[yocto-security] [OE-core CVE] branch morty-next updated. 2016-10-538-gaed28cf
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Fri Mar 16 13:12:56 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, morty-next has been updated
discards ccdcf1cc430c44741b5d67a4521b9e38d5b8aca1 (commit)
discards 62c8fabacd373fdec34a918be46152f72d0c483b (commit)
discards 312568a49879a2a46ebac9d2f9b53ff62dca7ac1 (commit)
discards ee046d0c8ddfb26b211363950a50b13c5ad49629 (commit)
discards 2567af8f80d0530096a2f405a595f34fe2507eaa (commit)
discards 9d915638da65ddf5afbc19a837d3f8a57a9807ac (commit)
discards c8f5c67a6caf5a88bc85a745569bc21cbe51eb3b (commit)
discards 8611013b03ad7738a3a56bf67cab07975c5e7808 (commit)
discards c1dd2d8361cec75a41bbdc67278f0f5b4b91d498 (commit)
discards 15e86bb4a4156b0ab211023783ad3190c1104599 (commit)
discards 4357ed26d8e58c661b47319f78826eacbce3b824 (commit)
discards cd25099c22e915d61bf991e1a637b836a494672d (commit)
discards 76b08ab5710ddbb58c5e0af5e1e8c4e6b0c6692a (commit)
via aed28cf2df03fcc80f84eafe40ea398a39793b8d (commit)
via 1ffbaf4beb616ffd283abac4872ddbfeaa632675 (commit)
via e05a0a41d2e70c74695bfe83b4e2d5a16b8cd680 (commit)
via 323d4336e3810284f7ec5adf92ad457e7dae480f (commit)
via 780cf5a837e95c600158c6ea0fd9e5b5840eefa8 (commit)
via dc5f0b0cfa75819aefa3fa7610e7ea2e5d8a313c (commit)
via afac184a650e375aca53f579442fb0a610f329c3 (commit)
via fb0b40a90f96bd32fe627700e7f1925b0e3936c5 (commit)
via af24c7192195335262c4dbc8c48ccde6f31a4afa (commit)
via 5889e878c4b3ef9a9a119b9bc310d0ba3d4af55f (commit)
via fb11548417e55d3581e2fda45d54631a09561543 (commit)
via f782786bcd79064ab718901908f2486c6e31d35c (commit)
via ceeda7a60c613a93f7bd3c8234010d34e3e98b3b (commit)
via 676d4d91064d4e4f7abb2bd3597a0ddd5b7e2390 (commit)
via 922dae3a2adde21717ebcd1b5fe8e75f69b391df (commit)
via 955c4855130ee01e20a9e7f5a76ffee75d77ebe3 (commit)
via 62552a76b65b7ab5fa71b188537ae0582c3cbaea (commit)
via b7b22cb443f1fb9683643c60e983802bd6c8e40d (commit)
via cc20757169f833c322fbdee592788e37ed2d549f (commit)
via fa997ff110c490337c79658bdb4baf67edc65521 (commit)
via 19faff705a0458570bc640adbbdc07348a831b0c (commit)
via fad973276c774149d79cb4cb824301d05c0a0778 (commit)
via f77f93f9458e2279ec2322578b1366fa1a632485 (commit)
via 36f9db435506922976b68ad0912d26674d574653 (commit)
via 387cd21a6792b3243c4fde84231d6e164e660f98 (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (ccdcf1cc430c44741b5d67a4521b9e38d5b8aca1)
\
N -- N -- N (aed28cf2df03fcc80f84eafe40ea398a39793b8d)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit aed28cf2df03fcc80f84eafe40ea398a39793b8d
Author: Ross Burton <ross.burton at intel.com>
Date: Fri Mar 16 11:28:32 2018 +0000
sdk: streamline locale removal
For some reason dnf is aborting with the fairly useless "failed to read RPMDB"
error during SDK creation. Luckily as we're just deleting locale packages we
can pass False to remove() to use RPM directly, which doesn't crash.
Signed-off-by: Ross Burton <ross.burton at intel.com>
commit 1ffbaf4beb616ffd283abac4872ddbfeaa632675
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Mar 1 18:26:28 2018 +0000
cross-localedef-native: add way to specify which locale archive to write
localedef has no way to specify which locale archive to use, and the
compile-time default isn't useful as it points to the work directory.
Add support to read an environmental variable for the path, and don't fail to
write a new locale archive.
(From OE-Core rev: bf0f205a3c3714926649bd69db29e4df1c0ea112)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit e05a0a41d2e70c74695bfe83b4e2d5a16b8cd680
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Mar 1 18:26:30 2018 +0000
package-manager: add install_glob()
(From OE-Core rev: 8d1b530c82de386d4183f5673c060b9d416a3835)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 323d4336e3810284f7ec5adf92ad457e7dae480f
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Mar 1 18:26:29 2018 +0000
package_manager: improve install_complementary
- No need to use bb.utils.which() as subprocess will search $PATH
- Clarity flow by moving the install inside the try/except
(From OE-Core rev: f4d22b7195dd8f08fe26dd353c7e860208e87d6a)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 780cf5a837e95c600158c6ea0fd9e5b5840eefa8
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Mar 1 18:26:33 2018 +0000
sdk: generate locale archive and remove packages
(From OE-Core rev: c6f1010a47df33b40320aa5784181b659a3254d7)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit dc5f0b0cfa75819aefa3fa7610e7ea2e5d8a313c
Author: Ross Burton <ross.burton at intel.com>
Date: Fri Mar 2 20:52:54 2018 +0000
populate_sdk_base: depend on nativesdk-glibc-locale
If we're building a SDK and we're using glibc so may be installing locales,
add a build-dependency on natiesdk-glibc-locale so the locales we need will
exist.
(From OE-Core rev: 8d6869a0a89d8cf3c6e57723fab2750ba2c885db)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit afac184a650e375aca53f579442fb0a610f329c3
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Mar 1 18:26:32 2018 +0000
populate_sdk: install UTF-8 locales in SDKs
As glibc 2.27 can't read older locale-archives, SDKs using glibc 2.27 on hosts
using glibc earlier than 2.27 won't be able to find any locales, so bitbake
won't start and Python can't use UTF-8.
So by default install all locales into the SDK. Special-case Extensible SDKs by
installing no locales as they ship glibc in a buildtools, and that will have the
locales.
Locale installation requires cross-localedef, so add that to DEPENDS.
Also remove the explicit en_US addition in buildtools-tarball as it is now
redundant.
(From OE-Core rev: 96896568d197cd06302713c24c0f7d91bfaea6c1)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit fb0b40a90f96bd32fe627700e7f1925b0e3936c5
Author: Ross Burton <ross.burton at intel.com>
Date: Fri Mar 2 20:53:10 2018 +0000
sdk: only install locales if we're using glibc
Using glibc-locale to install locales only makes sense if we're using glibc.
(From OE-Core rev: 8fc80734053645fa893694dfe33ddaee99aa9a1a)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit af24c7192195335262c4dbc8c48ccde6f31a4afa
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Mar 1 18:26:31 2018 +0000
sdk: install specified locales into SDK
(From OE-Core rev: 9b1c3dbe79f67d3b46e0f90a73bce6c61f094a50)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 5889e878c4b3ef9a9a119b9bc310d0ba3d4af55f
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Mar 1 18:26:27 2018 +0000
glibc: relocate locale paths in nativesdk
nativesdk is built with a specific prefix but this will be different at install
time, however glibc hard-codes the path to locale files. Expand these strings to 4K and move them to a magic segment which we can relocate when the SDK is installed.
(From OE-Core rev: 59e0679378aac27c4fea0b06721e0a184a93c100)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit fb11548417e55d3581e2fda45d54631a09561543
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Mar 1 18:26:26 2018 +0000
glibc: don't use host locales in nativesdk
(From OE-Core rev: d7ded85766852689a0d774c896a11d0609004ab2)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit f782786bcd79064ab718901908f2486c6e31d35c
Author: Ross Burton <ross.burton at intel.com>
Date: Thu Mar 1 18:26:25 2018 +0000
default-distrovars: don't rename locales for nativesdk
(From OE-Core rev: 909da982c74b2ed931a65dda248557cb18f773e0)
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/populate_sdk_base.bbclass | 6 +-
meta/classes/populate_sdk_ext.bbclass | 3 +-
meta/conf/distro/include/default-distrovars.inc | 1 +
meta/lib/oe/package_manager.py | 27 +++++++-
meta/lib/oe/sdk.py | 72 ++++++++++++++++++++++
.../glibc/cross-localedef-native_2.24.bb | 1 +
meta/recipes-core/glibc/glibc/archive-path.patch | 39 ++++++++++++
.../glibc/glibc/relocate-locales.patch | 55 +++++++++++++++++
meta/recipes-core/glibc/glibc_2.24.bb | 7 +--
meta/recipes-core/meta/buildtools-tarball.bb | 1 -
10 files changed, 201 insertions(+), 11 deletions(-)
create mode 100644 meta/recipes-core/glibc/glibc/archive-path.patch
create mode 100644 meta/recipes-core/glibc/glibc/relocate-locales.patch
hooks/post-receive
--
More information about the yocto-security
mailing list