Backport upstream patch to fix NULL pointer dereference and process
crash in libresolv. (CVE-2015-5180)
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-core/glibc/glibc/CVE-2015-5180.patch | 136 ++
meta/recipes-core/glibc/glibc_2
CVE: CVE-2017-7210
[BZ 21157] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21157
PR binutils/21157: Fix handling of corrupt STABS enum type strings.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/binutils/binutils-2.27.inc | 1 +
.../bi
CVE: CVE-2017-6969
[BZ 21156] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21156
PR binutils/21156: Fix illegal memory accesses in readelf when
ing a corrupt binary.
PR binutils/21156: Fix another memory access error in readelf when
parsing a corrupt binary.
Signed-off-by: Yuanjie Huang
CVE: CVE-2017-7209
[BZ 21135] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21135
PR binutils/21135: Fix invalid read of section contents whilst
processing
a corrupt binary.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/binutils/binutils-2.
CVE: CVE-2017-7210
[BZ 21157] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21157
PR binutils/21157: Fix handling of corrupt STABS enum type strings.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/binutils/binutils-2.28.inc | 1 +
.../bi
CVE: CVE-2017-7209
[BZ 21135] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21135
PR binutils/21135: Fix invalid read of section contents whilst processing
a corrupt binary.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/binutils/binutils-2.
CVE: CVE-2017-6969
[BZ 21156] -- https://sourceware.org/bugzilla/show_bug.cgi?id=21156
PR binutils/21156: Fix illegal memory accesses in readelf when
ing a corrupt binary.
PR binutils/21156: Fix another memory access error in readelf when
parsing a corrupt binary.
Signed-off-by: Yuanjie Huang
indicies.
+
+CVE: CVE-2017-6969
+Upstream-Status: Backport [master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
+---
+ binutils/ChangeLog | 6 ++
+ binutils/readelf.c | 10 --
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/binutils/ChangeLog
pt binary.
+
+ PR binutils/21156
+ * readelf.c (find_section_in_set): Test for invalid section
+ indicies.
+
+CVE: CVE-2017-6969
+Upstream-Status: Backport [master]
+
+Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
+---
+ binutils/ChangeLog | 6 ++
+ binuti
On 04/11/2017 03:28 PM, Richard Purdie wrote:
On Tue, 2017-04-11 at 14:18 +0800, Yuanjie Huang wrote:
On 04/11/2017 06:10 AM, Richard Purdie wrote:
On Mon, 2017-04-10 at 03:34 -0700, Yuanjie Huang wrote:
meta/recipes-devtools/binutils/binutils-2.27.inc
Given master contains 2.28, I don't
is NULL, discard all saved state.
(apply_relocations): Pass num_syms to target_specific_reloc_handling.
Call target_specific_reloc_handling with a NULL reloc pointer
after processing all of the relocs.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
On 04/11/2017 06:10 AM, Richard Purdie wrote:
On Mon, 2017-04-10 at 03:34 -0700, Yuanjie Huang wrote:
meta/recipes-devtools/binutils/binutils-2.27.inc
Given master contains 2.28, I don't think this patch was based on or
tested against master?
Not yet, I will work on that, and will send
is NULL, discard all saved state.
(apply_relocations): Pass num_syms to target_specific_reloc_handling.
Call target_specific_reloc_handling with a NULL reloc pointer
after processing all of the relocs.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
.
(apply_relocations): Pass num_syms to target_specific_reloc_handling.
Call target_specific_reloc_handling with a NULL reloc pointer
after processing all of the relocs.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/binutils/binutil
ithout issue.
For a detailed discussion see:
https://www.sourceware.org/ml/libc-alpha/2017-01/msg00505.html
(cherry-picked from commit f8bf15febcaf137bbec5a61101e88cd5a9d56ca8)
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
...0116-Fix-use-after-free-in-pthread_create
of
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@239143
138bc75d-0d04-0410-961f-82ee72b054a4
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/gcc/gcc-5.4.inc | 1 +
.../gcc/gcc-5.4/CVE-2016-6131.patch| 251 +++
of
git-svn-id: svn+ssh://gcc.gnu.org/svn/gcc/trunk@239143
138bc75d-0d04-0410-961f-82ee72b054a4
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/gcc/gcc-5.4.inc | 1 +
.../gcc/gcc-5.4/CVE-2016-6131.patch| 251 +++
is issue sometimes won't break compiler, since gcc also searches paths
calculated with OS multilib directories beside multilib directories .
This patch resolve the problem by reading TARGET_SYS from a localdata
environment with proper multilib overrides.
Signed-off-by: Yuanjie Huang <yuanjie.hu
is issue sometimes won't break compiler, since gcc also searches paths
calculated with OS multilib directories beside multilib directories .
This patch resolve the problem by reading TARGET_SYS from a localdata
environment with proper multilib overrides.
Signed-off-by: Yuanjie Huang <yuanjie.hu
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
The multilib symbol links are created for gcc to locate libgcc files.
Its source path contains TARGET_SYS of multilib libgcc. However, a
multilib's TARGET_SYS is not generated correctly all the time now.
For example,
MACHINE = "
On 11/23/2016 11:38 AM, Khem Raj wrote:
are they regenerating code during configure ?
No, code is generated during compilation. Corresponding c files are not
included in git repo, so these files are always compiled from flex/bison
source files.
On Nov 22, 2016, at 7:22 PM, Yuanjie Huang
Huang <yuanjie.hu...@windriver.com> wrote:
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
Some source code of gdb is generated with flex or bison. Make both
dependencies, to avoid compilation failure on host without them.
can you find out which parts those are ? what is it
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
Some source code of gdb is generated with flex or bison. Make both
dependencies, to avoid compilation failure on host without them.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/gdb/gdb-cross.i
Warn system directories requires a configuration option to be enabled.
This patch enables the warning for cross-canadian ld, to align with the
cross version.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/binutils/binutils-cross-canadian.inc | 1 +
The generated parser contains huge hunks of code actually shipped with
bison, so I think we should also expect some semantic difference.
Yuanjie
On 10/11/2016 05:17 PM, Burton, Ross wrote:
On 11 October 2016 at 09:37, Mark Hatle >
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
Source file plural.c might be updated with bison from plural.y, touch it
before applying patches so that this file is consistent across builds.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-core/glibc/g
Hi Ross,
Is it recommended practice to remove libtool .la files for oe-core when
some issue pops? If yes, I would withdraw and prepare a new patch that
complies with the practice.
Thanks,
Yuanjie
On 09/21/2016 05:01 PM, Burton, Ross wrote:
On 21 September 2016 at 02:46, Yuanjie Huang
Thanks, commit message revised.
Best,
Yuanjie
On 09/20/2016 09:35 PM, Burton, Ross wrote:
On 20 September 2016 at 10:19, Yuanjie Huang
<yuanjie.hu...@windriver.com <mailto:yuanjie.hu...@windriver.com>> wrote:
Upstream-Status: Inappropriate [embedded specific]
On 09/21/2016 04:48 AM, Khem Raj wrote:
On Tue, Sep 20, 2016 at 2:19 AM, Yuanjie Huang
<yuanjie.hu...@windriver.com> wrote:
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
Since libtool sysroot is not set when compiling sanitizers, the libtool
does no prefix the dependency pa
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
Since libtool sysroot is not set when compiling sanitizers, the libtool
does no prefix the dependency path correctly. Fix it, so that programs
can link to sanitizer libraries without error.
This patch changes the depenedency_lib
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
Pointer arithmatic results in implementation defined signed integer
type, so that 's - src' in strlcpy and others may trigger signed overflow.
In case of compilation by gcc or clang with -ftrapv option, the overflow
would lead to program
Hi Kyle,
The fix_cross_compile.patch is related when we pass the sysroot or
libdir to mklibs, in such case it is wrong to call dpkg-architecture as
info on build machine instead of target will be returned.
Thanks,
Yuanjie
On 05/12/2016 04:00 AM, Kyle Russell wrote:
++if sysroot != ""
: Backport [2.23]
(cherry-picked from commit bae7c7c7, 4bd228c8)
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-core/glibc/glibc/CVE-2015-8778.patch | 199 ++
meta/recipes-core/glibc/glibc_2.22.bb | 1 +
2 files changed, 200 inse
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
According to http://seclists.org/oss-sec/2016/q1/153
CVE-2015-8777: LD_POINTER_GUARD was an environment variable which controls
security-related behavior, but was not ignored for privileged binaries (in
AT_SECURE mode). This might allow
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
According to http://seclists.org/oss-sec/2016/q1/153
CVE-2015-8777
LD_POINTER_GUARD was an environment variable which controls
security-related behavior, but was not ignored for privileged binaries
(in AT_SECURE mode). This might allow
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
BZ#19048 malloc: arena free list can become cyclic, increasing
contention
When a thread leaves, arena_thread_freeres is called, the malloc
arena associated with the thread is added to the head of free_list,
and free_list set to the
and db6's header.
Signed-off-by: Yuanjie Huang <yuanjie.hu...@windriver.com>
---
meta/recipes-devtools/rpm/rpm/rpm-db5-or-db6.patch | 95 +-
1 file changed, 55 insertions(+), 40 deletions(-)
diff --git a/meta/recipes-devtools/rpm/rpm/rpm-db5-or-db6.patch
b/meta/recipes-de
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
The std::random_device class in libstdc++ in the GNU Compiler Collection
(aka GCC) before 4.9.4 does not properly handle short reads from
blocking sources, which makes it easier for context-dependent attackers
to predict the random valu
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
When a project is configure to use sstate cache and has the host tool sysroot
cleaned, gcc-cross-initial may fail to be configured due to lack of
gnu-configize tool.
gcc-cross-initial recipe has autotools dependency inhibited, and the sam
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
When a project is configure to use sstate cache and has the host tool sysroot
cleaned, gcc-cross-initial may fail to be configured due to lack of
gnu-configize tool.
gcc-cross-initial recipe has autotools dependency inhibited, and the sam
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
When a project is configure to use sstate cache and has the host tool sysroot
cleaned, gcc-cross-initial may fail to be configured due to lack of
gnu-configize tool.
gcc-cross-initial recipe has autotools dependency inhibited, and the sam
From: Yuanjie Huang <yuanjie.hu...@windriver.com>
The ccargs obtained from get_tune_parameters may not be fully expanded,
so that the gcc_multilib_setup function can be confused, and generates
invalid MULTILIB_OPTIONS in GCC Makefile fragment, which will break the
multilib feature of targ
From: Yuanjie Huang yuanjie.hu...@windriver.com
ldconfig-native was grepped from an old version of glibc, and its output
lacks neccessary 64bit flag in entries.
Due to this defect, ctypes.util.find_library() python function fails to
detect any library due to the old file format that ldconfig
From: Yuanjie Huang yuanjie.hu...@windriver.com
ldconfig-native was grepped from an old version of glibc, and its output
lacks neccessary 64bit flag in entries.
Due to this defect, ctypes.util.find_library() python function fails to
detect any library due to the old file format that ldconfig
From: Yuanjie Huang yuanjie.hu...@windriver.com
ldconfig-native was grepped from an old version of glibc, and its output
lacks neccessary 64bit flag in entries.
Due to this defect, ctypes.util.find_library() python function fails to
detect any library due to the old file format that ldconfig
From: Yuanjie Huang yuanjie.hu...@windriver.com
ldconfig-native was grepped from an old version of glibc, and its output
lacks neccessary 64bit flag in entries.
Due to this defect, ctypes.util.find_library() python function fails to
detect any library due to the old file format that ldconfig
46 matches
Mail list logo