[yocto-security] [OE-core CVE] branch master-next updated. uninative-2.3-101-ga83f888
cve-notice at lists.openembedded.org
cve-notice at lists.openembedded.org
Tue Nov 6 03:58:02 PST 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".
The branch, master-next has been updated
discards 788849d2b61cfb96c1bf3f0a33940963447fdc85 (commit)
discards 7ea74106919b76680cf272fdd106042649390fb5 (commit)
discards 5ad08411be626afc1709b11897de509ba5a5e87f (commit)
discards 8edb33331634ffd5b4c0d7b19d1b5b2a7f5343e9 (commit)
discards 1905e2486a449fe211a8706d7b2399fb1353684b (commit)
discards 877bedb9c8c47ada5788a850a7523e9d1a0e6457 (commit)
discards 7b9d6202652c7aecb2a143d8c77d6afebd0f7476 (commit)
discards 8f0075f0118401f1f2dd57df31f0a9e7499de2bc (commit)
discards abb0d04aae138a1529f7a6569d8dcb3a4ce4e724 (commit)
discards b67f50fec6523f2a10fb65ac72104f71243acf3c (commit)
discards 0e0e8b694388ff8f30039474d268b5309a201d96 (commit)
discards b863bf4e76aba3949e4c27673ee3bbf8813aa2b3 (commit)
discards 56b88be44b0c28356896fcb253767d45bd7c4a5a (commit)
discards 9224ac1b8d425358a73951e2166e0c502211e5a4 (commit)
discards e46bdf96db7082c7e1800f64fda859c35d22c723 (commit)
discards 8596c43b75b6839525d7ad55ada6598adc8192a3 (commit)
discards 97958500637f71ee126e983fcdf760a9898f12eb (commit)
discards 625ce142a57442eebe3375759c4391c9220a99b4 (commit)
discards 2d80bd199fcc3bdb0b7f12d55c1d51e7838eadfa (commit)
discards a55fa4a0a54f8d4f3d2a29ca6e3cc14265a1d74d (commit)
discards 963de58f19d3118d7bd84ede8c2edbdb2acd7727 (commit)
discards e183f6551e3d316b9b2df9bbcc6b99ac26ffe749 (commit)
discards 82d686ec7c13262c372a8404befb039c0fcab145 (commit)
discards ebf6b688f694ff9145261e470edacef155c65001 (commit)
discards 02b4338d10acfd4d0e122dcc63ada325dc3e4bfa (commit)
discards de022f3545d7b89c71369f7e58b21b88bc99e6a6 (commit)
discards 622b33eedf7e7f82db0dd896fa9045f1d718ebbc (commit)
discards 738d8ce29ea7e05809c260b22e54cd3857d3450d (commit)
discards 25f6c153b0cafad2e80e4b9e5f92ca69c8504432 (commit)
discards 5c5e0423ba9e32b91c5c19b502243a34b0c72847 (commit)
discards 1660f494b6d5f81ae50ca8500f556272ed0cc1ce (commit)
discards 0f99c67d850ec29f06c283f1fc161e1754c20b13 (commit)
discards d2eb0b10fbebef9282d224b70677e775e16d8039 (commit)
discards fe145167f43d71227be6b9b59a21e95704cdaeac (commit)
discards 276ee8c0745e5bc41513501d1085a1ae0e0f740e (commit)
discards 88f6274430e7f4860b0811e607cbc3a0691bfe37 (commit)
discards f1adb8846bf65d1206136eac4fd015187077db76 (commit)
discards 4208c6e844a2d326bfa8cbaf53da0faa84235c87 (commit)
discards 1e4e8f40523827bc7ae70b354b992f8601d20dbb (commit)
discards d78004434df69254f8717df40aaec51df3bbd40f (commit)
discards f43d54aa2bf2df92739e7fc858ad23fab67eb7a8 (commit)
discards 20a78c6a53c7bef4e68189f435edf883ec7c83ee (commit)
discards 3f32d77b5781cd603b1aad1b9063f264a101fdad (commit)
discards 916fc66e3da16e9e88873c529d1cdf9a0ca9f1bb (commit)
discards ef9f9e6939a9ea5690e7bfae0b0a4e4044bf6586 (commit)
discards d44daaaceebb334b4c3c2faf497d5b6462850205 (commit)
discards 62f96265fdca56363b819ac72b7cdf72b56a940d (commit)
discards 9f361ced757cdb692e7ba6109c6cc30219d3ff01 (commit)
discards 7c5a390db705eb8c89af3b93685d0f70083ae66c (commit)
discards e51ce22c30ec8303321a6d28f04b2ced336997e3 (commit)
discards 64440f69d89cb779784b13b47da13c07a8c3e8dd (commit)
discards ed3dc4bc4fa3013f2fc68d6ccb56080dbc76a99c (commit)
discards 877c0f8753fb70b2c5a68e01495813b23706fe42 (commit)
discards 15a977663b9343fe846ec4c242479d48d01ce251 (commit)
discards 8cd6047e69ff1018bce2929b85eb5e24978db1ea (commit)
discards 9a4932923c83c0aeb574e27022463a9172bf154c (commit)
via a83f88823d9ddb78aa0c18181cc0ef3f943378c3 (commit)
via bdd725d2b39fef7ea2e71b6924134e7bcd067099 (commit)
via ee47d337dfecaf8f4fc22e6ce4629503009083ed (commit)
via 37c74731f2ecfec5dce7e94e9615ad54b96997b3 (commit)
via 55ada646a1d613696f29816c90e8ad092d7e17f6 (commit)
via 3f029e7f216ab68b674e1ae446e2a484d515cdad (commit)
via 1c08a7deb326a76536fb40baacde2bd40a158b9f (commit)
via 6fa303151a0c6845e7450b8be6f6a2758a04439c (commit)
via d335e117de9a4a6a211e96c652336aa34b10c158 (commit)
via 26f029ef904b420b6b1714225cbb0ff082d0f107 (commit)
via 095214c24c17312ab58576de37078ab3133b3ce1 (commit)
via 30707357dcd2a1e462fbd16b7f63f803f2ec6e5a (commit)
via 97aff3a44821432cae9c5e18853cd702f4a66746 (commit)
via a3ff5b2b4bdf7f83aa6181f8b1c2a4060257947b (commit)
via 11c1b6bc23bc555c359069ad6aa0a413503eb3b8 (commit)
via 919a8f96897c1a91d9f2f56a9dfe7e1043a3fc72 (commit)
via 3b0f8baf7e3fd204463cb11c5001857c1dd40b0d (commit)
via dbb5f3967d993cc459a61e7d6a68ca543a0b3cf6 (commit)
via 51ee85dbd6251a800f6aec12a6afb219c6a13b5e (commit)
via 3453b9c8dce58ee1ad4d8f6ffd7693c13599297e (commit)
via 2519650dcfeba38fbc2c1087e6fbca37c5158cef (commit)
via 4c5c77d83b7c4fa04aa5694ebea7c29cd95956e8 (commit)
via ee849c20f81fc40aed237141186cf62e431c33dc (commit)
via bec0fcf969a07ff81b2c7c7bc0aeae961e15824d (commit)
via 40d47e0d08c888a5e3feae3e70012de9d8e4bc2e (commit)
via f4ce627ad3e36901614adfaa485dbbd54b269cc5 (commit)
via a5a5494632d42f11d8904648749246f78edecee5 (commit)
via 6a7cac3353c3319e963cbdcb3a03f6179a9221e9 (commit)
via 16840d207912d1857b2b8ed9c5ccfa8e561c36cc (commit)
via 52838c10c50df63b1bcdbd9163cc02109796e2eb (commit)
via 346dfd112b0c28d00bf17c21b55bbbf30a3e3f64 (commit)
via bff4483b03595ef1b12396c18c6f69d756ac25e8 (commit)
via 409ce8c6fe7f82deb3249118ec20bdaadbdf637d (commit)
via 4f5293837b5920e55d056d019b63e09da3d169e5 (commit)
via 45f2e4cc12f3543ce644ef02c6528b24ac954869 (commit)
via 8801cf988b5f1e178f458858826d1ecb62bfe024 (commit)
via a3c3cdc94fe2df715392c5f2eff20e7fbddfa6e9 (commit)
via 5030e1d84bcec3501ade305053445097ddf4ce58 (commit)
via c3674479a38e72db17ecb2ea3bcfc243143f06a1 (commit)
via 1fe62d6519da2c6b1ee617f2535ac74956836ce0 (commit)
via 6ec632d4e6f740fd512c6cc7b6b57086917cb393 (commit)
via df1d57bc639f59b502d6a6036d26f243747e6742 (commit)
via 3fbfbc35e41b1b576198ca63ee61ec47b12df042 (commit)
via 0f0db9fc8512a0ecd0cdba3304a195cd925a5029 (commit)
via 78e751e33d3ec4394d96391e737cc39cad960ebe (commit)
via 9d5c6a87eb72a8b8b8d417126a831565982ca9a6 (commit)
via 98ab5c5770d20b39bf3c58083f31f31838f2e940 (commit)
via 6098c19e1f179896af7013c4b5db3081549c97bc (commit)
via 6c32ea184941d292cd8f0eb898e6cc90120ada40 (commit)
via bd8d2c25f595e30a3fdcad8a2409913bb8af7c5c (commit)
via 777c1f8b6e20643964c304400e2d746dc2926524 (commit)
via 024b395425c95a08c881d922c310be78ffad483a (commit)
via 2ddb3b25ed063b47d3fe2b3e9e17b7f9d0e2a7e5 (commit)
via 5c2b164e1022c46f6bf541894429773c3dde7af2 (commit)
via 13591d7224393dc0ae529a03cdf74aceb3540ce9 (commit)
via eeb621aa19f690971caf862290a172a115578ba1 (commit)
via 0ef70603bc983315eb0e8a97958d995a31198c35 (commit)
via 32e5dd919a61b1c245fb6a867d0ea4a71d394aca (commit)
via a24d0c174411a32a2793c89980ca87c4f9d98bc4 (commit)
via 9d5d19cee30ac73b9fbf75308e5729857384983e (commit)
This update added new revisions after undoing existing revisions. That is
to say, the old revision is not a strict subset of the new revision. This
situation occurs when you --force push a change and generate a repository
containing something like this:
* -- * -- B -- O -- O -- O (788849d2b61cfb96c1bf3f0a33940963447fdc85)
\
N -- N -- N (a83f88823d9ddb78aa0c18181cc0ef3f943378c3)
When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a83f88823d9ddb78aa0c18181cc0ef3f943378c3
Author: Martin Hundebøll <martin at geanix.com>
Date: Tue Nov 6 11:04:16 2018 +0100
glibc: make ld-2.28.so reproducible on arm
Play the whack-a-mole game and add the .file directive to another
assembly file that otherwise shows itself in ld-2.28.so debug file,
which in turns alters the build-id of ld-2.28.so on target.
Signed-off-by: Martin Hundebøll <martin at geanix.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit bdd725d2b39fef7ea2e71b6924134e7bcd067099
Author: Matthias Schiffer <matthias.schiffer at ew.tq-group.com>
Date: Tue Nov 6 09:56:23 2018 +0100
base.bbclass: avoid 'find -ignore_readdir_race -delete'
Due to a bug in find [1], -ignore_readdir_race does not work correctly with
-delete. This can lead to spurious build failures when files disappear
while such a command is running; specifically this was seen in the case of
do_configure and do_populate_lic running concurrently for packages
with ${B} == ${WORKDIR}:
find: '.../sstate-build-populate_lic': No such file or directory
While the issue is fixed in the findutils git master, the find command of
the host system is called here, so we can't ensure that the used version
contains the fix. Many common distros have not updated to a recent enough
findutils version yet (Ubuntu 18.10 contains the fix, while 18.04 is still
affected).
Work around the issue by passing the output of find to 'rm -f' instead of
using -delete.
[1] https://savannah.gnu.org/bugs/?52981
Signed-off-by: Matthias Schiffer <matthias.schiffer at ew.tq-group.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit ee47d337dfecaf8f4fc22e6ce4629503009083ed
Author: Zhixiong Chi <zhixiong.chi at windriver.com>
Date: Mon Nov 5 22:43:41 2018 -0800
binutils: fix four CVE issues
Backport the CVE patches from the binutils upstream.
Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 37c74731f2ecfec5dce7e94e9615ad54b96997b3
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Oct 29 16:21:15 2018 +0800
go 1.9/1.11: fix textrel qa warning for non mips arch
While building go itself, the go build system does not support
to set `-buildmode=pie' from environment.
Add GOBUILDMODE to support it which make PIE executables the default
build mode, as PIE executables are required as of Yocto
But mips doesn't support -buildmode=pie, so skip the QA checking for
mips and its variants
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 55ada646a1d613696f29816c90e8ad092d7e17f6
Author: Joshua Watt <jpewhacker at gmail.com>
Date: Thu Nov 1 21:45:13 2018 -0500
pkgconfig: export variables
Export the PKG_CONFIG_PATH and PKG_CONFIG_LIBDIR variables in case the
parent shell hasn't done so.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 3f029e7f216ab68b674e1ae446e2a484d515cdad
Author: Chunrong Guo <chunrong.guo at nxp.com>
Date: Fri Nov 2 06:52:45 2018 +0000
ppce500v2: remove spe
*The PowerPC SPE support is split off to a separate powerpcspe port
Signed-off-by: Chunrong Guo <chunrong.guo at nxp.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 1c08a7deb326a76536fb40baacde2bd40a158b9f
Author: Anuj Mittal <anuj.mittal at intel.com>
Date: Fri Nov 2 14:58:52 2018 +0800
xf86-video-intel: update to latest
For changes, please see:
https://cgit.freedesktop.org/xorg/driver/xf86-video-intel/log/?qt=range&q=e4fe79cf0d9a05ee3f3a027148ef0aeb2b1b34e1...0932a6b37ba6d5c9e916a1cb6ab89c3205b81a0c
Enable sna by default and remove upstreamed patches.
Also include a patch from fedora to fix compile issues when using
qemux86 which doesn't enable sse2 leading to gcc refusing to
inline vertex_emit_2s in emit_vertex because they are defined as:
static __attribute__((always_inline)) void
vertex_emit_2s(struct sna *sna, int16_t x, int16_t y)
__attribute__((target("sse2,fpmath=sse"))) __attribute__((always_inline))
static void emit_vertex(/* omitted */)
leading to errors like:
| In file included from ../../../git/src/sna/gen4_vertex.c:34:
| ../../../git/src/sna/gen4_vertex.c: In function 'emit_vertex':
| ../../../git/src/sna/sna_render_inline.h:40:26: error: inlining failed in call to always_inline 'vertex_emit_2s': target specific option mismatch
| static force_inline void vertex_emit_2s(struct sna *sna, int16_t x, int16_t y)
| ^~~~~~~~~~~~~~
| ../../../git/src/sna/gen4_vertex.c:308:25: note: called from here
| #define OUT_VERTEX(x,y) vertex_emit_2s(sna, x,y) /* XXX assert(!too_large(x, y)); */
| ^~~~~~~~~~~~~~~~~~~~~~~~
| ../../../git/src/sna/gen4_vertex.c:360:2: note: in expansion of macro 'OUT_VERTEX'
| OUT_VERTEX(dstX, dstY);
| ^~~~~~~~~~
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 6fa303151a0c6845e7450b8be6f6a2758a04439c
Author: Olekandr Kravchuk <dev at sashko.rv.ua>
Date: Mon Oct 8 23:05:51 2018 +0200
connman: update to 1.36
- updated connman to v1.36
- removed mainstreamed patches
- includes.patch has been rabased and transformed into git format
Signed-off-by: Oleksandr Kravchuk <dev at sashko.rv.ua>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit d335e117de9a4a6a211e96c652336aa34b10c158
Author: Armin Kuster <akuster808 at gmail.com>
Date: Wed Oct 31 07:39:58 2018 -0700
xserver-xorg: update to 1.20.3
1.20.3 fixes arm booting in testimage
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 26f029ef904b420b6b1714225cbb0ff082d0f107
Author: Bruce Ashfield <bruce.ashfield at windriver.com>
Date: Tue Oct 30 15:04:26 2018 -0400
kernel: use olddefconfig as the primary target for KERNEL_CONFIG_COMMAND
As was warned by commit 312ee68752fa [kconfig: announce removal of
oldnoconfig if used], oldnoconfig has been removed from the 4.20 kernel.
So we switch our default mode to olddefconfig.
commit fb16d8912 [kconfig: replace 'oldnoconfig' with 'olddefconfig',
and keep the old name as an alias] introduced olddefconfig in the 3.10
kernel, we shuffle oldnoconfig to the fallback target.
The fallback mode allows kernels between 3.10 and the currently listed
oldest kernel of 3.2 to continue to configure.
Signed-off-by: Bruce Ashfield <bruce.ashfield at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 095214c24c17312ab58576de37078ab3133b3ce1
Author: Armin Kuster <akuster808 at gmail.com>
Date: Wed Oct 31 07:39:59 2018 -0700
bind: update to latest LTS 9.11.5
includes:
CVE-2018-5738
drop patch for CVE-2018-5740 now included in update
see: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html
Add RECIPE_NO_UPDATE_REASON for lts
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 30707357dcd2a1e462fbd16b7f63f803f2ec6e5a
Author: Armin Kuster <akuster808 at gmail.com>
Date: Wed Oct 24 01:19:46 2018 +0100
dhcp: fix issue with new bind changes
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 97aff3a44821432cae9c5e18853cd702f4a66746
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 19:08:04 2018 +0100
xf86-input-libinput: update to 0.28.1
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit a3ff5b2b4bdf7f83aa6181f8b1c2a4060257947b
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 19:46:27 2018 +0100
xkeyboard-config: update to 2.25
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 11c1b6bc23bc555c359069ad6aa0a413503eb3b8
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 18:39:17 2018 +0100
libxcb: update to 1.13.1
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 919a8f96897c1a91d9f2f56a9dfe7e1043a3fc72
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 18:02:55 2018 +0100
libx11: update to 1.6.7 and sytle cleanup
refresh Fix-hanging-issue-in-_XReply.patch
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 3b0f8baf7e3fd204463cb11c5001857c1dd40b0d
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 17:56:09 2018 +0100
libsm: update to 1.2.3
reoder things per style
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit dbb5f3967d993cc459a61e7d6a68ca543a0b3cf6
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 16:53:33 2018 +0100
openssh: Update to 7.9 primarily bug fixes
see: https://lwn.net/Articles/768991/
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 51ee85dbd6251a800f6aec12a6afb219c6a13b5e
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 16:38:55 2018 +0100
curl: update to 7.61.1
drop patch for CVE-2018-14618 now included
Notable: INTERNALS: require GnuTLS >= 2.11.3
See: https://curl.haxx.se/changes.html#7_61_0
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 3453b9c8dce58ee1ad4d8f6ffd7693c13599297e
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 16:30:48 2018 +0100
libpcre2: update to 10.32
LIC_FILES_CHKSUM changed do to typo fixes and tidies for 10.32
see: https://www.pcre.org/changelog.txt
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 2519650dcfeba38fbc2c1087e6fbca37c5158cef
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 15:55:49 2018 +0100
gnutls: update to 3.6.4
Notable change:
libgnutls: Added the final (RFC8446) version numbering of the TLS1.3 protocol.
see: https://lists.gnupg.org/pipermail/gnutls-help/2018-September/004457.html
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
--
[v2]
Fix typo in version in subject
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 4c5c77d83b7c4fa04aa5694ebea7c29cd95956e8
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sat Oct 20 15:07:23 2018 +0100
nspr: Update to 4.20
RISC-v support now included in this release so drop patch.
and refresh patches
Signed-off-by: Armin Kuster <akuster at mvista.com>
commit ee849c20f81fc40aed237141186cf62e431c33dc
Author: Fabien Lahoudere <fabien.lahoudere at collabora.com>
Date: Mon Oct 29 12:02:29 2018 +0100
archiver: Drop unwanted directories
In sources directory we can find patches/ and temp/.
The first one is filled with symbolic link unusable on another
machines.
The second contains yocto logs to create this archives and are
typically copied when 'S = "${WORKDIR}"'
Signed-off-by: Fabien Lahoudere <fabien.lahoudere at collabora.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit bec0fcf969a07ff81b2c7c7bc0aeae961e15824d
Author: Michael Halstead <mhalstead at linuxfoundation.org>
Date: Mon Nov 5 09:10:48 2018 -0800
scripts/autobuilder-worker-prereq-tests: adjust max_user_watches
Temporarily modify path to run as non-privileged user on more distros.
Change the recommended value to match what we use on the autobuilder.
Signed-off-by: Michael Halstead <mhalstead at linuxfoundation.org>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 40d47e0d08c888a5e3feae3e70012de9d8e4bc2e
Author: Kosta Zertsekel <zertsekel at gmail.com>
Date: Sun Nov 4 21:24:46 2018 +0200
Fix: chown: Use double colon for OWNER:GROUP
Rationale - excerp from `info chown`
====================================
OWNER‘:’GROUP
If the OWNER is followed by a colon and a GROUP (a group name or
numeric group ID), with no spaces between them, the group ownership
of the files is changed as well (to GROUP).
Some older scripts may still use ‘.’ in place of the ‘:’ separator.
POSIX 1003.1-2001 (*note Standards conformance::) does not require
support for that, but for backward compatibility GNU ‘chown’ supports
‘.’ so long as no ambiguity results. New scripts should avoid the use
of ‘.’ because it is not portable, and because it has undesirable
results if the entire OWNER‘.’GROUP happens to identify a user whose
name contains ‘.’.
Signed-off-by: Kosta Zertsekel <zertsekel at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit f4ce627ad3e36901614adfaa485dbbd54b269cc5
Author: Ross Burton <ross.burton at intel.com>
Date: Mon Nov 5 11:23:03 2018 +0000
wic: use explicit errno import
os.errno doesn't work in Python 3.7 and shouldn't have ever worked, so use
import errno explicitly.
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit a5a5494632d42f11d8904648749246f78edecee5
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Mon Nov 5 15:52:09 2018 +0000
oeqa/selftest: Add test for Yocto source mirror functionality/completeness
We've had a number of occasions where the Yocto Project source mirrors have not
been complete or functioning correctly. This adds a test so that if this happens
we find out out it sooner.
It also only works over http meaning we should be able to test that anyone behind
an http only proxy (no git protocol) also has functional fetches for OE-Core and
layers built by the core of the project.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 6a7cac3353c3319e963cbdcb3a03f6179a9221e9
Author: Serhey Popovych <serhe.popovych at gmail.com>
Date: Thu Nov 1 19:21:10 2018 +0200
libgpg-error: Support build for native on ppc64/ppc64le hosts
Both RHEL and SLES uses ppc64/ppc64le for powerpc 64 bit big/little
endian targets instead of powerpc64/powerpc64le in libgpg-error.
Also libgpg-error provides common target system names in form like
<arch>-unknown-linux-gnu.
Add mapping for ppc64/ppc64le targets to their libgpg-error equivalents
to fix native builds.
Cross build for arm64 tested on IBM Power 8 machine with RHEL7 for
ppc64le variant only, but should work for ppc64 as well.
Signed-off-by: Serhey Popovych <serhe.popovych at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 16840d207912d1857b2b8ed9c5ccfa8e561c36cc
Author: Serhey Popovych <serhe.popovych at gmail.com>
Date: Wed Oct 31 16:55:47 2018 +0200
v86d: Make cross compilation working on more architectures
Since commit 709c603dec19 ("v86d: Accept aarch64 as build host") we
support cross compilation on aarch64 host in addition to x86 host.
However building on hosts different than two above will fail.
Make cross compilation support more generic by checking for TARGET_ARCH
in v86d configure script with fallback to `uname -m` when not present in
environment and pass TARGET_ARCH explicitly in do_configure().
Cross build for x86 tested on IBM Power 8 machine with RHEL7. Should
work on aarch64 and rest too.
Signed-off-by: Serhey Popovych <serhe.popovych at gmail.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 52838c10c50df63b1bcdbd9163cc02109796e2eb
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Tue Oct 30 11:18:54 2018 +0000
oe-init-buildenv/base: Relax python version checks in favour of HOSTTOOLS manipulation
Several distros are now shipping "python" as python v3 contra to the original
python guidelines. This causes users confusion/pain in trying to use our tools.
We can just force "python" to "python2" within HOSTTOOLS to avoid this issue
and hide the complexity from the user.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 346dfd112b0c28d00bf17c21b55bbbf30a3e3f64
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Fri Nov 2 13:13:43 2018 +0000
oeqa/runtime/ptest: Inject results+logs into stored json results file
This allows the ptest results from ptest-runner, run in an image to be
transferred over to the resulting json results output.
Each test is given a pass/skip/fail so individual results can be monitored
and the raw log output from the ptest-runner is also dumped into the
results json file as this means after the fact debugging becomes much easier.
Currently the log output is not split up per test but that would make a good
future enhancement.
I attempted to implement this as python subTests however it failed as the
output was too confusing, subTests don't support any kind of log
output handling, subTest successes aren't logged and it was making things
far more complex than they needed to be.
We mark ptest-runner as "EXPECTEDFAILURE" since its unlikely every ptest
will pass currently and we don't want that to fail the whole image test run.
Its assumed there would be later analysis of the json output to determine
regressions. We do have to change the test runner code so that
'unexpectedsuccess' is not a failure.
Also, the test names are manipuated to remove spaces and brackets with
"_" used as a replacement and any duplicate occurrences truncated.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit bff4483b03595ef1b12396c18c6f69d756ac25e8
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Wed Oct 31 22:38:43 2018 +0000
crosssdk: Remove usage of host flags for cross-compilation
Similarlly to OE-Core rev 4b936cde58ca0a6f34092ce82640a02859110411 for
cross.sdk, BUILD_* flags can't be used as TARGET_* flags
gcc-crosssdk buils leaks config.log's through "gcc-stashed-builddir" and
TARGET_* flags to libgcc cross-build through "gcc/libgcc.mvars" file
on "gcc-stashed-builddir". This means that if BUILD_CFLAGS contains
host-specific flags like "-isystem/usr/include" libgcc build will
fail "do_qa_configure" and "do_package_qa" checks.
Remove host-related flags from TARGET_* flags for gcc-crosssdk builds.
[YOCTO #11874]
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 409ce8c6fe7f82deb3249118ec20bdaadbdf637d
Author: Richard Purdie <richard.purdie at linuxfoundation.org>
Date: Wed Oct 31 14:52:11 2018 +0000
go: Change from TARGET_ARCH to TUNE_PKGARCH
Right now go-cross is changing signatures when you change TUNE for a given
architecture. In particular this breaks layer tests like:
yocto-check-layer ../meta-yocto-bsp/ --machines qemuarm beaglebone-yocto
This changes the PN addtion to something containing the tune rather than
the arch which avoids these kinds of errors. If go-cross can be tune
independent that would be nice but currently that isn't the case.
[YOCTO #12586]
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 4f5293837b5920e55d056d019b63e09da3d169e5
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Tue Oct 30 14:32:42 2018 +0800
go-dep: disable PTEST_ENABLED for mips and mips64
The current go-dep does not compile ptest successfully on mips
and mips64. So as a workaround, disable PTEST_ENABLED explicitly
to avoid error like below.
| vet config not found
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 45f2e4cc12f3543ce644ef02c6528b24ac954869
Author: Ross Burton <ross.burton at intel.com>
Date: Mon Nov 5 11:22:58 2018 +0000
python3: add python3-venv to the python3-modules RDEPENDS
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 8801cf988b5f1e178f458858826d1ecb62bfe024
Author: Hugues Kamba <Hugues.Kamba at arm.com>
Date: Tue Oct 30 09:37:25 2018 +0000
python3: Fix python3-pyvenv run-time dependency
Pyvenv is just a small script that uses venv to create virtual
environments.
https://www.python.org/dev/peps/pep-0405/#creating-virtual-environments
This patch adds the python3-venv module as a self-contained package which
python3-pyvenv must depend on at run-time.
The patch also provides the package python3-pyvenv from the pyhton3-venv
package.This is good for future-proofing since python3-pyvenv has been
deprecated and only python3-venv is now available in Python 3.6.
https://docs.python.org/3/library/venv.html.
Without this patch python3-pyvenv is broken because it is missing the
venv module at run-time. This patch specifies the newly created
python3-venv as a run-time dependency of python3-pyvenv.
Signed-off-by: Hugues Kamba <hugues.kamba at arm.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit a3c3cdc94fe2df715392c5f2eff20e7fbddfa6e9
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Tue Oct 30 16:06:42 2018 +0800
gdbm: fix ptest failure
Some of gdbm's ptest cases require gdbmtool, which is packaged into
${PN}-bin. So extend the RDEPENDS_${PN}-ptest to include the package.
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 5030e1d84bcec3501ade305053445097ddf4ce58
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date: Sat Nov 3 10:30:29 2018 +0100
pixman: Trim license info extracted from pixman-matrix.c
Four unrelated lines were extracted from pixman-matrix.c for the
license information.
License-Update: Only extract the relevant part from pixman-matrix.c
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit c3674479a38e72db17ecb2ea3bcfc243143f06a1
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date: Sat Nov 3 10:30:28 2018 +0100
libgpg-error: Trim license info extracted from init.c & gpg-error.h.in
License-Update: Only extract relevant parts from init.c & gpg-error.h.in
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 1fe62d6519da2c6b1ee617f2535ac74956836ce0
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date: Sat Nov 3 10:30:27 2018 +0100
apr-util: Trim license info extracted from apu_version.h
Two unrelated lines were extracted from apu_version.h for the license
information.
License-Update: Only extract the relevant part from apu_version.h
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 6ec632d4e6f740fd512c6cc7b6b57086917cb393
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date: Sat Nov 3 10:30:26 2018 +0100
apr: Trim license info extracted from apr_lib.h
Two unrelated lines were extracted from apr_lib.h for the license
information.
License-Update: Only extract the relevant part from apr_lib.h
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit df1d57bc639f59b502d6a6036d26f243747e6742
Author: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Date: Sat Nov 3 10:30:25 2018 +0100
common-licenses: Correct the FreeType license text
It now matches:
http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/docs/FTL.TXT
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt at axis.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 3fbfbc35e41b1b576198ca63ee61ec47b12df042
Author: Douglas Royds <douglas.royds at taitradio.com>
Date: Mon Nov 5 18:39:41 2018 +1300
reproducible_build: Comment only: do_deploy_source_date_epoch task
Once the value of SOURCE_DATE_EPOCH is determined, it is stored in the recipe's SDE_FILE.
If none of the existing mechanisms are suitable, replace the do_deploy_source_date_epoch task
with recipe-specific functionality to write the appropriate SOURCE_DATE_EPOCH into the SDE_FILE.
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 0f0db9fc8512a0ecd0cdba3304a195cd925a5029
Author: Changqing Li <changqing.li at windriver.com>
Date: Fri Nov 2 14:07:49 2018 +0800
curl: fix for CVE-2018-16839/CVE-2018-16840/CVE-2018-16842
Signed-off-by: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 78e751e33d3ec4394d96391e737cc39cad960ebe
Author: Kai Kang <kai.kang at windriver.com>
Date: Fri Nov 2 16:02:14 2018 +0800
openssl: fix CVE-2018-0735 for 1.1.1
Backport patch to fix CVE-2018-0735 for openssl 1.1.1.
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 9d5c6a87eb72a8b8b8d417126a831565982ca9a6
Author: Kai Kang <kai.kang at windriver.com>
Date: Fri Nov 2 16:02:13 2018 +0800
openssl: fix CVE-2018-0734 for both 1.0.2p and 1.1.1
Backport patches to fix CVE-2018-0734 for both openssl 1.0.2p and 1.1.1
versions.
Signed-off-by: Kai Kang <kai.kang at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 98ab5c5770d20b39bf3c58083f31f31838f2e940
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Nov 5 16:03:37 2018 +0800
ghostscript: fix CVE-2018-18284
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving the 1Policy
operator.
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 6098c19e1f179896af7013c4b5db3081549c97bc
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Nov 5 16:03:36 2018 +0800
ghostscript: fix CVE-2018-18073
Artifex Ghostscript allows attackers to bypass a sandbox protection
mechanism by leveraging exposure of system operators in the saved
execution stack in an error object.
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 6c32ea184941d292cd8f0eb898e6cc90120ada40
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Mon Nov 5 16:03:35 2018 +0800
ghostscript: fix CVE-2018-17961
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit bd8d2c25f595e30a3fdcad8a2409913bb8af7c5c
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Fri Nov 2 17:52:51 2018 +0800
elfutils: fix CVE-2018-18520 & CVE-2018-18521 & CVE-2018-18310
These CVE fixes come from upstream master branch and no
new version released, so backport rather than upgrade.
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 777c1f8b6e20643964c304400e2d746dc2926524
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Fri Nov 2 17:52:50 2018 +0800
elfutils: 0.173 -> 0.174
- Drop backport fixes
CVE-2018-16062.patch
0001-libdw-Check-end-of-attributes-list-consistently.patch
0002-libelf-Return-error-if-elf_compress_gnu-is-used-on-S.patch
- Rebase 0008-build-Provide-alternatives-for-glibc-assumptions-hel.patch
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 024b395425c95a08c881d922c310be78ffad483a
Author: Hongxu Jia <hongxu.jia at windriver.com>
Date: Tue Oct 23 04:35:06 2018 -0400
nasm: fix CVE-2018-1000667
Since the latest nasm is 2.14rc16 (not formal release),
so backport a patch to 2.13 to fix CVE-2018-1000667.
Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 2ddb3b25ed063b47d3fe2b3e9e17b7f9d0e2a7e5
Author: Changqing Li <changqing.li at windriver.com>
Date: Fri Nov 2 14:08:57 2018 +0800
unzip: fix for CVE-2018-18384
Signed-off-by: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 5c2b164e1022c46f6bf541894429773c3dde7af2
Author: Changqing Li <changqing.li at windriver.com>
Date: Fri Nov 2 14:08:45 2018 +0800
qemu: fix for CVE-2018-10839
Signed-off-by: Changqing Li <changqing.li at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 13591d7224393dc0ae529a03cdf74aceb3540ce9
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Fri Nov 2 12:42:43 2018 +0800
systemd: fix CVE-2018-15688
Backport patch to fix the following CVE.
CVE: CVE-2018-15688
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit eeb621aa19f690971caf862290a172a115578ba1
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Fri Nov 2 12:42:42 2018 +0800
systemd: fix CVE-2018-15687
Backport patch to fix the following CVE.
CVE: CVE-2018-15687
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 0ef70603bc983315eb0e8a97958d995a31198c35
Author: Chen Qi <Qi.Chen at windriver.com>
Date: Fri Nov 2 12:42:41 2018 +0800
systemd: fix CVE-2018-15686
Backport patch to fix the following CVE.
CVE: CVE-2018-15686
Signed-off-by: Chen Qi <Qi.Chen at windriver.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
commit 32e5dd919a61b1c245fb6a867d0ea4a71d394aca
Author: Armin Kuster <akuster808 at gmail.com>
Date: Mon Oct 29 01:29:32 2018 +0000
tzdata: update to 2018g
Changes to code
When generating TZif files with leap seconds, zic no longer uses a
format that trips up older 32-bit clients, fixing a bug introduced
in 2018f. (Reported by Daniel Fischer.) Also, the zic workaround
for QTBUG-53071 now also works for TZif files with leap seconds.
The translator to rearguard format now rewrites the line
"Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
"Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S".
This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
and earlier. (Reported by Christos Zoulas.)
Changes to past time zone abbreviations
Change HDT to HWT/HPT for WWII-era abbreviations in Hawaii.
This reverts to 2011h, as the abbreviation change in 2011i was
likely inadvertent.
Changes to documentation
tzfile.5 has new sections on interoperability issues.
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit a24d0c174411a32a2793c89980ca87c4f9d98bc4
Author: Armin Kuster <akuster808 at gmail.com>
Date: Sun Oct 28 23:38:32 2018 +0000
tzcode-native: update to 2018g
Changes to code
When generating TZif files with leap seconds, zic no longer uses a
format that trips up older 32-bit clients, fixing a bug introduced
in 2018f. (Reported by Daniel Fischer.) Also, the zic workaround
for QTBUG-53071 now also works for TZif files with leap seconds.
The translator to rearguard format now rewrites the line
"Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
"Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S".
This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
and earlier. (Reported by Christos Zoulas.)
Changes to past time zone abbreviations
Change HDT to HWT/HPT for WWII-era abbreviations in Hawaii.
This reverts to 2011h, as the abbreviation change in 2011i was
likely inadvertent.
Changes to documentation
tzfile.5 has new sections on interoperability issues.
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
commit 9d5d19cee30ac73b9fbf75308e5729857384983e
Author: Armin Kuster <akuster at mvista.com>
Date: Sat Oct 20 13:00:13 2018 +0100
nss: update to 3.39 includes CVE-2018-12384
see: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39_release_notes
Signed-off-by: Armin Kuster <akuster at mvista.com>
-----------------------------------------------------------------------
Summary of changes:
meta/classes/base.bbclass | 4 +-
meta/lib/oeqa/selftest/cases/buildoptions.py | 2 +-
.../0034-inject-file-assembly-directives.patch | 13 +
meta/recipes-devtools/binutils/binutils-2.31.inc | 4 +
.../binutils/binutils/CVE-2018-18309.patch | 308 +++++++++++++++++++++
.../binutils/binutils/CVE-2018-18605.patch | 47 ++++
.../binutils/binutils/CVE-2018-18606.patch | 70 +++++
.../binutils/binutils/CVE-2018-18607.patch | 77 ++++++
meta/recipes-devtools/go/go-1.11.inc | 1 +
.../0008-use-GOBUILDMODE-to-set-buildmode.patch | 40 +++
meta/recipes-devtools/go/go-1.9.inc | 1 +
.../0011-use-GOBUILDMODE-to-set-buildmode.patch | 40 +++
meta/recipes-devtools/go/go_1.11.bb | 12 +
meta/recipes-devtools/go/go_1.9.bb | 16 +-
14 files changed, 627 insertions(+), 8 deletions(-)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-18309.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-18605.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-18606.patch
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2018-18607.patch
create mode 100644 meta/recipes-devtools/go/go-1.11/0008-use-GOBUILDMODE-to-set-buildmode.patch
create mode 100644 meta/recipes-devtools/go/go-1.9/0011-use-GOBUILDMODE-to-set-buildmode.patch
hooks/post-receive
--
More information about the yocto-security
mailing list