[PATCH 00/12] Fixes for dangling patches

[PATCH 00/12] Fixes for dangling patches

[Robert Yang]

The following changes since commit 166f2587468ae71988c610858aad3f7ef67eccba:

  bison: don't depend on help2man (2015-04-21 11:29:30 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib rbt/dangling
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/dangling

Robert Yang (12):
  python3: remove sys_platform_is_now_always_linux2.patch
  mtd-utils: enable
    mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch
  nspr: remove nspr-CVE-2014-1545.patch
  libxml2: remove libxml2-CVE-2014-3660.patch
  bind: remove 5 backport patches
  logrotate: remove logrotate-CVE-2011-1548.patch
  kmod: remove 0001-Makefile.am-fix-parallel-build-problem.patch
  openssl: remove 3 patches
  lttng-modules: remove bio-bvec-iter.patch
  libaio: remove libaio-generic.patch
  texinfo: remove enumerate_greater_than_ten.patch
  elfutils: enable fix-build-gcc-4.8.patch

 .../bind/bind/bind-9.8.1-CVE-2012-5166.patch       |  119 ---------------
 .../bind/bind/bind-CVE-2011-4313.patch             |   89 -----------
 .../bind/bind/bind-CVE-2012-1667.patch             |   92 ------------
 .../bind/bind/bind-CVE-2013-2266.patch             |   41 -----
 .../bind/bind/bind-Fix-CVE-2012-4244.patch         |  141 ------------------
 .../openssl/openssl/debian/make-targets.patch      |   15 --
 ...NULL-pointer-dereference-in-dh_pub_encode.patch |   26 ----
 .../openssl/update-version-script-for-1.0.2.patch  |   66 ---------
 .../libxml/libxml2/libxml2-CVE-2014-3660.patch     |  147 ------------------
 meta/recipes-devtools/elfutils/elfutils_0.148.bb   |    1 +
 ...t-cleanmarker-with-flash_erase--j-command.patch |   22 +--
 meta/recipes-devtools/mtd/mtd-utils_git.bb         |    1 +
 .../sys_platform_is_now_always_linux2.patch        |   29 ----
 .../libaio/libaio/libaio-generic.patch             |   65 --------
 .../logrotate/logrotate-CVE-2011-1548.patch        |   43 ------
 .../texinfo/enumerate_greater_than_ten.patch       |   51 -------
 ...01-Makefile.am-fix-parallel-build-problem.patch |   29 ----
 .../lttng/lttng-modules/bio-bvec-iter.patch        |  156 --------------------
 .../nspr/nspr/nspr-CVE-2014-1545.patch             |   67 ---------
 19 files changed, 15 insertions(+), 1185 deletions(-)
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
 delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
 delete mode 100644 meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch
 delete mode 100644 meta/recipes-extended/libaio/libaio/libaio-generic.patch
 delete mode 100644 meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch
 delete mode 100644 meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch
 delete mode 100644 meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch
 delete mode 100644 meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch

-- 
1.7.9.5

[PATCH 01/12] python3: remove sys_platform_is_now_always_linux2.patch

[Robert Yang]

It is aready in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../sys_platform_is_now_always_linux2.patch        |   29 --------------------
 1 file changed, 29 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch

diff --git a/meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch b/meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch
deleted file mode 100644
index 506210f..0000000
--- a/meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Upstream-Status: Accepted [http://hg.python.org/cpython/rev/c816479f6aaf/]
-Bugtracker: http://bugs.python.org/issue12326
-
-[Removed "Misc/NEWS" hunk]
-
-Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
-
-# HG changeset patch
-# User Victor Stinner <victor.stinner@haypocalc.com>
-# Date 1313841758 -7200
-# Node ID c816479f6aaf71dbd3f3fe4b239186d60c55ce48
-# Parent  3e093590ac57fdda428c7da3f72ddf0c475ecf2b
-Issue #12326: sys.platform is now always 'linux2' on Linux
-
-Even if Python is compiled on Linux 3.
-
-Index: Python-3.3.0rc2/configure.ac
-===================================================================
---- Python-3.3.0rc2.orig/configure.ac	2012-09-09 02:11:14.000000000 -0700
-+++ Python-3.3.0rc2/configure.ac	2012-09-20 00:44:03.317124001 -0700
-@@ -366,7 +366,7 @@
-     MACHDEP="$ac_md_system$ac_md_release"
- 
-     case $MACHDEP in
--	linux*) MACHDEP="linux";;
-+	linux*) MACHDEP="linux2";;
- 	cygwin*) MACHDEP="cygwin";;
- 	darwin*) MACHDEP="darwin";;
- 	irix646) MACHDEP="irix6";;
-- 
1.7.9.5

[PATCH 02/12] mtd-utils: enable mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch

[Robert Yang]

We still need it, so update and enable it.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 ...t-cleanmarker-with-flash_erase--j-command.patch |   22 ++++++++++++--------
 meta/recipes-devtools/mtd/mtd-utils_git.bb         |    1 +
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/meta/recipes-devtools/mtd/mtd-utils/mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch b/meta/recipes-devtools/mtd/mtd-utils/mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch
index a66087e..7207cfc 100644
--- a/meta/recipes-devtools/mtd/mtd-utils/mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch
+++ b/meta/recipes-devtools/mtd/mtd-utils/mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch
@@ -36,6 +36,10 @@ JFFS2: Erase block at 0x00028000 is not formatted. It will be erased
 Signed-off-by: Liu Shuo <b35362@freescale.com>
 Signed-off-by: Li Yang <leoli@freescale.com>
 
+Updated for the new version
+
+Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
+
 ---
 v2 : get length of availble freeoob bytes from oobinfo information,
       not use the ioctl ECCGETLAYOUT which is being deprecated.
@@ -44,18 +48,18 @@ v2 : get length of availble freeoob bytes from oobinfo information,
  1 files changed, 39 insertions(+), 7 deletions(-)
 
 diff --git a/flash_erase.c b/flash_erase.c
-index fe2eaca..3e94495 100644
+index 933373a..4b9d84b 100644
 --- a/flash_erase.c
 +++ b/flash_erase.c
-@@ -98,6 +98,7 @@ int main(int argc, char *argv[])
- 	int isNAND;
+@@ -99,6 +99,7 @@ int main(int argc, char *argv[])
+ 	bool isNAND;
  	int error = 0;
- 	uint64_t offset = 0;
+ 	off_t offset = 0;
 +	void *oob_data = NULL;
  
  	/*
  	 * Process user arguments
-@@ -197,15 +198,43 @@ int main(int argc, char *argv[])
+@@ -201,15 +202,43 @@ int main(int argc, char *argv[])
  			if (ioctl(fd, MEMGETOOBSEL, &oobinfo) != 0)
  				return sys_errmsg("%s: unable to get NAND oobinfo", mtd_device);
  
@@ -104,7 +108,7 @@ index fe2eaca..3e94495 100644
  			} else {
  				/* Legacy mode */
  				switch (mtd.oob_size) {
-@@ -223,7 +252,6 @@ int main(int argc, char *argv[])
+@@ -227,7 +256,6 @@ int main(int argc, char *argv[])
  						break;
  				}
  			}
@@ -112,13 +116,13 @@ index fe2eaca..3e94495 100644
  		}
  		cleanmarker.hdr_crc = cpu_to_je32(mtd_crc32(0, &cleanmarker, sizeof(cleanmarker) - 4));
  	}
-@@ -272,7 +300,8 @@ int main(int argc, char *argv[])
+@@ -276,7 +304,8 @@ int main(int argc, char *argv[])
  
  		/* write cleanmarker */
  		if (isNAND) {
--			if (mtd_write_oob(mtd_desc, &mtd, fd, offset + clmpos, clmlen, &cleanmarker) != 0) {
+-			if (mtd_write_oob(mtd_desc, &mtd, fd, (uint64_t)offset + clmpos, clmlen, &cleanmarker) != 0) {
 +			void *data = oob_data ? oob_data + clmpos : &cleanmarker;
-+			if (mtd_write_oob(mtd_desc, &mtd, fd, offset + clmpos, clmlen, data) != 0) {
++			if (mtd_write_oob(mtd_desc, &mtd, fd, (uint64_t)offset + clmpos, clmlen, data) != 0) {
  				sys_errmsg("%s: MTD writeoob failure", mtd_device);
  				continue;
  			}
diff --git a/meta/recipes-devtools/mtd/mtd-utils_git.bb b/meta/recipes-devtools/mtd/mtd-utils_git.bb
index f991ea1..7010cac 100644
--- a/meta/recipes-devtools/mtd/mtd-utils_git.bb
+++ b/meta/recipes-devtools/mtd/mtd-utils_git.bb
@@ -14,6 +14,7 @@ SRC_URI = "git://git.infradead.org/mtd-utils.git \
            file://add-exclusion-to-mkfs-jffs2-git-2.patch \
            file://fix-armv7-neon-alignment.patch \
            file://0001-hashtable-Remove-duplicate-hashtable_iterator_value-.patch \
+           file://mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch \
 "
 
 S = "${WORKDIR}/git/"
-- 
1.7.9.5

[PATCH 03/12] nspr: remove nspr-CVE-2014-1545.patch

[Robert Yang]

It is a backport patch.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../nspr/nspr/nspr-CVE-2014-1545.patch             |   67 --------------------
 1 file changed, 67 deletions(-)
 delete mode 100644 meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch

diff --git a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch b/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
deleted file mode 100644
index 565ff16..0000000
--- a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix for CVE-2014-1545
-
-Upstream-Status: Backport
-
-Backported from nspr-4.10.6.tar.gz.
----
---- a/pr/src/io/prprf.c
-+++ b/pr/src/io/prprf.c
-@@ -50,6 +50,10 @@
- #include "prlog.h"
- #include "prmem.h"
- 
-+#ifdef _MSC_VER
-+#define snprintf _snprintf
-+#endif
-+
- /*
- ** WARNING: This code may *NOT* call PR_LOG (because PR_LOG calls it)
- */
-@@ -330,7 +334,7 @@
- ** Convert a double precision floating point number into its printable
- ** form.
- **
--** XXX stop using sprintf to convert floating point
-+** XXX stop using snprintf to convert floating point
- */
- static int cvt_f(SprintfState *ss, double d, const char *fmt0, const char *fmt1)
- {
-@@ -338,15 +342,14 @@
-     char fout[300];
-     int amount = fmt1 - fmt0;
- 
--    PR_ASSERT((amount > 0) && (amount < sizeof(fin)));
--    if (amount >= sizeof(fin)) {
--	/* Totally bogus % command to sprintf. Just ignore it */
-+    if (amount <= 0 || amount >= sizeof(fin)) {
-+        /* Totally bogus % command to snprintf. Just ignore it */
- 	return 0;
-     }
-     memcpy(fin, fmt0, amount);
-     fin[amount] = 0;
- 
--    /* Convert floating point using the native sprintf code */
-+    /* Convert floating point using the native snprintf code */
- #ifdef DEBUG
-     {
-         const char *p = fin;
-@@ -356,14 +359,11 @@
-         }
-     }
- #endif
--    sprintf(fout, fin, d);
--
--    /*
--    ** This assert will catch overflow's of fout, when building with
--    ** debugging on. At least this way we can track down the evil piece
--    ** of calling code and fix it!
--    */
--    PR_ASSERT(strlen(fout) < sizeof(fout));
-+    memset(fout, 0, sizeof(fout));
-+    snprintf(fout, sizeof(fout), fin, d);
-+    /* Explicitly null-terminate fout because on Windows snprintf doesn't
-+     * append a null-terminator if the buffer is too small. */
-+    fout[sizeof(fout) - 1] = '\0';
- 
-     return (*ss->stuff)(ss, fout, strlen(fout));
- }
-- 
1.7.9.5

[PATCH 04/12] libxml2: remove libxml2-CVE-2014-3660.patch

[Robert Yang]

It is a backport patch.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../libxml/libxml2/libxml2-CVE-2014-3660.patch     |  147 --------------------
 1 file changed, 147 deletions(-)
 delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch

diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
deleted file mode 100644
index b9621c9..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From be2a7edaf289c5da74a4f9ed3a0b6c733e775230 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 16 Oct 2014 13:59:47 +0800
-Subject: Fix for CVE-2014-3660
-
-Issues related to the billion laugh entity expansion which happened to
-escape the initial set of fixes
-
-Upstream-status: Backport
-Reference: https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230&context=3&ignorews=0&ss=0
-
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-
-diff --git a/parser.c b/parser.c
-index f51e8d2..1d93967 100644
---- a/parser.c
-+++ b/parser.c
-@@ -130,6 +130,29 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-         return (0);
-     if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
-         return (1);
-+
-+    /*
-+     * This may look absurd but is needed to detect
-+     * entities problems
-+     */
-+    if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) &&
-+	(ent->content != NULL) && (ent->checked == 0)) {
-+	unsigned long oldnbent = ctxt->nbentities;
-+	xmlChar *rep;
-+
-+	ent->checked = 1;
-+
-+	rep = xmlStringDecodeEntities(ctxt, ent->content,
-+				  XML_SUBSTITUTE_REF, 0, 0, 0);
-+
-+	ent->checked = (ctxt->nbentities - oldnbent + 1) * 2;
-+	if (rep != NULL) {
-+	    if (xmlStrchr(rep, '<'))
-+		ent->checked |= 1;
-+	    xmlFree(rep);
-+	    rep = NULL;
-+	}
-+    }
-     if (replacement != 0) {
- 	if (replacement < XML_MAX_TEXT_LENGTH)
- 	    return(0);
-@@ -189,9 +212,12 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-             return (0);
-     } else {
-         /*
--         * strange we got no data for checking just return
-+         * strange we got no data for checking
-          */
--        return (0);
-+	if (((ctxt->lastError.code != XML_ERR_UNDECLARED_ENTITY) &&
-+	     (ctxt->lastError.code != XML_WAR_UNDECLARED_ENTITY)) ||
-+	    (ctxt->nbentities <= 10000))
-+	    return (0);
-     }
-     xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
-     return (1);
-@@ -2589,6 +2615,7 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
- 				      name, NULL);
- 		    ctxt->valid = 0;
- 		}
-+		xmlParserEntityCheck(ctxt, 0, NULL, 0);
- 	    } else if (ctxt->input->free != deallocblankswrapper) {
- 		    input = xmlNewBlanksWrapperInputStream(ctxt, entity);
- 		    if (xmlPushInput(ctxt, input) < 0)
-@@ -2759,6 +2786,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 	    if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) ||
- 	        (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR))
- 	        goto int_error;
-+	    xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	    if (ent != NULL)
- 	        ctxt->nbentities += ent->checked / 2;
- 	    if ((ent != NULL) &&
-@@ -2810,6 +2838,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 	    ent = xmlParseStringPEReference(ctxt, &str);
- 	    if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
- 	        goto int_error;
-+	    xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	    if (ent != NULL)
- 	        ctxt->nbentities += ent->checked / 2;
- 	    if (ent != NULL) {
-@@ -7312,6 +7341,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 		   (ret != XML_WAR_UNDECLARED_ENTITY)) {
- 	    xmlFatalErrMsgStr(ctxt, XML_ERR_UNDECLARED_ENTITY,
- 		     "Entity '%s' failed to parse\n", ent->name);
-+	    xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	} else if (list != NULL) {
- 	    xmlFreeNodeList(list);
- 	    list = NULL;
-@@ -7418,7 +7448,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 		/*
- 		 * We are copying here, make sure there is no abuse
- 		 */
--		ctxt->sizeentcopy += ent->length;
-+		ctxt->sizeentcopy += ent->length + 5;
- 		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
- 		    return;
- 
-@@ -7466,7 +7496,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 		/*
- 		 * We are copying here, make sure there is no abuse
- 		 */
--		ctxt->sizeentcopy += ent->length;
-+		ctxt->sizeentcopy += ent->length + 5;
- 		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
- 		    return;
- 
-@@ -7652,6 +7682,7 @@ xmlParseEntityRef(xmlParserCtxtPtr ctxt) {
- 		ctxt->sax->reference(ctxt->userData, name);
- 	    }
- 	}
-+	xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	ctxt->valid = 0;
-     }
- 
-@@ -7845,6 +7876,7 @@ xmlParseStringEntityRef(xmlParserCtxtPtr ctxt, const xmlChar ** str) {
- 			  "Entity '%s' not defined\n",
- 			  name);
- 	}
-+	xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	/* TODO ? check regressions ctxt->valid = 0; */
-     }
- 
-@@ -8004,6 +8036,7 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
- 			  name, NULL);
- 	    ctxt->valid = 0;
- 	}
-+	xmlParserEntityCheck(ctxt, 0, NULL, 0);
-     } else {
- 	/*
- 	 * Internal checking in case the entity quest barfed
-@@ -8243,6 +8276,7 @@ xmlParseStringPEReference(xmlParserCtxtPtr ctxt, const xmlChar **str) {
- 			  name, NULL);
- 	    ctxt->valid = 0;
- 	}
-+	xmlParserEntityCheck(ctxt, 0, NULL, 0);
-     } else {
- 	/*
- 	 * Internal checking in case the entity quest barfed
--- 
-cgit v0.10.1
-
-- 
1.7.9.5

[PATCH 05/12] bind: remove 5 backport patches

[Robert Yang]

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../bind/bind/bind-9.8.1-CVE-2012-5166.patch       |  119 -----------------
 .../bind/bind/bind-CVE-2011-4313.patch             |   89 ------------
 .../bind/bind/bind-CVE-2012-1667.patch             |   92 -------------
 .../bind/bind/bind-CVE-2013-2266.patch             |   41 ------
 .../bind/bind/bind-Fix-CVE-2012-4244.patch         |  141 --------------------
 5 files changed, 482 deletions(-)
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch

diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
deleted file mode 100644
index 0abb475..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-bind_Fix_for_CVE-2012-5166
-
-Upstream-Status: Backport
-
-Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg
--1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz
-
-ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before
-9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows
-remote attackers to cause a denial of service (named daemon hang)
-via unspecified combinations of resource records.
-
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166
-
-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
-diff -urpN a/bin/named/query.c b/bin/named/query.c
---- a/bin/named/query.c	2012-10-22 13:24:27.000000000 +0800
-+++ b/bin/named/query.c	2012-10-22 13:17:04.000000000 +0800
-@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d
- 		mname = NULL;
- 	}
- 
--	/*
--	 * If the dns_name_t we're looking up is already in the message,
--	 * we don't want to trigger the caller's name replacement logic.
--	 */
--	if (name == mname)
--		mname = NULL;
--
- 	*mnamep = mname;
- 
- 	CTRACE("query_isduplicate: false: done");
-@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_
- 	if (dns_rdataset_isassociated(rdataset) &&
- 	    !query_isduplicate(client, fname, type, &mname)) {
- 		if (mname != NULL) {
-+			INSIST(mname != fname);
- 			query_releasename(client, &fname);
- 			fname = mname;
- 		} else
-@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_
- 			mname = NULL;
- 			if (!query_isduplicate(client, fname,
- 					       dns_rdatatype_a, &mname)) {
--				if (mname != NULL) {
--					query_releasename(client, &fname);
--					fname = mname;
--				} else
--					need_addname = ISC_TRUE;
-+				if (mname != fname) {
-+					if (mname != NULL) {
-+						query_releasename(client, &fname);
-+						fname = mname;
-+					} else
-+						need_addname = ISC_TRUE;
-+				}
- 				ISC_LIST_APPEND(fname->list, rdataset, link);
- 				added_something = ISC_TRUE;
- 				if (sigrdataset != NULL &&
-@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_
- 			mname = NULL;
- 			if (!query_isduplicate(client, fname,
- 					       dns_rdatatype_aaaa, &mname)) {
--				if (mname != NULL) {
--					query_releasename(client, &fname);
--					fname = mname;
--				} else
--					need_addname = ISC_TRUE;
-+				if (mname != fname) {
-+					if (mname != NULL) {
-+						query_releasename(client, &fname);
-+						fname = mname;
-+					} else
-+						need_addname = ISC_TRUE;
-+				}
- 				ISC_LIST_APPEND(fname->list, rdataset, link);
- 				added_something = ISC_TRUE;
- 				if (sigrdataset != NULL &&
-@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name
- 		    crdataset->type == dns_rdatatype_aaaa) {
- 			if (!query_isduplicate(client, fname, crdataset->type,
- 					       &mname)) {
--				if (mname != NULL) {
--					/*
--					 * A different type of this name is
--					 * already stored in the additional
--					 * section.  We'll reuse the name.
--					 * Note that this should happen at most
--					 * once.  Otherwise, fname->link could
--					 * leak below.
--					 */
--					INSIST(mname0 == NULL);
--
--					query_releasename(client, &fname);
--					fname = mname;
--					mname0 = mname;
--				} else
--					need_addname = ISC_TRUE;
-+				if (mname != fname) {
-+					if (mname != NULL) {
-+						/*
-+						 * A different type of this name is
-+						 * already stored in the additional
-+						 * section.  We'll reuse the name.
-+						 * Note that this should happen at most
-+						 * once.  Otherwise, fname->link could
-+						 * leak below.
-+						 */
-+						INSIST(mname0 == NULL);
-+
-+						query_releasename(client, &fname);
-+						fname = mname;
-+						mname0 = mname;
-+					} else
-+						need_addname = ISC_TRUE;
-+				}
- 				ISC_LIST_UNLINK(cfname.list, crdataset, link);
- 				ISC_LIST_APPEND(fname->list, crdataset, link);
- 				added_something = ISC_TRUE;
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
deleted file mode 100644
index 19d8df1..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-The patch to fix CVE-2011-4313
-
-Upstream-Status: Backport
-
-Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
-
-query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
-through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
-through 9.9.0b1 allows remote attackers to cause a denial of service
-(assertion failure and named exit) via unknown vectors related to recursive DNS
-queries, error logging, and the caching of an invalid record by the resolver.
-
-Signed-off-by Ming Liu <ming.liu@windriver.com>
----
- bin/named/query.c |   19 ++++++++-----------
- lib/dns/rbtdb.c   |    4 ++--
- 2 files changed, 10 insertions(+), 13 deletions(-)
-
---- a/bin/named/query.c
-+++ b/bin/named/query.c
-@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
- 			goto addname;
- 		if (result == DNS_R_NCACHENXRRSET) {
- 			dns_rdataset_disassociate(rdataset);
--			/*
--			 * Negative cache entries don't have sigrdatasets.
--			 */
--			INSIST(sigrdataset == NULL ||
--			       ! dns_rdataset_isassociated(sigrdataset));
-+			if (sigrdataset != NULL &&
-+			    dns_rdataset_isassociated(sigrdataset))
-+				dns_rdataset_disassociate(sigrdataset);
- 		}
- 		if (result == ISC_R_SUCCESS) {
- 			mname = NULL;
-@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
- 			goto addname;
- 		if (result == DNS_R_NCACHENXRRSET) {
- 			dns_rdataset_disassociate(rdataset);
--			INSIST(sigrdataset == NULL ||
--			       ! dns_rdataset_isassociated(sigrdataset));
-+			if (sigrdataset != NULL &&
-+			    dns_rdataset_isassociated(sigrdataset))
-+				dns_rdataset_disassociate(sigrdataset);
- 		}
- 		if (result == ISC_R_SUCCESS) {
- 			mname = NULL;
-@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
- 		goto setcache;
- 	if (result == DNS_R_NCACHENXRRSET) {
- 		dns_rdataset_disassociate(rdataset);
--		/*
--		 * Negative cache entries don't have sigrdatasets.
--		 */
--		INSIST(! dns_rdataset_isassociated(sigrdataset));
-+		if (dns_rdataset_isassociated(sigrdataset))
-+			dns_rdataset_disassociate(sigrdataset);
- 	}
- 	if (result == ISC_R_SUCCESS) {
- 		/* Remember the result as a cache */
---- a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
- 			      rdataset);
- 		if (need_headerupdate(found, search.now))
- 			update = found;
--		if (foundsig != NULL) {
-+		if (!NEGATIVE(found) && foundsig != NULL) {
- 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
- 				      sigrdataset);
- 			if (need_headerupdate(foundsig, search.now))
-@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
- 	}
- 	if (found != NULL) {
- 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
--		if (foundsig != NULL)
-+		if (!NEGATIVE(found) && foundsig != NULL)
- 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
- 				      sigrdataset);
- 	}
-@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
- 	}
- 	if (found != NULL) {
- 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
--		if (foundsig != NULL)
-+		if (!NEGATIVE(found) && foundsig != NULL)
- 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
- 				      sigrdataset);
- 	}
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
deleted file mode 100644
index c441eab..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-bind CVE-2012-1667
-
-Upstream-Status: Backport
-
-ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
-and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
-records with a zero-length RDATA section, which allows remote DNS servers to
-cause a denial of service (daemon crash or data corruption) or obtain
-sensitive information from process memory via a crafted record.
-
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
-
-The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
-
-Signed-off-by: Li Wang <li.wang@windriver.com>
----
- lib/dns/rdata.c     |    8 ++++----
- lib/dns/rdataslab.c |   11 ++++++++---
- 2 files changed, 12 insertions(+), 7 deletions(-)
-
-diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
-index 063b1f6..9337a80 100644
---- a/lib/dns/rdata.c
-+++ b/lib/dns/rdata.c
-@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
- 
- 	REQUIRE(rdata1 != NULL);
- 	REQUIRE(rdata2 != NULL);
--	REQUIRE(rdata1->data != NULL);
--	REQUIRE(rdata2->data != NULL);
-+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
-+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
- 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
- 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
- 
-@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
- 
- 	REQUIRE(rdata1 != NULL);
- 	REQUIRE(rdata2 != NULL);
--	REQUIRE(rdata1->data != NULL);
--	REQUIRE(rdata2->data != NULL);
-+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
-+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
- 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
- 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
- 
-diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
-index a41f16f..ed13b30 100644
---- a/lib/dns/rdataslab.c
-+++ b/lib/dns/rdataslab.c
-@@ -125,6 +125,11 @@ isc_result_t
- dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
- 			   isc_region_t *region, unsigned int reservelen)
- {
-+	/*
-+	 * Use &removed as a sentinal pointer for duplicate
-+	 * rdata as rdata.data == NULL is valid.
-+	 */
-+	static unsigned char removed;
- 	struct xrdata  *x;
- 	unsigned char  *rawbuf;
- #if DNS_RDATASET_FIXED
-@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
- 		INSIST(result == ISC_R_SUCCESS);
- 		dns_rdata_init(&x[i].rdata);
- 		dns_rdataset_current(rdataset, &x[i].rdata);
-+		INSIST(x[i].rdata.data != &removed);
- #if DNS_RDATASET_FIXED
- 		x[i].order = i;
- #endif
-@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
- 	 */
- 	for (i = 1; i < nalloc; i++) {
- 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
--			x[i-1].rdata.data = NULL;
--			x[i-1].rdata.length = 0;
-+			x[i-1].rdata.data = &removed;
- #if DNS_RDATASET_FIXED
- 			/*
- 			 * Preserve the least order so A, B, A -> A, B
-@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
- #endif
- 
- 	for (i = 0; i < nalloc; i++) {
--		if (x[i].rdata.data == NULL)
-+		if (x[i].rdata.data == &removed)
- 			continue;
- #if DNS_RDATASET_FIXED
- 		offsettable[x[i].order] = rawbuf - offsetbase;
--- 
-1.7.0.5
-
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
deleted file mode 100644
index 7ec6deb..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-bind: fix for CVE-2013-2266
-
-Upstream-Status: Backport
-
-libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
-9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
-remote attackers to cause a denial of service (memory consumption) via a
-crafted regular expression, as demonstrated by a memory-exhaustion attack
-against a machine running a named process.
-
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266
-
-Signed-off-by Ming Liu <ming.liu@windriver.com>
----
- config.h.in  |    3 ---
- configure.in |    2 +-
- 2 files changed, 1 insertion(+), 4 deletions(-)
-
---- a/config.h.in
-+++ b/config.h.in
-@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int
- /* Define if your OpenSSL version supports GOST. */
- #undef HAVE_OPENSSL_GOST
- 
--/* Define to 1 if you have the <regex.h> header file. */
--#undef HAVE_REGEX_H
--
- /* Define to 1 if you have the `setegid' function. */
- #undef HAVE_SETEGID
- 
---- a/configure.in
-+++ b/configure.in
-@@ -279,7 +279,7 @@ esac
- 
- AC_HEADER_STDC
- 
--AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
-+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
- [$ac_includes_default
- #ifdef HAVE_SYS_PARAM_H
- # include <sys/param.h>
diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
deleted file mode 100644
index 5dd6f69..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-bind_Fix_for_CVE-2012-4244
-
-Upstream-Status: Backport
-
-Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
-
-ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
- and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
-cause a denial of service (assertion failure and named daemon exit) via
-a query for a long resource record.
-
-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
-
-diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
---- a/lib/dns/include/dns/rdata.h	2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/include/dns/rdata.h	2012-10-08 11:26:43.000000000 +0800
-@@ -147,6 +147,17 @@ struct dns_rdata {
- 	(((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
- 
- /*
-+ * The maximum length of a RDATA that can be sent on the wire.
-+ * Max packet size (65535) less header (12), less name (1), type (2),
-+ * class (2), ttl(4), length (2).
-+ *
-+ * None of the defined types that support name compression can exceed
-+ * this and all new types are to be sent uncompressed.
-+ */
-+
-+#define DNS_RDATA_MAXLENGTH    65512U
-+
-+/*
-  * Flags affecting rdata formatting style.  Flags 0xFFFF0000
-  * are used by masterfile-level formatting and defined elsewhere.
-  * See additional comments at dns_rdata_tofmttext().
-diff -urpN a/lib/dns/master.c b/lib/dns/master.c
---- a/lib/dns/master.c	2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/master.c	2012-10-08 11:27:06.000000000 +0800
-@@ -75,7 +75,7 @@
- /*%
-  * max message size - header - root - type - class - ttl - rdlen
-  */
--#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
-+#define MINTSIZ DNS_RDATA_MAXLENGTH 
- /*%
-  * Size for tokens in the presentation format,
-  * The largest tokens are the base64 blocks in KEY and CERT records,
-diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
---- a/lib/dns/rdata.c	2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/rdata.c	2012-10-08 11:27:27.000000000 +0800
-@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
- 	isc_buffer_t st;
- 	isc_boolean_t use_default = ISC_FALSE;
- 	isc_uint32_t activelength;
-+	size_t length;
- 
- 	REQUIRE(dctx != NULL);
- 	if (rdata != NULL) {
-@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
- 	}
- 
- 	/*
-+	 * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
-+	 * as we cannot transmit it.
-+	 */
-+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
-+	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
-+		result = DNS_R_FORMERR;
-+
-+	/*
- 	 * We should have consumed all of our buffer.
- 	 */
- 	if (result == ISC_R_SUCCESS && !buffer_empty(source))
-@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
- 
- 	if (rdata != NULL && result == ISC_R_SUCCESS) {
- 		region.base = isc_buffer_used(&st);
--		region.length = isc_buffer_usedlength(target) -
--				isc_buffer_usedlength(&st);
-+		region.length = length;
- 		dns_rdata_fromregion(rdata, rdclass, type, &region);
- 	}
- 
-@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
- 	unsigned long line;
- 	void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
- 	isc_result_t tresult;
-+	size_t length;
- 
- 	REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
- 	if (rdata != NULL) {
-@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
- 		}
- 	} while (1);
- 
-+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
-+	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
-+		result = ISC_R_NOSPACE;
-+
- 	if (rdata != NULL && result == ISC_R_SUCCESS) {
- 		region.base = isc_buffer_used(&st);
--		region.length = isc_buffer_usedlength(target) -
--				isc_buffer_usedlength(&st);
-+		region.length = length;
- 		dns_rdata_fromregion(rdata, rdclass, type, &region);
- 	}
- 	if (result != ISC_R_SUCCESS) {
-@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
- 	isc_buffer_t st;
- 	isc_region_t region;
- 	isc_boolean_t use_default = ISC_FALSE;
-+	size_t length;
- 
- 	REQUIRE(source != NULL);
- 	if (rdata != NULL) {
-@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
- 	if (use_default)
- 		(void)NULL;
- 
-+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
-+	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
-+		result = ISC_R_NOSPACE;
-+
- 	if (rdata != NULL && result == ISC_R_SUCCESS) {
- 		region.base = isc_buffer_used(&st);
--		region.length = isc_buffer_usedlength(target) -
--				isc_buffer_usedlength(&st);
-+		region.length = length;
- 		dns_rdata_fromregion(rdata, rdclass, type, &region);
- 	}
- 	if (result != ISC_R_SUCCESS)
-diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
---- a/lib/dns/rdataslab.c	2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/rdataslab.c	2012-10-08 11:27:54.000000000 +0800
-@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
- 		length = x[i].rdata.length;
- 		if (rdataset->type == dns_rdatatype_rrsig)
- 			length++;
-+		INSIST(length <= 0xffff);
- 		*rawbuf++ = (length & 0xff00) >> 8;
- 		*rawbuf++ = (length & 0x00ff);
- #if DNS_RDATASET_FIXED
-- 
1.7.9.5

[PATCH 06/12] logrotate: remove logrotate-CVE-2011-1548.patch

[Robert Yang]

It is a backport patch.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../logrotate/logrotate-CVE-2011-1548.patch        |   43 --------------------
 1 file changed, 43 deletions(-)
 delete mode 100644 meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch

diff --git a/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch b/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch
deleted file mode 100644
index ed2750e..0000000
--- a/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Upstream-Status: Backport
-
-logrotate: fix for CVE-2011-1548
-
-If a logfile is a symlink, it may be read when being compressed, being
-copied (copy, copytruncate) or mailed. Secure data (eg. password files)
-may be exposed.
-
-Portback nofollow.patch from:
-http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
-
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
----
---- a/logrotate.c	2012-09-06 13:25:08.000000000 +0800
-+++ b/logrotate.c	2012-09-06 13:35:57.000000000 +0800
-@@ -390,7 +390,7 @@
-     compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2);
-     sprintf(compressedName, "%s%s", name, log->compress_ext);
- 
--    if ((inFile = open(name, O_RDWR)) < 0) {
-+    if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) {
- 	message(MESS_ERROR, "unable to open %s for compression\n", name);
- 	return 1;
-     }
-@@ -470,7 +470,7 @@
-     char *mailArgv[] = { mailCommand, "-s", subject, address, NULL };
-     int rc = 0;
- 
--    if ((mailInput = open(logFile, O_RDONLY)) < 0) {
-+    if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) {
- 	message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile,
- 		strerror(errno));
- 	return 1;
-@@ -561,7 +561,7 @@
-     message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog);
- 
-     if (!debug) {
--	if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) {
-+	if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) {
- 	    message(MESS_ERROR, "error opening %s: %s\n", currLog,
- 		    strerror(errno));
- 	    return 1;
-- 
1.7.9.5

[PATCH 07/12] kmod: remove 0001-Makefile.am-fix-parallel-build-problem.patch

[Robert Yang]

Confirmed with the author Qi, it isn't needed.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 ...01-Makefile.am-fix-parallel-build-problem.patch |   29 --------------------
 1 file changed, 29 deletions(-)
 delete mode 100644 meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch

diff --git a/meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch b/meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch
deleted file mode 100644
index 49b0209..0000000
--- a/meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Upstream-Status: Pending
-
-Subject: Makefile.am: fix parallel build problem
-
-Fix parallel build problem to avoid errors like below.
-
-    install: cannot stat 'testsuite/module-playground/mod-fake-cciss.ko': No such file or directory
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 9457655..d5b02eb 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -237,7 +237,7 @@ rootfs: build-module-playground
- 
- .PHONY: rootfs build-playground
- 
--$(ROOTFS): $(ROOTFS_PRISTINE)
-+$(ROOTFS): $(ROOTFS_PRISTINE) build-module-playground
- 	$(CREATE_ROOTFS)
- 
- TESTSUITE_OVERRIDE_LIBS = \
--- 
-1.9.1
-
-- 
1.7.9.5

[PATCH 08/12] openssl: remove 3 patches

[Robert Yang]

Removed:
 - openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 - upgate-vegsion-script-for-1.0.2.patch
   Since they are already in the source.
 - make-targets.patch
   It removed test dir from DIRS, which is not needed any more since we
   need build it.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>

init

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../openssl/openssl/debian/make-targets.patch      |   15 -----
 ...NULL-pointer-dereference-in-dh_pub_encode.patch |   26 --------
 .../openssl/update-version-script-for-1.0.2.patch  |   66 --------------------
 3 files changed, 107 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
deleted file mode 100644
index ee0a62c..0000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1/Makefile.org
-===================================================================
---- openssl-1.0.1.orig/Makefile.org	2012-03-17 09:41:07.000000000 +0000
-+++ openssl-1.0.1/Makefile.org	2012-03-17 09:41:21.000000000 +0000
-@@ -135,7 +135,7 @@
- 
- BASEADDR=
- 
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl engines apps tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
deleted file mode 100644
index d7047bb..0000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
-
-We should avoid accessing the pointer if ASN1_STRING_new()
-allocates memory failed.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
----
-Index: openssl-1.0.2/crypto/dh/dh_ameth.c
-===================================================================
---- openssl-1.0.2.orig/crypto/dh/dh_ameth.c
-+++ openssl-1.0.2/crypto/dh/dh_ameth.c
-@@ -161,6 +161,11 @@ static int dh_pub_encode(X509_PUBKEY *pk
-     dh = pkey->pkey.dh;
- 
-     str = ASN1_STRING_new();
-+    if (!str) {
-+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+        goto err;
-+    }
-+
-     str->length = i2d_dhp(pkey, dh, &str->data);
-     if (str->length <= 0) {
-         DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
diff --git a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
deleted file mode 100644
index fcfccfa..0000000
--- a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Index: openssl-1.0.2/openssl.ld
-===================================================================
---- openssl-1.0.2.orig/openssl.ld
-+++ openssl-1.0.2/openssl.ld
-@@ -4618,3 +4618,61 @@ OPENSSL_1.0.1d {
- 		CRYPTO_memcmp;
- } OPENSSL_1.0.1;
- 
-+OPENSSL_1.0.2 {
-+	global:
-+		ASN1_TIME_diff;
-+		CMS_RecipientInfo_get0_pkey_ctx;
-+		CMS_RecipientInfo_kari_get0_ctx;
-+		CMS_SignerInfo_get0_pkey_ctx;
-+		DH_get_1024_160;
-+		DH_get_2048_224;
-+		DH_get_2048_256;
-+		DTLS_client_method;
-+		DTLS_server_method;
-+		DTLSv1_2_client_method;
-+		DTLSv1_2_server_method;
-+		EC_curve_nid2nist;
-+		EC_curve_nist2nid;
-+		EVP_aes_128_cbc_hmac_sha256;
-+		EVP_aes_128_wrap;
-+		EVP_aes_192_wrap;
-+		EVP_aes_256_cbc_hmac_sha256;
-+		EVP_aes_256_wrap;
-+		EVP_des_ede3_wrap;
-+		OCSP_REQ_CTX_http;
-+		OCSP_REQ_CTX_new;
-+		PEM_write_bio_DHxparams;
-+		SSL_CIPHER_find;
-+		SSL_CONF_CTX_finish;
-+		SSL_CONF_CTX_free;
-+		SSL_CONF_CTX_new;
-+		SSL_CONF_CTX_set_flags;
-+		SSL_CONF_CTX_set_ssl_ctx;
-+		SSL_CONF_cmd;
-+		SSL_CONF_cmd_argv;
-+		SSL_CTX_add_client_custom_ext;
-+		SSL_CTX_add_server_custom_ext;
-+		SSL_CTX_set_alpn_protos;
-+		SSL_CTX_set_alpn_select_cb;
-+		SSL_CTX_set_cert_cb;
-+		SSL_CTX_use_serverinfo_file;
-+		SSL_certs_clear;
-+		SSL_check_chain;
-+		SSL_get0_alpn_selected;
-+		SSL_get_shared_sigalgs;
-+		SSL_get_sigalgs;
-+		SSL_is_server;
-+		X509_CRL_diff;
-+		X509_CRL_http_nbio;
-+		X509_STORE_set_lookup_crls_cb;
-+		X509_VERIFY_PARAM_set1_email;
-+		X509_VERIFY_PARAM_set1_host;
-+		X509_VERIFY_PARAM_set1_ip_asc;
-+		X509_chain_check_suiteb;
-+		X509_chain_up_ref;
-+		X509_check_email;
-+		X509_check_host;
-+		X509_check_ip_asc;
-+		X509_get_signature_nid;
-+		X509_http_nbio;
-+} OPENSSL_1.0.1d;
-- 
1.7.9.5

[PATCH 09/12] lttng-modules: remove bio-bvec-iter.patch

[Robert Yang]

It is aready in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../lttng/lttng-modules/bio-bvec-iter.patch        |  156 --------------------
 1 file changed, 156 deletions(-)
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch

diff --git a/meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch b/meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch
deleted file mode 100644
index d6c66e4..0000000
--- a/meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-Upstream-Status: Pending
-
-In 3.14, bi_sector and bi_size were moved into an iterator, thus
-breaking any tracepoints that still expect them in the bio.  Fix up
-the lttng-module tracepoints to use the new scheme when the kernel
-version is >= 3.14.
-
-Signed-off-by: Tom Zanussi <tom.zanussi@intel.com>
-
-diff --git a/instrumentation/events/lttng-module/block.h b/instrumentation/events/lttng-module/block.h
-index f3b8bff..0a61543 100644
---- a/instrumentation/events/lttng-module/block.h
-+++ b/instrumentation/events/lttng-module/block.h
-@@ -341,9 +341,15 @@ TRACE_EVENT(block_bio_bounce,
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev ?
- 					  bio->bi_bdev->bd_dev : 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -385,14 +391,24 @@ TRACE_EVENT(block_bio_complete,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
-+
- #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,38))
- 		tp_assign(error, error)
- #else
- 		tp_assign(error, 0)
- #endif
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 	),
- 
- 	TP_printk("%d,%d %s %llu + %u [%d]",
-@@ -419,9 +435,15 @@ DECLARE_EVENT_CLASS(block_bio_merge,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -485,9 +507,15 @@ TRACE_EVENT(block_bio_queue,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -513,9 +541,15 @@ DECLARE_EVENT_CLASS(block_bio,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev ? bio->bi_bdev->bd_dev : 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -587,10 +621,17 @@ DECLARE_EVENT_CLASS(block_get_rq,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio ? bio->bi_bdev->bd_dev : 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio ? bio->bi_iter.bi_sector : 0)
-+		tp_assign(nr_sector, bio ? bio->bi_iter.bi_size >> 9 : 0)
-+		blk_fill_rwbs(rwbs, bio ? bio->bi_rw : 0,
-+			      bio ? bio->bi_iter.bi_size >> 9 : 0)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio ? bio->bi_sector : 0)
- 		tp_assign(nr_sector, bio ? bio->bi_size >> 9 : 0)
- 		blk_fill_rwbs(rwbs, bio ? bio->bi_rw : 0,
- 			      bio ? bio->bi_size >> 9 : 0)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
-         ),
- 
-@@ -759,9 +800,15 @@ TRACE_EVENT(block_split,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(new_sector, new_sector)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(new_sector, new_sector)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -805,11 +852,19 @@ TRACE_EVENT(block_remap,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		tp_assign(old_dev, dev)
-+		tp_assign(old_sector, from)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		tp_assign(old_dev, dev)
- 		tp_assign(old_sector, from)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 	),
- 
- 	TP_printk("%d,%d %s %llu + %u <- (%d,%d) %llu",
-- 
1.7.9.5

[PATCH 10/12] libaio: remove libaio-generic.patch

[Robert Yang]

It is already in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../libaio/libaio/libaio-generic.patch             |   65 --------------------
 1 file changed, 65 deletions(-)
 delete mode 100644 meta/recipes-extended/libaio/libaio/libaio-generic.patch

diff --git a/meta/recipes-extended/libaio/libaio/libaio-generic.patch b/meta/recipes-extended/libaio/libaio/libaio-generic.patch
deleted file mode 100644
index 3fcf541..0000000
--- a/meta/recipes-extended/libaio/libaio/libaio-generic.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 5e96c73d5dfbdea8d0be82b7f3fc8d6735e5dfa7 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 17 Jan 2010 17:07:48 -0500
-Subject: [PATCH] add a generic syscall() fallback
-
-Upstream-Status: Pending
-
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
----
- src/syscall-generic.h |   29 +++++++++++++++++++++++++++++
- src/syscall.h         |    3 ++-
- 2 files changed, 31 insertions(+), 1 deletions(-)
- create mode 100644 src/syscall-generic.h
-
-diff --git a/src/syscall-generic.h b/src/syscall-generic.h
-new file mode 100644
-index 0000000..24d7c7c
---- /dev/null
-+++ b/src/syscall-generic.h
-@@ -0,0 +1,29 @@
-+#include <errno.h>
-+#include <unistd.h>
-+#include <sys/syscall.h>
-+
-+#define _body_io_syscall(sname, args...) \
-+{ \
-+   int ret = syscall(__NR_##sname, ## args); \
-+   return ret < 0 ? -errno : ret; \
-+}
-+
-+#define io_syscall1(type,fname,sname,type1,arg1) \
-+type fname(type1 arg1) \
-+_body_io_syscall(sname, (long)arg1)
-+
-+#define io_syscall2(type,fname,sname,type1,arg1,type2,arg2) \
-+type fname(type1 arg1,type2 arg2) \
-+_body_io_syscall(sname, (long)arg1, (long)arg2)
-+
-+#define io_syscall3(type,fname,sname,type1,arg1,type2,arg2,type3,arg3) \
-+type fname(type1 arg1,type2 arg2,type3 arg3) \
-+_body_io_syscall(sname, (long)arg1, (long)arg2, (long)arg3)
-+
-+#define io_syscall4(type,fname,sname,type1,arg1,type2,arg2,type3,arg3,type4,arg4) \
-+type fname (type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
-+_body_io_syscall(sname, (long)arg1, (long)arg2, (long)arg3, (long)arg4)
-+
-+#define io_syscall5(type,fname,sname,type1,arg1,type2,arg2,type3,arg3,type4,arg4, type5,arg5) \
-+type fname (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
-+_body_io_syscall(sname, (long)arg1, (long)arg2, (long)arg3, (long)arg4, (long)arg5)
-diff --git a/src/syscall.h b/src/syscall.h
-index 78becfe..d954af0 100644
---- a/src/syscall.h
-+++ b/src/syscall.h
-@@ -25,5 +25,6 @@
- #elif defined(__arm__)
- #include "syscall-arm.h"
- #else
--#error "add syscall-arch.h"
-+#warning "using generic syscall method"
-+#include "syscall-generic.h"
- #endif
--- 
-1.7.3.1
-
-- 
1.7.9.5

[PATCH 11/12] texinfo: remove enumerate_greater_than_ten.patch

[Robert Yang]

It is a backport patch.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../texinfo/enumerate_greater_than_ten.patch       |   51 --------------------
 1 file changed, 51 deletions(-)
 delete mode 100644 meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch

diff --git a/meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch b/meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch
deleted file mode 100644
index ef69143..0000000
--- a/meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 0e70072ce655a0d053bb7433083ced5e6eac74d4 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Thu, 15 Aug 2013 23:49:47 -0700
-Subject: [PATCH] handle correctly @enumerate specification greater than 10
-
-Upstream-Status: Backport
-
-Revision: 5270
-          http://svn.sv.gnu.org/viewvc/?view=rev&root=texinfo&revision=5270
-Author:   pertusus
-Date:     2013-07-29 20:02:23 +0000 (Mon, 29 Jul 2013)
-Log Message:
------------
-        * tp/Common.pm (enumerate_item_representation), Texinfo/Parser.pm:
-        handle correctly @enumerate specification greater than 10.  Report
-        from Dmitry Shachnev.
-
----
- tp/Texinfo/Common.pm |    2 +-
- tp/Texinfo/Parser.pm |    2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tp/Texinfo/Common.pm b/tp/Texinfo/Common.pm
-index 8aee9f7..bdffeee 100644
---- a/tp/Texinfo/Common.pm
-+++ b/tp/Texinfo/Common.pm
-@@ -1382,7 +1382,7 @@ sub enumerate_item_representation($$)
-   my $specification = shift;
-   my $number = shift;
-
--  if ($specification =~ /^[0-9]$/) {
-+  if ($specification =~ /^[0-9]+$/) {
-     return $specification + $number -1;
-   }
-
-diff --git a/tp/Texinfo/Parser.pm b/tp/Texinfo/Parser.pm
-index cf8fa72..8e845e9 100644
---- a/tp/Texinfo/Parser.pm
-+++ b/tp/Texinfo/Parser.pm
-@@ -2973,7 +2973,7 @@ sub _end_line($$$)
-                         $current->{'cmdname'});
-           }
-           my $arg = $current->{'extra'}->{'block_command_line_contents'}->[0]->[0];
--          if (!defined($arg->{'text'}) or $arg->{'text'} !~ /^[[:alnum:]]$/) {
-+          if (!defined($arg->{'text'}) or $arg->{'text'} !~ /^(([[:digit:]]+)|([[:alpha:]]+))$/) {
-             $self->_command_error($current, $line_nr, 
-                         $self->__("bad argument to \@%s"),
-                         $current->{'cmdname'});
---
-1.7.1
-
-- 
1.7.9.5

[PATCH 12/12] elfutils: enable fix-build-gcc-4.8.patch

[Robert Yang]

The patch fixes a warning seen with gcc 4.8 (especially on ubuntu 13.10)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta/recipes-devtools/elfutils/elfutils_0.148.bb |    1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.148.bb b/meta/recipes-devtools/elfutils/elfutils_0.148.bb
index dc56dfa..0d8490d 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.148.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.148.bb
@@ -34,6 +34,7 @@ SRC_URI += "\
         file://elfutils-ar-c-fix-num-passed-to-memset.patch \
         file://Fix_elf_cvt_gunhash.patch \
         file://elf_begin.c-CVE-2014-9447-fix.patch \
+        file://fix-build-gcc-4.8.patch \
 "
 # Only apply when building uclibc based target recipe
 SRC_URI_append_libc-uclibc = " file://uclibc-support-for-elfutils-0.148.patch"
-- 
1.7.9.5

Re: [PATCH 00/12] Fixes for dangling patches

[Richard Purdie]

On Fri, 2015-04-24 at 00:54 -0700, Robert Yang wrote:
> The following changes since commit 166f2587468ae71988c610858aad3f7ef67eccba:
> 
>   bison: don't depend on help2man (2015-04-21 11:29:30 +0100)
> 
> are available in the git repository at:
> 
>   git://git.openembedded.org/openembedded-core-contrib rbt/dangling
>   http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/dangling

There are a number of commit messages here which say "its a backport
patch". We can see that from the Upstream-Status tag, what the commit
message doesn't say is *why* its safe to remove.

I'm guessing most of these patches have already been applied in the
versions of the software we have but it would be good to reflect that in
the commit messages.

Cheers,

Richard

> Robert Yang (12):
>   python3: remove sys_platform_is_now_always_linux2.patch
>   mtd-utils: enable
>     mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch
>   nspr: remove nspr-CVE-2014-1545.patch
>   libxml2: remove libxml2-CVE-2014-3660.patch
>   bind: remove 5 backport patches
>   logrotate: remove logrotate-CVE-2011-1548.patch
>   kmod: remove 0001-Makefile.am-fix-parallel-build-problem.patch
>   openssl: remove 3 patches
>   lttng-modules: remove bio-bvec-iter.patch
>   libaio: remove libaio-generic.patch
>   texinfo: remove enumerate_greater_than_ten.patch
>   elfutils: enable fix-build-gcc-4.8.patch
> 
>  .../bind/bind/bind-9.8.1-CVE-2012-5166.patch       |  119 ---------------
>  .../bind/bind/bind-CVE-2011-4313.patch             |   89 -----------
>  .../bind/bind/bind-CVE-2012-1667.patch             |   92 ------------
>  .../bind/bind/bind-CVE-2013-2266.patch             |   41 -----
>  .../bind/bind/bind-Fix-CVE-2012-4244.patch         |  141 ------------------
>  .../openssl/openssl/debian/make-targets.patch      |   15 --
>  ...NULL-pointer-dereference-in-dh_pub_encode.patch |   26 ----
>  .../openssl/update-version-script-for-1.0.2.patch  |   66 ---------
>  .../libxml/libxml2/libxml2-CVE-2014-3660.patch     |  147 ------------------
>  meta/recipes-devtools/elfutils/elfutils_0.148.bb   |    1 +
>  ...t-cleanmarker-with-flash_erase--j-command.patch |   22 +--
>  meta/recipes-devtools/mtd/mtd-utils_git.bb         |    1 +
>  .../sys_platform_is_now_always_linux2.patch        |   29 ----
>  .../libaio/libaio/libaio-generic.patch             |   65 --------
>  .../logrotate/logrotate-CVE-2011-1548.patch        |   43 ------
>  .../texinfo/enumerate_greater_than_ten.patch       |   51 -------
>  ...01-Makefile.am-fix-parallel-build-problem.patch |   29 ----
>  .../lttng/lttng-modules/bio-bvec-iter.patch        |  156 --------------------
>  .../nspr/nspr/nspr-CVE-2014-1545.patch             |   67 ---------
>  19 files changed, 15 insertions(+), 1185 deletions(-)
>  delete mode 100644 meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
>  delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
>  delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
>  delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
>  delete mode 100644 meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
>  delete mode 100644 meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
>  delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
>  delete mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
>  delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
>  delete mode 100644 meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch
>  delete mode 100644 meta/recipes-extended/libaio/libaio/libaio-generic.patch
>  delete mode 100644 meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch
>  delete mode 100644 meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch
>  delete mode 100644 meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch
>  delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch
>  delete mode 100644 meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
> 
> -- 
> 1.7.9.5
> 

Re: [PATCH 00/12] Fixes for dangling patches

[Robert Yang]

On 04/24/2015 04:31 PM, Richard Purdie wrote:
> On Fri, 2015-04-24 at 00:54 -0700, Robert Yang wrote:
>> The following changes since commit 166f2587468ae71988c610858aad3f7ef67eccba:
>>
>>    bison: don't depend on help2man (2015-04-21 11:29:30 +0100)
>>
>> are available in the git repository at:
>>
>>    git://git.openembedded.org/openembedded-core-contrib rbt/dangling
>>    http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/dangling
>
> There are a number of commit messages here which say "its a backport
> patch". We can see that from the Upstream-Status tag, what the commit
> message doesn't say is *why* its safe to remove.
>
> I'm guessing most of these patches have already been applied in the
> versions of the software we have but it would be good to reflect that in
> the commit messages.

Thanks, I've checked that the recipes had been upgraded for the backport
patches, I will do more strictly checking and update the commit message.

// Robert

>
> Cheers,
>
> Richard
>
>> Robert Yang (12):
>>    python3: remove sys_platform_is_now_always_linux2.patch
>>    mtd-utils: enable
>>      mtd-utils-fix-corrupt-cleanmarker-with-flash_erase--j-command.patch
>>    nspr: remove nspr-CVE-2014-1545.patch
>>    libxml2: remove libxml2-CVE-2014-3660.patch
>>    bind: remove 5 backport patches
>>    logrotate: remove logrotate-CVE-2011-1548.patch
>>    kmod: remove 0001-Makefile.am-fix-parallel-build-problem.patch
>>    openssl: remove 3 patches
>>    lttng-modules: remove bio-bvec-iter.patch
>>    libaio: remove libaio-generic.patch
>>    texinfo: remove enumerate_greater_than_ten.patch
>>    elfutils: enable fix-build-gcc-4.8.patch
>>
>>   .../bind/bind/bind-9.8.1-CVE-2012-5166.patch       |  119 ---------------
>>   .../bind/bind/bind-CVE-2011-4313.patch             |   89 -----------
>>   .../bind/bind/bind-CVE-2012-1667.patch             |   92 ------------
>>   .../bind/bind/bind-CVE-2013-2266.patch             |   41 -----
>>   .../bind/bind/bind-Fix-CVE-2012-4244.patch         |  141 ------------------
>>   .../openssl/openssl/debian/make-targets.patch      |   15 --
>>   ...NULL-pointer-dereference-in-dh_pub_encode.patch |   26 ----
>>   .../openssl/update-version-script-for-1.0.2.patch  |   66 ---------
>>   .../libxml/libxml2/libxml2-CVE-2014-3660.patch     |  147 ------------------
>>   meta/recipes-devtools/elfutils/elfutils_0.148.bb   |    1 +
>>   ...t-cleanmarker-with-flash_erase--j-command.patch |   22 +--
>>   meta/recipes-devtools/mtd/mtd-utils_git.bb         |    1 +
>>   .../sys_platform_is_now_always_linux2.patch        |   29 ----
>>   .../libaio/libaio/libaio-generic.patch             |   65 --------
>>   .../logrotate/logrotate-CVE-2011-1548.patch        |   43 ------
>>   .../texinfo/enumerate_greater_than_ten.patch       |   51 -------
>>   ...01-Makefile.am-fix-parallel-build-problem.patch |   29 ----
>>   .../lttng/lttng-modules/bio-bvec-iter.patch        |  156 --------------------
>>   .../nspr/nspr/nspr-CVE-2014-1545.patch             |   67 ---------
>>   19 files changed, 15 insertions(+), 1185 deletions(-)
>>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
>>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
>>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
>>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
>>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
>>   delete mode 100644 meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
>>   delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
>>   delete mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
>>   delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
>>   delete mode 100644 meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch
>>   delete mode 100644 meta/recipes-extended/libaio/libaio/libaio-generic.patch
>>   delete mode 100644 meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch
>>   delete mode 100644 meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch
>>   delete mode 100644 meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch
>>   delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch
>>   delete mode 100644 meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
>>
>> --
>> 1.7.9.5
>>
>
>
>
>