Patchwork [0/2] Recipe security updates: libpng and openssl

login
register
mail settings
Submitter Scott Garman
Date April 25, 2012, 5:13 a.m.
Message ID <cover.1335330662.git.scott.a.garman@intel.com>
Download mbox
Permalink /patch/26399/
State New
Headers show

Pull-request

git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe

Comments

Scott Garman - April 25, 2012, 5:13 a.m.
Hello,

This upgrades libpng and openssl to adddress some recent CVEs. They
have been build tested on all 5 of our QEMU architectures. 

There is another outstanding pull request that updated distro tracking
for libpng, so I'm going to hold off on updating the distro tracking
file until that gets into master.

Scott

The following changes since commit fd989e1bceef6df36619ba8944c8141abefd282e:

  self-hosted-image: Update poky revision to point at the 1.2 release branch (2012-04-24 10:20:25 +0100)

are available in the git repository at:
  git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/security-updates-oe

Scott Garman (2):
  libpng: upgrade to 1.2.49
  openssl: upgrade to 1.0.0i

 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../debian/ca.patch                                |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../debian/pic.patch                               |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../oe-ldflags.patch                               |    0
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../shared-libs.patch                              |    0
 meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
 .../{openssl_1.0.0h.bb => openssl_1.0.0i.bb}       |    4 ++--
 .../libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb}  |   10 +++++-----
 19 files changed, 8 insertions(+), 9 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb => openssl_1.0.0i.bb} (90%)
 rename meta/recipes-multimedia/libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb} (60%)
Saul Wold - April 27, 2012, 8:54 p.m.
On 04/24/2012 10:13 PM, Scott Garman wrote:
> Hello,
>
> This upgrades libpng and openssl to adddress some recent CVEs. They
> have been build tested on all 5 of our QEMU architectures.
>
> There is another outstanding pull request that updated distro tracking
> for libpng, so I'm going to hold off on updating the distro tracking
> file until that gets into master.
>
> Scott
>
> The following changes since commit fd989e1bceef6df36619ba8944c8141abefd282e:
>
>    self-hosted-image: Update poky revision to point at the 1.2 release branch (2012-04-24 10:20:25 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/security-updates-oe
>
> Scott Garman (2):
>    libpng: upgrade to 1.2.49
>    openssl: upgrade to 1.0.0i
>
>   .../configure-targets.patch                        |    0
>   .../debian/c_rehash-compat.patch                   |    0
>   .../debian/ca.patch                                |    0
>   .../debian/debian-targets.patch                    |    0
>   .../debian/make-targets.patch                      |    0
>   .../debian/man-dir.patch                           |    0
>   .../debian/man-section.patch                       |    0
>   .../debian/no-rpath.patch                          |    0
>   .../debian/no-symbolic.patch                       |    0
>   .../debian/pic.patch                               |    0
>   .../debian/version-script.patch                    |    0
>   .../engines-install-in-libdir-ssl.patch            |    0
>   .../oe-ldflags.patch                               |    0
>   .../openssl-fix-link.patch                         |    0
>   .../openssl_fix_for_x32.patch                      |    0
>   .../shared-libs.patch                              |    0
>   meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
>   .../{openssl_1.0.0h.bb =>  openssl_1.0.0i.bb}       |    4 ++--
>   .../libpng/{libpng_1.2.46.bb =>  libpng_1.2.49.bb}  |   10 +++++-----
>   19 files changed, 8 insertions(+), 9 deletions(-)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/configure-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/ca.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/debian-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/make-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/man-dir.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/man-section.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/no-rpath.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/no-symbolic.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/pic.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/version-script.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/oe-ldflags.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/openssl-fix-link.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/shared-libs.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb =>  openssl_1.0.0i.bb} (90%)
>   rename meta/recipes-multimedia/libpng/{libpng_1.2.46.bb =>  libpng_1.2.49.bb} (60%)
>

Merged these into OE-Core

Thanks
	Sau!