[OE-core] [PATCH 2/5] linux-yocto: add qemuppc64 kernel support
From: Armin Kuster <akus...@mvista.com>
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-kernel/linux/linux-yocto_4.1.bb | 4 +++-
meta/recipes-kernel/linux/linux-yocto_4.4.bb | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.1.bb
b/meta/recipes-kernel/linux/linux-yocto_4.1.bb
index b2cbc60..9175223 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.1.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.1.bb
@@ -7,6 +7,7 @@ KBRANCH_qemuarm ?= "standard/arm-versatile-926ejs"
KBRANCH_qemuarm64 ?= "standard/qemuarm64"
KBRANCH_qemumips ?= "standard/mti-malta32"
KBRANCH_qemuppc ?= "standard/qemuppc"
+KBRANCH_qemuppc64 ?= "standard/qemuppc"
KBRANCH_qemux86 ?= "standard/base"
KBRANCH_qemux86-64 ?= "standard/base"
KBRANCH_qemumips64 ?= "standard/mti-malta64"
@@ -15,6 +16,7 @@ SRCREV_machine_qemuarm ?=
"df8f2bd306f5e22590991faee46e28f671fa19b3"
SRCREV_machine_qemuarm64 ?= "9f166e918f63dd7214ad0388d64709d33f2a14a3"
SRCREV_machine_qemumips ?= "1bb60e693b913dacad698bec1cc08b350785e3d1"
SRCREV_machine_qemuppc ?= "9f166e918f63dd7214ad0388d64709d33f2a14a3"
+SRCREV_machine_qemuppc64 ?= "9f166e918f63dd7214ad0388d64709d33f2a14a3"
SRCREV_machine_qemux86 ?= "9f166e918f63dd7214ad0388d64709d33f2a14a3"
SRCREV_machine_qemux86-64 ?= "9f166e918f63dd7214ad0388d64709d33f2a14a3"
SRCREV_machine_qemumips64 ?= "b0e7bb69566a922a661c4902e496dce98cefeab9"
@@ -31,7 +33,7 @@ PV = "${LINUX_VERSION}+git${SRCPV}"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-COMPATIBLE_MACHINE =
"qemuarm|qemuarm64|qemux86|qemuppc|qemumips|qemumips64|qemux86-64"
+COMPATIBLE_MACHINE =
"qemuarm|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64"
# Functionality flags
KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.4.bb
b/meta/recipes-kernel/linux/linux-yocto_4.4.bb
index 49ffd8d..218d214 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.4.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.4.bb
@@ -7,6 +7,7 @@ KBRANCH_qemuarm ?= "standard/arm-versatile-926ejs"
KBRANCH_qemuarm64 ?= "standard/qemuarm64"
KBRANCH_qemumips ?= "standard/mti-malta32"
KBRANCH_qemuppc ?= "standard/qemuppc"
+KBRANCH_qemuppc64 ?= "standard/qemuppc"
KBRANCH_qemux86 ?= "standard/base"
KBRANCH_qemux86-64 ?= "standard/base"
KBRANCH_qemumips64 ?= "standard/mti-malta64"
@@ -15,6 +16,7 @@ SRCREV_machine_qemuarm ?=
"6f2317f8a00a3eb6a2b28ca51f336f61eb6fe160"
SRCREV_machine_qemuarm64 ?= "13852755ecbf491848afbe40e66fc152bc70915b"
SRCREV_machine_qemumips ?= "9fc8fc49e5065f1ee76e964a4c0257291ab3e62a"
SRCREV_machine_qemuppc ?= "13852755ecbf491848afbe40e66fc152bc70915b"
+SRCREV_machine_qemuppc64 ?= "13852755ecbf491848afbe40e66fc152bc70915b"
SRCREV_machine_qemux86 ?= "13852755ecbf491848afbe40e66fc152bc70915b"
SRCREV_machine_qemux86-64 ?= "13852755ecbf491848afbe40e66fc152bc70915b"
SRCREV_machine_qemumips64 ?= "d1c1f36412d196b560ed9f19392e291b5492b94c"
@@ -31,7 +33,7 @@ PV = "${LINUX_VERSION}+git${SRCPV}"
KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
-COMPATIBLE_MACHINE =
"qemuarm|qemuarm64|qemux86|qemuppc|qemumips|qemumips64|qemux86-64"
+COMPATIBLE_MACHINE =
"qemuarm|qemuarm64|qemux86|qemuppc|qemuppc64|qemumips|qemumips64|qemux86-64"
# Functionality flags
KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/5] machine: add qemuppc64 machine
Signed-off-by: Armin Kuster <akus...@mvista.com> --- meta/conf/machine/qemuppc64.conf | 13 + 1 file changed, 13 insertions(+) create mode 100644 meta/conf/machine/qemuppc64.conf diff --git a/meta/conf/machine/qemuppc64.conf b/meta/conf/machine/qemuppc64.conf new file mode 100644 index 000..5501101 --- /dev/null +++ b/meta/conf/machine/qemuppc64.conf @@ -0,0 +1,13 @@ +#@TYPE: Machine +#@NAME: qemu PPC 64 Emulator setup +#@DESCRIPTION: Machine configuration for running an PPC system under qemu emulation + +require conf/machine/include/qemu.inc +DEFAULTTUNE ?= "ppc64p6" +require conf/machine/include/tune-power6.inc + +KERNEL_IMAGETYPE = "vmlinux" + +SERIAL_CONSOLES = "115200;ttyS0 115200;ttyS1" + +MACHINE_EXTRA_RRECOMMENDS = " kernel-modules" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 4/5] qemu: add ppc64 to QEMU_TARGETS
From: Armin Kuster <akus...@mvista.com> Signed-off-by: Armin Kuster <akus...@mvista.com> --- meta/recipes-devtools/qemu/qemu.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index b865223..93d6317 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -12,7 +12,7 @@ BBCLASSEXTEND = "native nativesdk" PR = "r1" # QEMU_TARGETS is overridable variable -QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc sh4 x86_64" +QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 mips64el ppc ppc64 sh4 x86_64" SRC_URI = "\ file://powerpc_rom.bin \ -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 3/5] runqemu: Add qemuppc64
From: Armin Kuster <akus...@mvista.com>
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
scripts/runqemu | 9 ++---
scripts/runqemu-internal | 24 ++--
2 files changed, 24 insertions(+), 9 deletions(-)
diff --git a/scripts/runqemu b/scripts/runqemu
index de05035..9c73e25 100755
--- a/scripts/runqemu
+++ b/scripts/runqemu
@@ -121,7 +121,7 @@ while true; do
arg=${1}
case "$arg" in
"qemux86" | "qemux86-64" | "qemuarm" | "qemuarm64" | "qemumips" |
"qemumipsel" | \
-"qemumips64" | "qemush4" | "qemuppc" | "qemumicroblaze" | "qemuzynq"
| "qemuzynqmp")
+"qemumips64" | "qemush4" | "qemuppc" | "qemuppc64" | "qemumicroblaze"
| "qemuzynq" | "qemuzynqmp")
[ -z "$MACHINE" -o "$MACHINE" = "$arg" ] && MACHINE=$arg || \
error "conflicting MACHINE types [$MACHINE] and [$arg]"
;;
@@ -251,13 +251,13 @@ fi
if [ -z "$MACHINE" ]; then
if [ "$IS_VM" = "true" ]; then
[ "x$FSTYPE" = "xwic" ] && filename=$ROOTFS || filename=$VM
-MACHINE=`basename $filename | sed -n
's/.*\(qemux86-64\|qemux86\|qemuarm64\|qemuarm\|qemumips64\|qemumips\|qemuppc\|qemush4\).*/\1/p'`
+MACHINE=`basename $filename | sed -n
's/.*\(qemux86-64\|qemux86\|qemuarm64\|qemuarm\|qemumips64\|qemumips\|qemuppc\|qemuppc64\|qemush4\).*/\1/p'`
if [ -z "$MACHINE" ]; then
error "Unable to set MACHINE from image filename [$VM]"
fi
echo "Set MACHINE to [$MACHINE] based on image [$VM]"
else
-MACHINE=`basename $KERNEL | sed -n
's/.*\(qemux86-64\|qemux86\|qemuarm64\|qemuarm\|qemumips64\|qemumips\|qemuppc\|qemush4\).*/\1/p'`
+MACHINE=`basename $KERNEL | sed -n
's/.*\(qemux86-64\|qemux86\|qemuarm64\|qemuarm\|qemumips64\|qemumips\|qemuppc\|qemuppc64\|qemush4\).*/\1/p'`
if [ -z "$MACHINE" ]; then
error "Unable to set MACHINE from kernel filename [$KERNEL]"
fi
@@ -344,6 +344,9 @@ QEMUSH4_DEFAULT_FSTYPE=ext4
QEMUPPC_DEFAULT_KERNEL=vmlinux-qemuppc.bin
QEMUPPC_DEFAULT_FSTYPE=ext4
+QEMUPPC64_DEFAULT_KERNEL=vmlinux-qemuppc64.bin
+QEMUPPC64_DEFAULT_FSTYPE=ext4
+
QEMUMICROBLAZE_DEFAULT_KERNEL=linux.bin.ub
QEMUMICROBLAZE_DEFAULT_FSTYPE=cpio
diff --git a/scripts/runqemu-internal b/scripts/runqemu-internal
index ea1a307..e8cc1a1 100755
--- a/scripts/runqemu-internal
+++ b/scripts/runqemu-internal
@@ -438,15 +438,27 @@ config_qemumips() {
}
config_qemuppc() {
-set_mem_size 256
-QEMU=qemu-system-ppc
-MACHINE_SUBTYPE=mac99
-CPU_SUBTYPE=G4
+case "$MACHINE" in
+qemuppc)
+set_mem_size 256
+QEMU=qemu-system-ppc
+MACHINE_SUBTYPE=mac99
+CPU_SUBTYPE=G4
+MODEL=pcnet
+;;
+qemuppc64)
+set_mem_size 1024
+QEMU=qemu-system-ppc64
+MACHINE_SUBTYPE=pseries
+CPU_SUBTYPE=POWER7
+MODEL=e1000
+;;
+esac
QEMU_UI_OPTIONS="$QEMU_UI_OPTIONS"
if [ "$SLIRP_ENABLED" = "yes" ]; then
QEMU_NETWORK_CMD=""
else
-QEMU_NETWORK_CMD="-net nic,model=pcnet $QEMU_TAP_CMD"
+QEMU_NETWORK_CMD="-net nic,model=$MODEL $QEMU_TAP_CMD"
fi
if [ "${FSTYPE:0:3}" = "ext" -o "$FSTYPE" = "btrfs" -o "$FSTYPE" = "wic"
]; then
KERNCMDLINE="root=$DROOT rw console=ttyS0 console=tty
$KERNEL_NETWORK_CMD mem=$QEMU_MEMORY"
@@ -543,7 +555,7 @@ case "$MACHINE" in
"qemumips" | "qemumipsel" | "qemumips64")
config_qemumips
;;
-"qemuppc")
+"qemuppc" | "qemuppc64")
config_qemuppc
;;
"qemush4")
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 5/5] qeme: add ppc64 to poky QEMU_TARGET
From: Armin Kuster <akus...@mvista.com>
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta-poky/conf/distro/poky.conf | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/meta-poky/conf/distro/poky.conf b/meta-poky/conf/distro/poky.conf
index 6cae44e..361e2f1 100644
--- a/meta-poky/conf/distro/poky.conf
+++ b/meta-poky/conf/distro/poky.conf
@@ -28,6 +28,7 @@ PREFERRED_VERSION_linux-yocto_qemuarm ?= "4.4%"
PREFERRED_VERSION_linux-yocto_qemumips ?= "4.4%"
PREFERRED_VERSION_linux-yocto_qemumips64 ?= "4.4%"
PREFERRED_VERSION_linux-yocto_qemuppc ?= "4.4%"
+PREFERRED_VERSION_linux-yocto_qemuppc64 ?= "4.4%"
SDK_NAME = "${DISTRO}-${TCLIBC}-${SDK_ARCH}-${IMAGE_BASENAME}-${TUNE_PKGARCH}"
SDKPATH = "/opt/${DISTRO}/${SDK_VERSION}"
@@ -40,12 +41,13 @@ DISTRO_EXTRA_RDEPENDS_append_qemuarm = " ${POKYQEMUDEPS}"
DISTRO_EXTRA_RDEPENDS_append_qemuarm64 = " ${POKYQEMUDEPS}"
DISTRO_EXTRA_RDEPENDS_append_qemumips = " ${POKYQEMUDEPS}"
DISTRO_EXTRA_RDEPENDS_append_qemuppc = " ${POKYQEMUDEPS}"
+DISTRO_EXTRA_RDEPENDS_append_qemuppc64 = " ${POKYQEMUDEPS}"
DISTRO_EXTRA_RDEPENDS_append_qemux86 = " ${POKYQEMUDEPS}"
DISTRO_EXTRA_RDEPENDS_append_qemux86-64 = " ${POKYQEMUDEPS}"
TCLIBCAPPEND = ""
-QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 ppc x86_64"
+QEMU_TARGETS ?= "arm aarch64 i386 mips mipsel mips64 ppc ppc64 x86_64"
# Other QEMU_TARGETS "mips64el sh4"
PREMIRRORS ??= "\
--
1.9.1
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 00/52] akuster/krogoth-next pull request
Please consider this set for krogoth-next. I dropped a few SRC_URI changes as
they are not in master.
There is one AB build failure for edsk on ppc so this set is mostly clean.
The following changes since commit ae9b341ecfcc60e970f29cfe04306411ad26c0cf:
bitbake: bitbake: toaster: settings set ALLOWED_HOSTS to * in debug mode
(2016-11-28 14:23:48 +)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/krogoth-next
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/krogoth-next
Adrian Dudau (2):
qemu: Security fix CVE-2016-4439
qemu: Security fix CVE-2016-4952
Armin Kuster (10):
tzcode-native: update to 2016h
tzdata: Update to 2016h
openssl: Security fix CVE-2016-8610
tzcode: update to 2016i
tzdata: update to 2016i
libpcre: update SRC_URI
libpng: update SRC_URI back to SF
libxslt: update SRC_URI
libpng -lsb: update SRC_URI
mesa: update SRC_URI
Daniel Díaz (1):
weston: Add no-input-device patch to 1.9.0.
Ed Bartosh (2):
populate_sdk_ext: fix working with uninative sstate
populate_sdk_ext: whitelist do_package tasks
Joshua Lock (1):
zlib: update SRC_URI to fix fetching
Mingli Yu (2):
tiff: Security fix CVE-2016-9535
tiff: Security fix CVE-2016-9538
Otavio Salvador (1):
gstreamer1.0-libav: Add 'valgrind' config option
Richard Purdie (5):
sstate: Ensure we don't remove sigbasedata files
rm_work: Ensure we don't remove sigbasedata files
bitbake: build: Ensure we preserve sigbasedata files as well as
sigdata ones
bitbake: siggen: Pass basehash to worker processes and sanity check
reparsing result
bitbake: siggen: Ensure taskhash mismatches don't override existing
data
Ross Burton (6):
classes/cross: set lt_cv_sys_lib_dlsearch_path_spec
classes/native: set lt_cv_sys_lib_dlsearch_path_spec
binutils: fix typo in libtool patch
binutils: apply RPATH fixes from our libtool patches
oeqa: fix hasPackage, add hasPackageMatch
bitbake: fetch2/wget: attempt checkstatus again if it fails
Sona Sarmadi (12):
curl: CVE-2016-8615
curl: CVE-2016-8616
curl: CVE-2016-8617
curl: CVE-2016-8618
curl: CVE-2016-8619
curl: CVE-2016-8620
curl: CVE-2016-8621
curl: CVE-2016-8622
curl: CVE-2016-8623
curl: CVE-2016-8624
curl: CVE-2016-8625
expat: CVE-2012-6702, CVE-2016-5300
Yi Zhao (6):
tiff: Security fix CVE-2016-3945
tiff: Security fix CVE-2016-3990
tiff: Security fix CVE-2016-3991
tiff: Security fix CVE-2016-3623
tiff: Security fix CVE-2016-3622
tiff: Security fix CVE-2016-3632
Zeeshan Ali (1):
nss: Disable warning on deprecated API usage
Zhixiong Chi (3):
tiff: Security fix CVE-2016-3658
tiff: Security fix CVE-2016-9540
tiff: Security fix CVE-2016-9539
bitbake/lib/bb/build.py| 2 +-
bitbake/lib/bb/fetch2/wget.py | 12 +-
bitbake/lib/bb/siggen.py | 31 +-
meta/classes/cross.bbclass | 2 +
meta/classes/native.bbclass| 3 +-
meta/classes/populate_sdk_ext.bbclass | 8 +-
meta/classes/rm_work.bbclass | 2 +-
meta/classes/sstate.bbclass| 2 +-
meta/lib/oeqa/oetest.py| 28 +-
meta/lib/oeqa/runtime/_ptest.py| 4 +-
meta/lib/oeqa/runtime/python.py| 2 +-
meta/lib/oeqa/runtime/smart.py | 2 +-
meta/lib/oeqa/sdk/buildsudoku.py | 2 +-
.../openssl/openssl/CVE-2016-8610.patch| 124 +
.../recipes-connectivity/openssl/openssl_1.0.2h.bb | 1 +
.../expat-2.1.0/CVE-2016-5300_CVE-2012-6702.patch | 123 +
meta/recipes-core/expat/expat_2.1.0.bb | 4 +
meta/recipes-core/zlib/zlib_1.2.8.bb | 2 +-
meta/recipes-devtools/binutils/binutils-2.26.inc | 1 +
.../binutils/binutils/0006-Use-libtool-2.4.patch | 5 +-
.../binutils/0014-libtool-remove-rpath.patch | 100
.../recipes-devtools/qemu/qemu/CVE-2016-4441.patch | 78 +++
.../recipes-devtools/qemu/qemu/CVE-2016-4952.patch | 105
meta/recipes-devtools/qemu/qemu_2.5.0.bb | 2 +
...code-native_2016g.bb => tzcode-native_2016i.bb} | 8 +-
.../tzdata/{tzdata_2016g.bb => tzdata_2016i.bb}| 4 +-
meta/recipes-graphics/mesa/mesa_11.1.1.bb | 2 +-
.../add-config-option-for-no-input-device.patch| 125 +
meta/recipes-graphics/wayland/weston_1.9.0.bb | 1 +
meta/recipes-lsb4/libpng/libpng12_1.2.56.bb| 2 +-
.../gstreamer/gstreamer1.0-libav.inc | 1 +
meta/recipes-multimedia/libpng/libpng_1.6.21.bb| 4 +-
.../libtiff/files/CVE-2016-3622.patch | 129 +
.../libtiff/files/CVE-2016-3623.patch | 52 ++
.../libtiff/files/CVE-2016-3632.patch | 34 ++
.../libtiff/files/CVE-2016-3658.patch | 111
.../libtiff/files/CV
[OE-core] [PATCH 00/26] Krogoth-next: stagged changes
The following changes are being considered for krogoth-next.
If I am missing something, please let me know.
The following changes since commit aad7166704021d82ad3a5ec468552f8f10360d41:
curl: security fix for CVE-2016-5421 (2016-09-02 08:48:29 +0100)
are available in the git repository at:
http://git.yoctoproject.org/git/poky-contrib akuster/krogoth-next
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/krogoth-next
Alejandro Hernandez (1):
initramfs-live-boot: Make sure we kill udev before switching root when
live booting
Armin Kuster (2):
tiff: Security fix CVE-2015-8781
tiff: Security fix CVE-2015-8784
Henry Bruce (1):
npm: npm.bbclass now adds nodejs to RDEPENDS
Jackie Huang (1):
e2fsprogs: Fix missing check for permission denied.
Jacob Kroon (1):
bitbake.conf/toolchain-scripts.bbclass: Remove debug prefix mappings
in SDK
Jeremy Puhlman (2):
Fix random python backtrace in mutlilib handling code.
bitbake.conf: set READELF for cross compilation
Jonathan Liu (1):
meta/classes: fix bb.build.FuncFailed typos
Khem Raj (3):
python{3}-numpy: Predefine of sizeof off_t on mips/mipsel/ppc
systemd: Create missing sysusers offline
gdb: Cache gnu gettext config vars for musl builds
Markus Lehtonen (1):
base.bbclass wipe ${S} before unpacking source
Pascal Bach (1):
gcc, qemuppc: Explicitly disable forcing SPE flags for 4.9
Reinette Chatre (1):
binutils: advance SRCREV to obtain versioned symbols
Richard Purdie (2):
busybox: Backport makefile fix from upstream
busybox: Add parallel make fix
Ross Burton (1):
cml1: fix tasks after default [dirs] changed
Sona Sarmadi (2):
sudo: CVE-2015-8239
curl: security fix for CVE-2016-7141
Stefan Agner (1):
busybox: Fix busybox-init on non-tty consoles
Stephano Cetola (1):
systemd: allow add users as a rootfs postprocess cmd
Tanu Kaskinen (1):
pulseaudio: fix crash when disconnecting bluetooth devices
Yi Zhao (3):
tiff: Security fix CVE-2016-3186
tiff: Security fix CVE-2016-5321
tiff: Security fix CVE-2016-5323
meta/classes/base.bbclass | 18 +-
meta/classes/cml1.bbclass | 2 +
meta/classes/grub-efi.bbclass | 2 +-
meta/classes/gummiboot.bbclass | 4 +-
meta/classes/multilib_global.bbclass | 3 +-
meta/classes/npm.bbclass | 1 +
meta/classes/rootfs-postcommands.bbclass | 43 +-
meta/classes/syslinux.bbclass | 2 +-
meta/classes/toolchain-scripts.bbclass | 3 +
meta/conf/bitbake.conf | 9 +-
meta/recipes-core/busybox/busybox.inc | 4 +-
.../busybox/busybox/makefile-fix-backport.patch| 40 ++
.../busybox/busybox/parallel-make-fix.patch| 65 ++
meta/recipes-core/busybox/busybox_1.24.1.bb| 2 +
meta/recipes-core/initrdscripts/files/init-live.sh | 4 +-
meta/recipes-core/systemd/systemd_229.bb | 8 +-
meta/recipes-devtools/binutils/binutils-2.26.inc | 2 +-
...s-fix-missing-check-for-permission-denied.patch | 32 +
meta/recipes-devtools/e2fsprogs/e2fsprogs_git.bb | 3 +
...AltiVec-generation-on-powepc-linux-target.patch | 11 +
meta/recipes-devtools/gdb/gdb_7.10.1.bb| 5 +
.../python/python-numpy/arm/numpyconfig.h | 1 +
.../python/python-numpy/mips/_numpyconfig.h| 1 +
.../python/python-numpy/powerpc/_numpyconfig.h | 1 +
.../sudo/sudo/CVE-2015-8239-1.patch| 699 +
.../sudo/sudo/CVE-2015-8239-2.patch| 45 ++
meta/recipes-extended/sudo/sudo_1.8.15.bb | 2 +
.../libtiff/files/CVE-2015-8781.patch | 195 ++
.../libtiff/files/CVE-2015-8784.patch | 73 +++
.../libtiff/files/CVE-2016-3186.patch | 24 +
.../libtiff/files/CVE-2016-5321.patch | 49 ++
.../libtiff/files/CVE-2016-5323.patch | 107
meta/recipes-multimedia/libtiff/tiff_4.0.6.bb | 5 +
...th-don-t-create-the-HSP-HFP-profile-twice.patch | 343 ++
.../pulseaudio/pulseaudio_8.0.bb | 1 +
meta/recipes-support/curl/curl/CVE-2016-7141.patch | 50 ++
meta/recipes-support/curl/curl_7.47.1.bb | 1 +
37 files changed, 1813 insertions(+), 47 deletions(-)
create mode 100644
meta/recipes-core/busybox/busybox/makefile-fix-backport.patch
create mode 100644 meta/recipes-core/busybox/busybox/parallel-make-fix.patch
create mode 100644
meta/recipes-devtools/e2fsprogs/e2fsprogs/e2fsprogs-fix-missing-check-for-permission-denied.patch
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2015-8239-1.patch
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2015-8239-2.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch
create
[OE-core] [PATCH 00/14][v2] Krogoth next pull request
From: Armin Kuster <akus...@mvista.com> Fixed several typos in the openssl commits. This includes a fix for systemd [Yocto # 10329] The following changes since commit e6c1d03d3d161cbbda254a5dae7008ff7e37d874: oeqa/buildiptables: Switch from netfilter.org to yoctoproject.org mirror (2016-09-24 09:27:51 +0100) are available in the git repository at: http://git.yoctoproject.org/git/poky-contrib akuster/krogoth-next http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/krogoth-next Armin Kuster (9): openssl: Security fix CVE-2016-2178 openssl: Security fix CVE-2016-2179 openssl: Security fix CVE-2016-2180 openssl: Security fix CVE-2016-2181 openssl: Security fix CVE-2016-2182 openssl: Security fix CVE-2016-6302 openssl: Security fix CVE-2016-6303 openssl: Security fix CVE-2016-6304 openssl: Security fix CVE-2016-6306 Dengke Du (1): cracklib: Apply patch to fix CVE-2016-6318 Khem Raj (1): useradd.bbclass: Strip trailing ';' in cmd params Martin Jansa (1): useradd: use bindir_native for pseudo PATH Zhixiong Chi (2): wpa_supplicant: Security Advisory-CVE-2016-4476 wpa_supplicant: Security Advisory-CVE-2016-4477 meta/classes/useradd.bbclass | 18 +- .../openssl/openssl/CVE-2016-2178.patch| 54 + .../openssl/openssl/CVE-2016-2179.patch| 255 + .../openssl/openssl/CVE-2016-2180.patch| 44 .../openssl/openssl/CVE-2016-2181_p1.patch | 91 .../openssl/openssl/CVE-2016-2181_p2.patch | 239 +++ .../openssl/openssl/CVE-2016-2181_p3.patch | 30 +++ .../openssl/openssl/CVE-2016-2182.patch| 70 ++ .../openssl/openssl/CVE-2016-6302.patch| 53 + .../openssl/openssl/CVE-2016-6303.patch| 36 +++ .../openssl/openssl/CVE-2016-6304.patch| 75 ++ .../openssl/openssl/CVE-2016-6306.patch| 71 ++ .../recipes-connectivity/openssl/openssl_1.0.2h.bb | 11 + ...parameter-set-with-invalid-passphrase-cha.patch | 55 + ...ject-a-Credential-with-invalid-passphrase.patch | 86 +++ ...CRED-commands-with-newline-characters-in-.patch | 66 ++ ...ines-from-wpa_supplicant-config-network-o.patch | 86 +++ ...commands-with-newline-characters-in-the-s.patch | 54 + .../wpa-supplicant/wpa-supplicant_2.5.bb | 5 + .../0001-Apply-patch-to-fix-CVE-2016-6318.patch| 105 + meta/recipes-extended/cracklib/cracklib_2.9.5.bb | 1 + 21 files changed, 1496 insertions(+), 9 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Reject-SET_CRED-commands-with-newline-characters-in-.patch create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0002-Remove-newlines-from-wpa_supplicant-config-network-o.patch create mode 100644 meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/0003-Reject-SET-commands-with-newline-characters-in-the-s.patch create mode 100644 meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [V2][PATCH] mklibs-native: update broken SRC_URI
From: Armin Kuster <akus...@mvista.com>
fixes checkuri AB failure.
V2] change to snaphot instead of ubuntu
ERROR: mklibs-native-0.1.41-r0 do_checkuri: Fetcher failure for URL:
'http://ftp.de.debian.org/debian/pool/main/m/mklibs/mklibs_0.1.41.tar.xz'. URL
http://ftp.de.debian.org/debian/pool/main/m/mklibs/mklibs_0.1.41.tar.xz doesn't
work
ERROR: mklibs-native-0.1.41-r0 do_checkuri: Function failed: do_checkuri
[ Yocto #10391]
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
b/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
index a5da936..b3c1b5b 100644
--- a/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
+++ b/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
@@ -6,7 +6,7 @@ LICENSE = "GPLv2+"
LIC_FILES_CHKSUM =
"file://debian/copyright;md5=98d31037b13d896e33890738ef01af64"
DEPENDS = "python-native"
-SRC_URI =
"http://ftp.de.debian.org/debian/pool/main/m/mklibs/${BPN}_${PV}.tar.xz \
+SRC_URI =
"http://snapshot.debian.org/archive/debian/20160207T221625Z/pool/main/m/${BPN}/${BPN}_${PV}.tar.xz
\
file://ac_init_fix.patch\
file://fix_STT_GNU_IFUNC.patch\
file://sysrooted-ldso.patch \
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] mklibs-native: update broken SRC_URI
From: Armin Kuster <akus...@mvista.com>
fixes checkuri AB failure.
ERROR: mklibs-native-0.1.41-r0 do_checkuri: Fetcher failure for URL:
'http://ftp.de.debian.org/debian/pool/main/m/mklibs/mklibs_0.1.41.tar.xz'. URL
http://ftp.de.debian.org/debian/pool/main/m/mklibs/mklibs_0.1.41.tar.xz doesn't
work
ERROR: mklibs-native-0.1.41-r0 do_checkuri: Function failed: do_checkuri
[ Yocto #10391]
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
b/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
index a5da936..b3c1b5b 100644
--- a/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
+++ b/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
@@ -6,7 +6,7 @@ LICENSE = "GPLv2+"
LIC_FILES_CHKSUM =
"file://debian/copyright;md5=98d31037b13d896e33890738ef01af64"
DEPENDS = "python-native"
-SRC_URI =
"http://ftp.de.debian.org/debian/pool/main/m/mklibs/${BPN}_${PV}.tar.xz \
+SRC_URI =
"http://snapshot.debian.org/archive/debian/20160207T221625Z/pool/main/m/${BPN}/${BPN}_${PV}.tar.xz
\
file://ac_init_fix.patch\
file://fix_STT_GNU_IFUNC.patch\
file://sysrooted-ldso.patch \
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] mklibs-native: update broken SRC_URI
From: Armin Kuster <akus...@mvista.com>
fixes checkuri AB failure.
ERROR: mklibs-native-0.1.41-r0 do_checkuri: Fetcher failure for URL:
'http://ftp.de.debian.org/debian/pool/main/m/mklibs/mklibs_0.1.41.tar.xz'. URL
http://ftp.de.debian.org/debian/pool/main/m/mklibs/mklibs_0.1.41.tar.xz doesn't
work
ERROR: mklibs-native-0.1.41-r0 do_checkuri: Function failed: do_checkuri
[ Yocto #10391]
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
b/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
index a5da936..09ea88a 100644
--- a/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
+++ b/meta/recipes-devtools/mklibs/mklibs-native_0.1.41.bb
@@ -6,7 +6,7 @@ LICENSE = "GPLv2+"
LIC_FILES_CHKSUM =
"file://debian/copyright;md5=98d31037b13d896e33890738ef01af64"
DEPENDS = "python-native"
-SRC_URI =
"http://ftp.de.debian.org/debian/pool/main/m/mklibs/${BPN}_${PV}.tar.xz \
+SRC_URI =
"http://archive.ubuntu.com/ubuntu/pool/main/m/mklibs/${BPN}_${PV}.tar.xz \
file://ac_init_fix.patch\
file://fix_STT_GNU_IFUNC.patch\
file://sysrooted-ldso.patch \
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 00/13] Jethro-next pull request
From: Armin Kuster <akus...@mvista.com> please consider these security and bug fixes for Jethro. My krogoth-next stagging branch has a complimentary set for the security fixes. http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=akuster/krogoth-next: 7a24bd8a38a2819965b8c1926d33042bd61d1f0b The following changes since commit 6b732a392289a7bb50b0e3716c066c62fa32a14d: curl: security fix for CVE-2016-5420 (2016-09-02 08:48:20 +0100) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib akuster/jethro-next http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=akuster/jethro-next Armin Kuster (8): openssl: Security fix CVE-2016-2177 openssl: Security fix CVE-2016-2178 bind: Security fix CVE-2016-2088 git: Security fix CVE-2016-2315 CVE-2016-2324 openssh: Security fix CVE-2016-6210 openssh: Security fix CVE-2016-5615 openssh: Security fix CVE-2015-8325 wget: Security fix CVE-2016-4971 Ismo Puustinen (1): libpcre: Fix CVE-2016-3191 Ross Burton (1): openssl: add a patch to fix parallel builds Yi Zhao (3): tiff: Security fix CVE-2016-3186 tiff: Security fix CVE-2016-5321 tiff: Security fix CVE-2016-5323 .../bind/bind/CVE-2016-2088.patch | 216 ++ meta/recipes-connectivity/bind/bind_9.10.2-P4.bb | 1 + .../openssh/openssh/CVE-2015-8325.patch| 33 +++ .../openssh/openssh/CVE-2016-6210.patch| 114 +++ .../openssh/openssh/CVE-2016-6210_p2.patch | 110 +++ .../openssh/openssh/CVE-2016-6210_p3.patch | 62 .../openssh/openssh/CVE-2016-6515.patch| 54 meta/recipes-connectivity/openssh/openssh_7.1p2.bb | 5 + .../openssl/openssl/CVE-2016-2177.patch| 286 ++ .../openssl/openssl/CVE-2016-2178.patch| 51 .../openssl/openssl/parallel.patch | 326 + .../recipes-connectivity/openssl/openssl_1.0.2h.bb | 3 + .../git/git-2.5.0/CVE-2016-2315_2324.patch | 307 +++ .../git/git-2.5.0/CVE-2016-2315_p1.patch | 115 .../git/git-2.5.0/CVE-2016-2315_p2.patch | 89 ++ .../git/git-2.5.0/CVE-2016-2315_p3.patch | 160 ++ .../git/git-2.5.0/CVE-2016-2315_p4.patch | 237 +++ meta/recipes-devtools/git/git_2.5.0.bb | 5 + .../recipes-extended/wget/wget/CVE-2016-4971.patch | 294 +++ ...mping-and-continue-behaviour-with-ftp-pro.patch | 108 +++ meta/recipes-extended/wget/wget_1.16.3.bb | 2 + .../libtiff/files/CVE-2016-3186.patch | 24 ++ .../libtiff/files/CVE-2016-5321.patch | 45 +++ .../libtiff/files/CVE-2016-5323.patch | 103 +++ meta/recipes-multimedia/libtiff/tiff_4.0.4.bb | 3 + .../libpcre/libpcre/CVE-2016-3191.patch| 174 +++ meta/recipes-support/libpcre/libpcre_8.38.bb | 1 + 27 files changed, 2928 insertions(+) create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2088.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2015-8325.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2016-6210.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2016-6210_p2.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2016-6210_p3.patch create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE-2016-6515.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2177.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2178.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/parallel.patch create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_2324.patch create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p1.patch create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p2.patch create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p3.patch create mode 100644 meta/recipes-devtools/git/git-2.5.0/CVE-2016-2315_p4.patch create mode 100644 meta/recipes-extended/wget/wget/CVE-2016-4971.patch create mode 100644 meta/recipes-extended/wget/wget/Fix-timestamping-and-continue-behaviour-with-ftp-pro.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 0/7] Jethro pull request #2
From: Armin Kuster <akus...@mvista.com> please consider these changes for Jethro Similar fixes for krogoth are in my staging branch The following changes since commit 6f0350d1cbf5829bfbaa3a43227f8d564903743a: wget: Security fix CVE-2016-4971 (2016-09-17 22:33:07 -0700) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib akuster/jethro-next http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=akuster/jethro-next Armin Kuster (7): qemu: Security Fix CVE-2016-3710 qemu: Security Fix CVE-2016-3712 qemu: Security fix CVE-2016-4439 qemu: Security fix CVE-2016-6351 qemu: Security fix for CVE-2016-4002 qemu: Secuirty fix for CVE-2016-5403 util-linux: Security fix for CVE-2016-5011 .../util-linux/util-linux/CVE-2016-5011.patch | 59 + .../util-linux/util-linux/CVE-2016-5011_p2.patch | 91 ++ meta/recipes-core/util-linux/util-linux_2.26.2.bb | 2 + .../recipes-devtools/qemu/qemu/CVE-2016-3710.patch | 112 + .../qemu/qemu/CVE-2016-3712_p1.patch | 73 .../qemu/qemu/CVE-2016-3712_p2.patch | 132 + .../qemu/qemu/CVE-2016-3712_p3.patch | 34 ++ .../qemu/qemu/CVE-2016-3712_p4.patch | 80 + .../recipes-devtools/qemu/qemu/CVE-2016-4002.patch | 39 ++ .../recipes-devtools/qemu/qemu/CVE-2016-4439.patch | 46 +++ .../recipes-devtools/qemu/qemu/CVE-2016-5403.patch | 67 +++ .../qemu/qemu/CVE-2016-6351_p1.patch | 75 .../qemu/qemu/CVE-2016-6351_p2.patch | 60 ++ meta/recipes-devtools/qemu/qemu_2.4.0.bb | 10 ++ 14 files changed, 880 insertions(+) create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2016-5011.patch create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2016-5011_p2.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-3710.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p1.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p2.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p3.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-3712_p4.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-4002.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-4439.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-5403.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-6351_p1.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-6351_p2.patch -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 00/60] krogoth-next staged
These are the changes I have staged. The last 17 changes have not be run on the
AB. We are working throught build issues on mips64.
The following changes since commit 8c69f7d56cbd496aa01ba0738675a170826a536b:
bitbake: lib/bb/tests/fetch: remove URL that doesn't exist anymore
(2016-09-13 16:19:46 +0100)
are available in the git repository at:
http://git.yoctoproject.org/git/poky-contrib akuster/krogoth-next
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/krogoth-next
Alejandro Hernandez (1):
initramfs-live-boot: Make sure we kill udev before switching root when
live booting
Alexander Kanavin (2):
gobject-introspection.bbclass: disable introspection for -native and
-nativesdk recipes
arch-mips.inc: Disable QEMU usermode usage when building with n32 ABI
Armin Kuster (13):
tiff: Security fix CVE-2015-8781
tiff: Security fix CVE-2015-8784
openssh: Security fix CVE-2016-6210
openssh: Security fix CVE-2016-5615
openssh: Security fix CVE-2015-8325
wget: Security fix CVE-2016-4971
util-linux: Security fix for CVE-2016-5011
qemu: Security Fix CVE-2016-3710
qemu: Security Fix CVE-2016-3712
qemu: Security fix CVE-2016-4439
qemu: Security fix CVE-2016-6351
qemu: Security fix for CVE-2016-4002
qemu: Secuirty fix for CVE-2016-5403
Bill Randle (3):
perl: set proper perl subversion number in config files
perl: some perl tests require libssp
perl: fix several perl test failures
Dengke Du (1):
busybox: fix "sed n (flushes pattern space, terminates early)"
testcase failure
He Zhe (1):
perl: Correct perl path for ptest
Henry Bruce (1):
npm: npm.bbclass now adds nodejs to RDEPENDS
Ioan-Adrian Ratiu (1):
perl-native: backport libnm link fix
Jackie Huang (1):
e2fsprogs: Fix missing check for permission denied.
Jacob Kroon (1):
bitbake.conf/toolchain-scripts.bbclass: Remove debug prefix mappings
in SDK
Jeremy Puhlman (2):
Fix random python backtrace in mutlilib handling code.
bitbake.conf: set READELF for cross compilation
Jonathan Liu (1):
meta/classes: fix bb.build.FuncFailed typos
Juro Bystricky (1):
busybox: Avoid race building libbb
Jérémy Rosen (1):
rpm: manually cleanup sysck
Kai Kang (1):
perl: fix CVE-2016-2381
Khem Raj (4):
python{3}-numpy: Predefine of sizeof off_t on mips/mipsel/ppc
systemd: Create missing sysusers offline
gdb: Cache gnu gettext config vars for musl builds
xserver-xf86-config: pre-load int10 and exa modules
Mariano Lopez (1):
python-smartpm_git.bb: Add patch for debugging random errors
Markus Lehtonen (2):
base.bbclass wipe ${S} before unpacking source
python-smartpm: use md5 as the digest for rpm_sys channel
Maxin B. John (1):
useradd_base: avoid unintended expansion for useradd parameters
Mingli Yu (2):
perl: fix CVE-2016-6185
perl: fix CVE-2015-8607
Pascal Bach (1):
gcc, qemuppc: Explicitly disable forcing SPE flags for 4.9
Reinette Chatre (1):
binutils: advance SRCREV to obtain versioned symbols
Richard Purdie (3):
busybox: Backport makefile fix from upstream
busybox: Add parallel make fix
python-smartpm: Avoid locale issue with bitbake python3
Robert Yang (1):
rpm: make --nosignature work
Ross Burton (1):
cml1: fix tasks after default [dirs] changed
Sona Sarmadi (3):
sudo: CVE-2015-8239
curl: security fix for CVE-2016-7141
dropbear: upgrade to 2016.72
Stefan Agner (1):
busybox: Fix busybox-init on non-tty consoles
Stephano Cetola (1):
systemd: allow add users as a rootfs postprocess cmd
Tanu Kaskinen (1):
pulseaudio: fix crash when disconnecting bluetooth devices
Thomas Witt (1):
cmake.bbclass: call cmake with a relative path
Yi Zhao (3):
tiff: Security fix CVE-2016-3186
tiff: Security fix CVE-2016-5321
tiff: Security fix CVE-2016-5323
Zhixiong Chi (1):
rpm: ensure rpm2cpio call rpm relocation code
mingli...@windriver.com (1):
python-smartpm: add support to check signatures
meta/classes/base.bbclass | 18 +-
meta/classes/cmake.bbclass | 14 +-
meta/classes/cml1.bbclass | 2 +
meta/classes/gobject-introspection.bbclass | 14 +-
meta/classes/grub-efi.bbclass | 2 +-
meta/classes/gummiboot.bbclass | 4 +-
meta/classes/multilib_global.bbclass | 3 +-
meta/classes/npm.bbclass | 1 +
meta/classes/rootfs-postcommands.bbclass | 43 +-
meta/classes/syslinux.bbclass | 2 +-
meta/classes/toolchain-scripts.bbclass | 3 +
meta/classes/useradd_base.bbclass | 2 -
meta/conf/bitbake.conf | 9 +-
meta/conf/machine/include/mips/arch-mips.inc | 3 +
meta/conf/machine/qemux86-64.conf | 5 +-
meta/conf/machine/qemux86.conf | 5 +-
.../openssh/openssh/CVE-2015-8325.patch| 33 +
.
[OE-core] [Master][Krogoth][Jethro][PATCH 2/2] tzdata: update to 2016g
From: Armin Kuster <akus...@mvista.com>
LICENSE md5sum changed do to rewording some text not released to the license.
see https://github.com/eggert/tz/commit/8c143a2b65fdfd43a7911be6fdb700c9c4553f58
Changes to future time stamps
Turkey switched from EET/EEST (+02/+03) to permanent +03,
effective 2016-09-07. (Thanks to Burak AYDIN.) Use "+03" rather
than an invented abbreviation for the new time.
New leap second 2016-12-31 23:59:60 UTC as per IERS Bulletin C 52.
(Thanks to Tim Parenti.)
Changes to past time stamps
For America/Los_Angeles, spring-forward transition times have been
corrected from 02:00 to 02:01 in 1948, and from 02:00 to 01:00 in
1950-1966.
For zones using Soviet time on 1919-07-01, transitions to UT-based
time were at 00:00 UT, not at 02:00 local time. The affected
zones are Europe/Kirov, Europe/Moscow, Europe/Samara, and
Europe/Ulyanovsk. (Thanks to Alexander Belopolsky.)
Changes to past and future time zone abbreviations
The Factory zone now uses the time zone abbreviation -00 instead
of a long English-language string, as -00 is now the normal way to
represent an undefined time zone.
Several zones in Antarctica and the former Soviet Union, along
with zones intended for ships at sea that cannot use POSIX TZ
strings, now use numeric time zone abbreviations instead of
invented or obsolete alphanumeric abbreviations. The affected
zones are Antarctica/Casey, Antarctica/Davis,
Antarctica/DumontDUrville, Antarctica/Mawson, Antarctica/Rothera,
Antarctica/Syowa, Antarctica/Troll, Antarctica/Vostok,
Asia/Anadyr, Asia/Ashgabat, Asia/Baku, Asia/Bishkek, Asia/Chita,
Asia/Dushanbe, Asia/Irkutsk, Asia/Kamchatka, Asia/Khandyga,
Asia/Krasnoyarsk, Asia/Magadan, Asia/Omsk, Asia/Sakhalin,
Asia/Samarkand, Asia/Srednekolymsk, Asia/Tashkent, Asia/Tbilisi,
Asia/Ust-Nera, Asia/Vladivostok, Asia/Yakutsk, Asia/Yekaterinburg,
Asia/Yerevan, Etc/GMT-14, Etc/GMT-13, Etc/GMT-12, Etc/GMT-11,
Etc/GMT-10, Etc/GMT-9, Etc/GMT-8, Etc/GMT-7, Etc/GMT-6, Etc/GMT-5,
Etc/GMT-4, Etc/GMT-3, Etc/GMT-2, Etc/GMT-1, Etc/GMT+1, Etc/GMT+2,
Etc/GMT+3, Etc/GMT+4, Etc/GMT+5, Etc/GMT+6, Etc/GMT+7, Etc/GMT+8,
Etc/GMT+9, Etc/GMT+10, Etc/GMT+11, Etc/GMT+12, Europe/Kaliningrad,
Europe/Minsk, Europe/Samara, Europe/Volgograd, and
Indian/Kerguelen. For Europe/Moscow the invented abbreviation MSM
was replaced by +05, whereas MSK and MSD were kept as they are not
our invention and are widely used.
Changes to zone names
Rename Asia/Rangoon to Asia/Yangon, with a backward compatibility link.
(Thanks to David Massoud.)
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-extended/tzdata/{tzdata_2016f.bb => tzdata_2016g.bb} | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
rename meta/recipes-extended/tzdata/{tzdata_2016f.bb => tzdata_2016g.bb} (97%)
diff --git a/meta/recipes-extended/tzdata/tzdata_2016f.bb
b/meta/recipes-extended/tzdata/tzdata_2016g.bb
similarity index 97%
rename from meta/recipes-extended/tzdata/tzdata_2016f.bb
rename to meta/recipes-extended/tzdata/tzdata_2016g.bb
index a66603f..3ee4b5a 100644
--- a/meta/recipes-extended/tzdata/tzdata_2016f.bb
+++ b/meta/recipes-extended/tzdata/tzdata_2016g.bb
@@ -2,15 +2,15 @@ SUMMARY = "Timezone data"
HOMEPAGE = "http://www.iana.org/time-zones;
SECTION = "base"
LICENSE = "PD & BSD & BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=76ae2becfcb9a685041c6f166b44c2c2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ef1a352b901ee7b75a75df8171d6aca7"
DEPENDS = "tzcode-native"
SRC_URI =
"http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzdata.md5sum] = "b20b3c1618db1984aac685e763de001d"
-SRC_URI[tzdata.sha256sum] =
"ed8c951008d12f1db55a11e96fc055718c6571233327d9de16a7f8475e2502b0"
+SRC_URI[tzdata.md5sum] = "3c7e97ec8527211104d27cc1d97a23de"
+SRC_URI[tzdata.sha256sum] =
"3c7137b2bc47323b0de47b77786bacf81ed503d4b2c693ff8ada2fbd1281ebd1"
inherit allarch
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [Master][Krogoth][Jethro][PATCH 1/2] tzcode-native: Update to 2016g
From: Armin Kuster <akus...@mvista.com>
LICENSE file checksum changed do to a verbage change.
Changes to code
zic no longer generates binary files containing POSIX TZ-like
strings that disagree with the local time type after the last
explicit transition in the data. This fixes a bug with
Africa/Casablanca and Africa/El_Aaiun in some year-2037 time
stamps on the reference platform. (Thanks to Alexander Belopolsky
for reporting the bug and suggesting a way forward.)
If the installed localtime and/or posixrules files are symbolic
links, zic now keeps them symbolic links when updating them, for
compatibility with platforms like OpenSUSE where other programs
configure these files as symlinks.
zic now avoids hard linking to symbolic links, avoids some
unnecessary mkdir and stat system calls, and uses shorter file
names internally.
zdump has a new -i option to generate transitions in a
more-compact but still human-readable format. This option is
experimental, and the output format may change in future versions.
(Thanks to Jon Skeet for suggesting that an option was needed,
and thanks to Tim Parenti and Chris Rovick for further comments.)
Changes to build procedure
An experimental distribution format is available, in addition
to the traditional format which will continue to be distributed.
The new format is a tarball tzdb-VERSION.tar.lz with signature
file tzdb-VERSION.tar.lz.asc. It unpacks to a top-level directory
tzdb-VERSION containing the code and data of the traditional
two-tarball format, along with extra data that may be useful.
(Thanks to Antonio Diaz Diaz, Oscar van Vlijmen, and many others
for comments about the experimental format.)
The release version number is now more accurate in the usual case
where releases are built from a Git repository. For example, if
23 commits and some working-file changes have been made since
release 2016g, the version number is now something like
'2016g-23-g50556e3-dirty' instead of the misleading '2016g'.
Official releases uses the same version number format as before,
e.g., '2016g'. To support the more-accurate version number, its
specification has moved from a line in the Makefile to a new
source file 'version'.
The experimental distribution contains a file to2050.tzs that
contains what should be the output of 'zdump -i -c 2050' on
primary zones. If this file is available, 'make check' now checks
that zdump generates this output.
'make check_web' now works on Fedora-like distributions.
Changes to documentation and commentary
tzfile.5 now documents the new restriction on POSIX TZ-like
strings that is now implemented by zic.
Comments now cite URLs for some 1917-1921 Russian DST decrees.
(Thanks to Alexander Belopolsky.)
tz-link.htm mentions JuliaTime (thanks to Curtis Vogt) and Time4J
(thanks to Meno Hochschild) and ThreeTen-Extra, and its
description of Java 8 has been brought up to date (thanks to
Stephen Colebourne). Its description of local time on Mars has
been updated to match current practice, and URLs have been updated
and some obsolete ones removed.
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../tzcode/{tzcode-native_2016f.bb => tzcode-native_2016g.bb} | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
rename meta/recipes-extended/tzcode/{tzcode-native_2016f.bb =>
tzcode-native_2016g.bb} (62%)
diff --git a/meta/recipes-extended/tzcode/tzcode-native_2016f.bb
b/meta/recipes-extended/tzcode/tzcode-native_2016g.bb
similarity index 62%
rename from meta/recipes-extended/tzcode/tzcode-native_2016f.bb
rename to meta/recipes-extended/tzcode/tzcode-native_2016g.bb
index bdf47d2..a2e6217 100644
--- a/meta/recipes-extended/tzcode/tzcode-native_2016f.bb
+++ b/meta/recipes-extended/tzcode/tzcode-native_2016g.bb
@@ -3,17 +3,16 @@
SUMMARY = "tzcode, timezone zoneinfo utils -- zic, zdump, tzselect"
LICENSE = "PD & BSD & BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=76ae2becfcb9a685041c6f166b44c2c2"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=ef1a352b901ee7b75a75df8171d6aca7"
SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode
\
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzcode.md5sum] = "b93618bb84e38dee102e0e41ec9d13e2"
-SRC_URI[tzcode.sha256sum] =
"72325f384490a310eeb2ea0fab7e6f011a5be19adab2ff9d83bf9d1993b066ed"
-
-SRC_URI[tzdata.md5sum] = "b20b3c1618db1984aac685e763de001d"
-SRC_URI[tzdata.sha256sum] =
"ed8c951008d12f1db55a11e96fc055718c6571233327d9de16a7f8475e2502b0"
+SRC_URI[tzcode.md5sum] = "f89867013676e3cb9544be2df7d36a91
[OE-core] [PATCH 0/9] jethro pull request v2
This fixes some typos in the commit message for the openssl fixes.
Added timezone update.
The following changes since commit c9c85df86cd2270b144fa824ef76adedd3636c8a:
util-linux: Security fix for CVE-2016-5011 (2016-09-23 23:21:43 +0100)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib akuster/jethro-next
http://cgit.openembedded.org/cgit.cgi//log/?h=akuster/jethro-next
Armin Kuster (9):
openssl: Security fix CVE-2016-2180
openssl: Security fix CVE-2016-2181
openssl: Security fix CVE-2016-2182
openssl: Security fix CVE-2016-6302
openssl: Security fix CVE-2016-6303
openssl: Security fix CVE-2016-6304
openssl: Security fix CVE-2016-6306
tzdata: update to 2016f
tzcode-native: update to 2016f
.../openssl/openssl/CVE-2016-2180.patch| 44
.../openssl/openssl/CVE-2016-2181_p1.patch | 91
.../openssl/openssl/CVE-2016-2181_p2.patch | 239 +
.../openssl/openssl/CVE-2016-2181_p3.patch | 30 +++
.../openssl/openssl/CVE-2016-2182.patch| 70 ++
.../openssl/openssl/CVE-2016-6302.patch| 53 +
.../openssl/openssl/CVE-2016-6303.patch| 36
.../openssl/openssl/CVE-2016-6304.patch| 75 +++
.../openssl/openssl/CVE-2016-6306.patch| 71 ++
.../recipes-connectivity/openssl/openssl_1.0.2h.bb | 9 +
...code-native_2016e.bb => tzcode-native_2016f.bb} | 8 +-
.../tzdata/{tzdata_2016e.bb => tzdata_2016f.bb}| 4 +-
12 files changed, 724 insertions(+), 6 deletions(-)
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
rename meta/recipes-extended/tzcode/{tzcode-native_2016e.bb =>
tzcode-native_2016f.bb} (68%)
rename meta/recipes-extended/tzdata/{tzdata_2016e.bb => tzdata_2016f.bb} (98%)
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 0/9] Jethro pull request
Please consider these changes for Jethro
The following changes since commit c9c85df86cd2270b144fa824ef76adedd3636c8a:
util-linux: Security fix for CVE-2016-5011 (2016-09-23 23:21:43 +0100)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib akuster/jethro-next
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=akuster/jethro-next
Armin Kuster (9):
openssl: Security fix CVE-2016-2180
openssl: Security fix CVE-2016-8181
openssl: Security fix CVE-2016-2182
openssl: Security fix CVE-2016-6304
openssl: Security fix CVE-2016-6303
openssl: Security fix CVE-2016-6304
openssl: Security fix CVE-2016-6303
tzdata: update to 2016f
tzcode-native: update to 2016f
.../openssl/openssl/CVE-2016-2180.patch| 44
.../openssl/openssl/CVE-2016-2181_p1.patch | 91
.../openssl/openssl/CVE-2016-2181_p2.patch | 239 +
.../openssl/openssl/CVE-2016-2181_p3.patch | 30 +++
.../openssl/openssl/CVE-2016-2182.patch| 70 ++
.../openssl/openssl/CVE-2016-6302.patch| 53 +
.../openssl/openssl/CVE-2016-6303.patch| 36
.../openssl/openssl/CVE-2016-6304.patch| 75 +++
.../openssl/openssl/CVE-2016-6306.patch| 71 ++
.../recipes-connectivity/openssl/openssl_1.0.2h.bb | 9 +
...code-native_2016e.bb => tzcode-native_2016f.bb} | 8 +-
.../tzdata/{tzdata_2016e.bb => tzdata_2016f.bb}| 4 +-
12 files changed, 724 insertions(+), 6 deletions(-)
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
rename meta/recipes-extended/tzcode/{tzcode-native_2016e.bb =>
tzcode-native_2016f.bb} (68%)
rename meta/recipes-extended/tzdata/{tzdata_2016e.bb => tzdata_2016f.bb} (98%)
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [master][morty][krogoth][PATCH] musl: Security fix CVE-2016-8859
From: Armin Kuster <akus...@mvista.com>
CVE-2016-8859: TRE & musl libc regex integer overflows in buffer size
computations
Affects musl <= 1.1.15
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-core/musl/files/CVE-2016-8859.patch | 79
meta/recipes-core/musl/musl_git.bb | 1 +
2 files changed, 80 insertions(+)
create mode 100644 meta/recipes-core/musl/files/CVE-2016-8859.patch
diff --git a/meta/recipes-core/musl/files/CVE-2016-8859.patch
b/meta/recipes-core/musl/files/CVE-2016-8859.patch
new file mode 100644
index 000..82da86f
--- /dev/null
+++ b/meta/recipes-core/musl/files/CVE-2016-8859.patch
@@ -0,0 +1,79 @@
+From c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dal...@aerifal.cx>
+Date: Thu, 6 Oct 2016 18:34:58 -0400
+Subject: [PATCH] fix missing integer overflow checks in regexec buffer size
+ computations
+
+most of the possible overflows were already ruled out in practice by
+regcomp having already succeeded performing larger allocations.
+however at least the num_states*num_tags multiplication can clearly
+overflow in practice. for safety, check them all, and use the proper
+type, size_t, rather than int.
+
+also improve comments, use calloc in place of malloc+memset, and
+remove bogus casts.
+
+Upstream-Status: Backport
+CVE: CVE-2016-8859
+
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ src/regex/regexec.c | 23 ++-
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/src/regex/regexec.c b/src/regex/regexec.c
+index 16c5d0a..dd52319 100644
+--- a/src/regex/regexec.c
b/src/regex/regexec.c
+@@ -34,6 +34,7 @@
+ #include
+ #include
+ #include
++#include
+
+ #include
+
+@@ -206,11 +207,24 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void
*string,
+
+ /* Allocate memory for temporary data required for matching.This
needs to
+ be done for every matching operation to be thread safe. This allocates
+- everything in a single large block from the stack frame using alloca()
+- or with malloc() if alloca is unavailable. */
++ everything in a single large block with calloc(). */
+ {
+-int tbytes, rbytes, pbytes, xbytes, total_bytes;
++size_t tbytes, rbytes, pbytes, xbytes, total_bytes;
+ char *tmp_buf;
++
++/* Ensure that tbytes and xbytes*num_states cannot overflow, and that
++ * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */
++if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states))
++ goto error_exit;
++
++/* Likewise check rbytes. */
++if (tnfa->num_states+1 > SIZE_MAX/(8 * sizeof(*reach_next)))
++ goto error_exit;
++
++/* Likewise check pbytes. */
++if (tnfa->num_states > SIZE_MAX/(8 * sizeof(*reach_pos)))
++ goto error_exit;
++
+ /* Compute the length of the block we need. */
+ tbytes = sizeof(*tmp_tags) * num_tags;
+ rbytes = sizeof(*reach_next) * (tnfa->num_states + 1);
+@@ -221,10 +235,9 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void
*string,
+ + (rbytes + xbytes * tnfa->num_states) * 2 + tbytes + pbytes;
+
+ /* Allocate the memory. */
+-buf = xmalloc((unsigned)total_bytes);
++buf = calloc(total_bytes, 1);
+ if (buf == NULL)
+ return REG_ESPACE;
+-memset(buf, 0, (size_t)total_bytes);
+
+ /* Get the various pointers within tmp_buf (properly aligned). */
+ tmp_tags = (void *)buf;
+--
+2.7.4
+
diff --git a/meta/recipes-core/musl/musl_git.bb
b/meta/recipes-core/musl/musl_git.bb
index c07101b..1ee56b6 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -11,6 +11,7 @@ PV = "1.1.15+git${SRCPV}"
SRC_URI = "git://git.musl-libc.org/musl \
file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \
+ file://CVE-2016-8859.patch \
"
S = "${WORKDIR}/git"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [Master][morty][PATCH 1/2] tzcode-native: update to 2016h
From: Armin Kuster <akus...@mvista.com>
Changes to code
zic no longer mishandles relativizing file names when creating
symbolic links like /etc/localtime, when these symbolic links
are outside the usual directory hierarchy. This fixes a bug
introduced in 2016g. (Problem reported by Andreas Stieger.)
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../tzcode/{tzcode-native_2016g.bb => tzcode-native_2016h.bb} | 8
1 file changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-extended/tzcode/{tzcode-native_2016g.bb =>
tzcode-native_2016h.bb} (69%)
diff --git a/meta/recipes-extended/tzcode/tzcode-native_2016g.bb
b/meta/recipes-extended/tzcode/tzcode-native_2016h.bb
similarity index 69%
rename from meta/recipes-extended/tzcode/tzcode-native_2016g.bb
rename to meta/recipes-extended/tzcode/tzcode-native_2016h.bb
index a2e6217..de7d88d 100644
--- a/meta/recipes-extended/tzcode/tzcode-native_2016g.bb
+++ b/meta/recipes-extended/tzcode/tzcode-native_2016h.bb
@@ -9,10 +9,10 @@ SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzcode.md5sum] = "f89867013676e3cb9544be2df7d36a91"
-SRC_URI[tzcode.sha256sum] =
"1ff90b47ad7986140a513b5287b1851c40f80fd44fd636db5cc5b46d06f9fa2b"
-SRC_URI[tzdata.md5sum] = "3c7e97ec8527211104d27cc1d97a23de"
-SRC_URI[tzdata.sha256sum] =
"3c7137b2bc47323b0de47b77786bacf81ed503d4b2c693ff8ada2fbd1281ebd1"
+SRC_URI[tzcode.md5sum] = "00c20689d996dea4cf5b45504724ce8f"
+SRC_URI[tzcode.sha256sum] =
"30e62f0b86a78fb020d378b950930da023ca31b1a58f08d8fb2066627c4d6566"
+SRC_URI[tzdata.md5sum] = "878f0ec3fd9e4026ea11dd1b649a315a"
+SRC_URI[tzdata.sha256sum] =
"da1b74fc2dec2ce8b64948dafb0bfc2f923c830d421a7ae4d016226135697a64"
S = "${WORKDIR}"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [Master][morty][PATCH 2/2] tzdata: Update to 2016h
From: Armin Kuster <akus...@mvista.com>
Changes to future time stamps
Asia/Gaza and Asia/Hebron end DST on 2016-10-29 at 01:00, not
2016-10-21 at 00:00. (Thanks to Sharef Mustafa.) Predict that
future fall transitions will be on the last Saturday of October
at 01:00, which is consistent with predicted spring transitions
on the last Saturday of March. (Thanks to Tim Parenti.)
Changes to past time stamps
In Turkey, transitions in 1986-1990 were at 01:00 standard time
not at 02:00, and the spring 1994 transition was on March 20, not
March 27. (Thanks to Kıvanç Yazan.)
Changes to past and future time zone abbreviations
Asia/Colombo now uses numeric time zone abbreviations like "+0530"
instead of alphabetic ones like "IST" and "LKT". Various
English-language sources use "IST", "LKT" and "SLST", with no
working consensus. (Usage of "SLST" mentioned by Sadika
Sumanapala.)
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-extended/tzdata/{tzdata_2016g.bb => tzdata_2016h.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/tzdata/{tzdata_2016g.bb => tzdata_2016h.bb} (98%)
diff --git a/meta/recipes-extended/tzdata/tzdata_2016g.bb
b/meta/recipes-extended/tzdata/tzdata_2016h.bb
similarity index 98%
rename from meta/recipes-extended/tzdata/tzdata_2016g.bb
rename to meta/recipes-extended/tzdata/tzdata_2016h.bb
index 3ee4b5a..00b0f5f 100644
--- a/meta/recipes-extended/tzdata/tzdata_2016g.bb
+++ b/meta/recipes-extended/tzdata/tzdata_2016h.bb
@@ -9,8 +9,8 @@ DEPENDS = "tzcode-native"
SRC_URI =
"http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzdata.md5sum] = "3c7e97ec8527211104d27cc1d97a23de"
-SRC_URI[tzdata.sha256sum] =
"3c7137b2bc47323b0de47b77786bacf81ed503d4b2c693ff8ada2fbd1281ebd1"
+SRC_URI[tzdata.md5sum] = "878f0ec3fd9e4026ea11dd1b649a315a"
+SRC_URI[tzdata.sha256sum] =
"da1b74fc2dec2ce8b64948dafb0bfc2f923c830d421a7ae4d016226135697a64"
inherit allarch
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 00/45] Morty: Patch set review
Sending cover leter only:
I have pulled together a set of patches which seem to be appropriate for Morty.
Please review to see if a commit is inappropriate or missing.
The following changes since commit 6c9f6b5f70ab3ee194b2c2c6f3bd462c994848fa:
bitbake: toaster: buildinfohelper Handle regex paths (2016-11-03 17:41:15
+)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/morty-next
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/morty-next
Alexander Kanavin (8):
lttng-tools: do not install shared libraries in ptest package
gnome-desktop3: fix dependencies
webkitgtk: remove lib_package inherit as executables are now installed
in libexecdir
rt-tests: fix the recipe version to match upstream
epiphany: remove unnecessary libwnck3 dependency
libwnck3: remove the recipe
libarchive: update to 3.2.2
valgrind: update to 3.12.0
Andre McCurdy (1):
gdb: update 7.11+git1a982b689c -> 7.11.1
André Draszik (2):
boost: disable 'wave' in MIPS16e mode
bash_3.2.x: update recipe version to match what we're shipping
Armin Kuster (2):
tzcode-native: update to 2016h
tzdata: Update to 2016h
Chen Qi (2):
rpm: fix file location of rpm2cpio.real
systemd: CVE-2016-7795
Dengke Du (1):
subversion: fix "svnadmin create" fail on x86
Dmitry Rozhkov (1):
openssl: rehash actual mozilla certificates inside rootfs
George McCollister (1):
uboot-sign: fix do_concat_dtb for .img, .rom
Juro Bystricky (1):
build-appliance-image: Fix incorrect PATH
Kai Kang (2):
qemu: supplementary fix of CVE-2016-5403
qemu: fix CVE-2016-7423 and CVE-2016-7908
Khem Raj (1):
binutils-2.27: Fix linker segfaults when linking binary files
Lukasz Nowak (1):
connman: fix bad file descriptor initialisation
Markus Lehtonen (1):
python: fix python-tests rdepends
Mike Looijmans (1):
busybox/mdev.conf: Ignore eMMC RPMB and boot block devices
Olaf Mandel (1):
texi2html: Allow compiling out-of-source
Paul Eggleton (5):
classes/license: fix handling of symlinks pointed to in
LIC_FILES_CHKSUM
classes/populate_sdk_base: fix usage of & character in SDK_TITLE
classes/nativesdk: set SDK_OLDEST_KERNEL appropriately
oe-setup-builddir: fix TEMPLATECONF error message
classes/populate_sdk_ext: prevent invalid TEMPLATECONF entering eSDK
Robert P. J. Day (2):
testsdk.bbclass: Clean up comments, clarify image choices.
oe-pkgdata-util: Use standard verb form in help info.
Robert Yang (2):
oe/copy_buildsystem.py: dereference symlink
insane.bbclass:buildpaths: open() file with 'rb'
Ross Burton (4):
slang: add PREMIRRORS to handle upstream moving tarballs
slang: clean up options and dependencies
util-linux: add su.1 to update-alternatives
shadow: add nologin.8 to alternatives
Samuli Piippo (1):
package_manager.py: correctly remove all dependent packages
Yi Zhao (5):
tiff: Security fix CVE-2016-3945
tiff: Security fix CVE-2016-3990
tiff: Security fix CVE-2016-3991
tiff: Security fix CVE-2016-3623
tiff: Security fix CVE-2016-3622
meta/classes/insane.bbclass| 4 +-
meta/classes/license.bbclass | 2 +
meta/classes/nativesdk.bbclass | 2 +
meta/classes/populate_sdk_base.bbclass | 7 +-
meta/classes/populate_sdk_ext.bbclass | 6 +-
meta/classes/testsdk.bbclass | 14 +-
meta/classes/uboot-sign.bbclass| 4 +-
meta/conf/bitbake.conf | 5 +
meta/conf/machine-sdk/i586.conf| 1 +
meta/conf/machine-sdk/i686.conf| 1 +
meta/conf/machine-sdk/x86_64.conf | 1 +
meta/lib/oe/copy_buildsystem.py| 6 +-
meta/lib/oe/package_manager.py | 2 +-
...ts-Fix-bad-file-descriptor-initialisation.patch | 102 ++
meta/recipes-connectivity/connman/connman_1.33.bb | 1 +
.../openssl/openssl/openssl-c_rehash.sh| 20 ++-
meta/recipes-core/busybox/files/mdev.conf | 2 +
.../images/build-appliance-image_15.0.0.bb | 2 +-
.../systemd/systemd/CVE-2016-7795.patch| 69 ++
meta/recipes-core/systemd/systemd_230.bb | 1 +
meta/recipes-core/util-linux/util-linux.inc| 8 +-
meta/recipes-devtools/binutils/binutils-2.27.inc | 1 +
...lt-in-ARM-linker-when-trying-to-parse-a-b.patch | 31 +
meta/recipes-devtools/gdb/gdb-7.11.1.inc | 22 +++
meta/recipes-devtools/gdb/gdb-7.11.inc | 9 --
meta/recipes-devtools/gdb/gdb-common.inc | 24
...nadian_7.11.bb => gdb-cross-canadian_7.11.1.bb} | 0
.../gdb/{gdb-cross_7.11.bb => gdb-cross_7.11.1.bb} | 0
.../gdb/{gdb_7.11.bb => gdb_7.11.1.bb} | 0
.../python/python-2.7-manifest.inc | 2 +-
...0001-virtio-zero-vq-inuse-in-virtio_reset.patc
[OE-core] [PATCH 00/32] Pull request for Krogoth-next
Please consider these changes for Krogoth-next
The following changes since commit 3bf928a3b6354bc09c87fcbf9e3972c8d368aaa3:
dev-manual: Fixed typo for "${INC_PR}.0" (2016-11-16 10:38:24 +)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/krogoth-next
http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/krogoth-next
Adrian Dudau (2):
qemu: Security fix CVE-2016-4439
qemu: Security fix CVE-2016-4952
Armin Kuster (2):
tzcode-native: update to 2016h
tzdata: Update to 2016h
Daniel Díaz (1):
weston: Add no-input-device patch to 1.9.0.
Otavio Salvador (1):
gstreamer1.0-libav: Add 'valgrind' config option
Richard Purdie (5):
sstate: Ensure we don't remove sigbasedata files
rm_work: Ensure we don't remove sigbasedata files
bitbake: build: Ensure we preserve sigbasedata files as well as
sigdata ones
bitbake: siggen: Pass basehash to worker processes and sanity check
reparsing result
bitbake: siggen: Ensure taskhash mismatches don't override existing
data
Ross Burton (4):
classes/cross: set lt_cv_sys_lib_dlsearch_path_spec
classes/native: set lt_cv_sys_lib_dlsearch_path_spec
binutils: fix typo in libtool patch
binutils: apply RPATH fixes from our libtool patches
Sona Sarmadi (11):
curl: CVE-2016-8615
curl: CVE-2016-8616
curl: CVE-2016-8617
curl: CVE-2016-8618
curl: CVE-2016-8619
curl: CVE-2016-8620
curl: CVE-2016-8621
curl: CVE-2016-8622
curl: CVE-2016-8623
curl: CVE-2016-8624
curl: CVE-2016-8625
Yi Zhao (5):
tiff: Security fix CVE-2016-3945
tiff: Security fix CVE-2016-3990
tiff: Security fix CVE-2016-3991
tiff: Security fix CVE-2016-3623
tiff: Security fix CVE-2016-3622
Zeeshan Ali (1):
nss: Disable warning on deprecated API usage
bitbake/lib/bb/build.py| 2 +-
bitbake/lib/bb/siggen.py | 31 +-
meta/classes/cross.bbclass | 2 +
meta/classes/native.bbclass| 3 +-
meta/classes/rm_work.bbclass | 2 +-
meta/classes/sstate.bbclass| 2 +-
meta/recipes-devtools/binutils/binutils-2.26.inc | 1 +
.../binutils/binutils/0006-Use-libtool-2.4.patch | 5 +-
.../binutils/0014-libtool-remove-rpath.patch | 100
.../recipes-devtools/qemu/qemu/CVE-2016-4441.patch | 78 +++
.../recipes-devtools/qemu/qemu/CVE-2016-4952.patch | 105
meta/recipes-devtools/qemu/qemu_2.5.0.bb | 2 +
...code-native_2016g.bb => tzcode-native_2016h.bb} | 8 +-
.../tzdata/{tzdata_2016g.bb => tzdata_2016h.bb}| 4 +-
.../add-config-option-for-no-input-device.patch| 125 +
meta/recipes-graphics/wayland/weston_1.9.0.bb | 1 +
.../gstreamer/gstreamer1.0-libav.inc | 1 +
.../libtiff/files/CVE-2016-3622.patch | 129 +
.../libtiff/files/CVE-2016-3623.patch | 52 ++
.../libtiff/files/CVE-2016-3945.patch | 118
.../libtiff/files/CVE-2016-3990.patch | 66 +++
.../libtiff/files/CVE-2016-3991.patch | 147 +
meta/recipes-multimedia/libtiff/tiff_4.0.6.bb | 5 +
meta/recipes-support/curl/curl/CVE-2016-8615.patch | 77 +++
meta/recipes-support/curl/curl/CVE-2016-8616.patch | 49 ++
meta/recipes-support/curl/curl/CVE-2016-8617.patch | 28 +
meta/recipes-support/curl/curl/CVE-2016-8618.patch | 52 ++
meta/recipes-support/curl/curl/CVE-2016-8619.patch | 52 ++
meta/recipes-support/curl/curl/CVE-2016-8620.patch | 44 ++
meta/recipes-support/curl/curl/CVE-2016-8621.patch | 120
meta/recipes-support/curl/curl/CVE-2016-8622.patch | 94
meta/recipes-support/curl/curl/CVE-2016-8623.patch | 209 +++
meta/recipes-support/curl/curl/CVE-2016-8624.patch | 51 ++
meta/recipes-support/curl/curl/CVE-2016-8625.patch | 615 +
.../url-remove-unconditional-idn2.h-include.patch | 29 +
meta/recipes-support/curl/curl_7.47.1.bb | 12 +
.../nss/nss-disable-werror-on-deprecated-api.patch | 22 +
meta/recipes-support/nss/nss_3.21.bb | 1 +
38 files changed, 2417 insertions(+), 27 deletions(-)
create mode 100644
meta/recipes-devtools/binutils/binutils/0014-libtool-remove-rpath.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-4441.patch
create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-4952.patch
rename meta/recipes-extended/tzcode/{tzcode-native_2016g.bb =>
tzcode-native_2016h.bb} (68%)
rename meta/recipes-extended/tzdata/{tzdata_2016g.bb => tzdata_2016h.bb} (98%)
create mode 100644
meta/recipes-graphics/wayland/weston/add-config-option-for-no-input-device.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3945.patch
create mo
[OE-core] [PATCH 00/13] Pull request jethro-next
Please consider these for jethro-next
The following changes since commit 820b835e3cbfefb1ed11faca95a67ef6f5475fb1:
dev-manual: Fixed typo for "${INC_PR}.0" (2016-11-16 10:38:29 +)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/jethro-next
http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/jethro-next
Armin Kuster (13):
gnutils: Security fix CVE-2016-7444
bind: Security fix CVE-2016-2775
bind: Security fix CVE-2016-2776
openssl: Security fix CVE-2016-2179
openssl: Security fix CVE-2016-8610
python-2.7: Security fix CVE-2016-0772
python-2.7: Security fix CVE-2016-5636
python-2.7: Security fix CVE-2016-5699
python-2.7: Security fix CVE-2016-1000110
tzcode-native: update to 2016h
tzdata: Update to 2016h
tzcode: update to 2016i
tzdata: update to 2016i
.../bind/bind/CVE-2016-2775.patch | 84 +++
.../bind/bind/CVE-2016-2776.patch | 112 +
meta/recipes-connectivity/bind/bind_9.10.2-P4.bb | 2 +
.../openssl/openssl/CVE-2016-2179.patch| 255 +
.../openssl/openssl/CVE-2016-8610.patch| 124 ++
.../recipes-connectivity/openssl/openssl_1.0.2h.bb | 2 +
.../python/python/CVE-2016-0772.patch | 42
.../python/python/CVE-2016-1000110.patch | 145
.../python/python/CVE-2016-5636.patch | 42
.../python/python/CVE-2016-5699.patch | 162 +
meta/recipes-devtools/python/python_2.7.9.bb | 4 +
...code-native_2016g.bb => tzcode-native_2016i.bb} | 8 +-
.../tzdata/{tzdata_2016g.bb => tzdata_2016i.bb}| 4 +-
.../gnutls/gnutls/CVE-2016-7444.patch | 31 +++
meta/recipes-support/gnutls/gnutls_3.3.17.1.bb | 1 +
15 files changed, 1012 insertions(+), 6 deletions(-)
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2775.patch
create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-2776.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-2179.patch
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2016-8610.patch
create mode 100644 meta/recipes-devtools/python/python/CVE-2016-0772.patch
create mode 100644 meta/recipes-devtools/python/python/CVE-2016-1000110.patch
create mode 100644 meta/recipes-devtools/python/python/CVE-2016-5636.patch
create mode 100644 meta/recipes-devtools/python/python/CVE-2016-5699.patch
rename meta/recipes-extended/tzcode/{tzcode-native_2016g.bb =>
tzcode-native_2016i.bb} (68%)
rename meta/recipes-extended/tzdata/{tzdata_2016g.bb => tzdata_2016i.bb} (98%)
create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
--
2.3.5
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 00/43] Krogoth-next pull request
Please consider these changes for krogoth-next The following changes since commit 40f4a6d075236265086cc79400dea3c14720383a: bsp-guide: Updated the yocto-bsp create selections in the example. (2016-10-13 23:16:56 +0100) are available in the git repository at: git://git.yoctoproject.org/poky-contrib akuster/krogoth-next http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/krogoth-next Aníbal Limón (1): bitbake: bb.event: fix infinite loop on print_ui_queue Armin Kuster (2): meta-linux-yocto: update to 4.1.33 meta-linux-yocto: update 4.4 to 4.4.26 Bruce Ashfield (7): linux-yocto/4.1: update to 4.1.33 linux-yocto/4.4: update to v4.4.22 linux-yocto/4.1/4.4: remove innappropriate standard/base patches linux-yocto/4.4/4.8: kernel config warning cleanups linux-yocto/4.4: update to v4.4.26 linux-yocto/4.1: fix CVE-2016-5195 (dirtycow) perf: adapt to Makefile.config California Sullivan (4): parselogs.py: Add amd_nb error to x86_common whitelist parselogs.py: Add dmi and ioremap errors to ignore list for core2 parselogs.py: Ignore Skylake graphics firmware load errors on genericx86-64 parselogs.py: Add disabling eDP error to x86_common whitelist Christopher Larson (1): perf: Fix to obey LD failure on qemux86-64 Ed Bartosh (1): bitbake: event.py: output errors and warnings to stderr Enrico Scholz (1): bitbake: fetch: copy files with -H Joshua Lock (1): bitbake: event: prevent unclosed file warning in print_ui_queue Juro Bystricky (3): libgcc-common.inc: Fix broken symlinks for multilib SDK gcc-runtime.inc: add CPP support for mips64-n32 tune gcc-runtime.inc: Add CPP support for x86-64-x32 tune Jussi Kukkonen (1): This is a backport from master of 2 consecutive fixes. Khem Raj (1): binutils: Fix gas error with cfi_section inconsistencies Markus Lehtonen (1): rpm: prevent race in tempdir creation Ola x Nilsson (2): devtool: build_image: Fix recipe filter devtool: Use the wildcard flag in update_recipe_patch Pascal Bach (1): glibc: fix CVE-2016-1234, CVE-2016-3075, CVE-2016-5417 Paul Eggleton (8): devtool: update-recipe: fix --initial-rev option devtool: reset: allow reset to work if the recipe file has been deleted recipetool: create: fix handling of github URLs lib/oe/recipeutils: fix patch_recipe*() with empty input recipetool: create: fix greedy regex that broke support for github tarballs oe-selftest: recipetool: add tests for git URL mangling devtool: add: fix error message when only specifying a recipe name classes/externalsrc: re-run do_configure when configure files change Richard Purdie (3): parselogs: Ignore amb_nb warning messages under qemux86* parselogs: Ignore uvesafb timeouts oeqa/parselogs: Don't use cwd for file transfers Saul Wold (1): archiver: fix gcc-source handling Sona Sarmadi (2): dropbear: fix multiple CVEs bash: Security fix CVE-2016-0634 Sujith Haridasan (1): perf: Fix to obey LD failure Zheng Ruoqin (1): bind: fix two CVEs bitbake/lib/bb/event.py| 17 +- bitbake/lib/bb/fetch2/__init__.py |2 +- .../recipes-kernel/linux/linux-yocto_4.1.bbappend | 17 +- .../recipes-kernel/linux/linux-yocto_4.4.bbappend | 17 +- meta/classes/archiver.bbclass |5 +- meta/classes/autotools.bbclass |2 + meta/classes/cmake.bbclass |2 + meta/classes/externalsrc.bbclass | 22 + meta/lib/oe/recipeutils.py |2 +- meta/lib/oeqa/runtime/parselogs.py | 29 +- meta/lib/oeqa/selftest/recipetool.py | 43 + .../bind/bind/CVE-2016-2775.patch | 90 + .../bind/bind/CVE-2016-2776.patch | 123 + meta/recipes-connectivity/bind/bind_9.10.3-P3.bb |2 + meta/recipes-core/base-files/base-files/profile|6 +- meta/recipes-core/dropbear/dropbear.inc|4 + .../dropbear/dropbear/CVE-2016-7406.patch | 102 + .../dropbear/dropbear/CVE-2016-7407.patch | 2486 .../dropbear/dropbear/CVE-2016-7408.patch | 101 + .../dropbear/dropbear/CVE-2016-7409.patch | 27 + meta/recipes-core/glibc/glibc/CVE-2016-1234.patch | 427 meta/recipes-core/glibc/glibc/CVE-2016-3075.patch | 37 + meta/recipes-core/glibc/glibc/CVE-2016-5417.patch | 28 + meta/recipes-core/glibc/glibc_2.23.bb |3 + meta/recipes-devtools/binutils/binutils-2.26.inc |1 + ..._sections-check-to-only-consider-compact-.patch | 97 + meta/recipes-devtools/gcc/gcc-runtime.inc | 18 + meta/recipes-devtools/gcc/libgcc-common.inc|8 +- ...more-verbose-error-logging-in-rpmTempFile.patch | 26 +- .../rpmdb-prevent-race-in-tmpdir-creation.patch| 41 + meta/recipes-devtools/rpm/rpm_5.4.16.bb|1 + .../recipes-extended/bash/bash/CVE-2016
[OE-core] [PATCH 0/2] Time zone update to 2016i
These applied on top of 2016h I sent on 10-23
Armin Kuster (2):
tzcode: update to 2016i
tzdata: update to 2016i
.../tzcode/{tzcode-native_2016h.bb => tzcode-native_2016i.bb} | 8
meta/recipes-extended/tzdata/{tzdata_2016h.bb => tzdata_2016i.bb} | 4 ++--
2 files changed, 6 insertions(+), 6 deletions(-)
rename meta/recipes-extended/tzcode/{tzcode-native_2016h.bb =>
tzcode-native_2016i.bb} (69%)
rename meta/recipes-extended/tzdata/{tzdata_2016h.bb => tzdata_2016i.bb} (98%)
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/2] tzdata: update to 2016i
Briefly: Cyprus split into two time zones on 2016-10-30, and Tonga
reintroduces DST on 2016-11-06.
Changes to future time stamps
Pacific/Tongatapu begins DST on 2016-11-06 at 02:00, ending on
2017-01-15 at 03:00. Assume future observances in Tonga will be
from the first Sunday in November through the third Sunday in
January, like Fiji. (Thanks to Pulu ʻAnau.) Switch to numeric
time zone abbreviations for this zone.
Changes to past and future time stamps
Northern Cyprus is now +03 year round, causing a split in Cyprus
time zones starting 2016-10-30 at 04:00. This creates a zone
Asia/Famagusta. (Thanks to Even Scharning and Matt Johnson.)
Antarctica/Casey switched from +08 to +11 on 2016-10-22.
(Thanks to Steffen Thorsen.)
Changes to past time stamps
Several corrections were made for pre-1975 time stamps in Italy.
These affect Europe/Malta, Europe/Rome, Europe/San_Marino, and
Europe/Vatican.
First, the 1893-11-01 00:00 transition in Italy used the new UT
offset (+01), not the old (+00:49:56). (Thanks to Michael
Deckers.)
Second, rules for daylight saving in Italy were changed to agree
with Italy's National Institute of Metrological Research (INRiM)
except for 1944, as follows (thanks to Pierpaolo Bernardi, Brian
Inglis, and Michael Deckers):
The 1916-06-03 transition was at 24:00, not 00:00.
The 1916-10-01, 1919-10-05, and 1920-09-19 transitions were at
00:00, not 01:00.
The 1917-09-30 and 1918-10-06 transitions were at 24:00, not
01:00.
The 1944-09-17 transition was at 03:00, not 01:00. This
particular change is taken from Italian law as INRiM's table,
(which says 02:00) appears to have a typo here. Also, keep the
1944-04-03 transition for Europe/Rome, as Rome was controlled by
Germany then.
The 1967-1970 and 1972-1974 fallback transitions were at 01:00,
not 00:00.
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-extended/tzdata/{tzdata_2016h.bb => tzdata_2016i.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/tzdata/{tzdata_2016h.bb => tzdata_2016i.bb} (98%)
diff --git a/meta/recipes-extended/tzdata/tzdata_2016h.bb
b/meta/recipes-extended/tzdata/tzdata_2016i.bb
similarity index 98%
rename from meta/recipes-extended/tzdata/tzdata_2016h.bb
rename to meta/recipes-extended/tzdata/tzdata_2016i.bb
index 00b0f5f..3801a3f 100644
--- a/meta/recipes-extended/tzdata/tzdata_2016h.bb
+++ b/meta/recipes-extended/tzdata/tzdata_2016i.bb
@@ -9,8 +9,8 @@ DEPENDS = "tzcode-native"
SRC_URI =
"http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzdata.md5sum] = "878f0ec3fd9e4026ea11dd1b649a315a"
-SRC_URI[tzdata.sha256sum] =
"da1b74fc2dec2ce8b64948dafb0bfc2f923c830d421a7ae4d016226135697a64"
+SRC_URI[tzdata.md5sum] = "73912ecfa6a9a8048ddf2e719d9bc39d"
+SRC_URI[tzdata.sha256sum] =
"b6966ec982ef64fe48cebec437096b4f57f4287519ed32dde59c86d3a1853845"
inherit allarch
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/2] tzcode: update to 2016i
Changes to code
The code should now be buildable on AmigaOS merely by setting the
appropriate Makefile variables. (From a patch by Carsten Larsen.)
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
.../tzcode/{tzcode-native_2016h.bb => tzcode-native_2016i.bb} | 8
1 file changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-extended/tzcode/{tzcode-native_2016h.bb =>
tzcode-native_2016i.bb} (69%)
diff --git a/meta/recipes-extended/tzcode/tzcode-native_2016h.bb
b/meta/recipes-extended/tzcode/tzcode-native_2016i.bb
similarity index 69%
rename from meta/recipes-extended/tzcode/tzcode-native_2016h.bb
rename to meta/recipes-extended/tzcode/tzcode-native_2016i.bb
index de7d88d..9d3d5a1 100644
--- a/meta/recipes-extended/tzcode/tzcode-native_2016h.bb
+++ b/meta/recipes-extended/tzcode/tzcode-native_2016i.bb
@@ -9,10 +9,10 @@ SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzcode.md5sum] = "00c20689d996dea4cf5b45504724ce8f"
-SRC_URI[tzcode.sha256sum] =
"30e62f0b86a78fb020d378b950930da023ca31b1a58f08d8fb2066627c4d6566"
-SRC_URI[tzdata.md5sum] = "878f0ec3fd9e4026ea11dd1b649a315a"
-SRC_URI[tzdata.sha256sum] =
"da1b74fc2dec2ce8b64948dafb0bfc2f923c830d421a7ae4d016226135697a64"
+SRC_URI[tzcode.md5sum] = "8fae14cba9396462955b7859cf04ba48"
+SRC_URI[tzcode.sha256sum] =
"411e8adcb6288b17d6c2624fde65e7d82654ca69b813ae121504ff66f0cfba7b"
+SRC_URI[tzdata.md5sum] = "73912ecfa6a9a8048ddf2e719d9bc39d"
+SRC_URI[tzdata.sha256sum] =
"b6966ec982ef64fe48cebec437096b4f57f4287519ed32dde59c86d3a1853845"
S = "${WORKDIR}"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH]] libtiff: Update to 4.0.7
Major changes:
The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are
completely removed from the distribution, used for demos.
CVEs fixed:
CVE-2016-9297
CVE-2016-9448
CVE-2016-9273
CVE-2014-8127
CVE-2016-3658
CVE-2016-5875
CVE-2016-5652
CVE-2016-3632
plus more that are not identified in the changelog.
removed patches integrated into update.
more info: http://libtiff.maptools.org/v4.0.7.html
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
.../libtiff/files/CVE-2015-8665_8683.patch | 137 ---
.../libtiff/files/CVE-2015-8781.patch | 195 --
.../libtiff/files/CVE-2015-8784.patch | 73
.../libtiff/files/CVE-2016-3186.patch | 24 --
.../libtiff/files/CVE-2016-3622.patch | 129 ---
.../libtiff/files/CVE-2016-3623.patch | 52 ---
.../libtiff/files/CVE-2016-3632.patch | 34 --
.../libtiff/files/CVE-2016-3658.patch | 111 --
.../libtiff/files/CVE-2016-3945.patch | 118 --
.../libtiff/files/CVE-2016-3990.patch | 66
.../libtiff/files/CVE-2016-3991.patch | 147 ---
.../libtiff/files/CVE-2016-5321.patch | 49 ---
.../libtiff/files/CVE-2016-5323.patch | 107 --
.../libtiff/files/CVE-2016-9535-1.patch| 423 -
.../libtiff/files/CVE-2016-9535-2.patch| 67
.../libtiff/files/CVE-2016-9538.patch | 67
.../libtiff/files/CVE-2016-9539.patch | 60 ---
.../libtiff/files/CVE-2016-9540.patch | 60 ---
.../libtiff/files/Fix_several_CVE_issues.patch | 281 --
.../libtiff/{tiff_4.0.6.bb => tiff_4.0.7.bb} | 23 +-
20 files changed, 2 insertions(+), 2221 deletions(-)
delete mode 100644
meta/recipes-multimedia/libtiff/files/CVE-2015-8665_8683.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3632.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3945.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3991.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9538.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9540.patch
delete mode 100644
meta/recipes-multimedia/libtiff/files/Fix_several_CVE_issues.patch
rename meta/recipes-multimedia/libtiff/{tiff_4.0.6.bb => tiff_4.0.7.bb} (65%)
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2015-8665_8683.patch
b/meta/recipes-multimedia/libtiff/files/CVE-2015-8665_8683.patch
deleted file mode 100644
index 39c5059..000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2015-8665_8683.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From f94a29a822f5528d2334592760fbb7938f15eb55 Mon Sep 17 00:00:00 2001
-From: erouault
-Date: Sat, 26 Dec 2015 17:32:03 +
-Subject: [PATCH] * libtiff/tif_getimage.c: fix out-of-bound reads in
- TIFFRGBAImage interface in case of unsupported values of
- SamplesPerPixel/ExtraSamples for LogLUV / CIELab. Add explicit call to
- TIFFRGBAImageOK() in TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by
- limingxing and CVE-2015-8683 reported by zzf of Alibaba.
-
-Upstream-Status: Backport
-CVE: CVE-2015-8665
-CVE: CVE-2015-8683
-https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
-
-Signed-off-by: Armin Kuster <akus...@mvista.com>
-
- ChangeLog | 8
- libtiff/tif_getimage.c | 35 ++-
- 2 files changed, 30 insertions(+), 13 deletions(-)
-
-Index: tiff-4.0.6/libtiff/tif_getimage.c
-===
tiff-4.0.6.orig/libtiff/tif_getimage.c
-+++ tiff-4.0.6/libtiff/tif_getimage.c
-@@ -182,20 +182,22 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[102
- "Planarconfiguration", td->td_planarconfig);
- return (0);
- }
--
[OE-core] [PATCH] 1/2] tzcode-native: update to 2016j
Changes to code
zic no longer mishandles file systems that lack hard links, fixing
bugs introduced in 2016g. (Problems reported by Tom Lane.)
Also, when the destination already contains symbolic links, zic
should now work better on systems where the 'link' system call
does not follow symbolic links.
Changes to documentation and commentary
tz-link.htm now documents the relationship between release version
numbers and development-repository commit tags. (Suggested by
Paul Koning.)
The 'Theory' file now documents UT.
iso3166.tab now accents "Curaçao", and commentary now mentions
the names "Cabo Verde" and "Czechia". (Thanks to Jiří Boháč.)
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
.../tzcode/{tzcode-native_2016i.bb => tzcode-native_2016j.bb} | 8
1 file changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-extended/tzcode/{tzcode-native_2016i.bb =>
tzcode-native_2016j.bb} (69%)
diff --git a/meta/recipes-extended/tzcode/tzcode-native_2016i.bb
b/meta/recipes-extended/tzcode/tzcode-native_2016j.bb
similarity index 69%
rename from meta/recipes-extended/tzcode/tzcode-native_2016i.bb
rename to meta/recipes-extended/tzcode/tzcode-native_2016j.bb
index 9d3d5a1..630fd42 100644
--- a/meta/recipes-extended/tzcode/tzcode-native_2016i.bb
+++ b/meta/recipes-extended/tzcode/tzcode-native_2016j.bb
@@ -9,10 +9,10 @@ SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzcode.md5sum] = "8fae14cba9396462955b7859cf04ba48"
-SRC_URI[tzcode.sha256sum] =
"411e8adcb6288b17d6c2624fde65e7d82654ca69b813ae121504ff66f0cfba7b"
-SRC_URI[tzdata.md5sum] = "73912ecfa6a9a8048ddf2e719d9bc39d"
-SRC_URI[tzdata.sha256sum] =
"b6966ec982ef64fe48cebec437096b4f57f4287519ed32dde59c86d3a1853845"
+SRC_URI[tzcode.md5sum] = "0684b98eb184fab250b6ca946862078d"
+SRC_URI[tzcode.sha256sum] =
"b9effc4fb4051df4a356cbe5857bf99e2fa32e00d8340f2e8a4d58f0c9ccb0b7"
+SRC_URI[tzdata.md5sum] = "db361d005ac8b30a2d18c5ca38d3e8ab"
+SRC_URI[tzdata.sha256sum] =
"f5ee4e0f115f6c2faee1c4b16193a97338cbd1b503f2cea6c5a768c82ff39dc8"
S = "${WORKDIR}"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] 2/2] tzdata: update to 2016j
Briefly: Saratov, Russia moves from +03 to +04 on 2016-12-04.
Changes to future time stamps
Saratov, Russia switches from +03 to +04 on 2016-12-04 at 02:00.
This hives off a new zone Europe/Saratov from Europe/Volgograd.
(Thanks to Yuri Konotopov and Stepan Golosunov.)
Changes to past time stamps
The new zone Asia/Atyrau for Atyraū Region, Kazakhstan, is like
Asia/Aqtau except it switched from +05/+06 to +04/+05 in spring
1999, not fall 1994. (Thanks to Stepan Golosunov.)
Changes to past time zone abbreviations
Asia/Gaza and Asia/Hebron now use "EEST", not "EET", to denote
summer time before 1948. The old use of "EET" was a typo.
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-extended/tzdata/{tzdata_2016i.bb => tzdata_2016j.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/tzdata/{tzdata_2016i.bb => tzdata_2016j.bb} (98%)
diff --git a/meta/recipes-extended/tzdata/tzdata_2016i.bb
b/meta/recipes-extended/tzdata/tzdata_2016j.bb
similarity index 98%
rename from meta/recipes-extended/tzdata/tzdata_2016i.bb
rename to meta/recipes-extended/tzdata/tzdata_2016j.bb
index 3801a3f..1ef330e 100644
--- a/meta/recipes-extended/tzdata/tzdata_2016i.bb
+++ b/meta/recipes-extended/tzdata/tzdata_2016j.bb
@@ -9,8 +9,8 @@ DEPENDS = "tzcode-native"
SRC_URI =
"http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzdata.md5sum] = "73912ecfa6a9a8048ddf2e719d9bc39d"
-SRC_URI[tzdata.sha256sum] =
"b6966ec982ef64fe48cebec437096b4f57f4287519ed32dde59c86d3a1853845"
+SRC_URI[tzdata.md5sum] = "db361d005ac8b30a2d18c5ca38d3e8ab"
+SRC_URI[tzdata.sha256sum] =
"f5ee4e0f115f6c2faee1c4b16193a97338cbd1b503f2cea6c5a768c82ff39dc8"
inherit allarch
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 00/91] Morty pull request
Cover letter only. Please consider these changes for Morty-next. The following changes since commit 5aa481dfedfd089f0d6e8a3bae1b84134d5dff4c: ref-manual: Added KERNEL_IMAGE_BASE_NAME change to 2.2 migration (2016-12-08 16:36:47 +) are available in the git repository at: git://git.yoctoproject.org/poky-contrib akuster/morty-next http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/morty-next Alejandro Hernandez (3): linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.1 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.4 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.8 Alexander Kanavin (1): grub2: enforce -no-pie if supported by compiler Alexandre Belloni (1): insane: Add aarch64 baremetal mappings to the QA arch test Andreas Oberritter (5): kernel.bbclass: allow uncompressed initramfs archives kernel.bbclass: Use real filenames in kernel packages kernel.bbclass: Avoid wildcards for kernel images kernel.bbclass: do not copy bundled initramfs to /boot kernel.bbclass: fix kernel_do_compile for KERNEL_IMAGETYPE = "vmlinux.gz" on mips André Draszik (2): cve-check.bbclass: CVE-2014-2524 / readline v5.2 openssl: fix bashism in c_rehash shell script Aníbal Limón (1): perl: Fix ptest update hash of ExtUtils/Liblist/Kid.pm in customized.dat Armin Kuster (2): tzcode: update to 2016i tzdata: update to 2016i Bruce Ashfield (20): linux-yocto/4.8: update to 4.8.6 linux-yocto/4.8: fix cryptodev compilation error linux-yocto/4.4: update to v4.4.30 linux-yocto/4.1: update to v4.1.35 linux-yocto/4.8: update to v4.8.6-rt5 linux-yocto/4.8: update from v4.8.6 -> v4.8.8 linux-yocto/4.4: update to v4.4.32 kern-tools: error checking and tree generation fixes linux-yocto/4.8: update to v4.8.10 linux-yocto-dev: update to 4.9-rcX kern-tools: fix processing for no branch meta-data kernel-yocto: exit on non-zero return code linux-yocto/4.8: aufs warning and ixgbe calltrace linux-yocto/4.4/4.8: Fix remaining kernel_configcheck warnings in Intel BSPs linux-yoct/4.1: update to v4.1.36 linux-yocto/4.4: update to v4.4.36 linux-yocto/4.8: update to v4.8.12 kern-tools: ensure that no shared directories are used linux-yocto-rt/4.4: update to -rt43 linux-yocto/4.x: CVE-2016-8655 California Sullivan (1): parselogs.py: Whitelist iwlwifi firmware load error messages Daniel Díaz (1): weston: Add no-input-device patch to 1.11.0. David Vincent (1): slang: Disable parallel make install Ed Bartosh (2): systemd-bootdisk.wks: use PARTUUID qemux86*.conf: set wic-related parameters Fabio Berton (1): binutils: Fix build for c293pcie PPC machine Jair Gonzalez (1): parselogs: Whitelist GPT warnings as the device is fully functional Kai Kang (3): openssh: fix CVE-2016-8858 qemu: fix CVE-2016-7909 qemu: update run-ptest script Kevin Hao (1): meta-yocto-bsp: bump to the latest stable linux kernel for the non-x86 BSPs Khem Raj (3): libbsd: Fix build with musl cmake.bbclass: Set CXXFLAGS and CFLAGS arch-arm64.inc: Include arch-armv7ve.inc Koen Kooi (1): libbsd 0.8.3: BBCLASSEXTEND to native and nativesdk Li Zhou (1): db: disable the ARM assembler mutex code Maciej Borzecki (3): wic: make sure that partition size is always an integer in internal processing wic: check that filesystem is specified for a rootfs partition wic: fix function comment typos Mark Asselstine (1): systemd.bbclass: don't block on service restart Martin Vuille (1): terminal.py: Pass string instead of bytes to ExecutionError to avoid exception Mingli Yu (3): tiff: Security fix CVE-2016-9535 tiff: Security fix CVE-2016-9538 tiff: Fix several CVE issues Patrick Ohly (2): pseudo: include fix for xattr corruption scripts/send-pull-request: Avoid multiple chain headers Paul Eggleton (1): recipetool: fix encoding-related errors creating python recipes Richard Purdie (7): bitbake: bitbake-worker: Handle cooker/worker IO deadlocking staging: Drop unused SYSROOT_LOCK attr: Convert SSTATEPOSTINSTFUNCS to a do_install_append subversion: Fix issues in LDFLAGS sed manipulation bitbake: utils: Avoid traceback errors bitbake: cooker: Fix world taskgraph generation issue bitbake: cooker: Handle inofity queue overflows more gracefully Robert Yang (2): qemuarm64.conf: make runqemu's graphics work diffutils: do_configure: fix "Argument list too long" Ross Burton (11): Revert "libwnck3: remove the recipe" Revert "epiphany: remove unnecessary libwnck3 dependency" lib/oe/qa: handle binaries with segments outside the first 4kb systemtap: remove explicit msgfmt check systemtap: fix native linking on recent Ubuntu conf: add C++ flags for uninative interoperatility insane: fix expanded-d test insane: factor out the test matrix processing insane: add QAPKGTEST, a package-wide equivilant to QAPATHTEST insane: rewrit
[OE-core] [PATCH 1/2] tzcode: update to 2017b
From: Armin Kuster <akus...@mvista.com>
Briefly: Haiti has resumed DST.
Changes to past and future time stamps
Haiti resumed observance of DST in 2017. (Thanks to Steffen Thorsen.)
Changes to past time stamps
Liberia changed from -004430 to +00 on 1972-01-07, not 1972-05-01.
Use "MMT" to abbreviate Liberia's time zone before 1972, as "-004430"
is one byte over the POSIX limit. (Problem reported by Derick Rethans.)
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../tzcode/{tzcode-native_2017a.bb => tzcode-native_2017b.bb} | 8
1 file changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-extended/tzcode/{tzcode-native_2017a.bb =>
tzcode-native_2017b.bb} (70%)
diff --git a/meta/recipes-extended/tzcode/tzcode-native_2017a.bb
b/meta/recipes-extended/tzcode/tzcode-native_2017b.bb
similarity index 70%
rename from meta/recipes-extended/tzcode/tzcode-native_2017a.bb
rename to meta/recipes-extended/tzcode/tzcode-native_2017b.bb
index 2c26744f..2084f79 100644
--- a/meta/recipes-extended/tzcode/tzcode-native_2017a.bb
+++ b/meta/recipes-extended/tzcode/tzcode-native_2017b.bb
@@ -9,10 +9,10 @@ SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzcode.md5sum] = "eef0bfac7a52dce6989a7d8b40d86fe0"
-SRC_URI[tzcode.sha256sum] =
"02f2c6b58b99edd0d47f0cad34075b359fd1a4dab71850f493b0404ded3b38ac"
-SRC_URI[tzdata.md5sum] = "cb8274cd175f8a4d9d1b89895df876dc"
-SRC_URI[tzdata.sha256sum] =
"df3a5c4d0a2cf0cde0b3f35796ccf6c9acfd598b8e70f8dece5404cd7626bbd6"
+SRC_URI[tzcode.md5sum] = "afaf15deb13759e8b543d86350385b16"
+SRC_URI[tzcode.sha256sum] =
"4d1735bb54e22b8d7443d4d1f1a13d007ae11be79a35e51f8e8322fb8e292d40"
+SRC_URI[tzdata.md5sum] = "50dc0dc50c68644c1f70804f2e7a1625"
+SRC_URI[tzdata.sha256sum] =
"f8242a522ea3496b0ce4ff4f2e75a049178da21001a08b8e666d8cbe07d18086"
S = "${WORKDIR}"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/2] tzdata: update to 2017b
From: Armin Kuster <akus...@mvista.com>
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-extended/tzdata/{tzdata_2017a.bb => tzdata_2017b.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/tzdata/{tzdata_2017a.bb => tzdata_2017b.bb} (98%)
diff --git a/meta/recipes-extended/tzdata/tzdata_2017a.bb
b/meta/recipes-extended/tzdata/tzdata_2017b.bb
similarity index 98%
rename from meta/recipes-extended/tzdata/tzdata_2017a.bb
rename to meta/recipes-extended/tzdata/tzdata_2017b.bb
index 1a37c27..2e4277f 100644
--- a/meta/recipes-extended/tzdata/tzdata_2017a.bb
+++ b/meta/recipes-extended/tzdata/tzdata_2017b.bb
@@ -9,8 +9,8 @@ DEPENDS = "tzcode-native"
SRC_URI =
"http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzdata.md5sum] = "cb8274cd175f8a4d9d1b89895df876dc"
-SRC_URI[tzdata.sha256sum] =
"df3a5c4d0a2cf0cde0b3f35796ccf6c9acfd598b8e70f8dece5404cd7626bbd6"
+SRC_URI[tzdata.md5sum] = "50dc0dc50c68644c1f70804f2e7a1625"
+SRC_URI[tzdata.sha256sum] =
"f8242a522ea3496b0ce4ff4f2e75a049178da21001a08b8e666d8cbe07d18086"
inherit allarch
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [v2][PATCH] license class: try alt encoding when copying license file
From: Armin Kuster <akus...@mvista.com>
v2: fix typos
Try another encoding if utf-8 fails in file read.
line 20 of irdadump.c contains: University of Tromsø
fixes:
WARNING: irda-utils-0.9.18-r0 do_populate_lic: Could not copy license file
/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/aarch64-mvl-linux/irda-utils/0.9.18-r0/irda-utils-0.9.18/irdadump/irdadump.c
to
/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/aarch64-mvl-linux/irda-utils/0.9.18-r0/license-destdir/irda-utils/irdadump.c:
'utf-8' codec can't decode byte 0xf8 in position 874: invalid start byte
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/classes/license.bbclass | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index 0ff6560..3dab8d9 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -386,9 +386,19 @@ def copy_license_files(lic_files_paths, destdir):
if begin_idx is None and end_idx is None:
shutil.copyfile(src, dst)
else:
-with open(src, 'r') as src_f:
+with open(src, "r", encoding="utf-8") as src_f:
+try:
+src_chunk =
''.join(src_f.readlines()[begin_idx:end_idx])
+except UnicodeDecodeError:
+bb.debug(1, "Failed to copy license file %s using
UTF-8 encoding"
+" trying with iso8859-1" % src)
+src_f.close()
+with open(src, "r", encoding="iso8859-1") as src_f:
+src_chunk =
''.join(src_f.readlines()[begin_idx:end_idx])
+
+
with open(dst, 'w') as dst_f:
-
dst_f.write(''.join(src_f.readlines()[begin_idx:end_idx]))
+dst_f.write(src_chunk)
except Exception as e:
bb.warn("Could not copy license file %s to %s: %s" % (src, dst, e))
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] lincese class: try alt encoding when copying license file
From: Armin Kuster <akus...@mvista.com>
Try another encoding if utf-8 fails in file read.
line 20 of irdadump.c contains: University of Tromsø
fixes:
WARNING: irda-utils-0.9.18-r0 do_populate_lic: Could not copy license file
/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/aarch64-mvl-linux/irda-utils/0.9.18-r0/irda-utils-0.9.18/irdadump/irdadump.c
to
/home/akuster/oss/maint/openembedded-core/build/tmp-glibc/work/aarch64-mvl-linux/irda-utils/0.9.18-r0/license-destdir/irda-utils/irdadump.c:
'utf-8' codec can't decode byte 0xf8 in position 874: invalid start byte
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/classes/license.bbclass | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index 0ff6560..01ab002 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -386,9 +386,19 @@ def copy_license_files(lic_files_paths, destdir):
if begin_idx is None and end_idx is None:
shutil.copyfile(src, dst)
else:
-with open(src, 'r') as src_f:
+with open(src, "r", encoding="utf-8") as src_f:
+try:
+src_chunk =
''.join(src_f.readlines()[begin_idx:end_idx])
+except UnicodeDecodeError:
+bb.debug(1, "Failed to copy licesne file %s using
UTF-8 encoding"
+" trying with iso8859-1" % src)
+src_f.close()
+with open(src, "r", encoding="iso8859-1") as src_f:
+src_chunk =
''.join(src_f.readlines()[begin_idx:end_idx])
+
+
with open(dst, 'w') as dst_f:
-
dst_f.write(''.join(src_f.readlines()[begin_idx:end_idx]))
+dst_f.write(src_chunk)
except Exception as e:
bb.warn("Could not copy license file %s to %s: %s" % (src, dst, e))
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] pinentry: update to 1.0.0
From: Armin Kuster <akus...@mvista.com>
add pkg-config support for libassuan and gpg-error
updated config options
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../pinentry/pinentry-1.0.0/gpg-error_pkconf.patch | 100 ++
.../pinentry-1.0.0/libassuan_pkgconf.patch | 153 +
.../{pinentry_0.9.2.bb => pinentry_1.0.0.bb} | 22 +--
3 files changed, 265 insertions(+), 10 deletions(-)
create mode 100644
meta/recipes-support/pinentry/pinentry-1.0.0/gpg-error_pkconf.patch
create mode 100644
meta/recipes-support/pinentry/pinentry-1.0.0/libassuan_pkgconf.patch
rename meta/recipes-support/pinentry/{pinentry_0.9.2.bb => pinentry_1.0.0.bb}
(63%)
diff --git
a/meta/recipes-support/pinentry/pinentry-1.0.0/gpg-error_pkconf.patch
b/meta/recipes-support/pinentry/pinentry-1.0.0/gpg-error_pkconf.patch
new file mode 100644
index 000..431edb0
--- /dev/null
+++ b/meta/recipes-support/pinentry/pinentry-1.0.0/gpg-error_pkconf.patch
@@ -0,0 +1,100 @@
+Convert to pkg-config support to match changes done to
+the gpg-error recipe for gpg-error.pc generation.
+
+Upstream-Status: Inappropriate [OE specific]
+
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+Index: pinentry-1.0.0/m4/gpg-error.m4
+===
+--- pinentry-1.0.0.orig/m4/gpg-error.m4
pinentry-1.0.0/m4/gpg-error.m4
+@@ -25,74 +25,12 @@ dnl config script does not match the hos
+ dnl is added to the gpg_config_script_warn variable.
+ dnl
+ AC_DEFUN([AM_PATH_GPG_ERROR],
+-[ AC_REQUIRE([AC_CANONICAL_HOST])
+- gpg_error_config_prefix=""
+- dnl --with-libgpg-error-prefix=PFX is the preferred name for this option,
+- dnl since that is consistent with how our three siblings use the directory/
+- dnl package name in --with-$dir_name-prefix=PFX.
+- AC_ARG_WITH(libgpg-error-prefix,
+- AC_HELP_STRING([--with-libgpg-error-prefix=PFX],
+- [prefix where GPG Error is installed
(optional)]),
+- [gpg_error_config_prefix="$withval"])
+-
+- dnl Accept --with-gpg-error-prefix and make it work the same as
+- dnl --with-libgpg-error-prefix above, for backwards compatibility,
+- dnl but do not document this old, inconsistently-named option.
+- AC_ARG_WITH(gpg-error-prefix,,
+- [gpg_error_config_prefix="$withval"])
+-
+- if test x"${GPG_ERROR_CONFIG}" = x ; then
+- if test x"${gpg_error_config_prefix}" != x ; then
+-GPG_ERROR_CONFIG="${gpg_error_config_prefix}/bin/gpg-error-config"
+- else
+- case "${SYSROOT}" in
+- /*)
+- if test -x "${SYSROOT}/bin/gpg-error-config" ; then
+- GPG_ERROR_CONFIG="${SYSROOT}/bin/gpg-error-config"
+- fi
+- ;;
+- '')
+- ;;
+- *)
+- AC_MSG_WARN([Ignoring \$SYSROOT as it is not an absolute path.])
+- ;;
+- esac
+- fi
+- fi
+-
+- AC_PATH_PROG(GPG_ERROR_CONFIG, gpg-error-config, no)
++[
+ min_gpg_error_version=ifelse([$1], ,0.0,$1)
+- AC_MSG_CHECKING(for GPG Error - version >= $min_gpg_error_version)
+- ok=no
+- if test "$GPG_ERROR_CONFIG" != "no" \
+- && test -f "$GPG_ERROR_CONFIG" ; then
+-req_major=`echo $min_gpg_error_version | \
+- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\1/'`
+-req_minor=`echo $min_gpg_error_version | \
+- sed 's/\([[0-9]]*\)\.\([[0-9]]*\)/\2/'`
+-gpg_error_config_version=`$GPG_ERROR_CONFIG $gpg_error_config_args
--version`
+-major=`echo $gpg_error_config_version | \
+- sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\1/'`
+-minor=`echo $gpg_error_config_version | \
+- sed 's/\([[0-9]]*\)\.\([[0-9]]*\).*/\2/'`
+-if test "$major" -gt "$req_major"; then
+-ok=yes
+-else
+-if test "$major" -eq "$req_major"; then
+-if test "$minor" -ge "$req_minor"; then
+- ok=yes
+-fi
+-fi
+-fi
+- fi
++ PKG_CHECK_MODULES(GPG_ERROR, [gpg-error >= $min_gpg_error_version
gpg-error], [ok=yes], [ok=no])
+ if test $ok = yes; then
+-GPG_ERROR_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --cflags`
+-GPG_ERROR_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --libs`
+-GPG_ERROR_MT_CFLAGS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt
--cflags 2>/dev/null`
+-GPG_ERROR_MT_LIBS=`$GPG_ERROR_CONFIG $gpg_error_config_args --mt --libs
2>/dev/null`
+-AC_MSG_RESULT([yes ($gpg_error_config_version)])
+ ifelse([$2], , :, [$2])
+-gpg_error_config_host=`$GPG_ERROR_CONFIG $gpg_error_config_args --host
2>/dev/null || echo none`
++gpg_error_config_host=`$PKG_CONFIG --host gpg-error 2>/dev/null || echo
none`
+ if test x"$gpg_error_
[OE-core] [PATCH 1/2] tzcode-native: update to 2017a
From: Armin Kuster <akus...@mvista.com>
Changes to code
zic no longer mishandles some transitions in January 2038 when it
attempts to work around Qt bug 53071. This fixes a bug affecting
Pacific/Tongatapu that was introduced in zic 2016e. localtime.c
now contains a workaround, useful when loading a file generated by
a buggy zic. (Problem and localtime.c fix reported by Bradley
White.)
zdump -i now outputs non-hour numeric time zone abbreviations
without a colon, e.g., "+0530" rather than "+05:30". This agrees
with zic %z and with common practice, and simplifies auditing of
zdump output.
zdump is now buildable again with -DUSE_LTZ=0.
(Problem reported by Joseph Myers.)
zdump.c now always includes private.h, to avoid code duplication
with private.h. (Problem reported by Kees Dekker.)
localtime.c no longer mishandles early or late timestamps
when TZ is set to a POSIX-style string that specifies DST.
(Problem reported by Kees Dekker.)
date and strftime now cause %z to generate "-" instead of
"+" when the UT offset is zero and the time zone abbreviation
begins with "-".
Changes to documentation and commentary
The 'Theory' file now better documents choice of historical time
zone abbreviations. (Problems reported by Michael Deckers.)
tz-link.htm now covers leap smearing, which is popular in clouds.
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../tzcode/{tzcode-native_2016j.bb => tzcode-native_2017a.bb} | 8
1 file changed, 4 insertions(+), 4 deletions(-)
rename meta/recipes-extended/tzcode/{tzcode-native_2016j.bb =>
tzcode-native_2017a.bb} (69%)
diff --git a/meta/recipes-extended/tzcode/tzcode-native_2016j.bb
b/meta/recipes-extended/tzcode/tzcode-native_2017a.bb
similarity index 69%
rename from meta/recipes-extended/tzcode/tzcode-native_2016j.bb
rename to meta/recipes-extended/tzcode/tzcode-native_2017a.bb
index 630fd42..0daac53 100644
--- a/meta/recipes-extended/tzcode/tzcode-native_2016j.bb
+++ b/meta/recipes-extended/tzcode/tzcode-native_2017a.bb
@@ -9,10 +9,10 @@ SRC_URI ="
http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz
http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzcode.md5sum] = "0684b98eb184fab250b6ca946862078d"
-SRC_URI[tzcode.sha256sum] =
"b9effc4fb4051df4a356cbe5857bf99e2fa32e00d8340f2e8a4d58f0c9ccb0b7"
-SRC_URI[tzdata.md5sum] = "db361d005ac8b30a2d18c5ca38d3e8ab"
-SRC_URI[tzdata.sha256sum] =
"f5ee4e0f115f6c2faee1c4b16193a97338cbd1b503f2cea6c5a768c82ff39dc8"
+SRC_URI[tzcode.md5sum] = "eef0bfac7a52dce6989a7d8b40d86fe0"
+SRC_URI[tzcode.sha256sum] =
"02f2c6b58b99edd0d47f0cad34075b359fd1a4dab71850f493b0404ded3b38ac"
+SRC_URI[tzdata.md5sum] = "cb8274cd175f8a4d9d1b89895df876dc"
+SRC_URI[tzdata.sha256sum] =
"df3a5c4d0a2cf0cde0b3f35796ccf6c9acfd598b8e70f8dece5404cd7626bbd6"
S = "${WORKDIR}"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/2] tzdata: update to 2017a
From: Armin Kuster <akus...@mvista.com>
Briefly: Southern Chile moves from -04/-03 to -03, and Mongolia
discontinues DST.
Changes to future time stamps
Mongolia no longer observes DST. (Thanks to Ganbold Tsagaankhuu.)
Chile's Region of Magallanes moves from -04/-03 to -03 year-round.
Its clocks diverge from America/Santiago starting 2017-05-13 at
23:00, hiving off a new zone America/Punta_Arenas. Although the
Chilean government says this change expires in May 2019, for now
assume it's permanent. (Thanks to Juan Correa and Deborah
Goldsmith.) This also affects Antarctica/Palmer.
Changes to past time stamps
Fix many entries for historical time stamps for Europe/Madrid
before 1979, to agree with tables compiled by Pere Planesas of the
National Astronomical Observatory of Spain. As a side effect,
this changes some time stamps for Africa/Ceuta before 1929, which
are probably guesswork anyway. (Thanks to Steve Allen and
Pierpaolo Bernardi for the heads-ups, and to Michael Deckers for
correcting the 1901 transition.)
Ecuador observed DST from 1992-11-28 to 1993-02-05.
(Thanks to Alois Treindl.)
Asia/Atyrau and Asia/Oral were at +03 (not +04) before 1930-06-21.
(Thanks to Stepan Golosunov.)
Changes to past and future time zone abbreviations
Switch to numeric time zone abbreviations for South America, as
part of the ongoing project of removing invented abbreviations.
This avoids the need to invent an abbreviation for the new Chilean
new zone. Similarly, switch from invented to numeric time zone
abbreviations for Afghanistan, American Samoa, the Azores,
Bangladesh, Bhutan, the British Indian Ocean Territory, Brunei,
Cape Verde, Chatham Is, Christmas I, Cocos (Keeling) Is, Cook Is,
Dubai, East Timor, Eucla, Fiji, French Polynesia, Greenland,
Indochina, Iran, Iraq, Kiribati, Lord Howe, Macquarie, Malaysia,
the Maldives, Marshall Is, Mauritius, Micronesia, Mongolia,
Myanmar, Nauru, Nepal, New Caledonia, Niue, Norfolk I, Palau,
Papua New Guinea, the Philippines, Pitcairn, Qatar, Réunion, St
Pierre & Miquelon, Samoa, Saudi Arabia, Seychelles, Singapore,
Solomon Is, Tokelau, Tuvalu, Wake, Vanuatu, Wallis & Futuna, and
Xinjiang; for 20-minute daylight saving time in Ghana before 1943;
for half-hour daylight saving time in Belize before 1944 and in
the Dominican Republic before 1975; and for Canary Islands before
1946, for Guinea-Bissau before 1975, for Iceland before 1969, for
Indian Summer Time before 1942, for Indonesia before around 1964,
for Kenya before 1960, for Liberia before 1973, for Madeira before
1967, for Namibia before 1943, for the Netherlands in 1937-9, for
Pakistan before 1971, for Western Sahara before 1977, and for
Zaporozhye in 1880-1924.
For Alaska time from 1900 through 1967, instead of "CAT" use the
abbreviation "AST", the abbreviation commonly used at the time
(Atlantic Standard Time had not been standardized yet). Use "AWT"
and "APT" instead of the invented abbreviations "CAWT" and "CAPT".
Use "CST" and "CDT" instead of invented abbreviations for Macau
before 1999 and Taiwan before 1938, and use "JST" instead of the
invented abbreviation "JCST" for Japan and Korea before 1938.
Change to database entry category
Move the Pacific/Johnston link from 'australasia' to 'backward',
since Johnston is now uninhabited.
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-extended/tzdata/{tzdata_2016j.bb => tzdata_2017a.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-extended/tzdata/{tzdata_2016j.bb => tzdata_2017a.bb} (98%)
diff --git a/meta/recipes-extended/tzdata/tzdata_2016j.bb
b/meta/recipes-extended/tzdata/tzdata_2017a.bb
similarity index 98%
rename from meta/recipes-extended/tzdata/tzdata_2016j.bb
rename to meta/recipes-extended/tzdata/tzdata_2017a.bb
index 1ef330e..ce59d71 100644
--- a/meta/recipes-extended/tzdata/tzdata_2016j.bb
+++ b/meta/recipes-extended/tzdata/tzdata_2017a.bb
@@ -9,8 +9,8 @@ DEPENDS = "tzcode-native"
SRC_URI =
"http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata;
UPSTREAM_CHECK_URI = "http://www.iana.org/time-zones;
-SRC_URI[tzdata.md5sum] = "db361d005ac8b30a2d18c5ca38d3e8ab"
-SRC_URI[tzdata.sha256sum] =
"f5ee4e0f115f6c2faee1c4b16193a97338cbd1b503f2cea6c5a768c82ff39dc8"
+SRC_URI[tzdata.md5sum] = "cb8274cd175f8a4d9d1b89895df876dc"
+SRC_URI[tzdata.sha256sum] =
"df3a5c4d0a2cf0cde0b3f35796ccf6c9acfd598b8e70f8dece5404cd7626bbd6"
inherit allarch
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] lz4: update to lastest 1.7.4
From: Armin Kuster <akus...@mvista.com>
update SRC_URI: as of 1.7.3, repo changed. same owner
Renamed recipe to reflect PV and added Epoch
Added ptest, tests added v1.7.3
updated LICENSE to be more accurate.
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-support/lz4/files/run-ptest | 43
meta/recipes-support/lz4/lz4.bb | 21
meta/recipes-support/lz4/lz4_1.7.4.bb| 33
3 files changed, 76 insertions(+), 21 deletions(-)
create mode 100644 meta/recipes-support/lz4/files/run-ptest
delete mode 100644 meta/recipes-support/lz4/lz4.bb
create mode 100644 meta/recipes-support/lz4/lz4_1.7.4.bb
diff --git a/meta/recipes-support/lz4/files/run-ptest
b/meta/recipes-support/lz4/files/run-ptest
new file mode 100644
index 000..d3bfc49
--- /dev/null
+++ b/meta/recipes-support/lz4/files/run-ptest
@@ -0,0 +1,43 @@
+#!/bin/sh
+cd testsuite
+
+echo -n " test-lz4 "
+make -C tests test-lz4 > /dev/null 2>&1
+
+if [ $? -eq 0 ]; then
+ echo "PASS"
+else
+ echo "FAIL"
+fi
+
+echo -n " test-fasttest "
+make -C tests test-fasttest > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+ echo "PASS"
+else
+ echo "FAIL"
+fi
+
+echo -n " test-frametest "
+make -C tests test-frametest > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+ echo "PASS"
+else
+ echo "FAIL"
+fi
+
+echo -n " test-fullbench "
+make -C tests test-fullbench > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+ echo "PASS"
+else
+ echo "FAIL"
+fi
+
+echo -n " test-fuzzer "
+make -C tests test-fuzzer > /dev/null 2>&1
+if [ $? -eq 0 ]; then
+ echo "PASS"
+else
+ echo "FAIL"
+fi
diff --git a/meta/recipes-support/lz4/lz4.bb b/meta/recipes-support/lz4/lz4.bb
deleted file mode 100644
index 03c5a7a..000
--- a/meta/recipes-support/lz4/lz4.bb
+++ /dev/null
@@ -1,21 +0,0 @@
-SUMMARY = "Extremely Fast Compression algorithm"
-DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing
compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also
features an extremely fast decoder, with speed in multiple GB/s per core,
typically reaching RAM speed limits on multi-core systems."
-
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=0b0d063f37a4477b54af2459477dcafd"
-
-SRCREV = "d86dc916771c126afb797637dda9f6421c0cb998"
-
-PV = "131+git${SRCPV}"
-
-SRC_URI = "git://github.com/Cyan4973/lz4.git"
-
-S = "${WORKDIR}/git"
-
-EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir}
INCLUDEDIR=${includedir}"
-
-do_install() {
- oe_runmake install
-}
-
-BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-support/lz4/lz4_1.7.4.bb
b/meta/recipes-support/lz4/lz4_1.7.4.bb
new file mode 100644
index 000..5ddffd5
--- /dev/null
+++ b/meta/recipes-support/lz4/lz4_1.7.4.bb
@@ -0,0 +1,33 @@
+SUMMARY = "Extremely Fast Compression algorithm"
+DESCRIPTION = "LZ4 is a very fast lossless compression algorithm, providing
compression speed at 400 MB/s per core, scalable with multi-cores CPU. It also
features an extremely fast decoder, with speed in multiple GB/s per core,
typically reaching RAM speed limits on multi-core systems."
+
+LICENSE = "BSD | BSD-2-Clause | GPL-2.0"
+LIC_FILES_CHKSUM = "file://lib/LICENSE;md5=ebc2ea4814a64de7708f1571904b32cc\
+
file://programs/COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
+file://LICENSE;md5=7f2857d58beff6d04137bf9b09e5ffb6"
+
+PE = "1"
+
+SRCREV = "7bb64ff2b69a9f8367de9ab483cdadf42b4c1b65"
+
+SRC_URI = "git://github.com/lz4/lz4.git \
+ file://run-ptest \
+"
+
+S = "${WORKDIR}/git"
+inherit ptest
+
+EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir}
INCLUDEDIR=${includedir}"
+
+do_install() {
+ oe_runmake install
+}
+
+do_install_ptest () {
+ install -d ${D}${PTEST_PATH}/testsuite
+ cp -rf ${S}/* ${D}${PTEST_PATH}/testsuite
+}
+
+RDEPENDS_${PN}-ptest += "make python3"
+
+BBCLASSEXTEND = "native nativesdk"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/2] armv8: update to use armv8-a tune
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/conf/machine/include/arm/arch-armv8.inc | 25 +
1 file changed, 25 insertions(+)
diff --git a/meta/conf/machine/include/arm/arch-armv8.inc
b/meta/conf/machine/include/arm/arch-armv8.inc
index 5e832fa..dc1ba5e 100644
--- a/meta/conf/machine/include/arm/arch-armv8.inc
+++ b/meta/conf/machine/include/arm/arch-armv8.inc
@@ -1 +1,26 @@
+DEFAULTTUNE ?= "armv8-a"
+
+TUNEVALID[armv8-a] = "Enable instructions for ARMv8-a"
+TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'armv8-a', '
-march=armv8-a', '', d)}"
+
+TUNEVALID[crypto] = "Enable crypto instructions for ARMv8-a"
+TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'crypto', '+crypto', '',
d)}"
+
+MACHINEOVERRIDES =. "${@bb.utils.contains('TUNE_FEATURES', 'armv8-a',
'armv8a:', '' ,d)}"
+
require conf/machine/include/arm/arch-arm64.inc
+
+AVAILTUNES += "armv8-a armv8-a-crypto"
+ARMPKGARCH_tune-armv8-a ?= "armv8-a"
+
+# Enable Crypto extension. This also enables Advanced SIMD and floating-point
instructions
+ARMPKGARCH_tune-armv8-a-crypto ?= "armv8-a"
+
+TUNE_FEATURES_tune-armv8-a = "aarch64 armv8-a"
+TUNE_FEATURES_tune-armv8-a-crypto = "${TUNE_FEATURES_tune-armv8-a} crypto"
+
+PACKAGE_EXTRA_ARCHS_tune-armv8-a = "aarch64 armv8-a"
+PACKAGE_EXTRA_ARCHS_tune-armv8-a-crypto = "${PACKAGE_EXTRA_ARCHS_tune-armv8-a}
armv8-a-crypto"
+
+BASE_LIB_tune-armv8-a = "${BASE_LIB_tune-aarch64}"
+BASE_LIB_tune-armv8-a-crypto = "${BASE_LIB_tune-aarch64}"
--
2.5.0
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 0/2] Update armv8 tune file
This extends arch-armv8 support to enable armv8-a and crypto. Add cortexa53 framework. Boot tested on Odroid-c2 (cortexa53) Armin Kuster (2): armv8: update to use armv8-a tune new tune: add base cortexa53 support meta/conf/machine/include/arm/arch-armv8.inc | 25 + meta/conf/machine/include/tune-cortexa53.inc | 18 ++ 2 files changed, 43 insertions(+) create mode 100644 meta/conf/machine/include/tune-cortexa53.inc -- 2.5.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/2] new tune: add base cortexa53 support
---
meta/conf/machine/include/tune-cortexa53.inc | 18 ++
1 file changed, 18 insertions(+)
create mode 100644 meta/conf/machine/include/tune-cortexa53.inc
diff --git a/meta/conf/machine/include/tune-cortexa53.inc
b/meta/conf/machine/include/tune-cortexa53.inc
new file mode 100644
index 000..557f43d
--- /dev/null
+++ b/meta/conf/machine/include/tune-cortexa53.inc
@@ -0,0 +1,18 @@
+DEFAULTTUNE ?= "armv8-a"
+
+TUNEVALID[cortexa53] = "Enable Cortex-A53 specific processor optimizations"
+TUNE_CCARGS .= "${@bb.utils.contains('TUNE_FEATURES', 'cortexa53', '
-mcpu=cortex-a53', '', d)}"
+
+require conf/machine/include/arm/arch-armv8.inc
+
+ARMPKGARCH_tune-cortexa53 = "cortexa53"
+ARMPKGARCH_tune-cortexa53-crypto = "cortexa53"
+
+TUNE_FEATURES_tune-cortexa53 = "aarch64 armv8-a cortexa53"
+TUNE_FEATURES_tune-cortexa53-crypto= "${TUNE_FEATURES_tune-cortexa53}
crypto"
+
+PACKAGE_EXTRA_ARCHS_tune-cortexa53 = "aarch64 armv8-a cortexa53"
+PACKAGE_EXTRA_ARCHS_tune-cortexa53-crypto =
"${PACKAGE_EXTRA_ARCHS_tune-cortexa53} cortexa53-crypto"
+
+BASE_LIB_tune-cortexa53 = "${BASE_LIB_tune-aarch64}"
+BASE_LIB_tune-cortexa53-crypto = "${BASE_LIB_tune-aarch64}"
--
2.5.0
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 00/49] Pyro-next pull request
Please consider these changes for the next Pyro merge.
Clean AB build ( thanks Ross).
Includes kernel updates, security fixes and misc bug fixes.
The following changes since commit 5686f4e1fe5229705b8c7d35895aa03827796d13:
tcf-agent: kill with USR2 in systemd stop (2017-07-20 11:00:23 +0100)
are available in the git repository at:
http://git.yoctoproject.org/git/poky-contrib akuster/pyro-next
http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/pyro-next
Alexander Kanavin (1):
package_manager.py: set dnf's releasever setting from DISTRO_CODENAME
Andrej Valek (6):
libxml2: Disable LeakSanitizer when running API tests
libxml2: Avoid reparsing and simplify control flow in
xmlParseStartTag2
libxml2: Fix CVE-2017-9047 and CVE-2017-9048
libxml2: Fix CVE-2017-9049 and CVE-2017-9050
libxml2: Fix CVE-2017-5969
libxml2: Fix CVE-2017-0663
Bruce Ashfield (16):
kernel-yocto: propagate configuration errors to bbclass
linux-yocto/4.10: update to v4.10.15
linux-yocto/4.4: update to v4.4.67
linux-yocto/4.9: update to v4.9.27
linux-yocto/4.1: fix gcc7 compilation and v4.1.39
linux-yocto/meta: bluetooth: Adds BT_BREDR and BT_LE, which are needed
as dependencies
linux-yocto/meta: smp: Add config X86_BIGSMP since its needed when
NR_CPUS > 8
kernel/meta: add virtualbox configuration fragment
linux-yocto/meta: configuration changes (wifi, kexec and nft)
linux-yocto-rt: 4.9-rt18
linux-yocto/4.10: update to v4.10.17
linux-yocto/4.9: update to 4.9.31
linux-yocto/4.4: update to v4.4.71
kernel-yocto/meta: smp configuration changes
linux-yocto/4.4: update to v4.4.76
linux-yocto/4.9: update to v4.9.36
Chen Qi (1):
systemd: workaround login failure on qemumips64 when 'pam' is enabled
David Reyna (6):
bitbake: toaster: add ID's to navigation links
bitbake: toaster: add ID's to build menu links
bitbake: toaster: fail on layers with sub-layer
bitbake: toaster: add getMessage to MockEvent
bitbake: toaster: get_last_build_id not called correctly
bitbake: toaster: noweb should init database
Enrico Scholz (1):
tzcode-native: quote ${CC}
Jan Kiszka (1):
tzdata: Install zone1970.tab
Khem Raj (2):
zlib: Pass pre-calculate uname enable re-entrant flags
iptables: Apply 0001-fix-build-with-musl.patch unconditionally
Martin Kelly (1):
qemuboot.conf: make cpus match built artifacts
Patrick Ohly (6):
yocto-compat-layer.py: avoid adding layers more than once
yocto-compat-layer.py: tolerate broken world builds during signature
diff
yocto-compat-layer.py: apply test_signatures to all layers
yocto-compat-layer.py: add test_world
yocto-compat-layer.py: allow README with suffix
yocto-compat-layer.py: make signature check code reusable
Paul Eggleton (2):
classes/buildhistory: fix failures collecting output signatures
classes/staging: change fixme debug message from note to debug
Peter Kjellerstedt (3):
linux-firmware: Avoid a dependency on python-core
texi2html: Add a dependency on perl
git: Add a dependency on perl for gitweb
Ross Burton (2):
libpcap: apply fix from upstream to fix build race
systemd: refuse to load units with errors (CVE-2017-182)
Stanley Cheong Kwan, Phoong (1):
recipetool: git reformat URI mangling & parameter stripped
bitbake/bin/toaster| 50 +-
bitbake/lib/bb/ui/buildinfohelper.py | 17 +-
bitbake/lib/toaster/orm/models.py | 12 +-
bitbake/lib/toaster/toastergui/templates/base.html | 8 +-
.../toastergui/templates/basebuildpage.html| 20 +-
meta/classes/buildhistory.bbclass | 14 +-
meta/classes/kernel-yocto.bbclass | 3 +-
meta/classes/staging.bbclass | 2 +-
meta/conf/machine/include/qemuboot-x86.inc | 6 +-
meta/lib/oe/package_manager.py | 8 +-
.../libpcap/libpcap/fix-grammar-deps.patch | 29 +
meta/recipes-connectivity/libpcap/libpcap_1.8.1.bb | 1 +
.../libxml/libxml2/libxml2-CVE-2017-0663.patch | 40 ++
.../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 +++
.../libxml2-CVE-2017-9047_CVE-2017-9048.patch | 103
.../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 ++
...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 +
meta/recipes-core/libxml/libxml2/runtest.patch | 25 +-
meta/recipes-core/libxml/libxml2_2.9.4.bb | 5 +
...ragment-refuse-units-with-errors-in-certa.patch | 329
meta/recipes-core/systemd/systemd_232.bb | 4 +
meta/recipes-core/zlib/zlib_1.2.11.bb | 12 +-
meta/recipes-devtools/git/git.inc | 2 +-
meta/recipes-extended/iptables/iptables_1.6.1.bb | 4 +-
meta/recipes-extended/texi2html/texi2html_5.0.bb | 2 +
.../recipes-extended/tzcode/tzcode-native_2017b.bb | 2 +-
meta/recipes-extended/tzdata/tzdata_2017b.bb | 2 +
[OE-core] [PATCH 00/49] for morty next
Please consider these changes for the next Morty release 2.2.2.
Clean AB build
The following changes since commit 924e576b8930fd2268d85f0b151e5f68a3c2afce:
bitbake: lib/bs4: Fix imports from html5lib >= 0.999/1.0b8 (2017-03-26
13:19:51 +0100)
are available in the git repository at:
git://git.yoctoproject.org/poky-contrib akuster/morty-next
http://git.yoctoproject.org/cgit.cgi//log/?h=akuster/morty-next
Anders Darander (1):
python-3-manifest: fix adding imp to importlib
Andre McCurdy (1):
image_types.bbclass: fix image dependency chain collection
Andrej Valek (1):
busybox: Security fix CVE-2016-6301
Armin Kuster (4):
tzdata: update to 2016j
tzcode-native: update to 2016j
tzcode-native: update to 2017a
tzdata: update to 2017a
Bruce Ashfield (9):
linux-yocto/4.4: update to v4.4.41
linux-yocto/4.8: -stable update to v4.8.17
linux-yocto/4.1: update to v4.1.37
linux-yocto/4.8: update to -rt10
linux-yocto/4.8: update to v4.8.18
linux-yocto/4.1: update to v4.1.38
linux-yocto/4.4: update to v4.4.53
linux-yocto/4.4: update to v4.4.56
linux-yocto/4.4: update to v4.4.60
Catalin Enache (3):
libxml2: CVE-2016-9318
ghostscript: CVE-2017-7207
ghostscript : CVE-2016-10219, CVE-2016-10220, CVE-2017-5951
Choong YinThong (1):
logrotate: replace fedorahosted.org SRC_URI with github.com source
Daniel Díaz (1):
base-files: resize only serial tty's in profile
Daniel Schultz (2):
wic: filemap: Fixed spared_copy skip
wic: plugins: rawcopy: Fixed wrong variable type
Ed Bartosh (1):
sstate.bbclass: update .siginfo atime
Haiqing Bai (1):
busybox: ifupdown:pass interface device name for ipv6 route command
Joe Slater (1):
volatile-binds: correct some errors reported by systemd
Juro Bystricky (1):
sanity.bbclass: modify check for shell
Jussi Kukkonen (3):
mkfontdir: Remove x11 requirement for -native
mkfontscale: Remove x11 requirement for -native
xorg-font-common.inc: Remove x11 requirement for -native
Li Zhou (1):
bash: fix CVE-2016-9401
Lukasz Nowak (1):
busybox: allow libiproute to handle table ids larger than 255
Martin Balik (1):
busybox: Security fix BUG9071
Martin Jansa (2):
package_manager.py: respect OPKGLIBDIR
rootfs.py: Respect OPKGLIBDIR variable
Maxin John (1):
busybox: refresh the flock patch
Patrick Ohly (1):
codeparser.py: support deeply nested tokens
Randy Witt (1):
image_types.bbclass: IMAGE_TYPEDEP_ now adds deps for conversion types
Richard Purdie (1):
tzcode-native: Set cc to ${CC}
Robert Yang (2):
runqemu-export-rootfs: fix inconsistent var names
runqemu: support multiple qemus running when nfs
Sona Sarmadi (1):
tar: CVE-2016-6321
Sullivan, California L (1):
parselogs: Whitelist NUC6 firmware load error message on genericx86-64
Yi Zhao (2):
bind: Security fix CVE-2016-8864
bind: Security fix CVE-2016-6170
Yuanjie Huang (2):
binutils: Fix CVE-2017-6965 and CVE-2017-6966
glibc: Fix use after free in pthread_create()
Zubair Lutfullah Kakakhel (2):
openssl: Add support for many MIPS configurations
gmp: Disable assembly for MIPS R6
bitbake/lib/bb/codeparser.py | 29 +-
meta/classes/image_types.bbclass | 16 +-
meta/classes/sanity.bbclass|4 +-
meta/classes/sstate.bbclass|2 +
meta/lib/oe/package_manager.py | 21 +-
meta/lib/oe/rootfs.py |4 +-
meta/lib/oeqa/runtime/parselogs.py |1 +
.../bind/bind/CVE-2016-6170.patch | 1090
.../bind/bind/CVE-2016-8864.patch | 219
meta/recipes-connectivity/bind/bind_9.10.3-P3.bb |2 +
meta/recipes-connectivity/openssl/openssl.inc | 24 +-
meta/recipes-core/base-files/base-files/profile|2 +-
...ss-interface-device-name-for-ipv6-route-c.patch | 52 +
...e-the-behaviour-of-c-parameter-to-match-u.patch | 77 +-
...biproute-handle-table-ids-larger-than-255.patch | 134 +++
.../busybox/BUG9071_buffer_overflow_arp.patch | 53 +
.../busybox/busybox/CVE-2016-6301.patch| 37 +
meta/recipes-core/busybox/busybox_1.24.1.bb|4 +
...0116-Fix-use-after-free-in-pthread_create.patch | 668
meta/recipes-core/glibc/glibc_2.24.bb |1 +
.../libxml/libxml2/CVE-2016-9318.patch | 207
meta/recipes-core/libxml/libxml2_2.9.4.bb |1 +
meta/recipes-core/volatile-binds/volatile-binds.bb |9 +
meta/recipes-devtools/binutils/binutils-2.27.inc |2 +
.../binutils/binutils/CVE-2017-6965.patch | 127 +++
.../binutils/binutils/CVE-2017-6966.patch | 240 +
.../recipes-extended/bash/bash/CVE-2016-9401.patch | 50 +
meta/recipes-extended/bash/bash_4.3.30.bb |1 +
.../ghostscript/ghostscript/CVE-2016-10219.patch | 49 +
.../ghostscript/ghostscript/CVE-2016-10220.patch |
[OE-core] [PATCH 00/52] Pyro-next pull request
Please consider this for pyro. Have clean AB build. Contains kernel security fixes, bsp kernel updates and build fixes The following changes since commit 072430b9b3a78b318b66371c36e2986d2ed5cba4: bitbake.conf: add bzr to HOSTTOOLS_NONFATAL (2017-09-13 22:13:00 +0100) are available in the git repository at: http://git.yoctoproject.org/git/poky-contrib akuster/pyro-next http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/pyro-next Alejandro Hernandez (17): linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.1 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.4 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.9 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.10 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.4 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.9 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.10 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.1 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.4 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.9 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.4 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.9 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.10 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.4 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.10 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.9 linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.1 Alexander Kanavin (2): package_rpm.bbclass: use multithreaded xz compression package_rpm.bbclass: disable generation of .build-id links Armin Kuster (3): linuux-yocto/4.1: update to 4.1.43 plus bluetooth CVE-2017-1000251 meta-yocto-bsp: bump 4.1 to latest linux stable kernel for the non-x86 BSPs linux-yocto/4.1: generix86* bsp fix perf issue with gcc >=7 Awais Belal (1): bitbake: toaster: Order column in Tasks selectable Bruce Ashfield (5): linux-yocto/4.4: update to v4.4.87 linux-yocto/4.9: update to v4.9.49 linux-yocto/4.10: bluetooth: CVE-2017-1000251 linux-yocto/4.4: bluetooth: CVE-2017-1000251 linux-yocto/4.9: bluetooth: CVE-2017-1000251 David Reyna (3): bitbake: toaster: display error when the fstype select is empty bitbake: toaster: edit column list not sorted bitbake: toaster: recipe links broken for default layers Jose Alarcon (2): rootfs-postcommands: remove empty line rootfs-postcommands: add test for unsatisfied RRECOMMENDS Juro Bystricky (1): gcc-6.3.inc: Use ucontext_t not struct ucontext. Kevin Hao (5): meta-yocto-bsp: bump to the latest linux stable kernel for the non-x86 BSPs meta-yocto-bsp: bump to the latest linux stable kernel for the non-x86 BSPs meta-yocto-bsp: bump to the latest linux stable kernel for the non-x86 BSPs meta-yocto-bsp: bump to the latest linux stable kernel for the non-x86 BSPs meta-yocto-bsp: bump to the latest linux stable kernel for the non-x86 BSPs Khem Raj (1): rootfs-postcommands.bbclass: Filter out dangling symlinks in ssh_allow_empty_password() Leonardo Sandoval (1): waffle: fix REQUIRED_DISTRO_FEATURES and PACKAGECONFIG virtual/libgl dependencies Mark Hatle (1): bitbake: cooker.py: Fix layer priority processing Ng Wei Tee (1): rpm: allow arch-dependent binaries in noarch packages Olaf Mandel (3): bitbake: toaster: debug message for lists layers missing separators bitbake: toaster: set default pokydirname if no external layers (PRE)MIRRORS: fix pattern for npm:// without slash Paul Eggleton (3): bitbake: cooker: add BB_CMDLINE to enable access to UI command line with memres bitbake: cooker: fix watching empty directories bitbake: cooker: ensure monkey-patching in collect_bbfiles() gets undone on error Peter Kjellerstedt (1): alsa-utils: Do not hardcode path to /lib/udev Richard Purdie (1): bitbake: cooker: Track directories searched for bbappend/bb files Ross Burton (1): libproxy: use stable download URL bitbake/lib/bb/command.py | 3 +- bitbake/lib/bb/cooker.py | 84 - bitbake/lib/bb/cookerdata.py | 2 +- .../toaster/bldcontrol/localhostbecontroller.py| 6 +- bitbake/lib/toaster/orm/fixtures/oe-core.xml | 3 + bitbake/lib/toaster/orm/fixtures/poky.xml | 9 ++ .../toaster/orm/management/commands/lsupdates.py | 2 + bitbake/lib/toaster/toastergui/buildtables.py | 3 + bitbake/lib/toaster/toastergui/static/js/table.js | 11 +- .../toaster/toastergui/templates/projectconf.html | 3 + meta-yocto-bsp/conf/machine/beaglebone.conf| 2 +- meta-yocto-bsp/conf/machine/edgerouter.conf| 2 +- meta-yocto-bsp/conf/machine/mpc8315e-rdb.conf | 2 +- .../recipes-kernel/linux/linux-yocto_4.1.bbappend | 20 +-- .../recipes-kernel/linux/linux-yocto_4.10.bbappend | 20 +-- .../reci
[OE-core] [PATCH 00/16] Morty next pull request
Cover letter only Please consider these changes for Morty. Clean build on AB The following changes since commit e2fcc721c2af8e2785a91eaceea1d81f503ea2ec: devtool.py: update testcase Ids in morty (2017-09-25 22:21:45 +0100) are available in the git repository at: git://push.yoctoproject.org/poky-contrib akuster/morty-next Alexander Kanavin (1): v86d: take tarball from debian Armin Kuster (7): linux-yocto/4.1: update to 4.1.43 plus bluetooth CVE-2017-1000251 linux-yocto/4.4: update to 4.4.87 plus bluetooth: CVE-2017-1000251 lunux-yocto/4.8: update to 4.8.25 plus bluetooth: CVE-2017-1000251 linux-yotoc/4.1: update to 4.1.43 plus CVE-2017-1000251 linux-yotoc/4.4: update to 4.4.87 plus CVE-2017-1000251 linux-yotoc/4.8: update to 4.8.25 plus CVE-2017-1000251 libpng: lsb version 1.2.56 url fix Bruce Ashfield (1): linux-yocto/4.1: fix gcc7 compilation and v4.1.39 Leonardo Sandoval (2): selftest/cases/signing: ignore removal errors when cleaning temporary gpg directory sign_rpm.bbclass: force rpm serial signing Maxin B. John (1): hostap-utils: use w1.fi for SRC_URI Nicolas Dechesne (1): kernel.bbclass: fix KERNEL_IMAGETYPE(S) for Image.gz Ross Burton (3): bluez5: fix out-of-bounds access in SDP server (CVE-2017-1000250) diffstat: use HTTP mirror for SRC_URI libpng: use SourceForge mirror .../recipes-kernel/linux/linux-yocto_4.1.bbappend | 20 ++--- .../recipes-kernel/linux/linux-yocto_4.4.bbappend | 20 ++--- .../recipes-kernel/linux/linux-yocto_4.8.bbappend | 20 ++--- meta/classes/kernel.bbclass| 18 ++-- meta/classes/sign_rpm.bbclass | 6 meta/lib/oeqa/selftest/signing.py | 7 +++-- meta/recipes-bsp/hostap/hostap-utils.inc | 5 ++-- meta/recipes-bsp/v86d/v86d_0.1.10.bb | 6 ++-- meta/recipes-connectivity/bluez5/bluez5.inc| 1 + .../bluez5/bluez5/cve-2017-1000250.patch | 34 ++ meta/recipes-devtools/diffstat/diffstat_1.61.bb| 2 +- meta/recipes-kernel/linux/linux-yocto-rt_4.1.bb| 6 ++-- meta/recipes-kernel/linux/linux-yocto-rt_4.4.bb| 6 ++-- meta/recipes-kernel/linux/linux-yocto-rt_4.8.bb| 6 ++-- meta/recipes-kernel/linux/linux-yocto-tiny_4.1.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto-tiny_4.4.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto-tiny_4.8.bb | 6 ++-- meta/recipes-kernel/linux/linux-yocto_4.1.bb | 20 ++--- meta/recipes-kernel/linux/linux-yocto_4.4.bb | 20 ++--- meta/recipes-kernel/linux/linux-yocto_4.8.bb | 20 ++--- meta/recipes-lsb4/libpng/libpng12_1.2.56.bb| 6 ++-- meta/recipes-multimedia/libpng/libpng_1.6.24.bb| 6 ++-- 22 files changed, 145 insertions(+), 102 deletions(-) create mode 100644 meta/recipes-connectivity/bluez5/bluez5/cve-2017-1000250.patch -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [Morty][PATCH] neard: Fix parallel build issue
From: Jussi Kukkonen <jussi.kukko...@intel.com>
This only started showing up now for some reason but it does seem like
a legitimate bug in Makefile.am.
(From OE-Core rev: f43290f6e302dbacf5581d1fe1c6c991dd387779)
Signed-off-by: Jussi Kukkonen <jussi.kukko...@intel.com>
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
...0001-Add-header-dependency-to-nciattach.o.patch | 35 ++
meta/recipes-connectivity/neard/neard_0.16.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644
meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
diff --git
a/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
b/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
new file mode 100644
index 000..d8e8a5e
--- /dev/null
+++
b/meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch
@@ -0,0 +1,35 @@
+From affaa2021a54c30353e4e1fee09c13a4de2196be Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen <jussi.kukko...@intel.com>
+Date: Fri, 17 Mar 2017 14:24:29 +0200
+Subject: [PATCH] Add header dependency to nciattach.o
+
+This can happen when compiling nciattach.o:
+
+| In file included from ../neard-0.16/tools/nciattach.c:47:0:
+| ../neard-0.16/src/near.h:30:27: fatal error: near/nfc_copy.h: No such
+file or directory
+| #include
+
+Add the missing dependency to local headers.
+
+Signed-off-by: Jussi Kukkonen <jussi.kukko...@intel.com>
+Upstream-Status: Submitted [mailinglist]
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index fa552ee..acef6ba 100644
+--- a/Makefile.am
b/Makefile.am
+@@ -253,6 +253,7 @@ se/builtin.h: src/genbuiltin $(builtin_se_sources)
+
+ $(src_neard_OBJECTS) \
+ $(tools_nfctool_nfctool_OBJECTS) \
++$(tools_nciattach_OBJECTS) \
+ $(plugin_objects) \
+ $(se_seeld_OBJECTS) \
+ $(unit_test_ndef_parse_OBJECTS) \
+--
+2.11.0
+
diff --git a/meta/recipes-connectivity/neard/neard_0.16.bb
b/meta/recipes-connectivity/neard/neard_0.16.bb
index 5433dc3..238b241 100644
--- a/meta/recipes-connectivity/neard/neard_0.16.bb
+++ b/meta/recipes-connectivity/neard/neard_0.16.bb
@@ -9,6 +9,7 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/network/nfc/${BP}.tar.xz \
file://neard.in \
file://Makefile.am-fix-parallel-issue.patch \
file://Makefile.am-do-not-ship-version.h.patch \
+ file://0001-Add-header-dependency-to-nciattach.o.patch \
"
SRC_URI[md5sum] = "5c691fb7872856dc0d909c298bc8cb41"
SRC_URI[sha256sum] =
"eae3b11c541a988ec11ca94b7deab01080cd5b58cfef3ced6ceac9b6e6e65b36"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [Morty][PATCH] For the next morty dot release
This is the last patch to get Morty to build cleanly in AB Jussi Kukkonen (1): neard: Fix parallel build issue ...0001-Add-header-dependency-to-nciattach.o.patch | 35 ++ meta/recipes-connectivity/neard/neard_0.16.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-connectivity/neard/neard/0001-Add-header-dependency-to-nciattach.o.patch -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 00/39] Pyro-next pull request
Please consider these changes for Pryo. Clean nightly AB build cover letter only The following changes since commit 2b11266d670aa992a7ddb12f7f869ce4ec017f99: uninative: Update to 1.7 uninative release (2017-08-09 15:41:49 +0100) are available in the git repository at: http://git.yoctoproject.org/git/poky-contrib akuster/pyro-next http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=akuster/pyro-next Andre McCurdy (4): lsof: minor recipe cleanup lsof: update SRC_URI gnu-config: update SRC_URI to new savannah.gnu.org hostname mirrors.bbclass: provide git repo fallbacks using the https protocol André Draszik (1): linux-libc-headers: fix duplicate IFF_LOWER_UP DORMANT ECHO on musl Gan Yau Wai (1): insane.bbclass: fix override handling in RDEPENDS QA Jackie Huang (1): ncurses: add SYSROOT_DESTDIR for siteconfig_gencache Kai Kang (1): lsof: clear setuid Khem Raj (1): gnu-efi: Fix build with gcc7 Martin Jansa (3): v86d, qemuboot-x86.inc: use KERNEL_MODULE_AUTOLOAD+KERNEL_MODULE_PROBECONF for uvesafb instead of fbsetup init script icecc.bbclass: prevent nativesdk builds depending on target specific KERNEL_CC mesa.inc: drop wrong path in --with-llvm-prefix and export LLVM_CONFIG Mikko Rapeli (20): acpid.inc: set CVE_PRODUCT to acpid2 bluez5.inc: set CVE_PRODUCT to bluez eglinfo.inc: set CVE_PRODUCT to eglinfo flac_1.3.1.bb: set CVE_PRODUCT to libflac gcc-common.inc: set CVE_PRODUCT to gcc glib.inc: set CVE_PRODUCT to glib glibc-common.inc: set CVE_PRODUCT to glibc icu.inc: set CVE_PRODUCT to international_components_for_unicode libpcre_8.40.bb: set CVE_PRODUCT to prce libpcre2_10.23.bb: set CVE_PRODUCT to pcre2 libsamplerate0_0.1.9.bb: set CVE_PRODUCT to libsamplerate libsndfile1_1.0.28.bb: set CVE_PRODUCT to libsndfile nspr_4.14.bb: set CVE_PRODUCT to netscape_portable_runtime python.inc: set CVE_PRODUCT to python lttng-ust_2.9.1.bb: set CVE_PRODUCT to ust quota_4.03.bb: set CVE_PRODUCT to linux_diskquota sqlite3.inc: set CVE_PRODUCT to sqlite wpa-supplicant_2.6.bb: set CVE_PRODUCT to wpa_supplicant cve-check.bbclass: use weak assignment for default CVE_PRODUCT kernel.bbclass: set CVE_PRODUCT to linux_kernel if not set by recipe Nicolas Dechesne (1): kernel.bbclass: fix KERNEL_IMAGETYPE(S) for Image.gz Richard Röjfors (1): package_manager: Fix support for NO_RECOMMENDATONS Ross Burton (2): elfutils: use HTTP instead of FTP to fetch chrpath: use https for SRC_URI Saul Wold (1): systemtap: ensure systemtap-native is available Tom Rini (2): image.bbclass: Correct chaining compression support image: Fix "metadata is not deterministic" when chaining 2+ CONVERSION_CMDs meta/classes/cve-check.bbclass | 2 +- meta/classes/icecc.bbclass | 1 + meta/classes/image.bbclass | 4 +- meta/classes/image_types_uboot.bbclass | 13 +++--- meta/classes/insane.bbclass| 2 +- meta/classes/kernel.bbclass| 20 +- meta/classes/mirrors.bbclass | 11 ++ meta/conf/machine/include/qemuboot-x86.inc | 7 +++- meta/lib/oe/package_manager.py | 2 +- meta/recipes-bsp/acpid/acpid.inc | 2 + ...plicit-fall-through-so-Wextra-will-work-i.patch | 34 meta/recipes-bsp/gnu-efi/gnu-efi_3.0.5.bb | 3 +- meta/recipes-bsp/v86d/v86d/fbsetup | 3 -- meta/recipes-bsp/v86d/v86d/uvesafb.conf| 2 - meta/recipes-bsp/v86d/v86d_0.1.10.bb | 36 - meta/recipes-connectivity/bluez5/bluez5.inc| 2 + .../wpa-supplicant/wpa-supplicant_2.6.bb | 2 + meta/recipes-core/glib-2.0/glib.inc| 2 + meta/recipes-core/glibc/glibc-common.inc | 1 + meta/recipes-core/ncurses/ncurses.inc | 2 + meta/recipes-devtools/chrpath/chrpath_0.16.bb | 2 +- meta/recipes-devtools/elfutils/elfutils_0.168.bb | 2 +- meta/recipes-devtools/gcc/gcc-common.inc | 2 + meta/recipes-devtools/gnu-config/gnu-config_git.bb | 2 +- meta/recipes-devtools/python/python.inc| 2 + meta/recipes-extended/lsof/lsof_4.89.bb| 26 ++-- meta/recipes-extended/quota/quota_4.03.bb | 2 + meta/recipes-graphics/eglinfo/eglinfo.inc | 2 + meta/recipes-graphics/mesa/mesa.inc| 3 +- h-musl-_does_-define-IFF_LOWER_UP-DORMAN.patch | 46 ++ .../linux-libc-headers/linux-libc-headers_4.10.bb | 1 + meta/recipes-kernel/lttng/lttng-ust_2.9.0.bb | 2 + .../systemtap/systemtap-native_git.bb | 7 meta/recipes-kernel/systemtap/systemtap_git.bb | 2 +- meta/recipes-multimedia/flac/flac_1.3.2.bb | 2 + .../libsamplerate/libsamplerate0_0.1.9.bb | 2 + .../libsndfile/libsndfile1_1.0.27.bb
[OE-core] [PATCH 00/43] Changes stored for Morty
From: Armin Kuster <akus...@mvista.com> In the spirt of Yocto Compatable, We are submmiting these changes to the list. You are welcome to them. The following changes since commit b4b085b3c34172f2a6a1b7193ae377a4f7e498ac: glibc: CVE-2017-15670 (2017-11-23 17:40:44 -0800) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib akuster/for-stable-morty http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=akuster/for-stable-morty Armin Kuster (5): binutis: Security fix CVE-2017-7614 binutis: Security fix CVE-2017-9038 binutils: Security Fix CVE-2017-9039 binutils: Security fix for CVE-2017-9040 and 2017-9042 binutils: Security Fix CVE-2017-9041 Manjunath S Matti (1): Fix seg-fault in the linker when examining a corrupt binary. Thiruvadi Rajaraman (37): binutils: CVE-2017-7226 binutils: CVE-2017-12448 binutils: CVE-2017-12449, CVE-2017_12455, CVE-2017-12457, CVE-2017-12458, CVE-2017-12459 binutils: CVE-2017-12451 binutils: CVE-2017-12450_12452_12453_12454_12456 binutils: CVE-2017-7223 binutils: CVE-2017-7224 binutils: CVE-2017-7225 binutils: CVE-2017-7227 binutils: CVE-2017-7301 binutils: CVE-2017-7302 binutils: CVE-2017-7303 binutils: CVE-2017-7304 binutils: CVE-2017-8393 binutils: CVE-2017-8395 binutils: CVE-2017-8397 binutils: CVE-2017-8396 binutils: CVE-2017-8421 binutils: CVE-2017-8394 binutils: CVE-2017-8398 binutils: CVE-2017-7299 binutils: CVE-2017-9751 binutils: CVE-2017-9749 binutils: CVE-2017-9746 binutils: CVE-2017-9748 binutils: CVE-2017-9747 binutils: CVE-2017-9750 binutils: CVE-2017-9752 binutils: CVE-2017-9753_and_CVE-2017-9754 binutils: CVE-2017-9755 binutils: CVE-2017-9756 binutils: CVE-2017-9745 binutils: CVE-2017-9954 binutils: CVE-2017-9955 binutils: CVE-2017-14729 binutils: CVE-2017-15024 binutils: CVE-2017-15938 meta/recipes-devtools/binutils/binutils-2.27.inc | 58 + .../binutils/binutils/CVE-2017-12448.patch | 49 + .../binutils/CVE-2017-12449_12455_12457.patch | 240 ++ .../binutils/CVE-2017-12449_12455_12457_1.patch| 97 + .../CVE-2017-12450_12452_12453_12454_12456.patch | 375 ++ .../CVE-2017-12450_12452_12453_12454_12456_1.patch | 113 + .../binutils/binutils/CVE-2017-12451.patch | 384 ++ .../binutils/binutils/CVE-2017-14729.patch | 45 + .../binutils/binutils/CVE-2017-15024.patch | 241 ++ .../binutils/binutils/CVE-2017-15938.patch | 153 + .../binutils/binutils/CVE-2017-7223.patch | 40 + .../binutils/binutils/CVE-2017-7224.patch | 48 + .../binutils/binutils/CVE-2017-7225.patch | 66 + .../binutils/binutils/CVE-2017-7226.patch | 42 + .../binutils/binutils/CVE-2017-7227.patch | 49 + .../binutils/binutils/CVE-2017-7299_1.patch| 47 + .../binutils/binutils/CVE-2017-7299_2.patch| 120 + .../binutils/binutils/CVE-2017-7300.patch | 55 + .../binutils/binutils/CVE-2017-7301.patch | 52 + .../binutils/binutils/CVE-2017-7302.patch | 81 + .../binutils/binutils/CVE-2017-7303.patch | 55 + .../binutils/binutils/CVE-2017-7304.patch | 53 + .../binutils/binutils/CVE-2017-7614.patch | 105 + .../binutils/binutils/CVE-2017-8393.patch | 201 ++ .../binutils/binutils/CVE-2017-8394.patch | 114 + .../binutils/binutils/CVE-2017-8394_1.patch| 80 + .../binutils/binutils/CVE-2017-8395.patch | 72 + .../binutils/binutils/CVE-2017-8396.patch | 102 + .../binutils/binutils/CVE-2017-8397.patch | 50 + .../binutils/binutils/CVE-2017-8398.patch | 147 + .../binutils/binutils/CVE-2017-8421.patch | 51 + .../binutils/binutils/CVE-2017-9038.patch | 51 + .../binutils/binutils/CVE-2017-9039.patch | 72 + .../binutils/binutils/CVE-2017-9039_1.patch| 56 + .../binutils/binutils/CVE-2017-9040_and_9042.patch | 83 + .../binutils/binutils/CVE-2017-9041_1.patch| 51 + .../binutils/binutils/CVE-2017-9041_2.patch| 84 + .../binutils/binutils/CVE-2017-9745.patch | 62 + .../binutils/binutils/CVE-2017-9746.patch | 88 + .../binutils/binutils/CVE-2017-9747.patch | 40 + .../binutils/binutils/CVE-2017-9748.patch | 45 + .../binutils/binutils/CVE-2017-9749.patch | 75 + .../binutils/binutils/CVE-2017-9750.patch | 262 ++ .../binutils/binutils/CVE-2017-9751.patch | 3738 .../binutils/binutils/CVE-2017-9752.patch | 204 ++ .../binutils/binutils/CVE-2017-9753_9754.patch | 76 + .../binutils/binutils/CVE-2017-9755_1.patch| 60 + .../binutils/binutils/CVE-2017-9755_2.patch| 101 + .../binutils/binutils/CVE-2017-9756.patch | 43 + .../binutils/binutils/CVE-2017-9954.patch
[OE-core] [pyro][PATCH 08/26] binutils: Security fix CVE-2017-8421
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-8421.patch | 52 ++
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index d58d7b8..5b6270a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -50,6 +50,7 @@ SRC_URI = "\
file://CVE-2017-8395.patch \
file://CVE-2017-8396_8397.patch \
file://CVE-2017-8398.patch \
+ file://CVE-2017-8421.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
new file mode 100644
index 000..7969c66
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8421.patch
@@ -0,0 +1,52 @@
+From 39ff1b79f687b65f4144ddb379f22587003443fb Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Tue, 2 May 2017 11:54:53 +0100
+Subject: [PATCH] Prevent memory exhaustion from a corrupt PE binary with an
+ overlarge number of relocs.
+
+ PR 21440
+ * objdump.c (dump_relocs_in_section): Check for an excessive
+ number of relocs before attempting to dump them.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8421
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++
+ binutils/objdump.c | 8
+ 2 files changed, 14 insertions(+)
+
+Index: git/binutils/objdump.c
+===
+--- git.orig/binutils/objdump.c
git/binutils/objdump.c
+@@ -3311,6 +3311,14 @@ dump_relocs_in_section (bfd *abfd,
+ return;
+ }
+
++ if ((bfd_get_file_flags (abfd) & (BFD_IN_MEMORY | BFD_LINKER_CREATED)) == 0
++ && relsize > get_file_size (bfd_get_filename (abfd)))
++{
++ printf (" (too many: 0x%x)\n", section->reloc_count);
++ bfd_set_error (bfd_error_file_truncated);
++ bfd_fatal (bfd_get_filename (abfd));
++}
++
+ relpp = (arelent **) xmalloc (relsize);
+ relcount = bfd_canonicalize_reloc (abfd, section, relpp, syms);
+
+Index: git/binutils/ChangeLog
+===
+--- git.orig/binutils/ChangeLog
git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-05-02 Nick Clifton <ni...@redhat.com>
++
++ PR 21440
++ * objdump.c (dump_relocs_in_section): Check for an excessive
++ number of relocs before attempting to dump them.
++
+ 2017-04-28 Nick Clifton <ni...@redhat.com>
+
+PR binutils/21438
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 15/26] binutls: Security for fix CVE-2017-9746
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9746.patch | 91 ++
2 files changed, 92 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index d555d5f..235306b 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -57,6 +57,7 @@ SRC_URI = "\
file://CVE-2017-9742.patch \
file://CVE-2017-9744.patch \
file://CVE-2017-9745.patch \
+ file://CVE-2017-9746.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
new file mode 100644
index 000..bd4a40c
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9746.patch
@@ -0,0 +1,91 @@
+From ae87f7e73eba29bd38b3a9684a10b948ed715612 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Wed, 14 Jun 2017 16:50:03 +0100
+Subject: [PATCH] Fix address violation when disassembling a corrupt binary.
+
+ PR binutils/21580
+binutils * objdump.c (disassemble_bytes): Check for buffer overrun when
+ printing out rae insns.
+
+ld * testsuite/ld-nds32/diff.d: Adjust expected output.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9746
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ binutils/objdump.c | 27 +++
+ ld/ChangeLog | 5 +
+ ld/testsuite/ld-nds32/diff.d | 6 +++---
+ 3 files changed, 23 insertions(+), 15 deletions(-)
+
+Index: git/binutils/objdump.c
+===
+--- git.orig/binutils/objdump.c
git/binutils/objdump.c
+@@ -1855,20 +1855,23 @@ disassemble_bytes (struct disassemble_in
+
+ for (j = addr_offset * opb; j < addr_offset * opb + pb; j += bpc)
+ {
+-int k;
+-
+-if (bpc > 1 && inf->display_endian == BFD_ENDIAN_LITTLE)
+- {
+-for (k = bpc - 1; k >= 0; k--)
+- printf ("%02x", (unsigned) data[j + k]);
+-putchar (' ');
+- }
+-else
++/* PR 21580: Check for a buffer ending early. */
++if (j + bpc <= stop_offset * opb)
+ {
+-for (k = 0; k < bpc; k++)
+- printf ("%02x", (unsigned) data[j + k]);
+-putchar (' ');
++int k;
++
++if (inf->display_endian == BFD_ENDIAN_LITTLE)
++ {
++for (k = bpc - 1; k >= 0; k--)
++ printf ("%02x", (unsigned) data[j + k]);
++ }
++else
++ {
++for (k = 0; k < bpc; k++)
++ printf ("%02x", (unsigned) data[j + k]);
++ }
+ }
++putchar (' ');
+ }
+
+ for (; pb < octets_per_line; pb += bpc)
+Index: git/ld/testsuite/ld-nds32/diff.d
+===
+--- git.orig/ld/testsuite/ld-nds32/diff.d
git/ld/testsuite/ld-nds32/diff.d
+@@ -7,9 +7,9 @@
+
+ Disassembly of section .data:
+ 8000 (7e 00 00 00|00 00 00 7e).*
+-8004 (7e 00 7e fe|00 7e 7e fe).*
+-8006 7e fe 00 fe.*
+-8007 fe 00.*
++8004 (7e 00|00 7e).*
++8006 7e.*
++8007 fe.*
+ ...
+ 8009 fe 00.*
+ .*
+Index: git/ld/ChangeLog
+===
+--- git.orig/ld/ChangeLog
git/ld/ChangeLog
+@@ -1,3 +1,8 @@
++2017-06-14 Nick Clifton <ni...@redhat.com>
++
++ PR binutils/21580
++ * testsuite/ld-nds32/diff.d: Adjust expected output.
++
+ 2017-03-07 Alan Modra <amo...@gmail.com>
+
+ * ldlang.c (open_input_bfds): Check that lang_assignment_statement
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 10/26] binutils: Security fix for CVE-2017-9039
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9039.patch | 61 ++
2 files changed, 62 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 377165a..b8199a4 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -52,6 +52,7 @@ SRC_URI = "\
file://CVE-2017-8398.patch \
file://CVE-2017-8421.patch \
file://CVE-2017-9038_9044.patch \
+ file://CVE-2017-9039.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
new file mode 100644
index 000..aed8f7f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9039.patch
@@ -0,0 +1,61 @@
+From 82156ab704b08b124d319c0decdbd48b3ca2dac5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Mon, 3 Apr 2017 12:14:06 +0100
+Subject: [PATCH] readelf: Fix overlarge memory allocation when reading a
+ binary with an excessive number of program headers.
+
+ PR binutils/21345
+ * readelf.c (get_program_headers): Check for there being too many
+ program headers before attempting to allocate space for them.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9039
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++
+ binutils/readelf.c | 17 ++---
+ 2 files changed, 20 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===
+--- git.orig/binutils/readelf.c
git/binutils/readelf.c
+@@ -4765,9 +4765,19 @@ get_program_headers (FILE * file)
+ if (program_headers != NULL)
+ return 1;
+
+- phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
+- sizeof (Elf_Internal_Phdr));
++ /* Be kind to memory checkers by looking for
++ e_phnum values which we know must be invalid. */
++ if (elf_header.e_phnum
++ * (is_32bit_elf ? sizeof (Elf32_External_Phdr) : sizeof
(Elf64_External_Phdr))
++ >= current_file_size)
++{
++ error (_("Too many program headers - %#x - the file is not that big\n"),
++ elf_header.e_phnum);
++ return FALSE;
++}
+
++ phdrs = (Elf_Internal_Phdr *) cmalloc (elf_header.e_phnum,
++ sizeof (Elf_Internal_Phdr));
+ if (phdrs == NULL)
+ {
+ error (_("Out of memory reading %u program headers\n"),
+Index: git/binutils/ChangeLog
+===
+--- git.orig/binutils/ChangeLog
git/binutils/ChangeLog
+@@ -1,5 +1,11 @@
+ 2017-04-03 Nick Clifton <ni...@redhat.com>
+
++ PR binutils/21345
++ * readelf.c (get_program_headers): Check for there being too many
++ program headers before attempting to allocate space for them.
++
++2017-04-03 Nick Clifton <ni...@redhat.com>
++
+PR binutils/21343
+* readelf.c (get_unwind_section_word): Fix snafu checking for
+invalid word offsets in ARM unwind information.
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 09/26] binutils: Security fix for CVE-2017-9038 and CVE-2017-9044
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9038_9044.patch | 51 ++
2 files changed, 52 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9038_9044.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 5b6270a..377165a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -51,6 +51,7 @@ SRC_URI = "\
file://CVE-2017-8396_8397.patch \
file://CVE-2017-8398.patch \
file://CVE-2017-8421.patch \
+ file://CVE-2017-9038_9044.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9038_9044.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9038_9044.patch
new file mode 100644
index 000..535efc3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9038_9044.patch
@@ -0,0 +1,51 @@
+From f32ba72991d2406b21ab17edc234a2f3fa7fb23d Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Mon, 3 Apr 2017 11:01:45 +0100
+Subject: [PATCH] readelf: Update check for invalid word offsets in ARM unwind
+ information.
+
+ PR binutils/21343
+ * readelf.c (get_unwind_section_word): Fix snafu checking for
+ invalid word offsets in ARM unwind information.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9038
+CVE: CVE-2017-9044
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ binutils/ChangeLog | 6 ++
+ binutils/readelf.c | 6 +++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: git/binutils/readelf.c
+===
+--- git.orig/binutils/readelf.c
git/binutils/readelf.c
+@@ -7972,9 +7972,9 @@ get_unwind_section_word (struct arm_unw_
+ return FALSE;
+
+ /* If the offset is invalid then fail. */
+- if (word_offset > (sec->sh_size - 4)
+- /* PR 18879 */
+- || (sec->sh_size < 5 && word_offset >= sec->sh_size)
++ if (/* PR 21343 *//* PR 18879 */
++ sec->sh_size < 4
++ || word_offset > (sec->sh_size - 4)
+ || ((bfd_signed_vma) word_offset) < 0)
+ return FALSE;
+
+Index: git/binutils/ChangeLog
+===
+--- git.orig/binutils/ChangeLog
git/binutils/ChangeLog
+@@ -1,3 +1,9 @@
++2017-04-03 Nick Clifton <ni...@redhat.com>
++
++ PR binutils/21343
++ * readelf.c (get_unwind_section_word): Fix snafu checking for
++ invalid word offsets in ARM unwind information.
++
+ 2017-05-02 Nick Clifton <ni...@redhat.com>
+
+PR 21440
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 14/26] binutils: Security fix for CVE-2017-9745
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9745.patch | 35 ++
2 files changed, 36 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 815e2bf..d555d5f 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -56,6 +56,7 @@ SRC_URI = "\
file://CVE-2017-9040_9042.patch \
file://CVE-2017-9742.patch \
file://CVE-2017-9744.patch \
+ file://CVE-2017-9745.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
new file mode 100644
index 000..0b3885b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9745.patch
@@ -0,0 +1,35 @@
+From 76800cba595efc3fe95a446c2d664e42ae4ee869 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Thu, 15 Jun 2017 12:08:57 +0100
+Subject: [PATCH] Handle EITR records in VMS Alpha binaries with overlarge
+ command length parameters.
+
+ PR binutils/21579
+ * vms-alpha.c (_bfd_vms_slurp_etir): Extend check of cmd_length.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9745
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +
+ bfd/vms-alpha.c | 16
+ 2 files changed, 13 insertions(+), 8 deletions(-)
+
+Index: git/bfd/vms-alpha.c
+===
+--- git.orig/bfd/vms-alpha.c
git/bfd/vms-alpha.c
+@@ -1741,6 +1741,12 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+ #endif
+
++#if VMS_DEBUG
++ _bfd_vms_debug (4, "etir: %s(%d)\n",
++ _bfd_vms_etir_name (cmd), cmd);
++ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
++#endif
++
+ switch (cmd)
+ {
+ /* Stack global
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 11/26] binutils: Security fix for CVE-2017-9040 and CVE-2017-9042
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9040_9042.patch | 57 ++
2 files changed, 58 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9040_9042.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index b8199a4..c376433 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -53,6 +53,7 @@ SRC_URI = "\
file://CVE-2017-8421.patch \
file://CVE-2017-9038_9044.patch \
file://CVE-2017-9039.patch \
+ file://CVE-2017-9040_9042.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_9042.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_9042.patch
new file mode 100644
index 000..79c6a7d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9040_9042.patch
@@ -0,0 +1,57 @@
+From 7296a62a2a237f6b1ad8db8c38b090e9f592c8cf Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Thu, 13 Apr 2017 16:06:30 +0100
+Subject: [PATCH] readelf: fix out of range subtraction, seg fault from a NULL
+ pointer and memory exhaustion, all from parsing corrupt binaries.
+
+ PR binutils/21379
+ * readelf.c (process_dynamic_section): Detect over large section
+ offsets in the DT_SYMTAB entry.
+
+ PR binutils/21345
+ * readelf.c (process_mips_specific): Catch an unfeasible memory
+ allocation before it happens and print a suitable error message.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9040
+CVE: CVE-2017-9042
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ binutils/ChangeLog | 12
+ binutils/readelf.c | 26 +-
+ 2 files changed, 33 insertions(+), 5 deletions(-)
+
+Index: git/binutils/readelf.c
+===
+--- git.orig/binutils/readelf.c
git/binutils/readelf.c
+@@ -9306,6 +9306,12 @@ process_dynamic_section (FILE * file)
+processing that. This is overkill, I know, but it
+should work. */
+ section.sh_offset = offset_from_vma (file, entry->d_un.d_val, 0);
++if ((bfd_size_type) section.sh_offset > current_file_size)
++ {
++/* See PR 21379 for a reproducer. */
++error (_("Invalid DT_SYMTAB entry: %lx"), (long)
section.sh_offset);
++return FALSE;
++ }
+
+ if (archive_file_offset != 0)
+ section.sh_size = archive_file_size - section.sh_offset;
+@@ -15175,6 +15181,15 @@ process_mips_specific (FILE * file)
+ return 0;
+ }
+
++ /* PR 21345 - print a slightly more helpful error message
++ if we are sure that the cmalloc will fail. */
++ if (conflictsno * sizeof (* iconf) > current_file_size)
++ {
++error (_("Overlarge number of conflicts detected: %lx\n"),
++ (long) conflictsno);
++return FALSE;
++ }
++
+ iconf = (Elf32_Conflict *) cmalloc (conflictsno, sizeof (* iconf));
+ if (iconf == NULL)
+ {
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 21/26] binutls: Security fix for CVE-2017-9752
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9752.patch | 208 +
2 files changed, 209 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 99fc1b1..68d21c8 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -63,6 +63,7 @@ SRC_URI = "\
file://CVE-2017-9749.patch \
file://CVE-2017-9750.patch \
file://CVE-2017-9751.patch \
+ file://CVE-2017-9752.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
new file mode 100644
index 000..f63a993
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9752.patch
@@ -0,0 +1,208 @@
+From c53d2e6d744da000aaafe0237bced090aab62818 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Wed, 14 Jun 2017 11:27:15 +0100
+Subject: [PATCH] Fix potential address violations when processing a corrupt
+ Alpha VMA binary.
+
+ PR binutils/21589
+ * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
+ maximum value for the ascic pointer. Check that name processing
+ does not read beyond this value.
+ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
+ end of etir record.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9752
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 9 +
+ bfd/vms-alpha.c | 51 +--
+ 2 files changed, 50 insertions(+), 10 deletions(-)
+
+Index: git/bfd/ChangeLog
+===
+--- git.orig/bfd/ChangeLog
git/bfd/ChangeLog
+@@ -9,6 +9,15 @@
+
+ 2017-06-14 Nick Clifton <ni...@redhat.com>
+
++ PR binutils/21589
++ * vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
++ maximum value for the ascic pointer. Check that name processing
++ does not read beyond this value.
++ (_bfd_vms_slurp_etir): Add checks for attempts to read beyond the
++ end of etir record.
++
++2017-06-14 Nick Clifton <ni...@redhat.com>
++
+PR binutils/21578
+* elf32-sh.c (sh_elf_set_mach_from_flags): Fix check for invalid
+flag value.
+Index: git/bfd/vms-alpha.c
+===
+--- git.orig/bfd/vms-alpha.c
git/bfd/vms-alpha.c
+@@ -1456,7 +1456,7 @@ dst_retrieve_location (bfd *abfd, unsign
+ /* Write multiple bytes to section image. */
+
+ static bfd_boolean
+-image_write (bfd *abfd, unsigned char *ptr, int size)
++image_write (bfd *abfd, unsigned char *ptr, unsigned int size)
+ {
+ #if VMS_DEBUG
+ _bfd_vms_debug (8, "image_write from (%p, %d) to (%ld)\n", ptr, size,
+@@ -1603,14 +1603,16 @@ _bfd_vms_etir_name (int cmd)
+ #define HIGHBIT(op) ((op & 0x8000L) == 0x8000L)
+
+ static void
+-_bfd_vms_get_value (bfd *abfd, const unsigned char *ascic,
++_bfd_vms_get_value (bfd *abfd,
++ const unsigned char *ascic,
++ const unsigned char *max_ascic,
+ struct bfd_link_info *info,
+ bfd_vma *vma,
+ struct alpha_vms_link_hash_entry **hp)
+ {
+ char name[257];
+- int len;
+- int i;
++ unsigned int len;
++ unsigned int i;
+ struct alpha_vms_link_hash_entry *h;
+
+ /* Not linking. Do not try to resolve the symbol. */
+@@ -1622,6 +1624,14 @@ _bfd_vms_get_value (bfd *abfd, const uns
+ }
+
+ len = *ascic;
++ if (ascic + len >= max_ascic)
++{
++ _bfd_error_handler (_("Corrupt vms value"));
++ *vma = 0;
++ *hp = NULL;
++ return;
++}
++
+ for (i = 0; i < len; i++)
+ name[i] = ascic[i + 1];
+ name[i] = 0;
+@@ -1741,6 +1751,15 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+ _bfd_hexdump (8, ptr, cmd_length - 4, 0);
+ #endif
+
++ /* PR 21589: Check for a corrupt ETIR record. */
++ if (cmd_length < 4)
++ {
++ corrupt_etir:
++_bfd_error_handler (_("Corrupt ETIR record encountered"));
++bfd_set_error (bfd_error_bad_value);
++return FALSE;
++ }
++
+ switch (cmd)
+ {
+ /* Stack global
+@@ -1748,7 +1767,7 @@ _bfd_vms_slurp_etir (bfd *abfd, struct b
+
+ stack 32 bit value of symbol (high bits set to 0). */
+ case ETIR__C_STA_GBL:
+- _bfd_vms_get_value (abfd, ptr, info, , );
++ _bfd_vms_get_value (abfd, ptr, maxptr, info, , );
+ _bfd_vms_push (abfd, op1, alpha_v
[OE-core] [pyro][PATCH 16/26] binutls: Security fix for CVE-2017-9747
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9747.patch | 43 ++
2 files changed, 44 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 235306b..6822adb 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -58,6 +58,7 @@ SRC_URI = "\
file://CVE-2017-9744.patch \
file://CVE-2017-9745.patch \
file://CVE-2017-9746.patch \
+ file://CVE-2017-9747.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
new file mode 100644
index 000..41ead54
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9747.patch
@@ -0,0 +1,43 @@
+From 62b76e4b6e0b4cb5b3e0053d1de4097b32577049 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Thu, 15 Jun 2017 13:08:47 +0100
+Subject: [PATCH] Fix address violation parsing a corrupt ieee binary.
+
+ PR binutils/21581
+ (ieee_archive_p): Use a static buffer to avoid compiler bugs.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9747
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 2 ++
+ bfd/ieee.c| 2 +-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+Index: git/bfd/ieee.c
+===
+--- git.orig/bfd/ieee.c
git/bfd/ieee.c
+@@ -1357,7 +1357,7 @@ ieee_archive_p (bfd *abfd)
+ {
+ char *library;
+ unsigned int i;
+- unsigned char buffer[512];
++ static unsigned char buffer[512];
+ file_ptr buffer_offset = 0;
+ ieee_ar_data_type *save = abfd->tdata.ieee_ar_data;
+ ieee_ar_data_type *ieee;
+Index: git/bfd/ChangeLog
+===
+--- git.orig/bfd/ChangeLog
git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2017-06-15 Nick Clifton <ni...@redhat.com>
++
++ PR binutils/21581
++ (ieee_archive_p): Likewise.
++
+ 2017-06-14 Nick Clifton <ni...@redhat.com>
+
+PR binutils/21578
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 19/26] Binutils: Security fix for CVE-2017-9750
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9750.patch | 247 +
2 files changed, 248 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index b88e154..c63a2e5 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -61,6 +61,7 @@ SRC_URI = "\
file://CVE-2017-9747.patch \
file://CVE-2017-9748.patch \
file://CVE-2017-9749.patch \
+ file://CVE-2017-9750.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
new file mode 100644
index 000..fe8fa69
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9750.patch
@@ -0,0 +1,247 @@
+From db5fa770268baf8cc82cf9b141d69799fd485fe2 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Wed, 14 Jun 2017 13:35:06 +0100
+Subject: [PATCH] Fix address violation problems when disassembling a corrupt
+ RX binary.
+
+ PR binutils/21587
+ * rx-decode.opc: Include libiberty.h
+ (GET_SCALE): New macro - validates access to SCALE array.
+ (GET_PSCALE): New macro - validates access to PSCALE array.
+ (DIs, SIs, S2Is, rx_disp): Use new macros.
+ * rx-decode.c: Regenerate.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9750
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ opcodes/ChangeLog | 9 +
+ opcodes/rx-decode.c | 24 ++--
+ opcodes/rx-decode.opc | 24 ++--
+ 3 files changed, 37 insertions(+), 20 deletions(-)
+
+Index: git/opcodes/rx-decode.c
+===
+--- git.orig/opcodes/rx-decode.c
git/opcodes/rx-decode.c
+@@ -27,6 +27,7 @@
+ #include
+ #include "ansidecl.h"
+ #include "opcode/rx.h"
++#include "libiberty.h"
+
+ #define RX_OPCODE_BIG_ENDIAN 0
+
+@@ -45,7 +46,7 @@ static int trace = 0;
+ #define LSIZE 2
+
+ /* These are for when the upper bits are "don't care" or "undefined". */
+-static int bwl[] =
++static int bwl[4] =
+ {
+ RX_Byte,
+ RX_Word,
+@@ -53,7 +54,7 @@ static int bwl[] =
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int sbwl[] =
++static int sbwl[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -61,7 +62,7 @@ static int sbwl[] =
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int ubw[] =
++static int ubw[4] =
+ {
+ RX_UByte,
+ RX_UWord,
+@@ -69,7 +70,7 @@ static int ubw[] =
+ RX_Bad_Size /* Bogus instructions can have a size field set to 3. */
+ };
+
+-static int memex[] =
++static int memex[4] =
+ {
+ RX_SByte,
+ RX_SWord,
+@@ -89,6 +90,9 @@ static int SCALE[] = { 1, 2, 4, 0 };
+ /* This is for the prefix size enum. */
+ static int PSCALE[] = { 4, 1, 1, 1, 2, 2, 2, 3, 4 };
+
++#define GET_SCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (SCALE) ?
SCALE[(_indx)] : 0)
++#define GET_PSCALE(_indx) ((unsigned)(_indx) < ARRAY_SIZE (PSCALE) ?
PSCALE[(_indx)] : 0)
++
+ static int flagmap[] = {0, 1, 2, 3, 0, 0, 0, 0,
+ 16, 17, 0, 0, 0, 0, 0, 0 };
+
+@@ -107,7 +111,7 @@ static int dsp3map[] = { 8, 9, 10, 3, 4,
+ #define DC(c) OP (0, RX_Operand_Immediate, 0, c)
+ #define DR(r) OP (0, RX_Operand_Register, r, 0)
+ #define DI(r,a) OP (0, RX_Operand_Indirect, r, a)
+-#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define DIs(r,a,s) OP (0, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define DD(t,r,s) rx_disp (0, t, r, bwl[s], ld);
+ #define DF(r) OP (0, RX_Operand_Flag, flagmap[r], 0)
+
+@@ -115,7 +119,7 @@ static int dsp3map[] = { 8, 9, 10, 3, 4,
+ #define SR(r) OP (1, RX_Operand_Register, r, 0)
+ #define SRR(r) OP (1, RX_Operand_TwoReg, r, 0)
+ #define SI(r,a) OP (1, RX_Operand_Indirect, r, a)
+-#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define SIs(r,a,s) OP (1, RX_Operand_Indirect, r, (a) * GET_SCALE (s))
+ #define SD(t,r,s) rx_disp (1, t, r, bwl[s], ld);
+ #define SP(t,r) rx_disp (1, t, r, (t!=3) ? RX_UByte : RX_Long, ld); P(t,
1);
+ #define SPm(t,r,m) rx_disp (1, t, r, memex[m], ld); rx->op[1].size =
memex[m];
+@@ -124,7 +128,7 @@ static int dsp3map[] = { 8, 9, 10, 3, 4,
+ #define S2C(i) OP (2, RX_Operand_Immediate, 0, i)
+ #define S2R(r) OP (2, RX_Operand_Register, r, 0)
+ #define S2I(r,a)OP (2, RX_Operand_Indirect, r, a)
+-#define S2Is(r,a,s) OP (2, RX_Operand_Indirect, r, (a) * SCALE[s])
++#define S2Is(r,a,s) OP (2, RX_Operand_I
[OE-core] [pyro][PATCH 13/26] binutls: Security fix for CVE-2017-9744
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9744.patch | 46 ++
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9744.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 946f16c..815e2bf 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -55,6 +55,7 @@ SRC_URI = "\
file://CVE-2017-9039.patch \
file://CVE-2017-9040_9042.patch \
file://CVE-2017-9742.patch \
+ file://CVE-2017-9744.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9744.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9744.patch
new file mode 100644
index 000..c34a5a6
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9744.patch
@@ -0,0 +1,46 @@
+From f461bbd847f15657f3dd2f317c30c75a7520da1f Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Wed, 14 Jun 2017 17:01:54 +0100
+Subject: [PATCH] Fix address violation bug when disassembling a corrupt SH
+ binary.
+
+ PR binutils/21578
+ * elf32-sh.c (sh_elf_set_mach_from_flags): Fix check for invalid
+ flag value.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9744
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++
+ bfd/elf32-sh.c | 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/elf32-sh.c
+===
+--- git.orig/bfd/elf32-sh.c
git/bfd/elf32-sh.c
+@@ -6344,7 +6344,7 @@ sh_elf_set_mach_from_flags (bfd *abfd)
+ {
+ flagword flags = elf_elfheader (abfd)->e_flags & EF_SH_MACH_MASK;
+
+- if (flags >= sizeof(sh_ef_bfd_table))
++ if (flags >= ARRAY_SIZE (sh_ef_bfd_table))
+ return FALSE;
+
+ if (sh_ef_bfd_table[flags] == 0)
+Index: git/bfd/ChangeLog
+===
+--- git.orig/bfd/ChangeLog
git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-06-14 Nick Clifton <ni...@redhat.com>
++
++ PR binutils/21578
++ * elf32-sh.c (sh_elf_set_mach_from_flags): Fix check for invalid
++ flag value.
++
+ 2017-04-29 Alan Modra <amo...@gmail.com>
+
+PR 21432
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 12/26] binutils: Security fix for CVE-2017-9742
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9742.patch | 45 ++
2 files changed, 46 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9742.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index c376433..946f16c 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -54,6 +54,7 @@ SRC_URI = "\
file://CVE-2017-9038_9044.patch \
file://CVE-2017-9039.patch \
file://CVE-2017-9040_9042.patch \
+ file://CVE-2017-9742.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9742.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9742.patch
new file mode 100644
index 000..0c9ed0d
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9742.patch
@@ -0,0 +1,45 @@
+From e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Wed, 14 Jun 2017 17:10:28 +0100
+Subject: [PATCH] Fix seg-fault when trying to disassemble a corrupt score
+ binary.
+
+ PR binutils/21576
+ * score7-dis.c (score_opcodes): Add sentinel.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9742
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ opcodes/ChangeLog| 5 +
+ opcodes/score7-dis.c | 3 ++-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/opcodes/score7-dis.c
+===
+--- git.orig/opcodes/score7-dis.c
git/opcodes/score7-dis.c
+@@ -513,7 +513,8 @@ static struct score_opcode score_opcodes
+ {0x0d05, 0x7f0f, "tvc!"},
+ {0x0026, 0x3e0003ff, "xor\t\t%20-24r, %15-19r, %10-14r"},
+ {0x0027, 0x3e0003ff, "xor.c\t\t%20-24r, %15-19r, %10-14r"},
+- {0x2007, 0x700f, "xor!\t\t%8-11r, %4-7r"}
++ {0x2007, 0x700f, "xor!\t\t%8-11r, %4-7r"},
++ { 0, 0, NULL }
+ };
+
+ typedef struct
+Index: git/opcodes/ChangeLog
+===
+--- git.orig/opcodes/ChangeLog
git/opcodes/ChangeLog
+@@ -1,3 +1,8 @@
++2017-06-14 Nick Clifton <ni...@redhat.com>
++
++ PR binutils/21576
++ * score7-dis.c (score_opcodes): Add sentinel.
++
+ 2017-03-07 Alan Modra <amo...@gmail.com>
+
+ Apply from master
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 17/26] binutls: Security fix for CVE-2017-9748
affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9748.patch | 46 ++
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 6822adb..8a19ac6 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -59,6 +59,7 @@ SRC_URI = "\
file://CVE-2017-9745.patch \
file://CVE-2017-9746.patch \
file://CVE-2017-9747.patch \
+ file://CVE-2017-9748.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
new file mode 100644
index 000..0207023
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9748.patch
@@ -0,0 +1,46 @@
+From 63634bb4a107877dd08b6282e28e11cfd1a1649e Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Thu, 15 Jun 2017 12:44:23 +0100
+Subject: [PATCH] Avoid a possible compiler bug by using a static buffer
+ instead of a stack local buffer.
+
+ PR binutils/21582
+ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
+ bugs.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9748
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++
+ bfd/ieee.c| 2 +-
+ 2 files changed, 7 insertions(+), 1 deletion(-)
+
+Index: git/bfd/ieee.c
+===
+--- git.orig/bfd/ieee.c
git/bfd/ieee.c
+@@ -1875,7 +1875,7 @@ ieee_object_p (bfd *abfd)
+ char *processor;
+ unsigned int part;
+ ieee_data_type *ieee;
+- unsigned char buffer[300];
++ static unsigned char buffer[300];
+ ieee_data_type *save = IEEE_DATA (abfd);
+ bfd_size_type amt;
+
+Index: git/bfd/ChangeLog
+===
+--- git.orig/bfd/ChangeLog
git/bfd/ChangeLog
+@@ -1,5 +1,9 @@
+ 2017-06-15 Nick Clifton <ni...@redhat.com>
+
++ PR binutils/21582
++ * ieee.c (ieee_object_p): Use a static buffer to avoid compiler
++ bugs.
++
+PR binutils/21581
+(ieee_archive_p): Likewise.
+
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 22/26] binutls: Security fix for CVE-2017-9753
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9753.patch | 79 ++
2 files changed, 80 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 68d21c8..c6ef647 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -64,6 +64,7 @@ SRC_URI = "\
file://CVE-2017-9750.patch \
file://CVE-2017-9751.patch \
file://CVE-2017-9752.patch \
+ file://CVE-2017-9753.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch
new file mode 100644
index 000..241142b
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9753.patch
@@ -0,0 +1,79 @@
+From 04f963fd489cae724a60140e13984415c205f4ac Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Wed, 14 Jun 2017 10:35:16 +0100
+Subject: [PATCH] Fix seg-faults in objdump when disassembling a corrupt
+ versados binary.
+
+ PR binutils/21591
+ * versados.c (versados_mkobject): Zero the allocated tdata structure.
+ (process_otr): Check for an invalid offset in the otr structure.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9753
+CVE: CVE-2017-9754
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++
+ bfd/versados.c | 12
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+Index: git/bfd/versados.c
+===
+--- git.orig/bfd/versados.c
git/bfd/versados.c
+@@ -149,7 +149,7 @@ versados_mkobject (bfd *abfd)
+ if (abfd->tdata.versados_data == NULL)
+ {
+ bfd_size_type amt = sizeof (tdata_type);
+- tdata_type *tdata = bfd_alloc (abfd, amt);
++ tdata_type *tdata = bfd_zalloc (abfd, amt);
+
+ if (tdata == NULL)
+ return FALSE;
+@@ -345,13 +345,13 @@ reloc_howto_type versados_howto_table[]
+ };
+
+ static int
+-get_offset (int len, unsigned char *ptr)
++get_offset (unsigned int len, unsigned char *ptr)
+ {
+ int val = 0;
+
+ if (len)
+ {
+- int i;
++ unsigned int i;
+
+ val = *ptr++;
+ if (val & 0x80)
+@@ -394,9 +394,13 @@ process_otr (bfd *abfd, struct ext_otr *
+ int flag = *srcp++;
+ int esdids = (flag >> 5) & 0x7;
+ int sizeinwords = ((flag >> 3) & 1) ? 2 : 1;
+-int offsetlen = flag & 0x7;
++unsigned int offsetlen = flag & 0x7;
+ int j;
+
++/* PR 21591: Check for invalid lengths. */
++if (srcp + esdids + offsetlen >= endp)
++ return;
++
+ if (esdids == 0)
+ {
+ /* A zero esdid means the new pc is the offset given. */
+Index: git/bfd/ChangeLog
+===
+--- git.orig/bfd/ChangeLog
git/bfd/ChangeLog
+@@ -8,6 +8,10 @@
+(ieee_archive_p): Likewise.
+
+ 2017-06-14 Nick Clifton <ni...@redhat.com>
++
++ PR binutils/21591
++ * versados.c (versados_mkobject): Zero the allocated tdata structure.
++ (process_otr): Check for an invalid offset in the otr structure.
+
+PR binutils/21589
+* vms-alpha.c (_bfd_vms_get_value): Add an extra parameter - the
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 24/26] binutls: Secuirty fix for CVE-2017-9756
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9756.patch | 50 ++
2 files changed, 51 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index b4299c8..a2b2901 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -66,6 +66,7 @@ SRC_URI = "\
file://CVE-2017-9752.patch \
file://CVE-2017-9753.patch \
file://CVE-2017-9755.patch \
+ file://CVE-2017-9756.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
new file mode 100644
index 000..191d0be
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9756.patch
@@ -0,0 +1,50 @@
+From cd3ea7c69acc5045eb28f9bf80d923116e15e4f5 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Thu, 15 Jun 2017 13:26:54 +0100
+Subject: [PATCH] Prevent address violation problem when disassembling corrupt
+ aarch64 binary.
+
+ PR binutils/21595
+ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
+ range value.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9756
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ opcodes/ChangeLog | 6 ++
+ opcodes/aarch64-dis.c | 3 +++
+ 2 files changed, 9 insertions(+)
+
+Index: git/opcodes/ChangeLog
+===
+--- git.orig/opcodes/ChangeLog
git/opcodes/ChangeLog
+@@ -6,6 +6,12 @@
+
+ 2017-06-15 Nick Clifton <ni...@redhat.com>
+
++ PR binutils/21595
++ * aarch64-dis.c (aarch64_ext_ldst_reglist): Check for an out of
++ range value.
++
++2017-06-15 Nick Clifton <ni...@redhat.com>
++
+ PR binutils/21588
+ * rl78-decode.opc (OP_BUF_LEN): Define.
+ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
+Index: git/opcodes/aarch64-dis.c
+===
+--- git.orig/opcodes/aarch64-dis.c
git/opcodes/aarch64-dis.c
+@@ -409,6 +409,9 @@ aarch64_ext_ldst_reglist (const aarch64_
+ info->reglist.first_regno = extract_field (FLD_Rt, code, 0);
+ /* opcode */
+ value = extract_field (FLD_opcode, code, 0);
++ /* PR 21595: Check for a bogus value. */
++ if (value >= ARRAY_SIZE (data))
++return 0;
+ if (expected_num != data[value].num_elements || data[value].is_reserved)
+ return 0;
+ info->reglist.num_regs = data[value].num_regs;
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 25/26] binutils: Security fix for CVE-2017-9954
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9954.patch | 58 ++
2 files changed, 59 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index a2b2901..fe9059a 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -67,6 +67,7 @@ SRC_URI = "\
file://CVE-2017-9753.patch \
file://CVE-2017-9755.patch \
file://CVE-2017-9756.patch \
+ file://CVE-2017-9954.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
new file mode 100644
index 000..8a9d7eb
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9954.patch
@@ -0,0 +1,58 @@
+From 04e15b4a9462cb1ae819e878a6009829aab8020b Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Mon, 26 Jun 2017 15:46:34 +0100
+Subject: [PATCH] Fix address violation parsing a corrupt texhex format file.
+
+ PR binutils/21670
+ * tekhex.c (getvalue): Check for the source pointer exceeding the
+ end pointer before the first byte is read.
+
+Upstream-Status: Backport
+CVE: CVE_2017-9954
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++
+ bfd/tekhex.c | 6 +-
+ 2 files changed, 11 insertions(+), 1 deletion(-)
+
+Index: git/bfd/tekhex.c
+===
+--- git.orig/bfd/tekhex.c
git/bfd/tekhex.c
+@@ -273,6 +273,9 @@ getvalue (char **srcp, bfd_vma *valuep,
+ bfd_vma value = 0;
+ unsigned int len;
+
++ if (src >= endp)
++return FALSE;
++
+ if (!ISHEX (*src))
+ return FALSE;
+
+@@ -514,9 +517,10 @@ pass_over (bfd *abfd, bfd_boolean (*func
+ /* To the front of the file. */
+ if (bfd_seek (abfd, (file_ptr) 0, SEEK_SET) != 0)
+ return FALSE;
++
+ while (! is_eof)
+ {
+- char src[MAXCHUNK];
++ static char src[MAXCHUNK];
+ char type;
+
+ /* Find first '%'. */
+Index: git/bfd/ChangeLog
+===
+--- git.orig/bfd/ChangeLog
git/bfd/ChangeLog
+@@ -1,3 +1,9 @@
++2017-06-26 Nick Clifton <ni...@redhat.com>
++
++ PR binutils/21670
++ * tekhex.c (getvalue): Check for the source pointer exceeding the
++ end pointer before the first byte is read.
++
+ 2017-06-15 Nick Clifton <ni...@redhat.com>
+
+PR binutils/21582
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 23/26] binutls: Security fix for CVE-2017-9755
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-9755.patch | 63 ++
2 files changed, 64 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index c6ef647..b4299c8 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -65,6 +65,7 @@ SRC_URI = "\
file://CVE-2017-9751.patch \
file://CVE-2017-9752.patch \
file://CVE-2017-9753.patch \
+ file://CVE-2017-9755.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch
new file mode 100644
index 000..15dc909
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9755.patch
@@ -0,0 +1,63 @@
+From 0d96e4df4812c3bad77c229dfef47a9bc115ac12 Mon Sep 17 00:00:00 2001
+From: "H.J. Lu" <hjl.to...@gmail.com>
+Date: Thu, 15 Jun 2017 06:40:17 -0700
+Subject: [PATCH] i386-dis: Check valid bnd register
+
+Since there are only 4 bnd registers, return "(bad)" for register
+number > 3.
+
+ PR binutils/21594
+ * i386-dis.c (OP_E_register): Check valid bnd register.
+ (OP_G): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9755
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ opcodes/ChangeLog | 6 ++
+ opcodes/i386-dis.c | 10 ++
+ 2 files changed, 16 insertions(+)
+
+Index: git/opcodes/ChangeLog
+===
+--- git.orig/opcodes/ChangeLog
git/opcodes/ChangeLog
+@@ -1,3 +1,9 @@
++2017-06-15 H.J. Lu <hongjiu...@intel.com>
++
++ PR binutils/21594
++ * i386-dis.c (OP_E_register): Check valid bnd register.
++ (OP_G): Likewise.
++
+ 2017-06-15 Nick Clifton <ni...@redhat.com>
+
+ PR binutils/21588
+Index: git/opcodes/i386-dis.c
+===
+--- git.orig/opcodes/i386-dis.c
git/opcodes/i386-dis.c
+@@ -14939,6 +14939,11 @@ OP_E_register (int bytemode, int sizefla
+ names = address_mode == mode_64bit ? names64 : names32;
+ break;
+ case bnd_mode:
++ if (reg > 0x3)
++ {
++oappend ("(bad)");
++return;
++ }
+ names = names_bnd;
+ break;
+ case indir_v_mode:
+@@ -15483,6 +15488,11 @@ OP_G (int bytemode, int sizeflag)
+ oappend (names64[modrm.reg + add]);
+ break;
+ case bnd_mode:
++ if (modrm.reg > 0x3)
++ {
++oappend ("(bad)");
++return;
++ }
+ oappend (names_bnd[modrm.reg]);
+ break;
+ case v_mode:
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 26/26] binutls: Security fix for CVE-2017-9955
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 9 +
.../binutils/binutils/CVE-2017-9955_1.patch| 168 ++
.../binutils/binutils/CVE-2017-9955_2.patch| 122 +++
.../binutils/binutils/CVE-2017-9955_3.patch| 48 +++
.../binutils/binutils/CVE-2017-9955_4.patch| 51 +++
.../binutils/binutils/CVE-2017-9955_5.patch| 89 ++
.../binutils/binutils/CVE-2017-9955_6.patch| 56
.../binutils/binutils/CVE-2017-9955_7.patch| 80 +
.../binutils/binutils/CVE-2017-9955_8.patch| 187 +++
.../binutils/binutils/CVE-2017-9955_9.patch| 356 +
10 files changed, 1166 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9955_2.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9955_3.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9955_4.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9955_5.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9955_6.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9955_7.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9955_8.patch
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-9955_9.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index fe9059a..1784c52 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -68,6 +68,15 @@ SRC_URI = "\
file://CVE-2017-9755.patch \
file://CVE-2017-9756.patch \
file://CVE-2017-9954.patch \
+ file://CVE-2017-9955_1.patch \
+ file://CVE-2017-9955_2.patch \
+ file://CVE-2017-9955_3.patch \
+ file://CVE-2017-9955_4.patch \
+ file://CVE-2017-9955_5.patch \
+ file://CVE-2017-9955_6.patch \
+ file://CVE-2017-9955_7.patch \
+ file://CVE-2017-9955_8.patch \
+ file://CVE-2017-9955_9.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
new file mode 100644
index 000..774670f
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9955_1.patch
@@ -0,0 +1,168 @@
+From cfd14a500e0485374596234de4db10e88ebc7618 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Mon, 26 Jun 2017 15:25:08 +0100
+Subject: [PATCH] Fix address violations when atempting to parse fuzzed
+ binaries.
+
+ PR binutils/21665
+bfd* opncls.c (get_build_id): Check that the section is beig enough
+ to contain the whole note.
+ * compress.c (bfd_get_full_section_contents): Check for and reject
+ a section whoes size is greater than the size of the entire file.
+ * elf32-v850.c (v850_elf_copy_notes): Allow for the ouput to not
+ contain a notes section.
+
+binutils* objdump.c (disassemble_section): Skip any section that is bigger
+ than the entire file.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9955 #1
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 10 ++
+ bfd/compress.c | 6 ++
+ bfd/elf32-v850.c | 4 +++-
+ bfd/opncls.c | 18 --
+ binutils/ChangeLog | 6 ++
+ binutils/objdump.c | 4 ++--
+ 6 files changed, 43 insertions(+), 5 deletions(-)
+
+Index: git/bfd/compress.c
+===
+--- git.orig/bfd/compress.c
git/bfd/compress.c
+@@ -239,6 +239,12 @@ bfd_get_full_section_contents (bfd *abfd
+ *ptr = NULL;
+ return TRUE;
+ }
++ else if (bfd_get_file_size (abfd) > 0
++ && sz > (bfd_size_type) bfd_get_file_size (abfd))
++{
++ *ptr = NULL;
++ return FALSE;
++}
+
+ switch (sec->compress_status)
+ {
+Index: git/bfd/elf32-v850.c
+===
+--- git.orig/bfd/elf32-v850.c
git/bfd/elf32-v850.c
+@@ -2450,7 +2450,9 @@ v850_elf_copy_notes (bfd *ibfd, bfd *obf
+ BFD_ASSERT (bfd_malloc_and_get_section (ibfd, inotes, & icont));
+
+ if ((ocont = elf_section_data (onotes)->this_hdr.contents) == NULL)
+- BFD_ASSERT (bfd_malloc_and_get_section (obfd, onotes, & ocont));
++ /* If the output is being stripped then it is possible for
++ the notes section to disappear. In this case do nothing. */
++ return;
+
+ /* Copy/overwrite notes from the input to the output. */
+ memcpy (ocont, icont, bfd_section_size (obfd, onotes));
+Index: git/bfd/opncls.c
+==
[OE-core] [pyro][PATCH 20/26] binutls: Security fix for CVE-2017-9751
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc |1 +
.../binutils/binutils/CVE-2017-9751.patch | 3748
2 files changed, 3749 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index c63a2e5..99fc1b1 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -62,6 +62,7 @@ SRC_URI = "\
file://CVE-2017-9748.patch \
file://CVE-2017-9749.patch \
file://CVE-2017-9750.patch \
+ file://CVE-2017-9751.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
new file mode 100644
index 000..d7c18cf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-9751.patch
@@ -0,0 +1,3748 @@
+From 63323b5b23bd83fa7b04ea00dff593c933e9b0e3 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Thu, 15 Jun 2017 12:37:01 +0100
+Subject: [PATCH] Fix address violation when disassembling a corrupt RL78
+ binary.
+
+ PR binutils/21588
+ * rl78-decode.opc (OP_BUF_LEN): Define.
+ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
+ (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf
+ array.
+ * rl78-decode.c: Regenerate.
+
+Upstream-Status: Backport
+CVE: CVE-2017-9751
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ opcodes/ChangeLog | 9 +
+ opcodes/rl78-decode.c | 820
+ opcodes/rl78-decode.opc | 6 +-
+ 3 files changed, 424 insertions(+), 411 deletions(-)
+
+diff --git a/opcodes/ChangeLog b/opcodes/ChangeLog
+index 34b1844..c77f00a 100644
+--- a/opcodes/ChangeLog
b/opcodes/ChangeLog
+@@ -1,5 +1,14 @@
+ 2017-06-15 Nick Clifton <ni...@redhat.com>
+
++ PR binutils/21588
++ * rl78-decode.opc (OP_BUF_LEN): Define.
++ (GETBYTE): Check for the index exceeding OP_BUF_LEN.
++ (rl78_decode_opcode): Use OP_BUF_LEN as the length of the op_buf
++ array.
++ * rl78-decode.c: Regenerate.
++
++2017-06-15 Nick Clifton <ni...@redhat.com>
++
+ PR binutils/21586
+ * bfin-dis.c (gregs): Clip index to prevent overflow.
+ (regs): Likewise.
+diff --git a/opcodes/rl78-decode.c b/opcodes/rl78-decode.c
+index d0566ea..b2d4bd6 100644
+--- a/opcodes/rl78-decode.c
b/opcodes/rl78-decode.c
+@@ -51,7 +51,9 @@ typedef struct
+ #define W() rl78->size = RL78_Word
+
+ #define AU ATTRIBUTE_UNUSED
+-#define GETBYTE() (ld->op [ld->rl78->n_bytes++] = ld->getbyte (ld->ptr))
++
++#define OP_BUF_LEN 20
++#define GETBYTE() (ld->rl78->n_bytes < (OP_BUF_LEN - 1) ? ld->op
[ld->rl78->n_bytes++] = ld->getbyte (ld->ptr): 0)
+ #define B ((unsigned long) GETBYTE())
+
+ #define SYNTAX(x) rl78->syntax = x
+@@ -169,7 +171,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ RL78_Dis_Isa isa)
+ {
+ LocalData lds, * ld =
+- unsigned char op_buf[20] = {0};
++ unsigned char op_buf[OP_BUF_LEN] = {0};
+ unsigned char *op = op_buf;
+ int op0, op1;
+
+@@ -201,7 +203,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("nop");
+-#line 911 "rl78-decode.opc"
++#line 913 "rl78-decode.opc"
+ ID(nop);
+
+
/*--*/
+@@ -214,7 +216,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ case 0x07:
+ {
+ /** 0rw1 addw%0, %1
*/
+-#line 274 "rl78-decode.opc"
++#line 276 "rl78-decode.opc"
+ int rw AU = (op[0] >> 1) & 0x03;
+ if (trace)
+ {
+@@ -224,7 +226,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ printf (" rw = 0x%x\n", rw);
+ }
+ SYNTAX("addw%0, %1");
+-#line 274 "rl78-decode.opc"
++#line 276 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SRW(rw); Fzac;
+
+ }
+@@ -239,7 +241,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addw%0, %e!1");
+-#line 265 "rl78-decode.opc"
++#line 267 "rl78-decode.opc"
+ ID(add); W(); DR(AX); SM(None, IMMU(2)); Fzac;
+
+ }
+@@ -254,7 +256,7 @@ rl78_decode_opcode (unsigned long pc AU,
+ op[0]);
+ }
+ SYNTAX("addw%0, #%1");
+-#line 271 "rl78-decode.opc"
++#line 273 "rl78-decode.opc"
+
[OE-core] [pyro][PATCH 04/26] binutls: Secuirty fix CVE-2017-8394
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-8394.patch | 118 +
2 files changed, 119 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 53299fa..8334a4c 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -46,6 +46,7 @@ SRC_URI = "\
file://CVE-2017-7223.patch \
file://CVE-2017-7614.patch \
file://CVE-2017-8393.patch \
+ file://CVE-2017-8394.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
new file mode 100644
index 000..e6c6b17
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8394.patch
@@ -0,0 +1,118 @@
+From 7eacd66b086cabb1daab20890d5481894d4f56b2 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amo...@gmail.com>
+Date: Sun, 23 Apr 2017 15:21:11 +0930
+Subject: [PATCH] PR 21414, null pointer deref of _bfd_elf_large_com_section
+ sym
+
+ PR 21414
+ * section.c (GLOBAL_SYM_INIT): Make available in bfd.h.
+ * elf.c (lcomm_sym): New.
+ (_bfd_elf_large_com_section): Use lcomm_sym section symbol.
+ * bfd-in2.h: Regenerate.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8394
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 8
+ bfd/bfd-in2.h | 12
+ bfd/elf.c | 6 --
+ bfd/section.c | 24
+ 4 files changed, 36 insertions(+), 14 deletions(-)
+
+Index: git/bfd/bfd-in2.h
+===
+--- git.orig/bfd/bfd-in2.h
git/bfd/bfd-in2.h
+@@ -1838,6 +1838,18 @@ extern asection _bfd_std_section[4];
+ { NULL }, { NULL }\
+ }
+
++/* We use a macro to initialize the static asymbol structures because
++ traditional C does not permit us to initialize a union member while
++ gcc warns if we don't initialize it.
++ the_bfd, name, value, attr, section [, udata] */
++#ifdef __STDC__
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++ { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++#else
++#define GLOBAL_SYM_INIT(NAME, SECTION) \
++ { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++#endif
++
+ void bfd_section_list_clear (bfd *);
+
+ asection *bfd_get_section_by_name (bfd *abfd, const char *name);
+Index: git/bfd/elf.c
+===
+--- git.orig/bfd/elf.c
git/bfd/elf.c
+@@ -11164,9 +11164,11 @@ _bfd_elf_get_synthetic_symtab (bfd *abfd
+
+ /* It is only used by x86-64 so far.
+??? This repeats *COM* id of zero. sec->id is supposed to be unique,
+- but current usage would allow all of _bfd_std_section to be zero. t*/
++ but current usage would allow all of _bfd_std_section to be zero. */
++static const asymbol lcomm_sym
++ = GLOBAL_SYM_INIT ("LARGE_COMMON", &_bfd_elf_large_com_section);
+ asection _bfd_elf_large_com_section
+- = BFD_FAKE_SECTION (_bfd_elf_large_com_section, NULL,
++ = BFD_FAKE_SECTION (_bfd_elf_large_com_section, _sym,
+ "LARGE_COMMON", 0, SEC_IS_COMMON);
+
+ void
+Index: git/bfd/section.c
+===
+--- git.orig/bfd/section.c
git/bfd/section.c
+@@ -738,20 +738,20 @@ CODE_FRAGMENT
+ . { NULL }, { NULL } \
+ .}
+ .
++.{* We use a macro to initialize the static asymbol structures because
++. traditional C does not permit us to initialize a union member while
++. gcc warns if we don't initialize it.
++. the_bfd, name, value, attr, section [, udata] *}
++.#ifdef __STDC__
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++. { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
++.#else
++.#define GLOBAL_SYM_INIT(NAME, SECTION) \
++. { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
++.#endif
++.
+ */
+
+-/* We use a macro to initialize the static asymbol structures because
+- traditional C does not permit us to initialize a union member while
+- gcc warns if we don't initialize it. */
+- /* the_bfd, name, value, attr, section [, udata] */
+-#ifdef __STDC__
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+- { 0, NAME, 0, BSF_SECTION_SYM, SECTION, { 0 }}
+-#else
+-#define GLOBAL_SYM_INIT(NAME, SECTION) \
+- { 0, NAME, 0, BSF_SECTION_SYM, SECTION }
+-#endif
+-
+ /* These symbols are global, not specific to any BFD. Therefore, anything
+that tries to change them is broken, and should be repaired. */
+
+Index: git/bfd/ChangeLog
+=
[OE-core] [pyro][PATCH 05/26] binutls: Security fix CVE-2017-8395
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-8395.patch | 72 ++
2 files changed, 73 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 8334a4c..8c91f4c 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -47,6 +47,7 @@ SRC_URI = "\
file://CVE-2017-7614.patch \
file://CVE-2017-8393.patch \
file://CVE-2017-8394.patch \
+ file://CVE-2017-8395.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
new file mode 100644
index 000..0a9bce3
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8395.patch
@@ -0,0 +1,72 @@
+From e63d123268f23a4cbc45ee55fb6dbc7d84729da3 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Wed, 26 Apr 2017 13:07:49 +0100
+Subject: [PATCH] Fix seg-fault attempting to compress a debug section in a
+ corrupt binary.
+
+ PR binutils/21431
+ * compress.c (bfd_init_section_compress_status): Check the return
+ value from bfd_malloc.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8395
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 6 ++
+ bfd/compress.c | 19 +--
+ 2 files changed, 15 insertions(+), 10 deletions(-)
+
+Index: git/bfd/compress.c
+===
+--- git.orig/bfd/compress.c
git/bfd/compress.c
+@@ -542,7 +542,6 @@ bfd_init_section_compress_status (bfd *a
+ {
+ bfd_size_type uncompressed_size;
+ bfd_byte *uncompressed_buffer;
+- bfd_boolean ret;
+
+ /* Error if not opened for read. */
+ if (abfd->direction != read_direction
+@@ -558,18 +557,18 @@ bfd_init_section_compress_status (bfd *a
+ /* Read in the full section contents and compress it. */
+ uncompressed_size = sec->size;
+ uncompressed_buffer = (bfd_byte *) bfd_malloc (uncompressed_size);
++ /* PR 21431 */
++ if (uncompressed_buffer == NULL)
++return FALSE;
++
+ if (!bfd_get_section_contents (abfd, sec, uncompressed_buffer,
+0, uncompressed_size))
+-ret = FALSE;
+- else
+-{
+- uncompressed_size = bfd_compress_section_contents (abfd, sec,
+- uncompressed_buffer,
+- uncompressed_size);
+- ret = uncompressed_size != 0;
+-}
++return FALSE;
+
+- return ret;
++ uncompressed_size = bfd_compress_section_contents (abfd, sec,
++ uncompressed_buffer,
++ uncompressed_size);
++ return uncompressed_size != 0;
+ }
+
+ /*
+Index: git/bfd/ChangeLog
+===
+--- git.orig/bfd/ChangeLog
git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2017-04-26 Nick Clifton <ni...@redhat.com>
++
++ PR binutils/21431
++ * compress.c (bfd_init_section_compress_status): Check the return
++ value from bfd_malloc.
+
+ 2017-04-23 Alan Modra <amo...@gmail.com>
+PR 21414
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 06/26] binutils: Secuirty fix CVE-2017-8396 and CVE-2017-8397
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-8396_8397.patch | 102 +
2 files changed, 103 insertions(+)
create mode 100644
meta/recipes-devtools/binutils/binutils/CVE-2017-8396_8397.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 8c91f4c..ca78a30 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -48,6 +48,7 @@ SRC_URI = "\
file://CVE-2017-8393.patch \
file://CVE-2017-8394.patch \
file://CVE-2017-8395.patch \
+ file://CVE-2017-8396_8397.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8396_8397.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-8396_8397.patch
new file mode 100644
index 000..14f4282
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8396_8397.patch
@@ -0,0 +1,102 @@
+From a941291cab71b9ac356e1c03968c177c03e602ab Mon Sep 17 00:00:00 2001
+From: Alan Modra <amo...@gmail.com>
+Date: Sat, 29 Apr 2017 14:48:16 +0930
+Subject: [PATCH] PR21432, buffer overflow in perform_relocation
+
+The existing reloc offset range tests didn't catch small negative
+offsets less than the size of the reloc field.
+
+ PR 21432
+ * reloc.c (reloc_offset_in_range): New function.
+ (bfd_perform_relocation, bfd_install_relocation): Use it.
+ (_bfd_final_link_relocate): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8396
+CVE: CVE-2017-8397
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 7 +++
+ bfd/reloc.c | 32
+ 2 files changed, 27 insertions(+), 12 deletions(-)
+
+Index: git/bfd/reloc.c
+===
+--- git.orig/bfd/reloc.c
git/bfd/reloc.c
+@@ -538,6 +538,22 @@ bfd_check_overflow (enum complain_overfl
+ return flag;
+ }
+
++/* HOWTO describes a relocation, at offset OCTET. Return whether the
++ relocation field is within SECTION of ABFD. */
++
++static bfd_boolean
++reloc_offset_in_range (reloc_howto_type *howto, bfd *abfd,
++ asection *section, bfd_size_type octet)
++{
++ bfd_size_type octet_end = bfd_get_section_limit_octets (abfd, section);
++ bfd_size_type reloc_size = bfd_get_reloc_size (howto);
++
++ /* The reloc field must be contained entirely within the section.
++ Allow zero length fields (marker relocs or NONE relocs where no
++ relocation will be performed) at the end of the section. */
++ return octet <= octet_end && octet + reloc_size <= octet_end;
++}
++
+ /*
+ FUNCTION
+ bfd_perform_relocation
+@@ -618,13 +634,10 @@ bfd_perform_relocation (bfd *abfd,
+ /* PR 17512: file: 0f67f69d. */
+ if (howto == NULL)
+ return bfd_reloc_undefined;
+-
+- /* Is the address of the relocation really within the section?
+- Include the size of the reloc in the test for out of range addresses.
+- PR 17512: file: c146ab8b, 46dff27f, 38e53ebf. */
++
++ /* Is the address of the relocation really within the section? */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section))
++ if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+@@ -1012,8 +1025,7 @@ bfd_install_relocation (bfd *abfd,
+
+ /* Is the address of the relocation really within the section? */
+ octets = reloc_entry->address * bfd_octets_per_byte (abfd);
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (abfd, input_section))
++ if (!reloc_offset_in_range (howto, abfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* Work out which section the relocation is targeted at and the
+@@ -1351,8 +1363,7 @@ _bfd_final_link_relocate (reloc_howto_ty
+ bfd_size_type octets = address * bfd_octets_per_byte (input_bfd);
+
+ /* Sanity check the address. */
+- if (octets + bfd_get_reloc_size (howto)
+- > bfd_get_section_limit_octets (input_bfd, input_section))
++ if (!reloc_offset_in_range (howto, input_bfd, input_section, octets))
+ return bfd_reloc_outofrange;
+
+ /* This function assumes that we are dealing with a basic relocation
+Index: git/bfd/ChangeLog
+===
+--- git.orig/bfd/ChangeLog
git/bfd/ChangeLog
+@@ -1,3 +1,10 @@
++2017-04-29 Alan Modra <amo...@gmail.com>
++
++ PR 21432
++ * reloc.c (reloc_offset_in_range): New function.
++ (bfd_perform_relocation, bfd_install_relocation): Use it.
[OE-core] [pyro][PATCH 07/26] binutils: Security fix for CVE-2017-8398
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-8398.patch | 147 +
2 files changed, 148 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index ca78a30..d58d7b8 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -49,6 +49,7 @@ SRC_URI = "\
file://CVE-2017-8394.patch \
file://CVE-2017-8395.patch \
file://CVE-2017-8396_8397.patch \
+ file://CVE-2017-8398.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
new file mode 100644
index 000..5b9acc8
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8398.patch
@@ -0,0 +1,147 @@
+From d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Fri, 28 Apr 2017 10:28:04 +0100
+Subject: [PATCH] Fix heap-buffer overflow bugs caused when dumping debug
+ information from a corrupt binary.
+
+ PR binutils/21438
+ * dwarf.c (process_extended_line_op): Do not assume that the
+ string extracted from the section is NUL terminated.
+ (fetch_indirect_string): If the string retrieved from the section
+ is not NUL terminated, return an error message.
+ (fetch_indirect_line_string): Likewise.
+ (fetch_indexed_string): Likewise.
+
+Upstream-Status: Backport
+CVE: CVE-2017-8398
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ binutils/ChangeLog | 10 +
+ binutils/dwarf.c | 66 +-
+ 2 files changed, 60 insertions(+), 16 deletions(-)
+
+Index: git/binutils/dwarf.c
+===
+--- git.orig/binutils/dwarf.c
git/binutils/dwarf.c
+@@ -472,15 +472,20 @@ process_extended_line_op (unsigned char
+ printf (_(" Entry\tDir\tTime\tSize\tName\n"));
+ printf (" %d\t", ++state_machine_regs.last_file_entry);
+
+- name = data;
+- data += strnlen ((char *) data, end - data) + 1;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read,
end)));
+- data += bytes_read;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read,
end)));
+- data += bytes_read;
+- printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read,
end)));
+- data += bytes_read;
+- printf ("%s\n\n", name);
++ {
++ size_t l;
++
++ name = data;
++ l = strnlen ((char *) data, end - data);
++ data += len + 1;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read,
end)));
++ data += bytes_read;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read,
end)));
++ data += bytes_read;
++ printf ("%s\t", dwarf_vmatoa ("u", read_uleb128 (data, & bytes_read,
end)));
++ data += bytes_read;
++ printf ("%.*s\n\n", (int) l, name);
++ }
+
+ if (((unsigned int) (data - orig_data) != len) || data == end)
+ warn (_("DW_LNE_define_file: Bad opcode length\n"));
+@@ -597,18 +602,27 @@ static const unsigned char *
+ fetch_indirect_string (dwarf_vma offset)
+ {
+ struct dwarf_section *section = _displays [str].section;
++ const unsigned char * ret;
+
+ if (section->start == NULL)
+ return (const unsigned char *) _("");
+
+- if (offset > section->size)
++ if (offset >= section->size)
+ {
+ warn (_("DW_FORM_strp offset too big: %s\n"),
+ dwarf_vmatoa ("x", offset));
+ return (const unsigned char *) _("");
+ }
++ ret = section->start + offset;
++ /* Unfortunately we cannot rely upon the .debug_str section ending with a
++ NUL byte. Since our caller is expecting to receive a well formed C
++ string we test for the lack of a terminating byte here. */
++ if (strnlen ((const char *) ret, section->size - offset)
++ == section->size - offset)
++ret = (const unsigned char *)
++ _("");
+
+- return (const unsigned char *) section->start + offset;
++ return ret;
+ }
+
+ static const char *
+@@ -621,6 +635,7 @@ fetch_indexed_string (dwarf_vma idx, str
+ struct dwarf_section *str_section = _displays [str_sec_idx].section;
+ dwarf_vma index_offset = idx * offset_size;
+ dwarf_vma str_offset;
++ const char * ret;
+
+
[OE-core] [pyro][PATCH 01/26] binutils: Security fix CVE-2017-7223
Affects <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-7223.patch | 52 ++
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 40b518b..f09bcdc 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -43,6 +43,7 @@ SRC_URI = "\
file://CVE-2017-6969_2.patch \
file://CVE-2017-7209.patch \
file://CVE-2017-7210.patch \
+ file://CVE-2017-7223.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
new file mode 100644
index 000..c78c8bf
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7223.patch
@@ -0,0 +1,52 @@
+From 69ace2200106348a1b00d509a6a234337c104c17 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Thu, 1 Dec 2016 15:20:19 +
+Subject: [PATCH] Fix seg fault attempting to unget an EOF character.
+
+ PR gas/20898
+ * app.c (do_scrub_chars): Do not attempt to unget EOF.
+
+Affects: <= 2.28
+Upstream-Status: Backport
+CVE: CVE-2017-7223
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ gas/ChangeLog | 3 +++
+ gas/app.c | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+Index: git/gas/ChangeLog
+===
+--- git.orig/gas/ChangeLog
git/gas/ChangeLog
+@@ -1,3 +1,8 @@
++2016-12-01 Nick Clifton <ni...@redhat.com>
++
++ PR gas/20898
++ * app.c (do_scrub_chars): Do not attempt to unget EOF.
++
+ 2017-03-02 Tristan Gingold <ging...@adacore.com>
+
+ * configure: Regenerate.
+@@ -198,7 +203,6 @@
+ * config/tc-pru.c (md_number_to_chars): Fix parameter to be
+ valueT, as declared in tc.h.
+ (md_apply_fix): Fix to work on 32-bit hosts.
+->>>>>>> 0115611... RISC-V/GAS: Correct branch relaxation for weak symbols.
+
+ 2017-01-02 Alan Modra <amo...@gmail.com>
+
+Index: git/gas/app.c
+===
+--- git.orig/gas/app.c
git/gas/app.c
+@@ -1350,7 +1350,7 @@ do_scrub_chars (size_t (*get) (char *, s
+ PUT (ch);
+ break;
+ }
+-else
++else if (ch2 != EOF)
+ {
+ state = 9;
+ if (ch == EOF || !IS_SYMBOL_COMPONENT (ch))
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [pyro][PATCH 02/26] binutils: Security Fix CVE-2017-7614
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-7614.patch | 103 +
2 files changed, 104 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index f09bcdc..6ae091c 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -44,6 +44,7 @@ SRC_URI = "\
file://CVE-2017-7209.patch \
file://CVE-2017-7210.patch \
file://CVE-2017-7223.patch \
+ file://CVE-2017-7614.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
new file mode 100644
index 000..be8631a
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-7614.patch
@@ -0,0 +1,103 @@
+From ad32986fdf9da1c8748e47b8b45100398223dba8 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <ni...@redhat.com>
+Date: Tue, 4 Apr 2017 11:23:36 +0100
+Subject: [PATCH] Fix null pointer dereferences when using a link built with
+ clang.
+
+ PR binutils/21342
+ * elflink.c (_bfd_elf_define_linkage_sym): Prevent null pointer
+ dereference.
+ (bfd_elf_final_link): Only initialize the extended symbol index
+ section if there are extended symbol tables to list.
+
+Upstream-Status: Backport
+CVE: CVE-2017-7614
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 8
+ bfd/elflink.c | 35 +--
+ 2 files changed, 29 insertions(+), 14 deletions(-)
+
+Index: git/bfd/elflink.c
+===
+--- git.orig/bfd/elflink.c
git/bfd/elflink.c
+@@ -119,15 +119,18 @@ _bfd_elf_define_linkage_sym (bfd *abfd,
+defined in shared libraries can't be overridden, because we
+lose the link to the bfd which is via the symbol section. */
+ h->root.type = bfd_link_hash_new;
++ bh = >root;
+ }
++ else
++bh = NULL;
+
+- bh = >root;
+ bed = get_elf_backend_data (abfd);
+ if (!_bfd_generic_link_add_one_symbol (info, abfd, name, BSF_GLOBAL,
+sec, 0, NULL, FALSE, bed->collect,
+))
+ return NULL;
+ h = (struct elf_link_hash_entry *) bh;
++ BFD_ASSERT (h != NULL);
+ h->def_regular = 1;
+ h->non_elf = 0;
+ h->root.linker_def = 1;
+@@ -11973,24 +11976,28 @@ bfd_elf_final_link (bfd *abfd, struct bf
+ {
+ /* Finish up and write out the symbol string table (.strtab)
+section. */
+- Elf_Internal_Shdr *symstrtab_hdr;
++ Elf_Internal_Shdr *symstrtab_hdr = NULL;
+ file_ptr off = symtab_hdr->sh_offset + symtab_hdr->sh_size;
+
+- symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+- if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ if (elf_symtab_shndx_list (abfd))
+ {
+-symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
+-symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
+-symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
+-amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
+-symtab_shndx_hdr->sh_size = amt;
++symtab_shndx_hdr = & elf_symtab_shndx_list (abfd)->hdr;
+
+-off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
+- off, TRUE);
++if (symtab_shndx_hdr != NULL && symtab_shndx_hdr->sh_name != 0)
++ {
++symtab_shndx_hdr->sh_type = SHT_SYMTAB_SHNDX;
++symtab_shndx_hdr->sh_entsize = sizeof (Elf_External_Sym_Shndx);
++symtab_shndx_hdr->sh_addralign = sizeof (Elf_External_Sym_Shndx);
++amt = bfd_get_symcount (abfd) * sizeof (Elf_External_Sym_Shndx);
++symtab_shndx_hdr->sh_size = amt;
+
+-if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
+-|| (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
+- return FALSE;
++off = _bfd_elf_assign_file_position_for_section (symtab_shndx_hdr,
++ off, TRUE);
++
++if (bfd_seek (abfd, symtab_shndx_hdr->sh_offset, SEEK_SET) != 0
++|| (bfd_bwrite (flinfo.symshndxbuf, amt, abfd) != amt))
++ return FALSE;
++ }
+ }
+
+ symstrtab_hdr = _tdata (abfd)->strtab_hdr;
+Index: git/bfd/ChangeLog
+===
+--- git
[OE-core] [pyro][PATCH 03/26] binutils: Security fix CVE-2017-8393
Affects: <= 2.28
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../binutils/binutils/CVE-2017-8393.patch | 205 +
2 files changed, 206 insertions(+)
create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
diff --git a/meta/recipes-devtools/binutils/binutils-2.28.inc
b/meta/recipes-devtools/binutils/binutils-2.28.inc
index 6ae091c..53299fa 100644
--- a/meta/recipes-devtools/binutils/binutils-2.28.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.28.inc
@@ -45,6 +45,7 @@ SRC_URI = "\
file://CVE-2017-7210.patch \
file://CVE-2017-7223.patch \
file://CVE-2017-7614.patch \
+ file://CVE-2017-8393.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
b/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
new file mode 100644
index 000..095cfc7
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2017-8393.patch
@@ -0,0 +1,205 @@
+From bce964aa6c777d236fbd641f2bc7bb931cfe4bf3 Mon Sep 17 00:00:00 2001
+From: Alan Modra <amo...@gmail.com>
+Date: Sun, 23 Apr 2017 11:03:34 +0930
+Subject: [PATCH] PR 21412, get_reloc_section assumes .rel/.rela name for
+ SHT_REL/RELA.
+
+This patch fixes an assumption made by code that runs for objcopy and
+strip, that SHT_REL/SHR_RELA sections are always named starting with a
+.rel/.rela prefix. I'm also modifying the interface for
+elf_backend_get_reloc_section, so any backend function just needs to
+handle name mapping.
+
+ PR 21412
+ * elf-bfd.h (struct elf_backend_data ): Change
+ parameters and comment.
+ (_bfd_elf_get_reloc_section): Delete.
+ (_bfd_elf_plt_get_reloc_section): Declare.
+ * elf.c (_bfd_elf_plt_get_reloc_section, elf_get_reloc_section):
+ New functions. Don't blindly skip over assumed .rel/.rela prefix.
+ Extracted from..
+ (_bfd_elf_get_reloc_section): ..here. Delete.
+ (assign_section_numbers): Call elf_get_reloc_section.
+ * elf64-ppc.c (elf_backend_get_reloc_section): Define.
+ * elfxx-target.h (elf_backend_get_reloc_section): Update.
+
+Upstream-Status: Backort
+CVE: CVE-2017-8393
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ bfd/ChangeLog | 15 ++
+ bfd/elf-bfd.h | 8 ---
+ bfd/elf.c | 61 +++---
+ bfd/elf64-ppc.c| 1 +
+ bfd/elfxx-target.h | 2 +-
+ 5 files changed, 57 insertions(+), 30 deletions(-)
+
+Index: git/bfd/elf-bfd.h
+===
+--- git.orig/bfd/elf-bfd.h
git/bfd/elf-bfd.h
+@@ -1322,8 +1322,10 @@ struct elf_backend_data
+ bfd_size_type (*maybe_function_sym) (const asymbol *sym, asection *sec,
+ bfd_vma *code_off);
+
+- /* Return the section which RELOC_SEC applies to. */
+- asection *(*get_reloc_section) (asection *reloc_sec);
++ /* Given NAME, the name of a relocation section stripped of its
++ .rel/.rela prefix, return the section in ABFD to which the
++ relocations apply. */
++ asection *(*get_reloc_section) (bfd *abfd, const char *name);
+
+ /* Called to set the sh_flags, sh_link and sh_info fields of OSECTION which
+ has a type >= SHT_LOOS. Returns TRUE if the fields were initialised,
+@@ -2392,7 +2394,7 @@ extern bfd_boolean _bfd_elf_is_function_
+ extern bfd_size_type _bfd_elf_maybe_function_sym (const asymbol *, asection *,
+ bfd_vma *);
+
+-extern asection *_bfd_elf_get_reloc_section (asection *);
++extern asection *_bfd_elf_plt_get_reloc_section (bfd *, const char *);
+
+ extern int bfd_elf_get_default_section_type (flagword);
+
+Index: git/bfd/elf.c
+===
+--- git.orig/bfd/elf.c
git/bfd/elf.c
+@@ -3532,17 +3532,39 @@ bfd_elf_set_group_contents (bfd *abfd, a
+ H_PUT_32 (abfd, sec->flags & SEC_LINK_ONCE ? GRP_COMDAT : 0, loc);
+ }
+
+-/* Return the section which RELOC_SEC applies to. */
++/* Given NAME, the name of a relocation section stripped of its
++ .rel/.rela prefix, return the section in ABFD to which the
++ relocations apply. */
+
+ asection *
+-_bfd_elf_get_reloc_section (asection *reloc_sec)
++_bfd_elf_plt_get_reloc_section (bfd *abfd, const char *name)
++{
++ /* If a target needs .got.plt section, relocations in rela.plt/rel.plt
++ section likely apply to .got.plt or .got section. */
++ if (get_elf_backend_data (abfd)->want_got_plt
++ && strcmp (name, ".plt") == 0)
++{
++ asection *sec;
++
++ name = ".got.plt";
++ sec = bfd_get_section_by_name (abfd, name);
++ if (sec != NULL)
++ return sec;
++ name = ".got";
++}
++
++ return bfd
[OE-core] [V2][PATCH] glibc: Security fix CVE-2017-15670
From: Armin Kuster <akus...@mvista.com>
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error
leading to a heap-based buffer overflow in the glob function in glob.c, related
to the processing of home directories using the ~ operator followed by a long
string.
Affects: glibc < 2.27
v2]
capitlize "signed-off-by" in patch
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-core/glibc/glibc/CVE-2017-15670.patch | 61 ++
meta/recipes-core/glibc/glibc_2.26.bb | 1 +
2 files changed, 62 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
new file mode 100644
index 000..ae050a5
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
@@ -0,0 +1,61 @@
+From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <egg...@cs.ucla.edu>
+Date: Fri, 20 Oct 2017 18:41:14 +0200
+Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+
+(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)
+
+Upstream-Status: Backport
+CVE: CVE-2017-15670
+Affects: glibc < 2.27
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ ChangeLog| 6 ++
+ NEWS | 5 +
+ posix/glob.c | 2 +-
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: git/NEWS
+===
+--- git.orig/NEWS
git/NEWS
+@@ -206,6 +206,11 @@ Security related changes:
+ * A use-after-free vulnerability in clntudp_call in the Sun RPC system has
been
+ fixed (CVE-2017-12133).
+
++ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
++ suffered from a one-byte overflow during ~ operator processing (either
++ on the stack or the heap, depending on the length of the user name).
++ Reported by Tim Rühsen.
++
+ The following bugs are resolved with this release:
+
+ [984] network: Respond to changed resolv.conf in gethostbyname
+Index: git/posix/glob.c
+===
+--- git.orig/posix/glob.c
git/posix/glob.c
+@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in
+ *p = '\0';
+ }
+ else
+- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ = '\0';
+ user_name = newp;
+ }
+Index: git/ChangeLog
+===
+--- git.orig/ChangeLog
git/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-20 Paul Eggert <egg...@cs.ucla.edu>
++
++ [BZ #22320]
++ CVE-2017-15670
++ * posix/glob.c (__glob): Fix one-byte overflow.
++
+ 2017-08-02 Siddhesh Poyarekar <siddh...@sourceware.org>
+
+ * version.h (RELEASE): Set to "stable"
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb
b/meta/recipes-core/glibc/glibc_2.26.bb
index 135ec4f..ed4ea4f 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -43,6 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0026-assert-Suppress-pedantic-warning-caused-by-statement.patch \
file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
+ file://CVE-2017-15670.patch \
"
NATIVESDKFIXES ?= ""
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/3] glibc: Security fix CVE-2017-15670
From: Armin Kuster <akus...@mvista.com>
The GNU C Library (aka glibc or libc6) before 2.27 contains an off-by-one error
leading to a heap-based buffer overflow in the glob function in glob.c, related
to the processing of home directories using the ~ operator followed by a long
string.
Affects: glibc < 2.27
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-core/glibc/glibc/CVE-2017-15670.patch | 61 ++
meta/recipes-core/glibc/glibc_2.26.bb | 1 +
2 files changed, 62 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
new file mode 100644
index 000..aeecb92
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch
@@ -0,0 +1,61 @@
+From a76376df7c07e577a9515c3faa5dbd50bda5da07 Mon Sep 17 00:00:00 2001
+From: Paul Eggert <egg...@cs.ucla.edu>
+Date: Fri, 20 Oct 2017 18:41:14 +0200
+Subject: [PATCH] CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320]
+
+(cherry picked from commit c369d66e5426a30e4725b100d5cd28e372754f90)
+
+Upstream-Status: Backport
+CVE: CVE-2017-15670
+Affects: glibc < 2.27
+signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ ChangeLog| 6 ++
+ NEWS | 5 +
+ posix/glob.c | 2 +-
+ 3 files changed, 12 insertions(+), 1 deletion(-)
+
+Index: git/NEWS
+===
+--- git.orig/NEWS
git/NEWS
+@@ -206,6 +206,11 @@ Security related changes:
+ * A use-after-free vulnerability in clntudp_call in the Sun RPC system has
been
+ fixed (CVE-2017-12133).
+
++ CVE-2017-15670: The glob function, when invoked with GLOB_TILDE,
++ suffered from a one-byte overflow during ~ operator processing (either
++ on the stack or the heap, depending on the length of the user name).
++ Reported by Tim Rühsen.
++
+ The following bugs are resolved with this release:
+
+ [984] network: Respond to changed resolv.conf in gethostbyname
+Index: git/posix/glob.c
+===
+--- git.orig/posix/glob.c
git/posix/glob.c
+@@ -843,7 +843,7 @@ glob (const char *pattern, int flags, in
+ *p = '\0';
+ }
+ else
+- *((char *) mempcpy (newp, dirname + 1, end_name - dirname))
++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1))
+ = '\0';
+ user_name = newp;
+ }
+Index: git/ChangeLog
+===
+--- git.orig/ChangeLog
git/ChangeLog
+@@ -1,3 +1,9 @@
++2017-10-20 Paul Eggert <egg...@cs.ucla.edu>
++
++ [BZ #22320]
++ CVE-2017-15670
++ * posix/glob.c (__glob): Fix one-byte overflow.
++
+ 2017-08-02 Siddhesh Poyarekar <siddh...@sourceware.org>
+
+ * version.h (RELEASE): Set to "stable"
diff --git a/meta/recipes-core/glibc/glibc_2.26.bb
b/meta/recipes-core/glibc/glibc_2.26.bb
index 135ec4f..ed4ea4f 100644
--- a/meta/recipes-core/glibc/glibc_2.26.bb
+++ b/meta/recipes-core/glibc/glibc_2.26.bb
@@ -43,6 +43,7 @@ SRC_URI = "${GLIBC_GIT_URI};branch=${SRCBRANCH};name=glibc \
file://0026-assert-Suppress-pedantic-warning-caused-by-statement.patch \
file://0027-glibc-reset-dl-load-write-lock-after-forking.patch \
file://0028-Bug-4578-add-ld.so-lock-while-fork.patch \
+ file://CVE-2017-15670.patch \
"
NATIVESDKFIXES ?= ""
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/3] glibc: Security fix CVE-2017-15671
From: Armin Kuster <akus...@mvista.com> The glob function in glob.c in the GNU C Library (aka glibc or libc6) before 2.27, when invoked with GLOB_TILDE, could skip freeing allocated memory when processing the ~ operator with a long user name, potentially leading to a denial of service (memory leak). Affects: glibc < 2.27 Signed-off-by: Armin Kuster <akus...@mvista.com> --- meta/recipes-core/glibc/glibc/CVE-2017-15671.patch | 215 + meta/recipes-core/glibc/glibc_2.26.bb | 1 + 2 files changed, 216 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15671.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch new file mode 100644 index 000..425aaa7 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2017-15671.patch @@ -0,0 +1,215 @@ +From 6182b3708b7af316454c81467538a8c20c1b046d Mon Sep 17 00:00:00 2001 +From: Florian Weimer <fwei...@redhat.com> +Date: Sat, 21 Oct 2017 18:03:30 +0200 +Subject: [PATCH] glob: Add new test tst-glob-tilde + +The new test checks for memory leaks (see bug 22325) and attempts +to trigger the buffer overflow in bug 22320. + +(cherry picked from commit e80fc1fc98bf614eb01cf8325503df3a1451a99c) + +Upstream-Status: Backport +CVE: CVE-2017-15671 +Affects: glibx < 2.27 +Signed-off-by: Armin Kuster <akus...@mvista.com> + +--- + ChangeLog | 8 +++ + posix/Makefile | 11 +++- + posix/tst-glob-tilde.c | 136 + + 3 files changed, 153 insertions(+), 2 deletions(-) + create mode 100644 posix/tst-glob-tilde.c + +Index: git/ChangeLog +=== +--- git.orig/ChangeLog git/ChangeLog +@@ -1,3 +1,11 @@ ++2017-10-21 Florian Weimer <fwei...@redhat.com> ++ ++ * posix/Makefile (tests): Add tst-glob-tilde. ++ (tests-special): Add tst-glob-tilde-mem.out ++ (tst-glob-tilde-ENV): Set MALLOC_TRACE. ++ (tst-glob-tilde-mem.out): Add mtrace check. ++ * posix/tst-glob-tilde.c: New file. ++ + 2017-10-20 Paul Eggert <egg...@cs.ucla.edu> + +[BZ #22320] +Index: git/posix/Makefile +=== +--- git.orig/posix/Makefile git/posix/Makefile +@@ -93,7 +93,7 @@ tests:= test-errno tstgetopt testfnm r + tst-fnmatch3 bug-regex36 tst-getaddrinfo5 \ + tst-posix_spawn-fd tst-posix_spawn-setsid \ + tst-posix_fadvise tst-posix_fadvise64 \ +- tst-sysconf-empty-chroot ++ tst-sysconf-empty-chroot tst-glob-tilde + tests-internal:= bug-regex5 bug-regex20 bug-regex33 \ + tst-rfc3484 tst-rfc3484-2 tst-rfc3484-3 + xtests:= bug-ga2 +@@ -141,7 +141,8 @@ tests-special += $(objpfx)bug-regex2-mem +$(objpfx)tst-rxspencer-no-utf8-mem.out $(objpfx)tst-pcre-mem.out \ +$(objpfx)tst-boost-mem.out $(objpfx)tst-getconf.out \ +$(objpfx)bug-glob2-mem.out $(objpfx)tst-vfork3-mem.out \ +- $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out ++ $(objpfx)tst-fnmatch-mem.out $(objpfx)bug-regex36-mem.out \ ++ $(objpfx)tst-glob-tilde-mem.out + xtests-special += $(objpfx)bug-ga2-mem.out + endif + +@@ -350,6 +351,12 @@ $(objpfx)bug-glob2-mem.out: $(objpfx)bug + $(common-objpfx)malloc/mtrace $(objpfx)bug-glob2.mtrace > $@; \ + $(evaluate-test) + ++tst-glob-tilde-ENV = MALLOC_TRACE=$(objpfx)tst-glob-tilde.mtrace ++ ++$(objpfx)tst-glob-tilde-mem.out: $(objpfx)tst-glob-tilde.out ++ $(common-objpfx)malloc/mtrace $(objpfx)tst-glob-tilde.mtrace > $@; \ ++ $(evaluate-test) ++ + $(inst_libexecdir)/getconf: $(inst_bindir)/getconf \ + $(objpfx)getconf.speclist FORCE + $(addprefix $(..)./scripts/mkinstalldirs ,\ +Index: git/posix/tst-glob-tilde.c +=== +--- /dev/null git/posix/tst-glob-tilde.c +@@ -0,0 +1,136 @@ ++/* Check for GLOB_TIDLE heap allocation issues (bug 22320, bug 22325). ++ Copyright (C) 2017 Free Software Foundation, Inc. ++ This file is part of the GNU C Library. ++ ++ The GNU C Library is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ The GNU C Library is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License alon
[OE-core] [PATCH 0/3] Several Glibc security fixes
The pending 2.27 update does not need these. Only apply if that update is delayed too long. affects glibc < 2.27 This will hit stable/Rocko-next shortly Armin Kuster (3): glibc: Security fix CVE-2017-15670 glibc: Security fix CVE-2017-15671 glibc: Security fix for CVE-2017-15804 meta/recipes-core/glibc/glibc/CVE-2017-15670.patch | 61 ++ meta/recipes-core/glibc/glibc/CVE-2017-15671.patch | 215 + meta/recipes-core/glibc/glibc/CVE-2017-15804.patch | 111 +++ meta/recipes-core/glibc/glibc_2.26.bb | 3 + 4 files changed, 390 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15670.patch create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15671.patch create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15804.patch -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 3/3] glibc: Security fix for CVE-2017-15804
From: Armin Kuster <akus...@mvista.com>
The glob function in glob.c in the GNU C Library (aka glibc or libc6) before
2.27 contains a buffer overflow during unescaping of user names with the ~
operator.
Affects: glibx < 2.27
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-core/glibc/glibc/CVE-2017-15804.patch | 111 +
meta/recipes-core/glibc/glibc_2.26.bb | 1 +
2 files changed, 112 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15804.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15804.patch
b/meta/recipes-core/glibc/glibc/CVE-2017-15804.patch
new file mode 100644
index 000..b0dada3
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-15804.patch
@@ -0,0 +1,111 @@
+From 2fac6a6cd50c22ac28c97d0864306594807ade3e Mon Sep 17 00:00:00 2001
+From: Florian Weimer <fwei...@redhat.com>
+Date: Thu, 2 Nov 2017 11:06:45 +0100
+Subject: [PATCH] posix/tst-glob-tilde.c: Add test for bug 22332
+
+Upstream-Status: Backport
+CVE: CVE-2017-15804
+Affects: glibx < 2.27
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+---
+ ChangeLog | 7 +++
+ posix/tst-glob-tilde.c | 53 --
+ 2 files changed, 37 insertions(+), 23 deletions(-)
+
+Index: git/posix/tst-glob-tilde.c
+===
+--- git.orig/posix/tst-glob-tilde.c
git/posix/tst-glob-tilde.c
+@@ -1,4 +1,4 @@
+-/* Check for GLOB_TIDLE heap allocation issues (bug 22320, bug 22325).
++/* Check for GLOB_TIDLE heap allocation issues (bugs 22320, 22325, 22332).
+Copyright (C) 2017 Free Software Foundation, Inc.
+This file is part of the GNU C Library.
+
+@@ -34,6 +34,9 @@ static int do_nocheck;
+ /* Flag which indicates whether to pass the GLOB_MARK flag. */
+ static int do_mark;
+
++/* Flag which indicates whether to pass the GLOB_NOESCAPE flag. */
++static int do_noescape;
++
+ static void
+ one_test (const char *prefix, const char *middle, const char *suffix)
+ {
+@@ -45,6 +48,8 @@ one_test (const char *prefix, const char
+ flags |= GLOB_NOCHECK;
+ if (do_mark)
+ flags |= GLOB_MARK;
++ if (do_noescape)
++flags |= GLOB_NOESCAPE;
+ glob_t gl;
+ /* This glob call might result in crashes or memory leaks. */
+ if (glob (pattern, flags, NULL, ) == 0)
+@@ -105,28 +110,30 @@ do_test (void)
+ for (do_onlydir = 0; do_onlydir < 2; ++do_onlydir)
+ for (do_nocheck = 0; do_nocheck < 2; ++do_nocheck)
+ for (do_mark = 0; do_mark < 2; ++do_mark)
+-for (int base_idx = 0; base_sizes[base_idx] >= 0; ++base_idx)
+- {
+-for (int size_skew = -max_size_skew; size_skew <= max_size_skew;
+- ++size_skew)
+- {
+-int size = base_sizes[base_idx] + size_skew;
+-if (size < 0)
+- continue;
+-
+-const char *user_name = repeating_string (size);
+-one_test ("~", user_name, "/a/b");
+- }
+-
+-const char *user_name = repeating_string (base_sizes[base_idx]);
+-one_test ("~", user_name, "");
+-one_test ("~", user_name, "/");
+-one_test ("~", user_name, "/a");
+-one_test ("~", user_name, "/*/*");
+-one_test ("~", user_name, "\\/");
+-one_test ("/~", user_name, "");
+-one_test ("*/~", user_name, "/a/b");
+- }
++ for (do_noescape = 0; do_noescape < 2; ++do_noescape)
++for (int base_idx = 0; base_sizes[base_idx] >= 0; ++base_idx)
++ {
++for (int size_skew = -max_size_skew; size_skew <= max_size_skew;
++ ++size_skew)
++ {
++int size = base_sizes[base_idx] + size_skew;
++if (size < 0)
++ continue;
++
++const char *user_name = repeating_string (size);
++one_test ("~", user_name, "/a/b");
++one_test ("~", user_name, "x\\x\\xx\\a");
++ }
++
++const char *user_name = repeating_string (base_sizes[base_idx]);
++one_test ("~", user_name, "");
++one_test ("~", user_name, "/");
++one_test ("~", user_name, "/a");
++one_test ("~", user_name, "/*/*");
++one_test ("~", user_name, "\\/");
++one_test ("/~", user_name, "");
++one_test ("*/~", user_name, "/a/b");
++ }
+
+ free (repeat);
+
+Index: git/ChangeLog
+
[OE-core] [Morty][PATCH] binutils: Fix build issue on Centos 6
From: Armin Kuster <akus...@mvista.com>
Per Yocto Compatable: The following change was made to fix a build issue we are
seeing on
Centos 6. Not expecting this to be merge.
binutils-cross-canadian-arm-2.27-r0.47: task do_compile:
gprof' cc1: error: unrecognized command line option "-Wstack-usage=262144"
Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjana...@mvista.com>
Reviewed-by: Jeremy Puhlman <jpuhl...@mvista.com>
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-devtools/binutils/binutils-cross-canadian.inc | 7 +++
1 file changed, 7 insertions(+)
diff --git a/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
b/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
index ae14642..30e3bc6 100644
--- a/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
+++ b/meta/recipes-devtools/binutils/binutils-cross-canadian.inc
@@ -12,6 +12,13 @@ EXTRA_OECONF +=
"--with-sysroot=${SDKPATH}/sysroots/${TUNE_PKGARCH}${TARGET_VEND
# e.g. we switch between different machines with different tunes.
EXTRA_OECONF[vardepsexclude] = "TUNE_PKGARCH"
+EXTRA_OEMAKE += "WARN_CFLAGS='-W -Wall -Wstrict-prototypes
-Wmissing-prototypes -Wshadow'"
+do_configure_prepend () {
+ sed -i ${S}/bfd/warning.m4 -e "/Wstack-usage/D"
+ sed -i ${S}/bfd/configure -e "s/-Wstack-usage=262144//"
+ sed -i ${S}/binutils/configure -e "s/-Wstack-usage=262144//"
+}
+
do_install () {
autotools_do_install
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [Morty][PATCH] systemd: fixs mips64 login issue
From: Armin Kuster <akus...@mvista.com> With out this patch, one can not login to a mips64 machine like qumumips64 or Octeon mips64 when systemd is enabled. remove PACKAGECONFIG option too affects: systemd < 2.3.2 Reviewed-by: Jeremy Puhlman <jpuhl...@mvista.com> Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjana...@mvista.com> Signed-off-by: Armin Kuster <akus...@mvista.com> --- .../systemd/Ensure-kdbus-isn-t-used-3501.patch | 670 + meta/recipes-core/systemd/systemd_230.bb | 3 +- 2 files changed, 671 insertions(+), 2 deletions(-) create mode 100644 meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch diff --git a/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch b/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch new file mode 100644 index 000..d08a10f --- /dev/null +++ b/meta/recipes-core/systemd/systemd/Ensure-kdbus-isn-t-used-3501.patch @@ -0,0 +1,670 @@ +From 222953e87f34545a3f9c6d3c18216e222bf6ea94 Mon Sep 17 00:00:00 2001 +From: Dave Reisner <dreis...@archlinux.org> +Date: Fri, 10 Jun 2016 09:50:16 -0400 +Subject: [PATCH] Ensure kdbus isn't used (#3501) + +Delete the dbus1 generator and some critical wiring. This prevents +kdbus from being loaded or detected. As such, it will never be used, +even if the user still has a useful kdbus module loaded on their system. + +Sort of fixes #3480. Not really, but it's better than the current state. + +Upstream-Status: Backport +Signed-off-by: Armin Kuster <akus...@mvista.com> + +--- + Makefile.am | 20 -- + autogen.sh| 12 +- + configure.ac | 10 - + src/core/busname.c| 7 +- + src/core/kmod-setup.c | 3 - + src/core/manager.c| 23 --- + src/core/mount-setup.c| 2 - + src/core/service.c| 17 +- + src/dbus1-generator/dbus1-generator.c | 331 -- + src/login/pam_systemd.c | 31 ++-- + src/shared/bus-util.c | 34 + src/shared/bus-util.h | 3 - + 12 files changed, 23 insertions(+), 470 deletions(-) + delete mode 100644 src/dbus1-generator/dbus1-generator.c + +Index: git/autogen.sh +=== +--- git.orig/autogen.sh git/autogen.sh +@@ -55,19 +55,19 @@ fi + cd $oldpwd + + if [ "x$1" = "xc" ]; then +-$topdir/configure CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args ++$topdir/configure CFLAGS='-g -O0 -ftrapv' $args + make clean + elif [ "x$1" = "xg" ]; then +-$topdir/configure CFLAGS='-g -Og -ftrapv' --enable-kdbus $args ++$topdir/configure CFLAGS='-g -Og -ftrapv' $args + make clean + elif [ "x$1" = "xa" ]; then +-$topdir/configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' --enable-kdbus $args ++$topdir/configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' $args + make clean + elif [ "x$1" = "xl" ]; then +-$topdir/configure CC=clang CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args ++$topdir/configure CC=clang CFLAGS='-g -O0 -ftrapv' $args + make clean + elif [ "x$1" = "xs" ]; then +-scan-build $topdir/configure CFLAGS='-std=gnu99 -g -O0 -ftrapv' --enable-kdbus $args ++scan-build $topdir/configure CFLAGS='-std=gnu99 -g -O0 -ftrapv' $args + scan-build make + else + echo +@@ -75,6 +75,6 @@ else + echo "Initialized build system. For a common configuration please run:" + echo "" + echo +-echo "$topdir/configure CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args" ++echo "$topdir/configure CFLAGS='-g -O0 -ftrapv' $args" + echo + fi +Index: git/configure.ac +=== +--- git.orig/configure.ac git/configure.ac +@@ -1294,16 +1294,6 @@ AC_ARG_WITH(tpm-pcrindex, + AC_DEFINE_UNQUOTED(SD_TPM_PCR, [$SD_TPM_PCR], [TPM PCR register number to use]) + + # -- +-have_kdbus=no +-AC_ARG_ENABLE(kdbus, AS_HELP_STRING([--disable-kdbus], [do not connect to kdbus by default])) +-if test "x$enable_kdbus" != "xno"; then +-AC_DEFINE(ENABLE_KDBUS, 1, [Define if kdbus is to be connected to by default]) +-have_kdbus=yes +-M4_DEFINES="$M4_DEFINES -DENABLE_KDBUS" +-fi +-AM_CONDITIONAL(ENABLE_KDBUS, [test "$have_kdbus" = "yes"]) +- +-# -
[OE-core] [morty][PATCH 1/2] glibc: Security fix for CVE-2017-8804
From: Rajkumar Veer <rv...@mvista.com>
Source: https://sourceware.org
MR: 74337
Type: Security Fix
Disposition: Backport from
https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
ChangeID: c8c51220e40185dd0ac3d657046e70b82cb94bee
Description:
CVE-2017-8804
sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ #21461]
Affects: glibc < 2.25
Signed-off-by: Rajkumar Veer <rv...@mvista.com>
Reviewed-by: Armin Kuster <akus...@mvista.com>
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-core/glibc/glibc/CVE-2017-8804.patch | 232 ++
meta/recipes-core/glibc/glibc_2.24.bb | 1 +
2 files changed, 233 insertions(+)
create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-8804.patch
diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-8804.patch
b/meta/recipes-core/glibc/glibc/CVE-2017-8804.patch
new file mode 100644
index 000..5e5bbe2
--- /dev/null
+++ b/meta/recipes-core/glibc/glibc/CVE-2017-8804.patch
@@ -0,0 +1,232 @@
+From: fweimer at redhat dot com (Florian Weimer)
+Date: Fri, 05 May 2017 15:18:28 +0200
+Subject: [PATCH] sunrpc: xdr_bytes/xdr_string need to free buffer on error [BZ
#21461]
+
+[BZ #21461]
+
+Upstream-Status: Backport
+
+CVE: CVE-2017-8804
+Signed-off-by: Rajkumar Veer<rveer@mvista.
+
+Index: git/NEWS
+===
+--- git.orig/NEWS
git/NEWS
+@@ -20,6 +20,9 @@ using `glibc' in the "product" field.
+ [21624] Unsafe alloca allows local attackers to alias stack and heap
(CVE-2017-1000366)
+ Version 2.24
+
++* The xdr_bytes and xdr_string routines free the internally allocated buffer
++ if deserialization of the buffer contents fails for any reason.
++
+ * The minimum Linux kernel version that this version of the GNU C Library
+ can be used with is 3.2, except on i[4567]86 and x86_64, where Linux
+ kernel version 2.6.32 or later suffices (on architectures that already
+Index: git/sunrpc/Makefile
+===
+--- git.orig/sunrpc/Makefile
git/sunrpc/Makefile
+@@ -96,9 +96,16 @@ rpcgen-objs = rpc_main.o rpc_hout.o rpc_
+ extra-objs = $(rpcgen-objs) $(addprefix cross-,$(rpcgen-objs))
+ others += rpcgen
+
+-tests = tst-xdrmem tst-xdrmem2 test-rpcent
++tests = tst-xdrmem tst-xdrmem2 test-rpcent tst-xdrmem3
+ xtests := tst-getmyaddr
+
++tests-special += $(objpfx)mtrace-tst-xdrmem3.out
++generated += mtrace-tst-xdrmem3.out tst-xdrmem3.mtrace
++tst-xdrmem3-ENV = MALLOC_TRACE=$(objpfx)tst-xdrmem3.mtrace
++$(objpfx)mtrace-tst-xdrmem3.out: $(objpfx)tst-xdrmem3.out
++ $(common-objpfx)malloc/mtrace $(objpfx)tst-xdrmem3.mtrace > $@; \
++ $(evaluate-test)
++
+ ifeq ($(have-thread-library),yes)
+ xtests += thrsvc
+ endif
+@@ -153,6 +160,7 @@ BUILD_CPPFLAGS += $(sunrpc-CPPFLAGS)
+ $(objpfx)tst-getmyaddr: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem: $(common-objpfx)linkobj/libc.so
+ $(objpfx)tst-xdrmem2: $(common-objpfx)linkobj/libc.so
++$(objpfx)tst-xdrmem3: $(common-objpfx)linkobj/libc.so
+
+ $(objpfx)rpcgen: $(addprefix $(objpfx),$(rpcgen-objs))
+
+Index: git/sunrpc/tst-xdrmem3.c
+===
+--- /dev/null
git/sunrpc/tst-xdrmem3.c
+@@ -0,0 +1,83 @@
++/* Test xdr_bytes, xdr_string behavior on deserialization failure.
++ Copyright (C) 2017 Free Software Foundation, Inc.
++ This file is part of the GNU C Library.
++
++ The GNU C Library is free software; you can redistribute it and/or
++ modify it under the terms of the GNU Lesser General Public
++ License as published by the Free Software Foundation; either
++ version 2.1 of the License, or (at your option) any later version.
++
++ The GNU C Library is distributed in the hope that it will be useful,
++ but WITHOUT ANY WARRANTY; without even the implied warranty of
++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ Lesser General Public License for more details.
++
++ You should have received a copy of the GNU Lesser General Public
++ License along with the GNU C Library; if not, see
++ <http://www.gnu.org/licenses/>. */
++
++#include
++#include
++#include
++#include
++
++static int
++do_test (void)
++{
++ mtrace ();
++
++ /* If do_own_buffer, allocate the buffer and pass it to the
++ deserialization routine. Otherwise the routine is requested to
++ allocate the buffer. */
++ for (int do_own_buffer = 0; do_own_buffer < 2; ++do_own_buffer)
++{
++ /* Length 16 MiB, but only 2 bytes of data in the packet. */
++ unsigned char buf[] = "\x01\x00\x00\x00\xff";
++ XDR xdrs;
++ char *result;
++ unsigned int result_len;
++
++ /* Test xdr_bytes. */
++ xdrmem_create (, (char *) buf, sizeof (buf), XDR_DECODE);
++ result_len = 0;
++ if (do_own_buffer)
++{
++ char *own_buffer = xmalloc (10);
++
[OE-core] [morty][PATCH 2/2] glibc: CVE-2017-15670
From: Thiruvadi Rajaraman <trajara...@mvista.com> Source: git://sourceware.org/git/glibc.git MR: 76647 Type: Security Fix Disposition: Backport from glibc-2.27 ChangeID: f4494e472d36748c2b3171a91640b26c638f6e0b Description: CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320] Affects: glibc < 2.27 Signed-off-by: Thiruvadi Rajaraman <trajara...@mvista.com> Reviewed-by: Armin Kuster <akus...@mvista.com> Signed-off-by: Armin Kuster <akus...@mvista.com> --- meta/recipes-core/glibc/glibc/CVE-2017-15670.patch | 38 ++ meta/recipes-core/glibc/glibc_2.24.bb | 1 + 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-core/glibc/glibc/CVE-2017-15670.patch diff --git a/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch new file mode 100644 index 000..b606cc2 --- /dev/null +++ b/meta/recipes-core/glibc/glibc/CVE-2017-15670.patch @@ -0,0 +1,38 @@ +commit a76376df7c07e577a9515c3faa5dbd50bda5da07 +Author: Paul Eggert <egg...@cs.ucla.edu> +Date: Fri Oct 20 18:41:14 2017 +0200 + +CVE-2017-15670: glob: Fix one-byte overflow [BZ #22320] + +Upstream-Status: Backport + +CVE: CVE-2017-15670 +Signed-off-by: Thiruvadi Rajaraman <trajara...@mvista.com> + +Index: git/ChangeLog +=== +--- git.orig/ChangeLog 2017-11-16 18:12:32.457928327 +0530 git/ChangeLog 2017-11-16 18:18:24.423642908 +0530 +@@ -1,3 +1,9 @@ ++2017-10-20 Paul Eggert <egg...@cs.ucla.edu> ++ ++ [BZ #22320] ++ CVE-2017-15670 ++ * posix/glob.c (__glob): Fix one-byte overflow. ++ + 2017-05-05 Florian Weimer <fwei...@redhat.com> + + [BZ #21461] +Index: git/posix/glob.c +=== +--- git.orig/posix/glob.c 2017-11-16 18:12:14.833843602 +0530 git/posix/glob.c 2017-11-16 18:16:39.511127432 +0530 +@@ -856,7 +856,7 @@ + *p = '\0'; + } + else +- *((char *) mempcpy (newp, dirname + 1, end_name - dirname)) ++ *((char *) mempcpy (newp, dirname + 1, end_name - dirname - 1)) + = '\0'; + user_name = newp; + } diff --git a/meta/recipes-core/glibc/glibc_2.24.bb b/meta/recipes-core/glibc/glibc_2.24.bb index 966be34..6ea4585 100644 --- a/meta/recipes-core/glibc/glibc_2.24.bb +++ b/meta/recipes-core/glibc/glibc_2.24.bb @@ -57,6 +57,7 @@ SRC_URI += "\ file://generate-supported.mk \ file://0001-locale-fix-hard-coded-reference-to-gcc-E.patch \ file://CVE-2017-8804.patch \ + file://CVE-2017-15670.patch \ " SRC_URI_append_class-nativesdk = "\ -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 0/8] Consolidated package updates
From: Armin Kuster <akus...@mvista.com>
Conver letter only
The following changes since commit cf5c44ac611c2c2657e6fd3c1f723bcb20b812dd:
python-scons: upgrade to v3.0.1; use pypi.bbclass (2017-12-13 13:59:46 +)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib akuster/master-updates
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=akuster/master-updates
Armin Kuster (8):
nss: update to 3.34.1
pinentry: update to 1.1.0
libassuan: update to 2.5.1
libxfont: update 1.5.4 with sec fix
libxfont2: update to 2.0.3 with sec fix
libxcursor: update to 1.1.15 plus sec fixes
kexec-tools: update to 2.0.16 and simplify
bind: Update to 9.11.2
.../bind/bind/dont-test-on-host.patch | 13 ++--
.../bind/{bind_9.10.6.bb => bind_9.11.2.bb}| 10 +--
.../{libxcursor_1.1.14.bb => libxcursor_1.1.15.bb} | 4 +-
.../{libxfont2_2.0.2.bb => libxfont2_2.0.3.bb} | 4 +-
.../{libxfont_1.5.3.bb => libxfont_1.5.4.bb} | 4 +-
meta/recipes-kernel/kexec/kexec-tools.inc | 38 --
...kexec-tools_2.0.15.bb => kexec-tools_2.0.16.bb} | 84 +++---
.../{libassuan_2.4.4.bb => libassuan_2.5.1.bb} | 4 +-
.../nss/{nss_3.34.bb => nss_3.34.1.bb} | 4 +-
.../gpg-error_pkconf.patch | 0
.../libassuan_pkgconf.patch| 0
.../{pinentry_1.0.0.bb => pinentry_1.1.0.bb} | 4 +-
12 files changed, 84 insertions(+), 85 deletions(-)
rename meta/recipes-connectivity/bind/{bind_9.10.6.bb => bind_9.11.2.bb} (92%)
rename meta/recipes-graphics/xorg-lib/{libxcursor_1.1.14.bb =>
libxcursor_1.1.15.bb} (80%)
rename meta/recipes-graphics/xorg-lib/{libxfont2_2.0.2.bb =>
libxfont2_2.0.3.bb} (80%)
rename meta/recipes-graphics/xorg-lib/{libxfont_1.5.3.bb => libxfont_1.5.4.bb}
(81%)
delete mode 100644 meta/recipes-kernel/kexec/kexec-tools.inc
rename meta/recipes-kernel/kexec/{kexec-tools_2.0.15.bb =>
kexec-tools_2.0.16.bb} (44%)
rename meta/recipes-support/libassuan/{libassuan_2.4.4.bb =>
libassuan_2.5.1.bb} (88%)
rename meta/recipes-support/nss/{nss_3.34.bb => nss_3.34.1.bb} (98%)
rename meta/recipes-support/pinentry/{pinentry-1.0.0 =>
pinentry-1.1.0}/gpg-error_pkconf.patch (100%)
rename meta/recipes-support/pinentry/{pinentry-1.0.0 =>
pinentry-1.1.0}/libassuan_pkgconf.patch (100%)
rename meta/recipes-support/pinentry/{pinentry_1.0.0.bb => pinentry_1.1.0.bb}
(90%)
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/8] nss: update to 3.34.1
From: Armin Kuster <akus...@mvista.com>
The following CA certificate was Re-Added. It was removed in NSS 3.34, but has
been re-added with only the Email trust bit set. (bug 1418678)
CN = Certum CA, O=Unizeto Sp. z o.o.
SHA-256 Fingerprint:
D8:E0:FE:BC:1D:B2:E3:8D:00:94:0F:37:D2:7D:41:34:4D:99:3E:73:4B:99:D5:65:6D:97:78:D4:D8:14:36:24
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-support/nss/{nss_3.34.bb => nss_3.34.1.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/nss/{nss_3.34.bb => nss_3.34.1.bb} (98%)
diff --git a/meta/recipes-support/nss/nss_3.34.bb
b/meta/recipes-support/nss/nss_3.34.1.bb
similarity index 98%
rename from meta/recipes-support/nss/nss_3.34.bb
rename to meta/recipes-support/nss/nss_3.34.1.bb
index 6243f0a..ae52a95 100644
--- a/meta/recipes-support/nss/nss_3.34.bb
+++ b/meta/recipes-support/nss/nss_3.34.1.bb
@@ -28,8 +28,8 @@ SRC_URI =
"http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/${VERSIO
file://Fix-compilation-for-X32.patch \
"
-SRC_URI[md5sum] = "1e30b8e5b13b5b08bbc489c265948d82"
-SRC_URI[sha256sum] =
"0d45954181373023c7cfc33e77c8c636d394ec7e55b93e059149ed7888652af5"
+SRC_URI[md5sum] = "5922468bb1c54e4c8067f153fcf467e5"
+SRC_URI[sha256sum] =
"a3c15d367caf784f33d96dbafbdffc16a8e42fb8c8aedfce97bf92a9f918dda0"
UPSTREAM_CHECK_URI =
"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_Releases;
UPSTREAM_CHECK_REGEX = "NSS_(?P.+)_release_notes"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/8] pinentry: update to 1.1.0
From: Armin Kuster <akus...@mvista.com>
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../{pinentry-1.0.0 => pinentry-1.1.0}/gpg-error_pkconf.patch | 0
.../{pinentry-1.0.0 => pinentry-1.1.0}/libassuan_pkgconf.patch| 0
.../recipes-support/pinentry/{pinentry_1.0.0.bb => pinentry_1.1.0.bb} | 4 ++--
3 files changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/pinentry/{pinentry-1.0.0 =>
pinentry-1.1.0}/gpg-error_pkconf.patch (100%)
rename meta/recipes-support/pinentry/{pinentry-1.0.0 =>
pinentry-1.1.0}/libassuan_pkgconf.patch (100%)
rename meta/recipes-support/pinentry/{pinentry_1.0.0.bb => pinentry_1.1.0.bb}
(90%)
diff --git
a/meta/recipes-support/pinentry/pinentry-1.0.0/gpg-error_pkconf.patch
b/meta/recipes-support/pinentry/pinentry-1.1.0/gpg-error_pkconf.patch
similarity index 100%
rename from meta/recipes-support/pinentry/pinentry-1.0.0/gpg-error_pkconf.patch
rename to meta/recipes-support/pinentry/pinentry-1.1.0/gpg-error_pkconf.patch
diff --git
a/meta/recipes-support/pinentry/pinentry-1.0.0/libassuan_pkgconf.patch
b/meta/recipes-support/pinentry/pinentry-1.1.0/libassuan_pkgconf.patch
similarity index 100%
rename from meta/recipes-support/pinentry/pinentry-1.0.0/libassuan_pkgconf.patch
rename to meta/recipes-support/pinentry/pinentry-1.1.0/libassuan_pkgconf.patch
diff --git a/meta/recipes-support/pinentry/pinentry_1.0.0.bb
b/meta/recipes-support/pinentry/pinentry_1.1.0.bb
similarity index 90%
rename from meta/recipes-support/pinentry/pinentry_1.0.0.bb
rename to meta/recipes-support/pinentry/pinentry_1.1.0.bb
index 319acd3..3b77709 100644
--- a/meta/recipes-support/pinentry/pinentry_1.0.0.bb
+++ b/meta/recipes-support/pinentry/pinentry_1.1.0.bb
@@ -18,8 +18,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
file://gpg-error_pkconf.patch \
"
-SRC_URI[md5sum] = "4a3fad8b31f9b4c5526c8837495015dc"
-SRC_URI[sha256sum] =
"1672c2edc1feb036075b187c0773787b2afd0544f55025c645a71b4c2f79275a"
+SRC_URI[md5sum] = "3829315cb0a1e9cedc05ffe6def7a2c6"
+SRC_URI[sha256sum] =
"68076686fa724a290ea49cdf0d1c0c1500907d1b759a3bcbfbec0293e8f56570"
EXTRA_OECONF = "--disable-rpath --disable-dependency-tracking \
--disable-pinentry-qt5 \
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 7/8] kexec-tools: update to 2.0.16 and simplify
From: Armin Kuster <akus...@mvista.com>
combine .inc with bb file
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-kernel/kexec/kexec-tools.inc | 38 --
...kexec-tools_2.0.15.bb => kexec-tools_2.0.16.bb} | 84 +++---
2 files changed, 59 insertions(+), 63 deletions(-)
delete mode 100644 meta/recipes-kernel/kexec/kexec-tools.inc
rename meta/recipes-kernel/kexec/{kexec-tools_2.0.15.bb =>
kexec-tools_2.0.16.bb} (44%)
diff --git a/meta/recipes-kernel/kexec/kexec-tools.inc
b/meta/recipes-kernel/kexec/kexec-tools.inc
deleted file mode 100644
index c689bec..000
--- a/meta/recipes-kernel/kexec/kexec-tools.inc
+++ /dev/null
@@ -1,38 +0,0 @@
-SUMMARY = "Kexec fast reboot tools"
-DESCRIPTION = "Kexec is a fast reboot feature that lets you reboot to a new
Linux kernel"
-AUTHOR = "Eric Biederman"
-HOMEPAGE = "http://kernel.org/pub/linux/utils/kernel/kexec/;
-SECTION = "kernel/userland"
-LICENSE = "GPLv2"
-LIC_FILES_CHKSUM = "file://COPYING;md5=ea5bed2f60d357618ca161ad539f7c0a \
-
file://kexec/kexec.c;beginline=1;endline=20;md5=af10f6ae4a8715965e648aa687ad3e09"
-DEPENDS = "zlib xz"
-
-SRC_URI =
"${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz \
- file://kdump \
- file://kdump.conf \
- file://kdump.service \
-"
-
-PR = "r1"
-
-inherit autotools
-
-COMPATIBLE_HOST =
'(x86_64.*|i.86.*|arm.*|aarch64.*|powerpc.*|mips.*)-(linux|freebsd.*)'
-
-INSANE_SKIP_${PN} = "arch"
-
-do_compile_prepend() {
-# Remove the prepackaged config.h from the source tree as it overrides
-# the same file generated by configure and placed in the build tree
-rm -f ${S}/include/config.h
-
-# Remove the '*.d' file to make sure the recompile is OK
-for dep in `find ${B} -type f -name '*.d'`; do
-dep_no_d="`echo $dep | sed 's#.d$##'`"
-# Remove file.d when there is a file.o
-if [ -f "$dep_no_d.o" ]; then
-rm -f $dep
-fi
-done
-}
diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.15.bb
b/meta/recipes-kernel/kexec/kexec-tools_2.0.16.bb
similarity index 44%
rename from meta/recipes-kernel/kexec/kexec-tools_2.0.15.bb
rename to meta/recipes-kernel/kexec/kexec-tools_2.0.16.bb
index 6bd9025..ebb4832 100644
--- a/meta/recipes-kernel/kexec/kexec-tools_2.0.15.bb
+++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.16.bb
@@ -1,19 +1,64 @@
-require kexec-tools.inc
+
+SUMMARY = "Kexec fast reboot tools"
+DESCRIPTION = "Kexec is a fast reboot feature that lets you reboot to a new
Linux kernel"
+AUTHOR = "Eric Biederman"
+HOMEPAGE = "http://kernel.org/pub/linux/utils/kernel/kexec/;
+SECTION = "kernel/userland"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=ea5bed2f60d357618ca161ad539f7c0a \
+
file://kexec/kexec.c;beginline=1;endline=20;md5=af10f6ae4a8715965e648aa687ad3e09"
+DEPENDS = "zlib xz"
+
+PR = "r1"
+
+SRC_URI =
"${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz \
+ file://kdump \
+ file://kdump.conf \
+ file://kdump.service \
+ file://0002-powerpc-change-the-memory-size-limit.patch \
+ file://0001-purgatory-Pass-r-directly-to-linker.patch \
+ file://0010-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch \
+ file://kexec-x32.patch \
+ file://0001-Disable-PIE-during-link.patch \
+ "
+
+SRC_URI[md5sum] = "5198968de79b5ded96f97f3c2ea9637b"
+SRC_URI[sha256sum] =
"cf17fc99bf77c9b39f06ee88ac0e86d0349c4a0c3f8214a3cc78eece872f6f3a"
+
+inherit autotools update-rc.d systemd
+
export LDFLAGS = "-L${STAGING_LIBDIR}"
EXTRA_OECONF = " --with-zlib=yes"
-SRC_URI +=
"${KERNELORG_MIRROR}/linux/utils/kernel/kexec/kexec-tools-${PV}.tar.gz \
-file://0002-powerpc-change-the-memory-size-limit.patch \
-file://0001-purgatory-Pass-r-directly-to-linker.patch \
-file://0010-kexec-ARM-Fix-add_buffer_phys_virt-align-issue.patch \
-file://kexec-x32.patch \
-file://0001-Disable-PIE-during-link.patch \
- "
+do_compile_prepend() {
+# Remove the prepackaged config.h from the source tree as it overrides
+# the same file generated by configure and placed in the build tree
+rm -f ${S}/include/config.h
+
+# Remove the '*.d' file to make sure the recompile is OK
+for dep in `find ${B} -type f -name '*.d'`; do
+dep_no_d="`echo $dep | sed 's#.d$##'`"
+# Remove file.d when there is a file.o
+if [ -f "$dep_no_d.o" ]; then
+rm -f $dep
+fi
+done
+}
-SRC_URI[md5sum] = "78906fdc255656fa2b9996c8acb3ef62&qu
[OE-core] [PATCH 4/8] libxfont: update 1.5.4 with sec fix
From: Armin Kuster <akus...@mvista.com>
Includes CVE-2017-16611
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../xorg-lib/{libxfont_1.5.3.bb => libxfont_1.5.4.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-graphics/xorg-lib/{libxfont_1.5.3.bb => libxfont_1.5.4.bb}
(81%)
diff --git a/meta/recipes-graphics/xorg-lib/libxfont_1.5.3.bb
b/meta/recipes-graphics/xorg-lib/libxfont_1.5.4.bb
similarity index 81%
rename from meta/recipes-graphics/xorg-lib/libxfont_1.5.3.bb
rename to meta/recipes-graphics/xorg-lib/libxfont_1.5.4.bb
index 5b15a4e..79f77fc 100644
--- a/meta/recipes-graphics/xorg-lib/libxfont_1.5.3.bb
+++ b/meta/recipes-graphics/xorg-lib/libxfont_1.5.4.bb
@@ -18,8 +18,8 @@ XORG_PN = "libXfont"
BBCLASSEXTEND = "native"
-SRC_URI[md5sum] = "9ba75bf38ba62a6ad52550ab716da9b3"
-SRC_URI[sha256sum] =
"ab85c10fd2683481dfef672a77fe60e6a2039558cbc0e9bf56b5e1df471c93d0"
+SRC_URI[md5sum] = "16eaf156edd79b68038b6a7c44aa9e9b"
+SRC_URI[sha256sum] =
"1a7f7490774c87f2052d146d1e0e64518d32e6848184a18654e8d0bb57883242"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 3/8] libassuan: update to 2.5.1
From: Armin Kuster <akus...@mvista.com>
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../libassuan/{libassuan_2.4.4.bb => libassuan_2.5.1.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-support/libassuan/{libassuan_2.4.4.bb =>
libassuan_2.5.1.bb} (88%)
diff --git a/meta/recipes-support/libassuan/libassuan_2.4.4.bb
b/meta/recipes-support/libassuan/libassuan_2.5.1.bb
similarity index 88%
rename from meta/recipes-support/libassuan/libassuan_2.4.4.bb
rename to meta/recipes-support/libassuan/libassuan_2.5.1.bb
index 7921c1d..34d5f16 100644
--- a/meta/recipes-support/libassuan/libassuan_2.4.4.bb
+++ b/meta/recipes-support/libassuan/libassuan_2.5.1.bb
@@ -17,8 +17,8 @@ SRC_URI = "${GNUPG_MIRROR}/libassuan/libassuan-${PV}.tar.bz2 \
file://libassuan-add-pkgconfig-support.patch \
"
-SRC_URI[md5sum] = "52385ec8d34f258bf10165d32c486002"
-SRC_URI[sha256sum] =
"9e69a102272324de0bb56025779f84fd44901afcc6eac51505f6a63ea5737ca1"
+SRC_URI[md5sum] = "4354b7ae296894f232ada226a062d7d7"
+SRC_URI[sha256sum] =
"47f96c37b4f2aac289f0bc1bacfa8bd8b4b209a488d3d15e2229cb6cc9b26449"
BINCONFIG = "${bindir}/libassuan-config"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 6/8] libxcursor: update to 1.1.15 plus sec fixes
From: Armin Kuster <akus...@mvista.com>
This update includes:
CVE-2017-16612
and some clan warning fixes
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../xorg-lib/{libxcursor_1.1.14.bb => libxcursor_1.1.15.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-graphics/xorg-lib/{libxcursor_1.1.14.bb =>
libxcursor_1.1.15.bb} (80%)
diff --git a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb
b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.15.bb
similarity index 80%
rename from meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb
rename to meta/recipes-graphics/xorg-lib/libxcursor_1.1.15.bb
index 1762904..dc9af23 100644
--- a/meta/recipes-graphics/xorg-lib/libxcursor_1.1.14.bb
+++ b/meta/recipes-graphics/xorg-lib/libxcursor_1.1.15.bb
@@ -18,5 +18,5 @@ PE = "1"
XORG_PN = "libXcursor"
-SRC_URI[md5sum] = "1e7c17afbbce83e2215917047c57d1b3"
-SRC_URI[sha256sum] =
"9bc6acb21ca14da51bda5bc912c8955bc6e5e433f0ab00c5e8bef842596c33df"
+SRC_URI[md5sum] = "58fe3514e1e7135cf364101e714d1a14"
+SRC_URI[sha256sum] =
"294e670dd37cd23995e69aae626629d4a2dfe5708851bbc13d032401b7a3df6b"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 5/8] libxfont2: update to 2.0.3 with sec fix
From: Armin Kuster <akus...@mvista.com>
Includes:
Open files with O_NOFOLLOW. (CVE-2017-16611)
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../xorg-lib/{libxfont2_2.0.2.bb => libxfont2_2.0.3.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-graphics/xorg-lib/{libxfont2_2.0.2.bb =>
libxfont2_2.0.3.bb} (80%)
diff --git a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.2.bb
b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.3.bb
similarity index 80%
rename from meta/recipes-graphics/xorg-lib/libxfont2_2.0.2.bb
rename to meta/recipes-graphics/xorg-lib/libxfont2_2.0.3.bb
index 08d1123..5f27a55 100644
--- a/meta/recipes-graphics/xorg-lib/libxfont2_2.0.2.bb
+++ b/meta/recipes-graphics/xorg-lib/libxfont2_2.0.3.bb
@@ -15,8 +15,8 @@ XORG_PN = "libXfont2"
BBCLASSEXTEND = "native"
-SRC_URI[md5sum] = "d39e6446e46f939486d1a8b856e8b67b"
-SRC_URI[sha256sum] =
"94088d3b87f7d42c7116d9adaad155859e93330c6e47f5989f2de600b9a6c111"
+SRC_URI[md5sum] = "b7ca87dfafeb5205b28a1e91ac3efe85"
+SRC_URI[sha256sum] =
"0e8ab7fd737ccdfe87e1f02b55f221f0bd4503a1c5f28be4ed6a54586bac9c4e"
PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}"
PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 8/8] bind: Update to 9.11.2
From: Armin Kuster <akus...@mvista.com>
New License (mpl-2.0) and LICESE file.
New features in bind 9.11
see: https://www.isc.org/wp-content/uploads/2016/09/BIND9.11NewFeatures.pdf
add zlib PACKAGECONF
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-connectivity/bind/bind/dont-test-on-host.patch | 13 -
.../bind/{bind_9.10.6.bb => bind_9.11.2.bb} | 10 +-
2 files changed, 13 insertions(+), 10 deletions(-)
rename meta/recipes-connectivity/bind/{bind_9.10.6.bb => bind_9.11.2.bb} (92%)
diff --git a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
index b02ecb1..7fbd1f5 100644
--- a/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
+++ b/meta/recipes-connectivity/bind/bind/dont-test-on-host.patch
@@ -2,16 +2,19 @@ Upstream-Status: Pending
Signed-off-by: Saul Wold <s...@linux.intel.com>
-Index: bind-9.9.5/bin/Makefile.in
+refactored for 9.11
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+Index: bind-9.11.2/bin/Makefile.in
===
bind-9.9.5.orig/bin/Makefile.in
-+++ bind-9.9.5/bin/Makefile.in
-@@ -19,7 +19,7 @@ srcdir = @srcdir@
+--- bind-9.11.2.orig/bin/Makefile.in
bind-9.11.2/bin/Makefile.in
+@@ -10,7 +10,7 @@ srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
-SUBDIRS = named rndc dig delv dnssec tools tests nsupdate \
+SUBDIRS = named rndc dig delv dnssec tools nsupdate \
- check confgen @PYTHON_TOOLS@ @PKCS11_TOOLS@
+ check confgen @NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@
TARGETS =
diff --git a/meta/recipes-connectivity/bind/bind_9.10.6.bb
b/meta/recipes-connectivity/bind/bind_9.11.2.bb
similarity index 92%
rename from meta/recipes-connectivity/bind/bind_9.10.6.bb
rename to meta/recipes-connectivity/bind/bind_9.11.2.bb
index 8b8835b..0bbc4df 100644
--- a/meta/recipes-connectivity/bind/bind_9.10.6.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.2.bb
@@ -2,8 +2,8 @@ SUMMARY = "ISC Internet Domain Name Server"
HOMEPAGE = "http://www.isc.org/sw/bind/;
SECTION = "console/network"
-LICENSE = "ISC & BSD"
-LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=dba46507446198119bcde32a4feaab43"
+LICENSE = "ISC & MPL-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f27a50d2e878867827842f2c60e30bfc"
DEPENDS = "openssl libcap"
@@ -23,8 +23,8 @@ SRC_URI =
"https://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
file://use-python3-and-fix-install-lib-path.patch \
"
-SRC_URI[md5sum] = "84e663284b17aee0df1ce6f248b137d7"
-SRC_URI[sha256sum] =
"17bbcd2bd7b1d32f5ba4b30d5dbe8a39bce200079048073d1e0d050fdf47e69d"
+SRC_URI[md5sum] = "efca7e5a63a07efba264da9be2fbb57f"
+SRC_URI[sha256sum] =
"7f46ad8620f7c3b0ac375d7a5211b15677708fda84ce25d7aeb7222fe2e3c77a"
UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/;
UPSTREAM_CHECK_REGEX = "(?P9(\.\d+)+(-P\d+)*)/"
@@ -48,6 +48,7 @@ PACKAGECONFIG[httpstats] =
"--with-libxml2,--without-libxml2,libxml2"
PACKAGECONFIG[readline] = "--with-readline=-lreadline,,readline"
PACKAGECONFIG[libedit] = "--with-readline=-ledit,,libedit"
PACKAGECONFIG[urandom] =
"--with-randomdev=/dev/urandom,--with-randomdev=/dev/random,,"
+PACKAGECONFIG[zlib] = "--with-zlib=${STAGING_LIBDIR}/.., --without-zlib, zlib,
zlib"
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "--system --home ${localstatedir}/cache/bind
--no-create-home \
@@ -88,7 +89,6 @@ do_install_append() {
install -d "${D}${sysconfdir}/init.d"
install -m 644 ${S}/conf/* "${D}${sysconfdir}/bind/"
install -m 755 "${S}/init.d" "${D}${sysconfdir}/init.d/bind"
- sed -i -e '1s,#!.*python3,#! /usr/bin/python3,'
${D}${sbindir}/dnssec-coverage ${D}${sbindir}/dnssec-checkds
# Install systemd related files
install -d ${D}${sbindir}
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] binutils update to 2.29.1 for security fixes
Built on AB, no issues do to upgrade found.
boot tested on arm64 target too
Planning on updating Rocko instead of backporting all 41 + commits
Armin Kuster (1):
binutils: update to 2.29.1
.../binutils/{binutils-2.29.inc => binutils-2.29.1.inc} | 2 +-
...inutils-cross-canadian_2.29.bb => binutils-cross-canadian_2.29.1.bb} | 0
.../binutils/{binutils-cross_2.29.bb => binutils-cross_2.29.1.bb} | 0
.../binutils/{binutils-crosssdk_2.29.bb => binutils-crosssdk_2.29.1.bb} | 0
meta/recipes-devtools/binutils/{binutils_2.29.bb => binutils_2.29.1.bb} | 0
5 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/binutils/{binutils-2.29.inc =>
binutils-2.29.1.inc} (97%)
rename meta/recipes-devtools/binutils/{binutils-cross-canadian_2.29.bb =>
binutils-cross-canadian_2.29.1.bb} (100%)
rename meta/recipes-devtools/binutils/{binutils-cross_2.29.bb =>
binutils-cross_2.29.1.bb} (100%)
rename meta/recipes-devtools/binutils/{binutils-crosssdk_2.29.bb =>
binutils-crosssdk_2.29.1.bb} (100%)
rename meta/recipes-devtools/binutils/{binutils_2.29.bb => binutils_2.29.1.bb}
(100%)
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] binutils: update to 2.29.1
From: Armin Kuster <akus...@mvista.com>
update to 2.29.1 to fix the following missing CVE's
CVE-2017-15939, CVE-2017-15938, CVE-2017-15225, CVE-2017-15025,
CVE-2017-15024, CVE-2017-15023, CVE-2017-15022, CVE-2017-15021,
CVE-2017-15020, CVE-2017-14974, CVE-2017-14940, CVE-2017-14939,
CVE-2017-14938, CVE-2017-14934, CVE-2017-14933, CVE-2017-14932,
CVE-2017-14930, CVE-2017-14745, CVE-2017-14729, CVE-2017-14529,
CVE-2017-14333, CVE-2017-14130, CVE-2017-14129, CVE-2017-14128,
CVE-2017-13757, CVE-2017-13716, CVE-2017-13710, CVE-2017-12967,
CVE-2017-12799, CVE-2017-12459, CVE-2017-12458, CVE-2017-12457,
CVE-2017-12456, CVE-2017-12455, CVE-2017-12454, CVE-2017-12453,
CVE-2017-12452, CVE-2017-12451, CVE-2017-12450, CVE-2017-12449,
CVE-2017-12448
see Changelogs for additional information
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
.../binutils/{binutils-2.29.inc => binutils-2.29.1.inc} | 2 +-
...inutils-cross-canadian_2.29.bb => binutils-cross-canadian_2.29.1.bb} | 0
.../binutils/{binutils-cross_2.29.bb => binutils-cross_2.29.1.bb} | 0
.../binutils/{binutils-crosssdk_2.29.bb => binutils-crosssdk_2.29.1.bb} | 0
meta/recipes-devtools/binutils/{binutils_2.29.bb => binutils_2.29.1.bb} | 0
5 files changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-devtools/binutils/{binutils-2.29.inc =>
binutils-2.29.1.inc} (97%)
rename meta/recipes-devtools/binutils/{binutils-cross-canadian_2.29.bb =>
binutils-cross-canadian_2.29.1.bb} (100%)
rename meta/recipes-devtools/binutils/{binutils-cross_2.29.bb =>
binutils-cross_2.29.1.bb} (100%)
rename meta/recipes-devtools/binutils/{binutils-crosssdk_2.29.bb =>
binutils-crosssdk_2.29.1.bb} (100%)
rename meta/recipes-devtools/binutils/{binutils_2.29.bb => binutils_2.29.1.bb}
(100%)
diff --git a/meta/recipes-devtools/binutils/binutils-2.29.inc
b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
similarity index 97%
rename from meta/recipes-devtools/binutils/binutils-2.29.inc
rename to meta/recipes-devtools/binutils/binutils-2.29.1.inc
index 27d46eb..d92bbbc 100644
--- a/meta/recipes-devtools/binutils/binutils-2.29.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.29.1.inc
@@ -18,7 +18,7 @@ BINUPV = "${@binutils_branch_version(d)}"
UPSTREAM_CHECK_GITTAGREGEX = "binutils-(?P\d+_(\d_?)*)"
-SRCREV = "37e991bb143ca2106330bcdc625590d53838b7a1"
+SRCREV = "90276f15379d380761fc499da2ba24cfb3c12a94"
SRC_URI = "\
git://sourceware.org/git/binutils-gdb.git;branch=binutils-${BINUPV}-branch;protocol=git
\
file://0003-configure-widen-the-regexp-for-SH-architectures.patch \
diff --git a/meta/recipes-devtools/binutils/binutils-cross-canadian_2.29.bb
b/meta/recipes-devtools/binutils/binutils-cross-canadian_2.29.1.bb
similarity index 100%
rename from meta/recipes-devtools/binutils/binutils-cross-canadian_2.29.bb
rename to meta/recipes-devtools/binutils/binutils-cross-canadian_2.29.1.bb
diff --git a/meta/recipes-devtools/binutils/binutils-cross_2.29.bb
b/meta/recipes-devtools/binutils/binutils-cross_2.29.1.bb
similarity index 100%
rename from meta/recipes-devtools/binutils/binutils-cross_2.29.bb
rename to meta/recipes-devtools/binutils/binutils-cross_2.29.1.bb
diff --git a/meta/recipes-devtools/binutils/binutils-crosssdk_2.29.bb
b/meta/recipes-devtools/binutils/binutils-crosssdk_2.29.1.bb
similarity index 100%
rename from meta/recipes-devtools/binutils/binutils-crosssdk_2.29.bb
rename to meta/recipes-devtools/binutils/binutils-crosssdk_2.29.1.bb
diff --git a/meta/recipes-devtools/binutils/binutils_2.29.bb
b/meta/recipes-devtools/binutils/binutils_2.29.1.bb
similarity index 100%
rename from meta/recipes-devtools/binutils/binutils_2.29.bb
rename to meta/recipes-devtools/binutils/binutils_2.29.1.bb
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 2/5] nettle: update to 3.4 and cleanup
From: Armin Kuster <akus...@mvista.com>
merge .inc
forward ported two patches to work with 3.4
for more info see:
http://lists.gnu.org/archive/html/info-gnu/2017-11/msg7.html
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
...d-target-to-only-build-tests-not-run-them.patch | 46 --
...d-target-to-only-build-tests-not-run-them.patch | 38 ++
...k-header-files-of-openssl-only-if-enable_.patch | 26 ++--
.../{nettle-3.3 => nettle-3.4}/dlopen-test.patch | 0
.../nettle/{files => nettle-3.4}/run-ptest | 0
meta/recipes-support/nettle/nettle_3.3.bb | 19 -
.../nettle/{nettle.inc => nettle_3.4.bb} | 14 +++
7 files changed, 64 insertions(+), 79 deletions(-)
delete mode 100644
meta/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch
create mode 100644
meta/recipes-support/nettle/nettle-3.4/Add-target-to-only-build-tests-not-run-them.patch
rename meta/recipes-support/nettle/{nettle-3.3 =>
nettle-3.4}/check-header-files-of-openssl-only-if-enable_.patch (63%)
rename meta/recipes-support/nettle/{nettle-3.3 =>
nettle-3.4}/dlopen-test.patch (100%)
rename meta/recipes-support/nettle/{files => nettle-3.4}/run-ptest (100%)
delete mode 100644 meta/recipes-support/nettle/nettle_3.3.bb
rename meta/recipes-support/nettle/{nettle.inc => nettle_3.4.bb} (60%)
diff --git
a/meta/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch
b/meta/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch
deleted file mode 100644
index 23da777..000
---
a/meta/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 46edf01cc98db9f9feec984897836dfdd26bdc8d Mon Sep 17 00:00:00 2001
-From: Jussi Kukkonen <jussi.kukko...@intel.com>
-Date: Wed, 12 Aug 2015 23:27:27 +0300
-Subject: [PATCH] Add target to only build tests (not run them)
-
-Not sending upstream as this is only a start of a solution to
-installable tests: It's useful for us already as is.
-
-Upstream-Status: Inappropriate [not a complete solution]
-
-Signed-off-by: Jussi Kukkonen <jussi.kukko...@intel.com>
- Makefile.in | 3 +++
- testsuite/Makefile.in | 2 ++
- 2 files changed, 5 insertions(+)
-
-diff --git a/Makefile.in b/Makefile.in
-index 08efb7d..7909342 100644
a/Makefile.in
-+++ b/Makefile.in
-@@ -55,6 +55,9 @@ clean distclean mostlyclean maintainer-clean tags:
- echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done
- $(MAKE) $@-here
-
-+buildtest:
-+ echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@)
-+
- check-here:
- true
-
-diff --git a/testsuite/Makefile.in b/testsuite/Makefile.in
-index 6bc1907..bb65bf0 100644
a/testsuite/Makefile.in
-+++ b/testsuite/Makefile.in
-@@ -116,6 +116,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$(OBJEXT)
../nettle-internal.$(OBJEXT) \
- # data.
- VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes
@IF_ASM@ --partial-loads-ok=yes
-
-+buildtest: $(TS_ALL)
-+
- # The PATH update is for locating dlls on w*ndows.
- check: $(TS_ALL)
- LD_LIBRARY_PATH=../.lib PATH="../.lib:$$PATH" srcdir="$(srcdir)" \
---
-2.1.4
-
diff --git
a/meta/recipes-support/nettle/nettle-3.4/Add-target-to-only-build-tests-not-run-them.patch
b/meta/recipes-support/nettle/nettle-3.4/Add-target-to-only-build-tests-not-run-them.patch
new file mode 100644
index 000..c007060
--- /dev/null
+++
b/meta/recipes-support/nettle/nettle-3.4/Add-target-to-only-build-tests-not-run-them.patch
@@ -0,0 +1,38 @@
+Add target to only build tests (not run them)
+
+Not sending upstream as this is only a start of a solution to
+installable tests: It's useful for us already as is.
+
+Upstream-Status: Inappropriate [not a complete solution]
+
+Signed-off-by: Jussi Kukkonen <jussi.kukko...@intel.com>
+Refactored for 3.4
+Signed-off-by: Armin Kuster <akus...@mvista.com>
+
+Index: nettle-3.4/Makefile.in
+===
+--- nettle-3.4.orig/Makefile.in
nettle-3.4/Makefile.in
+@@ -55,6 +55,9 @@ clean distclean mostlyclean maintainer-c
+ echo "Making $@ in $$d" ; (cd $$d && $(MAKE) $@); done
+ $(MAKE) $@-here
+
++buildtest:
++ echo "Making $@ in testsuite" ; (cd testsuite && $(MAKE) $@)
++
+ check-here:
+ true
+
+Index: nettle-3.4/testsuite/Makefile.in
+===
+--- nettle-3.4.orig/testsuite/Makefile.in
nettle-3.4/testsuite/Makefile.in
+@@ -131,6 +131,8 @@ $(TARGETS) $(EXTRA_TARGETS): testutils.$
+ # data.
+ VALGRIND = valgrind --error-exitcode=1 --leak-check=full --show-reachable=yes
@IF_ASM@ --partial-loads-ok=yes
+
++buildtest: $(TS_ALL)
++
+ # The PATH update
[OE-core] [PATCH 1/5] gnutls: update to 3.6.1
zlib configure.ac support removed in 3.6.1
drop patch
Signed-off-by: Armin Kuster <akuster...@gmail.com>
---
meta/recipes-support/gnutls/gnutls.inc| 3 +--
meta/recipes-support/gnutls/{gnutls_3.5.16.bb => gnutls_3.6.1.bb} | 5 ++---
2 files changed, 3 insertions(+), 5 deletions(-)
rename meta/recipes-support/gnutls/{gnutls_3.5.16.bb => gnutls_3.6.1.bb} (45%)
diff --git a/meta/recipes-support/gnutls/gnutls.inc
b/meta/recipes-support/gnutls/gnutls.inc
index 29b5dd6..7bcb913 100644
--- a/meta/recipes-support/gnutls/gnutls.inc
+++ b/meta/recipes-support/gnutls/gnutls.inc
@@ -21,7 +21,7 @@ SRC_URI =
"ftp://ftp.gnutls.org/gcrypt/gnutls/v${SHRT_VER}/gnutls-${PV}.tar.xz;
inherit autotools texinfo binconfig pkgconfig gettext lib_package gtk-doc
-PACKAGECONFIG ??= "libidn zlib"
+PACKAGECONFIG ??= "libidn"
# You must also have CONFIG_SECCOMP enabled in the kernel for
# seccomp to work.
@@ -32,7 +32,6 @@ PACKAGECONFIG[libidn] = "--with-idn,--without-idn,libidn"
PACKAGECONFIG[libtasn1] =
"--with-included-libtasn1=no,--with-included-libtasn1,libtasn1"
PACKAGECONFIG[p11-kit] = "--with-p11-kit,--without-p11-kit,p11-kit"
PACKAGECONFIG[tpm] = "--with-tpm,--without-tpm,trousers"
-PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib"
EXTRA_OECONF = " \
--enable-doc \
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.16.bb
b/meta/recipes-support/gnutls/gnutls_3.6.1.bb
similarity index 45%
rename from meta/recipes-support/gnutls/gnutls_3.5.16.bb
rename to meta/recipes-support/gnutls/gnutls_3.6.1.bb
index 635c519..7624a20 100644
--- a/meta/recipes-support/gnutls/gnutls_3.5.16.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.6.1.bb
@@ -1,10 +1,9 @@
require gnutls.inc
SRC_URI += "file://0001-configure.ac-fix-sed-command.patch \
-file://use-pkg-config-to-locate-zlib.patch \
file://arm_eabi.patch \
"
-SRC_URI[md5sum] = "4c39612f1ec3ef7ed79cfb8936fa8143"
-SRC_URI[sha256sum] =
"0924dec90c37c05f49fec966eba3672dab4d336d879e5c06e06e13325cbfec25"
+SRC_URI[md5sum] = "4b65ae3ffef59f3eeed51a6166ff12b3"
+SRC_URI[sha256sum] =
"20b10d2c9994bc032824314714d0e84c0f19bdb3d715d8ed55beb7364a8ebaed"
BBCLASSEXTEND = "native nativesdk"
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 0/5] Master package updates
From: Armin Kuster <akus...@mvista.com>
I suspect curl may have conflicts if the changes in mut are applied.
The gnutls changes built with meta-oe world. boot tested on a few arm machines.
The following changes since commit a17f3ec910366e9e7551fa24fbc07929b9584341:
dhcp: fix build issue with libxml2 support (2017-11-10 14:44:31 +)
are available in the git repository at:
git://git.openembedded.org/openembedded-core-contrib akuster/master-updates
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=akuster/master-updates
Armin Kuster (5):
gnutls: update to 3.6.1
nettle: update to 3.4 and cleanup
nss: update to 3.34
libassuan: update to 2.4.4
curl: update to 7.56.1
.../curl/{curl_7.54.1.bb => curl_7.56.1.bb}| 12 +---
meta/recipes-support/gnutls/gnutls.inc | 3 +-
.../gnutls/{gnutls_3.5.16.bb => gnutls_3.6.1.bb} | 5 +-
.../libassuan-add-pkgconfig-support.patch | 77 +++---
.../{libassuan_2.4.3.bb => libassuan_2.4.4.bb} | 11 ++--
...d-target-to-only-build-tests-not-run-them.patch | 46 -
...d-target-to-only-build-tests-not-run-them.patch | 38 +++
...k-header-files-of-openssl-only-if-enable_.patch | 26
.../{nettle-3.3 => nettle-3.4}/dlopen-test.patch | 0
.../nettle/{files => nettle-3.4}/run-ptest | 0
meta/recipes-support/nettle/nettle_3.3.bb | 19 --
.../nettle/{nettle.inc => nettle_3.4.bb} | 14
.../nss/{nss_3.33.bb => nss_3.34.bb} | 4 +-
13 files changed, 116 insertions(+), 139 deletions(-)
rename meta/recipes-support/curl/{curl_7.54.1.bb => curl_7.56.1.bb} (89%)
rename meta/recipes-support/gnutls/{gnutls_3.5.16.bb => gnutls_3.6.1.bb} (45%)
rename meta/recipes-support/libassuan/{libassuan_2.4.3.bb =>
libassuan_2.4.4.bb} (67%)
delete mode 100644
meta/recipes-support/nettle/files/Add-target-to-only-build-tests-not-run-them.patch
create mode 100644
meta/recipes-support/nettle/nettle-3.4/Add-target-to-only-build-tests-not-run-them.patch
rename meta/recipes-support/nettle/{nettle-3.3 =>
nettle-3.4}/check-header-files-of-openssl-only-if-enable_.patch (63%)
rename meta/recipes-support/nettle/{nettle-3.3 =>
nettle-3.4}/dlopen-test.patch (100%)
rename meta/recipes-support/nettle/{files => nettle-3.4}/run-ptest (100%)
delete mode 100644 meta/recipes-support/nettle/nettle_3.3.bb
rename meta/recipes-support/nettle/{nettle.inc => nettle_3.4.bb} (60%)
rename meta/recipes-support/nss/{nss_3.33.bb => nss_3.34.bb} (98%)
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 5/5] curl: update to 7.56.1
From: Armin Kuster <akus...@mvista.com>
curlbuild.h removed from sources
includes:
CVE-2017-1000257
removed patches for the following cve fixs:
CVE-2017-1000254
CVE-2017-1000101
CVE-2017-1000100
CVE-2017-199
Signed-off-by: Armin Kuster <akus...@mvista.com>
---
meta/recipes-support/curl/{curl_7.54.1.bb => curl_7.56.1.bb} | 12 ++--
1 file changed, 2 insertions(+), 10 deletions(-)
rename meta/recipes-support/curl/{curl_7.54.1.bb => curl_7.56.1.bb} (89%)
diff --git a/meta/recipes-support/curl/curl_7.54.1.bb
b/meta/recipes-support/curl/curl_7.56.1.bb
similarity index 89%
rename from meta/recipes-support/curl/curl_7.54.1.bb
rename to meta/recipes-support/curl/curl_7.56.1.bb
index 58f0531..2891a4b 100644
--- a/meta/recipes-support/curl/curl_7.54.1.bb
+++ b/meta/recipes-support/curl/curl_7.56.1.bb
@@ -7,10 +7,6 @@ LIC_FILES_CHKSUM =
"file://COPYING;beginline=8;md5=3a34942f4ae3fbf1a303160714e66
SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \
file://0001-replace-krb5-config-with-pkg-config.patch \
- file://CVE-2017-199.patch \
- file://CVE-2017-1000100.patch \
- file://CVE-2017-1000101.patch \
- file://CVE-2017-1000254.patch \
"
SRC_URI_append_class-target = " \
@@ -22,8 +18,8 @@ SRC_URI_append_class-target = " \
#
SRC_URI += " file://configure_ac.patch"
-SRC_URI[md5sum] = "6b6eb722f512e7a24855ff084f54fe55"
-SRC_URI[sha256sum] =
"fdfc4df2d001ee0c44ec071186e770046249263c491fcae48df0e1a3ca8f25a0"
+SRC_URI[md5sum] = "428de25834ef8c04076906d6d5c0498e"
+SRC_URI[sha256sum] =
"2594670367875e7d87b0f129b5e4690150780884d90244ba0fe3e74a778b5f90"
CVE_PRODUCT = "libcurl"
inherit autotools pkgconfig binconfig multilib_header
@@ -64,10 +60,6 @@ EXTRA_OECONF = " \
--without-libpsl \
"
-do_install_append() {
- oe_multilib_header curl/curlbuild.h
-}
-
do_install_append_class-target() {
# cleanup buildpaths from curl-config
sed -i \
--
2.7.4
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
