Joshua Lock | 4 May 12:48 2016

[krogoth][master][PATCH] qemu: updgrade to 2.5.1

This upgrade includes several worthwhile fixes, security and otherwise, including
a complete fix for CVE-2016-2857.

* drop CVE-2016-2857.patch as it's included in this release, along with several
  related patches which complete the fixes for CVE-2016-2857:;a=commitdiff;h=9bddb45dbc010cd8ee4d48bd501fa5d18dcec00c;a=commitdiff;h=e3a2cdfcb5e282139217924044ec5af00c7f8eed;a=commitdiff;h=fe90bdc25bcf9954ee286cd51de94776a17d04f6;a=commitdiff;h=d0ee85b4e4c6cc2c8fac311d6df2ed412ed0df5f;a=commitdiff;h=80b6e5723fac428ea6c08c821078286f43975df8;a=commitdiff;h=a375e0b03ee3438924b24a45e61ee189ec9361db
* drop CVE-2016-2197.patch as an equivalent fix is included in this release;a=commitdiff;h=aaf4fb6afb4653c86059255811886a5c4ea271f3
* drop CVE-2016-1568.patch as it's included in this release;a=commitdiff;h=4f046a6ba1d558eb043dc13a80d40cf7cb62ef95

Signed-off-by: Joshua Lock <joshua.g.lock@...>
 .../recipes-devtools/qemu/qemu/CVE-2016-1568.patch | 46 -----------------
 .../recipes-devtools/qemu/qemu/CVE-2016-2197.patch | 59 ----------------------
 .../recipes-devtools/qemu/qemu/CVE-2016-2857.patch | 51 -------------------
 .../qemu/{ =>}          |  7 +--
 4 files changed, 2 insertions(+), 161 deletions(-)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-1568.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-2197.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-2857.patch
 rename meta/recipes-devtools/qemu/{ =>} (80%)

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-1568.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-1568.patch
deleted file mode 100644
(Continue reading)

Ismo Puustinen | 4 May 12:35 2016

[PATCH] libpcre: Fix CVE-2016-3191

Fix workspace overflow for (*ACCEPT) with deeply nested parentheses.

The patch is from libpcre version control at with the ChangeLog
part removed. Original author is Philip Hazel.

Upstream-Status: Accepted [8.39]
CVE: CVE-2016-3191

Signed-off-by: Ismo Puustinen <ismo.puustinen@...>
 .../libpcre/libpcre/CVE-2016-3191.patch            | 147 +++++++++++++++++++++
 meta/recipes-support/libpcre/       |   1 +
 2 files changed, 148 insertions(+)
 create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch

diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch b/meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch
new file mode 100644
index 0000000..ebd950c
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch
 <at>  <at>  -0,0 +1,147  <at>  <at> 
+Index: pcre/pcre_internal.h
+--- pcre/pcre_internal.h	(revision 1630)
++++ pcre/pcre_internal.h	(revision 1631)
+ <at>  <at>  -7,7 +7,7  <at>  <at> 
+ and semantics are as close as possible to those of the Perl 5 language.
+                        Written by Philip Hazel
(Continue reading)

Yuqing Zhu | 4 May 11:46 2016

[poky][PATCH] alsa-lib: Fix incorrect appl pointer when mmap_commit() returns error.

The appl pointer needs to be updated only when snd_pcm_mmap_commit() is
successfully returned. Or it shouldn't be updated.
This is to fix the avail_update()'s result is incorrect when returns error.

Signed-off-by: Yuqing Zhu <carol.zhu@...>
 ...fix-appl-pointer-not-correct-when-mmap_co.patch | 137 +++++++++++++++++++++
 meta/recipes-multimedia/alsa/     |   1 +
 2 files changed, 138 insertions(+)
 create mode 100755 meta/recipes-multimedia/alsa/alsa-lib/0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch

diff --git
a/meta/recipes-multimedia/alsa/alsa-lib/0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch b/meta/recipes-multimedia/alsa/alsa-lib/0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch
new file mode 100755
index 0000000..9fd69f3
--- /dev/null
+++ b/meta/recipes-multimedia/alsa/alsa-lib/0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch
 <at>  <at>  -0,0 +1,137  <at>  <at> 
+From 7c424edd116e76eee6218a1e9a6ff6c4daaf2a4d Mon Sep 17 00:00:00 2001
+From: Shengjiu Wang <>
+Date: Wed, 6 Apr 2016 19:02:12 +0800
+Subject: [PATCH] pcm_plugin: fix appl pointer not correct when mmap_commit()
+ return error
+When snd_pcm_mmap_commit() return error, the appl pointer is also updated.
+which cause the avail_update()'s result wrong.
+This patch move the snd_pcm_mmap_appl_forward() to the place when
+snd_pcm_mmap_commit() is successfully returned.
+Upstream-Status: Submitted []
(Continue reading)

Joshua G Lock | 4 May 11:52 2016

Re: [master][krogoth][PATCH 1/2] qemu: Security fix CVE-2016-2857

Hi Armin,

On Thu, 2016-04-28 at 11:23 -0700, Armin Kuster wrote:
> From: Armin Kuster <akuster <at>>

I've been seeing:

"qemu: uncaught target signal 11 (Segmentation fault) - core dumped"

when trying to build gobject-introspection for qemux86 recently and
narrowed it down to this change, if I revert this patch the use of
qemu-native by gobject-introspection no longer causes a segmentation

Are we missing some related patches for this CVE fix? I haven't dug
into the details, but noticed that Fedora's CVE-2016-2857 diffstat[1]
is much larger than ours[2].




> ---
>  .../recipes-devtools/qemu/qemu/CVE-2016-2857.patch | 51
(Continue reading)

Awais Belal | 4 May 11:11 2016

[[PATCH v2 1/2] mesa-demos: remove demos using obsolete screen surface

The mesa surface EGL_MESA_screen_surface was obsoleted
and then dropped from mesa some time ago. Drop demos
depending on this.

Signed-off-by: Awais Belal <awais_belal@...>
 ...dependant-on-obsolete-MESA_screen_surface.patch | 1592 ++++++++++++++++++++
 meta/recipes-graphics/mesa/     |    1 +
 2 files changed, 1593 insertions(+)
 create mode 100644 meta/recipes-graphics/mesa/mesa-demos/0011-drop-demos-dependant-on-obsolete-MESA_screen_surface.patch

diff --git
a/meta/recipes-graphics/mesa/mesa-demos/0011-drop-demos-dependant-on-obsolete-MESA_screen_surface.patch b/meta/recipes-graphics/mesa/mesa-demos/0011-drop-demos-dependant-on-obsolete-MESA_screen_surface.patch
new file mode 100644
index 0000000..a2621ce
--- /dev/null
+++ b/meta/recipes-graphics/mesa/mesa-demos/0011-drop-demos-dependant-on-obsolete-MESA_screen_surface.patch
 <at>  <at>  -0,0 +1,1592  <at>  <at> 
+commit 74443c6ee79f3251f643ea05e94df58183e37d0d
+Author: Matt Turner <mattst88@...>
+Date:   Fri Aug 28 15:57:38 2015 -0700
+    egl: Remove demos using EGL_MESA_screen_surface.
+    The remnants of the extension were removed from Mesa in commit 7a58262e.
+    Reviewed-by: Andreas Boll <>
+    Tested-by: Andreas Boll <>
+    Reviewed-by: Marek Olšák <marek.olsak@...>
(Continue reading)

Maxin B. John | 4 May 10:20 2016

[PATCH 00/10] package version upgrades

Resending the package upgrades with -M1

Maxin B. John (10):
  acpid: upgrade to 2.0.27
  ethtool: upgrade to 4.5
  pkgconfig: update to version 0.29.1
  libtasn1: upgrade to 4.8
  bluez5: upgrade to 5.39
  mc: upgrade to 4.8.16
  orc: upgrade to 0.4.25
  harfbuzz: upgrade to 1.2.6
  sqlite3: upgrade to 3.12.2
  iproute2: upgrade to version 4.5.0

 .../acpid/acpid/0001-Fix-out-of-source-build.patch | 46 ----------
 meta/recipes-bsp/acpid/             |  9 --
 meta/recipes-bsp/acpid/             |  7 ++
 .../bluez5/{ =>}      |  4 +-
 .../iproute2/iproute2/iproute2-4.3.0-musl.patch    | 97 +++++++++-------------
 .../iproute2/iproute2-fix-building-with-musl.patch | 24 ------
 .../{ =>}       |  5 +-
 .../orc/{ =>}           |  4 +-
 meta/recipes-devtools/pkgconfig/   |  4 +-
 .../ethtool/{ =>}     |  4 +-
 .../mc/{ =>}              |  4 +-
 .../{ =>}       |  4 +-
 .../gnutls/{ =>}    |  4 +-
 .../sqlite/sqlite3/fix-disable-static-shell.patch  | 61 --------------
 meta/recipes-support/sqlite/      | 11 ---
(Continue reading)

Armin Kuster | 4 May 01:46 2016

[master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

From: Armin Kuster <akuster@...>


fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch

drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.

Signed-off-by: Armin Kuster <akuster@...>
 ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 +++++++-------
 .../openssl/{ =>}       |  6 ++----
 2 files changed, 9 insertions(+), 11 deletions(-)
 rename meta/recipes-connectivity/openssl/{ =>} (91%)

diff --git
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index cebc8cf..f736e5c 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
 <at>  <at>  -8,16 +8,16  <at>  <at> <at>

 Signed-off-by: Xufeng Zhang <xufeng.zhang@...>
-Index: openssl-1.0.2/crypto/evp/digest.c
(Continue reading)

Christopher Larson | 3 May 22:20 2016

[PATCH] image-live.bbclass: make the INITRD optional

From: Christopher Larson <chris_larson@...>

This aligns with image-vm, and makes sense for wic bootimg-efi images, which
don't actually want any of the live installer bits.

Signed-off-by: Christopher Larson <chris_larson@...>
 meta/classes/image-live.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/image-live.bbclass b/meta/classes/image-live.bbclass
index c8a8610..ea6ced2 100644
--- a/meta/classes/image-live.bbclass
+++ b/meta/classes/image-live.bbclass
 <at>  <at>  -56,7 +56,7  <at>  <at>  python() {
     if image_b == initrd_i:
         bb.error('INITRD_IMAGE_LIVE %s cannot use image live, hddimg or iso.' % initrd_i)
         bb.fatal('Check IMAGE_FSTYPES and INITRAMFS_FSTYPES settings.')
-    else:
+    elif initrd_i:
         d.appendVarFlag('do_bootimg', 'depends', ' %s:do_image_complete' % initrd_i)



Otavio Salvador | 3 May 22:00 2016

[oe-core PATCH v2 0/7] Improve Xwayland integration

Up to now, to make Xwayland to work it required several manual hacks
and it was difficult to make an image which had support for it out of

This patchset intends to set the base for it. It enables weston-init
to be extended to support Xwayland launch when needed.

There are still some issues to be done:

 - how to make Xwayland fit on the packagegroups?
 - does core-image.bbclass ought to include a xwayland feature?

Yet, this patchset seems good to be reviewed and possibly merged.

Changes in v2:
- Remove PAM requirement
- Remove PAM requirement
- Drop weston-lunch use as it requires PAM
- Move weston-start module to weston package
- Stop using weston-launch

Otavio Salvador (7):
  weston: Enable XWayland when X11 and Wayland support are available
  weston: Remove XWayland dependencies on PACKAGECONFIG
  weston-init: Rework do_install to use install -D option
  weston-init: Rework init sequence to avoid code duplication
  weston-init: Error out if loading a nested instance
  weston-init: Add module support for the weston-start helper
  weston: Add Xwayland initialization support using weston-start

(Continue reading)

Robert P. J. Day | 3 May 19:04 2016

clarifying details about "is not set" lines in kernel config fragment files

  oddly, in the current YP kernel dev manual, i don't see the phrase
"is not set" explained anywhere in the entire doc, which is weird
since it seems like it would be important.

  first, just to confirm *i* know what it's used for, it's not just a
comment -- it's used explicitly by the kernel config process to
stipulate that we are aware of a kernel config setting, and we don't
want it. that is, if we have a kernel .config file used as the basis
of a "make *config" command, and there is no mention whatever of a
reachable config variable, the config process will stop and ask us
about it. am i right so far?

  this means that, once the kernel config process completes and the
.config file is generated, every single *available* and *settable*
kernel config option should be listed in the .config file, to avoid
being asked about it the next time we do a kernel configuration.

  oh, and about that "reachable" thing, we don't need a line regarding
every single kernel config setting, just the ones that are available
to be set given the current config settings. how am i doing so far?

  given all that, my understanding is that, when one is writing kernel
config fragments, it is necessary to explicitly deselect ("# ... is
not set") *only* those kernel config options that would be selected
based on other config settings we selected. do i have that right?

  for instance, here's kernel Kbuild file net/Kconfig:

(Continue reading)

Fabio Berton | 3 May 18:24 2016

npm class usage

Hi all!

I'm trying to install some recipes that use npm class and I have two questions.

1 - Why use S = "${WORKDIR}/npmpkg"? This not work for me.

2 - Using option --no-registry inside npm_do_compile task I get this error:

| npm ERR! Registry not defined and registry files not found:
| npm ERR!
| npm ERR! If you need help, you may report this error at:
| npm ERR!     <>
| npm ERR! Linux 3.18.0-trunk-amd64
| npm ERR! argv "/home/user/prj/build/tmp/sysroots/x86_64-linux/usr/bin/node"
"--arch=arm" "--production" "--no-registry" "install"
| npm ERR! node v4.4.1
| npm ERR! npm  v2.14.20

I found this issue and using
--cache-min 99999 instead of --no-registry this error doesn't appears and build works fine.

I noticed that nodejs recipe is using this patch
but seems not fix for me.

I'm missing something to use this class?



Openembedded-core mailing list