From patchwork Mon Jan  8 16:14:27 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 37492
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2D6F9C3DA6E
	for <webhook@archiver.kernel.org>; Mon,  8 Jan 2024 16:14:48 +0000 (UTC)
Received: from mail-pf1-f174.google.com (mail-pf1-f174.google.com
 [209.85.210.174])
 by mx.groups.io with SMTP id smtpd.web11.867.1704730483791813476
 for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:43 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=tCNDOblg;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.174,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f174.google.com with SMTP id
 d2e1a72fcca58-6daf9d5f111so771505b3a.0
        for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1704730483;
 x=1705335283; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=Vf0EYpGm+3PeYGaEo2P7rMXSf6DHbHwjaOvWIn9lfvg=;
        b=tCNDOblg8hthnMEi4fkmunOuc7Rpd0n+3gFehA+GnbghMuIQU9nQpcIUvCaD9q4pUS
         bqXvSfynAUrJSDsZJF8mD7i1l4VTnu+Fq+bG1lNDFIES73nBpMOzga1RP+PPUNgWHnuE
         H87LmjyHi5CYmIN+n6atG9r932lpYguWnW1Ckji0oQUDtGrsa7QoPvdCIJ+z2vK7Imrk
         AmuTG3DCnTUDy1fj3A1PkXnPzWOhqOjcE/AyUA/GsDJ4rYCMIZRZezEV6J+jCk0sXMYa
         Tdl+DAvTIalGyCKUkmsuD2P7K8ii+oSZMJ6QZ+A4TLGo+yVg3wlgPcnTWmWJnqMbQDuw
         XSFg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704730483; x=1705335283;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=Vf0EYpGm+3PeYGaEo2P7rMXSf6DHbHwjaOvWIn9lfvg=;
        b=LLZglheMhqIeVSoJ1p+jezamGxy9a0SXDcQ5u5n990JIu39WiY7Qwq+1lhHwqcPweh
         eM9WjKNm8LeCyaZ+wc1br9PfjsqpqP2JSt/5mXrvxhY8OQMNOn6YHAIGYiKo58L3A8cp
         v0IC6+jNNLYeRzsEQzJPc98HS1H3uyac5nZCWVJj4SA/IOPJyCIJFEEtWVC2csGcISfJ
         o3b1d+jQWrzmY3hd1HJc9CBMVw7KeM5kPm9ihORRpjKIWYV/QLBb/+HC1nxMPlI9T9Ac
         g454cF1JFZAAHHfvwbnjnyX84Z3rS9PkRFmJoVfVtqosiZBm24m3b/l182qdGiz5qzi1
         oVeA==
X-Gm-Message-State: AOJu0YxWRHi3E8+8RK38IIlJAUzLlSjFwUGAUycI99aAQ+n2rFBx6S2f
	joiRA/FN8l29zY4MOFXWvhLZhTKpXHhtXwQhc+7p4zKl6hQf7A==
X-Google-Smtp-Source: 
 AGHT+IFwBTRF/JwIED9M4MSbJY+KXHZw2Uufsa+yvFCMAzR27ZQ4mIaC6PPy8+DhxNcunO8E1UUVWQ==
X-Received: by 2002:a05:6a00:138f:b0:6d9:e7d0:327f with SMTP id
 t15-20020a056a00138f00b006d9e7d0327fmr4696078pfg.23.1704730482730;
        Mon, 08 Jan 2024 08:14:42 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net.
 [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 a11-20020aa78e8b000000b006da14f68ac1sm45753pfr.198.2024.01.08.08.14.41
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 08 Jan 2024 08:14:42 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 1/6] xserver-xorg: Fix for CVE-2023-6377 and
 CVE-2023-6478
Date: Mon,  8 Jan 2024 06:14:27 -1000
Message-Id: 
 <abadef9d1759254699577fe40ee353e75958f9a2.1704730354.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1704730354.git.steve@sakoman.com>
References: <cover.1704730354.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 08 Jan 2024 16:14:48 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/193416

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
&
https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 .../xserver-xorg/CVE-2023-6377.patch          | 79 +++++++++++++++++++
 .../xserver-xorg/CVE-2023-6478.patch          | 63 +++++++++++++++
 .../xorg-xserver/xserver-xorg_21.1.8.bb       |  2 +
 3 files changed, 144 insertions(+)
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
 create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch

diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
new file mode 100644
index 0000000000..0abd5914fa
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6377.patch
@@ -0,0 +1,79 @@
+From 0c1a93d319558fe3ab2d94f51d174b4f93810afd Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Tue, 28 Nov 2023 15:19:04 +1000
+Subject: [PATCH] Xi: allocate enough XkbActions for our buttons
+
+button->xkb_acts is supposed to be an array sufficiently large for all
+our buttons, not just a single XkbActions struct. Allocating
+insufficient memory here means when we memcpy() later in
+XkbSetDeviceInfo we write into memory that wasn't ours to begin with,
+leading to the usual security ooopsiedaisies.
+
+CVE-2023-6377, ZDI-CAN-22412, ZDI-CAN-22413
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd]
+CVE: CVE-2023-6377
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ Xi/exevents.c | 12 ++++++------
+ dix/devices.c | 10 ++++++++++
+ 2 files changed, 16 insertions(+), 6 deletions(-)
+
+diff --git a/Xi/exevents.c b/Xi/exevents.c
+index dcd4efb3bc..54ea11a938 100644
+--- a/Xi/exevents.c
++++ b/Xi/exevents.c
+@@ -611,13 +611,13 @@ DeepCopyPointerClasses(DeviceIntPtr from, DeviceIntPtr to)
+         }
+ 
+         if (from->button->xkb_acts) {
+-            if (!to->button->xkb_acts) {
+-                to->button->xkb_acts = calloc(1, sizeof(XkbAction));
+-                if (!to->button->xkb_acts)
+-                    FatalError("[Xi] not enough memory for xkb_acts.\n");
+-            }
++            size_t maxbuttons = max(to->button->numButtons, from->button->numButtons);
++            to->button->xkb_acts = xnfreallocarray(to->button->xkb_acts,
++                                                   maxbuttons,
++                                                   sizeof(XkbAction));
++            memset(to->button->xkb_acts, 0, maxbuttons * sizeof(XkbAction));
+             memcpy(to->button->xkb_acts, from->button->xkb_acts,
+-                   sizeof(XkbAction));
++                   from->button->numButtons * sizeof(XkbAction));
+         }
+         else {
+             free(to->button->xkb_acts);
+diff --git a/dix/devices.c b/dix/devices.c
+index b063128df0..3f3224d626 100644
+--- a/dix/devices.c
++++ b/dix/devices.c
+@@ -2539,6 +2539,8 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+ 
+     if (master->button && master->button->numButtons != maxbuttons) {
+         int i;
++        int last_num_buttons = master->button->numButtons;
++
+         DeviceChangedEvent event = {
+             .header = ET_Internal,
+             .type = ET_DeviceChanged,
+@@ -2549,6 +2551,14 @@ RecalculateMasterButtons(DeviceIntPtr slave)
+         };
+ 
+         master->button->numButtons = maxbuttons;
++        if (last_num_buttons < maxbuttons) {
++            master->button->xkb_acts = xnfreallocarray(master->button->xkb_acts,
++                                                       maxbuttons,
++                                                       sizeof(XkbAction));
++            memset(&master->button->xkb_acts[last_num_buttons],
++                   0,
++                   (maxbuttons - last_num_buttons) * sizeof(XkbAction));
++        }
+ 
+         memcpy(&event.buttons.names, master->button->labels, maxbuttons *
+                sizeof(Atom));
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
new file mode 100644
index 0000000000..6392eae3f8
--- /dev/null
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/CVE-2023-6478.patch
@@ -0,0 +1,63 @@
+From 14f480010a93ff962fef66a16412fafff81ad632 Mon Sep 17 00:00:00 2001
+From: Peter Hutterer <peter.hutterer@who-t.net>
+Date: Mon, 27 Nov 2023 16:27:49 +1000
+Subject: [PATCH] randr: avoid integer truncation in length check of
+ ProcRRChange*Property
+
+Affected are ProcRRChangeProviderProperty and ProcRRChangeOutputProperty.
+See also xserver@8f454b79 where this same bug was fixed for the core
+protocol and XI.
+
+This fixes an OOB read and the resulting information disclosure.
+
+Length calculation for the request was clipped to a 32-bit integer. With
+the correct stuff->nUnits value the expected request size was
+truncated, passing the REQUEST_FIXED_SIZE check.
+
+The server then proceeded with reading at least stuff->num_items bytes
+(depending on stuff->format) from the request and stuffing whatever it
+finds into the property. In the process it would also allocate at least
+stuff->nUnits bytes, i.e. 4GB.
+
+CVE-2023-6478, ZDI-CAN-22561
+
+This vulnerability was discovered by:
+Jan-Niklas Sohn working with Trend Micro Zero Day Initiative
+
+Upstream-Status: Backport [https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632]
+CVE: CVE-2023-6478
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ randr/rrproperty.c         | 2 +-
+ randr/rrproviderproperty.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/randr/rrproperty.c b/randr/rrproperty.c
+index 25469f57b2..c4fef8a1f6 100644
+--- a/randr/rrproperty.c
++++ b/randr/rrproperty.c
+@@ -530,7 +530,7 @@ ProcRRChangeOutputProperty(ClientPtr client)
+     char format, mode;
+     unsigned long len;
+     int sizeInBytes;
+-    int totalSize;
++    uint64_t totalSize;
+     int err;
+ 
+     REQUEST_AT_LEAST_SIZE(xRRChangeOutputPropertyReq);
+diff --git a/randr/rrproviderproperty.c b/randr/rrproviderproperty.c
+index b79c17f9bf..90c5a9a933 100644
+--- a/randr/rrproviderproperty.c
++++ b/randr/rrproviderproperty.c
+@@ -498,7 +498,7 @@ ProcRRChangeProviderProperty(ClientPtr client)
+     char format, mode;
+     unsigned long len;
+     int sizeInBytes;
+-    int totalSize;
++    uint64_t totalSize;
+     int err;
+ 
+     REQUEST_AT_LEAST_SIZE(xRRChangeProviderPropertyReq);
+-- 
+GitLab
+
diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
index 63932b4e79..7738085e11 100644
--- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
+++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_21.1.8.bb
@@ -4,6 +4,8 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat
            file://0001-Avoid-duplicate-definitions-of-IOPortBase.patch \
            file://CVE-2023-5367.patch \
            file://CVE-2023-5380.patch \
+           file://CVE-2023-6377.patch \
+           file://CVE-2023-6478.patch \
            "
 SRC_URI[sha256sum] = "38aadb735650c8024ee25211c190bf8aad844c5f59632761ab1ef4c4d5aeb152"
 

From patchwork Mon Jan  8 16:14:28 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 37491
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2E72FC47079
	for <webhook@archiver.kernel.org>; Mon,  8 Jan 2024 16:14:48 +0000 (UTC)
Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com
 [209.85.210.181])
 by mx.groups.io with SMTP id smtpd.web10.842.1704730485978013172
 for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:46 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=CVeKvjoD;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f181.google.com with SMTP id
 d2e1a72fcca58-6d9af1f12d5so1687119b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1704730484;
 x=1705335284; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=xi6qd1JPF3xPg/DCk1ZF3l4NxD/DbyPunGfZCoOuSLI=;
        b=CVeKvjoDdJfmU+91XlBw84RAndqx/VMhSMDazAI63A0zGFAU1Ct5izdBpTnBonAO4b
         qhkwIbGNTBesx7joZR9EOAMwtAvKuDx3/e3TQtqlxkfZK0odIarH4T2Zek0nC8NVxiV+
         8Jnm5Ds7PBemHpeTvzoye4I9Oinz9S+RwUtpOGjh1KZ/aFClQi8L979w8ptBqv6TzuTn
         9BmhoJzsQ/zavjTcOx5phgcDKwSVH+huPvtc3u/DNzMG8Zi/sh8QkRpEq+YZV7tn09a6
         niyH5CzSQ8GX77rNCt60mcdmTHymv4MiQk8ZlDK/aNGaQ+rEhxoFnd84z5nCwovUFVD0
         0GCA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704730484; x=1705335284;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=xi6qd1JPF3xPg/DCk1ZF3l4NxD/DbyPunGfZCoOuSLI=;
        b=T/701pF0deFlE3MySL42Mzsr0J5gBrqC3jf8Y8JzC/ONj60nT0XQdADVbB/leVYPN9
         17ucpv4R+xME5lQQUwd5X+yMIvORSjzcXkY9p8VUEo+xwWGtkxj9IVe43l38M+tMmVyd
         bvUx3JkaEdF/3HYOADY/ilyQpFNN2JA+Ljajl2jQ9sSahUeSyYpU0vZVl4oiXFo0Qzra
         au043PLyXEnSvt+vQpjQMlP823WU1DmIQ4AOHAMoHL0ixAHxZpEjGuwXHg2sNfZ5oSvO
         xQAqERmYLnPM5NOyxPgt07L7wGn8pe1tL83udczISjVwH1qnvHs03txFa3bM4oHW9SLx
         RI0Q==
X-Gm-Message-State: AOJu0Yy+6FDiJsmfSdb05IhVxQJRG2bkIfnnkBkl9CNSRytNOYEGjk8X
	82URy19hq4+uyVgh+aFGnqfa+JoKlvGCiJMnCTdVQCk1Y8PbMQ==
X-Google-Smtp-Source: 
 AGHT+IGCa6g4Yvi5H2d/e92qK5MSF/t1Sh9IZdnmISRZlIr1aQuwEub+R3Zhp2B1jOc9WjW6hx7Xqw==
X-Received: by 2002:a05:6a20:1e60:b0:199:86ea:5e26 with SMTP id
 cy32-20020a056a201e6000b0019986ea5e26mr3131921pzb.112.1704730484678;
        Mon, 08 Jan 2024 08:14:44 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net.
 [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 a11-20020aa78e8b000000b006da14f68ac1sm45753pfr.198.2024.01.08.08.14.43
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 08 Jan 2024 08:14:44 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 2/6] cve-update-nvd2-native: remove unused
 variable CVE_SOCKET_TIMEOUT
Date: Mon,  8 Jan 2024 06:14:28 -1000
Message-Id: 
 <0a73edbdda8af9d4b82367827d1351feef810607.1704730354.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1704730354.git.steve@sakoman.com>
References: <cover.1704730354.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 08 Jan 2024 16:14:48 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/193417

From: Peter Marko <peter.marko@siemens.com>

This variable is not referenced in oe-core anymore.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 905b45a814cb33327503b793741c19b44c8550b3)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 67d76f75dd..64a96a46f0 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -26,9 +26,6 @@ NVDCVE_API_KEY ?= ""
 # Use a negative value to skip the update
 CVE_DB_UPDATE_INTERVAL ?= "86400"
 
-# Timeout for blocking socket operations, such as the connection attempt.
-CVE_SOCKET_TIMEOUT ?= "60"
-
 CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db"
 
 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"

From patchwork Mon Jan  8 16:14:29 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 37497
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0FBBAC47079
	for <webhook@archiver.kernel.org>; Mon,  8 Jan 2024 16:14:58 +0000 (UTC)
Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com
 [209.85.210.169])
 by mx.groups.io with SMTP id smtpd.web11.868.1704730487924131892
 for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:47 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Kzr/4mgA;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.169,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f169.google.com with SMTP id
 d2e1a72fcca58-6dad22e13dcso918676b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1704730486;
 x=1705335286; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=ciOVFYN4NTpoEnTDMR4neSUumR8U4dkfVFt7Vr8U6OY=;
        b=Kzr/4mgAttlY9mQM1Spat1GdYszAxfqgaxnrsMU9P7iRkS7z6OkYQ8M0GgF3LWWzX8
         xzTsg7zJF81uPZqGBcB990LqWmSKo+ITOD35MWNoR7s1wVgxOxiLuHUrtiWdCCoMDR3J
         AXXOeCCD+MexZZS1GaVSfcQMseqN53NcJjFh+tJGU5SBVAt9ITBPXgYyXzXA3sMRIbDk
         DSF182lDkuUJ/EtRYF7NJg3h/M6Y+zCJ5b9p2hCQq4EmqkrghWFc2KQthiGuXnOgHLJQ
         0rsvHG+nypnZ+uBmf/fyhSjDlAHhTOsgvhLX2oGVIg0EgDpL7qSfvufPn1sVQCDjdb7C
         vKiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704730486; x=1705335286;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=ciOVFYN4NTpoEnTDMR4neSUumR8U4dkfVFt7Vr8U6OY=;
        b=buhc2qwJC5eDXp0qis3zgJok8nyyCmQip0+uvyN4RrN0ITuhO05tNqBQUDP7mUVtRf
         wfl8Yw3EPnihfVequurpa3FYYc5+kjxlvFrztd6L1he8hXn09IJaUZAoVCE03085BDz0
         T4gCKYWhOX8XJepky69L/RSDE97rVm4AHwYvdw00D79xD62JtXDWNa8Aybvihuv/ElOY
         NwjRKS+EuY8qDA5f4O4ZJodzFfx5+nIVKn9iNdrFZ5EHikYa1bdagb9E3ueZT/mPR1xT
         Ee4U0Pjkfm4mJOO0r/Zi16E/rE9Z3ERhC5uYP78vigqSHkjaOFVqSNL2AW1zSd52X+NV
         6Xmg==
X-Gm-Message-State: AOJu0YzwCjkAcfgPd5ImnuORB8lkrLIA1dblsuVRbvthVv/BJv+nnyB+
	5WyqdC7vywBFYgijoe05kTNqOVveKmmgEfXWEfam2zF0UGKuNQ==
X-Google-Smtp-Source: 
 AGHT+IFbZ/Iqb8Wu/Ey+RhcROGVlfaedCNrVwxJx7Mi8wim6UPafVlfrIx5rvUeihi607z/HKySWgw==
X-Received: by 2002:a05:6a20:968e:b0:195:3022:9ec6 with SMTP id
 hp14-20020a056a20968e00b0019530229ec6mr1280771pzc.102.1704730486393;
        Mon, 08 Jan 2024 08:14:46 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net.
 [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 a11-20020aa78e8b000000b006da14f68ac1sm45753pfr.198.2024.01.08.08.14.45
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 08 Jan 2024 08:14:46 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 3/6] cve-update-nvd2-native: make number of fetch
 attemtps configurable
Date: Mon,  8 Jan 2024 06:14:29 -1000
Message-Id: 
 <10f1c16c813668b081ce204cc3c19d1d12963788.1704730354.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1704730354.git.steve@sakoman.com>
References: <cover.1704730354.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 08 Jan 2024 16:14:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/193418

From: Peter Marko <peter.marko@siemens.com>

Sometimes NVD servers are unstable and return too many errors.

Last time we increased number of attempts from 3 to 5, but
further increasing is not reasonable as in normal case
too many retries is just abusive.

Keep retries low as default and allow to increase as needed.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 6b6fd8043d83b99000054ab6ad2c745d07c6bcc1)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 64a96a46f0..dab0b69edc 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -26,6 +26,9 @@ NVDCVE_API_KEY ?= ""
 # Use a negative value to skip the update
 CVE_DB_UPDATE_INTERVAL ?= "86400"
 
+# Number of attmepts for each http query to nvd server before giving up
+CVE_DB_UPDATE_ATTEMPTS ?= "5"
+
 CVE_DB_TEMP_FILE ?= "${CVE_CHECK_DB_DIR}/temp_nvdcve_2.db"
 
 CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_2.db"
@@ -111,7 +114,7 @@ def cleanup_db_download(db_file, db_tmp_file):
     if os.path.exists(db_tmp_file):
         os.remove(db_tmp_file)
 
-def nvd_request_next(url, api_key, args):
+def nvd_request_next(url, attempts, api_key, args):
     """
     Request next part of the NVD dabase
     """
@@ -127,7 +130,7 @@ def nvd_request_next(url, api_key, args):
         request.add_header("apiKey", api_key)
     bb.note("Requesting %s" % request.full_url)
 
-    for attempt in range(5):
+    for attempt in range(attempts):
         try:
             r = urllib.request.urlopen(request)
 
@@ -183,10 +186,11 @@ def update_db_file(db_tmp_file, d, database_time):
         index = 0
         url = d.getVar("NVDCVE_URL")
         api_key = d.getVar("NVDCVE_API_KEY") or None
+        attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS"))
 
         while True:
             req_args['startIndex'] = index
-            raw_data = nvd_request_next(url, api_key, req_args)
+            raw_data = nvd_request_next(url, attempts, api_key, req_args)
             if raw_data is None:
                 # We haven't managed to download data
                 return False

From patchwork Mon Jan  8 16:14:30 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 37496
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0FEBBC4707C
	for <webhook@archiver.kernel.org>; Mon,  8 Jan 2024 16:14:58 +0000 (UTC)
Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com
 [209.85.210.173])
 by mx.groups.io with SMTP id smtpd.web10.843.1704730489448448794
 for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:49 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=xZ7REDnt;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.173,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f173.google.com with SMTP id
 d2e1a72fcca58-6da9c834646so1641151b3a.3
        for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1704730488;
 x=1705335288; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=RyFqBbnSUU+ogcAP6atDmRL4dkW4omDzlWpY7cBzWsc=;
        b=xZ7REDntfG6EUXVOMQMffB3hKAE5CJ1fvHCDJB9Biz4Yu63Z114wxMexoYI512Qcf4
         b2vmGV/0YPQMV7uP0oIquCDK32tEPo5wEEDow1dUTM5G9VhDng11QpX0YXhnURpbMTX5
         xPdA3GYh5G9fHPMhEerZjL2OVfx6P4zJmCR6vWoIGDGUCnIBq+TrxWVI96jFQN10tJRN
         vvVRYEPguw1c0KPLaQW5KOlRDUNj3R37HnqPWd9oATX8nUur/3C4fTlhrOG5dOxHcmCW
         q9EABidsZ25N7dZWRKyijAYz95/zs0YXt6UeC5fq6UsGKzExahT5x9SSfufXwsYkG3+c
         Lhvg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704730488; x=1705335288;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=RyFqBbnSUU+ogcAP6atDmRL4dkW4omDzlWpY7cBzWsc=;
        b=wlKoKdvOyVOXnvoP7zZzRbEQoi+t7BpjhxdkDnrYk1vUHfcAaOYNBpzlrwDFTK9d7F
         n7H79qB9CyCKBxWzxRSn2nLYaKSPoMd50anbTij/MvDvuCUMJW3z1LSK1gRa6eJtw3zd
         vihwf5wMzZr0VRhwZZGsUjG/CsdjCRXHTV2Rnpwxca73Dl5O/23Uhe0Pvo014dcpmHAH
         rn8FECxurXmyCMIbVCV7kr0yAISZUe4911PcXiAMmhOligAcSweOJUWSxDeIg3StlO1p
         uKDgqYsNLJz9Z7Q28CqL8kx8yojJ0sdmWbzsiQtcxwzoJmp/+bmvVygqqvYg8osE3O3R
         szaQ==
X-Gm-Message-State: AOJu0Yy3T3DzCqAMcQt7aOfkoQKwHS+Dy2+0v9xCLxUJjG9XPAezjAYR
	E/EN5KVNsJ7TD8Zqefnny4JPFdqKixSYswy19k4SiXm+LWSrug==
X-Google-Smtp-Source: 
 AGHT+IEytvhSrF9rhMbD6GAdN2429oIPHN1UJjsjV3VfyoJhos+YQusKtoRnYEk/9eixt+ug6J71Yw==
X-Received: by 2002:a05:6a00:4e59:b0:6da:dc3f:e831 with SMTP id
 gu25-20020a056a004e5900b006dadc3fe831mr4755815pfb.63.1704730488220;
        Mon, 08 Jan 2024 08:14:48 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net.
 [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 a11-20020aa78e8b000000b006da14f68ac1sm45753pfr.198.2024.01.08.08.14.47
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 08 Jan 2024 08:14:47 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 4/6] cve-update-nvd2-native: faster requests with
 API keys
Date: Mon,  8 Jan 2024 06:14:30 -1000
Message-Id: 
 <99f519fc8b141137406bf87a9ad273c82cc0236e.1704730354.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1704730354.git.steve@sakoman.com>
References: <cover.1704730354.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 08 Jan 2024 16:14:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/193419

From: Dhairya Nagodra <dnagodra@cisco.com>

As per NVD, the public rate limit is 5 requests in 30s (6s delay).
Using an API key increases the limit to 50 requests in 30s (0.6s delay).
However, NVD still recommends sleeping for several seconds so that the
other legitimate requests are serviced without denial or interruption.
Keeping the default sleep at 6 seconds and 2 seconds with an API key.

For failures, the wait time is unchanged (6 seconds).

Reference: https://nvd.nist.gov/developers/start-here#RateLimits

Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 5c32e2941d1dc3d04a799a1b7cbd275c1ccc9e79)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index dab0b69edc..0a8b6a8a0a 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -188,6 +188,11 @@ def update_db_file(db_tmp_file, d, database_time):
         api_key = d.getVar("NVDCVE_API_KEY") or None
         attempts = int(d.getVar("CVE_DB_UPDATE_ATTEMPTS"))
 
+        # Recommended by NVD
+        wait_time = 6
+        if api_key:
+            wait_time = 2
+
         while True:
             req_args['startIndex'] = index
             raw_data = nvd_request_next(url, attempts, api_key, req_args)
@@ -210,7 +215,7 @@ def update_db_file(db_tmp_file, d, database_time):
                break
 
             # Recommended by NVD
-            time.sleep(6)
+            time.sleep(wait_time)
 
         # Update success, set the date to cve_check file.
         cve_f.write('CVE database update : %s\n\n' % datetime.date.today())

From patchwork Mon Jan  8 16:14:31 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 37494
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 1CFE7C47258
	for <webhook@archiver.kernel.org>; Mon,  8 Jan 2024 16:14:58 +0000 (UTC)
Received: from mail-pg1-f181.google.com (mail-pg1-f181.google.com
 [209.85.215.181])
 by mx.groups.io with SMTP id smtpd.web11.869.1704730491260465463
 for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:51 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=iD266wHp;
 spf=softfail (domain: sakoman.com, ip: 209.85.215.181,
 mailfrom: steve@sakoman.com)
Received: by mail-pg1-f181.google.com with SMTP id
 41be03b00d2f7-5cd8667c59eso1436720a12.2
        for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1704730490;
 x=1705335290; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BqXIqU+PRG4O6z9Gvq8AUakeAfM/VJmEo6BgkeV5+1I=;
        b=iD266wHpmNh2uMGOOftVkgBoa94cQM7lqUAVXcKjtqmHGBgA8rRH4ij3ZGXUMB+KnT
         JhPUZrSRFTTE+yZB2tdSCc7Ud0pyT98zovfKtq79eNJeYzhtTRTC+dJWh0IBxzgJaS95
         Zw6Ww+PrBfg0uJXlqWMGxwBznzKmSFwdj/34NL9F2dAVmZsfBE4lv1T73Ku1E3hXBs/r
         HbEyBgSAAQWdkdSfETnuDWk/A8Y0yG8QoL0NeyohwtlpggizRc9q9AH7UUZovjaD6FPL
         0elRdFSjrnkTpvOcEoMdqyMSirLaYv7ylMuYoibC5hcHKNiUy5MkPjcUYb1ldDJAZcR8
         V5TA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704730490; x=1705335290;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=BqXIqU+PRG4O6z9Gvq8AUakeAfM/VJmEo6BgkeV5+1I=;
        b=XUo+DWji/SjdM287VF/zztpFh6dF6W+pnMWdum5RnYQ7p+iflcIOPqArnuhXExvZ1X
         LeMJFzRcayoY7//E1M8/69jYp1iVGL5V5QU3a41uzcKLgkq5P+243YsmW22zBIJLaMgN
         qAv1fu/jg3Chqifmit9toMSsJ84CslwMy9+RLXpGwmjfNhX9KsyOd5pBDHI6q8Ru0FTC
         Le9jvpPQawYHeAFdHbj3Bz5iMJUe5IkdNue7UBUatPORyhiFBOAqNexYdAa+NlgfpJi0
         ADJG9iLsQLwqEczn6XuiDjRt/Y6V51pw5gqNv2N+GevBF3XD3Q5p4IxA8EJMt0SU+exS
         BYDA==
X-Gm-Message-State: AOJu0YwAdLKcbKhSNGEETdhjcV4SMNSN0PhlmGrNPaaKpiWLokrU8/xM
	zutHu6KM1zExUhJcpYuFEx0GwzduZWrAweCs8hmLaqmyAEgfVA==
X-Google-Smtp-Source: 
 AGHT+IGXyZ2TSuL55kR/0d7fyLJVMpJfGUbLBO6CX6WJ3tLpx1kcllGz4HU+88mQJy9/rVgHUpJQ3Q==
X-Received: by 2002:a05:6a21:1a9:b0:199:a11d:921b with SMTP id
 le41-20020a056a2101a900b00199a11d921bmr2933614pzb.45.1704730490002;
        Mon, 08 Jan 2024 08:14:50 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net.
 [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 a11-20020aa78e8b000000b006da14f68ac1sm45753pfr.198.2024.01.08.08.14.49
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 08 Jan 2024 08:14:49 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 5/6] cve-update-nvd2-native: increase the delay
 between subsequent request failures
Date: Mon,  8 Jan 2024 06:14:31 -1000
Message-Id: 
 <22e0d7db5886fba845f0d15b96aae99687bed944.1704730354.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1704730354.git.steve@sakoman.com>
References: <cover.1704730354.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 08 Jan 2024 16:14:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/193420

From: Dhairya Nagodra <dnagodra@cisco.com>

Sometimes NVD servers are unstable and return too many errors.
There is an option to have higher fetch attempts to increase the chances
of successfully fetching the CVE data.

Additionally, it also makes sense to progressively increase the delay
after a failed request to an already unstable or busy server.
The increase in delay is reset after every successful request and
the maximum delay is limited to 30 seconds.

Also, the logs are improved to give more clarity.

Signed-off-by: Dhairya Nagodra <dnagodra@cisco.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7101d654635b707e56b0dbae8c2146b312d211ea)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-core/meta/cve-update-nvd2-native.bb | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 0a8b6a8a0a..69ba20a6cb 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -114,7 +114,10 @@ def cleanup_db_download(db_file, db_tmp_file):
     if os.path.exists(db_tmp_file):
         os.remove(db_tmp_file)
 
-def nvd_request_next(url, attempts, api_key, args):
+def nvd_request_wait(attempt, min_wait):
+    return min ( ( (2 * attempt) + min_wait ) , 30)
+
+def nvd_request_next(url, attempts, api_key, args, min_wait):
     """
     Request next part of the NVD dabase
     """
@@ -143,8 +146,10 @@ def nvd_request_next(url, attempts, api_key, args):
             r.close()
 
         except Exception as e:
-            bb.note("CVE database: received error (%s), retrying" % (e))
-            time.sleep(6)
+            wait_time = nvd_request_wait(attempt, min_wait)
+            bb.note("CVE database: received error (%s)" % (e))
+            bb.note("CVE database: retrying download after %d seconds. attempted (%d/%d)" % (wait_time, attempt+1, attempts))
+            time.sleep(wait_time)
             pass
         else:
             return raw_data
@@ -195,7 +200,7 @@ def update_db_file(db_tmp_file, d, database_time):
 
         while True:
             req_args['startIndex'] = index
-            raw_data = nvd_request_next(url, attempts, api_key, req_args)
+            raw_data = nvd_request_next(url, attempts, api_key, req_args, wait_time)
             if raw_data is None:
                 # We haven't managed to download data
                 return False

From patchwork Mon Jan  8 16:14:32 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Steve Sakoman <steve@sakoman.com>
X-Patchwork-Id: 37495
X-Patchwork-Delegate: steve@sakoman.com
Return-Path: <steve@sakoman.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 21DE7C4725D
	for <webhook@archiver.kernel.org>; Mon,  8 Jan 2024 16:14:58 +0000 (UTC)
Received: from mail-pf1-f177.google.com (mail-pf1-f177.google.com
 [209.85.210.177])
 by mx.groups.io with SMTP id smtpd.web11.873.1704730493160155453
 for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:53 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@sakoman-com.20230601.gappssmtp.com header.s=20230601
 header.b=Kxl5cuo0;
 spf=softfail (domain: sakoman.com, ip: 209.85.210.177,
 mailfrom: steve@sakoman.com)
Received: by mail-pf1-f177.google.com with SMTP id
 d2e1a72fcca58-6da6b0eb2d4so669219b3a.1
        for <openembedded-core@lists.openembedded.org>;
 Mon, 08 Jan 2024 08:14:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=sakoman-com.20230601.gappssmtp.com; s=20230601; t=1704730492;
 x=1705335292; darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=MELFDK2IFy79ZGN2ihs40SljKYTGDGxx4GVxEo/Wbe0=;
        b=Kxl5cuo0i5wBBxZbkYZvkiYEqsmwia27qFS14dGGWupcai9AG9mgus0KfTreP6PQG3
         /lPPeZKP/WhxZ3vG0UeaSPsaNrTLtvW+Ong979ss/e41fcRKW24ti0lA2ay5hHRLwQU+
         Xu07K2K5rt+OepRwQhHRV68gFD/1y2fBDkLFgCGz1uy6bwOJ+vlDJfJq1fcU64Tk/bo6
         IcUw+AARP2OIE7Eg9Cv64gxVXjlUMeJsJrqJJymLcJ6Vi15aZ4acc/lIId+MOIllZi4d
         dEYZmNMpq2Wj6gxOUkINoYysEuZK00dCfUVzsFxW/zEicDrJ+sUH8CUCkCq4CvodOlug
         IDSA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1704730492; x=1705335292;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=MELFDK2IFy79ZGN2ihs40SljKYTGDGxx4GVxEo/Wbe0=;
        b=QAZRqi2O5dbkIU57ftdZQzY7J0bFEdLif5UsFFDNmUBAy8yEOivztUOCYkjiV89wcn
         1t6jpWxK453sSIT/ox6UYTu5cOg4wRvdvpTzoU/gDvEvhJPRsoGzKoRSq8mQgEEY0x6+
         NBgTTwUlUS3tTd70BU+3zZBC2JQeB0b//FAp/n0ozVLTeeH/M7kC2gRSI4oq92+qp2A3
         aGIh7hPW6w2c6TUnkMuXI38oJrS6HsRkizazfdVroWwQJddqoQY3Pq6eUt9WkVIecEs8
         yDw0BVwE03tyd6YoeN7eNXAPkpWSnGus9m7s92b9vkm2yVdPDjx85m/t4fZe6ATnR9TP
         7Gfw==
X-Gm-Message-State: AOJu0YwSp/jh8mx2Y8pcUYDNso5ItgDhpDwDXClnTDYmWcrZ5n0Ybrf3
	QY7HHJteaTcVE2e+EDb7jBaNNX+B1yXRJEz9gdfWjv2A9vUcEw==
X-Google-Smtp-Source: 
 AGHT+IHjCsWeR7THPzO35HpJXnYYiZcF3YuWAkKcqEAEQxAI8jFDmwq4GDXEbMLXbbGrfzPPbZwqkw==
X-Received: by 2002:a62:b616:0:b0:6da:d161:4f8a with SMTP id
 j22-20020a62b616000000b006dad1614f8amr1273080pff.19.1704730492277;
        Mon, 08 Jan 2024 08:14:52 -0800 (PST)
Received: from hexa.router0800d9.com (dhcp-72-234-108-41.hawaiiantel.net.
 [72.234.108.41])
        by smtp.gmail.com with ESMTPSA id
 a11-20020aa78e8b000000b006da14f68ac1sm45753pfr.198.2024.01.08.08.14.51
        for <openembedded-core@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Mon, 08 Jan 2024 08:14:51 -0800 (PST)
From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 6/6] linux-firmware: upgrade 20230804 -> 20231030
Date: Mon,  8 Jan 2024 06:14:32 -1000
Message-Id: 
 <238bfed988c65ce844379afdc3d6a1c30bc97f34.1704730354.git.steve@sakoman.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <cover.1704730354.git.steve@sakoman.com>
References: <cover.1704730354.git.steve@sakoman.com>
MIME-Version: 1.0
List-Id: <openembedded-core.lists.openembedded.org>
X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-core@lists.openembedded.org>; Mon, 08 Jan 2024 16:14:58 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-core/message/193421

From: Dmitry Baryshkov <dbaryshkov@gmail.com>

License-Update: additional firmwares

Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@linaro.org>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 7c725d1f2ed9a271d39d899ac2534558c2d103fc)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...{linux-firmware_20230804.bb => linux-firmware_20231030.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-kernel/linux-firmware/{linux-firmware_20230804.bb => linux-firmware_20231030.bb} (99%)

diff --git a/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb
similarity index 99%
rename from meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
rename to meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb
index 506182c9c1..a42e5ed825 100644
--- a/meta/recipes-kernel/linux-firmware/linux-firmware_20230804.bb
+++ b/meta/recipes-kernel/linux-firmware/linux-firmware_20231030.bb
@@ -147,7 +147,7 @@ LIC_FILES_CHKSUM = "file://LICENCE.Abilis;md5=b5ee3f410780e56711ad48eadc22b8bc \
                     "
 # WHENCE checksum is defined separately to ease overriding it if
 # class-devupstream is selected.
-WHENCE_CHKSUM  = "41f9a48bf27971b126a36f9344594dcd"
+WHENCE_CHKSUM  = "ceb5248746d24d165b603e71b288cf75"
 
 # These are not common licenses, set NO_GENERIC_LICENSE for them
 # so that the license files will be copied from fetched source
@@ -231,7 +231,7 @@ SRC_URI:class-devupstream = "git://git.kernel.org/pub/scm/linux/kernel/git/firmw
 # Pin this to the 20220509 release, override this in local.conf
 SRCREV:class-devupstream ?= "b19cbdca78ab2adfd210c91be15a22568e8b8cae"
 
-SRC_URI[sha256sum] = "88d46c543847ee3b03404d4941d91c92974690ee1f6fdcbee9cef3e5f97db688"
+SRC_URI[sha256sum] = "c98d200fc4a3120de1a594713ce34e135819dff23e883a4ed387863ba25679c7"
 
 inherit allarch