[yocto-security] [OE-core CVE] branch master-next updated. 2018-10-1281-g563de8e

cve-notice at lists.openembedded.org cve-notice at lists.openembedded.org
Tue Mar 19 03:47:00 PDT 2019 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "".

The branch, master-next has been updated
  discards  41cbd4f03e0187866e0c11a6ab39607295bdb49a (commit)
  discards  2004d31ead18e750096379d142fe5e89a896ec05 (commit)
  discards  383585d5314a597ad8b5cdf48d84100e4364e8de (commit)
       via  563de8e3a07942beb60c72eb1a8072be9035a0a7 (commit)
       via  8191942fd1c758e8761ab6aef8aec6da9871a935 (commit)
       via  7a528511445165c72ba24dc1cffeaca9ce71caf5 (commit)
       via  489ece1aa90d8f76b4c1f009d837f82e38e11ba9 (commit)
       via  f24178993e7b0830510900e80e879c7f9f8e28f0 (commit)

This update added new revisions after undoing existing revisions.  That is
to say, the old revision is not a strict subset of the new revision.  This
situation occurs when you --force push a change and generate a repository
containing something like this:

 * -- * -- B -- O -- O -- O (41cbd4f03e0187866e0c11a6ab39607295bdb49a)
            \
             N -- N -- N (563de8e3a07942beb60c72eb1a8072be9035a0a7)

When this happens we assume that you've already had alert emails for all
of the O revisions, and so we here report only the revisions in the N
branch from the common base, B.

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 563de8e3a07942beb60c72eb1a8072be9035a0a7
Author: Khem Raj <raj.khem at gmail.com>
Date:   Mon Mar 18 21:41:59 2019 -0700

    gdb: Do not disable lttng-ust on risc-v
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Cc: Jonathan Rajotte-Julien <jonathan.rajotte-julien at efficios.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 8191942fd1c758e8761ab6aef8aec6da9871a935
Author: Khem Raj <raj.khem at gmail.com>
Date:   Mon Mar 18 21:41:58 2019 -0700

    packagegroup-core-tools-profile: Do not remove lttng-ust for musl and risc-v
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Cc: Jonathan Rajotte-Julien <jonathan.rajotte-julien at efficios.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 7a528511445165c72ba24dc1cffeaca9ce71caf5
Author: Khem Raj <raj.khem at gmail.com>
Date:   Mon Mar 18 21:41:57 2019 -0700

    lttng: Enable tools and modules on riscv
    
    Latest version compiles on risv64 now
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Cc: Jonathan Rajotte-Julien <jonathan.rajotte-julien at efficios.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

commit 489ece1aa90d8f76b4c1f009d837f82e38e11ba9
Author: Kai Kang <kai.kang at windriver.com>
Date:   Fri Mar 15 04:01:19 2019 -0400

    qemu: backport patches to fix cves
    
    CVE: CVE-2018-16872
    CVE: CVE-2018-20124
    CVE: CVE-2018-20125
    CVE: CVE-2018-20126
    CVE: CVE-2018-20191
    CVE: CVE-2018-20216
    
    Patches 0015-fix-CVE-2018-20124.patch and 0017-fix-CVE-2018-20126.patch
    are rebased on current source code. Others are not modified.
    
    Signed-off-by: Kai Kang <kai.kang at windriver.com>
    Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>

-----------------------------------------------------------------------

Summary of changes:
 meta/lib/oeqa/manual/toaster-managed-mode.json     | 130 ++++++++++-----------
 meta/lib/oeqa/manual/toaster-unmanaged-mode.json   |  56 ++++-----
 .../packagegroup-core-tools-profile.bb             |   3 -
 meta/recipes-devtools/gdb/gdb-common.inc           |   1 -
 .../0001-Simplify-wayland-scanner-lookup.patch     |  42 +++++++
 ...-check-for-all-linux-host_os-combinations.patch |  41 -------
 .../0002-winsys-svga-drm-Include-sys-types.h.patch |  34 ++++++
 ...t-LLVM-version-when-using-LLVM-Git-releas.patch |  44 +++++++
 ...CK_VAR-for-defining-WAYLAND_PROTOCOLS_DAT.patch |  35 ++++++
 ...d-missing-include-stddef.h-in-egldevice.h.patch |  49 ++++++++
 .../mesa/{mesa-gl_19.0.0.bb => mesa-gl_18.3.4.bb}  |   0
 meta/recipes-graphics/mesa/mesa.inc                |  59 +++++-----
 .../mesa/{mesa_19.0.0.bb => mesa_18.3.4.bb}        |  10 +-
 meta/recipes-kernel/lttng/lttng-modules_2.10.8.bb  |   2 +-
 meta/recipes-kernel/lttng/lttng-tools_2.10.6.bb    |   1 -
 15 files changed, 336 insertions(+), 171 deletions(-)
 create mode 100644 meta/recipes-graphics/mesa/files/0001-Simplify-wayland-scanner-lookup.patch
 delete mode 100644 meta/recipes-graphics/mesa/files/0001-meson.build-check-for-all-linux-host_os-combinations.patch
 create mode 100644 meta/recipes-graphics/mesa/files/0002-winsys-svga-drm-Include-sys-types.h.patch
 create mode 100644 meta/recipes-graphics/mesa/files/0003-Properly-get-LLVM-version-when-using-LLVM-Git-releas.patch
 create mode 100644 meta/recipes-graphics/mesa/files/0004-use-PKG_CHECK_VAR-for-defining-WAYLAND_PROTOCOLS_DAT.patch
 create mode 100644 meta/recipes-graphics/mesa/files/0005-egl-add-missing-include-stddef.h-in-egldevice.h.patch
 rename meta/recipes-graphics/mesa/{mesa-gl_19.0.0.bb => mesa-gl_18.3.4.bb} (100%)
 rename meta/recipes-graphics/mesa/{mesa_19.0.0.bb => mesa_18.3.4.bb} (50%)


hooks/post-receive
--

More information about the yocto-security mailing list