[yocto-security] [OE-core CVE] branch master-next updated. uninative-2.3-101-ga83f888

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Tue Nov 6 03:58:02 PST 2018


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, master-next has been updated
  discards  788849d2b61cfb96c1bf3f0a33940963447fdc85 (commit)
  discards  7ea74106919b76680cf272fdd106042649390fb5 (commit)
  discards  5ad08411be626afc1709b11897de509ba5a5e87f (commit)
  discards  8edb33331634ffd5b4c0d7b19d1b5b2a7f5343e9 (commit)
  discards  1905e2486a449fe211a8706d7b2399fb1353684b (commit)
  discards  877bedb9c8c47ada5788a850a7523e9d1a0e6457 (commit)
  discards  7b9d6202652c7aecb2a143d8c77d6afebd0f7476 (commit)
  discards  8f0075f0118401f1f2dd57df31f0a9e7499de2bc (commit)
  discards  abb0d04aae138a1529f7a6569d8dcb3a4ce4e724 (commit)
  discards  b67f50fec6523f2a10fb65ac72104f71243acf3c (commit)
  discards  0e0e8b694388ff8f30039474d268b5309a201d96 (commit)
  discards  b863bf4e76aba3949e4c27673ee3bbf8813aa2b3 (commit)
  discards  56b88be44b0c28356896fcb253767d45bd7c4a5a (commit)
  discards  9224ac1b8d425358a73951e2166e0c502211e5a4 (commit)
  discards  e46bdf96db7082c7e1800f64fda859c35d22c723 (commit)
  discards  8596c43b75b6839525d7ad55ada6598adc8192a3 (commit)
  discards  97958500637f71ee126e983fcdf760a9898f12eb (commit)
  discards  625ce142a57442eebe3375759c4391c9220a99b4 (commit)
  discards  2d80bd199fcc3bdb0b7f12d55c1d51e7838eadfa (commit)
  discards  a55fa4a0a54f8d4f3d2a29ca6e3cc14265a1d74d (commit)
  discards  963de58f19d3118d7bd84ede8c2edbdb2acd7727 (commit)
  discards  e183f6551e3d316b9b2df9bbcc6b99ac26ffe749 (commit)
  discards  82d686ec7c13262c372a8404befb039c0fcab145 (commit)
  discards  ebf6b688f694ff9145261e470edacef155c65001 (commit)
  discards  02b4338d10acfd4d0e122dcc63ada325dc3e4bfa (commit)
  discards  de022f3545d7b89c71369f7e58b21b88bc99e6a6 (commit)
  discards  622b33eedf7e7f82db0dd896fa9045f1d718ebbc (commit)
  discards  738d8ce29ea7e05809c260b22e54cd3857d3450d (commit)
  discards  25f6c153b0cafad2e80e4b9e5f92ca69c8504432 (commit)
  discards  5c5e0423ba9e32b91c5c19b502243a34b0c72847 (commit)
  discards  1660f494b6d5f81ae50ca8500f556272ed0cc1ce (commit)
  discards  0f99c67d850ec29f06c283f1fc161e1754c20b13 (commit)
  discards  d2eb0b10fbebef9282d224b70677e775e16d8039 (commit)
  discards  fe145167f43d71227be6b9b59a21e95704cdaeac (commit)
  discards  276ee8c0745e5bc41513501d1085a1ae0e0f740e (commit)
  discards  88f6274430e7f4860b0811e607cbc3a0691bfe37 (commit)
  discards  f1adb8846bf65d1206136eac4fd015187077db76 (commit)
  discards  4208c6e844a2d326bfa8cbaf53da0faa84235c87 (commit)
  discards  1e4e8f40523827bc7ae70b354b992f8601d20dbb (commit)
  discards  d78004434df69254f8717df40aaec51df3bbd40f (commit)
  discards  f43d54aa2bf2df92739e7fc858ad23fab67eb7a8 (commit)
  discards  20a78c6a53c7bef4e68189f435edf883ec7c83ee (commit)
  discards  3f32d77b5781cd603b1aad1b9063f264a101fdad (commit)
  discards  916fc66e3da16e9e88873c529d1cdf9a0ca9f1bb (commit)
  discards  ef9f9e6939a9ea5690e7bfae0b0a4e4044bf6586 (commit)
  discards  d44daaaceebb334b4c3c2faf497d5b6462850205 (commit)
  discards  62f96265fdca56363b819ac72b7cdf72b56a940d (commit)
  discards  9f361ced757cdb692e7ba6109c6cc30219d3ff01 (commit)
  discards  7c5a390db705eb8c89af3b93685d0f70083ae66c (commit)
  discards  e51ce22c30ec8303321a6d28f04b2ced336997e3 (commit)
  discards  64440f69d89cb779784b13b47da13c07a8c3e8dd (commit)
  discards  ed3dc4bc4fa3013f2fc68d6ccb56080dbc76a99c (commit)
  discards  877c0f8753fb70b2c5a68e01495813b23706fe42 (commit)
  discards  15a977663b9343fe846ec4c242479d48d01ce251 (commit)
  discards  8cd6047e69ff1018bce2929b85eb5e24978db1ea (commit)
  discards  9a4932923c83c0aeb574e27022463a9172bf154c (commit)
       via  a83f88823d9ddb78aa0c18181cc0ef3f943378c3 (commit)
       via  bdd725d2b39fef7ea2e71b6924134e7bcd067099 (commit)
       via  ee47d337dfecaf8f4fc22e6ce4629503009083ed (commit)
       via  37c74731f2ecfec5dce7e94e9615ad54b96997b3 (commit)
       via  55ada646a1d613696f29816c90e8ad092d7e17f6 (commit)
       via  3f029e7f216ab68b674e1ae446e2a484d515cdad (commit)
       via  1c08a7deb326a76536fb40baacde2bd40a158b9f (commit)
       via  6fa303151a0c6845e7450b8be6f6a2758a04439c (commit)
       via  d335e117de9a4a6a211e96c652336aa34b10c158 (commit)
       via  26f029ef904b420b6b1714225cbb0ff082d0f107 (commit)
       via  095214c24c17312ab58576de37078ab3133b3ce1 (commit)
       via  30707357dcd2a1e462fbd16b7f63f803f2ec6e5a (commit)
       via  97aff3a44821432cae9c5e18853cd702f4a66746 (commit)
       via  a3ff5b2b4bdf7f83aa6181f8b1c2a4060257947b (commit)
       via  11c1b6bc23bc555c359069ad6aa0a413503eb3b8 (commit)
       via  919a8f96897c1a91d9f2f56a9dfe7e1043a3fc72 (commit)
       via  3b0f8baf7e3fd204463cb11c5001857c1dd40b0d (commit)
       via  dbb5f3967d993cc459a61e7d6a68ca543a0b3cf6 (commit)
       via  51ee85dbd6251a800f6aec12a6afb219c6a13b5e (commit)
       via  3453b9c8dce58ee1ad4d8f6ffd7693c13599297e (commit)
       via  2519650dcfeba38fbc2c1087e6fbca37c5158cef (commit)
       via  4c5c77d83b7c4fa04aa5694ebea7c29cd95956e8 (commit)
       via  ee849c20f81fc40aed237141186cf62e431c33dc (commit)
       via  bec0fcf969a07ff81b2c7c7bc0aeae961e15824d (commit)
       via  40d47e0d08c888a5e3feae3e70012de9d8e4bc2e (commit)
       via  f4ce627ad3e36901614adfaa485dbbd54b269cc5 (commit)
       via  a5a5494632d42f11d8904648749246f78edecee5 (commit)
       via  6a7cac3353c3319e963cbdcb3a03f6179a9221e9 (commit)
       via  16840d207912d1857b2b8ed9c5ccfa8e561c36cc (commit)
       via  52838c10c50df63b1bcdbd9163cc02109796e2eb (commit)
       via  346dfd112b0c28d00bf17c21b55bbbf30a3e3f64 (commit)
       via  bff4483b03595ef1b12396c18c6f69d756ac25e8 (commit)
       via  409ce8c6fe7f82deb3249118ec20bdaadbdf637d (commit)
       via  4f5293837b5920e55d056d019b63e09da3d169e5 (commit)
       via  45f2e4cc12f3543ce644ef02c6528b24ac954869 (commit)
       via  8801cf988b5f1e178f458858826d1ecb62bfe024 (commit)
       via  a3c3cdc94fe2df715392c5f2eff20e7fbddfa6e9 (commit)
       via  5030e1d84bcec3501ade305053445097ddf4ce58 (commit)
       via  c3674479a38e72db17ecb2ea3bcfc243143f06a1 (commit)
       via  1fe62d6519da2c6b1ee617f2535ac74956836ce0 (commit)
       via  6ec632d4e6f740fd512c6cc7b6b57086917cb393 (commit)
       via  df1d57bc639f59b502d6a6036d26f243747e6742 (commit)
       via  3fbfbc35e41b1b576198ca63ee61ec47b12df042 (commit)
       via  0f0db9fc8512a0ecd0cdba3304a195cd925a5029 (commit)
       via  78e751e33d3ec4394d96391e737cc39cad960ebe (commit)
       via  9d5c6a87eb72a8b8b8d417126a831565982ca9a6 (commit)
       via  98ab5c5770d20b39bf3c58083f31f31838f2e940 (commit)
       via  6098c19e1f179896af7013c4b5db3081549c97bc (commit)
       via  6c32ea184941d292cd8f0eb898e6cc90120ada40 (commit)
       via  bd8d2c25f595e30a3fdcad8a2409913bb8af7c5c (commit)
       via  777c1f8b6e20643964c304400e2d746dc2926524 (commit)
       via  024b395425c95a08c881d922c310be78ffad483a (commit)
       via  2ddb3b25ed063b47d3fe2b3e9e17b7f9d0e2a7e5 (commit)
       via  5c2b164e1022c46f6bf541894429773c3dde7af2 (commit)
       via  13591d7224393dc0ae529a03cdf74aceb3540ce9 (commit)
       via  eeb621aa19f690971caf862290a172a115578ba1 (commit)
       via  0ef70603bc983315eb0e8a97958d995a31198c35 (commit)
       via  32e5dd919a61b1c245fb6a867d0ea4a71d394aca (commit)
       via  a24d0c174411a32a2793c89980ca87c4f9d98bc4 (commit)
       via  9d5d19cee30ac73b9fbf75308e5729857384983e (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (788849d2b61cfb96c1bf3f0a33940963447fdc85)
            \
             N -- N -- N (a83f88823d9ddb78aa0c18181cc0ef3f943378c3)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit a83f88823d9ddb78aa0c18181cc0ef3f943378c3
Author: Martin Hundebøll <martin at geanix.com>
Date:   Tue Nov 6 11:04:16 2018 +0100

    glibc: make ld-2.28.so reproducible on arm
    
    Play the whack-a-mole game and add the .file directive to another
    assembly file that otherwise shows itself in ld-2.28.so debug file,
    which in turns alters the build-id of ld-2.28.so on target.
    
    Signed-off-by: Martin Hundebøll <martin at geanix.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit bdd725d2b39fef7ea2e71b6924134e7bcd067099
Author: Matthias Schiffer <matthias.schiffer at ew.tq-group.com>
Date:   Tue Nov 6 09:56:23 2018 +0100

    base.bbclass: avoid 'find -ignore_readdir_race -delete'
    
    Due to a bug in find [1], -ignore_readdir_race does not work correctly with
    -delete. This can lead to spurious build failures when files disappear
    while such a command is running; specifically this was seen in the case of
    do_configure and do_populate_lic running concurrently for packages
    with ${B} == ${WORKDIR}:
    
       find: '.../sstate-build-populate_lic': No such file or directory
    
    While the issue is fixed in the findutils git master, the find command of
    the host system is called here, so we can't ensure that the used version
    contains the fix. Many common distros have not updated to a recent enough
    findutils version yet (Ubuntu 18.10 contains the fix, while 18.04 is still
    affected).
    
    Work around the issue by passing the output of find to 'rm -f' instead of
    using -delete.
    
    [1] https://savannah.gnu.org/bugs/?52981
    
    Signed-off-by: Matthias Schiffer <matthias.schiffer at ew.tq-group.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit ee47d337dfecaf8f4fc22e6ce4629503009083ed
Author: Zhixiong Chi <zhixiong.chi at windriver.com>
Date:   Mon Nov 5 22:43:41 2018 -0800

    binutils: fix four CVE issues
    
    Backport the CVE patches from the binutils upstream.
    
    Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 37c74731f2ecfec5dce7e94e9615ad54b96997b3
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date:   Mon Oct 29 16:21:15 2018 +0800

    go 1.9/1.11: fix textrel qa warning for non mips arch
    
    While building go itself, the go build system does not support
    to set `-buildmode=pie' from environment.
    
    Add GOBUILDMODE to support it which make PIE executables the default
    build mode, as PIE executables are required as of Yocto
    
    But mips doesn't support -buildmode=pie, so skip the QA checking for
    mips and its variants
    
    Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 55ada646a1d613696f29816c90e8ad092d7e17f6
Author: Joshua Watt <jpewhacker at gmail.com>
Date:   Thu Nov 1 21:45:13 2018 -0500

    pkgconfig: export variables
    
    Export the PKG_CONFIG_PATH and PKG_CONFIG_LIBDIR variables in case the
    parent shell hasn't done so.
    
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 3f029e7f216ab68b674e1ae446e2a484d515cdad
Author: Chunrong Guo <chunrong.guo at nxp.com>
Date:   Fri Nov 2 06:52:45 2018 +0000

    ppce500v2: remove spe
    
    *The PowerPC SPE support is split off to a separate powerpcspe port
    
    Signed-off-by: Chunrong Guo <chunrong.guo at nxp.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 1c08a7deb326a76536fb40baacde2bd40a158b9f
Author: Anuj Mittal <anuj.mittal at intel.com>
Date:   Fri Nov 2 14:58:52 2018 +0800

    xf86-video-intel: update to latest
    
    For changes, please see:
    
    https://cgit.freedesktop.org/xorg/driver/xf86-video-intel/log/?qt=range&q=e4fe79cf0d9a05ee3f3a027148ef0aeb2b1b34e1...0932a6b37ba6d5c9e916a1cb6ab89c3205b81a0c
    
    Enable sna by default and remove upstreamed patches.
    
    Also include a patch from fedora to fix compile issues when using
    qemux86 which doesn't enable sse2 leading to gcc refusing to
    inline vertex_emit_2s in emit_vertex because they are defined as:
    
      static __attribute__((always_inline)) void
      vertex_emit_2s(struct sna *sna, int16_t x, int16_t y)
    
      __attribute__((target("sse2,fpmath=sse"))) __attribute__((always_inline))
      static void emit_vertex(/* omitted */)
    
    leading to errors like:
    
    | In file included from ../../../git/src/sna/gen4_vertex.c:34:
    | ../../../git/src/sna/gen4_vertex.c: In function 'emit_vertex':
    | ../../../git/src/sna/sna_render_inline.h:40:26: error: inlining failed in call to always_inline 'vertex_emit_2s': target specific option mismatch
    |  static force_inline void vertex_emit_2s(struct sna *sna, int16_t x, int16_t y)
    |                           ^~~~~~~~~~~~~~
    | ../../../git/src/sna/gen4_vertex.c:308:25: note: called from here
    |  #define OUT_VERTEX(x,y) vertex_emit_2s(sna, x,y) /* XXX assert(!too_large(x, y)); */
    |                          ^~~~~~~~~~~~~~~~~~~~~~~~
    | ../../../git/src/sna/gen4_vertex.c:360:2: note: in expansion of macro 'OUT_VERTEX'
    |   OUT_VERTEX(dstX, dstY);
    |   ^~~~~~~~~~
    
    Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 6fa303151a0c6845e7450b8be6f6a2758a04439c
Author: Olekandr Kravchuk <dev at sashko.rv.ua>
Date:   Mon Oct 8 23:05:51 2018 +0200

    connman: update to 1.36
    
    - updated connman to v1.36
    - removed mainstreamed patches
    - includes.patch has been rabased and transformed into git format
    
    Signed-off-by: Oleksandr Kravchuk <dev at sashko.rv.ua>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit d335e117de9a4a6a211e96c652336aa34b10c158
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Wed Oct 31 07:39:58 2018 -0700

    xserver-xorg: update to 1.20.3
    
    1.20.3 fixes arm booting in testimage
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 26f029ef904b420b6b1714225cbb0ff082d0f107
Author: Bruce Ashfield <bruce.ashfield at windriver.com>
Date:   Tue Oct 30 15:04:26 2018 -0400

    kernel: use olddefconfig as the primary target for KERNEL_CONFIG_COMMAND
    
    As was warned by commit 312ee68752fa [kconfig: announce removal of
    oldnoconfig if used], oldnoconfig has been removed from the 4.20 kernel.
    
    So we switch our default mode to olddefconfig.
    
    commit fb16d8912 [kconfig: replace 'oldnoconfig' with 'olddefconfig',
    and keep the old name as an alias] introduced olddefconfig in the 3.10
    kernel, we shuffle oldnoconfig to the fallback target.
    
    The fallback mode allows kernels between 3.10 and the currently listed
    oldest kernel of 3.2 to continue to configure.
    
    Signed-off-by: Bruce Ashfield <bruce.ashfield at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 095214c24c17312ab58576de37078ab3133b3ce1
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Wed Oct 31 07:39:59 2018 -0700

    bind: update to latest LTS 9.11.5
    
    includes:
    CVE-2018-5738
    
    drop patch for CVE-2018-5740 now included in update
    
    see: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html
    
    Add RECIPE_NO_UPDATE_REASON for lts
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 30707357dcd2a1e462fbd16b7f63f803f2ec6e5a
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Wed Oct 24 01:19:46 2018 +0100

    dhcp: fix issue with new bind changes
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 97aff3a44821432cae9c5e18853cd702f4a66746
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 19:08:04 2018 +0100

    xf86-input-libinput: update to 0.28.1
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit a3ff5b2b4bdf7f83aa6181f8b1c2a4060257947b
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 19:46:27 2018 +0100

    xkeyboard-config: update to 2.25
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 11c1b6bc23bc555c359069ad6aa0a413503eb3b8
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 18:39:17 2018 +0100

    libxcb: update to 1.13.1
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 919a8f96897c1a91d9f2f56a9dfe7e1043a3fc72
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 18:02:55 2018 +0100

    libx11: update to 1.6.7 and sytle cleanup
    
    refresh Fix-hanging-issue-in-_XReply.patch
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 3b0f8baf7e3fd204463cb11c5001857c1dd40b0d
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 17:56:09 2018 +0100

    libsm: update to 1.2.3
    
    reoder things per style
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit dbb5f3967d993cc459a61e7d6a68ca543a0b3cf6
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 16:53:33 2018 +0100

    openssh: Update to 7.9 primarily bug fixes
    
    see: https://lwn.net/Articles/768991/
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 51ee85dbd6251a800f6aec12a6afb219c6a13b5e
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 16:38:55 2018 +0100

    curl: update to 7.61.1
    
    drop patch for CVE-2018-14618 now included
    Notable: INTERNALS: require GnuTLS >= 2.11.3
    
    See: https://curl.haxx.se/changes.html#7_61_0
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 3453b9c8dce58ee1ad4d8f6ffd7693c13599297e
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 16:30:48 2018 +0100

    libpcre2: update to 10.32
    
    LIC_FILES_CHKSUM changed do to typo fixes and tidies for 10.32
    
    see: https://www.pcre.org/changelog.txt
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 2519650dcfeba38fbc2c1087e6fbca37c5158cef
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 15:55:49 2018 +0100

    gnutls: update to 3.6.4
    
    Notable change:
    
    libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
    see: https://lists.gnupg.org/pipermail/gnutls-help/2018-September/004457.html
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
    
    --
    [v2]
    Fix typo in version in subject
    
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 4c5c77d83b7c4fa04aa5694ebea7c29cd95956e8
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sat Oct 20 15:07:23 2018 +0100

    nspr: Update to 4.20
    
    RISC-v support now included in this release so drop patch.
    and refresh patches
    
    Signed-off-by: Armin Kuster <akuster at mvista.com>

commit ee849c20f81fc40aed237141186cf62e431c33dc
Author: Fabien Lahoudere <fabien.lahoudere at collabora.com>
Date:   Mon Oct 29 12:02:29 2018 +0100

    archiver: Drop unwanted directories
    
    In sources directory we can find patches/ and temp/.
    The first one is filled with symbolic link unusable on another
    machines.
    The second contains yocto logs to create this archives and are
    typically copied when 'S = "${WORKDIR}"'
    
    Signed-off-by: Fabien Lahoudere <fabien.lahoudere at collabora.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit bec0fcf969a07ff81b2c7c7bc0aeae961e15824d
Author: Michael Halstead <mhalstead at linuxfoundation.org>
Date:   Mon Nov 5 09:10:48 2018 -0800

    scripts/autobuilder-worker-prereq-tests: adjust max_user_watches
    
    Temporarily modify path to run as non-privileged user on more distros.
    Change the recommended value to match what we use on the autobuilder.
    
    Signed-off-by: Michael Halstead <mhalstead at linuxfoundation.org>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 40d47e0d08c888a5e3feae3e70012de9d8e4bc2e
Author: Kosta Zertsekel <zertsekel at gmail.com>
Date:   Sun Nov 4 21:24:46 2018 +0200

    Fix: chown: Use double colon for OWNER:GROUP
    
    Rationale - excerp from `info chown`
    ====================================
    
    OWNER‘:’GROUP
         If the OWNER is followed by a colon and a GROUP (a group name or
         numeric group ID), with no spaces between them, the group ownership
         of the files is changed as well (to GROUP).
    
       Some older scripts may still use ‘.’ in place of the ‘:’ separator.
    POSIX 1003.1-2001 (*note Standards conformance::) does not require
    support for that, but for backward compatibility GNU ‘chown’ supports
    ‘.’ so long as no ambiguity results.  New scripts should avoid the use
    of ‘.’ because it is not portable, and because it has undesirable
    results if the entire OWNER‘.’GROUP happens to identify a user whose
    name contains ‘.’.
    
    Signed-off-by: Kosta Zertsekel <zertsekel at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit f4ce627ad3e36901614adfaa485dbbd54b269cc5
Author: Ross Burton <ross.burton at intel.com>
Date:   Mon Nov 5 11:23:03 2018 +0000

    wic: use explicit errno import
    
    os.errno doesn't work in Python 3.7 and shouldn't have ever worked, so use
    import errno explicitly.
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit a5a5494632d42f11d8904648749246f78edecee5
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date:   Mon Nov 5 15:52:09 2018 +0000

    oeqa/selftest: Add test for Yocto source mirror functionality/completeness
    
    We've had a number of occasions where the Yocto Project source mirrors have not
    been complete or functioning correctly. This adds a test so that if this happens
    we find out out it sooner.
    
    It also only works over http meaning we should be able to test that anyone behind
    an http only proxy (no git protocol) also has functional fetches for OE-Core and
    layers built by the core of the project.
    
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 6a7cac3353c3319e963cbdcb3a03f6179a9221e9
Author: Serhey Popovych <serhe.popovych at gmail.com>
Date:   Thu Nov 1 19:21:10 2018 +0200

    libgpg-error: Support build for native on ppc64/ppc64le hosts
    
    Both RHEL and SLES uses ppc64/ppc64le for powerpc 64 bit big/little
    endian targets instead of powerpc64/powerpc64le in libgpg-error.
    
    Also libgpg-error provides common target system names in form like
    <arch>-unknown-linux-gnu.
    
    Add mapping for ppc64/ppc64le targets to their libgpg-error equivalents
    to fix native builds.
    
    Cross build for arm64 tested on IBM Power 8 machine with RHEL7 for
    ppc64le variant only, but should work for ppc64 as well.
    
    Signed-off-by: Serhey Popovych <serhe.popovych at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 16840d207912d1857b2b8ed9c5ccfa8e561c36cc
Author: Serhey Popovych <serhe.popovych at gmail.com>
Date:   Wed Oct 31 16:55:47 2018 +0200

    v86d: Make cross compilation working on more architectures
    
    Since commit 709c603dec19 ("v86d: Accept aarch64 as build host") we
    support cross compilation on aarch64 host in addition to x86 host.
    However building on hosts different than two above will fail.
    
    Make cross compilation support more generic by checking for TARGET_ARCH
    in v86d configure script with fallback to `uname -m` when not present in
    environment and pass TARGET_ARCH explicitly in do_configure().
    
    Cross build for x86 tested on IBM Power 8 machine with RHEL7. Should
    work on aarch64 and rest too.
    
    Signed-off-by: Serhey Popovych <serhe.popovych at gmail.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 52838c10c50df63b1bcdbd9163cc02109796e2eb
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date:   Tue Oct 30 11:18:54 2018 +0000

    oe-init-buildenv/base: Relax python version checks in favour of HOSTTOOLS manipulation
    
    Several distros are now shipping "python" as python v3 contra to the original
    python guidelines. This causes users confusion/pain in trying to use our tools.
    
    We can just force "python" to "python2" within HOSTTOOLS to avoid this issue
    and hide the complexity from the user.
    
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 346dfd112b0c28d00bf17c21b55bbbf30a3e3f64
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date:   Fri Nov 2 13:13:43 2018 +0000

    oeqa/runtime/ptest: Inject results+logs into stored json results file
    
    This allows the ptest results from ptest-runner, run in an image to be
    transferred over to the resulting json results output.
    
    Each test is given a pass/skip/fail so individual results can be monitored
    and the raw log output from the ptest-runner is also dumped into the
    results json file as this means after the fact debugging becomes much easier.
    
    Currently the log output is not split up per test but that would make a good
    future enhancement.
    
    I attempted to implement this as python subTests however it failed as the
    output was too confusing, subTests don't support any kind of log
    output handling, subTest successes aren't logged and it was making things
    far more complex than they needed to be.
    
    We mark ptest-runner as "EXPECTEDFAILURE" since its unlikely every ptest
    will pass currently and we don't want that to fail the whole image test run.
    Its assumed there would be later analysis of the json output to determine
    regressions. We do have to change the test runner code so that
    'unexpectedsuccess' is not a failure.
    
    Also, the test names are manipuated to remove spaces and brackets with
    "_" used as a replacement and any duplicate occurrences truncated.
    
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit bff4483b03595ef1b12396c18c6f69d756ac25e8
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date:   Wed Oct 31 22:38:43 2018 +0000

    crosssdk: Remove usage of host flags for cross-compilation
    
    Similarlly to OE-Core rev 4b936cde58ca0a6f34092ce82640a02859110411 for
    cross.sdk, BUILD_* flags can't be used as TARGET_* flags
    
    gcc-crosssdk buils leaks config.log's through "gcc-stashed-builddir" and
    TARGET_* flags to libgcc cross-build through "gcc/libgcc.mvars" file
    on "gcc-stashed-builddir". This means that if BUILD_CFLAGS contains
    host-specific flags like "-isystem/usr/include" libgcc build will
    fail "do_qa_configure" and "do_package_qa" checks.
    
    Remove host-related flags from TARGET_* flags for gcc-crosssdk builds.
    
    [YOCTO #11874]
    
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 409ce8c6fe7f82deb3249118ec20bdaadbdf637d
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date:   Wed Oct 31 14:52:11 2018 +0000

    go: Change from TARGET_ARCH to TUNE_PKGARCH
    
    Right now go-cross is changing signatures when you change TUNE for a given
    architecture. In particular this breaks layer tests like:
    
    yocto-check-layer ../meta-yocto-bsp/ --machines qemuarm beaglebone-yocto
    
    This changes the PN addtion to something containing the tune rather than
    the arch which avoids these kinds of errors. If go-cross can be tune
    independent that would be nice but currently that isn't the case.
    
    [YOCTO #12586]
    
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 4f5293837b5920e55d056d019b63e09da3d169e5
Author: Chen Qi <Qi.Chen at windriver.com>
Date:   Tue Oct 30 14:32:42 2018 +0800

    go-dep: disable PTEST_ENABLED for mips and mips64
    
    The current go-dep does not compile ptest successfully on mips
    and mips64. So as a workaround, disable PTEST_ENABLED explicitly
    to avoid error like below.
    
      | vet config not found
    
    Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 45f2e4cc12f3543ce644ef02c6528b24ac954869
Author: Ross Burton <ross.burton at intel.com>
Date:   Mon Nov 5 11:22:58 2018 +0000

    python3: add python3-venv to the python3-modules RDEPENDS
    
    Signed-off-by: Ross Burton <ross.burton at intel.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 8801cf988b5f1e178f458858826d1ecb62bfe024
Author: Hugues Kamba <Hugues.Kamba at arm.com>
Date:   Tue Oct 30 09:37:25 2018 +0000

    python3: Fix python3-pyvenv run-time dependency
    
    Pyvenv is just a small script that uses venv to create virtual
    environments.
    https://www.python.org/dev/peps/pep-0405/#creating-virtual-environments
    
    This patch adds the python3-venv module as a self-contained package which
    python3-pyvenv must depend on at run-time.
    
    The patch also provides the package python3-pyvenv from the pyhton3-venv
    package.This is good for future-proofing since python3-pyvenv has been
    deprecated and only python3-venv is now available in Python 3.6.
    https://docs.python.org/3/library/venv.html.
    
    Without this patch python3-pyvenv is broken because it is missing the
    venv module at run-time. This patch specifies the newly created
    python3-venv as a run-time dependency of python3-pyvenv.
    
    Signed-off-by: Hugues Kamba <hugues.kamba at arm.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit a3c3cdc94fe2df715392c5f2eff20e7fbddfa6e9
Author: Chen Qi <Qi.Chen at windriver.com>
Date:   Tue Oct 30 16:06:42 2018 +0800

    gdbm: fix ptest failure
    
    Some of gdbm's ptest cases require gdbmtool, which is packaged into
    ${PN}-bin. So extend the RDEPENDS_${PN}-ptest to include the package.
    
    Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 5030e1d84bcec3501ade305053445097ddf4ce58
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date:   Sat Nov 3 10:30:29 2018 +0100

    pixman: Trim license info extracted from pixman-matrix.c
    
    Four unrelated lines were extracted from pixman-matrix.c for the
    license information.
    
    License-Update: Only extract the relevant part from pixman-matrix.c
    Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit c3674479a38e72db17ecb2ea3bcfc243143f06a1
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date:   Sat Nov 3 10:30:28 2018 +0100

    libgpg-error: Trim license info extracted from init.c & gpg-error.h.in
    
    License-Update: Only extract relevant parts from init.c & gpg-error.h.in
    Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 1fe62d6519da2c6b1ee617f2535ac74956836ce0
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date:   Sat Nov 3 10:30:27 2018 +0100

    apr-util: Trim license info extracted from apu_version.h
    
    Two unrelated lines were extracted from apu_version.h for the license
    information.
    
    License-Update: Only extract the relevant part from apu_version.h
    Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 6ec632d4e6f740fd512c6cc7b6b57086917cb393
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date:   Sat Nov 3 10:30:26 2018 +0100

    apr: Trim license info extracted from apr_lib.h
    
    Two unrelated lines were extracted from apr_lib.h for the license
    information.
    
    License-Update: Only extract the relevant part from apr_lib.h
    Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit df1d57bc639f59b502d6a6036d26f243747e6742
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date:   Sat Nov 3 10:30:25 2018 +0100

    common-licenses: Correct the FreeType license text
    
    It now matches:
    http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/FTL.TXT
    
    Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 3fbfbc35e41b1b576198ca63ee61ec47b12df042
Author: Douglas Royds <douglas.royds at taitradio.com>
Date:   Mon Nov 5 18:39:41 2018 +1300

    reproducible_build: Comment only: do_deploy_source_date_epoch task
    
    Once the value of SOURCE_DATE_EPOCH is determined, it is stored in the recipe's SDE_FILE.
    If none of the existing mechanisms are suitable, replace the do_deploy_source_date_epoch task
    with recipe-specific functionality to write the appropriate SOURCE_DATE_EPOCH into the SDE_FILE.
    
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 0f0db9fc8512a0ecd0cdba3304a195cd925a5029
Author: Changqing Li <changqing.li at windriver.com>
Date:   Fri Nov 2 14:07:49 2018 +0800

    curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
    
    Signed-off-by: Changqing Li <changqing.li at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 78e751e33d3ec4394d96391e737cc39cad960ebe
Author: Kai Kang <kai.kang at windriver.com>
Date:   Fri Nov 2 16:02:14 2018 +0800

    openssl: fix CVE-2018-0735 for 1.1.1
    
    Backport patch to fix CVE-2018-0735 for openssl 1.1.1.
    
    Signed-off-by: Kai Kang <kai.kang at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 9d5c6a87eb72a8b8b8d417126a831565982ca9a6
Author: Kai Kang <kai.kang at windriver.com>
Date:   Fri Nov 2 16:02:13 2018 +0800

    openssl: fix CVE-2018-0734 for both 1.0.2p and 1.1.1
    
    Backport patches to fix CVE-2018-0734 for both openssl 1.0.2p and 1.1.1
    versions.
    
    Signed-off-by: Kai Kang <kai.kang at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 98ab5c5770d20b39bf3c58083f31f31838f2e940
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date:   Mon Nov 5 16:03:37 2018 +0800

    ghostscript: fix CVE-2018-18284
    
    Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
    sandbox protection mechanism via vectors involving the 1Policy
    operator.
    
    Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 6098c19e1f179896af7013c4b5db3081549c97bc
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date:   Mon Nov 5 16:03:36 2018 +0800

    ghostscript: fix CVE-2018-18073
    
    Artifex Ghostscript allows attackers to bypass a sandbox protection
    mechanism by leveraging exposure of system operators in the saved
    execution stack in an error object.
    
    Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 6c32ea184941d292cd8f0eb898e6cc90120ada40
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date:   Mon Nov 5 16:03:35 2018 +0800

    ghostscript: fix CVE-2018-17961
    
    Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
    sandbox protection mechanism via vectors involving errorhandler
    setup. NOTE: this issue exists because of an incomplete fix for
    CVE-2018-17183.
    
    Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit bd8d2c25f595e30a3fdcad8a2409913bb8af7c5c
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date:   Fri Nov 2 17:52:51 2018 +0800

    elfutils: fix CVE-2018-18520 & CVE-2018-18521 & CVE-2018-18310
    
    These CVE fixes come from upstream master branch and no
    new version released, so backport rather than upgrade.
    
    Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 777c1f8b6e20643964c304400e2d746dc2926524
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date:   Fri Nov 2 17:52:50 2018 +0800

    elfutils: 0.173 -> 0.174
    
    - Drop backport fixes
      CVE-2018-16062.patch
      0001-libdw-Check-end-of-attributes-list-consistently.patch
      0002-libelf-Return-error-if-elf_compress_gnu-is-used-on-S.patch
    
    - Rebase 0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch
    
    Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 024b395425c95a08c881d922c310be78ffad483a
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date:   Tue Oct 23 04:35:06 2018 -0400

    nasm: fix CVE-2018-1000667
    
    Since the latest nasm is  2.14rc16 (not formal release),
    so backport a patch to 2.13 to fix CVE-2018-1000667.
    
    Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 2ddb3b25ed063b47d3fe2b3e9e17b7f9d0e2a7e5
Author: Changqing Li <changqing.li at windriver.com>
Date:   Fri Nov 2 14:08:57 2018 +0800

    unzip: fix for CVE-2018-18384
    
    Signed-off-by: Changqing Li <changqing.li at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 5c2b164e1022c46f6bf541894429773c3dde7af2
Author: Changqing Li <changqing.li at windriver.com>
Date:   Fri Nov 2 14:08:45 2018 +0800

    qemu: fix for CVE-2018-10839
    
    Signed-off-by: Changqing Li <changqing.li at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 13591d7224393dc0ae529a03cdf74aceb3540ce9
Author: Chen Qi <Qi.Chen at windriver.com>
Date:   Fri Nov 2 12:42:43 2018 +0800

    systemd: fix CVE-2018-15688
    
    Backport patch to fix the following CVE.
    
    CVE: CVE-2018-15688
    
    Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit eeb621aa19f690971caf862290a172a115578ba1
Author: Chen Qi <Qi.Chen at windriver.com>
Date:   Fri Nov 2 12:42:42 2018 +0800

    systemd: fix CVE-2018-15687
    
    Backport patch to fix the following CVE.
    
    CVE: CVE-2018-15687
    
    Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 0ef70603bc983315eb0e8a97958d995a31198c35
Author: Chen Qi <Qi.Chen at windriver.com>
Date:   Fri Nov 2 12:42:41 2018 +0800

    systemd: fix CVE-2018-15686
    
    Backport patch to fix the following CVE.
    
    CVE: CVE-2018-15686
    
    Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 32e5dd919a61b1c245fb6a867d0ea4a71d394aca
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Mon Oct 29 01:29:32 2018 +0000

    tzdata: update to 2018g
    
      Changes to code
    
        When generating TZif files with leap seconds, zic no longer uses a
        format that trips up older 32-bit clients, fixing a bug introduced
        in 2018f.  (Reported by Daniel Fischer.)  Also, the zic workaround
        for QTBUG-53071 now also works for TZif files with leap seconds.
    
        The translator to rearguard format now rewrites the line
        "Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
        "Rule Japan 1948 1951 - Sep Sun>=9  1:00 0 S".
        This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
        and earlier.  (Reported by Christos Zoulas.)
    
      Changes to past time zone abbreviations
    
        Change HDT to HWT/HPT for WWII-era abbreviations in Hawaii.
        This reverts to 2011h, as the abbreviation change in 2011i was
        likely inadvertent.
    
      Changes to documentation
    
        tzfile.5 has new sections on interoperability issues.
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit a24d0c174411a32a2793c89980ca87c4f9d98bc4
Author: Armin Kuster <akuster808 at gmail.com>
Date:   Sun Oct 28 23:38:32 2018 +0000

    tzcode-native: update to 2018g
    
      Changes to code
    
        When generating TZif files with leap seconds, zic no longer uses a
        format that trips up older 32-bit clients, fixing a bug introduced
        in 2018f.  (Reported by Daniel Fischer.)  Also, the zic workaround
        for QTBUG-53071 now also works for TZif files with leap seconds.
    
        The translator to rearguard format now rewrites the line
        "Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
        "Rule Japan 1948 1951 - Sep Sun>=9  1:00 0 S".
        This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
        and earlier.  (Reported by Christos Zoulas.)
    
      Changes to past time zone abbreviations
    
        Change HDT to HWT/HPT for WWII-era abbreviations in Hawaii.
        This reverts to 2011h, as the abbreviation change in 2011i was
        likely inadvertent.
    
      Changes to documentation
    
        tzfile.5 has new sections on interoperability issues.
    
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>

commit 9d5d19cee30ac73b9fbf75308e5729857384983e
Author: Armin Kuster <akuster at mvista.com>
Date:   Sat Oct 20 13:00:13 2018 +0100

    nss: update to 3.39 includes CVE-2018-12384
    
    see: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes
    
    Signed-off-by: Armin Kuster <akuster at mvista.com>

-----------------------------------------------------------------------

Summary of changes:
 meta/classes/base.bbclass                          |   4 +-
 meta/lib/oeqa/selftest/cases/buildoptions.py       |   2 +-
 .../0034-inject-file-assembly-directives.patch     |  13 +
 meta/recipes-devtools/binutils/binutils-2.31.inc   |   4 +
 .../binutils/binutils/CVE-2018-18309.patch         | 308 +++++++++++++++++++++
 .../binutils/binutils/CVE-2018-18605.patch         |  47 ++++
 .../binutils/binutils/CVE-2018-18606.patch         |  70 +++++
 .../binutils/binutils/CVE-2018-18607.patch         |  77 ++++++
 meta/recipes-devtools/go/go-1.11.inc               |   1 +
 .../0008-use-GOBUILDMODE-to-set-buildmode.patch    |  40 +++
 meta/recipes-devtools/go/go-1.9.inc                |   1 +
 .../0011-use-GOBUILDMODE-to-set-buildmode.patch    |  40 +++
 meta/recipes-devtools/go/go_1.11.bb                |  12 +
 meta/recipes-devtools/go/go_1.9.bb                 |  16 +-
 14 files changed, 627 insertions(+), 8 deletions(-)
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-18309.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-18606.patch
 create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch
 create mode 100644 meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch
 create mode 100644 meta/recipes-devtools/go/go-1.9/0011-use-GOBUILDMODE-to-set-buildmode.patch


hooks/post-receive
-- 



More information about the yocto-security mailing list