[yocto-security] [OE-core CVE] branch master-next updated. 56fe12af343190f9a79f273f32a026e32b5477df
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Wed Oct 17 09:20:13 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master-next has been updated
via 56fe12af343190f9a79f273f32a026e32b5477df (commit)
via 632a6d1221c063c31e03452a45a1065f0da86979 (commit)
via 104a87a02e1ac810f44bb69be5befc14ee907a81 (commit)
via 3e6226f85cf9076e758cbba934aa411e84c6a510 (commit)
via e499d11f4e4127d6d9db2cf341ae3fb03ea94660 (commit)
via 107eefed37e4af39ec1565c57d03c7f9adea69af (commit)
via df9f15caaaa9280aa7c495cf50d2cd7e242cd8b1 (commit)
via 02fd0518c00e6316e90bef077f55156ebb75eb8d (commit)
via d6bd1edc2be73ce14005a0aa5db68961a1615da4 (commit)
via b461c4047924d3a3e253f7024f024b9a2b27fa76 (commit)
via bc14dcccfd7d048fbd826e571949a521d45fd86c (commit)
via 256de4995c6bf42b82b07f275aa0f9adf43a1db0 (commit)
via 1d7ae7438aecb21f694a9e5a6c38f7833130882f (commit)
from 7023d0f1171725118de3882c78bf64998f4bc697 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 56fe12af343190f9a79f273f32a026e32b5477df
Author: Mingli Yu <mingli.yu at windriver.com>
Date: Wed Oct 17 01:15:36 2018 -0700
udisks2: Upgrade to 2.7.8
This is a bugfix release for UDisks 2.7. Included fixes:
- Fix string format vulnerability
- Fix CVE-2018-17336
Signed-off-by: Mingli Yu <mingli.yu at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 632a6d1221c063c31e03452a45a1065f0da86979
Author: Tim Orling <timothy.t.orling at linux.intel.com>
Date: Tue Oct 16 23:11:41 2018 -0700
libnet-dns-perl: upgrade 1.17 -> 1.18; enable ptest
* Add UPSTREAM_CHECK_REGEX to ignore DEV releases
* Add RDEPENDS that were missing
* Enable ptest and add RDEPENDS for tests
* Add RRECOMMENDS for libnet-dns-sec-perl
* Upstream release notes:
"""
**** 1.18 Sep 21, 2018
Documentation revised to remove ambigous use of "answer" which
has been used to refer to both the answer section of a packet
and the entire reply packet received from a nameserver.
Fix rt.cpan.org #127018
Net::DNS::ZoneFile->parse() fails if include directory specified.
Fix rt.cpan.org #127012
DNS resolution broken when options ndots used in /etc/resolv.conf
"""
Signed-off-by: Tim Orling <timothy.t.orling at linux.intel.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 104a87a02e1ac810f44bb69be5befc14ee907a81
Author: Tim Orling <timothy.t.orling at linux.intel.com>
Date: Tue Oct 16 23:11:40 2018 -0700
libnet-dns-sec-perl: add recipe for 1.10
Net::DNS::SEC is installed as an extension to an existing Net::DNS
installation providing packages to support DNSSEC as specified in
RFC4033, RFC4034, RFC4035 and related documents.
It also provides support for SIG0 which is useful for dynamic updates.
Implements cryptographic signature generation and verification functions
using RSA, DSA, ECDSA, and Edwards curve algorithms.
The extended features are made available by replacing Net::DNS by
Net::DNS::SEC in the use declaration.
Signed-off-by: Tim Orling <timothy.t.orling at linux.intel.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 3e6226f85cf9076e758cbba934aa411e84c6a510
Author: Qi.Chen at windriver.com <Qi.Chen at windriver.com>
Date: Wed Oct 17 13:21:25 2018 +0800
strongswan: upgrade to 5.7.1
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit e499d11f4e4127d6d9db2cf341ae3fb03ea94660
Author: Changqing Li <changqing.li at windriver.com>
Date: Wed Oct 17 11:15:19 2018 +0800
gnulib: Security fix for CVE-2018-17942
Signed-off-by: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 107eefed37e4af39ec1565c57d03c7f9adea69af
Author: Qi.Chen at windriver.com <Qi.Chen at windriver.com>
Date: Wed Oct 17 10:32:11 2018 +0800
python-requests: fix CVE-2018-18074
Backport two patches to fix the following CVE.
CVE: CVE-2018-18074
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit df9f15caaaa9280aa7c495cf50d2cd7e242cd8b1
Author: Hong Liu <hongl.fnst at cn.fujitsu.com>
Date: Wed Oct 17 08:42:33 2018 +0800
ipc-run: 0.99->20180523.0
1.Upgrade ipc-run from 0.99 to 20180523.0
Signed-off-by: Hong Liu <hongl.fnst at cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 02fd0518c00e6316e90bef077f55156ebb75eb8d
Author: Hong Liu <hongl.fnst at cn.fujitsu.com>
Date: Wed Oct 17 08:42:32 2018 +0800
hwdata:0.315->0.316
1.Upgrade hwdata from 0.315 to 0.316
Signed-off-by: Hong Liu <hongl.fnst at cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit d6bd1edc2be73ce14005a0aa5db68961a1615da4
Author: Hong Liu <hongl.fnst at cn.fujitsu.com>
Date: Wed Oct 17 08:42:31 2018 +0800
dracut: 048->049
Upgrade dracut from 048 to 049.
Signed-off-by: Hong Liu <hongl.fnst at cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit b461c4047924d3a3e253f7024f024b9a2b27fa76
Author: Ankit Navik <ankit.tarot at gmail.com>
Date: Mon Oct 15 19:03:52 2018 +0530
opencl-icd-loader: Initial recipe for OpenCL ICD loader
This patch provides ICD loader library, ICD loader test binary
and some helper library for test.
Signed-off-by: Ankit Navik <ankit.tarot at gmail.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit bc14dcccfd7d048fbd826e571949a521d45fd86c
Author: Sinan Kaya <okaya at kernel.org>
Date: Tue Oct 16 22:18:45 2018 +0000
sharutils: CVE-2018-1000097
*CVE
Sharutils (unshar command) version 4.15.2 contains a Buffer Overflow
vulnerability in Affected component on the file unshar.c at line 75,
function looks_like_c_code. Failure to perform checking of the buffer
containing input line. that can result in Could lead to code execution.
This attack appear to be exploitable via Victim have to run unshar command
on a specially crafted file..
Affects = 4.15.2
CVE: CVE-2018-1000097
Ref: https://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000097.html?_ga=2.104716162.363845622.1539703460-954328166.1533363715
Signed-off-by: Sinan Kaya <okaya at kernel.org>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 256de4995c6bf42b82b07f275aa0f9adf43a1db0
Author: Ankit Navik <ankit.tarot at gmail.com>
Date: Tue Oct 16 23:19:02 2018 +0530
opencl-headers: Initial recipe for OpenCL headers
Add generic recipe for OpenCL API headers.
Suggested-by: Burton, Ross <ross.burton at intel.com>
Signed-off-by: Ankit Navik <ankit.tarot at gmail.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 1d7ae7438aecb21f694a9e5a6c38f7833130882f
Author: Bartosz Golaszewski <bgolaszewski at baylibre.com>
Date: Tue Oct 16 16:25:19 2018 +0200
catch2: new package
Add a recipe for the catch2 testing framework. There's a bug upstream
which makes it impossible to build with gcc7 so include a patch.
Signed-off-by: Bartosz Golaszewski <bgolaszewski at baylibre.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
.../recipes-devtools/dracut/dracut_git.bb | 4 +-
.../{strongswan_5.6.3.bb => strongswan_5.7.1.bb} | 4 +-
.../opencl-headers/opencl-headers_git.bb | 17 +++
.../opencl-icd-loader/opencl-icd-loader_git.bb | 45 ++++++++
.../{ipc-run_0.99.bb => ipc-run_20180523.0.bb} | 2 +-
.../gnulib/gnulib/CVE-2018-17942.patch | 88 +++++++++++++++
.../recipes-support/gnulib/gnulib_2017-08-20.18.bb | 3 +
meta-oe/recipes-support/hwdata/hwdata_git.bb | 4 +-
.../sharutils/sharutils/CVE-2018-1000097.patch | 61 +++++++++++
.../recipes-support/sharutils/sharutils_4.15.2.bb | 1 +
.../udisks/{udisks2_2.7.7.bb => udisks2_2.7.8.bb} | 4 +-
.../0001-Fix-convert-from-char-on-ARM-build.patch | 46 ++++++++
meta-oe/recipes-test/catch2/catch2_2.4.1.bb | 24 +++++
.../recipes-perl/libnet/libnet-dns-perl_1.17.bb | 27 -----
.../recipes-perl/libnet/libnet-dns-perl_1.18.bb | 66 ++++++++++++
.../libnet/libnet-dns-sec-perl_1.10.bb | 33 ++++++
.../recipes-devtools/python/python-requests.inc | 6 ++
...rization-header-whenever-root-URL-changes.patch | 62 +++++++++++
...uthorization-stripping-logic-as-discussed.patch | 118 +++++++++++++++++++++
19 files changed, 579 insertions(+), 36 deletions(-)
rename meta-networking/recipes-support/strongswan/{strongswan_5.6.3.bb => strongswan_5.7.1.bb} (97%)
create mode 100644 meta-oe/recipes-core/opencl-headers/opencl-headers_git.bb
create mode 100644 meta-oe/recipes-core/opencl-icd-loader/opencl-icd-loader_git.bb
rename meta-oe/recipes-devtools/perl/{ipc-run_0.99.bb => ipc-run_20180523.0.bb} (93%)
create mode 100644 meta-oe/recipes-support/gnulib/gnulib/CVE-2018-17942.patch
create mode 100644 meta-oe/recipes-support/sharutils/sharutils/CVE-2018-1000097.patch
rename meta-oe/recipes-support/udisks/{udisks2_2.7.7.bb => udisks2_2.7.8.bb} (89%)
create mode 100644 meta-oe/recipes-test/catch2/catch2/0001-Fix-convert-from-char-on-ARM-build.patch
create mode 100644 meta-oe/recipes-test/catch2/catch2_2.4.1.bb
delete mode 100644 meta-perl/recipes-perl/libnet/libnet-dns-perl_1.17.bb
create mode 100644 meta-perl/recipes-perl/libnet/libnet-dns-perl_1.18.bb
create mode 100644 meta-perl/recipes-perl/libnet/libnet-dns-sec-perl_1.10.bb
create mode 100644 meta-python/recipes-devtools/python/python-requests/0001-Strip-Authorization-header-whenever-root-URL-changes.patch
create mode 100644 meta-python/recipes-devtools/python/python-requests/0002-Rework-authorization-stripping-logic-as-discussed.patch
hooks/post-receive
--
More information about the yocto-security
mailing list