diff options
author | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-10-14 18:06:18 +0300 |
---|---|---|
committer | Brad Bishop <bradleyb@fuzziesquirrel.com> | 2019-10-14 18:06:23 +0300 |
commit | 00ab237b1727155ac1fe8bc97ab3579439f98407 (patch) | |
tree | 343ef47048ef2f3d5a4da7e5b2301b737ae74247 /meta-openembedded/meta-oe/recipes-extended | |
parent | 3e6b296400821b1e59b416242b3c9f952710731e (diff) | |
download | openbmc-00ab237b1727155ac1fe8bc97ab3579439f98407.tar.xz |
meta-openembedded: subtree update:fd1a0c9210..1bfaa2e63a
Alex Kiernan (1):
ostree: Upgrade 2019.3 -> 2019.4
Alexander Kanavin (1):
lua: change a hard readline dependency into an optional one
Andreas Müller (5):
catfish: upgrade 1.4.9 -> 1.4.10
polkit-group-rules: Fix error in do_rootfs for rpm package-manager
jack: upgrade 1.9.12 -> 1.9.13
fluidsynth: upgrade 2.0.6 -> 2.0.7
xfce4-panel: upgrade 4.14.0 -> 4.14.1
Bartosz Golaszewski (3):
networkd-dispatcher: use distro_features_check to check for systemd
networkd-dispatcher: remove unneeded RDEPENDS
networkd-dispatcher: inherit systemd class
Changqing Li (1):
multipath-tools: upgrade 0.8.1 -> 0.8.2
Hongxu Jia (1):
lvm2: remove unsupported OPTIONS+="event_timeout" rule
Khem Raj (6):
nvme-cli: Use install-spec target
jsonrpc: Disable coverage in default build
bdwgc: Enable C++ support and Additional options for musl
a2jmidid: Fix build on risv
tinyalsa: Update to latest
packagegroup-meta-multimedia: Remove libsquish from rdeps
Martin Schwan (1):
python-waitress: Add recipes
Paul Eggleton (1):
mosquitto: update to 1.6.7
Peiran Hong (1):
tcpdump: Delete unused patch
Peter Kjellerstedt (1):
kconfig-frontends: Retrieve the Git repository from GitLab
Randy MacLeod (1):
rwmem: add DESCRIPTION since the summary is vague
Trevor Gamblin (1):
rsyslog: fix CVE-2019-17040
Zang Ruochen (7):
firewalld: upgrade 0.7.1 -> 0.7.2
fetchmail: upgrade 6.3.26 -> 6.4.1
python-asn1crypto: upgrade 0.24.0 -> 1.0.1
python-attrs: upgrade 19.1.0 -> 19.2.0
python-beautifulsoup4: upgrade 4.8.0 -> 4.8.1
python-cmd2: upgrade 0.9.17 -> 0.9.18
python-jinja2: upgrade 2.10.1 -> 2.10.3
Change-Id: Ief2d129403b43b308c19093ac63a498c8d51eb50
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
Diffstat (limited to 'meta-openembedded/meta-oe/recipes-extended')
-rw-r--r-- | meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.4.bb (renamed from meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.3.bb) | 2 | ||||
-rw-r--r-- | meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc | 2 | ||||
-rw-r--r-- | meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch | 31 | ||||
-rw-r--r-- | meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb | 1 |
4 files changed, 34 insertions, 2 deletions
diff --git a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.3.bb b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.4.bb index 1fe7dcf21..505c9fccc 100644 --- a/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.3.bb +++ b/meta-openembedded/meta-oe/recipes-extended/ostree/ostree_2019.4.bb @@ -28,7 +28,7 @@ SRC_URI = " \ file://0001-Always-enable-trivial-httpd-for-tests.patch \ file://0002-Gate-ostree-trivial-httpd-on-BUILDOPT_TRIVIAL_HTTPD.patch \ " -SRCREV = "5c1697da78ebf6250a7130b8b9e6cbfbeaa34296" +SRCREV = "9d39e7d91e8497987cad69a3fbed5c5fc91eebdc" UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+\.\d+)" diff --git a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc index 06ab10642..8ced8abe5 100644 --- a/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc +++ b/meta-openembedded/meta-oe/recipes-extended/polkit/polkit-group-rule.inc @@ -8,6 +8,6 @@ inherit useradd do_install_prepend() { install -m 700 -d ${D}${sysconfdir}/polkit-1/rules.d - chown polkitd:polkitd ${D}${sysconfdir}/polkit-1/rules.d + chown polkitd:root ${D}/${sysconfdir}/polkit-1/rules.d } USERADD_PARAM_${PN}_prepend = "--system --no-create-home --user-group --home-dir ${sysconfdir}/polkit-1 polkitd;" diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch new file mode 100644 index 000000000..b494ca687 --- /dev/null +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog/0001-Out-of-bounds-issue.patch @@ -0,0 +1,31 @@ +From b0894088b680666035a3418326e13bc99d4fed49 Mon Sep 17 00:00:00 2001 +From: Philippe Duveau <pduveau@users.noreply.github.com> +Date: Tue, 24 Sep 2019 20:45:25 +0200 +Subject: [PATCH] Out of bounds issue + +Add a new sanity check after determining the level len. +--- + contrib/pmdb2diag/pmdb2diag.c | 4 ++++ + 1 file changed, 4 insertions(+) + +Upstream-Status: Backport [https://github.com/rsyslog/rsyslog/commit/b0894088b6] +CVE: CVE-2019-17040 +Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com> +diff --git a/contrib/pmdb2diag/pmdb2diag.c b/contrib/pmdb2diag/pmdb2diag.c +index 2b5916301..5810eb4df 100644 +--- a/contrib/pmdb2diag/pmdb2diag.c ++++ b/contrib/pmdb2diag/pmdb2diag.c +@@ -134,6 +134,10 @@ CODESTARTparse2 + ABORT_FINALIZE(0); + } + ++ /* let recheck with the real level len */ ++ if(pMsg->iLenRawMsg - (int)pMsg->offAfterPRI < pInst->levelpos+lvl_len) ++ ABORT_FINALIZE(RS_RET_COULD_NOT_PARSE); ++ + DBGPRINTF("db2parse Level %d\n", pMsg->iSeverity); + + end = (char*)pMsg->pszRawMsg + pMsg->iLenRawMsg ; +-- +2.17.1 + diff --git a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb index bbb4b119a..bd0dbc1a2 100644 --- a/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb +++ b/meta-openembedded/meta-oe/recipes-extended/rsyslog/rsyslog_8.1908.0.bb @@ -23,6 +23,7 @@ SRC_URI = "http://www.rsyslog.com/download/files/download/rsyslog/${BPN}-${PV}.t file://rsyslog.logrotate \ file://use-pkgconfig-to-check-libgcrypt.patch \ file://run-ptest \ + file://0001-Out-of-bounds-issue.patch \ " SRC_URI_append_libc-musl = " \ |