Wenzong Fan [Sat, 6 Feb 2016 23:14:49 +0000 (15:14 -0800)]
subversion: fix CVE-2015-3187
The svn_repos_trace_node_locations function in Apache Subversion before
1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used,
allows remote authenticated users to obtain sensitive path information
by reading the history of a node that has been moved from a hidden path.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3187-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Wenzong Fan [Sat, 6 Feb 2016 23:14:48 +0000 (15:14 -0800)]
subversion: fix CVE-2015-3184
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before
1.8.14, when using Apache httpd 2.4.x, does not properly restrict
anonymous access, which allows remote anonymous users to read hidden
files via the path name.
Patch is from:
http://subversion.apache.org/security/CVE-2015-3184-advisory.txt
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Armin Kuster [Sat, 6 Feb 2016 23:14:45 +0000 (15:14 -0800)]
glibc: CVE-2015-8776
it was found that out-of-range time values passed to the strftime function may
cause it to crash, leading to a denial of service, or potentially disclosure
information.
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Armin Kuster [Sat, 6 Feb 2016 23:14:44 +0000 (15:14 -0800)]
glibc: CVE-2015-9761
A stack overflow vulnerability was found in nan* functions that could cause
applications which process long strings with the nan function to crash or,
potentially, execute arbitrary code.
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Armin Kuster [Sat, 6 Feb 2016 23:14:43 +0000 (15:14 -0800)]
glibc: CVE-2015-8779
A stack overflow vulnerability in the catopen function was found, causing
applications which pass long strings to the catopen function to crash or,
potentially execute arbitrary code.
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Armin Kuster [Sat, 6 Feb 2016 23:14:42 +0000 (15:14 -0800)]
glibc: CVE-2015-8777
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or
libc6) before 2.23 allows local users to bypass a pointer-guarding protection
mechanism via a zero value of the LD_POINTER_GUARD environment variable.
Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Needed to quiet GNU_HASH warnings, and some minor fixes.
...
it explicitly move logrotate to /usr/bin without any reason,
which is against the original Linux location /usr/sbin.
So partly revert the above commit which let logrotate be
kept in the original place /usr/sbin.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
Martin Jansa [Fri, 4 Dec 2015 18:44:23 +0000 (19:44 +0100)]
texinfo: don't create dependency on INHERIT variable
* we don't want the do_package signature depending on INHERIT variable
* e.g. just adding the own-mirrors causes texinfo to rebuild:
# bitbake-diffsigs BUILD/sstate-diff/*/*/texinfo/*do_package.sig*
basehash changed from 015df2fd8e396cc1e15622dbac843301 to 9f1d06c4f238c70a99ccb6d8da348b6a
Variable INHERIT value changed from
' rm_work blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity'
to
' rm_work own-mirrors blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity'
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Sona Sarmadi [Mon, 21 Dec 2015 11:35:20 +0000 (12:35 +0100)]
bind: CVE-2015-8000
Fixes a denial of service in BIND.
An error in the parsing of incoming responses allows some
records with an incorrect class to be accepted by BIND
instead of being rejected as malformed. This can trigger
a REQUIRE assertion failure when those records are subsequently
cached.
When compiling meta-toolchain-qt5 on cortexa8, the compiler throws an
internal compiler error:
...
qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:
In function 'bool loadPO(Translator&, QIODevice&, ConversionData&)':
qttools-opensource-src-5.3.2/src/linguist/shared/po.cpp:717:1:
internal compiler error: in add_stores, at var-tracking.c:6000
...
Tracking this down led to https://bugs.linaro.org/show_bug.cgi?id=534
It seems the bug is well know and fixed upstream. So backporting from
trunk seems to be the right solution. This fixes the compiler problem
on cortexa8 and does not seem to be very invasive. The original commit
can be found at:
Martin Jansa [Tue, 30 Jun 2015 14:15:00 +0000 (16:15 +0200)]
feature-arm-thumb.inc: Fix ARMPKGSFX_THUMB value
* my previous thumb related commit:
commit 3e760031f91fb87c3e2f62b77a117eb41164f259
Author: Martin Jansa <martin.jansa@gmail.com>
Date: Wed Feb 18 15:40:35 2015 +0100
feature-arm-thumb.inc: respect ARM_INSTRUCTION_SET when adding thumb
suffix
unfortunately removed conditional on "thumb" in TUNE_FEATURES, when
setting ARMPKGSFX_THUMB
* in case we have MACHINE without "thumb" in TUNE_FEATURES and distro
setting ARM_INSTRUCTION_SET to "thumb" we end with:
ARM_INSTRUCTION_SET="thumb"
ARM_THUMB_OPT="thumb"
ARM_M_OPT="thumb"
Mike Crowe [Thu, 29 Oct 2015 12:28:21 +0000 (12:28 +0000)]
allarch: Force TARGET_*FLAGS variable values
TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may
differ between MACHINEs. Since they are exported they affect task hashes
even if unused which leads to multiple variants of allarch packages
existing in sstate and bouncing in the sysroot when switching between
MACHINEs.
allarch packages shouldn't be using these variables anyway, so let's
ensure they have a fixed value in order to avoid this problem.
Martin Jansa [Thu, 26 Nov 2015 12:58:13 +0000 (13:58 +0100)]
linux-dtb.inc: drop unused DTB_NAME variable from do_install
* this is causing do_install to depend on KERNEL_IMAGE_BASE_NAME which
in some cases contains something like BUILD_NUMBER from CI, that
caused do_install to be reexecuted every single time, which is very
sad to be caused by unused variable.
* jethro and newer don't need this change, because it's also fixed in
commit 86b3f29f93e3f87903668ea317c6bd97be4cdf62
Author: Marek Vasut <marex@denx.de>
Date: Thu May 14 14:31:11 2015 +0200
Subject: kernel: Build DTBs early
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Bhuvanchandra DV [Thu, 26 Nov 2015 09:12:35 +0000 (14:42 +0530)]
linux-firmware: rtl8192cx: Add latest available firmware
Add latest available firmware binaries for RTL8192CX chipsets.
These new firmwares have been released in 2012, have been used
by the mainline kernel as preferred firmware since 3.13 and
even backported to stable branches.
Armin Kuster [Wed, 11 Nov 2015 22:21:46 +0000 (14:21 -0800)]
libxml2: fix CVE-2015-7942 and CVE-2015-8035
CVE-2015-7942 libxml2: heap-based buffer overflow in xmlParseConditionalSections()
CVE-2015-8035 libxml2: DoS when parsing specially crafted XML document if XZ support is enabled
Aníbal Limón [Fri, 9 Oct 2015 22:21:44 +0000 (17:21 -0500)]
bash: Disable custom memory allocator
Bash is failing trying to allocate memory [1] using the custom
memory allocator if we disable it the issue is fixed.
The major distributions also disabled by default [2], so we
don't have a good reason to use it.
The underlying issue is due to bash’s malloc using brk() calls
to allocate memory, which fail when address randomization is
enabled in kernel. sbrk() based custom allocators are obsolete.
There may be some performance impact of this however correctness
is more important.
Paul Eggleton [Mon, 12 Oct 2015 13:49:11 +0000 (14:49 +0100)]
tzdata: reinstate changes reverted in 2014c upgrade
OE-Core commit 57af3fb9662106f0a65a1b4edf83e2398be0a8f1 upgraded tzdata
but also reverted a couple of changes to SUMMARY and LIC_FILES_CHKSUM.
Reinstate these (with an update to the README md5 value since that has
changed slightly, without any change to the licensing statements
within).
Armin Kuster [Fri, 2 Oct 2015 14:26:49 +0000 (07:26 -0700)]
tzdata: update to 2015g
Resend: typo in version in subject.
Changes affecting future time stamps
Turkey's 2015 fall-back transition is scheduled for Nov. 8, not Oct. 25.
(Thanks to Fatih.)
Norfolk moves from +1130 to +1100 on 2015-10-04 at 02:00 local time.
(Thanks to Alexander Krivenyshev.)
Fiji's 2016 fall-back transition is scheduled for January 17, not 24.
(Thanks to Ken Rylander.)
Fort Nelson, British Columbia will not fall back on 2015-11-01. It has
effectively been on MST (-0700) since it advanced its clocks on 2015-03-08.
New zone America/Fort_Nelson. (Thanks to Matt Johnson.)
Armin Kuster [Fri, 2 Oct 2015 14:24:52 +0000 (07:24 -0700)]
tzcode: update to 2015g
Changes affecting code
localtime no longer mishandles America/Anchorage after 2037.
(Thanks to Bradley White for reporting the bug.)
On hosts with signed 32-bit time_t, localtime no longer mishandles
Pacific/Fiji after 2038-01-16 14:00 UTC.
The localtime module allows the variables 'timezone', 'daylight',
and 'altzone' to be in common storage shared with other modules,
and declares them in case the system <time.h> does not.
(Problems reported by Kees Dekker.)
On platforms with tm_zone, strftime.c now assumes it is not NULL.
This simplifies the code and is consistent with zdump.c.
(Problem reported by Christos Zoulas.)
Changes affecting documentation
The tzfile man page now documents that transition times denote the
starts (not the ends) of the corresponding time periods.
(Ambiguity reported by Bill Seymour.)
Martin Jansa [Tue, 27 Oct 2015 17:18:20 +0000 (18:18 +0100)]
fontcache: allow to pass extra parameters and environment to fc-cache
* this can be useful for passing extra parameters, pass
-v by default to see what's going on in do_rootfs
* we need to use this for extra parameter we implemented
in fontconfig:
--ignore-mtime always use cache file regardless of font directory mtime
because the checksum of fontcache generated in do_rootfs
doesn't match with /usr/share/fonts directory as seen on
target device causing fontconfig to re-create the cache
when fontconfig is used for first time or worse create
new cache in every user's home directory when /usr/
filesystem is read only and cache cannot be updated.
Running FC_DEBUG=16 fc-cache -v on such device shows:
FcCacheTimeValid dir "/usr/share/fonts" cache checksum 1441207803 dir checksum 1441206149
* my guess is that the checksum is different, because pseudo
(which is unloaded when running qemuwrapper) or because some
influence of running the rootfs under qemu.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
This file wasn't named as a patch, nor told to apply explicity, so it was just
unpacked to the work directory and not applied. Rename the file so the patch is
applied correctly.
(thanks to Petter Mabäcker <petter@technux.se> for spotting this)
Andre McCurdy [Thu, 6 Aug 2015 00:36:49 +0000 (17:36 -0700)]
gettext_0.16.1: remove obsolete uclibc specific patch
gettext-error_print_progname.patch was originally created for gettext
v0.14.6 and does not apply cleanly to gettext v0.16.1.
Since the original issue addressed by the patch isn't documented and
because gettext v0.16.1 seems to be build OK for uclibc without the
patch, assume the patch is obsolete and no longer required.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core master rev: d95d92a)
Testing:
Built in Fido and installed to x86_64 test system.
Verified both 'keyboard-interactive' and 'publickey' logon works with
root and a regular user from an openssh 7.1p1-1 client on Arch.
Signed-off-by: Haris Okanovic <haris.okanovic@ni.com> Reviewed-by: Rich Tollerton <rich.tollerton@ni.com> Reviewed-by: Ken Sharp <ken.sharp@ni.com>
Natinst-ReviewBoard-ID: 115602
Natinst-CAR-ID: 541263 Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Tudor Florea [Thu, 29 Oct 2015 00:14:18 +0000 (01:14 +0100)]
unzip: CVE-2015-7696, CVE-2015-7697
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping
Armin Kuster [Thu, 29 Oct 2015 23:22:41 +0000 (16:22 -0700)]
libxslt: CVE-2015-7995
This is a is being give a High rating so please consider it for
all 1.1.28 versions.
A type confusion error within the libxslt "xsltStylePreCompute()"
function in preproc.c can lead to a DoS. Confirmed in version 1.1.28,
other versions may also be affected.
Ting Liu [Wed, 21 Oct 2015 09:47:08 +0000 (17:47 +0800)]
oprofile: update --with-kernel option to find perf_event.h
Update --with-kernel=${STAGING_DIR_HOST}/${prefix} to find kernel
headers (linux/*.h) to fix the error:
| checking kernel supports perf_events... unknown -- perf_event.h not found
| ERROR: You requested to build oprofile with '--with-kernel=/buildarea/lyang1/test_f2/tmp/work-shared/qemux86/kernel-source',
| but headers were not accessible at the given location.
| Be sure you have run the following command from within your kernel source tree:
| make headers_install INSTALL_HDR_PATH=<kernel-hdrs-install-dir>
| Then pass <kernel-hdrs-install-dir> to oprofile's '--with-kernel' configure option.
| configure: error: Unable to build oprofile. Exiting.
init-install-efi.sh: Avoid /mnt/mtab creation if already present
The base-files recipe installs /mnt/mtab (it is a softlink of /proc/mounts),
so if an image includes the latter, there is no new to created it again inside
the install-efi.sh script, otherwise an error may occur as indicated on the
bug's site.
Stefan Christ [Tue, 13 Oct 2015 08:29:13 +0000 (10:29 +0200)]
systemd: fix networking setup when ipv6 modules are missing
If the ipv6 kernel modules are missing, e.g. /lib/modules/<version>
doesn't match the runnig kernel, networkd doesn't bring up the
interfaces correctly. Backport fix from systemd version v220.
Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
systemd: fix tmpfiles location when multilib in use
Systemd's configuration files for creation, deletion and cleaning
of volatile and temporary files are installed in /usr/lib even when
multilib is in use (when /usr/lib64 is available). In this check the
systemd.conf file will not be found if libdir is /usr/lib64 so we fix the
path to match this file's installation path to look for it in
${exec_prefix}/lib
Ross Burton [Tue, 29 Sep 2015 11:45:36 +0000 (13:45 +0200)]
sstate: run recipe-provided hooks outside of ${B}
To avoid races between the sstate tasks/hooks using ${B} as the cwd, and other
tasks such as cmake_do_configure which deletes and re-creates ${B}, ensure that
all sstate hooks are run in the right directory, and run the prefunc/postfunc in WORKDIR.
Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Fri, 18 Sep 2015 12:13:47 +0000 (14:13 +0200)]
autotools.bbclass: mkdir ${B} -> mkdir -p ${B}
${B} is the default cwd of tasks, so there might be race issues such as:
| mkdir: cannot create directory `${B}': File exists
[snip]
NOTE: recipe perf-1.0-r9: task do_configure: Failed
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Robert Yang [Fri, 18 Sep 2015 12:13:46 +0000 (14:13 +0200)]
perf: mkdir ${B} -> mkdir -p ${B}
${B} is the default cwd of tasks, so there might be race issues such as:
| mkdir: cannot create directory `/path/to/work/qemux86-poky-linux/perf/1.0-r9/perf-1.0/': File exists
[snip]
NOTE: recipe perf-1.0-r9: task do_configure: Failed
Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libunwind: Invalid dwarf opcodes can cause references beyond the end of
the array
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h
in libunwind 1.1 allows local users to have unspecified impact via
invalid dwarf opcodes.
Martin Jansa [Fri, 4 Sep 2015 12:22:27 +0000 (14:22 +0200)]
postinst_intercept: allow to pass variables with spaces
* trying to pass foo="a b" through postinst_intercept ends
with the actual script header to containing:
b
foo=a
which fails because "b" command doesn't exist.
CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support
CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support
CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable
oprofileui uses gettext during the configuration task so should be inherit
gettext. This issue appears when an older version of gettext is used do to
pinning to the older non-gplv3 version.
1) it prevented logging to the task log from working within bitbake
-c testimage. This is due to the logger object being set up too early
which interferes with BitBake's own logging. If we prefix the name
with "BitBake." everything works (and we don't need to set the
logging level).
2) Additionally because it called the log functions on the logging
module and not the logger object it set up, this caused the
oe-selftest logging to start printing everything from that point
forward.
Fix these two issues and return us to the desired behaviour for
do_testimage.
Egypt will not observe DST in 2015 and will consider canceling it
permanently. For now, assume no DST indefinitely.
(Thanks to Ahmed Nazmy and Tim Parenti.)
Changes affecting past time stamps
America/Whitehorse switched from UTC-9 to UTC-8 on 1967-05-28, not
1966-07-01. Also, Yukon's time zone history is documented better.
(Thanks to Brian Inglis and Dennis Ferguson.)
Change affecting past and future time zone abbreviations
The abbreviations for Hawaii-Aleutian standard and daylight times
have been changed from HAST/HADT to HST/HDT, as per US Government
Printing Office style. This affects only America/Adak since 1983,
as America/Honolulu was already using the new style.
Khem Raj [Sun, 23 Aug 2015 02:46:23 +0000 (19:46 -0700)]
systemd: Remove exporting special CPP
This is no more needed.
it was done long ago while systemd lived in meta-openembedded
http://lists.openembedded.org/pipermail/openembedded-commits/2012-August/141061.html
The accompanying patch has been applied to systemd already so we were
not needing to set CPP for sometime now.
as a nice side effect it helps compiling systemd with clang
Khem Raj [Sun, 16 Aug 2015 01:26:11 +0000 (18:26 -0700)]
glibc: Consider adding -Wno-error in cases when not using -O2
glibc has recently turned on Werror globally which is good but then not
all option combos are well tested so there still remains cleanup needed
when not using -O2, so lets just disable Werror in such cases, until
fixed upstream
Integer overflow in the make_filter_table function in pixops/pixops.c
in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and
Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other
products, allows remote attackers to execute arbitrary code or cause a
denial of service (heap-based buffer overflow and application crash) via
crafted bitmap dimensions that are mishandled during scaling.
Execute `bitbake valgrind && bitbake systemd -c cleansstate && bitbake
systemd -c configure && bitbake valgrind -c cleansstate && bitbake systemd
-c compile', and we would get the following error.
src/libsystemd/sd-bus/bus-control.c: fatal error: valgrind/memcheck.h: No such file or directory.
Ross Burton [Mon, 13 Jul 2015 15:27:45 +0000 (16:27 +0100)]
systemd: recommend the vconsole setup units
systemd's early boot wants to run the vconsole setup units. They were split out
so that systems without visible consoles don't need the overhead of packaging
kbd etc, but we should pull them in by default.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
base.bbclass: Note when including pn with INCOMPATIBLE_LICENSES
We need to be able to tell people if we WHITELIST a recipe
that contains an incompatible licese.
Example: If we set WHITELIST_GPL-3.0 ?= "foo", foo will end
up on an image even if GPL-3.0 is incompatible. This is the
correct behaviour but there is nothing telling people that it
is even happening.
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Refresh the following patches to apply cleanly to our qemu-2.2.0:
07-xen-pt-split-out-calculation-of-throughable-mask-CVE-2015-4106.patch
10-xen-pt-add-a-few-PCI-config-space-field-descriptions-CVE-2015-4106.patch
wpa-supplicant: backport patch to fix CVE-2015-4141,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146
Backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146.
This patch is originally from:
For CVE-2015-4141:
http://w1.fi/security/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
For CVE-2015-4143:
http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
For CVE-2015-4144 and CVE-2015-4145:
http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
For CVE-2015-4146:
http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
Signed-off-by: Fan Xin <fan.xin at jp.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Joshua Lock <joshua.lock@collabora.co.uk>
Yuqing Zhu [Mon, 10 Aug 2015 03:41:42 +0000 (11:41 +0800)]
gstreamer1.0-plugins-base: Set need_segment after sink pad receive GST_EVENT_SEGMENT
Subparse works in push mode, chain funciton will be called once
up stream element finished the seeking and flushing.
If set need_segment flag in src pad event handler, the segment
event will be pushed earlier, result in the subtitle text will
be send out to down stream from the beginning.
