Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=python3 2016-05-13T12:41:27+00:00 2016-05-13T12:41:27+00:00 Peter Kjellerstedt peter.kjellerstedt@axis.com 2016-05-12T08:37:51+00:00 urn:sha1:bc217a6f158083763b137d222cfe3ead23cff675 (From OE-Core rev: 2bf5651cbcc91333954d7d5f06bf3b247b372063) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-05-11T09:33:39+00:00 Joshua Lock joshua.g.lock@intel.com 2016-05-04T10:48:43+00:00 urn:sha1:c63c1aaaa6f2f2ad583e8e513308acab18841c83 This upgrade includes several worthwhile fixes, security and otherwise, including a complete fix for CVE-2016-2857. * drop CVE-2016-2857.patch as it's included in this release, along with several related patches which complete the fixes for CVE-2016-2857: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=9bddb45dbc010cd8ee4d48bd501fa5d18dcec00c http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e3a2cdfcb5e282139217924044ec5af00c7f8eed http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fe90bdc25bcf9954ee286cd51de94776a17d04f6 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d0ee85b4e4c6cc2c8fac311d6df2ed412ed0df5f http://git.qemu.org/?p=qemu.git;a=commitdiff;h=80b6e5723fac428ea6c08c821078286f43975df8 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=a375e0b03ee3438924b24a45e61ee189ec9361db * drop CVE-2016-2197.patch as an equivalent fix is included in this release http://git.qemu.org/?p=qemu.git;a=commitdiff;h=aaf4fb6afb4653c86059255811886a5c4ea271f3 * drop CVE-2016-1568.patch as it's included in this release http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f046a6ba1d558eb043dc13a80d40cf7cb62ef95 (From OE-Core rev: 8332cea4baf2bda81fa4d33ccedefaec4313d454) Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-05-06T09:31:14+00:00 Ross Burton ross.burton@intel.com 2016-04-27T08:28:35+00:00 urn:sha1:30ba663e35393eb65b8c179025a40ad645abc6f8 qemu-native was optionally depending on libxext-native if the DISTRO_FEATURES included x11. This dependency was required back when we didn't build libsdl-native and causes an undesirable relationship between DISTRO_FEATURES and qemu-native. As the dependency isn't required anymore, remove it. (From OE-Core rev: f58f364b1ae97805abc5f9eb7b300617f59826b2) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-04-29T06:41:44+00:00 Armin Kuster akuster@mvista.com 2016-04-28T18:23:31+00:00 urn:sha1:90f204043b646be0a6d5001e147735978d156d5c (From OE-Core rev: 48909052e7b19ba108ee7813c1efdbed0c2e06ab) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-04-29T06:41:44+00:00 Armin Kuster akuster@mvista.com 2016-04-28T18:23:30+00:00 urn:sha1:dbdf9bfe206a0260984d5240537e875491aa2429 (From OE-Core rev: d1b972a55c59a3f3336b3ebd309532dc204ea97b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-03-10T23:13:54+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-03-09T22:49:02+00:00 urn:sha1:3331992a27f48f590efb1188f6507378b6e1d352 By default qemu builds a complete list of directories within the user emulation sysroot (-L option). The OE sysroot directory is large and this is confusing, for example it indexes all pkgdata. In particular this confuses strace of qemu binaries with tons of irrelevant paths. This patch stops the code indexing up front and instead only indexes things if/as/when it needs to. This drastically reduces the files it reads and reduces memory usage and cleans up strace. It would also avoid the infinite directory traversal bug in [YOCTO #6996] although the code could still be vulnerable if it parsed those specific paths. (From OE-Core rev: 9ac5017b3328a18561c2912edfda2d7d97c675f2) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-11T22:33:39+00:00 Armin Kuster akuster@mvista.com 2016-02-10T20:28:22+00:00 urn:sha1:914ff148fafc7df2b1c85ba176635ce58d3ebf7a CVE-2016-2198 Qemu: usb: ehci null pointer dereference in ehci_caps_write (From OE-Core rev: 33b5c3b4822b6bbb06ad5fdf7a120acd520f665d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-11T22:33:39+00:00 Armin Kuster akuster@mvista.com 2016-02-10T20:28:21+00:00 urn:sha1:093835335ee54634b1ae2a8d9c16ef132cbeacb4 CVE-2016-2197 Qemu: ide: ahci null pointer dereference when using FIS CLB engines (From OE-Core rev: bbc41337d28cc54d115378d4cad32f7b1c6f6cd5) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-02-11T12:27:47+00:00 Armin Kuster akuster@mvista.com 2016-02-09T01:29:41+00:00 urn:sha1:7475c4c2e5d6997de0582eaec85748ab99c30d0a CVE-2016-1568 Qemu: ide: ahci use-after-free vulnerability in aio port commands (From OE-Core rev: b1b2f629f8e2febd086eae8fabd24322333ea172) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-12-28T09:25:20+00:00 Ross Burton ross.burton@intel.com 2015-12-23T21:22:24+00:00 urn:sha1:614e9ecec473916ecf39853c37724e54524ed5c7 (From OE-Core rev: 0565377851bf73be39b09b06b2aa630f2225eee3) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>