date:20160925

[OE-core] [PATCH] python: fix CVE-2016-1000110

2016-09-25 Thread mingli.yu

From: Mingli Yu 

Backport patch to fix CVE-2016-1000110 from python upstream:
for python2.7
https://hg.python.org/cpython/rev/ba915d561667/
for python3
https://hg.python.org/cpython/rev/a0ac52ed8f79

Signed-off-by: Mingli Yu 
---
 .../python/python-fix-CVE-2016-1000110.patch   | 162 +
 .../python3/python3-fix-CVE-2016-1000110.patch | 148 +++
 meta/recipes-devtools/python/python3_3.5.2.bb  |   1 +
 meta/recipes-devtools/python/python_2.7.12.bb  |   1 +
 4 files changed, 312 insertions(+)
 create mode 100644 
meta/recipes-devtools/python/python/python-fix-CVE-2016-1000110.patch
 create mode 100644 
meta/recipes-devtools/python/python3/python3-fix-CVE-2016-1000110.patch

diff --git 
a/meta/recipes-devtools/python/python/python-fix-CVE-2016-1000110.patch 
b/meta/recipes-devtools/python/python/python-fix-CVE-2016-1000110.patch
new file mode 100644
index 000..97888e2
--- /dev/null
+++ b/meta/recipes-devtools/python/python/python-fix-CVE-2016-1000110.patch
@@ -0,0 +1,162 @@
+From cb25fbd5abc0f4eb07dbb8ea819e9c26bda4fc99 Mon Sep 17 00:00:00 2001
+From: Senthil Kumaran 
+Date: Sat, 30 Jul 2016 05:49:53 -0700
+Subject: [PATCH] python: fix CVE-2016-1000110
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Prevent HTTPoxy attack (CVE-2016-1000110)
+
+Ignore the HTTP_PROXY variable when REQUEST_METHOD environment is set, which
+indicates that the script is in CGI mode.
+
+Issue reported and patch contributed by Rémi Rampin.
+
+Backport patch from https://hg.python.org/cpython/rev/ba915d561667/
+
+Upstream-Status: Backport
+CVE: CVE-2016-1000110
+Signed-off-by: Mingli Yu 
+---
+ Doc/howto/urllib2.rst   |  5 +
+ Doc/library/urllib.rst  | 10 ++
+ Doc/library/urllib2.rst |  5 +
+ Lib/test/test_urllib.py | 12 
+ Lib/urllib.py   |  9 +
+ Misc/ACKS   |  1 +
+ Misc/NEWS   |  4 
+ 7 files changed, 46 insertions(+)
+
+diff --git a/Doc/howto/urllib2.rst b/Doc/howto/urllib2.rst
+index 6bb06d4..5cf2c0c 100644
+--- a/Doc/howto/urllib2.rst
 b/Doc/howto/urllib2.rst
+@@ -525,6 +525,11 @@ setting up a `Basic Authentication`_ handler: ::
+ through a proxy.  However, this can be enabled by extending urllib2 as
+ shown in the recipe [#]_.
+ 
++.. note::
++
++``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set; 
see
++the documentation on :func:`~urllib.getproxies`.
++
+ 
+ Sockets and Layers
+ ==
+diff --git a/Doc/library/urllib.rst b/Doc/library/urllib.rst
+index 3b5dc16..bddcba9 100644
+--- a/Doc/library/urllib.rst
 b/Doc/library/urllib.rst
+@@ -295,6 +295,16 @@ Utility functions
+If both lowercase and uppercase environment variables exist (and disagree),
+lowercase is preferred.
+ 
++.. note::
++
++If the environment variable ``REQUEST_METHOD`` is set, which usually
++indicates your script is running in a CGI environment, the environment
++variable ``HTTP_PROXY`` (uppercase ``_PROXY``) will be ignored. This 
is
++because that variable can be injected by a client using the "Proxy:"
++HTTP header. If you need to use an HTTP proxy in a CGI environment,
++either use ``ProxyHandler`` explicitly, or make sure the variable name
++is in lowercase (or at least the ``_proxy`` suffix).
++
+ .. note::
+ urllib also exposes certain utility functions like splittype, splithost 
and
+ others parsing URL into various components. But it is recommended to use
+diff --git a/Doc/library/urllib2.rst b/Doc/library/urllib2.rst
+index 8a4c80e..b808b98 100644
+--- a/Doc/library/urllib2.rst
 b/Doc/library/urllib2.rst
+@@ -229,6 +229,11 @@ The following classes are provided:
+ 
+To disable autodetected proxy pass an empty dictionary.
+ 
++.. note::
++
++   ``HTTP_PROXY`` will be ignored if a variable ``REQUEST_METHOD`` is set;
++   see the documentation on :func:`~urllib.getproxies`.
++
+ 
+ .. class:: HTTPPasswordMgr()
+ 
+diff --git a/Lib/test/test_urllib.py b/Lib/test/test_urllib.py
+index 434d533..27a1d38 100644
+--- a/Lib/test/test_urllib.py
 b/Lib/test/test_urllib.py
+@@ -170,6 +170,18 @@ class ProxyTests(unittest.TestCase):
+ 
self.assertTrue(urllib.proxy_bypass_environment('anotherdomain.com:'))
+ self.assertTrue(urllib.proxy_bypass_environment('newdomain.com:1234'))
+ 
++def test_proxy_cgi_ignore(self):
++try:
++self.env.set('HTTP_PROXY', 'http://somewhere:3128')
++proxies = urllib.getproxies_environment()
++self.assertEqual('http://somewhere:3128', proxies['http'])
++self.env.set('REQUEST_METHOD', 'GET')
++proxies = urllib.getproxies_environment()
++self.assertNotIn('http', proxies)
++finally:
++

Re: [OE-core] [PATCH 00/60] krogoth-next staged

2016-09-25 Thread akuster808



On 09/24/2016 07:48 AM, Ian Geiser wrote:
> I think the systemd change may have broken something.  It looks like it is 
> running a useradd with no arguments other than the root. Now I see the 
> following error in krogoth:
> 

I appears to be caused by
http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=krogoth=66a4366e8fb4077a375e71c2169f3307254a36aa.

Master did not show this issue.

- armin

> from 
> "tmp-glibc/work/i586-oe-linux/systemd/1_229+gitAUTOINC+714c62b463-r0/temp/log.do_install"
> 
> DEBUG: SITE files ['endian-little', 'bit-32', 'ix86-common', 'common-linux', 
> 'common-glibc', 'i586-linux', 'common']
> DEBUG: Executing shell function useradd_sysroot
> Running groupadd commands...
> NOTE: systemd: Performing groupadd with [--root 
> /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified -r lock]
> NOTE: systemd: Performing groupadd with [--root 
> /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified  -r systemd-journal]
> NOTE: systemd: group systemd-journal already exists, not re-creating it
> Running useradd commands...
> NOTE: systemd: Performing useradd with [--root 
> /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified --system -d / -M 
> --shell /bin/nologin systemd-timesync]
> NOTE: systemd: Performing useradd with [--root 
> /mnt/bitbake/build/detos/tmp-glibc/sysroots/unified]
> Usage: useradd [options] LOGIN
>useradd -D
>useradd -D [options]
> 
> Options:
>   -b, --base-dir BASE_DIR   base directory for the home directory of the
> new account
>   -c, --comment COMMENT GECOS field of the new account
>   -d, --home-dir HOME_DIR   home directory of the new account
>   -D, --defaultsprint or change default useradd configuration
>   -e, --expiredate EXPIRE_DATE  expiration date of the new account
>   -f, --inactive INACTIVE   password inactivity period of the new account
>   -g, --gid GROUP   name or ID of the primary group of the new
> account
>   -G, --groups GROUPS   list of supplementary groups of the new
> account
>   -h, --helpdisplay this help message and exit
>   -k, --skel SKEL_DIR   use this alternative skeleton directory
>   -K, --key KEY=VALUE   override /etc/login.defs defaults
>   -l, --no-log-init do not add the user to the lastlog and
> faillog databases
>   -m, --create-home create the user's home directory
>   -M, --no-create-home  do not create the user's home directory
>   -N, --no-user-group   do not create a group with the same name as
> the user
>   -o, --non-unique  allow to create users with duplicate
> (non-unique) UID
>   -p, --password PASSWORD   encrypted password of the new account
>   -P, --clear-password PASSWORD clear password of the new account
>   -r, --system  create a system account
>   -R, --root CHROOT_DIR directory to chroot into
>   -s, --shell SHELL login shell of the new account
>   -u, --uid UID user ID of the new account
>   -U, --user-group  create a group with the same name as the user
> 
> WARNING: 
> /mnt/bitbake/build/detos/tmp-glibc/work/i586-oe-linux/systemd/1_229+gitAUTOINC+714c62b463-r0/temp/run.useradd_sysroot.31611:1
>  exit 1 from 'exit 1'
> ERROR: systemd: useradd command did not succeed.
> 
> 
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 0/1] meta-environment: ensure corret TOOLCHAIN_CONFIGSITE_NOCACHE value

2016-09-25 Thread Chen Qi

The following changes since commit ae5073c4abd8935c01d14d3e6395124f815bd10b:

  arch-mips: Add mips64-o32 tunes (2016-09-23 18:06:10 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib ChenQi/meta-environment
  
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=ChenQi/meta-environment

Chen Qi (1):
  meta-environment: ensure corret TOOLCHAIN_CONFIGSITE_NOCACHE value

 meta/recipes-core/meta/meta-environment.bb | 2 ++
 1 file changed, 2 insertions(+)

-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 1/1] meta-environment: ensure corret TOOLCHAIN_CONFIGSITE_NOCACHE value

2016-09-25 Thread Chen Qi

Expand TOOLCHAIN_CONFIGSITE_NOCACHE value immediately before inheriting
cross-canadian to avoid HOST_ARCH being changed from TARGET_ARCH to SDK_ARCH,
thus ensuring its correct value.

[YOCTO #10255]

Signed-off-by: Chen Qi 
---
 meta/recipes-core/meta/meta-environment.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/meta/meta-environment.bb 
b/meta/recipes-core/meta/meta-environment.bb
index 49d45f6..d9e045f 100644
--- a/meta/recipes-core/meta/meta-environment.bb
+++ b/meta/recipes-core/meta/meta-environment.bb
@@ -12,6 +12,8 @@ REAL_MULTIMACH_TARGET_SYS = 
"${TUNE_PKGARCH}${TARGET_VENDOR}-${TARGET_OS}"
 
 inherit toolchain-scripts
 TOOLCHAIN_NEED_CONFIGSITE_CACHE_append = " zlib"
+# Need to expand here before cross-candian changes HOST_ARCH -> SDK_ARCH
+TOOLCHAIN_CONFIGSITE_NOCACHE := "${TOOLCHAIN_CONFIGSITE_NOCACHE}"
 
 SDK_DIR = "${WORKDIR}/sdk"
 SDK_OUTPUT = "${SDK_DIR}/image"
-- 
1.9.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 1/1] toolchain-script: use immediate expansion for TOOLCHAIN_CONFIGSITE_NOCACHE

2016-09-25 Thread ChenQi


On 09/23/2016 10:37 PM, Richard Purdie wrote:

On Fri, 2016-09-23 at 16:30 +0800, Chen Qi wrote:

Use immediate expansion for the assignment to avoid other classes
modifying
variables like HOST_ARCH which changes the result. This happens in
the
meta-environment recipe. It inherits cross-canadian which changes
HOST_ARCH
from TARGET_ARCH to SDK_ARCH, resulting in wrong site config files in
the
generated SDK.

[YOCTO #10255]

Signed-off-by: Chen Qi 
---
  meta/classes/toolchain-scripts.bbclass | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

I've not merged this as yet since I worry that this is something we'd
easily break again. It all depends which order classes are included and
moving the cross-canadian inherit in meta-environment would break this
even with immediate expansion.

I think the best way to fix this might be to change the meta-
environment to add:

# Need to expand here before cross-candian changes HOST_ARCH -> SDK_ARCH
TOOLCHAIN_CONFIGSITE_NOCACHE := "${TOOLCHAIN_CONFIGSITE_NOCACHE}"

before it inherits cross-candian, then the problem is explicitly
recorded and worked around.

Cheers,

Richard



Thanks a lot.
I've verified this solution.
A new patch has been sent out.

Best Regards,
Chen Qi

--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 0/9] Jethro pull request

2016-09-25 Thread Mittal, AnujX

Hi,

> -Original Message-
> From: openembedded-core-boun...@lists.openembedded.org
> [mailto:openembedded-core-boun...@lists.openembedded.org] On Behalf Of
> Armin Kuster
> Sent: Sunday, September 25, 2016 11:05 PM
> To: akus...@mvista.com; openembedded-core@lists.openembedded.org
> Subject: [OE-core] [PATCH 0/9] Jethro pull request
> 
> Please consider these changes for Jethro
> 
> The following changes since commit
> c9c85df86cd2270b144fa824ef76adedd3636c8a:
> 
>   util-linux: Security fix for CVE-2016-5011 (2016-09-23 23:21:43 +0100)
> 
> are available in the git repository at:
> 
>   git://git.openembedded.org/openembedded-core-contrib akuster/jethro-next
>   http://cgit.openembedded.org/cgit.cgi/openembedded-core-
> contrib/log/?h=akuster/jethro-next
> 
> Armin Kuster (9):
>   openssl: Security fix CVE-2016-2180
>   openssl: Security fix CVE-2016-8181
>   openssl: Security fix CVE-2016-2182
>   openssl: Security fix CVE-2016-6304

I think there's a typo here. Shouldn't this be CVE-2016-6302?

>   openssl: Security fix CVE-2016-6303
>   openssl: Security fix CVE-2016-6304
>   openssl: Security fix CVE-2016-6303

And, this CVE-2016-6306?

>   tzdata: update to 2016f
>   tzcode-native: update to 2016f
> 
>  .../openssl/openssl/CVE-2016-2180.patch|  44 
>  .../openssl/openssl/CVE-2016-2181_p1.patch |  91 
>  .../openssl/openssl/CVE-2016-2181_p2.patch | 239
> +
>  .../openssl/openssl/CVE-2016-2181_p3.patch |  30 +++
>  .../openssl/openssl/CVE-2016-2182.patch|  70 ++
>  .../openssl/openssl/CVE-2016-6302.patch|  53 +
>  .../openssl/openssl/CVE-2016-6303.patch|  36 
>  .../openssl/openssl/CVE-2016-6304.patch|  75 +++
>  .../openssl/openssl/CVE-2016-6306.patch|  71 ++
>  .../recipes-connectivity/openssl/openssl_1.0.2h.bb |   9 +
>  ...code-native_2016e.bb => tzcode-native_2016f.bb} |   8 +-
>  .../tzdata/{tzdata_2016e.bb => tzdata_2016f.bb}|   4 +-
>  12 files changed, 724 insertions(+), 6 deletions(-)
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-
> 2180.patch
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-
> 2181_p1.patch
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-
> 2181_p2.patch
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-
> 2181_p3.patch
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-
> 2182.patch
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-
> 6302.patch
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-
> 6303.patch
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-
> 6304.patch
>  create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2016-
> 6306.patch
>  rename meta/recipes-extended/tzcode/{tzcode-native_2016e.bb => tzcode-
> native_2016f.bb} (68%)
>  rename meta/recipes-extended/tzdata/{tzdata_2016e.bb => tzdata_2016f.bb}
> (98%)
> 
> --
> 2.7.4
> 
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] gst-player: Disable visualizations

2016-09-25 Thread Maxin B. John

On some machines, visualizations in gst-player trigger a bug in
xvimagesink. Till we have a proper fix, disable the visualization
rather than downgrading the xvimagesink.

Fixes [YOCTO #10041]

Signed-off-by: Maxin B. John 
---
 .../0001-Disable-visualizations-by-default.patch   | 36 ++
 .../recipes-multimedia/gstreamer/gst-player_git.bb |  1 +
 2 files changed, 37 insertions(+)
 create mode 100644 
meta/recipes-multimedia/gstreamer/gst-player/0001-Disable-visualizations-by-default.patch

diff --git 
a/meta/recipes-multimedia/gstreamer/gst-player/0001-Disable-visualizations-by-default.patch
 
b/meta/recipes-multimedia/gstreamer/gst-player/0001-Disable-visualizations-by-default.patch
new file mode 100644
index 000..dabdcea
--- /dev/null
+++ 
b/meta/recipes-multimedia/gstreamer/gst-player/0001-Disable-visualizations-by-default.patch
@@ -0,0 +1,36 @@
+From 93e1838f8b8704e4d7d71965f61bee931377b080 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen 
+Date: Thu, 22 Sep 2016 19:26:40 +0300
+Subject: [PATCH] Disable visualizations by default
+
+As documented in [YOCTO #10041] visualizations trigger a bug in
+xvimagesink on some hardware, which prevents playback in the
+mediaplayer. Disable visualizations until the xv issue is solved
+to enable playback QA.
+
+Upstream-Status: Inappropriate [workaround]
+Signed-off-by: Jussi Kukkonen 
+Signed-off-by: Maxin B. John 
+---
+ gtk/gtk-play.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/gtk/gtk-play.c b/gtk/gtk-play.c
+index 8ae0fea..322e599 100644
+--- a/gtk/gtk-play.c
 b/gtk/gtk-play.c
+@@ -1751,9 +1751,8 @@ gtk_play_constructor (GType type, guint 
n_construct_params,
+   g_signal_connect (self->player, "volume-changed",
+   G_CALLBACK (player_volume_changed_cb), self);
+ 
+-  /* enable visualization (by default playbin uses goom) */
+-  /* if visualization is enabled then use the first element */
+-  gst_player_set_visualization_enabled (self->player, TRUE);
++  /* Disable visualization by default */
++  gst_player_set_visualization_enabled (self->player, FALSE);
+ 
+   g_signal_connect (G_OBJECT (self), "show", G_CALLBACK (show_cb), NULL);
+ 
+-- 
+2.4.0
+
diff --git a/meta/recipes-multimedia/gstreamer/gst-player_git.bb 
b/meta/recipes-multimedia/gstreamer/gst-player_git.bb
index 2a4c9dc..51f3544 100644
--- a/meta/recipes-multimedia/gstreamer/gst-player_git.bb
+++ b/meta/recipes-multimedia/gstreamer/gst-player_git.bb
@@ -9,6 +9,7 @@ SRC_URI = "git://github.com/sdroege/gst-player.git \
file://Fix-pause-play.patch;apply=0 \
file://Add-error-signal-emission-for-missing-plugins.patch;apply=0 \

file://0001-gtk-play-provide-similar-behaviour-for-quit-and-clos.patch \
+   file://0001-Disable-visualizations-by-default.patch \
file://gst-player.desktop"
 
 SRCREV = "ea90e63c1064503f9ba5d59aa4ca604f13ca5def"
-- 
2.4.0

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH 00/60] krogoth-next staged

2016-09-25 Thread akuster808


Ian,


On 09/24/2016 07:48 AM, Ian Geiser wrote:

I think the systemd change may have broken something.  It looks like it is 
running a useradd with no arguments other than the root. Now I see the 
following error in krogoth:

from 
"tmp-glibc/work/i586-oe-linux/systemd/1_229+gitAUTOINC+714c62b463-r0/temp/log.do_install"
I have been able to reproduce this. I am going to check master to see if 
the same issue exists there.


thanks for reporting this.

- armin



DEBUG: SITE files ['endian-little', 'bit-32', 'ix86-common', 'common-linux', 
'common-glibc', 'i586-linux', 'common']
DEBUG: Executing shell function useradd_sysroot
Running groupadd commands...
NOTE: systemd: Performing groupadd with [--root 
/mnt/bitbake/build/detos/tmp-glibc/sysroots/unified -r lock]
NOTE: systemd: Performing groupadd with [--root 
/mnt/bitbake/build/detos/tmp-glibc/sysroots/unified  -r systemd-journal]
NOTE: systemd: group systemd-journal already exists, not re-creating it
Running useradd commands...
NOTE: systemd: Performing useradd with [--root 
/mnt/bitbake/build/detos/tmp-glibc/sysroots/unified --system -d / -M 
--shell /bin/nologin systemd-timesync]
NOTE: systemd: Performing useradd with [--root 
/mnt/bitbake/build/detos/tmp-glibc/sysroots/unified]
Usage: useradd [options] LOGIN
useradd -D
useradd -D [options]

Options:
   -b, --base-dir BASE_DIR   base directory for the home directory of the
 new account
   -c, --comment COMMENT GECOS field of the new account
   -d, --home-dir HOME_DIR   home directory of the new account
   -D, --defaultsprint or change default useradd configuration
   -e, --expiredate EXPIRE_DATE  expiration date of the new account
   -f, --inactive INACTIVE   password inactivity period of the new account
   -g, --gid GROUP   name or ID of the primary group of the new
 account
   -G, --groups GROUPS   list of supplementary groups of the new
 account
   -h, --helpdisplay this help message and exit
   -k, --skel SKEL_DIR   use this alternative skeleton directory
   -K, --key KEY=VALUE   override /etc/login.defs defaults
   -l, --no-log-init do not add the user to the lastlog and
 faillog databases
   -m, --create-home create the user's home directory
   -M, --no-create-home  do not create the user's home directory
   -N, --no-user-group   do not create a group with the same name as
 the user
   -o, --non-unique  allow to create users with duplicate
 (non-unique) UID
   -p, --password PASSWORD   encrypted password of the new account
   -P, --clear-password PASSWORD clear password of the new account
   -r, --system  create a system account
   -R, --root CHROOT_DIR directory to chroot into
   -s, --shell SHELL login shell of the new account
   -u, --uid UID user ID of the new account
   -U, --user-group  create a group with the same name as the user

WARNING: 
/mnt/bitbake/build/detos/tmp-glibc/work/i586-oe-linux/systemd/1_229+gitAUTOINC+714c62b463-r0/temp/run.useradd_sysroot.31611:1
 exit 1 from 'exit 1'
ERROR: systemd: useradd command did not succeed.




--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 0/9] Jethro pull request

2016-09-25 Thread Armin Kuster

Please consider these changes for Jethro 

The following changes since commit c9c85df86cd2270b144fa824ef76adedd3636c8a:

  util-linux: Security fix for CVE-2016-5011 (2016-09-23 23:21:43 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib akuster/jethro-next
  
http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=akuster/jethro-next

Armin Kuster (9):
  openssl: Security fix CVE-2016-2180
  openssl: Security fix CVE-2016-8181
  openssl: Security fix CVE-2016-2182
  openssl: Security fix CVE-2016-6304
  openssl: Security fix CVE-2016-6303
  openssl: Security fix CVE-2016-6304
  openssl: Security fix CVE-2016-6303
  tzdata: update to 2016f
  tzcode-native: update to 2016f

 .../openssl/openssl/CVE-2016-2180.patch|  44 
 .../openssl/openssl/CVE-2016-2181_p1.patch |  91 
 .../openssl/openssl/CVE-2016-2181_p2.patch | 239 +
 .../openssl/openssl/CVE-2016-2181_p3.patch |  30 +++
 .../openssl/openssl/CVE-2016-2182.patch|  70 ++
 .../openssl/openssl/CVE-2016-6302.patch|  53 +
 .../openssl/openssl/CVE-2016-6303.patch|  36 
 .../openssl/openssl/CVE-2016-6304.patch|  75 +++
 .../openssl/openssl/CVE-2016-6306.patch|  71 ++
 .../recipes-connectivity/openssl/openssl_1.0.2h.bb |   9 +
 ...code-native_2016e.bb => tzcode-native_2016f.bb} |   8 +-
 .../tzdata/{tzdata_2016e.bb => tzdata_2016f.bb}|   4 +-
 12 files changed, 724 insertions(+), 6 deletions(-)
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2016-2180.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p1.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p2.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2016-2181_p3.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2016-2182.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2016-6302.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2016-6303.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2016-6304.patch
 create mode 100644 
meta/recipes-connectivity/openssl/openssl/CVE-2016-6306.patch
 rename meta/recipes-extended/tzcode/{tzcode-native_2016e.bb => 
tzcode-native_2016f.bb} (68%)
 rename meta/recipes-extended/tzdata/{tzdata_2016e.bb => tzdata_2016f.bb} (98%)

-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [meta][PATCH] bootchart2: Allocate space on heap for collector chunks

2016-09-25 Thread Kyle Russell

Nicer for embedded devices which may have smaller stack limitations.

Signed-off-by: Kyle Russell 
---
 ...llector-Allocate-space-on-heap-for-chunks.patch | 45 ++
 .../bootchart2/bootchart2_0.14.8.bb|  1 +
 2 files changed, 46 insertions(+)
 create mode 100644 
meta/recipes-devtools/bootchart2/bootchart2/0001-collector-Allocate-space-on-heap-for-chunks.patch

diff --git 
a/meta/recipes-devtools/bootchart2/bootchart2/0001-collector-Allocate-space-on-heap-for-chunks.patch
 
b/meta/recipes-devtools/bootchart2/bootchart2/0001-collector-Allocate-space-on-heap-for-chunks.patch
new file mode 100644
index 000..7a8813e
--- /dev/null
+++ 
b/meta/recipes-devtools/bootchart2/bootchart2/0001-collector-Allocate-space-on-heap-for-chunks.patch
@@ -0,0 +1,45 @@
+From 09505532b49573663fb4ff4dad424dc2ef4c1f84 Mon Sep 17 00:00:00 2001
+From: Kyle Russell 
+Date: Wed, 13 Jul 2016 17:30:00 -0400
+Subject: [PATCH] collector: Allocate space on heap for chunks
+
+Nicer for embedded devices which may have smaller stack limitations.
+
+Upstream-Status: Submitted [https://github.com/xrmx/bootchart/pull/74]
+
+Signed-off-by: Kyle Russell 
+---
+ collector/dump.c | 7 ---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/collector/dump.c b/collector/dump.c
+index e673b5b..2f094b4 100644
+--- a/collector/dump.c
 b/collector/dump.c
+@@ -184,12 +184,12 @@ static void dump_buffers (DumpState *s)
+   log ("reading %d chunks (of %d) ...\n", max_chunk, s->map.max_chunk);
+   for (i = 0; i < max_chunk; i++) {
+   FILE *output;
+-  char buffer[CHUNK_SIZE];
+-  Chunk *c = (Chunk *)
++  char *buffer = malloc(CHUNK_SIZE);
++  Chunk *c = (Chunk *)buffer;
+   size_t addr = (size_t) s->map.chunks[i];
+ 
+   lseek (s->mem, addr, SEEK_SET);
+-  read (s->mem, , CHUNK_SIZE);
++  read (s->mem, buffer, CHUNK_SIZE);
+   /*  log ("type: '%s' len %d\n",
+   c->dest_stream, (int)c->length); */
+ 
+@@ -197,6 +197,7 @@ static void dump_buffers (DumpState *s)
+   fwrite (c->data, 1, c->length, output);
+   bytes_dumped += c->length;
+   fclose (output);
++free(buffer);
+   }
+   log ("wrote %ld kb\n", (long)(bytes_dumped+1023)/1024);
+ }
+-- 
+2.7.4
+
diff --git a/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb 
b/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb
index fdebb64..4f01734 100644
--- a/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb
+++ b/meta/recipes-devtools/bootchart2/bootchart2_0.14.8.bb
@@ -93,6 +93,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+(\.\d+)*)"
 SRC_URI = "git://github.com/mmeeks/bootchart.git \
file://bootchartd_stop.sh \
file://0001-Fixed-Missing-default-value-for-BOOTLOG_DEST.patch \
+   file://0001-collector-Allocate-space-on-heap-for-chunks.patch \
   "
 
 S = "${WORKDIR}/git"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] python: fix CVE-2016-1000110

Re: [OE-core] [PATCH 00/60] krogoth-next staged

[OE-core] [PATCH 0/1] meta-environment: ensure corret TOOLCHAIN_CONFIGSITE_NOCACHE value

[OE-core] [PATCH 1/1] meta-environment: ensure corret TOOLCHAIN_CONFIGSITE_NOCACHE value

Re: [OE-core] [PATCH 1/1] toolchain-script: use immediate expansion for TOOLCHAIN_CONFIGSITE_NOCACHE

Re: [OE-core] [PATCH 0/9] Jethro pull request

[OE-core] [PATCH] gst-player: Disable visualizations

Re: [OE-core] [PATCH 00/60] krogoth-next staged

[OE-core] [PATCH 0/9] Jethro pull request

[OE-core] [meta][PATCH] bootchart2: Allocate space on heap for collector chunks

10 matches

Site Navigation

Mail list logo

Footer information