linux/poky.git/meta, branch zeus Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=zeus 2020-09-10T18:07:54+00:00 selftest/signing: Ensure build path relocation is safe 2020-09-10T18:07:54+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2020-09-07T15:29:52+00:00 urn:sha1:d88d62c20d7d8da85f02edb170dae0280624ad7e Similarly to 04ee0e8b95cd8ed890374e0007f976684206b630, ensure only full build paths are replaced in the environment to avoid breaking buildtools. (From OE-Core rev: db8ceed8f2eca92a4cffe8295481d8041281fdd0) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> uninative: Upgrade to 2.9 2020-09-10T18:07:54+00:00 Khem Raj raj.khem@gmail.com 2020-08-21T23:51:15+00:00 urn:sha1:dd683d8b2f5bdceecbeeb50819fb5fd57f8add4e This supports glibc upto 2.32 which is now rolling into distributions (From OE-Core rev: 8523e55cc70ef5972da63a666aabacfe2a258e8f) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> gnutls: CVE-2020-24659 2020-09-10T12:21:41+00:00 Zhixiong Chi zhixiong.chi@windriver.com 2020-09-08T02:56:38+00:00 urn:sha1:0b9096fc1e187923b0e3d16d1f28371447134077 Backport the CVE patch from the usptream: https://gitlab.com/gnutls/gnutls.git commit 29ee67c205855e848a0a26e6d0e4f65b6b943e0a (From OE-Core rev: 7a9969fe8cb8b039976bcd482d7b815922ae54ea) Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> go: Security Advisory - go - CVE-2020-24553 2020-09-10T12:21:41+00:00 Li Zhou li.zhou@windriver.com 2020-09-07T08:09:06+00:00 urn:sha1:d3de07b7810151828b4ba15ffdaed5729f62d2ae Backport the patch from <https://github.com/golang/go/commit/ eb07103a083237414145a45f029c873d57037e06> to solve CVE-2020-24553. (From OE-Core rev: 794dfa173adbce781c9fe609d58d3ed9b8cbd501) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> qemu: CVE-2020-14364 2020-09-10T12:21:41+00:00 Li Wang li.wang@windriver.com 2020-09-04T02:16:08+00:00 urn:sha1:791f8fea3fc5db939122847cf6d1d7a63a69cba9 Backport patch from: https://git.qemu.org/?p=qemu.git;a=patch;h=b946434f2659a182afc17e155be6791ebfb302eb (From OE-Core rev: 8b4163c4e60f5e96790522e129f84102831feb8e) Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> bind: Security Advisory - bind - CVE-2020-8624 2020-09-10T12:21:41+00:00 Li Zhou li.zhou@windriver.com 2020-09-02T08:19:31+00:00 urn:sha1:a17aa2f36041dcf2501c6a0b145207c82a382a0c Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/e4cccf9668c7adee4724a7649ec64685f82c8677> to solve CVE-2020-8624. (From OE-Core rev: 660d170b6889b5e644da9fbef22220f63169aeb5) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> bind: Security Advisory - bind - CVE-2020-8623 2020-09-10T12:21:41+00:00 Li Zhou li.zhou@windriver.com 2020-09-02T08:19:30+00:00 urn:sha1:5cf27f353b4530808301607b184cefa29e7ca84d Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab> to solve CVE-2020-8623. (From OE-Core rev: cfbd144e94452bc4a197b284b5ec47cfff5b0047) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> bind: Security Advisory - bind - CVE-2020-8622 2020-09-10T12:21:41+00:00 Li Zhou li.zhou@windriver.com 2020-09-02T08:19:29+00:00 urn:sha1:301132a6d0dbaf4b6d032681852fe1f4f3b776dc Backport patch from <https://gitlab.isc.org/isc-projects/bind9/ commit/6ed167ad0a647dff20c8cb08c944a7967df2d415> to solve CVE-2020-8622. (From OE-Core rev: 64a2b62c41574bf4d45dd8ed447ee3b6c05fbd84) Signed-off-by: Li Zhou <li.zhou@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> qemu : fix CVE-2020-15863 2020-09-10T12:21:41+00:00 Li Wang Li.Wang@windriver.com 2020-08-10T08:15:25+00:00 urn:sha1:dc4767f775a31c3d04ae868ea22ed9e747c6d83c (From OE-Core rev: 30b0784e2eef9c4d45296857b0792a4374020fab) Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Li Wang <Li.Wang@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> qemu: CVE-2020-10756 2020-09-10T12:21:41+00:00 Stefan Ghinea stefan.ghinea@windriver.com 2020-08-21T19:47:47+00:00 urn:sha1:5ce2f71ca37512b64f14d9bcdc1ebedc24510db3 An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the icmp6_send_echoreply() routine while replying to an ICMP echo request, also known as ping. This flaw allows a malicious guest to leak the contents of the host memory, resulting in possible information disclosure. This flaw affects versions of libslirp before 4.3.1. References: https://nvd.nist.gov/vuln/detail/CVE-2020-10756 https://bugzilla.redhat.com/show_bug.cgi?id=1835986 Upstream patches: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/c7ede54cbd2e2b25385325600958ba0124e31cc0 (From OE-Core rev: b6d73f9f8c055928051dc57943baf5833568d04f) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>