[yocto-security] [OE-core CVE] branch pyro updated. uninative-1.6-749-g5e4b487
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Thu Mar 15 15:48:10 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, pyro has been updated
via 5e4b4874c4d81b62a32b3836d1c22ecc4c5479c6 (commit)
via 8147911a951c7b0508f9c2aef93480d65b4362c0 (commit)
via f2006493d26de1a6b5ffdbfd553d82d6254884d5 (commit)
via 2b0617e1e416bd6cd1ec75e55e46c4f699785452 (commit)
via f5992ee01fca27d5fdfb9108f436adfcb49f1ae7 (commit)
via 9f6820abfba5a634068cc4df8659640edf0f529a (commit)
via e58b420a0e4ef62bd597ce286c9faea2a51913c4 (commit)
via 4586a66aa3f9992f54839c2920c3d51e95040a1b (commit)
via bb6af5f0dbb39553654ba3a587c8078bb635da6f (commit)
via d8842e86114cae7ca006ef903ac5459c7414010e (commit)
via 8264826911888bd45b1d0cc914675d30a1a78546 (commit)
via 103a41f50961d916d52343c6457639c6734d4e72 (commit)
via d31ee3eb2be020b072278262693ed7bd607ba18a (commit)
from f76ee525a75dd6e443743bf723ad4511707c7f49 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5e4b4874c4d81b62a32b3836d1c22ecc4c5479c6
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Thu Mar 15 03:50:15 2018 -0700
world-broken.inc: blacklist portmap on musl
portmap was dropped in rocko and later and doesn't work with libtirpc
so don't build it for musl
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 8147911a951c7b0508f9c2aef93480d65b4362c0
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Wed Mar 14 09:52:18 2018 -0700
uninative: Add compatiblity version check
If glibc is newer on the host than in uninative, the failure mode is
pretty nasty for clusters where the sstate is shared, including the Yocto
Project autobuilder.
This check aborts the use of uninative in such scenarios where a newer
glibc version appears and avoids corruption of sstate caches.
We use ldd to check the glibc version since that is included in libc-bin
(or equivalent) which locales use so it should always be present.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit f2006493d26de1a6b5ffdbfd553d82d6254884d5
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Fri Mar 9 19:46:00 2018 -0800
yocto-uninative: Upgrade to 1.8 version with glibc 2.27
Now distros are starting to ship glibc 2.27 we need a uninatve version
which contains glibc 2.27 which is in the 1.8 version.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 2b0617e1e416bd6cd1ec75e55e46c4f699785452
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Mon Mar 12 15:23:53 2018 -0700
unfs3: Fix libtirpc usage for unfs3-native version
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit f5992ee01fca27d5fdfb9108f436adfcb49f1ae7
Author: Khem Raj <raj.khem at gmail.com>
Date: Sun Mar 11 21:40:51 2018 -0700
unfs3: Fix build with musl
Should also fix build on new build hosts where
with glibc 2.27 rpc support is dropped in favor
of libtirpc
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 9f6820abfba5a634068cc4df8659640edf0f529a
Author: Khem Raj <raj.khem at gmail.com>
Date: Sun Mar 11 21:40:52 2018 -0700
libtirpc: Extend to native and nativesdk recipes
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit e58b420a0e4ef62bd597ce286c9faea2a51913c4
Author: Ross Burton <ross.burton at intel.com>
Date: Tue Feb 20 00:39:57 2018 +0000
libtirpc: stop dropping in NIS headers
libtirpc prior to 1.0.2 assumed that the system provided nis.h but this isn't
always true. Until now we've been using a tarball of the missing files from
Gentoo, but libtirpc 1.0.2 added a copy of nis.h to the sources so this isn't
required anymore.
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 4586a66aa3f9992f54839c2920c3d51e95040a1b
Author: Maxin B. John <maxin.john at intel.com>
Date: Wed Jul 19 18:01:25 2017 +0300
libtirpc: upgrade to 1.0.2
1.0.1 -> 1.0.2
Remove these Backported and upstreamed patches:
1. 0001-Fix-for-CVE-2017-8779.patch
2. libtirpc-0.2.1-fortify.patch
3. libtirpc-1.0.2-rc3.patc
Signed-off-by: Maxin B. John <maxin.john at intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit bb6af5f0dbb39553654ba3a587c8078bb635da6f
Author: Fan Xin <fan.xin at jp.fujitsu.com>
Date: Wed Jun 7 17:29:03 2017 +0900
libtirpc: Fix CVE-2017-8779
This vulnerability is also called "rpcbomb".
Backport upstream patch to fix this vulnerability.
CVE: CVE-2017-8779
Signed-off-by: Fan Xin<fan.xin at jp.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit d8842e86114cae7ca006ef903ac5459c7414010e
Author: Khem Raj <raj.khem at gmail.com>
Date: Sun May 21 22:00:41 2017 -0700
libtirpc: Fix build error due to missing stdint.h> include
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 8264826911888bd45b1d0cc914675d30a1a78546
Author: Khem Raj <raj.khem at gmail.com>
Date: Tue Apr 18 09:40:13 2017 -0700
libtirpc: Enable des APIs for musl
Use memset() API instead of __bzero()
Drop the patch removing des_* functions for musl
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 103a41f50961d916d52343c6457639c6734d4e72
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Apr 19 09:45:45 2017 -0700
libtirpc: Expose key_secretkey_is_set API
libnsl needs this API
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit d31ee3eb2be020b072278262693ed7bd607ba18a
Author: Khem Raj <raj.khem at gmail.com>
Date: Tue Apr 18 18:58:35 2017 -0700
libtirpc: Backport fixes from 1.0.2rc3
These fixes are needed for it to work with gcc7
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/uninative.bbclass | 7 +
meta/conf/distro/include/world-broken.inc | 9 +-
meta/conf/distro/include/yocto-uninative.inc | 8 +-
.../0001-daemon.c-Libtirpc-porting-fixes.patch | 37 ++++++
meta/recipes-devtools/unfs3/unfs3_0.9.22.r497.bb | 10 +-
...d-missing-rwlock_unlocks-in-xprt_register.patch | 62 ---------
.../0001-include-stdint.h-for-uintptr_t.patch | 32 +++++
.../0001-replace-__bzero-with-memset-API.patch | 30 +++++
.../libtirpc/export_key_secretkey_is_set.patch | 24 ++++
.../libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch | 26 ----
.../libtirpc/remove-des-functionality.patch | 144 ---------------------
.../{libtirpc_1.0.1.bb => libtirpc_1.0.2.bb} | 24 ++--
12 files changed, 156 insertions(+), 257 deletions(-)
create mode 100644 meta/recipes-devtools/unfs3/unfs3/0001-daemon.c-Libtirpc-porting-fixes.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-Add-missing-rwlock_unlocks-in-xprt_register.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-include-stdint.h-for-uintptr_t.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/0001-replace-__bzero-with-memset-API.patch
create mode 100644 meta/recipes-extended/libtirpc/libtirpc/export_key_secretkey_is_set.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/libtirpc-0.2.1-fortify.patch
delete mode 100644 meta/recipes-extended/libtirpc/libtirpc/remove-des-functionality.patch
rename meta/recipes-extended/libtirpc/{libtirpc_1.0.1.bb => libtirpc_1.0.2.bb} (53%)
hooks/post-receive
--
More information about the yocto-security
mailing list