[yocto-security] [OE-core CVE] branch master updated. uninative-2.1-240-g59a0a05
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Tue Jul 3 16:05:32 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master has been updated
via 59a0a05235d80c86251cf45d7142bfc57f2e70d2 (commit)
via 8ae70703f68853a8714a4fb8fa5d959b5e21a02d (commit)
via c37207d0aca5ad1ec2b45813274931be458ee7ed (commit)
via 7cb42ae87ef929bf7e08c559f09dc224c6e3d314 (commit)
via 2e7f3b2b9318d1e5395ad58131eafb873f614326 (commit)
via 069426b0a7a6848a9290cd2e8cdce941d7e3c08c (commit)
via 4b56d6a61bfe4ca28d1301ae83898a979d3df73a (commit)
via 397410d6ca6864c9a956b8a1e602b97f57d0031f (commit)
via c15a7f739a929c3f43f17387c5a950c9d6a02203 (commit)
via 93b0a04d77b0b513fefaa80fb3fb9334c549a76f (commit)
via 5d84441e148a43f42697dc7493d6c37c713fe397 (commit)
via dbbe9c1d1f822cf13a4c16b79bccf6bf5c4b91e4 (commit)
via 3e48ac4a65efca1653d6cd69434b0164af4ef39a (commit)
via 82b2a087e4f0f9ff9e602e7b507be94498a7a73b (commit)
via 4d09b6a411504be78379dff172ef12620204b89a (commit)
via 7aece42c6b4744c54a8eb05ff90bd3bf4fbb14a3 (commit)
via a0d74767f7bd18c853df6b0be162363076d8f965 (commit)
via 47b76dd02007e96fc95099524d43d517daf2aa6e (commit)
via 188f4d258587a8bed9c91922ed8d141dbea4232d (commit)
via ca276fe139129eec383d77768ba91b808c462b04 (commit)
from ae48ee6627e6c1c4f1fcc4ead40edc968e64f7fe (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 59a0a05235d80c86251cf45d7142bfc57f2e70d2
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Tue Jul 3 23:59:19 2018 +0100
multilib: Tweak previous cross-canadian multilib fix
As well as setting RECIPE_SYSROOT we also need to set STAGING_DIR_HOST/TARGET.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 8ae70703f68853a8714a4fb8fa5d959b5e21a02d
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Tue Jul 3 12:06:37 2018 +0100
staging: Always use the default sysroot for allarch recipes
Without this, recipes can't find allarch data files like autoconf-archive.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit c37207d0aca5ad1ec2b45813274931be458ee7ed
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sun Jul 1 15:52:01 2018 -0700
bind: update to ESV version 9.11.3
LIC_FILES_CHKSUM changed do to updated year
removed:
dont-test-on-host.patch, no longer implemented
drop use-python3-and-fix-install-lib-path.patch, they added the ability to pass in lib dir loctions
drop bind-confgen-build-unix.o-once.patch, fix included in update
Refresh other patches:
add python3 flag for PACKAGECONFIG to pull in python
add new config option --with-eddsa=no (needs openssl support not released)
Python support is disaled by default now.
Acked-by: Martin Hundebøll <mnhu at prevas.dk>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 7cb42ae87ef929bf7e08c559f09dc224c6e3d314
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sun Jul 1 15:53:20 2018 -0700
dhcp: update 4.4.1
include several CVE fixes.
CVE: CVE-2018-5733
CVE: CVE-2018-5732
LIC_CHKSUM_FILE updated to SPFX format
https://kb.isc.org/article/AA-01571
remove several patches now included in update.
Shared libarary support is now enabled in configure+lt, use it
and revert to autotools-brokensep
Refresh patches
Aligns support with bind 9.11.x
Add libxml2 support to configure.ac+lt
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 2e7f3b2b9318d1e5395ad58131eafb873f614326
Author: Paulo Neves <ptsneves at gmail.com>
Date: Mon Jul 2 17:03:44 2018 +0200
kernel-devicetree: Corrected normalize_dtb
The normalize_dtb function was buggy because
it only converted from .dts suffix to .dtb
suffix if the user passed a full source path to
KERNEL_DEVICETREE containing the /dts/ path.
The problem is that if the user did that there
would be a warning.
On the othet hand if user just set the variable
KERNEL_DEVICETREE="file.dts" the bbclass translation
to the respective .dtb target did not occur and
make would fail saying it has no rule to make target
file.dts
This patch decouples the logic of having /dts/ in the
path from the target translation.
Signed-off-by: Paulo Neves <ptsneves at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 069426b0a7a6848a9290cd2e8cdce941d7e3c08c
Author: Kai Kang <kai.kang at windriver.com>
Date: Mon Jul 2 09:15:34 2018 +0800
webkitgtk: 2.20.2 -> 2.20.3
Upgrade webkitgtk from 2.20.2 to 2.20.3.
* update context of 0001-WebKitMacros-Append-to-I-and-not-to-isystem.patch
* remove detect-atomics-during-configure.patch that webkitgtk 2.20.3
contains the commit of better solution, see
https://bugs.webkit.org/show_bug.cgi?id=161900#c9
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 4b56d6a61bfe4ca28d1301ae83898a979d3df73a
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 16:18:38 2018 +0800
ghostscript: fix CVE-2018-10194
https://nvd.nist.gov/vuln/detail/CVE-2018-10194
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 397410d6ca6864c9a956b8a1e602b97f57d0031f
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:13 2018 +0800
ncurses: 6.1 -> 6.1+20180630
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit c15a7f739a929c3f43f17387c5a950c9d6a02203
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:12 2018 +0800
libgcrypt: 1.8.2 -> 1.8.3
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 93b0a04d77b0b513fefaa80fb3fb9334c549a76f
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:11 2018 +0800
help2man-native: 1.47.5 -> 1.47.6
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 5d84441e148a43f42697dc7493d6c37c713fe397
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:10 2018 +0800
man-pages: 4.14 -> 4.16
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit dbbe9c1d1f822cf13a4c16b79bccf6bf5c4b91e4
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:09 2018 +0800
elfutils: 0.170 -> 0.172
- Update debian 0.170 patches and rebase them for 0.172;
- Drop 0001-Use-fallthrough-attribute.patch which was
accepted by upstream;
- Drop 0001-Ensure-that-packed-structs-follow-the-gcc-memory-lay.patch
which was backported from upstream;
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 3e48ac4a65efca1653d6cd69434b0164af4ef39a
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:08 2018 +0800
man-db: 2.8.2 -> 2.8.3
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 82b2a087e4f0f9ff9e602e7b507be94498a7a73b
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:07 2018 +0800
gpgme: 1.10.0 -> 1.11.1
License-Update: copyright years updated 2001-2017 -> 2001-2018
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 4d09b6a411504be78379dff172ef12620204b89a
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Jul 2 13:57:06 2018 +0800
gnupg: 2.2.5 -> 2.2.8
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 7aece42c6b4744c54a8eb05ff90bd3bf4fbb14a3
Author: Christopher Larson <chris_larson at mentor.com>
Date: Fri Jun 22 02:09:34 2018 +0500
recipetool: add 'edit' subcommand
This edits the recipe and any bbappends for the specified target.
Signed-off-by: Christopher Larson <chris_larson at mentor.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit a0d74767f7bd18c853df6b0be162363076d8f965
Author: Alex Kiernan <alex.kiernan at gmail.com>
Date: Wed Jun 20 04:23:19 2018 +0000
kernel-fitimage: Make DTB key insertion optional
If UBOOT_DTB_BINARY is empty, then don't try inserting the U-Boot
signing keys into the DTB. In this configuration the keys are expected
to be already present in U-Boot's DTB.
Signed-off-by: Alex Kiernan <alex.kiernan at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 47b76dd02007e96fc95099524d43d517daf2aa6e
Author: Alistair Francis <alistair.francis at wdc.com>
Date: Thu Jun 21 14:26:48 2018 -0700
nspr: Add RISC-V support
Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 188f4d258587a8bed9c91922ed8d141dbea4232d
Author: Alistair Francis <alistair.francis at wdc.com>
Date: Thu Jun 21 14:26:47 2018 -0700
qemu: Add RISC-V support
Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit ca276fe139129eec383d77768ba91b808c462b04
Author: Christopher Larson <chris_larson at mentor.com>
Date: Fri Jun 22 02:08:19 2018 +0500
oe.path: add which_wild function
This is a function much like shutil.which or bb.utils.which, retaining
shutil.which-like function semantics, bb.utils.which's support for
returning available candidates for signatures, and most importantly,
supports wildcards, returning only the first occurrance of each found
pathname in the search path.
Signed-off-by: Christopher Larson <chris_larson at mentor.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/kernel-devicetree.bbclass | 2 +-
meta/classes/kernel-fitimage.bbclass | 2 +-
meta/classes/multilib.bbclass | 2 +
meta/classes/staging.bbclass | 3 +
meta/lib/oe/path.py | 34 +++
...-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch | 13 +-
.../0001-lib-dns-gen.c-fix-too-long-error.patch | 13 +-
.../bind/bind/bind-confgen-build-unix.o-once.patch | 48 ---
...-searching-for-json-headers-searches-sysr.patch | 13 +-
.../bind/bind/dont-test-on-host.patch | 17 --
.../use-python3-and-fix-install-lib-path.patch | 36 ---
.../bind/{bind_9.10.6.bb => bind_9.11.3.bb} | 81 +++---
meta/recipes-connectivity/dhcp/dhcp.inc | 15 +-
...o-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch | 13 +-
.../dhcp/dhcp/0003-link-with-lcrypto.patch | 13 +-
.../dhcp/dhcp/0004-Fix-out-of-tree-builds.patch | 109 ++++---
.../dhcp/0006-site.h-enable-gentle-shutdown.patch | 13 +-
...re-argument-to-make-the-libxml2-dependenc.patch | 40 ++-
.../dhcp/dhcp/0010-build-shared-libs.patch | 208 -------------
...all-to-isc_app_ctxstart-to-not-get-signal.patch | 81 ------
...correct-the-intention-for-xml2-lib-search.patch | 13 +-
.../dhcp/dhcp/0013-fixup_use_libbind.patch | 64 ++++
.../dhcp/dhcp/CVE-2017-3144.patch | 74 -----
.../dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb} | 13 +-
.../{ncurses_6.1.bb => ncurses_6.1+20180630.bb} | 2 +-
.../{elfutils_0.170.bb => elfutils_0.172.bb} | 22 +-
.../elfutils/files/0001-dso-link-change.patch | 8 +-
...0001-libasm-may-link-with-libbz2-if-found.patch | 12 +-
...-elf_cvt_gunhash-if-dest-and-src-are-same.patch | 4 +-
.../elfutils/files/0003-fixheadercheck.patch | 6 +-
.../0004-Disable-the-test-to-convert-euc-jp.patch | 4 +-
.../files/0005-fix-a-stack-usage-warning.patch | 8 +-
.../files/0006-Fix-build-on-aarch64-musl.patch | 4 +-
...-path-where-we-have-str-as-uninitialized-.patch | 12 +-
...de-alternatives-for-glibc-assumptions-hel.patch | 201 ++++++-------
...ferences-between-mips-machine-identifiers.patch | 4 -
.../{arm_backend.diff => 0001-arm_backend.patch} | 322 +++++++++++----------
.../files/debian/0001-disable_werror.patch | 35 +++
.../files/debian/0001-fix-gcc7-ftbfs.patch | 57 ++++
.../{hppa_backend.diff => 0001-hppa_backend.patch} | 170 ++++++-----
...{mips_backend.patch => 0001-mips_backend.patch} | 31 +-
.../files/debian/0001-mips_readelf_w.patch | 39 +++
.../debian/0001-testsuite-ignore-elflint.patch | 57 ++++
...-support-for-mips64-abis-in-mips_retval.c.patch | 3 -
.../0003-Add-mips-n64-relocation-format-hack.patch | 5 +-
.../elfutils/files/debian/hurd_path.patch | 14 +
.../elfutils/files/debian/ignore_strmerge.diff | 11 +
.../elfutils/files/debian/kfreebsd_path.patch | 17 ++
.../elfutils/files/debian/mips_readelf_w.patch | 25 --
...-native_1.47.5.bb => help2man-native_1.47.6.bb} | 4 +-
meta/recipes-devtools/qemu/qemu.inc | 2 +-
...ard-against-trying-to-output-an-infinite-.patch | 49 ++++
.../ghostscript/ghostscript_9.23.bb | 1 +
.../man-db/{man-db_2.8.2.bb => man-db_2.8.3.bb} | 4 +-
.../{man-pages_4.14.bb => man-pages_4.16.bb} | 4 +-
...bKitMacros-Append-to-I-and-not-to-isystem.patch | 12 +-
.../detect-atomics-during-configure.patch | 43 ---
.../{webkitgtk_2.20.2.bb => webkitgtk_2.20.3.bb} | 5 +-
.../gnupg/{gnupg_2.2.5.bb => gnupg_2.2.8.bb} | 4 +-
.../gpgme/gpgme/0001-pkgconfig.patch | 18 +-
...python-gpg-error-config-should-not-be-use.patch | 10 +-
.../0003-Correctly-install-python-modules.patch | 6 +-
.../gpgme/gpgme/0004-python-import.patch | 6 +-
...g-skip-all-lib-or-usr-lib-directories-in-.patch | 6 +-
.../gpgme/gpgme/0006-fix-build-path-issue.patch | 6 +-
.../0007-qt-python-Add-variables-to-tests.patch | 12 +-
.../gpgme/{gpgme_1.10.0.bb => gpgme_1.11.1.bb} | 6 +-
.../{libgcrypt_1.8.2.bb => libgcrypt_1.8.3.bb} | 4 +-
...e-definitions-for-the-RISC-V-architecture.patch | 150 ++++++++++
meta/recipes-support/nspr/nspr_4.19.bb | 1 +
scripts/lib/recipetool/edit.py | 54 ++++
71 files changed, 1240 insertions(+), 1160 deletions(-)
delete mode 100644 meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch
rename meta/recipes-connectivity/bind/{bind_9.10.6.bb => bind_9.11.3.bb} (69%)
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
create mode 100644 meta/recipes-connectivity/dhcp/dhcp/0013-fixup_use_libbind.patch
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
rename meta/recipes-connectivity/dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb} (65%)
rename meta/recipes-core/ncurses/{ncurses_6.1.bb => ncurses_6.1+20180630.bb} (86%)
rename meta/recipes-devtools/elfutils/{elfutils_0.170.bb => elfutils_0.172.bb} (79%)
rename meta/recipes-devtools/elfutils/files/debian/{arm_backend.diff => 0001-arm_backend.patch} (87%)
create mode 100644 meta/recipes-devtools/elfutils/files/debian/0001-disable_werror.patch
create mode 100644 meta/recipes-devtools/elfutils/files/debian/0001-fix-gcc7-ftbfs.patch
rename meta/recipes-devtools/elfutils/files/debian/{hppa_backend.diff => 0001-hppa_backend.patch} (89%)
rename meta/recipes-devtools/elfutils/files/debian/{mips_backend.patch => 0001-mips_backend.patch} (97%)
create mode 100644 meta/recipes-devtools/elfutils/files/debian/0001-mips_readelf_w.patch
create mode 100644 meta/recipes-devtools/elfutils/files/debian/0001-testsuite-ignore-elflint.patch
create mode 100644 meta/recipes-devtools/elfutils/files/debian/hurd_path.patch
create mode 100644 meta/recipes-devtools/elfutils/files/debian/ignore_strmerge.diff
create mode 100644 meta/recipes-devtools/elfutils/files/debian/kfreebsd_path.patch
delete mode 100644 meta/recipes-devtools/elfutils/files/debian/mips_readelf_w.patch
rename meta/recipes-devtools/help2man/{help2man-native_1.47.5.bb => help2man-native_1.47.6.bb} (79%)
create mode 100644 meta/recipes-extended/ghostscript/ghostscript/0001-pdfwrite-Guard-against-trying-to-output-an-infinite-.patch
rename meta/recipes-extended/man-db/{man-db_2.8.2.bb => man-db_2.8.3.bb} (90%)
rename meta/recipes-extended/man-pages/{man-pages_4.14.bb => man-pages_4.16.bb} (87%)
delete mode 100644 meta/recipes-sato/webkit/webkitgtk/detect-atomics-during-configure.patch
rename meta/recipes-sato/webkit/{webkitgtk_2.20.2.bb => webkitgtk_2.20.3.bb} (96%)
rename meta/recipes-support/gnupg/{gnupg_2.2.5.bb => gnupg_2.2.8.bb} (92%)
rename meta/recipes-support/gpgme/{gpgme_1.10.0.bb => gpgme_1.11.1.bb} (93%)
rename meta/recipes-support/libgcrypt/{libgcrypt_1.8.2.bb => libgcrypt_1.8.3.bb} (92%)
create mode 100644 meta/recipes-support/nspr/nspr/0003-Add-type-definitions-for-the-RISC-V-architecture.patch
create mode 100644 scripts/lib/recipetool/edit.py
hooks/post-receive
--
More information about the yocto-security
mailing list