[oe] [meta-multimedia][PATCH] gst-ffmpeg: fix CVE issues
Backport patches to fix following CVE issues: * CVE-2011-4352 * CVE-2014-7933 * CVE-2014-8542 * CVE-2014-8543 * CVE-2014-8544 * CVE-2014-8545 * CVE-2014-8546 * CVE-2014-8547 * CVE-2014-9318 * CVE-2014-9603 Patch for CVE-2014-9603 in upstream is applied for version 2.x. Becuase source code changes, just partly backport part of the commit which is applicable to version 0.10.13. Signed-off-by: Kai Kang kai.k...@windriver.com --- .../gst-ffmpeg-fix-CVE-2011-4352.patch | 64 ++ .../gst-ffmpeg-fix-CVE-2014-7933.patch | 38 + .../gst-ffmpeg-fix-CVE-2014-8542.patch | 38 + .../gst-ffmpeg-fix-CVE-2014-8543.patch | 35 .../gst-ffmpeg-fix-CVE-2014-8544.patch | 56 +++ .../gst-ffmpeg-fix-CVE-2014-8545.patch | 36 .../gst-ffmpeg-fix-CVE-2014-8546.patch | 35 .../gst-ffmpeg-fix-CVE-2014-8547.patch | 59 .../gst-ffmpeg-fix-CVE-2014-9318.patch | 37 + .../gst-ffmpeg-fix-CVE-2014-9603.patch | 41 ++ .../gstreamer/gst-ffmpeg_0.10.13.bb| 10 11 files changed, 449 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-7933.patch create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8542.patch create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8543.patch create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8544.patch create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8545.patch create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8546.patch create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8547.patch create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9318.patch create mode 100644 meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch diff --git a/meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch b/meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch new file mode 100644 index 000..90f3fd0 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2011-4352.patch @@ -0,0 +1,64 @@ +From 8b94df0f2047e9728cb872adc9e64557b7a5152f Mon Sep 17 00:00:00 2001 +From: Reinhard Tartler siret...@tauware.de +Date: Sun, 4 Dec 2011 10:10:33 +0100 +Subject: [PATCH] vp3dec: Check coefficient index in vp3_dequant() + +Based on a patch by Michael Niedermayer michae...@gmx.at + +Fixes NGS00145, CVE-2011-4352 + +Found-by: Phillip Langlois +Signed-off-by: Reinhard Tartler siret...@tauware.de + + +Upstream-Status: Backport + +http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b94df0f2047e9728cb872adc9e64557b7a5152f + +Signed-off-by: Kai Kang kai.k...@windriver.com +--- + libavcodec/vp3.c | 14 -- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c +index 51ab048..f44d084 100644 +--- a/gst-libs/ext/libav/libavcodec/vp3.c b/gst-libs/ext/libav/libavcodec/vp3.c +@@ -1363,6 +1363,10 @@ static inline int vp3_dequant(Vp3DecodeContext *s, Vp3Fragment *frag, + case 1: // zero run + s-dct_tokens[plane][i]++; + i += (token 2) 0x7f; ++if (i 63) { ++av_log(s-avctx, AV_LOG_ERROR, Coefficient index overflow\n); ++return i; ++} + block[perm[i]] = (token 9) * dequantizer[perm[i]]; + i++; + break; +@@ -1566,7 +1570,10 @@ static void render_slice(Vp3DecodeContext *s, int slice) + /* invert DCT and place (or add) in final output */ + + if (s-all_fragments[i].coding_method == MODE_INTRA) { +-vp3_dequant(s, s-all_fragments + i, plane, 0, block); ++int index; ++index = vp3_dequant(s, s-all_fragments + i, plane, 0, block); ++if (index 63) ++continue; + if(s-avctx-idct_algo!=FF_IDCT_VP3) + block[0] += 1283; + s-dsp.idct_put( +@@ -1574,7 +1581,10 @@ static void render_slice(Vp3DecodeContext *s, int slice) + stride, + block); +
Re: [oe] [oe-commits] Shiqun Lin : sanity.bbclass: improve the sanity check for PATH and BBPATH
On Fri, May 22, 2015 at 10:41 AM, Paul Eggleton paul.eggle...@linux.intel.com wrote: On Friday 22 May 2015 07:15:36 Andreas Müller wrote: On Wed, May 20, 2015 at 11:20 PM, g...@git.openembedded.org wrote: Module: openembedded-core.git Branch: master-next Commit: b6a23572b8f14e27d4341892b9069e7cac1e9c14 URL: http://git.openembedded.org/?p=openembedded-core.gita=commit;h=b6a23572b 8f14e27d4341892b9069e7cac1e9c14 Author: Shiqun Lin shiqun@windriver.com Date: Wed Jan 7 15:00:31 2015 +0800 sanity.bbclass: improve the sanity check for PATH and BBPATH Build fails if ./ is in the PATH To reproduce the issue: $ export PATH=./:$PATH $ make -C build-tools elfutils Error: ./ld: unrecognized option '--sysroot=/' Signed-off-by: Shiqun Lin shiqun@windriver.com Signed-off-by: Richard Purdie richard.pur...@linuxfoundation.org --- meta/classes/sanity.bbclass | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index fc8c980..e738110 100644 --- a/meta/classes/sanity.bbclass +++ b/meta/classes/sanity.bbclass @@ -653,9 +653,9 @@ def check_sanity_version_change(status, d): status.addresult(You have a 32-bit libc, but no 32-bit headers. You must install the 32-bit libc headers.\n) bbpaths = d.getVar('BBPATH', True).split(:) -if (. in bbpaths or in bbpaths) and not status.reparse: +if (. in bbpaths or ./ in bbpaths or in bbpaths) and not status.reparse: status.addresult(BBPATH references the current directory, either through \ -an empty entry, or a '.'.\n\t This is unsafe and means your \ +an empty entry, a './' or a '.'.\n\t This is unsafe and means your \ layer configuration is adding empty elements to BBPATH.\n\t \ Please check your layer.conf files and other BBPATH \ settings to remove the current working directory \ @@ -693,8 +693,8 @@ def check_sanity_everybuild(status, d): sanity_check_conffiles(status, d) paths = d.getVar('PATH', True).split(:) -if . in paths or in paths: -status.addresult(PATH contains '.' or '' (empty element), which will break the build, please remove this.\nParsed PATH is + str(paths) + \n) +if . in paths or ./ in paths or in paths: +status.addresult(PATH contains '.', './' or '' (empty element), which will break the build, please remove this.\nParsed PATH is + str(paths) + \n) # Check that the DISTRO is valid, if set # need to take into account DISTRO renaming DISTRO -- The PATH part is problematic: My system (fedora 22) or my user - have not yet checked where it comes from - sets './' in PATH. I am not happy risking fallout on my system for yocto's sanity. FWIW, it's not in PATH for my account on F21. Cheers, Paul FWIW2 (forgive me - I was without coffee): Have F20 here not F22 Andreas -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [oe-commits] Shiqun Lin : sanity.bbclass: improve the sanity check for PATH and BBPATH
On Friday 22 May 2015 07:15:36 Andreas Müller wrote: On Wed, May 20, 2015 at 11:20 PM, g...@git.openembedded.org wrote: Module: openembedded-core.git Branch: master-next Commit: b6a23572b8f14e27d4341892b9069e7cac1e9c14 URL: http://git.openembedded.org/?p=openembedded-core.gita=commit;h=b6a23572b 8f14e27d4341892b9069e7cac1e9c14 Author: Shiqun Lin shiqun@windriver.com Date: Wed Jan 7 15:00:31 2015 +0800 sanity.bbclass: improve the sanity check for PATH and BBPATH Build fails if ./ is in the PATH To reproduce the issue: $ export PATH=./:$PATH $ make -C build-tools elfutils Error: ./ld: unrecognized option '--sysroot=/' Signed-off-by: Shiqun Lin shiqun@windriver.com Signed-off-by: Richard Purdie richard.pur...@linuxfoundation.org --- meta/classes/sanity.bbclass | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass index fc8c980..e738110 100644 --- a/meta/classes/sanity.bbclass +++ b/meta/classes/sanity.bbclass @@ -653,9 +653,9 @@ def check_sanity_version_change(status, d): status.addresult(You have a 32-bit libc, but no 32-bit headers. You must install the 32-bit libc headers.\n) bbpaths = d.getVar('BBPATH', True).split(:) -if (. in bbpaths or in bbpaths) and not status.reparse: +if (. in bbpaths or ./ in bbpaths or in bbpaths) and not status.reparse: status.addresult(BBPATH references the current directory, either through \ -an empty entry, or a '.'.\n\t This is unsafe and means your \ +an empty entry, a './' or a '.'.\n\t This is unsafe and means your \ layer configuration is adding empty elements to BBPATH.\n\t \ Please check your layer.conf files and other BBPATH \ settings to remove the current working directory \ @@ -693,8 +693,8 @@ def check_sanity_everybuild(status, d): sanity_check_conffiles(status, d) paths = d.getVar('PATH', True).split(:) -if . in paths or in paths: -status.addresult(PATH contains '.' or '' (empty element), which will break the build, please remove this.\nParsed PATH is + str(paths) + \n) +if . in paths or ./ in paths or in paths: +status.addresult(PATH contains '.', './' or '' (empty element), which will break the build, please remove this.\nParsed PATH is + str(paths) + \n) # Check that the DISTRO is valid, if set # need to take into account DISTRO renaming DISTRO -- The PATH part is problematic: My system (fedora 22) or my user - have not yet checked where it comes from - sets './' in PATH. I am not happy risking fallout on my system for yocto's sanity. FWIW, it's not in PATH for my account on F21. Cheers, Paul -- Paul Eggleton Intel Open Source Technology Centre -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-gnome][PATCH 9/9 V2] gnome-panel: Fix build with gcc-5
ping On Mon, May 11, 2015 at 10:34 PM, Khem Raj raj.k...@gmail.com wrote: Signed-off-by: Khem Raj raj.k...@gmail.com --- .../gnome-panel/0001-Fix-build-with-gcc-5.patch| 35 ++ .../gnome-panel/gnome-panel_2.32.1.bb | 13 +--- 2 files changed, 44 insertions(+), 4 deletions(-) create mode 100644 meta-gnome/recipes-gnome/gnome-panel/gnome-panel/0001-Fix-build-with-gcc-5.patch diff --git a/meta-gnome/recipes-gnome/gnome-panel/gnome-panel/0001-Fix-build-with-gcc-5.patch b/meta-gnome/recipes-gnome/gnome-panel/gnome-panel/0001-Fix-build-with-gcc-5.patch new file mode 100644 index 000..6b7fc5b --- /dev/null +++ b/meta-gnome/recipes-gnome/gnome-panel/gnome-panel/0001-Fix-build-with-gcc-5.patch @@ -0,0 +1,35 @@ +From 20810fcf329c6e0b48b8e7602565ccc70c7ce62b Mon Sep 17 00:00:00 2001 +From: Khem Raj raj.k...@gmail.com +Date: Sun, 10 May 2015 02:10:59 -0700 +Subject: [PATCH] Fix build with gcc 5 + +cc1: error: ../../gnome-panel/libpanel-applets-private: No such file or +directory [-Werror=missing-include-dirs] +cc1: error: ../../gnome-panel/libpanel-applets-private: No such file or +directory [-Werror=missing-include-dirs] +cc1: error: ../../gnome-panel/libpanel-applets-private: No such file or +directory [-Werror=missing-include-dirs] +cc1: some warnings being treated as errors + +Signed-off-by: Khem Raj raj.k...@gmail.com +--- +Upstream-Status: Pending + + gnome-panel/libpanel-applet-private/Makefile.am | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/gnome-panel/libpanel-applet-private/Makefile.am b/gnome-panel/libpanel-applet-private/Makefile.am +index f12dee8..d556f12 100644 +--- a/gnome-panel/libpanel-applet-private/Makefile.am b/gnome-panel/libpanel-applet-private/Makefile.am +@@ -8,7 +8,6 @@ AM_CPPFLAGS = \ + -I$(srcdir) \ + -I$(top_srcdir)/gnome-panel \ + -I$(top_builddir)/gnome-panel \ +- -I$(top_builddir)/gnome-panel/libpanel-applets-private \ + -I$(top_builddir)/gnome-panel/libpanel-util \ + -DDATADIR=\$(datadir)\ \ + -DPANEL_APPLETS_DIR=\$(appletsdir)\ \ +-- +2.1.4 + diff --git a/meta-gnome/recipes-gnome/gnome-panel/gnome-panel_2.32.1.bb b/meta-gnome/recipes-gnome/gnome-panel/gnome-panel_2.32.1.bb index 4957a99..3a413bd 100644 --- a/meta-gnome/recipes-gnome/gnome-panel/gnome-panel_2.32.1.bb +++ b/meta-gnome/recipes-gnome/gnome-panel/gnome-panel_2.32.1.bb @@ -1,5 +1,5 @@ SUMMARY = GNOME panel -LICENSE = GPLv2 LGPLv2 GFDLv1.1 +LICENSE = GPL-2.0 LGPL-2.0 GFDL-1.1 LIC_FILES_CHKSUM = file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://COPYING-DOCS;md5=c9211dab3ae61e580f48432020784324 \ @@ -9,12 +9,17 @@ SECTION = x11/gnome PR = r7 -DEPENDS = gnome-doc-utils-native gconf glib-2.0 gnome-desktop gtk+ pango libwnck gnome-menus cairo libgweather dbus-glib librsvg libcanberra +DEPENDS = gnome-doc-utils-native gconf glib-2.0 gnome-desktop gtk+ \ + pango libwnck gnome-menus cairo libgweather dbus-glib \ + librsvg libcanberra +RDEPENDS_${PN} = python inherit gtk-doc gnome autotools-brokensep gettext pkgconfig gconf -SRCREV = 6a364b6a4a9beed3da9ca6f5b0dac81eb99dea2a -SRC_URI = git://git.gnome.org/gnome-panel;branch=gnome-2-32 +SRCREV = 8292bd2b8a36df7eed3c760899400790cde68590 +SRC_URI = git://git.gnome.org/gnome-panel;branch=gnome-2-32 \ + file://0001-Fix-build-with-gcc-5.patch \ + S = ${WORKDIR}/git -- 2.1.4 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] ODROID-C1 support
On 05/21/15 17:18, Khem Raj wrote: On May 21, 2015, at 11:26 AM, Trevor Woerner twoer...@gmail.com wrote: Why would someone include your layer and not build for odroidc1 or wetekplay? Sometimes that's what people do ;-) (look at Angstrom, for example). Besides, a BSP layer should be able to play nicely with other layers even when its machines aren't being used :-) This is very much desirable, in todays times. In angstrom e.g. we want to generalize feeds across many machines for arm especially, so we can share common feeds across multiple armv7a machines so BSP maintainers have to start thinking that their BSP layer will be put along with other BSP layers and they not change common components mindlessly to fit for just one given machine. secondly more and more end users especially big companies have more than 1 machine tied into their useless so its desirable for them to use one distro across all the product lines and hence a requirement to have BSP layers play well with each others. Shouldn't this be true of distro layers as well? Simply included meta-angstrom in conf/bblayers.conf causes one's DISTRO to be set to angstrom, even if they select poky in conf/local.conf. -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] ODROID-C1 support
On May 22, 2015, at 4:15 PM, Trevor Woerner twoer...@gmail.com wrote: On 05/21/15 17:18, Khem Raj wrote: On May 21, 2015, at 11:26 AM, Trevor Woerner twoer...@gmail.com wrote: Why would someone include your layer and not build for odroidc1 or wetekplay? Sometimes that's what people do ;-) (look at Angstrom, for example). Besides, a BSP layer should be able to play nicely with other layers even when its machines aren't being used :-) This is very much desirable, in todays times. In angstrom e.g. we want to generalize feeds across many machines for arm especially, so we can share common feeds across multiple armv7a machines so BSP maintainers have to start thinking that their BSP layer will be put along with other BSP layers and they not change common components mindlessly to fit for just one given machine. secondly more and more end users especially big companies have more than 1 machine tied into their useless so its desirable for them to use one distro across all the product lines and hence a requirement to have BSP layers play well with each others. Shouldn't this be true of distro layers as well? May be but its not a practical requirement. Remember OE is a framework to build embedded Linux distributions, we can have multiple machines supported for a given OE based distribution so thats a usual case, distribution is the global set of policies under which your build then works. Now if you have two distribution layers then they may impose certain policies that may be in conflict. Simply included meta-angstrom in conf/bblayers.conf causes one's DISTRO to be set to angstrom, even if they select poky in conf/local.conf. -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel signature.asc Description: Message signed with OpenPGP using GPGMail -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [meta-raspberrypi][PATCH] If SERIAL_CONSOLE is already define by another layer, this value may not be good.
Signed-off-by: Thomas Perrot thomas.per...@tupi.fr --- conf/machine/include/rpi-base.inc |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/machine/include/rpi-base.inc b/conf/machine/include/rpi-base.inc index a26803a..1dda207 100644 --- a/conf/machine/include/rpi-base.inc +++ b/conf/machine/include/rpi-base.inc @@ -7,7 +7,7 @@ include conf/machine/include/soc-family.inc IMAGE_FSTYPES ?= tar.bz2 ext3 rpi-sdimg -SERIAL_CONSOLE ?= 115200 ttyAMA0 +SERIAL_CONSOLE = 115200 ttyAMA0 XSERVER = \ xserver-xorg \ -- 1.7.10.4 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-raspberrypi][PATCH] If SERIAL_CONSOLE is already define by another layer, this value may not be good.
On 2015-05-22 04:04, Thomas Perrot wrote: Signed-off-by: Thomas Perrot thomas.per...@tupi.fr --- conf/machine/include/rpi-base.inc |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/machine/include/rpi-base.inc b/conf/machine/include/rpi-base.inc index a26803a..1dda207 100644 --- a/conf/machine/include/rpi-base.inc +++ b/conf/machine/include/rpi-base.inc @@ -7,7 +7,7 @@ include conf/machine/include/soc-family.inc IMAGE_FSTYPES ?= tar.bz2 ext3 rpi-sdimg -SERIAL_CONSOLE ?= 115200 ttyAMA0 +SERIAL_CONSOLE = 115200 ttyAMA0 XSERVER = \ xserver-xorg \ Firstly, this should go to the RaspberryPi list (CC'd), not here. How can this value, which is only ever defined in this file when using MACHINE=raspberrypi* be affected by another layer? Is there is another layer which is defining this variable outside of the MACHINE .conf files, then that layer is incorrect, not this one. -- Gary Thomas | Consulting for the MLB Associates |Embedded world -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [oe-commits] Roy Li : elfutils: Security Advisory - CVE-2015-0255
On Fri, May 01, 2015 at 06:40:23AM +, g...@git.openembedded.org wrote: Module: openembedded-core.git Branch: master Commit: 4a65944b89a76f18c8ff6e148f17508882d387cf URL: http://git.openembedded.org/?p=openembedded-core.gita=commit;h=4a65944b89a76f18c8ff6e148f17508882d387cf Author: Roy Li rongqing...@windriver.com Date: Tue Apr 28 14:22:54 2015 +0800 elfutils: Security Advisory - CVE-2015-0255 So is it CVE-2015-0255 or CVE-2014-9447 like the link bellow says? :/ CVE-2015-0255 is X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request. Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9447 Signed-off-by: Roy Li rongqing...@windriver.com Signed-off-by: Richard Purdie richard.pur...@linuxfoundation.org --- ...f-Fix-dir-traversal-vuln-in-ar-extraction.patch | 59 ++ meta/recipes-devtools/elfutils/elfutils_0.161.bb | 1 + 2 files changed, 60 insertions(+) diff --git a/meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch b/meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch new file mode 100644 index 000..7e4e492 --- /dev/null +++ b/meta/recipes-devtools/elfutils/elfutils-0.161/0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch @@ -0,0 +1,59 @@ +From 147018e729e7c22eeabf15b82d26e4bf68a0d18e Mon Sep 17 00:00:00 2001 +From: Alexander Cherepanov chere...@mccme.ru +Date: Sun, 28 Dec 2014 19:57:19 +0300 +Subject: [PATCH] libelf: Fix dir traversal vuln in ar extraction. + +Upstream-Status: Backport + +read_long_names terminates names at the first '/' found but then skips +one character without checking (it's supposed to be '\n'). Hence the +next name could start with any character including '/'. This leads to +a directory traversal vulnerability at the time the contents of the +archive is extracted. + +The danger is mitigated by the fact that only one '/' is possible in a +resulting filename and only in the leading position. Hence only files +in the root directory can be written via this vuln and only when ar is +executed as root. + +The fix for the vuln is to not skip any characters while looking +for '/'. + +Signed-off-by: Alexander Cherepanov chere...@mccme.ru +--- + libelf/ChangeLog | 5 + + libelf/elf_begin.c | 5 + + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/libelf/ChangeLog b/libelf/ChangeLog +index 3b88d03..447c354 100644 +--- a/libelf/ChangeLog b/libelf/ChangeLog +@@ -1,3 +1,8 @@ ++2014-12-28 Alexander Cherepanov chere...@mccme.ru ++ ++* elf_begin.c (read_long_names): Don't miss '/' right after ++another '/'. Fixes a dir traversal vuln in ar extraction. ++ + 2014-12-18 Ulrich Drepper drep...@gmail.com + + * Makefile.am: Suppress output of textrel_check command. +diff --git a/libelf/elf_begin.c b/libelf/elf_begin.c +index 30abe0b..cd3756c 100644 +--- a/libelf/elf_begin.c b/libelf/elf_begin.c +@@ -749,10 +749,7 @@ read_long_names (Elf *elf) + } + + /* NUL-terminate the string. */ +- *runp = '\0'; +- +- /* Skip the NUL byte and the \012. */ +- runp += 2; ++ *runp++ = '\0'; + + /* A sanity check. Somebody might have generated invalid + archive. */ +-- +1.9.1 + diff --git a/meta/recipes-devtools/elfutils/elfutils_0.161.bb b/meta/recipes-devtools/elfutils/elfutils_0.161.bb index 0dbe9f9..e111b34 100644 --- a/meta/recipes-devtools/elfutils/elfutils_0.161.bb +++ b/meta/recipes-devtools/elfutils/elfutils_0.161.bb @@ -16,6 +16,7 @@ SRC_URI += \ file://Fix_elf_cvt_gunhash.patch \ file://fixheadercheck.patch \ file://0001-elf_getarsym-Silence-Werror-maybe-uninitialized-fals.patch \ +file://0001-libelf-Fix-dir-traversal-vuln-in-ar-extraction.patch \ # pick the patch from debian -- ___ Openembedded-commits mailing list openembedded-comm...@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-commits -- Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-raspberrypi][PATCH] If SERIAL_CONSOLE is already define by another layer, this value may not be good.
On 2015-05-22 06:49, Thomas PERROT wrote: Hi Gary, I know it is incorrect to define this variable in a no machine layer but that can be possible. For example, by using the meta-systemd layer, the recipe systemd-serialgetty define SERIAL_CONSOLE, so when the raspberrypi machine layer is applied, the SERIAL_CONSOLE isn't changed and the value is invalid. I know that it's incorrect for the meta-systemd layer to define this variable, so I have submit a another patch to fix it. But I think replace ?= by = in raspberrypi machine layer is more robust. I also send this patch on the rpi mailing list. IMO, the best solution would be to replace it totally since SERIAL_CONSOLE is deprecated by SERIAL_CONSOLES. It should probably be: SERIAL_CONSOLES ?= 115200;ttyAMA0 On Fri, May 22, 2015 at 1:23 PM, Gary Thomas g...@mlbassoc.com wrote: On 2015-05-22 04:04, Thomas Perrot wrote: Signed-off-by: Thomas Perrot thomas.per...@tupi.fr --- conf/machine/include/rpi-base.inc |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/machine/include/rpi-base.inc b/conf/machine/include/rpi-base.inc index a26803a..1dda207 100644 --- a/conf/machine/include/rpi-base.inc +++ b/conf/machine/include/rpi-base.inc @@ -7,7 +7,7 @@ include conf/machine/include/soc-family.inc IMAGE_FSTYPES ?= tar.bz2 ext3 rpi-sdimg -SERIAL_CONSOLE ?= 115200 ttyAMA0 +SERIAL_CONSOLE = 115200 ttyAMA0 XSERVER = \ xserver-xorg \ Firstly, this should go to the RaspberryPi list (CC'd), not here. How can this value, which is only ever defined in this file when using MACHINE=raspberrypi* be affected by another layer? Is there is another layer which is defining this variable outside of the MACHINE .conf files, then that layer is incorrect, not this one. -- Gary Thomas | Consulting for the MLB Associates |Embedded world -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- Gary Thomas | Consulting for the MLB Associates |Embedded world -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [meta-raspberrypi][PATCH] If SERIAL_CONSOLE is already define by another layer, this value may not be good.
Hi Gary, I know it is incorrect to define this variable in a no machine layer but that can be possible. For example, by using the meta-systemd layer, the recipe systemd-serialgetty define SERIAL_CONSOLE, so when the raspberrypi machine layer is applied, the SERIAL_CONSOLE isn't changed and the value is invalid. I know that it's incorrect for the meta-systemd layer to define this variable, so I have submit a another patch to fix it. But I think replace ?= by = in raspberrypi machine layer is more robust. I also send this patch on the rpi mailing list. Best regards, Thomas P. On Fri, May 22, 2015 at 1:23 PM, Gary Thomas g...@mlbassoc.com wrote: On 2015-05-22 04:04, Thomas Perrot wrote: Signed-off-by: Thomas Perrot thomas.per...@tupi.fr --- conf/machine/include/rpi-base.inc |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/machine/include/rpi-base.inc b/conf/machine/include/rpi-base.inc index a26803a..1dda207 100644 --- a/conf/machine/include/rpi-base.inc +++ b/conf/machine/include/rpi-base.inc @@ -7,7 +7,7 @@ include conf/machine/include/soc-family.inc IMAGE_FSTYPES ?= tar.bz2 ext3 rpi-sdimg -SERIAL_CONSOLE ?= 115200 ttyAMA0 +SERIAL_CONSOLE = 115200 ttyAMA0 XSERVER = \ xserver-xorg \ Firstly, this should go to the RaspberryPi list (CC'd), not here. How can this value, which is only ever defined in this file when using MACHINE=raspberrypi* be affected by another layer? Is there is another layer which is defining this variable outside of the MACHINE .conf files, then that layer is incorrect, not this one. -- Gary Thomas | Consulting for the MLB Associates |Embedded world -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] [PATCH] fetch/hg: Disable checksums for archived downloads
Like the Git fetcher, the Mercurial fetcher shouldn't expect recipes to provide a checksum. As described [1], recipes using a mercurial fetcher that don't provide a checksum will fail in a the repository has previously been downloaded and archived. Credit to Rafaël Carré for figuring out the bug. [1] https://www.mail-archive.com/openembedded-devel@lists.openembedded.org/msg41328.html Signed-off-by: Ash Charles ashchar...@gmail.com --- bitbake/lib/bb/fetch2/hg.py | 7 +++ 1 file changed, 7 insertions(+) diff --git a/bitbake/lib/bb/fetch2/hg.py b/bitbake/lib/bb/fetch2/hg.py index 81592f6..cab371f 100644 --- a/bitbake/lib/bb/fetch2/hg.py +++ b/bitbake/lib/bb/fetch2/hg.py @@ -43,6 +43,13 @@ class Hg(FetchMethod): return ud.type in ['hg'] +def supports_checksum(self, urldata): + +Don't require checksums for local archives created from +repository checkouts. + +return False + def urldata_init(self, ud, d): init hg specific variable within url data -- 2.1.4 -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Re: [oe] [PATCH 0/4] Add GStreamer 0.10 and things that depend on it from oe-core
I have noticed some breakages when building xfce, (libcanberra DEPENDS = 'gstreamer') now needs to be gstream1.0. I suspect some of it is do to gstreamer transitioning. I will give a few days to settle before sending patches. - armin On 05/21/2015 04:06 AM, Martin Jansa wrote: On Mon, May 18, 2015 at 05:12:44PM +0300, Alexander Kanavin wrote: These patches add GStreamer 0.10, and things that depend on it from oe-core GStreamer 0.10 is now being removed from oe-core, but we would still like to provide it through meta-openembedded. See: https://bugzilla.yoctoproject.org/show_bug.cgi?id=6294 How was this tested? Are you just throwing recipes unwanted in oe-core to meta-oe without testing? ERROR: ParseError at /OE/build/shr-core/meta-openembedded/meta-multimedia/recipes-multimedia/gstreamer/gst-plugins.inc:17: Could not include required file gst-plugins-package.inc :( Alexander Kanavin (4): python-gst: move it from oe-core to meta-multimedia recipes-qt: move qt-mobility from oe-core to meta-oe recipes-multimedia: add gstreamer-0.10 recipes Rename gstreamer directory to gstreamer-0.10 .../0001-aacdec-check-channel-count.patch | 34 + .../0001-alac-fix-nb_samples-order-case.patch | 30 + .../0001-alsdec-check-block-length.patch | 61 + ...ac3dec-Check-coding-mode-against-channels.patch | 37 + ...util-fix-signedness-in-sizeof-comparissio.patch | 40 + ...le-use-av_image_get_linesize-to-calculate.patch | 50 + ...c-parser-reset-indexes-on-realloc-failure.patch | 50 + ...a-Perform-pointer-advance-and-checks-befo.patch | 81 + .../0001-avcodec-smc-fix-off-by-1-error.patch | 32 + ...egtsenc-Check-data-array-size-in-mpegts_w.patch | 69 + .../0001-eamad-fix-out-of-array-accesses.patch | 29 + ...-error-concealment-initialize-block-index.patch | 29 + ...alment-Check-that-the-picture-is-not-in-a.patch | 37 + .../0001-ffserver-set-oformat.patch| 36 + ...t-ref-count-check-and-limit-fix-out-of-ar.patch | 29 + ...t-parameters-from-SPS-whenever-it-changes.patch | 145 + ...rror-concealment-when-SPS-and-slices-are-.patch | 33 + .../0001-h264_sei-Fix-infinite-loop.patch | 39 + ...01-huffyuvdec-Check-init_vlc-return-codes.patch | 87 + .../0001-huffyuvdec-Skip-len-0-cases.patch | 61 + ...f-compute-probe-buffer-size-more-reliably.patch | 45 + .../0001-mjpegdec-check-SE.patch | 32 + ...heck-RLE-size-before-copying.-Fix-out-of-.patch | 34 + ...er-dont-access-out-of-array-elements-at-t.patch | 44 + ...array-index-before-use-fix-out-of-array-a.patch | 30 + .../0001-qdm2dec-fix-buffer-overflow.patch | 58 + ...001-roqvideodec-check-dimensions-validity.patch | 36 + ...Check-that-the-last-indexes-are-within-th.patch | 32 + ...-vp3-Copy-all-3-frames-for-thread-updates.patch | 32 + ...-read-for-negative-tokens-and-memleaks-on.patch | 183 + ...o-check-chunk-sizes-before-reading-chunks.patch | 51 + ...egdec-check-bits-per-pixel-for-changes-si.patch | 68 + .../gst-ffmpeg-0.10.13/configure-fix.patch | 22 + .../gst-ffmpeg-CVE-2013-0855.patch | 100 + .../gst-ffmpeg-CVE-2013-3674.patch | 26 + .../gst-ffmpeg-0.10.13/h264_qpel_mmx.patch | 57 + .../gst-ffmpeg-0.10.13/libav-9.patch | 9304 .../gst-ffmpeg-0.10.13/libav_e500mc.patch | 21 + .../gst-ffmpeg-0.10.13/libav_e5500.patch | 19 + .../gst-ffmpeg-0.10.13/lower-rank.diff | 16 + .../gstreamer-0.10/gst-ffmpeg_0.10.13.bb | 90 + .../gstreamer-0.10/gst-fluendo-mp3_0.10.31.bb | 14 + .../gst-fluendo-mpegdemux_0.10.85.bb | 12 + .../gstreamer-0.10/gst-fluendo.inc | 14 + .../gstreamer-0.10/gst-meta-base_0.10.bb | 73 + .../gstreamer-0.10/gst-openmax/gcc_4.6.patch | 18 + .../gstreamer-0.10/gst-openmax/ptr-array.patch | 46 + .../gstreamer-0.10/gst-openmax_0.10.1.bb | 35 + .../gstreamer-0.10/gst-plugins-bad_0.10.23.bb | 50 + ...le-Fix-build-on-x86-if-emmintrin.h-is-ava.patch | 37 + .../configure.ac-fix-subparse-plugin.patch | 27 + .../gst-plugins-base-tremor.patch | 20 + .../gstreamer-0.10/gst-plugins-base_0.10.36.bb | 39 + ...-conditional-gl-framebuffer-undefined-use.patch | 35 + .../gstreamer-0.10/gst-plugins-gl_0.10.3.bb| 25 + ...ild-with-recent-kernels-the-v4l2_buffer-i.patch | 33 + ...define-V4L2_CID_HCENTER-and-V4L2_CID_VCEN.patch | 45 + .../0407-mulawdec-fix-integer-overrun.patch| 47 + .../gstreamer-0.10/gst-plugins-good_0.10.31.bb | 47 + .../gstreamer-0.10/gst-plugins-ugly_0.10.19.bb | 29 + .../gstreamer-0.10/gst-plugins.inc | 28 + ...ecated-INCLUDES-to-AM_CPPFLAGS-for-automa.patch | 34 +
Re: [oe] [PATCH 0/4] Add GStreamer 0.10 and things that depend on it from oe-core
On 22 May 2015 at 17:11, akuster808 akuster...@gmail.com wrote: I have noticed some breakages when building xfce, (libcanberra DEPENDS = 'gstreamer') now needs to be gstream1.0. I suspect some of it is do to gstreamer transitioning. I will give a few days to settle before sending patches. libcanberra 0.29 only supports GStreamer 0.10, libcanberra 0.30 depends on 1.0. I suspect the problem you're hitting is that libcanberra 0.29 depends on gstreamer which isn't in oe-core anymore, but switching gstreamer to gstreamer1.0 whilst letting the build run will mean libcanberra doesn't actually support GStreamer... Either xfce should keep with GStreamer 0.10 and so depend on meta-multimedia, or xfce and related recipes migrate to GStreamer 1.x. Ross -- ___ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
[oe] State of bitbake world, Failed tasks 2015-05-22
qemux86_64 has more failures, because it was using newer oe-core version than qemux86 and qemuarm http://www.openembedded.org/wiki/Bitbake_World_Status == Failed tasks 2015-05-22 == INFO: jenkins-job.sh-1.3.1 Complete log available at http://logs.nslu2-linux.org/buildlogs/oe/world/log.report.20150522_180945.log === common () === === common-x86 (0) === === qemuarm (1) === * /meta-openembedded/meta-multimedia/recipes-multimedia/vlc/vlc_2.1.4.bb, do_compile === qemux86 (1) === * /meta-browser/recipes-browser/chromium/cef3_280796.bb, do_package_qa === qemux86_64 (3) === * /meta-browser/recipes-browser/chromium/cef3_280796.bb, do_configure * /openembedded-core/meta/recipes-graphics/clutter/clutter-1.0_1.20.0.bb, do_compile * /openembedded-core/meta/recipes-qt/qt4/qt4-x11-free_4.8.6.bb, do_compile === Number of failed tasks (5) === {| class=wikitable |- || qemuarm || 1 || http://logs.nslu2-linux.org/buildlogs/oe/world//log.world.20150520_170027.log// || http://errors.yoctoproject.org:80/Errors/Build/6076/ |- || qemux86 || 1 || http://logs.nslu2-linux.org/buildlogs/oe/world//log.world.20150521_071300.log// || http://errors.yoctoproject.org:80/Errors/Build/6110/ |- || qemux86_64 || 3 || http://logs.nslu2-linux.org/buildlogs/oe/world//log.world.20150522_000252.log// || http://errors.yoctoproject.org:80/Errors/Build/6123/ |} === PNBLACKLISTs (68) === === QA issues (114) === {| class=wikitable !| Count||Issue |- ||0 ||version-going-backwards |- ||1 ||libdir |- ||20||build-deps |- ||3 ||already-stripped |- ||30||file-rdeps |- ||60||textrel |} PNBLACKLISTs: openembedded-core/: meta-browser: meta-openembedded: meta-efl/recipes-efl/e17/diskio_svn.bb:PNBLACKLIST[diskio] ?= broken: switch to https://git.enlightenment.org/enlightenment/modules/diskio.git/ and fix 0.0.1+svnr82070-r0.0/E-MODULES-EXTRA/diskio/e-module-diskio.edc:58. invalid state name: 'off'. default state must always be first. meta-efl/recipes-efl/efl/entrance_svn.bb:PNBLACKLIST[entrance] ?= broken: switch to https://git.enlightenment.org/misc/entrance.git and fix 0.0.4+svnr82070-r7/entrance/data/themes/old/default.edc:678. invalid state name: 'defaault'. default state must always be first. meta-efl/recipes-navigation/mcnavi/mcnavi_0.3.4.bb:PNBLACKLIST[mcnavi] ?= BROKEN: latest version 0.3.4 is 3 years old and now broken with more strict ejde_cc from efl-1.13 meta-filesystems/recipes-filesystems/ifuse/ifuse_1.1.2.bb:PNBLACKLIST[ifuse] ?= depends on blacklisted libimobiledevice meta-gnome/recipes-apps/gnome-mplayer/gnome-mplayer_1.0.5.bb:PNBLACKLIST[gnome-mplayer] ?= rdepends on blacklisted mplayer meta-gnome/recipes-gnome/gcr/gcr_3.8.2.bb:PNBLACKLIST[gcr] ?= CONFLICT: 4 files conflict with gnome-keyring meta-gnome/recipes-gnome/gnome-menus/gnome-menus3_3.10.1.bb:PNBLACKLIST[gnome-menus3] ?= CONFLICT: 24 files are conflicting with gnome-menus meta-gnome/recipes-gnome/gnome-panel/gnome-panel3_3.0.2.bb:PNBLACKLIST[gnome-panel3] ?= CONFLICT: depends on libgweather3 which conflicts with libgweather meta-gnome/recipes-gnome/gweather/libgweather3_3.0.2.bb:PNBLACKLIST[libgweather3] ?= CONFLICT: 876 files are conflicting with libgweather meta-gnome/recipes-gnome/zenity/zenity_2.32.1.bb:PNBLACKLIST[zenity] ?= BROKEN: doesn't build with B!=S meta-multimedia/recipes-mediacentre/xbmc/xbmc_git.bb:PNBLACKLIST[xbmc] ?= /usr/include/c++/ctime:70:11: error: '::gmtime' has not been declared meta-multimedia/recipes-multimedia/coriander/coriander_2.0.2.bb:PNBLACKLIST[coriander] ?= BROKEN: fails to use SDL probably because libsdl-config was removed, error: unknown type name 'SDL_Overlay' meta-multimedia/recipes-multimedia/dleyna/renderer-service-upnp_0.3.0.bb:PNBLACKLIST[renderer-service-upnp] ?= BROKEN: doesn't build with B!=S (trying to install rendererconsole.py from ${B} instead of ${S}) meta-networking/recipes-connectivity/snort/snort_2.9.6.0.bb:PNBLACKLIST[snort] ?= BROKEN: autotools processing causes OOM condition on configure meta-networking/recipes-support/lksctp-tools/lksctp-tools_1.0.16.bb:PNBLACKLIST[lksctp-tools] ?= ${@base_contains('DISTRO_FEATURES', 'ld-is-gold', BROKEN: fails to link against sctp_connectx symbol, '', d)} meta-networking/recipes-support/nis/yp-tools_3.3.bb:PNBLACKLIST[yp-tools] ?= BROKEN: fails to build for qemuarm. meta-networking/recipes-support/nis/ypbind-mt_2.2.bb:PNBLACKLIST[ypbind-mt] ?= BROKEN: Depends on broken yp-tools meta-oe/recipes-connectivity/bluez/bluez-hcidump_2.5.bb:PNBLACKLIST[bluez-hcidump] ?= ${@bb.utils.contains('DISTRO_FEATURES', 'bluez5', 'bluez5 conflicts with bluez4 and bluez5 is selected in DISTRO_FEATURES', '', d)} meta-oe/recipes-connectivity/bluez/bluez4_4.101.bb:PNBLACKLIST[bluez4] ?= ${@bb.utils.contains('DISTRO_FEATURES', 'bluez5', 'bluez5 conflicts with bluez4 and bluez5 is selected in DISTRO_FEATURES', '', d)}