[OE-core] [morty][PATCH 3/3] libvorbis: CVE-2018-5146

[Tanu Kaskinen]

Prevent out-of-bounds write in codebook decoding. The bug could allow
code execution from a specially crafted Ogg Vorbis file.

References:
https://www.debian.org/security/2018/dsa-4140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146

Signed-off-by: Tanu Kaskinen 
---
 .../libvorbis/libvorbis/CVE-2018-5146.patch| 100 +
 .../libvorbis/libvorbis_1.3.5.bb   |   1 +
 2 files changed, 101 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch

diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch 
b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch
new file mode 100644
index 00..6d4052a872
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch
@@ -0,0 +1,100 @@
+From 3a017f591457bf6e80231b563bf83ee583fdbca8 Mon Sep 17 00:00:00 2001
+From: Thomas Daede 
+Date: Thu, 15 Mar 2018 14:15:31 -0700
+Subject: [PATCH] CVE-2018-5146: Prevent out-of-bounds write in codebook
+ decoding.
+
+Codebooks that are not an exact divisor of the partition size are now
+truncated to fit within the partition.
+
+Upstream-Status: Backport
+CVE: CVE-2018-5146
+
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
+
+Signed-off-by: Tanu Kaskinen 
+---
+ lib/codebook.c | 48 ++--
+ 1 file changed, 10 insertions(+), 38 deletions(-)
+
+diff --git a/lib/codebook.c b/lib/codebook.c
+index 8b766e8..7022fd2 100644
+--- a/lib/codebook.c
 b/lib/codebook.c
+@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook *book,float 
*a,oggpack_buffer *b,int n){
+   t[i] = book->valuelist+entry[i]*book->dim;
+ }
+ for(i=0,o=0;idim;i++,o+=step)
+-  for (j=0;j8){
+-  for(i=0;ivaluelist+entry*book->dim;
+-for (j=0;jdim;)
+-  a[i++]+=t[j++];
+-  }
+-}else{
+-  for(i=0;ivaluelist+entry*book->dim;
+-j=0;
+-switch((int)book->dim){
+-case 8:
+-  a[i++]+=t[j++];
+-case 7:
+-  a[i++]+=t[j++];
+-case 6:
+-  a[i++]+=t[j++];
+-case 5:
+-  a[i++]+=t[j++];
+-case 4:
+-  a[i++]+=t[j++];
+-case 3:
+-  a[i++]+=t[j++];
+-case 2:
+-  a[i++]+=t[j++];
+-case 1:
+-  a[i++]+=t[j++];
+-case 0:
+-  break;
+-}
+-  }
++for(i=0;ivaluelist+entry*book->dim;
++  for(j=0;idim;)
++a[i++]+=t[j++];
+ }
+   }
+   return(0);
+@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook *book,float 
**a,long offset,int ch,
+   long i,j,entry;
+   int chptr=0;
+   if(book->used_entries>0){
+-for(i=offset/ch;i<(offset+n)/ch;){
++int m=(offset+n)/ch;
++for(i=offset/ch;ivaluelist+entry*book->dim;
+-for (j=0;jdim;j++){
++for (j=0;idim;j++){
+   a[chptr++][i]+=t[j];
+   if(chptr==ch){
+ chptr=0;
+-- 
+2.16.2
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb 
b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 11e1de7223..bd2321f1d6 100644
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -13,6 +13,7 @@ DEPENDS = "libogg"
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
file://CVE-2017-14633.patch \
file://CVE-2017-14632.patch \
+   file://CVE-2018-5146.patch \
   "
 SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
 SRC_URI[sha256sum] = 
"54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
-- 
2.16.2

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [morty][PATCH 0/3] libvorbis security fixes

[Tanu Kaskinen]

Here are some libvorbis CVE fixes cherry-picked from master. The bugs
affect at least rocko, pyro and morty, I haven't checked older stable
branches. I don't know in which libvorbis version the bugs were
introduced.

These patches apply to morty. I have sent the rocko and pyro patches
separately.

Tanu Kaskinen (3):
  libvorbis: CVE-2017-14633
  libvorbis: CVE-2017-14632
  libvorbis: CVE-2018-5146

 .../libvorbis/libvorbis/CVE-2017-14632.patch   |  62 +
 .../libvorbis/libvorbis/CVE-2017-14633.patch   |  42 +
 .../libvorbis/libvorbis/CVE-2018-5146.patch| 100 +
 .../libvorbis/libvorbis_1.3.5.bb   |   6 +-
 4 files changed, 209 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch

-- 
2.16.2

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [morty][PATCH 2/3] libvorbis: CVE-2017-14632

[Tanu Kaskinen]

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632

Signed-off-by: Tanu Kaskinen 
---
 .../libvorbis/libvorbis/CVE-2017-14632.patch   | 62 ++
 .../libvorbis/libvorbis_1.3.5.bb   |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch

diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch 
b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch
new file mode 100644
index 00..4036b966fe
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch
@@ -0,0 +1,62 @@
+From 39704ce16835e5c019bb03f6a94dc1f0677406c5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= 
+Date: Wed, 15 Nov 2017 18:22:59 +0100
+Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb
+ if not initialized
+
+If the number of channels is not within the allowed range
+we call oggback_writeclear altough it's not initialized yet.
+
+This fixes
+
+=23371== Invalid free() / delete / delete[] / realloc()
+==23371==at 0x4C2CE1B: free (vg_replace_malloc.c:530)
+==23371==by 0x829CA31: oggpack_writeclear (in 
/usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
+==23371==by 0x84B96EE: vorbis_analysis_headerout (info.c:652)
+==23371==by 0x9FBCBCC: ??? (in 
/usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
+==23371==by 0x4E524F1: ??? (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x4E52CCA: sox_open_write (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x10D82A: open_output_file (sox.c:1556)
+==23371==by 0x10D82A: process (sox.c:1753)
+==23371==by 0x10D82A: main (sox.c:3012)
+==23371==  Address 0x68768c8 is 488 bytes inside a block of size 880 
alloc'd
+==23371==at 0x4C2BB1F: malloc (vg_replace_malloc.c:298)
+==23371==by 0x4C2DE9F: realloc (vg_replace_malloc.c:785)
+==23371==by 0x4E545C2: lsx_realloc (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x9FBC9A0: ??? (in 
/usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
+==23371==by 0x4E524F1: ??? (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x4E52CCA: sox_open_write (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x10D82A: open_output_file (sox.c:1556)
+==23371==by 0x10D82A: process (sox.c:1753)
+==23371==by 0x10D82A: main (sox.c:3012)
+
+as seen when using the testcase from CVE-2017-11333 with
+008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was
+there before.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14632
+
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=c1c2831fc7306d5fbd7bc800324efd12b28d327f
+
+Signed-off-by: Tanu Kaskinen 
+---
+ lib/info.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/info.c b/lib/info.c
+index 81b7557..4d82568 100644
+--- a/lib/info.c
 b/lib/info.c
+@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
+   private_state *b=v->backend_state;
+ 
+   if(!b||vi->channels<=0||vi->channels>256){
++b = NULL;
+ ret=OV_EFAULT;
+ goto err_out;
+   }
+-- 
+2.16.2
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb 
b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 75c2038800..11e1de7223 100644
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -12,6 +12,7 @@ DEPENDS = "libogg"
 
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
file://CVE-2017-14633.patch \
+   file://CVE-2017-14632.patch \
   "
 SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
 SRC_URI[sha256sum] = 
"54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
-- 
2.16.2

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [morty][PATCH 1/3] libvorbis: CVE-2017-14633

[Tanu Kaskinen]

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633

Signed-off-by: Tanu Kaskinen 
---
 .../libvorbis/libvorbis/CVE-2017-14633.patch   | 42 ++
 .../libvorbis/libvorbis_1.3.5.bb   |  4 ++-
 2 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch

diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch 
b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
new file mode 100644
index 00..9c9e688d43
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
@@ -0,0 +1,42 @@
+From 07eda55f336e5c44dfc0e4a1e21628faed7255fa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= 
+Date: Tue, 31 Oct 2017 18:32:46 +0100
+Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels
+
+Otherwise
+
+ for(i=0;ichannels;i++){
+  /* the encoder setup assumes that all the modes used by any
+ specific bitrate tweaking use the same floor */
+  int submap=info->chmuxlist[i];
+
+overreads later in mapping0_forward since chmuxlist is a fixed array of
+256 elements max.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14633
+
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
+
+Signed-off-by: Tanu Kaskinen 
+---
+ lib/info.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/info.c b/lib/info.c
+index e447a0c..81b7557 100644
+--- a/lib/info.c
 b/lib/info.c
+@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
+   oggpack_buffer opb;
+   private_state *b=v->backend_state;
+ 
+-  if(!b||vi->channels<=0){
++  if(!b||vi->channels<=0||vi->channels>256){
+ ret=OV_EFAULT;
+ goto err_out;
+   }
+-- 
+2.16.2
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb 
b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 636e0f307b..75c2038800 100644
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -10,7 +10,9 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=7d2c487d2fc7dd3e3c7c465a5b7f6217 \
 
file://include/vorbis/vorbisenc.h;beginline=1;endline=11;md5=d1c1d138863d6315131193d4046d81cb"
 DEPENDS = "libogg"
 
-SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz;
+SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
+   file://CVE-2017-14633.patch \
+  "
 SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
 SRC_URI[sha256sum] = 
"54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
 
-- 
2.16.2

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [rocko][pyro][PATCH 3/3] libvorbis: CVE-2018-5146

[Tanu Kaskinen]

Prevent out-of-bounds write in codebook decoding. The bug could allow
code execution from a specially crafted Ogg Vorbis file.

References:
https://www.debian.org/security/2018/dsa-4140
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5146

Signed-off-by: Tanu Kaskinen 
---
 .../libvorbis/libvorbis/CVE-2018-5146.patch| 100 +
 .../libvorbis/libvorbis_1.3.5.bb   |   1 +
 2 files changed, 101 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch

diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch 
b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch
new file mode 100644
index 00..6d4052a872
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch
@@ -0,0 +1,100 @@
+From 3a017f591457bf6e80231b563bf83ee583fdbca8 Mon Sep 17 00:00:00 2001
+From: Thomas Daede 
+Date: Thu, 15 Mar 2018 14:15:31 -0700
+Subject: [PATCH] CVE-2018-5146: Prevent out-of-bounds write in codebook
+ decoding.
+
+Codebooks that are not an exact divisor of the partition size are now
+truncated to fit within the partition.
+
+Upstream-Status: Backport
+CVE: CVE-2018-5146
+
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
+
+Signed-off-by: Tanu Kaskinen 
+---
+ lib/codebook.c | 48 ++--
+ 1 file changed, 10 insertions(+), 38 deletions(-)
+
+diff --git a/lib/codebook.c b/lib/codebook.c
+index 8b766e8..7022fd2 100644
+--- a/lib/codebook.c
 b/lib/codebook.c
+@@ -387,7 +387,7 @@ long vorbis_book_decodevs_add(codebook *book,float 
*a,oggpack_buffer *b,int n){
+   t[i] = book->valuelist+entry[i]*book->dim;
+ }
+ for(i=0,o=0;idim;i++,o+=step)
+-  for (j=0;j8){
+-  for(i=0;ivaluelist+entry*book->dim;
+-for (j=0;jdim;)
+-  a[i++]+=t[j++];
+-  }
+-}else{
+-  for(i=0;ivaluelist+entry*book->dim;
+-j=0;
+-switch((int)book->dim){
+-case 8:
+-  a[i++]+=t[j++];
+-case 7:
+-  a[i++]+=t[j++];
+-case 6:
+-  a[i++]+=t[j++];
+-case 5:
+-  a[i++]+=t[j++];
+-case 4:
+-  a[i++]+=t[j++];
+-case 3:
+-  a[i++]+=t[j++];
+-case 2:
+-  a[i++]+=t[j++];
+-case 1:
+-  a[i++]+=t[j++];
+-case 0:
+-  break;
+-}
+-  }
++for(i=0;ivaluelist+entry*book->dim;
++  for(j=0;idim;)
++a[i++]+=t[j++];
+ }
+   }
+   return(0);
+@@ -471,12 +442,13 @@ long vorbis_book_decodevv_add(codebook *book,float 
**a,long offset,int ch,
+   long i,j,entry;
+   int chptr=0;
+   if(book->used_entries>0){
+-for(i=offset/ch;i<(offset+n)/ch;){
++int m=(offset+n)/ch;
++for(i=offset/ch;ivaluelist+entry*book->dim;
+-for (j=0;jdim;j++){
++for (j=0;idim;j++){
+   a[chptr++][i]+=t[j];
+   if(chptr==ch){
+ chptr=0;
+-- 
+2.16.2
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb 
b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 32e92f009a..20f887c252 100644
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -14,6 +14,7 @@ SRC_URI = 
"http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
file://0001-configure-Check-for-clang.patch \
file://CVE-2017-14633.patch \
file://CVE-2017-14632.patch \
+   file://CVE-2018-5146.patch \
   "
 SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
 SRC_URI[sha256sum] = 
"54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
-- 
2.16.2

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [rocko][pyro][PATCH 1/3] libvorbis: CVE-2017-14633

[Tanu Kaskinen]

In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability
exists in the function mapping0_forward() in mapping0.c, which may lead
to DoS when operating on a crafted audio file with vorbis_analysis().

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633

Signed-off-by: Tanu Kaskinen 
---
 .../libvorbis/libvorbis/CVE-2017-14633.patch   | 42 ++
 .../libvorbis/libvorbis_1.3.5.bb   |  1 +
 2 files changed, 43 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch

diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch 
b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
new file mode 100644
index 00..9c9e688d43
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
@@ -0,0 +1,42 @@
+From 07eda55f336e5c44dfc0e4a1e21628faed7255fa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= 
+Date: Tue, 31 Oct 2017 18:32:46 +0100
+Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels
+
+Otherwise
+
+ for(i=0;ichannels;i++){
+  /* the encoder setup assumes that all the modes used by any
+ specific bitrate tweaking use the same floor */
+  int submap=info->chmuxlist[i];
+
+overreads later in mapping0_forward since chmuxlist is a fixed array of
+256 elements max.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14633
+
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
+
+Signed-off-by: Tanu Kaskinen 
+---
+ lib/info.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/info.c b/lib/info.c
+index e447a0c..81b7557 100644
+--- a/lib/info.c
 b/lib/info.c
+@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
+   oggpack_buffer opb;
+   private_state *b=v->backend_state;
+ 
+-  if(!b||vi->channels<=0){
++  if(!b||vi->channels<=0||vi->channels>256){
+ ret=OV_EFAULT;
+ goto err_out;
+   }
+-- 
+2.16.2
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb 
b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 56c5b0a9cb..73f9d1af2c 100644
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -12,6 +12,7 @@ DEPENDS = "libogg"
 
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
file://0001-configure-Check-for-clang.patch \
+   file://CVE-2017-14633.patch \
   "
 SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
 SRC_URI[sha256sum] = 
"54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
-- 
2.16.2

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [rocko][pyro][PATCH 2/3] libvorbis: CVE-2017-14632

[Tanu Kaskinen]

Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing
uninitialized memory in the function vorbis_analysis_headerout() in
info.c when vi->channels<=0, a similar issue to Mozilla bug 550184.

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632

Signed-off-by: Tanu Kaskinen 
---
 .../libvorbis/libvorbis/CVE-2017-14632.patch   | 62 ++
 .../libvorbis/libvorbis_1.3.5.bb   |  1 +
 2 files changed, 63 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch

diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch 
b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch
new file mode 100644
index 00..4036b966fe
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch
@@ -0,0 +1,62 @@
+From 39704ce16835e5c019bb03f6a94dc1f0677406c5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= 
+Date: Wed, 15 Nov 2017 18:22:59 +0100
+Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb
+ if not initialized
+
+If the number of channels is not within the allowed range
+we call oggback_writeclear altough it's not initialized yet.
+
+This fixes
+
+=23371== Invalid free() / delete / delete[] / realloc()
+==23371==at 0x4C2CE1B: free (vg_replace_malloc.c:530)
+==23371==by 0x829CA31: oggpack_writeclear (in 
/usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
+==23371==by 0x84B96EE: vorbis_analysis_headerout (info.c:652)
+==23371==by 0x9FBCBCC: ??? (in 
/usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
+==23371==by 0x4E524F1: ??? (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x4E52CCA: sox_open_write (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x10D82A: open_output_file (sox.c:1556)
+==23371==by 0x10D82A: process (sox.c:1753)
+==23371==by 0x10D82A: main (sox.c:3012)
+==23371==  Address 0x68768c8 is 488 bytes inside a block of size 880 
alloc'd
+==23371==at 0x4C2BB1F: malloc (vg_replace_malloc.c:298)
+==23371==by 0x4C2DE9F: realloc (vg_replace_malloc.c:785)
+==23371==by 0x4E545C2: lsx_realloc (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x9FBC9A0: ??? (in 
/usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
+==23371==by 0x4E524F1: ??? (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x4E52CCA: sox_open_write (in 
/usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
+==23371==by 0x10D82A: open_output_file (sox.c:1556)
+==23371==by 0x10D82A: process (sox.c:1753)
+==23371==by 0x10D82A: main (sox.c:3012)
+
+as seen when using the testcase from CVE-2017-11333 with
+008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was
+there before.
+
+Upstream-Status: Backport
+CVE: CVE-2017-14632
+
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=c1c2831fc7306d5fbd7bc800324efd12b28d327f
+
+Signed-off-by: Tanu Kaskinen 
+---
+ lib/info.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/info.c b/lib/info.c
+index 81b7557..4d82568 100644
+--- a/lib/info.c
 b/lib/info.c
+@@ -584,6 +584,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
+   private_state *b=v->backend_state;
+ 
+   if(!b||vi->channels<=0||vi->channels>256){
++b = NULL;
+ ret=OV_EFAULT;
+ goto err_out;
+   }
+-- 
+2.16.2
+
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb 
b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
index 73f9d1af2c..32e92f009a 100644
--- a/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
+++ b/meta/recipes-multimedia/libvorbis/libvorbis_1.3.5.bb
@@ -13,6 +13,7 @@ DEPENDS = "libogg"
 SRC_URI = "http://downloads.xiph.org/releases/vorbis/${BP}.tar.xz \
file://0001-configure-Check-for-clang.patch \
file://CVE-2017-14633.patch \
+   file://CVE-2017-14632.patch \
   "
 SRC_URI[md5sum] = "28cb28097c07a735d6af56e598e1c90f"
 SRC_URI[sha256sum] = 
"54f94a9527ff0a88477be0a71c0bab09a4c3febe0ed878b24824906cd4b0e1d1"
-- 
2.16.2

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [rocko][pyro][PATCH 0/3] libvorbis security fixes

[Tanu Kaskinen]

Here are some libvorbis CVE fixes cherry-picked from master. The bugs
affect at least rocko, pyro and morty, I haven't checked older stable
branches. I don't know in which libvorbis version the bugs were
introduced.

These patches apply to rocko and pyro. The patches don't apply cleanly
to morty, so I'll send the morty patches separately.

Tanu Kaskinen (3):
  libvorbis: CVE-2017-14633
  libvorbis: CVE-2017-14632
  libvorbis: CVE-2018-5146

 .../libvorbis/libvorbis/CVE-2017-14632.patch   |  62 +
 .../libvorbis/libvorbis/CVE-2017-14633.patch   |  42 +
 .../libvorbis/libvorbis/CVE-2018-5146.patch| 100 +
 .../libvorbis/libvorbis_1.3.5.bb   |   3 +
 4 files changed, 207 insertions(+)
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14632.patch
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
 create mode 100644 
meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-5146.patch

-- 
2.16.2

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH][RFC] pseudo: intercept syscall() and return ENOTSUP for renameat2

[Seebs]

On Fri, 30 Mar 2018 21:15:18 -0700
Andre McCurdy  wrote:
> Arguments passed by the caller will be put on the stack before any
> stack frame is created by the callee. You can argue about which way a
> stack grows (up or down) but however you define it, reading past the
> end of the arguments passed on the stack by the caller is never going
> to read into the stack frame created by the callee, so this can't have
> the intended affect.

I definitely think it's Probably Purely Superstitious, but I'm not sure
about this. I seem to recall at least one environment in which
consecutive parameters had increasing addresses, and local variables
had addresses higher still, so that somewhere past the address of the
Nth argument would be the address of a local variable. Given how many
insane calling conventions there are, I can't rule it out. (I do think
you're right about the compiler probably optimizing it away, although
they are not always as aggressive about that as you might expect them
to be.)

> This is probably going to work, but if the goal is to avoid reading
> more from the stack than the generic C code would do, it doesn't
> succeed.

I'm aware. The purpose is to (1) use the thing most expressive of
intent, (2) make sure that people know that this is not expected to be
portable. "__builtin_apply()" is fairly clear as to its *intent*, and
is unlikely to exist in a compatible calling convention in other
compilers.

> The "size" parameter to __builtin_apply() seems to simply
> specify how much argument data to copy from the stack frame passed
> byIt is not always simple to compute the proper value for size. the
> caller. Setting it to sizeof(long long) * 7 is safe (ie it will copy
> at least enough data from the stack frame passed by the caller, never
> less) as it covers both the corner cases where registers are long
> long (such as x32) and where _no_ arguments are passed in registers
> and everything needs to be copied from the stack. However, on 32bit
> targets (where registers are smaller than long long) and on any
> target where _some_ arguments are passed via registers, it will cause
> more data to be read from the stack than the generic C code would.

Yes, it will. As the documentation says: "It is not always simple to
compute the proper value for size."

I do think this is currently too large; specifically, it looks as
though right now there's a hard limit of 6 register-sized things, and
anything that takes off_t or similar types has fewer than 6 arguments.

So 6 * sizeof(off_t) or so is probably actually sufficient, if that
stays true, but I don't see a feature test macro for it...

> e.g. on 32bit ARM where the first 4 integer arguments are passed via
> registers, the optimum value for __builtin_apply() "size" in order to
> pass through 1 syscall number and 6 additional register sized
> arguments would be sizeof(long) * 3.

That seems probable, yes.

> typedef long syscall_arg_t; /* fixme: wrong for x32 */

Yes.

That's the problem: There's no sane way to express "the size that you
would have gotten for these arguments of unknown types", so I
intentionally went with something that may well be too long, but will
not be too short.

> (Note in the code was compiled with -mfloat-abi=soft to avoid
> __builtin_apply() needing to save and restore all floating point
> registers - which doesn't affect the amount of data read from the
> stack, but makes the assembler more than twice as long...).

And I don't *think* any syscalls take float arguments, but I don't
know that this is not only true now, but going to stay true.

-s
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH][RFC] pseudo: intercept syscall() and return ENOTSUP for renameat2

[Andre McCurdy]

On Wed, Mar 28, 2018 at 2:15 AM, Burton, Ross  wrote:
> With this patch I was getting occasional failures of the pseudo-using
> bitbake-worker, so its not quite ready, but Peter is working on a
> better form anyway.

The "better form" seems to have been committed to the pseudo master
branch. Very interesting...

+long
+syscall(long number, ...) {
+   /* In a fit of optimism, I imagine that if we didn't get at least 7
+* arguments, reading past the ones we did get will read into this
+* space and maybe not clash with or overlap with any later-declared
+* values. This isn't really a guarantee, and is probably just
+* superstition.
+*/
+   unsigned long long padding[7];
+   (void) padding;

Arguments passed by the caller will be put on the stack before any
stack frame is created by the callee. You can argue about which way a
stack grows (up or down) but however you define it, reading past the
end of the arguments passed on the stack by the caller is never going
to read into the stack frame created by the callee, so this can't have
the intended affect.

Also... any compiler from at least the past 20 years or so is going to
optimise away unused variables, so this does precisely nothing anyway.

+   /* gcc magic to attempt to just pass these args to syscall. we have to
+* guess about the number of args; the docs discuss calling conventions
+* up to 7, so let's try that?
+*/
+   void *res = __builtin_apply((void (*)()) real_syscall,
__builtin_apply_args(), sizeof(long long) * 7);
+   __builtin_return(res);

This is probably going to work, but if the goal is to avoid reading
more from the stack than the generic C code would do, it doesn't
succeed. The "size" parameter to __builtin_apply() seems to simply
specify how much argument data to copy from the stack frame passed by
the caller. Setting it to sizeof(long long) * 7 is safe (ie it will
copy at least enough data from the stack frame passed by the caller,
never less) as it covers both the corner cases where registers are
long long (such as x32) and where _no_ arguments are passed in
registers and everything needs to be copied from the stack. However,
on 32bit targets (where registers are smaller than long long) and on
any target where _some_ arguments are passed via registers, it will
cause more data to be read from the stack than the generic C code
would.

e.g. on 32bit ARM where the first 4 integer arguments are passed via
registers, the optimum value for __builtin_apply() "size" in order to
pass through 1 syscall number and 6 additional register sized
arguments would be sizeof(long) * 3.

A simple test built for 32bit ARM seems to confirm that. The generic
code unconditionally reads 12 bytes from the stack frame passed by the
caller. The code now in pseudo master unconditionally reads 56 bytes.

$ cat tst.c
#include 

extern int real_syscall();

typedef long syscall_arg_t; /* fixme: wrong for x32 */

int wrapper_generic (long int n, ...)
{
va_list ap;
syscall_arg_t a,b,c,d,e,f;
va_start(ap, n);
a=va_arg(ap, syscall_arg_t);
b=va_arg(ap, syscall_arg_t);
c=va_arg(ap, syscall_arg_t);
d=va_arg(ap, syscall_arg_t);
e=va_arg(ap, syscall_arg_t);
f=va_arg(ap, syscall_arg_t);
va_end(ap);
return real_syscall(n,a,b,c,d,e,f);
}

int wrapper_gcc_specific (long int n, ...)
{
void *res = __builtin_apply((void (*)()) real_syscall,
__builtin_apply_args(), sizeof(long long) * 7);
__builtin_return(res);
}

$ arm-linux-gnueabi-objdump -d tst.o

tst.o: file format elf32-littlearm

Disassembly of section .text:

 :
   0:e92d000f push{r0, r1, r2, r3}
   4:e92d407f push{r0, r1, r2, r3, r4, r5, r6, lr}
   8:e28d0020 addr0, sp, #32
   c:e59d3038 ldrr3, [sp, #56]; 0x38
  10:e28d2024 addr2, sp, #36; 0x24
  14:e58d2014 strr2, [sp, #20]
  18:e58d3008 strr3, [sp, #8]
  1c:e59d3034 ldrr3, [sp, #52]; 0x34
  20:e58d3004 strr3, [sp, #4]
  24:e59d3030 ldrr3, [sp, #48]; 0x30
  28:e58d3000 strr3, [sp]
  2c:e89f ldmr0, {r0, r1, r2, r3}
  30:ebfe bl0 
  34:e28dd01c addsp, sp, #28
  38:e49de004 pop{lr}; (ldr lr, [sp], #4)
  3c:e28dd010 addsp, sp, #16
  40:e12fff1e bxlr

0044 :
  44:e92d000f push{r0, r1, r2, r3}
  48:e92d4830 push{r4, r5, fp, lr}
  4c:e28db00c addfp, sp, #12
  50:e24b400c subr4, fp, #12
  54:e28bc014 addip, fp, #20
  58:e24dd028 subsp, sp, #40; 0x28
  5c:e50b0020 strr0, [fp, #-32]; 0xffe0
  60:e1a0500d movr5, sp
  64:e50b101c strr1, [fp, #-28]; 0xffe4
  68:e24dd040 subsp, sp, #64; 0x40
  6c:e50b2018 strr2, [fp, #-24]; 

Re: [OE-core] [PATCH] linux-yocto_4.14.bb: fix for deterministic srcversion

[Bruce Ashfield]

On Fri, Mar 30, 2018 at 7:16 PM, Khem Raj  wrote:
> On Fri, Mar 30, 2018 at 1:51 PM, Juro Bystricky
>  wrote:
>> "srcversion" field inserted into module modinfo section contains a
>> sum of the source files which made it. However, this field can
>> be incorrect. Building the same module can end up having inconsistent
>> srcversion field eventhough the sources remain the same.
>>
>> This basically negates the whole purpose of the field srcversion,
>> and breaks build reproducibility as well.
>>
>> The problem is fairly easy reproduceable by comparing "srcversion" of
>> kernel modules built in a workplace of a short directory name with
>> "srcversion" of the same modules built in a workplace of a fairly long
>> directory name.
>>
>> The reason for incorrect srcversion is that some source files can be
>> simply silently skipped from the checksum calculation due to limited
>> buffer space for line parsing.
>>
>> [YOCTO #12544]
>>
>> Signed-off-by: Juro Bystricky 
>> ---
>>  .../modpost-srcversion-sometimes-incorrect.patch   | 48 
>> ++
>>  meta/recipes-kernel/linux/linux-yocto_4.14.bb  |  4 +-
>>  2 files changed, 51 insertions(+), 1 deletion(-)
>>  create mode 100644 
>> meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
>>
>> diff --git 
>> a/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
>>  
>> b/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
>> new file mode 100644
>> index 000..1680293
>> --- /dev/null
>> +++ 
>> b/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
>> @@ -0,0 +1,48 @@
>> +"srcversion" field inserted into module modinfo section contains a
>> +sum of the source files which made it. However, this field can
>> +be incorrect. Building the same module can end up having inconsistent
>> +srcversion field eventhough the sources remain the same.
>> +This can be reproduced by building modules in a deeply nested directory,
>> +but other factors contribute as well.
>> +
>> +The reason for incorrect srcversion is that some source files can be
>> +simply silently skipped from the checksum calculation due to limited
>> +buffer space for line parsing.
>> +
>> +This patch addresses two issues:
>> +
>> +1. Allocates a larger line buffer (32k vs 4k).
>> +2. Issues a warning if a line length exceeds the line buffer.
>> +
>> +Upstream-Status: Submitted [https://patchwork.kernel.org/patch/10318141/]
>> +Signed-off-by: Juro Bystricky 
>> +
>> +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
>> +index 9917f92..955f26e 100644
>> +--- a/scripts/mod/modpost.c
>>  b/scripts/mod/modpost.c
>> +@@ -385,9 +385,10 @@ void *grab_file(const char *filename, unsigned long 
>> *size)
>> +   * spaces in the beginning of the line is trimmed away.
>> +   * Return a pointer to a static buffer.
>> +   **/
>> ++#define MODPOST_MAX_LINE 32768
>> + char *get_next_line(unsigned long *pos, void *file, unsigned long size)
>> + {
>> +-  static char line[4096];
>> ++  static char line[MODPOST_MAX_LINE];
>> +   int skip = 1;
>> +   size_t len = 0;
>> +   signed char *p = (signed char *)file + *pos;
>> +@@ -402,8 +403,11 @@ char *get_next_line(unsigned long *pos, void *file, 
>> unsigned long size)
>> +   if (*p != '\n' && (*pos < size)) {
>> +   len++;
>> +   *s++ = *p++;
>> +-  if (len > 4095)
>> ++  if (len > (sizeof(line)-1)) {
>> ++  warn(" %s: line exceeds buffer size %zu 
>> bytes\n"
>> ++   , __func__, sizeof(line));
>> +   break; /* Too long, stop */
>> ++  }
>
> this should be upstreamed into kernel as well.

Yup. Juro had this in the actual patch:

Upstream-Status: Submitted [https://patchwork.kernel.org/patch/10318141/]

So we can watch its progress as well.

Bruce

> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core



-- 
"Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end"
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] linux-yocto_4.14.bb: fix for deterministic srcversion

[Khem Raj]

On Fri, Mar 30, 2018 at 1:51 PM, Juro Bystricky
 wrote:
> "srcversion" field inserted into module modinfo section contains a
> sum of the source files which made it. However, this field can
> be incorrect. Building the same module can end up having inconsistent
> srcversion field eventhough the sources remain the same.
>
> This basically negates the whole purpose of the field srcversion,
> and breaks build reproducibility as well.
>
> The problem is fairly easy reproduceable by comparing "srcversion" of
> kernel modules built in a workplace of a short directory name with
> "srcversion" of the same modules built in a workplace of a fairly long
> directory name.
>
> The reason for incorrect srcversion is that some source files can be
> simply silently skipped from the checksum calculation due to limited
> buffer space for line parsing.
>
> [YOCTO #12544]
>
> Signed-off-by: Juro Bystricky 
> ---
>  .../modpost-srcversion-sometimes-incorrect.patch   | 48 
> ++
>  meta/recipes-kernel/linux/linux-yocto_4.14.bb  |  4 +-
>  2 files changed, 51 insertions(+), 1 deletion(-)
>  create mode 100644 
> meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
>
> diff --git 
> a/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
>  
> b/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
> new file mode 100644
> index 000..1680293
> --- /dev/null
> +++ 
> b/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
> @@ -0,0 +1,48 @@
> +"srcversion" field inserted into module modinfo section contains a
> +sum of the source files which made it. However, this field can
> +be incorrect. Building the same module can end up having inconsistent
> +srcversion field eventhough the sources remain the same.
> +This can be reproduced by building modules in a deeply nested directory,
> +but other factors contribute as well.
> +
> +The reason for incorrect srcversion is that some source files can be
> +simply silently skipped from the checksum calculation due to limited
> +buffer space for line parsing.
> +
> +This patch addresses two issues:
> +
> +1. Allocates a larger line buffer (32k vs 4k).
> +2. Issues a warning if a line length exceeds the line buffer.
> +
> +Upstream-Status: Submitted [https://patchwork.kernel.org/patch/10318141/]
> +Signed-off-by: Juro Bystricky 
> +
> +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> +index 9917f92..955f26e 100644
> +--- a/scripts/mod/modpost.c
>  b/scripts/mod/modpost.c
> +@@ -385,9 +385,10 @@ void *grab_file(const char *filename, unsigned long 
> *size)
> +   * spaces in the beginning of the line is trimmed away.
> +   * Return a pointer to a static buffer.
> +   **/
> ++#define MODPOST_MAX_LINE 32768
> + char *get_next_line(unsigned long *pos, void *file, unsigned long size)
> + {
> +-  static char line[4096];
> ++  static char line[MODPOST_MAX_LINE];
> +   int skip = 1;
> +   size_t len = 0;
> +   signed char *p = (signed char *)file + *pos;
> +@@ -402,8 +403,11 @@ char *get_next_line(unsigned long *pos, void *file, 
> unsigned long size)
> +   if (*p != '\n' && (*pos < size)) {
> +   len++;
> +   *s++ = *p++;
> +-  if (len > 4095)
> ++  if (len > (sizeof(line)-1)) {
> ++  warn(" %s: line exceeds buffer size %zu 
> bytes\n"
> ++   , __func__, sizeof(line));
> +   break; /* Too long, stop */
> ++  }

this should be upstreamed into kernel as well.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] linux-yocto_4.14.bb: fix for deterministic srcversion

[Bystricky, Juro]

I have also tested it with git linux, about v16-rc1 
(581e400ff935d34d95811258586128bf11baef15 to be exact) .
I agree there should be a better way than SRC_URI. The patched code is, I 
believe, pretty ancient so the problem
has been around for a long time.

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for linux-yocto_4.14.bb: fix for deterministic srcversion

[Patchwork]

== Series Details ==

Series: linux-yocto_4.14.bb: fix for deterministic srcversion
Revision: 1
URL   : https://patchwork.openembedded.org/series/11626/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue Series does not apply on top of target branch 
[test_series_merge_on_head] 
  Suggested fixRebase your series on top of targeted branch
  Targeted branch  master (currently at d6c13a5ff4)



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] linux-yocto_4.14.bb: fix for deterministic srcversion

[Bruce Ashfield]

On Fri, Mar 30, 2018 at 4:51 PM, Juro Bystricky
 wrote:
> "srcversion" field inserted into module modinfo section contains a
> sum of the source files which made it. However, this field can
> be incorrect. Building the same module can end up having inconsistent
> srcversion field eventhough the sources remain the same.
>
> This basically negates the whole purpose of the field srcversion,
> and breaks build reproducibility as well.
>
> The problem is fairly easy reproduceable by comparing "srcversion" of
> kernel modules built in a workplace of a short directory name with
> "srcversion" of the same modules built in a workplace of a fairly long
> directory name.
>
> The reason for incorrect srcversion is that some source files can be
> simply silently skipped from the checksum calculation due to limited
> buffer space for line parsing.
>
> [YOCTO #12544]
>
> Signed-off-by: Juro Bystricky 
> ---
>  .../modpost-srcversion-sometimes-incorrect.patch   | 48 
> ++
>  meta/recipes-kernel/linux/linux-yocto_4.14.bb  |  4 +-
>  2 files changed, 51 insertions(+), 1 deletion(-)
>  create mode 100644 
> meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
>
> diff --git 
> a/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
>  
> b/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
> new file mode 100644
> index 000..1680293
> --- /dev/null
> +++ 
> b/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
> @@ -0,0 +1,48 @@
> +"srcversion" field inserted into module modinfo section contains a
> +sum of the source files which made it. However, this field can
> +be incorrect. Building the same module can end up having inconsistent
> +srcversion field eventhough the sources remain the same.
> +This can be reproduced by building modules in a deeply nested directory,
> +but other factors contribute as well.
> +
> +The reason for incorrect srcversion is that some source files can be
> +simply silently skipped from the checksum calculation due to limited
> +buffer space for line parsing.
> +
> +This patch addresses two issues:
> +
> +1. Allocates a larger line buffer (32k vs 4k).
> +2. Issues a warning if a line length exceeds the line buffer.
> +
> +Upstream-Status: Submitted [https://patchwork.kernel.org/patch/10318141/]
> +Signed-off-by: Juro Bystricky 
> +
> +diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
> +index 9917f92..955f26e 100644
> +--- a/scripts/mod/modpost.c
>  b/scripts/mod/modpost.c
> +@@ -385,9 +385,10 @@ void *grab_file(const char *filename, unsigned long 
> *size)
> +   * spaces in the beginning of the line is trimmed away.
> +   * Return a pointer to a static buffer.
> +   **/
> ++#define MODPOST_MAX_LINE 32768
> + char *get_next_line(unsigned long *pos, void *file, unsigned long size)
> + {
> +-  static char line[4096];
> ++  static char line[MODPOST_MAX_LINE];
> +   int skip = 1;
> +   size_t len = 0;
> +   signed char *p = (signed char *)file + *pos;
> +@@ -402,8 +403,11 @@ char *get_next_line(unsigned long *pos, void *file, 
> unsigned long size)
> +   if (*p != '\n' && (*pos < size)) {
> +   len++;
> +   *s++ = *p++;
> +-  if (len > 4095)
> ++  if (len > (sizeof(line)-1)) {
> ++  warn(" %s: line exceeds buffer size %zu 
> bytes\n"
> ++   , __func__, sizeof(line));
> +   break; /* Too long, stop */
> ++  }
> +   } else {
> +   /* End of string */
> +   *s = '\0';
> diff --git a/meta/recipes-kernel/linux/linux-yocto_4.14.bb 
> b/meta/recipes-kernel/linux/linux-yocto_4.14.bb
> index ba5e356..6c0a88f 100644
> --- a/meta/recipes-kernel/linux/linux-yocto_4.14.bb
> +++ b/meta/recipes-kernel/linux/linux-yocto_4.14.bb
> @@ -22,7 +22,9 @@ SRCREV_machine ?= "edc90f45a716ffe8e16cebaaf3b5db070af0280a"
>  SRCREV_meta ?= "5f6c3e32365bffb1993c0c62abf2c5bb8916a57f"
>
>  SRC_URI = 
> "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
> -   
> git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}"
> +   
> git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}
>  \
> +   file://modpost-srcversion-sometimes-incorrect.patch \

I can carry this directly in the impacted linux-yocto trees, but not
like this in
the SRC_URIs.

I'll queue it and test over the weekend and will send SRCREV updates
early next week.

Have you tried it on more than 4.14 ? I'll test it across all the versions I
support, but hearing how it has already been tested is helpful.

Bruce

> +   "
>
>  LINUX_VERSION ?= 

[OE-core] [PATCH] linux-yocto_4.14.bb: fix for deterministic srcversion

[Juro Bystricky]

"srcversion" field inserted into module modinfo section contains a
sum of the source files which made it. However, this field can
be incorrect. Building the same module can end up having inconsistent
srcversion field eventhough the sources remain the same.

This basically negates the whole purpose of the field srcversion,
and breaks build reproducibility as well.

The problem is fairly easy reproduceable by comparing "srcversion" of
kernel modules built in a workplace of a short directory name with
"srcversion" of the same modules built in a workplace of a fairly long
directory name.

The reason for incorrect srcversion is that some source files can be
simply silently skipped from the checksum calculation due to limited
buffer space for line parsing.

[YOCTO #12544]

Signed-off-by: Juro Bystricky 
---
 .../modpost-srcversion-sometimes-incorrect.patch   | 48 ++
 meta/recipes-kernel/linux/linux-yocto_4.14.bb  |  4 +-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 
meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch

diff --git 
a/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch 
b/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
new file mode 100644
index 000..1680293
--- /dev/null
+++ 
b/meta/recipes-kernel/linux/files/modpost-srcversion-sometimes-incorrect.patch
@@ -0,0 +1,48 @@
+"srcversion" field inserted into module modinfo section contains a
+sum of the source files which made it. However, this field can
+be incorrect. Building the same module can end up having inconsistent
+srcversion field eventhough the sources remain the same.
+This can be reproduced by building modules in a deeply nested directory,
+but other factors contribute as well.
+
+The reason for incorrect srcversion is that some source files can be
+simply silently skipped from the checksum calculation due to limited
+buffer space for line parsing.
+
+This patch addresses two issues:
+
+1. Allocates a larger line buffer (32k vs 4k).
+2. Issues a warning if a line length exceeds the line buffer.
+
+Upstream-Status: Submitted [https://patchwork.kernel.org/patch/10318141/]
+Signed-off-by: Juro Bystricky 
+
+diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
+index 9917f92..955f26e 100644
+--- a/scripts/mod/modpost.c
 b/scripts/mod/modpost.c
+@@ -385,9 +385,10 @@ void *grab_file(const char *filename, unsigned long *size)
+   * spaces in the beginning of the line is trimmed away.
+   * Return a pointer to a static buffer.
+   **/
++#define MODPOST_MAX_LINE 32768
+ char *get_next_line(unsigned long *pos, void *file, unsigned long size)
+ {
+-  static char line[4096];
++  static char line[MODPOST_MAX_LINE];
+   int skip = 1;
+   size_t len = 0;
+   signed char *p = (signed char *)file + *pos;
+@@ -402,8 +403,11 @@ char *get_next_line(unsigned long *pos, void *file, 
unsigned long size)
+   if (*p != '\n' && (*pos < size)) {
+   len++;
+   *s++ = *p++;
+-  if (len > 4095)
++  if (len > (sizeof(line)-1)) {
++  warn(" %s: line exceeds buffer size %zu bytes\n"
++   , __func__, sizeof(line));
+   break; /* Too long, stop */
++  }
+   } else {
+   /* End of string */
+   *s = '\0';
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.14.bb 
b/meta/recipes-kernel/linux/linux-yocto_4.14.bb
index ba5e356..6c0a88f 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.14.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.14.bb
@@ -22,7 +22,9 @@ SRCREV_machine ?= "edc90f45a716ffe8e16cebaaf3b5db070af0280a"
 SRCREV_meta ?= "5f6c3e32365bffb1993c0c62abf2c5bb8916a57f"
 
 SRC_URI = 
"git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
-   
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}"
+   
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.14;destsuffix=${KMETA}
 \
+   file://modpost-srcversion-sometimes-incorrect.patch \
+   "
 
 LINUX_VERSION ?= "4.14.24"
 
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for autoconf-archive: update to version to 2018.03.13

[Patchwork]

== Series Details ==

Series: autoconf-archive: update to version to 2018.03.13
Revision: 1
URL   : https://patchwork.openembedded.org/series/11625/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue LIC_FILES_CHKSUM changed on target autoconf-archive but 
there is no "License-Update" tag in commit message 
[test_lic_files_chksum_modified_not_mentioned] 
  Suggested fixInclude "License-Update: " into the commit 
message with a brief description
  Current checksum file://COPYING;md5=d32239bcb673463ab874e80d47fae504 
file://COPYING.EXCEPTION;md5=fdef168ebff3bc2f13664c365a5fb515
  New checksum file://COPYING;md5=11cc2d3ee574f9d6b7ee797bdce4d423 
file://COPYING.EXCEPTION;md5=fdef168ebff3bc2f13664c365a5fb515



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] autoconf-archive: update to version to 2018.03.13

[Brad Bishop]

2016.09.16 -> 2018.03.13

s/http/https/ in the license requires md5sum update.

Signed-off-by: Brad Bishop 
---
 ...utoconf-archive_2016.09.16.bb => autoconf-archive_2018.03.13.bb} | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename meta/recipes-devtools/autoconf-archive/{autoconf-archive_2016.09.16.bb 
=> autoconf-archive_2018.03.13.bb} (66%)

diff --git 
a/meta/recipes-devtools/autoconf-archive/autoconf-archive_2016.09.16.bb 
b/meta/recipes-devtools/autoconf-archive/autoconf-archive_2018.03.13.bb
similarity index 66%
rename from 
meta/recipes-devtools/autoconf-archive/autoconf-archive_2016.09.16.bb
rename to meta/recipes-devtools/autoconf-archive/autoconf-archive_2018.03.13.bb
index 89d57ac079..7d62e52ab8 100644
--- a/meta/recipes-devtools/autoconf-archive/autoconf-archive_2016.09.16.bb
+++ b/meta/recipes-devtools/autoconf-archive/autoconf-archive_2018.03.13.bb
@@ -2,12 +2,12 @@ SUMMARY = "a collection of freely re-usable Autoconf macros"
 HOMEPAGE = "http://www.gnu.org/software/autoconf-archive/;
 SECTION = "devel"
 LICENSE = "GPL-3.0-with-autoconf-exception"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
+LIC_FILES_CHKSUM = "file://COPYING;md5=11cc2d3ee574f9d6b7ee797bdce4d423 \
 file://COPYING.EXCEPTION;md5=fdef168ebff3bc2f13664c365a5fb515"
 
 SRC_URI = "${GNU_MIRROR}/${BPN}/${BPN}-${PV}.tar.xz"
-SRC_URI[md5sum] = "bf19d4cddce260b3c3e1d51d42509071"
-SRC_URI[sha256sum] = 
"e8f2efd235f842bad2f6938bf4a72240a5e5fcd248e8444335e63beb60fabd82"
+SRC_URI[md5sum] = "46b13a5936372297b6d49980327a3c35"
+SRC_URI[sha256sum] = 
"6175f90d9fa64c4d939bdbb3e8511ae0ee2134863a2c7bf8d9733819efa6e159"
 
 inherit autotools allarch
 
-- 
2.14.3
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] uninative: add variables to the whitelist so that it does not re-triger recipe parsing

[Cuero Bugot]

> > > On Fri, Mar 16, 2018 at 10:31 AM Cuero Bugot 
> > >  wrote:
> > > When uninative is activated (poky's default) internal datastore 
> > > variables are modified (NATIVELSBSTRING and SSTATEPOSTUNPACKFUNCS) 
> > > to enable uninative support. This is happening after parsing is done at 
> > > the beginning of the build. On the next bitbake call the recipe would be 
> > > parsed if the two variables above were not added to the parsing whitelist 
> > > BB_HASHCONFIG_WHITELIST.
> > >
> > > The fix is to add these two variables to the recipe parsing 
> > > whitelist BB_HASHCONFIG_WHITELIST, this is done at recipe parsing time, 
> > > only when uninative.bbclass is used.
>
> > It seems you have a case where data is already parsed and then 
> > uninstive is enabled after this the reparse is happening. Or is it 
> > always happening when uninative is enabled
>
> It is always happening when uninative is enabled (which is poky's default). 
> The 2 first times you build you will have a full recipe parsing.
> The reason is that the data is effectively modified on reception of 
> BuildStarted event that happens after the parsing is done. Next time you run 
> bitbake, the datastore signature is different and thus retrigger a recipe 
> aprsing.

Anything I could do help make merge-in this proposal?

Thx,
Cuero
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] question about libgcrypt

[Anuj Mittal]

Hi Ruoqin,

On 03/30/2018 06:10 PM, Zheng, Ruoqin wrote:
> Hi,
> 
> I got the following error when building wireshark 2.4.5 during do_configure,
>   ..
>  | checking for libgcrypt-config... 
> /yocto/work001/fnst/huangqy/upgrade/build/tmp/work/i586-poky-linux/wireshark/1_2.4.5-r0/recipe-sysroot/usr/bin/crossscripts/libgcrypt-config
>  | checking for LIBGCRYPT - version >= 1.4.2... ERROR: 
> /usr/bin/libgcrypt-config should not be used, use an alternative such as 
> pkg-config
>  | ../wireshark-2.4.5/configure: line 20214: test: 
> --should-not-have-used-/usr/bin/libgcrypt-config: integer expression expected
>  | ../wireshark-2.4.5/configure: line 20217: test: 
> --should-not-have-used-/usr/bin/libgcrypt-config: integer expression expected
>  .

You will have to change wireshark configure to use pkg-config for
libgcrypt instead of relying on binconfig file to get the version and flags.

Thanks,

Anuj
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] question about libgcrypt

[Zheng, Ruoqin]

Hi,

I got the following error when building wireshark 2.4.5 during do_configure,
  ..
 | checking for libgcrypt-config... 
/yocto/work001/fnst/huangqy/upgrade/build/tmp/work/i586-poky-linux/wireshark/1_2.4.5-r0/recipe-sysroot/usr/bin/crossscripts/libgcrypt-config
 | checking for LIBGCRYPT - version >= 1.4.2... ERROR: 
/usr/bin/libgcrypt-config should not be used, use an alternative such as 
pkg-config
 | ../wireshark-2.4.5/configure: line 20214: test: 
--should-not-have-used-/usr/bin/libgcrypt-config: integer expression expected
 | ../wireshark-2.4.5/configure: line 20217: test: 
--should-not-have-used-/usr/bin/libgcrypt-config: integer expression expected
 .

And I found it's caused by libgcrypt-config as follows

 #!/bin/sh
 echo 'ERROR: /usr/bin/libgcrypt-config should not be used, use an 
alternative such as pkg-config' >&2
 echo '--should-not-have-used-/usr/bin/libgcrypt-config'
 exit 1

I think this error is caused by libgcrypt, it creates the wrong file, does 
anyone have any idea about this?

--
Zheng Ruoqin
Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST)
ADDR.: No.6 Wenzhu Road, Software Avenue,
   Nanjing, 210012, China
MAIL : zhengrq.f...@cn.fujistu.com




-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [morty][PATCH] lib/oe/terminal.py: use an absolute path to execute oe-gnome-terminal-phonehome

[Richard Purdie]

On Wed, 2018-03-28 at 15:55 -0700, Andre McCurdy wrote:
> On Fri, Mar 9, 2018 at 8:15 PM, Andre McCurdy 
> wrote:
> > 
> > On Wed, Feb 21, 2018 at 1:40 PM, Andre McCurdy  > > wrote:
> > > 
> > > On Tue, Jan 23, 2018 at 12:16 PM, Andre McCurdy  > > com> wrote:
> > > > 
> > > > On Tue, Dec 5, 2017 at 5:35 PM, Andre McCurdy  > > > com> wrote:
> > > > > 
> > > > > From: Ming Liu 
> > > > > 
> > > > > A flaw was found on my Ubuntu 14.04.5 LTS, on which that
> > > > > gnome-terminal is
> > > > > the default terminal, when I run any of the tasks:
> > > > > bitbake busybox -c menuconfig/devshell/devpyshell
> > > > > bitbake virtual/kernel -c menuconfig/devshell/devpyshell
> > > > > 
> > > > > I got a error as follows:
> > > > > "Failed to execute child process "oe-gnome-terminal-
> > > > > phonehome" (No such file or directory)"
> > > > > 
> > > > > Seems the environment of the process calling Popen is not
> > > > > passed to the
> > > > > child process, this behaviour is a known issue in Python bug
> > > > > tracker:
> > > > > http://bugs.python.org/issue8557
> > > > > 
> > > > > It could be fixed by using an absolute path instead per test.
> > > > Ping.
> > > Ping again.
> > And again...
> > 
> > It looks like this (and a couple of other patches) made it as far
> > as:
> > 
> >   http://git.openembedded.org/openembedded-core-contrib/log/?h=stab
> > le/morty-next
> > 
> > but then got stuck or forgotten?
> Ping number four.
> 
> As an interesting data point, it's now over 20 months since the bug
> was introduced and first reported on the mailing list:
> 
>   http://lists.openembedded.org/pipermail/openembedded-core/2016-July
> /124215.html

Sorry, I think the problem is my mail archives don't seem to have this
original patch. Each time there is a ping, I go and try and find it,
get confused and then get distracted. I have no idea why this isn't
there.

I've queued it in morty-next which should give some hope to this
getting sorted, assuming we can fix the other morty breakage and get
clean builds.

Cheers,

Richard


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH V2 5/7] dhcp: 4.3.6 -> 4.4.1

[Hongxu Jia]

1. Rebase 0004, 0007, 0010

2. Rework 0008 to support external bind

3. Drop backported 
0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch

License-Update: "ISC" -> "MPL-2.0"

Signed-off-by: Hongxu Jia 
---
 meta/recipes-connectivity/dhcp/dhcp.inc|   4 +-
 ...o-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch |   6 +-
 .../dhcp/dhcp/0002-dhclient-dbus.patch |  10 +-
 .../dhcp/dhcp/0003-link-with-lcrypto.patch |   6 +-
 .../dhcp/dhcp/0004-Fix-out-of-tree-builds.patch|  87 +
 ...-fix-invoke-dhclient-script-failed-on-Rea.patch |   4 +-
 .../dhcp/0006-site.h-enable-gentle-shutdown.patch  |   6 +-
 ...re-argument-to-make-the-libxml2-dependenc.patch |  16 +-
 .../dhcp/0008-tweak-to-support-external-bind.patch | 161 ++--
 ...09-remove-dhclient-script-bash-dependency.patch |   4 +-
 .../dhcp/dhcp/0010-build-shared-libs.patch | 210 -
 ...all-to-isc_app_ctxstart-to-not-get-signal.patch |  81 
 ...correct-the-intention-for-xml2-lib-search.patch |  10 +-
 .../dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb}  |   5 +-
 14 files changed, 227 insertions(+), 383 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
 rename meta/recipes-connectivity/dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb} (79%)

diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc 
b/meta/recipes-connectivity/dhcp/dhcp.inc
index e943707..bb2c71b 100644
--- a/meta/recipes-connectivity/dhcp/dhcp.inc
+++ b/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -7,8 +7,8 @@ easier to administer devices."
 
 HOMEPAGE = "http://www.isc.org/;
 
-LICENSE = "ISC"
-LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=4;md5=004a4db50a1e20972e924a8618747c01"
 
 DEPENDS = "openssl bind"
 
diff --git 
a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
 
b/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
index e5b3cf9..823e8ad 100644
--- 
a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
+++ 
b/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
@@ -1,4 +1,4 @@
-From 7cc29144535a622fc671dc86eb1da65b0473a7c4 Mon Sep 17 00:00:00 2001
+From 0f6deb81b3ea989dc5c71ad3ddf7a713c9a0bea7 Mon Sep 17 00:00:00 2001
 From: Hongxu Jia 
 Date: Tue, 15 Aug 2017 16:14:22 +0800
 Subject: [PATCH 01/11] define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF
@@ -12,10 +12,10 @@ Signed-off-by: Hongxu Jia 
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/includes/site.h b/includes/site.h
-index b2f7fd7..280fbb9 100644
+index 2ef69e4..b4dd2e4 100644
 --- a/includes/site.h
 +++ b/includes/site.h
-@@ -149,7 +149,8 @@
+@@ -148,7 +148,8 @@
  /* Define this if you want the dhcpd.conf file to go somewhere other than
 the default location.   By default, it goes in /etc/dhcpd.conf. */
  
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch 
b/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
index 101c33f..44d2301 100644
--- a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
+++ b/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
@@ -1,4 +1,4 @@
-From be7540d31c356e80ee02e90e8bf162b7ac6e5ba5 Mon Sep 17 00:00:00 2001
+From 4514f02e4bbd33d9136ed4522f508d64c7ec9249 Mon Sep 17 00:00:00 2001
 From: Hongxu Jia 
 Date: Tue, 15 Aug 2017 14:56:56 +0800
 Subject: [PATCH 02/11] dhclient dbus
@@ -33,7 +33,7 @@ index d69d0d8..095b143 100755
  }
  
 diff --git a/client/scripts/freebsd b/client/scripts/freebsd
-index 8f3e2a2..ad7fb44 100755
+index 7c073f8..b3426bf 100755
 --- a/client/scripts/freebsd
 +++ b/client/scripts/freebsd
 @@ -89,6 +89,11 @@ exit_with_hooks() {
@@ -49,7 +49,7 @@ index 8f3e2a2..ad7fb44 100755
  }
  
 diff --git a/client/scripts/linux b/client/scripts/linux
-index 5fb1612..3d447b6 100755
+index 0c42969..cded38f 100755
 --- a/client/scripts/linux
 +++ b/client/scripts/linux
 @@ -174,6 +174,11 @@ exit_with_hooks() {
@@ -65,7 +65,7 @@ index 5fb1612..3d447b6 100755
  }
  
 diff --git a/client/scripts/netbsd b/client/scripts/netbsd
-index 07383b7..aaba8e8 100755
+index fa08637..3628418 100755
 --- a/client/scripts/netbsd
 +++ b/client/scripts/netbsd
 @@ -45,6 +45,11 @@ exit_with_hooks() {
@@ -81,7 +81,7 @@ index 07383b7..aaba8e8 100755
  }
  
 diff --git a/client/scripts/openbsd b/client/scripts/openbsd
-index e7f4746..56b980c 100644
+index afb7924..57c80d4 100755
 --- a/client/scripts/openbsd
 +++ b/client/scripts/openbsd
 @@ -45,6 +45,11 @@ exit_with_hooks() {
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0003-link-with-lcrypto.patch 

[OE-core] [PATCH V2 4/7] libgpg-error: 1.27 -> 1.28

[Hongxu Jia]

- Rebase pkgconfig.patch

License-Update: copyright years

Signed-off-by: Hongxu Jia 
---
 .../libgpg-error/libgpg-error/pkgconfig.patch  | 67 +-
 .../{libgpg-error_1.27.bb => libgpg-error_1.28.bb} |  6 +-
 2 files changed, 44 insertions(+), 29 deletions(-)
 rename meta/recipes-support/libgpg-error/{libgpg-error_1.27.bb => 
libgpg-error_1.28.bb} (88%)

diff --git a/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch 
b/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
index 9ffeedb..3066613 100644
--- a/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
+++ b/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
@@ -1,15 +1,26 @@
-
-#
-# Patch managed by http://www.mn-logistik.de/unsupported/pxa250/patcher
-#
+From ec309e20b5a27d42a5fb915c328d61e924ab5f19 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia 
+Date: Thu, 29 Mar 2018 15:12:17 +0800
+Subject: [PATCH] support pkgconfig
 
 Upstream-Status: Pending
 
-Index: libgpg-error-1.17/configure.ac
-===
 libgpg-error-1.17.orig/configure.ac
-+++ libgpg-error-1.17/configure.ac
-@@ -529,6 +529,7 @@ AC_CONFIG_FILES([src/Makefile tests/Make
+Rebase to 1.28
+
+Signed-off-by: Hongxu Jia 
+---
+ configure.ac|  1 +
+ src/Makefile.am |  4 ++-
+ src/gpg-error.m4| 71 +++--
+ src/gpg-error.pc.in | 11 +
+ 4 files changed, 18 insertions(+), 69 deletions(-)
+ create mode 100644 src/gpg-error.pc.in
+
+diff --git a/configure.ac b/configure.ac
+index aca9300..f7794e9 100644
+--- a/configure.ac
 b/configure.ac
+@@ -621,6 +621,7 @@ AC_CONFIG_FILES([src/Makefile tests/Makefile])
  AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpg-error.asd])
  AC_CONFIG_FILES([src/versioninfo.rc src/gpg-error.w32-manifest])
  AC_CONFIG_FILES([src/gpg-error-config], [chmod +x src/gpg-error-config])
@@ -17,33 +28,33 @@ Index: libgpg-error-1.17/configure.ac
  
  AC_OUTPUT
  
-Index: libgpg-error-1.17/src/Makefile.am
-===
 libgpg-error-1.17.orig/src/Makefile.am
-+++ libgpg-error-1.17/src/Makefile.am
-@@ -75,6 +75,8 @@ nodist_include_HEADERS = gpg-error.h
- bin_SCRIPTS = gpg-error-config
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 268c2ab..95f8459 100644
+--- a/src/Makefile.am
 b/src/Makefile.am
+@@ -87,6 +87,8 @@ bin_SCRIPTS = gpg-error-config
+ nodist_bin_SCRIPTS = gpgrt-config
  m4datadir = $(datadir)/aclocal
- m4data_DATA = gpg-error.m4
+ m4data_DATA = gpg-error.m4 gpgrt.m4
 +pkgconfigdir = $(libdir)/pkgconfig
 +pkgconfig_DATA = gpg-error.pc
  
  EXTRA_DIST = mkstrtable.awk err-sources.h.in err-codes.h.in \
mkerrnos.awk errnos.in README \
-@@ -82,7 +84,7 @@ EXTRA_DIST = mkstrtable.awk err-sources.
+@@ -94,7 +96,7 @@ EXTRA_DIST = mkstrtable.awk err-sources.h.in err-codes.h.in \
mkheader.c gpg-error.h.in mkw32errmap.c w32-add.h w32ce-add.h \
-   err-sources.h err-codes.h gpg-error-config.in gpg-error.m4 \
+   err-sources.h err-codes.h gpg-error-config.in gpg-error.m4 gpgrt.m4 \
gpg-error.vers gpg-error.def.in \
 -versioninfo.rc.in gpg-error.w32-manifest.in \
 +versioninfo.rc.in gpg-error.w32-manifest.in gpg-error.pc \
$(lock_obj_pub)
  
  BUILT_SOURCES = err-sources.h err-codes.h code-to-errno.h code-from-errno.h \
-Index: libgpg-error-1.17/src/gpg-error.m4
-===
 libgpg-error-1.17.orig/src/gpg-error.m4
-+++ libgpg-error-1.17/src/gpg-error.m4
-@@ -26,73 +26,13 @@ dnl is added to the gpg_config_script_wa
+diff --git a/src/gpg-error.m4 b/src/gpg-error.m4
+index 60c88d8..2ef7e3e 100644
+--- a/src/gpg-error.m4
 b/src/gpg-error.m4
+@@ -26,73 +26,13 @@ dnl is added to the gpg_config_script_warn variable.
  dnl
  AC_DEFUN([AM_PATH_GPG_ERROR],
  [ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -132,10 +143,11 @@ Index: libgpg-error-1.17/src/gpg-error.m4
  ifelse([$3], , :, [$3])
fi
AC_SUBST(GPG_ERROR_CFLAGS)
-Index: libgpg-error-1.17/src/gpg-error.pc.in
-===
+diff --git a/src/gpg-error.pc.in b/src/gpg-error.pc.in
+new file mode 100644
+index 000..bc0b174
 --- /dev/null
-+++ libgpg-error-1.17/src/gpg-error.pc.in
 b/src/gpg-error.pc.in
 @@ -0,0 +1,11 @@
 +prefix=@prefix@
 +exec_prefix=@exec_prefix@
@@ -148,3 +160,6 @@ Index: libgpg-error-1.17/src/gpg-error.pc.in
 +Version: @VERSION@
 +Libs: -L${libdir} -lgpg-error
 +Cflags: -I${includedir}
+-- 
+1.8.3.1
+
diff --git a/meta/recipes-support/libgpg-error/libgpg-error_1.27.bb 
b/meta/recipes-support/libgpg-error/libgpg-error_1.28.bb
similarity index 88%
rename from meta/recipes-support/libgpg-error/libgpg-error_1.27.bb
rename to meta/recipes-support/libgpg-error/libgpg-error_1.28.bb
index 

[OE-core] [PATCH V2 3/7] ghostscript: 9.21 -> 9.23

[Hongxu Jia]

1. Drop backported patches
- CVE-2017-7207.patch
- CVE-2017-5951.patch
- CVE-2017-7975.patch
- CVE-2017-9216.patch
- CVE-2017-9611.patch
- CVE-2017-9612.patch
- CVE-2017-9739.patch
- CVE-2017-9726.patch
- CVE-2017-9727.patch
- CVE-2017-9835.patch
- CVE-2017-11714.patch

2. Rebase to 9.23
- ghostscript-9.15-parallel-make.patch
- ghostscript-9.16-Werror-return-type.patch
- do-not-check-local-libpng-source.patch
- avoid-host-contamination.patch
- mkdir-p.patch
- ghostscript-9.21-prevent_recompiling.patch
- ghostscript-9.02-genarch.patch
- cups-no-gcrypt.patch
- ghostscript-9.21-native-fix-disable-system-libtiff.patch
- base-genht.c-add-a-preprocessor-define-to-allow-fope.patch

3. Add packps from (native to target) to support cross compiling.

4. Add remove-direct-symlink.patch to fix
   do_populate_sysroot failure

Signed-off-by: Hongxu Jia 
---
 .../files/do-not-check-local-libpng-source.patch   |  10 +-
 .../ghostscript/ghostscript/CVE-2017-11714.patch   |  61 --
 .../ghostscript/ghostscript/CVE-2017-5951.patch|  44 
 .../ghostscript/ghostscript/CVE-2017-7207.patch|  39 ---
 .../ghostscript/ghostscript/CVE-2017-7975.patch|  37 --
 .../ghostscript/ghostscript/CVE-2017-9216.patch|  36 --
 .../ghostscript/ghostscript/CVE-2017-9611.patch|  34 --
 .../ghostscript/ghostscript/CVE-2017-9612.patch|  35 --
 .../ghostscript/ghostscript/CVE-2017-9726.patch|  33 --
 .../ghostscript/ghostscript/CVE-2017-9727.patch|  35 --
 .../ghostscript/ghostscript/CVE-2017-9739.patch|  37 --
 .../ghostscript/ghostscript/CVE-2017-9835.patch| 125 -
 .../ghostscript/avoid-host-contamination.patch |  18 ++-
 ...c-add-a-preprocessor-define-to-allow-fope.patch |  14 ++-
 .../ghostscript/ghostscript/cups-no-gcrypt.patch   |  14 ++-
 .../ghostscript/ghostscript-9.02-genarch.patch |  33 --
 .../ghostscript-9.15-parallel-make.patch   |  28 +++--
 .../ghostscript-9.16-Werror-return-type.patch  |  10 +-
 ...pt-9.21-native-fix-disable-system-libtiff.patch |  29 +++--
 .../ghostscript-9.21-prevent_recompiling.patch |  79 +
 .../ghostscript/ghostscript/mkdir-p.patch  |  16 ++-
 .../ghostscript/remove-direct-symlink.patch|  40 +++
 .../{ghostscript_9.21.bb => ghostscript_9.23.bb}   |  24 ++--
 23 files changed, 191 insertions(+), 640 deletions(-)
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-11714.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-5951.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7975.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9739.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9835.patch
 create mode 100644 
meta/recipes-extended/ghostscript/ghostscript/remove-direct-symlink.patch
 rename meta/recipes-extended/ghostscript/{ghostscript_9.21.bb => 
ghostscript_9.23.bb} (83%)

diff --git 
a/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch
 
b/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch
index c3e44fe..5834ffa 100644
--- 
a/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch
+++ 
b/meta/recipes-extended/ghostscript/files/do-not-check-local-libpng-source.patch
@@ -1,7 +1,7 @@
-From 5ef8b85bc98f3bd9a15d5f47e24d3e23ae27c265 Mon Sep 17 00:00:00 2001
+From a954bf29a5f906b3151dffbecb5856e02e1565da Mon Sep 17 00:00:00 2001
 From: Hongxu Jia 
 Date: Mon, 18 Jan 2016 01:00:30 -0500
-Subject: [PATCH] configure.ac: do not check local png source
+Subject: [PATCH 03/10] configure.ac: do not check local png source
 
 In oe-core, it did not need to compile local libpng
 source in ghostscript, so do not check local png
@@ -16,10 +16,10 @@ Signed-off-by: Hongxu Jia 
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/configure.ac b/configure.ac
-index bf6d3f5..01df03f 100644
+index 9341930..80a60b1 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -930,11 +930,11 @@ AC_SUBST(ZLIBDIR)
+@@ -1114,11 +1114,11 @@ AC_SUBST(ZLIBDIR)
  AC_SUBST(FT_SYS_ZLIB)
  
  dnl png for the png output device; it also requires zlib
@@ -34,5 +34,5 @@ index bf6d3f5..01df03f 100644
  SHARE_LIBPNG=0
  LIBPNGDIR=$srcdir/libpng
 -- 

Re: [OE-core] [PATCH 0/3] Package upgrades

[Richard Purdie]

On Thu, 2018-03-29 at 18:41 -0400, Denys Dmytriyenko wrote:
> Ping. It's been 10 days - are there any issues with these updates?

We're past feature freeze at this point and M3 was built (finally, and
late). During stabilisation we're only taking upgrades "with a good
reason". Security fixes, bug fixes and issues with maintenance windows
(e.g. bind) are reasons we might see some upgrades going in now but in
general we're holding upgrades until 2.6 opens.

I think Ross has a "post sumo" branch which he may pull some of these
into but I'd really like people to focus on bug fixing for sumo right
now.

Ross is also on vacation so I'll be handling things over the next week
or so (when do I get one?!). I might push a master-next-2.6 to queue
things just to make it clearer what is being deferred. Rebasing can be
a nightmare though.

Cheers,

Richard


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] ✗ patchtest: failure for Upgrade 7 packages

[Hongxu Jia]

On 2018年03月30日 15:44, Richard Purdie wrote:

On Fri, 2018-03-30 at 15:26 +0800, Hongxu Jia wrote:

On 2018年03月30日 15:05, Patchwork wrote:

== Series Details ==

Series: Upgrade 7 packages
Revision: 1
URL   : https://patchwork.openembedded.org/series/11622/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core.
This is
an automated response. Several tests have been executed on the
proposed
series by patchtest resulting in the following failures:



* Issue LIC_FILES_CHKSUM changed on target libgpg-error
but there is no "License-Update" tag in commit message
[test_lic_files_chksum_modified_not_mentioned]
    Suggested fixInclude "License-Update: " into
the commit message with a brief description
    Current checksum
file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552
  file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1
   file://src/gpg-
error.h.in;endline=23;md5=beae1e44d8d5c265d194760276033a7c
 file://src/init.c;endline=20;md5=872b2389fe9bae7ffb80d2
b91225afbc
    New
checksum file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552
   file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206
a5b0a1 file://src/gpg-
error.h.in;endline=23;md5=fc7423b56d5f7163a9a2acf9fe2f8d6b
 file://src/init.c;endline=20;md5=872b2389fe9bae7ffb80d2
b91225afbc

It already includes "License-Update: ":
...
1. License-Update: update years from 2003-2004 to 2001-2018,
     and add a new line 'SPDX-License-Identifier: LGPL-2.1+'
...

Should I remove the starting "1. "?

Yes, the "1. " is why its not understanding what you added.



OK, V2 incoming


* Issue Patches not removed from tree
[test_src_uri_left_files]
    Suggested fixAmend the patch containing the software patch
file removal
    Patchavoid-host-contamination.patch
    Patchmkdir-p.patch
    Patchdo-not-check-local-libpng-source.patch
    Patchghostscript-9.02-genarch.patch
    Patchghostscript-9.21-prevent_recompiling.patch
    Patchghostscript-9.16-Werror-return-type.patch
    Patchcups-no-gcrypt.patch
    Patchghostscript-9.15-parallel-make.patch

It already removes them from tree.
Should I git format-patch without "-M"?

To be clear, these patches are all renamed. I think patchtest is
failing to understand the rename. Please continue to send with -M but
lets file a bug against patchtest to see if we can fix this issue.


Got it, file YOCTO #12636 to trace the issue
https://bugzilla.yoctoproject.org/show_bug.cgi?id=12636

//Hongxu


We could avoid the issue by not renaming patches.

Cheers,

Richard



--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] ✗ patchtest: failure for Upgrade 7 packages

[Richard Purdie]

On Fri, 2018-03-30 at 15:26 +0800, Hongxu Jia wrote:
> On 2018年03月30日 15:05, Patchwork wrote:
> > 
> > == Series Details ==
> > 
> > Series: Upgrade 7 packages
> > Revision: 1
> > URL   : https://patchwork.openembedded.org/series/11622/
> > State : failure
> > 
> > == Summary ==
> > 
> > 
> > Thank you for submitting this patch series to OpenEmbedded Core.
> > This is
> > an automated response. Several tests have been executed on the
> > proposed
> > series by patchtest resulting in the following failures:
> > 
> > 
> > 
> > * Issue LIC_FILES_CHKSUM changed on target libgpg-error 
> > but there is no "License-Update" tag in commit message
> > [test_lic_files_chksum_modified_not_mentioned]
> >    Suggested fixInclude "License-Update: " into
> > the commit message with a brief description
> >    Current checksum
> > file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552
> >  file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1   
> >   file://src/gpg-
> > error.h.in;endline=23;md5=beae1e44d8d5c265d194760276033a7c 
> > file://src/init.c;endline=20;md5=872b2389fe9bae7ffb80d2
> > b91225afbc
> >    New
> > checksum file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552   
> >   file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206
> > a5b0a1 file://src/gpg-
> > error.h.in;endline=23;md5=fc7423b56d5f7163a9a2acf9fe2f8d6b 
> > file://src/init.c;endline=20;md5=872b2389fe9bae7ffb80d2
> > b91225afbc
> It already includes "License-Update: ":
> ...
> 1. License-Update: update years from 2003-2004 to 2001-2018,
>     and add a new line 'SPDX-License-Identifier: LGPL-2.1+'
> ...
> 
> Should I remove the starting "1. "?

Yes, the "1. " is why its not understanding what you added.

> 
> > * Issue Patches not removed from tree
> > [test_src_uri_left_files]
> >    Suggested fixAmend the patch containing the software patch
> > file removal
> >    Patchavoid-host-contamination.patch
> >    Patchmkdir-p.patch
> >    Patchdo-not-check-local-libpng-source.patch
> >    Patchghostscript-9.02-genarch.patch
> >    Patchghostscript-9.21-prevent_recompiling.patch
> >    Patchghostscript-9.16-Werror-return-type.patch
> >    Patchcups-no-gcrypt.patch
> >    Patchghostscript-9.15-parallel-make.patch
> It already removes them from tree.
> Should I git format-patch without "-M"?

To be clear, these patches are all renamed. I think patchtest is
failing to understand the rename. Please continue to send with -M but
lets file a bug against patchtest to see if we can fix this issue. 

We could avoid the issue by not renaming patches.

Cheers,

Richard
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] ✗ patchtest: failure for Upgrade 7 packages

[Hongxu Jia]

On 2018年03月30日 15:05, Patchwork wrote:

== Series Details ==

Series: Upgrade 7 packages
Revision: 1
URL   : https://patchwork.openembedded.org/series/11622/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue LIC_FILES_CHKSUM changed on target libgpg-error but there is no 
"License-Update" tag in commit message 
[test_lic_files_chksum_modified_not_mentioned]
   Suggested fixInclude "License-Update: " into the commit 
message with a brief description
   Current checksum file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552 
file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 

file://src/gpg-error.h.in;endline=23;md5=beae1e44d8d5c265d194760276033a7c   
  file://src/init.c;endline=20;md5=872b2389fe9bae7ffb80d2b91225afbc
   New checksum file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552 
file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1 

file://src/gpg-error.h.in;endline=23;md5=fc7423b56d5f7163a9a2acf9fe2f8d6b   
  file://src/init.c;endline=20;md5=872b2389fe9bae7ffb80d2b91225afbc


It already includes "License-Update: ":
...
1. License-Update: update years from 2003-2004 to 2001-2018,
   and add a new line 'SPDX-License-Identifier: LGPL-2.1+'
...

Should I remove the starting "1. "?


* Issue Patches not removed from tree [test_src_uri_left_files]
   Suggested fixAmend the patch containing the software patch file removal
   Patchavoid-host-contamination.patch
   Patchmkdir-p.patch
   Patchdo-not-check-local-libpng-source.patch
   Patchghostscript-9.02-genarch.patch
   Patchghostscript-9.21-prevent_recompiling.patch
   Patchghostscript-9.16-Werror-return-type.patch
   Patchcups-no-gcrypt.patch
   Patchghostscript-9.15-parallel-make.patch


It already removes them from tree.
Should I git format-patch without "-M"?

//Hongxu




If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe



--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] ✗ patchtest: failure for Upgrade 7 packages

[Patchwork]

== Series Details ==

Series: Upgrade 7 packages
Revision: 1
URL   : https://patchwork.openembedded.org/series/11622/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* Issue LIC_FILES_CHKSUM changed on target libgpg-error but there 
is no "License-Update" tag in commit message 
[test_lic_files_chksum_modified_not_mentioned] 
  Suggested fixInclude "License-Update: " into the commit 
message with a brief description
  Current checksum file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552  
   file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1  
   
file://src/gpg-error.h.in;endline=23;md5=beae1e44d8d5c265d194760276033a7c   
  file://src/init.c;endline=20;md5=872b2389fe9bae7ffb80d2b91225afbc
  New checksum file://COPYING;md5=59530bdf33659b29e73d4adb9f9f6552  
   file://COPYING.LIB;md5=2d5025d4aa3495befef8f17206a5b0a1  
   
file://src/gpg-error.h.in;endline=23;md5=fc7423b56d5f7163a9a2acf9fe2f8d6b   
  file://src/init.c;endline=20;md5=872b2389fe9bae7ffb80d2b91225afbc

* Issue Patches not removed from tree [test_src_uri_left_files] 
  Suggested fixAmend the patch containing the software patch file removal
  Patchavoid-host-contamination.patch
  Patchmkdir-p.patch
  Patchdo-not-check-local-libpng-source.patch
  Patchghostscript-9.02-genarch.patch
  Patchghostscript-9.21-prevent_recompiling.patch
  Patchghostscript-9.16-Werror-return-type.patch
  Patchcups-no-gcrypt.patch
  Patchghostscript-9.15-parallel-make.patch



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] Question about one oe-core commit

[Hongzhi, Song]

ping.

// Hongzhi

On 2018年03月28日 17:18, Hongzhi, Song wrote:

Hi, Khem

oe-core upstream commit e6c1765a05c1321f08f3d1fb521dfe6b07bc8e92

You drop mount propagation patch, it only happens with libseccomp, OE 
doesn't enable it.


I don't understand why 'it only happens with libseccomp'. Could you 
make an detailed explanation


for me? I investigated the ubuntu1604, which also has no 
'MountFlags=slave' in systemd-udevd.service.



Thanks.

Hongzhi



--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] python3: consolidate sqlite3 files

[Alejandro Enedino Hernandez Samaniego]

Hey Ross,

I just sent you a patch that goes on top of this that fixes things.

Thanks

Alejandro

-Original Message-
From: openembedded-core-boun...@lists.openembedded.org 
[mailto:openembedded-core-boun...@lists.openembedded.org] On Behalf Of 
Alejandro Enedino Hernandez Samaniego
Sent: Thursday, March 29, 2018 7:14 PM
To: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] python3: consolidate sqlite3 files

Hey Ross,


On 03/28/2018 01:19 PM, Ross Burton wrote:

python3-sqlite3 happens to be a very special and unique package, its folder 
inside ${libdir}/python3.5/ called sqlite3, which would be fine, we usually  
handle those packages by adding the whole folder, but in this case, we 
separated the sqlite3-tests (which is a folder inside the
sqlite3 folder)
into another package, so if we add the folder to sqlite3 there would be nothing 
for sqlite3-tests to get.

> Some of the sqlite3 module was in python3-misc by accident, move the 
> files into python3-sqlite3 where they belong.
>
> Signed-off-by: Ross Burton 
> ---
>   meta/recipes-devtools/python/python3/python3-manifest.json | 7 +--
>   1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git 
> a/meta/recipes-devtools/python/python3/python3-manifest.json 
> b/meta/recipes-devtools/python/python3/python3-manifest.json
> index 1914a4c43ba..95071c53f5a 100644
> --- a/meta/recipes-devtools/python/python3/python3-manifest.json
> +++ b/meta/recipes-devtools/python/python3/python3-manifest.json
> @@ -977,9 +977,12 @@
>   "summary": "Python Simple Mail Transport Daemon"
>   },
>   "sqlite3": {
> -"cached": [],
> +"cached": [
> +"${libdir}/python3.5/sqlite3/__pycache__/*.pyc"
> +],
>   "files": [
> -"${libdir}/python3.5/lib-dynload/_sqlite3.*.so"
> +"${libdir}/python3.5/lib-dynload/_sqlite3.*.so",

While this will work for splitting packages now, we dont support wildcards on 
the manifest file anymore, at least not for the whole filename, because when we 
try to get dependencies for a module the wildcard becomes useless, so this will 
likely kill the do_create_manifest task, it'll go fine but the next time you 
run it, it wont get the module name it will disregard that dependency.
> +"${libdir}/python3.5/sqlite3/*.py"
>   ],
>   "rdepends": [
>   "core"

The right way would be to get rid of sqlite3-tests but I know we cant do that, 
so I'm working on a fix for the do_create_manifest task that could handle this 
situation.
--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 6/7] gnupg: upgrade 2.2.4 -> 2.2.5

[Hongxu Jia]

Signed-off-by: Hongxu Jia 
---
 ...0001-configure.ac-use-a-custom-value-for-the-location-of-.patch | 7 ---
 meta/recipes-support/gnupg/{gnupg_2.2.4.bb => gnupg_2.2.5.bb}  | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)
 rename meta/recipes-support/gnupg/{gnupg_2.2.4.bb => gnupg_2.2.5.bb} (92%)

diff --git 
a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
 
b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
index 3e3a64d..5d9bbac 100644
--- 
a/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
+++ 
b/meta/recipes-support/gnupg/gnupg/0001-configure.ac-use-a-custom-value-for-the-location-of-.patch
@@ -1,13 +1,14 @@
-From 0b97148c3aad0993a9aeb088596fa63a2fec5328 Mon Sep 17 00:00:00 2001
+From 338d073cab7b94fd7ec66322b969e8772b5e8cd7 Mon Sep 17 00:00:00 2001
 From: Alexander Kanavin 
 Date: Mon, 22 Jan 2018 18:00:21 +0200
-Subject: [PATCH] configure.ac: use a custom value for the location of
+Subject: [PATCH 5/5] configure.ac: use a custom value for the location of
  gpg-agent socket in the filesystem
 
 This should avoid clashes with the host gpg-agent observed on autobuilders.
 
 Upstream-Status: Inappropriate [oe-core specific, and only for -native]
 Signed-off-by: Alexander Kanavin 
+
 ---
  configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
@@ -26,5 +27,5 @@ index 382ef1d..0570d7c 100644
  AC_DEFINE_UNQUOTED(GPG_AGENT_EXTRA_SOCK_NAME, "S.gpg-agent.extra",
 [The name of the agent socket for remote access])
 -- 
-2.15.1
+2.7.4
 
diff --git a/meta/recipes-support/gnupg/gnupg_2.2.4.bb 
b/meta/recipes-support/gnupg/gnupg_2.2.5.bb
similarity index 92%
rename from meta/recipes-support/gnupg/gnupg_2.2.4.bb
rename to meta/recipes-support/gnupg/gnupg_2.2.5.bb
index d3f1a8f..f6d5dad 100644
--- a/meta/recipes-support/gnupg/gnupg_2.2.4.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.2.5.bb
@@ -18,8 +18,8 @@ SRC_URI = "${GNUPG_MIRROR}/${BPN}/${BPN}-${PV}.tar.bz2 \
 SRC_URI_append_class-native = " 
file://0001-configure.ac-use-a-custom-value-for-the-location-of-.patch"
 
 
-SRC_URI[md5sum] = "709e5af5bba84d251c520222e720972f"
-SRC_URI[sha256sum] = 
"401a3e64780fdfa6d7670de0880aa5c9d589b3db7a7098979d7606cec546f2ec"
+SRC_URI[md5sum] = "567cd2d41fa632903066fde73d2005cb"
+SRC_URI[sha256sum] = 
"3fa189a32d4fb62147874eb1389047c267d9ba088f57ab521cb0df46f08aef57"
 
 EXTRA_OECONF = "--disable-ldap \
--disable-ccid-driver \
-- 
2.8.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 1/7] ncureses: 6.0+20171125 -> 6.1

[Hongxu Jia]

1. Rebase 0001, 0002

2. Fix [already-stripped] QA Issue
Since the following commit add, it strip executables which
are installed by default.
...
commit 087eaf92c621098927f3f98e3652411de48f8b6b
Author: Sven Joachim 
Date:   Sun Jan 21 08:01:41 2018 +0100

Import upstream patch 20180120

20180120
+ build-fix in picsmap.c for stdint.h existence.
+ add --disable-stripping option to configure scripts.
...

Signed-off-by: Hongxu Jia 
---
 .../recipes-core/ncurses/files/0001-tic-hang.patch | 24 +++---
 .../files/0002-configure-reproducible.patch|  8 
 meta/recipes-core/ncurses/ncurses.inc  |  1 +
 .../{ncurses_6.0+20171125.bb => ncurses_6.1.bb}|  2 +-
 4 files changed, 18 insertions(+), 17 deletions(-)
 rename meta/recipes-core/ncurses/{ncurses_6.0+20171125.bb => ncurses_6.1.bb} 
(86%)

diff --git a/meta/recipes-core/ncurses/files/0001-tic-hang.patch 
b/meta/recipes-core/ncurses/files/0001-tic-hang.patch
index 4a97056..f98a943 100644
--- a/meta/recipes-core/ncurses/files/0001-tic-hang.patch
+++ b/meta/recipes-core/ncurses/files/0001-tic-hang.patch
@@ -1,6 +1,6 @@
-From a95590f676209832fe0b27226e6de3cb50e2b97c Mon Sep 17 00:00:00 2001
+From 168ba7a681be73ac024438e33e14fde1d5aea97d Mon Sep 17 00:00:00 2001
 From: Hongxu Jia 
-Date: Wed, 16 Aug 2017 14:31:51 +0800
+Date: Fri, 30 Mar 2018 10:02:24 +0800
 Subject: [PATCH 1/2] tic hang
 
 Upstream-Status: Inappropriate [configuration]
@@ -10,34 +10,34 @@ loop when processing the original file.
 
 Signed-off-by: anonymous
 
-Rebase to 6.0+20170715
+Rebase to 6.1
 Signed-off-by: Hongxu Jia 
 ---
  misc/terminfo.src | 11 +--
  1 file changed, 5 insertions(+), 6 deletions(-)
 
 diff --git a/misc/terminfo.src b/misc/terminfo.src
-index ee3fab3..176d593 100644
+index 84f4810..6b385ec 100644
 --- a/misc/terminfo.src
 +++ b/misc/terminfo.src
-@@ -5177,12 +5177,11 @@ konsole-xf3x|KDE console window with keyboard for 
XFree86 3.x xterm,
- # The value for kbs reflects local customization rather than the settings used
- # for XFree86 xterm.
+@@ -5562,12 +5562,11 @@ konsole-xf3x|KDE console window with keyboard for 
XFree86 3.x xterm,
+ # The value for kbs (see konsole-vt100) reflects local customization rather
+ # than the settings used for XFree86 xterm.
  konsole-xf4x|KDE console window with keyboard for XFree86 4.x xterm,
 -  kend=\EOF, khome=\EOH, use=konsole+pcfkeys,
 -  use=konsole-vt100,
--# Konsole does not implement shifted cursor-keys.
+-
 -konsole+pcfkeys|konsole subset of xterm+pcfkeys,
--  kLFT@, kRIT@, kcbt=\E[Z, kind@, kri@, kDN@, kUP@, use=xterm+pcc2,
--  use=xterm+pcf0,
+-  kcbt=\E[Z, use=xterm+pcc2, use=xterm+pcf0,
+-  use=xterm+pce2,
 +  kend=\EOF, kf1=\EOP, kf13=\EO2P, kf14=\EO2Q, kf15=\EO2R,
 +  kf16=\EO2S, kf17=\E[15;2~, kf18=\E[17;2~, kf19=\E[18;2~,
 +  kf2=\EOQ, kf20=\E[19;2~, kf21=\E[20;2~, kf22=\E[21;2~,
 +  kf23=\E[23;2~, kf24=\E[24;2~, kf3=\EOR, kf4=\EOS,
 +  khome=\EOH, use=konsole-vt100,
+ 
+ # Obsolete: vt100.keymap
  # KDE's "vt100" keyboard has no relationship to any terminal that DEC made, 
but
- # it is still useful for deriving the other entries.
- konsole-vt100|KDE console window with vt100 (sic) keyboard,
 -- 
 1.8.3.1
 
diff --git a/meta/recipes-core/ncurses/files/0002-configure-reproducible.patch 
b/meta/recipes-core/ncurses/files/0002-configure-reproducible.patch
index c47ce6a..5721956 100644
--- a/meta/recipes-core/ncurses/files/0002-configure-reproducible.patch
+++ b/meta/recipes-core/ncurses/files/0002-configure-reproducible.patch
@@ -1,4 +1,4 @@
-From 939c994f3756c2d6d3cab2e6a04d05fa7c2b1d56 Mon Sep 17 00:00:00 2001
+From 2a53c03ffa90f0050a949fc5920f0df3e668ff42 Mon Sep 17 00:00:00 2001
 From: Hongxu Jia 
 Date: Wed, 16 Aug 2017 14:45:27 +0800
 Subject: [PATCH 2/2] configure: reproducible
@@ -10,7 +10,7 @@ build problems" in 2015.
 Upstream-Status: Pending
 Signed-off-by: Juro Bystricky 
 
-Rebase to Rebase to 6.0+20170715
+Rebase to 6.1
 
 Signed-off-by: Hongxu Jia 
 ---
@@ -18,10 +18,10 @@ Signed-off-by: Hongxu Jia 
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure b/configure
-index 7d7d2c1..f444354 100755
+index adead92..fa4fdb7 100755
 --- a/configure
 +++ b/configure
-@@ -4458,7 +4458,7 @@ if test "${cf_cv_ar_flags+set}" = set; then
+@@ -4503,7 +4503,7 @@ if test "${cf_cv_ar_flags+set}" = set; then
  else
  
cf_cv_ar_flags=unknown
diff --git a/meta/recipes-core/ncurses/ncurses.inc 
b/meta/recipes-core/ncurses/ncurses.inc
index 01e41d5..99fc478 100644
--- a/meta/recipes-core/ncurses/ncurses.inc
+++ b/meta/recipes-core/ncurses/ncurses.inc
@@ -87,6 +87,7 @@ ncurses_configure() {
--disable-rpath-hack \
${EXCONFIG_ARGS} \

[OE-core] [PATCH 3/7] ghostscript: 9.21 -> 9.23

[Hongxu Jia]

1. Drop backported patches
- CVE-2017-7207.patch
- CVE-2017-5951.patch
- CVE-2017-7975.patch
- CVE-2017-9216.patch
- CVE-2017-9611.patch
- CVE-2017-9612.patch
- CVE-2017-9739.patch
- CVE-2017-9726.patch
- CVE-2017-9727.patch
- CVE-2017-9835.patch
- CVE-2017-11714.patch

2. Rebase to 9.23
- ghostscript-9.15-parallel-make.patch -> 0001
- ghostscript-9.16-Werror-return-type.patch -> 0002
- do-not-check-local-libpng-source.patch -> 0003
- avoid-host-contamination.patch -> 0004
- mkdir-p.patch -> 0005
- ghostscript-9.21-prevent_recompiling.patch -> 0006
- ghostscript-9.02-genarch.patch -> 0007
- cups-no-gcrypt.patch -> 0008
- ghostscript-9.21-native-fix-disable-system-libtiff.patch -> 0009
- base-genht.c-add-a-preprocessor-define-to-allow-fope.patch -> 0010

3. Add packps from (native to target) to support cross compiling.

4. Add 0011-remove-direct-symlink.patch to fix
   do_populate_sysroot failure

Signed-off-by: Hongxu Jia 
---
 .../0001-contrib.mak-fix-for-parallel-build.patch} |  28 +++--
 ...base-gendev.c-fix-for-Werror-return-type.patch} |  10 +-
 ...nfigure.ac-do-not-check-local-png-source.patch} |  10 +-
 .../0004-avoid-host-contamination.patch}   |  18 ++-
 ...allow-directories-to-be-created-more-tha.patch} |  16 ++-
 .../0006-prevent-recompiling.patch}|  79 +
 ...7-not-generate-objarch.h-at-compile-time.patch} |  33 --
 .../0008-cups-no-gcrypt.patch} |  14 ++-
 ...script-native-fix-disable-system-libtiff.patch} |  29 +++--
 ...-add-a-preprocessor-define-to-allow-fope.patch} |  14 ++-
 .../files/0011-remove-direct-symlink.patch |  40 +++
 .../ghostscript/ghostscript/CVE-2017-11714.patch   |  61 --
 .../ghostscript/ghostscript/CVE-2017-5951.patch|  44 
 .../ghostscript/ghostscript/CVE-2017-7207.patch|  39 ---
 .../ghostscript/ghostscript/CVE-2017-7975.patch|  37 --
 .../ghostscript/ghostscript/CVE-2017-9216.patch|  36 --
 .../ghostscript/ghostscript/CVE-2017-9611.patch|  34 --
 .../ghostscript/ghostscript/CVE-2017-9612.patch|  35 --
 .../ghostscript/ghostscript/CVE-2017-9726.patch|  33 --
 .../ghostscript/ghostscript/CVE-2017-9727.patch|  35 --
 .../ghostscript/ghostscript/CVE-2017-9739.patch|  37 --
 .../ghostscript/ghostscript/CVE-2017-9835.patch| 125 -
 .../{ghostscript_9.21.bb => ghostscript_9.23.bb}   |  44 +++-
 23 files changed, 201 insertions(+), 650 deletions(-)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/ghostscript-9.15-parallel-make.patch
 => files/0001-contrib.mak-fix-for-parallel-build.patch} (55%)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/ghostscript-9.16-Werror-return-type.patch
 => files/0002-base-gendev.c-fix-for-Werror-return-type.patch} (75%)
 rename 
meta/recipes-extended/ghostscript/files/{do-not-check-local-libpng-source.patch 
=> 0003-configure.ac-do-not-check-local-png-source.patch} (81%)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/avoid-host-contamination.patch 
=> files/0004-avoid-host-contamination.patch} (61%)
 rename meta/recipes-extended/ghostscript/{ghostscript/mkdir-p.patch => 
files/0005-ghostscript-allow-directories-to-be-created-more-tha.patch} (80%)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/ghostscript-9.21-prevent_recompiling.patch
 => files/0006-prevent-recompiling.patch} (48%)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/ghostscript-9.02-genarch.patch 
=> files/0007-not-generate-objarch.h-at-compile-time.patch} (42%)
 rename meta/recipes-extended/ghostscript/{ghostscript/cups-no-gcrypt.patch => 
files/0008-cups-no-gcrypt.patch} (67%)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/ghostscript-9.21-native-fix-disable-system-libtiff.patch
 => files/0009-ghostscript-native-fix-disable-system-libtiff.patch} (53%)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/base-genht.c-add-a-preprocessor-define-to-allow-fope.patch
 => files/0010-base-genht.c-add-a-preprocessor-define-to-allow-fope.patch} (68%)
 create mode 100644 
meta/recipes-extended/ghostscript/files/0011-remove-direct-symlink.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-11714.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-5951.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7975.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9216.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9611.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9612.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9726.patch
 delete mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-9727.patch
 delete mode 100644 

[OE-core] [PATCH 7/7] man-db: upgrade 2.8.1 -> 2.8.2

[Hongxu Jia]

Signed-off-by: Hongxu Jia 
---
 meta/recipes-extended/man-db/{man-db_2.8.1.bb => man-db_2.8.2.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-extended/man-db/{man-db_2.8.1.bb => man-db_2.8.2.bb} (90%)

diff --git a/meta/recipes-extended/man-db/man-db_2.8.1.bb 
b/meta/recipes-extended/man-db/man-db_2.8.2.bb
similarity index 90%
rename from meta/recipes-extended/man-db/man-db_2.8.1.bb
rename to meta/recipes-extended/man-db/man-db_2.8.2.bb
index 528903d..87c91e8 100644
--- a/meta/recipes-extended/man-db/man-db_2.8.1.bb
+++ b/meta/recipes-extended/man-db/man-db_2.8.2.bb
@@ -5,8 +5,8 @@ LIC_FILES_CHKSUM = 
"file://docs/COPYING.LIB;md5=a6f89e2100d9b6cdffcea4f398e37343
 file://docs/COPYING;md5=eb723b61539feef013de476e68b5c50a"
 
 SRC_URI = "${SAVANNAH_NONGNU_MIRROR}/man-db/man-db-${PV}.tar.xz"
-SRC_URI[md5sum] = "51842978e06686286421f9498d1009b7"
-SRC_URI[sha256sum] = 
"a6aec641ca3d9942b054cc0e9c3f05cb46a3a992bc0006795755e2fed1357f3e"
+SRC_URI[md5sum] = "300788c0939a3b41d50302b04f730fa3"
+SRC_URI[sha256sum] = 
"45bdff87df888ddd93dc2a68abca91a2012d6e08333a8fc7c0dfefe9cbde0c5c"
 
 DEPENDS = "libpipeline gdbm groff-native"
 
-- 
2.8.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 4/7] libgpg-error: 1.27 -> 1.28

[Hongxu Jia]

1. License-Update: update years from 2003-2004 to 2001-2018,
   and add a new line 'SPDX-License-Identifier: LGPL-2.1+'

2. Rebase pkgconfig.patch -> 0001-support-pkgconfig.patch

Signed-off-by: Hongxu Jia 
---
 ...kgconfig.patch => 0001-support-pkgconfig.patch} | 67 +-
 .../{libgpg-error_1.27.bb => libgpg-error_1.28.bb} |  8 +--
 2 files changed, 45 insertions(+), 30 deletions(-)
 rename meta/recipes-support/libgpg-error/libgpg-error/{pkgconfig.patch => 
0001-support-pkgconfig.patch} (76%)
 rename meta/recipes-support/libgpg-error/{libgpg-error_1.27.bb => 
libgpg-error_1.28.bb} (86%)

diff --git a/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch 
b/meta/recipes-support/libgpg-error/libgpg-error/0001-support-pkgconfig.patch
similarity index 76%
rename from meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
rename to 
meta/recipes-support/libgpg-error/libgpg-error/0001-support-pkgconfig.patch
index 9ffeedb..3066613 100644
--- a/meta/recipes-support/libgpg-error/libgpg-error/pkgconfig.patch
+++ 
b/meta/recipes-support/libgpg-error/libgpg-error/0001-support-pkgconfig.patch
@@ -1,15 +1,26 @@
-
-#
-# Patch managed by http://www.mn-logistik.de/unsupported/pxa250/patcher
-#
+From ec309e20b5a27d42a5fb915c328d61e924ab5f19 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia 
+Date: Thu, 29 Mar 2018 15:12:17 +0800
+Subject: [PATCH] support pkgconfig
 
 Upstream-Status: Pending
 
-Index: libgpg-error-1.17/configure.ac
-===
 libgpg-error-1.17.orig/configure.ac
-+++ libgpg-error-1.17/configure.ac
-@@ -529,6 +529,7 @@ AC_CONFIG_FILES([src/Makefile tests/Make
+Rebase to 1.28
+
+Signed-off-by: Hongxu Jia 
+---
+ configure.ac|  1 +
+ src/Makefile.am |  4 ++-
+ src/gpg-error.m4| 71 +++--
+ src/gpg-error.pc.in | 11 +
+ 4 files changed, 18 insertions(+), 69 deletions(-)
+ create mode 100644 src/gpg-error.pc.in
+
+diff --git a/configure.ac b/configure.ac
+index aca9300..f7794e9 100644
+--- a/configure.ac
 b/configure.ac
+@@ -621,6 +621,7 @@ AC_CONFIG_FILES([src/Makefile tests/Makefile])
  AC_CONFIG_FILES([lang/Makefile lang/cl/Makefile lang/cl/gpg-error.asd])
  AC_CONFIG_FILES([src/versioninfo.rc src/gpg-error.w32-manifest])
  AC_CONFIG_FILES([src/gpg-error-config], [chmod +x src/gpg-error-config])
@@ -17,33 +28,33 @@ Index: libgpg-error-1.17/configure.ac
  
  AC_OUTPUT
  
-Index: libgpg-error-1.17/src/Makefile.am
-===
 libgpg-error-1.17.orig/src/Makefile.am
-+++ libgpg-error-1.17/src/Makefile.am
-@@ -75,6 +75,8 @@ nodist_include_HEADERS = gpg-error.h
- bin_SCRIPTS = gpg-error-config
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 268c2ab..95f8459 100644
+--- a/src/Makefile.am
 b/src/Makefile.am
+@@ -87,6 +87,8 @@ bin_SCRIPTS = gpg-error-config
+ nodist_bin_SCRIPTS = gpgrt-config
  m4datadir = $(datadir)/aclocal
- m4data_DATA = gpg-error.m4
+ m4data_DATA = gpg-error.m4 gpgrt.m4
 +pkgconfigdir = $(libdir)/pkgconfig
 +pkgconfig_DATA = gpg-error.pc
  
  EXTRA_DIST = mkstrtable.awk err-sources.h.in err-codes.h.in \
mkerrnos.awk errnos.in README \
-@@ -82,7 +84,7 @@ EXTRA_DIST = mkstrtable.awk err-sources.
+@@ -94,7 +96,7 @@ EXTRA_DIST = mkstrtable.awk err-sources.h.in err-codes.h.in \
mkheader.c gpg-error.h.in mkw32errmap.c w32-add.h w32ce-add.h \
-   err-sources.h err-codes.h gpg-error-config.in gpg-error.m4 \
+   err-sources.h err-codes.h gpg-error-config.in gpg-error.m4 gpgrt.m4 \
gpg-error.vers gpg-error.def.in \
 -versioninfo.rc.in gpg-error.w32-manifest.in \
 +versioninfo.rc.in gpg-error.w32-manifest.in gpg-error.pc \
$(lock_obj_pub)
  
  BUILT_SOURCES = err-sources.h err-codes.h code-to-errno.h code-from-errno.h \
-Index: libgpg-error-1.17/src/gpg-error.m4
-===
 libgpg-error-1.17.orig/src/gpg-error.m4
-+++ libgpg-error-1.17/src/gpg-error.m4
-@@ -26,73 +26,13 @@ dnl is added to the gpg_config_script_wa
+diff --git a/src/gpg-error.m4 b/src/gpg-error.m4
+index 60c88d8..2ef7e3e 100644
+--- a/src/gpg-error.m4
 b/src/gpg-error.m4
+@@ -26,73 +26,13 @@ dnl is added to the gpg_config_script_warn variable.
  dnl
  AC_DEFUN([AM_PATH_GPG_ERROR],
  [ AC_REQUIRE([AC_CANONICAL_HOST])
@@ -132,10 +143,11 @@ Index: libgpg-error-1.17/src/gpg-error.m4
  ifelse([$3], , :, [$3])
fi
AC_SUBST(GPG_ERROR_CFLAGS)
-Index: libgpg-error-1.17/src/gpg-error.pc.in
-===
+diff --git a/src/gpg-error.pc.in b/src/gpg-error.pc.in
+new file mode 100644
+index 000..bc0b174
 --- /dev/null
-+++ libgpg-error-1.17/src/gpg-error.pc.in
 b/src/gpg-error.pc.in
 @@ -0,0 +1,11 @@
 +prefix=@prefix@
 +exec_prefix=@exec_prefix@
@@ -148,3 

[OE-core] [PATCH 2/7] bash: 4.4.12 -> 4.4.18

[Hongxu Jia]

- Drop bash-memleak-bug-fix-for-builtin-command-read.patch which has
  been accepted since 4.4.17

Signed-off-by: Hongxu Jia 
---
 ...-memleak-bug-fix-for-builtin-command-read.patch | 35 --
 .../bash/{bash_4.4.12.bb => bash_4.4.18.bb}|  6 ++--
 2 files changed, 2 insertions(+), 39 deletions(-)
 delete mode 100644 
meta/recipes-extended/bash/bash/bash-memleak-bug-fix-for-builtin-command-read.patch
 rename meta/recipes-extended/bash/{bash_4.4.12.bb => bash_4.4.18.bb} (74%)

diff --git 
a/meta/recipes-extended/bash/bash/bash-memleak-bug-fix-for-builtin-command-read.patch
 
b/meta/recipes-extended/bash/bash/bash-memleak-bug-fix-for-builtin-command-read.patch
deleted file mode 100644
index 9fb6ba9..000
--- 
a/meta/recipes-extended/bash/bash/bash-memleak-bug-fix-for-builtin-command-read.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From d3b6303a6853f612a56848ee4e59eaa0b0ab9489 Mon Sep 17 00:00:00 2001
-From: Zhang Xiao 
-Date: Tue, 21 Feb 2017 11:30:14 +0800
-Subject: [PATCH] bash: memleak bug fix for builtin command read
-
-Built in command "read" with "-e" use Readline to obtain the line
-in an interactive shell. In this process, a string "rlbuf" is
-just allocated without free operation thus cause memory leak. Fix it.
-
-Upstream-Status: Submitted 
[http://lists.gnu.org/archive/html/bug-bash/2017-02/msg00061.html]
-
-Signed-off-by: Zhang Xiao 

- builtins/read.def | 5 +
- 1 file changed, 5 insertions(+)
-
-diff --git a/builtins/read.def b/builtins/read.def
-index 4397154..ee0c5a6 100644
 a/builtins/read.def
-+++ b/builtins/read.def
-@@ -674,6 +674,11 @@ add_char:
-   input_string[i] = '\0';
-   CHECK_ALRM;
- 
-+#if defined (READLINE)
-+  if (edit)
-+xfree (rlbuf);
-+#endif
-+
-   if (retval < 0)
- {
-   t_errno = errno;
--- 
-1.9.1
-
diff --git a/meta/recipes-extended/bash/bash_4.4.12.bb 
b/meta/recipes-extended/bash/bash_4.4.18.bb
similarity index 74%
rename from meta/recipes-extended/bash/bash_4.4.12.bb
rename to meta/recipes-extended/bash/bash_4.4.18.bb
index 9382a77..0b22ca7 100644
--- a/meta/recipes-extended/bash/bash_4.4.12.bb
+++ b/meta/recipes-extended/bash/bash_4.4.18.bb
@@ -13,12 +13,10 @@ SRC_URI = "${GNU_MIRROR}/bash/${BP}.tar.gz;name=tarball \
file://run-ptest \
file://fix-run-builtins.patch \
file://0001-help-fix-printf-format-security-warning.patch \
-   file://bash-memleak-bug-fix-for-builtin-command-read.patch \
file://pathexp-dep.patch \
"
 
-SRC_URI[tarball.md5sum] = "7c112970cbdcadfc331e10eeb5f6aa41"
-SRC_URI[tarball.sha256sum] = 
"57d8432be54541531a496fd4904fdc08c12542f43605a9202594fa5d5f9f2331"
-
+SRC_URI[tarball.md5sum] = "518e2c187cc11a17040f0915dddce54e"
+SRC_URI[tarball.sha256sum] = 
"604d9eec5e4ed5fd2180ee44dd756ddca92e0b6aa4217bbab2b6227380317f23"
 
 BBCLASSEXTEND = "nativesdk"
-- 
2.8.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 5/7] dhcp: 4.3.6 -> 4.4.1

[Hongxu Jia]

1. License-Update: ISC DHCP is now licensed under the
   Mozilla Public License, MPL 2.0.

2. Rebase 0004, 0007, 0010

3. Rework 0008 to support external bind

4. Drop backported 
0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch

Signed-off-by: Hongxu Jia 
---
 meta/recipes-connectivity/dhcp/dhcp.inc|   4 +-
 ...o-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch |   6 +-
 .../dhcp/dhcp/0002-dhclient-dbus.patch |  10 +-
 .../dhcp/dhcp/0003-link-with-lcrypto.patch |   6 +-
 .../dhcp/dhcp/0004-Fix-out-of-tree-builds.patch|  87 +
 ...-fix-invoke-dhclient-script-failed-on-Rea.patch |   4 +-
 .../dhcp/0006-site.h-enable-gentle-shutdown.patch  |   6 +-
 ...re-argument-to-make-the-libxml2-dependenc.patch |  16 +-
 .../dhcp/0008-tweak-to-support-external-bind.patch | 161 ++--
 ...09-remove-dhclient-script-bash-dependency.patch |   4 +-
 .../dhcp/dhcp/0010-build-shared-libs.patch | 210 -
 ...all-to-isc_app_ctxstart-to-not-get-signal.patch |  81 
 ...orrect-the-intention-for-xml2-lib-search.patch} |  10 +-
 .../dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb}  |   7 +-
 14 files changed, 228 insertions(+), 384 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
 rename 
meta/recipes-connectivity/dhcp/dhcp/{0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
 => 0011-dhcp-correct-the-intention-for-xml2-lib-search.patch} (82%)
 rename meta/recipes-connectivity/dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb} (73%)

diff --git a/meta/recipes-connectivity/dhcp/dhcp.inc 
b/meta/recipes-connectivity/dhcp/dhcp.inc
index e943707..bb2c71b 100644
--- a/meta/recipes-connectivity/dhcp/dhcp.inc
+++ b/meta/recipes-connectivity/dhcp/dhcp.inc
@@ -7,8 +7,8 @@ easier to administer devices."
 
 HOMEPAGE = "http://www.isc.org/;
 
-LICENSE = "ISC"
-LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=4;md5=c5c64d696107f84b56fe337d14da1753"
+LICENSE = "MPL-2.0"
+LIC_FILES_CHKSUM = 
"file://LICENSE;beginline=4;md5=004a4db50a1e20972e924a8618747c01"
 
 DEPENDS = "openssl bind"
 
diff --git 
a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
 
b/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
index e5b3cf9..823e8ad 100644
--- 
a/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
+++ 
b/meta/recipes-connectivity/dhcp/dhcp/0001-define-macro-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch
@@ -1,4 +1,4 @@
-From 7cc29144535a622fc671dc86eb1da65b0473a7c4 Mon Sep 17 00:00:00 2001
+From 0f6deb81b3ea989dc5c71ad3ddf7a713c9a0bea7 Mon Sep 17 00:00:00 2001
 From: Hongxu Jia 
 Date: Tue, 15 Aug 2017 16:14:22 +0800
 Subject: [PATCH 01/11] define macro _PATH_DHCPD_CONF and _PATH_DHCLIENT_CONF
@@ -12,10 +12,10 @@ Signed-off-by: Hongxu Jia 
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/includes/site.h b/includes/site.h
-index b2f7fd7..280fbb9 100644
+index 2ef69e4..b4dd2e4 100644
 --- a/includes/site.h
 +++ b/includes/site.h
-@@ -149,7 +149,8 @@
+@@ -148,7 +148,8 @@
  /* Define this if you want the dhcpd.conf file to go somewhere other than
 the default location.   By default, it goes in /etc/dhcpd.conf. */
  
diff --git a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch 
b/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
index 101c33f..44d2301 100644
--- a/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
+++ b/meta/recipes-connectivity/dhcp/dhcp/0002-dhclient-dbus.patch
@@ -1,4 +1,4 @@
-From be7540d31c356e80ee02e90e8bf162b7ac6e5ba5 Mon Sep 17 00:00:00 2001
+From 4514f02e4bbd33d9136ed4522f508d64c7ec9249 Mon Sep 17 00:00:00 2001
 From: Hongxu Jia 
 Date: Tue, 15 Aug 2017 14:56:56 +0800
 Subject: [PATCH 02/11] dhclient dbus
@@ -33,7 +33,7 @@ index d69d0d8..095b143 100755
  }
  
 diff --git a/client/scripts/freebsd b/client/scripts/freebsd
-index 8f3e2a2..ad7fb44 100755
+index 7c073f8..b3426bf 100755
 --- a/client/scripts/freebsd
 +++ b/client/scripts/freebsd
 @@ -89,6 +89,11 @@ exit_with_hooks() {
@@ -49,7 +49,7 @@ index 8f3e2a2..ad7fb44 100755
  }
  
 diff --git a/client/scripts/linux b/client/scripts/linux
-index 5fb1612..3d447b6 100755
+index 0c42969..cded38f 100755
 --- a/client/scripts/linux
 +++ b/client/scripts/linux
 @@ -174,6 +174,11 @@ exit_with_hooks() {
@@ -65,7 +65,7 @@ index 5fb1612..3d447b6 100755
  }
  
 diff --git a/client/scripts/netbsd b/client/scripts/netbsd
-index 07383b7..aaba8e8 100755
+index fa08637..3628418 100755
 --- a/client/scripts/netbsd
 +++ b/client/scripts/netbsd
 @@ -45,6 +45,11 @@ exit_with_hooks() {
@@ -81,7 +81,7 @@ index 07383b7..aaba8e8 100755
  }
  
 diff --git a/client/scripts/openbsd b/client/scripts/openbsd
-index e7f4746..56b980c 100644
+index 

[OE-core] [PATCH 0/7] Upgrade 7 packages

[Hongxu Jia]

The following changes since commit afd8490dcbd2755f1ed924ea6357ab922ed1f481:

  meta-yocto-bsp: introduce v4.14 kernel for non-x86 BSPs (2018-03-30 
00:31:39 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib hongxu/upgrade-20180330
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=hongxu/upgrade-20180330

Hongxu Jia (7):
  ncureses: 6.0+20171125 -> 6.1
  bash: 4.4.12 -> 4.4.18
  ghostscript: 9.21 -> 9.23
  libgpg-error: 1.27 -> 1.28
  dhcp: 4.3.6 -> 4.4.1
  gnupg: upgrade 2.2.4 -> 2.2.5
  man-db: upgrade 2.8.1 -> 2.8.2

 meta/recipes-connectivity/dhcp/dhcp.inc|   4 +-
 ...o-_PATH_DHCPD_CONF-and-_PATH_DHCLIENT_CON.patch |   6 +-
 .../dhcp/dhcp/0002-dhclient-dbus.patch |  10 +-
 .../dhcp/dhcp/0003-link-with-lcrypto.patch |   6 +-
 .../dhcp/dhcp/0004-Fix-out-of-tree-builds.patch|  87 +
 ...-fix-invoke-dhclient-script-failed-on-Rea.patch |   4 +-
 .../dhcp/0006-site.h-enable-gentle-shutdown.patch  |   6 +-
 ...re-argument-to-make-the-libxml2-dependenc.patch |  16 +-
 .../dhcp/0008-tweak-to-support-external-bind.patch | 161 ++--
 ...09-remove-dhclient-script-bash-dependency.patch |   4 +-
 .../dhcp/dhcp/0010-build-shared-libs.patch | 210 -
 ...all-to-isc_app_ctxstart-to-not-get-signal.patch |  81 
 ...orrect-the-intention-for-xml2-lib-search.patch} |  10 +-
 .../dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb}  |   7 +-
 .../recipes-core/ncurses/files/0001-tic-hang.patch |  24 +--
 .../files/0002-configure-reproducible.patch|   8 +-
 meta/recipes-core/ncurses/ncurses.inc  |   1 +
 .../{ncurses_6.0+20171125.bb => ncurses_6.1.bb}|   2 +-
 ...-memleak-bug-fix-for-builtin-command-read.patch |  35 
 .../bash/{bash_4.4.12.bb => bash_4.4.18.bb}|   6 +-
 .../0001-contrib.mak-fix-for-parallel-build.patch} |  28 ++-
 ...base-gendev.c-fix-for-Werror-return-type.patch} |  10 +-
 ...nfigure.ac-do-not-check-local-png-source.patch} |  10 +-
 .../0004-avoid-host-contamination.patch}   |  18 +-
 ...allow-directories-to-be-created-more-tha.patch} |  16 +-
 .../0006-prevent-recompiling.patch}|  79 +++-
 ...7-not-generate-objarch.h-at-compile-time.patch} |  33 ++--
 .../0008-cups-no-gcrypt.patch} |  14 +-
 ...script-native-fix-disable-system-libtiff.patch} |  29 ++-
 ...-add-a-preprocessor-define-to-allow-fope.patch} |  14 +-
 .../files/0011-remove-direct-symlink.patch |  40 
 .../ghostscript/ghostscript/CVE-2017-11714.patch   |  61 --
 .../ghostscript/ghostscript/CVE-2017-5951.patch|  44 -
 .../ghostscript/ghostscript/CVE-2017-7207.patch|  39 
 .../ghostscript/ghostscript/CVE-2017-7975.patch|  37 
 .../ghostscript/ghostscript/CVE-2017-9216.patch|  36 
 .../ghostscript/ghostscript/CVE-2017-9611.patch|  34 
 .../ghostscript/ghostscript/CVE-2017-9612.patch|  35 
 .../ghostscript/ghostscript/CVE-2017-9726.patch|  33 
 .../ghostscript/ghostscript/CVE-2017-9727.patch|  35 
 .../ghostscript/ghostscript/CVE-2017-9739.patch|  37 
 .../ghostscript/ghostscript/CVE-2017-9835.patch| 125 
 .../{ghostscript_9.21.bb => ghostscript_9.23.bb}   |  44 ++---
 .../man-db/{man-db_2.8.1.bb => man-db_2.8.2.bb}|   4 +-
 ...c-use-a-custom-value-for-the-location-of-.patch |   7 +-
 .../gnupg/{gnupg_2.2.4.bb => gnupg_2.2.5.bb}   |   4 +-
 ...kgconfig.patch => 0001-support-pkgconfig.patch} |  67 ---
 .../{libgpg-error_1.27.bb => libgpg-error_1.28.bb} |   8 +-
 48 files changed, 502 insertions(+), 1127 deletions(-)
 delete mode 100644 
meta/recipes-connectivity/dhcp/dhcp/0011-Moved-the-call-to-isc_app_ctxstart-to-not-get-signal.patch
 rename 
meta/recipes-connectivity/dhcp/dhcp/{0012-dhcp-correct-the-intention-for-xml2-lib-search.patch
 => 0011-dhcp-correct-the-intention-for-xml2-lib-search.patch} (82%)
 rename meta/recipes-connectivity/dhcp/{dhcp_4.3.6.bb => dhcp_4.4.1.bb} (73%)
 rename meta/recipes-core/ncurses/{ncurses_6.0+20171125.bb => ncurses_6.1.bb} 
(86%)
 delete mode 100644 
meta/recipes-extended/bash/bash/bash-memleak-bug-fix-for-builtin-command-read.patch
 rename meta/recipes-extended/bash/{bash_4.4.12.bb => bash_4.4.18.bb} (74%)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/ghostscript-9.15-parallel-make.patch
 => files/0001-contrib.mak-fix-for-parallel-build.patch} (55%)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/ghostscript-9.16-Werror-return-type.patch
 => files/0002-base-gendev.c-fix-for-Werror-return-type.patch} (75%)
 rename 
meta/recipes-extended/ghostscript/files/{do-not-check-local-libpng-source.patch 
=> 0003-configure.ac-do-not-check-local-png-source.patch} (81%)
 rename 
meta/recipes-extended/ghostscript/{ghostscript/avoid-host-contamination.patch 
=> files/0004-avoid-host-contamination.patc

[OE-core] [PATCH 2/2] python3: Fix do_create_manifest for python3-sqlite3

[Alejandro Enedino Hernandez Samaniego]

Some of the sqlite3 files ended up in python3-misc incorrectly,
this is caused becuse we couldnt add the whole ${libdir}/python3/sqlite3
folder on the package because we also have another sqlite3-tests
package that needs to include another folder from that directory.

This patch not only fixes the do_create_manifest script to handle this
situation, but also patches the manifest (created using the script)
which also fixes a hiddn runtime dependency that we wouldn't have seen.

Signed-off-by: Alejandro Enedino Hernandez Samaniego 
---
 .../python/python3/create_manifest3.py | 43 ++
 .../python/python3/python3-manifest.json   | 15 +---
 2 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/meta/recipes-devtools/python/python3/create_manifest3.py 
b/meta/recipes-devtools/python/python3/create_manifest3.py
index 43e95ce..212ddd4 100644
--- a/meta/recipes-devtools/python/python3/create_manifest3.py
+++ b/meta/recipes-devtools/python/python3/create_manifest3.py
@@ -124,7 +124,6 @@ for value in old_manifest['core']['files']:
   # Get module name , shouldnt be affected by libdir/bindir
   value = os.path.splitext(os.path.basename(os.path.normpath(value)))[0]

-
   # Launch separate task for each module for deterministic behavior
   # Each module will only import what is necessary for it to work in specific
   print ('Getting dependencies for module: %s' % value)
@@ -203,8 +202,20 @@ for key in old_manifest:
 if value not in new_manifest[key]['files']:
 new_manifest[key]['files'].append(value)
 continue
+
 # Get module name , shouldnt be affected by libdir/bindir
-value = os.path.splitext(os.path.basename(os.path.normpath(value)))[0]
+# We need to check if the imported module comes from another (e.g. 
sqlite3.dump)
+path,value = os.path.split(value)
+path = os.path.basename(path)
+value = os.path.splitext(os.path.basename(value))[0]
+
+# If this condition is met, it means we need to import it from another 
module
+# or its the folder itself (e.g. unittest)
+if path == key:
+  if value:
+value = path + '.' + value
+  else:
+value = path

 # Launch separate task for each module for deterministic behavior
 # Each module will only import what is necessary for it to work in 
specific
@@ -292,19 +303,20 @@ for key in old_manifest:

new_manifest[key]['rdepends'].append(newkey)
 break
 else:
-  # Debug
-  print('Adding %s to %s FILES' % (item, key))
-  # Since it wasnt found on another package, its not an 
RDEP, so add it to FILES for this package
-  if isCached(item):
-  new_manifest[key]['cached'].append(item)
-  else:
-  new_manifest[key]['files'].append(item)
-  if item.endswith('*'):
-  wildcards.append(item)
-  if item not in allfiles:
-  allfiles.append(item)
-  else:
-  repeated.append(item)
+  # A module shouldn't contain itself 
(${libdir}/python3/sqlite3 shouldnt be on sqlite3 files)
+  if os.path.basename(item) != key:
+print('Adding %s to %s FILES' % (item, key))
+# Since it wasnt found on another package, its not an 
RDEP, so add it to FILES for this package
+if isCached(item):
+new_manifest[key]['cached'].append(item)
+else:
+new_manifest[key]['files'].append(item)
+if item.endswith('*'):
+wildcards.append(item)
+if item not in allfiles:
+allfiles.append(item)
+else:
+repeated.append(item)

 print ('The following files are repeated (contained in more than one package), 
please check which package should get it:')
 print (repeated)
@@ -322,3 +334,4 @@ for key in new_manifest:
 # Create the manifest from the data structure that was built
 with open('python3-manifest.json.new','w') as outfile:
 json.dump(new_manifest,outfile,sort_keys=True, indent=4)
+outfile.write("\n")
diff --git a/meta/recipes-devtools/python/python3/python3-manifest.json 
b/meta/recipes-devtools/python/python3/python3-manifest.json
index 911be8e..26fa613 100644
--- a/meta/recipes-devtools/python/python3/python3-manifest.json
+++ b/meta/recipes-devtools/python/python3/python3-manifest.json
@@ -591,8 +591,7 @@
 ],
 "rdepends": [
 "core",
-

[OE-core] [PATCH 1/2] python3: fix create_manifest to handle pycache folders

[Alejandro Enedino Hernandez Samaniego]

We have a couple of python modules that contain folders themselves,
for that reason they also contain a __pycache__ folder inside those
directories, since we include the whole folder in the manifest, the
pycache directories end up with the files and not the cache files.

This patch catches that and adds the directories to the correct
structure.

Signed-off-by: Alejandro Enedino Hernandez Samaniego 
---
 .../python/python3/create_manifest3.py   |  5 -
 .../python/python3/python3-manifest.json | 20 +++-
 2 files changed, 15 insertions(+), 10 deletions(-)

diff --git a/meta/recipes-devtools/python/python3/create_manifest3.py 
b/meta/recipes-devtools/python/python3/create_manifest3.py
index ead27e9..43e95ce 100644
--- a/meta/recipes-devtools/python/python3/create_manifest3.py
+++ b/meta/recipes-devtools/python/python3/create_manifest3.py
@@ -186,7 +186,10 @@ for key in old_manifest:
 # Ignore folders, since we don't import those, difficult to handle 
multilib
 if isFolder(value):
 # Pass folders directly
-new_manifest[key]['files'].append(value)
+if isCached(value):
+new_manifest[key]['cached'].append(value)
+else:
+new_manifest[key]['files'].append(value)
 # Ignore binaries, since we don't import those
 if '${bindir}' in value:
 # Pass it directly to the new manifest data structure
diff --git a/meta/recipes-devtools/python/python3/python3-manifest.json 
b/meta/recipes-devtools/python/python3/python3-manifest.json
index 95071c5..911be8e 100644
--- a/meta/recipes-devtools/python/python3/python3-manifest.json
+++ b/meta/recipes-devtools/python/python3/python3-manifest.json
@@ -737,21 +737,21 @@
 "${libdir}/python3.5/__pycache__/poplib.*.pyc",
 "${libdir}/python3.5/__pycache__/smtplib.*.pyc",
 "${libdir}/python3.5/__pycache__/telnetlib.*.pyc",
-"${libdir}/python3.5/__pycache__/uuid.*.pyc"
+"${libdir}/python3.5/__pycache__/uuid.*.pyc",
+"${libdir}/python3.5/http/__pycache__",
+"${libdir}/python3.5/urllib/__pycache__"
 ],
 "files": [
 "${libdir}/python3.5/base64.py",
 "${libdir}/python3.5/ftplib.py",
 "${libdir}/python3.5/hmac.py",
 "${libdir}/python3.5/http",
-"${libdir}/python3.5/http/__pycache__",
 "${libdir}/python3.5/mimetypes.py",
 "${libdir}/python3.5/nntplib.py",
 "${libdir}/python3.5/poplib.py",
 "${libdir}/python3.5/smtplib.py",
 "${libdir}/python3.5/telnetlib.py",
 "${libdir}/python3.5/urllib",
-"${libdir}/python3.5/urllib/__pycache__",
 "${libdir}/python3.5/uuid.py"
 ],
 "rdepends": [
@@ -1088,11 +1088,12 @@
 "summary": "Python typing support"
 },
 "unittest": {
-"cached": [],
+"cached": [
+"${libdir}/python3.5/unittest/__pycache__"
+],
 "files": [
 "${libdir}/python3.5/unittest",
-"${libdir}/python3.5/unittest/",
-"${libdir}/python3.5/unittest/__pycache__"
+"${libdir}/python3.5/unittest/"
 ],
 "rdepends": [
 "core",
@@ -1132,11 +1133,12 @@
 "summary": "Python basic XML support"
 },
 "xmlrpc": {
-"cached": [],
-"files": [
-"${libdir}/python3.5/xmlrpc",
+"cached": [
 "${libdir}/python3.5/xmlrpc/__pycache__"
 ],
+"files": [
+"${libdir}/python3.5/xmlrpc"
+],
 "rdepends": [
 "core",
 "xml"
--
2.7.4

This email and any attachments are intended for the sole use of the named 
recipient(s) and contain(s) confidential information that may be proprietary, 
privileged or copyrighted under applicable law. If you are not the intended 
recipient, do not read, copy, or forward this email message or any attachments. 
Delete this email message and any attachments immediately.
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core