* [PATCH] oepydevshell-internal.py: standardize usage output
From: Ed Bartosh @ 2016-12-09 15:02 UTC (permalink / raw)
To: openembedded-core
Made usage output of oepydevshell-internal.py to look
similar to the output of other oe scripts.
[YOCTO #10751]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
---
scripts/oepydevshell-internal.py | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/scripts/oepydevshell-internal.py b/scripts/oepydevshell-internal.py
index a22bec3..04621ae 100755
--- a/scripts/oepydevshell-internal.py
+++ b/scripts/oepydevshell-internal.py
@@ -22,9 +22,16 @@ def cbreaknoecho(fd):
old[3] = old[3] &~ termios.ECHO &~ termios.ICANON
termios.tcsetattr(fd, termios.TCSADRAIN, old)
-if len(sys.argv) != 3:
- print("Incorrect parameters")
- sys.exit(1)
+if len(sys.argv) != 3 or sys.argv[1] in ('-h', '--help'):
+ print('oepydevshell-internal.py: error: the following arguments are required: pty, pid\n'
+ 'Usage: oepydevshell-internal.py pty pid\n\n'
+ 'OpenEmbedded oepydevshell-internal.py - internal script called from meta/classes/devshell.bbclass\n\n'
+ 'arguments:\n'
+ ' pty pty device name\n'
+ ' pid parent process id\n\n'
+ 'options:\n'
+ ' -h, --help show this help message and exit\n')
+ sys.exit(2)
pty = open(sys.argv[1], "w+b", 0)
parent = int(sys.argv[2])
@@ -38,7 +45,7 @@ readline.parse_and_bind("tab: complete")
try:
readline.read_history_file(histfile)
except IOError:
- pass
+ pass
try:
--
2.1.4
^ permalink raw reply related
* [PATCH] oe-git-proxy: create usage output
From: Ed Bartosh @ 2016-12-09 15:40 UTC (permalink / raw)
To: openembedded-core
Created usage output for oe-git-proxy script.
[YOCTO #10751]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
---
scripts/oe-git-proxy | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/scripts/oe-git-proxy b/scripts/oe-git-proxy
index 0078e95..7a43fe6 100755
--- a/scripts/oe-git-proxy
+++ b/scripts/oe-git-proxy
@@ -18,6 +18,27 @@
# AUTHORS
# Darren Hart <dvhart@linux.intel.com>
+if [ $# -lt 2 -o "$1" = '--help' -o "$1" = '-h' ] ; then
+ echo 'oe-git-proxy: error: the following arguments are required: host port'
+ echo 'Usage: oe-git-proxy host port'
+ echo ''
+ echo 'OpenEmbedded git-proxy - a simple tool to be used via GIT_PROXY_COMMAND.'
+ echo 'It uses socat to make SOCKS or HTTPS proxy connections.'
+ echo 'It uses ALL_PROXY to determine the proxy server, protocol, and port.'
+ echo 'It uses NO_PROXY to skip using the proxy for a comma delimited list'
+ echo 'of hosts, host globs (*.example.com), IPs, or CIDR masks (192.168.1.0/24).'
+ echo 'It is known to work with both bash and dash shells.runs native tools'
+ echo ''
+ echo 'arguments:'
+ echo ' host proxy host to use'
+ echo ' port proxy port to use'
+ echo ''
+ echo 'options:'
+ echo ' -h, --help show this help message and exit'
+ echo ''
+ exit 2
+fi
+
# Locate the netcat binary
SOCAT=$(which socat 2>/dev/null)
if [ $? -ne 0 ]; then
--
2.1.4
^ permalink raw reply related
* [PATCH] oe-find-native-sysroot: create usage output
From: Ed Bartosh @ 2016-12-09 16:04 UTC (permalink / raw)
To: openembedded-core
Created usage output for oe-find-native-sysroot script.
[YOCTO #10751]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
---
scripts/oe-find-native-sysroot | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/scripts/oe-find-native-sysroot b/scripts/oe-find-native-sysroot
index 81d62b8..13a5c46 100755
--- a/scripts/oe-find-native-sysroot
+++ b/scripts/oe-find-native-sysroot
@@ -30,6 +30,20 @@
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+if [ "$1" = '--help' -o "$1" = '-h' ] ; then
+ echo 'Usage: oe-find-native-sysroot [-h|--help]'
+ echo ''
+ echo 'OpenEmbedded find-native-sysroot - helper script to set'
+ echo 'environment variables OECORE_NATIVE_SYSROOT and PSEUDO'
+ echo 'to the path of the native sysroot directory and pseudo'
+ echo 'executable binary'
+ echo ''
+ echo 'options:'
+ echo ' -h, --help show this help message and exit'
+ echo ''
+ exit 2
+fi
+
if [ "x$OECORE_NATIVE_SYSROOT" = "x" ]; then
BITBAKE=`which bitbake 2> /dev/null`
if [ "x$BITBAKE" != "x" ]; then
--
2.1.4
^ permalink raw reply related
* Re: [PATCH] perl-native: Remove usage of -fstack-protector=strong
From: Aníbal Limón @ 2016-12-09 16:23 UTC (permalink / raw)
To: Burton, Ross, Andre McCurdy
Cc: Patches and discussions about the oe-core layer
In-Reply-To: <CAJTo0LYUhvxCxhLAcbwFcnxJSx856DnZBLPjqUHXoW2FAvkQVg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 654 bytes --]
On 12/08/2016 02:35 PM, Burton, Ross wrote:
> On 8 December 2016 at 19:16, Andre McCurdy <armccurdy@gmail.com> wrote:
>
>> Is it correct that native sstate from a host with gcc < 4.9 should be
>> reused by a host with gcc >= 4.9 ?
>>
>> Doesn't the change in NATIVELSBSTRING prevent that from happening?
>>
>
> Yes, we recently landed a change so that uninative is versioned by host
> GCC. Presumably that solves this problem in a different way?
If the sstate generated is different from a host distro with gcc>=4.9
and gcc<4.9 will be work.
Could you point me to the patch that makes this change?
alimon
>
> Ross
>
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply
* [PATCH] systemd: Backport cgroup fix from 233 to 232
From: Jason Wessel @ 2016-12-09 17:16 UTC (permalink / raw)
To: Openembedded-core
There is a critical regression in the default behavior with systemd
232 which prevents lxc, docker, and opencontainers from working
properly out of the box. The change was already committed to the
systemd 233 code stream.
The failure looks like what is shown below.
% lxc-start -n container -F
lxc-start: cgfsng.c: parse_hierarchies: 825 Failed to find current cgroup for controller 'name=systemd'
lxc-start: cgfsng.c: all_controllers_found: 431 no systemd controller mountpoint found
lxc-start: start.c: lxc_spawn: 1082 failed initializing cgroup support
lxc-start: start.c: __lxc_start: 1332 failed to spawn 'container'
lxc-start: lxc_start.c: main: 344 The container failed to start.
lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
Commit 843d5baf6aad6c53fc00ea8d95d83209a4f92de1 from the systemd git
has been backported and can be dropped in a future uprev.
Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
---
...use-the-unified-hierarchy-for-the-systemd.patch | 51 ++++++++++++++++++++++
meta/recipes-core/systemd/systemd_232.bb | 1 +
2 files changed, 52 insertions(+)
create mode 100644 meta/recipes-core/systemd/systemd/0020-back-port-233-don-t-use-the-unified-hierarchy-for-the-systemd.patch
diff --git a/meta/recipes-core/systemd/systemd/0020-back-port-233-don-t-use-the-unified-hierarchy-for-the-systemd.patch b/meta/recipes-core/systemd/systemd/0020-back-port-233-don-t-use-the-unified-hierarchy-for-the-systemd.patch
new file mode 100644
index 0000000..ef2d868
--- /dev/null
+++ b/meta/recipes-core/systemd/systemd/0020-back-port-233-don-t-use-the-unified-hierarchy-for-the-systemd.patch
@@ -0,0 +1,51 @@
+This is a direct backport from systemd-233's stream to fix lxc/docker.
+
+% lxc-start -n container -F
+lxc-start: cgfsng.c: parse_hierarchies: 825 Failed to find current cgroup for controller 'name=systemd'
+lxc-start: cgfsng.c: all_controllers_found: 431 no systemd controller mountpoint found
+lxc-start: start.c: lxc_spawn: 1082 failed initializing cgroup support
+lxc-start: start.c: __lxc_start: 1332 failed to spawn 'container'
+lxc-start: lxc_start.c: main: 344 The container failed to start.
+lxc-start: lxc_start.c: main: 348 Additional information can be obtained by setting the --logfile and --logpriority options.
+
+## begin backport ##
+
+From 843d5baf6aad6c53fc00ea8d95d83209a4f92de1 Mon Sep 17 00:00:00 2001
+From: Martin Pitt <martin.pitt@ubuntu.com>
+Date: Thu, 10 Nov 2016 05:33:13 +0100
+Subject: [PATCH] core: don't use the unified hierarchy for the systemd cgroup
+ yet (#4628)
+
+Too many things don't get along with the unified hierarchy yet:
+
+ * https://github.com/opencontainers/runc/issues/1175
+ * https://github.com/docker/docker/issues/28109
+ * https://github.com/lxc/lxc/issues/1280
+
+So revert the default to the legacy hierarchy for now. Developers of the above
+software can opt into the unified hierarchy with
+"systemd.legacy_systemd_cgroup_controller=0".
+---
+ src/basic/cgroup-util.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/basic/cgroup-util.c b/src/basic/cgroup-util.c
+index 5e73753..dc13025 100644
+--- a/src/basic/cgroup-util.c
++++ b/src/basic/cgroup-util.c
+@@ -2423,10 +2423,10 @@ bool cg_is_unified_systemd_controller_wanted(void) {
+
+ r = get_proc_cmdline_key("systemd.legacy_systemd_cgroup_controller=", &value);
+ if (r < 0)
+- return true;
++ return false;
+
+ if (r == 0)
+- wanted = true;
++ wanted = false;
+ else
+ wanted = parse_boolean(value) <= 0;
+ }
+--
+2.10.1
+
diff --git a/meta/recipes-core/systemd/systemd_232.bb b/meta/recipes-core/systemd/systemd_232.bb
index baee02e..a978bec 100644
--- a/meta/recipes-core/systemd/systemd_232.bb
+++ b/meta/recipes-core/systemd/systemd_232.bb
@@ -32,6 +32,7 @@ SRC_URI += " \
file://0017-remove-duplicate-include-uchar.h.patch \
file://0018-check-for-uchar.h-in-configure.patch \
file://0019-socket-util-don-t-fail-if-libc-doesn-t-support-IDN.patch \
+ file://0020-back-port-233-don-t-use-the-unified-hierarchy-for-the-systemd.patch \
"
SRC_URI_append_libc-uclibc = "\
file://0002-units-Prefer-getty-to-agetty-in-console-setup-system.patch \
--
2.10.1
^ permalink raw reply related
* [PATCH] rm_work: add do_write_qemuboot_conf to task list
From: Ross Burton @ 2016-12-09 17:18 UTC (permalink / raw)
To: openembedded-core
We need to add do_write_qemuboot_conf to the list of tasks to be wiped as
otherwise the second time an image is built it will fail.
[ YOCTO #10758 ]
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
meta/classes/rm_work.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/rm_work.bbclass b/meta/classes/rm_work.bbclass
index 64b6981..263ad8b 100644
--- a/meta/classes/rm_work.bbclass
+++ b/meta/classes/rm_work.bbclass
@@ -66,7 +66,7 @@ do_rm_work () {
i=dummy
break
;;
- *do_rootfs*|*do_image*|*do_bootimg*|*do_bootdirectdisk*|*do_vmimg*)
+ *do_rootfs*|*do_image*|*do_bootimg*|*do_bootdirectdisk*|*do_vmimg*|*do_write_qemuboot_conf*)
i=dummy
break
;;
--
2.8.1
^ permalink raw reply related
* Re: [PATCH] glibc: Enable backtrace from abort on ARM
From: Mark Hatle @ 2016-12-09 17:26 UTC (permalink / raw)
To: Khem Raj; +Cc: Patches and discussions about the oe-core layer
In-Reply-To: <CAMKF1sphGgZP8-3DoPi+1Wv3DV6yDOAQW0Z5dNX=QFy16deLXA@mail.gmail.com>
On 12/9/16 12:48 AM, Khem Raj wrote:
> On Thu, Dec 8, 2016 at 11:03 AM, Mark Hatle <mark.hatle@windriver.com> wrote:
>> +do_configure_append_arm () {
>> + echo "CFLAGS-abort.c = -funwind-tables" >> ${B}/configparms
>> + echo "CFLAGS-raise.c = -funwind-tables" >> ${B}/configparms
>> +}
>
> perhaps using -fasynchronous-unwind-tables is better. can you try that out ?
>
This passed my internal test with the same results.
So either one is fine with me. What is the difference between the options?
--Mark
^ permalink raw reply
* [PATCH] oe-buildenv-internal: show usage output
From: Ed Bartosh @ 2016-12-09 17:26 UTC (permalink / raw)
To: openembedded-core
Show usage text if script is not sourced.
Tested in bash, zsh and dash.
[YOCTO #10751]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
---
scripts/oe-buildenv-internal | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/scripts/oe-buildenv-internal b/scripts/oe-buildenv-internal
index 9fae3b4..c890552 100755
--- a/scripts/oe-buildenv-internal
+++ b/scripts/oe-buildenv-internal
@@ -18,6 +18,18 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+if ! $(return >/dev/null 2>&1) ; then
+ echo 'oe-buildenv-internal: error: this script must be sourced'
+ echo ''
+ echo 'Usage: . $OEROOT/scripts/oe-buildenv-internal &&'
+ echo ''
+ echo 'OpenEmbedded oe-buildenv-internal - an internal script that is'
+ echo 'used in oe-init-build-env and oe-init-build-env-memres to'
+ echo 'initialize oe build environment'
+ echo ''
+ exit 2
+fi
+
# It is assumed OEROOT is already defined when this is called
if [ -z "$OEROOT" ]; then
echo >&2 "Error: OEROOT is not defined!"
--
2.1.4
^ permalink raw reply related
* Re: [PATCH] glibc: Enable backtrace from abort on ARM
From: Khem Raj @ 2016-12-09 17:36 UTC (permalink / raw)
To: Mark Hatle; +Cc: Patches and discussions about the oe-core layer
In-Reply-To: <a429c8fc-8e0c-971b-9295-4056c09a614a@windriver.com>
On Fri, Dec 9, 2016 at 9:26 AM, Mark Hatle <mark.hatle@windriver.com> wrote:
> On 12/9/16 12:48 AM, Khem Raj wrote:
>> On Thu, Dec 8, 2016 at 11:03 AM, Mark Hatle <mark.hatle@windriver.com> wrote:
>>> +do_configure_append_arm () {
>>> + echo "CFLAGS-abort.c = -funwind-tables" >> ${B}/configparms
>>> + echo "CFLAGS-raise.c = -funwind-tables" >> ${B}/configparms
>>> +}
>>
>> perhaps using -fasynchronous-unwind-tables is better. can you try that out ?
>>
>
> This passed my internal test with the same results.
>
> So either one is fine with me. What is the difference between the options?
-fasynchronous-unwind-tables when used with -g emits the static data
in dward2 into .debug_frame
sections so your binaries dont bloat. funwind-tables is for generating
static data that is needed for exception handing into .eh_frame.
>
> --Mark
^ permalink raw reply
* [PATCH] edgerouter.conf: enable generation of wic.bmap
From: Ed Bartosh @ 2016-12-09 17:46 UTC (permalink / raw)
To: openembedded-core
Enabled generation of block map(bmap) files for wic images
built for edgerouter machine. This should simplify flashing
images with bmaptool.
[YOCTO #10621]
Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
---
meta-yocto-bsp/conf/machine/edgerouter.conf | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-yocto-bsp/conf/machine/edgerouter.conf b/meta-yocto-bsp/conf/machine/edgerouter.conf
index 720a947..c6193d9 100644
--- a/meta-yocto-bsp/conf/machine/edgerouter.conf
+++ b/meta-yocto-bsp/conf/machine/edgerouter.conf
@@ -18,7 +18,7 @@ USE_VT ?= "0"
MACHINE_EXTRA_RRECOMMENDS = " kernel-modules"
-IMAGE_FSTYPES ?= "jffs2 tar.bz2 wic"
+IMAGE_FSTYPES ?= "jffs2 tar.bz2 wic wic.bmap"
JFFS2_ERASEBLOCK = "0x10000"
WKS_FILE ?= "sdimage-bootpart.wks"
--
2.1.4
^ permalink raw reply related
* [master][morty][PATCH v2] glibc: Enable backtrace from abort on ARM
From: Mark Hatle @ 2016-12-09 17:49 UTC (permalink / raw)
To: openembedded-core
From: Yuanjie Huang <yuanjie.huang@windriver.com>
ARM stack frames for abort and raise were limited to the the actual
abort and raise call, such as:
Obtained 4 stack frames.
./test-app(print_trace+0x1c) [0x10a08]
./test-app() [0x10b3c]
/lib/libc.so.6(__default_sa_restorer+0) [0x4adae1e0]
/lib/libc.so.6(gsignal+0xa0) [0x4adacf74]
This is not terribly useful when trying to figure out what function
may have called called the abort, especially when using pthreads.
After the change the trace would now look like:
Obtained 8 stack frames.
./test-app(print_trace+0x1c) [0x10a08]
./test-app() [0x10b3c]
/lib/libc.so.6(__default_sa_restorer+0) [0x4befe1e0]
/lib/libc.so.6(gsignal+0xa0) [0x4befcf74]
/lib/libc.so.6(abort+0x134) [0x4befe358]
./test-app(dummy_function+0x50) [0x10adc]
./test-app(main+0xd4) [0x10c24]
/lib/libc.so.6(__libc_start_main+0x114) [0x4bee7a58]
Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
meta/recipes-core/glibc/glibc.inc | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/meta/recipes-core/glibc/glibc.inc b/meta/recipes-core/glibc/glibc.inc
index e85c7044a0..7bae0e9554 100644
--- a/meta/recipes-core/glibc/glibc.inc
+++ b/meta/recipes-core/glibc/glibc.inc
@@ -78,3 +78,9 @@ do_configure_prepend() {
}
GLIBC_ADDONS ?= "nptl,libidn"
+
+# Enable backtrace from abort()
+do_configure_append_arm () {
+ echo "CFLAGS-abort.c = -fasynchronous-unwind-tables" >> ${B}/configparms
+ echo "CFLAGS-raise.c = -fasynchronous-unwind-tables" >> ${B}/configparms
+}
--
2.11.0.rc1
^ permalink raw reply related
* [PATCH] RFC: weston-init: Update systemd service unit.
From: Daniel Díaz @ 2016-12-09 18:20 UTC (permalink / raw)
To: openembedded-core
Based on the "ultimate" systemd service unit [1], this unit
works without the need of weston-start/weston-launch, as is
recommended by Weston developers.
It handles:
* proper VT/tty allocation and handling,
* PAM login (XDG environment settings),
* correct logging,
* optional arguments to Weston via config file.
[1] https://phabricator.freedesktop.org/T63
Signed-off-by: Daniel Díaz <daniel.diaz@linaro.org>
---
meta/recipes-graphics/wayland/weston-init.bb | 6 +++++
.../wayland/weston-init/weston.service | 31 +++++++++++++++++++---
2 files changed, 34 insertions(+), 3 deletions(-)
diff --git a/meta/recipes-graphics/wayland/weston-init.bb b/meta/recipes-graphics/wayland/weston-init.bb
index 22ba5f3..4a97eba 100644
--- a/meta/recipes-graphics/wayland/weston-init.bb
+++ b/meta/recipes-graphics/wayland/weston-init.bb
@@ -10,7 +10,13 @@ S = "${WORKDIR}"
do_install() {
install -Dm755 ${WORKDIR}/init ${D}/${sysconfdir}/init.d/weston
+
+ # Install weston.service systemd service unit
install -Dm0644 ${WORKDIR}/weston.service ${D}${systemd_system_unitdir}/weston.service
+ sed -i -e 's,/usr/bin,${bindir},g' \
+ -e 's,/etc,${sysconfdir},g' \
+ -e 's,/var,${localstatedir},g \
+ ${D}${systemd_system_unitdir}/weston.service
# Install weston-start script
install -Dm755 ${WORKDIR}/weston-start ${D}${bindir}/weston-start
diff --git a/meta/recipes-graphics/wayland/weston-init/weston.service b/meta/recipes-graphics/wayland/weston-init/weston.service
index 689ce41..66d49ec 100644
--- a/meta/recipes-graphics/wayland/weston-init/weston.service
+++ b/meta/recipes-graphics/wayland/weston-init/weston.service
@@ -1,12 +1,37 @@
[Unit]
-Description=Weston Wayland Compositor
+Description=Weston Wayland Compositor (on tty7)
RequiresMountsFor=/run
+Conflicts=getty@tty7.service plymouth-quit.service
+After=systemd-user-sessions.service getty@tty7.service plymouth-quit-wait.service
[Service]
User=root
+PermissionsStartOnly=true
+
+# Log us in via PAM so we get our XDG & co. environment and
+# are treated as logged in so we can use the tty:
+PAMName=login
+
+# Grab tty7
+UtmpIdentifier=tty7
+TTYPath=/dev/tty7
+TTYReset=yes
+TTYVHangup=yes
+TTYVTDisallocate=yes
+
+# stderr to journal so our logging doesn't get thrown into /dev/null
+StandardOutput=tty
+StandardInput=tty
+StandardError=journal
+
EnvironmentFile=-/etc/default/weston
-ExecStart=/usr/bin/weston-start -v -e -- $OPTARGS
+
+# Weston does not successfully change VT, nor does systemd place us on
+# the VT it just activated for us. Switch manually:
+ExecStartPre=/usr/bin/chvt 7
+ExecStart=/usr/bin/weston --log=/var/log/weston.log $OPTARGS
+
+IgnoreSIGPIPE=no
[Install]
WantedBy=multi-user.target
-
--
1.9.1
^ permalink raw reply related
* [PATCH 0/2] kernel-yocto: yet another set of changes
From: Bruce Ashfield @ 2016-12-09 19:27 UTC (permalink / raw)
To: richard.purdie; +Cc: openembedded-core
In the never ending stream of kernel pull requests, we have an update
to the latest 4.8-rt from Paul Gortmaker.
And as it turns out, my effor in making sure that meta data errors were
trapped was a bit to simple. I do in fact need the set +e to allow some
of the other checks in the routine to follow else clauses.
So there's a patch in this pull that puts the +e back, and I explicitly
trap and error if a meta data command fails.
Cheers,
Bruce
The following changes since commit 36e178a62f04e7f2611b26964efe46b9af97189a:
linux-yocto: Update genericx86* SRCREVs for linux-yocto 4.8 (2016-12-09 08:54:07 +0000)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib zedd/kernel
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=zedd/kernel
Bruce Ashfield (2):
linux-yocto/4.8: update to -rt7
kernel-yocto: explicitly trap subcommand errors
meta/classes/kernel-yocto.bbclass | 7 +++++++
meta/recipes-kernel/linux/linux-yocto-rt_4.8.bb | 4 ++--
meta/recipes-kernel/linux/linux-yocto-tiny_4.8.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_4.8.bb | 2 +-
4 files changed, 11 insertions(+), 4 deletions(-)
--
2.5.0
^ permalink raw reply
* [PATCH 1/2] linux-yocto/4.8: update to -rt7
From: Bruce Ashfield @ 2016-12-09 19:27 UTC (permalink / raw)
To: richard.purdie; +Cc: openembedded-core
In-Reply-To: <cover.1481311536.git.bruce.ashfield@windriver.com>
Updating to the latest 4.8-rt
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
---
meta/recipes-kernel/linux/linux-yocto-rt_4.8.bb | 4 ++--
meta/recipes-kernel/linux/linux-yocto-tiny_4.8.bb | 2 +-
meta/recipes-kernel/linux/linux-yocto_4.8.bb | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_4.8.bb b/meta/recipes-kernel/linux/linux-yocto-rt_4.8.bb
index 8ed9d8f3743f..d392a6de5e95 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_4.8.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_4.8.bb
@@ -11,8 +11,8 @@ python () {
raise bb.parse.SkipPackage("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
}
-SRCREV_machine ?= "b2d665b3453891cd066c8a172af0b7785c365f57"
-SRCREV_meta ?= "b22e47739683444916dc64548df1dbf6856500a5"
+SRCREV_machine ?= "3bafd55e39da7fd7c5d483fdee5b72450df3caf0"
+SRCREV_meta ?= "926c93ae07de2173b4f764d1da6996597a6d2b73"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.8.git;branch=${KBRANCH};name=machine \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.8;destsuffix=${KMETA}"
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_4.8.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_4.8.bb
index 43dc34bd25a4..15b03579d4a3 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_4.8.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_4.8.bb
@@ -10,7 +10,7 @@ KMETA = "kernel-meta"
KCONF_BSP_AUDIT_LEVEL = "2"
SRCREV_machine ?= "e274a507b23c23bf0dd6502d0c38fae731c11511"
-SRCREV_meta ?= "b22e47739683444916dc64548df1dbf6856500a5"
+SRCREV_meta ?= "926c93ae07de2173b4f764d1da6996597a6d2b73"
PV = "${LINUX_VERSION}+git${SRCPV}"
diff --git a/meta/recipes-kernel/linux/linux-yocto_4.8.bb b/meta/recipes-kernel/linux/linux-yocto_4.8.bb
index 090358873b46..aedfe1b1556e 100644
--- a/meta/recipes-kernel/linux/linux-yocto_4.8.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_4.8.bb
@@ -19,7 +19,7 @@ SRCREV_machine_qemux86 ?= "021b4aef55b44597587a1ce5879be642b3dca155"
SRCREV_machine_qemux86-64 ?= "021b4aef55b44597587a1ce5879be642b3dca155"
SRCREV_machine_qemumips64 ?= "1b20066b88c3abdde1f6c449b6562a516b4cce6d"
SRCREV_machine ?= "021b4aef55b44597587a1ce5879be642b3dca155"
-SRCREV_meta ?= "b22e47739683444916dc64548df1dbf6856500a5"
+SRCREV_meta ?= "926c93ae07de2173b4f764d1da6996597a6d2b73"
SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.8.git;name=machine;branch=${KBRANCH}; \
git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-4.8;destsuffix=${KMETA}"
--
2.5.0
^ permalink raw reply related
* [PATCH 2/2] kernel-yocto: explicitly trap subcommand errors
From: Bruce Ashfield @ 2016-12-09 19:28 UTC (permalink / raw)
To: richard.purdie; +Cc: openembedded-core
In-Reply-To: <cover.1481311536.git.bruce.ashfield@windriver.com>
To trap errors and halt processing, do_kernel_metadata was recently
switched to exit on any non zero return code. While the concept is
sound, there are subcommands that have legitimate non-zero return
codes.
Instead of removing set +e, we'll explicitly check the return code
of the commands that can error, and throw a bbfatal to alert the
user.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
---
meta/classes/kernel-yocto.bbclass | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/meta/classes/kernel-yocto.bbclass b/meta/classes/kernel-yocto.bbclass
index 7c32c9664610..a60327a07e50 100644
--- a/meta/classes/kernel-yocto.bbclass
+++ b/meta/classes/kernel-yocto.bbclass
@@ -61,6 +61,7 @@ def get_machine_branch(d, default):
return default
do_kernel_metadata() {
+ set +e
cd ${S}
export KMETA=${KMETA}
@@ -148,12 +149,18 @@ do_kernel_metadata() {
elements="`echo -n ${bsp_definition} ${sccs} ${patches} ${KERNEL_FEATURES}`"
if [ -n "${elements}" ]; then
scc --force -o ${S}/${meta_dir}:cfg,meta ${includes} ${bsp_definition} ${sccs} ${patches} ${KERNEL_FEATURES}
+ if [ $? -ne 0 ]; then
+ bbfatal_log "Could not generate configuration queue for ${KMACHINE}."
+ fi
fi
# run2: only generate patches for elements that have been passed on the SRC_URI
elements="`echo -n ${sccs} ${patches} ${KERNEL_FEATURES}`"
if [ -n "${elements}" ]; then
scc --force -o ${S}/${meta_dir}:patch --cmds patch ${includes} ${sccs} ${patches} ${KERNEL_FEATURES}
+ if [ $? -ne 0 ]; then
+ bbfatal_log "Could not generate configuration queue for ${KMACHINE}."
+ fi
fi
}
--
2.5.0
^ permalink raw reply related
* Re: [PATCH] perl-native: Remove usage of -fstack-protector=strong
From: Burton, Ross @ 2016-12-09 20:10 UTC (permalink / raw)
To: Aníbal Limón; +Cc: Patches and discussions about the oe-core layer
In-Reply-To: <584ADA83.9070709@linux.intel.com>
[-- Attachment #1: Type: text/plain, Size: 917 bytes --]
The patch is "uninative: rebuild uninative for gcc 4.8 and 4.9" but I
forgot it didn't get merged as it broke eSDK.
Ross
On 9 December 2016 at 16:23, Aníbal Limón <anibal.limon@linux.intel.com>
wrote:
>
>
> On 12/08/2016 02:35 PM, Burton, Ross wrote:
> > On 8 December 2016 at 19:16, Andre McCurdy <armccurdy@gmail.com> wrote:
> >
> >> Is it correct that native sstate from a host with gcc < 4.9 should be
> >> reused by a host with gcc >= 4.9 ?
> >>
> >> Doesn't the change in NATIVELSBSTRING prevent that from happening?
> >>
> >
> > Yes, we recently landed a change so that uninative is versioned by host
> > GCC. Presumably that solves this problem in a different way?
>
> If the sstate generated is different from a host distro with gcc>=4.9
> and gcc<4.9 will be work.
>
> Could you point me to the patch that makes this change?
>
> alimon
>
> >
> > Ross
> >
>
>
[-- Attachment #2: Type: text/html, Size: 1448 bytes --]
^ permalink raw reply
* [PATCH] sysklogd: do more to properly work with systemd
From: Mark Asselstine @ 2016-12-09 21:41 UTC (permalink / raw)
To: openembedded-core
It was noticed that syslogd and klogd were no longer running on system
startup, meaning no /var/log/messages etc.. It appears as though
sysklogd has never been updated to follow the expected logging
requirement for systemd as described here:
https://www.freedesktop.org/wiki/Software/systemd/syslog/
As such no service was started and no logging present. Using the above
guidelines we create two new service files syslogd.service and
klogd.service. We make use of tmpfiles.d in order to ensure the
xconsole device node exists and do other minor recipe cleanup to
ensure peaceful coexistence with sysvinit and systemd implementations.
The systemd documentation also asks that for a logger which is not
rsyslog that we also enable 'ForwardToSyslog=' in journald.conf, but
this is already the case so no action is required.
With this change in place syslogd and klogd are started at system
startup and the expected logs are available.
Unfortunately I was not able to find any work done on this upstream or
in other distros so this is my best effort at making this work.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
---
meta/recipes-extended/sysklogd/files/klogd.service | 13 +++++++++++++
meta/recipes-extended/sysklogd/files/syslogd.service | 14 ++++++++++++++
.../sysklogd/files/tmpfiles.sysklogd.conf | 1 +
meta/recipes-extended/sysklogd/sysklogd.inc | 19 +++++++++++++++++--
4 files changed, 45 insertions(+), 2 deletions(-)
create mode 100644 meta/recipes-extended/sysklogd/files/klogd.service
create mode 100644 meta/recipes-extended/sysklogd/files/syslogd.service
create mode 100644 meta/recipes-extended/sysklogd/files/tmpfiles.sysklogd.conf
diff --git a/meta/recipes-extended/sysklogd/files/klogd.service b/meta/recipes-extended/sysklogd/files/klogd.service
new file mode 100644
index 0000000..0c888c4
--- /dev/null
+++ b/meta/recipes-extended/sysklogd/files/klogd.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Kernel Logging Service
+After=syslogd.service
+
+[Service]
+Type=forking
+ExecStart=/sbin/klogd
+PIDFile=/var/run/klogd.pid
+StandardOutput=null
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta/recipes-extended/sysklogd/files/syslogd.service b/meta/recipes-extended/sysklogd/files/syslogd.service
new file mode 100644
index 0000000..eeaff3d
--- /dev/null
+++ b/meta/recipes-extended/sysklogd/files/syslogd.service
@@ -0,0 +1,14 @@
+[Unit]
+Description=System Logging Service
+Requires=syslog.socket
+
+[Service]
+Type=forking
+ExecStart=/sbin/syslogd
+PIDFile=/var/run/syslogd.pid
+StandardOutput=null
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Alias=syslog.service
diff --git a/meta/recipes-extended/sysklogd/files/tmpfiles.sysklogd.conf b/meta/recipes-extended/sysklogd/files/tmpfiles.sysklogd.conf
new file mode 100644
index 0000000..f4aecd3
--- /dev/null
+++ b/meta/recipes-extended/sysklogd/files/tmpfiles.sysklogd.conf
@@ -0,0 +1 @@
+p /dev/xconsole 0640 root adm
diff --git a/meta/recipes-extended/sysklogd/sysklogd.inc b/meta/recipes-extended/sysklogd/sysklogd.inc
index 5c15ffe..092b922 100644
--- a/meta/recipes-extended/sysklogd/sysklogd.inc
+++ b/meta/recipes-extended/sysklogd/sysklogd.inc
@@ -11,17 +11,24 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b \
file://klogd.c;beginline=2;endline=19;md5=7e87ed0ae6142de079bce738c10c899d \
"
-inherit update-rc.d update-alternatives
+inherit update-rc.d update-alternatives systemd
SRC_URI = "http://www.infodrom.org/projects/sysklogd/download/sysklogd-${PV}.tar.gz \
file://no-strip-install.patch \
file://0001-Fix-build-with-musl.patch \
file://sysklogd \
file://syslog.conf \
+ file://syslogd.service \
+ file://klogd.service \
+ file://tmpfiles.sysklogd.conf \
"
SRC_URI_append_e500v2 = " file://no-vectorization.patch"
+SYSTEMD_PACKAGES = "${PN}"
+SYSTEMD_SERVICE_${PN} = "syslogd.service klogd.service"
+SYSTEMD_AUTO_ENABLE = "enable"
+
INITSCRIPT_NAME = "syslog"
CONFFILES_${PN} = "${sysconfdir}/syslog.conf.${BPN}"
@@ -39,13 +46,21 @@ do_install () {
install -m 644 ${WORKDIR}/syslog.conf ${D}${sysconfdir}/syslog.conf
install -d ${D}${sysconfdir}/init.d
install -m 755 ${WORKDIR}/sysklogd ${D}${sysconfdir}/init.d/syslog
+ install -d ${D}${systemd_unitdir}/system
+ install -m 644 ${WORKDIR}/syslogd.service ${D}${systemd_unitdir}/system
+ install -m 644 ${WORKDIR}/klogd.service ${D}${systemd_unitdir}/system
+ install -d ${D}${exec_prefix}/lib/tmpfiles.d
+ install -m 644 ${WORKDIR}/tmpfiles.sysklogd.conf ${D}${exec_prefix}/lib/tmpfiles.d/sysklogd.conf
}
+FILES_${PN} += "${@bb.utils.contains('DISTRO_FEATURES','systemd','${exec_prefix}/lib/tmpfiles.d/sysklogd.conf', '', d)}"
+
# sysklogd package has no internal systemd support, so we weigh busybox's
# sysklogd utility over it in case of systemd
ALTERNATIVE_PRIORITY = "${@bb.utils.contains('DISTRO_FEATURES','systemd','10','100',d)}"
-ALTERNATIVE_${PN} = "syslogd klogd syslog-init syslog-conf"
+ALTERNATIVE_${PN} = "syslogd klogd syslog-conf \
+ ${@bb.utils.contains('DISTRO_FEATURES','sysvinit','syslog-init','',d)}"
ALTERNATIVE_LINK_NAME[syslogd] = "${base_sbindir}/syslogd"
ALTERNATIVE_LINK_NAME[klogd] = "${base_sbindir}/klogd"
--
2.7.4
^ permalink raw reply related
* [PATCH 1/1] parselogs.py: Don't clog QA with Joule errors
From: California Sullivan @ 2016-12-10 1:00 UTC (permalink / raw)
To: openembedded-core
The Joule is very new hardware and there is ongoing kernel and firmware
work to fix these issues, which will be available in future kernel and
firmware releases. In the meantime, don't clog QA reports.
[YOCTO #10611]
Signed-off-by: California Sullivan <california.l.sullivan@intel.com>
---
meta/lib/oeqa/runtime/parselogs.py | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/meta/lib/oeqa/runtime/parselogs.py b/meta/lib/oeqa/runtime/parselogs.py
index aa5008b..3e1c7d0 100644
--- a/meta/lib/oeqa/runtime/parselogs.py
+++ b/meta/lib/oeqa/runtime/parselogs.py
@@ -134,7 +134,19 @@ ignore_errors = {
'dmi: Firmware registration failed.',
'ioremap error for 0x78',
] + x86_common,
- 'intel-corei7-64' : x86_common,
+ 'intel-corei7-64' : [
+ 'can\'t set Max Payload Size to 256',
+ 'intel_punit_ipc: can\'t request region for resource',
+ '[drm] parse error at position 4 in video mode \'efifb\'',
+ 'ACPI Error: Could not enable RealTimeClock event',
+ 'ACPI Warning: Could not enable fixed event - RealTimeClock',
+ 'hci_intel INT33E1:00: Unable to retrieve gpio',
+ 'hci_intel: probe of INT33E1:00 failed',
+ 'can\'t derive routing for PCI INT A',
+ 'failed to read out thermal zone',
+ 'Bluetooth: hci0: Setting Intel event mask failed',
+ 'ttyS2 - failed to request DMA',
+ ] + x86_common,
'crownbay' : x86_common,
'genericx86' : x86_common,
'genericx86-64' : [
--
2.5.5
^ permalink raw reply related
* [PATCH] gcr: add missing dependencies for vapi
From: jackie.huang @ 2016-12-10 2:56 UTC (permalink / raw)
To: openembedded-core
From: Jackie Huang <jackie.huang@windriver.com>
According to the vapi_DEPS definition:
gcr-3.vapi depends on gck-1.vapi,
gcr-ui-3.vapi depends on gck-1.vapi and gcr-3.vapi
But these dependencies are missing for the make targets,
so it will fail when build in parallel:
error: Package `gck-1' not found in specified Vala API directories or GObject-Introspection GIR directories
error: Package `gcr-3' not found in specified Vala API directories or GObject-Introspection GIR directories
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
---
.../gcr-add-missing-dependencies-for-vapi.patch | 51 ++++++++++++++++++++++
meta/recipes-gnome/gcr/gcr_3.20.0.bb | 2 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-gnome/gcr/files/gcr-add-missing-dependencies-for-vapi.patch
diff --git a/meta/recipes-gnome/gcr/files/gcr-add-missing-dependencies-for-vapi.patch b/meta/recipes-gnome/gcr/files/gcr-add-missing-dependencies-for-vapi.patch
new file mode 100644
index 0000000..4b95103
--- /dev/null
+++ b/meta/recipes-gnome/gcr/files/gcr-add-missing-dependencies-for-vapi.patch
@@ -0,0 +1,51 @@
+From e7e0c56ca82031121f192f7f711b78418b154c9f Mon Sep 17 00:00:00 2001
+From: Jackie Huang <jackie.huang@windriver.com>
+Date: Mon, 28 Nov 2016 10:17:34 +0800
+Subject: [PATCH] gcr: add missing dependencies for vapi
+
+According to the vapi_DEPS definition:
+gcr-3.vapi depends on gck-1.vapi,
+gcr-ui-3.vapi depends on gck-1.vapi and gcr-3.vapi
+
+But these dependencies are missing for the make targets,
+so it will fail when build in parallel:
+error: Package `gck-1' not found in specified Vala API directories or GObject-Introspection GIR directories
+error: Package `gcr-3' not found in specified Vala API directories or GObject-Introspection GIR directories
+
+Upstream-Status: Submitted [https://github.com/GNOME/gcr/pull/4]
+
+Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
+---
+ gcr/Makefile.am | 2 +-
+ ui/Makefile.am | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/gcr/Makefile.am b/gcr/Makefile.am
+index eda302f..6e78dba 100644
+--- a/gcr/Makefile.am
++++ b/gcr/Makefile.am
+@@ -221,7 +221,7 @@ gir_DATA += Gcr-@GCR_MAJOR@.gir
+
+ if ENABLE_VAPIGEN
+
+-gcr-@GCR_MAJOR@.vapi: Gcr-@GCR_MAJOR@.gir gcr/Gcr-@GCR_MAJOR@.metadata gcr-@GCR_MAJOR@.deps
++gcr-@GCR_MAJOR@.vapi: Gcr-@GCR_MAJOR@.gir gcr/Gcr-@GCR_MAJOR@.metadata gcr-@GCR_MAJOR@.deps gck-@GCK_MAJOR@.vapi
+
+ VAPIGEN_VAPIS += gcr-@GCR_MAJOR@.vapi
+
+diff --git a/ui/Makefile.am b/ui/Makefile.am
+index aa52476..6612f0d 100644
+--- a/ui/Makefile.am
++++ b/ui/Makefile.am
+@@ -160,7 +160,7 @@ gir_DATA += GcrUi-@GCR_MAJOR@.gir
+
+ if ENABLE_VAPIGEN
+
+-gcr-ui-@GCR_MAJOR@.vapi: GcrUi-@GCR_MAJOR@.gir ui/GcrUi-@GCR_MAJOR@.metadata gcr-ui-@GCR_MAJOR@.deps
++gcr-ui-@GCR_MAJOR@.vapi: GcrUi-@GCR_MAJOR@.gir ui/GcrUi-@GCR_MAJOR@.metadata gcr-ui-@GCR_MAJOR@.deps gck-@GCK_MAJOR@.vapi gcr-@GCR_MAJOR@.vapi
+
+ VAPIGEN_VAPIS += gcr-ui-@GCR_MAJOR@.vapi
+
+--
+2.8.3
+
diff --git a/meta/recipes-gnome/gcr/gcr_3.20.0.bb b/meta/recipes-gnome/gcr/gcr_3.20.0.bb
index b32a455..2088902 100644
--- a/meta/recipes-gnome/gcr/gcr_3.20.0.bb
+++ b/meta/recipes-gnome/gcr/gcr_3.20.0.bb
@@ -11,6 +11,8 @@ inherit autotools gnomebase gtk-icon-cache gtk-doc distro_features_check upstrea
# depends on gtk+3, but also x11 through gtk+-x11
REQUIRED_DISTRO_FEATURES = "x11"
+SRC_URI += "file://gcr-add-missing-dependencies-for-vapi.patch"
+
SRC_URI[archive.md5sum] = "4314bf89eac293dd0a9d806593ff1b35"
SRC_URI[archive.sha256sum] = "90572c626d8a708225560c42b4421f7941315247fa1679d4ef569bde7f4bb379"
--
2.8.3
^ permalink raw reply related
* Re: [PATCH] gcr: add missing dependencies for vapi
From: Burton, Ross @ 2016-12-10 10:42 UTC (permalink / raw)
To: jackie.huang@windriver.com; +Cc: OE-core
In-Reply-To: <20161210025613.1648-1-jackie.huang@windriver.com>
[-- Attachment #1: Type: text/plain, Size: 225 bytes --]
On 10 December 2016 at 02:56, <jackie.huang@windriver.com> wrote:
> +Upstream-Status: Submitted [https://github.com/GNOME/gcr/pull/4]
>
Did you get the message that GNOME doesn't take pull requests at github?
Ross
[-- Attachment #2: Type: text/html, Size: 731 bytes --]
^ permalink raw reply
* can "IMAGE_INSTALL ?= ..." not be written in a more obvious way?
From: Robert P. J. Day @ 2016-12-10 11:40 UTC (permalink / raw)
To: OE Core mailing list
i've nattered about this before but not sure i ever got an answer --
here's the last bit of core-image.bbclass:
CORE_IMAGE_BASE_INSTALL = '\
packagegroup-core-boot \
packagegroup-base-extended \
\
${CORE_IMAGE_EXTRA_INSTALL} \
'
CORE_IMAGE_EXTRA_INSTALL ?= ""
IMAGE_INSTALL ?= "${CORE_IMAGE_BASE_INSTALL}"
the first time i saw that (long ago), it took me a few looks to figure
out what was happening. can this not be written in a more obvious way:
CORE_IMAGE_BASE_INSTALL = '\
packagegroup-core-boot \
packagegroup-base-extended \
'
CORE_IMAGE_EXTRA_INSTALL ?= ""
IMAGE_INSTALL ?= " \
${CORE_IMAGE_BASE_INSTALL} \
${CORE_IMAGE_EXTRA_INSTALL} \
"
is that not equivalent, or am i missing something? it's certainly
clearer as to what's happening if people are perusing the code.
rday
--
========================================================================
Robert P. J. Day Ottawa, Ontario, CANADA
http://crashcourse.ca
Twitter: http://twitter.com/rpjday
LinkedIn: http://ca.linkedin.com/in/rpjday
========================================================================
^ permalink raw reply
* [PATCH] edgerouter.py: avoid python3 exception
From: Juro Bystricky @ 2016-12-10 17:13 UTC (permalink / raw)
To: openembedded-core; +Cc: richard.purdie
This fixes an error such as:
Exception: File "/master/poky/meta-yocto-bsp/lib/oeqa/controllers/edgeroutertarget.py", line 47
self.image_fstype = self.get_image_fstype(d)
TabError: inconsistent use of tabs and spaces in indentation
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
---
meta-yocto-bsp/lib/oeqa/controllers/edgeroutertarget.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-yocto-bsp/lib/oeqa/controllers/edgeroutertarget.py b/meta-yocto-bsp/lib/oeqa/controllers/edgeroutertarget.py
index b3338ca..9c47b5b 100644
--- a/meta-yocto-bsp/lib/oeqa/controllers/edgeroutertarget.py
+++ b/meta-yocto-bsp/lib/oeqa/controllers/edgeroutertarget.py
@@ -44,7 +44,7 @@ class EdgeRouterTarget(MasterImageHardwareTarget):
def __init__(self, d):
super(EdgeRouterTarget, self).__init__(d)
- self.image_fstype = self.get_image_fstype(d)
+ self.image_fstype = self.get_image_fstype(d)
self.deploy_cmds = [
'mount -L boot /boot',
'mkdir -p /mnt/testrootfs',
--
2.7.4
^ permalink raw reply related
* [PATCH] targetloader.py: drop test for ClassType
From: Juro Bystricky @ 2016-12-10 17:21 UTC (permalink / raw)
To: openembedded-core; +Cc: richard.purdie
ClassType was removed from python3.
The code testing for ClassType kept throwing AttributeError exceptions:
module 'types' has no attribute 'ClassType'
The exceptions prevented loading of any dynamically resolved target
controllers.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
---
meta/lib/oeqa/controllers/testtargetloader.py | 2 --
1 file changed, 2 deletions(-)
diff --git a/meta/lib/oeqa/controllers/testtargetloader.py b/meta/lib/oeqa/controllers/testtargetloader.py
index a1b7b1d..b51d04b 100644
--- a/meta/lib/oeqa/controllers/testtargetloader.py
+++ b/meta/lib/oeqa/controllers/testtargetloader.py
@@ -61,8 +61,6 @@ class TestTargetLoader:
obj = getattr(module, target)
if obj:
from oeqa.targetcontrol import BaseTarget
- if (not isinstance(obj, (type, types.ClassType))):
- bb.warn("Target {0} found, but not of type Class".format(target))
if( not issubclass(obj, BaseTarget)):
bb.warn("Target {0} found, but subclass is not BaseTarget".format(target))
except:
--
2.7.4
^ permalink raw reply related
* [PATCH]] libtiff: Update to 4.0.7
From: Armin Kuster @ 2016-12-10 17:38 UTC (permalink / raw)
To: akuster808, openembedded-core
Major changes:
The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos.
CVEs fixed:
CVE-2016-9297
CVE-2016-9448
CVE-2016-9273
CVE-2014-8127
CVE-2016-3658
CVE-2016-5875
CVE-2016-5652
CVE-2016-3632
plus more that are not identified in the changelog.
removed patches integrated into update.
more info: http://libtiff.maptools.org/v4.0.7.html
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../libtiff/files/CVE-2015-8665_8683.patch | 137 -------
.../libtiff/files/CVE-2015-8781.patch | 195 ----------
.../libtiff/files/CVE-2015-8784.patch | 73 ----
.../libtiff/files/CVE-2016-3186.patch | 24 --
.../libtiff/files/CVE-2016-3622.patch | 129 -------
.../libtiff/files/CVE-2016-3623.patch | 52 ---
.../libtiff/files/CVE-2016-3632.patch | 34 --
.../libtiff/files/CVE-2016-3658.patch | 111 ------
.../libtiff/files/CVE-2016-3945.patch | 118 ------
.../libtiff/files/CVE-2016-3990.patch | 66 ----
.../libtiff/files/CVE-2016-3991.patch | 147 -------
.../libtiff/files/CVE-2016-5321.patch | 49 ---
.../libtiff/files/CVE-2016-5323.patch | 107 ------
.../libtiff/files/CVE-2016-9535-1.patch | 423 ---------------------
.../libtiff/files/CVE-2016-9535-2.patch | 67 ----
.../libtiff/files/CVE-2016-9538.patch | 67 ----
.../libtiff/files/CVE-2016-9539.patch | 60 ---
.../libtiff/files/CVE-2016-9540.patch | 60 ---
.../libtiff/files/Fix_several_CVE_issues.patch | 281 --------------
.../libtiff/{tiff_4.0.6.bb => tiff_4.0.7.bb} | 23 +-
20 files changed, 2 insertions(+), 2221 deletions(-)
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8665_8683.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3632.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3945.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3991.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9538.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-9540.patch
delete mode 100644 meta/recipes-multimedia/libtiff/files/Fix_several_CVE_issues.patch
rename meta/recipes-multimedia/libtiff/{tiff_4.0.6.bb => tiff_4.0.7.bb} (65%)
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2015-8665_8683.patch b/meta/recipes-multimedia/libtiff/files/CVE-2015-8665_8683.patch
deleted file mode 100644
index 39c5059..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2015-8665_8683.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From f94a29a822f5528d2334592760fbb7938f15eb55 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sat, 26 Dec 2015 17:32:03 +0000
-Subject: [PATCH] * libtiff/tif_getimage.c: fix out-of-bound reads in
- TIFFRGBAImage interface in case of unsupported values of
- SamplesPerPixel/ExtraSamples for LogLUV / CIELab. Add explicit call to
- TIFFRGBAImageOK() in TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by
- limingxing and CVE-2015-8683 reported by zzf of Alibaba.
-
-Upstream-Status: Backport
-CVE: CVE-2015-8665
-CVE: CVE-2015-8683
-https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ChangeLog | 8 ++++++++
- libtiff/tif_getimage.c | 35 ++++++++++++++++++++++-------------
- 2 files changed, 30 insertions(+), 13 deletions(-)
-
-Index: tiff-4.0.6/libtiff/tif_getimage.c
-===================================================================
---- tiff-4.0.6.orig/libtiff/tif_getimage.c
-+++ tiff-4.0.6/libtiff/tif_getimage.c
-@@ -182,20 +182,22 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[102
- "Planarconfiguration", td->td_planarconfig);
- return (0);
- }
-- if( td->td_samplesperpixel != 3 )
-+ if( td->td_samplesperpixel != 3 || colorchannels != 3 )
- {
- sprintf(emsg,
-- "Sorry, can not handle image with %s=%d",
-- "Samples/pixel", td->td_samplesperpixel);
-+ "Sorry, can not handle image with %s=%d, %s=%d",
-+ "Samples/pixel", td->td_samplesperpixel,
-+ "colorchannels", colorchannels);
- return 0;
- }
- break;
- case PHOTOMETRIC_CIELAB:
-- if( td->td_samplesperpixel != 3 || td->td_bitspersample != 8 )
-+ if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 )
- {
- sprintf(emsg,
-- "Sorry, can not handle image with %s=%d and %s=%d",
-+ "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
- "Samples/pixel", td->td_samplesperpixel,
-+ "colorchannels", colorchannels,
- "Bits/sample", td->td_bitspersample);
- return 0;
- }
-@@ -255,6 +257,9 @@ TIFFRGBAImageBegin(TIFFRGBAImage* img, T
- int colorchannels;
- uint16 *red_orig, *green_orig, *blue_orig;
- int n_color;
-+
-+ if( !TIFFRGBAImageOK(tif, emsg) )
-+ return 0;
-
- /* Initialize to normal values */
- img->row_offset = 0;
-@@ -2508,29 +2513,33 @@ PickContigCase(TIFFRGBAImage* img)
- case PHOTOMETRIC_RGB:
- switch (img->bitspersample) {
- case 8:
-- if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
-+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
-+ img->samplesperpixel >= 4)
- img->put.contig = putRGBAAcontig8bittile;
-- else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
-+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
-+ img->samplesperpixel >= 4)
- {
- if (BuildMapUaToAa(img))
- img->put.contig = putRGBUAcontig8bittile;
- }
-- else
-+ else if( img->samplesperpixel >= 3 )
- img->put.contig = putRGBcontig8bittile;
- break;
- case 16:
-- if (img->alpha == EXTRASAMPLE_ASSOCALPHA)
-+ if (img->alpha == EXTRASAMPLE_ASSOCALPHA &&
-+ img->samplesperpixel >=4 )
- {
- if (BuildMapBitdepth16To8(img))
- img->put.contig = putRGBAAcontig16bittile;
- }
-- else if (img->alpha == EXTRASAMPLE_UNASSALPHA)
-+ else if (img->alpha == EXTRASAMPLE_UNASSALPHA &&
-+ img->samplesperpixel >=4 )
- {
- if (BuildMapBitdepth16To8(img) &&
- BuildMapUaToAa(img))
- img->put.contig = putRGBUAcontig16bittile;
- }
-- else
-+ else if( img->samplesperpixel >=3 )
- {
- if (BuildMapBitdepth16To8(img))
- img->put.contig = putRGBcontig16bittile;
-@@ -2539,7 +2548,7 @@ PickContigCase(TIFFRGBAImage* img)
- }
- break;
- case PHOTOMETRIC_SEPARATED:
-- if (buildMap(img)) {
-+ if (img->samplesperpixel >=4 && buildMap(img)) {
- if (img->bitspersample == 8) {
- if (!img->Map)
- img->put.contig = putRGBcontig8bitCMYKtile;
-@@ -2635,7 +2644,7 @@ PickContigCase(TIFFRGBAImage* img)
- }
- break;
- case PHOTOMETRIC_CIELAB:
-- if (buildMap(img)) {
-+ if (img->samplesperpixel == 3 && buildMap(img)) {
- if (img->bitspersample == 8)
- img->put.contig = initCIELabConversion(img);
- break;
-Index: tiff-4.0.6/ChangeLog
-===================================================================
---- tiff-4.0.6.orig/ChangeLog
-+++ tiff-4.0.6/ChangeLog
-@@ -1,3 +1,11 @@
-+2015-12-26 Even Rouault <even.rouault at spatialys.com>
-+
-+ * libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage
-+ interface in case of unsupported values of SamplesPerPixel/ExtraSamples
-+ for LogLUV / CIELab. Add explicit call to TIFFRGBAImageOK() in
-+ TIFFRGBAImageBegin(). Fix CVE-2015-8665 reported by limingxing and
-+ CVE-2015-8683 reported by zzf of Alibaba.
-+
- 2015-09-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
-
- * libtiff 4.0.6 released.
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch b/meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch
deleted file mode 100644
index 0846f0f..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-From aaab5c3c9d2a2c6984f23ccbc79702610439bc65 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 27 Dec 2015 16:25:11 +0000
-Subject: [PATCH] * libtiff/tif_luv.c: fix potential out-of-bound writes in
- decode functions in non debug builds by replacing assert()s by regular if
- checks (bugzilla #2522). Fix potential out-of-bound reads in case of short
- input data.
-
-Upstream-Status: Backport
-
-https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
-hand applied Changelog changes
-
-CVE: CVE-2015-8781
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
----
- ChangeLog | 7 +++++++
- libtiff/tif_luv.c | 55 ++++++++++++++++++++++++++++++++++++++++++++-----------
- 2 files changed, 51 insertions(+), 11 deletions(-)
-
-Index: tiff-4.0.4/ChangeLog
-===================================================================
---- tiff-4.0.4.orig/ChangeLog
-+++ tiff-4.0.4/ChangeLog
-@@ -1,3 +1,10 @@
-+2015-12-27 Even Rouault <even.rouault at spatialys.com>
-+
-+ * libtiff/tif_luv.c: fix potential out-of-bound writes in decode
-+ functions in non debug builds by replacing assert()s by regular if
-+ checks (bugzilla #2522).
-+ Fix potential out-of-bound reads in case of short input data.
-+
- 2015-12-26 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_getimage.c: fix out-of-bound reads in TIFFRGBAImage
-Index: tiff-4.0.4/libtiff/tif_luv.c
-===================================================================
---- tiff-4.0.4.orig/libtiff/tif_luv.c
-+++ tiff-4.0.4/libtiff/tif_luv.c
-@@ -202,7 +202,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsiz
- if (sp->user_datafmt == SGILOGDATAFMT_16BIT)
- tp = (int16*) op;
- else {
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- tp = (int16*) sp->tbuf;
- }
- _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
-@@ -211,9 +215,11 @@ LogL16Decode(TIFF* tif, uint8* op, tmsiz
- cc = tif->tif_rawcc;
- /* get each byte string */
- for (shft = 2*8; (shft -= 8) >= 0; ) {
-- for (i = 0; i < npixels && cc > 0; )
-+ for (i = 0; i < npixels && cc > 0; ) {
- if (*bp >= 128) { /* run */
-- rc = *bp++ + (2-128); /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+ if( cc < 2 )
-+ break;
-+ rc = *bp++ + (2-128);
- b = (int16)(*bp++ << shft);
- cc -= 2;
- while (rc-- && i < npixels)
-@@ -223,6 +229,7 @@ LogL16Decode(TIFF* tif, uint8* op, tmsiz
- while (--cc && rc-- && i < npixels)
- tp[i++] |= (int16)*bp++ << shft;
- }
-+ }
- if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- TIFFErrorExt(tif->tif_clientdata, module,
-@@ -268,13 +275,17 @@ LogLuvDecode24(TIFF* tif, uint8* op, tms
- if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- tp = (uint32 *)op;
- else {
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- tp = (uint32 *) sp->tbuf;
- }
- /* copy to array of uint32 */
- bp = (unsigned char*) tif->tif_rawcp;
- cc = tif->tif_rawcc;
-- for (i = 0; i < npixels && cc > 0; i++) {
-+ for (i = 0; i < npixels && cc >= 3; i++) {
- tp[i] = bp[0] << 16 | bp[1] << 8 | bp[2];
- bp += 3;
- cc -= 3;
-@@ -325,7 +336,11 @@ LogLuvDecode32(TIFF* tif, uint8* op, tms
- if (sp->user_datafmt == SGILOGDATAFMT_RAW)
- tp = (uint32*) op;
- else {
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- tp = (uint32*) sp->tbuf;
- }
- _TIFFmemset((void*) tp, 0, npixels*sizeof (tp[0]));
-@@ -334,11 +349,13 @@ LogLuvDecode32(TIFF* tif, uint8* op, tms
- cc = tif->tif_rawcc;
- /* get each byte string */
- for (shft = 4*8; (shft -= 8) >= 0; ) {
-- for (i = 0; i < npixels && cc > 0; )
-+ for (i = 0; i < npixels && cc > 0; ) {
- if (*bp >= 128) { /* run */
-+ if( cc < 2 )
-+ break;
- rc = *bp++ + (2-128);
- b = (uint32)*bp++ << shft;
-- cc -= 2; /* TODO: potential input buffer overrun when decoding corrupt or truncated data */
-+ cc -= 2;
- while (rc-- && i < npixels)
- tp[i++] |= b;
- } else { /* non-run */
-@@ -346,6 +363,7 @@ LogLuvDecode32(TIFF* tif, uint8* op, tms
- while (--cc && rc-- && i < npixels)
- tp[i++] |= (uint32)*bp++ << shft;
- }
-+ }
- if (i != npixels) {
- #if defined(__WIN32__) && (defined(_MSC_VER) || defined(__MINGW32__))
- TIFFErrorExt(tif->tif_clientdata, module,
-@@ -413,6 +431,7 @@ LogLuvDecodeTile(TIFF* tif, uint8* bp, t
- static int
- LogL16Encode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+ static const char module[] = "LogL16Encode";
- LogLuvState* sp = EncoderState(tif);
- int shft;
- tmsize_t i;
-@@ -433,7 +452,11 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsiz
- tp = (int16*) bp;
- else {
- tp = (int16*) sp->tbuf;
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- (*sp->tfunc)(sp, bp, npixels);
- }
- /* compress each byte string */
-@@ -506,6 +529,7 @@ LogL16Encode(TIFF* tif, uint8* bp, tmsiz
- static int
- LogLuvEncode24(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+ static const char module[] = "LogLuvEncode24";
- LogLuvState* sp = EncoderState(tif);
- tmsize_t i;
- tmsize_t npixels;
-@@ -521,7 +545,11 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tms
- tp = (uint32*) bp;
- else {
- tp = (uint32*) sp->tbuf;
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- (*sp->tfunc)(sp, bp, npixels);
- }
- /* write out encoded pixels */
-@@ -553,6 +581,7 @@ LogLuvEncode24(TIFF* tif, uint8* bp, tms
- static int
- LogLuvEncode32(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- {
-+ static const char module[] = "LogLuvEncode32";
- LogLuvState* sp = EncoderState(tif);
- int shft;
- tmsize_t i;
-@@ -574,7 +603,11 @@ LogLuvEncode32(TIFF* tif, uint8* bp, tms
- tp = (uint32*) bp;
- else {
- tp = (uint32*) sp->tbuf;
-- assert(sp->tbuflen >= npixels);
-+ if(sp->tbuflen < npixels) {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Translation buffer too short");
-+ return (0);
-+ }
- (*sp->tfunc)(sp, bp, npixels);
- }
- /* compress each byte string */
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch b/meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch
deleted file mode 100644
index 0caf800..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From b18012dae552f85dcc5c57d3bf4e997a15b1cc1c Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sun, 27 Dec 2015 16:55:20 +0000
-Subject: [PATCH] * libtiff/tif_next.c: fix potential out-of-bound write in
- NeXTDecode() triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
- (bugzilla #2508)
-
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
-hand applied Changelog changes
-
-CVE: CVE-2015-8784
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- ChangeLog | 6 ++++++
- libtiff/tif_next.c | 10 ++++++++--
- 2 files changed, 14 insertions(+), 2 deletions(-)
-
-Index: tiff-4.0.4/ChangeLog
-===================================================================
---- tiff-4.0.4.orig/ChangeLog
-+++ tiff-4.0.4/ChangeLog
-@@ -1,5 +1,11 @@
- 2015-12-27 Even Rouault <even.rouault at spatialys.com>
-
-+ * libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()
-+ triggered by http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
-+ (bugzilla #2508)
-+
-+2015-12-27 Even Rouault <even.rouault at spatialys.com>
-+
- * libtiff/tif_luv.c: fix potential out-of-bound writes in decode
- functions in non debug builds by replacing assert()s by regular if
- checks (bugzilla #2522).
-Index: tiff-4.0.4/libtiff/tif_next.c
-===================================================================
---- tiff-4.0.4.orig/libtiff/tif_next.c
-+++ tiff-4.0.4/libtiff/tif_next.c
-@@ -37,7 +37,7 @@
- case 0: op[0] = (unsigned char) ((v) << 6); break; \
- case 1: op[0] |= (v) << 4; break; \
- case 2: op[0] |= (v) << 2; break; \
-- case 3: *op++ |= (v); break; \
-+ case 3: *op++ |= (v); op_offset++; break; \
- } \
- }
-
-@@ -106,6 +106,7 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize
- uint32 imagewidth = tif->tif_dir.td_imagewidth;
- if( isTiled(tif) )
- imagewidth = tif->tif_dir.td_tilewidth;
-+ tmsize_t op_offset = 0;
-
- /*
- * The scanline is composed of a sequence of constant
-@@ -122,10 +123,15 @@ NeXTDecode(TIFF* tif, uint8* buf, tmsize
- * bounds, potentially resulting in a security
- * issue.
- */
-- while (n-- > 0 && npixels < imagewidth)
-+ while (n-- > 0 && npixels < imagewidth && op_offset < scanline)
- SETPIXEL(op, grey);
- if (npixels >= imagewidth)
- break;
-+ if (op_offset >= scanline ) {
-+ TIFFErrorExt(tif->tif_clientdata, module, "Invalid data for scanline %ld",
-+ (long) tif->tif_row);
-+ return (0);
-+ }
- if (cc == 0)
- goto bad;
- n = *bp++, cc--;
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch
deleted file mode 100644
index 4a08aba..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Buffer overflow in the readextension function in gif2tiff.c
-allows remote attackers to cause a denial of service via a crafted GIF file.
-
-External References:
-https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186
-https://bugzilla.redhat.com/show_bug.cgi?id=1319503
-
-CVE: CVE-2016-3186
-Upstream-Status: Backport (RedHat)
-https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
-
---- tiff-4.0.6/tools/gif2tiff.c 2016-04-06 15:43:01.586048341 +0200
-+++ tiff-4.0.6/tools/gif2tiff.c 2016-04-06 15:48:05.523207710 +0200
-@@ -349,7 +349,7 @@
- int status = 1;
-
- (void) getc(infile);
-- while ((count = getc(infile)) && count <= 255)
-+ while ((count = getc(infile)) && count >= 0 && count <= 255)
- if (fread(buf, 1, count, infile) != (size_t) count) {
- fprintf(stderr, "short read from file %s (%s)\n",
- filename, strerror(errno));
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch
deleted file mode 100644
index 0c8b716..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3622.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 92d966a5fcfbdca67957c8c5c47b467aa650b286 Mon Sep 17 00:00:00 2001
-From: bfriesen <bfriesen>
-Date: Sat, 24 Sep 2016 23:11:55 +0000
-Subject: [PATCH] * libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts
- to read floating point images.
-
-* libtiff/tif_predict.c (PredictorSetup): Enforce bits-per-sample
-requirements of floating point predictor (3). Fixes CVE-2016-3622
-"Divide By Zero in the tiff2rgba tool."
-
-CVE: CVE-2016-3622
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- ChangeLog | 11 ++++++++++-
- libtiff/tif_getimage.c | 38 ++++++++++++++++++++------------------
- libtiff/tif_predict.c | 11 ++++++++++-
- 3 files changed, 40 insertions(+), 20 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 26d6f47..a628277 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,12 @@
-+2016-09-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
-+
-+ * libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to
-+ read floating point images.
-+
-+ * libtiff/tif_predict.c (PredictorSetup): Enforce bits-per-sample
-+ requirements of floating point predictor (3). Fixes CVE-2016-3622
-+ "Divide By Zero in the tiff2rgba tool."
-+
- 2016-08-15 Even Rouault <even.rouault at spatialys.com>
-
- * tools/rgb2ycbcr.c: validate values of -v and -h parameters to
-diff --git a/libtiff/tif_getimage.c b/libtiff/tif_getimage.c
-index 386cee0..3e689ee 100644
---- a/libtiff/tif_getimage.c
-+++ b/libtiff/tif_getimage.c
-@@ -95,6 +95,10 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
- td->td_bitspersample);
- return (0);
- }
-+ if (td->td_sampleformat == SAMPLEFORMAT_IEEEFP) {
-+ sprintf(emsg, "Sorry, can not handle images with IEEE floating-point samples");
-+ return (0);
-+ }
- colorchannels = td->td_samplesperpixel - td->td_extrasamples;
- if (!TIFFGetField(tif, TIFFTAG_PHOTOMETRIC, &photometric)) {
- switch (colorchannels) {
-@@ -182,27 +186,25 @@ TIFFRGBAImageOK(TIFF* tif, char emsg[1024])
- "Planarconfiguration", td->td_planarconfig);
- return (0);
- }
-- if( td->td_samplesperpixel != 3 || colorchannels != 3 )
-- {
-- sprintf(emsg,
-- "Sorry, can not handle image with %s=%d, %s=%d",
-- "Samples/pixel", td->td_samplesperpixel,
-- "colorchannels", colorchannels);
-- return 0;
-- }
-+ if ( td->td_samplesperpixel != 3 || colorchannels != 3 ) {
-+ sprintf(emsg,
-+ "Sorry, can not handle image with %s=%d, %s=%d",
-+ "Samples/pixel", td->td_samplesperpixel,
-+ "colorchannels", colorchannels);
-+ return 0;
-+ }
- break;
- case PHOTOMETRIC_CIELAB:
-- if( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 )
-- {
-- sprintf(emsg,
-- "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
-- "Samples/pixel", td->td_samplesperpixel,
-- "colorchannels", colorchannels,
-- "Bits/sample", td->td_bitspersample);
-- return 0;
-- }
-+ if ( td->td_samplesperpixel != 3 || colorchannels != 3 || td->td_bitspersample != 8 ) {
-+ sprintf(emsg,
-+ "Sorry, can not handle image with %s=%d, %s=%d and %s=%d",
-+ "Samples/pixel", td->td_samplesperpixel,
-+ "colorchannels", colorchannels,
-+ "Bits/sample", td->td_bitspersample);
-+ return 0;
-+ }
- break;
-- default:
-+ default:
- sprintf(emsg, "Sorry, can not handle image with %s=%d",
- photoTag, photometric);
- return (0);
-diff --git a/libtiff/tif_predict.c b/libtiff/tif_predict.c
-index 081eb11..555f2f9 100644
---- a/libtiff/tif_predict.c
-+++ b/libtiff/tif_predict.c
-@@ -80,6 +80,15 @@ PredictorSetup(TIFF* tif)
- td->td_sampleformat);
- return 0;
- }
-+ if (td->td_bitspersample != 16
-+ && td->td_bitspersample != 24
-+ && td->td_bitspersample != 32
-+ && td->td_bitspersample != 64) { /* Should 64 be allowed? */
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Floating point \"Predictor\" not supported with %d-bit samples",
-+ td->td_bitspersample);
-+ return 0;
-+ }
- break;
- default:
- TIFFErrorExt(tif->tif_clientdata, module,
-@@ -174,7 +183,7 @@ PredictorSetupDecode(TIFF* tif)
- }
- /*
- * Allocate buffer to keep the decoded bytes before
-- * rearranging in the ight order
-+ * rearranging in the right order
- */
- }
-
---
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch
deleted file mode 100644
index f554ac5..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3623.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From bd024f07019f5d9fea236675607a69f74a66bc7b Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 15 Aug 2016 21:26:56 +0000
-Subject: [PATCH] * tools/rgb2ycbcr.c: validate values of -v and -h parameters
- to avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
-
-CVE: CVE-2016-3623
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/bd024f07019f5d9fea236675607a69f74a66bc7b
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- ChangeLog | 5 +++++
- tools/rgb2ycbcr.c | 4 ++++
- 2 files changed, 9 insertions(+)
-
-diff --git a/ChangeLog b/ChangeLog
-index 5d60608..3e6642a 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,5 +1,10 @@
- 2016-08-15 Even Rouault <even.rouault at spatialys.com>
-
-+ * tools/rgb2ycbcr.c: validate values of -v and -h parameters to
-+ avoid potential divide by zero. Fixes CVE-2016-3623 (bugzilla #2569)
-+
-+2016-08-15 Even Rouault <even.rouault at spatialys.com>
-+
- * tools/tiffcrop.c: Fix out-of-bounds write in loadImage().
- From patch libtiff-CVE-2016-3991.patch from
- libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543)
-diff --git a/tools/rgb2ycbcr.c b/tools/rgb2ycbcr.c
-index 3829d6b..51f4259 100644
---- a/tools/rgb2ycbcr.c
-+++ b/tools/rgb2ycbcr.c
-@@ -95,9 +95,13 @@ main(int argc, char* argv[])
- break;
- case 'h':
- horizSubSampling = atoi(optarg);
-+ if( horizSubSampling != 1 && horizSubSampling != 2 && horizSubSampling != 4 )
-+ usage(-1);
- break;
- case 'v':
- vertSubSampling = atoi(optarg);
-+ if( vertSubSampling != 1 && vertSubSampling != 2 && vertSubSampling != 4 )
-+ usage(-1);
- break;
- case 'r':
- rowsperstrip = atoi(optarg);
---
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3632.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3632.patch
deleted file mode 100644
index a839250..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3632.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From d3f9829a37661749b200760ad6525f77cf77d77a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Nikola=20Forr=C3=B3?= <nforro@redhat.com>
-Date: Mon, 11 Jul 2016 16:04:34 +0200
-Subject: [PATCH 4/8] Fix CVE-2016-3632
-
-CVE-2016-3632 libtiff: The _TIFFVGetField function in tif_dirinfo.c in
-LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service
-(out-of-bounds write) or execute arbitrary code via a crafted TIFF image.
-
-CVE: CVE-2016-3632
-Upstream-Status: Backport [RedHat RHEL7]
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- tools/thumbnail.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/tools/thumbnail.c b/tools/thumbnail.c
-index fd1cba5..75e7009 100644
---- a/tools/thumbnail.c
-+++ b/tools/thumbnail.c
-@@ -253,7 +253,8 @@ static struct cpTag {
- { TIFFTAG_WHITEPOINT, 2, TIFF_RATIONAL },
- { TIFFTAG_PRIMARYCHROMATICITIES, (uint16) -1,TIFF_RATIONAL },
- { TIFFTAG_HALFTONEHINTS, 2, TIFF_SHORT },
-- { TIFFTAG_BADFAXLINES, 1, TIFF_LONG },
-+ // disable BADFAXLINES, CVE-2016-3632
-+ //{ TIFFTAG_BADFAXLINES, 1, TIFF_LONG },
- { TIFFTAG_CLEANFAXDATA, 1, TIFF_SHORT },
- { TIFFTAG_CONSECUTIVEBADFAXLINES, 1, TIFF_LONG },
- { TIFFTAG_INKSET, 1, TIFF_SHORT },
---
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch
deleted file mode 100644
index 6cb12f2..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3658.patch
+++ /dev/null
@@ -1,111 +0,0 @@
-From: 45c68450bef8ad876f310b495165c513cad8b67d
-From: Even Rouault <even.rouault@spatialys.com>
-
-* libtiff/tif_dir.c: discard values of SMinSampleValue and
-SMaxSampleValue when they have been read and the value of
-SamplesPerPixel is changed afterwards (like when reading a
-OJPEG compressed image with a missing SamplesPerPixel tag,
-and whose photometric is RGB or YCbCr, forcing SamplesPerPixel
-being 3). Otherwise when rewriting the directory (for example
-with tiffset, we will expect 3 values whereas the array had been
-allocated with just one), thus causing a out of bound read access.
-Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
-(CVE-2014-8127, duplicate: CVE-2016-3658)
-
-* libtiff/tif_write.c: avoid null pointer dereference on td_stripoffset
-when writing directory, if FIELD_STRIPOFFSETS was artificially set
-for a hack case in OJPEG case.
-Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
-(CVE-2014-8127, duplicate: CVE-2016-3658)
-
-CVE: CVE-2016-3658
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/45c68450bef8ad876f310b495165c513cad8b67d
-
-Signed-off-by: Zhixiong.Chi <zhixiong.chi@windriver.com>
-
-Index: tiff-4.0.6/ChangeLog
-===================================================================
---- tiff-4.0.6.orig/ChangeLog 2016-11-14 10:52:10.008748230 +0800
-+++ tiff-4.0.6/ChangeLog 2016-11-14 16:17:46.140884438 +0800
-@@ -1,3 +1,22 @@
-+2016-10-25 Even Rouault <even.rouault at spatialys.com>
-+
-+ * libtiff/tif_dir.c: discard values of SMinSampleValue and
-+ SMaxSampleValue when they have been read and the value of
-+ SamplesPerPixel is changed afterwards (like when reading a
-+ OJPEG compressed image with a missing SamplesPerPixel tag,
-+ and whose photometric is RGB or YCbCr, forcing SamplesPerPixel
-+ being 3). Otherwise when rewriting the directory (for example
-+ with tiffset, we will expect 3 values whereas the array had been
-+ allocated with just one), thus causing a out of bound read access.
-+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
-+ (CVE-2014-8127, duplicate: CVE-2016-3658)
-+
-+ * libtiff/tif_write.c: avoid null pointer dereference on td_stripoffset
-+ when writing directory, if FIELD_STRIPOFFSETS was artificially set
-+ for a hack case in OJPEG case.
-+ Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
-+ (CVE-2014-8127, duplicate: CVE-2016-3658)
-+
- 2016-09-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
-
- * libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to
-Index: tiff-4.0.6/libtiff/tif_dir.c
-===================================================================
---- tiff-4.0.6.orig/libtiff/tif_dir.c 2015-06-01 07:11:43.000000000 +0800
-+++ tiff-4.0.6/libtiff/tif_dir.c 2016-11-14 16:20:17.800885495 +0800
-@@ -254,6 +254,28 @@
- v = (uint16) va_arg(ap, uint16_vap);
- if (v == 0)
- goto badvalue;
-+ if( v != td->td_samplesperpixel )
-+ {
-+ /* See http://bugzilla.maptools.org/show_bug.cgi?id=2500 */
-+ if( td->td_sminsamplevalue != NULL )
-+ {
-+ TIFFWarningExt(tif->tif_clientdata,module,
-+ "SamplesPerPixel tag value is changing, "
-+ "but SMinSampleValue tag was read with a different value. Cancelling it");
-+ TIFFClrFieldBit(tif,FIELD_SMINSAMPLEVALUE);
-+ _TIFFfree(td->td_sminsamplevalue);
-+ td->td_sminsamplevalue = NULL;
-+ }
-+ if( td->td_smaxsamplevalue != NULL )
-+ {
-+ TIFFWarningExt(tif->tif_clientdata,module,
-+ "SamplesPerPixel tag value is changing, "
-+ "but SMaxSampleValue tag was read with a different value. Cancelling it");
-+ TIFFClrFieldBit(tif,FIELD_SMAXSAMPLEVALUE);
-+ _TIFFfree(td->td_smaxsamplevalue);
-+ td->td_smaxsamplevalue = NULL;
-+ }
-+ }
- td->td_samplesperpixel = (uint16) v;
- break;
- case TIFFTAG_ROWSPERSTRIP:
-Index: tiff-4.0.6/libtiff/tif_dirwrite.c
-===================================================================
---- tiff-4.0.6.orig/libtiff/tif_dirwrite.c 2015-05-31 08:38:46.000000000 +0800
-+++ tiff-4.0.6/libtiff/tif_dirwrite.c 2016-11-14 16:23:54.688887007 +0800
-@@ -542,7 +542,19 @@
- {
- if (!isTiled(tif))
- {
-- if (!TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset))
-+ /* td_stripoffset might be NULL in an odd OJPEG case. See
-+ * tif_dirread.c around line 3634.
-+ * XXX: OJPEG hack.
-+ * If a) compression is OJPEG, b) it's not a tiled TIFF,
-+ * and c) the number of strips is 1,
-+ * then we tolerate the absence of stripoffsets tag,
-+ * because, presumably, all required data is in the
-+ * JpegInterchangeFormat stream.
-+ * We can get here when using tiffset on such a file.
-+ * See http://bugzilla.maptools.org/show_bug.cgi?id=2500
-+ */
-+ if (tif->tif_dir.td_stripoffset != NULL &&
-+ !TIFFWriteDirectoryTagLongLong8Array(tif,&ndir,dir,TIFFTAG_STRIPOFFSETS,tif->tif_dir.td_nstrips,tif->tif_dir.td_stripoffset))
- goto bad;
- }
- else
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3945.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3945.patch
deleted file mode 100644
index 4d965be..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3945.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 7c39352ccd9060d311d3dc9a1f1bc00133a160e6 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 15 Aug 2016 20:06:40 +0000
-Subject: [PATCH] * tools/tiff2rgba.c: Fix integer overflow in size of
- allocated buffer, when -b mode is enabled, that could result in out-of-bounds
- write. Based initially on patch tiff-CVE-2016-3945.patch from
- libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for invalid
- tests that rejected valid files.
-
-CVE: CVE-2016-3945
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/7c39352ccd9060d311d3dc9a1f1bc00133a160e6
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- ChangeLog | 8 ++++++++
- tools/tiff2rgba.c | 34 ++++++++++++++++++++++++++++++----
- 2 files changed, 38 insertions(+), 4 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 62dc1b5..9c0ab29 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,11 @@
-+2016-08-15 Even Rouault <even.rouault at spatialys.com>
-+
-+ * tools/tiff2rgba.c: Fix integer overflow in size of allocated
-+ buffer, when -b mode is enabled, that could result in out-of-bounds
-+ write. Based initially on patch tiff-CVE-2016-3945.patch from
-+ libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for
-+ invalid tests that rejected valid files.
-+
- 2016-07-11 Even Rouault <even.rouault at spatialys.com>
-
- * tools/tiffcrop.c: Avoid access outside of stack allocated array
-diff --git a/tools/tiff2rgba.c b/tools/tiff2rgba.c
-index b7a81eb..16e3dc4 100644
---- a/tools/tiff2rgba.c
-+++ b/tools/tiff2rgba.c
-@@ -147,6 +147,7 @@ cvt_by_tile( TIFF *in, TIFF *out )
- uint32 row, col;
- uint32 *wrk_line;
- int ok = 1;
-+ uint32 rastersize, wrk_linesize;
-
- TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
- TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
-@@ -163,7 +164,13 @@ cvt_by_tile( TIFF *in, TIFF *out )
- /*
- * Allocate tile buffer
- */
-- raster = (uint32*)_TIFFmalloc(tile_width * tile_height * sizeof (uint32));
-+ rastersize = tile_width * tile_height * sizeof (uint32);
-+ if (tile_width != (rastersize / tile_height) / sizeof( uint32))
-+ {
-+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
-+ exit(-1);
-+ }
-+ raster = (uint32*)_TIFFmalloc(rastersize);
- if (raster == 0) {
- TIFFError(TIFFFileName(in), "No space for raster buffer");
- return (0);
-@@ -173,7 +180,13 @@ cvt_by_tile( TIFF *in, TIFF *out )
- * Allocate a scanline buffer for swapping during the vertical
- * mirroring pass.
- */
-- wrk_line = (uint32*)_TIFFmalloc(tile_width * sizeof (uint32));
-+ wrk_linesize = tile_width * sizeof (uint32);
-+ if (tile_width != wrk_linesize / sizeof (uint32))
-+ {
-+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
-+ exit(-1);
-+ }
-+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
- if (!wrk_line) {
- TIFFError(TIFFFileName(in), "No space for raster scanline buffer");
- ok = 0;
-@@ -249,6 +262,7 @@ cvt_by_strip( TIFF *in, TIFF *out )
- uint32 row;
- uint32 *wrk_line;
- int ok = 1;
-+ uint32 rastersize, wrk_linesize;
-
- TIFFGetField(in, TIFFTAG_IMAGEWIDTH, &width);
- TIFFGetField(in, TIFFTAG_IMAGELENGTH, &height);
-@@ -263,7 +277,13 @@ cvt_by_strip( TIFF *in, TIFF *out )
- /*
- * Allocate strip buffer
- */
-- raster = (uint32*)_TIFFmalloc(width * rowsperstrip * sizeof (uint32));
-+ rastersize = width * rowsperstrip * sizeof (uint32);
-+ if (width != (rastersize / rowsperstrip) / sizeof( uint32))
-+ {
-+ TIFFError(TIFFFileName(in), "Integer overflow when calculating raster buffer");
-+ exit(-1);
-+ }
-+ raster = (uint32*)_TIFFmalloc(rastersize);
- if (raster == 0) {
- TIFFError(TIFFFileName(in), "No space for raster buffer");
- return (0);
-@@ -273,7 +293,13 @@ cvt_by_strip( TIFF *in, TIFF *out )
- * Allocate a scanline buffer for swapping during the vertical
- * mirroring pass.
- */
-- wrk_line = (uint32*)_TIFFmalloc(width * sizeof (uint32));
-+ wrk_linesize = width * sizeof (uint32);
-+ if (width != wrk_linesize / sizeof (uint32))
-+ {
-+ TIFFError(TIFFFileName(in), "Integer overflow when calculating wrk_line buffer");
-+ exit(-1);
-+ }
-+ wrk_line = (uint32*)_TIFFmalloc(wrk_linesize);
- if (!wrk_line) {
- TIFFError(TIFFFileName(in), "No space for raster scanline buffer");
- ok = 0;
---
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch
deleted file mode 100644
index 7bf52ee..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3990.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-From 6a4dbb07ccf92836bb4adac7be4575672d0ac5f1 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 15 Aug 2016 20:49:48 +0000
-Subject: [PATCH] * libtiff/tif_pixarlog.c: Fix write buffer overflow in
- PixarLogEncode if more input samples are provided than expected by
- PixarLogSetupEncode. Idea based on libtiff-CVE-2016-3990.patch from
- libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, but with different and
- simpler check. (bugzilla #2544)
-
-invalid tests that rejected valid files. (bugzilla #2545)
-
-CVE: CVE-2016-3990
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/6a4dbb07ccf92836bb4adac7be4575672d0ac5f1
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- ChangeLog | 10 +++++++++-
- libtiff/tif_pixarlog.c | 7 +++++++
- 2 files changed, 16 insertions(+), 1 deletion(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 9c0ab29..db4ea18 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,10 +1,18 @@
- 2016-08-15 Even Rouault <even.rouault at spatialys.com>
-
-+ * libtiff/tif_pixarlog.c: Fix write buffer overflow in PixarLogEncode
-+ if more input samples are provided than expected by PixarLogSetupEncode.
-+ Idea based on libtiff-CVE-2016-3990.patch from
-+ libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, but with different and
-+ simpler check. (bugzilla #2544)
-+
-+2016-08-15 Even Rouault <even.rouault at spatialys.com>
-+
- * tools/tiff2rgba.c: Fix integer overflow in size of allocated
- buffer, when -b mode is enabled, that could result in out-of-bounds
- write. Based initially on patch tiff-CVE-2016-3945.patch from
- libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro, with correction for
-- invalid tests that rejected valid files.
-+ invalid tests that rejected valid files. (bugzilla #2545)
-
- 2016-07-11 Even Rouault <even.rouault at spatialys.com>
-
-diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
-index e78f788..28329d1 100644
---- a/libtiff/tif_pixarlog.c
-+++ b/libtiff/tif_pixarlog.c
-@@ -1141,6 +1141,13 @@ PixarLogEncode(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- }
-
- llen = sp->stride * td->td_imagewidth;
-+ /* Check against the number of elements (of size uint16) of sp->tbuf */
-+ if( n > td->td_rowsperstrip * llen )
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, module,
-+ "Too many input bytes provided");
-+ return 0;
-+ }
-
- for (i = 0, up = sp->tbuf; i < n; i += llen, up += llen) {
- switch (sp->user_datafmt) {
---
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-3991.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-3991.patch
deleted file mode 100644
index 27dfd37..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-3991.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 15 Aug 2016 21:05:40 +0000
-Subject: [PATCH 2/2] * tools/tiffcrop.c: Fix out-of-bounds write in
- loadImage(). From patch libtiff-CVE-2016-3991.patch from
- libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543)
-
-CVE: CVE-2016-3991
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/e596d4e27c5afb7960dc360fdd3afd90ba0fb8ba
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- ChangeLog | 6 ++++++
- tools/tiffcrop.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++---
- 2 files changed, 62 insertions(+), 3 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index db4ea18..5d60608 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,5 +1,11 @@
- 2016-08-15 Even Rouault <even.rouault at spatialys.com>
-
-+ * tools/tiffcrop.c: Fix out-of-bounds write in loadImage().
-+ From patch libtiff-CVE-2016-3991.patch from
-+ libtiff-4.0.3-25.el7_2.src.rpm by Nikola Forro (bugzilla #2543)
-+
-+2016-08-15 Even Rouault <even.rouault at spatialys.com>
-+
- * libtiff/tif_pixarlog.c: Fix write buffer overflow in PixarLogEncode
- if more input samples are provided than expected by PixarLogSetupEncode.
- Idea based on libtiff-CVE-2016-3990.patch from
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index 27abc0b..ddba7b9 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -798,6 +798,11 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8* buf,
- }
-
- tile_buffsize = tilesize;
-+ if (tilesize == 0 || tile_rowsize == 0)
-+ {
-+ TIFFError("readContigTilesIntoBuffer", "Tile size or tile rowsize is zero");
-+ exit(-1);
-+ }
-
- if (tilesize < (tsize_t)(tl * tile_rowsize))
- {
-@@ -807,7 +812,12 @@ static int readContigTilesIntoBuffer (TIFF* in, uint8* buf,
- tilesize, tl * tile_rowsize);
- #endif
- tile_buffsize = tl * tile_rowsize;
-- }
-+ if (tl != (tile_buffsize / tile_rowsize))
-+ {
-+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size.");
-+ exit(-1);
-+ }
-+ }
-
- tilebuf = _TIFFmalloc(tile_buffsize);
- if (tilebuf == 0)
-@@ -1210,6 +1220,12 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength,
- !TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps) )
- return 1;
-
-+ if (tilesize == 0 || tile_rowsize == 0 || tl == 0 || tw == 0)
-+ {
-+ TIFFError("writeBufferToContigTiles", "Tile size, tile row size, tile width, or tile length is zero");
-+ exit(-1);
-+ }
-+
- tile_buffsize = tilesize;
- if (tilesize < (tsize_t)(tl * tile_rowsize))
- {
-@@ -1219,6 +1235,11 @@ static int writeBufferToContigTiles (TIFF* out, uint8* buf, uint32 imagelength,
- tilesize, tl * tile_rowsize);
- #endif
- tile_buffsize = tl * tile_rowsize;
-+ if (tl != tile_buffsize / tile_rowsize)
-+ {
-+ TIFFError("writeBufferToContigTiles", "Integer overflow when calculating buffer size");
-+ exit(-1);
-+ }
- }
-
- tilebuf = _TIFFmalloc(tile_buffsize);
-@@ -5945,12 +5966,27 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
- TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
-
- tile_rowsize = TIFFTileRowSize(in);
-+ if (ntiles == 0 || tlsize == 0 || tile_rowsize == 0)
-+ {
-+ TIFFError("loadImage", "File appears to be tiled, but the number of tiles, tile size, or tile rowsize is zero.");
-+ exit(-1);
-+ }
- buffsize = tlsize * ntiles;
-+ if (tlsize != (buffsize / ntiles))
-+ {
-+ TIFFError("loadImage", "Integer overflow when calculating buffer size");
-+ exit(-1);
-+ }
-
--
- if (buffsize < (uint32)(ntiles * tl * tile_rowsize))
- {
- buffsize = ntiles * tl * tile_rowsize;
-+ if (ntiles != (buffsize / tl / tile_rowsize))
-+ {
-+ TIFFError("loadImage", "Integer overflow when calculating buffer size");
-+ exit(-1);
-+ }
-+
- #ifdef DEBUG2
- TIFFError("loadImage",
- "Tilesize %u is too small, using ntiles * tilelength * tilerowsize %lu",
-@@ -5969,8 +6005,25 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
- TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
- stsize = TIFFStripSize(in);
- nstrips = TIFFNumberOfStrips(in);
-+ if (nstrips == 0 || stsize == 0)
-+ {
-+ TIFFError("loadImage", "File appears to be striped, but the number of stipes or stripe size is zero.");
-+ exit(-1);
-+ }
-+
- buffsize = stsize * nstrips;
--
-+ if (stsize != (buffsize / nstrips))
-+ {
-+ TIFFError("loadImage", "Integer overflow when calculating buffer size");
-+ exit(-1);
-+ }
-+ uint32 buffsize_check;
-+ buffsize_check = ((length * width * spp * bps) + 7);
-+ if (length != ((buffsize_check - 7) / width / spp / bps))
-+ {
-+ TIFFError("loadImage", "Integer overflow detected.");
-+ exit(-1);
-+ }
- if (buffsize < (uint32) (((length * width * spp * bps) + 7) / 8))
- {
- buffsize = ((length * width * spp * bps) + 7) / 8;
---
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch
deleted file mode 100644
index 63c6650..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From d9783e4a1476b6787a51c5ae9e9b3156527589f0 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 11 Jul 2016 21:26:03 +0000
-Subject: [PATCH 1/2] * tools/tiffcrop.c: Avoid access outside of stack
- allocated array on a tiled separate TIFF with more than 8 samples per pixel.
- Reported by Kaixiang Zhang of the Cloud Security Team, Qihoo 360
- (CVE-2016-5321, bugzilla #2558)
-
-CVE: CVE-2016-5321
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- ChangeLog | 7 +++++++
- tools/tiffcrop.c | 2 +-
- 2 files changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index e98d54d..4e0302f 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -1,3 +1,10 @@
-+2016-07-11 Even Rouault <even.rouault at spatialys.com>
-+
-+ * tools/tiffcrop.c: Avoid access outside of stack allocated array
-+ on a tiled separate TIFF with more than 8 samples per pixel.
-+ Reported by Kaixiang Zhang of the Cloud Security Team, Qihoo 360
-+ (CVE-2016-5321, bugzilla #2558)
-+
- 2015-12-27 Even Rouault <even.rouault at spatialys.com>
-
- * libtiff/tif_next.c: fix potential out-of-bound write in NeXTDecode()
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index d959ae3..6fc8fc1 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -989,7 +989,7 @@ static int readSeparateTilesIntoBuffer (TIFF* in, uint8 *obuf,
- nrow = (row + tl > imagelength) ? imagelength - row : tl;
- for (col = 0; col < imagewidth; col += tw)
- {
-- for (s = 0; s < spp; s++)
-+ for (s = 0; s < spp && s < MAX_SAMPLES; s++)
- { /* Read each plane of a tile set into srcbuffs[s] */
- tbytes = TIFFReadTile(in, srcbuffs[s], col, row, 0, s);
- if (tbytes < 0 && !ignore)
---
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch
deleted file mode 100644
index 41eab91..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 2f79856097f423eb33796a15fcf700d2ea41bf31 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 11 Jul 2016 21:38:31 +0000
-Subject: [PATCH 2/2] (CVE-2016-5321 / CVE-2016-5323 , bugzilla #2558 / #2559)
-
-CVE: CVE-2016-5323
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31
-
-Signed-off-by: Yi Zhao <yi.zhao@windirver.com>
----
- ChangeLog | 2 +-
- tools/tiffcrop.c | 16 ++++++++--------
- 2 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/ChangeLog b/ChangeLog
-index 4e0302f..62dc1b5 100644
---- a/ChangeLog
-+++ b/ChangeLog
-@@ -3,7 +3,7 @@
- * tools/tiffcrop.c: Avoid access outside of stack allocated array
- on a tiled separate TIFF with more than 8 samples per pixel.
- Reported by Kaixiang Zhang of the Cloud Security Team, Qihoo 360
-- (CVE-2016-5321, bugzilla #2558)
-+ (CVE-2016-5321 / CVE-2016-5323 , bugzilla #2558 / #2559)
-
- 2016-07-10 Even Rouault <even.rouault at spatialys.com>
-
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index 6fc8fc1..27abc0b 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -3738,7 +3738,7 @@ combineSeparateSamples8bits (uint8 *in[], uint8 *out, uint32 cols,
-
- matchbits = maskbits << (8 - src_bit - bps);
- /* load up next sample from each plane */
-- for (s = 0; s < spp; s++)
-+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
- {
- src = in[s] + src_offset + src_byte;
- buff1 = ((*src) & matchbits) << (src_bit);
-@@ -3837,7 +3837,7 @@ combineSeparateSamples16bits (uint8 *in[], uint8 *out, uint32 cols,
- src_bit = bit_offset % 8;
-
- matchbits = maskbits << (16 - src_bit - bps);
-- for (s = 0; s < spp; s++)
-+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
- {
- src = in[s] + src_offset + src_byte;
- if (little_endian)
-@@ -3947,7 +3947,7 @@ combineSeparateSamples24bits (uint8 *in[], uint8 *out, uint32 cols,
- src_bit = bit_offset % 8;
-
- matchbits = maskbits << (32 - src_bit - bps);
-- for (s = 0; s < spp; s++)
-+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
- {
- src = in[s] + src_offset + src_byte;
- if (little_endian)
-@@ -4073,7 +4073,7 @@ combineSeparateSamples32bits (uint8 *in[], uint8 *out, uint32 cols,
- src_bit = bit_offset % 8;
-
- matchbits = maskbits << (64 - src_bit - bps);
-- for (s = 0; s < spp; s++)
-+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
- {
- src = in[s] + src_offset + src_byte;
- if (little_endian)
-@@ -4263,7 +4263,7 @@ combineSeparateTileSamples8bits (uint8 *in[], uint8 *out, uint32 cols,
-
- matchbits = maskbits << (8 - src_bit - bps);
- /* load up next sample from each plane */
-- for (s = 0; s < spp; s++)
-+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
- {
- src = in[s] + src_offset + src_byte;
- buff1 = ((*src) & matchbits) << (src_bit);
-@@ -4362,7 +4362,7 @@ combineSeparateTileSamples16bits (uint8 *in[], uint8 *out, uint32 cols,
- src_bit = bit_offset % 8;
-
- matchbits = maskbits << (16 - src_bit - bps);
-- for (s = 0; s < spp; s++)
-+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
- {
- src = in[s] + src_offset + src_byte;
- if (little_endian)
-@@ -4471,7 +4471,7 @@ combineSeparateTileSamples24bits (uint8 *in[], uint8 *out, uint32 cols,
- src_bit = bit_offset % 8;
-
- matchbits = maskbits << (32 - src_bit - bps);
-- for (s = 0; s < spp; s++)
-+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
- {
- src = in[s] + src_offset + src_byte;
- if (little_endian)
-@@ -4597,7 +4597,7 @@ combineSeparateTileSamples32bits (uint8 *in[], uint8 *out, uint32 cols,
- src_bit = bit_offset % 8;
-
- matchbits = maskbits << (64 - src_bit - bps);
-- for (s = 0; s < spp; s++)
-+ for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
- {
- src = in[s] + src_offset + src_byte;
- if (little_endian)
---
-2.7.4
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch
deleted file mode 100644
index 26fd0df..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-9535-1.patch
+++ /dev/null
@@ -1,423 +0,0 @@
-From 3ca657a8793dd011bf869695d72ad31c779c3cc1 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Mon, 31 Oct 2016 17:24:26 +0000
-Subject: [PATCH 1/2] Fix CVE-2016-9535
-
-* libtiff/tif_predict.h, libtiff/tif_predict.c: Replace
- assertions by runtime checks to avoid assertions in debug mode, or buffer
- overflows in release mode. Can happen when dealing with unusual tile size
- like YCbCr with subsampling. Reported as MSVR 35105 by Axel Souchet &
- Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
-
-CVE: CVE-2016-9535
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
-
-Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
-
----
- libtiff/tif_predict.c | 153 +++++++++++++++++++++++++++++++++++---------------
- libtiff/tif_predict.h | 6 +-
- 2 files changed, 121 insertions(+), 47 deletions(-)
-
-diff --git a/libtiff/tif_predict.c b/libtiff/tif_predict.c
-index 555f2f9..b829259 100644
---- a/libtiff/tif_predict.c
-+++ b/libtiff/tif_predict.c
-@@ -34,18 +34,18 @@
-
- #define PredictorState(tif) ((TIFFPredictorState*) (tif)->tif_data)
-
--static void horAcc8(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void horAcc32(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void swabHorAcc16(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void swabHorAcc32(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void swabHorDiff16(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void swabHorDiff32(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc);
--static void fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int horAcc8(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int horAcc32(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int swabHorAcc16(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int swabHorAcc32(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int swabHorDiff16(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int swabHorDiff32(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc);
-+static int fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc);
- static int PredictorDecodeRow(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s);
- static int PredictorDecodeTile(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s);
- static int PredictorEncodeRow(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s);
-@@ -273,13 +273,19 @@ PredictorSetupEncode(TIFF* tif)
- /* - when storing into the byte stream, we explicitly mask with 0xff so */
- /* as to make icc -check=conversions happy (not necessary by the standard) */
-
--static void
-+static int
- horAcc8(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- tmsize_t stride = PredictorState(tif)->stride;
-
- unsigned char* cp = (unsigned char*) cp0;
-- assert((cc%stride)==0);
-+ if((cc%stride)!=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "horAcc8",
-+ "%s", "(cc%stride)!=0");
-+ return 0;
-+ }
-+
- if (cc > stride) {
- /*
- * Pipeline the most common cases.
-@@ -321,26 +327,32 @@ horAcc8(TIFF* tif, uint8* cp0, tmsize_t cc)
- } while (cc>0);
- }
- }
-+ return 1;
- }
-
--static void
-+static int
- swabHorAcc16(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- uint16* wp = (uint16*) cp0;
- tmsize_t wc = cc / 2;
-
- TIFFSwabArrayOfShort(wp, wc);
-- horAcc16(tif, cp0, cc);
-+ return horAcc16(tif, cp0, cc);
- }
-
--static void
-+static int
- horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- tmsize_t stride = PredictorState(tif)->stride;
- uint16* wp = (uint16*) cp0;
- tmsize_t wc = cc / 2;
-
-- assert((cc%(2*stride))==0);
-+ if((cc%(2*stride))!=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "horAcc16",
-+ "%s", "cc%(2*stride))!=0");
-+ return 0;
-+ }
-
- if (wc > stride) {
- wc -= stride;
-@@ -349,26 +361,32 @@ horAcc16(TIFF* tif, uint8* cp0, tmsize_t cc)
- wc -= stride;
- } while (wc > 0);
- }
-+ return 1;
- }
-
--static void
-+static int
- swabHorAcc32(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- uint32* wp = (uint32*) cp0;
- tmsize_t wc = cc / 4;
-
- TIFFSwabArrayOfLong(wp, wc);
-- horAcc32(tif, cp0, cc);
-+ return horAcc32(tif, cp0, cc);
- }
-
--static void
-+static int
- horAcc32(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- tmsize_t stride = PredictorState(tif)->stride;
- uint32* wp = (uint32*) cp0;
- tmsize_t wc = cc / 4;
-
-- assert((cc%(4*stride))==0);
-+ if((cc%(4*stride))!=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "horAcc32",
-+ "%s", "cc%(4*stride))!=0");
-+ return 0;
-+ }
-
- if (wc > stride) {
- wc -= stride;
-@@ -377,12 +395,13 @@ horAcc32(TIFF* tif, uint8* cp0, tmsize_t cc)
- wc -= stride;
- } while (wc > 0);
- }
-+ return 1;
- }
-
- /*
- * Floating point predictor accumulation routine.
- */
--static void
-+static int
- fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- tmsize_t stride = PredictorState(tif)->stride;
-@@ -392,10 +411,15 @@ fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
- uint8 *cp = (uint8 *) cp0;
- uint8 *tmp = (uint8 *)_TIFFmalloc(cc);
-
-- assert((cc%(bps*stride))==0);
-+ if(cc%(bps*stride)!=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "fpAcc",
-+ "%s", "cc%(bps*stride))!=0");
-+ return 0;
-+ }
-
- if (!tmp)
-- return;
-+ return 0;
-
- while (count > stride) {
- REPEAT4(stride, cp[stride] =
-@@ -417,6 +441,7 @@ fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
- }
- }
- _TIFFfree(tmp);
-+ return 1;
- }
-
- /*
-@@ -432,8 +457,7 @@ PredictorDecodeRow(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- assert(sp->decodepfunc != NULL);
-
- if ((*sp->decoderow)(tif, op0, occ0, s)) {
-- (*sp->decodepfunc)(tif, op0, occ0);
-- return 1;
-+ return (*sp->decodepfunc)(tif, op0, occ0);
- } else
- return 0;
- }
-@@ -456,10 +480,16 @@ PredictorDecodeTile(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- if ((*sp->decodetile)(tif, op0, occ0, s)) {
- tmsize_t rowsize = sp->rowsize;
- assert(rowsize > 0);
-- assert((occ0%rowsize)==0);
-+ if((occ0%rowsize) !=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "PredictorDecodeTile",
-+ "%s", "occ0%rowsize != 0");
-+ return 0;
-+ }
- assert(sp->decodepfunc != NULL);
- while (occ0 > 0) {
-- (*sp->decodepfunc)(tif, op0, rowsize);
-+ if( !(*sp->decodepfunc)(tif, op0, rowsize) )
-+ return 0;
- occ0 -= rowsize;
- op0 += rowsize;
- }
-@@ -468,14 +498,19 @@ PredictorDecodeTile(TIFF* tif, uint8* op0, tmsize_t occ0, uint16 s)
- return 0;
- }
-
--static void
-+static int
- horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- TIFFPredictorState* sp = PredictorState(tif);
- tmsize_t stride = sp->stride;
- unsigned char* cp = (unsigned char*) cp0;
-
-- assert((cc%stride)==0);
-+ if((cc%stride)!=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "horDiff8",
-+ "%s", "(cc%stride)!=0");
-+ return 0;
-+ }
-
- if (cc > stride) {
- cc -= stride;
-@@ -513,9 +548,10 @@ horDiff8(TIFF* tif, uint8* cp0, tmsize_t cc)
- } while ((cc -= stride) > 0);
- }
- }
-+ return 1;
- }
-
--static void
-+static int
- horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- TIFFPredictorState* sp = PredictorState(tif);
-@@ -523,7 +559,12 @@ horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc)
- uint16 *wp = (uint16*) cp0;
- tmsize_t wc = cc/2;
-
-- assert((cc%(2*stride))==0);
-+ if((cc%(2*stride))!=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "horDiff8",
-+ "%s", "(cc%(2*stride))!=0");
-+ return 0;
-+ }
-
- if (wc > stride) {
- wc -= stride;
-@@ -533,20 +574,23 @@ horDiff16(TIFF* tif, uint8* cp0, tmsize_t cc)
- wc -= stride;
- } while (wc > 0);
- }
-+ return 1;
- }
-
--static void
-+static int
- swabHorDiff16(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- uint16* wp = (uint16*) cp0;
- tmsize_t wc = cc / 2;
-
-- horDiff16(tif, cp0, cc);
-+ if( !horDiff16(tif, cp0, cc) )
-+ return 0;
-
- TIFFSwabArrayOfShort(wp, wc);
-+ return 1;
- }
-
--static void
-+static int
- horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- TIFFPredictorState* sp = PredictorState(tif);
-@@ -554,7 +598,12 @@ horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc)
- uint32 *wp = (uint32*) cp0;
- tmsize_t wc = cc/4;
-
-- assert((cc%(4*stride))==0);
-+ if((cc%(4*stride))!=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "horDiff32",
-+ "%s", "(cc%(4*stride))!=0");
-+ return 0;
-+ }
-
- if (wc > stride) {
- wc -= stride;
-@@ -564,23 +613,26 @@ horDiff32(TIFF* tif, uint8* cp0, tmsize_t cc)
- wc -= stride;
- } while (wc > 0);
- }
-+ return 1;
- }
-
--static void
-+static int
- swabHorDiff32(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- uint32* wp = (uint32*) cp0;
- tmsize_t wc = cc / 4;
-
-- horDiff32(tif, cp0, cc);
-+ if( !horDiff32(tif, cp0, cc) )
-+ return 0;
-
- TIFFSwabArrayOfLong(wp, wc);
-+ return 1;
- }
-
- /*
- * Floating point predictor differencing routine.
- */
--static void
-+static int
- fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
- {
- tmsize_t stride = PredictorState(tif)->stride;
-@@ -590,10 +642,14 @@ fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
- uint8 *cp = (uint8 *) cp0;
- uint8 *tmp = (uint8 *)_TIFFmalloc(cc);
-
-- assert((cc%(bps*stride))==0);
--
-+ if((cc%(bps*stride))!=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "fpDiff",
-+ "%s", "(cc%(bps*stride))!=0");
-+ return 0;
-+ }
- if (!tmp)
-- return;
-+ return 0;
-
- _TIFFmemcpy(tmp, cp0, cc);
- for (count = 0; count < wc; count++) {
-@@ -613,6 +669,7 @@ fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
- cp += cc - stride - 1;
- for (count = cc; count > stride; count -= stride)
- REPEAT4(stride, cp[stride] = (unsigned char)((cp[stride] - cp[0])&0xff); cp--)
-+ return 1;
- }
-
- static int
-@@ -625,7 +682,8 @@ PredictorEncodeRow(TIFF* tif, uint8* bp, tmsize_t cc, uint16 s)
- assert(sp->encoderow != NULL);
-
- /* XXX horizontal differencing alters user's data XXX */
-- (*sp->encodepfunc)(tif, bp, cc);
-+ if( !(*sp->encodepfunc)(tif, bp, cc) )
-+ return 0;
- return (*sp->encoderow)(tif, bp, cc, s);
- }
-
-@@ -660,7 +718,12 @@ PredictorEncodeTile(TIFF* tif, uint8* bp0, tmsize_t cc0, uint16 s)
-
- rowsize = sp->rowsize;
- assert(rowsize > 0);
-- assert((cc0%rowsize)==0);
-+ if((cc0%rowsize)!=0)
-+ {
-+ TIFFErrorExt(tif->tif_clientdata, "PredictorEncodeTile",
-+ "%s", "(cc0%rowsize)!=0");
-+ return 0;
-+ }
- while (cc > 0) {
- (*sp->encodepfunc)(tif, bp, rowsize);
- cc -= rowsize;
-diff --git a/libtiff/tif_predict.h b/libtiff/tif_predict.h
-index 91330cc..9e485a4 100644
---- a/libtiff/tif_predict.h
-+++ b/libtiff/tif_predict.h
-@@ -30,6 +30,8 @@
- * ``Library-private'' Support for the Predictor Tag
- */
-
-+typedef int (*TIFFEncodeDecodeMethod)(TIFF* tif, uint8* buf, tmsize_t size);
-+
- /*
- * Codecs that want to support the Predictor tag must place
- * this structure first in their private state block so that
-@@ -43,12 +45,12 @@ typedef struct {
- TIFFCodeMethod encoderow; /* parent codec encode/decode row */
- TIFFCodeMethod encodestrip; /* parent codec encode/decode strip */
- TIFFCodeMethod encodetile; /* parent codec encode/decode tile */
-- TIFFPostMethod encodepfunc; /* horizontal differencer */
-+ TIFFEncodeDecodeMethod encodepfunc; /* horizontal differencer */
-
- TIFFCodeMethod decoderow; /* parent codec encode/decode row */
- TIFFCodeMethod decodestrip; /* parent codec encode/decode strip */
- TIFFCodeMethod decodetile; /* parent codec encode/decode tile */
-- TIFFPostMethod decodepfunc; /* horizontal accumulator */
-+ TIFFEncodeDecodeMethod decodepfunc; /* horizontal accumulator */
-
- TIFFVGetMethod vgetparent; /* super-class method */
- TIFFVSetMethod vsetparent; /* super-class method */
---
-2.9.3
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch
deleted file mode 100644
index 977dbf6..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-9535-2.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 6a984bf7905c6621281588431f384e79d11a2e33 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Fri, 4 Nov 2016 09:19:13 +0000
-Subject: [PATCH 2/2] Fix CVE-2016-9535
-* libtiff/tif_predic.c: fix memory leaks in error code
- paths added in previous commit (fix for MSVR 35105)
-
-CVE: CVE-2016-9535
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
-
-Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
-
----
- libtiff/tif_predict.c | 8 ++++++--
- 1 files changed, 11 insertions(+), 2 deletions(-)
-
-diff --git a/libtiff/tif_predict.c b/libtiff/tif_predict.c
-index b829259..3f42f3b 100644
---- a/libtiff/tif_predict.c
-+++ b/libtiff/tif_predict.c
-@@ -409,7 +409,7 @@ fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
- tmsize_t wc = cc / bps;
- tmsize_t count = cc;
- uint8 *cp = (uint8 *) cp0;
-- uint8 *tmp = (uint8 *)_TIFFmalloc(cc);
-+ uint8 *tmp;
-
- if(cc%(bps*stride)!=0)
- {
-@@ -418,6 +418,7 @@ fpAcc(TIFF* tif, uint8* cp0, tmsize_t cc)
- return 0;
- }
-
-+ tmp = (uint8 *)_TIFFmalloc(cc);
- if (!tmp)
- return 0;
-
-@@ -640,7 +641,7 @@ fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
- tmsize_t wc = cc / bps;
- tmsize_t count;
- uint8 *cp = (uint8 *) cp0;
-- uint8 *tmp = (uint8 *)_TIFFmalloc(cc);
-+ uint8 *tmp;
-
- if((cc%(bps*stride))!=0)
- {
-@@ -648,6 +649,8 @@ fpDiff(TIFF* tif, uint8* cp0, tmsize_t cc)
- "%s", "(cc%(bps*stride))!=0");
- return 0;
- }
-+
-+ tmp = (uint8 *)_TIFFmalloc(cc);
- if (!tmp)
- return 0;
-
-@@ -722,6 +725,7 @@ PredictorEncodeTile(TIFF* tif, uint8* bp0, tmsize_t cc0, uint16 s)
- {
- TIFFErrorExt(tif->tif_clientdata, "PredictorEncodeTile",
- "%s", "(cc0%rowsize)!=0");
-+ _TIFFfree( working_copy );
- return 0;
- }
- while (cc > 0) {
---
-2.9.3
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-9538.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-9538.patch
deleted file mode 100644
index e1141df..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-9538.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 43c0b81a818640429317c80fea1e66771e85024b Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sat, 8 Oct 2016 15:04:31 +0000
-Subject: [PATCH] Fix CVE-2016-9538
-* tools/tiffcp.c: fix read of undefined variable in case of
- missing required tags. Found on test case of MSVR 35100. * tools/tiffcrop.c:
- fix read of undefined buffer in readContigStripsIntoBuffer() due to uint16
- overflow. Probably not a security issue but I can be wrong. Reported as MSVR
- 35100 by Axel Souchet from the MSRC Vulnerabilities & Mitigations team.
-
-CVE: CVE-2016-9538
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
-
-Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
-
----
- tools/tiffcp.c | 4 ++--
- tools/tiffcrop.c | 9 ++++++---
- 2 files changed, 17 insertions(+), 5 deletions(-)
-
-diff --git a/tools/tiffcp.c b/tools/tiffcp.c
-index ba2b715..4ad74d3 100644
---- a/tools/tiffcp.c
-+++ b/tools/tiffcp.c
-@@ -592,8 +592,8 @@ static copyFunc pickCopyFunc(TIFF*, TIFF*, uint16, uint16);
- static int
- tiffcp(TIFF* in, TIFF* out)
- {
-- uint16 bitspersample, samplesperpixel;
-- uint16 input_compression, input_photometric;
-+ uint16 bitspersample, samplesperpixel = 1;
-+ uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
- copyFunc cf;
- uint32 width, length;
- struct cpTag* p;
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index 7685566..eb6de77 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -3628,7 +3628,7 @@ static int readContigStripsIntoBuffer (TIFF* in, uint8* buf)
- {
- uint8* bufp = buf;
- int32 bytes_read = 0;
-- uint16 strip, nstrips = TIFFNumberOfStrips(in);
-+ uint32 strip, nstrips = TIFFNumberOfStrips(in);
- uint32 stripsize = TIFFStripSize(in);
- uint32 rows = 0;
- uint32 rps = TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
-@@ -4711,9 +4711,12 @@ static int readSeparateStripsIntoBuffer (TIFF *in, uint8 *obuf, uint32 length,
- uint32 width, uint16 spp,
- struct dump_opts *dump)
- {
-- int i, j, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
-+ int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
-+ uint32 j;
- int32 bytes_read = 0;
-- uint16 bps, nstrips, planar, strips_per_sample;
-+ uint16 bps, planar;
-+ uint32 nstrips;
-+ uint32 strips_per_sample;
- uint32 src_rowsize, dst_rowsize, rows_processed, rps;
- uint32 rows_this_strip = 0;
- tsample_t s;
---
-2.9.3
-
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch
deleted file mode 100644
index 1d9be42..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-9539.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From ae9365db1b271b62b35ce018eac8799b1d5e8a53 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Fri, 14 Oct 2016 19:13:20 +0000
-Subject: [PATCH ] * tools/tiffcrop.c: fix out-of-bound read of up to 3 bytes
- in readContigTilesIntoBuffer(). Reported as MSVR 35092 by Axel Souchet
- & Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
-
-CVE: CVE-2016-9539
-
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
-
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
-
----
- ChangeLog | 6 ++++++
- tools/tiffcrop.c | 11 ++++++++++-
- 2 files changed, 16 insertions(+), 1 deletion(-)
-
-Index: tiff-4.0.6/ChangeLog
-===================================================================
---- tiff-4.0.6.orig/ChangeLog 2016-11-28 14:56:32.109283913 +0800
-+++ tiff-4.0.6/ChangeLog 2016-11-28 16:36:01.805325534 +0800
-@@ -17,6 +17,12 @@
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
- (CVE-2014-8127, duplicate: CVE-2016-3658)
-
-+2016-10-14 Even Rouault <even.rouault at spatialys.com>
-+
-+ * tools/tiffcrop.c: fix out-of-bound read of up to 3 bytes in
-+ readContigTilesIntoBuffer(). Reported as MSVR 35092 by Axel Souchet
-+ & Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team.
-+
- 2016-10-08 Even Rouault <even.rouault at spatialys.com>
-
- * tools/tiffcp.c: fix out-of-bounds write on tiled images with odd
-Index: tiff-4.0.6/tools/tiffcrop.c
-===================================================================
---- tiff-4.0.6.orig/tools/tiffcrop.c 2016-11-28 14:56:31.433283908 +0800
-+++ tiff-4.0.6/tools/tiffcrop.c 2016-11-28 16:42:13.793328128 +0800
-@@ -819,9 +819,18 @@
- }
- }
-
-- tilebuf = _TIFFmalloc(tile_buffsize);
-+ /* Add 3 padding bytes for extractContigSamplesShifted32bits */
-+ if( tile_buffsize > 0xFFFFFFFFU - 3 )
-+ {
-+ TIFFError("readContigTilesIntoBuffer", "Integer overflow when calculating buffer size.");
-+ exit(-1);
-+ }
-+ tilebuf = _TIFFmalloc(tile_buffsize + 3);
- if (tilebuf == 0)
- return 0;
-+ tilebuf[tile_buffsize] = 0;
-+ tilebuf[tile_buffsize+1] = 0;
-+ tilebuf[tile_buffsize+2] = 0;
-
- dst_rowsize = ((imagewidth * bps * spp) + 7) / 8;
- for (row = 0; row < imagelength; row += tl)
diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2016-9540.patch b/meta/recipes-multimedia/libtiff/files/CVE-2016-9540.patch
deleted file mode 100644
index dddaa0c..0000000
--- a/meta/recipes-multimedia/libtiff/files/CVE-2016-9540.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3 Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Sat, 8 Oct 2016 15:54:56 +0000
-Subject: [PATCH] fix CVE-2016-9540
- * tools/tiffcp.c: fix out-of-bounds write on tiled images with odd
- tile width vs image width. Reported as MSVR 35103
- by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities &
- Mitigations team.
-
-CVE: CVE-2016-9540
-
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
-
-Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
----
- ChangeLog | 7 +++++++
- tools/tiffcp.c | 4 ++--
- 2 files changed, 9 insertions(+), 2 deletions(-)
-
-Index: tiff-4.0.4/ChangeLog
-===================================================================
---- tiff-4.0.4.orig/ChangeLog 2016-11-24 14:40:43.046867737 +0800
-+++ tiff-4.0.4/ChangeLog 2016-11-28 14:38:01.681276171 +0800
-@@ -17,6 +17,13 @@
- Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2500
- (CVE-2014-8127, duplicate: CVE-2016-3658)
-
-+2016-10-08 Even Rouault <even.rouault at spatialys.com>
-+
-+ * tools/tiffcp.c: fix out-of-bounds write on tiled images with odd
-+ tile width vs image width. Reported as MSVR 35103
-+ by Axel Souchet and Vishal Chauhan from the MSRC Vulnerabilities &
-+ Mitigations team.
-+
- 2016-09-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
-
- * libtiff/tif_getimage.c (TIFFRGBAImageOK): Reject attempts to
-Index: tiff-4.0.4/tools/tiffcp.c
-===================================================================
---- tiff-4.0.4.orig/tools/tiffcp.c 2015-06-21 09:09:10.000000000 +0800
-+++ tiff-4.0.4/tools/tiffcp.c 2016-11-28 14:41:02.221277430 +0800
-@@ -1338,7 +1338,7 @@
- uint32 colb = 0;
- uint32 col;
-
-- for (col = 0; col < imagewidth; col += tw) {
-+ for (col = 0; col < imagewidth && colb < imagew; col += tw) {
- if (TIFFReadTile(in, tilebuf, col, row, 0, 0) < 0
- && !ignore) {
- TIFFError(TIFFFileName(in),
-@@ -1523,7 +1523,7 @@
- uint32 colb = 0;
- uint32 col;
-
-- for (col = 0; col < imagewidth; col += tw) {
-+ for (col = 0; col < imagewidth && colb < imagew; col += tw) {
- /*
- * Tile is clipped horizontally. Calculate
- * visible portion and skewing factors.
diff --git a/meta/recipes-multimedia/libtiff/files/Fix_several_CVE_issues.patch b/meta/recipes-multimedia/libtiff/files/Fix_several_CVE_issues.patch
deleted file mode 100644
index bd587e6..0000000
--- a/meta/recipes-multimedia/libtiff/files/Fix_several_CVE_issues.patch
+++ /dev/null
@@ -1,281 +0,0 @@
-From 83a4b92815ea04969d494416eaae3d4c6b338e4a Mon Sep 17 00:00:00 2001
-From: erouault <erouault>
-Date: Fri, 23 Sep 2016 22:12:18 +0000
-Subject: [PATCH] Fix several CVE issues
-
-Fix CVE-2016-9533, CVE-2016-9534, CVE-2016-9536 and CVE-2016-9537
-
-* tools/tiffcrop.c: fix various out-of-bounds write
- vulnerabilities in heap or stack allocated buffers. Reported as MSVR 35093,
- MSVR 35096 and MSVR 35097. Discovered by Axel Souchet and Vishal Chauhan from
- the MSRC Vulnerabilities & Mitigations team. * tools/tiff2pdf.c: fix
- out-of-bounds write vulnerabilities in heap allocate buffer in
- t2p_process_jpeg_strip(). Reported as MSVR 35098. Discovered by Axel Souchet
- and Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team. *
- libtiff/tif_pixarlog.c: fix out-of-bounds write vulnerabilities in heap
- allocated buffers. Reported as MSVR 35094. Discovered by Axel Souchet and
- Vishal Chauhan from the MSRC Vulnerabilities & Mitigations team. *
- libtiff/tif_write.c: fix issue in error code path of TIFFFlushData1() that
- didn't reset the tif_rawcc and tif_rawcp members. I'm not completely sure if
- that could happen in practice outside of the odd behaviour of t2p_seekproc()
- of tiff2pdf). The report points that a better fix could be to check the
- return value of TIFFFlushData1() in places where it isn't done currently, but
- it seems this patch is enough. Reported as MSVR 35095. Discovered by Axel
- Souchet & Vishal Chauhan & Suha Can from the MSRC Vulnerabilities &
- Mitigations team.
-
-CVE: CVE-2016-9533, CVE-2016-9534, CVE-2016-9536, CVE-2016-9537
-Upstream-Status: Backport
-https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
-
-Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
-
----
- libtiff/tif_pixarlog.c | 55 +++++++++++++++++++++-----------------------------
- libtiff/tif_write.c | 7 +++++++
- tools/tiff2pdf.c | 22 ++++++++++++++++++--
- tools/tiffcrop.c | 20 +++++++++++++++++-
- 4 files changed, 92 insertions(+), 35 deletions(-)
-
-diff --git a/libtiff/tif_pixarlog.c b/libtiff/tif_pixarlog.c
-index 1fb8f3b..d1246c3 100644
---- a/libtiff/tif_pixarlog.c
-+++ b/libtiff/tif_pixarlog.c
-@@ -983,17 +983,14 @@ horizontalDifferenceF(float *ip, int n, int stride, uint16 *wp, uint16 *FromLT2)
- a1 = (int32) CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1;
- }
- } else {
-- ip += n - 1; /* point to last one */
-- wp += n - 1; /* point to last one */
-- n -= stride;
-- while (n > 0) {
-- REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]);
-- wp[stride] -= wp[0];
-- wp[stride] &= mask;
-- wp--; ip--)
-- n -= stride;
-- }
-- REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp--; ip--)
-+ REPEAT(stride, wp[0] = (uint16) CLAMP(ip[0]); wp++; ip++)
-+ n -= stride;
-+ while (n > 0) {
-+ REPEAT(stride,
-+ wp[0] = (uint16)(((int32)CLAMP(ip[0])-(int32)CLAMP(ip[-stride])) & mask);
-+ wp++; ip++)
-+ n -= stride;
-+ }
- }
- }
- }
-@@ -1036,17 +1033,14 @@ horizontalDifference16(unsigned short *ip, int n, int stride,
- a1 = CLAMP(ip[3]); wp[3] = (uint16)((a1-a2) & mask); a2 = a1;
- }
- } else {
-- ip += n - 1; /* point to last one */
-- wp += n - 1; /* point to last one */
-+ REPEAT(stride, wp[0] = CLAMP(ip[0]); wp++; ip++)
- n -= stride;
- while (n > 0) {
-- REPEAT(stride, wp[0] = CLAMP(ip[0]);
-- wp[stride] -= wp[0];
-- wp[stride] &= mask;
-- wp--; ip--)
-- n -= stride;
-- }
-- REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--)
-+ REPEAT(stride,
-+ wp[0] = (uint16)((CLAMP(ip[0])-CLAMP(ip[-stride])) & mask);
-+ wp++; ip++)
-+ n -= stride;
-+ }
- }
- }
- }
-@@ -1089,18 +1083,15 @@ horizontalDifference8(unsigned char *ip, int n, int stride,
- ip += 4;
- }
- } else {
-- wp += n + stride - 1; /* point to last one */
-- ip += n + stride - 1; /* point to last one */
-- n -= stride;
-- while (n > 0) {
-- REPEAT(stride, wp[0] = CLAMP(ip[0]);
-- wp[stride] -= wp[0];
-- wp[stride] &= mask;
-- wp--; ip--)
-- n -= stride;
-- }
-- REPEAT(stride, wp[0] = CLAMP(ip[0]); wp--; ip--)
-- }
-+ REPEAT(stride, wp[0] = CLAMP(ip[0]); wp++; ip++)
-+ n -= stride;
-+ while (n > 0) {
-+ REPEAT(stride,
-+ wp[0] = (uint16)((CLAMP(ip[0])-CLAMP(ip[-stride])) & mask);
-+ wp++; ip++)
-+ n -= stride;
-+ }
-+ }
- }
- }
-
-diff --git a/libtiff/tif_write.c b/libtiff/tif_write.c
-index f9a3fc0..d8fa802 100644
---- a/libtiff/tif_write.c
-+++ b/libtiff/tif_write.c
-@@ -798,7 +798,14 @@ TIFFFlushData1(TIFF* tif)
- if (!TIFFAppendToStrip(tif,
- isTiled(tif) ? tif->tif_curtile : tif->tif_curstrip,
- tif->tif_rawdata, tif->tif_rawcc))
-+ {
-+ /* We update those variables even in case of error since there's */
-+ /* code that doesn't really check the return code of this */
-+ /* function */
-+ tif->tif_rawcc = 0;
-+ tif->tif_rawcp = tif->tif_rawdata;
- return (0);
-+ }
- tif->tif_rawcc = 0;
- tif->tif_rawcp = tif->tif_rawdata;
- }
-diff --git a/tools/tiff2pdf.c b/tools/tiff2pdf.c
-index dcd5a7e..f8df6b5 100644
---- a/tools/tiff2pdf.c
-+++ b/tools/tiff2pdf.c
-@@ -286,7 +286,7 @@ tsize_t t2p_readwrite_pdf_image_tile(T2P*, TIFF*, TIFF*, ttile_t);
- int t2p_process_ojpeg_tables(T2P*, TIFF*);
- #endif
- #ifdef JPEG_SUPPORT
--int t2p_process_jpeg_strip(unsigned char*, tsize_t*, unsigned char*, tsize_t*, tstrip_t, uint32);
-+int t2p_process_jpeg_strip(unsigned char*, tsize_t*, unsigned char*, tsize_t, tsize_t*, tstrip_t, uint32);
- #endif
- void t2p_tile_collapse_left(tdata_t, tsize_t, uint32, uint32, uint32);
- void t2p_write_advance_directory(T2P*, TIFF*);
-@@ -2408,7 +2408,8 @@ tsize_t t2p_readwrite_pdf_image(T2P* t2p, TIFF* input, TIFF* output){
- if(!t2p_process_jpeg_strip(
- stripbuffer,
- &striplength,
-- buffer,
-+ buffer,
-+ t2p->tiff_datasize,
- &bufferoffset,
- i,
- t2p->tiff_length)){
-@@ -3439,6 +3440,7 @@ int t2p_process_jpeg_strip(
- unsigned char* strip,
- tsize_t* striplength,
- unsigned char* buffer,
-+ tsize_t buffersize,
- tsize_t* bufferoffset,
- tstrip_t no,
- uint32 height){
-@@ -3473,6 +3475,8 @@ int t2p_process_jpeg_strip(
- }
- switch( strip[i] ){
- case 0xd8: /* SOI - start of image */
-+ if( *bufferoffset + 2 > buffersize )
-+ return(0);
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), 2);
- *bufferoffset+=2;
- break;
-@@ -3482,12 +3486,18 @@ int t2p_process_jpeg_strip(
- case 0xc9: /* SOF9 */
- case 0xca: /* SOF10 */
- if(no==0){
-+ if( *bufferoffset + datalen + 2 + 6 > buffersize )
-+ return(0);
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
-+ if( *bufferoffset + 9 >= buffersize )
-+ return(0);
- ncomp = buffer[*bufferoffset+9];
- if (ncomp < 1 || ncomp > 4)
- return(0);
- v_samp=1;
- h_samp=1;
-+ if( *bufferoffset + 11 + 3*(ncomp-1) >= buffersize )
-+ return(0);
- for(j=0;j<ncomp;j++){
- uint16 samp = buffer[*bufferoffset+11+(3*j)];
- if( (samp>>4) > h_samp)
-@@ -3519,20 +3529,28 @@ int t2p_process_jpeg_strip(
- break;
- case 0xc4: /* DHT */
- case 0xdb: /* DQT */
-+ if( *bufferoffset + datalen + 2 > buffersize )
-+ return(0);
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
- *bufferoffset+=datalen+2;
- break;
- case 0xda: /* SOS */
- if(no==0){
-+ if( *bufferoffset + datalen + 2 > buffersize )
-+ return(0);
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i-1]), datalen+2);
- *bufferoffset+=datalen+2;
- } else {
-+ if( *bufferoffset + 2 > buffersize )
-+ return(0);
- buffer[(*bufferoffset)++]=0xff;
- buffer[(*bufferoffset)++]=
- (unsigned char)(0xd0 | ((no-1)%8));
- }
- i += datalen + 1;
- /* copy remainder of strip */
-+ if( *bufferoffset + *striplength - i > buffersize )
-+ return(0);
- _TIFFmemcpy(&(buffer[*bufferoffset]), &(strip[i]), *striplength - i);
- *bufferoffset+= *striplength - i;
- return(1);
-diff --git a/tools/tiffcrop.c b/tools/tiffcrop.c
-index ebc4aba..7685566 100644
---- a/tools/tiffcrop.c
-+++ b/tools/tiffcrop.c
-@@ -5758,7 +5758,8 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
- {
- uint32 i;
- float xres = 0.0, yres = 0.0;
-- uint16 nstrips = 0, ntiles = 0, planar = 0;
-+ uint32 nstrips = 0, ntiles = 0;
-+ uint16 planar = 0;
- uint16 bps = 0, spp = 0, res_unit = 0;
- uint16 orientation = 0;
- uint16 input_compression = 0, input_photometric = 0;
-@@ -6066,11 +6067,23 @@ loadImage(TIFF* in, struct image_data *image, struct dump_opts *dump, unsigned c
- /* +3 : add a few guard bytes since reverseSamples16bits() can read a bit */
- /* outside buffer */
- if (!read_buff)
-+ {
-+ if( buffsize > 0xFFFFFFFFU - 3 )
-+ {
-+ TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
-+ return (-1);
-+ }
- read_buff = (unsigned char *)_TIFFmalloc(buffsize+3);
-+ }
- else
- {
- if (prev_readsize < buffsize)
-+ {
-+ if( buffsize > 0xFFFFFFFFU - 3 )
- {
-+ TIFFError("loadImage", "Unable to allocate/reallocate read buffer");
-+ return (-1);
-+ }
- new_buff = _TIFFrealloc(read_buff, buffsize+3);
- if (!new_buff)
- {
-@@ -8912,6 +8925,11 @@ reverseSamplesBytes (uint16 spp, uint16 bps, uint32 width,
- }
-
- bytes_per_pixel = ((bps * spp) + 7) / 8;
-+ if( bytes_per_pixel > sizeof(swapbuff) )
-+ {
-+ TIFFError("reverseSamplesBytes","bytes_per_pixel too large");
-+ return (1);
-+ }
- switch (bps / 8)
- {
- case 8: /* Use memcpy for multiple bytes per sample data */
---
-2.9.3
-
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb b/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
similarity index 65%
rename from meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
rename to meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
index 450927d..bbc7389 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.0.6.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.0.7.bb
@@ -6,29 +6,10 @@ CVE_NAME = "libtiff"
SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://libtool2.patch \
- file://CVE-2015-8665_8683.patch \
- file://CVE-2015-8781.patch \
- file://CVE-2015-8784.patch \
- file://CVE-2016-3186.patch \
- file://CVE-2016-5321.patch \
- file://CVE-2016-5323.patch \
- file://CVE-2016-3945.patch \
- file://CVE-2016-3990.patch \
- file://CVE-2016-3991.patch \
- file://CVE-2016-3623.patch \
- file://CVE-2016-3622.patch \
- file://CVE-2016-3658.patch \
- file://CVE-2016-3632.patch \
- file://CVE-2016-9540.patch \
- file://CVE-2016-9539.patch \
- file://CVE-2016-9535-1.patch \
- file://CVE-2016-9535-2.patch \
- file://CVE-2016-9538.patch \
- file://Fix_several_CVE_issues.patch \
"
-SRC_URI[md5sum] = "d1d2e940dea0b5ad435f21f03d96dd72"
-SRC_URI[sha256sum] = "4d57a50907b510e3049a4bba0d7888930fdfc16ce49f1bf693e5b6247370d68c"
+SRC_URI[md5sum] = "77ae928d2c6b7fb46a21c3a29325157b"
+SRC_URI[sha256sum] = "9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019"
# exclude betas
UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
--
2.7.4
^ permalink raw reply related
* Re: [PATCH] edgerouter.conf: enable generation of wic.bmap
From: Christopher Larson @ 2016-12-10 18:40 UTC (permalink / raw)
To: Ed Bartosh; +Cc: Patches and discussions about the oe-core layer
In-Reply-To: <1481305586-11873-1-git-send-email-ed.bartosh@linux.intel.com>
[-- Attachment #1: Type: text/plain, Size: 934 bytes --]
On Fri, Dec 9, 2016 at 10:46 AM, Ed Bartosh <ed.bartosh@linux.intel.com>
wrote:
> Enabled generation of block map(bmap) files for wic images
> built for edgerouter machine. This should simplify flashing
> images with bmaptool.
>
> [YOCTO #10621]
>
> Signed-off-by: Ed Bartosh <ed.bartosh@linux.intel.com>
>
I think this is more of a distro decision than machine, whether they want
to support use of bmaptool for their users/customers. It’d be nice if it
was easier to control compression from the distro, too. For example, if we
want to distribute wic.bz2+wic.bmap in our installers, it’d be nice to be
able to switch to that for all machines that use wic. I’m not sure how best
to pull that off, however. Something to think about for the future.
--
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
[-- Attachment #2: Type: text/html, Size: 1424 bytes --]
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox