[yocto-security] [OE-core CVE] branch pyro updated. uninative-1.6-660-ga70a817

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Sun Jan 14 14:11:28 PST 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, pyro has been updated
       via  a70a8179eb8b8ebb6c9f9dc8fa6f26bb271b2954 (commit)
       via  594966f14147edd47f46944060a21e0cff778ba2 (commit)
      from  9c75151116aa293dc8567c237d7e4da5bdec90e3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a70a8179eb8b8ebb6c9f9dc8fa6f26bb271b2954
Author: Khem Raj <raj.khem at gmail.com>
Date:   Fri Jan 12 13:47:02 2018 +0200

    webkitgtk: update to 2.18.5 (includes Spectre mitigations; see commit description)
    
    This is the only available stable version with mitigation fixes for Spectre.
    Webkit upstream developers do not port CVE fixes to earlier stable series,
    no exception was made in this case.
    
    More information:
    
    https://webkit.org/blog/8048/what-spectre-and-meltdown-mean-for-webkit/
    https://webkitgtk.org/security/WSA-2018-0001.html
    https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html
    
    This commit also contains the following commits added in master branch after pyro release:
    
    ===
    webkitgtk: Upgrade to 2.16.1
    
    Fix build with gcc7
    Move all patches to webkit folder
    Drop patches that were backports or have been upstreamed
    
    (From OE-Core rev: bfbdd1a2069f199be9ba0909dd512469ff17b65e)
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    ===
    webkitgtk: remove native python dependency
    
    Using host python seems to be fine.
    
    (From OE-Core rev: 7cf80640f53bd8faa4874c2dad5f630a935475f6)
    
    Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    ===
    webkitgtk: Fix build for armv5
    
    Detect atomics during configure
    
    (From OE-Core rev: 424ffbde2111130137e307eb9e598ad50451c865)
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    ===
    webkitgtk: Upgrade to 2.16.3
    
    Use bfd linker on ppc, this is because gold fails to link
    webkit libraries when PIE is enabled
    
    (From OE-Core rev: 8808d4b13a946499bc6e84a1be15f53d8ab3f673)
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    ===
    webkitgtk: Upgrade to 2.16.5
    
    Adjust some dependencies: libgcrypt is now required (instead of gnutls)
    and the following build deps where missing: gettext-native, glib-2.0
    and glib-2.0-native.
    
    Also the CMake argument ENABLE_CREDENTIAL_STORAGE has been renamed to
    USE_LIBSECRET.
    
    This new upstream release (2.16.4 actually) includes security fixes for
    CVE: CVE-2017-2538
    
    (From OE-Core rev: ef68005a8c527e9b1d05b7769f0ec8ebe9ec3f91)
    
    Signed-off-by: Carlos Alberto Lopez Perez <clopez at igalia.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    ===
    webkitgtk: update to 2.16.6
    
    (From OE-Core rev: 198ccdbefa481f725492b5d8834213fe26431be5)
    
    Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    ===
    webkitgtk: Do not use -isystem forcibly
    
    this causes include_next <stdlib.h> to not find
    this header since -isystem <sysroot> is added via
    cmake, we alrady are using --sysroot so rely on that
    
    (From OE-Core rev: a0f2d1389a7e76b64003fea391a0cd485ff5fe77)
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    ===
    webkitgtk: Add a recommends on shared-mime-info.
    
     * without this package installed any WebKitGTK+ based browser
       will fail to correctly open html files (and other files)
       from disk (file:// URIs). It will open them as plain txt files.
    
    (From OE-Core rev: b708cb53b46d9d82a7853bcd0f25ef6bc417bd10)
    
    Signed-off-by: Carlos Alberto Lopez Perez <clopez at igalia.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    ===
    webkitgtk: disable gobject-introspection on armv7a
    
    Disable gobject-introspection on armv7a and armv7ve
    to avoid do_compile failure:
    
    | qemu: uncaught target signal 11 (Segmentation fault) - core dumped
    | Segmentation fault
    
    (From OE-Core rev: bdddd81c8b4eab6bbf7a8697992b48cb5a30ae4a)
    
    Signed-off-by: Jackie Huang <jackie.huang at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
    
    ===
    webkitgtk: update to 2.18.3
    
    gcc7.patch, musl-fixes.patch, and ppc-musl-fix.patch all change code that is no
    longer present in upstream tree. However, a patch with different musl fixes
    has been added.
    
    The rest of the patches are rebased to the new tree.
    
    Libtasn is a new dependency.
    
    Disable Gstreamer GL support on x86 due to clashing headers problem.
    
    (From OE-Core rev: 3acae2dcd130122fe76504ec855af78db829d6ec)
    ===
    webkitgtk: fix build with musl and x32
    
    Make the x32 check generic to make it work with musl as well.
    
    Fixes [YOCTO #12118]
    
    (From OE-Core rev: dbd604ccf34e304769937b15051c047561de47f7)
    ===
    
    Signed-off-by: Alexander Kanavin <alexander.kanavin at linux.intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 594966f14147edd47f46944060a21e0cff778ba2
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date:   Sun Jan 7 16:59:40 2018 +0000

    libunwind: Disable documentation explicitly
    
    We don't have latex2man in HOSTTOOLs so documentaion is never built but this
    dependency does cause problems on older releases like morty, pre-HOSTTOOLS.
    Document the configuration explicitly in master.
    
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

-----------------------------------------------------------------------

Summary of changes:
 ...bKitMacros-Append-to-I-and-not-to-isystem.patch | 185 ---------------------
 meta/recipes-sato/webkit/files/musl-fixes.patch    |  48 ------
 meta/recipes-sato/webkit/files/ppc-musl-fix.patch  |  26 ---
 ...Introspection.cmake-prefix-variables-obta.patch |   0
 .../webkitgtk/0001-Fix-build-with-musl.patch       |  77 +++++++++
 ...ix-racy-parallel-build-of-WebKit2-4.0.gir.patch |  23 +--
 ...cmake-drop-the-hardcoded-introspection-gt.patch |   0
 ...c-settings-so-that-gtkdoc-generation-work.patch |  25 +--
 ...bKitMacros-Append-to-I-and-not-to-isystem.patch | 126 ++++++++++++++
 ...ng-introspection-files-add-CMAKE_C_FLAGS-.patch |  24 +--
 .../{files => webkitgtk}/cross-compile.patch       |   0
 .../detect-atomics-during-configure.patch}         |  28 ++--
 .../webkit/webkitgtk/x32_support.patch             |  13 +-
 .../{webkitgtk_2.14.5.bb => webkitgtk_2.18.5.bb}   |  37 +++--
 meta/recipes-support/libunwind/libunwind.inc       |   1 +
 15 files changed, 288 insertions(+), 325 deletions(-)
 delete mode 100644 meta/recipes-sato/webkit/files/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
 delete mode 100644 meta/recipes-sato/webkit/files/musl-fixes.patch
 delete mode 100644 meta/recipes-sato/webkit/files/ppc-musl-fix.patch
 rename meta/recipes-sato/webkit/{files => webkitgtk}/0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch (100%)
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-Fix-build-with-musl.patch
 rename meta/recipes-sato/webkit/{files => webkitgtk}/0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch (78%)
 rename meta/recipes-sato/webkit/{files => webkitgtk}/0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch (100%)
 rename meta/recipes-sato/webkit/{files => webkitgtk}/0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch (60%)
 create mode 100644 meta/recipes-sato/webkit/webkitgtk/0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
 rename meta/recipes-sato/webkit/{files => webkitgtk}/0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch (72%)
 rename meta/recipes-sato/webkit/{files => webkitgtk}/cross-compile.patch (100%)
 rename meta/recipes-sato/webkit/{files/detect_atomics.patch => webkitgtk/detect-atomics-during-configure.patch} (58%)
 rename meta/recipes-sato/webkit/{webkitgtk_2.14.5.bb => webkitgtk_2.18.5.bb} (83%)


hooks/post-receive
--

More information about the yocto-security mailing list