[OE-core] [PATCH 00/20] Dizzy-next pull request 2016-1

Martin Jansa martin.jansa at gmail.com
Sat Jan 30 09:08:46 UTC 2016 

> that was a patch from the patch queue and affect glibc below 2.21 so

glibc/wscanf: CVE-2015-1472

looks like better subject

> Dizzy 1.7.4 is  not planned yet.

I don't care about point releases, I care only about contents of release
branch, can it be merged to dizzy branch?


On Sat, Jan 30, 2016 at 3:44 AM, akuster808 <akuster808 at gmail.com> wrote:

> On 1/27/16 3:33 AM, Martin Jansa wrote:
> > On Thu, Jan 21, 2016 at 12:57:52PM +0100, Martin Jansa wrote:
> >> On Sat, Jan 09, 2016 at 04:30:26PM -0800, Armin Kuster wrote:
> >>> Please consider these changes for dizzy-next community support.
> >>>
> >>> The following changes since commit
> 6d34267e0a13e10ab91b60590b27a2b5ba3b7da6:
> >>>
> >>>   documentation: Changed some 'intro' tags to resolve multiple
> mega-manual warnings. (2015-11-18 16:44:05 +0000)
> >>>
> >>> are available in the git repository at:
> >>>
> >>>   git://git.yoctoproject.org/poky-contrib akuster/dizzy-next
> >>>   http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy-next
> >> This is for oe-core, right? So it shouldn't be in poky-contrib and the
> >> http link doesn't work, it should be:
> >>
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/dizzy-next
>
> no. this should be for oe core.
> >>
> >>> Armin Kuster (2):
> >>>   openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565
> >>>   Fixes a heap buffer overflow in glibc wscanf.
> >> What is this 2nd patch? It doesn't follow commit summary convention and
> >> I don't see it in master (at least not with this subject)
> >>
> http://git.yoctoproject.org/cgit.cgi/poky-contrib/commit/?h=akuster/dizzy-next&id=4807ff0ca0abf085e6b81257534a4a62fde88d16
>
>
> >> Other changes look good to me.
>
> that was a patch from the patch queue and affect glibc below 2.21 so
> Master, Jethro nor fido are  affected.
>
> http://patches.openembedded.org/patch/109797/
> > ping?
>
> Dizzy 1.7.4 is  not planned yet.
>
> - armin
> >
> >>> Belal, Awais (1):
> >>>   grub2: Fix CVE-2015-8370
> >>>
> >>> Chen Qi (1):
> >>>   image.bbclass: don't let do_rootfs depend on BUILDNAME
> >>>
> >>> Martin Jansa (3):
> >>>   fontcache: allow to pass extra parameters and environment to fc-cache
> >>>   texinfo: don't create dependency on INHERIT variable
> >>>   linux-dtb.inc: drop unused DTB_NAME variable from do_install
> >>>
> >>> Mike Crowe (1):
> >>>   allarch: Force TARGET_*FLAGS variable values
> >>>
> >>> Richard Purdie (2):
> >>>   layer.conf: Add several allarch dependency exclusions
> >>>   layer.conf: Add missing dependency for allarch package
> >>>     initramfs-framework
> >>>
> >>> Sergiy Kibrik (1):
> >>>   rsync: backport libattr checking patch
> >>>
> >>> Sona Sarmadi (7):
> >>>   libtasn1: CVE-2015-3622
> >>>   grep2.19: CVE-2015-1345
> >>>   libxml2: CVE-2015-7942
> >>>   libxml2: CVE-2015-8035
> >>>   openssl: CVE-2015-3194, CVE-2015-3195
> >>>   libxml2: CVE-2015-8241
> >>>   bind: CVE-2015-8000
> >>>
> >>> Tudor Florea (2):
> >>>   glibc: use patch for CVE-2015-1781
> >>>   unzip: CVE-2015-7696, CVE-2015-7697
> >>>
> >>>  meta/classes/allarch.bbclass                       |   4 +
> >>>  meta/classes/fontcache.bbclass                     |  19 +-
> >>>  meta/classes/image.bbclass                         |   2 +-
> >>>  meta/conf/layer.conf                               |  11 ++
> >>>  ...E-2015-8370-Grub2-user-pass-vulnerability.patch |  50 ++++++
> >>>  meta/recipes-bsp/grub/grub-efi_2.00.bb             |   1 +
> >>>  meta/recipes-bsp/grub/grub_2.00.bb                 |   1 +
> >>>  .../bind/bind/CVE-2015-8000.patch                  | 194
> +++++++++++++++++++++
> >>>  meta/recipes-connectivity/bind/bind_9.9.5.bb       |   1 +
> >>>  .../openssh/openssh/CVE-2015-6563.patch            |  36 ++++
> >>>  .../openssh/openssh/CVE-2015-6564.patch            |  34 ++++
> >>>  .../openssh/openssh/CVE-2015-6565.patch            |  35 ++++
> >>>  meta/recipes-connectivity/openssh/openssh_6.6p1.bb |   5 +-
> >>>  .../CVE-2015-3194-Add-PSS-parameter-check.patch    |  37 ++++
> >>>  ...CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch |  61 +++++++
> >>>  .../recipes-connectivity/openssl/openssl_1.0.1p.bb |   2 +
> >>>  ...5-1472-wscanf-allocates-too-little-memory.patch | 108 ++++++++++++
> >>>  meta/recipes-core/glibc/glibc_2.20.bb              |   5 +-
> >>>  meta/recipes-core/libxml/libxml2.inc               |   3 +
> >>>  .../libxml/libxml2/CVE-2015-7942.patch             |  58 ++++++
> >>>  .../libxml/libxml2/CVE-2015-8035.patch             |  35 ++++
> >>>  .../libxml/libxml2/CVE-2015-8241.patch             |  41 +++++
> >>>  .../rsync/files/check_libattr.patch                |  33 ++++
> >>>  meta/recipes-devtools/rsync/rsync_3.1.0.bb         |   3 +-
> >>>  .../grep/grep-2.19/grep2.19-CVE-2015-1345.patch    | 129
> ++++++++++++++
> >>>  meta/recipes-extended/grep/grep_2.19.bb            |   4 +-
> >>>  meta/recipes-extended/texinfo/texinfo_5.2.bb       |   2 +-
> >>>  .../unzip/unzip/CVE-2015-7696.patch                |  38 ++++
> >>>  .../unzip/unzip/CVE-2015-7697.patch                |  31 ++++
> >>>  meta/recipes-extended/unzip/unzip_6.0.bb           |   2 +
> >>>  meta/recipes-kernel/linux/linux-dtb.inc            |   1 -
> >>>  .../gnutls/libtasn1/libtasn1-CVE-2015-3622.patch   |  44 +++++
> >>>  meta/recipes-support/gnutls/libtasn1_4.0.bb        |   1 +
> >>>  scripts/postinst-intercepts/update_font_cache      |   4 +-
> >>>  34 files changed, 1020 insertions(+), 15 deletions(-)
> >>>  create mode 100644
> meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
> >>>  create mode 100644
> meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch
> >>>  create mode 100644
> meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
> >>>  create mode 100644
> meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch
> >>>  create mode 100644
> meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch
> >>>  create mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch
> >>>  create mode 100644
> meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
> >>>  create mode 100644
> meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch
> >>>  create mode 100644
> meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
> >>>  create mode 100644
> meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
> >>>  create mode 100644
> meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch
> >>>  create mode 100644
> meta/recipes-devtools/rsync/files/check_libattr.patch
> >>>  create mode 100644
> meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch
> >>>  create mode 100644
> meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
> >>>  create mode 100644
> meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
> >>>  create mode 100644
> meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
> >>>
> >>> --
> >>> 1.9.1
> >>>
> >>> --
> >>> _______________________________________________
> >>> Openembedded-core mailing list
> >>> Openembedded-core at lists.openembedded.org
> >>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
> >> --
> >> Martin 'JaMa' Jansa     jabber: Martin.Jansa at gmail.com
> >
> >
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20160130/b11a7065/attachment-0002.html>

More information about the Openembedded-core mailing list