[yocto-security] [OE-core CVE] branch master-next updated. 01d539b324a867a01b271946321f2bfd031c2e67

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Fri Oct 4 19:12:20 PDT 2019


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, master-next has been updated
  discards  36b379a768bcfe062372ed8e3677e906741f25c6 (commit)
  discards  7818f2f69d54fb13403eb2a435cd33a00d818951 (commit)
  discards  c08b7e36668da9909da734ecf4056ea210a39232 (commit)
  discards  dc0ce1021149ab875d9283694d1f7751928b78dc (commit)
  discards  aefc5ecf6ae5cde2c0e193c250d8ba3b959b41c7 (commit)
  discards  c4de5c112800d3feef2ae2fbaab4bc8121e94c37 (commit)
  discards  a4cedbcf585132d65c0154691e99d6113298bc5b (commit)
  discards  25387a367b0999f6e150c24bab872900a7b878b4 (commit)
  discards  55ad895ceb54551cbea475628348e64adaee52fe (commit)
  discards  f19cdd26614ce508794d66e4f2fab872ebd5f994 (commit)
  discards  aae146b6789b49e649d4ccacb3f4c33413f65903 (commit)
  discards  fd8ec28e5dab7b1d908037cebf20062369a40907 (commit)
  discards  6bfddc941919e0d0ff9da9f44b01f2b6be90d3cd (commit)
  discards  77f2088b547d54febd57d3c6be2a65011da4837d (commit)
       via  01d539b324a867a01b271946321f2bfd031c2e67 (commit)
       via  6e31ebb24a2101477d3fb568374baae0cd8b7b82 (commit)
       via  05de7a2cbea9396f5d1933111bdc9d5889f901de (commit)
       via  e17a684f289d1ed5025e9024e4045391dde7e1ae (commit)
       via  a4412258ef94d76f67db1e96d54a12c69e533bff (commit)
       via  b08e503eb75f1e6fee65cea4c03d18ad91e7a217 (commit)
       via  1eaeb89b9443298295943bc76af00dde00173e66 (commit)
       via  6ce65dc3fbf1f97db6f01fccc6205db243577662 (commit)
       via  ec48bd3bdfa4db779734417d3866b8437a9470e6 (commit)
       via  b750c405c7d291a885b8ceb197fe59b2ce125d11 (commit)
       via  a0c79bfccb7a1007b07b26b19df945baed0c7063 (commit)
       via  fdd9aea01261e65ead32b56efec901ed8b6a99b9 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (36b379a768bcfe062372ed8e3677e906741f25c6)
            \
             N -- N -- N (01d539b324a867a01b271946321f2bfd031c2e67)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 01d539b324a867a01b271946321f2bfd031c2e67
Author: Maciej Pijanowski <maciej.pijanowski at 3mdeb.com>
Date:   Fri Oct 4 17:38:02 2019 +0200

    smem: package smemcap separately
    
    Signed-off-by: Maciej Pijanowski <maciej.pijanowski at 3mdeb.com>
    
    smemcap is a tiny binary which allows capturing current state of the /proc
    for further offline analysis.
    
    Package it seperately so there is no need to install python runtime
    dependencies on the embedded system when not required.
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 6e31ebb24a2101477d3fb568374baae0cd8b7b82
Author: Khem Raj <raj.khem at gmail.com>
Date:   Wed Oct 2 16:11:45 2019 -0700

    xscreensaver: Remove xserver-nodm-init rdep
    
    this seems to be not required anyway
    
    Fixes
    ERROR: xscreensaver different signature for task do_package_write_ipk.sigdata between qemux86copy and qemux86
    Hash for dependent task x11-common/xserver-nodm-init_3.0.bb:do_packagedata changed from de0944d4fcaeed0efdb143a18cc406bd043469ae291de1704a999bc878a7691c to ba7bdaf35860ba5bf5a5f4ce06379a77c88eb9806e09a1fc5373933888a46507
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 05de7a2cbea9396f5d1933111bdc9d5889f901de
Author: Randy MacLeod <randy.macleod at windriver.com>
Date:   Fri Oct 4 11:56:11 2019 -0400

    libteam: update from 1.28 to 1.29
    
    Signed-off-by: Randy MacLeod <Randy.MacLeod at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit e17a684f289d1ed5025e9024e4045391dde7e1ae
Author: Ovidiu Panait <ovidiu.panait at windriver.com>
Date:   Fri Oct 4 17:16:49 2019 +0300

    kea: Disable parallel install
    
    According to configure.ac, make install might fail when run with multiple jobs:
    
    $ tail -15 log.do_configure
    ...
    When running "make install" do not use any form of parallel or job
    server options (such as GNU make's -j option). Doing so may cause
    errors.
    ...
    
    Signed-off-by: Ovidiu Panait <ovidiu.panait at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit a4412258ef94d76f67db1e96d54a12c69e533bff
Author: Adrian Ratiu <adrian.ratiu at collabora.com>
Date:   Fri Oct 4 14:40:26 2019 +0300

    renderdoc: add x11 to REQUIRED_DISTRO_FEATURES
    
    This recipe depends on having x11 enabled so we add it to fix:
    
    ERROR: Nothing PROVIDES 'libxcb' (but
    meta-oe/meta-oe/recipes-graphics/renderdoc/renderdoc_1.4.bb
    DEPENDS on or otherwise requires it)
    libxcb was skipped: missing required distro feature 'x11' (not in DISTRO_FEATURES)
    
    Signed-off-by: Adrian Ratiu <adrian.ratiu at collabora.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit b08e503eb75f1e6fee65cea4c03d18ad91e7a217
Author: Callaghan, Dan <dan.callaghan at opengear.com>
Date:   Fri Oct 4 13:35:47 2019 +1000

    strongswan: install dev headers
    
    These are needed for other packages which want to link against
    libstrongswan or other libraries included with Strongswan.
    By default, no headers are installed.
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 1eaeb89b9443298295943bc76af00dde00173e66
Author: Callaghan, Dan <dan.callaghan at opengear.com>
Date:   Fri Oct 4 13:12:26 2019 +1000

    firewalld: update to 0.7.1
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 6ce65dc3fbf1f97db6f01fccc6205db243577662
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date:   Thu Oct 3 14:58:51 2019 -0400

    gd: fix CVE-2019-6978
    
    CVE: CVE-2019-6978
    
    Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit ec48bd3bdfa4db779734417d3866b8437a9470e6
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date:   Thu Oct 3 14:58:50 2019 -0400

    php: fix CVE-2019-6978
    
    Patch for php to sync with the fix for the same issue in
    libgd.
    
    CVE: CVE-2019-6978
    Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit b750c405c7d291a885b8ceb197fe59b2ce125d11
Author: George McCollister <george.mccollister at gmail.com>
Date:   Thu Oct 3 13:08:31 2019 -0500

    wireshark: fix qt5 build
    
    Add qttools-native to PACKAGECONFIG[qt5] DEPENDS to resolve missing
    Qt5LinguistTools build error.
    
    Add qtmultimedia to PACKAGECONFIG[qt5] DEPENDS to resolve missing
    Qt5Multimedia build error.
    
    Add qtsvg to PACKAGECONFIG[qt5] DEPENDS to resolve missing Qt5Svg build
    error.
    
    Inherit cmake_qt5 when qt5 is in PACKAGECONFIG to resolve
    get_target_property() called with non-existent target "Qt5::qmake"
    build error.
    
    Automatically add qt5 to PACKAGECONFIG when meta-qt5 is in the build
    since adding qt5 via a .bbappend won't satisfy the conditional inherit
    cmake_qt5. The poppler recipe does exactly this.
    
    Signed-off-by: George McCollister <george.mccollister at gmail.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit a0c79bfccb7a1007b07b26b19df945baed0c7063
Author: Jean-Marie LEMETAYER <jean-marie.lemetayer at savoirfairelinux.com>
Date:   Thu Oct 3 16:07:29 2019 +0200

    python-toml: add recipes for python2 and python3
    
    This package is a Python library for parsing and creating TOML [1].
    
    Another python TOML parser library named pytoml already exists in
    meta-oe/recipes-devtools/python/python*-pytoml_*.bb but this library is
    deprecated and it is explicitly explained to consider using the toml
    package instead [2].
    
    1: https://github.com/toml-lang/toml
    2: https://github.com/avakar/pytoml/commit/cd2a62e1444cda2c517b02d36b97151acf379b88
    
    Signed-off-by: Jean-Marie LEMETAYER <jean-marie.lemetayer at savoirfairelinux.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit fdd9aea01261e65ead32b56efec901ed8b6a99b9
Author: Peiran Hong <peiran.hong at windriver.com>
Date:   Wed Oct 2 16:01:10 2019 -0400

    zabbix: upgrade 3.0.9 -> 4.2.6
    
    This update fixes the following CVEs:
        - CVE-2016-10742 (ZBX-13133, refer to 'Changes for 3.4.4rc1' in ChangeLog)
    
    and addresses numerous bugs as well as improved frontend messaging
    usage.
    
    Added libevent, libpcre and zlib to DEPENDS as required dependency
    to build 4.2.6.
    
    Added --with-libpthread to EXTRA_OECONF as default configure option
    since it is turned on by default in the new version.
    
    There are also new optional features available in this update that
    could be but are not yet added as PACKAGECONFIG.
    
    Signed-off-by: Peiran Hong <peiran.hong at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 .../recipes-apps/catfish/{catfish_1.4.10.bb => catfish_1.4.9.bb}    | 4 ++--
 ...replace-dm-tool.patch => 0001-use-lxdm-to-replace-dm-tool.patch} | 0
 .../xfce4-panel/{xfce4-panel_4.14.1.bb => xfce4-panel_4.14.0.bb}    | 6 +++---
 3 files changed, 5 insertions(+), 5 deletions(-)
 rename meta-xfce/recipes-apps/catfish/{catfish_1.4.10.bb => catfish_1.4.9.bb} (72%)
 rename meta-xfce/recipes-xfce/xfce4-panel/files/{0002-use-lxdm-to-replace-dm-tool.patch => 0001-use-lxdm-to-replace-dm-tool.patch} (100%)
 rename meta-xfce/recipes-xfce/xfce4-panel/{xfce4-panel_4.14.1.bb => xfce4-panel_4.14.0.bb} (87%)


hooks/post-receive
-- 



More information about the yocto-security mailing list