* [PATCH][krogoth 02/12] curl: CVE-2016-8616
From: Sona Sarmadi @ 2016-11-11 9:49 UTC (permalink / raw)
To: openembedded-core; +Cc: sona
In-Reply-To: <1478857754-61379-1-git-send-email-sona.sarmadi@enea.com>
case insensitive password comparison
Affected versions: curl 7.7 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102B.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
meta/recipes-support/curl/curl/CVE-2016-8616.patch | 49 ++++++++++++++++++++++
meta/recipes-support/curl/curl_7.47.1.bb | 1 +
2 files changed, 50 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8616.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8616.patch b/meta/recipes-support/curl/curl/CVE-2016-8616.patch
new file mode 100644
index 0000000..d5d78fc
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2016-8616.patch
@@ -0,0 +1,49 @@
+From b3ee26c5df75d97f6895e6ec4538894ebaf76e48 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 27 Sep 2016 18:01:53 +0200
+Subject: [PATCH] connectionexists: use case sensitive user/password
+ comparisons
+
+CVE: CVE-2016-8616
+Upstream-Status: Backport
+
+Bug: https://curl.haxx.se/docs/adv_20161102B.html
+Reported-by: Cure53
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+
+diff -ruN a/lib/url.c b/lib/url.c
+--- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100
++++ b/lib/url.c 2016-11-07 09:16:20.459836564 +0100
+@@ -3305,8 +3305,8 @@
+ if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
+ /* This protocol requires credentials per connection,
+ so verify that we're using the same name and password as well */
+- if(!strequal(needle->user, check->user) ||
+- !strequal(needle->passwd, check->passwd)) {
++ if(strcmp(needle->user, check->user) ||
++ strcmp(needle->passwd, check->passwd)) {
+ /* one of them was different */
+ continue;
+ }
+@@ -3369,8 +3369,8 @@
+ possible. (Especially we must not reuse the same connection if
+ partway through a handshake!) */
+ if(wantNTLMhttp) {
+- if(!strequal(needle->user, check->user) ||
+- !strequal(needle->passwd, check->passwd))
++ if(strcmp(needle->user, check->user) ||
++ strcmp(needle->passwd, check->passwd))
+ continue;
+ }
+ else if(check->ntlm.state != NTLMSTATE_NONE) {
+@@ -3380,8 +3380,8 @@
+
+ /* Same for Proxy NTLM authentication */
+ if(wantProxyNTLMhttp) {
+- if(!strequal(needle->proxyuser, check->proxyuser) ||
+- !strequal(needle->proxypasswd, check->proxypasswd))
++ if(strcmp(needle->proxyuser, check->proxyuser) ||
++ strcmp(needle->proxypasswd, check->proxypasswd))
+ continue;
+ }
+ else if(check->proxyntlm.state != NTLMSTATE_NONE) {
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
index 1f2758c..20c3721 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.47.1.bb
@@ -16,6 +16,7 @@ SRC_URI += " file://configure_ac.patch \
file://CVE-2016-5421.patch \
file://CVE-2016-7141.patch \
file://CVE-2016-8615.patch \
+ file://CVE-2016-8616.patch \
"
SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"
--
1.9.1
^ permalink raw reply related
* [PATCH][krogoth 04/12] curl: CVE-2016-8618
From: Sona Sarmadi @ 2016-11-11 9:49 UTC (permalink / raw)
To: openembedded-core; +Cc: sona
In-Reply-To: <1478857754-61379-1-git-send-email-sona.sarmadi@enea.com>
double-free in curl_maprintf
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102D.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
meta/recipes-support/curl/curl/CVE-2016-8618.patch | 52 ++++++++++++++++++++++
meta/recipes-support/curl/curl_7.47.1.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8618.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8618.patch b/meta/recipes-support/curl/curl/CVE-2016-8618.patch
new file mode 100644
index 0000000..2fd4749
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2016-8618.patch
@@ -0,0 +1,52 @@
+From 31106a073882656a2a5ab56c4ce2847e9a334c3c Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 28 Sep 2016 10:15:34 +0200
+Subject: [PATCH] aprintf: detect wrap-around when growing allocation
+
+On 32bit systems we could otherwise wrap around after 2GB and allocate 0
+bytes and crash.
+
+CVE: CVE-2016-8618
+Upstream-Status: Backport
+
+Bug: https://curl.haxx.se/docs/adv_20161102D.html
+Reported-by: Cure53
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ lib/mprintf.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/lib/mprintf.c b/lib/mprintf.c
+index dbedeaa..2c88aa8 100644
+--- a/lib/mprintf.c
++++ b/lib/mprintf.c
+@@ -1034,20 +1034,23 @@ static int alloc_addbyter(int output, FILE *data)
+ }
+ infop->alloc = 32;
+ infop->len =0;
+ }
+ else if(infop->len+1 >= infop->alloc) {
+- char *newptr;
++ char *newptr = NULL;
++ size_t newsize = infop->alloc*2;
+
+- newptr = realloc(infop->buffer, infop->alloc*2);
++ /* detect wrap-around or other overflow problems */
++ if(newsize > infop->alloc)
++ newptr = realloc(infop->buffer, newsize);
+
+ if(!newptr) {
+ infop->fail = 1;
+ return -1; /* fail */
+ }
+ infop->buffer = newptr;
+- infop->alloc *= 2;
++ infop->alloc = newsize;
+ }
+
+ infop->buffer[ infop->len ] = outc;
+
+ infop->len++;
+--
+2.9.3
+
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
index 3724411..27a999e 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.47.1.bb
@@ -18,6 +18,7 @@ SRC_URI += " file://configure_ac.patch \
file://CVE-2016-8615.patch \
file://CVE-2016-8616.patch \
file://CVE-2016-8617.patch \
+ file://CVE-2016-8618.patch \
"
SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"
--
1.9.1
^ permalink raw reply related
* [PATCH][krogoth 01/12] curl: CVE-2016-8615
From: Sona Sarmadi @ 2016-11-11 9:49 UTC (permalink / raw)
To: openembedded-core; +Cc: sona
cookie injection for other servers
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102A.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
meta/recipes-support/curl/curl/CVE-2016-8615.patch | 77 ++++++++++++++++++++++
meta/recipes-support/curl/curl_7.47.1.bb | 1 +
2 files changed, 78 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8615.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8615.patch b/meta/recipes-support/curl/curl/CVE-2016-8615.patch
new file mode 100644
index 0000000..5faa423
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2016-8615.patch
@@ -0,0 +1,77 @@
+From 1620f552a277ed5b23a48b9c27dbf07663cac068 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 27 Sep 2016 17:36:19 +0200
+Subject: [PATCH] cookie: replace use of fgets() with custom version
+
+... that will ignore lines that are too long to fit in the buffer.
+
+CVE: CVE-2016-8615
+Upstream-Status: Backport
+
+Bug: https://curl.haxx.se/docs/adv_20161102A.html
+Reported-by: Cure53
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ lib/cookie.c | 31 ++++++++++++++++++++++++++++++-
+ 1 file changed, 30 insertions(+), 1 deletion(-)
+
+diff --git a/lib/cookie.c b/lib/cookie.c
+index 0f05da2..e5097d3 100644
+--- a/lib/cookie.c
++++ b/lib/cookie.c
+@@ -901,10 +901,39 @@ Curl_cookie_add(struct Curl_easy *data,
+ }
+
+ return co;
+ }
+
++/*
++ * get_line() makes sure to only return complete whole lines that fit in 'len'
++ * bytes and end with a newline.
++ */
++static char *get_line(char *buf, int len, FILE *input)
++{
++ bool partial = FALSE;
++ while(1) {
++ char *b = fgets(buf, len, input);
++ if(b) {
++ size_t rlen = strlen(b);
++ if(rlen && (b[rlen-1] == '\n')) {
++ if(partial) {
++ partial = FALSE;
++ continue;
++ }
++ return b;
++ }
++ else
++ /* read a partial, discard the next piece that ends with newline */
++ partial = TRUE;
++ }
++ else
++ break;
++ }
++ return NULL;
++}
++
++
+ /*****************************************************************************
+ *
+ * Curl_cookie_init()
+ *
+ * Inits a cookie struct to read data from a local file. This is always
+@@ -957,11 +986,11 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
+ bool headerline;
+
+ line = malloc(MAX_COOKIE_LINE);
+ if(!line)
+ goto fail;
+- while(fgets(line, MAX_COOKIE_LINE, fp)) {
++ while(get_line(line, MAX_COOKIE_LINE, fp)) {
+ if(checkprefix("Set-Cookie:", line)) {
+ /* This is a cookie line, get it! */
+ lineptr=&line[11];
+ headerline=TRUE;
+ }
+--
+2.9.3
+
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
index 3670a11..1f2758c 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.47.1.bb
@@ -15,6 +15,7 @@ SRC_URI += " file://configure_ac.patch \
file://CVE-2016-5420.patch \
file://CVE-2016-5421.patch \
file://CVE-2016-7141.patch \
+ file://CVE-2016-8615.patch \
"
SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"
--
1.9.1
^ permalink raw reply related
* [PATCH][krogoth 07/12] curl: CVE-2016-8621
From: Sona Sarmadi @ 2016-11-11 9:49 UTC (permalink / raw)
To: openembedded-core; +Cc: sona
In-Reply-To: <1478857754-61379-1-git-send-email-sona.sarmadi@enea.com>
curl_getdate read out of bounds
Affected versions: curl 7.12.2 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102G.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
meta/recipes-support/curl/curl/CVE-2016-8621.patch | 120 +++++++++++++++++++++
meta/recipes-support/curl/curl_7.47.1.bb | 1 +
2 files changed, 121 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8621.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8621.patch b/meta/recipes-support/curl/curl/CVE-2016-8621.patch
new file mode 100644
index 0000000..7345838
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2016-8621.patch
@@ -0,0 +1,120 @@
+From 8a6d9ded5f02f0294ae63a007e26087316c1998e Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 4 Oct 2016 16:59:38 +0200
+Subject: [PATCH] parsedate: handle cut off numbers better
+
+... and don't read outside of the given buffer!
+
+CVE: CVE-2016-8621
+Upstream-Status: Backport
+
+bug: https://curl.haxx.se/docs/adv_20161102G.html
+Reported-by: Luật Nguyễn
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ lib/parsedate.c | 12 +++++++-----
+ tests/data/test517 | 6 ++++++
+ tests/libtest/lib517.c | 8 +++++++-
+ 3 files changed, 20 insertions(+), 6 deletions(-)
+
+diff --git a/lib/parsedate.c b/lib/parsedate.c
+index dfcf855..8e932f4 100644
+--- a/lib/parsedate.c
++++ b/lib/parsedate.c
+@@ -3,11 +3,11 @@
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+@@ -384,19 +384,21 @@ static int parsedate(const char *date, time_t *output)
+ }
+ else if(ISDIGIT(*date)) {
+ /* a digit */
+ int val;
+ char *end;
++ int len=0;
+ if((secnum == -1) &&
+- (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) {
++ (3 == sscanf(date, "%02d:%02d:%02d%n",
++ &hournum, &minnum, &secnum, &len))) {
+ /* time stamp! */
+- date += 8;
++ date += len;
+ }
+ else if((secnum == -1) &&
+- (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) {
++ (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
+ /* time stamp without seconds */
+- date += 5;
++ date += len;
+ secnum = 0;
+ }
+ else {
+ long lval;
+ int error;
+diff --git a/tests/data/test517 b/tests/data/test517
+index c81a45e..513634f 100644
+--- a/tests/data/test517
++++ b/tests/data/test517
+@@ -114,10 +114,16 @@ nothing
+ 79: 20110632 12:34:56 => -1
+ 80: 20110623 56:34:56 => -1
+ 81: 20111323 12:34:56 => -1
+ 82: 20110623 12:34:79 => -1
+ 83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000
++84: 20110623 12:3 => 1308830580
++85: 20110623 1:3 => 1308790980
++86: 20110623 1:30 => 1308792600
++87: 20110623 12:12:3 => 1308831123
++88: 20110623 01:12:3 => 1308791523
++89: 20110623 01:99:30 => -1
+ </stdout>
+
+ # This test case previously tested an overflow case ("2094 Nov 6 =>
+ # 2147483647") for 32bit time_t, but since some systems have 64bit time_t and
+ # handles this (returning 3939840000), and some 64bit-time_t systems don't
+diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c
+index 2f68ebd..22162ff 100644
+--- a/tests/libtest/lib517.c
++++ b/tests/libtest/lib517.c
+@@ -3,11 +3,11 @@
+ * Project ___| | | | _ \| |
+ * / __| | | | |_) | |
+ * | (__| |_| | _ <| |___
+ * \___|\___/|_| \_\_____|
+ *
+- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
++ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
+ *
+ * This software is licensed as described in the file COPYING, which
+ * you should have received as part of this distribution. The terms
+ * are also available at https://curl.haxx.se/docs/copyright.html.
+ *
+@@ -114,10 +114,16 @@ static const char * const dates[]={
+ "20110632 12:34:56",
+ "20110623 56:34:56",
+ "20111323 12:34:56",
+ "20110623 12:34:79",
+ "Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */
++ "20110623 12:3",
++ "20110623 1:3",
++ "20110623 1:30",
++ "20110623 12:12:3",
++ "20110623 01:12:3",
++ "20110623 01:99:30",
+ NULL
+ };
+
+ int test(char *URL)
+ {
+--
+2.9.3
+
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
index e6ad03f..67b07da 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.47.1.bb
@@ -21,6 +21,7 @@ SRC_URI += " file://configure_ac.patch \
file://CVE-2016-8618.patch \
file://CVE-2016-8619.patch \
file://CVE-2016-8620.patch \
+ file://CVE-2016-8621.patch \
"
SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"
--
1.9.1
^ permalink raw reply related
* [PATCH][krogoth 03/12] curl: CVE-2016-8617
From: Sona Sarmadi @ 2016-11-11 9:49 UTC (permalink / raw)
To: openembedded-core; +Cc: sona
In-Reply-To: <1478857754-61379-1-git-send-email-sona.sarmadi@enea.com>
OOB write via unchecked multiplication
Affected versions: curl 7.1 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102C.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
meta/recipes-support/curl/curl/CVE-2016-8617.patch | 28 ++++++++++++++++++++++
meta/recipes-support/curl/curl_7.47.1.bb | 1 +
2 files changed, 29 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8617.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8617.patch b/meta/recipes-support/curl/curl/CVE-2016-8617.patch
new file mode 100644
index 0000000..d16c2f5
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2016-8617.patch
@@ -0,0 +1,28 @@
+From efd24d57426bd77c9b5860e6b297904703750412 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 28 Sep 2016 00:05:12 +0200
+Subject: [PATCH] base64: check for integer overflow on large input
+
+CVE: CVE-2016-8617
+Upstream-Status: Backport
+
+Bug: https://curl.haxx.se/docs/adv_20161102C.html
+Reported-by: Cure53
+
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+diff -ruN a/lib/base64.c b/lib/base64.c
+--- a/lib/base64.c 2016-02-03 00:02:43.000000000 +0100
++++ b/lib/base64.c 2016-11-07 09:22:07.918167530 +0100
+@@ -190,6 +190,11 @@
+ if(0 == insize)
+ insize = strlen(indata);
+
++#if SIZEOF_SIZE_T == 4
++ if(insize > UINT_MAX/4)
++ return CURLE_OUT_OF_MEMORY;
++#endif
++
+ base64data = output = malloc(insize*4/3+4);
+ if(NULL == output)
+ return CURLE_OUT_OF_MEMORY;
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
index 20c3721..3724411 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.47.1.bb
@@ -17,6 +17,7 @@ SRC_URI += " file://configure_ac.patch \
file://CVE-2016-7141.patch \
file://CVE-2016-8615.patch \
file://CVE-2016-8616.patch \
+ file://CVE-2016-8617.patch \
"
SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"
--
1.9.1
^ permalink raw reply related
* [PATCH][krogoth 05/12] curl: CVE-2016-8619
From: Sona Sarmadi @ 2016-11-11 9:49 UTC (permalink / raw)
To: openembedded-core; +Cc: sona
In-Reply-To: <1478857754-61379-1-git-send-email-sona.sarmadi@enea.com>
double-free in krb5 code
Affected versions: curl 7.3 to and including 7.50.3
Reference:
https://curl.haxx.se/docs/adv_20161102E.html
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
---
meta/recipes-support/curl/curl/CVE-2016-8619.patch | 52 ++++++++++++++++++++++
meta/recipes-support/curl/curl_7.47.1.bb | 1 +
2 files changed, 53 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8619.patch
diff --git a/meta/recipes-support/curl/curl/CVE-2016-8619.patch b/meta/recipes-support/curl/curl/CVE-2016-8619.patch
new file mode 100644
index 0000000..fb21cf6
--- /dev/null
+++ b/meta/recipes-support/curl/curl/CVE-2016-8619.patch
@@ -0,0 +1,52 @@
+From 91239f7040b1f026d4d15765e7e3f58e92e93761 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Wed, 28 Sep 2016 12:56:02 +0200
+Subject: [PATCH] krb5: avoid realloc(0)
+
+If the requested size is zero, bail out with error instead of doing a
+realloc() that would cause a double-free: realloc(0) acts as a free()
+and then there's a second free in the cleanup path.
+
+CVE: CVE-2016-8619
+Upstream-Status: Backport
+
+Bug: https://curl.haxx.se/docs/adv_20161102E.html
+Reported-by: Cure53
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ lib/security.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/lib/security.c b/lib/security.c
+index a268d4a..4cef8f8 100644
+--- a/lib/security.c
++++ b/lib/security.c
+@@ -190,19 +190,22 @@ socket_write(struct connectdata *conn, curl_socket_t fd, const void *to,
+ static CURLcode read_data(struct connectdata *conn,
+ curl_socket_t fd,
+ struct krb5buffer *buf)
+ {
+ int len;
+- void* tmp;
++ void *tmp = NULL;
+ CURLcode result;
+
+ result = socket_read(fd, &len, sizeof(len));
+ if(result)
+ return result;
+
+- len = ntohl(len);
+- tmp = realloc(buf->data, len);
++ if(len) {
++ /* only realloc if there was a length */
++ len = ntohl(len);
++ tmp = realloc(buf->data, len);
++ }
+ if(tmp == NULL)
+ return CURLE_OUT_OF_MEMORY;
+
+ buf->data = tmp;
+ result = socket_read(fd, buf->data, len);
+--
+2.9.3
+
diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
index 27a999e..9ef5718 100644
--- a/meta/recipes-support/curl/curl_7.47.1.bb
+++ b/meta/recipes-support/curl/curl_7.47.1.bb
@@ -19,6 +19,7 @@ SRC_URI += " file://configure_ac.patch \
file://CVE-2016-8616.patch \
file://CVE-2016-8617.patch \
file://CVE-2016-8618.patch \
+ file://CVE-2016-8619.patch \
"
SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"
--
1.9.1
^ permalink raw reply related
* Re: Yocto Project Status WW45 - UPDATED
From: Andreas Oberritter @ 2016-11-11 8:53 UTC (permalink / raw)
To: Richard Purdie, Jolley, Stephen K,
openembedded-core@lists.openembedded.org
In-Reply-To: <1478613085.23123.137.camel@linuxfoundation.org>
On 08.11.2016 14:51, Richard Purdie wrote:
> On Tue, 2016-11-08 at 11:00 +0100, Andreas Oberritter wrote:
>> Hello Stephen,
>>
>> On 04.11.2016 18:06, Jolley, Stephen K wrote:
>>>
>>> · There was a challenging taskhash mismatch test case this
>>> week
>>> which has resulted in some significant debugging improvements for
>>> taskhashes and basehashes which are now in master.
>> is there an entry in bugzilla about this issue, or can you please add
>> a reference to the actual commits in master? I'm facing a similar
>> issue, so it might be helpful for me to backport them to the branch
>> I'm using.
>
> http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=0a4a6d6956a10aa0a6589de12b0b2380a9f0a7d9
>
> has info in the commit message. You also want:
>
> http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=589f08aa852dd43af5d05d698cfa917bec084210
> http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=157947efc7e505e01baafb33ec93fe2f485308fe
> http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=f6b0c60664e86fec55d282f1ea41238abd74712d
> http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=71c837611690ab4bec1656a58d13ca48e7c6a6e6
I backported these patches to krogoth. I think I would never have found
the cause for my taskhash mismatch without them. Thank you very much!
Best regards,
Andreas
>
> Cheers,
>
> Richard
>
^ permalink raw reply
* [PATCH] devtool: fix handling of unicode characters from subprocess stdout
From: Jiajie Hu @ 2016-11-11 6:02 UTC (permalink / raw)
To: openembedded-core
In previous implementation, a UnicodeDecodeError exception will be
raised if multi-byte encoded characters are printed by the subprocess.
As an example, the following command will fail in an en_US.UTF-8
environment because wget quotes its saving destination with '‘'(0xE2
0x80 0x98), while just the first byte is provided for decoding:
devtool add recipe http://example.com/source.tar.xz
The patch fixes the issue by avoiding such kind of incomplete decoding.
Signed-off-by: Jiajie Hu <jiajie.hu@intel.com>
---
scripts/lib/devtool/__init__.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/scripts/lib/devtool/__init__.py b/scripts/lib/devtool/__init__.py
index e675133..31ecb65 100644
--- a/scripts/lib/devtool/__init__.py
+++ b/scripts/lib/devtool/__init__.py
@@ -23,6 +23,7 @@ import sys
import subprocess
import logging
import re
+import codecs
logger = logging.getLogger('devtool')
@@ -67,10 +68,10 @@ def exec_watch(cmd, **options):
cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, **options
)
+ reader = codecs.getreader('utf-8')(process.stdout)
buf = ''
while True:
- out = process.stdout.read(1)
- out = out.decode('utf-8')
+ out = reader.read(1, 1)
if out:
sys.stdout.write(out)
sys.stdout.flush()
--
1.9.1
^ permalink raw reply related
* Re: [PATCH 2/2] go-examples: Add an example, helloworld written in go
From: Christopher Larson @ 2016-11-11 2:59 UTC (permalink / raw)
To: Khem Raj; +Cc: Patches and discussions about the oe-core layer
In-Reply-To: <20161110003935.1858-2-raj.khem@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1343 bytes --]
On Wed, Nov 9, 2016 at 5:39 PM, Khem Raj <raj.khem@gmail.com> wrote:
> diff --git a/meta/recipes-extended/go-examples/go-examples.inc
> b/meta/recipes-extended/go-examples/go-examples.inc
> new file mode 100644
> index 0000000..c632681
> --- /dev/null
> +++ b/meta/recipes-extended/go-examples/go-examples.inc
> @@ -0,0 +1,10 @@
> +DESCRIPTION = "This is a simple example recipe that cross-compiles a Go
> program."
> +SECTION = "examples"
> +HOMEPAGE = "https://golang.org/"
> +
> +LICENSE = "MIT"
> +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=
> 0835ade698e0bcf8506ecda2f7b4f302"
> +
> +S = "${WORKDIR}"
> +
> +inherit go
> diff --git a/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
> b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
> new file mode 100644
> index 0000000..af9d3b7
> --- /dev/null
> +++ b/meta/recipes-extended/go-examples/go-helloworld_0.1.bb
> @@ -0,0 +1,15 @@
> +require go-examples.inc
> +
> +
> +SRC_URI += " \
> + file://helloworld.go \
> +"
> +
> +do_compile() {
> + go build helloworld.go
> +}
>
Under what circumstances would one use the go_do_compile from go.bbclass vs
this?
--
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics
[-- Attachment #2: Type: text/html, Size: 2221 bytes --]
^ permalink raw reply
* [PATCH V2] musl: Update to latest on master
From: Khem Raj @ 2016-11-11 2:13 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta/recipes-core/musl/files/CVE-2016-8859.patch | 79 ------------------------
meta/recipes-core/musl/musl_git.bb | 3 +-
2 files changed, 1 insertion(+), 81 deletions(-)
delete mode 100644 meta/recipes-core/musl/files/CVE-2016-8859.patch
diff --git a/meta/recipes-core/musl/files/CVE-2016-8859.patch b/meta/recipes-core/musl/files/CVE-2016-8859.patch
deleted file mode 100644
index 82da86f..0000000
--- a/meta/recipes-core/musl/files/CVE-2016-8859.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From c3edc06d1e1360f3570db9155d6b318ae0d0f0f7 Mon Sep 17 00:00:00 2001
-From: Rich Felker <dalias@aerifal.cx>
-Date: Thu, 6 Oct 2016 18:34:58 -0400
-Subject: [PATCH] fix missing integer overflow checks in regexec buffer size
- computations
-
-most of the possible overflows were already ruled out in practice by
-regcomp having already succeeded performing larger allocations.
-however at least the num_states*num_tags multiplication can clearly
-overflow in practice. for safety, check them all, and use the proper
-type, size_t, rather than int.
-
-also improve comments, use calloc in place of malloc+memset, and
-remove bogus casts.
-
-Upstream-Status: Backport
-CVE: CVE-2016-8859
-
-Signed-off-by: Armin Kuster <akuster@mvista.com>
-
----
- src/regex/regexec.c | 23 ++++++++++++++++++-----
- 1 file changed, 18 insertions(+), 5 deletions(-)
-
-diff --git a/src/regex/regexec.c b/src/regex/regexec.c
-index 16c5d0a..dd52319 100644
---- a/src/regex/regexec.c
-+++ b/src/regex/regexec.c
-@@ -34,6 +34,7 @@
- #include <wchar.h>
- #include <wctype.h>
- #include <limits.h>
-+#include <stdint.h>
-
- #include <regex.h>
-
-@@ -206,11 +207,24 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
-
- /* Allocate memory for temporary data required for matching. This needs to
- be done for every matching operation to be thread safe. This allocates
-- everything in a single large block from the stack frame using alloca()
-- or with malloc() if alloca is unavailable. */
-+ everything in a single large block with calloc(). */
- {
-- int tbytes, rbytes, pbytes, xbytes, total_bytes;
-+ size_t tbytes, rbytes, pbytes, xbytes, total_bytes;
- char *tmp_buf;
-+
-+ /* Ensure that tbytes and xbytes*num_states cannot overflow, and that
-+ * they don't contribute more than 1/8 of SIZE_MAX to total_bytes. */
-+ if (num_tags > SIZE_MAX/(8 * sizeof(int) * tnfa->num_states))
-+ goto error_exit;
-+
-+ /* Likewise check rbytes. */
-+ if (tnfa->num_states+1 > SIZE_MAX/(8 * sizeof(*reach_next)))
-+ goto error_exit;
-+
-+ /* Likewise check pbytes. */
-+ if (tnfa->num_states > SIZE_MAX/(8 * sizeof(*reach_pos)))
-+ goto error_exit;
-+
- /* Compute the length of the block we need. */
- tbytes = sizeof(*tmp_tags) * num_tags;
- rbytes = sizeof(*reach_next) * (tnfa->num_states + 1);
-@@ -221,10 +235,9 @@ tre_tnfa_run_parallel(const tre_tnfa_t *tnfa, const void *string,
- + (rbytes + xbytes * tnfa->num_states) * 2 + tbytes + pbytes;
-
- /* Allocate the memory. */
-- buf = xmalloc((unsigned)total_bytes);
-+ buf = calloc(total_bytes, 1);
- if (buf == NULL)
- return REG_ESPACE;
-- memset(buf, 0, (size_t)total_bytes);
-
- /* Get the various pointers within tmp_buf (properly aligned). */
- tmp_tags = (void *)buf;
---
-2.7.4
-
diff --git a/meta/recipes-core/musl/musl_git.bb b/meta/recipes-core/musl/musl_git.bb
index 1ee56b6..d4467bc 100644
--- a/meta/recipes-core/musl/musl_git.bb
+++ b/meta/recipes-core/musl/musl_git.bb
@@ -3,7 +3,7 @@
require musl.inc
-SRCREV = "39494a273eaa6b714e0fa0c59ce7a1f5fbc80a1e"
+SRCREV = "4078a5c31fa67987051c2180db7a07702534032f"
PV = "1.1.15+git${SRCPV}"
@@ -11,7 +11,6 @@ PV = "1.1.15+git${SRCPV}"
SRC_URI = "git://git.musl-libc.org/musl \
file://0001-Make-dynamic-linker-a-relative-symlink-to-libc.patch \
- file://CVE-2016-8859.patch \
"
S = "${WORKDIR}/git"
--
2.10.2
^ permalink raw reply related
* Re: [PATCH] oe-tests: Migrate tests from /oe/test to /oeqa/selftest/oe-tests
From: Jose Perez Carranza @ 2016-11-10 22:39 UTC (permalink / raw)
To: benjamin.esquivel, openembedded-core; +Cc: paul.eggleton
In-Reply-To: <1478214729.21683.4.camel@linux.intel.com>
On 11/03/2016 06:12 PM, Benjamin Esquivel wrote:
> Hello José, a couple of comments below.
>
> On Thu, 2016-11-03 at 17:46 -0500, jose.perez.carranza@linux.intel.com
> wrote:
>> From: Jose Perez Carranza <jose.perez.carranza@linux.intel.com>
>>
>> Currently the unittests for scripts on meta/lib/oe are not being
>> executed by any suite hence the best option is migrate them to
>> meta/lib/oeqa/selftest to be executed along with the selftest suite.
>>
> How much more time do these tests add to a selftest execution?
Those test cases runs very fast, in about 1 minute all of them
>> [YOCTO #7376]
>>
>> Signed-off-by: Jose Perez Carranza <jose.perez.carranza@linux.intel.c
>> om>
>> ---
>> meta/lib/oe/tests/__init__.py | 0
>> meta/lib/oe/tests/test_elf.py | 21 -------
>> meta/lib/oe/tests/test_license.py | 68 -----------------
>> -----
>> meta/lib/oe/tests/test_path.py | 89 -----------------
>> -----------
>> meta/lib/oe/tests/test_types.py | 62 -----------------
>> ---
>> meta/lib/oe/tests/test_utils.py | 51 ----------------
>> meta/lib/oeqa/selftest/oe_tests/__init__.py | 0
>> meta/lib/oeqa/selftest/oe_tests/elf.py | 22 +++++++
>> meta/lib/oeqa/selftest/oe_tests/license.py | 69
>> ++++++++++++++++++++++
>> meta/lib/oeqa/selftest/oe_tests/path.py | 90
>> +++++++++++++++++++++++++++++
>> meta/lib/oeqa/selftest/oe_tests/types.py | 61 +++++++++++++++++++
>> meta/lib/oeqa/selftest/oe_tests/utils.py | 52 +++++++++++++++++
>> 12 files changed, 294 insertions(+), 291 deletions(-)
>> delete mode 100644 meta/lib/oe/tests/__init__.py
>> delete mode 100644 meta/lib/oe/tests/test_elf.py
>> delete mode 100644 meta/lib/oe/tests/test_license.py
>> delete mode 100644 meta/lib/oe/tests/test_path.py
>> delete mode 100644 meta/lib/oe/tests/test_types.py
>> delete mode 100644 meta/lib/oe/tests/test_utils.py
>> create mode 100644 meta/lib/oeqa/selftest/oe_tests/__init__.py
> selftest has no other dir in it and this dir name of oe_test makes
> little sense if you see it in the context of oeqa/selftest/oe_test. I
> suggest using a dir name that brings some additional info as to what is
> inside of it or try and see how to integrate these tests into the
> selftest/ plain structure.
integrate on the root of selftest is easy but I don't know if its the
best option as those test are very specific unit test for scripts that
are under meta/lib/oe that is why I used oe_test/ . Do you have any
suggestion on the name of the dir?
>> create mode 100644 meta/lib/oeqa/selftest/oe_tests/elf.py
>> create mode 100644 meta/lib/oeqa/selftest/oe_tests/license.py
>> create mode 100644 meta/lib/oeqa/selftest/oe_tests/path.py
>> create mode 100644 meta/lib/oeqa/selftest/oe_tests/types.py
>> create mode 100644 meta/lib/oeqa/selftest/oe_tests/utils.py
>>
>> diff --git a/meta/lib/oe/tests/__init__.py
>> b/meta/lib/oe/tests/__init__.py
>> deleted file mode 100644
>> index e69de29..0000000
>> diff --git a/meta/lib/oe/tests/test_elf.py
>> b/meta/lib/oe/tests/test_elf.py
>> deleted file mode 100644
>> index 1f59037..0000000
>> --- a/meta/lib/oe/tests/test_elf.py
>> +++ /dev/null
>> @@ -1,21 +0,0 @@
>> -import unittest
>> -import oe.qa
>> -
>> -class TestElf(unittest.TestCase):
>> - def test_machine_name(self):
>> - """
>> - Test elf_machine_to_string()
>> - """
>> - self.assertEqual(oe.qa.elf_machine_to_string(0x02), "SPARC")
>> - self.assertEqual(oe.qa.elf_machine_to_string(0x03), "x86")
>> - self.assertEqual(oe.qa.elf_machine_to_string(0x08), "MIPS")
>> - self.assertEqual(oe.qa.elf_machine_to_string(0x14),
>> "PowerPC")
>> - self.assertEqual(oe.qa.elf_machine_to_string(0x28), "ARM")
>> - self.assertEqual(oe.qa.elf_machine_to_string(0x2A),
>> "SuperH")
>> - self.assertEqual(oe.qa.elf_machine_to_string(0x32), "IA-64")
>> - self.assertEqual(oe.qa.elf_machine_to_string(0x3E), "x86-
>> 64")
>> - self.assertEqual(oe.qa.elf_machine_to_string(0xB7),
>> "AArch64")
>> -
>> - self.assertEqual(oe.qa.elf_machine_to_string(0x00), "Unknown
>> (0)")
>> - self.assertEqual(oe.qa.elf_machine_to_string(0xDEADBEEF),
>> "Unknown (3735928559)")
>> - self.assertEqual(oe.qa.elf_machine_to_string("foobar"),
>> "Unknown ('foobar')")
>> diff --git a/meta/lib/oe/tests/test_license.py
>> b/meta/lib/oe/tests/test_license.py
>> deleted file mode 100644
>> index c388886..0000000
>> --- a/meta/lib/oe/tests/test_license.py
>> +++ /dev/null
>> @@ -1,68 +0,0 @@
>> -import unittest
>> -import oe.license
>> -
>> -class SeenVisitor(oe.license.LicenseVisitor):
>> - def __init__(self):
>> - self.seen = []
>> - oe.license.LicenseVisitor.__init__(self)
>> -
>> - def visit_Str(self, node):
>> - self.seen.append(node.s)
>> -
>> -class TestSingleLicense(unittest.TestCase):
>> - licenses = [
>> - "GPLv2",
>> - "LGPL-2.0",
>> - "Artistic",
>> - "MIT",
>> - "GPLv3+",
>> - "FOO_BAR",
>> - ]
>> - invalid_licenses = ["GPL/BSD"]
>> -
>> - @staticmethod
>> - def parse(licensestr):
>> - visitor = SeenVisitor()
>> - visitor.visit_string(licensestr)
>> - return visitor.seen
>> -
>> - def test_single_licenses(self):
>> - for license in self.licenses:
>> - licenses = self.parse(license)
>> - self.assertListEqual(licenses, [license])
>> -
>> - def test_invalid_licenses(self):
>> - for license in self.invalid_licenses:
>> - with self.assertRaises(oe.license.InvalidLicense) as cm:
>> - self.parse(license)
>> - self.assertEqual(cm.exception.license, license)
>> -
>> -class TestSimpleCombinations(unittest.TestCase):
>> - tests = {
>> - "FOO&BAR": ["FOO", "BAR"],
>> - "BAZ & MOO": ["BAZ", "MOO"],
>> - "ALPHA|BETA": ["ALPHA"],
>> - "BAZ&MOO|FOO": ["FOO"],
>> - "FOO&BAR|BAZ": ["FOO", "BAR"],
>> - }
>> - preferred = ["ALPHA", "FOO", "BAR"]
>> -
>> - def test_tests(self):
>> - def choose(a, b):
>> - if all(lic in self.preferred for lic in b):
>> - return b
>> - else:
>> - return a
>> -
>> - for license, expected in self.tests.items():
>> - licenses = oe.license.flattened_licenses(license,
>> choose)
>> - self.assertListEqual(licenses, expected)
>> -
>> -class TestComplexCombinations(TestSimpleCombinations):
>> - tests = {
>> - "FOO & (BAR | BAZ)&MOO": ["FOO", "BAR", "MOO"],
>> - "(ALPHA|(BETA&THETA)|OMEGA)&DELTA": ["OMEGA", "DELTA"],
>> - "((ALPHA|BETA)&FOO)|BAZ": ["BETA", "FOO"],
>> - "(GPL-2.0|Proprietary)&BSD-4-clause&MIT": ["GPL-2.0", "BSD-
>> 4-clause", "MIT"],
>> - }
>> - preferred = ["BAR", "OMEGA", "BETA", "GPL-2.0"]
>> diff --git a/meta/lib/oe/tests/test_path.py
>> b/meta/lib/oe/tests/test_path.py
>> deleted file mode 100644
>> index 44d0681..0000000
>> --- a/meta/lib/oe/tests/test_path.py
>> +++ /dev/null
>> @@ -1,89 +0,0 @@
>> -import unittest
>> -import oe, oe.path
>> -import tempfile
>> -import os
>> -import errno
>> -import shutil
>> -
>> -class TestRealPath(unittest.TestCase):
>> - DIRS = [ "a", "b", "etc", "sbin", "usr", "usr/bin", "usr/binX",
>> "usr/sbin", "usr/include", "usr/include/gdbm" ]
>> - FILES = [ "etc/passwd", "b/file" ]
>> - LINKS = [
>> - ( "bin", "/usr/bin", "/usr/bin" ),
>> - ( "binX", "usr/binX", "/usr/binX" ),
>> - ( "c", "broken", "/broken" ),
>> - ( "etc/passwd-1", "passwd", "/etc/passwd"
>> ),
>> - ( "etc/passwd-2", "passwd-1", "/etc/passwd"
>> ),
>> - ( "etc/passwd-3", "/etc/passwd-1", "/etc/passwd"
>> ),
>> - ( "etc/shadow-1", "/etc/shadow", "/etc/shadow"
>> ),
>> - ( "etc/shadow-2", "/etc/shadow-1", "/etc/shadow"
>> ),
>> - ( "prog-A", "bin/prog-A", "/usr/bin/prog-
>> A" ),
>> - ( "prog-B", "/bin/prog-B", "/usr/bin/prog-
>> B" ),
>> - ( "usr/bin/prog-C", "../../sbin/prog-C", "/sbin/prog-C"
>> ),
>> - ( "usr/bin/prog-D", "/sbin/prog-D", "/sbin/prog-D"
>> ),
>> - ( "usr/binX/prog-E", "../sbin/prog-E", None ),
>> - ( "usr/bin/prog-F", "../../../sbin/prog-F", "/sbin/prog-F"
>> ),
>> - ( "loop", "a/loop", None ),
>> - ( "a/loop", "../loop", None ),
>> - ( "b/test", "file/foo", "/b/file/foo"
>> ),
>> - ]
>> -
>> - LINKS_PHYS = [
>> - ( "./", "/", "" ),
>> - ( "binX/prog-E", "/usr/sbin/prog-E", "/sbin/prog-E" ),
>> - ]
>> -
>> - EXCEPTIONS = [
>> - ( "loop", errno.ELOOP ),
>> - ( "b/test", errno.ENOENT ),
>> - ]
>> -
>> - def __del__(self):
>> - try:
>> - #os.system("tree -F %s" % self.tmpdir)
>> - shutil.rmtree(self.tmpdir)
>> - except:
>> - pass
>> -
>> - def setUp(self):
>> - self.tmpdir = tempfile.mkdtemp(prefix = "oe-test_path")
>> - self.root = os.path.join(self.tmpdir, "R")
>> -
>> - os.mkdir(os.path.join(self.tmpdir, "_real"))
>> - os.symlink("_real", self.root)
>> -
>> - for d in self.DIRS:
>> - os.mkdir(os.path.join(self.root, d))
>> - for f in self.FILES:
>> - open(os.path.join(self.root, f), "w")
>> - for l in self.LINKS:
>> - os.symlink(l[1], os.path.join(self.root, l[0]))
>> -
>> - def __realpath(self, file, use_physdir, assume_dir = True):
>> - return oe.path.realpath(os.path.join(self.root, file),
>> self.root,
>> - use_physdir, assume_dir =
>> assume_dir)
>> -
>> - def test_norm(self):
>> - for l in self.LINKS:
>> - if l[2] == None:
>> - continue
>> -
>> - target_p = self.__realpath(l[0], True)
>> - target_l = self.__realpath(l[0], False)
>> -
>> - if l[2] != False:
>> - self.assertEqual(target_p, target_l)
>> - self.assertEqual(l[2], target_p[len(self.root):])
>> -
>> - def test_phys(self):
>> - for l in self.LINKS_PHYS:
>> - target_p = self.__realpath(l[0], True)
>> - target_l = self.__realpath(l[0], False)
>> -
>> - self.assertEqual(l[1], target_p[len(self.root):])
>> - self.assertEqual(l[2], target_l[len(self.root):])
>> -
>> - def test_loop(self):
>> - for e in self.EXCEPTIONS:
>> - self.assertRaisesRegex(OSError, r'\[Errno %u\]' % e[1],
>> - self.__realpath, e[0], False,
>> False)
>> diff --git a/meta/lib/oe/tests/test_types.py
>> b/meta/lib/oe/tests/test_types.py
>> deleted file mode 100644
>> index 367cc30..0000000
>> --- a/meta/lib/oe/tests/test_types.py
>> +++ /dev/null
>> @@ -1,62 +0,0 @@
>> -import unittest
>> -from oe.maketype import create, factory
>> -
>> -class TestTypes(unittest.TestCase):
>> - def assertIsInstance(self, obj, cls):
>> - return self.assertTrue(isinstance(obj, cls))
>> -
>> - def assertIsNot(self, obj, other):
>> - return self.assertFalse(obj is other)
>> -
>> - def assertFactoryCreated(self, value, type, **flags):
>> - cls = factory(type)
>> - self.assertIsNot(cls, None)
>> - self.assertIsInstance(create(value, type, **flags), cls)
>> -
>> -class TestBooleanType(TestTypes):
>> - def test_invalid(self):
>> - self.assertRaises(ValueError, create, '', 'boolean')
>> - self.assertRaises(ValueError, create, 'foo', 'boolean')
>> - self.assertRaises(TypeError, create, object(), 'boolean')
>> -
>> - def test_true(self):
>> - self.assertTrue(create('y', 'boolean'))
>> - self.assertTrue(create('yes', 'boolean'))
>> - self.assertTrue(create('1', 'boolean'))
>> - self.assertTrue(create('t', 'boolean'))
>> - self.assertTrue(create('true', 'boolean'))
>> - self.assertTrue(create('TRUE', 'boolean'))
>> - self.assertTrue(create('truE', 'boolean'))
>> -
>> - def test_false(self):
>> - self.assertFalse(create('n', 'boolean'))
>> - self.assertFalse(create('no', 'boolean'))
>> - self.assertFalse(create('0', 'boolean'))
>> - self.assertFalse(create('f', 'boolean'))
>> - self.assertFalse(create('false', 'boolean'))
>> - self.assertFalse(create('FALSE', 'boolean'))
>> - self.assertFalse(create('faLse', 'boolean'))
>> -
>> - def test_bool_equality(self):
>> - self.assertEqual(create('n', 'boolean'), False)
>> - self.assertNotEqual(create('n', 'boolean'), True)
>> - self.assertEqual(create('y', 'boolean'), True)
>> - self.assertNotEqual(create('y', 'boolean'), False)
>> -
>> -class TestList(TestTypes):
>> - def assertListEqual(self, value, valid, sep=None):
>> - obj = create(value, 'list', separator=sep)
>> - self.assertEqual(obj, valid)
>> - if sep is not None:
>> - self.assertEqual(obj.separator, sep)
>> - self.assertEqual(str(obj), obj.separator.join(obj))
>> -
>> - def test_list_nosep(self):
>> - testlist = ['alpha', 'beta', 'theta']
>> - self.assertListEqual('alpha beta theta', testlist)
>> - self.assertListEqual('alpha beta\ttheta', testlist)
>> - self.assertListEqual('alpha', ['alpha'])
>> -
>> - def test_list_usersep(self):
>> - self.assertListEqual('foo:bar', ['foo', 'bar'], ':')
>> - self.assertListEqual('foo:bar:baz', ['foo', 'bar', 'baz'],
>> ':')
>> diff --git a/meta/lib/oe/tests/test_utils.py
>> b/meta/lib/oe/tests/test_utils.py
>> deleted file mode 100644
>> index 5d9ac52..0000000
>> --- a/meta/lib/oe/tests/test_utils.py
>> +++ /dev/null
>> @@ -1,51 +0,0 @@
>> -import unittest
>> -from oe.utils import packages_filter_out_system
>> -
>> -class TestPackagesFilterOutSystem(unittest.TestCase):
>> - def test_filter(self):
>> - """
>> - Test that oe.utils.packages_filter_out_system works.
>> - """
>> - try:
>> - import bb
>> - except ImportError:
>> - self.skipTest("Cannot import bb")
>> -
>> - d = bb.data_smart.DataSmart()
>> - d.setVar("PN", "foo")
>> -
>> - d.setVar("PACKAGES", "foo foo-doc foo-dev")
>> - pkgs = packages_filter_out_system(d)
>> - self.assertEqual(pkgs, [])
>> -
>> - d.setVar("PACKAGES", "foo foo-doc foo-data foo-dev")
>> - pkgs = packages_filter_out_system(d)
>> - self.assertEqual(pkgs, ["foo-data"])
>> -
>> - d.setVar("PACKAGES", "foo foo-locale-en-gb")
>> - pkgs = packages_filter_out_system(d)
>> - self.assertEqual(pkgs, [])
>> -
>> - d.setVar("PACKAGES", "foo foo-data foo-locale-en-gb")
>> - pkgs = packages_filter_out_system(d)
>> - self.assertEqual(pkgs, ["foo-data"])
>> -
>> -
>> -class TestTrimVersion(unittest.TestCase):
>> - def test_version_exception(self):
>> - with self.assertRaises(TypeError):
>> - trim_version(None, 2)
>> - with self.assertRaises(TypeError):
>> - trim_version((1, 2, 3), 2)
>> -
>> - def test_num_exception(self):
>> - with self.assertRaises(ValueError):
>> - trim_version("1.2.3", 0)
>> - with self.assertRaises(ValueError):
>> - trim_version("1.2.3", -1)
>> -
>> - def test_valid(self):
>> - self.assertEqual(trim_version("1.2.3", 1), "1")
>> - self.assertEqual(trim_version("1.2.3", 2), "1.2")
>> - self.assertEqual(trim_version("1.2.3", 3), "1.2.3")
>> - self.assertEqual(trim_version("1.2.3", 4), "1.2.3")
>> diff --git a/meta/lib/oeqa/selftest/oe_tests/__init__.py
>> b/meta/lib/oeqa/selftest/oe_tests/__init__.py
>> new file mode 100644
>> index 0000000..e69de29
>> diff --git a/meta/lib/oeqa/selftest/oe_tests/elf.py
>> b/meta/lib/oeqa/selftest/oe_tests/elf.py
>> new file mode 100644
>> index 0000000..582d772
>> --- /dev/null
>> +++ b/meta/lib/oeqa/selftest/oe_tests/elf.py
>> @@ -0,0 +1,22 @@
>> +from oeqa.selftest.base import oeSelfTest
>> +from oeqa.utils.decorators import testcase
>> +import oe.qa
>> +
>> +class TestElf(oeSelfTest):
>> + def test_machine_name(self):
>> + """
>> + Test elf_machine_to_string()
>> + """
>> + self.assertEqual(oe.qa.elf_machine_to_string(0x02), "SPARC")
>> + self.assertEqual(oe.qa.elf_machine_to_string(0x03), "x86")
>> + self.assertEqual(oe.qa.elf_machine_to_string(0x08), "MIPS")
>> + self.assertEqual(oe.qa.elf_machine_to_string(0x14),
>> "PowerPC")
>> + self.assertEqual(oe.qa.elf_machine_to_string(0x28), "ARM")
>> + self.assertEqual(oe.qa.elf_machine_to_string(0x2A),
>> "SuperH")
>> + self.assertEqual(oe.qa.elf_machine_to_string(0x32), "IA-64")
>> + self.assertEqual(oe.qa.elf_machine_to_string(0x3E), "x86-
>> 64")
>> + self.assertEqual(oe.qa.elf_machine_to_string(0xB7),
>> "AArch64")
>> +
>> + self.assertEqual(oe.qa.elf_machine_to_string(0x00), "Unknown
>> (0)")
>> + self.assertEqual(oe.qa.elf_machine_to_string(0xDEADBEEF),
>> "Unknown (3735928559)")
>> + self.assertEqual(oe.qa.elf_machine_to_string("foobar"),
>> "Unknown ('foobar')")
>> diff --git a/meta/lib/oeqa/selftest/oe_tests/license.py
>> b/meta/lib/oeqa/selftest/oe_tests/license.py
>> new file mode 100644
>> index 0000000..90bdf51
>> --- /dev/null
>> +++ b/meta/lib/oeqa/selftest/oe_tests/license.py
>> @@ -0,0 +1,69 @@
>> +import oe.license
>> +from oeqa.selftest.base import oeSelfTest
>> +from oeqa.utils.decorators import testcase
>> +
>> +class SeenVisitor(oe.license.LicenseVisitor):
>> + def __init__(self):
>> + self.seen = []
>> + oe.license.LicenseVisitor.__init__(self)
>> +
>> + def visit_Str(self, node):
>> + self.seen.append(node.s)
>> +
>> +class TestSingleLicense(oeSelfTest):
>> + licenses = [
>> + "GPLv2",
>> + "LGPL-2.0",
>> + "Artistic",
>> + "MIT",
>> + "GPLv3+",
>> + "FOO_BAR",
>> + ]
>> + invalid_licenses = ["GPL/BSD"]
>> +
>> + @staticmethod
>> + def parse(licensestr):
>> + visitor = SeenVisitor()
>> + visitor.visit_string(licensestr)
>> + return visitor.seen
>> +
>> + def test_single_licenses(self):
>> + for license in self.licenses:
>> + licenses = self.parse(license)
>> + self.assertListEqual(licenses, [license])
>> +
>> + def test_invalid_licenses(self):
>> + for license in self.invalid_licenses:
>> + with self.assertRaises(oe.license.InvalidLicense) as cm:
>> + self.parse(license)
>> + self.assertEqual(cm.exception.license, license)
>> +
>> +class TestSimpleCombinations(oeSelfTest):
>> + tests = {
>> + "FOO&BAR": ["FOO", "BAR"],
>> + "BAZ & MOO": ["BAZ", "MOO"],
>> + "ALPHA|BETA": ["ALPHA"],
>> + "BAZ&MOO|FOO": ["FOO"],
>> + "FOO&BAR|BAZ": ["FOO", "BAR"],
>> + }
>> + preferred = ["ALPHA", "FOO", "BAR"]
>> +
>> + def test_tests(self):
>> + def choose(a, b):
>> + if all(lic in self.preferred for lic in b):
>> + return b
>> + else:
>> + return a
>> +
>> + for license, expected in self.tests.items():
>> + licenses = oe.license.flattened_licenses(license,
>> choose)
>> + self.assertListEqual(licenses, expected)
>> +
>> +class TestComplexCombinations(TestSimpleCombinations):
>> + tests = {
>> + "FOO & (BAR | BAZ)&MOO": ["FOO", "BAR", "MOO"],
>> + "(ALPHA|(BETA&THETA)|OMEGA)&DELTA": ["OMEGA", "DELTA"],
>> + "((ALPHA|BETA)&FOO)|BAZ": ["BETA", "FOO"],
>> + "(GPL-2.0|Proprietary)&BSD-4-clause&MIT": ["GPL-2.0", "BSD-
>> 4-clause", "MIT"],
>> + }
>> + preferred = ["BAR", "OMEGA", "BETA", "GPL-2.0"]
>> diff --git a/meta/lib/oeqa/selftest/oe_tests/path.py
>> b/meta/lib/oeqa/selftest/oe_tests/path.py
>> new file mode 100644
>> index 0000000..09b56cb
>> --- /dev/null
>> +++ b/meta/lib/oeqa/selftest/oe_tests/path.py
>> @@ -0,0 +1,90 @@
>> +from oeqa.selftest.base import oeSelfTest
>> +from oeqa.utils.decorators import testcase
>> +import oe, oe.path
>> +import tempfile
>> +import os
>> +import errno
>> +import shutil
>> +
>> +class TestRealPath(oeSelfTest):
>> + DIRS = [ "a", "b", "etc", "sbin", "usr", "usr/bin", "usr/binX",
>> "usr/sbin", "usr/include", "usr/include/gdbm" ]
>> + FILES = [ "etc/passwd", "b/file" ]
>> + LINKS = [
>> + ( "bin", "/usr/bin", "/usr/bin" ),
>> + ( "binX", "usr/binX", "/usr/binX" ),
>> + ( "c", "broken", "/broken" ),
>> + ( "etc/passwd-1", "passwd", "/etc/passwd"
>> ),
>> + ( "etc/passwd-2", "passwd-1", "/etc/passwd"
>> ),
>> + ( "etc/passwd-3", "/etc/passwd-1", "/etc/passwd"
>> ),
>> + ( "etc/shadow-1", "/etc/shadow", "/etc/shadow"
>> ),
>> + ( "etc/shadow-2", "/etc/shadow-1", "/etc/shadow"
>> ),
>> + ( "prog-A", "bin/prog-A", "/usr/bin/prog-
>> A" ),
>> + ( "prog-B", "/bin/prog-B", "/usr/bin/prog-
>> B" ),
>> + ( "usr/bin/prog-C", "../../sbin/prog-C", "/sbin/prog-C"
>> ),
>> + ( "usr/bin/prog-D", "/sbin/prog-D", "/sbin/prog-D"
>> ),
>> + ( "usr/binX/prog-E", "../sbin/prog-E", None ),
>> + ( "usr/bin/prog-F", "../../../sbin/prog-F", "/sbin/prog-F"
>> ),
>> + ( "loop", "a/loop", None ),
>> + ( "a/loop", "../loop", None ),
>> + ( "b/test", "file/foo", "/b/file/foo"
>> ),
>> + ]
>> +
>> + LINKS_PHYS = [
>> + ( "./", "/", "" ),
>> + ( "binX/prog-E", "/usr/sbin/prog-E", "/sbin/prog-E" ),
>> + ]
>> +
>> + EXCEPTIONS = [
>> + ( "loop", errno.ELOOP ),
>> + ( "b/test", errno.ENOENT ),
>> + ]
>> +
>> + def __del__(self):
>> + try:
>> + #os.system("tree -F %s" % self.tmpdir)
>> + shutil.rmtree(self.tmpdir)
>> + except:
>> + pass
>> +
>> + def setUp(self):
>> + self.tmpdir = tempfile.mkdtemp(prefix = "oe-test_path")
>> + self.root = os.path.join(self.tmpdir, "R")
>> +
>> + os.mkdir(os.path.join(self.tmpdir, "_real"))
>> + os.symlink("_real", self.root)
>> +
>> + for d in self.DIRS:
>> + os.mkdir(os.path.join(self.root, d))
>> + for f in self.FILES:
>> + open(os.path.join(self.root, f), "w")
>> + for l in self.LINKS:
>> + os.symlink(l[1], os.path.join(self.root, l[0]))
>> +
>> + def __realpath(self, file, use_physdir, assume_dir = True):
>> + return oe.path.realpath(os.path.join(self.root, file),
>> self.root,
>> + use_physdir, assume_dir =
>> assume_dir)
>> +
>> + def test_norm(self):
>> + for l in self.LINKS:
>> + if l[2] == None:
>> + continue
>> +
>> + target_p = self.__realpath(l[0], True)
>> + target_l = self.__realpath(l[0], False)
>> +
>> + if l[2] != False:
>> + self.assertEqual(target_p, target_l)
>> + self.assertEqual(l[2], target_p[len(self.root):])
>> +
>> + def test_phys(self):
>> + for l in self.LINKS_PHYS:
>> + target_p = self.__realpath(l[0], True)
>> + target_l = self.__realpath(l[0], False)
>> +
>> + self.assertEqual(l[1], target_p[len(self.root):])
>> + self.assertEqual(l[2], target_l[len(self.root):])
>> +
>> + def test_loop(self):
>> + for e in self.EXCEPTIONS:
>> + self.assertRaisesRegex(OSError, r'\[Errno %u\]' % e[1],
>> + self.__realpath, e[0], False,
>> False)
>> diff --git a/meta/lib/oeqa/selftest/oe_tests/types.py
>> b/meta/lib/oeqa/selftest/oe_tests/types.py
>> new file mode 100644
>> index 0000000..2613da9
>> --- /dev/null
>> +++ b/meta/lib/oeqa/selftest/oe_tests/types.py
>> @@ -0,0 +1,61 @@
>> +from oeqa.selftest.base import oeSelfTest
>> +from oeqa.utils.decorators import testcase
>> +from oe.maketype import create, factory
>> +
>> +class TestTypes(oeSelfTest):
>> + def assertIsInstance(self, obj, cls):
>> + return self.assertTrue(isinstance(obj, cls))
>> +
>> + def assertIsNot(self, obj, other):
>> + return self.assertFalse(obj is other)
>> +
>> + def assertFactoryCreated(self, value, type, **flags):
>> + cls = factory(type)
>> + self.assertIsNot(cls, None)
>> + self.assertIsInstance(create(value, type, **flags), cls)
>> +
>> + def assertListIsEqual(self, value, valid, sep=None):
>> + obj = create(value, 'list', separator=sep)
>> + self.assertListEqual(obj, valid)
>> +
>> +class TestBooleanType(TestTypes):
>> + def test_invalid(self):
>> + self.assertRaises(ValueError, create, '', 'boolean')
>> + self.assertRaises(ValueError, create, 'foo', 'boolean')
>> + self.assertRaises(TypeError, create, object(), 'boolean')
>> +
>> + def test_true(self):
>> + self.assertTrue(create('y', 'boolean'))
>> + self.assertTrue(create('yes', 'boolean'))
>> + self.assertTrue(create('1', 'boolean'))
>> + self.assertTrue(create('t', 'boolean'))
>> + self.assertTrue(create('true', 'boolean'))
>> + self.assertTrue(create('TRUE', 'boolean'))
>> + self.assertTrue(create('truE', 'boolean'))
>> +
>> + def test_false(self):
>> + self.assertFalse(create('n', 'boolean'))
>> + self.assertFalse(create('no', 'boolean'))
>> + self.assertFalse(create('0', 'boolean'))
>> + self.assertFalse(create('f', 'boolean'))
>> + self.assertFalse(create('false', 'boolean'))
>> + self.assertFalse(create('FALSE', 'boolean'))
>> + self.assertFalse(create('faLse', 'boolean'))
>> +
>> + def test_bool_equality(self):
>> + self.assertEqual(create('n', 'boolean'), False)
>> + self.assertNotEqual(create('n', 'boolean'), True)
>> + self.assertEqual(create('y', 'boolean'), True)
>> + self.assertNotEqual(create('y', 'boolean'), False)
>> +
>> +class TestList(TestTypes):
>> +
>> + def test_list_nosep(self):
>> + testlist = ['alpha', 'beta', 'theta']
>> + self.assertListIsEqual('alpha beta theta', testlist)
>> + self.assertListIsEqual('alpha beta\ttheta', testlist)
>> + self.assertListIsEqual('alpha', ['alpha'])
>> +
>> + def test_list_usersep(self):
>> + self.assertListIsEqual('foo:bar', ['foo', 'bar'], ':')
>> + self.assertListIsEqual('foo:bar:baz', ['foo', 'bar', 'baz'],
>> ':')
>> diff --git a/meta/lib/oeqa/selftest/oe_tests/utils.py
>> b/meta/lib/oeqa/selftest/oe_tests/utils.py
>> new file mode 100644
>> index 0000000..25c60e1
>> --- /dev/null
>> +++ b/meta/lib/oeqa/selftest/oe_tests/utils.py
>> @@ -0,0 +1,52 @@
>> +from oeqa.selftest.base import oeSelfTest
>> +from oeqa.utils.decorators import testcase
>> +from oe.utils import packages_filter_out_system, trim_version
>> +
>> +class TestPackagesFilterOutSystem(oeSelfTest):
>> + def test_filter(self):
>> + """
>> + Test that oe.utils.packages_filter_out_system works.
>> + """
>> + try:
>> + import bb
>> + except ImportError:
>> + self.skipTest("Cannot import bb")
>> +
>> + d = bb.data_smart.DataSmart()
>> + d.setVar("PN", "foo")
>> +
>> + d.setVar("PACKAGES", "foo foo-doc foo-dev")
>> + pkgs = packages_filter_out_system(d)
>> + self.assertEqual(pkgs, [])
>> +
>> + d.setVar("PACKAGES", "foo foo-doc foo-data foo-dev")
>> + pkgs = packages_filter_out_system(d)
>> + self.assertEqual(pkgs, ["foo-data"])
>> +
>> + d.setVar("PACKAGES", "foo foo-locale-en-gb")
>> + pkgs = packages_filter_out_system(d)
>> + self.assertEqual(pkgs, [])
>> +
>> + d.setVar("PACKAGES", "foo foo-data foo-locale-en-gb")
>> + pkgs = packages_filter_out_system(d)
>> + self.assertEqual(pkgs, ["foo-data"])
>> +
>> +
>> +class TestTrimVersion(oeSelfTest):
>> + def test_version_exception(self):
>> + with self.assertRaises(TypeError):
>> + trim_version(None, 2)
>> + with self.assertRaises(TypeError):
>> + trim_version((1, 2, 3), 2)
>> +
>> + def test_num_exception(self):
>> + with self.assertRaises(ValueError):
>> + trim_version("1.2.3", 0)
>> + with self.assertRaises(ValueError):
>> + trim_version("1.2.3", -1)
>> +
>> + def test_valid(self):
>> + self.assertEqual(trim_version("1.2.3", 1), "1")
>> + self.assertEqual(trim_version("1.2.3", 2), "1.2")
>> + self.assertEqual(trim_version("1.2.3", 3), "1.2.3")
>> + self.assertEqual(trim_version("1.2.3", 4), "1.2.3")
>> --
>> 2.1.4
>>
^ permalink raw reply
* Re: [PATCHv3][krogoth] curl: fix multiple CVEs
From: Leonardo Sandoval @ 2016-11-10 20:42 UTC (permalink / raw)
To: Sona Sarmadi, openembedded-core
In-Reply-To: <1478782787-60397-1-git-send-email-sona.sarmadi@enea.com>
Sona,
added patch meta/recipes-support/curl/curl/CVE-2016-8625.patch
has neither signed-off-by nor Upstream-Status marks, please include them.
On 11/10/2016 06:59 AM, Sona Sarmadi wrote:
> CVE-2016-8615: cookie injection for other servers
> CVE-2016-8616: case insensitive password comparison
> CVE-2016-8617: OOB write via unchecked multiplication
> CVE-2016-8618: double-free in curl_maprintf
> CVE-2016-8619: double-free in krb5 code
> CVE-2016-8620: glob parser write/read out of bounds
> CVE-2016-8621: curl_getdate read out of bounds
> CVE-2016-8622: URL unescape heap overflow via integer truncation
> CVE-2016-8623: Use-after-free via shared cookies
> CVE-2016-8624: invalid URL parsing with '#'
> CVE-2016-8625: IDNA 2003 makes curl use wrong host
>
> [url-remove-unconditional-idn2.h-include.patch is needed
> for CVE-2016-8625]
>
> Reference:
> https://curl.haxx.se/docs/security.html
>
> Fixes [Yocto #10617]
>
> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> ---
> meta/recipes-support/curl/curl/CVE-2016-8615.patch | 70 +++
> meta/recipes-support/curl/curl/CVE-2016-8616.patch | 50 ++
> meta/recipes-support/curl/curl/CVE-2016-8617.patch | 29 +
> meta/recipes-support/curl/curl/CVE-2016-8618.patch | 49 ++
> meta/recipes-support/curl/curl/CVE-2016-8619.patch | 49 ++
> meta/recipes-support/curl/curl/CVE-2016-8620.patch | 47 ++
> meta/recipes-support/curl/curl/CVE-2016-8621.patch | 104 ++++
> meta/recipes-support/curl/curl/CVE-2016-8622.patch | 95 ++++
> meta/recipes-support/curl/curl/CVE-2016-8623.patch | 174 ++++++
> meta/recipes-support/curl/curl/CVE-2016-8624.patch | 55 ++
> meta/recipes-support/curl/curl/CVE-2016-8625.patch | 615 +++++++++++++++++++++
> .../url-remove-unconditional-idn2.h-include.patch | 29 +
> meta/recipes-support/curl/curl_7.47.1.bb | 12 +
> 13 files changed, 1378 insertions(+)
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8615.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8616.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8617.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8618.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8619.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8620.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8621.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8622.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8623.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8624.patch
> create mode 100644 meta/recipes-support/curl/curl/CVE-2016-8625.patch
> create mode 100644 meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch
>
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8615.patch b/meta/recipes-support/curl/curl/CVE-2016-8615.patch
> new file mode 100644
> index 0000000..95070f4
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8615.patch
> @@ -0,0 +1,70 @@
> +From cff89bc088b7884098ea0c5378bbda3d49c437bc Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Tue, 27 Sep 2016 17:36:19 +0200
> +Subject: [PATCH] cookie: replace use of fgets() with custom version
> +
> +... that will ignore lines that are too long to fit in the buffer.
> +
> +CVE: CVE-2016-8615
> +
> +Upstream-Status: Backport
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102A.html
> +Reported-by: Cure53
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +---
> + lib/cookie.c | 31 ++++++++++++++++++++++++++++++-
> + 1 file changed, 30 insertions(+), 1 deletion(-)
> +
> +diff --git a/lib/cookie.c b/lib/cookie.c
> +index 4932ab1..1b3e645 100644
> +--- a/lib/cookie.c
> ++++ b/lib/cookie.c
> +@@ -902,6 +902,35 @@ Curl_cookie_add(struct Curl_easy *data,
> + return co;
> + }
> +
> ++/*
> ++ * get_line() makes sure to only return complete whole lines that fit in 'len'
> ++ * bytes and end with a newline.
> ++ */
> ++static char *get_line(char *buf, int len, FILE *input)
> ++{
> ++ bool partial = FALSE;
> ++ while(1) {
> ++ char *b = fgets(buf, len, input);
> ++ if(b) {
> ++ size_t rlen = strlen(b);
> ++ if(rlen && (b[rlen-1] == '\n')) {
> ++ if(partial) {
> ++ partial = FALSE;
> ++ continue;
> ++ }
> ++ return b;
> ++ }
> ++ else
> ++ /* read a partial, discard the next piece that ends with newline */
> ++ partial = TRUE;
> ++ }
> ++ else
> ++ break;
> ++ }
> ++ return NULL;
> ++}
> ++
> ++
> + /*****************************************************************************
> + *
> + * Curl_cookie_init()
> +@@ -958,7 +987,7 @@ struct CookieInfo *Curl_cookie_init(struct Curl_easy *data,
> + line = malloc(MAX_COOKIE_LINE);
> + if(!line)
> + goto fail;
> +- while(fgets(line, MAX_COOKIE_LINE, fp)) {
> ++ while(get_line(line, MAX_COOKIE_LINE, fp)) {
> + if(checkprefix("Set-Cookie:", line)) {
> + /* This is a cookie line, get it! */
> + lineptr=&line[11];
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8616.patch b/meta/recipes-support/curl/curl/CVE-2016-8616.patch
> new file mode 100644
> index 0000000..2849d28
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8616.patch
> @@ -0,0 +1,50 @@
> +From b3ee26c5df75d97f6895e6ec4538894ebaf76e48 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Tue, 27 Sep 2016 18:01:53 +0200
> +Subject: [PATCH] connectionexists: use case sensitive user/password
> + comparisons
> +
> +CVE: CVE-2016-8616
> +
> +Upstream-Status: Backport
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102B.html
> +Reported-by: Cure53
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +
> +diff -ruN a/lib/url.c b/lib/url.c
> +--- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100
> ++++ b/lib/url.c 2016-11-07 09:16:20.459836564 +0100
> +@@ -3305,8 +3305,8 @@
> + if(!(needle->handler->flags & PROTOPT_CREDSPERREQUEST)) {
> + /* This protocol requires credentials per connection,
> + so verify that we're using the same name and password as well */
> +- if(!strequal(needle->user, check->user) ||
> +- !strequal(needle->passwd, check->passwd)) {
> ++ if(strcmp(needle->user, check->user) ||
> ++ strcmp(needle->passwd, check->passwd)) {
> + /* one of them was different */
> + continue;
> + }
> +@@ -3369,8 +3369,8 @@
> + possible. (Especially we must not reuse the same connection if
> + partway through a handshake!) */
> + if(wantNTLMhttp) {
> +- if(!strequal(needle->user, check->user) ||
> +- !strequal(needle->passwd, check->passwd))
> ++ if(strcmp(needle->user, check->user) ||
> ++ strcmp(needle->passwd, check->passwd))
> + continue;
> + }
> + else if(check->ntlm.state != NTLMSTATE_NONE) {
> +@@ -3380,8 +3380,8 @@
> +
> + /* Same for Proxy NTLM authentication */
> + if(wantProxyNTLMhttp) {
> +- if(!strequal(needle->proxyuser, check->proxyuser) ||
> +- !strequal(needle->proxypasswd, check->proxypasswd))
> ++ if(strcmp(needle->proxyuser, check->proxyuser) ||
> ++ strcmp(needle->proxypasswd, check->proxypasswd))
> + continue;
> + }
> + else if(check->proxyntlm.state != NTLMSTATE_NONE) {
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8617.patch b/meta/recipes-support/curl/curl/CVE-2016-8617.patch
> new file mode 100644
> index 0000000..a9bb509
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8617.patch
> @@ -0,0 +1,29 @@
> +From efd24d57426bd77c9b5860e6b297904703750412 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Wed, 28 Sep 2016 00:05:12 +0200
> +Subject: [PATCH] base64: check for integer overflow on large input
> +
> +CVE: CVE-2016-8617
> +
> +Upstream-Status: Backport
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102C.html
> +Reported-by: Cure53
> +
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +---
> +diff -ruN a/lib/base64.c b/lib/base64.c
> +--- a/lib/base64.c 2016-02-03 00:02:43.000000000 +0100
> ++++ b/lib/base64.c 2016-11-07 09:22:07.918167530 +0100
> +@@ -190,6 +190,11 @@
> + if(0 == insize)
> + insize = strlen(indata);
> +
> ++#if SIZEOF_SIZE_T == 4
> ++ if(insize > UINT_MAX/4)
> ++ return CURLE_OUT_OF_MEMORY;
> ++#endif
> ++
> + base64data = output = malloc(insize*4/3+4);
> + if(NULL == output)
> + return CURLE_OUT_OF_MEMORY;
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8618.patch b/meta/recipes-support/curl/curl/CVE-2016-8618.patch
> new file mode 100644
> index 0000000..57b3397
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8618.patch
> @@ -0,0 +1,49 @@
> +From 8732ec40db652c53fa58cd13e2acb8eab6e40874 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Wed, 28 Sep 2016 10:15:34 +0200
> +Subject: [PATCH] aprintf: detect wrap-around when growing allocation
> +
> +On 32bit systems we could otherwise wrap around after 2GB and allocate 0
> +bytes and crash.
> +
> +CVE: CVE-2016-8618
> +
> +Upstream-Status: Backport
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102D.html
> +Reported-by: Cure53
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +---
> + lib/mprintf.c | 9 ++++++---
> + 1 file changed, 6 insertions(+), 3 deletions(-)
> +
> +diff --git a/lib/mprintf.c b/lib/mprintf.c
> +index dbedeaa..2c88aa8 100644
> +--- a/lib/mprintf.c
> ++++ b/lib/mprintf.c
> +@@ -1036,16 +1036,19 @@ static int alloc_addbyter(int output, FILE *data)
> + infop->len =0;
> + }
> + else if(infop->len+1 >= infop->alloc) {
> +- char *newptr;
> ++ char *newptr = NULL;
> ++ size_t newsize = infop->alloc*2;
> +
> +- newptr = realloc(infop->buffer, infop->alloc*2);
> ++ /* detect wrap-around or other overflow problems */
> ++ if(newsize > infop->alloc)
> ++ newptr = realloc(infop->buffer, newsize);
> +
> + if(!newptr) {
> + infop->fail = 1;
> + return -1; /* fail */
> + }
> + infop->buffer = newptr;
> +- infop->alloc *= 2;
> ++ infop->alloc = newsize;
> + }
> +
> + infop->buffer[ infop->len ] = outc;
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8619.patch b/meta/recipes-support/curl/curl/CVE-2016-8619.patch
> new file mode 100644
> index 0000000..13c67c2
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8619.patch
> @@ -0,0 +1,49 @@
> +From 3d6460edeee21d7d790ec570d0887bed1f4366dd Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Wed, 28 Sep 2016 12:56:02 +0200
> +Subject: [PATCH] krb5: avoid realloc(0)
> +
> +If the requested size is zero, bail out with error instead of doing a
> +realloc() that would cause a double-free: realloc(0) acts as a free()
> +and then there's a second free in the cleanup path.
> +
> +CVE: CVE-2016-8619
> +
> +Upstream-Status: Backport
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102E.html
> +Reported-by: Cure53
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +---
> + lib/security.c | 9 ++++++---
> + 1 file changed, 6 insertions(+), 3 deletions(-)
> +
> +diff --git a/lib/security.c b/lib/security.c
> +index a268d4a..4cef8f8 100644
> +--- a/lib/security.c
> ++++ b/lib/security.c
> +@@ -192,15 +192,18 @@ static CURLcode read_data(struct connectdata *conn,
> + struct krb5buffer *buf)
> + {
> + int len;
> +- void* tmp;
> ++ void *tmp = NULL;
> + CURLcode result;
> +
> + result = socket_read(fd, &len, sizeof(len));
> + if(result)
> + return result;
> +
> +- len = ntohl(len);
> +- tmp = realloc(buf->data, len);
> ++ if(len) {
> ++ /* only realloc if there was a length */
> ++ len = ntohl(len);
> ++ tmp = realloc(buf->data, len);
> ++ }
> + if(tmp == NULL)
> + return CURLE_OUT_OF_MEMORY;
> +
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8620.patch b/meta/recipes-support/curl/curl/CVE-2016-8620.patch
> new file mode 100644
> index 0000000..9cea298
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8620.patch
> @@ -0,0 +1,47 @@
> +From fbb5f1aa0326d485d5a7ac643b48481897ca667f Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Mon, 3 Oct 2016 17:27:16 +0200
> +Subject: [PATCH] range: prevent negative end number in a glob range
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +CVE: CVE-2016-8620
> +
> +Upstream-Status: Backport
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102F.html
> +Reported-by: Luật Nguyễn
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +---
> + src/tool_urlglob.c | 7 +++++++
> + 1 file changed, 7 insertions(+)
> +
> +diff --git a/src/tool_urlglob.c b/src/tool_urlglob.c
> +index a357b8b..64c75ba 100644
> +--- a/src/tool_urlglob.c
> ++++ b/src/tool_urlglob.c
> +@@ -257,6 +257,12 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
> + endp = NULL;
> + else {
> + pattern = endp+1;
> ++ while(*pattern && ISBLANK(*pattern))
> ++ pattern++;
> ++ if(!ISDIGIT(*pattern)) {
> ++ endp = NULL;
> ++ goto fail;
> ++ }
> + errno = 0;
> + max_n = strtoul(pattern, &endp, 10);
> + if(errno || (*endp == ':')) {
> +@@ -277,6 +283,7 @@ static CURLcode glob_range(URLGlob *glob, char **patternp,
> + }
> + }
> +
> ++ fail:
> + *posp += (pattern - *patternp);
> +
> + if(!endp || (min_n > max_n) || (step_n > (max_n - min_n)) || !step_n)
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8621.patch b/meta/recipes-support/curl/curl/CVE-2016-8621.patch
> new file mode 100644
> index 0000000..c05968e
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8621.patch
> @@ -0,0 +1,104 @@
> +From 96a80b5a262fb6dd2ddcea7987296f3b9a405618 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Tue, 4 Oct 2016 16:59:38 +0200
> +Subject: [PATCH] parsedate: handle cut off numbers better
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +... and don't read outside of the given buffer!
> +
> +CVE: CVE-2016-8621
> +
> +Upstream-Status: Backport
> +
> +bug: https://curl.haxx.se/docs/adv_20161102G.html
> +Reported-by: Luật Nguyễn
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +---
> + lib/parsedate.c | 12 +++++++-----
> + tests/data/test517 | 6 ++++++
> + tests/libtest/lib517.c | 8 +++++++-
> + 3 files changed, 20 insertions(+), 6 deletions(-)
> +
> +diff --git a/lib/parsedate.c b/lib/parsedate.c
> +index dfcf855..8e932f4 100644
> +--- a/lib/parsedate.c
> ++++ b/lib/parsedate.c
> +@@ -5,7 +5,7 @@
> + * | (__| |_| | _ <| |___
> + * \___|\___/|_| \_\_____|
> + *
> +- * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
> ++ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
> + *
> + * This software is licensed as described in the file COPYING, which
> + * you should have received as part of this distribution. The terms
> +@@ -386,15 +386,17 @@ static int parsedate(const char *date, time_t *output)
> + /* a digit */
> + int val;
> + char *end;
> ++ int len=0;
> + if((secnum == -1) &&
> +- (3 == sscanf(date, "%02d:%02d:%02d", &hournum, &minnum, &secnum))) {
> ++ (3 == sscanf(date, "%02d:%02d:%02d%n",
> ++ &hournum, &minnum, &secnum, &len))) {
> + /* time stamp! */
> +- date += 8;
> ++ date += len;
> + }
> + else if((secnum == -1) &&
> +- (2 == sscanf(date, "%02d:%02d", &hournum, &minnum))) {
> ++ (2 == sscanf(date, "%02d:%02d%n", &hournum, &minnum, &len))) {
> + /* time stamp without seconds */
> +- date += 5;
> ++ date += len;
> + secnum = 0;
> + }
> + else {
> +diff --git a/tests/data/test517 b/tests/data/test517
> +index c81a45e..513634f 100644
> +--- a/tests/data/test517
> ++++ b/tests/data/test517
> +@@ -116,6 +116,12 @@ nothing
> + 81: 20111323 12:34:56 => -1
> + 82: 20110623 12:34:79 => -1
> + 83: Wed, 31 Dec 2008 23:59:60 GMT => 1230768000
> ++84: 20110623 12:3 => 1308830580
> ++85: 20110623 1:3 => 1308790980
> ++86: 20110623 1:30 => 1308792600
> ++87: 20110623 12:12:3 => 1308831123
> ++88: 20110623 01:12:3 => 1308791523
> ++89: 20110623 01:99:30 => -1
> + </stdout>
> +
> + # This test case previously tested an overflow case ("2094 Nov 6 =>
> +diff --git a/tests/libtest/lib517.c b/tests/libtest/lib517.c
> +index 2f68ebd..22162ff 100644
> +--- a/tests/libtest/lib517.c
> ++++ b/tests/libtest/lib517.c
> +@@ -5,7 +5,7 @@
> + * | (__| |_| | _ <| |___
> + * \___|\___/|_| \_\_____|
> + *
> +- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
> ++ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
> + *
> + * This software is licensed as described in the file COPYING, which
> + * you should have received as part of this distribution. The terms
> +@@ -116,6 +116,12 @@ static const char * const dates[]={
> + "20111323 12:34:56",
> + "20110623 12:34:79",
> + "Wed, 31 Dec 2008 23:59:60 GMT", /* leap second */
> ++ "20110623 12:3",
> ++ "20110623 1:3",
> ++ "20110623 1:30",
> ++ "20110623 12:12:3",
> ++ "20110623 01:12:3",
> ++ "20110623 01:99:30",
> + NULL
> + };
> +
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8622.patch b/meta/recipes-support/curl/curl/CVE-2016-8622.patch
> new file mode 100644
> index 0000000..aedc85b
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8622.patch
> @@ -0,0 +1,95 @@
> +From 53e71e47d6b81650d26ec33a58d0dca24c7ffb2c Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Tue, 4 Oct 2016 18:56:45 +0200
> +Subject: [PATCH] unescape: avoid integer overflow
> +
> +CVE: CVE-2016-8622
> +
> +Upstream-Status: Backport
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102H.html
> +Reported-by: Cure53
> +
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +
> +diff -ruN a/docs/libcurl/curl_easy_unescape.3 b/docs/libcurl/curl_easy_unescape.3
> +--- a/docs/libcurl/curl_easy_unescape.3 2016-02-03 00:08:02.000000000 +0100
> ++++ b/docs/libcurl/curl_easy_unescape.3 2016-11-07 09:25:45.999933275 +0100
> +@@ -5,7 +5,7 @@
> + .\" * | (__| |_| | _ <| |___
> + .\" * \___|\___/|_| \_\_____|
> + .\" *
> +-.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
> ++.\" * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
> + .\" *
> + .\" * This software is licensed as described in the file COPYING, which
> + .\" * you should have received as part of this distribution. The terms
> +@@ -40,7 +40,10 @@
> +
> + If \fBoutlength\fP is non-NULL, the function will write the length of the
> + returned string in the integer it points to. This allows an escaped string
> +-containing %00 to still get used properly after unescaping.
> ++containing %00 to still get used properly after unescaping. Since this is a
> ++pointer to an \fIint\fP type, it can only return a value up to INT_MAX so no
> ++longer string can be unescaped if the string length is returned in this
> ++parameter.
> +
> + You must \fIcurl_free(3)\fP the returned string when you're done with it.
> + .SH AVAILABILITY
> +diff -ruN a/lib/dict.c b/lib/dict.c
> +--- a/lib/dict.c 2016-02-03 00:02:44.000000000 +0100
> ++++ b/lib/dict.c 2016-11-07 09:25:45.999933275 +0100
> +@@ -5,7 +5,7 @@
> + * | (__| |_| | _ <| |___
> + * \___|\___/|_| \_\_____|
> + *
> +- * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
> ++ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
> + *
> + * This software is licensed as described in the file COPYING, which
> + * you should have received as part of this distribution. The terms
> +@@ -52,7 +52,7 @@
> + #include <curl/curl.h>
> + #include "transfer.h"
> + #include "sendf.h"
> +-
> ++#include "escape.h"
> + #include "progress.h"
> + #include "strequal.h"
> + #include "dict.h"
> +@@ -96,12 +96,12 @@
> + char *newp;
> + char *dictp;
> + char *ptr;
> +- int len;
> ++ size_t len;
> + char ch;
> + int olen=0;
> +
> +- newp = curl_easy_unescape(data, inputbuff, 0, &len);
> +- if(!newp)
> ++ CURLcode result = Curl_urldecode(data, inputbuff, 0, &newp, &len, FALSE);
> ++ if(!newp || result)
> + return NULL;
> +
> + dictp = malloc(((size_t)len)*2 + 1); /* add one for terminating zero */
> +diff -ruN a/lib/escape.c b/lib/escape.c
> +--- a/lib/escape.c 2016-02-05 10:02:03.000000000 +0100
> ++++ b/lib/escape.c 2016-11-07 09:29:43.073671606 +0100
> +@@ -217,8 +217,14 @@
> + FALSE);
> + if(res)
> + return NULL;
> +- if(olen)
> +- *olen = curlx_uztosi(outputlen);
> ++
> ++ if(olen) {
> ++ if(outputlen <= (size_t) INT_MAX)
> ++ *olen = curlx_uztosi(outputlen);
> ++ else
> ++ /* too large to return in an int, fail! */
> ++ Curl_safefree(str);
> ++ }
> + return str;
> + }
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8623.patch b/meta/recipes-support/curl/curl/CVE-2016-8623.patch
> new file mode 100644
> index 0000000..e791ecd
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8623.patch
> @@ -0,0 +1,174 @@
> +From c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Tue, 4 Oct 2016 23:26:13 +0200
> +Subject: [PATCH] cookies: getlist() now holds deep copies of all cookies
> +
> +Previously it only held references to them, which was reckless as the
> +thread lock was released so the cookies could get modified by other
> +handles that share the same cookie jar over the share interface.
> +
> +CVE: CVE-2016-8623
> +
> +Upstream-Status: Backport
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102I.html
> +Reported-by: Cure53
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +---
> + lib/cookie.c | 61 +++++++++++++++++++++++++++++++++++++++---------------------
> + lib/cookie.h | 4 ++--
> + lib/http.c | 2 +-
> + 3 files changed, 43 insertions(+), 24 deletions(-)
> +
> +diff --git a/lib/cookie.c b/lib/cookie.c
> +index 0f05da2..8607ce3 100644
> +--- a/lib/cookie.c
> ++++ b/lib/cookie.c
> +@@ -1024,6 +1024,40 @@ static int cookie_sort(const void *p1, const void *p2)
> + return 0;
> + }
> +
> ++#define CLONE(field) \
> ++ do { \
> ++ if(src->field) { \
> ++ dup->field = strdup(src->field); \
> ++ if(!dup->field) \
> ++ goto fail; \
> ++ } \
> ++ } while(0)
> ++
> ++static struct Cookie *dup_cookie(struct Cookie *src)
> ++{
> ++ struct Cookie *dup = calloc(sizeof(struct Cookie), 1);
> ++ if(dup) {
> ++ CLONE(expirestr);
> ++ CLONE(domain);
> ++ CLONE(path);
> ++ CLONE(spath);
> ++ CLONE(name);
> ++ CLONE(value);
> ++ CLONE(maxage);
> ++ CLONE(version);
> ++ dup->expires = src->expires;
> ++ dup->tailmatch = src->tailmatch;
> ++ dup->secure = src->secure;
> ++ dup->livecookie = src->livecookie;
> ++ dup->httponly = src->httponly;
> ++ }
> ++ return dup;
> ++
> ++ fail:
> ++ freecookie(dup);
> ++ return NULL;
> ++}
> ++
> + /*****************************************************************************
> + *
> + * Curl_cookie_getlist()
> +@@ -1079,11 +1113,8 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
> + /* and now, we know this is a match and we should create an
> + entry for the return-linked-list */
> +
> +- newco = malloc(sizeof(struct Cookie));
> ++ newco = dup_cookie(co);
> + if(newco) {
> +- /* first, copy the whole source cookie: */
> +- memcpy(newco, co, sizeof(struct Cookie));
> +-
> + /* then modify our next */
> + newco->next = mainco;
> +
> +@@ -1095,12 +1126,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
> + else {
> + fail:
> + /* failure, clear up the allocated chain and return NULL */
> +- while(mainco) {
> +- co = mainco->next;
> +- free(mainco);
> +- mainco = co;
> +- }
> +-
> ++ Curl_cookie_freelist(mainco);
> + return NULL;
> + }
> + }
> +@@ -1152,7 +1178,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
> + void Curl_cookie_clearall(struct CookieInfo *cookies)
> + {
> + if(cookies) {
> +- Curl_cookie_freelist(cookies->cookies, TRUE);
> ++ Curl_cookie_freelist(cookies->cookies);
> + cookies->cookies = NULL;
> + cookies->numcookies = 0;
> + }
> +@@ -1164,21 +1190,14 @@ void Curl_cookie_clearall(struct CookieInfo *cookies)
> + *
> + * Free a list of cookies previously returned by Curl_cookie_getlist();
> + *
> +- * The 'cookiestoo' argument tells this function whether to just free the
> +- * list or actually also free all cookies within the list as well.
> +- *
> + ****************************************************************************/
> +
> +-void Curl_cookie_freelist(struct Cookie *co, bool cookiestoo)
> ++void Curl_cookie_freelist(struct Cookie *co)
> + {
> + struct Cookie *next;
> + while(co) {
> + next = co->next;
> +- if(cookiestoo)
> +- freecookie(co);
> +- else
> +- free(co); /* we only free the struct since the "members" are all just
> +- pointed out in the main cookie list! */
> ++ freecookie(co);
> + co = next;
> + }
> + }
> +@@ -1233,7 +1252,7 @@ void Curl_cookie_cleanup(struct CookieInfo *c)
> + {
> + if(c) {
> + free(c->filename);
> +- Curl_cookie_freelist(c->cookies, TRUE);
> ++ Curl_cookie_freelist(c->cookies);
> + free(c); /* free the base struct as well */
> + }
> + }
> +diff --git a/lib/cookie.h b/lib/cookie.h
> +index cd7c54a..a9a4578 100644
> +--- a/lib/cookie.h
> ++++ b/lib/cookie.h
> +@@ -7,7 +7,7 @@
> + * | (__| |_| | _ <| |___
> + * \___|\___/|_| \_\_____|
> + *
> +- * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
> ++ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
> + *
> + * This software is licensed as described in the file COPYING, which
> + * you should have received as part of this distribution. The terms
> +@@ -82,7 +82,7 @@ struct Cookie *Curl_cookie_add(struct Curl_easy *data,
> +
> + struct Cookie *Curl_cookie_getlist(struct CookieInfo *, const char *,
> + const char *, bool);
> +-void Curl_cookie_freelist(struct Cookie *cookies, bool cookiestoo);
> ++void Curl_cookie_freelist(struct Cookie *cookies);
> + void Curl_cookie_clearall(struct CookieInfo *cookies);
> + void Curl_cookie_clearsess(struct CookieInfo *cookies);
> +
> +diff --git a/lib/http.c b/lib/http.c
> +index 65c145a..e6e7d37 100644
> +--- a/lib/http.c
> ++++ b/lib/http.c
> +@@ -2384,7 +2384,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
> + }
> + co = co->next; /* next cookie please */
> + }
> +- Curl_cookie_freelist(store, FALSE); /* free the cookie list */
> ++ Curl_cookie_freelist(store);
> + }
> + if(addcookies && !result) {
> + if(!count)
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8624.patch b/meta/recipes-support/curl/curl/CVE-2016-8624.patch
> new file mode 100644
> index 0000000..fb62282
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8624.patch
> @@ -0,0 +1,55 @@
> +From 3bb273db7e40ebc284cff45f3ce3f0475c8339c2 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Tue, 11 Oct 2016 00:48:35 +0200
> +Subject: [PATCH] urlparse: accept '#' as end of host name
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +'http://example.com#@127.0.0.1/x.txt' equals a request to example.com
> +for the '/' document with the rest of the URL being a fragment.
> +
> +CVE: CVE-2016-8624
> +
> +Upstream-Status: Backport
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102J.html
> +Reported-by: Fernando Muñoz
> +
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +
> +diff -ruN a/lib/url.c b/lib/url.c
> +--- a/lib/url.c 2016-11-07 08:50:23.030126833 +0100
> ++++ b/lib/url.c 2016-11-07 10:16:13.562089428 +0100
> +@@ -4086,7 +4086,7 @@
> + path[0]=0;
> +
> + if(2 > sscanf(data->change.url,
> +- "%15[^\n:]://%[^\n/?]%[^\n]",
> ++ "%15[^\n:]://%[^\n/?#]%[^\n]",
> + protobuf,
> + conn->host.name, path)) {
> +
> +@@ -4094,7 +4094,7 @@
> + * The URL was badly formatted, let's try the browser-style _without_
> + * protocol specified like 'http://'.
> + */
> +- rc = sscanf(data->change.url, "%[^\n/?]%[^\n]", conn->host.name, path);
> ++ rc = sscanf(data->change.url, "%[^\n/?#]%[^\n]", conn->host.name, path);
> + if(1 > rc) {
> + /*
> + * We couldn't even get this format.
> +@@ -4184,10 +4184,10 @@
> + }
> +
> + /* If the URL is malformatted (missing a '/' after hostname before path) we
> +- * insert a slash here. The only letter except '/' we accept to start a path
> +- * is '?'.
> ++ * insert a slash here. The only letters except '/' that can start a path is
> ++ * '?' and '#' - as controlled by the two sscanf() patterns above.
> + */
> +- if(path[0] == '?') {
> ++ if(path[0] != '/') {
> + /* We need this function to deal with overlapping memory areas. We know
> + that the memory area 'path' points to is 'urllen' bytes big and that
> + is bigger than the path. Use +1 to move the zero byte too. */
> diff --git a/meta/recipes-support/curl/curl/CVE-2016-8625.patch b/meta/recipes-support/curl/curl/CVE-2016-8625.patch
> new file mode 100644
> index 0000000..a385cc3
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/CVE-2016-8625.patch
> @@ -0,0 +1,615 @@
> +commit 914aae739463ec72340130ea9ad42e04b02a5338
> +Author: Daniel Stenberg <daniel@haxx.se>
> +Date: Wed Oct 12 09:01:06 2016 +0200
> +
> +idn: switch to libidn2 use and IDNA2008 support
> +
> +CVE: CVE-2016-8625
> +
> +Bug: https://curl.haxx.se/docs/adv_20161102K.html
> +Reported-by: Christian Heimes
> +
> +Conflicts:
> + CMakeLists.txt
> + lib/url.c
> +
> +Signed-off-by: Martin Borg <martin.borg@enea.com>
> +Signen-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +
> +diff --git a/CMakeLists.txt b/CMakeLists.txt
> +index 06f18cf..c3e5c7c 100644
> +--- a/CMakeLists.txt
> ++++ b/CMakeLists.txt
> +@@ -440,7 +440,7 @@ if(NOT CURL_DISABLE_LDAPS)
> + endif()
> +
> + # Check for idn
> +-check_library_exists_concat("idn" idna_to_ascii_lz HAVE_LIBIDN)
> ++check_library_exists_concat("idn2" idn2_lookup_ul HAVE_LIBIDN2)
> +
> + # Check for symbol dlopen (same as HAVE_LIBDL)
> + check_library_exists("${CURL_LIBS}" dlopen "" HAVE_DLOPEN)
> +@@ -608,7 +608,7 @@ check_include_file_concat("des.h" HAVE_DES_H)
> + check_include_file_concat("err.h" HAVE_ERR_H)
> + check_include_file_concat("errno.h" HAVE_ERRNO_H)
> + check_include_file_concat("fcntl.h" HAVE_FCNTL_H)
> +-check_include_file_concat("idn-free.h" HAVE_IDN_FREE_H)
> ++check_include_file_concat("idn2.h" HAVE_IDN2_H)
> + check_include_file_concat("ifaddrs.h" HAVE_IFADDRS_H)
> + check_include_file_concat("io.h" HAVE_IO_H)
> + check_include_file_concat("krb.h" HAVE_KRB_H)
> +@@ -638,7 +638,6 @@ check_include_file_concat("stropts.h" HAVE_STROPTS_H)
> + check_include_file_concat("termio.h" HAVE_TERMIO_H)
> + check_include_file_concat("termios.h" HAVE_TERMIOS_H)
> + check_include_file_concat("time.h" HAVE_TIME_H)
> +-check_include_file_concat("tld.h" HAVE_TLD_H)
> + check_include_file_concat("unistd.h" HAVE_UNISTD_H)
> + check_include_file_concat("utime.h" HAVE_UTIME_H)
> + check_include_file_concat("x509.h" HAVE_X509_H)
> +@@ -652,9 +651,6 @@ check_include_file_concat("netinet/if_ether.h" HAVE_NETINET_IF_ETHER_H)
> + check_include_file_concat("stdint.h" HAVE_STDINT_H)
> + check_include_file_concat("sockio.h" HAVE_SOCKIO_H)
> + check_include_file_concat("sys/utsname.h" HAVE_SYS_UTSNAME_H)
> +-check_include_file_concat("idna.h" HAVE_IDNA_H)
> +-
> +-
> +
> + check_type_size(size_t SIZEOF_SIZE_T)
> + check_type_size(ssize_t SIZEOF_SSIZE_T)
> +@@ -802,9 +798,6 @@ check_symbol_exists(pipe "${CURL_INCLUDES}" HAVE_PIPE)
> + check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE)
> + check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME)
> + check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT)
> +-check_symbol_exists(idn_free "${CURL_INCLUDES}" HAVE_IDN_FREE)
> +-check_symbol_exists(idna_strerror "${CURL_INCLUDES}" HAVE_IDNA_STRERROR)
> +-check_symbol_exists(tld_strerror "${CURL_INCLUDES}" HAVE_TLD_STRERROR)
> + check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE)
> + check_symbol_exists(setrlimit "${CURL_INCLUDES}" HAVE_SETRLIMIT)
> + check_symbol_exists(fcntl "${CURL_INCLUDES}" HAVE_FCNTL)
> +@@ -1067,7 +1060,7 @@ _add_if("IPv6" ENABLE_IPV6)
> + _add_if("unix-sockets" USE_UNIX_SOCKETS)
> + _add_if("libz" HAVE_LIBZ)
> + _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX)
> +-_add_if("IDN" HAVE_LIBIDN)
> ++_add_if("IDN" HAVE_LIBIDN2)
> + # TODO SSP1 (WinSSL) check is missing
> + _add_if("SSPI" USE_WINDOWS_SSPI)
> + _add_if("GSS-API" HAVE_GSSAPI)
> +diff --git a/configure.ac b/configure.ac
> +index 4c9862f..c8e2721 100644
> +--- a/configure.ac
> ++++ b/configure.ac
> +@@ -157,7 +157,7 @@ curl_tls_srp_msg="no (--enable-tls-srp)"
> + curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
> + curl_ipv6_msg="no (--enable-ipv6)"
> + curl_unix_sockets_msg="no (--enable-unix-sockets)"
> +- curl_idn_msg="no (--with-{libidn,winidn})"
> ++ curl_idn_msg="no (--with-{libidn2,winidn})"
> + curl_manual_msg="no (--enable-manual)"
> + curl_libcurl_msg="enabled (--disable-libcurl-option)"
> + curl_verbose_msg="enabled (--disable-verbose)"
> +@@ -2825,15 +2825,15 @@ dnl **********************************************************************
> + dnl Check for the presence of IDN libraries and headers
> + dnl **********************************************************************
> +
> +-AC_MSG_CHECKING([whether to build with libidn])
> ++AC_MSG_CHECKING([whether to build with libidn2])
> + OPT_IDN="default"
> + AC_ARG_WITH(libidn,
> +-AC_HELP_STRING([--with-libidn=PATH],[Enable libidn usage])
> +-AC_HELP_STRING([--without-libidn],[Disable libidn usage]),
> ++AC_HELP_STRING([--with-libidn2=PATH],[Enable libidn2 usage])
> ++AC_HELP_STRING([--without-libidn2],[Disable libidn2 usage]),
> + [OPT_IDN=$withval])
> + case "$OPT_IDN" in
> + no)
> +- dnl --without-libidn option used
> ++ dnl --without-libidn2 option used
> + want_idn="no"
> + AC_MSG_RESULT([no])
> + ;;
> +@@ -2844,13 +2844,13 @@ case "$OPT_IDN" in
> + AC_MSG_RESULT([(assumed) yes])
> + ;;
> + yes)
> +- dnl --with-libidn option used without path
> ++ dnl --with-libidn2 option used without path
> + want_idn="yes"
> + want_idn_path="default"
> + AC_MSG_RESULT([yes])
> + ;;
> + *)
> +- dnl --with-libidn option used with path
> ++ dnl --with-libidn2 option used with path
> + want_idn="yes"
> + want_idn_path="$withval"
> + AC_MSG_RESULT([yes ($withval)])
> +@@ -2867,33 +2867,33 @@ if test "$want_idn" = "yes"; then
> + if test "$want_idn_path" != "default"; then
> + dnl path has been specified
> + IDN_PCDIR="$want_idn_path/lib$libsuff/pkgconfig"
> +- CURL_CHECK_PKGCONFIG(libidn, [$IDN_PCDIR])
> ++ CURL_CHECK_PKGCONFIG(libidn2, [$IDN_PCDIR])
> + if test "$PKGCONFIG" != "no"; then
> + IDN_LIBS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
> +- $PKGCONFIG --libs-only-l libidn 2>/dev/null`
> ++ $PKGCONFIG --libs-only-l libidn2 2>/dev/null`
> + IDN_LDFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
> +- $PKGCONFIG --libs-only-L libidn 2>/dev/null`
> ++ $PKGCONFIG --libs-only-L libidn2 2>/dev/null`
> + IDN_CPPFLAGS=`CURL_EXPORT_PCDIR([$IDN_PCDIR]) dnl
> +- $PKGCONFIG --cflags-only-I libidn 2>/dev/null`
> ++ $PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
> + IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
> + else
> + dnl pkg-config not available or provides no info
> +- IDN_LIBS="-lidn"
> ++ IDN_LIBS="-lidn2"
> + IDN_LDFLAGS="-L$want_idn_path/lib$libsuff"
> + IDN_CPPFLAGS="-I$want_idn_path/include"
> + IDN_DIR="$want_idn_path/lib$libsuff"
> + fi
> + else
> + dnl path not specified
> +- CURL_CHECK_PKGCONFIG(libidn)
> ++ CURL_CHECK_PKGCONFIG(libidn2)
> + if test "$PKGCONFIG" != "no"; then
> +- IDN_LIBS=`$PKGCONFIG --libs-only-l libidn 2>/dev/null`
> +- IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn 2>/dev/null`
> +- IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn 2>/dev/null`
> ++ IDN_LIBS=`$PKGCONFIG --libs-only-l libidn2 2>/dev/null`
> ++ IDN_LDFLAGS=`$PKGCONFIG --libs-only-L libidn2 2>/dev/null`
> ++ IDN_CPPFLAGS=`$PKGCONFIG --cflags-only-I libidn2 2>/dev/null`
> + IDN_DIR=`echo $IDN_LDFLAGS | $SED -e 's/-L//'`
> + else
> + dnl pkg-config not available or provides no info
> +- IDN_LIBS="-lidn"
> ++ IDN_LIBS="-lidn2"
> + fi
> + fi
> + #
> +@@ -2913,9 +2913,9 @@ if test "$want_idn" = "yes"; then
> + LDFLAGS="$IDN_LDFLAGS $LDFLAGS"
> + LIBS="$IDN_LIBS $LIBS"
> + #
> +- AC_MSG_CHECKING([if idna_to_ascii_4i can be linked])
> ++ AC_MSG_CHECKING([if idn2_lookup_ul can be linked])
> + AC_LINK_IFELSE([
> +- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_4i])
> ++ AC_LANG_FUNC_LINK_TRY([idn2_lookup_ul])
> + ],[
> + AC_MSG_RESULT([yes])
> + tst_links_libidn="yes"
> +@@ -2923,37 +2923,19 @@ if test "$want_idn" = "yes"; then
> + AC_MSG_RESULT([no])
> + tst_links_libidn="no"
> + ])
> +- if test "$tst_links_libidn" = "no"; then
> +- AC_MSG_CHECKING([if idna_to_ascii_lz can be linked])
> +- AC_LINK_IFELSE([
> +- AC_LANG_FUNC_LINK_TRY([idna_to_ascii_lz])
> +- ],[
> +- AC_MSG_RESULT([yes])
> +- tst_links_libidn="yes"
> +- ],[
> +- AC_MSG_RESULT([no])
> +- tst_links_libidn="no"
> +- ])
> +- fi
> + #
> ++ AC_CHECK_HEADERS( idn2.h )
> ++
> + if test "$tst_links_libidn" = "yes"; then
> +- AC_DEFINE(HAVE_LIBIDN, 1, [Define to 1 if you have the `idn' library (-lidn).])
> ++ AC_DEFINE(HAVE_LIBIDN2, 1, [Define to 1 if you have the `idn2' library (-lidn2).])
> + dnl different versions of libidn have different setups of these:
> +- AC_CHECK_FUNCS( idn_free idna_strerror tld_strerror )
> +- AC_CHECK_HEADERS( idn-free.h tld.h )
> +- if test "x$ac_cv_header_tld_h" = "xyes"; then
> +- AC_SUBST([IDN_ENABLED], [1])
> +- curl_idn_msg="enabled"
> +- if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
> +- LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
> +- export LD_LIBRARY_PATH
> +- AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
> +- fi
> +- else
> +- AC_MSG_WARN([Libraries for IDN support too old: IDN disabled])
> +- CPPFLAGS="$clean_CPPFLAGS"
> +- LDFLAGS="$clean_LDFLAGS"
> +- LIBS="$clean_LIBS"
> ++
> ++ AC_SUBST([IDN_ENABLED], [1])
> ++ curl_idn_msg="enabled (libidn2)"
> ++ if test -n "$IDN_DIR" -a "x$cross_compiling" != "xyes"; then
> ++ LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$IDN_DIR"
> ++ export LD_LIBRARY_PATH
> ++ AC_MSG_NOTICE([Added $IDN_DIR to LD_LIBRARY_PATH])
> + fi
> + else
> + AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
> +diff --git a/lib/curl_setup.h b/lib/curl_setup.h
> +index 33ad129..5fb241b 100644
> +--- a/lib/curl_setup.h
> ++++ b/lib/curl_setup.h
> +@@ -590,10 +590,9 @@ int netware_init(void);
> + #endif
> + #endif
> +
> +-#if defined(HAVE_LIBIDN) && defined(HAVE_TLD_H)
> +-/* The lib was present and the tld.h header (which is missing in libidn 0.3.X
> +- but we only work with libidn 0.4.1 or later) */
> +-#define USE_LIBIDN
> ++#if defined(HAVE_LIBIDN2) && defined(HAVE_IDN2_H)
> ++/* The lib and header are present */
> ++#define USE_LIBIDN2
> + #endif
> +
> + #ifndef SIZEOF_TIME_T
> +diff --git a/lib/easy.c b/lib/easy.c
> +index d529da8..51d57e3 100644
> +--- a/lib/easy.c
> ++++ b/lib/easy.c
> +@@ -144,28 +144,6 @@ static CURLcode win32_init(void)
> + return CURLE_OK;
> + }
> +
> +-#ifdef USE_LIBIDN
> +-/*
> +- * Initialise use of IDNA library.
> +- * It falls back to ASCII if $CHARSET isn't defined. This doesn't work for
> +- * idna_to_ascii_lz().
> +- */
> +-static void idna_init (void)
> +-{
> +-#ifdef WIN32
> +- char buf[60];
> +- UINT cp = GetACP();
> +-
> +- if(!getenv("CHARSET") && cp > 0) {
> +- snprintf(buf, sizeof(buf), "CHARSET=cp%u", cp);
> +- putenv(buf);
> +- }
> +-#else
> +- /* to do? */
> +-#endif
> +-}
> +-#endif /* USE_LIBIDN */
> +-
> + /* true globals -- for curl_global_init() and curl_global_cleanup() */
> + static unsigned int initialized;
> + static long init_flags;
> +@@ -262,10 +240,6 @@ static CURLcode global_init(long flags, bool memoryfuncs)
> + }
> + #endif
> +
> +-#ifdef USE_LIBIDN
> +- idna_init();
> +-#endif
> +-
> + if(Curl_resolver_global_init()) {
> + DEBUGF(fprintf(stderr, "Error: resolver_global_init failed\n"));
> + return CURLE_FAILED_INIT;
> +diff --git a/lib/strerror.c b/lib/strerror.c
> +index d222a1f..bf4faae 100644
> +--- a/lib/strerror.c
> ++++ b/lib/strerror.c
> +@@ -35,8 +35,8 @@
> +
> + #include <curl/curl.h>
> +
> +-#ifdef USE_LIBIDN
> +-#include <idna.h>
> ++#ifdef USE_LIBIDN2
> ++#include <idn2.h>
> + #endif
> +
> + #ifdef USE_WINDOWS_SSPI
> +@@ -723,83 +723,6 @@ const char *Curl_strerror(struct connectdata *conn, int err)
> + return buf;
> + }
> +
> +-#ifdef USE_LIBIDN
> +-/*
> +- * Return error-string for libidn status as returned from idna_to_ascii_lz().
> +- */
> +-const char *Curl_idn_strerror (struct connectdata *conn, int err)
> +-{
> +-#ifdef HAVE_IDNA_STRERROR
> +- (void)conn;
> +- return idna_strerror((Idna_rc) err);
> +-#else
> +- const char *str;
> +- char *buf;
> +- size_t max;
> +-
> +- DEBUGASSERT(conn);
> +-
> +- buf = conn->syserr_buf;
> +- max = sizeof(conn->syserr_buf)-1;
> +- *buf = '\0';
> +-
> +-#ifndef CURL_DISABLE_VERBOSE_STRINGS
> +- switch ((Idna_rc)err) {
> +- case IDNA_SUCCESS:
> +- str = "No error";
> +- break;
> +- case IDNA_STRINGPREP_ERROR:
> +- str = "Error in string preparation";
> +- break;
> +- case IDNA_PUNYCODE_ERROR:
> +- str = "Error in Punycode operation";
> +- break;
> +- case IDNA_CONTAINS_NON_LDH:
> +- str = "Illegal ASCII characters";
> +- break;
> +- case IDNA_CONTAINS_MINUS:
> +- str = "Contains minus";
> +- break;
> +- case IDNA_INVALID_LENGTH:
> +- str = "Invalid output length";
> +- break;
> +- case IDNA_NO_ACE_PREFIX:
> +- str = "No ACE prefix (\"xn--\")";
> +- break;
> +- case IDNA_ROUNDTRIP_VERIFY_ERROR:
> +- str = "Round trip verify error";
> +- break;
> +- case IDNA_CONTAINS_ACE_PREFIX:
> +- str = "Already have ACE prefix (\"xn--\")";
> +- break;
> +- case IDNA_ICONV_ERROR:
> +- str = "Locale conversion failed";
> +- break;
> +- case IDNA_MALLOC_ERROR:
> +- str = "Allocation failed";
> +- break;
> +- case IDNA_DLOPEN_ERROR:
> +- str = "dlopen() error";
> +- break;
> +- default:
> +- snprintf(buf, max, "error %d", err);
> +- str = NULL;
> +- break;
> +- }
> +-#else
> +- if((Idna_rc)err == IDNA_SUCCESS)
> +- str = "No error";
> +- else
> +- str = "Error";
> +-#endif
> +- if(str)
> +- strncpy(buf, str, max);
> +- buf[max] = '\0';
> +- return (buf);
> +-#endif
> +-}
> +-#endif /* USE_LIBIDN */
> +-
> + #ifdef USE_WINDOWS_SSPI
> + const char *Curl_sspi_strerror (struct connectdata *conn, int err)
> + {
> +diff --git a/lib/strerror.h b/lib/strerror.h
> +index ae8c96b..627273e 100644
> +--- a/lib/strerror.h
> ++++ b/lib/strerror.h
> +@@ -7,7 +7,7 @@
> + * | (__| |_| | _ <| |___
> + * \___|\___/|_| \_\_____|
> + *
> +- * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
> ++ * Copyright (C) 1998 - 2016, Daniel Stenberg, <daniel@haxx.se>, et al.
> + *
> + * This software is licensed as described in the file COPYING, which
> + * you should have received as part of this distribution. The terms
> +@@ -26,7 +26,7 @@
> +
> + const char *Curl_strerror (struct connectdata *conn, int err);
> +
> +-#ifdef USE_LIBIDN
> ++#ifdef USE_LIBIDN2
> + const char *Curl_idn_strerror (struct connectdata *conn, int err);
> + #endif
> +
> +diff --git a/lib/url.c b/lib/url.c
> +index 8832989..8d52152 100644
> +--- a/lib/url.c
> ++++ b/lib/url.c
> +@@ -59,24 +59,15 @@
> + #include <limits.h>
> + #endif
> +
> +-#ifdef USE_LIBIDN
> +-#include <idna.h>
> +-#include <tld.h>
> +-#include <stringprep.h>
> +-#ifdef HAVE_IDN_FREE_H
> +-#include <idn-free.h>
> +-#else
> +-/* prototype from idn-free.h, not provided by libidn 0.4.5's make install! */
> +-void idn_free (void *ptr);
> +-#endif
> +-#ifndef HAVE_IDN_FREE
> +-/* if idn_free() was not found in this version of libidn use free() instead */
> +-#define idn_free(x) (free)(x)
> +-#endif
> ++#ifdef USE_LIBIDN2
> ++#include <idn2.h>
> ++
> + #elif defined(USE_WIN32_IDN)
> + /* prototype for curl_win32_idn_to_ascii() */
> + int curl_win32_idn_to_ascii(const char *in, char **out);
> +-#endif /* USE_LIBIDN */
> ++#endif /* USE_LIBIDN2 */
> ++
> ++#include <idn2.h>
> +
> + #include "urldata.h"
> + #include "netrc.h"
> +@@ -3693,59 +3684,15 @@ static bool is_ASCII_name(const char *hostname)
> + return TRUE;
> + }
> +
> +-#ifdef USE_LIBIDN
> +-/*
> +- * Check if characters in hostname is allowed in Top Level Domain.
> +- */
> +-static bool tld_check_name(struct SessionHandle *data,
> +- const char *ace_hostname)
> +-{
> +- size_t err_pos;
> +- char *uc_name = NULL;
> +- int rc;
> +-#ifndef CURL_DISABLE_VERBOSE_STRINGS
> +- const char *tld_errmsg = "<no msg>";
> +-#else
> +- (void)data;
> +-#endif
> +-
> +- /* Convert (and downcase) ACE-name back into locale's character set */
> +- rc = idna_to_unicode_lzlz(ace_hostname, &uc_name, 0);
> +- if(rc != IDNA_SUCCESS)
> +- return FALSE;
> +-
> +- rc = tld_check_lz(uc_name, &err_pos, NULL);
> +-#ifndef CURL_DISABLE_VERBOSE_STRINGS
> +-#ifdef HAVE_TLD_STRERROR
> +- if(rc != TLD_SUCCESS)
> +- tld_errmsg = tld_strerror((Tld_rc)rc);
> +-#endif
> +- if(rc == TLD_INVALID)
> +- infof(data, "WARNING: %s; pos %u = `%c'/0x%02X\n",
> +- tld_errmsg, err_pos, uc_name[err_pos],
> +- uc_name[err_pos] & 255);
> +- else if(rc != TLD_SUCCESS)
> +- infof(data, "WARNING: TLD check for %s failed; %s\n",
> +- uc_name, tld_errmsg);
> +-#endif /* CURL_DISABLE_VERBOSE_STRINGS */
> +- if(uc_name)
> +- idn_free(uc_name);
> +- if(rc != TLD_SUCCESS)
> +- return FALSE;
> +-
> +- return TRUE;
> +-}
> +-#endif
> +-
> + /*
> + * Perform any necessary IDN conversion of hostname
> + */
> +-static void fix_hostname(struct SessionHandle *data,
> +- struct connectdata *conn, struct hostname *host)
> ++static void fix_hostname(struct connectdata *conn, struct hostname *host)
> + {
> + size_t len;
> ++ struct Curl_easy *data = conn->data;
> +
> +-#ifndef USE_LIBIDN
> ++#ifndef USE_LIBIDN2
> + (void)data;
> + (void)conn;
> + #elif defined(CURL_DISABLE_VERBOSE_STRINGS)
> +@@ -3762,26 +3709,18 @@ static void fix_hostname(struct SessionHandle *data,
> + host->name[len-1]=0;
> +
> + if(!is_ASCII_name(host->name)) {
> +-#ifdef USE_LIBIDN
> +- /*************************************************************
> +- * Check name for non-ASCII and convert hostname to ACE form.
> +- *************************************************************/
> +- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
> +- char *ace_hostname = NULL;
> +- int rc = idna_to_ascii_lz(host->name, &ace_hostname, 0);
> +- infof (data, "Input domain encoded as `%s'\n",
> +- stringprep_locale_charset ());
> +- if(rc != IDNA_SUCCESS)
> +- infof(data, "Failed to convert %s to ACE; %s\n",
> +- host->name, Curl_idn_strerror(conn, rc));
> +- else {
> +- /* tld_check_name() displays a warning if the host name contains
> +- "illegal" characters for this TLD */
> +- (void)tld_check_name(data, ace_hostname);
> +-
> +- host->encalloc = ace_hostname;
> +- /* change the name pointer to point to the encoded hostname */
> +- host->name = host->encalloc;
> ++#ifdef USE_LIBIDN2
> ++ if(idn2_check_version(IDN2_VERSION)) {
> ++ char *ace_hostname = NULL;
> ++ int rc = idn2_lookup_ul((const char *)host->name, &ace_hostname, 0);
> ++ if(rc == IDN2_OK) {
> ++ host->encalloc = (char *)ace_hostname;
> ++ /* change the name pointer to point to the encoded hostname */
> ++ host->name = host->encalloc;
> ++ }
> ++ else
> ++ infof(data, "Failed to convert %s to ACE; %s\n", host->name,
> ++ idn2_strerror(rc));
> + }
> + }
> + #elif defined(USE_WIN32_IDN)
> +@@ -3809,9 +3748,9 @@ static void fix_hostname(struct SessionHandle *data,
> + */
> + static void free_fixed_hostname(struct hostname *host)
> + {
> +-#if defined(USE_LIBIDN)
> ++#if defined(USE_LIBIDN2)
> + if(host->encalloc) {
> +- idn_free(host->encalloc); /* must be freed with idn_free() since this was
> ++ idn2_free(host->encalloc); /* must be freed with idn2_free() since this was
> + allocated by libidn */
> + host->encalloc = NULL;
> + }
> +@@ -5707,9 +5646,9 @@ static CURLcode create_conn(struct SessionHandle *data,
> + /*************************************************************
> + * IDN-fix the hostnames
> + *************************************************************/
> +- fix_hostname(data, conn, &conn->host);
> ++ fix_hostname(conn, &conn->host);
> + if(conn->proxy.name && *conn->proxy.name)
> +- fix_hostname(data, conn, &conn->proxy);
> ++ fix_hostname(conn, &conn->proxy);
> +
> + /*************************************************************
> + * Setup internals depending on protocol. Needs to be done after
> +diff --git a/lib/version.c b/lib/version.c
> +index 7f14fa5..a5c9811 100644
> +--- a/lib/version.c
> ++++ b/lib/version.c
> +@@ -36,8 +36,8 @@
> + # include <ares.h>
> + #endif
> +
> +-#ifdef USE_LIBIDN
> +-#include <stringprep.h>
> ++#ifdef USE_LIBIDN2
> ++#include <idn2.h>
> + #endif
> +
> + #ifdef USE_LIBPSL
> +@@ -97,9 +97,9 @@ char *curl_version(void)
> + left -= len;
> + ptr += len;
> + #endif
> +-#ifdef USE_LIBIDN
> +- if(stringprep_check_version(LIBIDN_REQUIRED_VERSION)) {
> +- len = snprintf(ptr, left, " libidn/%s", stringprep_check_version(NULL));
> ++#ifdef USE_LIBIDN2
> ++ if(idn2_check_version(IDN2_VERSION)) {
> ++ len = snprintf(ptr, left, " libidn2/%s", idn2_check_version(NULL));
> + left -= len;
> + ptr += len;
> + }
> +@@ -344,10 +344,10 @@ curl_version_info_data *curl_version_info(CURLversion stamp)
> + version_info.ares_num = aresnum;
> + }
> + #endif
> +-#ifdef USE_LIBIDN
> ++#ifdef USE_LIBIDN2
> + /* This returns a version string if we use the given version or later,
> + otherwise it returns NULL */
> +- version_info.libidn = stringprep_check_version(LIBIDN_REQUIRED_VERSION);
> ++ version_info.libidn = idn2_check_version(IDN2_VERSION);
> + if(version_info.libidn)
> + version_info.features |= CURL_VERSION_IDN;
> + #elif defined(USE_WIN32_IDN)
> diff --git a/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch b/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch
> new file mode 100644
> index 0000000..7e2287d
> --- /dev/null
> +++ b/meta/recipes-support/curl/curl/url-remove-unconditional-idn2.h-include.patch
> @@ -0,0 +1,29 @@
> +From c27013c05d99d92370b57e1a7af1b854eef4e7c1 Mon Sep 17 00:00:00 2001
> +From: Daniel Stenberg <daniel@haxx.se>
> +Date: Mon, 31 Oct 2016 09:49:50 +0100
> +Subject: [PATCH] url: remove unconditional idn2.h include
> +
> +Mistake brought by 9c91ec778104a
> +
> +Upstream-Status: Backport
> +Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
> +---
> + lib/url.c | 2 --
> + 1 file changed, 2 deletions(-)
> +
> +diff --git a/lib/url.c b/lib/url.c
> +index c90a1c5..b997f41 100644
> +--- a/lib/url.c
> ++++ b/lib/url.c
> +@@ -67,8 +67,6 @@
> + bool curl_win32_idn_to_ascii(const char *in, char **out);
> + #endif /* USE_LIBIDN2 */
> +
> +-#include <idn2.h>
> +-
> + #include "urldata.h"
> + #include "netrc.h"
> +
> +--
> +1.9.1
> +
> diff --git a/meta/recipes-support/curl/curl_7.47.1.bb b/meta/recipes-support/curl/curl_7.47.1.bb
> index 3670a11..7fab7cf 100644
> --- a/meta/recipes-support/curl/curl_7.47.1.bb
> +++ b/meta/recipes-support/curl/curl_7.47.1.bb
> @@ -15,6 +15,18 @@ SRC_URI += " file://configure_ac.patch \
> file://CVE-2016-5420.patch \
> file://CVE-2016-5421.patch \
> file://CVE-2016-7141.patch \
> + file://CVE-2016-8615.patch \
> + file://CVE-2016-8616.patch \
> + file://CVE-2016-8617.patch \
> + file://CVE-2016-8618.patch \
> + file://CVE-2016-8619.patch \
> + file://CVE-2016-8620.patch \
> + file://CVE-2016-8621.patch \
> + file://CVE-2016-8622.patch \
> + file://CVE-2016-8623.patch \
> + file://CVE-2016-8624.patch \
> + file://CVE-2016-8625.patch \
> + file://url-remove-unconditional-idn2.h-include.patch \
> "
>
> SRC_URI[md5sum] = "9ea3123449439bbd960cd25cf98796fb"
^ permalink raw reply
* Re: [PATCH v2 08/10] wic: selftest: do not repeat core-image-minimal
From: Maciej Borzęcki @ 2016-11-10 20:33 UTC (permalink / raw)
To: Burton, Ross; +Cc: Paul Eggleton, Maciej Borzecki, OE-core
In-Reply-To: <CAJTo0LbKYTd9SRZgHHHyuF0Wt+7AqYdLcweUTO78ROgYsG9VYA@mail.gmail.com>
On Thu, Nov 10, 2016 at 9:15 PM, Burton, Ross <ross.burton@intel.com> wrote:
>
> On 10 November 2016 at 12:18, Maciej Borzecki <maciej.borzecki@rndity.com>
> wrote:
>>
>> def test_qemux86_directdisk(self):
>> """Test creation of qemux-86-directdisk image"""
>> image = "qemux86-directdisk"
>> - self.assertEqual(0, runCmd("wic create %s -e core-image-minimal"
>> \
>> - % image).status)
>> + wic_cmd_vars = {
>> + 'wks': image,
>> + 'image': self.OE_IMAGE,
>> + }
>> + self.assertEqual(0, runCmd("wic create %(wks)s -e %(image)s" \
>> + % wic_cmd_vars).status)
>
>
> Is it just me who thinks that this is more understandable then?
>
> def test_qemux86_directdisk(self):
> self.assertEqual(0, runCmd("wic create qemux86-directdisk -e
> core-image-minimal").status)
> self.assertEqual(1, len(glob(os.path.join(self.resultdir,
> "core-image-minimal-*direct"))))
>
> Not my test case so just an opinion :)
>
Now that I look at this patch, I probably might have overdone it a little. Let's
wait and see what Ed thinks about this change. I suppose there might be a need
for v3 of this series, in which case I'll just drop this patch and rebase the
remaining patches.
Cheers,
--
Maciej Borzecki
RnDity
^ permalink raw reply
* Re: [Patch v2 12/14] ltp: Reduce duplication in MIPS variants.
From: Burton, Ross @ 2016-11-10 20:24 UTC (permalink / raw)
To: Zubair Lutfullah Kakakhel; +Cc: OE-core
In-Reply-To: <7e997c0b-1fe2-5881-f977-48b180b36545@imgtec.com>
[-- Attachment #1: Type: text/plain, Size: 326 bytes --]
On 10 November 2016 at 11:37, Zubair Lutfullah Kakakhel <
Zubair.Kakakhel@imgtec.com> wrote:
> I can't seem to be able to reproduce this error using just my patches on
> top of poky master.
>
Yeah me neither. I love it when the autobuilder does this. I'll throw it
back into the mix and see what happens.
Ross
[-- Attachment #2: Type: text/html, Size: 743 bytes --]
^ permalink raw reply
* Re: [PATCH v2 08/10] wic: selftest: do not repeat core-image-minimal
From: Burton, Ross @ 2016-11-10 20:15 UTC (permalink / raw)
To: Maciej Borzecki; +Cc: Paul Eggleton, Maciej Borzecki, OE-core
In-Reply-To: <504135c9082216ff89af282dfcb686a50b22f578.1478779674.git.maciej.borzecki@rndity.com>
[-- Attachment #1: Type: text/plain, Size: 964 bytes --]
On 10 November 2016 at 12:18, Maciej Borzecki <maciej.borzecki@rndity.com>
wrote:
> def test_qemux86_directdisk(self):
> """Test creation of qemux-86-directdisk image"""
> image = "qemux86-directdisk"
> - self.assertEqual(0, runCmd("wic create %s -e core-image-minimal" \
> - % image).status)
> + wic_cmd_vars = {
> + 'wks': image,
> + 'image': self.OE_IMAGE,
> + }
> + self.assertEqual(0, runCmd("wic create %(wks)s -e %(image)s" \
> + % wic_cmd_vars).status)
>
Is it just me who thinks that this is more understandable then?
def test_qemux86_directdisk(self):
self.assertEqual(0, runCmd("wic create qemux86-directdisk -e
core-image-minimal").status)
self.assertEqual(1, len(glob(os.path.join(self.resultdir,
"core-image-minimal-*direct"))))
Not my test case so just an opinion :)
Ross
[-- Attachment #2: Type: text/html, Size: 1836 bytes --]
^ permalink raw reply
* Re: [PATCH v2 06/10] oe-selftest: fix handling of test cases without ID in --list-tests-by
From: Maciej Borzęcki @ 2016-11-10 20:14 UTC (permalink / raw)
To: Burton, Ross; +Cc: Paul Eggleton, Maciej Borzecki, OE-core
In-Reply-To: <CAJTo0LbnJydYvd8a7e_AXM-h3v7pHB0S_EQUsZyBFu=mS7_L1g@mail.gmail.com>
On Thu, Nov 10, 2016 at 9:05 PM, Burton, Ross <ross.burton@intel.com> wrote:
>
> On 10 November 2016 at 12:18, Maciej Borzecki <maciej.borzecki@rndity.com>
> wrote:
>>
>> - ts = sorted([ (tc.tcid, tc.tctag, tc.tcname, tc.tcclass, tc.tcmodule)
>> for tc in get_testsuite_by(criteria, keyword) ])
>> -
>> - print('%-4s\t%-20s\t%-60s\t%-25s\t%-20s' % ('id', 'tag', 'name',
>> 'class', 'module'))
>> + def tc_key(t):
>> + if t[0] is None:
>> + return (0,) + t[1:]
>> + return t
>> + # tcid may be None if no ID was assigned, in which case sorted() will
>> throw
>> + # a TypeError as Python 3 does not allow comparison (<,<=,>=,>) of
>> + # heterogeneous types, handle this by using a custom key generator
>> + ts = sorted([ (tc.tcid, tc.tctag, tc.tcname, tc.tcclass, tc.tcmodule)
>> \
>> + for tc in get_testsuite_by(criteria, keyword) ],
>> key=tc_key)
>
>
> Wouldn't a shorter (but untested!) form alternative be just?
>
> - ts = sorted([ (tc.tcid, tc.tctag, tc.tcname, tc.tcclass, tc.tcmodule)
> for tc in get_testsuite_by(criteria, keyword) ])
> + ts = sorted([ (tc.tcid or 0, tc.tctag, tc.tcname, tc.tcclass,
> tc.tcmodule) for tc in get_testsuite_by(criteria, keyword) ])
>
Well, yes, that would work too. A downside though, is that the output of
--list-tests and --list-tests would be different. For --list-test, TCs without
ID would have None in the first column, while the same TCs in --lists-tests-by
would end up having 0.
I've tried to keep the output of both tools consistent. Also, 'None' seems to be
more a better fit in this case, as there's no ID.
Cheers,
--
Maciej Borzecki
RnDity
^ permalink raw reply
* Re: [PATCH v2 06/10] oe-selftest: fix handling of test cases without ID in --list-tests-by
From: Burton, Ross @ 2016-11-10 20:05 UTC (permalink / raw)
To: Maciej Borzecki; +Cc: Paul Eggleton, Maciej Borzecki, OE-core
In-Reply-To: <cdfe7f669ad98f3d36c074e847e9ecd29eeab86b.1478779674.git.maciej.borzecki@rndity.com>
[-- Attachment #1: Type: text/plain, Size: 1167 bytes --]
On 10 November 2016 at 12:18, Maciej Borzecki <maciej.borzecki@rndity.com>
wrote:
> - ts = sorted([ (tc.tcid, tc.tctag, tc.tcname, tc.tcclass, tc.tcmodule)
> for tc in get_testsuite_by(criteria, keyword) ])
> -
> - print('%-4s\t%-20s\t%-60s\t%-25s\t%-20s' % ('id', 'tag', 'name',
> 'class', 'module'))
> + def tc_key(t):
> + if t[0] is None:
> + return (0,) + t[1:]
> + return t
> + # tcid may be None if no ID was assigned, in which case sorted() will
> throw
> + # a TypeError as Python 3 does not allow comparison (<,<=,>=,>) of
> + # heterogeneous types, handle this by using a custom key generator
> + ts = sorted([ (tc.tcid, tc.tctag, tc.tcname, tc.tcclass, tc.tcmodule)
> \
> + for tc in get_testsuite_by(criteria, keyword) ],
> key=tc_key)
>
Wouldn't a shorter (but untested!) form alternative be just?
- ts = sorted([ (tc.tcid, tc.tctag, tc.tcname, tc.tcclass, tc.tcmodule)
for tc in get_testsuite_by(criteria, keyword) ])
+ ts = sorted([ (tc.tcid or 0, tc.tctag, tc.tcname, tc.tcclass,
tc.tcmodule) for tc in get_testsuite_by(criteria, keyword) ])
Ross
[-- Attachment #2: Type: text/html, Size: 2161 bytes --]
^ permalink raw reply
* Re: [PATCH V2] sqlite3: Revert ad601c7962 from 3.14.1 amalgamation package
From: Patrick Ohly @ 2016-11-10 19:38 UTC (permalink / raw)
To: Jianxun Zhang; +Cc: Olev Kartau, openembedded-core
In-Reply-To: <1478800392.3449.79.camel@intel.com>
On Thu, 2016-11-10 at 18:53 +0100, Patrick Ohly wrote:
> On Thu, 2016-10-13 at 13:16 -0700, Jianxun Zhang wrote:
> > It turns out this change between 3.12.2 and 3.13 introduces
> > a 2% increase of build time based on statistic data in
> > bz10367.
>
> Let me add that this patch increased build performance in Ostro even
> more: apparently one big impact of the sqlite performance issue is on
> pseudo. Ostro depends fairly heavily on pseudo because of meta-swupd and
> xattrs on all files.
>
> When this patch and others recently landed in Ostro, total build times
> dropped from 4:46h (build #508,
> https://ostroproject.org/jenkins/job/build_intel-corei7-64/2763/console)
> to 2:07h (build #510,
> https://ostroproject.org/jenkins/job/build_intel-corei7-64/2831/console).
In case that someone wonders: in addition to that enhancement, we can
still do even better by also reducing the work that meta-swupd causes. A
build with my recent meta-swupd enhancements takes the build time down
to 1:05h.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
^ permalink raw reply
* Re: [PATCH V2] sqlite3: Revert ad601c7962 from 3.14.1 amalgamation package
From: Jussi Kukkonen @ 2016-11-10 18:32 UTC (permalink / raw)
To: Patrick Ohly; +Cc: Patches and discussions about the oe-core layer, Olev Kartau
In-Reply-To: <1478800392.3449.79.camel@intel.com>
[-- Attachment #1: Type: text/plain, Size: 4036 bytes --]
On 10 November 2016 at 19:53, Patrick Ohly <patrick.ohly@intel.com> wrote:
> On Thu, 2016-10-13 at 13:16 -0700, Jianxun Zhang wrote:
> > It turns out this change between 3.12.2 and 3.13 introduces
> > a 2% increase of build time based on statistic data in
> > bz10367.
>
> Let me add that this patch increased build performance in Ostro even
> more: apparently one big impact of the sqlite performance issue is on
> pseudo. Ostro depends fairly heavily on pseudo because of meta-swupd and
> xattrs on all files.
>
> When this patch and others recently landed in Ostro, total build times
> dropped from 4:46h (build #508,
> https://ostroproject.org/jenkins/job/build_intel-corei7-64/2763/console)
> to 2:07h (build #510,
> https://ostroproject.org/jenkins/job/build_intel-corei7-64/2831/console).
>
> That could also be because of other improvements, perhaps even in our CI
> hardware, so take those numbers with a large chunk of salt.
>
> However, in local builds with and without this patch (i.e. everything
> else the same) I also see big differences for pseudo-heavy operations:
>
> $ buildstats-diff --diff-attr walltime --min-val 60 with-patch/
> without-patch/
> Ignoring tasks less than 01:00.0 (60.0s)
> Ignoring differences less than 00:02.0 (2.0s)
>
> PKG TASK
> ABSDIFF RELDIFF WALLTIME1 -> WALLTIME2
> ...
> bundle-ostro-image-swupd-qa-bundle-b do_rootfs
> 78.1s +115.4% 67.7s -> 145.8s
> bundle-ostro-image-swupd-qa-bundle-a do_rootfs
> 80.3s +116.8% 68.8s -> 149.1s
> bundle-ostro-image-swupd-qa-bundle-a do_image
> 106.8s +291.9% 36.6s -> 143.3s
> bundle-ostro-image-swupd-qa-bundle-b do_image
> 107.9s +298.2% 36.2s -> 144.1s
> bundle-ostro-image-swupd-mega do_image
> 244.4s +74.2% 329.2s -> 573.6s
> bundle-ostro-image-swupd-world-dev do_rootfs
> 246.7s +207.2% 119.1s -> 365.8s
> bundle-ostro-image-swupd-world-dev do_image
> 269.2s +83.5% 322.6s -> 591.7s
> bundle-ostro-image-swupd-mega do_rootfs
> 272.6s +246.1% 110.8s -> 383.3s
> ostro-image-swupd do_rootfs
> 676.1s +808.1% 83.7s -> 759.8s
> bundle-ostro-image-swupd-world-dev do_copy_bundle_contents
> 1339.5s +2957.6% 45.3s -> 1384.8s
> bundle-ostro-image-swupd-qa-bundle-b do_copy_bundle_contents
> 1475.0s +3147.8% 46.9s -> 1521.9s
> bundle-ostro-image-swupd-qa-bundle-a do_copy_bundle_contents
> 1503.9s +3283.0% 45.8s -> 1549.8s
>
> Cumulative walltime:
> 6070.9s +326.9% 30:57.3 (1857.3s) -> 2:12:08.2 (7928.2s)
>
yikes.
So it really seems that the sqlite change is a very relevant
> improvement.
>
> That leads me to a bigger question: has upstream been notified about
> this?
>
> Our observation may also be relevant to other sqlite users. Besides, not
> getting this fixed upstream means that we'll have to do the same tricky
> revert for the next upstream version update.
>
Completely true. It may also be worthwhile to profile what pseudo is really
doing. The feeling I had was that there could be something going wrong
there as recipes that install lots of files not only take very long but
also create _very_ large database file: The increases do not seem even
close to linear as one might expect. Seebs gave some advice about this in
the bug (https://bugzilla.yoctoproject.org/show_bug.cgi?id=10367#c11).
Jussi
> --
> Best Regards, Patrick Ohly
>
> The content of this message is my personal opinion only and although
> I am an employee of Intel, the statements I make here in no way
> represent Intel's position on the issue, nor am I authorized to speak
> on behalf of Intel on this matter.
>
>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
[-- Attachment #2: Type: text/html, Size: 6094 bytes --]
^ permalink raw reply
* [PATCH] swig: upgrade to 3.0.10
From: Edwin Plauchu @ 2016-11-10 17:55 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Edwin Plauchu <edwin.plauchu.camacho@linux.intel.com>
---
meta/recipes-devtools/swig/{swig_3.0.8.bb => swig_3.0.10.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta/recipes-devtools/swig/{swig_3.0.8.bb => swig_3.0.10.bb} (58%)
diff --git a/meta/recipes-devtools/swig/swig_3.0.8.bb b/meta/recipes-devtools/swig/swig_3.0.10.bb
similarity index 58%
rename from meta/recipes-devtools/swig/swig_3.0.8.bb
rename to meta/recipes-devtools/swig/swig_3.0.10.bb
index c1b820e..44c26c4 100644
--- a/meta/recipes-devtools/swig/swig_3.0.8.bb
+++ b/meta/recipes-devtools/swig/swig_3.0.10.bb
@@ -3,6 +3,6 @@ require ${BPN}.inc
SRC_URI += "file://0001-Use-proc-self-exe-for-swig-swiglib-on-non-Win32-plat.patch \
file://0001-configure-use-pkg-config-for-pcre-detection.patch \
"
-SRC_URI[md5sum] = "c96a1d5ecb13d38604d7e92148c73c97"
-SRC_URI[sha256sum] = "58a475dbbd4a4d7075e5fe86d4e54c9edde39847cdb96a3053d87cb64a23a453"
+SRC_URI[md5sum] = "bb4ab8047159469add7d00910e203124"
+SRC_URI[sha256sum] = "2939aae39dec06095462f1b95ce1c958ac80d07b926e48871046d17c0094f44c"
--
1.9.1
^ permalink raw reply related
* Re: [PATCH V2] sqlite3: Revert ad601c7962 from 3.14.1 amalgamation package
From: Patrick Ohly @ 2016-11-10 17:53 UTC (permalink / raw)
To: Jianxun Zhang; +Cc: Olev Kartau, openembedded-core
In-Reply-To: <1476389794-109684-1-git-send-email-jianxun.zhang@linux.intel.com>
On Thu, 2016-10-13 at 13:16 -0700, Jianxun Zhang wrote:
> It turns out this change between 3.12.2 and 3.13 introduces
> a 2% increase of build time based on statistic data in
> bz10367.
Let me add that this patch increased build performance in Ostro even
more: apparently one big impact of the sqlite performance issue is on
pseudo. Ostro depends fairly heavily on pseudo because of meta-swupd and
xattrs on all files.
When this patch and others recently landed in Ostro, total build times
dropped from 4:46h (build #508,
https://ostroproject.org/jenkins/job/build_intel-corei7-64/2763/console)
to 2:07h (build #510,
https://ostroproject.org/jenkins/job/build_intel-corei7-64/2831/console).
That could also be because of other improvements, perhaps even in our CI
hardware, so take those numbers with a large chunk of salt.
However, in local builds with and without this patch (i.e. everything
else the same) I also see big differences for pseudo-heavy operations:
$ buildstats-diff --diff-attr walltime --min-val 60 with-patch/ without-patch/
Ignoring tasks less than 01:00.0 (60.0s)
Ignoring differences less than 00:02.0 (2.0s)
PKG TASK ABSDIFF RELDIFF WALLTIME1 -> WALLTIME2
...
bundle-ostro-image-swupd-qa-bundle-b do_rootfs 78.1s +115.4% 67.7s -> 145.8s
bundle-ostro-image-swupd-qa-bundle-a do_rootfs 80.3s +116.8% 68.8s -> 149.1s
bundle-ostro-image-swupd-qa-bundle-a do_image 106.8s +291.9% 36.6s -> 143.3s
bundle-ostro-image-swupd-qa-bundle-b do_image 107.9s +298.2% 36.2s -> 144.1s
bundle-ostro-image-swupd-mega do_image 244.4s +74.2% 329.2s -> 573.6s
bundle-ostro-image-swupd-world-dev do_rootfs 246.7s +207.2% 119.1s -> 365.8s
bundle-ostro-image-swupd-world-dev do_image 269.2s +83.5% 322.6s -> 591.7s
bundle-ostro-image-swupd-mega do_rootfs 272.6s +246.1% 110.8s -> 383.3s
ostro-image-swupd do_rootfs 676.1s +808.1% 83.7s -> 759.8s
bundle-ostro-image-swupd-world-dev do_copy_bundle_contents 1339.5s +2957.6% 45.3s -> 1384.8s
bundle-ostro-image-swupd-qa-bundle-b do_copy_bundle_contents 1475.0s +3147.8% 46.9s -> 1521.9s
bundle-ostro-image-swupd-qa-bundle-a do_copy_bundle_contents 1503.9s +3283.0% 45.8s -> 1549.8s
Cumulative walltime:
6070.9s +326.9% 30:57.3 (1857.3s) -> 2:12:08.2 (7928.2s)
So it really seems that the sqlite change is a very relevant
improvement.
That leads me to a bigger question: has upstream been notified about
this?
Our observation may also be relevant to other sqlite users. Besides, not
getting this fixed upstream means that we'll have to do the same tricky
revert for the next upstream version update.
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
^ permalink raw reply
* Re: [PATCH] python3-native: Extend RPROVIDES list
From: Burton, Ross @ 2016-11-10 17:36 UTC (permalink / raw)
To: Otavio Salvador; +Cc: Otavio Salvador, OpenEmbedded Core Mailing List
In-Reply-To: <CAP9ODKoQNOgTWgsW=ZTDvU5hBgjCGaF_=YWcA+rjhxoy5wVXfg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 328 bytes --]
On 10 November 2016 at 17:29, Otavio Salvador <
otavio.salvador@ossystems.com.br> wrote:
> I am fine in doing so but this fix is important for us and it is
> trivial enough to allow backport for krogoth and morty.
>
Absolutely. I've marked this to merge, and will file a bug for extending
the manifest tool.
Ross
[-- Attachment #2: Type: text/html, Size: 739 bytes --]
^ permalink raw reply
* Re: [PATCH] python3-native: Extend RPROVIDES list
From: Otavio Salvador @ 2016-11-10 17:29 UTC (permalink / raw)
To: Burton, Ross; +Cc: Otavio Salvador, OpenEmbedded Core Mailing List
In-Reply-To: <CAJTo0LbQYQwY07evm3Re4x2_Bu-6AmcCW3_=GuAWGOJxGxFQ9A@mail.gmail.com>
On Thu, Nov 10, 2016 at 3:08 PM, Burton, Ross <ross.burton@intel.com> wrote:
>
> On 10 November 2016 at 12:14, Otavio Salvador <otavio@ossystems.com.br>
> wrote:
>>
>> @@ -46,6 +46,9 @@ RPROVIDES += " \
>> python3-compression-native \
>> python3-core-native \
>> python3-distutils-native \
>> + python3-datetime-native \
>> + python3-enum-native \
>> + python3-terminal-native \
>> python3-email-native \
>> python3-importlib-native \
>> python3-io-native \
>
>
> Is it time to extend the manifest script to write this for us?
I am fine in doing so but this fix is important for us and it is
trivial enough to allow backport for krogoth and morty.
--
Otavio Salvador O.S. Systems
http://www.ossystems.com.br http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854 Mobile: +1 (347) 903-9750
^ permalink raw reply
* Re: [PATCH] python3-native: Extend RPROVIDES list
From: Burton, Ross @ 2016-11-10 17:08 UTC (permalink / raw)
To: Otavio Salvador; +Cc: OpenEmbedded Core Mailing List
In-Reply-To: <20161110121414.12937-1-otavio@ossystems.com.br>
[-- Attachment #1: Type: text/plain, Size: 492 bytes --]
On 10 November 2016 at 12:14, Otavio Salvador <otavio@ossystems.com.br>
wrote:
> @@ -46,6 +46,9 @@ RPROVIDES += " \
> python3-compression-native \
> python3-core-native \
> python3-distutils-native \
> + python3-datetime-native \
> + python3-enum-native \
> + python3-terminal-native \
> python3-email-native \
> python3-importlib-native \
> python3-io-native \
>
Is it time to extend the manifest script to write this for us?
Ross
[-- Attachment #2: Type: text/html, Size: 944 bytes --]
^ permalink raw reply
* [PATCH] sanity.bbclass: fix logging of an error
From: Markus Lehtonen @ 2016-11-10 14:57 UTC (permalink / raw)
To: openembedded-core
Fixes a crash in exception handler. All bb logging functions need an
string instances as arguments.
Signed-off-by: Markus Lehtonen <markus.lehtonen@linux.intel.com>
---
meta/classes/sanity.bbclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/classes/sanity.bbclass b/meta/classes/sanity.bbclass
index 7682ffb..9db3f1d 100644
--- a/meta/classes/sanity.bbclass
+++ b/meta/classes/sanity.bbclass
@@ -565,7 +565,7 @@ def sanity_check_conffiles(d):
try:
bb.build.exec_func(func, d, pythonexception=True)
except NotImplementedError as e:
- bb.fatal(e)
+ bb.fatal(str(e))
d.setVar("BB_INVALIDCONF", True)
def sanity_handle_abichanges(status, d):
--
2.6.6
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox