[OE-core] [PATCHv3 10/30] vte: Upgrade to 0.44.1
Mark Asselstine
mark.asselstine at windriver.com
Thu Jun 16 17:45:08 UTC 2016
On 14 June 2016 at 11:14, Jussi Kukkonen <jussi.kukkonen at intel.com
> <mailto:jussi.kukkonen at intel.com>> wrote:
>
> * License change LGPL 2.0 -> LGPL 2.1+
> * vte-termcap is no more
> * API break: current version seems to be parallel installable
> with old one, but I did not opt for that.
> * Add patch to avoid stack protection by default
> * Add SECURITY_NO_PIE_CFLAGS exception until linking failure with
> libc_nonshared.a is resolved (undefined reference to
> __init_array_start)
>
>
> Just found out Khem has worked around a similar problem with
> libtool-cross already: I've modified this patch so
> that SECURITY_NO_PIE_CFLAGS is no longer used, but instead libtool-cross
> is used:
>
> +# libtool adds "-nostdlib" when g++ is used. This breaks PIE builds.
> +# Use libtool-cross (which has a hack to prevent that) instead.
> +EXTRA_OEMAKE_class-target =
> "LIBTOOL=${STAGING_BINDIR_CROSS}/${HOST_SYS}-libtool"
>
> - Jussi
Just a heads up this this breaks xfce4-terminal. There is currently no
xfce4-terminal release which will function with vte api 2.91, only
ongoing work on their master branch as far as I can tell. I have no
idea how far reaching the effects of this change will be on
xfce. Before I spend any time on this is this something which folks
are aware of and is there a plan in place? Is there a possibility to
keep the older vte around?
Thanks,
Mark
>
>
> Signed-off-by: Jussi Kukkonen <jussi.kukkonen at intel.com
> <mailto:jussi.kukkonen at intel.com>>
> ---
> meta/conf/distro/include/security_flags.inc | 2 +
> .../vte/vte-0.28.2/cve-2012-2738.patch | 136
> ---------------------
> .../vte/vte-0.28.2/obsolete_automake_macros.patch | 14 ---
> meta/recipes-support/vte/vte.inc | 15 ---
> ...-Don-t-enable-stack-protection-by-default.patch | 29 +++++
> meta/recipes-support/vte/vte_0.28.2.bb <http://vte_0.28.2.bb>
>
> | 16 ---
>
> meta/recipes-support/vte/vte_0.44.1.bb <http://vte_0.44.1.bb>
>
> | 24 ++++
>
> 7 files changed, 55 insertions(+), 181 deletions(-)
> delete mode 100644
> meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> delete mode 100644
> meta/recipes-support/vte/vte-0.28.2/obsolete_automake_macros.patch
> delete mode 100644 meta/recipes-support/vte/vte.inc
> create mode 100644
>
> meta/recipes-support/vte/vte/0001-Don-t-enable-stack-protection-by-default.
> patch delete mode 100644 meta/recipes-support/vte/vte_0.28.2.bb
> <http://vte_0.28.2.bb>
> create mode 100644 meta/recipes-support/vte/vte_0.44.1.bb
> <http://vte_0.44.1.bb>
>
> diff --git a/meta/conf/distro/include/security_flags.inc
> b/meta/conf/distro/include/security_flags.inc
> index ea1d4e5..0df65e0 100644
> --- a/meta/conf/distro/include/security_flags.inc
> +++ b/meta/conf/distro/include/security_flags.inc
> @@ -95,6 +95,8 @@ SECURITY_CFLAGS_pn-zlib = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-ltp = "${SECURITY_NO_PIE_CFLAGS}"
> SECURITY_CFLAGS_pn-pulseaudio = "${SECURITY_NO_PIE_CFLAGS}"
>
> +SECURITY_CFLAGS_pn-vte = "${SECURITY_NO_PIE_CFLAGS}"
> +
> # Recipes which fail to compile when elevating -Wformat-security
> to an error
> SECURITY_STRINGFORMAT_pn-busybox = ""
> SECURITY_STRINGFORMAT_pn-console-tools = ""
> diff --git a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> b/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> deleted file mode 100644
> index 9b99803..0000000
> --- a/meta/recipes-support/vte/vte-0.28.2/cve-2012-2738.patch
> +++ /dev/null
> @@ -1,136 +0,0 @@
> -Upstream-Status: Backport
> -CVE: CVE-2012-2738
> -Signed-off-by: Ross Burton <ross.burton at intel.com
> <mailto:ross.burton at intel.com>>
> -
> -From e524b0b3bd8fad844ffa73927c199545b892cdbd Mon Sep 17 00:00:00 2001
> -From: Christian Persch <chpe at gnome.org
More information about the Openembedded-core
mailing list