[OE-core] [PATCH] openssl: fix add missing `make depend` command before `make` library

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- meta/recipes-connectivity/openssl/openssl.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-

[OE-core] [PATCH] openssl: fix add missing `make depend` command before `make` library

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- meta/recipes-connectivity/openssl/openssl.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-

[OE-core] [PATCH] openssl: Updgrade 1.0.2j -> 1.0.2k

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- .../openssl/openssl/CVE-2016-7055.patch| 43 .../recipes-connectivity/openssl/openssl_1.0.2j.bb | 60 -- .../recipes-

[OE-core] [PATCH] lighttpd: Upgrade 1.4.43 -> 1.4.45

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- meta/recipes-extended/lighttpd/lighttpd_1.4.43.bb | 84 --- meta/recipes-extended/lighttpd/lighttpd_1.4.45.bb | 84 +++ 2 files

[OE-core] [PATCH] openssl: fix add missing dependencies building for test directory

Regarding the last commit about missing dependencies, another issue was found. The problem was found, while ptest has been built with some set extra settings. It means, when ptest is going to be built, it is necessary to rebuild dependencies for test directory too. Signed-off-by: Andrej Valek

[OE-core] [PATCH 2/3] libxml2: fix CVE-2016-4658 Disallow namespace nodes in XPointer points and ranges

Namespace nodes must be copied to avoid use-after-free errors. But they don't necessarily have a physical representation in a document, so simply disallow them in XPointer ranges. Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@si

[OE-core] [PATCH 3/3] libxml2: Fix more NULL pointer derefs

The NULL pointer dereferencing could produced some security problems. This is a preventive security fix. Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- .../libxml2/libxml2-fix_NULL_pointer_derefs

[OE-core] [PATCH 1/3] libxml2: Necessary changes before fixing CVE-2016-5131 Fix comaparation with root node in xmlXPathCmpNodes and NULL pointer deref in XPointer

xpath: - Check for errors after evaluating first operand. - Add sanity check for empty stack. - Include comparation in changes from xmlXPathCmpNodesExt to xmlXPathCmpNodes Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@si

[OE-core] [PATCH] busybox: Security Fix CVE-2016-6301

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- .../busybox/busybox/CVE-2016-6301.patch| 37 ++ meta/recipes-core/busybox/busybox_1.24.1.bb| 1 + 2 files changed, 38 insertions(+)

[OE-core] [PATCH v2] busybox: Security fix CVE-2016-6301

ntpd: NTP server denial of service flaw CVE: CVE-2016-6301 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- .../busybox/busybox/CVE-2016-6301.patch| 37 ++ meta/recipes-core/busybox/busyb

[OE-core] [PATCH][krogoth] glibc: Security fix CVE-2016-6323

arm: mark __startcontext as .cantunwind, GNU CVE: CVE-2016-6323 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | 39 +++ meta/recipes-core/glibc/g

[OE-core] [PATCH][morty] glibc: Security fix CVE-2016-6323

arm: mark __startcontext as .cantunwind, GNU CVE: CVE-2016-6323 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | 39 +++ meta/recipes-core/glibc/g

[OE-core] [krogoth] glibc: Security fix CVE-2016-6323

arm: mark __startcontext as .cantunwind, GNU CVE: CVE-2016-6323 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | 39 +++ meta/recipes-core/glibc/g

[OE-core] [morty] glibc: Security fix CVE-2016-6323

arm: mark __startcontext as .cantunwind, GNU CVE: CVE-2016-6323 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- meta/recipes-core/glibc/glibc/CVE-2016-6323.patch | 39 +++ meta/recipes-core/glibc/g

[OE-core] [PATCH] libpcre: upgrade 8.40 -> 8.41

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- meta/recipes-support/libpcre/{libpcre_8.40.bb => libpcre_8.41.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-support/libpcre/{libpcre_8.40.bb => libpcre_8.41.bb} (95%) diff --git a/meta/rec

[OE-core] [PATCH] libevent: 2.0.22 -> 2.1.8

Update libevent to version 2.1.8 and fix test directory creation Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- .../libevent/Makefile-missing-test-dir.patch | 25 ++ .../{libeve

[OE-core] [PATCH v2] libevent: 2.0.22 -> 2.1.8

Update libevent to version 2.1.8 and fix test directory creation License file has been changed due to new MIT license in source code. Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- .../libevent/Makefile-missing-te

Re: [OE-core] [PATCH] ca-certificates: prevent executing update-ca-certificates from host system

Yes, for actual branch is not required. But for branches like krogoth and morty, where HOSTTOOLS is not implemented, is this necessary. Andrej On 08/17/2017 06:31 PM, Richard Purdie wrote: > On Thu, 2017-08-17 at 16:44 +0200, Andrej Valek wrote: >> Signed-off-by: Andrej Valek &

Re: [OE-core] [PATCH] ca-certificates: prevent executing update-ca-certificates from host system

Hello Armin, Could You please merge it into krogoth and morty branch? @Randy: last commit into those branches was ~5weeks ago, so they are still maintained. Regards, Andrej On 08/18/2017 05:46 PM, Randy MacLeod wrote: > On 2017-08-18 06:05 AM, Andrej Valek wrote: >> OK thank You,

Re: [OE-core] [PATCH] ca-certificates: prevent executing update-ca-certificates from host system

without option to ignore errors (unlike wget which ignores certificates by default). Regards, Andrej On 08/21/2017 08:12 AM, [ext] Andrej Valek wrote: > Hello Armin, > > Could You please merge it into krogoth and morty branch? > > @Randy: last commit into those branches was

[OE-core] [PATCH] ca-certificates: prevent executing update-ca-certificates from host system

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- meta/recipes-support/ca-certificates/ca-certificates_20161130.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-support/ca-certificates/ca-certificates_20161130.bb b/meta/recipes-support/ca-certif

[OE-core] bussybox: updating to new version

Hello everyone, I would like to ask you a question about busybox upgrading. Is there any reason, why we are still using the version 1.24.1? I think that, the latest version 1.27.2 has a lot of fixes and it less vulnerable then the current. I have checked a license and it has not been changed.

Re: [OE-core] [PATCH] ca-certificates: prevent executing update-ca-certificates from host system

OK thank You, so please merge it into these branches. Regards, Andrej On 08/18/2017 11:35 AM, Richard Purdie wrote: > On Fri, 2017-08-18 at 08:26 +0200, Andrej Valek wrote: >> Yes, for actual branch is not required. But for branches like krogoth >> and morty, where HOSTTOOLS is

[OE-core] [PATCH] copy_buildsystem: include layer tree during build structure creation

the directory structure is the same like during build creation. Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Pascal Bach <pascal.b...@siemens.com> --- meta/lib/oe/copy_buildsystem.py | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/lib/oe/copy_buildsystem.p

[OE-core] [PATCH] freetype: 2.7.1 -> 2.8

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- meta/recipes-graphics/freetype/{freetype_2.7.1.bb => freetype_2.8.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-graphics/freetype/{freetype_2.7.1.bb => freetype_2.8.bb} (93%) diff

[OE-core] [PATCH] srecord: add collection of tools for manipulating EPROM load files

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../srecord/files/add-option-to-remove-docs.patch | 57 ++ meta/recipes-support/srecord/srecord_1.64.bb | 23 + 2 files changed, 80 insertions(+) create mode 100644 meta/recipes-support/srecord

Re: [OE-core] [PATCH] srecord: add collection of tools for manipulating EPROM load files

ok, I have moved it into meta-oe (http://lists.openembedded.org/pipermail/openembedded-devel/2017-June/113040.html) *fixed url On 06/05/2017 12:42 PM, Burton, Ross wrote: > > On 5 June 2017 at 08:55, Andrej Valek <andrej.va...@siemens.com > <mailto:andrej.va...@siem

Re: [OE-core] [PATCH] srecord: add collection of tools for manipulating EPROM load files

ok, I have moved it into meta-oe (http://lists.openembedded.org/pipermail/openembedded-devel/2017/June/113040.html) On 06/05/2017 12:42 PM, Burton, Ross wrote: > > On 5 June 2017 at 08:55, Andrej Valek <andrej.va...@siemens.com > <mailto:andrej.va...@siem

Re: [OE-core] [PATCH] srecord: add collection of tools for manipulating EPROM load files

For explanation, this utility is used for EPROM data manipulation. I think, it should be useful for development of embedded devices. Is this the correct mailing list? If not, which mailing list would be appropriate? Andrej On 05/31/2017 02:55 PM, Andrej Valek wrote: > Signed-off-by: And

[OE-core] [PATCH v2 2/7] libxml2: Avoid reparsing and simplify control flow in xmlParseStartTag2

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 + meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 + 2 files changed, 591 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/l

[OE-core] [PATCH v2 0/7] libxml2: Fix multiple CVEs

Fix CVE: - CVE-2017-0663 - CVE-2017-9047 - CVE-2017-9048 - CVE-2017-9049 - CVE-2017-9050 - CVE-2017-5969 - Sync necessary changes for CVE fixing from master. Andrej Valek (7): libxml2: Disable LeakSanitizer when running API tests libxml2: Avoid reparsing and simplify control flow

[OE-core] [PATCH v2 7/7] libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading even local"

The new flag doesn't work and the change even broke the XML_PARSE_NONET option. Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/CVE-2016-9318.patch | 207 - meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 - 2 files c

[OE-core] [PATCH v2 6/7] libxml2: Fix CVE-2017-0663

Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228 CVE: CVE-2017-0663 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxm

[OE-core] [PATCH v2 4/7] libxml2: Fix CVE-2017-9049 and CVE-2017-9050

-9050 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 + meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 + 2 files changed, 292 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/l

[OE-core] [PATCH v2 1/7] libxml2: Disable LeakSanitizer when running API tests

Makefile.am: Disable LeakSanitizer when running API tests The autogenerated API tests leak memory. Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a] Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- meta/r

[OE-core] [PATCH v2 3/7] libxml2: Fix CVE-2017-9047 and CVE-2017-9048

xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 and bug 781701 CVE: CVE-2017-9047 CVE-2017-9048 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml2-CVE-2017-9047_CVE-2017-9048.patch

[OE-core] [PATCH v2 5/7] libxml2: Fix CVE-2017-5969

Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 CVE: CVE-2017-5969 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ++ meta/recipes-core/

Re: [OE-core] [PATCH v2 1/7] libxml2: Disable LeakSanitizer when running API tests

I have modified all patches and posted in http://lists.openembedded.org/pipermail/openembedded-core/2017-June/138219.html . Andrej On 06/15/2017 01:47 PM, Burton, Ross wrote: > > On 15 June 2017 at 12:42, Andrej Valek <andrej.va...@siemens.com > <mailto:andrej.va...@siem

[OE-core] [PATCH v3 7/7] libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading even local"

The new flag doesn't work and the change even broke the XML_PARSE_NONET option. Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/CVE-2016-9318.patch | 207 - meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 - 2 files c

[OE-core] [PATCH v3 6/7] libxml2: Fix CVE-2017-0663

Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228 CVE: CVE-2017-0663 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxm

[OE-core] [PATCH v3 0/7] libxml2: Fix multiple CVEs

Fix CVE: - CVE-2017-0663 - CVE-2017-9047 - CVE-2017-9048 - CVE-2017-9049 - CVE-2017-9050 - CVE-2017-5969 - Sync necessary changes for CVE fixing from master. Andrej Valek (7): libxml2: Disable LeakSanitizer when running API tests libxml2: Avoid reparsing and simplify control flow

[OE-core] [PATCH v3 2/7] libxml2: Avoid reparsing and simplify control flow in xmlParseStartTag2

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 590 + meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 + 2 files changed, 591 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/l

[OE-core] [PATCH v3 3/7] libxml2: Fix CVE-2017-9047 and CVE-2017-9048

xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 and bug 781701 CVE: CVE-2017-9047 CVE-2017-9048 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml2-CVE-2017-9047_CVE-2017-9048.patch

[OE-core] [PATCH v3 1/7] libxml2: Disable LeakSanitizer when running API tests

Makefile.am: Disable LeakSanitizer when running API tests The autogenerated API tests leak memory. Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a] Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- meta/r

[OE-core] [PATCH v3 4/7] libxml2: Fix CVE-2017-9049 and CVE-2017-9050

-9050 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 + meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 + 2 files changed, 292 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/l

Re: [OE-core] [PATCH v3 2/7] libxml2: Avoid reparsing and simplify control flow in xmlParseStartTag2

I have created a PR: https://github.com/openembedded/openembedded-core/pull/22 Andrej On 06/15/2017 02:15 PM, Burton, Ross wrote: > This patch won't apply, probably because of the crazy encodings. Can you > push > the series to a branch? > > Ross > > On 15 June 2017 a

[OE-core] [PATCH v3 5/7] libxml2: Fix CVE-2017-5969

Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 CVE: CVE-2017-5969 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ++ meta/recipes-core/

Re: [OE-core] [PATCH v2 1/7] libxml2: Disable LeakSanitizer when running API tests

I am modifying already existing patch not creating the new one. Is it necessary to change Upstream-Status to backported? If yes, is it possible to fix only this patch, or do I need to push the whole series? Andrej On 06/15/2017 01:31 PM, Burton, Ross wrote: > > On 15 June 2017 at 07:34,

[OE-core] [yocto-security][PATCH] package_ipk: Remove Source entry from ipk packages

There is the potential for sensitive information to leak through the urls there and removing it brings this into the behavior of the other package backends since filtering it is likely error prone. Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- meta/classes/package_ipk.bbcla

[OE-core] [PATCH 0/7] Fix multiple CVEs

Fix CVE: - CVE-2017-0663 - CVE-2017-9047 - CVE-2017-9048 - CVE-2017-9049 - CVE-2017-9050 - CVE-2017-5969 - Sync necessary changes for CVE fixing from master. Andrej Valek (7): libxml2-2.9.4: Disable LeakSanitizer when running API testsFix CVE-2016-4658 libxml2-2.9.4: Avoid

[OE-core] [PATCH 7/7] libxml2: Revert "Add an XML_PARSE_NOXXE flag to block all entities loading even local"

The new flag doesn't work and the change even broke the XML_PARSE_NONET option. Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/CVE-2016-9318.patch | 207 - meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 - 2 files c

[OE-core] [PATCH 2/7] libxml2-2.9.4: Avoid reparsing and simplify control flow in xmlParseStartTag2

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- ...ibxml2-fix_and_simplify_xmlParseStartTag2.patch | 591 + meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 + 2 files changed, 592 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/l

[OE-core] [PATCH 4/7] libxml2: Fix CVE-2017-9049 and CVE-2017-9050

-9050 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml2-CVE-2017-9049_CVE-2017-9050.patch | 291 + meta/recipes-core/libxml/libxml2_2.9.4.bb | 1 + 2 files changed, 292 insertions(+) create mode 100644 meta/recipes-core/libxml/libxml2/l

[OE-core] [PATCH 3/7] libxml2: Fix CVE-2017-9047 and CVE-2017-9048

xmlSnprintfElementContent failed to correctly check the available buffer space in two locations. Fixes bug 781333 and bug 781701 CVE: CVE-2017-9047 CVE-2017-9048 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml2-CVE-2017-9047_CVE-2017-9048.patch

[OE-core] [PATCH 5/7] libxml2-2.9.4: Fix CVE-2017-5969

Fix NULL pointer deref in xmlDumpElementContent Can only be triggered in recovery mode. Fixes bug 758422 CVE: CVE-2017-5969 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml2-CVE-2017-5969.patch | 62 ++ meta/recipes-core/

[OE-core] [PATCH 1/7] libxml2-2.9.4: Disable LeakSanitizer when running API testsFix CVE-2016-4658

Makefile.am: Disable LeakSanitizer when running API tests The autogenerated API tests leak memory. Upstream-Status: Backported - [https://git.gnome.org/browse/libxml2/commit/?id=ac9a4560ee85b18811ff8ab7791ddfff7b144b0a] CVE: - Signed-off-by: Andrej Valek <andrej.va...@siemens.com> ---

[OE-core] [PATCH 6/7] libxml2: Fix CVE-2017-0663

Fix type confusion in xmlValidateOneNamespace Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on namespace declarations make no practical sense anyway. Fixes bug 780228 CVE: CVE-2017-0663 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxm

Re: [OE-core] [PATCH v3] libxml2: 2.9.4 -> 2.9.6

. Andrej On 10/06/2017 02:11 PM, Alexander Kanavin wrote: > On 10/06/2017 10:27 AM, Andrej Valek wrote: >> Signed-off-by: Andrej Valek <andrej.va...@siemens.com> >> --- >> .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- >> .../libxml/libxml2/libx

Re: [OE-core] [PATCH 0/2] busybox updating

cttyhack init lzcat mdev nproc setsid xzcat partprobe On 10/03/2017 08:12 PM, Andre McCurdy wrote: > On Tue, Oct 3, 2017 at 8:38 AM, Andrej Valek <andrej.va...@siemens.com> wrote: >> Update busybox to version 1.27.2 >> Fix CVE-20177-5325 >> >> Changes: >> -

Re: [OE-core] [PATCH 0/2] busybox updating

partprobe You have right, there was a mistake. These applets are disabled in defconfig, so they are not installed. Only lzcat, xzcat and nproc are new. Regards, Andrej On 10/04/2017 12:15 PM, Burton, Ross wrote: > On 4 October 2017 at 07:20, Andrej Valek <andrej.va...@siemens.com > <mailto:andr

Re: [OE-core] [PATCH 0/2] busybox updating

I don not know, if you have custom configuration, but I can give a advice. CONFIG_FEATURE_SH_IS_ASH has been changed to CONFIG_SH_IS_ASH. You can check, if have all occurrences already changed ;). Andrej On 10/04/2017 06:13 PM, Burton, Ross wrote: > On 4 October 2017 at 12:56, Andrej Va

[OE-core] [PATCH v3] libxml2: 2.9.4 -> 2.9.6

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 -- .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 --- .../libxml/libxml2/libxml2-CVE-201

Re: [OE-core] [PATCH] libxml2: 2.9.4 -> 2.9.5

I have created a PR: https://github.com/openembedded/openembedded-core/pull/23 as last time. Andrej On 09/05/2017 08:52 PM, Burton, Ross wrote: > Also the patch has been corrupted by SMTP. Is it in a branch somewhere? > > Ross > > On 5 September 2017 at 18:28, Andrej V

[OE-core] [PATCH] libarchive: fix bug929 and CVE-2017-14166

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libarchive/libarchive/CVE-2017-14166.patch | 37 + .../libarchive/libarchive/bug929.patch | 38 ++ .../libarchive/libarchive_3.3.2.bb | 2 ++ 3 files chang

[OE-core] [PATCH] libxml2: 2.9.4 -> 2.9.5

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 -- .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 --- .../libxml/libxml2/libxml2-CVE-201

Re: [OE-core] [PATCH] libxml2: 2.9.4 -> 2.9.5

Hi Ross, There are not any CVEs fixes which has not been already merged. There are only general changes. Of course, we can "clean" a lot of patches by accepting this. Regards, Andrej On 09/05/2017 11:19 AM, Burton, Ross wrote: > On 5 September 2017 at 07:35, Andrej Val

[OE-core] [PATCH v3] libxml2: 2.9.4 -> 2.9.5

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 -- .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 --- .../libxml/libxml2/libxml2-CVE-201

Re: [OE-core] [PATCH] libxml2: 2.9.4 -> 2.9.5

Thank You for pointing to this. I have fixed and updated the pull request. Andrej On 09/27/2017 05:35 PM, Burton, Ross wrote: > On 27 September 2017 at 09:52, Andrej Valek <andrej.va...@siemens.com > <mailto:andrej.va...@siemens.com>> wrote: > > Could You pleas

[OE-core] [PATCH v2] libxml2: 2.9.4 -> 2.9.5

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- .../libxml/libxml2/libxml2-CVE-2016-4658.patch | 269 -- .../libxml/libxml2/libxml2-CVE-2016-5131.patch | 180 --- .../libxml/libxml2/libxml2-CVE-201

Re: [OE-core] [PATCH] libxml2: 2.9.4 -> 2.9.5

September 2017 at 07:06, Andrej Valek <andrej.va...@siemens.com > <mailto:andrej.va...@siemens.com>> wrote: > > Thank You for pointing to this. I have fixed and updated the pull request. > > Andrej > > On 09/27/2017 05:35 PM, Burton, Ross wrote: >

[OE-core] [PATCH 1/2] busybox: 1.24.1 -> 1.27.2

- fixed link creation to shell - reported bug with suid shells [https://bugs.busybox.net/show_bug.cgi?id=10346] - removed and modified already merged patches - updated defconfig regarding to new version Signed-off-by: Andrej Valek <andrej.va...@siemens.com> Signed-off-by: Radovan

[OE-core] [PATCH 0/2] busybox updating

new version - busybox: Fix CVE-2011-5325 - include necessary commits from upstream and fix CVE Andrej Valek (1): busybox: 1.24.1 -> 1.27.2 Radovan Scasny (1): busybox: Fix CVE-2011-5325 ...ss-interface-device-name-for-ipv6-route-c.patch | 52 -- meta/recipes-core/busybox/busyb

[OE-core] [PATCH 2/2] busybox: Fix CVE-2011-5325

Signed-off-by: Radovan Scasny <radovan.sca...@siemens.com> Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../busybox/busybox/CVE-2011-5325.patch| 481 + meta/recipes-core/busybox/busybox_1.27.2.bb| 1 + 2 files changed, 48

Re: [OE-core] [PATCH] libxml2: 2.9.4 -> 2.9.5

Hi Ross, Could You please provide my the current status of my request? Thank You, Andrej On 09/06/2017 08:16 AM, Andrej Valek wrote: > I have created a PR: > https://github.com/openembedded/openembedded-core/pull/23 as last time. > > Andrej > > On 09/05/2017 08:52 PM,

Re: [OE-core] [PATCH] ca-certificates: prevent executing update-ca-certificates from host system

I have seen your patch, but it is not fixing my described issue. A command update-ca-certificates will be not available due to missing native stuff. Regards, Andrej On 08/24/2017 04:16 PM, Richard Purdie wrote: > On Thu, 2017-08-24 at 12:38 +0200, Andrej Valek wrote: >> What about

Re: [OE-core] [PATCH] ca-certificates: prevent executing update-ca-certificates from host system

What about enabling ASSUME_PROVIDED functionality also for nativesdk- components? Andrej On 08/23/2017 09:00 PM, Khem Raj wrote: > On 8/23/17 5:44 AM, Richard Purdie wrote: >> On Wed, 2017-08-23 at 14:07 +0200, Andrej Valek wrote: >>> I have found out that even master with HOST

Re: [OE-core] [PATCH] ca-certificates: prevent executing update-ca-certificates from host system

Hello Richard, I have seen, that You have merge also my change into current branch. Thank you about that. Andrej On 08/25/2017 10:25 AM, Richard Purdie wrote: > On Fri, 2017-08-25 at 08:05 +0200, Andrej Valek wrote: >> It's fine, but for this function >> >> do_install_a

Re: [OE-core] [PATCH] ca-certificates: prevent executing update-ca-certificates from host system

It's fine, but for this function do_install_append_class-nativesdk () { SYSROOT="${D}${SDKPATHNATIVE}" update-ca-certificates } is still update-ca-certificates needed from native. On 08/24/2017 04:26 PM, Richard Purdie wrote: > On Thu, 2017-08-24 at 16:23 +0200, Andrej Vale

[OE-core] [PATCH v4] libxml2: 2.9.4 -> 2.9.6

- remove backported patches (CVE-* and fix-*) - adapt changes from 2.9.5+ version into ptest patch Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- .../libxml/libxml2/libxml2-CVE-2016-4658.patch

Re: [OE-core] [PATCH] busybox.inc: Add sanity check to test if the suid binary provides sh

; > Ross > > On 10 November 2017 at 12:07, Andrej Valek <andrej.va...@siemens.com > <mailto:andrej.va...@siemens.com>> wrote: > > Of course, I don't think so, that /bin/sh > /bin/busybox.suid is a good > think. I am just thinking, why is necessary to cast a fat

Re: [OE-core] [PATCH] busybox.inc: Add sanity check to test if the suid binary provides sh

; > Ross > > On 10 November 2017 at 07:17, Andrej Valek <andrej.va...@siemens.com > <mailto:andrej.va...@siemens.com>> wrote: > > I don't think so, that adding bbfatal into this recipe is a good > solution. Someone could build the busybox with /bin/sh linkin

[OE-core] [PATCH] mtd-utils: Fix flash_eraseall installation conflict

override correctly busybox's applet when CONFIG_FLASH_ERASEALL=y is set Error: update-alternatives: not linking /builds/image/1.0-r0/rootfs/usr/ sbin/flash_eraseall to /bin/busybox.nosuid since /builds/image/1.0-r0/ rootfs/usr/sbin/flash_eraseall exists and is not a link Signed-off-by: Andrej

[OE-core] [PATCH v2] mtd-utils: fix flash_eraseall installation conflict

override correctly busybox's applet when CONFIG_FLASH_ERASEALL=y is set Error: update-alternatives: not linking /builds/image/1.0-r0/rootfs/usr/ sbin/flash_eraseall to /bin/busybox.nosuid since /builds/image/1.0-r0/ rootfs/usr/sbin/flash_eraseall exists and is not a link Signed-off-by: Andrej

Re: [OE-core] [PATCH v3] libxml2: 2.9.4 -> 2.9.6

This patch is obsolete, due to merged upgrade to version 2.9.5 . I have sent the new one, which upgrades version to 2.9.7 http://lists.openembedded.org/pipermail/openembedded-core/2017-November/143973.html Andrej On 10/06/2017 09:27 AM, Andrej Valek wrote: > Signed-off-by: Andrej Va

Re: [OE-core] [PATCH v6] libxml2: 2.9.4 -> 2.9.7

This patch is obsolete, due to merged upgrade to version 2.9.5 . I have sent the new one, which upgrades version to 2.9.7 http://lists.openembedded.org/pipermail/openembedded-core/2017-November/143973.html Andrej On 11/03/2017 08:12 AM, Andrej Valek wrote: > - remove backported patches (

[OE-core] [PATCH] libxml2: 2.9.5 -> 2.9.7

Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- meta/recipes-core/libxml/{libxml2_2.9.5.bb => libxml2_2.9.7.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-core/libxml/{libxml2_2.9.5.bb => libxml2_2.9.7.bb} (96%) diff --git a/meta/recipes

Re: [OE-core] [PATCH] busybox.inc: Add sanity check to test if the suid binary provides sh

I don't think so, that adding bbfatal into this recipe is a good solution. Someone could build the busybox with /bin/sh linking into .suid eg. for more secure. We can leave live with this one as before. Andrej On 11/09/2017 02:25 PM, Nathan Rossi wrote: > Add a sanity check during the do_compile

[OE-core] [PATCH v6] libxml2: 2.9.4 -> 2.9.7

- remove backported patches (CVE-* and fix-*) - adapt changes from 2.9.5+ version into ptest patch Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- .../libxml/libxml2/libxml2-CVE-2016-4658.patch

[OE-core] [PATCH v5] libxml2: 2.9.4 -> 2.9.6

- remove backported patches (CVE-* and fix-*) - adapt changes from 2.9.5+ version into ptest patch Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxml/libxml2/libxml-m4-use-pkgconfig.patch | 2 +- .../libxml/libxml2/libxml2-CVE-2016-4658.patch

[OE-core] [PATCH] libxslt: Fix handling of RVTs returned from nested EXSLT functions

Set the context variable to NULL when evaluating EXSLT functions. Fixes potential use-after-free errors or memory leaks. Fixes bug 792580 Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- .../libxslt/libxslt/fix-rvts-handling.patch| 80 ++ meta/r

[OE-core] [PATCH v2] e2fsprogs: 1.43.8 -> 1.44.2

-endia.patch - already merged in this version This update needs to be queued with btrfs version >= 4.15.2|4.16.0. - already submitted previously Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +- ...ix-build-failure-in-swapfs

Re: [OE-core] [PATCH] e2fsprogs: 1.43.8 -> 1.44.2

(ext2_ext_attr.h). Regards, Andrej On 05/22/18 12:21, Burton, Ross wrote: > Can you justify the removal of > Revert-mke2fs-enable-the-metadata_csum-and-64bit-fea.patch please? > > Ross > > On 22 May 2018 at 09:22, Andrej Valek <andrej.va...@siemens.com> wrote: >>

Re: [OE-core] [PATCH] e2fsprogs: 1.43.8 -> 1.44.2

: > On Tue, May 22, 2018 at 1:01 PM, Andrea Adami <andrea.ad...@gmail.com> wrote: >> On Tue, May 22, 2018 at 10:22 AM, Andrej Valek <andrej.va...@siemens.com> >> wrote: >>> License-Update: The checksum of LIC_FILES_CHKSUM has been changed due to >>> c

Re: [OE-core] [PATCH] e2fsprogs: 1.43.8 -> 1.44.2

: > On Wed, May 23, 2018 at 9:40 AM, Andrej Valek <andrej.va...@siemens.com> > wrote: >> Hi, >> >> As I have already wrote, metadata_csum hsa been enabled by default with >> https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/misc/mke2fs.conf.in?id=d0b9

[OE-core] [PATCH] e2fsprogs: 1.43.8 -> 1.44.2

License-Update: The checksum of LIC_FILES_CHKSUM has been changed due to changed FSF address. The content of NOTICE has no change. Signed-off-by: Andrej Valek <andrej.va...@siemens.com> --- meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +- ...ix-build-failure-in-swapfs.c-

Re: [OE-core] [PATCH v2] feat(openssl-1.1): rework packaging

Hi > On 06/08/2018 10:48 AM, Andrej Valek wrote: >> after more testing, I think creating ${sysconfdir}/ssl links is highly >> recommended. ca-certificate updating script (+ many other tools) has >> hard-coded path to /etc/ssl. Debian has multiple links in /usr/lib/ssl/ >&g

[OE-core] [PATCH v3 2/2] openssl-1.1: /etc/ssl location compatibility

Some packages has hard-coded path to /etc/ssl location. Create a symlinks to correct location. Signed-off-by: Andrej Valek Signed-off-by: Marko Peter --- meta/recipes-connectivity/openssl/openssl_1.1.0h.bb | 18 +++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git

[OE-core] [PATCH v3 1/2] openssl-1.1: rework packaging

additional package openssl-bin. Patch original c_rehash instead of overriding it with our own. After applying patch from Debian c_rehash is working. Signed-off-by: Andrej Valek Signed-off-by: Marko Peter --- ...le.pl-only-quote-stuff-that-actually-need.patch | 29

Re: [OE-core] [PATCH v2] feat(openssl-1.1): rework packaging

to test your openssl-1.1.1 branch. BR, Andrej On 06/08/18 08:33, Andrej Valek wrote: > Hi Alex, > > On 06/07/18 15:13, Alexander Kanavin wrote: >> On 06/07/2018 10:32 AM, Andrej Valek wrote: >>> -do_install_append_class-native () { >>> # Install a cu

Re: [OE-core] [PATCH v2] feat(openssl-1.1): rework packaging

Hi Alex, On 06/07/18 15:13, Alexander Kanavin wrote: > On 06/07/2018 10:32 AM, Andrej Valek wrote: >> -do_install_append_class-native () { >> # Install a custom version of c_rehash that can handle sysroots >> properly. >> # This version is used for

  1   2   3   4   >