[OE-core] ✗ patchtest: failure for Remove the gnome class

[Patchwork]

== Series Details ==

Series: Remove the gnome class
Revision: 1
URL   : https://patchwork.openembedded.org/series/18942/
State : failure

== Summary ==


Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:



* PatchRemove the gnome class
 Issue Shortlog does not follow expected format 
[test_shortlog_format] 
  Suggested fixCommit shortlog (first line of commit message) should follow 
the format ": "



If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).

---
Guidelines: 
https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] Remove the gnome class

[Adrian Bunk]

All that was left was
  inherit gnomebase gtk-icon-cache gconf mime
and especially inheriting the obsolete gconf is usually unwanted.

Signed-off-by: Adrian Bunk 
---
Documentation changes will be sent separately.
Users in meta-openembedded have already been fixed.
---
 meta/classes/gnome.bbclass | 1 -
 1 file changed, 1 deletion(-)
 delete mode 100644 meta/classes/gnome.bbclass

diff --git a/meta/classes/gnome.bbclass b/meta/classes/gnome.bbclass
deleted file mode 100644
index c6202bbb75..00
--- a/meta/classes/gnome.bbclass
+++ /dev/null
@@ -1 +0,0 @@
-inherit gnomebase gtk-icon-cache gconf mime
-- 
2.17.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 2/2] grub: upgrade 2.02 -> 2.04

[Anuj Mittal]

* For changes in this version, see:
http://git.savannah.gnu.org/cgit/grub.git/tree/NEWS?h=grub-2.04

* Remove backported patches and refresh others.

* Remove the musl patch as it's no longer needed.

* Use configure option --disable-werror instead of passing through CFLAGS.

Signed-off-by: Anuj Mittal 
---
 ...-mfpmath-sse-as-well-when-SSE-is-disabled.patch | 13 ++--
 ...need_charset_alias-when-building-for-musl.patch | 30 -
 .../0001-grub-setup-Debug-message-cleanup.patch| 34 --
 ...1-grub.d-10_linux.in-add-oe-s-kernel-name.patch | 16 ++---
 ...-64-Treat-R_X86_64_PLT32-as-R_X86_64_PC32.patch | 76 --
 .../grub/files/autogen.sh-exclude-pc.patch | 15 +++--
 meta/recipes-bsp/grub/files/gcc8.patch | 74 -
 ...-explicitly-keeps-symbole-.module_license.patch | 21 +++---
 .../grub/{grub-efi_2.02.bb => grub-efi_2.04.bb}|  0
 meta/recipes-bsp/grub/grub2.inc| 13 ++--
 .../grub/{grub_2.02.bb => grub_2.04.bb}|  0
 11 files changed, 35 insertions(+), 257 deletions(-)
 delete mode 100644 
meta/recipes-bsp/grub/files/0001-Unset-need_charset_alias-when-building-for-musl.patch
 delete mode 100644 
meta/recipes-bsp/grub/files/0001-grub-setup-Debug-message-cleanup.patch
 delete mode 100644 
meta/recipes-bsp/grub/files/0001-x86-64-Treat-R_X86_64_PLT32-as-R_X86_64_PC32.patch
 delete mode 100644 meta/recipes-bsp/grub/files/gcc8.patch
 rename meta/recipes-bsp/grub/{grub-efi_2.02.bb => grub-efi_2.04.bb} (100%)
 rename meta/recipes-bsp/grub/{grub_2.02.bb => grub_2.04.bb} (100%)

diff --git 
a/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
 
b/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
index ce3238f..6b73878 100644
--- 
a/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
+++ 
b/meta/recipes-bsp/grub/files/0001-Disable-mfpmath-sse-as-well-when-SSE-is-disabled.patch
@@ -1,4 +1,4 @@
-From fb7b827a56b1f92f882d0f5ef130acc968b23293 Mon Sep 17 00:00:00 2001
+From 96d9aa55d29b24e2490d5647a9efc66940fc400f Mon Sep 17 00:00:00 2001
 From: Khem Raj 
 Date: Wed, 13 Jan 2016 19:17:31 +
 Subject: [PATCH] Disable -mfpmath=sse as well when SSE is disabled
@@ -22,17 +22,17 @@ cc1: all warnings being treated as errors
 
 Signed-off-by: Nitin A Kamble 
 Signed-off-by: Khem Raj 

-Upstream-Status: Pending
 
+Upstream-Status: Pending
+---
  configure.ac | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/configure.ac b/configure.ac
-index 26d2f33..9ce56de 100644
+index 7656f24..0868ea9 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -783,7 +783,7 @@ fi
+@@ -824,7 +824,7 @@ fi
  if ( test "x$target_cpu" = xi386 || test "x$target_cpu" = xx86_64 ) && test 
"x$platform" != xemu; then
# Some toolchains enable these features by default, but they need
# registers that aren't set up properly in GRUB.
@@ -41,6 +41,3 @@ index 26d2f33..9ce56de 100644
  fi
  
  # GRUB doesn't use float or doubles at all. Yet some toolchains may decide
--- 
-2.7.0
-
diff --git 
a/meta/recipes-bsp/grub/files/0001-Unset-need_charset_alias-when-building-for-musl.patch
 
b/meta/recipes-bsp/grub/files/0001-Unset-need_charset_alias-when-building-for-musl.patch
deleted file mode 100644
index 67dc115..000
--- 
a/meta/recipes-bsp/grub/files/0001-Unset-need_charset_alias-when-building-for-musl.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From b9565dc2fe0c4f7daaec91b7e83bc7313dee2f4a Mon Sep 17 00:00:00 2001
-From: Khem Raj 
-Date: Mon, 13 Apr 2015 17:02:13 -0700
-Subject: [PATCH] Unset need_charset_alias when building for musl
-
-localcharset uses ac_cv_gnu_library_2_1 from glibc21.m4
-which actually shoudl be fixed in gnulib and then all downstream
-projects will get it eventually. For now we apply the fix to
-coreutils
-
-Upstream-Status: Pending
-
-Signed-off-by: Khem Raj 

- lib/gnulib.mk | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: grub-2.00/grub-core/gnulib/Makefile.am
-===
 grub-2.00.orig/grub-core/gnulib/Makefile.am
-+++ grub-2.00/grub-core/gnulib/Makefile.am
-@@ -410,7 +410,7 @@ install-exec-localcharset: all-local
- case '$(host_os)' in \
-   darwin[56]*) \
- need_charset_alias=true ;; \
--  darwin* | cygwin* | mingw* | pw32* | cegcc*) \
-+  darwin* | cygwin* | mingw* | pw32* | cegcc* | linux-musl*) \
- need_charset_alias=false ;; \
-   *) \
- need_charset_alias=true ;; \
diff --git 
a/meta/recipes-bsp/grub/files/0001-grub-setup-Debug-message-cleanup.patch 
b/meta/recipes-bsp/grub/files/0001-grub-setup-Debug-message-cleanup.patch
deleted file mode 100644
index e01fcdf..000
--- a/meta/recipes-bsp/grub/files/0001-grub-setup-Debug-message-cleanup.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 4e9d9358e0cda6d01020005eb6343e3b69f7201a Mon Sep 17 

[OE-core] [PATCH 1/2] libsdl2: upgrade 2.0.9 -> 2.0.10

[Anuj Mittal]

License-Update: Change in Copyright Year.

Refresh the patch to apply on configure.ac instead of .in.

Signed-off-by: Anuj Mittal 
---
 .../libsdl2/libsdl2/more-gen-depends.patch | 37 +++---
 .../{libsdl2_2.0.9.bb => libsdl2_2.0.10.bb}|  6 ++--
 2 files changed, 28 insertions(+), 15 deletions(-)
 rename meta/recipes-graphics/libsdl2/{libsdl2_2.0.9.bb => libsdl2_2.0.10.bb} 
(93%)

diff --git a/meta/recipes-graphics/libsdl2/libsdl2/more-gen-depends.patch 
b/meta/recipes-graphics/libsdl2/libsdl2/more-gen-depends.patch
index 29076bf..8ca52eb 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2/more-gen-depends.patch
+++ b/meta/recipes-graphics/libsdl2/libsdl2/more-gen-depends.patch
@@ -1,3 +1,8 @@
+From e0f4b6d18ce6f025c78773e909b9c395ad833c7a Mon Sep 17 00:00:00 2001
+From: Ross Burton 
+Date: Mon, 29 Jul 2019 08:38:32 +0800
+Subject: [PATCH] configure: fix dependencies
+
 Many source files include e.g. wayland-protocols.h which should be found in the
 sysroot but SDL wants to build its own headers from the XML definitions.
 
@@ -14,34 +19,42 @@ the primary objects.
 
 Upstream-Status: Pending
 Signed-off-by: Ross Burton 
+[Moved to configure.ac]
+Signed-off-by: Anuj Mittal 
+---
+ configure.ac | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
 
-diff --git a/configure.in 
b/data/poky-tmp/master/work/corei7-64-poky-linux/libsdl2/2.0.8-r0/SDL2-2.0.8/configure.in
-index 1c7e79338..ba07a4a4e 100644
 a/configure.in
-+++ 
b/data/poky-tmp/master/work/corei7-64-poky-linux/libsdl2/2.0.8-r0/SDL2-2.0.8/configure.in
-@@ -4011,7 +4011,7 @@ DEPENDS=`echo $SOURCES | tr ' ' '\n'`
+diff --git a/configure.ac b/configure.ac
+index 9e782c6..997915a 100644
+--- a/configure.ac
 b/configure.ac
+@@ -4061,7 +4061,7 @@ DEPENDS=`echo $SOURCES | tr ' ' '\n'`
  for EXT in asm cc m c S; do
  OBJECTS=`echo "$OBJECTS" | sed 's,[[^ ]]*/\([[^ 
]]*\)\.'$EXT',$(objects)/\1.lo,g'`
  DEPENDS=`echo "$DEPENDS" | sed "s,^\\([[^ ]]*\\)/\\([[^ 
]]*\\)\\.$EXT\\$,
--\\$(objects)/\\2.lo: \\1/\\2.$EXT
-+\\$(objects)/\\2.lo: \\1/\\2.$EXT \\$(GEN_OBJECTS)
+-\\$(objects)/\\2.lo: \\1/\\2.$EXT \\$(objects)/.created
++\\$(objects)/\\2.lo: \\1/\\2.$EXT \\$(objects)/.created \\$(GEN_OBJECTS)
\\$(RUN_CMD_CC)\\$(LIBTOOL) --tag=CC --mode=compile \\$(CC) \\$(CFLAGS) 
\\$(EXTRA_CFLAGS) $DEPENDENCY_TRACKING_OPTIONS -c \\$< -o \\$@,g"`
  done
  
-@@ -4028,14 +4028,14 @@ SDLMAIN_OBJECTS=`echo $SDLMAIN_SOURCES`
+@@ -4078,14 +4078,14 @@ SDLMAIN_OBJECTS=`echo $SDLMAIN_SOURCES`
  SDLMAIN_DEPENDS=`echo $SDLMAIN_SOURCES`
  SDLMAIN_OBJECTS=`echo "$SDLMAIN_OBJECTS" | sed 's,[[^ ]]*/\([[^ 
]]*\)\.c,$(objects)/\1.lo,g'`
  SDLMAIN_DEPENDS=`echo "$SDLMAIN_DEPENDS" | sed "s,\\([[^ ]]*\\)/\\([[^ 
]]*\\)\\.c,
--\\$(objects)/\\2.lo: \\1/\\2.c
-+\\$(objects)/\\2.lo: \\1/\\2.c \\$(GEN_OBJECTS)
+-\\$(objects)/\\2.lo: \\1/\\2.c \\$(objects)/.created
++\\$(objects)/\\2.lo: \\1/\\2.c \\$(objects)/.created \\$(GEN_OBJECTS)
\\$(RUN_CMD_CC)\\$(LIBTOOL) --tag=CC --mode=compile \\$(CC) \\$(CFLAGS) 
\\$(EXTRA_CFLAGS) $DEPENDENCY_TRACKING_OPTIONS -c \\$< -o \\$@,g"`
  
  SDLTEST_OBJECTS=`echo $SDLTEST_SOURCES`
  SDLTEST_DEPENDS=`echo $SDLTEST_SOURCES`
  SDLTEST_OBJECTS=`echo "$SDLTEST_OBJECTS" | sed 's,[[^ ]]*/\([[^ 
]]*\)\.c,$(objects)/\1.lo,g'`
  SDLTEST_DEPENDS=`echo "$SDLTEST_DEPENDS" | sed "s,\\([[^ ]]*\\)/\\([[^ 
]]*\\)\\.c,
--\\$(objects)/\\2.lo: \\1/\\2.c
-+\\$(objects)/\\2.lo: \\1/\\2.c \\$(GEN_OBJECTS)
+-\\$(objects)/\\2.lo: \\1/\\2.c \\$(objects)/.created
++\\$(objects)/\\2.lo: \\1/\\2.c \\$(objects)/.created \\$(GEN_OBJECTS)
\\$(RUN_CMD_CC)\\$(LIBTOOL) --tag=CC --mode=compile \\$(CC) \\$(CFLAGS) 
\\$(EXTRA_CFLAGS) $DEPENDENCY_TRACKING_OPTIONS -c \\$< -o \\$@,g"`
  
  # Set runtime shared library paths as needed
+-- 
+2.7.4
+
diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.0.9.bb 
b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
similarity index 93%
rename from meta/recipes-graphics/libsdl2/libsdl2_2.0.9.bb
rename to meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
index a0a0b15..3a0654b 100644
--- a/meta/recipes-graphics/libsdl2/libsdl2_2.0.9.bb
+++ b/meta/recipes-graphics/libsdl2/libsdl2_2.0.10.bb
@@ -8,7 +8,7 @@ BUGTRACKER = "http://bugzilla.libsdl.org/;
 SECTION = "libs"
 
 LICENSE = "Zlib"
-LIC_FILES_CHKSUM = "file://COPYING.txt;md5=02ee26814dd044bd7838ae24e05b880f"
+LIC_FILES_CHKSUM = "file://COPYING.txt;md5=504a9454ceb89fd75a2583473b11409e"
 
 PROVIDES = "virtual/libsdl2"
 
@@ -18,8 +18,8 @@ SRC_URI = "http://www.libsdl.org/release/SDL2-${PV}.tar.gz \
 
 S = "${WORKDIR}/SDL2-${PV}"
 
-SRC_URI[md5sum] = "f2ecfba915c54f7200f504d8b48a5dfe"
-SRC_URI[sha256sum] = 
"255186dc676ecd0c1dbf10ec8a2cc5d6869b5079d8a38194c2aecdff54b324b1"
+SRC_URI[md5sum] = "5a2114f2a6f348bdab5bf52b994811db"
+SRC_URI[sha256sum] = 
"b4656c13a1f0d0023ae2f4a9cf08ec92fffb464e0f24238337784159b8b91d57"
 
 inherit autotools lib_package binconfig-disabled pkgconfig
 
-- 

Re: [OE-core] [PATCH] core-image-sato-sdk: test image with 512M memory

[Kang Kai]

On 2019/7/27 下午4:35, Alexander Kanavin wrote:
I think you need to re-generate the image first (it goes to qemuboot 
config file). It is already used in ptest images, so it’s good to be 
consistent.


Thank. It works for testimage with setting QB_MEM. For the other 2 
images which has been set QB_MEM are ptest images just as you said
(core-image-sato-ptest-fast and core-image-sato-sdk-ptest). But for 
core-image-sato-sdk, it affects runqemu beyond testiamge. I just wonder

is that acceptable?

Regards,
Kai



Alex

On 27 Jul 2019, at 4.35, Kang Kai > wrote:



On 2019/7/26 下午6:11, Alexander Kanavin wrote:

I think you need to use QB_MEM here.


Used TEST_QEMUPARAMS because I found the following line in 
testimage.bbclass:


# TEST_QEMUPARAMS can be used to pass extra parameters to qemu, e.g. 
"-m 1024" for setting the amount o f ram to 1 GB.



And it seems QB_MEM is not used when boot the qemu during testimage.




Also, maybe we should just bump the 256M default?


I hope so.


Regards,
Kai




Alex

On Fri, 26 Jul 2019 at 12:24, > wrote:


From: Kai Kang mailto:kai.k...@windriver.com>>

When run do_testimage for core-image-sato-sdk, it fails to pass test
case:

| RESULTS - systemd.SystemdBasicTests.test_systemd_failed:
FAILED (0.43s)

It is OOM issue and daemon rpc.statd is killed:

|  [  531.306146] Out of memory: Kill process 193 (rpc.statd)
score 200 or sacrifice child

Increase the memory of qemu to 512M to avoid such OOM issue.

Signed-off-by: Kai Kang mailto:kai.k...@windriver.com>>
---
 meta/recipes-sato/images/core-image-sato-sdk.bb
 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-sato/images/core-image-sato-sdk.bb

b/meta/recipes-sato/images/core-image-sato-sdk.bb

index d7cc52b52b..f7963d018e 100644
--- a/meta/recipes-sato/images/core-image-sato-sdk.bb

+++ b/meta/recipes-sato/images/core-image-sato-sdk.bb

@@ -9,3 +9,4 @@ IMAGE_FEATURES += "dev-pkgs tools-sdk \

 IMAGE_INSTALL += "kernel-devsrc"

+TEST_QEMUPARAMS = "-m 512"
-- 
2.20.0


-- 
___

Openembedded-core mailing list
Openembedded-core@lists.openembedded.org

http://lists.openembedded.org/mailman/listinfo/openembedded-core



--
Kai Kang



--
Kai Kang

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCHv2] mdadm:add mdmonitor.service

[Zang Ruochen]

-The original file mdmonitor.service is as follows:
...
|[Service]
|Environment=  MDADM_MONITOR_ARGS=--scan
|EnvironmentFile=-/run/sysconfig/mdadm
|ExecStartPre=-/usr/lib/mdadm/mdadm_env.sh
|ExecStart=/sbin/mdadm --monitor -y $MDADM_MONITOR_ARGS
...
-It has a syntax error and it doesn't work properly, 
 so add new file mdmonitor.service to overwrite it.

Signed-off-by: Zang Ruochen 
---
 meta/recipes-extended/mdadm/files/mdmonitor.service | 10 ++
 meta/recipes-extended/mdadm/mdadm_4.1.bb|  2 ++
 2 files changed, 12 insertions(+)
 create mode 100644 meta/recipes-extended/mdadm/files/mdmonitor.service

diff --git a/meta/recipes-extended/mdadm/files/mdmonitor.service 
b/meta/recipes-extended/mdadm/files/mdmonitor.service
new file mode 100644
index 00..4f07c755ae
--- /dev/null
+++ b/meta/recipes-extended/mdadm/files/mdmonitor.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Software RAID monitoring and management
+ConditionPathExists=/etc/mdadm.conf
+[Service]
+Type=forking
+PIDFile=/var/run/mdadm/mdadm.pid
+EnvironmentFile=-/etc/sysconfig/mdmonitor
+ExecStart=/sbin/mdadm --monitor --scan -f --pid-file=/var/run/mdadm/mdadm.pid
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-extended/mdadm/mdadm_4.1.bb 
b/meta/recipes-extended/mdadm/mdadm_4.1.bb
index 74c94f6ecb..daa2ed8e2e 100644
--- a/meta/recipes-extended/mdadm/mdadm_4.1.bb
+++ b/meta/recipes-extended/mdadm/mdadm_4.1.bb
@@ -20,6 +20,7 @@ SRC_URI = 
"${KERNELORG_MIRROR}/linux/utils/raid/mdadm/${BPN}-${PV}.tar.xz \
file://debian-no-Werror.patch \

file://0001-Revert-tests-wait-for-complete-rebuild-in-integrity-.patch \
   file://mdadm.init \
+  file://mdmonitor.service \
   
file://0001-mdadm-add-option-y-for-use-syslog-to-recive-event-re.patch \
file://include_sysmacros.patch \
"
@@ -65,6 +66,7 @@ do_install_append() {
 
 do_install_append() {
 oe_runmake install-systemd DESTDIR=${D}
+install -m 644 ${WORKDIR}/mdmonitor.service 
${D}/lib/systemd/system/mdmonitor.service
 }
 
 do_compile_ptest() {
-- 
2.20.1



-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud][PATCH 5/7] ghostscript: Fix 3 CVEs

[Anuj Mittal]

From: Ovidiu Panait 

It was discovered that the ghostscript /invalidaccess checks fail under
certain conditions. An attacker could possibly exploit this to bypass
the -dSAFER protection and, for example, execute arbitrary shell commands
via a specially crafted PostScript document.

It was found that the superexec operator was available in the internal
dictionary in ghostscript before 9.27. A specially crafted PostScript
file could use this flaw in order to, for example, have access to the
file system outside of the constrains imposed by -dSAFER.

It was found that the forceput operator could be extracted from the
DefineResource method in ghostscript before 9.27. A specially crafted
PostScript file could use this flaw in order to, for example, have
access to the file system outside of the constrains imposed by -dSAFER.

References:
https://nvd.nist.gov/vuln/detail/CVE-2019-6116
https://www.openwall.com/lists/oss-security/2019/01/23/5
https://nvd.nist.gov/vuln/detail/CVE-2019-3835
https://nvd.nist.gov/vuln/detail/CVE-2019-3838

Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=13b0a36
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2db98f9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=99f1309
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=59d8f4d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2768d1a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=49c8092
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2ff600a
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=779664d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=e8acf6d
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2055917
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d683d1e
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ed9fcd9
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a82601e

(From OE-Core rev: 12e140dfdac8456772223c816e37bd869419bb18)

Signed-off-by: Ovidiu Panait 
Signed-off-by: Richard Purdie 
[Fix for CVE-2019-6116 is already in thud, so that has been removed]
Signed-off-by: Anuj Mittal 
---
 .../ghostscript/CVE-2019-3835-0001.patch   |  99 +++
 .../ghostscript/CVE-2019-3835-0002.patch   |  71 +
 .../ghostscript/CVE-2019-3835-0003.patch   | 295 +
 .../ghostscript/CVE-2019-3835-0004.patch   | 167 
 .../ghostscript/CVE-2019-3838-0001.patch   |  34 +++
 .../ghostscript/CVE-2019-3838-0002.patch   |  30 +++
 .../ghostscript/ghostscript_9.26.bb|   6 +
 7 files changed, 702 insertions(+)
 create mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
 create mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0002.patch
 create mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0003.patch
 create mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0004.patch
 create mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0001.patch
 create mode 100644 
meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3838-0002.patch

diff --git 
a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch 
b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
new file mode 100644
index 000..30ce04a
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-3835-0001.patch
@@ -0,0 +1,99 @@
+From ad3ad6b389653722507e588c5cb34d8731e49e89 Mon Sep 17 00:00:00 2001
+From: Chris Liddell 
+Date: Mon, 26 Nov 2018 18:01:25 +
+Subject: [PATCH] Have gs_cet.ps run from gs_init.ps
+
+Previously gs_cet.ps was run on the command line, to set up the interpreter
+state so our output more closely matches the example output for the QL CET
+tests.
+
+Allow a -dCETMODE command line switch, which will cause gs_init.ps to run the
+file directly.
+
+This works better for gpdl as it means the changes are made in the intial
+interpreter state, rather than after initialisation is complete.
+
+This also means adding a definition of the default procedure for black
+generation and under color removal (rather it being defined in-line in
+.setdefaultbgucr
+
+Also, add a check so gs_cet.ps only runs once - if we try to run it a second
+time, we'll just skip over the file, flushing through to the end.
+
+CVE: CVE-2019-3835
+Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
+
+Signed-off-by: Ovidiu Panait 
+---
+ Resource/Init/gs_cet.ps  | 11 ++-
+ Resource/Init/gs_init.ps | 13 -
+ 2 files changed, 22 insertions(+), 2 deletions(-)
+
+diff --git a/Resource/Init/gs_cet.ps b/Resource/Init/gs_cet.ps
+index d3e1686..75534bb 100644
+--- a/Resource/Init/gs_cet.ps
 b/Resource/Init/gs_cet.ps
+@@ -1,6 +1,11 @@
+ %!PS
+ % Set defaults for Ghostscript to match Adobe CPSI behaviour for CET
+ 
++systemdict /product get (PhotoPRINT SE 5.0v2) readonly eq

[OE-core] [thud][PATCH 6/7] libcroco: fix CVE-2017-7961

[Anuj Mittal]

From: Ross Burton 

(From OE-Core rev: 480f15850820746cecdfe0b8450b2be484c1f8f9)

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
---
 .../libcroco/libcroco/CVE-2017-7961.patch  | 45 ++
 meta/recipes-support/libcroco/libcroco_0.6.12.bb   |  4 +-
 2 files changed, 48 insertions(+), 1 deletion(-)
 create mode 100644 meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch

diff --git a/meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch 
b/meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch
new file mode 100644
index 000..35471ec
--- /dev/null
+++ b/meta/recipes-support/libcroco/libcroco/CVE-2017-7961.patch
@@ -0,0 +1,45 @@
+CVE: CVE-2017-7961
+Upstream-Status: Backport
+Signed-off-by: Ross Burton 
+
+From 9ad72875e9f08e4c519ef63d44cdbd94aa9504f7 Mon Sep 17 00:00:00 2001
+From: Ignacio Casal Quinteiro 
+Date: Sun, 16 Apr 2017 13:56:09 +0200
+Subject: [PATCH] tknzr: support only max long rgb values
+
+This fixes a possible out of bound when reading rgbs which
+are longer than the support MAXLONG
+---
+ src/cr-tknzr.c | 10 ++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/cr-tknzr.c b/src/cr-tknzr.c
+index 1a7cfeb..1548c35 100644
+--- a/src/cr-tknzr.c
 b/src/cr-tknzr.c
+@@ -1279,6 +1279,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+ status = cr_tknzr_parse_num (a_this, );
+ ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+ 
++if (num->val > G_MAXLONG) {
++status = CR_PARSING_ERROR;
++goto error;
++}
++
+ red = num->val;
+ cr_num_destroy (num);
+ num = NULL;
+@@ -1298,6 +1303,11 @@ cr_tknzr_parse_rgb (CRTknzr * a_this, CRRgb ** a_rgb)
+ status = cr_tknzr_parse_num (a_this, );
+ ENSURE_PARSING_COND ((status == CR_OK) && (num != NULL));
+ 
++if (num->val > G_MAXLONG) {
++status = CR_PARSING_ERROR;
++goto error;
++}
++
+ PEEK_BYTE (a_this, 1, _bytes[0]);
+ if (next_bytes[0] == '%') {
+ SKIP_CHARS (a_this, 1);
+-- 
+2.18.1
diff --git a/meta/recipes-support/libcroco/libcroco_0.6.12.bb 
b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
index 5b962ee..f95a583 100644
--- a/meta/recipes-support/libcroco/libcroco_0.6.12.bb
+++ b/meta/recipes-support/libcroco/libcroco_0.6.12.bb
@@ -16,7 +16,9 @@ BINCONFIG = "${bindir}/croco-0.6-config"
 
 inherit gnomebase gtk-doc binconfig-disabled
 
-SRC_URI += "file://CVE-2017-7960.patch"
+SRC_URI += "file://CVE-2017-7960.patch \
+file://CVE-2017-7961.patch \
+"
 
 SRC_URI[archive.md5sum] = "bc0984fce078ba2ce29f9500c6b9ddce"
 SRC_URI[archive.sha256sum] = 
"ddc4b5546c9fb4280a5017e2707fbd4839034ed1aba5b7d4372212f34f84f860"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud][PATCH 7/7] expat: fix CVE-2018-20843

[Anuj Mittal]

Signed-off-by: Anuj Mittal 
---
 meta/recipes-core/expat/expat/CVE-2018-20843.patch | 26 ++
 meta/recipes-core/expat/expat_2.2.6.bb |  1 +
 2 files changed, 27 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2018-20843.patch

diff --git a/meta/recipes-core/expat/expat/CVE-2018-20843.patch 
b/meta/recipes-core/expat/expat/CVE-2018-20843.patch
new file mode 100644
index 000..af6641e
--- /dev/null
+++ b/meta/recipes-core/expat/expat/CVE-2018-20843.patch
@@ -0,0 +1,26 @@
+From 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 Mon Sep 17 00:00:00 2001
+From: Sebastian Pipping 
+Date: Wed, 12 Jun 2019 15:42:22 +0200
+Subject: [PATCH] xmlparse.c: Fix extraction of namespace prefix from XML name
+ (#186)
+
+Upstream-Status: Backport
+CVE: CVE-2018-20843
+Signed-off-by: Anuj Mittal 
+---
+ expat/lib/xmlparse.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
+index 30d55c5c..737d7cd2 100644
+--- a/expat/lib/xmlparse.c
 b/expat/lib/xmlparse.c
+@@ -6071,7 +6071,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE 
*elementType)
+   else
+ poolDiscard(>pool);
+   elementType->prefix = prefix;
+-
++  break;
+ }
+   }
+   return 1;
diff --git a/meta/recipes-core/expat/expat_2.2.6.bb 
b/meta/recipes-core/expat/expat_2.2.6.bb
index c9e6081..0cef705 100644
--- a/meta/recipes-core/expat/expat_2.2.6.bb
+++ b/meta/recipes-core/expat/expat_2.2.6.bb
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = 
"file://COPYING;md5=5b8620d98e49772d95fc1d291c26aa79"
 SRC_URI = "${SOURCEFORGE_MIRROR}/expat/expat-${PV}.tar.bz2 \
file://autotools.patch \
file://libtool-tag.patch \
+   file://CVE-2018-20843.patch;striplevel=2 \
  "
 
 SRC_URI[md5sum] = "ca047ae951b40020ac831c28859161b2"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [thud][PATCH 3/7] libarchive: integrate security fixes

[Anuj Mittal]

From: Ross Burton 

Fix the following CVEs by backporting patches from upstream:
- CVE-2019-119
- CVE-2019-120
- CVE-2018-1000877
- CVE-2018-1000878
- CVE-2018-1000879
- CVE-2018-1000880

(From OE-Core rev: ea251020304b9c18f31c39de867a47311b1bb46c)

Signed-off-by: Ross Burton 
Signed-off-by: Richard Purdie 
---
 .../libarchive/libarchive/CVE-2018-1000877.patch   | 38 +++
 .../libarchive/libarchive/CVE-2018-1000878.patch   | 79 ++
 .../libarchive/libarchive/CVE-2018-1000879.patch   | 50 ++
 .../libarchive/libarchive/CVE-2018-1000880.patch   | 44 
 .../libarchive/libarchive/CVE-2019-119.patch   | 59 
 .../libarchive/libarchive/CVE-2019-120.patch   | 61 +
 .../libarchive/libarchive_3.3.3.bb |  6 ++
 7 files changed, 337 insertions(+)
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2018-1000879.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2018-1000880.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2019-119.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2019-120.patch

diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch 
b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch
new file mode 100644
index 000..ce63837
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch
@@ -0,0 +1,38 @@
+CVE: CVE-2018-1000877
+Upstream-Status: Backport
+Signed-off-by: Ross Burton 
+
+From 021efa522ad729ff0f5806c4ce53e4a6cc1daa31 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens 
+Date: Tue, 20 Nov 2018 17:56:29 +1100
+Subject: [PATCH] Avoid a double-free when a window size of 0 is specified
+
+new_size can be 0 with a malicious or corrupted RAR archive.
+
+realloc(area, 0) is equivalent to free(area), so the region would
+be free()d here and the free()d again in the cleanup function.
+
+Found with a setup running AFL, afl-rb, and qsym.
+---
+ libarchive/archive_read_support_format_rar.c | 5 +
+ 1 file changed, 5 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_rar.c 
b/libarchive/archive_read_support_format_rar.c
+index 2345..6f419c27 100644
+--- a/libarchive/archive_read_support_format_rar.c
 b/libarchive/archive_read_support_format_rar.c
+@@ -2300,6 +2300,11 @@ parse_codes(struct archive_read *a)
+   new_size = DICTIONARY_MAX_SIZE;
+ else
+   new_size = rar_fls((unsigned int)rar->unp_size) << 1;
++if (new_size == 0) {
++  archive_set_error(>archive, ARCHIVE_ERRNO_FILE_FORMAT,
++"Zero window size is invalid.");
++  return (ARCHIVE_FATAL);
++}
+ new_window = realloc(rar->lzss.window, new_size);
+ if (new_window == NULL) {
+   archive_set_error(>archive, ENOMEM,
+-- 
+2.20.0
+
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch 
b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch
new file mode 100644
index 000..7468fd3
--- /dev/null
+++ b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch
@@ -0,0 +1,79 @@
+CVE: CVE-2018-1000878
+Upstream-Status: Backport
+Signed-off-by: Ross Burton 
+
+From bfcfe6f04ed20db2504db8a254d1f40a1d84eb28 Mon Sep 17 00:00:00 2001
+From: Daniel Axtens 
+Date: Tue, 4 Dec 2018 00:55:22 +1100
+Subject: [PATCH] rar: file split across multi-part archives must match
+
+Fuzzing uncovered some UAF and memory overrun bugs where a file in a
+single file archive reported that it was split across multiple
+volumes. This was caused by ppmd7 operations calling
+rar_br_fillup. This would invoke rar_read_ahead, which would in some
+situations invoke archive_read_format_rar_read_header.  That would
+check the new file name against the old file name, and if they didn't
+match up it would free the ppmd7 buffer and allocate a new
+one. However, because the ppmd7 decoder wasn't actually done with the
+buffer, it would continue to used the freed buffer. Both reads and
+writes to the freed region can be observed.
+
+This is quite tricky to solve: once the buffer has been freed it is
+too late, as the ppmd7 decoder functions almost universally assume
+success - there's no way for ppmd_read to signal error, nor are there
+good ways for functions like Range_Normalise to propagate them. So we
+can't detect after the fact that we're in an invalid state - e.g. by
+checking rar->cursor, we have to prevent ourselves from ever ending up
+there. So, when we are in the dangerous part or rar_read_ahead that
+assumes a valid split, we set a flag force read_header to either go
+down the path for split files or bail. This means that the ppmd7
+decoder keeps a valid buffer and just runs out of data.
+
+Found with 

[OE-core] [thud][PATCH 4/7] bzip2: fix CVE-2019-12900

[Anuj Mittal]

Also include a patch to fix regression caused by it. See:

https://gitlab.com/federicomenaquintero/bzip2/issues/24

Signed-off-by: Anuj Mittal 
---
 .../bzip2/bzip2-1.0.6/CVE-2019-12900.patch | 33 +
 .../fix-regression-CVE-2019-12900.patch| 82 ++
 meta/recipes-extended/bzip2/bzip2_1.0.6.bb |  2 +
 3 files changed, 117 insertions(+)
 create mode 100644 meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
 create mode 100644 
meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch

diff --git a/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
new file mode 100644
index 000..9841644
--- /dev/null
+++ b/meta/recipes-extended/bzip2/bzip2-1.0.6/CVE-2019-12900.patch
@@ -0,0 +1,33 @@
+From 11e1fac27eb8a3076382200736874c78e09b75d6 Mon Sep 17 00:00:00 2001
+From: Albert Astals Cid 
+Date: Tue, 28 May 2019 19:35:18 +0200
+Subject: [PATCH] Make sure nSelectors is not out of range
+
+nSelectors is used in a loop from 0 to nSelectors to access selectorMtf
+which is
+   UCharselectorMtf[BZ_MAX_SELECTORS];
+so if nSelectors is bigger than BZ_MAX_SELECTORS it'll do an invalid memory
+access
+
+Fixes out of bounds access discovered while fuzzying karchive
+CVE: CVE-2019-12900
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal 
+
+---
+ decompress.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/decompress.c b/decompress.c
+index 311f566..b6e0a29 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
diff --git 
a/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch
new file mode 100644
index 000..362e6cf
--- /dev/null
+++ 
b/meta/recipes-extended/bzip2/bzip2-1.0.6/fix-regression-CVE-2019-12900.patch
@@ -0,0 +1,82 @@
+From 212f3ed7ac3931c9e0e9167a0bdc16eeb3c76af4 Mon Sep 17 00:00:00 2001
+From: Mark Wielaard 
+Date: Wed, 3 Jul 2019 01:28:11 +0200
+Subject: [PATCH] Accept as many selectors as the file format allows.
+
+But ignore any larger than the theoretical maximum, BZ_MAX_SELECTORS.
+
+The theoretical maximum number of selectors depends on the maximum
+blocksize (90 bytes) and the number of symbols (50) that can be
+encoded with a different Huffman tree. BZ_MAX_SELECTORS is 18002.
+
+But the bzip2 file format allows the number of selectors to be encoded
+with 15 bits (because 18002 isn't a factor of 2 and doesn't fit in
+14 bits). So the file format maximum is 32767 selectors.
+
+Some bzip2 encoders might actually have written out more selectors
+than the theoretical maximum because they rounded up the number of
+selectors to some convenient factor of 8.
+
+The extra 14766 selectors can never be validly used by the decompression
+algorithm. So we can read them, but then discard them.
+
+This is effectively what was done (by accident) before we added a
+check for nSelectors to be at most BZ_MAX_SELECTORS to mitigate
+CVE-2019-12900.
+
+The extra selectors were written out after the array inside the
+EState struct. But the struct has extra space allocated after the
+selector arrays of 18060 bytes (which is larger than 14766).
+All of which will be initialized later (so the overwrite of that
+space with extra selector values would have been harmless).
+
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal 
+
+---
+ compress.c   |  2 +-
+ decompress.c | 10 --
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/compress.c b/compress.c
+index caf7696..19b662b 100644
+--- a/compress.c
 b/compress.c
+@@ -454,7 +454,7 @@ void sendMTFValues ( EState* s )
+ 
+AssertH( nGroups < 8, 3002 );
+AssertH( nSelectors < 32768 &&
+-nSelectors <= (2 + (90 / BZ_G_SIZE)),
++nSelectors <= BZ_MAX_SELECTORS,
+ 3003 );
+ 
+ 
+diff --git a/decompress.c b/decompress.c
+index b6e0a29..78060c9 100644
+--- a/decompress.c
 b/decompress.c
+@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s )
+   GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
+   if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
+   GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
+-  if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) 
RETURN(BZ_DATA_ERROR);
++  if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
+   for (i = 0; i < nSelectors; i++) {
+  j = 0;
+  while (True) {
+@@ -296,8 +296,14 @@ Int32 BZ2_decompress ( DState* s )
+ j++;
+  

[OE-core] [thud][PATCH 1/7] libsdl: CVE fixes

[Anuj Mittal]

Fixes CVE-2019-7572, CVE-2019-7574, CVE-2019-7575, CVE-2019-7576,
CVE-2019-7577, CVE-2019-7578, CVE-2019-7635, CVE-2019-7637,
CVE-2019-7638.

Signed-off-by: Anuj Mittal 
---
 .../libsdl/libsdl-1.2.15/CVE-2019-7572.patch   | 114 
 .../libsdl/libsdl-1.2.15/CVE-2019-7574.patch   |  68 
 .../libsdl/libsdl-1.2.15/CVE-2019-7575.patch   |  81 +
 .../libsdl/libsdl-1.2.15/CVE-2019-7576.patch   |  80 +
 .../libsdl/libsdl-1.2.15/CVE-2019-7577.patch   | 123 +
 .../libsdl/libsdl-1.2.15/CVE-2019-7578.patch   |  64 +++
 .../libsdl/libsdl-1.2.15/CVE-2019-7635.patch   |  63 +++
 .../libsdl/libsdl-1.2.15/CVE-2019-7637.patch   | 192 +
 .../libsdl/libsdl-1.2.15/CVE-2019-7638.patch   |  38 
 meta/recipes-graphics/libsdl/libsdl_1.2.15.bb  |   9 +
 10 files changed, 832 insertions(+)
 create mode 100644 
meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7572.patch
 create mode 100644 
meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7574.patch
 create mode 100644 
meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7575.patch
 create mode 100644 
meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7576.patch
 create mode 100644 
meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7577.patch
 create mode 100644 
meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7578.patch
 create mode 100644 
meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7635.patch
 create mode 100644 
meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7637.patch
 create mode 100644 
meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7638.patch

diff --git a/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7572.patch 
b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7572.patch
new file mode 100644
index 000..c41c2de
--- /dev/null
+++ b/meta/recipes-graphics/libsdl/libsdl-1.2.15/CVE-2019-7572.patch
@@ -0,0 +1,114 @@
+# HG changeset patch
+# User Petr Písař 
+# Date 1560182231 25200
+#  Mon Jun 10 08:57:11 2019 -0700
+# Branch SDL-1.2
+# Node ID a8afedbcaea0e84921dc770195c4699bda3ccdc5
+# Parent  faf9abbcfb5fe0d0ca23c4bf0394aa226ceccf02
+CVE-2019-7572: Fix a buffer overwrite in IMA_ADPCM_decode
+If data chunk was longer than expected based on a WAV format
+definition, IMA_ADPCM_decode() tried to write past the output
+buffer. This patch fixes it.
+
+Based on patch from
+.
+
+CVE-2019-7572
+https://bugzilla.libsdl.org/show_bug.cgi?id=4495
+
+Signed-off-by: Petr Písař 
+
+# HG changeset patch
+# User Petr Písař 
+# Date 1560041863 25200
+#  Sat Jun 08 17:57:43 2019 -0700
+# Branch SDL-1.2
+# Node ID e52413f5258600878f9a10d2f92605a729aa8976
+# Parent  4e73be7b47877ae11d2279bd916910d469d18f8e
+CVE-2019-7572: Fix a buffer overread in IMA_ADPCM_nibble
+If an IMA ADPCM block contained an initial index out of step table
+range (loaded in IMA_ADPCM_decode()), IMA_ADPCM_nibble() blindly used
+this bogus value and that lead to a buffer overread.
+
+This patch fixes it by moving clamping the index value at the
+beginning of IMA_ADPCM_nibble() function instead of the end after
+an update.
+
+CVE-2019-7572
+https://bugzilla.libsdl.org/show_bug.cgi?id=4495
+
+Signed-off-by: Petr Písař 
+
+CVE: CVE-2019-7572
+Upstream-Status: Backport
+Signed-off-by: Anuj Mittal 
+
+diff -r faf9abbcfb5f -r a8afedbcaea0 src/audio/SDL_wave.c
+--- a/src/audio/SDL_wave.c Mon Jun 10 08:54:29 2019 -0700
 b/src/audio/SDL_wave.c Mon Jun 10 08:57:11 2019 -0700
+@@ -346,7 +346,7 @@
+ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len)
+ {
+   struct IMA_ADPCM_decodestate *state;
+-  Uint8 *freeable, *encoded, *encoded_end, *decoded;
++  Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end;
+   Sint32 encoded_len, samplesleft;
+   unsigned int c, channels;
+ 
+@@ -373,6 +373,7 @@
+   return(-1);
+   }
+   decoded = *audio_buf;
++  decoded_end = decoded + *audio_len;
+ 
+   /* Get ready... Go! */
+   while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) {
+@@ -392,6 +393,7 @@
+   }
+ 
+   /* Store the initial sample we start with */
++  if (decoded + 2 > decoded_end) goto invalid_size;
+   decoded[0] = (Uint8)(state[c].sample&0xFF);
+   decoded[1] = (Uint8)(state[c].sample>>8);
+   decoded += 2;
+@@ -402,6 +404,8 @@
+   while ( samplesleft > 0 ) {
+   for ( c=0; c encoded_end) goto 
invalid_size;
++  if (decoded + 4 * 4 * channels > decoded_end)
++  goto invalid_size;
+   Fill_IMA_ADPCM_block(decoded, encoded,
+   c, channels, [c]);
+   encoded += 4;
+
+diff -r 4e73be7b4787 -r e52413f52586 

[OE-core] [thud][PATCH 2/7] gstreamer1.0-plugins-base: fix CVE-2019-9928

[Anuj Mittal]

Signed-off-by: Anuj Mittal 
---
 .../gstreamer1.0-plugins-base/CVE-2019-9928.patch  | 33 ++
 .../gstreamer/gstreamer1.0-plugins-base_1.14.4.bb  |  1 +
 2 files changed, 34 insertions(+)
 create mode 100644 
meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch

diff --git 
a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch
 
b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch
new file mode 100644
index 000..0ad7245
--- /dev/null
+++ 
b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base/CVE-2019-9928.patch
@@ -0,0 +1,33 @@
+From f672277509705c4034bc92a141eefee4524d15aa Mon Sep 17 00:00:00 2001
+From: Tobias Ronge 
+Date: Thu, 14 Mar 2019 10:12:27 +0100
+Subject: [PATCH] gstrtspconnection: Security loophole making heap overflow
+
+The former code allowed an attacker to create a heap overflow by
+sending a longer than allowed session id in a response and including a
+semicolon to change the maximum length. With this change, the parser
+will never go beyond 512 bytes.
+
+Upstream-Status: Backport
+CVE: CVE-2019-9928
+Signed-off-by: Anuj Mittal 
+---
+ gst-libs/gst/rtsp/gstrtspconnection.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gst-libs/gst/rtsp/gstrtspconnection.c 
b/gst-libs/gst/rtsp/gstrtspconnection.c
+index a6755bedd..c0429064a 100644
+--- a/gst-libs/gst/rtsp/gstrtspconnection.c
 b/gst-libs/gst/rtsp/gstrtspconnection.c
+@@ -2461,7 +2461,7 @@ build_next (GstRTSPBuilder * builder, GstRTSPMessage * 
message,
+   maxlen = sizeof (conn->session_id) - 1;
+   /* the sessionid can have attributes marked with ;
+* Make sure we strip them */
+-  for (i = 0; session_id[i] != '\0'; i++) {
++  for (i = 0; i < maxlen && session_id[i] != '\0'; i++) {
+ if (session_id[i] == ';') {
+   maxlen = i;
+   /* parse timeout */
+-- 
+2.21.0
+
diff --git 
a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb 
b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb
index 12c9bbc..0d8b033 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0-plugins-base_1.14.4.bb
@@ -20,6 +20,7 @@ SRC_URI = " \
 
file://0010-gl-Add-switch-for-explicitely-enabling-disabling-GBM.patch \
 
file://0011-gl-Add-switches-for-explicitely-enabling-disabling-P.patch \
 file://link-with-libvchostif.patch \
+file://CVE-2019-9928.patch \
 "
 SRC_URI[md5sum] = "4dbe20c1bf44191c2b8833234df5cb2a"
 SRC_URI[sha256sum] = 
"ca6139490e48863e7706d870ff4e8ac9f417b56f3b9e4b3ce490c13b09a77461"
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] bind: Update to latest stable, 9.14.

[Khem Raj]

On 7/28/19 2:28 AM, Adrian Bunk wrote:

On Sat, Jul 27, 2019 at 01:49:26PM -0700, Armin Kuster wrote:

Even releases are stable and supported for 1 year.
...

9.11 upstream support covers the whole lifetime of Yocto 2.8,
9.14 upstream support does not.

dhcp server would need porting to 9.14 as well


Eve worse, Yocto 2.9 would ship with 9.14 that might become EOL around
the time of the 2.9 release.

ESV (3 years supported) releases are planned when upstream
is divisible by 4.

cu
Adrian


--
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] bind: Update to latest stable, 9.14.

[Alexander Kanavin]

Indeed; I think we should wait for 9.16, and take the latest in 9.11
meanwhile.

Alex

On Sun, 28 Jul 2019 at 11:29, Adrian Bunk  wrote:

> On Sat, Jul 27, 2019 at 01:49:26PM -0700, Armin Kuster wrote:
> > Even releases are stable and supported for 1 year.
> >...
>
> 9.11 upstream support covers the whole lifetime of Yocto 2.8,
> 9.14 upstream support does not.
>
> Eve worse, Yocto 2.9 would ship with 9.14 that might become EOL around
> the time of the 2.9 release.
>
> ESV (3 years supported) releases are planned when upstream
> is divisible by 4.
>
> cu
> Adrian
>
> --
>
>"Is there not promise of rain?" Ling Tan asked suddenly out
> of the darkness. There had been need of rain for many days.
>"Only a promise," Lao Er said.
>Pearl S. Buck - Dragon Seed
>
> --
> ___
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] bind: Update to latest stable, 9.14.

[Khem Raj]

On 7/28/19 12:08 AM, akuster808 wrote:


On 7/27/19 8:44 PM, Mittal, Anuj wrote:

This is causing errors:

| Makefile:557: recipe for target 'alloc.lo' failed
| make[2]: *** [alloc.lo] Error 1
| In file included from ../includes/dhcpd.h:91,
|  from conflex.c:29:
| ../includes/omapip/isclib.h:51:10: fatal error: isc/boolean.h: No
such file or directory
|51 | #include 
|   |  ^~~
| compilation terminated.
| Makefile:557: recipe for target 'dhcp4o6.lo' failed
| make[2]: *** [dhcp4o6.lo] Error 1
| In file included from ../includes/dhcpd.h:91,
|  from icmp.c:30:
| ../includes/omapip/isclib.h:51:10: fatal error: isc/boolean.h: No
such file or directory
|51 | #include 
|   |  ^~~
| compilation terminated.
| Makefile:557: recipe for target 'dispatch.lo' failed
| make[2]: *** [dispatch.lo] Error 1
| In file included from ../includes/dhcpd.h:91,
|  from bpf.c:35:
| ../includes/omapip/isclib.h:51:10: fatal error: isc/boolean.h: No
such file or directory
|51 | #include 
|   |  ^~~

https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/871/steps/8/logs/step1b

Ah, musl.. ok thanks,



this is basically due to [1]


[1] 
https://gitlab.isc.org/isc-projects/bind9/commit/4c06eb20cc2e11e78412031babebc6273be5dc08




Armin

Thanks,

Anuj

On Sat, 2019-07-27 at 13:49 -0700, Armin Kuster wrote:

Even releases are stable and supported for 1 year.

Drop patches no longer needed.
Refresh a few patches.
Removed config options no longed supported.

Signed-off-by: Armin Kuster 
---
  ...igure.in-remove-useless-L-use_openssl-lib.patch | 32 
-
  ...-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch | 22 
---
  .../0001-lib-dns-gen.c-fix-too-long-error.patch| 31 

  ...lwresd-V-and-start-log-hide-build-options.patch | 33 ++

  ...-searching-for-json-headers-searches-sysr.patch | 30 ++
--
  .../bind/{bind_9.11.5-P4.bb => bind_9.14.3.bb} | 24 ++
--
  6 files changed, 38 insertions(+), 134 deletions(-)
  delete mode 100644 meta/recipes-connectivity/bind/bind/0001-
configure.in-remove-useless-L-use_openssl-lib.patch
  delete mode 100644 meta/recipes-connectivity/bind/bind/0001-gen.c-
extend-DIRNAMESIZE-from-256-to-512.patch
  delete mode 100644 meta/recipes-connectivity/bind/bind/0001-lib-dns-
gen.c-fix-too-long-error.patch
  rename meta/recipes-connectivity/bind/{bind_9.11.5-P4.bb =>
bind_9.14.3.bb} (83%)

diff --git a/meta/recipes-connectivity/bind/bind/0001-configure.in-
remove-useless-L-use_openssl-lib.patch b/meta/recipes-
connectivity/bind/bind/0001-configure.in-remove-useless-L-
use_openssl-lib.patch
deleted file mode 100644
index 871bb2a..000
--- a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-
useless-L-use_openssl-lib.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00
2001
-From: Hongxu Jia 
-Date: Mon, 27 Aug 2018 15:00:51 +0800
-Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib'
-
-Since `--with-openssl=${STAGING_DIR_HOST}${prefix}' is used in bind
recipe,
-the `-L$use_openssl/lib' has a hardcoded suffix, removing it is
harmless
-and helpful for clean up host build path in isc-config.sh
-
-Upstream-Status: Inappropriate [oe-core specific]
-
-Signed-off-by: Hongxu Jia 

- configure.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.in b/configure.in
-index 54efc55..76ac0eb 100644
 a/configure.in
-+++ b/configure.in
-@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-
openssl])
-   fi
-   ;;
-   *)
--  DST_OPENSSL_LIBS="-L$use_openssl/lib
-lcrypto"
-+  DST_OPENSSL_LIBS="-lcrypto"
-   ;;
-   esac
-   fi
---
-2.7.4
-
diff --git a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-
DIRNAMESIZE-from-256-to-512.patch b/meta/recipes-
connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-
512.patch
deleted file mode 100644
index a8d601d..000
--- a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-
DIRNAMESIZE-from-256-to-512.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Upstream-Status: Pending
-
-Subject: gen.c: extend DIRNAMESIZE from 256 to 512
-
-Signed-off-by: Chen Qi 

- lib/dns/gen.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: bind-9.11.3/lib/dns/gen.c
-===
 bind-9.11.3.orig/lib/dns/gen.c
-+++ bind-9.11.3/lib/dns/gen.c
-@@ -130,7 +130,7 @@ static const char copyright[] =
- #define TYPECLASSBUF (TYPECLASSLEN + 1)
- #define TYPECLASSFMT "%" STR(TYPECLASSLEN) "[-0-9a-z]_%d"
- #define ATTRIBUTESIZE 256
--#define DIRNAMESIZE 256
-+#define DIRNAMESIZE 512

[OE-core] [RESEND PATCH] qemu: add a patch fixing the native build on newer kernels

[Bartosz Golaszewski]

From: Bartosz Golaszewski 

The build fails on qemu-native if we're using kernels after commit
0768e17073dc527ccd18ed5f96ce85f9985e9115. This adds an upstream
patch that fixes the issue.

Signed-off-by: Bartosz Golaszewski 
---
NOTE: Resending this because I sent it to the wrong list previously.

 meta/recipes-devtools/qemu/qemu.inc   |   1 +
 ...o-handle-variably-sized-SIOCGSTAMP-w.patch | 339 ++
 2 files changed, 340 insertions(+)
 create mode 100644 
meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch

diff --git a/meta/recipes-devtools/qemu/qemu.inc 
b/meta/recipes-devtools/qemu/qemu.inc
index 7f0b3a7a73..46c40b7d4f 100644
--- a/meta/recipes-devtools/qemu/qemu.inc
+++ b/meta/recipes-devtools/qemu/qemu.inc
@@ -24,6 +24,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \

file://0009-linux-user-Fix-webkitgtk-hangs-on-32-bit-x86-target.patch \

file://0010-Revert-linux-user-fix-mmap-munmap-mprotect-mremap-sh.patch \
file://0013-target-arm-Fix-vector-operation-segfault.patch \
+   
file://0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch \
   file://CVE-2019-12155.patch \
"
 UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar"
diff --git 
a/meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch
 
b/meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch
new file mode 100644
index 00..2feb567f1c
--- /dev/null
+++ 
b/meta/recipes-devtools/qemu/qemu/0014-linux-user-fix-to-handle-variably-sized-SIOCGSTAMP-w.patch
@@ -0,0 +1,339 @@
+From 8104018ba4c66e568d2583a3a0ee940851ee7471 Mon Sep 17 00:00:00 2001
+From: Bartosz Golaszewski 
+Date: Tue, 23 Jul 2019 17:50:00 +0200
+Subject: [PATCH] linux-user: fix to handle variably sized SIOCGSTAMP with new
+ kernels
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The SIOCGSTAMP symbol was previously defined in the
+asm-generic/sockios.h header file. QEMU sees that header
+indirectly via sys/socket.h
+
+In linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115
+the asm-generic/sockios.h header no longer defines SIOCGSTAMP.
+Instead it provides only SIOCGSTAMP_OLD, which only uses a
+32-bit time_t on 32-bit architectures.
+
+The linux/sockios.h header then defines SIOCGSTAMP using
+either SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. If
+SIOCGSTAMP_NEW is used, then the tv_sec field is 64-bit even
+on 32-bit architectures
+
+To cope with this we must now convert the old and new type from
+the target to the host one.
+
+Signed-off-by: Daniel P. Berrangé 
+Signed-off-by: Laurent Vivier 
+Reviewed-by: Arnd Bergmann 
+Message-Id: <20190718130641.15294-1-laur...@vivier.eu>
+Signed-off-by: Laurent Vivier 
+Signed-off-by: Bartosz Golaszewski 
+---
+Uptream-status: Backport (upstream commit: 
6d5d5dde9adb5acb32e6b8e3dfbf47fff0f308d2)
+
+ linux-user/ioctls.h|  21 +-
+ linux-user/syscall.c   | 140 +
+ linux-user/syscall_defs.h  |  30 +++-
+ linux-user/syscall_types.h |   6 --
+ 4 files changed, 159 insertions(+), 38 deletions(-)
+
+diff --git a/linux-user/ioctls.h b/linux-user/ioctls.h
+index ae8951625f..e6a27ad9d6 100644
+--- a/linux-user/ioctls.h
 b/linux-user/ioctls.h
+@@ -219,8 +219,25 @@
+   IOCTL(SIOCGRARP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_arpreq)))
+   IOCTL(SIOCGIWNAME, IOC_W | IOC_R, MK_PTR(MK_STRUCT(STRUCT_char_ifreq)))
+   IOCTL(SIOCGPGRP, IOC_R, MK_PTR(TYPE_INT)) /* pid_t */
+-  IOCTL(SIOCGSTAMP, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timeval)))
+-  IOCTL(SIOCGSTAMPNS, IOC_R, MK_PTR(MK_STRUCT(STRUCT_timespec)))
++
++  /*
++   * We can't use IOCTL_SPECIAL() because it will set
++   * host_cmd to XXX_OLD and XXX_NEW and these macros
++   * are not defined with kernel prior to 5.2.
++   * We must set host_cmd to the same value as in target_cmd
++   * otherwise the consistency check in syscall_init()
++   * will trigger an error.
++   * host_cmd is ignored by the do_ioctl_XXX() helpers.
++   * FIXME: create a macro to define this kind of entry
++   */
++  { TARGET_SIOCGSTAMP_OLD, TARGET_SIOCGSTAMP_OLD,
++"SIOCGSTAMP_OLD", IOC_R, do_ioctl_SIOCGSTAMP },
++  { TARGET_SIOCGSTAMPNS_OLD, TARGET_SIOCGSTAMPNS_OLD,
++"SIOCGSTAMPNS_OLD", IOC_R, do_ioctl_SIOCGSTAMPNS },
++  { TARGET_SIOCGSTAMP_NEW, TARGET_SIOCGSTAMP_NEW,
++"SIOCGSTAMP_NEW", IOC_R, do_ioctl_SIOCGSTAMP },
++  { TARGET_SIOCGSTAMPNS_NEW, TARGET_SIOCGSTAMPNS_NEW,
++"SIOCGSTAMPNS_NEW", IOC_R, do_ioctl_SIOCGSTAMPNS },
+ 
+   IOCTL(RNDGETENTCNT, IOC_R, MK_PTR(TYPE_INT))
+   IOCTL(RNDADDTOENTCNT, IOC_W, MK_PTR(TYPE_INT))
+diff --git a/linux-user/syscall.c b/linux-user/syscall.c
+index 96cd4bf86d..6df480e13d 100644
+--- a/linux-user/syscall.c
 b/linux-user/syscall.c
+@@ -37,6 +37,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ #include 
+ #include 
+ 

[OE-core] [PATCH] kernel.bbclass: fix installation of modules signing certificates

[Dmitry Eremin-Solenikov]

From: Dmitry Eremin-Solenikov 

If one has provided external key/certificate for modules signing, Kbuild
will skip creating signing_key.pem and will write only signing_key.x509
certificate. Thus we have to check for .x509 file existence rather than
.pem one.

Signed-off-by: Dmitry Eremin-Solenikov 
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index a60e15b57814..bf3674238f02 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -454,7 +454,7 @@ do_shared_workdir () {
cp .config $kerneldir/
mkdir -p $kerneldir/include/config
cp include/config/kernel.release 
$kerneldir/include/config/kernel.release
-   if [ -e certs/signing_key.pem ]; then
+   if [ -e certs/signing_key.x509 ]; then
# The signing_key.* files are stored in the certs/ dir in
# newer Linux kernels
mkdir -p $kerneldir/certs
-- 
2.20.1

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] bind: Update to latest stable, 9.14.

[Adrian Bunk]

On Sat, Jul 27, 2019 at 01:49:26PM -0700, Armin Kuster wrote:
> Even releases are stable and supported for 1 year.
>...

9.11 upstream support covers the whole lifetime of Yocto 2.8,
9.14 upstream support does not.

Eve worse, Yocto 2.9 would ship with 9.14 that might become EOL around 
the time of the 2.9 release.

ESV (3 years supported) releases are planned when upstream
is divisible by 4.

cu
Adrian

-- 

   "Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
   "Only a promise," Lao Er said.
   Pearl S. Buck - Dragon Seed

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] bind: Update to latest stable, 9.14.

[akuster808]

On 7/27/19 8:44 PM, Mittal, Anuj wrote:
> This is causing errors:
>
> | Makefile:557: recipe for target 'alloc.lo' failed
> | make[2]: *** [alloc.lo] Error 1
> | In file included from ../includes/dhcpd.h:91,
> |  from conflex.c:29:
> | ../includes/omapip/isclib.h:51:10: fatal error: isc/boolean.h: No
> such file or directory
> |51 | #include 
> |   |  ^~~
> | compilation terminated.
> | Makefile:557: recipe for target 'dhcp4o6.lo' failed
> | make[2]: *** [dhcp4o6.lo] Error 1
> | In file included from ../includes/dhcpd.h:91,
> |  from icmp.c:30:
> | ../includes/omapip/isclib.h:51:10: fatal error: isc/boolean.h: No
> such file or directory
> |51 | #include 
> |   |  ^~~
> | compilation terminated.
> | Makefile:557: recipe for target 'dispatch.lo' failed
> | make[2]: *** [dispatch.lo] Error 1
> | In file included from ../includes/dhcpd.h:91,
> |  from bpf.c:35:
> | ../includes/omapip/isclib.h:51:10: fatal error: isc/boolean.h: No
> such file or directory
> |51 | #include 
> |   |  ^~~
>
> https://autobuilder.yoctoproject.org/typhoon/#/builders/64/builds/871/steps/8/logs/step1b
Ah, musl.. ok thanks,
Armin
>
> Thanks,
>
> Anuj
>
> On Sat, 2019-07-27 at 13:49 -0700, Armin Kuster wrote:
>> Even releases are stable and supported for 1 year.
>>
>> Drop patches no longer needed.
>> Refresh a few patches.
>> Removed config options no longed supported.
>>
>> Signed-off-by: Armin Kuster 
>> ---
>>  ...igure.in-remove-useless-L-use_openssl-lib.patch | 32 
>> -
>>  ...-gen.c-extend-DIRNAMESIZE-from-256-to-512.patch | 22 
>> ---
>>  .../0001-lib-dns-gen.c-fix-too-long-error.patch| 31 
>> 
>>  ...lwresd-V-and-start-log-hide-build-options.patch | 33 ++
>> 
>>  ...-searching-for-json-headers-searches-sysr.patch | 30 ++
>> --
>>  .../bind/{bind_9.11.5-P4.bb => bind_9.14.3.bb} | 24 ++
>> --
>>  6 files changed, 38 insertions(+), 134 deletions(-)
>>  delete mode 100644 meta/recipes-connectivity/bind/bind/0001-
>> configure.in-remove-useless-L-use_openssl-lib.patch
>>  delete mode 100644 meta/recipes-connectivity/bind/bind/0001-gen.c-
>> extend-DIRNAMESIZE-from-256-to-512.patch
>>  delete mode 100644 meta/recipes-connectivity/bind/bind/0001-lib-dns-
>> gen.c-fix-too-long-error.patch
>>  rename meta/recipes-connectivity/bind/{bind_9.11.5-P4.bb =>
>> bind_9.14.3.bb} (83%)
>>
>> diff --git a/meta/recipes-connectivity/bind/bind/0001-configure.in-
>> remove-useless-L-use_openssl-lib.patch b/meta/recipes-
>> connectivity/bind/bind/0001-configure.in-remove-useless-L-
>> use_openssl-lib.patch
>> deleted file mode 100644
>> index 871bb2a..000
>> --- a/meta/recipes-connectivity/bind/bind/0001-configure.in-remove-
>> useless-L-use_openssl-lib.patch
>> +++ /dev/null
>> @@ -1,32 +0,0 @@
>> -From 950867d9fd3f690e271c8c807b6eed144b2935b2 Mon Sep 17 00:00:00
>> 2001
>> -From: Hongxu Jia 
>> -Date: Mon, 27 Aug 2018 15:00:51 +0800
>> -Subject: [PATCH] configure.in: remove useless `-L$use_openssl/lib'
>> -
>> -Since `--with-openssl=${STAGING_DIR_HOST}${prefix}' is used in bind
>> recipe,
>> -the `-L$use_openssl/lib' has a hardcoded suffix, removing it is
>> harmless
>> -and helpful for clean up host build path in isc-config.sh
>> -
>> -Upstream-Status: Inappropriate [oe-core specific]
>> -
>> -Signed-off-by: Hongxu Jia 
>> 
>> - configure.in | 2 +-
>> - 1 file changed, 1 insertion(+), 1 deletion(-)
>> -
>> -diff --git a/configure.in b/configure.in
>> -index 54efc55..76ac0eb 100644
>>  a/configure.in
>> -+++ b/configure.in
>> -@@ -1691,7 +1691,7 @@ If you don't want OpenSSL, use --without-
>> openssl])
>> -fi
>> -;;
>> -*)
>> --   DST_OPENSSL_LIBS="-L$use_openssl/lib
>> -lcrypto"
>> -+   DST_OPENSSL_LIBS="-lcrypto"
>> -;;
>> -esac
>> -fi
>> --- 
>> -2.7.4
>> -
>> diff --git a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-
>> DIRNAMESIZE-from-256-to-512.patch b/meta/recipes-
>> connectivity/bind/bind/0001-gen.c-extend-DIRNAMESIZE-from-256-to-
>> 512.patch
>> deleted file mode 100644
>> index a8d601d..000
>> --- a/meta/recipes-connectivity/bind/bind/0001-gen.c-extend-
>> DIRNAMESIZE-from-256-to-512.patch
>> +++ /dev/null
>> @@ -1,22 +0,0 @@
>> -Upstream-Status: Pending
>> -
>> -Subject: gen.c: extend DIRNAMESIZE from 256 to 512
>> -
>> -Signed-off-by: Chen Qi 
>> 
>> - lib/dns/gen.c | 2 +-
>> - 1 file changed, 1 insertion(+), 1 deletion(-)
>> -
>> -Index: bind-9.11.3/lib/dns/gen.c
>> -===
>>  bind-9.11.3.orig/lib/dns/gen.c
>> -+++ bind-9.11.3/lib/dns/gen.c
>> -@@ -130,7 +130,7 @@ static const char copyright[] =
>> - #define TYPECLASSBUF