[OE-core] [PATCH] wpa-supplicant: Fix CVE-2015-4142
Description on [1] and patch taken from [2]
[1]https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4142
[2]http://w1.fi/security/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
Signed-off-by: Fan Xin
diff --git
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
new file mode 100644
index 000..79c5af8
--- /dev/null
+++
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
@@ -0,0 +1,41 @@
+From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
+From: Jouni Malinen
+Date: Wed, 29 Apr 2015 02:21:53 +0300
+Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
+
+The length of the WMM Action frame was not properly validated and the
+length of the information elements (int left) could end up being
+negative. This would result in reading significantly past the stack
+buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
+so, resulting in segmentation fault.
+
+This can result in an invalid frame being used for a denial of service
+attack (hostapd process killed) against an AP with a driver that uses
+hostapd for management frame processing (e.g., all mac80211-based
+drivers).
+
+Thanks to Kostya Kortchinsky of Google security team for discovering and
+reporting this issue.
+
+Signed-off-by: Jouni Malinen
+---
+ src/ap/wmm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/ap/wmm.c b/src/ap/wmm.c
+index 6d4177c..314e244 100644
+--- a/src/ap/wmm.c
b/src/ap/wmm.c
+@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd,
+ return;
+ }
+
++ if (left < 0)
++ return; /* not a valid WMM Action frame */
++
+ /* extract the tspec info element */
+ if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
+ hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+--
+1.9.1
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
index ebae239..fee8384 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
@@ -25,6 +25,7 @@ SRC_URI =
"http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \
file://wpa_supplicant.conf-sane \
file://99_wpa_supplicant \
file://0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch \
+
file://0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch \
"
SRC_URI[md5sum] = "f0037dbe03897dcaf2ad2722e659095d"
SRC_URI[sha256sum] =
"058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122"
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v2] wpa-supplicant: Fix CVE-2015-4142
wpa-supplicant: Fix CVE-2015-4142
wpa-supplicant has a vulnerability aka CVE-2015-4142.
This patch fixes CVE-2015-4142.
Description on [1] and patch taken from [2].
[1]https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4142
[2]http://w1.fi/security/2015-3/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
Upstream-Status: Backport
Signed-off-by: Fan Xin
---
...integer-underflow-in-WMM-Action-frame-par.patch | 41 ++
.../wpa-supplicant/wpa-supplicant_2.4.bb | 1 +
2 files changed, 42 insertions(+)
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
diff --git
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
new file mode 100644
index 000..79c5af8
--- /dev/null
+++
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
@@ -0,0 +1,41 @@
+From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
+From: Jouni Malinen
+Date: Wed, 29 Apr 2015 02:21:53 +0300
+Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
+
+The length of the WMM Action frame was not properly validated and the
+length of the information elements (int left) could end up being
+negative. This would result in reading significantly past the stack
+buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
+so, resulting in segmentation fault.
+
+This can result in an invalid frame being used for a denial of service
+attack (hostapd process killed) against an AP with a driver that uses
+hostapd for management frame processing (e.g., all mac80211-based
+drivers).
+
+Thanks to Kostya Kortchinsky of Google security team for discovering and
+reporting this issue.
+
+Signed-off-by: Jouni Malinen
+---
+ src/ap/wmm.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/ap/wmm.c b/src/ap/wmm.c
+index 6d4177c..314e244 100644
+--- a/src/ap/wmm.c
b/src/ap/wmm.c
+@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd,
+ return;
+ }
+
++ if (left < 0)
++ return; /* not a valid WMM Action frame */
++
+ /* extract the tspec info element */
+ if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
+ hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
+--
+1.9.1
+
diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
index ebae239..fee8384 100644
--- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
+++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant_2.4.bb
@@ -25,6 +25,7 @@ SRC_URI =
"http://hostap.epitest.fi/releases/wpa_supplicant-${PV}.tar.gz \
file://wpa_supplicant.conf-sane \
file://99_wpa_supplicant \
file://0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch \
+
file://0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch \
"
SRC_URI[md5sum] = "f0037dbe03897dcaf2ad2722e659095d"
SRC_URI[sha256sum] =
"058dc832c096139a059e6df814080f50251a8d313c21b13364c54a1e70109122"
--
1.8.4.2
On 2015年06月27日 00:19, Burton, Ross wrote:
>
> On 26 June 2015 at 09:05, fan.xin <mailto:fan@jp.fujitsu.com>> wrote:
>
> +From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
> +From: Jouni Malinen mailto:j...@w1.fi>>
> +Date: Wed, 29 Apr 2015 02:21:53 +0300
> +Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
> +
> +The length of the WMM Action frame was not properly validated and the
> +length of the information elements (int left) could end up being
> +negative. This would result in reading significantly past the stack
> +buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
> +so, resulting in segmentation fault.
> +
> +This can result in an invalid frame being used for a denial of service
> +attack (hostapd process killed) against an AP with a driver that uses
> +hostapd for management frame processing (e.g., all mac80211-based
> +drivers).
> +
> +Thanks to Kostya Kortchinsky of Google security team for discovering and
> +reporting this issue.
> +
> +Signed-off-by: Jouni Malinen mailto:j...@w1.fi>>
>
>
> This patch needs an Upstream-Status (backport?) and Signed-off-by in the
> patch header.
>
> Ross
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] wpa-supplicant: Fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146
wpa-supplicant: backport patch to fix CVE-2015-4141,
CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146
Backport patch to fix CVE-2015-4141, CVE-2015-4143, CVE-2015-4144,
CVE-2015-4145, CVE-2015-4146.
This patch is originally from:
For CVE-2015-4141:
http://w1.fi/security/2015-2/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
For CVE-2015-4143:
http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
For CVE-2015-4144 and CVE-2015-4145:
http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
For CVE-2015-4146:
http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
Signed-off-by: Fan Xin
---
...r-Fix-payload-length-validation-for-Commi.patch | 77 ++
...Fix-HTTP-chunked-transfer-encoding-parser.patch | 53 +++
...ver-Fix-payload-length-validation-for-Com.patch | 70
...r-Fix-Total-Length-parsing-for-fragment-r.patch | 56
...ver-Fix-Total-Length-parsing-for-fragment.patch | 54 +++
...eer-Fix-asymmetric-fragmentation-behavior.patch | 36 ++
.../wpa-supplicant/wpa-supplicant_2.4.bb | 6 ++
7 files changed, 352 insertions(+)
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
create mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
diff --git
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
new file mode 100644
index 000..a2bafc8
--- /dev/null
+++
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
@@ -0,0 +1,77 @@
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin
+
+From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001
+From: Jouni Malinen
+Date: Fri, 1 May 2015 16:37:45 +0300
+Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit
+ and Confirm
+
+The length of the received Commit and Confirm message payloads was not
+checked before reading them. This could result in a buffer read
+overflow when processing an invalid message.
+
+Fix this by verifying that the payload is of expected length before
+processing it. In addition, enforce correct state transition sequence to
+make sure there is no unexpected behavior if receiving a Commit/Confirm
+message before the previous exchanges have been completed.
+
+Thanks to Kostya Kortchinsky of Google security team for discovering and
+reporting this issue.
+
+Signed-off-by: Jouni Malinen
+---
+ src/eap_peer/eap_pwd.c | 29 +
+ 1 file changed, 29 insertions(+)
+
+diff --git a/src/eap_peer/eap_pwd.c b/src/eap_peer/eap_pwd.c
+index f2b0926..a629437 100644
+--- a/src/eap_peer/eap_pwd.c
b/src/eap_peer/eap_pwd.c
+@@ -355,6 +355,23 @@ eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct
eap_pwd_data *data,
+ BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
+ u16 offset;
+ u8 *ptr, *scalar = NULL, *element = NULL;
++ size_t prime_len, order_len;
++
++ if (data->state != PWD_Commit_Req) {
++ ret->ignore = TRUE;
++ goto fin;
++ }
++
++ prime_len = BN_num_bytes(data->grp->prime);
++ order_len = BN_num_bytes(data->grp->order);
++
++ if (payload_len != 2 * prime_len + order_len) {
++ wpa_printf(MSG_INFO,
++ "EAP-pwd: Unexpected Commit payload length %u
(expected %u)",
++ (unsigned int) payload_len,
++ (unsigned int) (2 * prime_len + order_len));
++ goto fin;
++ }
+
+ if (((data->private_value = BN_new()) == NULL) ||
+ ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
+@@ -554,6 +571,18 @@ eap_pwd_perform_confirm_exchange(struct eap_sm *sm,
st
[OE-core] [PATCH] wpa-supplicant: upgrade to 2.5
wpa-supplicant: upgrade to 2.5
1. upgrade to 2.5
2. remove eight patches since they have been modified in 2.5
Signed-off-by: Fan Xin
---
...integer-underflow-in-WMM-Action-frame-par.patch | 45 -
...r-Fix-payload-length-validation-for-Commi.patch | 77
--
...e-SSID-element-length-before-copying-it-C.patch | 47 -
...Fix-HTTP-chunked-transfer-encoding-parser.patch | 53 ---
...ver-Fix-payload-length-validation-for-Com.patch | 70
...r-Fix-Total-Length-parsing-for-fragment-r.patch | 56
...ver-Fix-Total-Length-parsing-for-fragment.patch | 54 ---
...eer-Fix-asymmetric-fragmentation-behavior.patch | 36 --
...wpa-supplicant_2.4.bb => wpa-supplicant_2.5.bb} | 14 +---
9 files changed, 3 insertions(+), 449 deletions(-)
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
rename meta/recipes-connectivity/wpa-supplicant/{wpa-supplicant_2.4.bb
=> wpa-supplicant_2.5.bb} (81%)
diff --git
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
deleted file mode 100644
index 882674f..000
---
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin
-
-From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
-From: Jouni Malinen
-Date: Wed, 29 Apr 2015 02:21:53 +0300
-Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
-
-The length of the WMM Action frame was not properly validated and the
-length of the information elements (int left) could end up being
-negative. This would result in reading significantly past the stack
-buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
-so, resulting in segmentation fault.
-
-This can result in an invalid frame being used for a denial of service
-attack (hostapd process killed) against an AP with a driver that uses
-hostapd for management frame processing (e.g., all mac80211-based
-drivers).
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen
- src/ap/wmm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/ap/wmm.c b/src/ap/wmm.c
-index 6d4177c..314e244 100644
a/src/ap/wmm.c
-+++ b/src/ap/wmm.c
-@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd,
- return;
- }
-
-+ if (left < 0)
-+ return; /* not a valid WMM Action frame */
-+
- /* extract the tspec info element */
- if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
- hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
---
-1.9.1
-
diff --git
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
deleted file mode 100644
index a2bafc8..000
---
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin
-
-From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen
-Date: Fri, 1 May 2015 16:37:45 +0300
-Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit
- and Confirm
-
-The length of the received Commit and Confirm message payloads was not
-checked before reading them. This could result in a buffer read
-overflow when processing an invalid message.
-
-Fix this by verifying
Re: [OE-core] [PATCH] wpa-supplicant: upgrade to 2.5
Hi > Did you verify that the patches are not required anymore, or did you > just drop the patches that don't apply? Thanks for your comment. Yes, I have verified that these patches have been applied in the source files of wpa_supplicant 2.5. And I confirmed the ChangeLog of wpa_supplicant 2.5 that these vulnerabilities have been modified. http://w1.fi/cgit/hostap/plain/wpa_supplicant/ChangeLog > Also, this patch doesn't apply, can you try re-sending it? OK, I will resend it later. Fan On 2015年11月12日 03:44, Burton, Ross wrote: On 6 November 2015 at 07:27, Fan Xin mailto:fan@jp.fujitsu.com>> wrote: 1. upgrade to 2.5 2. remove eight patches since they have been modified in 2.5 Did you verify that the patches are not required anymore, or did you just drop the patches that don't apply? Also, this patch doesn't apply, can you try re-sending it? Ross -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] wpa-supplicant: upgrade to 2.5
Hi > In addition to what Ross mentioned, http://hostap.epitest.fi redirects > to http://w1.fi > > So, it will be nice to update the SRC_URI, HOMEPAGE and BUGTRACKER to use > w1.fi instead. Thanks for your comment. As you said, these items also should be updated. I will update them and resend the patch later. Thanks for your kindly reminder. Best Regards, Fan On 2015年11月12日 17:43, Maxin B. John wrote: Hi, On Fri, Nov 06, 2015 at 04:27:04PM +0900, Fan Xin wrote: wpa-supplicant: upgrade to 2.5 1. upgrade to 2.5 2. remove eight patches since they have been modified in 2.5 Signed-off-by: Fan Xin --- ...integer-underflow-in-WMM-Action-frame-par.patch | 45 - In addition to what Ross mentioned, http://hostap.epitest.fi redirects to http://w1.fi So, it will be nice to update the SRC_URI, HOMEPAGE and BUGTRACKER to use w1.fi instead. Best Regards, Maxin -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v2] wpa-supplicant: upgrade to 2.5
wpa-supplicant: upgrade to 2.5
1. upgrade to 2.5
2. remove eight patches since they have been applied in 2.5
3. update SRC_URI, HOMEPAGE and BUGTRACKER to use w1.fi instead
Signed-off-by: Fan Xin
---
...integer-underflow-in-WMM-Action-frame-par.patch | 45 -
...r-Fix-payload-length-validation-for-Commi.patch | 77
--
...e-SSID-element-length-before-copying-it-C.patch | 47 -
...Fix-HTTP-chunked-transfer-encoding-parser.patch | 53 ---
...ver-Fix-payload-length-validation-for-Com.patch | 70
...r-Fix-Total-Length-parsing-for-fragment-r.patch | 56
...ver-Fix-Total-Length-parsing-for-fragment.patch | 54 ---
...eer-Fix-asymmetric-fragmentation-behavior.patch | 36 --
...wpa-supplicant_2.4.bb => wpa-supplicant_2.5.bb} | 20 ++
9 files changed, 6 insertions(+), 452 deletions(-)
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
rename meta/recipes-connectivity/wpa-supplicant/{wpa-supplicant_2.4.bb
=> wpa-supplicant_2.5.bb} (77%)
diff --git
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
deleted file mode 100644
index 882674f..000
---
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin
-
-From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
-From: Jouni Malinen
-Date: Wed, 29 Apr 2015 02:21:53 +0300
-Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
-
-The length of the WMM Action frame was not properly validated and the
-length of the information elements (int left) could end up being
-negative. This would result in reading significantly past the stack
-buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
-so, resulting in segmentation fault.
-
-This can result in an invalid frame being used for a denial of service
-attack (hostapd process killed) against an AP with a driver that uses
-hostapd for management frame processing (e.g., all mac80211-based
-drivers).
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen
- src/ap/wmm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/ap/wmm.c b/src/ap/wmm.c
-index 6d4177c..314e244 100644
a/src/ap/wmm.c
-+++ b/src/ap/wmm.c
-@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd,
- return;
- }
-
-+ if (left < 0)
-+ return; /* not a valid WMM Action frame */
-+
- /* extract the tspec info element */
- if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
- hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
---
-1.9.1
-
diff --git
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
deleted file mode 100644
index a2bafc8..000
---
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin
-
-From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen
-Date: Fri, 1 May 2015 16:37:45 +0300
-Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit
- and Confirm
-
-The length of the received Commit and Confirm message payloads was not
-checked before reading them. This could result in a buffer read
-overflow when processing an invalid message.
-
-Fix this by ve
Re: [OE-core] [PATCH v2] wpa-supplicant: upgrade to 2.5
Hi
> It looks like you generated a patch and then pasted it into the
> Thunderbird composer, which means long lines wrap and the patch
> corrupts. Can you either send the patch without line wrapping or
> ideally using git-send-email directly?
Sorry for the wrong way to send patch.
I will re-send the patch using git-send-email.
Best Regards,
Fan
On 2015年11月17日 00:03, Burton, Ross wrote:
On 16 November 2015 at 10:37, Fan Xin mailto:fan@jp.fujitsu.com>> wrote:
wpa-supplicant: upgrade to 2.5
1. upgrade to 2.5
2. remove eight patches since they have been applied in 2.5
3. update SRC_URI, HOMEPAGE and BUGTRACKER to use w1.fi
<http://w1.fi> instead
Signed-off-by: Fan Xin http://jp.fujitsu.com>>
It looks like you generated a patch and then pasted it into the
Thunderbird composer, which means long lines wrap and the patch
corrupts. Can you either send the patch without line wrapping or
ideally using git-send-email directly?
Thanks,
Ross
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCHi v3] wpa-supplicant: upgrade to 2.5
wpa-supplicant: upgrade to 2.5
1. upgrade to 2.5
2. remove eight patches since they have been applied in 2.5
3. update SRC_URI, HOMEPAGE and BUGTRACKER to use w1.fi instead
Signed-off-by: Fan Xin
---
...integer-underflow-in-WMM-Action-frame-par.patch | 45 -
...r-Fix-payload-length-validation-for-Commi.patch | 77 --
...e-SSID-element-length-before-copying-it-C.patch | 47 -
...Fix-HTTP-chunked-transfer-encoding-parser.patch | 53 ---
...ver-Fix-payload-length-validation-for-Com.patch | 70
...r-Fix-Total-Length-parsing-for-fragment-r.patch | 56
...ver-Fix-Total-Length-parsing-for-fragment.patch | 54 ---
...eer-Fix-asymmetric-fragmentation-behavior.patch | 36 --
...wpa-supplicant_2.4.bb => wpa-supplicant_2.5.bb} | 20 ++
9 files changed, 6 insertions(+), 452 deletions(-)
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Fix-HTTP-chunked-transfer-encoding-parser.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
delete mode 100644
meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
rename meta/recipes-connectivity/wpa-supplicant/{wpa-supplicant_2.4.bb =>
wpa-supplicant_2.5.bb} (77%)
diff --git
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
deleted file mode 100644
index 882674f..000
---
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin
-
-From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001
-From: Jouni Malinen
-Date: Wed, 29 Apr 2015 02:21:53 +0300
-Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser
-
-The length of the WMM Action frame was not properly validated and the
-length of the information elements (int left) could end up being
-negative. This would result in reading significantly past the stack
-buffer while parsing the IEs in ieee802_11_parse_elems() and while doing
-so, resulting in segmentation fault.
-
-This can result in an invalid frame being used for a denial of service
-attack (hostapd process killed) against an AP with a driver that uses
-hostapd for management frame processing (e.g., all mac80211-based
-drivers).
-
-Thanks to Kostya Kortchinsky of Google security team for discovering and
-reporting this issue.
-
-Signed-off-by: Jouni Malinen
- src/ap/wmm.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/ap/wmm.c b/src/ap/wmm.c
-index 6d4177c..314e244 100644
a/src/ap/wmm.c
-+++ b/src/ap/wmm.c
-@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_data *hapd,
- return;
- }
-
-+ if (left < 0)
-+ return; /* not a valid WMM Action frame */
-+
- /* extract the tspec info element */
- if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) {
- hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
---
-1.9.1
-
diff --git
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
deleted file mode 100644
index a2bafc8..000
---
a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
+++ /dev/null
@@ -1,77 +0,0 @@
-Upstream-Status: Backport
-
-Signed-off-by: Fan Xin
-
-From dd2f043c9c43d156494e33d7ce22db96e6ef42c7 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen
-Date: Fri, 1 May 2015 16:37:45 +0300
-Subject: [PATCH 1/5] EAP-pwd peer: Fix payload length validation for Commit
- and Confirm
-
-The length of the received Commit and Confirm message payloads was not
-checked before reading them. This could result
[OE-core] [PATCH] libpcre: upgrade to 8.38
This is the latest release in the 8.xx series.
It fixes 46 bugs as listed:
http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
Vulnerabilities from CVE-2015-8380 to CVE-2015-8395 have been fixed in 8.38.
Signed-off-by: Fan Xin
---
meta/recipes-support/libpcre/libpcre_8.37.bb | 78
1 file changed, 78 deletions(-)
delete mode 100644 meta/recipes-support/libpcre/libpcre_8.37.bb
diff --git a/meta/recipes-support/libpcre/libpcre_8.37.bb
b/meta/recipes-support/libpcre/libpcre_8.37.bb
deleted file mode 100644
index 1880639..000
--- a/meta/recipes-support/libpcre/libpcre_8.37.bb
+++ /dev/null
@@ -1,78 +0,0 @@
-DESCRIPTION = "The PCRE library is a set of functions that implement regular \
-expression pattern matching using the same syntax and semantics as Perl 5.
PCRE \
-has its own native API, as well as a set of wrapper functions that correspond \
-to the POSIX regular expression API."
-SUMMARY = "Perl Compatible Regular Expressions"
-HOMEPAGE = "http://www.pcre.org";
-SECTION = "devel"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=7e4937814aee14758c1c95b59c80c44d"
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/pcre/pcre/${PV}/pcre-${PV}.tar.bz2 \
- file://pcre-cross.patch \
- file://fix-pcre-name-collision.patch \
- file://run-ptest \
- file://Makefile \
-"
-
-SRC_URI[md5sum] = "ed91be292cb01d21bc7e526816c26981"
-SRC_URI[sha256sum] =
"51679ea8006ce31379fb0860e46dd86665d864b5020fc9cd19e71260eef4789d"
-
-S = "${WORKDIR}/pcre-${PV}"
-
-PROVIDES += "pcre"
-DEPENDS += "bzip2 zlib"
-
-PACKAGECONFIG ??= "pcre8"
-
-PACKAGECONFIG[pcre8] = "--enable-pcre8,--disable-pcre8"
-PACKAGECONFIG[pcre16] = "--enable-pcre16,--disable-pcre16"
-PACKAGECONFIG[pcre32] = "--enable-pcre32,--disable-pcre32"
-PACKAGECONFIG[pcretest-readline] =
"--enable-pcretest-libreadline,--disable-pcretest-libreadline,readline,"
-
-BINCONFIG = "${bindir}/pcre-config"
-
-inherit autotools binconfig-disabled ptest
-
-EXTRA_OECONF = "\
---enable-newline-is-lf \
---enable-rebuild-chartables \
---enable-utf8 \
---with-link-size=2 \
---with-match-limit=1000 \
-"
-
-# Set LINK_SIZE in BUILD_CFLAGS given that the autotools bbclass use it to
-# set CFLAGS_FOR_BUILD, required for the libpcre build.
-BUILD_CFLAGS =+ "-DLINK_SIZE=2 -I${B}"
-CFLAGS += "-D_REENTRANT"
-CXXFLAGS_append_powerpc = " -lstdc++"
-
-PACKAGES =+ "libpcrecpp libpcreposix pcregrep pcregrep-doc pcretest
pcretest-doc"
-
-SUMMARY_libpcrecpp = "${SUMMARY} - C++ wrapper functions"
-SUMMARY_libpcreposix = "${SUMMARY} - C wrapper functions based on the POSIX
regex API"
-SUMMARY_pcregrep = "grep utility that uses perl 5 compatible regexes"
-SUMMARY_pcregrep-doc = "grep utility that uses perl 5 compatible regexes -
docs"
-SUMMARY_pcretest = "program for testing Perl-comatible regular expressions"
-SUMMARY_pcretest-doc = "program for testing Perl-comatible regular expressions
- docs"
-
-FILES_libpcrecpp = "${libdir}/libpcrecpp.so.*"
-FILES_libpcreposix = "${libdir}/libpcreposix.so.*"
-FILES_pcregrep = "${bindir}/pcregrep"
-FILES_pcregrep-doc = "${mandir}/man1/pcregrep.1"
-FILES_pcretest = "${bindir}/pcretest"
-FILES_pcretest-doc = "${mandir}/man1/pcretest.1"
-
-BBCLASSEXTEND = "native nativesdk"
-
-do_install_ptest() {
- t=${D}${PTEST_PATH}
- cp ${WORKDIR}/Makefile $t
- cp -r ${S}/testdata $t
- for i in pcre_stringpiece_unittest pcregrep pcretest; \
- do cp ${B}/.libs/$i $t; \
- done
- for i in RunTest RunGrepTest test-driver; \
- do cp ${S}/$i $t; \
- done
-}
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2] libpcre: upgrade to 8.38
This is the latest release in the 8.xx series.
It fixes 46 bugs as listed:
http://vcs.pcre.org/pcre/code/trunk/ChangeLog?view=markup
Vulnerabilities from CVE-2015-8380 to CVE-2015-8395 have been fixed in 8.38.
Signed-off-by: Fan Xin
---
meta/recipes-support/libpcre/{libpcre_8.37.bb => libpcre_8.38.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-support/libpcre/{libpcre_8.37.bb => libpcre_8.38.bb} (91%)
diff --git a/meta/recipes-support/libpcre/libpcre_8.37.bb
b/meta/recipes-support/libpcre/libpcre_8.38.bb
similarity index 91%
rename from meta/recipes-support/libpcre/libpcre_8.37.bb
rename to meta/recipes-support/libpcre/libpcre_8.38.bb
index 1880639..4f31f8c 100644
--- a/meta/recipes-support/libpcre/libpcre_8.37.bb
+++ b/meta/recipes-support/libpcre/libpcre_8.38.bb
@@ -7,15 +7,15 @@ HOMEPAGE = "http://www.pcre.org";
SECTION = "devel"
LICENSE = "BSD"
LIC_FILES_CHKSUM = "file://LICENCE;md5=7e4937814aee14758c1c95b59c80c44d"
-SRC_URI = "${SOURCEFORGE_MIRROR}/project/pcre/pcre/${PV}/pcre-${PV}.tar.bz2 \
+SRC_URI =
"ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-${PV}.tar.bz2 \
file://pcre-cross.patch \
file://fix-pcre-name-collision.patch \
file://run-ptest \
file://Makefile \
"
-SRC_URI[md5sum] = "ed91be292cb01d21bc7e526816c26981"
-SRC_URI[sha256sum] =
"51679ea8006ce31379fb0860e46dd86665d864b5020fc9cd19e71260eef4789d"
+SRC_URI[md5sum] = "00aabbfe56d5a48b270f999b508c5ad2"
+SRC_URI[sha256sum] =
"b9e02d36e23024d6c02a2e5b25204b3a4fa6ade43e0a5f869f254f49535079df"
S = "${WORKDIR}/pcre-${PV}"
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] openssl: fix for CVE-2015-1794
This patch was imported from
https://git.openssl.org/?p=openssl.git;a=commit;h=ada57746b6b80beae73111fe1291bf8dd89af91c
Signed-off-by: Fan Xin
---
.../Fix-seg-fault-with-0-p-val-in-SKE.patch| 101 +
.../recipes-connectivity/openssl/openssl_1.0.2d.bb | 1 +
2 files changed, 102 insertions(+)
create mode 100644
meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch
diff --git
a/meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch
b/meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch
new file mode 100644
index 000..4776807
--- /dev/null
+++
b/meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch
@@ -0,0 +1,101 @@
+Upstream-Status: Backport
+
+From ada57746b6b80beae73111fe1291bf8dd89af91c Mon Sep 17 00:00:00 2001
+From: Guy Leaver (guleaver)
+Date: Fri, 7 Aug 2015 15:45:21 +0100
+Subject: [PATCH] Fix seg fault with 0 p val in SKE
+
+If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
+value of p set to 0 then a seg fault can occur. This commits adds a test to
+reject p, g and pub key parameters that have a 0 value (in accordance with
+RFC 5246)
+
+The security vulnerability only affects master and 1.0.2, but the fix is
+additionally applied to 1.0.1 for additional confidence.
+
+CVE-2015-1794
+
+Reviewed-by: Richard Levitte
+Reviewed-by: Matt Caswell
+---
+ ssl/s3_clnt.c | 16
+ ssl/ssl.h |3 +++
+ ssl/ssl_err.c |3 +++
+ 3 files changed, 22 insertions(+), 0 deletions(-)
+
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index 6af145a..2059151 100644
+--- a/ssl/s3_clnt.c
b/ssl/s3_clnt.c
+@@ -1699,6 +1699,12 @@ int ssl3_get_key_exchange(SSL *s)
+ }
+ p += i;
+
++if (BN_is_zero(dh->p)) {
++SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
++goto f_err;
++}
++
++
+ if (2 > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+@@ -1719,6 +1725,11 @@ int ssl3_get_key_exchange(SSL *s)
+ }
+ p += i;
+
++if (BN_is_zero(dh->g)) {
++SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
++goto f_err;
++}
++
+ if (2 > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+@@ -1740,6 +1751,11 @@ int ssl3_get_key_exchange(SSL *s)
+ p += i;
+ n -= param_len;
+
++if (BN_is_zero(dh->pub_key)) {
++SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE);
++goto f_err;
++}
++
+ # ifndef OPENSSL_NO_RSA
+ if (alg_a & SSL_aRSA)
+ pkey =
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 6fe1a24..c6c5bce 100644
+--- a/ssl/ssl.h
b/ssl/ssl.h
+@@ -2846,8 +2846,11 @@ void ERR_load_SSL_strings(void);
+ # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
+ # define SSL_R_BAD_DECOMPRESSION 107
+ # define SSL_R_BAD_DH_G_LENGTH108
++# define SSL_R_BAD_DH_G_VALUE 375
+ # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
++# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
+ # define SSL_R_BAD_DH_P_LENGTH110
++# define SSL_R_BAD_DH_P_VALUE 395
+ # define SSL_R_BAD_DIGEST_LENGTH 111
+ # define SSL_R_BAD_DSA_SIGNATURE 112
+ # define SSL_R_BAD_ECC_CERT 304
+diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
+index 1a6030e..202228b 100644
+--- a/ssl/ssl_err.c
b/ssl/ssl_err.c
+@@ -386,8 +386,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+ "bad data returned by callback"},
+ {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
+ {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
++{ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
+ {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
++{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
+ {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
++{ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
+ {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
+ {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
+ {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
+--
+1.7.0.4
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index 249f8c4..c5a2a65 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
@@ -37,6 +37,7 @@ SRC_URI += &qu
[OE-core] [PATCH] sudo: upgrade to 1.8.15
1. upgrade to 1.8.15
2. delete patch file due to the bug has been fixed in sudo 1.8.15
(http://bugzilla.sudo.ws/show_bug.cgi?id=708)
Signed-off-by: Fan Xin
---
...rrect-path-to-init.d-and-tmpfiles.d-files.patch | 31 --
.../sudo/{sudo_1.8.14p3.bb => sudo_1.8.15.bb} | 5 ++--
2 files changed, 2 insertions(+), 34 deletions(-)
delete mode 100644
meta/recipes-extended/sudo/sudo/0001-Use-correct-path-to-init.d-and-tmpfiles.d-files.patch
rename meta/recipes-extended/sudo/{sudo_1.8.14p3.bb => sudo_1.8.15.bb} (86%)
diff --git
a/meta/recipes-extended/sudo/sudo/0001-Use-correct-path-to-init.d-and-tmpfiles.d-files.patch
b/meta/recipes-extended/sudo/sudo/0001-Use-correct-path-to-init.d-and-tmpfiles.d-files.patch
deleted file mode 100644
index 2418689..000
---
a/meta/recipes-extended/sudo/sudo/0001-Use-correct-path-to-init.d-and-tmpfiles.d-files.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-The makefile uses top_srcdir to find files that were created by configure, when
-it should use top_builddir.
-
-Upstream-Status: Submitted (http://bugzilla.sudo.ws/show_bug.cgi?id=708)
-Signed-off-by: Ross Burton
-
- src/Makefile.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/Makefile.in b/src/Makefile.in
-index f009e10..7acfb2d 100644
a/src/Makefile.in
-+++ b/src/Makefile.in
-@@ -165,11 +165,11 @@ install-dirs:
-
- install-rc: install-dirs
- if [ -n "$(INIT_SCRIPT)" ]; then \
-- $(INSTALL) $(INSTALL_OWNER) -m 0755
$(top_srcdir)/init.d/$(INIT_SCRIPT) $(DESTDIR)$(INIT_DIR)/sudo; \
-+ $(INSTALL) $(INSTALL_OWNER) -m 0755
$(top_builddir)/init.d/$(INIT_SCRIPT) $(DESTDIR)$(INIT_DIR)/sudo; \
- rm -f $(DESTDIR)$(RC_LINK); \
- ln -s $(INIT_DIR)/sudo $(DESTDIR)$(RC_LINK); \
- elif test -n "$(tmpfiles_d)"; then \
-- $(INSTALL) $(INSTALL_OWNER) -m 0644 $(top_srcdir)/init.d/sudo.conf
$(DESTDIR)$(tmpfiles_d)/sudo.conf; \
-+ $(INSTALL) $(INSTALL_OWNER) -m 0644
$(top_builddir)/init.d/sudo.conf $(DESTDIR)$(tmpfiles_d)/sudo.conf; \
- fi
-
- install-binaries: install-dirs $(PROGS)
---
-2.1.4
-
diff --git a/meta/recipes-extended/sudo/sudo_1.8.14p3.bb
b/meta/recipes-extended/sudo/sudo_1.8.15.bb
similarity index 86%
rename from meta/recipes-extended/sudo/sudo_1.8.14p3.bb
rename to meta/recipes-extended/sudo/sudo_1.8.15.bb
index 4db85e2..042043e 100644
--- a/meta/recipes-extended/sudo/sudo_1.8.14p3.bb
+++ b/meta/recipes-extended/sudo/sudo_1.8.15.bb
@@ -2,14 +2,13 @@ require sudo.inc
SRC_URI = "http://ftp.sudo.ws/sudo/dist/sudo-${PV}.tar.gz \
${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}',
'', d)} \
- file://0001-Use-correct-path-to-init.d-and-tmpfiles.d-files.patch \
file://0001-Include-sys-types.h-for-id_t-definition.patch \
"
PAM_SRC_URI = "file://sudo.pam"
-SRC_URI[md5sum] = "93dbd1e47c136179ff1b01494c1c0e75"
-SRC_URI[sha256sum] =
"a8a697cbb113859058944850d098464618254804cf97961dee926429f00a1237"
+SRC_URI[md5sum] = "7cf6b9b76d0478a572432bed481dd7b5"
+SRC_URI[sha256sum] =
"4316381708324da8b6cb151f655c1a11855207c7c02244d8ffdea5104d7cc308"
DEPENDS += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
RDEPENDS_${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam',
'pam-plugin-limits pam-plugin-keyinit', '', d)}"
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] openssl: fix for CVE-2015-1794
Thanks for your kindly check. I will correct it in Patch v2. Best Regards, Fan On 2015年12月09日 20:52, Burton, Ross wrote: On 9 December 2015 at 02:03, Fan Xin mailto:fan@jp.fujitsu.com>> wrote: +++ b/meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch @@ -0,0 +1,101 @@ +Upstream-Status: Backport + +From ada57746b6b80beae73111fe1291bf8dd89af91c Mon Sep 17 00:00:00 2001 +From: Guy Leaver (guleaver) mailto:gulea...@cisco.com>> +Date: Fri, 7 Aug 2015 15:45:21 +0100 +Subject: [PATCH] Fix seg fault with 0 p val in SKE + +If a client receives a ServerKeyExchange for an anon DH ciphersuite with the +value of p set to 0 then a seg fault can occur. This commits adds a test to +reject p, g and pub key parameters that have a 0 value (in accordance with +RFC 5246) + +The security vulnerability only affects master and 1.0.2, but the fix is +additionally applied to 1.0.1 for additional confidence. + +CVE-2015-1794 + +Reviewed-by: Richard Levitte mailto:levi...@openssl.org>> +Reviewed-by: Matt Caswell mailto:m...@openssl.org>> This patch needs to have your (or whoever actually did the work) signed-off-by inside the patch, alongside the Upstream-Status. Thanks, Ross -- = 株式会社富士通コンピュータテクノロジーズ 組込みシステム技術統括部 第一ファームウェア技術部 樊 昕 Fan Xin fan@jp.fujitsu.com ┏┓ ┗■ 【ubinux V15】のリリースを開始しました! 「SDN(Open vSwitch)」や「クラウド管理(OpenStack Heat)」などに対応 - 詳細>>http://elsc.utsfd.cs.fujitsu.co.jp/location_elsc.php?id=0024 ※"ubinux"は組込み装置向け当社独自のLinuxディストリビューションです ━━━ -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] cups: upgrade to 2.1.2
Signed-off-by: Fan Xin
---
meta/recipes-extended/cups/{cups_2.0.4.bb => cups_2.1.2.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/cups/{cups_2.0.4.bb => cups_2.1.2.bb} (40%)
diff --git a/meta/recipes-extended/cups/cups_2.0.4.bb
b/meta/recipes-extended/cups/cups_2.1.2.bb
similarity index 40%
rename from meta/recipes-extended/cups/cups_2.0.4.bb
rename to meta/recipes-extended/cups/cups_2.1.2.bb
index bad73b3..0c1e75d 100644
--- a/meta/recipes-extended/cups/cups_2.0.4.bb
+++ b/meta/recipes-extended/cups/cups_2.1.2.bb
@@ -2,5 +2,5 @@ require cups.inc
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=6c5a350596fba02754bd96eb6df3afd0"
-SRC_URI[md5sum] = "f5c847d9a4fac6c4c66fb0526a7afaae"
-SRC_URI[sha256sum] =
"e1d5e68d9f24faca317aeaebc164c34102813bc0f1d69c00b3a59b49c49f4abd"
+SRC_URI[md5sum] = "b3ba0ca676d56857bbd9b182ef4b14b3"
+SRC_URI[sha256sum] =
"bab0ca3ba80eae48319b3a6b19a5b14fad5ce230f30151a0cfa4c0271df281ad"
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2][jethro] openssl: fix for CVE-2015-1794
This patch was imported from
https://git.openssl.org/?p=openssl.git;a=commit;h=ada57746b6b80beae73111fe1291bf8dd89af91c
Signed-off-by: Fan Xin
---
.../Fix-seg-fault-with-0-p-val-in-SKE.patch| 103 +
.../recipes-connectivity/openssl/openssl_1.0.2d.bb | 1 +
2 files changed, 104 insertions(+)
create mode 100644
meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch
diff --git
a/meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch
b/meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch
new file mode 100644
index 000..e6715e5
--- /dev/null
+++
b/meta/recipes-connectivity/openssl/openssl/Fix-seg-fault-with-0-p-val-in-SKE.patch
@@ -0,0 +1,103 @@
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin
+
+From ada57746b6b80beae73111fe1291bf8dd89af91c Mon Sep 17 00:00:00 2001
+From: Guy Leaver (guleaver)
+Date: Fri, 7 Aug 2015 15:45:21 +0100
+Subject: [PATCH] Fix seg fault with 0 p val in SKE
+
+If a client receives a ServerKeyExchange for an anon DH ciphersuite with the
+value of p set to 0 then a seg fault can occur. This commits adds a test to
+reject p, g and pub key parameters that have a 0 value (in accordance with
+RFC 5246)
+
+The security vulnerability only affects master and 1.0.2, but the fix is
+additionally applied to 1.0.1 for additional confidence.
+
+CVE-2015-1794
+
+Reviewed-by: Richard Levitte
+Reviewed-by: Matt Caswell
+---
+ ssl/s3_clnt.c | 16
+ ssl/ssl.h |3 +++
+ ssl/ssl_err.c |3 +++
+ 3 files changed, 22 insertions(+), 0 deletions(-)
+
+diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
+index 6af145a..2059151 100644
+--- a/ssl/s3_clnt.c
b/ssl/s3_clnt.c
+@@ -1699,6 +1699,12 @@ int ssl3_get_key_exchange(SSL *s)
+ }
+ p += i;
+
++if (BN_is_zero(dh->p)) {
++SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_P_VALUE);
++goto f_err;
++}
++
++
+ if (2 > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+@@ -1719,6 +1725,11 @@ int ssl3_get_key_exchange(SSL *s)
+ }
+ p += i;
+
++if (BN_is_zero(dh->g)) {
++SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_G_VALUE);
++goto f_err;
++}
++
+ if (2 > n - param_len) {
+ SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
+ goto f_err;
+@@ -1740,6 +1751,11 @@ int ssl3_get_key_exchange(SSL *s)
+ p += i;
+ n -= param_len;
+
++if (BN_is_zero(dh->pub_key)) {
++SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_BAD_DH_PUB_KEY_VALUE);
++goto f_err;
++}
++
+ # ifndef OPENSSL_NO_RSA
+ if (alg_a & SSL_aRSA)
+ pkey =
+diff --git a/ssl/ssl.h b/ssl/ssl.h
+index 6fe1a24..c6c5bce 100644
+--- a/ssl/ssl.h
b/ssl/ssl.h
+@@ -2846,8 +2846,11 @@ void ERR_load_SSL_strings(void);
+ # define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106
+ # define SSL_R_BAD_DECOMPRESSION 107
+ # define SSL_R_BAD_DH_G_LENGTH108
++# define SSL_R_BAD_DH_G_VALUE 375
+ # define SSL_R_BAD_DH_PUB_KEY_LENGTH 109
++# define SSL_R_BAD_DH_PUB_KEY_VALUE 393
+ # define SSL_R_BAD_DH_P_LENGTH110
++# define SSL_R_BAD_DH_P_VALUE 395
+ # define SSL_R_BAD_DIGEST_LENGTH 111
+ # define SSL_R_BAD_DSA_SIGNATURE 112
+ # define SSL_R_BAD_ECC_CERT 304
+diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
+index 1a6030e..202228b 100644
+--- a/ssl/ssl_err.c
b/ssl/ssl_err.c
+@@ -386,8 +386,11 @@ static ERR_STRING_DATA SSL_str_reasons[] = {
+ "bad data returned by callback"},
+ {ERR_REASON(SSL_R_BAD_DECOMPRESSION), "bad decompression"},
+ {ERR_REASON(SSL_R_BAD_DH_G_LENGTH), "bad dh g length"},
++{ERR_REASON(SSL_R_BAD_DH_G_VALUE), "bad dh g value"},
+ {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH), "bad dh pub key length"},
++{ERR_REASON(SSL_R_BAD_DH_PUB_KEY_VALUE), "bad dh pub key value"},
+ {ERR_REASON(SSL_R_BAD_DH_P_LENGTH), "bad dh p length"},
++{ERR_REASON(SSL_R_BAD_DH_P_VALUE), "bad dh p value"},
+ {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH), "bad digest length"},
+ {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE), "bad dsa signature"},
+ {ERR_REASON(SSL_R_BAD_ECC_CERT), "bad ecc cert"},
+--
+1.7.0.4
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
b/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
index 249f8c4..c5a2a65 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.2d.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.2
[OE-core] [PATCH][dizzy][daisy][dylan] openssl: fix for CVE-2015-3195
This vulnerability affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
So the patch also should be merged into dizzy, daisy and dylan.
Signed-off-by: Fan Xin
---
.../0001-Fix-leak-with-ASN.1-combine.patch | 65 ++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 66 insertions(+)
create mode 100644
meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-leak-with-ASN.1-combine.patch
diff --git
a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-leak-with-ASN.1-combine.patch
b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-leak-with-ASN.1-combine.patch
new file mode 100644
index 000..5bda457
--- /dev/null
+++
b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-leak-with-ASN.1-combine.patch
@@ -0,0 +1,65 @@
+Upstream-Status: Backport
+
+This patch was imprted from
+https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da5766243ed55d55948637d
+
+Signed-off-by: Fan Xin
+
+From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17 00:00:00 2001
+From: Dr. Stephen Henson
+Date: Tue, 10 Nov 2015 19:03:07 +
+Subject: [PATCH] Fix leak with ASN.1 combine.
+
+When parsing a combined structure pass a flag to the decode routine
+so on error a pointer to the parent structure is not zeroed as
+this will leak any additional components in the parent.
+
+This can leak memory in any application parsing PKCS#7 or CMS structures.
+
+CVE-2015-3195.
+
+Thanks to Adam Langley (Google/BoringSSL) for discovering this bug using
+libFuzzer.
+
+PR#4131
+
+Reviewed-by: Richard Levitte
+---
+ crypto/asn1/tasn_dec.c |7 +--
+ 1 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c
+index febf605..9256049 100644
+--- a/crypto/asn1/tasn_dec.c
b/crypto/asn1/tasn_dec.c
+@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned
char **in, long len,
+ int otag;
+ int ret = 0;
+ ASN1_VALUE **pchptr, *ptmpval;
++int combine = aclass & ASN1_TFLG_COMBINE;
++aclass &= ~ASN1_TFLG_COMBINE;
+ if (!pval)
+ return 0;
+ if (aux && aux->asn1_cb)
+@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned
char **in, long len,
+ auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+ err:
+-ASN1_item_ex_free(pval, it);
++if (combine == 0)
++ASN1_item_ex_free(pval, it);
+ if (errtt)
+ ERR_add_error_data(4, "Field=", errtt->field_name,
+", Type=", it->sname);
+@@ -689,7 +692,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+ } else {
+ /* Nothing special */
+ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+- -1, 0, opt, ctx);
++ -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+--
+1.7.0.4
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index bc1b944..dbc2da2 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
file://CVE-2014-0160.patch \
file://openssl-CVE-2014-0198-fix.patch \
+file://0001-Fix-leak-with-ASN.1-combine.patch \
"
SRC_URI[md5sum] = "66bf6f10f060d561929de96f9dfe5b8c"
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] curl: upgrade to 7.45
Signed-off-by: Fan Xin
---
meta/recipes-support/curl/{curl_7.44.0.bb => curl_7.45.0.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/curl/{curl_7.44.0.bb => curl_7.45.0.bb} (93%)
diff --git a/meta/recipes-support/curl/curl_7.44.0.bb
b/meta/recipes-support/curl/curl_7.45.0.bb
similarity index 93%
rename from meta/recipes-support/curl/curl_7.44.0.bb
rename to meta/recipes-support/curl/curl_7.45.0.bb
index f6d350e..a7ed778 100644
--- a/meta/recipes-support/curl/curl_7.44.0.bb
+++ b/meta/recipes-support/curl/curl_7.45.0.bb
@@ -14,8 +14,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
#
SRC_URI += " file://configure_ac.patch"
-SRC_URI[md5sum] = "6b952ca00e5473b16a11f05f06aa8dae"
-SRC_URI[sha256sum] =
"1e2541bae6582bb697c0fbae49e1d3e6fad5d05d5aa80dbd6f072e0a44341814"
+SRC_URI[md5sum] = "62c1a352b28558f25ba6209214beadc8"
+SRC_URI[sha256sum] =
"65154e66b9f8a442b57c436904639507b4ac37ec13d6f8a48248f1b4012b98ea"
inherit autotools pkgconfig binconfig multilib_header
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] ltp: Upgrade 20150420 -> 20150903
Since the last release 272 patches by 27 authors were merged.
Notable changes are:
-Network namespace testcases were rewritten from scratch
-New user namespaces testcases
-New testcases for various virtual network interfaces
-New umount2() testcases (for UMOUNT_NOFOLLOW, MNT_EXPIRE and MNT_DETACH
flags)
-New open() testcase (for O_PATH flag)
-New getrandom() testcases
-New inotify, cpuset, futex_wake() and recvmsg() regression tests
-Plus the usual number of fixes and enhancements
https://github.com/linux-test-project/ltp/releases/tag/20150903
Signed-off-by: Fan Xin
---
meta/recipes-extended/ltp/{ltp_20150420.bb => ltp_20150903.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename meta/recipes-extended/ltp/{ltp_20150420.bb => ltp_20150903.bb} (100%)
diff --git a/meta/recipes-extended/ltp/ltp_20150420.bb
b/meta/recipes-extended/ltp/ltp_20150903.bb
similarity index 100%
rename from meta/recipes-extended/ltp/ltp_20150420.bb
rename to meta/recipes-extended/ltp/ltp_20150903.bb
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2] ltp: Upgrade 20150420 -> 20150903
1. Upgrade from 20150420 to 20150903
https://github.com/linux-test-project/ltp/releases/tag/20150903
2. Replace the patch file
0001-replace-inline-with-static-inline-for-gcc-5.x.patch due to the ltp
original source code is changed.
Signed-off-by: Fan Xin
---
...atch => 0001-Fix-compilation-for-gcc-5.x.patch} | 39 +-
.../ltp/{ltp_20150420.bb => ltp_20150903.bb} | 4 +--
2 files changed, 26 insertions(+), 17 deletions(-)
rename
meta/recipes-extended/ltp/ltp/{0001-replace-inline-with-static-inline-for-gcc-5.x.patch
=> 0001-Fix-compilation-for-gcc-5.x.patch} (69%)
rename meta/recipes-extended/ltp/{ltp_20150420.bb => ltp_20150903.bb} (97%)
diff --git
a/meta/recipes-extended/ltp/ltp/0001-replace-inline-with-static-inline-for-gcc-5.x.patch
b/meta/recipes-extended/ltp/ltp/0001-Fix-compilation-for-gcc-5.x.patch
similarity index 69%
rename from
meta/recipes-extended/ltp/ltp/0001-replace-inline-with-static-inline-for-gcc-5.x.patch
rename to meta/recipes-extended/ltp/ltp/0001-Fix-compilation-for-gcc-5.x.patch
index 0b594dc..390a3c8 100644
---
a/meta/recipes-extended/ltp/ltp/0001-replace-inline-with-static-inline-for-gcc-5.x.patch
+++ b/meta/recipes-extended/ltp/ltp/0001-Fix-compilation-for-gcc-5.x.patch
@@ -1,15 +1,24 @@
-Upstream-Status: Backport [From
https://github.com/linux-test-project/ltp/commit/40a2457cb8ec42a05a2f96b0810057efdb2a55f5]
+From 40a2457cb8ec42a05a2f96b0810057efdb2a55f5 Mon Sep 17 00:00:00 2001
+From: Kai Kang
+Date: Wed, 16 Sep 2015 13:23:43 +0200
+Subject: [PATCH] Fix compilation for gcc-5.x
-gcc 5.x defaults to -std=gnu11 instead of -std=gnu89 which causes
+The gcc-5.x defaults to -std=gnu11 instead of -std=gnu89 which causes
semantics for inline functions changes.
-The standalone 'inline' causes error with gcc 5 such as:
+GNU89 inline: Same as C99 extern inline.
+
+So the standalone 'inline' causes error such as:
git/testcases/kernel/syscalls/kill/kill10.c:355: undefined reference to
`k_sigaction'
-Replace inline with static inline to be compatible with both gcc 4 and 5.
+Replace inline with static inline to fix this issue.
+
+Ref:
+https://gcc.gnu.org/gcc-5/porting_to.html
Signed-off-by: Kai Kang
+Acked-by: Cyril Hrubis
---
testcases/kernel/controllers/libcontrollers/libcontrollers.c | 2 +-
testcases/kernel/controllers/libcontrollers/libcontrollers.h | 2 +-
@@ -17,30 +26,30 @@ Signed-off-by: Kai Kang
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/testcases/kernel/controllers/libcontrollers/libcontrollers.c
b/testcases/kernel/controllers/libcontrollers/libcontrollers.c
-index b01e1b8..8857bc9 100644
+index 844c5bc..75766fc 100644
--- a/testcases/kernel/controllers/libcontrollers/libcontrollers.c
+++ b/testcases/kernel/controllers/libcontrollers/libcontrollers.c
-@@ -146,7 +146,7 @@ int read_file(char *filepath, int action, unsigned int
*value)
+@@ -158,7 +158,7 @@ int read_file(char *filepath, int action, unsigned int
*value)
* Prints error message and returns -1
*/
--inline int error_function(char *msg1, char *msg2)
-+static inline int error_function(char *msg1, char *msg2)
+-inline void error_function(char *msg1, char *msg2)
++static inline void error_function(char *msg1, char *msg2)
{
fprintf(stdout, "ERROR: %s ", msg1);
fprintf(stdout, "%s\n", msg2);
diff --git a/testcases/kernel/controllers/libcontrollers/libcontrollers.h
b/testcases/kernel/controllers/libcontrollers/libcontrollers.h
-index 4001555..a1a0dfa 100644
+index bd8e2d8..cdde9f9 100644
--- a/testcases/kernel/controllers/libcontrollers/libcontrollers.h
+++ b/testcases/kernel/controllers/libcontrollers/libcontrollers.h
@@ -70,7 +70,7 @@ enum{
GET_TASKS
};
--inline int error_function(char *msg1, char *msg2);
-+static inline int error_function(char *msg1, char *msg2);
+-inline void error_function(char *msg1, char *msg2);
++static inline void error_function(char *msg1, char *msg2);
- unsigned int read_shares_file (char *filepath);
+ int read_shares_file(char *filepath);
diff --git a/testcases/kernel/syscalls/kill/kill10.c
b/testcases/kernel/syscalls/kill/kill10.c
index 982d9da..33dbcd3 100644
@@ -64,6 +73,6 @@ index 982d9da..33dbcd3 100644
{
int ret;
if ((ret = sigaction(sig, sa, osa)) == -1) {
--1.9.1
--
+--
+1.9.1
+
diff --git a/meta/recipes-extended/ltp/ltp_20150420.bb
b/meta/recipes-extended/ltp/ltp_20150903.bb
similarity index 97%
rename from meta/recipes-extended/ltp/ltp_20150420.bb
rename to meta/recipes-extended/ltp/ltp_20150903.bb
index ed46b5e..31043c6 100644
--- a/meta/recipes-extended/ltp/ltp_20150420.bb
+++ b/meta/recipes-extended/ltp/ltp_20150903.bb
@@ -20,7 +20,7 @@ LIC_FILES_CHKSUM = "\
"
DEPENDS = "attr libaio libcap acl openssl zip-native"
-SRCREV = "77d0b7fd0148ce657c5a25060667e978c07662a0"
+SRCREV = "d19755a1deddd0268d7c29991afddab497da1823"
S
Re: [OE-core] [PATCH][dizzy][daisy][dylan] openssl: fix for CVE-2015-3195
Hi Sona,
> How can this patch be applied to dizzy branch?
This patch is for dylan branch.
I will send the patch for dizzy and daisy later.
> You have only sent patch for CVE-2015-3195, how about CVE-2015-3194?
Actually the patch for CVE-2015-3194 is also needed for dizzy and daisy
branch.
Thanks for your comment.
I will modify and re-send the patch.
Regards,
Fan
On 2015年12月14日 17:00, Sona Sarmadi wrote:
Hi Fan,
dizzy branch has Openssl version 1.0.1p now:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/tree/meta/recipes-connectivity/openssl/openssl_1.0.1p.bb?h=dizzy
How can this patch be applied to dizzy branch?
You have only sent patch for CVE-2015-3195, how about CVE-2015-3194?
CVE-2015-3193 does not seem to affect OpenSSL version 1.0.1 according to Mitre:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3193
CVE-2015-3193 (OpenSSL 1.0.2)
CVE-2015-3194 (OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e)
CVE-2015-3195 (OpenSSL before before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2
before 1.0.2e)
Regards
//Sona
-Original Message-
From: openembedded-core-boun...@lists.openembedded.org
[mailto:openembedded-core-boun...@lists.openembedded.org] On Behalf
Of Fan Xin
Sent: den 11 december 2015 09:14
To: openembedded-core@lists.openembedded.org
Cc: Fan Xin
Subject: [OE-core] [PATCH][dizzy][daisy][dylan] openssl: fix for CVE-2015-
3195
This vulnerability affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
So the patch also should be merged into dizzy, daisy and dylan.
Signed-off-by: Fan Xin
---
.../0001-Fix-leak-with-ASN.1-combine.patch | 65
++
.../recipes-connectivity/openssl/openssl_1.0.1e.bb | 1 +
2 files changed, 66 insertions(+)
create mode 100644 meta/recipes-connectivity/openssl/openssl-
1.0.1e/0001-Fix-leak-with-ASN.1-combine.patch
diff --git a/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-leak-
with-ASN.1-combine.patch b/meta/recipes-connectivity/openssl/openssl-
1.0.1e/0001-Fix-leak-with-ASN.1-combine.patch
new file mode 100644
index 000..5bda457
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl-1.0.1e/0001-Fix-leak-wit
+++ h-ASN.1-combine.patch
@@ -0,0 +1,65 @@
+Upstream-Status: Backport
+
+This patch was imprted from
+https://git.openssl.org/?p=openssl.git;a=commit;h=cc598f321fbac9c04da57
+66243ed55d55948637d
+
+Signed-off-by: Fan Xin
+
+From cc598f321fbac9c04da5766243ed55d55948637d Mon Sep 17
00:00:00 2001
+From: Dr. Stephen Henson
+Date: Tue, 10 Nov 2015 19:03:07 +
+Subject: [PATCH] Fix leak with ASN.1 combine.
+
+When parsing a combined structure pass a flag to the decode routine so
+on error a pointer to the parent structure is not zeroed as this will
+leak any additional components in the parent.
+
+This can leak memory in any application parsing PKCS#7 or CMS structures.
+
+CVE-2015-3195.
+
+Thanks to Adam Langley (Google/BoringSSL) for discovering this bug
+using libFuzzer.
+
+PR#4131
+
+Reviewed-by: Richard Levitte
+---
+ crypto/asn1/tasn_dec.c |7 +--
+ 1 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index
+febf605..9256049 100644
+--- a/crypto/asn1/tasn_dec.c
b/crypto/asn1/tasn_dec.c
+@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const
unsigned char **in, long len,
+ int otag;
+ int ret = 0;
+ ASN1_VALUE **pchptr, *ptmpval;
++int combine = aclass & ASN1_TFLG_COMBINE;
++aclass &= ~ASN1_TFLG_COMBINE;
+ if (!pval)
+ return 0;
+ if (aux && aux->asn1_cb)
+@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const
+unsigned char **in, long len,
+ auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+ err:
+-ASN1_item_ex_free(pval, it);
++if (combine == 0)
++ASN1_item_ex_free(pval, it);
+ if (errtt)
+ ERR_add_error_data(4, "Field=", errtt->field_name,
+", Type=", it->sname); @@ -689,7 +692,7 @@
+static int asn1_template_noexp_d2i(ASN1_VALUE **val,
+ } else {
+ /* Nothing special */
+ ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+- -1, 0, opt, ctx);
++ -1, tt->flags & ASN1_TFLG_COMBINE, opt,
++ ctx);
+ if (!ret) {
+ ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
ERR_R_NESTED_ASN1_ERROR);
+ goto err;
+--
+1.7.0.4
+
diff --git a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
index bc1b944..dbc2da2 100644
--- a/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
+++ b/meta/recipes-connectivity/openssl/openssl_1.0.1e.bb
@@ -37,6 +37,7 @@ SRC_URI += "file://configure-targets.patch \
file://0001-Use-version-in-SSL_METHOD-not-SSL-structure.patch \
file://CVE-2014-0160.patch \
file://openssl-
[OE-core] [PATCH] wget: Upgrade 1.16.3 -> 1.17
Signed-off-by: Fan Xin
---
meta/recipes-extended/wget/{wget_1.16.3.bb => wget_1.17.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/wget/{wget_1.16.3.bb => wget_1.17.bb} (58%)
diff --git a/meta/recipes-extended/wget/wget_1.16.3.bb
b/meta/recipes-extended/wget/wget_1.17.bb
similarity index 58%
rename from meta/recipes-extended/wget/wget_1.16.3.bb
rename to meta/recipes-extended/wget/wget_1.17.bb
index 5c34a42..10434d3 100644
--- a/meta/recipes-extended/wget/wget_1.16.3.bb
+++ b/meta/recipes-extended/wget/wget_1.17.bb
@@ -3,7 +3,7 @@ SRC_URI = "${GNU_MIRROR}/wget/wget-${PV}.tar.gz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
"
-SRC_URI[md5sum] = "f61d9011b99f824106a5d5a05dd0f63d"
-SRC_URI[sha256sum] =
"9f1c6d09d7148c1c2d9fd0ea655dcf4dcc407deb2db32d4126251ca0245cb670"
+SRC_URI[md5sum] = "c4c4727766f24ac716936275014a0536"
+SRC_URI[sha256sum] =
"3e04ad027c5b6ebd67c616eec13e66fbedb3d4d8cbe19cc29dadde44b92bda55"
require wget.inc
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] gettext: Upgrade 0.19.4 -> 0.19.6
Signed-off-by: Fan Xin
---
.../gettext/{gettext-0.19.4 => gettext-0.19.6}/parallel.patch | 0
meta/recipes-core/gettext/{gettext_0.19.4.bb => gettext_0.19.6.bb}| 4 ++--
2 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-core/gettext/{gettext-0.19.4 =>
gettext-0.19.6}/parallel.patch (100%)
rename meta/recipes-core/gettext/{gettext_0.19.4.bb => gettext_0.19.6.bb} (97%)
diff --git a/meta/recipes-core/gettext/gettext-0.19.4/parallel.patch
b/meta/recipes-core/gettext/gettext-0.19.6/parallel.patch
similarity index 100%
rename from meta/recipes-core/gettext/gettext-0.19.4/parallel.patch
rename to meta/recipes-core/gettext/gettext-0.19.6/parallel.patch
diff --git a/meta/recipes-core/gettext/gettext_0.19.4.bb
b/meta/recipes-core/gettext/gettext_0.19.6.bb
similarity index 97%
rename from meta/recipes-core/gettext/gettext_0.19.4.bb
rename to meta/recipes-core/gettext/gettext_0.19.6.bb
index a9c919a..737561d 100644
--- a/meta/recipes-core/gettext/gettext_0.19.4.bb
+++ b/meta/recipes-core/gettext/gettext_0.19.6.bb
@@ -18,8 +18,8 @@ PACKAGECONFIG[msgcat-curses] =
"--with-libncurses-prefix=${STAGING_LIBDIR}/..,--
LDFLAGS_prepend_libc-uclibc = " -lrt -lpthread "
-SRC_URI[md5sum] = "d3511af1e604a3478900d2c2b4a4a48e"
-SRC_URI[sha256sum] =
"8ac9f1ed1a5f8c4e656a2f37f5ba6b9ee04c4df79a575e876b0b6946aa417f3f"
+SRC_URI[md5sum] = "6d1447f8c5c45c329371ef4bfe7d79a5"
+SRC_URI[sha256sum] =
"ed4b4c19bd3a3034eb6769500a3592ff616759ef43cf30586dbb7a17c9dd695d"
inherit autotools texinfo
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH][dizzy] openssl: CVE-2015-3194, CVE-2015-3195
Hi Armin
Please merge this patch to daisy branch.
Thanks.
Fan
-Original Message-
From: openembedded-core-boun...@lists.openembedded.org
[mailto:openembedded-core-boun...@lists.openembedded.org] On Behalf Of
Sona Sarmadi
Sent: Tuesday, December 15, 2015 6:08 PM
To: openembedded-core@lists.openembedded.org
Subject: [OE-core] [PATCH][dizzy] openssl: CVE-2015-3194, CVE-2015-3195
Fixes following vulnerabilities:
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
X509_ATTRIBUTE memory leak (CVE-2015-3195)
References:
https://openssl.org/news/secadv/20151203.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3195
Upstream patches:
CVE-2015-3194:
https://git.openssl.org/?p=openssl.git;a=commit;h=
d8541d7e9e63bf5f343af24644046c8d96498c17
CVE-2015-3195:
https://git.openssl.org/?p=openssl.git;a=commit;h=
b29ffa392e839d05171206523e84909146f7a77c
Signed-off-by: Sona Sarmadi
---
.../CVE-2015-3194-Add-PSS-parameter-check.patch| 37 +
...CVE-2015-3195-Fix-leak-with-ASN.1-combine.patch | 61
++ .../recipes-connectivity/openssl/openssl_1.0.1p.bb |
2 +
3 files changed, 100 insertions(+)
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-parameter-c
heck.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.1-
combine.patch
diff --git
a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-paramete
r-check.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-paramete
r-check.patch
new file mode 100644
index 000..a6697ca
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3194-Add-PSS-pa
+++ rameter-check.patch
@@ -0,0 +1,37 @@
+From d8541d7e9e63bf5f343af24644046c8d96498c17 Mon Sep 17 00:00:00 2001
+From: "Dr. Stephen Henson"
+Date: Fri, 2 Oct 2015 13:10:29 +0100
+Subject:Add PSS parameter check.
+
+Avoid seg fault by checking mgf1 parameter is not NULL. This can be
+triggered during certificate verification so could be a DoS attack
+against a client or a server enabling client authentication.
+
+Thanks to Loïc Jonas Etienne (Qnective AG) for discovering this bug.
+
+CVE-2015-3194
+
+Upstream-Status: Backport
+
+Reviewed-by: Matt Caswell
+Signed-off-by: Sona Sarmadi
+---
+ crypto/rsa/rsa_ameth.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index
+93e071d..c7f1148 100644
+--- a/crypto/rsa/rsa_ameth.c
b/crypto/rsa/rsa_ameth.c
+@@ -279,7 +279,7 @@ static RSA_PSS_PARAMS *rsa_pss_decode(const
X509_ALGOR *alg,
+ if (pss->maskGenAlgorithm) {
+ ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
+ if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1
+-&& param->type == V_ASN1_SEQUENCE) {
++&& param && param->type == V_ASN1_SEQUENCE) {
+ p = param->value.sequence->data;
+ plen = param->value.sequence->length;
+ *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
+--
+1.9.1
+
diff --git
a/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.
1-combine.patch
b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-with-ASN.
1-combine.patch
new file mode 100644
index 000..be705c0
--- /dev/null
+++ b/meta/recipes-connectivity/openssl/openssl/CVE-2015-3195-Fix-leak-w
+++ ith-ASN.1-combine.patch
@@ -0,0 +1,61 @@
+commit b29ffa392e839d05171206523e84909146f7a77c
+Author: Dr. Stephen Henson
+Date: Tue, 10 Nov 2015 19:03:07 +
+Subject: Fix leak with ASN.1 combine.
+
+When parsing a combined structure pass a flag to the decode routine so
+on error a pointer to the parent structure is not zeroed as this will
+leak any additional components in the parent.
+
+This can leak memory in any application parsing PKCS#7 or CMS structures.
+
+CVE-2015-3195.
+
+Upstream-Status: Backport
+
+Thanks to Adam Langley (Google/BoringSSL) for discovering this bug
+using libFuzzer.
+
+PR#4131
+
+Reviewed-by: Richard Levitte
+Signed-off-by: Sona Sarmadi
+---
+ crypto/asn1/tasn_dec.c | 7 +--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index
+febf605..9256049 100644
+--- a/crypto/asn1/tasn_dec.c
b/crypto/asn1/tasn_dec.c
+@@ -180,6 +180,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const
unsigned char **in, long len,
+ int otag;
+ int ret = 0;
+ ASN1_VALUE **pchptr, *ptmpval;
++int combine = aclass & ASN1_TFLG_COMBINE;
++aclass &= ~ASN1_TFLG_COMBINE;
+ if (!pval)
+ return 0;
+ if (aux && aux->asn1_cb)
+@@ -500,7 +502,8 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const
+unsigned char **in, long len,
+ auxerr:
+ ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+ err:
+-ASN1_item_ex_free(pval, it);
++if (combine == 0)
++ASN1_item_ex_free(pval, it);
+ if (errtt)
+
[OE-core] [PATCH] tiff: upgrade 4.0.4 -> 4.0.6
Signed-off-by: Fan Xin
---
meta/recipes-multimedia/libtiff/{tiff_4.0.4.bb => tiff_4.0.6.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-multimedia/libtiff/{tiff_4.0.4.bb => tiff_4.0.6.bb} (92%)
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.4.bb
b/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
similarity index 92%
rename from meta/recipes-multimedia/libtiff/tiff_4.0.4.bb
rename to meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
index 74f0a72..e2e24e0 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.4.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
@@ -7,8 +7,8 @@ SRC_URI =
"ftp://ftp.remotesensing.org/pub/libtiff/tiff-${PV}.tar.gz \
file://libtool2.patch \
"
-SRC_URI[md5sum] = "9aee7107408a128c0c7b24286c0db900"
-SRC_URI[sha256sum] =
"8cb1d90c96f61cdfc0bcf036acc251c9dbe6320334da941c7a83cfe1576ef890"
+SRC_URI[md5sum] = "d1d2e940dea0b5ad435f21f03d96dd72"
+SRC_URI[sha256sum] =
"4d57a50907b510e3049a4bba0d7888930fdfc16ce49f1bf693e5b6247370d68c"
# exclude betas
UPSTREAM_CHECK_REGEX = "tiff-(?P\d+(\.\d+)+).tar"
--
1.8.4.2
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] Replace foomatic-filters with cups-filters
Hi I notice that there is foomatic-filters item in packagegroup-core-lsb.bb file. The foomatic-filters.bb file is added in 2011 for providing foomatic-rip to pass LSB commands check. But the foomatic-rips is moved from foomtic-filters to cups-filters and maintained by cups-filters according to the cups-filter's NEWS. (http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS) Now the foomatic-filters package is unmaintained. (http://www.gossamer-threads.com/lists/gentoo/user/288184) So I want to replace foomatic-filters with cups-filters in packagegroup-core-lsb.bb file and replace the foomatic-filters.bb file with cups-filters.bb file. How do you think about it? Best Regards, Fan -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] Replace foomatic-filters with cups-filters
The foomatic-filters community is inactive and foomatic-filter package is unmaintained. (http://www.gossamer-threads.com/lists/gentoo/user/288184) The foomatic-rips is moved from foomatic-filters to cups-filters and maintained by cups-filters according to the cups-filter's NEWS. (http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS) Signed-off-by: Fan Xin --- meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb b/meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb index a29c3d7..13ef710 100644 --- a/meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb +++ b/meta/recipes-extended/packagegroups/packagegroup-core-lsb.bb @@ -144,7 +144,7 @@ RDEPENDS_packagegroup-core-lsb-core = "\ file \ findutils \ fontconfig-utils \ -foomatic-filters \ +cups-filters \ gawk \ ghostscript \ grep \ -- 1.8.4.2 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] qpdf: add new recipe
QPDF is a command-line program that does structural,
content-preserving transformation on PDF files.
Signed-off-by: Fan Xin
---
meta/recipes-extended/qpdf/qpdf_6.0.0.bb | 26 ++
1 file changed, 26 insertions(+)
create mode 100644 meta/recipes-extended/qpdf/qpdf_6.0.0.bb
diff --git a/meta/recipes-extended/qpdf/qpdf_6.0.0.bb
b/meta/recipes-extended/qpdf/qpdf_6.0.0.bb
new file mode 100644
index 000..edee741
--- /dev/null
+++ b/meta/recipes-extended/qpdf/qpdf_6.0.0.bb
@@ -0,0 +1,26 @@
+SUMMARY = "QPDF is a command-line program that does structural,
content-preserving transformations on PDF files"
+DESCRIPTION = "QPDF is capable of creating linearized files and encrypted
files. It is also capable of \
+converting PDF files with object streams to files with no compressed objects
or to generate object streams \
+from files that don't have them. QPDF also supports a special mode designed to
allow you to edit the content \
+of PDF files in a text editor."
+HOMEPAGE = "http://qpdf.sourceforge.net/";
+
+PR = "r0"
+
+RDEPENDS_${PN} = "libpcre zlib"
+
+LICENSE = "Artistic-2.0"
+LIC_FILES_CHKSUM =
"file://${WORKDIR}/qpdf-${PV}/Artistic-2.0;md5=7806296b9fae874361e6fb10072b7ee3"
+
+SRC_URI =
"http://nchc.dl.sourceforge.net/project/qpdf/qpdf/6.0.0/qpdf-${PV}.tar.gz";
+
+SRC_URI[md5sum] = "e014bd3ecf1c4d1a520bbc14d84ac20e"
+SRC_URI[sha256sum] =
"a9fdc7e94d38fcd3831f37b6e0fe36492bf79aa6d54f8f66062cf7f9c4155233"
+
+inherit autotools-brokensep pkgconfig
+
+EXTRA_OECONF += "--with-random=/dev/urandom"
+
+do_configure_prepend() {
+ sh autogen.sh
+}
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] Replace foomatic-filters with cups-filters
On 2016年07月31日 07:47, Stephen Arnold wrote: No answer to this? cups-filters would be kinda important for actual printing, especially since the existing ghostscript/cups/poppler packages have all been gutted of anything called *toraster. The current state (on krogoth at least) is completely broken; is there something on another branch somewhere? If so, I can't see it with google... Steve Hi, Steve I am working on this one. Actually I have created the cups-filters recipe file. But the cups-filters depends on qpdf. Just now I sent the qpdf recipe file to mailing list and will send the cups-filters recipe files later. Cheers, Fan -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2] Replace foomatic-filters with cups-filters
The foomatic-filters community is inactive and foomatic-filter package is
unmaintained.
(http://www.gossamer-threads.com/lists/gentoo/user/288184)
The foomatic-rips is moved from foomatic-filters to cups-filters and
maintained by cups-filters according to the cups-filter's NEWS.
(http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/annotate/head:/NEWS)
Signed-off-by: Fan Xin
---
.../cups-filters-1.8.2-disable-ijs.patch | 65 ++
.../foomatic/cups-filters_1.8.3.bb | 34 +++
.../packagegroups/packagegroup-core-lsb.bb | 2 +-
3 files changed, 100 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-extended/foomatic/cups-filters/cups-filters-1.8.2-disable-ijs.patch
create mode 100644 meta/recipes-extended/foomatic/cups-filters_1.8.3.bb
diff --git
a/meta/recipes-extended/foomatic/cups-filters/cups-filters-1.8.2-disable-ijs.patch
b/meta/recipes-extended/foomatic/cups-filters/cups-filters-1.8.2-disable-ijs.patch
new file mode 100644
index 000..0a0a6ad
--- /dev/null
+++
b/meta/recipes-extended/foomatic/cups-filters/cups-filters-1.8.2-disable-ijs.patch
@@ -0,0 +1,65 @@
+=== modified file 'Makefile.am'
+--- Makefile.am2016-02-10 15:16:33 +
Makefile.am2016-03-02 20:46:26 +
+@@ -490,7 +490,6 @@
+ bannertopdf \
+ commandtoescpx \
+ commandtopclx \
+- pdftoijs \
+ sys5ippprinter \
+ pdftops \
+ pdftoraster \
+@@ -499,6 +498,10 @@
+ texttopdf \
+ urftopdf \
+ rastertopdf
++if ENABLE_IJS
++pkgfilter_PROGRAMS += \
++ pdftoijs
++endif
+ if ENABLE_GHOSTSCRIPT
+ pkgfilter_PROGRAMS += \
+ gstoraster
+@@ -846,9 +849,12 @@
+ ppd/Fuji_Xerox-DocuPrint_CM305_df-PDF.ppd \
+ ppd/Generic-PDF_Printer-PDF.ppd \
+ ppd/HP-Color_LaserJet_CM3530_MFP-PDF.ppd \
+- ppd/HP-PhotoSmart_Pro_B8300-hpijs-pdftoijs.ppd \
+ ppd/Ricoh-PDF_Printer-PDF.ppd \
+ ppd/textonly.ppd
++if ENABLE_IJS
++ppd_DATA += \
++ ppd/HP-PhotoSmart_Pro_B8300-hpijs-pdftoijs.ppd
++endif
+ if ENABLE_GHOSTSCRIPT
+ ppd_DATA += \
+ ppd/pxlcolor.ppd \
+=== modified file 'configure.ac'
+--- configure.ac 2016-02-11 13:59:52 +
configure.ac 2016-03-02 21:18:05 +
+@@ -443,7 +443,7 @@
+ ])
+ PKG_CHECK_MODULES([FREETYPE], [freetype2], [AC_DEFINE([HAVE_FREETYPE_H], [1],
[Have FreeType2 include files])])
+ PKG_CHECK_MODULES([FONTCONFIG], [fontconfig >= 2.0.0])
+-PKG_CHECK_MODULES([IJS], [ijs])
++PKG_CHECK_MODULES([IJS], [ijs], [have_ijs=yes], [have_ijs=no])
+ PKG_CHECK_MODULES([POPPLER], [poppler >= 0.18])
+ PKG_CHECK_MODULES([ZLIB], [zlib])
+ AC_DEFINE([HAVE_LIBZ], [], [Define that we use zlib])
+@@ -489,6 +489,15 @@
+ [enable_ghostscript="$enableval"],
+ [enable_ghostscript=yes]
+ )
++AC_ARG_ENABLE([ijs],
++ [AS_HELP_STRING([--disable-ijs], [Disable filters using IJS.])],
++ [enable_ijs="$enableval"],
++ [enable_ijs=yes]
++)
++AS_IF([test "x$enable_ijs" = "xyes" -a "x$have_ijs" != "xyes"], [
++ AC_MSG_ERROR([IJS not found, but requested.])
++])
++AM_CONDITIONAL(ENABLE_IJS, test "x$enable_ijs" = "xyes")
+ AC_ARG_WITH([pdftops],
+ [AS_HELP_STRING([--with-pdftops=value], [Set which pdftops to use
(gs,pdftops,pdftocairo,acroread,hybrid).])],
+ [with_pdftops="$withval"],
+
diff --git a/meta/recipes-extended/foomatic/cups-filters_1.8.3.bb
b/meta/recipes-extended/foomatic/cups-filters_1.8.3.bb
new file mode 100644
index 000..4eef7ef
--- /dev/null
+++ b/meta/recipes-extended/foomatic/cups-filters_1.8.3.bb
@@ -0,0 +1,34 @@
+SUMMARY = "OpenPrinting printer support - filters"
+DESCRIPTION = "CUPS is a standards-based, open source printing system \
+developed by Apple Inc. for Mac OS® X and other UNIX®-like operating systems. \
+CUPS uses the Internet Printing Protocol ("IPP") and provides System V and \
+Berkeley command-line interfaces, a web interface, and a C API to manage
printers \
+and print jobs. \
+ \
+This package consists of filters used by the printer spoolers \
+to convert the incoming PostScript data into the printer's native \
+format using a printer-specific, but spooler-independent PPD file. \
+"
+
+DEPENDS += "cups tiff lcms freetype fontconfig poppler qpdf"
+PR = "r0"
+
+LICENSE = "GPLv2 & LGPLv2 & MIT & GPLv2+ & GPLv3"
+LIC_FILES_CHKSUM =
"file://${WORKDIR}/cups-filters-${PV}/COPYING;md5=d420e185486344da6176553848350932"
+
+SRC_URI =
"http://www.openprinting.org/download/cups-filters/cups-filters-${PV}.tar.gz \
+ "
+
+SRC_URI[md5sum] = "9ecda355e1f4c781784f902737df6321"
+SRC_URI[sha256sum] =
"0ad46d15737b309fe648fe39023a4eb6a3528faadbeb97d6ecf523df40950033"
+
+UPSTREAM_CHECK_REGEX = "cups-filters
Re: [OE-core] [PATCH v2] Replace foomatic-filters with cups-filters
On 2016年08月02日 02:24, Burton, Ross wrote: On 1 August 2016 at 18:22, Stephen Arnold mailto:stephen.arnol...@gmail.com>> wrote: That's actually not a bad idea, but I need to crank out another abstract today (the deadline for special session snuck up on me). We kinda needed this for a project, but I think a tiny print server is always useful. What's your plan? Well my plan was: 1) say that someone should create meta-printing 2) watch someone create meta-printing 3) delete everything printing related in oe-core I can help a bit on (2) I guess... Fan Xin, would you or anyone else at Fujitsu (as you clearly have interest here) be able to help? Yes, Of course. Actually I am very pleased to do this. I am afraid I can not do it very well, but I will try my best. Fan -- -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v2] Replace foomatic-filters with cups-filters
On 2016年08月03日 02:33, Stephen Arnold wrote: Hey, don't keep all the fun to yourself :P Let's take a look at the recipes and marge the best bits together; I think I have an update on my end after getting some feedback with a zebra label printer. Fan, can you push/post your recipes somewhere today? Feel free to fork meta-small-arm-extra and we can take a look at merging. Steve I have pushed my recipes at here: https://github.com/fan-xin/meta-printing I checked meta-small-arm-extra but did not find what could be merged from my recipe. I wonder where the cups-filters and qpdf recipe files should be put. In cups folder or separate folder ? Fan -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v2] Replace foomatic-filters with cups-filters
On 2016年08月03日 10:12, Stephen Arnold wrote: sorry, you missed a couple of replies I guess... It's in the Ross repo now: https://github.com/rossburton/meta-printing Steve Hey, Ross If possible, please also add me. Thanks. Fan -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] ltp: upgrade to 20160510
Signed-off-by: Fan Xin
---
meta/recipes-extended/ltp/{ltp_20160126.bb => ltp_20160510.bb} | 0
1 file changed, 0 insertions(+), 0 deletions(-)
rename meta/recipes-extended/ltp/{ltp_20160126.bb => ltp_20160510.bb} (100%)
diff --git a/meta/recipes-extended/ltp/ltp_20160126.bb
b/meta/recipes-extended/ltp/ltp_20160510.bb
similarity index 100%
rename from meta/recipes-extended/ltp/ltp_20160126.bb
rename to meta/recipes-extended/ltp/ltp_20160510.bb
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] curl: upgrade to 7.50.0
Signed-off-by: Fan Xin
---
meta/recipes-support/curl/{curl_7.49.1.bb => curl_7.50.0.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/curl/{curl_7.49.1.bb => curl_7.50.0.bb} (94%)
diff --git a/meta/recipes-support/curl/curl_7.49.1.bb
b/meta/recipes-support/curl/curl_7.50.0.bb
similarity index 94%
rename from meta/recipes-support/curl/curl_7.49.1.bb
rename to meta/recipes-support/curl/curl_7.50.0.bb
index db9dc1a..6a5be25 100644
--- a/meta/recipes-support/curl/curl_7.49.1.bb
+++ b/meta/recipes-support/curl/curl_7.50.0.bb
@@ -14,8 +14,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
#
SRC_URI += " file://configure_ac.patch"
-SRC_URI[md5sum] = "6bb1f7af5b58b30e4e6414b8c1abccab"
-SRC_URI[sha256sum] =
"eb63cec4bef692eab9db459033f409533e6d10e20942f4b060b32819e81885f1"
+SRC_URI[md5sum] = "9e463ff8fdc1b5daa81c850c514980ec"
+SRC_URI[sha256sum] =
"608dfe2db77f48db792c387e7791aca55a25f0b42385707ad927164199ecfa9a"
inherit autotools pkgconfig binconfig multilib_header
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] procps: upgrade to 3.3.12
Signed-off-by: Fan Xin
---
meta/recipes-extended/procps/{procps_3.3.11.bb => procps_3.3.12.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/procps/{procps_3.3.11.bb => procps_3.3.12.bb}
(94%)
diff --git a/meta/recipes-extended/procps/procps_3.3.11.bb
b/meta/recipes-extended/procps/procps_3.3.12.bb
similarity index 94%
rename from meta/recipes-extended/procps/procps_3.3.11.bb
rename to meta/recipes-extended/procps/procps_3.3.12.bb
index c6dccc6..4ca1a50 100644
--- a/meta/recipes-extended/procps/procps_3.3.11.bb
+++ b/meta/recipes-extended/procps/procps_3.3.12.bb
@@ -16,8 +16,8 @@ SRC_URI =
"http://downloads.sourceforge.net/project/procps-ng/Production/procps-
file://sysctl.conf \
"
-SRC_URI[md5sum] = "6cc5b94c1c5b8cbc89ad345a7b522f74"
-SRC_URI[sha256sum] =
"e9493169a2d2adc0bc045538707310c8e877b385e4e296143b62607d2bb044ed"
+SRC_URI[md5sum] = "957e42e8b193490b2111252e4a2b443c"
+SRC_URI[sha256sum] =
"6ed65ab86318f37904e8f9014415a098bec5bc53653e5d9ab404f95ca5e1a7d4"
S = "${WORKDIR}/procps-ng-${PV}"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libgcrypt: upgrade to 1.7.2
Signed-off-by: Fan Xin
---
.../libgcrypt/{libgcrypt_1.7.0.bb => libgcrypt_1.7.2.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/libgcrypt/{libgcrypt_1.7.0.bb =>
libgcrypt_1.7.2.bb} (14%)
diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.7.0.bb
b/meta/recipes-support/libgcrypt/libgcrypt_1.7.2.bb
similarity index 14%
rename from meta/recipes-support/libgcrypt/libgcrypt_1.7.0.bb
rename to meta/recipes-support/libgcrypt/libgcrypt_1.7.2.bb
index 37637f6..8931d18 100644
--- a/meta/recipes-support/libgcrypt/libgcrypt_1.7.0.bb
+++ b/meta/recipes-support/libgcrypt/libgcrypt_1.7.2.bb
@@ -1,4 +1,4 @@
require libgcrypt.inc
-SRC_URI[md5sum] = "0a4d2d94b69832c780599f38280b2450"
-SRC_URI[sha256sum] =
"07f88053ac9f7cfd35c2d404954b1e370818b757fd202ef2a5d4f398c11b7b06"
+SRC_URI[md5sum] = "b28de2eaf8fc0c916c76ab67be5a3790"
+SRC_URI[sha256sum] =
"70c8e439420823505b39addbf51c469ef0df5a1372fa1d7d33ec9261079d08e2"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH v2] Replace foomatic-filters with cups-filters
Hi I notice that the newest version of cups-filters is 1.10.0 . https://www.openprinting.org/download/cups-filters/ So I make a patch to upgrade the cups-filters and make some updates to the recipe file. https://github.com/fan-xin/meta-printing/commit/cc2981c93c5fdfc1c19cffa031cc7207da5898ed Could you merge this patch to meta-printing. Best Regards, Fan On 2016年08月03日 10:42, Fan Xin wrote: On 2016年08月03日 10:12, Stephen Arnold wrote: sorry, you missed a couple of replies I guess... It's in the Ross repo now: https://github.com/rossburton/meta-printing Steve Hey, Ross If possible, please also add me. Thanks. Fan -- = 株式会社富士通コンピュータテクノロジーズ 組込みシステム技術統括部 第一ファームウェア技術部 樊 昕 Fan Xin fan@jp.fujitsu.com ┏┓ ┗■ 【ubinux V15】のリリースを開始しました! 「SDN(Open vSwitch)」や「クラウド管理(OpenStack Heat)」などに対応 - 詳細>>http://elsc.utsfd.cs.fujitsu.co.jp/location_elsc.php?id=0024 ※"ubinux"は組込み装置向け当社独自のLinuxディストリビューションです ━━━ -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] ltp: upgrade to 20160510
As this recipe fetches from git if you don't change SRCREV then it's not an upgrade. Yes, you are right. I will modify the SRCREV and resend the patch. Thanks for your comment. Best Regards, Fan -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] qpdf: add new recipe
Why do we need this in OE-Core compared to a layer like meta -openembedded? Hi, thanks for your comment. I have sent this patch to meta-openembedded. I sent this patch because the qpdf is dependence of cups-filters. And I want to replace the foomatic-filters with cups-filters. So firstly I sent qpdf recipe to OE-Core. Best Regards, Fan -- -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] ltp: Upgrade 20160126 -> 20160920
1. Upgrade from 20160126 to 20160920
https://github.com/linux-test-project/ltp/releases/tag/20160920
2. Delete the unnecessary patch files because the ltp source code has been
changed.
---
.../ltp/0001-ltp-Don-t-link-against-libfl.patch| 30 --
...sendfile-Use-off64_t-instead-of-__off64_t.patch | 31 --
.../ltp/ltp/0007-replace-SIGCLD-with-SIGCHLD.patch | 394 -
.../ltp/0009-Guard-error.h-with-__GLIBC__.patch| 270 --
.../0011-Rename-sigset-variable-to-sigset1.patch | 136 ---
...fsstress.c-Replace-__int64_t-with-int64_t.patch | 351 --
...nclude-fcntl.h-for-getting-O_-definitions.patch | 67
...ing-Include-sys-types.h-for-pid_t-definit.patch | 56 ---
...015-mincore01-Rename-PAGESIZE-to-pagesize.patch | 64
...Change-header-from-ustat.h-to-sys-ustat.h.patch | 45 ---
.../0017-replace-sigval_t-with-union-sigval.patch | 88 -
...lace-canonicalize_file_name-with-realpath.patch | 32 --
.../ltp/ltp/0022-include-sys-types.h.patch | 29 --
...sconf01-Use-_SC_2_C_VERSION-conditionally.patch | 29 --
.../ltp/0029-trace_shed-Fix-build-with-musl.patch | 32 --
...READ_MUTEX_RECURSIVE-in-place-of-PTHREAD_.patch | 33 --
...age-size-offset-as-per-page-size-alignmen.patch | 33 --
...-regen.sh-Include-asm-unistd.h-explicitly.patch | 30 --
.../ltp/ltp/0035-fix-test_proc_kill-hang.patch | 23 --
.../ltp/{ltp_20160126.bb => ltp_20160920.bb} | 49 +--
20 files changed, 15 insertions(+), 1807 deletions(-)
delete mode 100644
meta/recipes-extended/ltp/ltp/0001-ltp-Don-t-link-against-libfl.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0006-sendfile-Use-off64_t-instead-of-__off64_t.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0007-replace-SIGCLD-with-SIGCHLD.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0009-Guard-error.h-with-__GLIBC__.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0011-Rename-sigset-variable-to-sigset1.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0012-fsstress.c-Replace-__int64_t-with-int64_t.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0013-include-fcntl.h-for-getting-O_-definitions.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0014-hyperthreading-Include-sys-types.h-for-pid_t-definit.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0015-mincore01-Rename-PAGESIZE-to-pagesize.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0016-ustat-Change-header-from-ustat.h-to-sys-ustat.h.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0017-replace-sigval_t-with-union-sigval.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0019-tomoyo-Replace-canonicalize_file_name-with-realpath.patch
delete mode 100644 meta/recipes-extended/ltp/ltp/0022-include-sys-types.h.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0027-sysconf01-Use-_SC_2_C_VERSION-conditionally.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0029-trace_shed-Fix-build-with-musl.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0030-lib-Use-PTHREAD_MUTEX_RECURSIVE-in-place-of-PTHREAD_.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0031-vma03-fix-page-size-offset-as-per-page-size-alignmen.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0032-regen.sh-Include-asm-unistd.h-explicitly.patch
delete mode 100644
meta/recipes-extended/ltp/ltp/0035-fix-test_proc_kill-hang.patch
rename meta/recipes-extended/ltp/{ltp_20160126.bb => ltp_20160920.bb} (66%)
diff --git
a/meta/recipes-extended/ltp/ltp/0001-ltp-Don-t-link-against-libfl.patch
b/meta/recipes-extended/ltp/ltp/0001-ltp-Don-t-link-against-libfl.patch
deleted file mode 100644
index 585b7cb..000
--- a/meta/recipes-extended/ltp/ltp/0001-ltp-Don-t-link-against-libfl.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 14985fccf7428eaa0b45decc22bfd20fd780f621 Mon Sep 17 00:00:00 2001
-From: Chong Lu
-Date: Tue, 11 Mar 2014 14:47:22 +0800
-Subject: [PATCH 01/32] ltp: Don't link against libfl
-
-We have already defined yywrap function in scan.l file. After this, we no
longer need to
-link against libfl and so no longer get errors about undefined references to
yylex.
-
-Signed-off-by: Chong Lu
-Signed-off-by: Khem Raj
- pan/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/pan/Makefile b/pan/Makefile
-index 4cc6466..a4b575b 100644
a/pan/Makefile
-+++ b/pan/Makefile
-@@ -31,7 +31,7 @@ CPPFLAGS += -Wno-error
-
- CPPFLAGS += -I$(abs_srcdir)
-
--LDLIBS+= -lm $(LEXLIB)
-+LDLIBS+= -lm
-
- LFLAGS+= -l
-
---
-2.7.0
-
diff --git
a/meta/recipes-extended/ltp/ltp/0006-sendfile-Use-off64_t-instead-of-__off64_t.patch
b/meta/recipes-extended/ltp/ltp/0006-sendfile-Use-off64_t-instead-of-__off64_t.patch
deleted file mode 100644
index 56a48ab..000
---
a/meta/recipes-extended/ltp/ltp/0006-sendfile-Use-off64_t-instead-of-__of
Re: [OE-core] [PATCH] ltp: Upgrade 20160126 -> 20160920
On 2016年10月06日 18:22, Burton, Ross wrote: On 6 October 2016 at 07:29, Fan Xin mailto:fan@jp.fujitsu.com>> wrote: 1. Upgrade from 20160126 to 20160920 https://github.com/linux-test-project/ltp/releases/tag/20160920 <https://github.com/linux-test-project/ltp/releases/tag/20160920> We're close to the final 2.2 release so unless this is *critical* then it won't be merged until 2.3 is open. Yes, I know. It occurred to me just after I sent this patch. I will resend it after 2.3. 2. Delete the unnecessary patch files because the ltp source code has been changed. Delete because they've all been merged upstream, or because they conflict and you don't want to rebase? Delete the unnecessary patch files because 1. Some of patch files have been merged into upstream. 2. Upstream drop some test cases where these patch adapt to, so the patch files become unnecessary and nowhere to adapt. The patches I looked at either had no or pending Upstream-Status, so I can't trivially check that they have been submitted upstream and are now redundant. Did you mean that Upstream-Status should be added for each patch file ? Best Regards, Fan -- = -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] rpm: Recover RPM4 to OE-core
Hi I did some work to figure out whether the smartpm could been built with python3. However, I found smartpm is dependent with rpm, and OE-core uses RPM5 which seems has some bug. http://rpm5.org/community/rpm-users/1098.html RPM4 could be built with python3. So I think maybe we could recover RPM4 into OE-core which is deleted (oe-core a6e7a86f1635be9a688c56c25e9d215ea4d2cc84 ) The drop reason is that RPM4 is buggy and no one want to maintain it. I build RPM4 in OE-core and the build is finished without any bug. And next I will try to use smartpm to manage RPM4 packages in my local environment. By the way, could anyone give more detail info about the bugs in RPM4 or any suggestion about how to make smartpm built with python3. Thanks. Best Regards, Fan -- -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] rpm: Recover RPM4 to OE-core
Hi Joshua, Thanks for your info. Actually, our origin motivation is that we found smartpm is not maintained any more. We maintain smartpm for our distro at https://github.com/ubinux/smart2 Then we realize smartpm should switch to python3. In order to solve this issue, there are four solutions as follows. [1] smart/RPM5 [2] smart/RPM4 [3] dnf/RPM5 [4] dnf/RPM4 I confirm that RPM5 have some bugs with python3 and I am not familiar with RPM. So I think the easy way to solve this issue is [2], recover RPM4 and solve the bugs in smartpm. It's also worth pointing out that we're strongly considering dropping SMART in the next (2.3) development cycle[4]. Considering YP would like to drop smart in 2.3, I wonder YP would use [3]dnf/RPM5 or [4]dnf/RPM4 ? Do you have a reason for wanting rpm4 beyond the proven Python3 support? No, I just think python3 support issue should be solved. I am fine with RPM4 or RPM5 or smart or dnf. Best Regards, Fan -- -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] rpm: Recover RPM4 to OE-core
Hi Maciej, BTW. do you recall the rationale behind abandoning zypper in 1.4? I'm curious about the motivation for using smart given its Python dependency. The reason to drop Zypper is Zypper has too much components and brings huge potential support issues described in [1]. The maintainer of Yum is actively hostile toward RPM5. This is the reason why YP do not select YUM. In [2], Smart is small and compact. And dependency of smart is small (python and rpm). The dnf forks from Yum and dependent of hawkey, librepo, libcomps, libsolv. If according to the same raionale, smart is still the proper choice. The relationship is complicated among rpm4, rpm5, dnf, yum, smart and OE-core. And thing is changing makes it harder to figure out this issue. Best Regards, Fan [1] https://lists.yoctoproject.org/pipermail/yocto/2012-October/010384.html [2] http://lists.openembedded.org/pipermail/openembedded-core/2015-January/100582.html -- -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] binutils: Fix CVE-2017-8392
Backport upsream commit to fix CVE-2017-8392
CVE:CVE-2017-8392
[BZ 21409] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21409
PR 21409, segfault in _bfd_dwarf2_find_nearest_line
PR 21409
* dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when
no symbols.
Signed-off-by: Fan Xin
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 2 +
...-lookup-of-file-line-information-for-erro.patch | 74 ++
...segfault-in-_bfd_dwarf2_find_nearest_line.patch | 32 ++
3 files changed, 108 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 7585da1..5492505 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -37,6 +37,8 @@ SRC_URI = "\
file://0016-Detect-64-bit-MIPS-targets.patch \
file://CVE-2017-6965.patch \
file://CVE-2017-6966.patch \
+ file://0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch \
+ file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \
"
S = "${WORKDIR}/git"
diff --git
a/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
new file mode 100644
index 000..0716623
--- /dev/null
+++
b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
@@ -0,0 +1,74 @@
+From 3239a4231ff79bf8b67b8faaf414b1667486167c Mon Sep 17 00:00:00 2001
+From: Andrew Burgess
+Date: Mon, 19 Dec 2016 15:27:59 +
+Subject: [PATCH] bfd: Improve lookup of file / line information for errors
+
+When looking up file and line information (used from the linker to
+report error messages) if no symbol is passed in, then use the symbol
+list to look for a matching symbol.
+
+If a matching symbol is found then use this to look up the file / line
+information.
+
+This should improve errors when looking up file / line information for
+data sections. Hopefully we should find a matching data symbol, which
+should, in turn (we hope) match a DW_TAG_variable in the DWARF, this
+should allow us to give accurate file / line errors for data symbols.
+
+As the hope is to find a matching DW_TAG_variable in the DWARF then we
+ignore section symbols, and prefer global symbols to locals.
+
+Upstream-Status: Submitted
+
+Signed-off-by: Fan Xin
+---
+ bfd/dwarf2.c | 32
+ 1 files changed, 32 insertions(+)
+
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 03447a9..9bb8126 100644
+--- a/bfd/dwarf2.c
b/bfd/dwarf2.c
+@@ -4155,6 +4155,38 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd,
+ {
+ BFD_ASSERT (section != NULL && functionname_ptr != NULL);
+ addr = offset;
++
++ /* If we have no SYMBOL but the section we're looking at is not a
++ code section, then take a look through the list of symbols to see
++ if we have a symbol at the address we're looking for. If we do
++ then use this to look up line information. This will allow us to
++ give file and line results for data symbols. We exclude code
++ symbols here, if we look up a function symbol and then look up the
++ line information we'll actually return the line number for the
++ opening '{' rather than the function definition line. This is
++ because looking up by symbol uses the line table, in which the
++ first line for a function is usually the opening '{', while
++ looking up the function by section + offset uses the
++ DW_AT_decl_line from the function DW_TAG_subprogram for the line,
++ which will be the line of the function name. */
++ if ((section->flags & SEC_CODE) == 0)
++ {
++asymbol **tmp;
++
++for (tmp = symbols; (*tmp) != NULL; ++tmp)
++ if ((*tmp)->the_bfd == abfd
++ && (*tmp)->section == section
++ && (*tmp)->value == offset
++ && ((*tmp)->flags & BSF_SECTION_SYM) == 0)
++{
++ symbol = *tmp;
++ do_line = TRUE;
++/* For local symbols, keep going in the hope we find a
++ global. */
++if ((symbol->flags & BSF_GLOBAL) != 0)
++ break;
++}
++ }
+ }
+
+ if (section->output_section)
+--
+1.9.1
+
diff --git
a/meta/recipes-devtools/binutils/binutils/0018-P
[OE-core] [PATCH v2] binutils: Fix CVE-2017-8392
Backport upsream commit to fix CVE-2017-8392
CVE: CVE-2017-8392
[BZ 21409] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21409
PR 21409, segfault in _bfd_dwarf2_find_nearest_line
PR 21409
* dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when
no symbols.
Signed-off-by: Fan Xin
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 2 +
...-lookup-of-file-line-information-for-erro.patch | 74 ++
...segfault-in-_bfd_dwarf2_find_nearest_line.patch | 32 ++
3 files changed, 108 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 7585da1..5492505 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -37,6 +37,8 @@ SRC_URI = "\
file://0016-Detect-64-bit-MIPS-targets.patch \
file://CVE-2017-6965.patch \
file://CVE-2017-6966.patch \
+ file://0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch \
+ file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \
"
S = "${WORKDIR}/git"
diff --git
a/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
new file mode 100644
index 000..0716623
--- /dev/null
+++
b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
@@ -0,0 +1,74 @@
+From 3239a4231ff79bf8b67b8faaf414b1667486167c Mon Sep 17 00:00:00 2001
+From: Andrew Burgess
+Date: Mon, 19 Dec 2016 15:27:59 +
+Subject: [PATCH] bfd: Improve lookup of file / line information for errors
+
+When looking up file and line information (used from the linker to
+report error messages) if no symbol is passed in, then use the symbol
+list to look for a matching symbol.
+
+If a matching symbol is found then use this to look up the file / line
+information.
+
+This should improve errors when looking up file / line information for
+data sections. Hopefully we should find a matching data symbol, which
+should, in turn (we hope) match a DW_TAG_variable in the DWARF, this
+should allow us to give accurate file / line errors for data symbols.
+
+As the hope is to find a matching DW_TAG_variable in the DWARF then we
+ignore section symbols, and prefer global symbols to locals.
+
+Upstream-Status: Submitted
+
+Signed-off-by: Fan Xin
+---
+ bfd/dwarf2.c | 32
+ 1 files changed, 32 insertions(+)
+
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 03447a9..9bb8126 100644
+--- a/bfd/dwarf2.c
b/bfd/dwarf2.c
+@@ -4155,6 +4155,38 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd,
+ {
+ BFD_ASSERT (section != NULL && functionname_ptr != NULL);
+ addr = offset;
++
++ /* If we have no SYMBOL but the section we're looking at is not a
++ code section, then take a look through the list of symbols to see
++ if we have a symbol at the address we're looking for. If we do
++ then use this to look up line information. This will allow us to
++ give file and line results for data symbols. We exclude code
++ symbols here, if we look up a function symbol and then look up the
++ line information we'll actually return the line number for the
++ opening '{' rather than the function definition line. This is
++ because looking up by symbol uses the line table, in which the
++ first line for a function is usually the opening '{', while
++ looking up the function by section + offset uses the
++ DW_AT_decl_line from the function DW_TAG_subprogram for the line,
++ which will be the line of the function name. */
++ if ((section->flags & SEC_CODE) == 0)
++ {
++asymbol **tmp;
++
++for (tmp = symbols; (*tmp) != NULL; ++tmp)
++ if ((*tmp)->the_bfd == abfd
++ && (*tmp)->section == section
++ && (*tmp)->value == offset
++ && ((*tmp)->flags & BSF_SECTION_SYM) == 0)
++{
++ symbol = *tmp;
++ do_line = TRUE;
++/* For local symbols, keep going in the hope we find a
++ global. */
++if ((symbol->flags & BSF_GLOBAL) != 0)
++ break;
++}
++ }
+ }
+
+ if (section->output_section)
+--
+1.9.1
+
diff --git
a/meta/recipes-devtools/binutils/binutils/0018-P
[OE-core] [PATCH v3] binutils: Fix CVE-2017-8392
Backport upsream commit to fix CVE-2017-8392
CVE: CVE-2017-8392
[BZ 21409] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21409
PR 21409, segfault in _bfd_dwarf2_find_nearest_line
PR 21409
* dwarf2.c (_bfd_dwarf2_find_nearest_line): Don't segfault when
no symbols.
Signed-off-by: Fan Xin
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 2 +
...-lookup-of-file-line-information-for-erro.patch | 75 ++
...segfault-in-_bfd_dwarf2_find_nearest_line.patch | 33 ++
3 files changed, 110 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 7585da1..5492505 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -37,6 +37,8 @@ SRC_URI = "\
file://0016-Detect-64-bit-MIPS-targets.patch \
file://CVE-2017-6965.patch \
file://CVE-2017-6966.patch \
+ file://0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch \
+ file://0018-PR-21409-segfault-in-_bfd_dwarf2_find_nearest_line.patch \
"
S = "${WORKDIR}/git"
diff --git
a/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
new file mode 100644
index 000..23ad10a
--- /dev/null
+++
b/meta/recipes-devtools/binutils/binutils/0017-bfd-Improve-lookup-of-file-line-information-for-erro.patch
@@ -0,0 +1,75 @@
+From 3239a4231ff79bf8b67b8faaf414b1667486167c Mon Sep 17 00:00:00 2001
+From: Andrew Burgess
+Date: Mon, 19 Dec 2016 15:27:59 +
+Subject: [PATCH] bfd: Improve lookup of file / line information for errors
+
+When looking up file and line information (used from the linker to
+report error messages) if no symbol is passed in, then use the symbol
+list to look for a matching symbol.
+
+If a matching symbol is found then use this to look up the file / line
+information.
+
+This should improve errors when looking up file / line information for
+data sections. Hopefully we should find a matching data symbol, which
+should, in turn (we hope) match a DW_TAG_variable in the DWARF, this
+should allow us to give accurate file / line errors for data symbols.
+
+As the hope is to find a matching DW_TAG_variable in the DWARF then we
+ignore section symbols, and prefer global symbols to locals.
+
+CVE: CVE-2017-8392
+Upstream-Status: Accepted
+
+Signed-off-by: Fan Xin
+---
+ bfd/dwarf2.c | 32
+ 1 files changed, 32 insertions(+)
+
+
+diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c
+index 03447a9..9bb8126 100644
+--- a/bfd/dwarf2.c
b/bfd/dwarf2.c
+@@ -4155,6 +4155,38 @@ _bfd_dwarf2_find_nearest_line (bfd *abfd,
+ {
+ BFD_ASSERT (section != NULL && functionname_ptr != NULL);
+ addr = offset;
++
++ /* If we have no SYMBOL but the section we're looking at is not a
++ code section, then take a look through the list of symbols to see
++ if we have a symbol at the address we're looking for. If we do
++ then use this to look up line information. This will allow us to
++ give file and line results for data symbols. We exclude code
++ symbols here, if we look up a function symbol and then look up the
++ line information we'll actually return the line number for the
++ opening '{' rather than the function definition line. This is
++ because looking up by symbol uses the line table, in which the
++ first line for a function is usually the opening '{', while
++ looking up the function by section + offset uses the
++ DW_AT_decl_line from the function DW_TAG_subprogram for the line,
++ which will be the line of the function name. */
++ if ((section->flags & SEC_CODE) == 0)
++ {
++asymbol **tmp;
++
++for (tmp = symbols; (*tmp) != NULL; ++tmp)
++ if ((*tmp)->the_bfd == abfd
++ && (*tmp)->section == section
++ && (*tmp)->value == offset
++ && ((*tmp)->flags & BSF_SECTION_SYM) == 0)
++{
++ symbol = *tmp;
++ do_line = TRUE;
++/* For local symbols, keep going in the hope we find a
++ global. */
++if ((symbol->flags & BSF_GLOBAL) != 0)
++ break;
++}
++ }
+ }
+
+ if (section->output_section)
+--
+1.9.1
+
diff --git
a/meta/recipes-devtools/binuti
[OE-core] [PATCH] rpcbind: Fix CVE-2017-8779
This vulnerability is also called "rpcbomb".
Backport upstream patch to fix this vulnerability.
CVE: CVE-2017-8779
Signed-off-by: Fan Xin
---
...r-all-svc_getargs-calls-with-svc_freeargs.patch | 221 +
meta/recipes-extended/rpcbind/rpcbind_0.2.4.bb | 1 +
2 files changed, 222 insertions(+)
create mode 100644
meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
diff --git
a/meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
b/meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
new file mode 100644
index 000..bf7aaef
--- /dev/null
+++
b/meta/recipes-extended/rpcbind/rpcbind/0001-rpcbind-pair-all-svc_getargs-calls-with-svc_freeargs.patch
@@ -0,0 +1,221 @@
+From 7ea36eeece56b59f98e469934e4c20b4da043346 Mon Sep 17 00:00:00 2001
+From: Doran Moppert
+Date: Thu, 11 May 2017 11:42:54 -0400
+Subject: [PATCH] rpcbind: pair all svc_getargs() calls with svc_freeargs() to
+ avoid memory leak
+
+This patch is to address CVE-2017-8779 "rpcbomb" in rpcbind, discussed
+at [1], [2], [3]. The last link suggests this issue is actually a bug
+in rpcbind, which led me here.
+
+The leak caused by the reproducer at [4] appears to come from
+rpcb_service_4(), in the case where svc_getargs() returns false and the
+function had an early return, rather than passing through the cleanup
+path at done:, as would otherwise occur.
+
+It also addresses a couple of other locations where the same fault seems
+to exist, though I haven't been able to exercise those. I hope someone
+more intimate with rpc(3) can confirm my understanding is correct, and
+that I haven't introduced any new bugs.
+
+Without this patch, using the reproducer (and variants) repeatedly
+against rpcbind with a numBytes argument of 1_000_000_000, /proc/$(pidof
+rpcbind)/status reports VmSize increase of 976564 kB each call, and
+VmRSS increase of around 260 kB every 33 calls - the specific numbers
+are probably an artifact of my rhel/glibc version. With the patch,
+there is a small (~50 kB) VmSize increase with the first message, but
+thereafter both VmSize and VmRSS remain steady.
+
+[1]: http://seclists.org/oss-sec/2017/q2/209
+[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1448124
+[3]: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
+[4]: https://github.com/guidovranken/rpcbomb/
+
+
+CVE: CVE-2017-8779
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin
+---
+ src/pmap_svc.c | 56 +-
+ src/rpcb_svc.c | 2 +-
+ src/rpcb_svc_4.c | 2 +-
+ src/rpcb_svc_com.c | 8
+ 4 files changed, 57 insertions(+), 11 deletions(-)
+
+diff --git a/src/pmap_svc.c b/src/pmap_svc.c
+index 4c744fe..e926cdc 100644
+--- a/src/pmap_svc.c
b/src/pmap_svc.c
+@@ -175,6 +175,7 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/,
SVCXPRT *xprt, unsigned long
+ long ans;
+ uid_t uid;
+ char uidbuf[32];
++ int rc = TRUE;
+
+ /*
+* Can't use getpwnam here. We might end up calling ourselves
+@@ -194,7 +195,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/,
SVCXPRT *xprt, unsigned long
+
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)®)) {
+ svcerr_decode(xprt);
+- return (FALSE);
++ rc = FALSE;
++ goto done;
+ }
+ #ifdef RPCBIND_DEBUG
+ if (debugging)
+@@ -205,7 +207,8 @@ pmapproc_change(struct svc_req *rqstp /*__unused*/,
SVCXPRT *xprt, unsigned long
+
+ if (!check_access(xprt, op, reg.pm_prog, PMAPVERS)) {
+ svcerr_weakauth(xprt);
+- return (FALSE);
++ rc = (FALSE);
++ goto done;
+ }
+
+ rpcbreg.r_prog = reg.pm_prog;
+@@ -258,7 +261,16 @@ done_change:
+ rpcbs_set(RPCBVERS_2_STAT, ans);
+ else
+ rpcbs_unset(RPCBVERS_2_STAT, ans);
+- return (TRUE);
++done:
++ if (!svc_freeargs(xprt, (xdrproc_t) xdr_pmap, (char *)®)) {
++ if (debugging) {
++ /*(void) xlog(LOG_DEBUG, "unable to free
arguments\n");*/
++ if (doabort) {
++ rpcbind_abort();
++ }
++ }
++ }
++ return (rc);
+ }
+
+ /* ARGSUSED */
+@@ -272,15 +284,18 @@ pmapproc_getport(struct svc_req *rqstp /*__unused*/,
SVCXPRT *xprt)
+ #ifdef RPCBIND_DEBUG
+ char *uaddr;
+ #endif
++ int rc = TRUE;
+
+ if (!svc_getargs(xprt, (xdrproc_t) xdr_pmap, (char *)®)) {
+ svcerr_decode(xprt);
+- return (FALSE);
++ rc = FALSE;
++ goto done;
+ }
+
+ if (!check_access(xprt, PMAPPROC_GETPORT, reg.pm_prog, PMAPVERS)) {
+ svcerr_weakauth(xprt);
+- return FALSE;
++
[OE-core] [PATCH] nss: Upgrade 3.29.1 to 3.30.2
Network Security Services (NSS) 3.30.2 is a patch release for NSS 3.30.
The bug fixes in NSS 3.30.2 are as follows:
Bug 1350859 - March 2017 batch of root CA changes
Bug 1349705 - Implemented domain name constraints for CA
Signed-off-by: Fan Xin
---
meta/recipes-support/nss/nss_3.29.1.bb | 246 -
meta/recipes-support/nss/nss_3.30.2.bb | 246 +
2 files changed, 246 insertions(+), 246 deletions(-)
delete mode 100644 meta/recipes-support/nss/nss_3.29.1.bb
create mode 100644 meta/recipes-support/nss/nss_3.30.2.bb
diff --git a/meta/recipes-support/nss/nss_3.29.1.bb
b/meta/recipes-support/nss/nss_3.29.1.bb
deleted file mode 100644
index 48db031..000
--- a/meta/recipes-support/nss/nss_3.29.1.bb
+++ /dev/null
@@ -1,246 +0,0 @@
-SUMMARY = "Mozilla's SSL and TLS implementation"
-DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
-designed to support cross-platform development of \
-security-enabled client and server applications. \
-Applications built with NSS can support SSL v2 and v3, \
-TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
-v3 certificates, and other security standards."
-HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/";
-SECTION = "libs"
-
-LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)"
-
-LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
-
file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
-
file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132"
-
-SRC_URI =
"http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_29_1_RTM/src/${BP}.tar.gz
\
- file://nss.pc.in \
- file://signlibs.sh \
- file://0001-nss-fix-support-cross-compiling.patch \
- file://nss-no-rpath-for-cross-compiling.patch \
- file://nss-fix-incorrect-shebang-of-perl.patch \
- file://nss-fix-nsinstall-build.patch \
- file://disable-Wvarargs-with-clang.patch \
- file://pqg.c-ULL_addend.patch \
- file://Fix-compilation-for-X32.patch \
- file://0001-Fix-warnings-found-with-gcc7.patch \
- "
-SRC_URI[md5sum] = "0525d1a45931892daa0f368d379d4aa4"
-SRC_URI[sha256sum] =
"47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366"
-
-UPSTREAM_CHECK_URI =
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases";
-UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes"
-
-inherit siteinfo
-
-DEPENDS = "sqlite3 nspr zlib nss-native"
-DEPENDS_class-native = "sqlite3-native nspr-native zlib-native"
-RDEPENDS_${PN}-smime = "perl"
-
-TD = "${S}/tentative-dist"
-TDS = "${S}/tentative-dist-staging"
-
-TARGET_CC_ARCH += "${LDFLAGS}"
-
-do_configure_prepend_libc-musl () {
-sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
-}
-
-do_compile_prepend_class-native() {
-export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}
-export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
-export NSS_ENABLE_WERROR=0
-}
-
-do_compile_prepend_class-nativesdk() {
-export LDFLAGS=""
-}
-
-do_compile_prepend_class-native() {
-# Need to set RPATH so that chrpath will do its job correctly
-RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE}
-Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE}
-Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
-}
-
-do_compile() {
-export CROSS_COMPILE=1
-export NATIVE_CC="gcc"
-export NATIVE_FLAGS="${HOST_CFLAGS}"
-export BUILD_OPT=1
-
-export FREEBL_NO_DEPEND=1
-export FREEBL_LOWHASH=1
-
-export LIBDIR=${libdir}
-export MOZILLA_CLIENT=1
-export NS_USE_GCC=1
-export NSS_USE_SYSTEM_SQLITE=1
-export NSS_ENABLE_ECC=1
-
-export OS_RELEASE=3.4
-export OS_TARGET=Linux
-export OS_ARCH=Linux
-
-if [ "${TARGET_ARCH}" = "powerpc" ]; then
-OS_TEST=ppc
-elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
-OS_TEST=ppc64
-elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o
"${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
-OS_TEST=mips
-else
-OS_TEST="${TARGET_ARCH}"
-fi
-
-if [ "${SITEINFO_BITS}" = "64" ]; then
-export USE_64=1
-elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
-export USE_X32=1
-fi
-
-export NSS_DISABLE_GTESTS=1
-
-# We can modify CC in the environment, but if we set it via
[OE-core] [PATCH] ghostscript: Upgrade 9.20 to 9.21
1) Upgrade ghostscript from 9.20 to 9.21
2) Delete the unnecessary patch (CVE-2016-10219, CVE-2016-20220, CVE-2016-8602)
Which has been modified in 9.21
3) Modify the two patch files rebase 9.21
Signed-off-by: Fan Xin
---
.../ghostscript/ghostscript/CVE-2016-10219.patch | 49 ---
.../ghostscript/ghostscript/CVE-2016-10220.patch | 55
.../ghostscript/ghostscript/CVE-2016-8602.patch| 47 --
.../ghostscript-9.02-prevent_recompiling.patch | 99 --
...tscript-native-fix-disable-system-libtiff.patch | 37
.../{ghostscript_9.20.bb => ghostscript_9.21.bb} | 13 ++-
6 files changed, 5 insertions(+), 295 deletions(-)
delete mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2016-10219.patch
delete mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2016-10220.patch
delete mode 100644
meta/recipes-extended/ghostscript/ghostscript/CVE-2016-8602.patch
delete mode 100644
meta/recipes-extended/ghostscript/ghostscript/ghostscript-9.02-prevent_recompiling.patch
delete mode 100644
meta/recipes-extended/ghostscript/ghostscript/ghostscript-native-fix-disable-system-libtiff.patch
rename meta/recipes-extended/ghostscript/{ghostscript_9.20.bb =>
ghostscript_9.21.bb} (88%)
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2016-10219.patch
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2016-10219.patch
deleted file mode 100644
index 574abe0..000
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2016-10219.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 4bef1a1d32e29b68855616020dbff574b9cda08f Mon Sep 17 00:00:00 2001
-From: Robin Watts
-Date: Thu, 29 Dec 2016 15:57:43 +
-Subject: [PATCH] Bug 697453: Avoid divide by 0 in scan conversion code.
-
-Arithmetic overflow due to extreme values in the scan conversion
-code can cause a division by 0.
-
-Avoid this with a simple extra check.
-
- dx_old=cf814d81
- endp->x_next=b0e859b9
- alp->x_next=8069a73a
-
-leads to dx_den = 0
-
-Upstream-Status: Backport
-CVE: CVE-2016-10219
-
-Signed-off-by: Catalin Enache
- base/gxfill.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/base/gxfill.c b/base/gxfill.c
-index 99196c0..2f81bb0 100644
a/base/gxfill.c
-+++ b/base/gxfill.c
-@@ -1741,7 +1741,7 @@ intersect(active_line *endp, active_line *alp, fixed y,
fixed y1, fixed *p_y_new
- fixed dx_old = alp->x_current - endp->x_current;
- fixed dx_den = dx_old + endp->x_next - alp->x_next;
-
--if (dx_den <= dx_old)
-+if (dx_den <= dx_old || dx_den == 0)
- return false; /* Intersection isn't possible. */
- dy = y1 - y;
- if_debug3('F', "[F]cross: dy=%g, dx_old=%g, dx_new=%g\n",
-@@ -1750,7 +1750,7 @@ intersect(active_line *endp, active_line *alp, fixed y,
fixed y1, fixed *p_y_new
- /* Do the computation in single precision */
- /* if the values are small enough. */
- y_new =
--((dy | dx_old) < 1L << (size_of(fixed) * 4 - 1) ?
-+(((ufixed)(dy | dx_old)) < (1L << (size_of(fixed) * 4 - 1)) ?
- dy * dx_old / dx_den :
- (INCR_EXPR(mq_cross), fixed_mult_quo(dy, dx_old, dx_den)))
- + y;
---
-2.10.2
-
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2016-10220.patch
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2016-10220.patch
deleted file mode 100644
index 5e1e8ba..000
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2016-10220.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From daf85701dab05f17e924a48a81edc9195b4a04e8 Mon Sep 17 00:00:00 2001
-From: Ken Sharp
-Date: Wed, 21 Dec 2016 16:54:14 +
-Subject: [PATCH] fix crash with bad data supplied to makeimagedevice
-
-Bug #697450 "Null pointer dereference in gx_device_finalize()"
-
-The problem here is that the code to finalise a device unconditionally
-frees the icc_struct member of the device structure. However this
-particular (weird) device is not setup as a normal device, probably
-because its very, very ancient. Its possible for the initialisation
-of the device to abort with an error before calling gs_make_mem_device()
-which is where the icc_struct member gets allocated (or set to NULL).
-
-If that happens, then the cleanup code tries to free the device, which
-calls finalize() which tries to free a garbage pointer.
-
-Setting the device memory to 0x00 after we allocate it means that the
-icc_struct member will be NULL< and our memory manager allows for that
-happily enough, which avoids the problem.
-
-Upstream-Status: Backport
-CVE: CVE-2016-10220
-
-Signed-off-by: Catalin Enache
- base/gsdevmem.c | 12
- 1 file changed, 12 insertions(+)
-
-diff --git a/base/gsdevmem.c b/base/gsdevmem.c
-index 97b9cf4..fe75bcc 100644
a/base/gsdevmem.c
-+++ b/base/gsdevmem.c
-@@ -225,6 +225,18 @@ gs_makewordimagedevice(gx_device ** pnew_dev, const
gs_matrix * pmat,
-
[OE-core] [PATCH v2] nss: Upgrade 3.29.1 to 3.30.2
Upgrade nss from 3.29.1 to 3.30.2
Signed-off-by: Fan Xin
---
meta/recipes-support/nss/nss_3.29.1.bb | 246 -
meta/recipes-support/nss/nss_3.30.2.bb | 246 +
2 files changed, 246 insertions(+), 246 deletions(-)
delete mode 100644 meta/recipes-support/nss/nss_3.29.1.bb
create mode 100644 meta/recipes-support/nss/nss_3.30.2.bb
diff --git a/meta/recipes-support/nss/nss_3.29.1.bb
b/meta/recipes-support/nss/nss_3.29.1.bb
deleted file mode 100644
index 48db031..000
--- a/meta/recipes-support/nss/nss_3.29.1.bb
+++ /dev/null
@@ -1,246 +0,0 @@
-SUMMARY = "Mozilla's SSL and TLS implementation"
-DESCRIPTION = "Network Security Services (NSS) is a set of libraries \
-designed to support cross-platform development of \
-security-enabled client and server applications. \
-Applications built with NSS can support SSL v2 and v3, \
-TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 \
-v3 certificates, and other security standards."
-HOMEPAGE = "http://www.mozilla.org/projects/security/pki/nss/";
-SECTION = "libs"
-
-LICENSE = "MPL-2.0 | (MPL-2.0 & GPL-2.0+) | (MPL-2.0 & LGPL-2.1+)"
-
-LIC_FILES_CHKSUM = "file://nss/COPYING;md5=3b1e88e1b9c0b5a4b2881d46cce06a18 \
-
file://nss/lib/freebl/mpi/doc/LICENSE;md5=491f158d09d948466afce85d6f1fe18f \
-
file://nss/lib/freebl/mpi/doc/LICENSE-MPL;md5=5d425c8f3157dbf212db2ec53d9e5132"
-
-SRC_URI =
"http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_29_1_RTM/src/${BP}.tar.gz
\
- file://nss.pc.in \
- file://signlibs.sh \
- file://0001-nss-fix-support-cross-compiling.patch \
- file://nss-no-rpath-for-cross-compiling.patch \
- file://nss-fix-incorrect-shebang-of-perl.patch \
- file://nss-fix-nsinstall-build.patch \
- file://disable-Wvarargs-with-clang.patch \
- file://pqg.c-ULL_addend.patch \
- file://Fix-compilation-for-X32.patch \
- file://0001-Fix-warnings-found-with-gcc7.patch \
- "
-SRC_URI[md5sum] = "0525d1a45931892daa0f368d379d4aa4"
-SRC_URI[sha256sum] =
"47259bc5c4439d8228d7c577ea652ed140588f27eae8ebb39cc91057aea37366"
-
-UPSTREAM_CHECK_URI =
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases";
-UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes"
-
-inherit siteinfo
-
-DEPENDS = "sqlite3 nspr zlib nss-native"
-DEPENDS_class-native = "sqlite3-native nspr-native zlib-native"
-RDEPENDS_${PN}-smime = "perl"
-
-TD = "${S}/tentative-dist"
-TDS = "${S}/tentative-dist-staging"
-
-TARGET_CC_ARCH += "${LDFLAGS}"
-
-do_configure_prepend_libc-musl () {
-sed -i -e '/-DHAVE_SYS_CDEFS_H/d' ${S}/nss/lib/dbm/config/config.mk
-}
-
-do_compile_prepend_class-native() {
-export NSPR_INCLUDE_DIR=${STAGING_INCDIR_NATIVE}
-export NSPR_LIB_DIR=${STAGING_LIBDIR_NATIVE}
-export NSS_ENABLE_WERROR=0
-}
-
-do_compile_prepend_class-nativesdk() {
-export LDFLAGS=""
-}
-
-do_compile_prepend_class-native() {
-# Need to set RPATH so that chrpath will do its job correctly
-RPATH="-Wl,-rpath-link,${STAGING_LIBDIR_NATIVE}
-Wl,-rpath-link,${STAGING_BASE_LIBDIR_NATIVE}
-Wl,-rpath,${STAGING_LIBDIR_NATIVE} -Wl,-rpath,${STAGING_BASE_LIBDIR_NATIVE}"
-}
-
-do_compile() {
-export CROSS_COMPILE=1
-export NATIVE_CC="gcc"
-export NATIVE_FLAGS="${HOST_CFLAGS}"
-export BUILD_OPT=1
-
-export FREEBL_NO_DEPEND=1
-export FREEBL_LOWHASH=1
-
-export LIBDIR=${libdir}
-export MOZILLA_CLIENT=1
-export NS_USE_GCC=1
-export NSS_USE_SYSTEM_SQLITE=1
-export NSS_ENABLE_ECC=1
-
-export OS_RELEASE=3.4
-export OS_TARGET=Linux
-export OS_ARCH=Linux
-
-if [ "${TARGET_ARCH}" = "powerpc" ]; then
-OS_TEST=ppc
-elif [ "${TARGET_ARCH}" = "powerpc64" ]; then
-OS_TEST=ppc64
-elif [ "${TARGET_ARCH}" = "mips" -o "${TARGET_ARCH}" = "mipsel" -o
"${TARGET_ARCH}" = "mips64" -o "${TARGET_ARCH}" = "mips64el" ]; then
-OS_TEST=mips
-else
-OS_TEST="${TARGET_ARCH}"
-fi
-
-if [ "${SITEINFO_BITS}" = "64" ]; then
-export USE_64=1
-elif [ "${TARGET_ARCH}" = "x86_64" -a "${SITEINFO_BITS}" = "32" ]; then
-export USE_X32=1
-fi
-
-export NSS_DISABLE_GTESTS=1
-
-# We can modify CC in the environment, but if we set it via an
-# argument to make, nsinstall, a host program, will also build with it!
-#
-export CC="${CC} -g"
-make -C ./nss CCC="${CXX} -g" \
-OS_TEST=${OS_TEST} \
-RPA
[OE-core] [PATCH] libxslt: Fix CVE-2017-5029
Backport upstream patch to fix CVE-2017-5029.
Signed-off-by: Fan Xin
---
...for-integer-overflow-in-xsltAddTextString.patch | 80 ++
meta/recipes-support/libxslt/libxslt_1.1.29.bb | 1 +
2 files changed, 81 insertions(+)
create mode 100644
meta/recipes-support/libxslt/libxslt/0001-Check-for-integer-overflow-in-xsltAddTextString.patch
diff --git
a/meta/recipes-support/libxslt/libxslt/0001-Check-for-integer-overflow-in-xsltAddTextString.patch
b/meta/recipes-support/libxslt/libxslt/0001-Check-for-integer-overflow-in-xsltAddTextString.patch
new file mode 100644
index 000..57aaacc
--- /dev/null
+++
b/meta/recipes-support/libxslt/libxslt/0001-Check-for-integer-overflow-in-xsltAddTextString.patch
@@ -0,0 +1,80 @@
+From 08ab2774b870de1c7b5a48693df75e8154addae5 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer
+Date: Thu, 12 Jan 2017 15:39:52 +0100
+Subject: [PATCH] Check for integer overflow in xsltAddTextString
+
+Limit buffer size in xsltAddTextString to INT_MAX. The issue can be
+exploited to trigger an out of bounds write on 64-bit systems.
+
+Originally reported to Chromium:
+
+https://crbug.com/676623
+
+CVE: CVE-2017-5029
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin
+
+---
+ libxslt/transform.c | 25 ++---
+ libxslt/xsltInternals.h | 4 ++--
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+diff --git a/libxslt/transform.c b/libxslt/transform.c
+index 519133f..02bff34 100644
+--- a/libxslt/transform.c
b/libxslt/transform.c
+@@ -813,13 +813,32 @@ xsltAddTextString(xsltTransformContextPtr ctxt,
xmlNodePtr target,
+ return(target);
+
+ if (ctxt->lasttext == target->content) {
++int minSize;
+
+- if (ctxt->lasttuse + len >= ctxt->lasttsize) {
++/* Check for integer overflow accounting for NUL terminator. */
++if (len >= INT_MAX - ctxt->lasttuse) {
++xsltTransformError(ctxt, NULL, target,
++"xsltCopyText: text allocation failed\n");
++return(NULL);
++}
++minSize = ctxt->lasttuse + len + 1;
++
++if (ctxt->lasttsize < minSize) {
+ xmlChar *newbuf;
+ int size;
++int extra;
++
++/* Double buffer size but increase by at least 100 bytes. */
++extra = minSize < 100 ? 100 : minSize;
++
++/* Check for integer overflow. */
++if (extra > INT_MAX - ctxt->lasttsize) {
++size = INT_MAX;
++}
++else {
++size = ctxt->lasttsize + extra;
++}
+
+- size = ctxt->lasttsize + len + 100;
+- size *= 2;
+ newbuf = (xmlChar *) xmlRealloc(target->content,size);
+ if (newbuf == NULL) {
+ xsltTransformError(ctxt, NULL, target,
+diff --git a/libxslt/xsltInternals.h b/libxslt/xsltInternals.h
+index 060b178..5ad1771 100644
+--- a/libxslt/xsltInternals.h
b/libxslt/xsltInternals.h
+@@ -1754,8 +1754,8 @@ struct _xsltTransformContext {
+ * Speed optimization when coalescing text nodes
+ */
+ const xmlChar *lasttext; /* last text node content */
+-unsigned intlasttsize;/* last text node size */
+-unsigned intlasttuse; /* last text node use */
++int lasttsize;/* last text node size */
++int lasttuse; /* last text node use */
+ /*
+ * Per Context Debugging
+ */
+--
+1.9.1
+
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.29.bb
b/meta/recipes-support/libxslt/libxslt_1.1.29.bb
index 2946a74..d27c706 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.29.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.29.bb
@@ -12,6 +12,7 @@ SRC_URI = "ftp://xmlsoft.org/libxslt/libxslt-${PV}.tar.gz \
file://pkgconfig_fix.patch \
file://0001-Use-pkg-config-to-find-gcrypt-and-libxml2.patch \
file://0001-Link-libraries-with-libm.patch \
+ file://0001-Check-for-integer-overflow-in-xsltAddTextString.patch \
"
SRC_URI[md5sum] = "a129d3c44c022de3b9dcf6d6f288d72e"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] elfutils: Upgrade 0.168 to 0.169
1) Upgrade elfutils from 0.168 to 0.169
2) Delete unnecessary patches which has been merged into 0.169
3) Rebase the patch files for 0.169
Signed-off-by: Fan Xin
---
.../elfutils-0.168/Fix_one_GCC7_warning.patch | 44
.../elfutils/elfutils-0.168/aarch64_uio.patch | 47 --
...de-alternatives-for-glibc-assumptions-hel.patch | 0
...m-Silence-Werror-maybe-uninitialized-fals.patch | 18 +
.../0001-fix-a-stack-usage-warning.patch | 0
.../0001-remove-the-unneed-checking.patch | 0
...ferences-between-mips-machine-identifiers.patch | 0
...-support-for-mips64-abis-in-mips_retval.c.patch | 0
.../0003-Add-mips-n64-relocation-format-hack.patch | 0
.../debian/arm_backend.diff| 0
.../debian/hppa_backend.diff | 0
.../debian/hurd_path.patch | 0
.../debian/ignore_strmerge.diff| 0
.../debian/kfreebsd_path.patch | 0
.../debian/mips_backend.diff | 0
.../debian/mips_readelf_w.patch| 0
.../debian/testsuite-ignore-elflint.diff | 35 +++-
.../fallthrough.patch | 0
.../fixheadercheck.patch | 0
.../shadow.patch | 0
.../{elfutils_0.168.bb => elfutils_0.169.bb} | 5 +--
21 files changed, 39 insertions(+), 110 deletions(-)
delete mode 100644
meta/recipes-devtools/elfutils/elfutils-0.168/Fix_one_GCC7_warning.patch
delete mode 100644
meta/recipes-devtools/elfutils/elfutils-0.168/aarch64_uio.patch
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/0001-build-Provide-alternatives-for-glibc-assumptions-hel.patch
(100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/0001-elf_getarsym-Silence-Werror-maybe-uninitialized-fals.patch
(75%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/0001-fix-a-stack-usage-warning.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/0001-remove-the-unneed-checking.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/0001-Ignore-differences-between-mips-machine-identifiers.patch
(100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/0002-Add-support-for-mips64-abis-in-mips_retval.c.patch
(100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/0003-Add-mips-n64-relocation-format-hack.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/arm_backend.diff (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/hppa_backend.diff (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/hurd_path.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/ignore_strmerge.diff (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/kfreebsd_path.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/mips_backend.diff (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/mips_readelf_w.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/testsuite-ignore-elflint.diff (48%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/fallthrough.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/fixheadercheck.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/shadow.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils_0.168.bb => elfutils_0.169.bb}
(94%)
diff --git
a/meta/recipes-devtools/elfutils/elfutils-0.168/Fix_one_GCC7_warning.patch
b/meta/recipes-devtools/elfutils/elfutils-0.168/Fix_one_GCC7_warning.patch
deleted file mode 100644
index d88f4eb..000
--- a/meta/recipes-devtools/elfutils/elfutils-0.168/Fix_one_GCC7_warning.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 93c51144c3f664d4e9709da75a1d0fa00ea0fe95 Mon Sep 17 00:00:00 2001
-From: Mark Wielaard
-Date: Sun, 12 Feb 2017 21:51:34 +0100
-Subject: [PATCH] libasm: Fix one GCC7 -Wformat-truncation=2 warning.
-
-Make sure that if we have really lots of labels the tempsym doesn't get
-truncated because it is too small to hold the whole name.
-
-This doesn't enable -Wformat-truncation=2 or fix other "issues" pointed
-out by enabling this warning because there are currently some issues
-with it. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79448
-
-Signed-off-by: Mark Wielaard
-
-Upstream-Status: Backport
(https://sourceware.org/git/?p=elfutils.git;a=commit;h=93c51144c3f664d4e9709da
Re: [OE-core] [PATCH] elfutils: Upgrade 0.168 to 0.169
Sorry, I forgot to include aarch64_uio.patch into patch file. Fan Xin On 2017年05月26日 23:30, Burton, Ross wrote: On 26 May 2017 at 06:06, Fan Xin <mailto:fan@jp.fujitsu.com>> wrote: 1) Upgrade elfutils from 0.168 to 0.169 2) Delete unnecessary patches which has been merged into 0.169 3) Rebase the patch files for 0.169 ERROR: elfutils-0.169-r0 do_fetch: Fetcher failure for URL: 'file://aarch64_uio.patch'. Unable to fetch URL from any source. Ross -- = 株式会社富士通コンピュータテクノロジーズ 組込みシステム技術統括部 第一ファームウェア技術部 樊 昕 Fan Xin fan@jp.fujitsu.com ┏┓ ┗■ 【ubinux V15】のリリースを開始しました! 「SDN(Open vSwitch)」や「クラウド管理(OpenStack Heat)」などに対応 - 詳細>>http://elsc.utsfd.cs.fujitsu.co.jp/location_elsc.php?id=0024 ※"ubinux"は組込み装置向け当社独自のLinuxディストリビューションです ━━━ -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2] elfutils: Upgrade 0.168 to 0.169
1) Upgrade elfutils from 0.168 to 0.169
2) Delete unnecessary patches which has been merged into 0.169
3) Rebase the patch files for 0.169
Signed-off-by: Fan Xin
---
.../elfutils-0.168/Fix_one_GCC7_warning.patch | 44 ---
...de-alternatives-for-glibc-assumptions-hel.patch | 0
...m-Silence-Werror-maybe-uninitialized-fals.patch | 18 +---
.../0001-fix-a-stack-usage-warning.patch | 0
.../0001-remove-the-unneed-checking.patch | 0
.../aarch64_uio.patch | 50 +-
...ferences-between-mips-machine-identifiers.patch | 0
...-support-for-mips64-abis-in-mips_retval.c.patch | 0
.../0003-Add-mips-n64-relocation-format-hack.patch | 0
.../debian/arm_backend.diff| 0
.../debian/hppa_backend.diff | 0
.../debian/hurd_path.patch | 0
.../debian/ignore_strmerge.diff| 0
.../debian/kfreebsd_path.patch | 0
.../debian/mips_backend.diff | 0
.../debian/mips_readelf_w.patch| 0
.../debian/testsuite-ignore-elflint.diff | 35 +++
.../fallthrough.patch | 0
.../fixheadercheck.patch | 0
.../shadow.patch | 0
.../{elfutils_0.168.bb => elfutils_0.169.bb} | 5 +--
21 files changed, 59 insertions(+), 93 deletions(-)
delete mode 100644
meta/recipes-devtools/elfutils/elfutils-0.168/Fix_one_GCC7_warning.patch
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/0001-build-Provide-alternatives-for-glibc-assumptions-hel.patch
(100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/0001-elf_getarsym-Silence-Werror-maybe-uninitialized-fals.patch
(75%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/0001-fix-a-stack-usage-warning.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/0001-remove-the-unneed-checking.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/aarch64_uio.patch (33%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/0001-Ignore-differences-between-mips-machine-identifiers.patch
(100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/0002-Add-support-for-mips64-abis-in-mips_retval.c.patch
(100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/0003-Add-mips-n64-relocation-format-hack.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/arm_backend.diff (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/hppa_backend.diff (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/hurd_path.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/ignore_strmerge.diff (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/kfreebsd_path.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/mips_backend.diff (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/mips_readelf_w.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/debian/testsuite-ignore-elflint.diff (48%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/fallthrough.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/fixheadercheck.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils-0.168 =>
elfutils-0.169}/shadow.patch (100%)
rename meta/recipes-devtools/elfutils/{elfutils_0.168.bb => elfutils_0.169.bb}
(94%)
diff --git
a/meta/recipes-devtools/elfutils/elfutils-0.168/Fix_one_GCC7_warning.patch
b/meta/recipes-devtools/elfutils/elfutils-0.168/Fix_one_GCC7_warning.patch
deleted file mode 100644
index d88f4eb..000
--- a/meta/recipes-devtools/elfutils/elfutils-0.168/Fix_one_GCC7_warning.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 93c51144c3f664d4e9709da75a1d0fa00ea0fe95 Mon Sep 17 00:00:00 2001
-From: Mark Wielaard
-Date: Sun, 12 Feb 2017 21:51:34 +0100
-Subject: [PATCH] libasm: Fix one GCC7 -Wformat-truncation=2 warning.
-
-Make sure that if we have really lots of labels the tempsym doesn't get
-truncated because it is too small to hold the whole name.
-
-This doesn't enable -Wformat-truncation=2 or fix other "issues" pointed
-out by enabling this warning because there are currently some issues
-with it. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79448
-
-Signed-off-by: Mark Wielaard
-
-Upstream-Status: Backport
(https://sourceware.org/git/?p=elfutils.git;a=commit;h=93c51144c3f664d4e970
[OE-core] [PATCH] ltp: upgrade to 20170516
1. Upgrade ltp from 20170116 to 20170516
2. Rename and Rebase patch file on 20170516
0034-periodic_output.patch to
0034-Add-periodic-output-for-long-time-test.patch
3. Delete the unnecessary patch
0039-fcntl-fix-the-time-def-to-use-time_t.patch
4. Update the md5sum of licesce file
Author's name and email address has been updated.
Signed-off-by: Fan Xin
---
...4-Add-periodic-output-for-long-time-test.patch} | 40 +++---
...0039-fcntl-fix-the-time-def-to-use-time_t.patch | 29
.../ltp/{ltp_20170116.bb => ltp_20170516.bb} | 7 ++--
3 files changed, 30 insertions(+), 46 deletions(-)
rename meta/recipes-extended/ltp/ltp/{0034-periodic_output.patch =>
0034-Add-periodic-output-for-long-time-test.patch} (44%)
delete mode 100644
meta/recipes-extended/ltp/ltp/0039-fcntl-fix-the-time-def-to-use-time_t.patch
rename meta/recipes-extended/ltp/{ltp_20170116.bb => ltp_20170516.bb} (96%)
diff --git a/meta/recipes-extended/ltp/ltp/0034-periodic_output.patch
b/meta/recipes-extended/ltp/ltp/0034-Add-periodic-output-for-long-time-test.patch
similarity index 44%
rename from meta/recipes-extended/ltp/ltp/0034-periodic_output.patch
rename to
meta/recipes-extended/ltp/ltp/0034-Add-periodic-output-for-long-time-test.patch
index 59caefe..f6c729e 100644
--- a/meta/recipes-extended/ltp/ltp/0034-periodic_output.patch
+++
b/meta/recipes-extended/ltp/ltp/0034-Add-periodic-output-for-long-time-test.patch
@@ -1,25 +1,36 @@
-Add periodic output for long time test.
+From c71cb1370b78193fbf4cde498c1f979f26e26219 Mon Sep 17 00:00:00 2001
+From: Fan Xin
+Date: Tue, 30 May 2017 12:05:30 +0900
+Subject: [PATCH] Add periodic output for long time test.
This is needed in context of having scripts running ltp tests and
waiting with a timeout for the output of the tests.
Signed-off-by: Tudor Florea
+
+Rebase on 20170516
+
+Signed-off-by: Fan Xin
Upstream-Status: Pending
+---
+ .../kernel/controllers/memcg/stress/memcg_stress_test.sh | 11 ---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
-diff -ruN a/testcases/kernel/controllers/memcg/stress/memcg_stress_test.sh
b/testcases/kernel/controllers/memcg/stress/memcg_stress_test.sh
a/testcases/kernel/controllers/memcg/stress/memcg_stress_test.sh
2013-11-08 15:54:09.515049081 +0100
-+++ b/testcases/kernel/controllers/memcg/stress/memcg_stress_test.sh
2013-11-08 22:32:15.587370406 +0100
-@@ -37,7 +37,8 @@
+diff --git a/testcases/kernel/controllers/memcg/stress/memcg_stress_test.sh
b/testcases/kernel/controllers/memcg/stress/memcg_stress_test.sh
+index af1a708..452261a 100755
+--- a/testcases/kernel/controllers/memcg/stress/memcg_stress_test.sh
b/testcases/kernel/controllers/memcg/stress/memcg_stress_test.sh
+@@ -37,7 +37,8 @@ if [ "x$(grep -w memory /proc/cgroups | cut -f4)" != "x1" ];
then
exit 0
fi
--RUN_TIME=$(( 60 * 60 ))
+-RUN_TIME=$(( 15 * 60 ))
+ONE_MINUTE=60
+RUN_TIME=60
cleanup()
{
-@@ -62,7 +63,7 @@
+@@ -62,7 +63,7 @@ do_mount()
# $1 - Number of cgroups
# $2 - Allocated how much memory in one process? in MB
# $3 - The interval to touch memory in a process
@@ -28,16 +39,19 @@ diff -ruN
a/testcases/kernel/controllers/memcg/stress/memcg_stress_test.sh b/tes
run_stress()
{
do_mount;
-@@ -81,7 +82,11 @@
+@@ -81,7 +82,11 @@ run_stress()
eval /bin/kill -s SIGUSR1 \$pid$i 2> /dev/null
done
- sleep $4
-+ for i in $(seq 0 $(($4-1)))
-+ do
-+ eval echo "Started $i min ago. Still alive... "
-+ sleep $ONE_MINUTE
-+ done
++for i in $(seq 0 $(($4-1)))
++do
++eval echo "Started $i min ago. Still alive... "
++sleep $ONE_MINUTE
++done
for i in $(seq 0 $(($1-1)))
do
+--
+1.9.1
+
diff --git
a/meta/recipes-extended/ltp/ltp/0039-fcntl-fix-the-time-def-to-use-time_t.patch
b/meta/recipes-extended/ltp/ltp/0039-fcntl-fix-the-time-def-to-use-time_t.patch
deleted file mode 100644
index c0c1dad..000
---
a/meta/recipes-extended/ltp/ltp/0039-fcntl-fix-the-time-def-to-use-time_t.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 7bce3d223494803cb32897cabe66119076e53d89 Mon Sep 17 00:00:00 2001
-From: Dengke Du
-Date: Wed, 8 Feb 2017 16:23:51 +0800
-Subject: [PATCH 5/5] fcntl: fix the time() def to use time_t
-
-This fixes the build on X32, where long is 32-bit rather than 64-bit.
-
-Signed-off-by: Christopher Larson
-Signed-off-by: Dengke Du
- testcases/kernel/syscalls/fcntl/fcntl14.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/testcases/kernel/syscalls/fcntl/fcntl14.c
b/testcases/kernel/syscalls/fcntl/fcntl14.c
-index c61eb24..99e3867 100644
a/testcases/kernel/syscalls/fcntl/fcntl14.c
-+++ b/testcases/kernel/syscalls/fcntl/fcntl14.c
-@@ -775,7 +775,7 @@ void dochild(void)
-
- void run_test(int file_flag, int file_mode, i
[OE-core] [PATCH] lzo: Upgrade 2.09 -> 2.10
1. Upgrade lzo from 2.09 to 2.10
2. Update the license checksum due to the date change, not license change.
3. Add a patch to fix the undefined error.
Signed-off-by: Fan Xin
---
...-pkgconfigdir-to-solve-the-undefine-error.patch | 27 ++
.../lzo/{lzo_2.09.bb => lzo_2.10.bb} | 9
2 files changed, 32 insertions(+), 4 deletions(-)
create mode 100644
meta/recipes-support/lzo/lzo/0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch
rename meta/recipes-support/lzo/{lzo_2.09.bb => lzo_2.10.bb} (74%)
diff --git
a/meta/recipes-support/lzo/lzo/0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch
b/meta/recipes-support/lzo/lzo/0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch
new file mode 100644
index 000..5235a15
--- /dev/null
+++
b/meta/recipes-support/lzo/lzo/0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch
@@ -0,0 +1,27 @@
+From e730bfd7c2d3a4b5f3605878599cb9b20d31b1fd Mon Sep 17 00:00:00 2001
+From: Fan Xin
+Date: Fri, 2 Jun 2017 11:52:25 +0900
+Subject: [PATCH] Add pkgconfigdir to solve the undefine error.
+
+Upstream-Status: Pending
+
+Signed-off-by: Fan Xin
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index e4d383b..c75023d 100644
+--- a/Makefile.am
b/Makefile.am
+@@ -14,6 +14,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)
+ LDADD = src/liblzo2.la
+ lib_LTLIBRARIES =
+ noinst_PROGRAMS =
++pkgconfigdir = $(libdir)/pkgconfig
+ pkgconfig_DATA = lzo2.pc
+
+
+--
+1.9.1
+
diff --git a/meta/recipes-support/lzo/lzo_2.09.bb
b/meta/recipes-support/lzo/lzo_2.10.bb
similarity index 74%
rename from meta/recipes-support/lzo/lzo_2.09.bb
rename to meta/recipes-support/lzo/lzo_2.10.bb
index 2978617..efeb167 100644
--- a/meta/recipes-support/lzo/lzo_2.09.bb
+++ b/meta/recipes-support/lzo/lzo_2.10.bb
@@ -3,23 +3,24 @@ HOMEPAGE = "http://www.oberhumer.com/opensource/lzo/";
SECTION = "libs"
LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-
file://src/lzo_init.c;beginline=5;endline=25;md5=355023835a9b9eeb70ab895395e951ff"
+
file://src/lzo_init.c;beginline=5;endline=25;md5=9ae697ca01829b0a383c5d2d163e0108"
SRC_URI = "http://www.oberhumer.com/opensource/lzo/download/lzo-${PV}.tar.gz \
file://0001-Use-memcpy-instead-of-reinventing-it.patch \
+ file://0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch \
file://acinclude.m4 \
file://run-ptest \
"
-SRC_URI[md5sum] = "c7ffc9a103afe2d1bba0b015e7aa887f"
-SRC_URI[sha256sum] =
"f294a7ced313063c057c504257f437c8335c41bfeed23531ee4e6a2b87bcb34c"
+SRC_URI[md5sum] = "39d3f3f9c55c87b1e5d6888e1420f4b5"
+SRC_URI[sha256sum] =
"c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b4221a072"
inherit autotools ptest
EXTRA_OECONF = "--enable-shared"
do_configure_prepend () {
- cp ${WORKDIR}/acinclude.m4 ${S}/
+# cp ${WORKDIR}/acinclude.m4 ${S}/
}
do_install_ptest() {
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2] lzo: Upgrade 2.09 -> 2.10
1. Upgrade lzo from 2.09 to 2.10
2. Update the license checksum due to the date change, not license change.
3. Add a patch to fix the undefined error.
Signed-off-by: Fan Xin
---
...-pkgconfigdir-to-solve-the-undefine-error.patch | 27 ++
.../lzo/{lzo_2.09.bb => lzo_2.10.bb} | 7 +++---
2 files changed, 31 insertions(+), 3 deletions(-)
create mode 100644
meta/recipes-support/lzo/lzo/0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch
rename meta/recipes-support/lzo/{lzo_2.09.bb => lzo_2.10.bb} (78%)
diff --git
a/meta/recipes-support/lzo/lzo/0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch
b/meta/recipes-support/lzo/lzo/0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch
new file mode 100644
index 000..5235a15
--- /dev/null
+++
b/meta/recipes-support/lzo/lzo/0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch
@@ -0,0 +1,27 @@
+From e730bfd7c2d3a4b5f3605878599cb9b20d31b1fd Mon Sep 17 00:00:00 2001
+From: Fan Xin
+Date: Fri, 2 Jun 2017 11:52:25 +0900
+Subject: [PATCH] Add pkgconfigdir to solve the undefine error.
+
+Upstream-Status: Pending
+
+Signed-off-by: Fan Xin
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index e4d383b..c75023d 100644
+--- a/Makefile.am
b/Makefile.am
+@@ -14,6 +14,7 @@ AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)
+ LDADD = src/liblzo2.la
+ lib_LTLIBRARIES =
+ noinst_PROGRAMS =
++pkgconfigdir = $(libdir)/pkgconfig
+ pkgconfig_DATA = lzo2.pc
+
+
+--
+1.9.1
+
diff --git a/meta/recipes-support/lzo/lzo_2.09.bb
b/meta/recipes-support/lzo/lzo_2.10.bb
similarity index 78%
rename from meta/recipes-support/lzo/lzo_2.09.bb
rename to meta/recipes-support/lzo/lzo_2.10.bb
index 2978617..490d230 100644
--- a/meta/recipes-support/lzo/lzo_2.09.bb
+++ b/meta/recipes-support/lzo/lzo_2.10.bb
@@ -3,16 +3,17 @@ HOMEPAGE = "http://www.oberhumer.com/opensource/lzo/";
SECTION = "libs"
LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
-
file://src/lzo_init.c;beginline=5;endline=25;md5=355023835a9b9eeb70ab895395e951ff"
+
file://src/lzo_init.c;beginline=5;endline=25;md5=9ae697ca01829b0a383c5d2d163e0108"
SRC_URI = "http://www.oberhumer.com/opensource/lzo/download/lzo-${PV}.tar.gz \
file://0001-Use-memcpy-instead-of-reinventing-it.patch \
+ file://0001-Add-pkgconfigdir-to-solve-the-undefine-error.patch \
file://acinclude.m4 \
file://run-ptest \
"
-SRC_URI[md5sum] = "c7ffc9a103afe2d1bba0b015e7aa887f"
-SRC_URI[sha256sum] =
"f294a7ced313063c057c504257f437c8335c41bfeed23531ee4e6a2b87bcb34c"
+SRC_URI[md5sum] = "39d3f3f9c55c87b1e5d6888e1420f4b5"
+SRC_URI[sha256sum] =
"c0f892943208266f9b6543b3ae308fab6284c5c90e627931446fb49b4221a072"
inherit autotools ptest
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] cairo: Upgrade 1.14.8 -> 1.15.4
1. Upgrade cairo from 1.14.8 to 1.15.4
2. Update the SRC_URI according to the release note
https://www.cairographics.org/news/cairo-1.15.4/
3. Fix the -dev package contains non-symlink .so error.
Signed-off-by: Fan Xin
---
meta/recipes-graphics/cairo/{cairo_1.14.8.bb => cairo_1.15.4.bb} | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
rename meta/recipes-graphics/cairo/{cairo_1.14.8.bb => cairo_1.15.4.bb} (86%)
diff --git a/meta/recipes-graphics/cairo/cairo_1.14.8.bb
b/meta/recipes-graphics/cairo/cairo_1.15.4.bb
similarity index 86%
rename from meta/recipes-graphics/cairo/cairo_1.14.8.bb
rename to meta/recipes-graphics/cairo/cairo_1.15.4.bb
index 5a3c74f..f48effa 100644
--- a/meta/recipes-graphics/cairo/cairo_1.14.8.bb
+++ b/meta/recipes-graphics/cairo/cairo_1.15.4.bb
@@ -2,10 +2,10 @@ require cairo.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
-SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz";
+SRC_URI = "http://cairographics.org/snapshots/cairo-${PV}.tar.xz";
-SRC_URI[md5sum] = "4ef0db2eacb271c74f8a3fd87822aa98"
-SRC_URI[sha256sum] =
"d1f2d98ae9a4111564f6de4e013d639cf77155baf2556582295a0f00a9bc5e20"
+SRC_URI[md5sum] = "891ddce3c1c73df791efafd627240cdc"
+SRC_URI[sha256sum] =
"deddf31e196e826e7790bbbf7d0f4b3fd15df243aa48511b349f1791b96be291"
PACKAGES =+ "cairo-gobject cairo-script-interpreter cairo-perf-utils"
@@ -32,7 +32,7 @@ FILES_${PN} = "${libdir}/libcairo.so.*"
FILES_${PN}-dev += "${libdir}/cairo/*.so"
FILES_${PN}-gobject = "${libdir}/libcairo-gobject.so.*"
FILES_${PN}-script-interpreter = "${libdir}/libcairo-script-interpreter.so.*"
-FILES_${PN}-perf-utils = "${bindir}/cairo-trace ${libdir}/cairo/*.la
${libdir}/cairo/libcairo-trace.so.*"
+FILES_${PN}-perf-utils = "${bindir}/cairo-trace ${libdir}/cairo/*.la
${libdir}/cairo/libcairo-trace.so"
do_install_append () {
rm -rf ${D}${bindir}/cairo-sphinx
@@ -41,3 +41,4 @@ do_install_append () {
rm -rf ${D}${libdir}/cairo/.debug/cairo-fdr*
rm -rf ${D}${libdir}/cairo/.debug/cairo-sphinx*
}
+
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] cups: Upgrade 2.2.2 -> 2.2.3
Signed-off-by: Fan Xin
---
meta/recipes-extended/cups/{cups_2.2.2.bb => cups_2.2.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/cups/{cups_2.2.2.bb => cups_2.2.3.bb} (40%)
diff --git a/meta/recipes-extended/cups/cups_2.2.2.bb
b/meta/recipes-extended/cups/cups_2.2.3.bb
similarity index 40%
rename from meta/recipes-extended/cups/cups_2.2.2.bb
rename to meta/recipes-extended/cups/cups_2.2.3.bb
index 5174c30..204d14d 100644
--- a/meta/recipes-extended/cups/cups_2.2.2.bb
+++ b/meta/recipes-extended/cups/cups_2.2.3.bb
@@ -2,5 +2,5 @@ require cups.inc
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=f212b4338db0da8cb892e94bf2949460"
-SRC_URI[md5sum] = "036f6bda6202ae3e280ac00c710b5ca4"
-SRC_URI[sha256sum] =
"f589bb7d5d1dc3aa0915d7cf2b808571ef2e1530cd1a6ebe76ae8f9f4994e4f6"
+SRC_URI[md5sum] = "006a8156680a516e43c59034e31df8bf"
+SRC_URI[sha256sum] =
"66701fe15838f2c892052c913bde1ba106bbee2e0a953c955a62ecacce76885f"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] lzip: Upgrade 1.18 -> 1.19
Signed-off-by: Fan Xin
---
meta/recipes-extended/lzip/{lzip_1.18.bb => lzip_1.19.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/lzip/{lzip_1.18.bb => lzip_1.19.bb} (88%)
diff --git a/meta/recipes-extended/lzip/lzip_1.18.bb
b/meta/recipes-extended/lzip/lzip_1.19.bb
similarity index 88%
rename from meta/recipes-extended/lzip/lzip_1.18.bb
rename to meta/recipes-extended/lzip/lzip_1.19.bb
index c1dc8ce..099b364 100644
--- a/meta/recipes-extended/lzip/lzip_1.18.bb
+++ b/meta/recipes-extended/lzip/lzip_1.19.bb
@@ -7,8 +7,8 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=76d6e300ffd8fb9d18bd9b136a9bba13 \
SRC_URI = "${SAVANNAH_GNU_MIRROR}/lzip/lzip-${PV}.tar.gz"
-SRC_URI[md5sum] = "3838567460ce4a10143de4bccc64fe1c"
-SRC_URI[sha256sum] =
"47f9882a104ab05532f467a7b8f4ddbb898fa2f1e8d9d468556d6c2d04db14dd"
+SRC_URI[md5sum] = "4dd8790d7528440d034fc713a8680bd3"
+SRC_URI[sha256sum] =
"ffadc4f56be1bc0d3ae155ec4527bd003133bdc703a753b2cc683f610e646ba9"
CONFIGUREOPTS = "\
'--srcdir=${S}' \
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] sed: Upgrade 4.2.2 -> 4.4
1. Upgrade sed from 4.2.2 to 4.4
2. Update the SRC_URI
The format of archive file is changed from .tar.gz to .tar.xz
3. Rename the folder from sed-4.2.2 to sed
No need to update the folder name when version upgrade
4. Delete unncessary patch file due to the applied file is not exist.
sed-add-ptest.patch
5. Update licence checksum due to date change, not license change
Signed-off-by: Fan Xin
---
.../sed/sed-4.2.2/sed-add-ptest.patch | 66 --
...need_charset_alias-when-building-for-musl.patch | 0
.../sed/{sed-4.2.2 => sed}/run-ptest | 0
.../sed/{sed_4.2.2.bb => sed_4.4.bb} | 11 ++--
4 files changed, 5 insertions(+), 72 deletions(-)
delete mode 100644 meta/recipes-extended/sed/sed-4.2.2/sed-add-ptest.patch
rename meta/recipes-extended/sed/{sed-4.2.2 =>
sed}/0001-Unset-need_charset_alias-when-building-for-musl.patch (100%)
rename meta/recipes-extended/sed/{sed-4.2.2 => sed}/run-ptest (100%)
rename meta/recipes-extended/sed/{sed_4.2.2.bb => sed_4.4.bb} (76%)
diff --git a/meta/recipes-extended/sed/sed-4.2.2/sed-add-ptest.patch
b/meta/recipes-extended/sed/sed-4.2.2/sed-add-ptest.patch
deleted file mode 100644
index 0293900..000
--- a/meta/recipes-extended/sed/sed-4.2.2/sed-add-ptest.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-sed: add ptest
-
-ptest needs buildtest-TESTS and runtest-TESTS targets.
-serial-tests is required to generate those targets.
-
-And fix following error after add serial-tests.
-
-[snip]
-help2man: can't get `--help' info from ../sed/sed
-make[2]: *** [sed.1] Error 2
-[snip]
-
-Upstream-Status: Inappropriate
-
-Signed-off-by: Chong Lu
- configure.ac |2 +-
- doc/Makefile.am |2 +-
- testsuite/Makefile.am |6 ++
- 3 files changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 9d33ec9..4f0c532 100644
a/configure.ac
-+++ b/configure.ac
-@@ -4,7 +4,7 @@ AC_CONFIG_AUX_DIR(build-aux)
- AC_CONFIG_SRCDIR([sed/sed.c])
- AM_CONFIG_HEADER(config.h:config_h.in)
- AC_PREREQ(2.60)
--AM_INIT_AUTOMAKE
-+AM_INIT_AUTOMAKE([serial-tests])
-
- SED_FEATURE_VERSION=4.2.2
- AC_DEFINE_UNQUOTED(SED_FEATURE_VERSION, "$SED_FEATURE_VERSION",
-diff --git a/doc/Makefile.am b/doc/Makefile.am
-index af6975c..6fd8c9a 100644
a/doc/Makefile.am
-+++ b/doc/Makefile.am
-@@ -25,7 +25,7 @@ $(srcdir)/s-texi: sed-in.texi $(srcdir)/groupify.sed
- fi
- echo stamp > $(srcdir)/s-texi
-
--sed.1: $(top_srcdir)/sed/sed.c $(top_srcdir)/configure.ac $(srcdir)/sed.x
-+_sed.1: $(top_srcdir)/sed/sed.c $(top_srcdir)/configure.ac $(srcdir)/sed.x
- $(HELP2MAN) --name "stream editor for filtering and transforming text" \
- -p sed --include $(srcdir)/sed.x -o $(srcdir)/sed.1 $(SED)
-
-diff --git a/testsuite/Makefile.am b/testsuite/Makefile.am
-index d80e72c..b05f01e 100644
a/testsuite/Makefile.am
-+++ b/testsuite/Makefile.am
-@@ -99,5 +99,11 @@ EXTRA_DIST = \
- # automake makes `check' depend on $(TESTS). Declare
- # dummy targets for $(TESTS) so that make does not complain.
-
-+install-ptest:
-+ cd $(BUILDDIR); tar -c --exclude=*.o $(TESTDIR) | ( cd $(DESTDIR) &&
tar -xf - )
-+ for i in $(EXTRA_DIST) tst-regex2.c; do install $(srcdir)/$$i
$(DESTDIR)/$(TESTDIR); done
-+ sed -e 's/^Makefile:/_Makefile:/' -e 's/^srcdir = \(.*\)/srcdir = ./'
-e 's/bash/sh/' -i $(DESTDIR)/$(TESTDIR)/Makefile
-+ for i in `grep -rl "../sed/sed" $(DESTDIR)/$(TESTDIR)`; do sed -e
's/..\/sed\/sed/sed/' -i $$i; done
-+
- .PHONY: $(SEDTESTS)
- $(SEDTESTS):
---
-1.7.9.5
-
diff --git
a/meta/recipes-extended/sed/sed-4.2.2/0001-Unset-need_charset_alias-when-building-for-musl.patch
b/meta/recipes-extended/sed/sed/0001-Unset-need_charset_alias-when-building-for-musl.patch
similarity index 100%
rename from
meta/recipes-extended/sed/sed-4.2.2/0001-Unset-need_charset_alias-when-building-for-musl.patch
rename to
meta/recipes-extended/sed/sed/0001-Unset-need_charset_alias-when-building-for-musl.patch
diff --git a/meta/recipes-extended/sed/sed-4.2.2/run-ptest
b/meta/recipes-extended/sed/sed/run-ptest
similarity index 100%
rename from meta/recipes-extended/sed/sed-4.2.2/run-ptest
rename to meta/recipes-extended/sed/sed/run-ptest
diff --git a/meta/recipes-extended/sed/sed_4.2.2.bb
b/meta/recipes-extended/sed/sed_4.4.bb
similarity index 76%
rename from meta/recipes-extended/sed/sed_4.2.2.bb
rename to meta/recipes-extended/sed/sed_4.4.bb
index 5aa7d8a..cb559e0 100644
--- a/meta/recipes-extended/sed/sed_4.2.2.bb
+++ b/meta/recipes-extended/sed/sed_4.4.bb
@@ -1,18 +1,17 @@
SUMMARY = "Stream EDitor (text filtering utility)"
HOMEPAGE = "http://www.gnu.org/software/sed/";
LICENSE = "GPLv3+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=f27defe1e96c2e1ecd4e0c9be8967949 \
-
file
[OE-core] [PATCH] ncurses: Upgrade 6.0+20161126 -> 6.0+20170408
1. Upgrade ncurses from 6.0+20161126 to 6.0+20170408
2. Delete the following patch file becuase new version already uses the awk to
filter words.
fix-cflags-mangle.patch
Signed-off-by: Fan Xin
---
.../recipes-core/ncurses/files/fix-cflags-mangle.patch | 18 --
...ncurses_6.0+20161126.bb => ncurses_6.0+20170408.bb} | 3 +--
2 files changed, 1 insertion(+), 20 deletions(-)
delete mode 100644 meta/recipes-core/ncurses/files/fix-cflags-mangle.patch
rename meta/recipes-core/ncurses/{ncurses_6.0+20161126.bb =>
ncurses_6.0+20170408.bb} (76%)
diff --git a/meta/recipes-core/ncurses/files/fix-cflags-mangle.patch
b/meta/recipes-core/ncurses/files/fix-cflags-mangle.patch
deleted file mode 100644
index e9447c5..000
--- a/meta/recipes-core/ncurses/files/fix-cflags-mangle.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-configure has a piece of logic to detect users "abusing" CC to hold compiler
-flags (which we do). It also has logic to "correct" this by moving the flags
-from CC to CFLAGS, but the sed only handles a single argument in CC.
-
-Replace the sed with awk to filter out all words that start with a hyphen.
-
-Upstream-Status: Pending
-Signed-off-by: Ross Burton
-
-diff --git a/configure b/configure
-index 7f31208..1a29cfc 100755
a/configure
-+++ b/configure
-@@ -2191,2 +2191,2 @@ echo "$as_me: WARNING: your environment misuses the CC
variable to hold CFLAGS/C
-- cf_flags=`echo "$CC" | sed -e 's/^.*[ ]\(-[^ ]\)/\1/'`
-- CC=`echo "$CC " | sed -e 's/[ ]-[^].*$//' -e 's/[ ]*$//'`
-+ cf_flags=`echo "$CC" | awk 'BEGIN{ORS=" ";RS=" "} /^-.+/ {print $1}'`
-+ CC=`echo "$CC " | awk 'BEGIN{ORS=" ";RS=" "} /^[^-].+/ {print $1}'`
diff --git a/meta/recipes-core/ncurses/ncurses_6.0+20161126.bb
b/meta/recipes-core/ncurses/ncurses_6.0+20170408.bb
similarity index 76%
rename from meta/recipes-core/ncurses/ncurses_6.0+20161126.bb
rename to meta/recipes-core/ncurses/ncurses_6.0+20170408.bb
index ace3108..02db551 100644
--- a/meta/recipes-core/ncurses/ncurses_6.0+20161126.bb
+++ b/meta/recipes-core/ncurses/ncurses_6.0+20170408.bb
@@ -1,12 +1,11 @@
require ncurses.inc
SRC_URI += "file://tic-hang.patch \
-file://fix-cflags-mangle.patch \
file://config.cache \
file://configure-reproducible.patch \
"
# commit id corresponds to the revision in package version
-SRCREV = "3db0bd19cb50e3d9b4f2cf15b7a102fe11302068"
+SRCREV = "9e9f3df43c491e8f046345b9d1aa54ad57201df2"
S = "${WORKDIR}/git"
EXTRA_OECONF += "--with-abi-version=5"
UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+(\.\d+)+(\+\d+)*)"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] cairo: Fix CVE-2017-7475
CVE: CVE-2017-7475
Bug 100763 - Denial-of-Service Attack due to Logical Problem in Program
https://bugs.freedesktop.org/show_bug.cgi?id=100763
Signed-off-by: Fan Xin
---
...et_bitmap_surface-bsc1036789-CVE-2017-7475.diff | 22 ++
meta/recipes-graphics/cairo/cairo_1.14.8.bb| 4 +++-
2 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
diff --git
a/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
b/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
new file mode 100644
index 000..96b1127
--- /dev/null
+++
b/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
@@ -0,0 +1,22 @@
+Cairo: Fix Denial-of-Service Attack due to Logical Problem in Program
+
+https://bugs.freedesktop.org/show_bug.cgi?id=100763
+
+CVE: CVE-2017-7475
+Upstream-Status: Pending
+
+Signed-off-by: Fan Xin
+
+Index: cairo-1.15.4/src/cairo-ft-font.c
+===
+--- cairo-1.15.4.orig/src/cairo-ft-font.c
cairo-1.15.4/src/cairo-ft-font.c
+@@ -1149,7 +1149,7 @@ _get_bitmap_surface (FT_Bitmap*bi
+ width = bitmap->width;
+ height = bitmap->rows;
+
+-if (width == 0 || height == 0) {
++if (width == 0 || height == 0 || bitmap->buffer == NULL) {
+ *surface = (cairo_image_surface_t *)
+ cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
+ return (*surface)->base.status;
diff --git a/meta/recipes-graphics/cairo/cairo_1.14.8.bb
b/meta/recipes-graphics/cairo/cairo_1.14.8.bb
index 5a3c74f..fe1f37d 100644
--- a/meta/recipes-graphics/cairo/cairo_1.14.8.bb
+++ b/meta/recipes-graphics/cairo/cairo_1.14.8.bb
@@ -2,7 +2,9 @@ require cairo.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
-SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz";
+SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
+ file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
+ "
SRC_URI[md5sum] = "4ef0db2eacb271c74f8a3fd87822aa98"
SRC_URI[sha256sum] =
"d1f2d98ae9a4111564f6de4e013d639cf77155baf2556582295a0f00a9bc5e20"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] acpica: Upgrade 20150515 -> 20170303
1. Upgrade acpica from 20150515 to 20170303
2. Rebase the patch file for 20170303
Signed-off-by: Fan Xin
---
.../{acpica_20150515.bb => acpica_20170303.bb} | 6 +--
.../files/manipulate-fds-instead-of-FILE.patch | 57 +++---
2 files changed, 32 insertions(+), 31 deletions(-)
rename meta/recipes-extended/acpica/{acpica_20150515.bb => acpica_20170303.bb}
(89%)
diff --git a/meta/recipes-extended/acpica/acpica_20150515.bb
b/meta/recipes-extended/acpica/acpica_20170303.bb
similarity index 89%
rename from meta/recipes-extended/acpica/acpica_20150515.bb
rename to meta/recipes-extended/acpica/acpica_20170303.bb
index 1326ebd..12dfc6d 100644
--- a/meta/recipes-extended/acpica/acpica_20150515.bb
+++ b/meta/recipes-extended/acpica/acpica_20170303.bb
@@ -19,10 +19,10 @@ DEPENDS = "bison flex"
SRC_URI = "https://acpica.org/sites/acpica/files/acpica-unix2-${PV}.tar.gz \
file://no-werror.patch \
file://rename-yy_scan_string-manually.patch \
-file://manipulate-fds-instead-of-FILE.patch \
+file://manipulate-fds-instead-of-FILE.patch;striplevel=2 \
"
-SRC_URI[md5sum] = "2bc4a7ccc82de9df9fa964f784ecb29c"
-SRC_URI[sha256sum] =
"61204ec56d71bc9bfa2ee2ade4c66f7e8541772ac72ef8ccc20b3f339cc96374"
+SRC_URI[md5sum] = "48ef4314fb4ffdd0c96f14dcf20544e1"
+SRC_URI[sha256sum] =
"b2d81e84107ac9a02be86ea43cbea7afa8fd4b4150270bc88c2d4c9fea0b8aad"
UPSTREAM_CHECK_URI = "https://acpica.org/downloads";
S = "${WORKDIR}/acpica-unix2-${PV}"
diff --git
a/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch
b/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch
index 6944bb7..5610ed9 100644
--- a/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch
+++ b/meta/recipes-extended/acpica/files/manipulate-fds-instead-of-FILE.patch
@@ -1,6 +1,6 @@
-From 33a57979738e5ab13950ec1c0e7298e41ef50929 Mon Sep 17 00:00:00 2001
-From: Patrick Ohly
-Date: Thu, 23 Feb 2017 18:10:47 +0100
+From 69171c22f3872ecb4c1ab27985e93ca44084595e Mon Sep 17 00:00:00 2001
+From: Fan Xin
+Date: Mon, 5 Jun 2017 13:26:38 +0900
Subject: [PATCH] aslfiles.c: manipulate fds instead of FILE
Copying what stdout/stderr point to is not portable and fails with
@@ -12,60 +12,61 @@ writes into. This works on the platforms that Yocto targets.
Upstream-Status: Inappropriate [embedded specific]
Signed-off-by: Patrick Ohly
+
+Rebase on acpica 20170303
+
+Signed-off-by: Fan Xin
---
- source/compiler/aslfiles.c | 20 +++-
- 1 file changed, 11 insertions(+), 9 deletions(-)
+ acpica-unix2-20170303/source/compiler/aslfiles.c | 14 +++---
+ 1 file changed, 11 insertions(+), 3 deletions(-)
-diff --git a/source/compiler/aslfiles.c b/source/compiler/aslfiles.c
-index 947e465..7a352b4 100644
a/source/compiler/aslfiles.c
-+++ b/source/compiler/aslfiles.c
-@@ -44,6 +44,11 @@
+diff --git a/acpica-unix2-20170303/source/compiler/aslfiles.c
b/acpica-unix2-20170303/source/compiler/aslfiles.c
+index 809090c..97898b1 100644
+--- a/acpica-unix2-20170303/source/compiler/aslfiles.c
b/acpica-unix2-20170303/source/compiler/aslfiles.c
+@@ -44,6 +44,10 @@
#include "aslcompiler.h"
#include "acapps.h"
-
+ #include "dtcompiler.h"
+#include
+#include
+#include
+#include
-+
+
#define _COMPONENT ACPI_COMPILER
ACPI_MODULE_NAME("aslfiles")
-
-@@ -569,6 +574,8 @@ FlOpenMiscOutputFiles (
+@@ -607,6 +611,8 @@ FlOpenMiscOutputFiles (
if (Gbl_DebugFlag)
{
-+int fd;
++ int fd;
+
Filename = FlGenerateFilename (FilenamePrefix, FILE_SUFFIX_DEBUG);
if (!Filename)
{
-@@ -582,20 +589,15 @@ FlOpenMiscOutputFiles (
- /* TBD: hide this behind a FlReopenFile function */
+@@ -618,10 +624,10 @@ FlOpenMiscOutputFiles (
+ /* Open the debug file as STDERR, text mode */
Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Filename = Filename;
-Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Handle =
-freopen (Filename, "w+t", stderr);
--
+
-if (!Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Handle)
+fd = open(Filename, O_CREAT|O_TRUNC,
S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
+if (fd < 0 ||
+dup2(fd, fileno(stderr)))
{
--/*
-- * A problem with freopen is that on error,
-- * we no longer have stderr.
-- */
- Gbl_DebugFlag = FALSE;
--memcpy (stderr, stdout, sizeof (FILE));
- FlFileError (ASL_FILE_DEBUG_OUTPUT, ASL_MSG_DEBUG_FILENAME);
- AslAbort ();
+ /*
+ * A problem with freopen is that on error, we no longer
+@@ -635,6 +641,8 @@ FlOpenMiscOutputFiles (
+ exit (1);
}
-+Gbl_Files[ASL_FILE_DEBUG_OUTPUT].Handle = stderr;
++
Re: [OE-core] [PATCH] cairo: Upgrade 1.14.8 -> 1.15.4
Hi Ross Thanks for the information. Fan Xin On 2017年06月02日 18:03, Burton, Ross wrote: On 2 June 2017 at 07:30, Fan Xin <mailto:fan@jp.fujitsu.com>> wrote: 1. Upgrade cairo from 1.14.8 to 1.15.4 "Subject: cairo snapshot 1.15.4 now available" The recipe inherits upstream-version-is-even because odd minor versions are development snapshots. Ross -- -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libxml-simple-perl: Upgrade to 2.24
1. Upgrade libxml-simple-perl from 2.22 to 2.24
2. Update the Licence checksum due to the address of Free Software Foundation
changed.
The content of licence has no change.
Signed-off-by: Fan Xin
---
.../perl/{libxml-simple-perl_2.22.bb => libxml-simple-perl_2.24.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-devtools/perl/{libxml-simple-perl_2.22.bb =>
libxml-simple-perl_2.24.bb} (78%)
diff --git a/meta/recipes-devtools/perl/libxml-simple-perl_2.22.bb
b/meta/recipes-devtools/perl/libxml-simple-perl_2.24.bb
similarity index 78%
rename from meta/recipes-devtools/perl/libxml-simple-perl_2.22.bb
rename to meta/recipes-devtools/perl/libxml-simple-perl_2.24.bb
index 2243bb2..0cf2eeb 100644
--- a/meta/recipes-devtools/perl/libxml-simple-perl_2.22.bb
+++ b/meta/recipes-devtools/perl/libxml-simple-perl_2.24.bb
@@ -7,13 +7,13 @@ where the original uses plain Perl or SAX parsers."
HOMEPAGE =
"http://search.cpan.org/~markov/XML-LibXML-Simple-0.93/lib/XML/LibXML/Simple.pod";
SECTION = "libs"
LICENSE = "Artistic-1.0 | GPL-1.0+"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=fa1187fceda00eee10b62961407ea7be"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=23477e18a0d04392cdf44ae70e49b495"
DEPENDS += "libxml-parser-perl"
SRC_URI = "http://www.cpan.org/modules/by-module/XML/XML-Simple-${PV}.tar.gz";
-SRC_URI[md5sum] = "0914abddfce749453ed89b54029f2643"
-SRC_URI[sha256sum] =
"b9450ef22ea9644ae5d6ada086dc4300fa105be050a2030ebd4efd28c198eb49"
+SRC_URI[md5sum] = "1cd2e8e3421160c42277523d5b2f4dd2"
+SRC_URI[sha256sum] =
"9a14819fd17c75fbb90adcec0446ceab356cab0ccaff870f2e1659205dc2424f"
S = "${WORKDIR}/XML-Simple-${PV}"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libxml-namespacesupport-perl: Upgrade 1.11 -> 1.12
1. Upgrade libxml-namespacesupport-perl from 1.11 to 1.12
2. Update the checksum of licence file because the author and contributors's
name list is deleted.
The content of licence has no change.
Signed-off-by: Fan Xin
---
...acesupport-perl_1.11.bb => libxml-namespacesupport-perl_1.12.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-extended/perl/{libxml-namespacesupport-perl_1.11.bb =>
libxml-namespacesupport-perl_1.12.bb} (77%)
diff --git a/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.11.bb
b/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.bb
similarity index 77%
rename from meta/recipes-extended/perl/libxml-namespacesupport-perl_1.11.bb
rename to meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.bb
index 9a9e710..7fc2ec3 100644
--- a/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.11.bb
+++ b/meta/recipes-extended/perl/libxml-namespacesupport-perl_1.12.bb
@@ -7,11 +7,11 @@ SECTION = "libs"
LICENSE = "Artistic-1.0 | GPL-1.0+"
PR = "r3"
-LIC_FILES_CHKSUM =
"file://META.yml;beginline=22;endline=22;md5=3b2b564dae8b9af9e8896e85c07dcbe5"
+LIC_FILES_CHKSUM =
"file://META.yml;beginline=22;endline=22;md5=9ca1a4a941496e7feedac72c4fb8b137"
SRC_URI =
"http://search.cpan.org/CPAN/authors/id/P/PE/PERIGRIN/XML-NamespaceSupport-${PV}.tar.gz";
-SRC_URI[md5sum] = "222cca76161cd956d724286d36b607da"
-SRC_URI[sha256sum] =
"6d8151f0a3f102313d76b64bfd1c2d9ed46bfe63a16f038e7d860fda287b74ea"
+SRC_URI[md5sum] = "a8916c6d095bcf073e1108af02e78c97"
+SRC_URI[sha256sum] =
"47e995859f8dd0413aa3f22d350c4a62da652e854267aa0586ae544ae2bae5ef"
S = "${WORKDIR}/XML-NamespaceSupport-${PV}"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] lsbinitscripts: Upgrade to 9.72
1. Upgrade lsbinitscripts from 9.68 to 9.72
2. Rebase the following patch file.
functions.patch
Signed-off-by: Fan Xin
---
.../lsb/lsbinitscripts/functions.patch | 43 --
...binitscripts_9.68.bb => lsbinitscripts_9.72.bb} | 8 ++--
2 files changed, 28 insertions(+), 23 deletions(-)
rename meta/recipes-extended/lsb/{lsbinitscripts_9.68.bb =>
lsbinitscripts_9.72.bb} (70%)
diff --git a/meta/recipes-extended/lsb/lsbinitscripts/functions.patch
b/meta/recipes-extended/lsb/lsbinitscripts/functions.patch
index a756d04..feef610 100644
--- a/meta/recipes-extended/lsb/lsbinitscripts/functions.patch
+++ b/meta/recipes-extended/lsb/lsbinitscripts/functions.patch
@@ -1,26 +1,31 @@
-Upstream-Status: Inappropriate [configuration]
+From 57468c5f4e364bdad556604dca09046e1afca929 Mon Sep 17 00:00:00 2001
+From: Fan Xin
+Date: Mon, 5 Jun 2017 16:26:47 +0900
+Subject: [PATCH] Upstream-Status: Inappropriate [configuration]
Signed-off-by: Xiaofeng Yan
Signed-off-by: Saul Wold
-Index: initscripts-9.43/rc.d/init.d/functions
-===
initscripts-9.43.orig/rc.d/init.d/functions
-+++ initscripts-9.43/rc.d/init.d/functions
-@@ -13,6 +13,7 @@ umask 022
- PATH="/sbin:/usr/sbin:/bin:/usr/bin"
- export PATH
-
-+
- if [ $PPID -ne 1 -a -z "$SYSTEMCTL_SKIP_REDIRECT" ] && \
- ( /bin/mountpoint -q /cgroup/systemd || /bin/mountpoint -q
/sys/fs/cgroup/systemd ) ; then
- case "$0" in
-@@ -54,7 +55,7 @@ systemctl_redirect () {
+Rebase on 9.72
+
+Signed-off-by: Fan Xin
+---
+ initscripts-9.72/rc.d/init.d/functions | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/initscripts-9.72/rc.d/init.d/functions
b/initscripts-9.72/rc.d/init.d/functions
+index 0f627f1..a6aa092 100644
+--- a/initscripts-9.72/rc.d/init.d/functions
b/initscripts-9.72/rc.d/init.d/functions
+@@ -59,7 +59,7 @@ systemctl_redirect () {
[ -z "${COLUMNS:-}" ] && COLUMNS=80
if [ -z "${CONSOLETYPE:-}" ]; then
-- if [ -c "/dev/stderr" -a -r "/dev/stderr" ]; then
-+ if [ -c "/dev/stderr" -a -r "/dev/stderr" -a -e /sbin/consoletype ]; then
- CONSOLETYPE="$(/sbin/consoletype < /dev/stderr 2>/dev/null)"
- else
- CONSOLETYPE="serial"
+-if [ -c "/dev/stderr" -a -r "/dev/stderr" ]; then
++if [ -c "/dev/stderr" -a -r "/dev/stderr" -a -e /sbin/consoletype ]; then
+ CONSOLETYPE="$(/sbin/consoletype < /dev/stderr 2>/dev/null)"
+ else
+ CONSOLETYPE="serial"
+--
+1.9.1
+
diff --git a/meta/recipes-extended/lsb/lsbinitscripts_9.68.bb
b/meta/recipes-extended/lsb/lsbinitscripts_9.72.bb
similarity index 70%
rename from meta/recipes-extended/lsb/lsbinitscripts_9.68.bb
rename to meta/recipes-extended/lsb/lsbinitscripts_9.72.bb
index 0c08fff..448663f 100644
--- a/meta/recipes-extended/lsb/lsbinitscripts_9.68.bb
+++ b/meta/recipes-extended/lsb/lsbinitscripts_9.72.bb
@@ -8,13 +8,13 @@ RDEPENDS_${PN} += "util-linux"
LIC_FILES_CHKSUM = "file://COPYING;md5=ebf4e8b49780ab187d51bd26aaa022c6"
S="${WORKDIR}/initscripts-${PV}"
-SRC_URI =
"http://pkgs.fedoraproject.org/repo/pkgs/initscripts/initscripts-${PV}.tar.bz2/6a51a5af38e01445f53989ed0727c3e1/initscripts-${PV}.tar.bz2
\
- file://functions.patch \
+SRC_URI =
"http://pkgs.fedoraproject.org/repo/pkgs/initscripts/initscripts-${PV}.tar.gz/sha512/b6ed38f9576e9227c2ecf047e2d60e1e872f40d51d13861b0c91dddb282f10f7e6b79706a4d1435d7a57a14a0b73a1b71541cfe44c00e8e03ef96b08de19ec32/initscripts-${PV}.tar.gz
\
+ file://functions.patch;striplevel=2 \
file://0001-functions-avoid-exit-1-which-causes-init-scripts-to-.patch \
"
-SRC_URI[md5sum] = "6a51a5af38e01445f53989ed0727c3e1"
-SRC_URI[sha256sum] =
"2a1c6e9dbaa37a676518f4803b501e107c058bb14ef7a8db24c52b77fbcba531"
+SRC_URI[md5sum] = "d6c798f40dceb117e12126d94cb25a9a"
+SRC_URI[sha256sum] =
"1793677bdd1f7ee4cb00878ce43346196374f848a4c8e4559e086040fc7487db"
inherit update-alternatives
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH v2] cairo: Fix CVE-2017-7475
CVE: CVE-2017-7475
Bug 100763 - Denial-of-Service Attack due to Logical Problem in Program
https://bugs.freedesktop.org/show_bug.cgi?id=100763
Signed-off-by: Fan Xin
---
...et_bitmap_surface-bsc1036789-CVE-2017-7475.diff | 22 ++
meta/recipes-graphics/cairo/cairo_1.14.8.bb| 4 +++-
2 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
diff --git
a/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
b/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
new file mode 100644
index 000..7aaad2e
--- /dev/null
+++
b/meta/recipes-graphics/cairo/cairo/cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff
@@ -0,0 +1,22 @@
+Cairo: Fix Denial-of-Service Attack due to Logical Problem in Program
+
+https://bugs.freedesktop.org/show_bug.cgi?id=100763
+
+CVE: CVE-2017-7475
+Upstream-Status: Submitted
+
+Signed-off-by: Fan Xin
+
+Index: cairo-1.15.4/src/cairo-ft-font.c
+===
+--- cairo-1.15.4.orig/src/cairo-ft-font.c
cairo-1.15.4/src/cairo-ft-font.c
+@@ -1149,7 +1149,7 @@ _get_bitmap_surface (FT_Bitmap*bi
+ width = bitmap->width;
+ height = bitmap->rows;
+
+-if (width == 0 || height == 0) {
++if (width == 0 || height == 0 || bitmap->buffer == NULL) {
+ *surface = (cairo_image_surface_t *)
+ cairo_image_surface_create_for_data (NULL, format, 0, 0, 0);
+ return (*surface)->base.status;
diff --git a/meta/recipes-graphics/cairo/cairo_1.14.8.bb
b/meta/recipes-graphics/cairo/cairo_1.14.8.bb
index 5a3c74f..af6be56 100644
--- a/meta/recipes-graphics/cairo/cairo_1.14.8.bb
+++ b/meta/recipes-graphics/cairo/cairo_1.14.8.bb
@@ -2,7 +2,9 @@ require cairo.inc
LIC_FILES_CHKSUM = "file://COPYING;md5=e73e999e0c72b5ac9012424fa157ad77"
-SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz";
+SRC_URI = "http://cairographics.org/releases/cairo-${PV}.tar.xz \
+ file://cairo-get_bitmap_surface-bsc1036789-CVE-2017-7475.diff \
+ "
SRC_URI[md5sum] = "4ef0db2eacb271c74f8a3fd87822aa98"
SRC_URI[sha256sum] =
"d1f2d98ae9a4111564f6de4e013d639cf77155baf2556582295a0f00a9bc5e20"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] man-pages: Upgrade to 4.11
Signed-off-by: Fan Xin
---
.../man-pages/{man-pages_4.10.bb => man-pages_4.11.bb}| 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/man-pages/{man-pages_4.10.bb =>
man-pages_4.11.bb} (86%)
diff --git a/meta/recipes-extended/man-pages/man-pages_4.10.bb
b/meta/recipes-extended/man-pages/man-pages_4.11.bb
similarity index 86%
rename from meta/recipes-extended/man-pages/man-pages_4.10.bb
rename to meta/recipes-extended/man-pages/man-pages_4.11.bb
index de8d3b9..a3077a9 100644
--- a/meta/recipes-extended/man-pages/man-pages_4.10.bb
+++ b/meta/recipes-extended/man-pages/man-pages_4.11.bb
@@ -7,8 +7,8 @@ LICENSE = "GPLv2+"
LIC_FILES_CHKSUM = "file://README;md5=8f2a3d43057d458e5066714980567a60"
SRC_URI = "${KERNELORG_MIRROR}/linux/docs/${BPN}/Archive/${BP}.tar.gz"
-SRC_URI[md5sum] = "fa03cff75c7cee5a0fd5db3456aea43a"
-SRC_URI[sha256sum] =
"5995444d589a1ab83ae1220a4446ee09b3dadb6ce7037162ea75874ebcb2c040"
+SRC_URI[md5sum] = "408300ed09d1ad5938070158b21da1d1"
+SRC_URI[sha256sum] =
"e6db91a24e68c7c765b7b8e60f1591ed1049bc2dc3143db779eae4838b89d195"
RDEPENDS_${PN} = "man"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] pciutils: Upgrade to 3.5.4
Signed-off-by: Fan Xin
---
meta/recipes-bsp/pciutils/{pciutils_3.5.2.bb => pciutils_3.5.4.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-bsp/pciutils/{pciutils_3.5.2.bb => pciutils_3.5.4.bb} (92%)
diff --git a/meta/recipes-bsp/pciutils/pciutils_3.5.2.bb
b/meta/recipes-bsp/pciutils/pciutils_3.5.4.bb
similarity index 92%
rename from meta/recipes-bsp/pciutils/pciutils_3.5.2.bb
rename to meta/recipes-bsp/pciutils/pciutils_3.5.4.bb
index 9a7297e..d387fba 100644
--- a/meta/recipes-bsp/pciutils/pciutils_3.5.2.bb
+++ b/meta/recipes-bsp/pciutils/pciutils_3.5.4.bb
@@ -13,8 +13,8 @@ SRC_URI =
"${KERNELORG_MIRROR}/software/utils/pciutils/pciutils-${PV}.tar.xz \
file://guess-fix.patch \
file://makefile.patch"
-SRC_URI[md5sum] = "1bf5b068bd9f7512e8c68b060b25a1b2"
-SRC_URI[sha256sum] =
"3a99141a9f40528d0a0035665a06dc37ddb1ae341658e51b50a76ecf86235efc"
+SRC_URI[md5sum] = "e82537cd2194111c45fa7e684b52252e"
+SRC_URI[sha256sum] =
"64293c6ab9318c40ef262b76d87bd9097531759752bac556e50979b1e63cfe66"
inherit multilib_header
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] hdparm: Upgrade to 9.52
1. Upgrade hdparm from 9.51 to 9.52
2. Update the checksum of LIC_FILES_CHKSUM
The following content is appended to LICENSE.TXT, the licence is still BSD &
GPLv2.
The apt.c file is Copyright (c) 2009 Jan Friesse .
You may use/distribute apt.c freely, under the terms of either
(your choice) the GNU General Public License version 2,
or a BSD style license.
Signed-off-by: Fan Xin
---
meta/recipes-extended/hdparm/{hdparm_9.51.bb => hdparm_9.52.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-extended/hdparm/{hdparm_9.51.bb => hdparm_9.52.bb} (83%)
diff --git a/meta/recipes-extended/hdparm/hdparm_9.51.bb
b/meta/recipes-extended/hdparm/hdparm_9.52.bb
similarity index 83%
rename from meta/recipes-extended/hdparm/hdparm_9.51.bb
rename to meta/recipes-extended/hdparm/hdparm_9.52.bb
index fa00927..599cd30 100644
--- a/meta/recipes-extended/hdparm/hdparm_9.51.bb
+++ b/meta/recipes-extended/hdparm/hdparm_9.52.bb
@@ -8,7 +8,7 @@ LICENSE_${PN} = "BSD"
LICENSE_${PN}-dbg = "BSD"
LICENSE_wiper = "GPLv2"
-LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=910a8a42c962d238619c75fdb78bdb24 \
+LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=495d03e50dc6c89d6a30107ab0df5b03 \
file://debian/copyright;md5=a82d7ba3ade9e8ec902749db98c592f3 \
file://wiper/GPLv2.txt;md5=fcb02dc552a041dee27e4b85c7396067 \
file://wiper/wiper.sh;beginline=7;endline=31;md5=b7bc642addc152ea307505bf1a296f09"
@@ -22,8 +22,8 @@ RDEPENDS_wiper = "bash gawk stat"
SRC_URI = "${SOURCEFORGE_MIRROR}/hdparm/${BP}.tar.gz"
-SRC_URI[md5sum] = "8fe0a71db02f7ffc602d14a69f766cff"
-SRC_URI[sha256sum] =
"1afad8891ecbe644c283f7d725157660ebf8bd5b4d9d67232afd45f83d2d5d91"
+SRC_URI[md5sum] = "410539d0bf3cc247181594581edbfb53"
+SRC_URI[sha256sum] =
"c3429cd423e271fa565bf584598fd751dd2e773bb7199a592b06b5a61cec4fb6"
EXTRA_OEMAKE = 'STRIP="echo" LDFLAGS="${LDFLAGS}"'
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libtiff: Upgrade to 4.0.8
1. Upgrade libtiff from 4.0.7 to 4.0.8
2. Delete the following patch file due to CVE-2017-5225 has been fixed in 4.0.8
libtiff-CVE-2017-5225.patch
Signed-off-by: Fan Xin
---
.../libtiff/files/libtiff-CVE-2017-5225.patch | 92 --
.../libtiff/{tiff_4.0.7.bb => tiff_4.0.8.bb} | 5 +-
2 files changed, 2 insertions(+), 95 deletions(-)
delete mode 100644
meta/recipes-multimedia/libtiff/files/libtiff-CVE-2017-5225.patch
rename meta/recipes-multimedia/libtiff/{tiff_4.0.7.bb => tiff_4.0.8.bb} (90%)
diff --git a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2017-5225.patch
b/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2017-5225.patch
deleted file mode 100644
index 3263353..000
--- a/meta/recipes-multimedia/libtiff/files/libtiff-CVE-2017-5225.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From a24df1e93833dfeaa69bf4d510518dc4684db64d Mon Sep 17 00:00:00 2001
-From: Li Zhou
-Date: Wed, 25 Jan 2017 17:07:21 +0800
-Subject: [PATCH] libtiff: fix CVE-2017-5225
-
-tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow
-and cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
-overflow. Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
-http://bugzilla.maptools.org/show_bug.cgi?id=2657
-
-Upstream-Status: Backport
-CVE: CVE-2017-5225
-Signed-off-by: Li Zhou
- ChangeLog | 7 +++
- tools/tiffcp.c | 24 ++--
- 2 files changed, 29 insertions(+), 2 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 9b9d397..7e82795 100644
a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,10 @@
-+2017-01-11 Even Rouault
-+
-+ * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
-+ cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
overflow.
-+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
-+ http://bugzilla.maptools.org/show_bug.cgi?id=2657
-+
- 2016-11-19 Bob Friesenhahn
-
- * libtiff 4.0.7 released.
-diff --git a/tools/tiffcp.c b/tools/tiffcp.c
-index 338a3d1..2e84577 100644
a/tools/tiffcp.c
-+++ b/tools/tiffcp.c
-@@ -592,7 +592,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF*, uint16,
uint16);
- static int
- tiffcp(TIFF* in, TIFF* out)
- {
-- uint16 bitspersample, samplesperpixel = 1;
-+ uint16 bitspersample = 1, samplesperpixel = 1;
- uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
- copyFunc cf;
- uint32 width, length;
-@@ -1068,6 +1068,16 @@ DECLAREcpFunc(cpContig2SeparateByRow)
- register uint32 n;
- uint32 row;
- tsample_t s;
-+uint16 bps = 0;
-+
-+(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+if( bps != 8 )
-+{
-+TIFFError(TIFFFileName(in),
-+ "Error, can only handle BitsPerSample=8 in %s",
-+ "cpContig2SeparateByRow");
-+return 0;
-+}
-
- inbuf = _TIFFmalloc(scanlinesizein);
- outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1121,6 +1131,16 @@ DECLAREcpFunc(cpSeparate2ContigByRow)
- register uint32 n;
- uint32 row;
- tsample_t s;
-+uint16 bps = 0;
-+
-+(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
-+if( bps != 8 )
-+{
-+TIFFError(TIFFFileName(in),
-+ "Error, can only handle BitsPerSample=8 in %s",
-+ "cpSeparate2ContigByRow");
-+return 0;
-+}
-
- inbuf = _TIFFmalloc(scanlinesizein);
- outbuf = _TIFFmalloc(scanlinesizeout);
-@@ -1763,7 +1783,7 @@ pickCopyFunc(TIFF* in, TIFF* out, uint16 bitspersample,
uint16 samplesperpixel)
- uint32 w, l, tw, tl;
- int bychunk;
-
-- (void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
-+ (void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
- if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
- fprintf(stderr,
- "%s: Cannot handle different planar configuration w/
bits/sample != 8\n",
---
-1.9.1
-
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
b/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb
similarity index 90%
rename from meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
rename to meta/recipes-multimedia/libtiff/tiff_4.0.8.bb
index e581736..4a7aecc 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.8.bb
@@ -6,11 +6,10 @@ CVE_PRODUCT = "libtiff"
SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://libtool2.patch \
- file://libtiff-CVE-2017-5225.patch \
"
-SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b"
-SRC_URI[sha256sum] =
"9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019"
+SRC_URI[md5sum] = "2a7d1c
[OE-core] [PATCH] libtirpc: Fix CVE-2017-8779
This vulnerability is also called "rpcbomb".
Backport upstream patch to fix this vulnerability.
CVE: CVE-2017-8779
Signed-off-by: Fan Xin
---
.../libtirpc/0001-Fix-for-CVE-2017-8779.patch | 276 +
meta/recipes-extended/libtirpc/libtirpc_1.0.1.bb | 1 +
2 files changed, 277 insertions(+)
create mode 100644
meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
diff --git
a/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
b/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
new file mode 100644
index 000..b3bae67
--- /dev/null
+++ b/meta/recipes-extended/libtirpc/libtirpc/0001-Fix-for-CVE-2017-8779.patch
@@ -0,0 +1,276 @@
+From dd9c7cf4f8f375c6d641b760d124650c418c2ce3 Mon Sep 17 00:00:00 2001
+From: Guido Vranken
+Date: Mon, 15 May 2017 11:12:21 -0400
+Subject: [PATCH] Fix for CVE-2017-8779
+
+Signed-off-by: Steve Dickson
+---
+ src/rpc_generic.c | 8
+ src/rpcb_prot.c | 22 ++
+ src/rpcb_st_xdr.c | 9 +
+ src/xdr.c | 30 +-
+ 4 files changed, 52 insertions(+), 17 deletions(-)
+
+CVE: CVE-2017-8779
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin
+
+diff --git a/src/rpc_generic.c b/src/rpc_generic.c
+index 2f09a8f..589cbd5 100644
+--- a/src/rpc_generic.c
b/src/rpc_generic.c
+@@ -615,6 +615,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
+
+ switch (af) {
+ case AF_INET:
++ if (nbuf->len < sizeof(*sin)) {
++ return NULL;
++ }
+ sin = nbuf->buf;
+ if (inet_ntop(af, &sin->sin_addr, namebuf, sizeof namebuf)
+ == NULL)
+@@ -626,6 +629,9 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
+ break;
+ #ifdef INET6
+ case AF_INET6:
++ if (nbuf->len < sizeof(*sin6)) {
++ return NULL;
++ }
+ sin6 = nbuf->buf;
+ if (inet_ntop(af, &sin6->sin6_addr, namebuf6, sizeof namebuf6)
+ == NULL)
+@@ -667,6 +673,8 @@ __rpc_uaddr2taddr_af(int af, const char *uaddr)
+
+ port = 0;
+ sin = NULL;
++ if (uaddr == NULL)
++ return NULL;
+ addrstr = strdup(uaddr);
+ if (addrstr == NULL)
+ return NULL;
+diff --git a/src/rpcb_prot.c b/src/rpcb_prot.c
+index 43fd385..a923c8e 100644
+--- a/src/rpcb_prot.c
b/src/rpcb_prot.c
+@@ -41,6 +41,7 @@
+ #include
+ #include
+ #include
++#include "rpc_com.h"
+
+ bool_t
+ xdr_rpcb(xdrs, objp)
+@@ -53,13 +54,13 @@ xdr_rpcb(xdrs, objp)
+ if (!xdr_u_int32_t(xdrs, &objp->r_vers)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_netid, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_netid, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_addr, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_addr, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_owner, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_owner, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ return (TRUE);
+@@ -159,19 +160,19 @@ xdr_rpcb_entry(xdrs, objp)
+ XDR *xdrs;
+ rpcb_entry *objp;
+ {
+- if (!xdr_string(xdrs, &objp->r_maddr, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_maddr, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_nc_netid, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_nc_netid, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ if (!xdr_u_int32_t(xdrs, &objp->r_nc_semantics)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_nc_protofmly, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_nc_protofmly, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+- if (!xdr_string(xdrs, &objp->r_nc_proto, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->r_nc_proto, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ return (TRUE);
+@@ -292,7 +293,7 @@ xdr_rpcb_rmtcallres(xdrs, p)
+ bool_t dummy;
+ struct r_rpcb_rmtcallres *objp = (struct r_rpcb_rmtcallres *)(void *)p;
+
+- if (!xdr_string(xdrs, &objp->addr, (u_int)~0)) {
++ if (!xdr_string(xdrs, &objp->addr, RPC_MAXDATASIZE)) {
+ return (FALSE);
+ }
+ if (!xdr_u_int(xdrs, &objp->results.results_len)) {
+@@ -312,6 +313,11 @@ xdr_netbuf(xdrs, objp)
+ if (!xdr_u_int32_t(xdrs, (u_int32_t *) &objp->maxlen)) {
+ return (FALSE);
+ }
++
++ if (objp->maxlen > RPC_MAXDATASIZE) {
++
[OE-core] [PATCH] libxml2: Fix CVE-2017-8872
CVE: CVE-2017-8872
The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 allows
attackers
to cause a denial of service (buffer over-read) or information disclosure.
External References:
https://bugzilla.gnome.org/show_bug.cgi?id=77520
Signed-off-by: Fan Xin
---
.../libxml/libxml2/libxml2-CVE-2017-8872.patch | 23 ++
meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 +
2 files changed, 24 insertions(+)
create mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
new file mode 100644
index 000..df05e06
--- /dev/null
+++ b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2017-8872.patch
@@ -0,0 +1,23 @@
+libxml2-2.9.4: Fix CVE-2017-8872
+
+Bug 775200 - (CVE-2017-8872) global-buffer-overflow in htmlParseTryOrFinish
(HTMLparser.c:5403)
+ - [https://bugzilla.gnome.org/show_bug.cgi?id=775200]
+
+CVE: CVE-2017-8872
+Upstream-Status: Submitted
+
+Signed-off-by: Fan Xin
+
+Index: libxml2-2.9.4/HTMLparser.c
+===
+--- libxml2-2.9.4.orig/HTMLparser.c
libxml2-2.9.4/HTMLparser.c
+@@ -5396,6 +5396,8 @@ htmlParseTryOrFinish(htmlParserCtxtPtr c
+ ctxt->instate = XML_PARSER_EOF;
+ if ((ctxt->sax) && (ctxt->sax->endDocument != NULL))
+ ctxt->sax->endDocument(ctxt->userData);
++
++ goto done;
+ }
+ }
+ if (avail < 1)
diff --git a/meta/recipes-core/libxml/libxml2_2.9.4.bb
b/meta/recipes-core/libxml/libxml2_2.9.4.bb
index ea0d3b8..0b4cbca 100644
--- a/meta/recipes-core/libxml/libxml2_2.9.4.bb
+++ b/meta/recipes-core/libxml/libxml2_2.9.4.bb
@@ -24,6 +24,7 @@ SRC_URI =
"ftp://xmlsoft.org/libxml2/libxml2-${PV}.tar.gz;name=libtar \
file://libxml2-CVE-2016-4658.patch \
file://libxml2-fix_NULL_pointer_derefs.patch \
file://CVE-2016-9318.patch \
+ file://libxml2-CVE-2017-8872.patch \
"
SRC_URI[libtar.md5sum] = "ae249165c173b1ff386ee8ad676815f5"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] flex: Upgrade to 2.6.4
1. Upgrade flex from 2.6.0 to 2.6.4
2. Change the SRC_URI
Change SRC_URI from sourceforge to github due to the flex on sourceforge has
not been updated more than one year.
Signed-off-by: Fan Xin
---
meta/recipes-devtools/flex/{flex_2.6.0.bb => flex_2.6.4.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-devtools/flex/{flex_2.6.0.bb => flex_2.6.4.bb} (90%)
diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb
b/meta/recipes-devtools/flex/flex_2.6.4.bb
similarity index 90%
rename from meta/recipes-devtools/flex/flex_2.6.0.bb
rename to meta/recipes-devtools/flex/flex_2.6.4.bb
index ab35b09..038aa37 100644
--- a/meta/recipes-devtools/flex/flex_2.6.0.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.4.bb
@@ -10,7 +10,7 @@ BBCLASSEXTEND = "native nativesdk"
LIC_FILES_CHKSUM = "file://COPYING;md5=e4742cf92e89040b39486a6219b68067"
-SRC_URI = "${SOURCEFORGE_MIRROR}/flex/flex-${PV}.tar.bz2 \
+SRC_URI = "https://github.com/westes/flex/files/981163/${PN}-${PV}.tar.gz \
file://run-ptest \
file://do_not_create_pdf_doc.patch \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
@@ -19,8 +19,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/flex/flex-${PV}.tar.bz2 \
${@bb.utils.contains('PTEST_ENABLED', '1', '',
'file://disable-tests.patch', d)} \
"
-SRC_URI[md5sum] = "266270f13c48ed043d95648075084d59"
-SRC_URI[sha256sum] =
"24e611ef5a4703a191012f80c1027dc9d12555183ce0ecd46f3636e587e9b8e9"
+SRC_URI[md5sum] = "2882e3179748cc9f9c23ec593d6adc8d"
+SRC_URI[sha256sum] =
"e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c45ee995"
# Flex has moved to github from 2.6.1 onwards
UPSTREAM_CHECK_URI = "https://github.com/westes/flex/releases";
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH] flex: Upgrade to 2.6.4
OK, send this to meta-oe for test.
Fan Xin
On 2017年06月09日 10:42, Khem Raj wrote:
On Thu, Jun 8, 2017 at 6:39 PM, Fan Xin wrote:
1. Upgrade flex from 2.6.0 to 2.6.4
2. Change the SRC_URI
Change SRC_URI from sourceforge to github due to the flex on sourceforge
has not been updated more than one year.
how has it been tested ?
I think it needs to be tested with meta-oe before it gets into OE-core.
Signed-off-by: Fan Xin
---
meta/recipes-devtools/flex/{flex_2.6.0.bb => flex_2.6.4.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-devtools/flex/{flex_2.6.0.bb => flex_2.6.4.bb} (90%)
diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb
b/meta/recipes-devtools/flex/flex_2.6.4.bb
similarity index 90%
rename from meta/recipes-devtools/flex/flex_2.6.0.bb
rename to meta/recipes-devtools/flex/flex_2.6.4.bb
index ab35b09..038aa37 100644
--- a/meta/recipes-devtools/flex/flex_2.6.0.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.4.bb
@@ -10,7 +10,7 @@ BBCLASSEXTEND = "native nativesdk"
LIC_FILES_CHKSUM = "file://COPYING;md5=e4742cf92e89040b39486a6219b68067"
-SRC_URI = "${SOURCEFORGE_MIRROR}/flex/flex-${PV}.tar.bz2 \
+SRC_URI = "https://github.com/westes/flex/files/981163/${PN}-${PV}.tar.gz \
file://run-ptest \
file://do_not_create_pdf_doc.patch \
file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
@@ -19,8 +19,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/flex/flex-${PV}.tar.bz2 \
${@bb.utils.contains('PTEST_ENABLED', '1', '',
'file://disable-tests.patch', d)} \
"
-SRC_URI[md5sum] = "266270f13c48ed043d95648075084d59"
-SRC_URI[sha256sum] =
"24e611ef5a4703a191012f80c1027dc9d12555183ce0ecd46f3636e587e9b8e9"
+SRC_URI[md5sum] = "2882e3179748cc9f9c23ec593d6adc8d"
+SRC_URI[sha256sum] =
"e87aae032bf07c26f85ac0ed3250998c37621d95f8bd748b31f15b33c45ee995"
# Flex has moved to github from 2.6.1 onwards
UPSTREAM_CHECK_URI = "https://github.com/westes/flex/releases";
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
--
=
株式会社富士通コンピュータテクノロジーズ
組込みシステム技術統括部 第一ファームウェア技術部
樊 昕 Fan Xin
fan@jp.fujitsu.com
┏┓
┗■ 【ubinux V15】のリリースを開始しました!
「SDN(Open vSwitch)」や「クラウド管理(OpenStack Heat)」などに対応
-
詳細>>http://elsc.utsfd.cs.fujitsu.co.jp/location_elsc.php?id=0024
※"ubinux"は組込み装置向け当社独自のLinuxディストリビューションです
━━━
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] gnutls: Upgrade to 3.5.13
1. Upgrade gnutls from 3.5.9 to 3.5.13
2. Rebase the following patch file.
use-pkg-config-to-locate-zlib.patch
Signed-off-by: Fan Xin
---
.../gnutls/use-pkg-config-to-locate-zlib.patch | 28 ++
.../gnutls/{gnutls_3.5.9.bb => gnutls_3.5.13.bb} | 4 ++--
2 files changed, 20 insertions(+), 12 deletions(-)
rename meta/recipes-support/gnutls/{gnutls_3.5.9.bb => gnutls_3.5.13.bb} (66%)
diff --git
a/meta/recipes-support/gnutls/gnutls/use-pkg-config-to-locate-zlib.patch
b/meta/recipes-support/gnutls/gnutls/use-pkg-config-to-locate-zlib.patch
index 0e1b7c8..ae141a5 100644
--- a/meta/recipes-support/gnutls/gnutls/use-pkg-config-to-locate-zlib.patch
+++ b/meta/recipes-support/gnutls/gnutls/use-pkg-config-to-locate-zlib.patch
@@ -1,7 +1,9 @@
-From cee80af1fe93f5b76765afeebfcc3b902768f5d6 Mon Sep 17 00:00:00 2001
-From: Andre McCurdy
-Date: Tue, 26 May 2015 21:41:24 -0700
-Subject: [PATCH] use pkg-config to locate zlib
+From 18081068a97c00015aabc5fa321664951458ea0d Mon Sep 17 00:00:00 2001
+From: Fan Xin
+Date: Fri, 9 Jun 2017 15:20:31 +0900
+Subject: [PATCH] From cee80af1fe93f5b76765afeebfcc3b902768f5d6 Mon Sep 17
+ 00:00:00 2001 From: Andre McCurdy Date: Tue, 26 May
+ 2015 21:41:24 -0700 Subject: [PATCH] use pkg-config to locate zlib
AC_LIB_HAVE_LINKFLAGS can sometimes find host libs and is therefore not
robust when cross-compiling. Remove it for zlib and use PKG_CHECK_MODULES
@@ -18,15 +20,19 @@ Change based on ChromeOS gnutls 2.12.23 cross-compile fixes
patch:
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Andre McCurdy
+
+Rebase on gnutls 3.5.13
+
+Signed-off-by: Fan Xin
---
- configure.ac | 24 ++--
- 1 file changed, 10 insertions(+), 14 deletions(-)
+ configure.ac | 25 +
+ 1 file changed, 9 insertions(+), 16 deletions(-)
diff --git a/configure.ac b/configure.ac
-index 1b561d5..0c787dc 100644
+index c65268e..f6a18aa 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -508,25 +508,21 @@ AC_ARG_WITH(zlib, AS_HELP_STRING([--without-zlib],
+@@ -735,28 +735,21 @@ AC_ARG_WITH(zlib, AS_HELP_STRING([--without-zlib],
AC_MSG_CHECKING([whether to include zlib compression support])
if test x$ac_zlib != xno; then
AC_MSG_RESULT(yes)
@@ -49,6 +55,7 @@ index 1b561d5..0c787dc 100644
-else
- GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
-fi
+-LIBZ_PC=""
+ PKG_CHECK_MODULES(ZLIB, zlib)
+ HAVE_LIBZ=yes
+ AC_DEFINE([HAVE_LIBZ], [1], [zlib is enabled])
@@ -57,11 +64,12 @@ index 1b561d5..0c787dc 100644
+ AC_SUBST(LTLIBZ)
+ if test "x$GNUTLS_REQUIRES_PRIVATE" = x; then
+GNUTLS_REQUIRES_PRIVATE="Requires.private: zlib"
-+ else
+ else
+-LIBZ_PC=$LIBZ
+GNUTLS_REQUIRES_PRIVATE="$GNUTLS_REQUIRES_PRIVATE, zlib"
fi
fi
- AC_SUBST(GNUTLS_REQUIRES_PRIVATE)
+ AC_SUBST(LIBZ_PC)
--
1.9.1
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.9.bb
b/meta/recipes-support/gnutls/gnutls_3.5.13.bb
similarity index 66%
rename from meta/recipes-support/gnutls/gnutls_3.5.9.bb
rename to meta/recipes-support/gnutls/gnutls_3.5.13.bb
index 92e58b1..1115500 100644
--- a/meta/recipes-support/gnutls/gnutls_3.5.9.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.5.13.bb
@@ -5,7 +5,7 @@ SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
file://use-pkg-config-to-locate-zlib.patch \
file://arm_eabi.patch \
"
-SRC_URI[md5sum] = "0ab25eb6a1509345dd085bc21a387951"
-SRC_URI[sha256sum] =
"82b10f0c4ef18f4e64ad8cef5dbaf14be732f5095a41cf366b4ecb4050382951"
+SRC_URI[md5sum] = "4fd41ad86572933c2379b4cc321a0959"
+SRC_URI[sha256sum] =
"79f5480ad198dad5bc78e075f4a40c4a315a1b2072666919d2d05a08aec13096"
BBCLASSEXTEND = "native nativesdk"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] file: 5.30 -> 5.31
1. Upgrade file from 5.30 to 5.31
2. Rebase the following patch file.
debian-742262.patch
Signed-off-by: Fan Xin
---
meta/recipes-devtools/file/file/debian-742262.patch | 17 ++---
.../file/{file_5.30.bb => file_5.31.bb} | 2 +-
2 files changed, 15 insertions(+), 4 deletions(-)
rename meta/recipes-devtools/file/{file_5.30.bb => file_5.31.bb} (96%)
diff --git a/meta/recipes-devtools/file/file/debian-742262.patch
b/meta/recipes-devtools/file/file/debian-742262.patch
index 1ef485e..d31ac59 100644
--- a/meta/recipes-devtools/file/file/debian-742262.patch
+++ b/meta/recipes-devtools/file/file/debian-742262.patch
@@ -1,19 +1,30 @@
-The awk pattern was checked *before* the Perl pattern, so the perl
-script with BEGIN{...} would be reported as awk, this patch fixes it.
+The awk pattern was checked *before* the Perl pattern, so the
+perl script with BEGIN{...} would be reported as awk, this patch fixes it.
Upstream-Status: Backport [debian]
Signed-off-by: Christoph Biedl
Signed-off-by: Robert Yang
+
+Rebase on 5.31
+
+Signed-off-by: Fan Xin
---
+ magic/Magdir/commands | 1 +
+ 1 file changed, 1 insertion(+)
+
diff --git a/magic/Magdir/commands b/magic/Magdir/commands
+index 1a46efd..255c04b 100644
--- a/magic/Magdir/commands
+++ b/magic/Magdir/commands
@@ -57,6 +57,7 @@
0 string/wt #!\ /usr/bin/awkawk script text executable
!:mimetext/x-awk
- 0 regex/4096 =^\\s{0,100}BEGIN\\s{0,100}[{] awk or perl script text
+ 0 regex/4096 =^[A-Za-z0-9_]{0,100}BEGIN[A-Za-z0-9_]{0,100}[{]
awk or perl script text
+!:strength - 12
# AT&T Bell Labs' Plan 9 shell
0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable
+--
+1.9.1
+
diff --git a/meta/recipes-devtools/file/file_5.30.bb
b/meta/recipes-devtools/file/file_5.31.bb
similarity index 96%
rename from meta/recipes-devtools/file/file_5.30.bb
rename to meta/recipes-devtools/file/file_5.31.bb
index 0998fcf..1b1f502 100644
--- a/meta/recipes-devtools/file/file_5.30.bb
+++ b/meta/recipes-devtools/file/file_5.31.bb
@@ -19,7 +19,7 @@ SRC_URI = "git://github.com/file/file.git \
file://0001-Add-P-prompt-into-Usage-info.patch \
"
-SRCREV = "79814950aafb81ecd6a910c2a8a3b8ec12f3e4a6"
+SRCREV = "70c5f15060c7ad81150177de83a3e64500a54c9f"
S = "${WORKDIR}/git"
inherit autotools
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libpcre2: 10.22 -> 10.23
1. Upgrade libpcre2 from 10.22 to 10.23
2. Update the checksum of LIC_FILES_CHKSUM
The copyright time of LICENCE is updated to 2017, the content of LICENCE has
no change.
Signed-off-by: Fan Xin
---
.../libpcre/{libpcre2_10.22.bb => libpcre2_10.23.bb}| 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-support/libpcre/{libpcre2_10.22.bb => libpcre2_10.23.bb}
(89%)
diff --git a/meta/recipes-support/libpcre/libpcre2_10.22.bb
b/meta/recipes-support/libpcre/libpcre2_10.23.bb
similarity index 89%
rename from meta/recipes-support/libpcre/libpcre2_10.22.bb
rename to meta/recipes-support/libpcre/libpcre2_10.23.bb
index 1e00ed5..17d397e 100644
--- a/meta/recipes-support/libpcre/libpcre2_10.22.bb
+++ b/meta/recipes-support/libpcre/libpcre2_10.23.bb
@@ -8,14 +8,14 @@ SUMMARY = "Perl Compatible Regular Expressions version 2"
HOMEPAGE = "http://www.pcre.org";
SECTION = "devel"
LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=ab9633efd38d6f799398df2c248b5aec"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=3de34df49e1fe3c3b59a08dff214488b"
SRC_URI = "https://ftp.pcre.org/pub/pcre/pcre2-${PV}.tar.bz2 \
file://pcre-cross.patch \
"
-SRC_URI[md5sum] = "c0c02517938ee2b0d350d53edf450664"
-SRC_URI[sha256sum] =
"b2b44619f4ac6c50ad74c2865fd56807571392496fae1c9ad7a70993d018f416"
+SRC_URI[md5sum] = "b2cd00ca7e24049040099b0a46bb3649"
+SRC_URI[sha256sum] =
"dfc79b918771f02d33968bd34a749ad7487fa1014aeb787fad29dd392b78c56e"
S = "${WORKDIR}/pcre2-${PV}"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libsndfile1: Fix CVE-2017-6892
Backport upstream patch to fix CVE-2017-6892.
CVE: CVE-2017-6892
Signed-off-by: Fan Xin
---
.../libsndfile/libsndfile1/CVE-2017-6892.patch | 34 ++
.../libsndfile/libsndfile1_1.0.28.bb | 4 ++-
2 files changed, 37 insertions(+), 1 deletion(-)
create mode 100644
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
new file mode 100644
index 000..89552ac
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-6892.patch
@@ -0,0 +1,34 @@
+From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo
+Date: Tue, 23 May 2017 20:15:24 +1000
+Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
+
+Secunia Advisory SA76717.
+
+Found by: Laurent Delosieres, Secunia Research at Flexera Software
+
+CVE: CVE-2017-6892
+Upstream-Status: Backport
+
+Signed-off-by: Fan Xin
+
+---
+ src/aiff.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/aiff.c b/src/aiff.c
+index 5b5f9f5..45864b7 100644
+--- a/src/aiff.c
b/src/aiff.c
+@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
+ psf_binheader_readf (psf, "j", dword - bytesread) ;
+
+ if (map_info->channel_map != NULL)
+- { size_t chanmap_size = psf->sf.channels * sizeof
(psf->channel_map [0]) ;
++ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag &
0x) * sizeof (psf->channel_map [0]) ;
+
+ free (psf->channel_map) ;
+
+--
+1.9.1
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 248b292..6f242cfa 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -5,7 +5,9 @@ DEPENDS = "flac libogg libvorbis sqlite3"
SECTION = "libs/multimedia"
LICENSE = "LGPLv2.1"
-SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz";
+SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
+ file://CVE-2017-6892.patch \
+ "
SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
SRC_URI[sha256sum] =
"1ff33929f042fa333aed1e8923aa628c3ee9e1eb85512686c55092d1e5a9dfa9"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libcroco: Upgrade 0.6.11 -> 0.6.12
Signed-off-by: Fan Xin
---
.../libcroco/{libcroco_0.6.11.bb => libcroco_0.6.12.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/libcroco/{libcroco_0.6.11.bb =>
libcroco_0.6.12.bb} (81%)
diff --git a/meta/recipes-support/libcroco/libcroco_0.6.11.bb
b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
similarity index 81%
rename from meta/recipes-support/libcroco/libcroco_0.6.11.bb
rename to meta/recipes-support/libcroco/libcroco_0.6.12.bb
index 9df7923..b0af759 100644
--- a/meta/recipes-support/libcroco/libcroco_0.6.11.bb
+++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
@@ -16,5 +16,5 @@ BINCONFIG = "${bindir}/croco-0.6-config"
inherit autotools pkgconfig gnomebase gtk-doc binconfig-disabled
-SRC_URI[archive.md5sum] = "dabc1911dfbfa85f8e6859ca47863168"
-SRC_URI[archive.sha256sum] =
"132b528a948586b0dfa05d7e9e059901bca5a3be675b6071a90a90b81ae5a056"
+SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce"
+SRC_URI[archive.sha256sum] =
"ddc4b5546c9fb4280a5017e2707fbd4839034ed1aba5b7d4372212f34f84f860"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] libinput: 1.6.1 -> 1.7.3
Signed-off-by: Fan Xin
---
.../recipes-graphics/wayland/{libinput_1.6.1.bb => libinput_1.7.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-graphics/wayland/{libinput_1.6.1.bb => libinput_1.7.3.bb}
(85%)
diff --git a/meta/recipes-graphics/wayland/libinput_1.6.1.bb
b/meta/recipes-graphics/wayland/libinput_1.7.3.bb
similarity index 85%
rename from meta/recipes-graphics/wayland/libinput_1.6.1.bb
rename to meta/recipes-graphics/wayland/libinput_1.7.3.bb
index c8714f2..6194fba 100644
--- a/meta/recipes-graphics/wayland/libinput_1.6.1.bb
+++ b/meta/recipes-graphics/wayland/libinput_1.7.3.bb
@@ -10,8 +10,8 @@ DEPENDS = "libevdev udev mtdev"
SRC_URI = "http://www.freedesktop.org/software/${BPN}/${BP}.tar.xz \
file://touchpad-serial-synaptics-need-to-fake-new-touches-on-TRIPLETAP.patch \
"
-SRC_URI[md5sum] = "7e282344f8ed7ec5cf87ca9fc22674fb"
-SRC_URI[sha256sum] =
"9d816f13eee63bcca0e9c3bb652c52ab55f39be4d1b90b54e4bfd1dc92ef55a8"
+SRC_URI[md5sum] = "f2993b477db8d7ec0e785ce04ffecb03"
+SRC_URI[sha256sum] =
"096d612d2711f0caa2de544976ff3729e6233511ab373808644cc2dd5affcb1d"
inherit autotools pkgconfig
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] apr: 1.5.2 -> 1.6.2
Update apr from 1.5.2 to 1.6.2
Signed-off-by: Fan Xin
---
meta/recipes-support/apr/{apr_1.5.2.bb => apr_1.6.2.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/apr/{apr_1.5.2.bb => apr_1.6.2.bb} (96%)
diff --git a/meta/recipes-support/apr/apr_1.5.2.bb
b/meta/recipes-support/apr/apr_1.6.2.bb
similarity index 96%
rename from meta/recipes-support/apr/apr_1.5.2.bb
rename to meta/recipes-support/apr/apr_1.6.2.bb
index 992b561..e2eed53 100644
--- a/meta/recipes-support/apr/apr_1.5.2.bb
+++ b/meta/recipes-support/apr/apr_1.6.2.bb
@@ -21,8 +21,8 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.bz2 \
file://0002-explicitly-link-libapr-against-phtread-to-make-gold-.patch \
"
-SRC_URI[md5sum] = "4e9769f3349fe11fc0a5e1b224c236aa"
-SRC_URI[sha256sum] =
"7d03ed29c22a7152be45b8e50431063736df9e1daa1ddf93f6a547ba7a28f67a"
+SRC_URI[md5sum] = "e81a851967c79b5ce9bfbc909e4bf735"
+SRC_URI[sha256sum] =
"09109cea377bab0028bba19a92b5b0e89603df9eab05c0f7dbd4dd83d48dcebd"
inherit autotools-brokensep lib_package binconfig multilib_header ptest
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] cups: Add HOMEPAGE info into recipe file.
Signed-off-by: Fan Xin --- meta/recipes-extended/cups/cups.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index 38d90b5..ac4d225 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -1,4 +1,5 @@ SUMMARY = "An Internet printing system for Unix" +HOMEPAGE = "https://www.cups.org/"; SECTION = "console/utils" LICENSE = "GPLv2 & LGPLv2" DEPENDS = "gnutls libpng jpeg dbus dbus-glib zlib libusb" -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] readline: Add HOMEPAGE info into recipe file.
Signed-off-by: Fan Xin --- meta/recipes-core/readline/readline.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-core/readline/readline.inc b/meta/recipes-core/readline/readline.inc index 1a0a155..e966522 100644 --- a/meta/recipes-core/readline/readline.inc +++ b/meta/recipes-core/readline/readline.inc @@ -4,6 +4,7 @@ command lines as they are typed in. Both Emacs and vi editing modes are availabl additional functions to maintain a list of previously-entered command lines, to recall and perhaps reedit those \ lines, and perform csh-like history expansion on previous commands." SECTION = "libs" +HOMEPAGE = "https://cnswww.cns.cwru.edu/php/chet/readline/rltop.html"; # GPLv2+ (< 6.0), GPLv3+ (>= 6.0) LICENSE = "GPLv3+" -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] perf: Add HOMEPAGE info into recipe file.
Signed-off-by: Fan Xin --- meta/recipes-kernel/perf/perf.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-kernel/perf/perf.bb b/meta/recipes-kernel/perf/perf.bb index b882204..b79b973 100644 --- a/meta/recipes-kernel/perf/perf.bb +++ b/meta/recipes-kernel/perf/perf.bb @@ -5,6 +5,7 @@ performance analysis. It covers hardware level \ (CPU/PMU, Performance Monitoring Unit) features \ and software features (software counters, tracepoints) \ as well." +HOMEPAGE = "https://perf.wiki.kernel.org/index.php/Main_Page"; LICENSE = "GPLv2" -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] gconf: Add HOMEPAGE info into recipe file.
Signed-off-by: Fan Xin --- meta/recipes-gnome/gnome/gconf_3.2.6.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-gnome/gnome/gconf_3.2.6.bb b/meta/recipes-gnome/gnome/gconf_3.2.6.bb index f4405fe..92fd12c 100644 --- a/meta/recipes-gnome/gnome/gconf_3.2.6.bb +++ b/meta/recipes-gnome/gnome/gconf_3.2.6.bb @@ -1,5 +1,6 @@ SUMMARY = "GNOME configuration system" SECTION = "x11/gnome" +HOMEPAGE = "https://projects.gnome.org/gconf/"; LICENSE = "LGPLv2+" LIC_FILES_CHKSUM = "file://COPYING;md5=55ca817ccb7d5b5b66355690e9abc605" -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] systemtap: Add HOMEPAGE info into recipe file.
Signed-off-by: Fan Xin --- meta/recipes-kernel/systemtap/systemtap_git.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-kernel/systemtap/systemtap_git.bb b/meta/recipes-kernel/systemtap/systemtap_git.bb index b3fd973..475b207 100644 --- a/meta/recipes-kernel/systemtap/systemtap_git.bb +++ b/meta/recipes-kernel/systemtap/systemtap_git.bb @@ -1,4 +1,5 @@ SUMMARY = "Script-directed dynamic tracing and performance analysis tool for Linux" +HOMEPAGE = "https://sourceware.org/systemtap/"; require systemtap_git.inc -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] dbus: 1.10.20 -> 1.10.22
Upgrade dbus from 1.10.20 to 1.10.22
Signed-off-by: fan@jp.fujitsu.com
---
meta/recipes-core/dbus/dbus_1.10.20.bb | 180 -
meta/recipes-core/dbus/dbus_1.10.22.bb | 180 +
2 files changed, 180 insertions(+), 180 deletions(-)
delete mode 100644 meta/recipes-core/dbus/dbus_1.10.20.bb
create mode 100644 meta/recipes-core/dbus/dbus_1.10.22.bb
diff --git a/meta/recipes-core/dbus/dbus_1.10.20.bb
b/meta/recipes-core/dbus/dbus_1.10.20.bb
deleted file mode 100644
index 9ddedc1..000
--- a/meta/recipes-core/dbus/dbus_1.10.20.bb
+++ /dev/null
@@ -1,180 +0,0 @@
-SUMMARY = "D-Bus message bus"
-DESCRIPTION = "D-Bus is a message bus system, a simple way for applications to
talk to one another. In addition to interprocess communication, D-Bus helps
coordinate process lifecycle; it makes it simple and reliable to code a
\"single instance\" application or daemon, and to launch applications and
daemons on demand when their services are needed."
-HOMEPAGE = "http://dbus.freedesktop.org";
-SECTION = "base"
-LICENSE = "AFL-2 | GPLv2+"
-LIC_FILES_CHKSUM = "file://COPYING;md5=10dded3b58148f3f1fd804b26354af3e \
-
file://dbus/dbus.h;beginline=6;endline=20;md5=7755c9d7abccd5dbd25a6a974538bb3c"
-DEPENDS = "expat virtual/libintl"
-RDEPENDS_dbus_class-native = ""
-RDEPENDS_dbus_class-nativesdk = ""
-PACKAGES += "${@bb.utils.contains('DISTRO_FEATURES', 'ptest', '${PN}-ptest',
'', d)}"
-ALLOW_EMPTY_dbus-ptest = "1"
-RDEPENDS_dbus-ptest_class-target = "dbus-test-ptest"
-
-SRC_URI = "http://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.gz \
- file://tmpdir.patch \
- file://dbus-1.init \
- file://os-test.patch \
- file://clear-guid_from_server-if-send_negotiate_unix_f.patch \
- file://0001-configure.ac-explicitely-check-stdint.h.patch \
-"
-
-SRC_URI[md5sum] = "94c991e763d4f9f13690416b2dcd9411"
-SRC_URI[sha256sum] =
"e574b9780b5425fde4d973bb596e7ea0f09e00fe2edd662da9016e976c460b48"
-
-inherit useradd autotools pkgconfig gettext update-rc.d
upstream-version-is-even
-
-INITSCRIPT_NAME = "dbus-1"
-INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ."
-
-python __anonymous() {
-if not bb.utils.contains('DISTRO_FEATURES', 'sysvinit', True, False, d):
-d.setVar("INHIBIT_UPDATERCD_BBCLASS", "1")
-}
-
-USERADD_PACKAGES = "${PN}"
-GROUPADD_PARAM_${PN} = "-r netdev"
-USERADD_PARAM_${PN} = "--system --home ${localstatedir}/lib/dbus \
- --no-create-home --shell /bin/false \
- --user-group messagebus"
-
-CONFFILES_${PN} = "${sysconfdir}/dbus-1/system.conf
${sysconfdir}/dbus-1/session.conf"
-
-DEBIANNAME_${PN} = "dbus-1"
-
-PACKAGES =+ "${PN}-lib"
-
-OLDPKGNAME = "dbus-x11"
-OLDPKGNAME_class-nativesdk = ""
-
-# for compatibility
-RPROVIDES_${PN} = "${OLDPKGNAME}"
-RREPLACES_${PN} += "${OLDPKGNAME}"
-
-FILES_${PN} = "${bindir}/dbus-daemon* \
- ${bindir}/dbus-uuidgen \
- ${bindir}/dbus-cleanup-sockets \
- ${bindir}/dbus-send \
- ${bindir}/dbus-monitor \
- ${bindir}/dbus-launch \
- ${bindir}/dbus-run-session \
- ${bindir}/dbus-update-activation-environment \
- ${libexecdir}/dbus* \
- ${sysconfdir} \
- ${localstatedir} \
- ${datadir}/dbus-1/services \
- ${datadir}/dbus-1/system-services \
- ${datadir}/dbus-1/session.d \
- ${datadir}/dbus-1/session.conf \
- ${datadir}/dbus-1/system.d \
- ${datadir}/dbus-1/system.conf \
- ${systemd_system_unitdir} \
- ${systemd_user_unitdir} \
-"
-FILES_${PN}-lib = "${libdir}/lib*.so.*"
-RRECOMMENDS_${PN}-lib = "${PN}"
-FILES_${PN}-dev += "${libdir}/dbus-1.0/include ${bindir}/dbus-test-tool"
-
-PACKAGE_WRITE_DEPS += "${@bb.utils.contains('DISTRO_FEATURES','systemd
sysvinit','systemd-systemctl-native','',d)}"
-pkg_postinst_dbus() {
- # If both systemd and sysvinit are enabled, mask the dbus-1 init script
-if ${@bb.utils.contains('DISTRO_FEATURES','systemd
sysvinit','true','false',d)}; then
- if [ -n "$D" ]; then
- OPTS="--root=$D"
- fi
- systemctl $OPTS mask dbus-1.service
- fi
-
- if [ -z "$D" ] && [ -e /etc/init.d/populate-volatile.sh ] ; then
- /etc/init.d/populate-volatile.sh update
- fi
-}
-
-EXTRA_OECONF = "--disable-tests \
---disable-xml-docs \
---disable-doxygen-docs \
---disable-libaudit \
---enable-largefile \
-"
-
-EXTRA_OECONF_append_class-target = " SYSTEMCTL=${base_bindir}/systemctl"
-EXTRA_OECONF_append_class-native = " --disable-selinux"
-
-PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'systemd x11', d)}"
-PACKAGECONFIG_class-native = ""
-PACKAGECONFIG_c
[OE-core] [PATCH] curl: update to 7.56.1
1. Update the md5sum and sha256sum for curl 7.56.1
2. Delete the following patchs which have been applied in curl 7.56.1
CVE-2017-199.patch
CVE-2017-1000100.patch
CVE-2017-1000101.patch
3. Delete the do_install_append() due to the curl/curlbuild.h have been removed.
Signed-off-by: Fan Xin
---
.../curl/curl/CVE-2017-199.patch | 41 -
.../curl/curl/CVE-2017-1000100.patch | 51 ---
.../curl/curl/CVE-2017-1000101.patch | 99 --
.../curl/{curl_7.54.1.bb => curl_7.56.1.bb}| 11 +--
4 files changed, 2 insertions(+), 200 deletions(-)
delete mode 100644 meta/recipes-support/curl/curl/CVE-2017-199.patch
delete mode 100644 meta/recipes-support/curl/curl/CVE-2017-1000100.patch
delete mode 100644 meta/recipes-support/curl/curl/CVE-2017-1000101.patch
rename meta/recipes-support/curl/{curl_7.54.1.bb => curl_7.56.1.bb} (89%)
diff --git a/meta/recipes-support/curl/curl/CVE-2017-199.patch
b/meta/recipes-support/curl/curl/CVE-2017-199.patch
deleted file mode 100644
index 96ff1b0..000
--- a/meta/recipes-support/curl/curl/CVE-2017-199.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From c9332fa5e84f24da300b42b1a931ade929d3e27d Mon Sep 17 00:00:00 2001
-From: Even Rouault
-Date: Tue, 1 Aug 2017 17:17:06 +0200
-Subject: [PATCH] file: output the correct buffer to the user
-
-Regression brought by 7c312f84ea930d8 (April 2017)
-
-CVE: CVE-2017-199
-
-Bug: https://curl.haxx.se/docs/adv_20170809C.html
-
-Credit to OSS-Fuzz for the discovery
-
-Upstream-Status: Backport
-https://github.com/curl/curl/commit/c9332fa5e84f24da300b42b1a931ade929d3e27d
-
-Signed-off-by: Wenzong Fan
- lib/file.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/file.c b/lib/file.c
-index bd426eac2..666cbe75b 100644
a/lib/file.c
-+++ b/lib/file.c
-@@ -499,11 +499,11 @@ static CURLcode file_do(struct connectdata *conn, bool
*done)
- Curl_month[tm->tm_mon],
- tm->tm_year + 1900,
- tm->tm_hour,
- tm->tm_min,
- tm->tm_sec);
--result = Curl_client_write(conn, CLIENTWRITE_BOTH, buf, 0);
-+result = Curl_client_write(conn, CLIENTWRITE_BOTH, header, 0);
- if(!result)
- /* set the file size to make it available post transfer */
- Curl_pgrsSetDownloadSize(data, expected_size);
- return result;
- }
---
-2.13.3
-
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000100.patch
b/meta/recipes-support/curl/curl/CVE-2017-1000100.patch
deleted file mode 100644
index f74f1dd..000
--- a/meta/recipes-support/curl/curl/CVE-2017-1000100.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 358b2b131ad6c095696f20dcfa62b8305263f898 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg
-Date: Tue, 1 Aug 2017 17:16:46 +0200
-Subject: [PATCH] tftp: reject file name lengths that don't fit
-
-... and thereby avoid telling send() to send off more bytes than the
-size of the buffer!
-
-CVE: CVE-2017-1000100
-
-Bug: https://curl.haxx.se/docs/adv_20170809B.html
-Reported-by: Even Rouault
-
-Credit to OSS-Fuzz for the discovery
-
-Upstream-Status: Backport
-https://github.com/curl/curl/commit/358b2b131ad6c095696f20dcfa62b8305263f898
-
-Signed-off-by: Wenzong Fan
- lib/tftp.c |7 ++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/lib/tftp.c b/lib/tftp.c
-index 02bd842..f6f4bce 100644
a/lib/tftp.c
-+++ b/lib/tftp.c
-@@ -5,7 +5,7 @@
- *| (__| |_| | _ <| |___
- * \___|\___/|_| \_\_|
- *
-- * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al.
-+ * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al.
- *
- * This software is licensed as described in the file COPYING, which
- * you should have received as part of this distribution. The terms
-@@ -491,6 +491,11 @@ static CURLcode tftp_send_first(tftp_state_data_t *state,
tftp_event_t event)
- if(result)
- return result;
-
-+if(strlen(filename) > (state->blksize - strlen(mode) - 4)) {
-+ failf(data, "TFTP file name too long\n");
-+ return CURLE_TFTP_ILLEGAL; /* too long file name field */
-+}
-+
- snprintf((char *)state->spacket.data+2,
- state->blksize,
- "%s%c%s%c", filename, '\0', mode, '\0');
---
-1.7.9.5
-
diff --git a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
b/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
deleted file mode 100644
index c300fff..000
--- a/meta/recipes-support/curl/curl/CVE-2017-1000101.patch
+++ /dev/null
@@ -1,99 +0,0 @@
-From 453e7a7a03a2cec749abd3878a48e728c515cca7 Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg
-Date: Tue, 1 Aug 2017 17:16:07 +0200
-Subject: [PATCH] glob: do not continue parsing after a strtoul() overflow
- range
-
-Added test 1289 to verify.
-
-CVE: CVE-2017-1000101
-
[OE-core] [PATCH] coreutils: upgrade to 8.28
Signed-off-by: Fan Xin
---
.../coreutils/{coreutils_8.27.bb => coreutils_8.28.bb}| 8
1 file changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-core/coreutils/{coreutils_8.27.bb => coreutils_8.28.bb}
(95%)
diff --git a/meta/recipes-core/coreutils/coreutils_8.27.bb
b/meta/recipes-core/coreutils/coreutils_8.28.bb
similarity index 95%
rename from meta/recipes-core/coreutils/coreutils_8.27.bb
rename to meta/recipes-core/coreutils/coreutils_8.28.bb
index ea8740a..0543ceb 100644
--- a/meta/recipes-core/coreutils/coreutils_8.27.bb
+++ b/meta/recipes-core/coreutils/coreutils_8.28.bb
@@ -23,10 +23,10 @@ SRC_URI =
"${GNU_MIRROR}/coreutils/${BP}.tar.xz;name=tarball \
file://0001-local.mk-fix-cross-compiling-problem.patch \
"
-SRC_URI[tarball.md5sum] = "502795792c212932365e077946d353ae"
-SRC_URI[tarball.sha256sum] =
"8891d349ee87b9ff7870f52b6d9312a9db672d2439d289bc57084771ca21656b"
-SRC_URI[manpages.md5sum] = "1b31a688d06764e0e94aa20b7ea08222"
-SRC_URI[manpages.sha256sum] =
"1f615819e9167646c731636b6c5ecbe79837e82a18666bacc82c3fb1dfcfaea3"
+SRC_URI[tarball.md5sum] = "e7cb20d0572cc40d9f47ede6454406d1"
+SRC_URI[tarball.sha256sum] =
"1117b1a16039ddd84d51a9923948307cfa28c2cea03d1a2438742253df0a0c65"
+SRC_URI[manpages.md5sum] = "3a7c626aad1c9077f254e5c2553a2f60"
+SRC_URI[manpages.sha256sum] =
"d72c3fa79ae328a4fd1107102e8946755aa2e908044e1efcf1e71ef206dca042"
EXTRA_OECONF_class-native = "--without-gmp"
EXTRA_OECONF_class-target = "--enable-install-program=arch
--libexecdir=${libdir}"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] curl: upgrade to 7.53.1
Signed-off-by: Fan Xin
---
meta/recipes-support/curl/{curl_7.53.0.bb => curl_7.53.1.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/curl/{curl_7.53.0.bb => curl_7.53.1.bb} (94%)
diff --git a/meta/recipes-support/curl/curl_7.53.0.bb
b/meta/recipes-support/curl/curl_7.53.1.bb
similarity index 94%
rename from meta/recipes-support/curl/curl_7.53.0.bb
rename to meta/recipes-support/curl/curl_7.53.1.bb
index a4cca15..bc78ffb 100644
--- a/meta/recipes-support/curl/curl_7.53.0.bb
+++ b/meta/recipes-support/curl/curl_7.53.1.bb
@@ -14,8 +14,8 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
#
SRC_URI += " file://configure_ac.patch"
-SRC_URI[md5sum] = "ede199c63b84df39f42da9da68de85c5"
-SRC_URI[sha256sum] =
"b2345a8bef87b4c229dedf637cb203b5e21db05e20277c8e1094f0d4da180801"
+SRC_URI[md5sum] = "fb1f03a142236840c1a77c035fa4c542"
+SRC_URI[sha256sum] =
"1c7207c06d75e9136a944a2e0528337ce76f15b9ec9ae4bb30d703b59bf530e8"
CVE_PRODUCT = "libcurl"
inherit autotools pkgconfig binconfig multilib_header
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] grep: upgrade to 3.0
Signed-off-by: Fan Xin
---
meta/recipes-extended/grep/{grep_2.27.bb => grep_3.0.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/grep/{grep_2.27.bb => grep_3.0.bb} (88%)
diff --git a/meta/recipes-extended/grep/grep_2.27.bb
b/meta/recipes-extended/grep/grep_3.0.bb
similarity index 88%
rename from meta/recipes-extended/grep/grep_2.27.bb
rename to meta/recipes-extended/grep/grep_3.0.bb
index a4d7a45..6146ef0 100644
--- a/meta/recipes-extended/grep/grep_2.27.bb
+++ b/meta/recipes-extended/grep/grep_3.0.bb
@@ -9,8 +9,8 @@ SRC_URI = "${GNU_MIRROR}/grep/grep-${PV}.tar.xz \
file://0001-Unset-need_charset_alias-when-building-for-musl.patch \
"
-SRC_URI[md5sum] = "6138dd227c39d4a25f81eea76a44d4cb"
-SRC_URI[sha256sum] =
"ad4cc44d23074a1c3a8baae8fbafff2a8c60f38a9a6108f985eef6fbee6dcaeb"
+SRC_URI[md5sum] = "fa07c1616adeb9c3262be5177d10ad4a"
+SRC_URI[sha256sum] =
"e2c81db5056e3e8c5995f0bb5d0d0e1cad1f6f45c3b2fc77b6e81435aed48ab5"
inherit autotools gettext texinfo pkgconfig
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
