openembedded-core.git, branch denzil Mirror of openembedded-core libtasn1: Upgrade to 2.13 2013-01-28T12:43:16+00:00 Saul Wold sgw@linux.intel.com 2013-01-27T23:39:12+00:00 94c375a281378413d24a402ec6a59762d0eb5b85 Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libtasn1: fix build with automake 1.12 2013-01-28T12:43:08+00:00 Nitin A Kamble nitin.a.kamble@intel.com 2013-01-27T23:39:11+00:00 6fb4913eb237062303bcda50e9910f53dc95d0dd Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libtasn1: Update to 2.12 2013-01-28T12:42:58+00:00 Saul Wold sgw@linux.intel.com 2013-01-27T23:39:10+00:00 d02a682360d803f9b5f033ddc5d0f43020eebd13 Use the GUN_MIRROR correctly Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Use the GUN_MIRROR correctly

Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bison: move remove-gets.patch to BASE_SRC_URI, it's needed for bison-native too if host has (e)glibc-2.16 2013-01-28T12:42:51+00:00 Martin Jansa martin.jansa@gmail.com 2013-01-27T23:39:09+00:00 cae95a527c1e9faefc0c051254e67dad7fad4197 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
build-appliance-image: Bump SRCREV 2013-01-04T22:23:34+00:00 Elizabeth Flanagan elizabeth.flanagan@intel.com 2013-01-04T22:12:44+00:00 0a9e8bf35afd5990c1b586bba5eb68f643458a4b With the pending point release for denzil we need to point to the release revision and the correct branch. Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
With the pending point release for denzil we need to point
to the release revision and the correct branch.

Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cups: patch for CVE-2011-2896 2012-12-28T00:28:51+00:00 Scott Garman scott.a.garman@intel.com 2012-12-28T00:28:51+00:00 f4aca76c7933abf2771999c309d49ab91a3d9480 Patch from: http://cups.org/strfiles/3867/str3867.patch The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2896 [YOCTO #3582] [ CQID: WIND00299595 ] Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Merged with denzil branch, partial fix for denzil bug [YOCTO #3652] Signed-off-by: Scott Garman <scott.a.garman@intel.com> 
Patch from: http://cups.org/strfiles/3867/str3867.patch

The LZW decompressor in the LWZReadByte function in giftoppm.c in the
David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw
function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte
function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,
the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4
and earlier, and other products, does not properly handle code words
that are absent from the decompression table when encountered, which
allows remote attackers to trigger an infinite loop or a heap-based
buffer overflow, and possibly execute arbitrary code, via a crafted
compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2896

[YOCTO #3582]
[ CQID: WIND00299595 ]

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>

Merged with denzil branch, partial fix for denzil bug [YOCTO #3652]

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
librsvg: CVE-2011-3146 2012-12-28T00:16:34+00:00 Li Wang li.wang@windriver.com 2012-12-13T06:51:22+00:00 6d030fcb69221da073ce413049deb8447934bed5 Store node type separately in RsvgNode commit 34c95743ca692ea0e44778e41a7c0a129363de84 upstream The node name (formerly RsvgNode:type) cannot be used to infer the sub-type of RsvgNode that we're dealing with, since for unknown elements we put type = node-name. This lead to a (potentially exploitable) crash e.g. when the element name started with "fe" which tricked the old code into considering it as a RsvgFilterPrimitive. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3146 https://bugzilla.gnome.org/show_bug.cgi?id=658014 [YOCTO #3581] [ CQID: WIND00376773 ] Upstream-Status: Backport Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Resolved merge conflicts with denzil branch. Fixes denzil bug [YOCTO #3651]. Signed-off-by: Scott Garman <scott.a.garman@intel.com> 
Store node type separately in RsvgNode

commit 34c95743ca692ea0e44778e41a7c0a129363de84 upstream

The node name (formerly RsvgNode:type) cannot be used to infer
the sub-type of RsvgNode that we're dealing with, since for unknown
elements we put type = node-name. This lead to a (potentially exploitable)
crash e.g. when the element name started with "fe" which tricked
the old code into considering it as a RsvgFilterPrimitive.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3146

https://bugzilla.gnome.org/show_bug.cgi?id=658014

[YOCTO #3581]
[ CQID: WIND00376773 ]
Upstream-Status: Backport

Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>

Resolved merge conflicts with denzil branch.

Fixes denzil bug [YOCTO #3651].

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
squashfs: fix CVE-2012-4025 2012-12-27T23:42:39+00:00 yanjun.zhu yanjun.zhu@windriver.com 2012-12-11T10:00:32+00:00 e6fddd1961061895e9335fa94b636163efdc9caa CQID:WIND00366813 Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi? p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025 Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> [YOCTO #3564] Signed-off-by: Saul Wold <sgw@linux.intel.com> 
CQID:WIND00366813

Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e

Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
to execute arbitrary code via a crafted block_log field in the
superblock of a .sqsh file, leading to a heap-based buffer overflow.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>

[YOCTO #3564]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
freetype: patches for CVE-2012-5668, 5669, and 5670 2012-12-27T23:03:02+00:00 Scott Garman scott.a.garman@intel.com 2012-12-27T22:48:56+00:00 be34916d81b71385a560a6990c7b30eba243b356 For details of these security issues, please see: http://www.openwall.com/lists/oss-security/2012/12/25/1 Thanks to Eren Turkay <eren@hambedded.org> for submitting source patches that apply cleanly to freetype 2.4.9. This fixes denzil bug [YOCTO #3649] Signed-off-by: Scott Garman <scott.a.garman@intel.com> 
For details of these security issues, please see:

http://www.openwall.com/lists/oss-security/2012/12/25/1

Thanks to Eren Turkay <eren@hambedded.org> for submitting source
patches that apply cleanly to freetype 2.4.9.

This fixes denzil bug [YOCTO #3649]

Signed-off-by: Scott Garman <scott.a.garman@intel.com>
libxml2: patch for CVE-2012-2871 2012-12-27T17:57:23+00:00 Scott Garman scott.a.garman@intel.com 2012-12-27T17:53:08+00:00 fa3d44594360786b2526d64f0ea5bc26b44a1fa8 the patch come from: http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/ \ src/include/libxml/tree.h?r1=56276&r2=149930 libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly support a cast of an unspecified variable during handling of XSL transforms, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document, related to the _xmlNs data structure in include/libxml/tree.h. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871 [YOCTO #3580] [ CQID: WIND00376779 ] Signed-off-by: Li Wang <li.wang at windriver.com> This fixes denzil bug [YOCTO #3648] Signed-off-by: Scott Garman <scott.a.garman@intel.com> 
the patch come from:
http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/ \
src/include/libxml/tree.h?r1=56276&r2=149930

libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before
21.0.1180.89, does not properly support a cast of an unspecified
variable during handling of XSL transforms, which allows remote
attackers to cause a denial of service or possibly have unknown other
impact via a crafted document, related to the _xmlNs data structure in
include/libxml/tree.h.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871

[YOCTO #3580]
[ CQID: WIND00376779 ]

Signed-off-by: Li Wang <li.wang at windriver.com>

This fixes denzil bug [YOCTO #3648]

Signed-off-by: Scott Garman <scott.a.garman@intel.com>