[OE-core] [PATCH 1/2] cantarell-fonts: Add recipe

[Jagadeesh Krishnanjanappa]

1. The Cantarell font typeface is designed as a
   contemporary Humanist sans serif, and was developed for 
   on-screen reading; in particular, reading web pages on an
   HTC Dream mobile phone.

2. Pango test case (test-layout.test) requires cantarell-font
   typeface. This test case uses 'Cantarell 11' font type

Signed-off-by: Jagadeesh Krishnanjanappa 
---
 .../cantarell-fonts/cantarell-fonts_git.bb | 25 ++
 1 file changed, 25 insertions(+)
 create mode 100644 meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb

diff --git a/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb 
b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb
new file mode 100644
index 000..f55fef1
--- /dev/null
+++ b/meta/recipes-graphics/cantarell-fonts/cantarell-fonts_git.bb
@@ -0,0 +1,25 @@
+SUMMARY = "Cantarell, a Humanist sans-serif font family"
+
+DESCRIPTION = "The Cantarell font typeface is designed as a \
+   contemporary Humanist sans serif, and was developed for \
+   on-screen reading; in particular, reading web pages on an \
+   HTC Dream mobile phone."
+
+HOMEPAGE = "https://git.gnome.org/browse/cantarell-fonts/;
+SECTION = "fonts"
+LICENSE = "OFL-1.1"
+LIC_FILES_CHKSUM = "file://COPYING;md5=df91e3ffcab8cfb972a66bf11255188d"
+
+PV = "0.0.18.1+git${SRCPV}"
+PR = "r0"
+
+SRCREV = "3e954528d06de1c7e5ba8ebf8b0cca9c68faa0c4"
+SRC_URI = "git://git.gnome.org/cantarell-fonts;protocol=git;branch=master"
+
+S = "${WORKDIR}/git"
+
+inherit autotools allarch fontcache
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[fontforge] = 
"--enable-source-rebuild=yes,--enable-source-rebuild=no,fontforge-native"
+FILES_${PN} = "${datadir}/fonts ${datadir}/fontconfig"
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 2/2] pango: make ${PN}-ptest RDEPENDS on cantarell-fonts

[Jagadeesh Krishnanjanappa]

Pango test case (test-layout.test) requires cantarell-font
typeface. This test case uses 'Cantarell 11' font type.

Test result after this change on qemux86:
-- snip --
root@qemux86:/usr/lib/pango/ptest# ./run-ptest
Running test: pango/testboundaries_ucd.test
/text/break/grapheme: Testing
/usr/lib/pango/installed-tests/pango/GraphemeBreakTest.txt.
OK
/text/break/word: /usr/lib/pango/installed-tests/pango/WordBreakTest.txt not
found.  Skipping test.
OK
/text/break/sentence: /usr/lib/pango/installed-tests/pango/SentenceBreakTest.txt
not found.  Skipping test.
OK
/text/break/line: /usr/lib/pango/installed-tests/pango/LineBreakTest.txt not
found.  Skipping test.
OK
PASS: pango/testboundaries_ucd.test
Running test: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test

Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
Executing: pango/test-pangocairo-threads.test
PASS: pango/test-pangocairo-threads.test
Running test: pango/test-layout.test
/layout/valid-2.markup: OK
/layout/valid-1.markup: OK
PASS: pango/test-layout.test
Running test: pango/markup-parse.test
/markup/parse/fail-1.markup: OK
/markup/parse/valid-3.markup: OK
/markup/parse/valid-2.markup: OK
/markup/parse/valid-1.markup: OK
/markup/parse/valid-4.markup: OK
PASS: pango/markup-parse.test
Running test: pango/test-ot-tags.test
/tags/script: OK
/tags/language: OK
PASS: pango/test-ot-tags.test
Running test: pango/testiter.test
/layout/iter: OK
/layout/glyphitem-iter: OK
PASS: pango/testiter.test
Running test: pango/testcolor.test
/color/parse: OK
PASS: pango/testcolor.test
Running test: pango/cxx-test.test
PASS: pango/cxx-test.test
Running test: pango/testboundaries.test
/text/boundaries: sample file:
/usr/lib/pango/installed-tests/pango/boundaries.utf8
testboundaries passed
OK
PASS: pango/testboundaries.test
Running test: pango/testscript.test
/script/iter: OK
PASS: pango/testscript.test
Running test: pango/testattributes.test
/attributes/basic: OK
/attributes/equal: OK
/attributes/list/basic: OK
/attributes/list/change: OK
/attributes/list/splice: OK
/attributes/list/filter: OK
/attributes/iter/basic: OK
/attributes/iter/get: OK
/attributes/iter/get_font: OK
/attributes/iter/get_attrs: OK
PASS: pango/testattributes.test
Running test: pango/test-font.test
/pango/fontdescription/parse: OK
/pango/fontdescription/roundtrip: OK
PASS: pango/test-font.test
SUMMARY: total=12; passed=12; skipped=0; failed=0; user=74.9s; system=1.9s;
maxrss=52356
root@qemux86:/usr/lib/pango/ptest#
-- CUT --

Signed-off-by: Jagadeesh Krishnanjanappa 
---
 meta/recipes-graphics/pango/pango.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-graphics/pango/pango.inc 
b/meta/recipes-graphics/pango/pango.inc
index 3e9c068..a2a92fe 100644
--- a/meta/recipes-graphics/pango/pango.inc
+++ b/meta/recipes-graphics/pango/pango.inc
@@ -42,7 +42,7 @@ do_compile_prepend () {
 FILES_${PN} = "${bindir}/* ${libdir}/libpango*${SOLIBS}"
 FILES_${PN}-dev += "${libdir}/pango/${LIBV}/modules/*.la"
 
-RDEPENDS_${PN}-ptest += "liberation-fonts"
+RDEPENDS_${PN}-ptest += "liberation-fonts cantarell-fonts"
 
 RPROVIDES_${PN} += "pango-modules pango-module-indic-lang \
 pango-module-basic-fc pango-module-arabic-lang"
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] pixz: Add 1.0.6

[Khem Raj]

On Fri, Jan 8, 2016 at 10:22 AM, Richard Purdie
 wrote:
> xz gives better compression results than bzip/gz but is often slower.
> Using parallel compression mitigates this somewhat and is particularly
> useful for the SDK.

I have proposed another tool called pxz back in Sept last year
http://lists.openembedded.org/pipermail/openembedded-core/2015-September/110971.html

although pixz seems to be well maintained and active, would be nice to
know what do people mostly use.

>
> Signed-off-by: Richard Purdie 
>
> diff --git a/meta/recipes-support/pixz/pixz_1.0.6.bb 
> b/meta/recipes-support/pixz/pixz_1.0.6.bb
> new file mode 100644
> index 000..e6e4ac2
> --- /dev/null
> +++ b/meta/recipes-support/pixz/pixz_1.0.6.bb
> @@ -0,0 +1,14 @@
> +SUMMARY = "Parallel, indexed xz compressor"
> +
> +DEPENDS = "xz libarchive"
> +
> +SRC_URI = 
> "https://github.com/vasi/pixz/releases/download/v${PV}/${BPN}-${PV}.tar.xz;
> +SRC_URI[md5sum] = "f6dc5909c9a31b192f69aa397ae8df48"
> +SRC_URI[sha256sum] = 
> "02c50746b134fa1b1aae41fcc314d7c6f1919b3d48bcdea01bf11769f83f72e8"
> +
> +LICENSE = "BSD-2-Clause"
> +LIC_FILES_CHKSUM = "file://LICENSE;md5=5cf6d164086105f1512ccb81bfff1926"
> +
> +inherit autotools
> +
> +BBCLASSEXTEND = "native"
>
>
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH RFC] sstate: Switch from tgz to tar.xz for sstate

[Richard Purdie]

xz compresses with a better compression ratio than gz with similar speed
for compression and decompression. It therefore makes sense to switch
to it for the sstate objects.

As an example, the gcc-cross populate_sysroot object goes from
79,509,871 to 53,031,752 bytes which is a significant improvement.

Signed-off-by: Richard Purdie 

diff --git a/meta/classes/buildhistory.bbclass 
b/meta/classes/buildhistory.bbclass
index 4153e58..734303c 100644
--- a/meta/classes/buildhistory.bbclass
+++ b/meta/classes/buildhistory.bbclass
@@ -537,7 +537,7 @@ python buildhistory_get_extra_sdkinfo() {
 filesizes = {}
 for root, _, files in os.walk('${SDK_OUTPUT}/${SDKPATH}/sstate-cache'):
 for fn in files:
-if fn.endswith('.tgz'):
+if fn.endswith('.tar.xz'):
 fsize = 
int(math.ceil(float(os.path.getsize(os.path.join(root, fn))) / 1024))
 task = fn.rsplit(':', 1)[1].split('_', 1)[1].split('.')[0]
 origtotal = tasksizes.get(task, 0)
diff --git a/meta/classes/populate_sdk_ext.bbclass 
b/meta/classes/populate_sdk_ext.bbclass
index 3a65c07..4ff5e9e 100644
--- a/meta/classes/populate_sdk_ext.bbclass
+++ b/meta/classes/populate_sdk_ext.bbclass
@@ -189,7 +189,7 @@ python copy_buildsystem () {
 # We don't need sstate do_package files
 for root, dirs, files in os.walk(sstate_out):
 for name in files:
-if name.endswith("_package.tgz"):
+if name.endswith("_package.tar.xz"):
 f = os.path.join(root, name)
 os.remove(f)
 }
diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass
index 9bef212..d9adf01 100644
--- a/meta/classes/sstate.bbclass
+++ b/meta/classes/sstate.bbclass
@@ -294,8 +294,8 @@ def sstate_installpkg(ss, d):
 oe.path.remove(dir)
 
 sstateinst = d.expand("${WORKDIR}/sstate-install-%s/" % ss['task'])
-sstatefetch = d.getVar('SSTATE_PKGNAME', True) + '_' + ss['task'] + ".tgz"
-sstatepkg = d.getVar('SSTATE_PKG', True) + '_' + ss['task'] + ".tgz"
+sstatefetch = d.getVar('SSTATE_PKGNAME', True) + '_' + ss['task'] + 
".tar.xz"
+sstatepkg = d.getVar('SSTATE_PKG', True) + '_' + ss['task'] + ".tar.xz"
 
 if not os.path.exists(sstatepkg):
 pstaging_fetch(sstatefetch, sstatepkg, d)
@@ -372,7 +372,7 @@ python sstate_hardcode_path_unpack () {
 def sstate_clean_cachefile(ss, d):
 import oe.path
 
-sstatepkgfile = d.getVar('SSTATE_PATHSPEC', True) + "*_" + ss['task'] + 
".tgz*"
+sstatepkgfile = d.getVar('SSTATE_PATHSPEC', True) + "*_" + ss['task'] + 
".tar.xz*"
 bb.note("Removing %s" % sstatepkgfile)
 oe.path.remove(sstatepkgfile)
 
@@ -555,7 +555,7 @@ def sstate_package(ss, d):
 tmpdir = d.getVar('TMPDIR', True)
 
 sstatebuild = d.expand("${WORKDIR}/sstate-build-%s/" % ss['task'])
-sstatepkg = d.getVar('SSTATE_PKG', True) + '_'+ ss['task'] + ".tgz"
+sstatepkg = d.getVar('SSTATE_PKG', True) + '_'+ ss['task'] + ".tar.xz"
 bb.utils.remove(sstatebuild, recurse=True)
 bb.utils.mkdirhier(sstatebuild)
 bb.utils.mkdirhier(os.path.dirname(sstatepkg))
@@ -677,14 +677,14 @@ sstate_create_package () {
# Need to handle empty directories
if [ "$(ls -A)" ]; then
set +e
-   tar -czf $TFILE *
+   tar -cJf $TFILE *
ret=$?
if [ $ret -ne 0 ] && [ $ret -ne 1 ]; then
exit 1
fi
set -e
else
-   tar -cz --file=$TFILE --files-from=/dev/null
+   tar -cJ --file=$TFILE --files-from=/dev/null
fi
chmod 0664 $TFILE
mv -f $TFILE ${SSTATE_PKG}
@@ -703,7 +703,7 @@ sstate_create_package () {
 # Will be run from within SSTATE_INSTDIR.
 #
 sstate_unpack_package () {
-   tar -xmvzf ${SSTATE_PKG}
+   tar -xmvJf ${SSTATE_PKG}
# Use "! -w ||" to return true for read only files
[ ! -w ${SSTATE_PKG} ] || touch --no-dereference ${SSTATE_PKG}
[ ! -w ${SSTATE_PKG}.sig ] || [ ! -e ${SSTATE_PKG}.sig ] || touch 
--no-dereference ${SSTATE_PKG}.sig
@@ -716,7 +716,7 @@ def sstate_checkhashes(sq_fn, sq_task, sq_hash, sq_hashfn, 
d, siginfo=False):
 
 ret = []
 missed = []
-extension = ".tgz"
+extension = ".tar.xz"
 if siginfo:
 extension = extension + ".siginfo"
 
@@ -821,11 +821,11 @@ def sstate_checkhashes(sq_fn, sq_task, sq_hash, 
sq_hashfn, d, siginfo=False):
 evdata = {'missed': [], 'found': []};
 for task in missed:
 spec, extrapath, tname = getpathcomponents(task, d)
-sstatefile = d.expand(extrapath + generate_sstatefn(spec, 
sq_hash[task], d) + "_" + tname + ".tgz")
+sstatefile = d.expand(extrapath + generate_sstatefn(spec, 
sq_hash[task], d) + "_" + tname + ".tar.xz")
 evdata['missed'].append( (sq_fn[task], sq_task[task], 
sq_hash[task], 

[OE-core] [RFC PATCH] bitbake.conf/sanity: Add dependency on host xz

[Richard Purdie]

Times change and xz is becoming the defacto compression format and
utility. Adapt to the times and assume that the system provides xz.

This leads into us being able to use xz for sstate instead of gzip.

Signed-off-by: Richard Purdie 

diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 9f35558..ab28660 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -3,7 +3,7 @@
 #
 
 SANITY_REQUIRED_UTILITIES ?= "patch diffstat makeinfo git bzip2 tar \
-gzip gawk chrpath wget cpio perl file"
+gzip gawk chrpath wget cpio perl file xz"
 
 def bblayers_conf_file(d):
 return os.path.join(d.getVar('TOPDIR', True), 'conf/bblayers.conf')
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index 371af31..4088c22 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -178,6 +178,7 @@ ASSUME_PROVIDED = "\
 texinfo-native \
 bash-native \
 sed-native \
+xz-native \
 "
 # gzip-native should be listed above?
 


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 3/4] lib/oe/rootfs: Use list_pkgs() instead of list()

[Pau Espin Pedrol]

Hi,

I don't have the env to test the patch anymore.

However, I have a question on this patch. I inline the comment in the code
here, below the related lines:

2016-01-07 21:07 GMT+01:00 :

> From: Mariano Lopez 
>
> This patch changes the use list_pkgs() instead of list()
> from class RpmPkgsList. The change is in two functions,
> image_list_installed_packages from rootfs.py and
> sdk_list_installed_packages from sdk.py.
>
> With this change the functions calling the functions
> listed above, must format the output as they required.
> The formatting can be done using format_pkg_list() from
> oe.utils.
>
> The classes calling the afected functions are changed too
> with this patch, to keep the same functionality using the
> new data structure.
>
> [YOCTO #7427]
>
> Signed-off-by: Mariano Lopez 
> ---
>  meta/classes/buildhistory.bbclass| 11 +++
>  meta/classes/license.bbclass |  8 ++--
>  meta/classes/populate_sdk_base.bbclass   |  8 ++--
>  meta/classes/rootfs-postcommands.bbclass |  5 +++--
>  meta/lib/oe/package_manager.py   | 18 ++
>  meta/lib/oe/rootfs.py|  8 
>  meta/lib/oe/sdk.py   |  8 
>  7 files changed, 40 insertions(+), 26 deletions(-)
>
> diff --git a/meta/classes/buildhistory.bbclass
> b/meta/classes/buildhistory.bbclass
> index 4153e58..a2f8ac7 100644
> --- a/meta/classes/buildhistory.bbclass
> +++ b/meta/classes/buildhistory.bbclass
> @@ -337,18 +337,21 @@ def write_pkghistory(pkginfo, d):
>  def buildhistory_list_installed(d, rootfs_type="image"):
>  from oe.rootfs import image_list_installed_packages
>  from oe.sdk import sdk_list_installed_packages
> +from oe.utils import format_pkg_list
>
>  process_list = [('file', 'bh_installed_pkgs.txt'),\
>  ('deps', 'bh_installed_pkgs_deps.txt')]
>
> +if rootfs_type == "image":
> +pkgs = image_list_installed_packages(d)
> +else:
> +pkgs = sdk_list_installed_packages(d, rootfs_type == "sdk_target")
> +
>  for output_type, output_file in process_list:
>  output_file_full = os.path.join(d.getVar('WORKDIR', True),
> output_file)
>
>  with open(output_file_full, 'w') as output:
> -if rootfs_type == "image":
> -output.write(image_list_installed_packages(d,
> output_type))
> -else:
> -output.write(sdk_list_installed_packages(d, rootfs_type
> == "sdk_target", output_type))
> +output.write(format_pkg_list(pkgs, output_type))
>
>  python buildhistory_list_installed_image() {
>  buildhistory_list_installed(d)
> diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
> index 6651d55..fed42ca 100644
> --- a/meta/classes/license.bbclass
> +++ b/meta/classes/license.bbclass
> @@ -21,8 +21,12 @@ python write_package_manifest() {
>  license_image_dir = d.expand('${LICENSE_DIRECTORY}/${IMAGE_NAME}')
>  bb.utils.mkdirhier(license_image_dir)
>  from oe.rootfs import image_list_installed_packages
> +from oe.utils import format_pkg_list
> +
> +pkgs = image_list_installed_packages(d)
> +output = format_pkg_list(pkgs)
>  open(os.path.join(license_image_dir, 'package.manifest'),
> -'w+').write(image_list_installed_packages(d))
> +'w+').write(output)
>  }
>
>  python write_deploy_manifest() {
> @@ -38,7 +42,7 @@ python license_create_manifest() {
>  return 0
>
>  pkg_dic = {}
> -for pkg in image_list_installed_packages(d).splitlines():
> +for pkg in sorted(image_list_installed_packages(d)):
>  pkg_info = os.path.join(d.getVar('PKGDATA_DIR', True),
>  'runtime-reverse', pkg)
>  pkg_name = os.path.basename(os.readlink(pkg_info))
> diff --git a/meta/classes/populate_sdk_base.bbclass
> b/meta/classes/populate_sdk_base.bbclass
> index 23dc115..26e06a5 100644
> --- a/meta/classes/populate_sdk_base.bbclass
> +++ b/meta/classes/populate_sdk_base.bbclass
> @@ -62,20 +62,24 @@ SDK_TARGET_MANIFEST =
> "${SDK_DEPLOY}/${TOOLCHAIN_OUTPUTNAME}.target.manifest"
>  SDK_HOST_MANIFEST = "${SDK_DEPLOY}/${TOOLCHAIN_OUTPUTNAME}.host.manifest"
>  python write_target_sdk_manifest () {
>  from oe.sdk import sdk_list_installed_packages
> +from oe.utils import format_pkg_list
>  sdkmanifestdir = os.path.dirname(d.getVar("SDK_TARGET_MANIFEST",
> True))
> +pkgs = sdk_list_installed_packages(d, True)
>  if not os.path.exists(sdkmanifestdir):
>  bb.utils.mkdirhier(sdkmanifestdir)
>  with open(d.getVar('SDK_TARGET_MANIFEST', True), 'w') as output:
> -output.write(sdk_list_installed_packages(d, True, 'ver'))
> +output.write(format_pkg_list(pkgs, 'ver'))
>  }
>
>  python write_host_sdk_manifest () {
>  from oe.sdk import sdk_list_installed_packages
> +from oe.utils 

[OE-core] [PATCH 00/20] Dizzy-next pull request 2016-1

[Armin Kuster]

Please consider these changes for dizzy-next community support.

The following changes since commit 6d34267e0a13e10ab91b60590b27a2b5ba3b7da6:

  documentation: Changed some 'intro' tags to resolve multiple mega-manual 
warnings. (2015-11-18 16:44:05 +)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib akuster/dizzy-next
  http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy-next

Armin Kuster (2):
  openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565
  Fixes a heap buffer overflow in glibc wscanf.

Belal, Awais (1):
  grub2: Fix CVE-2015-8370

Chen Qi (1):
  image.bbclass: don't let do_rootfs depend on BUILDNAME

Martin Jansa (3):
  fontcache: allow to pass extra parameters and environment to fc-cache
  texinfo: don't create dependency on INHERIT variable
  linux-dtb.inc: drop unused DTB_NAME variable from do_install

Mike Crowe (1):
  allarch: Force TARGET_*FLAGS variable values

Richard Purdie (2):
  layer.conf: Add several allarch dependency exclusions
  layer.conf: Add missing dependency for allarch package
initramfs-framework

Sergiy Kibrik (1):
  rsync: backport libattr checking patch

Sona Sarmadi (7):
  libtasn1: CVE-2015-3622
  grep2.19: CVE-2015-1345
  libxml2: CVE-2015-7942
  libxml2: CVE-2015-8035
  openssl: CVE-2015-3194, CVE-2015-3195
  libxml2: CVE-2015-8241
  bind: CVE-2015-8000

Tudor Florea (2):
  glibc: use patch for CVE-2015-1781
  unzip: CVE-2015-7696, CVE-2015-7697

 meta/classes/allarch.bbclass   |   4 +
 meta/classes/fontcache.bbclass |  19 +-
 meta/classes/image.bbclass |   2 +-
 meta/conf/layer.conf   |  11 ++
 ...E-2015-8370-Grub2-user-pass-vulnerability.patch |  50 ++
 meta/recipes-bsp/grub/grub-efi_2.00.bb |   1 +
 meta/recipes-bsp/grub/grub_2.00.bb |   1 +
 .../bind/bind/CVE-2015-8000.patch  | 194 +
 meta/recipes-connectivity/bind/bind_9.9.5.bb   |   1 +
 .../openssh/openssh/CVE-2015-6563.patch|  36 
 .../openssh/openssh/CVE-2015-6564.patch|  34 
 .../openssh/openssh/CVE-2015-6565.patch|  35 
 meta/recipes-connectivity/openssh/openssh_6.6p1.bb |   5 +-
 .../CVE-2015-3194-Add-PSS-parameter-check.patch|  37 
 ...CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch |  61 +++
 .../recipes-connectivity/openssl/openssl_1.0.1p.bb |   2 +
 ...5-1472-wscanf-allocates-too-little-memory.patch | 108 
 meta/recipes-core/glibc/glibc_2.20.bb  |   5 +-
 meta/recipes-core/libxml/libxml2.inc   |   3 +
 .../libxml/libxml2/CVE-2015-7942.patch |  58 ++
 .../libxml/libxml2/CVE-2015-8035.patch |  35 
 .../libxml/libxml2/CVE-2015-8241.patch |  41 +
 .../rsync/files/check_libattr.patch|  33 
 meta/recipes-devtools/rsync/rsync_3.1.0.bb |   3 +-
 .../grep/grep-2.19/grep2.19-CVE-2015-1345.patch| 129 ++
 meta/recipes-extended/grep/grep_2.19.bb|   4 +-
 meta/recipes-extended/texinfo/texinfo_5.2.bb   |   2 +-
 .../unzip/unzip/CVE-2015-7696.patch|  38 
 .../unzip/unzip/CVE-2015-7697.patch|  31 
 meta/recipes-extended/unzip/unzip_6.0.bb   |   2 +
 meta/recipes-kernel/linux/linux-dtb.inc|   1 -
 .../gnutls/libtasn1/libtasn1-CVE-2015-3622.patch   |  44 +
 meta/recipes-support/gnutls/libtasn1_4.0.bb|   1 +
 scripts/postinst-intercepts/update_font_cache  |   4 +-
 34 files changed, 1020 insertions(+), 15 deletions(-)
 create mode 100644 
meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
 create mode 100644 
meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch
 create mode 100644 meta/recipes-devtools/rsync/files/check_libattr.patch
 create mode 100644 
meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
 create mode 100644 

[OE-core] [PATCH 16/20] openssl: CVE-2015-3194, CVE-2015-3195

[Armin Kuster]

From: Sona Sarmadi 

Fixes following vulnerabilities:
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
X509_ATTRIBUTE memory leak (CVE-2015-3195)

References:
https://openssl.org/news/secadv/20151203.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195

Upstream patches:
CVE-2015-3194:
https://git.openssl.org/?p=openssl.git;a=commit;h=
d8541d7e9e63bf5f343af24644046c8d96498c17

CVE-2015-3195:
https://git.openssl.org/?p=openssl.git;a=commit;h=
b29ffa392e839d05171206523e84909146f7a77c

Signed-off-by: Sona Sarmadi 
Signed-off-by: Armin Kuster 
---
 .../CVE-2015-3194-Add-PSS-parameter-check.patch| 37 +
 ...CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch | 61 ++
 .../recipes-connectivity/openssl/openssl_1.0.1p.bb |  2 +
 3 files changed, 100 insertions(+)
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch

diff --git 
a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch
 
b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch
new file mode 100644
index 000..a6697ca
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-check.patch
@@ -0,0 +1,37 @@
+From d8541d7e9e63bf5f343af24644046c8d96498c17 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson" 
+Date: Fri, 2 Oct 2015 13:10:29 +0100
+Subject:Add PSS parameter check.
+
+Avoid seg fault by checking mgf1 parameter is not NULL. This can be
+triggered during certificate verification so could be a DoS attack
+against a client or a server enabling client authentication.
+
+Thanks to Lo??c Jonas Etienne (Qnective AG) for discovering this bug.
+
+CVE-2015-3194
+
+Upstream-Status: Backport
+
+Reviewed-by: Matt Caswell 
+Signed-off-by: Sona Sarmadi 
+---
+ crypto/rsa/rsa_ameth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
+index 93e071d..c7f1148 100644
+--- a/crypto/rsa/rsa_ameth.c
 b/crypto/rsa/rsa_ameth.c
+@@ -279,7 +279,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR 
*alg,
+ if (pss->maskGenAlgorithm) {
+ ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
+ if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1
+-&& param->type == V_ASN1_SEQUENCE) {
++&& param && param->type == V_ASN1_SEQUENCE) {
+ p = param->value.sequence->data;
+ plen = param->value.sequence->length;
+ *pmaskHash = d2i_X509_ALGOR(NULL, , plen);
+-- 
+1.9.1
+
diff --git 
a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
 
b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
new file mode 100644
index 000..be705c0
--- /dev/null
+++ 
b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch
@@ -0,0 +1,61 @@
+commit b29ffa392e839d05171206523e84909146f7a77c
+Author: Dr. Stephen Henson 
+Date: Tue, 10 Nov 2015 19:03:07 +
+Subject: Fix leak with ASN.1 combine.
+
+When parsing a combined structure pass a flag to the decode routine
+so on error a pointer to the parent structure is not zeroed as
+this will leak any additional components in the parent.
+
+This can leak memory in any application parsing PKCS#7 or CMS structures.
+
+CVE-2015-3195.
+
+Upstream-Status: Backport
+
+Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
+libFuzzer.
+
+PR#4131
+
+Reviewed-by: Richard Levitte 
+Signed-off-by: Sona Sarmadi 
+---
+ crypto/asn1/tasn_dec.c | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
+index febf605..9256049 100644
+--- a/crypto/asn1/tasn_dec.c
 b/crypto/asn1/tasn_dec.c
+@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned 
char **in, long len,
+ int otag;
+ int ret = 0;
+ ASN1_VALUE **pchptr, *ptmpval;
++int combine = aclass & ASN1_TFLG_COMBINE;
++aclass &= ~ASN1_TFLG_COMBINE;
+ if (!pval)
+ return 0;
+ if (aux && aux->asn1_cb)
+@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned 
char **in, long len,
+  auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+  err:
+-ASN1_item_ex_free(pval, it);
++if (combine == 0)
++ASN1_item_ex_free(pval, it);
+ if (errtt)
+ ERR_add_error_data(4, "Field=", errtt->field_name,
+", Type=", it->sname);
+@@ -689,7 +692,7 @@ static int 

[OE-core] [PATCH 03/20] rsync: backport libattr checking patch

[Armin Kuster]

From: Sergiy Kibrik 

Add check_libattr.patch to version 3.1.0 recipe, which checks
and includes libattr to linker, otherwise rsync may fail to build
with linker error below (as -lattr option gets omitted):

[..]
lib/sysxattrs.o: undefined reference to symbol 'llistxattr@@ATTR_1.0'
[..]/lib/libattr.so.1: error adding symbols: DSO missing from command line

Signed-off-by: Sergiy Kibrik 
Signed-off-by: Armin Kuster 
---
 .../rsync/files/check_libattr.patch| 33 ++
 meta/recipes-devtools/rsync/rsync_3.1.0.bb |  3 +-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-devtools/rsync/files/check_libattr.patch

diff --git a/meta/recipes-devtools/rsync/files/check_libattr.patch 
b/meta/recipes-devtools/rsync/files/check_libattr.patch
new file mode 100644
index 000..cb159fa
--- /dev/null
+++ b/meta/recipes-devtools/rsync/files/check_libattr.patch
@@ -0,0 +1,33 @@
+From 677c6e14cc7d5f41371d5616865a5f0cfc0a273f Mon Sep 17 00:00:00 2001
+From: Wayne Davison 
+Date: Mon, 5 May 2014 09:25:13 -0700
+Subject: [PATCH] Check for attr lib.
+
+---
+ configure.ac | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index c7b28c5..8e3703c 100644
+--- a/configure.ac
 b/configure.ac
+@@ -1007,7 +1007,7 @@ else
+ *)
+   AC_MSG_RESULT(running tests:)
+   AC_CHECK_LIB(acl,acl_get_file)
+-  AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[
++  AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[
+   AC_TRY_LINK([#include 
+ #include ],
+ [ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, 
entry_id, entry_p);],
+@@ -1057,6 +1057,7 @@ else
+   AC_DEFINE(HAVE_LINUX_XATTRS, 1, [True if you have Linux xattrs])
+   AC_DEFINE(SUPPORT_XATTRS, 1)
+   AC_DEFINE(NO_SYMLINK_USER_XATTRS, 1, [True if symlinks do not support 
user xattrs])
++  AC_CHECK_LIB(attr,getxattr)
+   ;;
+ darwin*)
+   AC_MSG_RESULT(Using OS X xattrs)
+-- 
+1.9.1
+
diff --git a/meta/recipes-devtools/rsync/rsync_3.1.0.bb 
b/meta/recipes-devtools/rsync/rsync_3.1.0.bb
index a4a5c10..d253fe9 100644
--- a/meta/recipes-devtools/rsync/rsync_3.1.0.bb
+++ b/meta/recipes-devtools/rsync/rsync_3.1.0.bb
@@ -1,7 +1,8 @@
 require rsync.inc
 
 
-SRC_URI += "file://acinclude.m4"
+SRC_URI += "file://acinclude.m4 \
+   file://check_libattr.patch"
 
 SRC_URI[md5sum] = "3be148772a33224771a8d4d2a028b132"
 SRC_URI[sha256sum] = 
"81ca23f77fc9b957eb9845a6024f41af0ff0c619b7f38576887c63fa38e2394e"
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 20/20] bind: CVE-2015-8000

[Armin Kuster]

From: Sona Sarmadi 

Fixes a denial of service in BIND.

An error in the parsing of incoming responses allows some
records with an incorrect class to be accepted by BIND
instead of being rejected as malformed. This can trigger
a REQUIRE assertion failure when those records are subsequently
cached.

[YOCTO #8838]

References:
http://www.openwall.com/lists/oss-security/2015/12/15/14
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8000
https://bugzilla.redhat.com/attachment.cgi?id=1105581

Signed-off-by: Sona Sarmadi 
Signed-off-by: Armin Kuster 
---
 .../bind/bind/CVE-2015-8000.patch  | 194 +
 meta/recipes-connectivity/bind/bind_9.9.5.bb   |   1 +
 2 files changed, 195 insertions(+)
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch 
b/meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch
new file mode 100644
index 000..b8d8412
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2015-8000.patch
@@ -0,0 +1,194 @@
+responses with a malformed class attribute can trigger an
+assertion failure in db.c
+
+[security]
+Insufficient testing when parsing a message allowed records with
+an incorrect class to be be accepted, triggering a REQUIRE failure
+when those records were subsequently cached. (CVE-2015-8000) [RT#4098]
+
+Upstream-Status: Backport
+
+[The patch is taken from BIND 9.9.4:
+https://bugzilla.redhat.com/attachment.cgi?id=1105581]
+
+Signed-off-by: Sona Sarmadi 
+---
+diff --git a/lib/dns/include/dns/message.h b/lib/dns/include/dns/message.h
+index a6862fa..d999e75 100644
+--- a/lib/dns/include/dns/message.h
 b/lib/dns/include/dns/message.h
+@@ -210,6 +210,8 @@ struct dns_message {
+   unsigned intverify_attempted : 1;
+   unsigned intfree_query : 1;
+   unsigned intfree_saved : 1;
++  unsigned inttkey : 1;
++  unsigned intrdclass_set : 1;
+ 
+   unsigned intopt_reserved;
+   unsigned intsig_reserved;
+@@ -1374,6 +1376,15 @@ dns_message_buildopt(dns_message_t *msg, dns_rdataset_t 
**opt,
+  * \li other.
+  */
+ 
++void
++dns_message_setclass(dns_message_t *msg, dns_rdataclass_t rdclass);
++/*%<
++ * Set the expected class of records in the response.
++ *
++ * Requires:
++ * \li   msg be a valid message with parsing intent.
++ */
++
+ ISC_LANG_ENDDECLS
+ 
+ #endif /* DNS_MESSAGE_H */
+diff --git a/lib/dns/message.c b/lib/dns/message.c
+index 53efc5a..73def73 100644
+--- a/lib/dns/message.c
 b/lib/dns/message.c
+@@ -436,6 +436,8 @@ msginit(dns_message_t *m) {
+   m->saved.base = NULL;
+   m->saved.length = 0;
+   m->free_saved = 0;
++  m->tkey = 0;
++  m->rdclass_set = 0;
+   m->querytsig = NULL;
+ }
+ 
+@@ -1086,13 +1088,19 @@ getquestions(isc_buffer_t *source, dns_message_t *msg, 
dns_decompress_t *dctx,
+* If this class is different than the one we already read,
+* this is an error.
+*/
+-  if (msg->state == DNS_SECTION_ANY) {
+-  msg->state = DNS_SECTION_QUESTION;
++  if (msg->rdclass_set == 0) {
+   msg->rdclass = rdclass;
++  msg->rdclass_set = 1;
+   } else if (msg->rdclass != rdclass)
+   DO_FORMERR;
+ 
+   /*
++   * Is this a TKEY query?
++   */
++  if (rdtype == dns_rdatatype_tkey)
++  msg->tkey = 1;
++
++  /*
+* Can't ask the same question twice.
+*/
+   result = dns_message_find(name, rdclass, rdtype, 0, NULL);
+@@ -1236,12 +1244,12 @@ getsection(isc_buffer_t *source, dns_message_t *msg, 
dns_decompress_t *dctx,
+* If there was no question section, we may not yet have
+* established a class.  Do so now.
+*/
+-  if (msg->state == DNS_SECTION_ANY &&
++  if (msg->rdclass_set == 0 &&
+   rdtype != dns_rdatatype_opt &&  /* class is UDP SIZE */
+   rdtype != dns_rdatatype_tsig && /* class is ANY */
+   rdtype != dns_rdatatype_tkey) { /* class is undefined */
+   msg->rdclass = rdclass;
+-  msg->state = DNS_SECTION_QUESTION;
++  msg->rdclass_set = 1;
+   }
+ 
+   /*
+@@ -1251,7 +1259,7 @@ getsection(isc_buffer_t *source, dns_message_t *msg, 
dns_decompress_t *dctx,
+   if (msg->opcode != dns_opcode_update
+   && rdtype != dns_rdatatype_tsig
+   && rdtype != dns_rdatatype_opt
+-  && rdtype != 

[OE-core] [PATCH 04/20] openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565

[Armin Kuster]

From: Armin Kuster 

three security fixes.

CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM 
support
CVE-2015-6564 (medium)  openssh: Use-after-free bug related to PAM support
CVE-2015-6565 (High)  openssh: Incorrectly set TTYs to be world-writable

(From OE-Core rev: 259df232b513367a0a18b17e3e377260a770288f)

Signed-off-by: Armin Kuster 
Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 

Conflicts:
meta/recipes-connectivity/openssh/openssh_6.6p1.bb
---
 .../openssh/openssh/CVE-2015-6563.patch| 36 ++
 .../openssh/openssh/CVE-2015-6564.patch| 34 
 .../openssh/openssh/CVE-2015-6565.patch| 35 +
 meta/recipes-connectivity/openssh/openssh_6.6p1.bb |  5 ++-
 4 files changed, 109 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch
 create mode 100644 
meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch 
b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
new file mode 100644
index 000..19cea41
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
@@ -0,0 +1,36 @@
+CVE-2015-6563
+
+Don't resend username to PAM; it already has it. 
+Pointed out by Moritz Jodeit; ok dtucker@
+
+Upstream-Status: Backport
+https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
+
+Signed-off-by: Armin Kuster 
+
+Index: openssh-6.7p1/monitor.c
+===
+--- openssh-6.7p1.orig/monitor.c
 openssh-6.7p1/monitor.c
+@@ -1046,9 +1046,7 @@ extern KbdintDevice sshpam_device;
+ int
+ mm_answer_pam_init_ctx(int sock, Buffer *m)
+ {
+-
+   debug3("%s", __func__);
+-  authctxt->user = buffer_get_string(m, NULL);
+   sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
+   sshpam_authok = NULL;
+   buffer_clear(m);
+Index: openssh-6.7p1/monitor_wrap.c
+===
+--- openssh-6.7p1.orig/monitor_wrap.c
 openssh-6.7p1/monitor_wrap.c
+@@ -826,7 +826,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
+ 
+   debug3("%s", __func__);
+   buffer_init();
+-  buffer_put_cstring(, authctxt->user);
+   mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, );
+   debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
+   mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, 
);
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch 
b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch
new file mode 100644
index 000..588d42d
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6564.patch
@@ -0,0 +1,34 @@
+CVE-2015-6564
+
+ set sshpam_ctxt to NULL after free
+
+ Avoids use-after-free in monitor when privsep child is compromised.
+ Reported by Moritz Jodeit; ok dtucker@
+
+Upstream-Status: Backport
+https://github.com/openssh/openssh-portable/commit/5e75f5198769056089fb06c4d738ab0e5abc66f7
+
+Signed-off-by: Armin Kuster 
+
+Index: openssh-6.7p1/monitor.c
+===
+--- openssh-6.7p1.orig/monitor.c
 openssh-6.7p1/monitor.c
+@@ -1128,14 +1128,16 @@ mm_answer_pam_respond(int sock, Buffer *
+ int
+ mm_answer_pam_free_ctx(int sock, Buffer *m)
+ {
++int r = sshpam_authok != NULL && sshpam_authok == sshpam_ctxt;
+ 
+   debug3("%s", __func__);
+   (sshpam_device.free_ctx)(sshpam_ctxt);
++sshpam_ctxt = sshpam_authok = NULL;
+   buffer_clear(m);
+   mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m);
+   auth_method = "keyboard-interactive";
+   auth_submethod = "pam";
+-  return (sshpam_authok == sshpam_ctxt);
++  return r;
+ }
+ #endif
+ 
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch 
b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch
new file mode 100644
index 000..42667b0
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch
@@ -0,0 +1,35 @@
+CVE-2015-6565 openssh: Incorrectly set TTYs to be world-writable
+
+fix pty permissions; patch from Nikolay Edigaryev; ok deraadt
+
+Upstream-Status: Backport
+
+merged two changes into one.
+[1] 
https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2
+tighten permissions on pty when the "tty" group does not exist; pointed out by 
Corinna Vinschen; ok markus
+
+[2] 
https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=6f941396b6835ad18018845f515b0c4fe20be21a
+fix pty permissions; patch from 

[OE-core] [PATCH 08/20] layer.conf: Add missing dependency for allarch package initramfs-framework

[Armin Kuster]

From: Richard Purdie 

Similiarly to the other previous changes, add a missing allarch package 
dependency
for initramfs-framework on udev.

Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/conf/layer.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf
index 047292d..5b47cf4 100644
--- a/meta/conf/layer.conf
+++ b/meta/conf/layer.conf
@@ -48,6 +48,7 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
   docbook-xsl-stylesheets->perl \
   initramfs-framework->busybox \
   initramfs-framework->systemd \
+  initramfs-framework->udev \
   liberation-fonts->fontconfig \
   gnome-icon-theme->librsvg \
   font-alias->font-util \
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 14/20] unzip: CVE-2015-7696, CVE-2015-7697

[Armin Kuster]

From: Tudor Florea 

CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes 
unzipping

References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7697

Signed-off-by: Tudor Florea 
Signed-off-by: Sona Sarmadi 
Signed-off-by: Armin Kuster 
---
 .../unzip/unzip/CVE-2015-7696.patch| 38 ++
 .../unzip/unzip/CVE-2015-7697.patch| 31 ++
 meta/recipes-extended/unzip/unzip_6.0.bb   |  2 ++
 3 files changed, 71 insertions(+)
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
 create mode 100644 meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch

diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch 
b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
new file mode 100644
index 000..ea93823
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7696.patch
@@ -0,0 +1,38 @@
+Upstream-Status: Backport
+Signed-off-by: Tudor Florea 
+
+From 68efed87fabddd450c08f3112f62a73f61d493c9 Mon Sep 17 00:00:00 2001
+From: Petr Stodulka 
+Date: Mon, 14 Sep 2015 18:23:17 +0200
+Subject: [PATCH 1/2] upstream fix for heap overflow
+
+https://bugzilla.redhat.com/attachment.cgi?id=1073002
+---
+ crypt.c | 12 +++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/crypt.c b/crypt.c
+index 784e411..a8975f2 100644
+--- a/crypt.c
 b/crypt.c
+@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
+ GLOBAL(pInfo->encrypted) = FALSE;
+ defer_leftover_input(__G);
+ for (n = 0; n < RAND_HEAD_LEN; n++) {
+-b = NEXTBYTE;
++/* 2012-11-23 SMS.  (OUSPG report.)
++ * Quit early if compressed size < HEAD_LEN.  The resulting
++ * error message ("unable to get password") could be improved,
++ * but it's better than trying to read nonexistent data, and
++ * then continuing with a negative G.csize.  (See
++ * fileio.c:readbyte()).
++ */
++if ((b = NEXTBYTE) == (ush)EOF)
++{
++return PK_ERR;
++}
+ h[n] = (uch)b;
+ Trace((stdout, " (%02x)", h[n]));
+ }
+-- 
+2.4.6
diff --git a/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch 
b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
new file mode 100644
index 000..da68988
--- /dev/null
+++ b/meta/recipes-extended/unzip/unzip/CVE-2015-7697.patch
@@ -0,0 +1,31 @@
+Upstream-Status: Backport
+Signed-off-by: Tudor Florea 
+
+From bd8a743ee0a77e65ad07ef4196c4cd366add3f26 Mon Sep 17 00:00:00 2001
+From: Kamil Dudka 
+Date: Mon, 14 Sep 2015 18:24:56 +0200
+Subject: [PATCH 2/2] fix infinite loop when extracting empty bzip2 data
+
+---
+ extract.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/extract.c b/extract.c
+index 7134bfe..29db027 100644
+--- a/extract.c
 b/extract.c
+@@ -2733,6 +2733,12 @@ __GDEF
+ int repeated_buf_err;
+ bz_stream bstrm;
+ 
++if (G.incnt <= 0 && G.csize <= 0L) {
++/* avoid an infinite loop */
++Trace((stderr, "UZbunzip2() got empty input\n"));
++return 2;
++}
++
+ #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
+ if (G.redirect_slide)
+ wsize = G.redirect_size, redirSlide = G.redirect_buffer;
+-- 
+2.4.6
diff --git a/meta/recipes-extended/unzip/unzip_6.0.bb 
b/meta/recipes-extended/unzip/unzip_6.0.bb
index e590f81..acbc837 100644
--- a/meta/recipes-extended/unzip/unzip_6.0.bb
+++ b/meta/recipes-extended/unzip/unzip_6.0.bb
@@ -14,6 +14,8 @@ SRC_URI = "ftp://ftp.info-zip.org/pub/infozip/src/unzip60.tgz 
\
file://09-cve-2014-8139-crc-overflow.patch \
file://10-cve-2014-8140-test-compr-eb.patch \
file://11-cve-2014-8141-getzip64data.patch \
+   file://CVE-2015-7696.patch \
+   file://CVE-2015-7697.patch \
 "
 
 SRC_URI[md5sum] = "62b490407489521db863b523a7f86375"
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 05/20] fontcache: allow to pass extra parameters and environment to fc-cache

[Armin Kuster]

From: Martin Jansa 

* this can be useful for passing extra parameters, pass
  -v by default to see what's going on in do_rootfs
* we need to use this for extra parameter we implemented
  in fontconfig:
  --ignore-mtime always use cache file regardless of font directory mtime
  because the checksum of fontcache generated in do_rootfs
  doesn't match with /usr/share/fonts directory as seen on
  target device causing fontconfig to re-create the cache
  when fontconfig is used for first time or worse create
  new cache in every user's home directory when /usr/
  filesystem is read only and cache cannot be updated.

  Running FC_DEBUG=16 fc-cache -v on such device shows:
  FcCacheTimeValid dir "/usr/share/fonts" cache checksum 1441207803 dir 
checksum 1441206149
* my guess is that the checksum is different, because pseudo
  (which is unloaded when running qemuwrapper) or because some
  influence of running the rootfs under qemu.

Signed-off-by: Martin Jansa 
Signed-off-by: Armin Kuster 
---
 meta/classes/fontcache.bbclass| 19 +++
 scripts/postinst-intercepts/update_font_cache |  4 ++--
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/meta/classes/fontcache.bbclass b/meta/classes/fontcache.bbclass
index d122387..8ebdfc4 100644
--- a/meta/classes/fontcache.bbclass
+++ b/meta/classes/fontcache.bbclass
@@ -9,12 +9,23 @@ inherit qemu
 FONT_PACKAGES ??= "${PN}"
 FONT_EXTRA_RDEPENDS ?= "fontconfig-utils"
 FONTCONFIG_CACHE_DIR ?= "${localstatedir}/cache/fontconfig"
+FONTCONFIG_CACHE_PARAMS ?= "-v"
+# You can change this to e.g. FC_DEBUG=16 to debug fc-cache issues,
+# something has to be set, because qemuwrapper is using this variable after -E
+# multiple variables aren't allowed because for qemu they are separated
+# by comma and in -n "$D" case they should be separated by space
+FONTCONFIG_CACHE_ENV ?= "FC_DEBUG=1"
 fontcache_common() {
-if [ "x$D" != "x" ] ; then
-   $INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} 
mlprefix=${MLPREFIX} bindir=${bindir} \
-   libdir=${libdir} base_libdir=${base_libdir} 
fontconfigcachedir=${FONTCONFIG_CACHE_DIR}
+if [ -n "$D" ] ; then
+   $INTERCEPT_DIR/postinst_intercept update_font_cache ${PKG} 
mlprefix=${MLPREFIX} \
+   'bindir="${bindir}"' \
+   'libdir="${libdir}"' \
+   'base_libdir="${base_libdir}"' \
+   'fontconfigcachedir="${FONTCONFIG_CACHE_DIR}"' \
+   'fontconfigcacheparams="${FONTCONFIG_CACHE_PARAMS}"' \
+   'fontconfigcacheenv="${FONTCONFIG_CACHE_ENV}"'
 else
-   fc-cache
+   ${FONTCONFIG_CACHE_ENV} fc-cache ${FONTCONFIG_CACHE_PARAMS}
 fi
 }
 
diff --git a/scripts/postinst-intercepts/update_font_cache 
b/scripts/postinst-intercepts/update_font_cache
index c8c6018..0deab3c 100644
--- a/scripts/postinst-intercepts/update_font_cache
+++ b/scripts/postinst-intercepts/update_font_cache
@@ -1,5 +1,5 @@
 #!/bin/sh
 
-PSEUDO_UNLOAD=1 qemuwrapper -L $D -E 
LD_LIBRARY_PATH=$D/${libdir}:$D/${base_libdir}\
-   $D${bindir}/fc-cache --sysroot=$D
+PSEUDO_UNLOAD=1 qemuwrapper -L $D -E 
LD_LIBRARY_PATH=$D/${libdir}:$D/${base_libdir} \
+   -E ${fontconfigcacheenv} 
$D${bindir}/fc-cache --sysroot=$D ${fontconfigcacheparams}
 chown -R root:root $D${fontconfigcachedir}
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 13/20] libxml2: CVE-2015-7942

[Armin Kuster]

From: Sona Sarmadi 

Fixes heap-based buffer overflow in xmlParseConditionalSections().

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/
?id=9b8512337d14c8ddf662fcb98b0135f225a1c489

Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456

Signed-off-by: Sona Sarmadi 
Signed-off-by: Tudor Florea 
Signed-off-by: Armin Kuster 
---
 meta/recipes-core/libxml/libxml2.inc   |  1 +
 .../libxml/libxml2/CVE-2015-7942.patch | 58 ++
 2 files changed, 59 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch

diff --git a/meta/recipes-core/libxml/libxml2.inc 
b/meta/recipes-core/libxml/libxml2.inc
index 840a8eb..15a2421 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -23,6 +23,7 @@ SRC_URI = 
"ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://libxml-m4-use-pkgconfig.patch \
file://libxml2-CVE-2014-3660.patch \

file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
+   file://CVE-2015-7942.patch \
   "
 
 BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
new file mode 100644
index 000..738ae94
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-7942.patch
@@ -0,0 +1,58 @@
+From 9b8512337d14c8ddf662fcb98b0135f225a1c489 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard 
+Date: Mon, 23 Feb 2015 11:29:20 +0800
+Subject: Cleanup conditional section error handling
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=744980
+
+The error handling of Conditional Section also need to be
+straightened as the structure of the document can't be
+guessed on a failure there and it's better to stop parsing
+as further errors are likely to be irrelevant.
+
+Fixes CVE-2015-7942.
+Upstream-Status: Backport
+
+Upstream patch:
+https://git.gnome.org/browse/libxml2/commit/
+?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
+
+Signed-off-by: Sona Sarmadi 
+---
+ parser.c | 6 ++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index bbe97eb..fe603ac 100644
+--- a/parser.c
 b/parser.c
+@@ -6770,6 +6770,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+   SKIP_BLANKS;
+   if (RAW != '[') {
+   xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++  xmlStopParser(ctxt);
++  return;
+   } else {
+   if (ctxt->input->id != id) {
+   xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6830,6 +6832,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+   SKIP_BLANKS;
+   if (RAW != '[') {
+   xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID, NULL);
++  xmlStopParser(ctxt);
++  return;
+   } else {
+   if (ctxt->input->id != id) {
+   xmlValidityError(ctxt, XML_ERR_ENTITY_BOUNDARY,
+@@ -6885,6 +6889,8 @@ xmlParseConditionalSections(xmlParserCtxtPtr ctxt) {
+ 
+ } else {
+   xmlFatalErr(ctxt, XML_ERR_CONDSEC_INVALID_KEYWORD, NULL);
++  xmlStopParser(ctxt);
++  return;
+ }
+ 
+ if (RAW == 0)
+-- 
+cgit v0.11.2
+
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 11/20] linux-dtb.inc: drop unused DTB_NAME variable from do_install

[Armin Kuster]

From: Martin Jansa 

* this is causing do_install to depend on KERNEL_IMAGE_BASE_NAME which
  in some cases contains something like BUILD_NUMBER from CI, that
  caused do_install to be reexecuted every single time, which is very
  sad to be caused by unused variable.
* jethro and newer don't need this change, because it's also fixed in
  commit 86b3f29f93e3f87903668ea317c6bd97be4cdf62
  Author: Marek Vasut 
  Date:   Thu May 14 14:31:11 2015 +0200
  Subject: kernel: Build DTBs early

Signed-off-by: Martin Jansa 
Signed-off-by: Armin Kuster 
---
 meta/recipes-kernel/linux/linux-dtb.inc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/meta/recipes-kernel/linux/linux-dtb.inc 
b/meta/recipes-kernel/linux/linux-dtb.inc
index 6b8f1a5..4779be2 100644
--- a/meta/recipes-kernel/linux/linux-dtb.inc
+++ b/meta/recipes-kernel/linux/linux-dtb.inc
@@ -13,7 +13,6 @@ do_install_append() {
DTB=`basename ${DTB} | sed 's,\.dts$,.dtb,g'`
fi
DTB_BASE_NAME=`basename ${DTB} .dtb`
-   DTB_NAME=`echo ${KERNEL_IMAGE_BASE_NAME} | sed 
"s/${MACHINE}/${DTB_BASE_NAME}/g"`
DTB_SYMLINK_NAME=`echo ${KERNEL_IMAGE_SYMLINK_NAME} | 
sed "s/${MACHINE}/${DTB_BASE_NAME}/g"`
DTB_PATH="${B}/arch/${ARCH}/boot/dts/${DTB}"
oe_runmake ${DTB}
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 09/20] allarch: Force TARGET_*FLAGS variable values

[Armin Kuster]

From: Mike Crowe 

TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may
differ between MACHINEs. Since they are exported they affect task hashes
even if unused which leads to multiple variants of allarch packages
existing in sstate and bouncing in the sysroot when switching between
MACHINEs.

allarch packages shouldn't be using these variables anyway, so let's
ensure they have a fixed value in order to avoid this problem.

(Compare with 05a70ac30b37cab0952f1b9df501993a9dec70da and
14f4d016fef9d660da1e7e91aec4a0e807de59ab.)

Signed-off-by: Mike Crowe 
Signed-off-by: Ross Burton 
Signed-off-by: Armin Kuster 
---
 meta/classes/allarch.bbclass | 4 
 1 file changed, 4 insertions(+)

diff --git a/meta/classes/allarch.bbclass b/meta/classes/allarch.bbclass
index 4bc9927..6f63f9d 100644
--- a/meta/classes/allarch.bbclass
+++ b/meta/classes/allarch.bbclass
@@ -27,6 +27,10 @@ python () {
 d.setVar("PACKAGE_EXTRA_ARCHS", "")
 d.setVar("SDK_ARCH", "none")
 d.setVar("SDK_CC_ARCH", "none")
+d.setVar("TARGET_CPPFLAGS", "none")
+d.setVar("TARGET_CFLAGS", "none")
+d.setVar("TARGET_CXXFLAGS", "none")
+d.setVar("TARGET_LDFLAGS", "none")
 
 # Avoid this being unnecessarily different due to nuances of
 # the target machine that aren't important for "all" arch
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 17/20] libxml2: CVE-2015-8241

[Armin Kuster]

From: Sona Sarmadi 

Upstream bug (contains reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756263

Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=
ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe

Signed-off-by: Tudor Florea 
Signed-off-by: Sona Sarmadi 
Signed-off-by: Armin Kuster 
---
 meta/recipes-core/libxml/libxml2.inc   |  1 +
 .../libxml/libxml2/CVE-2015-8241.patch | 41 ++
 2 files changed, 42 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch

diff --git a/meta/recipes-core/libxml/libxml2.inc 
b/meta/recipes-core/libxml/libxml2.inc
index d5e263b..2dafeb4 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -25,6 +25,7 @@ SRC_URI = 
"ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \

file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
file://CVE-2015-7942.patch \
file://CVE-2015-8035.patch \
+   file://CVE-2015-8241.patch \
   "
 
 BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch
new file mode 100644
index 000..98b30f0
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8241.patch
@@ -0,0 +1,41 @@
+From ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe Mon Sep 17 00:00:00 2001
+From: Hugh Davenport 
+Date: Tue, 3 Nov 2015 20:40:49 +0800
+Subject: Avoid extra processing of MarkupDecl when EOF
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=756263
+
+One place where ctxt->instate == XML_PARSER_EOF whic was set up
+by entity detection issues doesn't get noticed, and even overrided
+
+Fixes CVE-2015-8241.
+
+Upstream-Status: Backport
+
+Signed-off-by: Sona Sarmadi 
+---
+ parser.c | 8 
+ 1 file changed, 8 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index d67b300..134afe7 100644
+--- a/parser.c
 b/parser.c
+@@ -6972,6 +6972,14 @@ xmlParseMarkupDecl(xmlParserCtxtPtr ctxt) {
+   xmlParsePI(ctxt);
+   }
+ }
++
++/*
++ * detect requirement to exit there and act accordingly
++ * and avoid having instate overriden later on
++ */
++if (ctxt->instate == XML_PARSER_EOF)
++return;
++
+ /*
+  * This is only for internal subset. On external entities,
+  * the replacement is done before parsing stage
+-- 
+cgit v0.11.2
+
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 07/20] layer.conf: Add several allarch dependency exclusions

[Armin Kuster]

From: Richard Purdie 

These are dependencies that our allarch packages have in OE-Core that cause
those allarch packages to rebuild every time MACHINE changes.

With these changes, OE-Core allarch packages all have a common sstate
signatures and no longer rebuild.

(From OE-Core rev: 63bff90fa4fb4a95e8c79f9f8e5dd90ae1dfc69d)

Signed-off-by: Richard Purdie 
Signed-off-by: Armin Kuster 
---
 meta/conf/layer.conf | 10 ++
 1 file changed, 10 insertions(+)

diff --git a/meta/conf/layer.conf b/meta/conf/layer.conf
index de96548..047292d 100644
--- a/meta/conf/layer.conf
+++ b/meta/conf/layer.conf
@@ -43,5 +43,15 @@ SIGGEN_EXCLUDE_SAFE_RECIPE_DEPS += " \
   gcc-cross-${TARGET_ARCH}->musl \
   gcc-cross-${TARGET_ARCH}->uclibc \
   gcc-cross-${TARGET_ARCH}->linux-libc-headers \
+  ppp-dialin->ppp \
+  resolvconf->bash \
+  docbook-xsl-stylesheets->perl \
+  initramfs-framework->busybox \
+  initramfs-framework->systemd \
+  liberation-fonts->fontconfig \
+  gnome-icon-theme->librsvg \
+  font-alias->font-util \
+  weston-init->weston \
+  weston-init->kbd \
 "
 
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 02/20] grep2.19: CVE-2015-1345

[Armin Kuster]

From: Sona Sarmadi 

Fixes heap-based buffer overflow flaw in grep.
Affected versions are: grep 2.19 through 2.21

Removed THANKS.in changes from upstream patch since this
file does not exist in version 2.19.
Replaced tab with spaces in SRC_URI as well.

Upstream fix:
http://git.sv.gnu.org/cgit/grep.git/commit/?id=
83a95bd8c8561875b948cadd417c653dbe7ef2e2

Signed-off-by: Sona Sarmadi 
Signed-off-by: Armin Kuster 
---
 .../grep/grep-2.19/grep2.19-CVE-2015-1345.patch| 129 +
 meta/recipes-extended/grep/grep_2.19.bb|   4 +-
 2 files changed, 132 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch

diff --git a/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch 
b/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch
new file mode 100644
index 000..32846f5
--- /dev/null
+++ b/meta/recipes-extended/grep/grep-2.19/grep2.19-CVE-2015-1345.patch
@@ -0,0 +1,129 @@
+From 83a95bd8c8561875b948cadd417c653dbe7ef2e2 Mon Sep 17 00:00:00 2001
+From: Yuliy Pisetsky 
+Date: Thu, 01 Jan 2015 23:36:55 +
+Subject: grep -F: fix a heap buffer (read) overrun
+
+grep's read buffer is often filled to its full size, except when
+reading the final buffer of a file.  In that case, the number of
+bytes read may be far less than the size of the buffer.  However, for
+certain unusual pattern/text combinations, grep -F would mistakenly
+examine bytes in that uninitialized region of memory when searching
+for a match.  With carefully chosen inputs, one can cause grep -F to
+read beyond the end of that buffer altogether.  This problem arose via
+commit v2.18-90-g73893ff with the introduction of a more efficient
+heuristic using what is now the memchr_kwset function. The use of
+that function in bmexec_trans could leave TP much larger than EP,
+and the subsequent call to bm_delta2_search would mistakenly access
+beyond end of the main input read buffer.
+
+* src/kwset.c (bmexec_trans): When TP reaches or exceeds EP,
+do not call bm_delta2_search.
+* tests/kwset-abuse: New file.
+* tests/Makefile.am (TESTS): Add it.
+* NEWS (Bug fixes): Mention it.
+
+Prior to this patch, this command would trigger a UMR:
+
+  printf %0360db 0 | valgrind src/grep -F $(printf %019dXb 0)
+
+  Use of uninitialised value of size 8
+ at 0x4142BE: bmexec_trans (kwset.c:657)
+ by 0x4143CA: bmexec (kwset.c:678)
+ by 0x414973: kwsexec (kwset.c:848)
+ by 0x414DC4: Fexecute (kwsearch.c:128)
+ by 0x404E2E: grepbuf (grep.c:1238)
+ by 0x4054BF: grep (grep.c:1417)
+ by 0x405CEB: grepdesc (grep.c:1645)
+ by 0x405EC1: grep_command_line_arg (grep.c:1692)
+ by 0x4077D4: main (grep.c:2570)
+
+See the accompanying test for how to trigger the heap buffer overrun.
+
+Thanks to Nima Aghdaii for testing and finding numerous
+ways to break early iterations of this patch.
+
+Fixes CVE-2015-1345.
+Upstream-Status: Backport
+
+---
+diff --git a/NEWS b/NEWS
+index 975440d..3835d8d 100644
+--- a/NEWS
 b/NEWS
+@@ -2,6 +2,11 @@ GNU grep NEWS-*- outline 
-*-
+ 
+ * Noteworthy changes in release ?.? (-??-??) [?]
+ 
++** Bug fixes
++
++  grep no longer reads from uninitialized memory or from beyond the end
++  of the heap-allocated input buffer.
++
+ 
+ * Noteworthy changes in release 2.21 (2014-11-23) [stable]
+ 
+diff --git a/src/kwset.c b/src/kwset.c
+index 4003c8d..376f7c3 100644
+--- a/src/kwset.c
 b/src/kwset.c
+@@ -643,6 +643,8 @@ bmexec_trans (kwset_t kwset, char const *text, size_t size)
+ if (! tp)
+   return -1;
+ tp++;
++if (ep <= tp)
++  break;
+   }
+   }
+   }
+diff --git a/tests/Makefile.am b/tests/Makefile.am
+index 2cba2cd..0508cd2 100644
+--- a/tests/Makefile.am
 b/tests/Makefile.am
+@@ -75,6 +75,7 @@ TESTS =  \
+   inconsistent-range  \
+   invalid-multibyte-infloop   \
+   khadafy \
++  kwset-abuse \
+   long-line-vs-2GiB-read  \
+   match-lines \
+   max-count-overread  \
+diff --git a/tests/kwset-abuse b/tests/kwset-abuse
+new file mode 100755
+index 000..6d8ec0c
+--- a/dev/null
 b/tests/kwset-abuse
+@@ -0,0 +1,32 @@
++#! /bin/sh
++# Evoke a segfault in a hard-to-reach code path of kwset.c.
++# This bug affected grep versions 2.19 through 2.21.
++#
++# Copyright (C) 2015 Free Software Foundation, Inc.
++#
++# This program is free software: you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation, either version 3 of the 

[OE-core] [PATCH 01/20] libtasn1: CVE-2015-3622

[Armin Kuster]

From: Sona Sarmadi 

_asn1_extract_der_octet: prevent past of boundary access

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch;
h=f979435823a02f842c41d49cd41cc81f25b5d677

Signed-off-by: Sona Sarmadi 
Signed-off-by: Armin Kuster 
---
 .../gnutls/libtasn1/libtasn1-CVE-2015-3622.patch   | 44 ++
 meta/recipes-support/gnutls/libtasn1_4.0.bb|  1 +
 2 files changed, 45 insertions(+)
 create mode 100644 
meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch

diff --git a/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch 
b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
new file mode 100644
index 000..0989ef6
--- /dev/null
+++ b/meta/recipes-support/gnutls/libtasn1/libtasn1-CVE-2015-3622.patch
@@ -0,0 +1,44 @@
+From f979435823a02f842c41d49cd41cc81f25b5d677 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos 
+Date: Mon, 20 Apr 2015 14:56:27 +0200
+Subject: [PATCH] _asn1_extract_der_octet: prevent past of boundary access
+
+Fixes CVE-2015-3622.
+Upstream-Status: Backport
+
+Reported by Hanno B??ck.
+---
+ lib/decoding.c |3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/lib/decoding.c b/lib/decoding.c
+index 7fbd931..42ddc6b 100644
+--- a/lib/decoding.c
 b/lib/decoding.c
+@@ -732,6 +732,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned 
char *der,
+ return ASN1_DER_ERROR;
+ 
+   counter = len3 + 1;
++  DECR_LEN(der_len, len3);
+ 
+   if (len2 == -1)
+ counter_end = der_len - 2;
+@@ -740,6 +741,7 @@ _asn1_extract_der_octet (asn1_node node, const unsigned 
char *der,
+ 
+   while (counter < counter_end)
+ {
++  DECR_LEN(der_len, 1);
+   len2 = asn1_get_length_der (der + counter, der_len, );
+ 
+   if (IS_ERR(len2, flags))
+@@ -764,7 +766,6 @@ _asn1_extract_der_octet (asn1_node node, const unsigned 
char *der,
+ len2 = 0;
+   }
+ 
+-  DECR_LEN(der_len, 1);
+   counter += len2 + len3 + 1;
+ }
+ 
+-- 
+1.7.2.5
+
diff --git a/meta/recipes-support/gnutls/libtasn1_4.0.bb 
b/meta/recipes-support/gnutls/libtasn1_4.0.bb
index 289833ec..16cf4d6 100644
--- a/meta/recipes-support/gnutls/libtasn1_4.0.bb
+++ b/meta/recipes-support/gnutls/libtasn1_4.0.bb
@@ -11,6 +11,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
 SRC_URI = "${GNU_MIRROR}/libtasn1/libtasn1-${PV}.tar.gz \
file://libtasn1_fix_for_automake_1.12.patch \
file://dont-depend-on-help2man.patch \
+   file://libtasn1-CVE-2015-3622.patch \
"
 
 SRC_URI[md5sum] = "d3d2d9bce3b6668b9827a9df52635be1"
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 06/20] image.bbclass: don't let do_rootfs depend on BUILDNAME

[Armin Kuster]

From: Chen Qi 

BUILDNAME is set by cooker as a string of current time. Letting do_rootfs
task depend on this variable gets us no benefit. Besides, letting do_rootfs
task depend on this variable will cause us trouble when executing
`bitbake -S none core-image-minimal'. With current code, this command
gives us error complaining about the different bashhash of do_rootfs task.

Signed-off-by: Chen Qi 
Signed-off-by: Ross Burton 
Signed-off-by: Martin Jansa 
Signed-off-by: Armin Kuster 
---
 meta/classes/image.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/image.bbclass b/meta/classes/image.bbclass
index 1c0fda7..c0f9775 100644
--- a/meta/classes/image.bbclass
+++ b/meta/classes/image.bbclass
@@ -94,7 +94,7 @@ def rootfs_variables(d):
  
'IMAGE_ROOTFS_MAXSIZE','IMAGE_NAME','IMAGE_LINK_NAME','IMAGE_MANIFEST','DEPLOY_DIR_IMAGE','RM_OLD_IMAGE','IMAGE_FSTYPES','IMAGE_INSTALL_COMPLEMENTARY','IMAGE_LINGUAS','SDK_OS',
  
'SDK_OUTPUT','SDKPATHNATIVE','SDKTARGETSYSROOT','SDK_DIR','SDK_VENDOR','SDKIMAGE_INSTALL_COMPLEMENTARY','SDK_PACKAGE_ARCHS','SDK_OUTPUT','SDKTARGETSYSROOT','MULTILIBRE_ALLOW_REP',
  
'MULTILIB_TEMP_ROOTFS','MULTILIB_VARIANTS','MULTILIBS','ALL_MULTILIB_PACKAGE_ARCHS','MULTILIB_GLOBAL_VARIANTS','BAD_RECOMMENDATIONS','NO_RECOMMENDATIONS','PACKAGE_ARCHS',
- 
'PACKAGE_CLASSES','TARGET_VENDOR','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','BUILDNAME','USE_DEVFS',
+ 
'PACKAGE_CLASSES','TARGET_VENDOR','TARGET_VENDOR','TARGET_ARCH','TARGET_OS','OVERRIDES','BBEXTENDVARIANT','FEED_DEPLOYDIR_BASE_URI','INTERCEPT_DIR','USE_DEVFS',
  'STAGING_KERNEL_DIR','COMPRESSIONTYPES']
 variables.extend(command_variables(d))
 variables.extend(variable_depends(d))
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 12/20] glibc: use patch for CVE-2015-1781

[Armin Kuster]

From: Tudor Florea 

Patch added to the repo wasn't actually considered due to a
erronously way of specifying the sources.

Signed-off-by: Tudor Florea 
Signed-off-by: Armin Kuster 
---
 meta/recipes-core/glibc/glibc_2.20.bb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/meta/recipes-core/glibc/glibc_2.20.bb 
b/meta/recipes-core/glibc/glibc_2.20.bb
index a0736cd..2ab4083 100644
--- a/meta/recipes-core/glibc/glibc_2.20.bb
+++ b/meta/recipes-core/glibc/glibc_2.20.bb
@@ -40,14 +40,12 @@ EGLIBCPATCHES = "\
 #   file://eglibc-install-pic-archives.patch \
 #  file://initgroups_keys.patch \
 #
-CVEPATCHES = "\
-file://CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch \
-"
 
 CVEPATCHES = "\
 file://CVE-2014-7817-wordexp-fails-to-honour-WRDE_NOCMD.patch \
 file://CVE-2012-3406-Stack-overflow-in-vfprintf-BZ-16617.patch \
 file://CVE-2014-9402_endless-loop-in-getaddr_r.patch \
+file://CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch \
 "
 LIC_FILES_CHKSUM = "file://LICENSES;md5=e9a558e243b36d3209f380deb394b213 \
   file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 15/20] libxml2: CVE-2015-8035

[Armin Kuster]

From: Sona Sarmadi 

Fixes DoS when parsing specially crafted XML document
if XZ support is enabled.

References:
https://bugzilla.gnome.org/show_bug.cgi?id=757466

Upstream correction:
https://git.gnome.org/browse/libxml2/commit/?id=
f0709e3ca8f8947f2d91ed34e92e38a4c23eae63

Signed-off-by: Tudor Florea 
Signed-off-by: Sona Sarmadi 
Signed-off-by: Armin Kuster 
---
 meta/recipes-core/libxml/libxml2.inc   |  1 +
 .../libxml/libxml2/CVE-2015-8035.patch | 35 ++
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch

diff --git a/meta/recipes-core/libxml/libxml2.inc 
b/meta/recipes-core/libxml/libxml2.inc
index 15a2421..d5e263b 100644
--- a/meta/recipes-core/libxml/libxml2.inc
+++ b/meta/recipes-core/libxml/libxml2.inc
@@ -24,6 +24,7 @@ SRC_URI = 
"ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://libxml2-CVE-2014-3660.patch \

file://0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch \
file://CVE-2015-7942.patch \
+   file://CVE-2015-8035.patch \
   "
 
 BINCONFIG = "${bindir}/xml2-config"
diff --git a/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch 
b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
new file mode 100644
index 000..d08693f
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/CVE-2015-8035.patch
@@ -0,0 +1,35 @@
+From f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard 
+Date: Tue, 3 Nov 2015 15:31:25 +0800
+Subject: CVE-2015-8035 Fix XZ compression support loop
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=757466
+DoS when parsing specially crafted XML document if XZ support
+is compiled in (which wasn't the case for 2.9.2 and master since
+Nov 2013, fixed in next commit !)
+
+Upstream-Status: Backport
+Signed-off-by: Sona Sarmadi 
+
+---
+ xzlib.c | 4 
+ 1 file changed, 4 insertions(+)
+
+diff --git a/xzlib.c b/xzlib.c
+index 0dcb9f4..1fab546 100644
+--- a/xzlib.c
 b/xzlib.c
+@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
+ xz_error(state, LZMA_DATA_ERROR, "compressed data error");
+ return -1;
+ }
++if (ret == LZMA_PROG_ERROR) {
++xz_error(state, LZMA_PROG_ERROR, "compression error");
++return -1;
++}
+ } while (strm->avail_out && ret != LZMA_STREAM_END);
+ 
+ /* update available output and crc check value */
+-- 
+cgit v0.11.2
+
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 19/20] grub2: Fix CVE-2015-8370

[Armin Kuster]

From: "Belal, Awais" 

http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2

Signed-off-by: Awais Belal 
Signed-off-by: Armin Kuster 
---
 ...E-2015-8370-Grub2-user-pass-vulnerability.patch | 50 ++
 meta/recipes-bsp/grub/grub-efi_2.00.bb |  1 +
 meta/recipes-bsp/grub/grub_2.00.bb |  1 +
 3 files changed, 52 insertions(+)
 create mode 100644 
meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch

diff --git 
a/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
 
b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
new file mode 100644
index 000..9ddd7a6
--- /dev/null
+++ 
b/meta/recipes-bsp/grub/files/0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch
@@ -0,0 +1,50 @@
+Upstream-Status: Accepted
+Signed-off-by: Awais Belal 
+
+From 451d80e52d851432e109771bb8febafca7a5f1f2 Mon Sep 17 00:00:00 2001
+From: Hector Marco-Gisbert 
+Date: Wed, 16 Dec 2015 04:57:18 +
+Subject: Fix security issue when reading username and password
+
+This patch fixes two integer underflows at:
+  * grub-core/lib/crypto.c
+  * grub-core/normal/auth.c
+
+CVE-2015-8370
+
+Signed-off-by: Hector Marco-Gisbert 
+Signed-off-by: Ismael Ripoll-Ripoll 
+Also-By: Andrey Borzenkov 
+---
+Index: grub-2.00/grub-core/lib/crypto.c
+===
+--- grub-2.00.orig/grub-core/lib/crypto.c
 grub-2.00/grub-core/lib/crypto.c
+@@ -458,7 +458,8 @@ grub_password_get (char buf[], unsigned
+ 
+   if (key == '\b')
+   {
+-cur_len--;
++  if (cur_len)
++cur_len--;
+ continue;
+   }
+ 
+Index: grub-2.00/grub-core/normal/auth.c
+===
+--- grub-2.00.orig/grub-core/normal/auth.c
 grub-2.00/grub-core/normal/auth.c
+@@ -174,8 +174,11 @@ grub_username_get (char buf[], unsigned
+ 
+   if (key == '\b')
+   {
+-cur_len--;
+-grub_printf ("\b");
++  if (cur_len)
++   {
++   cur_len--;
++   grub_printf ("\b");
++}
+ continue;
+   }
+ 
diff --git a/meta/recipes-bsp/grub/grub-efi_2.00.bb 
b/meta/recipes-bsp/grub/grub-efi_2.00.bb
index 7674255..6822e7a 100644
--- a/meta/recipes-bsp/grub/grub-efi_2.00.bb
+++ b/meta/recipes-bsp/grub/grub-efi_2.00.bb
@@ -30,6 +30,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
file://grub-2.00-add-oe-kernel.patch \
file://grub-efi-fix-with-glibc-2.20.patch \
file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
+   file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
   "
 SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
 SRC_URI[sha256sum] = 
"65b39a0558f8c802209c574f4d02ca263a804e8a564bc6caf1cd0fd3b3cc11e3"
diff --git a/meta/recipes-bsp/grub/grub_2.00.bb 
b/meta/recipes-bsp/grub/grub_2.00.bb
index d4df676..94b6da9 100644
--- a/meta/recipes-bsp/grub/grub_2.00.bb
+++ b/meta/recipes-bsp/grub/grub_2.00.bb
@@ -25,6 +25,7 @@ SRC_URI = "ftp://ftp.gnu.org/gnu/grub/grub-${PV}.tar.gz \
   file://fix-endianness-problem.patch \
   file://grub2-remove-sparc64-setup-from-x86-builds.patch \
   file://0001-parse_dhcp_vendor-Add-missing-const-qualifiers.patch \
+  file://0001-Fix-CVE-2015-8370-Grub2-user-pass-vulnerability.patch \
   "
 
 SRC_URI[md5sum] = "e927540b6eda8b024fb0391eeaa4091c"
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 18/20] Fixes a heap buffer overflow in glibc wscanf.

[Armin Kuster]

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
http://openwall.com/lists/oss-security/2015/02/04/1

Reference to upstream fix:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;
h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06

Signed-off-by: Sona Sarmadi 
Signed-off-by: Tudor Florea 

Hand applied.

Signed-off-by: Armin Kuster 
---
 ...5-1472-wscanf-allocates-too-little-memory.patch | 108 +
 meta/recipes-core/glibc/glibc_2.20.bb  |   1 +
 2 files changed, 109 insertions(+)
 create mode 100644 
meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch

diff --git 
a/meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch
 
b/meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch
new file mode 100644
index 000..ab513aa
--- /dev/null
+++ 
b/meta/recipes-core/glibc/glibc/CVE-2015-1472-wscanf-allocates-too-little-memory.patch
@@ -0,0 +1,108 @@
+CVE-2015-1472: wscanf allocates too little memory
+
+BZ #16618
+
+Under certain conditions wscanf can allocate too little memory for the
+to-be-scanned arguments and overflow the allocated buffer.  The
+implementation now correctly computes the required buffer size when
+using malloc.
+
+A regression test was added to tst-sscanf.
+
+Upstream-Status: Backport
+
+The patch is from (Paul Pluzhnikov ):
+[https://sourceware.org/git/?p=glibc.git;a=patch;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06]
+
+diff -ruN a/ChangeLog b/ChangeLog
+--- a/ChangeLog2015-09-22 10:20:14.399408389 +0200
 b/ChangeLog2015-09-22 10:33:07.374388595 +0200
+@@ -1,3 +1,12 @@
++2015-02-05  Paul Pluzhnikov  
++
++   [BZ #16618] CVE-2015-1472
++   * stdio-common/tst-sscanf.c (main): Test for buffer overflow.
++   * stdio-common/vfscanf.c (_IO_vfscanf_internal): Compute needed
++   size in bytes. Store needed elements in wpmax. Use needed size
++   in bytes for extend_alloca.
++
++
+ 2014-12-16  Florian Weimer  
+ 
+[BZ #17630]
+diff -ruN a/stdio-common/tst-sscanf.c b/stdio-common/tst-sscanf.c
+--- a/stdio-common/tst-sscanf.c2015-09-22 10:20:09.995596201 +0200
 b/stdio-common/tst-sscanf.c2015-09-22 10:21:39.211791399 +0200
+@@ -233,5 +233,38 @@
+   }
+ }
+ 
++  /* BZ #16618
++ The test will segfault during SSCANF if the buffer overflow
++ is not fixed.  The size of `s` is such that it forces the use
++ of malloc internally and this triggers the incorrect computation.
++ Thus the value for SIZE is arbitrariy high enough that malloc
++ is used.  */
++  {
++#define SIZE 131072
++CHAR *s = malloc ((SIZE + 1) * sizeof (*s));
++if (s == NULL)
++  abort ();
++for (size_t i = 0; i < SIZE; i++)
++  s[i] = L('0');
++s[SIZE] = L('\0');
++int i = 42;
++/* Scan multi-digit zero into `i`.  */
++if (SSCANF (s, L("%d"), ) != 1)
++  {
++  printf ("FAIL: bug16618: SSCANF did not read one input item.\n");
++  result = 1;
++  }
++if (i != 0)
++  {
++  printf ("FAIL: bug16618: Value of `i` was not zero as expected.\n");
++  result = 1;
++  }
++free (s);
++if (result != 1)
++  printf ("PASS: bug16618: Did not crash.\n");
++#undef SIZE
++  }
++
++
+   return result;
+ }
+diff -ruN a/stdio-common/vfscanf.c b/stdio-common/vfscanf.c
+--- a/stdio-common/vfscanf.c   2015-09-22 10:20:14.051423230 +0200
 b/stdio-common/vfscanf.c   2015-09-22 10:21:39.215791228 +0200
+@@ -279,9 +279,10 @@
+   if (__glibc_unlikely (wpsize == wpmax))   \
+   {   \
+ CHAR_T *old = wp; \
+-size_t newsize = (UCHAR_MAX + 1 > 2 * wpmax   \
+-  ? UCHAR_MAX + 1 : 2 * wpmax);   \
+-if (use_malloc || !__libc_use_alloca (newsize))   \
++bool fits = __glibc_likely (wpmax <= SIZE_MAX / sizeof (CHAR_T) / 2); 
\
++size_t wpneed = MAX (UCHAR_MAX + 1, 2 * wpmax);   \
++size_t newsize = fits ? wpneed * sizeof (CHAR_T) : SIZE_MAX;  \
++if (!__libc_use_alloca (newsize)) \
+   {   \
+ wp = realloc (use_malloc ? wp : NULL, newsize);   \
+ if (wp == NULL)   \
+@@ -293,14 +294,13 @@
+   }   \
+ if (! use_malloc) \
+   MEMCPY (wp, old, wpsize);   

[OE-core] [PATCH 10/20] texinfo: don't create dependency on INHERIT variable

[Armin Kuster]

From: Martin Jansa 

* we don't want the do_package signature depending on INHERIT variable
* e.g. just adding the own-mirrors causes texinfo to rebuild:
  # bitbake-diffsigs BUILD/sstate-diff/*/*/texinfo/*do_package.sig*
  basehash changed from 015df2fd8e396cc1e15622dbac843301 to 
9f1d06c4f238c70a99ccb6d8da348b6a
  Variable INHERIT value changed from
  ' rm_work blacklist blacklist report-error ${PACKAGE_CLASSES} ${USER_CLASSES} 
${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity'
  to
  ' rm_work own-mirrors blacklist blacklist report-error ${PACKAGE_CLASSES} 
${USER_CLASSES} ${INHERIT_DISTRO} ${INHERIT_BLACKLIST} sanity'

Signed-off-by: Martin Jansa 
Signed-off-by: Armin Kuster 
---
 meta/recipes-extended/texinfo/texinfo_5.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/texinfo/texinfo_5.2.bb 
b/meta/recipes-extended/texinfo/texinfo_5.2.bb
index cf9dcfd..3394474 100644
--- a/meta/recipes-extended/texinfo/texinfo_5.2.bb
+++ b/meta/recipes-extended/texinfo/texinfo_5.2.bb
@@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
 PROVIDES_append_class-native = " texinfo-replacement-native"
 
 def compress_pkg(d):
-if "compress_doc" in (d.getVar("INHERIT", True) or "").split():
+if bb.data.inherits_class('compress_doc', d):
  compress = d.getVar("DOC_COMPRESS", True)
  if compress == "gz":
  return "gzip"
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 24/53] directfb: Fix build with musl

[Khem Raj]

On Fri, Jan 8, 2016 at 11:43 PM, Khem Raj  wrote:
> On Fri, Jan 8, 2016 at 7:27 PM, Andre McCurdy  wrote:
>>> +diff -Naur DirectFB-1.7.6.orig/lib/direct/os/linux/glibc/mutex.h 
>>> DirectFB-1.7.6/lib/direct/os/linux/glibc/mutex.h
>>> +--- DirectFB-1.7.6.orig/lib/direct/os/linux/glibc/mutex.h  2013-12-18 
>>> 19:16:24.0 -0500
>>>  DirectFB-1.7.6/lib/direct/os/linux/glibc/mutex.h   2015-07-18 
>>> 16:57:47.178982835 -0400
>>> +@@ -46,7 +46,7 @@
>>> + 
>>> /**/
>>> +
>>> + #define DIRECT_MUTEX_INITIALIZER(name){ 
>>> PTHREAD_MUTEX_INITIALIZER }
>>> +-#define DIRECT_RECURSIVE_MUTEX_INITIALIZER(name)  { 
>>> PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP }
>>> ++#define DIRECT_RECURSIVE_MUTEX_INITIALIZER(name)  { 
>>> PTHREAD_MUTEX_RECURSIVE }
>>
>> This looks completely bogus.
>>
>> PTHREAD_RECURSIVE_MUTEX_INITIALIZER_NP initialises a pthread_mutex_t
>> structure and PTHREAD_MUTEX_RECURSIVE is an enum. You can't just
>> replace one with the other.
>
> It indeed is bogus. I took it as a stepstone to get it compiling but
> in reality what we need is a portable way to initialize recursive
> mutex instead of _NP
> something like using pthread_once during lock initialization. Let me
> see what can be done.

Please try out 
https://github.com/kraj/openembedded-core/commit/4104b7cdd0b58e24a926cdcf6415f3da3f48624e
which should be the right fix and portable one.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 00/53] musl fixes 3

[Khem Raj]

On Fri, Jan 8, 2016 at 10:34 AM, Khem Raj  wrote:
> On Fri, Jan 8, 2016 at 10:29 AM, Burton, Ross  wrote:
>>
>> On 8 January 2016 at 17:43, Khem Raj  wrote:
>>>
>>> systemd does not work with musl. I have patches in my tree to fix the
>>> build but then it does not run :(. musl and systemd has different
>>
>>
>> I wonder if we can/should raise a SkipPackage for systemd if musl is
>> enabled?
>
> Seems good.

I have updated the pull branch with

1. Fix for recursive mutex for directfb
2. Fix to skip parsing systemd for musl
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 00/53] musl fixes 3

[Khem Raj]

On Fri, Jan 8, 2016 at 6:53 AM, Burton, Ross  wrote:
>
> On 8 January 2016 at 14:00, Burton, Ross  wrote:
>>
>> Hm, for some reason, this doesn't work for me.
>>
>> Lots and lots of "files installed but not packaged", all locales.  eg
>> /usr/lib/locale/hu/LC_MESSAGES/glib20.mo in glib-2.0.
>
>
> So under musl the translations are being installed to /usr/lib/locale,
> whereas under glibc its /usr/share/locale. This is showing some problems in
> bitbake.conf: that sets localedir to ${libdir}/locale but then sets
> FILES_PN-locale to ${datadir}/locale.
>

I have pushed a fix for this to pull branch as well here
https://github.com/kraj/openembedded-core/commit/db21a7a31e9c37f7c2dd0a914599d7b3467ae2d9

> Ross
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 24/53] directfb: Fix build with musl

[Burton, Ross]

On 9 January 2016 at 03:27, Andre McCurdy  wrote:

> For patches which fix 'correctness' issues uncovered by musl maybe
> it's better to apply the patches unconditionally, so they get some
> test cover from non-musl builds?
>
> Especially true in this case - see below.
>

Agreed. Patches should only be applied on overrides if they negatively
impact other configurations, so a strict correctness patch should always be
applied whereas a patch that stubs out glibc-specific code would be applied
on specific configurations.

Ross
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 00/53] musl fixes 3

[Burton, Ross]

On 9 January 2016 at 09:23, Khem Raj  wrote:

> I have pushed a fix for this to pull branch as well here
>
> https://github.com/kraj/openembedded-core/commit/db21a7a31e9c37f7c2dd0a914599d7b3467ae2d9
>

Awesome, thanks Khem.

Ross
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core