openembedded-core.git, branch daisy Mirror of openembedded-core eglibc: security fix CVE-2015-7547 2016-04-11T21:00:48+00:00 Javier Viguera javier.viguera@digi.com 2016-04-06T09:34:50+00:00 a4e80e831cd13e6418af0d770c5dbd5b9270eaa5 CVE-2015-7547: getaddrinfo() stack-based buffer overflow Backport patch from GLIBC-2.20 to EGLIBC-2.19. Signed-off-by: Javier Viguera <javier.viguera@digi.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-7547: getaddrinfo() stack-based buffer overflow

Backport patch from GLIBC-2.20 to EGLIBC-2.19.

Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
package_manager: Fix BAD_RECOMMENDATIONS for opkg 2016-01-19T21:31:37+00:00 Paul Barker paul@paulbarker.me.uk 2014-10-26T19:36:22+00:00 d0326ff5abde814da8647debfd559fcb9aede3a4 In package_manager.py, when using opkg as the packager, the command 'opkg <args> info <pkg>' is called to get information about each pkg in BAD_RECOMMENDATIONS in a format that can be written to the status file. The 'Status: ...' line is modified and all other lines are passed through. Changing the verbosity level argument for this command will change what it written into the status file. Crucially, with the default verbosity level, no blank lines are being printed by the opkg command and so no blank lines are being written to the status file to separate each package entry. The package parsing code in opkg expects package entries in the status file to be separated by at least one blank line. If no blank line is seen, the next package entry is interpreted as a continuation of the last package entry, but the new values overwrite the old values. So with the default verbosity level, a blank line follows some package entries and these are parsed. The others are dropped due to the lack of blank lines. As the verbosity increases, more debugging messages add blank lines and more packages are parsed. The solution to ensure that this works correctly regardless of the verbosity level is simply add a blank line after the output of 'opkg info' is written to the status file, ensuring that the next package is separated from the current package. [YOCTO #6816] Signed-off-by: Paul Barker <paul@paulbarker.me.uk> Cc: Chris Carr <chris.carr@ge.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
In package_manager.py, when using opkg as the packager, the command 'opkg <args>
info <pkg>' is called to get information about each pkg in BAD_RECOMMENDATIONS
in a format that can be written to the status file. The 'Status: ...' line is
modified and all other lines are passed through. Changing the verbosity level
argument for this command will change what it written into the status file.
Crucially, with the default verbosity level, no blank lines are being printed by
the opkg command and so no blank lines are being written to the status file to
separate each package entry.

The package parsing code in opkg expects package entries in the status file to
be separated by at least one blank line. If no blank line is seen, the next
package entry is interpreted as a continuation of the last package entry, but
the new values overwrite the old values.

So with the default verbosity level, a blank line follows some package entries
and these are parsed. The others are dropped due to the lack of blank lines. As
the verbosity increases, more debugging messages add blank lines and more
packages are parsed.

The solution to ensure that this works correctly regardless of the verbosity
level is simply add a blank line after the output of 'opkg info' is written to
the status file, ensuring that the next package is separated from the current
package.

[YOCTO #6816]

Signed-off-by: Paul Barker <paul@paulbarker.me.uk>
Cc: Chris Carr <chris.carr@ge.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
squashfs-tools: enable building unsquashfs and fix squashfs-4.2-fix-CVE-2012-4025.patch 2015-07-16T19:45:07+00:00 Martin Jansa martin.jansa@gmail.com 2015-05-21T11:23:15+00:00 e1a2540227250d854d5bba278634bcc9e7572cda * build unsqaushfs, useful when debuging corrupt squashfs from mksquashfs * squashfs-4.2-fix-CVE-2012-4025.patch fixes CVE in unsquashfs which we weren't building and it actually breaks building it, because someone missed squashfs_fs.h change from the original change * add git headers in all patches and fix references to new github repository Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
* build unsqaushfs, useful when debuging corrupt squashfs from
  mksquashfs
* squashfs-4.2-fix-CVE-2012-4025.patch fixes CVE in unsquashfs which we
  weren't building and it actually breaks building it, because someone
  missed squashfs_fs.h change from the original change
* add git headers in all patches and fix references to new github
  repository

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
openssl: upgrade to 1.0.1p 2015-07-15T14:24:45+00:00 Tudor Florea tudor.florea@enea.com 2015-07-09T23:01:09+00:00 d140c1b13c3f3a7e2d982b5aa8b11c5e0c23c158 This upgrade fixes CVE-2015-1793 Removed openssl-fix-link.patch. The linking issue has been fixed in openssl. Signed-off-by: Tudor Florea <tudor.florea@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
This upgrade fixes CVE-2015-1793
Removed openssl-fix-link.patch. The linking issue has been fixed in openssl.

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
build-appliance-image: Update to daisy head revision 2015-05-13T12:27:45+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2015-05-13T12:27:45+00:00 5a577ec878a15f3caaf4893b819825ffb8c81266 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
security_flags: Fix typo for cups 2015-05-13T07:50:15+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2014-12-19T09:03:17+00:00 327da66bb4d0b2a219e8a1b0805b504b269b22d9 Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
powertop: Fix build for !uclibc 2015-05-12T14:45:56+00:00 Martin Jansa martin.jansa@gmail.com 2014-12-18T14:54:14+00:00 fd6418949249be252e4831ecf88f84297f81eaeb * EXTRA_LDFLAGS isn't defined for !uclibc and configure fails when it reads it unexpanded, see config.log snippet: configure:4177: checking whether the C compiler works configure:4199: i586-oe-linux-gcc -m32 -march=i586 --sysroot=/OE/sysroots/qemux86 -O2 -pipe -g -feliminate-unused-debug-types -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed ${EXTRA_LDFLAGS} conftest.c >&5 i586-oe-linux-gcc: error: ${EXTRA_LDFLAGS}: No such file or directory configure:4203: $? = 1 configure:4241: result: no Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Backported from OpenEmbedded Dizzy branch, commit c8f9b5c9a8e5179c2013f25decd6a5483df9c716. Signed-off-by: Jens Rottmann <Jens.Rottmann@ADLINKtech.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
* EXTRA_LDFLAGS isn't defined for !uclibc and configure fails
  when it reads it unexpanded, see config.log snippet:

  configure:4177: checking whether the C compiler works
  configure:4199: i586-oe-linux-gcc  -m32 -march=i586 --sysroot=/OE/sysroots/qemux86  -O2 -pipe -g -feliminate-unused-debug-types  -Wl,-O1 -Wl,--hash-style=gnu -Wl,--as-needed ${EXTRA_LDFLAGS} conftest.c  >&5
  i586-oe-linux-gcc: error: ${EXTRA_LDFLAGS}: No such file or directory
  configure:4203: $? = 1
  configure:4241: result: no

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Backported from OpenEmbedded Dizzy branch, commit
c8f9b5c9a8e5179c2013f25decd6a5483df9c716.
Signed-off-by: Jens Rottmann <Jens.Rottmann@ADLINKtech.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemd: fix /var/log/journal ownership 2015-05-12T14:45:41+00:00 Jonathan Liu net147@gmail.com 2015-03-12T09:18:56+00:00 e64cee7ccf9dedbadc3a63e4ed3eb15172ef4403 The ownership needs to be explicitly set otherwise it inherits the user and group id of the build user. (From OE-Core rev: 0752c79282b1cc9699743e719518e6c341d50a3a) Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Saul Wold <sgw@linux.intel.com> Conflicts: meta/recipes-core/systemd/systemd_219.bb Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The ownership needs to be explicitly set otherwise it inherits the user
and group id of the build user.

(From OE-Core rev: 0752c79282b1cc9699743e719518e6c341d50a3a)

Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>

Conflicts:
	meta/recipes-core/systemd/systemd_219.bb
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
eglibc: fix two security issues. 2015-05-01T11:34:38+00:00 Armin Kuster akuster808@gmail.com 2015-04-29T17:44:27+00:00 fed4d140da67fc51d54b02df83882177f6ddab10 The includes two CVE fixes: CVE-2012-3406 CVE-2014-7817 Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The includes two CVE fixes:
CVE-2012-3406
CVE-2014-7817

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
e2fsprogs: CVE-2015-0247 2015-05-01T11:34:06+00:00 Sona Sarmadi sona.sarmadi@enea.com 2015-04-29T09:02:22+00:00 f3e5b052689b2eba30e26903e964791f92241e65 Fixes input sanitization errors. References http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4 http://www.ocert.org/advisories/ocert-2015-002.html Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Fixes input sanitization errors.

References
http://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
http://www.ocert.org/advisories/ocert-2015-002.html

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>