Re: [OE-core] [PATCHv3 10/30] vte: Upgrade to 0.44.1

2016-06-23 Thread Mark Asselstine 
On Wednesday, June 22, 2016 9:18:10 PM EDT Burton, Ross wrote:
> On 22 June 2016 at 19:24, Andreas Müller 
> 
> wrote:
> > Could we move vte to meta-oe to avoid further world blacklisting?
> 
> This was the agreement in the other thread - Mark was going to restore the
> old version with a new PN for meta-xfce.

Jussi got to it first and has a review out for this on for meta-oe.

Mark

> 
> Ross


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCHv3 10/30] vte: Upgrade to 0.44.1

2016-06-22 Thread Burton, Ross 
On 22 June 2016 at 19:24, Andreas Müller 
wrote:

> Could we move vte to meta-oe to avoid further world blacklisting?
>

This was the agreement in the other thread - Mark was going to restore the
old version with a new PN for meta-xfce.

Ross
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCHv3 10/30] vte: Upgrade to 0.44.1

2016-06-22 Thread Andreas Müller 
On Tue, Jun 14, 2016 at 10:14 AM, Jussi Kukkonen
 wrote:
> * License change LGPL 2.0 -> LGPL 2.1+
> * vte-termcap is no more
> * API break: current version seems to be parallel installable
Could we move vte to meta-oe to avoid further world blacklisting?

Andreas
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCHv3 10/30] vte: Upgrade to 0.44.1

2016-06-16 Thread Mark Asselstine 
On 14 June 2016 at 11:14, Jussi Kukkonen  > wrote:
> 
> * License change LGPL 2.0 -> LGPL 2.1+
> * vte-termcap is no more
> * API break: current version seems to be parallel installable
>with old one, but I did not opt for that.
> * Add patch to avoid stack protection by default
> * Add SECURITY_NO_PIE_CFLAGS exception until linking failure with
>libc_nonshared.a is resolved (undefined reference to
>__init_array_start)
> 
> 
> Just found out Khem has worked around a similar problem with
> libtool-cross already: I've modified this patch so
> that SECURITY_NO_PIE_CFLAGS is no longer used, but instead libtool-cross
> is used:
> 
> +# libtool adds "-nostdlib" when g++ is used. This breaks PIE builds.
> +# Use libtool-cross (which has a hack to prevent that) instead.
> +EXTRA_OEMAKE_class-target =
> "LIBTOOL=${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool"
> 
>   - Jussi

Just a heads up this this breaks xfce4-terminal. There is currently no
xfce4-terminal release which will function with vte api 2.91, only
ongoing work on their master branch as far as I can tell. I have no
idea how far reaching the effects of this change will be on
xfce. Before I spend any time on this is this something which folks
are aware of and is there a plan in place? Is there a possibility to
keep the older vte around?

Thanks,
Mark


> 
> 
> Signed-off-by: Jussi Kukkonen  >
> ---
>   meta/conf/distro/include/security_flags.inc|   2 +
>   .../vte/vte-0.28.2/cve-2012-2738.patch | 136
> -
>   .../vte/vte-0.28.2/obsolete_automake_macros.patch  |  14 ---
>   meta/recipes-support/vte/vte.inc   |  15 ---
>   ...-Don-t-enable-stack-protection-by-default.patch |  29 +
>   meta/recipes-support/vte/vte_0.28.2.bb 
> 
>   |  16 ---
> 
>   meta/recipes-support/vte/vte_0.44.1.bb 
> 
>   |  24 
> 
>   7 files changed, 55 insertions(+), 181 deletions(-)
>   delete mode 100644
> meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
>   delete mode 100644
> meta/recipes-support/vte/vte-0.28.2/obsolete_automake_macros.patch
>   delete mode 100644 meta/recipes-support/vte/vte.inc
>   create mode 100644
>
> meta/recipes-support/vte/vte/0001-Don-t-enable-stack-protection-by-default.
> patch delete mode 100644 meta/recipes-support/vte/vte_0.28.2.bb
> 
>   create mode 100644 meta/recipes-support/vte/vte_0.44.1.bb
> 
> 
> diff --git a/meta/conf/distro/include/security_flags.inc
> b/meta/conf/distro/include/security_flags.inc
> index ea1d4e5..0df65e0 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -95,6 +95,8 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}"
>   SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
>   SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}"
> 
> +SECURITY_CFLAGS_pn-vte = "${SECURITY_NO_PIE_CFLAGS}"
> +
>   # Recipes which fail to compile when elevating -Wformat-security
> to an error
>   SECURITY_STRINGFORMAT_pn-busybox = ""
>   SECURITY_STRINGFORMAT_pn-console-tools = ""
> diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> deleted file mode 100644
> index 9b99803..000
> --- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> +++ /dev/null
> @@ -1,136 +0,0 @@
> -Upstream-Status: Backport
> -CVE: CVE-2012-2738
> -Signed-off-by: Ross Burton  >
> -
> -From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001
> -From: Christian Persch

Re: [OE-core] [PATCHv3 10/30] vte: Upgrade to 0.44.1

2016-06-14 Thread Jussi Kukkonen 
On 14 June 2016 at 11:14, Jussi Kukkonen  wrote:

> * License change LGPL 2.0 -> LGPL 2.1+
> * vte-termcap is no more
> * API break: current version seems to be parallel installable
>   with old one, but I did not opt for that.
> * Add patch to avoid stack protection by default
> * Add SECURITY_NO_PIE_CFLAGS exception until linking failure with
>   libc_nonshared.a is resolved (undefined reference to
>   __init_array_start)
>

Just found out Khem has worked around a similar problem with libtool-cross
already: I've modified this patch so that SECURITY_NO_PIE_CFLAGS is no
longer used, but instead libtool-cross is used:

+# libtool adds "-nostdlib" when g++ is used. This breaks PIE builds.
+# Use libtool-cross (which has a hack to prevent that) instead.
+EXTRA_OEMAKE_class-target =
"LIBTOOL=${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool"

 - Jussi




> Signed-off-by: Jussi Kukkonen 
> ---
>  meta/conf/distro/include/security_flags.inc|   2 +
>  .../vte/vte-0.28.2/cve-2012-2738.patch | 136
> -
>  .../vte/vte-0.28.2/obsolete_automake_macros.patch  |  14 ---
>  meta/recipes-support/vte/vte.inc   |  15 ---
>  ...-Don-t-enable-stack-protection-by-default.patch |  29 +
>  meta/recipes-support/vte/vte_0.28.2.bb |  16 ---
>  meta/recipes-support/vte/vte_0.44.1.bb |  24 
>  7 files changed, 55 insertions(+), 181 deletions(-)
>  delete mode 100644 meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
>  delete mode 100644
> meta/recipes-support/vte/vte-0.28.2/obsolete_automake_macros.patch
>  delete mode 100644 meta/recipes-support/vte/vte.inc
>  create mode 100644
> meta/recipes-support/vte/vte/0001-Don-t-enable-stack-protection-by-default.patch
>  delete mode 100644 meta/recipes-support/vte/vte_0.28.2.bb
>  create mode 100644 meta/recipes-support/vte/vte_0.44.1.bb
>
> diff --git a/meta/conf/distro/include/security_flags.inc
> b/meta/conf/distro/include/security_flags.inc
> index ea1d4e5..0df65e0 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -95,6 +95,8 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}"
>  SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
>  SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}"
>
> +SECURITY_CFLAGS_pn-vte = "${SECURITY_NO_PIE_CFLAGS}"
> +
>  # Recipes which fail to compile when elevating -Wformat-security to an
> error
>  SECURITY_STRINGFORMAT_pn-busybox = ""
>  SECURITY_STRINGFORMAT_pn-console-tools = ""
> diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> deleted file mode 100644
> index 9b99803..000
> --- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> +++ /dev/null
> @@ -1,136 +0,0 @@
> -Upstream-Status: Backport
> -CVE: CVE-2012-2738
> -Signed-off-by: Ross Burton 
> -
> -From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001
> -From: Christian Persch 
> -Date: Sat, 19 May 2012 19:36:09 +0200
> -Subject: [PATCH 1/2] emulation: Limit integer arguments to 65535
> -
> -To guard against malicious sequences containing excessively big numbers,
> -limit all parsed numbers to 16 bit range. Doing this here in the parsing
> -routine is a catch-all guard; this doesn't preclude enforcing
> -more stringent limits in the handlers themselves.
> -
> -https://bugzilla.gnome.org/show_bug.cgi?id=676090
> 
> - src/table.c  | 2 +-
> - src/vteseq.c | 2 +-
> - 2 files changed, 2 insertions(+), 2 deletions(-)
> -
> -diff --git a/src/table.c b/src/table.c
> -index 140e8c8..85cf631 100644
>  a/src/table.c
> -+++ b/src/table.c
> -@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
> -   if (G_UNLIKELY (*array == NULL)) {
> -   *array = g_value_array_new(1);
> -   }
> --  g_value_set_long(, total);
> -+  g_value_set_long(, CLAMP (total, 0, G_MAXUSHORT));
> -   g_value_array_append(*array, );
> -   } while (i++ < arginfo->length);
> -   g_value_unset();
> -diff --git a/src/vteseq.c b/src/vteseq.c
> -index 7ef4c8c..10991db 100644
>  a/src/vteseq.c
> -+++ b/src/vteseq.c
> -@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
> -   GValueArray *params,
> -   VteTerminalSequenceHandler handler)
> - {
> --vte_sequence_handler_multiple_limited(terminal, params, handler,
> G_MAXLONG);
> -+vte_sequence_handler_multiple_limited(terminal, params, handler,
> G_MAXUSHORT);
> - }
> -
> - static void
> ---
> -2.4.9 (Apple Git-60)
> -
> -
> -From cf1ad453a8def873c49cf6d88162593402f32bb2 Mon Sep 17 00:00:00 2001
> -From: Christian Persch 
> -Date: Sat, 19 May 2012 20:04:12 +0200
> -Subject: [PATCH 2/2] emulation: Limit repetitions
> -

[OE-core] [PATCHv3 10/30] vte: Upgrade to 0.44.1

2016-06-14 Thread Jussi Kukkonen 
* License change LGPL 2.0 -> LGPL 2.1+
* vte-termcap is no more
* API break: current version seems to be parallel installable
  with old one, but I did not opt for that.
* Add patch to avoid stack protection by default
* Add SECURITY_NO_PIE_CFLAGS exception until linking failure with
  libc_nonshared.a is resolved (undefined reference to
  __init_array_start)

Signed-off-by: Jussi Kukkonen 
---
 meta/conf/distro/include/security_flags.inc|   2 +
 .../vte/vte-0.28.2/cve-2012-2738.patch | 136 -
 .../vte/vte-0.28.2/obsolete_automake_macros.patch  |  14 ---
 meta/recipes-support/vte/vte.inc   |  15 ---
 ...-Don-t-enable-stack-protection-by-default.patch |  29 +
 meta/recipes-support/vte/vte_0.28.2.bb |  16 ---
 meta/recipes-support/vte/vte_0.44.1.bb |  24 
 7 files changed, 55 insertions(+), 181 deletions(-)
 delete mode 100644 meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
 delete mode 100644 
meta/recipes-support/vte/vte-0.28.2/obsolete_automake_macros.patch
 delete mode 100644 meta/recipes-support/vte/vte.inc
 create mode 100644 
meta/recipes-support/vte/vte/0001-Don-t-enable-stack-protection-by-default.patch
 delete mode 100644 meta/recipes-support/vte/vte_0.28.2.bb
 create mode 100644 meta/recipes-support/vte/vte_0.44.1.bb

diff --git a/meta/conf/distro/include/security_flags.inc 
b/meta/conf/distro/include/security_flags.inc
index ea1d4e5..0df65e0 100644
--- a/meta/conf/distro/include/security_flags.inc
+++ b/meta/conf/distro/include/security_flags.inc
@@ -95,6 +95,8 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
 SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}"
 
+SECURITY_CFLAGS_pn-vte = "${SECURITY_NO_PIE_CFLAGS}"
+
 # Recipes which fail to compile when elevating -Wformat-security to an error
 SECURITY_STRINGFORMAT_pn-busybox = ""
 SECURITY_STRINGFORMAT_pn-console-tools = ""
diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch 
b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
deleted file mode 100644
index 9b99803..000
--- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-Upstream-Status: Backport
-CVE: CVE-2012-2738
-Signed-off-by: Ross Burton 
-
-From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001
-From: Christian Persch 
-Date: Sat, 19 May 2012 19:36:09 +0200
-Subject: [PATCH 1/2] emulation: Limit integer arguments to 65535
-
-To guard against malicious sequences containing excessively big numbers,
-limit all parsed numbers to 16 bit range. Doing this here in the parsing
-routine is a catch-all guard; this doesn't preclude enforcing
-more stringent limits in the handlers themselves.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=676090

- src/table.c  | 2 +-
- src/vteseq.c | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/table.c b/src/table.c
-index 140e8c8..85cf631 100644
 a/src/table.c
-+++ b/src/table.c
-@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
-   if (G_UNLIKELY (*array == NULL)) {
-   *array = g_value_array_new(1);
-   }
--  g_value_set_long(, total);
-+  g_value_set_long(, CLAMP (total, 0, G_MAXUSHORT));
-   g_value_array_append(*array, );
-   } while (i++ < arginfo->length);
-   g_value_unset();
-diff --git a/src/vteseq.c b/src/vteseq.c
-index 7ef4c8c..10991db 100644
 a/src/vteseq.c
-+++ b/src/vteseq.c
-@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
-   GValueArray *params,
-   VteTerminalSequenceHandler handler)
- {
--vte_sequence_handler_multiple_limited(terminal, params, handler, 
G_MAXLONG);
-+vte_sequence_handler_multiple_limited(terminal, params, handler, 
G_MAXUSHORT);
- }
- 
- static void
--- 
-2.4.9 (Apple Git-60)
-
-
-From cf1ad453a8def873c49cf6d88162593402f32bb2 Mon Sep 17 00:00:00 2001
-From: Christian Persch 
-Date: Sat, 19 May 2012 20:04:12 +0200
-Subject: [PATCH 2/2] emulation: Limit repetitions
-
-Don't allow malicious sequences to cause excessive repetitions.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=676090

- src/vteseq.c | 25 ++---
- 1 file changed, 18 insertions(+), 7 deletions(-)
-
-diff --git a/src/vteseq.c b/src/vteseq.c
-index 10991db..209522f 100644
 a/src/vteseq.c
-+++ b/src/vteseq.c
-@@ -1392,7 +1392,7 @@ vte_sequence_handler_dc (VteTerminal *terminal, 
GValueArray *params)
- static void
- vte_sequence_handler_DC (VteTerminal *terminal, GValueArray *params)
- {
--  vte_sequence_handler_multiple(terminal, params, 
vte_sequence_handler_dc);
-+  vte_sequence_handler_multiple_r(terminal, params, 
vte_sequence_handler_dc);
- }
- 
- /* Delete a