- 09 Feb, 2018 5 commits
-
-
Armin Kuster authored
Includes: wnpa-sec-2018-01, Multiple dissectors could crash. (Bug 14253) CVE-2018-5336 wnpa-sec-2018-02, The MRDISC dissector could crash. (Bug 14299, Bug 13707) CVE-2017-17997 wnpa-sec-2018-03, The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334 wnpa-sec-2018-04, The WCP dissector could crash. (Bug 14251) CVE-2018-5335 Full release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Signed-off-by:
Armin Kuster <akuster808@gmail.com>
-
Armin Kuster authored
changed --with-ssh to --with-libssh=DIR includes: wnpa-sec-2017-47 : CVE-2017-17084 The IWARP_MPA dissector could crash. (Bug 14236) wnpa-sec-2017-48 : CVE-2017-17083 The NetBIOS dissector could crash. (Bug 14249) wnpa-sec-2017-49 : CVE-2017-17085 The CIP Safety dissector could crash. (Bug 14250) release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.11.html Signed-off-by:Armin Kuster <akuster@mvista.com> Signed-off-by:
Joe MacDonald <joe_macdonald@mentor.com> Signed-off-by:
-
Armin Kuster authored
The following vulnerabilities have been fixed: * [1]wnpa-sec-2017-42 BT ATT dissector crash ([2]Bug 14049) [3]CVE-2017-15192 * [4]wnpa-sec-2017-43 MBIM dissector crash ([5]Bug 14056) [6]CVE-2017-15193 * [7]wnpa-sec-2017-44 DMP dissector crash ([8]Bug 14068) [9]CVE-2017-15191 Signed-off-by:Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by:
-
Andre McCurdy authored
Versions 2.16 to 2.69 have now also moved into the archives folder. Signed-off-by:
Andre McCurdy <armccurdy@gmail.com> Signed-off-by:
-
Paul Eggleton authored
This update fixes a number of bugs including the following vulnerabilities: CVE-2017-13704 CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 Further details can be found in the changelog here: http://www.thekelleys.org.uk/dnsmasq/CHANGELOG Signed-off-by:
Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by:
-
- 28 Oct, 2017 1 commit
-
-
Ismo Puustinen authored
The newly split "libopencv-ts" package is empty (and thus not created), because all ts files are installed in the development package. So, do not add a runtime dependency to libopencv-ts. Signed-off-by:
Ismo Puustinen <ismo.puustinen@intel.com> Signed-off-by:
-
- 16 Oct, 2017 2 commits
-
-
Philip Balister authored
* Needed for PyQt-5.8.2, a recipe I am looking at again. Signed-off-by:
Philip Balister <philip@balister.org> Signed-off-by:
-
Mark Hatle authored
Note, hostapd and wpa_supplicant use the same sources. This commit is based on Ross Burton's change to OpenEmbedded-core. Below is Ross's commit message from OpenEmbedded-Core. WPA2 is vulnerable to replay attacks which result in unauthenticated users having access to the network. * CVE-2017-13077: reinstallation of the pairwise key in the Four-way handshake * CVE-2017-13078: reinstallation of the group key in the Four-way handshake * CVE-2017-13079: reinstallation of the integrity group key in the Four-way handshake * CVE-2017-13080: reinstallation of the group key in the Group Key handshake * CVE-2017-13081: reinstallation of the integrity group key in the Group Key handshake * CVE-2017-13082: accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it * CVE-2017-13086: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake * CVE-2017-13087: reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame * CVE-2017-13088: reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame Backport patches from upstream to resolve these CVEs. Signed-off-by:Ross Burton <ross.burton@intel.com> The hunk: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending request does not apply to hostapd and was removed from the patch. Signed-off-by:
Mark Hatle <mark.hatle@windriver.com> Signed-off-by:
-
- 18 Sep, 2017 4 commits
-
-
Armin Kuster authored
Change LIC_FILES_CHKSUM from README.linux to COPYING as COPYING contains the license info 2.2.9 security fixes: wnpa-sec-2017-38 MSDP dissector infinite loop (Bug 13933) CVE-2017-13767 wnpa-sec-2017-39 Profinet I/O buffer overrun (Bug 13847) CVE-2017-13766 wnpa-sec-2017-41 IrCOMM dissector buffer overrun (Bug 13929) CVE-2017-13765 Signed-off-by: -
Kai Kang authored
Signed-off-by:
Kai Kang <kai.kang@windriver.com> Signed-off-by:
-
Wenzong Fan authored
Refer to http://www.tcpdump.org/tcpdump-changes.txt : Fix buffer overflow vulnerabilities: CVE-2017-11543 (SLIP) CVE-2017-13011 (bittok2str_internal) Fix infinite loop vulnerabilities: CVE-2017-12989 (RESP) CVE-2017-12990 (ISAKMP) CVE-2017-12995 (DNS) CVE-2017-12997 (LLDP) Fix buffer over-read vulnerabilities: CVE-2017-11541 (safeputs) CVE-2017-11542 (PIMv1) CVE-2017-12893 (SMB/CIFS) CVE-2017-12894 (lookup_bytestring) CVE-2017-12895 (ICMP) CVE-2017-12896 (ISAKMP) CVE-2017-12897 (ISO CLNS) CVE-2017-12898 (NFS) CVE-2017-12899 (DECnet) CVE-2017-12900 (tok2strbuf) CVE-2017-12901 (EIGRP) CVE-2017-12902 (Zephyr) CVE-2017-12985 (IPv6) CVE-2017-12986 (IPv6 routing headers) CVE-2017-12987 (IEEE 802.11) CVE-2017-12988 (telnet) CVE-2017-12991 (BGP) CVE-2017-12992 (RIPng) CVE-2017-12993 (Juniper) CVE-2017-11542 (PIMv1) CVE-2017-11541 (safeputs) CVE-2017-12994 (BGP) CVE-2017-12996 (PIMv2) CVE-2017-12998 (ISO IS-IS) CVE-2017-12999 (ISO IS-IS) CVE-2017-13000 (IEEE 802.15.4) CVE-2017-13001 (NFS) CVE-2017-13002 (AODV) CVE-2017-13003 (LMP) CVE-2017-13004 (Juniper) CVE-2017-13005 (NFS) CVE-2017-13006 (L2TP) CVE-2017-13007 (Apple PKTAP) CVE-2017-13008 (IEEE 802.11) CVE-2017-13009 (IPv6 mobility) CVE-2017-13010 (BEEP) CVE-2017-13012 (ICMP) CVE-2017-13013 (ARP) CVE-2017-13014 (White Board) CVE-2017-13015 (EAP) CVE-2017-11543 (SLIP) CVE-2017-13016 (ISO ES-IS) CVE-2017-13017 (DHCPv6) CVE-2017-13018 (PGM) CVE-2017-13019 (PGM) CVE-2017-13020 (VTP) CVE-2017-13021 (ICMPv6) CVE-2017-13022 (IP) CVE-2017-13023 (IPv6 mobility) CVE-2017-13024 (IPv6 mobility) CVE-2017-13025 (IPv6 mobility) CVE-2017-13026 (ISO IS-IS) CVE-2017-13027 (LLDP) CVE-2017-13028 (BOOTP) CVE-2017-13029 (PPP) CVE-2017-13030 (PIM) CVE-2017-13031 (IPv6 fragmentation header) CVE-2017-13032 (RADIUS) CVE-2017-13033 (VTP) CVE-2017-13034 (PGM) CVE-2017-13035 (ISO IS-IS) CVE-2017-13036 (OSPFv3) CVE-2017-13037 (IP) CVE-2017-13038 (PPP) CVE-2017-13039 (ISAKMP) CVE-2017-13040 (MPTCP) CVE-2017-13041 (ICMPv6) CVE-2017-13042 (HNCP) CVE-2017-13043 (BGP) CVE-2017-13044 (HNCP) CVE-2017-13045 (VQP) CVE-2017-13046 (BGP) CVE-2017-13047 (ISO ES-IS) CVE-2017-13048 (RSVP) CVE-2017-13049 (Rx) CVE-2017-13050 (RPKI-Router) CVE-2017-13051 (RSVP) CVE-2017-13052 (CFM) CVE-2017-13053 (BGP) CVE-2017-13054 (LLDP) CVE-2017-13055 (ISO IS-IS) CVE-2017-13687 (Cisco HDLC) CVE-2017-13688 (OLSR) CVE-2017-13689 (IKEv1) CVE-2017-13690 (IKEv2) CVE-2017-13725 (IPv6 routing headers) Signed-off-by:
Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by:
-
Wenzong Fan authored
Summary for 4.9.1 tcpdump release CVE-2017-11108/Fix bounds checking for STP. Make assorted documentation updates and fix a few typos in tcpdump output. Fixup -C for file size >2GB (GH #488). Show AddressSanitizer presence in version output. Fix a bug in test scripts (exposed in GH #613). On FreeBSD adjust Capsicum capabilities for netmap. On Linux fix a use-after-free when the requested interface does not exist. Signed-off-by:
-
- 17 Sep, 2017 4 commits
-
-
Armin Kuster authored
/ld: error: pipeline.o: requires dynamic R_X86_64_PC32 reloc against '_ZTVN3tbb8pipelineE' which may overflow at runtime; recompile with -fPIC idea taken from Master Signed-off-by: -
Armin Kuster authored
repo moved and got renamed WARNING: synergy-1.7.3+1.7.4-rc8+AUTOINC+588fb4b805-r0 do_fetch: Failed to fetch URL git://github.com/synergy/synergy.git;protocol=http , attempting MIRRORS if available Signed-off-by: -
Khem Raj authored
Signed-off-by:
Khem Raj <raj.khem@gmail.com> Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
- 14 Sep, 2017 24 commits
-
-
Khem Raj authored
Regenerate configure before running oe_runconf Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Alejandro Mery authored
`inherit externalsrc gitver` is a very useful combo to get development trees in your workspace having a ${PN}_git.bb with PV=${GITVER} coexisting with a regular ${PN}_${PV}.bb but not everyone wants to checkout all developments sources and managinging different layers for each options is quite troublesome. making `gitver` skip the .bb instead of panic()ing every time EXTERNALSRC is missing allows people to have a single development layer where packages get enabled if the right sources are present or falling back to the last release if not Signed-off-by:Alejandro Mery <amery@hanoverdisplays.com> Signed-off-by:
-
Alejandro Mery authored
Signed-off-by:
-
Alejandro Mery authored
Signed-off-by:
-
Kai Kang authored
Backport patch to fix CVE-2017-11368 for krb5. Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Jackie Huang authored
* Replace ${systemd_unitdir}/system with ${systemd_system_unitdir} * Remove the upstar settings and don't install upstar config files * Add volatile for sysvinit and tmpfiles for systemd * Set the correct bash path for init scripts to avoid QA issue: | corosync-2.4.2: /usr/share/corosync/corosync contained in package corosync requires /tmp/hosttools/bash, but no providers found in RDEPENDS_corosync? [file-rdeps] * The systemd services are intalled properly by "make install", no need to install manually. Signed-off-by:Jackie Huang <jackie.huang@windriver.com> Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Signed-off-by:
-
Khem Raj authored
Fixes wrong perl interpreter getting into target perl scripts QA Issue: /usr/bin/bonobo-slay contained in package libbonobo-bin requires / mnt/a/oe/build/tmp/hosttools/perl Signed-off-by:
-
Ioan-Adrian Ratiu authored
LDFLAGS += "-pthread" adds the flag both for native and target builds, however the openldap-native build overwrites the variable inside native.bbclass causing "undefined reference to `pthread_getspecific'" and other linker errors. Change the append to happen after parsing by using the override syntax and thus make sure it executes after native.bbclass (bitbake -e reports pre-expansion value "${BUILD_LDFLAGS} -pthread"). Signed-off-by:Ioan-Adrian Ratiu <adrian.ratiu@ni.com> Signed-off-by:
-
Yi Zhao authored
CVE-2013-7459: Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. Reference: https://nvd.nist.gov/vuln/detail/CVE-2013-7459 Patch from: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 Signed-off-by:
Yi Zhao <yi.zhao@windriver.com> Signed-off-by:
-
Jackie Huang authored
* add runtime dependency on bash to fix QA issue: | ERROR: gflags-2.2.0-r0 do_package_qa: QA Issue: | /usr/bin/gflags_completions.sh contained in package | gflags-bash-completion requires /bin/bash, but | no providers found in RDEPENDS_gflags-bash-completion? [file-rdeps] Signed-off-by:
-
