* set localpath in urldata_init
otherwise localpath and basename were None, when fetcher was trying to
define .lock and .done paths
basepath = d.expand("${DL_DIR}/%s" % os.path.basename(self.localpath or self.basename))
* remove "host" from localpath
.done and .lock files are always using just basename, so if someone
has 2 recipes with:
SRC_URI = "ssh://foo/file.txt"
SRC_URI = "ssh://bar/file.txt"
then there will be only one file.txt.done in downloads anyway (and
only first file.txt from first server will be returned on do_fetch
(Bitbake rev: 5ac3ab3b565f70cd90cfbe121ddd2d899bfc0214)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Fixes [YOCTO #3870] atom-pc - cannot boot image on netbook after install
The problem here is that grub2 is installed but a grub 1 menu.lst is
created at install time. At boot, grub2 doesn't find a grub.cfg file and
drops to the grub shell.
This happens because the installer is looking for 40_custom (a grub2
file) on the rootfs, but grub2 isn't installed on the rootfs. It exists
in the initramfs. Patching the installer to look on the initramfs
resolves the problem.
Note that the problem may have occurred if grub2 used to be installed on
the rootfs but was later removed. In any case, the installer is HORRIBLE
and really needs to be completely redesigned as part of the deployment
effort. For now, this should get the live image installer limping along
again.
Tested on a Toshiba NB-305.
(From OE-Core rev: d961e42674bf929adfff391c6f3f284a7e7b0d95)
Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: alexandru.c.georgescu@intel.com
Cc: sgw@linux.intel.com
Cc: ross.burton@intel.com
Cc: richard.purdie@intel.com
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Replace incorrect size_t data type with socket length data type
(From OE-Core rev: f8d44580e7caf29f1b532c89041469847c36f45f)
Signed-off-by: farrah rashid <farrah.rashid@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
1. it introduces bug in 64bit big endian process with __GLIBC__, At that
condition, size_t is 8byte, and the third parameter of getpeername is
socklen_t which is 4 byte. As a result, getpeername sees third parameter
is always 0, and can not return right value.
The similar program is below, the output is 0, not 9 on PPC64 cpu
main()
{
long aa=9;
printf("%d \n", *((int *)&aa));
}
2. The correct fix is to change getpeername/getsockopt/recvfrom.. last
parameter type from int to socklen_t, but to simplify, we can remove
size_t.patch, since the size of int is same as socklen_t in 32bit/64bit
cpu. and size_t.patch only change three places, there are other places
which uses int, and work well.
2. Fedora, redhat el4 do not use this patch, but Debian uses it, does not
find why this patch is written, maybe it is gcc legency issue which does
not exist.
(From OE-Core rev: c98fd6606f0e253453bf5478636f6b57fc641377)
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Backport a fix from master to fix cross-compilation issues related to automake.
(From OE-Core rev: d8204a21becac6f7eb54096c6af22d6de64eb932)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Create files `passwd' and `group' in `$D${sysconfdir}', if `$D${sysconfdir}'
does not exist, there is an error:
...
cannot create $D${sysconfdir}/passwd: Directory nonexistent
cannot create $D${sysconfdir}/group: Directory nonexistent
...
Attampt to create dir before file creation.
[YOCTO #3917]
(From OE-Core rev: 7912f3a721529302596a032560cffe96297b3113)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We shouldn't have an use-case where we'd use 'FUBAR' timezone so
instead of adding postinst handling for this use case we handle it at
install time and keep the Universal as fallback if user did something
wrong.
This also ensure the /etc/localtime file is kept as a symbolic link.
This will make timezone not available when /usr is in separated
partition (and not mounted) however the applications ought to fallback
to GMT timezone in this case and when /usr is made availble timezone
will work fine.
Change-Id: I9a4f05db7a0bdc06511deb5693d1d16569d2fc63
(From OE-Core rev: 77fed2c773d7d98f88d6e8a2f4a8617b9e8b8a62)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The code where mistakenly replacing the localtime file setting so we
end with a copy of file instead of a symbolic link. This fixes it so
now, we'll only do that in case the link is pointing to invalid data.
Change-Id: I16dfa5ea4f293c48bb396f4e23a2ea53e6c9e745
(From OE-Core rev: 9e7980a88e1604b21138d1999a04e471e07edfe3)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Dash's 'echo' command expands '\n' by default, so the '\n' is not
included in the '/etc/issue' file.
Use 'printf' for portability between different shells.
(From OE-Core rev: 52969714484fc96f6ece928304913b8f3ae30314)
Signed-off-by: Javier Viguera <javier.viguera@digi.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add perl-fix-CVE-2012-5195.patch to fix perl memory exhaustion
denial-of-service attack issue.
And patch is from perl 5.14.3 branch:
http://perl5.git.perl.org/perl.git/commit/b675304e3fdbcce3ef853b06b6ebe870d99faa7e
[Yocto 3701]
(From OE-Core rev: b4799833d26eacf60a7590bc5770b3715389fe66)
Signed-off-by: Kang Kai <kai.kang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Reference:http://http://bugs.python.org/issue14579
The utf-16 decoder in Python 3.1 through 3.3 does not update the
aligned_end variable after calling the unicode_decode_call_errorhandler
function, which allows remote attackers to obtain sensitive information
(process memory) or cause a denial of service (memory corruption and crash)
via unspecified vectors.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2135
[YOCTO #3450]
(From OE-Core rev: 11544f573bc94ce69a8a76d645e46ab6359dee78)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Currently the assumption is made that only oe-core can include a scripts
directory.
* However, when other layers create a scripts directory the bitbake script
freaks out causing a infinite recursive loop until it crashes.
* Simply changing the regular expression to remove all instances of scripts path
instead of just the first one fixes this problem.
[Yocto Bug 3872]
(From OE-Core rev: 00d0e1ac741e5fc01a40feb7dcc7ecd3906b5ce4)
Signed-off-by: Franklin S. Cooper Jr <fcooper@ti.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The stamp cleaning process that occurs before writing out new stamps for
a task was deleting taint files as well. This resulted in tasks that
were forcibly re-executed using the -f or -C command line options to
have their previous output restored from shared state when called upon a
second time, because the taint value was no longer incorporated into the
task signature and thus it was reverting to its previous value. This
also affected the kernel menuconfig command in OE-Core.
Note that the taint file *is* still deleted when doing -c clean, which
is the desired behaviour.
Fixes [YOCTO #3919].
(Bitbake rev: 4a97b83d1d48a5df58733058d41b665b9230198f)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There is an error when use disk monitor on btrfs:
WARNING: The free inode of rootfs is running low (0.000K left)
ERROR: Immediately abort since the disk space monitor action is "ABORT"!
This is beucase some fs formats' statvfs.f_files (inodes) is zero, thus
the statvfs.f_favail (free inodes) is zero, too, this a feature of the
fs, we disable the inode checking for such a fs.
[YOCTO #3609]
(Bitbake rev: 3eeba5c769b7dcb06f4868d6dbc15f05864e97fe)
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
cogl and clutter explicitly rely on libdrm being present when using the glx
backend. If its not listed in DEPENDS and an alternative to mesa is used, it
may not actually be present. This patch ensures it is and fixes a build
race condition which could see dependencies like clutter-box2d failing to
compile due to missing pkgconfig dependencies.
(From OE-Core rev: ed4029055bb84f4da5fcdc77705c509796c45e69)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We don't have support for this in OE-Core, so ensure we don't pick this
up from the build host if e.g. openmpi development files happen to be
installed there.
Fixes [YOCTO #3726].
(From OE-Core rev: cc490d76aba0a778409ca1a3d0e1f2c308684c9b)
(From OE-Core rev: 1fb5a50a8bbda7ca717125abcc4cb99b50ba6ead)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Forcing ps to display unlimited column width allows the qemu IP address to
be discovered during sanity testing when the command line is extremely long.
This seems to fix the sanity testing problem on AB05 which was recently updated
to OpenSUSE 12.2. I'm not sure what about qemu or process listing is different
on that distribution but this simpile fix seems to work and my help on other
distro's as well.
(From OE-Core rev: 4d2164494fba2c4c3016fe196f986161a71f70cb)
Signed-off-by: Michael Halstead <michael@yoctoproject.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This improves reusabiliy of sstate-cache across different hosts
Signed-odd-by: Matthew McClintock <msm@freescale.com>
(From OE-Core rev: a39aa6bf07f29556f2a9f04eefb9d82582004319)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I am trying to use gma500 driver for the noemgd BSPs. The current best
xf86 driver for it is modesetting. This recipe provides that
driver.
(From OE-Core rev: 88c232f63d869cb9010af288bbf1a1fcad248978)
Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The problem: SDK binaries were not properly relocated when the SDK
was installed into a path that had a length less than the default one.
Apparently, there were two problems here: the padding was done wrong
(the size of one program header table entry was used instead of the
program section size) and the new padded string was not used at all.
[YOCTO #3655]
(From OE-Core rev: 0b4287dae51f7a4175c0ad3cadbec6cdf0b43866)
Signed-off-by: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
systemtap_target_arch() should also translate x86-64 (hyphenated) into
x86_64 for the -a param. Failing to do that causes systemtap to see
an architecture mismatch and create a cloned session with a bogusly
synthesized build directory path, and fails to compile the probe.
Fixes [YOCTO #3756]
(From OE-Core rev: d1d5cc19cb397ea3105578c3267fd86e0e8b7f55)
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the package architecture name is complex (e.g. with the meta-yocto-bsp
beagleboard machine and Poky, the architecture-specific package name is
"armv7a-vfp-neon"), rpm reports architecture names that contain
underscores instead of dashes, which when passed to oe-pkgdata-util
during complementary package processing did not match a valid pkginfo
path. Replacing the underscores with dashes again fixes the issue.
Note that this bug affects the danny branch and not master since the
substitution is already performed there in a different manner.
Fixes [YOCTO #3792]
(From OE-Core rev: e29daf8c3eeb7273e63b6ca6d774b8803880ca46)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If the X11 distro feature is present, make gst-meta-base depend on
gst-meta-x11-base. Also make -x11-base RRECOMMEND xvimagesink for video
playback performance.
(From OE-Core rev: 7a0968afd62f8978f5f748dfe89429391e2def02)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* it was enabled when dri2proto was built before xserver-xorg
(From OE-Core rev: 6014223d1527a6fd870b68cbefb9194a079a5d2c)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This fixes the build after gnomebase was changed to depend on
gnome-common-native.
(From OE-Core rev: 390c3bfc6baefc0d6bebcfb6d57eb9baa6fefb40)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
gnome-common is a build-only dependency so we should depend on the native
variant. This also resolves an (incorrect) GPLv3 license issue in gnome-common
at build-time.
This will also remove the pointless gnome-common-dev RRECOMMENDS in any -dev
package that uses gnomebase.
(From OE-Core rev: c91b7d06665aa6e44ffce3ea8117cac80cf3446c)
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The SRC_URI in systemtap recipe uses 'sources.redhat.com' which
redirects to 'sourceware.org'. This causes random fetch failures.
Updating the recipe to use the direct link.
(From OE-Core rev: c9c0ef2131d8a848b8222a223a6296edf4b9737a)
Signed-off-by: Maxin B. John <Maxin.John@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* It uses host gcc in its configure script. When IA32
toolchain is installed it starts using its binaries instead
of native gcc. Modified EXTRA_OECONF so that host gcc is used.
(From OE-Core rev: 5e6025d0d90d31182e09dadd238669520d688c43)
Signed-off-by: Noor Ahsa <noor_ahsan@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* without this patch it does apply --fix-v4bx not only to armv4, but
also all higher (because they also have armv4 in TUNE_FEATURES)
* it causes SIGILL on armv4t
http://lists.linuxtogo.org/pipermail/openembedded-devel/2012-November/042298.html
* someone please test on armv4 device (I tested only bitbake -e output
that it's correctly applied with DEFAULTTUNE == armv4
* maybe we can should fix this in binutils instead (both 2.22 and 2.23
are affected)
(From OE-Core rev: 1691ff86c8aefd3c193ae9a2cdd998c7dc6d3270)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
the patch come from:
http://src.chromium.org/viewvc/chrome/trunk/src/third_party/libxml/src \
/include/libxml/tree.h?r1=56276&r2=149930
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before 21.0.1180.89,
does not properly support a cast of an unspecified variable during handling
of XSL transforms, which allows remote attackers to cause a denial of service
or possibly have unknown other impact via a crafted document, related to the
_xmlNs data structure in include/libxml/tree.h.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2871
[YOCTO #3580]
[ CQID: WIND00376779 ]
Upstream-Status: Pending
(From OE-Core rev: 6d4453ce06191c09787e65d3b6a704651608d8b7)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CQID:WIND00366813
Reference: http://squashfs.git.sourceforge.net/git/gitweb.cgi?
p=squashfs/squashfs;a=patch;h=8515b3d420f502c5c0236b86e2d6d7e3b23c190e
Integer overflow in the queue_init function in unsquashfs.c in
unsquashfs in Squashfs 4.2 and earlier allows remote attackers
to execute arbitrary code via a crafted block_log field in the
superblock of a .sqsh file, leading to a heap-based buffer overflow.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4025
(From OE-Core rev: 4493173c1ab7a0528e0c74935a105e474521ed1c)
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
[YOCTO #3564]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As locale packages are installed on the image, we should
be including them in the package/license manifest.
This ensures that the manifests are accurate and complete.
[ YOCTO #2461 ]
(From OE-Core rev: f03efceb8a529df944592ff9031639f4e2f7a97d)
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Touch a file that is later greped to make sure it exists.
(From OE-Core rev: 178f0d6abfb443ed5d4cc5dab51fc2b78ffade2b)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Some bad logic in license.bbclass misses certain package level
LICENSEs.
(From OE-Core rev: 059dc4ff86d1b1517a53d8f3dc63fe5278751c5d)
Signed-off-by: Elizabeth Flanagan <elizabeth.flanagan@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
yocto_bsp_list_property_values() is missing the context it needs to
properly filter choicelists, so add it to the context object.
Fixes [YOCTO #3233]
(From meta-yocto rev: 064b15f76c5b52899f4c3fdef06412c3063062a5)
(From meta-yocto rev: d381095eed24a426ea655c04279e23b13b1af34a)
Signed-off-by: Tom Zanussi <tom.zanussi@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The names of the -user files were changed to have the machine
prepended, but the includes weren't - fix the includes.
(From meta-yocto rev: f56d24c04f00cfb2671e3f097f221d636ebb7943)
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The bblayer abstraction makes it where multiple layers can be
configured and used at the same time. Some layers make changes to
support a specific machine, and should not have any affect when other
machines are in use.
For linux-yocto, all bsps are created with a user-config.cfg and
user-config.cfg and user-patches.scc. This means that those files
will be pulled from the first location found, which might correspond
to files customized for a different machine.
Instead of using the names user-config.cfg and user-patches.scc, I
propose a machine specific name be used such as
{{=machine}}user-patches.scc and {{=machine}}user-config.cfg. This
would necessitate that all references changed to these new names,
which would affect the yocto-bsp and yocto-kernel scripts.
With this change, it would be possible to have multiple machine BSPs
searched at the same time and to select which to build against by
using a command like MACHINE=qmeux86 bitbake core-image-sato to
override the default.
Note many of the standard BSPs do not seem to suffer this problem as
they do not use the common files user-config.cfg and user-patches.scc
that the yocto-* scripts depend upon.
Additions by Tom Zanussi:
- renamed user-config.cfg to {{=machine}}-user-config.cfg everywhere
- renamed user-patches.scc to {{=machine}}-user-patches.scc everywhere
- added the user-config/patches SRC_URI items to the qemu -rt kernel recipes
Fixes [YOCTO #3731]
(From meta-yocto rev: b148d800773f3c2e6edeb4f05850b0291a8bb7d5)
Signed-off-by: Brian A. Lloyd <brian.lloyd@familyhonor.net>
Signed-off-by: Tom Zanussi <tom.zanussi@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
These needed to be changed to the latest release, which is
1.3.1. They were 1.3.
(From yocto-docs rev: 2397dd750fbd5b69f58f82e0f8349a1c4274631b)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
I updated the five manual's history tables so the 1.3.1 release
date is for February 2013.
(From yocto-docs rev: d049ab9e1a5f50e8dc4033f72f7ee3c5aacc649f)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Involved updating some variables in poky.ent to reflect the new
release numbers and editing the five tables in all the manuals
except the quick start.
(From yocto-docs rev: c2af99f806b049c2f6680d3ba00d8dd980cd658b)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
One of the examples used "startline" instead of "beginline".
Correction made.
(From yocto-docs rev: 5001e32c29e8fbdf543a3ed47f2c069e9cf53a55)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Store node type separately in RsvgNode
commit 34c95743ca692ea0e44778e41a7c0a129363de84 upstream
The node name (formerly RsvgNode:type) cannot be used to infer
the sub-type of RsvgNode that we're dealing with, since for unknown
elements we put type = node-name. This lead to a (potentially exploitable)
crash e.g. when the element name started with "fe" which tricked
the old code into considering it as a RsvgFilterPrimitive.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3146https://bugzilla.gnome.org/show_bug.cgi?id=658014
[YOCTO #3581]
[ CQID: WIND00376773 ]
Upstream-Status: Backport
(From OE-Core rev: fdd6da5933a3e7dd1e0ca2afd7107839b4fa65e8)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
the patch come from:
http://cups.org/strfiles/3914/str3914.patch
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and
earlier does not properly handle the first code word in an LZW stream,
which allows remote attackers to trigger a heap-based buffer overflow,
and possibly execute arbitrary code, via a crafted stream, a different
vulnerability than CVE-2011-2896.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3170
[YOCTO #3583]
[ CQID: WIND00299594 ]
Upstream-Status: Backport
(From OE-Core rev: c82517bb667484854eaa05b6e9efd9ee0f164fec)
(From OE-Core rev: 1f555a6a45eb68011cbe759acf486ac507a6599c)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
the patch come from:
http://cups.org/strfiles/3867/str3867.patch
The LZW decompressor in the LWZReadByte function in giftoppm.c
in the David Koblas GIF decoder in PBMPLUS, as used in the
gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7,
the LZWReadByte function in plug-ins/common/file-gif-load.c
in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c
in XPCE in SWI-Prolog 5.10.4 and earlier, and other products,
does not properly handle code words that are absent from the
decompression table when encountered, which allows remote attackers to
trigger an infinite loop or a heap-based buffer overflow, and possibly
execute arbitrary code, via a crafted compressed stream, a related
issue to CVE-2006-1168 and CVE-2011-2895.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2896
[YOCTO #3582]
[ CQID: WIND00299595 ]
Upstream-Status: Backport
(From OE-Core rev: 0742b7aecaada435f90f39f26914906a5eb1fd4f)
(From OE-Core rev: 1518fc8febbe99fc7ce9b86e087f8bb1c02552d8)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
