[PATCH 00/11 V2] Fixes for dangling patches

[PATCH 00/11 V2] Fixes for dangling patches

[Robert Yang]

* V2
  Verified the backport patches are in the source, and updated the
  commit message.

// Robert

The following changes since commit a9eededcb33b2ee41a061298610126436dfc2c11:

  ptest: add recommends to ptest-runner (2015-04-27 15:26:15 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib rbt/dangling
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/dangling

Robert Yang (11):
  python3: remove sys_platform_is_now_always_linux2.patch
  nspr: remove nspr-CVE-2014-1545.patch
  libxml2: remove libxml2-CVE-2014-3660.patch
  bind: remove 5 backport patches
  logrotate: remove logrotate-CVE-2011-1548.patch
  kmod: remove 0001-Makefile.am-fix-parallel-build-problem.patch
  openssl: remove 3 patches
  lttng-modules: remove bio-bvec-iter.patch
  libaio: remove libaio-generic.patch
  texinfo: remove enumerate_greater_than_ten.patch
  elfutils: enable fix-build-gcc-4.8.patch

 .../bind/bind/bind-9.8.1-CVE-2012-5166.patch       |  119 ---------------
 .../bind/bind/bind-CVE-2011-4313.patch             |   89 -----------
 .../bind/bind/bind-CVE-2012-1667.patch             |   92 ------------
 .../bind/bind/bind-CVE-2013-2266.patch             |   41 -----
 .../bind/bind/bind-Fix-CVE-2012-4244.patch         |  141 ------------------
 .../openssl/openssl/debian/make-targets.patch      |   15 --
 ...NULL-pointer-dereference-in-dh_pub_encode.patch |   26 ----
 .../openssl/update-version-script-for-1.0.2.patch  |   66 ---------
 .../libxml/libxml2/libxml2-CVE-2014-3660.patch     |  147 ------------------
 meta/recipes-devtools/elfutils/elfutils_0.148.bb   |    1 +
 .../sys_platform_is_now_always_linux2.patch        |   29 ----
 .../libaio/libaio/libaio-generic.patch             |   65 --------
 .../logrotate/logrotate-CVE-2011-1548.patch        |   43 ------
 .../texinfo/enumerate_greater_than_ten.patch       |   51 -------
 ...01-Makefile.am-fix-parallel-build-problem.patch |   29 ----
 .../lttng/lttng-modules/bio-bvec-iter.patch        |  156 --------------------
 .../nspr/nspr/nspr-CVE-2014-1545.patch             |   67 ---------
 17 files changed, 1 insertion(+), 1176 deletions(-)
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
 delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
 delete mode 100644 meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch
 delete mode 100644 meta/recipes-extended/libaio/libaio/libaio-generic.patch
 delete mode 100644 meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch
 delete mode 100644 meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch
 delete mode 100644 meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch
 delete mode 100644 meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch

-- 
1.7.9.5

[PATCH 01/11] python3: remove sys_platform_is_now_always_linux2.patch

[Robert Yang]

It is aready in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../sys_platform_is_now_always_linux2.patch        |   29 --------------------
 1 file changed, 29 deletions(-)
 delete mode 100644 meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch

diff --git a/meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch b/meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch
deleted file mode 100644
index 506210f..0000000
--- a/meta/recipes-devtools/python/python3/sys_platform_is_now_always_linux2.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Upstream-Status: Accepted [http://hg.python.org/cpython/rev/c816479f6aaf/]
-Bugtracker: http://bugs.python.org/issue12326
-
-[Removed "Misc/NEWS" hunk]
-
-Signed-off-by: Andreas Oberritter <obi@opendreambox.org>
-
-# HG changeset patch
-# User Victor Stinner <victor.stinner@haypocalc.com>
-# Date 1313841758 -7200
-# Node ID c816479f6aaf71dbd3f3fe4b239186d60c55ce48
-# Parent  3e093590ac57fdda428c7da3f72ddf0c475ecf2b
-Issue #12326: sys.platform is now always 'linux2' on Linux
-
-Even if Python is compiled on Linux 3.
-
-Index: Python-3.3.0rc2/configure.ac
-===================================================================
---- Python-3.3.0rc2.orig/configure.ac	2012-09-09 02:11:14.000000000 -0700
-+++ Python-3.3.0rc2/configure.ac	2012-09-20 00:44:03.317124001 -0700
-@@ -366,7 +366,7 @@
-     MACHDEP="$ac_md_system$ac_md_release"
- 
-     case $MACHDEP in
--	linux*) MACHDEP="linux";;
-+	linux*) MACHDEP="linux2";;
- 	cygwin*) MACHDEP="cygwin";;
- 	darwin*) MACHDEP="darwin";;
- 	irix646) MACHDEP="irix6";;
-- 
1.7.9.5

[PATCH 02/11] nspr: remove nspr-CVE-2014-1545.patch

[Robert Yang]

It is a backport patch, and verified that the patch is in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../nspr/nspr/nspr-CVE-2014-1545.patch             |   67 --------------------
 1 file changed, 67 deletions(-)
 delete mode 100644 meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch

diff --git a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch b/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
deleted file mode 100644
index 565ff16..0000000
--- a/meta/recipes-support/nspr/nspr/nspr-CVE-2014-1545.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix for CVE-2014-1545
-
-Upstream-Status: Backport
-
-Backported from nspr-4.10.6.tar.gz.
----
---- a/pr/src/io/prprf.c
-+++ b/pr/src/io/prprf.c
-@@ -50,6 +50,10 @@
- #include "prlog.h"
- #include "prmem.h"
- 
-+#ifdef _MSC_VER
-+#define snprintf _snprintf
-+#endif
-+
- /*
- ** WARNING: This code may *NOT* call PR_LOG (because PR_LOG calls it)
- */
-@@ -330,7 +334,7 @@
- ** Convert a double precision floating point number into its printable
- ** form.
- **
--** XXX stop using sprintf to convert floating point
-+** XXX stop using snprintf to convert floating point
- */
- static int cvt_f(SprintfState *ss, double d, const char *fmt0, const char *fmt1)
- {
-@@ -338,15 +342,14 @@
-     char fout[300];
-     int amount = fmt1 - fmt0;
- 
--    PR_ASSERT((amount > 0) && (amount < sizeof(fin)));
--    if (amount >= sizeof(fin)) {
--	/* Totally bogus % command to sprintf. Just ignore it */
-+    if (amount <= 0 || amount >= sizeof(fin)) {
-+        /* Totally bogus % command to snprintf. Just ignore it */
- 	return 0;
-     }
-     memcpy(fin, fmt0, amount);
-     fin[amount] = 0;
- 
--    /* Convert floating point using the native sprintf code */
-+    /* Convert floating point using the native snprintf code */
- #ifdef DEBUG
-     {
-         const char *p = fin;
-@@ -356,14 +359,11 @@
-         }
-     }
- #endif
--    sprintf(fout, fin, d);
--
--    /*
--    ** This assert will catch overflow's of fout, when building with
--    ** debugging on. At least this way we can track down the evil piece
--    ** of calling code and fix it!
--    */
--    PR_ASSERT(strlen(fout) < sizeof(fout));
-+    memset(fout, 0, sizeof(fout));
-+    snprintf(fout, sizeof(fout), fin, d);
-+    /* Explicitly null-terminate fout because on Windows snprintf doesn't
-+     * append a null-terminator if the buffer is too small. */
-+    fout[sizeof(fout) - 1] = '\0';
- 
-     return (*ss->stuff)(ss, fout, strlen(fout));
- }
-- 
1.7.9.5

[PATCH 03/11] libxml2: remove libxml2-CVE-2014-3660.patch

[Robert Yang]

It is a backport patch, and verified that the patch is in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../libxml/libxml2/libxml2-CVE-2014-3660.patch     |  147 --------------------
 1 file changed, 147 deletions(-)
 delete mode 100644 meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch

diff --git a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch b/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
deleted file mode 100644
index b9621c9..0000000
--- a/meta/recipes-core/libxml/libxml2/libxml2-CVE-2014-3660.patch
+++ /dev/null
@@ -1,147 +0,0 @@
-From be2a7edaf289c5da74a4f9ed3a0b6c733e775230 Mon Sep 17 00:00:00 2001
-From: Daniel Veillard <veillard@redhat.com>
-Date: Thu, 16 Oct 2014 13:59:47 +0800
-Subject: Fix for CVE-2014-3660
-
-Issues related to the billion laugh entity expansion which happened to
-escape the initial set of fixes
-
-Upstream-status: Backport
-Reference: https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230&context=3&ignorews=0&ss=0
-
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-
-diff --git a/parser.c b/parser.c
-index f51e8d2..1d93967 100644
---- a/parser.c
-+++ b/parser.c
-@@ -130,6 +130,29 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-         return (0);
-     if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
-         return (1);
-+
-+    /*
-+     * This may look absurd but is needed to detect
-+     * entities problems
-+     */
-+    if ((ent != NULL) && (ent->etype != XML_INTERNAL_PREDEFINED_ENTITY) &&
-+	(ent->content != NULL) && (ent->checked == 0)) {
-+	unsigned long oldnbent = ctxt->nbentities;
-+	xmlChar *rep;
-+
-+	ent->checked = 1;
-+
-+	rep = xmlStringDecodeEntities(ctxt, ent->content,
-+				  XML_SUBSTITUTE_REF, 0, 0, 0);
-+
-+	ent->checked = (ctxt->nbentities - oldnbent + 1) * 2;
-+	if (rep != NULL) {
-+	    if (xmlStrchr(rep, '<'))
-+		ent->checked |= 1;
-+	    xmlFree(rep);
-+	    rep = NULL;
-+	}
-+    }
-     if (replacement != 0) {
- 	if (replacement < XML_MAX_TEXT_LENGTH)
- 	    return(0);
-@@ -189,9 +212,12 @@ xmlParserEntityCheck(xmlParserCtxtPtr ctxt, size_t size,
-             return (0);
-     } else {
-         /*
--         * strange we got no data for checking just return
-+         * strange we got no data for checking
-          */
--        return (0);
-+	if (((ctxt->lastError.code != XML_ERR_UNDECLARED_ENTITY) &&
-+	     (ctxt->lastError.code != XML_WAR_UNDECLARED_ENTITY)) ||
-+	    (ctxt->nbentities <= 10000))
-+	    return (0);
-     }
-     xmlFatalErr(ctxt, XML_ERR_ENTITY_LOOP, NULL);
-     return (1);
-@@ -2589,6 +2615,7 @@ xmlParserHandlePEReference(xmlParserCtxtPtr ctxt) {
- 				      name, NULL);
- 		    ctxt->valid = 0;
- 		}
-+		xmlParserEntityCheck(ctxt, 0, NULL, 0);
- 	    } else if (ctxt->input->free != deallocblankswrapper) {
- 		    input = xmlNewBlanksWrapperInputStream(ctxt, entity);
- 		    if (xmlPushInput(ctxt, input) < 0)
-@@ -2759,6 +2786,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 	    if ((ctxt->lastError.code == XML_ERR_ENTITY_LOOP) ||
- 	        (ctxt->lastError.code == XML_ERR_INTERNAL_ERROR))
- 	        goto int_error;
-+	    xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	    if (ent != NULL)
- 	        ctxt->nbentities += ent->checked / 2;
- 	    if ((ent != NULL) &&
-@@ -2810,6 +2838,7 @@ xmlStringLenDecodeEntities(xmlParserCtxtPtr ctxt, const xmlChar *str, int len,
- 	    ent = xmlParseStringPEReference(ctxt, &str);
- 	    if (ctxt->lastError.code == XML_ERR_ENTITY_LOOP)
- 	        goto int_error;
-+	    xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	    if (ent != NULL)
- 	        ctxt->nbentities += ent->checked / 2;
- 	    if (ent != NULL) {
-@@ -7312,6 +7341,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 		   (ret != XML_WAR_UNDECLARED_ENTITY)) {
- 	    xmlFatalErrMsgStr(ctxt, XML_ERR_UNDECLARED_ENTITY,
- 		     "Entity '%s' failed to parse\n", ent->name);
-+	    xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	} else if (list != NULL) {
- 	    xmlFreeNodeList(list);
- 	    list = NULL;
-@@ -7418,7 +7448,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 		/*
- 		 * We are copying here, make sure there is no abuse
- 		 */
--		ctxt->sizeentcopy += ent->length;
-+		ctxt->sizeentcopy += ent->length + 5;
- 		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
- 		    return;
- 
-@@ -7466,7 +7496,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
- 		/*
- 		 * We are copying here, make sure there is no abuse
- 		 */
--		ctxt->sizeentcopy += ent->length;
-+		ctxt->sizeentcopy += ent->length + 5;
- 		if (xmlParserEntityCheck(ctxt, 0, ent, ctxt->sizeentcopy))
- 		    return;
- 
-@@ -7652,6 +7682,7 @@ xmlParseEntityRef(xmlParserCtxtPtr ctxt) {
- 		ctxt->sax->reference(ctxt->userData, name);
- 	    }
- 	}
-+	xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	ctxt->valid = 0;
-     }
- 
-@@ -7845,6 +7876,7 @@ xmlParseStringEntityRef(xmlParserCtxtPtr ctxt, const xmlChar ** str) {
- 			  "Entity '%s' not defined\n",
- 			  name);
- 	}
-+	xmlParserEntityCheck(ctxt, 0, ent, 0);
- 	/* TODO ? check regressions ctxt->valid = 0; */
-     }
- 
-@@ -8004,6 +8036,7 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
- 			  name, NULL);
- 	    ctxt->valid = 0;
- 	}
-+	xmlParserEntityCheck(ctxt, 0, NULL, 0);
-     } else {
- 	/*
- 	 * Internal checking in case the entity quest barfed
-@@ -8243,6 +8276,7 @@ xmlParseStringPEReference(xmlParserCtxtPtr ctxt, const xmlChar **str) {
- 			  name, NULL);
- 	    ctxt->valid = 0;
- 	}
-+	xmlParserEntityCheck(ctxt, 0, NULL, 0);
-     } else {
- 	/*
- 	 * Internal checking in case the entity quest barfed
--- 
-cgit v0.10.1
-
-- 
1.7.9.5

[PATCH 04/11] bind: remove 5 backport patches

[Robert Yang]

They are backport patches, and verified that the patches are in the
source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../bind/bind/bind-9.8.1-CVE-2012-5166.patch       |  119 -----------------
 .../bind/bind/bind-CVE-2011-4313.patch             |   89 ------------
 .../bind/bind/bind-CVE-2012-1667.patch             |   92 -------------
 .../bind/bind/bind-CVE-2013-2266.patch             |   41 ------
 .../bind/bind/bind-Fix-CVE-2012-4244.patch         |  141 --------------------
 5 files changed, 482 deletions(-)
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
 delete mode 100644 meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch

diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
deleted file mode 100644
index 0abb475..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-bind_Fix_for_CVE-2012-5166
-
-Upstream-Status: Backport
-
-Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg
--1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz
-
-ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before
-9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows
-remote attackers to cause a denial of service (named daemon hang)
-via unspecified combinations of resource records.
-
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166
-
-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
-diff -urpN a/bin/named/query.c b/bin/named/query.c
---- a/bin/named/query.c	2012-10-22 13:24:27.000000000 +0800
-+++ b/bin/named/query.c	2012-10-22 13:17:04.000000000 +0800
-@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d
- 		mname = NULL;
- 	}
- 
--	/*
--	 * If the dns_name_t we're looking up is already in the message,
--	 * we don't want to trigger the caller's name replacement logic.
--	 */
--	if (name == mname)
--		mname = NULL;
--
- 	*mnamep = mname;
- 
- 	CTRACE("query_isduplicate: false: done");
-@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_
- 	if (dns_rdataset_isassociated(rdataset) &&
- 	    !query_isduplicate(client, fname, type, &mname)) {
- 		if (mname != NULL) {
-+			INSIST(mname != fname);
- 			query_releasename(client, &fname);
- 			fname = mname;
- 		} else
-@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_
- 			mname = NULL;
- 			if (!query_isduplicate(client, fname,
- 					       dns_rdatatype_a, &mname)) {
--				if (mname != NULL) {
--					query_releasename(client, &fname);
--					fname = mname;
--				} else
--					need_addname = ISC_TRUE;
-+				if (mname != fname) {
-+					if (mname != NULL) {
-+						query_releasename(client, &fname);
-+						fname = mname;
-+					} else
-+						need_addname = ISC_TRUE;
-+				}
- 				ISC_LIST_APPEND(fname->list, rdataset, link);
- 				added_something = ISC_TRUE;
- 				if (sigrdataset != NULL &&
-@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_
- 			mname = NULL;
- 			if (!query_isduplicate(client, fname,
- 					       dns_rdatatype_aaaa, &mname)) {
--				if (mname != NULL) {
--					query_releasename(client, &fname);
--					fname = mname;
--				} else
--					need_addname = ISC_TRUE;
-+				if (mname != fname) {
-+					if (mname != NULL) {
-+						query_releasename(client, &fname);
-+						fname = mname;
-+					} else
-+						need_addname = ISC_TRUE;
-+				}
- 				ISC_LIST_APPEND(fname->list, rdataset, link);
- 				added_something = ISC_TRUE;
- 				if (sigrdataset != NULL &&
-@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name
- 		    crdataset->type == dns_rdatatype_aaaa) {
- 			if (!query_isduplicate(client, fname, crdataset->type,
- 					       &mname)) {
--				if (mname != NULL) {
--					/*
--					 * A different type of this name is
--					 * already stored in the additional
--					 * section.  We'll reuse the name.
--					 * Note that this should happen at most
--					 * once.  Otherwise, fname->link could
--					 * leak below.
--					 */
--					INSIST(mname0 == NULL);
--
--					query_releasename(client, &fname);
--					fname = mname;
--					mname0 = mname;
--				} else
--					need_addname = ISC_TRUE;
-+				if (mname != fname) {
-+					if (mname != NULL) {
-+						/*
-+						 * A different type of this name is
-+						 * already stored in the additional
-+						 * section.  We'll reuse the name.
-+						 * Note that this should happen at most
-+						 * once.  Otherwise, fname->link could
-+						 * leak below.
-+						 */
-+						INSIST(mname0 == NULL);
-+
-+						query_releasename(client, &fname);
-+						fname = mname;
-+						mname0 = mname;
-+					} else
-+						need_addname = ISC_TRUE;
-+				}
- 				ISC_LIST_UNLINK(cfname.list, crdataset, link);
- 				ISC_LIST_APPEND(fname->list, crdataset, link);
- 				added_something = ISC_TRUE;
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
deleted file mode 100644
index 19d8df1..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-The patch to fix CVE-2011-4313
-
-Upstream-Status: Backport
-
-Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
-
-query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
-through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
-through 9.9.0b1 allows remote attackers to cause a denial of service
-(assertion failure and named exit) via unknown vectors related to recursive DNS
-queries, error logging, and the caching of an invalid record by the resolver.
-
-Signed-off-by Ming Liu <ming.liu@windriver.com>
----
- bin/named/query.c |   19 ++++++++-----------
- lib/dns/rbtdb.c   |    4 ++--
- 2 files changed, 10 insertions(+), 13 deletions(-)
-
---- a/bin/named/query.c
-+++ b/bin/named/query.c
-@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
- 			goto addname;
- 		if (result == DNS_R_NCACHENXRRSET) {
- 			dns_rdataset_disassociate(rdataset);
--			/*
--			 * Negative cache entries don't have sigrdatasets.
--			 */
--			INSIST(sigrdataset == NULL ||
--			       ! dns_rdataset_isassociated(sigrdataset));
-+			if (sigrdataset != NULL &&
-+			    dns_rdataset_isassociated(sigrdataset))
-+				dns_rdataset_disassociate(sigrdataset);
- 		}
- 		if (result == ISC_R_SUCCESS) {
- 			mname = NULL;
-@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
- 			goto addname;
- 		if (result == DNS_R_NCACHENXRRSET) {
- 			dns_rdataset_disassociate(rdataset);
--			INSIST(sigrdataset == NULL ||
--			       ! dns_rdataset_isassociated(sigrdataset));
-+			if (sigrdataset != NULL &&
-+			    dns_rdataset_isassociated(sigrdataset))
-+				dns_rdataset_disassociate(sigrdataset);
- 		}
- 		if (result == ISC_R_SUCCESS) {
- 			mname = NULL;
-@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
- 		goto setcache;
- 	if (result == DNS_R_NCACHENXRRSET) {
- 		dns_rdataset_disassociate(rdataset);
--		/*
--		 * Negative cache entries don't have sigrdatasets.
--		 */
--		INSIST(! dns_rdataset_isassociated(sigrdataset));
-+		if (dns_rdataset_isassociated(sigrdataset))
-+			dns_rdataset_disassociate(sigrdataset);
- 	}
- 	if (result == ISC_R_SUCCESS) {
- 		/* Remember the result as a cache */
---- a/lib/dns/rbtdb.c
-+++ b/lib/dns/rbtdb.c
-@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
- 			      rdataset);
- 		if (need_headerupdate(found, search.now))
- 			update = found;
--		if (foundsig != NULL) {
-+		if (!NEGATIVE(found) && foundsig != NULL) {
- 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
- 				      sigrdataset);
- 			if (need_headerupdate(foundsig, search.now))
-@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
- 	}
- 	if (found != NULL) {
- 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
--		if (foundsig != NULL)
-+		if (!NEGATIVE(found) && foundsig != NULL)
- 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
- 				      sigrdataset);
- 	}
-@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
- 	}
- 	if (found != NULL) {
- 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
--		if (foundsig != NULL)
-+		if (!NEGATIVE(found) && foundsig != NULL)
- 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
- 				      sigrdataset);
- 	}
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
deleted file mode 100644
index c441eab..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-bind CVE-2012-1667
-
-Upstream-Status: Backport
-
-ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
-and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
-records with a zero-length RDATA section, which allows remote DNS servers to
-cause a denial of service (daemon crash or data corruption) or obtain
-sensitive information from process memory via a crafted record.
-
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
-
-The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
-
-Signed-off-by: Li Wang <li.wang@windriver.com>
----
- lib/dns/rdata.c     |    8 ++++----
- lib/dns/rdataslab.c |   11 ++++++++---
- 2 files changed, 12 insertions(+), 7 deletions(-)
-
-diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
-index 063b1f6..9337a80 100644
---- a/lib/dns/rdata.c
-+++ b/lib/dns/rdata.c
-@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
- 
- 	REQUIRE(rdata1 != NULL);
- 	REQUIRE(rdata2 != NULL);
--	REQUIRE(rdata1->data != NULL);
--	REQUIRE(rdata2->data != NULL);
-+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
-+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
- 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
- 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
- 
-@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
- 
- 	REQUIRE(rdata1 != NULL);
- 	REQUIRE(rdata2 != NULL);
--	REQUIRE(rdata1->data != NULL);
--	REQUIRE(rdata2->data != NULL);
-+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
-+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
- 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
- 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
- 
-diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
-index a41f16f..ed13b30 100644
---- a/lib/dns/rdataslab.c
-+++ b/lib/dns/rdataslab.c
-@@ -125,6 +125,11 @@ isc_result_t
- dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
- 			   isc_region_t *region, unsigned int reservelen)
- {
-+	/*
-+	 * Use &removed as a sentinal pointer for duplicate
-+	 * rdata as rdata.data == NULL is valid.
-+	 */
-+	static unsigned char removed;
- 	struct xrdata  *x;
- 	unsigned char  *rawbuf;
- #if DNS_RDATASET_FIXED
-@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
- 		INSIST(result == ISC_R_SUCCESS);
- 		dns_rdata_init(&x[i].rdata);
- 		dns_rdataset_current(rdataset, &x[i].rdata);
-+		INSIST(x[i].rdata.data != &removed);
- #if DNS_RDATASET_FIXED
- 		x[i].order = i;
- #endif
-@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
- 	 */
- 	for (i = 1; i < nalloc; i++) {
- 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
--			x[i-1].rdata.data = NULL;
--			x[i-1].rdata.length = 0;
-+			x[i-1].rdata.data = &removed;
- #if DNS_RDATASET_FIXED
- 			/*
- 			 * Preserve the least order so A, B, A -> A, B
-@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
- #endif
- 
- 	for (i = 0; i < nalloc; i++) {
--		if (x[i].rdata.data == NULL)
-+		if (x[i].rdata.data == &removed)
- 			continue;
- #if DNS_RDATASET_FIXED
- 		offsettable[x[i].order] = rawbuf - offsetbase;
--- 
-1.7.0.5
-
diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
deleted file mode 100644
index 7ec6deb..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-bind: fix for CVE-2013-2266
-
-Upstream-Status: Backport
-
-libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
-9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
-remote attackers to cause a denial of service (memory consumption) via a
-crafted regular expression, as demonstrated by a memory-exhaustion attack
-against a machine running a named process.
-
-http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266
-
-Signed-off-by Ming Liu <ming.liu@windriver.com>
----
- config.h.in  |    3 ---
- configure.in |    2 +-
- 2 files changed, 1 insertion(+), 4 deletions(-)
-
---- a/config.h.in
-+++ b/config.h.in
-@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int
- /* Define if your OpenSSL version supports GOST. */
- #undef HAVE_OPENSSL_GOST
- 
--/* Define to 1 if you have the <regex.h> header file. */
--#undef HAVE_REGEX_H
--
- /* Define to 1 if you have the `setegid' function. */
- #undef HAVE_SETEGID
- 
---- a/configure.in
-+++ b/configure.in
-@@ -279,7 +279,7 @@ esac
- 
- AC_HEADER_STDC
- 
--AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
-+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
- [$ac_includes_default
- #ifdef HAVE_SYS_PARAM_H
- # include <sys/param.h>
diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
deleted file mode 100644
index 5dd6f69..0000000
--- a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-bind_Fix_for_CVE-2012-4244
-
-Upstream-Status: Backport
-
-Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
-
-ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
- and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
-cause a denial of service (assertion failure and named daemon exit) via
-a query for a long resource record.
-
-Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
-
-diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
---- a/lib/dns/include/dns/rdata.h	2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/include/dns/rdata.h	2012-10-08 11:26:43.000000000 +0800
-@@ -147,6 +147,17 @@ struct dns_rdata {
- 	(((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
- 
- /*
-+ * The maximum length of a RDATA that can be sent on the wire.
-+ * Max packet size (65535) less header (12), less name (1), type (2),
-+ * class (2), ttl(4), length (2).
-+ *
-+ * None of the defined types that support name compression can exceed
-+ * this and all new types are to be sent uncompressed.
-+ */
-+
-+#define DNS_RDATA_MAXLENGTH    65512U
-+
-+/*
-  * Flags affecting rdata formatting style.  Flags 0xFFFF0000
-  * are used by masterfile-level formatting and defined elsewhere.
-  * See additional comments at dns_rdata_tofmttext().
-diff -urpN a/lib/dns/master.c b/lib/dns/master.c
---- a/lib/dns/master.c	2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/master.c	2012-10-08 11:27:06.000000000 +0800
-@@ -75,7 +75,7 @@
- /*%
-  * max message size - header - root - type - class - ttl - rdlen
-  */
--#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
-+#define MINTSIZ DNS_RDATA_MAXLENGTH 
- /*%
-  * Size for tokens in the presentation format,
-  * The largest tokens are the base64 blocks in KEY and CERT records,
-diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
---- a/lib/dns/rdata.c	2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/rdata.c	2012-10-08 11:27:27.000000000 +0800
-@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
- 	isc_buffer_t st;
- 	isc_boolean_t use_default = ISC_FALSE;
- 	isc_uint32_t activelength;
-+	size_t length;
- 
- 	REQUIRE(dctx != NULL);
- 	if (rdata != NULL) {
-@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
- 	}
- 
- 	/*
-+	 * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
-+	 * as we cannot transmit it.
-+	 */
-+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
-+	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
-+		result = DNS_R_FORMERR;
-+
-+	/*
- 	 * We should have consumed all of our buffer.
- 	 */
- 	if (result == ISC_R_SUCCESS && !buffer_empty(source))
-@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
- 
- 	if (rdata != NULL && result == ISC_R_SUCCESS) {
- 		region.base = isc_buffer_used(&st);
--		region.length = isc_buffer_usedlength(target) -
--				isc_buffer_usedlength(&st);
-+		region.length = length;
- 		dns_rdata_fromregion(rdata, rdclass, type, &region);
- 	}
- 
-@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
- 	unsigned long line;
- 	void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
- 	isc_result_t tresult;
-+	size_t length;
- 
- 	REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
- 	if (rdata != NULL) {
-@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
- 		}
- 	} while (1);
- 
-+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
-+	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
-+		result = ISC_R_NOSPACE;
-+
- 	if (rdata != NULL && result == ISC_R_SUCCESS) {
- 		region.base = isc_buffer_used(&st);
--		region.length = isc_buffer_usedlength(target) -
--				isc_buffer_usedlength(&st);
-+		region.length = length;
- 		dns_rdata_fromregion(rdata, rdclass, type, &region);
- 	}
- 	if (result != ISC_R_SUCCESS) {
-@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
- 	isc_buffer_t st;
- 	isc_region_t region;
- 	isc_boolean_t use_default = ISC_FALSE;
-+	size_t length;
- 
- 	REQUIRE(source != NULL);
- 	if (rdata != NULL) {
-@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
- 	if (use_default)
- 		(void)NULL;
- 
-+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
-+	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
-+		result = ISC_R_NOSPACE;
-+
- 	if (rdata != NULL && result == ISC_R_SUCCESS) {
- 		region.base = isc_buffer_used(&st);
--		region.length = isc_buffer_usedlength(target) -
--				isc_buffer_usedlength(&st);
-+		region.length = length;
- 		dns_rdata_fromregion(rdata, rdclass, type, &region);
- 	}
- 	if (result != ISC_R_SUCCESS)
-diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
---- a/lib/dns/rdataslab.c	2012-10-08 12:19:42.000000000 +0800
-+++ b/lib/dns/rdataslab.c	2012-10-08 11:27:54.000000000 +0800
-@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
- 		length = x[i].rdata.length;
- 		if (rdataset->type == dns_rdatatype_rrsig)
- 			length++;
-+		INSIST(length <= 0xffff);
- 		*rawbuf++ = (length & 0xff00) >> 8;
- 		*rawbuf++ = (length & 0x00ff);
- #if DNS_RDATASET_FIXED
-- 
1.7.9.5

[PATCH 05/11] logrotate: remove logrotate-CVE-2011-1548.patch

[Robert Yang]

It is a backport patch, and verified that the patch is in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../logrotate/logrotate-CVE-2011-1548.patch        |   43 --------------------
 1 file changed, 43 deletions(-)
 delete mode 100644 meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch

diff --git a/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch b/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch
deleted file mode 100644
index ed2750e..0000000
--- a/meta/recipes-extended/logrotate/logrotate/logrotate-CVE-2011-1548.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-Upstream-Status: Backport
-
-logrotate: fix for CVE-2011-1548
-
-If a logfile is a symlink, it may be read when being compressed, being
-copied (copy, copytruncate) or mailed. Secure data (eg. password files)
-may be exposed.
-
-Portback nofollow.patch from:
-http://logrotate.sourcearchive.com/downloads/3.8.1-5/logrotate_3.8.1-5.debian.tar.gz
-
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
----
---- a/logrotate.c	2012-09-06 13:25:08.000000000 +0800
-+++ b/logrotate.c	2012-09-06 13:35:57.000000000 +0800
-@@ -390,7 +390,7 @@
-     compressedName = alloca(strlen(name) + strlen(log->compress_ext) + 2);
-     sprintf(compressedName, "%s%s", name, log->compress_ext);
- 
--    if ((inFile = open(name, O_RDWR)) < 0) {
-+    if ((inFile = open(name, O_RDWR | O_NOFOLLOW)) < 0) {
- 	message(MESS_ERROR, "unable to open %s for compression\n", name);
- 	return 1;
-     }
-@@ -470,7 +470,7 @@
-     char *mailArgv[] = { mailCommand, "-s", subject, address, NULL };
-     int rc = 0;
- 
--    if ((mailInput = open(logFile, O_RDONLY)) < 0) {
-+    if ((mailInput = open(logFile, O_RDONLY | O_NOFOLLOW)) < 0) {
- 	message(MESS_ERROR, "failed to open %s for mailing: %s\n", logFile,
- 		strerror(errno));
- 	return 1;
-@@ -561,7 +561,7 @@
-     message(MESS_DEBUG, "copying %s to %s\n", currLog, saveLog);
- 
-     if (!debug) {
--	if ((fdcurr = open(currLog, (flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR)) < 0) {
-+	if ((fdcurr = open(currLog, ((flags & LOG_FLAG_COPY) ? O_RDONLY : O_RDWR) | O_NOFOLLOW)) < 0) {
- 	    message(MESS_ERROR, "error opening %s: %s\n", currLog,
- 		    strerror(errno));
- 	    return 1;
-- 
1.7.9.5

[PATCH 06/11] kmod: remove 0001-Makefile.am-fix-parallel-build-problem.patch

[Robert Yang]

Confirmed with the author Qi, it isn't needed.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 ...01-Makefile.am-fix-parallel-build-problem.patch |   29 --------------------
 1 file changed, 29 deletions(-)
 delete mode 100644 meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch

diff --git a/meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch b/meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch
deleted file mode 100644
index 49b0209..0000000
--- a/meta/recipes-kernel/kmod/kmod/0001-Makefile.am-fix-parallel-build-problem.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Upstream-Status: Pending
-
-Subject: Makefile.am: fix parallel build problem
-
-Fix parallel build problem to avoid errors like below.
-
-    install: cannot stat 'testsuite/module-playground/mod-fake-cciss.ko': No such file or directory
-
-Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
----
- Makefile.am | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 9457655..d5b02eb 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -237,7 +237,7 @@ rootfs: build-module-playground
- 
- .PHONY: rootfs build-playground
- 
--$(ROOTFS): $(ROOTFS_PRISTINE)
-+$(ROOTFS): $(ROOTFS_PRISTINE) build-module-playground
- 	$(CREATE_ROOTFS)
- 
- TESTSUITE_OVERRIDE_LIBS = \
--- 
-1.9.1
-
-- 
1.7.9.5

[PATCH 07/11] openssl: remove 3 patches

[Robert Yang]

Removed:
 - openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 - upgate-vegsion-script-for-1.0.2.patch
   Since they are already in the source.
 - make-targets.patch
   It removed test dir from DIRS, which is not needed any more since we
   need build it.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../openssl/openssl/debian/make-targets.patch      |   15 -----
 ...NULL-pointer-dereference-in-dh_pub_encode.patch |   26 --------
 .../openssl/update-version-script-for-1.0.2.patch  |   66 --------------------
 3 files changed, 107 deletions(-)
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
 delete mode 100644 meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch

diff --git a/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch b/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
deleted file mode 100644
index ee0a62c..0000000
--- a/meta/recipes-connectivity/openssl/openssl/debian/make-targets.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-Upstream-Status: Backport [debian]
-
-Index: openssl-1.0.1/Makefile.org
-===================================================================
---- openssl-1.0.1.orig/Makefile.org	2012-03-17 09:41:07.000000000 +0000
-+++ openssl-1.0.1/Makefile.org	2012-03-17 09:41:21.000000000 +0000
-@@ -135,7 +135,7 @@
- 
- BASEADDR=
- 
--DIRS=   crypto ssl engines apps test tools
-+DIRS=   crypto ssl engines apps tools
- ENGDIRS= ccgost
- SHLIBDIRS= crypto ssl
- 
diff --git a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch b/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
deleted file mode 100644
index d7047bb..0000000
--- a/meta/recipes-connectivity/openssl/openssl/openssl-avoid-NULL-pointer-dereference-in-dh_pub_encode.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-openssl: avoid NULL pointer dereference in dh_pub_encode()/dsa_pub_encode()
-
-We should avoid accessing the pointer if ASN1_STRING_new()
-allocates memory failed.
-
-Upstream-Status: Submitted
-http://www.mail-archive.com/openssl-dev@openssl.org/msg32859.html
-
-Signed-off-by: Xufeng Zhang <xufeng.zhang@windriver.com>
----
-Index: openssl-1.0.2/crypto/dh/dh_ameth.c
-===================================================================
---- openssl-1.0.2.orig/crypto/dh/dh_ameth.c
-+++ openssl-1.0.2/crypto/dh/dh_ameth.c
-@@ -161,6 +161,11 @@ static int dh_pub_encode(X509_PUBKEY *pk
-     dh = pkey->pkey.dh;
- 
-     str = ASN1_STRING_new();
-+    if (!str) {
-+        DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
-+        goto err;
-+    }
-+
-     str->length = i2d_dhp(pkey, dh, &str->data);
-     if (str->length <= 0) {
-         DHerr(DH_F_DH_PUB_ENCODE, ERR_R_MALLOC_FAILURE);
diff --git a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch b/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
deleted file mode 100644
index fcfccfa..0000000
--- a/meta/recipes-connectivity/openssl/openssl/update-version-script-for-1.0.2.patch
+++ /dev/null
@@ -1,66 +0,0 @@
-Index: openssl-1.0.2/openssl.ld
-===================================================================
---- openssl-1.0.2.orig/openssl.ld
-+++ openssl-1.0.2/openssl.ld
-@@ -4618,3 +4618,61 @@ OPENSSL_1.0.1d {
- 		CRYPTO_memcmp;
- } OPENSSL_1.0.1;
- 
-+OPENSSL_1.0.2 {
-+	global:
-+		ASN1_TIME_diff;
-+		CMS_RecipientInfo_get0_pkey_ctx;
-+		CMS_RecipientInfo_kari_get0_ctx;
-+		CMS_SignerInfo_get0_pkey_ctx;
-+		DH_get_1024_160;
-+		DH_get_2048_224;
-+		DH_get_2048_256;
-+		DTLS_client_method;
-+		DTLS_server_method;
-+		DTLSv1_2_client_method;
-+		DTLSv1_2_server_method;
-+		EC_curve_nid2nist;
-+		EC_curve_nist2nid;
-+		EVP_aes_128_cbc_hmac_sha256;
-+		EVP_aes_128_wrap;
-+		EVP_aes_192_wrap;
-+		EVP_aes_256_cbc_hmac_sha256;
-+		EVP_aes_256_wrap;
-+		EVP_des_ede3_wrap;
-+		OCSP_REQ_CTX_http;
-+		OCSP_REQ_CTX_new;
-+		PEM_write_bio_DHxparams;
-+		SSL_CIPHER_find;
-+		SSL_CONF_CTX_finish;
-+		SSL_CONF_CTX_free;
-+		SSL_CONF_CTX_new;
-+		SSL_CONF_CTX_set_flags;
-+		SSL_CONF_CTX_set_ssl_ctx;
-+		SSL_CONF_cmd;
-+		SSL_CONF_cmd_argv;
-+		SSL_CTX_add_client_custom_ext;
-+		SSL_CTX_add_server_custom_ext;
-+		SSL_CTX_set_alpn_protos;
-+		SSL_CTX_set_alpn_select_cb;
-+		SSL_CTX_set_cert_cb;
-+		SSL_CTX_use_serverinfo_file;
-+		SSL_certs_clear;
-+		SSL_check_chain;
-+		SSL_get0_alpn_selected;
-+		SSL_get_shared_sigalgs;
-+		SSL_get_sigalgs;
-+		SSL_is_server;
-+		X509_CRL_diff;
-+		X509_CRL_http_nbio;
-+		X509_STORE_set_lookup_crls_cb;
-+		X509_VERIFY_PARAM_set1_email;
-+		X509_VERIFY_PARAM_set1_host;
-+		X509_VERIFY_PARAM_set1_ip_asc;
-+		X509_chain_check_suiteb;
-+		X509_chain_up_ref;
-+		X509_check_email;
-+		X509_check_host;
-+		X509_check_ip_asc;
-+		X509_get_signature_nid;
-+		X509_http_nbio;
-+} OPENSSL_1.0.1d;
-- 
1.7.9.5

[PATCH 08/11] lttng-modules: remove bio-bvec-iter.patch

[Robert Yang]

It is aready in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../lttng/lttng-modules/bio-bvec-iter.patch        |  156 --------------------
 1 file changed, 156 deletions(-)
 delete mode 100644 meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch

diff --git a/meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch b/meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch
deleted file mode 100644
index d6c66e4..0000000
--- a/meta/recipes-kernel/lttng/lttng-modules/bio-bvec-iter.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-Upstream-Status: Pending
-
-In 3.14, bi_sector and bi_size were moved into an iterator, thus
-breaking any tracepoints that still expect them in the bio.  Fix up
-the lttng-module tracepoints to use the new scheme when the kernel
-version is >= 3.14.
-
-Signed-off-by: Tom Zanussi <tom.zanussi@intel.com>
-
-diff --git a/instrumentation/events/lttng-module/block.h b/instrumentation/events/lttng-module/block.h
-index f3b8bff..0a61543 100644
---- a/instrumentation/events/lttng-module/block.h
-+++ b/instrumentation/events/lttng-module/block.h
-@@ -341,9 +341,15 @@ TRACE_EVENT(block_bio_bounce,
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev ?
- 					  bio->bi_bdev->bd_dev : 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -385,14 +391,24 @@ TRACE_EVENT(block_bio_complete,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
-+
- #if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,38))
- 		tp_assign(error, error)
- #else
- 		tp_assign(error, 0)
- #endif
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 	),
- 
- 	TP_printk("%d,%d %s %llu + %u [%d]",
-@@ -419,9 +435,15 @@ DECLARE_EVENT_CLASS(block_bio_merge,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -485,9 +507,15 @@ TRACE_EVENT(block_bio_queue,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -513,9 +541,15 @@ DECLARE_EVENT_CLASS(block_bio,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev ? bio->bi_bdev->bd_dev : 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -587,10 +621,17 @@ DECLARE_EVENT_CLASS(block_get_rq,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio ? bio->bi_bdev->bd_dev : 0)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio ? bio->bi_iter.bi_sector : 0)
-+		tp_assign(nr_sector, bio ? bio->bi_iter.bi_size >> 9 : 0)
-+		blk_fill_rwbs(rwbs, bio ? bio->bi_rw : 0,
-+			      bio ? bio->bi_iter.bi_size >> 9 : 0)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio ? bio->bi_sector : 0)
- 		tp_assign(nr_sector, bio ? bio->bi_size >> 9 : 0)
- 		blk_fill_rwbs(rwbs, bio ? bio->bi_rw : 0,
- 			      bio ? bio->bi_size >> 9 : 0)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
-         ),
- 
-@@ -759,9 +800,15 @@ TRACE_EVENT(block_split,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(new_sector, new_sector)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(new_sector, new_sector)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_memcpy(comm, current->comm, TASK_COMM_LEN)
- 	),
- 
-@@ -805,11 +852,19 @@ TRACE_EVENT(block_remap,
- 
- 	TP_fast_assign(
- 		tp_assign(dev, bio->bi_bdev->bd_dev)
-+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0))
-+		tp_assign(sector, bio->bi_iter.bi_sector)
-+		tp_assign(nr_sector, bio->bi_iter.bi_size >> 9)
-+		tp_assign(old_dev, dev)
-+		tp_assign(old_sector, from)
-+		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_iter.bi_size)
-+#else /* #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 		tp_assign(sector, bio->bi_sector)
- 		tp_assign(nr_sector, bio->bi_size >> 9)
- 		tp_assign(old_dev, dev)
- 		tp_assign(old_sector, from)
- 		blk_fill_rwbs(rwbs, bio->bi_rw, bio->bi_size)
-+#endif /* #else #if (LINUX_VERSION_CODE >= KERNEL_VERSION(3,14,0)) */
- 	),
- 
- 	TP_printk("%d,%d %s %llu + %u <- (%d,%d) %llu",
-- 
1.7.9.5

[PATCH 09/11] libaio: remove libaio-generic.patch

[Robert Yang]

It is already in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../libaio/libaio/libaio-generic.patch             |   65 --------------------
 1 file changed, 65 deletions(-)
 delete mode 100644 meta/recipes-extended/libaio/libaio/libaio-generic.patch

diff --git a/meta/recipes-extended/libaio/libaio/libaio-generic.patch b/meta/recipes-extended/libaio/libaio/libaio-generic.patch
deleted file mode 100644
index 3fcf541..0000000
--- a/meta/recipes-extended/libaio/libaio/libaio-generic.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 5e96c73d5dfbdea8d0be82b7f3fc8d6735e5dfa7 Mon Sep 17 00:00:00 2001
-From: Mike Frysinger <vapier@gentoo.org>
-Date: Sun, 17 Jan 2010 17:07:48 -0500
-Subject: [PATCH] add a generic syscall() fallback
-
-Upstream-Status: Pending
-
-Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
----
- src/syscall-generic.h |   29 +++++++++++++++++++++++++++++
- src/syscall.h         |    3 ++-
- 2 files changed, 31 insertions(+), 1 deletions(-)
- create mode 100644 src/syscall-generic.h
-
-diff --git a/src/syscall-generic.h b/src/syscall-generic.h
-new file mode 100644
-index 0000000..24d7c7c
---- /dev/null
-+++ b/src/syscall-generic.h
-@@ -0,0 +1,29 @@
-+#include <errno.h>
-+#include <unistd.h>
-+#include <sys/syscall.h>
-+
-+#define _body_io_syscall(sname, args...) \
-+{ \
-+   int ret = syscall(__NR_##sname, ## args); \
-+   return ret < 0 ? -errno : ret; \
-+}
-+
-+#define io_syscall1(type,fname,sname,type1,arg1) \
-+type fname(type1 arg1) \
-+_body_io_syscall(sname, (long)arg1)
-+
-+#define io_syscall2(type,fname,sname,type1,arg1,type2,arg2) \
-+type fname(type1 arg1,type2 arg2) \
-+_body_io_syscall(sname, (long)arg1, (long)arg2)
-+
-+#define io_syscall3(type,fname,sname,type1,arg1,type2,arg2,type3,arg3) \
-+type fname(type1 arg1,type2 arg2,type3 arg3) \
-+_body_io_syscall(sname, (long)arg1, (long)arg2, (long)arg3)
-+
-+#define io_syscall4(type,fname,sname,type1,arg1,type2,arg2,type3,arg3,type4,arg4) \
-+type fname (type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
-+_body_io_syscall(sname, (long)arg1, (long)arg2, (long)arg3, (long)arg4)
-+
-+#define io_syscall5(type,fname,sname,type1,arg1,type2,arg2,type3,arg3,type4,arg4, type5,arg5) \
-+type fname (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
-+_body_io_syscall(sname, (long)arg1, (long)arg2, (long)arg3, (long)arg4, (long)arg5)
-diff --git a/src/syscall.h b/src/syscall.h
-index 78becfe..d954af0 100644
---- a/src/syscall.h
-+++ b/src/syscall.h
-@@ -25,5 +25,6 @@
- #elif defined(__arm__)
- #include "syscall-arm.h"
- #else
--#error "add syscall-arch.h"
-+#warning "using generic syscall method"
-+#include "syscall-generic.h"
- #endif
--- 
-1.7.3.1
-
-- 
1.7.9.5

[PATCH 10/11] texinfo: remove enumerate_greater_than_ten.patch

[Robert Yang]

It is a backport patch, and verified that the patch is in the source.

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../texinfo/enumerate_greater_than_ten.patch       |   51 --------------------
 1 file changed, 51 deletions(-)
 delete mode 100644 meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch

diff --git a/meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch b/meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch
deleted file mode 100644
index ef69143..0000000
--- a/meta/recipes-extended/texinfo/texinfo/enumerate_greater_than_ten.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 0e70072ce655a0d053bb7433083ced5e6eac74d4 Mon Sep 17 00:00:00 2001
-From: Jackie Huang <jackie.huang@windriver.com>
-Date: Thu, 15 Aug 2013 23:49:47 -0700
-Subject: [PATCH] handle correctly @enumerate specification greater than 10
-
-Upstream-Status: Backport
-
-Revision: 5270
-          http://svn.sv.gnu.org/viewvc/?view=rev&root=texinfo&revision=5270
-Author:   pertusus
-Date:     2013-07-29 20:02:23 +0000 (Mon, 29 Jul 2013)
-Log Message:
------------
-        * tp/Common.pm (enumerate_item_representation), Texinfo/Parser.pm:
-        handle correctly @enumerate specification greater than 10.  Report
-        from Dmitry Shachnev.
-
----
- tp/Texinfo/Common.pm |    2 +-
- tp/Texinfo/Parser.pm |    2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tp/Texinfo/Common.pm b/tp/Texinfo/Common.pm
-index 8aee9f7..bdffeee 100644
---- a/tp/Texinfo/Common.pm
-+++ b/tp/Texinfo/Common.pm
-@@ -1382,7 +1382,7 @@ sub enumerate_item_representation($$)
-   my $specification = shift;
-   my $number = shift;
-
--  if ($specification =~ /^[0-9]$/) {
-+  if ($specification =~ /^[0-9]+$/) {
-     return $specification + $number -1;
-   }
-
-diff --git a/tp/Texinfo/Parser.pm b/tp/Texinfo/Parser.pm
-index cf8fa72..8e845e9 100644
---- a/tp/Texinfo/Parser.pm
-+++ b/tp/Texinfo/Parser.pm
-@@ -2973,7 +2973,7 @@ sub _end_line($$$)
-                         $current->{'cmdname'});
-           }
-           my $arg = $current->{'extra'}->{'block_command_line_contents'}->[0]->[0];
--          if (!defined($arg->{'text'}) or $arg->{'text'} !~ /^[[:alnum:]]$/) {
-+          if (!defined($arg->{'text'}) or $arg->{'text'} !~ /^(([[:digit:]]+)|([[:alpha:]]+))$/) {
-             $self->_command_error($current, $line_nr, 
-                         $self->__("bad argument to \@%s"),
-                         $current->{'cmdname'});
---
-1.7.1
-
-- 
1.7.9.5

[PATCH 11/11] elfutils: enable fix-build-gcc-4.8.patch

[Robert Yang]

The patch fixes a warning seen with gcc 4.8 (especially on ubuntu 13.10)

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta/recipes-devtools/elfutils/elfutils_0.148.bb |    1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-devtools/elfutils/elfutils_0.148.bb b/meta/recipes-devtools/elfutils/elfutils_0.148.bb
index dc56dfa..0d8490d 100644
--- a/meta/recipes-devtools/elfutils/elfutils_0.148.bb
+++ b/meta/recipes-devtools/elfutils/elfutils_0.148.bb
@@ -34,6 +34,7 @@ SRC_URI += "\
         file://elfutils-ar-c-fix-num-passed-to-memset.patch \
         file://Fix_elf_cvt_gunhash.patch \
         file://elf_begin.c-CVE-2014-9447-fix.patch \
+        file://fix-build-gcc-4.8.patch \
 "
 # Only apply when building uclibc based target recipe
 SRC_URI_append_libc-uclibc = " file://uclibc-support-for-elfutils-0.148.patch"
-- 
1.7.9.5

Re: [PATCH 04/11] bind: remove 5 backport patches

[Rongqing Li]

On 2015年04月28日 11:43, Robert Yang wrote:
> They are backport patches, and verified that the patches are in the
> source.
>


I send a patch, which upgrade the bind to 9.10.2, and remove these
5 patches, so we can drop this commit, thanks

-Roy


> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
> ---
>   .../bind/bind/bind-9.8.1-CVE-2012-5166.patch       |  119 -----------------
>   .../bind/bind/bind-CVE-2011-4313.patch             |   89 ------------
>   .../bind/bind/bind-CVE-2012-1667.patch             |   92 -------------
>   .../bind/bind/bind-CVE-2013-2266.patch             |   41 ------
>   .../bind/bind/bind-Fix-CVE-2012-4244.patch         |  141 --------------------
>   5 files changed, 482 deletions(-)
>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
>   delete mode 100644 meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
>
> diff --git a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch b/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
> deleted file mode 100644
> index 0abb475..0000000
> --- a/meta/recipes-connectivity/bind/bind/bind-9.8.1-CVE-2012-5166.patch
> +++ /dev/null
> @@ -1,119 +0,0 @@
> -bind_Fix_for_CVE-2012-5166
> -
> -Upstream-Status: Backport
> -
> -Reference:http://launchpadlibrarian.net/119212498/bind9_1%3A9.7.3.dfsOBg
> --1ubuntu2.6_1%3A9.7.3.dfsg-1ubuntu2.7.diff.gz
> -
> -ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before
> -9.9.1-P4, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P4 allows
> -remote attackers to cause a denial of service (named daemon hang)
> -via unspecified combinations of resource records.
> -
> -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5166
> -
> -Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> -diff -urpN a/bin/named/query.c b/bin/named/query.c
> ---- a/bin/named/query.c	2012-10-22 13:24:27.000000000 +0800
> -+++ b/bin/named/query.c	2012-10-22 13:17:04.000000000 +0800
> -@@ -1137,13 +1137,6 @@ query_isduplicate(ns_client_t *client, d
> - 		mname = NULL;
> - 	}
> -
> --	/*
> --	 * If the dns_name_t we're looking up is already in the message,
> --	 * we don't want to trigger the caller's name replacement logic.
> --	 */
> --	if (name == mname)
> --		mname = NULL;
> --
> - 	*mnamep = mname;
> -
> - 	CTRACE("query_isduplicate: false: done");
> -@@ -1341,6 +1334,7 @@ query_addadditional(void *arg, dns_name_
> - 	if (dns_rdataset_isassociated(rdataset) &&
> - 	    !query_isduplicate(client, fname, type, &mname)) {
> - 		if (mname != NULL) {
> -+			INSIST(mname != fname);
> - 			query_releasename(client, &fname);
> - 			fname = mname;
> - 		} else
> -@@ -1401,11 +1395,13 @@ query_addadditional(void *arg, dns_name_
> - 			mname = NULL;
> - 			if (!query_isduplicate(client, fname,
> - 					       dns_rdatatype_a, &mname)) {
> --				if (mname != NULL) {
> --					query_releasename(client, &fname);
> --					fname = mname;
> --				} else
> --					need_addname = ISC_TRUE;
> -+				if (mname != fname) {
> -+					if (mname != NULL) {
> -+						query_releasename(client, &fname);
> -+						fname = mname;
> -+					} else
> -+						need_addname = ISC_TRUE;
> -+				}
> - 				ISC_LIST_APPEND(fname->list, rdataset, link);
> - 				added_something = ISC_TRUE;
> - 				if (sigrdataset != NULL &&
> -@@ -1444,11 +1440,13 @@ query_addadditional(void *arg, dns_name_
> - 			mname = NULL;
> - 			if (!query_isduplicate(client, fname,
> - 					       dns_rdatatype_aaaa, &mname)) {
> --				if (mname != NULL) {
> --					query_releasename(client, &fname);
> --					fname = mname;
> --				} else
> --					need_addname = ISC_TRUE;
> -+				if (mname != fname) {
> -+					if (mname != NULL) {
> -+						query_releasename(client, &fname);
> -+						fname = mname;
> -+					} else
> -+						need_addname = ISC_TRUE;
> -+				}
> - 				ISC_LIST_APPEND(fname->list, rdataset, link);
> - 				added_something = ISC_TRUE;
> - 				if (sigrdataset != NULL &&
> -@@ -1960,22 +1958,24 @@ query_addadditional2(void *arg, dns_name
> - 		    crdataset->type == dns_rdatatype_aaaa) {
> - 			if (!query_isduplicate(client, fname, crdataset->type,
> - 					       &mname)) {
> --				if (mname != NULL) {
> --					/*
> --					 * A different type of this name is
> --					 * already stored in the additional
> --					 * section.  We'll reuse the name.
> --					 * Note that this should happen at most
> --					 * once.  Otherwise, fname->link could
> --					 * leak below.
> --					 */
> --					INSIST(mname0 == NULL);
> --
> --					query_releasename(client, &fname);
> --					fname = mname;
> --					mname0 = mname;
> --				} else
> --					need_addname = ISC_TRUE;
> -+				if (mname != fname) {
> -+					if (mname != NULL) {
> -+						/*
> -+						 * A different type of this name is
> -+						 * already stored in the additional
> -+						 * section.  We'll reuse the name.
> -+						 * Note that this should happen at most
> -+						 * once.  Otherwise, fname->link could
> -+						 * leak below.
> -+						 */
> -+						INSIST(mname0 == NULL);
> -+
> -+						query_releasename(client, &fname);
> -+						fname = mname;
> -+						mname0 = mname;
> -+					} else
> -+						need_addname = ISC_TRUE;
> -+				}
> - 				ISC_LIST_UNLINK(cfname.list, crdataset, link);
> - 				ISC_LIST_APPEND(fname->list, crdataset, link);
> - 				added_something = ISC_TRUE;
> diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
> deleted file mode 100644
> index 19d8df1..0000000
> --- a/meta/recipes-connectivity/bind/bind/bind-CVE-2011-4313.patch
> +++ /dev/null
> @@ -1,89 +0,0 @@
> -The patch to fix CVE-2011-4313
> -
> -Upstream-Status: Backport
> -
> -Reference: https://www.redhat.com/security/data/cve/CVE-2011-4313.html
> -
> -query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV
> -through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1
> -through 9.9.0b1 allows remote attackers to cause a denial of service
> -(assertion failure and named exit) via unknown vectors related to recursive DNS
> -queries, error logging, and the caching of an invalid record by the resolver.
> -
> -Signed-off-by Ming Liu <ming.liu@windriver.com>
> ----
> - bin/named/query.c |   19 ++++++++-----------
> - lib/dns/rbtdb.c   |    4 ++--
> - 2 files changed, 10 insertions(+), 13 deletions(-)
> -
> ---- a/bin/named/query.c
> -+++ b/bin/named/query.c
> -@@ -1393,11 +1393,9 @@ query_addadditional(void *arg, dns_name_
> - 			goto addname;
> - 		if (result == DNS_R_NCACHENXRRSET) {
> - 			dns_rdataset_disassociate(rdataset);
> --			/*
> --			 * Negative cache entries don't have sigrdatasets.
> --			 */
> --			INSIST(sigrdataset == NULL ||
> --			       ! dns_rdataset_isassociated(sigrdataset));
> -+			if (sigrdataset != NULL &&
> -+			    dns_rdataset_isassociated(sigrdataset))
> -+				dns_rdataset_disassociate(sigrdataset);
> - 		}
> - 		if (result == ISC_R_SUCCESS) {
> - 			mname = NULL;
> -@@ -1438,8 +1436,9 @@ query_addadditional(void *arg, dns_name_
> - 			goto addname;
> - 		if (result == DNS_R_NCACHENXRRSET) {
> - 			dns_rdataset_disassociate(rdataset);
> --			INSIST(sigrdataset == NULL ||
> --			       ! dns_rdataset_isassociated(sigrdataset));
> -+			if (sigrdataset != NULL &&
> -+			    dns_rdataset_isassociated(sigrdataset))
> -+				dns_rdataset_disassociate(sigrdataset);
> - 		}
> - 		if (result == ISC_R_SUCCESS) {
> - 			mname = NULL;
> -@@ -1889,10 +1888,8 @@ query_addadditional2(void *arg, dns_name
> - 		goto setcache;
> - 	if (result == DNS_R_NCACHENXRRSET) {
> - 		dns_rdataset_disassociate(rdataset);
> --		/*
> --		 * Negative cache entries don't have sigrdatasets.
> --		 */
> --		INSIST(! dns_rdataset_isassociated(sigrdataset));
> -+		if (dns_rdataset_isassociated(sigrdataset))
> -+			dns_rdataset_disassociate(sigrdataset);
> - 	}
> - 	if (result == ISC_R_SUCCESS) {
> - 		/* Remember the result as a cache */
> ---- a/lib/dns/rbtdb.c
> -+++ b/lib/dns/rbtdb.c
> -@@ -5053,7 +5053,7 @@ cache_find(dns_db_t *db, dns_name_t *nam
> - 			      rdataset);
> - 		if (need_headerupdate(found, search.now))
> - 			update = found;
> --		if (foundsig != NULL) {
> -+		if (!NEGATIVE(found) && foundsig != NULL) {
> - 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
> - 				      sigrdataset);
> - 			if (need_headerupdate(foundsig, search.now))
> -@@ -5596,7 +5596,7 @@ zone_findrdataset(dns_db_t *db, dns_dbno
> - 	}
> - 	if (found != NULL) {
> - 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
> --		if (foundsig != NULL)
> -+		if (!NEGATIVE(found) && foundsig != NULL)
> - 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
> - 				      sigrdataset);
> - 	}
> -@@ -5685,7 +5685,7 @@ cache_findrdataset(dns_db_t *db, dns_dbn
> - 	}
> - 	if (found != NULL) {
> - 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
> --		if (foundsig != NULL)
> -+		if (!NEGATIVE(found) && foundsig != NULL)
> - 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
> - 				      sigrdataset);
> - 	}
> diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
> deleted file mode 100644
> index c441eab..0000000
> --- a/meta/recipes-connectivity/bind/bind/bind-CVE-2012-1667.patch
> +++ /dev/null
> @@ -1,92 +0,0 @@
> -bind CVE-2012-1667
> -
> -Upstream-Status: Backport
> -
> -ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1,
> -and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource
> -records with a zero-length RDATA section, which allows remote DNS servers to
> -cause a denial of service (daemon crash or data corruption) or obtain
> -sensitive information from process memory via a crafted record.
> -
> -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1667
> -
> -The cve patch comes from bind97-9.7.0-10.P2.el5_8.1.src.rpm package.
> -
> -Signed-off-by: Li Wang <li.wang@windriver.com>
> ----
> - lib/dns/rdata.c     |    8 ++++----
> - lib/dns/rdataslab.c |   11 ++++++++---
> - 2 files changed, 12 insertions(+), 7 deletions(-)
> -
> -diff --git a/lib/dns/rdata.c b/lib/dns/rdata.c
> -index 063b1f6..9337a80 100644
> ---- a/lib/dns/rdata.c
> -+++ b/lib/dns/rdata.c
> -@@ -325,8 +325,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
> -
> - 	REQUIRE(rdata1 != NULL);
> - 	REQUIRE(rdata2 != NULL);
> --	REQUIRE(rdata1->data != NULL);
> --	REQUIRE(rdata2->data != NULL);
> -+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
> -+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
> - 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
> - 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
> -
> -@@ -356,8 +356,8 @@ dns_rdata_casecompare(const dns_rdata_t *rdata1, const dns_rdata_t *rdata2) {
> -
> - 	REQUIRE(rdata1 != NULL);
> - 	REQUIRE(rdata2 != NULL);
> --	REQUIRE(rdata1->data != NULL);
> --	REQUIRE(rdata2->data != NULL);
> -+	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
> -+	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
> - 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
> - 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
> -
> -diff --git a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
> -index a41f16f..ed13b30 100644
> ---- a/lib/dns/rdataslab.c
> -+++ b/lib/dns/rdataslab.c
> -@@ -125,6 +125,11 @@ isc_result_t
> - dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
> - 			   isc_region_t *region, unsigned int reservelen)
> - {
> -+	/*
> -+	 * Use &removed as a sentinal pointer for duplicate
> -+	 * rdata as rdata.data == NULL is valid.
> -+	 */
> -+	static unsigned char removed;
> - 	struct xrdata  *x;
> - 	unsigned char  *rawbuf;
> - #if DNS_RDATASET_FIXED
> -@@ -168,6 +173,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
> - 		INSIST(result == ISC_R_SUCCESS);
> - 		dns_rdata_init(&x[i].rdata);
> - 		dns_rdataset_current(rdataset, &x[i].rdata);
> -+		INSIST(x[i].rdata.data != &removed);
> - #if DNS_RDATASET_FIXED
> - 		x[i].order = i;
> - #endif
> -@@ -200,8 +206,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
> - 	 */
> - 	for (i = 1; i < nalloc; i++) {
> - 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
> --			x[i-1].rdata.data = NULL;
> --			x[i-1].rdata.length = 0;
> -+			x[i-1].rdata.data = &removed;
> - #if DNS_RDATASET_FIXED
> - 			/*
> - 			 * Preserve the least order so A, B, A -> A, B
> -@@ -291,7 +296,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
> - #endif
> -
> - 	for (i = 0; i < nalloc; i++) {
> --		if (x[i].rdata.data == NULL)
> -+		if (x[i].rdata.data == &removed)
> - 			continue;
> - #if DNS_RDATASET_FIXED
> - 		offsettable[x[i].order] = rawbuf - offsetbase;
> ---
> -1.7.0.5
> -
> diff --git a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch b/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
> deleted file mode 100644
> index 7ec6deb..0000000
> --- a/meta/recipes-connectivity/bind/bind/bind-CVE-2013-2266.patch
> +++ /dev/null
> @@ -1,41 +0,0 @@
> -bind: fix for CVE-2013-2266
> -
> -Upstream-Status: Backport
> -
> -libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5b2,
> -9.9.x before 9.9.2-P2, and 9.9.3 before 9.9.3b2 on UNIX platforms allows
> -remote attackers to cause a denial of service (memory consumption) via a
> -crafted regular expression, as demonstrated by a memory-exhaustion attack
> -against a machine running a named process.
> -
> -http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2266
> -
> -Signed-off-by Ming Liu <ming.liu@windriver.com>
> ----
> - config.h.in  |    3 ---
> - configure.in |    2 +-
> - 2 files changed, 1 insertion(+), 4 deletions(-)
> -
> ---- a/config.h.in
> -+++ b/config.h.in
> -@@ -277,9 +277,6 @@ int sigwait(const unsigned int *set, int
> - /* Define if your OpenSSL version supports GOST. */
> - #undef HAVE_OPENSSL_GOST
> -
> --/* Define to 1 if you have the <regex.h> header file. */
> --#undef HAVE_REGEX_H
> --
> - /* Define to 1 if you have the `setegid' function. */
> - #undef HAVE_SETEGID
> -
> ---- a/configure.in
> -+++ b/configure.in
> -@@ -279,7 +279,7 @@ esac
> -
> - AC_HEADER_STDC
> -
> --AC_CHECK_HEADERS(fcntl.h regex.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
> -+AC_CHECK_HEADERS(fcntl.h sys/time.h unistd.h sys/sockio.h sys/select.h sys/param.h sys/sysctl.h net/if6.h,,,
> - [$ac_includes_default
> - #ifdef HAVE_SYS_PARAM_H
> - # include <sys/param.h>
> diff --git a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch b/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
> deleted file mode 100644
> index 5dd6f69..0000000
> --- a/meta/recipes-connectivity/bind/bind/bind-Fix-CVE-2012-4244.patch
> +++ /dev/null
> @@ -1,141 +0,0 @@
> -bind_Fix_for_CVE-2012-4244
> -
> -Upstream-Status: Backport
> -
> -Reference:https://bugzilla.novell.com/attachment.cgi?id=505661&action=edit
> -
> -ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3,
> - and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to
> -cause a denial of service (assertion failure and named daemon exit) via
> -a query for a long resource record.
> -
> -Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> -
> -diff -urpN a/lib/dns/include/dns/rdata.h b/lib/dns/include/dns/rdata.h
> ---- a/lib/dns/include/dns/rdata.h	2012-10-08 12:19:42.000000000 +0800
> -+++ b/lib/dns/include/dns/rdata.h	2012-10-08 11:26:43.000000000 +0800
> -@@ -147,6 +147,17 @@ struct dns_rdata {
> - 	(((rdata)->flags & ~(DNS_RDATA_UPDATE|DNS_RDATA_OFFLINE)) == 0)
> -
> - /*
> -+ * The maximum length of a RDATA that can be sent on the wire.
> -+ * Max packet size (65535) less header (12), less name (1), type (2),
> -+ * class (2), ttl(4), length (2).
> -+ *
> -+ * None of the defined types that support name compression can exceed
> -+ * this and all new types are to be sent uncompressed.
> -+ */
> -+
> -+#define DNS_RDATA_MAXLENGTH    65512U
> -+
> -+/*
> -  * Flags affecting rdata formatting style.  Flags 0xFFFF0000
> -  * are used by masterfile-level formatting and defined elsewhere.
> -  * See additional comments at dns_rdata_tofmttext().
> -diff -urpN a/lib/dns/master.c b/lib/dns/master.c
> ---- a/lib/dns/master.c	2012-10-08 12:19:42.000000000 +0800
> -+++ b/lib/dns/master.c	2012-10-08 11:27:06.000000000 +0800
> -@@ -75,7 +75,7 @@
> - /*%
> -  * max message size - header - root - type - class - ttl - rdlen
> -  */
> --#define MINTSIZ (65535 - 12 - 1 - 2 - 2 - 4 - 2)
> -+#define MINTSIZ DNS_RDATA_MAXLENGTH
> - /*%
> -  * Size for tokens in the presentation format,
> -  * The largest tokens are the base64 blocks in KEY and CERT records,
> -diff -urpN a/lib/dns/rdata.c b/lib/dns/rdata.c
> ---- a/lib/dns/rdata.c	2012-10-08 12:19:42.000000000 +0800
> -+++ b/lib/dns/rdata.c	2012-10-08 11:27:27.000000000 +0800
> -@@ -425,6 +425,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
> - 	isc_buffer_t st;
> - 	isc_boolean_t use_default = ISC_FALSE;
> - 	isc_uint32_t activelength;
> -+	size_t length;
> -
> - 	REQUIRE(dctx != NULL);
> - 	if (rdata != NULL) {
> -@@ -455,6 +456,14 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
> - 	}
> -
> - 	/*
> -+	 * Reject any rdata that expands out to more than DNS_RDATA_MAXLENGTH
> -+	 * as we cannot transmit it.
> -+	 */
> -+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
> -+	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
> -+		result = DNS_R_FORMERR;
> -+
> -+	/*
> - 	 * We should have consumed all of our buffer.
> - 	 */
> - 	if (result == ISC_R_SUCCESS && !buffer_empty(source))
> -@@ -462,8 +471,7 @@ dns_rdata_fromwire(dns_rdata_t *rdata, d
> -
> - 	if (rdata != NULL && result == ISC_R_SUCCESS) {
> - 		region.base = isc_buffer_used(&st);
> --		region.length = isc_buffer_usedlength(target) -
> --				isc_buffer_usedlength(&st);
> -+		region.length = length;
> - 		dns_rdata_fromregion(rdata, rdclass, type, &region);
> - 	}
> -
> -@@ -598,6 +606,7 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
> - 	unsigned long line;
> - 	void (*callback)(dns_rdatacallbacks_t *, const char *, ...);
> - 	isc_result_t tresult;
> -+	size_t length;
> -
> - 	REQUIRE(origin == NULL || dns_name_isabsolute(origin) == ISC_TRUE);
> - 	if (rdata != NULL) {
> -@@ -670,10 +679,13 @@ dns_rdata_fromtext(dns_rdata_t *rdata, d
> - 		}
> - 	} while (1);
> -
> -+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
> -+	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
> -+		result = ISC_R_NOSPACE;
> -+
> - 	if (rdata != NULL && result == ISC_R_SUCCESS) {
> - 		region.base = isc_buffer_used(&st);
> --		region.length = isc_buffer_usedlength(target) -
> --				isc_buffer_usedlength(&st);
> -+		region.length = length;
> - 		dns_rdata_fromregion(rdata, rdclass, type, &region);
> - 	}
> - 	if (result != ISC_R_SUCCESS) {
> -@@ -781,6 +793,7 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
> - 	isc_buffer_t st;
> - 	isc_region_t region;
> - 	isc_boolean_t use_default = ISC_FALSE;
> -+	size_t length;
> -
> - 	REQUIRE(source != NULL);
> - 	if (rdata != NULL) {
> -@@ -795,10 +808,13 @@ dns_rdata_fromstruct(dns_rdata_t *rdata,
> - 	if (use_default)
> - 		(void)NULL;
> -
> -+	length = isc_buffer_usedlength(target) - isc_buffer_usedlength(&st);
> -+	if (result == ISC_R_SUCCESS && length > DNS_RDATA_MAXLENGTH)
> -+		result = ISC_R_NOSPACE;
> -+
> - 	if (rdata != NULL && result == ISC_R_SUCCESS) {
> - 		region.base = isc_buffer_used(&st);
> --		region.length = isc_buffer_usedlength(target) -
> --				isc_buffer_usedlength(&st);
> -+		region.length = length;
> - 		dns_rdata_fromregion(rdata, rdclass, type, &region);
> - 	}
> - 	if (result != ISC_R_SUCCESS)
> -diff -urpN a/lib/dns/rdataslab.c b/lib/dns/rdataslab.c
> ---- a/lib/dns/rdataslab.c	2012-10-08 12:19:42.000000000 +0800
> -+++ b/lib/dns/rdataslab.c	2012-10-08 11:27:54.000000000 +0800
> -@@ -304,6 +304,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_
> - 		length = x[i].rdata.length;
> - 		if (rdataset->type == dns_rdatatype_rrsig)
> - 			length++;
> -+		INSIST(length <= 0xffff);
> - 		*rawbuf++ = (length & 0xff00) >> 8;
> - 		*rawbuf++ = (length & 0x00ff);
> - #if DNS_RDATASET_FIXED
>

-- 
Best Reagrds,
Roy | RongQing Li