From patchwork Sat Oct 14 21:44:46 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32208 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6255FCDB482 for ; Sat, 14 Oct 2023 21:45:21 +0000 (UTC) Received: from mail-pg1-f182.google.com (mail-pg1-f182.google.com [209.85.215.182]) by mx.groups.io with SMTP id smtpd.web10.75787.1697319918935989478 for ; Sat, 14 Oct 2023 14:45:19 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=sug1v9pN; spf=softfail (domain: sakoman.com, ip: 209.85.215.182, mailfrom: steve@sakoman.com) Received: by mail-pg1-f182.google.com with SMTP id 41be03b00d2f7-5859a7d6556so2414382a12.0 for ; Sat, 14 Oct 2023 14:45:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319918; x=1697924718; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=fgXItSksrTat/DkTvQueHeisDVthwLP7wIslZdqeIJ0=; b=sug1v9pN81z4jcuvzAeBSdYjZa6szfimUwq9GKgr6BrgGcEuGi1CGKTU+jxb0boP7a Ngso3RFEznht8Af77net9woF/7ci3fISIMXP44dMwa++A+j4FoJDC+ZghK5BovjHZWRd 3GzoTbO+Yx+bLW1GVXXfs6/Vu/pm86AzBGJeTfmQWi0EqHaZDuSv+Ast9A3nh9y7F1ml NFwT5i4nVgNp7qzp18D7WU3mZG4Eaje98T6lb1LcLQ81jhq0Gb1WoQVr6HGfsfiW6+f+ 90uf2RcMjATGwdAFZl+iVnvLTbbY0EEy73zXhgOJBZLkO1pDjhM8drsb5d6HyuAvb34u B64A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319918; x=1697924718; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fgXItSksrTat/DkTvQueHeisDVthwLP7wIslZdqeIJ0=; b=NDKxZi9EhUoy+H0jBr9E9tXfSGdbET+/VkgoQ5NGAyGbhx5yEhH22xFLIT6IsfJUXw Ewzqyxb1h/r9ND0SychI5NHNAElwX1Xw/41UhdaCZbeAajH7HJICto8E/09sP4F99lEG gQ06P9MSpIxYeoHXvMRcLMkpqdNz49XEHgnJ3L4SB5fcfLhe6RsDVqbrRmN32lF/R19f cINdTgIXUJLSV9u9NbronTcvjZB3ISiDfcBoeVnTBXR2onFEB5LlK7cRbO+3/fToZMsp 0yuKl0Hnyqam+tDtcRso5vzdb/avuWXCFcm6nYmtyuRu7BBJjhCB8knDKRzdG78JOdMf DUOg== X-Gm-Message-State: AOJu0YyJeZ9vWGUVyEevv+C4IpHWRqxG0bC0LE49qPrYYrixhrLyISxq Acr2EgMBBmhb4H3YKp2gHm9XGekJZtYe3+adjhY= X-Google-Smtp-Source: AGHT+IEGdEcjSg8FD3FXewejoBOSU6ELY383GO8J4PBvgsWOlqdGpJW+GpE3+VPOisxVamLSnCf/eA== X-Received: by 2002:a17:902:e5c7:b0:1c5:b855:38f with SMTP id u7-20020a170902e5c700b001c5b855038fmr36798252plf.24.1697319917344; Sat, 14 Oct 2023 14:45:17 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:17 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 01/13] libtiff: fix CVE-2022-40090 improved IFD-Loop handling Date: Sat, 14 Oct 2023 11:44:46 -1000 Message-Id: <1effa609b5b527eb9afa5a2c529bdc0b317e4be0.1697319777.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189125 From: Hitendra Prajapati Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/c7caec9a4d8f24c17e667480d2c7d0d51c9fae41 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libtiff/tiff/CVE-2022-40090.patch | 569 ++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files changed, 570 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/tiff/CVE-2022-40090.patch diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2022-40090.patch b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-40090.patch new file mode 100644 index 0000000000..fe48dc6028 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2022-40090.patch @@ -0,0 +1,569 @@ +From c7caec9a4d8f24c17e667480d2c7d0d51c9fae41 Mon Sep 17 00:00:00 2001 +From: Su Laus +Date: Thu, 6 Oct 2022 10:11:05 +0000 +Subject: [PATCH] Improved IFD-Loop Handling (fixes #455) + +IFD infinite looping was not fixed by MR 20 (see #455). +An improved IFD loop handling is proposed. + +Basic approach: + +- The order in the entire chain must be checked, and not only whether an offset has already been read once. +- To do this, pairs of directory number and offset are stored and checked. +- The offset of a directory number can change. +- TIFFAdvanceDirectory() must also perform an IFD loop check. +- TIFFCheckDirOffset() is replaced by _TIFFCheckDirNumberAndOffset(). + +Rules for the check: + +- If an offset is already in the list, it must have the same IFD number. Otherwise it is an IDF loop. +- If the offset is not in the list and the IFD number is greater than there are list entries, a new list entry is added. +- Otherwise, the offset of the IFD number is updated. + +Reference is also made to old bugzilla bug 2772 and MR 20, which did not solve the general issue. +This MR closes #455 + +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/c7caec9a4d8f24c17e667480d2c7d0d51c9fae41] +CVE: CVE-2022-40090 +Signed-off-by: Hitendra Prajapati +--- + libtiff/tif_close.c | 6 +- + libtiff/tif_dir.c | 129 +++++++++++++++++++++++++----------- + libtiff/tif_dir.h | 2 + + libtiff/tif_dirread.c | 147 +++++++++++++++++++++++++++++++++--------- + libtiff/tif_open.c | 3 +- + libtiff/tiffiop.h | 3 +- + 6 files changed, 219 insertions(+), 71 deletions(-) + +diff --git a/libtiff/tif_close.c b/libtiff/tif_close.c +index 0fe7af4..2fe2bde 100644 +--- a/libtiff/tif_close.c ++++ b/libtiff/tif_close.c +@@ -52,8 +52,10 @@ TIFFCleanup(TIFF* tif) + (*tif->tif_cleanup)(tif); + TIFFFreeDirectory(tif); + +- if (tif->tif_dirlist) +- _TIFFfree(tif->tif_dirlist); ++ if (tif->tif_dirlistoff) ++ _TIFFfree(tif->tif_dirlistoff); ++ if (tif->tif_dirlistdirn) ++ _TIFFfree(tif->tif_dirlistdirn); + + /* + * Clean up client info links. +diff --git a/libtiff/tif_dir.c b/libtiff/tif_dir.c +index 1402c8e..6d4bf58 100644 +--- a/libtiff/tif_dir.c ++++ b/libtiff/tif_dir.c +@@ -1511,12 +1511,22 @@ TIFFDefaultDirectory(TIFF* tif) + } + + static int +-TIFFAdvanceDirectory(TIFF* tif, uint64_t* nextdir, uint64_t* off) ++TIFFAdvanceDirectory(TIFF* tif, uint64_t* nextdiroff, uint64_t* off, uint16_t* nextdirnum) + { + static const char module[] = "TIFFAdvanceDirectory"; ++ ++ /* Add this directory to the directory list, if not already in. */ ++ if (!_TIFFCheckDirNumberAndOffset(tif, *nextdirnum, *nextdiroff)) { ++ TIFFErrorExt(tif->tif_clientdata, module, "Starting directory %"PRIu16" at offset 0x%"PRIx64" (%"PRIu64") might cause an IFD loop", ++ *nextdirnum, *nextdiroff, *nextdiroff); ++ *nextdiroff = 0; ++ *nextdirnum = 0; ++ return(0); ++ } ++ + if (isMapped(tif)) + { +- uint64_t poff=*nextdir; ++ uint64_t poff=*nextdiroff; + if (!(tif->tif_flags&TIFF_BIGTIFF)) + { + tmsize_t poffa,poffb,poffc,poffd; +@@ -1527,7 +1537,7 @@ TIFFAdvanceDirectory(TIFF* tif, uint64_t* nextdir, uint64_t* off) + if (((uint64_t)poffa != poff) || (poffb < poffa) || (poffb < (tmsize_t)sizeof(uint16_t)) || (poffb > tif->tif_size)) + { + TIFFErrorExt(tif->tif_clientdata,module,"Error fetching directory count"); +- *nextdir=0; ++ *nextdiroff=0; + return(0); + } + _TIFFmemcpy(&dircount,tif->tif_base+poffa,sizeof(uint16_t)); +@@ -1545,7 +1555,7 @@ TIFFAdvanceDirectory(TIFF* tif, uint64_t* nextdir, uint64_t* off) + _TIFFmemcpy(&nextdir32,tif->tif_base+poffc,sizeof(uint32_t)); + if (tif->tif_flags&TIFF_SWAB) + TIFFSwabLong(&nextdir32); +- *nextdir=nextdir32; ++ *nextdiroff=nextdir32; + } + else + { +@@ -1577,11 +1587,10 @@ TIFFAdvanceDirectory(TIFF* tif, uint64_t* nextdir, uint64_t* off) + } + if (off!=NULL) + *off=(uint64_t)poffc; +- _TIFFmemcpy(nextdir,tif->tif_base+poffc,sizeof(uint64_t)); ++ _TIFFmemcpy(nextdiroff,tif->tif_base+poffc,sizeof(uint64_t)); + if (tif->tif_flags&TIFF_SWAB) +- TIFFSwabLong8(nextdir); ++ TIFFSwabLong8(nextdiroff); + } +- return(1); + } + else + { +@@ -1589,7 +1598,7 @@ TIFFAdvanceDirectory(TIFF* tif, uint64_t* nextdir, uint64_t* off) + { + uint16_t dircount; + uint32_t nextdir32; +- if (!SeekOK(tif, *nextdir) || ++ if (!SeekOK(tif, *nextdiroff) || + !ReadOK(tif, &dircount, sizeof (uint16_t))) { + TIFFErrorExt(tif->tif_clientdata, module, "%s: Error fetching directory count", + tif->tif_name); +@@ -1610,13 +1619,13 @@ TIFFAdvanceDirectory(TIFF* tif, uint64_t* nextdir, uint64_t* off) + } + if (tif->tif_flags & TIFF_SWAB) + TIFFSwabLong(&nextdir32); +- *nextdir=nextdir32; ++ *nextdiroff=nextdir32; + } + else + { + uint64_t dircount64; + uint16_t dircount16; +- if (!SeekOK(tif, *nextdir) || ++ if (!SeekOK(tif, *nextdiroff) || + !ReadOK(tif, &dircount64, sizeof (uint64_t))) { + TIFFErrorExt(tif->tif_clientdata, module, "%s: Error fetching directory count", + tif->tif_name); +@@ -1636,17 +1645,27 @@ TIFFAdvanceDirectory(TIFF* tif, uint64_t* nextdir, uint64_t* off) + else + (void) TIFFSeekFile(tif, + dircount16*20, SEEK_CUR); +- if (!ReadOK(tif, nextdir, sizeof (uint64_t))) { ++ if (!ReadOK(tif, nextdiroff, sizeof (uint64_t))) { + TIFFErrorExt(tif->tif_clientdata, module, + "%s: Error fetching directory link", + tif->tif_name); + return (0); + } + if (tif->tif_flags & TIFF_SWAB) +- TIFFSwabLong8(nextdir); ++ TIFFSwabLong8(nextdiroff); + } +- return (1); + } ++ if (*nextdiroff != 0) { ++ (*nextdirnum)++; ++ /* Check next directory for IFD looping and if so, set it as last directory. */ ++ if (!_TIFFCheckDirNumberAndOffset(tif, *nextdirnum, *nextdiroff)) { ++ TIFFWarningExt(tif->tif_clientdata, module, "the next directory %"PRIu16" at offset 0x%"PRIx64" (%"PRIu64") might be an IFD loop. Treating directory %"PRIu16" as last directory", ++ *nextdirnum, *nextdiroff, *nextdiroff, *nextdirnum-1); ++ *nextdiroff = 0; ++ (*nextdirnum)--; ++ } ++ } ++ return (1); + } + + /* +@@ -1656,14 +1675,16 @@ uint16_t + TIFFNumberOfDirectories(TIFF* tif) + { + static const char module[] = "TIFFNumberOfDirectories"; +- uint64_t nextdir; ++ uint64_t nextdiroff; ++ uint16_t nextdirnum; + uint16_t n; + if (!(tif->tif_flags&TIFF_BIGTIFF)) +- nextdir = tif->tif_header.classic.tiff_diroff; ++ nextdiroff = tif->tif_header.classic.tiff_diroff; + else +- nextdir = tif->tif_header.big.tiff_diroff; ++ nextdiroff = tif->tif_header.big.tiff_diroff; ++ nextdirnum = 0; + n = 0; +- while (nextdir != 0 && TIFFAdvanceDirectory(tif, &nextdir, NULL)) ++ while (nextdiroff != 0 && TIFFAdvanceDirectory(tif, &nextdiroff, NULL, &nextdirnum)) + { + if (n != 65535) { + ++n; +@@ -1686,28 +1707,30 @@ TIFFNumberOfDirectories(TIFF* tif) + int + TIFFSetDirectory(TIFF* tif, uint16_t dirn) + { +- uint64_t nextdir; ++ uint64_t nextdiroff; ++ uint16_t nextdirnum; + uint16_t n; + + if (!(tif->tif_flags&TIFF_BIGTIFF)) +- nextdir = tif->tif_header.classic.tiff_diroff; ++ nextdiroff = tif->tif_header.classic.tiff_diroff; + else +- nextdir = tif->tif_header.big.tiff_diroff; +- for (n = dirn; n > 0 && nextdir != 0; n--) +- if (!TIFFAdvanceDirectory(tif, &nextdir, NULL)) ++ nextdiroff = tif->tif_header.big.tiff_diroff; ++ nextdirnum = 0; ++ for (n = dirn; n > 0 && nextdiroff != 0; n--) ++ if (!TIFFAdvanceDirectory(tif, &nextdiroff, NULL, &nextdirnum)) + return (0); +- tif->tif_nextdiroff = nextdir; ++ /* If the n-th directory could not be reached (does not exist), ++ * return here without touching anything further. */ ++ if (nextdiroff == 0 || n > 0) ++ return (0); ++ ++ tif->tif_nextdiroff = nextdiroff; + /* + * Set curdir to the actual directory index. The + * -1 is because TIFFReadDirectory will increment + * tif_curdir after successfully reading the directory. + */ + tif->tif_curdir = (dirn - n) - 1; +- /* +- * Reset tif_dirnumber counter and start new list of seen directories. +- * We need this to prevent IFD loops. +- */ +- tif->tif_dirnumber = 0; + return (TIFFReadDirectory(tif)); + } + +@@ -1720,13 +1743,42 @@ TIFFSetDirectory(TIFF* tif, uint16_t dirn) + int + TIFFSetSubDirectory(TIFF* tif, uint64_t diroff) + { +- tif->tif_nextdiroff = diroff; +- /* +- * Reset tif_dirnumber counter and start new list of seen directories. +- * We need this to prevent IFD loops. ++ /* Match nextdiroff and curdir for consistent IFD-loop checking. ++ * Only with TIFFSetSubDirectory() the IFD list can be corrupted with invalid offsets ++ * within the main IFD tree. ++ * In the case of several subIFDs of a main image, ++ * there are two possibilities that are not even mutually exclusive. ++ * a.) The subIFD tag contains an array with all offsets of the subIFDs. ++ * b.) The SubIFDs are concatenated with their NextIFD parameters. ++ * (refer to https://www.awaresystems.be/imaging/tiff/specification/TIFFPM6.pdf.) + */ +- tif->tif_dirnumber = 0; +- return (TIFFReadDirectory(tif)); ++ int retval; ++ uint16_t curdir = 0; ++ int8_t probablySubIFD = 0; ++ if (diroff == 0) { ++ /* Special case to invalidate the tif_lastdiroff member. */ ++ tif->tif_curdir = 65535; ++ } else { ++ if (!_TIFFGetDirNumberFromOffset(tif, diroff, &curdir)) { ++ /* Non-existing offsets might point to a SubIFD or invalid IFD.*/ ++ probablySubIFD = 1; ++ } ++ /* -1 because TIFFReadDirectory() will increment tif_curdir. */ ++ tif->tif_curdir = curdir - 1; ++ } ++ ++ tif->tif_nextdiroff = diroff; ++ retval = TIFFReadDirectory(tif); ++ /* If failed, curdir was not incremented in TIFFReadDirectory(), so set it back. */ ++ if (!retval )tif->tif_curdir++; ++ if (retval && probablySubIFD) { ++ /* Reset IFD list to start new one for SubIFD chain and also start SubIFD chain with tif_curdir=0. */ ++ tif->tif_dirnumber = 0; ++ tif->tif_curdir = 0; /* first directory of new chain */ ++ /* add this offset to new IFD list */ ++ _TIFFCheckDirNumberAndOffset(tif, tif->tif_curdir, diroff); ++ } ++ return (retval); + } + + /* +@@ -1750,12 +1802,15 @@ TIFFLastDirectory(TIFF* tif) + + /* + * Unlink the specified directory from the directory chain. ++ * Note: First directory starts with number dirn=1. ++ * This is different to TIFFSetDirectory() where the first directory starts with zero. + */ + int + TIFFUnlinkDirectory(TIFF* tif, uint16_t dirn) + { + static const char module[] = "TIFFUnlinkDirectory"; + uint64_t nextdir; ++ uint16_t nextdirnum; + uint64_t off; + uint16_t n; + +@@ -1779,19 +1834,21 @@ TIFFUnlinkDirectory(TIFF* tif, uint16_t dirn) + nextdir = tif->tif_header.big.tiff_diroff; + off = 8; + } ++ nextdirnum = 0; /* First directory is dirn=0 */ ++ + for (n = dirn-1; n > 0; n--) { + if (nextdir == 0) { + TIFFErrorExt(tif->tif_clientdata, module, "Directory %"PRIu16" does not exist", dirn); + return (0); + } +- if (!TIFFAdvanceDirectory(tif, &nextdir, &off)) ++ if (!TIFFAdvanceDirectory(tif, &nextdir, &off, &nextdirnum)) + return (0); + } + /* + * Advance to the directory to be unlinked and fetch + * the offset of the directory that follows. + */ +- if (!TIFFAdvanceDirectory(tif, &nextdir, NULL)) ++ if (!TIFFAdvanceDirectory(tif, &nextdir, NULL, &nextdirnum)) + return (0); + /* + * Go back and patch the link field of the preceding +diff --git a/libtiff/tif_dir.h b/libtiff/tif_dir.h +index 900dec1..f1a5125 100644 +--- a/libtiff/tif_dir.h ++++ b/libtiff/tif_dir.h +@@ -302,6 +302,8 @@ extern int _TIFFMergeFields(TIFF*, const TIFFField[], uint32_t); + extern const TIFFField* _TIFFFindOrRegisterField(TIFF *, uint32_t, TIFFDataType); + extern TIFFField* _TIFFCreateAnonField(TIFF *, uint32_t, TIFFDataType); + extern int _TIFFCheckFieldIsValidForCodec(TIFF *tif, ttag_t tag); ++extern int _TIFFCheckDirNumberAndOffset(TIFF *tif, uint16_t dirn, uint64_t diroff); ++extern int _TIFFGetDirNumberFromOffset(TIFF *tif, uint64_t diroff, uint16_t *dirn); + + #if defined(__cplusplus) + } +diff --git a/libtiff/tif_dirread.c b/libtiff/tif_dirread.c +index d7cccbe..f07de60 100644 +--- a/libtiff/tif_dirread.c ++++ b/libtiff/tif_dirread.c +@@ -154,7 +154,6 @@ static void TIFFReadDirectoryFindFieldInfo(TIFF* tif, uint16_t tagid, uint32_t* + + static int EstimateStripByteCounts(TIFF* tif, TIFFDirEntry* dir, uint16_t dircount); + static void MissingRequired(TIFF*, const char*); +-static int TIFFCheckDirOffset(TIFF* tif, uint64_t diroff); + static int CheckDirCount(TIFF*, TIFFDirEntry*, uint32_t); + static uint16_t TIFFFetchDirectory(TIFF* tif, uint64_t diroff, TIFFDirEntry** pdir, uint64_t* nextdiroff); + static int TIFFFetchNormalTag(TIFF*, TIFFDirEntry*, int recover); +@@ -3590,12 +3589,19 @@ TIFFReadDirectory(TIFF* tif) + int bitspersample_read = FALSE; + int color_channels; + +- tif->tif_diroff=tif->tif_nextdiroff; +- if (!TIFFCheckDirOffset(tif,tif->tif_nextdiroff)) +- return 0; /* last offset or bad offset (IFD looping) */ +- (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */ +- tif->tif_curdir++; +- nextdiroff = tif->tif_nextdiroff; ++ if (tif->tif_nextdiroff == 0) { ++ /* In this special case, tif_diroff needs also to be set to 0. */ ++ tif->tif_diroff = tif->tif_nextdiroff; ++ return 0; /* last offset, thus no checking necessary */ ++ } ++ ++ nextdiroff = tif->tif_nextdiroff; ++ /* tif_curdir++ and tif_nextdiroff should only be updated after SUCCESSFUL reading of the directory. Otherwise, invalid IFD offsets could corrupt the IFD list. */ ++ if (!_TIFFCheckDirNumberAndOffset(tif, tif->tif_curdir + 1, nextdiroff)) { ++ TIFFWarningExt(tif->tif_clientdata, module, ++ "Didn't read next directory due to IFD looping at offset 0x%"PRIx64" (%"PRIu64") to offset 0x%"PRIx64" (%"PRIu64")", tif->tif_diroff, tif->tif_diroff, nextdiroff, nextdiroff); ++ return 0; /* bad offset (IFD looping) */ ++ } + dircount=TIFFFetchDirectory(tif,nextdiroff,&dir,&tif->tif_nextdiroff); + if (!dircount) + { +@@ -3603,6 +3609,11 @@ TIFFReadDirectory(TIFF* tif) + "Failed to read directory at offset %" PRIu64, nextdiroff); + return 0; + } ++ /* Set global values after a valid directory has been fetched. ++ * tif_diroff is already set to nextdiroff in TIFFFetchDirectory() in the beginning. */ ++ tif->tif_curdir++; ++ (*tif->tif_cleanup)(tif); /* cleanup any previous compression state */ ++ + TIFFReadDirectoryCheckOrder(tif,dir,dircount); + + /* +@@ -4687,53 +4698,127 @@ MissingRequired(TIFF* tif, const char* tagname) + } + + /* +- * Check the directory offset against the list of already seen directory +- * offsets. This is a trick to prevent IFD looping. The one can create TIFF +- * file with looped directory pointers. We will maintain a list of already +- * seen directories and check every IFD offset against that list. ++ * Check the directory number and offset against the list of already seen ++ * directory numbers and offsets. This is a trick to prevent IFD looping. ++ * The one can create TIFF file with looped directory pointers. We will ++ * maintain a list of already seen directories and check every IFD offset ++ * and its IFD number against that list. However, the offset of an IFD number ++ * can change - e.g. when writing updates to file. ++ * Returns 1 if all is ok; 0 if last directory or IFD loop is encountered, ++ * or an error has occured. + */ +-static int +-TIFFCheckDirOffset(TIFF* tif, uint64_t diroff) ++int ++_TIFFCheckDirNumberAndOffset(TIFF *tif, uint16_t dirn, uint64_t diroff) + { + uint16_t n; + + if (diroff == 0) /* no more directories */ + return 0; + if (tif->tif_dirnumber == 65535) { +- TIFFErrorExt(tif->tif_clientdata, "TIFFCheckDirOffset", +- "Cannot handle more than 65535 TIFF directories"); +- return 0; ++ TIFFErrorExt(tif->tif_clientdata, "_TIFFCheckDirNumberAndOffset", ++ "Cannot handle more than 65535 TIFF directories"); ++ return 0; + } + +- for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlist; n++) { +- if (tif->tif_dirlist[n] == diroff) +- return 0; ++ /* Check if offset is already in the list: ++ * - yes: check, if offset is at the same IFD number - if not, it is an IFD loop ++ * - no: add to list or update offset at that IFD number ++ */ ++ for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlistdirn && tif->tif_dirlistoff; n++) { ++ if (tif->tif_dirlistoff[n] == diroff) { ++ if (tif->tif_dirlistdirn[n] == dirn) { ++ return 1; ++ } else { ++ TIFFWarningExt(tif->tif_clientdata, "_TIFFCheckDirNumberAndOffset", ++ "TIFF directory %"PRIu16" has IFD looping to directory %"PRIu16" at offset 0x%"PRIx64" (%"PRIu64")", ++ dirn-1, tif->tif_dirlistdirn[n], diroff, diroff); ++ return 0; ++ } ++ } ++ } ++ /* Check if offset of an IFD has been changed and update offset of that IFD number. */ ++ if (dirn < tif->tif_dirnumber && tif->tif_dirlistdirn && tif->tif_dirlistoff) { ++ /* tif_dirlistdirn can have IFD numbers dirn in random order */ ++ for (n = 0; n < tif->tif_dirnumber; n++) { ++ if (tif->tif_dirlistdirn[n] == dirn) { ++ tif->tif_dirlistoff[n] = diroff; ++ return 1; ++ } ++ } + } + ++ /* Add IFD offset and dirn to IFD directory list */ + tif->tif_dirnumber++; + +- if (tif->tif_dirlist == NULL || tif->tif_dirnumber > tif->tif_dirlistsize) { +- uint64_t* new_dirlist; +- ++ if (tif->tif_dirlistoff == NULL || tif->tif_dirlistdirn == NULL || tif->tif_dirnumber > tif->tif_dirlistsize) { ++ uint64_t *new_dirlist; + /* + * XXX: Reduce memory allocation granularity of the dirlist + * array. + */ +- new_dirlist = (uint64_t*)_TIFFCheckRealloc(tif, tif->tif_dirlist, +- tif->tif_dirnumber, 2 * sizeof(uint64_t), "for IFD list"); ++ if (tif->tif_dirnumber >= 32768) ++ tif->tif_dirlistsize = 65535; ++ else ++ tif->tif_dirlistsize = 2 * tif->tif_dirnumber; ++ ++ new_dirlist = (uint64_t *)_TIFFCheckRealloc(tif, tif->tif_dirlistoff, ++ tif->tif_dirlistsize, sizeof(uint64_t), "for IFD offset list"); + if (!new_dirlist) + return 0; +- if( tif->tif_dirnumber >= 32768 ) +- tif->tif_dirlistsize = 65535; +- else +- tif->tif_dirlistsize = 2 * tif->tif_dirnumber; +- tif->tif_dirlist = new_dirlist; ++ tif->tif_dirlistoff = new_dirlist; ++ new_dirlist = (uint64_t *)_TIFFCheckRealloc(tif, tif->tif_dirlistdirn, ++ tif->tif_dirlistsize, sizeof(uint16_t), "for IFD dirnumber list"); ++ if (!new_dirlist) ++ return 0; ++ tif->tif_dirlistdirn = (uint16_t *)new_dirlist; + } + +- tif->tif_dirlist[tif->tif_dirnumber - 1] = diroff; ++ tif->tif_dirlistoff[tif->tif_dirnumber - 1] = diroff; ++ tif->tif_dirlistdirn[tif->tif_dirnumber - 1] = dirn; + + return 1; +-} ++} /* --- _TIFFCheckDirNumberAndOffset() ---*/ ++ ++/* ++ * Retrieve the matching IFD directory number of a given IFD offset ++ * from the list of directories already seen. ++ * Returns 1 if the offset was in the list and the directory number ++ * can be returned. ++ * Otherwise returns 0 or if an error occured. ++ */ ++int ++_TIFFGetDirNumberFromOffset(TIFF *tif, uint64_t diroff, uint16_t* dirn) ++{ ++ uint16_t n; ++ ++ if (diroff == 0) /* no more directories */ ++ return 0; ++ if (tif->tif_dirnumber == 65535) { ++ TIFFErrorExt(tif->tif_clientdata, "_TIFFGetDirNumberFromOffset", ++ "Cannot handle more than 65535 TIFF directories"); ++ return 0; ++ } ++ ++ /* Check if offset is already in the list and return matching directory number. ++ * Otherwise update IFD list using TIFFNumberOfDirectories() ++ * and search again in IFD list. ++ */ ++ for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlistoff && tif->tif_dirlistdirn; n++) { ++ if (tif->tif_dirlistoff[n] == diroff) { ++ *dirn = tif->tif_dirlistdirn[n]; ++ return 1; ++ } ++ } ++ TIFFNumberOfDirectories(tif); ++ for (n = 0; n < tif->tif_dirnumber && tif->tif_dirlistoff && tif->tif_dirlistdirn; n++) { ++ if (tif->tif_dirlistoff[n] == diroff) { ++ *dirn = tif->tif_dirlistdirn[n]; ++ return 1; ++ } ++ } ++ return 0; ++} /*--- _TIFFGetDirNumberFromOffset() ---*/ ++ + + /* + * Check the count field of a directory entry against a known value. The +diff --git a/libtiff/tif_open.c b/libtiff/tif_open.c +index 9724162..f047c73 100644 +--- a/libtiff/tif_open.c ++++ b/libtiff/tif_open.c +@@ -354,7 +354,8 @@ TIFFClientOpen( + if (!TIFFDefaultDirectory(tif)) + goto bad; + tif->tif_diroff = 0; +- tif->tif_dirlist = NULL; ++ tif->tif_dirlistoff = NULL; ++ tif->tif_dirlistdirn = NULL; + tif->tif_dirlistsize = 0; + tif->tif_dirnumber = 0; + return (tif); +diff --git a/libtiff/tiffiop.h b/libtiff/tiffiop.h +index c1d0276..9459fe8 100644 +--- a/libtiff/tiffiop.h ++++ b/libtiff/tiffiop.h +@@ -117,7 +117,8 @@ struct tiff { + #define TIFF_CHOPPEDUPARRAYS 0x4000000U /* set when allocChoppedUpStripArrays() has modified strip array */ + uint64_t tif_diroff; /* file offset of current directory */ + uint64_t tif_nextdiroff; /* file offset of following directory */ +- uint64_t* tif_dirlist; /* list of offsets to already seen directories to prevent IFD looping */ ++ uint64_t* tif_dirlistoff; /* list of offsets to already seen directories to prevent IFD looping */ ++ uint16_t* tif_dirlistdirn; /* list of directory numbers to already seen directories to prevent IFD looping */ + uint16_t tif_dirlistsize; /* number of entries in offset list */ + uint16_t tif_dirnumber; /* number of already seen directories */ + TIFFDirectory tif_dir; /* internal rep of current directory */ +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 61d8142e41..9e1e6fa099 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -43,6 +43,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-3618-1.patch \ file://CVE-2023-3618-2.patch \ file://CVE-2023-26966.patch \ + file://CVE-2022-40090.patch \ " SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8" From patchwork Sat Oct 14 21:44:47 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32207 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60D79CDB465 for ; Sat, 14 Oct 2023 21:45:21 +0000 (UTC) Received: from mail-pl1-f170.google.com (mail-pl1-f170.google.com [209.85.214.170]) by mx.groups.io with SMTP id smtpd.web11.75710.1697319920134258197 for ; Sat, 14 Oct 2023 14:45:20 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=xPLSetEC; spf=softfail (domain: sakoman.com, ip: 209.85.214.170, mailfrom: steve@sakoman.com) Received: by mail-pl1-f170.google.com with SMTP id d9443c01a7336-1c9daca2b85so23829205ad.1 for ; Sat, 14 Oct 2023 14:45:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319919; x=1697924719; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=STYOkRXdj1mYqzNXue0bPBDo2VqOqEjVj9H8q8ChGTo=; b=xPLSetECbHxiBEZdQF5uLXnwO0fUC0JYCE/nTnSiCQN5pxOWSMf0oevIuEy/SjGURJ 1guM3zesVghL6lkWle92tvdelvix++jiPxEE+RmEpdJ0S6er2IdUit2OY459u51OZ+dL Cc/KeGwe6XNG7RN3K9zDR3ejK5eZbz2BMP6K4czMuyrX5WqhSt3epkoM4kBW3bMUuPX5 01mjYQzvst8RTeSFKEi5Guk2D1ervVbbnYaMFd4kVmsDSZ4QirYbh+t0p+pduzjqgvjn Ej7LZcdxYBxsoxdZsd2ZVPlnTczGmPNXltBvWZ9mXO5eh/sIMLmiGYxMgxOoLaucy5HT VN1A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319919; x=1697924719; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=STYOkRXdj1mYqzNXue0bPBDo2VqOqEjVj9H8q8ChGTo=; b=OeHOMZCrLx6YgmH7hLnkQYAGxLAOmNDMYYk2+XrpBDzmlY0yep9qv78RlTS3R0Ozr2 49aljhkjcZU4oPejVm27Mhyf4Nt8DfS5VEh9f690ipOvqq8J4pU8moemaSKyQ8WtfXWT Bsn6N/UAllXzrpLL8W93f3xXloehueTvHQNZmKeTUrn9ck2tIRKJaHvi8RmMk64qZJVK SOskkNIAg1Yoe704XWbJdTm7IDdgkFz9mUZGqSzEmNolfUCZqx0MuWE7CZZ603Lz7aMW rzCWzdUlqktSfDSTXiYBN36Io2qYiavIUqQxelHrXtCeM/oqrBTNHpo1kuOGjoEk8Tex As1w== X-Gm-Message-State: AOJu0YxBBtW/SVgyliPXW+bDKvdrMD4ZMOx2LLeqidRKLZqx+gTCpHHX yk6G3SLRQ56+G8/HmnzXehqQUhcYNYEIQBCHBGA= X-Google-Smtp-Source: AGHT+IFxyYXMC7Pcr4KOuCjaLfmec+lL6l4zdS/ANjH6g8tj7jDxazlovQ/UIr/KOLi5hPRJfOY4Yg== X-Received: by 2002:a17:903:605:b0:1c9:dba6:417a with SMTP id kg5-20020a170903060500b001c9dba6417amr4453026plb.9.1697319919217; Sat, 14 Oct 2023 14:45:19 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:18 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 02/13] xdg-utils: Fix CVE-2022-4055 Date: Sat, 14 Oct 2023 11:44:47 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:21 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189126 From: Hitendra Prajapati Upstream-Status: Backport from https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../xdg-utils/xdg-utils/CVE-2022-4055.patch | 165 ++++++++++++++++++ .../xdg-utils/xdg-utils_1.1.3.bb | 1 + 2 files changed, 166 insertions(+) create mode 100644 meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch diff --git a/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch b/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch new file mode 100644 index 0000000000..383634ad53 --- /dev/null +++ b/meta/recipes-extended/xdg-utils/xdg-utils/CVE-2022-4055.patch @@ -0,0 +1,165 @@ +From f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780 Mon Sep 17 00:00:00 2001 +From: Gabriel Corona +Date: Thu, 25 Aug 2022 23:51:45 +0200 +Subject: [PATCH] Disable special support for Thunderbird in xdg-email (fixes + CVE-2020-27748, CVE-2022-4055) + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780] +CVE: CVE-2022-4055 +Signed-off-by: Hitendra Prajapati +--- + scripts/xdg-email.in | 108 ------------------------------------------- + 1 file changed, 108 deletions(-) + +diff --git a/scripts/xdg-email.in b/scripts/xdg-email.in +index 13ba2d5..b700679 100644 +--- a/scripts/xdg-email.in ++++ b/scripts/xdg-email.in +@@ -30,76 +30,8 @@ _USAGE + + #@xdg-utils-common@ + +-run_thunderbird() +-{ +- local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY +- THUNDERBIRD="$1" +- MAILTO=$(echo "$2" | sed 's/^mailto://') +- echo "$MAILTO" | grep -qs "^?" +- if [ "$?" = "0" ] ; then +- MAILTO=$(echo "$MAILTO" | sed 's/^?//') +- else +- MAILTO=$(echo "$MAILTO" | sed 's/^/to=/' | sed 's/?/\&/') +- fi +- +- MAILTO=$(echo "$MAILTO" | sed 's/&/\n/g') +- TO=$(/bin/echo -e $(echo "$MAILTO" | grep '^to=' | sed 's/^to=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- CC=$(/bin/echo -e $(echo "$MAILTO" | grep '^cc=' | sed 's/^cc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) +- SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) +- BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) +- +- if [ -z "$TO" ] ; then +- NEWMAILTO= +- else +- NEWMAILTO="to='$TO'" +- fi +- if [ -n "$CC" ] ; then +- NEWMAILTO="${NEWMAILTO},cc='$CC'" +- fi +- if [ -n "$BCC" ] ; then +- NEWMAILTO="${NEWMAILTO},bcc='$BCC'" +- fi +- if [ -n "$SUBJECT" ] ; then +- NEWMAILTO="${NEWMAILTO},$SUBJECT" +- fi +- if [ -n "$BODY" ] ; then +- NEWMAILTO="${NEWMAILTO},$BODY" +- fi +- +- NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') +- DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" +- "$THUNDERBIRD" -compose "$NEWMAILTO" +- if [ $? -eq 0 ]; then +- exit_success +- else +- exit_failure_operation_failed +- fi +-} +- + open_kde() + { +- if [ -n "$KDE_SESSION_VERSION" ] && [ "$KDE_SESSION_VERSION" -ge 5 ]; then +- local kreadconfig=kreadconfig$KDE_SESSION_VERSION +- else +- local kreadconfig=kreadconfig +- fi +- +- if which $kreadconfig >/dev/null 2>&1; then +- local profile=$($kreadconfig --file emaildefaults \ +- --group Defaults --key Profile) +- if [ -n "$profile" ]; then +- local client=$($kreadconfig --file emaildefaults \ +- --group "PROFILE_$profile" \ +- --key EmailClient \ +- | cut -d ' ' -f 1) +- +- if echo "$client" | grep -Eq 'thunderbird|icedove'; then +- run_thunderbird "$client" "$1" +- fi +- fi +- fi +- + local command + case "$KDE_SESSION_VERSION" in + '') command=kmailservice ;; +@@ -130,15 +62,6 @@ open_kde() + + open_gnome3() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -159,13 +82,6 @@ open_gnome3() + + open_gnome() + { +- local client +- client=`gconftool-2 --get /desktop/gnome/url-handlers/mailto/command | cut -d ' ' -f 1` || "" +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + if gio help open 2>/dev/null 1>&2; then + DEBUG 1 "Running gio open \"$1\"" + gio open "$1" +@@ -231,15 +147,6 @@ open_flatpak() + + open_generic() + { +- local client +- local desktop +- desktop=`xdg-mime query default "x-scheme-handler/mailto"` +- client=`desktop_file_to_binary "$desktop"` +- echo $client | grep -E 'thunderbird|icedove' > /dev/null 2>&1 +- if [ $? -eq 0 ] ; then +- run_thunderbird "$client" "$1" +- fi +- + xdg-open "$1" + local ret=$? + +@@ -364,21 +271,6 @@ while [ $# -gt 0 ] ; do + shift + ;; + +- --attach) +- if [ -z "$1" ] ; then +- exit_failure_syntax "file argument missing for --attach option" +- fi +- check_input_file "$1" +- file=`readlink -f "$1"` # Normalize path +- if [ -z "$file" ] || [ ! -f "$file" ] ; then +- exit_failure_file_missing "file '$1' does not exist" +- fi +- +- url_encode "$file" +- options="${options}attach=${result}&" +- shift +- ;; +- + -*) + exit_failure_syntax "unexpected option '$parm'" + ;; +-- +2.25.1 + diff --git a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb index 73acf6b744..4d93180535 100644 --- a/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb +++ b/meta/recipes-extended/xdg-utils/xdg-utils_1.1.3.bb @@ -21,6 +21,7 @@ SRC_URI = "https://portland.freedesktop.org/download/${BPN}-${PV}.tar.gz \ file://0001-Reinstate-xdg-terminal.patch \ file://0001-Don-t-build-the-in-script-manual.patch \ file://1f199813e0eb0246f63b54e9e154970e609575af.patch \ + file://CVE-2022-4055.patch \ " SRC_URI[md5sum] = "902042508b626027a3709d105f0b63ff" From patchwork Sat Oct 14 21:44:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32210 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59CDCCDB482 for ; Sat, 14 Oct 2023 21:45:31 +0000 (UTC) Received: from mail-il1-f174.google.com (mail-il1-f174.google.com [209.85.166.174]) by mx.groups.io with SMTP id smtpd.web11.75713.1697319922287663129 for ; Sat, 14 Oct 2023 14:45:22 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Cns2M3E5; spf=softfail (domain: sakoman.com, ip: 209.85.166.174, mailfrom: steve@sakoman.com) Received: by mail-il1-f174.google.com with SMTP id e9e14a558f8ab-35135f69de2so12017195ab.2 for ; Sat, 14 Oct 2023 14:45:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319921; x=1697924721; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TrKHfMn6mYV+90itKWXrHqU3mQMEcqqdMcKUjfZSiiU=; b=Cns2M3E55WXEEftLVMuZ08MbricZAPPlU7m2XbKqlJJvqNXNadN0iV5TddJ5Sg0ky+ TY9THpI1d5VFE5ZjJSUPS/JhUZ+gzYh9E/RPgWbSYmEmllmu3g3IElaNU532KrjvT8MI p3U7vFQUd3aw0Zb+ghUuhb6iJrpHADgdpT1myrjDuiXV4yqyWii8Oy8AghjLJGcnBeEo hpyegK6sotbLpYcM9Jf8UrBZ1h4cIzQNEhfcuPXwPo3QPPQItdU3fs+qtMSlGwKbLMOG DokDMw520wq3STegTIVe/nZNQhJdBKYljFM0tLt90jUreO8/UbXILT7VAgQDBzVWykxj bQcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319921; x=1697924721; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TrKHfMn6mYV+90itKWXrHqU3mQMEcqqdMcKUjfZSiiU=; b=UGTpW0jkBZvmINvINLMIpGkEIeMc1IE3Pn/wzPEZxzPDG136paZgh4W5HuUqGo34xV /CzO9NkA4MHwitf2oiZmTccEy7V605+5vaWBswRZkHYdvR9gMzmbEBdqj4rwBzN//Uv/ zh2XiBZ+R+52+xPuIUUhuw+119MBW1U2dXp8LbzsTYTl7AD8xFadpslOyHHEQyyCClow x7AS4dNTJ47/8ySQZI44VacwJaLxKIZneqm1gav8PsQHCe8yMdrqxe+Nq2p+X/v7/oa3 Km1rBU9zuXoOUKQfjWkfVvJ8XPtAjHKQ0Gytr3j+y2H2+ruBg1yYwIQl1pb8RCS3mmGv H/IQ== X-Gm-Message-State: AOJu0YxKEuajiSngNgM49b4tPDvvDddubBEmiDmX18B751/7VXgZ6uh/ MsjMhek/QLnHR13KhyT3/q7HN7JNicluZS8DqIw= X-Google-Smtp-Source: AGHT+IGnG1iIE/gyHk247iV/VrcuAZsw6DxANhBGz3CpyIkCq8IvL4FWGCp+p1hQ8oo339MoU4DR4Q== X-Received: by 2002:a92:d250:0:b0:357:7ca7:2ffe with SMTP id v16-20020a92d250000000b003577ca72ffemr13616ilg.0.1697319921046; Sat, 14 Oct 2023 14:45:21 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:20 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 03/13] binutils: Fix CVE-2022-44840 Date: Sat, 14 Oct 2023 11:44:48 -1000 Message-Id: <7a42ae332ebde565cc7c6fca568563f076bd26ba.1697319777.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189127 From: Yash Shinde Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.38.inc | 1 + .../binutils/0030-CVE-2022-44840.patch | 151 ++++++++++++++++++ 2 files changed, 152 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0030-CVE-2022-44840.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 638b1ba93d..7c5d8f79ec 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -59,5 +59,6 @@ SRC_URI = "\ file://0029-CVE-2022-48065-1.patch \ file://0029-CVE-2022-48065-2.patch \ file://0029-CVE-2022-48065-3.patch \ + file://0030-CVE-2022-44840.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0030-CVE-2022-44840.patch b/meta/recipes-devtools/binutils/binutils/0030-CVE-2022-44840.patch new file mode 100644 index 0000000000..2f4c38044b --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0030-CVE-2022-44840.patch @@ -0,0 +1,151 @@ +From: Alan Modra +Date: Sun, 30 Oct 2022 08:38:51 +0000 (+1030) +Subject: Pool section entries for DWP version 1 +X-Git-Tag: gdb-13-branchpoint~664 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=28750e3b967da2207d51cbce9fc8be262817ee59 + +Pool section entries for DWP version 1 + +Ref: https://gcc.gnu.org/wiki/DebugFissionDWP?action=recall&rev=3 + +Fuzzers have found a weakness in the code stashing pool section +entries. With random nonsensical values in the index entries (rather +than each index pointing to its own set distinct from other sets), +it's possible to overflow the space allocated, losing the NULL +terminator. Without a terminator, find_section_in_set can run off the +end of the shndx_pool buffer. Fix this by scanning the pool directly. + +binutils/ + * dwarf.c (add_shndx_to_cu_tu_entry): Delete range check. + (end_cu_tu_entry): Likewise. + (process_cu_tu_index): Fill shndx_pool by directly scanning + pool, rather than indirectly from index entries. + +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff_plain;f=binutils/dwarf.c;h=7730293326ac1049451eb4a037ac86d827030700;hp=c6340a28906114e9df29d7401472c7dc0a98c2b1;hb=28750e3b967da2207d51cbce9fc8be262817ee59;hpb=60095ba3b8f8ba26a6389dded732fa446422c98f] + +CVE: CVE-2022-44840 + +Signed-off-by: yash shinde + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index c6340a28906..7730293326a 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -10652,22 +10652,12 @@ prealloc_cu_tu_list (unsigned int nshndx) + static void + add_shndx_to_cu_tu_entry (unsigned int shndx) + { +- if (shndx_pool_used >= shndx_pool_size) +- { +- error (_("Internal error: out of space in the shndx pool.\n")); +- return; +- } + shndx_pool [shndx_pool_used++] = shndx; + } + + static void + end_cu_tu_entry (void) + { +- if (shndx_pool_used >= shndx_pool_size) +- { +- error (_("Internal error: out of space in the shndx pool.\n")); +- return; +- } + shndx_pool [shndx_pool_used++] = 0; + } + +@@ -10773,53 +10763,55 @@ process_cu_tu_index (struct dwarf_section *section, int do_display) + + if (version == 1) + { ++ unsigned char *shndx_list; ++ unsigned int shndx; ++ + if (!do_display) +- prealloc_cu_tu_list ((limit - ppool) / 4); +- for (i = 0; i < nslots; i++) + { +- unsigned char *shndx_list; +- unsigned int shndx; +- +- SAFE_BYTE_GET (signature, phash, 8, limit); +- if (signature != 0) ++ prealloc_cu_tu_list ((limit - ppool) / 4); ++ for (shndx_list = ppool + 4; shndx_list <= limit - 4; shndx_list += 4) + { +- SAFE_BYTE_GET (j, pindex, 4, limit); +- shndx_list = ppool + j * 4; +- /* PR 17531: file: 705e010d. */ +- if (shndx_list < ppool) +- { +- warn (_("Section index pool located before start of section\n")); +- return 0; +- } ++ shndx = byte_get (shndx_list, 4); ++ add_shndx_to_cu_tu_entry (shndx); ++ } ++ end_cu_tu_entry (); ++ } ++ else ++ for (i = 0; i < nslots; i++) ++ { ++ SAFE_BYTE_GET (signature, phash, 8, limit); ++ if (signature != 0) ++ { ++ SAFE_BYTE_GET (j, pindex, 4, limit); ++ shndx_list = ppool + j * 4; ++ /* PR 17531: file: 705e010d. */ ++ if (shndx_list < ppool) ++ { ++ warn (_("Section index pool located before start of section\n")); ++ return 0; ++ } + +- if (do_display) + printf (_(" [%3d] Signature: 0x%s Sections: "), + i, dwarf_vmatoa ("x", signature)); +- for (;;) +- { +- if (shndx_list >= limit) +- { +- warn (_("Section %s too small for shndx pool\n"), +- section->name); +- return 0; +- } +- SAFE_BYTE_GET (shndx, shndx_list, 4, limit); +- if (shndx == 0) +- break; +- if (do_display) ++ for (;;) ++ { ++ if (shndx_list >= limit) ++ { ++ warn (_("Section %s too small for shndx pool\n"), ++ section->name); ++ return 0; ++ } ++ SAFE_BYTE_GET (shndx, shndx_list, 4, limit); ++ if (shndx == 0) ++ break; + printf (" %d", shndx); +- else +- add_shndx_to_cu_tu_entry (shndx); +- shndx_list += 4; +- } +- if (do_display) ++ shndx_list += 4; ++ } + printf ("\n"); +- else +- end_cu_tu_entry (); +- } +- phash += 8; +- pindex += 4; +- } ++ } ++ phash += 8; ++ pindex += 4; ++ } + } + else if (version == 2) + { From patchwork Sat Oct 14 21:44:49 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32213 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66187C41513 for ; Sat, 14 Oct 2023 21:45:31 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.75716.1697319923667345946 for ; Sat, 14 Oct 2023 14:45:23 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pmcHsHk3; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1c9d922c039so26741425ad.3 for ; Sat, 14 Oct 2023 14:45:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319923; x=1697924723; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=yJUngAIAmpxvuFaD7Hz7YXmPIG6HmTXB+w6ks+/GIz8=; b=pmcHsHk3LJX9E5BhWRx//+iwaPjMnnghXGaLCusdJhuo1zQ9FjprO6DPXdWWZ2FlMM fhs1ygZWzTDc59fT+Wc1HLAljSfObI6edHjmZznJsQfuU0FvFU1y7KtTUWZRY44Bgcbu LGzr8IqNIqnn2sI9YmMKz0A7BnXd2y5fxdDEHxHMRu5oomlwJzRXbpdC3WCB/rZ2h3ao KKiILop6DC5Oje0EM7dHP4zfrcytKUS3uffT8vtD73549HMIcZHt3oYzlDIiLfl7mNxV rHQrGW1zdkHCCDLwiDFB5t5gh+FkLLMkHhyoVF3ETcSXEvqAdg35xRKlB4n6XMyhzq7b Hadw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319923; x=1697924723; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yJUngAIAmpxvuFaD7Hz7YXmPIG6HmTXB+w6ks+/GIz8=; b=B9ZlZivEbu3dyigU/xk3o0oQdseSdwhOEjvWC6mGXeWO9/h3N7GC729Z1C6vntuzj4 bi3n0jTvOEIlF/vg0UI7WIEvow3zlfGR3QskD+IpICBuA3lH+5P4ymeOKZDzWV2f9AN0 GRb9OfEkbD45vehKhlf6LZX8ydWiHQ3Gl9jx+ybTtF+zaECLty5Aro1G8Dngl7W7t7Ir RSKRkTpBaeoRqWNG6USLKTHScCtnUqqohGoRQY39qMx1ySJ8+Iy8Z9HlCl18fANZDSet 06nAmBrJOGubzAq9bQ0Hf/ztkbtTYsMJu88NoHteVRI5PO2B9TJGllJkfPFl0ty3A51O OK+A== X-Gm-Message-State: AOJu0YzrWPQ4YdQTlEO0xI4BXx9Eie+qLCvFJEfDW17Y0RhemQCwdcv4 n36PQyEbFYbjuhJzg5l/u6dA5Ax4dEqY+ExFvkU= X-Google-Smtp-Source: AGHT+IE36U6r1aUrGgM6KimZ0O4sw+DGQtP+lk14jOgzMt8OICL6pM63pTcGU70MGYsBvVbEeh60Cg== X-Received: by 2002:a17:902:dac9:b0:1bf:4582:90d with SMTP id q9-20020a170902dac900b001bf4582090dmr37846295plx.46.1697319922817; Sat, 14 Oct 2023 14:45:22 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:22 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 04/13] binutils: Fix CVE-2022-45703 Date: Sat, 14 Oct 2023 11:44:49 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189128 From: Yash Shinde Signed-off-by: Yash Shinde Signed-off-by: Steve Sakoman --- .../binutils/binutils-2.38.inc | 2 + .../binutils/0031-CVE-2022-45703-1.patch | 147 ++++++++++++++++++ .../binutils/0031-CVE-2022-45703-2.patch | 31 ++++ 3 files changed, 180 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-1.patch create mode 100644 meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-2.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.38.inc b/meta/recipes-devtools/binutils/binutils-2.38.inc index 7c5d8f79ec..0964ab0825 100644 --- a/meta/recipes-devtools/binutils/binutils-2.38.inc +++ b/meta/recipes-devtools/binutils/binutils-2.38.inc @@ -60,5 +60,7 @@ SRC_URI = "\ file://0029-CVE-2022-48065-2.patch \ file://0029-CVE-2022-48065-3.patch \ file://0030-CVE-2022-44840.patch \ + file://0031-CVE-2022-45703-1.patch \ + file://0031-CVE-2022-45703-2.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-1.patch b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-1.patch new file mode 100644 index 0000000000..3db4385e13 --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-1.patch @@ -0,0 +1,147 @@ +From: Alan Modra +Date: Tue, 24 May 2022 00:02:14 +0000 (+0930) +Subject: PR29169, invalid read displaying fuzzed .gdb_index +X-Git-Tag: binutils-2_39~530 +X-Git-Url: https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=244e19c79111eed017ee38ab1d44fb2a6cd1b636 + +PR29169, invalid read displaying fuzzed .gdb_index + + PR 29169 + * dwarf.c (display_gdb_index): Combine sanity checks. Calculate + element counts, not word counts. +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff_plain;h=244e19c79111eed017ee38ab1d44fb2a6cd1b636] + +CVE: CVE-2022-45703 + +Signed-off-by: yash shinde + +--- + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 7de6f28161f..c855972a12f 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -10406,7 +10406,7 @@ display_gdb_index (struct dwarf_section *section, + uint32_t cu_list_offset, tu_list_offset; + uint32_t address_table_offset, symbol_table_offset, constant_pool_offset; + unsigned int cu_list_elements, tu_list_elements; +- unsigned int address_table_size, symbol_table_slots; ++ unsigned int address_table_elements, symbol_table_slots; + unsigned char *cu_list, *tu_list; + unsigned char *address_table, *symbol_table, *constant_pool; + unsigned int i; +@@ -10454,48 +10454,19 @@ display_gdb_index (struct dwarf_section *section, + || tu_list_offset > section->size + || address_table_offset > section->size + || symbol_table_offset > section->size +- || constant_pool_offset > section->size) ++ || constant_pool_offset > section->size ++ || tu_list_offset < cu_list_offset ++ || address_table_offset < tu_list_offset ++ || symbol_table_offset < address_table_offset ++ || constant_pool_offset < symbol_table_offset) + { + warn (_("Corrupt header in the %s section.\n"), section->name); + return 0; + } + +- /* PR 17531: file: 418d0a8a. */ +- if (tu_list_offset < cu_list_offset) +- { +- warn (_("TU offset (%x) is less than CU offset (%x)\n"), +- tu_list_offset, cu_list_offset); +- return 0; +- } +- +- cu_list_elements = (tu_list_offset - cu_list_offset) / 8; +- +- if (address_table_offset < tu_list_offset) +- { +- warn (_("Address table offset (%x) is less than TU offset (%x)\n"), +- address_table_offset, tu_list_offset); +- return 0; +- } +- +- tu_list_elements = (address_table_offset - tu_list_offset) / 8; +- +- /* PR 17531: file: 18a47d3d. */ +- if (symbol_table_offset < address_table_offset) +- { +- warn (_("Symbol table offset (%x) is less then Address table offset (%x)\n"), +- symbol_table_offset, address_table_offset); +- return 0; +- } +- +- address_table_size = symbol_table_offset - address_table_offset; +- +- if (constant_pool_offset < symbol_table_offset) +- { +- warn (_("Constant pool offset (%x) is less than symbol table offset (%x)\n"), +- constant_pool_offset, symbol_table_offset); +- return 0; +- } +- ++ cu_list_elements = (tu_list_offset - cu_list_offset) / 16; ++ tu_list_elements = (address_table_offset - tu_list_offset) / 24; ++ address_table_elements = (symbol_table_offset - address_table_offset) / 20; + symbol_table_slots = (constant_pool_offset - symbol_table_offset) / 8; + + cu_list = start + cu_list_offset; +@@ -10504,31 +10475,25 @@ display_gdb_index (struct dwarf_section *section, + symbol_table = start + symbol_table_offset; + constant_pool = start + constant_pool_offset; + +- if (address_table_offset + address_table_size > section->size) +- { +- warn (_("Address table extends beyond end of section.\n")); +- return 0; +- } +- + printf (_("\nCU table:\n")); +- for (i = 0; i < cu_list_elements; i += 2) ++ for (i = 0; i < cu_list_elements; i++) + { +- uint64_t cu_offset = byte_get_little_endian (cu_list + i * 8, 8); +- uint64_t cu_length = byte_get_little_endian (cu_list + i * 8 + 8, 8); ++ uint64_t cu_offset = byte_get_little_endian (cu_list + i * 16, 8); ++ uint64_t cu_length = byte_get_little_endian (cu_list + i * 16 + 8, 8); + +- printf (_("[%3u] 0x%lx - 0x%lx\n"), i / 2, ++ printf (_("[%3u] 0x%lx - 0x%lx\n"), i, + (unsigned long) cu_offset, + (unsigned long) (cu_offset + cu_length - 1)); + } + + printf (_("\nTU table:\n")); +- for (i = 0; i < tu_list_elements; i += 3) ++ for (i = 0; i < tu_list_elements; i++) + { +- uint64_t tu_offset = byte_get_little_endian (tu_list + i * 8, 8); +- uint64_t type_offset = byte_get_little_endian (tu_list + i * 8 + 8, 8); +- uint64_t signature = byte_get_little_endian (tu_list + i * 8 + 16, 8); ++ uint64_t tu_offset = byte_get_little_endian (tu_list + i * 24, 8); ++ uint64_t type_offset = byte_get_little_endian (tu_list + i * 24 + 8, 8); ++ uint64_t signature = byte_get_little_endian (tu_list + i * 24 + 16, 8); + +- printf (_("[%3u] 0x%lx 0x%lx "), i / 3, ++ printf (_("[%3u] 0x%lx 0x%lx "), i, + (unsigned long) tu_offset, + (unsigned long) type_offset); + print_dwarf_vma (signature, 8); +@@ -10536,12 +10501,11 @@ display_gdb_index (struct dwarf_section *section, + } + + printf (_("\nAddress table:\n")); +- for (i = 0; i < address_table_size && i <= address_table_size - (2 * 8 + 4); +- i += 2 * 8 + 4) ++ for (i = 0; i < address_table_elements; i++) + { +- uint64_t low = byte_get_little_endian (address_table + i, 8); +- uint64_t high = byte_get_little_endian (address_table + i + 8, 8); +- uint32_t cu_index = byte_get_little_endian (address_table + i + 16, 4); ++ uint64_t low = byte_get_little_endian (address_table + i * 20, 8); ++ uint64_t high = byte_get_little_endian (address_table + i * 20 + 8, 8); ++ uint32_t cu_index = byte_get_little_endian (address_table + i + 20 + 16, 4); + + print_dwarf_vma (low, 8); + print_dwarf_vma (high, 8); diff --git a/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-2.patch b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-2.patch new file mode 100644 index 0000000000..1fac9739dd --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/0031-CVE-2022-45703-2.patch @@ -0,0 +1,31 @@ +From 69bfd1759db41c8d369f9dcc98a135c5a5d97299 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Fri, 18 Nov 2022 11:29:13 +1030 +Subject: [PATCH] PR29799 heap buffer overflow in display_gdb_index + dwarf.c:10548 + + PR 29799 + * dwarf.c (display_gdb_index): Typo fix. +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff_plain;f=binutils/dwarf.c;h=4bba8dfb81a6df49f5e61b3fae99dd545cc5c7dd;hp=7730293326ac1049451eb4a037ac86d827030700;hb=69bfd1759db41c8d369f9dcc98a135c5a5d97299;hpb=7828dfa93b210b6bbc6596e6e096cc150a9f8aa4] + +CVE: CVE-2022-45703 + +Signed-off-by: yash shinde + +--- + binutils/dwarf.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/binutils/dwarf.c b/binutils/dwarf.c +index 7730293326a..4bba8dfb81a 100644 +--- a/binutils/dwarf.c ++++ b/binutils/dwarf.c +@@ -10562,7 +10562,7 @@ display_gdb_index (struct dwarf_section + { + uint64_t low = byte_get_little_endian (address_table + i * 20, 8); + uint64_t high = byte_get_little_endian (address_table + i * 20 + 8, 8); +- uint32_t cu_index = byte_get_little_endian (address_table + i + 20 + 16, 4); ++ uint32_t cu_index = byte_get_little_endian (address_table + i * 20 + 16, 4); + + print_dwarf_vma (low, 8); + print_dwarf_vma (high, 8); From patchwork Sat Oct 14 21:44:50 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32211 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 72CBFCDB483 for ; Sat, 14 Oct 2023 21:45:31 +0000 (UTC) Received: from mail-ot1-f48.google.com (mail-ot1-f48.google.com [209.85.210.48]) by mx.groups.io with SMTP id smtpd.web10.75790.1697319925636777933 for ; Sat, 14 Oct 2023 14:45:25 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=rhpCXnBG; spf=softfail (domain: sakoman.com, ip: 209.85.210.48, mailfrom: steve@sakoman.com) Received: by mail-ot1-f48.google.com with SMTP id 46e09a7af769-6c63588b554so2166041a34.0 for ; Sat, 14 Oct 2023 14:45:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319924; x=1697924724; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Af2iQh1Giec74SifKfAE8V3fhososzB5a+GbLBsL1i8=; b=rhpCXnBGJjO1pAA9b3d1JgqCHzdvy/K4/+DoW03kAr4scrcTJPBoiBHCCrKG+nimV7 AcXegQ8YNrDuRKU3DOBKBqxk9IWdC5XS4P3CECpVTrWmgOZzCgN32+nfLPTCc0357Id1 UiJGIgF1l/a2TCmtvANyTquQ0X59lI22+3bGOK6l60QOMZTk7N1vwSsJ1o+VTy5ZFnBW vH6nu4RByQba0gY2TU9VarTGZnvPRYtwj8Kf1k9PX1mwTrvW5jOMDSJCX8zYTCy4D+zT ekj7sn8lPWXLWqlK5nq09hI0vqV+5qcTXduR9apFd32jAabb5ZPnP9+pleJmKonYftMm WASQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319924; x=1697924724; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Af2iQh1Giec74SifKfAE8V3fhososzB5a+GbLBsL1i8=; b=gM8jnKmm1cosDSPV/ZgN7XyG64HQxU+lbI+w1ONaOs7wV6sHiHze3cKjtNGC6jxI0F BdAnE9dFLtTy+PJs3zZomMtA3+pZeVCxm9PAvu/YkhjyGMYWHLTenr4lFuiWFR99JBxo k+cE/YAGxJ5t6oAKLAMjQRUpzURDErAjKRuH3/RvGcbVQNPKbjTJSrFrbLG06Qvlo17x i+8AQPPE7WnJp0+WG8k6X4kzERlv3fQw0oVz0NvxtKdqc0jiu53wqZ0GWkLUZFLtXdPO I4LtvHJmXEphX23dhTfaVIj8VhA8XXFYag8JhqxI7pBJ/yH3PNgreS32zXj0KOWTHEtU BIsQ== X-Gm-Message-State: AOJu0Yx3R9Pl1BP90zMr0cLV+rU56LPwVUYLgtCcFHB5PvJxtgYEjnWM jH8f33BMRDW6IhjeTM+TRLvZ+1wsc5jIy70v0iU= X-Google-Smtp-Source: AGHT+IHL7uBbPZxTZFJ++F7fNQrXSj6Opeh6Xq1VfhTYByLIMLyJSgC2xgIhYFuJAwW+r5Ox11gT8A== X-Received: by 2002:a05:6871:6c9b:b0:1e9:9be0:e8b0 with SMTP id zj27-20020a0568716c9b00b001e99be0e8b0mr9443434oab.29.1697319924619; Sat, 14 Oct 2023 14:45:24 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.23 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:24 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 05/13] vim: Upgrade 9.0.1894 -> 9.0.2009 Date: Sat, 14 Oct 2023 11:44:50 -1000 Message-Id: <6c88137d4ab36054ac97cff0457d78ef503f383e.1697319777.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189129 From: Siddharth Doshi This includes CVE fix for CVE-2023-5441. Signed-off-by: Siddharth Doshi Signed-off-by: Steve Sakoman --- meta/recipes-support/vim/vim.inc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 5f55f590e6..5e06866692 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -19,8 +19,8 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://no-path-adjust.patch \ " -PV .= ".1894" -SRCREV = "e5f7cd0a60d0eeab84f7aeb35c13d3af7e50072e" +PV .= ".2009" +SRCREV = "54844857fd6933fa4f6678e47610c4b9c9f7a091" # Do not consider .z in x.y.z, as that is updated with every commit UPSTREAM_CHECK_GITTAGREGEX = "(?P\d+\.\d+)\.0" From patchwork Sat Oct 14 21:44:51 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32212 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7C564CDB484 for ; Sat, 14 Oct 2023 21:45:31 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.75717.1697319927257284652 for ; Sat, 14 Oct 2023 14:45:27 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=iQEQtn7k; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-6b20a48522fso1526065b3a.1 for ; Sat, 14 Oct 2023 14:45:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319926; x=1697924726; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=U0bFyTgoryzp87kjDHpQzYhAEK7Q8uZkqfcK5kMo5uo=; b=iQEQtn7kCBv+6EYIajy8OKqb1GtZkdpym6E0StA1QYr+CByImacJi3NHzlbGyqK0Yx sos5ynBAvfWSMvtu7UbRAiWVXanuTQVbS7Wd8QHEsebqYi++4Wd3eXhxFyMIzLZFniDr wyq4nnO4XpgWt5BYZvmuckyhGY3xtpxftZw+jtRF1DihnvDIH4Y4aGChlUdrMwldTnzl AoPDesoFwcDKcPeVojdQ1Djh3HuF8JESue6WMjYeU+co8H1aHDihd5oq0u9SWcYF9v+w FqVdBp+cH020ZDMai6+sNKOvfAtaoCr2b++WuK52ArZEqfOl0JgE6/0PmIsG7ytvLM2K urwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319926; x=1697924726; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=U0bFyTgoryzp87kjDHpQzYhAEK7Q8uZkqfcK5kMo5uo=; b=Xc+lXiv4U6s9oESgpRP9LiehrWuLFPM16/GK9g0VnDzkCRF92NeDdAB77Ta3qcCH6Y C7aon0U4WaHoIS7hqq730/CsNT5kcIZM226eGi2zl7haWZR03PteXEEytIrBGq825Obr zTqRfl4TJRB5QTV/AmVDk9UFQgHXc0QvP0+8gd+nW1CfoOQu8l2JoVKeF8tz53pjptGP B8YWN2r7wvnojHcdEgJq2BWnU/dKHEd1lkD48YfKeDs4dAM9EvvgHVz16HyFhJaZPhQ/ 43ygvu3UovzeDVkX5hB/erC10u6QLZ+NiTNAt5SRDFuqPRhxqbqoAgk85L/Qo8KNAHls dbgg== X-Gm-Message-State: AOJu0Yxa9cYTMEhPWowNhWgnfrmiN3UUyTEkYV2BFPR4fSpb+8nKsKq1 YBmqe7n7VtOrYbxCRRnWvRFLXw0EffmOuqLx9Lk= X-Google-Smtp-Source: AGHT+IFb+Gqeoiu6fTruUXmKG3mPf8Kwlodgtw8wABMKwSVHyV6xptWH5D2dffbUCEU5DimcV62orA== X-Received: by 2002:a05:6a20:9187:b0:135:8a04:9045 with SMTP id v7-20020a056a20918700b001358a049045mr29215522pzd.1.1697319926417; Sat, 14 Oct 2023 14:45:26 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.25 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:26 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 06/13] python3-urllib3: upgrade 1.26.9 -> 1.26.10 Date: Sat, 14 Oct 2023 11:44:51 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189130 From: wangmy Add dependence python3-logging. Changelog: ========= * Removed support for Python 3.5 * Fixed an issue where a "ProxyError" recommending configuring the proxy as HTTP instead of HTTPS could appear even when an HTTPS proxy wasn't configured. Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit a8a26a92dfe367472daf086a33a1b30ff6d17540) Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../{python3-urllib3_1.26.9.bb => python3-urllib3_1.26.10.bb} | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-urllib3_1.26.9.bb => python3-urllib3_1.26.10.bb} (82%) diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.9.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.10.bb similarity index 82% rename from meta/recipes-devtools/python/python3-urllib3_1.26.9.bb rename to meta/recipes-devtools/python/python3-urllib3_1.26.10.bb index 95ae4a54a4..a8e2073d71 100644 --- a/meta/recipes-devtools/python/python3-urllib3_1.26.9.bb +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.10.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c" -SRC_URI[sha256sum] = "aabaf16477806a5e1dd19aa41f8c2b7950dd3c746362d7e3223dbe6de6ac448e" +SRC_URI[sha256sum] = "879ba4d1e89654d9769ce13121e0f94310ea32e8d2f8cf587b77c08bbcdb30d6" inherit pypi setuptools3 @@ -15,6 +15,7 @@ RDEPENDS:${PN} += "\ ${PYTHON_PN}-netclient \ ${PYTHON_PN}-pyopenssl \ ${PYTHON_PN}-threading \ + ${PYTHON_PN}-logging \ " CVE_PRODUCT = "urllib3" From patchwork Sat Oct 14 21:44:52 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32209 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 58C1DCDB465 for ; Sat, 14 Oct 2023 21:45:31 +0000 (UTC) Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) by mx.groups.io with SMTP id smtpd.web11.75720.1697319929108908750 for ; Sat, 14 Oct 2023 14:45:29 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=hoIHeoW9; spf=softfail (domain: sakoman.com, ip: 209.85.214.177, mailfrom: steve@sakoman.com) Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-1c9a1762b43so26787055ad.1 for ; Sat, 14 Oct 2023 14:45:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319928; x=1697924728; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uMxgojyWLv+9ZKnY0PRUZCfuG3omo3KlvQa2ARPGFo0=; b=hoIHeoW9emPFg7MrWOtdDQw0VD2Akf/Nz23pHrYQFQ8w8OiRF3dfR0M+qnEk9a4gqh BUsUax12vUPAET0bxwKnPqKNbipKW8aU7kKK6jOXFctgVQEX0OmNHDf51VSz/Qw6XR/y wTL4Ea+zWdhTdCHOyBZ3U96O8c3rRUXbulYaoMfIzl1kEcmJvXQDIqcp4gQjzdj1jnVj 1PpvBeMCoixSHlBqSlAGPjHrQj1YMp2vA9Itjo7h8V8G9T09c8WXcJKTrpK6c3BsS5yr LEuOkHawKgCh0yQlNWnoiA0+CP5H/31AsgEtZKd9EYsBPQr7XienGpj4NRIA+BLTlNQF f8JA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319928; x=1697924728; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=uMxgojyWLv+9ZKnY0PRUZCfuG3omo3KlvQa2ARPGFo0=; b=GLAna/VVu9kcuUnAKwPe5fQwbd8jO/edSQamCWtot59AyJlwwMkBOtKsmVZzoOHt/X uaGt/gnsWx2eYM1c+yMOmfKjQtXzvPTQJ5p2XMc5jPkEYWlKeNlc8NpIBfUjADYnZJtc GWyJ0lHcJSaqU/PoTsKgA53Nyvrre9dY7CXtYACi6GEcGaUITMMk5FlGuMbs4Ke4NlPA 4ocOMjXLZTCYARv9USunz4m8jyJ/HAQcdVmErJjBAcWBJ6oibNzAwQ7xaLk9Fdq3XyB8 GuMq324VV8u/fycIa6p7eeHAf5CWSR/NhAhNLaKg3GBn/+fRQDM3mfwaEYJoeVp823Cj MmMA== X-Gm-Message-State: AOJu0YzUbh4+yfqnHxbReZwvo6Vutw1XI+OamUFCoWt+XNuOfu/IU7I8 IhZG1o9RmVb+ldSVBwFQs26Ht6FvaMZEzY4DxO8= X-Google-Smtp-Source: AGHT+IGT0/gRtTsBmE0eAfEt5u/heTs1HXsbmFII+JX8thsyiJDx5goipej+9mAwIELV6KIElLOVIg== X-Received: by 2002:a17:902:ecc5:b0:1c9:d940:78ea with SMTP id a5-20020a170902ecc500b001c9d94078eamr12566292plh.22.1697319928260; Sat, 14 Oct 2023 14:45:28 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:27 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 07/13] python3-urllib3: upgrade 1.26.10 -> 1.26.11 Date: Sat, 14 Oct 2023 11:44:52 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189131 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit dbe07ff87e2cb1a8276e69a43c7cdbb9ae6e5493) Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../{python3-urllib3_1.26.10.bb => python3-urllib3_1.26.11.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-urllib3_1.26.10.bb => python3-urllib3_1.26.11.bb} (86%) diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.10.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.11.bb similarity index 86% rename from meta/recipes-devtools/python/python3-urllib3_1.26.10.bb rename to meta/recipes-devtools/python/python3-urllib3_1.26.11.bb index a8e2073d71..a8d47de0f4 100644 --- a/meta/recipes-devtools/python/python3-urllib3_1.26.10.bb +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.11.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c" -SRC_URI[sha256sum] = "879ba4d1e89654d9769ce13121e0f94310ea32e8d2f8cf587b77c08bbcdb30d6" +SRC_URI[sha256sum] = "ea6e8fb210b19d950fab93b60c9009226c63a28808bc8386e05301e25883ac0a" inherit pypi setuptools3 From patchwork Sat Oct 14 21:44:53 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32214 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 65F49CDB474 for ; Sat, 14 Oct 2023 21:45:31 +0000 (UTC) Received: from mail-il1-f178.google.com (mail-il1-f178.google.com [209.85.166.178]) by mx.groups.io with SMTP id smtpd.web11.75723.1697319931046798715 for ; Sat, 14 Oct 2023 14:45:31 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=TTjg5JKK; spf=softfail (domain: sakoman.com, ip: 209.85.166.178, mailfrom: steve@sakoman.com) Received: by mail-il1-f178.google.com with SMTP id e9e14a558f8ab-3574297c79eso13278085ab.1 for ; Sat, 14 Oct 2023 14:45:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319930; x=1697924730; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=dtWA4+Syq1jE5Y9/AF6Z37F6KqpOgIBCYPAD1rGAaFA=; b=TTjg5JKK/hU3ThhFH7PtvAcnd0Vstupkqq5cjygnh0OHNY+7oRvIHeZyCovDIrtEg5 unbKkHnkDUhPWUsNOLczJsermLs3cpzuxNg9Ij5N2ay79WJIjAXY016qSNh3+76QQLf5 SKXLJPbdVhzBQ+x3Rvgp1CI6NIG8K8hq6n5BS905YTrY3hQ73Sa12dYWlVcSb5+qkjAI aErpu1uJBQZGip3rGc8Y4PHPEw4HVV0jAbEyMuzSCPtCqsVbm18j7/iB+GHP3V3kr7z0 UfGfGGsI+OJ4Iw5revDr+LaMjvmGeTlG91GcbzqIQzbWMw4sAwR6S506W9VnrH5UmGxM cZtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319930; x=1697924730; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=dtWA4+Syq1jE5Y9/AF6Z37F6KqpOgIBCYPAD1rGAaFA=; b=TgXBc/005XtDroQXZ27gjE4NOt5Ccj35sD9CS8T9T7dIpy3n2zFcUgeoz+7s0JKZd6 46bvg7S/ZUA6iMYj9yCf1y6pGtifi5ZD5We07UVZrWm4Cjw+fEwKBWbnCeeuussO13Ht +/z5LCJpSwzo9FeA0lfzVNUlLqmw7WcC1Sxk7tw5gqfS1QcJ8ZnQr9P5uJq9Y39i31jz 8FoNDncPuQFCY/YIZPvtH4jmX2f3uoTh7Z8PQAaStE4yaNkOHUv9dSSkHhoS8LXvXxM/ 0ZL2SKNGzJOSIWvU7HZ33aCJGGi9NrKjYrd58SQ5UWZE+4ZK+X5wnlq872QmweqIcpWK lYoQ== X-Gm-Message-State: AOJu0YwQIBQ94jyhB7sVPCQtZWx/Pe+FPqkewEHJDmUZrT2i9JZNSgTl PWmCWyCX6oJxvidTyKptOkUBijyPQblwZEgfWuw= X-Google-Smtp-Source: AGHT+IFpzlXMfH57n+PgmK85IiPYDIjdYMdjTjVNunguS44QFuEeLm57WpiYjMjKIhmwR3/od00LpQ== X-Received: by 2002:a05:6e02:963:b0:34c:e84b:4c5c with SMTP id q3-20020a056e02096300b0034ce84b4c5cmr26374024ilt.27.1697319930036; Sat, 14 Oct 2023 14:45:30 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:29 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 08/13] python3-urllib3: upgrade 1.26.11 -> 1.26.12 Date: Sat, 14 Oct 2023 11:44:53 -1000 Message-Id: <69a610b440b5e9e92931e43bd1c75230bb99f03e.1697319777.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:31 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189132 From: wangmy Signed-off-by: Wang Mingyu Signed-off-by: Alexandre Belloni (cherry picked from commit cb05578af3ace6e3983f93e16d9ad1ac2a65fbe2) Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../{python3-urllib3_1.26.11.bb => python3-urllib3_1.26.12.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-urllib3_1.26.11.bb => python3-urllib3_1.26.12.bb} (86%) diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.11.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.12.bb similarity index 86% rename from meta/recipes-devtools/python/python3-urllib3_1.26.11.bb rename to meta/recipes-devtools/python/python3-urllib3_1.26.12.bb index a8d47de0f4..1cd69bcb10 100644 --- a/meta/recipes-devtools/python/python3-urllib3_1.26.11.bb +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.12.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c" -SRC_URI[sha256sum] = "ea6e8fb210b19d950fab93b60c9009226c63a28808bc8386e05301e25883ac0a" +SRC_URI[sha256sum] = "3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e" inherit pypi setuptools3 From patchwork Sat Oct 14 21:44:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32215 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 798BDC41513 for ; Sat, 14 Oct 2023 21:45:41 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.75724.1697319932721708614 for ; Sat, 14 Oct 2023 14:45:32 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=HPp5RiLR; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1c9e95aa02dso17890425ad.0 for ; Sat, 14 Oct 2023 14:45:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319932; x=1697924732; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TvnbgVaUapjqjJGD9xO0lm5/Qya4f33ktNBABaMvJQ0=; b=HPp5RiLRAQU4bBjmGFzAK86HqkvKAVK1ZbmTJ06ytLnMV/Z19NB6j1F9hL5Nkqqe8v UesOD3JSV1qAj6yzv6d93qPvmISF1LX8p/MleCYIHccj4vPaqEFqTxmnN8gOzdKSPSSk i0L9S2u8W7h60RdIotPAsBuqxOGswLZhFL6dlHj7t8hz00cwHIktk5K40p5nFn/fX+If sVypcsLM8SwACJtxBi7nBdxCdlbCbfCGrgCzkQjlAyqvuX2V7QlTDisGmtLXRkyS/EqL +regK9YNXIUpYsScqHKjEF5SMES9Z77jB3R6t7a05rtOHj5nIZHXCnZzjcQ145LVgGZp 8+7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319932; x=1697924732; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TvnbgVaUapjqjJGD9xO0lm5/Qya4f33ktNBABaMvJQ0=; b=kTc51XcJqWqmOdI2hmJ677q0Ix4VTeNG5J6tUj/4Pw2vAraKoI61RzYJc309jCESVu uiMB3+NssidGGk3g5HN5LuEyv1A5RW8k1EW4Eyu5bFswVufY6xPdCCNf+SuyPD+fwRri AyWAbaVSfNIfCOD2+ZhqyF18VFEBgM22Uy4YLonuDPL+xtbrxeTqtSKeJIRulFZ/Z0cY y/wvryMDtkL9Qq2B/XHFACQdqFMAvimlrV41+ko5JUBU25g36UxYeKNpX9qOPS18BFPs cyyoR4yEy529uHqZoYbHoAtC+eIFzYM4WyTu2n8NI8oXQFkfF6ghkmrVmCNt0suylOjU tvWA== X-Gm-Message-State: AOJu0Yybh9Rn+n0blbVq0Ycl0F7FjP/M9K58WfAiz5oDG+ezMKERN2VE 87j2vlAjfRPRmND3PBNLCSaxbne2RGBx5qnAxrs= X-Google-Smtp-Source: AGHT+IEGKzm4f+tmqeyhMdT3mUSIpEHQqDKWiDeUcRPVM0JXK68+vqWKJGxz2S2xIn40BLEoa1GNYA== X-Received: by 2002:a17:902:d4d2:b0:1c9:e77d:62d3 with SMTP id o18-20020a170902d4d200b001c9e77d62d3mr5377057plg.10.1697319931849; Sat, 14 Oct 2023 14:45:31 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:31 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 09/13] python3-urllib3: upgrade 1.26.12 -> 1.26.13 Date: Sat, 14 Oct 2023 11:44:54 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189133 From: Alexander Kanavin Signed-off-by: Alexander Kanavin Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit b18552f69a2eb8900981a10ba386dc4f862b29c3) Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../{python3-urllib3_1.26.12.bb => python3-urllib3_1.26.13.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-urllib3_1.26.12.bb => python3-urllib3_1.26.13.bb} (86%) diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.12.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.13.bb similarity index 86% rename from meta/recipes-devtools/python/python3-urllib3_1.26.12.bb rename to meta/recipes-devtools/python/python3-urllib3_1.26.13.bb index 1cd69bcb10..7af95117cf 100644 --- a/meta/recipes-devtools/python/python3-urllib3_1.26.12.bb +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.13.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c" -SRC_URI[sha256sum] = "3fa96cf423e6987997fc326ae8df396db2a8b7c667747d47ddd8ecba91f4a74e" +SRC_URI[sha256sum] = "c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8" inherit pypi setuptools3 From patchwork Sat Oct 14 21:44:55 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32219 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97120CDB482 for ; Sat, 14 Oct 2023 21:45:41 +0000 (UTC) Received: from mail-il1-f179.google.com (mail-il1-f179.google.com [209.85.166.179]) by mx.groups.io with SMTP id smtpd.web10.75796.1697319934832826704 for ; Sat, 14 Oct 2023 14:45:34 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Vm5zdjnt; spf=softfail (domain: sakoman.com, ip: 209.85.166.179, mailfrom: steve@sakoman.com) Received: by mail-il1-f179.google.com with SMTP id e9e14a558f8ab-3576121362eso8418345ab.1 for ; Sat, 14 Oct 2023 14:45:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319934; x=1697924734; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Ugn0cvDz9iaCQZzC1MFO+TmlKee7+Oa475xty861DmY=; b=Vm5zdjntWlFLRuU1aJO6hguzBkMSbaoSZPr1Cd+ANZNlEpA3w1hGcRBSRB6sczCXcS p24rep0piMZS436I702xbCMtGlJjnP+JFkfVv4jQEFeoe2cOkbzExJC3sTUXSl7M9vah KCrmcDnt131681OuhMMCndZUaHx7cg9JcJj3W5kFYLGKcQnZHdGB/fuvMdi3cmiKX2++ 4ua+AtpMDcWQuoDRmBXSDQixLNAdvlnKbY6y7f44zi/YCOV/FUauDX2DuBWN/tqlwLEH GbQuJJvhzvCIKO+as7p4CptgZ8UNF16kGlrz+XpPsElbcuiwa0bt0tYNAMMbavDSsWcW mtjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319934; x=1697924734; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ugn0cvDz9iaCQZzC1MFO+TmlKee7+Oa475xty861DmY=; b=OuqZ90+L38vVPd4j5NsZlWcmNReKXeu6xpHBp0TR/4AXqlQTIfCGi0sTqTTO15d5Ij 85ZYTr4JMXg3nn/c+ILjWtmwH9mA5e+9u8rHjSGW12lvhhn3DbMebv75NqvK64QcNZWm SDdebIch2V+z6BUgkWaLxjD4iQHbcVtnWBWGbrxsiqI5NeMTYKTUeMfd7FPOt9ZOQRsW kbmnq4HA0qnQ3rgPLEwUVrZ/AcrolrrusltiIfm014NCqVAeSOd/GTvAZ2bo9caeqxef jr6vZowp9zgMTe4MLkhrOeLsBMMijLcp7bfs93dQKOOL0eQXJMRQFjH/lXdyvZYt0Q9i q6OQ== X-Gm-Message-State: AOJu0YyuET7fqM6Q/lj6lmCFk3uZZeOKoX79xlXRS5FCzT1sTedIYOqz J8Psiwb6B8RpmEDsDLAL2xDzhRh62WcOivEAWbg= X-Google-Smtp-Source: AGHT+IHJvuDArLbMNkRazgIQmcwV4urrPqkgcTj1TIUML6OaeR6wPbuJhMmFhVFOFBfk3bfF2nnLMQ== X-Received: by 2002:a05:6e02:1d9b:b0:34c:b981:52d4 with SMTP id h27-20020a056e021d9b00b0034cb98152d4mr38923098ila.31.1697319933703; Sat, 14 Oct 2023 14:45:33 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:33 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 10/13] python3-urllib3: upgrade 1.26.13 -> 1.26.14 Date: Sat, 14 Oct 2023 11:44:55 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189134 From: Tim Orling https://github.com/urllib3/urllib3/blob/1.26.14/CHANGES.rst#12614-2023-01-11 1.26.14 (2023-01-11) Fixed parsing of port 0 (zero) returning None, instead of 0. (#2850) Removed deprecated getheaders() calls in contrib module. Signed-off-by: Tim Orling Signed-off-by: Richard Purdie (cherry picked from commit 55ab1bf20e6893088acb6460e9004dac8e205559) Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../{python3-urllib3_1.26.13.bb => python3-urllib3_1.26.14.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-urllib3_1.26.13.bb => python3-urllib3_1.26.14.bb} (86%) diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.13.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.14.bb similarity index 86% rename from meta/recipes-devtools/python/python3-urllib3_1.26.13.bb rename to meta/recipes-devtools/python/python3-urllib3_1.26.14.bb index 7af95117cf..f35a141df2 100644 --- a/meta/recipes-devtools/python/python3-urllib3_1.26.13.bb +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.14.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c" -SRC_URI[sha256sum] = "c083dd0dce68dbfbe1129d5271cb90f9447dea7d52097c6e0126120c521ddea8" +SRC_URI[sha256sum] = "076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72" inherit pypi setuptools3 From patchwork Sat Oct 14 21:44:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32217 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 971BAC46CA1 for ; Sat, 14 Oct 2023 21:45:41 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web10.75797.1697319936460993242 for ; Sat, 14 Oct 2023 14:45:36 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=H9SJSz/V; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1c9d407bb15so27921905ad.0 for ; Sat, 14 Oct 2023 14:45:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319935; x=1697924735; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CQZGUxEMYp+rXLv4cxCc35LRFGHxwXvxjsAjgQGMWw8=; b=H9SJSz/VKkRxYMZZCmtQM7NmbPwrvUtd9cuNOlxB8k2L9CHz5JF5stoe2HERlHiDg/ 2+lbW+TKmoMt+SzJhDJ1Ml4Vg+A9+Sz+moTne6HWD4MDOGeWsoI9EADCXXGF3LjYPYt8 6aXxiVmMP7Nfxbsqsw86U6jYEqHh5hVo/l0Nf+n6PmXjqpWZxOFqC+qoPMukGCWUnIDJ q4vXWOZWqOagsN/I+EBt34J+SMQFOTmSTRe7nbG7VOdW+HP/JsDSqYOUm7kUlgiZ2hBm mkoWc/HUQplhSczesHit6W9ZeWl3hmirH8uqmz3B+Z9sNOoSsCtln/DSPvpjLMky6WwY DvTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319935; x=1697924735; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CQZGUxEMYp+rXLv4cxCc35LRFGHxwXvxjsAjgQGMWw8=; b=IooQua0m+UkYxEPLKI1ehMwqMI/g1eQjbuEW9Bu9JGTWWE80I1Eex16tPNTgl/l28Y wBp+v9rklkfiDvgSX183qNAQHb17gfclcncge2uEQgBFEGuS1UKE5BO3Ae8gL6tJ2CxJ SU9VJoWa/apygpOChE5sEdZ01+KSsXElSr2PpVCfaIUU76vaF9U/blEWiDc0N2jpSshE lnXi4nIWp8Sv54aHHGgomytVlmuwfW+argv542ZjxPb042otYYZALm5ynCsvKhywTsYA jCcyCYyy+ozOAKvRFfiXhDDzMv1Il8cJUHxQVJmWXQA8Nd/MDeD1fhdpz51Dz6v/lgL+ fohw== X-Gm-Message-State: AOJu0YxypUG/Ez14fILlGrIXWYgeHVeY1VDKqweJFFrEbigplx7Xcqus JkHHtYOMBsqm7AqJYdPLK+tmjmclWvxkfs+SdIQ= X-Google-Smtp-Source: AGHT+IFQEseqwZGQpRRYyhjtKYgIpnYdYxHhHNmRJIcZRBtRRmfttj8w67ckXxbHyS1vbFNI3nUEgA== X-Received: by 2002:a17:903:1c8:b0:1c8:a63a:2087 with SMTP id e8-20020a17090301c800b001c8a63a2087mr22347727plh.65.1697319935469; Sat, 14 Oct 2023 14:45:35 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.34 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:35 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 11/13] python3-urllib3: upgrade 1.26.14 -> 1.26.15 Date: Sat, 14 Oct 2023 11:44:56 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189135 From: Wang Mingyu Changelog: ========== * Fix socket timeout value when "HTTPConnection" is reused ('#2645 '__) * Remove "!" character from the unreserved characters in IPv6 Zone ID parsing ('#2899 '__) * Fix IDNA handling of '\x80' byte ('#2901 '__) Signed-off-by: Wang Mingyu Signed-off-by: Richard Purdie (cherry picked from commit 8e062efbac29a81831c3060bcae601dc533d65dd) Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../{python3-urllib3_1.26.14.bb => python3-urllib3_1.26.15.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-urllib3_1.26.14.bb => python3-urllib3_1.26.15.bb} (86%) diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.14.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb similarity index 86% rename from meta/recipes-devtools/python/python3-urllib3_1.26.14.bb rename to meta/recipes-devtools/python/python3-urllib3_1.26.15.bb index f35a141df2..d2de7c4c02 100644 --- a/meta/recipes-devtools/python/python3-urllib3_1.26.14.bb +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c" -SRC_URI[sha256sum] = "076907bf8fd355cde77728471316625a4d2f7e713c125f51953bb5b3eecf4f72" +SRC_URI[sha256sum] = "8a388717b9476f934a21484e8c8e61875ab60644d29b9b39e11e4b9dc1c6b305" inherit pypi setuptools3 From patchwork Sat Oct 14 21:44:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32218 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3ABBCDB474 for ; Sat, 14 Oct 2023 21:45:41 +0000 (UTC) Received: from mail-io1-f53.google.com (mail-io1-f53.google.com [209.85.166.53]) by mx.groups.io with SMTP id smtpd.web10.75799.1697319938993488018 for ; Sat, 14 Oct 2023 14:45:39 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=JudZcRtL; spf=softfail (domain: sakoman.com, ip: 209.85.166.53, mailfrom: steve@sakoman.com) Received: by mail-io1-f53.google.com with SMTP id ca18e2360f4ac-7a27254cd12so129491139f.3 for ; Sat, 14 Oct 2023 14:45:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319938; x=1697924738; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=MgBHHUNo6p2x9/2KeXvYlyk7ceaNjsjfyo/ABYrk5pU=; b=JudZcRtLl22wz9madkvujnaGIc6wOhi1mVbvgJ0O4dSt38RAeE0F+E/4Yurk45veX7 ynrJxINa2FnvyN6aW08VH3jYS6ZZR6p05jqHXRDK9Yz7MNU+NKbXDBTsPmW8kOUxS/k0 fdR+wPhKsjgtX4Oiks5XdjVt6beauTZtiSJ3ZxG7eA97+LnZgYXwg6RKCzl8XBuGjSni 3TeNraMVJgAkd34Leem8t3ccrm376395snjryPjWwNc5CNXg1yxVf76yI5xpzw+WhhxP MM4Sfduo51EQavKxJyMJY0xR0RytMXn8quF8LMqtsqsEsaQSIZCb5gKtfibw7H1TE2uY i5Ug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319938; x=1697924738; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MgBHHUNo6p2x9/2KeXvYlyk7ceaNjsjfyo/ABYrk5pU=; b=WY66q6qL4nGEIX2PTxbHJanrjDNucAY51aFJoAT0sOfHhgu9RMjevBhY+w+M1RsR/h pUenNv5QCQbhu0wseJFhUXM23RxxXQlBwM9cpKewacfEBBZvCj/rzdB/2C9xlmO0NVJD KfUj9SH6KqubUgSBrcjM9PFNJIDZPFDZ5VNHedIBipMNHIK3jyj5cfaPk41jPhcSQW4o NkE3wlzh5eJtDXNeIK1HqFWmzEaJo5BKVUaaI2WObMPQCNZ51ROtU6+yj4AwanHFVgCt yvGJLh66WYoH1L19XNkyXXK1qJh4ihUg0RuZHJ6vV8QeSKuiHGvGyQOkpzY/qm9XCpbg VnRA== X-Gm-Message-State: AOJu0YxMK4/ud9NmhEHE4psoaMdnBfvaoz5wpHrcWVfThxy0KNP7Mfrt LNPPTgOcMKMEoLgZJ9ECElrN7T/odq61n1xfHc0= X-Google-Smtp-Source: AGHT+IEonWzJREhZapSkkdcPcM9H3D2Qld+KIj2z6G3UU5hvIaP6htlCgpQ6DCpl84KBibg0tRwOAQ== X-Received: by 2002:a05:6e02:164f:b0:34f:68fe:630 with SMTP id v15-20020a056e02164f00b0034f68fe0630mr39248165ilu.25.1697319937966; Sat, 14 Oct 2023 14:45:37 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:36 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 12/13] python3-urllib3: 1.26.15 -> 1.26.17 Date: Sat, 14 Oct 2023 11:44:57 -1000 Message-Id: <27a1de55a46b7b313eb2a6370e9d779a7cd49154.1697319777.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189136 From: Lee Chee Yang 1.26.17 (2023-10-02) Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (CVE-2023-43804) 1.26.16 (2023-05-23) Fixed thread-safety issue where accessing a PoolManager with many distinct origins would cause connection pools to be closed while requests are in progress (#2954) Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- .../{python3-urllib3_1.26.15.bb => python3-urllib3_1.26.17.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-urllib3_1.26.15.bb => python3-urllib3_1.26.17.bb} (86%) diff --git a/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb b/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb similarity index 86% rename from meta/recipes-devtools/python/python3-urllib3_1.26.15.bb rename to meta/recipes-devtools/python/python3-urllib3_1.26.17.bb index d2de7c4c02..57b166870a 100644 --- a/meta/recipes-devtools/python/python3-urllib3_1.26.15.bb +++ b/meta/recipes-devtools/python/python3-urllib3_1.26.17.bb @@ -3,7 +3,7 @@ HOMEPAGE = "https://github.com/shazow/urllib3" LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=c2823cb995439c984fd62a973d79815c" -SRC_URI[sha256sum] = "8a388717b9476f934a21484e8c8e61875ab60644d29b9b39e11e4b9dc1c6b305" +SRC_URI[sha256sum] = "24d6a242c28d29af46c3fae832c36db3bbebcc533dd1bb549172cd739c82df21" inherit pypi setuptools3 From patchwork Sat Oct 14 21:44:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 32216 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79892CDB465 for ; Sat, 14 Oct 2023 21:45:41 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web11.75728.1697319941148343732 for ; Sat, 14 Oct 2023 14:45:41 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=xvwkHoIk; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1c87a85332bso28665005ad.2 for ; Sat, 14 Oct 2023 14:45:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1697319940; x=1697924740; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=k3FLqWxw+03EfvuQ4zlM1g1tOEHRO1XdQiU6pkPDMc0=; b=xvwkHoIkTefL3niVzbTtIWtef4xxdfKgEfSo0v3klmSxlBetjN475dXM3UoHDUkJPh C9BHuqYIlJ4zBeLxmq+K7YqRaqsipLmN9ywo+rIjK+W7mQLNryTAJJkU+B5q4BYVbj66 AwlHKBqWh1zlDi8xWqZ9LQgLTcOia36/8xuWLIBfX1AEjwyFthBQMCz4Zxbb7mBKmGWl 5k1C7rKRT9gBfx3TLAobhJLYCyrU8nHhdqr/JvZJHAFuSm8mbb0fbynFgopbEMyhtX8I NYfb7RhWjoOCMT3Z8FDyi9Lx1h9Hxlap1sRDb+9/skZRPMrdhZiTIre8V2dD6k7+CSA3 0vyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697319940; x=1697924740; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=k3FLqWxw+03EfvuQ4zlM1g1tOEHRO1XdQiU6pkPDMc0=; b=mcUBfxp5g9oAJLGVi7plQv0cQACEHntCiWGn6mwvcXH24ek30XLfQoi3sXJisiTHJ7 46jUahb+pqabl+ofVmAgcRTARXcKSKHA9amvLXnze6MlEkXm5UkmVZDBXCB1YXdZ93b6 pmOn+cvi6odt+J5ClBB5lgojRce6lS3HQIBDTA+mEAP5tCX+x+X97lg1X1+DlX8jARaM 9xcWteyz18G0ijfdXyieeIDKvIIyfnSaCE/1ed+hJz/nxh8j/723H4bIL7qL/hzfC5jj CLRvCRN6FZXGA9hyKVaY0LwJ4sGO2xlj8uzEcPSMQ0Rn5mYWVV70VRPDxzoIyKmYF8uf YFwg== X-Gm-Message-State: AOJu0YzpA/Q/xF8wMUA4HcsCpVx7a82OW4rM7uxRLazSwngGieFke0SH wLM+1aGPqdVStFgZvH0+7+tdlQmUyufz9gCvcgQ= X-Google-Smtp-Source: AGHT+IFNYd65AqZs5Zi8ZxySQ/X1ehGYmXApWvQk3C1fLIrjKpIRFrww373SInR7DK7aE6YETvB6xg== X-Received: by 2002:a17:902:ba8c:b0:1c6:28f6:954a with SMTP id k12-20020a170902ba8c00b001c628f6954amr28645488pls.64.1697319940217; Sat, 14 Oct 2023 14:45:40 -0700 (PDT) Received: from hexa.router0800d9.com (dhcp-72-234-106-30.hawaiiantel.net. [72.234.106.30]) by smtp.gmail.com with ESMTPSA id jf9-20020a170903268900b001c898328289sm5943411plb.158.2023.10.14.14.45.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 14 Oct 2023 14:45:39 -0700 (PDT) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/13] apt: add missing for uint16_t Date: Sat, 14 Oct 2023 11:44:58 -1000 Message-Id: <2572b32e729831762790ebfbf930a1140657faea.1697319777.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 14 Oct 2023 21:45:41 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/189137 From: Khem Raj Signed-off-by: Khem Raj Signed-off-by: Alexandre Belloni Signed-off-by: Richard Purdie (cherry picked from commit 8c46ded67df2d830c8bbf5f7b82d75db81d797e2) Signed-off-by: Steve Sakoman --- ...001-add-missing-cstdint-for-uint16_t.patch | 35 +++++++++++++++++++ meta/recipes-devtools/apt/apt_2.4.5.bb | 1 + 2 files changed, 36 insertions(+) create mode 100644 meta/recipes-devtools/apt/apt/0001-add-missing-cstdint-for-uint16_t.patch diff --git a/meta/recipes-devtools/apt/apt/0001-add-missing-cstdint-for-uint16_t.patch b/meta/recipes-devtools/apt/apt/0001-add-missing-cstdint-for-uint16_t.patch new file mode 100644 index 0000000000..44aa8a5873 --- /dev/null +++ b/meta/recipes-devtools/apt/apt/0001-add-missing-cstdint-for-uint16_t.patch @@ -0,0 +1,35 @@ +From 960d10e89cf60d39998dae6fdcd4f0866b753a79 Mon Sep 17 00:00:00 2001 +From: Khem Raj +Date: Mon, 23 Jan 2023 12:31:35 -0800 +Subject: [PATCH] add missing for uint16_t + +This fixes build problems with gcc 13 snapshot [1] + +Fixes +| include/apt-pkg/pkgcache.h:257:23: warning: cast from 'char*' to 'const uint16_t*' {aka 'const short unsigned int*'} increases required alignment of target type [-Wcast-align] +| 257 | uint16_t len = *reinterpret_cast(name - sizeof(uint16_t)); +| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +[1] https://www.gnu.org/software/gcc/gcc-13/porting_to.html + +Upstream-Status: Submitted [https://salsa.debian.org/apt-team/apt/-/merge_requests/276] +Signed-off-by: Khem Raj +--- + apt-pkg/contrib/mmap.cc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/apt-pkg/contrib/mmap.cc b/apt-pkg/contrib/mmap.cc +index 642e20473..0568e1cd0 100644 +--- a/apt-pkg/contrib/mmap.cc ++++ b/apt-pkg/contrib/mmap.cc +@@ -23,6 +23,7 @@ + #include + #include + ++#include + #include + #include + #include +-- +2.39.1 + diff --git a/meta/recipes-devtools/apt/apt_2.4.5.bb b/meta/recipes-devtools/apt/apt_2.4.5.bb index 9ebcdfd527..9ceabcc186 100644 --- a/meta/recipes-devtools/apt/apt_2.4.5.bb +++ b/meta/recipes-devtools/apt/apt_2.4.5.bb @@ -13,6 +13,7 @@ SRC_URI = "${DEBIAN_MIRROR}/main/a/apt/${BPN}_${PV}.tar.xz \ file://0001-cmake-Do-not-build-po-files.patch \ file://0001-Hide-fstatat64-and-prlimit64-defines-on-musl.patch \ file://0001-aptwebserver.cc-Include-array.patch \ + file://0001-add-missing-cstdint-for-uint16_t.patch \ " SRC_URI:append:class-native = " \