[yocto-security] [OE-core CVE] branch master-next updated. e0bc71f846736f7afe7e88a31d1089799f9070bf

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Fri Oct 4 10:42:04 PDT 2019


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, master-next has been updated
       via  e0bc71f846736f7afe7e88a31d1089799f9070bf (commit)
       via  9603877d143bce36121186be731a7709fe4b89d3 (commit)
       via  734c3f6d7cf487704e99d9528d1498925b1bbc2b (commit)
       via  dc0ce1021149ab875d9283694d1f7751928b78dc (commit)
       via  aefc5ecf6ae5cde2c0e193c250d8ba3b959b41c7 (commit)
       via  c4de5c112800d3feef2ae2fbaab4bc8121e94c37 (commit)
       via  a4cedbcf585132d65c0154691e99d6113298bc5b (commit)
       via  25387a367b0999f6e150c24bab872900a7b878b4 (commit)
       via  55ad895ceb54551cbea475628348e64adaee52fe (commit)
       via  f19cdd26614ce508794d66e4f2fab872ebd5f994 (commit)
       via  aae146b6789b49e649d4ccacb3f4c33413f65903 (commit)
       via  fd8ec28e5dab7b1d908037cebf20062369a40907 (commit)
       via  6bfddc941919e0d0ff9da9f44b01f2b6be90d3cd (commit)
       via  77f2088b547d54febd57d3c6be2a65011da4837d (commit)
      from  e6d76b05a7a8ad8f448b54cb2def866a4b64dffb (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit e0bc71f846736f7afe7e88a31d1089799f9070bf
Author: Khem Raj <raj.khem at gmail.com>
Date:   Wed Oct 2 16:11:45 2019 -0700

    xscreensaver: Remove xserver-nodm-init rdep
    
    this seems to be not required anyway
    
    Fixes
    ERROR: xscreensaver different signature for task do_package_write_ipk.sigdata between qemux86copy and qemux86
    Hash for dependent task x11-common/xserver-nodm-init_3.0.bb:do_packagedata changed from de0944d4fcaeed0efdb143a18cc406bd043469ae291de1704a999bc878a7691c to ba7bdaf35860ba5bf5a5f4ce06379a77c88eb9806e09a1fc5373933888a46507
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 9603877d143bce36121186be731a7709fe4b89d3
Author: Randy MacLeod <randy.macleod at windriver.com>
Date:   Fri Oct 4 11:56:11 2019 -0400

    libteam: update from 1.28 to 1.29
    
    Signed-off-by: Randy MacLeod <Randy.MacLeod at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 734c3f6d7cf487704e99d9528d1498925b1bbc2b
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date:   Fri Oct 4 11:20:18 2019 -0400

    freeradius: mark as incompatible with armv5
    
    Freeradius fails to build for armv5:
    
    | *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
    | *** libfreeradius-server.so is not portable!
    |
    | *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
    | *** libfreeradius-eap.so is not portable!
    path -Wl,/yow-lpggp31/tgamblin/freeradius.build/tmp-glibc/work/armv5e-oe-linux-gnueabi/freeradius/3.0.19-r0/git/build/lib/local//.libs
    /arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_compare_exchange_8'
    /arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_load_8'
    /arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_store_8'
    | collect2: error: ld returned 1 exit status
    | scripts/boiler.mk:630: recipe for target 'build/bin/local/radeapclient' failed
    
    gcc does not supply 64-bit atomic operations, so freeradius cannot
    be built. Marking as incompatible for armv5.
    
    Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit dc0ce1021149ab875d9283694d1f7751928b78dc
Author: Ovidiu Panait <ovidiu.panait at windriver.com>
Date:   Fri Oct 4 17:16:49 2019 +0300

    kea: Disable parallel install
    
    According to configure.ac, make install might fail when run with multiple jobs:
    
    $ tail -15 log.do_configure
    ...
    When running "make install" do not use any form of parallel or job
    server options (such as GNU make's -j option). Doing so may cause
    errors.
    ...
    
    Signed-off-by: Ovidiu Panait <ovidiu.panait at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit aefc5ecf6ae5cde2c0e193c250d8ba3b959b41c7
Author: Adrian Ratiu <adrian.ratiu at collabora.com>
Date:   Fri Oct 4 14:40:26 2019 +0300

    renderdoc: add x11 to REQUIRED_DISTRO_FEATURES
    
    This recipe depends on having x11 enabled so we add it to fix:
    
    ERROR: Nothing PROVIDES 'libxcb' (but
    meta-oe/meta-oe/recipes-graphics/renderdoc/renderdoc_1.4.bb
    DEPENDS on or otherwise requires it)
    libxcb was skipped: missing required distro feature 'x11' (not in DISTRO_FEATURES)
    
    Signed-off-by: Adrian Ratiu <adrian.ratiu at collabora.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit c4de5c112800d3feef2ae2fbaab4bc8121e94c37
Author: Callaghan, Dan <dan.callaghan at opengear.com>
Date:   Fri Oct 4 13:35:47 2019 +1000

    strongswan: install dev headers
    
    These are needed for other packages which want to link against
    libstrongswan or other libraries included with Strongswan.
    By default, no headers are installed.
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit a4cedbcf585132d65c0154691e99d6113298bc5b
Author: Callaghan, Dan <dan.callaghan at opengear.com>
Date:   Fri Oct 4 13:12:26 2019 +1000

    firewalld: update to 0.7.1
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 25387a367b0999f6e150c24bab872900a7b878b4
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date:   Thu Oct 3 14:58:51 2019 -0400

    gd: fix CVE-2019-6978
    
    CVE: CVE-2019-6978
    
    Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 55ad895ceb54551cbea475628348e64adaee52fe
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date:   Thu Oct 3 14:58:50 2019 -0400

    php: fix CVE-2019-6978
    
    Patch for php to sync with the fix for the same issue in
    libgd.
    
    CVE: CVE-2019-6978
    Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit f19cdd26614ce508794d66e4f2fab872ebd5f994
Author: George McCollister <george.mccollister at gmail.com>
Date:   Thu Oct 3 13:08:31 2019 -0500

    wireshark: fix qt5 build
    
    Add qttools-native to PACKAGECONFIG[qt5] DEPENDS to resolve missing
    Qt5LinguistTools build error.
    
    Add qtmultimedia to PACKAGECONFIG[qt5] DEPENDS to resolve missing
    Qt5Multimedia build error.
    
    Add qtsvg to PACKAGECONFIG[qt5] DEPENDS to resolve missing Qt5Svg build
    error.
    
    Inherit cmake_qt5 when qt5 is in PACKAGECONFIG to resolve
    get_target_property() called with non-existent target "Qt5::qmake"
    build error.
    
    Automatically add qt5 to PACKAGECONFIG when meta-qt5 is in the build
    since adding qt5 via a .bbappend won't satisfy the conditional inherit
    cmake_qt5. The poppler recipe does exactly this.
    
    Signed-off-by: George McCollister <george.mccollister at gmail.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit aae146b6789b49e649d4ccacb3f4c33413f65903
Author: Jean-Marie LEMETAYER <jean-marie.lemetayer at savoirfairelinux.com>
Date:   Thu Oct 3 16:07:29 2019 +0200

    python-toml: add recipes for python2 and python3
    
    This package is a Python library for parsing and creating TOML [1].
    
    Another python TOML parser library named pytoml already exists in
    meta-oe/recipes-devtools/python/python*-pytoml_*.bb but this library is
    deprecated and it is explicitly explained to consider using the toml
    package instead [2].
    
    1: https://github.com/toml-lang/toml
    2: https://github.com/avakar/pytoml/commit/cd2a62e1444cda2c517b02d36b97151acf379b88
    
    Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer at savoirfairelinux.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit fd8ec28e5dab7b1d908037cebf20062369a40907
Author: Peiran Hong <peiran.hong at windriver.com>
Date:   Wed Oct 2 16:01:10 2019 -0400

    zabbix: upgrade 3.0.9 -> 4.2.6
    
    This update fixes the following CVEs:
        - CVE-2016-10742 (ZBX-13133, refer to 'Changes for 3.4.4rc1' in ChangeLog)
    
    and addresses numerous bugs as well as improved frontend messaging
    usage.
    
    Added libevent, libpcre and zlib to DEPENDS as required dependency
    to build 4.2.6.
    
    Added --with-libpthread to EXTRA_OECONF as default configure option
    since it is turned on by default in the new version.
    
    There are also new optional features available in this update that
    could be but are not yet added as PACKAGECONFIG.
    
    Signed-off-by: Peiran Hong <peiran.hong at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 6bfddc941919e0d0ff9da9f44b01f2b6be90d3cd
Author: Andreas Müller <schnitzeltony at gmail.com>
Date:   Fri Sep 27 00:32:06 2019 +0200

    xfce4-panel: upgrade 4.14.0 -> 4.14.1
    
    * important bugfix release: systray draws icons properly when compositing is
      disabled
    * while at it renumber patches
    
    Signed-off-by: Andreas Müller <schnitzeltony at gmail.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 77f2088b547d54febd57d3c6be2a65011da4837d
Author: Andreas Müller <schnitzeltony at gmail.com>
Date:   Fri Sep 27 00:32:05 2019 +0200

    catfish: upgrade 1.4.9 -> 1.4.10
    
    Signed-off-by: Andreas Müller <schnitzeltony at gmail.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 ...g-in-a-separate-directory-outside-the-sou.patch |  68 -----
 .../{firewalld_0.6.4.bb => firewalld_0.7.1.bb}     |  17 +-
 .../freeradius/freeradius_3.0.19.bb                |   2 +
 .../recipes-connectivity/kea/kea_1.7.0.bb          |   2 +
 .../recipes-support/strongswan/strongswan_5.8.1.bb |   3 +-
 .../recipes-support/wireshark/wireshark_3.0.3.bb   |   6 +-
 .../zabbix/{zabbix_3.0.9.bb => zabbix_4.2.6.bb}    |  12 +-
 .../recipes-devtools/php/php/CVE-2019-6978.patch   | 192 +++++++++++++
 meta-oe/recipes-devtools/php/php_7.3.9.bb          |   1 +
 .../recipes-graphics/renderdoc/renderdoc_1.4.bb    |   4 +-
 .../xscreensaver/xscreensaver_5.39.bb              |   2 +-
 meta-oe/recipes-support/gd/gd/CVE-2019-6978.patch  | 299 +++++++++++++++++++++
 meta-oe/recipes-support/gd/gd_2.2.5.bb             |   1 +
 .../libteam/{libteam_1.28.bb => libteam_1.29.bb}   |   2 +-
 .../recipes-devtools/python/python-toml.inc        |  10 +
 .../recipes-devtools/python/python-toml_0.10.0.bb  |   6 +
 .../recipes-devtools/python/python3-toml_0.10.0.bb |   6 +
 .../{catfish_1.4.9.bb => catfish_1.4.10.bb}        |   4 +-
 ...atch => 0002-use-lxdm-to-replace-dm-tool.patch} |   0
 ...xfce4-panel_4.14.0.bb => xfce4-panel_4.14.1.bb} |   6 +-
 20 files changed, 553 insertions(+), 90 deletions(-)
 delete mode 100644 meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
 rename meta-networking/recipes-connectivity/firewalld/{firewalld_0.6.4.bb => firewalld_0.7.1.bb} (85%)
 rename meta-oe/recipes-connectivity/zabbix/{zabbix_3.0.9.bb => zabbix_4.2.6.bb} (88%)
 create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2019-6978.patch
 create mode 100644 meta-oe/recipes-support/gd/gd/CVE-2019-6978.patch
 rename meta-oe/recipes-support/libteam/{libteam_1.28.bb => libteam_1.29.bb} (95%)
 create mode 100644 meta-python/recipes-devtools/python/python-toml.inc
 create mode 100644 meta-python/recipes-devtools/python/python-toml_0.10.0.bb
 create mode 100644 meta-python/recipes-devtools/python/python3-toml_0.10.0.bb
 rename meta-xfce/recipes-apps/catfish/{catfish_1.4.9.bb => catfish_1.4.10.bb} (72%)
 rename meta-xfce/recipes-xfce/xfce4-panel/files/{0001-use-lxdm-to-replace-dm-tool.patch => 0002-use-lxdm-to-replace-dm-tool.patch} (100%)
 rename meta-xfce/recipes-xfce/xfce4-panel/{xfce4-panel_4.14.0.bb => xfce4-panel_4.14.1.bb} (87%)


hooks/post-receive
-- 



More information about the yocto-security mailing list