[yocto-security] [OE-core CVE] branch master updated. fd1a0c9210b162ccb147e933984c755d32899efc

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Tue Oct 8 15:59:33 PDT 2019


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, master has been updated
       via  fd1a0c9210b162ccb147e933984c755d32899efc (commit)
       via  5d23c6329ebaef39bd8892365a5867d609fd47cf (commit)
       via  1ede5a0c181c4562795ab7f9e98889c9a6800d3b (commit)
       via  31161b5fee5ae8616f18e135990fd27838c7a6ad (commit)
       via  fb0a590c4a21c7303de6f0b048bbc648b0e7f5f5 (commit)
       via  71535e2f0ea76d39d2911e022905ec8ee9843872 (commit)
       via  b75c618de85e674b60f0f054b9e9b11577db5483 (commit)
       via  bfe144b038ee49290bed7b7d851bca52d340af2e (commit)
       via  da6db0b815e698f68ef9cca9c6e2c7fffaf6efd9 (commit)
       via  e39b78ad933d6909c8d851168f2438ff6c9e3180 (commit)
       via  5f9f4cba2f3a9b22fcd658fed91b1fe05b840b7f (commit)
       via  501df47c331e851925f1965b547e4d888a89555d (commit)
       via  2582668a348b6fcd1377b762ca26a05fb6d14b9d (commit)
       via  a82f449dab48f014ba935ee842ad420fdfef004c (commit)
       via  35a85e1f7898d5703cb598d996b76b081034e950 (commit)
       via  e0f10bd78d03edd1846243d1115ba11b87cd69b0 (commit)
       via  c95c94d689f3b4972db72f511a60bcef52b8080d (commit)
      from  01d539b324a867a01b271946321f2bfd031c2e67 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit fd1a0c9210b162ccb147e933984c755d32899efc
Author: Palmer Dabbelt <palmer at dabbelt.com>
Date:   Tue Oct 8 14:48:17 2019 -0700

    Add zeus compatibility to all layer.conf files
    
    I have no idea if this is the right thing to do, but without the patch I
    can't actually buil OE because none of these layers are compatible
    with the change in openembedded-core to move to zeus.
    
    Fixes: a5c9709b8d ("layer.conf: Update for zeus series") # openembedded-core
    
    Signed-off-by: Palmer Dabbelt <palmer at dabbelt.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 5d23c6329ebaef39bd8892365a5867d609fd47cf
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date:   Tue Oct 8 08:43:41 2019 -0500

    freeradius: add -latomic for armv5
    
    freeradius fails to build for armv5:
    
    | *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
    | *** libfreeradius-server.so is not portable!
    |
    | *** Warning: Linking the executable build/bin/local/radeapclient against the loadable module
    | *** libfreeradius-eap.so is not portable!
    path -Wl,/yow-lpggp31/tgamblin/freeradius.build/tmp-glibc/work/armv5e-oe-linux-gnueabi/freeradius/3.0.19-r0/git/build/lib/local//.libs
    /arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_compare_exchange_8'
    /arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_load_8'
    /arm-oe-linux-gnueabi/9.2.0/ld: build/lib/local/.libs/libfreeradius-radius.so: undefined reference to `__atomic_store_8'
    | collect2: error: ld returned 1 exit status
    | scripts/boiler.mk:630: recipe for target 'build/bin/local/radeapclient' failed
    
    Explicitly link libatomic to fix the issue.
    
    Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 1ede5a0c181c4562795ab7f9e98889c9a6800d3b
Author: Khem Raj <raj.khem at gmail.com>
Date:   Mon Oct 7 08:53:16 2019 -0700

    grpc: Update to 1.24.1
    
    upb dependency needs to fed as source, since it lacks the CMake based
    external module builds like some other deps
    
    Forward port the cross lib installation patch
    
    Drop gettid patch as it was a backport which is in this revision
    
    Link with libatomic on mips
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 31161b5fee5ae8616f18e135990fd27838c7a6ad
Author: Khem Raj <raj.khem at gmail.com>
Date:   Mon Oct 7 20:03:34 2019 -0700

    mongodb: Turn system libpcre support into packageconfig
    
    when libpcre is built with clang and mongodb with gcc then they dont
    link well, in such cases its better to use in-tree pcre, this paves a
    way to achieve that if needed
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit fb0a590c4a21c7303de6f0b048bbc648b0e7f5f5
Author: Otavio Salvador <otavio at ossystems.com.br>
Date:   Tue Oct 1 09:15:10 2019 -0300

    modemmanager: Upgrade 1.10.2 -> 1.10.6
    
    Signed-off-by: Otavio Salvador <otavio at ossystems.com.br>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 71535e2f0ea76d39d2911e022905ec8ee9843872
Author: Peiran Hong <peiran.hong at windriver.com>
Date:   Mon Oct 7 09:43:40 2019 -0400

    tcpdump: upgrade 4.9.2 -> 4.9.3
    
    This upgrade adds some new features and fixes numerous bugs including
    the following CVEs:
    CVE: CVE-2017-16808 (AoE)
    CVE: CVE-2018-14468 (FrameRelay)
    CVE: CVE-2018-14469 (IKEv1)
    CVE: CVE-2018-14470 (BABEL)
    CVE: CVE-2018-14466 (AFS/RX)
    CVE: CVE-2018-14461 (LDP)
    CVE: CVE-2018-14462 (ICMP)
    CVE: CVE-2018-14465 (RSVP)
    CVE: CVE-2018-14881 (BGP)
    CVE: CVE-2018-14464 (LMP)
    CVE: CVE-2018-14463 (VRRP)
    CVE: CVE-2018-14467 (BGP)
    CVE: CVE-2018-10103 (SMB - partially fixed, but SMB printing disabled)
    CVE: CVE-2018-10105 (SMB - too unreliably reproduced,
                               SMB printing disabled)
    CVE: CVE-2018-14880 (OSPF6)
    CVE: CVE-2018-16451 (SMB)
    CVE: CVE-2018-14882 (RPL)
    CVE: CVE-2018-16227 (802.11)
    CVE: CVE-2018-16229 (DCCP)
    CVE: CVE-2018-16301 (was fixed in libpcap)
    CVE: CVE-2018-16230 (BGP)
    CVE: CVE-2018-16452 (SMB)
    CVE: CVE-2018-16300 (BGP)
    CVE: CVE-2018-16228 (HNCP)
    CVE: CVE-2019-15166 (LMP)
    CVE: CVE-2019-15167 (VRRP)
    CVE: CVE-2018-14879 (tcpdump -V)
    
    Deleted patch "0001-CVE-2017-16808-AoE-Add-a-missing-bounds-check.patch"
    since the fix is included in the upgrade.
    
    Modified patches "avoid-absolute-path-when-searching-for-libdlpi.patch",
    "unnecessary-to-check-libpcap.patch", and "add-ptest.path" since
    the upgrade renamed configure.in to configure.ac and made changes
    to the file.
    
    Added PACKAGECONFIG for smb. It is disabled by default in
    the upgraded version in both the package's configure script and this
    bitbake recipe since it is insecure.
    
    Modified the parsing of ptest result to align with the new output
    format.
    
    With core-image-minimal on qemux86-64/kvm:
    Recipe         | Passed      | Failed   | Skipped   | Time(s)
    Before         | 408         | 0        | 2         | 4
    After          | 431         | 11       | 2         | 10
    
    11 test failed after the upgrade since libpcap is not upgraded
    alongside with tcpdump.
    
    Signed-off-by: Peiran Hong <peiran.hong at windriver.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit b75c618de85e674b60f0f054b9e9b11577db5483
Author: Stefan Wiehler <stefan.wiehler at missinglinkelectronics.com>
Date:   Mon Oct 7 15:42:49 2019 +0200

    nvme-cli: upgrade 1.6 -> 1.9
    
    Signed-off-by: Stefan Wiehler <stefan.wiehler at missinglinkelectronics.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit bfe144b038ee49290bed7b7d851bca52d340af2e
Author: William A. Kennington III via Openembedded-devel <openembedded-devel at lists.openembedded.org>
Date:   Mon Oct 7 10:22:59 2019 +0100

    log4cpp: Stop using RC as a variable
    
    This recipe cannot be parsed when using meta-mingw because ${RC} expands
    to the Windows resource compiler. Let's use PRC instead to avoid that
    problem.
    
    Signed-off-by: Mike Crowe <mac at mcrowe.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit da6db0b815e698f68ef9cca9c6e2c7fffaf6efd9
Author: Khem Raj <raj.khem at gmail.com>
Date:   Sun Oct 6 22:14:52 2019 -0700

    README: Document need for 32bit compiler
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit e39b78ad933d6909c8d851168f2438ff6c9e3180
Author: Khem Raj <raj.khem at gmail.com>
Date:   Sun Oct 6 18:26:38 2019 -0700

    pmdk: Update to 1.7
    
    - Examples can be disabled via makefile argument, so drop the patch to
      disble building them and instead disable building via makefile
      argument
    - Add a patch to control secure_getenv definition spill into linux/musl
      case
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 5f9f4cba2f3a9b22fcd658fed91b1fe05b840b7f
Author: Adrian Bunk <bunk at stusta.de>
Date:   Sun Oct 6 22:14:21 2019 +0300

    xmlrpc-c: Remove the RDEPENDS on perl
    
    The tools that use perl are no longer built.
    
    Signed-off-by: Adrian Bunk <bunk at stusta.de>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 501df47c331e851925f1965b547e4d888a89555d
Author: Stefan Agner <stefan.agner at toradex.com>
Date:   Sun Oct 6 23:00:32 2019 +0200

    zram: properly implement systemd service
    
    The systemd service points ot a script which is not installed by
    zram or any of its dependencies. It seems that the service got
    migrated without the necessary script.
    
    The sysvinit script seems rather dated and initializes multiple
    zram instances to support multiprocessor systems. This is no
    longer necessary with modern implementations as newer kernel
    version support multiple streams by default.
    
    Create a modern implementation based on Fedoras zram package.
    Make use of systemd swap unit files instead of enabling swap
    directly.
    
    This removes the need for util-linux-swaponoff (since swap is
    now handled by systemd, which presumably depends on swaponoff).
    However, it adds the dependency to util-linux for zramctl.
    
    Signed-off-by: Stefan Agner <stefan.agner at toradex.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 2582668a348b6fcd1377b762ca26a05fb6d14b9d
Author: Khem Raj <raj.khem at gmail.com>
Date:   Sat Oct 5 09:50:52 2019 -0700

    fio: Fix build when march is armv7ve
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit a82f449dab48f014ba935ee842ad420fdfef004c
Author: Khem Raj <raj.khem at gmail.com>
Date:   Sat Oct 5 08:51:05 2019 -0700

    fio: Depend on coreutils-native for fmt utility
    
    It needs fmt during build, fixes
    /bin/sh: fmt: command not found
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit 35a85e1f7898d5703cb598d996b76b081034e950
Author: Denys Dmytriyenko <denys at ti.com>
Date:   Fri Sep 27 20:56:39 2019 -0400

    mariadb: update SRC_URI to use archive.mariadb.org
    
    archive.mariadb.org does not go 404 on releases over time
    
    Signed-off-by: Denys Dmytriyenko <denys at ti.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit e0f10bd78d03edd1846243d1115ba11b87cd69b0
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date:   Fri Oct 4 22:53:53 2019 -0400

    gnome-desktop3: upgrade from 3.32.0 to 3.34.0
    
    Update to fix CVE-2019-11460 as well as add various bugfixes
    from upstream.
    
    CVE: CVE-2019-11460
    
    Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
    Acked-by: Andreas Müller <schnitzeltony at gmail.com>
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

commit c95c94d689f3b4972db72f511a60bcef52b8080d
Author: Khem Raj <raj.khem at gmail.com>
Date:   Sat Oct 5 08:33:45 2019 -0700

    xorg-fonts-100dpi: Change License Custom -> MIT
    
    This is a meta package which collects a bunch of 100dpi font packages
    together which all are also under MIT license, Custom is not a known
    type moreover MIT is well suited for this recipe for compatibility
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>

-----------------------------------------------------------------------

Summary of changes:
 meta-filesystems/conf/layer.conf                   |   2 +-
 meta-gnome/conf/layer.conf                         |   2 +-
 ...desktop3_3.32.0.bb => gnome-desktop3_3.34.0.bb} |   4 +-
 meta-initramfs/conf/layer.conf                     |   2 +-
 meta-multimedia/conf/layer.conf                    |   2 +-
 meta-networking/conf/layer.conf                    |   2 +-
 .../freeradius/freeradius_3.0.19.bb                |   1 +
 ....txt-Fix-libraries-installation-for-Linux.patch |  44 ++++----
 .../0001-Define-gettid-only-for-glibc-2.30.patch   | 115 ---------------------
 .../grpc/{grpc_1.22.0.bb => grpc_1.24.1.bb}        |  15 ++-
 .../tcpdump/tcpdump/add-ptest.patch                |   9 +-
 ...-absolute-path-when-searching-for-libdlpi.patch |  19 ++--
 .../recipes-support/tcpdump/tcpdump/run-ptest      |   4 +-
 .../tcpdump/unnecessary-to-check-libpcap.patch     |  15 +--
 .../tcpdump/{tcpdump_4.9.2.bb => tcpdump_4.9.3.bb} |  12 ++-
 meta-oe/README                                     |   7 ++
 meta-oe/conf/layer.conf                            |   2 +-
 ...01-arch-arm-Consider-armv7ve-arch-as-well.patch |  28 +++++
 meta-oe/recipes-benchmark/fio/fio_3.16.bb          |   3 +-
 ...Makefile-fix-bash-completion-install-path.patch |  33 ------
 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.6.bb       |  21 ----
 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb       |  29 ++++++
 ...demmanager_1.10.2.bb => modemmanager_1.10.6.bb} |   4 +-
 meta-oe/recipes-dbs/mongodb/mongodb_git.bb         |   6 +-
 meta-oe/recipes-dbs/mysql/mariadb.inc              |   2 +-
 .../recipes-devtools/xmlrpc-c/xmlrpc-c_1.51.03.bb  |   1 -
 ...e-__FreeBSD__-to-control-secure_getenv-de.patch |  33 ++++++
 .../0003-Makefile-Don-t-build-the-examples.patch   |  34 ------
 .../pmdk/{pmdk_1.6.bb => pmdk_1.7.bb}              |   6 +-
 meta-oe/recipes-extended/zram/zram/dev-zram0.swap  |  10 ++
 .../recipes-extended/zram/zram/zram-swap-deinit    |  19 ++++
 meta-oe/recipes-extended/zram/zram/zram-swap-init  |  26 +++++
 .../recipes-extended/zram/zram/zram-swap.service   |  10 ++
 meta-oe/recipes-extended/zram/zram/zram.service    |  12 ---
 meta-oe/recipes-extended/zram/zram/zramstop        |   5 +
 meta-oe/recipes-extended/zram/zram_0.1.bb          |  33 ------
 meta-oe/recipes-extended/zram/zram_0.2.bb          |  50 +++++++++
 .../xorg-font/xorg-fonts-100dpi.bb                 |   2 +-
 meta-oe/recipes-support/log4cpp/log4cpp_1.1.2.bb   |   4 +-
 meta-perl/conf/layer.conf                          |   2 +-
 meta-python/conf/layer.conf                        |   2 +-
 meta-webserver/conf/layer.conf                     |   2 +-
 meta-xfce/conf/layer.conf                          |   2 +-
 43 files changed, 310 insertions(+), 326 deletions(-)
 rename meta-gnome/recipes-gnome/gnome-desktop/{gnome-desktop3_3.32.0.bb => gnome-desktop3_3.34.0.bb} (88%)
 delete mode 100644 meta-networking/recipes-devtools/grpc/grpc/0001-Define-gettid-only-for-glibc-2.30.patch
 rename meta-networking/recipes-devtools/grpc/{grpc_1.22.0.bb => grpc_1.24.1.bb} (73%)
 rename meta-networking/recipes-support/tcpdump/{tcpdump_4.9.2.bb => tcpdump_4.9.3.bb} (74%)
 create mode 100644 meta-oe/recipes-benchmark/fio/files/0001-arch-arm-Consider-armv7ve-arch-as-well.patch
 delete mode 100644 meta-oe/recipes-bsp/nvme-cli/files/0001-Makefile-fix-bash-completion-install-path.patch
 delete mode 100644 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.6.bb
 create mode 100644 meta-oe/recipes-bsp/nvme-cli/nvme-cli_1.9.bb
 rename meta-oe/recipes-connectivity/modemmanager/{modemmanager_1.10.2.bb => modemmanager_1.10.6.bb} (92%)
 create mode 100644 meta-oe/recipes-extended/pmdk/files/0001-os_posix-Use-__FreeBSD__-to-control-secure_getenv-de.patch
 delete mode 100644 meta-oe/recipes-extended/pmdk/files/0003-Makefile-Don-t-build-the-examples.patch
 rename meta-oe/recipes-extended/pmdk/{pmdk_1.6.bb => pmdk_1.7.bb} (84%)
 create mode 100644 meta-oe/recipes-extended/zram/zram/dev-zram0.swap
 create mode 100755 meta-oe/recipes-extended/zram/zram/zram-swap-deinit
 create mode 100755 meta-oe/recipes-extended/zram/zram/zram-swap-init
 create mode 100644 meta-oe/recipes-extended/zram/zram/zram-swap.service
 delete mode 100644 meta-oe/recipes-extended/zram/zram/zram.service
 create mode 100644 meta-oe/recipes-extended/zram/zram/zramstop
 delete mode 100644 meta-oe/recipes-extended/zram/zram_0.1.bb
 create mode 100644 meta-oe/recipes-extended/zram/zram_0.2.bb


hooks/post-receive
-- 



More information about the yocto-security mailing list