[yocto-security] [OE-core CVE] branch pyro-next updated. uninative-1.6-672-gaf9c1b4
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Sun Jan 14 03:12:38 PST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, pyro-next has been updated
discards 1d53d1899cc52e309123bc29911a17a84bb31cbb (commit)
discards 805bc897c352b59b0ca0303496f6f52df5953daf (commit)
via af9c1b4f8ca7fc9792556f2299fdd948b2d51002 (commit)
via 53847bf78eff4b960033b23b15a73676e480ab09 (commit)
via 722821533249a976b5bc03e8c0642bcf352dd6b5 (commit)
via b93a6448a9a2e6eeea37ef70a939efbafa57b3f0 (commit)
via 7f0cba9996e5038a71e6cde39191833e7bcd4264 (commit)
via 393c9f7f74e850b6cb0bb8daf77cb092fec1f576 (commit)
via 7837111b24d36dbe96fb1013e65632b580077bff (commit)
via 9ba82bc5c019d2dc2fcff638100b5081aa28dc15 (commit)
via 97e907b82bcf5bb5f895e772952881ccf79d37b4 (commit)
via 4d6cfb3686f5c9d29368cc28da91249adc3e75d2 (commit)
via 8941140c8aea22eecc18082ef18a56605f40702d (commit)
via 03fb17b4abc2f12ad745d8da9c7ac5f972b92d05 (commit)
via 9dcc089ba058576d61e2c95defa3695287bf8609 (commit)
via 594966f14147edd47f46944060a21e0cff778ba2 (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (1d53d1899cc52e309123bc29911a17a84bb31cbb)
\
N -- N -- N (af9c1b4f8ca7fc9792556f2299fdd948b2d51002)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit af9c1b4f8ca7fc9792556f2299fdd948b2d51002
Author: Khem Raj <raj.khem at gmail.com>
Date: Fri Jan 12 13:47:02 2018 +0200
webkitgtk: update to 2.18.5 (includes Spectre mitigations; see commit description)
This is the only available stable version with mitigation fixes for Spectre.
Webkit upstream developers do not port CVE fixes to earlier stable series,
no exception was made in this case.
More information:
https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/
https://webkitgtk.org/security/WSA-2018-0001.html
https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html
This commit also contains the following commits added in master branch after pyro release:
===
webkitgtk: Upgrade to 2.16.1
Fix build with gcc7
Move all patches to webkit folder
Drop patches that were backports or have been upstreamed
(From OE-Core rev: bfbdd1a2069f199be9ba0909dd512469ff17b65e)
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
===
webkitgtk: remove native python dependency
Using host python seems to be fine.
(From OE-Core rev: 7cf80640f53bd8faa4874c2dad5f630a935475f6)
Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
===
webkitgtk: Fix build for armv5
Detect atomics during configure
(From OE-Core rev: 424ffbde2111130137e307eb9e598ad50451c865)
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
===
webkitgtk: Upgrade to 2.16.3
Use bfd linker on ppc, this is because gold fails to link
webkit libraries when PIE is enabled
(From OE-Core rev: 8808d4b13a946499bc6e84a1be15f53d8ab3f673)
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
===
webkitgtk: Upgrade to 2.16.5
Adjust some dependencies: libgcrypt is now required (instead of gnutls)
and the following build deps where missing: gettext-native, glib-2.0
and glib-2.0-native.
Also the CMake argument ENABLE_CREDENTIAL_STORAGE has been renamed to
USE_LIBSECRET.
This new upstream release (2.16.4 actually) includes security fixes for
CVE: CVE-2017-2538
(From OE-Core rev: ef68005a8c527e9b1d05b7769f0ec8ebe9ec3f91)
Signed-off-by: Carlos Alberto Lopez Perez <clopez at igalia.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
===
webkitgtk: update to 2.16.6
(From OE-Core rev: 198ccdbefa481f725492b5d8834213fe26431be5)
Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
===
webkitgtk: Do not use -isystem forcibly
this causes include_next <stdlib.h> to not find
this header since -isystem <sysroot> is added via
cmake, we alrady are using --sysroot so rely on that
(From OE-Core rev: a0f2d1389a7e76b64003fea391a0cd485ff5fe77)
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
===
webkitgtk: Add a recommends on shared-mime-info.
* without this package installed any WebKitGTK+ based browser
will fail to correctly open html files (and other files)
from disk (file:// URIs). It will open them as plain txt files.
(From OE-Core rev: b708cb53b46d9d82a7853bcd0f25ef6bc417bd10)
Signed-off-by: Carlos Alberto Lopez Perez <clopez at igalia.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
===
webkitgtk: disable gobject-introspection on armv7a
Disable gobject-introspection on armv7a and armv7ve
to avoid do_compile failure:
| qemu: uncaught target signal 11 (Segmentation fault) - core dumped
| Segmentation fault
(From OE-Core rev: bdddd81c8b4eab6bbf7a8697992b48cb5a30ae4a)
Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
===
webkitgtk: update to 2.18.3
gcc7.patch, musl-fixes.patch, and ppc-musl-fix.patch all change code that is no
longer present in upstream tree. However, a patch with different musl fixes
has been added.
The rest of the patches are rebased to the new tree.
Libtasn is a new dependency.
Disable Gstreamer GL support on x86 due to clashing headers problem.
(From OE-Core rev: 3acae2dcd130122fe76504ec855af78db829d6ec)
===
webkitgtk: fix build with musl and x32
Make the x32 check generic to make it work with musl as well.
Fixes [YOCTO #12118]
(From OE-Core rev: dbd604ccf34e304769937b15051c047561de47f7)
===
Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 53847bf78eff4b960033b23b15a73676e480ab09
Author: Otavio Salvador <otavio at ossystems.com.br>
Date: Wed Nov 8 11:17:16 2017 -0200
linux-firmware: Bump to bf04291 revision
This includes following changes:
bf04291 WHENCE: Add new qed firmware
d8fc990 WHENCE: Add new radeon firmware
7245319 WHENCE: Fix syntax error for iwlwifi-8265-31.ucode entry
18d71a8 Revert "ath10k: QCA988X hw2.0: update firmware to 10.2.4.70.63-2"
4ebfab3 ath10k: QCA6174 hw3.0: update board-2.bin
96a7402 ath10k: QCA6174 hw3.0: update firmware-6.bin to WLAN.RM.4.4.1-00051-QCARMSWP-1
59bf7e2 cxgb4: update firmware to revision 1.16.63.0
The MD5 checksum of WHENCE license file was due the changes above as
the firmware versions are listed there. It had no license term
changes.
The following security fixes included too:
CVE-2017-13080 and CVE-2017-13081
- iwlwifi: update firmwares for 3160, 3168, 7265D, 8000C and 8265
- iwlwifi: update firmwares for 3160, 3168, 7260, 7265 and 7265D
which came in with 796c91268eb1b4a24ffb90dd1c681c7d88f5c061
and 1a5fd9460d380acecb6cda96736d975ec8f57f6a in linux-firmwire
Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit aea6ce797cc1b1ecc199979eb12aa42de8ff73d4)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 722821533249a976b5bc03e8c0642bcf352dd6b5
Author: Saul Wold <sgw at linux.intel.com>
Date: Mon Oct 23 15:33:23 2017 -0700
linux-firmware: Split out the QAT firmware
Create a new qat package for those firmware blobs
Signed-off-by: Saul Wold <sgw at linux.intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit b48c746736012cfd85e8263efcf125ecd17ca7bb)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit b93a6448a9a2e6eeea37ef70a939efbafa57b3f0
Author: Mikko Ylinen <mikko.ylinen at linux.intel.com>
Date: Tue Oct 10 15:27:06 2017 +0300
linux-firmware: make i.MX SDMA split complete
The commit to split i.MX SDMA firmware blobs in their
own packages was not complete and results in a failure
when trying to install full linux-firmware:
* Solver encountered 1 problem(s):
* Problem 1/1:
* - nothing provides linux-firmware-imx-sdma-license needed
* by linux-firmware-1:0.0+git0+a61ac5cf83-r0.all
*
* Solution 1:
* - do not ask to install a package providing linux-firmware
Make the split complete by installing the license in
${PN}-imx-sdma-license and have the blob packages depend on it.
Signed-off-by: Mikko Ylinen <mikko.ylinen at linux.intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit 229f70a5f6d29d82e1a7b1f780e2149fb91d5385)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 7f0cba9996e5038a71e6cde39191833e7bcd4264
Author: Otavio Salvador <otavio at ossystems.com.br>
Date: Thu Oct 5 15:00:06 2017 -0300
linux-firmware: Split i.MX SDMA firmwares
This splits out the i.MX SDMA firmwares for i.MX6 and i.MX7 SoCs. This
also includes the required runtime provides, conflicts and replaces
for the old firmware-imx which was provided by NXP BSP layer.
Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit b3f3078fd4349fdf6986dd57e4b04bce03630924)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 393c9f7f74e850b6cb0bb8daf77cb092fec1f576
Author: Tomas Novotny <tomas at novotny.cz>
Date: Tue Sep 26 18:00:41 2017 +0200
linux-firmware: package Broadcom BCM43362 firmware
Signed-off-by: Tomas Novotny <tomas at novotny.cz>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit e013cff66ec364738e5ccb085c1079507de66aaa)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 7837111b24d36dbe96fb1013e65632b580077bff
Author: Stefan Agner <stefan.agner at toradex.com>
Date: Wed Sep 13 16:05:49 2017 -0700
linux-firmware: bump to latest linux-firmware git revision
This requires MD5 sum updates for
- LICENSE.QualcommAtheros_ath10k: year change
- WHENCE: various version updates and addition of new firmwares
The new firmware for Qualcom Venus causes a QA error:
QA Issue: linux-firmware: Recipe inherits the allarch class, but has packaged architecture-specific binaries
Since firmware typically do not run on the CPU, the architecture of
the firmware file is independent from the CPU architecture the image
will be running on. Disable the QA check for the linux-firmware
package by default.
Signed-off-by: Stefan Agner <stefan.agner at toradex.com>
Signed-off-by: California Sullivan <california.l.sullivan at intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit a83dd65e64e9b7fa702927f96947bd3f0537adfd)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 9ba82bc5c019d2dc2fcff638100b5081aa28dc15
Author: Stefan Agner <stefan.agner at toradex.com>
Date: Tue Sep 12 17:07:51 2017 -0700
linux-firmware: package Marvell PCIe WiFi firmwares
Add packages for Marvell Avastar 88W8897 and 88W8997 PCIe WiFi
chips.
Signed-off-by: Stefan Agner <stefan.agner at toradex.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit 75e918d0d4b4cd7908ea5b3c30ca5ea5bf148b75)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 97e907b82bcf5bb5f895e772952881ccf79d37b4
Author: Maciej Pijanowski <maciej.pijanowski at 3mdeb.com>
Date: Sat Aug 19 12:22:57 2017 +0200
linux-firmware: package ibt-firmware
ibt-firmware was not packaged separately and was part of big linux-firmware
package. Packaging allows to install it separately, according to requirements.
Signed-off-by: Maciej Pijanowski <maciej.pijanowski at 3mdeb.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit f1414d6f9c327547023375f9e298f6f021eaee1b)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 4d6cfb3686f5c9d29368cc28da91249adc3e75d2
Author: Maciej Pijanowski <maciej.pijanowski at 3mdeb.com>
Date: Sat Aug 19 12:22:56 2017 +0200
linux-firmware: package iwlfifi-3160-[10-17] firmware
Package iwlwifi-3160-[10-17] firmware from iwlwifi-misc to seperate packages,
so it is possible to install only required firmare package.
Signed-off-by: Maciej Pijanowski <maciej.pijanowski at 3mdeb.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit 2a5966c957a6c2fbe914c1b3be0926ec0e62dab0)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 8941140c8aea22eecc18082ef18a56605f40702d
Author: Tim Orling <timothy.t.orling at linux.intel.com>
Date: Fri Jun 2 08:39:42 2017 -0700
linux-firmware: add support for mt7601u WiFi chip
Mediatek MT7601U is a common 802.11 g/n WiFi USB chip
Signed-off-by: Tim Orling <timothy.t.orling at linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit eb61f7ed04237513216cbff0612ceaa114dffdcc)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 03fb17b4abc2f12ad745d8da9c7ac5f972b92d05
Author: Ricardo Salveti <rsalveti at rsalveti.net>
Date: Fri May 5 17:02:34 2017 -0300
linux-firmware: package Qualcomm QCA firmware
Firmware files for the QCA61x4 ROME BT family chips. Firmware shares the
same license as used by ath10k.
Signed-off-by: Ricardo Salveti <rsalveti at rsalveti.net>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit cc5fa321bb8988344f10f4fbc843e23e5d73fe33)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 9dcc089ba058576d61e2c95defa3695287bf8609
Author: Ng Wei Tee <wei.tee.ng at intel.com>
Date: Thu May 4 19:04:58 2017 -0700
linux-firmware: enable netronome firmware
It was previously disabled, as rpm refused to package it into noarch
package, due to the firmware being considered arch-specific. This
check is disabled in rpm now.
The netronome binaries has ELF headers which will trigger an
arch-specific error. INSANE_SKIP variable is used to skip some
package_qa check usage.
Signed-off-by: Ng Wei Tee <wei.tee.ng at intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit 8b2f6b308019e697c9d3e66969807eb573350d78)
Manual fixup to current base
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 594966f14147edd47f46944060a21e0cff778ba2
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Sun Jan 7 16:59:40 2018 +0000
libunwind: Disable documentation explicitly
We don't have latex2man in HOSTTOOLs so documentaion is never built but this
dependency does cause problems on older releases like morty, pre-HOSTTOOLS.
Document the configuration explicitly in master.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
-----------------------------------------------------------------------
Summary of changes:
.../linux-firmware/linux-firmware_git.bb | 152 +++++++++++++++++++--
1 file changed, 144 insertions(+), 8 deletions(-)
hooks/post-receive
--
More information about the yocto-security
mailing list