From: Sona Sarmadi
Fixes a denial of service in BIND.
An error in the parsing of incoming responses allows some
records with an incorrect class to be accepted by BIND
instead of being rejected as malformed. This can trigger
a REQUIRE assertion failure when those records are subsequently
cached.
From: Tudor Florea
Patch added to the repo wasn't actually considered due to a
erronously way of specifying the sources.
Signed-off-by: Tudor Florea
Signed-off-by: Armin Kuster
---
meta/recipes-core/glibc/glibc_2.20.bb | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/met
From: Sona Sarmadi
Fixes heap-based buffer overflow in xmlParseConditionalSections().
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/
?id=9b8512337d14c8ddf662fcb98b0135f225a1c489
Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=756456
Signed-off-by: Sona Sarmadi
Signed-of
From: Martin Jansa
* this is causing do_install to depend on KERNEL_IMAGE_BASE_NAME which
in some cases contains something like BUILD_NUMBER from CI, that
caused do_install to be reexecuted every single time, which is very
sad to be caused by unused variable.
* jethro and newer don't need t
From: Sona Sarmadi
Upstream bug (contains reproducer):
https://bugzilla.gnome.org/show_bug.cgi?id=756263
Upstream patch:
https://git.gnome.org/browse/libxml2/commit/?id=
ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
Signed-off-by: Tudor Florea
Signed-off-by: Sona Sarmadi
Signed-off-by: Armin Kuste
From: Sona Sarmadi
Fixes DoS when parsing specially crafted XML document
if XZ support is enabled.
References:
https://bugzilla.gnome.org/show_bug.cgi?id=757466
Upstream correction:
https://git.gnome.org/browse/libxml2/commit/?id=
f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
Signed-off-by: Tudor F
From: "Belal, Awais"
http://git.savannah.gnu.org/cgit/grub.git/commit/?id=451d80e52d851432e109771bb8febafca7a5f1f2
Signed-off-by: Awais Belal
Signed-off-by: Armin Kuster
---
...E-2015-8370-Grub2-user-pass-vulnerability.patch | 50 ++
meta/recipes-bsp/grub/grub-efi_2.00.bb
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1472
https://sourceware.org/ml/libc-alpha/2015-02/msg00119.html
http://openwall.com/lists/oss-security/2015/02/04/1
Reference to upstream fix:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;
h=5bd80bfe9ca0d955bfbbc0027
From: Martin Jansa
* we don't want the do_package signature depending on INHERIT variable
* e.g. just adding the own-mirrors causes texinfo to rebuild:
# bitbake-diffsigs BUILD/sstate-diff/*/*/texinfo/*do_package.sig*
basehash changed from 015df2fd8e396cc1e15622dbac843301 to
9f1d06c4f238c70a
From: Mike Crowe
TARGET_CPPFLAGS, TARGET_CFLAGS, TARGET_CPPFLAGS and TARGET_LDFLAGS may
differ between MACHINEs. Since they are exported they affect task hashes
even if unused which leads to multiple variants of allarch packages
existing in sstate and bouncing in the sysroot when switching betwee
From: Richard Purdie
Similiarly to the other previous changes, add a missing allarch package
dependency
for initramfs-framework on udev.
Signed-off-by: Richard Purdie
Signed-off-by: Armin Kuster
---
meta/conf/layer.conf | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/conf/layer.conf
From: Tudor Florea
CVE-2015-7696: Fixes a heap overflow triggered by unzipping a file with password
CVE-2015-7697: Fixes a denial of service with a file that never finishes
unzipping
References:
http://www.openwall.com/lists/oss-security/2015/10/11/5
https://cve.mitre.org/cgi-bin/cvename.cgi?na
From: Richard Purdie
These are dependencies that our allarch packages have in OE-Core that cause
those allarch packages to rebuild every time MACHINE changes.
With these changes, OE-Core allarch packages all have a common sstate
signatures and no longer rebuild.
(From OE-Core rev: 63bff90fa4fb4
From: Sona Sarmadi
Fixes heap-based buffer overflow flaw in grep.
Affected versions are: grep 2.19 through 2.21
Removed THANKS.in changes from upstream patch since this
file does not exist in version 2.19.
Replaced tab with spaces in SRC_URI as well.
Upstream fix:
http://git.sv.gnu.org/cgit/gre
From: Chen Qi
BUILDNAME is set by cooker as a string of current time. Letting do_rootfs
task depend on this variable gets us no benefit. Besides, letting do_rootfs
task depend on this variable will cause us trouble when executing
`bitbake -S none core-image-minimal'. With current code, this comma
From: Sona Sarmadi
Fixes following vulnerabilities:
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
X509_ATTRIBUTE memory leak (CVE-2015-3195)
References:
https://openssl.org/news/secadv/20151203.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3194
http://cve.mitre
From: Sergiy Kibrik
Add check_libattr.patch to version 3.1.0 recipe, which checks
and includes libattr to linker, otherwise rsync may fail to build
with linker error below (as -lattr option gets omitted):
[..]
lib/sysxattrs.o: undefined reference to symbol 'llistxattr@@ATTR_1.0'
[..]/lib/libattr
From: Armin Kuster
three security fixes.
CVE-2015-6563 (Low) openssh: Privilege separation weakness related to PAM
support
CVE-2015-6564 (medium) openssh: Use-after-free bug related to PAM support
CVE-2015-6565 (High) openssh: Incorrectly set TTYs to be world-writable
(From OE-Core rev: 259d
From: Martin Jansa
* this can be useful for passing extra parameters, pass
-v by default to see what's going on in do_rootfs
* we need to use this for extra parameter we implemented
in fontconfig:
--ignore-mtime always use cache file regardless of font directory mtime
because the checksum
From: Sona Sarmadi
_asn1_extract_der_octet: prevent past of boundary access
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3622
http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=patch;
h=f979435823a02f842c41d49cd41cc81f25b5d677
Signed-off-by: Sona Sarmadi
Signed-off-by:
Please consider these changes for dizzy-next community support.
The following changes since commit 6d34267e0a13e10ab91b60590b27a2b5ba3b7da6:
documentation: Changed some 'intro' tags to resolve multiple mega-manual
warnings. (2015-11-18 16:44:05 +)
are available in the git repository at:
Hi,
I don't have the env to test the patch anymore.
However, I have a question on this patch. I inline the comment in the code
here, below the related lines:
2016-01-07 21:07 GMT+01:00 :
> From: Mariano Lopez
>
> This patch changes the use list_pkgs() instead of list()
> from class RpmPkgsList
On Fri, Jan 8, 2016 at 10:22 AM, Richard Purdie
wrote:
> xz gives better compression results than bzip/gz but is often slower.
> Using parallel compression mitigates this somewhat and is particularly
> useful for the SDK.
I have proposed another tool called pxz back in Sept last year
http://lists
xz compresses with a better compression ratio than gz with similar speed
for compression and decompression. It therefore makes sense to switch
to it for the sstate objects.
As an example, the gcc-cross populate_sysroot object goes from
79,509,871 to 53,031,752 bytes which is a significant improvem
Times change and xz is becoming the defacto compression format and
utility. Adapt to the times and assume that the system provides xz.
This leads into us being able to use xz for sstate instead of gzip.
Signed-off-by: Richard Purdie
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity
1. The Cantarell font typeface is designed as a
contemporary Humanist sans serif, and was developed for
on-screen reading; in particular, reading web pages on an
HTC Dream mobile phone.
2. Pango test case (test-layout.test) requires cantarell-font
typeface. This test case uses 'Cantar
Pango test case (test-layout.test) requires cantarell-font
typeface. This test case uses 'Cantarell 11' font type.
Test result after this change on qemux86:
-- snip --
root@qemux86:/usr/lib/pango/ptest# ./run-ptest
Running test: pango/testboundaries_ucd.test
/text/break/grapheme: Testing
/usr/lib/
On 9 January 2016 at 09:23, Khem Raj wrote:
> I have pushed a fix for this to pull branch as well here
>
> https://github.com/kraj/openembedded-core/commit/db21a7a31e9c37f7c2dd0a914599d7b3467ae2d9
>
Awesome, thanks Khem.
Ross
--
___
Openembedded-core
On 9 January 2016 at 03:27, Andre McCurdy wrote:
> For patches which fix 'correctness' issues uncovered by musl maybe
> it's better to apply the patches unconditionally, so they get some
> test cover from non-musl builds?
>
> Especially true in this case - see below.
>
Agreed. Patches should onl
On Fri, Jan 8, 2016 at 6:53 AM, Burton, Ross wrote:
>
> On 8 January 2016 at 14:00, Burton, Ross wrote:
>>
>> Hm, for some reason, this doesn't work for me.
>>
>> Lots and lots of "files installed but not packaged", all locales. eg
>> /usr/lib/locale/hu/LC_MESSAGES/glib20.mo in glib-2.0.
>
>
> S
On Fri, Jan 8, 2016 at 10:34 AM, Khem Raj wrote:
> On Fri, Jan 8, 2016 at 10:29 AM, Burton, Ross wrote:
>>
>> On 8 January 2016 at 17:43, Khem Raj wrote:
>>>
>>> systemd does not work with musl. I have patches in my tree to fix the
>>> build but then it does not run :(. musl and systemd has diff
On Fri, Jan 8, 2016 at 11:43 PM, Khem Raj wrote:
> On Fri, Jan 8, 2016 at 7:27 PM, Andre McCurdy wrote:
>>> +diff -Naur DirectFB-1.7.6.orig/lib/direct/os/linux/glibc/mutex.h
>>> DirectFB-1.7.6/lib/direct/os/linux/glibc/mutex.h
>>> +--- DirectFB-1.7.6.orig/lib/direct/os/linux/glibc/mutex.h 2
32 matches
Mail list logo
