Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=pyro 2018-05-07T14:57:44+00:00 2018-05-07T14:57:44+00:00 Armin Kuster akuster808@gmail.com 2018-05-03T16:00:59+00:00 urn:sha1:90068771dd6fbd0f90a133b9c1c95c71d7cf035f The dot releases are maint only. 2.4.4 included: CVE-2017-17742: HTTP response splitting in WEBrick CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir CVE-2018-8777: DoS by large request in WEBrick CVE-2018-8778: Buffer under-read in String#unpack CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir 2.4.3 includes: CVE-2017-17405: Command injection vulnerability in Net::FTP (From OE-Core rev: ce12ff394281a42448d92109568db33739b2b542) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-07T14:57:44+00:00 Andre McCurdy armccurdy@gmail.com 2018-01-22T23:38:06+00:00 urn:sha1:da6716b70c07fe0432116d626d9f4340609b9ed5 (From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761) (From OE-Core rev: a9b55cbec9f5ff11f92f50c529049e83ac898043) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-07T14:57:44+00:00 Ross Burton ross.burton@intel.com 2017-11-01T09:57:53+00:00 urn:sha1:f24ffeefb1b7a40366313b0895ed08beb8cc1ed3 The dbm module uses gdbm by default which is also a build dependency. (From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9) (From OE-Core rev: 20d9821e9131c3d715ed629ad38eed802f737056) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-07T14:57:44+00:00 Leonardo Sandoval leonardo.sandoval.gonzalez@linux.intel.com 2017-10-12T18:35:23+00:00 urn:sha1:82528b2f84f2d519bb670ee12fa16257192e6fe9 The CVE-2017-14064 patch is already at 2.4.2 as explained on project's commit, so removing from the recipe & repo. commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153 Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> Date: Wed Apr 12 00:21:18 2017 +0000 Merge json-2.0.4. * https://github.com/flori/json/releases/tag/v2.0.4 * https://github.com/flori/json/blob/09fabeb03e73ed88dc8ce8f19d76ac59e51dae20/CHANGES.md#2017-03-23-204 git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e (From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438) (From OE-Core rev: 4562790471c7e3f3e393cd3e8b77d28ed4196452) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for pyro context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-05-07T14:57:44+00:00 Leonardo Sandoval leonardo.sandoval.gonzalez@linux.intel.com 2017-05-22T18:47:01+00:00 urn:sha1:5c9e4bbba7c5f604b366815ad5f776c2d6c17b06 (From OE-Core rev: 3ff2d0bc7a8e7a7e8c8e953dc0ccf84d891688ef) (From OE-Core rev: b102521a146197749dc1493307f222cbf0292921) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fixup for pyro context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-11-05T22:39:49+00:00 Armin Kuster akuster@mvista.com 2017-11-04T18:56:03+00:00 urn:sha1:99656fecf4fa6e24ba49ecb7f26f893e733818a0 affects ruby < 2.4.1 (From OE-Core rev: 2db9d0854239bca9d5c4efde808a1931c4c0ca0e) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-09-11T21:15:58+00:00 Joe Slater jslater@windriver.com 2017-08-18T17:43:44+00:00 urn:sha1:c63480c9605a22b3000dc4f0e9198e67365832e9 CVE-2017-9226 : check too big code point value for single byte CVE-2017-9227 : access to invalid address by reg->dmin value CVE-2017-9228 : invalid state(CCS_VALUE) in parse_char_class() CVE-2017-9229 : access to invalid address by reg->dmax value (From OE-Core rev: f15f01edbaa431829a50053d07ed6d6b333584c7) (From OE-Core rev: 4077e088b6e750c4143a59c5d89258ab682ed96b) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-09-11T21:15:58+00:00 Joe Slater jslater@windriver.com 2017-08-16T21:46:11+00:00 urn:sha1:62e244d71354f20e8680606e015565690f1bd4f5 Use DATA_ENSURE(1) before access. (From OE-Core rev: 9db907a0bd331c47c4882b82f9f1d2a7ef1f6d1f) (From OE-Core rev: 7ba25f0d8d95ece5f5d56ace5b1e9c8c797efbc0) Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Fixed up to get to apply Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-03-01T23:27:11+00:00 Leonardo Sandoval leonardo.sandoval.gonzalez@linux.intel.com 2017-02-21T17:03:55+00:00 urn:sha1:db9b183d5c8067fc0eaf96e6c8e0e81258f4ff1c Two LIC_FILES_CHKSUM checksums changed (COPYING and LEGAL) but LICENSE remains the same. (From OE-Core rev: 2bbad067b6b928d4615df938d0e41fa84e451c15) Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-03-01T23:27:08+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2017-02-22T14:50:56+00:00 urn:sha1:922bfed3f61f0c31fcc9060fda9795753845d174 (From OE-Core rev: 0299731f9c11fda2e0a17600f758e0d7ff31fbbe) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>