[yocto-security] [OE-core CVE] branch master-next updated. uninative-2.2-234-g8d7e3cb
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Tue Aug 14 08:35:35 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master-next has been updated
discards 9a8bc95019f29bd03538ed80fa4c4d978e1253b7 (commit)
discards e286aacc19daa91fb2a68df61ba1531da7b1814b (commit)
discards 16bcef2b42cc6272b8dcd99e5e805c4c07c70f95 (commit)
discards 50b7b2b08e78c020a8579f06dfcc13907cd46ef7 (commit)
discards 131a88860fe5ac71610cbb91a01562e9133c5676 (commit)
discards 989cc3ad8dbbef033b993dcfb2c7c4f584edd752 (commit)
discards ca5a4bf046df3b8ecfd89e71104d3ac64091710e (commit)
discards 4447079eee66473809833f430e4e1d798bbb135b (commit)
discards 1a2bd92edf61231e87a1237ece3442cfe94d8bee (commit)
discards d83e0bf25e93a44ca065dedb2e07a0bcd7c2b5e4 (commit)
discards 64267a21ada6ef080ad4e3cf1bfb2d9ca3f963ad (commit)
discards de0628f4e99d3be33f83338c243bea3fe43b6445 (commit)
discards 73c211363eb008c7bbdec58410935bdc5ee639da (commit)
discards 632d9c07e3955c380771d401c82a73ab61b83f3b (commit)
discards ec308b3a37d976c8fd6b4ab70bbda7d3abe7f413 (commit)
discards c0c29e1a3585da89a623f6037cf04bf8a02a9b0f (commit)
discards 6fcd9aa540ed1a288985b6995d18887c689e5a48 (commit)
discards 9861066e5048ca9b9973c760fad23ea113fc4e6e (commit)
discards d722097d06892f59bee19e024c3434dc3c70b706 (commit)
discards 4f994cd44d8d51e23bd6eff8a4e180e91b135ab5 (commit)
discards c9ee65e397abb56d9eb506f9608ef242061479cc (commit)
discards 8e35a771909805fed53b145607faaa3d06faba7d (commit)
discards 3fd99d5a295d179862172278b442b49a2119cb57 (commit)
discards 909539bc3d10aa86ad79e9894aa57c0c51311e7f (commit)
discards eacf40dc0c53aad011324191e06f7e7cb6fd9b1f (commit)
discards 6a8d3dba3dd737faadfee34df560a06e7deefd80 (commit)
discards 1afe5987f1486ec62ef8562e3d24f24f7ae76a33 (commit)
discards 8ffe08ce63f1f0fbe72504c64bca37acd9849ee0 (commit)
discards f7ee98927810bd0efb59f17c24b6ae53d2d3272f (commit)
discards de56eb3423461852fe91ba64abadf3855771a3c2 (commit)
discards 1d3458c42261c313f892ee37990e73938681f6a1 (commit)
discards 253ab402527293d09622d21f167c0fc97048015f (commit)
discards fd4f61b8b7a91f642310504f8ed554a1b563fc28 (commit)
discards aff18c3e790597106c390f5026e191d138a560d4 (commit)
discards 4cf08d623dc69b9293d0a7e459e221dcb4837a99 (commit)
discards 98f6972be1930e12ad7cace43fb5c6d89901bddb (commit)
discards 21c276c12931e6b698c1701519a944d7fde226a2 (commit)
discards 17098c53c10e71d95afa5d96eef310c0e886d0b5 (commit)
discards dfd56a0f4b57e9294a6ff7ebb2f05b98a01f55a1 (commit)
discards d51384218c39c7bfbb1118b4c349cf8446a8e8a4 (commit)
discards e733de3f5d0221ffb57a99cdd024c56dcd9c7257 (commit)
discards 4b079b803867c3e3f7d68d816b072f4de40944dd (commit)
discards 160a6cf7a60bfe9d5173086ac6c63e9796e4b389 (commit)
discards 021941fc408880352e2b6b171fa4cfa2d3e614c5 (commit)
discards ab6862d9cfa8e7ef2371af03bdbb5be28e16b3c3 (commit)
discards a67a1fc3089ecb0385ff7c31514e8d4312cb2855 (commit)
via 8d7e3cbdaba57d0bfe91227f6608b19eab977bde (commit)
via 5dfb4c839b2baf0e8299b23cc894879c2b218ba5 (commit)
via cd1fb12f8ea7f64e44766b47e616d8011cf7655d (commit)
via d28162de61c74b26df310eba7c495f6755a10d9a (commit)
via 8dc9830d51ccb4beba2253851cf1ac386c5324cc (commit)
via 431b40b92188749cc70cf313f33f3a686b90aed6 (commit)
via 3270a834498110cba3fe0f1914cdd70467ce3111 (commit)
via 87f2683ca19182dbffe48dc70a1f2628658fc08d (commit)
via 0842bd7093040d1f99ffa0523b993341653b1c87 (commit)
via 6146b8c4216daf56a69f4e3531861302df6a63a2 (commit)
via 600b1f7da1bc308a52b566b77c994a90ed744b7e (commit)
via e0ed7d74e61294a986f72a531b23f7e67922de29 (commit)
via d1e02516dcce977a06320fcca968613466e43f29 (commit)
via da8bf414922ce7af865fadc4a86fd96ab6262506 (commit)
via d04703aef55e01c59329fc54660724e053f3f66c (commit)
via a6295bc505df635ab3b66100d4ee7567c49f907e (commit)
via b689c72ad2dc84b8bb55ecbf72d95701707b9bb3 (commit)
via e2b8a3d5a10868f9c0dec8d7b9f5f89fdd100fc8 (commit)
via 9e291d9923efc988abe8689c64bafbb29da06339 (commit)
via d86da5ae386a8129a966a53901de160823f4d250 (commit)
via 3c05c8fff779bd190b31fa8aa16b7a1b24420a60 (commit)
via c392dabefc431dbfb31d6a1465c75ba9cc765804 (commit)
via df3a2e21648d6b649ebda7e6032afbd63c939f2b (commit)
via 95162276b169b84d61eaa73416cf0838a0a8a8bd (commit)
via 2c480b363ae80dcc55ec0228f8af0311e023fbf4 (commit)
via fbb2df435140eafc3fe1ca7419398e3b5ef273c8 (commit)
via b13fa9bf966bb6f132e82b94bf1ecf4b2e095dbe (commit)
via 49f979b13f1bc6ece0f343d41421aba43f8d9e21 (commit)
via 41688279cba3a5afc4fdc65fd245b9bb6ada695e (commit)
via 4af10fe67a31368163bb5d468ee2c5a85ce0fff3 (commit)
via 69315177732a1d260a3315fe8c4c4c44653ae0c8 (commit)
via b3fe71af20997921360b6ac7d100b5baf9708d53 (commit)
via f474a7ed02acaffe5d0fcc67e06dde17fc8e4d0e (commit)
via b159cb615feb7f27f8d2afc71f547742bb19cde0 (commit)
via 4eceae7e3e6dab935e2cf49b75148139192fc6e7 (commit)
via 5dffd5403664dfcc9e8e42fd3581d5cb70823d7e (commit)
via ed550a49d2114c56e5bc033ecd0e83073d2d4067 (commit)
via 05f6042a40bb772f7ce8d6819c5b2937d8c9808d (commit)
via b3b1e1881240b8e2a32dd5c1dc3b7387f0819576 (commit)
via cb42802f2fe1760f894a435b07286bca3a220364 (commit)
via ba88fe46d47846042518a5a1017d782ba548202c (commit)
via e5bde3d466869df9fce559e49842ac245153d045 (commit)
via 70b41b3c335a80b4ac243f468f22331d261299db (commit)
via 90ad502bf8faa233e25cf297c1eeefcb0367aea3 (commit)
via dc13bf30b54855f1db07b415fa4395f7e0bfc4db (commit)
via 92c79abfdedb4b9f16191e253cf2dcec9e2f0cfb (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (9a8bc95019f29bd03538ed80fa4c4d978e1253b7)
\
N -- N -- N (8d7e3cbdaba57d0bfe91227f6608b19eab977bde)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 8d7e3cbdaba57d0bfe91227f6608b19eab977bde
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Mon Aug 13 12:44:05 2018 +0000
glibc: Fix locale archive path patch
The locale code uses the archive location in two places, ensure both are
corrected to use the environment variable which avoids nasty build
failures when archiving locales in images.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 5dfb4c839b2baf0e8299b23cc894879c2b218ba5
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Mon Aug 13 11:40:03 2018 +0000
image: Add locale archive optimisation
Refactor the locale archive function from the SDK to also make it work during
general image creation. This reduces the size of the locales from 900MB to 220MB
in core-image-lsb-sdk.
The exception handling around subprocess was dropped as the standard subprocess
exception printing is better handled than the catchall exception.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit cd1fb12f8ea7f64e44766b47e616d8011cf7655d
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Sun Aug 12 22:29:18 2018 +0000
selftest/package: Add test to ensure sparse files are preserved
Add a new element to the hardlink test to check we also preseve file
sparseness during the packing process. This should ensure we don't regress this
issue again.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit d28162de61c74b26df310eba7c495f6755a10d9a
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Sat Aug 11 16:07:18 2018 +0000
xf86-video-intel: Fix for glibc
It fails to build wi9th glibc 2.28, add the missing required header inclusion.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 8dc9830d51ccb4beba2253851cf1ac386c5324cc
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Sat Aug 11 16:06:54 2018 +0000
screen: Add virtual/crypt dependency
screen uses crypt() so add the missing DEPENDS triggered by glibc 2.28.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 431b40b92188749cc70cf313f33f3a686b90aed6
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Sat Aug 11 11:30:28 2018 +0100
glibc: Add make-native depends
glibc needs make >= 4 yet some of our build workers have older versions of
make. Add a make-native dependency to work around this until all our supported
distros have a recent version of make.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 3270a834498110cba3fe0f1914cdd70467ce3111
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Tue Jul 10 18:57:56 2018 +0100
oe-selftest: quick hack to test
(From OE-Core rev: aa5fd58151b4bee84ebdb3e93fec8960312acd5d)
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 87f2683ca19182dbffe48dc70a1f2628658fc08d
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:25 2018 -0700
sysvinit: Fix build with glibc 2.28 + libxcrypt
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 0842bd7093040d1f99ffa0523b993341653b1c87
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:24 2018 -0700
ppp, libpam: Add missing dep on virtual/crypt
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 6146b8c4216daf56a69f4e3531861302df6a63a2
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:22 2018 -0700
glibc: Disable crypt support in glibc
Drop packaging libcrypt from 2.28+ onwards
We have independent crypt implementation coming from libxcrypt
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 600b1f7da1bc308a52b566b77c994a90ed744b7e
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:21 2018 -0700
libxcrypt: Upgrade to 4.1.1
license update: Remove CDDL code with Public Domain pieces
https://github.com/besser82/libxcrypt/commit/c76847e3be40c4ac0d78bc8518502418c6207144#diff-fdcb2380ff1eeea2e5795ec115ba1c0d
inherit pkgconfig as it uses pkg-config during build
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit e0ed7d74e61294a986f72a531b23f7e67922de29
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:20 2018 -0700
libxcrypt: Provide virtual/crypt for target and native as well
virtual/crypt for musl will come from libc itself
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit d1e02516dcce977a06320fcca968613466e43f29
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:19 2018 -0700
cross-localedef-native: Update to build with glibc 2.28
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit da8bf414922ce7af865fadc4a86fd96ab6262506
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Aug 8 10:04:18 2018 -0700
glibc: Upgrade to 2.28
License-Update: libidn is dropped from glibc and a testcase that was a particular contributor copyrighted
see
https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=LICENSES;h=0e3a9fe39b26e97038d92f904508a4c3aa1bb43b;hp=b29efe01084af28cc40953d7317f22927c0ee3b7;hb=5a357506659f9a00fcf5bc9c5d8fc676175c89a7;hpb=7279af007c420a9d5f88a6909d11e7cb712c16a4
https://sourceware.org/git/?p=glibc.git;a=blobdiff;f=LICENSES;h=b29efe01084af28cc40953d7317f22927c0ee3b7;hp=80f7f1487947f57815b9fe076fadc8c7f94eeb8e;hb=7f9f1ecb710eac4d65bb02785ddf288cac098323;hpb=5f7b841d3aebdccc2baed27cb4b22ddb08cd7c0c
Drop upstreamed and backported patches
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit d04703aef55e01c59329fc54660724e053f3f66c
Author: Martin Jansa <martin.jansa at gmail.com>
Date: Thu Aug 9 12:16:59 2018 +0000
dropbear.inc: add dependency on virtual/crypt to fix build with glibc-2.28
configure tests crypt() existence with:
dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
dnl but we don't want link all binaries to -lcrypt, just dropbear server.
dnl OS X doesn't need -lcrypt
AC_CHECK_FUNC(crypt, found_crypt_func=here)
AC_CHECK_LIB(crypt, crypt,
[
CRYPTLIB="-lcrypt"
found_crypt_func=here
])
AC_SUBST(CRYPTLIB)
if test "t$found_crypt_func" = there; then
AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
fi
but that silently fails with glibc-2.28 and a bit later do_compile fails with;
http://errors.yoctoproject.org/Errors/Details/185895/
../dropbear-2018.76/sysoptions.h:237:3: error: #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
#error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
^~~~~
Add dependency on virtual/crypt so that do_configure detects it correctly.
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit a6295bc505df635ab3b66100d4ee7567c49f907e
Author: Martin Jansa <martin.jansa at gmail.com>
Date: Thu Aug 9 11:44:47 2018 +0000
glide: add INSANE_SKIP for textrel
* I'm not using glide, so I'm not going to fix it proplerly,
it was just bothering me in world builds
* this is reproducible only with ptest in DISTRO_FEATUREs (for aarch64
issue) and included security_flags.inc, more specifically with the PIE
flags, so alternative work around is:
SECURITY_CFLAGS_pn-glide = "${SECURITY_NOPIE_CFLAGS}"
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit b689c72ad2dc84b8bb55ecbf72d95701707b9bb3
Author: Martin Jansa <martin.jansa at gmail.com>
Date: Thu Aug 9 11:44:46 2018 +0000
go(-dep): add INSANE_SKIP for textrel
* I'm not using go or go-dep, so I'm not going to fix it proplerly,
it was just bothering me in world builds
* this is reproducible only with ptest in DISTRO_FEATUREs (for aarch64
issue) and included security_flags.inc, more specifically with the PIE
flags, so alternative work around is:
SECURITY_CFLAGS_pn-go = "${SECURITY_NOPIE_CFLAGS}"
SECURITY_CFLAGS_pn-go-dep = "${SECURITY_NOPIE_CFLAGS}"
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
-----------------------------------------------------------------------
Summary of changes:
hooks/post-receive
--
More information about the yocto-security
mailing list