[yocto-security] [OE-core CVE] branch warrior updated. 2019-04-242-g14f04e6
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Wed Oct 30 06:48:18 PDT 2019
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, warrior has been updated
via 14f04e6b6c1fa40a1c39cd186627b4b8442f2d5e (commit)
via 5fc9b154754e67553296a00a39ed16ab6a1d59de (commit)
via 650dd9486d6e5410665d5376be30732c7625396d (commit)
via a981d9b753a13e100af1f654fb3384f0bcda0b65 (commit)
via 041fb2743a94d7fb065b073efbe5fe5cf46cde53 (commit)
via 23d48f2bea2d358bd8d7d4efd07792bc1f3666bd (commit)
via 49ff6c7ef1d366007c49083f4e5faaf5a9eb086f (commit)
via f83ecbabb911c46de77708ede759a0b768928ea2 (commit)
via e73d5bb4a21497ed645e2a0a4b88c2eeaf65080a (commit)
via fe2d5b0d56201110323911d206243fdcc7f80115 (commit)
via 132fb930109f4930acfc8524bcc40faa3ba6d3d9 (commit)
via 2b7444e41e47e462a8aae0e3e1e95b04cdbaff22 (commit)
via f5ae4010dd29484627a169b8ab02b1012d1dd1d4 (commit)
via a45a6e12d6ce3a531ad924d3e548de8a95055866 (commit)
via 61eed761a51fcb5ac293b76b4dc6edbd6dbbb32f (commit)
via 6c2c6bed0bd5f0a303b9aacfab7db6daec3ee878 (commit)
via 47196abf511d96d9d6c6b561430dc1827484c742 (commit)
via c5d2ca323a255f09c7b3378af5956671205867f4 (commit)
via 6ab0206b8252755367f2357f49007dd78336fec0 (commit)
from b6e17afc06d7a44dc9774ee98de7f186580ddf0d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 14f04e6b6c1fa40a1c39cd186627b4b8442f2d5e
Author: Armin Kuster <akuster808 at gmail.com>
Date: Tue Oct 29 10:47:32 2019 +0100
qemu: update to 3.1.1.1
bug fix only update.
Drop patches included in update.
For full set of changes, see: https://git.qemu.org/?p=qemu.git;a=shortlog;h=refs/tags/v3.1.1.1
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 5fc9b154754e67553296a00a39ed16ab6a1d59de
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Tue Oct 29 10:47:31 2019 +0100
go: fix CVE-2019-16276
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit e31f87e289dfd3bbca961e927447a9c7ba816d3f)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit e02e8fa2e82cceaaa6a433466f52f97b0984762a)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 650dd9486d6e5410665d5376be30732c7625396d
Author: Changqing Li <changqing.li at windriver.com>
Date: Tue Oct 29 10:47:30 2019 +0100
sudo: fix CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer
account can bypass certain policy blacklists and session PAM modules,
and can cause incorrect logging, by invoking sudo with a crafted user
ID. For example, this allows bypass of !root configuration, and USER=
logging, for a "sudo -u \#$((0xffffffff))" command.
Signed-off-by: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit 4e11cd561f2bdaa6807cf02ee7c9870881826308)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit b1e0149c41e3c344a0496e64ab3b0c9dd4685ea4)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit a981d9b753a13e100af1f654fb3384f0bcda0b65
Author: Yi Zhao <yi.zhao at windriver.com>
Date: Tue Oct 29 10:47:29 2019 +0100
libgcrypt: fix CVE-2019-12904
In Libgcrypt 1.8.4, the C implementation of AES is vulnerable to a
flush-and-reload side-channel attack because physical addresses are
available to other processes. (The C implementation is used on platforms
where an assembly-language implementation is unavailable.)
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2019-12904
Patches from:
https://github.com/gpg/libgcrypt/commit/1374254c2904ab5b18ba4a890856824a102d4705
https://github.com/gpg/libgcrypt/commit/daedbbb5541cd8ecda1459d3b843ea4d92788762
https://github.com/gpg/libgcrypt/commit/a4c561aab1014c3630bc88faf6f5246fee16b020
Signed-off-by: Yi Zhao <yi.zhao at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit 37e390ff05b6a4509019db358ed496731d80cc51)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit 4c207cb1ad46c0d2005ab3eae70d78c937e084b5)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 041fb2743a94d7fb065b073efbe5fe5cf46cde53
Author: George McCollister <george.mccollister at gmail.com>
Date: Tue Oct 29 10:47:28 2019 +0100
openssl: make OPENSSL_ENGINES match install path
Set OPENSSL_ENGINES to the path where engines are actually installed.
Signed-off-by: George McCollister <george.mccollister at gmail.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit 59565fec0b3f3e24eb01c03b671913599cd3134d)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit 578f41124565a7cda738c7fe3d25702ee41b08ed)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 23d48f2bea2d358bd8d7d4efd07792bc1f3666bd
Author: Changqing Li <changqing.li at windriver.com>
Date: Tue Oct 29 10:47:27 2019 +0100
python: Fix CVE-2019-10160
Signed-off-by: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit b4240b585d7fcac2fdbf33a8e72d48cb732eb696)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit 10d87a3085665a959a5fda64ae3895cb27ddf343)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 49ff6c7ef1d366007c49083f4e5faaf5a9eb086f
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Tue Oct 29 10:47:26 2019 +0100
python: CVE-2019-16056
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
(cherry picked from commit 27be9cf71a6fe906a23e81b56f1cc18a6fc9ef97)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit f83ecbabb911c46de77708ede759a0b768928ea2
Author: Yi Zhao <yi.zhao at windriver.com>
Date: Tue Oct 29 10:47:25 2019 +0100
python: add tk-lib as runtime dependency for python-tkinter
Fixes:
ERROR: python-2.7.16-r0 do_package_qa: QA Issue:
/usr/lib/python2.7/lib-dynload/_tkinter.so contained in package
python-tkinter requires libtk8.6.so, but no providers found in
RDEPENDS_python-tkinter? [file-rdeps]
Signed-off-by: Yi Zhao <yi.zhao at windriver.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
(cherry picked from commit f78248a2380bbbbf271b5bb02c762f5bc7a3a92e)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit e73d5bb4a21497ed645e2a0a4b88c2eeaf65080a
Author: Anuj Mittal <anuj.mittal at intel.com>
Date: Tue Oct 29 10:47:24 2019 +0100
python: include CVE patches for python-native as well
Also avoids maintaining a different set of patches for both.
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit b3b1c00cc46b33ddbf7e008267032220e1e298af)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit fe2d5b0d56201110323911d206243fdcc7f80115
Author: Muminul Islam <misla011 at fiu.edu>
Date: Tue Oct 29 10:47:23 2019 +0100
libcroco: Fix two CVEs
CVE: CVE-2017-8834 CVE-2017-8871
Signed-off-by: Muminul Islam <muislam at microsoft.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 132fb930109f4930acfc8524bcc40faa3ba6d3d9
Author: Alexander Kanavin <alex.kanavin at gmail.com>
Date: Tue Oct 29 10:47:22 2019 +0100
linux-yocto: add drm-bochs support
This allows better modesetting support for the '-vga std'
emulated hardware provided by Qemu, which we want to
standardize on.
See here for background:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=13466
(From OE-Core rev: 569d3f5d0454ed31f2f6df29f1703246a3dcd715)
Signed-off-by: Alexander Kanavin <alex.kanavin at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 2b7444e41e47e462a8aae0e3e1e95b04cdbaff22
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date: Tue Oct 29 10:47:21 2019 +0100
linux-yocto/4.19: make drm-bochs feature available
The other active kernel versions have this feature available. To
consistently enable the same video output for qemu, we can cherry
pick the feature to 4.19.
(From OE-Core rev: a777e0f34e106455f963bd58fd8728a16c588c4d)
Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit f5ae4010dd29484627a169b8ab02b1012d1dd1d4
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date: Tue Oct 29 10:47:20 2019 +0100
kernel-yocto: import security fragments from meta-security
Adding the following fragments from meta-security to make them
centrally available and easier to maintain:
283939d5c9e kernel-cache: add yama security fragments
0b86f3fa241 kernel-cache: add ima fragments
731b466654d kernel-cache: add smack
813afe8ff47 kernel-cache: add apparmor fragments
(From OE-Core rev: 3063d64984e993d3e7dc2f4c80fb74005f5d6d7e)
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit a45a6e12d6ce3a531ad924d3e548de8a95055866
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date: Tue Oct 29 10:47:19 2019 +0100
linux-yocto: arch/x86/boot: use prefix map to avoid embedded paths
>From the kernel patch:
[
It was observed that the kernel embeds the path in the x86 boot
artifacts.
From https://bugzilla.yoctoproject.org/show_bug.cgi?id=13458:
[
If you turn on the buildpaths QA test, or try a reproducible build, you
discover that the kernel image contains build paths.
$ strings bzImage-5.0.19-yocto-standard |grep tmp/
out of pgt_buf in
/data/poky-tmp/reproducible/tmp/work-shared/qemux86-64/kernel-source/arch/x86/boot/compressed/kaslr_64.c!?
But what's this in the top-level Makefile:
$ git grep prefix-map
Makefile:KBUILD_CFLAGS += $(call
cc-option,-fmacro-prefix-map=$(srctree)/=)
So the __FILE__ shouldn't be using the full path. However
arch/x86/boot/compressed/Makefile has this:
KBUILD_CFLAGS := -m$(BITS) -O2
So that clears KBUILD_FLAGS, removing the -fmacro-prefix-map option.
]
Other architectures do not clear the flags, but instead prune before
adding boot or specific options. There's no obvious reason why x86 isn't
doing the same thing (pruning vs clearing) and no build or boot issues
have been observed.
So we make x86 can do the same thing, and we no longer have embedded paths.
]
This issue has been reported upstream, and a patch submission is
pending, but for now, we'll soak the proposed patch in linux-yocto to
see if any issues are found
[YOCTO: #13458]
(From OE-Core rev: 78b0ff5960814af935a8089ec49c51d76f148149)
Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 61eed761a51fcb5ac293b76b4dc6edbd6dbbb32f
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date: Tue Oct 29 10:47:18 2019 +0100
linux-yocto: bsp/beaglebone: support qemu -machine virt
While we don't normally do a dual h/w and virt BSP (since they
tend to have conflicting requirements over time). A minimal overhead
option to do this was submitted to linux-yocto. Since it has no
impact on the h/w reference, has SDK testing value and can serve
as a template on how to do this for other arm boards, it is worth
making the configuration available.
The original commit log follows:
[
If the kernel supports Qemu's virt machine, runqemu works almost for free.
The device tree for machine virt is included in Qemu, which simplifies
everything quite a bit.
This change adds ARCH_VIRT=y and some drivers to the beaglebone kernel
configuration which allows to:
export MACHINE="beaglebone-yocto"
bitbake core-image-minimale
runqemu
This also works out of an eSDK. Whithout this feature usually two
different SDKs need to be compiled and maintained. One SDK is used for development
in Qemu, another one is used to develop for the real target hardware.
Signed-off-by: Adrian Freihofer <adrian.freihofer at siemens.com>
]
(From OE-Core rev: cc1fca6d464775daa15032f11c02d16b99759407)
Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 6c2c6bed0bd5f0a303b9aacfab7db6daec3ee878
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date: Tue Oct 29 10:47:17 2019 +0100
linux-yocto/5.0: make scsi-debug include scsi core configs
Updating the scsi-debug fragment to include the core scsi config
options. This allows standalone use of the fragment, since all
supporting options will be enabled simply by including the top
level config in a BSP.
This also removes a configuration warning on qemuarm, since we
will no longer have missing / unavailable options during the
config audit.
(From OE-Core rev: c65826e96a77928938fef69fc0cbc65ec7431cb2)
Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 47196abf511d96d9d6c6b561430dc1827484c742
Author: Bruce Ashfield <bruce.ashfield at gmail.com>
Date: Tue Oct 29 10:47:16 2019 +0100
linux-yocto/5.0: bsp: add basic xilinx zynqmp support
Zumeng Chen has added core/basic support for the zynqmp that is bootable
using the 5.0 and 5.2-rcX kernels. This makes the fragments available
for future refinement and factoring. A bootlog follows:
ZynqMP> setenv bootargs console=ttyPS0,115200 root=/dev/mmcblk0p3 rw
rootwait earlycon=cdns,mmio,0xFF000000 clk_ignore_unused ip=dhcp
ZynqMP> tftpboot 0x10000000 Image; tftpboot 0x11800000 dtb; booti
0x10000000 - 0x11800000
Using ethernet at ff0e0000 device
Filename 'Image'.
Load address: 0x10000000
Loading:
###########
11.3 MiB/s
done
Bytes transferred = 16378368 (f9ea00 hex)
Using ethernet at ff0e0000 device
TFTP from server 128.224.162.211; our IP address is 128.224.162.99
Filename 'dtb'.
Load address: 0x11800000
Loading: ##
4.7 MiB/s
done
Bytes transferred = 19746 (4d22 hex)
Booting using the fdt blob at 0x11800000
Loading Device Tree to 0000000007ff8000, end 0000000007fffd21 ... OK
Starting kernel ...
Booting Linux on physical CPU 0x0000000000 [0x410fd034]
Linux version 5.2.0-rc3-yoctodev-standard (oe-user at oe-host) (gcc version
9.1.0 (GCC)) #1 SMP PREEMPT Thu Jun 6 00:53:26 UTC 2019
Machine model: ZynqMP ZCU102 Rev1.0
earlycon: cdns0 at MMIO 0x00000000ff000000 (options '')
printk: bootconsole [cdns0] enabled
efi: Getting EFI parameters from FDT:
efi: UEFI not found.
cma: Reserved 16 MiB at 0x000000007ec00000
psci: probing for conduit method from DT.
psci: PSCIv1.1 detected in firmware.
psci: Using standard PSCI v0.2 function IDs
psci: MIGRATE_INFO_TYPE not supported.
psci: SMC Calling Convention v1.1
percpu: Embedded 30 pages/cpu s83416 r8192 d31272 u122880
Detected VIPT I-cache on CPU0
CPU features: detected: ARM erratum 845719
Speculative Store Bypass Disable mitigation not required
Built 1 zonelists, mobility grouping on. Total pages: 1031940
Kernel command line: console=ttyPS0,115200 root=/dev/mmcblk0p3 rw
rootwait earlycon=cdns,mmio,0xFF000000 clk_ignore_unused ip=dhcp
Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
software IO TLB: mapped [mem 0x7ac00000-0x7ec00000] (64MB)
Memory: 4013572K/4193280K available (10748K kernel code, 1210K rwdata,
2764K rodata, 1216K init, 757K bss, 163324K reserved, 16384K
cma-reserved)
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
ftrace: allocating 36121 entries in 142 pages
rcu: Preemptible hierarchical RCU implementation.
rcu: RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=4.
Tasks RCU enabled.
rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4
NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
GIC: Adjusting CPU interface base to 0x00000000f902f000
GIC: Using split EOI/Deactivate mode
random: get_random_bytes called from start_kernel+0x328/0x4c4 with
crng_init=0
arch_timer: cp15 timer(s) running at 99.99MHz (phys).
clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles:
0x170f8de2d3, max_idle_ns: 440795206112 ns
sched_clock: 56 bits at 99MHz, resolution 10ns, wraps every
4398046511101ns
Console: colour dummy device 80x25
Calibrating delay loop (skipped), value calculated using timer
frequency.. 199.98 BogoMIPS (lpj=399960)
pid_max: default: 32768 minimum: 301
LSM: Security Framework initializing
Mount-cache hash table entries: 8192 (order: 4, 65536 bytes)
Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes)
*** VALIDATE proc ***
*** VALIDATE cgroup1 ***
*** VALIDATE cgroup2 ***
ASID allocator initialised with 32768 entries
rcu: Hierarchical SRCU implementation.
EFI services will not be available.
smp: Bringing up secondary CPUs ...
Detected VIPT I-cache on CPU1
CPU1: Booted secondary processor 0x0000000001 [0x410fd034]
Detected VIPT I-cache on CPU2
CPU2: Booted secondary processor 0x0000000002 [0x410fd034]
Detected VIPT I-cache on CPU3
CPU3: Booted secondary processor 0x0000000003 [0x410fd034]
smp: Brought up 1 node, 4 CPUs
SMP: Total of 4 processors activated.
CPU features: detected: 32-bit EL0 Support
CPU features: detected: CRC32 instructions
CPU: All CPU(s) started at EL2
alternatives: patching kernel code
devtmpfs: initialized
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff,
max_idle_ns: 7645041785100000 ns
futex hash table entries: 1024 (order: 4, 65536 bytes)
xor: measuring software checksum speed
8regs : 2360.000 MB/sec
32regs : 2706.000 MB/sec
arm64_neon: 2018.000 MB/sec
xor: using function: 32regs (2706.000 MB/sec)
DMI not present or invalid.
NET: Registered protocol family 16
cpuidle: using governor ladder
hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
DMA: preallocated 256 KiB pool for atomic allocations
��ɥ��ѭ console [ttyPS0] enabled 0xff000000 (irq = 33, base_baud =
6250000) is a xuartps
printk: console [ttyPS0] enabled
printk: bootconsole [cdns0] disabled
printk: bootconsole [cdns0] disabled
ff010000.serial: ttyPS1 at MMIO 0xff010000 (irq = 34, base_baud =
6250000) is a xuartps
HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages
HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages
raid6: neonx8 gen() 1518 MB/s
raid6: neonx8 xor() 1442 MB/s
raid6: neonx4 gen() 1471 MB/s
raid6: neonx4 xor() 1409 MB/s
raid6: neonx2 gen() 1128 MB/s
raid6: neonx2 xor() 1175 MB/s
raid6: neonx1 gen() 737 MB/s
raid6: neonx1 xor() 887 MB/s
raid6: int64x8 gen() 1166 MB/s
raid6: int64x8 xor() 763 MB/s
raid6: int64x4 gen() 983 MB/s
raid6: int64x4 xor() 739 MB/s
raid6: int64x2 gen() 683 MB/s
raid6: int64x2 xor() 601 MB/s
raid6: int64x1 gen() 452 MB/s
raid6: int64x1 xor() 462 MB/s
raid6: using algorithm neonx8 gen() 1518 MB/s
raid6: .... xor() 1442 MB/s, rmw enabled
raid6: using neon recovery algorithm
vgaarb: loaded
SCSI subsystem initialized
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
media: Linux media interface: v0.10
videodev: Linux video capture interface: v2.00
pps_core: LinuxPPS API ver. 1 registered
pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti
<giometti at linux.it>
PTP clock support registered
EDAC MC: Ver: 3.0.0
FPGA manager framework
clocksource: Switched to clocksource arch_sys_counter
*** VALIDATE hugetlbfs ***
NET: Registered protocol family 2
tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768
bytes)
TCP established hash table entries: 32768 (order: 6, 262144 bytes)
TCP bind hash table entries: 32768 (order: 7, 524288 bytes)
TCP: Hash tables configured (established 32768 bind 32768)
UDP hash table entries: 2048 (order: 4, 65536 bytes)
UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes)
NET: Registered protocol family 1
RPC: Registered named UNIX socket transport module.
RPC: Registered udp transport module.
RPC: Registered tcp transport module.
RPC: Registered tcp NFSv4.1 backchannel transport module.
PCI: CLS 0 bytes, default 64
hw perfevents: no interrupt-affinity property for /pmu, guessing.
hw perfevents: enabled with armv8_pmuv3 PMU driver, 7 counters available
kprobes: failed to populate blacklist: -22
Please take care of using kprobes.
workingset: timestamp_bits=46 max_order=20 bucket_order=0
NFS: Registering the id_resolver key type
Key type id_resolver registered
Key type id_legacy registered
jffs2: version 2.2. �© 2001-2006 Red Hat, Inc.
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 246)
io scheduler mq-deadline registered
io scheduler kyber registered
nwl-pcie fd0e0000.pcie: Link is DOWN
nwl-pcie fd0e0000.pcie: host bridge /amba/pcie at fd0e0000 ranges:
nwl-pcie fd0e0000.pcie: MEM 0xe0000000..0xefffffff -> 0xe0000000
nwl-pcie fd0e0000.pcie: MEM 0x600000000..0x7ffffffff -> 0x600000000
nwl-pcie fd0e0000.pcie: PCI host bridge to bus 0000:00
pci_bus 0000:00: root bus resource [bus 00-ff]
pci_bus 0000:00: root bus resource [mem 0xe0000000-0xefffffff]
pci_bus 0000:00: root bus resource [mem 0x600000000-0x7ffffffff pref]
pci 0000:00:00.0: [10ee:d021] type 01 class 0x060400
pci 0000:00:00.0: PME# supported from D0 D1 D2 D3hot
pci 0000:00:00.0: PCI bridge to [bus 01-0c]
pcieport 0000:00:00.0: PME: Signaling with IRQ 37
xilinx-zynqmp-dma fd500000.dma: ZynqMP DMA driver Probe success
xilinx-zynqmp-dma fd510000.dma: ZynqMP DMA driver Probe success
xilinx-zynqmp-dma fd520000.dma: ZynqMP DMA driver Probe success
xilinx-zynqmp-dma fd530000.dma: ZynqMP DMA driver Probe success
xilinx-zynqmp-dma fd540000.dma: ZynqMP DMA driver Probe success
xilinx-zynqmp-dma fd550000.dma: ZynqMP DMA driver Probe success
xilinx-zynqmp-dma fd560000.dma: ZynqMP DMA driver Probe success
xilinx-zynqmp-dma fd570000.dma: ZynqMP DMA driver Probe success
cacheinfo: Unable to detect cache hierarchy for CPU 0
brd: module loaded
loop: module loaded
ahci-ceva fd0c0000.ahci: AHCI 0001.0301 32 slots 2 ports 6 Gbps 0x3 impl
platform mode
ahci-ceva fd0c0000.ahci: flags: 64bit ncq sntf pm clo only pmp fbs pio
slum part ccc sds apst
scsi host0: ahci-ceva
scsi host1: ahci-ceva
ata1: SATA max UDMA/133 mmio [mem 0xfd0c0000-0xfd0c1fff] port 0x100 irq
31
ata2: SATA max UDMA/133 mmio [mem 0xfd0c0000-0xfd0c1fff] port 0x180 irq
31
libphy: Fixed MDIO Bus: probed
CAN device driver interface
libphy: MACB_mii_bus: probed
Generic PHY ff0e0000.ethernet-ffffffff:0c: attached PHY driver [Generic
PHY] (mii_bus:phy_addr=ff0e0000.ethernet-ffffffff:0c, irq=POLL)
macb ff0e0000.ethernet eth0: Cadence GEM rev 0x50070106 at 0xff0e0000
irq 20 (00:0a:35:04:9a:86)
dwc3 fe200000.usb: Failed to get clk 'ref': -2
dwc3 fe200000.usb: Configuration mismatch. dr_mode forced to host
xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 1
xhci-hcd xhci-hcd.0.auto: hcc params 0x0238f625 hci version 0x100 quirks
0x0000000002010010
xhci-hcd xhci-hcd.0.auto: irq 35, io mem 0xfe200000
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 1 port detected
xhci-hcd xhci-hcd.0.auto: xHCI Host Controller
xhci-hcd xhci-hcd.0.auto: new USB bus registered, assigned bus number 2
xhci-hcd xhci-hcd.0.auto: Host supports USB 3.0 SuperSpeed
usb usb2: We don't know the algorithms for LPM for this host, disabling
LPM.
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 1 port detected
usbcore: registered new interface driver usb-storage
rtc_zynqmp ffa60000.rtc: registered as rtc0
pca953x 0-0020: 0-0020 supply vcc not found, using dummy regulator
GPIO line 322 (sel0) hogged as output/low
GPIO line 323 (sel1) hogged as output/high
GPIO line 324 (sel2) hogged as output/high
GPIO line 325 (sel3) hogged as output/high
pca953x 0-0021: 0-0021 supply vcc not found, using dummy regulator
cdns-i2c ff020000.i2c: 400 kHz mmio ff020000 irq 22
cdns-i2c ff030000.i2c: 400 kHz mmio ff030000 irq 23
i2c i2c-0: Added multiplexed i2c bus 2
i2c i2c-0: Added multiplexed i2c bus 3
i2c i2c-0: Added multiplexed i2c bus 4
i2c i2c-0: Added multiplexed i2c bus 5
pca954x 0-0075: registered 4 multiplexed busses for I2C mux pca9544
at24 6-0054: 1024 byte 24c08 EEPROM, writable, 1 bytes/write
i2c i2c-1: Added multiplexed i2c bus 6
i2c i2c-7: of_i2c: modalias failure on
/amba/i2c at ff030000/i2c-mux at 74/i2c at 1/clock-generator at 36
i2c i2c-7: Failed to create I2C device for
/amba/i2c at ff030000/i2c-mux at 74/i2c at 1/clock-generator at 36
i2c i2c-1: Added multiplexed i2c bus 7
si570 8-005d: registered, current frequency 300000000 Hz
i2c i2c-1: Added multiplexed i2c bus 8
si570 9-005d: clock registration failed
si570: probe of 9-005d failed with error -17
i2c i2c-1: Added multiplexed i2c bus 9
i2c i2c-10: of_i2c: modalias failure on
/amba/i2c at ff030000/i2c-mux at 74/i2c at 4/clock-generator at 69
i2c i2c-10: Failed to create I2C device for
/amba/i2c at ff030000/i2c-mux at 74/i2c at 4/clock-generator at 69
i2c i2c-1: Added multiplexed i2c bus 10
i2c i2c-1: Added multiplexed i2c bus 11
i2c i2c-1: Added multiplexed i2c bus 12
i2c i2c-1: Added multiplexed i2c bus 13
pca954x 1-0074: registered 8 multiplexed busses for I2C switch pca9548
i2c i2c-1: Added multiplexed i2c bus 14
i2c i2c-1: Added multiplexed i2c bus 15
i2c i2c-1: Added multiplexed i2c bus 16
i2c i2c-1: Added multiplexed i2c bus 17
i2c i2c-1: Added multiplexed i2c bus 18
i2c i2c-1: Added multiplexed i2c bus 19
i2c i2c-1: Added multiplexed i2c bus 20
i2c i2c-1: Added multiplexed i2c bus 21
pca954x 1-0075: registered 8 multiplexed busses for I2C switch pca9548
ina2xx 2-0040: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 2-0041: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 2-0042: power monitor ina226 (Rshunt = 5000 uOhm)
ata1: SATA link down (SStatus 0 SControl 330)
ina2xx 2-0043: power monitor ina226 (Rshunt = 5000 uOhm)
ata2: SATA link down (SStatus 0 SControl 330)
ina2xx 2-0044: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 2-0045: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 2-0046: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 2-0047: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 2-004a: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 2-004b: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 3-0040: power monitor ina226 (Rshunt = 2000 uOhm)
ina2xx 3-0041: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 3-0042: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 3-0043: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 3-0044: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 3-0045: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 3-0046: power monitor ina226 (Rshunt = 5000 uOhm)
ina2xx 3-0047: power monitor ina226 (Rshunt = 5000 uOhm)
cdns-wdt fd4d0000.watchdog: Xilinx Watchdog Timer at (____ptrval____)
with timeout 10s
device-mapper: ioctl: 4.40.0-ioctl (2019-01-18) initialised:
dm-devel at redhat.com
EDAC MC: ECC not enabled
cpu cpu0: failed to get clock: -2
cpufreq-dt: probe of cpufreq-dt failed with error -2
sdhci: Secure Digital Host Controller Interface driver
sdhci: Copyright(c) Pierre Ossman
sdhci-pltfm: SDHCI platform and OF driver helper
mmc0: SDHCI controller on ff170000.mmc [ff170000.mmc] using ADMA 64-bit
usbcore: registered new interface driver usbhid
usbhid: USB HID core driver
u32 classifier
Actions configured
NET: Registered protocol family 10
Segment Routing with IPv6
sit: IPv6, IPv4 and MPLS over IPv4 tunneling driver
NET: Registered protocol family 17
can: controller area network core (rev 20170425 abi 9)
NET: Registered protocol family 29
can: raw protocol (rev 20170425)
can: broadcast manager protocol (rev 20170425 t)
can: netlink gateway (rev 20170425) max_hops=1
Key type dns_resolver registered
registered taskstats version 1
Btrfs loaded, crc32c=crc32c-generic
Key type encrypted registered
printk: console [netcon0] enabled
netconsole: network logging started
rtc_zynqmp ffa60000.rtc: setting system clock to 2019-06-06T03:39:58 UTC
(1559792398)
macb ff0e0000.ethernet eth0: link up (1000/Full)
pps pps0: new PPS source ptp0
macb ff0e0000.ethernet: gem-ptp-timer ptp clock registered.
IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
mmc0: Problem switching card into high-speed mode!
mmc0: new SDHC card at address 0001
mmcblk0: mmc0:0001 SD16G 14.5 GiB
Sending DHCP requests .
mmcblk0: p1 p2 p3
, OK
IP-Config: Complete:
device=eth0, hwaddr=00:0a:35:04:9a:86, ipaddr=xxxxx,
mask=255.255.254.0
host=xxx, domain=corp.ad.wrs.com, nis-domain=swamp
bootserver=0.0.0.0, rootserver=0.0.0.0, rootpath=
clk: Not disabling unused clocks
md: Waiting for all devices to be available before autodetect
md: If you don't use raid, use raid=noautodetect
md: Autodetecting RAID arrays.
md: autorun ...
md: ... autorun DONE.
EXT4-fs (mmcblk0p3): mounted filesystem with ordered data mode. Opts:
(null)
VFS: Mounted root (ext4 filesystem) on device 179:3.
devtmpfs: mounted
Freeing unused kernel memory: 1216K
Run /sbin/init as init process
random: fast init done
systemd[1]: systemd 242-19-gdb2e367+ running in system mode. (+PAM
-AUDIT -SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP -LIBCRYPTSETUP
-GCRYPT -GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID -ELFUTILS +KMOD -IDN2 -IDN
-)
systemd[1]: Detected architecture arm64.
Welcome to Wind River Linux development 19.23 Update 0!
systemd[1]: Set hostname to <xilinx-zynqmp>.
random: systemd: uninitialized urandom read (16 bytes read)
systemd[1]: Initializing machine ID from random generator.
systemd[1]: Failed to bump fs.file-max, ignoring: Invalid argument
systemd[1]: /lib/systemd/system/dbus.socket:4: ListenStream= references
a path below legacy directory /var/run/, updating
/var/run/dbus/system_bus_socket �→ /run/dbus/system_bus_socket; please
update the unit f.
systemd[1]: /lib/systemd/system/rpcbind.socket:4: ListenStream=
references a path below legacy directory /var/run/, updating
/var/run/rpcbind.sock �→ /run/rpcbind.sock; please update the unit file
accordingly.
random: systemd: uninitialized urandom read (16 bytes read)
systemd[1]: Listening on Journal Socket (/dev/log).
[ OK ] Listening on Journal Socket (/dev/log).
random: systemd: uninitialized urandom read (16 bytes read)
systemd[1]: Listening on Syslog Socket.
[ OK ] Listening on Syslog Socket.
systemd[1]: Listening on udev Kernel Socket.
[ OK ] Listening on udev Kernel Socket.
[ OK ] Listening on udev Control Socket.
[ OK ] Created slice User and Session Slice.
[ OK ] Listening on initctl Compatibility Named Pipe.
[ OK ] Reached target Swap.
[ OK ] Created slice system-serial\x2dgetty.slice.
[ OK ] Reached target Slices.
[ OK ] Listening on Journal Socket.
Starting udev Coldplug all Devices...
Mounting POSIX Message Queue File System...
Mounting Temporary Directory (/tmp)...
Starting Journal Service...
Starting Remount Root and Kernel File Systems...
Mounting Kernel Debug File System...
EXT4-fs (mmcblk0p3): re-mounted. Opts: (null)
Starting Create list of re�…odes for the current kernel...
[ OK ] Started Forward Password R�…uests to Wall Directory Watch.
[ OK ] Reached target Remote File Systems.
[ OK ] Listening on Network Service Netlink Socket.
Starting Apply Kernel Variables...
[ OK ] Started Dispatch Password �…ts to Console Directory Watch.
[ OK ] Reached target Paths.
[ OK ] Created slice system-getty.slice.
Mounting Huge Pages File System...
[ OK ] Started Journal Service.
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Mounted Temporary Directory (/tmp).
[ OK ] Started Remount Root and Kernel File Systems.
[ OK ] Mounted Kernel Debug File System.
[ OK ] Started Create list of req�… nodes for the current kernel.
[ OK ] Started Apply Kernel Variables.
[ OK ] Mounted Huge Pages File System.
Starting Create System Users...
Starting Rebuild Hardware Database...
Starting Flush Journal to Persistent Storage...
[ OK ] Started udev Coldplug all Devices.
systemd-journald[148]: Received request to flush runtime journal from
PID 1
[ OK ] Started Flush Journal to Persistent Storage.
[ OK ] Started Create System Users.
Starting Create Static Device Nodes in /dev...
[ OK ] Started Create Static Device Nodes in /dev.
[ OK ] Reached target Local File Systems (Pre).
Mounting /var/volatile...
[ OK ] Mounted /var/volatile.
[ OK ] Reached target Local File Systems.
Starting Create Volatile Files and Directories...
Starting Load/Save Random Seed...
[ OK ] Started Load/Save Random Seed.
[ OK ] Started Create Volatile Files and Directories.
Starting Network Time Synchronization...
Starting Rebuild Journal Catalog...
Starting Update UTMP about System Boot/Shutdown...
Starting Run pending postinsts...
[ OK ] Started Update UTMP about System Boot/Shutdown.
[ OK ] Started Network Time Synchronization.
[ OK ] Reached target System Time Set.
[ OK ] Reached target System Time Synchronized.
[ OK ] Started Rebuild Journal Catalog.
[ OK ] Started Run pending postinsts.
[ OK ] Started Rebuild Hardware Database.
Starting udev Kernel Device Manager...
Starting Update is Completed...
[ OK ] Started Update is Completed.
[ OK ] Started udev Kernel Device Manager.
[ OK ] Reached target System Initialization.
Starting Console System Startup Logging...
[ OK ] Listening on RPCbind Server Activation Socket.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Listening on Avahi mDNS/DNS-SD Stack Activation Socket.
[ OK ] Listening on dropbear.socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
[ OK ] Started System Logging Service.
[ OK ] Started Dynamic Host Configuration Protocol (DHCP).
[ OK ] Started Kernel Logging Service.
Starting Login Service...
[ OK ] Started D-Bus System Message Bus.
[ OK ] Started Xserver startup without a display manager.
[ OK ] Started Daily Cleanup of Temporary Directories.
[ OK ] Reached target Timers.
Starting Telephony service...
Starting Network Service...
[ OK ] Started Console System Startup Logging.
[ OK ] Found device /dev/ttyPS0.
[ OK ] Listening on Load/Save RF �…itch Status /dev/rfkill Watch.
[ OK ] Started Network Service.
Starting Network Name Resolution...
[ OK ] Started Login Service.
[ OK ] Started Network Name Resolution.
[ OK ] Started Telephony service.
[ OK ] Reached target Network.
Starting Berkeley Internet Name Domain (DNS)...
Starting /etc/rc.local Compatibility...
Starting Permit User Sessions...
Starting Avahi mDNS/DNS-SD Stack...
[ OK ] Started /etc/rc.local Compatibility.
[ OK ] Started Permit User Sessions.
[ OK ] Started Getty on tty1.
[ OK ] Started Serial Getty on ttyPS0.
[ OK ] Started Avahi mDNS/DNS-SD Stack.
[ OK ] Started Berkeley Internet Name Domain (DNS).
[ OK ] Reached target Host and Network Name Lookups.
Wind River Linux development 19.23 Update 0 xilinx-zynqmp ttyPS0
xilinx-zynqmp login: root
root at xilinx-zynqmp:~# uname 0a
uname: extra operand '0a'
Try 'uname --help' for more information.
root at xilinx-zynqmp:~# uname -a
Linux xilinx-zynqmp 5.2.0-rc3-yoctodev-standard #1 SMP PREEMPT Thu Jun 6
00:53:26 UTC 2019 aarch64 aarch64 aarch64 GNU/Linux
(From OE-Core rev: b0dc58f535a27be6c649dcf336c7dc0cdb23d96b)
Signed-off-by: Zumeng Chen <zchen at windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit c5d2ca323a255f09c7b3378af5956671205867f4
Author: Zang Ruochen <zangrc.fnst at cn.fujitsu.com>
Date: Tue Oct 29 10:47:15 2019 +0100
gnutls:upgrade 3.6.7 -> 3.6.8
-Upgrade from gnutls_3.6.7.bb to gnutls_3.6.8.bb.
Signed-off-by: Zang Ruochen <zangrc.fnst at cn.fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit b34486a616ab4d4b30247a5dff58a18ef26ed709)
[Bug fix only update.
Including: CVE-2019-3836 CVE-2019-3829
https://lists.gnupg.org/pipermail/gnutls-help/2019-May/004527.html]
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 6ab0206b8252755367f2357f49007dd78336fec0
Author: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov at mentor.com>
Date: Tue Oct 29 10:47:14 2019 +0100
kernel.bbclass: fix installation of modules signing certificates
If one has provided external key/certificate for modules signing, Kbuild
will skip creating signing_key.pem and will write only signing_key.x509
certificate. Thus we have to check for .x509 file existence rather than
.pem one.
Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov at mentor.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
(cherry picked from commit 2527e731eba43bd36d0ea268aca6b03155376134)
Signed-off-by: Nicolas Dechesne <nicolas.dechesne at linaro.org>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/kernel.bbclass | 2 +-
.../recipes-connectivity/openssl/openssl_1.1.1b.bb | 2 +-
meta/recipes-devtools/go/go-1.12.inc | 1 +
...nch.go1.12-security-net-textproto-don-t-n.patch | 163 ++++++++++
meta/recipes-devtools/python/python.inc | 5 +
...55-Dont-parse-domains-containing-GH-13079.patch | 90 ++++++
.../python/python/bpo-36742-cve-2019-10160.patch | 81 +++++
meta/recipes-devtools/python/python3_3.7.4.bb | 2 +-
meta/recipes-devtools/python/python_2.7.16.bb | 9 +-
...qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} | 0
...tive_3.1.0.bb => qemu-system-native_3.1.1.1.bb} | 0
meta/recipes-devtools/qemu/qemu.inc | 14 +-
.../0001-egl-headless-add-egl_create_context.patch | 50 ----
.../qemu/qemu/0014-fix-CVE-2018-16872.patch | 85 ------
.../qemu/qemu/0015-fix-CVE-2018-20124.patch | 60 ----
.../qemu/qemu/0016-fix-CVE-2018-20125.patch | 54 ----
.../qemu/qemu/0017-fix-CVE-2018-20126.patch | 113 -------
.../qemu/qemu/0018-fix-CVE-2018-20191.patch | 47 ---
.../qemu/qemu/0019-fix-CVE-2018-20216.patch | 85 ------
.../qemu/qemu/CVE-2018-20815.patch | 38 ---
.../recipes-devtools/qemu/qemu/CVE-2019-3812.patch | 39 ---
.../recipes-devtools/qemu/qemu/CVE-2019-8934.patch | 215 -------------
.../qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} | 0
.../sudo/sudo/CVE-2019-14287-1.patch | 178 +++++++++++
.../sudo/sudo/CVE-2019-14287-2.patch | 112 +++++++
meta/recipes-extended/sudo/sudo_1.8.27.bb | 2 +
meta/recipes-kernel/linux/linux-yocto-dev.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-rt_4.19.bb | 4 +-
meta/recipes-kernel/linux/linux-yocto-rt_5.0.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto-tiny_4.19.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto-tiny_5.0.bb | 6 +-
meta/recipes-kernel/linux/linux-yocto_4.19.bb | 4 +-
meta/recipes-kernel/linux/linux-yocto_5.0.bb | 21 +-
.../gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} | 4 +-
.../libcroco/libcroco/CVE-2017-8834_71.patch | 38 +++
meta/recipes-support/libcroco/libcroco_0.6.12.bb | 1 +
.../files/0001-Prefetch-GCM-look-up-tables.patch | 90 ++++++
...ok-up-tables-to-.data-section-and-unshare.patch | 332 +++++++++++++++++++++
...ok-up-table-to-.data-section-and-unshare-.patch | 178 +++++++++++
meta/recipes-support/libgcrypt/libgcrypt_1.8.4.bb | 3 +
40 files changed, 1307 insertions(+), 831 deletions(-)
create mode 100644 meta/recipes-devtools/go/go-1.12/0001-release-branch.go1.12-security-net-textproto-don-t-n.patch
create mode 100644 meta/recipes-devtools/python/python/0001-2.7-bpo-34155-Dont-parse-domains-containing-GH-13079.patch
create mode 100644 meta/recipes-devtools/python/python/bpo-36742-cve-2019-10160.patch
rename meta/recipes-devtools/qemu/{qemu-native_3.1.0.bb => qemu-native_3.1.1.1.bb} (100%)
rename meta/recipes-devtools/qemu/{qemu-system-native_3.1.0.bb => qemu-system-native_3.1.1.1.bb} (100%)
delete mode 100644 meta/recipes-devtools/qemu/qemu/0001-egl-headless-add-egl_create_context.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0014-fix-CVE-2018-16872.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0015-fix-CVE-2018-20124.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0016-fix-CVE-2018-20125.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0017-fix-CVE-2018-20126.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0018-fix-CVE-2018-20191.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/0019-fix-CVE-2018-20216.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2018-20815.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-3812.patch
delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2019-8934.patch
rename meta/recipes-devtools/qemu/{qemu_3.1.0.bb => qemu_3.1.1.1.bb} (100%)
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-1.patch
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2019-14287-2.patch
rename meta/recipes-support/gnutls/{gnutls_3.6.7.bb => gnutls_3.6.8.bb} (93%)
create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2017-8834_71.patch
create mode 100644 meta/recipes-support/libgcrypt/files/0001-Prefetch-GCM-look-up-tables.patch
create mode 100644 meta/recipes-support/libgcrypt/files/0002-AES-move-look-up-tables-to-.data-section-and-unshare.patch
create mode 100644 meta/recipes-support/libgcrypt/files/0003-GCM-move-look-up-table-to-.data-section-and-unshare-.patch
hooks/post-receive
--
More information about the yocto-security
mailing list