From patchwork Tue Oct 31 15:35:40 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 33172
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 08200C4167B
	for <webhook@archiver.kernel.org>; Tue, 31 Oct 2023 15:35:58 +0000 (UTC)
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com
 [209.85.214.181])
 by mx.groups.io with SMTP id smtpd.web11.1811.1698766556743231105
 for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:35:56 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=MRPII/2p;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f181.google.com with SMTP id
 d9443c01a7336-1c9b7c234a7so52517425ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:35:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698766555;
 x=1699371355; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=O0zf1SCrhHyJRVY3oyiU4P/OFd/VX/kji+OZg/gg1wY=;
        b=MRPII/2pItdoKIi9W324cid3eP0WCmAXAtKFxVa6vqNmZqnFoQex6LNjuUs+itBN67
         cA3B+nnMm+/GN6PjW0wB3ipiAzZPyQU2FmrpgXJ3RpRTqJ7AaV73rp2bElInlfa8MLiI
         ZH6BeznMubiHAwUMLUHuQAY4fF81X0J3rYjAXRXnsqiIvS2uryAaezpizT0vcF4W9z7C
         hyDSpy1hBLsaAuxSBc/AG+f0z8xfU+N885U1NN4s7cFIntwj+TtEoC8Kk59dxRTH4tdc
         kOan+ipDjUVQDqvLQNEiFZRIV2IYyTdUoGeEsFQDeiZHOA3ceHmrLCAzaSIc//DrjI6Q
         nGSQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698766555; x=1699371355;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=O0zf1SCrhHyJRVY3oyiU4P/OFd/VX/kji+OZg/gg1wY=;
        b=nwQzFzrD+2VSU5QE5t5FPGWoSsLjySIkGo3KMmh3Xq5PX+xA3v+k2HoFXY75CzoJLL
         cdvv+xmDLr6wFuPvnGGWL/Ba3NFWAiGv+tBCSXn625BHHelgqYJ8OpSwck2bS3KgbOWy
         qOpRkAgN+JbivHYDd5fsS76mNmaNWQHbgpIOP8aPxdkiWj/EC1HhCjpiSrAPmWNEEMgb
         rYmtrR9K3KBTMgJz9spJEEOuhL6QdpT5iTgXMcbjX72rXyE5QZ5JdIEq9HseIKJDNLTf
         jEUIHxZ2Jigc5WELBj7ot9C5cM/inLNW9eJ8CJjGhcnmqd/SG9jnOS5unx0Ho9OURD4o
         TuRQ==
X-Gm-Message-State: AOJu0YyuBE5/ilqIrgEskmRjBkm9OyJUqG5bHEzvRe2U4Er0DbruTqPZ
	79bNAig8yh6StFFOphmwVkP/UWN+5WxF+dqijVNC4g==
X-Google-Smtp-Source: 
 AGHT+IE2Avd7SMQC/wSKLzUusBMcyKfK+7tiCYwsT+S71iMkI7OkdVWZzXvF1YWPrm6rzmmXpKv1bA==
X-Received: by 2002:a17:903:32c3:b0:1cc:4828:9b07 with SMTP id
 i3-20020a17090332c300b001cc48289b07mr7377641plr.0.1698766555392;
        Tue, 31 Oct 2023 08:35:55 -0700 (PDT)
Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com.
 [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 f10-20020a170902684a00b001ca21e05c69sm1498048pln.109.2023.10.31.08.35.54
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 31 Oct 2023 08:35:55 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][mickledore 1/5] grub2: fix CVE-2023-4692
Date: Tue, 31 Oct 2023 05:35:40 -1000
Message-Id: 
 <a02081b5aa1ea780f9342a24080d617b34c99b28.1698766338.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1698766338.git.steve@sakoman.com>
References: <cover.1698766338.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 31 Oct 2023 15:35:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/189853

From: Xiangyu Chen <xiangyu.chen@windriver.com>

Crafted file system images can cause heap-based buffer overflow and may
allow arbitrary code execution and secure boot bypass

Reference:
https://security-tracker.debian.org/tracker/CVE-2023-4692

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2023-4692.patch            | 98 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 99 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4692.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4692.patch b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
new file mode 100644
index 0000000000..305fcc93d8
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2023-4692.patch
@@ -0,0 +1,98 @@
+From 43651027d24e62a7a463254165e1e46e42aecdea Mon Sep 17 00:00:00 2001
+From: Maxim Suhanov <dfirblog@gmail.com>
+Date: Mon, 28 Aug 2023 16:31:57 +0300
+Subject: [PATCH] fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute
+ for the $MFT file
+
+When parsing an extremely fragmented $MFT file, i.e., the file described
+using the $ATTRIBUTE_LIST attribute, current NTFS code will reuse a buffer
+containing bytes read from the underlying drive to store sector numbers,
+which are consumed later to read data from these sectors into another buffer.
+
+These sectors numbers, two 32-bit integers, are always stored at predefined
+offsets, 0x10 and 0x14, relative to first byte of the selected entry within
+the $ATTRIBUTE_LIST attribute. Usually, this won't cause any problem.
+
+However, when parsing a specially-crafted file system image, this may cause
+the NTFS code to write these integers beyond the buffer boundary, likely
+causing the GRUB memory allocator to misbehave or fail. These integers contain
+values which are controlled by on-disk structures of the NTFS file system.
+
+Such modification and resulting misbehavior may touch a memory range not
+assigned to the GRUB and owned by firmware or another EFI application/driver.
+
+This fix introduces checks to ensure that these sector numbers are never
+written beyond the boundary.
+
+Fixes: CVE-2023-4692
+
+Upstream-Status: Backport from 
+[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea]
+CVE: CVE-2023-4692
+
+Reported-by: Maxim Suhanov <dfirblog@gmail.com>
+Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ grub-core/fs/ntfs.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index bbdbe24..c3c4db1 100644
+--- a/grub-core/fs/ntfs.c
++++ b/grub-core/fs/ntfs.c
+@@ -184,7 +184,7 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+     }
+   if (at->attr_end)
+     {
+-      grub_uint8_t *pa;
++      grub_uint8_t *pa, *pa_end;
+ 
+       at->emft_buf = grub_malloc (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
+       if (at->emft_buf == NULL)
+@@ -209,11 +209,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ 	    }
+ 	  at->attr_nxt = at->edat_buf;
+ 	  at->attr_end = at->edat_buf + u32at (pa, 0x30);
++	  pa_end = at->edat_buf + n;
+ 	}
+       else
+ 	{
+ 	  at->attr_nxt = at->attr_end + u16at (pa, 0x14);
+ 	  at->attr_end = at->attr_end + u32at (pa, 4);
++	  pa_end = at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR);
+ 	}
+       at->flags |= GRUB_NTFS_AF_ALST;
+       while (at->attr_nxt < at->attr_end)
+@@ -230,6 +232,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ 	  at->flags |= GRUB_NTFS_AF_GPOS;
+ 	  at->attr_cur = at->attr_nxt;
+ 	  pa = at->attr_cur;
++
++	  if ((pa >= pa_end) || (pa_end - pa < 0x18))
++	    {
++	      grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
++	      return NULL;
++	    }
++
+ 	  grub_set_unaligned32 ((char *) pa + 0x10,
+ 				grub_cpu_to_le32 (at->mft->data->mft_start));
+ 	  grub_set_unaligned32 ((char *) pa + 0x14,
+@@ -240,6 +249,13 @@ find_attr (struct grub_ntfs_attr *at, grub_uint8_t attr)
+ 	    {
+ 	      if (*pa != attr)
+ 		break;
++
++              if ((pa >= pa_end) || (pa_end - pa < 0x18))
++                {
++	          grub_error (GRUB_ERR_BAD_FS, "can\'t parse attribute list");
++	          return NULL;
++	        }
++
+ 	      if (read_attr
+ 		  (at, pa + 0x10,
+ 		   u32at (pa, 0x10) * (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR),
+-- 
+cgit v1.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index 58b215d79c..ac73a0b940 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -42,6 +42,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://CVE-2022-3775.patch \
            file://0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch \
            file://0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch \
+           file://CVE-2023-4692.patch \
 "
 
 SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"

From patchwork Tue Oct 31 15:35:41 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 33175
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DEC9DC4167B
	for <webhook@archiver.kernel.org>; Tue, 31 Oct 2023 15:36:07 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web10.1945.1698766558759461523
 for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:35:58 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Sir7NZxJ;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id
 d9443c01a7336-1cc3542e328so20740405ad.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:35:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698766557;
 x=1699371357; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=a9jCxoeAcQpu4nhwhJgCtOTd1s8OzPMJFRp56+aDMJo=;
        b=Sir7NZxJzqxmDJdrG8RCaNHFpBtA+sTeJ9fZVVSvWEQTWpTCUO8zuCWe9c0W75wpD+
         /GR62aLXBXdJUQ/0G89g5E6GS5X+J8geck3LcW1hDtFD8fZMw18F/SSLNH+dTtaJ5/IY
         FXF+8gQvkeLXTOLE8PWaKJMOaV5ZC5+a5LduYdv92RWBuPPTOgZv8Nu2yZcWZOSp/0zZ
         06qq76kGGLhgJF+f+N+JBOT2pVd0AKUMhDJD/rASg6e1WeSANk6miEAFg9KJKCGe8faU
         ZLhmx+k6+Y7/KCXDVJdK1EU0Czg6uIhOpfs+/waX2VZFUMRvdRWzOU+BK7T0G59CMkxz
         La/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698766557; x=1699371357;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=a9jCxoeAcQpu4nhwhJgCtOTd1s8OzPMJFRp56+aDMJo=;
        b=TuocfC9qV0xFjDbwYYdt7lafnLOOI30SBudwCHqCa4KQbjwtapP68GGzEdirV77Ng/
         Gf6aL+qH60N0yb+8+9Ac/TX+GupXU/KKsmTjuduxJFVOWHaIb+2zamzBZDHtjkD7SYZ7
         1XEHmp1OSeMg6v6rIKi7fZtRRHrDRufKz4fnz13VTHguEVE2ouGcKAqLhDyGJA+A+gqF
         gDaKNp4Os/Tc1wVuT29ahlil/Y72gDhPFIQViOfsEMzypvLAUdk3lLa4jwCIf+Gud5Dw
         /HlPSPr4S0QcJ7364QhCzrHzQq15Y78FTVHMzBcA3eC3MIYWzTpsFhuojy3DpbSK3ofr
         erMw==
X-Gm-Message-State: AOJu0YwH58XHS2TyHdpYWFC3tvLXYGHpdETU5Aatgmvk3R06neLRyxDt
	1GXJ8ny6bGzdMEouqNnPUiDZPGDmTjDR21vqdsJLxw==
X-Google-Smtp-Source: 
 AGHT+IECbdMCn6SjTjedy5ZFSeEJcRVqG0lEmsx5qJvDCABZnEqY19GXU67QFZEQrnIx+kYZ8W0MhQ==
X-Received: by 2002:a17:902:ce87:b0:1cc:636f:f376 with SMTP id
 f7-20020a170902ce8700b001cc636ff376mr3730552plg.44.1698766557338;
        Tue, 31 Oct 2023 08:35:57 -0700 (PDT)
Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com.
 [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 f10-20020a170902684a00b001ca21e05c69sm1498048pln.109.2023.10.31.08.35.56
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 31 Oct 2023 08:35:56 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][mickledore 2/5] grub2: fix CVE-2023-4693
Date: Tue, 31 Oct 2023 05:35:41 -1000
Message-Id: 
 <afcb86b8b7936056549600c71a171f9c17ca6980.1698766338.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1698766338.git.steve@sakoman.com>
References: <cover.1698766338.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 31 Oct 2023 15:36:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/189854

From: Xiangyu Chen <xiangyu.chen@windriver.com>

There an out-of-bounds read at fs/ntfs.c, a physically present attacker
may leverage that by presenting a specially crafted NTFS file system
image to read arbitrary memory locations. A successful attack may allow
sensitive data cached in memory or EFI variables values to be leaked
presenting a high Confidentiality risk.

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../grub/files/CVE-2023-4693.patch            | 63 +++++++++++++++++++
 meta/recipes-bsp/grub/grub2.inc               |  1 +
 2 files changed, 64 insertions(+)
 create mode 100644 meta/recipes-bsp/grub/files/CVE-2023-4693.patch

diff --git a/meta/recipes-bsp/grub/files/CVE-2023-4693.patch b/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
new file mode 100644
index 0000000000..544226a9aa
--- /dev/null
+++ b/meta/recipes-bsp/grub/files/CVE-2023-4693.patch
@@ -0,0 +1,63 @@
+From 0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Mon Sep 17 00:00:00 2001
+From: Maxim Suhanov <dfirblog@gmail.com>
+Date: Mon, 28 Aug 2023 16:32:33 +0300
+Subject: fs/ntfs: Fix an OOB read when reading data from the resident $DATA
+ attribute
+
+When reading a file containing resident data, i.e., the file data is stored in
+the $DATA attribute within the NTFS file record, not in external clusters,
+there are no checks that this resident data actually fits the corresponding
+file record segment.
+
+When parsing a specially-crafted file system image, the current NTFS code will
+read the file data from an arbitrary, attacker-chosen memory offset and of
+arbitrary, attacker-chosen length.
+
+This allows an attacker to display arbitrary chunks of memory, which could
+contain sensitive information like password hashes or even plain-text,
+obfuscated passwords from BS EFI variables.
+
+This fix implements a check to ensure that resident data is read from the
+corresponding file record segment only.
+
+Fixes: CVE-2023-4693
+
+Upstream-Status: Backport from 
+[https://git.savannah.gnu.org/cgit/grub.git/commit/?id=0ed2458cc4eff6d9a9199527e2a0b6d445802f94]
+CVE: CVE-2023-4693
+
+Reported-by: Maxim Suhanov <dfirblog@gmail.com>
+Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ grub-core/fs/ntfs.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/grub-core/fs/ntfs.c b/grub-core/fs/ntfs.c
+index c3c4db1..a68e173 100644
+--- a/grub-core/fs/ntfs.c
++++ b/grub-core/fs/ntfs.c
+@@ -401,7 +401,18 @@ read_data (struct grub_ntfs_attr *at, grub_uint8_t *pa, grub_uint8_t *dest,
+     {
+       if (ofs + len > u32at (pa, 0x10))
+ 	return grub_error (GRUB_ERR_BAD_FS, "read out of range");
+-      grub_memcpy (dest, pa + u32at (pa, 0x14) + ofs, len);
++
++      if (u32at (pa, 0x10) > (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
++	return grub_error (GRUB_ERR_BAD_FS, "resident attribute too large");
++
++      if (pa >= at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR))
++	return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
++
++      if (u16at (pa, 0x14) + u32at (pa, 0x10) >
++	  (grub_addr_t) at->mft->buf + (at->mft->data->mft_size << GRUB_NTFS_BLK_SHR) - (grub_addr_t) pa)
++	return grub_error (GRUB_ERR_BAD_FS, "resident attribute out of range");
++
++      grub_memcpy (dest, pa + u16at (pa, 0x14) + ofs, len);
+       return 0;
+     }
+ 
+-- 
+cgit v1.1
+
diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc
index ac73a0b940..fa949fc081 100644
--- a/meta/recipes-bsp/grub/grub2.inc
+++ b/meta/recipes-bsp/grub/grub2.inc
@@ -43,6 +43,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
            file://0001-risc-v-Handle-R_RISCV_CALL_PLT-reloc.patch \
            file://0001-fs-ext2-Ignore-checksum-seed-incompat-feature.patch \
            file://CVE-2023-4692.patch \
+           file://CVE-2023-4693.patch \
 "
 
 SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"

From patchwork Tue Oct 31 15:35:42 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 33176
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 03ED5C4167D
	for <webhook@archiver.kernel.org>; Tue, 31 Oct 2023 15:36:08 +0000 (UTC)
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com
 [209.85.214.169])
 by mx.groups.io with SMTP id smtpd.web11.1813.1698766560725003993
 for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:36:00 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=JhqbjbJs;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f169.google.com with SMTP id
 d9443c01a7336-1cc34c3420bso19034635ad.3
        for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:36:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698766559;
 x=1699371359; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=/ZXPBH1TdZvBvF6yAqWgUPZcwHxJsls1R8XCiDe41n0=;
        b=JhqbjbJscVKd5yA4m8GZRqWvPc6cS8mIzflhNJLoGAklw5nNYnE94r6P7ntdHeQrZD
         yAr3GmYuEA/bXnCRTiL06o3SSh5T52aEm0APk6tUyV6UfJ5xMOirTdJDi0BNUa/pHNTH
         u/6htQNvYfAegvOJvJVFAEQNy0TBFjGvzX+UgZbXh5Pq1nBFAr2MQQktagYyW+vSFfbo
         vKn1eJOEaB2/Bp7V+s1ER6qgb6u+zfPYlatd6HBfB7DLgpvu+YIEMWE0yIs9ylOG512G
         EVfsClNv678qdzpjeKCjed/TUZdbLUfQfIBV2AAoGVUV/DehNju5x+Xv3+S/M6m/8ZN6
         XVdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698766559; x=1699371359;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=/ZXPBH1TdZvBvF6yAqWgUPZcwHxJsls1R8XCiDe41n0=;
        b=naGJkJNXwm0Azv/OAbHtId78U7MjhkhG4KzL3ffvjZKEeZEWPrnCIEVZV71hnc3bIA
         +DsCHxF46fYfcDk0xTZtpEzH70IUUYghWCaqCd0dcbAp9Yx5jrIxymXFj1WyDgD58mKI
         Gqg8HV2R9F8NRCIKEzTwcxa6zvdn8hXpFbxMhfhe42bpi539ydhPRkTWpd3FfLVFAs18
         Qr1WvXYkuvV/gXy93KmHnuS7JmYfjWC1lIPjUdr7tDrdQPp5t4YxnyV+b6kOXQ9nJwGi
         6YvFcXVQGDkaMi3kdi04Bhtf76eyHD+mWjdU+3pVeR7xjEDc98GImxHgQXY+bxiZTH0x
         r0SA==
X-Gm-Message-State: AOJu0YwN+mwAJTeeSjayrdySZ0iv68VQja4hg739s+znFoUDvyVWJ8pt
	TlEgrhvIhlO1ElEGZSYpVlkPO/O8vtFusorsn3EDDA==
X-Google-Smtp-Source: 
 AGHT+IHXcliywumSnU+aegRA6P4dLpSs9yXW1g4qlXWhwMIc1E9l7l5dWEerUernYPxKxPHe5j6coA==
X-Received: by 2002:a17:902:bf44:b0:1ca:c490:8537 with SMTP id
 u4-20020a170902bf4400b001cac4908537mr10185717pls.14.1698766559225;
        Tue, 31 Oct 2023 08:35:59 -0700 (PDT)
Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com.
 [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 f10-20020a170902684a00b001ca21e05c69sm1498048pln.109.2023.10.31.08.35.58
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 31 Oct 2023 08:35:58 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][mickledore 3/5] shadow: Fix CVE-2023-4641
Date: Tue, 31 Oct 2023 05:35:42 -1000
Message-Id: 
 <675c393f3d913c873c546cef12944ec6f889c5cd.1698766338.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1698766338.git.steve@sakoman.com>
References: <cover.1698766338.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 31 Oct 2023 15:36:08 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/189855

From: Xiangyu Chen <xiangyu.chen@windriver.com>

shadow-utils: possible password leak during passwd(1) change

Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../shadow/files/CVE-2023-4641.patch          | 147 ++++++++++++++++++
 meta/recipes-extended/shadow/shadow.inc       |   1 +
 2 files changed, 148 insertions(+)
 create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-4641.patch

diff --git a/meta/recipes-extended/shadow/files/CVE-2023-4641.patch b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch
new file mode 100644
index 0000000000..1fabfe928e
--- /dev/null
+++ b/meta/recipes-extended/shadow/files/CVE-2023-4641.patch
@@ -0,0 +1,147 @@
+From 25dbe2ce166a13322b7536ff2f738786ea2e61e7 Mon Sep 17 00:00:00 2001
+From: Alejandro Colomar <alx@kernel.org>
+Date: Sat, 10 Jun 2023 16:20:05 +0200
+Subject: [PATCH] gpasswd(1): Fix password leak
+
+How to trigger this password leak?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When gpasswd(1) asks for the new password, it asks twice (as is usual
+for confirming the new password).  Each of those 2 password prompts
+uses agetpass() to get the password.  If the second agetpass() fails,
+the first password, which has been copied into the 'static' buffer
+'pass' via STRFCPY(), wasn't being zeroed.
+
+agetpass() is defined in <./libmisc/agetpass.c> (around line 91), and
+can fail for any of the following reasons:
+
+-  malloc(3) or readpassphrase(3) failure.
+
+   These are going to be difficult to trigger.  Maybe getting the system
+   to the limits of memory utilization at that exact point, so that the
+   next malloc(3) gets ENOMEM, and possibly even the OOM is triggered.
+   About readpassphrase(3), ENFILE and EINTR seem the only plausible
+   ones, and EINTR probably requires privilege or being the same user;
+   but I wouldn't discard ENFILE so easily, if a process starts opening
+   files.
+
+-  The password is longer than PASS_MAX.
+
+   The is plausible with physical access.  However, at that point, a
+   keylogger will be a much simpler attack.
+
+And, the attacker must be able to know when the second password is being
+introduced, which is not going to be easy.
+
+How to read the password after the leak?
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Provoking the leak yourself at the right point by entering a very long
+password is easy, and inspecting the process stack at that point should
+be doable.  Try to find some consistent patterns.
+
+Then, search for those patterns in free memory, right after the victim
+leaks their password.
+
+Once you get the leak, a program should read all the free memory
+searching for patterns that gpasswd(1) leaves nearby the leaked
+password.
+
+On 6/10/23 03:14, Seth Arnold wrote:
+> An attacker process wouldn't be able to use malloc(3) for this task.
+> There's a handful of tools available for userspace to allocate memory:
+>
+> -  brk / sbrk
+> -  mmap MAP_ANONYMOUS
+> -  mmap /dev/zero
+> -  mmap some other file
+> -  shm_open
+> -  shmget
+>
+> Most of these return only pages of zeros to a process.  Using mmap of an
+> existing file, you can get some of the contents of the file demand-loaded
+> into the memory space on the first use.
+>
+> The MAP_UNINITIALIZED flag only works if the kernel was compiled with
+> CONFIG_MMAP_ALLOW_UNINITIALIZED.  This is rare.
+>
+> malloc(3) doesn't zero memory, to our collective frustration, but all the
+> garbage in the allocations is from previous allocations in the current
+> process.  It isn't leftover from other processes.
+>
+> The avenues available for reading the memory:
+> -  /dev/mem and /dev/kmem (requires root, not available with Secure Boot)
+> -  /proc/pid/mem (requires ptrace privileges, mediated by YAMA)
+> -  ptrace (requires ptrace privileges, mediated by YAMA)
+> -  causing memory to be swapped to disk, and then inspecting the swap
+>
+> These all require a certain amount of privileges.
+
+How to fix it?
+~~~~~~~~~~~~~~
+
+memzero(), which internally calls explicit_bzero(3), or whatever
+alternative the system provides with a slightly different name, will
+make sure that the buffer is zeroed in memory, and optimizations are not
+allowed to impede this zeroing.
+
+This is not really 100% effective, since compilers may place copies of
+the string somewhere hidden in the stack.  Those copies won't get zeroed
+by explicit_bzero(3).  However, that's arguably a compiler bug, since
+compilers should make everything possible to avoid optimizing strings
+that are later passed to explicit_bzero(3).  But we all know that
+sometimes it's impossible to have perfect knowledge in the compiler, so
+this is plausible.  Nevertheless, there's nothing we can do against such
+issues, except minimizing the time such passwords are stored in plain
+text.
+
+Security concerns
+~~~~~~~~~~~~~~~~~
+
+We believe this isn't easy to exploit.  Nevertheless, and since the fix
+is trivial, this fix should probably be applied soon, and backported to
+all supported distributions, to prevent someone else having more
+imagination than us to find a way.
+
+Affected versions
+~~~~~~~~~~~~~~~~~
+
+All.  Bug introduced in shadow 19990709.  That's the second commit in
+the git history.
+
+Fixes: 45c6603cc86c ("[svn-upgrade] Integrating new upstream version, shadow (19990709)")
+
+CVE: CVE-2023-4641
+Upstream-Status: Backport [https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904]
+
+Reported-by: Alejandro Colomar <alx@kernel.org>
+Cc: Serge Hallyn <serge@hallyn.com>
+Cc: Iker Pedrosa <ipedrosa@redhat.com>
+Cc: Seth Arnold <seth.arnold@canonical.com>
+Cc: Christian Brauner <christian@brauner.io>
+Cc: Balint Reczey <rbalint@debian.org>
+Cc: Sam James <sam@gentoo.org>
+Cc: David Runge <dvzrv@archlinux.org>
+Cc: Andreas Jaeger <aj@suse.de>
+Cc: <~hallyn/shadow@lists.sr.ht>
+Signed-off-by: Alejandro Colomar <alx@kernel.org>
+Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
+---
+ src/gpasswd.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/gpasswd.c b/src/gpasswd.c
+index 5983f787..2d8869ef 100644
+--- a/src/gpasswd.c
++++ b/src/gpasswd.c
+@@ -896,6 +896,7 @@ static void change_passwd (struct group *gr)
+ 		strzero (cp);
+ 		cp = getpass (_("Re-enter new password: "));
+ 		if (NULL == cp) {
++			memzero (pass, sizeof pass);
+ 			exit (1);
+ 		}
+ 
+-- 
+2.34.1
+
diff --git a/meta/recipes-extended/shadow/shadow.inc b/meta/recipes-extended/shadow/shadow.inc
index cf05a3af93..4014baddc1 100644
--- a/meta/recipes-extended/shadow/shadow.inc
+++ b/meta/recipes-extended/shadow/shadow.inc
@@ -17,6 +17,7 @@ SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BP}.tar.gz \
 	   file://0001-Fix-can-not-print-full-login.patch \
            file://CVE-2023-29383.patch \
            file://0001-Overhaul-valid_field.patch \
+           file://CVE-2023-4641.patch \
            "
 
 SRC_URI:append:class-target = " \

From patchwork Tue Oct 31 15:35:43 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 33173
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E612BC00142
	for <webhook@archiver.kernel.org>; Tue, 31 Oct 2023 15:36:07 +0000 (UTC)
Received: from mail-pl1-f179.google.com (mail-pl1-f179.google.com
 [209.85.214.179])
 by mx.groups.io with SMTP id smtpd.web11.1817.1698766562731807414
 for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:36:02 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=xqbd7Dux;
 spf=softfail (domain: sakoman.com, ip: 209.85.214.179,
 mailfrom: steve@sakoman.com)
Received: by mail-pl1-f179.google.com with SMTP id
 d9443c01a7336-1cc2fc281cdso24094265ad.0
        for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:36:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698766561;
 x=1699371361; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=53bEA/XVQ6hmeKggOPFNw8XtPe8xy9jDqn9ibWbavMg=;
        b=xqbd7DuxFHWns4q4wODL0CF8NQ+kZAs6nueg1J8QL94zb2N/hc4JKfiX9pNUHaWNxn
         PAy2zon7pmLh+PUCYCaVtwyegT3w29uhuMEGNlfzX7sOf1nK16hwom8p3+32lpqt5WAw
         RJPqrTwOrotcdAaiPqllzzvr5SsU4p3G7k0XBRsw0RIavjk0rTWehWw6iYYn64rpfbrh
         UmxWZzg7bAh3e07Hb+eXClO96D1U+IQogn4sTz7AWdVb0GyKu2EroVlB45FSZLPqPtdw
         VC+sU0OTMuTq6cZJ0mSeWZEIQv+3J6V4qTcK5BMaDa3UFUKajvOiKnSxnNZymuqT3aOO
         GV5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698766561; x=1699371361;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=53bEA/XVQ6hmeKggOPFNw8XtPe8xy9jDqn9ibWbavMg=;
        b=hx3Utt3SNTD9GRUJwjvXbxvVzaf3krwk0VdK6bMiR2CC4BfRc8N2D/Yf3gKOnuGIv3
         QdWKgHWSFrD+9a90aSyQIDCf+zi1WNBfexJjQY5cbYbSxfwBlH3VcasbfqCPyLy+i94T
         sNkzxTTGpM1+OHSibIcBZPmrTYq33RLwY65rj9h75cVpVvfOWMXzZ8aXnQHzapOBsAQE
         awsd422kev5jauGUyIKfgZ2aGOZW+5K+CTWA8gdowsXDjfNJg4FwBgT/CX2+mg6WEbcC
         P1FmczDwiiJd07t8D3MpmhLGLqQbFa60UTvdTLhhGsSHfeY22T7DAFRwfVMSQRh+Ft1P
         I0mg==
X-Gm-Message-State: AOJu0YyS1KtMPK/GStbIPbye716BOcIk6yIUg8wLsCaW9Qj4huU/i5wS
	2843F2mTDIYY69iF4WtmwFsOwBihI3D41hm8Z9ZMnw==
X-Google-Smtp-Source: 
 AGHT+IHhSL8hCRJMNDbgudsVI344cdD/vYF8cCYtV46oUZISJToPVX7DUtTLtypdXZkSScIpUbgLdw==
X-Received: by 2002:a17:902:e0c5:b0:1ca:8b90:1cbd with SMTP id
 e5-20020a170902e0c500b001ca8b901cbdmr9767421pla.0.1698766561407;
        Tue, 31 Oct 2023 08:36:01 -0700 (PDT)
Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com.
 [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 f10-20020a170902684a00b001ca21e05c69sm1498048pln.109.2023.10.31.08.36.00
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 31 Oct 2023 08:36:01 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][mickledore 4/5] openssl: Upgrade 3.1.3 -> 3.1.4
Date: Tue, 31 Oct 2023 05:35:43 -1000
Message-Id: 
 <da8e63e4d0075a377c515345602201967e48bfa1.1698766338.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1698766338.git.steve@sakoman.com>
References: <cover.1698766338.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 31 Oct 2023 15:36:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/189856

From: Peter Marko <peter.marko@siemens.com>

https://github.com/openssl/openssl/blob/openssl-3.1/NEWS.md#major-changes-between-openssl-313-and-openssl-314-24-oct-2023

Major changes between OpenSSL 3.1.3 and OpenSSL 3.1.4 [24 Oct 2023]
* Mitigate incorrect resize handling for symmetric cipher keys and IVs. (CVE-2023-5363)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../openssl/{openssl_3.1.3.bb => openssl_3.1.4.bb}              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssl/{openssl_3.1.3.bb => openssl_3.1.4.bb} (99%)

diff --git a/meta/recipes-connectivity/openssl/openssl_3.1.3.bb b/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
similarity index 99%
rename from meta/recipes-connectivity/openssl/openssl_3.1.3.bb
rename to meta/recipes-connectivity/openssl/openssl_3.1.4.bb
index ff9df693b8..72338b0022 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.1.3.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.1.4.bb
@@ -18,7 +18,7 @@ SRC_URI:append:class-nativesdk = " \
            file://environment.d-openssl.sh \
            "
 
-SRC_URI[sha256sum] = "f0316a2ebd89e7f2352976445458689f80302093788c466692fb2a188b2eacf6"
+SRC_URI[sha256sum] = "840af5366ab9b522bde525826be3ef0fb0af81c6a9ebd84caa600fea1731eee3"
 
 inherit lib_package multilib_header multilib_script ptest perlnative manpages
 MULTILIB_SCRIPTS = "${PN}-bin:${bindir}/c_rehash"

From patchwork Tue Oct 31 15:35:44 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 33174
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DEBC1C4332F
	for <webhook@archiver.kernel.org>; Tue, 31 Oct 2023 15:36:07 +0000 (UTC)
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com
 [209.85.210.177])
 by mx.groups.io with SMTP id smtpd.web11.1820.1698766564745148467
 for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:36:04 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=m48O4eSG;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f177.google.com with SMTP id
 d2e1a72fcca58-6b20a48522fso5289851b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Tue, 31 Oct 2023 08:36:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1698766563;
 x=1699371363; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xTal5PGeh/nSVL7GmsMV3CJACIsRXRenqv8bR1NKcUE=;
        b=m48O4eSG6kF6gM9UwM/QB8pHkrVmaA5qdBLREORFmsfIM3GOg8nN49ZX6RRyHEkyIG
         9oKAlUUvTp+QrgwyfrayRoblX9mU9HKoXt+BiOZ0//7Qf/2ZN5kdZhPmLHZLYLUCUJfm
         XE9G4XA5tjXtXSfz/u0VvOyuE96hWOvw0KnKNWhKGlK+8D3OMsQqv8jaJYndcC0dKdMn
         P80HjhQ80aVE5tp4rBkEihF7hrax+BFIeeUFDjmjzpLAuk3urj757ONtHJSl7l2Zocsh
         Vc49z68HcLiJ5bOmL0qG+5OSyl1RReC48v9u8H2btAfdcVkJ5/O9tylT/rls+GNlq3b6
         lazw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1698766563; x=1699371363;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=xTal5PGeh/nSVL7GmsMV3CJACIsRXRenqv8bR1NKcUE=;
        b=euVGVaLeoNQiXgkX1U30uPZf/zz+y4j+JHYKhijkMSN7EWdGdq2gkopLFXKb9hi/Hm
         Vlk83t/h4Pwp9unVgB6UxsFjQ637Kok+EoLjqM6GVVLwk0ZYuRFuaDA76QeqsGEbBpAf
         Q26syqSZYCOHrf2JilcyBWdkZeITIoc/JMdwb32mJ0HoEuRFNBeJ3+mKe2Bii7xfWcdN
         iEDODf+8GA4YNWN2dxvMo7VLmtvdudVVHmKTYH23w7+iDlvv/34kxONi4CqIrgfBAY3g
         AdXaCc+eeMu6h28u9iss1nplKkkIoknb+MuCJxHcB901qs9ab1LS2fHDt3BRJA5IP4Z8
         mVew==
X-Gm-Message-State: AOJu0Yznz1+qoTqkT/L3coUR8RiAJb6FTl0aJ5guPkC6MgojpPHWKtnD
	V89mZdIn2XtrF/il0dJv176SsbJaz/zBBuTKvz/KMA==
X-Google-Smtp-Source: 
 AGHT+IEwmwlTQipAC8ICoTDhoFBbUgPWIBh4DN2egtgNR1vHYm8jeik3AJrPlBK65uMHYTLs4QTA/w==
X-Received: by 2002:a05:6a20:914e:b0:172:83b8:67f8 with SMTP id
 x14-20020a056a20914e00b0017283b867f8mr12453590pzc.29.1698766563409;
        Tue, 31 Oct 2023 08:36:03 -0700 (PDT)
Received: from hexa.router0800d9.com (rrcs-66-91-142-162.west.biz.rr.com.
 [66.91.142.162])
        by smtp.gmail.com with ESMTPSA id
 f10-20020a170902684a00b001ca21e05c69sm1498048pln.109.2023.10.31.08.36.02
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 31 Oct 2023 08:36:03 -0700 (PDT)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][mickledore 5/5] linux-yocto: make sure the pahole-native
 available before do_kernel_configme
Date: Tue, 31 Oct 2023 05:35:44 -1000
Message-Id: 
 <a94b29ef5f64c7d71bb6af56458427f347179997.1698766338.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1698766338.git.steve@sakoman.com>
References: <cover.1698766338.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Tue, 31 Oct 2023 15:36:07 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/189857

From: Xiangyu Chen <xiangyu.chen@windriver.com>

When using debug-btf.scc in a clean workspace, the CONFIG_MODULE_ALLOW_BTF_MISMATCH cannot
apply to kernel until clean the kernel code(bitbake linux-yocto -c cleanall) and rebuild.

After tracking the code, some options depend on CONFIG_PAHOLE_VERSION, it was generated by
scripts/pahole-version.sh in kernel, but during do_kernel_configme step, the pahole-native
is not available in sysroot-native, so need to wait pahole-native install to sysroot-native
before do_kernel_configme.

(cherry picked from commit 217a4db53edbd88001f6390bbff39e5dd3d137af)
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-kernel/linux/linux-yocto.inc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-kernel/linux/linux-yocto.inc b/meta/recipes-kernel/linux/linux-yocto.inc
index 04a8105e17..461e5684cd 100644
--- a/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/meta/recipes-kernel/linux/linux-yocto.inc
@@ -65,7 +65,10 @@ KERNEL_DEBUG ?= ""
 DEPENDS += '${@bb.utils.contains_any("ARCH", [ "x86", "arm64" ], "elfutils-native", "", d)}'
 DEPENDS += "openssl-native util-linux-native"
 DEPENDS += "gmp-native libmpc-native"
-DEPENDS += '${@bb.utils.contains("KERNEL_DEBUG", "True", "pahole-native", "", d)}'
+
+# Some options depend on CONFIG_PAHOLE_VERSION, so need to make pahole-native available before do_kernel_configme
+do_kernel_configme[depends] += '${@bb.utils.contains("KERNEL_DEBUG", "True", "pahole-native:do_populate_sysroot", "", d)}'
+
 EXTRA_OEMAKE += '${@bb.utils.contains("KERNEL_DEBUG", "True", "", "PAHOLE=false", d)}'
 
 do_devshell:prepend() {