[yocto-security] [OE-core CVE] branch master-next updated. uninative-2.1-179-gdabac13
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Mon Jun 25 00:31:58 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master-next has been updated
via dabac132b49968c1982a98bf868b9b4b5d1b7d2b (commit)
via b67acb04ca0aa5cf2d61ec34c612585d16821895 (commit)
via 2aef5fa84e2bdb705df49302fe61145ac48a8d95 (commit)
via 45163ac66893284db6f126cbb748ba4ef2686700 (commit)
via d01a97fb4bea7118d9837a733b1dbfff1e9298ec (commit)
via 4cbcb230ad3724b7089907c7bbd1f0e444734749 (commit)
via d72feae5c79abfc9c08141ae72727c5891f1a0a9 (commit)
via 21a4bc39cb5d9b1330015801689e66de14d8ed4c (commit)
via c21b5602e284f62c52e30f997c03cc437d7af575 (commit)
via 787e69366d2399c1645a66ffa14e0feeaa3287b9 (commit)
via 4040fe4cab797bd8d3cf21d1fbd4e6e8dc7bfabf (commit)
via 8935d23feb08c77832c9b3095cae00044f207ad9 (commit)
from 8893711cb4d11685ebe5a71a717c3b9afcb49851 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit dabac132b49968c1982a98bf868b9b4b5d1b7d2b
Author: Martin Jansa <martin.jansa at gmail.com>
Date: Fri Jun 22 00:27:56 2018 +0000
mdadm: fix one more issue when building with gcc8
Signed-off-by: Martin Jansa <Martin.Jansa at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit b67acb04ca0aa5cf2d61ec34c612585d16821895
Author: Damien Riegel <damien.riegel at savoirfairelinux.com>
Date: Fri Jun 22 14:43:02 2018 -0400
systemd: escape paths passed to shell
Systemd mount configuration file must have a name that match the mount
point directory they control. So for instance, if a mount file contains
[Mount]
...
Where=/mnt/my-data
The file must be named `mnt-my\x2ddata.mount`, or systemd will refuse to
honour it.
If this config file contains an [Install] section, it will silently fail
because the unit file is not escaped properly when systemctl is called.
To fix that, make sure paths are escaped through `shlex.quote`.
Signed-off-by: Damien Riegel <damien.riegel at savoirfairelinux.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 2aef5fa84e2bdb705df49302fe61145ac48a8d95
Author: Otavio Salvador <otavio at ossystems.com.br>
Date: Fri Jun 22 15:29:31 2018 -0300
util-linux: Enable unshare utility
It allows to run program with some namespaces unshared from parent.
Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 45163ac66893284db6f126cbb748ba4ef2686700
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sun Jun 24 19:33:33 2018 -0700
nss: update to 3.37.1
remove Fix-compilation-for-X32.patch as a solution simular is included in update.
notable changes:
The TLS 1.3 implementation was updated to Draft 28.
The CA certificates list was updated to version 2.24.
refresh patches
fix 32 bit build error nss bug: https://bugzilla.mozilla.org/show_bug.cgi?format=default&id=1459739
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit d01a97fb4bea7118d9837a733b1dbfff1e9298ec
Author: Khem Raj <raj.khem at gmail.com>
Date: Sun Jun 24 12:09:06 2018 -0700
findutils: Refresh patches with devtool
We get fuzz warnings when applying these patches and devtool
reports it
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 4cbcb230ad3724b7089907c7bbd1f0e444734749
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sun Jun 24 11:43:48 2018 -0700
dhcp: update 4.4.1
include several CVE fixes.
CVE: CVE-2018-5733
CVE: CVE-2018-5732
LIC_CHKSUM_FILE updated to SPFX format
https://kb.isc.org/article/AA-01571
remove several patches now included in update.
Shared libarary support is now enabled in configure+lt, use it
and revert to autotools-brokensep
Refresh patches
alings support with bind 9.11.x
add libxml2 support to configure.ac+lt
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit d72feae5c79abfc9c08141ae72727c5891f1a0a9
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sun Jun 24 11:41:46 2018 -0700
bind: update to ESV version 9.11.3
LIC_FILES_CHKSUM changed do to updated year
removed:
dont-test-on-host.patch, no longer implemented
drop use-python3-and-fix-install-lib-path.patch, they added the ability to pass in lib dir loctions
drop bind-confgen-build-unix.o-once.patch, fix included in update
Refresh other patches:
add python3 flag for PACKAGECONFIG to pull in python
add new config option --with-eddsa=no (needs openssl support not released)
[v2]
Remove python3 in default PACKACKECONFIG
include https://patchwork.openembedded.org/patch/148257/
Because of the newly added dependency on meta-python, the python(3)
packageconfig is no longer "default-on".
Signed-off-by: Martin Hundebøll <mnhu at prevas.dk>
[v3]
Made formating and spelling changes per Martin
[v4]
Minor typo fixes
cleanup python3 support
[v5]
swtich to 9.11.3 ESV version
fix isc python install
keep *.la for dhcp
update config options
move mdig to same location as dig
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Acked-by: Martin Hundebøll <mnhu at prevas.dk>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 21a4bc39cb5d9b1330015801689e66de14d8ed4c
Author: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Date: Sun Jun 24 03:52:59 2018 +0800
update-rc.d: Add nativesdk
Add nativesdk for update-rc.d.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit c21b5602e284f62c52e30f997c03cc437d7af575
Author: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Date: Sun Jun 24 03:52:58 2018 +0800
createrepo-c: Add nativesdk
Add nativesdk for createrepo-c.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 787e69366d2399c1645a66ffa14e0feeaa3287b9
Author: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Date: Sun Jun 24 03:52:56 2018 +0800
libnewt-python: Add nativesdk
Add nativesdk for libnewt-python.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 4040fe4cab797bd8d3cf21d1fbd4e6e8dc7bfabf
Author: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Date: Sun Jun 24 03:52:55 2018 +0800
libnewt: Add nativesdk
Add nativesdk for libnewt.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 8935d23feb08c77832c9b3095cae00044f207ad9
Author: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Date: Sun Jun 24 03:52:54 2018 +0800
slang: add nativesdk
Add nativesdk for slang.
Signed-off-by: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/systemd.bbclass | 14 +-
...-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch | 13 +-
.../0001-lib-dns-gen.c-fix-too-long-error.patch | 13 +-
.../bind/bind/bind-confgen-build-unix.o-once.patch | 48 -----
...-searching-for-json-headers-searches-sysr.patch | 13 +-
.../bind/bind/dont-test-on-host.patch | 17 --
.../use-python3-and-fix-install-lib-path.patch | 36 ----
.../bind/{bind_9.10.6.bb => bind_9.11.3.bb} | 81 ++++----
meta/recipes-connectivity/dhcp/dhcp.inc | 19 +-
...o-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch | 13 +-
.../dhcp/dhcp/0003-link-with-lcrypto.patch | 13 +-
.../dhcp/dhcp/0004-Fix-out-of-tree-builds.patch | 109 +++++------
.../dhcp/0006-site.h-enable-gentle-shutdown.patch | 13 +-
...re-argument-to-make-the-libxml2-dependenc.patch | 40 +++-
.../dhcp/dhcp/0010-build-shared-libs.patch | 208 ---------------------
...all-to-isc_app_ctxstart-to-not-get-signal.patch | 81 --------
...correct-the-intention-for-xml2-lib-search.patch | 13 +-
.../dhcp/dhcp/CVE-2017-3144.patch | 74 --------
.../dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb} | 12 +-
meta/recipes-core/update-rc.d/update-rc.d_0.7.bb | 2 +-
meta/recipes-core/util-linux/util-linux.inc | 5 +-
.../createrepo-c/createrepo-c_git.bb | 7 +-
...need_charset_alias-when-building-for-musl.patch | 15 +-
...elete-honour-the-ignore_readdir_race-opti.patch | 29 ++-
.../mdadm/files/0001-Disable-gcc8-warnings.patch | 24 ++-
.../newt/libnewt-python_0.52.20.bb | 2 +-
meta/recipes-extended/newt/libnewt_0.52.20.bb | 2 +-
meta/recipes-extended/slang/slang_2.3.2.bb | 2 +-
...tics_1.9.0.bb => xf86-input-synaptics_1.9.1.bb} | 4 +-
...-Build-FStar.c-when-not-building-with-int.patch | 112 +++++++++++
.../nss/nss/Fix-compilation-for-X32.patch | 33 ----
.../nss/nss/disable-Wvarargs-with-clang.patch | 8 +-
.../recipes-support/nss/nss/pqg.c-ULL_addend.patch | 8 +-
.../nss/{nss_3.36.1.bb => nss_3.37.1.bb} | 6 +-
34 files changed, 371 insertions(+), 718 deletions(-)
delete mode 100644 meta/recipes-connectivity/bind/bind/bind-confgen-build-unix.o-once.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
delete mode 100644 meta/recipes-connectivity/bind/bind/use-python3-and-fix-install-lib-path.patch
rename meta/recipes-connectivity/bind/{bind_9.10.6.bb => bind_9.11.3.bb} (70%)
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0010-build-shared-libs.patch
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
delete mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2017-3144.patch
rename meta/recipes-connectivity/dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb} (65%)
rename meta/recipes-graphics/xorg-driver/{xf86-input-synaptics_1.9.0.bb => xf86-input-synaptics_1.9.1.bb} (79%)
create mode 100644 meta/recipes-support/nss/nss/0001-Bug-1432455-Build-FStar.c-when-not-building-with-int.patch
delete mode 100644 meta/recipes-support/nss/nss/Fix-compilation-for-X32.patch
rename meta/recipes-support/nss/{nss_3.36.1.bb => nss_3.37.1.bb} (97%)
hooks/post-receive
--
More information about the yocto-security
mailing list