[yocto-security] [OE-core CVE] branch thud updated. 2018-10-510-g57d30f2
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Tue Oct 15 07:54:20 PDT 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, thud has been updated
via 57d30f26c3dbba720079e98d429dfcb53d527d54 (commit)
via 82a9850d6ef8cca816f9e0a53a8d20b056f95320 (commit)
via 54c6892543319c4b8f7248e95966e956053c97b7 (commit)
via 85da4ccfff2103815eb3cd9a0b0f1af122b05567 (commit)
via d68441ed80fd43f091baf01bfdb47c3ec010c662 (commit)
via 3b8db95973fc144b00d59c4797adb405a935cd7c (commit)
via 4972582767a3325d22a16db9a5479c2d0001964b (commit)
from e6728a873f1eef335a9e21bdface304f13f0c952 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 57d30f26c3dbba720079e98d429dfcb53d527d54
Author: Muminul Islam <muislam at microsoft.com>
Date: Sun Oct 13 09:10:35 2019 -0700
curl: Security fix for CVE-2019-5482
Signed-off-by: Muminul Islam <muislam at microsoft.com>
[Fixup for thud context]
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 82a9850d6ef8cca816f9e0a53a8d20b056f95320
Author: Muminul Islam <misla011 at fiu.edu>
Date: Fri Oct 11 19:21:51 2019 +0000
libsolv: Security fix for CVEs: <CVE-2018-20532, CVE-2018-20533, CVE-2018-20534>
Signed-off-by: Muminul Islam <muislam at microsoft.com>
CVE: CVE-2018-20532 CVE-2018-20533 CVE-2018-20534
Upstream-Status: Backport
Cherry picked from https://github.com/openSUSE/libsolv/pull/291/commits
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 54c6892543319c4b8f7248e95966e956053c97b7
Author: Dan Tran <dantran at microsoft.com>
Date: Tue Oct 8 18:20:02 2019 +0000
gnutls: Fix CVE-2019-3829 and CVE-2019-3836
Signed-off-by: Dan Tran <dantran at microsoft.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 85da4ccfff2103815eb3cd9a0b0f1af122b05567
Author: c-thaler <christian.thaler at tes-dst.com>
Date: Tue Sep 24 14:18:53 2019 +0200
kernel-devsrc: check for localversion files in the kernel source tree
localversion files are ignored. This might lead to a bad version magic when
building out-of-tree modules via SDK.
(Backport from master https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/meta/recipes-kernel/linux/kernel-devsrc.bb?id=59fcee90de0cbb5b6b8333ab2b0e36214b174e52)
Signed-off-by: Christian Thaler <christian.thaler at tes-dst.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit d68441ed80fd43f091baf01bfdb47c3ec010c662
Author: Muminul Islam <misla011 at fiu.edu>
Date: Mon Oct 7 21:50:40 2019 +0000
glibc: Security fix for cve <CVE-2019-6488, CVE-2019-7309>
Signed-off-by: Muminul Islam <muislam at microsoft.com>
CVE: CVE-2019-6488, CVE-2019-7309
Upstream-Status: Backport
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 3b8db95973fc144b00d59c4797adb405a935cd7c
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date: Tue Apr 2 21:31:03 2019 +0200
arch-arm64.inc: Lower the priority of aarch64 in MACHINEOVERRIDES
This makes sure, e.g., ${SOC_FAMILY} and ${MACHINE} have higher
priorities than aarch64.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 4972582767a3325d22a16db9a5479c2d0001964b
Author: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov at mentor.com>
Date: Fri Oct 11 10:16:49 2019 +0200
kernel.bbclass: fix installation of modules signing certificates
If one has provided external key/certificate for modules signing, Kbuild
will skip creating signing_key.pem and will write only signing_key.x509
certificate. Thus we have to check for .x509 file existence rather than
.pem one.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov at mentor.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit 2527e731eba43bd36d0ea268aca6b03155376134)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne at linaro.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/kernel.bbclass | 2 +-
meta/conf/machine/include/arm/arch-arm64.inc | 2 +-
meta/recipes-core/glibc/glibc/CVE-2019-6488.patch | 274 +++++++
meta/recipes-core/glibc/glibc/CVE-2019-7309.patch | 207 +++++
meta/recipes-core/glibc/glibc_2.28.bb | 2 +
.../0003-Fix-Dereference-of-null-pointer.patch | 33 +
.../0004-Fix-Add-va_end-before-return.patch | 36 +
.../libsolv/libsolv/0005-Fix-Memory-leaks.patch | 158 ++++
.../libsolv/0006-Fix-testsolv-segfault.patch | 41 +
.../libsolv/0007-Fix-testsolv-segfaults.patch | 47 ++
.../0008-Fix-Be-sure-that-NONBLOCK-is-set.patch | 37 +
...0009-Don-t-set-values-that-are-never-read.patch | 113 +++
meta/recipes-extended/libsolv/libsolv_0.6.35.bb | 7 +
meta/recipes-kernel/linux/kernel-devsrc.bb | 9 +
meta/recipes-support/curl/curl/CVE-2019-5482.patch | 68 ++
meta/recipes-support/curl/curl_7.61.0.bb | 1 +
.../gnutls/gnutls/CVE-2019-3829_p1.patch | 39 +
.../gnutls/gnutls/CVE-2019-3829_p2.patch | 871 +++++++++++++++++++++
.../gnutls/gnutls/CVE-2019-3829_p3.patch | 36 +
.../gnutls/gnutls/CVE-2019-3836.patch | 35 +
meta/recipes-support/gnutls/gnutls_3.6.4.bb | 4 +
21 files changed, 2020 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-6488.patch
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2019-7309.patch
create mode 100644 meta/recipes-extended/libsolv/libsolv/0003-Fix-Dereference-of-null-pointer.patch
create mode 100644 meta/recipes-extended/libsolv/libsolv/0004-Fix-Add-va_end-before-return.patch
create mode 100644 meta/recipes-extended/libsolv/libsolv/0005-Fix-Memory-leaks.patch
create mode 100644 meta/recipes-extended/libsolv/libsolv/0006-Fix-testsolv-segfault.patch
create mode 100644 meta/recipes-extended/libsolv/libsolv/0007-Fix-testsolv-segfaults.patch
create mode 100644 meta/recipes-extended/libsolv/libsolv/0008-Fix-Be-sure-that-NONBLOCK-is-set.patch
create mode 100644 meta/recipes-extended/libsolv/libsolv/0009-Don-t-set-values-that-are-never-read.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2019-5482.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p1.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p2.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2019-3829_p3.patch
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2019-3836.patch
hooks/post-receive
--
More information about the yocto-security
mailing list