<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-extended, branch zeus</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=zeus</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=zeus'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2020-08-04T22:17:37+00:00</updated>
<entry>
<title>timezone: upgrade 2019c -&gt; 2020a</title>
<updated>2020-08-04T22:17:37+00:00</updated>
<author>
<name>Pierre-Jean Texier</name>
<email>pjtexier@koncepto.io</email>
</author>
<published>2020-07-08T21:07:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=da8d11016e68793f2b7c56ed9c15be1e7e46261c'/>
<id>urn:sha1:da8d11016e68793f2b7c56ed9c15be1e7e46261c</id>
<content type='text'>
See full changelog https://github.com/eggert/tz/blob/master/NEWS#L11

(From OE-Core rev: 9d74b048e3a160d7a9a20e85817e9eb3a558af63)

(From OE-Core rev: 9a75b44244b42cdd341ee38a253b2d935ae05ee1)

Signed-off-by: Pierre-Jean Texier &lt;pjtexier@koncepto.io&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Adrian Bunk &lt;bunk@stusta.de&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libpam: Remove option 'obscure' from common-password</title>
<updated>2020-07-08T09:47:50+00:00</updated>
<author>
<name>haiqing</name>
<email>haiqing.bai@windriver.com</email>
</author>
<published>2020-06-15T03:05:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a92ae31dc4f1a124fe3d722c7239796d1b37cbc3'/>
<id>urn:sha1:a92ae31dc4f1a124fe3d722c7239796d1b37cbc3</id>
<content type='text'>
libpam does not support 'obscure' checks to password,
there are the same checks in pam_cracklib module.
And this fix can remove the below error message while
updating password with 'passwd':
pam_unix(passwd:chauthtok):unrecognized option[obscure]

(From OE-Core rev: f5b90eeed7366432b39c7cd8c6ee8c23e2d4abe8)

Signed-off-by: Haiqing Bai &lt;Haiqing.Bai@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
(cherry picked from commit ea761dbac90be77797308666fe1586b05e3df824)
Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>ghostscript : fix CVE-2019-10216</title>
<updated>2020-06-02T12:32:49+00:00</updated>
<author>
<name>Lee Chee Yang</name>
<email>chee.yang.lee@intel.com</email>
</author>
<published>2020-05-18T08:20:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1cd36a832e2927027635478e9f3aa6e5a0642773'/>
<id>urn:sha1:1cd36a832e2927027635478e9f3aa6e5a0642773</id>
<content type='text'>
(From OE-Core rev: 4620180a073b721dbc91d14ab64285187bec4cb7)

Signed-off-by: Lee Chee Yang &lt;chee.yang.lee@intel.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>screen: fix CVE-2020-9366</title>
<updated>2020-03-30T16:41:56+00:00</updated>
<author>
<name>Anuj Mittal</name>
<email>anuj.mittal@intel.com</email>
</author>
<published>2020-03-20T00:54:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=bf506f4eba1b7766ffc38656f3107a130a427152'/>
<id>urn:sha1:bf506f4eba1b7766ffc38656f3107a130a427152</id>
<content type='text'>
(From OE-Core rev: 6d79a4d7545bc78ac759e575f6d15d7b23fad638)

Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libarchive: Fix CVE-2020-9308</title>
<updated>2020-03-19T09:57:51+00:00</updated>
<author>
<name>Wenlin Kang</name>
<email>wenlin.kang@windriver.com</email>
</author>
<published>2020-03-14T12:19:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=9542f3282e9b25aaa97c24715a35c47923a07ecb'/>
<id>urn:sha1:9542f3282e9b25aaa97c24715a35c47923a07ecb</id>
<content type='text'>
Fix CVE-2020-9308

(From OE-Core rev: 878817358eb7c25ffa48d10dde9475299674a96c)

Signed-off-by: Wenlin Kang &lt;wenlin.kang@windriver.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>Revert "bash: Fix CVE-2019-18276"</title>
<updated>2020-02-19T18:53:19+00:00</updated>
<author>
<name>Anuj Mittal</name>
<email>anuj.mittal@intel.com</email>
</author>
<published>2020-02-19T02:45:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=5e1f52edb7a9f790fb6cb5d96502f3690267c1b1'/>
<id>urn:sha1:5e1f52edb7a9f790fb6cb5d96502f3690267c1b1</id>
<content type='text'>
This reverts commit 09e695246d30ef9b73e743e0130e710e19793d14.

This isn't a Backport as indicated in patch and not all the changes in
this change are relevant to the CVE. Revert and wait for the fix
to be available upstream.

(From OE-Core rev: f39285bb82e68945a81034b84da09ca1078d6719)

Signed-off-by: Anuj Mittal &lt;anuj.mittal@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>sudo: specify where target tools are</title>
<updated>2020-02-11T23:05:13+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@intel.com</email>
</author>
<published>2020-02-07T14:29:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=5737722432ce26d961c3fb556651056aedb34526'/>
<id>urn:sha1:5737722432ce26d961c3fb556651056aedb34526</id>
<content type='text'>
sudo uses AC_PATH_PROG to find target paths, which means at best
potential host-contamination (and reproducible issues) and at worst it
thinks sh is at /your/build/path/hosttools/sh.

Solve this by explicitly passing the correct paths to configure.

(From OE-Core rev: 61650dd8498a093f3bfa93202c9cd2e9a7fb7834)

(From OE-Core rev: 6e809474ab686fba6924d8b46fd0b9eab5c66c06)

(From OE-Core rev: 232430bdee74bb266ded6ccf2fb3842caad06181)

Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>iputils: Fix build determinism</title>
<updated>2020-02-11T23:05:13+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2020-02-06T23:34:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=b7138f18b616b27ee7c4850f2ee09a76a56415dd'/>
<id>urn:sha1:b7138f18b616b27ee7c4850f2ee09a76a56415dd</id>
<content type='text'>
The suid/setcap code depends on whether setcap is on the host system or not
with suid as a fallback. Disable this functionality to be deterministic.

(From OE-Core rev: 8b00ec484fb851c301f13145e17707c0167feab1)

(From OE-Core rev: 3997c47dea49d583fd48cb03f83c007f61d2cb35)

(From OE-Core rev: 46f9c48dc11928ace672e9a3dea7c01d29cf3f04)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libidn2: Fix reproducibility issue</title>
<updated>2020-02-11T23:05:12+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2020-02-05T15:55:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d3d7b1b2d01f1e66dbaeddfa1652de72adcaa2ad'/>
<id>urn:sha1:d3d7b1b2d01f1e66dbaeddfa1652de72adcaa2ad</id>
<content type='text'>
The previous tweak for reproducibility didn't handle the duplicate
whitepace left behind, fix this.

[YOCTO #13771]

(From OE-Core rev: 0392fcbdc85180581ce7392212808ebb822cc2e8)

(From OE-Core rev: ca213de432d8d9d715ef09e17cea2aa1e6666e91)

(From OE-Core rev: 77be3238269de636199f9e1e40133711b7440cb4)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tar: Fix build determinism, disable rsh</title>
<updated>2020-02-11T23:05:12+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2020-02-05T15:37:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e91261050ea0e81eed84698e020bc492ed0030ca'/>
<id>urn:sha1:e91261050ea0e81eed84698e020bc492ed0030ca</id>
<content type='text'>
rsh is insecure and obsolete but tar will enable support if the binary is
on the host system. Some systems point it at ssh. Lets explictly disable it
for now unless someone actually needs/uses this at which point it could
become a packageconfig.

(From OE-Core rev: d14a4b0db92a9a7d1ff72a2e0faca7f1a23a0b68)

(From OE-Core rev: 6bdc5f787af46e9c849947cad06ad40aa401b767)

(From OE-Core rev: af4a284bb6fbfd8b58d10d4a5f0f10297c949912)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
