[yocto-security] [OE-core CVE] branch master-next updated. uninative-2.1-239-g4623b26
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Mon Jul 2 14:20:53 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master-next has been updated
via 4623b26d1009cd1be220ab2d6e137346a545e873 (commit)
via 9b2956f6d6455fae3d15f4f2c5271e67ebe20317 (commit)
via 1f574c424ea89c0d8cff840f88815c3fdfa6386d (commit)
via 492ac1a8c009ffb36639a941220fee2e6d196ed0 (commit)
via 21c24c2ca53d665231c5c7588e41e624ac404821 (commit)
via aa16d16908073cba8a2d4b5f3b0d2e5915289d5f (commit)
via 1c8cadb53b33c792e698cd731883b86439a4235e (commit)
via 9ee4bcbf224e4981777542eb871f0dc5a666f685 (commit)
via 5bb1d5aa1d8fccdc8844aba722aa7779c6adfc5e (commit)
via 13963827ceba83761f21e1fb31ba2158f5d1656b (commit)
via 430a0c80aedd0445dd6b230f763bc58bc042dc23 (commit)
via f302a473e6931bc741b2cfb12c44925ed7c2a815 (commit)
via cd82f709db5696897603054df5ccccec07cd6857 (commit)
via 23300a8843d21b47f82b6a775688a732e28609a9 (commit)
via 115b775ea15c2f9147de466cee2ac22f2402452e (commit)
via 76f6cf2fdb0c81679055dc18c1ba8d9e195889ac (commit)
via 47b76dd02007e96fc95099524d43d517daf2aa6e (commit)
via 188f4d258587a8bed9c91922ed8d141dbea4232d (commit)
via ca276fe139129eec383d77768ba91b808c462b04 (commit)
from ae48ee6627e6c1c4f1fcc4ead40edc968e64f7fe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4623b26d1009cd1be220ab2d6e137346a545e873
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sun Jul 1 15:52:01 2018 -0700
bind: update to ESV version 9.11.3
LIC_FILES_CHKSUM changed do to updated year
removed:
dont-test-on-host.patch, no longer implemented
drop use-python3-and-fix-install-lib-path.patch, they added the ability to pass in lib dir loctions
drop bind-confgen-build-unix.o-once.patch, fix included in update
Refresh other patches:
add python3 flag for PACKAGECONFIG to pull in python
add new config option --with-eddsa=no (needs openssl support not released)
[v2]
Remove python3 in default PACKACKECONFIG
include https://patchwork.openembedded.org/patch/148257/
Because of the newly added dependency on meta-python, the python(3)
packageconfig is no longer "default-on".
Signed-off-by: Martin Hundebøll <mnhu at prevas.dk>
[v3]
Made formating and spelling changes per Martin
[v4]
Minor typo fixes
cleanup python3 support
[v5]
swtich to 9.11.3 ESV version
fix isc python install
keep *.la for dhcp
update config options
move mdig to same location as dig
[v6]
remove incorrect PYTHON_SITEPACKAGES_DIR inclusion
python3-ply rdepend belongs with pytho3-bind package
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Acked-by: Martin Hundebøll <mnhu at prevas.dk>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 9b2956f6d6455fae3d15f4f2c5271e67ebe20317
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sun Jul 1 15:53:20 2018 -0700
dhcp: update 4.4.1
include several CVE fixes.
CVE: CVE-2018-5733
CVE: CVE-2018-5732
LIC_CHKSUM_FILE updated to SPFX format
https://kb.isc.org/article/AA-01571
remove several patches now included in update.
Shared libarary support is now enabled in configure+lt, use it
and revert to autotools-brokensep
Refresh patches
aligns support with bind 9.11.x
add libxml2 support to configure.ac+lt
[v2]
cleaned up do_configure per feedback
fix hard coded lib & include patch
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 1f574c424ea89c0d8cff840f88815c3fdfa6386d
Author: Paulo Neves <ptsneves at gmail.com>
Date: Mon Jul 2 17:03:44 2018 +0200
kernel-devicetree: Corrected normalize_dtb
The normalize_dtb function was buggy because
it only converted from .dts suffix to .dtb
suffix if the user passed a full source path to
KERNEL_DEVICETREE containing the /dts/ path.
The problem is that if the user did that there
would be a warning.
On the othet hand if user just set the variable
KERNEL_DEVICETREE="file.dts" the bbclass translation
to the respective .dtb target did not occur and
make would fail saying it has no rule to make target
file.dts
This patch decouples the logic of having /dts/ in the
path from the target translation.
Signed-off-by: Paulo Neves <ptsneves at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 492ac1a8c009ffb36639a941220fee2e6d196ed0
Author: Kai Kang <kai.kang at windriver.com>
Date: Mon Jul 2 09:15:34 2018 +0800
webkitgtk: 2.20.2 -> 2.20.3
Upgrade webkitgtk from 2.20.2 to 2.20.3.
* update context of 0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
* remove detect-atomics-during-configure.patch that webkitgtk 2.20.3
contains the commit of better solution, see
https://bugs.webkit.org/show_bug.cgi?id=161900#c9
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 21c24c2ca53d665231c5c7588e41e624ac404821
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 16:18:38 2018 +0800
ghostscript: fix CVE-2018-10194
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit aa16d16908073cba8a2d4b5f3b0d2e5915289d5f
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:13 2018 +0800
ncurses: 6.1 -> 6.1+20180630
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 1c8cadb53b33c792e698cd731883b86439a4235e
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:12 2018 +0800
libgcrypt: 1.8.2 -> 1.8.3
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 9ee4bcbf224e4981777542eb871f0dc5a666f685
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:11 2018 +0800
help2man-native: 1.47.5 -> 1.47.6
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 5bb1d5aa1d8fccdc8844aba722aa7779c6adfc5e
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:10 2018 +0800
man-pages: 4.14 -> 4.16
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 13963827ceba83761f21e1fb31ba2158f5d1656b
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:09 2018 +0800
elfutils: 0.170 -> 0.172
- Update debian 0.170 patches and rebase them for 0.172;
- Drop 0001-Use-fallthrough-attribute.patch which was
accepted by upstream;
- Drop 0001-Ensure-that-packed-structs-follow-the-gcc-memory-lay.patch
which was backported from upstream;
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 430a0c80aedd0445dd6b230f763bc58bc042dc23
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:08 2018 +0800
man-db: 2.8.2 -> 2.8.3
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit f302a473e6931bc741b2cfb12c44925ed7c2a815
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:07 2018 +0800
gpgme: 1.10.0 -> 1.11.1
License-Update: copyright years updated 2001-2017 -> 2001-2018
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit cd82f709db5696897603054df5ccccec07cd6857
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:06 2018 +0800
gnupg: 2.2.5 -> 2.2.8
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 23300a8843d21b47f82b6a775688a732e28609a9
Author: Christopher Larson <chris_larson at mentor.com>
Date: Fri Jun 22 02:09:34 2018 +0500
recipetool: add 'edit' subcommand
This edits the recipe and any bbappends for the specified target.
Signed-off-by: Christopher Larson <chris_larson at mentor.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 115b775ea15c2f9147de466cee2ac22f2402452e
Author: Alex Kiernan <alex.kiernan at gmail.com>
Date: Wed Jun 20 04:23:19 2018 +0000
kernel-fitimage: Make DTB key insertion optional
If UBOOT_DTB_BINARY is empty, then don't try inserting the U-Boot
signing keys into the DTB. In this configuration the keys are expected
to be already present in U-Boot's DTB.
Signed-off-by: Alex Kiernan <alex.kiernan at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 76f6cf2fdb0c81679055dc18c1ba8d9e195889ac
Author: Joe Slater <joe.slater at windriver.com>
Date: Fri Jun 22 12:23:16 2018 -0700
mdadm: fix format-overflow
nb[] is not quite big enough.
Signed-off-by: Joe Slater <joe.slater at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 47b76dd02007e96fc95099524d43d517daf2aa6e
Author: Alistair Francis <alistair.francis at wdc.com>
Date: Thu Jun 21 14:26:48 2018 -0700
nspr: Add RISC-V support
Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 188f4d258587a8bed9c91922ed8d141dbea4232d
Author: Alistair Francis <alistair.francis at wdc.com>
Date: Thu Jun 21 14:26:47 2018 -0700
qemu: Add RISC-V support
Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit ca276fe139129eec383d77768ba91b808c462b04
Author: Christopher Larson <chris_larson at mentor.com>
Date: Fri Jun 22 02:08:19 2018 +0500
oe.path: add which_wild function
This is a function much like shutil.which or bb.utils.which, retaining
shutil.which-like function semantics, bb.utils.which's support for
returning available candidates for signatures, and most importantly,
supports wildcards, returning only the first occurrance of each found
pathname in the search path.
Signed-off-by: Christopher Larson <chris_larson at mentor.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/kernel-devicetree.bbclass | 2 +-
meta/classes/kernel-fitimage.bbclass | 2 +-
meta/lib/oe/path.py | 34 +++
...-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch | 13 +-
.../0001-lib-dns-gen.c-fix-too-long-error.patch | 13 +-
.../bind/bind/bind-confgen-build-unix.o-once.patch | 48 ---
...-searching-for-json-headers-searches-sysr.patch | 13 +-
.../bind/bind/dont-test-on-host.patch | 17 --
.../use-python3-and-fix-install-lib-path.patch | 36 ---
.../bind/{bind_9.10.6.bb => bind_9.11.3.bb} | 81 +++---
meta/recipes-connectivity/dhcp/dhcp.inc | 15 +-
...o-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch | 13 +-
.../dhcp/dhcp/0003-link-with-lcrypto.patch | 13 +-
.../dhcp/dhcp/0004-Fix-out-of-tree-builds.patch | 109 ++++---
.../dhcp/0006-site.h-enable-gentle-shutdown.patch | 13 +-
...re-argument-to-make-the-libxml2-dependenc.patch | 40 ++-
.../dhcp/dhcp/0010-build-shared-libs.patch | 208 -------------
...all-to-isc_app_ctxstart-to-not-get-signal.patch | 81 ------
...correct-the-intention-for-xml2-lib-search.patch | 13 +-
.../dhcp/dhcp/0013-fixup_use_libbind.patch | 64 ++++
.../dhcp/dhcp/CVE-2017-3144.patch | 74 -----
.../dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb} | 13 +-
.../{ncurses_6.1.bb => ncurses_6.1+20180630.bb} | 2 +-
.../{elfutils_0.170.bb => elfutils_0.172.bb} | 22 +-
.../elfutils/files/0001-dso-link-change.patch | 8 +-
...0001-libasm-may-link-with-libbz2-if-found.patch | 12 +-
...-elf_cvt_gunhash-if-dest-and-src-are-same.patch | 4 +-
.../elfutils/files/0003-fixheadercheck.patch | 6 +-
.../0004-Disable-the-test-to-convert-euc-jp.patch | 4 +-
.../files/0005-fix-a-stack-usage-warning.patch | 8 +-
.../files/0006-Fix-build-on-aarch64-musl.patch | 4 +-
...-path-where-we-have-str-as-uninitialized-.patch | 12 +-
...de-alternatives-for-glibc-assumptions-hel.patch | 201 ++++++-------
...ferences-between-mips-machine-identifiers.patch | 4 -
.../{arm_backend.diff => 0001-arm_backend.patch} | 322 +++++++++++----------
.../files/debian/0001-disable_werror.patch | 35 +++
.../files/debian/0001-fix-gcc7-ftbfs.patch | 57 ++++
.../{hppa_backend.diff => 0001-hppa_backend.patch} | 170 ++++++-----
...{mips_backend.patch => 0001-mips_backend.patch} | 31 +-
.../files/debian/0001-mips_readelf_w.patch | 39 +++
.../debian/0001-testsuite-ignore-elflint.patch | 57 ++++
...-support-for-mips64-abis-in-mips_retval.c.patch | 3 -
.../0003-Add-mips-n64-relocation-format-hack.patch | 5 +-
.../elfutils/files/debian/hurd_path.patch | 14 +
.../elfutils/files/debian/ignore_strmerge.diff | 11 +
.../elfutils/files/debian/kfreebsd_path.patch | 17 ++
.../elfutils/files/debian/mips_readelf_w.patch | 25 --
...-native_1.47.5.bb => help2man-native_1.47.6.bb} | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 2 +-
...ard-against-trying-to-output-an-infinite-.patch | 49 ++++
.../ghostscript/ghostscript_9.23.bb | 1 +
.../man-db/{man-db_2.8.2.bb => man-db_2.8.3.bb} | 4 +-
.../{man-pages_4.14.bb => man-pages_4.16.bb} | 4 +-
...pecify-enough-length-when-write-to-buffer.patch | 6 +-
...bKitMacros-Append-to-I-and-not-to-isystem.patch | 12 +-
.../detect-atomics-during-configure.patch | 43 ---
.../{webkitgtk_2.20.2.bb => webkitgtk_2.20.3.bb} | 5 +-
.../gnupg/{gnupg_2.2.5.bb => gnupg_2.2.8.bb} | 4 +-
.../gpgme/gpgme/0001-pkgconfig.patch | 18 +-
...python-gpg-error-config-should-not-be-use.patch | 10 +-
.../0003-Correctly-install-python-modules.patch | 6 +-
.../gpgme/gpgme/0004-python-import.patch | 6 +-
...g-skip-all-lib-or-usr-lib-directories-in-.patch | 6 +-
.../gpgme/gpgme/0006-fix-build-path-issue.patch | 6 +-
.../0007-qt-python-Add-variables-to-tests.patch | 12 +-
.../gpgme/{gpgme_1.10.0.bb => gpgme_1.11.1.bb} | 6 +-
.../{libgcrypt_1.8.2.bb => libgcrypt_1.8.3.bb} | 4 +-
...e-definitions-for-the-RISC-V-architecture.patch | 150 ++++++++++
meta/recipes-support/nspr/nspr_4.19.bb | 1 +
scripts/lib/recipetool/edit.py | 54 ++++
70 files changed, 1240 insertions(+), 1161 deletions(-)
delete mode 100644 meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch
rename meta/recipes-connectivity/bind/{bind_9.10.6.bb => bind_9.11.3.bb} (69%)
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
create mode 100644 meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
rename meta/recipes-connectivity/dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb} (65%)
rename meta/recipes-core/ncurses/{ncurses_6.1.bb => ncurses_6.1+20180630.bb} (86%)
rename meta/recipes-devtools/elfutils/{elfutils_0.170.bb => elfutils_0.172.bb} (79%)
rename meta/recipes-devtools/elfutils/files/debian/{arm_backend.diff => 0001-arm_backend.patch} (87%)
create mode 100644 meta/recipes-devtools/elfutils/files/debian/0001-disable_werror.patch
create mode 100644 meta/recipes-devtools/elfutils/files/debian/0001-fix-gcc7-ftbfs.patch
rename meta/recipes-devtools/elfutils/files/debian/{hppa_backend.diff => 0001-hppa_backend.patch} (89%)
rename meta/recipes-devtools/elfutils/files/debian/{mips_backend.patch => 0001-mips_backend.patch} (97%)
create mode 100644 meta/recipes-devtools/elfutils/files/debian/0001-mips_readelf_w.patch
create mode 100644 meta/recipes-devtools/elfutils/files/debian/0001-testsuite-ignore-elflint.patch
create mode 100644 meta/recipes-devtools/elfutils/files/debian/hurd_path.patch
create mode 100644 meta/recipes-devtools/elfutils/files/debian/ignore_strmerge.diff
create mode 100644 meta/recipes-devtools/elfutils/files/debian/kfreebsd_path.patch
delete mode 100644 meta/recipes-devtools/elfutils/files/debian/mips_readelf_w.patch
rename meta/recipes-devtools/help2man/{help2man-native_1.47.5.bb => help2man-native_1.47.6.bb} (79%)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/0001-pdfwrite-Guard-against-trying-to-output-an-infinite-.patch
rename meta/recipes-extended/man-db/{man-db_2.8.2.bb => man-db_2.8.3.bb} (90%)
rename meta/recipes-extended/man-pages/{man-pages_4.14.bb => man-pages_4.16.bb} (87%)
delete mode 100644 meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch
rename meta/recipes-sato/webkit/{webkitgtk_2.20.2.bb => webkitgtk_2.20.3.bb} (96%)
rename meta/recipes-support/gnupg/{gnupg_2.2.5.bb => gnupg_2.2.8.bb} (92%)
rename meta/recipes-support/gpgme/{gpgme_1.10.0.bb => gpgme_1.11.1.bb} (93%)
rename meta/recipes-support/libgcrypt/{libgcrypt_1.8.2.bb => libgcrypt_1.8.3.bb} (92%)
create mode 100644 meta/recipes-support/nspr/nspr/0003-Add-type-definitions-for-the-RISC-V-architecture.patch
create mode 100644 scripts/lib/recipetool/edit.py
hooks/post-receive
--
More information about the yocto-security
mailing list