[0/2] Recipe security updates: libpng and openssl

Submitted by Scott Garman on April 25, 2012, 5:13 a.m.

Details

Message ID cover.1335330662.git.scott.a.garman@intel.com
State New
Headers show

Pull-request

git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe

Commit Message

Scott Garman April 25, 2012, 5:13 a.m.
Hello,

This upgrades libpng and openssl to adddress some recent CVEs. They
have been build tested on all 5 of our QEMU architectures. 

There is another outstanding pull request that updated distro tracking
for libpng, so I'm going to hold off on updating the distro tracking
file until that gets into master.

Scott

The following changes since commit fd989e1bceef6df36619ba8944c8141abefd282e:

  self-hosted-image: Update poky revision to point at the 1.2 release branch (2012-04-24 10:20:25 +0100)

are available in the git repository at:
  git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe
  http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/security-updates-oe

Scott Garman (2):
  libpng: upgrade to 1.2.49
  openssl: upgrade to 1.0.0i

 .../configure-targets.patch                        |    0
 .../debian/c_rehash-compat.patch                   |    0
 .../debian/ca.patch                                |    0
 .../debian/debian-targets.patch                    |    0
 .../debian/make-targets.patch                      |    0
 .../debian/man-dir.patch                           |    0
 .../debian/man-section.patch                       |    0
 .../debian/no-rpath.patch                          |    0
 .../debian/no-symbolic.patch                       |    0
 .../debian/pic.patch                               |    0
 .../debian/version-script.patch                    |    0
 .../engines-install-in-libdir-ssl.patch            |    0
 .../oe-ldflags.patch                               |    0
 .../openssl-fix-link.patch                         |    0
 .../openssl_fix_for_x32.patch                      |    0
 .../shared-libs.patch                              |    0
 meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
 .../{openssl_1.0.0h.bb => openssl_1.0.0i.bb}       |    4 ++--
 .../libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb}  |   10 +++++-----
 19 files changed, 8 insertions(+), 9 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/configure-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/ca.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/debian-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/make-targets.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-dir.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/man-section.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-rpath.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/no-symbolic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/pic.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/debian/version-script.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/oe-ldflags.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl-fix-link.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl-1.0.0h => openssl-1.0.0i}/shared-libs.patch (100%)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb => openssl_1.0.0i.bb} (90%)
 rename meta/recipes-multimedia/libpng/{libpng_1.2.46.bb => libpng_1.2.49.bb} (60%)

Comments

Saul Wold April 27, 2012, 8:54 p.m.
On 04/24/2012 10:13 PM, Scott Garman wrote:
> Hello,
>
> This upgrades libpng and openssl to adddress some recent CVEs. They
> have been build tested on all 5 of our QEMU architectures.
>
> There is another outstanding pull request that updated distro tracking
> for libpng, so I'm going to hold off on updating the distro tracking
> file until that gets into master.
>
> Scott
>
> The following changes since commit fd989e1bceef6df36619ba8944c8141abefd282e:
>
>    self-hosted-image: Update poky revision to point at the 1.2 release branch (2012-04-24 10:20:25 +0100)
>
> are available in the git repository at:
>    git://git.pokylinux.org/poky-contrib sgarman/security-updates-oe
>    http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=sgarman/security-updates-oe
>
> Scott Garman (2):
>    libpng: upgrade to 1.2.49
>    openssl: upgrade to 1.0.0i
>
>   .../configure-targets.patch                        |    0
>   .../debian/c_rehash-compat.patch                   |    0
>   .../debian/ca.patch                                |    0
>   .../debian/debian-targets.patch                    |    0
>   .../debian/make-targets.patch                      |    0
>   .../debian/man-dir.patch                           |    0
>   .../debian/man-section.patch                       |    0
>   .../debian/no-rpath.patch                          |    0
>   .../debian/no-symbolic.patch                       |    0
>   .../debian/pic.patch                               |    0
>   .../debian/version-script.patch                    |    0
>   .../engines-install-in-libdir-ssl.patch            |    0
>   .../oe-ldflags.patch                               |    0
>   .../openssl-fix-link.patch                         |    0
>   .../openssl_fix_for_x32.patch                      |    0
>   .../shared-libs.patch                              |    0
>   meta/recipes-connectivity/openssl/openssl.inc      |    3 +--
>   .../{openssl_1.0.0h.bb =>  openssl_1.0.0i.bb}       |    4 ++--
>   .../libpng/{libpng_1.2.46.bb =>  libpng_1.2.49.bb}  |   10 +++++-----
>   19 files changed, 8 insertions(+), 9 deletions(-)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/configure-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/c_rehash-compat.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/ca.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/debian-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/make-targets.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/man-dir.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/man-section.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/no-rpath.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/no-symbolic.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/pic.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/debian/version-script.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/engines-install-in-libdir-ssl.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/oe-ldflags.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/openssl-fix-link.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/openssl_fix_for_x32.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl-1.0.0h =>  openssl-1.0.0i}/shared-libs.patch (100%)
>   rename meta/recipes-connectivity/openssl/{openssl_1.0.0h.bb =>  openssl_1.0.0i.bb} (90%)
>   rename meta/recipes-multimedia/libpng/{libpng_1.2.46.bb =>  libpng_1.2.49.bb} (60%)
>

Merged these into OE-Core

Thanks
	Sau!