[PATCH 0/6] [jethro] Consolidated pull

[PATCH 0/6] [jethro] Consolidated pull

[Robert Yang]

The following changes since commit 28032d8c3122b75ceb3f4a664a2b478c9a9a6a2c:

  tzcode: update to 2016c (2016-04-11 22:03:01 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib rbt/jethro-next
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/jethro-next

Armin Kuster (2):
  tzcode: update to 2016d
  tzdata: update to 2016d

Bjørn Forsman (1):
  license.bbclass: fix warnings when run in unprivileged "container" env

Robert Yang (1):
  boot-directdisk.bbclass: remove HDDIMG before create

Sona Sarmadi (1):
  bind: CVE-2016-1285 CVE-2016-1286

Stefan Agner (1):
  opkg: backport fix for double remove of packges

 meta/classes/boot-directdisk.bbclass               |   2 +
 meta/classes/license.bbclass                       |   8 +-
 .../bind/bind/CVE-2016-1285.patch                  | 138 +++++++++
 .../bind/bind/CVE-2016-1286_1.patch                |  79 +++++
 .../bind/bind/CVE-2016-1286_2.patch                | 318 +++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.10.2-P4.bb   |   3 +
 ...vider_replacees-do-not-add-installed-pkg-.patch | 112 ++++++++
 meta/recipes-devtools/opkg/opkg_0.3.0.bb           |   1 +
 ...code-native_2016c.bb => tzcode-native_2016d.bb} |   8 +-
 .../tzdata/{tzdata_2016c.bb => tzdata_2016d.bb}    |   4 +-
 10 files changed, 664 insertions(+), 9 deletions(-)
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
 create mode 100644 meta/recipes-devtools/opkg/opkg/0001-pkg_get_provider_replacees-do-not-add-installed-pkg-.patch
 rename meta/recipes-extended/tzcode/{tzcode-native_2016c.bb => tzcode-native_2016d.bb} (68%)
 rename meta/recipes-extended/tzdata/{tzdata_2016c.bb => tzdata_2016d.bb} (98%)

-- 
2.8.0

[PATCH 1/6] tzcode: update to 2016d

[Robert Yang]

From: Armin Kuster <akuster@mvista.com>

they keep the versions in-sync. changes are all in data.

Changes affecting future time stamps

America/Caracas switches from -0430 to -04 on 2016-05-01 at 02:30.
(Thanks to Alexander Krivenyshev for the heads-up.)

Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00.
(Thanks to Alexander Krivenyshev and Matt Johnson.)

New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers
Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29
at 02:00.  (Thanks to Stepan Golosunov.)

Changes affecting past time stamps

New zone Europe/Kirov, split off from Europe/Volgograd.  It covers
Kirov Oblast, Russia, which switched from +04/+05 to +03/+04 on
1989-03-26 at 02:00, roughly a year after Europe/Volgograd made
the same change.  (Thanks to Stepan Golosunov.)

Russia and nearby locations had daylight-saving transitions on
1992-03-29 at 02:00 and 1992-09-27 at 03:00, instead of on
1992-03-28 at 23:00 and 1992-09-26 at 23:00.  (Thanks to Stepan
Golosunov.)

Many corrections to historical time in Kazakhstan from 1991
through 2005.  (Thanks to Stepan Golosunov.)  Replace Kazakhstan's
invented time zone abbreviations with numeric abbreviations.

(From OE-Core master rev: db8223e4dd2e513a656aedfae217d94e053c2366)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../tzcode/{tzcode-native_2016c.bb => tzcode-native_2016d.bb}     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 rename meta/recipes-extended/tzcode/{tzcode-native_2016c.bb => tzcode-native_2016d.bb} (68%)

diff --git a/meta/recipes-extended/tzcode/tzcode-native_2016c.bb b/meta/recipes-extended/tzcode/tzcode-native_2016d.bb
similarity index 68%
rename from meta/recipes-extended/tzcode/tzcode-native_2016c.bb
rename to meta/recipes-extended/tzcode/tzcode-native_2016d.bb
index 06b92ea..647ce2d 100644
--- a/meta/recipes-extended/tzcode/tzcode-native_2016c.bb
+++ b/meta/recipes-extended/tzcode/tzcode-native_2016d.bb
@@ -8,10 +8,10 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=76ae2becfcb9a685041c6f166b44c2c2"
 SRC_URI =" http://www.iana.org/time-zones/repository/releases/tzcode${PV}.tar.gz;name=tzcode \
            http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata"
 
-SRC_URI[tzcode.md5sum] = "ffb82ab0b588138759902b4627a6a80d"
-SRC_URI[tzcode.sha256sum] = "344b1bd486935bca2b7baa47db3b99b32211c45f31ec0d1ead8bacd103c5a416"
-SRC_URI[tzdata.md5sum] = "0330ccd16140d3b6438a18dae9b34b93"
-SRC_URI[tzdata.sha256sum] = "8700d981e6f2007ac037dabb5d2b12f390e8629bbc30e564bc21cf0c069a2d48"
+SRC_URI[tzcode.md5sum] = "06fc6fc111cd8dd681abdc5326529afd"
+SRC_URI[tzcode.sha256sum] = "a8f33d6f87aef7e109e4769fc7f6e63637d52d07ddf6440a1a50df3d9a34e0ca"
+SRC_URI[tzdata.md5sum] = "14bf84b6c2cdab0a9428991e0150ebe6"
+SRC_URI[tzdata.sha256sum] = "d9554dfba0efd76053582bd89e8c7036ef12eee14fdd506675b08a5b59f0a1b4"
 
 S = "${WORKDIR}"
 
-- 
2.8.0

[PATCH 2/6] tzdata: update to 2016d

[Robert Yang]

From: Armin Kuster <akuster@mvista.com>

Changes affecting future time stamps

America/Caracas switches from -0430 to -04 on 2016-05-01 at 02:30.
(Thanks to Alexander Krivenyshev for the heads-up.)

Asia/Magadan switches from +10 to +11 on 2016-04-24 at 02:00.
(Thanks to Alexander Krivenyshev and Matt Johnson.)

New zone Asia/Tomsk, split off from Asia/Novosibirsk. It covers
Tomsk Oblast, Russia, which switches from +06 to +07 on 2016-05-29
at 02:00.  (Thanks to Stepan Golosunov.)

Changes affecting past time stamps

New zone Europe/Kirov, split off from Europe/Volgograd.  It covers
Kirov Oblast, Russia, which switched from +04/+05 to +03/+04 on
1989-03-26 at 02:00, roughly a year after Europe/Volgograd made
the same change.  (Thanks to Stepan Golosunov.)

Russia and nearby locations had daylight-saving transitions on
1992-03-29 at 02:00 and 1992-09-27 at 03:00, instead of on
1992-03-28 at 23:00 and 1992-09-26 at 23:00.  (Thanks to Stepan
Golosunov.)

Many corrections to historical time in Kazakhstan from 1991
through 2005.  (Thanks to Stepan Golosunov.)  Replace Kazakhstan's
invented time zone abbreviations with numeric abbreviations.

(From OE-Core master rev: 10194ca3d8c2f4d8648a685c5c239a33d944b6fe)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta/recipes-extended/tzdata/{tzdata_2016c.bb => tzdata_2016d.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-extended/tzdata/{tzdata_2016c.bb => tzdata_2016d.bb} (98%)

diff --git a/meta/recipes-extended/tzdata/tzdata_2016c.bb b/meta/recipes-extended/tzdata/tzdata_2016d.bb
similarity index 98%
rename from meta/recipes-extended/tzdata/tzdata_2016c.bb
rename to meta/recipes-extended/tzdata/tzdata_2016d.bb
index c342a02..7b64c85 100644
--- a/meta/recipes-extended/tzdata/tzdata_2016c.bb
+++ b/meta/recipes-extended/tzdata/tzdata_2016d.bb
@@ -8,8 +8,8 @@ DEPENDS = "tzcode-native"
 
 SRC_URI = "http://www.iana.org/time-zones/repository/releases/tzdata${PV}.tar.gz;name=tzdata"
 
-SRC_URI[tzdata.md5sum] = "0330ccd16140d3b6438a18dae9b34b93"
-SRC_URI[tzdata.sha256sum] = "8700d981e6f2007ac037dabb5d2b12f390e8629bbc30e564bc21cf0c069a2d48"
+SRC_URI[tzdata.md5sum] = "14bf84b6c2cdab0a9428991e0150ebe6"
+SRC_URI[tzdata.sha256sum] = "d9554dfba0efd76053582bd89e8c7036ef12eee14fdd506675b08a5b59f0a1b4"
 
 inherit allarch
 
-- 
2.8.0

[PATCH 3/6] license.bbclass: fix warnings when run in unprivileged "container" env

[Robert Yang]

From: Bjørn Forsman <bjorn.forsman@gmail.com>

An unprivileged "container" environment like this[1] doesn't have root
account (uid 0) which causes tons of "Invalid argument" warnings:

  $ bitbake ...
  ...
  WARNING: Could not copy license file [src] to [dest]: [Errno 22] Invalid argument: '[src]'
  WARNING: Could not copy license file [src] to [dest]: [Errno 22] Invalid argument: '[src]'
  WARNING: Could not copy license file [src] to [dest]: [Errno 22] Invalid argument: '[src]'
  ...

Fix it by handling EINVAL similar to existing handling of EPERM (which
was added for when not running under pseudo).

[1]: The real environemnt is buildFHSUserEnv from NixOS/nixpkgs, but a
  demonstration of the issue can be done like this:

    $ touch f
    $ unshare --user --mount chown 0:0 f
    chown: changing ownership of ‘f’: Invalid argument

(From OE-Core master rev: d00b2250a6afebd7d1373c04b4006290f0cd4043)

Signed-off-by: Bjørn Forsman <bjorn.forsman@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta/classes/license.bbclass | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/meta/classes/license.bbclass b/meta/classes/license.bbclass
index c714da3..db0fc51 100644
--- a/meta/classes/license.bbclass
+++ b/meta/classes/license.bbclass
@@ -189,9 +189,11 @@ def copy_license_files(lic_files_paths, destdir):
                     os.chown(dst,0,0)
                 except OSError as err:
                     import errno
-                    if err.errno == errno.EPERM:
-                        # suppress "Operation not permitted" error, as
-                        # sometimes this function is not executed under pseudo
+                    if err.errno in (errno.EPERM, errno.EINVAL):
+                        # Suppress "Operation not permitted" error, as
+                        # sometimes this function is not executed under pseudo.
+                        # Also ignore "Invalid argument" errors that happen in
+                        # some (unprivileged) container environments (no root).
                         pass
                     else:
                         raise
-- 
2.8.0

[PATCH 4/6] bind: CVE-2016-1285 CVE-2016-1286

[Robert Yang]

From: Sona Sarmadi <sona.sarmadi@enea.com>

CVE-2016-1285 bind: malformed packet sent to rndc can trigger assertion failure
CVE-2016-1286 bind: malformed signature records for DNAME records can
trigger assertion failure

[YOCTO #9400]

External References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1285
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-1286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1286

References to the Upstream commits and Security Advisories:

CVE-2016-1285: https://kb.isc.org/article/AA-01352
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=e7e15d1302b26a96fa0a5307d6f2cb0d8ad4ea63

CVE-2016-1286: https://kb.isc.org/article/AA-01353
https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=456e1eadd2a3a2fb9617e60d4db90ef4ba7c6ba3

https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=patch;
h=499952eb459c9a41d2092f1d98899c131f9103b2

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 .../bind/bind/CVE-2016-1285.patch                  | 138 +++++++++
 .../bind/bind/CVE-2016-1286_1.patch                |  79 +++++
 .../bind/bind/CVE-2016-1286_2.patch                | 318 +++++++++++++++++++++
 meta/recipes-connectivity/bind/bind_9.10.2-P4.bb   |   3 +
 4 files changed, 538 insertions(+)
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
 create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch

diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
new file mode 100644
index 0000000..f73f642
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
@@ -0,0 +1,138 @@
+From e7e15d1302b26a96fa0a5307d6f2cb0d8ad4ea63 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Thu, 18 Feb 2016 12:11:27 +1100
+Subject: [PATCH] 4318. [security] Malformed control messages can
+trigger assertions in named and rndc. (CVE-2016-1285) [RT #41666]
+
+(cherry picked from commit a2b15b3305acd52179e6f3dc7d073b07fbc40b8e)
+
+Hand applied Changelog changes.
+
+CVE: CVE-2016-1285
+Upstream-Status: Backport
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff -ruN a/bin/named/control.c b/bin/named/control.c
+--- a/bin/named/control.c	2015-08-15 02:28:49.000000000 +0200
++++ b/bin/named/control.c	2016-04-11 09:38:20.940827528 +0200
+@@ -69,7 +69,7 @@
+ #endif
+ 
+ 	data = isccc_alist_lookup(message, "_data");
+-	if (data == NULL) {
++	if (!isccc_alist_alistp(data)) {
+ 		/*
+ 		 * No data section.
+ 		 */
+diff -ruN a/bin/named/controlconf.c b/bin/named/controlconf.c
+--- a/bin/named/controlconf.c	2015-08-15 02:28:49.000000000 +0200
++++ b/bin/named/controlconf.c	2016-04-11 09:38:20.944827355 +0200
+@@ -402,7 +402,7 @@
+ 	 * Limit exposure to replay attacks.
+ 	 */
+ 	_ctrl = isccc_alist_lookup(request, "_ctrl");
+-	if (_ctrl == NULL) {
++	if (!isccc_alist_alistp(_ctrl)) {
+ 		log_invalid(&conn->ccmsg, ISC_R_FAILURE);
+ 		goto cleanup_request;
+ 	}
+diff -ruN a/bin/rndc/rndc.c b/bin/rndc/rndc.c
+--- a/bin/rndc/rndc.c	2015-08-15 02:28:49.000000000 +0200
++++ b/bin/rndc/rndc.c	2016-04-11 09:38:20.944827355 +0200
+@@ -254,8 +254,8 @@
+ 	   isccc_cc_fromwire(&source, &response, algorithm, &secret));
+ 
+ 	data = isccc_alist_lookup(response, "_data");
+-	if (data == NULL)
+-		fatal("no data section in response");
++	if (!isccc_alist_alistp(data))
++		fatal("bad or missing data section in response");
+ 	result = isccc_cc_lookupstring(data, "err", &errormsg);
+ 	if (result == ISC_R_SUCCESS) {
+ 		failed = ISC_TRUE;
+@@ -320,8 +320,8 @@
+ 	   isccc_cc_fromwire(&source, &response, algorithm, &secret));
+ 
+ 	_ctrl = isccc_alist_lookup(response, "_ctrl");
+-	if (_ctrl == NULL)
+-		fatal("_ctrl section missing");
++	if (!isccc_alist_alistp(_ctrl))
++		fatal("bad or missing ctrl section in response");
+ 	nonce = 0;
+ 	if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS)
+ 		nonce = 0;
+diff -ruN a/CHANGES b/CHANGES
+--- a/CHANGES	2016-04-11 09:36:08.546578759 +0200
++++ b/CHANGES	2016-04-11 09:39:59.356552273 +0200
+@@ -1,3 +1,6 @@
++4318.  [security]      Malformed control messages can trigger assertions
++                       in named and rndc. (CVE-2016-1285) [RT #41666]
++
+ 4146.  [bug]           Address reference leak that could prevent a clean
+                        shutdown. [RT #37125]
+ 
+diff -ruN a/lib/isccc/cc.c b/lib/isccc/cc.c
+--- a/lib/isccc/cc.c	2015-08-15 02:28:49.000000000 +0200
++++ b/lib/isccc/cc.c	2016-04-11 09:38:20.944827355 +0200
+@@ -403,13 +403,13 @@
+ 	 * Extract digest.
+ 	 */
+ 	_auth = isccc_alist_lookup(alist, "_auth");
+-	if (_auth == NULL)
++	if (!isccc_alist_alistp(_auth))
+ 		return (ISC_R_FAILURE);
+ 	if (algorithm == ISCCC_ALG_HMACMD5)
+ 		hmac = isccc_alist_lookup(_auth, "hmd5");
+ 	else
+ 		hmac = isccc_alist_lookup(_auth, "hsha");
+-	if (hmac == NULL)
++	if (!isccc_sexpr_binaryp(hmac))
+ 		return (ISC_R_FAILURE);
+ 	/*
+ 	 * Compute digest.
+@@ -728,7 +728,7 @@
+ 	REQUIRE(ackp != NULL && *ackp == NULL);
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+-	if (_ctrl == NULL ||
++	if (!isccc_alist_alistp(_ctrl) ||
+ 	    isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
+ 	    isccc_cc_lookupuint32(_ctrl, "_tim", &t) != ISC_R_SUCCESS)
+ 		return (ISC_R_FAILURE);
+@@ -773,7 +773,7 @@
+ 	isccc_sexpr_t *_ctrl;
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+-	if (_ctrl == NULL)
++	if (!isccc_alist_alistp(_ctrl))
+ 		return (ISC_FALSE);
+ 	if (isccc_cc_lookupstring(_ctrl, "_ack", NULL) == ISC_R_SUCCESS)
+ 		return (ISC_TRUE);
+@@ -786,7 +786,7 @@
+ 	isccc_sexpr_t *_ctrl;
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+-	if (_ctrl == NULL)
++	if (!isccc_alist_alistp(_ctrl))
+ 		return (ISC_FALSE);
+ 	if (isccc_cc_lookupstring(_ctrl, "_rpl", NULL) == ISC_R_SUCCESS)
+ 		return (ISC_TRUE);
+@@ -806,7 +806,7 @@
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+ 	_data = isccc_alist_lookup(message, "_data");
+-	if (_ctrl == NULL || _data == NULL ||
++	if (!isccc_alist_alistp(_ctrl) || !isccc_alist_alistp(_data) ||
+ 	    isccc_cc_lookupuint32(_ctrl, "_ser", &serial) != ISC_R_SUCCESS ||
+ 	    isccc_cc_lookupstring(_data, "type", &type) != ISC_R_SUCCESS)
+ 		return (ISC_R_FAILURE);
+@@ -995,7 +995,7 @@
+ 	isccc_sexpr_t *_ctrl;
+ 
+ 	_ctrl = isccc_alist_lookup(message, "_ctrl");
+-	if (_ctrl == NULL ||
++	if (!isccc_alist_alistp(_ctrl) ||
+ 	    isccc_cc_lookupstring(_ctrl, "_ser", &_ser) != ISC_R_SUCCESS ||
+ 	    isccc_cc_lookupstring(_ctrl, "_tim", &_tim) != ISC_R_SUCCESS)
+ 		return (ISC_R_FAILURE);
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
new file mode 100644
index 0000000..5002147
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
@@ -0,0 +1,79 @@
+From 456e1eadd2a3a2fb9617e60d4db90ef4ba7c6ba3 Mon Sep 17 00:00:00 2001
+From: Mukund Sivaraman <muks@isc.org>
+Date: Mon, 22 Feb 2016 12:22:43 +0530
+Subject: [PATCH] Fix resolver assertion failure due to improper DNAME handling
+ (CVE-2016-1286) (#41753)
+
+(cherry picked from commit 5995fec51cc8bb7e53804e4936e60aa1537f3673)
+
+Hand applied Changelog changes.
+
+CVE: CVE-2016-1286
+Upstream-Status: Backport
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff -ruN a/CHANGES b/CHANGES
+--- a/CHANGES	2016-04-11 09:46:42.075057394 +0200
++++ b/CHANGES	2016-04-11 09:44:21.857148819 +0200
+@@ -1,3 +1,7 @@
++4319.  [security]      Fix resolver assertion failure due to improper
++                       DNAME handling when parsing fetch reply messages.
++                       (CVE-2016-1286) [RT #41753]
++
+ 4318.  [security]      Malformed control messages can trigger assertions
+                        in named and rndc. (CVE-2016-1285) [RT #41666]
+ 
+diff -ruN a/lib/dns/resolver.c b/lib/dns/resolver.c
+--- a/lib/dns/resolver.c	2016-04-11 09:36:08.550578585 +0200
++++ b/lib/dns/resolver.c	2016-04-11 09:43:23.091701714 +0200
+@@ -6634,21 +6634,26 @@
+ 				isc_boolean_t found_dname = ISC_FALSE;
+ 				dns_name_t *dname_name;
+ 
++				/*
++				 * Only pass DNAME or RRSIG(DNAME).
++				 */
++				if (rdataset->type != dns_rdatatype_dname &&
++				    (rdataset->type != dns_rdatatype_rrsig ||
++				     rdataset->covers != dns_rdatatype_dname))
++					continue;
++
++				/*
++				 * If we're not chaining, then the DNAME and
++				 * its signature should not be external.
++				 */
++				if (!chaining && external) {
++					log_formerr(fctx, "external DNAME");
++					return (DNS_R_FORMERR);
++				}
++
+ 				found = ISC_FALSE;
+ 				aflag = 0;
+ 				if (rdataset->type == dns_rdatatype_dname) {
+-					/*
+-					 * We're looking for something else,
+-					 * but we found a DNAME.
+-					 *
+-					 * If we're not chaining, then the
+-					 * DNAME should not be external.
+-					 */
+-					if (!chaining && external) {
+-						log_formerr(fctx,
+-							    "external DNAME");
+-						return (DNS_R_FORMERR);
+-					}
+ 					found = ISC_TRUE;
+ 					want_chaining = ISC_TRUE;
+ 					POST(want_chaining);
+@@ -6677,9 +6682,7 @@
+ 							&fctx->domain)) {
+ 						return (DNS_R_SERVFAIL);
+ 					}
+-				} else if (rdataset->type == dns_rdatatype_rrsig
+-					   && rdataset->covers ==
+-					   dns_rdatatype_dname) {
++				} else {
+ 					/*
+ 					 * We've found a signature that
+ 					 * covers the DNAME.
diff --git a/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
new file mode 100644
index 0000000..3ca76b9
--- /dev/null
+++ b/meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
@@ -0,0 +1,318 @@
+From 499952eb459c9a41d2092f1d98899c131f9103b2 Mon Sep 17 00:00:00 2001
+From: Mark Andrews <marka@isc.org>
+Date: Mon, 29 Feb 2016 07:16:48 +1100
+Subject: [PATCH] Part 2 of: 4319.[security] Fix resolver assertion
+failure due to improper DNAME handling when parsing fetch reply messages.
+(CVE-2016-1286) [RT #41753]
+
+(cherry picked from commit 2de89ee9de8c8da9dc153a754b02dcdbb7fe2374)
+
+CVE: CVE-2016-1286 [part 2]
+Upstream-Status: Backport
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ lib/dns/resolver.c | 192 ++++++++++++++++++++++++++---------------------------
+ 1 file changed, 93 insertions(+), 99 deletions(-)
+
+diff --git a/lib/dns/resolver.c b/lib/dns/resolver.c
+index 23d636b..fbc0af0 100644
+--- a/lib/dns/resolver.c
++++ b/lib/dns/resolver.c
+@@ -6088,14 +6088,11 @@ cname_target(dns_rdataset_t *rdataset, dns_name_t *tname) {
+ }
+ 
+ static inline isc_result_t
+-dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
+-	     dns_name_t *oname, dns_fixedname_t *fixeddname)
++dname_target(dns_rdataset_t *rdataset, dns_name_t *qname,
++	     unsigned int nlabels, dns_fixedname_t *fixeddname)
+ {
+ 	isc_result_t result;
+ 	dns_rdata_t rdata = DNS_RDATA_INIT;
+-	unsigned int nlabels;
+-	int order;
+-	dns_namereln_t namereln;
+ 	dns_rdata_dname_t dname;
+ 	dns_fixedname_t prefix;
+ 
+@@ -6110,21 +6107,6 @@ dname_target(fetchctx_t *fctx, dns_rdataset_t *rdataset, dns_name_t *qname,
+ 	if (result != ISC_R_SUCCESS)
+ 		return (result);
+ 
+-	/*
+-	 * Get the prefix of qname.
+-	 */
+-	namereln = dns_name_fullcompare(qname, oname, &order, &nlabels);
+-	if (namereln != dns_namereln_subdomain) {
+-		char qbuf[DNS_NAME_FORMATSIZE];
+-		char obuf[DNS_NAME_FORMATSIZE];
+-
+-		dns_rdata_freestruct(&dname);
+-		dns_name_format(qname, qbuf, sizeof(qbuf));
+-		dns_name_format(oname, obuf, sizeof(obuf));
+-		log_formerr(fctx, "unrelated DNAME in answer: "
+-				   "%s is not in %s", qbuf, obuf);
+-		return (DNS_R_FORMERR);
+-	}
+ 	dns_fixedname_init(&prefix);
+ 	dns_name_split(qname, nlabels, dns_fixedname_name(&prefix), NULL);
+ 	dns_fixedname_init(fixeddname);
+@@ -6750,13 +6732,13 @@ static isc_result_t
+ answer_response(fetchctx_t *fctx) {
+ 	isc_result_t result;
+ 	dns_message_t *message;
+-	dns_name_t *name, *qname, tname, *ns_name;
++	dns_name_t *name, *dname, *qname, tname, *ns_name;
+ 	dns_rdataset_t *rdataset, *ns_rdataset;
+ 	isc_boolean_t done, external, chaining, aa, found, want_chaining;
+ 	isc_boolean_t have_answer, found_cname, found_type, wanted_chaining;
+ 	unsigned int aflag;
+ 	dns_rdatatype_t type;
+-	dns_fixedname_t dname, fqname;
++	dns_fixedname_t fdname, fqname;
+ 	dns_view_t *view;
+ 
+ 	FCTXTRACE("answer_response");
+@@ -6784,10 +6766,15 @@ answer_response(fetchctx_t *fctx) {
+ 	view = fctx->res->view;
+ 	result = dns_message_firstname(message, DNS_SECTION_ANSWER);
+ 	while (!done && result == ISC_R_SUCCESS) {
++		dns_namereln_t namereln;
++		int order;
++		unsigned int nlabels;
++
+ 		name = NULL;
+ 		dns_message_currentname(message, DNS_SECTION_ANSWER, &name);
+ 		external = ISC_TF(!dns_name_issubdomain(name, &fctx->domain));
+-		if (dns_name_equal(name, qname)) {
++		namereln = dns_name_fullcompare(qname, name, &order, &nlabels);
++		if (namereln == dns_namereln_equal) {
+ 			wanted_chaining = ISC_FALSE;
+ 			for (rdataset = ISC_LIST_HEAD(name->list);
+ 			     rdataset != NULL;
+@@ -6912,10 +6899,11 @@ answer_response(fetchctx_t *fctx) {
+ 						 */
+ 						INSIST(!external);
+ 						if (aflag ==
+-						    DNS_RDATASETATTR_ANSWER)
++						    DNS_RDATASETATTR_ANSWER) {
+ 							have_answer = ISC_TRUE;
+-						name->attributes |=
+-							DNS_NAMEATTR_ANSWER;
++							name->attributes |=
++								DNS_NAMEATTR_ANSWER;
++						}
+ 						rdataset->attributes |= aflag;
+ 						if (aa)
+ 							rdataset->trust =
+@@ -6970,6 +6958,8 @@ answer_response(fetchctx_t *fctx) {
+ 			if (wanted_chaining)
+ 				chaining = ISC_TRUE;
+ 		} else {
++			dns_rdataset_t *dnameset = NULL;
++
+ 			/*
+ 			 * Look for a DNAME (or its SIG).  Anything else is
+ 			 * ignored.
+@@ -6977,10 +6967,8 @@ answer_response(fetchctx_t *fctx) {
+ 			wanted_chaining = ISC_FALSE;
+ 			for (rdataset = ISC_LIST_HEAD(name->list);
+ 			     rdataset != NULL;
+-			     rdataset = ISC_LIST_NEXT(rdataset, link)) {
+-				isc_boolean_t found_dname = ISC_FALSE;
+-				dns_name_t *dname_name;
+-
++			     rdataset = ISC_LIST_NEXT(rdataset, link))
++			{
+ 				/*
+ 				 * Only pass DNAME or RRSIG(DNAME).
+ 				 */
+@@ -6994,20 +6982,41 @@ answer_response(fetchctx_t *fctx) {
+ 				 * its signature should not be external.
+ 				 */
+ 				if (!chaining && external) {
+-					log_formerr(fctx, "external DNAME");
++					char qbuf[DNS_NAME_FORMATSIZE];
++					char obuf[DNS_NAME_FORMATSIZE];
++
++					dns_name_format(name, qbuf,
++							sizeof(qbuf));
++					dns_name_format(&fctx->domain, obuf,
++							sizeof(obuf));
++					log_formerr(fctx, "external DNAME or "
++						    "RRSIG covering DNAME "
++						    "in answer: %s is "
++						    "not in %s", qbuf, obuf);
++					return (DNS_R_FORMERR);
++				}
++
++				if (namereln != dns_namereln_subdomain) {
++					char qbuf[DNS_NAME_FORMATSIZE];
++					char obuf[DNS_NAME_FORMATSIZE];
++
++					dns_name_format(qname, qbuf,
++							sizeof(qbuf));
++					dns_name_format(name, obuf,
++							sizeof(obuf));
++					log_formerr(fctx, "unrelated DNAME "
++						    "in answer: %s is "
++						    "not in %s", qbuf, obuf);
+ 					return (DNS_R_FORMERR);
+ 				}
+ 
+-				found = ISC_FALSE;
+ 				aflag = 0;
+ 				if (rdataset->type == dns_rdatatype_dname) {
+-					found = ISC_TRUE;
+ 					want_chaining = ISC_TRUE;
+ 					POST(want_chaining);
+ 					aflag = DNS_RDATASETATTR_ANSWER;
+-					result = dname_target(fctx, rdataset,
+-							      qname, name,
+-							      &dname);
++					result = dname_target(rdataset, qname,
++							      nlabels, &fdname);
+ 					if (result == ISC_R_NOSPACE) {
+ 						/*
+ 						 * We can't construct the
+@@ -7019,14 +7028,12 @@ answer_response(fetchctx_t *fctx) {
+ 					} else if (result != ISC_R_SUCCESS)
+ 						return (result);
+ 					else
+-						found_dname = ISC_TRUE;
++						dnameset = rdataset;
+ 
+-					dname_name = dns_fixedname_name(&dname);
++					dname = dns_fixedname_name(&fdname);
+ 					if (!is_answertarget_allowed(view,
+-							qname,
+-							rdataset->type,
+-							dname_name,
+-							&fctx->domain)) {
++							qname, rdataset->type,
++							dname, &fctx->domain)) {
+ 						return (DNS_R_SERVFAIL);
+ 					}
+ 				} else {
+@@ -7034,73 +7041,60 @@ answer_response(fetchctx_t *fctx) {
+ 					 * We've found a signature that
+ 					 * covers the DNAME.
+ 					 */
+-					found = ISC_TRUE;
+ 					aflag = DNS_RDATASETATTR_ANSWERSIG;
+ 				}
+ 
+-				if (found) {
++				/*
++				 * We've found an answer to our
++				 * question.
++				 */
++				name->attributes |= DNS_NAMEATTR_CACHE;
++				rdataset->attributes |= DNS_RDATASETATTR_CACHE;
++				rdataset->trust = dns_trust_answer;
++				if (!chaining) {
+ 					/*
+-					 * We've found an answer to our
+-					 * question.
++					 * This data is "the" answer to
++					 * our question only if we're
++					 * not chaining.
+ 					 */
+-					name->attributes |=
+-						DNS_NAMEATTR_CACHE;
+-					rdataset->attributes |=
+-						DNS_RDATASETATTR_CACHE;
+-					rdataset->trust = dns_trust_answer;
+-					if (!chaining) {
+-						/*
+-						 * This data is "the" answer
+-						 * to our question only if
+-						 * we're not chaining.
+-						 */
+-						INSIST(!external);
+-						if (aflag ==
+-						    DNS_RDATASETATTR_ANSWER)
+-							have_answer = ISC_TRUE;
++					INSIST(!external);
++					if (aflag == DNS_RDATASETATTR_ANSWER) {
++						have_answer = ISC_TRUE;
+ 						name->attributes |=
+ 							DNS_NAMEATTR_ANSWER;
+-						rdataset->attributes |= aflag;
+-						if (aa)
+-							rdataset->trust =
+-							  dns_trust_authanswer;
+-					} else if (external) {
+-						rdataset->attributes |=
+-						    DNS_RDATASETATTR_EXTERNAL;
+-					}
+-
+-					/*
+-					 * DNAME chaining.
+-					 */
+-					if (found_dname) {
+-						/*
+-						 * Copy the dname into the
+-						 * qname fixed name.
+-						 *
+-						 * Although we check for
+-						 * failure of the copy
+-						 * operation, in practice it
+-						 * should never fail since
+-						 * we already know that the
+-						 * result fits in a fixedname.
+-						 */
+-						dns_fixedname_init(&fqname);
+-						result = dns_name_copy(
+-						  dns_fixedname_name(&dname),
+-						  dns_fixedname_name(&fqname),
+-						  NULL);
+-						if (result != ISC_R_SUCCESS)
+-							return (result);
+-						wanted_chaining = ISC_TRUE;
+-						name->attributes |=
+-							DNS_NAMEATTR_CHAINING;
+-						rdataset->attributes |=
+-						    DNS_RDATASETATTR_CHAINING;
+-						qname = dns_fixedname_name(
+-								   &fqname);
+ 					}
++					rdataset->attributes |= aflag;
++					if (aa)
++						rdataset->trust =
++						  dns_trust_authanswer;
++				} else if (external) {
++					rdataset->attributes |=
++					    DNS_RDATASETATTR_EXTERNAL;
+ 				}
+ 			}
++
++			/*
++			 * DNAME chaining.
++			 */
++			if (dnameset != NULL) {
++				/*
++				 * Copy the dname into the qname fixed name.
++				 *
++				 * Although we check for failure of the copy
++				 * operation, in practice it should never fail
++				 * since we already know that the  result fits
++				 * in a fixedname.
++				 */
++				dns_fixedname_init(&fqname);
++				qname = dns_fixedname_name(&fqname);
++				result = dns_name_copy(dname, qname, NULL);
++				if (result != ISC_R_SUCCESS)
++					return (result);
++				wanted_chaining = ISC_TRUE;
++				name->attributes |= DNS_NAMEATTR_CHAINING;
++				dnameset->attributes |=
++					    DNS_RDATASETATTR_CHAINING;
++			}
+ 			if (wanted_chaining)
+ 				chaining = ISC_TRUE;
+ 		}
+-- 
+1.9.1
+
diff --git a/meta/recipes-connectivity/bind/bind_9.10.2-P4.bb b/meta/recipes-connectivity/bind/bind_9.10.2-P4.bb
index 19f87d7..f1951a0 100644
--- a/meta/recipes-connectivity/bind/bind_9.10.2-P4.bb
+++ b/meta/recipes-connectivity/bind/bind_9.10.2-P4.bb
@@ -25,6 +25,9 @@ SRC_URI = "ftp://ftp.isc.org/isc/bind9/${PV}/${BPN}-${PV}.tar.gz \
            file://CVE-2015-8705.patch \
            file://CVE-2015-8000.patch \
            file://CVE-2015-8461.patch \
+           file://CVE-2016-1285.patch \
+           file://CVE-2016-1286_1.patch \
+           file://CVE-2016-1286_2.patch \
            "
 
 SRC_URI[md5sum] = "8b1f5064837756c938eadc1537dec5c7"
-- 
2.8.0

[PATCH 5/6] opkg: backport fix for double remove of packges

[Robert Yang]

From: Stefan Agner <stefan.agner@toradex.com>

Backport the fix 7885da3974 ("pkg_get_provider_replacees: do not
add installed pkg to replacee list"). This avoids opkg trying to
remove a package twice e.g. when upgrading.

Suggested-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 ...vider_replacees-do-not-add-installed-pkg-.patch | 112 +++++++++++++++++++++
 meta/recipes-devtools/opkg/opkg_0.3.0.bb           |   1 +
 2 files changed, 113 insertions(+)
 create mode 100644 meta/recipes-devtools/opkg/opkg/0001-pkg_get_provider_replacees-do-not-add-installed-pkg-.patch

diff --git a/meta/recipes-devtools/opkg/opkg/0001-pkg_get_provider_replacees-do-not-add-installed-pkg-.patch b/meta/recipes-devtools/opkg/opkg/0001-pkg_get_provider_replacees-do-not-add-installed-pkg-.patch
new file mode 100644
index 0000000..29a9f59
--- /dev/null
+++ b/meta/recipes-devtools/opkg/opkg/0001-pkg_get_provider_replacees-do-not-add-installed-pkg-.patch
@@ -0,0 +1,112 @@
+From c5acac4ca0633088ea3f2d92dc236a43593e13b7 Mon Sep 17 00:00:00 2001
+From: Alejandro del Castillo <alejandro.delcastillo@ni.com>
+Date: Tue, 12 Jan 2016 17:12:18 -0600
+Subject: [PATCH] pkg_get_provider_replacees: do not add installed pkg to
+ replacee list
+
+If package A replaces provider B, and B is provided by A,
+pkg_get_provider_replacees incorrectly adds A to the list of B replacees
+when A is installed. During an upgrade, pacakge A is removed during
+pkg_remove_installed_replacees, then once more during the package
+upgrade.
+
+Add check to skip the insertion of package A into the replacees vector
+in pkg_get_provider_replacees.
+
+Signed-off-by: Alejandro del Castillo <alejandro.delcastillo@ni.com>
+---
+ libopkg/opkg_install.c     | 13 +++++++++----
+ tests/Makefile             |  1 +
+ tests/regress/issue8913.py | 44 ++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 54 insertions(+), 4 deletions(-)
+ create mode 100755 tests/regress/issue8913.py
+
+diff --git a/libopkg/opkg_install.c b/libopkg/opkg_install.c
+index dbfafa5..c2db870 100644
+--- a/libopkg/opkg_install.c
++++ b/libopkg/opkg_install.c
+@@ -427,10 +427,15 @@ static void pkg_get_provider_replacees(pkg_t * pkg,
+             continue;
+         for (j = 0; j < ap->pkgs->len; j++) {
+             pkg_t *replacee = ap->pkgs->pkgs[j];
+-            int installed = (replacee->state_status == SS_INSTALLED)
+-                    || (replacee->state_status == SS_UNPACKED);
+-            if (installed)
+-                pkg_vec_insert(replacees, replacee);
++            pkg_t *old = pkg_hash_fetch_installed_by_name(pkg->name);
++            /* skip pkg if installed: it  will be removed during upgrade
++             * issue 8913 */
++            if (old != replacee) {
++                int installed = (replacee->state_status == SS_INSTALLED)
++                        || (replacee->state_status == SS_UNPACKED);
++                if (installed)
++                    pkg_vec_insert(replacees, replacee);
++            }
+         }
+     }
+ }
+diff --git a/tests/Makefile b/tests/Makefile
+index 707434f..d01e97b 100644
+--- a/tests/Makefile
++++ b/tests/Makefile
+@@ -39,6 +39,7 @@ REGRESSION_TESTS := core/01_install.py \
+ 		    regress/issue127.py \
+ 		    regress/issue152.py \
+ 		    regress/issue154.py \
++		    regress/issue8913.py \
+ 		    misc/filehash.py \
+ 		    misc/update_loses_autoinstalled_flag.py
+ RUN_TESTS := $(REGRESSION_TESTS:%.py=run-%.py)
+diff --git a/tests/regress/issue8913.py b/tests/regress/issue8913.py
+new file mode 100755
+index 0000000..aaa940f
+--- /dev/null
++++ b/tests/regress/issue8913.py
+@@ -0,0 +1,44 @@
++#! /usr/bin/env python3
++#
++# Reporter: alejandro.delcastillo@ni.com
++#
++# What steps will reproduce the problem?
++# ======================================
++#
++# 1.- Create package a (v 1.0) that Provides b and c, Replaces b, Conflicts with b.
++#         install it
++# 2.- Create package a (v 2.0) that Provides b and c, Replaces b, Conflicts with b.
++#         upgrade
++#
++# What is the expected output? What do you see instead?
++# =====================================================
++#
++# Upgrade fails
++#
++
++import os
++import opk, cfg, opkgcl
++
++opk.regress_init()
++
++o = opk.OpkGroup()
++o.add(Package="a", Version="1.0", Provides="b, c", Replaces="b", Conflicts="b")
++o.write_opk()
++o.write_list()
++
++opkgcl.update()
++
++opkgcl.install("a", "--force-postinstall")
++
++o = opk.OpkGroup()
++o.add(Package="a", Version="2.0", Provides="b, c", Replaces="b", Conflicts="b")
++o.write_opk()
++o.write_list()
++
++opkgcl.update()
++status = opkgcl.upgrade("--force-postinstall")
++
++if not opkgcl.is_installed("a", "2.0"):
++	opk.fail("New version of package 'a' available during upgrade but was not installed")
++
++opkgcl.remove("a")
+-- 
+2.8.0
+
diff --git a/meta/recipes-devtools/opkg/opkg_0.3.0.bb b/meta/recipes-devtools/opkg/opkg_0.3.0.bb
index 5ad3e92..70110d5 100644
--- a/meta/recipes-devtools/opkg/opkg_0.3.0.bb
+++ b/meta/recipes-devtools/opkg/opkg_0.3.0.bb
@@ -21,6 +21,7 @@ SRC_URI = "http://downloads.yoctoproject.org/releases/${BPN}/${BPN}-${PV}.tar.gz
            file://0002-md5-Add-md5_to_string-function.patch \
            file://0003-sha256-Add-sha256_to_string-function.patch \
            file://0004-opkg_download-Use-short-cache-file-name.patch \
+           file://0001-pkg_get_provider_replacees-do-not-add-installed-pkg-.patch \
 "
 
 SRC_URI[md5sum] = "3412cdc71d78b98facc84b19331ec64e"
-- 
2.8.0

[PATCH 6/6] boot-directdisk.bbclass: remove HDDIMG before create

[Robert Yang]

Fixed when rebuild:
mkdosfs: file /path/to/hdd.image already exists

Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry-pick from 9abcd309c098558360cde2bff65be840ead25f83)
Signed-off-by: Tim Kilbourn <tkilbourn@gmail.com>
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
---
 meta/classes/boot-directdisk.bbclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/classes/boot-directdisk.bbclass b/meta/classes/boot-directdisk.bbclass
index 600e21a..b324d89 100644
--- a/meta/classes/boot-directdisk.bbclass
+++ b/meta/classes/boot-directdisk.bbclass
@@ -121,6 +121,8 @@ build_boot_dd() {
 	# done in blocks, thus the mod by 16 instead of 32.
 	BLOCKS=$(expr $BLOCKS + $(expr 16 - $(expr $BLOCKS % 16)))
 
+	# Remove it since mkdosfs would fail when it exists
+	rm -f $HDDIMG
 	mkdosfs -n ${BOOTDD_VOLUME_ID} -S 512 -C $HDDIMG $BLOCKS 
 	mcopy -i $HDDIMG -s $HDDDIR/* ::/
 
-- 
2.8.0

Re: [PATCH 0/6] [jethro] Consolidated pull

[Robert Yang]

ping.

On 04/25/2016 09:10 AM, Robert Yang wrote:
> The following changes since commit 28032d8c3122b75ceb3f4a664a2b478c9a9a6a2c:
>
>    tzcode: update to 2016c (2016-04-11 22:03:01 +0100)
>
> are available in the git repository at:
>
>    git://git.openembedded.org/openembedded-core-contrib rbt/jethro-next
>    http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/jethro-next
>
> Armin Kuster (2):
>    tzcode: update to 2016d
>    tzdata: update to 2016d
>
> Bjørn Forsman (1):
>    license.bbclass: fix warnings when run in unprivileged "container" env
>
> Robert Yang (1):
>    boot-directdisk.bbclass: remove HDDIMG before create
>
> Sona Sarmadi (1):
>    bind: CVE-2016-1285 CVE-2016-1286
>
> Stefan Agner (1):
>    opkg: backport fix for double remove of packges
>
>   meta/classes/boot-directdisk.bbclass               |   2 +
>   meta/classes/license.bbclass                       |   8 +-
>   .../bind/bind/CVE-2016-1285.patch                  | 138 +++++++++
>   .../bind/bind/CVE-2016-1286_1.patch                |  79 +++++
>   .../bind/bind/CVE-2016-1286_2.patch                | 318 +++++++++++++++++++++
>   meta/recipes-connectivity/bind/bind_9.10.2-P4.bb   |   3 +
>   ...vider_replacees-do-not-add-installed-pkg-.patch | 112 ++++++++
>   meta/recipes-devtools/opkg/opkg_0.3.0.bb           |   1 +
>   ...code-native_2016c.bb => tzcode-native_2016d.bb} |   8 +-
>   .../tzdata/{tzdata_2016c.bb => tzdata_2016d.bb}    |   4 +-
>   10 files changed, 664 insertions(+), 9 deletions(-)
>   create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1285.patch
>   create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_1.patch
>   create mode 100644 meta/recipes-connectivity/bind/bind/CVE-2016-1286_2.patch
>   create mode 100644 meta/recipes-devtools/opkg/opkg/0001-pkg_get_provider_replacees-do-not-add-installed-pkg-.patch
>   rename meta/recipes-extended/tzcode/{tzcode-native_2016c.bb => tzcode-native_2016d.bb} (68%)
>   rename meta/recipes-extended/tzdata/{tzdata_2016c.bb => tzdata_2016d.bb} (98%)
>

[PATCH 0/6] [jethro] Consolidated pull

[Robert Yang]

The following changes since commit 1f4bfa33073584c25396d74f3929f263f3df188b:

  toasterconf.json: exclude releases Toaster can't build (2016-06-03 13:36:19 +0100)

are available in the git repository at:

  git://git.openembedded.org/openembedded-core-contrib rbt/jethro-next
  http://cgit.openembedded.org/cgit.cgi/openembedded-core-contrib/log/?h=rbt/jethro-next

Anuj Mittal (1):
  gcc: make sure header path is set correctly

Armin Kuster (2):
  tzcode: update to 2016e
  tzdata: update to 2016e

Enrico Jorns (1):
  perl-ptest.inc: fix tar call to prevent objcopy failure

George McCollister (1):
  wic: fix path parsing, use last occurrence

Nicolas Dechesne (1):
  bluez5: move btmgmt to common READLINE section

 meta/recipes-connectivity/bluez5/bluez5_5.33.bb                  | 2 +-
 meta/recipes-devtools/gcc/gcc-target.inc                         | 1 -
 meta/recipes-devtools/perl/perl-ptest.inc                        | 4 ++--
 .../tzcode/{tzcode-native_2016d.bb => tzcode-native_2016e.bb}    | 9 +++++----
 .../recipes-extended/tzdata/{tzdata_2016d.bb => tzdata_2016e.bb} | 4 ++--
 scripts/lib/wic/plugin.py                                        | 2 +-
 6 files changed, 11 insertions(+), 11 deletions(-)
 rename meta/recipes-extended/tzcode/{tzcode-native_2016d.bb => tzcode-native_2016e.bb} (67%)
 rename meta/recipes-extended/tzdata/{tzdata_2016d.bb => tzdata_2016e.bb} (98%)

-- 
2.8.0

Re: [PATCH 0/6] [jethro] Consolidated pull

[Mittal, AnujX]

Just wanted to check - when will these changes be merged in Jethro?

Thanks,

> -----Original Message-----
> From: openembedded-core-bounces@lists.openembedded.org
> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of
> Robert Yang
> Sent: Tuesday, July 05, 2016 2:44 PM
> To: openembedded-core@lists.openembedded.org
> Subject: [OE-core] [PATCH 0/6] [jethro] Consolidated pull
> 
> The following changes since commit
> 1f4bfa33073584c25396d74f3929f263f3df188b:
> 
>   toasterconf.json: exclude releases Toaster can't build (2016-06-03 13:36:19
> +0100)
> 
> are available in the git repository at:
> 
>   git://git.openembedded.org/openembedded-core-contrib rbt/jethro-next
>   http://cgit.openembedded.org/cgit.cgi/openembedded-core-
> contrib/log/?h=rbt/jethro-next
> 
> Anuj Mittal (1):
>   gcc: make sure header path is set correctly
> 
> Armin Kuster (2):
>   tzcode: update to 2016e
>   tzdata: update to 2016e
> 
> Enrico Jorns (1):
>   perl-ptest.inc: fix tar call to prevent objcopy failure
> 
> George McCollister (1):
>   wic: fix path parsing, use last occurrence
> 
> Nicolas Dechesne (1):
>   bluez5: move btmgmt to common READLINE section
> 
>  meta/recipes-connectivity/bluez5/bluez5_5.33.bb                  | 2 +-
>  meta/recipes-devtools/gcc/gcc-target.inc                         | 1 -
>  meta/recipes-devtools/perl/perl-ptest.inc                        | 4 ++--
>  .../tzcode/{tzcode-native_2016d.bb => tzcode-native_2016e.bb}    | 9 +++++----
>  .../recipes-extended/tzdata/{tzdata_2016d.bb => tzdata_2016e.bb} | 4 ++--
>  scripts/lib/wic/plugin.py                                        | 2 +-
>  6 files changed, 11 insertions(+), 11 deletions(-)
>  rename meta/recipes-extended/tzcode/{tzcode-native_2016d.bb => tzcode-
> native_2016e.bb} (67%)
>  rename meta/recipes-extended/tzdata/{tzdata_2016d.bb => tzdata_2016e.bb}
> (98%)
> 
> --
> 2.8.0
> 
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core

Re: [PATCH 0/6] [jethro] Consolidated pull

[Robert Yang]

Hi Mittal,

They are merged into jethro now.

// Robert

On 07/21/2016 11:52 AM, Mittal, AnujX wrote:
> Just wanted to check - when will these changes be merged in Jethro?
>
> Thanks,
>
>> -----Original Message-----
>> From: openembedded-core-bounces@lists.openembedded.org
>> [mailto:openembedded-core-bounces@lists.openembedded.org] On Behalf Of
>> Robert Yang
>> Sent: Tuesday, July 05, 2016 2:44 PM
>> To: openembedded-core@lists.openembedded.org
>> Subject: [OE-core] [PATCH 0/6] [jethro] Consolidated pull
>>
>> The following changes since commit
>> 1f4bfa33073584c25396d74f3929f263f3df188b:
>>
>>    toasterconf.json: exclude releases Toaster can't build (2016-06-03 13:36:19
>> +0100)
>>
>> are available in the git repository at:
>>
>>    git://git.openembedded.org/openembedded-core-contrib rbt/jethro-next
>>    http://cgit.openembedded.org/cgit.cgi/openembedded-core-
>> contrib/log/?h=rbt/jethro-next
>>
>> Anuj Mittal (1):
>>    gcc: make sure header path is set correctly
>>
>> Armin Kuster (2):
>>    tzcode: update to 2016e
>>    tzdata: update to 2016e
>>
>> Enrico Jorns (1):
>>    perl-ptest.inc: fix tar call to prevent objcopy failure
>>
>> George McCollister (1):
>>    wic: fix path parsing, use last occurrence
>>
>> Nicolas Dechesne (1):
>>    bluez5: move btmgmt to common READLINE section
>>
>>   meta/recipes-connectivity/bluez5/bluez5_5.33.bb                  | 2 +-
>>   meta/recipes-devtools/gcc/gcc-target.inc                         | 1 -
>>   meta/recipes-devtools/perl/perl-ptest.inc                        | 4 ++--
>>   .../tzcode/{tzcode-native_2016d.bb => tzcode-native_2016e.bb}    | 9 +++++----
>>   .../recipes-extended/tzdata/{tzdata_2016d.bb => tzdata_2016e.bb} | 4 ++--
>>   scripts/lib/wic/plugin.py                                        | 2 +-
>>   6 files changed, 11 insertions(+), 11 deletions(-)
>>   rename meta/recipes-extended/tzcode/{tzcode-native_2016d.bb => tzcode-
>> native_2016e.bb} (67%)
>>   rename meta/recipes-extended/tzdata/{tzdata_2016d.bb => tzdata_2016e.bb}
>> (98%)
>>
>> --
>> 2.8.0
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>