From patchwork Wed Nov 15 03:17:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34497 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 715AEC47071 for ; Wed, 15 Nov 2023 03:17:46 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.5023.1700018263349472275 for ; Tue, 14 Nov 2023 19:17:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=ya01zVM0; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1cc5fa0e4d5so57231905ad.0 for ; Tue, 14 Nov 2023 19:17:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018262; x=1700623062; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=iNOpgxyGx/G0HaosL/4bSriIk0If/lLzri6xdNhq09c=; b=ya01zVM0AakKTAxvd45l+yMmsEGD3xp6J8dGkTFtt0ACEtCjKyfqMSWEj+DRidRS7j V3M5gtgpO0rE7fzM39lB0xZn42QI6JuAEatXVLVKenwzFSpj0HynEeUg4i7HRUfcZefU INwp8IGmZ/Tuy65Y8gIw0oTprd65mLJqDiVZLzlm57QBE0jNjgWITtCEUikc3uTNT0n2 KMZDwNoVzdearNYN770EHe9u1g7R4K29x9WqfqBWOpj1hjUrKrJM9gEdL447iY6L4J7m 0ETUln4M9qj57bKiPwYDBRHsdcCsQq8/l1SNPwtFJ/d2SgyBZZKKGx5I9tD2Y/m4Uccs j0OA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018262; x=1700623062; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=iNOpgxyGx/G0HaosL/4bSriIk0If/lLzri6xdNhq09c=; b=tKCHi2Fb7IADqne6HSGhICAJj/WoVLFs0p6S3WLGrkSYj3JskThYigLI9coA6bDJpG oIyuix/KmGgxw+lgMi+zjLtWIJiFiDNYn3TK004Na3DzBhDULAb4iH91RId9x9z8HLlh oc4ckmSqjajq6HPOXEqox1j6Q0eOSb74FtvGPtY3Fbbeaa85DsOgP65R67UfLYmKbOT6 m6KzMh+tZoRTdQbA3xIHFncjiJKCDHgJc6AQrpLP/E2wyfZ5VdRWBHmeg0Pz5RDMG9gn nRq3PI3AafEjpKb1tZDiPUPY7QuFIolW0hwJvzYa3/h1dgKQMhc0C9hAMN/KFDqAWf1D QSqQ== X-Gm-Message-State: AOJu0YzSsYcsvHLh8gm72GBUrD3FLK8RTyqu5kjeOc9g4jEqffwgW3K6 2uriPMK2RCjBx/sTFkW5m42FJF4mSbzGNIhdAzC8iw== X-Google-Smtp-Source: AGHT+IE1i12FmD2K6VlEs1mB+D0R6uszOQwIl64ZN8iG05acaWvwI8q/XnLOCWZ4eP6+9v/u2iwfig== X-Received: by 2002:a17:903:2308:b0:1ca:29f:4b06 with SMTP id d8-20020a170903230800b001ca029f4b06mr5039300plh.2.1700018262531; Tue, 14 Nov 2023 19:17:42 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:42 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 01/17] kexec-tools: Ignore Fedora/RedHat specific CVE-2021-20269 Date: Tue, 14 Nov 2023 17:17:18 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:17:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190531 From: Lee Chee Yang Signed-off-by: Lee Chee Yang Signed-off-by: Steve Sakoman --- meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb index 871b36440f..206c6ccae7 100644 --- a/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb +++ b/meta/recipes-kernel/kexec/kexec-tools_2.0.20.bb @@ -30,6 +30,9 @@ inherit autotools update-rc.d systemd export LDFLAGS = "-L${STAGING_LIBDIR}" EXTRA_OECONF = " --with-zlib=yes" +# affects kexec-tools shipped by Fedora versions prior to 2.0.21-8 and RHEL versions prior to 2.0.20-47. +CVE_CHECK_WHITELIST += "CVE-2021-20269" + do_compile_prepend() { # Remove the prepackaged config.h from the source tree as it overrides # the same file generated by configure and placed in the build tree From patchwork Wed Nov 15 03:17:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34499 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73E70C47075 for ; Wed, 15 Nov 2023 03:17:46 +0000 (UTC) Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by mx.groups.io with SMTP id smtpd.web11.5026.1700018265950656866 for ; Tue, 14 Nov 2023 19:17:46 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=n20/gOkb; spf=softfail (domain: sakoman.com, ip: 209.85.214.173, mailfrom: steve@sakoman.com) Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1cc3bc5df96so47786245ad.2 for ; Tue, 14 Nov 2023 19:17:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018264; x=1700623064; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FB1rDZKdIyjbZSl67obGJQ9hecyACJqy+Nmr5tVmiRE=; b=n20/gOkbDv3wErPHSZmlM4KOAlcrLuJ9Ojrx6GKA18jt4SWPAhb9c05yBxRLlI30oW lUkTqaxblw8PInKnWucebi3bJrSf30Vg+/kQoCkBO1fIXI/zkTAgtUkzd8c7aOQqqftf FfoqZDNYqVkVdJkawefT6yy5OxzXy2SbSRqCsKvQGrpp7BnjJggqIhBC65X4gGQjvESl RcGhy6+8jrTT2Y3hSKqQp1PJeH8XoW/lK5X8cCr6sFZ7XnYDhe0sVhmyyP0ILVCDY3j0 LKvdv+lL1pDXd2frL/78GI8bNVG3FbqE+O8Tgsd/QTdQjYkJgz6S87aJjUML05zFxmhJ 8lTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018264; x=1700623064; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FB1rDZKdIyjbZSl67obGJQ9hecyACJqy+Nmr5tVmiRE=; b=cdFyLcypB5MuLmZ6jazjhjD906m3mzw8xzsiUQ2VTs+FJW2Grbo3Z60x4UrJAmQ1ss sCt4alBMPzvJvMFLrx0dm6PCyRVcHHKM9VAGmJ1jb5+A5hcoQBhoRwfxSDmDKtEbnEwD pgUab9l9Nz7XdHBsrDwiia2D9chZ2DRgQSmFygHZl3jHP1RHxiDk+VS7GvBW9PtuYYKK bnXw0QidxtTKCa4mBUlY0Do+Ak9jletOv60xlX1TK6k/yZm9gEky7a+ewFrhCB3vBWMW sQUw3piaSSt4NGel80n533Ml7Z0PPs5qoJ+JF4zck1dNh6EGL/QU/9wxlKX6Fja6yeID BG9w== X-Gm-Message-State: AOJu0YyQtHweJhx1hJ30MbDSE430cwnU1VKReSYoRAC52jLBWfnhhTrG MKsNaEbKxc2e+7BqdACtF8FENpCLa9SawTlm4KMeOQ== X-Google-Smtp-Source: AGHT+IH93YfIzm+9hh8RzbNCq7xBVXAqjRYyuP/njaHI9xlYLt8/hAFBvxl/2cNyZlhjEYUcJbchGg== X-Received: by 2002:a17:902:d2c1:b0:1cc:251c:c381 with SMTP id n1-20020a170902d2c100b001cc251cc381mr4462541plc.29.1700018264431; Tue, 14 Nov 2023 19:17:44 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:44 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 02/17] tiff: CVE patch correction for CVE-2023-3576 Date: Tue, 14 Nov 2023 17:17:19 -1000 Message-Id: <56088368bdd22a939b813c7aefd5ba475c6d4021.1700018112.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:17:46 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190532 From: Vijay Anusuri - The commit [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37] fixes CVE-2023-3576 - Hence, renamed the CVE-2023-3618-1.patch to CVE-2023-3576.patch - Reference: https://security-tracker.debian.org/tracker/CVE-2023-3576 https://security-tracker.debian.org/tracker/CVE-2023-3618 Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../files/{CVE-2023-3618-1.patch => CVE-2023-3576.patch} | 3 ++- .../files/{CVE-2023-3618-2.patch => CVE-2023-3618.patch} | 0 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-1.patch => CVE-2023-3576.patch} (93%) rename meta/recipes-multimedia/libtiff/files/{CVE-2023-3618-2.patch => CVE-2023-3618.patch} (100%) diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch similarity index 93% rename from meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch rename to meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch index 35ed852519..67837fe142 100644 --- a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-1.patch +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-3576.patch @@ -4,8 +4,9 @@ Date: Tue, 7 Mar 2023 15:02:08 +0800 Subject: [PATCH] Fix memory leak in tiffcrop.c Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37] -CVE: CVE-2023-3618 +CVE: CVE-2023-3576 Signed-off-by: Hitendra Prajapati +Signed-off-by: Vijay Anusuri --- tools/tiffcrop.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch similarity index 100% rename from meta/recipes-multimedia/libtiff/files/CVE-2023-3618-2.patch rename to meta/recipes-multimedia/libtiff/files/CVE-2023-3618.patch diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index 6df4244697..d27381b4cd 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb @@ -43,8 +43,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-26966.patch \ file://CVE-2023-2908.patch \ file://CVE-2023-3316.patch \ - file://CVE-2023-3618-1.patch \ - file://CVE-2023-3618-2.patch \ + file://CVE-2023-3576.patch \ + file://CVE-2023-3618.patch \ " SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" From patchwork Wed Nov 15 03:17:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34501 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A65FC47071 for ; Wed, 15 Nov 2023 03:17:56 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web10.4870.1700018267209983687 for ; Tue, 14 Nov 2023 19:17:47 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=R8r5ElIF; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1cc316ccc38so50018255ad.1 for ; Tue, 14 Nov 2023 19:17:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018266; x=1700623066; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4e44cLhcXml4x69mZ5XNAr/6o64pHStDuF8PMv1pW4Q=; b=R8r5ElIFE+yc4ehuIczI75Zws3FDDlmUwobLCbvVatH+n4Nc8WkilYSA/BwhsZIl4O mrT67KQNFkDAphNqcSGJjUtgF1+IV3az9lTJvt5Ybm8yJX/B6oZgBlPhak/zgi8Ncjtk QjWS/3kGX2DLd8hJTC7sv7aO9/ouyuzHxtqFGx21mXK4Y8evKMpbun7nr2Hufkj1zNmU xUnQVPXE4d3AXMjOLfDREM1ioxHdT8/WfPPvrlExr0nsaf6sC3X40Zpg9/SHWT9sooEx RUMF5ZwSiRP77MdVjpB0opB0jt6V1lW0MZRj09RSfP3dzv8t6xrO30WJxog6xsrQQaRT AMJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018266; x=1700623066; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4e44cLhcXml4x69mZ5XNAr/6o64pHStDuF8PMv1pW4Q=; b=opn+sRQEPtjwljsghZoBYZbyUYckjEOSCgYg+xTQDrzOzx0WZcBM4hXGua9WECyi37 EbAePyzvNTUbjh1mEY8LrlB9VZxRJ/EbhpBYhG1MCcfPGhm9zKEGi1X+QzZTn5lv4M7R TpH9gEq9WVfGN4U16nIwY9zJNmAgIBnLJQhsaQ0coFg8QFz0nOGGJWt3z8rgwF+nAh0X APm9qPThtBheG9TpuANYgf/4Pz28OWILPzjNgcc4FGJQt7aMq8doHiBoYFKYPjF1DxV0 J4UG5aQxTDOl6WmcTl/iUlPj/il+jcQ8I06Jf6YRd5x+MBNxaPhsMz2kYiXUgqJi4Gfy 8sRA== X-Gm-Message-State: AOJu0YyOsmj9oNjG7Nxk00UXPiaIXU2sWmDJms0xkZJm7FY5GoLVeud0 BrbwEbAPKYcHLU4Eh42o51YFMNhU/8PmM/8FVt24Wg== X-Google-Smtp-Source: AGHT+IGoiCzlb6I62NktLFvTFSt5fOvGB1mJjp0uPgfoiQBe8635bsptvLZEIpN3U4+WH+nsR4tReg== X-Received: by 2002:a17:902:da86:b0:1cc:70e4:28e9 with SMTP id j6-20020a170902da8600b001cc70e428e9mr4918175plx.49.1700018266204; Tue, 14 Nov 2023 19:17:46 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.45 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:45 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 03/17] tiff: Security fix for CVE-2023-40745 Date: Tue, 14 Nov 2023 17:17:20 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:17:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190533 From: Hitendra Prajapati Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5 Signed-off-by: Hitendra Prajapati Signed-off-by: Steve Sakoman --- .../libtiff/files/CVE-2023-40745.patch | 34 +++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 + 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch new file mode 100644 index 0000000000..6eb286039f --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-40745.patch @@ -0,0 +1,34 @@ +From 4fc16f649fa2875d5c388cf2edc295510a247ee5 Mon Sep 17 00:00:00 2001 +From: Arie Haenel +Date: Wed, 19 Jul 2023 19:34:25 +0000 +Subject: [PATCH] tiffcp: fix memory corruption (overflow) on hostile images + (fixes #591) + +Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5] +CVE: CVE-2023-40745 +Signed-off-by: Hitendra Prajapati +--- + tools/tiffcp.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/tools/tiffcp.c b/tools/tiffcp.c +index 83b3910..007bd05 100644 +--- a/tools/tiffcp.c ++++ b/tools/tiffcp.c +@@ -1437,6 +1437,13 @@ DECLAREreadFunc(readSeparateTilesIntoBuffer) + TIFFError(TIFFFileName(in), "Error, cannot handle that much samples per tile row (Tile Width * Samples/Pixel)"); + return 0; + } ++ ++ if ( (imagew - tilew * spp) > INT_MAX ){ ++ TIFFError(TIFFFileName(in), ++ "Error, image raster scan line size is too large"); ++ return 0; ++ } ++ + iskew = imagew - tilew*spp; + tilebuf = _TIFFmalloc(tilesize); + if (tilebuf == 0) +-- +2.25.1 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index d27381b4cd..31e7db19aa 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb @@ -45,6 +45,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-3316.patch \ file://CVE-2023-3576.patch \ file://CVE-2023-3618.patch \ + file://CVE-2023-40745.patch \ " SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" From patchwork Wed Nov 15 03:17:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34504 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73A82C47076 for ; Wed, 15 Nov 2023 03:17:56 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web11.5028.1700018268899278446 for ; Tue, 14 Nov 2023 19:17:48 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pwY6L4+U; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1cc3bc5df96so47786595ad.2 for ; Tue, 14 Nov 2023 19:17:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018268; x=1700623068; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WxMx6sWNf2Ln+qEe1ikCzwpv9ZqTJafGD9HxWPQbgqE=; b=pwY6L4+UPOZnicTAXB4cW8wNK24sYdeiGJpHYfIbqNIqDDgkTs83W1j+aS632U6Y5z ILPmJCQkXEuC8N/Lm/dLEArCfM3clZhasQY5WahtgOO9fnMMyPFK6Xg2WRX12Vi43u9a pE7JQ62RCZaMdDDIfgLSoQVSXGzRuw2Ec/W0g9PO/8KfdjF0D8j/zjSr6Ulq1jjjqVZG rXJzHDs9krmkDXkhBnGAU6zjJprXO5+lpbfBkjsDn4f1XOB7HsFVqcSgudFrMznK0E8Q CXjSaAy3myOuHUqGC7eh6lw1+CVLRkuvLJNDYDq0G+cNFZcIpNfdOa94TfbT4T3O7LxC iufA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018268; x=1700623068; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WxMx6sWNf2Ln+qEe1ikCzwpv9ZqTJafGD9HxWPQbgqE=; b=g7b1K7jt1abl4bxqe8PwgbROeJSHJWXY1CFCvVy+1ofoGzgRwG2qwNrDFv4dQpmBcs MqRyQ8e5ChMrvsuJUQ/PHd4wrg1hR3Xz75KBnnAEwJflzkXty7eTu2S32hzv5QaWJnJG xrsmlO34BpX3p7m3UDBczE84C0Uew2/6dfDIKlca4UcJOkgeSQNRne7m0V1wTkCkWEV1 3vKhq+9FbP8wdAPidfdhF2VjapoK48JPPthrFzKmjMTj9reqeKNIoOG76HjG4OA0r/Kx uNCecEJTjCoARSt+aShbvGgetrk7OYbAfotIVgfbmekfVzpeaPN6B151+Vu0FPZ1LPdP tB3Q== X-Gm-Message-State: AOJu0YyzyomXH7T3pookQRt1XWzqzYPWOZ43+w5o/vNw6fIeBUEQtvJY xvfxvufHek+S+8iVh0W3KrW0+7Ghd3qGGy/MzVl+8A== X-Google-Smtp-Source: AGHT+IHmrinZ8Eyv0SpUESegemcPxCJOQG2iWMUVEoh/ySsLF0el4YQfBf/r41fp0ji7fULdRy3VGQ== X-Received: by 2002:a17:902:e892:b0:1cc:5648:f15c with SMTP id w18-20020a170902e89200b001cc5648f15cmr5012966plg.48.1700018268054; Tue, 14 Nov 2023 19:17:48 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:47 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 04/17] tiff: backport Debian patch to fix CVE-2023-41175 Date: Tue, 14 Nov 2023 17:17:21 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:17:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190534 From: Vijay Anusuri Upstream-Status: Backport [import from debian security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz Upstream commit https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee] Reference: https://security-tracker.debian.org/tracker/CVE-2023-41175 Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../libtiff/files/CVE-2023-41175.patch | 67 +++++++++++++++++++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 + 2 files changed, 68 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch b/meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch new file mode 100644 index 0000000000..3f44a42012 --- /dev/null +++ b/meta/recipes-multimedia/libtiff/files/CVE-2023-41175.patch @@ -0,0 +1,67 @@ +From 4cc97e3dfa6559f4d17af0d0687bcae07ca4b73d Mon Sep 17 00:00:00 2001 +From: Arie Haenel +Date: Wed, 19 Jul 2023 19:40:01 +0000 +Subject: raw2tiff: fix integer overflow and bypass of the check (fixes #592) + +Upstream-Status: Backport [import from debian security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u8.debian.tar.xz +Upstream commit https://gitlab.com/libtiff/libtiff/-/commit/6e2dac5f904496d127c92ddc4e56eccfca25c2ee] +CVE: CVE-2023-41175 +Signed-off-by: Vijay Anusuri +--- + tools/raw2tiff.c | 26 ++++++++++++++++++++++++++ + 1 file changed, 26 insertions(+) + +diff --git a/tools/raw2tiff.c b/tools/raw2tiff.c +index ab36ff4e..a905da52 100644 +--- a/tools/raw2tiff.c ++++ b/tools/raw2tiff.c +@@ -35,6 +35,7 @@ + #include + #include + #include ++#include + + #ifdef HAVE_UNISTD_H + # include +@@ -101,6 +102,7 @@ main(int argc, char* argv[]) + int fd; + char *outfilename = NULL; + TIFF *out; ++ uint32 temp_limit_check = 0; + + uint32 row, col, band; + int c; +@@ -212,6 +214,30 @@ main(int argc, char* argv[]) + if (guessSize(fd, dtype, hdr_size, nbands, swab, &width, &length) < 0) + return 1; + ++ if ((width == 0) || (length == 0) ){ ++ fprintf(stderr, "Too large nbands value specified.\n"); ++ return (EXIT_FAILURE); ++ } ++ ++ temp_limit_check = nbands * depth; ++ ++ if ( !temp_limit_check || length > ( UINT_MAX / temp_limit_check ) ) { ++ fprintf(stderr, "Too large length size specified.\n"); ++ return (EXIT_FAILURE); ++ } ++ temp_limit_check = temp_limit_check * length; ++ ++ if ( !temp_limit_check || width > ( UINT_MAX / temp_limit_check ) ) { ++ fprintf(stderr, "Too large width size specified.\n"); ++ return (EXIT_FAILURE); ++ } ++ temp_limit_check = temp_limit_check * width; ++ ++ if ( !temp_limit_check || hdr_size > ( UINT_MAX - temp_limit_check ) ) { ++ fprintf(stderr, "Too large header size specified.\n"); ++ return (EXIT_FAILURE); ++ } ++ + if (outfilename == NULL) + outfilename = argv[optind+1]; + out = TIFFOpen(outfilename, "w"); +-- +2.30.2 + diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index 31e7db19aa..2697a28463 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb @@ -46,6 +46,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \ file://CVE-2023-3576.patch \ file://CVE-2023-3618.patch \ file://CVE-2023-40745.patch \ + file://CVE-2023-41175.patch \ " SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424" SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634" From patchwork Wed Nov 15 03:17:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34500 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A696C47074 for ; Wed, 15 Nov 2023 03:17:56 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web11.5030.1700018270604432656 for ; Tue, 14 Nov 2023 19:17:50 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=DRTLR6js; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-1cc37fb1310so48975245ad.1 for ; Tue, 14 Nov 2023 19:17:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018270; x=1700623070; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=v4Xwa6amq7gvdpVEjohCCw5Gbba03O0wSQwv9U8y4JM=; b=DRTLR6jsgRfnjSDWrtCyaaNNgSw9AhKti6tCQx3qtP7V02eRyQ8h1NMhIr6ibQnM87 vlEHnd62lPrlZ0CUDnEHLu/odwhf+v/Y2TGcDSz2GI6S1326Kh8lVors13lh2F/z3KrB naZAStMXYI7W3WM1hzixIwE7/QtPYEilMx7cuJdJQ74fElGENptFNInbFLKQrJ5GruPx zoeKC3Kk5jj7smdGDecMpPtZ42cLlEFeNdd5YvaWznoijrKe4YVKW0rgVOv4TLstB2F/ /nT7UY1KSMYIVDqlRT07rTdrZ9+szD3IbTG5shBZyeOm8tU02TzZfOMDnWMQW5sl4KlE aI2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018270; x=1700623070; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v4Xwa6amq7gvdpVEjohCCw5Gbba03O0wSQwv9U8y4JM=; b=wcVHHxLEG4MWZznvNFN3majGaWKDLyQZ+Ta5aLXk04+40LRhzmVtz3qaSMpeI7rqAb 4ejmiDkbhmb2z4sCIrYKqiGMlm4ZpeXtc+vTiuhSksQsOtRxFsP+ERkHosLeLQhNr+Yu d/7xx4ZcpLKCPx9Nc9esrbJmtFDftS4XAYa5rglU2LdvmGbhbuF3qgDcQeWqKQCo4Fv9 7/A5GDIY7KXI6aO1HaGEOJ8JXbergC9/vb2ct3DqnQB+pCDk15QLDvHmEvDHFlcq9M26 v0yiCyjCkzICYbpoX0zHA9dT9X1obZsNeWE00l/7RoARsMUy23UiLk+HTTpHl5gk8y1E fM/Q== X-Gm-Message-State: AOJu0Yx8xsd0zw5WKsuQjkUL87SppS3Zl70DcXsoKCWVOAs2fG6asZjp hB2Ge67mZKY/N2jCHgMqYZWNlutUQfEaHVm39HxHSA== X-Google-Smtp-Source: AGHT+IHISW335uIGR70P0Q6YLOeTbTzFXrfFxHFyTJQEBYxDI6afh8/KSV21ASDr75sAFIQn0lUb4A== X-Received: by 2002:a17:902:f60d:b0:1cc:ef72:8600 with SMTP id n13-20020a170902f60d00b001ccef728600mr5498223plg.62.1700018269786; Tue, 14 Nov 2023 19:17:49 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.48 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:49 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 05/17] glibc: ignore CVE-2023-4527 Date: Tue, 14 Nov 2023 17:17:22 -1000 Message-Id: <3471922461627c0f0487feb09cfdc4cfeeb3f3ca.1700018112.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:17:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190535 From: Peter Marko This vulnerability was introduced in 2.36, so 2.31 is not vulnerable. Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-core/glibc/glibc_2.31.bb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/meta/recipes-core/glibc/glibc_2.31.bb b/meta/recipes-core/glibc/glibc_2.31.bb index 1862586749..8298088323 100644 --- a/meta/recipes-core/glibc/glibc_2.31.bb +++ b/meta/recipes-core/glibc/glibc_2.31.bb @@ -29,6 +29,13 @@ CVE_CHECK_WHITELIST += "CVE-2019-1010025" # https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=dunfell&id=e1e89ff7d75c3d2223f9e3bd875b9b0c5e15836b CVE_CHECK_WHITELIST += "CVE-2021-35942" +# glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4527 +# This vulnerability was introduced in 2.36 by commit +# f282cdbe7f436c75864e5640a409a10485e9abb2 resolv: Implement no-aaaa stub resolver option +# so our version is not yet vulnerable +# See https://sourceware.org/bugzilla/show_bug.cgi?id=30842 +CVE_CHECK_WHITELIST += "CVE-2023-4527" + DEPENDS += "gperf-native bison-native make-native" NATIVESDKFIXES ?= "" From patchwork Wed Nov 15 03:17:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34502 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 512BBC47072 for ; Wed, 15 Nov 2023 03:17:56 +0000 (UTC) Received: from mail-pl1-f180.google.com (mail-pl1-f180.google.com [209.85.214.180]) by mx.groups.io with SMTP id smtpd.web10.4872.1700018272691718758 for ; Tue, 14 Nov 2023 19:17:52 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=t/wf3Z8N; spf=softfail (domain: sakoman.com, ip: 209.85.214.180, mailfrom: steve@sakoman.com) Received: by mail-pl1-f180.google.com with SMTP id d9443c01a7336-1cc3216b2a1so49879425ad.2 for ; Tue, 14 Nov 2023 19:17:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018272; x=1700623072; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=R3FJNE8zed0vi1qefQeftmhh9TCmdjxbYyejRWAuxGQ=; b=t/wf3Z8NR0Yb+FVuZWODA40Hzqy+S6/0gv6nR7m3GP8N2IqP6TyU1SVb0Ls77Ypx3w 7x9OVmGOT1gdxg3cHTfJ/XaOZxQI8PwCu2vEKhe/uclzGsLmwuLgwLfylgZiV61mrl1Q DOmrXSOzcdDk1qmM9yxqL+EqnV5zVlvCG3/SgPfCn4faFqYFlCFnoYXf063s12ViXgwX bV49Q12/7oG1HGWi0KqZTBsVLrwM//8M2vBPAUF2OA1qM2+xRIZ7HDioNqRMbGfvvZGI pdIjWD55CWhJeKvS2CVO0CiJm9T+ilU0lUEZXasocfasRMCr16OY4BYbROh5oALZg5OR 06vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018272; x=1700623072; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R3FJNE8zed0vi1qefQeftmhh9TCmdjxbYyejRWAuxGQ=; b=hnND8fFdfPt1L+0U1IYLPVgaSF0K7DlEsmRKKUbQdkBmOa/16ao0UKMETPb4PdCMag W7IK0QofQQoRCR3kqUlRW8lSeViNhayUzMqPHjZsCsoQTqQU914DVe57nYScEAv9n7SX Ya0zQ1Rw72hkdw1ba4tHn4ghdRd8WXnM7tEM1npahKZESmEe++W1hywO+yLjzqeqFYzU tpCP8u19VN3z5t0TazoywQSLty9Fdqf5uOIbjDIfwo2FU5IJ9bH89POfoo7Tbu/WbIGy iY/YY+LlmDN0xpM5t5Qv7NurOUBvDkalaSdWi4EOxbLhOtIMl6Y79P6AbC8HxtKHSQ8i AyYg== X-Gm-Message-State: AOJu0YxesbysRBzj8Pc1PSia6YWgnZrxCsNGL1FFYQ9IDNqtPkserzyI qEBLQfmvaIS/1UW3Il817JHiY+6emnzRtwcRBvPkYQ== X-Google-Smtp-Source: AGHT+IFYEmf0QGebz4n/37HLYMW3YUC2Bg6xVQ3ayZaXUJTqNl6rsQxxQxYm9/dUbg4pDeaOg84odg== X-Received: by 2002:a17:902:9a8a:b0:1cc:3209:eacb with SMTP id w10-20020a1709029a8a00b001cc3209eacbmr3770855plp.29.1700018271578; Tue, 14 Nov 2023 19:17:51 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.50 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:51 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 06/17] libwebp: Fix CVE-2023-4863 Date: Tue, 14 Nov 2023 17:17:23 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:17:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190536 From: Soumya Sambu Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Removed CVE-2023-5129.patch as CVE-2023-5129 is duplicate of CVE-2023-4863. CVE: CVE-2023-4863 References: https://nvd.nist.gov/vuln/detail/CVE-2023-4863 https://security-tracker.debian.org/tracker/CVE-2023-4863 https://bugzilla.redhat.com/show_bug.cgi?id=2238431#c12 Signed-off-by: Soumya Sambu Signed-off-by: Steve Sakoman --- ...23-5129.patch => CVE-2023-4863-0001.patch} | 27 ++++------ .../webp/files/CVE-2023-4863-0002.patch | 53 +++++++++++++++++++ meta/recipes-multimedia/webp/libwebp_1.1.0.bb | 3 +- 3 files changed, 66 insertions(+), 17 deletions(-) rename meta/recipes-multimedia/webp/files/{CVE-2023-5129.patch => CVE-2023-4863-0001.patch} (95%) create mode 100644 meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0001.patch similarity index 95% rename from meta/recipes-multimedia/webp/files/CVE-2023-5129.patch rename to meta/recipes-multimedia/webp/files/CVE-2023-4863-0001.patch index ffff068c56..419b12f7d9 100644 --- a/meta/recipes-multimedia/webp/files/CVE-2023-5129.patch +++ b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0001.patch @@ -1,7 +1,7 @@ -From 12b11893edf6c201710ebeee7c84743a8573fad6 Mon Sep 17 00:00:00 2001 +From 902bc9190331343b2017211debcec8d2ab87e17a Mon Sep 17 00:00:00 2001 From: Vincent Rabaud Date: Thu, 7 Sep 2023 21:16:03 +0200 -Subject: [PATCH 1/1] Fix OOB write in BuildHuffmanTable. +Subject: [PATCH 1/2] Fix OOB write in BuildHuffmanTable. First, BuildHuffmanTable is called to check if the data is valid. If it is and the table is not big enough, more memory is allocated. @@ -12,16 +12,11 @@ codes) streams are still decodable. Bug: chromium:1479274 Change-Id: I31c36dbf3aa78d35ecf38706b50464fd3d375741 -Notice that it references different CVE id: -https://nvd.nist.gov/vuln/detail/CVE-2023-5129 -which was marked as a rejected duplicate of: -https://nvd.nist.gov/vuln/detail/CVE-2023-4863 -but it's the same issue. Hence update CVE ID CVE-2023-4863 +CVE: CVE-2023-4863 -CVE: CVE-2023-5129 CVE-2023-4863 -Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/2af26267cdfcb63a88e5c74a85927a12d6ca1d76] -Signed-off-by: Colin McAllister -Signed-off-by: Pawan Badganchi +Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/902bc9190331343b2017211debcec8d2ab87e17a] + +Signed-off-by: Soumya Sambu --- src/dec/vp8l_dec.c | 46 ++++++++++--------- src/dec/vp8li_dec.h | 2 +- @@ -30,7 +25,7 @@ Signed-off-by: Pawan Badganchi 4 files changed, 129 insertions(+), 43 deletions(-) diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c -index 93615d4e..0d38314d 100644 +index 93615d4..0d38314 100644 --- a/src/dec/vp8l_dec.c +++ b/src/dec/vp8l_dec.c @@ -253,11 +253,11 @@ static int ReadHuffmanCodeLengths( @@ -178,7 +173,7 @@ index 93615d4e..0d38314d 100644 assert(dec->hdr_.num_htree_groups_ > 0); diff --git a/src/dec/vp8li_dec.h b/src/dec/vp8li_dec.h -index 72b2e861..32540a4b 100644 +index 72b2e86..32540a4 100644 --- a/src/dec/vp8li_dec.h +++ b/src/dec/vp8li_dec.h @@ -51,7 +51,7 @@ typedef struct { @@ -191,7 +186,7 @@ index 72b2e861..32540a4b 100644 typedef struct VP8LDecoder VP8LDecoder; diff --git a/src/utils/huffman_utils.c b/src/utils/huffman_utils.c -index 0cba0fbb..9efd6283 100644 +index 0cba0fb..9efd628 100644 --- a/src/utils/huffman_utils.c +++ b/src/utils/huffman_utils.c @@ -177,21 +177,24 @@ static int BuildHuffmanTable(HuffmanCode* const root_table, int root_bits, @@ -322,7 +317,7 @@ index 0cba0fbb..9efd6283 100644 + } +} diff --git a/src/utils/huffman_utils.h b/src/utils/huffman_utils.h -index 13b7ad1a..98415c53 100644 +index 13b7ad1..98415c5 100644 --- a/src/utils/huffman_utils.h +++ b/src/utils/huffman_utils.h @@ -43,6 +43,29 @@ typedef struct { @@ -367,5 +362,5 @@ index 13b7ad1a..98415c53 100644 #ifdef __cplusplus -- -2.34.1 +2.40.0 diff --git a/meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch new file mode 100644 index 0000000000..c1eedb6100 --- /dev/null +++ b/meta/recipes-multimedia/webp/files/CVE-2023-4863-0002.patch @@ -0,0 +1,53 @@ +From 95ea5226c870449522240ccff26f0b006037c520 Mon Sep 17 00:00:00 2001 +From: Vincent Rabaud +Date: Mon, 11 Sep 2023 16:06:08 +0200 +Subject: [PATCH 2/2] Fix invalid incremental decoding check. + +The first condition is only necessary if we have not read enough +(enough being defined by src_last, not src_end which is the end +of the image). +The second condition now fits the comment below: "if not +incremental, and we are past the end of buffer". + +BUG=oss-fuzz:62136 + +Change-Id: I0700f67c62db8e1c02c2e429a069a71e606a5e4f + +CVE: CVE-2023-4863 + +Upstream-Status: Backport [https://github.com/webmproject/libwebp/commit/95ea5226c870449522240ccff26f0b006037c520] + +Signed-off-by: Soumya Sambu +--- + src/dec/vp8l_dec.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +diff --git a/src/dec/vp8l_dec.c b/src/dec/vp8l_dec.c +index 0d38314..684a5b6 100644 +--- a/src/dec/vp8l_dec.c ++++ b/src/dec/vp8l_dec.c +@@ -1237,9 +1237,20 @@ static int DecodeImageData(VP8LDecoder* const dec, uint32_t* const data, + } + + br->eos_ = VP8LIsEndOfStream(br); +- if (dec->incremental_ && br->eos_ && src < src_end) { ++ // In incremental decoding: ++ // br->eos_ && src < src_last: if 'br' reached the end of the buffer and ++ // 'src_last' has not been reached yet, there is not enough data. 'dec' has to ++ // be reset until there is more data. ++ // !br->eos_ && src < src_last: this cannot happen as either the buffer is ++ // fully read, either enough has been read to reach 'src_last'. ++ // src >= src_last: 'src_last' is reached, all is fine. 'src' can actually go ++ // beyond 'src_last' in case the image is cropped and an LZ77 goes further. ++ // The buffer might have been enough or there is some left. 'br->eos_' does ++ // not matter. ++ assert(!dec->incremental_ || (br->eos_ && src < src_last) || src >= src_last); ++ if (dec->incremental_ && br->eos_ && src < src_last) { + RestoreState(dec); +- } else if (!br->eos_) { ++ } else if ((dec->incremental_ && src >= src_last) || !br->eos_) { + // Process the remaining rows corresponding to last row-block. + if (process_func != NULL) { + process_func(dec, row > last_row ? last_row : row); +-- +2.40.0 diff --git a/meta/recipes-multimedia/webp/libwebp_1.1.0.bb b/meta/recipes-multimedia/webp/libwebp_1.1.0.bb index 27c5d92c92..88c36cb76c 100644 --- a/meta/recipes-multimedia/webp/libwebp_1.1.0.bb +++ b/meta/recipes-multimedia/webp/libwebp_1.1.0.bb @@ -21,7 +21,8 @@ UPSTREAM_CHECK_URI = "http://downloads.webmproject.org/releases/webp/index.html" SRC_URI += " \ file://CVE-2023-1999.patch \ - file://CVE-2023-5129.patch \ + file://CVE-2023-4863-0001.patch \ + file://CVE-2023-4863-0002.patch \ " EXTRA_OECONF = " \ From patchwork Wed Nov 15 03:17:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34503 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5A051C47075 for ; Wed, 15 Nov 2023 03:17:56 +0000 (UTC) Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) by mx.groups.io with SMTP id smtpd.web10.4873.1700018274337669598 for ; Tue, 14 Nov 2023 19:17:54 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=D0eJeiH1; spf=softfail (domain: sakoman.com, ip: 209.85.214.172, mailfrom: steve@sakoman.com) Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-1cc3bb4c307so50095495ad.0 for ; Tue, 14 Nov 2023 19:17:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018273; x=1700623073; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WkZK9M5tj2KC2wgtvXppRw+ZgeYvryLLhaSDeXXceBU=; b=D0eJeiH1NQwGb3sxfNB8Zgvv5VVagsr7dzChvM1SYSWM4KCCk6LK8MPgUCDqriawZn Jp/D7hbbFSgzw8QSTjXca3hnDTwysZQ2JLTML84BomBe3IY3lze0IZDExHi747SyZpvY nju1Kb7MDQF2UxXw0GWDmB1wLsw0R9dtvEzGG9b8s+oeXLvk97Ua4XuMPmg3ySOInBoZ YCrA0Pj/Duf7JTjfJhzv+Z5KjqZ55Xc0kn9VRJ/tfUr02TgUrW5nIUKxkzFh5JgIeRXf kNhZjOBsX1GOM0Dn8tAdujYlDGoWxAk4D6z/gIwoS4AQ5B5bW5LxrVfMnloiJ/e+eUCL O5jA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018273; x=1700623073; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WkZK9M5tj2KC2wgtvXppRw+ZgeYvryLLhaSDeXXceBU=; b=eoLZ/bP0oOm+/VkjhTPPc0Wwnx6CjcQgBhta4/9TSQEvcDPHOaxQd584wa+7wunnD3 h02pxEABhYaVKr/VPhSv98AyARHY5lbUnDQakg6Mk7s/S1/rSp5k9nXIwKPuN5mwXXc1 S+rPVrtlKipRn2Pm53/zI9D/EDO+Ns755JhNeuQUkVjbEwg56mbW0+eBv2q2rexsf2N0 Ycr7gnR1GteK7Eo1mFOBVdux1xotc3SuHlGBlun9zpJfOR+S+jsdrOycD87r2BIbyv84 k+tdDZqDnoOxqLEVBrbTZ/2P9loiMt8UI8MpNf4U2PXb3nuxsh8wDa9h5yzawurkteJG mn/Q== X-Gm-Message-State: AOJu0Yylxj0dgQaFF3buzmnb9KMNDO9lFwU3XzoPc1RyqOPXNHVhWLS+ YCEFw12+8YqVExPtnf6WyjbcPArdbRUSBWXZBpytyA== X-Google-Smtp-Source: AGHT+IH/zcZU3X91izNXyQTTd6wg6i6YujHDnlQSd5nOBUnCIzpls0rufZFAbAzTGXskLvqbIzUarA== X-Received: by 2002:a17:902:d548:b0:1cc:c857:14a0 with SMTP id z8-20020a170902d54800b001ccc85714a0mr4709306plf.3.1700018273460; Tue, 14 Nov 2023 19:17:53 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.52 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:53 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 07/17] zlib: Backport fix for CVE-2023-45853 Date: Tue, 14 Nov 2023 17:17:24 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:17:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190537 From: Ashish Sharma Upstream-Status: Backport from [https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c] Signed-off-by: Ashish Sharma Signed-off-by: Steve Sakoman --- .../zlib/zlib/CVE-2023-45853.patch | 40 +++++++++++++++++++ meta/recipes-core/zlib/zlib_1.2.11.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch diff --git a/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch new file mode 100644 index 0000000000..654579eb81 --- /dev/null +++ b/meta/recipes-core/zlib/zlib/CVE-2023-45853.patch @@ -0,0 +1,40 @@ +From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001 +From: Hans Wennborg +Date: Fri, 18 Aug 2023 11:05:33 +0200 +Subject: [PATCH] Reject overflows of zip header fields in minizip. + +This checks the lengths of the file name, extra field, and comment +that would be put in the zip headers, and rejects them if they are +too long. They are each limited to 65535 bytes in length by the zip +format. This also avoids possible buffer overflows if the provided +fields are too long. + +Upstream-Status: Backport from [https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c] +CVE: CVE-2023-45853 +Signed-off-by: Ashish Sharma +--- + contrib/minizip/zip.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/contrib/minizip/zip.c b/contrib/minizip/zip.c +index 3d3d4cadd..0446109b2 100644 +--- a/contrib/minizip/zip.c ++++ b/contrib/minizip/zip.c +@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c + return ZIP_PARAMERROR; + #endif + ++ // The filename and comment length must fit in 16 bits. ++ if ((filename!=NULL) && (strlen(filename)>0xffff)) ++ return ZIP_PARAMERROR; ++ if ((comment!=NULL) && (strlen(comment)>0xffff)) ++ return ZIP_PARAMERROR; ++ // The extra field length must fit in 16 bits. If the member also requires ++ // a Zip64 extra block, that will also need to fit within that 16-bit ++ // length, but that will be checked for later. ++ if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff)) ++ return ZIP_PARAMERROR; ++ + zi = (zip64_internal*)file; + + if (zi->in_opened_file_inzip == 1) diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb index e2fbc12bd8..910fc2ec17 100644 --- a/meta/recipes-core/zlib/zlib_1.2.11.bb +++ b/meta/recipes-core/zlib/zlib_1.2.11.bb @@ -11,6 +11,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \ file://CVE-2018-25032.patch \ file://run-ptest \ file://CVE-2022-37434.patch \ + file://CVE-2023-45853.patch \ " UPSTREAM_CHECK_URI = "http://zlib.net/" From patchwork Wed Nov 15 03:17:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34505 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 73ECBC47079 for ; Wed, 15 Nov 2023 03:17:56 +0000 (UTC) Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) by mx.groups.io with SMTP id smtpd.web11.5034.1700018276152993344 for ; Tue, 14 Nov 2023 19:17:56 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=Ttx/RQlS; spf=softfail (domain: sakoman.com, ip: 209.85.214.169, mailfrom: steve@sakoman.com) Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-1ccbb7f79cdso48800805ad.3 for ; Tue, 14 Nov 2023 19:17:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018275; x=1700623075; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=Hh5KHdPyOA7JZ7bycJ6zu8PT5TrYagKQSroxW98XfPI=; b=Ttx/RQlSTUPKn+rwsNUKI6jqvkQO9XRWoY/xTmrAGBzLtpjoKWPMxb851W3oKq/4xq N5jjjUADR2J/oFR/YNyg0O0GqztljWhKN3lC0/hhLZ/eClTL8Q6YHqSVXfbebEpmRssv DDPUDL4rFVn0Gj2IVol2P8ygxoTNJCQEdmKnpZMpWy3oxTGV1tkj50NfIRqu/bf9TXda Dy6jZYy0c/12nCJzQTkBRWoZu74gwWzL0Wn8swjy4AGJ9YBOSQly2XE6vEZzpCXXcP5/ GOcz59ANcJr9913Tb1ZNEbm6PMWAZfAur9jekLM5al7BRiA0PTZk0Me3hhVZYwHyvrDY Ad3Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018275; x=1700623075; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Hh5KHdPyOA7JZ7bycJ6zu8PT5TrYagKQSroxW98XfPI=; b=wZTMz+UxBH2kZjqvcdoIQhUfJhxh/+YpmCkE2oy2LQ821iTz2g7IhfLPBYZ2NJs0QR Hvy29B0A9TEwQDBj++xnHtpPTryVdu/okJ3qq64M2kMMimTWi3E9ZKCIUwBNy39nVQYB juVUko3NocMlYXPElX4h67Pf6aJtCIB+Zn3CRapnxql/BzlymchcpmfFUPQHSxrtaD3o uc0Zk27+rNF4ggjzE6c+usb/xElp9t0iAltWYneEqvBlPcYjJMffLdvKmzOblqyRop63 DpYSSBG3LMgfgs3atiDjeLECS5qrb5QgxcsZ2HwWGVJyPnSC7nV4m48YKv1ua0NIy5TL EGWw== X-Gm-Message-State: AOJu0YxBhGofx/aA4AziwgfokQ69ZMsXsaF29dHfQh5qSuTnr7himykQ zejxlphIRFJAN/Bw9rtcG9UOcvXArUH2fGK4pGVFkA== X-Google-Smtp-Source: AGHT+IFB+x4sLB3X72IVGaM596k9fc63qDPCwq7Wl4RIUkqJWtzhG5ZFsJumH5Au4JaH5pzEoIh9XQ== X-Received: by 2002:a17:903:41c3:b0:1cc:3be6:b714 with SMTP id u3-20020a17090341c300b001cc3be6b714mr4608018ple.23.1700018275215; Tue, 14 Nov 2023 19:17:55 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:54 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 08/17] Revert "qemu: Backport fix for CVE-2023-0330" Date: Tue, 14 Nov 2023 17:17:25 -1000 Message-Id: <14aa11aecf503cef08e43c90cf0bd574721ca965.1700018112.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:17:56 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190538 This reverts commit 45ce9885351a2344737170e6e810dc67ab3e7ea9. Unfortunately this backport results in qemuarmv5 failing to boot with a qemu lsi hw error. [YOCTO #15274] See discussion: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15274 Signed-off-by: Steve Sakoman --- meta/recipes-devtools/qemu/qemu.inc | 3 +- ...-2023-0330_1.patch => CVE-2023-0330.patch} | 0 .../qemu/qemu/CVE-2023-0330_2.patch | 135 ------------------ 3 files changed, 1 insertion(+), 137 deletions(-) rename meta/recipes-devtools/qemu/qemu/{CVE-2023-0330_1.patch => CVE-2023-0330.patch} (100%) delete mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index e6b26aba88..a24915c35c 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -137,8 +137,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2021-3409-4.patch \ file://CVE-2021-3409-5.patch \ file://hw-display-qxl-Pass-requested-buffer-size-to-qxl_phy.patch \ - file://CVE-2023-0330_1.patch \ - file://CVE-2023-0330_2.patch \ + file://CVE-2023-0330.patch \ file://CVE-2023-3354.patch \ file://CVE-2023-3180.patch \ file://CVE-2020-24165.patch \ diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch similarity index 100% rename from meta/recipes-devtools/qemu/qemu/CVE-2023-0330_1.patch rename to meta/recipes-devtools/qemu/qemu/CVE-2023-0330.patch diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch deleted file mode 100644 index 3b45bc0411..0000000000 --- a/meta/recipes-devtools/qemu/qemu/CVE-2023-0330_2.patch +++ /dev/null @@ -1,135 +0,0 @@ -From a2e1753b8054344f32cf94f31c6399a58794a380 Mon Sep 17 00:00:00 2001 -From: Alexander Bulekov -Date: Thu, 27 Apr 2023 17:10:06 -0400 -Subject: [PATCH] memory: prevent dma-reentracy issues - -Add a flag to the DeviceState, when a device is engaged in PIO/MMIO/DMA. -This flag is set/checked prior to calling a device's MemoryRegion -handlers, and set when device code initiates DMA. The purpose of this -flag is to prevent two types of DMA-based reentrancy issues: - -1.) mmio -> dma -> mmio case -2.) bh -> dma write -> mmio case - -These issues have led to problems such as stack-exhaustion and -use-after-frees. - -Summary of the problem from Peter Maydell: -https://lore.kernel.org/qemu-devel/CAFEAcA_23vc7hE3iaM-JVA6W38LK4hJoWae5KcknhPRD5fPBZA@mail.gmail.com - -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/62 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/540 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/541 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/556 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/557 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/827 -Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1282 -Resolves: CVE-2023-0330 - -Signed-off-by: Alexander Bulekov -Reviewed-by: Thomas Huth -Message-Id: <20230427211013.2994127-2-alxndr@bu.edu> -[thuth: Replace warn_report() with warn_report_once()] -Signed-off-by: Thomas Huth - -Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/a2e1753b8054344f32cf94f31c6399a58794a380] -CVE: CVE-2023-0330 -Signed-off-by: Vijay Anusuri ---- - include/exec/memory.h | 5 +++++ - include/hw/qdev-core.h | 7 +++++++ - memory.c | 16 ++++++++++++++++ - 3 files changed, 28 insertions(+) - -diff --git a/include/exec/memory.h b/include/exec/memory.h -index 2b8bccdd..0c8cdb8e 100644 ---- a/include/exec/memory.h -+++ b/include/exec/memory.h -@@ -378,6 +378,8 @@ struct MemoryRegion { - bool is_iommu; - RAMBlock *ram_block; - Object *owner; -+ /* owner as TYPE_DEVICE. Used for re-entrancy checks in MR access hotpath */ -+ DeviceState *dev; - - const MemoryRegionOps *ops; - void *opaque; -@@ -400,6 +402,9 @@ struct MemoryRegion { - const char *name; - unsigned ioeventfd_nb; - MemoryRegionIoeventfd *ioeventfds; -+ -+ /* For devices designed to perform re-entrant IO into their own IO MRs */ -+ bool disable_reentrancy_guard; - }; - - struct IOMMUMemoryRegion { -diff --git a/include/hw/qdev-core.h b/include/hw/qdev-core.h -index 1518495b..206f0a70 100644 ---- a/include/hw/qdev-core.h -+++ b/include/hw/qdev-core.h -@@ -138,6 +138,10 @@ struct NamedGPIOList { - QLIST_ENTRY(NamedGPIOList) node; - }; - -+typedef struct { -+ bool engaged_in_io; -+} MemReentrancyGuard; -+ - /** - * DeviceState: - * @realized: Indicates whether the device has been fully constructed. -@@ -163,6 +167,9 @@ struct DeviceState { - int num_child_bus; - int instance_id_alias; - int alias_required_for_version; -+ -+ /* Is the device currently in mmio/pio/dma? Used to prevent re-entrancy */ -+ MemReentrancyGuard mem_reentrancy_guard; - }; - - struct DeviceListener { -diff --git a/memory.c b/memory.c -index 8cafb86a..94ebcaf9 100644 ---- a/memory.c -+++ b/memory.c -@@ -531,6 +531,18 @@ static MemTxResult access_with_adjusted_size(hwaddr addr, - access_size_max = 4; - } - -+ /* Do not allow more than one simultaneous access to a device's IO Regions */ -+ if (mr->dev && !mr->disable_reentrancy_guard && -+ !mr->ram_device && !mr->ram && !mr->rom_device && !mr->readonly) { -+ if (mr->dev->mem_reentrancy_guard.engaged_in_io) { -+ warn_report_once("Blocked re-entrant IO on MemoryRegion: " -+ "%s at addr: 0x%" HWADDR_PRIX, -+ memory_region_name(mr), addr); -+ return MEMTX_ACCESS_ERROR; -+ } -+ mr->dev->mem_reentrancy_guard.engaged_in_io = true; -+ } -+ - /* FIXME: support unaligned access? */ - access_size = MAX(MIN(size, access_size_max), access_size_min); - access_mask = MAKE_64BIT_MASK(0, access_size * 8); -@@ -545,6 +557,9 @@ static MemTxResult access_with_adjusted_size(hwaddr addr, - access_mask, attrs); - } - } -+ if (mr->dev) { -+ mr->dev->mem_reentrancy_guard.engaged_in_io = false; -+ } - return r; - } - -@@ -1132,6 +1147,7 @@ static void memory_region_do_init(MemoryRegion *mr, - } - mr->name = g_strdup(name); - mr->owner = owner; -+ mr->dev = (DeviceState *) object_dynamic_cast(mr->owner, TYPE_DEVICE); - mr->ram_block = NULL; - - if (name) { --- -2.25.1 - From patchwork Wed Nov 15 03:17:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34507 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 70F14C47071 for ; Wed, 15 Nov 2023 03:18:06 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web11.5035.1700018278298194748 for ; Tue, 14 Nov 2023 19:17:58 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=UpCxhlW7; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1cc5b7057d5so57185835ad.2 for ; Tue, 14 Nov 2023 19:17:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018277; x=1700623077; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=21gGbJWd0Lovjp8ezUVuuKPIEtQXFSqOb+Huh5281Tk=; b=UpCxhlW7IA64EeQjJRYQa7bdifoekW6xzo3IvkUSwJsoMVybqLZQMIQGlqchSpesmi XfmEKuAppDho+EygNYRASAgULwE01u7i+dkcxgvy/mPb9jWaffHOrJAAtkLCRIptmrYo SBkZdKw+sf/NQ1roK5/XdE1GxZjMX2/FEH4NEd9kmDu9CiyFwa/TlU8AjX4vpWLjJ3y/ Vf6rv4AD7nQ/lb5fiAAHZy0koqEIeeYPZGZeFZe43iT+EDawMShDr84fN4Csyftm2R/p /pgcxqC7F9bNL0Xt7AW2cauhMTgL0cNfu/7r8JVe9Py0Ea//cxpaqHcQZl2/fl/+CnZY j5sg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018277; x=1700623077; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=21gGbJWd0Lovjp8ezUVuuKPIEtQXFSqOb+Huh5281Tk=; b=tSmC+NtfCZ5DrDembisCH3GJ3f8gp2zFWl+xV8QZgrgGYVzYNtmblfoDUzcotSHR5f 34ELQCJenW9y3CpZWH8ZKxIDkp3gAFMcO039ZnJXnzuqGTRFmSS+024O7OzC6mIgro09 9ZJkIkoJh8cbFdPJDTctGjYcLWk4suB1iVao3YxtOXZq1i3YzMHciWVZkp83PcUAbQfX Y8KDQA8BkI9XxKm0YOVYvcgGKEkWNTMLa77RY3kONY7uXrI5XEjhVwd21zZkm+gHAzTG pcsIyREU9Ag5UPGqQJLLTgirKzC/K2wQdnJKJkRK6b13Rx+p0EQzAWV0I9OQwl6hbr+z AXvA== X-Gm-Message-State: AOJu0YySYHBRw5lQvSMZLnR7fzu+QEtnPfhcPWhZFxALA9Rdw+vvPhkp 1ZuP8dVob0WBE1HLCluyn+lUzoDpEvkcwcLAOsQD8Q== X-Google-Smtp-Source: AGHT+IHkpHOU5l+/6rYjhDLi4nPBROF/pgykuVCV5PXUH8qUVn2/l5C9gpQ1feJ9kShw7mNXFPqTAw== X-Received: by 2002:a17:902:7407:b0:1cc:2f05:7edb with SMTP id g7-20020a170902740700b001cc2f057edbmr4548388pll.35.1700018276930; Tue, 14 Nov 2023 19:17:56 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:56 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 09/17] xserver-xorg: Fix for CVE-2023-5367 and CVE-2023-5380 Date: Tue, 14 Nov 2023 17:17:26 -1000 Message-Id: <41b87e7493f7b50ba0ddad941d37ef4a24a749d8.1700018112.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:18:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190539 From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a & https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7] Signed-off-by: Vijay Anusuri Signed-off-by: Steve Sakoman --- .../xserver-xorg/CVE-2023-5367.patch | 84 +++++++++++++++ .../xserver-xorg/CVE-2023-5380.patch | 102 ++++++++++++++++++ .../xorg-xserver/xserver-xorg_1.20.14.bb | 2 + 3 files changed, 188 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch new file mode 100644 index 0000000000..508588481e --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5367.patch @@ -0,0 +1,84 @@ +From 541ab2ecd41d4d8689e71855d93e492bc554719a Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Tue, 3 Oct 2023 11:53:05 +1000 +Subject: [PATCH] Xi/randr: fix handling of PropModeAppend/Prepend + +The handling of appending/prepending properties was incorrect, with at +least two bugs: the property length was set to the length of the new +part only, i.e. appending or prepending N elements to a property with P +existing elements always resulted in the property having N elements +instead of N + P. + +Second, when pre-pending a value to a property, the offset for the old +values was incorrect, leaving the new property with potentially +uninitalized values and/or resulting in OOB memory writes. +For example, prepending a 3 element value to a 5 element property would +result in this 8 value array: + [N, N, N, ?, ?, P, P, P ] P, P + ^OOB write + +The XI2 code is a copy/paste of the RandR code, so the bug exists in +both. + +CVE-2023-5367, ZDI-CAN-22153 + +This vulnerability was discovered by: +Jan-Niklas Sohn working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/541ab2ecd41d4d8689e71855d93e492bc554719a] +CVE: CVE-2023-5367 +Signed-off-by: Vijay Anusuri +--- + Xi/xiproperty.c | 4 ++-- + randr/rrproperty.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/Xi/xiproperty.c b/Xi/xiproperty.c +index 066ba21fba..d315f04d0e 100644 +--- a/Xi/xiproperty.c ++++ b/Xi/xiproperty.c +@@ -730,7 +730,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type, + XIDestroyDeviceProperty(prop); + return BadAlloc; + } +- new_value.size = len; ++ new_value.size = total_len; + new_value.type = type; + new_value.format = format; + +@@ -747,7 +747,7 @@ XIChangeDeviceProperty(DeviceIntPtr dev, Atom property, Atom type, + case PropModePrepend: + new_data = new_value.data; + old_data = (void *) (((char *) new_value.data) + +- (prop_value->size * size_in_bytes)); ++ (len * size_in_bytes)); + break; + } + if (new_data) +diff --git a/randr/rrproperty.c b/randr/rrproperty.c +index c2fb9585c6..25469f57b2 100644 +--- a/randr/rrproperty.c ++++ b/randr/rrproperty.c +@@ -209,7 +209,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type, + RRDestroyOutputProperty(prop); + return BadAlloc; + } +- new_value.size = len; ++ new_value.size = total_len; + new_value.type = type; + new_value.format = format; + +@@ -226,7 +226,7 @@ RRChangeOutputProperty(RROutputPtr output, Atom property, Atom type, + case PropModePrepend: + new_data = new_value.data; + old_data = (void *) (((char *) new_value.data) + +- (prop_value->size * size_in_bytes)); ++ (len * size_in_bytes)); + break; + } + if (new_data) +-- +GitLab + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch new file mode 100644 index 0000000000..720340d83b --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-5380.patch @@ -0,0 +1,102 @@ +From 564ccf2ce9616620456102727acb8b0256b7bbd7 Mon Sep 17 00:00:00 2001 +From: Peter Hutterer +Date: Thu, 5 Oct 2023 12:19:45 +1000 +Subject: [PATCH] mi: reset the PointerWindows reference on screen switch + +PointerWindows[] keeps a reference to the last window our sprite +entered - changes are usually handled by CheckMotion(). + +If we switch between screens via XWarpPointer our +dev->spriteInfo->sprite->win is set to the new screen's root window. +If there's another window at the cursor location CheckMotion() will +trigger the right enter/leave events later. If there is not, it skips +that process and we never trigger LeaveWindow() - PointerWindows[] for +the device still refers to the previous window. + +If that window is destroyed we have a dangling reference that will +eventually cause a use-after-free bug when checking the window hierarchy +later. + +To trigger this, we require: +- two protocol screens +- XWarpPointer to the other screen's root window +- XDestroyWindow before entering any other window + +This is a niche bug so we hack around it by making sure we reset the +PointerWindows[] entry so we cannot have a dangling pointer. This +doesn't handle Enter/Leave events correctly but the previous code didn't +either. + +CVE-2023-5380, ZDI-CAN-21608 + +This vulnerability was discovered by: +Sri working with Trend Micro Zero Day Initiative + +Signed-off-by: Peter Hutterer +Reviewed-by: Adam Jackson + +Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/564ccf2ce9616620456102727acb8b0256b7bbd7] +CVE: CVE-2023-5380 +Signed-off-by: Vijay Anusuri +--- + dix/enterleave.h | 2 -- + include/eventstr.h | 3 +++ + mi/mipointer.c | 17 +++++++++++++++-- + 3 files changed, 18 insertions(+), 4 deletions(-) + +diff --git a/dix/enterleave.h b/dix/enterleave.h +index 4b833d8..e8af924 100644 +--- a/dix/enterleave.h ++++ b/dix/enterleave.h +@@ -58,8 +58,6 @@ extern void DeviceFocusEvent(DeviceIntPtr dev, + + extern void EnterWindow(DeviceIntPtr dev, WindowPtr win, int mode); + +-extern void LeaveWindow(DeviceIntPtr dev); +- + extern void CoreFocusEvent(DeviceIntPtr kbd, + int type, int mode, int detail, WindowPtr pWin); + +diff --git a/include/eventstr.h b/include/eventstr.h +index bf3b95f..2bae3b0 100644 +--- a/include/eventstr.h ++++ b/include/eventstr.h +@@ -296,4 +296,7 @@ union _InternalEvent { + #endif + }; + ++extern void ++LeaveWindow(DeviceIntPtr dev); ++ + #endif +diff --git a/mi/mipointer.c b/mi/mipointer.c +index 75be1ae..b12ae9b 100644 +--- a/mi/mipointer.c ++++ b/mi/mipointer.c +@@ -397,8 +397,21 @@ miPointerWarpCursor(DeviceIntPtr pDev, ScreenPtr pScreen, int x, int y) + #ifdef PANORAMIX + && noPanoramiXExtension + #endif +- ) +- UpdateSpriteForScreen(pDev, pScreen); ++ ) { ++ DeviceIntPtr master = GetMaster(pDev, MASTER_POINTER); ++ /* Hack for CVE-2023-5380: if we're moving ++ * screens PointerWindows[] keeps referring to the ++ * old window. If that gets destroyed we have a UAF ++ * bug later. Only happens when jumping from a window ++ * to the root window on the other screen. ++ * Enter/Leave events are incorrect for that case but ++ * too niche to fix. ++ */ ++ LeaveWindow(pDev); ++ if (master) ++ LeaveWindow(master); ++ UpdateSpriteForScreen(pDev, pScreen); ++ } + } + + /** +-- +2.25.1 + diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb index 5c604fa86e..eaff93bd09 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.14.bb @@ -16,6 +16,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://CVE-2022-46344.patch \ file://CVE-2023-0494.patch \ file://CVE-2023-1393.patch \ + file://CVE-2023-5367.patch \ + file://CVE-2023-5380.patch \ " SRC_URI[md5sum] = "453fc86aac8c629b3a5b77e8dcca30bf" SRC_URI[sha256sum] = "54b199c9280ff8bf0f73a54a759645bd0eeeda7255d1c99310d5b7595f3ac066" From patchwork Wed Nov 15 03:17:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34510 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9190DC47076 for ; Wed, 15 Nov 2023 03:18:06 +0000 (UTC) Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181]) by mx.groups.io with SMTP id smtpd.web11.5037.1700018279589546684 for ; Tue, 14 Nov 2023 19:17:59 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=2bTbwRS5; spf=softfail (domain: sakoman.com, ip: 209.85.214.181, mailfrom: steve@sakoman.com) Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1cc9b626a96so47991695ad.2 for ; Tue, 14 Nov 2023 19:17:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018279; x=1700623079; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=DV81cWH/8wfZf7UR9Qb6h71srl3O92Jsl4T+8ZSsUCU=; b=2bTbwRS50VcFX8eXpDLkOd/nzHaAaJQQUgAN8wZNTHvooe+Boql/T7dnRuyoLBQZB6 1DBK9Xhc5ZB4cSdFvAPY6nsSaL7AhpF6voQcbSvFkB7E3cm18NyggXV8C7AuOq/f8vOp 92sgXL5Tk9yMJ10dhyJH9u7WIFUcHTZNwCuLgAfxexjra9lgoIHrOE1ti0fA/E+gQsgg f2/KGzULf/foy76x6VP3Zv39PgQcUWQky4PTqcVpJ4LFfjf6l3vfjvLt5wXSDmzeinNS 9/tTVpvZwNrENUnFQKK81tdS30I7bScGkyLtZ8nr41gvwobvlL31P8RXDAiQ8ymbXaF/ iZsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018279; x=1700623079; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DV81cWH/8wfZf7UR9Qb6h71srl3O92Jsl4T+8ZSsUCU=; b=uU6RHkk2U1ux0TB18kfbTevDBSP4mzYwqj1jN4wyykwUnhjYJ/sQFYhllLE/fMNh0z mwPYR9tu2dmVaYBndjZBq4mpVdo1wKxkSO/6l+666abmAsvkOWTCO4rdrLsmJOoYb8cX pFwP9eCqTxWYrbs1NK8/6xxq66er1zL9mEnjRH8vmy/OFzFiV1Y+Qk89q91w9w/8cFTg D94a4Y/pghVCF+O8mKVPn3x7RLL2ZgT8+3oAqL/YKwKt8qxdnfmdwCOo9CEX/onMqMkk VB2azRlUhC4DSUMlRh0PwyFbMs45nJ8t8lZ5cVkYMHSEXBBabuTMBIKxFvzSRnfQVv1z 5Szw== X-Gm-Message-State: AOJu0YziRywBT3lFptCqdG/xFl1SQQItQku13o3bhrYP4cSiOBeBeVPj Oe2r6QgSaXPEy+F3aHajeUgwrKzJy0MYZ54XQbChGg== X-Google-Smtp-Source: AGHT+IFBy0J3l2PjUGDqowSSrLtl6Z5BW4TBOSZyZp6N+lvNyOGrrwpI0stYwXsMOztsMKPZkJZHbA== X-Received: by 2002:a17:902:704a:b0:1ca:d778:a9ce with SMTP id h10-20020a170902704a00b001cad778a9cemr4229220plt.38.1700018278780; Tue, 14 Nov 2023 19:17:58 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:17:58 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 10/17] cve-check: sort the package list in the JSON report Date: Tue, 14 Nov 2023 17:17:27 -1000 Message-Id: <5a509bc6f26247cc7561189d582c91816042fd91.1700018112.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:18:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190540 From: Ross Burton The JSON report generated by the cve-check class is basically a huge list of packages. This list of packages is, however, unsorted. To make things easier for people comparing the JSON, or more specifically for git when archiving the JSON over time in a git repository, we can sort the list by package name. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit e9861be0e5020830c2ecc24fd091f4f5b05da036) Signed-off-by: Steve Sakoman --- meta/classes/cve-check.bbclass | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index b0ccefc84d..5e6bae1757 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -97,6 +97,8 @@ def generate_json_report(d, out_path, link_path): cve_check_merge_jsons(summary, data) filename = f.readline() + summary["package"].sort(key=lambda d: d['name']) + with open(out_path, "w") as f: json.dump(summary, f, indent=2) From patchwork Wed Nov 15 03:17:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34506 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F926C47072 for ; Wed, 15 Nov 2023 03:18:06 +0000 (UTC) Received: from mail-pg1-f171.google.com (mail-pg1-f171.google.com [209.85.215.171]) by mx.groups.io with SMTP id smtpd.web11.5040.1700018281960966190 for ; Tue, 14 Nov 2023 19:18:02 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=1b4wV+Ro; spf=softfail (domain: sakoman.com, ip: 209.85.215.171, mailfrom: steve@sakoman.com) Received: by mail-pg1-f171.google.com with SMTP id 41be03b00d2f7-5a9bc2ec556so3923780a12.0 for ; Tue, 14 Nov 2023 19:18:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018281; x=1700623081; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=POKhWiqkmQntmZSVMEM5kZYSfSHrbNcT8JeTiFntHs8=; b=1b4wV+RoPu8DTPZiVgpYbTHxAxMbq/38u79HcZ6Eu7GJNRbLio3uByfNKjORVEcwkk D8QThIvpuVtBRTsCiTR74YYv81dTudYVdYLuiIIGUc/89Df28W8tTtbbhrz+VogNoZfH KM2QShAjGVEypV0qGMfNwk9P5ZFjEkr+anYQcwMG5RNihn18XNU3utfRU+1xBanG9crO ZS8sRFbRaP64pRw5kY5J8lb9cCxLUCJqhuKiJpy2CwsHgVoHY9hrm5VCQew210aScHOM ZPemQYX6I2QUuKetiieroS2DbxXhmf175ybsTJA3nojz9328OJiGLRW6Q7Uamli3l/gK 9yDw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018281; x=1700623081; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=POKhWiqkmQntmZSVMEM5kZYSfSHrbNcT8JeTiFntHs8=; b=edxUnTiQLi4Sx5zA/YeibEB7AJbFCVD7OjXUG3mcox+gvyPeq7ammlgfCphRyaPS3f 5mHv3iFF2pFfbBqUSIPm7vwKBrbhAI3yIowGL5B0iARIBzASo3Tgp39PDJaGoO22VNTj dw/oM4OUxjwii7cWWepv4jxxmEzIuk7rRtRKEnpAwGvksfv8BpCnAcTpovUr73t0n52T p5+J4ww1dEmHuC6IIK0PasprQEerWBfLUAewrZTGvCPQwljiW0iaOu7t9l7UQtulbx2d Cs17aw2oGkzTrSPuL4pX4ho5E/odZnXrKTsKPiOiI/xA5koxLe12Hw/F9Mtz05zqKIE0 Nm7w== X-Gm-Message-State: AOJu0YxZKwgRnW8vl/oztUnowZsvU7uMYESzWpmbijtrfSbe5iVxntoT UBQdbmbQ5pYBKY6TngOkKz9JgDtEQgoGTQtgMaPK+w== X-Google-Smtp-Source: AGHT+IErKz5RH+kjTh4QITCHJ0A9Vd+f+wfopfctdR5D+qc8m1/bw+Li81ij4BVmsdmKIHZ0vFJ3KQ== X-Received: by 2002:a05:6a20:4420:b0:13a:e955:d958 with SMTP id ce32-20020a056a20442000b0013ae955d958mr10093598pzb.7.1700018280659; Tue, 14 Nov 2023 19:18:00 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.17.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:18:00 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 11/17] cve-check: slightly more verbose warning when adding the same package twice Date: Tue, 14 Nov 2023 17:17:28 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:18:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190541 From: Ross Burton Occasionally the cve-check tool will warn that it is adding the same package twice. Knowing what this package is might be the first step towards understanding where this message comes from. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit c1179faec8583a8b7df192cf1cbf221f0e3001fc) Signed-off-by: Steve Sakoman --- meta/lib/oe/cve_check.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index c508865738..a91d691c30 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -75,7 +75,7 @@ def cve_check_merge_jsons(output, data): for product in output["package"]: if product["name"] == data["package"][0]["name"]: - bb.error("Error adding the same package twice") + bb.error("Error adding the same package %s twice" % product["name"]) return output["package"].append(data["package"][0]) From patchwork Wed Nov 15 03:17:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34509 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7F010C47075 for ; Wed, 15 Nov 2023 03:18:06 +0000 (UTC) Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by mx.groups.io with SMTP id smtpd.web11.5042.1700018283642721417 for ; Tue, 14 Nov 2023 19:18:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=zyCjGFNx; spf=softfail (domain: sakoman.com, ip: 209.85.210.173, mailfrom: steve@sakoman.com) Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-6c33ab26dddso5616410b3a.0 for ; Tue, 14 Nov 2023 19:18:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018282; x=1700623082; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ArKgE67eBur1QH7o35YJ2kR0QyNgk9KdWPhF9xHxzt8=; b=zyCjGFNxA51ABVIledOjA/IA0Ovtfw8aePhghzFqo/7aSg9dSyxYb07tu6ZX1slVJq 5ZieDLGyU4L4nEFsFZV6rVjEyNMxTZHTNAC4TZYL2iUSAVf+EXLnIZLfCvmNQ7Ij8bV6 gecktKyTe7osMsQbVAH9j/2WqifY3zoqWnvCmL84fgjW/SduXNJOOwuNBEMqIYRTjRoT jEbnYcX3eZTsyG4vHYP1f/1UbLJu/+6jmS1RTOQ7+tndQ8ZzIHx1BXeEyF+RGTtnlPzI BWssaMYHE9swQMHGVyBCY7l2kpwLJnOReqRYRT7Af5Hgr5Qrg1CJWZKhVqNX+C0vrsuh JYMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018282; x=1700623082; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ArKgE67eBur1QH7o35YJ2kR0QyNgk9KdWPhF9xHxzt8=; b=ATWH3FlcNYT1FnA4NvlT9E/tHIkA1zFUojBW0dn4d7q034QZH47HPDOXpnCvs94g3n pIpEKvYMVfC0LMr6gKvxSG1q7Vp2VOFq9D+mWTgcPKSiLTde94lde+3ohBQqSHC6XUKP hENQryFUQ/NCQw2Hrc0SiIb2OQuFXHt6SffxYppzhC6aeEZi3pEmr5KtCuIwFT6UMGbW Uo9ctl1l2j4W83N427N+6puG7uDsCDeR9UGposPn3N7Z8CoheY7+aH5WdVWiKu1VaI8i VcueXp3PHCVZs73ycK5vTUIkfFbg1HzY3Qyahzq8PIhPry61gHBHa+KYA9sHunEv5s0K AJsQ== X-Gm-Message-State: AOJu0Yye8tSrzjXRTd/JYshuAPS9jpberSsT+yCQFuT54LnANoj3zf7a ZoS7C2SPspexaYoN4ZNt9p6sSq7Xjo5p+9358U240A== X-Google-Smtp-Source: AGHT+IElvaecPpjfiTHqRvUNppNgDskiGSoVjD555EAscxBmPNaZ3+KwJBB4k+ZKs9WHgkeAFuTQJQ== X-Received: by 2002:a05:6a21:185:b0:186:652a:7b9c with SMTP id le5-20020a056a21018500b00186652a7b9cmr9244552pzb.20.1700018282433; Tue, 14 Nov 2023 19:18:02 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.18.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:18:02 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 12/17] cve-check: don't warn if a patch is remote Date: Tue, 14 Nov 2023 17:17:29 -1000 Message-Id: <32a19dfbaac38cd4864281a1131ac65e1216318f.1700018112.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:18:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190542 From: Ross Burton We don't make do_cve_check depend on do_unpack because that would be a waste of time 99% of the time. The compromise here is that we can't scan remote patches for issues, but this isn't a problem so downgrade the warning to a note. Also move the check for CVEs in the filename before the local file check so that even with remote patches, we still check for CVE references in the name. Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 0251cad677579f5b4dcc25fa2f8552c6040ac2cf) Signed-off-by: Steve Sakoman --- meta/lib/oe/cve_check.py | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py index a91d691c30..ed4af18ced 100644 --- a/meta/lib/oe/cve_check.py +++ b/meta/lib/oe/cve_check.py @@ -114,11 +114,6 @@ def get_patched_cves(d): for url in oe.patch.src_patches(d): patch_file = bb.fetch.decodeurl(url)[2] - # Remote compressed patches may not be unpacked, so silently ignore them - if not os.path.isfile(patch_file): - bb.warn("%s does not exist, cannot extract CVE list" % patch_file) - continue - # Check patch file name for CVE ID fname_match = cve_file_name_match.search(patch_file) if fname_match: @@ -126,6 +121,12 @@ def get_patched_cves(d): patched_cves.add(cve) bb.debug(2, "Found CVE %s from patch file name %s" % (cve, patch_file)) + # Remote patches won't be present and compressed patches won't be + # unpacked, so say we're not scanning them + if not os.path.isfile(patch_file): + bb.note("%s is remote or compressed, not scanning content" % patch_file) + continue + with open(patch_file, "r", encoding="utf-8") as f: try: patch_text = f.read() From patchwork Wed Nov 15 03:17:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34508 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7FC73C47074 for ; Wed, 15 Nov 2023 03:18:06 +0000 (UTC) Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com [209.85.215.174]) by mx.groups.io with SMTP id smtpd.web10.4877.1700018285353321532 for ; Tue, 14 Nov 2023 19:18:05 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=v93zv2Nt; spf=softfail (domain: sakoman.com, ip: 209.85.215.174, mailfrom: steve@sakoman.com) Received: by mail-pg1-f174.google.com with SMTP id 41be03b00d2f7-5bdb0be3591so5018292a12.2 for ; Tue, 14 Nov 2023 19:18:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018284; x=1700623084; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=maJummaCH/YIjMqoCIuVO+Gjw+QXYVkapUXhhycRuY4=; b=v93zv2NtJF3ZlOsgZuN4WBfvwiuVMMZil/BquWpzZjjs5m9bwj/LlGQ7xSab20UyQp +B8/7HlyDcbVMtw0yQfZNQJuWkSqEewokUDXI2laEbMrjoecXCicJ+iPs1Z/AJGXIlvO hfMPg5/+BRYZZXr4iYz+03U7zaw9H7CDKDqbzcmuGiLlxobmu6NYnhvZ3rRR0QJSWDCg AUZXctqVWnJboJd5+EbXMc4sK9Ht/3Ifc61zWx6RrqZ9M6J/sLIwtvw6wJ31AeNd/ye0 RXHja39vgaN+tZind3fcAJiI31rnCHNJ6uRggJ7cdQZqaFuyGD94NMhmUtO9e90p8ldO r1fg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018284; x=1700623084; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=maJummaCH/YIjMqoCIuVO+Gjw+QXYVkapUXhhycRuY4=; b=M/WKGM1zLy1q3TW4UH8WfhBo5DsSZgSyJq6pdTHTCe/ow4LL281uAs4dEv/ukpTN2q SugavnzBS1YLGUyvXppo+DWd5K3P0aNCH3Z2VllheIv9YPpv1eXGtsyp6vynJpxOv9jn au7KBoG3UDEezm/EJhZfiJ4WxVdOP0NtDOQ4Tfj35M9Kv5PnMIwsA/L286XZjNDDrGjl 4FKsb2TzBUlyVKSDRH9vOc0lLsd6IJpoXylN/wsiQ7glc0+KdfdJlPLP6Xiz2Io1bvuu oGTC8OkpbV6ErbtlAwEyc2RBnsIaYVpxgQbHuYqgu3SpiLswT6EFDn+d12Ia480EoHAT 2SMw== X-Gm-Message-State: AOJu0YyJ3xKxTy58R1Ca5pcrHwRuYojIFbX7RifaasmfFWGh4wsPzE3I dGaMHkrklNJHHavZ2IG6gQK6aUVGot06+r45u2TiXw== X-Google-Smtp-Source: AGHT+IGl0X1y85QaUWfDhhkJDgF0ePS5SSrVrqySl2pAamZZPgW2IyqDZmToOBAjiSkDJALJEswcqw== X-Received: by 2002:a05:6a20:8f14:b0:185:c28f:d188 with SMTP id b20-20020a056a208f1400b00185c28fd188mr14763768pzk.45.1700018284130; Tue, 14 Nov 2023 19:18:04 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.18.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:18:03 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 13/17] assimp: Explicitly use nobranch=1 in SRC_URI Date: Tue, 14 Nov 2023 17:17:30 -1000 Message-Id: <4bd92b9621909b8b528b648529baaaa48bc1c424.1700018112.git.steve@sakoman.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:18:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190543 From: Naveen Saini Branch 'assimp_5.0_release' is not present in repo. Error: assimp-5.0.1-r0 do_fetch: Fetcher failure: Unable to find revision 8f0c6b04b2257a520aaab38421b2e090204b69df in branch assimp_5.0_release even from upstream Set nobranch=1, to fetch from v5.0.1 tag. Signed-off-by: Naveen Saini Signed-off-by: Steve Sakoman --- meta/recipes-graphics/vulkan/assimp_5.0.1.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb index 295ac12fc5..0774f37e31 100644 --- a/meta/recipes-graphics/vulkan/assimp_5.0.1.bb +++ b/meta/recipes-graphics/vulkan/assimp_5.0.1.bb @@ -8,7 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=2119edef0916b0bd511cb3c731076271" DEPENDS = "zlib" -SRC_URI = "git://github.com/assimp/assimp.git;branch=assimp_5.0_release;protocol=https \ +SRC_URI = "git://github.com/assimp/assimp.git;nobranch=1;protocol=https \ file://0001-closes-https-github.com-assimp-assimp-issues-2733-up.patch \ file://0001-Use-ASSIMP_LIB_INSTALL_DIR-to-search-library.patch \ " From patchwork Wed Nov 15 03:17:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34512 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8EA6CC47075 for ; Wed, 15 Nov 2023 03:18:16 +0000 (UTC) Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by mx.groups.io with SMTP id smtpd.web11.5044.1700018286696917510 for ; Tue, 14 Nov 2023 19:18:06 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=H7p+DQhG; spf=softfail (domain: sakoman.com, ip: 209.85.214.175, mailfrom: steve@sakoman.com) Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1cc329ce84cso56805595ad.2 for ; Tue, 14 Nov 2023 19:18:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018286; x=1700623086; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=pLI4Ab2c61bGJmlpV94OlDnyW4FyFGMJyyA1fnGvw6s=; b=H7p+DQhGbp+K8J6y8CXu5vYKWE9e0SOaltQbAJjg3edMLkoSIiaK3OarhNT1Ug3ILK FOItEs0XGOJqBW4Tb8mmG8pfMrHQHy5hKIjfkysSVbbTvQNcfIg4ZklY5E8DaTloBvr8 d37KOgMVfUG4scUskkFCoPnzx9Bi8+YUHoaUshOBZoBNQ6m1vbzSRKz03htNcDCYx9Oj IOR57/NHlVc3PINRh8sfQLCkPMQycNEeSkKrS5ApwoWYn1h5Hcbee2X/+zS8Hr8z1bMI dZW25Svv2pjM592QrZku+feOW93KnbCkGYkckhDM8p71LaeoPjtFwvtuVKG+pNrWvluB HGNQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018286; x=1700623086; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pLI4Ab2c61bGJmlpV94OlDnyW4FyFGMJyyA1fnGvw6s=; b=oalM9ruGMYOooHqqb87rRRNN9hGv5wFSOKun+LfWxQXv1/47OsxW7X9KllLuS2BqRW Z0uXb0kr3Q35/7DfPxscdtRTN9yMcUodmwb9P63G9xy04dVb9ZGv7/CdUJyBv90U045e zaezMWuTmeK69P5iU6OFByrTNjwTOyHxZ0qN6Rj56Cl9cYalYwP0nqGG2Ttxs8PcaBwa vxOkSm2V7oWvFwBLxaD6QQM/BSIia3dLXkHcr9H+Ecl936mmO1LKtQ77yMh+bIBhKBsT E497nRLiSXsRMtBjT0cmC84n0hRP8Lt4gvGUXSeXB09To0XqXWgd/83i54839IZw0/m4 s+ng== X-Gm-Message-State: AOJu0Yzp1+OUTWYwQcUhn5HG6fi7/BiPbH3TbifCjQZ4lsnTEe1pL1Xi VAPU6uLpPZ1aUQkOHzoWbBtKjm4P4tCybHVp+hTBBA== X-Google-Smtp-Source: AGHT+IEyHeZcf4TExQ7IRg7OtLHHH4LR4hdXd7YyaziF8CLCziKAzE12WexvUeJd9nOq3teMQz2wdA== X-Received: by 2002:a17:902:b618:b0:1cc:449b:689e with SMTP id b24-20020a170902b61800b001cc449b689emr4138855pls.20.1700018285826; Tue, 14 Nov 2023 19:18:05 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.18.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:18:05 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 14/17] resolvconf: Fix fetch error Date: Tue, 14 Nov 2023 17:17:31 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:18:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190544 From: Naveen Saini Branch 'master' renamed to 'unstable', which causing following failure. Error: Fetcher failure: Unable to find revision cb19bbfbe7e52174332f68bf2f295b39d119fad3 in branch master even from upstream Switch to 'unstanble' branch. Signed-off-by: Naveen Saini Signed-off-by: Steve Sakoman --- meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb b/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb index f482bd297f..5f0a5eac70 100644 --- a/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb +++ b/meta/recipes-connectivity/resolvconf/resolvconf_1.82.bb @@ -11,7 +11,7 @@ AUTHOR = "Thomas Hood" HOMEPAGE = "http://packages.debian.org/resolvconf" RDEPENDS_${PN} = "bash" -SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=master \ +SRC_URI = "git://salsa.debian.org/debian/resolvconf.git;protocol=https;branch=unstable \ file://fix-path-for-busybox.patch \ file://99_resolvconf \ " From patchwork Wed Nov 15 03:17:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34513 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A3F7EC47076 for ; Wed, 15 Nov 2023 03:18:16 +0000 (UTC) Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com [209.85.214.182]) by mx.groups.io with SMTP id smtpd.web10.4881.1700018288783458824 for ; Tue, 14 Nov 2023 19:18:08 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=oI55lxdA; spf=softfail (domain: sakoman.com, ip: 209.85.214.182, mailfrom: steve@sakoman.com) Received: by mail-pl1-f182.google.com with SMTP id d9443c01a7336-1cc3542e328so48057145ad.1 for ; Tue, 14 Nov 2023 19:18:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018287; x=1700623087; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=CoQYmkKbFuL+X2G2ota++Axb2enhm9OWpjYjt2vqt5o=; b=oI55lxdA5RS0FKAr9QN1Ro+DoJRwK6gkRkY9Pas0N9RWNVI5RZBH/OSCyvm5+YzRyc +SI+NTsDmypnkm+GdlRFL9YUC9u5tHxC+XAmHu4if8PCFFQldtqE0X3IXTjNcHSS+GqJ OjMx9rvlhZIqymLt0dW+MGDmQspUU1WbNPfOg8KEOmG9KKw8bqbWMdmzZfvJQSjzjy1F 3Hn8bo0OJqfn7I+JDpfprYnQlIco0hbEWKd0RMND5pxK9fEcPYdvfGptz6+fsNARw62s QAIL1vbwmgyb+ZqiXkBsuVyXzu0utcI08qmyITRY733yEFnicEsJFa/GJno7CgSRZD5e XGgA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018287; x=1700623087; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CoQYmkKbFuL+X2G2ota++Axb2enhm9OWpjYjt2vqt5o=; b=AVQGt6mQm4nYJNWHVksqZzRNEu5VdK+7yOdg+crEcat4aJGSoo23rEUI3Zgg983s16 9JWq9P52nvNU/R2k+a1hra0VHS493o/aFZZr/hmBV5ilPbyWiPDyDLGGbwoGg9Z6BUiN LrtIqqTi5qdIODwujSwzR/ZjbjiZM4NfQiU7oMEog1EkrDK3Oy1xMLozsjjl1GYPLN9t 6HFAgqI6yRfdxNbzKCTveo91vx4jjf+GXf48Fw4ahkRheZSh1PDISM5YThRoYgO/YMff dUIDOXblXETOKy3tNKt8uZ99h/VPYWQPmNx8lmyK19jTESgh2XYb8X9MpE0pe0DPUGem G+Iw== X-Gm-Message-State: AOJu0YyzOh+wr9/Lgu7I0q+ycSU27R3MVgzm46IAqS7BbbT297faiPk2 ohOZaRumdqtGR+xf3VIicYd0qulvvxNoH7q6BXWqcg== X-Google-Smtp-Source: AGHT+IHoU++9+xnkJVyXleQYj68BqZjf0l145fUD3Vv9nZBpHb9cKmvFAliFei3uI0Cj5Yqy0aK/dg== X-Received: by 2002:a17:902:d4cd:b0:1c9:ea71:8032 with SMTP id o13-20020a170902d4cd00b001c9ea718032mr4424266plg.31.1700018287534; Tue, 14 Nov 2023 19:18:07 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.18.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:18:07 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 15/17] lz4: use CFLAGS from bitbake Date: Tue, 14 Nov 2023 17:17:32 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:18:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190545 From: Mikko Rapeli Currently lz4 uses it's own defaults which include O3 optimization. Switch from O3 to bitbake default O2 reduces binary package size from 467056 to 331888 bytes. Enables also building with Os if needed. Signed-off-by: Mikko Rapeli Signed-off-by: Richard Purdie (cherry picked from commit abaaf8c6bcd368728d298937a9406eb2aebc7a7d) Signed-off-by: Steve Sakoman --- meta/recipes-support/lz4/lz4_1.9.2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-support/lz4/lz4_1.9.2.bb b/meta/recipes-support/lz4/lz4_1.9.2.bb index 0c4a0ac807..c2e24b518c 100644 --- a/meta/recipes-support/lz4/lz4_1.9.2.bb +++ b/meta/recipes-support/lz4/lz4_1.9.2.bb @@ -23,7 +23,7 @@ S = "${WORKDIR}/git" # Fixed in r118, which is larger than the current version. CVE_CHECK_WHITELIST += "CVE-2014-4715" -EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" +EXTRA_OEMAKE = "PREFIX=${prefix} CC='${CC}' CFLAGS='${CFLAGS}' DESTDIR=${D} LIBDIR=${libdir} INCLUDEDIR=${includedir} BUILD_STATIC=no" do_install() { oe_runmake install From patchwork Wed Nov 15 03:17:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34511 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 89133C47071 for ; Wed, 15 Nov 2023 03:18:16 +0000 (UTC) Received: from mail-pl1-f171.google.com (mail-pl1-f171.google.com [209.85.214.171]) by mx.groups.io with SMTP id smtpd.web10.4883.1700018290496096712 for ; Tue, 14 Nov 2023 19:18:10 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=pvyOpMoh; spf=softfail (domain: sakoman.com, ip: 209.85.214.171, mailfrom: steve@sakoman.com) Received: by mail-pl1-f171.google.com with SMTP id d9443c01a7336-1cc2575dfc7so47771675ad.1 for ; Tue, 14 Nov 2023 19:18:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018289; x=1700623089; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=WMlAktUYcjXpOXky8zYCqIKRSIKAPiKh83MyGltZ5JY=; b=pvyOpMohRQjk3zp5UViiDIleFkF6VIAaK44iTU2NNQrC7lMz5MvR7FQjqWy/36v5mY DJvOGevPha7s3XBtzYVBGrOdQI/H9AtnLIk0bse88RvgvrTdQGLAsSwIIk1+PzT476vt BkIbu6//HxrdhmLmhcr7lNHmzKTo3/XdTPNS5zIML4ywCBzynk+1PN/y/ryhjaZeDtMX KjVWczQtc1RyMOzCKyWWgfR96D6VNnnCL/P/we00qqws9+CrEF1Ozh/jMhQxpTnDL8ON 6oxoHdPufpK0ash7aW5Y9mzJOCuzo/U1Cl2PalNgR1Jewcq0ByZ2mPrfXWiPCsA5ApUo EZaQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018289; x=1700623089; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=WMlAktUYcjXpOXky8zYCqIKRSIKAPiKh83MyGltZ5JY=; b=Y+GWMArAhfdXLa14boKX2g4YG+xOqSN0vPxJp9w1DMbYZwjd3u4PhPsW0p5BhIvCN/ ESIhf9WCmSZ0bpHgkWQZ6o+WOJfp2Fz0DAlYrJfmkJmIelDxlNX6aELIYyelCx15u3ez oNcBpymITvOwUmr8z8zs0zqlnqZX9xIWiVwM6p6cVOy0MRdBbEyILVmoI2Oh6yKuxKhx jWqpQq3clsJWltKJYGgwpNSMy2tVtRLcD6XvFr5ajq4KZZPBOZxUqw1olHdoBuZkUlzk xCnZTbKMIh3GWMad54lFTeqvIcUEvqtNytMycbFPm1LnMfgGdoMPNhPDCPacsqSZP2I0 edxA== X-Gm-Message-State: AOJu0YwzaeyUxm44szHWGR6SzbtpVEuIsC2c5GZgbAVREsFdIKKD2Z0A 6s6o3ej4iKZBvdhzmaj5LxD0QMbpZ0kOk6DvezWnOw== X-Google-Smtp-Source: AGHT+IFtZyHXlBXqIOnGAX9c3uj1hcaC5VTwpuiToPuB1qN2ZncJS+9uuOgkEbgNh2GC4XvpqVkomw== X-Received: by 2002:a17:903:22c3:b0:1cc:361b:7b10 with SMTP id y3-20020a17090322c300b001cc361b7b10mr4664216plg.24.1700018289254; Tue, 14 Nov 2023 19:18:09 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.18.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:18:08 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 16/17] lz4: Update sstate/equiv versions to clean cache Date: Tue, 14 Nov 2023 17:17:33 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:18:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190546 There are cached reproducibility issues on the autobuilder due to CFLAGS issues, flush the bad data out the system by bumping the versions. Signed-off-by: Steve Sakoman --- meta/recipes-support/lz4/lz4_1.9.2.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-support/lz4/lz4_1.9.2.bb b/meta/recipes-support/lz4/lz4_1.9.2.bb index c2e24b518c..bc11a57eb5 100644 --- a/meta/recipes-support/lz4/lz4_1.9.2.bb +++ b/meta/recipes-support/lz4/lz4_1.9.2.bb @@ -12,6 +12,10 @@ PE = "1" SRCREV = "fdf2ef5809ca875c454510610764d9125ef2ebbd" +# remove at next version upgrade or when output changes +PR = "r1" +HASHEQUIV_HASH_VERSION .= ".1" + SRC_URI = "git://github.com/lz4/lz4.git;branch=dev;protocol=https \ file://run-ptest \ file://CVE-2021-3520.patch \ From patchwork Wed Nov 15 03:17:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve Sakoman X-Patchwork-Id: 34514 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9A074C47074 for ; Wed, 15 Nov 2023 03:18:16 +0000 (UTC) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by mx.groups.io with SMTP id smtpd.web11.5045.1700018292136842943 for ; Tue, 14 Nov 2023 19:18:12 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601 header.b=iZFk0nAH; spf=softfail (domain: sakoman.com, ip: 209.85.210.176, mailfrom: steve@sakoman.com) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-6c39ad730aaso5117873b3a.0 for ; Tue, 14 Nov 2023 19:18:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1700018291; x=1700623091; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=f+wrIwoH4EQauXcwyYH6G5+v4KY0i0UqIY5SB5GKwPg=; b=iZFk0nAHYv/pDGbmXdTB5r1nBpkemdy2WthRBiBXe11UmpoGPPAkI5mMc5LQ6Rw8T7 Tn1C8Upau2PO3NqPfafgSfWfv/5YuZwBUGkc/Ci8go6P6EFgTcLva/4VdeP6GBXUQkHn Kp83/X1KM5tW6QJL5GZRKaQwktlRQFzTaJB8wZ3TmHJicrC1mb15aQGIVvf4OH5UA9BU PyodgSP/e3al5Iv/Eq0bh98MOIUKfGX7DE3el8Uvx3q7Z2LaD+XEXa007tmpfBBJDBPd qXDNEQn4ch3/mxnQ35TBniWj8/kJ3yEfh9T2QeR1vgGKu6hp+CGEJRQzMnq7DT/u+xKy EV4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1700018291; x=1700623091; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=f+wrIwoH4EQauXcwyYH6G5+v4KY0i0UqIY5SB5GKwPg=; b=fciyGf2wBGKqXKn/+LkBr7EJH8Du/sk4Z+L7kYaRxhm0cF5M8KJirYA/uZsGBzlPb6 rt5hk3MuC72lb77HyzUSJg4w3YE9PDQ0hbAso/UJiBa0WNFXL6IpOkaq04up/E7ae9Y4 z/66a5SfeKEHJfV3VZZfmkVyN+OGaDLZ8ayWd2BKiXIhsU6Gr9PBcJuQDY03+PNcSor9 yLJKG5IT2Wl6HKNM9seTJgF5Rb+rwizozlglsibfNvJy2XlIgo73oeSLkRN2dbDMTOVS NQoRpN/1Q13VvRhqmk2Su2XXumNEOxTqbRAGTVol9lDkK/g5LLRZyM2QBTAssG67eoWk CUqA== X-Gm-Message-State: AOJu0YxO79empl1Dk9yFt56ap1pVr4/LReqknXRqfbcksNqs0aXHXlCV s925JeQfRwpBOa6aMgx2osUI2HxLvcgw0D7l2KMG0Q== X-Google-Smtp-Source: AGHT+IHp5ZSD0CaXaRksI5E7cATY2zK9SOPvxJghW/0kJMBNwNyOwuLtdwSlujnQmSPb2IHlU/6Igg== X-Received: by 2002:a05:6a20:1609:b0:181:74fe:ba83 with SMTP id l9-20020a056a20160900b0018174feba83mr8991838pzj.40.1700018290920; Tue, 14 Nov 2023 19:18:10 -0800 (PST) Received: from hexa.lan (dhcp-72-234-108-41.hawaiiantel.net. [72.234.108.41]) by smtp.gmail.com with ESMTPSA id l5-20020a170903120500b001c6187f2875sm6369300plh.225.2023.11.14.19.18.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 Nov 2023 19:18:10 -0800 (PST) From: Steve Sakoman To: openembedded-core@lists.openembedded.org Subject: [OE-core][dunfell 17/17] selftest: skip virgl test on all fedora Date: Tue, 14 Nov 2023 17:17:34 -1000 Message-Id: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 15 Nov 2023 03:18:16 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/190547 This test will fail any time the host has libdrm > 2.4.107 Signed-off-by: Steve Sakoman --- meta/lib/oeqa/selftest/cases/runtime_test.py | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/meta/lib/oeqa/selftest/cases/runtime_test.py b/meta/lib/oeqa/selftest/cases/runtime_test.py index d80f85dba2..cc4190c1d6 100644 --- a/meta/lib/oeqa/selftest/cases/runtime_test.py +++ b/meta/lib/oeqa/selftest/cases/runtime_test.py @@ -185,14 +185,8 @@ class TestImage(OESelftestTestCase): self.skipTest('virgl isn\'t working with Centos 7') if distro and distro == 'centos-8': self.skipTest('virgl isn\'t working with Centos 8') - if distro and distro == 'fedora-34': - self.skipTest('virgl isn\'t working with Fedora 34') - if distro and distro == 'fedora-35': - self.skipTest('virgl isn\'t working with Fedora 35') - if distro and distro == 'fedora-36': - self.skipTest('virgl isn\'t working with Fedora 36') - if distro and distro == 'fedora-37': - self.skipTest('virgl isn\'t working with Fedora 37') + if distro and distro.startswith('fedora'): + self.skipTest('virgl isn\'t working with Fedora') if distro and distro == 'opensuseleap-15.0': self.skipTest('virgl isn\'t working with Opensuse 15.0') if distro and distro == 'ubuntu-22.04':