Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=genericarm64 2015-08-10T19:40:21+00:00 2015-08-10T19:40:21+00:00 Robert Yang liezhi.yang@windriver.com 2015-08-03T15:44:22+00:00 urn:sha1:44bbb402af75c78eb7dc25e7374ccfcfa7410034 Remove patch001 -> patch030 since they are already in source, add patch031 -> patch039 (From OE-Core rev: 781ec1061306f43265f9d756a89d1b86bd5d19a0) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-01-16T23:08:26+00:00 Robert Yang liezhi.yang@windriver.com 2015-01-13T03:08:51+00:00 urn:sha1:de6e1fa664e6cba697bc5909c2ef5ecec8fdf1d3 It works well now, and bump the PR to avoid: x86_64-poky-linux-ar: shmatch.o: No such file or directory (From OE-Core rev: f31f86b4c81d409b91feb77a46d362de1ad29b69) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-10-06T15:03:13+00:00 Mark Hatle mark.hatle@windriver.com 2014-10-06T14:44:54+00:00 urn:sha1:fc37a44a011d63fab394e0cbca2a0494b4d5721b Update both bash 3.2.48 (to 57), and bash 4.3 (to 30) to fix the remaining 'shellshock' security issues, CVE-2014-6278. (From OE-Core rev: a2709547644ae417fbd5435e1372068c7cd5db4c) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-10-06T14:15:51+00:00 Mark Hatle mark.hatle@windriver.com 2014-10-03T14:51:25+00:00 urn:sha1:94d2fea672140bcd561dc001da5759a927192b93 We upgrade bash_4.3 to patch revision 29, and bash_3.2.48 to 56. There are numerous community bug fixes included with this set, but the key items are: bash32-052 CVE-2014-6271 9/24/2014 bash32-053 CVE-2014-7169 9/26/2014 bash32-054 exported function namespace change 9/27/2014 bash32-055 CVE-2014-7186/CVE-2014-7187 10/1/2014 bash32-056 CVE-2014-6277 10/2/2014 bash43-025 CVE-2014-6271 9/24/2014 bash43-026 CVE-2014-7169 9/26/2014 bash43-027 exported function namespace change 9/27/2014 bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014 bash43-029 CVE-2014-6277 10/2/2014 (From OE-Core rev: 43deeff0c6b0ea7729d3e5f1887dfd1647dea1da) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-09-29T11:13:35+00:00 Khem Raj raj.khem@gmail.com 2014-09-26T20:21:19+00:00 urn:sha1:d6709b013364737bec7d59edd949db3891a6a8fa This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed (From OE-Core rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-09-29T11:12:46+00:00 Ross Burton ross.burton@intel.com 2014-09-25T23:05:18+00:00 urn:sha1:215e7b98ae4865b0f24b1cb9c53161fef170b270 CVE-2014-6271 aka ShellShock. "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment." (From OE-Core rev: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-03-05T15:50:20+00:00 Hongxu Jia hongxu.jia@windriver.com 2014-03-03T10:55:57+00:00 urn:sha1:a1632697254fab3ca56f364e3866b2b5530ea9a2 The bash-4.2-patches is obsolete. (From OE-Core rev: 31eb09a888729fcfd17d02f2a47375e10e87f79a) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>