[yocto-security] [OE-core CVE] branch pyro-next updated. uninative-1.6-749-gfe793ed
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Thu Mar 15 03:53:14 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, pyro-next has been updated
discards 12be7d4e79ad885a45a1748f3dd3e9433c732ded (commit)
discards e2609b2edbaef76f906397d40f08f1a86699273e (commit)
discards 13076298bdbe9ead9207d80e072a116297e6b004 (commit)
discards 2cc3176f88ebfe4b040364e2ed9d373a9464e51f (commit)
via fe793eddfe0abf2af88746fce39ac068d91a03c9 (commit)
via 784afd6b06960b5fd691658ff5cbd665dd2fd3a1 (commit)
via d2d84b8f1beb15d4d7ae47b93822bf9f8accaa91 (commit)
via 1a30a9c5f1b0e9b54b1aaa6d33476f003ede6310 (commit)
via 177a8d7af49a2f7b9ed489284c2ef70e3b1f691d (commit)
via 429e364f4c15db1dd9c95df61971e13317c85c81 (commit)
via 10022dd011b5ca57b31a46aab26c5ba18ddb294c (commit)
via 832c8007a28a3f292d730c15662bac6391a9a182 (commit)
via 2c4e0a0374eb3d862bf4e8ba9ffb6f39006394ea (commit)
via 307d4deebf2511904e23f329c674a80e6ab5de4a (commit)
via 4eddc982c37e2e1ecb698182c0a48af5aa38b8c9 (commit)
via 4bbe8575ee90802cec2623c2ad702a9dd505875f (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (12be7d4e79ad885a45a1748f3dd3e9433c732ded)
\
N -- N -- N (fe793eddfe0abf2af88746fce39ac068d91a03c9)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fe793eddfe0abf2af88746fce39ac068d91a03c9
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Thu Mar 15 03:50:15 2018 -0700
world-broken.inc: blacklist portmap on musl
portmap was dropped in rocko and later and doesn't work with libtirpc
so don't build it for musl
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 784afd6b06960b5fd691658ff5cbd665dd2fd3a1
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Wed Mar 14 09:52:18 2018 -0700
uninative: Add compatiblity version check
If glibc is newer on the host than in uninative, the failure mode is
pretty nasty for clusters where the sstate is shared, including the Yocto
Project autobuilder.
This check aborts the use of uninative in such scenarios where a newer
glibc version appears and avoids corruption of sstate caches.
We use ldd to check the glibc version since that is included in libc-bin
(or equivalent) which locales use so it should always be present.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit d2d84b8f1beb15d4d7ae47b93822bf9f8accaa91
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Fri Mar 9 19:46:00 2018 -0800
yocto-uninative: Upgrade to 1.8 version with glibc 2.27
Now distros are starting to ship glibc 2.27 we need a uninatve version
which contains glibc 2.27 which is in the 1.8 version.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 1a30a9c5f1b0e9b54b1aaa6d33476f003ede6310
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Mon Mar 12 15:23:53 2018 -0700
unfs3: Fix libtirpc usage for unfs3-native version
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 177a8d7af49a2f7b9ed489284c2ef70e3b1f691d
Author: Khem Raj <raj.khem at gmail.com>
Date: Sun Mar 11 21:40:52 2018 -0700
libtirpc: Extend to native and nativesdk recipes
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 429e364f4c15db1dd9c95df61971e13317c85c81
Author: Ross Burton <ross.burton at intel.com>
Date: Tue Feb 20 00:39:57 2018 +0000
libtirpc: stop dropping in NIS headers
libtirpc prior to 1.0.2 assumed that the system provided nis.h but this isn't
always true. Until now we've been using a tarball of the missing files from
Gentoo, but libtirpc 1.0.2 added a copy of nis.h to the sources so this isn't
required anymore.
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 10022dd011b5ca57b31a46aab26c5ba18ddb294c
Author: Maxin B. John <maxin.john at intel.com>
Date: Wed Jul 19 18:01:25 2017 +0300
libtirpc: upgrade to 1.0.2
1.0.1 -> 1.0.2
Remove these Backported and upstreamed patches:
1. 0001-Fix-for-CVE-2017-8779.patch
2. libtirpc-0.2.1-fortify.patch
3. libtirpc-1.0.2-rc3.patc
Signed-off-by: Maxin B. John <maxin.john at intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 832c8007a28a3f292d730c15662bac6391a9a182
Author: Fan Xin <fan.xin at jp.fujitsu.com>
Date: Wed Jun 7 17:29:03 2017 +0900
libtirpc: Fix CVE-2017-8779
This vulnerability is also called "rpcbomb".
Backport upstream patch to fix this vulnerability.
CVE: CVE-2017-8779
Signed-off-by: Fan Xin<fan.xin at jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 2c4e0a0374eb3d862bf4e8ba9ffb6f39006394ea
Author: Khem Raj <raj.khem at gmail.com>
Date: Sun May 21 22:00:41 2017 -0700
libtirpc: Fix build error due to missing stdint.h> include
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 307d4deebf2511904e23f329c674a80e6ab5de4a
Author: Khem Raj <raj.khem at gmail.com>
Date: Tue Apr 18 09:40:13 2017 -0700
libtirpc: Enable des APIs for musl
Use memset() API instead of __bzero()
Drop the patch removing des_* functions for musl
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 4eddc982c37e2e1ecb698182c0a48af5aa38b8c9
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Apr 19 09:45:45 2017 -0700
libtirpc: Expose key_secretkey_is_set API
libnsl needs this API
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 4bbe8575ee90802cec2623c2ad702a9dd505875f
Author: Khem Raj <raj.khem at gmail.com>
Date: Tue Apr 18 18:58:35 2017 -0700
libtirpc: Backport fixes from 1.0.2rc3
These fixes are needed for it to work with gcc7
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
-----------------------------------------------------------------------
Summary of changes:
meta/conf/distro/include/world-broken.inc | 4 +
...d-missing-rwlock_unlocks-in-xprt_register.patch | 62 ---------
.../0001-include-stdint.h-for-uintptr_t.patch | 32 +++++
.../0001-replace-__bzero-with-memset-API.patch | 30 +++++
.../libtirpc/export_key_secretkey_is_set.patch | 24 ++++
.../libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch | 26 ----
.../libtirpc/remove-des-functionality.patch | 144 ---------------------
.../{libtirpc_1.0.1.bb => libtirpc_1.0.2.bb} | 22 ++--
8 files changed, 98 insertions(+), 246 deletions(-)
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-Add-missing-rwlock_unlocks-in-xprt_register.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch
rename meta/recipes-extended/libtirpc/{libtirpc_1.0.1.bb => libtirpc_1.0.2.bb} (54%)
hooks/post-receive
--
More information about the yocto-security
mailing list