From patchwork Thu Feb 3 19:50:25 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3257 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26C3BC433F5 for ; Thu, 3 Feb 2022 19:51:03 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web10.2837.1643917862424548413 for ; Thu, 03 Feb 2022 11:51:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=g6oe5C1V; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id z5so3108728plg.8 for ; Thu, 03 Feb 2022 11:51:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=aWfyVunrpC62K/4Hv6x663odpVJWC+8DBs7n6iMdZPE=; b=g6oe5C1V9IEb1aTIw41h+4/N778jXySxHUNxewp3q3c7lMCGMcfDyln2fMQin01ISg dSldAOgBVLGN6i4lo5pV7i3UQnF2TZ/ZV2knr51R3E/2dJwg8X4jx79DB2sdrs/wjDJ3 g+QaUdr3+rr+MbyMYCSkfqLt8QXyMiSa6m37ZXpkP3nACQGsX0fNprBkVIyyxVAAhEGD loQJ6Fr8AjqtJQdHCJbFlGLWg9jycsOFH0NcioeQytdbSRqWPw/SC6CJI+mGIQARBtoZ GJWP5EJdEnh+ZYzgyfp9JaJ7UIAIB5FHi7Ak88NiwndqMo38erSXhdkAY5op4Sq8eN5f 6Tlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=aWfyVunrpC62K/4Hv6x663odpVJWC+8DBs7n6iMdZPE=; b=kE6jQ2/nl8D+zNi4c6ljtkl2KhtORAiSV4s4LL+VJVNVvuDiKk0DHMIrbDoaisattL MFOv+IsGZXYQSV9a/XrZ6TpRqCJ/cdvwhLgbu71zaJOK4UU7cr3HsxYBnr+SYxkjvhdj w2u0t05LLJHSRQqSlkC0QL+y0eryReD8X0KZ/D8vMSA4CRBdodxCo0q0O4nLjYkN3m3G NBi1jt9kdfrUaWDoia+tmq7fiUOA6ulR6tcMLbR2+ahuqpe3x6FMJRaA3RuA9z+vD2cl 5+ztOu1cdrlZlAJBMk4YUsvrj5/ssrJIDTZk9s0S/klLAEXDcFqg8Udy6cXG05t3TKOQ 1ZGw== X-Gm-Message-State: AOAM533F3+yCnC+Kden7E9ptsov99y/YdEXBStJ3zmvbJkaSdR9aGrpD 6MwSVdnhUD5XYNRQOemgVCJFOfbAiekZGBpJ X-Google-Smtp-Source: ABdhPJxB0cI5q7/Vl802m931R7xghJg+lDnnAAeej22U6ENFDoblfvQloLg6hEyCHxIXiKNG+kKjcA== X-Received: by 2002:a17:902:e5c7:: with SMTP id u7mr37724030plf.156.1643917861266; Thu, 03 Feb 2022 11:51:01 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.50.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:00 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/20] glibc: update to lastest 2.31 release HEAD Date: Thu, 3 Feb 2022 09:50:25 -1000 Message-Id: <8785405a214b5af5da0b5deae559539531b1c237.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:03 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161296 Includes the following fixes: 3ef8be9b89 CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bug 28768) e5c8da9826 : Support compat_symbol_reference for _ISOMAC 412aaf1522 sunrpc: Test case for clnt_create "unix" buffer overflow (bug 22542) c4c833d3dd CVE-2022-23219: Buffer overflow in sunrpc clnt_create for "unix" (bug 22542) 547b63bf6d socket: Add the __sockaddr_un_set function b061e95277 Revert "Fix __minimal_malloc segfaults in __mmap due to stack-protector" 95e206b67f Fix __minimal_malloc segfaults in __mmap due to stack-protector e26a2db141 gconv: Do not emit spurious NUL character in ISO-2022-JP-3 (bug 28524) 094618d401 x86_64: Remove unneeded static PIE check for undefined weak diagnostic Also add CVE-2022-23218 and CVE-2022-23218 to ignore list since they are fixed by the above changes. Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc-version.inc | 2 +- meta/recipes-core/glibc/glibc_2.31.bb | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/meta/recipes-core/glibc/glibc-version.inc b/meta/recipes-core/glibc/glibc-version.inc index aac0d9b3bf..68efd09ece 100644 --- a/meta/recipes-core/glibc/glibc-version.inc +++ b/meta/recipes-core/glibc/glibc-version.inc @@ -1,6 +1,6 @@ SRCBRANCH ?= "release/2.31/master" PV = "2.31+git${SRCPV}" -SRCREV_glibc ?= "4f0a61f75385c9a5879cbe7202042e88f692a3c8" +SRCREV_glibc ?= "3ef8be9b89ef98300951741f381eb79126ac029f" SRCREV_localedef ?= "cd9f958c4c94a638fa7b2b4e21627364f1a1a655" GLIBC_GIT_URI ?= "git://sourceware.org/git/glibc.git" diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 4a545cb97d..0c37467fe4 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb @@ -3,6 +3,7 @@ require glibc-version.inc CVE_CHECK_WHITELIST += "CVE-2020-10029 CVE-2020-6096 CVE-2016-10228 CVE-2020-1751 CVE-2020-1752 \ CVE-2021-27645 CVE-2021-3326 CVE-2020-27618 CVE-2020-29562 CVE-2019-25013 \ + CVE-2022-23218 CVE-2022-23219 \ " # glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 From patchwork Thu Feb 3 19:50:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3258 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 38DC5C433F5 for ; Thu, 3 Feb 2022 19:51:08 +0000 (UTC) Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) by mx.groups.io with SMTP id smtpd.web09.2908.1643917866819139884 for ; Thu, 03 Feb 2022 11:51:07 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=l4G+Gln+; spf=softfail (domain: sakoman.com, ip: 209.85.216.43, mailfrom: steve@sakoman.com) Received: by mail-pj1-f43.google.com with SMTP id oa14-20020a17090b1bce00b001b61aed4a03so3996120pjb.5 for ; Thu, 03 Feb 2022 11:51:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=IxGEWjK+Unpm9TD5+YYmhc/HN8X5ByvuS3OkTuXcjOs=; b=l4G+Gln+k6CeNx0pI+DNNx4n97kUmCvPR+8kc5kmbSnT8x2eIux/cEi3FKS11LmMdo onDJ9LqYqpXANVe0/6D2qwPODTjvBn73hYemVp2zvV4jKM9edeySteeegeMgJ/rkjaKz 2WHFbV6/p7djaNQTYxf88oHEyXLofnFvx4EIpKZtz9LHHrsod8GRQGqFzSYH0lvy+JwZ 2/b5lz7EDE6C9PQkDC6dfH7zarpqXp7DlOXcmxlzyZvF5ZhzIUL/adYCXng/zArthTMf rZdXxC/BhZgjMl/rj4aiDz8wpdnMO1I6ukyIF4S+KW41kn8wKD0Yk7lOCVm69Vcw9c+D qJ5Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=IxGEWjK+Unpm9TD5+YYmhc/HN8X5ByvuS3OkTuXcjOs=; b=0GSpm3Gp0QYS/pger+i5KVxB/aAysXe/rabwGwXWB8Czgq+XF/2WYMfxpu7sK8TRmn WLhu49G/o12HeboKBe/TvaJt9/9fhXCER3g8qQXY3mstcjEXWlPCHTSq6XOHFcer+xyF 78A5mubL9TfroYMZz/Mk1KExP0q5pSgf0OEe4vtyMKLN2V7vgJmtoI4gfAd/S/feZjHg q4jOwj+N3mpnbPTuBK0n8RUjL6GY+oGdLT17UDjW4WkB0Yix2h8PSwncCuqHflGtl8wD yaQfQ4dXqWtkhvsKC6u0Ckeu4q9s+IgGWE3FU/R/ULE4YAdlX93FJ1H4AMRS0+z0jxe0 fY2A== X-Gm-Message-State: AOAM53092OHSf2OxhV+AlPtNJX9KvAYs7SeVQU15m1v4+l+r3Eu8Pv++ XnK3iMBvJDS2R3PNq2udx4FzB3XFIWrq5+hk X-Google-Smtp-Source: ABdhPJxECyrrgvoQX0v9xa5MT7T6+eCvazxMF6vParhUwY7t1T+G8skHoMHQnwWMd+8gGl5tmaQIWA== X-Received: by 2002:a17:902:c102:: with SMTP id 2mr36721595pli.92.1643917864790; Thu, 03 Feb 2022 11:51:04 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:04 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/20] systemd: Fix CVE-2021-3997 Date: Thu, 3 Feb 2022 09:50:26 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161297 From: Purushottam Choudhary Add patches to fix CVE-2021-3997. Add additional below mentioned patches which are required to fix CVE: 1. rm-rf-optionally-fsync-after-removing-directory-tree.patch 2. rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch Link: http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz Signed-off-by: Purushottam Choudhary Signed-off-by: Purushottam Choudhary Signed-off-by: Steve Sakoman --- .../systemd/systemd/CVE-2021-3997-1.patch | 65 ++++ .../systemd/systemd/CVE-2021-3997-2.patch | 101 ++++++ .../systemd/systemd/CVE-2021-3997-3.patch | 266 +++++++++++++++ ...-fsync-after-removing-directory-tree.patch | 35 ++ ...children-split-out-body-of-directory.patch | 318 ++++++++++++++++++ meta/recipes-core/systemd/systemd_244.5.bb | 5 + 6 files changed, 790 insertions(+) create mode 100644 meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch create mode 100644 meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch create mode 100644 meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch create mode 100644 meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch new file mode 100644 index 0000000000..341976822b --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-1.patch @@ -0,0 +1,65 @@ +Backport of the following upstream commit: +From fbb77e1e55866633c9f064e2b3bcf2b6402d962d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 23 Nov 2021 15:55:45 +0100 +Subject: [PATCH 1/3] shared/rm_rf: refactor rm_rf_children_inner() to shorten + code a bit + +CVE: CVE-2021-3997 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary +--- + src/basic/rm-rf.c | 27 +++++++++------------------ + 1 file changed, 9 insertions(+), 18 deletions(-) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -34,7 +34,7 @@ + const struct stat *root_dev) { + + struct stat st; +- int r; ++ int r, q = 0; + + assert(fd >= 0); + assert(fname); +@@ -50,7 +50,6 @@ + + if (is_dir) { + _cleanup_close_ int subdir_fd = -1; +- int q; + + /* if root_dev is set, remove subdirectories only if device is same */ + if (root_dev && st.st_dev != root_dev->st_dev) +@@ -86,23 +85,15 @@ + * again for each directory */ + q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); + +- r = unlinkat(fd, fname, AT_REMOVEDIR); +- if (r < 0) +- return r; +- if (q < 0) +- return q; +- +- return 1; +- +- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { +- r = unlinkat(fd, fname, 0); +- if (r < 0) +- return r; +- +- return 1; +- } ++ } else if (flags & REMOVE_ONLY_DIRECTORIES) ++ return 0; + +- return 0; ++ r = unlinkat(fd, fname, is_dir ? AT_REMOVEDIR : 0); ++ if (r < 0) ++ return r; ++ if (q < 0) ++ return q; ++ return 1; + } + + int rm_rf_children( diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch new file mode 100644 index 0000000000..066e10fbbc --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-2.patch @@ -0,0 +1,101 @@ +Backport of the following upstream commit: +From bd0127daaaae009ade053718f7d2f297aee4acaf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 23 Nov 2021 16:56:42 +0100 +Subject: [PATCH 2/3] shared/rm_rf: refactor rm_rf() to shorten code a bit + +CVE: CVE-2021-3997 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary +--- + src/basic/rm-rf.c | 53 ++++++++++++++++++++-------------------------- + 1 file changed, 23 insertions(+), 30 deletions(-) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -159,7 +159,7 @@ + } + + int rm_rf(const char *path, RemoveFlags flags) { +- int fd, r; ++ int fd, r, q = 0; + + assert(path); + +@@ -191,49 +191,47 @@ + } + + fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); +- if (fd < 0) { ++ if (fd >= 0) { ++ /* We have a dir */ ++ r = rm_rf_children(fd, flags, NULL); ++ ++ if (FLAGS_SET(flags, REMOVE_ROOT)) { ++ q = rmdir(path); ++ if (q < 0) ++ q = -errno; ++ } ++ } else { + if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) + return 0; + + if (!IN_SET(errno, ENOTDIR, ELOOP)) + return -errno; + +- if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES)) ++ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES) || !FLAGS_SET(flags, REMOVE_ROOT)) + return 0; + +- if (FLAGS_SET(flags, REMOVE_ROOT)) { +- +- if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { +- struct statfs s; +- +- if (statfs(path, &s) < 0) +- return -errno; +- if (is_physical_fs(&s)) +- return log_error_errno(SYNTHETIC_ERRNO(EPERM), +- "Attempted to remove files from a disk file system under \"%s\", refusing.", +- path); +- } +- +- if (unlink(path) < 0) { +- if (FLAGS_SET(flags, REMOVE_MISSING_OK) && errno == ENOENT) +- return 0; ++ if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { ++ struct statfs s; + ++ if (statfs(path, &s) < 0) + return -errno; +- } ++ if (is_physical_fs(&s)) ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), ++ "Attempted to remove files from a disk file system under \"%s\", refusing.", ++ path); + } + +- return 0; ++ r = 0; ++ q = unlink(path); ++ if (q < 0) ++ q = -errno; + } + +- r = rm_rf_children(fd, flags, NULL); +- +- if (FLAGS_SET(flags, REMOVE_ROOT) && +- rmdir(path) < 0 && +- r >= 0 && +- (!FLAGS_SET(flags, REMOVE_MISSING_OK) || errno != ENOENT)) +- r = -errno; +- +- return r; ++ if (r < 0) ++ return r; ++ if (q < 0 && (q != -ENOENT || !FLAGS_SET(flags, REMOVE_MISSING_OK))) ++ return q; ++ return 0; + } + + int rm_rf_child(int fd, const char *name, RemoveFlags flags) { diff --git a/meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch b/meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch new file mode 100644 index 0000000000..c96b8d9a6e --- /dev/null +++ b/meta/recipes-core/systemd/systemd/CVE-2021-3997-3.patch @@ -0,0 +1,266 @@ +Backport of the following upstream commit: +From bef8e8e577368697b2e6f85183b1dbc99e0e520f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= +Date: Tue, 30 Nov 2021 22:29:05 +0100 +Subject: [PATCH 3/3] shared/rm-rf: loop over nested directories instead of + instead of recursing + +To remove directory structures, we need to remove the innermost items first, +and then recursively remove higher-level directories. We would recursively +descend into directories and invoke rm_rf_children and rm_rm_children_inner. +This is problematic when too many directories are nested. + +Instead, let's create a "TODO" queue. In the the queue, for each level we +hold the DIR* object we were working on, and the name of the directory. This +allows us to leave a partially-processed directory, and restart the removal +loop one level down. When done with the inner directory, we use the name to +unlinkat() it from the parent, and proceed with the removal of other items. + +Because the nesting is increased by one level, it is best to view this patch +with -b/--ignore-space-change. + +This fixes CVE-2021-3997, https://bugzilla.redhat.com/show_bug.cgi?id=2024639. +The issue was reported and patches reviewed by Qualys Team. +Mauro Matteo Cascella and Riccardo Schirone from Red Hat handled the disclosure. + +CVE: CVE-2021-3997 +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary +--- + src/basic/rm-rf.c | 161 +++++++++++++++++++++++++++++++-------------- + 1 file changed, 113 insertions(+), 48 deletions(-) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -26,12 +26,13 @@ + return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs); + } + +-static int rm_rf_children_inner( ++static int rm_rf_inner_child( + int fd, + const char *fname, + int is_dir, + RemoveFlags flags, +- const struct stat *root_dev) { ++ const struct stat *root_dev, ++ bool allow_recursion) { + + struct stat st; + int r, q = 0; +@@ -49,9 +50,7 @@ + } + + if (is_dir) { +- _cleanup_close_ int subdir_fd = -1; +- +- /* if root_dev is set, remove subdirectories only if device is same */ ++ /* If root_dev is set, remove subdirectories only if device is same */ + if (root_dev && st.st_dev != root_dev->st_dev) + return 0; + +@@ -63,7 +62,6 @@ + return 0; + + if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) { +- + /* This could be a subvolume, try to remove it */ + + r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); +@@ -77,13 +75,16 @@ + return 1; + } + +- subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ if (!allow_recursion) ++ return -EISDIR; ++ ++ int subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); + if (subdir_fd < 0) + return -errno; + + /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type + * again for each directory */ +- q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); ++ q = rm_rf_children(subdir_fd, flags | REMOVE_PHYSICAL, root_dev); + + } else if (flags & REMOVE_ONLY_DIRECTORIES) + return 0; +@@ -96,64 +97,128 @@ + return 1; + } + ++typedef struct TodoEntry { ++ DIR *dir; /* A directory that we were operating on. */ ++ char *dirname; /* The filename of that directory itself. */ ++} TodoEntry; ++ ++static void free_todo_entries(TodoEntry **todos) { ++ for (TodoEntry *x = *todos; x && x->dir; x++) { ++ closedir(x->dir); ++ free(x->dirname); ++ } ++ ++ freep(todos); ++} ++ + int rm_rf_children( + int fd, + RemoveFlags flags, + const struct stat *root_dev) { + +- _cleanup_closedir_ DIR *d = NULL; +- struct dirent *de; ++ _cleanup_(free_todo_entries) TodoEntry *todos = NULL; ++ size_t n_todo = 0, allocated = 0; ++ _cleanup_free_ char *dirname = NULL; /* Set when we are recursing and want to delete ourselves */ + int ret = 0, r; + +- assert(fd >= 0); ++ /* Return the first error we run into, but nevertheless try to go on. ++ * The passed fd is closed in all cases, including on failure. */ + +- /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed +- * fd, in all cases, including on failure. */ ++ for (;;) { /* This loop corresponds to the directory nesting level. */ ++ _cleanup_closedir_ DIR *d = NULL; ++ struct dirent *de; ++ ++ if (n_todo > 0) { ++ /* We know that we are in recursion here, because n_todo is set. ++ * We need to remove the inner directory we were operating on. */ ++ assert(dirname); ++ r = unlinkat(dirfd(todos[n_todo-1].dir), dirname, AT_REMOVEDIR); ++ if (r < 0 && r != -ENOENT && ret == 0) ++ ret = r; ++ dirname = mfree(dirname); ++ ++ /* And now let's back out one level up */ ++ n_todo --; ++ d = TAKE_PTR(todos[n_todo].dir); ++ dirname = TAKE_PTR(todos[n_todo].dirname); ++ ++ assert(d); ++ fd = dirfd(d); /* Retrieve the file descriptor from the DIR object */ ++ assert(fd >= 0); ++ } else { ++ next_fd: ++ assert(fd >= 0); ++ d = fdopendir(fd); ++ if (!d) { ++ safe_close(fd); ++ return -errno; ++ } ++ fd = dirfd(d); /* We donated the fd to fdopendir(). Let's make sure we sure we have ++ * the right descriptor even if it were to internally invalidate the ++ * one we passed. */ ++ ++ if (!(flags & REMOVE_PHYSICAL)) { ++ struct statfs sfs; ++ ++ if (fstatfs(fd, &sfs) < 0) ++ return -errno; ++ ++ if (is_physical_fs(&sfs)) { ++ /* We refuse to clean physical file systems with this call, unless ++ * explicitly requested. This is extra paranoia just to be sure we ++ * never ever remove non-state data. */ ++ ++ _cleanup_free_ char *path = NULL; ++ ++ (void) fd_get_path(fd, &path); ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), ++ "Attempted to remove disk file system under \"%s\", and we can't allow that.", ++ strna(path)); ++ } ++ } ++ } + +- d = fdopendir(fd); +- if (!d) { +- safe_close(fd); +- return -errno; +- } ++ FOREACH_DIRENT_ALL(de, d, return -errno) { ++ int is_dir; + +- if (!(flags & REMOVE_PHYSICAL)) { +- struct statfs sfs; ++ if (dot_or_dot_dot(de->d_name)) ++ continue; + +- if (fstatfs(dirfd(d), &sfs) < 0) +- return -errno; +- } ++ is_dir = de->d_type == DT_UNKNOWN ? -1 : de->d_type == DT_DIR; + +- if (is_physical_fs(&sfs)) { +- /* We refuse to clean physical file systems with this call, unless explicitly +- * requested. This is extra paranoia just to be sure we never ever remove non-state +- * data. */ +- +- _cleanup_free_ char *path = NULL; +- +- (void) fd_get_path(fd, &path); +- return log_error_errno(SYNTHETIC_ERRNO(EPERM), +- "Attempted to remove disk file system under \"%s\", and we can't allow that.", +- strna(path)); +- } +- } ++ r = rm_rf_inner_child(fd, de->d_name, is_dir, flags, root_dev, false); ++ if (r == -EISDIR) { ++ /* Push the current working state onto the todo list */ + +- FOREACH_DIRENT_ALL(de, d, return -errno) { +- int is_dir; ++ if (!GREEDY_REALLOC0(todos, allocated, n_todo + 2)) ++ return log_oom(); + +- if (dot_or_dot_dot(de->d_name)) +- continue; ++ _cleanup_free_ char *newdirname = strdup(de->d_name); ++ if (!newdirname) ++ return log_oom(); + +- is_dir = +- de->d_type == DT_UNKNOWN ? -1 : +- de->d_type == DT_DIR; +- +- r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); +- if (r < 0 && r != -ENOENT && ret == 0) +- ret = r; +- } ++ int newfd = openat(fd, de->d_name, ++ O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ if (newfd >= 0) { ++ todos[n_todo++] = (TodoEntry) { TAKE_PTR(d), TAKE_PTR(dirname) }; ++ fd = newfd; ++ dirname = TAKE_PTR(newdirname); ++ ++ goto next_fd; + +- if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) +- ret = -errno; ++ } else if (errno != -ENOENT && ret == 0) ++ ret = -errno; ++ ++ } else if (r < 0 && r != -ENOENT && ret == 0) ++ ret = r; ++ } ++ ++ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(fd) < 0 && ret >= 0) ++ ret = -errno; ++ ++ if (n_todo == 0) ++ break; ++ } + + return ret; + } +@@ -250,5 +315,5 @@ + if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) + return -EINVAL; + +- return rm_rf_children_inner(fd, name, -1, flags, NULL); ++ return rm_rf_inner_child(fd, name, -1, flags, NULL, true); + } diff --git a/meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch b/meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch new file mode 100644 index 0000000000..b860da008c --- /dev/null +++ b/meta/recipes-core/systemd/systemd/rm-rf-optionally-fsync-after-removing-directory-tree.patch @@ -0,0 +1,35 @@ +Backport of the following upstream commit: +From bdfe7ada0d4d66e6d6e65f2822acbb1ec230f9c2 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 5 Oct 2021 10:32:56 +0200 +Subject: [PATCH] rm-rf: optionally fsync() after removing directory tree + +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary +--- + src/basic/rm-rf.c | 3 +++ + src/basic/rm-rf.h | 1 + + 2 files changed, 4 insertions(+) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -161,6 +161,9 @@ + ret = r; + } + ++ if (FLAGS_SET(flags, REMOVE_SYNCFS) && syncfs(dirfd(d)) < 0 && ret >= 0) ++ ret = -errno; ++ + return ret; + } + +--- a/src/basic/rm-rf.h ++++ b/src/basic/rm-rf.h +@@ -11,6 +11,7 @@ + REMOVE_PHYSICAL = 1 << 2, /* If not set, only removes files on tmpfs, never physical file systems */ + REMOVE_SUBVOLUME = 1 << 3, /* Drop btrfs subvolumes in the tree too */ + REMOVE_MISSING_OK = 1 << 4, /* If the top-level directory is missing, ignore the ENOENT for it */ ++ REMOVE_SYNCFS = 1 << 7, /* syncfs() the root of the specified directory after removing everything in it */ + } RemoveFlags; + + int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev); diff --git a/meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch b/meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch new file mode 100644 index 0000000000..f80e6433c6 --- /dev/null +++ b/meta/recipes-core/systemd/systemd/rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch @@ -0,0 +1,318 @@ +Backport of the following upstream commit: +From 96906b22417c65d70933976e0ee920c70c9113a4 Mon Sep 17 00:00:00 2001 +From: Lennart Poettering +Date: Tue, 26 Jan 2021 16:30:06 +0100 +Subject: [PATCH] rm-rf: refactor rm_rf_children(), split out body of directory + iteration loop + +This splits out rm_rf_children_inner() as body of the loop. We can use +that to implement rm_rf_child() for deleting one specific entry in a +directory. + +Upstream-Status: Backport [http://archive.ubuntu.com/ubuntu/pool/main/s/systemd/systemd_245.4-4ubuntu3.15.debian.tar.xz] +Signed-off-by: Purushottam Choudhary +--- + src/basic/rm-rf.c | 223 ++++++++++++++++++++++++++------------------- + src/basic/rm-rf.h | 3 +- + 2 files changed, 131 insertions(+), 95 deletions(-) + +--- a/src/basic/rm-rf.c ++++ b/src/basic/rm-rf.c +@@ -19,138 +19,153 @@ + #include "stat-util.h" + #include "string-util.h" + ++/* We treat tmpfs/ramfs + cgroupfs as non-physical file sytems. cgroupfs is similar to tmpfs in a way after ++ * all: we can create arbitrary directory hierarchies in it, and hence can also use rm_rf() on it to remove ++ * those again. */ + static bool is_physical_fs(const struct statfs *sfs) { + return !is_temporary_fs(sfs) && !is_cgroup_fs(sfs); + } + +-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev) { ++static int rm_rf_children_inner( ++ int fd, ++ const char *fname, ++ int is_dir, ++ RemoveFlags flags, ++ const struct stat *root_dev) { ++ ++ struct stat st; ++ int r; ++ ++ assert(fd >= 0); ++ assert(fname); ++ ++ if (is_dir < 0 || (is_dir > 0 && (root_dev || (flags & REMOVE_SUBVOLUME)))) { ++ ++ r = fstatat(fd, fname, &st, AT_SYMLINK_NOFOLLOW); ++ if (r < 0) ++ return r; ++ ++ is_dir = S_ISDIR(st.st_mode); ++ } ++ ++ if (is_dir) { ++ _cleanup_close_ int subdir_fd = -1; ++ int q; ++ ++ /* if root_dev is set, remove subdirectories only if device is same */ ++ if (root_dev && st.st_dev != root_dev->st_dev) ++ return 0; ++ ++ /* Stop at mount points */ ++ r = fd_is_mount_point(fd, fname, 0); ++ if (r < 0) ++ return r; ++ if (r > 0) ++ return 0; ++ ++ if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) { ++ ++ /* This could be a subvolume, try to remove it */ ++ ++ r = btrfs_subvol_remove_fd(fd, fname, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); ++ if (r < 0) { ++ if (!IN_SET(r, -ENOTTY, -EINVAL)) ++ return r; ++ ++ /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ ++ } else ++ /* It was a subvolume, done. */ ++ return 1; ++ } ++ ++ subdir_fd = openat(fd, fname, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); ++ if (subdir_fd < 0) ++ return -errno; ++ ++ /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file system type ++ * again for each directory */ ++ q = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); ++ ++ r = unlinkat(fd, fname, AT_REMOVEDIR); ++ if (r < 0) ++ return r; ++ if (q < 0) ++ return q; ++ ++ return 1; ++ ++ } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { ++ r = unlinkat(fd, fname, 0); ++ if (r < 0) ++ return r; ++ ++ return 1; ++ } ++ ++ return 0; ++} ++ ++int rm_rf_children( ++ int fd, ++ RemoveFlags flags, ++ const struct stat *root_dev) { ++ + _cleanup_closedir_ DIR *d = NULL; + struct dirent *de; + int ret = 0, r; +- struct statfs sfs; + + assert(fd >= 0); + + /* This returns the first error we run into, but nevertheless tries to go on. This closes the passed +- * fd, in all cases, including on failure.. */ ++ * fd, in all cases, including on failure. */ ++ ++ d = fdopendir(fd); ++ if (!d) { ++ safe_close(fd); ++ return -errno; ++ } + + if (!(flags & REMOVE_PHYSICAL)) { ++ struct statfs sfs; + +- r = fstatfs(fd, &sfs); +- if (r < 0) { +- safe_close(fd); ++ if (fstatfs(dirfd(d), &sfs) < 0) + return -errno; + } + + if (is_physical_fs(&sfs)) { +- /* We refuse to clean physical file systems with this call, +- * unless explicitly requested. This is extra paranoia just +- * to be sure we never ever remove non-state data. */ ++ /* We refuse to clean physical file systems with this call, unless explicitly ++ * requested. This is extra paranoia just to be sure we never ever remove non-state ++ * data. */ ++ + _cleanup_free_ char *path = NULL; + + (void) fd_get_path(fd, &path); +- log_error("Attempted to remove disk file system under \"%s\", and we can't allow that.", +- strna(path)); +- +- safe_close(fd); +- return -EPERM; ++ return log_error_errno(SYNTHETIC_ERRNO(EPERM), ++ "Attempted to remove disk file system under \"%s\", and we can't allow that.", ++ strna(path)); + } + } + +- d = fdopendir(fd); +- if (!d) { +- safe_close(fd); +- return errno == ENOENT ? 0 : -errno; +- } +- + FOREACH_DIRENT_ALL(de, d, return -errno) { +- bool is_dir; +- struct stat st; ++ int is_dir; + + if (dot_or_dot_dot(de->d_name)) + continue; + +- if (de->d_type == DT_UNKNOWN || +- (de->d_type == DT_DIR && (root_dev || (flags & REMOVE_SUBVOLUME)))) { +- if (fstatat(fd, de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; +- continue; +- } +- +- is_dir = S_ISDIR(st.st_mode); +- } else +- is_dir = de->d_type == DT_DIR; +- +- if (is_dir) { +- _cleanup_close_ int subdir_fd = -1; +- +- /* if root_dev is set, remove subdirectories only if device is same */ +- if (root_dev && st.st_dev != root_dev->st_dev) +- continue; +- +- subdir_fd = openat(fd, de->d_name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); +- if (subdir_fd < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; +- continue; +- } +- +- /* Stop at mount points */ +- r = fd_is_mount_point(fd, de->d_name, 0); +- if (r < 0) { +- if (ret == 0 && r != -ENOENT) +- ret = r; +- +- continue; +- } +- if (r > 0) +- continue; +- +- if ((flags & REMOVE_SUBVOLUME) && st.st_ino == 256) { +- +- /* This could be a subvolume, try to remove it */ +- +- r = btrfs_subvol_remove_fd(fd, de->d_name, BTRFS_REMOVE_RECURSIVE|BTRFS_REMOVE_QUOTA); +- if (r < 0) { +- if (!IN_SET(r, -ENOTTY, -EINVAL)) { +- if (ret == 0) +- ret = r; +- +- continue; +- } +- +- /* ENOTTY, then it wasn't a btrfs subvolume, continue below. */ +- } else +- /* It was a subvolume, continue. */ +- continue; +- } +- +- /* We pass REMOVE_PHYSICAL here, to avoid doing the fstatfs() to check the file +- * system type again for each directory */ +- r = rm_rf_children(TAKE_FD(subdir_fd), flags | REMOVE_PHYSICAL, root_dev); +- if (r < 0 && ret == 0) +- ret = r; +- +- if (unlinkat(fd, de->d_name, AT_REMOVEDIR) < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; +- } +- +- } else if (!(flags & REMOVE_ONLY_DIRECTORIES)) { +- +- if (unlinkat(fd, de->d_name, 0) < 0) { +- if (ret == 0 && errno != ENOENT) +- ret = -errno; +- } +- } ++ is_dir = ++ de->d_type == DT_UNKNOWN ? -1 : ++ de->d_type == DT_DIR; ++ ++ r = rm_rf_children_inner(dirfd(d), de->d_name, is_dir, flags, root_dev); ++ if (r < 0 && r != -ENOENT && ret == 0) ++ ret = r; + } ++ + return ret; + } + + int rm_rf(const char *path, RemoveFlags flags) { + int fd, r; +- struct statfs s; + + assert(path); + +@@ -195,9 +210,10 @@ + if (FLAGS_SET(flags, REMOVE_ROOT)) { + + if (!FLAGS_SET(flags, REMOVE_PHYSICAL)) { ++ struct statfs s; ++ + if (statfs(path, &s) < 0) + return -errno; +- + if (is_physical_fs(&s)) + return log_error_errno(SYNTHETIC_ERRNO(EPERM), + "Attempted to remove files from a disk file system under \"%s\", refusing.", +@@ -225,3 +241,22 @@ + + return r; + } ++ ++int rm_rf_child(int fd, const char *name, RemoveFlags flags) { ++ ++ /* Removes one specific child of the specified directory */ ++ ++ if (fd < 0) ++ return -EBADF; ++ ++ if (!filename_is_valid(name)) ++ return -EINVAL; ++ ++ if ((flags & (REMOVE_ROOT|REMOVE_MISSING_OK)) != 0) /* Doesn't really make sense here, we are not supposed to remove 'fd' anyway */ ++ return -EINVAL; ++ ++ if (FLAGS_SET(flags, REMOVE_ONLY_DIRECTORIES|REMOVE_SUBVOLUME)) ++ return -EINVAL; ++ ++ return rm_rf_children_inner(fd, name, -1, flags, NULL); ++} +--- a/src/basic/rm-rf.h ++++ b/src/basic/rm-rf.h +@@ -13,7 +13,8 @@ + REMOVE_MISSING_OK = 1 << 4, /* If the top-level directory is missing, ignore the ENOENT for it */ + } RemoveFlags; + +-int rm_rf_children(int fd, RemoveFlags flags, struct stat *root_dev); ++int rm_rf_children(int fd, RemoveFlags flags, const struct stat *root_dev); ++int rm_rf_child(int fd, const char *name, RemoveFlags flags); + int rm_rf(const char *path, RemoveFlags flags); + + /* Useful for usage with _cleanup_(), destroys a directory and frees the pointer */ diff --git a/meta/recipes-core/systemd/systemd_244.5.bb b/meta/recipes-core/systemd/systemd_244.5.bb index b6f5a47d63..66446e2a7c 100644 --- a/meta/recipes-core/systemd/systemd_244.5.bb +++ b/meta/recipes-core/systemd/systemd_244.5.bb @@ -28,6 +28,11 @@ SRC_URI += "file://touchscreen.rules \ file://network-merge-link_drop-and-link_detach_from_manager.patch \ file://network-also-drop-requests-when-link-enters-linger-state.patch \ file://network-fix-Link-reference-counter-issue.patch \ + file://rm-rf-refactor-rm-rf-children-split-out-body-of-directory.patch \ + file://rm-rf-optionally-fsync-after-removing-directory-tree.patch \ + file://CVE-2021-3997-1.patch \ + file://CVE-2021-3997-2.patch \ + file://CVE-2021-3997-3.patch \ " # patches needed by musl From patchwork Thu Feb 3 19:50:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3259 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25C78C433EF for ; Thu, 3 Feb 2022 19:51:09 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web12.2872.1643917868675256465 for ; Thu, 03 Feb 2022 11:51:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=iuOG8nzL; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id x3so3131650pll.3 for ; Thu, 03 Feb 2022 11:51:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=7+ms8K/kMH8R4pX4uaQ/k0GmpST4r721Us70wKYMpPk=; b=iuOG8nzL+80Hsr65BucG/yFZt/BrOXx3rAaEE4ahMG/Er92n7D3Nnfe83jLGj/GiN+ Vyx1+9aeCz/wxU897TS0/r4c7eCC37xA3Jn9JBWcmJ7/hLP187tmCpA8FEiMCoSjTFzi BxX8R9Fj3A7tdKFAM1Qp0ZdbCl48yYX+G/Yo0r4yzSg/eSUgaAVuKB/iFjs7owTZGrFK D8pZ4eVBh7J8J728bKk8x1frKhfrIybCYB7HmxZZZ0opPAKBueLNwIlj9ETUEbl+1JMe JNEO7KLY2hD+ZKoIdTp/7/h1mzw+ZkfS/gKIrtcbkperHOzUZrmQ3Ve6UDTB8EbfpPp1 T+UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=7+ms8K/kMH8R4pX4uaQ/k0GmpST4r721Us70wKYMpPk=; b=ELudF6vQHkOpGLpbSzYuXpdsV57SNvRuptIu4GHm1Qor0SzqjhbDtCtUs+G+z447re DKdYrTdPBJbK/NnOPk9sgUYZHpwGZcOG632vqxA0F6+zZ6CwQ7OeCZbvHkvCdXjmwu8u 38KcLpxVmHcuELvNxMrTJ+iMeM7KPXUBNJ/Zpa3uDpTGb5Yz25IA3jaoLf0rDWi9i7OD pBfCi/WatY5XA6O5V8JradPvIHoFrdVxdJ7nl4WmjgZAi3+YeI8AJIyRJWith99L9nzJ Os/1AieLySJCVOe3Us/vuVvcg8SRgo1fDzn56iVM1SZjSouNit55GDHNg1peeVEJDESf y6Rg== X-Gm-Message-State: AOAM531xX5lUEa3bKhimPVc72AcAL5E2F8areIWa9O0t3jt6KH181mlP nlPjlmDSy7cqih94D8jo2DXCiDI1Pav3Mcth X-Google-Smtp-Source: ABdhPJywevaaul8u1AQM1KHgs9TnMM+UynU6V/HSczYcB9lNe5j3zkRpwass+dzU73lICu9zhZ6JIQ== X-Received: by 2002:a17:903:1210:: with SMTP id l16mr34801899plh.63.1643917867510; Thu, 03 Feb 2022 11:51:07 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:06 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/20] grub: add a fix for CVE-2020-25632 Date: Thu, 3 Feb 2022 09:50:27 -1000 Message-Id: <3ccb5fdde9aef8a2ebc23611d7764fb689e1f402.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161298 From: Marta Rybczynska Fix grub issue with module dereferencing. From the official description from NVD [1]: The rmmod implementation allows the unloading of a module used as a dependency without checking if any other dependent module is still loaded leading to a use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot protections. This patch is a part of a bigger security collection for grub [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-25632 [2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- .../grub/files/CVE-2020-25632.patch | 90 +++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 91 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-25632.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2020-25632.patch b/meta/recipes-bsp/grub/files/CVE-2020-25632.patch new file mode 100644 index 0000000000..0b37c72f0f --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-25632.patch @@ -0,0 +1,90 @@ +From 7630ec5397fe418276b360f9011934b8c034936c Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Tue, 29 Sep 2020 14:08:55 +0200 +Subject: [PATCH] dl: Only allow unloading modules that are not dependencies + +When a module is attempted to be removed its reference counter is always +decremented. This means that repeated rmmod invocations will cause the +module to be unloaded even if another module depends on it. + +This may lead to a use-after-free scenario allowing an attacker to execute +arbitrary code and by-pass the UEFI Secure Boot protection. + +While being there, add the extern keyword to some function declarations in +that header file. + +Fixes: CVE-2020-25632 + +Reported-by: Chris Coulson +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=7630ec5397fe418276b360f9011934b8c034936c] +CVE: CVE-2020-25632 +Signed-off-by: Marta Rybczynska +--- + grub-core/commands/minicmd.c | 7 +++++-- + grub-core/kern/dl.c | 9 +++++++++ + include/grub/dl.h | 8 +++++--- + 3 files changed, 19 insertions(+), 5 deletions(-) + +diff --git a/grub-core/commands/minicmd.c b/grub-core/commands/minicmd.c +index 6bbce3128..fa498931e 100644 +--- a/grub-core/commands/minicmd.c ++++ b/grub-core/commands/minicmd.c +@@ -140,8 +140,11 @@ grub_mini_cmd_rmmod (struct grub_command *cmd __attribute__ ((unused)), + if (grub_dl_is_persistent (mod)) + return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload persistent module"); + +- if (grub_dl_unref (mod) <= 0) +- grub_dl_unload (mod); ++ if (grub_dl_ref_count (mod) > 1) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, "cannot unload referenced module"); ++ ++ grub_dl_unref (mod); ++ grub_dl_unload (mod); + + return 0; + } +diff --git a/grub-core/kern/dl.c b/grub-core/kern/dl.c +index 48eb5e7b6..48f8a7907 100644 +--- a/grub-core/kern/dl.c ++++ b/grub-core/kern/dl.c +@@ -549,6 +549,15 @@ grub_dl_unref (grub_dl_t mod) + return --mod->ref_count; + } + ++int ++grub_dl_ref_count (grub_dl_t mod) ++{ ++ if (mod == NULL) ++ return 0; ++ ++ return mod->ref_count; ++} ++ + static void + grub_dl_flush_cache (grub_dl_t mod) + { +diff --git a/include/grub/dl.h b/include/grub/dl.h +index f03c03561..b3753c9ca 100644 +--- a/include/grub/dl.h ++++ b/include/grub/dl.h +@@ -203,9 +203,11 @@ grub_dl_t EXPORT_FUNC(grub_dl_load) (const char *name); + grub_dl_t grub_dl_load_core (void *addr, grub_size_t size); + grub_dl_t EXPORT_FUNC(grub_dl_load_core_noinit) (void *addr, grub_size_t size); + int EXPORT_FUNC(grub_dl_unload) (grub_dl_t mod); +-void grub_dl_unload_unneeded (void); +-int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); +-int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); ++extern void grub_dl_unload_unneeded (void); ++extern int EXPORT_FUNC(grub_dl_ref) (grub_dl_t mod); ++extern int EXPORT_FUNC(grub_dl_unref) (grub_dl_t mod); ++extern int EXPORT_FUNC(grub_dl_ref_count) (grub_dl_t mod); ++ + extern grub_dl_t EXPORT_VAR(grub_dl_head); + + #ifndef GRUB_UTIL +-- +2.33.0 + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index db7c23a84a..6a17940afb 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -45,6 +45,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2020-27779_5.patch \ file://CVE-2020-27779_6.patch \ file://CVE-2020-27779_7.patch \ + file://CVE-2020-25632.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" From patchwork Thu Feb 3 19:50:28 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3260 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 265E3C433EF for ; Thu, 3 Feb 2022 19:51:12 +0000 (UTC) Received: from mail-pg1-f172.google.com (mail-pg1-f172.google.com [209.85.215.172]) by mx.groups.io with SMTP id smtpd.web10.2839.1643917870943633188 for ; Thu, 03 Feb 2022 11:51:11 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ZHP7hZCs; spf=softfail (domain: sakoman.com, ip: 209.85.215.172, mailfrom: steve@sakoman.com) Received: by mail-pg1-f172.google.com with SMTP id h23so3127220pgk.11 for ; Thu, 03 Feb 2022 11:51:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=bfJGUstaah8rXcXBMTvnSd+za9eta5uZfW8LioNAy54=; b=ZHP7hZCsmFLEtJclkBMMOvM3fXWJy6l+5MphSDDRujdNigMogxA25+YVRuKMNrhZNZ epPIdo6PjFOeq7Vv3VyvTPx24PKe4RrHxqFwb0nx1f5E3UlI7gxnFam5AfCIHqwOluuY T1IUFmWcaa2pM1cR26cDo7HUELVmy0ZC8gcEt1AYzobv7gMhfh91KEI3aIDNOWoHVI6i Cs+mhYeHn1Xzc7gfX3T/Fc02cb6Y+pbnUjSQSpG2pd2R57mQ084Lyw7Bse6uH4FjhHLh GIFQsFgWLAIc3ZN69R9KkXsA6+ccQYh26ez/Gao3wp+mnkuDAAACA1Csl85QgTHAifUx RtYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bfJGUstaah8rXcXBMTvnSd+za9eta5uZfW8LioNAy54=; b=M/yGt5jRVggpTLCClbaxySGUm5D1YESOE8gzeJZ0qJvvnvhjFTg6Lmp9YqmLplcqxQ RiX400Gy18gRZxPIlllhZNmAQ82/LukdNr3zHOHhKCn9kyzqFzcCKyh4MawRlOryVAZq KHFr6alPM1NQfVzYMRTaEbSJYPHlBb4QhDqpOAoxVL1b/PkGnQzT5jaksIikKMo+Q83x q9gWD8OsajEPd2Ksq83kWrdxpKwt6TUqvkLeyvN3mMkTic+X7JEonR76oVIlWKARZ9q1 GmileGKRs0NS3+ZlY0tlYlywZ56kQ86/xmT3r3vzYlHhstr8zz/iCSUPmeXtL0PxWeoy E43A== X-Gm-Message-State: AOAM533Iz1Auk9XOr3Gq2aWH/cTXnHcLbl3VMzdMf4BfzmBKIcMnWfrd lgjdA9uYHvjgWFRLxxUJA7TVRBBPt0vWl8hJ X-Google-Smtp-Source: ABdhPJxHOdvtRDersW4Zj/RC48QHQlFZ7cDMF4ST6SmIDwBDG1M+Nn0M1W/Azy99iUZOIyKkWI/s8g== X-Received: by 2002:a63:af08:: with SMTP id w8mr29887065pge.1.1643917869842; Thu, 03 Feb 2022 11:51:09 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:09 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/20] grub: add a fix for CVE-2020-25647 Date: Thu, 3 Feb 2022 09:50:28 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:12 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161299 From: Marta Rybczynska Fix a grub issue with incorrect values from an usb device. From the official description from NVD [1]: During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a bypass of the Secure Boot mechanism. This patch is a part of a bigger security collection for grub [2]. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-25647 [2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html Signed-off-by: Marta Rybczynska Signed-off-by: Steve Sakoman --- .../grub/files/CVE-2020-25647.patch | 119 ++++++++++++++++++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 120 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2020-25647.patch diff --git a/meta/recipes-bsp/grub/files/CVE-2020-25647.patch b/meta/recipes-bsp/grub/files/CVE-2020-25647.patch new file mode 100644 index 0000000000..cb77fd4772 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2020-25647.patch @@ -0,0 +1,119 @@ +From 128c16a682034263eb519c89bc0934eeb6fa8cfa Mon Sep 17 00:00:00 2001 +From: Javier Martinez Canillas +Date: Fri, 11 Dec 2020 19:19:21 +0100 +Subject: [PATCH] usb: Avoid possible out-of-bound accesses caused by malicious + devices + +The maximum number of configurations and interfaces are fixed but there is +no out-of-bound checking to prevent a malicious USB device to report large +values for these and cause accesses outside the arrays' memory. + +Fixes: CVE-2020-25647 + +Reported-by: Joseph Tartaro +Reported-by: Ilja Van Sprundel +Signed-off-by: Javier Martinez Canillas +Reviewed-by: Daniel Kiper + +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=128c16a682034263eb519c89bc0934eeb6fa8cfa] +CVE: CVE-2020-25647 +Signed-off-by: Marta Rybczynska +--- + grub-core/bus/usb/usb.c | 15 ++++++++++++--- + include/grub/usb.h | 10 +++++++--- + 2 files changed, 19 insertions(+), 6 deletions(-) + +diff --git a/grub-core/bus/usb/usb.c b/grub-core/bus/usb/usb.c +index 8da5e4c74..7cb3cc230 100644 +--- a/grub-core/bus/usb/usb.c ++++ b/grub-core/bus/usb/usb.c +@@ -75,6 +75,9 @@ grub_usb_controller_iterate (grub_usb_controller_iterate_hook_t hook, + grub_usb_err_t + grub_usb_clear_halt (grub_usb_device_t dev, int endpoint) + { ++ if (endpoint >= GRUB_USB_MAX_TOGGLE) ++ return GRUB_USB_ERR_BADDEVICE; ++ + dev->toggle[endpoint] = 0; + return grub_usb_control_msg (dev, (GRUB_USB_REQTYPE_OUT + | GRUB_USB_REQTYPE_STANDARD +@@ -134,10 +137,10 @@ grub_usb_device_initialize (grub_usb_device_t dev) + return err; + descdev = &dev->descdev; + +- for (i = 0; i < 8; i++) ++ for (i = 0; i < GRUB_USB_MAX_CONF; i++) + dev->config[i].descconf = NULL; + +- if (descdev->configcnt == 0) ++ if (descdev->configcnt == 0 || descdev->configcnt > GRUB_USB_MAX_CONF) + { + err = GRUB_USB_ERR_BADDEVICE; + goto fail; +@@ -172,6 +175,12 @@ grub_usb_device_initialize (grub_usb_device_t dev) + /* Skip the configuration descriptor. */ + pos = dev->config[i].descconf->length; + ++ if (dev->config[i].descconf->numif > GRUB_USB_MAX_IF) ++ { ++ err = GRUB_USB_ERR_BADDEVICE; ++ goto fail; ++ } ++ + /* Read all interfaces. */ + for (currif = 0; currif < dev->config[i].descconf->numif; currif++) + { +@@ -217,7 +226,7 @@ grub_usb_device_initialize (grub_usb_device_t dev) + + fail: + +- for (i = 0; i < 8; i++) ++ for (i = 0; i < GRUB_USB_MAX_CONF; i++) + grub_free (dev->config[i].descconf); + + return err; +diff --git a/include/grub/usb.h b/include/grub/usb.h +index 512ae1dd0..6475c552f 100644 +--- a/include/grub/usb.h ++++ b/include/grub/usb.h +@@ -23,6 +23,10 @@ + #include + #include + ++#define GRUB_USB_MAX_CONF 8 ++#define GRUB_USB_MAX_IF 32 ++#define GRUB_USB_MAX_TOGGLE 256 ++ + typedef struct grub_usb_device *grub_usb_device_t; + typedef struct grub_usb_controller *grub_usb_controller_t; + typedef struct grub_usb_controller_dev *grub_usb_controller_dev_t; +@@ -167,7 +171,7 @@ struct grub_usb_configuration + struct grub_usb_desc_config *descconf; + + /* Interfaces associated to this configuration. */ +- struct grub_usb_interface interf[32]; ++ struct grub_usb_interface interf[GRUB_USB_MAX_IF]; + }; + + struct grub_usb_hub_port +@@ -191,7 +195,7 @@ struct grub_usb_device + struct grub_usb_controller controller; + + /* Device configurations (after opening the device). */ +- struct grub_usb_configuration config[8]; ++ struct grub_usb_configuration config[GRUB_USB_MAX_CONF]; + + /* Device address. */ + int addr; +@@ -203,7 +207,7 @@ struct grub_usb_device + int initialized; + + /* Data toggle values (used for bulk transfers only). */ +- int toggle[256]; ++ int toggle[GRUB_USB_MAX_TOGGLE]; + + /* Used by libusb wrapper. Schedulded for removal. */ + void *data; +-- +2.33.0 + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 6a17940afb..9b20e1c09b 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -46,6 +46,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2020-27779_6.patch \ file://CVE-2020-27779_7.patch \ file://CVE-2020-25632.patch \ + file://CVE-2020-25647.patch \ " SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934" SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea" From patchwork Thu Feb 3 19:50:29 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3262 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 301FDC433FE for ; Thu, 3 Feb 2022 19:51:14 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web08.2929.1643917873119465618 for ; Thu, 03 Feb 2022 11:51:13 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=IStBR0R2; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id y17so3112339plg.7 for ; Thu, 03 Feb 2022 11:51:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=c+Oxx+xLd4XWfizkWCZNk71JkfG9VEchmY+85IBvilY=; b=IStBR0R2Qz7AKK9qOwsaKfzZe1nNAaDsGIo4B69ghdjhqIA6NqMCr5yoFKmBunkgPV SJrso+z0X7Q2c7hJNvhdUXyGGwuhf7p5pImAxssJKooyVCLOT8kZWgDvd+aC/ewC6IKn VfQ9sPr+P4zRjWbdAsHbXSRzoWsF0M9Item/FnKLimW8Em3KFKGwMDOw4PyUuXFDmPxe nTEKSejWUNzFvAqqTSLKpHB+xzQtM7TZp8rPEBPPzgqRf2ylhc917pWGv9n8wW3jzDg4 8W/8oZHiwe4/I0I1I7ULbFvPXBvryNlbEhgRMZiNenm38l9uTzxuKx0yytvnjWuyJQB3 muug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=c+Oxx+xLd4XWfizkWCZNk71JkfG9VEchmY+85IBvilY=; b=zUR6U0Dts+UuGmN6UVNzUrQ8aydsxv9CRM75VPsxhpP17HhE+fkqF3Q7/DNQy+mQDw vaiZIBislbqefryAh0ldkKNgbX3VSDlymCDLW7raeNHgNOKUM1jsYo8mz48cuxtF6/kj RTdy0y1pPbl0zPEUCwg+qIiUm6QkHzCpdnD+GCpkrF3S0K6y4LYZzcNbJ/JHvMmfXb+v 194mjyU7tH27+e1V2wKwG23CtSMW7DhBR3FthXsmLCJNQdLK59i2S2hzkAT7rwI0KYTT CMm8CZsQuAZpeKOseKrn4xrXE3Dka8yY5XQ3Zgb0aQg5RZeo44EQmbwkZMRA9/JFP8WH U/wA== X-Gm-Message-State: AOAM530PM7CgVbcfHPrUA7OmMbm/sY9e9OKxJamCv+dti4Gl/KPqxMMx 65zrMFvkhkRp05QxiQW80o5FM/NJBtsbb4/o X-Google-Smtp-Source: ABdhPJxJj8/A3B+MKNmADp2LU1mbTrMDzDWJCcIAqhsiRd1MTh76J1zQKNAkaQlhpPbeYK8rD4eC+Q== X-Received: by 2002:a17:903:2309:: with SMTP id d9mr36529014plh.32.1643917871974; Thu, 03 Feb 2022 11:51:11 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:11 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/20] ghostscript: fix CVE-2021-45949 Date: Thu, 3 Feb 2022 09:50:29 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:14 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161300 From: Minjae Kim Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). To apply this CVE-2021-45959 patch, the check-stack-limits-after-function-evalution.patch should be applied first. References: https://nvd.nist.gov/vuln/detail/CVE-2021-45949 Signed-off-by: Minjae Kim Signed-off-by: Steve Sakoman --- .../ghostscript/CVE-2021-45949.patch | 65 +++++++++++++++++++ ...tack-limits-after-function-evalution.patch | 51 +++++++++++++++ .../ghostscript/ghostscript_9.52.bb | 2 + 3 files changed, 118 insertions(+) create mode 100644 meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch create mode 100644 meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch new file mode 100644 index 0000000000..f312f89e04 --- /dev/null +++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch @@ -0,0 +1,65 @@ +From 6643ff0cb837db3eade489ffff21e3e92eee2ae0 Mon Sep 17 00:00:00 2001 +From: Chris Liddell +Date: Fri, 28 Jan 2022 08:21:19 +0000 +Subject: [PATCH] [PATCH] Bug 703902: Fix op stack management in + sampled_data_continue() + +Replace pop() (which does no checking, and doesn't handle stack extension +blocks) with ref_stack_pop() which does do all that. + +We still use pop() in one case (it's faster), but we have to later use +ref_stack_pop() before calling sampled_data_sample() which also accesses the +op stack. + +Fixes: +https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34675 + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=2a3129365d3bc0d4a41f107ef175920d1505d1f7] +CVE: CVE-2021-45949 +Signed-off-by: Minjae Kim +--- + psi/zfsample.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 0023fa4..f84671f 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -534,14 +534,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + data_ptr[bps * i + j] = (byte)(cv >> ((bps - 1 - j) * 8)); /* MSB first */ + } + pop(num_out); /* Move op to base of result values */ +- ++ /* From here on, we have to use ref_stack_pop() rather than pop() ++ so that it handles stack extension blocks properly, before calling ++ sampled_data_sample() which also uses the op stack. ++ */ + /* Check if we are done collecting data. */ + + if (increment_cube_indexes(params, penum->indexes)) { + if (stack_depth_adjust == 0) +- pop(O_STACK_PAD); /* Remove spare stack space */ ++ ref_stack_pop(&o_stack, O_STACK_PAD); /* Remove spare stack space */ + else +- pop(stack_depth_adjust - num_out); ++ ref_stack_pop(&o_stack, stack_depth_adjust - num_out); + /* Execute the closing procedure, if given */ + code = 0; + if (esp_finish_proc != 0) +@@ -554,11 +557,11 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + if ((O_STACK_PAD - stack_depth_adjust) < 0) { + stack_depth_adjust = -(O_STACK_PAD - stack_depth_adjust); + check_op(stack_depth_adjust); +- pop(stack_depth_adjust); ++ ref_stack_pop(&o_stack, stack_depth_adjust); + } + else { + check_ostack(O_STACK_PAD - stack_depth_adjust); +- push(O_STACK_PAD - stack_depth_adjust); ++ ref_stack_push(&o_stack, O_STACK_PAD - stack_depth_adjust); + for (i=0;i +Date: Fri, 12 Feb 2021 10:34:23 +0000 +Subject: [PATCH] oss-fuzz 30715: Check stack limits after function evaluation. + +During function result sampling, after the callout to the Postscript +interpreter, make sure there is enough stack space available before pushing +or popping entries. + +In thise case, the Postscript procedure for the "function" is totally invalid +(as a function), and leaves the op stack in an unrecoverable state (as far as +function evaluation is concerned). We end up popping more entries off the +stack than are available. + +To cope, add in stack limit checking to throw an appropriate error when this +happens. + +Upstream-Status: Backported [https://git.ghostscript.com/?p=ghostpdl.git;a=patch;h=7861fcad13c497728189feafb41cd57b5b50ea25] +Signed-off-by: Minjae Kim +--- + psi/zfsample.c | 14 +++++++++++--- + 1 file changed, 11 insertions(+), 3 deletions(-) + +diff --git a/psi/zfsample.c b/psi/zfsample.c +index 290809405..652ae02c6 100644 +--- a/psi/zfsample.c ++++ b/psi/zfsample.c +@@ -551,9 +551,17 @@ sampled_data_continue(i_ctx_t *i_ctx_p) + } else { + if (stack_depth_adjust) { + stack_depth_adjust -= num_out; +- push(O_STACK_PAD - stack_depth_adjust); +- for (i=0;i X-Patchwork-Id: 3261 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26B15C433EF for ; Thu, 3 Feb 2022 19:51:16 +0000 (UTC) Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com [209.85.214.178]) by mx.groups.io with SMTP id smtpd.web12.2874.1643917875143484649 for ; Thu, 03 Feb 2022 11:51:15 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=3fD1nmXs; spf=softfail (domain: sakoman.com, ip: 209.85.214.178, mailfrom: steve@sakoman.com) Received: by mail-pl1-f178.google.com with SMTP id d1so3101950plh.10 for ; Thu, 03 Feb 2022 11:51:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=niGPfPgVV3KURFXrteM4Ns3wmwcOV96XStS7zWQ0zDY=; b=3fD1nmXsanPwlcBF+VUZYvrEiCL9t1hmgffsaForxZZwO+PhdZYuYiTiWaDyZ9lzfe prKnoRRzgi6ahgaKGyWBBEVI9q5q0oPT0LwSGj9aTYEAv+3wZyRYwQBBLNalMmWxhhwO 7R4M1RN2fZ5+aq6fewZX9zFL5FL6p6E2/3qJOejYgZaHd835a3+QjG1z6t16vSlvQ6dT fWgLndLnoY3Meq8ElwiDl+zStL+6ztnM7uq3VfZR8fywnpuAey5Qq2MmO2OQqMCV1DM6 8XI/z+MdQgBIdgDuiRMqmboV70DsszhhSS7BXrfFZsCkZ7mR4de33VAnVU/osokJENY/ pJvQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=niGPfPgVV3KURFXrteM4Ns3wmwcOV96XStS7zWQ0zDY=; b=XOgUw7Jr0e2EOL5HbLnhOybiofC8vnNdfzRldNkDIzbAaZ1aLZ0+fSQcGMVF9i/Pfh aTJyrw2BH+9kMiml02g1UCa9mL2pTqpORulj01jL+P+8fQsvkwasHrx023AhStYynDro FIMTuXmU9brWcNHgA6MLoGln3YjPZB+xEZxbQnPLA6Z7K5zGJ/A0R5+6PJioJMROMIFQ A2NOqHyCZ6fhqMS4n9s6hHrgLzqIiGy9gRXpvIYGZotQ91XgejSKigI1mFUnj6sMEv+U mJ124BImqIJfLx/BBcyDJCD49UNuWfCPw0/W+fy2GBkukdOHAtK/zARzUyHoBO0Ytq3q WS5g== X-Gm-Message-State: AOAM531roR371kOWNIiFbnC3T7qh/60QiILJLwVK/PUUfWwNMApYmOwH CQJUQ58bQMk8O0d20DSjb8dd8XBTRmZcszp8 X-Google-Smtp-Source: ABdhPJw/kgHVfLig21a2swXHNy9ZOzzWDe6HJ2K4gO2CA9dnE5ksDbpvxAa2920FtMKtO9Y5hBOmIw== X-Received: by 2002:a17:90a:b107:: with SMTP id z7mr15670830pjq.38.1643917874194; Thu, 03 Feb 2022 11:51:14 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:13 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/20] expat: fix CVE-2022-23852 Date: Thu, 3 Feb 2022 09:50:30 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161301 Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer for configurations with a nonzero XML_CONTEXT_BYTES. Backport patch from: https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 CVE: CVE-2022-23852 Signed-off-by: Steve Sakoman --- .../expat/expat/CVE-2022-23852.patch | 33 +++++++++++++++++++ meta/recipes-core/expat/expat_2.2.9.bb | 1 + 2 files changed, 34 insertions(+) create mode 100644 meta/recipes-core/expat/expat/CVE-2022-23852.patch diff --git a/meta/recipes-core/expat/expat/CVE-2022-23852.patch b/meta/recipes-core/expat/expat/CVE-2022-23852.patch new file mode 100644 index 0000000000..41425c108b --- /dev/null +++ b/meta/recipes-core/expat/expat/CVE-2022-23852.patch @@ -0,0 +1,33 @@ +From 847a645152f5ebc10ac63b74b604d0c1a79fae40 Mon Sep 17 00:00:00 2001 +From: Samanta Navarro +Date: Sat, 22 Jan 2022 17:48:00 +0100 +Subject: [PATCH] lib: Detect and prevent integer overflow in XML_GetBuffer + (CVE-2022-23852) + +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/commit/847a645152f5ebc10ac63b74b604d0c1a79fae40 + +CVE: CVE-2022-23852 + +Signed-off-by: Steve Sakoman + +--- + expat/lib/xmlparse.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c +index d54af683..5ce31402 100644 +--- a/lib/xmlparse.c ++++ b/lib/xmlparse.c +@@ -2067,6 +2067,11 @@ XML_GetBuffer(XML_Parser parser, int len) { + keep = (int)EXPAT_SAFE_PTR_DIFF(parser->m_bufferPtr, parser->m_buffer); + if (keep > XML_CONTEXT_BYTES) + keep = XML_CONTEXT_BYTES; ++ /* Detect and prevent integer overflow */ ++ if (keep > INT_MAX - neededSize) { ++ parser->m_errorCode = XML_ERROR_NO_MEMORY; ++ return NULL; ++ } + neededSize += keep; + #endif /* defined XML_CONTEXT_BYTES */ + if (neededSize diff --git a/meta/recipes-core/expat/expat_2.2.9.bb b/meta/recipes-core/expat/expat_2.2.9.bb index 757c18c5fa..6a6d5c066f 100644 --- a/meta/recipes-core/expat/expat_2.2.9.bb +++ b/meta/recipes-core/expat/expat_2.2.9.bb @@ -11,6 +11,7 @@ SRC_URI = "git://github.com/libexpat/libexpat.git;protocol=https;branch=master \ file://CVE-2021-45960.patch \ file://CVE-2021-46143.patch \ file://CVE-2022-22822-27.patch \ + file://CVE-2022-23852.patch \ file://libtool-tag.patch \ " From patchwork Thu Feb 3 19:50:31 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3263 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C3C3C433EF for ; Thu, 3 Feb 2022 19:51:18 +0000 (UTC) Received: from mail-pj1-f49.google.com (mail-pj1-f49.google.com [209.85.216.49]) by mx.groups.io with SMTP id smtpd.web12.2876.1643917877279287383 for ; Thu, 03 Feb 2022 11:51:17 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=jHWPHla+; spf=softfail (domain: sakoman.com, ip: 209.85.216.49, mailfrom: steve@sakoman.com) Received: by mail-pj1-f49.google.com with SMTP id r59so3394294pjg.4 for ; Thu, 03 Feb 2022 11:51:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=RoE53m87U9F8W8nqGOhznBIeLqFIpFzLtRtIheYQJW4=; b=jHWPHla+tlmCJk2qx3MyKiesqBqZ01bbPBH0jN+uwjzGo++hitdTlnCuDDxqLkLY4Q Dy8DKmWfbD/L8tncMu630+qKY4MD00cInVUakc5Dgqh9ruOu6OO1vtYcRBXw9UJqX6uV mIICGvc0QXAv9h+dXFWf9HP/aaUSiP2NK8CleiC1aAdPDp5Rruft9Dde7nUsKz9sjj5L cp+ATLEZn6OvywAdE4m8nInRC9Va7RbxLZFvCviIG//zvI68FHK5GjAHWXeuBhsI0m3T CIwTELwsTknwMdiK+VJA09zC7+kh13JOgT3rYq8OcYaunigGEm70oo/vSe6OMTLo+mHo EiDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=RoE53m87U9F8W8nqGOhznBIeLqFIpFzLtRtIheYQJW4=; b=7ireR6Vej+xs6r2zRX9g988VM4ndt/ODsiFFf+u+X1evtWfw9JiPUw3yrVBabcRoAS Fexe1LkoS5E2qDv0qSPojyA1y1ITAE9EO8quKmK/NG1ao2BTTKWQwnJDMB/KetDnsFaa nGb/Wsl6irKstjuvIzBhy1yOk4k396FCw4kmNNKjG7xRLk4LVZNBAR5QMV0622kPacmY 2o1Q0ss/tDh2Dv0UD8O//jY0FXfCH2Q8Kxw6xVMks6PVeHDEcQkCT9geGwqdBbvGnGzx uhU5dY0e/zh3PzDdung+p6Kq3hjPYWPp22gBt8KlrynF0mreaLxZY+1mX7EDmXUr326y ehfw== X-Gm-Message-State: AOAM533DZXZBNFSKP8ZMAntFhmNjkEH2C+xQDTfTuYdKBAjTm1S8Xq+y KfvUIGm7Ax7ZDPtzJgp4wN2k/Mgqi2G6Q1+P X-Google-Smtp-Source: ABdhPJyXrr/skjdEY8nxsMdbFJfXo4sOODWxdOjxC07XV8R+clF7eDe75Y7zxnKAvzqT1+9cWUItCQ== X-Received: by 2002:a17:902:c209:: with SMTP id 9mr36807897pll.119.1643917876296; Thu, 03 Feb 2022 11:51:16 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:15 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/20] expat: add missing Upstream-status, CVE tag and sign-off to CVE-2021-46143.patch Date: Thu, 3 Feb 2022 09:50:31 -1000 Message-Id: <7e33aa25acc0c29b8f5e78757c6557e614eb1434.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161302 Signed-off-by: Steve Sakoman --- meta/recipes-core/expat/expat/CVE-2021-46143.patch | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/meta/recipes-core/expat/expat/CVE-2021-46143.patch b/meta/recipes-core/expat/expat/CVE-2021-46143.patch index d6bafba0ff..b1a726d9a8 100644 --- a/meta/recipes-core/expat/expat/CVE-2021-46143.patch +++ b/meta/recipes-core/expat/expat/CVE-2021-46143.patch @@ -4,6 +4,12 @@ Date: Sat, 25 Dec 2021 20:52:08 +0100 Subject: [PATCH] lib: Prevent integer overflow on m_groupSize in function doProlog (CVE-2021-46143) +Upstream-Status: Backport: +https://github.com/libexpat/libexpat/pull/538/commits/85ae9a2d7d0e9358f356b33977b842df8ebaec2b + +CVE: CVE-2021-46143 + +Signed-off-by: Steve Sakoman --- expat/lib/xmlparse.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) From patchwork Thu Feb 3 19:50:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3264 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D114C433F5 for ; Thu, 3 Feb 2022 19:51:21 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web10.2845.1643917880458794813 for ; Thu, 03 Feb 2022 11:51:20 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=zg69FoZx; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id h14so3139502plf.1 for ; Thu, 03 Feb 2022 11:51:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=3P8odiGFjaF77OzaKZoiFxZIG8DY3l19/W6K0STXSMs=; b=zg69FoZxixAL1JGFqbnVqK1lnYf2nqgPOxE6ELLtf7ynW3gpleCugvJ7FQnQxibM/M zT4yRQTHIqk5FrepssY+1KAAkpJUjCYLu8LjLXogWhvns3O2sUE1ach2vhrhWLbC53FZ uf63H5tZXOKfTzjQ/+5C4lljj/NWk0FKrH64AnLieqqFiPp3EcZukRDYzDpeIl4ChHAD k/HlVjiFBbBK/MYdjH81O+YMgohJyb1p8VL8pTqJLQoP8GGV40ztRoF4nDDjzrcaQ5io jCrMomTB7SMG24BZhh8gMYdZ6+8H4+aq6Lb2geDQ9KykGDW7rTD6nzwleWgvaJsxfoNp pAMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3P8odiGFjaF77OzaKZoiFxZIG8DY3l19/W6K0STXSMs=; b=T38wCNztNY1damsxF4xYVvwEMiVwlfaCn3y8ThVR6jdYpQ6bXCbc4DWuk87ZCa6UZq KMtCGrYpCpJ56UVfF1msIZ5jD24OLYQIlkKWI8PmgwENIsOSRBOF4+PUtWPp0Vj2MLIK XOkYg5fXhbVA2EwoGEopeTPHlqm3Ia3XaYbqATzPq0DGo4FbYvm0Sz25qXMbw/s28BYN 8sZiQRjiarqbW8RCgQVRo46s4CFPH3ceAU1Zl4PR3DqSWS7R64MG8Hb4IMs5LR7FAA4F yUMrMiM17j7Dyh1aZEsq8ivs0OsiP0wIKllbGYMIcKCd+8nkew6pkkN+ABUXwcZe6vwI jSHg== X-Gm-Message-State: AOAM5323Rdolx0OtJ12qpfdj+nGQMDX7EdHvOgGwWvLTG1fxSjCiNbbo 5Tl6YeV1l0IU5hXjsEjGC69QiHFoCrYMorvK X-Google-Smtp-Source: ABdhPJx8v8X0Dq3AnKxrfk87KnzTGn5+p/FlOCJt4qIlWCh880lAakFq7WDifQaBqWRja6x24IBGDQ== X-Received: by 2002:a17:902:9308:: with SMTP id bc8mr36436309plb.147.1643917878891; Thu, 03 Feb 2022 11:51:18 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.17 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:18 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/20] util-linux: Fix for CVE-2021-3995 and CVE-2021-3996 Date: Thu, 3 Feb 2022 09:50:32 -1000 Message-Id: <05ddf5579488f42d5d90326e3dc67a1152578324.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161303 From: Ranjitsinh Rathod Add patches to fix CVE-2021-3995 and CVE-2021-3996 Also, add support include-strutils-cleanup-strto-functions.patch to solve compilation error where `ul_strtou64` function not found which is used in CVE-2021-3995.patch Signed-off-by: Ranjitsinh Rathod Signed-off-by: Ranjitsinh Rathod Signed-off-by: Steve Sakoman --- .../util-linux/util-linux/CVE-2021-3995.patch | 139 +++++++++ .../util-linux/util-linux/CVE-2021-3996.patch | 226 +++++++++++++++ ...ude-strutils-cleanup-strto-functions.patch | 270 ++++++++++++++++++ .../util-linux/util-linux_2.35.1.bb | 3 + 4 files changed, 638 insertions(+) create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch create mode 100644 meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch create mode 100644 meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch b/meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch new file mode 100644 index 0000000000..1dcb66ad1d --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-3995.patch @@ -0,0 +1,139 @@ +From f3db9bd609494099f0c1b95231c5dfe383346929 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 24 Nov 2021 13:53:25 +0100 +Subject: [PATCH] libmount: fix UID check for FUSE umount [CVE-2021-3995] + +Improper UID check allows an unprivileged user to unmount FUSE +filesystems of users with similar UID. + +Signed-off-by: Karel Zak + +CVE: CVE-2021-3995 +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/f3db9bd609494099f0c1b95231c5dfe383346929] +Signed-off-by: Ranjitsinh Rathod + +--- + include/strutils.h | 2 +- + libmount/src/context_umount.c | 14 +++--------- + libmount/src/mountP.h | 1 + + libmount/src/optstr.c | 42 +++++++++++++++++++++++++++++++++++ + 4 files changed, 47 insertions(+), 12 deletions(-) + +diff --git a/include/strutils.h b/include/strutils.h +index 6e95707ea9..a84d29594d 100644 +--- a/include/strutils.h ++++ b/include/strutils.h +@@ -91,8 +91,8 @@ static inline char *mem2strcpy(char *dest, const void *src, size_t n, size_t nma + if (n + 1 > nmax) + n = nmax - 1; + ++ memset(dest, '\0', nmax); + memcpy(dest, src, n); +- dest[nmax-1] = '\0'; + return dest; + } + +diff --git a/libmount/src/context_umount.c b/libmount/src/context_umount.c +index 173637a15a..8773c65ffa 100644 +--- a/libmount/src/context_umount.c ++++ b/libmount/src/context_umount.c +@@ -393,10 +393,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) + struct libmnt_ns *ns_old; + const char *type = mnt_fs_get_fstype(cxt->fs); + const char *optstr; +- char *user_id = NULL; +- size_t sz; +- uid_t uid; +- char uidstr[sizeof(stringify_value(ULONG_MAX))]; ++ uid_t uid, entry_uid; + + *errsv = 0; + +@@ -413,11 +410,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) + optstr = mnt_fs_get_fs_options(cxt->fs); + if (!optstr) + return 0; +- +- if (mnt_optstr_get_option(optstr, "user_id", &user_id, &sz) != 0) +- return 0; +- +- if (sz == 0 || user_id == NULL) ++ if (mnt_optstr_get_uid(optstr, "user_id", &entry_uid) != 0) + return 0; + + /* get current user */ +@@ -434,8 +427,7 @@ static int is_fuse_usermount(struct libmnt_context *cxt, int *errsv) + return 0; + } + +- snprintf(uidstr, sizeof(uidstr), "%lu", (unsigned long) uid); +- return strncmp(user_id, uidstr, sz) == 0; ++ return uid == entry_uid; + } + + /* +diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h +index d43a835418..22442ec55e 100644 +--- a/libmount/src/mountP.h ++++ b/libmount/src/mountP.h +@@ -400,6 +400,7 @@ extern const struct libmnt_optmap *mnt_optmap_get_entry( + const struct libmnt_optmap **mapent); + + /* optstr.c */ ++extern int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid); + extern int mnt_optstr_remove_option_at(char **optstr, char *begin, char *end); + extern int mnt_optstr_fix_gid(char **optstr, char *value, size_t valsz, char **next); + extern int mnt_optstr_fix_uid(char **optstr, char *value, size_t valsz, char **next); +diff --git a/libmount/src/optstr.c b/libmount/src/optstr.c +index 921b9318e7..16800f571c 100644 +--- a/libmount/src/optstr.c ++++ b/libmount/src/optstr.c +@@ -1090,6 +1090,48 @@ int mnt_optstr_fix_user(char **optstr) + return rc; + } + ++/* ++ * Converts value from @optstr addressed by @name to uid. ++ * ++ * Returns: 0 on success, 1 if not found, <0 on error ++ */ ++int mnt_optstr_get_uid(const char *optstr, const char *name, uid_t *uid) ++{ ++ char *value = NULL; ++ size_t valsz = 0; ++ char buf[sizeof(stringify_value(UINT64_MAX))]; ++ int rc; ++ uint64_t num; ++ ++ assert(optstr); ++ assert(name); ++ assert(uid); ++ ++ rc = mnt_optstr_get_option(optstr, name, &value, &valsz); ++ if (rc != 0) ++ goto fail; ++ ++ if (valsz > sizeof(buf) - 1) { ++ rc = -ERANGE; ++ goto fail; ++ } ++ mem2strcpy(buf, value, valsz, sizeof(buf)); ++ ++ rc = ul_strtou64(buf, &num, 10); ++ if (rc != 0) ++ goto fail; ++ if (num > ULONG_MAX || (uid_t) num != num) { ++ rc = -ERANGE; ++ goto fail; ++ } ++ *uid = (uid_t) num; ++ ++ return 0; ++fail: ++ DBG(UTILS, ul_debug("failed to convert '%s'= to number [rc=%d]", name, rc)); ++ return rc; ++} ++ + /** + * mnt_match_options: + * @optstr: options string diff --git a/meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch b/meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch new file mode 100644 index 0000000000..1610b5a0fe --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/CVE-2021-3996.patch @@ -0,0 +1,226 @@ +From 018a10907fa9885093f6d87401556932c2d8bd2b Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 4 Jan 2022 10:54:20 +0100 +Subject: [PATCH] libmount: fix (deleted) suffix issue [CVE-2021-3996] + +This issue is related to parsing the /proc/self/mountinfo file allows an +unprivileged user to unmount other user's filesystems that are either +world-writable themselves or mounted in a world-writable directory. + +The support for "(deleted)" is no more necessary as the Linux kernel does +not use it in /proc/self/mountinfo and /proc/self/mount files anymore. + +Signed-off-by: Karel Zak + +CVE: CVE-2021-3996 +Upstream-Status: Backport [https://github.com/util-linux/util-linux/commit/018a10907fa9885093f6d87401556932c2d8bd2b] +Signed-off-by: Ranjitsinh Rathod + +--- + libmount/src/tab_parse.c | 5 ----- + tests/expected/findmnt/filter-options | 1 - + tests/expected/findmnt/filter-options-nameval-neg | 3 +-- + tests/expected/findmnt/filter-types-neg | 1 - + tests/expected/findmnt/outputs-default | 3 +-- + tests/expected/findmnt/outputs-force-tree | 3 +-- + tests/expected/findmnt/outputs-kernel | 3 +-- + tests/expected/libmount/tabdiff-mount | 1 - + tests/expected/libmount/tabdiff-move | 1 - + tests/expected/libmount/tabdiff-remount | 1 - + tests/expected/libmount/tabdiff-umount | 1 - + tests/expected/libmount/tabfiles-parse-mountinfo | 11 ----------- + tests/expected/libmount/tabfiles-py-parse-mountinfo | 11 ----------- + tests/ts/findmnt/files/mountinfo | 1 - + tests/ts/findmnt/files/mountinfo-nonroot | 1 - + tests/ts/libmount/files/mountinfo | 1 - + 16 files changed, 4 insertions(+), 44 deletions(-) + +diff --git a/libmount/src/tab_parse.c b/libmount/src/tab_parse.c +index 917779ab6d..4407f9c9c7 100644 +--- a/libmount/src/tab_parse.c ++++ b/libmount/src/tab_parse.c +@@ -225,11 +225,6 @@ static int mnt_parse_mountinfo_line(struct libmnt_fs *fs, const char *s) + goto fail; + } + +- /* remove "\040(deleted)" suffix */ +- p = (char *) endswith(fs->target, PATH_DELETED_SUFFIX); +- if (p && *p) +- *p = '\0'; +- + s = skip_separator(s); + + /* (6) vfs options (fs-independent) */ +diff --git a/tests/expected/findmnt/filter-options b/tests/expected/findmnt/filter-options +index 2606bce76b..97b0ead0ad 100644 +--- a/tests/expected/findmnt/filter-options ++++ b/tests/expected/findmnt/filter-options +@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS + /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime + /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-/mnt/foo /fooooo bar rw,relatime + rc=0 +diff --git a/tests/expected/findmnt/filter-options-nameval-neg b/tests/expected/findmnt/filter-options-nameval-neg +index 5471d65af1..f0467ef755 100644 +--- a/tests/expected/findmnt/filter-options-nameval-neg ++++ b/tests/expected/findmnt/filter-options-nameval-neg +@@ -29,6 +29,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/findmnt/filter-types-neg b/tests/expected/findmnt/filter-types-neg +index 2606bce76b..97b0ead0ad 100644 +--- a/tests/expected/findmnt/filter-types-neg ++++ b/tests/expected/findmnt/filter-types-neg +@@ -28,5 +28,4 @@ TARGET SOURCE FSTYPE OPTIONS + /home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + /var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime + /mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-/mnt/foo /fooooo bar rw,relatime + rc=0 +diff --git a/tests/expected/findmnt/outputs-default b/tests/expected/findmnt/outputs-default +index 59495797bd..01599355ec 100644 +--- a/tests/expected/findmnt/outputs-default ++++ b/tests/expected/findmnt/outputs-default +@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/findmnt/outputs-force-tree b/tests/expected/findmnt/outputs-force-tree +index 59495797bd..01599355ec 100644 +--- a/tests/expected/findmnt/outputs-force-tree ++++ b/tests/expected/findmnt/outputs-force-tree +@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/findmnt/outputs-kernel b/tests/expected/findmnt/outputs-kernel +index 59495797bd..01599355ec 100644 +--- a/tests/expected/findmnt/outputs-kernel ++++ b/tests/expected/findmnt/outputs-kernel +@@ -30,6 +30,5 @@ TARGET SOURCE FSTYPE OPTIO + |-/home/kzak /dev/mapper/kzak-home ext4 rw,noatime,barrier=1,data=ordered + | `-/home/kzak/.gvfs gvfs-fuse-daemon fuse.gvfs-fuse-daemon rw,nosuid,nodev,relatime,user_id=500,group_id=500 + |-/var/lib/nfs/rpc_pipefs sunrpc rpc_pipefs rw,relatime +-|-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-`-/mnt/foo /fooooo bar rw,relatime ++`-/mnt/sounds //foo.home/bar/ cifs rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 + rc=0 +diff --git a/tests/expected/libmount/tabdiff-mount b/tests/expected/libmount/tabdiff-mount +index 420aeacd5e..3c18f8dc4f 100644 +--- a/tests/expected/libmount/tabdiff-mount ++++ b/tests/expected/libmount/tabdiff-mount +@@ -1,3 +1,2 @@ + /dev/mapper/kzak-home on /home/kzak: MOUNTED +-/fooooo on /mnt/foo: MOUNTED + tmpfs on /mnt/test/foo bar: MOUNTED +diff --git a/tests/expected/libmount/tabdiff-move b/tests/expected/libmount/tabdiff-move +index 24f9bc791b..95820d93ef 100644 +--- a/tests/expected/libmount/tabdiff-move ++++ b/tests/expected/libmount/tabdiff-move +@@ -1,3 +1,2 @@ + //foo.home/bar/ on /mnt/music: MOVED to /mnt/music +-/fooooo on /mnt/foo: UMOUNTED + tmpfs on /mnt/test/foo bar: UMOUNTED +diff --git a/tests/expected/libmount/tabdiff-remount b/tests/expected/libmount/tabdiff-remount +index 82ebeab390..876bfd9539 100644 +--- a/tests/expected/libmount/tabdiff-remount ++++ b/tests/expected/libmount/tabdiff-remount +@@ -1,4 +1,3 @@ + /dev/mapper/kzak-home on /home/kzak: REMOUNTED from 'rw,noatime,barrier=1,data=ordered' to 'ro,noatime,barrier=1,data=ordered' + //foo.home/bar/ on /mnt/sounds: REMOUNTED from 'rw,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' to 'ro,relatime,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344' +-/fooooo on /mnt/foo: UMOUNTED + tmpfs on /mnt/test/foo bar: UMOUNTED +diff --git a/tests/expected/libmount/tabdiff-umount b/tests/expected/libmount/tabdiff-umount +index a3e0fe48a1..c7be725b92 100644 +--- a/tests/expected/libmount/tabdiff-umount ++++ b/tests/expected/libmount/tabdiff-umount +@@ -1,3 +1,2 @@ + /dev/mapper/kzak-home on /home/kzak: UMOUNTED +-/fooooo on /mnt/foo: UMOUNTED + tmpfs on /mnt/test/foo bar: UMOUNTED +diff --git a/tests/expected/libmount/tabfiles-parse-mountinfo b/tests/expected/libmount/tabfiles-parse-mountinfo +index 47eb770061..d5ba5248e4 100644 +--- a/tests/expected/libmount/tabfiles-parse-mountinfo ++++ b/tests/expected/libmount/tabfiles-parse-mountinfo +@@ -351,17 +351,6 @@ id: 47 + parent: 20 + devno: 0:38 + ------ fs: +-source: /fooooo +-target: /mnt/foo +-fstype: bar +-optstr: rw,relatime +-VFS-optstr: rw,relatime +-FS-opstr: rw +-root: / +-id: 48 +-parent: 20 +-devno: 0:39 +------- fs: + source: tmpfs + target: /mnt/test/foo bar + fstype: tmpfs +diff --git a/tests/expected/libmount/tabfiles-py-parse-mountinfo b/tests/expected/libmount/tabfiles-py-parse-mountinfo +index 47eb770061..d5ba5248e4 100644 +--- a/tests/expected/libmount/tabfiles-py-parse-mountinfo ++++ b/tests/expected/libmount/tabfiles-py-parse-mountinfo +@@ -351,17 +351,6 @@ id: 47 + parent: 20 + devno: 0:38 + ------ fs: +-source: /fooooo +-target: /mnt/foo +-fstype: bar +-optstr: rw,relatime +-VFS-optstr: rw,relatime +-FS-opstr: rw +-root: / +-id: 48 +-parent: 20 +-devno: 0:39 +------- fs: + source: tmpfs + target: /mnt/test/foo bar + fstype: tmpfs +diff --git a/tests/ts/findmnt/files/mountinfo b/tests/ts/findmnt/files/mountinfo +index 475ea1a337..ff1e664a84 100644 +--- a/tests/ts/findmnt/files/mountinfo ++++ b/tests/ts/findmnt/files/mountinfo +@@ -30,4 +30,3 @@ + 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 + 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw + 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw +diff --git a/tests/ts/findmnt/files/mountinfo-nonroot b/tests/ts/findmnt/files/mountinfo-nonroot +index e15b467016..87b421d2ef 100644 +--- a/tests/ts/findmnt/files/mountinfo-nonroot ++++ b/tests/ts/findmnt/files/mountinfo-nonroot +@@ -29,4 +29,3 @@ + 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 + 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw + 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw +diff --git a/tests/ts/libmount/files/mountinfo b/tests/ts/libmount/files/mountinfo +index c063071833..2b01740481 100644 +--- a/tests/ts/libmount/files/mountinfo ++++ b/tests/ts/libmount/files/mountinfo +@@ -30,5 +30,4 @@ + 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 + 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw + 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 +-48 20 0:39 / /mnt/foo\040(deleted) rw,relatime - bar /fooooo rw + 49 20 0:56 / /mnt/test/foo bar rw,relatime shared:323 - tmpfs tmpfs rw diff --git a/meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch b/meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch new file mode 100644 index 0000000000..5d5a370821 --- /dev/null +++ b/meta/recipes-core/util-linux/util-linux/include-strutils-cleanup-strto-functions.patch @@ -0,0 +1,270 @@ +From 84825b161ba5d18da4142893b9789b3fc71284d9 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 22 Jun 2021 14:20:42 +0200 +Subject: [PATCH] include/strutils: cleanup strto..() functions + +* add ul_strtos64() and ul_strtou64() +* add simple test + +Addresses: https://github.com/karelzak/util-linux/issues/1358 +Signed-off-by: Karel Zak + +Upstream-Backport: [https://github.com/util-linux/util-linux/commit/84825b161ba5d18da4142893b9789b3fc71284d9] +Signed-off-by: Ranjitsinh Rathod + +--- + include/strutils.h | 3 + + lib/strutils.c | 174 ++++++++++++++++++++++++++------------------- + 2 files changed, 105 insertions(+), 72 deletions(-) + +diff --git a/include/strutils.h b/include/strutils.h +index e75a2f0e17..389e849905 100644 +--- a/include/strutils.h ++++ b/include/strutils.h +@@ -19,6 +19,9 @@ extern int parse_size(const char *str, uintmax_t *res, int *power); + extern int strtosize(const char *str, uintmax_t *res); + extern uintmax_t strtosize_or_err(const char *str, const char *errmesg); + ++extern int ul_strtos64(const char *str, int64_t *num, int base); ++extern int ul_strtou64(const char *str, uint64_t *num, int base); ++ + extern int16_t strtos16_or_err(const char *str, const char *errmesg); + extern uint16_t strtou16_or_err(const char *str, const char *errmesg); + extern uint16_t strtox16_or_err(const char *str, const char *errmesg); +diff --git a/lib/strutils.c b/lib/strutils.c +index ee2c835495..d9976dca70 100644 +--- a/lib/strutils.c ++++ b/lib/strutils.c +@@ -319,39 +319,80 @@ char *strndup(const char *s, size_t n) + } + #endif + +-static uint32_t _strtou32_or_err(const char *str, const char *errmesg, int base); +-static uint64_t _strtou64_or_err(const char *str, const char *errmesg, int base); ++/* ++ * convert strings to numbers; returns <0 on error, and 0 on success ++ */ ++int ul_strtos64(const char *str, int64_t *num, int base) ++{ ++ char *end = NULL; + +-int16_t strtos16_or_err(const char *str, const char *errmesg) ++ errno = 0; ++ if (str == NULL || *str == '\0') ++ return -EINVAL; ++ *num = (int64_t) strtoimax(str, &end, base); ++ ++ if (errno || str == end || (end && *end)) ++ return -EINVAL; ++ return 0; ++} ++ ++int ul_strtou64(const char *str, uint64_t *num, int base) + { +- int32_t num = strtos32_or_err(str, errmesg); ++ char *end = NULL; + +- if (num < INT16_MIN || num > INT16_MAX) { +- errno = ERANGE; +- err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); +- } +- return num; ++ errno = 0; ++ if (str == NULL || *str == '\0') ++ return -EINVAL; ++ *num = (uint64_t) strtoumax(str, &end, base); ++ ++ if (errno || str == end || (end && *end)) ++ return -EINVAL; ++ return 0; + } + +-static uint16_t _strtou16_or_err(const char *str, const char *errmesg, int base) ++/* ++ * Covert strings to numbers and print message on error. ++ * ++ * Note that hex functions (strtox..()) returns unsigned numbers, if you need ++ * something else then use ul_strtos64(s, &n, 16). ++ */ ++int64_t strtos64_or_err(const char *str, const char *errmesg) + { +- uint32_t num = _strtou32_or_err(str, errmesg, base); ++ int64_t num = 0; + +- if (num > UINT16_MAX) { +- errno = ERANGE; +- err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ if (ul_strtos64(str, &num, 10) != 0) { ++ if (errno == ERANGE) ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ ++ errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); + } + return num; + } + +-uint16_t strtou16_or_err(const char *str, const char *errmesg) ++uint64_t strtou64_or_err(const char *str, const char *errmesg) + { +- return _strtou16_or_err(str, errmesg, 10); ++ uint64_t num = 0; ++ ++ if (ul_strtou64(str, &num, 10)) { ++ if (errno == ERANGE) ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ ++ errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + +-uint16_t strtox16_or_err(const char *str, const char *errmesg) ++uint64_t strtox64_or_err(const char *str, const char *errmesg) + { +- return _strtou16_or_err(str, errmesg, 16); ++ uint64_t num = 0; ++ ++ if (ul_strtou64(str, &num, 16)) { ++ if (errno == ERANGE) ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ ++ errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + + int32_t strtos32_or_err(const char *str, const char *errmesg) +@@ -365,9 +406,9 @@ int32_t strtos32_or_err(const char *str, const char *errmesg) + return num; + } + +-static uint32_t _strtou32_or_err(const char *str, const char *errmesg, int base) ++uint32_t strtou32_or_err(const char *str, const char *errmesg) + { +- uint64_t num = _strtou64_or_err(str, errmesg, base); ++ uint64_t num = strtou64_or_err(str, errmesg); + + if (num > UINT32_MAX) { + errno = ERANGE; +@@ -376,66 +417,48 @@ static uint32_t _strtou32_or_err(const char *str, const char *errmesg, int base) + return num; + } + +-uint32_t strtou32_or_err(const char *str, const char *errmesg) +-{ +- return _strtou32_or_err(str, errmesg, 10); +-} +- + uint32_t strtox32_or_err(const char *str, const char *errmesg) + { +- return _strtou32_or_err(str, errmesg, 16); ++ uint64_t num = strtox64_or_err(str, errmesg); ++ ++ if (num > UINT32_MAX) { ++ errno = ERANGE; ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + +-int64_t strtos64_or_err(const char *str, const char *errmesg) ++int16_t strtos16_or_err(const char *str, const char *errmesg) + { +- int64_t num; +- char *end = NULL; +- +- errno = 0; +- if (str == NULL || *str == '\0') +- goto err; +- num = strtoimax(str, &end, 10); +- +- if (errno || str == end || (end && *end)) +- goto err; ++ int64_t num = strtos64_or_err(str, errmesg); + +- return num; +-err: +- if (errno == ERANGE) ++ if (num < INT16_MIN || num > INT16_MAX) { ++ errno = ERANGE; + err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); +- +- errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + +-static uint64_t _strtou64_or_err(const char *str, const char *errmesg, int base) ++uint16_t strtou16_or_err(const char *str, const char *errmesg) + { +- uintmax_t num; +- char *end = NULL; +- +- errno = 0; +- if (str == NULL || *str == '\0') +- goto err; +- num = strtoumax(str, &end, base); +- +- if (errno || str == end || (end && *end)) +- goto err; ++ uint64_t num = strtou64_or_err(str, errmesg); + +- return num; +-err: +- if (errno == ERANGE) ++ if (num > UINT16_MAX) { ++ errno = ERANGE; + err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); +- +- errx(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + +-uint64_t strtou64_or_err(const char *str, const char *errmesg) ++uint16_t strtox16_or_err(const char *str, const char *errmesg) + { +- return _strtou64_or_err(str, errmesg, 10); +-} ++ uint64_t num = strtox64_or_err(str, errmesg); + +-uint64_t strtox64_or_err(const char *str, const char *errmesg) +-{ +- return _strtou64_or_err(str, errmesg, 16); ++ if (num > UINT16_MAX) { ++ errno = ERANGE; ++ err(STRTOXX_EXIT_CODE, "%s: '%s'", errmesg, str); ++ } ++ return num; + } + + double strtod_or_err(const char *str, const char *errmesg) +@@ -1051,15 +1051,25 @@ static int test_strutils_cmp_paths(int a + + int main(int argc, char *argv[]) + { +- if (argc == 3 && strcmp(argv[1], "--size") == 0) ++ if (argc == 3 && strcmp(argv[1], "--size") == 0) { + return test_strutils_sizes(argc - 1, argv + 1); + +- else if (argc == 4 && strcmp(argv[1], "--cmp-paths") == 0) ++ } else if (argc == 4 && strcmp(argv[1], "--cmp-paths") == 0) { + return test_strutils_cmp_paths(argc - 1, argv + 1); + ++ } else if (argc == 3 && strcmp(argv[1], "--str2num") == 0) { ++ uint64_t n; ++ ++ if (ul_strtou64(argv[2], &n, 10) == 0) { ++ printf("'%s' --> %ju\n", argv[2], (uintmax_t) n); ++ return EXIT_SUCCESS; ++ } ++ } ++ + else { + fprintf(stderr, "usage: %1$s --size [suffix]\n" +- " %1$s --cmp-paths \n", ++ " %1$s --cmp-paths \n" ++ " %1$s --num2num \n", + argv[0]); + exit(EXIT_FAILURE); + } diff --git a/meta/recipes-core/util-linux/util-linux_2.35.1.bb b/meta/recipes-core/util-linux/util-linux_2.35.1.bb index 731f0618eb..96d5eca518 100644 --- a/meta/recipes-core/util-linux/util-linux_2.35.1.bb +++ b/meta/recipes-core/util-linux/util-linux_2.35.1.bb @@ -12,6 +12,9 @@ SRC_URI += "file://configure-sbindir.patch \ file://0001-kill-include-sys-types.h-before-checking-SYS_pidfd_s.patch \ file://0001-include-cleanup-pidfd-inckudes.patch \ file://CVE-2021-37600.patch \ + file://include-strutils-cleanup-strto-functions.patch \ + file://CVE-2021-3995.patch \ + file://CVE-2021-3996.patch \ " SRC_URI[md5sum] = "7f64882f631225f0295ca05080cee1bf" SRC_URI[sha256sum] = "d9de3edd287366cd908e77677514b9387b22bc7b88f45b83e1922c3597f1d7f9" From patchwork Thu Feb 3 19:50:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3265 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28132C433FE for ; Thu, 3 Feb 2022 19:51:24 +0000 (UTC) Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) by mx.groups.io with SMTP id smtpd.web12.2879.1643917883014660330 for ; Thu, 03 Feb 2022 11:51:23 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=hLZWQule; spf=softfail (domain: sakoman.com, ip: 209.85.215.174, mailfrom: steve@sakoman.com) Received: by mail-pg1-f174.google.com with SMTP id v3so3166185pgc.1 for ; Thu, 03 Feb 2022 11:51:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=WouBtHh1zoOsKRzb1Xewz7A5jk2TXGgTfBO5fGrfn9k=; b=hLZWQule5vJwsoCjTa2Ct5uzl8+xKuj/MF7YSVo3Lo7unDenstL/pgH/ULK6XkfYnn 51ywTEHiCfXkaTLvdjrsMls+zourjZbat1YjXd9dy5CJ+0tvlPtEJDlvqIP5Fw59Ekr2 qDQ9CLCYfVXcZjePfLJ56wstzOcXSc2MrhIma0CLvp+nrQNlP1WLzhxkbZOhtmsaieqN /FV+7/iioQIoD7/YnbkheB3KxP9XTug9TOnT0tchjULVo+WNSgey0iufD6JFR59APGiw QDGqUO2Lanyjta3S3fxQldsLy7GvpNEPj8AOwohiM75tuKB4rKjF2H8ToMaSoLb1AHlq F9Nw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=WouBtHh1zoOsKRzb1Xewz7A5jk2TXGgTfBO5fGrfn9k=; b=A0QwWr8w5L4o6i265Oo3FUtu0rklAp5u+KMnBGlHH3VaV0z8UWYn7s/W1tfg1Z6IsK wfnFm3cQPsM/5WBiw1HqLwBLYtc91x5OyQNPBfLxZHeipWw4Ec4MrlGvikwCjuJoLTSN jEURmFiNCvYC9uPfA4f3UhLhQuISZN4VhorbiB7GNO5i5h6kkIdP6PLRvfcbaXf9xy5K hsX2pOIzRpd07c0jYNXJNhfGKhRDLffXZYIIvQkr7KoZ3mUGLCx4dWUEm494Dfis45+3 oR3kupkNim76e5UiY5UAcdGyQj7mUkxgJfeJB7GUC1gAO3bJzjLphOGNcTwqdDpposgy LcPQ== X-Gm-Message-State: AOAM5323K+ufy3qTVGqd2d2GScAzK9mawoHfwgLNe2AtR5EDxYSR3q1i xbBaj7hO8OjIhnvwPAWXyz01I0JuPG9ckK/U X-Google-Smtp-Source: ABdhPJw4UQjKGIzLThRyN2Yye2CtIZ88MqL+hEKexskq0LyCOrM5l5R0O7qlYMBaGwn3lkMbMkWZiQ== X-Received: by 2002:a63:6342:: with SMTP id x63mr29433073pgb.148.1643917881930; Thu, 03 Feb 2022 11:51:21 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:21 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/20] binutils: Backport Include members in the variable table used when resolving DW_AT_specification tags. Date: Thu, 3 Feb 2022 09:50:33 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:24 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161304 From: Marek Vasut Backport binutils upstream patch fixing sporadic link errors in c++ code. This triggers at least on arm32 and aarch64 with qt5 based applications. The ChangeLog part of the patch as well as space change is omitted. Binutils bug report for this problem is here: https://sourceware.org/bugzilla/show_bug.cgi?id=26520 Signed-off-by: Marek Vasut Cc: Richard Purdie Cc: Steve Sakoman Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.34.inc | 1 + ...in-the-variable-table-used-when-reso.patch | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.34.inc b/meta/recipes-devtools/binutils/binutils-2.34.inc index 6104bec591..903b9d7b01 100644 --- a/meta/recipes-devtools/binutils/binutils-2.34.inc +++ b/meta/recipes-devtools/binutils/binutils-2.34.inc @@ -42,6 +42,7 @@ SRC_URI = "\ file://0015-sync-with-OE-libtool-changes.patch \ file://0016-Check-for-clang-before-checking-gcc-version.patch \ file://0017-binutils-drop-redundant-program_name-definition-fno-.patch \ + file://0018-Include-members-in-the-variable-table-used-when-reso.patch \ file://CVE-2020-0551.patch \ file://0001-gas-improve-reproducibility-for-stabs-debugging-data.patch \ file://CVE-2020-16592.patch \ diff --git a/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch b/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch new file mode 100644 index 0000000000..dc1e09d46b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0018-Include-members-in-the-variable-table-used-when-reso.patch @@ -0,0 +1,32 @@ +From bf2252dca8c76e4c1f1c2dbf98dab7ffc9f5e5af Mon Sep 17 00:00:00 2001 +From: Nick Clifton +Date: Sat, 29 Aug 2020 08:03:15 +0100 +Subject: [PATCH] Include members in the variable table used when resolving + DW_AT_specification tags. + + PR 26520 + * dwarf2.c (scan_unit_for_symbols): Add member entries to the + variable table. + +Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6f04d55f681149a69102a73937d0987719c3f16] +--- + bfd/dwarf2.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/bfd/dwarf2.c b/bfd/dwarf2.c +index dd3568a8532..ef2f6a3c63c 100644 +--- a/bfd/dwarf2.c ++++ b/bfd/dwarf2.c +@@ -3248,7 +3248,8 @@ scan_unit_for_symbols (struct comp_unit *unit) + else + { + func = NULL; +- if (abbrev->tag == DW_TAG_variable) ++ if (abbrev->tag == DW_TAG_variable ++ || abbrev->tag == DW_TAG_member) + { + bfd_size_type amt = sizeof (struct varinfo); + var = (struct varinfo *) bfd_zalloc (abfd, amt); +-- +2.34.1 + From patchwork Thu Feb 3 19:50:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3266 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D32FC433EF for ; Thu, 3 Feb 2022 19:51:26 +0000 (UTC) Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by mx.groups.io with SMTP id smtpd.web12.2880.1643917885189689521 for ; Thu, 03 Feb 2022 11:51:25 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=YxD+83pq; spf=softfail (domain: sakoman.com, ip: 209.85.215.180, mailfrom: steve@sakoman.com) Received: by mail-pg1-f180.google.com with SMTP id 77so316140pgc.0 for ; Thu, 03 Feb 2022 11:51:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Ao3tQsjw6N1FwyW0LTPg32N8vZR4WpZeax48N2Lz8e0=; b=YxD+83pqeOx4/5ndLDRhdK5jLp0rqkeozXL3Chxu63qDrC4F6FxZr7Tg1rXrp2xyGx 8IRDWMD1L9UfAQarOhRr9NIiQY5VAex2QgCVeUzFImVVoejj4WInzUtGNP+XYKOVrUtk 9Lx7bRB5VptSvCDSe/mlXGBAkdX5De3MpAXn8F0plrq76WPbmPXhoOwcHu7bLa51z5CS fDocNvl96URa98g9e4/2KXAPHtcYj44bgMEVSuYYjvEVYo63nFiw1y4LSfj5umfhAS8O VgrxO26hTp0nRAgilXJ+KHJmwOpmfkM5H6SvLSTmAM1hJOqvZv60Q+Oe/Ztv+k/inDHr E5+Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Ao3tQsjw6N1FwyW0LTPg32N8vZR4WpZeax48N2Lz8e0=; b=xpe9icznMws1DXeejaYPg9YL5iCLKVJR5ztUKm/AiyN1L7PE+NfL5QRuGZyzNmUb50 SMPo3EaydmkpMklzooW8fVjRxx+xKkHi0amPya9dLE0VBo0xrd6R7XSM8NMG16HYyJFU w2ePIpVlLOHRytiyUB4QOeW4ZYu6O/UUwLDMAEFPI1vSaB6ACxmnZlUSfui81GLrZO8y ldsBf2eXn19aOPRWiFQ3ihqt6Qv/lGIjzc2K2rhwcXxtibXhaBxuYbHmVX7UWmsWf4tL q88IeyYk9L13CNouuuydpDrvkqoAavOtpVWDq70rhnu2shkqwBuPWh4MVH5Fri7JdU4p iVTQ== X-Gm-Message-State: AOAM533GPOr5ntrd1vk0n1Sg4a6vgce2KV/tXhwChNJFa/VpbTC4IkLA N2yrGX0gr9xqP37Yjd81FRJjcTujjjIvm6Xi X-Google-Smtp-Source: ABdhPJxhvud7poikW/wt04mN3MTmzepWF9es59X+GdTYl9qF4bp5S6yAn7gQLWYDBALggxmeBCghJA== X-Received: by 2002:a63:5f52:: with SMTP id t79mr29077065pgb.177.1643917884066; Thu, 03 Feb 2022 11:51:24 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:23 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/20] sstate: A third fix for for touching files inside pseudo Date: Thu, 3 Feb 2022 09:50:34 -1000 Message-Id: <912d8a8f7424305cdc30ab568847c023b1b6e390.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:26 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161305 From: Peter Kjellerstedt This continues where commit 676757f "sstate: fix touching files inside pseudo" and commit 29fc8599 "sstate: another fix for touching files inside pseudo" left off. The previous changes switched from trying to check if the sstate file is writable before touching it, to always touching the sstate file and ignoring any errors. However, if the sstate file is actually a symbolic link that links to nothing, this would actually result in an empty sstate file being created. And this in turn leads to that future setscene tasks will fail when they try to unpack the empty file. Change the code so that if an sstate file linking to nothing already exists, it is overwritten with the new sstate file. Also change it so that the temporary file that is used is always removed, even if ln fails to link the sstate file to it. Change-Id: I3800f98d0f2a0dd076352df85fad7c81460e733d Signed-off-by: Peter Kjellerstedt Signed-off-by: Richard Purdie Signed-off-by: Steve Sakoman --- meta/classes/sstate.bbclass | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/meta/classes/sstate.bbclass b/meta/classes/sstate.bbclass index c2720cde92..00a0e8fbd7 100644 --- a/meta/classes/sstate.bbclass +++ b/meta/classes/sstate.bbclass @@ -841,14 +841,18 @@ sstate_create_package () { fi chmod 0664 $TFILE # Skip if it was already created by some other process - if [ ! -e ${SSTATE_PKG} ]; then + if [ -h ${SSTATE_PKG} ] && [ ! -e ${SSTATE_PKG} ]; then + # There is a symbolic link, but it links to nothing. + # Forcefully replace it with the new file. + ln -f $TFILE ${SSTATE_PKG} || true + elif [ ! -e ${SSTATE_PKG} ]; then # Move into place using ln to attempt an atomic op. # Abort if it already exists - ln $TFILE ${SSTATE_PKG} && rm $TFILE + ln $TFILE ${SSTATE_PKG} || true else - rm $TFILE + touch ${SSTATE_PKG} 2>/dev/null || true fi - touch ${SSTATE_PKG} 2>/dev/null || true + rm $TFILE } python sstate_sign_package () { @@ -878,7 +882,7 @@ python sstate_report_unihash() { sstate_unpack_package () { tar -xvzf ${SSTATE_PKG} # update .siginfo atime on local/NFS mirror if it is a symbolic link - [ ! -h ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true + [ ! -h ${SSTATE_PKG}.siginfo ] || [ ! -e ${SSTATE_PKG}.siginfo ] || touch -a ${SSTATE_PKG}.siginfo 2>/dev/null || true # update each symbolic link instead of any referenced file touch --no-dereference ${SSTATE_PKG} 2>/dev/null || true [ ! -e ${SSTATE_PKG}.sig ] || touch --no-dereference ${SSTATE_PKG}.sig 2>/dev/null || true From patchwork Thu Feb 3 19:50:35 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3267 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2D163C433F5 for ; Thu, 3 Feb 2022 19:51:28 +0000 (UTC) Received: from mail-pj1-f45.google.com (mail-pj1-f45.google.com [209.85.216.45]) by mx.groups.io with SMTP id smtpd.web08.2930.1643917887784114761 for ; Thu, 03 Feb 2022 11:51:27 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=RFdCBLrh; spf=softfail (domain: sakoman.com, ip: 209.85.216.45, mailfrom: steve@sakoman.com) Received: by mail-pj1-f45.google.com with SMTP id o16-20020a17090aac1000b001b62f629953so10988317pjq.3 for ; Thu, 03 Feb 2022 11:51:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=TCgFNt37Ut8Ay9BhLjxMWvf1epipg2bXzcpRkxIfZgs=; b=RFdCBLrhwyNEQTfRZqt7kRZRxrnxnlmBsSCzdCehU9Lxb4uEguDicBWXOpt1YeN+zH nV5NQ/77yGsVJmk0/u4577ayxjjR1+7Rr9h+e0z1iSnnwXXeD6Fy3tkDqREYyHueE/Yj 5AwXS+P7iScv7Hm7TtaW2yI3X+H2ovM0YW03DysN47RewVfAtu+3hPQPfI1V9J0ltc80 I5SzP4XgTS+yUZEcnRGJFfzRMRFAIziACBeeU7mkxx9KDn/i2KPo4qbUt6HESXMe24v4 b0oBOlgCMvNzycmV1bovxP2bkiXCZiX3IHEJkhHxQP+AXHkYuFxTfw3q3h3UTTGqfg2m HrsQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=TCgFNt37Ut8Ay9BhLjxMWvf1epipg2bXzcpRkxIfZgs=; b=l6VyGT/BoNV6S+s0bmDz+OO/1yjN8F/IfmzfTTYRUBaMWeR8GR5o3tyDY6HTqLq+zv FpklZEUUUyVXVQAjXRZfqNKNKmYCdzZF7swmKGPTK9no3YQV6wP3uotZKSAUjw9n+oBX lwwUhAc3HBZ6OlRsAEnXsOAQhd7TqPAhkV7B+vh3IeXibnQNDePYDL3BL4iy72c8ZUXY zd1Q+znKd8zSEIRvLWIF816bNcwWK14F9QJpe9VRaMkeL/H5ywpOrQ6ux7jwS75P3aID kR2ds7rFImY1LxphN4Se4F2YVozIQI/wCKZKu94BF8YTtVXDqKpCn2iSYX2dobeK9VYS Ihlw== X-Gm-Message-State: AOAM531RmxjTw9EbnYYIX1RqXJ36NIxLa5LS70cYYQ8P6pNxPuQnO0qS dqwUtoAeYovIzoZTVdBW1RVoZlz7AQIBnv/e X-Google-Smtp-Source: ABdhPJyr0Iq3/L4zhq/WKCTTGZjf6mSdazZ6GJKfKUji10rMMcTPq7B/8sK/t6qsX1qxZnD++UUcFw== X-Received: by 2002:a17:90b:1952:: with SMTP id nk18mr15529566pjb.101.1643917886640; Thu, 03 Feb 2022 11:51:26 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:25 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/20] common-licenses: add Spencer-94 Date: Thu, 3 Feb 2022 09:50:35 -1000 Message-Id: <0814f13024d17b5e0f83597ce4a97e312aac97a5.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161306 Required to correct lsof licensing Previously added in master (along with many others), trimmed to just Spencer-94 for dunfell (From OE-Core rev: e2f9092c37395f4e3ee9d0777e28c83cce6007ee) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Nisha Parrakat Signed-off-by: Steve Sakoman --- meta/files/common-licenses/Spencer-94 | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 meta/files/common-licenses/Spencer-94 diff --git a/meta/files/common-licenses/Spencer-94 b/meta/files/common-licenses/Spencer-94 new file mode 100644 index 0000000000..75ba7f7d2e --- /dev/null +++ b/meta/files/common-licenses/Spencer-94 @@ -0,0 +1,12 @@ +Copyright 1992, 1993, 1994 Henry Spencer. All rights reserved. +This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University of California. + +Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it, subject to the following restrictions: + +1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in it. + +2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read sources, credits must appear in the documentation. + +3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few users ever read sources, credits must appear in the documentation. + +4. This notice may not be removed or altered. From patchwork Thu Feb 3 19:50:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3268 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25EC0C433EF for ; Thu, 3 Feb 2022 19:51:30 +0000 (UTC) Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) by mx.groups.io with SMTP id smtpd.web10.2850.1643917889790152492 for ; Thu, 03 Feb 2022 11:51:29 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=MfHeRqrF; spf=softfail (domain: sakoman.com, ip: 209.85.210.180, mailfrom: steve@sakoman.com) Received: by mail-pf1-f180.google.com with SMTP id y5so2172928pfe.4 for ; Thu, 03 Feb 2022 11:51:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Wi4/6tHOvSQkarDWq2HYCRuCS2wVdsorjrrW6ME4KGM=; b=MfHeRqrFNeBLAam/nNG9uF3221x0XzhDj8wsWTc7NthaJXkhKq7wHkteQF/l4UCqhv AbxoqoqXnh3bQ7zTBFKk9agq2Jr0GNMX6zVc8JgMkfCMmluN72a90oHPEGxNF5StI+kb WxDyj8yUtyrJH9MwcN+dkgMgi/gGNbEZnpnp2GcUgtnS68obiLO751vfnDnc2lkvHmzA CQg2J67BpvSUxZa2aZLTu4XqvDP0lZ6XbNpfkm2ad/lHK6oytnV3BuH4tZ8WYl9ULOR/ dAtE20pSNDI2O6fnjR2dm4r8Sjb6/2QunoHMdhWTcsjXL5YmQN+2UxeRnTAopNq4oHTc aY1g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Wi4/6tHOvSQkarDWq2HYCRuCS2wVdsorjrrW6ME4KGM=; b=8CXAnb1EP7o3XCP4w1Rw0lW8EZCe8do5ohqGsgC765dwmRX8/+EE0p+yBLMpg9rsJH sHhETE/L/TLOT5SxeALzUag7Hw7SMzOAvBU5WyBYY6xgQ4BrdASB4xTK7FNu9fJg2KKe 0BpKpvtYjJWB0ngKMgq3rZEiprXGnQzHoz3L77ifRFd46nVxlyeBRxsSx2M2nwAvnNOb xq5+q8AbEcC1spDZUBPy3j7m5q2d6s3bhgF9YUPe9nV4+/xdR5xhAMzj6HSyq5gVWqX/ dtHvD8Y47uqXcYsfHmVcwa7Z/SXGE6e2Z71V28ZWfLox97uh3hM7w5rZJmBozNKpE9da Bggw== X-Gm-Message-State: AOAM532MExpC+v0FTN/pEwohp60NZsxRHK26XxSWqejFN62IYyCFGFAg JJTUU2CQ3pf24dyw38EBvnX4143HcQ00IOFD X-Google-Smtp-Source: ABdhPJy6wuMDDNC6HhRUnOi6ifdUAZC9LULFQ373ska2rqwH/RGjG4zi61nKJduIWnG5cr4LW7idZA== X-Received: by 2002:a63:fc64:: with SMTP id r36mr29691834pgk.529.1643917888803; Thu, 03 Feb 2022 11:51:28 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:28 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 12/20] lsof: correct LICENSE Date: Thu, 3 Feb 2022 09:50:36 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:30 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161307 From: Ross Burton The lsof LICENSE is superficially BSD-like, but it isn't BSD. Now that we have the full SPDX license set in oe-core, use Spencer-94. (From OE-Core rev: 5c1d61d1d4dfacb643a366285c0392e6a31087ed) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Nisha Parrakat Signed-off-by: Steve Sakoman --- meta/recipes-extended/lsof/lsof_4.91.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/lsof/lsof_4.91.bb b/meta/recipes-extended/lsof/lsof_4.91.bb index b3adfd57af..7c85bf23fc 100644 --- a/meta/recipes-extended/lsof/lsof_4.91.bb +++ b/meta/recipes-extended/lsof/lsof_4.91.bb @@ -3,7 +3,7 @@ DESCRIPTION = "Lsof is a Unix-specific diagnostic tool. \ Its name stands for LiSt Open Files, and it does just that." HOMEPAGE = "http://people.freebsd.org/~abe/" SECTION = "devel" -LICENSE = "BSD" +LICENSE = "Spencer-94" LIC_FILES_CHKSUM = "file://00README;beginline=645;endline=679;md5=964df275d26429ba3b39dbb9f205172a" # Upstream lsof releases are hosted on an ftp server which times out download From patchwork Thu Feb 3 19:50:37 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3269 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B51EC433EF for ; Thu, 3 Feb 2022 19:51:33 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web08.2933.1643917892065042809 for ; Thu, 03 Feb 2022 11:51:32 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=3jIxNSHb; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id c9so3099320plg.11 for ; Thu, 03 Feb 2022 11:51:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=VWGO4Zn4K4sN0NvmXTRffvYVKojbdQEv/6lWkXzF6/w=; b=3jIxNSHbRNFRxOXf1wtVMYiWaHUFu5d4kN9KYRIQOwQj499jSlFN3JmMgp5kiXzVVE CkjEjN24h6Djo/xgIcGzAQFI7zqHcy2o4DrMyHvfYvzMF2DTZs9b3sbUQwxxIX3wsAwk h359BnHOYs4EcKkzY9iRK8SABN3qceZnJAOfwPViV1SXeIJd5/SgKJ1vbvKRXnCv9dcR lvIE/VyrF3LZYajngeJgvcxz7/tPjzbU2Nninx0vPtDfSndQ/0OCpp5mVirtbzR/9ynf DQgyRJQggxHNCDP+ixQYMxAol4qh7eC/MMGBvjvzlTY6LChEmG5E9pqC10vGhlVCfMKW BC+g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=VWGO4Zn4K4sN0NvmXTRffvYVKojbdQEv/6lWkXzF6/w=; b=aXmbw2RP/gT0pzL3PNkQsXtbka/4e44KTlSNyXU0vnNeiz0PwAaRMCng0/bOhTCPjG Pw4X3ZRqeN7PVt8akPdLKxo44+QxeD+1wYA0PHAVzlE2/b8sBNr81OnveGC0Rvrffs7p enFG0KXqQ+k8KKl7ugvQ3Aq1PPQFO+HbeYSlkCObbJ/qPTg1faUL6hxbXBN5UEQK5gge d4pOX9qnyrbkaNQDpDiKQQSb0WV+OQol7NGuQL4ZgOfgz6zYtRpcIWOfjun0sxBJHNSc Q7HacT4S8aekCyqx+upHOT0jXeNTLdsxMBYdQKJ7nQQgX16qT9LULCHP0LJL64vsidLG m//g== X-Gm-Message-State: AOAM532T+n32etz8pPcE9prvB49n03YbzBiw8/JZufTR1CjWaOPHVyvJ 9fGNx+FDU5O4ATqxqCNspwPqUPqnCnVVHghT X-Google-Smtp-Source: ABdhPJyU32WiBs9l1DLjDi5TiLfudSyxgtcBAcNlRNTNJVtvNdVuHxuuGwUEDyC5SOFFOttgtazmdA== X-Received: by 2002:a17:903:244d:: with SMTP id l13mr36400417pls.142.1643917891002; Thu, 03 Feb 2022 11:51:31 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:30 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 13/20] tzdata: Remove BSD License specifier Date: Thu, 3 Feb 2022 09:50:37 -1000 Message-Id: <1969b58049f95c351855e5ee7c04d7d28899880d.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:33 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161308 From: Joshua Watt The code in question is licensed under the BSD-3-Clause license, so including the generic "BSD" license is unnecessary. (From OE-Core rev: c39fc075ce3fd5b53c2a2fccb43500ee0a12f39d) Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie Signed-off-by: Nisha Parrakat Signed-off-by: Steve Sakoman --- meta/recipes-extended/timezone/timezone.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/timezone/timezone.inc b/meta/recipes-extended/timezone/timezone.inc index e9eb249afe..43d14d7f12 100644 --- a/meta/recipes-extended/timezone/timezone.inc +++ b/meta/recipes-extended/timezone/timezone.inc @@ -3,7 +3,7 @@ DESCRIPTION = "The Time Zone Database contains code and data that represent \ the history of local time for many representative locations around the globe." HOMEPAGE = "http://www.iana.org/time-zones" SECTION = "base" -LICENSE = "PD & BSD & BSD-3-Clause" +LICENSE = "PD & BSD-3-Clause" LIC_FILES_CHKSUM = "file://LICENSE;md5=c679c9d6b02bc2757b3eaf8f53c43fba" PV = "2021e" From patchwork Thu Feb 3 19:50:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3270 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 24F13C433EF for ; Thu, 3 Feb 2022 19:51:35 +0000 (UTC) Received: from mail-pj1-f44.google.com (mail-pj1-f44.google.com [209.85.216.44]) by mx.groups.io with SMTP id smtpd.web08.2934.1643917894224848566 for ; Thu, 03 Feb 2022 11:51:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ZL0jC4xG; spf=softfail (domain: sakoman.com, ip: 209.85.216.44, mailfrom: steve@sakoman.com) Received: by mail-pj1-f44.google.com with SMTP id d5so3392797pjk.5 for ; Thu, 03 Feb 2022 11:51:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=T6fpMUelOll/ngCnYRwTZhiHnqwjvC64cYSFTNkhBJg=; b=ZL0jC4xGo9iIzTgADkINogZZ9wFa7R/z61o6wMunYihNmSFWW2nQg0Vwaf2+fjhbyn fAnHqSPQ11rVv/ZX7O4ZF6IgiEM0r9gKEcbwv4T1UvsJoeHPCKcyo9o3D5l7OnOwoud3 kCSRRF5odHrdsnrD4bFTQVl5V+SwqCYpJLwyIf/kbIDVMFk9XfThrArl3DLGUIS55sma paMUC3qVmRvGg+1kSne3PAtDgBqznRvJc7c8C6qfU8QzSNXX4M2czItMiwPzReTveiQS 4t+YBKRD4OC7LbBsk9b6N7HeHxT5iNEEGjiID5Vm759s7XPEAFPrCjmH6xBe6HqfUMvi dNdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=T6fpMUelOll/ngCnYRwTZhiHnqwjvC64cYSFTNkhBJg=; b=WFpIO79oN0a/wbdt4Z6Ga3S82uNOMcy6kfyNNAc/dzPqQvCR2EK3hmMDRUv16a1cj2 W9R9xw1utiT/IxRzKfiWmtPjaE5AuhT9tAjMAQLyk5tuKgNT6pulleRFidurrozKnp2O 8d54adqe1kgjrWn+w34Kj2XL9Wg+aicIxocAP+tph7Tmwfnndlt7R83hZqy8RW+DsFSN nmWdqLawGYgNOsRyxXCMU8yboegIE9f4h599GWEultnThEhI2Hwuii+SHAndJ572eR7Z 3HOoQ8dl1h2PKBY3pgPiAPKCha35IzYHP+Lrd3O+IiDXMRevq6/qZbGTDmoSTCtIc5Aq mzxA== X-Gm-Message-State: AOAM530BbUdVpSB2QPRgUg1mQmWL6rzj5Fe+TPa9dBS9fqU6TE4J7v4D 4sxXkokAevnuj1kWPC4GHJMs5NGp0ofui6Wv X-Google-Smtp-Source: ABdhPJx7hI4/Nce++k7aAB3AiQZSe2Xosr2CbxzOL4Yx8hx5gR7IFFcVVhk5b5Nytmzr0oa+yoDTAw== X-Received: by 2002:a17:902:e552:: with SMTP id n18mr37313976plf.152.1643917893235; Thu, 03 Feb 2022 11:51:33 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:32 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 14/20] e2fsprogs: Use specific BSD license variant Date: Thu, 3 Feb 2022 09:50:38 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:35 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161309 From: Joshua Watt Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 966fb77981e4fed0ab7998439940b1e05dd0ee43) Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie Signed-off-by: Nisha Parrakat Signed-off-by: Steve Sakoman --- meta/recipes-devtools/e2fsprogs/e2fsprogs.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc index 45fb9720ee..57e4665a34 100644 --- a/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc +++ b/meta/recipes-devtools/e2fsprogs/e2fsprogs.inc @@ -3,7 +3,7 @@ DESCRIPTION = "The Ext2 Filesystem Utilities (e2fsprogs) contain all of the stan fixing, configuring , and debugging ext2 filesystems." HOMEPAGE = "http://e2fsprogs.sourceforge.net/" -LICENSE = "GPLv2 & LGPLv2 & BSD & MIT" +LICENSE = "GPLv2 & LGPLv2 & BSD-3-Clause & MIT" LICENSE_e2fsprogs-dumpe2fs = "GPLv2" LICENSE_e2fsprogs-e2fsck = "GPLv2" LICENSE_e2fsprogs-mke2fs = "GPLv2" From patchwork Thu Feb 3 19:50:39 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3271 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 258E2C433F5 for ; Thu, 3 Feb 2022 19:51:37 +0000 (UTC) Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com [209.85.210.172]) by mx.groups.io with SMTP id smtpd.web09.2920.1643917896478582350 for ; Thu, 03 Feb 2022 11:51:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=pJmOTf8z; spf=softfail (domain: sakoman.com, ip: 209.85.210.172, mailfrom: steve@sakoman.com) Received: by mail-pf1-f172.google.com with SMTP id u130so3118935pfc.2 for ; Thu, 03 Feb 2022 11:51:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=acfMHpRl/DhPcBMJj+hgjbKjZiQo+ZcgGiy8E7ZBpHg=; b=pJmOTf8zXtW41AC7Sz3StTH3z5nV8+9OV4QLGIMe756r+dV9QBM3Z8TLKn1rtEtkAH VP3tHsKKwATirdhgevAdY3O4bO0Q2VMd3z/InND19N6TqDKRxH/OmUnLAVRZsVxtVDt7 OjsIk2MmsIt8ZcwmBjwczq6d+22zoeryQwghB/2vsOJTz3PJJhfIcVluoHlH+ilxzfU0 kKzkDDpjqoBH6Gs7y1KDRuZeNw+lXMT2WBRlJnBHipHK3zJidarRjuu/vUskIzygTVS8 sPpsLWCKxEMTR2jUvy8d3nAtntZ9lf93kuPC1t+5r6OtWa4cUpXZoFf+qbF5mrQrLDN4 XFGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=acfMHpRl/DhPcBMJj+hgjbKjZiQo+ZcgGiy8E7ZBpHg=; b=QeGG5w5YsFDU0TBEHEy65CBXulehQSxrjC6fsUDM6I44jCAEiQk/rYdWzX5frI5dcN b/Z8ag8eI5vsomdo7TeffAHtc1xYcbpDWwBI8Oqnoni5cxRi+tGN46qVTfX6FAUdLY/d 3FQcLD1AntYCtEzq/DzIDgvnbK6uw9ebUo/YO4lKG+YHuiFCBszc1VOLab7ayMbjVvq0 YBIGlGCUciQFqde2Xo5V4HBoQr0NoATuihdqbbMkiMtuCWlpo7H7vTFcpI8b8jz7WltY LIS5tLKXAomvNuU0soFiEyxyRKu6DQsgWI9u6F9b4URFw4wLibx40qPzqPSeNmGgCQrM BF5A== X-Gm-Message-State: AOAM53081AU2H1TXxgCB+DjXLRtY905v2oUXOFEcpqCdDq1VJMTOJ+f5 1u7GJ58XKw94GW08HGreTPNAXP4VHn+NTNHV X-Google-Smtp-Source: ABdhPJxuEdK0RBvDHSdTO9XN+GQfvOhjJDm3WO+qWNPYpyxEPopyDtpmw4SrzWn5eaCN9KyEWbVMxQ== X-Received: by 2002:a62:1715:: with SMTP id 21mr35155765pfx.59.1643917895404; Thu, 03 Feb 2022 11:51:35 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:34 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 15/20] glib-2.0: Use specific BSD license variant Date: Thu, 3 Feb 2022 09:50:39 -1000 Message-Id: <746337ca6c89b116a314ebcf7169f6f88add0270.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:37 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161310 From: Joshua Watt Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 91cd1ef01a3f3883c04bac67af2672ec60e20fb8) Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie Signed-off-by: Nisha Parrakat Signed-off-by: Steve Sakoman --- meta/recipes-core/glib-2.0/glib.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-core/glib-2.0/glib.inc b/meta/recipes-core/glib-2.0/glib.inc index c3ddf18387..1849a6e05c 100644 --- a/meta/recipes-core/glib-2.0/glib.inc +++ b/meta/recipes-core/glib-2.0/glib.inc @@ -4,7 +4,7 @@ HOMEPAGE = "https://developer.gnome.org/glib/" # pcre is under BSD; # docs/reference/COPYING is with a 'public domain'-like license! -LICENSE = "LGPLv2.1+ & BSD & PD" +LICENSE = "LGPLv2.1+ & BSD-3-Clause & PD" LIC_FILES_CHKSUM = "file://COPYING;md5=4fbd65380cdd255951079008b364516c \ file://glib/glib.h;beginline=4;endline=17;md5=b88abb7f3ad09607e71cb9d530155906 \ file://gmodule/COPYING;md5=4fbd65380cdd255951079008b364516c \ From patchwork Thu Feb 3 19:50:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3272 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25C0CC433F5 for ; Thu, 3 Feb 2022 19:51:39 +0000 (UTC) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mx.groups.io with SMTP id smtpd.web08.2936.1643917898741290099 for ; Thu, 03 Feb 2022 11:51:38 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=AccmYIl1; spf=softfail (domain: sakoman.com, ip: 209.85.214.174, mailfrom: steve@sakoman.com) Received: by mail-pl1-f174.google.com with SMTP id k17so3166189plk.0 for ; Thu, 03 Feb 2022 11:51:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Vo0mziygcECIVcVOWEQKFXmgPR8W8NVv4ujjXkitGHc=; b=AccmYIl1K6BMshxUl0vE1ptGnmb2nJDVRU02EW61JOGUlt8u7YCuxXgp0DCIZ1990b CcWdPBqj0ak6urjv5rsWp0HkFysmDAQNpYWTnH2OtuKzF0peQtYJ/UFGl7q0TvAtGjYV 0R4DWy4dkQkXZk3rmX7Ux9kmXvd/jtP72EpkL+aAZ1pSJRq2LssbtQibbycR1o68KnOk LKJ3awNo+Y1gUPMrtUeotnwapntu7Si3OvzhDRrKekpNBFiLVQnPTK+i1iz0ZTjMU+vk 4gi0yi+IpZ318q1eA9Zxc6R/r76F9UrUNORDKpzJDb+eRIz4+BfwiAwLDLIaZITf3Gn9 GwWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Vo0mziygcECIVcVOWEQKFXmgPR8W8NVv4ujjXkitGHc=; b=y68i0HRdDnU5o9g9DtkF7t3hPq/sje9TmITt6pJvFZst9SV5PzfP1pTaPftsKg71YU g7b8cYaQHZMz3yHCFEoaDK5dMxOG2nJATuvRQR9x+Dr/RiGaD+lM7PTCClyt2xIsie/Q cUmmREvQUrXvc1R504EtsYJiYmDMnYmu9rxyk0zDJhuZSt/QCV2f7dG124Y5YRka218I 0RwdUWyzhQVCkrYfVafYAMumz7dhyo9u5f8xu7jYSqHwR03F/9D9m5irAUy0m3b+pMsp OTpRIsWlF2Y3ovTFwiyc5537A46P05hUv2h4OxfTwRP3EuXxcwdusU0M2pfsnBPoklSV 1gzQ== X-Gm-Message-State: AOAM533608CtQcK2qT1JPy8L0b+HRXaC1eNWXUj0/q9yc9oWqNtDR5AX SlMbxrcDaAfzXJfBok0OUfVl7HrRdxLztDlw X-Google-Smtp-Source: ABdhPJwRHV8vEFowazvVTygjz+ZyE6vOv2odcrS0lVTCSQjPaEUewCg93DLFSgH0XHNSGja0yjNPcQ== X-Received: by 2002:a17:90b:4b88:: with SMTP id lr8mr15469020pjb.12.1643917897776; Thu, 03 Feb 2022 11:51:37 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:37 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 16/20] shadow: Use specific BSD license variant Date: Thu, 3 Feb 2022 09:50:40 -1000 Message-Id: X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:39 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161311 From: Joshua Watt Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 65e3b23e1b266653fd30c90222e953f7e37fba0c) Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie Signed-off-by: Nisha Parrakat Signed-off-by: Steve Sakoman --- meta/recipes-extended/shadow/shadow.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc index 7061dc7505..bfe50c18f6 100644 --- a/meta/recipes-extended/shadow/shadow.inc +++ b/meta/recipes-extended/shadow/shadow.inc @@ -3,7 +3,7 @@ HOMEPAGE = "http://github.com/shadow-maint/shadow" DESCRIPTION = "${SUMMARY}" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base/utils" -LICENSE = "BSD | Artistic-1.0" +LICENSE = "BSD-3-Clause | Artistic-1.0" LIC_FILES_CHKSUM = "file://COPYING;md5=ed80ff1c2b40843cf5768e5229cf16e5 \ file://src/passwd.c;beginline=2;endline=30;md5=5720ff729a6ff39ecc9f64555d75f4af" From patchwork Thu Feb 3 19:50:41 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3273 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25E2BC433EF for ; Thu, 3 Feb 2022 19:51:42 +0000 (UTC) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by mx.groups.io with SMTP id smtpd.web09.2922.1643917901378617881 for ; Thu, 03 Feb 2022 11:51:41 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=MtTdVArG; spf=softfail (domain: sakoman.com, ip: 209.85.210.178, mailfrom: steve@sakoman.com) Received: by mail-pf1-f178.google.com with SMTP id e28so3108230pfj.5 for ; Thu, 03 Feb 2022 11:51:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=nfhVau904lFdonh1+aQ04j0dUx0LAnyS99ID3a2Msn0=; b=MtTdVArG8TJPDCTui6bnW5j/4LbOZLbPplk+CzZiCw/Wr45UjlBMRI1R2O0IPi+3k9 EcGdRERZEXf4mxblQlTRfT2WVgtK5yHv7n4MpNhb6wiQjuzv6lXUfI/SlqFxxLx9Gy3Z O5gFE63RuNzs6yPEsudxecpsaRUtYDXv+S6zCoeXF0oilN1mKAdul9NcMGidZzHxvOqL lCFEEmmsBT+9f9CwjH1iV1q1j5dYa/dZC4eph4Z/X8BEp2FgmUaQ2GmjjM3xGgkGXK1E /8cFBKuQkRNfMNYRXzVDGJpsk1DApXeLrGDolCsCEPEBc79wR2JkeXyOfGIkGh+6pgqV wLwQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=nfhVau904lFdonh1+aQ04j0dUx0LAnyS99ID3a2Msn0=; b=UsXq9XP1TrPhoNWGMJRFprBxi6U23p19aFjiuHQTCXSqHptW2d3bENiGLBgrXhtGsL 3NgvtbroGugdCg2aueRs+D719umKwr5Os5qenitvFr2wknA7nMbhzrRwD80sJlnzeSu4 L4t0QjYJCOPLRPjYIRVhOZwWub3N0h8eREC3kVeYu+o2A5bro85tzTlDnzEXRbenvpNI vk2J3KTcub99wabKaXwIXPuaIEjmhgKg7BZzbdlDVksw9rfpcf62RtNBJ7JcfhuguyZq FtecbvvnW2PHtpWM3J8vnbAkJ3stjVL7Fkcb4V9DtjN0IqKv2/BdIDFwiHCfigvDnPL2 s+4w== X-Gm-Message-State: AOAM5301I/T0P7YdG0lSNtsikBFpIxmth5rhbVLlc4Lm1yfGU+ivy17a lR5+WkHNQfTfaxcko/GPlxhXUFi1RbrNKWt/ X-Google-Smtp-Source: ABdhPJwKgq+CmEzw0S1DEhd/9+oRDlChKobF5Qh0uNTipnK2f8PDNBu/wP4nYJzmcvmHqevWTowZag== X-Received: by 2002:aa7:85c6:: with SMTP id z6mr35866041pfn.45.1643917900355; Thu, 03 Feb 2022 11:51:40 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:39 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 17/20] shadow-sysroot: sync license with shadow Date: Thu, 3 Feb 2022 09:50:41 -1000 Message-Id: <9cc84297f6a1de54cb7fdcd772e5f32f697c522f.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:42 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161312 From: Ross Burton This recipe is just a single data file from shadow, but as we can't easily tell what license that specific file is under just copy the full license statement. (From OE-Core rev: f0e2f3b1f855ea6e184bd1d8d796279fedcbfa33) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie Signed-off-by: Nisha Parrakat Signed-off-by: Steve Sakoman --- meta/recipes-extended/shadow/shadow-sysroot_4.6.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb index 5f7ea00bf1..4e68f826c6 100644 --- a/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb +++ b/meta/recipes-extended/shadow/shadow-sysroot_4.6.bb @@ -2,7 +2,7 @@ SUMMARY = "Shadow utils requirements for useradd.bbclass" HOMEPAGE = "http://github.com/shadow-maint/shadow" BUGTRACKER = "http://github.com/shadow-maint/shadow/issues" SECTION = "base utils" -LICENSE = "BSD | Artistic-1.0" +LICENSE = "BSD-3-Clause | Artistic-1.0" LIC_FILES_CHKSUM = "file://login.defs_shadow-sysroot;md5=25e2f2de4dfc8f966ac5cdfce45cd7d5" DEPENDS = "base-passwd" From patchwork Thu Feb 3 19:50:42 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3274 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 25AE1C433EF for ; Thu, 3 Feb 2022 19:51:44 +0000 (UTC) Received: from mail-pj1-f47.google.com (mail-pj1-f47.google.com [209.85.216.47]) by mx.groups.io with SMTP id smtpd.web10.2856.1643917903862011863 for ; Thu, 03 Feb 2022 11:51:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=EWz7Pfuw; spf=softfail (domain: sakoman.com, ip: 209.85.216.47, mailfrom: steve@sakoman.com) Received: by mail-pj1-f47.google.com with SMTP id s61-20020a17090a69c300b001b4d0427ea2so10991863pjj.4 for ; Thu, 03 Feb 2022 11:51:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=ffCrmA2ZQK/mtp0CiDPtA9SNW4YxOEQ9g+1g/Q6TCFo=; b=EWz7PfuweWeng87YDBo4CjHDVjBSxfvWdu67R8Eb/XOf6XqwtAduGE8sJDThYEHQLX w4d28tkOmFl5LdM2hquo1JCPPJJRnEBFKDz+NBrISSPQhs13Rlp2Xp4dwN2NRJIilN+A KBMViPIl6gI1oFUuvDKvp2xePVMaj+1UIirnlRqYzwSnAHy80Dvla6F0CmbrE61K7bwk PMl+zare5VyBNTK0PFEweeQKdTUsRpNUNUuE3Dg8KKyPqAyJJCYryoKcCmdH4z+6+sOd 9FX8jQRJDAeSDvjlhpf2G+RUA+9D5jnOt9x6eFrhRNWKaGBg3igHK56OQzphEl2reNBP GuMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ffCrmA2ZQK/mtp0CiDPtA9SNW4YxOEQ9g+1g/Q6TCFo=; b=KpLQcOFjAzFvTmKSJubBPXRWO/AC2Yqxxp2U5kNk/Eit2L5geSH3mRMETJkwwbfF42 ITzSO3diZSfcjcvWjCSyb3MCbNIT1O59dI0s5BfeSoY8KwfMS3kttSlA887HR5BHSAKu aWMcD1jYzBCkSe4hjWzzmQT4u5wFdyXd8vfYRi9+IyAj1jXtC3leCcWNuQBuVnmjshOs 229xLhCiHSif6VrvVCniK91f3CR08b+5Z5ybs0VgNVlz4Q8EW9on9ecCwjDzAa+SYFrr pDt5/ft/Z7n5Q0e5/QtqI0ZVZh2BzUHxe0uVjpSw9+L/CpUMPnqBsyv2hIvIkR6/YZ+3 8epw== X-Gm-Message-State: AOAM530wfhJMVPkwMyE/6lBu4c0Ey9ZJFrSB3Czq0puR4efwpUh4tbIs NKChS0H0QQkWiM2VErkWpdKwHFP/XQwHUxkR X-Google-Smtp-Source: ABdhPJxYYpKbFM+gi6Jfazh/rifrHsUyG0ZCp+36wTqKoVHgDHkYSpobcEiToIvZHyGjzW/1o0UmQw== X-Received: by 2002:a17:902:c10a:: with SMTP id 10mr37546940pli.108.1643917902772; Thu, 03 Feb 2022 11:51:42 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:41 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 18/20] libcap: Use specific BSD license variant Date: Thu, 3 Feb 2022 09:50:42 -1000 Message-Id: <94aae176545b4005e0607cc9acf386e8f7adb558.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161313 From: Joshua Watt Make the license more accurate by specifying the specific variant of BSD license instead of the generic one. This helps with SPDX license attribution as "BSD" is not a valid SPDX license. (From OE-Core rev: 9e8b2bc55792932e23d3b053b393b7ff88bffd6b) Signed-off-by: Joshua Watt Signed-off-by: Richard Purdie Signed-off-by: Nisha Parrakat Signed-off-by: Steve Sakoman --- meta/recipes-support/libcap/libcap_2.32.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-support/libcap/libcap_2.32.bb b/meta/recipes-support/libcap/libcap_2.32.bb index 325fa87a1b..d67babb5e9 100644 --- a/meta/recipes-support/libcap/libcap_2.32.bb +++ b/meta/recipes-support/libcap/libcap_2.32.bb @@ -4,7 +4,7 @@ These allow giving various kinds of specific privileges to individual \ users, without giving them full root permissions." HOMEPAGE = "http://sites.google.com/site/fullycapable/" # no specific GPL version required -LICENSE = "BSD | GPLv2" +LICENSE = "BSD-3-Clause | GPLv2" LIC_FILES_CHKSUM = "file://License;md5=3f84fd6f29d453a56514cb7e4ead25f1" DEPENDS = "hostperl-runtime-native gperf-native" From patchwork Thu Feb 3 19:50:43 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3275 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 31274C433EF for ; Thu, 3 Feb 2022 19:51:47 +0000 (UTC) Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) by mx.groups.io with SMTP id smtpd.web08.2938.1643917906676058486 for ; Thu, 03 Feb 2022 11:51:46 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=ux1/+Xlj; spf=softfail (domain: sakoman.com, ip: 209.85.216.41, mailfrom: steve@sakoman.com) Received: by mail-pj1-f41.google.com with SMTP id r59so3395209pjg.4 for ; Thu, 03 Feb 2022 11:51:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=dBigTvc52/+CMAkCQ0trjJ88o8N6HICO4jZB5kYhn8o=; b=ux1/+XljUbYr0/UlElXX0WdbbpgK6pCq08d8/72pHsVz/VmOXZPvOnMh4ADqZw0OiW bO83bqbS/IPELOVS8Wo5aIBSdaETZUXpKd4B6S959VZxyDbbUExjn/p3rc2kuuqn+53U 1eTNMLshaL7EMg9+ETGRz4aqJ5SQgozddzBP1YQxpov9Jf5tI/C1Qhr9Zl0qp2f4dkSt f3EGhk0NPF7HdIQZofSi7l3/05D/1J9FwADxkIv83wsjJsO5lHQRRJTXVr7f6CI7srPZ h3hm7C7J82+RQMWgJHli8pzC6lCSnHOsK47/w+tsxprbvESL4PhpbN9zXkj0+Cm2OIH4 9Ztg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dBigTvc52/+CMAkCQ0trjJ88o8N6HICO4jZB5kYhn8o=; b=3dsjQZxoXdvaYVOim94nNisDbdiqKd8FxYnHY+2t3X9lgDn0TgTcPuJMDLw0+pYDI+ AXDKdPePJOnugMXDKTtpGSJrcjeKwk/Jxgmg9Zyqa8/OI2UE9MMIIqxPs+vscckzEgHX EO9bWOLXjPHDxdxbIrtSCDJ7hO3jOXDKJF+ri7fhO7gfys8E4Ndewu1nk6wadUOu13yY D2Orc3/h7lcrSVajmawnb0fViin0jvCl2VbboRkhAa5UaAoJaN/l7bJSuxYtKTM+YF5N wmVm30kmfdgpIcOuN5f9g1J0juCc5dGedFOkkcKOVLMsVIXllUTts3Pv7ZXnzKcDO4vw bhtw== X-Gm-Message-State: AOAM530LxEpNCePxrG2UO4tta9aARsxb+uziNB4ujishVo3dVjFo2Yup 4NYzyLzDNE6FI8mkktK+uOQd8X5BFWq2xwuX X-Google-Smtp-Source: ABdhPJzFDNWDGP1FsqjmSDPN25hcsSzO67DLdvGyPj1n5ghCSFD3bvxwGCL4WAIR/qBt5Zhx5fQY6Q== X-Received: by 2002:a17:902:7893:: with SMTP id q19mr24567504pll.9.1643917905082; Thu, 03 Feb 2022 11:51:45 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:44 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 19/20] linux-firmware: Add CLM blob to linux-firmware-bcm4373 package Date: Thu, 3 Feb 2022 09:50:43 -1000 Message-Id: <7c43920eaab8f31553ee0a14578850fd422f5877.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:47 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161314 From: Rudolf J Streif The Country Local Matrix (CLM) blob brcmfmac4373-sdio.clm_blob was not included with the files for the linux-firmware-bcm4373 package but instead packaged with linux-firmware. Signed-off-by: Rudolf J Streif Signed-off-by: Richard Purdie (cherry picked from commit 18ba64d4a12e7275381cf34fe72b757accbb1544) Signed-off-by: Steve Sakoman --- meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb index 92b6ff5157..07389f6982 100644 --- a/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb +++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20211216.bb @@ -751,6 +751,7 @@ FILES_${PN}-bcm4356-pcie = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4356-pc FILES_${PN}-bcm4373 = "${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.bin \ ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373.bin \ ${nonarch_base_libdir}/firmware/cypress/cyfmac4373-sdio.bin \ + ${nonarch_base_libdir}/firmware/brcm/brcmfmac4373-sdio.clm_blob \ " LICENSE_${PN}-bcm-0bb4-0306 = "Firmware-cypress" From patchwork Thu Feb 3 19:50:44 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 3276 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2756DC433EF for ; Thu, 3 Feb 2022 19:51:49 +0000 (UTC) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mx.groups.io with SMTP id smtpd.web08.2939.1643917908537109324 for ; Thu, 03 Feb 2022 11:51:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20210112.gappssmtp.com header.s=20210112 header.b=W02TdkkF; spf=softfail (domain: sakoman.com, ip: 209.85.210.182, mailfrom: steve@sakoman.com) Received: by mail-pf1-f182.google.com with SMTP id i17so3074648pfq.13 for ; Thu, 03 Feb 2022 11:51:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20210112.gappssmtp.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=ziZTb+dbzV3S1A1Hi4QoX+bgroZE0kCDbOc9uV4GQrs=; b=W02TdkkFzbiCar336IQlPW7ou0L1Fm7FhN3g+RQBICcjhIPhbVKoQp+IuGdQp7soXO figMQATI9hdlxkWqULRzPcK23pEKpyKazWWb4DU7+9BBtcufrognyDwA+AnLEnhsoU4l mcnWgvAfGT+hXDAW2xUi5BU3oSUKbZsbuHTaLRbn0sIAiutw2+oXMPxQa3/CCJkyn4mU sFRDfBqKMTk2MD7JvsjOc8p+GARkttf4lAyKULc0kNIvEgDJOgZuzoTaTc1UXIb+Rk5D gzNLI1r6J/lK4i8++UyPQSPVgZy5FyiIHbCxP+R7gRA83kmszM9X+M4VMw3POjMOk4Wv 5Vlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ziZTb+dbzV3S1A1Hi4QoX+bgroZE0kCDbOc9uV4GQrs=; b=L7LodkIwXoodc4r0ZJ98cV/0LtU1irxEuAvbRzBmm3N+oVy41OwkrRPz2reAE3AFfC dUFFbPfat0MzdVmOvWAwDqrbOYeWMmSU2vYbETE/h0iDXj8aGAU+6DYmlvXxdLfci+nL 0EidxD305vClO/Fab/ss144YoJaZUU3PUGA/KttNOGE3W/teEmVUS845+W25Bqi8d4/x IZALa5oGECJ5pMFV2H6I5kTlIhQAl1+2KUzkMfs4Ltjbvs6erdZ1OUApQ4c2tUwkhC9R CJGHZTOzndU9pPqh88WVMSqHLhpNZ1n2PMGAoKPVpxkrp5neXn9pQ5TmxHO0+wJnXqRZ Noug== X-Gm-Message-State: AOAM533ESaoLGdNmy4crW18fpF91mnveUWPC4GPwwJstpNJYR/kPpPqy OCw0l+OhUXzjzdQR6GfMdTKXqldoetChinr3 X-Google-Smtp-Source: ABdhPJwtuVhuuyGfFvvRLt0P+RLr0zAqCSU3nIx9X67PHbA8YxPCZNfPd9hn472u3bB0LxOxQyS0/Q== X-Received: by 2002:aa7:9acb:: with SMTP id x11mr34860018pfp.82.1643917907535; Thu, 03 Feb 2022 11:51:47 -0800 (PST) Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com. [66.91.142.162]) by smtp.gmail.com with ESMTPSA id s4sm27762216pgg.80.2022.02.03.11.51.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 03 Feb 2022 11:51:46 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 20/20] libusb1: correct SRC_URI Date: Thu, 3 Feb 2022 09:50:44 -1000 Message-Id: <0dee7ab265d0c02bb63f17db10a3c246a37297c2.1643917717.git.steve@sakoman.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 03 Feb 2022 19:51:49 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/161315 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Richard Purdie (cherry picked from commit d4c37ca1f1e97d53045521e9894dc9ed5b1c22a1) Signed-off-by: Steve Sakoman --- meta/recipes-support/libusb/libusb1_1.0.22.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/libusb/libusb1_1.0.22.bb b/meta/recipes-support/libusb/libusb1_1.0.22.bb index a4fe4de2cb..ffa8f0320c 100644 --- a/meta/recipes-support/libusb/libusb1_1.0.22.bb +++ b/meta/recipes-support/libusb/libusb1_1.0.22.bb @@ -1,7 +1,7 @@ SUMMARY = "Userspace library to access USB (version 1.0)" DESCRIPTION = "A cross-platform library to access USB devices from Linux, \ macOS, Windows, OpenBSD/NetBSD, Haiku and Solaris userspace." -HOMEPAGE = "http://libusb.sf.net" +HOMEPAGE = "https://libusb.info" BUGTRACKER = "http://www.libusb.org/report" SECTION = "libs" @@ -10,7 +10,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=fbc093901857fcd118f065f900982c24" BBCLASSEXTEND = "native nativesdk" -SRC_URI = "${SOURCEFORGE_MIRROR}/libusb/libusb-${PV}.tar.bz2 \ +SRC_URI = "https://github.com/libusb/libusb/releases/download/v${PV}/libusb-${PV}.tar.bz2 \ file://no-dll.patch \ file://run-ptest \ "