Patchwork [0/2] Recipe security updates: libpng and openssl

Hello,

This upgrades libpng and openssl to adddress some recent CVEs. They
have been build tested on all 5 of our QEMU architectures. 

There is another outstanding pull request that updated distro tracking
for libpng, so I'm going to hold off on updating the distro tracking
file until that gets into master.

Scott

The following changes since commit fd989e1bceef6df36619ba8944c8141abefd282e:

  self-hosted-image: Update poky revision to point at the 1.2 release branch (2012-04-24 10:20:25 +0100)

are available in the git repository at:
  git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/security-updates-oe

Scott Garman (2):
  libpng: upgrade to 1.2.49
  openssl: upgrade to 1.0.0i

 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../debian/ca.patch                                |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../debian/pic.patch                               |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../oe-ldflags.patch                               |    0
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../shared-libs.patch                              |    0
 meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
 .../{openssl_1.0.0h.bb => openssl_1.0.0i.bb}       |    4 ++--
 .../libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb}  |   10 +++++-----
 19 files changed, 8 insertions(+), 9 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb => openssl_1.0.0i.bb} (90%)
 rename meta/recipes-multimedia/libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb} (60%)

On 04/24/2012 10:13 PM, Scott Garman wrote:
> Hello,
>
> This upgrades libpng and openssl to adddress some recent CVEs. They
> have been build tested on all 5 of our QEMU architectures.
>
> There is another outstanding pull request that updated distro tracking
> for libpng, so I'm going to hold off on updating the distro tracking
> file until that gets into master.
>
> Scott
>
> The following changes since commit fd989e1bceef6df36619ba8944c8141abefd282e:
>
>    self-hosted-image: Update poky revision to point at the 1.2 release branch (2012-04-24 10:20:25 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/security-updates-oe
>
> Scott Garman (2):
>    libpng: upgrade to 1.2.49
>    openssl: upgrade to 1.0.0i
>
>   .../configure-targets.patch                        |    0
>   .../debian/c_rehash-compat.patch                   |    0
>   .../debian/ca.patch                                |    0
>   .../debian/debian-targets.patch                    |    0
>   .../debian/make-targets.patch                      |    0
>   .../debian/man-dir.patch                           |    0
>   .../debian/man-section.patch                       |    0
>   .../debian/no-rpath.patch                          |    0
>   .../debian/no-symbolic.patch                       |    0
>   .../debian/pic.patch                               |    0
>   .../debian/version-script.patch                    |    0
>   .../engines-install-in-libdir-ssl.patch            |    0
>   .../oe-ldflags.patch                               |    0
>   .../openssl-fix-link.patch                         |    0
>   .../openssl_fix_for_x32.patch                      |    0
>   .../shared-libs.patch                              |    0
>   meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
>   .../{openssl_1.0.0h.bb =>  openssl_1.0.0i.bb}       |    4 ++--
>   .../libpng/{libpng_1.2.46.bb =>  libpng_1.2.49.bb}  |   10 +++++-----
>   19 files changed, 8 insertions(+), 9 deletions(-)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/configure-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/ca.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/debian-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/make-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/man-dir.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/man-section.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/no-rpath.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/no-symbolic.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/pic.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/version-script.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/oe-ldflags.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/openssl-fix-link.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/shared-libs.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb =>  openssl_1.0.0i.bb} (90%)
>   rename meta/recipes-multimedia/libpng/{libpng_1.2.46.bb =>  libpng_1.2.49.bb} (60%)
>

Merged these into OE-Core

Thanks
	Sau!