1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-16 15:57:04 +00:00

rsync: fix CVEs for included zlib

rsync includes its own copy of zlib and doesn't recommend linking with
the system version [1].

Import CVE fixes that impact zlib version 1.2.8 [2] that is currently used
by rsync.

[1] https://git.samba.org/rsync.git/?p=rsync.git;a=blob;f=zlib/README.rsync
[2] https://nvd.nist.gov/vuln/search/results?form_type=Advanced&cves=on&cpe_version=cpe%3a%2fa%3agnu%3azlib%3a1.2.8

(From OE-Core rev: a55fbb4cb489853dfb0b4553f6e187c3f3633f48)

(From OE-Core rev: 93ce13106abc05f4a68a6265590e3770f0bf49a2)

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Anuj Mittal
2019-08-21 09:58:16 +08:00
committed by Richard Purdie
parent 5743d1591b
commit c5463adc43
5 changed files with 393 additions and 0 deletions
@@ -11,6 +11,10 @@ DEPENDS = "popt"
SRC_URI = "https://download.samba.org/pub/${BPN}/src/${BP}.tar.gz \
file://rsyncd.conf \
file://makefile-no-rebuild.patch \
file://CVE-2016-9840.patch \
file://CVE-2016-9841.patch \
file://CVE-2016-9842.patch \
file://CVE-2016-9843.patch \
"
SRC_URI[md5sum] = "1581a588fde9d89f6bc6201e8129afaf"