[OE-core] [PATCH 00/13] Jethro-next pull request

akuster808 akuster808 at gmail.com
Fri Sep 23 17:23:10 UTC 2016 

Ping


On 09/18/2016 03:44 PM, Armin Kuster wrote:
> From: Armin Kuster <akuster at mvista.com>
>
> please consider these security and bug fixes for Jethro.
>
> My krogoth-next stagging branch has a complimentary set for the security fixes.
>
> http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=akuster/krogoth-next: 7a24bd8a38a2819965b8c1926d33042bd61d1f0b
>
> The following changes since commit 6b732a392289a7bb50b0e3716c066c62fa32a14d:
>
>    curl: security fix for CVE-2016-5420 (2016-09-02 08:48:20 +0100)
>
> are available in the git repository at:
>
>    git://git.openembedded.org/openembedded-core-contrib akuster/jethro-next
>    http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=akuster/jethro-next
>
> Armin Kuster (8):
>    openssl: Security fix CVE-2016-2177
>    openssl: Security fix CVE-2016-2178
>    bind: Security fix CVE-2016-2088
>    git: Security fix CVE-2016-2315 CVE-2016-2324
>    openssh: Security fix CVE-2016-6210
>    openssh: Security fix CVE-2016-5615
>    openssh: Security fix CVE-2015-8325
>    wget: Security fix CVE-2016-4971
>
> Ismo Puustinen (1):
>    libpcre: Fix CVE-2016-3191
>
> Ross Burton (1):
>    openssl: add a patch to fix parallel builds
>
> Yi Zhao (3):
>    tiff: Security fix CVE-2016-3186
>    tiff: Security fix CVE-2016-5321
>    tiff: Security fix CVE-2016-5323
>
>   .../bind/bind/CVE-2016-2088.patch                  | 216 ++++++++++++++
>   meta/recipes-connectivity/bind/bind_9.10.2-P4.bb   |   1 +
>   .../openssh/openssh/CVE-2015-8325.patch            |  33 +++
>   .../openssh/openssh/CVE-2016-6210.patch            | 114 +++++++
>   .../openssh/openssh/CVE-2016-6210_p2.patch         | 110 +++++++
>   .../openssh/openssh/CVE-2016-6210_p3.patch         |  62 ++++
>   .../openssh/openssh/CVE-2016-6515.patch            |  54 ++++
>   meta/recipes-connectivity/openssh/openssh_7.1p2.bb |   5 +
>   .../openssl/openssl/CVE-2016-2177.patch            | 286 ++++++++++++++++++
>   .../openssl/openssl/CVE-2016-2178.patch            |  51 ++++
>   .../openssl/openssl/parallel.patch                 | 326 +++++++++++++++++++++
>   .../recipes-connectivity/openssl/openssl_1.0.2h.bb |   3 +
>   .../git/git-2.5.0/CVE-2016-2315_2324.patch         | 307 +++++++++++++++++++
>   .../git/git-2.5.0/CVE-2016-2315_p1.patch           | 115 ++++++++
>   .../git/git-2.5.0/CVE-2016-2315_p2.patch           |  89 ++++++
>   .../git/git-2.5.0/CVE-2016-2315_p3.patch           | 160 ++++++++++
>   .../git/git-2.5.0/CVE-2016-2315_p4.patch           | 237 +++++++++++++++
>   meta/recipes-devtools/git/git_2.5.0.bb             |   5 +
>   .../recipes-extended/wget/wget/CVE-2016-4971.patch | 294 +++++++++++++++++++
>   ...mping-and-continue-behaviour-with-ftp-pro.patch | 108 +++++++
>   meta/recipes-extended/wget/wget_1.16.3.bb          |   2 +
>   .../libtiff/files/CVE-2016-3186.patch              |  24 ++
>   .../libtiff/files/CVE-2016-5321.patch              |  45 +++
>   .../libtiff/files/CVE-2016-5323.patch              | 103 +++++++
>   meta/recipes-multimedia/libtiff/tiff_4.0.4.bb      |   3 +
>   .../libpcre/libpcre/CVE-2016-3191.patch            | 174 +++++++++++
>   meta/recipes-support/libpcre/libpcre_8.38.bb       |   1 +
>   27 files changed, 2928 insertions(+)
>   create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch
>   create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2015-8325.patch
>   create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2016-6210.patch
>   create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2016-6210_p2.patch
>   create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2016-6210_p3.patch
>   create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2016-6515.patch
>   create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch
>   create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch
>   create mode 100644 meta/recipes-connectivity/openssl/openssl/parallel.patch
>   create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch
>   create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p1.patch
>   create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p2.patch
>   create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch
>   create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p4.patch
>   create mode 100644 meta/recipes-extended/wget/wget/CVE-2016-4971.patch
>   create mode 100644 meta/recipes-extended/wget/wget/Fix-timestamping-and-continue-behaviour-with-ftp-pro.patch
>   create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch
>   create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch
>   create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch
>   create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch
>

More information about the Openembedded-core mailing list