mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-17 12:49:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,359 Commits 38 Branches 621 Tags
42eadd3dea15ef3e31df16f239a15d0bb4e50bba
Commit Graph

4383 Commits

Author SHA1 Message Date
Armin Kuster
b33d89d5ea Binutils: Security fix for CVE-2018-7642 
Affects: <= 2.30

(From OE-Core rev: a424ac771bfceed2cef4dad8c0fd698764bc62a6)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
bdb3981466 Binutils: Security fix for CVE-2018-7569 
Affects: <= 2.30

(From OE-Core rev: b99d1f2212ea73ddafd3fbf9426b37a04d89b809)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
3552c38b32 Binutils: Security fix for CVE-2018-7568 
Affects: <= 2.30

(From OE-Core rev: d407e48c7e925806e162bb91e9b14088acedb05c)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
1b709e6837 Binutils: Security fix for CVE-2018-7208 
Affects: <= 2.30

(From OE-Core rev: fc5adfb0af0cae0071c0136068f37fd35529fc7f)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
5281adb885 Binutils: Security fix for CVE-2018-6759 
Affects: <= 2.30

(From OE-Core rev: 7baa3e4c8e920caa09082f88e412687cc1590454)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
53df81889a Binutils: Security fix for CVE-2018-6323 
Affected: <= 2.29.1

(From OE-Core rev: 52a93bb4c5b5128ff3fa8be84c41309cfeff8224)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
1b202d632b Binutils: Security fix for CVE-2018-13033 
Affects: <= 2.30

(From OE-Core rev: 64afab325facc55f4a49247e4033b1d3c8b22b67)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
8eeacb689b Binutils: Security fix for CVE-2018-10535 
Affects: <= 2.30

(From OE-Core rev: 5fc41ff3341074497a1359969baf880d8035826b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
5a60b74887 Binutils: Security fix for CVE-2018-10534 
Affects: <= 2.30

(From OE-Core rev: 7934bbc460009f52824e142273f2ecce957fc123)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
711e5e7b08 Binutils: Security fix for CVE-2018-10373 
Affects: <= 2.30

(From OE-Core rev: bea11092ddf2e6778bd55af1f2044a9e9fa1383b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
2d7d54a5c5 Binutils: Security fix for CVE-2018-10372 
Affects: <= 2.30

(From OE-Core rev: 8d254fe04992aed29a2c8ecbf99e91d0167449ce)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
e82b9a5096 binutils: Security fix for CVE-2017-17123 
Affects: <= 2.29.1

(From OE-Core rev: 520bc451e7727568ec7457ace7b1281493f9cbdc)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
e1a49c7e83 binutls: Security fix for CVE-2017-17125 
Affects: <= 2.29.1

(From OE-Core rev: 7e5cf6ef776465101f18daf22f283c87423c7d20)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
e6fdc8959b binutls: Security fix for CVE-2017-17122 
Affects: <= 2.29.1

(From OE-Core rev: 86c54c4770ce207575e29c589732c74e68d9ff3c)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
4e970e6409 Binutils: Security fix for CVE-2017-17121 
Affects: <= 2.29.1

(From OE-Core rev: 942e7f65fd656f2cc526a3c99edcea60f341132c)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
ad4d04429a binutls: Security fix for CVE-2017-17080 
Affects: <= 2.29.1

(From OE-Core rev: 238a0a40a7835226dd25134e88f830683f60dac3)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
1abb9cc58e binutls: Security fix for CVE-2017-16832 
Affects: <= 2.29.1

(From OE-Core rev: ec8861a2f280a3210f9423fd1b687bca6340b8ca)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
d40d4bf86f binutls: Security fix for CVE-2017-16831 
Affects: <= 2.29.1

(From OE-Core rev: ab9e8161a3b89914d8664175a684675bc99d6f21)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
7d51055f44 binutls: Security fix for CVE-2017-16830 
Affects: <= 2.29.1

(From OE-Core rev: 29c6da2092599145e5a4f00ccc6029f31ec724da)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
2720b93220 binutls: Security fix for CVE-2017-16829 
Affects: <= 2.29.1

(From OE-Core rev: 7dc47bc3f3d66aea3b8bbc2fb6fb9bbb7d2dc0a0)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
3a47233ad7 binutls: Security fix for CVE-2017-16828 
Affects: <= 2.29.1

(From OE-Core rev: 98e5e27514a19d31038aec22408e27b84514c5b8)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
8073f5664b binutls: Security fix for CVE-2017-16827 
Affects: <= 2.29.1

(From OE-Core rev: 9fa2d818018420f3c9afc30012267e6a46fe1d09)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
aa7d33713c binutls: Security fix for CVE-2017-16826 
Affects: <= 2.29.1

(From OE-Core rev: acac226dd46a0e27da51db75197f57dd45254502)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
d85be1b736 binutls: Security fix for CVE-2017-15996 
Affects: <= 2.29.1

(From OE-Core rev: ee5ad659a9f2ea1714e3ae51ca1948f165fb21d3)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
f0be43144f binutls: Security fix for CVE-2017-15939 
affects: <= 2.29.1

(From OE-Core rev: dec0162e16040aa00c5fff3e5cfde1b488af3e55)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
e4c382ecc6 binutls: Security fix for CVE-2017-15225 
Affects: <= 2.29.1

(From OE-Core rev: 885e991934e5e20ac69551e73da9d3219eb4c24e)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
09d31d0806 binutls: Security fix for CVE-2017-15025 
Affects: <= 2.29.1

(From OE-Core rev: b3cc9eedf3a64d4c0914b2eaf204fe38a864d238)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
8011a1aed9 binutls: Security fix for CVE-2017-15024 
Affects: <= 2.29.1

(From OE-Core rev: 349b3cfb39c76304e351481899de9f72e4f1295b)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
9e7dc232e7 binutls: Security fix for CVE-2017-15023 
affects: <= 2.29.1

(From OE-Core rev: 755fd4e68af4cdafc482c02b7822cc06215da4fb)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
00a04d8d8b binutls: Security fix for CVE-2017-15022 
Affected: <= 2.29.1

(From OE-Core rev: c19aa7eafd38639095b415efc16dba3777507d70)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
fb5416e874 binutls: Security fix for CVE-2017-15021 
Affects: <= 2.29.1

(From OE-Core rev: 65411acb41a2461aab2904fea2d348d2a06e48e0)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
bc0ca9fb89 binutils: Security fix for CVE-2017-14940 
Affects: <= 2.29.1

(From OE-Core rev: 59deda9b709640030bc0199e34e39fa07cfcca69)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
bc5c5f19b6 binutls: Security fix for CVE-2017-14939 
Affects: <= 2.29.1

(From OE-Core rev: 03fb0028d76d18bac48b333f743ce27e21324d59)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
b38088da6a binutls: Security fix for CVE-2017-14938 
Affects: <= 2.29.1

(From OE-Core rev: 45de3690367c8e0adf443a2f2630ecf8791789d6)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
6e01f78994 binutls: Security fix CVE-2017-14934 
Affects: <= 2.29.1

(From OE-Core rev: b7715d4782cf956c198eaa6b43a6bf11fe8ece7c)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:45 +01:00
Armin Kuster
9be7b4f3db binutls: Security fix CVE-2017-14933 
Affects: <= 2.29.1

(From OE-Core rev: 16cdbc7504cc14547bb99ed742484ae9e658ec6e)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Armin Kuster
4ad8bd4a60 binutls: Security fix CVE-2017-14932 
(From OE-Core rev: 56d6acf145cc7550377588ca3c654d6f86143dfe)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Armin Kuster
701eecc7d3 binutils: Secuirty fix CVE-2017-14930 
affects <= 2.29.1

(From OE-Core rev: 47c3add5dcc7a29d4647da2c0ad86d756323aa8f)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Armin Kuster
1ce31b2a81 binutils: Security fix CVE-2017-12967 
affects: <= 2.29.1

[v2]
Fix patch header typo
Rename 2017-12967 to 2017-17124

(From OE-Core rev: 732f051ff9b0103774d670d8c4971315cbb83a68)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Armin Kuster
407c64a876 binutils: Update to tip of 2.29 branch 
mostly bug fixes

(From OE-Core rev: dc9b9d2e1fc8353d187a14deee576fcda52442c2)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-08-15 10:22:44 +01:00
Ross Burton
fc34a24e48 chrpath: Alioth is dead, use DEBIAN_MIRROR 
The previous host of chrpath, Alioth, is dead.  chrpath hasn't yet moved to
Salsa, so download the tarball from the Debian mirrors.

(From OE-Core rev: a8a2c5ec891286a1e7fd5ebdd33565f9ae3965c2)

(From OE-Core rev: 8310ff1730a1d814f63de5e313605b0094c7931c)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-07-19 10:54:55 +01:00
Juro Bystricky
f4372765f3 distcc-doc_3.2: improve reproducibility 
Remove timestamps from metadata of gzip compressed files.

(From OE-Core rev: 8d009dd8c3c56601905a156cb06f339dd4a298e6)

(From OE-Core rev: 6c20c550a82aed9e8fa312f09888c8f16250159c)

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-06-15 17:56:52 +01:00
Hongxu Jia
fe958e8864 perl: fix CVE-2017-12837 
https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5

(From OE-Core rev: bd53256e165f5bb59a28d77a466d71fce39080fa)

(From OE-Core rev: d3a785ea11caffe2537fd83f2b9d13f1b64adab9)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-06-15 17:56:52 +01:00
Armin Kuster
3befe6d7b7 ruby: Update to 2.4.4 
The dot releases are maint only.

2.4.4 included:
CVE-2017-17742: HTTP response splitting in WEBrick
CVE-2018-6914: Unintentional file and directory creation with directory traversal in tempfile and tmpdir
CVE-2018-8777: DoS by large request in WEBrick
CVE-2018-8778: Buffer under-read in String#unpack
CVE-2018-8779: Unintentional socket creation by poisoned NUL byte in UNIXServer and UNIXSocket
CVE-2018-8780: Unintentional directory traversal by poisoned NUL byte in Dir

2.4.3 includes:
CVE-2017-17405: Command injection vulnerability in Net::FTP

(From OE-Core rev: 7003a36ef3f686af97798ff6f4bc7b3473f937de)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-07 15:57:37 +01:00
Andre McCurdy
41943e4fba ruby: fix typo in gmp PACKAGECONFIG option 
(From OE-Core rev: 9fb931b69ece7f8a644f9e25600bcbbc9266a761)

(From OE-Core rev: 02fe324eb6913b27961e8e30c5510c89733dd011)

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-07 15:57:37 +01:00
Ross Burton
f75993bc22 ruby: remove spurious db build dependency 
The dbm module uses gdbm by default which is also a build dependency.

(From OE-Core rev: 79121ff54420e5cc331552ca5620aed81a36aac9)

(From OE-Core rev: f18fe9f116bd6697ded5d93eeccdfea7c3215d7b)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-07 15:57:37 +01:00
Leonardo Sandoval
d9a5006a73 ruby: upgrade to 2.4.2 
The CVE-2017-14064 patch is already at 2.4.2 as explained on
project's commit, so removing from the recipe & repo.

    commit 83735ba29a0bfdaffa8e9c2a1dc025c3b0b63153
    Author: hsbt <hsbt@b2dd03c8-39d4-4d8f-98ff-823fe69b080e>
    Date:   Wed Apr 12 00:21:18 2017 +0000

        Merge json-2.0.4.

          * https://github.com/flori/json/releases/tag/v2.0.4
          * 09fabeb03e/CHANGES.md (2017-03-23-204)

        git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@58323 b2dd03c8-39d4-4d8f-98ff-823fe69b080e

(From OE-Core rev: 6e37a88af155d5e5453fb0f44bb11d6f8e406438)

(From OE-Core rev: 59fed1c288bc8d5549fffccedcc24ae9f4f32dac)

Signed-off-by: Leonardo Sandoval <leonardo.sandoval.gonzalez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-07 15:57:37 +01:00
Armin Kuster
701cc0009f perl: Security fix CVE-2017-12883 
Affects: Perl  < 5.24.3-rc1 and  5.26.x before 5.26.1-RC1

(From OE-Core rev: d20917f3ce9ac45fb9562d1cabf7ddc212b1d07a)

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:49 +01:00
Charles-Antoine Couret
0d0ca4211e perl: add patch to solve libcrypt incompatibility 
Add Perl's patch submitted to upstream to be compiled along with glibc with libcrypt split.

(From OE-Core rev: 79703d83790a2973fefdb0e12e125b5f17e98cdf)

(From OE-Core rev: 53eef48621b19a1b88c042f9ee5eeb84d9746c64)

Signed-off-by: Charles-Antoine Couret <charles-antoine.couret@essensium.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:49 +01:00
Yi Zhao
54b9f0da14 rsync: update to 3.1.3 
(From OE-Core rev: ded47001bec3fbbcbcdbe358a32c14ed0322d431)

Updating is safer than backporting the CVE fixes.
Included CVE:
CVE-2017-16548
CVE-2017-15994
CVE-2017-17434
CVE-2017-17434
CVE-2018-5764

plus many bugfixes

(From OE-Core rev: 3f244c68defd45d89107ff58a95c8d4462faeaed)

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2018-05-03 09:53:49 +01:00