diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2020-07-11 00:00:51 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2020-07-16 00:14:42 +0300 |
commit | 475cb72d2bb2f40ca5e9f4edba6d49d6c7afbd3e (patch) | |
tree | 740a5590a07ad7729fffb46400b4e431ffaf19bb /poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch | |
parent | 4a78d5543967f66f3de99b073aef2d95cf543be0 (diff) | |
download | openbmc-475cb72d2bb2f40ca5e9f4edba6d49d6c7afbd3e.tar.xz |
poky: subtree update:5951cbcabe..968fcf4989
Alejandro Hernandez (3):
baremetal-helloworld: Use do_image_complete instead of do_deploy
baremetal-image.bbclass: Create a class for baremetal applications or an RTOS
baremetal-helloworld: Use baremetal-image class to deploy the application
Alejandro del Castillo (2):
opkg-utils: upgrade to 0.4.3
opkg: upgrade to version 0.4.3
Alexander Kanavin (30):
dnf: upgrade 4.2.21 -> 4.2.23
meson: upgrade 0.54.2 -> 0.54.3
libdnf: update 0.47.0 -> 0.48.0
ffmpeg: disable altivec on ppc by default
dropbear: update 2019.78 -> 2020.79
elfutils: upgrade 0.179 -> 0.180
gnu-config: update to latest revision
libgpg-error: update 1.37 -> 1.38
perl: update 5.30.2 -> 5.32.0
gst-examples: upstream releases are even numbered
bison: upgrade 3.6.3 -> 3.6.4
python3-cython: upgrade 0.29.19 -> 0.29.20
stress-ng: upgrade 0.11.12 -> 0.11.14
piglit: upgrade to latest revision
linux-firmware: upgrade 20200519 -> 20200619
systemtap: upgrade 4.2 -> 4.3
alsa-lib: upgrade 1.2.2 -> 1.2.3.1
alsa-topology-conf: upgrade 1.2.2 -> 1.2.3
alsa-ucm-conf: upgrade 1.2.2 -> 1.2.3
alsa-utils: upgrade 1.2.2 -> 1.2.3
puzzles: upgrade to latest revision
diffoscope: upgrade 147 -> 148
libcheck: upgrade 0.14.0 -> 0.15.0
rsync: update 3.1.3 -> 3.2.1
sudo: upgrade 1.9.0 -> 1.9.1
python3-numpy: update 1.18.5 -> 1.19.0
mesa: update 20.0.7 -> 20.1.2
go-binary-native: fix upstream version check
Revert "python3-setuptools: patch entrypoints for faster initialization"
python3-setuptools: upgrade 47.1.1 -> 47.3.1
Alistair Francis (1):
opensbi: Update to OpenSBI v0.8 release
Andreas Müller (3):
nfs-utils: upgrade 2.4.3 -> 2.5.1
ccache: merge ccache.inc into recipe
ccache: upgrade 3.7.9 -> 3.7.10
Andrej Valek (2):
busybox: 1.31.1 -> 1.32.0
dropbear: update to 2020.80
Andrey Zhizhikin (1):
kernel/yocto: fix search for defconfig from src_uri
Armin Kuster (1):
wpa-supplicant: Security fix CVE-2020-12695
Bjarne Michelsen (1):
devtool: default to empty string, if LIC_FILES_CHKSUM is not available
Bruce Ashfield (10):
kernel/yocto: ensure that defconfigs are processed first
linux-yocto/5.4: update to v5.4.45
linux-yocto-rt/5.4: update to rt25
linux-yocto/5.4: update to v5.4.46
linux-yocto/5.4: update to v5.4.47
linux-yocto/5.4: update to v5.4.49 and -rt28
yocto-bsps: bump reference boards to v5.4.49
linux-yocto/5.4: update to v5.4.50
linux-yocto-dev: bump to 5.8-rc
lttng-modules: bump devupstream to v2.12.1+
Changqing Li (5):
xinit: add rxvt-unicode in RDEPENDS
modutils-initscripts: update postinst
initscripts: update postinst
gtk-icon-cache.bbclass: add runtime dependency
logrotate.py: fix testimage occasionally failure
Chen Qi (2):
oescripts.py: fix typo
oescripts: ignore whitespaces when comparing lines
Chris Laplante (2):
bitbake: contrib/vim: synchronize from kergoth/vim-bitbake rev 4225ee8b4818d7e4696520567216a3a031c26f7d
bitbake: ui/teamcity: don't use removed logging classes
Christian Eggers (1):
libnl: Extend for native/nativesdk
Damian Wrobel (1):
rootfs: do not let ldconfig to create symlinks
Daniel Klauer (2):
uboot-sign: Refactor do_deploy prefunc to do_deploy_prepend
deploy.bbclass: Clean DEPLOYDIR before do_deploy
David Khouya (2):
bitbake: lib/ui/taskexp: Validate gi import
bitbake: lib/ui/taskexp: Fix missing Gtk import
Hannu Lounento (1):
openssl: move ${libdir}/[...]/openssl.cnf to ${PN}-conf
Hongxu Jia (1):
iso-codes: switch upstream branch master -> main
Jason Wessel (1):
runqemu: If using a vmtype image do not add the -no-reboot flag
Joe Slater (1):
jquery: use ${S}
Joshua Watt (4):
bitbake: hashserv: Chunkify large messages
bitbake: siggen: Fix error when hash equivalence has an exception
classes/archiver: run do_unpack_and_patch after do_preconfigure
classes/archive: do_configure should not depend on do_ar_patched
Khem Raj (2):
musl: Update to tip of master
rxvt-unicode: Disable wtmp on musl
Konrad Weihmann (2):
systemd: remove kernel-install from base pkg
bitbake.conf: fix whitespace issues
Lee Chee Yang (3):
json-c: fix CVE-2020-12762
qemu: fix CVE-2020-10761
oeqa/core/loader: refine regex to find module
Lili Li (1):
kernel.bbclass: Fix Module.symvers support
Matt Madison (1):
kernel.bbclass: add gzip-native to do_deploy dependencies
Max Krummenacher (2):
cogl-1.0: : don't require eglmesaext.h
cogl-1.0: cope with missing x11 headers
Mingli Yu (2):
python3-libarchive-c: add the missing rdepends
python3: add ldconfig rdepends for python3-ctypes
Nicolas Dechesne (1):
checklayer: parse LAYERDEPENDS with bb.utils.explode_dep_versions2()
Pierre-Jean Texier (3):
libubootenv: bump to revision 86bd30a
curl: upgrade 7.71.0 -> 7.71.1
diffoscope: upgrade 148 -> 150
Rahul Kumar (1):
bzip2: Add test suite for bzip2
Rasmus Villemoes (1):
coreutils: don't split stdbuf to own package with single-binary
Richard Purdie (13):
pseudo: Switch to oe-core branch in git repo
pseudo: merge in fixes for setfacl issue
oeqa/selftest: Clean up separate builddir in success case when non-threaded
populate_sdk_ext: Fix to use python3, not python
bitbake: taskdata: Improve handling of regex in ASSUME_PROVIDED
bitbake: runqueue: Avoid unpickle errors in rare cases
bitbake: msg: Avoid issues where paths have relative components
oeqa/selftest: recipetool/devtool: Avoid load_plugin test race
oeqa/targetcontrol: Attempt to fix log closure warning message
rootfs-postcommands: Improve/fix rootfs_check_host_user_contaminated
spdx: Remove the class as its obsolete
adwaita-icon-theme: Add missing license files to LIC_FILES_CHKSUM
bitbake: server/process: Increase timeout for commands
Ross Burton (3):
ovmf: build natively everywhere
common-licenses: fix filename of BSD-2-Clause-Patent
gtk+3: fix reproducible build failure
Timon Ulrich (2):
kernel.bbclass: add lz4 dependency and fix the call to lz4
kernel.bbclass: make dependency on lzop-native conditional
Vacek, Patrick (1):
oeqa/core/loader: fix regex to include numbers
Wang Mingyu (1):
gtk+3: upgrade 3.24.20 -> 3.24.21
Yanfei Xu (1):
classes/kernel: Use a copy of image for kernel*.rpm if fs doesn't support symlinks
akuster (5):
libuv: update to the last version in meta-oe
bitbake: test/fetch: change to better svn source
overview-manual: add SPDX license header
mega-manual: Add SPDX license headers
ref-manual: Add SPDX license headers
hongxu (2):
qemu: switches from libcap to libcap-ng for PACAKGECONFIG virtfs
cpio: add nativesdk support
zangrc (1):
libjpeg-turbo:upgrade 2.0.4 -> 2.0.5
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Change-Id: I41e066e5957aa74c9a24e86a6c214bcf96e9c46b
Diffstat (limited to 'poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch')
-rw-r--r-- | poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch b/poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch deleted file mode 100644 index 758188779..000000000 --- a/poky/meta/recipes-devtools/rsync/files/CVE-2016-9840.patch +++ /dev/null @@ -1,75 +0,0 @@ -From 6a043145ca6e9c55184013841a67b2fef87e44c0 Mon Sep 17 00:00:00 2001 -From: Mark Adler <madler@alumni.caltech.edu> -Date: Wed, 21 Sep 2016 23:35:50 -0700 -Subject: [PATCH] Remove offset pointer optimization in inftrees.c. - -inftrees.c was subtracting an offset from a pointer to an array, -in order to provide a pointer that allowed indexing starting at -the offset. This is not compliant with the C standard, for which -the behavior of a pointer decremented before its allocated memory -is undefined. Per the recommendation of a security audit of the -zlib code by Trail of Bits and TrustInSoft, in support of the -Mozilla Foundation, this tiny optimization was removed, in order -to avoid the possibility of undefined behavior. - -CVE: CVE-2016-9840 -Upstream-Status: Backport -Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> ---- - inftrees.c | 18 ++++++++---------- - 1 file changed, 8 insertions(+), 10 deletions(-) - -diff --git a/zlib/inftrees.c b/zlib/inftrees.c -index 22fcd666..0d2670d5 100644 ---- a/zlib/inftrees.c -+++ b/zlib/inftrees.c -@@ -54,7 +54,7 @@ unsigned short FAR *work; - code FAR *next; /* next available space in table */ - const unsigned short FAR *base; /* base value table to use */ - const unsigned short FAR *extra; /* extra bits table to use */ -- int end; /* use base and extra for symbol > end */ -+ unsigned match; /* use base and extra for symbol >= match */ - unsigned short count[MAXBITS+1]; /* number of codes of each length */ - unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ - static const unsigned short lbase[31] = { /* Length codes 257..285 base */ -@@ -181,19 +181,17 @@ unsigned short FAR *work; - switch (type) { - case CODES: - base = extra = work; /* dummy value--not used */ -- end = 19; -+ match = 20; - break; - case LENS: - base = lbase; -- base -= 257; - extra = lext; -- extra -= 257; -- end = 256; -+ match = 257; - break; - default: /* DISTS */ - base = dbase; - extra = dext; -- end = -1; -+ match = 0; - } - - /* initialize state for loop */ -@@ -216,13 +214,13 @@ unsigned short FAR *work; - for (;;) { - /* create table entry */ - here.bits = (unsigned char)(len - drop); -- if ((int)(work[sym]) < end) { -+ if (work[sym] + 1 < match) { - here.op = (unsigned char)0; - here.val = work[sym]; - } -- else if ((int)(work[sym]) > end) { -- here.op = (unsigned char)(extra[work[sym]]); -- here.val = base[work[sym]]; -+ else if (work[sym] >= match) { -+ here.op = (unsigned char)(extra[work[sym] - match]); -+ here.val = base[work[sym] - match]; - } - else { - here.op = (unsigned char)(32 + 64); /* end of block */ |