Re: [OE-core] [PATCH 00/25] Dizzy next for .3
On Fri, 2015-07-24 at 22:28 -0700, akuster808 wrote: On 07/24/2015 12:34 AM, Richard Purdie wrote: On Sat, 2015-07-18 at 08:16 -0700, Armin Kuster wrote: We therefore need to decide whether to backport the gcc5 host fixes back to 1.7.3 or whether we have to disable autobuilders in order to be able to build it... I found the answer on https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance The primary focus for stable branches is bugfixing, security updates, and making sure that builds on recently released Ubuntu, Fedora, and OpenSUSE distros work so we should back port the gcc5 host fixes. Is that something I need to ? If we choose to do it (the above says its within policy) then someone needs to. It would certainly make life easier on the autobuilder. I've attempted the low hanging fruit with the patches in: http://git.yoctoproject.org/cgit.cgi/poky/log/?h=dizzy-next which get ncurses-native, cross-localedef-native and binutils-native working at least... Cheers, Richard -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 00/25] Dizzy next for .3
On Sat, 2015-07-18 at 08:16 -0700, Armin Kuster wrote: Please consider these for the 1.7.3 release The following changes since commit 5f0d25152bac2d3798663a4ebfdd2df24060f153: openssl: upgrade to 1.0.1p (2015-07-15 15:25:43 +0100) are available in the git repository at: git://git.yoctoproject.org/poky-contrib akuster/dizzy-next http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy-nex We ran dizzy through the autobuilder as we have an opportunity to roll a 1.7.3 release soon. The result was: https://autobuilder.yoctoproject.org/main/tgrid or more specifically: http://errors.yoctoproject.org/Errors/Search/?items=10query=1b492dfcdd692fe9440a1711812a1bb60ac741e5 which looks to me to largely be gcc5 issues on the host, particularly Fedora22. There was also a bug occurred in build-appliance which has been resolved in master/fido. We therefore need to decide whether to backport the gcc5 host fixes back to 1.7.3 or whether we have to disable autobuilders in order to be able to build it... Cheers, Richard -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 00/25] Dizzy next for .3
On 07/24/2015 12:34 AM, Richard Purdie wrote: On Sat, 2015-07-18 at 08:16 -0700, Armin Kuster wrote: Please consider these for the 1.7.3 release The following changes since commit 5f0d25152bac2d3798663a4ebfdd2df24060f153: openssl: upgrade to 1.0.1p (2015-07-15 15:25:43 +0100) are available in the git repository at: git://git.yoctoproject.org/poky-contrib akuster/dizzy-next http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy-nex We ran dizzy through the autobuilder as we have an opportunity to roll a 1.7.3 release soon. The result was: https://autobuilder.yoctoproject.org/main/tgrid or more specifically: http://errors.yoctoproject.org/Errors/Search/?items=10query=1b492dfcdd692fe9440a1711812a1bb60ac741e5 which looks to me to largely be gcc5 issues on the host, particularly Fedora22. There was also a bug occurred in build-appliance which has been resolved in master/fido. We therefore need to decide whether to backport the gcc5 host fixes back to 1.7.3 or whether we have to disable autobuilders in order to be able to build it... I found the answer on https://wiki.yoctoproject.org/wiki/Stable_branch_maintenance The primary focus for stable branches is bugfixing, security updates, and making sure that builds on recently released Ubuntu, Fedora, and OpenSUSE distros work so we should back port the gcc5 host fixes. Is that something I need to ? thanks for asking, Kind regards and Mahalo, Armin Cheers, Richard -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 00/25] Dizzy next for .3
Please consider these for the 1.7.3 release The following changes since commit 5f0d25152bac2d3798663a4ebfdd2df24060f153: openssl: upgrade to 1.0.1p (2015-07-15 15:25:43 +0100) are available in the git repository at: git://git.yoctoproject.org/poky-contrib akuster/dizzy-next http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/dizzy-nex Andre McCurdy (1): mesa: update --with-llvm-shared-libs configure option Armin Kuster (3): tzcode: update to 2015d tzdata: update to 2015d curl: add a few missing security fixes Cristian Iorga (1): neard: fix the install path in init scripts Haris Okanovic (1): glibc: CVE-2015-1781: resolv/nss_dns/dns-host.c buffer overflow Jonathan Liu (1): qt4: add patch for BMP denial-of-service vulnerability Jussi Kukkonen (1): dbus: CVE-2015-0245: prevent forged ActivationFailure Kai Kang (2): qemu: fix CVE-2015-3456 gpgme: fix CVE-2014-3564 Leonardo Sandoval (2): rpm: Fix CVE-2014-8118 rpm: Fix CVE-2013-6435 Martin Jansa (3): squashfs-tools: build and install unsquashfs as well e2fsprogs: install populate-extfs.sh test-dependencies.sh: strip only .bb suffix Maxin B. John (1): curl: several security fixes Ng Wei Tee (1): linux-firmware: Package Marvell pci8897 and usb8897 firmware Robert Yang (2): perf: add LIBNUMA_DEFINES license.bbclass: set dirs for do_populate_lic_setscene Roy Li (4): ppp: Security Advisory - CVE-2015-3310 unzip: Security Advisory -CVE-2014-9636 and CVE-2015-1315 unzip: fix four CVE defects unzip: drop 12-cve-2014-9636-test-compr-eb.patch Yue Tao (2): libsndfile: Security Advisory - libsndfile - CVE-2014-9496 libxml2: Security Advisory - libxml2 - CVE-2015-1819 meta/classes/license.bbclass | 2 + meta/recipes-connectivity/neard/neard.inc | 2 +- .../ppp/ppp/fix-CVE-2015-3310.patch| 29 ++ meta/recipes-connectivity/ppp/ppp_2.4.6.bb | 1 + meta/recipes-core/dbus/dbus.inc| 1 + ...015-0245-prevent-forged-ActivationFailure.patch | 48 +++ ...81-resolv-nss_dns-dns-host.c-buffer-overf.patch | 43 +++ meta/recipes-core/glibc/glibc_2.20.bb | 3 + meta/recipes-core/libxml/libxml2.inc | 1 + ...19-Enforce-the-reader-to-run-in-constant-.patch | 181 + .../recipes-devtools/e2fsprogs/e2fsprogs_1.42.9.bb | 2 + .../qemu/qemu/qemu-CVE-2015-3456.patch | 92 + meta/recipes-devtools/qemu/qemu_2.1.0.bb | 1 + .../rpm/rpm/rpm-CVE-2013-6435.patch| 109 ++ .../rpm/rpm/rpm-CVE-2014-8118.patch| 43 +++ meta/recipes-devtools/rpm/rpm_4.11.2.bb| 2 + .../squashfs-tools/squashfs-tools_4.3.bb | 3 +- .../recipes-extended/tzcode/tzcode-native_2015d.bb | 11 + meta/recipes-extended/tzdata/tzdata_2015d.bb | 6 + .../06-unzip60-alt-iconv-utf8_CVE-2015-1315.patch | 402 .../unzip/09-cve-2014-8139-crc-overflow.patch | 52 +++ .../unzip/10-cve-2014-8140-test-compr-eb.patch | 33 ++ .../unzip/11-cve-2014-8141-getzip64data.patch | 144 +++ .../unzip/unzip/unzip-6.0_overflow3.diff | 45 +++ meta/recipes-extended/unzip/unzip_6.0.bb | 8 +- meta/recipes-graphics/mesa/mesa.inc| 2 +- .../linux-firmware/linux-firmware_git.bb | 19 +- meta/recipes-kernel/perf/perf.bb | 4 +- ...src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch | 211 +++ ...c-Fix-two-potential-buffer-read-overflows.patch | 49 +++ .../libsndfile/libsndfile1_1.0.25.bb | 5 +- meta/recipes-qt/qt4/qt4-4.8.6.inc | 1 + ...ion-by-zero-when-processing-malformed-BMP.patch | 44 +++ meta/recipes-support/curl/curl/CVE-2014-3707.patch | 416 + meta/recipes-support/curl/curl/CVE-2014-8150.patch | 29 ++ meta/recipes-support/curl/curl/CVE-2015-3143.patch | 38 ++ meta/recipes-support/curl/curl/CVE-2015-3144.patch | 45 +++ meta/recipes-support/curl/curl/CVE-2015-3145.patch | 70 meta/recipes-support/curl/curl/CVE-2015-3153.patch | 90 + meta/recipes-support/curl/curl_7.37.1.bb | 6 + .../gpgme-1.4.3/gpgme-fix-CVE-2014-3564.patch | 56 +++ meta/recipes-support/gpgme/gpgme_1.4.3.bb | 4 +- scripts/test-dependencies.sh | 4 +- 43 files changed, 2345 insertions(+), 12 deletions(-) create mode 100644 meta/recipes-connectivity/ppp/ppp/fix-CVE-2015-3310.patch create mode 100644 meta/recipes-core/dbus/dbus/CVE-2015-0245-prevent-forged-ActivationFailure.patch create mode 100644 meta/recipes-core/glibc/glibc/CVE-2015-1781-resolv-nss_dns-dns-host.c-buffer-overf.patch create mode 100644 meta/recipes-core/libxml/libxml2/0001-CVE-2015-1819-Enforce-the-reader-to-run-in-constant-.patch create mode 100644 meta/recipes-devtools/qemu/qemu/qemu-CVE-2015-3456.patch create mode 100644
