OE-Core rev: 18a01db3f2430095a4e6966aed5afd738dbc112e) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-07-20T19:54:33+00:00 Roy Li rongqing.li@windriver.com 2015-05-26T09:21:03+00:00 urn:sha1:22690105daebcc0b2ac580479522815cb6265124 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3310 Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial of service (crash) via a start accounting message to the RADIUS server. oe-core is using ppp 2.4.7, and this CVE say ppp 2.4.7 was not effected, but I found this buggy codes are same between 2.4.6 and 2.4.7, and 2.4.7 should have this issue. (From OE-Core rev: 5b549c6d73e91fdbd0b618a752d618deb1449ef9) (From OE-Core rev: d2f15f2ec2d9e8ecdb9aa69a413663f3615d7e0c) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-07-20T19:54:30+00:00 Cristian Iorga cristian.iorga@intel.com 2015-03-18T15:38:39+00:00 urn:sha1:d0315a6cdf1142147a27c7f0be8ad77452d22c4a The neard make scripts will place the daemon executable in /usr/lib/neard/nfc/neard. Change the path accordingly in init scripts. Fixes [YOCTO #7390]. (From OE-Core rev: bd277f3a46e7fc764cc55c5354d2136fcfddc3c1) (From OE-Core rev: d86fd6190b9ffd5012f229f319520615176c27ee) Signed-off-by: Cristian Iorga <cristian.iorga@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-07-15T14:25:43+00:00 Tudor Florea tudor.florea@enea.com 2015-07-09T23:01:09+00:00 urn:sha1:5f0d25152bac2d3798663a4ebfdd2df24060f153 This upgrade fixes CVE-2015-1793 Removed openssl-fix-link.patch. The linking issue has been fixed in openssl. (From OE-Core rev: 208d1d72b0d248b12f800e566cb011aec9a1a084) Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-04-15T14:56:06+00:00 Brendan Le Foll brendan.le.foll@intel.com 2015-04-14T18:53:48+00:00 urn:sha1:96852794bc08e21eba590fbd0d84f0e5ba39b4eb x32 builds where broken due to patch rebase not having been done correctly for this patch (From OE-Core rev: 8e46230fe94c44ab81a0ca9cb8b2c9f7b605e226) Signed-off-by: Brendan Le Foll <brendan.le.foll@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>