[yocto-security] [OE-core CVE] branch master-next updated. uninative-2.2-224-g21212c9
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Sat Aug 11 09:11:37 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master-next has been updated
discards 8440fe78b84dfbf5ca0b74767c173cfcada3cb8d (commit)
discards 170e5be12213a38f4708b623ce41b01da04c4d7e (commit)
discards 31d8a8b33d6fef9ca18a3e410012ce96749d0c2a (commit)
discards 010f0d6c82b81254ae7ed70b6cdb6961e23ff233 (commit)
discards de9303992721ab33ddccd085369165e403323d37 (commit)
discards 5a008b50ba5ec0b8aae6d73ae59fc0e0e0fb4c1a (commit)
discards 520be9646f20ff4782a523e2881f30ee9eb48d6f (commit)
discards b756e4502af18396180cd7462c161a94dc92a454 (commit)
discards c6047ba8d5ccad82c8c5dece79299b4577359d51 (commit)
discards 9be9e0d277849346b8b19092944956b4bb169a50 (commit)
discards bf6e00b3ab1b4cd6db9566147142c597a4e9f221 (commit)
discards 23e1e3326b1b2e810a88664a30043f0002666b0e (commit)
discards 58874f7cd39dd9baa7065e9044958ddf446c89c4 (commit)
discards 85d2c3406a4c020c1235a33ee740a5263c52c3a4 (commit)
discards db88b5211ec9f856d6a439109299243390b1000e (commit)
via 21212c910cdb35b878a8348ed569c16853e1b7c5 (commit)
via 74b88f379d83868a5060edd4056e269f93d3419d (commit)
via b1d6dca240c6e3a2c8e7039088804a37b62912be (commit)
via 232261ab62cc3c7f77f76fe2f780d0144b21b4c2 (commit)
via ef9c0300f4f71baba5affd55304fc612490d6e3b (commit)
via 1baac63397c20ba506b0088b758c9884f53b6346 (commit)
via 39c6fe2994cefd8b5f446ee9e435458d8d758de3 (commit)
via afc88799ff64eab8a807004f9b3115ec07dcd9fe (commit)
via e12cc5eb01a1f591d0c55cf5aeb3fc24ad26448e (commit)
via 859941f22a7cf89ecef69d03bade7bb8ce2855cc (commit)
via 6a6b8d12b80c1ad84b9ff93adcce33e46c45d766 (commit)
via 318540bde50c4c0febd23004511d8842071cd245 (commit)
via d4c11b9a9e092a690e4a96dc117c63fac4ea26b8 (commit)
via 31f79ab504b23a6f098717bd4f72e1242a049c90 (commit)
via 197aa502fac6ebb07de8fe62e40797f35705ed7e (commit)
via 12cc596da9a2cf453868bd917548bd345e306327 (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (8440fe78b84dfbf5ca0b74767c173cfcada3cb8d)
\
N -- N -- N (21212c910cdb35b878a8348ed569c16853e1b7c5)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 21212c910cdb35b878a8348ed569c16853e1b7c5
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Sat Aug 11 16:07:18 2018 +0000
xf86-video-intel: Fix for glibc
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 74b88f379d83868a5060edd4056e269f93d3419d
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Sat Aug 11 16:06:54 2018 +0000
screen: Add virtual/crypt dependency
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit b1d6dca240c6e3a2c8e7039088804a37b62912be
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Sat Aug 11 11:30:28 2018 +0100
glibc: Add make-native depends
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 232261ab62cc3c7f77f76fe2f780d0144b21b4c2
Author: Jaewon Lee <jaewon.lee at xilinx.com>
Date: Mon Jul 30 14:21:53 2018 -0700
kernel-yocto.bbclass: Adds oe-local-files path (devtool) to include directives
The devtool-source class moves all local files specified in SRC_URI to
an oe-local-files directory. When using devtool and a recipe space kernel-meta,
devtool modify throws an error because the paths the kernel-yocto class
is looking for feature directories in, don't include the oe-local-files
directory which devtool is using.
This patch checks for feature directories in oe-local-files,
and if present, adds that path to include directives.
[YOCTO #12855]
Signed-off-by: Jaewon Lee <jaewon.lee at xilinx.com>
Signed-off-by: Alejandro Enedino Hernandez Samaniego <alejandr at xilinx.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit ef9c0300f4f71baba5affd55304fc612490d6e3b
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:25 2018 -0700
sysvinit: Fix build with glibc 2.28 + libxcrypt
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 1baac63397c20ba506b0088b758c9884f53b6346
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:24 2018 -0700
ppp, libpam: Add missing dep on virtual/crypt
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 39c6fe2994cefd8b5f446ee9e435458d8d758de3
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:22 2018 -0700
glibc: Disable crypt support in glibc
Drop packaging libcrypt from 2.28+ onwards
We have independent crypt implementation coming from libxcrypt
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit afc88799ff64eab8a807004f9b3115ec07dcd9fe
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:21 2018 -0700
libxcrypt: Upgrade to 4.1.1
license update: Remove CDDL code with Public Domain pieces
https://github.com/besser82/libxcrypt/commit/c76847e3be40c4ac0d78bc8518502418c6207144#diff-fdcb2380ff1eeea2e5795ec115ba1c0d
inherit pkgconfig as it uses pkg-config during build
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit e12cc5eb01a1f591d0c55cf5aeb3fc24ad26448e
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:20 2018 -0700
libxcrypt: Provide virtual/crypt for target and native as well
virtual/crypt for musl will come from libc itself
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 859941f22a7cf89ecef69d03bade7bb8ce2855cc
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:19 2018 -0700
cross-localedef-native: Update to build with glibc 2.28
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 6a6b8d12b80c1ad84b9ff93adcce33e46c45d766
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:18 2018 -0700
glibc: Upgrade to 2.28
License-Update: libidn is dropped from glibc and a testcase that was a particular contributor copyrighted
see
https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=LICENSES;h=0e3a9fe39b26e97038d92f904508a4c3aa1bb43b;hp=b29efe01084af28cc40953d7317f22927c0ee3b7;hb=5a357506659f9a00fcf5bc9c5d8fc676175c89a7;hpb=7279af007c420a9d5f88a6909d11e7cb712c16a4
https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=LICENSES;h=b29efe01084af28cc40953d7317f22927c0ee3b7;hp=80f7f1487947f57815b9fe076fadc8c7f94eeb8e;hb=7f9f1ecb710eac4d65bb02785ddf288cac098323;hpb=5f7b841d3aebdccc2baed27cb4b22ddb08cd7c0c
Drop upstreamed and backported patches
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 318540bde50c4c0febd23004511d8842071cd245
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Wed Aug 1 13:25:35 2018 +0800
base-files: fix handling of resize
The current handling of resize is incorrect. Using `resize > /dev/null
2>&1 && resize > /dev/null' will cause the second resize command to not
execute because 'resize > /dev/null 2>&1' will fail for resize utility
from busybox.
What we really should do is just to check whether ${bindir}/resize
is executable and execute it if so. Using '-x' is sufficient.
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit d4c11b9a9e092a690e4a96dc117c63fac4ea26b8
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Mon Jul 30 17:41:57 2018 +0800
busybox: move init related configs to init.cfg
Move init related configs to init.cfg.
These config items do not make much sense unless busybox is selected
as the init manager. They should belong to init.cfg.
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 31f79ab504b23a6f098717bd4f72e1242a049c90
Author: Andrej Valek <andrej.valek at siemens.com>
Date: Thu Aug 9 10:06:37 2018 +0200
libxml2: Fix CVE-2018-14404
Fix nullptr deref with XPath logic ops
If the XPath stack is corrupted, for example by a misbehaving extension
function, the "and" and "or" XPath operators could dereference NULL
pointers. Check that the XPath stack isn't empty and optimize the
logic operators slightly.
CVE: CVE-2018-14404
Signed-off-by: Andrej Valek <andrej.valek at siemens.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 197aa502fac6ebb07de8fe62e40797f35705ed7e
Author: Changqing Li <changqing.li at windriver.com>
Date: Fri Aug 10 17:35:55 2018 +0800
curl: support multilib installation of curl-config
Signed-off-by: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 12cc596da9a2cf453868bd917548bd345e306327
Author: Mikko Rapeli <mikko.rapeli at bmw.de>
Date: Fri Aug 10 17:27:56 2018 +0300
perf: fail if src path does not exist
A missing src directory from a broken kernel recipe resulted
only in a warning:
WARNING: copyfile: stat of /home/builder/src/tmp-glibc/work-shared/target/kernel-source/tools/arch failed ([Errno 2] No such file or directory: '/home/builder/src/tmp-glibc/work-shared/target/kernel-source/tools/arch')
With this change it's an error which can not be missed:
ERROR: perf-1.0-r9 do_configure: Path does not exist: /home/builder/src/tmp-glibc/work-shared/target/kernel-source/tools/arch
ERROR: perf-1.0-r9 do_configure: Function failed: copy_perf_source_from_kernel
ERROR: Logfile of failure stored in: /home/builder/src/tmp-glibc/work/target-linux/perf/1.0-r9/temp/log.do_configure.21083
NOTE: recipe perf-1.0-r9: task do_configure: Failed
ERROR: Task (/home/builder/src/poky/meta/recipes-kernel/perf/perf.bb:do_configure) failed with exit code '1'
Signed-off-by: Mikko Rapeli <mikko.rapeli at bmw.de>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/allarch.bbclass | 4 ----
meta/classes/icecc.bbclass | 2 +-
meta/classes/multilib.bbclass | 3 +--
meta/classes/multilib_global.bbclass | 4 +++-
meta/classes/package.bbclass | 9 +++------
meta/classes/staging.bbclass | 2 +-
meta/recipes-extended/screen/screen_4.6.2.bb | 2 +-
.../xorg-driver/xf86-video-intel/glibc.patch | 12 ++++++++++++
meta/recipes-graphics/xorg-driver/xf86-video-intel_git.bb | 1 +
9 files changed, 23 insertions(+), 16 deletions(-)
create mode 100644 meta/recipes-graphics/xorg-driver/xf86-video-intel/glibc.patch
hooks/post-receive
--
More information about the yocto-security
mailing list