[PATCH 0/4] [jethro] Consolidated pull

[PATCH 0/4] [jethro] Consolidated pull

[Robert Yang]

The following changes since commit 1a51bb69b7600cbe6da7928d46e0ea058a14ccde:

  base: check for existing prefix when expanding names in PACKAGECONFIG (2016-03-11 23:15:01 +0000)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib rbt/jethro-next
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/jethro-next

Chang Rebecca Swee Fun (1):
  make 4.1: fix segfault when ttyname fails

Jagadeesh Krishnanjanappa (1):
  license.bbclass: fix host contamination warnings for license files

Mariano Lopez (1):
  dhcp: CVE-2015-8605

Peter Kjellerstedt (1):
  lib/oe/patch: Make GitApplyTree._applypatch() support read-only
    .git/hooks

 meta/classes/license.bbclass                       |   10 ++
 meta/lib/oe/patch.py                               |   26 +++--
 .../dhcp/dhcp/CVE-2015-8605.patch                  |   99 ++++++++++++++++++++
 meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb       |    1 +
 ...-SV-43434-Handle-NULL-returns-from-ttynam.patch |   63 +++++++++++++
 meta/recipes-devtools/make/make_4.1.bb             |    2 +
 6 files changed, 187 insertions(+), 14 deletions(-)
 create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
 create mode 100644 meta/recipes-devtools/make/make-4.1/0001-main.c-main-SV-43434-Handle-NULL-returns-from-ttynam.patch

-- 
1.7.9.5

[PATCH 1/4] lib/oe/patch: Make GitApplyTree._applypatch() support read-only .git/hooks

[Robert Yang]

From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>

Rather than modifying files in .git/hooks, which can be read-only
(e.g., if it is a link to a directory in /usr/share), move away the
entire .git/hooks directory temporarily.

(From OE-Core master rev: a88d603b51a9ebb39210d54b667519acfbe465c3)

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta/lib/oe/patch.py |   26 ++++++++++++--------------
 1 file changed, 12 insertions(+), 14 deletions(-)

diff --git a/meta/lib/oe/patch.py b/meta/lib/oe/patch.py
index 2bf501e..c25d3c7 100644
--- a/meta/lib/oe/patch.py
+++ b/meta/lib/oe/patch.py
@@ -383,14 +383,15 @@ class GitApplyTree(PatchTree):
         reporoot = (runcmd("git rev-parse --show-toplevel".split(), self.dir) or '').strip()
         if not reporoot:
             raise Exception("Cannot get repository root for directory %s" % self.dir)
-        commithook = os.path.join(reporoot, '.git', 'hooks', 'commit-msg')
-        commithook_backup = commithook + '.devtool-orig'
-        applyhook = os.path.join(reporoot, '.git', 'hooks', 'applypatch-msg')
-        applyhook_backup = applyhook + '.devtool-orig'
-        if os.path.exists(commithook):
-            shutil.move(commithook, commithook_backup)
-        if os.path.exists(applyhook):
-            shutil.move(applyhook, applyhook_backup)
+        hooks_dir = os.path.join(reporoot, '.git', 'hooks')
+        hooks_dir_backup = hooks_dir + '.devtool-orig'
+        if os.path.lexists(hooks_dir_backup):
+            raise Exception("Git hooks backup directory already exists: %s" % hooks_dir_backup)
+        if os.path.lexists(hooks_dir):
+            shutil.move(hooks_dir, hooks_dir_backup)
+        os.mkdir(hooks_dir)
+        commithook = os.path.join(hooks_dir, 'commit-msg')
+        applyhook = os.path.join(hooks_dir, 'applypatch-msg')
         with open(commithook, 'w') as f:
             # NOTE: the formatting here is significant; if you change it you'll also need to
             # change other places which read it back
@@ -439,12 +440,9 @@ class GitApplyTree(PatchTree):
                     os.remove(tmpfile)
                 return output
         finally:
-            os.remove(commithook)
-            os.remove(applyhook)
-            if os.path.exists(commithook_backup):
-                shutil.move(commithook_backup, commithook)
-            if os.path.exists(applyhook_backup):
-                shutil.move(applyhook_backup, applyhook)
+            shutil.rmtree(hooks_dir)
+            if os.path.lexists(hooks_dir_backup):
+                shutil.move(hooks_dir_backup, hooks_dir)
 
 
 class QuiltTree(PatchSet):
-- 
1.7.9.5

[PATCH 2/4] make 4.1: fix segfault when ttyname fails

[Robert Yang]

From: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>

GNU make segfaults when run in a chroot environment because
of a known bug in GNU make 4.1. See [1] for details.

Works if /dev/pts is mounted before chroot.

[1] http://savannah.gnu.org/bugs/?43434

[YOCTO #9067]

Reported-by: Alexander Larsson <alexl@redhat.com>
(From OE-Core master rev: 0fe2a4b428b1b9a937914d87ec089b5a64f641eb)

Signed-off-by: Anuj Mittal <anujx.mittal@intel.com>
Signed-off-by: Chang Rebecca Swee Fun <rebecca.swee.fun.chang@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 ...-SV-43434-Handle-NULL-returns-from-ttynam.patch |   63 ++++++++++++++++++++
 meta/recipes-devtools/make/make_4.1.bb             |    2 +
 2 files changed, 65 insertions(+)
 create mode 100644 meta/recipes-devtools/make/make-4.1/0001-main.c-main-SV-43434-Handle-NULL-returns-from-ttynam.patch

diff --git a/meta/recipes-devtools/make/make-4.1/0001-main.c-main-SV-43434-Handle-NULL-returns-from-ttynam.patch b/meta/recipes-devtools/make/make-4.1/0001-main.c-main-SV-43434-Handle-NULL-returns-from-ttynam.patch
new file mode 100644
index 0000000..7a5f4ba
--- /dev/null
+++ b/meta/recipes-devtools/make/make-4.1/0001-main.c-main-SV-43434-Handle-NULL-returns-from-ttynam.patch
@@ -0,0 +1,63 @@
+From 292da6f6867b75a5af7ddbb639a1feae022f438f Mon Sep 17 00:00:00 2001
+From: Paul Smith <psmith@gnu.org>
+Date: Mon, 20 Oct 2014 01:54:56 -0400
+Subject: [PATCH] * main.c (main): [SV 43434] Handle NULL returns from
+ ttyname().
+
+Upstream-Status: Backport
+
+From: http://git.savannah.gnu.org/cgit/make.git/commit/?id=292da6f6867b75a5af7ddbb639a1feae022f438f
+
+---
+ main.c    | 15 ++++++++++-----
+ makeint.h |  3 ++-
+ 2 files changed, 12 insertions(+), 6 deletions(-)
+
+diff --git a/main.c b/main.c
+index b2d169c..0cdb8a8 100644
+--- a/main.c
++++ b/main.c
+@@ -1429,13 +1429,18 @@ main (int argc, char **argv, char **envp)
+ #ifdef HAVE_ISATTY
+     if (isatty (fileno (stdout)))
+       if (! lookup_variable (STRING_SIZE_TUPLE ("MAKE_TERMOUT")))
+-        define_variable_cname ("MAKE_TERMOUT", TTYNAME (fileno (stdout)),
+-                               o_default, 0)->export = v_export;
+-
++        {
++          const char *tty = TTYNAME (fileno (stdout));
++          define_variable_cname ("MAKE_TERMOUT", tty ? tty : DEFAULT_TTYNAME,
++                                 o_default, 0)->export = v_export;
++        }
+     if (isatty (fileno (stderr)))
+       if (! lookup_variable (STRING_SIZE_TUPLE ("MAKE_TERMERR")))
+-        define_variable_cname ("MAKE_TERMERR", TTYNAME (fileno (stderr)),
+-                               o_default, 0)->export = v_export;
++        {
++          const char *tty = TTYNAME (fileno (stderr));
++          define_variable_cname ("MAKE_TERMERR", tty ? tty : DEFAULT_TTYNAME,
++                                 o_default, 0)->export = v_export;
++        }
+ #endif
+ 
+   /* Reset in case the switches changed our minds.  */
+diff --git a/makeint.h b/makeint.h
+index 6223936..2009f41 100644
+--- a/makeint.h
++++ b/makeint.h
+@@ -436,10 +436,11 @@ extern struct rlimit stack_limit;
+ /* The number of bytes needed to represent the largest integer as a string.  */
+ #define INTSTR_LENGTH         CSTRLEN ("18446744073709551616")
+ 
++#define DEFAULT_TTYNAME "true"
+ #ifdef HAVE_TTYNAME
+ # define TTYNAME(_f) ttyname (_f)
+ #else
+-# define TTYNAME(_f) "true"
++# define TTYNAME(_f) DEFAULT_TTYNAME
+ #endif
+ 
+ \f
+-- 
+1.9.1
+
diff --git a/meta/recipes-devtools/make/make_4.1.bb b/meta/recipes-devtools/make/make_4.1.bb
index a1b0d7c..78fe0b5 100644
--- a/meta/recipes-devtools/make/make_4.1.bb
+++ b/meta/recipes-devtools/make/make_4.1.bb
@@ -4,6 +4,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504 \
                     file://glob/COPYING.LIB;md5=4a770b67e6be0f60da244beb2de0fce4"
 require make.inc
 
+SRC_URI += "file://0001-main.c-main-SV-43434-Handle-NULL-returns-from-ttynam.patch"
+
 EXTRA_OECONF += "--without-guile"
 
 SRC_URI[md5sum] = "57a7a224a822f94789a587ccbcedff69"
-- 
1.7.9.5

[PATCH 3/4] dhcp: CVE-2015-8605

[Robert Yang]

From: Mariano Lopez <mariano.lopez@linux.intel.com>

ISC DHCP allows remote attackers to cause a denial of
service (application crash) via an invalid length field
in a UDP IPv4 packet.

(From OE-Core master rev: f9739b7fa8d08521dc5e42a169753d4c75074ec7)

Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../dhcp/dhcp/CVE-2015-8605.patch                  |   99 ++++++++++++++++++++
 meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb       |    1 +
 2 files changed, 100 insertions(+)
 create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch

diff --git a/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch b/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
new file mode 100644
index 0000000..923d5d5
--- /dev/null
+++ b/meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
@@ -0,0 +1,99 @@
+Solves CVE-2015-8605 that caused DoS when an invalid lenght field in IPv4 UDP
+was recived by the server.
+
+Upstream-Status: Backport
+CVE: CVE-2015-8605
+
+Signed-off-by: Mariano Lopez <mariano.lopez@linux.intel.com>
+
+=======================================================================
+diff --git a/common/packet.c b/common/packet.c
+index b530432..e600e37 100644
+--- a/common/packet.c
++++ b/common/packet.c
+@@ -220,7 +220,28 @@ ssize_t decode_hw_header (interface, buf, bufix, from)
+ 	}
+ }
+ 
+-/* UDP header and IP header decoded together for convenience. */
++/*!
++ *
++ * \brief UDP header and IP header decoded together for convenience.
++ *
++ * Attempt to decode the UDP and IP headers and, if necessary, checksum
++ * the packet.
++ *
++ * \param inteface - the interface on which the packet was recevied
++ * \param buf - a pointer to the buffer for the received packet
++ * \param bufix - where to start processing the buffer, previous
++ *                routines may have processed parts of the buffer already
++ * \param from - space to return the address of the packet sender
++ * \param buflen - remaining length of the buffer, this will have been
++ *                 decremented by bufix by the caller
++ * \param rbuflen - space to return the length of the payload from the udp
++ *                  header
++ * \param csum_ready - indication if the checksum is valid for use
++ *                     non-zero indicates the checksum should be validated
++ *
++ * \return - the index to the first byte of the udp payload (that is the
++ *           start of the DHCP packet
++ */
+ 
+ ssize_t
+ decode_udp_ip_header(struct interface_info *interface,
+@@ -231,7 +252,7 @@ decode_udp_ip_header(struct interface_info *interface,
+   unsigned char *data;
+   struct ip ip;
+   struct udphdr udp;
+-  unsigned char *upp, *endbuf;
++  unsigned char *upp;
+   u_int32_t ip_len, ulen, pkt_len;
+   static unsigned int ip_packets_seen = 0;
+   static unsigned int ip_packets_bad_checksum = 0;
+@@ -241,11 +262,8 @@ decode_udp_ip_header(struct interface_info *interface,
+   static unsigned int udp_packets_length_overflow = 0;
+   unsigned len;
+ 
+-  /* Designate the end of the input buffer for bounds checks. */
+-  endbuf = buf + bufix + buflen;
+-
+   /* Assure there is at least an IP header there. */
+-  if ((buf + bufix + sizeof(ip)) > endbuf)
++  if (sizeof(ip) > buflen)
+ 	  return -1;
+ 
+   /* Copy the IP header into a stack aligned structure for inspection.
+@@ -257,13 +275,17 @@ decode_udp_ip_header(struct interface_info *interface,
+   ip_len = (*upp & 0x0f) << 2;
+   upp += ip_len;
+ 
+-  /* Check the IP packet length. */
++  /* Check packet lengths are within the buffer:
++   * first the ip header (ip_len)
++   * then the packet length from the ip header (pkt_len)
++   * then the udp header (ip_len + sizeof(udp)
++   * We are liberal in what we accept, the udp payload should fit within
++   * pkt_len, but we only check against the full buffer size.
++   */
+   pkt_len = ntohs(ip.ip_len);
+-  if (pkt_len > buflen)
+-	return -1;
+-
+-  /* Assure after ip_len bytes that there is enough room for a UDP header. */
+-  if ((upp + sizeof(udp)) > endbuf)
++  if ((ip_len > buflen) ||
++      (pkt_len > buflen) ||
++      ((ip_len + sizeof(udp)) > buflen))
+ 	  return -1;
+ 
+   /* Copy the UDP header into a stack aligned structure for inspection. */
+@@ -284,7 +306,8 @@ decode_udp_ip_header(struct interface_info *interface,
+ 	return -1;
+ 
+   udp_packets_length_checked++;
+-  if ((upp + ulen) > endbuf) {
++  /* verify that the payload length from the udp packet fits in the buffer */
++  if ((ip_len + ulen) > buflen) {
+ 	udp_packets_length_overflow++;
+ 	if (((udp_packets_length_checked > 4) &&
+ 	     (udp_packets_length_overflow != 0)) &&
diff --git a/meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb b/meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb
index b4a05fc..31c4cbd 100644
--- a/meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb
+++ b/meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb
@@ -6,6 +6,7 @@ SRC_URI += "file://dhcp-3.0.3-dhclient-dbus.patch;striplevel=0 \
             file://fixsepbuild.patch \
             file://dhclient-script-drop-resolv.conf.dhclient.patch \
             file://replace-ifconfig-route.patch \
+            file://CVE-2015-8605.patch \
            "
 
 SRC_URI[md5sum] = "5a284875dd2c12ddd388416d69156a67"
-- 
1.7.9.5

[PATCH 4/4] license.bbclass: fix host contamination warnings for license files

[Robert Yang]

From: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>

We get below host contamination warnings of license files for
each recipe, when we try to create a separate ${PN}-lic package (which
contains license files), by setting LICENSE_CREATE_PACKAGE equal to "1"
in local.conf.

-- snip --
WARNING: QA Issue: libcgroup: /libcgroup-lic/usr/share/licenses/libcgroup/generic_LGPLv2.1 is owned by uid 5001, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
WARNING: QA Issue: attr: /attr-lic/usr/share/licenses/attr/libattr.c is owned by uid 5001, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
WARNING: QA Issue: bash: /bash-lic/usr/share/licenses/bash/COPYING is owned by uid 5001, which is the same as the user running bitbake. This may be due to host contamination [host-user-contaminated]
-- CUT --

Since the license files from source and OE-core, are populated in a normal
shell environment rather in pseudo environment (fakeroot); the ownership of
these files will be same as host user running bitbake. During the do_package
task (which runs in pseudo environment (fakeroot)), os.link preserves the
ownership of these license files as host user instead of root user.
This causes license files to have UID same as host user id and resulting in
above warnings during do_package_qa task.

Changing ownership of license files to root user (which has UID and GID as 0)
under pseudo environment will solve above warnings, and on exiting pseudo
environment the license files will continue to be owned by host user. Perform
this manipulation within try/except statements, as tasks which are not exected
under pseudo (such as do_populate_lic) result in OSError when trying to
change ownership of license files.

(From OE-Core master rev: a411e96c3989bc9ffbd870b54cd6a7ad2e9f2c61)

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta/classes/license.bbclass |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index 8ad4614..c714da3 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -185,6 +185,16 @@ def copy_license_files(lic_files_paths, destdir):
                 os.remove(dst)
             if os.access(src, os.W_OK) and (os.stat(src).st_dev == os.stat(destdir).st_dev):
                 os.link(src, dst)
+                try:
+                    os.chown(dst,0,0)
+                except OSError as err:
+                    import errno
+                    if err.errno == errno.EPERM:
+                        # suppress "Operation not permitted" error, as
+                        # sometimes this function is not executed under pseudo
+                        pass
+                    else:
+                        raise
             else:
                 shutil.copyfile(src, dst)
         except Exception as e:
-- 
1.7.9.5

Re: [PATCH 0/4] [jethro] Consolidated pull

[Robert Yang]

On 03/14/2016 02:51 PM, Robert Yang wrote:
> The following changes since commit 1a51bb69b7600cbe6da7928d46e0ea058a14ccde:
>
>    base: check for existing prefix when expanding names in PACKAGECONFIG (2016-03-11 23:15:01 +0000)
>
> are available in the git repository at:
>
>    git://git.openembedded.org/openembedded-core-contrib rbt/jethro-next
>    http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/jethro-next

Added another patch:

Chang Rebecca Swee Fun (2):
       tune-corei7.inc: Fix PACKAGE_EXTRA_ARCHS for corei7-32

// Robert

>
> Chang Rebecca Swee Fun (1):
>    make 4.1: fix segfault when ttyname fails
>
> Jagadeesh Krishnanjanappa (1):
>    license.bbclass: fix host contamination warnings for license files
>
> Mariano Lopez (1):
>    dhcp: CVE-2015-8605
>
> Peter Kjellerstedt (1):
>    lib/oe/patch: Make GitApplyTree._applypatch() support read-only
>      .git/hooks
>
>   meta/classes/license.bbclass                       |   10 ++
>   meta/lib/oe/patch.py                               |   26 +++--
>   .../dhcp/dhcp/CVE-2015-8605.patch                  |   99 ++++++++++++++++++++
>   meta/recipes-connectivity/dhcp/dhcp_4.3.2.bb       |    1 +
>   ...-SV-43434-Handle-NULL-returns-from-ttynam.patch |   63 +++++++++++++
>   meta/recipes-devtools/make/make_4.1.bb             |    2 +
>   6 files changed, 187 insertions(+), 14 deletions(-)
>   create mode 100644 meta/recipes-connectivity/dhcp/dhcp/CVE-2015-8605.patch
>   create mode 100644 meta/recipes-devtools/make/make-4.1/0001-main.c-main-SV-43434-Handle-NULL-returns-from-ttynam.patch
>