From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH 00/25] Dizzy next for .3
Date: Sat, 18 Jul 2015 08:16:07 -0700 [thread overview]
Message-ID: <cover.1437232180.git.akuster808@gmail.com> (raw)
Please consider these for the 1.7.3 release
The following changes since commit 5f0d25152bac2d3798663a4ebfdd2df24060f153:
openssl: upgrade to 1.0.1p (2015-07-15 15:25:43 +0100)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/dizzy-next
http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy-nex
Andre McCurdy (1):
mesa: update --with-llvm-shared-libs configure option
Armin Kuster (3):
tzcode: update to 2015d
tzdata: update to 2015d
curl: add a few missing security fixes
Cristian Iorga (1):
neard: fix the install path in init scripts
Haris Okanovic (1):
glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow
Jonathan Liu (1):
qt4: add patch for BMP denial-of-service vulnerability
Jussi Kukkonen (1):
dbus: CVE-2015-0245: prevent forged ActivationFailure
Kai Kang (2):
qemu: fix CVE-2015-3456
gpgme: fix CVE-2014-3564
Leonardo Sandoval (2):
rpm: Fix CVE-2014-8118
rpm: Fix CVE-2013-6435
Martin Jansa (3):
squashfs-tools: build and install unsquashfs as well
e2fsprogs: install populate-extfs.sh
test-dependencies.sh: strip only .bb suffix
Maxin B. John (1):
curl: several security fixes
Ng Wei Tee (1):
linux-firmware: Package Marvell pci8897 and usb8897 firmware
Robert Yang (2):
perf: add LIBNUMA_DEFINES
license.bbclass: set dirs for do_populate_lic_setscene
Roy Li (4):
ppp: Security Advisory - CVE-2015-3310
unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315
unzip: fix four CVE defects
unzip: drop 12-cve-2014-9636-test-compr-eb.patch
Yue Tao (2):
libsndfile: Security Advisory - libsndfile - CVE-2014-9496
libxml2: Security Advisory - libxml2 - CVE-2015-1819
meta/classes/license.bbclass | 2 +
meta/recipes-connectivity/neard/neard.inc | 2 +-
.../ppp/ppp/fix-CVE-2015-3310.patch | 29 ++
meta/recipes-connectivity/ppp/ppp_2.4.6.bb | 1 +
meta/recipes-core/dbus/dbus.inc | 1 +
...015-0245-prevent-forged-ActivationFailure.patch | 48 +++
...81-resolv-nss_dns-dns-host.c-buffer-overf.patch | 43 +++
meta/recipes-core/glibc/glibc_2.20.bb | 3 +
meta/recipes-core/libxml/libxml2.inc | 1 +
...19-Enforce-the-reader-to-run-in-constant-.patch | 181 +++++++++
.../recipes-devtools/e2fsprogs/e2fsprogs_1.42.9.bb | 2 +
.../qemu/qemu/qemu-CVE-2015-3456.patch | 92 +++++
meta/recipes-devtools/qemu/qemu_2.1.0.bb | 1 +
.../rpm/rpm/rpm-CVE-2013-6435.patch | 109 ++++++
.../rpm/rpm/rpm-CVE-2014-8118.patch | 43 +++
meta/recipes-devtools/rpm/rpm_4.11.2.bb | 2 +
.../squashfs-tools/squashfs-tools_4.3.bb | 3 +-
.../recipes-extended/tzcode/tzcode-native_2015d.bb | 11 +
meta/recipes-extended/tzdata/tzdata_2015d.bb | 6 +
.../06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch | 402 ++++++++++++++++++++
.../unzip/09-cve-2014-8139-crc-overflow.patch | 52 +++
.../unzip/10-cve-2014-8140-test-compr-eb.patch | 33 ++
.../unzip/11-cve-2014-8141-getzip64data.patch | 144 +++++++
.../unzip/unzip/unzip-6.0_overflow3.diff | 45 +++
meta/recipes-extended/unzip/unzip_6.0.bb | 8 +-
meta/recipes-graphics/mesa/mesa.inc | 2 +-
.../linux-firmware/linux-firmware_git.bb | 19 +-
meta/recipes-kernel/perf/perf.bb | 4 +-
...src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch | 211 +++++++++++
...c-Fix-two-potential-buffer-read-overflows.patch | 49 +++
.../libsndfile/libsndfile1_1.0.25.bb | 5 +-
meta/recipes-qt/qt4/qt4-4.8.6.inc | 1 +
...ion-by-zero-when-processing-malformed-BMP.patch | 44 +++
meta/recipes-support/curl/curl/CVE-2014-3707.patch | 416 +++++++++++++++++++++
meta/recipes-support/curl/curl/CVE-2014-8150.patch | 29 ++
meta/recipes-support/curl/curl/CVE-2015-3143.patch | 38 ++
meta/recipes-support/curl/curl/CVE-2015-3144.patch | 45 +++
meta/recipes-support/curl/curl/CVE-2015-3145.patch | 70 ++++
meta/recipes-support/curl/curl/CVE-2015-3153.patch | 90 +++++
meta/recipes-support/curl/curl_7.37.1.bb | 6 +
.../gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch | 56 +++
meta/recipes-support/gpgme/gpgme_1.4.3.bb | 4 +-
scripts/test-dependencies.sh | 4 +-
43 files changed, 2345 insertions(+), 12 deletions(-)
create mode 100644 meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch
create mode 100644 meta/recipes-core/dbus/dbus/CVE-2015-0245-prevent-forged-ActivationFailure.patch
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch
create mode 100644 meta/recipes-core/libxml/libxml2/0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/qemu-CVE-2015-3456.patch
create mode 100644 meta/recipes-devtools/rpm/rpm/rpm-CVE-2013-6435.patch
create mode 100644 meta/recipes-devtools/rpm/rpm/rpm-CVE-2014-8118.patch
create mode 100644 meta/recipes-extended/tzcode/tzcode-native_2015d.bb
create mode 100644 meta/recipes-extended/tzdata/tzdata_2015d.bb
create mode 100644 meta/recipes-extended/unzip/unzip/06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch
create mode 100644 meta/recipes-extended/unzip/unzip/09-cve-2014-8139-crc-overflow.patch
create mode 100644 meta/recipes-extended/unzip/unzip/10-cve-2014-8140-test-compr-eb.patch
create mode 100644 meta/recipes-extended/unzip/unzip/11-cve-2014-8141-getzip64data.patch
create mode 100644 meta/recipes-extended/unzip/unzip/unzip-6.0_overflow3.diff
create mode 100644 meta/recipes-multimedia/libsndfile/files/0001-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
create mode 100644 meta/recipes-multimedia/libsndfile/files/0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
create mode 100644 meta/recipes-qt/qt4/qt4-4.8.6/0034-Fix-a-division-by-zero-when-processing-malformed-BMP.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2014-3707.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2014-8150.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2015-3143.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2015-3144.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2015-3145.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2015-3153.patch
create mode 100644 meta/recipes-support/gpgme/gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch
--
1.9.1
next reply other threads:[~2015-07-18 15:16 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-07-18 15:16 Armin Kuster [this message]
2015-07-18 15:16 ` [PATCH 01/25] neard: fix the install path in init scripts Armin Kuster
2015-07-18 15:16 ` [PATCH 02/25] tzcode: update to 2015d Armin Kuster
2015-07-18 15:16 ` [PATCH 03/25] tzdata: " Armin Kuster
2015-07-18 15:16 ` [PATCH 04/25] curl: several security fixes Armin Kuster
2015-07-18 15:16 ` [PATCH 05/25] curl: add a few missing " Armin Kuster
2015-07-18 15:16 ` [PATCH 06/25] squashfs-tools: build and install unsquashfs as well Armin Kuster
2015-07-18 15:16 ` [PATCH 07/25] perf: add LIBNUMA_DEFINES Armin Kuster
2015-07-18 15:16 ` [PATCH 08/25] license.bbclass: set dirs for do_populate_lic_setscene Armin Kuster
2015-07-18 15:16 ` [PATCH 09/25] libsndfile: Security Advisory - libsndfile - CVE-2014-9496 Armin Kuster
2015-07-18 15:16 ` [PATCH 10/25] qt4: add patch for BMP denial-of-service vulnerability Armin Kuster
2015-07-18 15:16 ` [PATCH 11/25] ppp: Security Advisory - CVE-2015-3310 Armin Kuster
2015-07-18 15:16 ` [PATCH 12/25] qemu: fix CVE-2015-3456 Armin Kuster
2015-07-18 15:16 ` [PATCH 13/25] glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow Armin Kuster
2015-07-18 15:16 ` [PATCH 14/25] gpgme: fix CVE-2014-3564 Armin Kuster
2015-07-18 15:16 ` [PATCH 15/25] e2fsprogs: install populate-extfs.sh Armin Kuster
2015-07-18 15:16 ` [PATCH 16/25] mesa: update --with-llvm-shared-libs configure option Armin Kuster
2015-07-18 15:16 ` [PATCH 17/25] test-dependencies.sh: strip only .bb suffix Armin Kuster
2015-07-18 15:16 ` [PATCH 18/25] unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315 Armin Kuster
2015-07-18 15:16 ` [PATCH 19/25] unzip: fix four CVE defects Armin Kuster
2015-07-18 15:16 ` [PATCH 20/25] dbus: CVE-2015-0245: prevent forged ActivationFailure Armin Kuster
2015-07-18 15:16 ` [PATCH 21/25] linux-firmware: Package Marvell pci8897 and usb8897 firmware Armin Kuster
2015-07-18 15:16 ` [PATCH 22/25] unzip: drop 12-cve-2014-9636-test-compr-eb.patch Armin Kuster
2015-07-18 15:16 ` [PATCH 23/25] rpm: Fix CVE-2014-8118 Armin Kuster
2015-07-18 15:16 ` [PATCH 24/25] rpm: Fix CVE-2013-6435 Armin Kuster
2015-07-18 15:16 ` [PATCH 25/25] libxml2: Security Advisory - libxml2 - CVE-2015-1819 Armin Kuster
2015-07-24 7:34 ` [PATCH 00/25] Dizzy next for .3 Richard Purdie
2015-07-25 5:28 ` akuster808
2015-07-25 23:27 ` Richard Purdie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1437232180.git.akuster808@gmail.com \
--to=akuster808@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox