[yocto-security] [OE-core CVE] branch morty updated. 2016-10-526-gceeda7a
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Thu Mar 15 15:48:10 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, morty has been updated
via ceeda7a60c613a93f7bd3c8234010d34e3e98b3b (commit)
via 676d4d91064d4e4f7abb2bd3597a0ddd5b7e2390 (commit)
via 922dae3a2adde21717ebcd1b5fe8e75f69b391df (commit)
via 955c4855130ee01e20a9e7f5a76ffee75d77ebe3 (commit)
via 62552a76b65b7ab5fa71b188537ae0582c3cbaea (commit)
via b7b22cb443f1fb9683643c60e983802bd6c8e40d (commit)
via cc20757169f833c322fbdee592788e37ed2d549f (commit)
via fa997ff110c490337c79658bdb4baf67edc65521 (commit)
via 19faff705a0458570bc640adbbdc07348a831b0c (commit)
via fad973276c774149d79cb4cb824301d05c0a0778 (commit)
via f77f93f9458e2279ec2322578b1366fa1a632485 (commit)
via 36f9db435506922976b68ad0912d26674d574653 (commit)
via 387cd21a6792b3243c4fde84231d6e164e660f98 (commit)
from 67e99321233e6a2897a0de33f0b98cd89bc9d3dc (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit ceeda7a60c613a93f7bd3c8234010d34e3e98b3b
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Thu Mar 15 03:50:15 2018 -0700
world-broken.inc: blacklist portmap on musl
portmap was dropped in rocko and later and doesn't work with libtirpc
so don't build it for musl
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 676d4d91064d4e4f7abb2bd3597a0ddd5b7e2390
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Wed Mar 14 09:52:18 2018 -0700
uninative: Add compatiblity version check
If glibc is newer on the host than in uninative, the failure mode is
pretty nasty for clusters where the sstate is shared, including the Yocto
Project autobuilder.
This check aborts the use of uninative in such scenarios where a newer
glibc version appears and avoids corruption of sstate caches.
We use ldd to check the glibc version since that is included in libc-bin
(or equivalent) which locales use so it should always be present.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 922dae3a2adde21717ebcd1b5fe8e75f69b391df
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Fri Mar 9 19:46:00 2018 -0800
yocto-uninative: Upgrade to 1.8 version with glibc 2.27
Now distros are starting to ship glibc 2.27 we need a uninatve version
which contains glibc 2.27 which is in the 1.8 version.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 955c4855130ee01e20a9e7f5a76ffee75d77ebe3
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Mon Mar 12 15:23:53 2018 -0700
unfs3: Fix libtirpc usage for unfs3-native version
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 62552a76b65b7ab5fa71b188537ae0582c3cbaea
Author: Khem Raj <raj.khem at gmail.com>
Date: Sun Mar 11 21:40:51 2018 -0700
unfs3: Fix build with musl
Should also fix build on new build hosts where
with glibc 2.27 rpc support is dropped in favor
of libtirpc
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit b7b22cb443f1fb9683643c60e983802bd6c8e40d
Author: Khem Raj <raj.khem at gmail.com>
Date: Sun Mar 11 21:40:52 2018 -0700
libtirpc: Extend to native and nativesdk recipes
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit cc20757169f833c322fbdee592788e37ed2d549f
Author: Ross Burton <ross.burton at intel.com>
Date: Tue Feb 20 00:39:57 2018 +0000
libtirpc: stop dropping in NIS headers
libtirpc prior to 1.0.2 assumed that the system provided nis.h but this isn't
always true. Until now we've been using a tarball of the missing files from
Gentoo, but libtirpc 1.0.2 added a copy of nis.h to the sources so this isn't
required anymore.
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit fa997ff110c490337c79658bdb4baf67edc65521
Author: Maxin B. John <maxin.john at intel.com>
Date: Wed Jul 19 18:01:25 2017 +0300
libtirpc: upgrade to 1.0.2
1.0.1 -> 1.0.2
Remove these Backported and upstreamed patches:
1. 0001-Fix-for-CVE-2017-8779.patch
2. libtirpc-0.2.1-fortify.patch
3. libtirpc-1.0.2-rc3.patc
Signed-off-by: Maxin B. John <maxin.john at intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 19faff705a0458570bc640adbbdc07348a831b0c
Author: Fan Xin <fan.xin at jp.fujitsu.com>
Date: Wed Jun 7 17:29:03 2017 +0900
libtirpc: Fix CVE-2017-8779
This vulnerability is also called "rpcbomb".
Backport upstream patch to fix this vulnerability.
CVE: CVE-2017-8779
Signed-off-by: Fan Xin<fan.xin at jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit fad973276c774149d79cb4cb824301d05c0a0778
Author: Khem Raj <raj.khem at gmail.com>
Date: Sun May 21 22:00:41 2017 -0700
libtirpc: Fix build error due to missing stdint.h> include
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit f77f93f9458e2279ec2322578b1366fa1a632485
Author: Khem Raj <raj.khem at gmail.com>
Date: Tue Apr 18 09:40:13 2017 -0700
libtirpc: Enable des APIs for musl
Use memset() API instead of __bzero()
Drop the patch removing des_* functions for musl
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 36f9db435506922976b68ad0912d26674d574653
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Apr 19 09:45:45 2017 -0700
libtirpc: Expose key_secretkey_is_set API
libnsl needs this API
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 387cd21a6792b3243c4fde84231d6e164e660f98
Author: Khem Raj <raj.khem at gmail.com>
Date: Tue Apr 18 18:58:35 2017 -0700
libtirpc: Backport fixes from 1.0.2rc3
These fixes are needed for it to work with gcc7
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/uninative.bbclass | 7 +
meta/conf/distro/include/world-broken.inc | 9 +-
meta/conf/distro/include/yocto-uninative.inc | 8 +-
.../0001-daemon.c-Libtirpc-porting-fixes.patch | 37 ++++++
meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb | 10 +-
...d-missing-rwlock_unlocks-in-xprt_register.patch | 62 ---------
.../0001-include-stdint.h-for-uintptr_t.patch | 32 +++++
.../0001-replace-__bzero-with-memset-API.patch | 30 +++++
.../libtirpc/export_key_secretkey_is_set.patch | 24 ++++
.../libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch | 26 ----
.../libtirpc/remove-des-functionality.patch | 144 ---------------------
.../{libtirpc_1.0.1.bb => libtirpc_1.0.2.bb} | 24 ++--
12 files changed, 156 insertions(+), 257 deletions(-)
create mode 100644 meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-Add-missing-rwlock_unlocks-in-xprt_register.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch
rename meta/recipes-extended/libtirpc/{libtirpc_1.0.1.bb => libtirpc_1.0.2.bb} (53%)
hooks/post-receive
--
More information about the yocto-security
mailing list