[yocto-security] [OE-core CVE] branch master-next updated. c5887348e20b26097896732d70affc7c09cc7947

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Mon Oct 7 09:11:43 PDT 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, master-next has been updated
       via  c5887348e20b26097896732d70affc7c09cc7947 (commit)
       via  5d9d548025f07ef8ef758d5a3f14f88808f8804d (commit)
       via  160fee1bec6a4af78d5230009cf246060ac16f48 (commit)
       via  a1676382a0007259a54eaea396ea1423e8f90b32 (commit)
       via  7cba4cdeff74709ecac22651bde6d813d1c855b0 (commit)
       via  da6db0b815e698f68ef9cca9c6e2c7fffaf6efd9 (commit)
      from  e39b78ad933d6909c8d851168f2438ff6c9e3180 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c5887348e20b26097896732d70affc7c09cc7947
Author: Otavio Salvador <otavio at ossystems.com.br>
Date:   Tue Oct 1 09:15:10 2019 -0300

    modemmanager: Upgrade 1.10.2 -> 1.10.6
    
    Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 5d9d548025f07ef8ef758d5a3f14f88808f8804d
Author: Peiran Hong <peiran.hong at windriver.com>
Date:   Mon Oct 7 09:43:40 2019 -0400

    tcpdump: upgrade 4.9.2 -> 4.9.3
    
    This upgrade adds some new features and fixes numerous bugs including
    the following CVEs:
    CVE: CVE-2017-16808 (AoE)
    CVE: CVE-2018-14468 (FrameRelay)
    CVE: CVE-2018-14469 (IKEv1)
    CVE: CVE-2018-14470 (BABEL)
    CVE: CVE-2018-14466 (AFS/RX)
    CVE: CVE-2018-14461 (LDP)
    CVE: CVE-2018-14462 (ICMP)
    CVE: CVE-2018-14465 (RSVP)
    CVE: CVE-2018-14881 (BGP)
    CVE: CVE-2018-14464 (LMP)
    CVE: CVE-2018-14463 (VRRP)
    CVE: CVE-2018-14467 (BGP)
    CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
    CVE: CVE-2018-10105 (SMB - too unreliably reproduced,
                               SMB printing disabled)
    CVE: CVE-2018-14880 (OSPF6)
    CVE: CVE-2018-16451 (SMB)
    CVE: CVE-2018-14882 (RPL)
    CVE: CVE-2018-16227 (802.11)
    CVE: CVE-2018-16229 (DCCP)
    CVE: CVE-2018-16301 (was fixed in libpcap)
    CVE: CVE-2018-16230 (BGP)
    CVE: CVE-2018-16452 (SMB)
    CVE: CVE-2018-16300 (BGP)
    CVE: CVE-2018-16228 (HNCP)
    CVE: CVE-2019-15166 (LMP)
    CVE: CVE-2019-15167 (VRRP)
    CVE: CVE-2018-14879 (tcpdump -V)
    
    Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
    since the fix is included in the upgrade.
    
    Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch",
    "unnecessary-to-check-libpcap.patch", and "add-ptest.path" since
    the upgrade renamed configure.in to configure.ac and made changes
    to the file.
    
    Added PACKAGECONFIG for smb. It is disabled by default in
    the upgraded version in both the package's configure script and this
    bitbake recipe since it is insecure.
    
    Modified the parsing of ptest result to align with the new output
    format.
    
    With core-image-minimal on qemux86-64/kvm:
    Recipe         | Passed      | Failed   | Skipped   | Time(s)
    Before         | 408         | 0        | 2         | 4
    After          | 431         | 11       | 2         | 10
    
    11 test failed after the upgrade since libpcap is not upgraded
    alongside with tcpdump.
    
    Signed-off-by: Peiran Hong <peiran.hong at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 160fee1bec6a4af78d5230009cf246060ac16f48
Author: Stefan Wiehler <stefan.wiehler at missinglinkelectronics.com>
Date:   Mon Oct 7 15:42:49 2019 +0200

    nvme-cli: upgrade 1.6 -> 1.9
    
    Signed-off-by: Stefan Wiehler <stefan.wiehler at missinglinkelectronics.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit a1676382a0007259a54eaea396ea1423e8f90b32
Author: William A. Kennington III via Openembedded-devel <openembedded-devel at lists.openembedded.org>
Date:   Mon Oct 7 10:22:59 2019 +0100

    log4cpp: Stop using RC as a variable
    
    This recipe cannot be parsed when using meta-mingw because ${RC} expands
    to the Windows resource compiler. Let's use PRC instead to avoid that
    problem.
    
    Signed-off-by: Mike Crowe <mac at mcrowe.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 7cba4cdeff74709ecac22651bde6d813d1c855b0
Author: Khem Raj <raj.khem at gmail.com>
Date:   Mon Oct 7 08:53:16 2019 -0700

    grpc: Update to 1.24.1
    
    upb dependency needs to fed as source, since it lacks the CMake based
    external module builds like some other deps
    
    Forward port the cross lib installation patch
    
    Drop gettid patch as it was a backport which is in this revision
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit da6db0b815e698f68ef9cca9c6e2c7fffaf6efd9
Author: Khem Raj <raj.khem at gmail.com>
Date:   Sun Oct 6 22:14:52 2019 -0700

    README: Document need for 32bit compiler
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 ....txt-Fix-libraries-installation-for-Linux.patch |  44 ++++----
 .../0001-Define-gettid-only-for-glibc-2.30.patch   | 115 ---------------------
 .../grpc/{grpc_1.22.0.bb => grpc_1.24.1.bb}        |  11 +-
 .../tcpdump/tcpdump/add-ptest.patch                |   9 +-
 ...-absolute-path-when-searching-for-libdlpi.patch |  19 ++--
 .../recipes-support/tcpdump/tcpdump/run-ptest      |   4 +-
 .../tcpdump/unnecessary-to-check-libpcap.patch     |  15 +--
 .../tcpdump/{tcpdump_4.9.2.bb => tcpdump_4.9.3.bb} |  12 ++-
 meta-oe/README                                     |   7 ++
 ...Makefile-fix-bash-completion-install-path.patch |  33 ------
 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.6.bb       |  21 ----
 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb       |  29 ++++++
 ...demmanager_1.10.2.bb => modemmanager_1.10.6.bb} |   4 +-
 meta-oe/recipes-support/log4cpp/log4cpp_1.1.2.bb   |   4 +-
 14 files changed, 102 insertions(+), 225 deletions(-)
 delete mode 100644 meta-networking/recipes-devtools/grpc/grpc/0001-Define-gettid-only-for-glibc-2.30.patch
 rename meta-networking/recipes-devtools/grpc/{grpc_1.22.0.bb => grpc_1.24.1.bb} (81%)
 rename meta-networking/recipes-support/tcpdump/{tcpdump_4.9.2.bb => tcpdump_4.9.3.bb} (74%)
 delete mode 100644 meta-oe/recipes-bsp/nvme-cli/files/0001-Makefile-fix-bash-completion-install-path.patch
 delete mode 100644 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.6.bb
 create mode 100644 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
 rename meta-oe/recipes-connectivity/modemmanager/{modemmanager_1.10.2.bb => modemmanager_1.10.6.bb} (92%)


hooks/post-receive
--

More information about the yocto-security mailing list