[yocto-security] [OE-core CVE] branch sumo-next updated. 2bb21ef27c4b0c9d52d30b3b2c5a0160fd02b966
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Fri Sep 28 08:11:50 PDT 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, sumo-next has been updated
via 2bb21ef27c4b0c9d52d30b3b2c5a0160fd02b966 (commit)
via b2de0889c8ce981b59ddd8a5072e3fb337db8697 (commit)
via d50be66491d78f2cb581525f500cc9ed8191e6ad (commit)
via 58a7d9e959905ecf0378401452e4b4e4786ba0e8 (commit)
via bf02ea81dc48bfe743ad242650c0b62e08bdfa2b (commit)
via ca2870ff8e96c3e82ed2c0cc5607b35fbf8c4b4c (commit)
from 35c6359155d6082d279ba86b94125d684d435dad (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2bb21ef27c4b0c9d52d30b3b2c5a0160fd02b966
Author: Khem Raj <raj.khem at gmail.com>
Date: Fri May 11 00:01:42 2018 -0700
poppler: Update to 0.64
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit b2de0889c8ce981b59ddd8a5072e3fb337db8697
Author: Takuro Ashie <ashie at clear-code.com>
Date: Thu Aug 16 14:12:57 2018 +0900
uim: Fix SRC_URI
The place of uim archives has been moved to
https://github.com/uim/uim/releases
Signed-off-by: Takuro Ashie <ashie at clear-code.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit d50be66491d78f2cb581525f500cc9ed8191e6ad
Author: Khem Raj <raj.khem at gmail.com>
Date: Fri Aug 24 13:54:43 2018 -0700
gedit: Add dep on python-six-native
Fixes errors e.g.
recipe-sysroot-native/usr/share/gtk-doc/python/gtkdoc/common.py", line 31, in <module>
import six
ImportError: No module named 'six'
make[3]: *** [install-data-local] Error 1
Signed-off-by: Khem Raj <raj.khem at gmail.com>
Cc: Andreas Müller <schnitzeltony at googlemail.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 58a7d9e959905ecf0378401452e4b4e4786ba0e8
Author: Nicolas Dechesne <nicolas.dechesne at linaro.org>
Date: Wed Sep 26 14:18:04 2018 +0200
meta-multimedia: fixup LAYERDEPENDS
libebml depends on dos2unix classe since 26dafa0f3542 (libebml: inherit
dos2unix), so LAYERDEPENDS needs to be updated accordingly, otherwise we are
getting a ParseError:
ERROR: ParseError at
/srv/work/oe/meta-openembedded/meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb:13:
Could not inherit file classes/dos2unix.bbclass
It was initially found with yocto-check-layer script.
In OE/master branch, the dos2unix class was moved to oe-core, so the problem
does not exist in master, and this patch is less invasive than cherry pick the
change from master (move dos2unix from meta-oe to oe-core).
Signed-off-by: Nicolas Dechesne <nicolas.dechesne at linaro.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit bf02ea81dc48bfe743ad242650c0b62e08bdfa2b
Author: Paul Eggleton <paul.eggleton at linux.intel.com>
Date: Wed Sep 26 17:35:46 2018 +1200
protobuf: make python-protobuf dependency optional and default to off
A dependency on python-protobuf was added in commit
5f6fcfd36272768a3ff9078c07c572cf5dc01ccd for the sole purpose of
providing a ptest, however python-protobuf is in meta-python and thus
this means that meta-oe would depend on meta-python by default (assuming
your distro enables ptest by default), and we don't want that - meta-oe
isn't supposed to depend upon any layer other than openembedded-core.
Luckily we can still have a ptest even without the python support, so
add a PACKAGECONFIG and leave it disabled by default.
Note: the PACKAGECONFIG here is not particularly useful since it's only
about what goes into the -ptest package and thus also the dependency. I
contemplated just using LANG_SUPPORT instead, but PACKAGECONFIG does
have the advantage that it's introspectable and fairly well understood
so in the end I went with it.
Signed-off-by: Paul Eggleton <paul.eggleton at linux.intel.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit ca2870ff8e96c3e82ed2c0cc5607b35fbf8c4b4c
Author: Sinan Kaya <okaya at kernel.org>
Date: Mon Sep 24 19:21:02 2018 +0000
dnsmasq: CVE-2017-15107
* CVE-2017-15107
A vulnerability was found in Dnsmasq's implementation of DNSSEC.
Wildcard synthesized NSEC records could be improperly interpreted
to prove the non-existence of hostnames that actually exist.
Affects dnsmasq <= 2.78
CVE: CVE-2017-15107
Ref: https://access.redhat.com/security/cve/cve-2017-15107
Signed-off-by: Sinan Kaya <okaya at kernel.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
meta-gnome/recipes-gnome/gedit/gedit_2.30.4.bb | 6 +-
meta-multimedia/conf/layer.conf | 2 +-
.../recipes-support/dnsmasq/dnsmasq_2.78.bb | 1 +
.../dnsmasq/files/CVE-2017-15107.patch | 263 +++++++++++++++++++++
.../recipes-devtools/protobuf/protobuf_3.5.1.bb | 7 +-
...ists.txt-Add-libpoppler-to-link-along-wit.patch | 29 +++
.../{poppler_0.63.0.bb => poppler_0.64.0.bb} | 18 +-
meta-oe/recipes-support/uim/uim_1.8.6.bb | 2 +-
8 files changed, 314 insertions(+), 14 deletions(-)
create mode 100644 meta-networking/recipes-support/dnsmasq/files/CVE-2017-15107.patch
create mode 100644 meta-oe/recipes-support/poppler/poppler/0001-glib-CMakeLists.txt-Add-libpoppler-to-link-along-wit.patch
rename meta-oe/recipes-support/poppler/{poppler_0.63.0.bb => poppler_0.64.0.bb} (76%)
hooks/post-receive
--
More information about the yocto-security
mailing list