mirrors/poky - poky - zepto initiative

mirror of https://git.yoctoproject.org/poky synced 2026-02-21 00:49:41 +01:00

Author	SHA1	Message	Date
Adrian Bunk	36fa7fce02	dhcp: Replace OE specific patch for compatibility with latest bind with upstream patch This also fixes a dhcp breakage noticed by Enrico Scholz. (From OE-Core rev: 5deab12cdcf1d7372634324e1fd70145ff59f9f9) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Ruslan Bilovol	458009f31a	dhcp: drop lost patch Commit 7cb42ae87ef9 "dhcp: update 4.4.1" dropped 0008-tweak-to-support-external-bind.patch from recipe, but left the patch itself in source tree. Remove this patch since nobody uses it. Cc: Armin Kuster <akuster808@gmail.com> (From OE-Core rev: 109e8420c8a4e94dccb3c83e2b0b7fc6ceb66b04) Signed-off-by: Ruslan Bilovol <ruslan.bilovol@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Armin Kuster	5f125a31e1	dhcp: fix issue with new bind changes (From OE-Core rev: d0e2babdab1625e86d0abc7fa7dab25caa73ccb6) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Armin Kuster	6518c248e6	go: update to 1.11.13, minor updates Source: golang.org MR: 99376 Type: Security Fix Disposition: Backport from golang.org ChangeID: 41576ab4a0abdebbc44f1a35a83bf04e5f2fde06 Description: https://golang.org/doc/devel/release.html go1.11.11 (released 2019/06/11) includes a fix to the crypto/x509 package. See the Go 1.11.11 milestone on our issue tracker for details. go1.11.12 (released 2019/07/08) includes fixes to the compiler and the linker. See the Go 1.11.12 milestone on our issue tracker for details. go1.11.13 (released 2019/08/13) includes security fixes to the net/http and net/url packages. See the Go 1.11.13 milestone on our issue tracker for details. Includes CVE: CVE-2019-14809 (From OE-Core rev: 6018e9755dce3eaa22a1fe691dc18546c43c9cbe) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Adrian Bunk	6eaf69d732	bind: upgrade 9.11.5 -> 9.11.5-P4 Source: OE.org MR: 99751, 99752, 99753 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/bind?h=warrior&id=5d286da0fbe1a7ded2f84eec990e49d221bdeab4 ChangeID: ce3719ea11bd03af3baeca51a22115badf84be01 Description: Bugfix-only compared to 9.11.5, mostly CVE fixes. COPYRIGHT checksum changed due to 2018 -> 2019. (From OE-Core rev: b24447b40e4988e337bdd4b5cf194df0827f9887) Signed-off-by: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Included cves: CVE-2018-5744 CVE-2018-5745 CVE-2019-6465 ] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Armin Kuster	3d3a165925	bind: update to latest LTS 9.11.5 Source: bind.org MR: 99750 Type: Security Fix Disposition: Backport from bind.org ChangeID: bca5c436229f1b8c7e8eb3e45fc6188ffdb5e224 Description: includes: CVE-2018-5738 drop patch for CVE-2018-5740 now included in update see: https://ftp.isc.org/isc/bind9/9.11.5/RELEASE-NOTES-bind-9.11.5.html Add RECIPE_NO_UPDATE_REASON for lts (From OE-Core rev: 25b2f2c6fc67eabb0e7f0b7c5ffe08c554613c10) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Also includes CVE-2018-5740] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Armin Kuster	176dc6eb01	binutils: Security fix for CVE-2019-12972 Source: git://sourceware.org / binutils-gdb.git MR: 98770 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=890f750a3b053532a4b839a2dd6243076de12031 ChangeID: 7ced6bffbe01cbeadf50177eb332eef514baa19c Description: Fixes CVE-2019-12972 (From OE-Core rev: 16f4520f5cb581eb93bd3f0e3aa1feecc5c567ba) Signed-off-by: Armin Kuster <akuster@mvista.com> [v2] forgot to refresh inc file before sending Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Armin Kuster	d39b67e491	binutils: Security fix for CVE-2019-14444 Source: git://sourceware.org / binutils-gdb.git MR: 99255 Type: Security Fix Disposition: Backport from https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e17869db99195849826eaaf5d2d0eb2cfdd7a2a7 ChangeID: 67ad4ab1ec34b941bdcfbb4f55d16176bbbd3d72 Description: Affects: <= 2.32.0 Fixes CVE-2019-14444 (From OE-Core rev: a367928942411b36a0b0bbb95055d01548430e8e) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Armin Kuster	09d46e9131	gcc: Security fix for CVE-2019-14250 Source: gcc.org MR: 99120 Type: Security Fix Disposition: Backport from https://gcc.gnu.org/viewcvs?rev=273794&root=gcc&view=rev ChangeID: 28ab763c18f1543607181cd9657f45f7752b6fcb Description: Affects < 9.2 (From OE-Core rev: 79205966072bb6179d96b3af5aabc521da83e841) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Bartosz Golaszewski	0f7e6681a8	qemu: add a patch fixing the native build on newer kernels The build fails on qemu-native if we're using kernels after commit 0768e17073dc527ccd18ed5f96ce85f9985e9115. This adds an upstream patch that fixes the issue. (From OE-Core rev: fac2d3846dadfda256e94500bdf33f546a8d1fb4) Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Refactoried for thud context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Andrii Bordunov via Openembedded-core	4e6a44598f	libcomps: fix CVE-2019-3817 (From OE-Core rev: 2cebc7faa10c7ac6f60437658702f7adce3b3a89) Signed-off-by: Kevin Weng <t-keweng@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Andrii Bordunov via Openembedded-core	9da2eb4bef	glib-2.0: fix CVE-2019-13012 (From OE-Core rev: 51f7ecf2259e1fb669cd84c5317cbd8810d731b7) Signed-off-by: Kevin Weng <t-keweng@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Andrii Bordunov via Openembedded-core	fe27c50545	dbus: fix CVE-2019-12749 (From OE-Core rev: 144363decc922ed03a584eb9b29cf9808a469d08) Signed-off-by: Kevin Weng <t-keweng@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:28 +01:00
Andrii Bordunov via Openembedded-core	1b62838428	curl: fix CVE-2018-16890 CVE-2019-3822 CVE-2019-3823 (From OE-Core rev: 75a4b4d8fb14414bbe2e38be8ccda0af94ef9b40) Signed-off-by: Kevin Weng <t-keweng@microsoft.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:27 +01:00
Anuj Mittal	20ee17a579	python3: fix CVE-2019-9740 CVE-2019-9947 is same as CVE-2019-9740 and mark it as such. See: https://bugs.python.org/issue30458 (From OE-Core rev: ad90312adabbad951f62e3bd4ad95fcc763ad0c4) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:27 +01:00
Anuj Mittal	d581f111db	patch: fix CVE-2019-13636 (From OE-Core rev: bd367f58d9d6b5f0ce213e1be36763c5a9e425b6) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:27 +01:00
Alexander Kanavin	fa4683a484	buildhistory: call a dependency parser only on actual dependency lists Previously it was also called on filelists and possibly other items which broke the parser. (From OE-Core rev: f965ecbf558b6db1959e4ba8e599d65a5c8022b2) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-10-08 22:52:27 +01:00
Armin Kuster	e694933647	bitbake: tests/fetch: Resolve fetch error in bitbake-selftest FAIL: test_wget_latest_versionstring (bb.tests.fetch.FetchLatestVersionTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/home/pokybuild/yocto-worker/oe-selftest/build/bitbake/lib/bb/tests/fetch.py", line 1229, in test_wget_latest_versionstring self.assertTrue(verstring, msg="Could not find upstream version for %s" % k[0]) AssertionError: '' is not true : Could not find upstream version for db [YOCTO #13496] The Oracle UPSTREAM_CHECK_URI used changed and does not work with logic in wget. Update UPSTREAM_CHECK_URI and UPSTREAM_CHECK_REGEX to match the ones used in the recipe. Also change the version being checked. (Bitbake rev: 8a58c3c64240c6ab14858d18e6b89febdb315311) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-09-09 09:58:09 +01:00
Scott Rifenbark	55e9d7c1e4	YP Docs: Set up the August 2019 date for 2.6.3 release. (From yocto-docs rev: 49abb21ec1728a8794c69997316a95ed0251a1e2) Signed-off-by: Scott Rifenbark <srifenbark@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-09-06 11:59:53 +01:00
Martin Jansa	dab13e1c79	bitbake: fetch2: show warning when renaming the archive with bad checksum failed * noticed on read-only sshfs premirror * it was showing the warning about renaming the file: WARNING: laser-geometry-1.6.4-r0 do_fetch: Renaming /jenkins/mjansa/sshfs/webos-ose-thud/downloads/laser_geometry-1.6.4.tar.gz to /jenkins/mjansa/sshfs/webos-ose-thud/downloads/laser_geometry-1.6.4.tar.gz_bad-checksum_1ee7479b8c5914b4ffae996945121441 and then failed because of movefile() issue with python3 (fixed in previous commit): ERROR: laser-geometry-1.6.4-r0 do_fetch: Error executing a python function in exec_python_func() autogenerated: with movefile() fixed, it let do_fetch continue and re-fetch locally with the right checksum, but still the renamed file didn't exist, because of movefile failure - add another warning when the movefile fails - for whatever reason - unfortunately movefile prints error messages with just print() so the real error is hidden only in log.do_fetch in this case: movefile: Failed to move /jenkins/mjansa/sshfs/webos-ose-thud/downloads/laser_geometry-1.6.4.tar.gz to /jenkins/mjansa/sshfs/webos-ose-thud/downloads/laser_geometry-1.6.4.tar.gz_bad-checksum_1ee7479b8c5914b4ffae996945121441 [Errno 30] Read-only file system: '/jenkins/mjansa/sshfs/webos-ose-thud/downloads/laser_geometry-1.6.4.tar.gz' -> '/jenkins/mjansa/sshfs/webos-ose-thud/downloads/laser_geometry-1.6.4.tar.gz_bad-checksum_1ee7479b8c5914b4ffae996945121441' (Bitbake rev: d36438759344caa447d9a0bf30749a0aa31d1fba) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-09-06 11:58:56 +01:00
Martin Jansa	3103c383b3	bitbake: utils: Fix movefile() exception handling with python3 * with python3 this fails with: File: 'bitbake/lib/bb/utils.py', lineno: 799, function: movefile 0795: try: 0796: os.rename(src, destpath) 0797: renamefailed = 0 0798: except Exception as e: *** 0799: if e[0] != errno.EXDEV: 0800: # Some random error. 0801: print("movefile: Failed to move", src, "to", dest, e) 0802: return None 0803: # Invalid cross-device-link 'bind' mounted or actually Cross-Device Exception: TypeError: 'OSError' object is not subscriptable (Bitbake rev: 9f92322fa8d6f1a68c0c3f4984afdf65126b51dc) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-09-06 11:58:56 +01:00
Richard Purdie	cb26830f76	build-appliance-image: Update to thud head revision (From OE-Core rev: d3d3f443039b03f1200a14bfe99f985592632018) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> thud-20.0.3 yocto-2.6.3	2019-08-01 11:58:15 +01:00
Richard Purdie	d43a86de1a	poky.conf: Bump version for 2.6.3 thud release (From meta-yocto rev: 9a1d9fd77e2dd2d324654755633e143ef7730dc5) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-08-01 11:58:07 +01:00
Anuj Mittal	d49de3810a	expat: fix CVE-2018-20843 (From OE-Core rev: aad245ea1c55f8e778ae3420c5c31e94301e7cba) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Ross Burton	9e0a120c8e	libcroco: fix CVE-2017-7961 (From OE-Core rev: 480f15850820746cecdfe0b8450b2be484c1f8f9) (From OE-Core rev: f5cf064b3c138c8a6591d34f40253e10a6f01a14) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Ovidiu Panait	e6058824bb	ghostscript: Fix 3 CVEs It was discovered that the ghostscript /invalidaccess checks fail under certain conditions. An attacker could possibly exploit this to bypass the -dSAFER protection and, for example, execute arbitrary shell commands via a specially crafted PostScript document. It was found that the superexec operator was available in the internal dictionary in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. It was found that the forceput operator could be extracted from the DefineResource method in ghostscript before 9.27. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. References: https://nvd.nist.gov/vuln/detail/CVE-2019-6116 https://www.openwall.com/lists/oss-security/2019/01/23/5 https://nvd.nist.gov/vuln/detail/CVE-2019-3835 https://nvd.nist.gov/vuln/detail/CVE-2019-3838 Upstream patches: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f1309 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9 http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e (From OE-Core rev: 12e140dfdac8456772223c816e37bd869419bb18) (From OE-Core rev: cf5d29dcac6247e8476f7af78b4e0bb129b94677) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Fix for CVE-2019-6116 is already in thud, so that has been removed] Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Anuj Mittal	885459d264	bzip2: fix CVE-2019-12900 Also include a patch to fix regression caused by it. See: https://gitlab.com/federicomenaquintero/bzip2/issues/24 (From OE-Core rev: 7c0b2d228f51aebb4415e63a07bdd645e85b09d8) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Ross Burton	d0e65410f4	libarchive: integrate security fixes Fix the following CVEs by backporting patches from upstream: - CVE-2019-1000019 - CVE-2019-1000020 - CVE-2018-1000877 - CVE-2018-1000878 - CVE-2018-1000879 - CVE-2018-1000880 (From OE-Core rev: ea251020304b9c18f31c39de867a47311b1bb46c) (From OE-Core rev: 6cba048de29dfea44e926b00e5ea91359e7cbebd) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Anuj Mittal	acd46a34c4	gstreamer1.0-plugins-base: fix CVE-2019-9928 (From OE-Core rev: 276567b6a8e4b21dc978b352b5c715d6381867b1) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Anuj Mittal	ecc1ac5b04	libsdl: CVE fixes Fixes CVE-2019-7572, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576, CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7637, CVE-2019-7638. (From OE-Core rev: 2cfcb3b0fce7e1156eb52260df4330c95d87dc17) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Alejandro del Castillo	e8cd30ba6c	OpkgPM: use --add-ignore-recommends to process BAD_RECOMMENDATIONS Currently, BAD_RECOMMENDATIONS on the opkg backed relies on editing the opkg status file (it sets BAD_RECOMMENDATIONS pkg want state to deinstalled and pinned). This is brittle, and not consistent across the different solver backends. Use new --add-ignore-recommends flag instead. (From OE-Core rev: 0d11e813ba9b4e8de9e6e5099ff85f5d914243bc) (From OE-Core rev: bfb0acb6bc6bc11e4aa2c9527916359e1a763e85) (From OE-Core rev: 13ba66338d16cc07cb0129de932f090d0edb7760) Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Alejandro del Castillo	eecc4121ad	opkg: add --ignore-recommends flag To be used for BAD_RECOMMENDATIONS feature. (From OE-Core rev: 788d97b4f8e4452cef1ba6bb3e565e1b52dbb7de) (From OE-Core rev: 85007cdb260bc77ac4ae5f914b0e3a4408606dfd) (From OE-Core rev: c60f9c47380bb53bd2b54373b72f86006edf326e) Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Backport from opkg_0.4.0.bb] Signed-off-by: Quentin Schulz <quentin.schulz@streamunlimited.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Richard Purdie	a872c96192	scripts: Remove deprecated imp module usage The imp module is deprecated, port the code over to use importlib as recently done for bb.utils as well. (From OE-Core rev: f3ba6cee5927c7475c3dc47658fa0548aec52115) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-29 23:50:43 +01:00
Robert Yang	4d63da3fad	uboot-sign.bbclass: Remove tab indentations in python code Use 4 spaces to replace a tab. (From OE-Core rev: 2bf6098ac1cbbf7ed28522b7f7dce84c8341ce00) Signed-off-by: Robert Yang <liezhi.yang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Armin Kuster	a51a3b1c82	glib: Security fix for CVE-2019-9633 Source: gnome.org MR: 98802 Type: Security Fix Disposition: Backport from `d553d92d6e` ChangeID: b73c332f27f47ddc1b1cfd7424f24778acc0c318 Description: includes supporting patch. Fixes CVE-2019-9633 (From OE-Core rev: 3ebf0fc043b6c9b6c2381dab893b54ebcb8ac13d) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Armin Kuster	e2f3997a84	qemu: Security fixes CVE-2018-20815 CVE-2019-9824 Source: qemu.org MR: 98623 Type: Security Fix Disposition: Backport from qemu.org ChangeID: 03b3f28e5860ef1cb9f58dce89f252bd7ed59f37 Description: Fixes both CVE-2018-20815 and CVE-2019-9824 (From OE-Core rev: 5c45cd09fb29d4a1ebda6153a25f16e312049c44) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Ross Burton	45e662b445	glibc: backport CVE fixes Backport the fixes for several CVEs from the 2.28 stable branch: - CVE-2016-10739 - CVE-2018-19591 (From OE-Core rev: 950a60c0e4183037a807031ddc9167b1a81a5348) Signed-off-by: Ross Burton <ross.burton@intel.com> [Dropped CVE-2019-9169 as its in my contrib already] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Ross Burton	f749c69115	lighttpd: fix CVE-2019-11072 (From OE-Core rev: 0dbd16a40a28bb75962f38c6ce450c909c22ee79) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Richard Purdie	573a935860	uninative: Update to 2.6 release The 2.6 release contains both libcrypt.so.1 and libcrypt.so.2 which fixes compatibility with recent fedora/suse releases. The difference is one is built with obsolete APIs enabled and one disabled. We now ship both in uninative for compatibility regardless of which distro a binary is built on. (From OE-Core rev: 352ab80333096df92ef0f4cd331baea98e71aa21) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Richard Purdie	59400377bb	uninative: Switch from bz2 to xz (From OE-Core rev: 29fc9210b973be68de474e75068e4c72371afe5a) (From OE-Core rev: 16785ebdc50f38ef4bc30d477a6833bdd4b541d1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Richard Purdie	594d5c20e2	yocto-uninative: Update to 2.5 release This includes libstdc++ changes from gcc 9.X. It also switches uninative from bz2 to xz compression. (From OE-Core rev: 0497623882da714cbe098a4281982b7f9ce6030f) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Armin Kuster	8e6d657a9c	qemu: Security fix for CVE-2019-12155 Source: qemu.org MR: 98382 Type: Security Fix Disposition: Backport from https://git.qemu.org/?p=qemu.git;a=commit;h=d52680fc932efb8a2f334cc6993e705ed1e31e99 ChangeID: e4e5983ec1fa489eb8a0db08d1afa0606e59dde3 Description: Fixes CVE-2019-12155 Affects: <= 4.0.0 (From OE-Core rev: 6045c57895cad301c5e3a94de740427343a08065) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Armin Kuster	a43499cf8e	Curl: Securiyt fix CVE-2019-5435 CVE-2019-5436 Source: CUrl.org MR: 98455 Type: Security Fix Disposition: Backport from https://curl.haxx.se/ ChangeID: 86b094a440ea473b114764e8d64df8142d561609 Description: Fixes CVE-2019-5435 CVE-2019-5436 (From OE-Core rev: 9d5a7dd654a17b67f5cd8a73145e5f5299bfebcc) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Armin Kuster	21188466bc	wget: Security fix for CVE-2019-5953 Source: http://git.savannah.gnu.org/cgit/wget.git MR: 89341 Type: Security Fix Disposition: Backport from http://git.savannah.gnu.org/cgit/wget.git/commit/?id=692d5c5215de0db482c252492a92fc424cc6a97c ChangeID: 1c19a2fd7ead88cc4ee92d425179d60d4635864b Description: Fixes CVE-2019-5953 Affects: < 1.20.1 (From OE-Core rev: c897b862c6cfaa341cc6155b2c9d98ea7ad02884) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Armin Kuster	f2d2148adb	glib-2.0: Security fix for CVE-2019-12450 Source: glib-2.0 MR: 98443 Type: Security Fix Disposition: Backport from `d8f8f4d637` ChangeID: 880b9b349cb8d82c7c1314a3657ec9094baba741 Description: (From OE-Core rev: 71bfb9dfdc806e0e95f1302d0d6c3c751f03bb4b) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Armin Kuster	abefff23cd	Tar: Security fix CVE-2019-0023 Source: tar.git MR: 97928 Type: Security Fix Disposition: Backport from http://git.savannah.gnu.org/cgit/tar.git/commit/?id=cb07844454d8cc9fb21f53ace75975f91185a120 ChangeID: 7aee4c0daf8ce813242fe7b872583560a32bc4e3 Description: Affects tar < 1.32 fixes CVE-2019-9923 (From OE-Core rev: fc77edc8245ab90eee1f1e857f470b6842dc256f) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Armin Kuster	e53f7d53f4	qemu: Security fix for CVE-2018-19489 Source: Qemu.org MR: 97453 Type: Security Fix Disposition: Backport from git.qemu.org/gemu.git ChangeID: a06fcb432d447cec2ed1caf112822dd1b4831ace Description: In the spirt of YP Compatible, sending change upstream. fixes CVE CVE-2018-19489 Affect < = 4.0.0 (From OE-Core rev: 249447828cd1ed13f9faf19793208b503acf0d30) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Joshua DeWeese	f381b778ae	wpa_supplicant: Changed systemd template units I goofed up the scissor line on the last attempt. Not sure how much it matters, but here it is correct this time. Here it is, updated to work with wpa-supplicant_2.6.bb. -- >8 -- https://www.freedesktop.org/software/systemd/man/systemd.unit.html#WantedBy= When building root filesystems with any of the wpa_supplicant systemd template service files enabled (current default is to have them disabled) the systemd-native-fake script would not process the line: Alias=multi-user.target.wants/wpa_supplicant@%i.service appropriately due the the use of "%i." According to the systemd documentation "WantedBy=foo.service in a service bar.service is mostly equivalent to Alias=foo.service.wants/bar.service in the same file." However, this is not really the intended purpose of install Aliases. All lines of the form: Alias=multi-user.target.wants/*%i.service Were replaced with the following lines: WantedBy=multi-user.target (From OE-Core rev: d05e98cdccbe36be8906c31249adeb0f0bc13ac5) Signed-off-by: Joshua DeWeese <jdeweese@hennypenny.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Armin Kuster	47d06b4c85	go: update to minor update 1.11.10 Source: golang.org MR: 97548, Type: Security Fix Disposition: Backport from https://github.com/golang/go/issues?q=milestone%3AGo1.11.5 ChangeID: 54377c454f038a41bf35dd447a784e3e66db6268 Description: Bug fix updates only https://golang.org/doc/devel/release.html#go1.11 Fixes: Affects <= 1.11.6 CVE-2019-6486 CVE-2019-9741 (From OE-Core rev: 4e40da53851c550f1a38eff5737d4b69c8cd0afb) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00
Khem Raj	d89c54ee99	go: Upgrade 1.11.1 -> 1.11.4 minor release Source: OpenEmbedded.org MR: 98328, 98329, 98330 Type: Security Fix Disposition: Backport from https://git.openembedded.org/openembedded-core/commit/meta/recipes-devtools/go?h=warrior&id=b964551a0d08aa921d4e0ceea2f1e28a5e83510e ChangeID: 0b4cc69c357ba14c4e7a6c7ff926cfc6f09489b2 Description: include: CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 Changes: https://golang.org/doc/devel/release.html#go1.11 (From OE-Core rev: 69964488112899371b7fd88b6e86e533d968b457) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> [Bug fix only update] Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-27 18:05:18 +01:00

1 2 3 4 5 ...

52798 Commits