| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
| |
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
| |
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
| |
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
| |
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
| |
The CVEs have been fixed in upstream poky/rocko.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
| |
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
| |
The patch is already included by upstream rocko branch.
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
| |
This allows running systemtap remotely using the crosstap script.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
| |
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
| |
Neither rsync not systemtap are debug tools, so they have no place in
this packagegroup.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
| |
This installs the kernel vmlinux image under /boot in both the rootfs
and SDK. This is used for kernel debugging and profiling.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
| |
This will in turn update the contents of enea-image-standard-sdk from
the Standard profile.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Directory Traversal Vulnerability
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-8283
http://www.securityfocus.com/bid/98064/info
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Read/write after SSL object in error state
References:
https://www.openssl.org/news/secadv/20171207.txt
https://nvd.nist.gov/vuln/detail/CVE-2017-3737
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
openssl: Malformed X.509 IPAdressFamily could cause OOB read
References:
https://www.openssl.org/news/secadv/20170828.txt
https://nvd.nist.gov/vuln/detail/CVE-2017-3735
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
| |
This patch removes the call to update-rc.d in order to fix the console login
issue for the Cavium board.
Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
FTP wildcard out of bounds read
References:
https://curl.haxx.se/docs/adv_2017-ae72.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
NTLM buffer overflow via integer overflow
References:
https://curl.haxx.se/docs/adv_2017-12e7.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
IMAP FETCH response out of bounds read
References:
https://curl.haxx.se/docs/adv_20171023.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000257
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
FTP PWD response parser out of bounds read
References:
https://curl.haxx.se/docs/adv_20171004.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000254
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The search utility of spp was incorrect and was returning files
that matched only a defined ktype.
This leads to the system potentially building the wrong BSP, and
not being able to report an error.
We fix the search to only return files that match both ktype and
kmachine, as well as return 0/1 for success/fail in the search.
Patch backported from yocto-kernel-tools master branch:
http://git.yoctoproject.org/cgit/cgit.cgi/yocto-kernel-tools/commit/?id=0571411cc033c11df7827508dd786876ce2f8c83
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Borg <martin.borg@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit d74d2d2928ef9d5cffab2c9c19b4b6d50532962c.
This is the distro name and version used for the upcoming EL7 release.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
| |
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
| |
The patch is already applied in upstream poky/pyro.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
| |
This patch has already been applied in upstream poky/pyro.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
| |
These CVEs have been fixed in upstream poky/pyro.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
| |
These have been fixed already in upstream poky/pyro.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
| |
Since we have multiple distributions now we need to have
a mirror for each distro name and distro version.
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When a board boots for the first time, it executes run-postinsts.service and
dpkg-configure.service. Since both services run dpkg --configure, it sometimes
results in locking up the login service.
This patch disables the execution of dpkg --configure from run-postinsts by
removing the deb keyword from the list of scanned packet types.
Signed-off-by: Gabriel Ionescu <gabriel.ionescu@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
| |
This reverts commit eb6fe9f31ec566dd16d1120e4ed6d91e43d77545.
This patch dinn't fix ther fetch issues, the only solution is to
establish our own source mirros.
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
| |
to allow some slow downloads to finish, like openjre.
Signed-off-by: Adrian Calianu <adrian.calianu@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Lack of free() here.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14495
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Invalid boundary checks here. Integer underflow leading to a huge memcpy.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14496
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Can help bypass ASLR.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14494
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Stack Based overflow.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14493
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Heap based overflow.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14492
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Heap based overflow (2 bytes). Before 2.76 and this commit overflow
was unrestricted.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14491
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
| |
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
refuse to load units with errors
If a unit has a statement such as User=0day where the username exists but is
strictly speaking invalid, the unit will be started as the root user instead.
Backport a patch from upstream to mitigate this by refusing to start units such
as this.
(From OE-Core rev: a6eaef0f179a341c0b96bb30aaec2d80862a11d6)
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000082
Backport from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=b7e7b5e294f944c27fb1d2be61c0cf38f6c81ba8
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes
a NULL pointer dereference and crash when reading crafted input that
triggers assignment of a NULL value within an asn1_node structure. It
may lead to a remote denial of service attack.
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-10790
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commit;
h=d8d805e1f2e6799bb2dff4871a8598dc83088a39
(From OE-Core rev: 6176151625c971de031e14c97601ffd75a29772f)
(From OE-Core rev: 649f78102222ec156d490968c13d3222379a1956)
Patch from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=
pyro&id=cb4fd41504826905455a34d3cb85e952f4ed4991
Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
| |
--write-out out of buffer read
Reference:
https://curl.haxx.se/docs/adv_20170403.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
| |
URL globbing out of bounds read
Reference:
https://curl.haxx.se/docs/adv_20170809A.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
| |
TFTP sends more than buffer size
Reference:
https://curl.haxx.se/docs/adv_20170809B.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Incorrect error handling causes assertion failure when using DNS64
with "break-dnssec yes;"
Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-3136
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
| |
Assertion failure when using DNS64 and RPZ Can Lead to Crash
Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=1420193
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Out-of-bounds read in htmlParseTryOrFinish
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872
Backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=pyro&id=d2b60efe20f4d9dce03f8f351715b103a85b7338
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
URL file scheme drive letter buffer overflow
References:
https://curl.haxx.se/docs/adv_20170614.html
https://curl.haxx.se/CVE-2017-9502.patch
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
TLS session resumption client cert bypass (again)
References:
https://curl.haxx.se/docs/adv_20170419.html
https://curl.haxx.se/CVE-2017-7468.patch
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
|
