Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=krogoth-enea 2017-05-19T12:32:39+00:00 2017-05-19T12:32:39+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-05-16T11:05:37+00:00 urn:sha1:bf0c5869f5f9a77d6c7c1adfb7c802d5bb0a1a74 Fixed CVE: - CVE-2017-2620 (Severity = High) display: cirrus: potential arbitrary code execution via cirrus_bitblt_cputovideo Removed patches (already in upstream): - target-ppc-fix-user-mode.patch (already in upstream) Clean up: - CVE-2016-2198.patch (this patch is removed from recipes but the patch was not deleted) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-05-19T12:32:39+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-05-16T11:05:36+00:00 urn:sha1:cb2cf64b0b33e70b8f017b8757f8d4dd0ba10431 virtio-gpu: memory leakage when destroying gpu resource Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9912 Reference to upstream patch: http://git.qemu-project.org/?p=qemu.git;a=patch;h=b8e23926c568f2e963af39028b71c472e3023793 (From OE-Core rev: 8bf7ade372b46b8a872661a7904fbaa30fa262a2) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-05-19T12:32:39+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-05-16T11:05:35+00:00 urn:sha1:a71ba5142cd82c4d9390b726773ef75d92ef672a virtio-gpu: information leakage in virgl_cmd_get_capset References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9908 (From OE-Core rev: f5f4a08baeb4864984fcb9a837a3a8c51274df2b) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-05-11T13:29:40+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-05-10T12:17:36+00:00 urn:sha1:dcc07572fde318e470952fa2a984fcee301c09bf Added patches: - target-ppc-fix-user-mode.patch - qemu-2.5.0-cflags.patch Rebased patches: - exclude-some-arm-EABI-obsolete-syscalls.patc Removed patches: - Qemu-Arm-versatilepb-Add-memory-size-checking.patch Changelog: http://wiki.qemu.org/ChangeLog/2.8 This patch is backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=8bf3f386f989ec9323c8399d1899d8b834e5ca94 Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-05-11T13:29:31+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-05-10T12:17:35+00:00 urn:sha1:947f79967f2658bff158e3903305e481b8d34553 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-05-11T13:28:59+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-05-10T12:17:34+00:00 urn:sha1:17a9a734122e446bd2708a4273af1fe4eacb87ae This upgrade can fix a qemuppc + openssh bug, the ssh connection maybe refused or closed randomly, and it's not easy to reproduce. RP pointed that this upgrade can fix the problem, and it does work in my local testing. * Update add-ptest-in-makefile.patch Here is the Changlog: http://wiki.qemu.org/ChangeLog/2.7 (From OE-Core rev: 056ce17e168bf856ff95a6f659098403169cb889) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-05-11T13:28:51+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-05-10T12:17:33+00:00 urn:sha1:5c021b4550f77ddc7d32664a08e46ba69d16c2c7 (From OE-Core rev: 6c18103e43fd593724f4317a1453a72b0feb6989) This patch is backported from upstream morty branch: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=morty&id=ff35bfa2420f30cb79995fb4808175b447967c07 Signed-off-by: Marek Vasut <marex@denx.de> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-05-11T13:28:43+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-05-10T12:17:32+00:00 urn:sha1:71d585a8deafbeea66a517313d9ae10862484d22 This is a minor upgrade only comes with security fixes in qemu VGA and UART code to avoid corruptions (CVE-2016-3710 and CVE-2016-3712). For review details, http://git.qemu.org/?p=qemu.git;a=log;h=v2.5.1.1 (From OE-Core rev: da522c0c248c9a8b10a90de4cd6e7e05367e637d) This patch is backported from upstream morty branch: http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch/?id=b0207e742542cc44086d612df0a216cc45875538 Signed-off-by: Aníbal Limón <anibal.limon@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-05-11T13:28:36+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-05-10T12:17:31+00:00 urn:sha1:07c94f74cda62c672e7e80292f917a76e1214be0 This upgrade includes several worthwhile fixes, security and otherwise, including a complete fix for CVE-2016-2857. * drop CVE-2016-2857.patch as it's included in this release, along with several related patches which complete the fixes for CVE-2016-2857: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=9bddb45dbc010cd8ee4d48bd501fa5d18dcec00c http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e3a2cdfcb5e282139217924044ec5af00c7f8eed http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fe90bdc25bcf9954ee286cd51de94776a17d04f6 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d0ee85b4e4c6cc2c8fac311d6df2ed412ed0df5f http://git.qemu.org/?p=qemu.git;a=commitdiff;h=80b6e5723fac428ea6c08c821078286f43975df8 http://git.qemu.org/?p=qemu.git;a=commitdiff;h=a375e0b03ee3438924b24a45e61ee189ec9361db * drop CVE-2016-2197.patch as an equivalent fix is included in this release http://git.qemu.org/?p=qemu.git;a=commitdiff;h=aaf4fb6afb4653c86059255811886a5c4ea271f3 * drop CVE-2016-1568.patch as it's included in this release http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f046a6ba1d558eb043dc13a80d40cf7cb62ef95 (From OE-Core rev: 8332cea4baf2bda81fa4d33ccedefaec4313d454) This patch is backported from upstream morty branch: http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch/?id=c63c1aaaa6f2f2ad583e8e513308acab18841c83 Signed-off-by: Joshua Lock <joshua.g.lock@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com> 2017-04-03T14:13:30+00:00 Sona Sarmadi sona.sarmadi@enea.com 2017-03-29T06:45:05+00:00 urn:sha1:dd5a3c0c80ac35b30b61296507bf5d3bd3a609d2 Rebases: - default-versions.inc - multilib.patch - 01-use-proper-tools-for-cross-build.patch - debug.patch - python.inc Upstream: - avoid_parallel_make_races_on_pgen.patch - CVE-2016-5636.patch (Backported from OE-Core rev: adf4266524d0d1a7814d31496c3ecc6470644ec6) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>