openembedded-core.git/meta/recipes-extended, branch dora Mirror of openembedded-core ltp: Added zip-native as a DEPENDS 2014-11-21T16:46:34+00:00 Alejandro Hernandez alejandro.hernandez@linux.intel.com 2014-11-21T01:50:50+00:00 f9c647b4373e09e788580fd59c4c42a9bcec9268 The Makefile checks for zip during installation [YOCTO #6699] (From OE-Core rev: a6e8ced3fa8e8e2aa3df0798b80eb26e5ebc4b15) (Backport to older version 20130503) Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The Makefile checks for zip during installation

[YOCTO #6699]

(From OE-Core rev: a6e8ced3fa8e8e2aa3df0798b80eb26e5ebc4b15)

(Backport to older version 20130503)

Signed-off-by: Alejandro Hernandez <alejandro.hernandez@linux.intel.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: Fix-for-CVE-2014-6278 2014-10-12T20:24:36+00:00 Catalin Popeanga Catalin.Popeanga@enea.com 2014-10-09T12:25:15+00:00 1e155330f6cf132997b91a7cfdfe7de319410566 This vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277 See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278 (From OE-Core daisy rev: de596b5f31e837dcd2ce991245eb5548f12d72ae) Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
This vulnerability exists because of an incomplete fix for CVE-2014-6271, CVE-2014-7169, and CVE-2014-6277

See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6278

(From OE-Core daisy rev: de596b5f31e837dcd2ce991245eb5548f12d72ae)

Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
bash: Fix for CVE-2014-6277 2014-10-12T20:24:36+00:00 Catalin Popeanga Catalin.Popeanga@enea.com 2014-10-09T12:24:53+00:00 5a802295d1f40af6f21dd3ed7e4549fe033f03a0 Follow up bash42-049 to parse properly function definitions in the values of environment variables, to not allow remote attackers to execute arbitrary code or to cause a denial of service. See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277 (From OE-Core daisy rev: 85961bcf81650992259cebb0ef1f1c6cdef3fefa) Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
Follow up bash42-049 to parse properly function definitions in the
values of environment variables, to not allow remote attackers to
execute arbitrary code or to cause a denial of service.

See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277

(From OE-Core daisy rev: 85961bcf81650992259cebb0ef1f1c6cdef3fefa)

Signed-off-by: Catalin Popeanga <Catalin.Popeanga@enea.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
bash: Fix for CVE-2014-7186 and CVE-2014-7187 2014-10-12T20:24:36+00:00 Catalin Popeanga Catalin.Popeanga@enea.com 2014-10-09T12:24:29+00:00 bdfe1e3770aeee9a1a7c65d4834f1a99820d3140 This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187 (From OE-Core daisy rev: 153d1125659df9e5c09e35a58bd51be184cb13c1) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
This is a followup patch to incomplete CVE-2014-6271 fix code execution via
specially-crafted environment

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7186
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7187

(From OE-Core daisy rev: 153d1125659df9e5c09e35a58bd51be184cb13c1)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
bash: Fix for exported function namespace change 2014-10-12T20:24:35+00:00 Catalin Popeanga Catalin.Popeanga@enea.com 2014-10-09T12:23:24+00:00 af1f65b57dbfcaf5fc7c254dce80ac55f3a632cb This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment This patch changes the encoding bash uses for exported functions to avoid clashes with shell variables and to avoid depending only on an environment variable's contents to determine whether or not to interpret it as a shell function. (From OE-Core daisy rev: 6c51cc96d03df26d1c10867633e7a10dfbec7c45) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> 
This is a followup patch to incomplete CVE-2014-6271 fix code execution via
specially-crafted environment

This patch changes the encoding bash uses for exported functions to avoid
clashes with shell variables and to avoid depending only on an environment
variable's contents to determine whether or not to interpret it as a shell
function.

(From OE-Core daisy rev: 6c51cc96d03df26d1c10867633e7a10dfbec7c45)

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
bash: add missing patch for CVE-2014-7169 to 4.2 recipe 2014-10-02T15:39:35+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-10-02T14:27:27+00:00 a71680ec6e12c17159336dc34d904cb70155d0d7 The bash_4.2 recipe was missed when the fix was backported to the dora branch. Patch from OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc by Khem Raj <raj.khem@gmail.com> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The bash_4.2 recipe was missed when the fix was backported to the dora
branch.

Patch from OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc
by Khem Raj <raj.khem@gmail.com>

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: add missing patch for CVE-2014-6271 to 4.2 recipe 2014-10-02T15:39:35+00:00 Paul Eggleton paul.eggleton@linux.intel.com 2014-10-02T14:27:26+00:00 74d45affd5cda2e388d42db3322b4a0d5aff07e8 The bash_4.2 recipe was missed when the fix was backported to the dora branch. Patch based on the one from OE-Core master rev 798d833c9d4bd9ab287fa86b85b4d5f128170ed3 by Ross Burton <ross.burton@intel.com>, with the content replaced from the appropriate upstream patch. Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
The bash_4.2 recipe was missed when the fix was backported to the dora
branch.

Patch based on the one from OE-Core master rev
798d833c9d4bd9ab287fa86b85b4d5f128170ed3 by Ross Burton
<ross.burton@intel.com>, with the content replaced from the
appropriate upstream patch.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
bash: Fix CVE-2014-7169 2014-10-02T07:03:41+00:00 Khem Raj raj.khem@gmail.com 2014-09-26T20:21:19+00:00 1c8f43767c7d78872d38652ea808f30ea825bbef This is a followup patch to incomplete CVE-2014-6271 fix code execution via specially-crafted environment Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed (From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
This is a followup patch to incomplete CVE-2014-6271 fix
code execution via specially-crafted environment

Change-Id: Ibb0a587ee6e09b8174e92d005356e822ad40d4ed
(From OE-Core master rev: 76a2d6b83472995edbe967aed80f0fcbb784b3fc)

Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
bash: fix CVE-2014-6271 2014-10-02T07:03:40+00:00 Ross Burton ross.burton@intel.com 2014-09-25T23:05:18+00:00 05eecceb4d2a5821cd0ca0164610e9e6d68bb22c CVE-2014-6271 aka ShellShock. "GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment." (From OE-Core master rev: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> 
CVE-2014-6271 aka ShellShock.

"GNU Bash through 4.3 processes trailing strings after function definitions in
the values of environment variables, which allows remote attackers to execute
arbitrary code via a crafted environment."

(From OE-Core master rev: 798d833c9d4bd9ab287fa86b85b4d5f128170ed3)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
lsbtest: fix comparison bashism 2014-03-13T22:38:02+00:00 Stefan Stanacar stefanx.stanacar@intel.com 2014-03-12T18:59:28+00:00 9981f760ac890d01a07db8faa24ceee2bea78b62 == is a bashism use = instead. (Based on OE-Core master rev: c90d1047c41148cbd57f26b5a34563346602a71b) Signed-off-by: Stefan Stanacar <stefanx.stanacar@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
== is a bashism use = instead.

(Based on OE-Core master rev: c90d1047c41148cbd57f26b5a34563346602a71b)

Signed-off-by: Stefan Stanacar <stefanx.stanacar@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>