git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

author	Anuj Mittal <anuj.mittal@intel.com>
	Fri, 19 Jul 2019 01:31:06 +0000 (09:31 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Fri, 19 Jul 2019 15:19:14 +0000 (16:19 +0100)
commit	db32c9bda315cbfd4afe5df6cb50f9440783f10f
tree	4b9a1de2961ed9b8e6f180e979158c13eb958697	tree
parent	f56e1ffb1e0943bf0f1c016255e5a6b09d52ca66	commit \| diff

rsync: fix CVEs for included zlib

rsync includes its own copy of zlib and doesn't recommend linking with
the system version [1].

Import CVE fixes that impact zlib version 1.2.8 [2] that is currently used
by rsync.

[1] https://git.samba.org/rsync.git/?p=rsync.git;a=blob;f=zlib/README.rsync
[2] https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3agnu%3azlib%3a1.2.8

(From OE-Core rev: a55fbb4cb489853dfb0b4553f6e187c3f3633f48)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-devtools/rsync/files/CVE-2016-9840.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/rsync/files/CVE-2016-9841.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/rsync/files/CVE-2016-9842.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/rsync/files/CVE-2016-9843.patch	[new file with mode: 0644]	blob
meta/recipes-devtools/rsync/rsync_3.1.3.bb		diff \| blob \| blame \| history