On 14 June 2016 at 11:14, Jussi Kukkonen <jussi.kukko...@intel.com > <mailto:jussi.kukko...@intel.com>> wrote: > > * License change LGPL 2.0 -> LGPL 2.1+ > * vte-termcap is no more > * API break: current version seems to be parallel installable > with old one, but I did not opt for that. > * Add patch to avoid stack protection by default > * Add SECURITY_NO_PIE_CFLAGS exception until linking failure with > libc_nonshared.a is resolved (undefined reference to > __init_array_start) > > > Just found out Khem has worked around a similar problem with > libtool-cross already: I've modified this patch so > that SECURITY_NO_PIE_CFLAGS is no longer used, but instead libtool-cross > is used: > > +# libtool adds "-nostdlib" when g++ is used. This breaks PIE builds. > +# Use libtool-cross (which has a hack to prevent that) instead. > +EXTRA_OEMAKE_class-target = > "LIBTOOL=${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool" > > - Jussi
Just a heads up this this breaks xfce4-terminal. There is currently no xfce4-terminal release which will function with vte api 2.91, only ongoing work on their master branch as far as I can tell. I have no idea how far reaching the effects of this change will be on xfce. Before I spend any time on this is this something which folks are aware of and is there a plan in place? Is there a possibility to keep the older vte around? Thanks, Mark > > > Signed-off-by: Jussi Kukkonen <jussi.kukko...@intel.com > <mailto:jussi.kukko...@intel.com>> > --- > meta/conf/distro/include/security_flags.inc | 2 + > .../vte/vte-0.28.2/cve-2012-2738.patch | 136 > --------------------- > .../vte/vte-0.28.2/obsolete_automake_macros.patch | 14 --- > meta/recipes-support/vte/vte.inc | 15 --- > ...-Don-t-enable-stack-protection-by-default.patch | 29 +++++ > meta/recipes-support/vte/vte_0.28.2.bb <http://vte_0.28.2.bb> > > | 16 --- > > meta/recipes-support/vte/vte_0.44.1.bb <http://vte_0.44.1.bb> > > | 24 ++++ > > 7 files changed, 55 insertions(+), 181 deletions(-) > delete mode 100644 > meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch > delete mode 100644 > meta/recipes-support/vte/vte-0.28.2/obsolete_automake_macros.patch > delete mode 100644 meta/recipes-support/vte/vte.inc > create mode 100644 > > meta/recipes-support/vte/vte/0001-Don-t-enable-stack-protection-by-default. > patch delete mode 100644 meta/recipes-support/vte/vte_0.28.2.bb > <http://vte_0.28.2.bb> > create mode 100644 meta/recipes-support/vte/vte_0.44.1.bb > <http://vte_0.44.1.bb> > > diff --git a/meta/conf/distro/include/security_flags.inc > b/meta/conf/distro/include/security_flags.inc > index ea1d4e5..0df65e0 100644 > --- a/meta/conf/distro/include/security_flags.inc > +++ b/meta/conf/distro/include/security_flags.inc > @@ -95,6 +95,8 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}" > SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}" > SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}" > > +SECURITY_CFLAGS_pn-vte = "${SECURITY_NO_PIE_CFLAGS}" > + > # Recipes which fail to compile when elevating -Wformat-security > to an error > SECURITY_STRINGFORMAT_pn-busybox = "" > SECURITY_STRINGFORMAT_pn-console-tools = "" > diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch > b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch > deleted file mode 100644 > index 9b99803..0000000 > --- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch > +++ /dev/null > @@ -1,136 +0,0 @@ > -Upstream-Status: Backport > -CVE: CVE-2012-2738 > -Signed-off-by: Ross Burton <ross.bur...@intel.com > <mailto:ross.bur...@intel.com>> > - > -From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001 > -From: Christian Persch <c...@gnome.org -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
