Joshua Lock | 4 May 12:48 2016
Picon

[krogoth][master][PATCH] qemu: updgrade to 2.5.1

This upgrade includes several worthwhile fixes, security and otherwise, including
a complete fix for CVE-2016-2857.

* drop CVE-2016-2857.patch as it's included in this release, along with several
  related patches which complete the fixes for CVE-2016-2857:
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=9bddb45dbc010cd8ee4d48bd501fa5d18dcec00c
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e3a2cdfcb5e282139217924044ec5af00c7f8eed
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fe90bdc25bcf9954ee286cd51de94776a17d04f6
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d0ee85b4e4c6cc2c8fac311d6df2ed412ed0df5f
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=80b6e5723fac428ea6c08c821078286f43975df8
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=a375e0b03ee3438924b24a45e61ee189ec9361db
* drop CVE-2016-2197.patch as an equivalent fix is included in this release
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=aaf4fb6afb4653c86059255811886a5c4ea271f3
* drop CVE-2016-1568.patch as it's included in this release
  http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f046a6ba1d558eb043dc13a80d40cf7cb62ef95

Signed-off-by: Joshua Lock <joshua.g.lock@...>
---
 .../recipes-devtools/qemu/qemu/CVE-2016-1568.patch | 46 -----------------
 .../recipes-devtools/qemu/qemu/CVE-2016-2197.patch | 59 ----------------------
 .../recipes-devtools/qemu/qemu/CVE-2016-2857.patch | 51 -------------------
 .../qemu/{qemu_2.5.0.bb => qemu_2.5.1.bb}          |  7 +--
 4 files changed, 2 insertions(+), 161 deletions(-)
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-1568.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-2197.patch
 delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2016-2857.patch
 rename meta/recipes-devtools/qemu/{qemu_2.5.0.bb => qemu_2.5.1.bb} (80%)

diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2016-1568.patch b/meta/recipes-devtools/qemu/qemu/CVE-2016-1568.patch
deleted file mode 100644
(Continue reading)

Ismo Puustinen | 4 May 12:35 2016
Picon
Gravatar

[PATCH] libpcre: Fix CVE-2016-3191

Fix workspace overflow for (*ACCEPT) with deeply nested parentheses.

The patch is from libpcre version control at
http://vcs.pcre.org/pcre?view=revision&revision=1631 with the ChangeLog
part removed. Original author is Philip Hazel.

Upstream-Status: Accepted [8.39]
CVE: CVE-2016-3191

Signed-off-by: Ismo Puustinen <ismo.puustinen@...>
---
 .../libpcre/libpcre/CVE-2016-3191.patch            | 147 +++++++++++++++++++++
 meta/recipes-support/libpcre/libpcre_8.38.bb       |   1 +
 2 files changed, 148 insertions(+)
 create mode 100644 meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch

diff --git a/meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch b/meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch
new file mode 100644
index 0000000..ebd950c
--- /dev/null
+++ b/meta/recipes-support/libpcre/libpcre/CVE-2016-3191.patch
 <at>  <at>  -0,0 +1,147  <at>  <at> 
+Index: pcre/pcre_internal.h
+===================================================================
+--- pcre/pcre_internal.h	(revision 1630)
++++ pcre/pcre_internal.h	(revision 1631)
+ <at>  <at>  -7,7 +7,7  <at>  <at> 
+ and semantics are as close as possible to those of the Perl 5 language.
+ 
+                        Written by Philip Hazel
(Continue reading)

Yuqing Zhu | 4 May 11:46 2016

[poky][PATCH] alsa-lib: Fix incorrect appl pointer when mmap_commit() returns error.

The appl pointer needs to be updated only when snd_pcm_mmap_commit() is
successfully returned. Or it shouldn't be updated.
This is to fix the avail_update()'s result is incorrect when returns error.

Signed-off-by: Yuqing Zhu <carol.zhu@...>
---
 ...fix-appl-pointer-not-correct-when-mmap_co.patch | 137 +++++++++++++++++++++
 meta/recipes-multimedia/alsa/alsa-lib_1.1.0.bb     |   1 +
 2 files changed, 138 insertions(+)
 create mode 100755 meta/recipes-multimedia/alsa/alsa-lib/0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch

diff --git
a/meta/recipes-multimedia/alsa/alsa-lib/0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch b/meta/recipes-multimedia/alsa/alsa-lib/0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch
new file mode 100755
index 0000000..9fd69f3
--- /dev/null
+++ b/meta/recipes-multimedia/alsa/alsa-lib/0001-pcm_plugin-fix-appl-pointer-not-correct-when-mmap_co.patch
 <at>  <at>  -0,0 +1,137  <at>  <at> 
+From 7c424edd116e76eee6218a1e9a6ff6c4daaf2a4d Mon Sep 17 00:00:00 2001
+From: Shengjiu Wang <shengjiu.wang@...>
+Date: Wed, 6 Apr 2016 19:02:12 +0800
+Subject: [PATCH] pcm_plugin: fix appl pointer not correct when mmap_commit()
+ return error
+
+When snd_pcm_mmap_commit() return error, the appl pointer is also updated.
+which cause the avail_update()'s result wrong.
+This patch move the snd_pcm_mmap_appl_forward() to the place when
+snd_pcm_mmap_commit() is successfully returned.
+
+Upstream-Status: Submitted [https://patchwork.kernel.org/patch/8760881/]
(Continue reading)

Joshua G Lock | 4 May 11:52 2016
Picon

Re: [master][krogoth][PATCH 1/2] qemu: Security fix CVE-2016-2857

Hi Armin,

On Thu, 2016-04-28 at 11:23 -0700, Armin Kuster wrote:
> From: Armin Kuster <akuster <at> mvista.com>
> 

I've been seeing:

"qemu: uncaught target signal 11 (Segmentation fault) - core dumped"

when trying to build gobject-introspection for qemux86 recently and
narrowed it down to this change, if I revert this patch the use of
qemu-native by gobject-introspection no longer causes a segmentation
fault.

Are we missing some related patches for this CVE fix? I haven't dug
into the details, but noticed that Fedora's CVE-2016-2857 diffstat[1]
is much larger than ours[2].

Regards,

Joshua

1. http://pkgs.fedoraproject.org/cgit/rpms/qemu.git/commit/?id=54cb1301
c61f0be7b96e343902bb09be081b34fe
2. http://git.openembedded.org/openembedded-core/commit/?id=d1b972a55c5
9a3f3336b3ebd309532dc204ea97b

> ---
>  .../recipes-devtools/qemu/qemu/CVE-2016-2857.patch | 51
(Continue reading)

Awais Belal | 4 May 11:11 2016
Gravatar

[[PATCH v2 1/2] mesa-demos: remove demos using obsolete screen surface

The mesa surface EGL_MESA_screen_surface was obsoleted
and then dropped from mesa some time ago. Drop demos
depending on this.

Signed-off-by: Awais Belal <awais_belal@...>
---
 ...dependant-on-obsolete-MESA_screen_surface.patch | 1592 ++++++++++++++++++++
 meta/recipes-graphics/mesa/mesa-demos_8.2.0.bb     |    1 +
 2 files changed, 1593 insertions(+)
 create mode 100644 meta/recipes-graphics/mesa/mesa-demos/0011-drop-demos-dependant-on-obsolete-MESA_screen_surface.patch

diff --git
a/meta/recipes-graphics/mesa/mesa-demos/0011-drop-demos-dependant-on-obsolete-MESA_screen_surface.patch b/meta/recipes-graphics/mesa/mesa-demos/0011-drop-demos-dependant-on-obsolete-MESA_screen_surface.patch
new file mode 100644
index 0000000..a2621ce
--- /dev/null
+++ b/meta/recipes-graphics/mesa/mesa-demos/0011-drop-demos-dependant-on-obsolete-MESA_screen_surface.patch
 <at>  <at>  -0,0 +1,1592  <at>  <at> 
+commit 74443c6ee79f3251f643ea05e94df58183e37d0d
+Author: Matt Turner <mattst88@...>
+Date:   Fri Aug 28 15:57:38 2015 -0700
+
+    egl: Remove demos using EGL_MESA_screen_surface.
+    
+    The remnants of the extension were removed from Mesa in commit 7a58262e.
+    
+    Reviewed-by: Andreas Boll <andreas.boll.dev@...>
+    Tested-by: Andreas Boll <andreas.boll.dev@...>
+    Reviewed-by: Marek Olšák <marek.olsak@...>
+
(Continue reading)

Maxin B. John | 4 May 10:20 2016
Picon

[PATCH 00/10] package version upgrades


Resending the package upgrades with -M1

Maxin B. John (10):
  acpid: upgrade to 2.0.27
  ethtool: upgrade to 4.5
  pkgconfig: update to version 0.29.1
  libtasn1: upgrade to 4.8
  bluez5: upgrade to 5.39
  mc: upgrade to 4.8.16
  orc: upgrade to 0.4.25
  harfbuzz: upgrade to 1.2.6
  sqlite3: upgrade to 3.12.2
  iproute2: upgrade to version 4.5.0

 .../acpid/acpid/0001-Fix-out-of-source-build.patch | 46 ----------
 meta/recipes-bsp/acpid/acpid_2.0.26.bb             |  9 --
 meta/recipes-bsp/acpid/acpid_2.0.27.bb             |  7 ++
 .../bluez5/{bluez5_5.37.bb => bluez5_5.39.bb}      |  4 +-
 .../iproute2/iproute2/iproute2-4.3.0-musl.patch    | 97 +++++++++-------------
 .../iproute2/iproute2-fix-building-with-musl.patch | 24 ------
 .../{iproute2_4.4.0.bb => iproute2_4.5.0.bb}       |  5 +-
 .../orc/{orc_0.4.24.bb => orc_0.4.25.bb}           |  4 +-
 meta/recipes-devtools/pkgconfig/pkgconfig_git.bb   |  4 +-
 .../ethtool/{ethtool_4.2.bb => ethtool_4.5.bb}     |  4 +-
 .../mc/{mc_4.8.15.bb => mc_4.8.16.bb}              |  4 +-
 .../{harfbuzz_1.2.3.bb => harfbuzz_1.2.6.bb}       |  4 +-
 .../gnutls/{libtasn1_4.7.bb => libtasn1_4.8.bb}    |  4 +-
 .../sqlite/sqlite3/fix-disable-static-shell.patch  | 61 --------------
 meta/recipes-support/sqlite/sqlite3_3.11.0.bb      | 11 ---
(Continue reading)

Armin Kuster | 4 May 01:46 2016
Picon

[master][krogoth][PATCH] openssl: Security fix via update to 1.0.2h

From: Armin Kuster <akuster@...>

CVE-2016-2105
CVE-2016-2106
CVE-2016-2109
CVE-2016-2176

https://www.openssl.org/news/secadv/20160503.txt

fixup openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch

drop crypto_use_bigint_in_x86-64_perl.patch as that fix is in latest.

Signed-off-by: Armin Kuster <akuster@...>
---
 ...oid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch | 14 +++++++-------
 .../openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb}       |  6 ++----
 2 files changed, 9 insertions(+), 11 deletions(-)
 rename meta/recipes-connectivity/openssl/{openssl_1.0.2g.bb => openssl_1.0.2h.bb} (91%)

diff --git
a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
index cebc8cf..f736e5c 100644
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
+++ b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-EVP_DigestInit_ex.patch
 <at>  <at>  -8,16 +8,16  <at>  <at>  http://www.mail-archive.com/openssl-dev-MCmKBN63+BlAfugRpC6u6w <at> public.gmane.org/msg32860.html

 Signed-off-by: Xufeng Zhang <xufeng.zhang@...>
 ---
-Index: openssl-1.0.2/crypto/evp/digest.c
(Continue reading)

Christopher Larson | 3 May 22:20 2016
Picon
Gravatar

[PATCH] image-live.bbclass: make the INITRD optional

From: Christopher Larson <chris_larson@...>

This aligns with image-vm, and makes sense for wic bootimg-efi images, which
don't actually want any of the live installer bits.

Signed-off-by: Christopher Larson <chris_larson@...>
---
 meta/classes/image-live.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/image-live.bbclass b/meta/classes/image-live.bbclass
index c8a8610..ea6ced2 100644
--- a/meta/classes/image-live.bbclass
+++ b/meta/classes/image-live.bbclass
 <at>  <at>  -56,7 +56,7  <at>  <at>  python() {
     if image_b == initrd_i:
         bb.error('INITRD_IMAGE_LIVE %s cannot use image live, hddimg or iso.' % initrd_i)
         bb.fatal('Check IMAGE_FSTYPES and INITRAMFS_FSTYPES settings.')
-    else:
+    elif initrd_i:
         d.appendVarFlag('do_bootimg', 'depends', ' %s:do_image_complete' % initrd_i)
 }

-- 
2.8.0

--

-- 
Otavio Salvador | 3 May 22:00 2016
Picon
Gravatar

[oe-core PATCH v2 0/7] Improve Xwayland integration

Up to now, to make Xwayland to work it required several manual hacks
and it was difficult to make an image which had support for it out of
box.

This patchset intends to set the base for it. It enables weston-init
to be extended to support Xwayland launch when needed.

There are still some issues to be done:

 - how to make Xwayland fit on the packagegroups?
 - does core-image.bbclass ought to include a xwayland feature?

Yet, this patchset seems good to be reviewed and possibly merged.

Changes in v2:
- Remove PAM requirement
- Remove PAM requirement
- Drop weston-lunch use as it requires PAM
- Move weston-start module to weston package
- Stop using weston-launch

Otavio Salvador (7):
  weston: Enable XWayland when X11 and Wayland support are available
  weston: Remove XWayland dependencies on PACKAGECONFIG
  weston-init: Rework do_install to use install -D option
  weston-init: Rework init sequence to avoid code duplication
  weston-init: Error out if loading a nested instance
  weston-init: Add module support for the weston-start helper
  weston: Add Xwayland initialization support using weston-start

(Continue reading)

Robert P. J. Day | 3 May 19:04 2016
Picon
Gravatar

clarifying details about "is not set" lines in kernel config fragment files


  oddly, in the current YP kernel dev manual, i don't see the phrase
"is not set" explained anywhere in the entire doc, which is weird
since it seems like it would be important.

  first, just to confirm *i* know what it's used for, it's not just a
comment -- it's used explicitly by the kernel config process to
stipulate that we are aware of a kernel config setting, and we don't
want it. that is, if we have a kernel .config file used as the basis
of a "make *config" command, and there is no mention whatever of a
reachable config variable, the config process will stop and ask us
about it. am i right so far?

  this means that, once the kernel config process completes and the
.config file is generated, every single *available* and *settable*
kernel config option should be listed in the .config file, to avoid
being asked about it the next time we do a kernel configuration.

  oh, and about that "reachable" thing, we don't need a line regarding
every single kernel config setting, just the ones that are available
to be set given the current config settings. how am i doing so far?

  given all that, my understanding is that, when one is writing kernel
config fragments, it is necessary to explicitly deselect ("# ... is
not set") *only* those kernel config options that would be selected
based on other config settings we selected. do i have that right?

  for instance, here's kernel Kbuild file net/Kconfig:

    ...
(Continue reading)

Fabio Berton | 3 May 18:24 2016
Picon

npm class usage

Hi all!

I'm trying to install some recipes that use npm class and I have two questions.

1 - Why use S = "${WORKDIR}/npmpkg"? This not work for me.

2 - Using option --no-registry inside npm_do_compile task I get this error:

| npm ERR! Registry not defined and registry files not found:
"/home/user/prj/build/tmp/work/all-linux-musleabi/gulp-cli/1.2.1-r0/npm_cache/noregistry/wreck/.cache.json",
"/home/user/prj/build/tmp/work/all-linux-musleabi/gulp-cli/1.2.1-r0/npm_cache/wreck/.cache.json".
| npm ERR!
| npm ERR! If you need help, you may report this error at:
| npm ERR!     <https://github.com/npm/npm/issues>
| npm ERR! Linux 3.18.0-trunk-amd64
| npm ERR! argv "/home/user/prj/build/tmp/sysroots/x86_64-linux/usr/bin/node"
"/home/user/prj/build/tmp/sysroots/x86_64-linux/usr/bin/npm"
"--arch=arm" "--production" "--no-registry" "install"
| npm ERR! node v4.4.1
| npm ERR! npm  v2.14.20

I found this issue https://github.com/npm/npm/issues/5509 and using
--cache-min 99999 instead of --no-registry this error doesn't appears and build works fine.

I noticed that nodejs recipe is using this patch https://github.com/bendaaron/meta-oe-dev/commit/3e02a40d689a7002547215473a00606d8213ce0c
but seems not fix for me.

I'm missing something to use this class?

Regards.

--

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@...
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Gmane