[OE-core] udev/mount.sh: use lazy umount

2016-10-10 Thread Matthijs Vader 
Hi,

umount will fail if there are processes accessing files at the device, use lazy 
umount to avoid this problem.

I found this patch [1] a long long time ago, but don't see it in master now.

Any reason why it was not accepted? Is there any harm in using lazy umount?

I know that it is not a 100% solution, and that it is best to make the user 
trigger an umount before taking a card out. But that will not be done every 
time.

And without lazy unmount, the device will never be unmounted, causing the next 
mount (triggered by an insert) to fail as well.

See also the discussion on our own issue tracker [2].

[1] 
http://lists.openembedded.org/pipermail/openembedded-devel/2010-June/066241.html

[2] https://github.com/victronenergy/venus/issues/59

Best regards,

Matthijs
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] devtool: Only register each plugin once

2016-10-10 Thread Christopher Larson 
On Mon, Oct 10, 2016 at 7:19 AM, Ola x Nilsson 
wrote:

> When a devtool plugin is shadowed in a higher-priorty layer the
> register_commands method was called on the shadowing plugin once for
> each found plugin with that name.  A simple unique operation on the list
> of loaded plugins solves that problem.  It may still be a problem that
> each plugin - shadowed or not - is loaded and initialized.
>
> Signed-off-by: Ola x Nilsson 
> ---
>  scripts/devtool | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/devtool b/scripts/devtool
> index 0c32c50..7b134a6 100755
> --- a/scripts/devtool
> +++ b/scripts/devtool
> @@ -317,7 +317,7 @@ def main():
>  parser_create_workspace.add_argument('--create-only',
> action="store_true", help='Only create the workspace layer, do not alter
> configuration')
>  parser_create_workspace.set_defaults(func=create_workspace,
> no_workspace=True)
>
> -for plugin in plugins:
> +for plugin in set(plugins):
>  if hasattr(plugin, 'register_commands'):
>  plugin.register_commands(subparsers, context)
>

This is directly comparing the plugin modules or classes, which, if there’s
shadowing going on, will almost certainly be different, and we’ll still end
up with the same commands registered multiple times. And of course, use of
set will also change the plugin command registration order. If we’re going
to ignore commands on some of the plugins, it should have avoided loading
them entirely, not load them and then prevent registration. We should
change the plugin *loading* to only load the highest priority (first seen
in bbpath) file for a given .py, based on the file / module name, IMO.
-- 
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH][master][krogoth] archiver: fix gcc-source handling

2016-10-10 Thread Saul Wold 
The source archiver was not handling the gcc-source target correctly, since it 
uses the
work-shared directory, we don't want to unpack and patch it twice, just as the 
comments
say, but the code was not there to check for the gcc-source target.

[YOCTO #10265]

Signed-off-by: Saul Wold 
---

 meta/classes/archiver.bbclass | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/classes/archiver.bbclass b/meta/classes/archiver.bbclass
index 1d8e863..9239983 100644
--- a/meta/classes/archiver.bbclass
+++ b/meta/classes/archiver.bbclass
@@ -303,9 +303,10 @@ python do_unpack_and_patch() {
 return
 ar_outdir = d.getVar('ARCHIVER_OUTDIR', True)
 ar_workdir = d.getVar('ARCHIVER_WORKDIR', True)
+pn = d.getVar('PN', True)
 
 # The kernel class functions require it to be on work-shared, so we dont 
change WORKDIR
-if not bb.data.inherits_class('kernel-yocto', d):
+if not (bb.data.inherits_class('kernel-yocto', d) or 
pn.startswith('gcc-source')):
 # Change the WORKDIR to make do_unpack do_patch run in another dir.
 d.setVar('WORKDIR', ar_workdir)
 
@@ -323,7 +324,7 @@ python do_unpack_and_patch() {
 oe.path.copytree(src, src_orig)
 
 # Make sure gcc and kernel sources are patched only once
-if not ((d.getVar('SRC_URI', True) == "" or 
bb.data.inherits_class('kernel-yocto', d))):
+if not (d.getVar('SRC_URI', True) == "" or 
(bb.data.inherits_class('kernel-yocto', d) or pn.startswith('gcc-source'))):
 bb.build.exec_func('do_patch', d)
 
 # Create the patches
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] connman: get the correct network interface name from dmesg during NFS booting

2016-10-10 Thread Jagadeesh Krishnanjanappa 
Following are the drawbacks with the current logic:
1. If ip=dhcp in the boot command line, then the
current code makes connman to ignore "eth0" network interface
from managing internet connections. This can cause NFS boot
failure, if the network interface used for NFS booting 
is other than "eth0".

2. If ip=bootp in the boot command line, then none of the
network interfaces are ignored. This makes connman to manage
internet connections on every active network interfaces
(including the network interface used for NFS booting), resulting
hang during NFS boot.

This patch finds the network interface used for NFS booting via dmesg.
It searches for "device=" string from dmesg output and finds
name of network interface used for NFS. The "device=" string
is printed from dmesg, if IPCONFIG_SILENT macro is disabled
in the kernel, and this macro is disabled by default.

If "device=" string is not found, then falls back to earlier logic.
The earlier logic of detecting NFS network interface is retained, as
we cannot determine the exact network interface name used during
NFS bootup.

Signed-off-by: Jagadeesh Krishnanjanappa 
---
 meta/recipes-connectivity/connman/connman/connman | 35 +--
 1 file changed, 20 insertions(+), 15 deletions(-)

diff --git a/meta/recipes-connectivity/connman/connman/connman 
b/meta/recipes-connectivity/connman/connman/connman
index c64fa0d..aae2ca6 100644
--- a/meta/recipes-connectivity/connman/connman/connman
+++ b/meta/recipes-connectivity/connman/connman/connman
@@ -29,23 +29,28 @@ done
 do_start() {
EXTRA_PARAM=""
if test $nfsroot -eq 1 ; then
-   NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 
]*\):.*$/\1/p'`
-   NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ :]*\).*$/\1/p'`
+   ethn_from_dmesg=`dmesg | grep "device="| sed 
"s|\(.*\)device=\(.*\), hwaddr=\(.*\)|\2|g"`
+   if [ ! -z "$ethn_from_dmesg" ]; then
+   EXTRA_PARAM="-I $ethn_from_dmesg"
+   else
+   NET_DEVS=`cat /proc/net/dev | sed -ne 's/^\([a-zA-Z0-9 
]*\):.*$/\1/p'`
+   NET_ADDR=`cat /proc/cmdline | sed -ne 's/^.*ip=\([^ 
:]*\).*$/\1/p'`
 
-   if [ ! -z "$NET_ADDR" ]; then
-   if [ "$NET_ADDR" = dhcp ]; then
-   ethn=`ifconfig | grep "^eth" | sed -e 
"s/\(eth[0-9]\)\(.*\)/\1/"`
-   if [ ! -z "$ethn" ]; then
-   EXTRA_PARAM="-I $ethn"
-   fi
-   else
-   for i in $NET_DEVS; do
-   ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 
's/^.*inet \([0-9.]*\) .*$/\1/p'`
-   if [ "$NET_ADDR" = "$ADDR" ]; then
-   EXTRA_PARAM="-I $i"
-   break
+   if [ ! -z "$NET_ADDR" ]; then
+   if [ "$NET_ADDR" = dhcp ]; then
+   ethn=`ifconfig | grep "^eth" | sed -e 
"s/\(eth[0-9]\)\(.*\)/\1/"`
+   if [ ! -z "$ethn" ]; then
+   EXTRA_PARAM="-I $ethn"
fi
-   done
+   else
+   for i in $NET_DEVS; do
+   ADDR=`ifconfig $i | sed 's/addr://g' | sed -ne 
's/^.*inet \([0-9.]*\) .*$/\1/p'`
+   if [ "$NET_ADDR" = "$ADDR" ]; then
+   EXTRA_PARAM="-I $i"
+   break
+   fi
+   done
+   fi
fi
fi
fi
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH] package.bbclass: allow using EXCLUDE_FROM_SHLIBS for subpackages

2016-10-10 Thread Andrii Bordunov 
Some packages containing shared libraries might be registered
as shlib providers when they shouldn't (for example, the lib is for
their private use and must not generate any dependency).

EXCLUDE_FROM_SHLIBS is targeted at that, but it could be set
for entire recipe only.

This patch expands EXCLUDE_FROM_SHLIBS usage, so now it's possible
to set it in a style similar with RDEPENDS. For example:
 EXCLUDE_FROM_SHLIBS_${PN}-ptest = "1"

Signed-off-by: Andrii Bordunov 
---
 meta/classes/package.bbclass | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/meta/classes/package.bbclass b/meta/classes/package.bbclass
index a6f0a7a..9bf43dc 100644
--- a/meta/classes/package.bbclass
+++ b/meta/classes/package.bbclass
@@ -1499,6 +1499,14 @@ python package_do_shlibs() {
 libdir_re = re.compile(".*/%s$" % d.getVar('baselib', True))
 
 packages = d.getVar('PACKAGES', True)
+
+shlib_pkgs = []
+for pkg in packages.split():
+if d.getVar('EXCLUDE_FROM_SHLIBS_' + pkg, 0):
+bb.note("not generating shlibs for %s" % pkg)
+else:
+shlib_pkgs.append(pkg)
+
 targetos = d.getVar('TARGET_OS', True)
 
 workdir = d.getVar('WORKDIR', True)
@@ -1614,7 +1622,7 @@ python package_do_shlibs() {
 needed = {}
 shlib_provider = oe.package.read_shlib_providers(d)
 
-for pkg in packages.split():
+for pkg in shlib_pkgs:
 private_libs = d.getVar('PRIVATE_LIBS_' + pkg, True) or 
d.getVar('PRIVATE_LIBS', True) or ""
 private_libs = private_libs.split()
 needs_ldconfig = False
@@ -1684,7 +1692,7 @@ python package_do_shlibs() {
 
 libsearchpath = [d.getVar('libdir', True), d.getVar('base_libdir', True)]
 
-for pkg in packages.split():
+for pkg in shlib_pkgs:
 bb.debug(2, "calculating shlib requirements for %s" % pkg)
 
 deps = list()
-- 
2.7.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH][krogoth] bash: Security fix CVE-2016-0634

2016-10-10 Thread Sona Sarmadi 
References to upstream patch:
https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-047
http://openwall.com/lists/oss-security/2016/09/16/8

Signed-off-by: Sona Sarmadi 
---
 .../recipes-extended/bash/bash/CVE-2016-0634.patch | 136 +
 meta/recipes-extended/bash/bash_4.3.30.bb  |   1 +
 2 files changed, 137 insertions(+)
 create mode 100644 meta/recipes-extended/bash/bash/CVE-2016-0634.patch

diff --git a/meta/recipes-extended/bash/bash/CVE-2016-0634.patch 
b/meta/recipes-extended/bash/bash/CVE-2016-0634.patch
new file mode 100644
index 000..71c033e
--- /dev/null
+++ b/meta/recipes-extended/bash/bash/CVE-2016-0634.patch
@@ -0,0 +1,136 @@
+Bash-Release:  4.3
+Patch-ID:  bash43-047
+
+Bug-Reported-by:   Bernd Dietzel
+Bug-Reference-ID:
+Bug-Reference-URL: 
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
+
+Bug-Description:
+
+Bash performs word expansions on the prompt strings after the special
+escape sequences are expanded.  If a malicious user can modify the system
+hostname or change the name of the bash executable and coerce a user into
+executing it, and the new name contains word expansions (including
+command substitution), bash will expand them in prompt strings containing
+the \h or \H and \s escape sequences, respectively.
+
+Patch (apply with `patch -p0')
+
+CVE:  CVE-2016-0634
+Upstream-Status: Backport
+Signed-off-by: Sona Sarmadi 
+
+*** ../bash-4.3-patched/parse.y2015-08-13 15:11:54.0 -0400
+--- parse.y2016-03-07 15:44:14.0 -0500
+***
+*** 5259,5263 
+int result_size, result_index;
+int c, n, i;
+!   char *temp, octal_string[4];
+struct tm *tm;  
+time_t the_time;
+--- 5259,5263 
+int result_size, result_index;
+int c, n, i;
+!   char *temp, *t_host, octal_string[4];
+struct tm *tm;  
+time_t the_time;
+***
+*** 5407,5411 
+   case 's':
+ temp = base_pathname (shell_name);
+!temp = savestring (temp);
+ goto add_string;
+  
+--- 5407,5415 
+   case 's':
+ temp = base_pathname (shell_name);
+!/* Try to quote anything the user can set in the file system */
+!if (promptvars || posixly_correct)
+!  temp = sh_backslash_quote_for_double_quotes (temp);
+!else
+!  temp = savestring (temp);
+ goto add_string;
+  
+***
+*** 5497,5503 
+   case 'h':
+   case 'H':
+!temp = savestring (current_host_name);
+!if (c == 'h' && (t = (char *)strchr (temp, '.')))
+   *t = '\0';
+ goto add_string;
+  
+--- 5501,5515 
+   case 'h':
+   case 'H':
+!t_host = savestring (current_host_name);
+!if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+   *t = '\0';
++if (promptvars || posixly_correct)
++  /* Make sure that expand_prompt_string is called with a
++ second argument of Q_DOUBLE_QUOTES if we use this
++ function here. */
++  temp = sh_backslash_quote_for_double_quotes (t_host);
++else
++  temp = savestring (t_host);
++free (t_host);
+ goto add_string;
+  
+*** ../bash-4.3-patched/y.tab.c2015-08-13 15:11:54.0 -0400
+--- y.tab.c2016-03-07 15:44:14.0 -0500
+***
+*** 7571,7575 
+int result_size, result_index;
+int c, n, i;
+!   char *temp, octal_string[4];
+struct tm *tm;  
+time_t the_time;
+--- 7571,7575 
+int result_size, result_index;
+int c, n, i;
+!   char *temp, *t_host, octal_string[4];
+struct tm *tm;  
+time_t the_time;
+***
+*** 7719,7723 
+   case 's':
+ temp = base_pathname (shell_name);
+!temp = savestring (temp);
+ goto add_string;
+  
+--- 7719,7727 
+   case 's':
+ temp = base_pathname (shell_name);
+!/* Try to quote anything the user can set in the file system */
+!if (promptvars || posixly_correct)
+!  temp = sh_backslash_quote_for_double_quotes (temp);
+!else
+!  temp = savestring (temp);
+ goto add_string;
+  
+***
+*** 7809,7815 
+   case 'h':
+   case 'H':
+!temp = savestring (current_host_name);
+!if (c == 'h' && (t = (char *)strchr (temp, '.')))
+   *t = '\0';
+ goto add_string;
+  
+--- 7813,7827 
+   case 'h':
+   case 'H':
+!t_host = savestring (current_host_name);
+!if (c == 'h' && (t = (char *)strchr (t_host, '.')))
+   *t = '\0';
++if (promptvars || posixly_correct)
++  /* Make sure that expand_prompt_string is

[OE-core] [PATCH] devtool: Only register each plugin once

2016-10-10 Thread Ola x Nilsson 
When a devtool plugin is shadowed in a higher-priorty layer the
register_commands method was called on the shadowing plugin once for
each found plugin with that name.  A simple unique operation on the list
of loaded plugins solves that problem.  It may still be a problem that
each plugin - shadowed or not - is loaded and initialized.

Signed-off-by: Ola x Nilsson 
---
 scripts/devtool | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/devtool b/scripts/devtool
index 0c32c50..7b134a6 100755
--- a/scripts/devtool
+++ b/scripts/devtool
@@ -317,7 +317,7 @@ def main():
 parser_create_workspace.add_argument('--create-only', 
action="store_true", help='Only create the workspace layer, do not alter 
configuration')
 parser_create_workspace.set_defaults(func=create_workspace, 
no_workspace=True)
 
-for plugin in plugins:
+for plugin in set(plugins):
 if hasattr(plugin, 'register_commands'):
 plugin.register_commands(subparsers, context)
 
-- 
2.1.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH V2] subprocess: remove strings and migrate to direct arrays

2016-10-10 Thread Christopher Larson 
On Sun, Oct 9, 2016 at 4:44 AM, Richard Purdie <
richard.pur...@linuxfoundation.org> wrote:

> On Thu, 2016-10-06 at 20:09 -0700, Stephano Cetola wrote:
> >
> > When using subprocess call and check_output, it is better to use
> > arrays
> > rather than strings when possible to avoid whitespace and quoting
> > problems.
> >
> > [ YOCTO #9342 ]
> >
> > Signed-off-by: Stephano Cetola 
> > ---
> >  meta/lib/oe/distro_check.py|   2 +-
> >  meta/lib/oe/package.py |  13 +--
> >  meta/lib/oe/package_manager.py | 218 ---
> > --
> >  3 files changed, 114 insertions(+), 119 deletions(-)
> This triggered a lot of errors on the autobuilder:
>
> http://autobuilder.yocto.io:8010/builders/build-appliance/builds/70
> http://autobuilder.yocto.io:8010/builders/nightly-x86/builds/75
> http://autobuilder.yocto.io:8010/builders/nightly-x86-64/builds/73
> http://autobuilder.yocto.io:8010/builders/nightly-x86-64-lsb/builds/72
> http://autobuilder.yocto.io:8010/builders/nightly-x86-lsb/builds/73
> http://autobuilder.yocto.io:8010/builders/nightly-wic/builds/73
> http://autobuilder.yocto.io:8010/builders/nightly-qa-extras/builds/55
> http://autobuilder.yocto.io:8010/builders/nightly-oe-selftest/builds/70
> http://autobuilder.yocto.io:8010/builders/nightly-multilib/builds/78
>
> and similar errors on the main AB. I've confirmed it is this patch
> which causes the issue. Presumably some errors are occurring but are
> currently silently being ignored?
>
> Its probably worth looking into what is going on in case there is some
> real issue here but at this point given the complexity of the changes
> I'm leaning towwards deferring this for 2.3.


I’m a bit curious about why this was queued for 2.2 anyway, given it’s not
a clear bugfix. Are we not past the feature freeze date?
-- 
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH V2] subprocess: remove strings and migrate to direct arrays

2016-10-10 Thread Stephano Cetola 
On 10/09, Richard Purdie wrote:
> On Thu, 2016-10-06 at 20:09 -0700, Stephano Cetola wrote:
> > 
> > When using subprocess call and check_output, it is better to use
> > arrays
> > rather than strings when possible to avoid whitespace and quoting
> > problems.
> > 
> > [ YOCTO #9342 ]
> > 
> > Signed-off-by: Stephano Cetola 
> > ---
> >  meta/lib/oe/distro_check.py|   2 +-
> >  meta/lib/oe/package.py |  13 +--
> >  meta/lib/oe/package_manager.py | 218 ---
> > --
> >  3 files changed, 114 insertions(+), 119 deletions(-)
> This triggered a lot of errors on the autobuilder:
> 
> http://autobuilder.yocto.io:8010/builders/build-appliance/builds/70
> http://autobuilder.yocto.io:8010/builders/nightly-x86/builds/75
> http://autobuilder.yocto.io:8010/builders/nightly-x86-64/builds/73
> http://autobuilder.yocto.io:8010/builders/nightly-x86-64-lsb/builds/72
> http://autobuilder.yocto.io:8010/builders/nightly-x86-lsb/builds/73
> http://autobuilder.yocto.io:8010/builders/nightly-wic/builds/73
> http://autobuilder.yocto.io:8010/builders/nightly-qa-extras/builds/55
> http://autobuilder.yocto.io:8010/builders/nightly-oe-selftest/builds/70
> http://autobuilder.yocto.io:8010/builders/nightly-multilib/builds/78
> 
> and similar errors on the main AB. I've confirmed it is this patch
> which causes the issue. Presumably some errors are occurring but are
> currently silently being ignored?

The solution here is probably to write a thorough test for
package_manager.py. I imagine that is the culprit. I'm fine with
moving this to 2.3 and I'll add a bug to create a robust set of
tests. 

> 
> Its probably worth looking into what is going on in case there is some
> real issue here but at this point given the complexity of the changes
> I'm leaning towwards deferring this for 2.3.
> 
> Cheers,
> 
> Richard
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] [PATCH] guile: Remove bashisms

2016-10-10 Thread Burton, Ross 
On 26 September 2016 at 07:51,  wrote:

> Remove bashisms from do_populate_sysroot task
>

This causes a change of behaviour that results in a stage error:

ERROR: guile-2.0.12-r0 do_populate_sysroot: The recipe guile is trying to
install files into a shared area when those files already exist. Those
files and their manifest location are:

 
/data/poky-master/tmp-glibc/sysroots/intel-corei7-64/usr/bin/crossscripts/guile-config
 Matched in b''
Please verify which recipe should provide the above files.

Ross
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] CVE-2016-0634 -- bash prompt expanding $HOSTNAME patch for krogoth

2016-10-10 Thread Burton, Ross 
On 10 October 2016 at 12:35, Sona Sarmadi  wrote:

> I guess you mean striplevel? Right? It didn’t work with stripnum but it
> worked with striplevel:
>
>
Yeah, sorry, I've a cold trying to drown my brain.  pnum is the deprecated
name, stripelevel is the replacement.

Ross
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] CVE-2016-0634 -- bash prompt expanding $HOSTNAME patch for krogoth

2016-10-10 Thread Sona Sarmadi 
Thanks Ross,
I guess you mean striplevel? Right? It didn’t work with stripnum but it worked 
with striplevel:

  file://CVE-2016-0634.patch;striplevel=0 \

From: Burton, Ross [mailto:ross.bur...@intel.com]
Sent: den 10 oktober 2016 13:26
To: Sona Sarmadi 
Cc: Armin Kuster (akuster...@gmail.com) ; 
openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] CVE-2016-0634 -- bash prompt expanding $HOSTNAME patch 
for krogoth


On 10 October 2016 at 10:49, Sona Sarmadi 
> wrote:
ERROR: bash-4.3.30-r0 do_patch: Command Error: 'quilt --quiltrc 
/data/fb/hopo/6.0/poky/build-qemuppc/tmp/sysroots/x86_64-linux/etc/quiltrc 
push' exited with 1  Output:
Applying patch CVE-2016-0634.patch
can't find file to patch at input line 25
Perhaps you used the wrong -p or --strip option?

If the patch needs -p0 then you need to tell bitbake this with the ;stripnum=0 
parameter in SRC_URI.

Ross
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [OE-core] CVE-2016-0634 -- bash prompt expanding $HOSTNAME patch for krogoth

2016-10-10 Thread Burton, Ross 
On 10 October 2016 at 10:49, Sona Sarmadi  wrote:

> ERROR: bash-4.3.30-r0 do_patch: Command Error: 'quilt --quiltrc
> /data/fb/hopo/6.0/poky/build-qemuppc/tmp/sysroots/x86_64-linux/etc/quiltrc
> push' exited with 1  Output:
> Applying patch CVE-2016-0634.patch
> can't find file to patch at input line 25
> Perhaps you used the wrong -p or --strip option?
>

If the patch needs -p0 then you need to tell bitbake this with the
;stripnum=0 parameter in SRC_URI.

Ross
-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] CVE-2016-0634 -- bash prompt expanding $HOSTNAME patch for krogoth

2016-10-10 Thread Sona Sarmadi 
Hi Armin,

I am trying to backport the following patch to bash in krogoth:
https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-047

Reference to CVE assignment: http://openwall.com/lists/oss-security/2016/09/16/8

The patch can be applied with: `patch -p0'

"patch -p0 < ~/security-patches/CVE-2016-0634.patch

poky/build-qemuppc/tmp/work/ppc7400-enea-linux/bash/4.3.30-r0/bash-4.3.30# 
patch -p0 < CVE-2016-0634.patch
patching file parse.y
Hunk #1 succeeded at 5257 (offset -2 lines).
Hunk #2 succeeded at 5405 (offset -2 lines).
Hunk #3 succeeded at 5499 (offset -2 lines).
patching file y.tab.c
Hunk #1 succeeded at 7569 (offset -2 lines).
Hunk #2 succeeded at 7717 (offset -2 lines).
Hunk #3 succeeded at 7811 (offset -2 lines).
root@sestofb10:/media/data/fb/hopo/6.0/poky/build-qemuppc/tmp/work/ppc7400-enea-linux/bash/4.3.30-r0/bash-4.3.30#

But when I add it to the bash recipe and run bitbake I get error (I guess patch 
-p1 does not work). Do you know how can I solve this issue?
ERROR: bash-4.3.30-r0 do_patch: Command Error: 'quilt --quiltrc 
/data/fb/hopo/6.0/poky/build-qemuppc/tmp/sysroots/x86_64-linux/etc/quiltrc 
push' exited with 1  Output:
Applying patch CVE-2016-0634.patch
can't find file to patch at input line 25
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--
|Bash-Release:  4.3
|Patch-ID:  bash43-047
|
|Bug-Reported-by:   Bernd Dietzel
|Bug-Reference-ID:
|Bug-Reference-URL: 
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
|
|Bug-Description:
|
|Bash performs word expansions on the prompt strings after the special
|escape sequences are expanded.  If a malicious user can modify the system
|hostname or change the name of the bash executable and coerce a user into
|executing it, and the new name contains word expansions (including
|command substitution), bash will expand them in prompt strings containing
|the \h or \H and \s escape sequences, respectively.
|
|Patch (apply with `patch -p0')
|
|CVE:  CVE-2016-0634
|Upstream-Status: Backport
|Signed-off-by: Sona Sarmadi 
|
|*** ../bash-4.3-patched/parse.y2015-08-13 15:11:54.0 -0400
|--- parse.y2016-03-07 15:44:14.0 -0500
--
No file to patch.  Skipping patch.
3 out of 3 hunks ignored
can't find file to patch at input line 82
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--
|*** ../bash-4.3-patched/y.tab.c2015-08-13 15:11:54.0 -0400
|--- y.tab.c2016-03-07 15:44:14.0 -0500
--


Thanks
//Sona


-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 0/4] flex & gnutls fixes

2016-10-10 Thread Jussi Kukkonen 
Backported cve fixes for flex and gnutls.

Also minor improvement to error handling in depexp.

 - Jussi



The following changes since commit b9d6a7cc234f44e44e5421191924b7463e9c0a9d:

  bitbake: main: Check bitbake server-only port is a number (2016-10-09 
12:33:26 +0100)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib jku/m4-fixes
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=jku/m4-fixes

Jussi Kukkonen (4):
  gnutls: Backport certificate check fix
  flex: Update upstream check uri
  flex: Backport buffer overflow fix
  depexp: Close UI with error message on NoProvider event

 bitbake/lib/bb/ui/depexp.py| 24 +
 .../recipes-devtools/flex/flex/CVE-2016-6354.patch | 59 ++
 meta/recipes-devtools/flex/flex_2.6.0.bb   |  3 ++
 .../gnutls/gnutls/CVE-2016-7444.patch  | 35 +
 meta/recipes-support/gnutls/gnutls_3.5.3.bb|  1 +
 5 files changed, 122 insertions(+)
 create mode 100644 meta/recipes-devtools/flex/flex/CVE-2016-6354.patch
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch

-- 
2.1.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 2/4] flex: Update upstream check uri

2016-10-10 Thread Jussi Kukkonen 
Flex has moved to github, update UPSTREAM_CHECK_URI.

Signed-off-by: Jussi Kukkonen 
---
 meta/recipes-devtools/flex/flex_2.6.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb 
b/meta/recipes-devtools/flex/flex_2.6.0.bb
index db2cf1c..3a45752 100644
--- a/meta/recipes-devtools/flex/flex_2.6.0.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.0.bb
@@ -21,6 +21,8 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/flex/flex-${PV}.tar.bz2 \
 SRC_URI[md5sum] = "266270f13c48ed043d95648075084d59"
 SRC_URI[sha256sum] = 
"24e611ef5a4703a191012f80c1027dc9d12555183ce0ecd46f3636e587e9b8e9"
 
+# Flex has moved to github from 2.6.1 onwards
+UPSTREAM_CHECK_URI = "https://github.com/westes/flex/releases;
 UPSTREAM_CHECK_REGEX = "flex-(?P\d+(\.\d+)+)\.tar"
 
 inherit autotools gettext texinfo ptest
-- 
2.1.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 4/4] depexp: Close UI with error message on NoProvider event

2016-10-10 Thread Jussi Kukkonen 
Without this the UI just sits there doing nothing. Showing an
infobar in-UI would be nicer but not much more useful since currently
user couldn't do anything in-UI to fix the situation. Implementation
is based on the one in knotty.

Fixes [YOCTO #9288]

Signed-off-by: Jussi Kukkonen 
---
 bitbake/lib/bb/ui/depexp.py | 24 
 1 file changed, 24 insertions(+)

diff --git a/bitbake/lib/bb/ui/depexp.py b/bitbake/lib/bb/ui/depexp.py
index 995703d..d879e04 100644
--- a/bitbake/lib/bb/ui/depexp.py
+++ b/bitbake/lib/bb/ui/depexp.py
@@ -301,6 +301,30 @@ def main(server, eventHandler, params):
 if isinstance(event, bb.command.CommandCompleted):
 continue
 
+if isinstance(event, bb.event.NoProvider):
+if event._runtime:
+r = "R"
+else:
+r = ""
+
+extra = ''
+if not event._reasons:
+if event._close_matches:
+extra = ". Close matches:\n  %s" % '\n  
'.join(event._close_matches)
+
+if event._dependees:
+print("Nothing %sPROVIDES '%s' (but %s %sDEPENDS on or 
otherwise requires it)%s" % r, event._item, ", ".join(event._dependees), r, 
extra)
+else:
+print("Nothing %sPROVIDES '%s'%s" % (r, event._item, 
extra))
+if event._reasons:
+for reason in event._reasons:
+print(reason)
+
+_, error = server.runCommand(["stateShutdown"])
+if error:
+print('Unable to cleanly shutdown: %s' % error)
+break
+
 if isinstance(event, bb.command.CommandFailed):
 print("Command execution failed: %s" % event.error)
 return event.exitcode
-- 
2.1.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 1/4] gnutls: Backport certificate check fix

2016-10-10 Thread Jussi Kukkonen 
Previously the OCSP certificate check wouldn't verify the serial
length and could succeed in cases it shouldn't (CVE-2016-7444).

Signed-off-by: Jussi Kukkonen 
---
 .../gnutls/gnutls/CVE-2016-7444.patch  | 35 ++
 meta/recipes-support/gnutls/gnutls_3.5.3.bb|  1 +
 2 files changed, 36 insertions(+)
 create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch

diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch 
b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
new file mode 100644
index 000..215be5a
--- /dev/null
+++ b/meta/recipes-support/gnutls/gnutls/CVE-2016-7444.patch
@@ -0,0 +1,35 @@
+CVE: CVE-2016-7444
+Upstream-Status: Backport
+Signed-off-by: Jussi Kukkonen 
+
+Upstream commit follows:
+
+
+From 964632f37dfdfb914ebc5e49db4fa29af35b1de9 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos 
+Date: Sat, 27 Aug 2016 17:00:22 +0200
+Subject: [PATCH] ocsp: corrected the comparison of the serial size in OCSP 
response
+
+Previously the OCSP certificate check wouldn't verify the serial length
+and could succeed in cases it shouldn't.
+
+Reported by Stefan Buehler.
+---
+ lib/x509/ocsp.c | 1 +
+ 1 file changed, 1 insertion(+), 0 deletions(-)
+
+diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
+index 92db9b6..8181f2e 100644
+--- a/lib/x509/ocsp.c
 b/lib/x509/ocsp.c
+@@ -1318,6 +1318,7 @@ gnutls_ocsp_resp_check_crt(gnutls_ocsp_resp_t resp,
+   gnutls_assert();
+   goto cleanup;
+   }
++  cserial.size = t;
+ 
+   if (rserial.size != cserial.size
+   || memcmp(cserial.data, rserial.data, rserial.size) != 0) {
+--
+libgit2 0.24.0
+
diff --git a/meta/recipes-support/gnutls/gnutls_3.5.3.bb 
b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
index 8317eb4..b2dbb07 100644
--- a/meta/recipes-support/gnutls/gnutls_3.5.3.bb
+++ b/meta/recipes-support/gnutls/gnutls_3.5.3.bb
@@ -4,6 +4,7 @@ SRC_URI += "file://correct_rpl_gettimeofday_signature.patch \
 file://0001-configure.ac-fix-sed-command.patch \
 file://use-pkg-config-to-locate-zlib.patch \
 file://0001-Use-correct-include-dir-with-minitasn.patch \
+file://CVE-2016-7444.patch \
"
 SRC_URI[md5sum] = "6c2c7f40ddf52933ee3ca474cb8cb63c"
 SRC_URI[sha256sum] = 
"92c4bc999a10a1b95299ebefaeea8333f19d8a98d957a35b5eae74881bdb1fef"
-- 
2.1.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [PATCH 3/4] flex: Backport buffer overflow fix

2016-10-10 Thread Jussi Kukkonen 
Fix a heap-based buffer overflow in yy_get_next_buffer()
(CVE-2016-6354).

Signed-off-by: Jussi Kukkonen 
---
 .../recipes-devtools/flex/flex/CVE-2016-6354.patch | 59 ++
 meta/recipes-devtools/flex/flex_2.6.0.bb   |  1 +
 2 files changed, 60 insertions(+)
 create mode 100644 meta/recipes-devtools/flex/flex/CVE-2016-6354.patch

diff --git a/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch 
b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch
new file mode 100644
index 000..216ac7a
--- /dev/null
+++ b/meta/recipes-devtools/flex/flex/CVE-2016-6354.patch
@@ -0,0 +1,59 @@
+From 3939eccdff598f47e5b37b05d58bf1b44d3796e7 Mon Sep 17 00:00:00 2001
+From: Jussi Kukkonen 
+Date: Fri, 7 Oct 2016 14:15:38 +0300
+Subject: [PATCH] Prevent buffer overflow in yy_get_next_buffer
+
+This is upstream commit a5cbe929ac3255d371e698f62dc256afe7006466
+with some additional backporting to make binutils build again.
+
+Upstream-Status: Backport
+CVE: CVE-2016-6354
+Signed-off-by: Jussi Kukkonen 
+---
+ src/flex.skl | 2 +-
+ src/scan.c   | 2 +-
+ src/skel.c   | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/flex.skl b/src/flex.skl
+index ed71627..814d562 100644
+--- a/src/flex.skl
 b/src/flex.skl
+@@ -1718,7 +1718,7 @@ int yyFlexLexer::yy_get_next_buffer()
+ 
+   else
+   {
+-  yy_size_t num_to_read =
++  int num_to_read =
+   YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move 
- 1;
+ 
+   while ( num_to_read <= 0 )
+diff --git a/src/scan.c b/src/scan.c
+index f1dce75..1949872 100644
+--- a/src/scan.c
 b/src/scan.c
+@@ -4181,7 +4181,7 @@ static int yy_get_next_buffer (void)
+ 
+   else
+   {
+-  yy_size_t num_to_read =
++  int num_to_read =
+   YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move 
- 1;
+ 
+   while ( num_to_read <= 0 )
+diff --git a/src/skel.c b/src/skel.c
+index 26cc889..0344d18 100644
+--- a/src/skel.c
 b/src/skel.c
+@@ -1929,7 +1929,7 @@ const char *skel[] = {
+   "",
+   "   else",
+   "   {",
+-  "   yy_size_t num_to_read =",
++  "   int num_to_read =",
+   "   YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move 
- 1;",
+   "",
+   "   while ( num_to_read <= 0 )",
+-- 
+2.1.4
+
diff --git a/meta/recipes-devtools/flex/flex_2.6.0.bb 
b/meta/recipes-devtools/flex/flex_2.6.0.bb
index 3a45752..ab35b09 100644
--- a/meta/recipes-devtools/flex/flex_2.6.0.bb
+++ b/meta/recipes-devtools/flex/flex_2.6.0.bb
@@ -15,6 +15,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/flex/flex-${PV}.tar.bz2 \
file://do_not_create_pdf_doc.patch \

file://0001-tests-add-a-target-for-building-tests-without-runnin.patch \
file://0002-avoid-c-comments-in-c-code-fails-with-gcc-6.patch \
+   file://CVE-2016-6354.patch \
${@bb.utils.contains('PTEST_ENABLED', '1', '', 
'file://disable-tests.patch', d)} \
"
 
-- 
2.1.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [wic][PATCH] canned-wks: use GPT partition table

2016-10-10 Thread Ed Bartosh 
According to UEFI specification all EFI platforms must support
GUID Partition Table(GPT) disk layout. Here is a list of advantages
of using GPT disk layout over the legacy MBR partitioning:

 - Logical Block Addresses (LBAs) are 64 bits (rather than 32 bits).
 - Supports many partitions (rather than just four primary partitions).
 - Provides both a primary and backup partition table for redundancy.
 - Uses version number and size fields for future expansion.
 - Uses CRC32 fields for improved data integrity.
 - Defines a GUID for uniquely identifying each partition.
 - Uses a GUID and attributes to define partition content type.
 - Each partition contains a 36 character human readable name.

Used GPT partitioning in all EFI kickstart files.
Tested result images on NUC, MinnowBoard MAX and MinnowBoard Turbot.

Signed-off-by: Ed Bartosh 
---
 scripts/lib/wic/canned-wks/mkefidisk.wks| 2 +-
 scripts/lib/wic/canned-wks/mkgummidisk.wks  | 2 +-
 scripts/lib/wic/canned-wks/systemd-bootdisk.wks | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/lib/wic/canned-wks/mkefidisk.wks 
b/scripts/lib/wic/canned-wks/mkefidisk.wks
index 7c287f7..9f534fe 100644
--- a/scripts/lib/wic/canned-wks/mkefidisk.wks
+++ b/scripts/lib/wic/canned-wks/mkefidisk.wks
@@ -8,4 +8,4 @@ part / --source rootfs --ondisk sda --fstype=ext4 --label 
platform --align 1024
 
 part swap --ondisk sda --size 44 --label swap1 --fstype=swap
 
-bootloader --timeout=5 --append="rootfstype=ext4 console=ttyS0,115200 
console=tty0"
+bootloader --ptable gpt --timeout=5 --append="rootfstype=ext4 
console=ttyS0,115200 console=tty0"
diff --git a/scripts/lib/wic/canned-wks/mkgummidisk.wks 
b/scripts/lib/wic/canned-wks/mkgummidisk.wks
index 616d3ce..f3ae090 100644
--- a/scripts/lib/wic/canned-wks/mkgummidisk.wks
+++ b/scripts/lib/wic/canned-wks/mkgummidisk.wks
@@ -8,4 +8,4 @@ part / --source rootfs --ondisk sda --fstype=ext4 --label 
platform --align 1024
 
 part swap --ondisk sda --size 44 --label swap1 --fstype=swap
 
-bootloader  --timeout=5  --append="rootwait rootfstype=ext4 
console=ttyS0,115200 console=tty0"
+bootloader --ptable gpt --timeout=5  --append="rootwait rootfstype=ext4 
console=ttyS0,115200 console=tty0"
diff --git a/scripts/lib/wic/canned-wks/systemd-bootdisk.wks 
b/scripts/lib/wic/canned-wks/systemd-bootdisk.wks
index a49d130..b900023 100644
--- a/scripts/lib/wic/canned-wks/systemd-bootdisk.wks
+++ b/scripts/lib/wic/canned-wks/systemd-bootdisk.wks
@@ -8,4 +8,4 @@ part / --source rootfs --ondisk sda --fstype=ext4 --label 
platform --align 1024
 
 part swap --ondisk sda --size 44 --label swap1 --fstype=swap
 
-bootloader --timeout=5 --append="rootwait rootfstype=ext4 console=ttyS0,115200 
console=tty0"
+bootloader --ptable gpt --timeout=5 --append="rootwait rootfstype=ext4 
console=ttyS0,115200 console=tty0"
-- 
2.1.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

[OE-core] [wic][PATCH] systemd-bootdisk.wks: update kernel command line

2016-10-10 Thread Ed Bartosh 
Used ttyS0 console.
Removed usage of ttyPCH0 (FRI2 leftover)
Decreased bootloader timeout to 5 seconds
Removed 'vmalloc=256MB snd-hda-intel.enable_msi=0' as it's not
needed for any of reference BSPs.

Signed-off-by: Ed Bartosh 
---
 scripts/lib/wic/canned-wks/systemd-bootdisk.wks | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/lib/wic/canned-wks/systemd-bootdisk.wks 
b/scripts/lib/wic/canned-wks/systemd-bootdisk.wks
index d80189b..a49d130 100644
--- a/scripts/lib/wic/canned-wks/systemd-bootdisk.wks
+++ b/scripts/lib/wic/canned-wks/systemd-bootdisk.wks
@@ -8,4 +8,4 @@ part / --source rootfs --ondisk sda --fstype=ext4 --label 
platform --align 1024
 
 part swap --ondisk sda --size 44 --label swap1 --fstype=swap
 
-bootloader  --timeout=10  --append="rootwait rootfstype=ext4 
console=ttyPCH0,115200 console=tty0 vmalloc=256MB snd-hda-intel.enable_msi=0"
+bootloader --timeout=5 --append="rootwait rootfstype=ext4 console=ttyS0,115200 
console=tty0"
-- 
2.1.4

-- 
___
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core