[yocto-security] [OE-core CVE] branch master updated. uninative-2.7-128-gbdc62e2

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Sat Oct 19 15:18:55 PDT 2019


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, master has been updated
       via  bdc62e2845fc242cf0778623690fadcb8da731d4 (commit)
       via  3b788da31af6296a0404ed6080aef17708d61303 (commit)
       via  68a10763e64764a0d43be9162e7b99833f5296db (commit)
       via  81b375ac7851088a671317468a8e2eed69d4a827 (commit)
       via  ec856301887b1139f93aa54d04bed9b842357b4f (commit)
       via  84640e2b4daf4cf22c5b0324c22332f59e4d51e3 (commit)
       via  ff2218f7cc3992725dd35499c14ec3396120dcc5 (commit)
       via  8c23c1476d0c64b9bc8806db03414fa914c1e658 (commit)
       via  d99617b8f2a9354b7357524fcd2eee16af0677b7 (commit)
       via  0ab7e3b573a58cc3a869ef33fd8737ca7fe04550 (commit)
       via  6958f7e4c6a1c27e823ae0a74c1642d78ca7a45e (commit)
       via  04136dbac48986dce5b2b872b2c0b46c673c44f2 (commit)
       via  c73d2a2c0ecc99f0d6d7e6a1861ecce7a2312a57 (commit)
       via  a752faa152df031df5acaa40491299ac115109a4 (commit)
       via  073c435644091c2801e45c6d02afa917de575082 (commit)
       via  8bd4b87071c073a0e4d265bc00df34684a355eff (commit)
       via  a1c95580549cb4f77601e62c7f026b19c752d853 (commit)
       via  b0efd8d4d0dbc30e6505b42f5603f18fa764d732 (commit)
       via  70b9cdf86b9c5ed14937500619387a890a57ef20 (commit)
       via  5b7e78f6389e1659cbf22499e17ef34b2b813a08 (commit)
       via  460f877adbfaf2ae980228c9d545886f82656c38 (commit)
       via  927e16e289292d7bc4dad10d0ed722d8705fff48 (commit)
       via  e72cd2950b38a5fc45908c9601679e601cf60559 (commit)
       via  586c045eb81b79200b46bf743f5d3fdb5f68c12d (commit)
       via  427320d7621846d57649af46bf57c88f86cac612 (commit)
      from  0ad21fe63f6873805762880cca4c37dbe71ee473 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit bdc62e2845fc242cf0778623690fadcb8da731d4
Author: Max Tomago <max.tomago at codethink.co.uk>
Date:   Tue Oct 15 17:37:44 2019 +0100

    python-native: Remove debug.patch
    
    It doesn't look like it should be there.
    
    Signed-off-by: Max Tomago <max.tomago at codethink.co.uk>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 3b788da31af6296a0404ed6080aef17708d61303
Author: Trevor Gamblin <trevor.gamblin at windriver.com>
Date:   Wed Oct 16 06:23:21 2019 -0700

    aspell: upgrade from 0.60.7 to 0.60.8
    
    New version fixes CVE-2019-17544 as well as various other bugs.
    
    CVE: CVE-2019-17544
    
    RP: Added tweak to fix meta-selftest
    Signed-off-by: Trevor Gamblin <trevor.gamblin at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 68a10763e64764a0d43be9162e7b99833f5296db
Author: Mikko Rapeli <mikko.rapeli at bmw.de>
Date:   Thu Oct 17 10:31:58 2019 +0300

    systemd.bbclass: enable all services specified in ${SYSTEMD_SERVICE}
    
    This has been the traditional way of enabling systemd services.
    It may conflict with presets feature, but other layers, image classes
    and recipes add services to be enabled using SYSTEMD_SERVICE
    variable also with read-only rootfs, e.g. IMAGE_FEATURES has
    stateless-rootfs and systemd_preset_all task is not executed.
    
    Fixes startup of custom services from our recipes using custom
    image classes with various BSP layers. In the worst case even
    serial console getty service wasn't starting due to dependency
    no not enabled services.
    
    Signed-off-by: Mikko Rapeli <mikko.rapeli at bmw.de>
    Cc: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 81b375ac7851088a671317468a8e2eed69d4a827
Author: Changqing Li <changqing.li at windriver.com>
Date:   Thu Oct 17 10:52:27 2019 +0800

    qemu: Fix CVE-2019-12068
    
    Signed-off-by: Changqing Li <changqing.li at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit ec856301887b1139f93aa54d04bed9b842357b4f
Author: André Draszik <git at andred.net>
Date:   Thu Oct 17 10:28:02 2019 +0100

    oeqa/runtime/systemd: skip unit enable/disable on read-only-rootfs
    
    This doesn't work on read-only-rootfs:
        AssertionError: 1 != 0 : SYSTEMD_BUS_TIMEOUT=240s systemctl disable avahi-daemon.service
        Failed to disable unit: File /etc/systemd/system/multi-user.target.wants/avahi-daemon.service: Read-only file system
    
    This patch does two things:
    1) Decorate the existing test to be skipped if the rootfs is
       read-only
    2) add a new test to be executed only if the rootfs is
       read-only. This new test remounts the rootfs read-write
       before continuing to execute the existing test, making
       sure to clean up correctly after itself (remount r/o
       again).
    
    Signed-off-by: André Draszik <git at andred.net>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 84640e2b4daf4cf22c5b0324c22332f59e4d51e3
Author: André Draszik <git at andred.net>
Date:   Wed Oct 16 10:18:24 2019 +0100

    oeqa/runtime/opkg: skip install on read-only-rootfs
    
    Images can have package management enabled, but be
    generally running as read-only. In this case, the
    test fails at the moment with various errors due to
    that.
    
    Use the new @skipIfFeature decorator to also skip
    this test in that case.
    
    Signed-off-by: André Draszik <git at andred.net>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit ff2218f7cc3992725dd35499c14ec3396120dcc5
Author: André Draszik <git at andred.net>
Date:   Wed Oct 16 10:18:23 2019 +0100

    oeqa/core/decorator: add skipIfFeature
    
    skipIfFeature will skip a test if a given DIST_FEATURE
    or IMAGE_FEATURE is enabled.
    
    Signed-off-by: André Draszik <git at andred.net>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 8c23c1476d0c64b9bc8806db03414fa914c1e658
Author: André Draszik <git at andred.net>
Date:   Wed Oct 16 10:18:22 2019 +0100

    oeqa/runtime/df: don't fail on long device names
    
    When device names are long (more than 20 characters), the
    df test will fail with an exception:
        self.assertTrue(int(output)>5120, msg=msg)
        ValueError: invalid literal for int() with base 10: ''
    at least when busybox is in use.
    
    The reason is that busybox breaks the line in that case:
        Filesystem           1K-blocks      Used Available Use% Mounted on
        /dev/disk/by-partuuid/8e991e5a-cebd-4f88-9494-c9db4f30cb02
                               1998672     87024   1790408   5% /
    and the code tries to extract the fourth field from the
    second line, which is empty of course.
    
    df can be told not to break lines, though, using the -P
    flag, which turns on the POSIX output format, and is
    supported by busybox df and coreutils df:
        Filesystem           1024-blocks    Used Available Capacity Mounted on
        /dev/disk/by-partuuid/8e991e5a-cebd-4f88-9494-c9db4f30cb02   1998672     87024   1790408   5% /
    
    Signed-off-by: André Draszik <git at andred.net>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit d99617b8f2a9354b7357524fcd2eee16af0677b7
Author: André Draszik <git at andred.net>
Date:   Wed Oct 16 10:18:21 2019 +0100

    testimage.bbclass: enable ssh agent forwarding
    
    Some targets might use ssh to do their power- or serial-
    control. In that case, ssh might need access to the
    ssh agent, or otherwise won't work.
    
    So export it into the environment.
    
    Note that the (old) oeqa/controllers/masterimage.py
    tries to do that as well by exporting all of BB_ORIGENV
    into the test environment. Here in testimage.bbclass we
    are a bit more strict and only pass the ssh related
    environment variables.
    
    Signed-off-by: André Draszik <git at andred.net>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 0ab7e3b573a58cc3a869ef33fd8737ca7fe04550
Author: André Draszik <andre.draszik at jci.com>
Date:   Wed Oct 16 10:18:20 2019 +0100

    testimage.bbclass: support hardware-controlled targets
    
    Since the introduction of the new runtime framework for target
    testing in commit 2aa5a4954d76
    ("testimage.bbclass: Migrate class to use new runtime framework")
    commit 3857e5c91da6 in poky.git, target controllers have no
    access to the global datastore 'd' anymore.
    
    This makes it impossible for a specific OEQA (hardware)
    controller to access documented properties like
    TEST_POWERCONTROL_CMD, TEST_SERIALCONTROL_CMD, etc,
    meaning it's impossible for those controllers to actually
    control the hardware.
    
    To solve this, simply add those documented variables into
    the target_kwargs[].
    
    Signed-off-by: André Draszik <andre.draszik at jci.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 6958f7e4c6a1c27e823ae0a74c1642d78ca7a45e
Author: Ross Burton <ross.burton at intel.com>
Date:   Thu Oct 17 12:29:45 2019 +0100

    gawk: add PACKAGECONFIG for readline
    
    Add a PACKAGECONFIG so that readline can be disabled if desired.
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 04136dbac48986dce5b2b872b2c0b46c673c44f2
Author: Ross Burton <ross.burton at intel.com>
Date:   Thu Oct 17 12:29:44 2019 +0100

    python3: -dev should depend on distutils
    
    python3-config uses distutils:
    
    Traceback (most recent call last):
      File "/usr/bin/python3-config", line 9, in <module>
        from distutils import sysconfig
    ModuleNotFoundError: No module named 'distutils'
    
    Add the dependency so that distutils is always present.
    
    [ YOCTO #13592 ]
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit c73d2a2c0ecc99f0d6d7e6a1861ecce7a2312a57
Author: Ricardo Ribalda Delgado <ricardo at ribalda.com>
Date:   Thu Oct 17 16:16:19 2019 +0200

    i2c-tools: Add missing RDEPEND
    
    Fixes:
     # decode-dimms
    Can't locate Carp.pm in @INC (you may need to install the Carp module) (@INC contains: /usr/lib/perl5/site_perl/5.28.1/x86_64-linux /usr/lib/perl5/site_perl/5.28.1 /usr/lib/perl5/vendor_perl/5.28.1/x86_64-linux /usr/lib/perl5/vendor_perl/5.28.1 /usr/lib/perl5/5.28.1/x86_64-linux /usr/lib/perl5/5.28.1 .) at /usr/lib/perl5/5.28.1/Tie/Hash.pm line 190.
    BEGIN failed--compilation aborted at /usr/lib/perl5/5.28.1/Tie/Hash.pm line 190.
    Compilation failed in require at /usr/lib/perl5/5.28.1/x86_64-linux/POSIX.pm line 505.
    Compilation failed in require at /usr/bin/decode-dimms line 41.
    BEGIN failed--compilation aborted at /usr/bin/decode-dimms line 41.
    root at qt5222:~# apt-get install perl-module-carp
    
    Signed-off-by: Ricardo Ribalda Delgado <ricardo at ribalda.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit a752faa152df031df5acaa40491299ac115109a4
Author: Ross Burton <ross.burton at intel.com>
Date:   Fri Oct 18 12:28:19 2019 +0100

    file: explicitly disable seccomp
    
    file will automatically enable seccomp if the seccomp headers are available, but
    the build will fail on Opensuse Tumbleweed because the include paths are wrong.
    
    Enabling seccomp is a bad idea because it interacts badly with pseudo (causing
    build failures), so explicitly and globally disable seccomp.
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 073c435644091c2801e45c6d02afa917de575082
Author: Eugene Smirnov <eu.smirnoff at gmail.com>
Date:   Fri Oct 18 13:16:14 2019 +0200

    wic/rawcopy: Support files in sub-directories
    
    If the source file is located in a subdirectory of DEPLOY_DIR
    rawcopy will currently fail in sparse_copy function on
    open(dst_fname, 'wb'), as the parent directory for destination
    file does not exist.
    
    This patch helps to avoid that by recursively creating
    parent directories.
    
    Signed-off-by: Eugene Smirnov <evgenii.smirnov at here.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 8bd4b87071c073a0e4d265bc00df34684a355eff
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date:   Fri Oct 18 15:10:01 2019 +0800

    openssh: fix CVE-2019-16905
    
    Backport a patch from upstream to fix CVE-2019-16905
    https://github.com/openssh/openssh-portable/commit/a546b17bbaeb12beac4c9aeed56f74a42b18a93a
    
    Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit a1c95580549cb4f77601e62c7f026b19c752d853
Author: Stefan Agner <stefan.agner at toradex.com>
Date:   Fri Oct 11 11:06:59 2019 +0200

    uninative: check .done file instead of tarball
    
    In case multiple builds share UNINATIVE_DLDIR's location, one build
    might be in the process of downloading the tarball while another is
    just checking whether the tarball exists. Check for the done file
    instead and rely on the fetchers lockfile mechanism in case two
    builds are running.
    
    Signed-off-by: Stefan Agner <stefan.agner at toradex.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit b0efd8d4d0dbc30e6505b42f5603f18fa764d732
Author: Ross Burton <ross.burton at intel.com>
Date:   Mon Oct 14 12:42:57 2019 +0100

    sanity: check the format of SDK_VENDOR
    
    If SDK_VENDOR isn't formatted as -foosdk and is instead for example -foo-sdk
    then the triple that are constructed are not in fact triples, which results in
    mysterious compile errors.
    
    Check in sanity.bbclass so this failure is detected early.
    
    [ YOCTO #13573 ]
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 70b9cdf86b9c5ed14937500619387a890a57ef20
Author: Yi Zhao <yi.zhao at windriver.com>
Date:   Mon Oct 14 14:43:15 2019 +0800

    libsdl2: fix CVE-2019-13616
    
    Reference:
    https://nvd.nist.gov/vuln/detail/CVE-2019-13616
    
    Patch from:
    https://hg.libsdl.org/SDL/rev/e7ba650a643a
    
    Signed-off-by: Yi Zhao <yi.zhao at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 5b7e78f6389e1659cbf22499e17ef34b2b813a08
Author: Alistair Francis <alistair.francis at wdc.com>
Date:   Mon Oct 14 17:43:17 2019 -0700

    qemuriscv64: Build smode U-Boot
    
    Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 460f877adbfaf2ae980228c9d545886f82656c38
Author: Alistair Francis <alistair.francis at wdc.com>
Date:   Mon Oct 14 17:43:16 2019 -0700

    u-boot: Bump from 2019.07 to 2019.10
    
    Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 927e16e289292d7bc4dad10d0ed722d8705fff48
Author: Alistair Francis <alistair.francis at wdc.com>
Date:   Mon Oct 14 17:42:19 2019 -0700

    opensbi: Bump from 0.4 to 0.5
    
    Signed-off-by: Alistair Francis <alistair.francis at wdc.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit e72cd2950b38a5fc45908c9601679e601cf60559
Author: Robert Yang <liezhi.yang at windriver.com>
Date:   Tue Oct 15 11:08:12 2019 +0800

    bluez5: Fix for --enable-btpclient
    
    Fixed:
    PACKAGECONFIG_append_pn-bluez5 = ' btpclient'
    
    $ bitbake bluez5
    btpclient.c:2834:7: error: 'SIGINT' undeclared (first use in this function)
    
    Signed-off-by: Robert Yang <liezhi.yang at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 586c045eb81b79200b46bf743f5d3fdb5f68c12d
Author: Wenlin Kang <wenlin.kang at windriver.com>
Date:   Tue Oct 15 15:27:43 2019 +0800

    sysstat: fix CVE-2019-16167
    
    This commit is another part of CVE-2019-16167, please see
    https://github.com/sysstat/sysstat/issues/232.
    
    Signed-off-by: Wenlin Kang <wenlin.kang at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 427320d7621846d57649af46bf57c88f86cac612
Author: Mattias Hansson <mattias.hansson at axis.com>
Date:   Tue Oct 15 10:00:15 2019 +0200

    base.bbclass: add dependency on pseudo from do_prepare_recipe_sysroot
    
    do_prepare_recipe_sysroot may perform groupadd, which requires pseudo.
    However, do_prepare_recipe_sysroot does not depend on pseudo explicitly,
    which sometimes causes a build error when building a recipe that adds
    groups.
    
    This issue only occurs when executing do_prepare_recipe_sysroot for a
    recipe that adds groups before finishing a task that depends on pseudo
    for a recipe that doesn't add groups.
    
    Signed-off-by: Mattias Hansson <mattihn at axis.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

-----------------------------------------------------------------------

Summary of changes:
 ...pell_0.60.7.bbappend => aspell_0.60.8.bbappend} |   0
 meta/classes/base.bbclass                          |   1 +
 meta/classes/sanity.bbclass                        |   5 +
 meta/classes/systemd.bbclass                       |   6 +-
 meta/classes/testimage.bbclass                     |  18 ++++
 meta/classes/uninative.bbclass                     |   2 +-
 meta/conf/machine/qemuriscv64.conf                 |   2 +-
 meta/lib/oeqa/core/decorator/data.py               |  18 ++++
 meta/lib/oeqa/runtime/cases/df.py                  |   2 +-
 meta/lib/oeqa/runtime/cases/opkg.py                |   4 +-
 meta/lib/oeqa/runtime/cases/systemd.py             |  16 ++-
 .../opensbi/{opensbi_0.4.bb => opensbi_0.5.bb}     |   2 +-
 .../u-boot/files/0001-CVE-2019-13103.patch         |  69 -------------
 ...001-include-env.h-Ensure-ulong-is-defined.patch |  31 ++++++
 .../u-boot/files/0002-CVE-2019-13104.patch         |  49 ----------
 .../u-boot/files/0003-CVE-2019-13105.patch         |  37 -------
 .../u-boot/files/0004-CVE-2019-13106.patch         |  56 -----------
 .../files/0005-CVE-2019-14192-14193-14199.patch    |  43 --------
 ...-2019-14197-14200-14201-14202-14203-14204.patch |  44 ---------
 .../u-boot/files/0007-CVE-2019-14194-14198.patch   |  42 --------
 .../u-boot/files/0008-CVE-2019-14195.patch         |  42 --------
 .../u-boot/files/0009-CVE-2019-14196.patch         |  48 ---------
 meta/recipes-bsp/u-boot/u-boot-common.inc          |  13 +--
 ...utils_2019.07.bb => u-boot-fw-utils_2019.10.bb} |   2 +
 ...ot-tools_2019.07.bb => u-boot-tools_2019.10.bb} |   0
 .../{u-boot_2019.07.bb => u-boot_2019.10.bb}       |   0
 meta/recipes-connectivity/bluez5/bluez5.inc        |   1 +
 .../0001-tools-btpclient.c-include-signal.h.patch  |  30 ++++++
 ...x-integer-overflow-in-XMSS-private-key-pa.patch |  40 ++++++++
 meta/recipes-connectivity/openssh/openssh_8.0p1.bb |   1 +
 meta/recipes-devtools/file/file_5.37.bb            |   2 +
 meta/recipes-devtools/i2c-tools/i2c-tools_4.1.bb   |   1 +
 .../python/python-native/debug.patch               |  32 ------
 .../python/python-native_2.7.16.bb                 |   1 -
 .../python/python3/python3-manifest.json           |   3 +-
 meta/recipes-devtools/qemu/qemu.inc                |   1 +
 .../qemu/qemu/CVE-2019-12068.patch                 | 108 +++++++++++++++++++++
 meta/recipes-extended/gawk/gawk_5.0.1.bb           |   4 +-
 ...ory-corruption-bug-due-to-Integer-Overflo.patch |  46 +++++++++
 meta/recipes-extended/sysstat/sysstat_12.1.6.bb    |   4 +-
 ...538-validate-image-size-when-loading-BMP-.patch |  34 +++++++
 meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb    |   1 +
 .../aspell/{aspell_0.60.7.bb => aspell_0.60.8.bb}  |   6 +-
 scripts/lib/wic/plugins/source/rawcopy.py          |   3 +
 44 files changed, 377 insertions(+), 493 deletions(-)
 rename meta-selftest/recipes-test/aspell/{aspell_0.60.7.bbappend => aspell_0.60.8.bbappend} (100%)
 rename meta/recipes-bsp/opensbi/{opensbi_0.4.bb => opensbi_0.5.bb} (97%)
 delete mode 100644 meta/recipes-bsp/u-boot/files/0001-CVE-2019-13103.patch
 create mode 100644 meta/recipes-bsp/u-boot/files/0001-include-env.h-Ensure-ulong-is-defined.patch
 delete mode 100644 meta/recipes-bsp/u-boot/files/0002-CVE-2019-13104.patch
 delete mode 100644 meta/recipes-bsp/u-boot/files/0003-CVE-2019-13105.patch
 delete mode 100644 meta/recipes-bsp/u-boot/files/0004-CVE-2019-13106.patch
 delete mode 100644 meta/recipes-bsp/u-boot/files/0005-CVE-2019-14192-14193-14199.patch
 delete mode 100644 meta/recipes-bsp/u-boot/files/0006-CVE-2019-14197-14200-14201-14202-14203-14204.patch
 delete mode 100644 meta/recipes-bsp/u-boot/files/0007-CVE-2019-14194-14198.patch
 delete mode 100644 meta/recipes-bsp/u-boot/files/0008-CVE-2019-14195.patch
 delete mode 100644 meta/recipes-bsp/u-boot/files/0009-CVE-2019-14196.patch
 rename meta/recipes-bsp/u-boot/{u-boot-fw-utils_2019.07.bb => u-boot-fw-utils_2019.10.bb} (93%)
 rename meta/recipes-bsp/u-boot/{u-boot-tools_2019.07.bb => u-boot-tools_2019.10.bb} (100%)
 rename meta/recipes-bsp/u-boot/{u-boot_2019.07.bb => u-boot_2019.10.bb} (100%)
 create mode 100644 meta/recipes-connectivity/bluez5/bluez5/0001-tools-btpclient.c-include-signal.h.patch
 create mode 100644 meta/recipes-connectivity/openssh/openssh/0001-upstream-fix-integer-overflow-in-XMSS-private-key-pa.patch
 delete mode 100644 meta/recipes-devtools/python/python-native/debug.patch
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-12068.patch
 create mode 100644 meta/recipes-extended/sysstat/sysstat/0001-Fix-232-Memory-corruption-bug-due-to-Integer-Overflo.patch
 create mode 100644 meta/recipes-graphics/libsdl2/libsdl2/0001-Fixed-bug-4538-validate-image-size-when-loading-BMP-.patch
 rename meta/recipes-support/aspell/{aspell_0.60.7.bb => aspell_0.60.8.bb} (85%)


hooks/post-receive
-- 



More information about the yocto-security mailing list