[OE-core] [PATCH] python: fix CVE-2016-1000110
From: Mingli YuBackport patch to fix CVE-2016-1000110 from python upstream: for python2.7 https://hg.python.org/cpython/rev/ba915d561667/ for python3 https://hg.python.org/cpython/rev/a0ac52ed8f79 Signed-off-by: Mingli Yu --- .../python/python-fix-CVE-2016-1000110.patch | 162 + .../python3/python3-fix-CVE-2016-1000110.patch | 148 +++ meta/recipes-devtools/python/python3_3.5.2.bb | 1 + meta/recipes-devtools/python/python_2.7.12.bb | 1 + 4 files changed, 312 insertions(+) create mode 100644 meta/recipes-devtools/python/python/python-fix-CVE-2016-1000110.patch create mode 100644 meta/recipes-devtools/python/python3/python3-fix-CVE-2016-1000110.patch diff --git a/meta/recipes-devtools/python/python/python-fix-CVE-2016-1000110.patch b/meta/recipes-devtools/python/python/python-fix-CVE-2016-1000110.patch new file mode 100644 index 000..97888e2 --- /dev/null +++ b/meta/recipes-devtools/python/python/python-fix-CVE-2016-1000110.patch @@ -0,0 +1,162 @@ +From cb25fbd5abc0f4eb07dbb8ea819e9c26bda4fc99 Mon Sep 17 00:00:00 2001 +From: Senthil Kumaran +Date: Sat, 30 Jul 2016 05:49:53 -0700 +Subject: [PATCH] python: fix CVE-2016-1000110 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Prevent HTTPoxy attack (CVE-2016-1000110) + +Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which +indicates that the script is in CGI mode. + +Issue reported and patch contributed by RĂ©mi Rampin. + +Backport patch from https://hg.python.org/cpython/rev/ba915d561667/ + +Upstream-Status: Backport +CVE: CVE-2016-1000110 +Signed-off-by: Mingli Yu +--- + Doc/howto/urllib2.rst | 5 + + Doc/library/urllib.rst | 10 ++ + Doc/library/urllib2.rst | 5 + + Lib/test/test_urllib.py | 12 + Lib/urllib.py | 9 + + Misc/ACKS | 1 + + Misc/NEWS | 4 + 7 files changed, 46 insertions(+) + +diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst +index 6bb06d4..5cf2c0c 100644 +--- a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst +@@ -525,6 +525,11 @@ setting up a `Basic Authentication`_ handler: :: + through a proxy. However, this can be enabled by extending urllib2 as + shown in the recipe [#]_. + ++.. note:: ++ ++``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; see ++the documentation on :func:`~urllib.getproxies`. ++ + + Sockets and Layers + == +diff --git a/Doc/library/urllib.rst b/Doc/library/urllib.rst +index 3b5dc16..bddcba9 100644 +--- a/Doc/library/urllib.rst b/Doc/library/urllib.rst +@@ -295,6 +295,16 @@ Utility functions +If both lowercase and uppercase environment variables exist (and disagree), +lowercase is preferred. + ++.. note:: ++ ++If the environment variable ``REQUEST_METHOD`` is set, which usually ++indicates your script is running in a CGI environment, the environment ++variable ``HTTP_PROXY`` (uppercase ``_PROXY``) will be ignored. This is ++because that variable can be injected by a client using the "Proxy:" ++HTTP header. If you need to use an HTTP proxy in a CGI environment, ++either use ``ProxyHandler`` explicitly, or make sure the variable name ++is in lowercase (or at least the ``_proxy`` suffix). ++ + .. note:: + urllib also exposes certain utility functions like splittype, splithost and + others parsing URL into various components. But it is recommended to use +diff --git a/Doc/library/urllib2.rst b/Doc/library/urllib2.rst +index 8a4c80e..b808b98 100644 +--- a/Doc/library/urllib2.rst b/Doc/library/urllib2.rst +@@ -229,6 +229,11 @@ The following classes are provided: + +To disable autodetected proxy pass an empty dictionary. + ++.. note:: ++ ++ ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; ++ see the documentation on :func:`~urllib.getproxies`. ++ + + .. class:: HTTPPasswordMgr() + +diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py +index 434d533..27a1d38 100644 +--- a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py +@@ -170,6 +170,18 @@ class ProxyTests(unittest.TestCase): + self.assertTrue(urllib.proxy_bypass_environment('anotherdomain.com:')) + self.assertTrue(urllib.proxy_bypass_environment('newdomain.com:1234')) + ++def test_proxy_cgi_ignore(self): ++try: ++self.env.set('HTTP_PROXY', 'http://somewhere:3128') ++proxies = urllib.getproxies_environment() ++self.assertEqual('http://somewhere:3128', proxies['http']) ++self.env.set('REQUEST_METHOD', 'GET') ++proxies = urllib.getproxies_environment() ++self.assertNotIn('http', proxies) ++finally: ++
Re: [OE-core] [PATCH 00/60] krogoth-next staged
On 09/24/2016 07:48 AM, Ian Geiser wrote: > I think the systemd change may have broken something. It looks like it is > running a useradd with no arguments other than the root. Now I see the > following error in krogoth: > I appears to be caused by http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=krogoth=66a4366e8fb4077a375e71c2169f3307254a36aa. Master did not show this issue. - armin > from > "tmp-glibc/work/i586-oe-linux/systemd/1_229+gitAUTOINC+714c62b463-r0/temp/log.do_install" > > DEBUG: SITE files ['endian-little', 'bit-32', 'ix86-common', 'common-linux', > 'common-glibc', 'i586-linux', 'common'] > DEBUG: Executing shell function useradd_sysroot > Running groupadd commands... > NOTE: systemd: Performing groupadd with [--root > /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified -r lock] > NOTE: systemd: Performing groupadd with [--root > /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified -r systemd-journal] > NOTE: systemd: group systemd-journal already exists, not re-creating it > Running useradd commands... > NOTE: systemd: Performing useradd with [--root > /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified --system -d / -M > --shell /bin/nologin systemd-timesync] > NOTE: systemd: Performing useradd with [--root > /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified] > Usage: useradd [options] LOGIN >useradd -D >useradd -D [options] > > Options: > -b, --base-dir BASE_DIR base directory for the home directory of the > new account > -c, --comment COMMENT GECOS field of the new account > -d, --home-dir HOME_DIR home directory of the new account > -D, --defaultsprint or change default useradd configuration > -e, --expiredate EXPIRE_DATE expiration date of the new account > -f, --inactive INACTIVE password inactivity period of the new account > -g, --gid GROUP name or ID of the primary group of the new > account > -G, --groups GROUPS list of supplementary groups of the new > account > -h, --helpdisplay this help message and exit > -k, --skel SKEL_DIR use this alternative skeleton directory > -K, --key KEY=VALUE override /etc/login.defs defaults > -l, --no-log-init do not add the user to the lastlog and > faillog databases > -m, --create-home create the user's home directory > -M, --no-create-home do not create the user's home directory > -N, --no-user-group do not create a group with the same name as > the user > -o, --non-unique allow to create users with duplicate > (non-unique) UID > -p, --password PASSWORD encrypted password of the new account > -P, --clear-password PASSWORD clear password of the new account > -r, --system create a system account > -R, --root CHROOT_DIR directory to chroot into > -s, --shell SHELL login shell of the new account > -u, --uid UID user ID of the new account > -U, --user-group create a group with the same name as the user > > WARNING: > /mnt/bitbake/build/detos/tmp-glibc/work/i586-oe-linux/systemd/1_229+gitAUTOINC+714c62b463-r0/temp/run.useradd_sysroot.31611:1 > exit 1 from 'exit 1' > ERROR: systemd: useradd command did not succeed. > > -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 0/1] meta-environment: ensure corret TOOLCHAIN_CONFIGSITE_NOCACHE value
The following changes since commit ae5073c4abd8935c01d14d3e6395124f815bd10b: arch-mips: Add mips64-o32 tunes (2016-09-23 18:06:10 +0100) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib ChenQi/meta-environment http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=ChenQi/meta-environment Chen Qi (1): meta-environment: ensure corret TOOLCHAIN_CONFIGSITE_NOCACHE value meta/recipes-core/meta/meta-environment.bb | 2 ++ 1 file changed, 2 insertions(+) -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 1/1] meta-environment: ensure corret TOOLCHAIN_CONFIGSITE_NOCACHE value
Expand TOOLCHAIN_CONFIGSITE_NOCACHE value immediately before inheriting cross-canadian to avoid HOST_ARCH being changed from TARGET_ARCH to SDK_ARCH, thus ensuring its correct value. [YOCTO #10255] Signed-off-by: Chen Qi--- meta/recipes-core/meta/meta-environment.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-core/meta/meta-environment.bb b/meta/recipes-core/meta/meta-environment.bb index 49d45f6..d9e045f 100644 --- a/meta/recipes-core/meta/meta-environment.bb +++ b/meta/recipes-core/meta/meta-environment.bb @@ -12,6 +12,8 @@ REAL_MULTIMACH_TARGET_SYS = "${TUNE_PKGARCH}${TARGET_VENDOR}-${TARGET_OS}" inherit toolchain-scripts TOOLCHAIN_NEED_CONFIGSITE_CACHE_append = " zlib" +# Need to expand here before cross-candian changes HOST_ARCH -> SDK_ARCH +TOOLCHAIN_CONFIGSITE_NOCACHE := "${TOOLCHAIN_CONFIGSITE_NOCACHE}" SDK_DIR = "${WORKDIR}/sdk" SDK_OUTPUT = "${SDK_DIR}/image" -- 1.9.1 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 1/1] toolchain-script: use immediate expansion for TOOLCHAIN_CONFIGSITE_NOCACHE
On 09/23/2016 10:37 PM, Richard Purdie wrote: On Fri, 2016-09-23 at 16:30 +0800, Chen Qi wrote: Use immediate expansion for the assignment to avoid other classes modifying variables like HOST_ARCH which changes the result. This happens in the meta-environment recipe. It inherits cross-canadian which changes HOST_ARCH from TARGET_ARCH to SDK_ARCH, resulting in wrong site config files in the generated SDK. [YOCTO #10255] Signed-off-by: Chen Qi--- meta/classes/toolchain-scripts.bbclass | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) I've not merged this as yet since I worry that this is something we'd easily break again. It all depends which order classes are included and moving the cross-canadian inherit in meta-environment would break this even with immediate expansion. I think the best way to fix this might be to change the meta- environment to add: # Need to expand here before cross-candian changes HOST_ARCH -> SDK_ARCH TOOLCHAIN_CONFIGSITE_NOCACHE := "${TOOLCHAIN_CONFIGSITE_NOCACHE}" before it inherits cross-candian, then the problem is explicitly recorded and worked around. Cheers, Richard Thanks a lot. I've verified this solution. A new patch has been sent out. Best Regards, Chen Qi -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 0/9] Jethro pull request
Hi, > -Original Message- > From: openembedded-core-boun...@lists.openembedded.org > [mailto:openembedded-core-boun...@lists.openembedded.org] On Behalf Of > Armin Kuster > Sent: Sunday, September 25, 2016 11:05 PM > To: akus...@mvista.com; openembedded-core@lists.openembedded.org > Subject: [OE-core] [PATCH 0/9] Jethro pull request > > Please consider these changes for Jethro > > The following changes since commit > c9c85df86cd2270b144fa824ef76adedd3636c8a: > > util-linux: Security fix for CVE-2016-5011 (2016-09-23 23:21:43 +0100) > > are available in the git repository at: > > git://git.openembedded.org/openembedded-core-contrib akuster/jethro-next > http://cgit.openembedded.org/cgit.cgi/openembedded-core- > contrib/log/?h=akuster/jethro-next > > Armin Kuster (9): > openssl: Security fix CVE-2016-2180 > openssl: Security fix CVE-2016-8181 > openssl: Security fix CVE-2016-2182 > openssl: Security fix CVE-2016-6304 I think there's a typo here. Shouldn't this be CVE-2016-6302? > openssl: Security fix CVE-2016-6303 > openssl: Security fix CVE-2016-6304 > openssl: Security fix CVE-2016-6303 And, this CVE-2016-6306? > tzdata: update to 2016f > tzcode-native: update to 2016f > > .../openssl/openssl/CVE-2016-2180.patch| 44 > .../openssl/openssl/CVE-2016-2181_p1.patch | 91 > .../openssl/openssl/CVE-2016-2181_p2.patch | 239 > + > .../openssl/openssl/CVE-2016-2181_p3.patch | 30 +++ > .../openssl/openssl/CVE-2016-2182.patch| 70 ++ > .../openssl/openssl/CVE-2016-6302.patch| 53 + > .../openssl/openssl/CVE-2016-6303.patch| 36 > .../openssl/openssl/CVE-2016-6304.patch| 75 +++ > .../openssl/openssl/CVE-2016-6306.patch| 71 ++ > .../recipes-connectivity/openssl/openssl_1.0.2h.bb | 9 + > ...code-native_2016e.bb => tzcode-native_2016f.bb} | 8 +- > .../tzdata/{tzdata_2016e.bb => tzdata_2016f.bb}| 4 +- > 12 files changed, 724 insertions(+), 6 deletions(-) > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016- > 2180.patch > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016- > 2181_p1.patch > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016- > 2181_p2.patch > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016- > 2181_p3.patch > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016- > 2182.patch > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016- > 6302.patch > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016- > 6303.patch > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016- > 6304.patch > create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016- > 6306.patch > rename meta/recipes-extended/tzcode/{tzcode-native_2016e.bb => tzcode- > native_2016f.bb} (68%) > rename meta/recipes-extended/tzdata/{tzdata_2016e.bb => tzdata_2016f.bb} > (98%) > > -- > 2.7.4 > > -- > ___ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH] gst-player: Disable visualizations
On some machines, visualizations in gst-player trigger a bug in xvimagesink. Till we have a proper fix, disable the visualization rather than downgrading the xvimagesink. Fixes [YOCTO #10041] Signed-off-by: Maxin B. John--- .../0001-Disable-visualizations-by-default.patch | 36 ++ .../recipes-multimedia/gstreamer/gst-player_git.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-multimedia/gstreamer/gst-player/0001-Disable-visualizations-by-default.patch diff --git a/meta/recipes-multimedia/gstreamer/gst-player/0001-Disable-visualizations-by-default.patch b/meta/recipes-multimedia/gstreamer/gst-player/0001-Disable-visualizations-by-default.patch new file mode 100644 index 000..dabdcea --- /dev/null +++ b/meta/recipes-multimedia/gstreamer/gst-player/0001-Disable-visualizations-by-default.patch @@ -0,0 +1,36 @@ +From 93e1838f8b8704e4d7d71965f61bee931377b080 Mon Sep 17 00:00:00 2001 +From: Jussi Kukkonen +Date: Thu, 22 Sep 2016 19:26:40 +0300 +Subject: [PATCH] Disable visualizations by default + +As documented in [YOCTO #10041] visualizations trigger a bug in +xvimagesink on some hardware, which prevents playback in the +mediaplayer. Disable visualizations until the xv issue is solved +to enable playback QA. + +Upstream-Status: Inappropriate [workaround] +Signed-off-by: Jussi Kukkonen +Signed-off-by: Maxin B. John +--- + gtk/gtk-play.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/gtk/gtk-play.c b/gtk/gtk-play.c +index 8ae0fea..322e599 100644 +--- a/gtk/gtk-play.c b/gtk/gtk-play.c +@@ -1751,9 +1751,8 @@ gtk_play_constructor (GType type, guint n_construct_params, + g_signal_connect (self->player, "volume-changed", + G_CALLBACK (player_volume_changed_cb), self); + +- /* enable visualization (by default playbin uses goom) */ +- /* if visualization is enabled then use the first element */ +- gst_player_set_visualization_enabled (self->player, TRUE); ++ /* Disable visualization by default */ ++ gst_player_set_visualization_enabled (self->player, FALSE); + + g_signal_connect (G_OBJECT (self), "show", G_CALLBACK (show_cb), NULL); + +-- +2.4.0 + diff --git a/meta/recipes-multimedia/gstreamer/gst-player_git.bb b/meta/recipes-multimedia/gstreamer/gst-player_git.bb index 2a4c9dc..51f3544 100644 --- a/meta/recipes-multimedia/gstreamer/gst-player_git.bb +++ b/meta/recipes-multimedia/gstreamer/gst-player_git.bb @@ -9,6 +9,7 @@ SRC_URI = "git://github.com/sdroege/gst-player.git \ file://Fix-pause-play.patch;apply=0 \ file://Add-error-signal-emission-for-missing-plugins.patch;apply=0 \ file://0001-gtk-play-provide-similar-behaviour-for-quit-and-clos.patch \ + file://0001-Disable-visualizations-by-default.patch \ file://gst-player.desktop" SRCREV = "ea90e63c1064503f9ba5d59aa4ca604f13ca5def" -- 2.4.0 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
Re: [OE-core] [PATCH 00/60] krogoth-next staged
Ian, On 09/24/2016 07:48 AM, Ian Geiser wrote: I think the systemd change may have broken something. It looks like it is running a useradd with no arguments other than the root. Now I see the following error in krogoth: from "tmp-glibc/work/i586-oe-linux/systemd/1_229+gitAUTOINC+714c62b463-r0/temp/log.do_install" I have been able to reproduce this. I am going to check master to see if the same issue exists there. thanks for reporting this. - armin DEBUG: SITE files ['endian-little', 'bit-32', 'ix86-common', 'common-linux', 'common-glibc', 'i586-linux', 'common'] DEBUG: Executing shell function useradd_sysroot Running groupadd commands... NOTE: systemd: Performing groupadd with [--root /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified -r lock] NOTE: systemd: Performing groupadd with [--root /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified -r systemd-journal] NOTE: systemd: group systemd-journal already exists, not re-creating it Running useradd commands... NOTE: systemd: Performing useradd with [--root /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified --system -d / -M --shell /bin/nologin systemd-timesync] NOTE: systemd: Performing useradd with [--root /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified] Usage: useradd [options] LOGIN useradd -D useradd -D [options] Options: -b, --base-dir BASE_DIR base directory for the home directory of the new account -c, --comment COMMENT GECOS field of the new account -d, --home-dir HOME_DIR home directory of the new account -D, --defaultsprint or change default useradd configuration -e, --expiredate EXPIRE_DATE expiration date of the new account -f, --inactive INACTIVE password inactivity period of the new account -g, --gid GROUP name or ID of the primary group of the new account -G, --groups GROUPS list of supplementary groups of the new account -h, --helpdisplay this help message and exit -k, --skel SKEL_DIR use this alternative skeleton directory -K, --key KEY=VALUE override /etc/login.defs defaults -l, --no-log-init do not add the user to the lastlog and faillog databases -m, --create-home create the user's home directory -M, --no-create-home do not create the user's home directory -N, --no-user-group do not create a group with the same name as the user -o, --non-unique allow to create users with duplicate (non-unique) UID -p, --password PASSWORD encrypted password of the new account -P, --clear-password PASSWORD clear password of the new account -r, --system create a system account -R, --root CHROOT_DIR directory to chroot into -s, --shell SHELL login shell of the new account -u, --uid UID user ID of the new account -U, --user-group create a group with the same name as the user WARNING: /mnt/bitbake/build/detos/tmp-glibc/work/i586-oe-linux/systemd/1_229+gitAUTOINC+714c62b463-r0/temp/run.useradd_sysroot.31611:1 exit 1 from 'exit 1' ERROR: systemd: useradd command did not succeed. -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [PATCH 0/9] Jethro pull request
Please consider these changes for Jethro The following changes since commit c9c85df86cd2270b144fa824ef76adedd3636c8a: util-linux: Security fix for CVE-2016-5011 (2016-09-23 23:21:43 +0100) are available in the git repository at: git://git.openembedded.org/openembedded-core-contrib akuster/jethro-next http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=akuster/jethro-next Armin Kuster (9): openssl: Security fix CVE-2016-2180 openssl: Security fix CVE-2016-8181 openssl: Security fix CVE-2016-2182 openssl: Security fix CVE-2016-6304 openssl: Security fix CVE-2016-6303 openssl: Security fix CVE-2016-6304 openssl: Security fix CVE-2016-6303 tzdata: update to 2016f tzcode-native: update to 2016f .../openssl/openssl/CVE-2016-2180.patch| 44 .../openssl/openssl/CVE-2016-2181_p1.patch | 91 .../openssl/openssl/CVE-2016-2181_p2.patch | 239 + .../openssl/openssl/CVE-2016-2181_p3.patch | 30 +++ .../openssl/openssl/CVE-2016-2182.patch| 70 ++ .../openssl/openssl/CVE-2016-6302.patch| 53 + .../openssl/openssl/CVE-2016-6303.patch| 36 .../openssl/openssl/CVE-2016-6304.patch| 75 +++ .../openssl/openssl/CVE-2016-6306.patch| 71 ++ .../recipes-connectivity/openssl/openssl_1.0.2h.bb | 9 + ...code-native_2016e.bb => tzcode-native_2016f.bb} | 8 +- .../tzdata/{tzdata_2016e.bb => tzdata_2016f.bb}| 4 +- 12 files changed, 724 insertions(+), 6 deletions(-) create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch rename meta/recipes-extended/tzcode/{tzcode-native_2016e.bb => tzcode-native_2016f.bb} (68%) rename meta/recipes-extended/tzdata/{tzdata_2016e.bb => tzdata_2016f.bb} (98%) -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
[OE-core] [meta][PATCH] bootchart2: Allocate space on heap for collector chunks
Nicer for embedded devices which may have smaller stack limitations. Signed-off-by: Kyle Russell--- ...llector-Allocate-space-on-heap-for-chunks.patch | 45 ++ .../bootchart2/bootchart2_0.14.8.bb| 1 + 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-devtools/bootchart2/bootchart2/0001-collector-Allocate-space-on-heap-for-chunks.patch diff --git a/meta/recipes-devtools/bootchart2/bootchart2/0001-collector-Allocate-space-on-heap-for-chunks.patch b/meta/recipes-devtools/bootchart2/bootchart2/0001-collector-Allocate-space-on-heap-for-chunks.patch new file mode 100644 index 000..7a8813e --- /dev/null +++ b/meta/recipes-devtools/bootchart2/bootchart2/0001-collector-Allocate-space-on-heap-for-chunks.patch @@ -0,0 +1,45 @@ +From 09505532b49573663fb4ff4dad424dc2ef4c1f84 Mon Sep 17 00:00:00 2001 +From: Kyle Russell +Date: Wed, 13 Jul 2016 17:30:00 -0400 +Subject: [PATCH] collector: Allocate space on heap for chunks + +Nicer for embedded devices which may have smaller stack limitations. + +Upstream-Status: Submitted [https://github.com/xrmx/bootchart/pull/74] + +Signed-off-by: Kyle Russell +--- + collector/dump.c | 7 --- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/collector/dump.c b/collector/dump.c +index e673b5b..2f094b4 100644 +--- a/collector/dump.c b/collector/dump.c +@@ -184,12 +184,12 @@ static void dump_buffers (DumpState *s) + log ("reading %d chunks (of %d) ...\n", max_chunk, s->map.max_chunk); + for (i = 0; i < max_chunk; i++) { + FILE *output; +- char buffer[CHUNK_SIZE]; +- Chunk *c = (Chunk *) ++ char *buffer = malloc(CHUNK_SIZE); ++ Chunk *c = (Chunk *)buffer; + size_t addr = (size_t) s->map.chunks[i]; + + lseek (s->mem, addr, SEEK_SET); +- read (s->mem, , CHUNK_SIZE); ++ read (s->mem, buffer, CHUNK_SIZE); + /* log ("type: '%s' len %d\n", + c->dest_stream, (int)c->length); */ + +@@ -197,6 +197,7 @@ static void dump_buffers (DumpState *s) + fwrite (c->data, 1, c->length, output); + bytes_dumped += c->length; + fclose (output); ++free(buffer); + } + log ("wrote %ld kb\n", (long)(bytes_dumped+1023)/1024); + } +-- +2.7.4 + diff --git a/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb b/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb index fdebb64..4f01734 100644 --- a/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb +++ b/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb @@ -93,6 +93,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+(\.\d+)*)" SRC_URI = "git://github.com/mmeeks/bootchart.git \ file://bootchartd_stop.sh \ file://0001-Fixed-Missing-default-value-for-BOOTLOG_DEST.patch \ + file://0001-collector-Allocate-space-on-heap-for-chunks.patch \ " S = "${WORKDIR}/git" -- 2.7.4 -- ___ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core