Age | Commit message (Collapse) | Author |
|
Fixes race conditions in collect_mounts
References:
http://seclists.org/oss-sec/2015/q2/640
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-4177
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=6ab282fe6d43027b3b1ef820b3798aae8fdb432b
Signen-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Change inode_capable to capable_wrt_inode_uidgid
Fixes privileges escalation in Linux kernel built
with the user namespaces(CONFIG_USER_NS).
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4014
http://www.openwall.com/lists/oss-security/2014/06/10/4
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id= 2246a472bce19c0d373fb5488a0e612e3328ce0a
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Fixes an information leakage in Linux kernel built with
the Multimedia support(CONFIG_MEDIA_SUPPORT).
References:
http://www.openwall.com/lists/oss-security/2014/06/15/1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739
Upstream patch:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=2f1831612c94ee7b1819c4a6d21b9d5efac5297c
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Fixes race condition between chown() and execve() system calls in the
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3339
http://seclists.org/oss-sec/2015/q2/216
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch
/?id=5176b77f1aacdc560eaeac4685ade444bb814689
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
Fixes information leak in llc2_timeout_table.
References:
http://www.openwall.com/lists/oss-security/2015/02/20/19
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2041
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch
/?id=553dd569ff29bc38cebbf9f9dd7c791863ee9113
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
Fix slab corruption from use after free on INIT collisions
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1421
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/
?id=43e39c2f63240f67a67b4060882f67dac1a6f339
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
Fixes buffer overflow in ioctl.
Reference:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8884
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/
?id=482c6cb2dfb40838d67b0ba844b4b3d0af0f3d20
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
try_to_unmap_cluster() should lock_page() before mlocking
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3122
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch
/?id=400fc13141fe947c38e8485ee9d37066d4533363
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Zhenhua Luo <zhenhua.luo@nxp.com>
|
|
Fix the following build error:
| [CC] process.c (lib:skmm_process)
| apps/pciep_dma/pciep_dma.c:37:37: fatal error: readline.h: No such file or directory
| #include <readline.h> /* libedit */
| ^
| compilation terminated.
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
Fix the following build error:
ERROR: QA Issue: skmm-host: Files/directories were installed but not shipped
/usr/bin/mini_calc [installed-vs-shipped]
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
This fixes incorrect processing of checksums in UDP implementation
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5364
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5366
http://www.openwall.com/lists/oss-security/2015/07/10/3
Upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=a97b54dd69cb05df4c57f5d5b40c761f7835ce4e
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Fixes infinite loop in CE record entries
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9420
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=1fe5620fcd6c2f0a4a927ee10c8e53196da392f3
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Explicitly clear ramdisk_mcp backend pages
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=186f32e2096c7d9cd9106b8dedd79c596f4c8398
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Prevent requeue pi on same futex
References
http://www.openwall.com/lists/oss-security/2014/06/05/22
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=b9103e5f3a197aec4ec3d78fd5ff2bb74a496b42
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Handle numid overflow
Make sure that id->index does not overflow
References:
http://www.openwall.com/lists/oss-security/2014/06/26/6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
NULL pointer dereference in af->from_addr_param on malformed packet
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
sk_ack_backlog wrap-around problem
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
CVE-2014-4652
Protect user controls against concurrent access
CVE-2014-4653
Don't access controls outside of protected regions
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
audit_krule mask accesses need bounds checking
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
CVE-2014-3673
skb_over_panic when receiving malformed ASCONF chunks
Fixes: b896b82be4ae ("[SCTP] ADDIP: Support for processing incoming ASCONF_ACK
chunks.")
CVE-2014-3687
panic on duplicate ASCONF chunks
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1
packet")
CVE-2014-3688
remote memory pressure from excessive queueing
Fixes: 2e3216cd54b1 ("sctp: Follow security requirement of responding with 1
packet")
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688
http://www.openwall.com/lists/oss-security/2014/11/13/8
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
CVE-2014-3601
Fixes the third parameter of kvm_iommu_put_pages
The third parameter of kvm_iommu_put_pages is wrong,
It should be 'gfn - slot->base_gfn'.
CVE-2014-8369
Fixes excessive pages un-pinning in kvm_iommu_map error path.
(This vulnerability exists because of an incorrect fix for CVE-2014-3601
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369
https://bugzilla.redhat.com/show_bug.cgi?id=1156518
https://lkml.org/lkml/2014/10/24/460
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
CVE-2014-3181 Kernel: HID: OOB write in magicmouse driver
CVE-2014-3182 Kernel: HID: logitech-dj OOB array access
CVE-2014-3184 Kernel: HID: off by one error in various _report_fixup routine
CVE-2014-3185 Kernel: USB serial: memory corruption flaw
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Fixes null pointer dereference when processing authenticated cookie_echo chunk
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101
https://bugzilla.redhat.com/show_bug.cgi?id=1070705
Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f9
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
Avoid infinite loop when processing indirect ICBs
References:
http://seclists.org/oss-sec/2014/q3/600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
This patches fixes mount flags handling during remount issue.
The patches come from:
https://www.kernel.org (remotes/origin/linux-3.12.y branch)
References:
http://seclists.org/oss-sec/2014/q3/357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5207
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
|
|
This aligns with the default setting in Poky.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
this is not bsp related, remove it.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
This pkg is for fsl security, not bsp related. will put it to fsl
distro layer for security.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
This includes following fixes:
2d35e98 CST : Add P2041 support to cst.
c8b29ef CST: initialize uninitialized variables
6d30fc3 Makefile: use CFLAGS environment variable
39a4b89 Makefile: add install rule
7e9d814 Makefile: check OPENSSL setting before use
4ce2fd1 Modify input files to add HASH_FILE and SIGN_FILE felds.
2934719 ls1: ie_key files modified
13cef32 ls1: Remove extra keys from input file in ls1
14660b8 Modify input files to make consisitency with images.
6dbd697 Modify signature offset.
b6d3fe6 input_files/uni_sign: Updated uboot binary name to u-boot.bin
2344105 IE Keys : Add input files
517b3d8 Fixed error handling for sign_embed tool.
f711555 Modify ESBC header fields and use case for SRK and IE KEY.
c9361dd sign_embed: it would embed signature over header passed.
ec541fa gen_sign: it would calculate and generate signature over hash passed.
3b0a522 Modifications for changing argc to optind.
78cfdba Parsing of esbc flag is done prior of other fields.
c0f49a8 Add feature of comparison of key pairs.
c22c94f Add gen_drv tool.
7abb3e1 Modularise the key extraction from key file.
5ac9cd1 Add error handling for not supported values provided as input.
64eb9c4 Modify parsing of field values.
c73ae3a Modify Makefile to discard compilation of uni_pbi tool.
8023fa1 Modify usage of gen_otpmk utility.
9065d2a Corrected the setting of FSL_UID and OEM_UID flag
7b688ed uni_pbi tool added
4ae8899 LS2 specific changes.
5e856de Add T2080 as target.
582fa00 Add input files for ie_key usage.
f5ac295 Modify features enabled with different options.
bcb3791 modify option available.
34c2290 Add key_ext option.
3abf8d3 Signature is moved to end.
7d58769 Add feature to accept externally generated signature.
43a917a Add export hash feature.
d1877da Remove redundancy with keys usage.
9b049cb Add LS2 header support.
8b0044b Add IE key usage support for ESBC header.
a684f4f support for ESBC header generation
63c901a Add ISBC Extension Key Feature.
746a9b9 Linked implementation for headers and tables
15ae37e Revert "LS1021: unisign fixed for group5"
54661bb Corrected LS1 input files.
5f58c80 Corrected dtb name in input file for LS1 dtb
8c0feeb LS1: Change the input file for NOR addresses
Also sync with meta-fsl-arm.
|
|
Signed-off-by: Ting Liu <b28495@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
* QE_UCODE definition is moved to <machine>.conf
* add check if QE_UCODE defined in anonymous python function
* install the binary into /boot
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
The multilib setting was set in <core>.inc which was included by
the <machine>.conf. In bitbake.conf, <machine>.conf is included
after local.conf. Change to use ?= to not override the value in
local.conf.
This is useful when using external toolchain which does not need
to enable multilib.
Signed-off-by: Zongchun Yu <Zongchun.Yu@freescale.com>
|
|
This includes following fixes:
35af73f Fix: Copy user-space buffer of injected control frame to kernel
00c8040 Add multiple error labels in the probe function
2835689 Fix: Remove memory leaks when the module is removed or fails on probing
d770a37 Fix: Remove compile warning on 32b
89e29fc Fix: Remove unnecessary checks
adbb47e Beautify: Rename macros into more proper names
d5cac6e Add "poll()" function for NPI device
220cee3 Replace rescheduling with work queues
2a5fe4e Add cacheline support for extraction of control frames
6f14f0b Fix: UIO device might not be removed properly if module fails to initialize
2dcea55 Removed unecessary includes
1077880 Add UIO driver
68ab7bd Initial empty repository
update COMPATIBLE_MACHINE to use soc_family.
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
The source code of cs4315-firmware is not available in public git repo
due to license issue, remove the recipe.
Build error log:
ERROR: Function failed: Fetcher failure for URL: 'git://git.freescale.com/ppc/sdk/firmware.git;nobranch=1'. Unable to fetch URL from any source.
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
This update to fsl sdk v1.7 release. The detailed changes
can be found at:
http://git.freescale.com/git/cgit.cgi/ppc/sdk/asf.git/
Other changes to sync with meta-fsl-arm:
* install kernel modules to ${D}/lib/modules/${KERNEL_VERSION}/asf
* install scripts to ${D}/${libexecdir}/
* remove dependency on virtual/kernel as it inherit module.bbclass
Signed-off-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
e6500 is a specific core which only support 64bit kernel, no
matter rootfs is 32b/64b. qoriq_build_64bit_kernel.bbclass
was added to do this.
BUILD_64BIT_KERNEL is only set for e6500. It is duplicate to check
core and BUILD_64BIT_KERNEL at the same time. remove one.
Signed-off-by: Zongchun Yu <Zongchun.Yu@freescale.com>
|
|
This includes following fixes:
49efc94 Add QE ucode binary for T1024 and LS1021a
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
Currently pkc-host does not support RSA_KEYGEN. When pkc-host
installed, RSA keygen operations should be avoided.
Introduce DISTRO_FEATURE "c29x_pkc". To install pkc-host, this
feature should be enabled. Then cryptodev checks it to disable
RSA_KEYGEN.
this can be done in conf/local.conf:
DISTRO_FEATURES_append = " c29x_pkc"
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
|
|
- Nikos handed over project maintainance to Phil Sutter.
- Several pending patches have been merged upstream so we removed
them from the recipe. The remaining ones have been sorted
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
Change-Id: I0c6160c739d379ba787e72423d1564b9a3d05d8b
Reviewed-on: http://git.am.freescale.net:8181/24177
Reviewed-by: Zhenhua Luo <zhenhua.luo@freescale.com>
Tested-by: Zhenhua Luo <zhenhua.luo@freescale.com>
|
|
- include fixes for algorithm registration and 32-bit application hanging
on E5500 cores.
- add offloading suport for aes-gcm
- upstream patches are kept except for the documentation patch which is
no longer necessary
Signed-off-by: Cristian Stoica <cristian.stoica@freescale.com>
|
|
* introduce variable RULE for DPAA FMan ethernet ports name rule.
* use 72-fsl-dpaa-persistent-networking.rules for t1024, same as e6500.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
This update to fsl sdk v1.7 release. There are 143 new commits.
The detailed changes can be found at:
http://git.freescale.com/git/cgit.cgi/ppc/sdk/usdpaa.git/
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
listing machine names in recipe is painful when adding support
for boards with same soc. use soc_family instead.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
This includes following fixes:
4cda2e3 fm-ucode: add t1040 and t2080 rev 1.1 files
222cd35 fm-ucode: remove prev version of _t1040_r1.0_107_
c5006bf fm-ucode: add t1024 packages
2698dc3 fm-ucode: release 107.4.2
3b66ca5 fm-ucode: new version 107_4_2_candidate1
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|
|
listing machine names in recipe is painful when adding support
for boards with same soc. use soc_family instead.
Signed-off-by: Ting Liu <ting.liu@freescale.com>
|