Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=krogoth 2017-07-19T14:13:47+00:00 2017-07-19T14:13:47+00:00 Ross Burton ross.burton@intel.com 2017-07-19T13:27:32+00:00 urn:sha1:3ca9f90dffad3907ceec605a851ae949dd3b6bd6 In libgcrypt before 1.7.7, an attacker who learns the EdDSA session key (from side-channel observation during the signing process) can easily recover the long-term secret key. 1.7.7 makes a cipher/ecc-eddsa.c change to store this session key in secure memory, to ensure that constant-time point operations are used in the MPI library. (From OE-Core rev: fb28c54347fcf4957b9b8ee7dee423d859eb7820) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-07-19T14:13:46+00:00 Ross Burton ross.burton@intel.com 2017-07-19T13:27:31+00:00 urn:sha1:ccc964cf9fde0d71d289c22c2a231f0021461012 Fixes CVE-2017-7526, 'flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster"'. (From OE-Core rev: 1a713fb654a31a6dd218dc1b5b810e2b380ecbb1) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-06-05T22:53:54+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-08-18T13:46:32+00:00 urn:sha1:b24988bec7698f6b80a1bc4505ee697c7fe5b0d7 Building libunwind, then gcc-runtime causes build failures. This is hard to fix since gcc-runtime wants the internal gcc unwind.h header but libunwind wants to provide this. There are differences in include behaviour between gcc and glibc which are by design. This patch hacks around the issue by looking for a define used during gcc-runtime's build and skipping to the internal header in that case. The patch is only enabled on musl and is the best workaround I could come up with to unblock failing builds on our autobuilder. [YOCTO #10129] (From OE-Core rev: 793b6e57d7cf4a093223b4cd34085a929a5c43c3) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-05-18T12:14:22+00:00 Armin Kuster akuster808@gmail.com 2017-02-11T19:36:36+00:00 urn:sha1:13f0eee08d72327238dbabb5a0e3f9c34b08bf37 | ERROR: Function failed: Fetcher failure for URL: 'ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz'. URL ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz doesn't work ERROR: Logfile of failure stored in: /home/akuster/oss/maint/poky/build/tmp/work/x86_64-linux/libxslt-native/1.1.28-r0/temp/log.do_checkuri.16102 Log data follows: | DEBUG: Executing python function do_checkuri | DEBUG: Testing URL ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz | DEBUG: checkstatus() urlopen failed: <urlopen error ftp error: [Errno 110] Connection timed out> | DEBUG: Python function do_checkuri finished | ERROR: Function failed: Fetcher failure for URL: 'ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz'. URL ftp://xmlsoft.org/libxslt/libxslt-1.1.28.tar.gz doesn't work (From OE-Core rev: 251e4ed97d837d4420484a718271655589509cae) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-05-18T12:14:22+00:00 Armin Kuster akuster808@gmail.com 2017-02-11T19:09:13+00:00 urn:sha1:577eb635ab5b536efd18ae2397290249186d96f0 ERROR: Task 75 (/home/akuster/oss/maint/poky/meta/recipes-support/libpcre/libpcre_8.38.bb, do_checkuri) failed with exit code '1' ERROR: libpcre-native-8.38-r0 do_checkuri: Function failed: Fetcher failure for URL: 'ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.bz2'. URL ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.38.tar.bz2 doesn't work (From OE-Core rev: cf9f844100fa509829009f0167fc058a3f312393) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-05-18T12:14:20+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-11-15T09:08:20+00:00 urn:sha1:384801e82724e81d13f982e86c8aa8738db235c7 IDNA 2003 makes curl use wrong host Affected versions: curl 7.12.0 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102K.html (From OE-Core rev: bf8d4e9c8a7fed4e190d600a6a26d314d4b15a08) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-05-18T12:14:20+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-11-15T09:08:19+00:00 urn:sha1:5c9148ff6acd96fd20ca989e74edccba186dad17 invalid URL parsing with '#' Affected versions: curl 7.1 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102J.html (From OE-Core rev: 3127e968c9e9bb2ba302553ba4eeeb030b1eee53) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-05-18T12:14:20+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-11-15T09:08:18+00:00 urn:sha1:cec5e508ec2f0862420c880dd8e63ec54e351e8c Use-after-free via shared cookies Affected versions: curl 7.10.7 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102I.html (From OE-Core rev: 3bbd9634e6ae3ebaf998812a316e7a84025d0949) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-05-18T12:14:20+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-11-15T09:08:17+00:00 urn:sha1:ddc6a9f5cd8b8ff7c362c2cf08ddf8eb1da2dd6c URL unescape heap overflow via integer truncation Affected versions: curl 7.24.0 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102H.html (From OE-Core rev: a712024f69a319c0b37ed5fd99ecdcaa9c3b0026) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-05-18T12:14:20+00:00 Sona Sarmadi sona.sarmadi@enea.com 2016-11-15T09:08:16+00:00 urn:sha1:8b50a8676bab621beb9414cd3c894ecfb409759f curl_getdate read out of bounds Affected versions: curl 7.12.2 to and including 7.50.3 Reference: https://curl.haxx.se/docs/adv_20161102G.html (From OE-Core rev: db6106a208891aeb3d2c00170e61bab8c648654a) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>