[OE-core] [PATCH 1/2] cantarell-fonts: Add recipe
1. The Cantarell font typeface is designed as a contemporary Humanist sans serif, and was developed for on-screen reading; in particular, reading web pages on an HTC Dream mobile phone. 2. Pango test case (test-layout.test) requires cantarell-font typeface. This test case uses 'Cantarell 11' font type Signed-off-by: Jagadeesh Krishnanjanappa--- .../cantarell-fonts/cantarell-fonts_git.bb | 25 ++ 1 file changed, 25 insertions(+) create mode 100644 meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb diff --git a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb new file mode 100644 index 000..f55fef1 --- /dev/null +++ b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb @@ -0,0 +1,25 @@ +SUMMARY = "Cantarell, a Humanist sans-serif font family" + +DESCRIPTION = "The Cantarell font typeface is designed as a \ + contemporary Humanist sans serif, and was developed for \ + on-screen reading; in particular, reading web pages on an \ + HTC Dream mobile phone." + +HOMEPAGE = "https://git.gnome.org/browse/cantarell-fonts/; +SECTION = "fonts" +LICENSE = "OFL-1.1" +LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d" + +PV = "0.0.18.1+git${SRCPV}" +PR = "r0" + +SRCREV = "3e954528d06de1c7e5ba8ebf8b0cca9c68faa0c4" +SRC_URI = "git://git.gnome.org/cantarell-fonts;protocol=git;branch=master" + +S = "${WORKDIR}/git" + +inherit autotools allarch fontcache + +PACKAGECONFIG ??= "" +PACKAGECONFIG[fontforge] = "--enable-source-rebuild=yes,--enable-source-rebuild=no,fontforge-native" +FILES_${PN} = "${datadir}/fonts ${datadir}/fontconfig" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/2] pango: make ${PN}-ptest RDEPENDS on cantarell-fonts
Pango test case (test-layout.test) requires cantarell-font typeface. This test case uses 'Cantarell 11' font type. Test result after this change on qemux86: -- snip -- root@qemux86:/usr/lib/pango/ptest# ./run-ptest Running test: pango/testboundaries_ucd.test /text/break/grapheme: Testing /usr/lib/pango/installed-tests/pango/GraphemeBreakTest.txt. OK /text/break/word: /usr/lib/pango/installed-tests/pango/WordBreakTest.txt not found. Skipping test. OK /text/break/sentence: /usr/lib/pango/installed-tests/pango/SentenceBreakTest.txt not found. Skipping test. OK /text/break/line: /usr/lib/pango/installed-tests/pango/LineBreakTest.txt not found. Skipping test. OK PASS: pango/testboundaries_ucd.test Running test: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test Executing: pango/test-pangocairo-threads.test PASS: pango/test-pangocairo-threads.test Running test: pango/test-layout.test /layout/valid-2.markup: OK /layout/valid-1.markup: OK PASS: pango/test-layout.test Running test: pango/markup-parse.test /markup/parse/fail-1.markup: OK /markup/parse/valid-3.markup: OK /markup/parse/valid-2.markup: OK /markup/parse/valid-1.markup: OK /markup/parse/valid-4.markup: OK PASS: pango/markup-parse.test Running test: pango/test-ot-tags.test /tags/script: OK /tags/language: OK PASS: pango/test-ot-tags.test Running test: pango/testiter.test /layout/iter: OK /layout/glyphitem-iter: OK PASS: pango/testiter.test Running test: pango/testcolor.test /color/parse: OK PASS: pango/testcolor.test Running test: pango/cxx-test.test PASS: pango/cxx-test.test Running test: pango/testboundaries.test /text/boundaries: sample file: /usr/lib/pango/installed-tests/pango/boundaries.utf8 testboundaries passed OK PASS: pango/testboundaries.test Running test: pango/testscript.test /script/iter: OK PASS: pango/testscript.test Running test: pango/testattributes.test /attributes/basic: OK /attributes/equal: OK /attributes/list/basic: OK /attributes/list/change: OK /attributes/list/splice: OK /attributes/list/filter: OK /attributes/iter/basic: OK /attributes/iter/get: OK /attributes/iter/get_font: OK /attributes/iter/get_attrs: OK PASS: pango/testattributes.test Running test: pango/test-font.test /pango/fontdescription/parse: OK /pango/fontdescription/roundtrip: OK PASS: pango/test-font.test SUMMARY: total=12; passed=12; skipped=0; failed=0; user=74.9s; system=1.9s; maxrss=52356 root@qemux86:/usr/lib/pango/ptest# -- CUT -- Signed-off-by: Jagadeesh Krishnanjanappa--- meta/recipes-graphics/pango/pango.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-graphics/pango/pango.inc b/meta/recipes-graphics/pango/pango.inc index 3e9c068..a2a92fe 100644 --- a/meta/recipes-graphics/pango/pango.inc +++ b/meta/recipes-graphics/pango/pango.inc @@ -42,7 +42,7 @@ do_compile_prepend () { FILES_${PN} = "${bindir}/* ${libdir}/libpango*${SOLIBS}" FILES_${PN}-dev += "${libdir}/pango/${LIBV}/modules/*.la" -RDEPENDS_${PN}-ptest += "liberation-fonts" +RDEPENDS_${PN}-ptest += "liberation-fonts cantarell-fonts" RPROVIDES_${PN} += "pango-modules pango-module-indic-lang \ pango-module-basic-fc pango-module-arabic-lang" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] pixz: Add 1.0.6
On Fri, Jan 8, 2016 at 10:22 AM, Richard Purdiewrote: > xz gives better compression results than bzip/gz but is often slower. > Using parallel compression mitigates this somewhat and is particularly > useful for the SDK. I have proposed another tool called pxz back in Sept last year http://lists.openembedded.org/pipermail/openembedded-core/2015-September/110971.html although pixz seems to be well maintained and active, would be nice to know what do people mostly use. > > Signed-off-by: Richard Purdie > > diff --git a/meta/recipes-support/pixz/pixz_1.0.6.bb > b/meta/recipes-support/pixz/pixz_1.0.6.bb > new file mode 100644 > index 000..e6e4ac2 > --- /dev/null > +++ b/meta/recipes-support/pixz/pixz_1.0.6.bb > @@ -0,0 +1,14 @@ > +SUMMARY = "Parallel, indexed xz compressor" > + > +DEPENDS = "xz libarchive" > + > +SRC_URI = > "https://github.com/vasi/pixz/releases/download/v${PV}/${BPN}-${PV}.tar.xz; > +SRC_URI[md5sum] = "f6dc5909c9a31b192f69aa397ae8df48" > +SRC_URI[sha256sum] = > "02c50746b134fa1b1aae41fcc314d7c6f1919b3d48bcdea01bf11769f83f72e8" > + > +LICENSE = "BSD-2-Clause" > +LIC_FILES_CHKSUM = "file://LICENSE;md5=5cf6d164086105f1512ccb81bfff1926" > + > +inherit autotools > + > +BBCLASSEXTEND = "native" > > > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH RFC] sstate: Switch from tgz to tar.xz for sstate
xz compresses with a better compression ratio than gz with similar speed for compression and decompression. It therefore makes sense to switch to it for the sstate objects. As an example, the gcc-cross populate_sysroot object goes from 79,509,871 to 53,031,752 bytes which is a significant improvement. Signed-off-by: Richard Purdiediff --git a/meta/classes/buildhistory.bbclass b/meta/classes/buildhistory.bbclass index 4153e58..734303c 100644 --- a/meta/classes/buildhistory.bbclass +++ b/meta/classes/buildhistory.bbclass @@ -537,7 +537,7 @@ python buildhistory_get_extra_sdkinfo() { filesizes = {} for root, _, files in os.walk('${SDK_OUTPUT}/${SDKPATH}/sstate-cache'): for fn in files: -if fn.endswith('.tgz'): +if fn.endswith('.tar.xz'): fsize = int(math.ceil(float(os.path.getsize(os.path.join(root, fn))) / 1024)) task = fn.rsplit(':', 1)[1].split('_', 1)[1].split('.')[0] origtotal = tasksizes.get(task, 0) diff --git a/meta/classes/populate_sdk_ext.bbclass b/meta/classes/populate_sdk_ext.bbclass index 3a65c07..4ff5e9e 100644 --- a/meta/classes/populate_sdk_ext.bbclass +++ b/meta/classes/populate_sdk_ext.bbclass @@ -189,7 +189,7 @@ python copy_buildsystem () { # We don't need sstate do_package files for root, dirs, files in os.walk(sstate_out): for name in files: -if name.endswith("_package.tgz"): +if name.endswith("_package.tar.xz"): f = os.path.join(root, name) os.remove(f) } diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index 9bef212..d9adf01 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -294,8 +294,8 @@ def sstate_installpkg(ss, d): oe.path.remove(dir) sstateinst = d.expand("${WORKDIR}/sstate-install-%s/" % ss['task']) -sstatefetch = d.getVar('SSTATE_PKGNAME', True) + '_' + ss['task'] + ".tgz" -sstatepkg = d.getVar('SSTATE_PKG', True) + '_' + ss['task'] + ".tgz" +sstatefetch = d.getVar('SSTATE_PKGNAME', True) + '_' + ss['task'] + ".tar.xz" +sstatepkg = d.getVar('SSTATE_PKG', True) + '_' + ss['task'] + ".tar.xz" if not os.path.exists(sstatepkg): pstaging_fetch(sstatefetch, sstatepkg, d) @@ -372,7 +372,7 @@ python sstate_hardcode_path_unpack () { def sstate_clean_cachefile(ss, d): import oe.path -sstatepkgfile = d.getVar('SSTATE_PATHSPEC', True) + "*_" + ss['task'] + ".tgz*" +sstatepkgfile = d.getVar('SSTATE_PATHSPEC', True) + "*_" + ss['task'] + ".tar.xz*" bb.note("Removing %s" % sstatepkgfile) oe.path.remove(sstatepkgfile) @@ -555,7 +555,7 @@ def sstate_package(ss, d): tmpdir = d.getVar('TMPDIR', True) sstatebuild = d.expand("${WORKDIR}/sstate-build-%s/" % ss['task']) -sstatepkg = d.getVar('SSTATE_PKG', True) + '_'+ ss['task'] + ".tgz" +sstatepkg = d.getVar('SSTATE_PKG', True) + '_'+ ss['task'] + ".tar.xz" bb.utils.remove(sstatebuild, recurse=True) bb.utils.mkdirhier(sstatebuild) bb.utils.mkdirhier(os.path.dirname(sstatepkg)) @@ -677,14 +677,14 @@ sstate_create_package () { # Need to handle empty directories if [ "$(ls -A)" ]; then set +e - tar -czf $TFILE * + tar -cJf $TFILE * ret=$? if [ $ret -ne 0 ] && [ $ret -ne 1 ]; then exit 1 fi set -e else - tar -cz --file=$TFILE --files-from=/dev/null + tar -cJ --file=$TFILE --files-from=/dev/null fi chmod 0664 $TFILE mv -f $TFILE ${SSTATE_PKG} @@ -703,7 +703,7 @@ sstate_create_package () { # Will be run from within SSTATE_INSTDIR. # sstate_unpack_package () { - tar -xmvzf ${SSTATE_PKG} + tar -xmvJf ${SSTATE_PKG} # Use "! -w ||" to return true for read only files [ ! -w ${SSTATE_PKG} ] || touch --no-dereference ${SSTATE_PKG} [ ! -w ${SSTATE_PKG}.sig ] || [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig @@ -716,7 +716,7 @@ def sstate_checkhashes(sq_fn, sq_task, sq_hash, sq_hashfn, d, siginfo=False): ret = [] missed = [] -extension = ".tgz" +extension = ".tar.xz" if siginfo: extension = extension + ".siginfo" @@ -821,11 +821,11 @@ def sstate_checkhashes(sq_fn, sq_task, sq_hash, sq_hashfn, d, siginfo=False): evdata = {'missed': [], 'found': []}; for task in missed: spec, extrapath, tname = getpathcomponents(task, d) -sstatefile = d.expand(extrapath + generate_sstatefn(spec, sq_hash[task], d) + "_" + tname + ".tgz") +sstatefile = d.expand(extrapath + generate_sstatefn(spec, sq_hash[task], d) + "_" + tname + ".tar.xz") evdata['missed'].append( (sq_fn[task], sq_task[task], sq_hash[task],
[OE-core] [RFC PATCH] bitbake.conf/sanity: Add dependency on host xz
Times change and xz is becoming the defacto compression format and utility. Adapt to the times and assume that the system provides xz. This leads into us being able to use xz for sstate instead of gzip. Signed-off-by: Richard Purdiediff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index 9f35558..ab28660 100644 --- a/meta/classes/sanity.bbclass +++ b/meta/classes/sanity.bbclass @@ -3,7 +3,7 @@ # SANITY_REQUIRED_UTILITIES ?= "patch diffstat makeinfo git bzip2 tar \ -gzip gawk chrpath wget cpio perl file" +gzip gawk chrpath wget cpio perl file xz" def bblayers_conf_file(d): return os.path.join(d.getVar('TOPDIR', True), 'conf/bblayers.conf') diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf index 371af31..4088c22 100644 --- a/meta/conf/bitbake.conf +++ b/meta/conf/bitbake.conf @@ -178,6 +178,7 @@ ASSUME_PROVIDED = "\ texinfo-native \ bash-native \ sed-native \ +xz-native \ " # gzip-native should be listed above? -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 3/4] lib/oe/rootfs: Use list_pkgs() instead of list()
Hi, I don't have the env to test the patch anymore. However, I have a question on this patch. I inline the comment in the code here, below the related lines: 2016-01-07 21:07 GMT+01:00: > From: Mariano Lopez > > This patch changes the use list_pkgs() instead of list() > from class RpmPkgsList. The change is in two functions, > image_list_installed_packages from rootfs.py and > sdk_list_installed_packages from sdk.py. > > With this change the functions calling the functions > listed above, must format the output as they required. > The formatting can be done using format_pkg_list() from > oe.utils. > > The classes calling the afected functions are changed too > with this patch, to keep the same functionality using the > new data structure. > > [YOCTO #7427] > > Signed-off-by: Mariano Lopez > --- > meta/classes/buildhistory.bbclass| 11 +++ > meta/classes/license.bbclass | 8 ++-- > meta/classes/populate_sdk_base.bbclass | 8 ++-- > meta/classes/rootfs-postcommands.bbclass | 5 +++-- > meta/lib/oe/package_manager.py | 18 ++ > meta/lib/oe/rootfs.py| 8 > meta/lib/oe/sdk.py | 8 > 7 files changed, 40 insertions(+), 26 deletions(-) > > diff --git a/meta/classes/buildhistory.bbclass > b/meta/classes/buildhistory.bbclass > index 4153e58..a2f8ac7 100644 > --- a/meta/classes/buildhistory.bbclass > +++ b/meta/classes/buildhistory.bbclass > @@ -337,18 +337,21 @@ def write_pkghistory(pkginfo, d): > def buildhistory_list_installed(d, rootfs_type="image"): > from oe.rootfs import image_list_installed_packages > from oe.sdk import sdk_list_installed_packages > +from oe.utils import format_pkg_list > > process_list = [('file', 'bh_installed_pkgs.txt'),\ > ('deps', 'bh_installed_pkgs_deps.txt')] > > +if rootfs_type == "image": > +pkgs = image_list_installed_packages(d) > +else: > +pkgs = sdk_list_installed_packages(d, rootfs_type == "sdk_target") > + > for output_type, output_file in process_list: > output_file_full = os.path.join(d.getVar('WORKDIR', True), > output_file) > > with open(output_file_full, 'w') as output: > -if rootfs_type == "image": > -output.write(image_list_installed_packages(d, > output_type)) > -else: > -output.write(sdk_list_installed_packages(d, rootfs_type > == "sdk_target", output_type)) > +output.write(format_pkg_list(pkgs, output_type)) > > python buildhistory_list_installed_image() { > buildhistory_list_installed(d) > diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass > index 6651d55..fed42ca 100644 > --- a/meta/classes/license.bbclass > +++ b/meta/classes/license.bbclass > @@ -21,8 +21,12 @@ python write_package_manifest() { > license_image_dir = d.expand('${LICENSE_DIRECTORY}/${IMAGE_NAME}') > bb.utils.mkdirhier(license_image_dir) > from oe.rootfs import image_list_installed_packages > +from oe.utils import format_pkg_list > + > +pkgs = image_list_installed_packages(d) > +output = format_pkg_list(pkgs) > open(os.path.join(license_image_dir, 'package.manifest'), > -'w+').write(image_list_installed_packages(d)) > +'w+').write(output) > } > > python write_deploy_manifest() { > @@ -38,7 +42,7 @@ python license_create_manifest() { > return 0 > > pkg_dic = {} > -for pkg in image_list_installed_packages(d).splitlines(): > +for pkg in sorted(image_list_installed_packages(d)): > pkg_info = os.path.join(d.getVar('PKGDATA_DIR', True), > 'runtime-reverse', pkg) > pkg_name = os.path.basename(os.readlink(pkg_info)) > diff --git a/meta/classes/populate_sdk_base.bbclass > b/meta/classes/populate_sdk_base.bbclass > index 23dc115..26e06a5 100644 > --- a/meta/classes/populate_sdk_base.bbclass > +++ b/meta/classes/populate_sdk_base.bbclass > @@ -62,20 +62,24 @@ SDK_TARGET_MANIFEST = > "${SDK_DEPLOY}/${TOOLCHAIN_OUTPUTNAME}.target.manifest" > SDK_HOST_MANIFEST = "${SDK_DEPLOY}/${TOOLCHAIN_OUTPUTNAME}.host.manifest" > python write_target_sdk_manifest () { > from oe.sdk import sdk_list_installed_packages > +from oe.utils import format_pkg_list > sdkmanifestdir = os.path.dirname(d.getVar("SDK_TARGET_MANIFEST", > True)) > +pkgs = sdk_list_installed_packages(d, True) > if not os.path.exists(sdkmanifestdir): > bb.utils.mkdirhier(sdkmanifestdir) > with open(d.getVar('SDK_TARGET_MANIFEST', True), 'w') as output: > -output.write(sdk_list_installed_packages(d, True, 'ver')) > +output.write(format_pkg_list(pkgs, 'ver')) > } > > python write_host_sdk_manifest () { > from oe.sdk import sdk_list_installed_packages > +from oe.utils
[OE-core] [PATCH 00/20] Dizzy-next pull request 2016-1
Please consider these changes for dizzy-next community support. The following changes since commit 6d34267e0a13e10ab91b60590b27a2b5ba3b7da6: documentation: Changed some 'intro' tags to resolve multiple mega-manual warnings. (2015-11-18 16:44:05 +) are available in the git repository at: git://git.yoctoproject.org/poky-contrib akuster/dizzy-next http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy-next Armin Kuster (2): openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565 Fixes a heap buffer overflow in glibc wscanf. Belal, Awais (1): grub2: Fix CVE-2015-8370 Chen Qi (1): image.bbclass: don't let do_rootfs depend on BUILDNAME Martin Jansa (3): fontcache: allow to pass extra parameters and environment to fc-cache texinfo: don't create dependency on INHERIT variable linux-dtb.inc: drop unused DTB_NAME variable from do_install Mike Crowe (1): allarch: Force TARGET_*FLAGS variable values Richard Purdie (2): layer.conf: Add several allarch dependency exclusions layer.conf: Add missing dependency for allarch package initramfs-framework Sergiy Kibrik (1): rsync: backport libattr checking patch Sona Sarmadi (7): libtasn1: CVE-2015-3622 grep2.19: CVE-2015-1345 libxml2: CVE-2015-7942 libxml2: CVE-2015-8035 openssl: CVE-2015-3194, CVE-2015-3195 libxml2: CVE-2015-8241 bind: CVE-2015-8000 Tudor Florea (2): glibc: use patch for CVE-2015-1781 unzip: CVE-2015-7696, CVE-2015-7697 meta/classes/allarch.bbclass | 4 + meta/classes/fontcache.bbclass | 19 +- meta/classes/image.bbclass | 2 +- meta/conf/layer.conf | 11 ++ ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 50 ++ meta/recipes-bsp/grub/grub-efi_2.00.bb | 1 + meta/recipes-bsp/grub/grub_2.00.bb | 1 + .../bind/bind/CVE-2015-8000.patch | 194 + meta/recipes-connectivity/bind/bind_9.9.5.bb | 1 + .../openssh/openssh/CVE-2015-6563.patch| 36 .../openssh/openssh/CVE-2015-6564.patch| 34 .../openssh/openssh/CVE-2015-6565.patch| 35 meta/recipes-connectivity/openssh/openssh_6.6p1.bb | 5 +- .../CVE-2015-3194-Add-PSS-parameter-check.patch| 37 ...CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch | 61 +++ .../recipes-connectivity/openssl/openssl_1.0.1p.bb | 2 + ...5-1472-wscanf-allocates-too-little-memory.patch | 108 meta/recipes-core/glibc/glibc_2.20.bb | 5 +- meta/recipes-core/libxml/libxml2.inc | 3 + .../libxml/libxml2/CVE-2015-7942.patch | 58 ++ .../libxml/libxml2/CVE-2015-8035.patch | 35 .../libxml/libxml2/CVE-2015-8241.patch | 41 + .../rsync/files/check_libattr.patch| 33 meta/recipes-devtools/rsync/rsync_3.1.0.bb | 3 +- .../grep/grep-2.19/grep2.19-CVE-2015-1345.patch| 129 ++ meta/recipes-extended/grep/grep_2.19.bb| 4 +- meta/recipes-extended/texinfo/texinfo_5.2.bb | 2 +- .../unzip/unzip/CVE-2015-7696.patch| 38 .../unzip/unzip/CVE-2015-7697.patch| 31 meta/recipes-extended/unzip/unzip_6.0.bb | 2 + meta/recipes-kernel/linux/linux-dtb.inc| 1 - .../gnutls/libtasn1/libtasn1-CVE-2015-3622.patch | 44 + meta/recipes-support/gnutls/libtasn1_4.0.bb| 1 + scripts/postinst-intercepts/update_font_cache | 4 +- 34 files changed, 1020 insertions(+), 15 deletions(-) create mode 100644 meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch create mode 100644 meta/recipes-devtools/rsync/files/check_libattr.patch create mode 100644 meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch create mode 100644
[OE-core] [PATCH 16/20] openssl: CVE-2015-3194, CVE-2015-3195
From: Sona SarmadiFixes following vulnerabilities: Certificate verify crash with missing PSS parameter (CVE-2015-3194) X509_ATTRIBUTE memory leak (CVE-2015-3195) References: https://openssl.org/news/secadv/20151203.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195 Upstream patches: CVE-2015-3194: https://git.openssl.org/?p=openssl.git;a=commit;h= d8541d7e9e63bf5f343af24644046c8d96498c17 CVE-2015-3195: https://git.openssl.org/?p=openssl.git;a=commit;h= b29ffa392e839d05171206523e84909146f7a77c Signed-off-by: Sona Sarmadi Signed-off-by: Armin Kuster --- .../CVE-2015-3194-Add-PSS-parameter-check.patch| 37 + ...CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch | 61 ++ .../recipes-connectivity/openssl/openssl_1.0.1p.bb | 2 + 3 files changed, 100 insertions(+) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch new file mode 100644 index 000..a6697ca --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch @@ -0,0 +1,37 @@ +From d8541d7e9e63bf5f343af24644046c8d96498c17 Mon Sep 17 00:00:00 2001 +From: "Dr. Stephen Henson" +Date: Fri, 2 Oct 2015 13:10:29 +0100 +Subject:Add PSS parameter check. + +Avoid seg fault by checking mgf1 parameter is not NULL. This can be +triggered during certificate verification so could be a DoS attack +against a client or a server enabling client authentication. + +Thanks to Lo??c Jonas Etienne (Qnective AG) for discovering this bug. + +CVE-2015-3194 + +Upstream-Status: Backport + +Reviewed-by: Matt Caswell +Signed-off-by: Sona Sarmadi +--- + crypto/rsa/rsa_ameth.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c +index 93e071d..c7f1148 100644 +--- a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c +@@ -279,7 +279,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, + if (pss->maskGenAlgorithm) { + ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; + if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 +-&& param->type == V_ASN1_SEQUENCE) { ++&& param && param->type == V_ASN1_SEQUENCE) { + p = param->value.sequence->data; + plen = param->value.sequence->length; + *pmaskHash = d2i_X509_ALGOR(NULL, , plen); +-- +1.9.1 + diff --git a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch new file mode 100644 index 000..be705c0 --- /dev/null +++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch @@ -0,0 +1,61 @@ +commit b29ffa392e839d05171206523e84909146f7a77c +Author: Dr. Stephen Henson +Date: Tue, 10 Nov 2015 19:03:07 + +Subject: Fix leak with ASN.1 combine. + +When parsing a combined structure pass a flag to the decode routine +so on error a pointer to the parent structure is not zeroed as +this will leak any additional components in the parent. + +This can leak memory in any application parsing PKCS#7 or CMS structures. + +CVE-2015-3195. + +Upstream-Status: Backport + +Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using +libFuzzer. + +PR#4131 + +Reviewed-by: Richard Levitte +Signed-off-by: Sona Sarmadi +--- + crypto/asn1/tasn_dec.c | 7 +-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c +index febf605..9256049 100644 +--- a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c +@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + int otag; + int ret = 0; + ASN1_VALUE **pchptr, *ptmpval; ++int combine = aclass & ASN1_TFLG_COMBINE; ++aclass &= ~ASN1_TFLG_COMBINE; + if (!pval) + return 0; + if (aux && aux->asn1_cb) +@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + auxerr: + ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); + err: +-ASN1_item_ex_free(pval, it); ++if (combine == 0) ++ASN1_item_ex_free(pval, it); + if (errtt) + ERR_add_error_data(4, "Field=", errtt->field_name, +", Type=", it->sname); +@@ -689,7 +692,7 @@ static int
[OE-core] [PATCH 03/20] rsync: backport libattr checking patch
From: Sergiy KibrikAdd check_libattr.patch to version 3.1.0 recipe, which checks and includes libattr to linker, otherwise rsync may fail to build with linker error below (as -lattr option gets omitted): [..] lib/sysxattrs.o: undefined reference to symbol 'llistxattr@@ATTR_1.0' [..]/lib/libattr.so.1: error adding symbols: DSO missing from command line Signed-off-by: Sergiy Kibrik Signed-off-by: Armin Kuster --- .../rsync/files/check_libattr.patch| 33 ++ meta/recipes-devtools/rsync/rsync_3.1.0.bb | 3 +- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-devtools/rsync/files/check_libattr.patch diff --git a/meta/recipes-devtools/rsync/files/check_libattr.patch b/meta/recipes-devtools/rsync/files/check_libattr.patch new file mode 100644 index 000..cb159fa --- /dev/null +++ b/meta/recipes-devtools/rsync/files/check_libattr.patch @@ -0,0 +1,33 @@ +From 677c6e14cc7d5f41371d5616865a5f0cfc0a273f Mon Sep 17 00:00:00 2001 +From: Wayne Davison +Date: Mon, 5 May 2014 09:25:13 -0700 +Subject: [PATCH] Check for attr lib. + +--- + configure.ac | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index c7b28c5..8e3703c 100644 +--- a/configure.ac b/configure.ac +@@ -1007,7 +1007,7 @@ else + *) + AC_MSG_RESULT(running tests:) + AC_CHECK_LIB(acl,acl_get_file) +- AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[ ++ AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[ + AC_TRY_LINK([#include + #include ], + [ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);], +@@ -1057,6 +1057,7 @@ else + AC_DEFINE(HAVE_LINUX_XATTRS, 1, [True if you have Linux xattrs]) + AC_DEFINE(SUPPORT_XATTRS, 1) + AC_DEFINE(NO_SYMLINK_USER_XATTRS, 1, [True if symlinks do not support user xattrs]) ++ AC_CHECK_LIB(attr,getxattr) + ;; + darwin*) + AC_MSG_RESULT(Using OS X xattrs) +-- +1.9.1 + diff --git a/meta/recipes-devtools/rsync/rsync_3.1.0.bb b/meta/recipes-devtools/rsync/rsync_3.1.0.bb index a4a5c10..d253fe9 100644 --- a/meta/recipes-devtools/rsync/rsync_3.1.0.bb +++ b/meta/recipes-devtools/rsync/rsync_3.1.0.bb @@ -1,7 +1,8 @@ require rsync.inc -SRC_URI += "file://acinclude.m4" +SRC_URI += "file://acinclude.m4 \ + file://check_libattr.patch" SRC_URI[md5sum] = "3be148772a33224771a8d4d2a028b132" SRC_URI[sha256sum] = "81ca23f77fc9b957eb9845a6024f41af0ff0c619b7f38576887c63fa38e2394e" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 20/20] bind: CVE-2015-8000
From: Sona SarmadiFixes a denial of service in BIND. An error in the parsing of incoming responses allows some records with an incorrect class to be accepted by BIND instead of being rejected as malformed. This can trigger a REQUIRE assertion failure when those records are subsequently cached. [YOCTO #8838] References: http://www.openwall.com/lists/oss-security/2015/12/15/14 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000 https://bugzilla.redhat.com/attachment.cgi?id=1105581 Signed-off-by: Sona Sarmadi Signed-off-by: Armin Kuster --- .../bind/bind/CVE-2015-8000.patch | 194 + meta/recipes-connectivity/bind/bind_9.9.5.bb | 1 + 2 files changed, 195 insertions(+) create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch b/meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch new file mode 100644 index 000..b8d8412 --- /dev/null +++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch @@ -0,0 +1,194 @@ +responses with a malformed class attribute can trigger an +assertion failure in db.c + +[security] +Insufficient testing when parsing a message allowed records with +an incorrect class to be be accepted, triggering a REQUIRE failure +when those records were subsequently cached. (CVE-2015-8000) [RT#4098] + +Upstream-Status: Backport + +[The patch is taken from BIND 9.9.4: +https://bugzilla.redhat.com/attachment.cgi?id=1105581] + +Signed-off-by: Sona Sarmadi +--- +diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h +index a6862fa..d999e75 100644 +--- a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h +@@ -210,6 +210,8 @@ struct dns_message { + unsigned intverify_attempted : 1; + unsigned intfree_query : 1; + unsigned intfree_saved : 1; ++ unsigned inttkey : 1; ++ unsigned intrdclass_set : 1; + + unsigned intopt_reserved; + unsigned intsig_reserved; +@@ -1374,6 +1376,15 @@ dns_message_buildopt(dns_message_t *msg, dns_rdataset_t **opt, + * \li other. + */ + ++void ++dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass); ++/*%< ++ * Set the expected class of records in the response. ++ * ++ * Requires: ++ * \li msg be a valid message with parsing intent. ++ */ ++ + ISC_LANG_ENDDECLS + + #endif /* DNS_MESSAGE_H */ +diff --git a/lib/dns/message.c b/lib/dns/message.c +index 53efc5a..73def73 100644 +--- a/lib/dns/message.c b/lib/dns/message.c +@@ -436,6 +436,8 @@ msginit(dns_message_t *m) { + m->saved.base = NULL; + m->saved.length = 0; + m->free_saved = 0; ++ m->tkey = 0; ++ m->rdclass_set = 0; + m->querytsig = NULL; + } + +@@ -1086,13 +1088,19 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, +* If this class is different than the one we already read, +* this is an error. +*/ +- if (msg->state == DNS_SECTION_ANY) { +- msg->state = DNS_SECTION_QUESTION; ++ if (msg->rdclass_set == 0) { + msg->rdclass = rdclass; ++ msg->rdclass_set = 1; + } else if (msg->rdclass != rdclass) + DO_FORMERR; + + /* ++ * Is this a TKEY query? ++ */ ++ if (rdtype == dns_rdatatype_tkey) ++ msg->tkey = 1; ++ ++ /* +* Can't ask the same question twice. +*/ + result = dns_message_find(name, rdclass, rdtype, 0, NULL); +@@ -1236,12 +1244,12 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, +* If there was no question section, we may not yet have +* established a class. Do so now. +*/ +- if (msg->state == DNS_SECTION_ANY && ++ if (msg->rdclass_set == 0 && + rdtype != dns_rdatatype_opt && /* class is UDP SIZE */ + rdtype != dns_rdatatype_tsig && /* class is ANY */ + rdtype != dns_rdatatype_tkey) { /* class is undefined */ + msg->rdclass = rdclass; +- msg->state = DNS_SECTION_QUESTION; ++ msg->rdclass_set = 1; + } + + /* +@@ -1251,7 +1259,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx, + if (msg->opcode != dns_opcode_update + && rdtype != dns_rdatatype_tsig + && rdtype != dns_rdatatype_opt +- && rdtype !=
[OE-core] [PATCH 04/20] openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565
From: Armin Kusterthree security fixes. CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM support CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable (From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f) Signed-off-by: Armin Kuster Signed-off-by: Richard Purdie Signed-off-by: Armin Kuster Conflicts: meta/recipes-connectivity/openssh/openssh_6.6p1.bb --- .../openssh/openssh/CVE-2015-6563.patch| 36 ++ .../openssh/openssh/CVE-2015-6564.patch| 34 .../openssh/openssh/CVE-2015-6565.patch| 35 + meta/recipes-connectivity/openssh/openssh_6.6p1.bb | 5 ++- 4 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch new file mode 100644 index 000..19cea41 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch @@ -0,0 +1,36 @@ +CVE-2015-6563 + +Don't resend username to PAM; it already has it. +Pointed out by Moritz Jodeit; ok dtucker@ + +Upstream-Status: Backport +https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b + +Signed-off-by: Armin Kuster + +Index: openssh-6.7p1/monitor.c +=== +--- openssh-6.7p1.orig/monitor.c openssh-6.7p1/monitor.c +@@ -1046,9 +1046,7 @@ extern KbdintDevice sshpam_device; + int + mm_answer_pam_init_ctx(int sock, Buffer *m) + { +- + debug3("%s", __func__); +- authctxt->user = buffer_get_string(m, NULL); + sshpam_ctxt = (sshpam_device.init_ctx)(authctxt); + sshpam_authok = NULL; + buffer_clear(m); +Index: openssh-6.7p1/monitor_wrap.c +=== +--- openssh-6.7p1.orig/monitor_wrap.c openssh-6.7p1/monitor_wrap.c +@@ -826,7 +826,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt) + + debug3("%s", __func__); + buffer_init(); +- buffer_put_cstring(, authctxt->user); + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, ); + debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__); + mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, ); diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch new file mode 100644 index 000..588d42d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch @@ -0,0 +1,34 @@ +CVE-2015-6564 + + set sshpam_ctxt to NULL after free + + Avoids use-after-free in monitor when privsep child is compromised. + Reported by Moritz Jodeit; ok dtucker@ + +Upstream-Status: Backport +https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7 + +Signed-off-by: Armin Kuster + +Index: openssh-6.7p1/monitor.c +=== +--- openssh-6.7p1.orig/monitor.c openssh-6.7p1/monitor.c +@@ -1128,14 +1128,16 @@ mm_answer_pam_respond(int sock, Buffer * + int + mm_answer_pam_free_ctx(int sock, Buffer *m) + { ++int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt; + + debug3("%s", __func__); + (sshpam_device.free_ctx)(sshpam_ctxt); ++sshpam_ctxt = sshpam_authok = NULL; + buffer_clear(m); + mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); + auth_method = "keyboard-interactive"; + auth_submethod = "pam"; +- return (sshpam_authok == sshpam_ctxt); ++ return r; + } + #endif + diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch new file mode 100644 index 000..42667b0 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch @@ -0,0 +1,35 @@ +CVE-2015-6565 openssh: Incorrectly set TTYs to be world-writable + +fix pty permissions; patch from Nikolay Edigaryev; ok deraadt + +Upstream-Status: Backport + +merged two changes into one. +[1] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2 +tighten permissions on pty when the "tty" group does not exist; pointed out by Corinna Vinschen; ok markus + +[2] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=6f941396b6835ad18018845f515b0c4fe20be21a +fix pty permissions; patch from
[OE-core] [PATCH 08/20] layer.conf: Add missing dependency for allarch package initramfs-framework
From: Richard PurdieSimiliarly to the other previous changes, add a missing allarch package dependency for initramfs-framework on udev. Signed-off-by: Richard Purdie Signed-off-by: Armin Kuster --- meta/conf/layer.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf index 047292d..5b47cf4 100644 --- a/meta/conf/layer.conf +++ b/meta/conf/layer.conf @@ -48,6 +48,7 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ docbook-xsl-stylesheets->perl \ initramfs-framework->busybox \ initramfs-framework->systemd \ + initramfs-framework->udev \ liberation-fonts->fontconfig \ gnome-icon-theme->librsvg \ font-alias->font-util \ -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 14/20] unzip: CVE-2015-7696, CVE-2015-7697
From: Tudor FloreaCVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password CVE-2015-7697: Fixes a denial of service with a file that never finishes unzipping References: http://www.openwall.com/lists/oss-security/2015/10/11/5 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697 Signed-off-by: Tudor Florea Signed-off-by: Sona Sarmadi Signed-off-by: Armin Kuster --- .../unzip/unzip/CVE-2015-7696.patch| 38 ++ .../unzip/unzip/CVE-2015-7697.patch| 31 ++ meta/recipes-extended/unzip/unzip_6.0.bb | 2 ++ 3 files changed, 71 insertions(+) create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch new file mode 100644 index 000..ea93823 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch @@ -0,0 +1,38 @@ +Upstream-Status: Backport +Signed-off-by: Tudor Florea + +From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001 +From: Petr Stodulka +Date: Mon, 14 Sep 2015 18:23:17 +0200 +Subject: [PATCH 1/2] upstream fix for heap overflow + +https://bugzilla.redhat.com/attachment.cgi?id=1073002 +--- + crypt.c | 12 +++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/crypt.c b/crypt.c +index 784e411..a8975f2 100644 +--- a/crypt.c b/crypt.c +@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) + GLOBAL(pInfo->encrypted) = FALSE; + defer_leftover_input(__G); + for (n = 0; n < RAND_HEAD_LEN; n++) { +-b = NEXTBYTE; ++/* 2012-11-23 SMS. (OUSPG report.) ++ * Quit early if compressed size < HEAD_LEN. The resulting ++ * error message ("unable to get password") could be improved, ++ * but it's better than trying to read nonexistent data, and ++ * then continuing with a negative G.csize. (See ++ * fileio.c:readbyte()). ++ */ ++if ((b = NEXTBYTE) == (ush)EOF) ++{ ++return PK_ERR; ++} + h[n] = (uch)b; + Trace((stdout, " (%02x)", h[n])); + } +-- +2.4.6 diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch new file mode 100644 index 000..da68988 --- /dev/null +++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch @@ -0,0 +1,31 @@ +Upstream-Status: Backport +Signed-off-by: Tudor Florea + +From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 14 Sep 2015 18:24:56 +0200 +Subject: [PATCH 2/2] fix infinite loop when extracting empty bzip2 data + +--- + extract.c | 6 ++ + 1 file changed, 6 insertions(+) + +diff --git a/extract.c b/extract.c +index 7134bfe..29db027 100644 +--- a/extract.c b/extract.c +@@ -2733,6 +2733,12 @@ __GDEF + int repeated_buf_err; + bz_stream bstrm; + ++if (G.incnt <= 0 && G.csize <= 0L) { ++/* avoid an infinite loop */ ++Trace((stderr, "UZbunzip2() got empty input\n")); ++return 2; ++} ++ + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) + if (G.redirect_slide) + wsize = G.redirect_size, redirSlide = G.redirect_buffer; +-- +2.4.6 diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb b/meta/recipes-extended/unzip/unzip_6.0.bb index e590f81..acbc837 100644 --- a/meta/recipes-extended/unzip/unzip_6.0.bb +++ b/meta/recipes-extended/unzip/unzip_6.0.bb @@ -14,6 +14,8 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz \ file://09-cve-2014-8139-crc-overflow.patch \ file://10-cve-2014-8140-test-compr-eb.patch \ file://11-cve-2014-8141-getzip64data.patch \ + file://CVE-2015-7696.patch \ + file://CVE-2015-7697.patch \ " SRC_URI[md5sum] = "62b490407489521db863b523a7f86375" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 05/20] fontcache: allow to pass extra parameters and environment to fc-cache
From: Martin Jansa* this can be useful for passing extra parameters, pass -v by default to see what's going on in do_rootfs * we need to use this for extra parameter we implemented in fontconfig: --ignore-mtime always use cache file regardless of font directory mtime because the checksum of fontcache generated in do_rootfs doesn't match with /usr/share/fonts directory as seen on target device causing fontconfig to re-create the cache when fontconfig is used for first time or worse create new cache in every user's home directory when /usr/ filesystem is read only and cache cannot be updated. Running FC_DEBUG=16 fc-cache -v on such device shows: FcCacheTimeValid dir "/usr/share/fonts" cache checksum 1441207803 dir checksum 1441206149 * my guess is that the checksum is different, because pseudo (which is unloaded when running qemuwrapper) or because some influence of running the rootfs under qemu. Signed-off-by: Martin Jansa Signed-off-by: Armin Kuster --- meta/classes/fontcache.bbclass| 19 +++ scripts/postinst-intercepts/update_font_cache | 4 ++-- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/meta/classes/fontcache.bbclass b/meta/classes/fontcache.bbclass index d122387..8ebdfc4 100644 --- a/meta/classes/fontcache.bbclass +++ b/meta/classes/fontcache.bbclass @@ -9,12 +9,23 @@ inherit qemu FONT_PACKAGES ??= "${PN}" FONT_EXTRA_RDEPENDS ?= "fontconfig-utils" FONTCONFIG_CACHE_DIR ?= "${localstatedir}/cache/fontconfig" +FONTCONFIG_CACHE_PARAMS ?= "-v" +# You can change this to e.g. FC_DEBUG=16 to debug fc-cache issues, +# something has to be set, because qemuwrapper is using this variable after -E +# multiple variables aren't allowed because for qemu they are separated +# by comma and in -n "$D" case they should be separated by space +FONTCONFIG_CACHE_ENV ?= "FC_DEBUG=1" fontcache_common() { -if [ "x$D" != "x" ] ; then - $INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} mlprefix=${MLPREFIX} bindir=${bindir} \ - libdir=${libdir} base_libdir=${base_libdir} fontconfigcachedir=${FONTCONFIG_CACHE_DIR} +if [ -n "$D" ] ; then + $INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} mlprefix=${MLPREFIX} \ + 'bindir="${bindir}"' \ + 'libdir="${libdir}"' \ + 'base_libdir="${base_libdir}"' \ + 'fontconfigcachedir="${FONTCONFIG_CACHE_DIR}"' \ + 'fontconfigcacheparams="${FONTCONFIG_CACHE_PARAMS}"' \ + 'fontconfigcacheenv="${FONTCONFIG_CACHE_ENV}"' else - fc-cache + ${FONTCONFIG_CACHE_ENV} fc-cache ${FONTCONFIG_CACHE_PARAMS} fi } diff --git a/scripts/postinst-intercepts/update_font_cache b/scripts/postinst-intercepts/update_font_cache index c8c6018..0deab3c 100644 --- a/scripts/postinst-intercepts/update_font_cache +++ b/scripts/postinst-intercepts/update_font_cache @@ -1,5 +1,5 @@ #!/bin/sh -PSEUDO_UNLOAD=1 qemuwrapper -L $D -E LD_LIBRARY_PATH=$D/${libdir}:$D/${base_libdir}\ - $D${bindir}/fc-cache --sysroot=$D +PSEUDO_UNLOAD=1 qemuwrapper -L $D -E LD_LIBRARY_PATH=$D/${libdir}:$D/${base_libdir} \ + -E ${fontconfigcacheenv} $D${bindir}/fc-cache --sysroot=$D ${fontconfigcacheparams} chown -R root:root $D${fontconfigcachedir} -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 13/20] libxml2: CVE-2015-7942
From: Sona SarmadiFixes heap-based buffer overflow in xmlParseConditionalSections(). Upstream patch: https://git.gnome.org/browse/libxml2/commit/ ?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=756456 Signed-off-by: Sona Sarmadi Signed-off-by: Tudor Florea Signed-off-by: Armin Kuster --- meta/recipes-core/libxml/libxml2.inc | 1 + .../libxml/libxml2/CVE-2015-7942.patch | 58 ++ 2 files changed, 59 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index 840a8eb..15a2421 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc @@ -23,6 +23,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://libxml-m4-use-pkgconfig.patch \ file://libxml2-CVE-2014-3660.patch \ file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ + file://CVE-2015-7942.patch \ " BINCONFIG = "${bindir}/xml2-config" diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch new file mode 100644 index 000..738ae94 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch @@ -0,0 +1,58 @@ +From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Mon, 23 Feb 2015 11:29:20 +0800 +Subject: Cleanup conditional section error handling + +For https://bugzilla.gnome.org/show_bug.cgi?id=744980 + +The error handling of Conditional Section also need to be +straightened as the structure of the document can't be +guessed on a failure there and it's better to stop parsing +as further errors are likely to be irrelevant. + +Fixes CVE-2015-7942. +Upstream-Status: Backport + +Upstream patch: +https://git.gnome.org/browse/libxml2/commit/ +?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 + +Signed-off-by: Sona Sarmadi +--- + parser.c | 6 ++ + 1 file changed, 6 insertions(+) + +diff --git a/parser.c b/parser.c +index bbe97eb..fe603ac 100644 +--- a/parser.c b/parser.c +@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { + SKIP_BLANKS; + if (RAW != '[') { + xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL); ++ xmlStopParser(ctxt); ++ return; + } else { + if (ctxt->input->id != id) { + xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY, +@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { + SKIP_BLANKS; + if (RAW != '[') { + xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL); ++ xmlStopParser(ctxt); ++ return; + } else { + if (ctxt->input->id != id) { + xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY, +@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) { + + } else { + xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL); ++ xmlStopParser(ctxt); ++ return; + } + + if (RAW == 0) +-- +cgit v0.11.2 + -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 11/20] linux-dtb.inc: drop unused DTB_NAME variable from do_install
From: Martin Jansa* this is causing do_install to depend on KERNEL_IMAGE_BASE_NAME which in some cases contains something like BUILD_NUMBER from CI, that caused do_install to be reexecuted every single time, which is very sad to be caused by unused variable. * jethro and newer don't need this change, because it's also fixed in commit 86b3f29f93e3f87903668ea317c6bd97be4cdf62 Author: Marek Vasut Date: Thu May 14 14:31:11 2015 +0200 Subject: kernel: Build DTBs early Signed-off-by: Martin Jansa Signed-off-by: Armin Kuster --- meta/recipes-kernel/linux/linux-dtb.inc | 1 - 1 file changed, 1 deletion(-) diff --git a/meta/recipes-kernel/linux/linux-dtb.inc b/meta/recipes-kernel/linux/linux-dtb.inc index 6b8f1a5..4779be2 100644 --- a/meta/recipes-kernel/linux/linux-dtb.inc +++ b/meta/recipes-kernel/linux/linux-dtb.inc @@ -13,7 +13,6 @@ do_install_append() { DTB=`basename ${DTB} | sed 's,\.dts$,.dtb,g'` fi DTB_BASE_NAME=`basename ${DTB} .dtb` - DTB_NAME=`echo ${KERNEL_IMAGE_BASE_NAME} | sed "s/${MACHINE}/${DTB_BASE_NAME}/g"` DTB_SYMLINK_NAME=`echo ${KERNEL_IMAGE_SYMLINK_NAME} | sed "s/${MACHINE}/${DTB_BASE_NAME}/g"` DTB_PATH="${B}/arch/${ARCH}/boot/dts/${DTB}" oe_runmake ${DTB} -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 09/20] allarch: Force TARGET_*FLAGS variable values
From: Mike CroweTARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may differ between MACHINEs. Since they are exported they affect task hashes even if unused which leads to multiple variants of allarch packages existing in sstate and bouncing in the sysroot when switching between MACHINEs. allarch packages shouldn't be using these variables anyway, so let's ensure they have a fixed value in order to avoid this problem. (Compare with 05a70ac30b37cab0952f1b9df501993a9dec70da and 14f4d016fef9d660da1e7e91aec4a0e807de59ab.) Signed-off-by: Mike Crowe Signed-off-by: Ross Burton Signed-off-by: Armin Kuster --- meta/classes/allarch.bbclass | 4 1 file changed, 4 insertions(+) diff --git a/meta/classes/allarch.bbclass b/meta/classes/allarch.bbclass index 4bc9927..6f63f9d 100644 --- a/meta/classes/allarch.bbclass +++ b/meta/classes/allarch.bbclass @@ -27,6 +27,10 @@ python () { d.setVar("PACKAGE_EXTRA_ARCHS", "") d.setVar("SDK_ARCH", "none") d.setVar("SDK_CC_ARCH", "none") +d.setVar("TARGET_CPPFLAGS", "none") +d.setVar("TARGET_CFLAGS", "none") +d.setVar("TARGET_CXXFLAGS", "none") +d.setVar("TARGET_LDFLAGS", "none") # Avoid this being unnecessarily different due to nuances of # the target machine that aren't important for "all" arch -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 17/20] libxml2: CVE-2015-8241
From: Sona SarmadiUpstream bug (contains reproducer): https://bugzilla.gnome.org/show_bug.cgi?id=756263 Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id= ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Signed-off-by: Tudor Florea Signed-off-by: Sona Sarmadi Signed-off-by: Armin Kuster --- meta/recipes-core/libxml/libxml2.inc | 1 + .../libxml/libxml2/CVE-2015-8241.patch | 41 ++ 2 files changed, 42 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index d5e263b..2dafeb4 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc @@ -25,6 +25,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ file://CVE-2015-7942.patch \ file://CVE-2015-8035.patch \ + file://CVE-2015-8241.patch \ " BINCONFIG = "${bindir}/xml2-config" diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch new file mode 100644 index 000..98b30f0 --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch @@ -0,0 +1,41 @@ +From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001 +From: Hugh Davenport +Date: Tue, 3 Nov 2015 20:40:49 +0800 +Subject: Avoid extra processing of MarkupDecl when EOF + +For https://bugzilla.gnome.org/show_bug.cgi?id=756263 + +One place where ctxt->instate == XML_PARSER_EOF whic was set up +by entity detection issues doesn't get noticed, and even overrided + +Fixes CVE-2015-8241. + +Upstream-Status: Backport + +Signed-off-by: Sona Sarmadi +--- + parser.c | 8 + 1 file changed, 8 insertions(+) + +diff --git a/parser.c b/parser.c +index d67b300..134afe7 100644 +--- a/parser.c b/parser.c +@@ -6972,6 +6972,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt) { + xmlParsePI(ctxt); + } + } ++ ++/* ++ * detect requirement to exit there and act accordingly ++ * and avoid having instate overriden later on ++ */ ++if (ctxt->instate == XML_PARSER_EOF) ++return; ++ + /* + * This is only for internal subset. On external entities, + * the replacement is done before parsing stage +-- +cgit v0.11.2 + -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 07/20] layer.conf: Add several allarch dependency exclusions
From: Richard PurdieThese are dependencies that our allarch packages have in OE-Core that cause those allarch packages to rebuild every time MACHINE changes. With these changes, OE-Core allarch packages all have a common sstate signatures and no longer rebuild. (From OE-Core rev: 63bff90fa4fb4a95e8c79f9f8e5dd90ae1dfc69d) Signed-off-by: Richard Purdie Signed-off-by: Armin Kuster --- meta/conf/layer.conf | 10 ++ 1 file changed, 10 insertions(+) diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf index de96548..047292d 100644 --- a/meta/conf/layer.conf +++ b/meta/conf/layer.conf @@ -43,5 +43,15 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \ gcc-cross-${TARGET_ARCH}->musl \ gcc-cross-${TARGET_ARCH}->uclibc \ gcc-cross-${TARGET_ARCH}->linux-libc-headers \ + ppp-dialin->ppp \ + resolvconf->bash \ + docbook-xsl-stylesheets->perl \ + initramfs-framework->busybox \ + initramfs-framework->systemd \ + liberation-fonts->fontconfig \ + gnome-icon-theme->librsvg \ + font-alias->font-util \ + weston-init->weston \ + weston-init->kbd \ " -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 02/20] grep2.19: CVE-2015-1345
From: Sona SarmadiFixes heap-based buffer overflow flaw in grep. Affected versions are: grep 2.19 through 2.21 Removed THANKS.in changes from upstream patch since this file does not exist in version 2.19. Replaced tab with spaces in SRC_URI as well. Upstream fix: http://git.sv.gnu.org/cgit/grep.git/commit/?id= 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Signed-off-by: Sona Sarmadi Signed-off-by: Armin Kuster --- .../grep/grep-2.19/grep2.19-CVE-2015-1345.patch| 129 + meta/recipes-extended/grep/grep_2.19.bb| 4 +- 2 files changed, 132 insertions(+), 1 deletion(-) create mode 100644 meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch diff --git a/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch b/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch new file mode 100644 index 000..32846f5 --- /dev/null +++ b/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch @@ -0,0 +1,129 @@ +From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001 +From: Yuliy Pisetsky +Date: Thu, 01 Jan 2015 23:36:55 + +Subject: grep -F: fix a heap buffer (read) overrun + +grep's read buffer is often filled to its full size, except when +reading the final buffer of a file. In that case, the number of +bytes read may be far less than the size of the buffer. However, for +certain unusual pattern/text combinations, grep -F would mistakenly +examine bytes in that uninitialized region of memory when searching +for a match. With carefully chosen inputs, one can cause grep -F to +read beyond the end of that buffer altogether. This problem arose via +commit v2.18-90-g73893ff with the introduction of a more efficient +heuristic using what is now the memchr_kwset function. The use of +that function in bmexec_trans could leave TP much larger than EP, +and the subsequent call to bm_delta2_search would mistakenly access +beyond end of the main input read buffer. + +* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP, +do not call bm_delta2_search. +* tests/kwset-abuse: New file. +* tests/Makefile.am (TESTS): Add it. +* NEWS (Bug fixes): Mention it. + +Prior to this patch, this command would trigger a UMR: + + printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0) + + Use of uninitialised value of size 8 + at 0x4142BE: bmexec_trans (kwset.c:657) + by 0x4143CA: bmexec (kwset.c:678) + by 0x414973: kwsexec (kwset.c:848) + by 0x414DC4: Fexecute (kwsearch.c:128) + by 0x404E2E: grepbuf (grep.c:1238) + by 0x4054BF: grep (grep.c:1417) + by 0x405CEB: grepdesc (grep.c:1645) + by 0x405EC1: grep_command_line_arg (grep.c:1692) + by 0x4077D4: main (grep.c:2570) + +See the accompanying test for how to trigger the heap buffer overrun. + +Thanks to Nima Aghdaii for testing and finding numerous +ways to break early iterations of this patch. + +Fixes CVE-2015-1345. +Upstream-Status: Backport + +--- +diff --git a/NEWS b/NEWS +index 975440d..3835d8d 100644 +--- a/NEWS b/NEWS +@@ -2,6 +2,11 @@ GNU grep NEWS-*- outline -*- + + * Noteworthy changes in release ?.? (-??-??) [?] + ++** Bug fixes ++ ++ grep no longer reads from uninitialized memory or from beyond the end ++ of the heap-allocated input buffer. ++ + + * Noteworthy changes in release 2.21 (2014-11-23) [stable] + +diff --git a/src/kwset.c b/src/kwset.c +index 4003c8d..376f7c3 100644 +--- a/src/kwset.c b/src/kwset.c +@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size) + if (! tp) + return -1; + tp++; ++if (ep <= tp) ++ break; + } + } + } +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 2cba2cd..0508cd2 100644 +--- a/tests/Makefile.am b/tests/Makefile.am +@@ -75,6 +75,7 @@ TESTS = \ + inconsistent-range \ + invalid-multibyte-infloop \ + khadafy \ ++ kwset-abuse \ + long-line-vs-2GiB-read \ + match-lines \ + max-count-overread \ +diff --git a/tests/kwset-abuse b/tests/kwset-abuse +new file mode 100755 +index 000..6d8ec0c +--- a/dev/null b/tests/kwset-abuse +@@ -0,0 +1,32 @@ ++#! /bin/sh ++# Evoke a segfault in a hard-to-reach code path of kwset.c. ++# This bug affected grep versions 2.19 through 2.21. ++# ++# Copyright (C) 2015 Free Software Foundation, Inc. ++# ++# This program is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the
[OE-core] [PATCH 01/20] libtasn1: CVE-2015-3622
From: Sona Sarmadi_asn1_extract_der_octet: prevent past of boundary access References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622 http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch; h=f979435823a02f842c41d49cd41cc81f25b5d677 Signed-off-by: Sona Sarmadi Signed-off-by: Armin Kuster --- .../gnutls/libtasn1/libtasn1-CVE-2015-3622.patch | 44 ++ meta/recipes-support/gnutls/libtasn1_4.0.bb| 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch diff --git a/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch new file mode 100644 index 000..0989ef6 --- /dev/null +++ b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch @@ -0,0 +1,44 @@ +From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001 +From: Nikos Mavrogiannopoulos +Date: Mon, 20 Apr 2015 14:56:27 +0200 +Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access + +Fixes CVE-2015-3622. +Upstream-Status: Backport + +Reported by Hanno B??ck. +--- + lib/decoding.c |3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/lib/decoding.c b/lib/decoding.c +index 7fbd931..42ddc6b 100644 +--- a/lib/decoding.c b/lib/decoding.c +@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der, + return ASN1_DER_ERROR; + + counter = len3 + 1; ++ DECR_LEN(der_len, len3); + + if (len2 == -1) + counter_end = der_len - 2; +@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der, + + while (counter < counter_end) + { ++ DECR_LEN(der_len, 1); + len2 = asn1_get_length_der (der + counter, der_len, ); + + if (IS_ERR(len2, flags)) +@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned char *der, + len2 = 0; + } + +- DECR_LEN(der_len, 1); + counter += len2 + len3 + 1; + } + +-- +1.7.2.5 + diff --git a/meta/recipes-support/gnutls/libtasn1_4.0.bb b/meta/recipes-support/gnutls/libtasn1_4.0.bb index 289833ec..16cf4d6 100644 --- a/meta/recipes-support/gnutls/libtasn1_4.0.bb +++ b/meta/recipes-support/gnutls/libtasn1_4.0.bb @@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \ SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \ file://libtasn1_fix_for_automake_1.12.patch \ file://dont-depend-on-help2man.patch \ + file://libtasn1-CVE-2015-3622.patch \ " SRC_URI[md5sum] = "d3d2d9bce3b6668b9827a9df52635be1" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 06/20] image.bbclass: don't let do_rootfs depend on BUILDNAME
From: Chen QiBUILDNAME is set by cooker as a string of current time. Letting do_rootfs task depend on this variable gets us no benefit. Besides, letting do_rootfs task depend on this variable will cause us trouble when executing `bitbake -S none core-image-minimal'. With current code, this command gives us error complaining about the different bashhash of do_rootfs task. Signed-off-by: Chen Qi Signed-off-by: Ross Burton Signed-off-by: Martin Jansa Signed-off-by: Armin Kuster --- meta/classes/image.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass index 1c0fda7..c0f9775 100644 --- a/meta/classes/image.bbclass +++ b/meta/classes/image.bbclass @@ -94,7 +94,7 @@ def rootfs_variables(d): 'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','RM_OLD_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS','SDK_OS', 'SDK_OUTPUT','SDKPATHNATIVE','SDKTARGETSYSROOT','SDK_DIR','SDK_VENDOR','SDKIMAGE_INSTALL_COMPLEMENTARY','SDK_PACKAGE_ARCHS','SDK_OUTPUT','SDKTARGETSYSROOT','MULTILIBRE_ALLOW_REP', 'MULTILIB_TEMP_ROOTFS','MULTILIB_VARIANTS','MULTILIBS','ALL_MULTILIB_PACKAGE_ARCHS','MULTILIB_GLOBAL_VARIANTS','BAD_RECOMMENDATIONS','NO_RECOMMENDATIONS','PACKAGE_ARCHS', - 'PACKAGE_CLASSES','TARGET_VENDOR','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','BUILDNAME','USE_DEVFS', + 'PACKAGE_CLASSES','TARGET_VENDOR','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','USE_DEVFS', 'STAGING_KERNEL_DIR','COMPRESSIONTYPES'] variables.extend(command_variables(d)) variables.extend(variable_depends(d)) -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 12/20] glibc: use patch for CVE-2015-1781
From: Tudor FloreaPatch added to the repo wasn't actually considered due to a erronously way of specifying the sources. Signed-off-by: Tudor Florea Signed-off-by: Armin Kuster --- meta/recipes-core/glibc/glibc_2.20.bb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/meta/recipes-core/glibc/glibc_2.20.bb b/meta/recipes-core/glibc/glibc_2.20.bb index a0736cd..2ab4083 100644 --- a/meta/recipes-core/glibc/glibc_2.20.bb +++ b/meta/recipes-core/glibc/glibc_2.20.bb @@ -40,14 +40,12 @@ EGLIBCPATCHES = "\ # file://eglibc-install-pic-archives.patch \ # file://initgroups_keys.patch \ # -CVEPATCHES = "\ -file://CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch \ -" CVEPATCHES = "\ file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \ file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \ file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \ +file://CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch \ " LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \ file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 15/20] libxml2: CVE-2015-8035
From: Sona SarmadiFixes DoS when parsing specially crafted XML document if XZ support is enabled. References: https://bugzilla.gnome.org/show_bug.cgi?id=757466 Upstream correction: https://git.gnome.org/browse/libxml2/commit/?id= f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Signed-off-by: Tudor Florea Signed-off-by: Sona Sarmadi Signed-off-by: Armin Kuster --- meta/recipes-core/libxml/libxml2.inc | 1 + .../libxml/libxml2/CVE-2015-8035.patch | 35 ++ 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch diff --git a/meta/recipes-core/libxml/libxml2.inc b/meta/recipes-core/libxml/libxml2.inc index 15a2421..d5e263b 100644 --- a/meta/recipes-core/libxml/libxml2.inc +++ b/meta/recipes-core/libxml/libxml2.inc @@ -24,6 +24,7 @@ SRC_URI = "ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \ file://libxml2-CVE-2014-3660.patch \ file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \ file://CVE-2015-7942.patch \ + file://CVE-2015-8035.patch \ " BINCONFIG = "${bindir}/xml2-config" diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch new file mode 100644 index 000..d08693f --- /dev/null +++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch @@ -0,0 +1,35 @@ +From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001 +From: Daniel Veillard +Date: Tue, 3 Nov 2015 15:31:25 +0800 +Subject: CVE-2015-8035 Fix XZ compression support loop + +For https://bugzilla.gnome.org/show_bug.cgi?id=757466 +DoS when parsing specially crafted XML document if XZ support +is compiled in (which wasn't the case for 2.9.2 and master since +Nov 2013, fixed in next commit !) + +Upstream-Status: Backport +Signed-off-by: Sona Sarmadi + +--- + xzlib.c | 4 + 1 file changed, 4 insertions(+) + +diff --git a/xzlib.c b/xzlib.c +index 0dcb9f4..1fab546 100644 +--- a/xzlib.c b/xzlib.c +@@ -581,6 +581,10 @@ xz_decomp(xz_statep state) + xz_error(state, LZMA_DATA_ERROR, "compressed data error"); + return -1; + } ++if (ret == LZMA_PROG_ERROR) { ++xz_error(state, LZMA_PROG_ERROR, "compression error"); ++return -1; ++} + } while (strm->avail_out && ret != LZMA_STREAM_END); + + /* update available output and crc check value */ +-- +cgit v0.11.2 + -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 19/20] grub2: Fix CVE-2015-8370
From: "Belal, Awais"http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2 Signed-off-by: Awais Belal Signed-off-by: Armin Kuster --- ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 50 ++ meta/recipes-bsp/grub/grub-efi_2.00.bb | 1 + meta/recipes-bsp/grub/grub_2.00.bb | 1 + 3 files changed, 52 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch diff --git a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch new file mode 100644 index 000..9ddd7a6 --- /dev/null +++ b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch @@ -0,0 +1,50 @@ +Upstream-Status: Accepted +Signed-off-by: Awais Belal + +From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001 +From: Hector Marco-Gisbert +Date: Wed, 16 Dec 2015 04:57:18 + +Subject: Fix security issue when reading username and password + +This patch fixes two integer underflows at: + * grub-core/lib/crypto.c + * grub-core/normal/auth.c + +CVE-2015-8370 + +Signed-off-by: Hector Marco-Gisbert +Signed-off-by: Ismael Ripoll-Ripoll +Also-By: Andrey Borzenkov +--- +Index: grub-2.00/grub-core/lib/crypto.c +=== +--- grub-2.00.orig/grub-core/lib/crypto.c grub-2.00/grub-core/lib/crypto.c +@@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned + + if (key == '\b') + { +-cur_len--; ++ if (cur_len) ++cur_len--; + continue; + } + +Index: grub-2.00/grub-core/normal/auth.c +=== +--- grub-2.00.orig/grub-core/normal/auth.c grub-2.00/grub-core/normal/auth.c +@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned + + if (key == '\b') + { +-cur_len--; +-grub_printf ("\b"); ++ if (cur_len) ++ { ++ cur_len--; ++ grub_printf ("\b"); ++} + continue; + } + diff --git a/meta/recipes-bsp/grub/grub-efi_2.00.bb b/meta/recipes-bsp/grub/grub-efi_2.00.bb index 7674255..6822e7a 100644 --- a/meta/recipes-bsp/grub/grub-efi_2.00.bb +++ b/meta/recipes-bsp/grub/grub-efi_2.00.bb @@ -30,6 +30,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \ file://grub-2.00-add-oe-kernel.patch \ file://grub-efi-fix-with-glibc-2.20.patch \ file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \ + file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \ " SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c" SRC_URI[sha256sum] = "65b39a0558f8c802209c574f4d02ca263a804e8a564bc6caf1cd0fd3b3cc11e3" diff --git a/meta/recipes-bsp/grub/grub_2.00.bb b/meta/recipes-bsp/grub/grub_2.00.bb index d4df676..94b6da9 100644 --- a/meta/recipes-bsp/grub/grub_2.00.bb +++ b/meta/recipes-bsp/grub/grub_2.00.bb @@ -25,6 +25,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \ file://fix-endianness-problem.patch \ file://grub2-remove-sparc64-setup-from-x86-builds.patch \ file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \ + file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \ " SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 18/20] Fixes a heap buffer overflow in glibc wscanf.
References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472 https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html http://openwall.com/lists/oss-security/2015/02/04/1 Reference to upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit; h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06 Signed-off-by: Sona SarmadiSigned-off-by: Tudor Florea Hand applied. Signed-off-by: Armin Kuster --- ...5-1472-wscanf-allocates-too-little-memory.patch | 108 + meta/recipes-core/glibc/glibc_2.20.bb | 1 + 2 files changed, 109 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch b/meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch new file mode 100644 index 000..ab513aa --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch @@ -0,0 +1,108 @@ +CVE-2015-1472: wscanf allocates too little memory + +BZ #16618 + +Under certain conditions wscanf can allocate too little memory for the +to-be-scanned arguments and overflow the allocated buffer. The +implementation now correctly computes the required buffer size when +using malloc. + +A regression test was added to tst-sscanf. + +Upstream-Status: Backport + +The patch is from (Paul Pluzhnikov ): +[https://sourceware.org/git/?p=glibc.git;a=patch;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06] + +diff -ruN a/ChangeLog b/ChangeLog +--- a/ChangeLog2015-09-22 10:20:14.399408389 +0200 b/ChangeLog2015-09-22 10:33:07.374388595 +0200 +@@ -1,3 +1,12 @@ ++2015-02-05 Paul Pluzhnikov ++ ++ [BZ #16618] CVE-2015-1472 ++ * stdio-common/tst-sscanf.c (main): Test for buffer overflow. ++ * stdio-common/vfscanf.c (_IO_vfscanf_internal): Compute needed ++ size in bytes. Store needed elements in wpmax. Use needed size ++ in bytes for extend_alloca. ++ ++ + 2014-12-16 Florian Weimer + +[BZ #17630] +diff -ruN a/stdio-common/tst-sscanf.c b/stdio-common/tst-sscanf.c +--- a/stdio-common/tst-sscanf.c2015-09-22 10:20:09.995596201 +0200 b/stdio-common/tst-sscanf.c2015-09-22 10:21:39.211791399 +0200 +@@ -233,5 +233,38 @@ + } + } + ++ /* BZ #16618 ++ The test will segfault during SSCANF if the buffer overflow ++ is not fixed. The size of `s` is such that it forces the use ++ of malloc internally and this triggers the incorrect computation. ++ Thus the value for SIZE is arbitrariy high enough that malloc ++ is used. */ ++ { ++#define SIZE 131072 ++CHAR *s = malloc ((SIZE + 1) * sizeof (*s)); ++if (s == NULL) ++ abort (); ++for (size_t i = 0; i < SIZE; i++) ++ s[i] = L('0'); ++s[SIZE] = L('\0'); ++int i = 42; ++/* Scan multi-digit zero into `i`. */ ++if (SSCANF (s, L("%d"), ) != 1) ++ { ++ printf ("FAIL: bug16618: SSCANF did not read one input item.\n"); ++ result = 1; ++ } ++if (i != 0) ++ { ++ printf ("FAIL: bug16618: Value of `i` was not zero as expected.\n"); ++ result = 1; ++ } ++free (s); ++if (result != 1) ++ printf ("PASS: bug16618: Did not crash.\n"); ++#undef SIZE ++ } ++ ++ + return result; + } +diff -ruN a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c +--- a/stdio-common/vfscanf.c 2015-09-22 10:20:14.051423230 +0200 b/stdio-common/vfscanf.c 2015-09-22 10:21:39.215791228 +0200 +@@ -279,9 +279,10 @@ + if (__glibc_unlikely (wpsize == wpmax)) \ + { \ + CHAR_T *old = wp; \ +-size_t newsize = (UCHAR_MAX + 1 > 2 * wpmax \ +- ? UCHAR_MAX + 1 : 2 * wpmax); \ +-if (use_malloc || !__libc_use_alloca (newsize)) \ ++bool fits = __glibc_likely (wpmax <= SIZE_MAX / sizeof (CHAR_T) / 2); \ ++size_t wpneed = MAX (UCHAR_MAX + 1, 2 * wpmax); \ ++size_t newsize = fits ? wpneed * sizeof (CHAR_T) : SIZE_MAX; \ ++if (!__libc_use_alloca (newsize)) \ + { \ + wp = realloc (use_malloc ? wp : NULL, newsize); \ + if (wp == NULL) \ +@@ -293,14 +294,13 @@ + } \ + if (! use_malloc) \ + MEMCPY (wp, old, wpsize);
[OE-core] [PATCH 10/20] texinfo: don't create dependency on INHERIT variable
From: Martin Jansa* we don't want the do_package signature depending on INHERIT variable * e.g. just adding the own-mirrors causes texinfo to rebuild: # bitbake-diffsigs BUILD/sstate-diff/*/*/texinfo/*do_package.sig* basehash changed from 015df2fd8e396cc1e15622dbac843301 to 9f1d06c4f238c70a99ccb6d8da348b6a Variable INHERIT value changed from ' rm_work blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' to ' rm_work own-mirrors blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity' Signed-off-by: Martin Jansa Signed-off-by: Armin Kuster --- meta/recipes-extended/texinfo/texinfo_5.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/texinfo/texinfo_5.2.bb b/meta/recipes-extended/texinfo/texinfo_5.2.bb index cf9dcfd..3394474 100644 --- a/meta/recipes-extended/texinfo/texinfo_5.2.bb +++ b/meta/recipes-extended/texinfo/texinfo_5.2.bb @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504" PROVIDES_append_class-native = " texinfo-replacement-native" def compress_pkg(d): -if "compress_doc" in (d.getVar("INHERIT", True) or "").split(): +if bb.data.inherits_class('compress_doc', d): compress = d.getVar("DOC_COMPRESS", True) if compress == "gz": return "gzip" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 24/53] directfb: Fix build with musl
On Fri, Jan 8, 2016 at 11:43 PM, Khem Rajwrote: > On Fri, Jan 8, 2016 at 7:27 PM, Andre McCurdy wrote: >>> +diff -Naur DirectFB-1.7.6.orig/lib/direct/os/linux/glibc/mutex.h >>> DirectFB-1.7.6/lib/direct/os/linux/glibc/mutex.h >>> +--- DirectFB-1.7.6.orig/lib/direct/os/linux/glibc/mutex.h 2013-12-18 >>> 19:16:24.0 -0500 >>> DirectFB-1.7.6/lib/direct/os/linux/glibc/mutex.h 2015-07-18 >>> 16:57:47.178982835 -0400 >>> +@@ -46,7 +46,7 @@ >>> + >>> /**/ >>> + >>> + #define DIRECT_MUTEX_INITIALIZER(name){ >>> PTHREAD_MUTEX_INITIALIZER } >>> +-#define DIRECT_RECURSIVE_MUTEX_INITIALIZER(name) { >>> PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP } >>> ++#define DIRECT_RECURSIVE_MUTEX_INITIALIZER(name) { >>> PTHREAD_MUTEX_RECURSIVE } >> >> This looks completely bogus. >> >> PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP initialises a pthread_mutex_t >> structure and PTHREAD_MUTEX_RECURSIVE is an enum. You can't just >> replace one with the other. > > It indeed is bogus. I took it as a stepstone to get it compiling but > in reality what we need is a portable way to initialize recursive > mutex instead of _NP > something like using pthread_once during lock initialization. Let me > see what can be done. Please try out https://github.com/kraj/openembedded-core/commit/4104b7cdd0b58e24a926cdcf6415f3da3f48624e which should be the right fix and portable one. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 00/53] musl fixes 3
On Fri, Jan 8, 2016 at 10:34 AM, Khem Rajwrote: > On Fri, Jan 8, 2016 at 10:29 AM, Burton, Ross wrote: >> >> On 8 January 2016 at 17:43, Khem Raj wrote: >>> >>> systemd does not work with musl. I have patches in my tree to fix the >>> build but then it does not run :(. musl and systemd has different >> >> >> I wonder if we can/should raise a SkipPackage for systemd if musl is >> enabled? > > Seems good. I have updated the pull branch with 1. Fix for recursive mutex for directfb 2. Fix to skip parsing systemd for musl -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 00/53] musl fixes 3
On Fri, Jan 8, 2016 at 6:53 AM, Burton, Rosswrote: > > On 8 January 2016 at 14:00, Burton, Ross wrote: >> >> Hm, for some reason, this doesn't work for me. >> >> Lots and lots of "files installed but not packaged", all locales. eg >> /usr/lib/locale/hu/LC_MESSAGES/glib20.mo in glib-2.0. > > > So under musl the translations are being installed to /usr/lib/locale, > whereas under glibc its /usr/share/locale. This is showing some problems in > bitbake.conf: that sets localedir to ${libdir}/locale but then sets > FILES_PN-locale to ${datadir}/locale. > I have pushed a fix for this to pull branch as well here https://github.com/kraj/openembedded-core/commit/db21a7a31e9c37f7c2dd0a914599d7b3467ae2d9 > Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 24/53] directfb: Fix build with musl
On 9 January 2016 at 03:27, Andre McCurdywrote: > For patches which fix 'correctness' issues uncovered by musl maybe > it's better to apply the patches unconditionally, so they get some > test cover from non-musl builds? > > Especially true in this case - see below. > Agreed. Patches should only be applied on overrides if they negatively impact other configurations, so a strict correctness patch should always be applied whereas a patch that stubs out glibc-specific code would be applied on specific configurations. Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 00/53] musl fixes 3
On 9 January 2016 at 09:23, Khem Rajwrote: > I have pushed a fix for this to pull branch as well here > > https://github.com/kraj/openembedded-core/commit/db21a7a31e9c37f7c2dd0a914599d7b3467ae2d9 > Awesome, thanks Khem. Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core