[oe] [PATCH][meta-oe] php: uninitialized pointer in phar_make_dirstream()

CVE-2015-7804: Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. This

[oe] [PATCH][meta-oe] php: NULL pointer dereference in phar_get_fp_offset()

CVE-2015-7803: The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator referen

[oe] [meta-initramfs][PATCH] kexec-tools-klibc: add explicit SRC_URI

After commit c2492ed SRC_URI of the recipe contains the kdump script. Kdump is not in the purposes of this recipe so we restore the plain SRC_URI. Signed-off-by: Andrea Adami --- meta-initramfs/recipes-kernel/kexec/kexec-tools-klibc_2.0.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/

Re: [oe] [fido][PATCH v2] Fix build issue on openssl 1.0.2d on Fido branch. OpenSSL's URIs of old releases have changed to /source/old/ instead of /source.

On 16 December 2015 at 12:58, Thomas Perrot wrote: > -SRC_URI += "file://configure-targets.patch \ > -file://shared-libs.patch \ > -file://oe-ldflags.patch \ > -file://engines-install-in-libdir-ssl.patch \ > -file://debian1.0.2/block_diginotar.patch

[oe] [fido][PATCH v2] Fix build issue on openssl 1.0.2d on Fido branch. OpenSSL's URIs of old releases have changed to /source/old/ instead of /source.

Signed-off-by: Thomas Perrot --- .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 51 +++--- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb index c862d5d

[oe] [meta-java][PATCH] openjdk-8: Use zero mode on arm

Currently arm build fails due to hotspot errors. Use zero mode instead. Signed-off-by: Erkka Kääriä --- recipes-core/openjdk/openjdk-8-release-72b05.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/recipes-core/openjdk/openjdk-8-release-72b05.inc b/recipes-core/openjdk/openjdk-8-relea

[oe] [fido][PATCH] Fix build issue on openssl 1.0.2d on Fido branch. OpenSSL's URIs of old releases have changed to /source/old/ instead of /source.

Signed-off-by: Thomas Perrot --- .../recipes-connectivity/openssl/openssl_1.0.2d.bb | 51 +++--- 1 file changed, 26 insertions(+), 25 deletions(-) diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb index c862d5d

[oe] [meta-java][PATCH] cacao-initial-native build issues on gcc 4.4

From: Amy Fong The following error is seen when cacao-initial is built with gcc 4.4: LOG: [0x7f595fed3700] We received a SIGSEGV and tried to handle it, but we were | LOG: [0x7f595fed3700] unable to find a Java method at: | LOG: [0x7f595fed3700] | LOG: [0x7f595fed3700] P

Re: [oe] [OE-core] [RFC] Mark of upstream CVE patches

On 16 December 2015 at 09:03, Sona Sarmadi wrote: > We are supposed to have reference to the CVE identifier both in the patch > file/s > and the commit message(e.g. xxx- CVE-2013-6435.pacth) according to the > guidelines > for "Patch name convention and commit message" in the Yocto > Wiki https

Re: [oe] [meta-networking][PATCH 0/7 v2] waf-samba: fix build failure on targets unsupported by qemu

> -Original Message- > From: Huang, Jie (Jackie) > Sent: Tuesday, December 15, 2015 3:09 PM > To: 'Joe MacDonald' > Cc: openembedded-devel@lists.openembedded.org > Subject: RE: [oe] [meta-networking][PATCH 0/7 v2] waf-samba: fix build > failure on targets > unsupported by qemu > > > >