linux/meta-openembedded.git, branch rocko

glm: update 0.9.8.5 -> 0.9.9-a2 to fix x86_64 (sse-simd) build

2018-09-05T15:48:59+00:00

* Commit log shows many commints fixing sse e.g. [1-3]. Instead of creating a heavy patch series here let's move to the latest version tagged. * License file 'copying.txt' was removed in [4]. License information is now found in 'readme.md'. License is still MIT. [1] https://github.com/g-truc/glm/commit/8bcf9b5ae791fce37a86764b8acfd68424ac544b [2] https://github.com/g-truc/glm/commit/1bbf2dafb9f67b14507dc37e4ee885464c5ffc78 [3] https://github.com/g-truc/glm/commit/fdfd03ffaf0e312ce0bab604982f50790e71b09f [4] https://github.com/g-truc/glm/commit/a23911a5e9d8c631023c62be6f0cf0bf855ca482 Signed-off-by: Andreas Müller Signed-off-by: Armin Kuster [Fixed rocko compile issues] Signed-off-by: Armin Kuster

python-evdev: Use target header to generate ecodes.c

2018-09-05T15:29:39+00:00

ecodes.c is generated file and if we do not specify the linux input headers it happiliy defaults to /usr/include/ to look for these headers while emitting code for ecodes.c which can cause gripes when build systems kernel UAPI is different than the target kernel. Mysterious build errors or even worse runtime errors can start to appear. e.g. | evdev/ecodes.c:603:29: error: 'KEY_ROTATE_LOCK_TOGGLE' undeclared (first use in this function); did you mean 'KEY_ATTENDANT_TOGGLE'? Signed-off-by: Khem Raj Signed-off-by: Armin Kuster [Handel applied for rocko context] Signed-off-by: Armin Kuster

lftp: CVE-2018-10916

2018-09-04T14:37:56+00:00

Affects lftp <= 4.8.3 Signed-off-by: Jagadeesh Krishnanjanappa Signed-off-by: Armin Kuster

fuse: CVE-2018-10906

2018-09-04T14:36:55+00:00

* CVE-2018-10906-1: fusermount: don't feed "escaped commas" into mount options The old code permits the following behavior: $ _FUSE_COMMFD=10000 priv_strace -etrace=mount -s200 fusermount -o 'foobar=\,allow_other' mount mount("/dev/fuse", ".", "fuse", MS_NOSUID|MS_NODEV, "foobar=\\,allow_other,fd=3,rootmode=40000,user_id=1000,group_id=1000") = -1 EINVAL (Invalid argument) However, backslashes do not have any special meaning for the kernel here. As it happens, you can't abuse this because there is no FUSE mount option that takes a string value that can contain backslashes; but this is very brittle. Don't interpret "escape characters" in places where they don't work. * CVE-2018-10906-2: fusermount: refuse unknown options Blacklists are notoriously fragile; especially if the kernel wishes to add some security-critical mount option at a later date, all existing systems with older versions of fusermount installed will suddenly have a security problem. Additionally, if the kernel's option parsing became a tiny bit laxer, the blacklist could probably be bypassed. Whitelist known-harmless flags instead, even if it's slightly more inconvenient. Affects fuse < 2.9.8 and fuse < 3.2.5 Signed-off-by: Jagadeesh Krishnanjanappa Signed-off-by: Armin Kuster

apache2: CVE-2018-1333

2018-09-04T14:36:40+00:00

* fixes a race condition where aborting streams triggers an unnecessary timeout. Affects apache2 2.4.18 to 2.4.30 and apache2 2.4.33 Fixed in apache2 2.4.34 Signed-off-by: Jagadeesh Krishnanjanappa Signed-off-by: Armin Kuster

rarpd, sblim-sfcb, openct: inherit systemd unconditionally

2018-09-04T14:33:51+00:00

* the inherit was controlled by VIRTUAL-RUNTIME_init_manager and the installation of .service files by DISTRO_FEATURES and systemd was in DISTRO_FEATURES but not in VIRTUAL-RUNTIME_init_manager it was causing QA issues about unpackaged .service files ERROR: rarpd-ss981107-r0 do_package: QA Issue: rarpd: Files/directories were installed but not shipped in any package: /lib /lib/systemd /lib/systemd/system /lib/systemd/system/rarpd.service ERROR: sblim-sfcb-1.4.9-r0 do_package: QA Issue: sblim-sfcb: Files/directories were installed but not shipped in any package: /lib /lib/systemd /lib/systemd/system /lib/systemd/system/sblim-sfcb.service ERROR: sblim-sfcb-1.4.9-r0 do_package: QA Issue: sblim-sfcb: Files/directories were installed but not shipped in any package: /lib /lib/systemd /lib/systemd/system /lib/systemd/system/sblim-sfcb.service * systemd.bbclass will take care of removing /lib/systemd when systemd isn't in DISTRO_FEATURES, so we can remove both conditions Signed-off-by: Martin Jansa Signed-off-by: Armin Kuster

wireshark: update to 2.2.16

2018-07-25T22:51:47+00:00

Bug fix only updates Include security fixes: 2.2.16: wnpa-sec-2018-06 RPKI-Router infinite loop. Bug 14414. CVE-2018-7325. wnpa-sec-2018-34 BGP dissector large loop. Bug 13741. CVE-2018-14342. wnpa-sec-2018-35 ISMP dissector crash. Bug 14672. CVE-2018-14344. wnpa-sec-2018-36 Multiple dissectors could crash. Bug 14675. CVE-2018-14340. wnpa-sec-2018-37 ASN.1 BER dissector crash. Bug 14682. CVE-2018-14343. wnpa-sec-2018-38 MMSE dissector infinite loop. Bug 14738. CVE-2018-14339. wnpa-sec-2018-39 DICOM dissector crash. Bug 14742. CVE-2018-14341. wnpa-sec-2018-40 Bazaar dissector infinite loop. Bug 14841. wnpa-sec-2018-41 HTTP2 dissector crash. Bug 14869. 2.2.15: wnpa-sec-2018-25 The LDSS dissector could crash. (Bug 14615) wnpa-sec-2018-28 Multiple dissectors could consume excessive memory. (Bug 14678) wnpa-sec-2018-29 The DNS dissector could crash. (Bug 14681) wnpa-sec-2018-30 The GSM A DTAP dissector could crash. (Bug 14688) wnpa-sec-2018-31 The Q.931 dissector could crash. (Bug 14689) wnpa-sec-2018-33 Multiple dissectors could crash. (Bug 14703) 2.2.14: wnpa-sec-2018-15 The MP4 dissector could crash. (Bug 13777) wnpa-sec-2018-16 The ADB dissector could crash. (Bug 14460) wnpa-sec-2018-17 The IEEE 802.15.4 dissector could crash. (Bug 14468) wnpa-sec-2018-18 The NBAP dissector could crash. (Bug 14471) wnpa-sec-2018-19 The VLAN dissector could crash. (Bug 14469) wnpa-sec-2018-20 The LWAPP dissector could crash. (Bug 14467) wnpa-sec-2018-23 The Kerberos dissector could crash. (Bug 14576) 2.2.13: wnpa-sec-2018-05 The IEEE 802.11 dissector could crash. Bug 14442, CVE-2018-7335 wnpa-sec-2018-06 Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors (Bug 14444), along with the DICOM (Bug 14411), DMP (Bug 14408), LLTD (Bug 14419), OpenFlow (Bug 14420), RELOAD (Bug 14445), RPCoRDMA (Bug 14449), RPKI-Router (Bug 14414), S7COMM (Bug 14423), SCCP (Bug 14413), Thread (Bug 14428), Thrift (Bug 14379), USB (Bug 14421), and WCCP (Bug 14412) dissectors were susceptible. wnpa-sec-2018-07 The UMTS MAC dissector could crash. Bug 14339, CVE-2018-7334 wnpa-sec-2018-09 The FCP dissector could crash. Bug 14374, CVE-2018-7336 wnpa-sec-2018-10 The SIGCOMP dissector could crash. Bug 14398, CVE-2018-7320 wnpa-sec-2018-11 The pcapng file parser could crash. Bug 14403, CVE-2018-7420 wnpa-sec-2018-12 The IPMI dissector could crash. Bug 14409, CVE-2018-7417 wnpa-sec-2018-13 The SIGCOMP dissector could crash. Bug 14410, CVE-2018-7418 wnpa-sec-2018-14 The NBAP disssector could crash. Bug 14443, CVE-2018-7419 Signed-off-by: Armin Kuster

protobuf: Fix fetcher failure for rocko.

2018-06-07T13:43:47+00:00

The 3.4.x branch disappered from the github repo. Remviing the branch entry from SRC_URI allows the fetch to succeed. Rocko is the only release that has this issue. Sumo and later have 3.5.x. Signed-off-by: Philip Balister Acked-by: Denys Dmytriyenko Signed-off-by: Armin Kuster

python3-asn1crypto: add support for Python 3

2018-06-07T13:43:47+00:00

python-asn1crypto.inc already available and used by the Python 2 version. Signed-off-by: Ricardo Salveti Signed-off-by: Martin Jansa Signed-off-by: Armin Kuster

wireshark: Update Package to 2.2.12

2018-06-07T13:43:47+00:00

Includes: wnpa-sec-2018-01, Multiple dissectors could crash. (Bug 14253) CVE-2018-5336 wnpa-sec-2018-02, The MRDISC dissector could crash. (Bug 14299, Bug 13707) CVE-2017-17997 wnpa-sec-2018-03, The IxVeriWave file parser could crash. (Bug 14297) CVE-2018-5334 wnpa-sec-2018-04, The WCP dissector could crash. (Bug 14251) CVE-2018-5335 Full release notes: https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html Signed-off-by: Armin Kuster