[yocto-security] [OE-core CVE] branch master-next updated. e0bc71f846736f7afe7e88a31d1089799f9070bf
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Fri Oct 4 10:42:04 PDT 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master-next has been updated
via e0bc71f846736f7afe7e88a31d1089799f9070bf (commit)
via 9603877d143bce36121186be731a7709fe4b89d3 (commit)
via 734c3f6d7cf487704e99d9528d1498925b1bbc2b (commit)
via dc0ce1021149ab875d9283694d1f7751928b78dc (commit)
via aefc5ecf6ae5cde2c0e193c250d8ba3b959b41c7 (commit)
via c4de5c112800d3feef2ae2fbaab4bc8121e94c37 (commit)
via a4cedbcf585132d65c0154691e99d6113298bc5b (commit)
via 25387a367b0999f6e150c24bab872900a7b878b4 (commit)
via 55ad895ceb54551cbea475628348e64adaee52fe (commit)
via f19cdd26614ce508794d66e4f2fab872ebd5f994 (commit)
via aae146b6789b49e649d4ccacb3f4c33413f65903 (commit)
via fd8ec28e5dab7b1d908037cebf20062369a40907 (commit)
via 6bfddc941919e0d0ff9da9f44b01f2b6be90d3cd (commit)
via 77f2088b547d54febd57d3c6be2a65011da4837d (commit)
from e6d76b05a7a8ad8f448b54cb2def866a4b64dffb (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit e0bc71f846736f7afe7e88a31d1089799f9070bf
Author: Khem Raj <raj.khem at gmail.com>
Date: Wed Oct 2 16:11:45 2019 -0700
xscreensaver: Remove xserver-nodm-init rdep
this seems to be not required anyway
Fixes
ERROR: xscreensaver different signature for task do_package_write_ipk.sigdata between qemux86copy and qemux86
Hash for dependent task x11-common/xserver-nodm-init_3.0.bb:do_packagedata changed from de0944d4fcaeed0efdb143a18cc406bd043469ae291de1704a999bc878a7691c to ba7bdaf35860ba5bf5a5f4ce06379a77c88eb9806e09a1fc5373933888a46507
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 9603877d143bce36121186be731a7709fe4b89d3
Author: Randy MacLeod <randy.macleod at windriver.com>
Date: Fri Oct 4 11:56:11 2019 -0400
libteam: update from 1.28 to 1.29
Signed-off-by: Randy MacLeod <Randy.MacLeod at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 734c3f6d7cf487704e99d9528d1498925b1bbc2b
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date: Fri Oct 4 11:20:18 2019 -0400
freeradius: mark as incompatible with armv5
Freeradius fails to build for armv5:
| *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
| *** libfreeradius-server.so is not portable!
|
| *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
| *** libfreeradius-eap.so is not portable!
path -Wl,/yow-lpggp31/tgamblin/freeradius.build/tmp-glibc/work/armv5e-oe-linux-gnueabi/freeradius/3.0.19-r0/git/build/lib/local//.libs
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_compare_exchange_8'
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_load_8'
/arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_store_8'
| collect2: error: ld returned 1 exit status
| scripts/boiler.mk:630: recipe for target 'build/bin/local/radeapclient' failed
gcc does not supply 64-bit atomic operations, so freeradius cannot
be built. Marking as incompatible for armv5.
Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit dc0ce1021149ab875d9283694d1f7751928b78dc
Author: Ovidiu Panait <ovidiu.panait at windriver.com>
Date: Fri Oct 4 17:16:49 2019 +0300
kea: Disable parallel install
According to configure.ac, make install might fail when run with multiple jobs:
$ tail -15 log.do_configure
...
When running "make install" do not use any form of parallel or job
server options (such as GNU make's -j option). Doing so may cause
errors.
...
Signed-off-by: Ovidiu Panait <ovidiu.panait at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit aefc5ecf6ae5cde2c0e193c250d8ba3b959b41c7
Author: Adrian Ratiu <adrian.ratiu at collabora.com>
Date: Fri Oct 4 14:40:26 2019 +0300
renderdoc: add x11 to REQUIRED_DISTRO_FEATURES
This recipe depends on having x11 enabled so we add it to fix:
ERROR: Nothing PROVIDES 'libxcb' (but
meta-oe/meta-oe/recipes-graphics/renderdoc/renderdoc_1.4.bb
DEPENDS on or otherwise requires it)
libxcb was skipped: missing required distro feature 'x11' (not in DISTRO_FEATURES)
Signed-off-by: Adrian Ratiu <adrian.ratiu at collabora.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit c4de5c112800d3feef2ae2fbaab4bc8121e94c37
Author: Callaghan, Dan <dan.callaghan at opengear.com>
Date: Fri Oct 4 13:35:47 2019 +1000
strongswan: install dev headers
These are needed for other packages which want to link against
libstrongswan or other libraries included with Strongswan.
By default, no headers are installed.
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit a4cedbcf585132d65c0154691e99d6113298bc5b
Author: Callaghan, Dan <dan.callaghan at opengear.com>
Date: Fri Oct 4 13:12:26 2019 +1000
firewalld: update to 0.7.1
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 25387a367b0999f6e150c24bab872900a7b878b4
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date: Thu Oct 3 14:58:51 2019 -0400
gd: fix CVE-2019-6978
CVE: CVE-2019-6978
Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 55ad895ceb54551cbea475628348e64adaee52fe
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date: Thu Oct 3 14:58:50 2019 -0400
php: fix CVE-2019-6978
Patch for php to sync with the fix for the same issue in
libgd.
CVE: CVE-2019-6978
Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit f19cdd26614ce508794d66e4f2fab872ebd5f994
Author: George McCollister <george.mccollister at gmail.com>
Date: Thu Oct 3 13:08:31 2019 -0500
wireshark: fix qt5 build
Add qttools-native to PACKAGECONFIG[qt5] DEPENDS to resolve missing
Qt5LinguistTools build error.
Add qtmultimedia to PACKAGECONFIG[qt5] DEPENDS to resolve missing
Qt5Multimedia build error.
Add qtsvg to PACKAGECONFIG[qt5] DEPENDS to resolve missing Qt5Svg build
error.
Inherit cmake_qt5 when qt5 is in PACKAGECONFIG to resolve
get_target_property() called with non-existent target "Qt5::qmake"
build error.
Automatically add qt5 to PACKAGECONFIG when meta-qt5 is in the build
since adding qt5 via a .bbappend won't satisfy the conditional inherit
cmake_qt5. The poppler recipe does exactly this.
Signed-off-by: George McCollister <george.mccollister at gmail.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit aae146b6789b49e649d4ccacb3f4c33413f65903
Author: Jean-Marie LEMETAYER <jean-marie.lemetayer at savoirfairelinux.com>
Date: Thu Oct 3 16:07:29 2019 +0200
python-toml: add recipes for python2 and python3
This package is a Python library for parsing and creating TOML [1].
Another python TOML parser library named pytoml already exists in
meta-oe/recipes-devtools/python/python*-pytoml_*.bb but this library is
deprecated and it is explicitly explained to consider using the toml
package instead [2].
1: https://github.com/toml-lang/toml
2: https://github.com/avakar/pytoml/commit/cd2a62e1444cda2c517b02d36b97151acf379b88
Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer at savoirfairelinux.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit fd8ec28e5dab7b1d908037cebf20062369a40907
Author: Peiran Hong <peiran.hong at windriver.com>
Date: Wed Oct 2 16:01:10 2019 -0400
zabbix: upgrade 3.0.9 -> 4.2.6
This update fixes the following CVEs:
- CVE-2016-10742 (ZBX-13133, refer to 'Changes for 3.4.4rc1' in ChangeLog)
and addresses numerous bugs as well as improved frontend messaging
usage.
Added libevent, libpcre and zlib to DEPENDS as required dependency
to build 4.2.6.
Added --with-libpthread to EXTRA_OECONF as default configure option
since it is turned on by default in the new version.
There are also new optional features available in this update that
could be but are not yet added as PACKAGECONFIG.
Signed-off-by: Peiran Hong <peiran.hong at windriver.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 6bfddc941919e0d0ff9da9f44b01f2b6be90d3cd
Author: Andreas Müller <schnitzeltony at gmail.com>
Date: Fri Sep 27 00:32:06 2019 +0200
xfce4-panel: upgrade 4.14.0 -> 4.14.1
* important bugfix release: systray draws icons properly when compositing is
disabled
* while at it renumber patches
Signed-off-by: Andreas Müller <schnitzeltony at gmail.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
commit 77f2088b547d54febd57d3c6be2a65011da4837d
Author: Andreas Müller <schnitzeltony at gmail.com>
Date: Fri Sep 27 00:32:05 2019 +0200
catfish: upgrade 1.4.9 -> 1.4.10
Signed-off-by: Andreas Müller <schnitzeltony at gmail.com>
Signed-off-by: Khem Raj <raj.khem at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
...g-in-a-separate-directory-outside-the-sou.patch | 68 -----
.../{firewalld_0.6.4.bb => firewalld_0.7.1.bb} | 17 +-
.../freeradius/freeradius_3.0.19.bb | 2 +
.../recipes-connectivity/kea/kea_1.7.0.bb | 2 +
.../recipes-support/strongswan/strongswan_5.8.1.bb | 3 +-
.../recipes-support/wireshark/wireshark_3.0.3.bb | 6 +-
.../zabbix/{zabbix_3.0.9.bb => zabbix_4.2.6.bb} | 12 +-
.../recipes-devtools/php/php/CVE-2019-6978.patch | 192 +++++++++++++
meta-oe/recipes-devtools/php/php_7.3.9.bb | 1 +
.../recipes-graphics/renderdoc/renderdoc_1.4.bb | 4 +-
.../xscreensaver/xscreensaver_5.39.bb | 2 +-
meta-oe/recipes-support/gd/gd/CVE-2019-6978.patch | 299 +++++++++++++++++++++
meta-oe/recipes-support/gd/gd_2.2.5.bb | 1 +
.../libteam/{libteam_1.28.bb => libteam_1.29.bb} | 2 +-
.../recipes-devtools/python/python-toml.inc | 10 +
.../recipes-devtools/python/python-toml_0.10.0.bb | 6 +
.../recipes-devtools/python/python3-toml_0.10.0.bb | 6 +
.../{catfish_1.4.9.bb => catfish_1.4.10.bb} | 4 +-
...atch => 0002-use-lxdm-to-replace-dm-tool.patch} | 0
...xfce4-panel_4.14.0.bb => xfce4-panel_4.14.1.bb} | 6 +-
20 files changed, 553 insertions(+), 90 deletions(-)
delete mode 100644 meta-networking/recipes-connectivity/firewalld/files/0001-fix-building-in-a-separate-directory-outside-the-sou.patch
rename meta-networking/recipes-connectivity/firewalld/{firewalld_0.6.4.bb => firewalld_0.7.1.bb} (85%)
rename meta-oe/recipes-connectivity/zabbix/{zabbix_3.0.9.bb => zabbix_4.2.6.bb} (88%)
create mode 100644 meta-oe/recipes-devtools/php/php/CVE-2019-6978.patch
create mode 100644 meta-oe/recipes-support/gd/gd/CVE-2019-6978.patch
rename meta-oe/recipes-support/libteam/{libteam_1.28.bb => libteam_1.29.bb} (95%)
create mode 100644 meta-python/recipes-devtools/python/python-toml.inc
create mode 100644 meta-python/recipes-devtools/python/python-toml_0.10.0.bb
create mode 100644 meta-python/recipes-devtools/python/python3-toml_0.10.0.bb
rename meta-xfce/recipes-apps/catfish/{catfish_1.4.9.bb => catfish_1.4.10.bb} (72%)
rename meta-xfce/recipes-xfce/xfce4-panel/files/{0001-use-lxdm-to-replace-dm-tool.patch => 0002-use-lxdm-to-replace-dm-tool.patch} (100%)
rename meta-xfce/recipes-xfce/xfce4-panel/{xfce4-panel_4.14.0.bb => xfce4-panel_4.14.1.bb} (87%)
hooks/post-receive
--
More information about the yocto-security
mailing list