Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=zeus 2020-09-10T12:21:41+00:00 2020-09-10T12:21:41+00:00 Li Zhou li.zhou@windriver.com 2020-09-07T08:09:06+00:00 urn:sha1:d3de07b7810151828b4ba15ffdaed5729f62d2ae Backport the patch from <https://github.com/golang/go/commit/ eb07103a083237414145a45f029c873d57037e06> to solve CVE-2020-24553. (From OE-Core rev: 794dfa173adbce781c9fe609d58d3ed9b8cbd501) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:41+00:00 Li Wang li.wang@windriver.com 2020-09-04T02:16:08+00:00 urn:sha1:791f8fea3fc5db939122847cf6d1d7a63a69cba9 Backport patch from: https://git.qemu.org/?p=qemu.git;a=patch;h=b946434f2659a182afc17e155be6791ebfb302eb (From OE-Core rev: 8b4163c4e60f5e96790522e129f84102831feb8e) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:41+00:00 Li Wang Li.Wang@windriver.com 2020-08-10T08:15:25+00:00 urn:sha1:dc4767f775a31c3d04ae868ea22ed9e747c6d83c (From OE-Core rev: 30b0784e2eef9c4d45296857b0792a4374020fab) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Li Wang <Li.Wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:41+00:00 Stefan Ghinea stefan.ghinea@windriver.com 2020-08-21T19:47:47+00:00 urn:sha1:5ce2f71ca37512b64f14d9bcdc1ebedc24510db3 An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. References: https://nvd.nist.gov/vuln/detail/CVE-2020-10756 https://bugzilla.redhat.com/show_bug.cgi?id=1835986 Upstream patches: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c7ede54cbd2e2b25385325600958ba0124e31cc0 (From OE-Core rev: b6d73f9f8c055928051dc57943baf5833568d04f) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:41+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2020-08-11T07:41:18+00:00 urn:sha1:ba9c9dc10677371c55041e4bba38350f0e777d15 Backport CVE patch from the upstream: https://github.com/golang/go.git commit 027d7241ce050d197e7fabea3d541ffbe3487258 (From OE-Core rev: 4fa2a6c171e62855ad9a2bd7a2d8507067f62988) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:41+00:00 Li Wang li.wang@windriver.com 2020-08-18T04:48:17+00:00 urn:sha1:a76794a159e729b8f0abd121189bfc3ee9b490ec Backport CVE patch from the upstream: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 (From OE-Core rev: ffb65dd34fce4c75b9aa00dc0197bf83198a9980) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:41+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2019-11-28T12:08:55+00:00 urn:sha1:7db53268bf6666d114a02f8673929508ca072d4d traceback2 adds traceback for python2. Rather than depend on traceback2, we're python3 only so just use traceback. This caused breakage in oe-selftest -j which uses testtools on the autobuilder using buildtools-tarball. [YOCTO #13652] (From OE-Core rev: ee80a06c107375e3cf0d246ea17c09dda4536dab) (From OE-Core rev: 9f51e83ab407c3dff6624b6ae1b03ca6c326d382) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:40+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-01-17T17:20:48+00:00 urn:sha1:8ec59a27a8252ac084b090284a80ac83da4bccf1 In the SDK we need the plain symlinks and don't use alternative providers. When these are missing the toolchain can work incorrectly so fix this. (From OE-Core rev: 0c06cfaa016d06cc56d80dc1c244a938f3d38a3c) (From OE-Core rev: 0d299c5dc04407d2d54574157f4014f50f2d0468) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-09-10T12:21:40+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-01-17T17:21:39+00:00 urn:sha1:3abf1c375c6e943c90a4bb14f86b5ed1b8f4ff39 We need binutils to look at our ld.so.conf file within the SDK to ensure we search the SDK's libdirs as well as those from the host system. There add a patch which passes in the directory to the code using a define, then add it to a section we relocate in a similar way to the way we relocate the gcc internal paths. This ensures that ld works correctly in our buildtools tarball. Standard sysroot relocation doesn't work since we're not in a sysroot, we want to use both the host system and SDK libs. (From OE-Core rev: f6c1089642934ad93056ef19a0888965486ee030) (From OE-Core rev: 09a2b16ac2bd1e3e415131e46315c851373aa7e0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-08-12T09:53:51+00:00 Li Zhou li.zhou@windriver.com 2020-07-29T05:49:46+00:00 urn:sha1:908d6ca32d10ede970343c88480906bc67645931 Backport patch from <https://github.com/golang/go/commit/ fa98f46741f818913a8c11b877520a548715131f> to solve CVE-2020-15586. (From OE-Core rev: 0e8526ce8694ebd6988c3804e4d2ccf39cda90c7) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>